6,597 research outputs found
Experimental evaluation of two software countermeasures against fault attacks
Injection of transient faults can be used as a way to attack embedded
systems. On embedded processors such as microcontrollers, several studies
showed that such a transient fault injection with glitches or electromagnetic
pulses could corrupt either the data loads from the memory or the assembly
instructions executed by the circuit. Some countermeasure schemes which rely on
temporal redundancy have been proposed to handle this issue. Among them,
several schemes add this redundancy at assembly instruction level. In this
paper, we perform a practical evaluation for two of those countermeasure
schemes by using a pulsed electromagnetic fault injection process on a 32-bit
microcontroller. We provide some necessary conditions for an efficient
implementation of those countermeasure schemes in practice. We also evaluate
their efficiency and highlight their limitations. To the best of our knowledge,
no experimental evaluation of the security of such instruction-level
countermeasure schemes has been published yet.Comment: 6 pages, 2014 IEEE International Symposium on Hardware-Oriented
Security and Trust (HOST), Arlington : United States (2014
A Low-Cost Unified Experimental FPGA Board for Cryptography Applications
This paper describes the evaluation of available
experimental boards, the comparison of their supported set
of experiments and other aspects. The second part of this
evaluation is focused on the design process of the PCB (Printed
Circuit Board) for an FPGA (Field Programmable Gate Array)
based cryptography environment suitable for evaluating the latest
trends in the IC (Integrated Circuit) security like Side–Channel
Attacks (SCA) or Physically Unclonable Function (PUF). It
leads to many criteria affecting the design process and also the
suitability for evaluating and measuring results of the attacks and
their countermeasures. The developed system should be open,
versatile and unrestricted by the U.S. law [1]
CSI Neural Network: Using Side-channels to Recover Your Artificial Neural Network Information
Machine learning has become mainstream across industries. Numerous examples
proved the validity of it for security applications. In this work, we
investigate how to reverse engineer a neural network by using only power
side-channel information. To this end, we consider a multilayer perceptron as
the machine learning architecture of choice and assume a non-invasive and
eavesdropping attacker capable of measuring only passive side-channel leakages
like power consumption, electromagnetic radiation, and reaction time.
We conduct all experiments on real data and common neural net architectures
in order to properly assess the applicability and extendability of those
attacks. Practical results are shown on an ARM CORTEX-M3 microcontroller. Our
experiments show that the side-channel attacker is capable of obtaining the
following information: the activation functions used in the architecture, the
number of layers and neurons in the layers, the number of output classes, and
weights in the neural network. Thus, the attacker can effectively reverse
engineer the network using side-channel information.
Next, we show that once the attacker has the knowledge about the neural
network architecture, he/she could also recover the inputs to the network with
only a single-shot measurement. Finally, we discuss several mitigations one
could use to thwart such attacks.Comment: 15 pages, 16 figure
- …