53 research outputs found

    Viability and Implementation of a Vector Cryptography Extension for RISC-V

    Get PDF
    RISC-V is an open-source instruction-set architecture (ISA) forming the basis of thousands of commercial and experimental microprocessors. The Scalar Cryptography extension ratified in December 2021 added scalar instructions that target common hashing and encryption algorithms, including SHA2 and AES. The next step forward for the RISC-V ISA in the field of cryptography and digital security is the development of vector cryptography instructions. This thesis examines if it is viable to add vector implementations of existing RISC-V scalar cryptography instructions to the existing vector instruction format, and what improvements they can make to the execution of SHA2 and AES algorithms. Vector cryptography instructions vaeses, vaesesm, vaesds, vaesdsm, vsha256sch, and vsha256hash are proposed to optimize AES encryption and decryption, SHA256 message scheduling, and SHA256 hash rounds, with pseudocode, assembly examples, and a full 32-bit instruction format for each. Both algorithms stand to benefit greatly from vector instructions in reduction of computation time, code length, and instruction memory utilization due to large operand sizes and frequently repeated functions. As a proof of concept for the vector cryptography operations proposed, a full vector-based AES-128 encryption and SHA256 message schedule generation are performed on the 32-bit RISC-V Ibex processor and 128-bit Vicuna Vector Coprocessor in the Vivado simulation environment. Not counting stores or loads for fair comparison, the new Vector Cryptography extension completes a full encryption round in a single instruction compared to sixteen with the scalar extension, and can generate eight SHA256 message schedule double-words in a single instruction compared to the forty necessary on the scalar extension. These represent a 93.75% and 97.5% reduction in required instructions and memory for these functions respectively, at a hardware cost of 19.4% more LUTs and 1.44% more flip-flops on the edited Vicuna processor compared to the original

    MicroWalk: A Framework for Finding Side Channels in Binaries

    Full text link
    Microarchitectural side channels expose unprotected software to information leakage attacks where a software adversary is able to track runtime behavior of a benign process and steal secrets such as cryptographic keys. As suggested by incremental software patches for the RSA algorithm against variants of side-channel attacks within different versions of cryptographic libraries, protecting security-critical algorithms against side channels is an intricate task. Software protections avoid leakages by operating in constant time with a uniform resource usage pattern independent of the processed secret. In this respect, automated testing and verification of software binaries for leakage-free behavior is of importance, particularly when the source code is not available. In this work, we propose a novel technique based on Dynamic Binary Instrumentation and Mutual Information Analysis to efficiently locate and quantify memory based and control-flow based microarchitectural leakages. We develop a software framework named \tool~for side-channel analysis of binaries which can be extended to support new classes of leakage. For the first time, by utilizing \tool, we perform rigorous leakage analysis of two widely-used closed-source cryptographic libraries: \emph{Intel IPP} and \emph{Microsoft CNG}. We analyze 1515 different cryptographic implementations consisting of 112112 million instructions in about 105105 minutes of CPU time. By locating previously unknown leakages in hardened implementations, our results suggest that \tool~can efficiently find microarchitectural leakages in software binaries

    Federated Learning Attacks and Defenses: A Survey

    Full text link
    In terms of artificial intelligence, there are several security and privacy deficiencies in the traditional centralized training methods of machine learning models by a server. To address this limitation, federated learning (FL) has been proposed and is known for breaking down ``data silos" and protecting the privacy of users. However, FL has not yet gained popularity in the industry, mainly due to its security, privacy, and high cost of communication. For the purpose of advancing the research in this field, building a robust FL system, and realizing the wide application of FL, this paper sorts out the possible attacks and corresponding defenses of the current FL system systematically. Firstly, this paper briefly introduces the basic workflow of FL and related knowledge of attacks and defenses. It reviews a great deal of research about privacy theft and malicious attacks that have been studied in recent years. Most importantly, in view of the current three classification criteria, namely the three stages of machine learning, the three different roles in federated learning, and the CIA (Confidentiality, Integrity, and Availability) guidelines on privacy protection, we divide attack approaches into two categories according to the training stage and the prediction stage in machine learning. Furthermore, we also identify the CIA property violated for each attack method and potential attack role. Various defense mechanisms are then analyzed separately from the level of privacy and security. Finally, we summarize the possible challenges in the application of FL from the aspect of attacks and defenses and discuss the future development direction of FL systems. In this way, the designed FL system has the ability to resist different attacks and is more secure and stable.Comment: IEEE BigData. 10 pages, 2 figures, 2 table

    IXIAM: ISA EXtension for Integrated Accelerator Management

    Get PDF
    During the last few years, hardware accelerators have been gaining popularity thanks to their ability to achieve higher performance and efficiency than classic general-purpose solutions. They are fundamentally shaping the current generations of Systems-on-Chip (SoCs), which are becoming increasingly heterogeneous. However, despite their widespread use, a standard, general solution to manage them while providing speed and consistency has not yet been found. Common methodologies rely on OS mediation and a mix of user-space and kernel-space drivers, which can be inefficient, especially for fine-grained tasks. This paper addresses these sources of inefficiencies by proposing an ISA eXtension for Integrated Accelerator Management (IXIAM), a cost-effective HW-SW framework to control a wide variety of accelerators in a standard way, and directly from the cores. The proposed instructions include reservation, work offloading, data transfer, and synchronization. They can be wrapped in a high-level software API or even integrated into a compiler. IXIAM features also a user-space interrupt mechanism to signal events directly to the user process. We implement it as a RISC-V extension in the gem5 simulator and demonstrate detailed support for complex accelerators, as well as the ability to specify sequences of memory transfers and computations directly from the ISA and with significantly lower overhead than driver-based schemes. IXIAM provides a performance advantage that is more evident for small and medium workloads, reaching around 90x in the best case. This way, we enlarge the set of workloads that would benefit from hardware acceleration
    • …
    corecore