2,770 research outputs found
Power Side Channels in Security ICs: Hardware Countermeasures
Power side-channel attacks are a very effective cryptanalysis technique that
can infer secret keys of security ICs by monitoring the power consumption.
Since the emergence of practical attacks in the late 90s, they have been a
major threat to many cryptographic-equipped devices including smart cards,
encrypted FPGA designs, and mobile phones. Designers and manufacturers of
cryptographic devices have in response developed various countermeasures for
protection. Attacking methods have also evolved to counteract resistant
implementations. This paper reviews foundational power analysis attack
techniques and examines a variety of hardware design mitigations. The aim is to
highlight exposed vulnerabilities in hardware-based countermeasures for future
more secure implementations
CacheZoom: How SGX Amplifies The Power of Cache Attacks
In modern computing environments, hardware resources are commonly shared, and
parallel computation is widely used. Parallel tasks can cause privacy and
security problems if proper isolation is not enforced. Intel proposed SGX to
create a trusted execution environment within the processor. SGX relies on the
hardware, and claims runtime protection even if the OS and other software
components are malicious. However, SGX disregards side-channel attacks. We
introduce a powerful cache side-channel attack that provides system adversaries
a high resolution channel. Our attack tool named CacheZoom is able to virtually
track all memory accesses of SGX enclaves with high spatial and temporal
precision. As proof of concept, we demonstrate AES key recovery attacks on
commonly used implementations including those that were believed to be
resistant in previous scenarios. Our results show that SGX cannot protect
critical data sensitive computations, and efficient AES key recovery is
possible in a practical environment. In contrast to previous works which
require hundreds of measurements, this is the first cache side-channel attack
on a real system that can recover AES keys with a minimal number of
measurements. We can successfully recover AES keys from T-Table based
implementations with as few as ten measurements.Comment: Accepted at Conference on Cryptographic Hardware and Embedded Systems
(CHES '17
Innovative Method of the Power Analysis
This paper describes an innovative method of the power analysis which presents the typical example of successful attacks against trusted cryptographic devices such as RFID (Radio-Frequency IDentifications) and contact smart cards. The proposed method analyzes power consumption of the AES (Advanced Encryption Standard) algorithm with neural network, which successively classifies the first byte of the secret key. This way of the power analysis is an entirely new approach and it is designed to combine the advantages of simple and differential power analysis. In the extreme case, this feature allows to determine the whole secret key of a cryptographic module only from one measured power trace. This attribute makes the proposed method very attractive for potential attackers. Besides theoretical design of the method, we also provide the first implementation results. We assume that the method will be certainly optimized to obtain more accurate classification results in the future
Time- and Amplitude-Controlled Power Noise Generator against SPA Attacks for FPGA-Based IoT Devices
Power noise generation for masking power traces is a powerful countermeasure against
Simple Power Analysis (SPA), and it has also been used against Differential Power Analysis (DPA) or
Correlation Power Analysis (CPA) in the case of cryptographic circuits. This technique makes use of
power consumption generators as basic modules, which are usually based on ring oscillators when
implemented on FPGAs. These modules can be used to generate power noise and to also extract
digital signatures through the power side channel for Intellectual Property (IP) protection purposes.
In this paper, a new power consumption generator, named Xored High Consuming Module (XHCM),
is proposed. XHCM improves, when compared to others proposals in the literature, the amount of
current consumption per LUT when implemented on FPGAs. Experimental results show that these
modules can achieve current increments in the range from 2.4 mA (with only 16 LUTs on Artix-7
devices with a power consumption density of 0.75 mW/LUT when using a single HCM) to 11.1 mA
(with 67 LUTs when using 8 XHCMs, with a power consumption density of 0.83 mW/LUT). Moreover,
a version controlled by Pulse-Width Modulation (PWM) has been developed, named PWM-XHCM,
which is, as XHCM, suitable for power watermarking. In order to build countermeasures against
SPA attacks, a multi-level XHCM (ML-XHCM) is also presented, which is capable of generating
different power consumption levels with minimal area overhead (27 six-input LUTS for generating
16 different amplitude levels on Artix-7 devices). Finally, a randomized version, named RML-XHCM,
has also been developed using two True Random Number Generators (TRNGs) to generate current
consumption peaks with random amplitudes at random times. RML-XHCM requires less than
150 LUTs on Artix-7 devices. Taking into account these characteristics, two main contributions
have been carried out in this article: first, XHCM and PWM-XHCM provide an efficient power
consumption generator for extracting digital signatures through the power side channel, and on the
other hand, ML-XHCM and RML-XHCM are powerful tools for the protection of processing units
against SPA attacks in IoT devices implemented on FPGAs.Junta de AndaluciaEuropean Commission B-TIC-588-UGR2
Energy Efficient Security Framework for Wireless Local Area Networks
Wireless networks are susceptible to network attacks due to their inherentvulnerabilities. The radio signal used in wireless transmission canarbitrarily propagate through walls and windows; thus a wireless networkperimeter is not exactly known. This leads them to be more vulnerable toattacks such as eavesdropping, message interception and modifications comparedto wired-line networks. Security services have been used as countermeasures toprevent such attacks, but they are used at the expense of resources that arescarce especially, where wireless devices have a very limited power budget.Hence, there is a need to provide security services that are energy efficient.In this dissertation, we propose an energy efficient security framework. Theframework aims at providing security services that take into account energyconsumption. We suggest three approaches to reduce the energy consumption ofsecurity protocols: replacement of standard security protocol primitives thatconsume high energy while maintaining the same security level, modification ofstandard security protocols appropriately, and a totally new design ofsecurity protocol where energy efficiency is the main focus. From ourobservation and study, we hypothesize that a higher level of energy savings isachievable if security services are provided in an adjustable manner. Wepropose an example tunable security or TuneSec system, which allows areasonably fine-grained security tuning to provide security services at thewireless link level in an adjustable manner.We apply the framework to several standard security protocols in wirelesslocal area networks and also evaluate their energy consumption performance.The first and second methods show improvements of up to 70% and 57% inenergy consumption compared to plain standard security protocols,respectively. The standard protocols can only offer fixed-level securityservices, and the methods applied do not change the security level. The thirdmethod shows further improvement compared to fixed-level security by reducing(about 6% to 40%) the energy consumed. This amount of energy saving can bevaried depending on the configuration and security requirements
Improvement on a Masked White-box Cryptographic Implementation
White-box cryptography is a software technique to protect secret keys of cryptographic algorithms from attackers who have access to memory. By adapting techniques of differential power analysis to computation traces consisting of runtime information, Differential Computation Analysis (DCA) has recovered the secret keys from white-box cryptographic implementations. In order to thwart DCA, a masked white-box implementation has been suggested. However, each byte of the round output was not masked and just permuted by byte encodings. This is the main reason behind the success of DCA variants on the masked white-box implementation. In this paper, we improve the masked white-box cryptographic implementation in such a way to protect against DCA variants by obfuscating the round output with random masks.
Specifically, we implement a white-box AES implementation applying masking techniques to the key-dependent intermediate value and the several outer-round outputs. Our analysis and experimental results show that the proposed method can protect against DCA variants including DCA with a 2-byte key guess, collision and bucketing attacks. This work requires approximately 3.7 times the table size and 0.7 times the number of lookups compared to the previous masked WB-AES implementation
Not so Difficult in the End: Breaking the ASCADv2 Dataset
The ASCADv2 dataset ranks among the most secure publicly available datasets today. Two layers of countermeasures protect it: affine masking and shuffling, and the current attack approaches rely on strong assumptions. Specifically, besides having access to the source code, an adversary also requires prior knowledge of random shares. This paper forgoes reliance on such knowledge and proposes two attack approaches based on the vulnerabilities of the affine mask implementation. As a result, the first attack can retrieve all secret keys\u27 reliance in less than a minute. Although the second attack is not entirely successful in recovering all keys, we believe more traces would help make such an attack fully functional
An Appreciation of the Scientific Researches of Dr Peter H. Dawson
Upon the death of Peter H. Dawson in 2015, mass spectrometry lost a major figure. Within the area of radiofrequency quadrupole electric fields applied to mass spectrometry, Dawson stands alongside its pioneers Wolfgang Paul, Nobelist and inventor of the technology, and Wilson Brubaker, who identified and overcame the deleterious effects of fringing electric fields on quadrupole mass filter performance. Seventy‐one of Dawson's 97 scientific publications are concerned with quadrupole mass analyzers, ion traps and monopole mass spectrometers. Of especial note are his book and review articles in which he disseminated information on the theoretical fundamentals and practicalities of these systems to a wider audience, thereby having a major impact on the development of this important field of endeavour.
The scientific researches of Dr Dawson and his advice and counsel, influenced to a major degree, and to the better, the research careers, teachings and the lives of the authors of this piece. Their combined researches quadrupole devices led to the commercialization of the ion trap as a mass spectrometer by which mass spectral information became available at greatly reduced cost. Thus, the advent of commercial ion trapping instruments permitted a greater use of mass spectrometry in both technically advanced countries and those less well advanced. The greatest impact in health services was mass spectrometric analysis of environmental problems, well and stream water, food free of pesticides, etc., and forensic sciences. Our combined indebtedness to Dr Dawson is manifested by this appreciation of his scientific work, the highlighting of his main contributions, and creation of a substantive reference source to his work that can be used by other scientists. A comprehensive list of Dr Dawson's publications, including abstracts or summaries, has been arranged in chronological order of date of submission
- …