SoK: Design Tools for Side-Channel-Aware Implementations

Side-channel attacks that leak sensitive information through a computing device's interaction with its physical environment have proven to be a severe threat to devices' security, particularly when adversaries have unfettered physical access to the device. Traditional approaches for leakage detection measure the physical properties of the device. Hence, they cannot be used during the design process and fail to provide root cause analysis. An alternative approach that is gaining traction is to automate leakage detection by modeling the device. The demand to understand the scope, benefits, and limitations of the proposed tools intensifies with the increase in the number of proposals. In this SoK, we classify approaches to automated leakage detection based on the model's source of truth. We classify the existing tools on two main parameters: whether the model includes measurements from a concrete device and the abstraction level of the device specification used for constructing the model. We survey the proposed tools to determine the current knowledge level across the domain and identify open problems. In particular, we highlight the absence of evaluation methodologies and metrics that would compare proposals' effectiveness from across the domain. We believe that our results help practitioners who want to use automated leakage detection and researchers interested in advancing the knowledge and improving automated leakage detection

The potential of covered profiled steel cladding as a building-integrated solar collector for the UK climate

Profiled steel cladding can be modified to act as an air heating solar collector by the addition of a transparent cover system. A mathematical model of the thermal performance of such an arrangement has been derived for the situation of a building-integrated solar collector facade, allowing for the condition of differing temperatures at front and rear faces of the collector. By introducing an equivalent ambient temperature, it is possible to quantify the performance of such a collector arrangement in terms of existing parameters as derived in the standard Hottel-Whillier-Bliss analysis. Using a purpose-built solar simulator, a set of standard performance characteristics for the proposed collector geometry is derived; these characteristics are used to confirm the validity of the derived model for use in this application area, i.e. as a building-integ rated system with the standard thickness of back insulation. Those conditions of front/rear temperature difference and rear insulation level for which the standard Hoftel-Whillier-Bliss analysis is no longer valid, are identified. The model has been encoded as a new subroutine within the thermal simulation program TRNSYS in order to investigate the energy performance of a typical profiled metal-clad building in the UK climate with and without the assistance of such a collector system. The effects of orientation of the solarcollector facade, together with collection area, steel-to-cover spacing and fan power requirements were determined. Assessment of capital maintenance, operating costs and energy savings permitted the cost-effectiveness of such a system to be evaluated. Guidance for future designers of such buildingintegrated systems is presented for UK conditions. It is concluded that the use of such a collector system can approach cost-effectiveness in electrically fuelled buildings, and that this is likely to be especially so if the building has a significant requirement for pre-heated fresh air. The system is shown to be not cost-effective at present for gas-fuelled installation in the UK, such as in the case of a retrofit to a typically profiled-clad sports centre, though factors other than that of payback alone may well influence such investment decisions in the future

Accurate modeling of core and memory locality for proxy generation targeting emerging applications and architectures

Designing optimal computer systems for improved performance and energy efficiency requires architects and designers to have a deep understanding of the end-user workloads. However, many end-users (e.g., large corporations, banks, defense organizations, etc.) are apprehensive to share their applications with designers due to the confidential nature of software code and data. In addition, emerging applications pose significant challenges to early design space exploration due to their long-running nature and the highly complex nature of their software stack that cannot be supported on many early performance models. The above challenges can be overcome by using a proxy benchmark. A miniaturized proxy benchmark can be used as a substitute of the original workload to perform early computer performance evaluation. The process of generating a proxy benchmark consists of extracting a set of key statistics to summarize the behavior of end-user applications through profiling and using the collected statistics to synthesize a representative proxy benchmark. Using such proxy benchmarks can help designers to understand the behavior of end-user’s workloads in a reasonable time without the users having to disclose sensitive information about their workloads. Prior proxy benchmarking schemes leverage micro-architecture independent metrics, derived from detailed simulation tools, to generate proxy benchmarks. However, many emerging workloads do not work reliably with many profiling or simulation tools, in which case it becomes impossible to apply prior proxy generation techniques to generate proxy benchmarks for such complex applications. Furthermore, these techniques model instruction pipeline-level locality in great detail, but abstract out memory locality modeling using simple stride-based models. This results in poor cloning accuracy especially for emerging applications, which have larger memory footprints and complex access patterns. A few detailed cache and memory locality modeling techniques have also been proposed in literature. However, these techniques either model limited locality metrics and suffer from poor cloning accuracy or are fairly accurate, but at the expense of significant metadata overhead. Finally, none of the prior proxy benchmarking techniques model both core and memory locality with high accuracy. As a result, they are not useful for studying system-level performance behavior. Keeping the above key limitations and shortcomings of prior work in mind, this dissertation presents several techniques that expand the frontiers of workload proxy benchmarking, thereby enabling computer designers to gain a better and faster understanding of end-user application behavior without compromising the privileged nature of software or data. This dissertation first presents a core-level proxy benchmark generation methodology that leverages performance metrics derived from hardware performance counter measurements to create miniature proxy benchmarks targeting emerging big-data applications. The presented performance counter based characterization and associated extrapolation into generic parameters for proxy generation enables faster analysis (runs almost at native hardware speeds, unlike prior workload cloning proposals) and proxy generation for emerging applications that do not work with simulators or profiling tools. The generated proxy benchmarks are representative of the performance of the real-world big-data applications, including operating system and run-time effects, and yet converge to results quickly without needing any complex software stack support. Next, to improve upon the accuracy and efficiency of prior memory proxy benchmarking techniques, this dissertation presents a novel memory locality modeling technique that leverages localized pattern detection to create miniature memory proxy benchmarks. The presented technique models memory reference locality by decomposing an application’s memory accesses into a set of independent streams (localized by using address region based localization property), tracking fine-grained patterns within the localized streams and, finally, chaining or interleaving accesses from different localized memory streams to create an ordered proxy memory access sequence. This dissertation further extends the workload cloning approach to Graphics Processing Units (GPUs) and presents a novel proxy generation methodology to model the inherent memory access locality of GPU applications, while also accounting for the GPU’s parallel execution model. The generated memory proxy benchmarks help to enable fast and efficient design space exploration of futuristic memory hierarchies. Finally, this dissertation presents a novel technique to integrate accurate core and memory locality models to create system-level proxy benchmarks targeting emerging applications. This is a new capability that can facilitate efficient overall system (core, cache and memory subsystem) design-space exploration. This dissertation further presents a novel methodology that exploits the synthetic benchmark generation framework to create hypothetical workloads with performance behavior that does not currently exist. Such proxies can be generated to cover anticipated code trends and can represent futuristic workloads before the workloads even exist.Electrical and Computer Engineerin

Improved Study of Side-Channel Attacks Using Recurrent Neural Networks

Differential power analysis attacks are special kinds of side-channel attacks where power traces are considered as the side-channel information to launch the attack. These attacks are threatening and significant security issues for modern cryptographic devices such as smart cards, and Point of Sale (POS) machine; because after careful analysis of the power traces, the attacker can break any secured encryption algorithm and can steal sensitive information. In our work, we study differential power analysis attack using two popular neural networks: Recurrent Neural Network (RNN) and Convolutional Neural Network (CNN). Our work seeks to answer three research questions(RQs): RQ1: Is it possible to predict the unknown cryptographic algorithm using neural network models from different datasets? RQ2: Is it possible to map the key value for the specific plaintext-ciphertext pair with or without side-band information? RQ3: Using similar hyper-parameters, can we evaluate the performance of two neural network models (CNN vs. RNN)? In answering the questions, we have worked with two different datasets: one is a physical dataset (DPA contest v1 dataset), and the other one is simulated dataset (toggle count quantity) from Verilog HDL. We have evaluated the efficiency of CNN and RNN models in predicting the unknown cryptographic algorithms of the device under attack. We have mapped to 56 bits key for a specific plaintext-ciphertext pair with and without using side-band information. Finally, we have evaluated vi our neural network models using different metrics such as accuracy, loss, baselines, epochs, speed of operation, memory space consumed, and so on. We have shown the performance comparison between RNN and CNN on different datasets. We have done three experiments and shown our results on these three experiments. The first two experiments have shown the advantages of choosing CNN over RNN while working with side-channel datasets. In the third experiment, we have compared two RNN models on the same datasets but different dimensions of the datasets

Surface Dynamics Profilometer and Quarter-Car Simulator: Description, Evaluation, and Adaptation

A Surface Dynamics Profilometer was acquired in December 1968. The SD Profilometer was designed to rapidly and accurately measure the profile of the surface over which it is driven. A Quarter-Car Simulator was obtained in 1970. The simulator, a special purpose analog computer, was designed to process road profiles measured with the SD Profilometer. This processing involves analog simulation of a simplified vehicle. Factors and variables associated with the devices and calibration and test procedures were investigated and standardized. The Automatic Roughness-Measuring System using an automobile (Kentucky interim standard method of test for roughness) was correlated with the SD Profllometer - QC Simulator system to permit continued assessment of pavements previously tested with the automobile. Precision of the SD Profilometer and QC Simulator was demonstrated by repeated testing of several pavements. Pavements with the higher roughness indices exhibited about the same standard deviation as pavements with lower roughness indices. On a percentage basis, therefore, the measurement precision was better for a rougher pavement than for a smoother pavement. A single measurement was within three percent of the sample mean 95 percent of the time. The roughness index obtained by simulating the Bureau of Public Roads Roughometer within the QC Simulator system was selected as the best expression of road roughness

Analysis and simulation of scale-up potentials in reverse electrodialysis

The Reverse Electrodialysis (RED) process has been widely accepted as a viable and promising technology to produce electric energy from salinity difference (salinity gradient power - e.g. using river water/seawater, or seawater and concentrated brines). Recent R&D efforts demonstrated how an appropriate design of the RED unit and a suitable selection of process conditions may crucially enhance the process performance. With this regard, a process simulator was developed and validated with experimental data collected on a lab-scale unit, providing a new modelling tool for process optimisation. In this work, performed within the REAPower project (www.reapower.eu), a process simulator previously proposed by the same authors has been modified in order to predict the behaviour of a cross-flow RED unit. The model was then adopted to investigate the influence of the most important variables (i.e. solution properties and stack geometry) on the overall process performance. In particular, the use of different concentrations and flow rates for the feed streams have been considered, as well as different aspect ratios in asymmetric stacks. Moreover, the influence of the scaling-up a RED unit was investigated, starting from a 22x22 cm2 100 cell pairs lab-stack, and simulating the performance of larger stacks up to a 44x88 cm2 500 cell pairs unit. Finally, different scenarios are proposed for a prototype-scale RED plant, providing useful indications for the technology scale-up towards 1 kW of power production, relevant to the installation of a real prototype plant in Trapani (Italy) being the final objective of the R&D activities of the REAPower project

PROFET: modeling system performance and energy without simulating the CPU

The approaching end of DRAM scaling and expansion of emerging memory technologies is motivating a lot of research in future memory systems. Novel memory systems are typically explored by hardware simulators that are slow and often have a simplified or obsolete abstraction of the CPU. This study presents PROFET, an analytical model that predicts how an application's performance and energy consumption changes when it is executed on different memory systems. The model is based on instrumentation of an application execution on actual hardware, so it already takes into account CPU microarchitectural details such as the data prefetcher and out-of-order engine. PROFET is evaluated on two real platforms: Sandy Bridge-EP E5-2670 and Knights Landing Xeon Phi platforms with various memory configurations. The evaluation results show that PROFET's predictions are accurate, typically with only 2% difference from the values measured on actual hardware. We release the PROFET source code and all input data required for memory system and application profiling. The released package can be seamlessly installed and used on high-end Intel platforms.Peer ReviewedPostprint (author's final draft

End-to-End Application Cloning for Distributed Cloud Microservices with Ditto

We present Ditto, an automated framework for cloning end-to-end cloud applications, both monolithic and microservices, which captures I/O and network activity, as well as kernel operations, in addition to application logic. Ditto takes a hierarchical approach to application cloning, starting with capturing the dependency graph across distributed services, to recreating each tier's control/data flow, and finally generating system calls and assembly that mimics the individual applications. Ditto does not reveal the logic of the original application, facilitating publicly sharing clones of production services with hardware vendors, cloud providers, and the research community. We show that across a diverse set of single- and multi-tier applications, Ditto accurately captures their CPU and memory characteristics as well as their high-level performance metrics, is portable across platforms, and facilitates a wide range of system studies

Swirl and blade wakes in the interaction between gas turbines and exhaust diffusers investigated by endoscopic particle image velocimetry

[no abstract