A Probe Placement Method for Efficient Electromagnetic Attacks

Electromagnetic (EM) emissions have been explored as an effective means for non-invasive side-channel attacks. The leaked EM field from the memory bus when the data is loaded from the on-chip memory has received considerable attention in literature. Meanwhile, off-chip memory buses gradually become the new attack target due to the relative ease of access in the modern system in package technologies, such as 2.5-D integration where processing and memory chips are integrated, for example, on a silicon interposer. This paper, therefore, investigates EM snooping attacks on interposer-based off-chip memory buses. A gradient-search algorithm is proposed to locate fast (i.e. O(N)) the most efficient attack point. The effectiveness of the search algorithm and attack efficiency is evaluated on a 64-bit bus. It is demonstrated that at the optimal attack point, EM attacks can succeed with more than 10x fewer traces, compared to placing the probe to sub-optimal locations

Estudio exploratorio de la técnicaTimming Attack en el criptosistema RSA

This paper makes an exploratory bibliographic analysis of the Timing Attack (TA) technique on the Side Channel Attacks (SCA) in RSA. The information assets, operation modes and countermeasures of 22 papers were analyzed. Findings show that smartcards are the most attacked information assets (32%), blinding is the most applied countermeasure (33%) and the Chinese Remainder Theorem (CRT) or Montgomery Multiplication (MM) with CRT are the most frequent operation modes (41%). Furthermore, just one attack was executed in telecom unication systems, this opens the possibilty for future work, analyzing the same technique using the tecnologies WiMAX and the SIP VoIP protocol.  El presente trabajo realiza un análisis bibliográfico exploratorio del tipo de ataque Timing Attack (TA) de On The Side Channel Attack (SCA) en RSA. Para lo cual, se analizaron los activos de información, los modos de operación y las contramedidas efectuadas de 22 artículos. Los resultados evidencian que el activo de información que más ataques tuvo son las tarjetas inteligentes (32%), la contramedida mayormente aplicada es el cegamiento (33%) y los modos de operación más utilizados son el Chinese Remainder Theorem (CRT) o Montgomery Multiplication (MM) con CRT (41%). Adicionalmente se evidencia que sólo un ataque fue realizado a los sistemas de telecomunicaciones, lo cual permite plantear trabajos futuros en el análisis de la misma técnica con base en las tecnologías WiMAX y el protocolo SIP de VoIP. &nbsp

Side channel attacks on smart home systems: A short overview

This paper provides an overview on side-channel attacks with emphasis on vulnerabilities in the smart home. Smart homes are enabled by the latest developments in sensors, communication technologies, internet protocols, and cloud services. The goal of a smart home is to have smart household devices collaborate without involvement of residents to deliver the variety of services needed for a higher quality of life. However, security and privacy challenges of smart homes have to be overcome in order to fully realize the smart home. Side channel attacks assume data is always leaking, and leakage of data from a smart home reveals sensitive information. This paper starts by reviewing side-channel attack categories, then it gives an overview on recent attack studies on different layers of a smart home and their malicious goals

EFFORT: Energy efficient framework for offload communication in mobile cloud computing

There is an abundant expansion in the race of technology, specifically in the production of data, because of the smart devices, such as mobile phones, smart cards, sensors, and Internet of Things (IoT). Smart phones and devices have undergone an enormous evolution in a way that they can be used. More and more new applications, such as face recognition, augmented reality, online interactive gaming, and natural language processing are emerging and attracting the users. Such applications are generally data intensive or compute intensive, which demands high resource and energy consumption. Mobile devices are known for the resource scarcity, having limited computational power and battery life. The tension between compute/data intensive application and resource constrained mobile devices hinders the successful adaption of emerging paradigms. In the said perspective, the objective of this paper is to study the role of computation offloading in mobile cloud computing to supplement mobile platforms ability in executing complex applications. This paper proposes a systematic approach (EFFORT) for offload communication in the cloud. The proposed approach provides a promising solution to partially solve energy consumption issue for communication-intensive applications in a smartphone. The experimental study shows that our proposed approach outperforms its counterparts in terms of energy consumption and fast processing of smartphone devices. The battery consumption was reduced to 19% and the data usage was reduced to 16%

Raising security awareness using cybersecurity challenges in embedded programming courses

Security bugs are errors in code that, when exploited, can lead to serious software vulnerabilities. These bugs could allow an attacker to take over an application and steal information. One of the ways to address this issue is by means of awareness training. The Sifu platform was developed in the industry, for the industry, with the aim to raise software developers' awareness of secure coding. This paper extends the Sifu platform with three challenges that specifically address embedded programming courses, and describes how to implement these challenges, while also evaluating the usefulness of these challenges to raise security awareness in an academic setting. Our work presents technical details on the detection mechanisms for software vulnerabilities and gives practical advice on how to implement them. The evaluation of the challenges is performed through two trial runs with a total of 16 participants. Our preliminary results show that the challenges are suitable for academia, and can even potentially be included in official teaching curricula. One major finding is an indicator of the lack of awareness of secure coding by undergraduates. Finally, we compare our results with previous work done in the industry and extract advice for practitioners.info:eu-repo/semantics/acceptedVersio

Raising Security Awareness using Cybersecurity Challenges in Embedded Programming Courses

Security bugs are errors in code that, when exploited, can lead to serious software vulnerabilities. These bugs could allow an attacker to take over an application and steal information. One of the ways to address this issue is by means of awareness training. The Sifu platform was developed in the industry, for the industry, with the aim to raise software developers' awareness of secure coding. This paper extends the Sifu platform with three challenges that specifically address embedded programming courses, and describes how to implement these challenges, while also evaluating the usefulness of these challenges to raise security awareness in an academic setting. Our work presents technical details on the detection mechanisms for software vulnerabilities and gives practical advice on how to implement them. The evaluation of the challenges is performed through two trial runs with a total of 16 participants. Our preliminary results show that the challenges are suitable for academia, and can even potentially be included in official teaching curricula. One major finding is an indicator of the lack of awareness of secure coding by undergraduates. Finally, we compare our results with previous work done in the industry and extract advice for practitioners.Comment: Preprint accepted for publication at the First International Conference on Code Quality (ICCQ 2021

Reusable Garbled Circuit Implementation of AES to Avoid Power Analysis Attacks

Unintended side-channel leaks can be exploited by attackers and achieved quickly, and using relatively inexpensive equipment. Cloud providers aren’t equipped to provide assurances of security against such attacks. One most well-known and effective of the side-channel attack is on information leaked through power consumption. Differential Power Analysis (DPA) can extract a secret key by measuring the power used while a device is executing the any algorithm. This research explores the susceptibility of current implementations of Circuit Garbling to power analysis attacks and a simple variant to obfuscate functionality and randomize the power consumption reusing the garbling keys and the garbled gates. AES has been chosen as an example. The first task is to implement the garbled variants of basic logic gates in hardware (RTL design) using Circuit Garbling. The second task is to use the above created gates and create an RTL implementation of AES using Verilog HDL. The next task is to perform a Differential Power Analysis(DPA) on this circuit and evaluate its resilience to attack