38,623 research outputs found
Power Side Channels in Security ICs: Hardware Countermeasures
Power side-channel attacks are a very effective cryptanalysis technique that
can infer secret keys of security ICs by monitoring the power consumption.
Since the emergence of practical attacks in the late 90s, they have been a
major threat to many cryptographic-equipped devices including smart cards,
encrypted FPGA designs, and mobile phones. Designers and manufacturers of
cryptographic devices have in response developed various countermeasures for
protection. Attacking methods have also evolved to counteract resistant
implementations. This paper reviews foundational power analysis attack
techniques and examines a variety of hardware design mitigations. The aim is to
highlight exposed vulnerabilities in hardware-based countermeasures for future
more secure implementations
DPA on quasi delay insensitive asynchronous circuits: formalization and improvement
The purpose of this paper is to formally specify a flow devoted to the design
of Differential Power Analysis (DPA) resistant QDI asynchronous circuits. The
paper first proposes a formal modeling of the electrical signature of QDI
asynchronous circuits. The DPA is then applied to the formal model in order to
identify the source of leakage of this type of circuits. Finally, a complete
design flow is specified to minimize the information leakage. The relevancy and
efficiency of the approach is demonstrated using the design of an AES
crypto-processor.Comment: Submitted on behalf of EDAA (http://www.edaa.com/
SANNS: Scaling Up Secure Approximate k-Nearest Neighbors Search
The -Nearest Neighbor Search (-NNS) is the backbone of several
cloud-based services such as recommender systems, face recognition, and
database search on text and images. In these services, the client sends the
query to the cloud server and receives the response in which case the query and
response are revealed to the service provider. Such data disclosures are
unacceptable in several scenarios due to the sensitivity of data and/or privacy
laws.
In this paper, we introduce SANNS, a system for secure -NNS that keeps
client's query and the search result confidential. SANNS comprises two
protocols: an optimized linear scan and a protocol based on a novel sublinear
time clustering-based algorithm. We prove the security of both protocols in the
standard semi-honest model. The protocols are built upon several
state-of-the-art cryptographic primitives such as lattice-based additively
homomorphic encryption, distributed oblivious RAM, and garbled circuits. We
provide several contributions to each of these primitives which are applicable
to other secure computation tasks. Both of our protocols rely on a new circuit
for the approximate top- selection from numbers that is built from comparators.
We have implemented our proposed system and performed extensive experimental
results on four datasets in two different computation environments,
demonstrating more than faster response time compared to
optimally implemented protocols from the prior work. Moreover, SANNS is the
first work that scales to the database of 10 million entries, pushing the limit
by more than two orders of magnitude.Comment: 18 pages, to appear at USENIX Security Symposium 202
An IoT Endpoint System-on-Chip for Secure and Energy-Efficient Near-Sensor Analytics
Near-sensor data analytics is a promising direction for IoT endpoints, as it
minimizes energy spent on communication and reduces network load - but it also
poses security concerns, as valuable data is stored or sent over the network at
various stages of the analytics pipeline. Using encryption to protect sensitive
data at the boundary of the on-chip analytics engine is a way to address data
security issues. To cope with the combined workload of analytics and encryption
in a tight power envelope, we propose Fulmine, a System-on-Chip based on a
tightly-coupled multi-core cluster augmented with specialized blocks for
compute-intensive data processing and encryption functions, supporting software
programmability for regular computing tasks. The Fulmine SoC, fabricated in
65nm technology, consumes less than 20mW on average at 0.8V achieving an
efficiency of up to 70pJ/B in encryption, 50pJ/px in convolution, or up to
25MIPS/mW in software. As a strong argument for real-life flexible application
of our platform, we show experimental results for three secure analytics use
cases: secure autonomous aerial surveillance with a state-of-the-art deep CNN
consuming 3.16pJ per equivalent RISC op; local CNN-based face detection with
secured remote recognition in 5.74pJ/op; and seizure detection with encrypted
data collection from EEG within 12.7pJ/op.Comment: 15 pages, 12 figures, accepted for publication to the IEEE
Transactions on Circuits and Systems - I: Regular Paper
On the Duality of Probing and Fault Attacks
In this work we investigate the problem of simultaneous privacy and integrity
protection in cryptographic circuits. We consider a white-box scenario with a
powerful, yet limited attacker. A concise metric for the level of probing and
fault security is introduced, which is directly related to the capabilities of
a realistic attacker. In order to investigate the interrelation of probing and
fault security we introduce a common mathematical framework based on the
formalism of information and coding theory. The framework unifies the known
linear masking schemes. We proof a central theorem about the properties of
linear codes which leads to optimal secret sharing schemes. These schemes
provide the lower bound for the number of masks needed to counteract an
attacker with a given strength. The new formalism reveals an intriguing duality
principle between the problems of probing and fault security, and provides a
unified view on privacy and integrity protection using error detecting codes.
Finally, we introduce a new class of linear tamper-resistant codes. These are
eligible to preserve security against an attacker mounting simultaneous probing
and fault attacks
Trusted-HB: a low-cost version of HB+ secure against Man-in-The-Middle attacks
Since the introduction at Crypto'05 by Juels and Weis of the protocol HB+, a
lightweight protocol secure against active attacks but only in a detection
based-model, many works have tried to enhance its security. We propose here a
new approach to achieve resistance against Man-in-The-Middle attacks. Our
requirements - in terms of extra communications and hardware - are surprisingly
low.Comment: submitted to IEEE Transactions on Information Theor
Measuring and mitigating AS-level adversaries against Tor
The popularity of Tor as an anonymity system has made it a popular target for
a variety of attacks. We focus on traffic correlation attacks, which are no
longer solely in the realm of academic research with recent revelations about
the NSA and GCHQ actively working to implement them in practice.
Our first contribution is an empirical study that allows us to gain a high
fidelity snapshot of the threat of traffic correlation attacks in the wild. We
find that up to 40% of all circuits created by Tor are vulnerable to attacks by
traffic correlation from Autonomous System (AS)-level adversaries, 42% from
colluding AS-level adversaries, and 85% from state-level adversaries. In
addition, we find that in some regions (notably, China and Iran) there exist
many cases where over 95% of all possible circuits are vulnerable to
correlation attacks, emphasizing the need for AS-aware relay-selection.
To mitigate the threat of such attacks, we build Astoria--an AS-aware Tor
client. Astoria leverages recent developments in network measurement to perform
path-prediction and intelligent relay selection. Astoria reduces the number of
vulnerable circuits to 2% against AS-level adversaries, under 5% against
colluding AS-level adversaries, and 25% against state-level adversaries. In
addition, Astoria load balances across the Tor network so as to not overload
any set of relays.Comment: Appearing at NDSS 201
Very Low Cost Entropy Source Based on Chaotic Dynamics Retrofittable on Networked Devices to Prevent RNG Attacks
Good quality entropy sources are indispensable in most modern cryptographic
protocols. Unfortunately, many currently deployed networked devices do not
include them and may be vulnerable to Random Number Generator (RNG) attacks.
Since most of these systems allow firmware upgrades and have serial
communication facilities, the potential for retrofitting them with secure
hardware-based entropy sources exists. To this aim, very low-cost, robust, easy
to deploy solutions are required. Here, a retrofittable, sub 10$ entropy source
based on chaotic dynamics is illustrated, capable of a 32 kbit/s rate or more
and offering multiple serial communication options including USB, I2C, SPI or
USART. Operation is based on a loop built around the Analog to Digital
Converter (ADC) hosted on a standard microcontroller.Comment: 4 pages, 6 figures. Pre-print from conference proceedings; IEEE 21th
International Conference on Electronics, Circuits, and Systems (ICECS 2014),
pp. 175-178, Dec. 201
- …