27,195 research outputs found
Time Protection: the Missing OS Abstraction
Timing channels enable data leakage that threatens the security of computer
systems, from cloud platforms to smartphones and browsers executing untrusted
third-party code. Preventing unauthorised information flow is a core duty of
the operating system, however, present OSes are unable to prevent timing
channels. We argue that OSes must provide time protection in addition to the
established memory protection. We examine the requirements of time protection,
present a design and its implementation in the seL4 microkernel, and evaluate
its efficacy as well as performance overhead on Arm and x86 processors
Experimental evaluation of two software countermeasures against fault attacks
Injection of transient faults can be used as a way to attack embedded
systems. On embedded processors such as microcontrollers, several studies
showed that such a transient fault injection with glitches or electromagnetic
pulses could corrupt either the data loads from the memory or the assembly
instructions executed by the circuit. Some countermeasure schemes which rely on
temporal redundancy have been proposed to handle this issue. Among them,
several schemes add this redundancy at assembly instruction level. In this
paper, we perform a practical evaluation for two of those countermeasure
schemes by using a pulsed electromagnetic fault injection process on a 32-bit
microcontroller. We provide some necessary conditions for an efficient
implementation of those countermeasure schemes in practice. We also evaluate
their efficiency and highlight their limitations. To the best of our knowledge,
no experimental evaluation of the security of such instruction-level
countermeasure schemes has been published yet.Comment: 6 pages, 2014 IEEE International Symposium on Hardware-Oriented
Security and Trust (HOST), Arlington : United States (2014
Systematic Literature Review of EM-SCA Attacks on Encryption
Cryptography is vital for data security, but cryptographic algorithms can
still be vulnerable to side-channel attacks (SCAs), physical assaults
exploiting power consumption and EM radiation. SCAs pose a significant threat
to cryptographic integrity, compromising device keys. While literature on SCAs
focuses on real-world devices, the rise of sophisticated devices necessitates
fresh approaches. Electromagnetic side-channel analysis (EM-SCA) gathers
information by monitoring EM radiation, capable of retrieving encryption keys
and detecting malicious activity. This study evaluates EM-SCA's impact on
encryption across scenarios and explores its role in digital forensics and law
enforcement. Addressing encryption susceptibility to EM-SCA can empower
forensic investigators in overcoming encryption challenges, maintaining their
crucial role in law enforcement. Additionally, the paper defines EM-SCA's
current state in attacking encryption, highlighting vulnerable and resistant
encryption algorithms and devices, and promising EM-SCA approaches. This study
offers a comprehensive analysis of EM-SCA in law enforcement and digital
forensics, suggesting avenues for further research
Outsmarting Network Security with SDN Teleportation
Software-defined networking is considered a promising new paradigm, enabling
more reliable and formally verifiable communication networks. However, this
paper shows that the separation of the control plane from the data plane, which
lies at the heart of Software-Defined Networks (SDNs), introduces a new
vulnerability which we call \emph{teleportation}. An attacker (e.g., a
malicious switch in the data plane or a host connected to the network) can use
teleportation to transmit information via the control plane and bypass critical
network functions in the data plane (e.g., a firewall), and to violate security
policies as well as logical and even physical separations. This paper
characterizes the design space for teleportation attacks theoretically, and
then identifies four different teleportation techniques. We demonstrate and
discuss how these techniques can be exploited for different attacks (e.g.,
exfiltrating confidential data at high rates), and also initiate the discussion
of possible countermeasures. Generally, and given today's trend toward more
intent-based networking, we believe that our findings are relevant beyond the
use cases considered in this paper.Comment: Accepted in EuroSP'1
Efficient Fault Detection Architectures for Modular Exponentiation Targeting Cryptographic Applications Benchmarked on FPGAs
Whether stemming from malicious intent or natural occurrences, faults and
errors can significantly undermine the reliability of any architecture. In
response to this challenge, fault detection assumes a pivotal role in ensuring
the secure deployment of cryptosystems. Even when a cryptosystem boasts
mathematical security, its practical implementation may remain susceptible to
exploitation through side-channel attacks. In this paper, we propose a
lightweight fault detection architecture tailored for modular exponentiation, a
building block of numerous cryptographic applications spanning from classical
cryptography to post quantum cryptography. Based on our simulation and
implementation results on ARM Cortex-A72 processor, and AMD/Xilinx Zynq
Ultrascale+, and Artix-7 FPGAs, our approach achieves an error detection rate
close to 100%, all while introducing a modest computational overhead of
approximately 7% and area overhead of less than 1% compared to the unprotected
architecture. To the best of our knowledge, such an approach benchmarked on ARM
processor and FPGA has not been proposed and assessed to date.Comment: 5 pages, 2 figure
Integrated Evaluation Platform for Secured Devices
International audienceIn this paper, we describe the structure of a FPGAsmart card emulator. The aim of such an emulator is to improvethe behaviour of the whole architecture when faults occur. Withinthis card, an embedded Advanced Encryption Standard (AES)protected against DFA is inserted as well as a fault injectionblock. We also present the microprocessor core which controlsthe whole card
Gaussian Quantum Information
The science of quantum information has arisen over the last two decades
centered on the manipulation of individual quanta of information, known as
quantum bits or qubits. Quantum computers, quantum cryptography and quantum
teleportation are among the most celebrated ideas that have emerged from this
new field. It was realized later on that using continuous-variable quantum
information carriers, instead of qubits, constitutes an extremely powerful
alternative approach to quantum information processing. This review focuses on
continuous-variable quantum information processes that rely on any combination
of Gaussian states, Gaussian operations, and Gaussian measurements.
Interestingly, such a restriction to the Gaussian realm comes with various
benefits, since on the theoretical side, simple analytical tools are available
and, on the experimental side, optical components effecting Gaussian processes
are readily available in the laboratory. Yet, Gaussian quantum information
processing opens the way to a wide variety of tasks and applications, including
quantum communication, quantum cryptography, quantum computation, quantum
teleportation, and quantum state and channel discrimination. This review
reports on the state of the art in this field, ranging from the basic
theoretical tools and landmark experimental realizations to the most recent
successful developments.Comment: 51 pages, 7 figures, submitted to Reviews of Modern Physic
Flexible Yet Secure De-Duplication Service for Enterprise Data on Cloud Storage
The cloud storage services bring forth infinite storage capacity and flexible access capability to store and share
large-scale content. The convenience brought forth has attracted both individual and enterprise users to outsource data service to a cloud provider. As the survey shows 56% of the usages of cloud storage applications are for data back up and up to 68% of data backup are user assets. Enterprise tenants would need to protect their data privacy before uploading them to the cloud and expect a reasonable performance while they try to reduce the operation cost in terms of cloud storage, capacity and I/Os matter as well
as systems’ performance, bandwidth and data protection. Thus, enterprise tenants demand secure and economic data storage yet flexible access on their cloud data.
In this paper, we propose a secure de-duplication solution
for enterprise tenants to leverage the benefits of cloud storage while reducing operation cost and protecting privacy. First, the solution uses a proxy to do flexible group access control which supports secure de-duplication within a group; Second, the solution supports scalable clustering of proxies to support large-scale data access; Third, the solution can be integrated with cloud storage seamlessly. We implemented and tested our solution by integrating it with Dropbox. Secure de-duplication in a group is performed at low data transfer latency and small
storage overhead as compared to de-duplication on plaintext
Quantum cryptography: key distribution and beyond
Uniquely among the sciences, quantum cryptography has driven both
foundational research as well as practical real-life applications. We review
the progress of quantum cryptography in the last decade, covering quantum key
distribution and other applications.Comment: It's a review on quantum cryptography and it is not restricted to QK
- …