214 research outputs found
Enhancing an Embedded Processor Core with a Cryptographic Unit for Performance and Security
We present a set of low-cost architectural enhancements to accelerate the execution of certain arithmetic operations common in cryptographic applications on an extensible embedded processor core. The proposed enhancements are generic in the sense that they can be beneficially applied in almost any RISC processor. We implemented the enhancements in form of a cryptographic unit (CU) that offers the programmer an extended instruction set. The CU features a 128-bit wide register file and datapath, which enables it to process 128-bit words and perform 128-bit loads/stores. We analyze the speed-up factors for some arithmetic operations and public-key cryptographic algorithms obtained through
these enhancements. In addition, we evaluate the hardware overhead (i.e. silicon area) of integrating the CU into an embedded RISC processor. Our experimental results show that the proposed architectural enhancements allow for a
significant performance gain for both RSA and ECC at the expense of an acceptable increase in silicon area. We also demonstrate that the proposed enhancements facilitate the protection of cryptographic algorithms against certain types of side-channel attacks and present an AES implementation
hardened against cache-based attacks as a case study
A Novel Side-Channel in Real-Time Schedulers
We demonstrate the presence of a novel scheduler side-channel in preemptive,
fixed-priority real-time systems (RTS); examples of such systems can be found
in automotive systems, avionic systems, power plants and industrial control
systems among others. This side-channel can leak important timing information
such as the future arrival times of real-time tasks.This information can then
be used to launch devastating attacks, two of which are demonstrated here (on
real hardware platforms). Note that it is not easy to capture this timing
information due to runtime variations in the schedules, the presence of
multiple other tasks in the system and the typical constraints (e.g.,
deadlines) in the design of RTS. Our ScheduLeak algorithms demonstrate how to
effectively exploit this side-channel. A complete implementation is presented
on real operating systems (in Real-time Linux and FreeRTOS). Timing information
leaked by ScheduLeak can significantly aid other, more advanced, attacks in
better accomplishing their goals
Cache-timing attack against aes crypto system - countermeasures review
Side channel attacks are based on side channel information, which is information that is leaked from encryption systems. Implementing side channel attacks is possible if and only if an attacker has access to a cryptosystem (victim) or can interact with cryptosystem remotely to compute time statistics of information that collected from targeted system. Cache timing attack is a special type of side channel attack. Here, timing information caused by cache effect is collected and analyzed by an attacker to guess sensitive information such as encryption key or plaintext. Cache timing attack against AES was known theoretically until Bernstein carry out a real implementation of the attack. Fortunately, this attack can be a success only by exploiting bad implementation in software or hardware, not for algorithm structure weaknesses, and that means attack could be prevented if proper implementation has been used. For that reason, modification in software and hardware has been proposed as countermeasures. This paper reviews the technique applied in this attack, surveys the countermeasures against it, and evaluates the feasibility and usability of each countermeasure. We made comparison between these countermeasure based on certain aspect furthermore
Covert timing channels, caching, and cryptography
Side-channel analysis is a cryptanalytic technique that targets not the formal description of a cryptographic primitive but the implementation of it. Examples of side-channels include power consumption or timing measurements. This is a young but very active field within applied cryptography. Modern processors are equipped with numerous mechanisms to improve the average performance of a program, including but not limited to caches. These mechanisms can often be used as side-channels to attack software implementations of cryptosystems. This area within side-channel analysis is called microarchitecture attacks, and those dealing with caching mechanisms cache-timing attacks. This dissertation presents a number of contributions to the field of side-channel analysis. The introductory portion consists of a review of common cache architectures, a literature survey of covert channels focusing mostly on covert timing channels, and a literature survey of cache-timing attacks, including selective related results that are more generally categorized as side-channel attacks such as traditional timing attacks. This dissertation includes eight publications relating to this field. They contain contributions in areas such as side-channel analysis, data cache-timing attacks, instruction cache-timing attacks, traditional timing attacks, and fault attacks. Fundamental themes also include attack mitigations and efficient yet secure software implementation of cryptosystems. Concrete results include, but are not limited to, four practical side-channel attacks against OpenSSL, each implemented and leading to full key recovery
Cache Based Power Analysis Attacks on AES
International audienceThis paper describes possible attacks against software implementations of AES running on processors with cache mechanisms, particularly in the case of smart cards. These attacks are based on sidechannel information gained by observing cache hits and misses in the current drawn by the smart card. Two dierent attacks are described. The first is a combination of ideas proposed in [2] and [11] to produce an attack that only requires the manipulation of the plain text and the observation of the current. The second is an attack based on specific implementations of the xtime function [10]. These attacks are shown to also work against algorithms using Boolean data masking techniques as a DPA countermeasure
Cache-Timing Techniques: Exploiting the DSA Algorithm
Side-channel information is any type of information leaked through unexpected channels due to physical features of a system dealing with data. The memory cache can be used as a side-channel, leakage and exploitation of side-channel information from the executing processes is possible, leading to the recovery of secret information. Cache-based side-channel attacks represent a serious threat to implementations of several cryptographic primitives, especially in shared libraries. This work explains some of the cache-timing techniques commonly used to exploit vulnerable software. Using a particular combination of techniques and exploiting a vulnerability found in the implementation of the DSA signature scheme in the OpenSSL shared library, a cache-timing attack is performed against the DSA’s sliding window exponentiation algorithm. Moreover, the attack is expanded to show that it is possible to perform cache-timing attacks against protocols relying on the DSA signature scheme. SSH and TLS are attacked, leading to a key-recovery attack: 260 SSH-2 handshakes to extract a 1024/160-bit DSA hostkey from an OpenSSH server, and 580 TLS 1.2 handshakes to extract a 2048/256-bit DSA key from an stunnel server
Securing Real-Time Internet-of-Things
Modern embedded and cyber-physical systems are ubiquitous. A large number of
critical cyber-physical systems have real-time requirements (e.g., avionics,
automobiles, power grids, manufacturing systems, industrial control systems,
etc.). Recent developments and new functionality requires real-time embedded
devices to be connected to the Internet. This gives rise to the real-time
Internet-of-things (RT-IoT) that promises a better user experience through
stronger connectivity and efficient use of next-generation embedded devices.
However RT- IoT are also increasingly becoming targets for cyber-attacks which
is exacerbated by this increased connectivity. This paper gives an introduction
to RT-IoT systems, an outlook of current approaches and possible research
challenges towards secure RT- IoT frameworks
09031 Abstracts Collection -- Symmetric Cryptography
From 11.01.09 to 16.01.09, the Seminar 09031 in
``Symmetric Cryptography \u27\u27 was held
in Schloss Dagstuhl~--~Leibniz Center for Informatics.
During the seminar, several participants presented their current
research, and ongoing work and open problems were discussed. Abstracts of
the presentations given during the seminar as well as abstracts of
seminar results and ideas are put together in this paper. The first section
describes the seminar topics and goals in general.
Links to extended abstracts or full papers are provided, if available
- …