668 research outputs found
Investigation into Photon Emissions as a Side-Channel Leakage in Two Microcontrollers: A Focus on SRAM Blocks
Microcontrollers are extensively utilized across a diverse range of applications. However, with the escalating usage of these devices, the risk to their security and the valuable data they process correspondingly intensifies. These devices could potentially be susceptible to various security threats, with side channel leakage standing out as a notable concern. Among the numerous types of side-channel leakages, photon emissions from active devices emerge as a potentially significant concern. These emissions, a characteristic of all semiconductor devices including microcontrollers, occur during their operation. Depending on the operating point and the internal state of the chip, these emissions can reflect the device’s internal operations. Therefore, a malicious individual could potentially exploit these emissions to gain insights into the computations being performed within the device.
This dissertation delves into the investigation of photon emissions from the SRAM blocks of two distinct microcontrollers, utilizing a cost-effective setup. The aim is to extract information from these emissions, analyzing them as potential side-channel leakage points.
In the first segment of the study, a PIC microcontroller variant is investigated. The quiescent photon emissions from the SRAM are examined. A correlation attack was successfully executed on these emissions, which led to the recovery of the AES encryption key. Furthermore, differential analysis was used to examine the location of SRAM bits. The combination of this information with the application of an image processing method, namely the Structural Similarity Index (SSIM), assisted in revealing the content of SRAM cells from photon emission images.
The second segment of this study, for the first time, emphasizes on a RISC-V chip, examining the photon emissions of the SRAM during continuous reading. Probing the photon emissions from the row and column detectors led to the identification of a target word location, which is capable of revealing the AES key. Also, the content of target row was retrieved through the photon emissions originating from the drivers and the SRAM cells themselves. Additionally, the SSIM technique was utilized to determine the address of a targeted word in RISC-V photon emissions which cannot be analyzed through visual inspection.
The insights gained from this research contribute to a deeper understanding of side-channel leakage via photon emissions and demonstrate its potential potency in extracting critical information from digital devices. Moreover, this information significantly contributes to the development of innovative security measures, an aspect becoming increasingly crucial in our progressively digitized world
A Survey of FPGA Optimization Methods for Data Center Energy Efficiency
This article provides a survey of academic literature about field
programmable gate array (FPGA) and their utilization for energy efficiency
acceleration in data centers. The goal is to critically present the existing
FPGA energy optimization techniques and discuss how they can be applied to such
systems. To do so, the article explores current energy trends and their
projection to the future with particular attention to the requirements set out
by the European Code of Conduct for Data Center Energy Efficiency. The article
then proposes a complete analysis of over ten years of research in energy
optimization techniques, classifying them by purpose, method of application,
and impacts on the sources of consumption. Finally, we conclude with the
challenges and possible innovations we expect for this sector.Comment: Accepted for publication in IEEE Transactions on Sustainable
Computin
Kavach: Lightweight masking techniques for polynomial arithmetic in lattice-based cryptography
Lattice-based cryptography has laid the foundation of various modern-day cryptosystems that cater to several applications, including post-quantum cryptography. For structured lattice-based schemes, polynomial arithmetic is a fundamental part. In several instances, the performance optimizations come from implementing compact multipliers due to the small range of the secret polynomial coefficients. However, this optimization does not easily translate to side-channel protected implementations since masking requires secret polynomial coefficients to be distributed over a large range. In this work, we address this problem and propose two novel generalized techniques, one for the number theoretic transform (NTT) based and another for the non-NTT-based polynomial arithmetic. Both these proposals enable masked polynomial multiplication while utilizing and retaining the small secret property.
For demonstration, we used the proposed technique and instantiated masked multipliers for schoolbook as well as NTT-based polynomial multiplication. Both of these can utilize the compact multipliers used in the unmasked implementations. The schoolbook multiplication requires an extra polynomial accumulation along with the two polynomial multiplications for a first-order protected implementation. However, this cost is nothing compared to the area saved by utilizing the existing cheap multiplication units. We also extensively test the side-channel resistance of the proposed design through TVLA to guarantee its first-order security
Another Look at Side-Channel Resistant Encoding Schemes
The idea of balancing the side-channel leakage in software was proposed more than a decade ago. Just like with other hiding-based countermeasures, the goal is not to hide the leakage completely but to significantly increase the effort required for the attack. Previous approaches focused on two directions: either balancing the Hamming weight of the processed data or deriving the code by using stochastic leakage profiling.
In this brief, we build upon these results by proposing a novel approach that combines the two directions. We provide the theory behind our encoding scheme backed by experimental results on a 32-bit ARM Cortex-M4 microcontroller. Our results show that such a combination gives better side-channel resistance properties than each of the two methods separately
Towards trustworthy computing on untrustworthy hardware
Historically, hardware was thought to be inherently secure and trusted due to its
obscurity and the isolated nature of its design and manufacturing. In the last two
decades, however, hardware trust and security have emerged as pressing issues.
Modern day hardware is surrounded by threats manifested mainly in undesired
modifications by untrusted parties in its supply chain, unauthorized and pirated
selling, injected faults, and system and microarchitectural level attacks. These threats,
if realized, are expected to push hardware to abnormal and unexpected behaviour
causing real-life damage and significantly undermining our trust in the electronic and
computing systems we use in our daily lives and in safety critical applications. A
large number of detective and preventive countermeasures have been proposed in
literature. It is a fact, however, that our knowledge of potential consequences to
real-life threats to hardware trust is lacking given the limited number of real-life
reports and the plethora of ways in which hardware trust could be undermined. With
this in mind, run-time monitoring of hardware combined with active mitigation of
attacks, referred to as trustworthy computing on untrustworthy hardware, is proposed
as the last line of defence. This last line of defence allows us to face the issue of live
hardware mistrust rather than turning a blind eye to it or being helpless once it occurs.
This thesis proposes three different frameworks towards trustworthy computing
on untrustworthy hardware. The presented frameworks are adaptable to different
applications, independent of the design of the monitored elements, based on
autonomous security elements, and are computationally lightweight. The first
framework is concerned with explicit violations and breaches of trust at run-time,
with an untrustworthy on-chip communication interconnect presented as a potential
offender. The framework is based on the guiding principles of component guarding,
data tagging, and event verification. The second framework targets hardware elements
with inherently variable and unpredictable operational latency and proposes a
machine-learning based characterization of these latencies to infer undesired latency
extensions or denial of service attacks. The framework is implemented on a DDR3
DRAM after showing its vulnerability to obscured latency extension attacks. The
third framework studies the possibility of the deployment of untrustworthy hardware
elements in the analog front end, and the consequent integrity issues that might arise
at the analog-digital boundary of system on chips. The framework uses machine
learning methods and the unique temporal and arithmetic features of signals at this
boundary to monitor their integrity and assess their trust level
AI Hype: Public Relations and AI's doomsday machine
This chapter broadens current professional debates by highlighting a different but vital relationship between the PR profession and AI, one in which PR professionals – acting as AI cheerleaders – are deeply implicated in generating AI hype. My discussion explores recent market studies research on disruption and hype cycles, before delving into the latest, somewhat disturbing phase in AI’s hype cycle, in which end-of-the-world scenarios are invoked to stimulate a climate of fear around AI. The chapter concludes by exploring some ethical concerns with promoting AI and automation as humanity’s inevitable future
A New Generic Fault Resistant Masking Scheme using Error-Correcting Codes
One of the main security challenges white-box cryptography
needs to address is side-channel security. To this end, designers aim to
eliminate the dependence between variables and sensitive data. Classical
countermeasures to do so are masking schemes. Nevertheless, most masking schemes are not designed to thwart the other main security threat
: fault attacks. Thus, we aimed to build a masking scheme that could
combine resistance to both of these types of attacks.
In this paper, we present our new generic fault resistant masking scheme
using BCH error-correcting codes, as well as the design choices behind
it
A Thorough Evaluation of RAMBAM
The application of masking, widely regarded as the most robust and reliable countermeasure against Side-Channel Analysis (SCA) attacks, has been the subject of extensive research across a range of cryptographic algorithms, especially AES. However, the implementation cost associated with applying such a countermeasure can be significant and even in some scenarios infeasible due to considerations such as area and latency overheads, as well as the need for fresh randomness to ensure the security properties of the resulting design. Most of these overheads originate from the ability to maintain security in the presence of physical defaults such as glitches and transitions.
Among several schemes with a trade-off between such overheads, RAMBAM, presented at CHES 2022, offers an ultra-low latency in terms of the number of clock cycles. It is dedicated to the AES and utilizes redundant representations of the finite field elements to enhance protection against both passive and active physical attacks.
In this paper, we have a deeper look at this technique and provide a comprehensive analysis. The original authors reported that the number of required traces to mount a successful attack increases exponentially with the size of the redundant representation. We however examine their scheme from theoretical point of view. More specifically, we investigate the relationship between RAMBAM and the well-established Boolean masking and, based on this, prove the insecurity of RAMBAM. Through the examples and use cases, we assess the leakage of the scheme in practice and use verification tools to demonstrate that RAMBAM does not necessarily offer adequate protection against SCA attacks neither in theory nor in practice. Confirmed by real-world experiments, we additionally highlight that -- if no dedicated facility is incorporated -- the RAMBAM designs are susceptible to fault-injection attacks despite providing some degree of protection against a sophisticated attack vector, i.e., SIFA
A Process for the Restoration of Performances from Musical Errors on Live Progressive Rock Albums
In the course of my practice of producing live progressive rock albums, a significant
challenge has emerged: how to repair performance errors while retaining the intended
expressive performance. Using a practice as research methodology, I develop a novel process,
Error Analysis and Performance Restoration (EAPR), to restore a performer’s intention where
an error was assessed to have been made. In developing this process, within the context of
my practice, I investigate: the nature of live albums and the groups to which I am
accountable, a definition of performance errors, an examination of their causes, and the
existing literature on these topics. In presenting EAPR, I demonstrate, drawing from existing
research, a mechanism by which originally intended performances can be extracted from
recorded errors. The EAPR process exists as a conceptual model; each album has a specific
implementation to address the needs of that album, and the currently available technology.
Restoration techniques are developed as part of this implementation. EAPR is developed and
demonstrated through my work restoring performances on a front-line commercial live
release, the Creative Submission Album. The specific EAPR implementation I design for it is
laid out, and detailed examples of its techniques demonstrated
- …