Process Table Covert Channels: Exploitation and Countermeasures

How to securely run untrusted software? A typical answer is to try to isolate the actual effects this software might have. Such counter-measures can take the form of memory segmentation, sandboxing or virtualisation. Besides controlling potential damage this software might do, such methods try to prevent programs from peering into other running programs\u27 operation and memory. As programs, no matter how many layers of indirection in place, are really being run, they consume resources. Should this resource usage be precisely monitored, malicious programs might be able to communicate in spite of software protections. We demonstrate the existence of such a covert channel bypassing isolations techniques and IPC policies. This covert channel that works over all major consumer OSes (Windows, Linux, MacOS) and relies on exploitation of the process table. We measure the bandwidth of this channel and suggest countermeasures

Buying AES Design Resistance with Speed and Energy

Fault and power attacks are two common ways of extracting secrets from tamper-resistant chips. Although several protections have been proposed to thwart these attacks, resistant designs usually claim significant area or speed overheads. Furthermore, circuit-level countermeasures are usually not reconfigurable at runtime. This paper exploits the AES’ algorithmic features to propose low-cost and low-latency protections. We provide Verilog and FPGA implementation details. Using our design, real-life applications can be configured during runtime to meet the user’s needs and the system’s constraints

Random Active Shield

International audienceRecently, some active shielding techniques have been broken (e.g. by FlyLogic). The caveat is that their geometry is easy to guess, and thus they can be bypassed with an affordable price. This paper has two contributions. First of all, it provides a definition of the objectives of shielding, which is seldom found in publicly available sources. Notably, we precise the expected functionality, but also the constraints it must meet to be both manufacturable and secure. Second, we propose an innovative solution based on random shielding. The goal of this shielding is to make the geometry of the shield difficult to recognize, thereby making the ''identification'' phase of the attack harder than in previous schemes. Also, a proof of the shielding existence for two layers of metal is provided, which guarantees that the generation of the layout will succeed. Finally, we provide real tests of the shield generation algorithm, that show it is computationally tractable even for large areas to protect

Nouvelles Contre-Mesures pour la Protection de Circuits Intégrés

Embedded security applications are diverse and at the center of all personal embedded applications. They introduced an obvious need for data confidentiality and security in general. Invasive attacks on hardware have always been part of the industrial scene. The aim of this thesis is to propose new solutions in order to protect embedded circuits against some physical attacks described above. ln a first part of the manuscript, we detail the techniques used to achieve side-channel, invasive attacks and reverse engineering. I could implement several of these attacks during my thesis research, they will be detailed extensively. ln the second part we propose different hardware countermeasures against side-channel attacks. The third part is dedicated to protection strategies against invasive attacks using active shielding and we conclude this work by proposing an innovative cryptographic shield which is faulty and dpa resistant.Les domaines d'application de la cryptographie embarquée sont très divers et se retrouvent au croisement de toutes les applications personnelles, avec un besoin évident de confidentialité des données et également de sécurité d'accès des moyens de paiement. Les attaques matérielles invasives ont fait de tous temps partie de l'environnement industriel. L'objectif de cette thèse est de proposer de nouvelles solutions pour protéger les circuits intégrés contre ces attaques physiques. La première partie décrit les notions d'attaques par canaux cachés, d'attaques invasives et de retro-conception. Plusieurs exemples de ces types d'attaques ont pu être mis en œuvre pendant le travail de recherche de cette thèse, ils sont présentés en détail dans cette partie. La deuxième partie est consacrée à des propositions de différentes contre-mesures pour contrer des attaques par canaux cachés ayant pour vecteur la consommation de courant. La troisième partie est dédiée à la protection contre les attaques invasives en utilisant divers types de boucliers et capteurs. Nous conclurons ce manuscrit de thèse par la proposition d'un bouclier actif cryptographique inviolable ayant pour but premier de contrer Je sondage, mais aussi celui de détecter l'injection de fautes et d'être immunisé contre les analyses par consommation de courant

New Protection Strategies for Integrated Circuits

Les domaines d'application de la cryptographie embarquée sont très divers et se retrouvent au croisement de toutes les applications personnelles, avec un besoin évident de confidentialité des données et également de sécurité d'accès des moyens de paiement. Les attaques matérielles invasives ont fait de tous temps partie de l'environnement industriel. L'objectif de cette thèse est de proposer de nouvelles solutions pour protéger les circuits intégrés contre ces attaques physiques. La première partie décrit les notions d'attaques par canaux cachés, d'attaques invasives et de retro-conception. Plusieurs exemples de ces types d'attaques ont pu être mis en œuvre pendant le travail de recherche de cette thèse, ils sont présentés en détail dans cette partie. La deuxième partie est consacrée à des propositions de différentes contre-mesures pour contrer des attaques par canaux cachés ayant pour vecteur la consommation de courant. La troisième partie est dédiée à la protection contre les attaques invasives en utilisant divers types de boucliers et capteurs. Nous conclurons ce manuscrit de thèse par la proposition d'un bouclier actif cryptographique inviolable ayant pour but premier de contrer Je sondage, mais aussi celui de détecter l'injection de fautes et d'être immunisé contre les analyses par consommation de courant.Embedded security applications are diverse and at the center of all personal embedded applications. They introduced an obvious need for data confidentiality and security in general. Invasive attacks on hardware have always been part of the industrial scene. The aim of this thesis is to propose new solutions in order to protect embedded circuits against some physical attacks described above. ln a first part of the manuscript, we detail the techniques used to achieve side-channel, invasive attacks and reverse engineering. I could implement several of these attacks during my thesis research, they will be detailed extensively. ln the second part we propose different hardware countermeasures against side-channel attacks. The third part is dedicated to protection strategies against invasive attacks using active shielding and we conclude this work by proposing an innovative cryptographic shield which is faulty and dpa resistant

Communicating Covertly through CPU Monitoring

International audienc

Using Hamiltonian Totems as Passwords

International audienc

Using Hamiltonian Totems as Passwords

Physical authentication brings extra security to software authentication by adding real-world input to conventional authentication protocols. Existing solutions such as textual and graphical passwords are subject to brute force and shoulder sur fing attacks, while users are reluctant to use biometrics for identifi cation, due to its intrusiveness. This paper uses Hamiltonian tokens as authentication means. The proposed token structure offers many possible configurations ( i.e., passwords) and is small enough to be carried on a physical keychain. After presenting our general idea, we describe an e fficient algorithm to produce these tokens. Our procedure was validated by running a recognition campaign on a wide batch of synthetic samples, and experimented on prototypes manufactured using a commercial 3D-printer

Cryptographically secure shields

International audience—Probing attacks are serious threats on integrated circuits. Security products often include a protective layer called shield that acts like a digital fence. In this article, we demonstrate a new shield structure that is cryptographically secure. This shield is based on the newly proposed SIMON lightweight block cipher and independent mesh lines to ensure the security against probing attacks of the hardware located behind the shield. Such structure can be proven secure against state-of-the-art invasive attacks. For the first time in the open literature, we describe a chip designed with a digital shield, and give an extensive report of its cost, in terms of power, metal layer(s) to sacrifice and of logic (including the logic to connect it to the CPU). Also, we explain how "Through Silicon Vias" (TSV) technology can be used for the protection against both frontside and backside probing