CacheZoom: How SGX Amplifies The Power of Cache Attacks

In modern computing environments, hardware resources are commonly shared, and parallel computation is widely used. Parallel tasks can cause privacy and security problems if proper isolation is not enforced. Intel proposed SGX to create a trusted execution environment within the processor. SGX relies on the hardware, and claims runtime protection even if the OS and other software components are malicious. However, SGX disregards side-channel attacks. We introduce a powerful cache side-channel attack that provides system adversaries a high resolution channel. Our attack tool named CacheZoom is able to virtually track all memory accesses of SGX enclaves with high spatial and temporal precision. As proof of concept, we demonstrate AES key recovery attacks on commonly used implementations including those that were believed to be resistant in previous scenarios. Our results show that SGX cannot protect critical data sensitive computations, and efficient AES key recovery is possible in a practical environment. In contrast to previous works which require hundreds of measurements, this is the first cache side-channel attack on a real system that can recover AES keys with a minimal number of measurements. We can successfully recover AES keys from T-Table based implementations with as few as ten measurements.Comment: Accepted at Conference on Cryptographic Hardware and Embedded Systems (CHES '17

On the automatic construction of indistinguishable operations

An increasingly important design constraint for software running on ubiquitous computing devices is security, particularly against physical methods such as side-channel attack. One well studied methodology for defending against such attacks is the concept of indistinguishable functions which leak no information about program control flow since all execution paths are computationally identical. However, constructing such functions by hand becomes laborious and error prone as their complexity increases. We investigate techniques for automating this process and find that effective solutions can be constructed with only minor amounts of computational effort.Fundação para a Ciência e Tecnologia - SFRH/BPD/20528/2004

Securing computation against continuous leakage

30th Annual Cryptology Conference, Santa Barbara, CA, USA, August 15-19, 2010. ProceedingsWe present a general method to compile any cryptographic algorithm into one which resists side channel attacks of the only computation leaks information variety for an unbounded number of executions. Our method uses as a building block a semantically secure subsidiary bit encryption scheme with the following additional operations: key refreshing, oblivious generation of cipher texts, leakage resilience re-generation, and blinded homomorphic evaluation of one single complete gate (e.g. NAND). Furthermore, the security properties of the subsidiary encryption scheme should withstand bounded leakage incurred while performing each of the above operations. We show how to implement such a subsidiary encryption scheme under the DDH intractability assumption and the existence of a simple secure hardware component. The hardware component is independent of the encryption scheme secret key. The subsidiary encryption scheme resists leakage attacks where the leakage is computable in polynomial time and of length bounded by a constant fraction of the security parameter.Israel Science Foundation (710267)United States-Israel Binational Science Foundation (710613)National Science Foundation (U.S.) (6914349)Weizmann KAMAR Gran

Finite precision measurement nullifies the Kochen-Specker theorem

Only finite precision measurements are experimentally reasonable, and they cannot distinguish a dense subset from its closure. We show that the rational vectors, which are dense in S^2, can be colored so that the contradiction with hidden variable theories provided by Kochen-Specker constructions does not obtain. Thus, in contrast to violation of the Bell inequalities, no quantum-over-classical advantage for information processing can be derived from the Kochen-Specker theorem alone.Comment: 7 pages, plain TeX; minor corrections, interpretation clarified, references update

Efficacy of Different Carrier Gases for Barrier Discharge Plasma Generation Compared to Chlorhexidine on the Survival of Pseudomonas aeruginosa Embedded in Biofilm in vitro

Because of its antimicrobial properties, nonthermal plasma could serve as an alternative to chemical antisepsis in wound treatment. Therefore, this study investigated the inactivation of biofilm-embedded Pseudomonas aeruginosa SG81 by a surface barrier-discharged (SBD) plasma for 30, 60, 150 and 300 s. In order to optimize the efficacy of the plasma, different carrier gases (argon, argon admixed with 1% oxygen, and argon with increased humidity up to approx. 80%) were tested and compared against 0.1% chlorhexidine digluconate (CHG) exposure for 600 s. The antimicrobial efficacy was determined by calculating the difference between the numbers of colony-forming units (CFU) of treated and untreated biofilms. Living bacteria were distinguished from dead by fluorescent staining and confocal laser scanning microscopy. Both SBD plasmas and CHG showed significant antimicrobial effects compared to the untreated control. However, plasma treatment led to a higher antimicrobial reduction (argon plasma 4.9 log10 CFU/cm2, argon with admixed oxygen 3 log10 CFU/cm2, and with increased gas humidity 2.7 log10 CFU/cm2 after 300 s) compared to CHG. In conclusion, SBD plasma is suitable as an alternative to CHG for inactivation of Pseudomonas aeruginosa embedded in biofilm. Further development of SBD plasma sources and research on the role of carrier gases and humidity may allow their clinical application for wound management in the future

Practical Improvements of Profiled Side-Channel Attacks on a Hardware Crypto-Accelerator

Abstract. This article investigates the relevance of the theoretical frame-work on profiled side-channel attacks presented by F.-X. Standaert et al. at Eurocrypt 2009. The analyses consist in a case-study based on side-channel measurements acquired experimentally from a hardwired crypto-graphic accelerator. Therefore, with respect to previous formal analyses carried out on software measurements or on simulated data, the inves-tigations we describe are more complex, due to the underlying chip’s architecture and to the large amount of algorithmic noise. In this dif-ficult context, we show however that with an engineer’s mindset, two techniques can greatly improve both the off-line profiling and the on-line attack. First, we explore the appropriateness of different choices for the sensitive variables. We show that a skilled attacker aware of the regis-ter transfers occurring during the cryptographic operations can select the most adequate distinguisher, thus increasing its success rate. Sec-ond, we introduce a method based on the thresholding of leakage data to accelerate the profiling or the matching stages. Indeed, leveraging on an engineer’s common sense, it is possible to visually foresee the shape of some eigenvectors thereby anticipating their estimation towards their asymptotic value by authoritatively zeroing weak components containing mainly non-informational noise. This method empowers an attacker, in that it saves traces when converging towards correct values of the secret. Concretely, we demonstrate a 5 times speed-up in the on-line phase of the attack.

Generating entangled atom-photon pairs from Bose-Einstein condensates

We propose using spontaneous Raman scattering from an optically driven Bose-Einstein condensate as a source of atom-photon pairs whose internal states are maximally entangled. Generating entanglement between a particle which is easily transmitted (the photon) and one which is easily trapped and coherently manipulated (an ultracold atom) will prove useful for a variety of quantum-information related applications. We analyze the type of entangled states generated by spontaneous Raman scattering and construct a geometry which results in maximum entanglement

Spectroscopic factors for bound s-wave states derived from neutron scattering lengths

A simple and model-independent method is described to derive neutron single-particle spectroscopic factors of bound s-wave states in $^{A+1}Z = ^{A}Z \otimes n$ nuclei from neutron scattering lengths. Spectroscopic factors for the nuclei ^{13}C, ^{14}C, ^{16}N, ^{17}O, ^{19}O, ^{23}Ne, ^{37}Ar, and ^{41}Ar are compared to results derived from transfer experiments using the well-known DWBA analysis and to shell model calculations. The scattering length of ^{14}C is calculated from the ^{15}C_{g.s.} spectroscopic factor.Comment: 9 pages (uses revtex), no figures, accepted for publication in PRC, uuencoded tex-files and postscript-files available at ftp://is1.kph.tuwien.ac.at/pub/ohu/Thermal.u

On reminder effects, drop-outs and dominance: evidence from an online experiment on charitable giving

We present the results of an experiment that (a) shows the usefulness of screening out drop-outs and (b) tests whether different methods of payment and reminder intervals affect charitable giving. Following a lab session, participants could make online donations to charity for a total duration of three months. Our procedure justifying the exclusion of drop-outs consists in requiring participants to collect payments in person flexibly and as known in advance and as highlighted to them later. Our interpretation is that participants who failed to collect their positive payments under these circumstances are likely not to satisfy dominance. If we restrict the sample to subjects who did not drop out, but not otherwise, reminders significantly increase the overall amount of charitable giving. We also find that weekly reminders are no more effective than monthly reminders in increasing charitable giving, and that, in our three months duration experiment, standing orders do not increase giving relative to one-off donations