Innovative Method of the Power Analysis

This paper describes an innovative method of the power analysis which presents the typical example of successful attacks against trusted cryptographic devices such as RFID (Radio-Frequency IDentifications) and contact smart cards. The proposed method analyzes power consumption of the AES (Advanced Encryption Standard) algorithm with neural network, which successively classifies the first byte of the secret key. This way of the power analysis is an entirely new approach and it is designed to combine the advantages of simple and differential power analysis. In the extreme case, this feature allows to determine the whole secret key of a cryptographic module only from one measured power trace. This attribute makes the proposed method very attractive for potential attackers. Besides theoretical design of the method, we also provide the first implementation results. We assume that the method will be certainly optimized to obtain more accurate classification results in the future

What Floats Your Boaters? – A Commentary

Florida has over one million registered boaters not including the plethora of canoes and other paddle craft for which registration is not required. Whereas wearing a seatbelt in a car is regulated by law and has become a routine practice for the majority of Floridians, wearing a personal floatation device (PFD) while boating is neither mandatory nor routine. Florida has ranked first annually among states in boating fatalities since 2003, and accounted for 10.9% of the total number of U.S. boating deaths in 2006. This commentary argues for making PFD use mandatory in an environment where the social norm is absence of use

Undermining User Privacy on Mobile Devices Using AI

Over the past years, literature has shown that attacks exploiting the microarchitecture of modern processors pose a serious threat to the privacy of mobile phone users. This is because applications leave distinct footprints in the processor, which can be used by malware to infer user activities. In this work, we show that these inference attacks are considerably more practical when combined with advanced AI techniques. In particular, we focus on profiling the activity in the last-level cache (LLC) of ARM processors. We employ a simple Prime+Probe based monitoring technique to obtain cache traces, which we classify with Deep Learning methods including Convolutional Neural Networks. We demonstrate our approach on an off-the-shelf Android phone by launching a successful attack from an unprivileged, zeropermission App in well under a minute. The App thereby detects running applications with an accuracy of 98% and reveals opened websites and streaming videos by monitoring the LLC for at most 6 seconds. This is possible, since Deep Learning compensates measurement disturbances stemming from the inherently noisy LLC monitoring and unfavorable cache characteristics such as random line replacement policies. In summary, our results show that thanks to advanced AI techniques, inference attacks are becoming alarmingly easy to implement and execute in practice. This once more calls for countermeasures that confine microarchitectural leakage and protect mobile phone applications, especially those valuing the privacy of their users

What Floats Your Boaters? -A Commentary

ABSTRAC

The Security Testbed for the Purposes of the ITS-G5 Communication Attacks Prevention

Secure communication in the Intelligent Transport System (ITS) plays a crucial role in vehicular safety. Security threats can be an unwanted cause of congestions and attacks. In this paper, first, the security threats in ITS are described and discussed. Second, a concept of the security testbed for ITS-G5 communication was presented. Its purpose is to test or verify the security threats for the machine-to-machine communication in the ITS. The testbed is composed of two parts. The first part represents the vehicle, and the second part is the Road-Side Unit (RSU) or the Road-vehicle unit (RVU). The testbed contains Arduino-type modules, SPI interface to CAN bus converter, and ELM 327 diagnostic tool supporting all communication protocols of the OBD standard. The simulator presented in this article was practically implemented and the functionality verified by experimental testing. Finally, a message for remote speed limiting was implemented on the testbed for further security testing.Peer reviewe

DLDDO: Deep Learning to Detect Dummy Operations

Recently, research on deep learning based side-channel analysis (DLSCA) has received a lot of attention. Deep learning-based profiling methods similar to template attacks as well as non-profiling-based methods similar to differential power analysis have been proposed. DLSCA methods have been proposed for targets to which masking schemes or jitter-based hiding schemes are applied. However, most of them are methods for finding the secret key, except for methods for preprocessing, and there are no studies on the target to which the dummy-based hiding schemes or shuffling schemes are applied. In this paper, we propose a DLSCA for detecting dummy operations. In the previous study, dummy operations were detected using the method called BCDC, but there is a disadvantage in that it is impossible to detect dummy operations for commercial devices such as an IC card. We consider the detection of dummy operations as a multi-label classification problem and propose a deep learning method based on CNN to solve it. As a result, it is possible to successfully perform detection of dummy operations on an IC card, which was not possible in the previous study

Far Field EM Side-Channel Attack on AES Using Deep Learning

We present the first deep learning-based side-channel attack on AES-128 using far field electromagnetic emissions as a side channel. Our neural networks are trained on traces captured from five different Bluetooth devices at five different distances to target and tested on four other Bluetooth devices. We can recover the key from less than 10K traces captured in an office environment at 15 m distance to target even if the measurement for each encryption is taken only once. Previous template attacks required multiple repetitions of the same encryption. For the case of 1K repetitions, we need less than 400 traces on average at 15 m distance to target. This improves the template attack presented at CHES\u272020 which requires 5K traces and key enumeration up to $2^{23}$

Convolutional Neural Networks with Data Augmentation against Jitter-Based Countermeasures.

International audienceIn the context of the security evaluation of cryptographic implementations, profiling attacks (aka Template Attacks) play a fundamental role. Nowadays the most popular Template Attack strategy consists in approximating the information leakages by Gaussian distributions. Nevertheless this approach suffers from the difficulty to deal with both the traces misalignment and the high dimensionality of the data. This forces the attacker to perform critical preprocessing phases, such as the selection of the points of interest and the realignment of measurements. Some software and hardware countermeasures have been conceived exactly to create such a misalignment. In this paper we propose an end-to-end profiling attack strategy based on the Convolutional Neural Networks: this strategy greatly facilitates the attack roadmap, since it does not require a previous trace realignment nor a precise selection of points of interest. To significantly increase the performances of the CNN, we moreover propose to equip it with the data augmentation technique that is classical in other applications of Machine Learning. As a validation, we present several experiments against traces misaligned by different kinds of countermeasures, including the augmentation of the clock jitter effect in a secure hardware implementation over a modern chip. The excellent results achieved in these experiments prove that Convolutional Neural Networks approach combined with data augmentation gives a very efficient alternative to the state-of-the-art profiling attacks