ACADIA: Efficient and Robust Adversarial Attacks Against Deep Reinforcement Learning

Ali, Haider

05 January 2023

Existing adversarial algorithms for Deep Reinforcement Learning (DRL) have largely focused on identifying an optimal time to attack a DRL agent. However, little work has been explored in injecting efficient adversarial perturbations in DRL environments. We propose a suite of novel DRL adversarial attacks, called ACADIA, representing AttaCks Against Deep reInforcement leArning. ACADIA provides a set of efficient and robust perturbation-based adversarial attacks to disturb the DRL agent's decision-making based on novel combinations of techniques utilizing momentum, ADAM optimizer (i.e., Root Mean Square Propagation or RMSProp), and initial randomization. These kinds of DRL attacks with novel integration of such techniques have not been studied in the existing Deep Neural Networks (DNNs) and DRL research. We consider two well-known DRL algorithms, Deep-Q Learning Network (DQN) and Proximal Policy Optimization (PPO), under Atari games and MuJoCo where both targeted and non-targeted attacks are considered with or without the state-of-the-art defenses in DRL (i.e., RADIAL and ATLA). Our results demonstrate that the proposed ACADIA outperforms existing gradient-based counterparts under a wide range of experimental settings. ACADIA is nine times faster than the state-of-the-art Carlini and Wagner (CW) method with better performance under defenses of DRL. / Master of Science / Artificial Intelligence (AI) techniques such as Deep Neural Networks (DNN) and Deep Reinforcement Learning (DRL) are prone to adversarial attacks. For example, a perturbed stop sign can force a self-driving car's AI algorithm to increase the speed rather than stop the vehicle. There has been little work developing attacks and defenses against DRL. In DRL, a DNN-based policy decides to take an action based on the observation of the environment and gets the reward in feedback for its improvements. We perturb that observation to attack the DRL agent. There are two main aspects to developing an attack on DRL. One aspect is to identify an optimal time to attack (when-to-attack?). The second aspect is to identify an efficient method to attack (how-to-attack?). To answer the second aspect, we propose a suite of novel DRL adversarial attacks, called ACADIA, representing AttaCks Against Deep reInforcement leArning. We consider two well-known DRL algorithms, Deep-Q Learning Network (DQN) and Proximal Policy Optimization (PPO), under DRL environments of Atari games and MuJoCo where both targeted and non-targeted attacks are considered with or without state-of-the-art defenses. Our results demonstrate that the proposed ACADIA outperforms state-of-the-art perturbation methods under a wide range of experimental settings. ACADIA is nine times faster than the state-of-the-art Carlini and Wagner (CW) method with better performance under the defenses of DRL.

Secure AI

Deep Reinforcement Learning

Adversarial Learning

Adversarial Attacks

The Art of SRAM Security: Tactics for Remanence-based Attack and Strategies for Defense

Mahmod, Jubayer

02 May 2024

The importance of securing hardware, particularly in the context of the Internet of Things (IoT), cannot be overstated in light of the increasing prevalence of low-level attacks. As the IoT industry continues to expand, security has become a more holistic concern, as evidenced by the wide range of attacks that we observed, from large-scale distributed denial-of-service attacks to data theft through monitoring a device's low-level behavior, such as power consumption. Traditional software-based security measures fall short in defending against the full spectrum of attacks, particularly those involving physical tampering with system hardware. This underscores the critical importance of proactively integrating attack vectors that encompass both hardware and software domains, with a particular emphasis on considering both the analog and digital characteristics of hardware. This thesis investigates system security from a hardware perspective, specifically examining how low-level circuit behavior and architectural design choices impact SRAM's data remanence and its implications for security. This dissertation not only identifies new vulnerabilities due to SRAM data remanence but also paves the way for novel security solutions in the ongoing "security arms race". I present an attack, volt boot, that executes cold-boot style short-term data remanence in on-chip SRAM without using temperature effect. This attack exploits the fact that SRAM's power bus is externally accessible and allows data retention using a simple voltage probe. Next, I present a steganography method that hides information in the SRAM exploiting long-term data remanence. This approach leverages aging-induced degradation to imprint data in SRAM's analog domain, ultimately resulting in hidden and plausibly deniable information storage in the hardware. Finally, I show how an adversary weaponizes SRAM data remanence to develop an attack on a hardware-backed security isolation mechanism. The following provides a brief overview of the three major contributions of this thesis: 1. Volt boot is an attack that demonstrates the vulnerability of on-chip SRAM due to the physical separation common in modern SoCs' power distribution networks. By probing external power pins (to the cache) of an SoC while simultaneously shutting down the main system power, Volt boot creates data retention across power cycles. On-chip SRAM can be a safe memory when the threat model considers traditional off-chip cold-boot-style attacks. This research demonstrates an alternative method for preserving information in on-chip SRAM through power cycles, expanding our understanding of data retention capabilities. Volt boot leverages asymmetrical power states (e.g., on vs. off) to force SRAM state retention across power cycles, eliminating the need for traditional cold boot attack enablers, such as low-temperature or intrinsic data retention time. 2. Invisible Bits is a hardware steganography technique that hides secret messages in the analog domain of SRAM embedded within a computing device. Exploiting accelerated transistor aging, Invisible Bits stores hidden data along with system data in an on-chip cache and provides a plausible deniability guarantee from statistical analysis. Aging changes the transistor's behavior which I exploit to store data permanently (ie long-term data remanence) in an SRAM. Invisible Bits presents unique opportunities for safeguarding electronic devices when subjected to inspections by authorities. 3. UntrustZone utilizes long-term data remanence to exfiltrate secrets from on-chip SRAM. An attacker application must be able to read retained states in the SRAM upon power cycles, but this needs changing the security privilege. Hardware security schemes, such as ARM TrustZone, erase a memory block before changing its security attributes and releasing it to other applications, making short-term data remanence attacks ineffective. That is, attacks such as Volt boot fail when hardware-backed isolation such as TEE is enforced. UntrustZone unveils a new threat to all forms of on-chip SRAM even when backed by hardware isolation: long-term data remanence. I show how an attacker systematically accelerates data imprinting on SRAM's analog domain to effectively burn in on-chip secrets and bypass TrustZone isolation. / Doctor of Philosophy / In computing systems, hardware serves as the fundamental bulwark against security breaches. The evolution in software security has compelled adversaries to seek potential vulnerabilities in the hardware.The infamous cold boot attack exemplifies such vulnerabilities, showcasing how adversaries exploit hardware to access runtime secrets, even when cryptographic algorithms protect the system's disk. In this attack, volatile main memory (DRAM) is `frozen' at extremely cold temperatures, allowing it to retain information even when disconnected from the victim machine. Subsequently, an adversary transfers this `frozen memory' to another machine to extract the victim's secrets. This classic case is among numerous sophisticated hardware vulnerabilities identified in recent years, highlighting the evolving challenge of securing hardware against ingenious attacks. This rise in hardware-based attacks across industry and academia underscores the importance of adopting a comprehensive approach to safeguard computing systems. This approach must encompass secure processor design, ensuring a trusted distribution chain, rigorous software security vetting, and protection against runtime side-channel leakage. Consequently, there is a growing emphasis in both industry and academia on prioritizing security in design decisions. My dissertation delves into the low-level hardware behaviors, particularly focusing on the data remanence phenomena of Static Random Access Memory (SRAM). By discovering new security vulnerabilities and proposing effective mitigation strategies, this thesis contributes to the ongoing effort to fortify computing systems against evolving threats that are rooted in the hardware. SRAM stands as a ubiquitous form of volatile memory found in most processors and microcontrollers, serving as a crucial component for temporary storage of instructions and data to facilitate rapid access. By design, SRAM forgets its contents upon a processor's power cycle and defaults to a state determined by low-level circuit behavior. However, this dissertation unveils the possibility of retaining on-chip information even after power cycling, leveraging inherent low-level circuit behaviors to create data retention. This revelation exposes major security implications, resulting in the following three key contributions: Firstly, I introduce the volt boot attack, which exploits the vulnerability of on-chip SRAM, particularly to physical separation in modern System on Chip (SoC) power distribution networks. We conventionally assume that on-chip SRAM is secure against off-chip cold-boot attacks, but volt boot demonstrates the feasibility of achieving a similar state without traditional prerequisites such as low temperatures or long intrinsic data retention times. Subsequently, I propose a data hiding technique---invisible Bits, which leverages accelerated device wear out to embed data into the transistors of SRAM. This method introduces a novel form of hardware-based steganography, concealing data within the analog domain alongside digital system data. Lastly, I show how accelerated device aging can be weaponized to design a sophisticated attack aimed at extracting secrets from a Trusted Execution Environment (TEE) like ARM TrustZone. While short-term data remanence attacks such as Volt boot are rendered ineffective against hardware-backed isolation enforced by TEEs, UntrustZone harnesses the methodologies and tools from preceding works to induce long-term data remanence. This poses a new threat to on-chip cryptography that stores secrets on chip, even when fortified by hardware isolation mechanisms, such as ARM TrustZone.

On-chip SRAM attacks

aging side channel

data remanence

An Intrusion Detection System for Battery Exhaustion Attacks on Mobile Computers

Nash, Daniel Charles

15 June 2005

Mobile personal computing devices continue to proliferate and individuals' reliance on them for day-to-day needs necessitate that these platforms be secure. Mobile computers are subject to a unique form of denial of service attack known as a battery exhaustion attack, in which an attacker attempts to rapidly drain the battery of the device. Battery exhaustion attacks greatly reduce the utility of the mobile devices by decreasing battery life. If steps are not taken to thwart these attacks, they have the potential to become as widespread as the attacks that are currently mounted against desktop systems. This thesis presents steps in the design of an intrusion detection system for detecting these attacks, a system that takes into account the performance, energy, and memory constraints of mobile computing devices. This intrusion detection system uses several parameters, such as CPU load and disk accesses, to estimate the power consumption of two test systems using multiple linear regression models, allowing us to find the energy used on a per process basis, and thus identifying processes that are potentially battery exhaustion attacks. / Master of Science

intrusion detection

IDS

battery exhaustion

power attacks

linear regression model

State-of-the-art Intrusion Detection: Technology, Challenges, and Evaluation.

Peddisetty, Naga Raju

January 2005

<p>Due to the invention of automated hacking tools, Hacking is not a black art anymore. Even script kiddies can launch attacks in few seconds. Therefore, there is a great emphasize on the Security to protect the resources from camouflage. Intrusion Detection System is also one weapon in the security arsenal. It is the process of monitoring and analyzing information sources in order to detect vicious traffic. With its unique capabilities like monitoring, analyzing, detecting and archiving, IDS assists the organizations to combat against threats, to have a snap-shot of the networks, and to conduct Forensic Analysis. Unfortunately there are myriad products inthe market. Selecting a right product at time is difficult. Due to the wide spread rumors and paranoia, in this work I have presented the state-of-the-art IDS technologies, assessed the products, and evaluated. I have also presented some of the novel challenges that IDS products are suffering. This work will be a great help for pursuing IDS technology and to deploy Intrusion Detection Systems in an organization. It also gives in-depth knowledge of the present IDS challenges.</p>

Informationsteknik

IDS

Challenges

Evaluation

State-of-the-art IDS

Evasion attacks

IDS features

zero-day attacks

Encrypted traffic.

Informationsteknik

Information technology

Informationsteknik

The Defense Against the latest Cyber Espionage both insider and outsider attacks

Nsambu, Emmanuel, Aziz, Danish

January 2012

This study was carried out with the intention of examining the defensive mechanism employed against the latest cyber espionage methods including both insider and outsider attacks. The main focus of this study was on web servers as the targets of the cyber attacks. Information in connection to the study was obtained from researchers’ online articles. A survey was also conducted at MidSweden University in order to obtain information about the latest cyber attacks on web servers and about the existing defensive mechanism against such attacks. The existing defensive mechanism was surveyed and a simple design was created to assist in the investigation of the efficiency of the system. Some simple implementations of the existing defensive mechanism were made in order to provide some practical results that were used for the study. The existing defensive mechanism was surveyed and improved upon where possible. The improved defensive mechanism was designed and implemented and its results were compared with the results from the existing defensive mechanism. Due to the fact that the majority of the attackers use defensive mechanisms’ vulnerability in order to find their way into devices such as web servers, it was felt that, even with the most sophisticated improved defensive mechanism in place, it would not be entirely correct to claim that it is possible to fully protect web servers against such attacks.

Cyber attacks

Cyber Esionage

Hackers

SQL injection

DDoS attack

DoS attack

Combined Attacks On Block Ciphers

Oztop, Nese

01 August 2009

Cryptanalytic methods are very important tools in terms of evaluating the security of block ciphers in a more accurate and reliable way. Differential and linear attacks have been the most effective cryptanalysis methods since the early 1990s. However, as the technology developed and more secure ciphers are designed, these fundamental methods started to be not so efficient. In order to analyze the ciphers, new methods should be introduced. One approach is inventing new techniques that are different from the existing ones. Another approach is extending or combining known cryptanalytic methods to analyze the cipher in a different way. This thesis is a survey of the attacks that are generated by combination of existing techniques and their applications on specific block ciphers. Mentioned attacks are namely differential-linear, differential-bilinear, higher order differential-linear, differential-nonlinear, square-nonlinear, impossible differential and boomerang type attacks.

QA Computer Software 76.75-76.765

Coordinated Variable Structure Switching Attacks for Smart Grid

Liu, Shan

02 October 2013

The effective modeling and analysis of large-scale power system disturbances especially those stemming from intentional attack represents an open engineering and research problem. Challenges stem from the need to develop intelligent models of cyber-physical attacks that produce salient disruptions and appropriately describe meaningful cyber-physical interdependencies such that they balance precision, scale and complexity. In our research, we present a foundation for the development of a class of intelligent cyber-physical attacks termed coordinated variable structure switching attacks whereby opponents aim to destabilize the power grid through con- trolled switching sequence. Such switching is facilitated by cyber-attack and corruption of communication channels and control signals of the associated switch(es). We provide methods and theorems to construct such attack models and demonstrate their utility in the simulation of extensive system disturbances. Our proposed class of cyber-physical switching attacks for smart grid systems has the potential to disrupt large-scale power system operation within a short interval of time. Through successful cyber intrusion, an opponent can remotely apply a state- dependent coordinated switching sequence on one or more relays and circuit breakers of a power system to disrupt operation. Existence of this switching vulnerability is dependent on the local structure of the power grid. Variable structure systems theory is employed to effectively model the cyber-physical aspects of a smart grid and determine the existence of the vulnerability and construct the destabilizing switching attack sequence. We illustrate the utility of the attack approach assess its impact on the different power system test cases including the single machine infinite bus power system model and the Western Electricity Coordinating Council (WECC) 3-machine 9-bus system through MATLAB/Simulink and PSCAD simulation environment. The results demonstrate the potential of our approach for practical attack. Moreover, we build on our work in several ways. First, we extend the research to demonstrate an approach to mitigation within the variable structure system frame- work. We demonstrate via small signal analysis how through persistent switching a stable sliding mode can be used to disrupt a dynamical system that seems stable. We also design an approach to vulnerability analysis to assess the feasibility of co-ordinated variable structure switching attacks. Moreover, we study the performance of our attack construction approach when the opponent has imperfect knowledge of the local system dynamics and partial knowledge of the generator state. Based on the system with modeling errors, we study the performance of coordinated variable structure switching attacks in the presence of state estimation. Finally, we illustrate the concepts of attack model within the multiple switching framework, the cascading failure analysis is employed in the New-England 10-machine, 39-bus power system using MATLAB/Simulink and DSATools simulation environment. Our results demonstrate the potential for coordinated variable structure switching attacks to enable large-scale power system disturbances.

coordinated switching attacks

power system attacks

cyber security

smart grid modeling

variable structure systems

cyber-physical system theory

Méthodologie et outils pour la mise en pratique des attaques par collision et attaques horizontales sur l'exponentiation modulaire / From theory to practice of collision based attacks and horizontal attacks applied on protected implementation of modular exponentiation.

Diop, Ibrahima

11 April 2017

Dans cette thèse, nous étudions deux sous-familles d'attaques par canaux cachés sur l'exponentiation modulaire appelées respectivement attaques par collision et attaques horizontales. Cette étude est faite selon deux axes : leurs mises en pratique et les possibles contremesures.Dans un premier temps, nous étudions les attaques par canaux cachés sur un simulateur développé durant cette thèse. Ce simulateur permet de vérifier la bonne implémentation d'une attaque par canaux cachés avant sa mise en pratique dans un environnement réel. Dans un deuxième temps, nous étudions les attaques par collision dans un environnement réel. Pour cela, nous nous sommes intéressés à l'automatisation de la détection effective de collision. Ainsi, nous proposons un nouveau critère de détection de collision.Dans un troisième temps, nous étudions l'estimation du rapport signal à bruit d'un jeu de traces dans le contexte des attaques par canaux cachés. Ainsi, nous proposons une nouvelle façon d'estimer le rapport signal à bruit lors d'une attaque par canaux cachés. En outre, nous montrons que cette estimation du rapport signal à bruit peut être exploitéepour l'analyse des fuites d'un canal caché mais aussi pour effectuer un filtrage adaptatif ne nécessitant pas la connaissance de certains paramètres du composant analysé.Dans un quatrième temps, au travers d'une étude détaillée des principales étapes d'une attaque horizontale, nous montrons les problèmes pouvant intervenir dans la pratique et comment les résoudre. Ainsi des solutions génériques sont proposées. Nous proposons finalement de possibles contremesures aux attaques horizontales sur l'exponentiation modulaire / This thesis is focused on the study of two sub-families of side channel attacks applied on modular exponentiation called respectively, collision based attacks and horizontal (or single shot) attacks. This study is made according to two axes: their applications and the possible countermeasures.Firstly, we study side channel attacks on a simulator developed during this thesis. This simulator allows to validate the good implementation of a any side channel attack before its application in a real environment.Secondly, we study collision based attacks in a real environment. For this purpose, we study the automation of collision detection in practice. Then, we introduce a new collision detection criterion and show its practical interest. Afterwards, we study the estimation of the signal to noise ratio in the context of side channel attacks. So, we introduce a fast and accurate method for its estimation during a side channel analysis. From our method we derive pragmatic and efficient methods for the daily tasks of evaluators. Among them the analysis of the electrical activity of integrated circuit or the identification of the frequencies carrying usable information or information leakage.Finally, through a detailed description of the main stages of an horizontal attack, we propose effective and practical solutions to improve secret information extraction in real environment and on the other hand possible countermeasures against the horizontal attacks applied on modular exponentiation.

Analyse par canaux cachés

Attaques par collision

Attaques horizontales

Side channel analysis

Collision based attacks

Horizontal attacks

Mechanism Design in Defense against Offline Password Attacks

Wenjie Bai (16051163)

15 June 2023

<p>The prevalence of offline password attacks, resulting from attackers breaching authentication servers and stealing cryptographic password hashes, poses a significant threat. Users' tendency to select weak passwords and reuse passwords across multiple accounts, coupled with computation advancement,  further exacerbate the danger.</p> <p><br></p> <p>This dissertation addresses this issue by proposing password authentication mechanisms that aim to minimize the number of compromised passwords in the event of offline attacks, while ensuring that the server's workload remains manageable. Specifically, we present three mechanisms: (1) DAHash: This mechanism adjusts password hashing costs based on the strength of the underlying password. Through appropriate tuning of hashing cost parameters, the DAHash mechanism effectively reduces the fraction of passwords that can be cracked by an offline password cracker. (2) Password Strength Signaling: We explore the application of Bayesian Persuasion to password authentication. The key idea is to have the authentication server store a noisy signal about the strength of each user password for an offline attacker to find. We demonstrate that by appropriately tuning the noise distribution for the signal, a rational attacker will crack fewer passwords. (3) Cost-Asymmetric Memory Hard Password Hashing: We extend the concept of password peppering to modern Memory Hard password hashing algorithms. We identify limitations in naive extensions and introduce the concept of cost-even breakpoints as a solution. This approach allows us to overcome these limitations and achieve cost-asymmetry, wherein the expected cost of validating a correct password is significantly smaller than the cost of rejecting an incorrect password.</p> <p><br></p> <p>When analyzing the behavior of a rational attacker it is important to understand the attacker’s guessing curve i.e., the percentage of passwords that the attacker could crack within a guessing budget B. Dell’Amico and Filippone introduced a Monte Carlo algorithm to estimate the guessing number of a password as well as an estimate for the guessing curve. While the estimated guessing number is accurate in expectation the variance can be large and the method does not guarantee that the estimates are accurate with high probability. Thus, we introduce Confident Monte Carlo as a tool to provide confidence intervals for guessing number estimates and upper/lower bound the attacker’s guessing curves.</p> <p><br></p> <p>Moreover, we extend our focus beyond classical attackers to include quantum attackers. We present a decision-theoretic framework that models the rational behavior of attackers equipped with quantum computers. The objective is to quantify the capabilities of a rational quantum attacker and the potential damage they could inflict, assuming optimal decision-making. Our framework can potentially contribute to the development of effective countermeasures against a wide range of quantum pre-image attacks in the future.</p>

Data security and protection

Password Authentication Mechanism

Stackelberg Game

Password Strength Estimation

Offline Password Attacks

Quantum Pre-image Attacks

Simulative Evaluation of Security Monitoring Systems based on SDN

Stagkopoulou, Alexandra

January 2016

Software Defined Networks (SDN) constitute the new communication paradigm ofprogrammable computer networks. By decoupling the control and date plane the networkmanagement is easier and more flexible. However, the new architecture is vulnerable to anumber of security threats, which are able to harm the network. Network monitoringsystems are pivotal in order to protect the network. To this end, the evaluation of a networkmonitoring system is crucial before the deployment of it in the real environment. Networksimulators are the complementary part of the process as they are necessary during theevaluation of the new system’s performance at the design time. This work focuses on providing a complete simulation framework which is able to(i) support SDN architectures and the OpenFlow protocol, (ii) reproduce the impact ofcyber and physical attacks against the network and (iii) provide detection and mitigationtechniques to address Denial-of-Service (DoS) attacks. The performance of the designedmonitoring system will be evaluated in terms of accuracy, reactiveness and effectiveness.The work is an extension of INET framework of OMNeT++ network simulator. / Software Defined Networks (SDN) utgör den nya kommunikationsmodellen av programmerbara datornätverk. Genom separation av kontroll- och dataplanet blir administrativ hantering av datornätverk enklare och flexiblare. Arkitekturen öppnar emellertid upp nya säkerthets hot, övervakningssystem är därför väsentliga för att skydda datornätverk. Till följd av detta är utvärdering av övervakningssystem kritiskt innan driftsättning i produktionsmiljö. Nätverkssimulatorer är den kompletterande delen i processen då de är nödvändiga för utvärdering av systemets prestanda under design fasen. Detta arbete fokuserar på att tillföra ett komplettet simulations ramverk vilket är kapabelet till; (i) ge stöd för SDN arkitekturer och OpenFlow protokollet, (ii) reproducera skadegörelsen av cyber- och fysiska attacker mot datornäterk och (iii) förse sätt att upptäcka och mildra Denial-of-Service (DoS) attacker. Prestanda av det designade övervakningssystemet är utvärderat i form av exakthet, responstid och effektivitet. Arbetet är en utvidgning av INET ramverket, som är del av OMNeT++ network simulator.

Communication Systems

Kommunikationssystem