Spelling suggestions: "subject:"sidechannel attack"" "subject:"sidechannel cuttack""
11 |
A Memory-Array Centric Reconfigurable Hardware Accelerator for Security ApplicationsBabecki, Christopher 03 June 2015 (has links)
No description available.
|
12 |
An Automatable Workflow to Analyze and Secure Integrated Circuits Against Power Analysis AttacksPerera, Kevin 02 June 2017 (has links)
No description available.
|
13 |
A deep learning based side-channel analysis of an FPGA implementation of Saber / En djupinlärningsbaserad sidokanalanalys av en FPGA-implementering av SaberJi, Yanning January 2022 (has links)
In 2016, NIST started a post quantum cryptography (PQC) standardization project in response to the rapid development of quantum algorithms which break many public-key cryptographic schemes. As the project nears its end, it is necessary to assess the resistance of its finalists to side-channel attacks. Although several side-channel attacks on software implementations PQCfinalists have been presented in recent papers, hardware implementations have been investigated much less. In this thesis, we present the first side-channel attack on an FPGA implementation of one of the NIST PQC finalists, Saber. Our experiments are performed on a publicly availible implementation of Saber compiled with Xilinx Vivado for an Artix-7 XC7A100T FPGA. We trained several deep learning models in an attempt to recover the Hamming weight and value of messages using their corresponding power traces. We also proposed a method to determine the Hamming weight of messages through binary search based on these models. We found out that, due to the difference in software and hardware implementations, the previously presented message recovery method that breaks a masked software implementation of Saber cannot be directly applied to the hardware implementation. The main reason for this is that, in the hardware implementation used in our experiments, all 256 bits of a message are processed in parallel, while in the software implementation used in the previous work, the bits are processed one-by-one. Future works includes finding new methods for analyzing hardware implementations. / Under 2016 startade NIST ett standardiseringsprojekt efter kvantkryptering (PQC) som svar på den snabba utvecklingen av kvantalgoritmer som bryter många kryptografiska system med offentliga nyckel. När projektet närmar sig sitt slut är det nödvändigt att bedöma finalisternas motstånd mot sidokanalsattacker. Även om flera sidokanalsattacker på programvaruimplementationer PQC-finalister har presenterats i de senaste tidningarna, har hårdvaruimplementationer undersökts mycket mindre. I denna avhandling presenterar vi den första sidokanalsattacken på en FPGA-implementering av en av NIST PQC-finalisterna, Sabre. Våra experiment utförs på en allmänt tillgänglig implementering av Sabre kompilerad med Xilinx Vivado för en Artix-7 XC7A100T FPGA. Vi tränade f lera modeller för djupinlärning i ett försök att återställa Hamming-vikten och värdet av meddelanden med hjälp av deras motsvarande kraftspår. Vi föreslog också en metod för att bestämma Hamming-vikten för meddelanden genom binär sökning baserat på dessa modeller. Vi fick reda på att, på grund av skillnaden i mjukvaru- och hårdvaruimplementationer, kan den tidigare presenterade meddelandeåterställningsmetoden som bryter en maskerad mjukvaruimplementering av Sabre inte direkt appliceras på hårdvaruimplementeringen. Den främsta anledningen till detta är att i hårdvaruimplementeringen som används i våra experiment bearbetas alla 256 bitar i ett meddelande parallellt, medan i mjukvaruimplementeringen som användes i det tidigare arbetet bearbetas bitarna en i taget. Framtida arbete inkluderar att hitta nya metoder för att analysera hårdvaruimplementationer.
|
14 |
Algorithms and Frameworks for Accelerating Security Applications on HPC PlatformsYu, Xiaodong 09 September 2019 (has links)
Typical cybersecurity solutions emphasize on achieving defense functionalities. However, execution efficiency and scalability are equally important, especially for real-world deployment. Straightforward mappings of cybersecurity applications onto HPC platforms may significantly underutilize the HPC devices' capacities. On the other hand, the sophisticated implementations are quite difficult: they require both in-depth understandings of cybersecurity domain-specific characteristics and HPC architecture and system model.
In our work, we investigate three sub-areas in cybersecurity, including mobile software security, network security, and system security. They have the following performance issues, respectively: 1) The flow- and context-sensitive static analysis for the large and complex Android APKs are incredibly time-consuming. Existing CPU-only frameworks/tools have to set a timeout threshold to cease the program analysis to trade the precision for performance. 2) Network intrusion detection systems (NIDS) use automata processing as its searching core and requires line-speed processing. However, achieving high-speed automata processing is exceptionally difficult in both algorithm and implementation aspects. 3) It is unclear how the cache configurations impact time-driven cache side-channel attacks' performance. This question remains open because it is difficult to conduct comparative measurement to study the impacts.
In this dissertation, we demonstrate how application-specific characteristics can be leveraged to optimize implementations on various types of HPC for faster and more scalable cybersecurity executions. For example, we present a new GPU-assisted framework and a collection of optimization strategies for fast Android static data-flow analysis that achieve up to 128X speedups against the plain GPU implementation. For network intrusion detection systems (IDS), we design and implement an algorithm capable of eliminating the state explosion in out-of-order packet situations, which reduces up to 400X of the memory overhead. We also present tools for improving the usability of Micron's Automata Processor. To study the cache configurations' impact on time-driven cache side-channel attacks' performance, we design an approach to conducting comparative measurement. We propose a quantifiable success rate metric to measure the performance of time-driven cache attacks and utilize the GEM5 platform to emulate the configurable cache. / Doctor of Philosophy / Typical cybersecurity solutions emphasize on achieving defense functionalities. However, execution efficiency and scalability are equally important, especially for the real-world deployment. Straightforward mappings of applications onto High-Performance Computing (HPC) platforms may significantly underutilize the HPC devices’ capacities. In this dissertation, we demonstrate how application-specific characteristics can be leveraged to optimize various types of HPC executions for cybersecurity. We investigate several sub-areas, including mobile software security, network security, and system security. For example, we present a new GPU-assisted framework and a collection of optimization strategies for fast Android static data-flow analysis that achieve up to 128X speedups against the unoptimized GPU implementation. For network intrusion detection systems (IDS), we design and implement an algorithm capable of eliminating the state explosion in out-of-order packet situations, which reduces up to 400X of the memory overhead. We also present tools for improving the usability of HPC programming. To study the cache configurations’ impact on time-driven cache side-channel attacks’ performance, we design an approach to conducting comparative measurement. We propose a quantifiable success rate metric to measure the performance of time-driven cache attacks and utilize the GEM5 platform to emulate the configurable cache.
|
15 |
SCA-Resistant and High-Performance Embedded Cryptography Using Instruction Set Extensions and Multi-Core ProcessorsChen, Zhimin 28 July 2011 (has links)
Nowadays, we use embedded electronic devices in almost every aspect of our daily lives. They represent our electronic identity; they store private information; they monitor health status; they do confidential communications, and so on. All these applications rely on cryptography and, therefore, present us a research objective: how to implement cryptography on embedded systems in a trustworthy and efficient manner.
Implementing embedded cryptography faces two challenges - constrained resources and physical attacks. Due to low cost constraints and power budget constraints, embedded devices are not able to use high-end processors. They cannot run at extremely high frequencies either. Since most embedded devices are portable and deployed in the field, attackers are able to get physical access and to mount attacks as they want. For example, the power dissipation, electromagnetic radiation, and execution time of embedded cryptography enable Side-Channel Attacks (SCAs), which can break cryptographic implementations in a very short time with a quite low cost.
In this dissertation, we propose solutions to efficient implementation of SCA-resistant and high-performance cryptographic software on embedded systems. These solutions make use of two state-of-the-art architectures of embedded processors: instruction set extensions and multi-core architectures. We show that, with proper processor micro-architecture design and suitable software programming, we are able to deliver SCA-resistant software which performs well in security, performance, and cost. In comparison, related solutions have either high hardware cost or poor performance or low attack resistance. Therefore, our solutions are more practical and see a promising future in commercial products. Another contribution of our research is the proper partitioning of the Montgomery multiplication over multi-core processors. Our solution is scalable over multiple cores, achieving almost linear speedup with a high tolerance to inter-core communication delays. We expect our contributions to serve as solid building blocks that support secure and high-performance embedded systems. / Ph. D.
|
16 |
A machine learning approach for automatic and generic side-channel attacksLerman, Liran 10 June 2015 (has links)
L'omniprésence de dispositifs interconnectés amène à un intérêt massif pour la sécurité informatique fournie entre autres par le domaine de la cryptographie. Pendant des décennies, les spécialistes en cryptographie estimaient le niveau de sécurité d'un algorithme cryptographique indépendamment de son implantation dans un dispositif. Cependant, depuis la publication des attaques d'implantation en 1996, les attaques physiques sont devenues un domaine de recherche actif en considérant les propriétés physiques de dispositifs cryptographiques. Dans notre dissertation, nous nous concentrons sur les attaques profilées. Traditionnellement, les attaques profilées appliquent des méthodes paramétriques dans lesquelles une information a priori sur les propriétés physiques est supposée. Le domaine de l'apprentissage automatique produit des modèles automatiques et génériques ne nécessitant pas une information a priori sur le phénomène étudié.<p><p>Cette dissertation apporte un éclairage nouveau sur les capacités des méthodes d'apprentissage automatique. Nous démontrons d'abord que les attaques profilées paramétriques surpassent les méthodes d'apprentissage automatique lorsqu'il n'y a pas d'erreur d'estimation ni d'hypothèse. En revanche, les attaques fondées sur l'apprentissage automatique sont avantageuses dans des scénarios réalistes où le nombre de données lors de l'étape d'apprentissage est faible. Par la suite, nous proposons une nouvelle métrique formelle d'évaluation qui permet (1) de comparer des attaques paramétriques et non-paramétriques et (2) d'interpréter les résultats de chaque méthode. La nouvelle mesure fournit les causes d'un taux de réussite élevé ou faible d'une attaque et, par conséquent, donne des pistes pour améliorer l'évaluation d'une implantation. Enfin, nous présentons des résultats expérimentaux sur des appareils non protégés et protégés. La première étude montre que l'apprentissage automatique a un taux de réussite plus élevé qu'une méthode paramétrique lorsque seules quelques données sont disponibles. La deuxième expérience démontre qu'un dispositif protégé est attaquable avec une approche appartenant à l'apprentissage automatique. La stratégie basée sur l'apprentissage automatique nécessite le même nombre de données lors de la phase d'apprentissage que lorsque celle-ci attaque un produit non protégé. Nous montrons également que des méthodes paramétriques surestiment ou sous-estiment le niveau de sécurité fourni par l'appareil alors que l'approche basée sur l'apprentissage automatique améliore cette estimation. <p><p>En résumé, notre thèse est que les attaques basées sur l'apprentissage automatique sont avantageuses par rapport aux techniques classiques lorsque la quantité d'information a priori sur l'appareil cible et le nombre de données lors de la phase d'apprentissage sont faibles. / Doctorat en Sciences / info:eu-repo/semantics/nonPublished
|
17 |
Amélioration d'attaques par canaux auxiliaires sur la cryptographie asymétrique / Improvement of side-channel attack on asymmetric cryptographyDugardin, Margaux 11 July 2017 (has links)
Depuis les années 90, les attaques par canaux auxiliaires ont remis en cause le niveau de sécurité des algorithmes cryptographiques sur des composants embarqués. En effet, tout composant électronique produit des émanations physiques, telles que le rayonnement électromagnétique, la consommation de courant ou encore le temps d’exécution du calcul. Or il se trouve que ces émanations portent de l’information sur l’évolution de l’état interne. On parle donc de canal auxiliaire, car celui-ci permet à un attaquant avisé de retrouver des secrets cachés dans le composant par l’analyse de la « fuite » involontaire. Cette thèse présente d’une part deux nouvelles attaques ciblant la multiplication modulaire permettant d’attaquer des algorithmes cryptographiques protégés et d’autre part une démonstration formelle du niveau de sécurité d’une contre-mesure. La première attaque vise la multiplication scalaire sur les courbes elliptiques implémentée de façon régulière avec un masquage du scalaire. Cette attaque utilise une unique acquisition sur le composant visé et quelques acquisitions sur un composant similaire pour retrouver le scalaire entier. Une fuite horizontale durant la multiplication de grands nombres a été découverte et permet la détection et la correction d’erreurs afin de retrouver tous les bits du scalaire. La seconde attaque exploite une fuite due à la soustraction conditionnelle finale dans la multiplication modulaire de Montgomery. Une étude statistique de ces soustractions permet de remonter à l’enchaînement des multiplications ce qui met en échec un algorithme régulier dont les données d’entrée sont inconnues et masquées. Pour finir, nous avons prouvé formellement le niveau de sécurité de la contre-mesure contre les attaques par fautes du premier ordre nommée extension modulaire appliquée aux courbes elliptiques. / : Since the 1990s, side channel attacks have challenged the security level of cryptographic algorithms on embedded devices. Indeed, each electronic component produces physical emanations, such as the electromagnetic radiation, the power consumption or the execution time. Besides, these emanations reveal some information on the internal state of the computation. A wise attacker can retrieve secret data in the embedded device using the analyzes of the involuntary “leakage”, that is side channel attacks. This thesis focuses on the security evaluation of asymmetric cryptographic algorithm such as RSA and ECC. In these algorithms, the main leakages are observed on the modular multiplication. This thesis presents two attacks targeting the modular multiplication in protected algorithms, and a formal demonstration of security level of a countermeasure named modular extension. A first attack is against scalar multiplication on elliptic curve implemented with a regular algorithm and scalar blinding. This attack uses a unique acquisition on the targeted device and few acquisitionson another similar device to retrieve the whole scalar. A horizontal leakage during the modular multiplication over large numbers allows to detect and correct easily an error bit in the scalar. A second attack exploits the final subtraction at the end of Montgomery modular multiplication. By studying the dependency of consecutive multiplications, we can exploit the information of presence or absence of final subtraction in order to defeat two protections : regular algorithm and blinding input values. Finally, we prove formally the security level of modular extension against first order fault attacks applied on elliptic curves cryptography.
|
18 |
Attaque par canaux auxillaires multivariées, multi-cibles et d'ordre élevé / Multivariate multitarget high order side-channel attacksBruneau, Nicolas 18 May 2017 (has links)
Les analyses par canaux auxiliaires exploitent les fuites physiques des systèmes embarqués. Ces attaques représentent une réelle menace; c’est pourquoi différentes contre-mesures ont été développées. Cette thèse s’intéresse à la sécurité fournie par ces contre-mesures. Nous étudions leur sécurité dans le contexte où de multiples fuites sont présentes. Il arrive que plusieurs fuites de plusieurs variables puissent être exploitées lors d’analyses par canaux auxiliaires. Dans cette thèse nous présentons la méthode optimale pour exploiter les fuites d’une unique variable. Nous étudions ensuite comment de telles méthodes de réduction de dimensionnalité peuvent être appliquées dans le cas d’implémentations protégées. Nous montrons que ces méthodes voient leur efficacité augmentée avec le niveau de sécurité de l’implémentation. Nous montrons dans cette thèse comment exploiter les fuites de multiples variables pour améliorer les résultats d’analyses par canaux auxiliaires. Nous améliorons en particulier les attaques contre les schémas de masquage avec recalcul de table. Dans ce contexte nous présentons l’attaque optimale. Dans le cas où les schémas avec recalcul de table sont protégés nous montrons que le principal paramètre pour évaluer la sécurité des schémas de masquage, c’est-à-dire l’ordre n’est pas suffisant. Pour finir nous étudions de façon théorique la meilleure attaque possible en présence de masquage et de « shuffling » ce qui généralise le précédent cas d’étude. Dans ce cas nous montrons que l’attaque optimale n’est pas calculable. Pour y remédier, nous présentons une version tronquée de l’attaque optimale avec une meilleure efficacité calculatoire. / Side Channel Attacks are a classical threat against cryptographic algorithms in embedded systems. They aim at exploiting the physical leakages unintentionally emitted by the devices during the execution of their embedded programs to recover sensitive data. As such attacks represent a real threat against embedded systems different countermeasures have been developed. In thesis we investigate their security in presence of multiple leakages. Indeed there often are in the leakage measurements several variables which can be exploited to mount Side Channel Attacks. In particular we show in this thesis the optimal way to exploit multiple leakages of a unique variable. This dimensionality reduction comes with no loss on the overall exploitable information. Based on this result we investigate further how such dimensionality reduction methodscan be applied in the case of protected implementations. We show that the impact of such methods increases with the security “level” of the implementation. We also investigate how to exploit the leakages of multiplevariables in order to improve the results of Side Channel Analysis. We start by improving the attacks against masking schemes, with a precomputed table recomputation step. Some protections have been developed to protect such schemes. As a consequence we investigate the security provided by these protections. In this context we present results which show that the main parameter to evaluate the security of the masking schemes is not sufficient to estimate the global security of the implementation. Finally we show that in the context of masking scheme with shuffling the optimal attack is not computable. As a consequence we present a truncated version of this attack with a better effectiveness.
|
19 |
Board and Chip Diversity in Deep Learning Side-Channel Attacks : On ATtiny85 Implementations Featuring Encryption and Communication / Mångfald av kretskort och chip i sidokanalsattacker med djupinlärning : På ATtiny85-implementationer med kryptering och kommunikationBjörklund, Filip, Landin, Niklas January 2021 (has links)
Hardware security is an increasingly relevant topic because more and more systems and products are equipped with embedded microcontrollers. One type of threat against hardware security is attacks against encryption implementations in embedded hardware. The purpose of such attacks might be to extract the secret encryption key used to encrypt secret information that is being processed in the hardware. One type of such an attack that has gained more attention lately is side-channel attacks using deep learning algorithms. These attacks exploit the information that leaks from a chip in the form of the power the chip is consuming during encryption. In order to execute a side-channel attack assisted by deep learning, large amounts of data are needed for the neural network to train on. The data typically consists of several hundreds of thousands of power traces that have been captured from the profiling device. When the network has finished training, only a few power traces are required from a similar device to extract the key byte that has been used during encryption. In this project, the 8-bit microcontroller ATtiny85 was used as the victim device. AES-ECB 128 was used as the encryption algorithm. The goal of the project was to test how differences between boards and ATtiny85 chips affect the performance of side-channel attacks with deep learning. In the experiments, six different boards were used, where three of them had identical designs, and three of the boards had different designs. The data gathering was performed by measuring power consumption with an oscilloscope connected to a PC. The results showed that the similarity between the boards that were used for profiling and the boards that were attacked was the most important aspect for the attack to succeed with as few power traces as possible. If the board that was attacked was represented as a part of the training dataset, improved attack performance could be observed. If the training used data from several identical boards, no obvious improvement in attack performance could be seen. The results also showed that there are noticeable differences between identical ATtiny85 chips. These differences were obvious because the best attacks were the ones where the attacked chip was part of the training data set. There are several directions for future work, including how feasible these attacks are in real life scenarios and how to create efficient countermeasures. / Hårdvarusäkerhet blir mer aktuellt allt eftersom fler och fler system och produkter utrustas med mikrokontrollers. En typ av hot mot hårdvarusäkerhet är attacker mot krypteringsimplementationer i inbyggd hårdvara. Sådana attacker kan ha som syfte att försöka ta fram den krypteringsnyckel som används för att kryptera hemlig information som hanteras i hårdvaran. En sådan typ av attack, som undersökts mycket under senare år, är sidokanalsattacker där djupinlärningsalgoritmer används. Dessa attacker utnyttjar den information som läcker från ett chip genom den ström som chippet förbrukar. För att kunna utföra en sidokanalsattack med hjälp av djupinlärning krävs stora mängder data för att träna det neurala nätverket som utgör djupinlärningen. Datan består vanligtvis av flera hundra tusen strömförbrukningsspår tagna från chippet som är tänkt att attackeras. Denna data märks upp med vilken nyckel och text som använts vid krypteringen, eftersom metoden som används är övervakad inlärning. När nätverket är färdigtränat krävs bara ett fåtal strömförbrukningsspår från ett liknande chip för att ta reda på vilken nyckel som används i krypteringen. I detta projekt användes ATtiny85, en 8-bitars mikrokontroller, som det utsatta chippet för attacken. 128 bitars AES-ECB användes som krypteringsalgoritm. Målet med projektet var att testa hur olikheter mellan olika kretskort och olika identiska ATtiny85-chip påverkar resultaten av sidokanalsattacker med djupinlärning. I testerna användes sex olika kretskort, där tre stycken var likadana varandra, och tre stycken var olika varandra. Datainsamlingen skedde genom att mäta strömförbrukningen med ett oscilloskop kopplat till en dator. Resultaten visade att likheten mellan de kretskort som användes för att samla in data och kretskortet som attackeras är den viktigaste faktorn för att attacken ska lyckas med hjälp av så få insamlade strömförbrukningsspår som möjligt. Om det kretskort som attackeras är representerat som en del av träningsdatamängden ses också förbättrade effekter i attackresultaten. Om träningen sker på flera identiska kretskort kunde ingen tydlig förbättring av attackerna observeras. Resultaten visade också att det finns skillnader mellan olika identiska ATtiny85-chip. Dessa skillnader visar sig i att en attack lyckas bäst om det attackerade chippet ingick i träningsdatamängden. Framtida studier kan bland annat undersöka hur effektiva dessa attacker är i en realistisk miljö samt om det är möjligt att skapa effektiva motåtgärder.
|
20 |
Identificação das teclas digitadas a partir da vibração mecânica. / Identification of pressed keys from mechanical vibrations.Faria, Gerson de Souza 28 November 2012 (has links)
Este trabalho descreve um ataque que detecta as teclas pressionadas em teclados mecânicos pela análise das vibrações geradas quando as mesmas são pressionadas. Dois equipamentos foram experimentados no ataque: um teclado genérico de automação comercial e um terminal de ponto de venda (POS / PIN-pad). Acelerômetros são utilizados como sensores de vibração. Propositalmente, o equipamento necessário para a execução do ataque é de baixíssimo custo, de modo a ressaltar o risco das vulnerabilidades encontradas. Obtivemos taxas de sucesso médio de 69% no reconhecimento das teclas pressionadas para o terminal PIN-pad em repouso e 75% para o mesmo sendo segurado na mão. No caso de teclado de automação comercial, as taxas médias de acerto ficaram em torno de 99%. / This work describes an attack that identifies the sequence of keystrokes analyzing mechanical vibrations generated by the act of pressing keys. We use accelerometers as vibration sensors. The apparatus necessary for this attack is inexpensive and can be unobtrusively embedded within the target equipment. We tested the proposed attack on an ATM keypad and a PIN-pad. We achieved the key recognition rates of 99% in ATM keypad, 69% in PIN-pad resting on a hard surface and 75% in PIN-pad hold in hand.
|
Page generated in 0.0549 seconds