• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 31
  • 10
  • 3
  • 2
  • 1
  • 1
  • Tagged with
  • 67
  • 67
  • 67
  • 22
  • 21
  • 21
  • 19
  • 18
  • 18
  • 17
  • 16
  • 13
  • 12
  • 12
  • 11
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
41

Detection of side-channel attacks targeting Intel SGX / Detektion av attacker mot Intel SGX

Lantz, David January 2021 (has links)
In recent years, trusted execution environments like Intel SGX have allowed developers to protect sensitive code inside so called enclaves. These enclaves protect its code and data even in the cases of a compromised OS. However, SGX enclaves have been shown to be vulnerable to numerous side-channel attacks. Therefore, there is a need to investigate ways that such attacks against enclaves can be detected. This thesis investigates the viability of using performance counters to detect an SGX-targeting side-channel attack, specifically the recent Load Value Injection (LVI) class of attacks. A case study is thus presented where performance counters and a threshold-based detection method is used to detect variants of the LVI attack. The results show that certain attack variants could be reliably detected using this approach without false positives for a range of benign applications. The results also demonstrate reasonable levels of speed and overhead for the detection tool. Some of the practical limitations of using performance counters, particularly in an SGX-context, are also brought up and discussed.
42

A Systematic Framework For Analyzing the Security and Privacy of Cellular Networks

Syed Rafiul Hussain (5929793) 16 January 2020 (has links)
<div>Cellular networks are an indispensable part of a nation's critical infrastructure. They not only support functionality that are critical for our society as a whole (e.g., business, public-safety message dissemination) but also positively impact us at a more personal level by enabling applications that often improve our quality of life (e.g., navigation). Due to deployment constraints and backward compatibility issues, the various cellular protocol versions were not designed and deployed with a strong security and privacy focus. Because of their ubiquitous presence for connecting billions of users and use for critical applications, cellular networks are, however, lucrative attack targets of motivated and resourceful adversaries. </div><div><br></div><div></div><div>In this dissertation, we investigate the security and privacy of 4G LTE and 5G protocol designs and deployments. More precisely, we systematically identify design weaknesses and implementation oversights affecting the critical operations of the networks, and also design countermeasures to mitigate the identified vulnerabilities and attacks. Towards this goal, we developed a systematic model-based testing framework called LTEInspector. LTEInspector can be used to not only identify protocol design weaknesses but also deployment oversights. LTEInspector leverages the combined reasoning capabilities of a symbolic model checker and a cryptographic protocol verifier by combining them in a lazy fashion. We instantiated \system with three critical procedures (i.e., attach, detach, and paging) of 4G LTE. Our analysis uncovered 10 new exploitable vulnerabilities along with 9 prior attacks of 4G LTE all of which have been verified in a real testbed. Since identifying all classes of attacks with a unique framework like \system is nearly impossible, we show that it is possible to identify sophisticated security and privacy attacks by devising techniques specifically tailored for a particular protocol and by leveraging the findings of LTEInspector. As a case study, we analyzed the paging protocol of 4G LTE and the current version of 5G, and observed that by leveraging the findings from LTEInspector and other side-channel information and by using a probabilistic reasoning technique it is possible to mount sophisticated privacy attacks that can expose a victim device's coarse-grained location information and sensitive identifiers when the adversary is equipped only with the victim's phone number or other soft-identity (e.g., social networking profile). An analysis of LTEInspector's findings shows that the absence of broadcast authentication enables an adversary to mount a wide plethora of security and privacy attacks. We thus develop an attack-agnostic generic countermeasure that provides broadcast authentication without violating any common-sense deployment constraints. Finally, we design a practical countermeasure for mitigating the side-channel attacks in the paging procedure without breaking the backward compatibility.</div>
43

BDD Based Synthesis Flow for Design of DPA Resistant Cryptographic Circuits

Chakkaravarthy, Manoj 19 April 2012 (has links)
No description available.
44

Secure and Efficient Implementations of Cryptographic Primitives

Guo, Xu 30 May 2012 (has links)
Nowadays pervasive computing opens up many new challenges. Personal and sensitive data and computations are distributed over a wide range of computing devices. This presents great challenges in cryptographic system designs: how to protect privacy, authentication, and integrity in this distributed and connected computing world, and how to satisfy the requirements of different platforms, ranging from resource constrained embedded devices to high-end servers. Moreover, once mathematically strong cryptographic algorithms are implemented in either software or hardware, they are known to be vulnerable to various implementation attacks. Although many countermeasures have been proposed, selecting and integrating a set of countermeasures thwarting multiple attacks into a single design is far from trivial. Security, performance and cost need to be considered together. The research presented in this dissertation deals with the secure and efficient implementation of cryptographic primitives. We focus on how to integrate cryptographic coprocessors in an efficient and secure way. The outcome of this research leads to four contributions to hardware security research. First, we propose a programmable and parallel Elliptic Curve Cryptography (ECC) coprocessor architecture. We use a systematic way of analyzing the impact of System-on-Chip (SoC) integration to the cryptographic coprocessor performance and optimize the hardware/software codesign of cryptographic coprocessors. Second, we provide a hardware evaluation methodology to the NIST SHA-3 standardization process. Our research efforts cover both of the SHA-3 fourteen Second Round candidates and five Third Round finalists. We design the first SHA-3 benchmark chip and discuss the technology impact to the SHA-3 hardware evaluation process. Third, we discuss two technology dependent issues in the fair comparison of cryptographic hardware. We provide a systematic approach to do a cross-platform comparison between SHA-3 FPGA and ASIC benchmarking results and propose a methodology for lightweight hash designs. Finally, we provide guidelines to select implementation attack countermeasures in ECC cryptosystem designs. We discuss how to integrate a set of countermeasures to resist a collection of side-channel analysis (SCA) attacks and fault attacks. The first part of the dissertation discusses how system integration can affect the efficiency of the cryptographic primitives. We focus on the SoC integration of cryptographic coprocessors and analyze the system profile in a co-simulation environment and then on an actual FPGA-based SoC platform. We use this system-level design flow to analyze the SoC integration issues of two block ciphers: the existing Advanced Encryption Standard (AES) and a newly proposed lightweight cipher PRESENT. Next, we use hardware/software codesign techniques to design a programmable ECC coprocessor architecture which is highly flexible and scalable for system integration into a SoC architecture. The second part of the dissertation describes our efforts in designing a hardware evaluation methodology applied to the NIST SHA-3 standardization process. Our Application Specific Integrated Circuit (ASIC) implementation results of five SHA-3 finalists are the first ASIC real measurement results reported in the literature. As a contribution to the NIST SHA-3 competition, we provide timely ASIC implementation cost and performance results of the five SHA-3 finalists in the SHA-3 standard final round evaluation process. We define a consistent and comprehensive hardware evaluation methodology to the NIST SHA-3 standardization process from Field Programmable Gate Array (FPGA) prototyping to ASIC implementation. The third part of the dissertation extends the discussion on hardware benchmarking of NIST SHA-3 candidates by analyzing the impact of technology to the fair comparison of cryptographic hardware. First, a cross-platform comparison between the FPGA and ASIC results of SHA-3 designs demonstrates the gap between two sets of benchmarking results. We describe a systematic approach to analyze a SHA-3 hardware benchmark process for both FPGAs and ASICs. Next, by observing the interaction of hash algorithm design, architecture design, and technology mapping, we propose a methodology for lightweight hash implementation and apply it to CubeHash optimizations. Our ultra-lightweight design of the CubeHash algorithm represents the smallest ASIC implementation of this algorithm reported in the literature. Then, we introduced a cost model for analyzing the hardware cost of lightweight hash implementations. The fourth part of the dissertation discusses SCA attacks and fault attacks resistant cryptosystem designs. We complete a comprehensive survey of state-of-the-art of secure ECC implementations and propose a methodology on selecting countermeasures to thwart multiple side-channel attacks and fault attacks. We focus on a systematic way of organizing and understanding known attacks and countermeasures. / Ph. D.
45

Analyse Sécuritaire des Émanations Électromagnétiques des Circuits Intégrés / Security Analysis of Integrated Circuit radiation

Dehbaoui, Amine 18 January 2011 (has links)
Le développement de la société de l'information et de la monnaie virtuelle, a soulevé de nouveaux problèmes aux communautés de la sécurité et du circuit intégré, faisant devenir la cryptologie un outil incontournable permettant de répondre aux exigences sécuritaires telles que l'identification, l'authentification ou la confidentialité. L'intégration des primitives cryptographiques dans différents dispositifs électroniques est largement répandue aujourd'hui dans le domaine des communications, des services financiers, des services gouvernementaux ou de la PayTV. Au premier rang de ces dispositifs, figure la carte à puce. D'après un rapport publié en août 2010, IMS Research prévoit que le marché de la carte à puce atteindra les 5.8 milliards d'unités vendues en fin d'année. La grande majorité est utilisée dans les télécommunications (carte SIM) et les services bancaires. La carte à puce incorpore un circuit intégré qui peut être, soit un processeur dédié aux calculs cryptographiques, soit seulement de la mémoire non-volatile ou les deux. Ces circuits intégrés manipulent et contiennent donc des secrets comme les clefs secrètes ou privées utilisées par les algorithmes de cryptographie symétriques ou asymétriques. Ces clefs doivent donc, rester absolument confidentielles et intègres afin de garantir la chaîne de sécurité. Par conséquent la robustesse des cartes à puces aux attaques cryptographiques est cruciale. En effet, les attaques sur les circuits intégrés sont aujourd'hui très performantes. Elles peuvent être classées selon trois grandes familles : invasives, semi-invasives et non-invasives. 1- Les attaques invasives sont des attaques menées en général par des experts et requièrent du matériel spécifique. 2- Les attaques semi-invasives, famille d'attaques récemment introduite par l'équipe de Ross Anderson, dont le principe est de décapsuler le package contenant le circuit, afin de se positionner le plus proche possible de la surface, sans pour autant en détériorer les fonctionnalités. 3- Les attaques non-invasives ne nécessitent aucune préparation préalable du dispositif soumis aux attaques. Elles consistent à espionner les phénomènes physiques engendrés par la manipulation des données et notamment les clefs secrètes. Les attaques non-invasives peuvent être considérées comme les plus dangereuses, dans la mesure où ce type d'attaque peut être réalisé sans contact avec le circuit. En effet, pendant l'utilisation d'appareils électroniques, les circuits qui les composent sont soumis à des variations de courant et de tension. Ces variations génèrent des ondes électromagnétiques qui se propagent dans le voisinage du circuit. Ces émanations présentent une corrélation avec des informations censées être stockées dans la puce de façon sécurisée (exemple: la clef secrète d'une carte bancaire utilisée pour l'authentification). Plusieurs attaques dites par canaux auxiliaires, et basées sur ces fuites électromagnétiques ont été publiées par la communauté scientifique ces dernières années. Cette thèse a pour objectifs: (a) comprendre les différentes sources des émanations électromagnétiques des circuits intégrés, et de proposer un flot d'attaque électromagnétique localisée et en champ proche afin de tester la robustesse d'un circuit cryptographique contre les attaques et analyses utilisant le canal électromagnétique, et (b) proposer des contre-mesures afin de contrecarrer ces attaques par analyse de champ électromagnétique. Afin d'atteindre ces objectifs, nous présentons, dans un premier temps, une technique efficace nommée WGMSI (Weighted Global Magnitude Squared Incoherence) pour localiser les positions, au-dessus du circuit cryptographique, qui génèrent les émanations électromagnétiques les plus dépendantes des données secrètes. Dans un deuxième temps la WGMSI est utilisée aussi pour améliorer la stabilité et la convergence des différentes attaques électromagnétiques proposées dans la littérature. La suite de la thèse décrit les différentes contre-mesures aux attaques par canaux auxiliaires. En effet, face à ces techniques d'attaques évoluées, il est primordial, de rendre les fonctions cryptographiques implantées dans les circuits intégrés pour la sécurité (confidentialité, authentification, intégrité ... ), inattaquables en un temps raisonnable et ceci même en manipulant des sous-clefs dans des chiffrements par blocs. Pour cela, on se focalisera principalement aux contre-mesures basées sur des logiques différentielles et dynamiques. Ces contre-mesures sont dites par conception, puisqu'elles se situent au niveau des portes logiques qui sont considérées comme les éléments de base pour la conception d'un circuit intégré. Ceci permet une certaine indépendance des algorithmes cryptographiques vis à vis de l'architecture ou de la technologie considérées. Parmi les différentes logiques différentielles et dynamiques, on s'intéressera plus spécifiquement à la logique STTL (Secure Triple Track logic) qui peut être considérée comme une amélioration de la logique double rail, dans la mesure où un troisième rail est ajouté afin de contrecarrer la faiblesse principale de la logique double rail, à savoir l'évaluation anticipée. Enfin, nous présenterons un flot d'implémentation sur FPGA de la logique STTL prouvée robuste aux attaques par analyse de courant, et nous implémenterons un prototype de DES STTL afin de tester sa robustesse aux attaques électromagnétiques localisées en champ proche. / The integration of cryptographic primitives in different electronic devices is widely used today incommunications, financial services, government services or PayTV.Foremost among these devices include the smart card. According to a report published in August 2010, IMS Research forecasts that the smart card market will reach 5.8 billion units sold in this year. The vast majority is used in telecommunications (SIM) and banking.The smart card incorporates an integrated circuit which can be a dedicated processor for cryptographic calculations. Therefore, these integrated circuits contain secrets such as secret or private keys used by the symmetric or asymmetric cryptographic algorithms. These keys must remain absolutely confidential to ensure the safety chain.Therefore the robustness of smart cards against attacks is crucial. These attacks can be classifiedinto three main categories: invasive, semi-invasive and non-invasive.Non-invasive attacks can be considered the most dangerous, since this kind of attack can be achieved without any contact with the circuit.Indeed, while using electronic circuits that compose them are subjected to variations in current and voltage. These variations generate an electromagnetic radiation propagating in the vicinity of the circuit.These radiations are correlated with secret information (eg a secret key used for authentication). Several attacks based on these leakages were published by the scientific community.This thesis aims to: (a) understand the different sources of electromagnetic emanations of integrated circuits, and propose a localized near field attack to test the robustness of a cryptographic circuit and (b) propose counter-measures to these attacks.
46

Étude des techniques d'analyse de défaillance et de leur utilisation dans le cadre de l’évaluation de la sécurité des composants de traitement de l’information / Considering ways of failure analysis and their use in the security evaluation of the information processing circuits

Di Battista, Jérôme 11 April 2011 (has links)
Les travaux présentés concernent l'exploration des techniques de localisation utilisées en analyse de défaillance dans le but de les appliquer au domaine de la sécurité numérique des circuits et systèmes intégrés. Ces travaux contribuent, d'une part à étendre le champ d'application des techniques d'analyses de vulnérabilités, et d'autre part à apporter des éléments de réponses sur la faiblesse des implémentations cryptographiques sur circuits de type FPGA. Cette thèse s'inscrit donc dans une démarche à la fois de prévention mais aussi de veille technologique en matière d'attaque en apportant un complément d'information sur la faiblesse des implémentations matérielles de systèmes sécurisés. Dans le cadre de l'évaluation des composants de traitement de l'information par les laboratoires agréés (CESTI), l'analyse de vulnérabilité, et plus spécifiquement la cryptanalyse matérielle, a pour but d'éprouver la sécurité des systèmes d'information (composants cryptographiques, carte bancaire, systèmes de cryptage, etc..) dans le but de tester leur résistance face aux attaques connues. En parallèle, dans le cadre de l'analyse de défaillance des circuits utilisés dans le domaine spatial, la localisation de défauts consiste à collecter et analyser les données d'un circuit défaillant afin d'identifier la source du défaut à l'aide de puissants outils. La combinaison de ces deux activités nous a permis dans un premier temps, d'exploiter la lumière émise par un circuit comme un signal de fuite de type « side-channel » par le biais d'une méthode d'attaque semi-invasive par canal auxiliaire, Differential Light Emission Analysis (DLEA). Cette attaque, basée sur un traitement statistique des courbes d'émission de lumière, a permis d'extraire les sous-clés utilisées par un algorithme DES implanté sur circuit FPGA. Dans un second temps, nous avons proposé une seconde technique basée sur la stimulation laser consistant à exploiter l'effet photoélectrique afin d'améliorer les attaques par canaux auxiliaires « classiques ». Pour cela, une attaque DPA améliorée par stimulation laser a été mise en place. Ainsi nous avons démontré que le balayage du faisceau laser sur certains éléments du cryptosystème (algorithme DES implanté sur FPGA) augmente sa signature DPA permettant ainsi de diminuer sensiblement le nombre de courbes de consommation nécessaires pour extraire les sous-clés utilisées par l'algorithme. / The purpose of failure analysis is to locate the source of a defect in order to characterize it, using different techniques (laser stimulation, light emission, electromagnetic emission...). Moreover, the aim of vulnerability analysis, and particularly side-channel analysis, is to observe and collect various leakages information of an integrated circuit (power consumption, electromagnetic emission ...) in order to extract sensitive data. Although these two activities appear to be distincted, they have in common the observation and extraction of information about a circuit behavior. The purpose of this thesis is to explain how and why these activities should be combined. Firstly it is shown that the leakage due to the light emitted during normal operation of a CMOS circuit can be used to set up an attack based on the DPA/DEMA technique. Then a second method based on laser stimulation is presented, improving the “traditional” attacks by injecting a photocurrent, which results in a punctual increase of the power consumption of a circuit. These techniques are demonstrated on an FPGA device.
47

Contributions à la sécurité des circuits intégrés face aux attaques par canaux auxiliaires / Contributions to the security of integrated circuits against side-channel attacks

Vaquié, Bruno 18 December 2012 (has links)
Les attaques par canaux cachés telles que les attaques par analyse de la consommation sont une menace pour la sécurité des circuits intégrés. Elles exploitent les fuites physiques émises par les circuits lors des calculs cryptographiques pour récupérer les informations secrètes qu'ils contiennent. De nombreuses contremesures, notamment matérielles, ont donc été proposées par la communauté dans le but de protéger les crypto-systèmes contre ce type d'attaques. Malgré leur efficacité, leur inconvénient majeur est leur surcoût important en surface, vitesse et consommation. Cette thèse a pour objectif de proposer des contremesures avec un faible coût au niveau matériel visant à réduire ces fuites et offrant un bon compromis entre sécurité et surcoûts. Pour cela, nous identifions tout d'abord les principales sources de fuites d'un crypto-système intégrant une architecture matérielle itérative d'un algorithme symétrique. Puis nous proposons plusieurs contremesures, à faible coût matériel, qui visent à réduire ces fuites. Enfin, nous évaluerons la robustesse de nos solutions face aux attaques par canaux cachés. / Side channel attacks such as power analysis attacks are a threat to the security of integrated circuits.They exploit the physical leakage of circuits during the cryptographic computations to retrieve the secret informations they contain. Many countermeasures, including hardware, have been proposed by the community in order to protect cryptosystems against such attacks. Despite their effectiveness, their major drawback is their significant additional cost in area, speed and consumption. This thesis aims at proposing low cost countermeasures able to reduce the leaks and offering a good compromise between security and costs. First we identify the main sources of leakage of a cryptographic system that integrates an iterative hardware architecture of a symetric algorithm. Then we propose several low cost countermeasures, which aim at reducing this leakage. Finally, we evaluate the robustness of our solutions against side channel attacks.
48

Increasing the Robustness of Point Operations in Co-Z Arithmetic against Side-Channel Attacks

Almohaimeed, Ziyad Mohammed 08 August 2013 (has links)
Elliptic curve cryptography (ECC) has played a significant role on secure devices since it was introduced by Koblitz and Miller more than three decades ago. The great demand for ECC is created by its shorter key length while it provides an equivalent security level in comparison to previously introduced public-key cryptosystems (e.g.RSA). From an implementation point of view a shorter key length means a higher processing speed, smaller power consumption, and silicon area requirement. Scalar multiplication is the main operation in Elliptic Curve Diffie-Hellman (ECDH), which is a key-agreement protocol using ECC. As shown in the prior literature, this operation is both vulnerable to Power Analysis attack and requires a large amount of time. Therefore, a lot of research has focused on enhancing the performance and security of scalar multiplication. In this work, we describe three schemes to counter power analysis cryptographic attacks. The first scheme provides improved security at the expense of a very small cost of additional hardware overhead; its basic idea is to randomize independent field operations in order to have multiple power consumption traces for each point operation. In the second scheme, we introduce an atomic block that consists of addition, multiplication and addition [A-M-A]. This technique provides a very good scalar multiplication protection but with increased computation cost. The third scheme provides both security and speed by adopting the second tech- nique and enhancing the instruction-level parallelism at the atomic level. As a result, the last scheme also provides a reduction in computing time. With these schemes the users can optimize the trade-off between speed, cost, and security level according to their needs and resources. / Graduate / 0544 / 0984 / z.mohaimeed@gmail.com
49

Exploiting On-Chip Voltage Regulators as a Countermeasure Against Power Analysis Attacks

Yu, Weize 24 May 2017 (has links)
Non-invasive side-channel attacks (SCA) are powerful attacks which can be used to obtain the secret key in a cryptographic circuit in feasible time without the need for expensive measurement equipment. Power analysis attacks (PAA) are a type of SCA that exploit the correlation between the leaked power consumption information and processed/stored data. Differential power analysis (DPA) and leakage power analysis (LPA) attacks are two types of PAA that exploit different characteristics of the side-channel leakage profile. DPA attacks exploit the correlation between the input data and dynamic power consumption of cryptographic circuits. Alternatively, LPA attacks utilize the correlation between the input data and leakage power dissipation of cryptographic circuits. There is a growing trend to integrate voltage regulators fully on-chip in modern integrated circuits (ICs) to reduce the power noise, improve transient response time, and increase power efficiency. Therefore, when on-chip voltage regulation is utilized as a countermeasure against power analysis attacks, the overhead is low. However, a one-to-one relationship exists between the input power and load power when a conventional on-chip voltage regulator is utilized. In order to break the one-to-one relationship between the input power and load power, two methodologies can be considered: (a) selecting multi-phase on-chip voltage regulator and using pseudo-random number generator (PRNG) to scramble the activation or deactivation pattern of the multi-phase voltage regulator in the input power profile, (b) enabling random voltage/scaling on conventional on-chip voltage regulators to insert uncertainties to the load power profile. In this dissertation, on-chip voltage regulators are utilized as lightweight countermeasures against power analysis attacks. Converter-reshuffling (CoRe) technique is proposed as a countermeasure against DPA attacks by using a PRNG to scramble the input power profile. The time-delayed CoRe technique is designed to eliminate machine learning-based DPA attacks through inserting a certain time delay. The charge-withheld CoRe technique is proposed to enhance the entropy of the input power profile against DPA attacks with two PRNGs. The security-adaptive (SA) voltage converter is designed to sense LPA attacks and activate countermeasure with low overhead. Additionally, three conventional on-chip voltage regulators: low-dropout (LDO) regulator, buck converter, and switched-capacitor converter are combined with three different kinds of voltage/frequency scaling techniques: random dynamic voltage and frequency scaling (RDVFS), random dynamic voltage scaling (RDVS), and aggressive voltage and frequency scaling (AVFS), respectively, against both DPA and LPA attacks.
50

Klasifikátory proudových otisků / Classifiers of power patterns

Zapletal, Ondřej January 2014 (has links)
Over the last several years side-channel analysis has emerged as a major threat to securing sensitive information in cryptographic devices. Several side-channels have been discovered and used to break implementations of all major cryptographic algorithms (AES, DES, RSA). This thesis is focused on power analysis attacks. A variety of power analysis methods has been developed to perform these attacks. These methods include simple power analysis (SPA), differential power analysis (DPA), template attacks, etc. This work provides comprehensive survey of mentioned methods and also investigates the application of a machine learning techniques in power analysis. The considered learning techniques are neural networks and support vector machines. The final part of this thesis is dedicated to implemenation of the attack against protected software AES implementation which is used in the DPA Contest.

Page generated in 0.0633 seconds