Pub Date : 2023-05-01DOI: 10.1109/HOST55118.2023.10132930
Tommy White, Charles Gouert, Chengmo Yang, N. G. Tsoutsos
Fully homomorphic encryption (FHE) allows a user to outsource computation-intensive tasks to a cloud server witheut providing plaintext values or decryption heys to the server. A major drawback of these encrypted operations, however, is that they can be orders of magnitude slower than their plalintext counterparts. Moreover, because each ciphertext can only tolerate a llmited number of operatlons before the accumulated nole renders decryption impossible, an operation known as bootsirapping is needed to reduce such nolse and allow for unilimited computations. Notably, bootstrapping is signincantly slower than encrypted arithmetic operatlons, thus becoming a main performance bottleneck while evaluating FHE programs So far, the allocatlon and scheduling of bootstrapping operations has not been well Investigated, In part due to the complexity of the probkem and the difinculty in finding an optimal solution. To bridge thls gap, in thls work we formulate the bootstrapping scheduling problem and develop two Integer Programming (IP) modek. The first minimlies the number of bootstrapplng operations in an FHE program, while the second optimines the evecution time of the FHE program. We further develop two heurlstics for mapplng a target FHE program to a multi. core system in polynomial time. Our evaluation with a reallstic benchmark shows that our heuristic provides a 1.86x speedup compared to the baselline method.
{"title":"FHE-Booster: Accelerating Fully Homomorphic Execution with Fine-tuned Bootstrapping Scheduling","authors":"Tommy White, Charles Gouert, Chengmo Yang, N. G. Tsoutsos","doi":"10.1109/HOST55118.2023.10132930","DOIUrl":"https://doi.org/10.1109/HOST55118.2023.10132930","url":null,"abstract":"Fully homomorphic encryption (FHE) allows a user to outsource computation-intensive tasks to a cloud server witheut providing plaintext values or decryption heys to the server. A major drawback of these encrypted operations, however, is that they can be orders of magnitude slower than their plalintext counterparts. Moreover, because each ciphertext can only tolerate a llmited number of operatlons before the accumulated nole renders decryption impossible, an operation known as bootsirapping is needed to reduce such nolse and allow for unilimited computations. Notably, bootstrapping is signincantly slower than encrypted arithmetic operatlons, thus becoming a main performance bottleneck while evaluating FHE programs So far, the allocatlon and scheduling of bootstrapping operations has not been well Investigated, In part due to the complexity of the probkem and the difinculty in finding an optimal solution. To bridge thls gap, in thls work we formulate the bootstrapping scheduling problem and develop two Integer Programming (IP) modek. The first minimlies the number of bootstrapplng operations in an FHE program, while the second optimines the evecution time of the FHE program. We further develop two heurlstics for mapplng a target FHE program to a multi. core system in polynomial time. Our evaluation with a reallstic benchmark shows that our heuristic provides a 1.86x speedup compared to the baselline method.","PeriodicalId":128125,"journal":{"name":"2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"15 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"117058240","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-05-01DOI: 10.1109/HOST55118.2023.10133158
Anomadarshi Barua, M. A. Faruque
Voltage and current magnetic sensors (VCMSs) are pervasive in safety-critical systems. They use a magnetic field as a transduction medium to sense the input signal. Therefore, if an attacker manipulates the magnetic transduction medium of this sensor by using an intentional EMI or external magnetic fields, no amount of security mechanism after the fact can help. Fortunately, our work provides a defense against this form of physical attack.The core idea of our defense is to shift the frequency spectrum of the magnetic field, which is used as the transduction medium of the sensor, to another spectrum unknown to an attacker. In addition, the frequency spectrum which carries the magnetic field in the transduction medium, is varied in a pseudo-random fashion so that the attacker will not be able to track it to inject any EMI into it. Even a sweeping attacker, who can vary the EMI’s frequency, cannot bypass our defense because of the check and select approach of our defense. As the magnetic field’s spectrum in the transduction medium of the sensor hops in a different spectrum, the defense is named as Magnetic Spectrum Hopping (MagHop). While prior works fail to prevent an EMI, which has the same frequency as the input signal, MagHop is equipped to handle this limitation of the prior works. Moreover, a low-power, real-time coherent prototype of MagHop is designed that is evaluated with a realworld application: a grid-tied inverter. Finally, we thoroughly evaluate MagHop on ten different sensors from six different manufacturers to prove its robustness against the EMI or external magnetic field injection attack on VCMSs.
{"title":"MagHop: Magnetic Spectrum Hopping for Securing Voltage and Current Magnetic Sensors","authors":"Anomadarshi Barua, M. A. Faruque","doi":"10.1109/HOST55118.2023.10133158","DOIUrl":"https://doi.org/10.1109/HOST55118.2023.10133158","url":null,"abstract":"Voltage and current magnetic sensors (VCMSs) are pervasive in safety-critical systems. They use a magnetic field as a transduction medium to sense the input signal. Therefore, if an attacker manipulates the magnetic transduction medium of this sensor by using an intentional EMI or external magnetic fields, no amount of security mechanism after the fact can help. Fortunately, our work provides a defense against this form of physical attack.The core idea of our defense is to shift the frequency spectrum of the magnetic field, which is used as the transduction medium of the sensor, to another spectrum unknown to an attacker. In addition, the frequency spectrum which carries the magnetic field in the transduction medium, is varied in a pseudo-random fashion so that the attacker will not be able to track it to inject any EMI into it. Even a sweeping attacker, who can vary the EMI’s frequency, cannot bypass our defense because of the check and select approach of our defense. As the magnetic field’s spectrum in the transduction medium of the sensor hops in a different spectrum, the defense is named as Magnetic Spectrum Hopping (MagHop). While prior works fail to prevent an EMI, which has the same frequency as the input signal, MagHop is equipped to handle this limitation of the prior works. Moreover, a low-power, real-time coherent prototype of MagHop is designed that is evaluated with a realworld application: a grid-tied inverter. Finally, we thoroughly evaluate MagHop on ten different sensors from six different manufacturers to prove its robustness against the EMI or external magnetic field injection attack on VCMSs.","PeriodicalId":128125,"journal":{"name":"2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"5 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134035025","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-05-01DOI: 10.1109/HOST55118.2023.10132919
Minyan Gao, Domenic Forte
Over the past several decades, the rate of innovation and performance enhancement in integrated circuits (ICs) is mind-boggling, making them ubiquitous in a wide spectrum of critical applications ranging from military infrastructure to personal healthcare. Lately, however, physical security has become a prime concern given the valuable assets that ICs process and store. Out of all invasive attack vectors, micro-probing attacks emerge as one of the most threatening because they utilize advanced focused ion beam (FIB) systems for post-silicon secret eavesdropping and circuit editing at a negligible footprint. As an evolved variant of micro-probing attacks, reroute attacks can effectively abolish built-in shielding countermeasures to access the security-sensitive signals underneath. To mitigate and tackle such challenges, we propose a layout-level framework called Detour to automatically evaluate the exploitable vulnerabilities. Specifically, we utilize a linear programming-based scheme to determine the layout-aware added traces length of reroute attempts given target assets. Experimental results show that all of the shielded designs act better than the non-shielded structures against reroute attack, and that the orthogonal two-layer shield structure has better performance than the parallel two-layer shield structure. In addition, we also consider both the independent and dependent scenarios based on whether circuit edit locations are allowed to interfere with each other or not. Our results show that a near 50% increase in attack cost can occur when utilizing our more realistic dependent estimation method.
{"title":"Detour: Layout-aware Reroute Attack Vulnerability Assessment and Analysis","authors":"Minyan Gao, Domenic Forte","doi":"10.1109/HOST55118.2023.10132919","DOIUrl":"https://doi.org/10.1109/HOST55118.2023.10132919","url":null,"abstract":"Over the past several decades, the rate of innovation and performance enhancement in integrated circuits (ICs) is mind-boggling, making them ubiquitous in a wide spectrum of critical applications ranging from military infrastructure to personal healthcare. Lately, however, physical security has become a prime concern given the valuable assets that ICs process and store. Out of all invasive attack vectors, micro-probing attacks emerge as one of the most threatening because they utilize advanced focused ion beam (FIB) systems for post-silicon secret eavesdropping and circuit editing at a negligible footprint. As an evolved variant of micro-probing attacks, reroute attacks can effectively abolish built-in shielding countermeasures to access the security-sensitive signals underneath. To mitigate and tackle such challenges, we propose a layout-level framework called Detour to automatically evaluate the exploitable vulnerabilities. Specifically, we utilize a linear programming-based scheme to determine the layout-aware added traces length of reroute attempts given target assets. Experimental results show that all of the shielded designs act better than the non-shielded structures against reroute attack, and that the orthogonal two-layer shield structure has better performance than the parallel two-layer shield structure. In addition, we also consider both the independent and dependent scenarios based on whether circuit edit locations are allowed to interfere with each other or not. Our results show that a near 50% increase in attack cost can occur when utilizing our more realistic dependent estimation method.","PeriodicalId":128125,"journal":{"name":"2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"89 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127056117","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-05-01DOI: 10.1109/HOST55118.2023.10133713
N. Holtryd, M. Manivannan, P. Stenström
Dynamically partitioned last-level caches enhance performance while also introducing security vulnerabilities. We show how cache allocation policies can act as a side-channel and be exploited to launch attacks and obtain sensitive information. Our analysis reveals that information leaks due to predictable changes in cache allocation for the victim, that is caused and/or observed by the adversary, leads to exploits We propose SCALE, a secure cache allocation policy and enforcement mechanism, to protect the cache against timing-based side-channel attacks. SCALE uses randomness, in a novel way, to enable dynamic and scalable partitioning while protecting against cache allocation policy side-channel attacks Non-determinism is introduced into the allocation policy decisions by adding noise, which prevents the adversary from observing predictable changes in allocation and thereby infer secrets. We leverage differential privacy (DP), and show that SCALE can provide quantifiable and information theoretic security guarantees. SCALE outperforms state-of-the-art secure cache solutions, on a 16-core tiled chip multi-processor (CMP) with multi-programmed workloads, and improves performance up to 39%and by 14%, on average.
{"title":"SCALE: Secure and Scalable Cache Partitioning","authors":"N. Holtryd, M. Manivannan, P. Stenström","doi":"10.1109/HOST55118.2023.10133713","DOIUrl":"https://doi.org/10.1109/HOST55118.2023.10133713","url":null,"abstract":"Dynamically partitioned last-level caches enhance performance while also introducing security vulnerabilities. We show how cache allocation policies can act as a side-channel and be exploited to launch attacks and obtain sensitive information. Our analysis reveals that information leaks due to predictable changes in cache allocation for the victim, that is caused and/or observed by the adversary, leads to exploits We propose SCALE, a secure cache allocation policy and enforcement mechanism, to protect the cache against timing-based side-channel attacks. SCALE uses randomness, in a novel way, to enable dynamic and scalable partitioning while protecting against cache allocation policy side-channel attacks Non-determinism is introduced into the allocation policy decisions by adding noise, which prevents the adversary from observing predictable changes in allocation and thereby infer secrets. We leverage differential privacy (DP), and show that SCALE can provide quantifiable and information theoretic security guarantees. SCALE outperforms state-of-the-art secure cache solutions, on a 16-core tiled chip multi-processor (CMP) with multi-programmed workloads, and improves performance up to 39%and by 14%, on average.","PeriodicalId":128125,"journal":{"name":"2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"130854605","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-05-01DOI: 10.1109/HOST55118.2023.10132957
Adeen Ayub, Nauman Zubair, Hyunguk Yoo, Wooyeon Jo, Irfan Ahmed
In industrial control systems (ICS), programmable logic controllers (PLCs) directly control and monitor physical processes in real-time such as nuclear plants, and power grid stations. Adversaries typically transfer malicious control logic to PLCs over the network to sabotage a physical process. These control logic attacks are well-understood containing machine instructions in network packets and are likely to be detected by network intrusion detection systems (IDS). On the other hand, return-oriented programming (ROP) reuses blocks (or gadgets) of existing code in computer memory to create and execute malicious code. It limits or eliminates the need to transfer machine instructions over the network, making it stealthier. Currently, ROP attacks on control logic has never been discussed in the literature to explore it as a practical ICS attack. This paper is the first attempt in this direction to explore challenges for a successful ROP attack on real-world PLCs, including maintaining a continuous (control logic) scan cycle through ROP gadgets, no user input (to cause a buffer overflow) to overwrite the stack for gadget installation, and limited ROP gadgets in a PLC memory to find blocks of instructions equivalent to the high-level constructs of PLC programming languages (such as instruction list, and ladder logic). We identify and utilize typical PLC design features (that we find exploitable) to overcome these challenges, which makes ROP attacks applicable to most PLCs e.g., no stack protection, and remote access to certain PLC memory regions via ICS protocols. We demonstrate two successful ROP attacks on the control logic programs of three fully-functional physical processes, i.e., a belt conveyor system, a four-floor elevator, and a compact traffic light system. The first ROP attack manipulates a PLC’s current control logic and has two variants involving either a single or multiple gadgets; the second ROP attack constructs a control logic from scratch using gadgets in a PLC’s memory. Our evaluation results show that the attacks can be performed using a set of small-sized gadgets with no significant effect on a PLC’s scan time.
{"title":"Gadgets of Gadgets in Industrial Control Systems: Return Oriented Programming Attacks on PLCs","authors":"Adeen Ayub, Nauman Zubair, Hyunguk Yoo, Wooyeon Jo, Irfan Ahmed","doi":"10.1109/HOST55118.2023.10132957","DOIUrl":"https://doi.org/10.1109/HOST55118.2023.10132957","url":null,"abstract":"In industrial control systems (ICS), programmable logic controllers (PLCs) directly control and monitor physical processes in real-time such as nuclear plants, and power grid stations. Adversaries typically transfer malicious control logic to PLCs over the network to sabotage a physical process. These control logic attacks are well-understood containing machine instructions in network packets and are likely to be detected by network intrusion detection systems (IDS). On the other hand, return-oriented programming (ROP) reuses blocks (or gadgets) of existing code in computer memory to create and execute malicious code. It limits or eliminates the need to transfer machine instructions over the network, making it stealthier. Currently, ROP attacks on control logic has never been discussed in the literature to explore it as a practical ICS attack. This paper is the first attempt in this direction to explore challenges for a successful ROP attack on real-world PLCs, including maintaining a continuous (control logic) scan cycle through ROP gadgets, no user input (to cause a buffer overflow) to overwrite the stack for gadget installation, and limited ROP gadgets in a PLC memory to find blocks of instructions equivalent to the high-level constructs of PLC programming languages (such as instruction list, and ladder logic). We identify and utilize typical PLC design features (that we find exploitable) to overcome these challenges, which makes ROP attacks applicable to most PLCs e.g., no stack protection, and remote access to certain PLC memory regions via ICS protocols. We demonstrate two successful ROP attacks on the control logic programs of three fully-functional physical processes, i.e., a belt conveyor system, a four-floor elevator, and a compact traffic light system. The first ROP attack manipulates a PLC’s current control logic and has two variants involving either a single or multiple gadgets; the second ROP attack constructs a control logic from scratch using gadgets in a PLC’s memory. Our evaluation results show that the attacks can be performed using a set of small-sized gadgets with no significant effect on a PLC’s scan time.","PeriodicalId":128125,"journal":{"name":"2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"61 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122539702","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-05-01DOI: 10.1109/HOST55118.2023.10133318
Md. Sadik Awal, Md. Tauhidur Rahman
Recent attacks on embedded devices emphasize the pressing need for a solution to protect against malware and maintain software privacy. Although there are several anomaly detection mechanisms, side-channel signals have emerged as being very effective since they can monitor malicious activities or the secure execution of programs without disrupting the system under observation. Existing side-channel-based instruction monitors investigate a device’s power traces and electromagnetic leaks. However, they have several limitations, including device modifications and complex deployment requirements. In this paper, we explore the prospect of impedance side-channel for disassembling software instruction types offline. Our implementation results from the ATmega328P micro-controller demonstrate that we can use the impedance side-channel to disassemble software instruction types, which can be used for anomaly monitoring, software integrity verification, virus detection, and even counterfeit devices, with a very low false-positive rate (0.40%) and high detection accuracy (98.6%).
{"title":"Disassembling Software Instruction Types through Impedance Side-channel Analysis","authors":"Md. Sadik Awal, Md. Tauhidur Rahman","doi":"10.1109/HOST55118.2023.10133318","DOIUrl":"https://doi.org/10.1109/HOST55118.2023.10133318","url":null,"abstract":"Recent attacks on embedded devices emphasize the pressing need for a solution to protect against malware and maintain software privacy. Although there are several anomaly detection mechanisms, side-channel signals have emerged as being very effective since they can monitor malicious activities or the secure execution of programs without disrupting the system under observation. Existing side-channel-based instruction monitors investigate a device’s power traces and electromagnetic leaks. However, they have several limitations, including device modifications and complex deployment requirements. In this paper, we explore the prospect of impedance side-channel for disassembling software instruction types offline. Our implementation results from the ATmega328P micro-controller demonstrate that we can use the impedance side-channel to disassemble software instruction types, which can be used for anomaly monitoring, software integrity verification, virus detection, and even counterfeit devices, with a very low false-positive rate (0.40%) and high detection accuracy (98.6%).","PeriodicalId":128125,"journal":{"name":"2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"13 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115404352","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-05-01DOI: 10.1109/HOST55118.2023.10133696
Devanshi Upadhyaya, Mael Gay, I. Polian
Hardware implementations of cryptographic primitives require protection against physical attacks and supplychain threats at the same time. This raises the question of secure composability of different attack countermeasures, i.e., whether protecting a circuit against one threat can make it more vulnerable against a different threat. In this paper, we study the consequences of applying logic locking, a popular design-for-trust solution against intellectual property piracy and overproduction, to cryptographic circuits. We show that the ability to unlock the circuit incorrectly gives the adversary new powerful attack options. We introduce L.EDA (locking-enabled differential analysis), a new attack vector on logic locked cryptographic circuits In many cases, logic locking has made circuit implementations prone to classical algebraic attacks. We investigate in depth its success factors. In addition, we consider L.EDFA (locking-enabled differential fault analysis), a fault-assisted version of LEDA, and demonstrate for several ciphers and families of locking schemes that fault attacks become possible (or consistently easier) for incorrectly unlocked circuits Our results indicate that logic locking is not safe to use in cryptographic circuits, making them less rather than more secure.
{"title":"LEDA: Locking Enabled Differential Analysis of Cryptographic Circuits","authors":"Devanshi Upadhyaya, Mael Gay, I. Polian","doi":"10.1109/HOST55118.2023.10133696","DOIUrl":"https://doi.org/10.1109/HOST55118.2023.10133696","url":null,"abstract":"Hardware implementations of cryptographic primitives require protection against physical attacks and supplychain threats at the same time. This raises the question of secure composability of different attack countermeasures, i.e., whether protecting a circuit against one threat can make it more vulnerable against a different threat. In this paper, we study the consequences of applying logic locking, a popular design-for-trust solution against intellectual property piracy and overproduction, to cryptographic circuits. We show that the ability to unlock the circuit incorrectly gives the adversary new powerful attack options. We introduce L.EDA (locking-enabled differential analysis), a new attack vector on logic locked cryptographic circuits In many cases, logic locking has made circuit implementations prone to classical algebraic attacks. We investigate in depth its success factors. In addition, we consider L.EDFA (locking-enabled differential fault analysis), a fault-assisted version of LEDA, and demonstrate for several ciphers and families of locking schemes that fault attacks become possible (or consistently easier) for incorrectly unlocked circuits Our results indicate that logic locking is not safe to use in cryptographic circuits, making them less rather than more secure.","PeriodicalId":128125,"journal":{"name":"2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"3 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"126016668","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-05-01DOI: 10.1109/HOST55118.2023.10133261
Yunkai Bai, Jungmin Park, M. Tehranipoor, Domenic Forte
Cryptosystem implementations often leak information about a secret key due to correlation with side channels such as power, timing, EM, etc. Based on this principle, statistical and machine-learning-based side-channel attacks have been investigated, most often using a single channel or modality such as power; however, EM is growing in popularity. Since power and EM channels can leak distinct information, the combination of EM and power channels could increase side-channel attack efficiency. In this paper, we combine EM and power channels in a linear fashion by using mutual information to determine the optimal coefficients for each feature. Mutual information is also systematically applied for lightweight dimensionality reduction. Further, the proposed methodology is implemented onto a platform to simultaneously measure power and EM traces and process them in real time to extract AES subkeys. With the proposed dual channel approach, the success rate increases by at least 30% compared to single power/EM channels in the offline mode and over 50% in the real-time mode.
{"title":"Dual Channel EM/Power Attack Using Mutual Information and its Real-time Implementation","authors":"Yunkai Bai, Jungmin Park, M. Tehranipoor, Domenic Forte","doi":"10.1109/HOST55118.2023.10133261","DOIUrl":"https://doi.org/10.1109/HOST55118.2023.10133261","url":null,"abstract":"Cryptosystem implementations often leak information about a secret key due to correlation with side channels such as power, timing, EM, etc. Based on this principle, statistical and machine-learning-based side-channel attacks have been investigated, most often using a single channel or modality such as power; however, EM is growing in popularity. Since power and EM channels can leak distinct information, the combination of EM and power channels could increase side-channel attack efficiency. In this paper, we combine EM and power channels in a linear fashion by using mutual information to determine the optimal coefficients for each feature. Mutual information is also systematically applied for lightweight dimensionality reduction. Further, the proposed methodology is implemented onto a platform to simultaneously measure power and EM traces and process them in real time to extract AES subkeys. With the proposed dual channel approach, the success rate increases by at least 30% compared to single power/EM channels in the offline mode and over 50% in the real-time mode.","PeriodicalId":128125,"journal":{"name":"2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124367590","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-05-01DOI: 10.1109/HOST55118.2023.10133270
Guilhèm Assael, P. Elbaz-Vincent, Guillaume Reymond
The Number-Theoretic Transform (NTT) is a key feature for the efficiency of numerous lattice-based cryptographic schemes. The arithmetic structure of that operation makes it an important target for soft-analytical side-channel attacks, that are powerful single-trace side-channel attacks exploiting known arithmetic structure to improve noise tolerance. Among others, Pessl et al. used the belief-propagation technique to attack a software implementation of the Kyber key encapsulation mechanism for Arm Cortex-M4 microcontrollers. However, that implementation has since been thoroughly optimized, in particular through the use of an improved version of Plantard modular arithmetic. In this paper, we describe how we successfully attack the latest available version of this implementation. We show that precise knowledge of the implementation at hand allows for better performance of the belief-propagation technique. By modeling each individual arithmetic operation performed by the microcontroller, we are able to recover the secret values processed during the NTT, even with very noisy side-channel leakage. We also study some strategies for the attacker to either maximize the success rate, or minimize the runtime of the attack.
{"title":"Improving Single-Trace Attacks on the Number-Theoretic Transform for Cortex-M4","authors":"Guilhèm Assael, P. Elbaz-Vincent, Guillaume Reymond","doi":"10.1109/HOST55118.2023.10133270","DOIUrl":"https://doi.org/10.1109/HOST55118.2023.10133270","url":null,"abstract":"The Number-Theoretic Transform (NTT) is a key feature for the efficiency of numerous lattice-based cryptographic schemes. The arithmetic structure of that operation makes it an important target for soft-analytical side-channel attacks, that are powerful single-trace side-channel attacks exploiting known arithmetic structure to improve noise tolerance. Among others, Pessl et al. used the belief-propagation technique to attack a software implementation of the Kyber key encapsulation mechanism for Arm Cortex-M4 microcontrollers. However, that implementation has since been thoroughly optimized, in particular through the use of an improved version of Plantard modular arithmetic. In this paper, we describe how we successfully attack the latest available version of this implementation. We show that precise knowledge of the implementation at hand allows for better performance of the belief-propagation technique. By modeling each individual arithmetic operation performed by the microcontroller, we are able to recover the secret values processed during the NTT, even with very noisy side-channel leakage. We also study some strategies for the attacker to either maximize the success rate, or minimize the runtime of the attack.","PeriodicalId":128125,"journal":{"name":"2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"34 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116789108","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-05-01DOI: 10.1109/HOST55118.2023.10133711
S. Deshpande, Chuan Xu, Theodoros Trochatos, Hanrui Wang, Ferhat Erata, Song Han, Yongshan Ding, Jakub Szefer
The development of quantum computers has been advancing rapidly in recent years. In addition to researchers and companies building bigger and bigger machines, these computers are already being actively connected to the internet and offered as cloud-based quantum computer services. As quantum computers become more widely accessible, potentially malicious users could try to execute their code on the machines to leak information from other users, to interfere with or manipulate results of other users, or to reverse engineer the underlying quantum computer architecture and its intellectual property, for example. To analyze such new security threats to cloud-based quantum computers, this work first proposes and explores different types of quantum computer viruses. This work shows that quantum viruses can impact outcomes of Grover’s search algorithm or machine learning classification algorithms running on quantum computers, for example. The work then proposes a first of its kind quantum computer antivirus as a new means of protecting the expensive and fragile quantum computer hardware from quantum computer viruses. The antivirus can analyze quantum computer programs, also called circuits, and detect possibly malicious ones before they execute on quantum computer hardware. As a compile-time technique, it does not introduce any new overhead at run-time of the quantum computer.
{"title":"Design of Quantum Computer Antivirus","authors":"S. Deshpande, Chuan Xu, Theodoros Trochatos, Hanrui Wang, Ferhat Erata, Song Han, Yongshan Ding, Jakub Szefer","doi":"10.1109/HOST55118.2023.10133711","DOIUrl":"https://doi.org/10.1109/HOST55118.2023.10133711","url":null,"abstract":"The development of quantum computers has been advancing rapidly in recent years. In addition to researchers and companies building bigger and bigger machines, these computers are already being actively connected to the internet and offered as cloud-based quantum computer services. As quantum computers become more widely accessible, potentially malicious users could try to execute their code on the machines to leak information from other users, to interfere with or manipulate results of other users, or to reverse engineer the underlying quantum computer architecture and its intellectual property, for example. To analyze such new security threats to cloud-based quantum computers, this work first proposes and explores different types of quantum computer viruses. This work shows that quantum viruses can impact outcomes of Grover’s search algorithm or machine learning classification algorithms running on quantum computers, for example. The work then proposes a first of its kind quantum computer antivirus as a new means of protecting the expensive and fragile quantum computer hardware from quantum computer viruses. The antivirus can analyze quantum computer programs, also called circuits, and detect possibly malicious ones before they execute on quantum computer hardware. As a compile-time technique, it does not introduce any new overhead at run-time of the quantum computer.","PeriodicalId":128125,"journal":{"name":"2023 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"80 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"115172368","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: