{"title":"Constructing Sliding Windows Leak from Noisy Cache Timing Information of OSS-RSA","authors":"Rei Ueno, J. Takahashi, Yu-ichi Hayashi, N. Homma","doi":"10.29007/ws8z","DOIUrl":"https://doi.org/10.29007/ws8z","url":null,"abstract":"","PeriodicalId":398629,"journal":{"name":"International Workshop on Security Proofs for Embedded Systems","volume":"41 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2019-09-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134407082","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Today’s electronic systems must simultaneously fulfill strict requirements on security and reliability. In particular, their cryptographic modules are exposed to faults, which can be due to natural failures (e.g., radiation or electromagnetic noise) or malicious faultinjection attacks. We present an architecture based on a new class of error-detecting codes that combine robustness properties with a minimal distance. The new architecture guarantees (with some probability) the detection of faults injected by an intelligent and strategic adversary who can precisely control the disturbance. At the same time it supports automatic correction of low-multiplicity faults. To this end, we discuss an efficient technique to correct single errors while avoiding full syndrome analysis. We report experimental results obtained by physical fault injection on the SAKURA-G FPGA board.
{"title":"Detection and Correction of Malicious and Natural Faults in Cryptographic Modules","authors":"Batya Karp, Mael Gay, O. Keren, I. Polian","doi":"10.29007/w37p","DOIUrl":"https://doi.org/10.29007/w37p","url":null,"abstract":"Today’s electronic systems must simultaneously fulfill strict requirements on security and reliability. In particular, their cryptographic modules are exposed to faults, which can be due to natural failures (e.g., radiation or electromagnetic noise) or malicious faultinjection attacks. We present an architecture based on a new class of error-detecting codes that combine robustness properties with a minimal distance. The new architecture guarantees (with some probability) the detection of faults injected by an intelligent and strategic adversary who can precisely control the disturbance. At the same time it supports automatic correction of low-multiplicity faults. To this end, we discuss an efficient technique to correct single errors while avoiding full syndrome analysis. We report experimental results obtained by physical fault injection on the SAKURA-G FPGA board.","PeriodicalId":398629,"journal":{"name":"International Workshop on Security Proofs for Embedded Systems","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129762623","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
This paper presents a non-reversible method for stealthily inserting hardware Trojan (HT) based on a path delay fault called Path Delay HT (PDHT). While PDHT is hardly detected by the conventional methods including Monte-Carlo tests, its practicality is still unclear because a rarely sensitized path used for PDHT is selected and exploited in a deterministic manner. Such deterministic method indicates that we can find possible PDHT-inserted paths by its reversed method. In addition, the conventional method uses a genetic algorithm to add extra delays onto the selected path for inducing a path delay fault, and therefore, we have a difficulty in evaluating the resistance/vulnerability of a circuit to PDHT. This paper first presents a new method for selecting sufficiently rare paths to insert PDHT at random. We then show that the detectability/stealthiness of PDHT is related to switching activity (i.e., glitch effect), and present a new systematic method for inducing a path delay fault instead of GA. We demonstrate through an experimental PDHT-insertion and a Monte-Carlo test that the PDHT inserted by our method is sufficiently undetectable in comparison with the conventional method.
{"title":"A Non-Reversible Insertion Method for Hardware Trojans Based on Path Delay Faults","authors":"Akira Ito, Rei Ueno, N. Homma, T. Aoki","doi":"10.29007/fxvv","DOIUrl":"https://doi.org/10.29007/fxvv","url":null,"abstract":"This paper presents a non-reversible method for stealthily inserting hardware Trojan (HT) based on a path delay fault called Path Delay HT (PDHT). While PDHT is hardly detected by the conventional methods including Monte-Carlo tests, its practicality is still unclear because a rarely sensitized path used for PDHT is selected and exploited in a deterministic manner. Such deterministic method indicates that we can find possible PDHT-inserted paths by its reversed method. In addition, the conventional method uses a genetic algorithm to add extra delays onto the selected path for inducing a path delay fault, and therefore, we have a difficulty in evaluating the resistance/vulnerability of a circuit to PDHT. This paper first presents a new method for selecting sufficiently rare paths to insert PDHT at random. We then show that the detectability/stealthiness of PDHT is related to switching activity (i.e., glitch effect), and present a new systematic method for inducing a path delay fault instead of GA. We demonstrate through an experimental PDHT-insertion and a Monte-Carlo test that the PDHT inserted by our method is sufficiently undetectable in comparison with the conventional method.","PeriodicalId":398629,"journal":{"name":"International Workshop on Security Proofs for Embedded Systems","volume":"101 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134132590","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Manaar Alam, Debdeep Mukhopadhyay, S. Kadiyala, S. Lam, T. Srikanthan
Malware detection is still one of the difficult problems in computer security because of the occurrence of newer varieties of malware programs. There has been an enormous effort in developing a generalised solution to this problem, but a little has been done considering the security of resource constraint embedded devices. In this paper, we attempt to develop a lightweight malware detection tool designed specifically for embedded platforms using micro-architectural side-channel information obtained through Hardware Performance Counters (HPCs). The methodology aims to develop a distance metric, called λ, for a given program from a benign set of programs which are expected to execute in the embedded environment. The distance metric is decided based on observations from carefully chosen features, which are tuples of high-level system calls along with low-level HPC events. An ideal λ-value for a malicious program is 1, as opposed to 0 for a benign program. However, in reality, the efficacy of λ to classify a malware largely depends on the proper assignment of weights to the features. We employ a gradient-descent based learning mechanism to determine optimal choices for these weights. We justify through experimental results on an embedded Linux running on an ARM processor that such a side-channel based learning mechanism improves the classification accuracy significantly compared to an ad-hoc selection of the weights, and leads to significantly low false positives and false negatives in all our test cases.
{"title":"Side-Channel Assisted Malware Classifier with Gradient Descent Correction for Embedded Platforms","authors":"Manaar Alam, Debdeep Mukhopadhyay, S. Kadiyala, S. Lam, T. Srikanthan","doi":"10.29007/5sdj","DOIUrl":"https://doi.org/10.29007/5sdj","url":null,"abstract":"Malware detection is still one of the difficult problems in computer security because of the occurrence of newer varieties of malware programs. There has been an enormous effort in developing a generalised solution to this problem, but a little has been done considering the security of resource constraint embedded devices. In this paper, we attempt to develop a lightweight malware detection tool designed specifically for embedded platforms using micro-architectural side-channel information obtained through Hardware Performance Counters (HPCs). The methodology aims to develop a distance metric, called λ, for a given program from a benign set of programs which are expected to execute in the embedded environment. The distance metric is decided based on observations from carefully chosen features, which are tuples of high-level system calls along with low-level HPC events. An ideal λ-value for a malicious program is 1, as opposed to 0 for a benign program. However, in reality, the efficacy of λ to classify a malware largely depends on the proper assignment of weights to the features. We employ a gradient-descent based learning mechanism to determine optimal choices for these weights. We justify through experimental results on an embedded Linux running on an ARM processor that such a side-channel based learning mechanism improves the classification accuracy significantly compared to an ad-hoc selection of the weights, and leads to significantly low false positives and false negatives in all our test cases.","PeriodicalId":398629,"journal":{"name":"International Workshop on Security Proofs for Embedded Systems","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125141033","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
M. Siddiqi, R. M. Seepers, Mohammad Hamad, V. Prevelakis, C. Strydis
Modern Implantable Medical Devices (IMDs) are low-power embedded systems with life-critical functionalities. Almost all of these devices are equipped with wirelesscommunication capabilities in order to aid in diagnosis, in updating the functional settings and firmware and so on, without any surgical procedure to perform these tasks manually. There is, thus, a rising trend towards increased connectivity of these devices. The downside of this trend is, however, a proportional increase in the attack surface that can be exploited by a malicious entity. In effect, threat modeling of IMDs becomes ever more important. This is reflected by an increase in the number of vulnerabilities being found consistently in the IMDs available in market. This paper proposes a threat-modeling analysis based on attack trees to evaluate the security of these devices. As an example, three recent lightweight IMD security protocols from literature are analyzed using this approach to demonstrate its effectiveness in suggesting security improvements.
{"title":"Attack-tree-based Threat Modeling of Medical Implants","authors":"M. Siddiqi, R. M. Seepers, Mohammad Hamad, V. Prevelakis, C. Strydis","doi":"10.29007/8gxh","DOIUrl":"https://doi.org/10.29007/8gxh","url":null,"abstract":"Modern Implantable Medical Devices (IMDs) are low-power embedded systems with life-critical functionalities. Almost all of these devices are equipped with wirelesscommunication capabilities in order to aid in diagnosis, in updating the functional settings and firmware and so on, without any surgical procedure to perform these tasks manually. There is, thus, a rising trend towards increased connectivity of these devices. The downside of this trend is, however, a proportional increase in the attack surface that can be exploited by a malicious entity. In effect, threat modeling of IMDs becomes ever more important. This is reflected by an increase in the number of vulnerabilities being found consistently in the IMDs available in market. This paper proposes a threat-modeling analysis based on attack trees to evaluate the security of these devices. As an example, three recent lightweight IMD security protocols from literature are analyzed using this approach to demonstrate its effectiveness in suggesting security improvements.","PeriodicalId":398629,"journal":{"name":"International Workshop on Security Proofs for Embedded Systems","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2018-09-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"123360776","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Sayandeep Saha, Ujjawal Kumar, Debdeep Mukhopadhyay, P. Dasgupta
Characterization of all possible faults in a cryptosystem exploitable for fault attacks is a problem which is of both theoretical and practical interest for the cryptographic community. The complete knowledge of exploitable fault space is desirable while designing optimal countermeasures for any given crypto-implementation. In this paper, we address the exploitable fault characterization problem in the context of Differential Fault Analysis (DFA) attacks on block ciphers. The formidable size of the fault spaces demands an automated albeit fast mechanism for verifying each individual fault instance and neither the traditional, cipher-specific, manual DFA techniques nor the generic and automated Algebraic Fault Attacks (AFA) [10] fulfill these criteria. Further, the diversified structures of different block ciphers suggest that such an automation should be equally applicable to any block cipher. This work presents an automated framework for DFA identification, fulfilling all aforementioned criteria, which, instead of performing the attack just estimates the attack complexity for each individual fault instance. A generic and extendable data-mining assisted dynamic analysis framework capable of capturing a large class of DFA distinguishers is devised, along with a graph-based complexity analysis scheme. The framework significantly outperforms another recently proposed one [6], in terms of attack class coverage and automation effort. Experimental evaluation on AES and PRESENT establishes the effectiveness of the proposed framework in detecting most of the known DFAs, which eventually enables the characterization of the exploitable fault space.
{"title":"An Automated Framework for Exploitable Fault Identification in Block Ciphers - A Data Mining Approach","authors":"Sayandeep Saha, Ujjawal Kumar, Debdeep Mukhopadhyay, P. Dasgupta","doi":"10.29007/fmzl","DOIUrl":"https://doi.org/10.29007/fmzl","url":null,"abstract":"Characterization of all possible faults in a cryptosystem exploitable for fault attacks is a problem which is of both theoretical and practical interest for the cryptographic community. The complete knowledge of exploitable fault space is desirable while designing optimal countermeasures for any given crypto-implementation. In this paper, we address the exploitable fault characterization problem in the context of Differential Fault Analysis (DFA) attacks on block ciphers. The formidable size of the fault spaces demands an automated albeit fast mechanism for verifying each individual fault instance and neither the traditional, cipher-specific, manual DFA techniques nor the generic and automated Algebraic Fault Attacks (AFA) [10] fulfill these criteria. Further, the diversified structures of different block ciphers suggest that such an automation should be equally applicable to any block cipher. This work presents an automated framework for DFA identification, fulfilling all aforementioned criteria, which, instead of performing the attack just estimates the attack complexity for each individual fault instance. A generic and extendable data-mining assisted dynamic analysis framework capable of capturing a large class of DFA distinguishers is devised, along with a graph-based complexity analysis scheme. The framework significantly outperforms another recently proposed one [6], in terms of attack class coverage and automation effort. Experimental evaluation on AES and PRESENT establishes the effectiveness of the proposed framework in detecting most of the known DFAs, which eventually enables the characterization of the exploitable fault space.","PeriodicalId":398629,"journal":{"name":"International Workshop on Security Proofs for Embedded Systems","volume":"27 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"127178321","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Inès Ben El Ouahma, Quentin L. Meunier, K. Heydemann, Emmanuelle Encrenaz-Tiphène
Masking is a popular countermeasure against side-channel attacks, which randomizes secret data with random and uniform variables called masks. At software level, masking is usually added in the source code and its effectiveness needs to be verified. In this paper, we propose a symbolic method to verify side-channel robustness of masked programs. The analysis is performed at the assembly level since compilation and optimisations may alter the added protections. Our proposed method aims to verify that intermediate computations are statistically independent from secret variables using defined distribution inference rules. We verify the first round of a masked AES in 22s and show that some secure algorithms or source codes are not leakage-free in their assembly implementations.
{"title":"Symbolic Approach for Side-Channel Resistance Analysis of Masked Assembly Codes","authors":"Inès Ben El Ouahma, Quentin L. Meunier, K. Heydemann, Emmanuelle Encrenaz-Tiphène","doi":"10.29007/hhnf","DOIUrl":"https://doi.org/10.29007/hhnf","url":null,"abstract":"Masking is a popular countermeasure against side-channel attacks, which randomizes secret data with random and uniform variables called masks. At software level, masking is usually added in the source code and its effectiveness needs to be verified. In this paper, we propose a symbolic method to verify side-channel robustness of masked programs. The analysis is performed at the assembly level since compilation and optimisations may alter the added protections. Our proposed method aims to verify that intermediate computations are statistically independent from secret variables using defined distribution inference rules. We verify the first round of a masked AES in 22s and show that some secure algorithms or source codes are not leakage-free in their assembly implementations.","PeriodicalId":398629,"journal":{"name":"International Workshop on Security Proofs for Embedded Systems","volume":"112 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-10-04","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"122037268","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: