Pub Date : 2023-05-29DOI: 10.1007/s13389-023-00322-4
D. Salomon, I. Levi
{"title":"MaskSIMD-lib: on the performance gap of a generic C optimized assembly and wide vector extensions for masked software with an Ascon-p test case","authors":"D. Salomon, I. Levi","doi":"10.1007/s13389-023-00322-4","DOIUrl":"https://doi.org/10.1007/s13389-023-00322-4","url":null,"abstract":"","PeriodicalId":48508,"journal":{"name":"Journal of Cryptographic Engineering","volume":"13 1","pages":"325 - 342"},"PeriodicalIF":1.9,"publicationDate":"2023-05-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"46257158","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Abstract The threat of (HTs) and their detection is a widely studied field. While the effort for inserting a Trojan into an (ASIC) can be considered relatively high, especially when trusting the chip manufacturer, programmable hardware is vulnerable to Trojan insertion even after the product has been shipped or during usage. At the same time, detecting dormant HTs with small or zero-overhead triggers and payloads on these platforms is still a challenging task, as the Trojan might not get activated during the chip verification using logical testing or physical measurements. In this work, we present a novel Trojan detection approach based on a technique known from (IC) failure analysis, capable of detecting virtually all classes of dormant Trojans. Using (LLSI), we show how supply voltage modulations can awaken inactive Trojans, making them detectable using laser voltage imaging techniques. Therefore, our technique does not require triggering the Trojan. To support our claims, we present three case studies on 28 nm and 20 nm SRAM- and flash-based (FPGAs). We demonstrate how to detect with high confidence small changes in sequential and combinatorial logic as well as in the routing configuration of FPGAs in a non-invasive manner. Finally, we discuss the practical applicability of our approach on dormant analog Trojans in ASICs.
{"title":"Trojan awakener: detecting dormant malicious hardware using laser logic state imaging (extended version)","authors":"Thilo Krachenfels, Jean-Pierre Seifert, Shahin Tajik","doi":"10.1007/s13389-023-00323-3","DOIUrl":"https://doi.org/10.1007/s13389-023-00323-3","url":null,"abstract":"Abstract The threat of (HTs) and their detection is a widely studied field. While the effort for inserting a Trojan into an (ASIC) can be considered relatively high, especially when trusting the chip manufacturer, programmable hardware is vulnerable to Trojan insertion even after the product has been shipped or during usage. At the same time, detecting dormant HTs with small or zero-overhead triggers and payloads on these platforms is still a challenging task, as the Trojan might not get activated during the chip verification using logical testing or physical measurements. In this work, we present a novel Trojan detection approach based on a technique known from (IC) failure analysis, capable of detecting virtually all classes of dormant Trojans. Using (LLSI), we show how supply voltage modulations can awaken inactive Trojans, making them detectable using laser voltage imaging techniques. Therefore, our technique does not require triggering the Trojan. To support our claims, we present three case studies on 28 nm and 20 nm SRAM- and flash-based (FPGAs). We demonstrate how to detect with high confidence small changes in sequential and combinatorial logic as well as in the routing configuration of FPGAs in a non-invasive manner. Finally, we discuss the practical applicability of our approach on dormant analog Trojans in ASICs.","PeriodicalId":48508,"journal":{"name":"Journal of Cryptographic Engineering","volume":"77 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135742004","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-05-28DOI: 10.1007/s13389-023-00320-6
Maikel Kerkhof, Lichao Wu, Guilherme Perin, S. Picek
{"title":"No (good) loss no gain: systematic evaluation of loss functions in deep learning-based side-channel analysis","authors":"Maikel Kerkhof, Lichao Wu, Guilherme Perin, S. Picek","doi":"10.1007/s13389-023-00320-6","DOIUrl":"https://doi.org/10.1007/s13389-023-00320-6","url":null,"abstract":"","PeriodicalId":48508,"journal":{"name":"Journal of Cryptographic Engineering","volume":"13 1","pages":"311 - 324"},"PeriodicalIF":1.9,"publicationDate":"2023-05-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48104167","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-05-22DOI: 10.1007/s13389-023-00321-5
Rony Komissarov, Avishai Wool
The safety and security of the passengers in vehicles in the face of cyber attacks is a key concern in the automotive industry, especially with the emergence of the Advanced driver assistance systems and the vast improvement in autonomous vehicles. Such platforms use various sensors, including cameras, LiDAR and mmWave radar. These sensors themselves may present a potential security hazard if exploited by an attacker. In this paper we propose a system to attack an automotive FMCW mmWave radar, that uses fast chirp modulation. Using a single rogue radar, our attack system is capable of spoofing the distance and velocity measured by the victim vehicle simultaneously, presenting phantom measurements coherent with the laws of physics governing vehicle motion. The attacking radar controls the delay in order to spoof its distance, and uses phase compensation and control in order to spoof its velocity. After developing the attack theory, we demonstrate the spoofing attack by building a proof-of-concept hardware-based system, using a Software Defined Radio. We successfully demonstrate two real-world scenarios in which the victim radar is spoofed to detect either a phantom emergency stop or a phantom acceleration, while measuring coherent range and velocity. We also discuss several countermeasures that can mitigate the described attack.
{"title":"Spoofing attacks against vehicular FMCW radar","authors":"Rony Komissarov, Avishai Wool","doi":"10.1007/s13389-023-00321-5","DOIUrl":"https://doi.org/10.1007/s13389-023-00321-5","url":null,"abstract":"The safety and security of the passengers in vehicles in the face of cyber attacks is a key concern in the automotive industry, especially with the emergence of the Advanced driver assistance systems and the vast improvement in autonomous vehicles. Such platforms use various sensors, including cameras, LiDAR and mmWave radar. These sensors themselves may present a potential security hazard if exploited by an attacker. In this paper we propose a system to attack an automotive FMCW mmWave radar, that uses fast chirp modulation. Using a single rogue radar, our attack system is capable of spoofing the distance and velocity measured by the victim vehicle simultaneously, presenting phantom measurements coherent with the laws of physics governing vehicle motion. The attacking radar controls the delay in order to spoof its distance, and uses phase compensation and control in order to spoof its velocity. After developing the attack theory, we demonstrate the spoofing attack by building a proof-of-concept hardware-based system, using a Software Defined Radio. We successfully demonstrate two real-world scenarios in which the victim radar is spoofed to detect either a phantom emergency stop or a phantom acceleration, while measuring coherent range and velocity. We also discuss several countermeasures that can mitigate the described attack.","PeriodicalId":48508,"journal":{"name":"Journal of Cryptographic Engineering","volume":"54 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-05-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135287981","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-04-29DOI: 10.1007/s13389-023-00317-1
Hamed Arshad, Pablo Picazo-Sanchez, Christian Johansen, Gerardo Schneider
{"title":"Attribute-based encryption with enforceable obligations","authors":"Hamed Arshad, Pablo Picazo-Sanchez, Christian Johansen, Gerardo Schneider","doi":"10.1007/s13389-023-00317-1","DOIUrl":"https://doi.org/10.1007/s13389-023-00317-1","url":null,"abstract":"","PeriodicalId":48508,"journal":{"name":"Journal of Cryptographic Engineering","volume":"1 1","pages":"1-29"},"PeriodicalIF":1.9,"publicationDate":"2023-04-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"41549768","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-04-25DOI: 10.1007/s13389-023-00315-3
Kalle Ngo, E. Dubrova, T. Johansson
{"title":"A side-channel attack on a masked and shuffled software implementation of Saber","authors":"Kalle Ngo, E. Dubrova, T. Johansson","doi":"10.1007/s13389-023-00315-3","DOIUrl":"https://doi.org/10.1007/s13389-023-00315-3","url":null,"abstract":"","PeriodicalId":48508,"journal":{"name":"Journal of Cryptographic Engineering","volume":" ","pages":"1-18"},"PeriodicalIF":1.9,"publicationDate":"2023-04-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"48752838","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-04-01DOI: 10.1007/s13389-023-00313-5
Elena Almaraz Luengo, Bittor Alaña Olivares, L. G. García Villalba, J. Hernandez-Castro, D. Hurley-Smith
{"title":"StringENT test suite: ENT battery revisited for efficient P value computation","authors":"Elena Almaraz Luengo, Bittor Alaña Olivares, L. G. García Villalba, J. Hernandez-Castro, D. Hurley-Smith","doi":"10.1007/s13389-023-00313-5","DOIUrl":"https://doi.org/10.1007/s13389-023-00313-5","url":null,"abstract":"","PeriodicalId":48508,"journal":{"name":"Journal of Cryptographic Engineering","volume":"13 1","pages":"235-249"},"PeriodicalIF":1.9,"publicationDate":"2023-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"47796043","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2023-03-27DOI: 10.1007/s13389-023-00312-6
Kunihiro Kuroda, Yuta Fukuda, Kota Yoshida, Takeshi Fujino
Abstract Deep-learning side-channel attacks, applying deep neural networks to side-channel attacks, are known that can easily attack some existing side-channel attack countermeasures such as masking and random jitter. While there have been many studies on profiled deep-learning side-channel attacks, a new approach that involves applying deep learning to non-profiled attacks was proposed in 2018. In our study, we investigate the structure of multi-layer perceptrons and points of interest for non-profiled deep-learning side-channel attacks using the ANSSI database with a masking countermeasure. The results of investigations indicate that it is better to use a simple network model, apply regularization to prevent over-fitting, and select a wide range of power traces that contain side-channel information as the points of interest. We also implemented AES-128 software implementation protected with the Rotating Sboxes Masking countermeasure, which has never been attacked by non-profiled deep-learning side-channel attacks, on the Xmega128 microcontroller and carried out non-profiled deep-learning side-channel attacks against it. Non-profiled deep-learning side-channel attacks successfully recovered all partial keys while the conventional power analysis could not. The attack results also showed that the least significant bit is the adequate selection for successful non-profiled deep-learning side-channel attacks, but the best labeling method may vary depending on the implementation of the countermeasure algorithm. We conducted two experimental analyses to clarify that deep-learning side-channel attacks learn mask values used in the masking countermeasure. One is the gradient visualization used in previous studies, and the other is a new analysis method using partial removal of power traces.
{"title":"Practical aspects on non-profiled deep-learning side-channel attacks against AES software implementation with two types of masking countermeasures including RSM","authors":"Kunihiro Kuroda, Yuta Fukuda, Kota Yoshida, Takeshi Fujino","doi":"10.1007/s13389-023-00312-6","DOIUrl":"https://doi.org/10.1007/s13389-023-00312-6","url":null,"abstract":"Abstract Deep-learning side-channel attacks, applying deep neural networks to side-channel attacks, are known that can easily attack some existing side-channel attack countermeasures such as masking and random jitter. While there have been many studies on profiled deep-learning side-channel attacks, a new approach that involves applying deep learning to non-profiled attacks was proposed in 2018. In our study, we investigate the structure of multi-layer perceptrons and points of interest for non-profiled deep-learning side-channel attacks using the ANSSI database with a masking countermeasure. The results of investigations indicate that it is better to use a simple network model, apply regularization to prevent over-fitting, and select a wide range of power traces that contain side-channel information as the points of interest. We also implemented AES-128 software implementation protected with the Rotating Sboxes Masking countermeasure, which has never been attacked by non-profiled deep-learning side-channel attacks, on the Xmega128 microcontroller and carried out non-profiled deep-learning side-channel attacks against it. Non-profiled deep-learning side-channel attacks successfully recovered all partial keys while the conventional power analysis could not. The attack results also showed that the least significant bit is the adequate selection for successful non-profiled deep-learning side-channel attacks, but the best labeling method may vary depending on the implementation of the countermeasure algorithm. We conducted two experimental analyses to clarify that deep-learning side-channel attacks learn mask values used in the masking countermeasure. One is the gradient visualization used in previous studies, and the other is a new analysis method using partial removal of power traces.","PeriodicalId":48508,"journal":{"name":"Journal of Cryptographic Engineering","volume":"62 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2023-03-27","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"135823093","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: