Pub Date : 2019-12-01DOI: 10.1109/ASIANHOST47458.2019.9006666
Salih Ergun
A novel attack system is proposed to reveal the security weaknesses of a microcomputer-based random number generator (RNG). Convergence of the attack system is proved using auto-synchronization. Secret parameters of the microcomputer-based RNG are revealed where the available information are the structure of the RNG and a scalar time series observed from the chaotic system used as the seed of the RNG. Simulation results verifying the feasibility of the attack system are given such that, next bit can be predicted while the same output sequence of the RNG can be generated.
{"title":"Attack on a Microcomputer-Based Random Number Generator Using Auto-synchronization","authors":"Salih Ergun","doi":"10.1109/ASIANHOST47458.2019.9006666","DOIUrl":"https://doi.org/10.1109/ASIANHOST47458.2019.9006666","url":null,"abstract":"A novel attack system is proposed to reveal the security weaknesses of a microcomputer-based random number generator (RNG). Convergence of the attack system is proved using auto-synchronization. Secret parameters of the microcomputer-based RNG are revealed where the available information are the structure of the RNG and a scalar time series observed from the chaotic system used as the seed of the RNG. Simulation results verifying the feasibility of the attack system are given such that, next bit can be predicted while the same output sequence of the RNG can be generated.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"432 1","pages":"1-4"},"PeriodicalIF":0.0,"publicationDate":"2019-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"79627075","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-09-19DOI: 10.1109/HST.2018.8383904
William Diehl, Abubakr Abdulgadir, Farnoud Farahmand, J. Kaps, K. Gaj
Authenticated ciphers are vulnerable to side-channel attacks, including differential power analysis (DPA). Test Vector Leakage Assessment (TVLA) using Welch's t-test has been used to verify improved resistance of block ciphers to DPA after application of countermeasures. However, extension of this methodology to authenticated ciphers is non-trivial, since this requires additional input and output conditions, complex interfaces, and long test vectors interlaced with protocol necessary to describe authenticated cipher operations. In this research we augment an existing side-channel analysis architecture (FOBOS) with TVLA for authenticated ciphers. We use this capability to show that implementations in the Spartan-6 FPGA of the CAESAR Round 3 candidates ACORN, ASCON, CLOC (AES and TWINE), SILC (AES, PRESENT, and LED), JAMBU (AES and SIMON), and Ketje Jr., as well as AES-GCM, are potentially vulnerable to 1st order DPA. We then implement versions of the above ciphers, protected against 1st order DPA, using threshold implementations. TVLA is used to verify improved resistance to 1st order DPA of the protected cipher implementations. Finally, we benchmark unprotected and protected cipher implementations in the Spartan-6 FPGA, and compare the costs of 1st order DPA protection in terms of area, frequency, throughput, throughput-to-area (TP/A) ratio, power, and energy per bit. Our results show that ACORN is the most energy efficient, has the lowest area (in LUTs), and has the highest TP/A ratio of DPA-resistant implementations. However, Ketje Jr. has the highest throughput.
{"title":"Comparison of cost of protection against differential power analysis of selected authenticated ciphers","authors":"William Diehl, Abubakr Abdulgadir, Farnoud Farahmand, J. Kaps, K. Gaj","doi":"10.1109/HST.2018.8383904","DOIUrl":"https://doi.org/10.1109/HST.2018.8383904","url":null,"abstract":"Authenticated ciphers are vulnerable to side-channel attacks, including differential power analysis (DPA). Test Vector Leakage Assessment (TVLA) using Welch's t-test has been used to verify improved resistance of block ciphers to DPA after application of countermeasures. However, extension of this methodology to authenticated ciphers is non-trivial, since this requires additional input and output conditions, complex interfaces, and long test vectors interlaced with protocol necessary to describe authenticated cipher operations. In this research we augment an existing side-channel analysis architecture (FOBOS) with TVLA for authenticated ciphers. We use this capability to show that implementations in the Spartan-6 FPGA of the CAESAR Round 3 candidates ACORN, ASCON, CLOC (AES and TWINE), SILC (AES, PRESENT, and LED), JAMBU (AES and SIMON), and Ketje Jr., as well as AES-GCM, are potentially vulnerable to 1st order DPA. We then implement versions of the above ciphers, protected against 1st order DPA, using threshold implementations. TVLA is used to verify improved resistance to 1st order DPA of the protected cipher implementations. Finally, we benchmark unprotected and protected cipher implementations in the Spartan-6 FPGA, and compare the costs of 1st order DPA protection in terms of area, frequency, throughput, throughput-to-area (TP/A) ratio, power, and energy per bit. Our results show that ACORN is the most energy efficient, has the lowest area (in LUTs), and has the highest TP/A ratio of DPA-resistant implementations. However, Ketje Jr. has the highest throughput.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"22 1","pages":"147-152"},"PeriodicalIF":0.0,"publicationDate":"2018-09-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"76622732","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-06-14DOI: 10.1109/HST.2018.8383900
Robert Hesselbarth, F. Wilde, Chongyan Gu, Neil Hanley
Runtime accessible, general purpose, secure secret storage based on physical unclonable functions (PUFs) implemented within the programmable logic fabric is one of the most interesting applications of PUFs on field programmable gate arrays (FPGAs). To properly evaluate the quality of a PUF design, data from a large number of devices is required. This work therefore publishes a dataset containing 100 repeated measurements of 6592 ring oscillators (ROs) on 217 Xilinx Artix-7 XC7A35T FPGAs. This is both larger, and based on a more recent technology node than other publicly available datasets of related work. Apart from making the raw data publicly available, a thorough analysis is performed. The location and type of slice is found to affect the RO frequency by approx. 5 MHz, fast switching logic decreases the frequency by approx. 10MHz, and ROs adjacent to clock routing resources showed an expected frequency of 20 MHz less than others on the device. We also address the time-to-response of ring oscillator PUFs (RO-PUFs), which can be large, by optimizing the evaluation time with regard to the measurement precision and found 70.71 μs to be optimal for the device and architecture under test. The temperature induced bit error rate was estimated to be 3.5 % and 5.8 % for temperature differences of 60 °C and 100 °C respectively. Finally, access to the FPGA array used to obtain the data will be granted to interested researchers.
{"title":"Large scale RO PUF analysis over slice type, evaluation time and temperature on 28nm Xilinx FPGAs","authors":"Robert Hesselbarth, F. Wilde, Chongyan Gu, Neil Hanley","doi":"10.1109/HST.2018.8383900","DOIUrl":"https://doi.org/10.1109/HST.2018.8383900","url":null,"abstract":"Runtime accessible, general purpose, secure secret storage based on physical unclonable functions (PUFs) implemented within the programmable logic fabric is one of the most interesting applications of PUFs on field programmable gate arrays (FPGAs). To properly evaluate the quality of a PUF design, data from a large number of devices is required. This work therefore publishes a dataset containing 100 repeated measurements of 6592 ring oscillators (ROs) on 217 Xilinx Artix-7 XC7A35T FPGAs. This is both larger, and based on a more recent technology node than other publicly available datasets of related work. Apart from making the raw data publicly available, a thorough analysis is performed. The location and type of slice is found to affect the RO frequency by approx. 5 MHz, fast switching logic decreases the frequency by approx. 10MHz, and ROs adjacent to clock routing resources showed an expected frequency of 20 MHz less than others on the device. We also address the time-to-response of ring oscillator PUFs (RO-PUFs), which can be large, by optimizing the evaluation time with regard to the measurement precision and found 70.71 μs to be optimal for the device and architecture under test. The temperature induced bit error rate was estimated to be 3.5 % and 5.8 % for temperature differences of 60 °C and 100 °C respectively. Finally, access to the FPGA array used to obtain the data will be granted to interested researchers.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"76 1","pages":"126-133"},"PeriodicalIF":0.0,"publicationDate":"2018-06-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89414177","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-06-12DOI: 10.1109/HST.2018.8383897
Asmit De, Anirudh Iyengar, Mohammad Nasim Imtiaz Khan, Sung-Hao Lin, S. Thirumala, Swaroop Ghosh, S. Gupta
Reverse Engineering (RE) of Intellectual Property (IP) has become increasingly more efficient with sophisticated imaging and probing techniques. Gate camouflaging is a well-known technique used to prevent an adversary from deciphering the chip design and stealing the IP. Several flavors of camouflaging have been previously proposed to thwart RE such as, dummy vias and threshold voltage modulation. However, these techniques are either costly or remain vulnerable to backside probing and sophisticated optical attacks. In this paper, we propose a charge — trap based approach of designing camouflaged circuits, which are resilient to backside probing and optical RE. The camouflaging relies on trapped charges at the gate oxide of the camouflaged gate. It does not require any process change and does not leave any layout-level clue. We propose two multi-function dynamic Charge-Trap-based Camouflaged Gates (CTCG) namely, CTCG2 and CTCG4 that can assume 2 and 4 different logic personalities, respectively. We leverage this camouflaging technique to design an n-stage domino-logic implementation. We perform area, power and delay analysis of CTCG and compare with existing camouflaging techniques. Simulation results show an average delay overhead of 2X, leakage overhead of 3.5X, total power overhead of 2.2X and area overhead of 7.4X with respect to standard dynamic gates. Since CTCG overhead is high and may suffer from leakage of trapped charges if process is not optimized carefully, we propose to replace the charge-trap circuit with a Non-Volatile Ferroelectric FET (NV-FeFET). Simulation results of NV-FeFET based CTCG show an average delay overhead of 1. 7X, leakage overhead of 0.6X, total power overhead of 0.9X and area overhead of 2.3X with respect to standard dynamic gates.
{"title":"CTCG: Charge-trap based camouflaged gates for reverse engineering prevention","authors":"Asmit De, Anirudh Iyengar, Mohammad Nasim Imtiaz Khan, Sung-Hao Lin, S. Thirumala, Swaroop Ghosh, S. Gupta","doi":"10.1109/HST.2018.8383897","DOIUrl":"https://doi.org/10.1109/HST.2018.8383897","url":null,"abstract":"Reverse Engineering (RE) of Intellectual Property (IP) has become increasingly more efficient with sophisticated imaging and probing techniques. Gate camouflaging is a well-known technique used to prevent an adversary from deciphering the chip design and stealing the IP. Several flavors of camouflaging have been previously proposed to thwart RE such as, dummy vias and threshold voltage modulation. However, these techniques are either costly or remain vulnerable to backside probing and sophisticated optical attacks. In this paper, we propose a charge — trap based approach of designing camouflaged circuits, which are resilient to backside probing and optical RE. The camouflaging relies on trapped charges at the gate oxide of the camouflaged gate. It does not require any process change and does not leave any layout-level clue. We propose two multi-function dynamic Charge-Trap-based Camouflaged Gates (CTCG) namely, CTCG2 and CTCG4 that can assume 2 and 4 different logic personalities, respectively. We leverage this camouflaging technique to design an n-stage domino-logic implementation. We perform area, power and delay analysis of CTCG and compare with existing camouflaging techniques. Simulation results show an average delay overhead of 2X, leakage overhead of 3.5X, total power overhead of 2.2X and area overhead of 7.4X with respect to standard dynamic gates. Since CTCG overhead is high and may suffer from leakage of trapped charges if process is not optimized carefully, we propose to replace the charge-trap circuit with a Non-Volatile Ferroelectric FET (NV-FeFET). Simulation results of NV-FeFET based CTCG show an average delay overhead of 1. 7X, leakage overhead of 0.6X, total power overhead of 0.9X and area overhead of 2.3X with respect to standard dynamic gates.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"238 1","pages":"103-110"},"PeriodicalIF":0.0,"publicationDate":"2018-06-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"89150350","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-01DOI: 10.1109/HST.2018.8383906
Arvind Singh, Nikhil Chawla, Monodeep Kar, S. Mukhopadhyay
Design of ultra-lightweight but secure encryption engine is a key challenge for Internet-of-Things (IOT) edge devices. We explore the architectural design space for datapath of 128-bit SIMON, a lightweight block cipher, to simultaneously increase energy-efficiency and resistance to power based side-channel analysis (PSCA) attacks. Alternative datapath architectures are implemented on FPGA (Spartan-6, 45nm) to perform power, performance and area (PPA)) analysis. We show that, although a bit-serial datapath minimizes area and power, a round unrolled datapath provides 919× higher energy-efficiency and 210× higher performance, compared to the baseline bitserial design. Moreover, the PSCA measurements demonstrate that a 6-round unrolled datapath improves minimum-traces-to-disclosure (MTD) for correlation power analysis (CPA) by at least 384× over baseline bitserial design with no successful CPA even with 500,000 measurements.
{"title":"Energy efficient and side-channel secure hardware architecture for lightweight cipher SIMON","authors":"Arvind Singh, Nikhil Chawla, Monodeep Kar, S. Mukhopadhyay","doi":"10.1109/HST.2018.8383906","DOIUrl":"https://doi.org/10.1109/HST.2018.8383906","url":null,"abstract":"Design of ultra-lightweight but secure encryption engine is a key challenge for Internet-of-Things (IOT) edge devices. We explore the architectural design space for datapath of 128-bit SIMON, a lightweight block cipher, to simultaneously increase energy-efficiency and resistance to power based side-channel analysis (PSCA) attacks. Alternative datapath architectures are implemented on FPGA (Spartan-6, 45nm) to perform power, performance and area (PPA)) analysis. We show that, although a bit-serial datapath minimizes area and power, a round unrolled datapath provides 919× higher energy-efficiency and 210× higher performance, compared to the baseline bitserial design. Moreover, the PSCA measurements demonstrate that a 6-round unrolled datapath improves minimum-traces-to-disclosure (MTD) for correlation power analysis (CPA) by at least 384× over baseline bitserial design with no successful CPA even with 500,000 measurements.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"53 1","pages":"159-162"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"85215305","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-01DOI: 10.1109/HST.2018.8383894
Aydin Aysu, Y. Tobah, Mohit Tiwari, A. Gerstlauer, M. Orshansky
Key exchange protocols establish a secret key to confidentially communicate digital information over public channels. Lattice-based key exchange protocols are a promising alternative for next-generation applications due to their quantum-cryptanalysis resistance and implementation efficiency. While these constructions rely on the theory of quantum-resistant lattice problems, their practical implementations have shown vulnerability against side-channel attacks in the context of public-key encryption or digital signatures. Applying such attacks on key exchange protocols is, however, much more challenging because the secret key changes after each execution of the protocol, limiting the side-channel adversary to a single measurement. In this paper, we demonstrate the first successful power side-channel attack on lattice-based key exchange protocols. The attack targets the hardware implementation of matrix and polynomial multiplication used in these protocols. The crux of our idea is to apply a horizontal attack that makes hypothesis on several intermediate values within a single execution all relating to the same secret and to combine their correlations for accurately estimating the secret key. We illustrate that the design of key exchange protocols combined with the nature of lattice arithmetic enables our attack. Since a straightforward attack suffers from false positives, we demonstrate a novel procedure to recover the key by following the sequence of intermediate updates during multiplication. We analyzed two key exchange protocols, NewHope (USENIX'16) and Frodo (CCS'16), and show that their implementations can be vulnerable to our attack. We test the effectiveness of the proposed attack using concrete parameters of these protocols on a physical platform with real measurements. On a SAKURA-G FPGA Board, we show that the proposed attack can estimate the entire secret key from a single power measurement with over 99% success rate.
{"title":"Horizontal side-channel vulnerabilities of post-quantum key exchange protocols","authors":"Aydin Aysu, Y. Tobah, Mohit Tiwari, A. Gerstlauer, M. Orshansky","doi":"10.1109/HST.2018.8383894","DOIUrl":"https://doi.org/10.1109/HST.2018.8383894","url":null,"abstract":"Key exchange protocols establish a secret key to confidentially communicate digital information over public channels. Lattice-based key exchange protocols are a promising alternative for next-generation applications due to their quantum-cryptanalysis resistance and implementation efficiency. While these constructions rely on the theory of quantum-resistant lattice problems, their practical implementations have shown vulnerability against side-channel attacks in the context of public-key encryption or digital signatures. Applying such attacks on key exchange protocols is, however, much more challenging because the secret key changes after each execution of the protocol, limiting the side-channel adversary to a single measurement. In this paper, we demonstrate the first successful power side-channel attack on lattice-based key exchange protocols. The attack targets the hardware implementation of matrix and polynomial multiplication used in these protocols. The crux of our idea is to apply a horizontal attack that makes hypothesis on several intermediate values within a single execution all relating to the same secret and to combine their correlations for accurately estimating the secret key. We illustrate that the design of key exchange protocols combined with the nature of lattice arithmetic enables our attack. Since a straightforward attack suffers from false positives, we demonstrate a novel procedure to recover the key by following the sequence of intermediate updates during multiplication. We analyzed two key exchange protocols, NewHope (USENIX'16) and Frodo (CCS'16), and show that their implementations can be vulnerable to our attack. We test the effectiveness of the proposed attack using concrete parameters of these protocols on a physical platform with real measurements. On a SAKURA-G FPGA Board, we show that the proposed attack can estimate the entire secret key from a single power measurement with over 99% success rate.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"52 1","pages":"81-88"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"80366811","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-01DOI: 10.1109/HST.2018.8383901
J. Takahashi, Masashi Tanaka, H. Fuji, Toshio Narita, Shunsuke Matsumoto, Hiroki Sato
We present a method for influencing vehicle behaviors using only informative Controller Area Network (CAN) messages. Some recent vehicle attack techniques have been shown to have a significant impact on the automotive industry. Almost all previous studies employ active CAN messages that induce actions for the attacks, but there have been no studies that explicitly use only the informative CAN messages. Furthermore, very few investigations have reported successful attacks regarding acceleration which is significant. This is the first report of using only informative CAN messages in an attack especially targeting a driving-support system. Through experiments, we show that abnormal acceleration or deceleration is induced using informative messages regarding the wheel speed when a cruise control system is activated. We also find that the speed limit control of the cruise control system can be disabled and the parking assist function can be abruptly canceled without driver intention using such kinds of messages. The experimental results reveal that fabricated informative CAN messages can manipulate the vehicle to yield improper behavior. We mention solutions that mitigate such attacks. We believe that this study will bring a new perspective to automotive security toward system design.
{"title":"Abnormal vehicle behavior induced using only fabricated informative CAN messages","authors":"J. Takahashi, Masashi Tanaka, H. Fuji, Toshio Narita, Shunsuke Matsumoto, Hiroki Sato","doi":"10.1109/HST.2018.8383901","DOIUrl":"https://doi.org/10.1109/HST.2018.8383901","url":null,"abstract":"We present a method for influencing vehicle behaviors using only informative Controller Area Network (CAN) messages. Some recent vehicle attack techniques have been shown to have a significant impact on the automotive industry. Almost all previous studies employ active CAN messages that induce actions for the attacks, but there have been no studies that explicitly use only the informative CAN messages. Furthermore, very few investigations have reported successful attacks regarding acceleration which is significant. This is the first report of using only informative CAN messages in an attack especially targeting a driving-support system. Through experiments, we show that abnormal acceleration or deceleration is induced using informative messages regarding the wheel speed when a cruise control system is activated. We also find that the speed limit control of the cruise control system can be disabled and the parking assist function can be abruptly canceled without driver intention using such kinds of messages. The experimental results reveal that fabricated informative CAN messages can manipulate the vehicle to yield improper behavior. We mention solutions that mitigate such attacks. We believe that this study will bring a new perspective to automotive security toward system design.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"44 22 1","pages":"134-137"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"90612244","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-01DOI: 10.1109/HST.2018.8383913
Anubhab Baksi, S. Bhasin, J. Breier, Mustafa Khairallah, Thomas Peyrin
In this article, we propose a new method to protect block cipher implementations against Differential Fault Attacks (DFA). Our strategy, so-called “Tweak-in-Plaintext”, ensures that an uncontrolled value ('tweak-in') is inserted into some part of the block cipher plaintext, thus effectively rendering DFA much harder to perform. Our method is extremely simple yet presents many advantages when compared to previous solutions proposed at AFRICACRYPT 2010 or CARDIS 2015. Firstly, we do not need any Tweakable block cipher, nor any related-key security assumption (we do not perform any re-keying). Moreover, performance for lightweight applications is improved, and we do not need to send any extra data. Finally, our scheme can be directly used with standard block ciphers such as AES or PRESENT. Experimental results show that the throughput overheads, for incorporating our scheme into AES-128, range between χ 5% to χ 26.9% for software, and between χ 3.1% to χ 25% for hardware implementations; depending on the tweak-in size.
{"title":"Protecting block ciphers against differential fault attacks without re-keying","authors":"Anubhab Baksi, S. Bhasin, J. Breier, Mustafa Khairallah, Thomas Peyrin","doi":"10.1109/HST.2018.8383913","DOIUrl":"https://doi.org/10.1109/HST.2018.8383913","url":null,"abstract":"In this article, we propose a new method to protect block cipher implementations against Differential Fault Attacks (DFA). Our strategy, so-called “Tweak-in-Plaintext”, ensures that an uncontrolled value ('tweak-in') is inserted into some part of the block cipher plaintext, thus effectively rendering DFA much harder to perform. Our method is extremely simple yet presents many advantages when compared to previous solutions proposed at AFRICACRYPT 2010 or CARDIS 2015. Firstly, we do not need any Tweakable block cipher, nor any related-key security assumption (we do not perform any re-keying). Moreover, performance for lightweight applications is improved, and we do not need to send any extra data. Finally, our scheme can be directly used with standard block ciphers such as AES or PRESENT. Experimental results show that the throughput overheads, for incorporating our scheme into AES-128, range between χ 5% to χ 26.9% for software, and between χ 3.1% to χ 25% for hardware implementations; depending on the tweak-in size.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"34 1","pages":"191-194"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"81153638","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-01DOI: 10.1109/HST.2018.8383887
Nikolay Matyunin, Jakub Szefer, S. Katzenbeisser
Adversaries today can embed tracking identifiers into ultrasonic sound and covertly transmit them between devices without users realizing that this is happening. To prevent such emerging privacy risks, mobile applications now require a request for an explicit user permission, at run-time, to get access to a device's microphone. In this paper, however, we show that current defenses are not enough. We introduce a novel approach to acoustic cross-device tracking, which does not require microphone access, but instead exploits the susceptibility of MEMS gyroscopes to acoustic vibrations at specific (ultrasonic) frequencies. Currently, no permissions are needed to access the gyroscope's data, and the gyroscope can be accessed from apps or even from a web browser. In this manner, gyroscopes in modern smartphones and smartwatches can be used as zero-permission receivers of ultrasonic signals, making cross-device tracking completely unnoticeable to users. We evaluate our approach on several mobile devices using different audio hardware, achieving 10–20bit/s transmission bandwidth at distances from 35cm to 16m in realistic attack scenarios. Finally, we discuss potential countermeasures against the presented attack.
{"title":"Zero-permission acoustic cross-device tracking","authors":"Nikolay Matyunin, Jakub Szefer, S. Katzenbeisser","doi":"10.1109/HST.2018.8383887","DOIUrl":"https://doi.org/10.1109/HST.2018.8383887","url":null,"abstract":"Adversaries today can embed tracking identifiers into ultrasonic sound and covertly transmit them between devices without users realizing that this is happening. To prevent such emerging privacy risks, mobile applications now require a request for an explicit user permission, at run-time, to get access to a device's microphone. In this paper, however, we show that current defenses are not enough. We introduce a novel approach to acoustic cross-device tracking, which does not require microphone access, but instead exploits the susceptibility of MEMS gyroscopes to acoustic vibrations at specific (ultrasonic) frequencies. Currently, no permissions are needed to access the gyroscope's data, and the gyroscope can be accessed from apps or even from a web browser. In this manner, gyroscopes in modern smartphones and smartwatches can be used as zero-permission receivers of ultrasonic signals, making cross-device tracking completely unnoticeable to users. We evaluate our approach on several mobile devices using different audio hardware, achieving 10–20bit/s transmission bandwidth at distances from 35cm to 16m in realistic attack scenarios. Finally, we discuss potential countermeasures against the presented attack.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"27 1","pages":"25-32"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"87963750","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2018-04-01DOI: 10.1109/HST.2018.8383885
Xavier Carpent, Norrathep Rattanavipanon, G. Tsudik
Remote Attestation (RA) is a popular means of detecting malware presence on embedded and IoT devices. It is especially relevant to low-end devices that are incapable of protecting themselves against infection. Malware that is aware of ongoing or impending RA and aims to avoid detection can relocate itself during computation of the attestation measurement. In order to thwart such behavior, prior RA techniques are either non-interruptible or explicitly forbid modification of storage during measurement computation. However, since the latter can be a time-consuming task, this curtails availability of device's other (main) functions, which is especially undesirable, or even dangerous, for devices with time-and/or safety-critical missions. In this paper, we propose SMARM, a light-weight technique, based on shuffled measurements, as a defense against roving malware. In SMARM, memory is measured in a randomized and secret order. This does not impact device's availability — the measurement process can be interrupted, even by malware, which can relocate itself at will. We analyze various malware behaviors and show that, while malware can escape detection in a single attestation instance, it is highly unlikely to avoid eventual detection.
{"title":"Remote attestation of IoT devices via SMARM: Shuffled measurements against roving malware","authors":"Xavier Carpent, Norrathep Rattanavipanon, G. Tsudik","doi":"10.1109/HST.2018.8383885","DOIUrl":"https://doi.org/10.1109/HST.2018.8383885","url":null,"abstract":"Remote Attestation (RA) is a popular means of detecting malware presence on embedded and IoT devices. It is especially relevant to low-end devices that are incapable of protecting themselves against infection. Malware that is aware of ongoing or impending RA and aims to avoid detection can relocate itself during computation of the attestation measurement. In order to thwart such behavior, prior RA techniques are either non-interruptible or explicitly forbid modification of storage during measurement computation. However, since the latter can be a time-consuming task, this curtails availability of device's other (main) functions, which is especially undesirable, or even dangerous, for devices with time-and/or safety-critical missions. In this paper, we propose SMARM, a light-weight technique, based on shuffled measurements, as a defense against roving malware. In SMARM, memory is measured in a randomized and secret order. This does not impact device's availability — the measurement process can be interrupted, even by malware, which can relocate itself at will. We analyze various malware behaviors and show that, while malware can escape detection in a single attestation instance, it is highly unlikely to avoid eventual detection.","PeriodicalId":6574,"journal":{"name":"2018 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"166 1","pages":"9-16"},"PeriodicalIF":0.0,"publicationDate":"2018-04-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"77540981","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: