Co-residency of virtual machines(VMs) of different tenants on the same physical platform would possibly lead to cross-VM side-channel attacks in the cloud. While most of current countermeasures fail for real or immedi...Co-residency of virtual machines(VMs) of different tenants on the same physical platform would possibly lead to cross-VM side-channel attacks in the cloud. While most of current countermeasures fail for real or immediate deployment due to their requirement for modification of virtualization structure, we adopt dynamic migration, an inherent mechanism of the cloud platform, as a general defense against this kind of threats. To this end, we first set up a unified practical information leakage model which shows the factors affecting side channels and describes the way they influence the damage due to side-channel attacks. Since migration is adopted to limit the time duration of co-residency, we envision this defense as an optimization problem by setting up an Integer Linear Programming(ILP) to calculate optimal migration strategy, which is intractable due to high computational complexity. Therefore, we approximate the ILP with a baseline genetic algorithm, which is further improved for its optimality and scalability. Experimental results show that our migration-based defense can not only provide excellent security guarantees and affordable performance cost in both theoretical simulation and practical cloud environment, but also achieve better optimality and scalability than previous countermeasures.展开更多
A side-channel attack(SCA)-resistant AES S-box implementation is proposed,which is an improvement from the power-aware hiding(PAH)S-box but with higher security and a smaller area.We use the composite field approach a...A side-channel attack(SCA)-resistant AES S-box implementation is proposed,which is an improvement from the power-aware hiding(PAH)S-box but with higher security and a smaller area.We use the composite field approach and apply the PAH method to the inversion in the nonlinear kernel and a masking method to the other parts.In addition,a delaymatched enable control technique is used to suppress glitches in the masked parts.The evaluation results show that its area is contracted to 63.3%of the full PAH S-box,and its power-delay product is much lower than that of the masking implementation.The leakage assessment using simulation power traces concludes that it has no detectable leakage under t-test and that it at least can thwart the moment-correlation analysis using 665000 noiseless traces.展开更多
Side-channel attacks (SCA) may exploit leakage information to break cryptosystems. In this paper we present a new SCA resistant Elliptic Curve scalar multiplication algorithm. The proposed algorithm, builds a sequen...Side-channel attacks (SCA) may exploit leakage information to break cryptosystems. In this paper we present a new SCA resistant Elliptic Curve scalar multiplication algorithm. The proposed algorithm, builds a sequence of bit-strings representing the scalar k, characterized by the fact that all bit-strings are different from zero; this property will ensure a uniform computation behavior for the algorithm, and thus will make it secure against simple power analysis attacks (SPA). With other randomization techniques, the proposed countermeasures do not penalize the computation time. The proposed scheme is more efficient than MOEller's one, its cost being about 5% to 10% smaller than MOEller's one.展开更多
Side-channel attacks based on supervised learning require that the attacker have complete control over the cryptographic device and obtain a large number of labeled power traces.However,in real life,this requirement i...Side-channel attacks based on supervised learning require that the attacker have complete control over the cryptographic device and obtain a large number of labeled power traces.However,in real life,this requirement is usually not met.In this paper,an attack algorithm based on collaborative learning is proposed.The algorithm only needs to use a small number of labeled power traces to cooperate with the unlabeled power trace to realize the attack to cryptographic device.By experimenting with the DPA contest V4 dataset,the results show that the algorithm can improve the accuracy by about 20%compared with the pure supervised learning in the case of using only 10 labeled power traces.展开更多
Side-channel attacks have recently progressed into software-induced attacks.In particular,a rowhammer attack,which exploits the characteristics of dynamic random access memory(DRAM),can quickly and continuously access...Side-channel attacks have recently progressed into software-induced attacks.In particular,a rowhammer attack,which exploits the characteristics of dynamic random access memory(DRAM),can quickly and continuously access the cells as the cell density of DRAM increases,thereby generating a disturbance error affecting the neighboring cells,resulting in bit flips.Although a rowhammer attack is a highly sophisticated attack in which disturbance errors are deliberately generated into data bits,it has been reported that it can be exploited on various platforms such as mobile devices,web browsers,and virtual machines.Furthermore,there have been studies on bypassing the defense measures of DRAM manufacturers and the like to respond to rowhammer attacks.A rowhammer attack can control user access and compromise the integrity of sensitive data with attacks such as a privilege escalation and an alteration of the encryption keys.In an attempt to mitigate a rowhammer attack,various hardware-and software-based mitigation techniques are being studied,but there are limitations in that the research methods do not detect the rowhammer attack in advance,causing overhead or degradation of the system performance.Therefore,in this study,a rowhammer attack detection technique is proposed by extracting common features of rowhammer attack files through a static analysis of rowhammer attack codes.展开更多
Protocol tunneling is widely used to add security and/or privacy to Internet applications. Recent research has exposed side channel vulnerabilities that leak information about tunneled protocols. We first discuss the ...Protocol tunneling is widely used to add security and/or privacy to Internet applications. Recent research has exposed side channel vulnerabilities that leak information about tunneled protocols. We first discuss the timing side channels that have been found in protocol tunneling tools. We then show how to infer Hidden Markov models (HMMs) of network protocols from timing data and use the HMMs to detect when protocols are active. Unlike previous work, the HMM approach we present requires no a priori knowledge of the protocol. To illustrate the utility of this approach, we detect the use of English or Italian in interactive SSH sessions. For this example application, keystroke-timing data associates inter-packet delays with keystrokes. We first use clustering to extract discrete information from continuous timing data. We use discrete symbols to infer a HMM model, and finally use statistical tests to determine if the observed timing is consistent with the language typing statistics. In our tests, if the correct window size is used, fewer than 2% of data windows are incorrectly identified. Experimental verification shows that on-line detection of language use in interactive encrypted protocol tunnels is reliable. We compare maximum likelihood and statistical hypothesis testing for detecting protocol tunneling. We also discuss how this approach is useful in monitoring mix networks like The Onion Router (Tor).展开更多
Timing attack is an attack on the implementation of a cryptographic primitive. The attack collects leaked secret data via certain implementation techniques either on software or hardware. This paper provides an analys...Timing attack is an attack on the implementation of a cryptographic primitive. The attack collects leaked secret data via certain implementation techniques either on software or hardware. This paper provides an analysis of a theoretical timing attack on the AAβ algorithm. The attack discussed in this paper gives avenues for secure implementation of AAβ against timing attacks. The simulation of the attack is important to provide invulnerability features for the algorithm in order to be implemented and embedded on applications. At the end of the attack, a method to overcome it will be introduced and it is called AAβ blinding.展开更多
Side-channel analysis(SCA)has become an increasing important method to assess the physical security of cryptographic systems.In the process of SCA,the number of attack data directly determines the performance of SCA.W...Side-channel analysis(SCA)has become an increasing important method to assess the physical security of cryptographic systems.In the process of SCA,the number of attack data directly determines the performance of SCA.With sufficient attack data,the adversary can achieve a successful SCA.However,in reality,the cryptographic device may be protected with some countermeasures to limit the number of encryptions using the same key.In this case,the adversary cannot use casual numbers of data to perform SCA.The performance of SCA will be severely dropped if the attack traces are insufficient.In this paper,we introduce wavelet scatter transform(WST)and short-time fourier transform(STFT)to non-profiled side-channel analysis domains,to improve the performance of side-channel attacks in the context of insufficient data.We design a practical framework to provide suitable parameters for WST/STFT-based SCA.Using the proposed method,the WST/STFT-based SCA method can significantly enhance the performance and robustness of non-profiled SCA.The practical attacks against four public datasets show that the proposed method is able to achieve more robust performance.Compared with the original correlation power analysis(CPA),the number of attack data can be reduced by 50–95%.展开更多
The Internet of Things (IoT) has become a reality: Healthcare, smart cities, intelligent manufacturing, e-agriculture, real-time traffic controls, environment monitoring, camera security systems, etc. are developing s...The Internet of Things (IoT) has become a reality: Healthcare, smart cities, intelligent manufacturing, e-agriculture, real-time traffic controls, environment monitoring, camera security systems, etc. are developing services that rely on an IoT infrastructure. Thus, ensuring the security of devices during operation and information exchange becomes a fundamental requirement inherent in providing safe and reliable IoT services. NIST requires hardware implementations that are protected against SCAs for the lightweight cryptography standardization process. These attacks are powerful and non-invasive and rely on observing the physical properties of IoT hardware devices to obtain secret information. In this paper, we present a survey of research on hardware security for the IoT. In addition, the challenges of IoT in the quantum era with the first results of the NIST standardization process for post-quantum cryptography are discussed.展开更多
There has been a growing interest in the sidechannel analysis(SCA)field based on deep learning(DL)technology.Various DL network or model has been developed to improve the efficiency of SCA.However,few studies have inv...There has been a growing interest in the sidechannel analysis(SCA)field based on deep learning(DL)technology.Various DL network or model has been developed to improve the efficiency of SCA.However,few studies have investigated the impact of the different models on attack results and the exact relationship between power consumption traces and intermediate values.Based on the convolutional neural network and the autoencoder,this paper proposes a Template Analysis Pre-trained DL Classification model named TAPDC which contains three sub-networks.The TAPDC model detects the periodicity of power trace,relating power to the intermediate values and mining the deeper features by the multi-layer convolutional net.We implement the TAPDC model and compare it with two classical models in a fair experiment.The evaluative results show that the TAPDC model with autoencoder and deep convolution feature extraction structure in SCA can more effectively extract information from power consumption trace.Also,Using the classifier layer,this model links power information to the probability of intermediate value.It completes the conversion from power trace to intermediate values and greatly improves the efficiency of the power attack.展开更多
In order to improve the efficiency and success rate of the side channel attack,the utility of side channel information of the attack object must be analyzed and evaluated before the attack implementation.Based on the ...In order to improve the efficiency and success rate of the side channel attack,the utility of side channel information of the attack object must be analyzed and evaluated before the attack implementation.Based on the study of side-channel attack techniques,a method is proposed in this paper to analyze and evaluate the utility of side channel information and the evaluation indexes of comentropy,Signal-to-Noise Ratio(SNR)are introduced.On this basis,the side channel information(power and electromagnetic)of a side channel attack experiment board is analyzed and evaluated,and the Data Encryption Standard(DES)cipher algorithm is attacked with the differential power attack method and differential electromagnetic attack method.The attack results show the effectiveness of the analysis and evaluation method proposed in this paper.展开更多
Co-residency of different tenants’ virtual machines(VMs) in cloud provides a good chance for side-channel attacks, which results in information leakage. However, most of current defense suffers from the generality or...Co-residency of different tenants’ virtual machines(VMs) in cloud provides a good chance for side-channel attacks, which results in information leakage. However, most of current defense suffers from the generality or compatibility problem, thus failing in immediate real-world deployment. VM migration, an inherit mechanism of cloud systems, envisions a promising countermeasure, which limits co-residency by moving VMs between servers. Therefore, we first set up a unified practical adversary model, where the attacker focuses on effective side channels. Then we propose Driftor, a new cloud system that contains VMs of a multi-executor structure where only one executor is active to provide service through a proxy, thus reducing possible information leakage. Active state is periodically switched between executors to simulate defensive effect of VM migration. To enhance the defense, real VM migration is enabled at the same time. Instead of solving the migration satisfiability problem with intractable CIRCUIT-SAT, a greedy-like heuristic algorithm is proposed to search for a viable solution by gradually expanding an initial has-to-migrate set of VMs. Experimental results show that Driftor can not only defend against practical fast side-channel attack, but also bring about reasonable impacts on real-world cloud applications.展开更多
Existing Side-Channel Attacks (SCAs) have several limitations and, rather than to be real attack methods, can only be considered to be security evaluation methods. Their limitations are mainly related to the samplin...Existing Side-Channel Attacks (SCAs) have several limitations and, rather than to be real attack methods, can only be considered to be security evaluation methods. Their limitations are mainly related to the sampling conditions, such as the trigger signal embedded in the source code of the encryption device, and the acquisition device that serves as the encryption-device controller. Apart from it being very difficult for an attacker to add a trigger into the original design before making an attack or to control the encryption device, there is a big gap in the capacity of existing SCAs to pose real threats to cipher devices. In this paper, we propose a new method, the sliding window SCA (SW-SCA), which can be applied in scenarios in which the acquisition device is independent of the encryption device and for which the encryption source code requires no trigger signal or modification. First, we describe the main issues in existing SCAs, then we theoretically analyze the effectiveness and complexity of our proposed SW-SCA --a method that can incorporate a sliding-window mechanism into almost all of the existing non-profiled SCAs. The experimental results for both simulated and physical traces verify the effectiveness of the SW-SCA and the appropriateness of its theoretical complexity.展开更多
The security of modular power algorithm is a very important research topic, which is the core operation of public key cryptography algorithm. Since the first timing attack was public in 1996, the attacker can exploit ...The security of modular power algorithm is a very important research topic, which is the core operation of public key cryptography algorithm. Since the first timing attack was public in 1996, the attacker can exploit time differences between specific events to recover a secret key. In 2016, Dugardin took advantage of extra reductions to attack a regular exponentiation algorithm, which did not entirely adapt the fixed window method with Montgomery’s algorithm. The central thesis of this paper is that there exists a positive correlation between extra reductions of pre-computation and post-computation when the calculation has the same multiplier factor. In this article, basing on this dependency we present an attack method, and confirm the feasibility and effectiveness of it by conducting simulation experiments. Experimental results verify that the method can effectively attack modular power algorithm.展开更多
Fault analysis is a frequently used side-channel attack for cryptanalysis.However,existing fault attack methods usually involve complex fault fusion analysis or computation-intensive statistical analysis of massive fa...Fault analysis is a frequently used side-channel attack for cryptanalysis.However,existing fault attack methods usually involve complex fault fusion analysis or computation-intensive statistical analysis of massive fault traces.In this work,we take a property-based formal verification approach to fault analysis.We derive fine-grained formal models for automatic fault propagation and fusion,which establish a mathematical foundation for precise measurement and formal reasoning of fault effects.We extract the correlations in fault effects in order to create properties for fault verification.We further propose a method for key recovery,by formally checking when the extracted properties can be satisfied with partial keys as the search variables.Experimental results using both unprotected and masked advanced encryption standard(AES)implementations show that our method has a key search complexity of 216,which only requires two correct and faulty ciphertext pairs to determine the secret key,and does not assume knowledge about fault location or pattern.展开更多
In modern computer systems,user processes are isolated from each other by the operating system and the hardware.Additionally,in a cloud scenario it is crucial that the hypervisor isolates tenants from other tenants th...In modern computer systems,user processes are isolated from each other by the operating system and the hardware.Additionally,in a cloud scenario it is crucial that the hypervisor isolates tenants from other tenants that are co-located on the same physical machine.However,the hypervisor does not protect tenants against the cloud provider and thus,the supplied operating system and hardware.Intel SGX provides a mechanism that addresses this scenario.It aims at protecting user-level software from attacks from other processes,the operating system,and even physical attackers.In this paper,we demonstrate fine-grained software-based side-channel attacks from a malicious SGX enclave targeting co-located enclaves.Our attack is the first malware running on real SGX hardware,abusing SGX protection features to conceal itself.Furthermore,we demonstrate our attack both in a native environment and across multiple Docker containers.We perform a Prime+Probe cache side-channel attack on a co-located SGX enclave running an up-to-date RSA implementation that uses a constant-time multiplication primitive.The attack works,although in SGX enclaves,there are no timers,no large pages,no physical addresses,and no shared memory.In a semi-synchronous attack,we extract 96%of an RSA private key from a single trace.We extract the full RSA private key in an automated attack from 11 traces within 5 min.展开更多
基金supported by the National Key Research and Development Program of China (2018YFB0804004)the Foundation of the National Natural Science Foundation of China (61602509)+1 种基金the Foundation for Innovative Research Groups of the National Natural Science Foundation of China (61521003)the Key Technologies Research and Development Program of Henan Province of China (172102210615)
文摘Co-residency of virtual machines(VMs) of different tenants on the same physical platform would possibly lead to cross-VM side-channel attacks in the cloud. While most of current countermeasures fail for real or immediate deployment due to their requirement for modification of virtualization structure, we adopt dynamic migration, an inherent mechanism of the cloud platform, as a general defense against this kind of threats. To this end, we first set up a unified practical information leakage model which shows the factors affecting side channels and describes the way they influence the damage due to side-channel attacks. Since migration is adopted to limit the time duration of co-residency, we envision this defense as an optimization problem by setting up an Integer Linear Programming(ILP) to calculate optimal migration strategy, which is intractable due to high computational complexity. Therefore, we approximate the ILP with a baseline genetic algorithm, which is further improved for its optimality and scalability. Experimental results show that our migration-based defense can not only provide excellent security guarantees and affordable performance cost in both theoretical simulation and practical cloud environment, but also achieve better optimality and scalability than previous countermeasures.
基金This work was supported by the National Science and Technology Major Project of China(2017ZX01030301).
文摘A side-channel attack(SCA)-resistant AES S-box implementation is proposed,which is an improvement from the power-aware hiding(PAH)S-box but with higher security and a smaller area.We use the composite field approach and apply the PAH method to the inversion in the nonlinear kernel and a masking method to the other parts.In addition,a delaymatched enable control technique is used to suppress glitches in the masked parts.The evaluation results show that its area is contracted to 63.3%of the full PAH S-box,and its power-delay product is much lower than that of the masking implementation.The leakage assessment using simulation power traces concludes that it has no detectable leakage under t-test and that it at least can thwart the moment-correlation analysis using 665000 noiseless traces.
基金Supported by the National Natural ScienceFoundation of China (60473029)
文摘Side-channel attacks (SCA) may exploit leakage information to break cryptosystems. In this paper we present a new SCA resistant Elliptic Curve scalar multiplication algorithm. The proposed algorithm, builds a sequence of bit-strings representing the scalar k, characterized by the fact that all bit-strings are different from zero; this property will ensure a uniform computation behavior for the algorithm, and thus will make it secure against simple power analysis attacks (SPA). With other randomization techniques, the proposed countermeasures do not penalize the computation time. The proposed scheme is more efficient than MOEller's one, its cost being about 5% to 10% smaller than MOEller's one.
文摘Side-channel attacks based on supervised learning require that the attacker have complete control over the cryptographic device and obtain a large number of labeled power traces.However,in real life,this requirement is usually not met.In this paper,an attack algorithm based on collaborative learning is proposed.The algorithm only needs to use a small number of labeled power traces to cooperate with the unlabeled power trace to realize the attack to cryptographic device.By experimenting with the DPA contest V4 dataset,the results show that the algorithm can improve the accuracy by about 20%compared with the pure supervised learning in the case of using only 10 labeled power traces.
基金supported by a National Research Foundation of Korea(NRF)Grant funded by the Korean government(MSIT)(No.NRF-2017R1E1A1A01075110).
文摘Side-channel attacks have recently progressed into software-induced attacks.In particular,a rowhammer attack,which exploits the characteristics of dynamic random access memory(DRAM),can quickly and continuously access the cells as the cell density of DRAM increases,thereby generating a disturbance error affecting the neighboring cells,resulting in bit flips.Although a rowhammer attack is a highly sophisticated attack in which disturbance errors are deliberately generated into data bits,it has been reported that it can be exploited on various platforms such as mobile devices,web browsers,and virtual machines.Furthermore,there have been studies on bypassing the defense measures of DRAM manufacturers and the like to respond to rowhammer attacks.A rowhammer attack can control user access and compromise the integrity of sensitive data with attacks such as a privilege escalation and an alteration of the encryption keys.In an attempt to mitigate a rowhammer attack,various hardware-and software-based mitigation techniques are being studied,but there are limitations in that the research methods do not detect the rowhammer attack in advance,causing overhead or degradation of the system performance.Therefore,in this study,a rowhammer attack detection technique is proposed by extracting common features of rowhammer attack files through a static analysis of rowhammer attack codes.
文摘Protocol tunneling is widely used to add security and/or privacy to Internet applications. Recent research has exposed side channel vulnerabilities that leak information about tunneled protocols. We first discuss the timing side channels that have been found in protocol tunneling tools. We then show how to infer Hidden Markov models (HMMs) of network protocols from timing data and use the HMMs to detect when protocols are active. Unlike previous work, the HMM approach we present requires no a priori knowledge of the protocol. To illustrate the utility of this approach, we detect the use of English or Italian in interactive SSH sessions. For this example application, keystroke-timing data associates inter-packet delays with keystrokes. We first use clustering to extract discrete information from continuous timing data. We use discrete symbols to infer a HMM model, and finally use statistical tests to determine if the observed timing is consistent with the language typing statistics. In our tests, if the correct window size is used, fewer than 2% of data windows are incorrectly identified. Experimental verification shows that on-line detection of language use in interactive encrypted protocol tunnels is reliable. We compare maximum likelihood and statistical hypothesis testing for detecting protocol tunneling. We also discuss how this approach is useful in monitoring mix networks like The Onion Router (Tor).
文摘Timing attack is an attack on the implementation of a cryptographic primitive. The attack collects leaked secret data via certain implementation techniques either on software or hardware. This paper provides an analysis of a theoretical timing attack on the AAβ algorithm. The attack discussed in this paper gives avenues for secure implementation of AAβ against timing attacks. The simulation of the attack is important to provide invulnerability features for the algorithm in order to be implemented and embedded on applications. At the end of the attack, a method to overcome it will be introduced and it is called AAβ blinding.
基金This work is supported in part by National Key R&D Program of China(No.2022YFB3103800)National Natural Science Foundation of China(No.U1936209,No.62002353,No.62202231 and No.62202230)+2 种基金China Postdoctoral Science Foundation(No.2021M701726)Jiangsu Funding Program for Excellent Postdoctoral Talent(No.2022ZB270)Yunnan Provincial Major Science and Technology Special Plan Projects(No.202103AA080015).
文摘Side-channel analysis(SCA)has become an increasing important method to assess the physical security of cryptographic systems.In the process of SCA,the number of attack data directly determines the performance of SCA.With sufficient attack data,the adversary can achieve a successful SCA.However,in reality,the cryptographic device may be protected with some countermeasures to limit the number of encryptions using the same key.In this case,the adversary cannot use casual numbers of data to perform SCA.The performance of SCA will be severely dropped if the attack traces are insufficient.In this paper,we introduce wavelet scatter transform(WST)and short-time fourier transform(STFT)to non-profiled side-channel analysis domains,to improve the performance of side-channel attacks in the context of insufficient data.We design a practical framework to provide suitable parameters for WST/STFT-based SCA.Using the proposed method,the WST/STFT-based SCA method can significantly enhance the performance and robustness of non-profiled SCA.The practical attacks against four public datasets show that the proposed method is able to achieve more robust performance.Compared with the original correlation power analysis(CPA),the number of attack data can be reduced by 50–95%.
文摘The Internet of Things (IoT) has become a reality: Healthcare, smart cities, intelligent manufacturing, e-agriculture, real-time traffic controls, environment monitoring, camera security systems, etc. are developing services that rely on an IoT infrastructure. Thus, ensuring the security of devices during operation and information exchange becomes a fundamental requirement inherent in providing safe and reliable IoT services. NIST requires hardware implementations that are protected against SCAs for the lightweight cryptography standardization process. These attacks are powerful and non-invasive and rely on observing the physical properties of IoT hardware devices to obtain secret information. In this paper, we present a survey of research on hardware security for the IoT. In addition, the challenges of IoT in the quantum era with the first results of the NIST standardization process for post-quantum cryptography are discussed.
基金This research was supported by the National Natural Science Foundation of China(Grant No.61572174)Hunan Province Special Funds of Central Government for Guiding Local Science and Technology Development(2018CT5001)+4 种基金Hunan Provincial Natural Science Foundation of China(2019JJ60004)the Scientific Research Fund of Hunan Provincial Education Department with(19A072)Subject group construction project of Hengyang Normal University(18XKQ02)Application-oriented Special Disciplines,Double First-Class University Project of Hunan Province(Xiangjiaotong[2018]469)the Science and Technology Plan Project of Hunan Province(2016TP1020).
文摘There has been a growing interest in the sidechannel analysis(SCA)field based on deep learning(DL)technology.Various DL network or model has been developed to improve the efficiency of SCA.However,few studies have investigated the impact of the different models on attack results and the exact relationship between power consumption traces and intermediate values.Based on the convolutional neural network and the autoencoder,this paper proposes a Template Analysis Pre-trained DL Classification model named TAPDC which contains three sub-networks.The TAPDC model detects the periodicity of power trace,relating power to the intermediate values and mining the deeper features by the multi-layer convolutional net.We implement the TAPDC model and compare it with two classical models in a fair experiment.The evaluative results show that the TAPDC model with autoencoder and deep convolution feature extraction structure in SCA can more effectively extract information from power consumption trace.Also,Using the classifier layer,this model links power information to the probability of intermediate value.It completes the conversion from power trace to intermediate values and greatly improves the efficiency of the power attack.
文摘In order to improve the efficiency and success rate of the side channel attack,the utility of side channel information of the attack object must be analyzed and evaluated before the attack implementation.Based on the study of side-channel attack techniques,a method is proposed in this paper to analyze and evaluate the utility of side channel information and the evaluation indexes of comentropy,Signal-to-Noise Ratio(SNR)are introduced.On this basis,the side channel information(power and electromagnetic)of a side channel attack experiment board is analyzed and evaluated,and the Data Encryption Standard(DES)cipher algorithm is attacked with the differential power attack method and differential electromagnetic attack method.The attack results show the effectiveness of the analysis and evaluation method proposed in this paper.
基金the National Natural Science Foundation of China (Nos. 61521003 and 61602509)the National Key Research and Development Program of China (Nos. 2016YFB0800100 and 2016YFB0800101)the Key Technologies Research and Development Program of Henan Province of China (No. 172102210615).
文摘Co-residency of different tenants’ virtual machines(VMs) in cloud provides a good chance for side-channel attacks, which results in information leakage. However, most of current defense suffers from the generality or compatibility problem, thus failing in immediate real-world deployment. VM migration, an inherit mechanism of cloud systems, envisions a promising countermeasure, which limits co-residency by moving VMs between servers. Therefore, we first set up a unified practical adversary model, where the attacker focuses on effective side channels. Then we propose Driftor, a new cloud system that contains VMs of a multi-executor structure where only one executor is active to provide service through a proxy, thus reducing possible information leakage. Active state is periodically switched between executors to simulate defensive effect of VM migration. To enhance the defense, real VM migration is enabled at the same time. Instead of solving the migration satisfiability problem with intractable CIRCUIT-SAT, a greedy-like heuristic algorithm is proposed to search for a viable solution by gradually expanding an initial has-to-migrate set of VMs. Experimental results show that Driftor can not only defend against practical fast side-channel attack, but also bring about reasonable impacts on real-world cloud applications.
基金upported by the National Natural Science Foundation of China (No. 61472292)the Technological Innovation of Hubei Province (No. 2018AAA046)the Key Technology Research of New-Generation HighSpeed and High-Level Security Chip for Smart Grid (No. 526816160015)
文摘Existing Side-Channel Attacks (SCAs) have several limitations and, rather than to be real attack methods, can only be considered to be security evaluation methods. Their limitations are mainly related to the sampling conditions, such as the trigger signal embedded in the source code of the encryption device, and the acquisition device that serves as the encryption-device controller. Apart from it being very difficult for an attacker to add a trigger into the original design before making an attack or to control the encryption device, there is a big gap in the capacity of existing SCAs to pose real threats to cipher devices. In this paper, we propose a new method, the sliding window SCA (SW-SCA), which can be applied in scenarios in which the acquisition device is independent of the encryption device and for which the encryption source code requires no trigger signal or modification. First, we describe the main issues in existing SCAs, then we theoretically analyze the effectiveness and complexity of our proposed SW-SCA --a method that can incorporate a sliding-window mechanism into almost all of the existing non-profiled SCAs. The experimental results for both simulated and physical traces verify the effectiveness of the SW-SCA and the appropriateness of its theoretical complexity.
文摘The security of modular power algorithm is a very important research topic, which is the core operation of public key cryptography algorithm. Since the first timing attack was public in 1996, the attacker can exploit time differences between specific events to recover a secret key. In 2016, Dugardin took advantage of extra reductions to attack a regular exponentiation algorithm, which did not entirely adapt the fixed window method with Montgomery’s algorithm. The central thesis of this paper is that there exists a positive correlation between extra reductions of pre-computation and post-computation when the calculation has the same multiplier factor. In this article, basing on this dependency we present an attack method, and confirm the feasibility and effectiveness of it by conducting simulation experiments. Experimental results verify that the method can effectively attack modular power algorithm.
基金supported by the National Key R&D Program of China(No.2021YFB3100901)the National Natural Science Foundation of China(Nos.62074131 and 62004176).
文摘Fault analysis is a frequently used side-channel attack for cryptanalysis.However,existing fault attack methods usually involve complex fault fusion analysis or computation-intensive statistical analysis of massive fault traces.In this work,we take a property-based formal verification approach to fault analysis.We derive fine-grained formal models for automatic fault propagation and fusion,which establish a mathematical foundation for precise measurement and formal reasoning of fault effects.We extract the correlations in fault effects in order to create properties for fault verification.We further propose a method for key recovery,by formally checking when the extracted properties can be satisfied with partial keys as the search variables.Experimental results using both unprotected and masked advanced encryption standard(AES)implementations show that our method has a key search complexity of 216,which only requires two correct and faulty ciphertext pairs to determine the secret key,and does not assume knowledge about fault location or pattern.
基金This project has received funding from the European Research Council(ERC)under the European Union’s Horizon 2020 research and innovation programme(grant agreement No 681402)This work was partially supported by the TU Graz LEAD project“Dependable Internet of Things in Adverse Environments”.
文摘In modern computer systems,user processes are isolated from each other by the operating system and the hardware.Additionally,in a cloud scenario it is crucial that the hypervisor isolates tenants from other tenants that are co-located on the same physical machine.However,the hypervisor does not protect tenants against the cloud provider and thus,the supplied operating system and hardware.Intel SGX provides a mechanism that addresses this scenario.It aims at protecting user-level software from attacks from other processes,the operating system,and even physical attackers.In this paper,we demonstrate fine-grained software-based side-channel attacks from a malicious SGX enclave targeting co-located enclaves.Our attack is the first malware running on real SGX hardware,abusing SGX protection features to conceal itself.Furthermore,we demonstrate our attack both in a native environment and across multiple Docker containers.We perform a Prime+Probe cache side-channel attack on a co-located SGX enclave running an up-to-date RSA implementation that uses a constant-time multiplication primitive.The attack works,although in SGX enclaves,there are no timers,no large pages,no physical addresses,and no shared memory.In a semi-synchronous attack,we extract 96%of an RSA private key from a single trace.We extract the full RSA private key in an automated attack from 11 traces within 5 min.
