Secure and efficient elliptic curve cryptography resists side-channel attacks

An embedded cryptosystem needs higher reconfiguration capability and security. After analyzing the newly emerging side-channel attacks on elliptic curve cryptosystem （ECC）, an efficient fractional width-w NAF （FWNAF） algorithm is proposed to secure ECC scalar multiplication from these attacks. This algorithm adopts the fractional window method and probabilistic SPA scheme to reconfigure the pre-computed table, and it allows designers to make a dynamic configuration on pre-computed table. And then, it is enhanced to resist SPA, DPA, RPA and ZPA attacks by using the random masking method. Compared with the WBRIP and EBRIP methods, our proposals has the lowest total computation cost and reduce the shake phenomenon due to sharp fluctuation on computation performance.

Invariant of Enhanced AES Algorithm Implementations Against Power Analysis Attacks

The security of Internet of Things(IoT)is a challenging task for researchers due to plethora of IoT networks.Side Channel Attacks(SCA)are one of the major concerns.The prime objective of SCA is to acquire the information by observing the power consumption,electromagnetic(EM)field,timing analysis,and acoustics of the device.Later,the attackers perform statistical functions to recover the key.Advanced Encryption Standard(AES)algorithm has proved to be a good security solution for constrained IoT devices.This paper implements a simulation model which is used to modify theAES algorithm using logicalmasking properties.This invariant of the AES algorithm hides the array of bits during substitution byte transformation of AES.This model is used against SCAand particularly Power Analysis Attacks(PAAs).Simulation model is designed on MATLAB simulator.Results will give better solution by hiding power profiles of the IoT devices against PAAs.In future,the lightweight AES algorithm with false key mechanisms and power reduction techniques such as wave dynamic differential logic(WDDL)will be used to safeguard IoT devices against side channel attacks by using Arduino and field programmable gate array(FPGA).

Adaptive multilevel fuzzy-based authentication framework to mitigate Cache side channel attack in cloud computing

Cloud computing supports multitenancy to satisfy the users’demands for accessing resources and simultaneously it increases revenue for cloud providers.Cloud providers adapt multitenancy by virtualizing the resources,like CPU,network interfaces,peripherals,hard drives and memory using hypervisor to fulfill the demand.In a virtualized environment,many virtual machines(VMs)can run on the same core with the help of the hypervisor by sharing the resources.The VMs running on the same core are the target for the malicious or abnormal attacks like side channel attacks.Among various side channel attacks in cloud computing,cache-based side channel attack is one that leaks private information of the users based on the shared resources.Here,as the shared resource is the cache,a process can utilize the cache usage of another by cache contention.Cache sharing provides a way for the attackers to gain considerable information so that the key used for encryption can be inferred.Discovering this side channel attack is a challenging task.This requires identification of a feature that influences the attack.Even though there are various techniques available in the literature to mitigate such attacks,an effective solution to reduce the cache-based side channel attack is still an issue.Therefore,a novel fuzzy rule-based mechanism is integrated to detect the cache side channel attackers by monitoring the cache data access(CDA).The factor that determines the attack is CDA in a log file created by the framework during authorization.The proposed framework also utilizes certain security properties including ECC and hashing for the privacy preservation and the decision is made with the aid of a fuzzy logic system.

Efficient Autonomous Defense System Using Machine Learning on Edge Device

As a large amount of data needs to be processed and speed needs to be improved,edge computing with ultra-low latency and ultra-connectivity is emerging as a new paradigm.These changes can lead to new cyber risks,and should therefore be considered for a security threat model.To this end,we constructed an edge system to study security in two directions,hardware and software.First,on the hardware side,we want to autonomically defend against hardware attacks such as side channel attacks by configuring field programmable gate array(FPGA)which is suitable for edge computing and identifying communication status to control the communication method according to priority.In addition,on the software side,data collected on the server performs end-to-end encryption via symmetric encryption keys.Also,we modeled autonomous defense systems on the server by using machine learning which targets to incoming and outgoing logs.Server log utilizes existing intrusion detection datasets that should be used in real-world environments.Server log was used to detect intrusion early by modeling an intrusion prevention system to identify behaviors that violate security policy,and to utilize the existing intrusion detection data set that should be used in a real environment.Through this,we designed an efficient autonomous defense system that can provide a stable system by detecting abnormal signals from the device and converting them to an effective method to control edge computing,and to detect and control abnormal intrusions on the server side.

Analysis of Recent Secure Scan Test Techniques

Side channel attack may result in user key leakage as scan test techniques are applied for crypto-graphic chips. Many secure scan designs have been proposed to protect the user key. This paper meticulously selects three current scan test techniques, analyses their advantages and disadvantages and also compares them in security and area overhead. Users can choose one of them according to the requirements and further combination can be implemented to achieve better performance.

Secure Speculation via Speculative Secret Flow Tracking

Speculative execution attacks can leak arbitrary program data under malicious speculation,presenting a severe security threat.Based on two key observations,this paper presents a software-transparent defense mechanism called speculative secret flow tracking(SSFT),which is capable of defending against all cache-based speculative execution attacks with a low performance overhead.First,we observe that the attacker must use array or pointer variables in the victim code to access arbitrary memory data.Therefore,we propose a strict definition of secret data to reduce the amount of data to be protected.Second,if the load is not data-dependent and control-dependent on secrets,its speculative execution will not leak any secrets.Thus,this paper introduces the concept of speculative secret flow to analyze how secret data are obtained and propagated during speculative execution.By tracking speculative secret flow in hardware,SSFT can identify all unsafe speculative loads(USLs)that are dependent on secrets.Moreover,SSFT exploits three different methods to constrain USLs’speculative execution and prevent them from leaking secrets into the cache and translation lookaside buffer(TLB)states.This paper evaluates the performance of SSFT on the SPEC CPU 2006 workloads,and the results show that SSFT is effective and its performance overhead is very low.To defend against all speculative execution attack variants,SSFT only incurs an average slowdown of 4.5%(Delay USL-L1Miss)or 3.8%(Invisible USLs)compared to a non-secure processor.Our analysis also shows that SSFT maintains a low hardware overhead.

The differential fault analysis on block cipher FeW

Feather weight(FeW)cipher is a lightweight block cipher proposed by Kumar et al.in 2019,which takes 64 bits plaintext as input and produces 64 bits ciphertext.As Kumar et al.said,FeW is a software oriented design with the aim of achieving high efficiency in software based environments.It seems that FeW is immune to many cryptographic attacks,like linear,impossible differential,differential and zero correlation attacks.However,in recent work,Xie et al.reassessed the security of FeW.More precisely,they proved that under the differential fault analysis(DFA)on the encryption states,an attacker can completely recover the master secret key.In this paper,we revisit the block cipher FeW and consider the DFA on its key schedule algorithm,which is rather popular cryptanalysis for kinds of block ciphers.In particular,by respectively injected faults into the 30th and 29th round subkeys,one can recover about 55/80~69%bits of master key.Then the brute force searching remaining bits,one can obtain the full master secret key.The simulations and experiment results show that our analysis is practical.

A novel GPU based Geo-Location Inference Attack on WebGL framework

In the past few years,graphics processing units(GPUs)have become an indispensable part of modern computer systems,not only for graphics rendering but also for intensive parallel computing.Given that many tasks running on GPUs contain sensitive information,security concerns have been raised,especially about potential GPU information leakage.Previous works have shown such concerns by showing that attackers can use GPU memory allocations or performance counters to measure victim side effects.However,such an attack has a critical drawback that it requires a victim to install desktop applications or mobile apps yielding it uneasy to be deployed in the real world.In this paper,we solve this drawback by proposing a novel GPU-based side-channel Geo-Privacy inference attack on the WebGL framework,namely,GLINT(stands for Geo-Location Inference Attack).GLINT merely utilizes a lightweight browser extension to measure the time elapsed to render a sequence of frames on wellknown map websites,e.g.,Google Maps,or Baidu Maps.The measured stream of time series is then employed to infer geologically privacy-sensitive information,such as a search on a specific location.Upon retrieving the stream,we propose a novel online segmentation algorithm for streaming data to determine the start and end points of privacy-sensitive time series.We then combine the DTW algorithm and KNN algorithm on these series to conclude the final inference on a user’s geo-location privacy.We conducted real-world experiments to testify our attack.The experiments show that GeoInfer can correctly infer more than 83%of user searches regardless of the locations and map websites,meaning that our Geo-Privacy inference attack is accurate,practical,and robust.To counter this attack,we implemented a defense strategy based on Differential Privacy to hinder obtaining accurate rendering data.We found that this defense mechanism managed to reduce the average accuracy of the attack model by more than 70%,indicating that the attack was no longer effective.We have fully implemented GLINT and open-sourced it for future follow-up research.

Correlation power analysis of DECIM～v2

Power analysis has been a powerful and thoroughly studied threat for implementations of block ciphers and public key algorithms but not yet for stream ciphers. Based on the consumed power differences between two neighboring clock cycles, this paper presents a correlation power analysis （CPA） attack on the synchronous stream cipher DECIM^v2 （the tweaked version of the original submission DECIM）. This attack resynchronizes the cryptographic device ceaselessly with many different initialization values （IVs） to obtain enough power traces. Then by modeling the statistical properties of the differential power traces with the correlation coefficients, the proposed attack algorithm can completely reveal the secret key of DECIM^v2. Furthermore, a simulation attack is mounted to confirm the validity of the algorithm. The results show that the entire secret key of DECIM^v2 can be restored within several minutes by performing 12 CPA attacks. It seems that there are still some defects in the design of DECIM^v2 and thus some further improvements should be made to resist the proposed attack.