Co-residency of virtual machines(VMs) of different tenants on the same physical platform would possibly lead to cross-VM side-channel attacks in the cloud. While most of current countermeasures fail for real or immedi...Co-residency of virtual machines(VMs) of different tenants on the same physical platform would possibly lead to cross-VM side-channel attacks in the cloud. While most of current countermeasures fail for real or immediate deployment due to their requirement for modification of virtualization structure, we adopt dynamic migration, an inherent mechanism of the cloud platform, as a general defense against this kind of threats. To this end, we first set up a unified practical information leakage model which shows the factors affecting side channels and describes the way they influence the damage due to side-channel attacks. Since migration is adopted to limit the time duration of co-residency, we envision this defense as an optimization problem by setting up an Integer Linear Programming(ILP) to calculate optimal migration strategy, which is intractable due to high computational complexity. Therefore, we approximate the ILP with a baseline genetic algorithm, which is further improved for its optimality and scalability. Experimental results show that our migration-based defense can not only provide excellent security guarantees and affordable performance cost in both theoretical simulation and practical cloud environment, but also achieve better optimality and scalability than previous countermeasures.展开更多
Wi-Fi devices have limited battery life because of which conserving battery life is imperative. The 802.11 Wi-Fi standard provides power management feature that allows stations(STAs) to enter into sleep state to prese...Wi-Fi devices have limited battery life because of which conserving battery life is imperative. The 802.11 Wi-Fi standard provides power management feature that allows stations(STAs) to enter into sleep state to preserve energy without any frame losses. After the STA wakes up, it sends a null data or PS-Poll frame to retrieve frame(s) buffered by the access point(AP), if any during its sleep period. An attacker can launch a power save denial of service(PS-DoS) attack on the sleeping STA(s) by transmitting a spoofed null data or PS-Poll frame(s) to retrieve the buffered frame(s) of the sleeping STA(s) from the AP causing frame losses for the targeted STA(s). Current approaches to prevent or detect the PS-DoS attack require encryption,change in protocol or installation of proprietary hardware. These solutions suffer from expensive setup, maintenance, scalability and deployment issues. The PS-DoS attack does not differ in semantics or statistics under normal and attack circumstances.So signature and anomaly based intrusion detection system(IDS) are unfit to detect the PS-DoS attack. In this paper we propose a timed IDS based on real time discrete event system(RTDES) for detecting PS-DoS attack. The proposed DES based IDS overcomes the drawbacks of existing systems and detects the PS-DoS attack with high accuracy and detection rate. The correctness of the RTDES based IDS is proved by experimenting all possible attack scenarios.展开更多
Timing attacks break a cryptosystem by time measurement to recover keys. Most available countermeasures protect block ciphers based on the safety of modules. This paper gives a complete definition of timing attacks an...Timing attacks break a cryptosystem by time measurement to recover keys. Most available countermeasures protect block ciphers based on the safety of modules. This paper gives a complete definition of timing attacks and studies the vulnerability of operations and modules on timing attacks. We present a method to transfer the security of the algorithm to that of secure operations by reduction. As a result, we hopefully tend to reconcile the provable security notions and modem cryptography with real-world implementations of block ciphers.展开更多
We propose a new approach to discuss the consensus problem of multi-agent systems with time-varying delayed control inputs, switching topologies, and stochastic cyber-attacks under hybrid-triggered mechanism.A Bernoul...We propose a new approach to discuss the consensus problem of multi-agent systems with time-varying delayed control inputs, switching topologies, and stochastic cyber-attacks under hybrid-triggered mechanism.A Bernoulli variable is used to describe the hybrid-triggered scheme, which is introduced to alleviate the burden of the network.The mathematical model of the closed-loop control system is established by taking the influences of time-varying delayed control inputs,switching topologies, and stochastic cyber-attacks into account under the hybrid-triggered scheme.A theorem as the main result is given to make the system consistent based on the theory of Lyapunov stability and linear matrix inequality.Markov jumps with uncertain rates of transitions are applied to describe the switch of topologies.Finally, a simulation example demonstrates the feasibility of the theory in this paper.展开更多
A side-channel attack(SCA)-resistant AES S-box implementation is proposed,which is an improvement from the power-aware hiding(PAH)S-box but with higher security and a smaller area.We use the composite field approach a...A side-channel attack(SCA)-resistant AES S-box implementation is proposed,which is an improvement from the power-aware hiding(PAH)S-box but with higher security and a smaller area.We use the composite field approach and apply the PAH method to the inversion in the nonlinear kernel and a masking method to the other parts.In addition,a delaymatched enable control technique is used to suppress glitches in the masked parts.The evaluation results show that its area is contracted to 63.3%of the full PAH S-box,and its power-delay product is much lower than that of the masking implementation.The leakage assessment using simulation power traces concludes that it has no detectable leakage under t-test and that it at least can thwart the moment-correlation analysis using 665000 noiseless traces.展开更多
Timing attack is an attack on the implementation of a cryptographic primitive. The attack collects leaked secret data via certain implementation techniques either on software or hardware. This paper provides an analys...Timing attack is an attack on the implementation of a cryptographic primitive. The attack collects leaked secret data via certain implementation techniques either on software or hardware. This paper provides an analysis of a theoretical timing attack on the AAβ algorithm. The attack discussed in this paper gives avenues for secure implementation of AAβ against timing attacks. The simulation of the attack is important to provide invulnerability features for the algorithm in order to be implemented and embedded on applications. At the end of the attack, a method to overcome it will be introduced and it is called AAβ blinding.展开更多
Side-channel attacks (SCA) may exploit leakage information to break cryptosystems. In this paper we present a new SCA resistant Elliptic Curve scalar multiplication algorithm. The proposed algorithm, builds a sequen...Side-channel attacks (SCA) may exploit leakage information to break cryptosystems. In this paper we present a new SCA resistant Elliptic Curve scalar multiplication algorithm. The proposed algorithm, builds a sequence of bit-strings representing the scalar k, characterized by the fact that all bit-strings are different from zero; this property will ensure a uniform computation behavior for the algorithm, and thus will make it secure against simple power analysis attacks (SPA). With other randomization techniques, the proposed countermeasures do not penalize the computation time. The proposed scheme is more efficient than MOEller's one, its cost being about 5% to 10% smaller than MOEller's one.展开更多
In this paper, we focus on the estimation of time delays caused by adversaries in the sensing loop (SL). Based on the literature review, time delay switch (TDS) attacks could make any control system, in particular a p...In this paper, we focus on the estimation of time delays caused by adversaries in the sensing loop (SL). Based on the literature review, time delay switch (TDS) attacks could make any control system, in particular a power control system, unstable. Therefore, future smart grids will have to use advanced methods to provide better situational awareness of power grid states keeping smart grids reliable and safe from TDS attacks. Here, we introduce a simple method for preventing time delay switch attack on networked control systems. The method relies on an estimator that will estimate and track time delays introduced by an adversary. Knowing the maximum tolerable time delay of the plant’s optimal controller for which the plant remains stable, a time-delay detector issues an alarm signal when the estimated time delay is larger than the minimum one and directs the system to alarm state. In an alarm state, the plant operates under the control of an emergency controller that is local to the plant and remains in this mode until the networked control system state is restored. This method is an inexpensive and simple way to guarantee that an industrial control system remains stable and secure.展开更多
In any side-channel attack, it is desirable to exploit all the available leakage data to compute the distinguisher’s values. The profiling phase is essential to obtain an accurate leakage model, yet it may not be exh...In any side-channel attack, it is desirable to exploit all the available leakage data to compute the distinguisher’s values. The profiling phase is essential to obtain an accurate leakage model, yet it may not be exhaustive. As a result, information theoretic distinguishers may come up on previously unseen data, a phenomenon yielding empty bins. A strict application of the maximum likelihood method yields a distinguisher that is not even sound. Ignoring empty bins reestablishes soundness, but seriously limits its performance in terms of success rate. The purpose of this paper is to remedy this situation. In this research, we propose six different techniques to improve the performance of information theoretic distinguishers. We study t</span></span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;">hem thoroughly by applying them to timing attacks, both with synthetic and real leakages. Namely, we compare them in terms of success rate, and show that their performance depends on the amount of profiling, and can be explained by a bias-variance analysis. The result of our work is that there exist use-cases, especially when measurements are noisy, where our novel information theoretic distinguishers (typically the soft-drop distinguisher) perform the best compared to known side-channel distinguishers, despite the empty bin situation.展开更多
Side-channel attacks based on supervised learning require that the attacker have complete control over the cryptographic device and obtain a large number of labeled power traces.However,in real life,this requirement i...Side-channel attacks based on supervised learning require that the attacker have complete control over the cryptographic device and obtain a large number of labeled power traces.However,in real life,this requirement is usually not met.In this paper,an attack algorithm based on collaborative learning is proposed.The algorithm only needs to use a small number of labeled power traces to cooperate with the unlabeled power trace to realize the attack to cryptographic device.By experimenting with the DPA contest V4 dataset,the results show that the algorithm can improve the accuracy by about 20%compared with the pure supervised learning in the case of using only 10 labeled power traces.展开更多
Recently,Wireless Sensor Network(WSN)becomes most potential technologies for providing improved services to several data gathering and track-ing applications.Because of the wireless medium,multi-hop communication,abse...Recently,Wireless Sensor Network(WSN)becomes most potential technologies for providing improved services to several data gathering and track-ing applications.Because of the wireless medium,multi-hop communication,absence of physical protectivity,and accumulated traffic,WSN is highly vulner-able to security concerns.Therefore,this study explores a specific type of DoS attack identified as a selective forwarding attack where the misbehaving node in the network drops packet on a selective basis.It is challenging to determine if packet loss is caused by a collision in the medium access path,poor channel quality,or a selective forwarding assault.Identifying misbehaving nodes at the earliest opportunity is an acceptable solution for performing secure routing in such networks.As a result,in this study effort,we present a unique Modified Ad Hoc On-Demand Distance Vector(AODV)Routing protocol depending upon the One time password(OTP)method that employs the RSA algorithm.Finally,a trust evaluation process determines which approach is the most optimal.Accord-ing to the simulationfindings of the suggested routing protocol and comparison with existing routing protocols provided in this article,the proposed work is both efficient and cost-effective.展开更多
Side-channel analysis(SCA)has become an increasing important method to assess the physical security of cryptographic systems.In the process of SCA,the number of attack data directly determines the performance of SCA.W...Side-channel analysis(SCA)has become an increasing important method to assess the physical security of cryptographic systems.In the process of SCA,the number of attack data directly determines the performance of SCA.With sufficient attack data,the adversary can achieve a successful SCA.However,in reality,the cryptographic device may be protected with some countermeasures to limit the number of encryptions using the same key.In this case,the adversary cannot use casual numbers of data to perform SCA.The performance of SCA will be severely dropped if the attack traces are insufficient.In this paper,we introduce wavelet scatter transform(WST)and short-time fourier transform(STFT)to non-profiled side-channel analysis domains,to improve the performance of side-channel attacks in the context of insufficient data.We design a practical framework to provide suitable parameters for WST/STFT-based SCA.Using the proposed method,the WST/STFT-based SCA method can significantly enhance the performance and robustness of non-profiled SCA.The practical attacks against four public datasets show that the proposed method is able to achieve more robust performance.Compared with the original correlation power analysis(CPA),the number of attack data can be reduced by 50–95%.展开更多
基金supported by the National Key Research and Development Program of China (2018YFB0804004)the Foundation of the National Natural Science Foundation of China (61602509)+1 种基金the Foundation for Innovative Research Groups of the National Natural Science Foundation of China (61521003)the Key Technologies Research and Development Program of Henan Province of China (172102210615)
文摘Co-residency of virtual machines(VMs) of different tenants on the same physical platform would possibly lead to cross-VM side-channel attacks in the cloud. While most of current countermeasures fail for real or immediate deployment due to their requirement for modification of virtualization structure, we adopt dynamic migration, an inherent mechanism of the cloud platform, as a general defense against this kind of threats. To this end, we first set up a unified practical information leakage model which shows the factors affecting side channels and describes the way they influence the damage due to side-channel attacks. Since migration is adopted to limit the time duration of co-residency, we envision this defense as an optimization problem by setting up an Integer Linear Programming(ILP) to calculate optimal migration strategy, which is intractable due to high computational complexity. Therefore, we approximate the ILP with a baseline genetic algorithm, which is further improved for its optimality and scalability. Experimental results show that our migration-based defense can not only provide excellent security guarantees and affordable performance cost in both theoretical simulation and practical cloud environment, but also achieve better optimality and scalability than previous countermeasures.
基金supported by TATA Consultancy Servies(TCS)Research Fellowship Program,India
文摘Wi-Fi devices have limited battery life because of which conserving battery life is imperative. The 802.11 Wi-Fi standard provides power management feature that allows stations(STAs) to enter into sleep state to preserve energy without any frame losses. After the STA wakes up, it sends a null data or PS-Poll frame to retrieve frame(s) buffered by the access point(AP), if any during its sleep period. An attacker can launch a power save denial of service(PS-DoS) attack on the sleeping STA(s) by transmitting a spoofed null data or PS-Poll frame(s) to retrieve the buffered frame(s) of the sleeping STA(s) from the AP causing frame losses for the targeted STA(s). Current approaches to prevent or detect the PS-DoS attack require encryption,change in protocol or installation of proprietary hardware. These solutions suffer from expensive setup, maintenance, scalability and deployment issues. The PS-DoS attack does not differ in semantics or statistics under normal and attack circumstances.So signature and anomaly based intrusion detection system(IDS) are unfit to detect the PS-DoS attack. In this paper we propose a timed IDS based on real time discrete event system(RTDES) for detecting PS-DoS attack. The proposed DES based IDS overcomes the drawbacks of existing systems and detects the PS-DoS attack with high accuracy and detection rate. The correctness of the RTDES based IDS is proved by experimenting all possible attack scenarios.
基金Supported by the National Natural Science Foun-dation of China(60573031) the Foundation of National Laboratoryfor Modern Communications(51436060205J W0305) the Founda-tion of Senior Visiting Scholarship of Fudan University
文摘Timing attacks break a cryptosystem by time measurement to recover keys. Most available countermeasures protect block ciphers based on the safety of modules. This paper gives a complete definition of timing attacks and studies the vulnerability of operations and modules on timing attacks. We present a method to transfer the security of the algorithm to that of secure operations by reduction. As a result, we hopefully tend to reconcile the provable security notions and modem cryptography with real-world implementations of block ciphers.
基金Project supported by the National Natural Science Foundation of China(Grant Nos.61074159 and 61703286)
文摘We propose a new approach to discuss the consensus problem of multi-agent systems with time-varying delayed control inputs, switching topologies, and stochastic cyber-attacks under hybrid-triggered mechanism.A Bernoulli variable is used to describe the hybrid-triggered scheme, which is introduced to alleviate the burden of the network.The mathematical model of the closed-loop control system is established by taking the influences of time-varying delayed control inputs,switching topologies, and stochastic cyber-attacks into account under the hybrid-triggered scheme.A theorem as the main result is given to make the system consistent based on the theory of Lyapunov stability and linear matrix inequality.Markov jumps with uncertain rates of transitions are applied to describe the switch of topologies.Finally, a simulation example demonstrates the feasibility of the theory in this paper.
基金This work was supported by the National Science and Technology Major Project of China(2017ZX01030301).
文摘A side-channel attack(SCA)-resistant AES S-box implementation is proposed,which is an improvement from the power-aware hiding(PAH)S-box but with higher security and a smaller area.We use the composite field approach and apply the PAH method to the inversion in the nonlinear kernel and a masking method to the other parts.In addition,a delaymatched enable control technique is used to suppress glitches in the masked parts.The evaluation results show that its area is contracted to 63.3%of the full PAH S-box,and its power-delay product is much lower than that of the masking implementation.The leakage assessment using simulation power traces concludes that it has no detectable leakage under t-test and that it at least can thwart the moment-correlation analysis using 665000 noiseless traces.
文摘Timing attack is an attack on the implementation of a cryptographic primitive. The attack collects leaked secret data via certain implementation techniques either on software or hardware. This paper provides an analysis of a theoretical timing attack on the AAβ algorithm. The attack discussed in this paper gives avenues for secure implementation of AAβ against timing attacks. The simulation of the attack is important to provide invulnerability features for the algorithm in order to be implemented and embedded on applications. At the end of the attack, a method to overcome it will be introduced and it is called AAβ blinding.
基金Supported by the National Natural ScienceFoundation of China (60473029)
文摘Side-channel attacks (SCA) may exploit leakage information to break cryptosystems. In this paper we present a new SCA resistant Elliptic Curve scalar multiplication algorithm. The proposed algorithm, builds a sequence of bit-strings representing the scalar k, characterized by the fact that all bit-strings are different from zero; this property will ensure a uniform computation behavior for the algorithm, and thus will make it secure against simple power analysis attacks (SPA). With other randomization techniques, the proposed countermeasures do not penalize the computation time. The proposed scheme is more efficient than MOEller's one, its cost being about 5% to 10% smaller than MOEller's one.
文摘In this paper, we focus on the estimation of time delays caused by adversaries in the sensing loop (SL). Based on the literature review, time delay switch (TDS) attacks could make any control system, in particular a power control system, unstable. Therefore, future smart grids will have to use advanced methods to provide better situational awareness of power grid states keeping smart grids reliable and safe from TDS attacks. Here, we introduce a simple method for preventing time delay switch attack on networked control systems. The method relies on an estimator that will estimate and track time delays introduced by an adversary. Knowing the maximum tolerable time delay of the plant’s optimal controller for which the plant remains stable, a time-delay detector issues an alarm signal when the estimated time delay is larger than the minimum one and directs the system to alarm state. In an alarm state, the plant operates under the control of an emergency controller that is local to the plant and remains in this mode until the networked control system state is restored. This method is an inexpensive and simple way to guarantee that an industrial control system remains stable and secure.
文摘In any side-channel attack, it is desirable to exploit all the available leakage data to compute the distinguisher’s values. The profiling phase is essential to obtain an accurate leakage model, yet it may not be exhaustive. As a result, information theoretic distinguishers may come up on previously unseen data, a phenomenon yielding empty bins. A strict application of the maximum likelihood method yields a distinguisher that is not even sound. Ignoring empty bins reestablishes soundness, but seriously limits its performance in terms of success rate. The purpose of this paper is to remedy this situation. In this research, we propose six different techniques to improve the performance of information theoretic distinguishers. We study t</span></span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;">hem thoroughly by applying them to timing attacks, both with synthetic and real leakages. Namely, we compare them in terms of success rate, and show that their performance depends on the amount of profiling, and can be explained by a bias-variance analysis. The result of our work is that there exist use-cases, especially when measurements are noisy, where our novel information theoretic distinguishers (typically the soft-drop distinguisher) perform the best compared to known side-channel distinguishers, despite the empty bin situation.
文摘Side-channel attacks based on supervised learning require that the attacker have complete control over the cryptographic device and obtain a large number of labeled power traces.However,in real life,this requirement is usually not met.In this paper,an attack algorithm based on collaborative learning is proposed.The algorithm only needs to use a small number of labeled power traces to cooperate with the unlabeled power trace to realize the attack to cryptographic device.By experimenting with the DPA contest V4 dataset,the results show that the algorithm can improve the accuracy by about 20%compared with the pure supervised learning in the case of using only 10 labeled power traces.
文摘Recently,Wireless Sensor Network(WSN)becomes most potential technologies for providing improved services to several data gathering and track-ing applications.Because of the wireless medium,multi-hop communication,absence of physical protectivity,and accumulated traffic,WSN is highly vulner-able to security concerns.Therefore,this study explores a specific type of DoS attack identified as a selective forwarding attack where the misbehaving node in the network drops packet on a selective basis.It is challenging to determine if packet loss is caused by a collision in the medium access path,poor channel quality,or a selective forwarding assault.Identifying misbehaving nodes at the earliest opportunity is an acceptable solution for performing secure routing in such networks.As a result,in this study effort,we present a unique Modified Ad Hoc On-Demand Distance Vector(AODV)Routing protocol depending upon the One time password(OTP)method that employs the RSA algorithm.Finally,a trust evaluation process determines which approach is the most optimal.Accord-ing to the simulationfindings of the suggested routing protocol and comparison with existing routing protocols provided in this article,the proposed work is both efficient and cost-effective.
基金Aeknowledgements: This paper was supported by the National Natural Science Foundation of China (No. 60772082), the Natural Science Foundation of Hebei Province. China (No. 08M010), the Science Research Foundation of Ordnance Engineering The author gratefully acknowledges DENG Gao-ming for discussions which inspired this research, LI Hua for his advice, and the (anonymous) referees for their suggestions.
基金This work is supported in part by National Key R&D Program of China(No.2022YFB3103800)National Natural Science Foundation of China(No.U1936209,No.62002353,No.62202231 and No.62202230)+2 种基金China Postdoctoral Science Foundation(No.2021M701726)Jiangsu Funding Program for Excellent Postdoctoral Talent(No.2022ZB270)Yunnan Provincial Major Science and Technology Special Plan Projects(No.202103AA080015).
文摘Side-channel analysis(SCA)has become an increasing important method to assess the physical security of cryptographic systems.In the process of SCA,the number of attack data directly determines the performance of SCA.With sufficient attack data,the adversary can achieve a successful SCA.However,in reality,the cryptographic device may be protected with some countermeasures to limit the number of encryptions using the same key.In this case,the adversary cannot use casual numbers of data to perform SCA.The performance of SCA will be severely dropped if the attack traces are insufficient.In this paper,we introduce wavelet scatter transform(WST)and short-time fourier transform(STFT)to non-profiled side-channel analysis domains,to improve the performance of side-channel attacks in the context of insufficient data.We design a practical framework to provide suitable parameters for WST/STFT-based SCA.Using the proposed method,the WST/STFT-based SCA method can significantly enhance the performance and robustness of non-profiled SCA.The practical attacks against four public datasets show that the proposed method is able to achieve more robust performance.Compared with the original correlation power analysis(CPA),the number of attack data can be reduced by 50–95%.