The Inner Product Masking(IPM)scheme has been shown to provide higher theoretical security guarantees than the BooleanMasking(BM).This scheme aims to increase the algebraic complexity of the coding to achieve a higher...The Inner Product Masking(IPM)scheme has been shown to provide higher theoretical security guarantees than the BooleanMasking(BM).This scheme aims to increase the algebraic complexity of the coding to achieve a higher level of security.Some previous work unfolds when certain(adversarial and implementation)conditions are met,and we seek to complement these investigations by understanding what happens when these conditions deviate from their expected behaviour.In this paper,we investigate the security characteristics of IPM under different conditions.In adversarial condition,the security properties of first-order IPMs obtained through parametric characterization are preserved in the face of univariate and bivariate attacks.In implementation condition,we construct two new polynomial leakage functions to observe the nonlinear leakage of the IPM and connect the security order amplification to the nonlinear function.We observe that the security of IPMis affected by the degree and the linear component in the leakage function.In addition,the comparison experiments from the coefficients,signal-to-noise ratio(SNR)and the public parameter show that the security properties of the IPM are highly implementation-dependent.展开更多
Co-residency of virtual machines(VMs) of different tenants on the same physical platform would possibly lead to cross-VM side-channel attacks in the cloud. While most of current countermeasures fail for real or immedi...Co-residency of virtual machines(VMs) of different tenants on the same physical platform would possibly lead to cross-VM side-channel attacks in the cloud. While most of current countermeasures fail for real or immediate deployment due to their requirement for modification of virtualization structure, we adopt dynamic migration, an inherent mechanism of the cloud platform, as a general defense against this kind of threats. To this end, we first set up a unified practical information leakage model which shows the factors affecting side channels and describes the way they influence the damage due to side-channel attacks. Since migration is adopted to limit the time duration of co-residency, we envision this defense as an optimization problem by setting up an Integer Linear Programming(ILP) to calculate optimal migration strategy, which is intractable due to high computational complexity. Therefore, we approximate the ILP with a baseline genetic algorithm, which is further improved for its optimality and scalability. Experimental results show that our migration-based defense can not only provide excellent security guarantees and affordable performance cost in both theoretical simulation and practical cloud environment, but also achieve better optimality and scalability than previous countermeasures.展开更多
For a compact quantum key distribution (QKD) sender for the polarization encoding BB84 protocol, an eavesdropper could take a side-channel attack by measuring the spatial information of photons to infer their polariza...For a compact quantum key distribution (QKD) sender for the polarization encoding BB84 protocol, an eavesdropper could take a side-channel attack by measuring the spatial information of photons to infer their polarizations. The possibility of this attack can be reduced by introducing an aperture in the QKD sender, however, the effect of the aperture on the QKD security lacks of quantitative analysis. In this paper, we analyze the mutual information between the actual keys encoded at this QKD sender and the inferred keys at the eavesdropper (Eve), demonstrating the effect of the aperture to eliminate the spatial side-channel information quantitatively. It shows that Eve’s potential on eavesdropping spatial side-channel information is totally dependent on the optical design of the QKD sender, including the source arrangement and the aperture. The height of compact QKD senders with integrated light-emitting diode (LED) arrays could be controlled under several millimeters, showing great potential on applications in portable equipment.展开更多
A side-channel attack(SCA)-resistant AES S-box implementation is proposed,which is an improvement from the power-aware hiding(PAH)S-box but with higher security and a smaller area.We use the composite field approach a...A side-channel attack(SCA)-resistant AES S-box implementation is proposed,which is an improvement from the power-aware hiding(PAH)S-box but with higher security and a smaller area.We use the composite field approach and apply the PAH method to the inversion in the nonlinear kernel and a masking method to the other parts.In addition,a delaymatched enable control technique is used to suppress glitches in the masked parts.The evaluation results show that its area is contracted to 63.3%of the full PAH S-box,and its power-delay product is much lower than that of the masking implementation.The leakage assessment using simulation power traces concludes that it has no detectable leakage under t-test and that it at least can thwart the moment-correlation analysis using 665000 noiseless traces.展开更多
Protocol tunneling is widely used to add security and/or privacy to Internet applications. Recent research has exposed side channel vulnerabilities that leak information about tunneled protocols. We first discuss the ...Protocol tunneling is widely used to add security and/or privacy to Internet applications. Recent research has exposed side channel vulnerabilities that leak information about tunneled protocols. We first discuss the timing side channels that have been found in protocol tunneling tools. We then show how to infer Hidden Markov models (HMMs) of network protocols from timing data and use the HMMs to detect when protocols are active. Unlike previous work, the HMM approach we present requires no a priori knowledge of the protocol. To illustrate the utility of this approach, we detect the use of English or Italian in interactive SSH sessions. For this example application, keystroke-timing data associates inter-packet delays with keystrokes. We first use clustering to extract discrete information from continuous timing data. We use discrete symbols to infer a HMM model, and finally use statistical tests to determine if the observed timing is consistent with the language typing statistics. In our tests, if the correct window size is used, fewer than 2% of data windows are incorrectly identified. Experimental verification shows that on-line detection of language use in interactive encrypted protocol tunnels is reliable. We compare maximum likelihood and statistical hypothesis testing for detecting protocol tunneling. We also discuss how this approach is useful in monitoring mix networks like The Onion Router (Tor).展开更多
Side-channel attacks based on supervised learning require that the attacker have complete control over the cryptographic device and obtain a large number of labeled power traces.However,in real life,this requirement i...Side-channel attacks based on supervised learning require that the attacker have complete control over the cryptographic device and obtain a large number of labeled power traces.However,in real life,this requirement is usually not met.In this paper,an attack algorithm based on collaborative learning is proposed.The algorithm only needs to use a small number of labeled power traces to cooperate with the unlabeled power trace to realize the attack to cryptographic device.By experimenting with the DPA contest V4 dataset,the results show that the algorithm can improve the accuracy by about 20%compared with the pure supervised learning in the case of using only 10 labeled power traces.展开更多
An embedded cryptosystem needs higher reconfiguration capability and security.After analyzing the newly emerging side-channel attacks on elliptic curve cryptosystem(ECC),an efficient fractional width-w NAF (FWNAF)algo...An embedded cryptosystem needs higher reconfiguration capability and security.After analyzing the newly emerging side-channel attacks on elliptic curve cryptosystem(ECC),an efficient fractional width-w NAF (FWNAF)algorithm is proposed to secure ECC scalar multiplication from these attacks.This algorithm adopts the fractional window method and probabilistic SPA scheme to reconfigure the pre-computed table,and it allows designers to make a dynamic configuration on pre-computed table.And then,it is enhanced to resist SPA,DPA, RPA and ZPA attacks by using the random masking method.Compared with the WBRIP and EBRIP methods, our proposals has the lowest total computation cost and reduce the shake phenomenon due to sharp fluctuation on computation performance.展开更多
Side-channel attacks(SCA) may exploit leakage information to break cryptosystems. In this paper we present a new SCA resistant Elliptic Curve scalar multiplication algorithm. The proposed algorithm, builds a sequence ...Side-channel attacks(SCA) may exploit leakage information to break cryptosystems. In this paper we present a new SCA resistant Elliptic Curve scalar multiplication algorithm. The proposed algorithm, builds a sequence of bit-strings representing the scalar k, characterized by the fact that all bit-strings are different from zero; this property will ensure a uniform computation behavior for the algorithm, and thus will make it secure against simple power analysis attacks(SPA). With other randomization techniques, the proposed countermeasures do not penalize the computation time. The proposed scheme is more efficient than Mller’s one, its cost being about 5% to 10% smaller than Mller’s one.展开更多
In cloud storage,client-side deduplication is widely used to reduce storage and communication costs.In client-side deduplication,if the cloud server detects that the user’s outsourced data have been stored,then clien...In cloud storage,client-side deduplication is widely used to reduce storage and communication costs.In client-side deduplication,if the cloud server detects that the user’s outsourced data have been stored,then clients will not need to reupload the data.However,the information on whether data need to be uploaded can be used as a side-channel,which can consequently be exploited by adversaries to compromise data privacy.In this paper,we propose a new threat model against side-channel attacks.Different from existing schemes,the adversary could learn the approximate ratio of stored chunks to unstored chunks in outsourced files,and this ratio will affect the probability that the adversary compromises the data privacy through side-channel attacks.Under this threat model,we design two defense schemes to minimize privacy leakage,both of which design interaction protocols between clients and the server during deduplication checks to reduce the probability that the adversary compromises data privacy.We analyze the security of our schemes,and evaluate their performances based on a real-world dataset.Compared with existing schemes,our schemes can better mitigate data privacy leakage and have a slightly lower communication cost.展开更多
In the era of the Internet of Things,Bluetooth low energy(BLE/BTLE)plays an important role as a wellknown wireless communication technology.While the security and privacy of BLE have been analyzed and fixed several ti...In the era of the Internet of Things,Bluetooth low energy(BLE/BTLE)plays an important role as a wellknown wireless communication technology.While the security and privacy of BLE have been analyzed and fixed several times,the threat of side-channel attacks to BLE devices is still not well understood.In this work,we highlight a side-channel threat to the re-keying protocol of BLE.This protocol uses a fixed long term key for generating session keys,and the leakage of the long term key could render the encryption of all the following(and previous)connections useless.Our attack exploits the side-channel leakage of the re-keying protocol when it is implemented on embedded devices.In particular,we present successful correlation electromagnetic analysis and deep learning based profiled analysis that recover long term keys of BLE devices.We evaluate our attack on an ARM Cortex-M4 processor(Nordic Semiconductor nRF52840)running Nimble,a popular open-source BLE stack.Our results demonstrate that the long term key can be recovered within only a small amount of electromagnetic traces.Further,we summarize the features and limitations of our attack,and suggest a range of countermeasures to prevent it.展开更多
Side-channel attacks allow adversaries to infer sensitive information,such as cryptographic keys or private user data,by monitoring unintentional information leaks of running programs.Prior side-channel detection meth...Side-channel attacks allow adversaries to infer sensitive information,such as cryptographic keys or private user data,by monitoring unintentional information leaks of running programs.Prior side-channel detection methods can identify numerous potential vulnerabilities in cryptographic implementations with a small amount of execution traces due to the high diffusion of secret inputs in crypto primitives.However,because non-cryptographic programs cover different paths under various sensitive inputs,extending existing tools for identifying information leaks to non-cryptographic applications suffers from either insufficient path coverage or redundant testing.To address these limitations,we propose a new dynamic analysis framework named SPIDER that uses fuzzing,execution profiling,and clustering for a high path coverage and test suite reduction,and then speeds up the dynamic analysis of side-channel vulnerability detection in non-cryptographic programs.We analyze eight non-cryptographic programs and ten cryptographic algorithms under SPIDER in a fully automated way,and our results confirm the effectiveness of test suite reduction and the vulnerability detection accuracy of the whole framework.展开更多
Side-channel analysis(SCA)has become an increasing important method to assess the physical security of cryptographic systems.In the process of SCA,the number of attack data directly determines the performance of SCA.W...Side-channel analysis(SCA)has become an increasing important method to assess the physical security of cryptographic systems.In the process of SCA,the number of attack data directly determines the performance of SCA.With sufficient attack data,the adversary can achieve a successful SCA.However,in reality,the cryptographic device may be protected with some countermeasures to limit the number of encryptions using the same key.In this case,the adversary cannot use casual numbers of data to perform SCA.The performance of SCA will be severely dropped if the attack traces are insufficient.In this paper,we introduce wavelet scatter transform(WST)and short-time fourier transform(STFT)to non-profiled side-channel analysis domains,to improve the performance of side-channel attacks in the context of insufficient data.We design a practical framework to provide suitable parameters for WST/STFT-based SCA.Using the proposed method,the WST/STFT-based SCA method can significantly enhance the performance and robustness of non-profiled SCA.The practical attacks against four public datasets show that the proposed method is able to achieve more robust performance.Compared with the original correlation power analysis(CPA),the number of attack data can be reduced by 50–95%.展开更多
基金the Hunan Provincial Natrual Science Foundation of China(2022JJ30103)“the 14th Five-Year”Key Disciplines and Application Oriented Special Disciplines of Hunan Province(Xiangjiaotong[2022]351)the Science and Technology Innovation Program of Hunan Province(2016TP1020).
文摘The Inner Product Masking(IPM)scheme has been shown to provide higher theoretical security guarantees than the BooleanMasking(BM).This scheme aims to increase the algebraic complexity of the coding to achieve a higher level of security.Some previous work unfolds when certain(adversarial and implementation)conditions are met,and we seek to complement these investigations by understanding what happens when these conditions deviate from their expected behaviour.In this paper,we investigate the security characteristics of IPM under different conditions.In adversarial condition,the security properties of first-order IPMs obtained through parametric characterization are preserved in the face of univariate and bivariate attacks.In implementation condition,we construct two new polynomial leakage functions to observe the nonlinear leakage of the IPM and connect the security order amplification to the nonlinear function.We observe that the security of IPMis affected by the degree and the linear component in the leakage function.In addition,the comparison experiments from the coefficients,signal-to-noise ratio(SNR)and the public parameter show that the security properties of the IPM are highly implementation-dependent.
基金supported by the National Key Research and Development Program of China (2018YFB0804004)the Foundation of the National Natural Science Foundation of China (61602509)+1 种基金the Foundation for Innovative Research Groups of the National Natural Science Foundation of China (61521003)the Key Technologies Research and Development Program of Henan Province of China (172102210615)
文摘Co-residency of virtual machines(VMs) of different tenants on the same physical platform would possibly lead to cross-VM side-channel attacks in the cloud. While most of current countermeasures fail for real or immediate deployment due to their requirement for modification of virtualization structure, we adopt dynamic migration, an inherent mechanism of the cloud platform, as a general defense against this kind of threats. To this end, we first set up a unified practical information leakage model which shows the factors affecting side channels and describes the way they influence the damage due to side-channel attacks. Since migration is adopted to limit the time duration of co-residency, we envision this defense as an optimization problem by setting up an Integer Linear Programming(ILP) to calculate optimal migration strategy, which is intractable due to high computational complexity. Therefore, we approximate the ILP with a baseline genetic algorithm, which is further improved for its optimality and scalability. Experimental results show that our migration-based defense can not only provide excellent security guarantees and affordable performance cost in both theoretical simulation and practical cloud environment, but also achieve better optimality and scalability than previous countermeasures.
基金supported by the National Key Research and Development Program of China under Grant No.2017YFA0303704National Natural Science Foundation of China under Grants No.61575102,No.61671438,No.61875101,and No.61621064+1 种基金Beijing Natural Science Foundation under Grant No.Z180012Beijing Academy of Quantum Information Sciences under Grant No.Y18G26
文摘For a compact quantum key distribution (QKD) sender for the polarization encoding BB84 protocol, an eavesdropper could take a side-channel attack by measuring the spatial information of photons to infer their polarizations. The possibility of this attack can be reduced by introducing an aperture in the QKD sender, however, the effect of the aperture on the QKD security lacks of quantitative analysis. In this paper, we analyze the mutual information between the actual keys encoded at this QKD sender and the inferred keys at the eavesdropper (Eve), demonstrating the effect of the aperture to eliminate the spatial side-channel information quantitatively. It shows that Eve’s potential on eavesdropping spatial side-channel information is totally dependent on the optical design of the QKD sender, including the source arrangement and the aperture. The height of compact QKD senders with integrated light-emitting diode (LED) arrays could be controlled under several millimeters, showing great potential on applications in portable equipment.
基金This work was supported by the National Science and Technology Major Project of China(2017ZX01030301).
文摘A side-channel attack(SCA)-resistant AES S-box implementation is proposed,which is an improvement from the power-aware hiding(PAH)S-box but with higher security and a smaller area.We use the composite field approach and apply the PAH method to the inversion in the nonlinear kernel and a masking method to the other parts.In addition,a delaymatched enable control technique is used to suppress glitches in the masked parts.The evaluation results show that its area is contracted to 63.3%of the full PAH S-box,and its power-delay product is much lower than that of the masking implementation.The leakage assessment using simulation power traces concludes that it has no detectable leakage under t-test and that it at least can thwart the moment-correlation analysis using 665000 noiseless traces.
文摘Protocol tunneling is widely used to add security and/or privacy to Internet applications. Recent research has exposed side channel vulnerabilities that leak information about tunneled protocols. We first discuss the timing side channels that have been found in protocol tunneling tools. We then show how to infer Hidden Markov models (HMMs) of network protocols from timing data and use the HMMs to detect when protocols are active. Unlike previous work, the HMM approach we present requires no a priori knowledge of the protocol. To illustrate the utility of this approach, we detect the use of English or Italian in interactive SSH sessions. For this example application, keystroke-timing data associates inter-packet delays with keystrokes. We first use clustering to extract discrete information from continuous timing data. We use discrete symbols to infer a HMM model, and finally use statistical tests to determine if the observed timing is consistent with the language typing statistics. In our tests, if the correct window size is used, fewer than 2% of data windows are incorrectly identified. Experimental verification shows that on-line detection of language use in interactive encrypted protocol tunnels is reliable. We compare maximum likelihood and statistical hypothesis testing for detecting protocol tunneling. We also discuss how this approach is useful in monitoring mix networks like The Onion Router (Tor).
文摘Side-channel attacks based on supervised learning require that the attacker have complete control over the cryptographic device and obtain a large number of labeled power traces.However,in real life,this requirement is usually not met.In this paper,an attack algorithm based on collaborative learning is proposed.The algorithm only needs to use a small number of labeled power traces to cooperate with the unlabeled power trace to realize the attack to cryptographic device.By experimenting with the DPA contest V4 dataset,the results show that the algorithm can improve the accuracy by about 20%compared with the pure supervised learning in the case of using only 10 labeled power traces.
基金supported by the National Natural Science Foundation of China(60373109)Ministry of Science and Technologyof China and the National Commercial Cryptography Application Technology Architecture and Application DemonstrationProject(2008BAA22B02).
文摘An embedded cryptosystem needs higher reconfiguration capability and security.After analyzing the newly emerging side-channel attacks on elliptic curve cryptosystem(ECC),an efficient fractional width-w NAF (FWNAF)algorithm is proposed to secure ECC scalar multiplication from these attacks.This algorithm adopts the fractional window method and probabilistic SPA scheme to reconfigure the pre-computed table,and it allows designers to make a dynamic configuration on pre-computed table.And then,it is enhanced to resist SPA,DPA, RPA and ZPA attacks by using the random masking method.Compared with the WBRIP and EBRIP methods, our proposals has the lowest total computation cost and reduce the shake phenomenon due to sharp fluctuation on computation performance.
基金Supported by the National Natural ScienceFoundation of China (60473029)
文摘Side-channel attacks(SCA) may exploit leakage information to break cryptosystems. In this paper we present a new SCA resistant Elliptic Curve scalar multiplication algorithm. The proposed algorithm, builds a sequence of bit-strings representing the scalar k, characterized by the fact that all bit-strings are different from zero; this property will ensure a uniform computation behavior for the algorithm, and thus will make it secure against simple power analysis attacks(SPA). With other randomization techniques, the proposed countermeasures do not penalize the computation time. The proposed scheme is more efficient than Mller’s one, its cost being about 5% to 10% smaller than Mller’s one.
基金supported by the National Key R&D Program of China (No.2018YFA0704703)National Natural Science Foundation of China (Nos.61972215,61972073,and 62172238)Natural Science Foundation of Tianjin (No.20JCZDJC00640).
文摘In cloud storage,client-side deduplication is widely used to reduce storage and communication costs.In client-side deduplication,if the cloud server detects that the user’s outsourced data have been stored,then clients will not need to reupload the data.However,the information on whether data need to be uploaded can be used as a side-channel,which can consequently be exploited by adversaries to compromise data privacy.In this paper,we propose a new threat model against side-channel attacks.Different from existing schemes,the adversary could learn the approximate ratio of stored chunks to unstored chunks in outsourced files,and this ratio will affect the probability that the adversary compromises the data privacy through side-channel attacks.Under this threat model,we design two defense schemes to minimize privacy leakage,both of which design interaction protocols between clients and the server during deduplication checks to reduce the probability that the adversary compromises data privacy.We analyze the security of our schemes,and evaluate their performances based on a real-world dataset.Compared with existing schemes,our schemes can better mitigate data privacy leakage and have a slightly lower communication cost.
基金supported by the National Natural Science Foundation of China under Grant No.62072307。
文摘In the era of the Internet of Things,Bluetooth low energy(BLE/BTLE)plays an important role as a wellknown wireless communication technology.While the security and privacy of BLE have been analyzed and fixed several times,the threat of side-channel attacks to BLE devices is still not well understood.In this work,we highlight a side-channel threat to the re-keying protocol of BLE.This protocol uses a fixed long term key for generating session keys,and the leakage of the long term key could render the encryption of all the following(and previous)connections useless.Our attack exploits the side-channel leakage of the re-keying protocol when it is implemented on embedded devices.In particular,we present successful correlation electromagnetic analysis and deep learning based profiled analysis that recover long term keys of BLE devices.We evaluate our attack on an ARM Cortex-M4 processor(Nordic Semiconductor nRF52840)running Nimble,a popular open-source BLE stack.Our results demonstrate that the long term key can be recovered within only a small amount of electromagnetic traces.Further,we summarize the features and limitations of our attack,and suggest a range of countermeasures to prevent it.
基金supported in part by the National Natural Science Foundation of China (Nos.61272452 and 61872430)the National Key Basic Research and Development (973)Program of China (No.2014CB340601)+1 种基金the Key R&D Program of Hubei Province (No.2020BAA003)the Prospective Applied Research Program of Suzhou City (No.SYG201845).
文摘Side-channel attacks allow adversaries to infer sensitive information,such as cryptographic keys or private user data,by monitoring unintentional information leaks of running programs.Prior side-channel detection methods can identify numerous potential vulnerabilities in cryptographic implementations with a small amount of execution traces due to the high diffusion of secret inputs in crypto primitives.However,because non-cryptographic programs cover different paths under various sensitive inputs,extending existing tools for identifying information leaks to non-cryptographic applications suffers from either insufficient path coverage or redundant testing.To address these limitations,we propose a new dynamic analysis framework named SPIDER that uses fuzzing,execution profiling,and clustering for a high path coverage and test suite reduction,and then speeds up the dynamic analysis of side-channel vulnerability detection in non-cryptographic programs.We analyze eight non-cryptographic programs and ten cryptographic algorithms under SPIDER in a fully automated way,and our results confirm the effectiveness of test suite reduction and the vulnerability detection accuracy of the whole framework.
基金This work is supported in part by National Key R&D Program of China(No.2022YFB3103800)National Natural Science Foundation of China(No.U1936209,No.62002353,No.62202231 and No.62202230)+2 种基金China Postdoctoral Science Foundation(No.2021M701726)Jiangsu Funding Program for Excellent Postdoctoral Talent(No.2022ZB270)Yunnan Provincial Major Science and Technology Special Plan Projects(No.202103AA080015).
文摘Side-channel analysis(SCA)has become an increasing important method to assess the physical security of cryptographic systems.In the process of SCA,the number of attack data directly determines the performance of SCA.With sufficient attack data,the adversary can achieve a successful SCA.However,in reality,the cryptographic device may be protected with some countermeasures to limit the number of encryptions using the same key.In this case,the adversary cannot use casual numbers of data to perform SCA.The performance of SCA will be severely dropped if the attack traces are insufficient.In this paper,we introduce wavelet scatter transform(WST)and short-time fourier transform(STFT)to non-profiled side-channel analysis domains,to improve the performance of side-channel attacks in the context of insufficient data.We design a practical framework to provide suitable parameters for WST/STFT-based SCA.Using the proposed method,the WST/STFT-based SCA method can significantly enhance the performance and robustness of non-profiled SCA.The practical attacks against four public datasets show that the proposed method is able to achieve more robust performance.Compared with the original correlation power analysis(CPA),the number of attack data can be reduced by 50–95%.
