The Inner Product Masking(IPM)scheme has been shown to provide higher theoretical security guarantees than the BooleanMasking(BM).This scheme aims to increase the algebraic complexity of the coding to achieve a higher...The Inner Product Masking(IPM)scheme has been shown to provide higher theoretical security guarantees than the BooleanMasking(BM).This scheme aims to increase the algebraic complexity of the coding to achieve a higher level of security.Some previous work unfolds when certain(adversarial and implementation)conditions are met,and we seek to complement these investigations by understanding what happens when these conditions deviate from their expected behaviour.In this paper,we investigate the security characteristics of IPM under different conditions.In adversarial condition,the security properties of first-order IPMs obtained through parametric characterization are preserved in the face of univariate and bivariate attacks.In implementation condition,we construct two new polynomial leakage functions to observe the nonlinear leakage of the IPM and connect the security order amplification to the nonlinear function.We observe that the security of IPMis affected by the degree and the linear component in the leakage function.In addition,the comparison experiments from the coefficients,signal-to-noise ratio(SNR)and the public parameter show that the security properties of the IPM are highly implementation-dependent.展开更多
Correlation power analysis(CPA)combined with genetic algorithms(GA)now achieves greater attack efficiency and can recover all subkeys simultaneously.However,two issues in GA-based CPA still need to be addressed:key de...Correlation power analysis(CPA)combined with genetic algorithms(GA)now achieves greater attack efficiency and can recover all subkeys simultaneously.However,two issues in GA-based CPA still need to be addressed:key degeneration and slow evolution within populations.These challenges significantly hinder key recovery efforts.This paper proposes a screening correlation power analysis framework combined with a genetic algorithm,named SFGA-CPA,to address these issues.SFGA-CPA introduces three operations designed to exploit CPA characteris-tics:propagative operation,constrained crossover,and constrained mutation.Firstly,the propagative operation accelerates population evolution by maximizing the number of correct bytes in each individual.Secondly,the constrained crossover and mutation operations effectively address key degeneration by preventing the compromise of correct bytes.Finally,an intelligent search method is proposed to identify optimal parameters,further improving attack efficiency.Experiments were conducted on both simulated environments and real power traces collected from the SAKURA-G platform.In the case of simulation,SFGA-CPA reduces the number of traces by 27.3%and 60%compared to CPA based on multiple screening methods(MS-CPA)and CPA based on simple GA method(SGA-CPA)when the success rate reaches 90%.Moreover,real experimental results on the SAKURA-G platform demonstrate that our approach outperforms other methods.展开更多
As the process of economic globalization deepens,a large variety of integrated circuit designers tends to move the chip's manufacturing to the developing country.But during the globalization of semiconductor desig...As the process of economic globalization deepens,a large variety of integrated circuit designers tends to move the chip's manufacturing to the developing country.But during the globalization of semiconductor design and fabrication process,integrated circuits are suffering from increasing malicious alterations from the untrusted foundries,which pose a serious threat to the military,finance,transportation and other critical systems.An noninvasive approach was presented to measure the physical "sidechannel"parameter of a chip such as current or delay,which is effectively capable of detecting the malicious hardware alternations.The intrinsic relationship of a circuit's side-channel parameters was exploited to distinguish the effect of a Trojan in the presence of large random noise and process noise,such as the Dynamic current(IDDT)versus the maximum operating frequency(Fmax)correlation.The Monte Carlo analysis in Hspice using ± 20% Gauss variations in transistor threshold voltage(Vth)was carried out to simulate the circuit state in the real world.Simulation Results show that this approach is effective to detect the ultra-small Trojans.展开更多
Getting insight into the spatiotemporal distribution patterns of knowledge innovation is receiving increasing attention from policymakers and economic research organizations.Many studies use bibliometric data to analy...Getting insight into the spatiotemporal distribution patterns of knowledge innovation is receiving increasing attention from policymakers and economic research organizations.Many studies use bibliometric data to analyze the popularity of certain research topics,well-adopted methodologies,influential authors,and the interrelationships among research disciplines.However,the visual exploration of the patterns of research topics with an emphasis on their spatial and temporal distribution remains challenging.This study combined a Space-Time Cube(STC)and a 3D glyph to represent the complex multivariate bibliographic data.We further implemented a visual design by developing an interactive interface.The effectiveness,understandability,and engagement of ST-Map are evaluated by seven experts in geovisualization.The results suggest that it is promising to use three-dimensional visualization to show the overview and on-demand details on a single screen.展开更多
Fault analysis is a frequently used side-channel attack for cryptanalysis.However,existing fault attack methods usually involve complex fault fusion analysis or computation-intensive statistical analysis of massive fa...Fault analysis is a frequently used side-channel attack for cryptanalysis.However,existing fault attack methods usually involve complex fault fusion analysis or computation-intensive statistical analysis of massive fault traces.In this work,we take a property-based formal verification approach to fault analysis.We derive fine-grained formal models for automatic fault propagation and fusion,which establish a mathematical foundation for precise measurement and formal reasoning of fault effects.We extract the correlations in fault effects in order to create properties for fault verification.We further propose a method for key recovery,by formally checking when the extracted properties can be satisfied with partial keys as the search variables.Experimental results using both unprotected and masked advanced encryption standard(AES)implementations show that our method has a key search complexity of 216,which only requires two correct and faulty ciphertext pairs to determine the secret key,and does not assume knowledge about fault location or pattern.展开更多
In the era of the Internet of Things,Bluetooth low energy(BLE/BTLE)plays an important role as a wellknown wireless communication technology.While the security and privacy of BLE have been analyzed and fixed several ti...In the era of the Internet of Things,Bluetooth low energy(BLE/BTLE)plays an important role as a wellknown wireless communication technology.While the security and privacy of BLE have been analyzed and fixed several times,the threat of side-channel attacks to BLE devices is still not well understood.In this work,we highlight a side-channel threat to the re-keying protocol of BLE.This protocol uses a fixed long term key for generating session keys,and the leakage of the long term key could render the encryption of all the following(and previous)connections useless.Our attack exploits the side-channel leakage of the re-keying protocol when it is implemented on embedded devices.In particular,we present successful correlation electromagnetic analysis and deep learning based profiled analysis that recover long term keys of BLE devices.We evaluate our attack on an ARM Cortex-M4 processor(Nordic Semiconductor nRF52840)running Nimble,a popular open-source BLE stack.Our results demonstrate that the long term key can be recovered within only a small amount of electromagnetic traces.Further,we summarize the features and limitations of our attack,and suggest a range of countermeasures to prevent it.展开更多
Side-channel analysis(SCA)has become an increasing important method to assess the physical security of cryptographic systems.In the process of SCA,the number of attack data directly determines the performance of SCA.W...Side-channel analysis(SCA)has become an increasing important method to assess the physical security of cryptographic systems.In the process of SCA,the number of attack data directly determines the performance of SCA.With sufficient attack data,the adversary can achieve a successful SCA.However,in reality,the cryptographic device may be protected with some countermeasures to limit the number of encryptions using the same key.In this case,the adversary cannot use casual numbers of data to perform SCA.The performance of SCA will be severely dropped if the attack traces are insufficient.In this paper,we introduce wavelet scatter transform(WST)and short-time fourier transform(STFT)to non-profiled side-channel analysis domains,to improve the performance of side-channel attacks in the context of insufficient data.We design a practical framework to provide suitable parameters for WST/STFT-based SCA.Using the proposed method,the WST/STFT-based SCA method can significantly enhance the performance and robustness of non-profiled SCA.The practical attacks against four public datasets show that the proposed method is able to achieve more robust performance.Compared with the original correlation power analysis(CPA),the number of attack data can be reduced by 50–95%.展开更多
基金the Hunan Provincial Natrual Science Foundation of China(2022JJ30103)“the 14th Five-Year”Key Disciplines and Application Oriented Special Disciplines of Hunan Province(Xiangjiaotong[2022]351)the Science and Technology Innovation Program of Hunan Province(2016TP1020).
文摘The Inner Product Masking(IPM)scheme has been shown to provide higher theoretical security guarantees than the BooleanMasking(BM).This scheme aims to increase the algebraic complexity of the coding to achieve a higher level of security.Some previous work unfolds when certain(adversarial and implementation)conditions are met,and we seek to complement these investigations by understanding what happens when these conditions deviate from their expected behaviour.In this paper,we investigate the security characteristics of IPM under different conditions.In adversarial condition,the security properties of first-order IPMs obtained through parametric characterization are preserved in the face of univariate and bivariate attacks.In implementation condition,we construct two new polynomial leakage functions to observe the nonlinear leakage of the IPM and connect the security order amplification to the nonlinear function.We observe that the security of IPMis affected by the degree and the linear component in the leakage function.In addition,the comparison experiments from the coefficients,signal-to-noise ratio(SNR)and the public parameter show that the security properties of the IPM are highly implementation-dependent.
基金supported by the Hunan Provincial Natrual Science Foundation of China(2022JJ30103)“the 14th Five-Year”Key Disciplines and Application Oriented Special Disciplines of Hunan Province(Xiangjiaotong[2022],351)the Science and Technology Innovation Program of Hunan Province(2016TP1020).
文摘Correlation power analysis(CPA)combined with genetic algorithms(GA)now achieves greater attack efficiency and can recover all subkeys simultaneously.However,two issues in GA-based CPA still need to be addressed:key degeneration and slow evolution within populations.These challenges significantly hinder key recovery efforts.This paper proposes a screening correlation power analysis framework combined with a genetic algorithm,named SFGA-CPA,to address these issues.SFGA-CPA introduces three operations designed to exploit CPA characteris-tics:propagative operation,constrained crossover,and constrained mutation.Firstly,the propagative operation accelerates population evolution by maximizing the number of correct bytes in each individual.Secondly,the constrained crossover and mutation operations effectively address key degeneration by preventing the compromise of correct bytes.Finally,an intelligent search method is proposed to identify optimal parameters,further improving attack efficiency.Experiments were conducted on both simulated environments and real power traces collected from the SAKURA-G platform.In the case of simulation,SFGA-CPA reduces the number of traces by 27.3%and 60%compared to CPA based on multiple screening methods(MS-CPA)and CPA based on simple GA method(SGA-CPA)when the success rate reaches 90%.Moreover,real experimental results on the SAKURA-G platform demonstrate that our approach outperforms other methods.
文摘As the process of economic globalization deepens,a large variety of integrated circuit designers tends to move the chip's manufacturing to the developing country.But during the globalization of semiconductor design and fabrication process,integrated circuits are suffering from increasing malicious alterations from the untrusted foundries,which pose a serious threat to the military,finance,transportation and other critical systems.An noninvasive approach was presented to measure the physical "sidechannel"parameter of a chip such as current or delay,which is effectively capable of detecting the malicious hardware alternations.The intrinsic relationship of a circuit's side-channel parameters was exploited to distinguish the effect of a Trojan in the presence of large random noise and process noise,such as the Dynamic current(IDDT)versus the maximum operating frequency(Fmax)correlation.The Monte Carlo analysis in Hspice using ± 20% Gauss variations in transistor threshold voltage(Vth)was carried out to simulate the circuit state in the real world.Simulation Results show that this approach is effective to detect the ultra-small Trojans.
文摘Getting insight into the spatiotemporal distribution patterns of knowledge innovation is receiving increasing attention from policymakers and economic research organizations.Many studies use bibliometric data to analyze the popularity of certain research topics,well-adopted methodologies,influential authors,and the interrelationships among research disciplines.However,the visual exploration of the patterns of research topics with an emphasis on their spatial and temporal distribution remains challenging.This study combined a Space-Time Cube(STC)and a 3D glyph to represent the complex multivariate bibliographic data.We further implemented a visual design by developing an interactive interface.The effectiveness,understandability,and engagement of ST-Map are evaluated by seven experts in geovisualization.The results suggest that it is promising to use three-dimensional visualization to show the overview and on-demand details on a single screen.
基金supported by the National Key R&D Program of China(No.2021YFB3100901)the National Natural Science Foundation of China(Nos.62074131 and 62004176).
文摘Fault analysis is a frequently used side-channel attack for cryptanalysis.However,existing fault attack methods usually involve complex fault fusion analysis or computation-intensive statistical analysis of massive fault traces.In this work,we take a property-based formal verification approach to fault analysis.We derive fine-grained formal models for automatic fault propagation and fusion,which establish a mathematical foundation for precise measurement and formal reasoning of fault effects.We extract the correlations in fault effects in order to create properties for fault verification.We further propose a method for key recovery,by formally checking when the extracted properties can be satisfied with partial keys as the search variables.Experimental results using both unprotected and masked advanced encryption standard(AES)implementations show that our method has a key search complexity of 216,which only requires two correct and faulty ciphertext pairs to determine the secret key,and does not assume knowledge about fault location or pattern.
基金supported by the National Natural Science Foundation of China under Grant No.62072307。
文摘In the era of the Internet of Things,Bluetooth low energy(BLE/BTLE)plays an important role as a wellknown wireless communication technology.While the security and privacy of BLE have been analyzed and fixed several times,the threat of side-channel attacks to BLE devices is still not well understood.In this work,we highlight a side-channel threat to the re-keying protocol of BLE.This protocol uses a fixed long term key for generating session keys,and the leakage of the long term key could render the encryption of all the following(and previous)connections useless.Our attack exploits the side-channel leakage of the re-keying protocol when it is implemented on embedded devices.In particular,we present successful correlation electromagnetic analysis and deep learning based profiled analysis that recover long term keys of BLE devices.We evaluate our attack on an ARM Cortex-M4 processor(Nordic Semiconductor nRF52840)running Nimble,a popular open-source BLE stack.Our results demonstrate that the long term key can be recovered within only a small amount of electromagnetic traces.Further,we summarize the features and limitations of our attack,and suggest a range of countermeasures to prevent it.
基金This work is supported in part by National Key R&D Program of China(No.2022YFB3103800)National Natural Science Foundation of China(No.U1936209,No.62002353,No.62202231 and No.62202230)+2 种基金China Postdoctoral Science Foundation(No.2021M701726)Jiangsu Funding Program for Excellent Postdoctoral Talent(No.2022ZB270)Yunnan Provincial Major Science and Technology Special Plan Projects(No.202103AA080015).
文摘Side-channel analysis(SCA)has become an increasing important method to assess the physical security of cryptographic systems.In the process of SCA,the number of attack data directly determines the performance of SCA.With sufficient attack data,the adversary can achieve a successful SCA.However,in reality,the cryptographic device may be protected with some countermeasures to limit the number of encryptions using the same key.In this case,the adversary cannot use casual numbers of data to perform SCA.The performance of SCA will be severely dropped if the attack traces are insufficient.In this paper,we introduce wavelet scatter transform(WST)and short-time fourier transform(STFT)to non-profiled side-channel analysis domains,to improve the performance of side-channel attacks in the context of insufficient data.We design a practical framework to provide suitable parameters for WST/STFT-based SCA.Using the proposed method,the WST/STFT-based SCA method can significantly enhance the performance and robustness of non-profiled SCA.The practical attacks against four public datasets show that the proposed method is able to achieve more robust performance.Compared with the original correlation power analysis(CPA),the number of attack data can be reduced by 50–95%.
