Internet of Things(IoTs)devices are bringing about a revolutionary change our society by enabling connectivity regardless of time and location.However,The extensive deployment of these devices also makes them attracti...Internet of Things(IoTs)devices are bringing about a revolutionary change our society by enabling connectivity regardless of time and location.However,The extensive deployment of these devices also makes them attractive victims for themalicious actions of adversaries.Within the spectrumof existing threats,Side-ChannelAttacks(SCAs)have established themselves as an effective way to compromise cryptographic implementations.These attacks exploit unintended,unintended physical leakage that occurs during the cryptographic execution of devices,bypassing the theoretical strength of the crypto design.In recent times,the advancement of deep learning has provided SCAs with a powerful ally.Well-trained deep-learningmodels demonstrate an exceptional capacity to identify correlations between side-channel measurements and sensitive data,thereby significantly enhancing such attacks.To further understand the security threats posed by deep-learning SCAs and to aid in formulating robust countermeasures in the future,this paper undertakes an exhaustive investigation of leading-edge SCAs targeting Advanced Encryption Standard(AES)implementations.The study specifically focuses on attacks that exploit power consumption and electromagnetic(EM)emissions as primary leakage sources,systematically evaluating the extent to which diverse deep learning techniques enhance SCAs acrossmultiple critical dimensions.These dimensions include:(i)the characteristics of publicly available datasets derived from various hardware and software platforms;(ii)the formalization of leakage models tailored to different attack scenarios;(iii)the architectural suitability and performance of state-of-the-art deep learning models.Furthermore,the survey provides a systematic synthesis of current research findings,identifies significant unresolved issues in the existing literature and suggests promising directions for future work,including cross-device attack transferability and the impact of quantum-classical hybrid computing on side-channel security.展开更多
The intelligent operation management of distribution services is crucial for the stability of power systems.Integrating the large language model(LLM)with 6G edge intelligence provides customized management solutions.H...The intelligent operation management of distribution services is crucial for the stability of power systems.Integrating the large language model(LLM)with 6G edge intelligence provides customized management solutions.However,the adverse effects of false data injection(FDI)attacks on the performance of LLMs cannot be overlooked.Therefore,we propose an FDI attack detection and LLM-assisted resource allocation algorithm for 6G edge intelligenceempowered distribution power grids.First,we formulate a resource allocation optimization problem.The objective is to minimize the weighted sum of the global loss function and total LLM fine-tuning delay under constraints of long-term privacy entropy and energy consumption.Then,we decouple it based on virtual queues.We utilize an LLM-assisted deep Q network(DQN)to learn the resource allocation strategy and design an FDI attack detection mechanism to ensure that fine-tuning remains on the correct path.Simulations demonstrate that the proposed algorithm has excellent performance in convergence,delay,and security.展开更多
False Data Injection Attacks(FDIAs)pose a critical security threat to modern power grids,corrupting state estimation and enabling malicious control actions that can lead to severe consequences,including cascading fail...False Data Injection Attacks(FDIAs)pose a critical security threat to modern power grids,corrupting state estimation and enabling malicious control actions that can lead to severe consequences,including cascading failures,large-scale blackouts,and significant economic losses.While detecting attacks is important,accurately localizing compromised nodes or measurements is even more critical,as it enables timely mitigation,targeted response,and enhanced system resilience beyond what detection alone can offer.Existing research typically models topological features using fixed structures,which can introduce irrelevant information and affect the effectiveness of feature extraction.To address this limitation,this paper proposes an FDIA localization model with adaptive neighborhood selection,which dynamically captures spatial dependencies of the power grid by adjusting node relationships based on data-driven similarities.The improved Transformer is employed to pre-fuse global spatial features of the graph,enriching the feature representation.To improve spatio-temporal correlation extraction for FDIA localization,the proposed model employs dilated causal convolution with a gating mechanism combined with graph convolution to capture and fuse long-range temporal features and adaptive topological features.This fully exploits the temporal dynamics and spatial dependencies inherent in the power grid.Finally,multi-source information is integrated to generate highly robust node embeddings,enhancing FDIA detection and localization.Experiments are conducted on IEEE 14,57,and 118-bus systems,and the results demonstrate that the proposed model substantially improves the accuracy of FDIA localization.Additional experiments are conducted to verify the effectiveness and robustness of the proposed model.展开更多
The number and creativity of side channel attacks have increased dramatically in recent years. Of particular interest are attacks leveraging power line communication to 1) gather information on power consumption from ...The number and creativity of side channel attacks have increased dramatically in recent years. Of particular interest are attacks leveraging power line communication to 1) gather information on power consumption from the victim and 2) exfiltrate data from compromised machines. Attack strategies of this nature on the greater power grid and building infrastructure levels have been shown to be a serious threat. This project further explores this concept of a novel attack vector by creating a new type of penetration testing tool: an USB power adapter capable of remote monitoring of device power consumption and communicating through powerline communications.展开更多
An embedded cryptosystem needs higher reconfiguration capability and security. After analyzing the newly emerging side-channel attacks on elliptic curve cryptosystem (ECC), an efficient fractional width-w NAF (FWNA...An embedded cryptosystem needs higher reconfiguration capability and security. After analyzing the newly emerging side-channel attacks on elliptic curve cryptosystem (ECC), an efficient fractional width-w NAF (FWNAF) algorithm is proposed to secure ECC scalar multiplication from these attacks. This algorithm adopts the fractional window method and probabilistic SPA scheme to reconfigure the pre-computed table, and it allows designers to make a dynamic configuration on pre-computed table. And then, it is enhanced to resist SPA, DPA, RPA and ZPA attacks by using the random masking method. Compared with the WBRIP and EBRIP methods, our proposals has the lowest total computation cost and reduce the shake phenomenon due to sharp fluctuation on computation performance.展开更多
Co-residency of virtual machines(VMs) of different tenants on the same physical platform would possibly lead to cross-VM side-channel attacks in the cloud. While most of current countermeasures fail for real or immedi...Co-residency of virtual machines(VMs) of different tenants on the same physical platform would possibly lead to cross-VM side-channel attacks in the cloud. While most of current countermeasures fail for real or immediate deployment due to their requirement for modification of virtualization structure, we adopt dynamic migration, an inherent mechanism of the cloud platform, as a general defense against this kind of threats. To this end, we first set up a unified practical information leakage model which shows the factors affecting side channels and describes the way they influence the damage due to side-channel attacks. Since migration is adopted to limit the time duration of co-residency, we envision this defense as an optimization problem by setting up an Integer Linear Programming(ILP) to calculate optimal migration strategy, which is intractable due to high computational complexity. Therefore, we approximate the ILP with a baseline genetic algorithm, which is further improved for its optimality and scalability. Experimental results show that our migration-based defense can not only provide excellent security guarantees and affordable performance cost in both theoretical simulation and practical cloud environment, but also achieve better optimality and scalability than previous countermeasures.展开更多
This study considers the performance impacts of false data injection attacks on the cascading failures of a power cyber-physical system,and identifies vulnerable nodes.First,considering the monitoring and control func...This study considers the performance impacts of false data injection attacks on the cascading failures of a power cyber-physical system,and identifies vulnerable nodes.First,considering the monitoring and control functions of a cyber network and power flow characteristics of a power network,a power cyber-physical system model is established.Then,the influences of a false data attack on the decision-making and control processes of the cyber network communication processes are studied,and a cascading failure analysis process is proposed for the cyber-attack environment.In addition,a vulnerability evaluation index is defined from two perspectives,i.e.,the topology integrity and power network operation characteristics.Moreover,the effectiveness of a power flow betweenness assessment for vulnerable nodes in the cyberphysical environment is verified based on comparing the node power flow betweenness and vulnerability assessment index.Finally,an IEEE14-bus power network is selected for constructing a power cyber-physical system.Simulations show that both the uplink communication channel and downlink communication channel suffer from false data attacks,which affect the ability of the cyber network to suppress the propagation of cascading failures,and expand the scale of the cascading failures.The vulnerability evaluation index is calculated for each node,so as to verify the effectiveness of identifying vulnerable nodes based on the power flow betweenness.展开更多
This paper designs a decentralized resilient H_(∞)load frequency control(LFC)scheme for multi-area cyber-physical power systems(CPPSs).Under the network-based control framework,the sampled measurements are transmitte...This paper designs a decentralized resilient H_(∞)load frequency control(LFC)scheme for multi-area cyber-physical power systems(CPPSs).Under the network-based control framework,the sampled measurements are transmitted through the communication networks,which may be attacked by energylimited denial-of-service(DoS)attacks with a characterization of the maximum count of continuous data losses(resilience index).Each area is controlled in a decentralized mode,and the impacts on one area from other areas via their interconnections are regarded as the additional load disturbance of this area.Then,the closed-loop LFC system of each area under DoS attacks is modeled as an aperiodic sampled-data control system with external disturbances.Under this modeling,a decentralized resilient H_(∞)scheme is presented to design the state-feedback controllers with guaranteed H∞performance and resilience index based on a novel transmission interval-dependent loop functional method.When given the controllers,the proposed scheme can obtain a less conservative H_(∞)performance and resilience index that the LFC system can tolerate.The effectiveness of the proposed LFC scheme is evaluated on a one-area CPPS and two three-area CPPSs under DoS attacks.展开更多
Recently,several PC oracle based side-channel attacks have been proposed against Kyber.However,most of them focus on unprotected implementations and masking is considered as a counter-measure.In this study,we extend P...Recently,several PC oracle based side-channel attacks have been proposed against Kyber.However,most of them focus on unprotected implementations and masking is considered as a counter-measure.In this study,we extend PC oracle based side-channel attacks to the second-order scenario and successfully conduct key-recovery attacks on the first-order masked Kyber.Firstly,we analyze the potential joint information leakage.Inspired by the binary PC oracle based attack proposed by Qin et al.at Asiacrypt 2021,we identify the 1-bit leakage scenario in the masked Keccak implementation.Moreover,we modify the ciphertexts construction described by Tanaka et al.at CHES 2023,extending the leakage scenario from 1-bit to 32-bit.With the assistance of TVLA,we validate these leakages through experiments.Secondly,for these two scenarios,we construct a binary PC oracle based on t-test and a multiple-valued PC oracle based on neural networks.Furthermore,we conduct practical side-channel attacks on masked Kyber by utilizing our oracles,with the implementation running on an ARM Cortex-M4 microcontroller.The demonstrated attacks require a minimum of 15788 and 648 traces to fully recover the key of Kyber768 in the 1-bit leakage scenario and the 32-bit leakage scenario,respectively.Our analysis may also be extended to attack other post-quantum schemes that use the same masked hash function.Finally,we apply the shuffling strategy to the first-order masked imple-mentation of the Kyber and perform leakage tests.Experimental results show that the combination strategy of shuffling and masking can effectively resist our proposed attacks.展开更多
While all-optical networks become more and more popular as the basis of the next generation Internet(NGI)infrastructure,such networks raise many critical security issues.High power inter-channel crosstalk attack is on...While all-optical networks become more and more popular as the basis of the next generation Internet(NGI)infrastructure,such networks raise many critical security issues.High power inter-channel crosstalk attack is one of the security issues which have negative effect on information security in optical networks.Optical fiber in optical networks has some nonlinear characteristics,such as self phase modulation(SPM),cross phase modulation(XPM),four-wave mixing(FWM)and stimulated Raman scattering(SRS).They can be used to implement high power inter-channel crosstalk attack by malicious attackers.The mechanism of high power inter-channel crosstalk attack is analyzed.When an attack occurs,attack signal power and fiber nonlinear refractive index are the main factors which affect quality of legitimate signals.The effect of high power inter-channel crosstalk attack on quality of legitimate signals is investigated by building simulation system in VPI software.The results show that interchannel crosstalk caused by high power attack signal leads to quality deterioration of legitimate signals propagated in the same fiber.The higher the power of attack signal is,the greater the fiber nonlinear refractive index is.The closer the channel spacing away from the attack signal is,the more seriously the legitimate signals are affected by attack.We also find that when attack position and power of attack signal are constant,attack signal cannot infinitely spread,while its attack ability shows a fading trend with the extension of propagation distance.展开更多
In this paper,we propose two new attack algorithms on RSA implementations with CRT(Chinese remainder theorem).To improve the attack efficiency considerably,a clustering collision power attack on RSA with CRT is introd...In this paper,we propose two new attack algorithms on RSA implementations with CRT(Chinese remainder theorem).To improve the attack efficiency considerably,a clustering collision power attack on RSA with CRT is introduced via chosen-message pairs.This attack method is that the key parameters dp and dq are segmented by byte,and the modular multiplication collisions are identified by k-means clustering.The exponents dp and dq were recovered by 12 power traces of six groups of the specific message pairs,and the exponent d was obtained.We also propose a second order clustering collision power analysis attack against RSA implementation with CRT,which applies double blinding exponentiation.To reduce noise and artificial participation,we analyze the power points of interest by preprocessing and k-means clustering with horizontal correlation collisions.Thus,we recovered approximately 91%of the secret exponents manipulated with a single power curve on RSA-CRT with countermeasures of double blinding methods.展开更多
Correlation power analysis(CPA) has become a successful attack method about crypto-graphic hardware to recover the secret keys. However, the noise influence caused by the random process interrupts(RPIs) becomes an imp...Correlation power analysis(CPA) has become a successful attack method about crypto-graphic hardware to recover the secret keys. However, the noise influence caused by the random process interrupts(RPIs) becomes an important factor of the power analysis attack efficiency, which will cost more traces or attack time. To address the issue, an improved method about empirical mode decomposition(EMD) was proposed. Instead of restructuring the decomposed signals of intrinsic mode functions(IMFs), we extract a certain intrinsic mode function(IMF) as new feature signal for CPA attack. Meantime, a new attack assessment is proposed to compare the attack effectiveness of different methods. The experiment shows that our method has more excellent performance on CPA than others. The first and the second IMF can be chosen as two optimal feature signals in CPA. In the new method, the signals of the first IMF increase peak visibility by 64% than those of the tradition EMD method in the situation of non-noise. On the condition of different noise interference, the orders of attack efficiencies are also same. With external noise interference, the attack effect of the first IMF based on noise with 15dB is the best.展开更多
This paper presents an improved simple power attack against the key schedule of Camellia. While the original attack required an exact determination of the Hamming weight of intermediate data values based on power meas...This paper presents an improved simple power attack against the key schedule of Camellia. While the original attack required an exact determination of the Hamming weight of intermediate data values based on power measurements, in this paper, two types of the simple power attack are presented and shown to be tolerant of errors that might occur in the Hamming weight determinations. In practical applications of the attack, such errors are likely to occur due to noise and distortion in the power measurements and their mapping to the Hamming weights of the data. To resist these attacks, the required design rationale of key schedules and several practical countermeasures are suggested.展开更多
A side-channel attack(SCA)-resistant AES S-box implementation is proposed,which is an improvement from the power-aware hiding(PAH)S-box but with higher security and a smaller area.We use the composite field approach a...A side-channel attack(SCA)-resistant AES S-box implementation is proposed,which is an improvement from the power-aware hiding(PAH)S-box but with higher security and a smaller area.We use the composite field approach and apply the PAH method to the inversion in the nonlinear kernel and a masking method to the other parts.In addition,a delaymatched enable control technique is used to suppress glitches in the masked parts.The evaluation results show that its area is contracted to 63.3%of the full PAH S-box,and its power-delay product is much lower than that of the masking implementation.The leakage assessment using simulation power traces concludes that it has no detectable leakage under t-test and that it at least can thwart the moment-correlation analysis using 665000 noiseless traces.展开更多
Side-channel attacks (SCA) may exploit leakage information to break cryptosystems. In this paper we present a new SCA resistant Elliptic Curve scalar multiplication algorithm. The proposed algorithm, builds a sequen...Side-channel attacks (SCA) may exploit leakage information to break cryptosystems. In this paper we present a new SCA resistant Elliptic Curve scalar multiplication algorithm. The proposed algorithm, builds a sequence of bit-strings representing the scalar k, characterized by the fact that all bit-strings are different from zero; this property will ensure a uniform computation behavior for the algorithm, and thus will make it secure against simple power analysis attacks (SPA). With other randomization techniques, the proposed countermeasures do not penalize the computation time. The proposed scheme is more efficient than MOEller's one, its cost being about 5% to 10% smaller than MOEller's one.展开更多
The security of Internet of Things(IoT)is a challenging task for researchers due to plethora of IoT networks.Side Channel Attacks(SCA)are one of the major concerns.The prime objective of SCA is to acquire the informat...The security of Internet of Things(IoT)is a challenging task for researchers due to plethora of IoT networks.Side Channel Attacks(SCA)are one of the major concerns.The prime objective of SCA is to acquire the information by observing the power consumption,electromagnetic(EM)field,timing analysis,and acoustics of the device.Later,the attackers perform statistical functions to recover the key.Advanced Encryption Standard(AES)algorithm has proved to be a good security solution for constrained IoT devices.This paper implements a simulation model which is used to modify theAES algorithm using logicalmasking properties.This invariant of the AES algorithm hides the array of bits during substitution byte transformation of AES.This model is used against SCAand particularly Power Analysis Attacks(PAAs).Simulation model is designed on MATLAB simulator.Results will give better solution by hiding power profiles of the IoT devices against PAAs.In future,the lightweight AES algorithm with false key mechanisms and power reduction techniques such as wave dynamic differential logic(WDDL)will be used to safeguard IoT devices against side channel attacks by using Arduino and field programmable gate array(FPGA).展开更多
With the development of electric power technology, information technology and military technology, the impact of cyber attack on electric power infrastructure has increasingly become a hot spot issue which calls both ...With the development of electric power technology, information technology and military technology, the impact of cyber attack on electric power infrastructure has increasingly become a hot spot issue which calls both domestic and foreign attention. First, main reasons of the impact on power infrastructure caused by cyber attack are analyzed from the following two aspects: 1) The dependence of electric power infrastructure on information infrastructure makes cyber attack issues in information field likely to affect electric power field. 2) As regards to the potential threat sources, it will be considerably profitable to launch cyber attacks on electric power infrastructure. On this basis, this paper gives a classified elaboration on the characteristics and the possibilities of cyber attacks on electrical infrastructures. Finally, the recently published actual events of cyber attacks in respect of threat sources, vulnerabilities and assaulting modes are analyzed and summarized.展开更多
Retraction: LIU Shuanggen, NI Haiying, HU Yupu, LIAO Yunyan. An Improved Simple Power Attack against Camellia's Key Schedule. Wuhan University Journal of Natural Sciences, 2008, 13(5): 591-594. DOI: 10.1007/s 11...Retraction: LIU Shuanggen, NI Haiying, HU Yupu, LIAO Yunyan. An Improved Simple Power Attack against Camellia's Key Schedule. Wuhan University Journal of Natural Sciences, 2008, 13(5): 591-594. DOI: 10.1007/s 11859-008-0516-3展开更多
Side-channel attacks based on supervised learning require that the attacker have complete control over the cryptographic device and obtain a large number of labeled power traces.However,in real life,this requirement i...Side-channel attacks based on supervised learning require that the attacker have complete control over the cryptographic device and obtain a large number of labeled power traces.However,in real life,this requirement is usually not met.In this paper,an attack algorithm based on collaborative learning is proposed.The algorithm only needs to use a small number of labeled power traces to cooperate with the unlabeled power trace to realize the attack to cryptographic device.By experimenting with the DPA contest V4 dataset,the results show that the algorithm can improve the accuracy by about 20%compared with the pure supervised learning in the case of using only 10 labeled power traces.展开更多
Fault attacks have emerged as an increasingly effective approach for integrated circuit security attacks due to their short execution time and minimal data requirement.However,the lack of a unified leakage model remai...Fault attacks have emerged as an increasingly effective approach for integrated circuit security attacks due to their short execution time and minimal data requirement.However,the lack of a unified leakage model remains a critical challenge,as existing methods often rely on algorithm-specific details or prior knowledge of plaintexts and intermediate values.This paper proposes the Fault Probability Model based on Hamming Weight(FPHW)to address this.This novel statistical framework quantifies fault attacks by solely analyzing the statistical response of the target device,eliminating the need for attack algorithm details or implementation specifics.Building on this model,a Fault Injection Attack method based on Mutual Information(FPMIA)is introduced,which recovers keys by leveraging the mutual information between measured fault probability traces and simulated leakage derived from Hamming weight,reducing data requirements by at least 44%compared to the existing Mutual Information Analysis method while achieving a high correlation coefficient of 0.9403 between measured and modeled fault probabilities.Experimental validation on an AES-128 implementation via a Microcontroller Unit demonstrates that FPHW accurately captures the data dependence of fault probability and FPMIA achieves efficient key recovery with robust noise tolerance,establishing a unified and efficient framework that surpasses traditional methods in terms of generality,data efficiency,and practical applicability.展开更多
基金The Key R&D Program of Hunan Province(Grant No.2025AQ2024)of the Department of Science and Technology of Hunan Province.Distinguished Young Scientists Fund(Grant No.24B0446)of Hunan Education Department.
文摘Internet of Things(IoTs)devices are bringing about a revolutionary change our society by enabling connectivity regardless of time and location.However,The extensive deployment of these devices also makes them attractive victims for themalicious actions of adversaries.Within the spectrumof existing threats,Side-ChannelAttacks(SCAs)have established themselves as an effective way to compromise cryptographic implementations.These attacks exploit unintended,unintended physical leakage that occurs during the cryptographic execution of devices,bypassing the theoretical strength of the crypto design.In recent times,the advancement of deep learning has provided SCAs with a powerful ally.Well-trained deep-learningmodels demonstrate an exceptional capacity to identify correlations between side-channel measurements and sensitive data,thereby significantly enhancing such attacks.To further understand the security threats posed by deep-learning SCAs and to aid in formulating robust countermeasures in the future,this paper undertakes an exhaustive investigation of leading-edge SCAs targeting Advanced Encryption Standard(AES)implementations.The study specifically focuses on attacks that exploit power consumption and electromagnetic(EM)emissions as primary leakage sources,systematically evaluating the extent to which diverse deep learning techniques enhance SCAs acrossmultiple critical dimensions.These dimensions include:(i)the characteristics of publicly available datasets derived from various hardware and software platforms;(ii)the formalization of leakage models tailored to different attack scenarios;(iii)the architectural suitability and performance of state-of-the-art deep learning models.Furthermore,the survey provides a systematic synthesis of current research findings,identifies significant unresolved issues in the existing literature and suggests promising directions for future work,including cross-device attack transferability and the impact of quantum-classical hybrid computing on side-channel security.
基金supported by the Science and Technology Project of State Grid Corporation of China under Grant Number 52094021N010(5400-202199534A-0-5-ZN).
文摘The intelligent operation management of distribution services is crucial for the stability of power systems.Integrating the large language model(LLM)with 6G edge intelligence provides customized management solutions.However,the adverse effects of false data injection(FDI)attacks on the performance of LLMs cannot be overlooked.Therefore,we propose an FDI attack detection and LLM-assisted resource allocation algorithm for 6G edge intelligenceempowered distribution power grids.First,we formulate a resource allocation optimization problem.The objective is to minimize the weighted sum of the global loss function and total LLM fine-tuning delay under constraints of long-term privacy entropy and energy consumption.Then,we decouple it based on virtual queues.We utilize an LLM-assisted deep Q network(DQN)to learn the resource allocation strategy and design an FDI attack detection mechanism to ensure that fine-tuning remains on the correct path.Simulations demonstrate that the proposed algorithm has excellent performance in convergence,delay,and security.
基金supported by National Key Research and Development Plan of China(No.2022YFB3103304).
文摘False Data Injection Attacks(FDIAs)pose a critical security threat to modern power grids,corrupting state estimation and enabling malicious control actions that can lead to severe consequences,including cascading failures,large-scale blackouts,and significant economic losses.While detecting attacks is important,accurately localizing compromised nodes or measurements is even more critical,as it enables timely mitigation,targeted response,and enhanced system resilience beyond what detection alone can offer.Existing research typically models topological features using fixed structures,which can introduce irrelevant information and affect the effectiveness of feature extraction.To address this limitation,this paper proposes an FDIA localization model with adaptive neighborhood selection,which dynamically captures spatial dependencies of the power grid by adjusting node relationships based on data-driven similarities.The improved Transformer is employed to pre-fuse global spatial features of the graph,enriching the feature representation.To improve spatio-temporal correlation extraction for FDIA localization,the proposed model employs dilated causal convolution with a gating mechanism combined with graph convolution to capture and fuse long-range temporal features and adaptive topological features.This fully exploits the temporal dynamics and spatial dependencies inherent in the power grid.Finally,multi-source information is integrated to generate highly robust node embeddings,enhancing FDIA detection and localization.Experiments are conducted on IEEE 14,57,and 118-bus systems,and the results demonstrate that the proposed model substantially improves the accuracy of FDIA localization.Additional experiments are conducted to verify the effectiveness and robustness of the proposed model.
文摘The number and creativity of side channel attacks have increased dramatically in recent years. Of particular interest are attacks leveraging power line communication to 1) gather information on power consumption from the victim and 2) exfiltrate data from compromised machines. Attack strategies of this nature on the greater power grid and building infrastructure levels have been shown to be a serious threat. This project further explores this concept of a novel attack vector by creating a new type of penetration testing tool: an USB power adapter capable of remote monitoring of device power consumption and communicating through powerline communications.
基金supported by the National Natural Science Foundation of China(60373109)Ministry of Science and Technologyof China and the National Commercial Cryptography Application Technology Architecture and Application DemonstrationProject(2008BAA22B02).
文摘An embedded cryptosystem needs higher reconfiguration capability and security. After analyzing the newly emerging side-channel attacks on elliptic curve cryptosystem (ECC), an efficient fractional width-w NAF (FWNAF) algorithm is proposed to secure ECC scalar multiplication from these attacks. This algorithm adopts the fractional window method and probabilistic SPA scheme to reconfigure the pre-computed table, and it allows designers to make a dynamic configuration on pre-computed table. And then, it is enhanced to resist SPA, DPA, RPA and ZPA attacks by using the random masking method. Compared with the WBRIP and EBRIP methods, our proposals has the lowest total computation cost and reduce the shake phenomenon due to sharp fluctuation on computation performance.
基金supported by the National Key Research and Development Program of China (2018YFB0804004)the Foundation of the National Natural Science Foundation of China (61602509)+1 种基金the Foundation for Innovative Research Groups of the National Natural Science Foundation of China (61521003)the Key Technologies Research and Development Program of Henan Province of China (172102210615)
文摘Co-residency of virtual machines(VMs) of different tenants on the same physical platform would possibly lead to cross-VM side-channel attacks in the cloud. While most of current countermeasures fail for real or immediate deployment due to their requirement for modification of virtualization structure, we adopt dynamic migration, an inherent mechanism of the cloud platform, as a general defense against this kind of threats. To this end, we first set up a unified practical information leakage model which shows the factors affecting side channels and describes the way they influence the damage due to side-channel attacks. Since migration is adopted to limit the time duration of co-residency, we envision this defense as an optimization problem by setting up an Integer Linear Programming(ILP) to calculate optimal migration strategy, which is intractable due to high computational complexity. Therefore, we approximate the ILP with a baseline genetic algorithm, which is further improved for its optimality and scalability. Experimental results show that our migration-based defense can not only provide excellent security guarantees and affordable performance cost in both theoretical simulation and practical cloud environment, but also achieve better optimality and scalability than previous countermeasures.
基金the National Natural Science Foundation of China(61873057)the Education Department of Jilin Province(JJKH20200118KJ).
文摘This study considers the performance impacts of false data injection attacks on the cascading failures of a power cyber-physical system,and identifies vulnerable nodes.First,considering the monitoring and control functions of a cyber network and power flow characteristics of a power network,a power cyber-physical system model is established.Then,the influences of a false data attack on the decision-making and control processes of the cyber network communication processes are studied,and a cascading failure analysis process is proposed for the cyber-attack environment.In addition,a vulnerability evaluation index is defined from two perspectives,i.e.,the topology integrity and power network operation characteristics.Moreover,the effectiveness of a power flow betweenness assessment for vulnerable nodes in the cyberphysical environment is verified based on comparing the node power flow betweenness and vulnerability assessment index.Finally,an IEEE14-bus power network is selected for constructing a power cyber-physical system.Simulations show that both the uplink communication channel and downlink communication channel suffer from false data attacks,which affect the ability of the cyber network to suppress the propagation of cascading failures,and expand the scale of the cascading failures.The vulnerability evaluation index is calculated for each node,so as to verify the effectiveness of identifying vulnerable nodes based on the power flow betweenness.
基金supported by the National Natural Science Foundation(NNSF)of China(62003037,61873303)。
文摘This paper designs a decentralized resilient H_(∞)load frequency control(LFC)scheme for multi-area cyber-physical power systems(CPPSs).Under the network-based control framework,the sampled measurements are transmitted through the communication networks,which may be attacked by energylimited denial-of-service(DoS)attacks with a characterization of the maximum count of continuous data losses(resilience index).Each area is controlled in a decentralized mode,and the impacts on one area from other areas via their interconnections are regarded as the additional load disturbance of this area.Then,the closed-loop LFC system of each area under DoS attacks is modeled as an aperiodic sampled-data control system with external disturbances.Under this modeling,a decentralized resilient H_(∞)scheme is presented to design the state-feedback controllers with guaranteed H∞performance and resilience index based on a novel transmission interval-dependent loop functional method.When given the controllers,the proposed scheme can obtain a less conservative H_(∞)performance and resilience index that the LFC system can tolerate.The effectiveness of the proposed LFC scheme is evaluated on a one-area CPPS and two three-area CPPSs under DoS attacks.
基金National Natural Science Foundation of China(62472397)Innovation Program for Quantum Science and Technology(2021ZD0302902)。
文摘Recently,several PC oracle based side-channel attacks have been proposed against Kyber.However,most of them focus on unprotected implementations and masking is considered as a counter-measure.In this study,we extend PC oracle based side-channel attacks to the second-order scenario and successfully conduct key-recovery attacks on the first-order masked Kyber.Firstly,we analyze the potential joint information leakage.Inspired by the binary PC oracle based attack proposed by Qin et al.at Asiacrypt 2021,we identify the 1-bit leakage scenario in the masked Keccak implementation.Moreover,we modify the ciphertexts construction described by Tanaka et al.at CHES 2023,extending the leakage scenario from 1-bit to 32-bit.With the assistance of TVLA,we validate these leakages through experiments.Secondly,for these two scenarios,we construct a binary PC oracle based on t-test and a multiple-valued PC oracle based on neural networks.Furthermore,we conduct practical side-channel attacks on masked Kyber by utilizing our oracles,with the implementation running on an ARM Cortex-M4 microcontroller.The demonstrated attacks require a minimum of 15788 and 648 traces to fully recover the key of Kyber768 in the 1-bit leakage scenario and the 32-bit leakage scenario,respectively.Our analysis may also be extended to attack other post-quantum schemes that use the same masked hash function.Finally,we apply the shuffling strategy to the first-order masked imple-mentation of the Kyber and perform leakage tests.Experimental results show that the combination strategy of shuffling and masking can effectively resist our proposed attacks.
基金the National Natural Science Foundation of China(No.61179002)the National Defence Foundation of China(No.2012JY002-260)
文摘While all-optical networks become more and more popular as the basis of the next generation Internet(NGI)infrastructure,such networks raise many critical security issues.High power inter-channel crosstalk attack is one of the security issues which have negative effect on information security in optical networks.Optical fiber in optical networks has some nonlinear characteristics,such as self phase modulation(SPM),cross phase modulation(XPM),four-wave mixing(FWM)and stimulated Raman scattering(SRS).They can be used to implement high power inter-channel crosstalk attack by malicious attackers.The mechanism of high power inter-channel crosstalk attack is analyzed.When an attack occurs,attack signal power and fiber nonlinear refractive index are the main factors which affect quality of legitimate signals.The effect of high power inter-channel crosstalk attack on quality of legitimate signals is investigated by building simulation system in VPI software.The results show that interchannel crosstalk caused by high power attack signal leads to quality deterioration of legitimate signals propagated in the same fiber.The higher the power of attack signal is,the greater the fiber nonlinear refractive index is.The closer the channel spacing away from the attack signal is,the more seriously the legitimate signals are affected by attack.We also find that when attack position and power of attack signal are constant,attack signal cannot infinitely spread,while its attack ability shows a fading trend with the extension of propagation distance.
基金supported by the National Key R&D Program of China(No.2017YFB0802300)the Key Research and Development Project of Sichuan Province(No.2020YFG0307,No.2018TJPT0012)the Key Research and Development Project of Chengdu(No.2019-YF05-02028-GX).
文摘In this paper,we propose two new attack algorithms on RSA implementations with CRT(Chinese remainder theorem).To improve the attack efficiency considerably,a clustering collision power attack on RSA with CRT is introduced via chosen-message pairs.This attack method is that the key parameters dp and dq are segmented by byte,and the modular multiplication collisions are identified by k-means clustering.The exponents dp and dq were recovered by 12 power traces of six groups of the specific message pairs,and the exponent d was obtained.We also propose a second order clustering collision power analysis attack against RSA implementation with CRT,which applies double blinding exponentiation.To reduce noise and artificial participation,we analyze the power points of interest by preprocessing and k-means clustering with horizontal correlation collisions.Thus,we recovered approximately 91%of the secret exponents manipulated with a single power curve on RSA-CRT with countermeasures of double blinding methods.
基金supported by The National Natural Science Foundation of China under Grants 61571063,61501100 and 61472357
文摘Correlation power analysis(CPA) has become a successful attack method about crypto-graphic hardware to recover the secret keys. However, the noise influence caused by the random process interrupts(RPIs) becomes an important factor of the power analysis attack efficiency, which will cost more traces or attack time. To address the issue, an improved method about empirical mode decomposition(EMD) was proposed. Instead of restructuring the decomposed signals of intrinsic mode functions(IMFs), we extract a certain intrinsic mode function(IMF) as new feature signal for CPA attack. Meantime, a new attack assessment is proposed to compare the attack effectiveness of different methods. The experiment shows that our method has more excellent performance on CPA than others. The first and the second IMF can be chosen as two optimal feature signals in CPA. In the new method, the signals of the first IMF increase peak visibility by 64% than those of the tradition EMD method in the situation of non-noise. On the condition of different noise interference, the orders of attack efficiencies are also same. With external noise interference, the attack effect of the first IMF based on noise with 15dB is the best.
基金the National Natural Science Foundation of China (60673072)the Natural Basic Research Program of China (2007CB311201)
文摘This paper presents an improved simple power attack against the key schedule of Camellia. While the original attack required an exact determination of the Hamming weight of intermediate data values based on power measurements, in this paper, two types of the simple power attack are presented and shown to be tolerant of errors that might occur in the Hamming weight determinations. In practical applications of the attack, such errors are likely to occur due to noise and distortion in the power measurements and their mapping to the Hamming weights of the data. To resist these attacks, the required design rationale of key schedules and several practical countermeasures are suggested.
基金This work was supported by the National Science and Technology Major Project of China(2017ZX01030301).
文摘A side-channel attack(SCA)-resistant AES S-box implementation is proposed,which is an improvement from the power-aware hiding(PAH)S-box but with higher security and a smaller area.We use the composite field approach and apply the PAH method to the inversion in the nonlinear kernel and a masking method to the other parts.In addition,a delaymatched enable control technique is used to suppress glitches in the masked parts.The evaluation results show that its area is contracted to 63.3%of the full PAH S-box,and its power-delay product is much lower than that of the masking implementation.The leakage assessment using simulation power traces concludes that it has no detectable leakage under t-test and that it at least can thwart the moment-correlation analysis using 665000 noiseless traces.
基金Supported by the National Natural ScienceFoundation of China (60473029)
文摘Side-channel attacks (SCA) may exploit leakage information to break cryptosystems. In this paper we present a new SCA resistant Elliptic Curve scalar multiplication algorithm. The proposed algorithm, builds a sequence of bit-strings representing the scalar k, characterized by the fact that all bit-strings are different from zero; this property will ensure a uniform computation behavior for the algorithm, and thus will make it secure against simple power analysis attacks (SPA). With other randomization techniques, the proposed countermeasures do not penalize the computation time. The proposed scheme is more efficient than MOEller's one, its cost being about 5% to 10% smaller than MOEller's one.
文摘The security of Internet of Things(IoT)is a challenging task for researchers due to plethora of IoT networks.Side Channel Attacks(SCA)are one of the major concerns.The prime objective of SCA is to acquire the information by observing the power consumption,electromagnetic(EM)field,timing analysis,and acoustics of the device.Later,the attackers perform statistical functions to recover the key.Advanced Encryption Standard(AES)algorithm has proved to be a good security solution for constrained IoT devices.This paper implements a simulation model which is used to modify theAES algorithm using logicalmasking properties.This invariant of the AES algorithm hides the array of bits during substitution byte transformation of AES.This model is used against SCAand particularly Power Analysis Attacks(PAAs).Simulation model is designed on MATLAB simulator.Results will give better solution by hiding power profiles of the IoT devices against PAAs.In future,the lightweight AES algorithm with false key mechanisms and power reduction techniques such as wave dynamic differential logic(WDDL)will be used to safeguard IoT devices against side channel attacks by using Arduino and field programmable gate array(FPGA).
文摘With the development of electric power technology, information technology and military technology, the impact of cyber attack on electric power infrastructure has increasingly become a hot spot issue which calls both domestic and foreign attention. First, main reasons of the impact on power infrastructure caused by cyber attack are analyzed from the following two aspects: 1) The dependence of electric power infrastructure on information infrastructure makes cyber attack issues in information field likely to affect electric power field. 2) As regards to the potential threat sources, it will be considerably profitable to launch cyber attacks on electric power infrastructure. On this basis, this paper gives a classified elaboration on the characteristics and the possibilities of cyber attacks on electrical infrastructures. Finally, the recently published actual events of cyber attacks in respect of threat sources, vulnerabilities and assaulting modes are analyzed and summarized.
文摘Retraction: LIU Shuanggen, NI Haiying, HU Yupu, LIAO Yunyan. An Improved Simple Power Attack against Camellia's Key Schedule. Wuhan University Journal of Natural Sciences, 2008, 13(5): 591-594. DOI: 10.1007/s 11859-008-0516-3
文摘Side-channel attacks based on supervised learning require that the attacker have complete control over the cryptographic device and obtain a large number of labeled power traces.However,in real life,this requirement is usually not met.In this paper,an attack algorithm based on collaborative learning is proposed.The algorithm only needs to use a small number of labeled power traces to cooperate with the unlabeled power trace to realize the attack to cryptographic device.By experimenting with the DPA contest V4 dataset,the results show that the algorithm can improve the accuracy by about 20%compared with the pure supervised learning in the case of using only 10 labeled power traces.
文摘Fault attacks have emerged as an increasingly effective approach for integrated circuit security attacks due to their short execution time and minimal data requirement.However,the lack of a unified leakage model remains a critical challenge,as existing methods often rely on algorithm-specific details or prior knowledge of plaintexts and intermediate values.This paper proposes the Fault Probability Model based on Hamming Weight(FPHW)to address this.This novel statistical framework quantifies fault attacks by solely analyzing the statistical response of the target device,eliminating the need for attack algorithm details or implementation specifics.Building on this model,a Fault Injection Attack method based on Mutual Information(FPMIA)is introduced,which recovers keys by leveraging the mutual information between measured fault probability traces and simulated leakage derived from Hamming weight,reducing data requirements by at least 44%compared to the existing Mutual Information Analysis method while achieving a high correlation coefficient of 0.9403 between measured and modeled fault probabilities.Experimental validation on an AES-128 implementation via a Microcontroller Unit demonstrates that FPHW accurately captures the data dependence of fault probability and FPMIA achieves efficient key recovery with robust noise tolerance,establishing a unified and efficient framework that surpasses traditional methods in terms of generality,data efficiency,and practical applicability.
