The cache-based covert channel is one of the common vulnerabilities exploited in the Spectre attacks.Current mitigation strategies focus on blocking the eviction-based channel by using a random/encrypted mapping funct...The cache-based covert channel is one of the common vulnerabilities exploited in the Spectre attacks.Current mitigation strategies focus on blocking the eviction-based channel by using a random/encrypted mapping function to translate memory address to the cache address,while the updated-based channel is still vulnerable.In addition,some mitigation strategies are also costly as it needs software and hardware modifications.In this paper,our objective is to devise low-cost,comprehensive-protection techniques for mitigating the Spectre attacks.We proposed a novel cache structure,named EBCache,which focuses on the RISC-V processor and applies the address encryption and blacklist to resist the Spectre attacks.The addresses encryption mechanism increases the difficulty of pruning a minimal eviction set.The blacklist mechanism makes the updated cache lines loaded by the malicious updates invisible.Our experiments demonstrated that the EBCache can prevent malicious modifications.The EBCache,however,reduces the processor’s performance by about 23%but involves only a low-cost modification in the hardware.展开更多
Recently,several PC oracle based side-channel attacks have been proposed against Kyber.However,most of them focus on unprotected implementations and masking is considered as a counter-measure.In this study,we extend P...Recently,several PC oracle based side-channel attacks have been proposed against Kyber.However,most of them focus on unprotected implementations and masking is considered as a counter-measure.In this study,we extend PC oracle based side-channel attacks to the second-order scenario and successfully conduct key-recovery attacks on the first-order masked Kyber.Firstly,we analyze the potential joint information leakage.Inspired by the binary PC oracle based attack proposed by Qin et al.at Asiacrypt 2021,we identify the 1-bit leakage scenario in the masked Keccak implementation.Moreover,we modify the ciphertexts construction described by Tanaka et al.at CHES 2023,extending the leakage scenario from 1-bit to 32-bit.With the assistance of TVLA,we validate these leakages through experiments.Secondly,for these two scenarios,we construct a binary PC oracle based on t-test and a multiple-valued PC oracle based on neural networks.Furthermore,we conduct practical side-channel attacks on masked Kyber by utilizing our oracles,with the implementation running on an ARM Cortex-M4 microcontroller.The demonstrated attacks require a minimum of 15788 and 648 traces to fully recover the key of Kyber768 in the 1-bit leakage scenario and the 32-bit leakage scenario,respectively.Our analysis may also be extended to attack other post-quantum schemes that use the same masked hash function.Finally,we apply the shuffling strategy to the first-order masked imple-mentation of the Kyber and perform leakage tests.Experimental results show that the combination strategy of shuffling and masking can effectively resist our proposed attacks.展开更多
Fault attacks have emerged as an increasingly effective approach for integrated circuit security attacks due to their short execution time and minimal data requirement.However,the lack of a unified leakage model remai...Fault attacks have emerged as an increasingly effective approach for integrated circuit security attacks due to their short execution time and minimal data requirement.However,the lack of a unified leakage model remains a critical challenge,as existing methods often rely on algorithm-specific details or prior knowledge of plaintexts and intermediate values.This paper proposes the Fault Probability Model based on Hamming Weight(FPHW)to address this.This novel statistical framework quantifies fault attacks by solely analyzing the statistical response of the target device,eliminating the need for attack algorithm details or implementation specifics.Building on this model,a Fault Injection Attack method based on Mutual Information(FPMIA)is introduced,which recovers keys by leveraging the mutual information between measured fault probability traces and simulated leakage derived from Hamming weight,reducing data requirements by at least 44%compared to the existing Mutual Information Analysis method while achieving a high correlation coefficient of 0.9403 between measured and modeled fault probabilities.Experimental validation on an AES-128 implementation via a Microcontroller Unit demonstrates that FPHW accurately captures the data dependence of fault probability and FPMIA achieves efficient key recovery with robust noise tolerance,establishing a unified and efficient framework that surpasses traditional methods in terms of generality,data efficiency,and practical applicability.展开更多
Co-residency of virtual machines(VMs) of different tenants on the same physical platform would possibly lead to cross-VM side-channel attacks in the cloud. While most of current countermeasures fail for real or immedi...Co-residency of virtual machines(VMs) of different tenants on the same physical platform would possibly lead to cross-VM side-channel attacks in the cloud. While most of current countermeasures fail for real or immediate deployment due to their requirement for modification of virtualization structure, we adopt dynamic migration, an inherent mechanism of the cloud platform, as a general defense against this kind of threats. To this end, we first set up a unified practical information leakage model which shows the factors affecting side channels and describes the way they influence the damage due to side-channel attacks. Since migration is adopted to limit the time duration of co-residency, we envision this defense as an optimization problem by setting up an Integer Linear Programming(ILP) to calculate optimal migration strategy, which is intractable due to high computational complexity. Therefore, we approximate the ILP with a baseline genetic algorithm, which is further improved for its optimality and scalability. Experimental results show that our migration-based defense can not only provide excellent security guarantees and affordable performance cost in both theoretical simulation and practical cloud environment, but also achieve better optimality and scalability than previous countermeasures.展开更多
A side-channel attack(SCA)-resistant AES S-box implementation is proposed,which is an improvement from the power-aware hiding(PAH)S-box but with higher security and a smaller area.We use the composite field approach a...A side-channel attack(SCA)-resistant AES S-box implementation is proposed,which is an improvement from the power-aware hiding(PAH)S-box but with higher security and a smaller area.We use the composite field approach and apply the PAH method to the inversion in the nonlinear kernel and a masking method to the other parts.In addition,a delaymatched enable control technique is used to suppress glitches in the masked parts.The evaluation results show that its area is contracted to 63.3%of the full PAH S-box,and its power-delay product is much lower than that of the masking implementation.The leakage assessment using simulation power traces concludes that it has no detectable leakage under t-test and that it at least can thwart the moment-correlation analysis using 665000 noiseless traces.展开更多
Side-channel attacks (SCA) may exploit leakage information to break cryptosystems. In this paper we present a new SCA resistant Elliptic Curve scalar multiplication algorithm. The proposed algorithm, builds a sequen...Side-channel attacks (SCA) may exploit leakage information to break cryptosystems. In this paper we present a new SCA resistant Elliptic Curve scalar multiplication algorithm. The proposed algorithm, builds a sequence of bit-strings representing the scalar k, characterized by the fact that all bit-strings are different from zero; this property will ensure a uniform computation behavior for the algorithm, and thus will make it secure against simple power analysis attacks (SPA). With other randomization techniques, the proposed countermeasures do not penalize the computation time. The proposed scheme is more efficient than MOEller's one, its cost being about 5% to 10% smaller than MOEller's one.展开更多
Side-channel attacks based on supervised learning require that the attacker have complete control over the cryptographic device and obtain a large number of labeled power traces.However,in real life,this requirement i...Side-channel attacks based on supervised learning require that the attacker have complete control over the cryptographic device and obtain a large number of labeled power traces.However,in real life,this requirement is usually not met.In this paper,an attack algorithm based on collaborative learning is proposed.The algorithm only needs to use a small number of labeled power traces to cooperate with the unlabeled power trace to realize the attack to cryptographic device.By experimenting with the DPA contest V4 dataset,the results show that the algorithm can improve the accuracy by about 20%compared with the pure supervised learning in the case of using only 10 labeled power traces.展开更多
Mobile devices within Fifth Generation(5G)networks,typically equipped with Android systems,serve as a bridge to connect digital gadgets such as global positioning system,mobile devices,and wireless routers,which are v...Mobile devices within Fifth Generation(5G)networks,typically equipped with Android systems,serve as a bridge to connect digital gadgets such as global positioning system,mobile devices,and wireless routers,which are vital in facilitating end-user communication requirements.However,the security of Android systems has been challenged by the sensitive data involved,leading to vulnerabilities in mobile devices used in 5G networks.These vulnerabilities expose mobile devices to cyber-attacks,primarily resulting from security gaps.Zero-permission apps in Android can exploit these channels to access sensitive information,including user identities,login credentials,and geolocation data.One such attack leverages“zero-permission”sensors like accelerometers and gyroscopes,enabling attackers to gather information about the smartphone’s user.This underscores the importance of fortifying mobile devices against potential future attacks.Our research focuses on a new recurrent neural network prediction model,which has proved highly effective for detecting sidechannel attacks in mobile devices in 5G networks.We conducted state-of-the-art comparative studies to validate our experimental approach.The results demonstrate that even a small amount of training data can accurately recognize 37.5%of previously unseen user-typed words.Moreover,our tap detection mechanism achieves a 92%accuracy rate,a crucial factor for text inference.These findings have significant practical implications,as they reinforce mobile device security in 5G networks,enhancing user privacy,and data protection.展开更多
Side-channel attacks have recently progressed into software-induced attacks.In particular,a rowhammer attack,which exploits the characteristics of dynamic random access memory(DRAM),can quickly and continuously access...Side-channel attacks have recently progressed into software-induced attacks.In particular,a rowhammer attack,which exploits the characteristics of dynamic random access memory(DRAM),can quickly and continuously access the cells as the cell density of DRAM increases,thereby generating a disturbance error affecting the neighboring cells,resulting in bit flips.Although a rowhammer attack is a highly sophisticated attack in which disturbance errors are deliberately generated into data bits,it has been reported that it can be exploited on various platforms such as mobile devices,web browsers,and virtual machines.Furthermore,there have been studies on bypassing the defense measures of DRAM manufacturers and the like to respond to rowhammer attacks.A rowhammer attack can control user access and compromise the integrity of sensitive data with attacks such as a privilege escalation and an alteration of the encryption keys.In an attempt to mitigate a rowhammer attack,various hardware-and software-based mitigation techniques are being studied,but there are limitations in that the research methods do not detect the rowhammer attack in advance,causing overhead or degradation of the system performance.Therefore,in this study,a rowhammer attack detection technique is proposed by extracting common features of rowhammer attack files through a static analysis of rowhammer attack codes.展开更多
Protocol tunneling is widely used to add security and/or privacy to Internet applications. Recent research has exposed side channel vulnerabilities that leak information about tunneled protocols. We first discuss the ...Protocol tunneling is widely used to add security and/or privacy to Internet applications. Recent research has exposed side channel vulnerabilities that leak information about tunneled protocols. We first discuss the timing side channels that have been found in protocol tunneling tools. We then show how to infer Hidden Markov models (HMMs) of network protocols from timing data and use the HMMs to detect when protocols are active. Unlike previous work, the HMM approach we present requires no a priori knowledge of the protocol. To illustrate the utility of this approach, we detect the use of English or Italian in interactive SSH sessions. For this example application, keystroke-timing data associates inter-packet delays with keystrokes. We first use clustering to extract discrete information from continuous timing data. We use discrete symbols to infer a HMM model, and finally use statistical tests to determine if the observed timing is consistent with the language typing statistics. In our tests, if the correct window size is used, fewer than 2% of data windows are incorrectly identified. Experimental verification shows that on-line detection of language use in interactive encrypted protocol tunnels is reliable. We compare maximum likelihood and statistical hypothesis testing for detecting protocol tunneling. We also discuss how this approach is useful in monitoring mix networks like The Onion Router (Tor).展开更多
Timing attack is an attack on the implementation of a cryptographic primitive. The attack collects leaked secret data via certain implementation techniques either on software or hardware. This paper provides an analys...Timing attack is an attack on the implementation of a cryptographic primitive. The attack collects leaked secret data via certain implementation techniques either on software or hardware. This paper provides an analysis of a theoretical timing attack on the AAβ algorithm. The attack discussed in this paper gives avenues for secure implementation of AAβ against timing attacks. The simulation of the attack is important to provide invulnerability features for the algorithm in order to be implemented and embedded on applications. At the end of the attack, a method to overcome it will be introduced and it is called AAβ blinding.展开更多
During the standardisation process of post-quantum cryptography,NIST encourages research on side-channel analysis for candidate schemes.As the recommended lattice signature scheme,CRYSTALS-Dilithium,when implemented o...During the standardisation process of post-quantum cryptography,NIST encourages research on side-channel analysis for candidate schemes.As the recommended lattice signature scheme,CRYSTALS-Dilithium,when implemented on hardware,has seen limited research on side-channel analysis,and current attacks are incomplete or requires a substantial quantity of traces.Therefore,we conducted a more complete analysis to investigate the leakage of an FPGA implementation of CRYSTALS-Dilithium using the Correlation Power Analysis(CPA)method,where with a minimum of 70,000 traces partial private key coefficients can be recovered.Furthermore,we optimise the attack by extracting Point-of-Interests using known information due to parallelism(named CPA-PoI)and by iteratively utilising parallel leakages(named CPA-ITR).Our experimental results show that CPA-PoI reduces the number of traces by up to 16.67%,CPA-ITR by up to 25%,and both increase the number of recovered key coefficients by up to 55.17% and 93.10% using the same number of traces.They outperfom the CPA method.As a result,it suggests that the FPGA implementation of CRYSTALS-Dilithium is more vulnerable than thought before to side-channel analysis.展开更多
Recent advancements in deep learning(DL)have introduced new security challenges in the form of side-channel attacks.A prime example is the website fingerprinting attack(WFA),which targets anonymity networks like Tor,e...Recent advancements in deep learning(DL)have introduced new security challenges in the form of side-channel attacks.A prime example is the website fingerprinting attack(WFA),which targets anonymity networks like Tor,enabling attackers to unveil users’protected browsing activities from traffic data.While state-of-the-art WFAs have achieved remarkable results,they often rely on unrealistic single-website assumptions.In this paper,we undertake an exhaustive exploration of multi-tab website fingerprinting attacks(MTWFAs)in more realistic scenarios.We delve into MTWFAs and introduce MTWFA-SEG,a task involving the fine-grained packet-level classification within multi-tab Tor traffic.By employing deep learning models,we reveal their potential to threaten user privacy by discerning visited websites and browsing session timing.We design an improved fully convolutional model for MTWFA-SEG,which are enhanced by both network architecture advances and traffic data instincts.In the evaluations on interlocking browsing datasets,the proposed models achieve remarkable accuracy rates of over 68.6%,71.8%,and 76.1%in closed,imbalanced open,and balanced open-world settings,respectively.Furthermore,the proposed models exhibit substantial robustness across diverse train-test settings.We further validate our designs in a coarse-grained task,MTWFA-MultiLabel,where they not only achieve state-of-the-art performance but also demonstrate high robustness in challenging situations.展开更多
Incremental search provides real-time suggestions as users type their queries.However,recent studies demonstrate that its encrypted search traffic can disclose privacy-sensitive data through side channels.Specifically...Incremental search provides real-time suggestions as users type their queries.However,recent studies demonstrate that its encrypted search traffic can disclose privacy-sensitive data through side channels.Specifically,attackers can derive information about user keystrokes from observable traffic features,like packet sizes,timings,and directions,thereby inferring the victim's entered search query.This vulnerability is known as a remote keystroke inference attack.While various attacks leveraging different traffic features have been developed,accompanied by obfuscation-based countermeasures,there is still a lack of overall and in-depth understanding regarding these attacks and defenses.To fill this gap,we conduct the first comprehensive evaluation of existing remote keystroke inference attacks and defenses.We carry out extensive experiments on five well-known incremental search websites.all listed in Alexa's top 50,to evaluate and compare their realworld performance.The results demonstrate that attacks utilizing multidimensional request features pose the greatest risk to user privacy,and random padding is currently considered the optimal defense balancing both efficacy and resource demands.Our work sheds light on the real-world implications of remote keystroke inference attacks and provides developers with guidelines to enhance privacy protection strategies.展开更多
There has been a growing interest in the sidechannel analysis(SCA)field based on deep learning(DL)technology.Various DL network or model has been developed to improve the efficiency of SCA.However,few studies have inv...There has been a growing interest in the sidechannel analysis(SCA)field based on deep learning(DL)technology.Various DL network or model has been developed to improve the efficiency of SCA.However,few studies have investigated the impact of the different models on attack results and the exact relationship between power consumption traces and intermediate values.Based on the convolutional neural network and the autoencoder,this paper proposes a Template Analysis Pre-trained DL Classification model named TAPDC which contains three sub-networks.The TAPDC model detects the periodicity of power trace,relating power to the intermediate values and mining the deeper features by the multi-layer convolutional net.We implement the TAPDC model and compare it with two classical models in a fair experiment.The evaluative results show that the TAPDC model with autoencoder and deep convolution feature extraction structure in SCA can more effectively extract information from power consumption trace.Also,Using the classifier layer,this model links power information to the probability of intermediate value.It completes the conversion from power trace to intermediate values and greatly improves the efficiency of the power attack.展开更多
In this paper, we propose a theoretical-information Confidential Procedure Model (CPM) to quantify confidentiality (or information leakage). The advantages of the CPM model include the following: 1) confidentiality lo...In this paper, we propose a theoretical-information Confidential Procedure Model (CPM) to quantify confidentiality (or information leakage). The advantages of the CPM model include the following: 1) confidentiality loss is formalized as a dynamic procedure, instead of a static function, and described via the "waterfall" diagram; 2) confidentiality loss is quantified in a relative manner, i.e., taken as a quantitative metric, the ratio of the conditional entropy being reserved after observing the entropy of the original full confidential information; 3) the optimal attacks including exhaustive attacks as well as all possible attacks that have (or have not even) been discovered, are taken into account when defining the novel concept of the confidential degree. To elucidate the proposed model, we analyze the information leakage in side-channel attacks and the anonymity of DC-net in a quantitative manner.展开更多
Existing Side-Channel Attacks (SCAs) have several limitations and, rather than to be real attack methods, can only be considered to be security evaluation methods. Their limitations are mainly related to the samplin...Existing Side-Channel Attacks (SCAs) have several limitations and, rather than to be real attack methods, can only be considered to be security evaluation methods. Their limitations are mainly related to the sampling conditions, such as the trigger signal embedded in the source code of the encryption device, and the acquisition device that serves as the encryption-device controller. Apart from it being very difficult for an attacker to add a trigger into the original design before making an attack or to control the encryption device, there is a big gap in the capacity of existing SCAs to pose real threats to cipher devices. In this paper, we propose a new method, the sliding window SCA (SW-SCA), which can be applied in scenarios in which the acquisition device is independent of the encryption device and for which the encryption source code requires no trigger signal or modification. First, we describe the main issues in existing SCAs, then we theoretically analyze the effectiveness and complexity of our proposed SW-SCA --a method that can incorporate a sliding-window mechanism into almost all of the existing non-profiled SCAs. The experimental results for both simulated and physical traces verify the effectiveness of the SW-SCA and the appropriateness of its theoretical complexity.展开更多
In order to improve the efficiency and success rate of the side channel attack,the utility of side channel information of the attack object must be analyzed and evaluated before the attack implementation.Based on the ...In order to improve the efficiency and success rate of the side channel attack,the utility of side channel information of the attack object must be analyzed and evaluated before the attack implementation.Based on the study of side-channel attack techniques,a method is proposed in this paper to analyze and evaluate the utility of side channel information and the evaluation indexes of comentropy,Signal-to-Noise Ratio(SNR)are introduced.On this basis,the side channel information(power and electromagnetic)of a side channel attack experiment board is analyzed and evaluated,and the Data Encryption Standard(DES)cipher algorithm is attacked with the differential power attack method and differential electromagnetic attack method.The attack results show the effectiveness of the analysis and evaluation method proposed in this paper.展开更多
Co-residency of different tenants’ virtual machines(VMs) in cloud provides a good chance for side-channel attacks, which results in information leakage. However, most of current defense suffers from the generality or...Co-residency of different tenants’ virtual machines(VMs) in cloud provides a good chance for side-channel attacks, which results in information leakage. However, most of current defense suffers from the generality or compatibility problem, thus failing in immediate real-world deployment. VM migration, an inherit mechanism of cloud systems, envisions a promising countermeasure, which limits co-residency by moving VMs between servers. Therefore, we first set up a unified practical adversary model, where the attacker focuses on effective side channels. Then we propose Driftor, a new cloud system that contains VMs of a multi-executor structure where only one executor is active to provide service through a proxy, thus reducing possible information leakage. Active state is periodically switched between executors to simulate defensive effect of VM migration. To enhance the defense, real VM migration is enabled at the same time. Instead of solving the migration satisfiability problem with intractable CIRCUIT-SAT, a greedy-like heuristic algorithm is proposed to search for a viable solution by gradually expanding an initial has-to-migrate set of VMs. Experimental results show that Driftor can not only defend against practical fast side-channel attack, but also bring about reasonable impacts on real-world cloud applications.展开更多
The security of cryptographic systems is a major concern for cryptosystem designers, even though cryptography algorithms have been improved. Side-channel attacks, by taking advantage of physical vulnerabilities of cry...The security of cryptographic systems is a major concern for cryptosystem designers, even though cryptography algorithms have been improved. Side-channel attacks, by taking advantage of physical vulnerabilities of cryptosystems, aim to gain secret information. Several approaches have been proposed to analyze side-channel information, among which machine learning is known as a promising method. Machine learning in terms of neural networks learns the signature (power consumption and electromagnetic emission) of an instruction, and then recognizes it automatically. In this paper, a novel experimental investigation was conducted on field-programmable gate array (FPGA) implementation of elliptic curve cryptography (ECC), to explore the efficiency of side-channel information characterization based on a learning vector quantization (LVQ) neural network. The main characteristics of LVQ as a multi-class classifier are that it has the ability to learn complex non-linear input-output relationships, use sequential training procedures, and adapt to the data. Experimental results show the performance of multi-class classification based on LVQ as a powerful and promising approach of side-channel data characterization.展开更多
基金This work was supported in part by the China Ministry of Science and Technology under Grant 2015GA600002。
文摘The cache-based covert channel is one of the common vulnerabilities exploited in the Spectre attacks.Current mitigation strategies focus on blocking the eviction-based channel by using a random/encrypted mapping function to translate memory address to the cache address,while the updated-based channel is still vulnerable.In addition,some mitigation strategies are also costly as it needs software and hardware modifications.In this paper,our objective is to devise low-cost,comprehensive-protection techniques for mitigating the Spectre attacks.We proposed a novel cache structure,named EBCache,which focuses on the RISC-V processor and applies the address encryption and blacklist to resist the Spectre attacks.The addresses encryption mechanism increases the difficulty of pruning a minimal eviction set.The blacklist mechanism makes the updated cache lines loaded by the malicious updates invisible.Our experiments demonstrated that the EBCache can prevent malicious modifications.The EBCache,however,reduces the processor’s performance by about 23%but involves only a low-cost modification in the hardware.
基金National Natural Science Foundation of China(62472397)Innovation Program for Quantum Science and Technology(2021ZD0302902)。
文摘Recently,several PC oracle based side-channel attacks have been proposed against Kyber.However,most of them focus on unprotected implementations and masking is considered as a counter-measure.In this study,we extend PC oracle based side-channel attacks to the second-order scenario and successfully conduct key-recovery attacks on the first-order masked Kyber.Firstly,we analyze the potential joint information leakage.Inspired by the binary PC oracle based attack proposed by Qin et al.at Asiacrypt 2021,we identify the 1-bit leakage scenario in the masked Keccak implementation.Moreover,we modify the ciphertexts construction described by Tanaka et al.at CHES 2023,extending the leakage scenario from 1-bit to 32-bit.With the assistance of TVLA,we validate these leakages through experiments.Secondly,for these two scenarios,we construct a binary PC oracle based on t-test and a multiple-valued PC oracle based on neural networks.Furthermore,we conduct practical side-channel attacks on masked Kyber by utilizing our oracles,with the implementation running on an ARM Cortex-M4 microcontroller.The demonstrated attacks require a minimum of 15788 and 648 traces to fully recover the key of Kyber768 in the 1-bit leakage scenario and the 32-bit leakage scenario,respectively.Our analysis may also be extended to attack other post-quantum schemes that use the same masked hash function.Finally,we apply the shuffling strategy to the first-order masked imple-mentation of the Kyber and perform leakage tests.Experimental results show that the combination strategy of shuffling and masking can effectively resist our proposed attacks.
文摘Fault attacks have emerged as an increasingly effective approach for integrated circuit security attacks due to their short execution time and minimal data requirement.However,the lack of a unified leakage model remains a critical challenge,as existing methods often rely on algorithm-specific details or prior knowledge of plaintexts and intermediate values.This paper proposes the Fault Probability Model based on Hamming Weight(FPHW)to address this.This novel statistical framework quantifies fault attacks by solely analyzing the statistical response of the target device,eliminating the need for attack algorithm details or implementation specifics.Building on this model,a Fault Injection Attack method based on Mutual Information(FPMIA)is introduced,which recovers keys by leveraging the mutual information between measured fault probability traces and simulated leakage derived from Hamming weight,reducing data requirements by at least 44%compared to the existing Mutual Information Analysis method while achieving a high correlation coefficient of 0.9403 between measured and modeled fault probabilities.Experimental validation on an AES-128 implementation via a Microcontroller Unit demonstrates that FPHW accurately captures the data dependence of fault probability and FPMIA achieves efficient key recovery with robust noise tolerance,establishing a unified and efficient framework that surpasses traditional methods in terms of generality,data efficiency,and practical applicability.
基金supported by the National Key Research and Development Program of China (2018YFB0804004)the Foundation of the National Natural Science Foundation of China (61602509)+1 种基金the Foundation for Innovative Research Groups of the National Natural Science Foundation of China (61521003)the Key Technologies Research and Development Program of Henan Province of China (172102210615)
文摘Co-residency of virtual machines(VMs) of different tenants on the same physical platform would possibly lead to cross-VM side-channel attacks in the cloud. While most of current countermeasures fail for real or immediate deployment due to their requirement for modification of virtualization structure, we adopt dynamic migration, an inherent mechanism of the cloud platform, as a general defense against this kind of threats. To this end, we first set up a unified practical information leakage model which shows the factors affecting side channels and describes the way they influence the damage due to side-channel attacks. Since migration is adopted to limit the time duration of co-residency, we envision this defense as an optimization problem by setting up an Integer Linear Programming(ILP) to calculate optimal migration strategy, which is intractable due to high computational complexity. Therefore, we approximate the ILP with a baseline genetic algorithm, which is further improved for its optimality and scalability. Experimental results show that our migration-based defense can not only provide excellent security guarantees and affordable performance cost in both theoretical simulation and practical cloud environment, but also achieve better optimality and scalability than previous countermeasures.
基金This work was supported by the National Science and Technology Major Project of China(2017ZX01030301).
文摘A side-channel attack(SCA)-resistant AES S-box implementation is proposed,which is an improvement from the power-aware hiding(PAH)S-box but with higher security and a smaller area.We use the composite field approach and apply the PAH method to the inversion in the nonlinear kernel and a masking method to the other parts.In addition,a delaymatched enable control technique is used to suppress glitches in the masked parts.The evaluation results show that its area is contracted to 63.3%of the full PAH S-box,and its power-delay product is much lower than that of the masking implementation.The leakage assessment using simulation power traces concludes that it has no detectable leakage under t-test and that it at least can thwart the moment-correlation analysis using 665000 noiseless traces.
基金Supported by the National Natural ScienceFoundation of China (60473029)
文摘Side-channel attacks (SCA) may exploit leakage information to break cryptosystems. In this paper we present a new SCA resistant Elliptic Curve scalar multiplication algorithm. The proposed algorithm, builds a sequence of bit-strings representing the scalar k, characterized by the fact that all bit-strings are different from zero; this property will ensure a uniform computation behavior for the algorithm, and thus will make it secure against simple power analysis attacks (SPA). With other randomization techniques, the proposed countermeasures do not penalize the computation time. The proposed scheme is more efficient than MOEller's one, its cost being about 5% to 10% smaller than MOEller's one.
文摘Side-channel attacks based on supervised learning require that the attacker have complete control over the cryptographic device and obtain a large number of labeled power traces.However,in real life,this requirement is usually not met.In this paper,an attack algorithm based on collaborative learning is proposed.The algorithm only needs to use a small number of labeled power traces to cooperate with the unlabeled power trace to realize the attack to cryptographic device.By experimenting with the DPA contest V4 dataset,the results show that the algorithm can improve the accuracy by about 20%compared with the pure supervised learning in the case of using only 10 labeled power traces.
基金supported by Universiti Kebangsaan Malaysia(No.GUP 2023-010).
文摘Mobile devices within Fifth Generation(5G)networks,typically equipped with Android systems,serve as a bridge to connect digital gadgets such as global positioning system,mobile devices,and wireless routers,which are vital in facilitating end-user communication requirements.However,the security of Android systems has been challenged by the sensitive data involved,leading to vulnerabilities in mobile devices used in 5G networks.These vulnerabilities expose mobile devices to cyber-attacks,primarily resulting from security gaps.Zero-permission apps in Android can exploit these channels to access sensitive information,including user identities,login credentials,and geolocation data.One such attack leverages“zero-permission”sensors like accelerometers and gyroscopes,enabling attackers to gather information about the smartphone’s user.This underscores the importance of fortifying mobile devices against potential future attacks.Our research focuses on a new recurrent neural network prediction model,which has proved highly effective for detecting sidechannel attacks in mobile devices in 5G networks.We conducted state-of-the-art comparative studies to validate our experimental approach.The results demonstrate that even a small amount of training data can accurately recognize 37.5%of previously unseen user-typed words.Moreover,our tap detection mechanism achieves a 92%accuracy rate,a crucial factor for text inference.These findings have significant practical implications,as they reinforce mobile device security in 5G networks,enhancing user privacy,and data protection.
基金supported by a National Research Foundation of Korea(NRF)Grant funded by the Korean government(MSIT)(No.NRF-2017R1E1A1A01075110).
文摘Side-channel attacks have recently progressed into software-induced attacks.In particular,a rowhammer attack,which exploits the characteristics of dynamic random access memory(DRAM),can quickly and continuously access the cells as the cell density of DRAM increases,thereby generating a disturbance error affecting the neighboring cells,resulting in bit flips.Although a rowhammer attack is a highly sophisticated attack in which disturbance errors are deliberately generated into data bits,it has been reported that it can be exploited on various platforms such as mobile devices,web browsers,and virtual machines.Furthermore,there have been studies on bypassing the defense measures of DRAM manufacturers and the like to respond to rowhammer attacks.A rowhammer attack can control user access and compromise the integrity of sensitive data with attacks such as a privilege escalation and an alteration of the encryption keys.In an attempt to mitigate a rowhammer attack,various hardware-and software-based mitigation techniques are being studied,but there are limitations in that the research methods do not detect the rowhammer attack in advance,causing overhead or degradation of the system performance.Therefore,in this study,a rowhammer attack detection technique is proposed by extracting common features of rowhammer attack files through a static analysis of rowhammer attack codes.
文摘Protocol tunneling is widely used to add security and/or privacy to Internet applications. Recent research has exposed side channel vulnerabilities that leak information about tunneled protocols. We first discuss the timing side channels that have been found in protocol tunneling tools. We then show how to infer Hidden Markov models (HMMs) of network protocols from timing data and use the HMMs to detect when protocols are active. Unlike previous work, the HMM approach we present requires no a priori knowledge of the protocol. To illustrate the utility of this approach, we detect the use of English or Italian in interactive SSH sessions. For this example application, keystroke-timing data associates inter-packet delays with keystrokes. We first use clustering to extract discrete information from continuous timing data. We use discrete symbols to infer a HMM model, and finally use statistical tests to determine if the observed timing is consistent with the language typing statistics. In our tests, if the correct window size is used, fewer than 2% of data windows are incorrectly identified. Experimental verification shows that on-line detection of language use in interactive encrypted protocol tunnels is reliable. We compare maximum likelihood and statistical hypothesis testing for detecting protocol tunneling. We also discuss how this approach is useful in monitoring mix networks like The Onion Router (Tor).
文摘Timing attack is an attack on the implementation of a cryptographic primitive. The attack collects leaked secret data via certain implementation techniques either on software or hardware. This paper provides an analysis of a theoretical timing attack on the AAβ algorithm. The attack discussed in this paper gives avenues for secure implementation of AAβ against timing attacks. The simulation of the attack is important to provide invulnerability features for the algorithm in order to be implemented and embedded on applications. At the end of the attack, a method to overcome it will be introduced and it is called AAβ blinding.
基金supported in part by National Key R&D Program of China(No.2022YFB3103800)National Natural Science Foundation of China(No.U1936209,No.62202231 and No.62202230)+4 种基金the Defense Industrial Technology Development Program(No.JCKY2021606B013)China Postdoctoral Science Foundation(No.2021M701726)Jiangsu Funding Program for Excellent Postdoctoral Talent(No.2022ZB270)Yunnan Provincial Major Science and Technology Special Plan Projects(No.202103AA080015)CCF-Tencent Rhino-Bird Open Research Fund(No.CCF-Tencent RAGR20230114).
文摘During the standardisation process of post-quantum cryptography,NIST encourages research on side-channel analysis for candidate schemes.As the recommended lattice signature scheme,CRYSTALS-Dilithium,when implemented on hardware,has seen limited research on side-channel analysis,and current attacks are incomplete or requires a substantial quantity of traces.Therefore,we conducted a more complete analysis to investigate the leakage of an FPGA implementation of CRYSTALS-Dilithium using the Correlation Power Analysis(CPA)method,where with a minimum of 70,000 traces partial private key coefficients can be recovered.Furthermore,we optimise the attack by extracting Point-of-Interests using known information due to parallelism(named CPA-PoI)and by iteratively utilising parallel leakages(named CPA-ITR).Our experimental results show that CPA-PoI reduces the number of traces by up to 16.67%,CPA-ITR by up to 25%,and both increase the number of recovered key coefficients by up to 55.17% and 93.10% using the same number of traces.They outperfom the CPA method.As a result,it suggests that the FPGA implementation of CRYSTALS-Dilithium is more vulnerable than thought before to side-channel analysis.
基金supported partially by the National Natural Science Foundation of China(Nos.62172378,61572448,and 61827810)by the National Key Research and Development Program of China(No.2020YFB1707701).
文摘Recent advancements in deep learning(DL)have introduced new security challenges in the form of side-channel attacks.A prime example is the website fingerprinting attack(WFA),which targets anonymity networks like Tor,enabling attackers to unveil users’protected browsing activities from traffic data.While state-of-the-art WFAs have achieved remarkable results,they often rely on unrealistic single-website assumptions.In this paper,we undertake an exhaustive exploration of multi-tab website fingerprinting attacks(MTWFAs)in more realistic scenarios.We delve into MTWFAs and introduce MTWFA-SEG,a task involving the fine-grained packet-level classification within multi-tab Tor traffic.By employing deep learning models,we reveal their potential to threaten user privacy by discerning visited websites and browsing session timing.We design an improved fully convolutional model for MTWFA-SEG,which are enhanced by both network architecture advances and traffic data instincts.In the evaluations on interlocking browsing datasets,the proposed models achieve remarkable accuracy rates of over 68.6%,71.8%,and 76.1%in closed,imbalanced open,and balanced open-world settings,respectively.Furthermore,the proposed models exhibit substantial robustness across diverse train-test settings.We further validate our designs in a coarse-grained task,MTWFA-MultiLabel,where they not only achieve state-of-the-art performance but also demonstrate high robustness in challenging situations.
基金supported by the National Natural Science Foundation of China(Nos.62172027 and U24B20117)the Zhejiang Provincial Natural Science Foundation of China(No.LZ23F020013)the National Key R&D Program of China(No.2020YFB1005601).
文摘Incremental search provides real-time suggestions as users type their queries.However,recent studies demonstrate that its encrypted search traffic can disclose privacy-sensitive data through side channels.Specifically,attackers can derive information about user keystrokes from observable traffic features,like packet sizes,timings,and directions,thereby inferring the victim's entered search query.This vulnerability is known as a remote keystroke inference attack.While various attacks leveraging different traffic features have been developed,accompanied by obfuscation-based countermeasures,there is still a lack of overall and in-depth understanding regarding these attacks and defenses.To fill this gap,we conduct the first comprehensive evaluation of existing remote keystroke inference attacks and defenses.We carry out extensive experiments on five well-known incremental search websites.all listed in Alexa's top 50,to evaluate and compare their realworld performance.The results demonstrate that attacks utilizing multidimensional request features pose the greatest risk to user privacy,and random padding is currently considered the optimal defense balancing both efficacy and resource demands.Our work sheds light on the real-world implications of remote keystroke inference attacks and provides developers with guidelines to enhance privacy protection strategies.
基金This research was supported by the National Natural Science Foundation of China(Grant No.61572174)Hunan Province Special Funds of Central Government for Guiding Local Science and Technology Development(2018CT5001)+4 种基金Hunan Provincial Natural Science Foundation of China(2019JJ60004)the Scientific Research Fund of Hunan Provincial Education Department with(19A072)Subject group construction project of Hengyang Normal University(18XKQ02)Application-oriented Special Disciplines,Double First-Class University Project of Hunan Province(Xiangjiaotong[2018]469)the Science and Technology Plan Project of Hunan Province(2016TP1020).
文摘There has been a growing interest in the sidechannel analysis(SCA)field based on deep learning(DL)technology.Various DL network or model has been developed to improve the efficiency of SCA.However,few studies have investigated the impact of the different models on attack results and the exact relationship between power consumption traces and intermediate values.Based on the convolutional neural network and the autoencoder,this paper proposes a Template Analysis Pre-trained DL Classification model named TAPDC which contains three sub-networks.The TAPDC model detects the periodicity of power trace,relating power to the intermediate values and mining the deeper features by the multi-layer convolutional net.We implement the TAPDC model and compare it with two classical models in a fair experiment.The evaluative results show that the TAPDC model with autoencoder and deep convolution feature extraction structure in SCA can more effectively extract information from power consumption trace.Also,Using the classifier layer,this model links power information to the probability of intermediate value.It completes the conversion from power trace to intermediate values and greatly improves the efficiency of the power attack.
基金supported by the National Natural Science Foundation of China under Grants No.61172085,No.61272536,No.11061130539,No.61103221,No.61271118,No.61021004
文摘In this paper, we propose a theoretical-information Confidential Procedure Model (CPM) to quantify confidentiality (or information leakage). The advantages of the CPM model include the following: 1) confidentiality loss is formalized as a dynamic procedure, instead of a static function, and described via the "waterfall" diagram; 2) confidentiality loss is quantified in a relative manner, i.e., taken as a quantitative metric, the ratio of the conditional entropy being reserved after observing the entropy of the original full confidential information; 3) the optimal attacks including exhaustive attacks as well as all possible attacks that have (or have not even) been discovered, are taken into account when defining the novel concept of the confidential degree. To elucidate the proposed model, we analyze the information leakage in side-channel attacks and the anonymity of DC-net in a quantitative manner.
基金upported by the National Natural Science Foundation of China (No. 61472292)the Technological Innovation of Hubei Province (No. 2018AAA046)the Key Technology Research of New-Generation HighSpeed and High-Level Security Chip for Smart Grid (No. 526816160015)
文摘Existing Side-Channel Attacks (SCAs) have several limitations and, rather than to be real attack methods, can only be considered to be security evaluation methods. Their limitations are mainly related to the sampling conditions, such as the trigger signal embedded in the source code of the encryption device, and the acquisition device that serves as the encryption-device controller. Apart from it being very difficult for an attacker to add a trigger into the original design before making an attack or to control the encryption device, there is a big gap in the capacity of existing SCAs to pose real threats to cipher devices. In this paper, we propose a new method, the sliding window SCA (SW-SCA), which can be applied in scenarios in which the acquisition device is independent of the encryption device and for which the encryption source code requires no trigger signal or modification. First, we describe the main issues in existing SCAs, then we theoretically analyze the effectiveness and complexity of our proposed SW-SCA --a method that can incorporate a sliding-window mechanism into almost all of the existing non-profiled SCAs. The experimental results for both simulated and physical traces verify the effectiveness of the SW-SCA and the appropriateness of its theoretical complexity.
文摘In order to improve the efficiency and success rate of the side channel attack,the utility of side channel information of the attack object must be analyzed and evaluated before the attack implementation.Based on the study of side-channel attack techniques,a method is proposed in this paper to analyze and evaluate the utility of side channel information and the evaluation indexes of comentropy,Signal-to-Noise Ratio(SNR)are introduced.On this basis,the side channel information(power and electromagnetic)of a side channel attack experiment board is analyzed and evaluated,and the Data Encryption Standard(DES)cipher algorithm is attacked with the differential power attack method and differential electromagnetic attack method.The attack results show the effectiveness of the analysis and evaluation method proposed in this paper.
基金the National Natural Science Foundation of China (Nos. 61521003 and 61602509)the National Key Research and Development Program of China (Nos. 2016YFB0800100 and 2016YFB0800101)the Key Technologies Research and Development Program of Henan Province of China (No. 172102210615).
文摘Co-residency of different tenants’ virtual machines(VMs) in cloud provides a good chance for side-channel attacks, which results in information leakage. However, most of current defense suffers from the generality or compatibility problem, thus failing in immediate real-world deployment. VM migration, an inherit mechanism of cloud systems, envisions a promising countermeasure, which limits co-residency by moving VMs between servers. Therefore, we first set up a unified practical adversary model, where the attacker focuses on effective side channels. Then we propose Driftor, a new cloud system that contains VMs of a multi-executor structure where only one executor is active to provide service through a proxy, thus reducing possible information leakage. Active state is periodically switched between executors to simulate defensive effect of VM migration. To enhance the defense, real VM migration is enabled at the same time. Instead of solving the migration satisfiability problem with intractable CIRCUIT-SAT, a greedy-like heuristic algorithm is proposed to search for a viable solution by gradually expanding an initial has-to-migrate set of VMs. Experimental results show that Driftor can not only defend against practical fast side-channel attack, but also bring about reasonable impacts on real-world cloud applications.
文摘The security of cryptographic systems is a major concern for cryptosystem designers, even though cryptography algorithms have been improved. Side-channel attacks, by taking advantage of physical vulnerabilities of cryptosystems, aim to gain secret information. Several approaches have been proposed to analyze side-channel information, among which machine learning is known as a promising method. Machine learning in terms of neural networks learns the signature (power consumption and electromagnetic emission) of an instruction, and then recognizes it automatically. In this paper, a novel experimental investigation was conducted on field-programmable gate array (FPGA) implementation of elliptic curve cryptography (ECC), to explore the efficiency of side-channel information characterization based on a learning vector quantization (LVQ) neural network. The main characteristics of LVQ as a multi-class classifier are that it has the ability to learn complex non-linear input-output relationships, use sequential training procedures, and adapt to the data. Experimental results show the performance of multi-class classification based on LVQ as a powerful and promising approach of side-channel data characterization.
