Visible to the public Biblio

Filters: Author is Bhasin, Shivam  [Clear All Filters]
2016
He, Wei, Breier, Jakub, Bhasin, Shivam, Chattopadhyay, Anupam.  2016.  Bypassing Parity Protected Cryptography Using Laser Fault Injection in Cyber-Physical System. Proceedings of the 2Nd ACM International Workshop on Cyber-Physical System Security. :15–21.

Lightweight cryptography has been widely utilized in resource constrained embedded devices of Cyber-Physical System (CPS) terminals. The hostile and unattended environment in many scenarios make those endpoints easy to be attacked by hardware based techniques. As a resource-efficient countermeasure against Fault Attacks, parity Concurrent Error Detection (CED) is preferably integrated with security-critical algorithm in CPS terminals. The parity bit changes if an odd number of faults occur during the cipher execution. In this paper, we analyze the effectiveness of fault detection of a parity CED protected cipher (PRESENT) using laser fault injection. The experimental results show that the laser perturbation to encryption can easily flip an even number of data bits, where the faults cannot be detected by parity. Due to the similarity of different parity structures, our attack can bypass almost all parity protections in block ciphers. Some suggestions are given to enhance the security of parity implementations.

2020
Hou, Xiaolu, Breier, Jakub, Jap, Dirmanto, Ma, Lei, Bhasin, Shivam, Liu, Yang.  2020.  Security Evaluation of Deep Neural Network Resistance Against Laser Fault Injection. 2020 IEEE International Symposium on the Physical and Failure Analysis of Integrated Circuits (IPFA). :1–6.
Deep learning is becoming a basis of decision making systems in many application domains, such as autonomous vehicles, health systems, etc., where the risk of misclassification can lead to serious consequences. It is necessary to know to which extent are Deep Neural Networks (DNNs) robust against various types of adversarial conditions. In this paper, we experimentally evaluate DNNs implemented in embedded device by using laser fault injection, a physical attack technique that is mostly used in security and reliability communities to test robustness of various systems. We show practical results on four activation functions, ReLu, softmax, sigmoid, and tanh. Our results point out the misclassification possibilities for DNNs achieved by injecting faults into the hidden layers of the network. We evaluate DNNs by using several different attack strategies to show which are the most efficient in terms of misclassification success rates. Outcomes of this work should be taken into account when deploying devices running DNNs in environments where malicious attacker could tamper with the environmental parameters that would bring the device into unstable conditions. resulting into faults.
2021
Ravi, Prasanna, Chattopadhyay, Anupam, Bhasin, Shivam.  2021.  Practical Side-Channel and Fault Attacks on Lattice-Based Cryptography. 2021 IFIP/IEEE 29th International Conference on Very Large Scale Integration (VLSI-SoC). :1–2.
The impending threat of large-scale quantum computers to classical RSA and ECC-based public-key cryptographic schemes prompted NIST to initiate a global level standardization process for post-quantum cryptography. This process which started in 2017 with 69 submissions is currently in its third and final round with seven main candidates and eight alternate candidates, out of which seven (7) out of the fifteen (15) candidates are schemes based on hard problems over structured lattices, known as lattice-based cryptographic schemes. Among the various parameters such as theoretical post-quantum (PQ) security guarantees, implementation cost and performance, resistance against physical attacks such as Side-Channel Analysis (SCA) and Fault Injection Analysis (FIA) has also emerged as an important criterion for standardization in the final round [1]. This is especially relevant for adoption of PQC in embedded devices, which are most likely used in environments where an attacker can have unimpeded physical access to the device.