Visible to the public Biblio

Filters: Keyword is side-channel attacks  [Clear All Filters]
Seneviratne, Piyumi, Perera, Dilanka, Samarasekara, Harinda, Keppitiyagama, Chamath, Thilakarathna, Kenneth, De Soyza, Kasun, Wijesekara, Primal.  2020.  Impact of Video Surveillance Systems on ATM PIN Security. 2020 20th International Conference on Advances in ICT for Emerging Regions (ICTer). :59–64.
ATM transactions are verified using two-factor authentication. The PIN is one of the factors (something you know) and the ATM Card is the other factor (something you have). Therefore, banks make significant investments on PIN Mailers and HSMs to preserve the security and confidentiality in the generation, validation, management and the delivery of the PIN to their customers. Moreover, banks install surveillance cameras inside ATM cubicles as a physical security measure to prevent fraud and theft. However, in some cases, ATM PIN-Pad and the PIN entering process get revealed through the surveillance camera footage itself. We demonstrate that visibility of forearm movements is sufficient to infer PINs with a significant level of accuracy. Video footage of the PIN entry process simulated in an experimental setup was analyzed using two approaches. The human observer-based approach shows that a PIN can be guessed with a 30% of accuracy within 3 attempts whilst the computer-assisted analysis of footage gave an accuracy of 50%. The results confirm that ad-hoc installation of surveillance cameras can weaken ATM PIN security significantly by potentially exposing one factor of a two-factor authentication system. Our investigation also revealed that there are no guidelines, standards or regulations governing the placement of surveillance cameras inside ATM cubicles in Sri Lanka.
Tong, Zhongkai, Zhu, Ziyuan, Wang, Zhanpeng, Wang, Limin, Zhang, Yusha, Liu, Yuxin.  2020.  Cache side-channel attacks detection based on machine learning. 2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). :919—926.
Security has always been one of the main concerns in the field of computer architecture and cloud computing. Cache-based side-channel attacks pose a threat to almost all existing architectures and cloud computing. Especially in the public cloud, the cache is shared among multiple tenants, and cache attacks can make good use of this to extract information. Cache side-channel attacks are a problem to be solved for security, in which how to accurately detect cache side-channel attacks has been a research hotspot. Because the cache side-channel attack does not require the attacker to physically contact the target device and does not need additional devices to obtain the side channel information, the cache-side channel attack is efficient and hidden, which poses a great threat to the security of cryptographic algorithms. Based on the AES algorithm, this paper uses hardware performance counters to obtain the features of different cache events under Flush + Reload, Prime + Probe, and Flush + Flush attacks. Firstly, the random forest algorithm is used to filter the cache features, and then the support vector machine algorithm is used to model the system. Finally, high detection accuracy is achieved under different system loads. The detection accuracy of the system is 99.92% when there is no load, the detection accuracy is 99.85% under the average load, and the detection accuracy under full load is 96.57%.
Hong, Tang, Ju, Tailiang, Li, Yao.  2020.  Address Collision Attacks on ECSM Protected by ADPA. 2020 17th International Computer Conference on Wavelet Active Media Technology and Information Processing (ICCWAMTIP). :235—239.

Using the physical characteristics of the encryption device, an attacker can more easily obtain the key, which is called side-channel attack. Common side-channel attacks, such as simple power analysis (SPA) and differential power analysis (DPA), mainly focus on the statistical analysis of the data involved in the encryption algorithm, while there are relatively few studies on the Hamming weight of the addresses. Therefore, a new method of address-based Hamming weight analysis, address collision attack, is proposed in this research. The collision attack method (CA) and support vector machines algorithm (SVM) are used for analysis, meanwhile, the scalar multiplication implemented by protected address-bit DPA (ADPA) can be attack on the ChipWhisperer-Pro CW1200.

Marquer, Y., Richmond, T..  2020.  A Hole in the Ladder : Interleaved Variables in Iterative Conditional Branching. 2020 IEEE 27th Symposium on Computer Arithmetic (ARITH). :56–63.
The modular exponentiation is crucial to the RSA cryptographic protocol, and variants inspired by the Montgomery ladder have been studied to provide more secure algorithms. In this paper, we abstract away the iterative conditional branching used in the Montgomery ladder, and formalize systems of equations necessary to obtain what we call the semi-interleaved and fully-interleaved ladder properties. In particular, we design fault-injection attacks able to obtain bits of the secret against semi-interleaved ladders, including the Montgomery ladder, but not against fully-interleaved ladders that are more secure. We also apply these equations to extend the Montgomery ladder for both the semi- and fully-interleaved cases, thus proposing novel and more secure algorithms to compute the modular exponentiation.
Wang, H., Sayadi, H., Kolhe, G., Sasan, A., Rafatirad, S., Homayoun, H..  2020.  Phased-Guard: Multi-Phase Machine Learning Framework for Detection and Identification of Zero-Day Microarchitectural Side-Channel Attacks. 2020 IEEE 38th International Conference on Computer Design (ICCD). :648—655.

Microarchitectural Side-Channel Attacks (SCAs) have emerged recently to compromise the security of computer systems by exploiting the existing processors' hardware vulnerabilities. In order to detect such attacks, prior studies have proposed the deployment of low-level features captured from built-in Hardware Performance Counter (HPC) registers in modern microprocessors to implement accurate Machine Learning (ML)-based SCAs detectors. Though effective, such attack detection techniques have mainly focused on binary classification models offering limited insights on identifying the type of attacks. In addition, while existing SCAs detectors required prior knowledge of attacks applications to detect the pattern of side-channel attacks using a variety of microarchitectural features, detecting unknown (zero-day) SCAs at run-time using the available HPCs remains a major challenge. In response, in this work we first identify the most important HPC features for SCA detection using an effective feature reduction method. Next, we propose Phased-Guard, a two-level machine learning-based framework to accurately detect and classify both known and unknown attacks at run-time using the most prominent low-level features. In the first level (SCA Detection), Phased-Guard using a binary classification model detects the existence of SCAs on the target system by determining the critical scenarios including system under attack and system under no attack. In the second level (SCA Identification) to further enhance the security against side-channel attacks, Phased-Guard deploys a multiclass classification model to identify the type of SCA applications. The experimental results indicate that Phased-Guard by monitoring only the victim applications' microarchitectural HPCs data, achieves up to 98 % attack detection accuracy and 99.5% SCA identification accuracy significantly outperforming the state-of-the-art solutions by up to 82 % in zero-day attack detection at the cost of only 4% performance overhead for monitoring.

Levina, A., Kamnev, I., Zikratov, I..  2020.  Implementation White Box Cryptography in Substitution-Permutation network. 2020 9th Mediterranean Conference on Embedded Computing (MECO). :1—3.

Advances in technology have led not only to increased security and privacy but also to new channels of information leakage. New leak channels have resulted in the emergence of increased relevance of various types of attacks. One such attacks are Side-Channel Attacks, i.e. attacks aimed to find vulnerabilities in the practical component of the algorithm. However, with the development of these types of attacks, methods of protection against them have also appeared. One of such methods is White-Box Cryptography.

Fischer, T., Lesjak, C., Pirker, D., Steger, C..  2019.  RPC Based Framework for Partitioning IoT Security Software for Trusted Execution Environments. 2019 IEEE 10th Annual Information Technology, Electronics and Mobile Communication Conference (IEMCON). :0430–0435.
Partitioning security components of IoT devices to enable the use of Trusted Execution Environments adds resilience against side-channel attacks. Devices are hardened against extraction of sensitive information, but at the same time additional effort must be spent for the integration of the TEE and software partitioning. To perform partitioning, the developer typically inserts Remote Procedure Calls into the software. Existing RPC-based solutions require the developer to write Interface Definition Language files to generate RPC stubs. In this work, we present an RPC-based framework that supports software partitioning via a graphical user interface. The framework extracts required information about the interfaces from source-code header files to eliminate the need for IDL files. With this approach the TEE integration time is reduced and reuse of existing libraries is supported. We evaluate a Proof-of-Concept by partitioning a TLS library for IoT devices and compare our approach to other RPC-based solutions.
Eskandarian, Saba, Cogan, Jonathan, Birnbaum, Sawyer, Brandon, Peh Chang Wei, Franke, Dillon, Fraser, Forest, Garcia, Gaspar, Gong, Eric, Nguyen, Hung T., Sethi, Taresh K. et al..  2019.  Fidelius: Protecting User Secrets from Compromised Browsers. 2019 IEEE Symposium on Security and Privacy (SP). :264—280.
Users regularly enter sensitive data, such as passwords, credit card numbers, or tax information, into the browser window. While modern browsers provide powerful client-side privacy measures to protect this data, none of these defenses prevent a browser compromised by malware from stealing it. In this work, we present Fidelius, a new architecture that uses trusted hardware enclaves integrated into the browser to enable protection of user secrets during web browsing sessions, even if the entire underlying browser and OS are fully controlled by a malicious attacker. Fidelius solves many challenges involved in providing protection for browsers in a fully malicious environment, offering support for integrity and privacy for form data, JavaScript execution, XMLHttpRequests, and protected web storage, while minimizing the TCB. Moreover, interactions between the enclave and the browser, the keyboard, and the display all require new protocols, each with their own security considerations. Finally, Fidelius takes into account UI considerations to ensure a consistent and simple interface for both developers and users. As part of this project, we develop the first open source system that provides a trusted path from input and output peripherals to a hardware enclave with no reliance on additional hypervisor security assumptions. These components may be of independent interest and useful to future projects. We implement and evaluate Fidelius to measure its performance overhead, finding that Fidelius imposes acceptable overhead on page load and user interaction for secured pages and has no impact on pages and page components that do not use its enhanced security features.
Li, Ge, Iyer, Vishnuvardhan, Orshansky, Michael.  2019.  Securing AES against Localized EM Attacks through Spatial Randomization of Dataflow. 2019 IEEE International Symposium on Hardware Oriented Security and Trust (HOST). :191—197.
A localized electromagnetic (EM) attack is a potent threat to security of embedded cryptographic implementations. The attack utilizes high resolution EM probes to localize and exploit information leakage in sub-circuits of a system, providing information not available in traditional EM and power attacks. In this paper, we propose a countermeasure based on randomizing the assignment of sensitive data to parallel datapath components in a high-performance implementation of AES. In contrast to a conventional design where each state register byte is routed to a fixed S-box, a permutation network, controlled by a transient random value, creates a dynamic random mapping between the state registers and the set of S-boxes. This randomization results in a significant reduction of exploitable leakage.We demonstrate the countermeasure's effectiveness under two attack scenarios: a more powerful attack that assumes a fully controlled access to an attacked implementation for building a priori EM-profiles, and a generic attack based on the black-box model. Spatial randomization leads to a 150× increase of the minimum traces to disclosure (MTD) for the profiled attack and a 3.25× increase of MTD for the black-box model attack.
Noor, Joseph, Ali-Eldin, Ahmed, Garcia, Luis, Rao, Chirag, Dasari, Venkat R., Ganesan, Deepak, Jalaian, Brian, Shenoy, Prashant, Srivastava, Mani.  2019.  The Case for Robust Adaptation: Autonomic Resource Management is a Vulnerability. MILCOM 2019 - 2019 IEEE Military Communications Conference (MILCOM). :821–826.
Autonomic resource management for distributed edge computing systems provides an effective means of enabling dynamic placement and adaptation in the face of network changes, load dynamics, and failures. However, adaptation in-and-of-itself offers a side channel by which malicious entities can extract valuable information. An attacker can take advantage of autonomic resource management techniques to fool a system into misallocating resources and crippling applications. Using a few scenarios, we outline how attacks can be launched using partial knowledge of the resource management substrate - with as little as a single compromised node. We argue that any system that provides adaptation must consider resource management as an attack surface. As such, we propose ADAPT2, a framework that incorporates concepts taken from Moving-Target Defense and state estimation techniques to ensure correctness and obfuscate resource management, thereby protecting valuable system and application information from leaking.
Sima, Mihai, Brisson, André.  2017.  Whitenoise encryption implementation with increased robustness to side-channel attacks. 2017 IEEE SmartWorld, Ubiquitous Intelligence Computing, Advanced Trusted Computed, Scalable Computing Communications, Cloud Big Data Computing, Internet of People and Smart City Innovation (SmartWorld/SCALCOM/UIC/ATC/CBDCom/IOP/SCI). :1–4.
Two design techniques improve the robustness of Whitenoise encryption algorithm implementation to side-channel attacks based on dynamic and/or static power consumption. The first technique conceals the power consumption and has linear cost. The second technique randomizes the power consumption and has quadratic cost. These techniques are not mutually exclusive; their synergy provides a good robustness to power analysis attacks. Other circuit-level protection can be applied on top of the proposed techniques, opening the avenue for generating very robust implementations.
Biswas, Arnab Kumar.  2018.  Efficient Timing Channel Protection for Hybrid (Packet/Circuit-Switched) Network-on-Chip. IEEE Transactions on Parallel and Distributed Systems. 29:1044—1057.
Continuous development of Network-on-Chip (NoC) enables different types of applications to run efficiently in a Multiprocessor System-on-Chip (MP-SoC). Guaranteed service (GS) can be provided by circuit switching NoC and Best effort service (BES) can be provided by packet switching NoC. A hybrid NoC containing both packet and circuit switching, can provide both types of services to these different applications. But these different applications can be of different security levels and one application can interfere another application's timing characteristics during network transmission. Using this interference, a malicious application can extract secret information from higher security level flows (timing side channel) or two applications can communicate covertly violating the system's security policy (covert timing channel). We propose different mechanisms to protect hybrid routers from timing channel attacks. For design space exploration, we propose three timing channel secure hybrid routers viz. Separate Hybrid (SH), Combined with Separate interface Hybrid (CSH), and Combined Hybrid (CH) routers. Simulation results show that all three routers are secure from timing channel when compared to a conventional hybrid router. Synthesis results show that the area increments compared to a conventional hybrid router are only 7.63, 11.8, and 19.69 percent for SH, CSH, and CH routers respectively. Thus simulation and synthesis results prove the effectiveness of our proposed mechanisms with acceptable area overheads.
Kenarangi, Farid, Partin-Vaisband, Inna.  2019.  Security Network On-Chip for Mitigating Side-Channel Attacks. 2019 ACM/IEEE International Workshop on System Level Interconnect Prediction (SLIP). :1–6.
Hardware security is a critical concern in design and fabrication of integrated circuits (ICs). Contemporary hardware threats comprise tens of advance invasive and non-invasive attacks for compromising security of modern ICs. Numerous attack-specific countermeasures against the individual threats have been proposed, trading power, area, speed, and design complexity of a system for security. These typical overheads combined with strict performance requirements in advanced technology nodes and high complexity of modern ICs often make the codesign of multiple countermeasures impractical. In this paper, on-chip distribution networks are exploited for detecting those hardware security threats that require non-invasive, yet physical interaction with an operating device-under-attack (e.g., measuring equipment for collecting sensitive information in side-channel attacks). With the proposed approach, the effect of the malicious physical interference with the device-under-attack is captured in the form of on-chip voltage variations and utilized for detecting malicious activity in the compromised device. A machine learning (ML) security IC is trained to predict system security based on sensed variations of signals within on-chip distribution networks. The trained ML ICs are distributed on-chip, yielding a robust and high-confidence security network on-chip. To halt an active attack, a variety of desired counteractions can be executed in a cost-effective manner upon the attack detection. The applicability and effectiveness of these security networks is demonstrated in this paper with respect to power, timing, and electromagnetic analysis attacks.
Liu, Sihang, Wei, Yizhou, Chi, Jianfeng, Shezan, Faysal Hossain, Tian, Yuan.  2019.  Side Channel Attacks in Computation Offloading Systems with GPU Virtualization. 2019 IEEE Security and Privacy Workshops (SPW). :156—161.

The Internet of Things (IoT) and mobile systems nowadays are required to perform more intensive computation, such as facial detection, image recognition and even remote gaming, etc. Due to the limited computation performance and power budget, it is sometimes impossible to perform these workloads locally. As high-performance GPUs become more common in the cloud, offloading the computation to the cloud becomes a possible choice. However, due to the fact that offloaded workloads from different devices (belonging to different users) are being computed in the same cloud, security concerns arise. Side channel attacks on GPU systems have been widely studied, where the threat model is the attacker and the victim are running on the same operating system. Recently, major GPU vendors have provided hardware and library support to virtualize GPUs for better isolation among users. This work studies the side channel attacks from one virtual machine to another where both share the same physical GPU. We show that it is possible to infer other user's activities in this setup and can further steal others deep learning model.

Nilizadeh, Shirin, Noller, Yannic, Pasareanu, Corina S..  2019.  DifFuzz: Differential Fuzzing for Side-Channel Analysis. 2019 IEEE/ACM 41st International Conference on Software Engineering (ICSE). :176–187.
Side-channel attacks allow an adversary to uncover secret program data by observing the behavior of a program with respect to a resource, such as execution time, consumed memory or response size. Side-channel vulnerabilities are difficult to reason about as they involve analyzing the correlations between resource usage over multiple program paths. We present DifFuzz, a fuzzing-based approach for detecting side-channel vulnerabilities related to time and space. DifFuzz automatically detects these vulnerabilities by analyzing two versions of the program and using resource-guided heuristics to find inputs that maximize the difference in resource consumption between secret-dependent paths. The methodology of DifFuzz is general and can be applied to programs written in any language. For this paper, we present an implementation that targets analysis of Java programs, and uses and extends the Kelinci and AFL fuzzers. We evaluate DifFuzz on a large number of Java programs and demonstrate that it can reveal unknown side-channel vulnerabilities in popular applications. We also show that DifFuzz compares favorably against Blazer and Themis, two state-of-the-art analysis tools for finding side-channels in Java programs.
Srivastava, Ankush, Ghosh, Prokash.  2019.  An Efficient Memory Zeroization Technique Under Side-Channel Attacks. 2019 32nd International Conference on VLSI Design and 2019 18th International Conference on Embedded Systems (VLSID). :76–81.
Protection of secured data content in volatile memories (processor caches, embedded RAMs etc) is essential in networking, wireless, automotive and other embedded secure applications. It is utmost important to protect secret data, like authentication credentials, cryptographic keys etc., stored over volatile memories which can be hacked during normal device operations. Several security attacks like cold boot, disclosure attack, data remanence, physical attack, cache attack etc. can extract the cryptographic keys or secure data from volatile memories of the system. The content protection of memory is typically done by assuring data deletion in minimum possible time to minimize data remanence effects. In today's state-of-the-art SoCs, dedicated hardwares are used to functionally erase the private memory contents in case of security violations. This paper, in general, proposes a novel approach of using existing memory built-in-self-test (MBIST) hardware to zeroize (initialize memory to all zeros) on-chip memory contents before it is being hacked either through different side channels or secuirty attacks. Our results show that the proposed MBIST based content zeroization approach is substantially faster than conventional techniques. By adopting the proposed approach, functional hardware requirement for memory zeroization can be waived.
Besson, Frédéric, Dang, Alexandre, Jensen, Thomas.  2019.  Information-Flow Preservation in Compiler Optimisations. 2019 IEEE 32nd Computer Security Foundations Symposium (CSF). :230–23012.

Correct compilers perform program transformations preserving input/output behaviours of programs. Yet, correctness does not prevent program optimisations from introducing information-flow leaks that would make the target program more vulnerable to side-channel attacks than the source program. To tackle this problem, we propose a notion of Information-Flow Preserving (IFP) program transformation which ensures that a target program is no more vulnerable to passive side-channel attacks than a source program. To protect against a wide range of attacks, we model an attacker who is granted arbitrary memory accesses for a pre-defined set of observation points. We propose a compositional proof principle for proving that a transformation is IFP. Using this principle, we show how a translation validation technique can be used to automatically verify and even close information-flow leaks introduced by standard compiler passes such as dead-store elimination and register allocation. The technique has been experimentally validated on the CompCert C compiler.

Kocher, P., Horn, J., Fogh, A., Genkin, D., Gruss, D., Haas, W., Hamburg, M., Lipp, M., Mangard, S., Prescher, T. et al..  2019.  Spectre Attacks: Exploiting Speculative Execution. 2019 IEEE Symposium on Security and Privacy (SP). :1–19.

Modern processors use branch prediction and speculative execution to maximize performance. For example, if the destination of a branch depends on a memory value that is in the process of being read, CPUs will try to guess the destination and attempt to execute ahead. When the memory value finally arrives, the CPU either discards or commits the speculative computation. Speculative logic is unfaithful in how it executes, can access the victim's memory and registers, and can perform operations with measurable side effects. Spectre attacks involve inducing a victim to speculatively perform operations that would not occur during correct program execution and which leak the victim's confidential information via a side channel to the adversary. This paper describes practical attacks that combine methodology from side channel attacks, fault attacks, and return-oriented programming that can read arbitrary memory from the victim's process. More broadly, the paper shows that speculative execution implementations violate the security assumptions underpinning numerous software security mechanisms, including operating system process separation, containerization, just-in-time (JIT) compilation, and countermeasures to cache timing and side-channel attacks. These attacks represent a serious threat to actual systems since vulnerable speculative execution capabilities are found in microprocessors from Intel, AMD, and ARM that are used in billions of devices. While makeshift processor-specific countermeasures are possible in some cases, sound solutions will require fixes to processor designs as well as updates to instruction set architectures (ISAs) to give hardware architects and software developers a common understanding as to what computation state CPU implementations are (and are not) permitted to leak.

Kim, S., Jin, S., Lee, Y., Park, B., Kim, H., Hong, S..  2018.  Single Trace Side Channel Analysis on Quantum Key Distribution. 2018 International Conference on Information and Communication Technology Convergence (ICTC). :736–739.

The security of current key exchange protocols such as Diffie-Hellman key exchange is based on the hardness of number theoretic problems. However, these key exchange protocols are threatened by weak random number generators, advances to CPU power, a new attack from the eavesdropper, and the emergence of a quantum computer. Quantum Key Distribution (QKD) addresses these challenges by using quantum properties to exchange a secret key without the risk of being intercepted. Recent developments on the QKD system resulted in a stable key generation with fewer errors so that the QKD system is rapidly becoming a solid commercial proposition. However, although the security of the QKD system is guaranteed by quantum physics, its careless implementation could make the system vulnerable. In this paper, we proposed the first side-channel attack on plug-and-play QKD system. Through a single electromagnetic trace obtained from the phase modulator on Alice's side, we were able to classify the electromagnetic trace into four classes, which corresponds to the number of bit and basis combination in the BB84 protocol. We concluded that the plug-and-play QKD system is vulnerable to side-channel attack so that the countermeasure must be considered.

Oohama, Y., Santoso, B..  2018.  Information Theoretical Analysis of Side-Channel Attacks to the Shannon Cipher System. 2018 IEEE International Symposium on Information Theory (ISIT). :581-585.
We study side-channel attacks for the Shannon cipher system. To pose side channel-attacks to the Shannon cipher system, we regard them as a signal estimation via encoded data from two distributed sensors. This can be formulated as the one helper source coding problem posed and investigated by Ahlswede, Korner(1975), and Wyner(1975). We further investigate the posed problem to derive new secrecy bounds. Our results are derived by a coupling of the result Watanabe and Oohama(2012) obtained on bounded storage eavesdropper with the exponential strong converse theorem Oohama(2015) established for the one helper source coding problem.
Dr\u agoi, V., Richmond, T., Bucerzan, D., Legay, A..  2018.  Survey on Cryptanalysis of Code-Based Cryptography: From Theoretical to Physical Attacks. 2018 7th International Conference on Computers Communications and Control (ICCCC). :215-223.
Nowadays public-key cryptography is based on number theory problems, such as computing the discrete logarithm on an elliptic curve or factoring big integers. Even though these problems are considered difficult to solve with the help of a classical computer, they can be solved in polynomial time on a quantum computer. Which is why the research community proposed alternative solutions that are quantum-resistant. The process of finding adequate post-quantum cryptographic schemes has moved to the next level, right after NIST's announcement for post-quantum standardization. One of the oldest quantum-resistant proposition goes back to McEliece in 1978, who proposed a public-key cryptosystem based on coding theory. It benefits of really efficient algorithms as well as a strong mathematical background. Nonetheless, its security has been challenged many times and several variants were cryptanalyzed. However, some versions remain unbroken. In this paper, we propose to give some background on coding theory in order to present some of the main flawless in the protocols. We analyze the existing side-channel attacks and give some recommendations on how to securely implement the most suitable variants. We also detail some structural attacks and potential drawbacks for new variants.
Chang, B., Zhang, F., Chen, B., Li, Y., Zhu, W., Tian, Y., Wang, Z., Ching, A..  2018.  MobiCeal: Towards Secure and Practical Plausibly Deniable Encryption on Mobile Devices. 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN). :454–465.

We introduce MobiCeal, the first practical Plausibly Deniable Encryption (PDE) system for mobile devices that can defend against strong coercive multi-snapshot adversaries, who may examine the storage medium of a user's mobile device at different points of time and force the user to decrypt data. MobiCeal relies on "dummy write" to obfuscate the differences between multiple snapshots of storage medium due to existence of hidden data. By incorporating PDE in block layer, MobiCeal supports a broad deployment of any block-based file systems on mobile devices. More importantly, MobiCeal is secure against side channel attacks which pose a serious threat to existing PDE schemes. A proof of concept implementation of MobiCeal is provided on an LG Nexus 4 Android phone using Android 4.2.2. It is shown that the performance of MobiCeal is significantly better than prior PDE systems against multi-snapshot adversaries.

Dofe, Jaya, Gu, Peng, Stow, Dylan, Yu, Qiaoyan, Kursun, Eren, Xie, Yuan.  2017.  Security Threats and Countermeasures in Three-Dimensional Integrated Circuits. Proceedings of the on Great Lakes Symposium on VLSI 2017. :321–326.

Existing works on Three-dimensional (3D) hardware security focus on leveraging the unique 3D characteristics to address the supply chain attacks that exist in 2D design. However, 3D ICs introduce specific and unexplored challenges as well as new opportunities for managing hardware security. In this paper, we analyze new security threats unique to 3D ICs. The corresponding attack models are summarized for future research. Furthermore, existing representative countermeasures, including split manufacturing, camouflaging, transistor locking, techniques against thermal signal based side-channel attacks, and network-on-chip based shielding plane (NoCSIP) for different hardware threats are reviewed and categorized. Moreover, preliminary countermeasures are proposed to thwart TSV-based hardware Trojan insertion attacks.

K, S. K., Sahoo, S., Mahapatra, A., Swain, A. K., Mahapatra, K. K..  2017.  Analysis of Side-Channel Attack AES Hardware Trojan Benchmarks against Countermeasures. 2017 IEEE Computer Society Annual Symposium on VLSI (ISVLSI). :574–579.

Hardware Trojan (HT) is one of the well known hardware security issue in research community in last one decade. HT research is mainly focused on HT detection, HT defense and designing novel HT's. HT's are inserted by an adversary for leaking secret data, denial of service attacks etc. Trojan benchmark circuits for processors, cryptography and communication protocols from Trust-hub are widely used in HT research. And power analysis based side channel attacks and designing countermeasures against side channel attacks is a well established research area. Trust-Hub provides a power based side-channel attack promoting Advanced Encryption Standard (AES) HT benchmarks for research. In this work, we analyze the strength of AES HT benchmarks in the presence well known side-channel attack countermeasures. Masking, Random delay insertion and tweaking the operating frequency of clock used in sensitive operations are applied on AES benchmarks. Simulation and power profiling studies confirm that side-channel promoting HT benchmarks are resilient against these selected countermeasures and even in the presence of these countermeasures; an adversary can get the sensitive data by triggering the HT.

Yuan, Y., Wu, L., Zhang, X., Yang, Y..  2017.  Side-channel collision attack based on multiple-bits. 2017 11th IEEE International Conference on Anti-counterfeiting, Security, and Identification (ASID). :1–5.

Side-channel collision attacks have been one of the most powerful attack techniques, combining advantages of traditional side-channel attack and mathematical cryptanalysis. In this paper, we propose a novel multiple-bits side-channel collision attack based on double distance voting detection, which can find all 120 relations among 16 key bytes with only 32 averaged power traces when applied to AES (Advanced Encryption Standard) algorithm. Practical attack experiments are performed successfully on a hardware implementation of AES on FPGA board. Results show that the necessary number of traces for our method is about 50% less than correlation-enhanced collision attack and 76% less than binary voting test with 90% success rate.