The research of DPA attacks against AES implementations

This article examines vulnerabilities to power analysis attacks between software and hardware implementations of cryptographic algorithms. Representative platforms including an Atmel 89S8252 8-bit processor and a 0.25 um 1.8 v standard cell circuit are proposed to implement the advance encryption standard （AES）. A simulation-based experimental environment is built to acquire power data, and single-bit differential power analysis （DPA）, and multi-bit DPA and correlation power analysis （CPA） attacks are conducted on two implementations respectively. The experimental results show that the hardware implementation has less data-dependent power leakages to resist power attacks. Furthermore, an improved DPA approach is proposed. It adopts hamming distance of intermediate results as power model and arranges plaintext inputs to differentiate power traces to the maximal probability. Compared with the original power attacks, our improved DPA performs a successful attack on AES hardware implementations with acceptable power measurements and fewer computations.     

Aiding Side-Channel Attacks on Cryptographic Software With Satisfiability-Based Analysis

Cryptographic algorithms, irrespective of their theoretical strength, can be broken through weaknesses in their implementations. The most successful of these attacks are side-channel attacks which exploit unintended information leakage, e.g., timing information, power consumption, etc., from the implementation to extract the secret key. We propose a novel framework for implementing side-channel attacks where the attack is modeled as a search problem which takes the leaked information as its input, and deduces the secret key by using a satisfiability solver, a powerful Boolean reasoning technique. This approach can substantially enhance the scope of side-channel attacks by allowing a potentially wide range of internal variables to be exploited (not just those that are trivially related to the key). The proposed technique is particularly suited for attacking cryptographic software implementations which may inadvertently expose the values of intermediate variables in their computations (even though, they are very careful in protecting secret keys through the use of on-chip key generation and storage). We demonstrate our attack on standard software implementations of three popular cryptographic algorithms: DES, 3DES, and AES. Our attack technique is automated and does not require mathematical expertise on the part of the attacker     

Methods increasing inherent resistance of ECC designs against horizontal attacks

Due to the nature of applications such as critical infrastructure and the Internet of Things etc. side channel analysis attacks are becoming a serious threat. Side channel analysis attacks take advantage from the fact that the behaviour of crypto implementations can be observed and provides hints that simplify revealing keys. A new type of SCA is the so called horizontal differential SCA. In this paper we investigate two different approaches to increase the inherent resistance of our hardware accelerator for the kP operation. The first approach aims at reducing the impact of the addressing in our design by realizing a regular schedule of the addressing. In the second approach, we investigated how the formula used to implement the multiplication of GF(2ⁿ)-elements influences the results of horizontal DPA attacks against a Montgomery kP-implementation. We implemented 5 designs with different partial multipliers, i.e. based on different multiplication formulae. We used two different technologies, i.e. a 130 and a 250 nm technology, to simulate power traces for our analysis. We show that the implemented multiplication formula influences the success of horizontal attacks significantly. The combination of these two approaches leads to the most resistant design. For the 250 nm technology only 2 key candidates could be revealed with a correctness of about 70% which is a huge improvement given the fact that for the original design 7 key candidates achieved a correctness of more than 90%. For our 130 nm technology no key candidate was revealed with a correctness of more than 60%.     

Differential Side Channel Analysis Attacks on FPGA Implementations of ARIA

In this paper, we first investigate the side channel analysis attack resistance of various FPGA hardware implementations of the ARIA block cipher. The analysis is performed on an FPGA test board dedicated to side channel attacks. Our results show that an unprotected implementation of ARIA allows one to recover the secret key with a low number of power or electromagnetic measurements. We also present a masking countermeasure and analyze its second‐order side channel resistance by using various suitable preprocessing functions. Our experimental results clearly confirm that second‐order differential side channel analysis attacks also remain a practical threat for masked hardware implementations of ARIA.     

物理可观测下DES的安全性研究

利用物理观测效应进行的旁路攻击,是通过对密码设备工作时泄漏的时间、功耗等信息的分析,获取密码系统的密钥或相关秘密信息.已有大量防护对策但并没有从根本上阻止攻击.本文在AT89C52上加载了DES算法,并在该平台上对差分功耗旁路攻击与防护方法进行了实验和验证.根据Micali和Reyzin建立的物理观测密码术理论模型,将该模型具体化,对可以抵抗黑盒攻击的密码要素进行修正以抵抗基于物理泄漏的旁路攻击,将RO(random oracle)模型用于物理观测现实世界的安全性证明,给出了对称加密方案物理可观测下安全性定义,并对DES定义了在DPA攻击下的安全性.     

Practical Second‐Order Correlation Power Analysis on the Message Blinding Method and Its Novel Countermeasure for RSA

Recently power attacks on RSA cryptosystems have been widely investigated, and various countermeasures have been proposed. One of the most efficient and secure countermeasures is the message blinding method, which includes the RSA derivative of the binary‐with‐random‐initial‐point algorithm on elliptical curve cryptosystems. It is known to be secure against first‐order differential power analysis (DPA); however, it is susceptible to second‐order DPA. Although second‐order DPA gives some solutions for defeating message blinding methods, this kind of attack still has the practical difficulty of how to find the points of interest, that is, the exact moments when intermediate values are being manipulated. In this paper, we propose a practical second‐order correlation power analysis (SOCPA). Our attack can easily find points of interest in a power trace and find the private key with a small number of power traces. We also propose an efficient countermeasure which is secure against the proposed SOCPA as well as existing power attacks.     

基于AOP和动态污点分析的SQL注入行为检测方法

Web应用程序时刻面临着来自网络空间中诸如SQL注入等代码注入式攻击的安全威胁.大多数针对SQL注入攻击的检测方法执行效率较低,检测精度也不够高,特别是实现方法不易被重用.根据注入型脆弱性特征提出了一种基于AOP（Aspect-Oriented Programming）和动态污点分析的SQL注入行为检测方法,并通过方面（aspect）模块化单元对污点分析过程进行了封装,使得安全这类典型的程序横切关注点从基层子系统中分离,提高了检测代码的可重用性.在污点汇聚点结合通知（advice）机制动态加载各类检测组件实现在运行时执行检测代码,从而应对SQL注入这类典型的针对Web应用程序的代码注入攻击方式.实验表明,该方法能够在不修改应用程序执行引擎及源码的前提下实现自保护过程,有效防御重言式（tautologies）、逻辑错误查询（logically incorrect queries）、联合查询（union query）、堆叠查询（piggy-backed queries）、存储过程（stored procedures）、推理查询（inference query）、编码转换（alternate encodings）等7种典型的SQL注入攻击类型.     

An Overview of Power Analysis Attacks Against Field Programmable Gate Arrays

Since their introduction by Kocher in 1998, power analysis attacks have attracted significant attention within the cryptographic community. While early works in the field mainly threatened the security of smart cards and simple processors, several recent publications have shown the vulnerability of hardware implementations as well. In particular, field programmable gate arrays are attractive options for hardware implementation of encryption algorithms,but their security against power analysis is a serious concern, as we discuss in this paper. For this purpose, we present recent results of attacks attempted against standard encryption algorithms, provide a theoretical estimation of these attacks based on simple statistical parameters and evaluate the cost and security of different possible countermeasures.     

对智能卡进行微分功耗分析攻击的方法研究

详细阐述了对通用密码系统实施微分功耗分析攻击(DPA)的理论基础和对DES算法攻击的特定理论，并提出了对DPA的改进算法。在分析功耗信号的噪声特点以后，提出了一个信噪比(SNR)的建模方法和相应理论的证明。最后，给出了算法的一个实验结果。     

Glitch and Laser Fault Attacks onto a Secure AES Implementation on a SRAM-Based FPGA

Programmable devices are an interesting alternative when implementing embedded systems on a low-volume scale. In particular, the affordability and the versatility of SRAM-based FPGAs make them attractive with respect to ASIC implementations. FPGAs have thus been used extensively and successfully in many fields, such as implementing cryptographic accelerators. Hardware implementations, however, must be protected against malicious attacks, e.g. those based on fault injections. Protections have been usually evaluated on ASICs, but FPGAs can be vulnerable as well. This work presents thus fault injection attacks against a secured AES architecture implemented on a SRAM-based FPGA. The errors are injected during the computation by means of voltage glitches and laser attacks. To our knowledge, this is one of the first works dealing with dynamic laser fault injections. We show that fault attacks on SRAM-based FPGAs may behave differently with respect to attacks against ASIC, and they need therefore to be addressed by specific countermeasures, that are also discussed in this paper. In addition, we discuss the different effects obtained by the two types of attacks.     

A secure spectrum auction scheme without the trusted party based on the smart contract

With the development of communication 5G networks and technologies, spectrum resources are increasingly scarce. The scarcity of the spectrum resource makes market-driven spectrum auction become an important means of spectrum allocation, and due to the complexity of the network environment, the security of spectrum auctions can not be ignored. Most existing secure spectrum auction schemes introduce a semi-honest agent to complete spectrum auction. However, the hypothetical semi-honest model does not guarantee the security of spectrum auction in the actual application scenario, which may lead to potential security threats: the agent may reveal the privacy of bidders, agent or auctioneer may collude with the bidder to manipulate the spectrum auction, and so on. In this paper, a secure spectrum auction scheme without a trusted party is proposed based on the smart contract technology, and the smart contract written into the blockchain replaces the traditional semi-honest agent to cooperate with the auctioneer server to complete the auction. In order to ensure the security of our scheme, a secure spectrum auction protocol is designed, in which the Software Guard Extensions (SGX) technology and Paillier cryptosystem are used to protect the privacy of bidders. Public verification is provided in our protocol by using extensive Pedersen commitment, which prevents the auctioneer server and the bidder from colluding with each other and verifies group bid sum values. Finally, the security analysis is given to propose several types of attacks that can be defended. Besides, theoretical analysis and simulation experiments of our protocol are also provided.     

Power analysis attack resilient block cipher implementation based on 1-of-4 data encoding

Side-channel attacks pose an inevitable challenge to the implementation of cryptographic algorithms, and it is important to mitigate them. This work identifies a novel data encoding technique based on 1-of-4 codes to resist differential power analysis attacks, which is the most investigated category of side-channel attacks. The four code words of the 1-of-4 codes, namely (0001, 0010, 1000, and 0100), are split into two sets: set-0 and set-1. Using a select signal, the data processed in hardware is switched between the two encoding sets alternately such that the Hamming weight and Hamming distance are equalized. As a case study, the proposed technique is validated for the NIST standard AES-128 cipher. The proposed technique resists differential power analysis performed using statistical methods, namely correlation, mutual information, difference of means, and Welch's t-test based on the Hamming weight and distance models. The experimental results show that the proposed countermeasure has an area overhead of 2.3× with no performance degradation comparatively.     

Novel Reversible Design of Advanced Encryption Standard Cryptographic Algorithm for Wireless Sensor Networks

The quantum of power consumption in wireless sensor nodes plays a vital role in power management since more number of functional elements are integrated in a smaller space and operated at very high frequencies. In addition, the variations in the power consumption pave the way for power analysis attacks in which the attacker gains control of the secret parameters involved in the cryptographic implementation embedded in the wireless sensor nodes. Hence, a strong countermeasure is required to provide adequate security in these systems. Traditional digital logic gates are used to build the circuits in wireless sensor nodes and the primary reason for its power consumption is the absence of reversibility property in those gates. These irreversible logic gates consume power as heat due to the loss of per bit information. In order to minimize the power consumption and in turn to circumvent the issues related to power analysis attacks, reversible logic gates can be used in wireless sensor nodes. This shifts the focus from power-hungry irreversible gates to potentially powerful circuits based on controllable quantum systems. Reversible logic gates theoretically consume zero power and have accurate quantum circuit model for practical realization such as quantum computers and implementations based on quantum dot cellular automata. One of the key components in wireless sensor nodes is the cryptographic algorithm implementation which is used to secure the information collected by the sensor nodes. In this work, a novel reversible gate design of 128-bit Advanced Encryption Standard (AES) cryptographic algorithm is presented. The complete structure of AES algorithm is designed by using combinational logic circuits and further they are mapped to reversible logic circuits. The proposed architectures make use of Toffoli family of reversible gates. The performance metrics such as gate count and quantum cost of the proposed designs are rigorously analyzed with respect to the existing designs and are properly tabulated. Our proposed reversible design of AES algorithm shows considerable improvements in the performance metrics when compared to existing designs.     

Adaptive spread transform QIM watermarking algorithm based on improved perceptual models

The quantization step is one of the most important factors which affect the performance of quantization watermarking used for image copyright protection. According to the characteristic of perceptual model and the specific attacks, improved perceptual model and different implementations of perceptual model are proposed. They are incorporated into the spread transform quantization index modulation (ST-QIM) framework. The experimental results show that the four algorithms we proposed in this paper can reduce the noise attacks and facilitate common digital image processing operations. Among these, adaptive ST-QIM based on further modified Watson model (ST-QIM-fMW-SS) and adaptive ST-QIM based on modified sensitivity model (ST-QIM-MS-SS) have better performance.     

线性反馈移位寄存器的差分能量攻击

能否有效去除算法噪声的影响,直接关系到能量攻击成败。该文以线性反馈移位寄存器(LFSR)相邻两个时钟周期的能量消耗差异为出发点,提出了一种新的差分能量攻击算法。它从根本上去除了密码算法噪声在攻击过程中带来的影响。由于该算法随机选择初始向量(initialization vector),从而使攻击者能够容易地将其推广到具有类似结构的流密码体制。为了进一步验证攻击算法的有效性,该文利用软件仿真的方法对DECIM进行了模拟攻击。仿真结果表明,该攻击算法能够有效降低LFSR的密钥搜索的复杂度。     

Clickjacking: Beware of Clicking

Clickjacking is a newly discovered breach in network security. It is based on the functionality of web-designing in which two or more web frames are overlapped over each other. The analysis shows that there is a need for in-depth study on click-jacking attacks (client-side vulnerability) and preventive measures so that early prevention and detection of such kinds of attacks can be implemented in a timely manner. In this research work, most of the client-side attacks are studied and an overview of the clickjacking techniques is presented to provide insights into the area of network security to the researchers. The overview of tools and techniques used by attackers are also investigated along with the prevention measures.

     

New Lightweight Architectures for Secure FSM Design to Thwart Fault Injection and Trojan Attacks

Finite state machine (FSM) is a critical part in digital processing devices used in Internet of Things (IoT) applications as it controls complete functionality of the device. The synthesis tool implements deterministic FSM by adding extra don’t care states/transitions during optimization. This additional insertion makes the FSM vulnerable to setup-time violation based fault injection (STVFI) and hardware Trojan attacks. The existing techniques are inefficient to completely mitigate these vulnerabilities and exhibit significant design overhead. Therefore, this paper presents a novel lightweight secure machine design technique that completely mitigates the vulnerabilities with minimum overhead. The paper first proposes a new metric to identify all types of vulnerable transitions (VTs) followed by a trustworthy FSM design algorithm and efficient vulnerability mitigation architecture (EVMA). Though our EVMA completely alleviates the vulnerabilities to STVFI and Trojan attacks, it slightly increases the overhead due to additional multiplexers. Hence, we also propose new secure FSM design algorithm and two new lightweight vulnerability mitigation architectures (LVMA-I and LIVMA-II) that control the FFs using existing clear and/or preset pins instead of multiplexers. The experimental results on AES and RSA encryption modules show that the proposed technique detects 100% VTs. Further, ASIC and FPGA implementation of the proposed LIVMA-II using Cadence RTL and Xilinx Vivado presents on an average 40%, 59.6%, and 51.1% reduced area, power and delay respectively compared to the well-known technique. Due to negligible design overhead, our technique is best suitable for designing secure controller of portable IoT devices.     

Making use of semiconductor manufacturing process variations: FinFET-based physical unclonable functions for efficient security integration in the IoT

In a typical design environment, semiconductor manufacturing variations are considered as challenges for nanoelectronic circuit design engineers. This has led to multi-front research on process variations analysis and its mitigations. As a paradigm shift of that trend the present article explores the use of semiconductor manufacturing variations for enhancing security of systems using FinFET technology as an example. FinFETs were introduced to replace high-\(\kappa \) transistors in nanoelectronic applications. From microprocessors to graphic processing units, FinFETs are being used commercially today. Along with the technological advancements in computing and networking, the number of cyber attacks has also increased. Simultaneously, numerous implementations of the Internet of Things are already present. In this environment, one small security flaw is enough to place the entire network in danger. Encrypting communications in such an environment is vital. Physical unclonable functions (PUFs) can be used to encrypt device to device communications and are the main focus of this paper. PUFs are hardware primitives which rely on semiconductor manufacturing variations to generate characteristics which are used for this purpose. Two different designs of a ring oscillator PUF are introduced, one with low power consumption trading off device performance and one high-performance trading off device power consumption. There is an 11% decrease in power consumption with the low power model along with a simple design and fabrication. Performance of the device can be increased with almost no increase in power consumption.     

Secure Hardware Implementation of ARIA Based on Adaptive Random Masking Technique

The block cipher ARIA has been threatened by side‐channel analysis, and much research on countermeasures of this attack has also been produced. However, studies on countermeasures of ARIA are focused on software implementation, and there are no reports about hardware designs and their performance evaluation. Therefore, this article presents an advanced masking algorithm which is strong against second‐order differential power analysis (SODPA) and implements a secure ARIA hardware. As there is no comparable report, the proposed masking algorithm used in our hardware module is evaluated using a comparison result of software implementations. Furthermore, we implement the proposed algorithm in three types of hardware architectures and compare them. The smallest module is 10,740 gates in size and consumes an average of 47.47 μW in power consumption. Finally, we make ASIC chips with the proposed design, and then perform security verification. As a result, the proposed module is small, energy efficient, and secure against SODPA.     

Random Point Blinding Methods for Koblitz Curve Cryptosystem

While the elliptic curve cryptosystem (ECC) is getting more popular in securing numerous systems, implementations without consideration for side‐channel attacks are susceptible to critical information leakage. This paper proposes new power attack countermeasures for ECC over Koblitz curves. Based on some special properties of Koblitz curves, the proposed methods randomize the involved elliptic curve points in a highly regular manner so the resulting scalar multiplication algorithms can defeat the simple power analysis attack and the differential power analysis attack simultaneously. Compared with the previous countermeasures, the new methods are also noticeable in terms of computational cost.