Research on Electromagnetic Side-channel Signal Extraction for Mobile Device PCM-9589F Multi-COM

The portability and various functions of mobile devices enable them to go deep into people's study, work and life. While it is convenient for people, mobile devices contain a large number of user’s private information, such as the user's personal property information, identity information and even the confidential information of enterprise etc. Side-channel attack is currently one of the most effective ways to steal private information of cryptographic devices thus the threat to mobile devices can be imagined. In this paper, the electromagnetic side-channel attack based on AES encryption algorithm on mobile device—PCM-9589F Multi-COM Board is studied. A new signal acquisition platform is designed, which solves the problem that the difficulty in locating the side-channel electromagnetic leakage signal of the mobile devices. In addition,using the time-frequency analysis and filter technology,we extract the encryption features of AES on PCM-9589F Multi-COM Board.

Download Full-text

Adaptive multilevel fuzzy-based authentication framework to mitigate Cache side channel attack in cloud computing

International Journal of Modeling Simulation and Scientific Computing ◽

10.1142/s1793962318500459 ◽

2018 ◽

Vol 09 (05) ◽

pp. 1850045 ◽

Cited By ~ 1

Author(s):

Bharati Ainapure ◽

Deven Shah ◽

A. Ananda Rao

Keyword(s):

Cloud Computing ◽

Private Information ◽

Privacy Preservation ◽

Virtual Machines ◽

Fuzzy Rule ◽

Data Access ◽

Side Channel ◽

Side Channel Attack ◽

Side Channel Attacks ◽

Cloud Providers

Cloud computing supports multitenancy to satisfy the users’ demands for accessing resources and simultaneously it increases revenue for cloud providers. Cloud providers adapt multitenancy by virtualizing the resources, like CPU, network interfaces, peripherals, hard drives and memory using hypervisor to fulfill the demand. In a virtualized environment, many virtual machines (VMs) can run on the same core with the help of the hypervisor by sharing the resources. The VMs running on the same core are the target for the malicious or abnormal attacks like side channel attacks. Among various side channel attacks in cloud computing, cache-based side channel attack is one that leaks private information of the users based on the shared resources. Here, as the shared resource is the cache, a process can utilize the cache usage of another by cache contention. Cache sharing provides a way for the attackers to gain considerable information so that the key used for encryption can be inferred. Discovering this side channel attack is a challenging task. This requires identification of a feature that influences the attack. Even though there are various techniques available in the literature to mitigate such attacks, an effective solution to reduce the cache-based side channel attack is still an issue. Therefore, a novel fuzzy rule-based mechanism is integrated to detect the cache side channel attackers by monitoring the cache data access (CDA). The factor that determines the attack is CDA in a log file created by the framework during authorization. The proposed framework also utilizes certain security properties including ECC and hashing for the privacy preservation and the decision is made with the aid of a fuzzy logic system.

Download Full-text

A Highly Effective Data Preprocessing in Side-Channel Attack Using Empirical Mode Decomposition

Security and Communication Networks ◽

10.1155/2019/6124165 ◽

2019 ◽

Vol 2019 ◽

pp. 1-10

Author(s):

ShuaiWei Zhang ◽

XiaoYuan Yang ◽

Lin Chen ◽

Weidong Zhong

Keyword(s):

Noise Reduction ◽

Empirical Mode Decomposition ◽

Data Preprocessing ◽

Side Channel ◽

Intrinsic Mode Functions ◽

Side Channel Attack ◽

Time Frequency ◽

Mode Decomposition ◽

Highly Effective ◽

Preprocessing Technique

Side-channel attacks on cryptographic chips in embedded systems have been attracting considerable interest from the field of information security in recent years. Many research studies have contributed to improve the side-channel attack efficiency, in which most of the works assume the noise of the encryption signal has a linear stable Gaussian distribution. However, their performances of noise reduction were moderate. Thus, in this paper, we describe a highly effective data-preprocessing technique for noise reduction based on empirical mode decomposition (EMD) and demonstrate its application for a side-channel attack. EMD is a time-frequency analysis method for nonlinear unstable signal processing, which requires no prior knowledge about the cryptographic chip. During the procedure of data preprocessing, the collected traces will be self-adaptably decomposed into sum of several intrinsic mode functions (IMF) based on their own characteristics. And then, meaningful IMF will be reorganized to reduce its noise and increase the efficiency of key recovering through correlation power analysis attack. This technique decreases the total number of traces for key recovering by 17.7%, compared to traditional attack methods, which is verified by attack efficiency analysis of the SM4 block cipher algorithm on the FPGA power consumption analysis platform.

Download Full-text

A Lifelog Browser for Visualization and Search of Mobile Everyday-Life

Mobile Information Systems ◽

10.1155/2014/740452 ◽

2014 ◽

Vol 10 (3) ◽

pp. 243-258 ◽

Cited By ~ 4

Author(s):

Keum-Sung Hwang ◽

Sung-Bae Cho

Keyword(s):

Bayesian Networks ◽

Everyday Life ◽

Mobile Devices ◽

Mobile Device ◽

Private Information ◽

Personal Information ◽

Mobile Environments ◽

Digital Convergence ◽

The Everyday ◽

Searching Method

Mobile devices can now handle a great deal of information thanks to the convergence of diverse functionalities. Mobile environments have already shown great potential in terms of providing customized service to users because they can record meaningful and private information continually for long periods of time. The research for understanding, searching and summarizing the everyday-life of human has received increasing attention in recent years due to the digital convergence. In this paper, we propose a mobile life browser, which visualizes and searches human's mobile life based on the contents and context of lifelog data. The mobile life browser is for searching the personal information effectively collected on his/her mobile device and for supporting the concept-based searching method by using concept networks and Bayesian networks. In the experiments, we collected the real mobile log data from three users for a month and visualized the mobile lives of the users with the mobile life browser developed. Some tests on searching tasks confirmed that the result using the proposed concept-based searching method is promising.

Download Full-text

Niffler: A Context-Aware and User-Independent Side-Channel Attack System for Password Inference

Wireless Communications and Mobile Computing ◽

10.1155/2018/4627108 ◽

2018 ◽

Vol 2018 ◽

pp. 1-19 ◽

Cited By ~ 2

Author(s):

Benxiao Tang ◽

Zhibo Wang ◽

Run Wang ◽

Lei Zhao ◽

Lina Wang

Keyword(s):

Mobile Devices ◽

Ground Truth ◽

Training Data ◽

Side Channel ◽

Context Aware ◽

Time Warping ◽

Side Channel Attack ◽

Training Samples ◽

Independent Features ◽

Dynamic Time

Digital password lock has been commonly used on mobile devices as the primary authentication method. Researches have demonstrated that sensors embedded on mobile devices can be employed to infer the password. However, existing works focus on either each single keystroke inference or entire password sequence inference, which are user-dependent and require huge efforts to collect the ground truth training data. In this paper, we design a novel side-channel attack system, called Niffler, which leverages the user-independent features of movements of tapping consecutive buttons to infer unlocking passwords on smartphones. We extract angle features to reflect the changing trends and build a multicategory classifier combining the dynamic time warping algorithm to infer the probability of each movement. We further use the Markov model to model the unlocking process and use the sequences with the highest probabilities as the attack candidates. Moreover, the sensor readings of successful attacks will be further fed back to continually improve the accuracy of the classifier. In our experiments, 100,000 samples collected from 25 participants are used to evaluate the performance of Niffler. The results show that Niffler achieves 70% and 85% accuracy with 10 attempts in user-independent and user-dependent environments with few training samples, respectively.

Download Full-text