Securing Interruptible Enclaved Execution on Small Microprocessors

Computer systems often provide hardware support for isolation mechanisms such as privilege levels, virtual memory, or enclaved execution. Over the past years, several successful software-based side-channel attacks have been developed that break, or at least significantly weaken, the isolation that these mechanisms offer. Extending a processor with new architectural or micro-architectural features brings a risk of introducing new software-based side-channel attacks. This article studies the problem of extending a processor with new features without weakening the security of the isolation mechanisms that the processor offers. Our solution is heavily based on techniques from research on programming languages. More specifically, we propose to use the programming language concept of full abstraction as a general formal criterion for the security of a processor extension. We instantiate the proposed criterion to the concrete case of extending a microprocessor that supports enclaved execution with secure interruptibility. This is a very relevant instantiation, as several recent papers have shown that interruptibility of enclaves leads to a variety of software-based side-channel attacks. We propose a design for interruptible enclaves and prove that it satisfies our security criterion. We also implement the design on an open-source enclave-enabled microprocessor and evaluate the cost of our design in terms of performance and hardware size.

Download Full-text

Share-slicing: Friend or Foe?

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2020.i1.152-174 ◽

2019 ◽

pp. 152-174

Author(s):

Si Gao ◽

Ben Marshall ◽

Dan Page ◽

Elisabeth Oswald

Keyword(s):

Open Source ◽

Real World ◽

Noise Level ◽

Side Channel ◽

Side Channel Attacks ◽

Great Cost ◽

Architectural Features ◽

Security Guarantees ◽

Very High ◽

Made In

Masking is a well loved and widely deployed countermeasure against side channel attacks, in particular in software. Under certain assumptions (w.r.t. independence and noise level), masking provably prevents attacks up to a certain security order and leads to a predictable increase in the number of required leakages for successful attacks beyond this order. The noise level in typical processors where software masking is used may not be very high, thus low masking orders are not sufficient for real world security. Higher order masking however comes at a great cost, and therefore a number techniques have been published over the years that make such implementations more efficient via parallelisation in the form of bit or share slicing. We take two highly regarded schemes (ISW and Barthe et al.), and some corresponding open source implementations that make use of share slicing, and discuss their true security on an ARM Cortex-M0 and an ARM Cortex-M3 processor (both from the LPC series). We show that micro-architectural features of the M0 and M3 undermine the independence assumptions made in masking proofs and thus their theoretical guarantees do not translate into practice (even worse it seems unpredictable at which order leaks can be expected). Our results demonstrate how difficult it is to link theoretical security proofs to practical real-world security guarantees.

Download Full-text

Blind Cartography for Side Channel Attacks: Cross-Correlation Cartography

International Journal of Reconfigurable Computing ◽

10.1155/2012/360242 ◽

2012 ◽

Vol 2012 ◽

pp. 1-9 ◽

Cited By ~ 5

Author(s):

Laurent Sauvage ◽

Sylvain Guilley ◽

Florent Flament ◽

Jean-Luc Danger ◽

Yves Mathieu

Keyword(s):

Correlation Analysis ◽

Cross Correlation ◽

Fault Injection ◽

Near Field ◽

Side Channel ◽

Side Channel Attacks ◽

The Past ◽

Injection Attacks ◽

Areas Of Interest ◽

Fault Injection Attacks

Side channel and fault injection attacks are major threats to cryptographic applications of embedded systems. Best performances for these attacks are achieved by focusing sensors or injectors on the sensible parts of the application, by means of dedicated methods to localise them. Few methods have been proposed in the past, and all of them aim at pinpointing the cryptoprocessor. However it could be interesting to exploit the activity of other parts of the application, in order to increase the attack's efficiency or to bypass its countermeasures. In this paper, we present a localisation method based on cross-correlation, which issues a list of areas of interest within the attacked device. It realizes an exhaustive analysis, since it may localise any module of the device, and not only those which perform cryptographic operations. Moreover, it also does not require a preliminary knowledge about the implementation, whereas some previous cartography methods require that the attacker could choose the cryptoprocessor inputs, which is not always possible. The method is experimentally validated using observations of the electromagnetic near field distribution over a Xilinx Virtex 5 FPGA. The matching between areas of interest and the application layout in the FPGA floorplan is confirmed by correlation analysis.

Download Full-text

Cache vs. Key-Dependency: Side Channeling an Implementation of Pilsung

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2020.i1.231-255 ◽

2019 ◽

pp. 231-255

Author(s):

Daniel Genkin ◽

Romain Poussier ◽

Rui Qi Sim ◽

Yuval Yarom ◽

Yuanjing Zhao

Keyword(s):

Internal Structure ◽

State Of The Art ◽

The State ◽

Side Channel ◽

Secret Key ◽

Laptop Computer ◽

Side Channel Attacks ◽

The Past ◽

The North ◽

Cache Attacks

Over the past two decades, cache attacks have been identified as a threat to the security of cipher implementations. These attacks recover secret information by combining observations of the victim cache accesses with the knowledge of the internal structure of the cipher. So far, cache attacks have been applied to ciphers that have fixed state transformations, leaving open the question of whether using secret, key-dependent transformations enhances the security against such attacks. In this paper we investigate this question. We look at an implementation of the North Korean cipher Pilsung, as reverse-engineered by Kryptos Logic. Like AES, Pilsung is a permutation-substitution cipher, but unlike AES, both the substitution and the permutation steps in Pilsung depend on the key, and are not known to the attacker. We analyze Pilsung and design a cache-based attack. We improve the state of the art by developing techniques for reversing secret-dependent transformations. Our attack, which requires an average of eight minutes on a typical laptop computer, demonstrates that secret transformations do not necessarily protect ciphers against side channel attacks.

Download Full-text

Measuring the cost of environmental compliance for Waikato dairy farmers - a survey approach

Journal of New Zealand Grasslands ◽

10.33584/jnzg.2015.77.476 ◽

2015 ◽

Vol 77 ◽

pp. 159-166

Author(s):

T.O.R. Macdonald ◽

J.S. Rowarth ◽

F.G. Scrimgeour

Keyword(s):

Qualitative Data ◽

Management Practice ◽

Dairy Farm ◽

Environmental Compliance ◽

Dairy Farmers ◽

The Past ◽

Farm Systems ◽

The Cost ◽

Farm System ◽

Survey Approach

The link between dairy farm systems and cost of environmental compliance is not always clear. A survey of Waikato dairy farmers was conducted to establish the real (non-modelled) cost of compliance with environmental regulation in the region. Quantitative and qualitative data were gathered to improve understanding of compliance costs and implementation issues for a range of Waikato farm systems. The average oneoff capital cost of compliance determined through a survey approach was $1.02 per kg milksolids, $1490 per hectare and $403 per cow. Costs experienced by Waikato farmers have exceeded average economic farm surplus for the region in the past 5 years. As regulation increases there are efficiencies to be gained through implementing farm infrastructure and farm management practice to best match farm system intensity. Keywords: Dairy, compliance, farm systems, nitrogen, Waikato

Download Full-text

New Countermeasures Against Side-Channel Attacks for Cryptography on Elliptic Curves

Telecommunications and Radio Engineering ◽

10.1615/telecomradeng.v65.i10.40 ◽

2006 ◽

Vol 65 (10) ◽

pp. 913-922

Author(s):

Ya. N. Imamverdiev

Keyword(s):

Elliptic Curves ◽

Side Channel ◽

Side Channel Attacks

Download Full-text

Countermeasure for Cryptographic Chips to Resist Side-Channel Attacks

Journal of Software ◽

10.3724/sp.j.1001.2008.02990 ◽

2009 ◽

Vol 19 (11) ◽

pp. 2990-2998 ◽

Cited By ~ 1

Author(s):

Tao ZHANG ◽

Ming-Yu FAN

Keyword(s):

Side Channel ◽

Side Channel Attacks

Download Full-text

Attraction of prey

10.1093/oso/9780198779841.003.0012 ◽

2018 ◽

Cited By ~ 2

Author(s):

John D. Horner ◽

Bartosz J. Płachno ◽

Ulrike Bauer ◽

Bruno Di Giusto

Keyword(s):

Visual Cues ◽

Synergistic Action ◽

Carnivorous Plants ◽

Future Research ◽

Acoustic Cues ◽

Qualitative And Quantitative Analysis ◽

Qualitative And Quantitative ◽

The Past ◽

The Cost ◽

Prey Attraction

The ability to attract prey has long been considered a universal trait of carnivorous plants. We review studies from the past 25 years that have investigated the mechanisms by which carnivorous plants attract prey to their traps. Potential attractants include nectar, visual, olfactory, and acoustic cues. Each of these has been well documented to be effective in various species, but prey attraction is not ubiquitous among carnivorous plants. Directions for future research, especially in native habitats in the field, include: the qualitative and quantitative analysis of visual cues, volatiles, and nectar; temporal changes in attractants; synergistic action of combinations of attractants; the cost of attractants; and responses to putative attractants in electroantennograms and insect behavioral tests.

Download Full-text

S-DAC: A Novel Dynamic Substitution boxes using hybrid chaotic system and Deoxyribonuceic Acid(DNA) coding for counterfeiting Side-Channel Attacks

Personal and Ubiquitous Computing ◽

10.1007/s00779-021-01579-4 ◽

2021 ◽

Author(s):

Aruna S ◽

Usha G

Keyword(s):

Chaotic System ◽

Side Channel ◽

Side Channel Attacks ◽

Dna Coding ◽

Substitution Boxes

Download Full-text

GPU Side-Channel Attacks are Everywhere: A Survey

2020 IEEE International Conference on Consumer Electronics - Asia (ICCE-Asia) ◽

10.1109/icce-asia49877.2020.9276805 ◽

2020 ◽

Author(s):

Taehun Kim ◽

Youngjoo Shin

Keyword(s):

Side Channel ◽

Side Channel Attacks

Download Full-text

ThermalAttackNet: Are CNNs Making It Easy to Perform Temperature Side-Channel Attack in Mobile Edge Devices?

Future Internet ◽

10.3390/fi13060146 ◽

2021 ◽

Vol 13 (6) ◽

pp. 146

Author(s):

Somdip Dey ◽

Amit Kumar Singh ◽

Klaus McDonald-Maier

Keyword(s):

Information Flow ◽

Heat Dissipation ◽

Side Channel ◽

Side Channel Attack ◽

Side Channel Attacks ◽

Information Flow Control ◽

On Chip ◽

Temperature Side ◽

Over Time ◽

Memory Efficient

Side-channel attacks remain a challenge to information flow control and security in mobile edge devices till this date. One such important security flaw could be exploited through temperature side-channel attacks, where heat dissipation and propagation from the processing cores are observed over time in order to deduce security flaws. In this paper, we study how computer vision-based convolutional neural networks (CNNs) could be used to exploit temperature (thermal) side-channel attack on different Linux governors in mobile edge device utilizing multi-processor system-on-chip (MPSoC). We also designed a power- and memory-efficient CNN model that is capable of performing thermal side-channel attack on the MPSoC and can be used by industry practitioners and academics as a benchmark to design methodologies to secure against such an attack in MPSoC.

Download Full-text