Aggregation-Based Tag Deduplication for Cloud Storage with Resistance against Side Channel Attack

Security and Communication Networks ◽

10.1155/2021/6686281 ◽

2021 ◽

Vol 2021 ◽

pp. 1-15

Author(s):

Xin Tang ◽

Linna Zhou ◽

Bingwei Hu ◽

Haowen Wu

Keyword(s):

Cloud Storage ◽

Security Analysis ◽

Third Party ◽

Side Channel ◽

Secret Key ◽

Side Channel Attack ◽

Lagrangian Interpolation ◽

Public Auditability ◽

Cloud Users ◽

Public Verification

Tag deduplication is an emerging technique to eliminate redundancy in cloud storage, which works by signing integrity tags with a content-associated key instead of user-associated secret key. To achieve public auditability in this scenario, the linkage between cloud users and their integrity tags is firstly re-established in current solutions, which provides a potential side channel to malicious third-party auditor to steal the existence privacy of a certain target file. Such kind of attack, which is also possible among classic public auditing schemes, still cannot be well resisted and is now becoming a big obstacle in using this technique. In this paper, we propose a secure aggregation-based tag deduplication scheme (ATDS), which takes the lead to consider resistance against side channel attack during the process of public verification. To deal with this problem, we define a user-associated integrity tag based on the defined content-associated polynomial and devise a Lagrangian interpolation-based aggregation strategy to achieve tag deduplication. With the help of this technique, content-associated public key is able to be utilized instead of a user-associated one to achieve auditing. Once the verification is passed, the TPA is just only able to make sure that the verified data are correctly corresponding to at least a group of users in cloud storage, rather than determining specific owners. The security analysis and experiment results show that the proposed scheme is able to resist side channel attack and is more efficient compared with the state of the art.

A Comprehensive Study of the Key Enumeration Problem

Entropy ◽

10.3390/e21100972 ◽

2019 ◽

Vol 21 (10) ◽

pp. 972 ◽

Cited By ~ 2

Author(s):

Ricardo Villanueva-Polanco

Keyword(s):

Main Memory ◽

Side Channel ◽

Secret Key ◽

Side Channel Attack ◽

Enumeration Algorithm ◽

Key Recovery ◽

Recovery Algorithm ◽

Enumeration Problem ◽

Enumeration Algorithms ◽

Recovery Problem

In this paper, we will study the key enumeration problem, which is connected to the key recovery problem posed in the cold boot attack setting. In this setting, an attacker with physical access to a computer may obtain noisy data of a cryptographic secret key of a cryptographic scheme from main memory via this data remanence attack. Therefore, the attacker would need a key-recovery algorithm to reconstruct the secret key from its noisy version. We will first describe this attack setting and then pose the problem of key recovery in a general way and establish a connection between the key recovery problem and the key enumeration problem. The latter problem has already been studied in the side-channel attack literature, where, for example, the attacker might procure scoring information for each byte of an Advanced Encryption Standard (AES) key from a side-channel attack and then want to efficiently enumerate and test a large number of complete 16-byte candidates until the correct key is found. After establishing such a connection between the key recovery problem and the key enumeration problem, we will present a comprehensive review of the most outstanding key enumeration algorithms to tackle the latter problem, for example, an optimal key enumeration algorithm (OKEA) and several nonoptimal key enumeration algorithms. Also, we will propose variants to some of them and make a comparison of them, highlighting their strengths and weaknesses.

Comprehensive Study of Side-Channel Attack on Emerging Non-Volatile Memories

Journal of Low Power Electronics and Applications ◽

10.3390/jlpea11040038 ◽

2021 ◽

Vol 11 (4) ◽

pp. 38

Author(s):

Mohammad Nasim Imtiaz Khan ◽

Shivam Bhasin ◽

Bo Liu ◽

Alex Yuan ◽

Anupam Chattopadhyay ◽

...

Keyword(s):

High Performance ◽

Spin Transfer Torque ◽

Spin Transfer ◽

Side Channel ◽

Secret Key ◽

Side Channel Attack ◽

Static Power ◽

High Scalability ◽

Power Operation ◽

Comprehensive Study

Emerging Non-Volatile Memories (NVMs) such as Magnetic RAM (MRAM), Spin-Transfer Torque RAM (STTRAM), Phase Change Memory (PCM) and Resistive RAM (RRAM) are very promising due to their low (static) power operation, high scalability and high performance. However, these memories bring new threats to data security. In this paper, we investigate their vulnerability against Side Channel Attack (SCA). We assume that the adversary can monitor the supply current of the memory array consumed during read/write operations and recover the secret key of Advanced Encryption Standard (AES) execution. First, we show our analysis of simulation results. Then, we use commercial NVM chips to validate the analysis. We also investigate the effectiveness of encoding against SCA on emerging NVMs. Finally, we summarize two new flavors of NVMs that can be resilient against SCA. To the best of our knowledge, this is the first attempt to do a comprehensive study of SCA vulnerability of the majority of emerging NVM-based cache.

A Side-Channel Attack on a Masked IND-CCA Secure Saber KEM Implementation

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2021.i4.676-707 ◽

2021 ◽

pp. 676-707

Author(s):

Kalle Ngo ◽

Elena Dubrova ◽

Qian Guo ◽

Thomas Johansson

Keyword(s):

Error Correcting Codes ◽

Side Channel ◽

Secret Key ◽

Side Channel Attack ◽

Order Model ◽

Session Key ◽

Key Recovery ◽

Message Recovery ◽

Recovery Approach

In this paper, we present a side-channel attack on a first-order masked implementation of IND-CCA secure Saber KEM. We show how to recover both the session key and the long-term secret key from 24 traces using a deep neural network created at the profiling stage. The proposed message recovery approach learns a higher-order model directly, without explicitly extracting random masks at each execution. This eliminates the need for a fully controllable profiling device which is required in previous attacks on masked implementations of LWE/LWR-based PKEs/KEMs. We also present a new secret key recovery approach based on maps from error-correcting codes that can compensate for some errors in the recovered message. In addition, we discovered a previously unknown leakage point in the primitive for masked logical shifting on arithmetic shares.

Security analysis of Raspberry Pi against Side-channel attack with RSA cryptography

2017 IEEE International Conference on Consumer Electronics - Taiwan (ICCE-TW) ◽

10.1109/icce-china.2017.7991108 ◽

2017 ◽

Cited By ~ 4

Author(s):

Akihiro Sanada ◽

Yasuyuki Nogami ◽

Kengo Iokibe ◽

Md. Al-Amin Khandaker

Keyword(s):

Security Analysis ◽

Raspberry Pi ◽

Side Channel ◽

Side Channel Attack ◽

Rsa Cryptography

Charge Based Power Side-Channel Attack Methodology for an Adiabatic Cipher

Electronics ◽

10.3390/electronics10121438 ◽

2021 ◽

Vol 10 (12) ◽

pp. 1438

Author(s):

Krithika Dhananjay ◽

Emre Salman

Keyword(s):

Power Analysis ◽

Block Cipher ◽

Side Channel ◽

Secret Key ◽

Side Channel Attack ◽

Ultra Low Power ◽

Target Signal ◽

Adiabatic Circuit ◽

A Charge ◽

The Internet Of Things

SIMON is a block cipher developed to provide flexible security options for lightweight hardware applications such as the Internet-of-things (IoT). Safeguarding such resource-constrained hardware from side-channel attacks poses a significant challenge. Adiabatic circuit operation has recently received attention for such applications due to ultra-low power consumption. In this work, a charge-based methodology is developed to mount a correlation power analysis (CPA) based side-channel attack to an adiabatic SIMON core. The charge-based method significantly reduces the attack complexity by reducing the required number of power samples by two orders of magnitude. The CPA results demonstrate that the required measurements-to-disclosure (MTD) to retrieve the secret key of an adiabatic SIMON core is 4× higher compared to a conventional static CMOS based implementation. The effect of increase in the target signal load capacitance on the MTD is also investigated. It is observed that the MTD can be reduced by half if the load driven by the target signal is increased by 2× for an adiabatic SIMON, and by 5× for a static CMOS based SIMON. This sensitivity to target signal capacitance of the adiabatic SIMON can pose a serious concern by facilitating a more efficient CPA attack.

Singleto Multi Clouds for Security in Cloud Computing by using Secret Key Sharing

INTERNATIONAL JOURNAL OF COMPUTERS & TECHNOLOGY ◽

10.24297/ijct.v10i4.3254 ◽

2013 ◽

Vol 10 (4) ◽

pp. 1539-1545 ◽

Cited By ~ 8

Author(s):

K Chandra Mouli ◽

U Seshadri

Keyword(s):

Cloud Computing ◽

Low Cost ◽

Third Party ◽

Service Availability ◽

Secret Key ◽

Computing Technology ◽

Sensitive Data ◽

Security Risks ◽

Cloud Users ◽

Multi Cloud

Now a day Cloud Computing is rapidly using computing technology. For low cost and high-end benefits this cloud computing is utilized. The major issue in this cloud computing is Ensuring the security, because the often store sensitive data with third party cloudproviders but these providers may beuntrusted.Working with single cloud is prevented, because in customerâ€™s perception the failure in service availability and thepossibility of viciousgang in single cloud. To overcome these types of failures, a recent and popular technology is emerged called cloud of clouds or multi clouds or inters clouds. In this paper we illustrated the recent research towards multi clouds from single cloud and addressed possible solutions in security concern.Here we used the SSS (Secret Key Sharing) technique to share the key between servers. From this we can found that there is less attention in the field of multi cloud security compare with single cloud providers. The main intention of this work is to reduce the security risks related to cloud users and to encourage theuse of cloud- of -clouds due to its ability.

An effective, secure and efficient tagging method for integrity protection of outsourced data in a public cloud storage

PLoS ONE ◽

10.1371/journal.pone.0241236 ◽

2020 ◽

Vol 15 (11) ◽

pp. e0241236 ◽

Cited By ~ 1

Author(s):

Reem ALmarwani ◽

Ning Zhang ◽

James Garside

Keyword(s):

Cloud Storage ◽

Security Analysis ◽

Third Party ◽

Public Cloud ◽

Data Confidentiality ◽

Public And Private ◽

Outsourced Data ◽

Integrity Protection ◽

And Performance ◽

Constrained Devices

Data Integrity Auditing (DIA) is a security service for checking the integrity of data stored in a PCS (Public Cloud Storage), a third-party based storage service. A DIA service is provided by using integrity tags (hereafter referred to tags). This paper proposes a novel tagging method, called Tagging of Outsourced Data (TOD), for generating and verifying tags of files. TOD has a number of unique properties: (i) it supports both public and private verifiability, and achieves this property with a low level of overhead at the user end, making it particularly attractive to mobile users with resource-constrained devices, (ii) it protects data confidentiality, supports dynamic tags and is resilient against tag forgery and tag tampering (i.e. by authorised insiders) at the same time in more secure and efficient, making the method more suited to the PCS environment, (iii) it supports tags deduplication, making it more efficient, particularly for the user who has many files with data redundancy. Comprehensive security analysis and performance evaluation have been conducted to demonstrate the efficacy and efficiency of the approach taken in the design.

On the Security of Practical Mail User Agents against Cache Side-Channel Attacks

Applied Sciences ◽

10.3390/app10113770 ◽

2020 ◽

Vol 10 (11) ◽

pp. 3770

Author(s):

Hodong Kim ◽

Hyundo Yoon ◽

Youngjoo Shin ◽

Junbeom Hur

Keyword(s):

Third Party ◽

Side Channel ◽

Software Components ◽

Side Channel Attack ◽

Side Channel Attacks ◽

User Agent ◽

Root Cause ◽

Private Key ◽

The Third ◽

And Control

Mail user agent (MUA) programs provide an integrated interface for email services. Many MUAs support email encryption functionality to ensure the confidentiality of emails. In practice, they encrypt the content of an email using email encryption standards such as OpenPGP or S/MIME, mostly implemented using GnuPG. Despite their widespread deployment, there has been insufficient research on their software structure and the security dependencies among the software components of MUA programs. In order to understand the security implications of the structures and analyze any possible vulnerabilities of MUA programs, we investigated a number of MUAs that support email encryption. As a result, we found severe vulnerabilities in a number of MUAs that allow cache side-channel attacks in virtualized desktop environments. Our analysis reveals that the root cause originates from the lack of verification and control over the third-party cryptographic libraries that they adopt. In order to demonstrate this, we implemented a cache side-channel attack on RSA in GnuPG and then conducted an evaluation of the vulnerability of 13 MUAs that support email encryption in Ubuntu 14.04, 16.04 and 18.04. Based on our experiment, we found that 10 of these MUA programs (representing approximately 77% of existing MUA programs) allow the installation of a vulnerable version of GnuPG, even when the latest version of GnuPG, which is secure against most cache side-channel attacks, is in use. In order to substantiate the importance of the vulnerability we discovered, we conducted a FLUSH+RELOAD attack on these MUA programs and demonstrated that the attack restored 92% of the bits of the 2048-bit RSA private key when the recipients read a single encrypted email.

An efficient secure Internet of things data storage auditing protocol with adjustable parameter in cloud computing

International Journal of Distributed Sensor Networks ◽

10.1177/1550147716686579 ◽

2017 ◽

Vol 13 (1) ◽

pp. 155014771668657 ◽

Cited By ~ 3

Author(s):

Meng Liu ◽

Xuan Wang ◽

Chi Yang ◽

Zoe Lin Jiang ◽

Ye Li

Keyword(s):

Internet Of Things ◽

Data Storage ◽

Cloud Storage ◽

Cost Effective ◽

Optimal Number ◽

Third Party ◽

Cloud Systems ◽

Cloud Storage Service ◽

Pairing Based Cryptography ◽

Cloud Users

Nowadays, an increasing number of cloud users including both individuals and enterprises store their Internet of things data in cloud for benefits like cost saving. However, the cloud storage service is often regarded to be untrusted due to their loss of direct control over the data. Hence, it is necessary to verify the integrity of their data on cloud storage servers via a third party. In real cloud systems, it is very important to improve the performance of the auditing protocol. Hence, the well-designed and cost-effective auditing protocol is expected to meet with the performance requirement while the data size is very large in real cloud systems. In this article, we also propose an auditing protocol based on pairing-based cryptography, which can reduce the computation cost compared to the state-of-the-art third-party auditing protocol. Moreover, we also study how to determine the number of sectors to achieve the optimal performance of our auditing protocol in a case of the same challenged data. And an equation for computing the optimal number of sectors is proposed to further improve the performance of our auditing protocol. Both the mathematical analysis method and experiment results show that our solution is more efficient.

Privacy-Preserving Outsourced Auditing Scheme for Dynamic Data Storage in Cloud

Security and Communication Networks ◽

10.1155/2017/4603237 ◽

2017 ◽

Vol 2017 ◽

pp. 1-17 ◽

Cited By ~ 5

Author(s):

Tengfei Tu ◽

Lu Rao ◽

Hua Zhang ◽

Qiaoyan Wen ◽

Jia Xiao

Keyword(s):

Data Storage ◽

Cloud Storage ◽

Data Privacy ◽

Computational Cost ◽

Security Analysis ◽

Data Encryption ◽

Third Party ◽

User Data ◽

Data Auditing ◽

User Focus

As information technology develops, cloud storage has been widely accepted for keeping volumes of data. Remote data auditing scheme enables cloud user to confirm the integrity of her outsourced file via the auditing against cloud storage, without downloading the file from cloud. In view of the significant computational cost caused by the auditing process, outsourced auditing model is proposed to make user outsource the heavy auditing task to third party auditor (TPA). Although the first outsourced auditing scheme can protect against the malicious TPA, this scheme enables TPA to have read access right over user’s outsourced data, which is a potential risk for user data privacy. In this paper, we introduce the notion of User Focus for outsourced auditing, which emphasizes the idea that lets user dominate her own data. Based on User Focus, our proposed scheme not only can prevent user’s data from leaking to TPA without depending on data encryption but also can avoid the use of additional independent random source that is very difficult to meet in practice. We also describe how to make our scheme support dynamic updates. According to the security analysis and experimental evaluations, our proposed scheme is provably secure and significantly efficient.