SIDE-CHANNEL ATTACKS ON THE MOBILE PHONES

Currently, attacks on side channels are the main method of cryptanalysis, but despite this, these attacks have a very specific model of the attacker. As a result, the practical usage of side-channel attacks is sometimes disputable. The level of threat in each case should be assessed taking into account the individual characteristics of a specific target system. Client applications, such as mobile phone applications, are especially vulnerable due to easy access to the device, so it's required to pay sufficient attention to their security, since they are more accessible to the attacker and usually contain a large amount of confidential information. This study represents an assessment of the informativeness of signals from side channels received from mobile phones. The studies used not expensive equipment to minimize the requirements for the level of the attacker and, consequently, increase the applicability of the attack. This undoubtedly leads to the complication of the attacks, so the NICV algorithm was used to analyze the data obtained. The NICV (normalized interclass variance) algorithm can significantly improve the efficiency of the analysis of the traces obtained during an attack by reducing the number of points.

Download Full-text

Evaluation of (power) side-channels in cryptographic implementations

it - Information Technology ◽

10.1515/itit-2018-0028 ◽

2019 ◽

Vol 61 (1) ◽

pp. 15-28

Author(s):

Florian Bache ◽

Christina Plump ◽

Jonas Wloka ◽

Tim Güneysu ◽

Rolf Drechsler

Keyword(s):

Evaluation System ◽

Evaluation Process ◽

Physical Reality ◽

Evaluation Framework ◽

Side Channel ◽

Side Channel Attacks ◽

Side Channels ◽

Efficient Data ◽

Attack Surface ◽

The Internet Of Things

Abstract Side-channel attacks enable powerful adversarial strategies against cryptographic devices and encounter an ever-growing attack surface in today’s world of digitalization and the internet of things. While the employment of provably secure side-channel countermeasures like masking have become increasingly popular in recent years, great care must be taken when implementing these in actual devices. The reasons for this are two-fold: The models on which these countermeasures rely do not fully capture the physical reality and compliance with the requirements of the countermeasures is non-trivial in complex implementations. Therefore, it is imperative to validate the SCA-security of concrete instantiations of cryptographic devices using measurements on the actual device. In this article we propose a side-channel evaluation framework that combines an efficient data acquisition process with state-of-the-art confidence interval based leakage assessment. Our approach allows a sound assessment of the potential susceptibility of cryptographic implementations to side-channel attacks and is robust against noise in the evaluation system. We illustrate the steps in the evaluation process by applying them to a protected implementation of AES.

Download Full-text

Eluding Side Channel Attacks by using Masking 128Bit AES Design

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.h6732.069820 ◽

2020 ◽

Vol 9 (8) ◽

pp. 952-955

Keyword(s):

Data Transmission ◽

Advanced Encryption Standard ◽

Side Channel ◽

Side Channel Attacks ◽

Equal Area ◽

Original Algorithm ◽

Aes Algorithm ◽

Side Channels ◽

Standard Design ◽

Secure Data Transmission

: Advanced encryption standard is detailing for data crypto graphing. The algorithm used universally for cryptography and secure data transmission, the algorithm puissant to intruders, who often attack via side channels. One of the observed attacks was estimate the power implanted in AES core and processed probable scrutinizing to guess the key on multiple iterations. So in order to elude side channel attacks and reduce power consumed in AES standard, design proposed with masking and pipeline scheme. This design helps in shrinking power consumption as compare to AES algorithm and upgrade to withstand from attacks. Another major improvement in the design is LUT’s used for masking and original algorithm almost equal, area phenomenon also solved out. The proposed algorithm implemented in VERTEX-7 FPGA board and simulated using Xilinx Vivado 2015.2 and Modelsim.

Download Full-text

SpecSafe: detecting cache side channels in a speculative world

Proceedings of the ACM on Programming Languages ◽

10.1145/3485506 ◽

2021 ◽

Vol 5 (OOPSLA) ◽

pp. 1-28

Author(s):

Robert Brotzman ◽

Danfeng Zhang ◽

Mahmut Taylan Kandemir ◽

Gang Tan

Keyword(s):

Program Transformation ◽

Speculative Execution ◽

Side Channel ◽

Side Channel Attacks ◽

False Negatives ◽

High Profile ◽

Side Channels ◽

Confidential Data ◽

Definition Of ◽

Semantic Definition

The high-profile Spectre attack and its variants have revealed that speculative execution may leave secret-dependent footprints in the cache, allowing an attacker to learn confidential data. However, existing static side-channel detectors either ignore speculative execution, leading to false negatives, or lack a precise cache model, leading to false positives. In this paper, somewhat surprisingly, we show that it is challenging to develop a speculation-aware static analysis with precise cache models: a combination of existing works does not necessarily catch all cache side channels. Motivated by this observation, we present a new semantic definition of security against cache-based side-channel attacks, called Speculative-Aware noninterference (SANI), which is applicable to a variety of attacks and cache models. We also develop SpecSafe to detect the violations of SANI. Unlike other speculation-aware symbolic executors, SpecSafe employs a novel program transformation so that SANI can be soundly checked by speculation-unaware side-channel detectors. SpecSafe is shown to be both scalable and accurate on a set of moderately sized benchmarks, including commonly used cryptography libraries.

Download Full-text

Information Theoretic Security for Broadcasting of Two Encrypted Sources under Side-Channel Attacks †

Entropy ◽

10.3390/e21080781 ◽

2019 ◽

Vol 21 (8) ◽

pp. 781

Author(s):

Bagus Santoso ◽

Yasutada Oohama

Keyword(s):

Secure Communication ◽

Side Information ◽

Physical Phenomenon ◽

Sufficient Conditions ◽

Information Leakage ◽

Side Channel ◽

Side Channel Attacks ◽

Additional Information ◽

Side Channels ◽

Secret Keys

In this paper, we propose a theoretical framework to analyze the secure communication problem for broadcasting two encrypted sources in the presence of an adversary which launches side-channel attacks. The adversary is not only allowed to eavesdrop the ciphertexts in the public communication channel, but is also allowed to gather additional information on the secret keys via the side-channels, physical phenomenon leaked by the encryption devices during the encryption process, such as the fluctuations of power consumption, heat, or electromagnetic radiation generated by the encryption devices. Based on our framework, we propose a countermeasure against such adversary by using the post-encryption-compression (PEC) paradigm, in the case of one-time-pad encryption. We implement the PEC paradigm using affine encoders constructed from linear encoders and derive the explicit the sufficient conditions to attain the exponential decay of the information leakage as the block lengths of encrypted sources become large. One interesting feature of the proposed countermeasure is that its performance is independent from the type of side information leaked by the encryption devices.

Download Full-text

Side-Channel Attacks on the Mobile Phones: Applicability and Improvements

Advances in Intelligent Systems and Computing - Intelligent Computing ◽

10.1007/978-3-030-22868-2_44 ◽

2019 ◽

pp. 612-621

Author(s):

Roman Mostovoy ◽

Pavel Borisenko ◽

Daria Sleptsova ◽

Alla Levina ◽

Igor Zikratiov

Keyword(s):

Mobile Phones ◽

Side Channel ◽

Side Channel Attacks

Download Full-text

A Survey of Microarchitectural Side-channel Vulnerabilities, Attacks, and Defenses in Cryptography

ACM Computing Surveys ◽

10.1145/3456629 ◽

2021 ◽

Vol 54 (6) ◽

pp. 1-37

Author(s):

Xiaoxuan Lou ◽

Tianwei Zhang ◽

Jun Jiang ◽

Yinqian Zhang

Keyword(s):

Large Scale ◽

Past Research ◽

Research Literature ◽

Research Community ◽

Computer Applications ◽

Side Channel ◽

Side Channel Attacks ◽

Scale Evaluation ◽

Side Channels ◽

Attacks And Defenses

Side-channel attacks have become a severe threat to the confidentiality of computer applications and systems. One popular type of such attacks is the microarchitectural attack, where the adversary exploits the hardware features to break the protection enforced by the operating system and steal the secrets from the program. In this article, we systematize microarchitectural side channels with a focus on attacks and defenses in cryptographic applications. We make three contributions. (1) We survey past research literature to categorize microarchitectural side-channel attacks. Since these are hardware attacks targeting software, we summarize the vulnerable implementations in software, as well as flawed designs in hardware. (2) We identify common strategies to mitigate microarchitectural attacks, from the application, OS, and hardware levels. (3) We conduct a large-scale evaluation on popular cryptographic applications in the real world and analyze the severity, practicality, and impact of side-channel vulnerabilities. This survey is expected to inspire side-channel research community to discover new attacks, and more importantly, propose new defense solutions against them.

Download Full-text

THE METHODS OF DEVELOPING COMPUTATIONAL THINKING OF STUDENTS WHILE STUDYING THE COURSE "NUMERICAL METHODS" BASED ON BLENDED LEARNING

Informatics and Education ◽

10.32517/0234-0453-2019-34-6-34-41 ◽

2019 ◽

pp. 34-41

Author(s):

M. M. Klunnikova

Keyword(s):

Numerical Methods ◽

Blended Learning ◽

Computational Thinking ◽

Individual Characteristics ◽

Diagnostic Model ◽

Mathematics Students ◽

Professional Activities ◽

Cognitive Component ◽

Professional Field ◽

The Individual

The work is devoted to the consideration of improving the quality of teaching students the discipline “Numerical methods” through the development of the cognitive component of computational thinking based on blended learning. The article presents a methodology for the formation of computational thinking of mathematics students, based on the visualization of algorithmic design schemes and the activation of the cognitive independence of students. The characteristic of computational thinking is given, the content and structure of computational thinking are shown. It is argued that a student with such a mind is able to manifest himself in his professional field in the best possible way. The results of the application of the technique are described. To determine the level of development of the cognitive component of computational thinking, a diagnostic model has been developed based on measuring the content, operational and motivational components. It is shown that the proposed method of developing computational thinking of students, taking into account the individual characteristics of students’ thinking, meaningfully based on the theoretical and practical aspects of studying the discipline, increases the effectiveness of learning the course “Numerical methods”. The materials of the article are of practical value for teachers of mathematical disciplines who use information and telecommunication technologies in their professional activities.

Download Full-text

MEDIA SOCIALIZATION OF PERSONALITY IN THE CONTEXT OF INMUTATION IN THE MASS MEDIA

Pedagogical Sciences ◽

10.32999/ksu2413-1865/2020-91-15 ◽

2021 ◽

pp. 104-109

Author(s):

Chernysh O.O.

Keyword(s):

Mass Media ◽

Negative Impact ◽

Effective Interaction ◽

Individual Characteristics ◽

Media Culture ◽

Active Growth ◽

Media Space ◽

The Media ◽

The Individual

The urgency of the researched problem is connected with the growing role of mass media in modern conditions leads to change of values and transformation of identity of the person. The active growth of the role of the media, their influence on the formation and development of personality leads to the concept of “media socialization” and immutation in the media. The aim of the study is to outline the possibilities of the process of media socialization in the context of immutation in the media. The methods of our research are: analysis of pedagogical, psychological, literature, synthesis, comparison, generalization. The article analyzes the views of domestic and foreign scientists on the problem of immutation in the media and the transformation of the information space. In the context of the mass nature of the immutation of society, the concept of “media socialization” becomes relevant, which is the basis for reducing the negative impact of the media on the individual.The author identifies the lack of a thorough study of the concept of “media socialization” in modern scientific thought. Thus, media socialization is associated with the transformation of traditional means of socialization, and is to assimilate and reproduce the social experience of mankind with the help of new media.The article analyzes the essence of the concepts “media space”, “mass media” and “immutation”. The influence of mass media on the formation and development of the modern personality is described in detail.The study concluded that it is necessary to form a media culture of the individual, to establish safe and effective interaction of young people with the modern media system, the formation of media awareness, media literacy and media competence in accordance with age and individual characteristics for successful media socialization. The role of state bodies in solving the problem of media socialization of the individual was also determined. It is determined that the process of formation of media culture in youth should take place at the level of traditional institutions of socialization of the individual.The author sees the prospect of further research in a detailed analysis and study of the potential of educational institutions as an institution and a means of counteracting the mass nature of the immutation of society.Key words: immutation, media socialization, mass media, media space, information.

Download Full-text

New Countermeasures Against Side-Channel Attacks for Cryptography on Elliptic Curves

Telecommunications and Radio Engineering ◽

10.1615/telecomradeng.v65.i10.40 ◽

2006 ◽

Vol 65 (10) ◽

pp. 913-922

Author(s):

Ya. N. Imamverdiev

Keyword(s):

Elliptic Curves ◽

Side Channel ◽

Side Channel Attacks

Download Full-text

DECISION-MAKING ON INVESTMENT OF IT-INNOVATION BASED ON FUZZY EXPERT INFORMATION

VESTNIK OF ASTRAKHAN STATE TECHNICAL UNIVERSITY SERIES MANAGEMENT COMPUTER SCIENCE AND INFORMATICS ◽

10.24143/2072-9502-2018-1-103-111 ◽

2018 ◽

pp. 103-111

Author(s):

Olga Olegovna Eremenko ◽

Lyubov Borisovna Aminul ◽

Elena Vitalievna Chertina

Keyword(s):

Decision Making ◽

Individual Characteristics ◽

Production Model ◽

Investment Management ◽

It Projects ◽

Product Model ◽

Project Cost ◽

Reasoning System ◽

Managerial Decisions ◽

The Individual

The subject of the research is the process of making managerial decisions for innovative IT projects investing. The paper focuses on the new approach to decision making on investing innovative IT projects using expert survey in a fuzzy reasoning system. As input information, expert estimates of projects have been aggregated into six indicators having a linguistic description of the individual characteristics of the project type "high", "medium", and "low". The task of decision making investing has been formalized and the term-set of the output variable Des has been defined: to invest 50-75% of the project cost; to invest 20-50% of the project cost; to invest 10-20% of the project cost; to send the project for revision; to turn down investing project. The fuzzy product model of making investment management decisions has been developed; it adequately describes the process of investment management. The expediency of using constructed production model on a practical example is shown.

Download Full-text