scholarly journals Cache Misses and the Recovery of the Full AES 256 Key

2019 ◽  
Author(s):  
Samira Briongos ◽  
Pedro Malagón ◽  
Juan-Mariano de Goyeneche ◽  
Jose M. Moya
Keyword(s):  
Cloud Computing ◽  
Information Leakage ◽  
Side Channel ◽  
Sensitive Information ◽  
Sources Of Information ◽  
Shared Cache ◽  
Novel Approach ◽  
Memory Accesses ◽  
Cache Attacks

In recent years, CPU caches have revealed themselves as one of the most powerful sources of information leakage. This information leakage affects any implementation whose memory accesses, to data or instructions, depend on sensitive information such as private keys. In most cases, side-channel cache attacks do not require any specific permission and just need access to a shared cache. This fact, combined with the spread of cloud computing, where the infrastructure is shared between different customers, have made these attacks quite popular. In this paper, we present a novel approach to exploit the information obtained from the CPU cache. First, we introduce a non-access attack that provides a 97\% reduction in the number of encryptions required to obtain a 128-bit AES key. Next, this attack is adapted and extended in what we call the encryption-by-decryption cache attack or EBD, to obtain a 256-bit AES key. When EBD is applied to AES-256, we are able to obtain the 256 bits of the key with less than 10000 encryptions. These results make EBD, to the best of our knowledge, the first practical attack on AES-256 and also demonstrate that AES-256 is only about 3 times more complex to attack than AES-128 via cache attacks. In both cases the target is the AES T-table-based implementation, and we also demonstrate that our approach works in a cross-VM scenario.

scholarly journals Cache Misses and the Recovery of the Full AES 256 Key

2019 ◽  
Vol 9 (5) ◽  
pp. 944 ◽  
Author(s):  
Samira Briongos ◽  
Pedro Malagón ◽  
Juan-Mariano de Goyeneche ◽  
Jose Moya
Keyword(s):  
Cloud Computing ◽  
Traditional Approach ◽  
Memory Access ◽  
Side Channel ◽  
Sensitive Information ◽  
Significant Information ◽  
Shared Cache ◽  
Novel Approach ◽  
Source Of Information ◽  
Cache Attacks

The CPU cache is a hardware element that leaks significant information about the software running on the CPU. Particularly, any application performing sequences of memory access that depend on sensitive information, such as private keys, is susceptible to suffer a cache attack, which would reveal this information. In most cases, side-channel cache attacks do not require any specific permission and just need access to a shared cache. This fact, combined with the spread of cloud computing, where the infrastructure is shared between different customers, has made these attacks quite popular. Traditionally, cache attacks against AES use the information about the victim to access an address. In contrast, we show that using non-access provides much more information and demonstrate that the power of cache attacks has been underestimated during these last years. This novel approach is applicable to existing attacks: Prime+Probe, Flush+Reload, Flush+Flush and Prime+Abort. In all cases, using cache misses as source of information, we could retrieve the 128-bit AES key with a reduction in the number of samples of between 93% and 98% compared to the traditional approach. Further, this attack was adapted and extended in what we call the encryption-by-decryption cache attack (EBD), to obtain a 256-bit AES key. In the best scenario, our approach obtained the 256 bits of the key of the OpenSSL AES T-table-based implementation using fewer than 10,000 samples, i.e., 135 milliseconds, proving that AES-256 is only about three times more complex to attack than AES-128 via cache attacks. Additionally, the proposed approach was successfully tested in a cross-VM scenario.

Novel Private Matching Protocol Suitable for Cloud Computing

2013 ◽  
Vol 373-375 ◽  
pp. 1678-1681
Author(s):  
Jian Wang ◽  
Xiao Yu Qi
Keyword(s):  
Cloud Computing ◽  
Cloud Service ◽  
The Internet ◽  
Sensitive Information ◽  
Security Issue ◽  
Research Focus ◽  
Novel Approach ◽  
Private Matching

In cloud computing users always hope their identity can’t be disclosed while they access the cloud service. Although there are many research focus on the security issue in cloud, none work has been carefully addressed about the proposed problem. To allay users' concerns of disclosure of their identity, we proposed a novel approach based on private matching protocol to protect users’ sensitive information in cloud computing. Besides, this paper also states the new problem of privacy indexing in the internet and proves that our proposed protocol can avoid privacy indexing in the cloud.

Power Side-Channel Analysis of RNS GLV ECC Using Machine and Deep Learning Algorithms

2021 ◽  
Vol 21 (3) ◽  
pp. 1-20
Author(s):  
Mohamad Ali Mehrabi ◽  
Naila Mukhtar ◽  
Alireza Jolfaei
Keyword(s):  
Deep Learning ◽  
Elliptic Curve ◽  
Smart Cities ◽  
Information Leakage ◽  
Side Channel ◽  
Side Channel Attacks ◽  
Public Key Cryptosystems ◽  
Elliptic Curve Cryptosystems ◽  
Hardware Implementations ◽  
Substantial Progress

Many Internet of Things applications in smart cities use elliptic-curve cryptosystems due to their efficiency compared to other well-known public-key cryptosystems such as RSA. One of the important components of an elliptic-curve-based cryptosystem is the elliptic-curve point multiplication which has been shown to be vulnerable to various types of side-channel attacks. Recently, substantial progress has been made in applying deep learning to side-channel attacks. Conceptually, the idea is to monitor a core while it is running encryption for information leakage of a certain kind, for example, power consumption. The knowledge of the underlying encryption algorithm can be used to train a model to recognise the key used for encryption. The model is then applied to traces gathered from the crypto core in order to recover the encryption key. In this article, we propose an RNS GLV elliptic curve cryptography core which is immune to machine learning and deep learning based side-channel attacks. The experimental analysis confirms the proposed crypto core does not leak any information about the private key and therefore it is suitable for hardware implementations.

scholarly journals Device-Based Security to Improve User Privacy in the Internet of Things †

Sensors ◽  
2018 ◽  
Vol 18 (8) ◽  
pp. 2664 ◽  
Author(s):  
Luis Belem Pacheco ◽  
Eduardo Pelinson Alchieri ◽  
Priscila Mendez Barreto
Keyword(s):  
Cloud Computing ◽  
Internet Of Things ◽  
Single Point ◽  
Data Access ◽  
Cloud Services ◽  
Sensitive Information ◽  
User Privacy ◽  
Privacy And Security ◽  
Iot Devices ◽  
And Control

The use of Internet of Things (IoT) is rapidly growing and a huge amount of data is being generated by IoT devices. Cloud computing is a natural candidate to handle this data since it has enough power and capacity to process, store and control data access. Moreover, this approach brings several benefits to the IoT, such as the aggregation of all IoT data in a common place and the use of cloud services to consume this data and provide useful applications. However, enforcing user privacy when sending sensitive information to the cloud is a challenge. This work presents and evaluates an architecture to provide privacy in the integration of IoT and cloud computing. The proposed architecture, called PROTeCt—Privacy aRquitecture for integratiOn of internet of Things and Cloud computing, improves user privacy by implementing privacy enforcement at the IoT devices instead of at the gateway, as is usually done. Consequently, the proposed approach improves both system security and fault tolerance, since it removes the single point of failure (gateway). The proposed architecture is evaluated through an analytical analysis and simulations with severely constrained devices, where delay and energy consumption are evaluated and compared to other architectures. The obtained results show the practical feasibility of the proposed solutions and demonstrate that the overheads introduced in the IoT devices are worthwhile considering the increased level of privacy and security.

Static Analysis of Run-Time Inter-Core Interferences for Concurrent Programs in Shared Cache Multicore Architectures

2012 ◽  
Vol 198-199 ◽  
pp. 523-527
Author(s):  
Fang Yuan Chen ◽  
Dong Song Zhang ◽  
Zhi Ying Wang
Keyword(s):  
Multicore Processors ◽  
Mapping Method ◽  
Concurrent Programs ◽  
Multicore Architectures ◽  
Shared Resources ◽  
Worst Case ◽  
Shared Cache ◽  
Address Mapping ◽  
Novel Approach ◽  
Time Systems

Worst-Case Execution Time (WCET) is crucial in real-time systems and is very challenging in multicore processors due to the possible runtime inter-thread interferences caused by shared resources. This paper proposes a novel approach to analyze runtime inter-core interferences for consecutive or inconsecutive concurrent programs. Our approach can reasonably estimate runtime inter-core interferences in shared cache by introducing lifetime and instruction fetching timing relations analysis into address mapping method. Compared with the method based on lifetime alone, our proposed approach efficiently improves the tightness of WCET estimation.

Sign in / Sign up

Export Citation Format

Share Document