Tight and Scalable Side-Channel Attack Evaluations through Asymptotically Optimal Massey-like Inequalities on Guessing Entropy

The bounds presented at CHES 2017 based on Massey’s guessing entropy represent the most scalable side-channel security evaluation method to date. In this paper, we present an improvement of this method, by determining the asymptotically optimal Massey-like inequality and then further refining it for finite support distributions. The impact of these results is highlighted for side-channel attack evaluations, demonstrating the improvements over the CHES 2017 bounds.

Download Full-text

Security evaluation of cryptographic modules against side-channel attack using a biased data set

2017 IEEE 6th Global Conference on Consumer Electronics (GCCE) ◽

10.1109/gcce.2017.8229302 ◽

2017 ◽

Author(s):

Masato Matsubayashi ◽

Hendra Guntur ◽

Akashi Satoh

Keyword(s):

Security Evaluation ◽

Side Channel ◽

Side Channel Attack ◽

Data Set

Download Full-text

Detecting Cache-Based Side Channel Attacks in IaaS using Enhanced Algorithm

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.i1136.0789s419 ◽

2019 ◽

Vol 8 (9S4) ◽

pp. 227-235

Keyword(s):

Credit Card ◽

Web Applications ◽

Virtual Machines ◽

Speculative Execution ◽

Smart Devices ◽

Side Channel ◽

Detection Accuracy ◽

Sensitive Information ◽

Side Channel Attack ◽

The Impact

The Connectivity of the information among people throughout the world is made possible through computers and smart devices connected over the internet. The economic related transactions also happen over the network which needs a secured transaction medium. Therefore, lots of intrusion detection and prevention systems are implemented in order to reduce the impact of the attack. But every year the impact of attack over the shared VMs is being dramatically increased. The economic transactions occur with the help of web applications and they are divided into browser-side and server-side components. One of the major services provided by the cloud environment is Infrastructure-asa-Service in which the virtual machines are used to provide the shared services to the multiple users. Though the VMs are secured by implementing the various security algorithms, one of the attacks, Side-channel attack, uses the leaked information acquired from the implementation of hardware component. Cache-based side channel attack is the serious attack, which tries to steal the sensitive information like credit card details, password, medical related details, etc., by establishing various algorithms like PRIME+PROBE, FLUSH+RELOAD, FLUSH+FLUSH, etc.,. The VM does speculative execution for improving the CPU performance, thus resulting in a scenario which allows the user to access the sensitive data on the cache line. So in this paper the environment is set up with 5 various scenarios with the combinations consisting of attack, no-attack, Full load, Average load and no-load. The Hardware Performance Counters (HPC) is used along with Intel CMT to monitor and distinguish the attacker VM, thus increasing the detection accuracy and reducing the system overhead.

Download Full-text

Side-channel Attack user reference architecture board SAKURA-W for security evaluation of IC card

2015 IEEE 4th Global Conference on Consumer Electronics (GCCE) ◽

10.1109/gcce.2015.7398507 ◽

2015 ◽

Cited By ~ 1

Author(s):

Masato Matsubayashi ◽

Akashi Satoh

Keyword(s):

Security Evaluation ◽

Side Channel ◽

Reference Architecture ◽

Side Channel Attack ◽

Ic Card

Download Full-text

Recent Research Trends in Side Channel Attack on Cryptographic Modules and its Countermeasure

IEEJ Transactions on Fundamentals and Materials ◽

10.1541/ieejfms.132.9 ◽

2012 ◽

Vol 132 (1) ◽

pp. 9-12

Author(s):

Yu-ichi Hayashi ◽

Naofumi Homma ◽

Takaaki Mizuki ◽

Takafumi Aoki ◽

Hideaki Sone

Keyword(s):

Research Trends ◽

Side Channel ◽

Side Channel Attack

Download Full-text

A Fast Power Current Simulation of Cryptographic VLSI Circuits for Side Channel Attack Evaluation

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences ◽

10.1587/transfun.e96.a.2533 ◽

2013 ◽

Vol E96.A (12) ◽

pp. 2533-2541

Author(s):

Daisuke FUJIMOTO ◽

Toshihiro KATASHITA ◽

Akihiko SASAKI ◽

Yohei HORI ◽

Akashi SATOH ◽

...

Keyword(s):

Vlsi Circuits ◽

Side Channel ◽

Side Channel Attack ◽

Fast Power

Download Full-text

Scan-Based Side-Channel Attack on the Camellia Block Cipher Using Scan Signatures

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences ◽

10.1587/transfun.e98.a.2547 ◽

2015 ◽

Vol E98.A (12) ◽

pp. 2547-2555 ◽

Cited By ~ 2

Author(s):

Huiqian JIANG ◽

Mika FUJISHIRO ◽

Hirokazu KODERA ◽

Masao YANAGISAWA ◽

Nozomu TOGAWA

Keyword(s):

Block Cipher ◽

Side Channel ◽

Side Channel Attack

Download Full-text

Analysis of Side-Channel Attack Based on Information Theory

IEICE Transactions on Fundamentals of Electronics Communications and Computer Sciences ◽

10.1587/transfun.e97.a.1523 ◽

2014 ◽

Vol E97.A (7) ◽

pp. 1523-1532

Author(s):

Hiroaki MIZUNO ◽

Keisuke IWAI ◽

Hidema TANAKA ◽

Takakazu KUROKAWA

Keyword(s):

Information Theory ◽

Side Channel ◽

Side Channel Attack

Download Full-text

A new security evaluation method using regular grammar to describe the required security mechanisms against software threats

Electrical Engineering and Information Technology ◽

10.2495/ceeit140321 ◽

2014 ◽

Author(s):

Saman Hedayatpour ◽

Nazri Kama

Keyword(s):

Evaluation Method ◽

Security Evaluation ◽

Regular Grammar

Download Full-text

A Practical Conflicting Role-based Cloud Security Risk Evaluation Method

Recent Advances in Computer Science and Communications ◽

10.2174/2666255813666191204145140 ◽

2019 ◽

Vol 13 ◽

Author(s):

Jin Han ◽

Jing Zhan ◽

Xiaoqing Xia ◽

Xue Fan

Keyword(s):

Risk Evaluation ◽

Evaluation Method ◽

Service Providers ◽

Risk Preferences ◽

Cloud Service ◽

Cloud Security ◽

Third Party ◽

Security Evaluation ◽

Security Risk ◽

Cloud Users

Background: Currently, Cloud Service Provider (CSP) or third party usually proposes principles and methods for cloud security risk evaluation, while cloud users have no choice but accept them. However, since cloud users and cloud service providers have conflicts of interests, cloud users may not trust the results of security evaluation performed by the CSP. Also, different cloud users may have different security risk preferences, which makes it difficult for third party to consider all users' needs during evaluation. In addition, current security evaluation indexes for cloud are too impractical to test (e.g., indexes like interoperability, transparency, portability are not easy to be evaluated). Methods: To solve the above problems, this paper proposes a practical cloud security risk evaluation method of decision-making based on conflicting roles by using the Analytic Hierarchy Process (AHP) with Aggregation of Individual priorities (AIP). Results: Not only can our method bring forward a new index system based on risk source for cloud security and corresponding practical testing methods, but also can obtain the evaluation result with the risk preferences of conflicting roles, namely CSP and cloud users, which can lay a foundation for improving mutual trusts between the CSP and cloud users. The experiments show that the method can effectively assess the security risk of cloud platforms and in the case where the number of clouds increased by 100% and 200%, the evaluation time using our methodology increased by only by 12% and 30%. Conclusion: Our method can achieve consistent decision based on conflicting roles, high scalability and practicability for cloud security risk evaluation.

Download Full-text

Non-Profiled Side-Channel Attack Based on Deep Learning Using Picture Trace

IEEE Access ◽

10.1109/access.2021.3055833 ◽

2021 ◽

Vol 9 ◽

pp. 22480-22492

Author(s):

Yoo-Seung Won ◽

Dong-Guk Han ◽

Dirmanto Jap ◽

Shivam Bhasin ◽

Jong-Yeon Park

Keyword(s):

Deep Learning ◽

Side Channel ◽

Side Channel Attack

Download Full-text