Search for Articles:
Title / Keyword
Author / Affiliation / Email
Journal
Article Type
 
 
Advanced Search
 
Section
Special Issue
Volume
Issue
Number
Page
 
4.5
2.7
Journals
Applied Sciences
Special Issues
Side Channel Attacks and Countermeasures
share announcement

Side Channel Attacks and Countermeasures

A special issue of Applied Sciences (ISSN 2076-3417). This special issue belongs to the section "Computing and Artificial Intelligence".

Deadline for manuscript submissions: closed (30 April 2020) | Viewed by 39977

Special Issue Editor

Prof. Dr. Dong-Guk Han

E-Mail
Guest Editor
Department of Information Security, Cryptography, and Mathematics Kookmin University, Seoul, Korea
Interests: side-channel analysis; fault analysis; cryptographic engineering

Special Issue Information

Dear Colleagues,

Cryptosystems are widely used in a growing number of embedded applications, such as smart cards, smart phones, Internet of Things (IoT) devices, and so on. Although these cryptosystems have been proven to be safe using mathematical tools, they could be susceptible to physical attacks that exploit additional sources of information, including timing information, power consumption, electromagnetic emissions (EM), sound, and so on. First introduced by Kocher, these types of attacks are referred to as side-channel attacks (SCAs). These attacks pose a very serious threat to embedded systems with cryptographic algorithms. For the past few years, there has been a great deal of effort in finding various SCAs and developing secure countermeasures.

This Special Issue of Applied Sciences is dedicated to outlining the state-of-the-art technologies in the area of side-channel attacks. Topics of interest include (but are not limited to) the following:

  • Power, EM, timing, acoustic, fault, and cache attacks;
  • Countermeasures against side-channel attacks
  • Higher-order side channel attacks;
  • Higher-order masking countermeasures;
  • Signal processing for side-channel attacks;
  • Modeling of side-channel attacks;
  • Profiling attacks;
  • Machine learning-based side-channel attacks;
  • Side-channel attacks against post-quantum cryptography;
  • Single trace attacks against public key cryptosystems;
  • Differential computation analysis against white-box cryptography and its countermeasures;
  • Physical unclonable functions (PUFs).

Prof. Dr. Dong-Guk Han
Guest Editor

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Applied Sciences is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • Cryptography
  • Internet-of-Things (IoT) devices
  • Side-channel attacks
  • Countermeasures
  • Power analysis
  • EM analysis
  • Fault analysis
  • Masking methods.

Published Papers (14 papers)

Download All Papers
Order results
Result details
Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:

Research

16 pages, 499 KiB  
Article
Cold Boot Attacks on LUOV
by Ricardo Villanueva-Polanco
Appl. Sci. 2020, 10(12), 4106; https://doi.org/10.3390/app10124106 - 15 Jun 2020
Cited by 7 | Viewed by 2033
Abstract
This research article assesses the feasibility of cold boot attacks on the lifted unbalanced oil and Vinegar (LUOV) scheme, a variant of the UOV signature scheme. This scheme is a member of the family of asymmetric cryptographic primitives based on multivariable polynomials over [...] Read more.
This research article assesses the feasibility of cold boot attacks on the lifted unbalanced oil and Vinegar (LUOV) scheme, a variant of the UOV signature scheme. This scheme is a member of the family of asymmetric cryptographic primitives based on multivariable polynomials over a finite field K and has been submitted as candidate to the ongoing National Institute of Standards and Technology (NIST) standardisation process of post-quantum signature schemes. To the best of our knowledge, this is the first time that this scheme is evaluated in this setting. To perform our assessment of the scheme in this setting, we review two implementations of this scheme, the reference implementation and the libpqcrypto implementation, to learn the most common in-memory private key formats and next develop a key recovery algorithm exploiting the structure of this scheme. Since the LUOV’s key generation algorithm generates its private components and public components from a 256-bit seed, the key recovery algorithm works for all the parameter sets recommended for this scheme. Additionally, we tested the effectiveness and performance of the key recovery algorithm through simulations and found the key recovery algorithm may retrieve the private seed when α = 0.001 (probability that a 0 bit of the original secret key will flip to a 1 bit) and β (probability that a 1 bit of the original private key will flip to a 0 bit) in the range { 0.001 , 0.01 , 0.02 , , 0.15 } by enumerating approximately 2 40 candidates. Full article
(This article belongs to the Special Issue Side Channel Attacks and Countermeasures)
Show Figures

Figure 1

12 pages, 2645 KiB  
Article
Novel Fault Injection Attack without Artificial Trigger
by HanSeop Lim, JongHyeok Lee and Dong-Guk Han
Appl. Sci. 2020, 10(11), 3849; https://doi.org/10.3390/app10113849 - 1 Jun 2020
Cited by 4 | Viewed by 3670
Abstract
Theoretical process of fault injection attacks is defined as a process of recovering a secret key assuming that an attacker can inject faults into a specific targeted operation. Therefore, an artificial triggering is required to execute such an attack. However, when conducting analysis [...] Read more.
Theoretical process of fault injection attacks is defined as a process of recovering a secret key assuming that an attacker can inject faults into a specific targeted operation. Therefore, an artificial triggering is required to execute such an attack. However, when conducting analysis on real devices, artificial triggering needs to rely on a powerful assumption, such as manipulation of internal codes. In this paper, we propose a novel fault injection system using Input/Output (I/O) signals of target devices as a trigger for relaxing an attacker assumption. This system does not require an implementation of artificial triggering as input signals are used as a trigger in transmission of plaintexts for fault injection attacks. As a result, the attacker can perform fault injection attacks concerning the entire encryption process. To decide the fault injection time based on the trigger, the proposed system applies simple power analysis (SPA), employing electromagnetic emission of target devices. Considering that the fault injection time identified by SPA can be relatively vague compared with that obtained using a system based on an artificial triggering, we address this problem by proposing a process to recover the secret key without knowing the byte index of an injected fault. Full article
(This article belongs to the Special Issue Side Channel Attacks and Countermeasures)
Show Figures

Figure 1

15 pages, 818 KiB  
Article
Key Schedule against Template Attack-Based Simple Power Analysis on a Single Target
by Yoo-Seung Won, Bo-Yeon Sim and Jong-Yeon Park
Appl. Sci. 2020, 10(11), 3804; https://doi.org/10.3390/app10113804 - 30 May 2020
Cited by 3 | Viewed by 2463
Abstract
Since 2002, there have been active discussions on template attacks due to the robust performance of such attacks. There are reports of numerous proposals to improve the accuracy of prediction model in order to identify the point of interest. To date, many researchers [...] Read more.
Since 2002, there have been active discussions on template attacks due to the robust performance of such attacks. There are reports of numerous proposals to improve the accuracy of prediction model in order to identify the point of interest. To date, many researchers have only focused on the performance of template attacks. In this paper, we introduce a new approach to retrieve the secret information in key schedules, without the profiling phase utilizing secret information. The template attack allows us to reveal the correct key even though the encryption/decryption processes have powerful countermeasures. More precisely, if the templates are sufficiently built in loading/saving the public information, in the extraction phase, the templates already created can be applied to the identical operation about secret information, which allows us to retrieve the secret information even if the countermeasures are theoretically robust. This suggestion becomes another backdoor to avoid hardened countermeasures. In order to demonstrate our proposal, we consider the Advanced Encryption Standard key schedule as a target for attack; however, it cannot be the target of non-profiling attacks in general. Finally, the Hamming weight information of the correct key could be recovered in an XMEGA128 chip, without the secret information. Moreover, we concentrate on the potential possibility of our suggestion since the performance cannot outperform the original methods used in such attacks. Full article
(This article belongs to the Special Issue Side Channel Attacks and Countermeasures)
Show Figures

Figure 1

14 pages, 7989 KiB  
Article
On the Security of Practical Mail User Agents against Cache Side-Channel Attacks
by Hodong Kim, Hyundo Yoon, Youngjoo Shin and Junbeom Hur
Appl. Sci. 2020, 10(11), 3770; https://doi.org/10.3390/app10113770 - 29 May 2020
Viewed by 2641
Abstract
Mail user agent (MUA) programs provide an integrated interface for email services. Many MUAs support email encryption functionality to ensure the confidentiality of emails. In practice, they encrypt the content of an email using email encryption standards such as OpenPGP or S/MIME, mostly [...] Read more.
Mail user agent (MUA) programs provide an integrated interface for email services. Many MUAs support email encryption functionality to ensure the confidentiality of emails. In practice, they encrypt the content of an email using email encryption standards such as OpenPGP or S/MIME, mostly implemented using GnuPG. Despite their widespread deployment, there has been insufficient research on their software structure and the security dependencies among the software components of MUA programs. In order to understand the security implications of the structures and analyze any possible vulnerabilities of MUA programs, we investigated a number of MUAs that support email encryption. As a result, we found severe vulnerabilities in a number of MUAs that allow cache side-channel attacks in virtualized desktop environments. Our analysis reveals that the root cause originates from the lack of verification and control over the third-party cryptographic libraries that they adopt. In order to demonstrate this, we implemented a cache side-channel attack on RSA in GnuPG and then conducted an evaluation of the vulnerability of 13 MUAs that support email encryption in Ubuntu 14.04, 16.04 and 18.04. Based on our experiment, we found that 10 of these MUA programs (representing approximately 77% of existing MUA programs) allow the installation of a vulnerable version of GnuPG, even when the latest version of GnuPG, which is secure against most cache side-channel attacks, is in use. In order to substantiate the importance of the vulnerability we discovered, we conducted a FLUSH+RELOAD attack on these MUA programs and demonstrated that the attack restored 92% of the bits of the 2048-bit RSA private key when the recipients read a single encrypted email. Full article
(This article belongs to the Special Issue Side Channel Attacks and Countermeasures)
Show Figures

Figure 1

18 pages, 1727 KiB  
Article
Highly Efficient Implementation of Block Ciphers on Graphic Processing Units for Massively Large Data
by SangWoo An and Seog Chung Seo
Appl. Sci. 2020, 10(11), 3711; https://doi.org/10.3390/app10113711 - 27 May 2020
Cited by 16 | Viewed by 2985
Abstract
With the advent of IoT and Cloud computing service technology, the size of user data to be managed and file data to be transmitted has been significantly increased. To protect users’ personal information, it is necessary to encrypt it in secure and efficient [...] Read more.
With the advent of IoT and Cloud computing service technology, the size of user data to be managed and file data to be transmitted has been significantly increased. To protect users’ personal information, it is necessary to encrypt it in secure and efficient way. Since servers handling a number of clients or IoT devices have to encrypt a large amount of data without compromising service capabilities in real-time, Graphic Processing Units (GPUs) have been considered as a proper candidate for a crypto accelerator for processing a huge amount of data in this situation. In this paper, we present highly efficient implementations of block ciphers on NVIDIA GPUs (especially, Maxwell, Pascal, and Turing architectures) for environments using massively large data in IoT and Cloud computing applications. As block cipher algorithms, we choose AES, a representative standard block cipher algorithm; LEA, which was recently added in ISO/IEC 29192-2:2019 standard; and CHAM, a recently developed lightweight block cipher algorithm. To maximize the parallelism in the encryption process, we utilize Counter (CTR) mode of operation and customize it by using GPU’s characteristics. We applied several optimization techniques with respect to the characteristics of GPU architecture such as kernel parallelism, memory optimization, and CUDA stream. Furthermore, we optimized each target cipher by considering the algorithmic characteristics of each cipher by implementing the core part of each cipher with handcrafted inline PTX (Parallel Thread eXecution) codes, which are virtual assembly codes in CUDA platforms. With the application of our optimization techniques, in our implementation on RTX 2070 GPU, AES and LEA show up to 310 Gbps and 2.47 Tbps of throughput, respectively, which are 10.7% and 67% improved compared with the 279.86 Gbps and 1.47 Tbps of the previous best result. In the case of CHAM, this is the first optimized implementation on GPUs and it achieves 3.03 Tbps of throughput on RTX 2070 GPU. Full article
(This article belongs to the Special Issue Side Channel Attacks and Countermeasures)
Show Figures

Figure 1

17 pages, 1322 KiB  
Article
SIV: Raise the Correlation of Second-Order Correlation Power Analysis to 1.00
by Ju-Hwan Kim, Bo-Yeon Sim and Dong-Guk Han
Appl. Sci. 2020, 10(10), 3394; https://doi.org/10.3390/app10103394 - 14 May 2020
Viewed by 2107
Abstract
The major factors that determine the performance of the second-order correlation power analysis (SOCPA) include the accuracy of the power model and the correlation between the hypothetical intermediate value and preprocessed power consumption. Because of the tradeoff between the accuracy and correlation, the [...] Read more.
The major factors that determine the performance of the second-order correlation power analysis (SOCPA) include the accuracy of the power model and the correlation between the hypothetical intermediate value and preprocessed power consumption. Because of the tradeoff between the accuracy and correlation, the correlation coefficient of the general SOCPA using 8-bit SubBytes output is only up to 0.35. Therefore, based on the operational characteristic of the cryptographic algorithm, we propose to find a special intermediate value, called sparse intermediate value (SIV). The SIV significantly improves the performance of the SOCPA because it accurately models the power consumption while the correlation coefficient is 1.00. Further, the experimental results on OpenSSL advanced encryption standard (AES) show that the SIV-based SOCPA can disclose the entire secret key with only about a quarter of the power trace required by the general SOCPA. Full article
(This article belongs to the Special Issue Side Channel Attacks and Countermeasures)
Show Figures

Figure 1

14 pages, 1056 KiB  
Article
PAGE—Practical AES-GCM Encryption for Low-End Microcontrollers
by Kyungho Kim, Seungju Choi, Hyeokdong Kwon, Hyunjun Kim, Zhe Liu and Hwajeong Seo
Appl. Sci. 2020, 10(9), 3131; https://doi.org/10.3390/app10093131 - 30 Apr 2020
Cited by 6 | Viewed by 3679
Abstract
An optimized AES (Advanced Encryption Standard) implementation of Galois Counter Mode of operation (GCM) on low-end microcontrollers is presented in this paper. Two optimization methods are applied to proposed implementations. First, the AES counter (CTR) mode of operation is speed-optimized and ensures constant [...] Read more.
An optimized AES (Advanced Encryption Standard) implementation of Galois Counter Mode of operation (GCM) on low-end microcontrollers is presented in this paper. Two optimization methods are applied to proposed implementations. First, the AES counter (CTR) mode of operation is speed-optimized and ensures constant timing. The main idea is replacing expensive AES operations, including AddRound Key, SubBytes, ShiftRows, and MixColumns, into simple look-up table access. Unlike previous works, the look-up table does not require look-up table updates during the entire encryption life-cycle. Second, the core operation of Galois Counter Mode (GCM) is optimized further by using Karatsuba algorithm, compact register utilization, and pre-computed operands. With above optimization techniques, proposed AES-GCM on 8-bit AVR (Alf and Vegard’s RISC processor) architecture from short-term, middle-term to long-term security levels achieved 415, 466, and 477 clock cycles per byte, respectively. Full article
(This article belongs to the Special Issue Side Channel Attacks and Countermeasures)
Show Figures

Figure 1

16 pages, 779 KiB  
Article
Highly Efficient SCA-Resistant Binary Field Multiplication on 8-Bit AVR Microcontrollers
by Seog Chung Seo and Donggeun Kwon
Appl. Sci. 2020, 10(8), 2821; https://doi.org/10.3390/app10082821 - 19 Apr 2020
Cited by 1 | Viewed by 2167
Abstract
Binary field ( B F ) multiplication is a basic and important operation for widely used crypto algorithms such as the GHASH function of GCM (Galois/Counter Mode) mode and NIST-compliant binary Elliptic Curve Cryptosystems (ECCs). Recently, Seo et al. proposed a novel SCA-resistant [...] Read more.
Binary field ( B F ) multiplication is a basic and important operation for widely used crypto algorithms such as the GHASH function of GCM (Galois/Counter Mode) mode and NIST-compliant binary Elliptic Curve Cryptosystems (ECCs). Recently, Seo et al. proposed a novel SCA-resistant binary field multiplication method in the context of GHASH optimization in AES GCM mode on 8-bit AVR microcontrollers (MCUs). They proposed a concept of Dummy XOR operation with a kind of garbage registers and a concept of instruction level atomicity ( I L A ) for resistance against Timing Analysis (TA) and Simple Power Analysis (SPA) and used a Karatsuba Block-Comb multiplication approach for efficiency. Even though their method achieved a large performance improvement compared with previous works, it still has room for improvement on the 8-bit AVR platform. In this paper, we propose a more improved binary field multiplication method on 8-bit AVR MCUs. Our method basically adopts a Dummy XOR technique using a set of garbage registers for TA and SPA security; however, we save the number of used garbage registers from eight to one by using the fact that the number of used garbage registers does not affect TA and SPA security. In addition, we apply a multiplier encoding approach so as to decrease the number of required registers when accessing the multiplier, which enables the use of extended block size in the Karatsuba Block-Comb multiplication technique. Actually, the proposed technique extends the block size from four to eight and the proposed binary field multiplication method can compute a 128-bit B F multiplication with only 3816 clock cycles ( c c ) (resp. 3490 c c ) with (resp. without) the multiplier encoding process, which is almost a 32.8% (resp. 38.5%) improvement compared with 5675 c c of the best previous work. We apply the proposed technique to the GHASH function of the GCM mode with several additional optimization techniques. The proposed GHASH implementation provides improved performance by over 42% compared with the previous best result. The concept of the proposed B F method can be extended to other MCUs, including 16-bit MSP430 MCUs and 32-bit ARM MCUs. Full article
(This article belongs to the Special Issue Side Channel Attacks and Countermeasures)
Show Figures

Figure 1

19 pages, 1193 KiB  
Article
Power-Balancing Software Implementation to Mitigate Side-Channel Attacks without Using Look-Up Tables
by HanBit Kim, HeeSeok Kim and Seokhie Hong
Appl. Sci. 2020, 10(7), 2454; https://doi.org/10.3390/app10072454 - 3 Apr 2020
Viewed by 1931
Abstract
With the increasing number of side-channel attacks, countermeasure designers continue to develop various implementations to address such threats. Power-balancing (PB) methods hold the number of 1s and/or transitions (i.e., Hamming weight/distance) of internal processes constant to ensure side-channel safety in an environment in [...] Read more.
With the increasing number of side-channel attacks, countermeasure designers continue to develop various implementations to address such threats. Power-balancing (PB) methods hold the number of 1s and/or transitions (i.e., Hamming weight/distance) of internal processes constant to ensure side-channel safety in an environment in which it is difficult to use random numbers. Most existing studies employed look-up tables (LUTs) to compute those operations, except for XOR and NOT operations. However, LUT-based schemes exhibit some side-channel issues in the address bits of LUTs. In this paper, we propose the application of AND and ADD operations to PB methods based on a rule that encodes 8-bit data into a 32-bit codeword without using LUTs. Unlike previous studies that employed LUTs, our proposals overcome side-channel vulnerabilities associated with the address bits and memory wastage. In addition, we evaluate the side-channel security ensured by the proposed method in comparison with that ensured by other methods. Finally, we apply our methods to SIMON/SPECK ciphers and analyze their performance by comparing them with older schemes. Full article
(This article belongs to the Special Issue Side Channel Attacks and Countermeasures)
Show Figures

Figure 1

16 pages, 635 KiB  
Article
An Automated End-to-End Side Channel Analysis Based on Probabilistic Model
by Jeonghwan Hwang and Ji Won Yoon
Appl. Sci. 2020, 10(7), 2369; https://doi.org/10.3390/app10072369 - 30 Mar 2020
Cited by 1 | Viewed by 1891
Abstract
In this paper, we propose a new automated way to find out the secret exponent from a single power trace. We segment the power trace into subsignals that are directly related to recovery of the secret exponent. The proposed approach does not need [...] Read more.
In this paper, we propose a new automated way to find out the secret exponent from a single power trace. We segment the power trace into subsignals that are directly related to recovery of the secret exponent. The proposed approach does not need the reference window to slide, templates nor correlation coefficients compared to previous manners. Our method detects change points in the power trace to explore the locations of the operations and is robust to unexpected noise addition. We first model the change point detection problem to catch the subsignals irrelevant to the secret and solve this problem with Markov Chain Monte Carlo (MCMC) which gives a global optimal solution. After separating the relevant and irrelevant parts in signal, we extract features from the segments and group segments into clusters to find the key exponent. Using single power trace indicates the weakest power level of attacker where there is a very slight chance of acquiring as many power traces as needed for breaking the key. We empirically show the improvement in accuracy even with presence of high level of noise. Full article
(This article belongs to the Special Issue Side Channel Attacks and Countermeasures)
Show Figures

Figure 1

17 pages, 1035 KiB  
Article
Single Trace Analysis against HyMES by Exploitation of Joint Distributions of Leakages
by ByeongGyu Park, Suhri Kim, Seokhie Hong, HeeSeok Kim and Seog Chung Seo
Appl. Sci. 2020, 10(5), 1831; https://doi.org/10.3390/app10051831 - 6 Mar 2020
Viewed by 1881
Abstract
Beginning with the proposal of the McEliece cryptosystem in 1978, code-based cryptography has positioned itself as one of main categories in post-quantum cryptography (PQC). To date, the algebraic security of certain variants of McEliece cryptosystems has been challenged many times, although some of [...] Read more.
Beginning with the proposal of the McEliece cryptosystem in 1978, code-based cryptography has positioned itself as one of main categories in post-quantum cryptography (PQC). To date, the algebraic security of certain variants of McEliece cryptosystems has been challenged many times, although some of the variants have remained secure. However, recent studies on code-based cryptography have focused on the side-channel resistance since previous studies have indicated that the existing algorithms were vulnerable to side-channel analysis. In this paper, we propose the first side-channel attack on the Hybrid McEliece Scheme (HyMES) using only a single power consumption trace. HyMES is a variant of the McEliece system that provides smaller keys, along with faster encryption and decryption speed. By exploiting joint distributions of nonlinear functions in the decryption process, we were able to recover the private key of HyMES. To the best of our knowledge, this is the first work proposing a side-channel analysis based on a joint distribution of the leakages on the public-key system. Full article
(This article belongs to the Special Issue Side Channel Attacks and Countermeasures)
Show Figures

Figure 1

16 pages, 360 KiB  
Article
Memory Efficient Implementation of Modular Multiplication for 32-bit ARM Cortex-M4
by Hwajeong Seo
Appl. Sci. 2020, 10(4), 1539; https://doi.org/10.3390/app10041539 - 24 Feb 2020
Cited by 7 | Viewed by 3862
Abstract
In this paper, we present scalable multi-precision multiplication implementation and scalable multi-precision squaring implementation for 32-bit ARM Cortex-M4 microcontrollers. For efficient computation and scalable functionality, we present optimized Multiplication and ACcumulation (MAC) techniques for the target microcontrollers. In particular, we present the 64-bit [...] Read more.
In this paper, we present scalable multi-precision multiplication implementation and scalable multi-precision squaring implementation for 32-bit ARM Cortex-M4 microcontrollers. For efficient computation and scalable functionality, we present optimized Multiplication and ACcumulation (MAC) techniques for the target microcontrollers. In particular, we present the 64-bit wise MAC operation with the Unsigned Long Multiply with Accumulate Accumulate (UMAAL) instruction. The MAC is used to perform column-wise multiplication/squaring (i.e., product-scanning) with general-purpose registers in an optimal way. Second, the squaring algorithm is further optimized through an efficient doubling routine together with an optimized product-scanning method. Finally, the proposed implementations achieved a very small memory footprint and high scalability to cover algorityms ranging from well-known public key cryptography (i.e., Rivest–Shamir–Adleman (RSA) and Elliptic Curve Cryptography (ECC)) to post-quantum cryptography (i.e., Supersingular Isogeny Key Encapsulation (SIKE)). All SIKE round 2 protocols were evaluated with the proposed modular reduction implementations. The results demonstrate that the scalable implementation can achieve the smallest code size together with a reasonable performance. Full article
(This article belongs to the Special Issue Side Channel Attacks and Countermeasures)
Show Figures

Figure 1

14 pages, 1897 KiB  
Article
Real-Time Detection for Cache Side Channel Attack using Performance Counter Monitor
by Jonghyeon Cho, Taehun Kim, Soojin Kim, Miok Im, Taehyun Kim and Youngjoo Shin
Appl. Sci. 2020, 10(3), 984; https://doi.org/10.3390/app10030984 - 3 Feb 2020
Cited by 25 | Viewed by 5212
Abstract
Cache side channel attacks extract secret information by monitoring the cache behavior of a victim. Normally, this attack targets an L3 cache, which is shared between a spy and a victim. Hence, a spy can obtain secret information without alerting the victim. To [...] Read more.
Cache side channel attacks extract secret information by monitoring the cache behavior of a victim. Normally, this attack targets an L3 cache, which is shared between a spy and a victim. Hence, a spy can obtain secret information without alerting the victim. To resist this attack, many detection techniques have been proposed. However, these approaches have limitations as they do not operate in real time. This article proposes a real-time detection method against cache side channel attacks. The proposed technique performs the detection of cache side channel attacks immediately after observing a variation of the CPU counters. For this, Intel PCM (Performance Counter Monitor) and machine learning algorithms are used to measure the value of the CPU counters. Throughout the experiment, several PCM counters recorded changes during the attack. From these observations, a detecting program was implemented by using these counters. The experimental results show that the proposed detection technique displays good performance for real-time detection in various environments. Full article
(This article belongs to the Special Issue Side Channel Attacks and Countermeasures)
Show Figures

Figure 1

12 pages, 414 KiB  
Article
On Non-Completeness and G-Equivariance
by Yoo-Jin Baek
Appl. Sci. 2019, 9(21), 4692; https://doi.org/10.3390/app9214692 - 4 Nov 2019
Viewed by 1518
Abstract
With the growing threat of the side-channel attack (SCA) to the cryptographic algorithm’s implementations, the masking method has become one of the most promising SCA countermeasures for securely implementing, for example, block ciphers. The basic principle of the masking method is that if [...] Read more.
With the growing threat of the side-channel attack (SCA) to the cryptographic algorithm’s implementations, the masking method has become one of the most promising SCA countermeasures for securely implementing, for example, block ciphers. The basic principle of the masking method is that if the sensitive variable (which, by definition, depends on sensitive information) is split into some random variables and they are manipulated in a secure manner, then the relationship between the random variables and the corresponding side-channel information may look independent from the outside world. However, after the introduction of the glitch attack, there has been a lot of concern about the security of the masking method itself. And, to mitigate the threat of the glitch attack, the threshold implementation (TI) and G-equivariant gates were independently introduced as countermeasures. In this paper, we consider the main notions of two such independent glitch attack’s countermeasures, say, non-completeness and G-equivariance, and investigate their relationship. The contribution of this paper is three-fold. First, we show that the widely-circulated proof that the non-complete TI with uniform inputs guarantees the security against the 1st order DPA even in the presence of glitches is not satisfactory. Next, using the extended notion of G-equivariance to the higher-order setting, we prove that non-completeness implies G-equivariance, which, in turn, means that the non-complete TI with uniform inputs has resistance against the glitch attack. Thirdly, we prove that the set of non-complete gates is a proper subset of the set of G-equivariant gates by showing there is a gate that is G-equivariant but not non-complete. Full article
(This article belongs to the Special Issue Side Channel Attacks and Countermeasures)
Show Figures

Figure 1

Show export options expand_more Show export options expand_less
Select all
Export citation of selected articles as:
 
Displaying articles 1-14
Back to TopTop