Search Results (266)

Covert channels enable hidden communication that poses significant security risks, particularly when smartphones are used as transmitters. This paper presents the first end-to-end implementation and evaluation of an electromagnetic (EM) covert channel on modern Samsung Galaxy S21, S22, and S23 smartphones (Samsung Electronics Co., Ltd., Suwon, Republic of Korea). We first demonstrate that a previously proposed method relying on zero-volume playback is no longer effective on these devices. Through a detailed analysis of EM emissions in the 0.1–2.5 MHz range, we discovered that consistent, volume-independent signals can be generated by exploiting the hardware’s recovery delay after silent audio playback. Based on these findings, we developed a complete system comprising a stealthy Android application for transmission, a time-based modulation scheme, and a demodulation technique designed around the characteristics of the generated signals to ensure reliable reception. The channel’s reliability and robustness were validated through evaluations of modulation time, probe distance, and message length. Experimental results show that the maximum error-free bit rate (bits per second, bps) reached 0.558 bps on Galaxy S21 and 0.772 bps on Galaxy S22 and Galaxy S23. Reliable communication was feasible up to 0.5 cm with a near-field probe, and a low alignment-aware bit error rate (BER) was maintained even for 100-byte messages. This work establishes a practical threat, and we conclude by proposing countermeasures to mitigate this vulnerability. Full article

Side-channel analysis (SCA) poses a persistent threat to cryptographic hardware by exploiting unintended physical leakages. To address the limitations of traditional single-modality SCA methods, we propose a novel multi-modal side-channel analysis framework that targets the recovery of encryption keys by leveraging the imperfections inherent in hardware implementations. The core objective is to extract and classify information-rich segments from power and electromagnetic (EM) signals in order to recover secret keys without profiling or labeling. Our approach introduces a unified pipeline combining joint peak-based segmentation, isometric compression of variable-length trace segments, and multi-modal feature fusion. A key component of the framework is unsupervised clustering, which serves to automatically classify trace segments corresponding to different cryptographic operations (e.g., different key-dependent leakage classes), thereby enabling key byte hypothesis testing and full key reconstruction. Experimental results on an FPGA-based AES-128 implementation demonstrate that our method achieves up to 99.2% clustering accuracy and successfully recovers the entire encryption key using as few as 1–3 traces. Moreover, the proposed approach significantly reduces sample complexity and maintains resilience in low signal-to-noise conditions. These results highlight the practicality of our technique for side-channel vulnerability assessment and its potential to inform the design of more robust cryptographic hardware. Full article

The influence of redundant implementations on success of physical attacks against cryptographic devices is currently under-researched. This is especially an issue in application fields such as wearable health, industrial control systems and the like in which devices are accessible to potential attackers. This paper presents results of an investigation of the TMR application impact on the vulnerability of FPGA-based asymmetric cryptographic accelerators to side-channel analysis attacks. We implemented our cryptographic cores using full- and partial-TMR application approaches and experimentally conducted evaluation of their side-channel resistance. Our results reveal that TMR can significantly impact side-channel leakage, either increasing resistance by introducing noise or amplifying leakage depending on the part of the design where redundancy was applied. Full article

With the growing demand for secure image communication, effective encryption solutions are critical for safeguarding visual data from unauthorized access. The substitution box (S-box) in AES (Advanced Encryption Standard) is critical for ensuring nonlinearity and security. However, the static S-box used in AES is vulnerable to algebraic attacks, side-channel attacks, and so on. This study offers a novel Lorenz key and Chua key-based Reversible Substitution Box (LCK-SB) for image encryption, which takes advantage of the chaotic behavior of the Lorenz and Chua key systems to improve security due to nonlinear jumps and mixed chaotic behavior while maintaining optimal quantum cost, area, and power. The suggested method uses a hybrid Lorenz and Chua key generator to create a highly nonlinear and reversible S-box, which ensures strong confusion and diffusion features. The performance of the LCK-SB approach is examined on field-programmable gate array (FPGA) and application-specific integrated circuit (ASIC) platforms, and the findings show that quantum cost, delay, and power are decreased by 97%, 74.6%, and 35%, respectively. Furthermore, the formal security analysis shows that the suggested technique efficiently resists threats. The theoretical analysis and experimental assessment show that the suggested system is more secure for picture encryption, making it suitable for real-time and high-security applications. Full article

With the continuous advancement of side-channel attacks (SCA), deep learning-based methods have emerged as a prominent research focus due to their powerful feature extraction and nonlinear modeling capabilities. Traditional convolutional neural networks (CNNs) excel at capturing local temporal dependencies but struggle to model long-range sequential information effectively, limiting attack efficiency and generalization. In this paper, we propose a hybrid deep neural network architecture that integrates Residual Mamba blocks with multi-layer perceptrons (MLP) to enhance the modeling of side-channel information from AES implementations. The Residual Mamba module leverages state-space modeling to capture long-range dependencies, improving the model’s global temporal perception, while the MLP module further fuses high-dimensional features. Experiments conducted on the publicly available ASCAD dataset targeting the second byte of AES demonstrate that our model achieves guessing entropy (GE) rank 1 with fewer than 100 attack traces, significantly outperforming traditional CNNs and recent Transformer-based models. The proposed approach exhibits fast convergence and high attack efficiency, offering an effective new paradigm for deep learning in side-channel analysis with important theoretical and practical implications. Full article

The increasing complexity and cost of manufacturing monolithic chips have driven the semiconductor industry toward chiplet-based designs, where smaller, modular chiplets are integrated onto a single interposer. While chiplet architectures offer significant advantages, such as improved yields, design flexibility, and cost efficiency, they introduce new security challenges in the horizontal hardware manufacturing supply chain. These challenges include risks of hardware Trojans, cross-die side-channel and fault injection attacks, probing of chiplet interfaces, and intellectual property theft. To address these concerns, this paper presents ChipletQuake, a novel on-chiplet framework for verifying the physical security and integrity of adjacent chiplets during the post-silicon stage. By sensing the impedance of the power delivery network (PDN) of the system, ChipletQuake detects tamper events in the interposer and neighboring chiplets without requiring any direct signal interface or additional hardware components. Fully compatible with the digital resources of FPGA-based chiplets, this framework demonstrates the ability to identify the insertion of passive and subtle malicious circuits, providing an effective solution to enhance the security of chiplet-based systems. To validate our claims, we showcase how our framework detects hardware Trojans and interposer tampering. Full article

Modern x86 processors incorporate performance-enhancing features such as prefetching mechanisms, cache coherence protocols, and support for large memory pages (e.g., 2 MB huge pages). While these architectural innovations aim to reduce memory access latency, boost throughput, and maintain cache consistency across cores, they can also expose subtle microarchitectural side channels that adversaries may exploit. This study investigates how the combination of prefetching techniques and huge pages can significantly enhance the throughput and accuracy of covert channels in controlled computing environments. Building on prior work that examined the impact of the MESI cache coherence protocol using single-cache-line access without huge pages, our approach expands the attack surface by simultaneously accessing multiple cache lines across all 512 L1 lines under a 2 MB huge page configuration. As a result, our 9-bit covert channel achieves a peak throughput of 4940 KB/s—substantially exceeding previously reported benchmarks. We further validate our channel on AMD SEV-SNP virtual machines, achieving up to an 88% decoding accuracy using write-access encoding with 2 MB huge pages, demonstrating feasibility even under TEE-enforced virtualization environments. These findings highlight the need for careful consideration and evaluation of the security implications of common performance optimizations with respect to their side-channel potential. Full article

Quantum memory is essential for the prolonged storage and retrieval of quantum information. Nevertheless, no current studies have focused on the creation of effective quantum memory for continuous variables while accounting for the decoherence rate. This work presents an effective continuous-variable quantum key distribution method with parameter optimization utilizing the Elitist Elk Herd Random Immigrants Optimizer (2E-HRIO) technique. At the outset of transmission, the quantum device undergoes initialization and authentication via Compressed Hash-based Message Authentication Code with Encoded Post-Quantum Hash (CHMAC-EPQH). The settings are subsequently optimized from the authenticated device via 2E-HRIO, which mitigates the effects of decoherence by adaptively tuning system parameters. Subsequently, quantum bits are produced from the verified device, and pilot insertion is executed within the quantum bits. The pilot-inserted signal is thereafter subjected to pulse shaping using a Gaussian filter. The pulse-shaped signal undergoes modulation. Authenticated post-modulation, the prediction of link failure is conducted through an authenticated channel using Radial Density-Based Spatial Clustering of Applications with Noise. Subsequently, transmission occurs via a non-failure connection. The receiver performs channel equalization on the received signal with Recursive Regularized Least Mean Squares. Subsequently, a dataset for side-channel attack authentication is gathered and preprocessed, followed by feature extraction and classification using Adaptive Depthwise Separable Convolutional Neural Networks (ADS-CNNs), which enhances security against side-channel attacks. The quantum state is evaluated based on the signal received, and raw data are collected. Thereafter, a connection is established between the transmitter and receiver. Both the transmitter and receiver perform the scanning process. Thereafter, the calculation and correction of the error rate are performed based on the sifting results. Ultimately, privacy amplification and key authentication are performed using the repaired key via B-CHMAC-EPQH. The proposed system demonstrated improved resistance to decoherence and side-channel attacks, while achieving a reconciliation efficiency above 90% and increased key generation rate. Full article

Stealthy chip-level tamper attacks, such as hardware Trojan insertions or security-critical circuit modifications, can threaten modern microelectronic systems’ security. While traditional inspection and side-channel methods offer potential for tamper detection, they may not reliably detect all forms of attacks and often face practical limitations in terms of scalability, accuracy, or applicability. This work introduces a non-invasive, contactless tamper detection method employing a complementary split-ring resonator (CSRR). CSRRs, which are typically deployed for non-destructive material characterization, can be placed on the surface of the chip’s package to detect subtle variations in the impedance of the chip’s power delivery network (PDN) caused by tampering. The changes in the PDN’s impedance profile perturb the local electric near field and consequently affect the sensor’s impedance. These changes manifest as measurable variations in the sensor’s scattering parameters. By monitoring these variations, our approach enables robust and cost-effective physical integrity verification requiring neither physical contact with the chips or printed circuit board (PCB) nor activation of the underlying malicious circuits. To validate our claims, we demonstrate the detection of various chip-level tamper events on an FPGA manufactured with 28 nm technology. Full article

Deterministic random bit generators (DRBG) play a crucial role in device security because they generate secret information cryptographic systems, e.g., secret keys and parameters. Thus, attacks on DRBGs can result in the exposure of important secret values, which can threaten the entire cryptographic system of the target Internet of Things (IoT) equipment and smart devices. In 2020, Meyer proposed a side-channel attack (SCA) method that recovers the output random bits by analyzing the power consumption traces of the NIST standard AES CTR DRBG. In addition, most algorithmic countermeasures against SCAs also utilize random numbers; thus, such vulnerabilities are more critical than other SCAs on cryptographic modules. Meyer’s attack recovers the secret random number in four stages of the attack using only the power traces, which the CTR DRBG processes in 256 blocks. We present an approach that employs a clustering algorithm to enhance Meyer’s attack. The proposed attack increases the attack success rate and recovers more information using a clustering attack in the first step. In addition, it improves the attack accuracy in the third and fourth steps using the information obtained from the clustering process. These results lead to the possibility of attacks at higher noise levels and increase the diversity of target devices for attacking the CTR DRBG. Experiments were conducted on an Atmel XMEGA128D4 processor to evaluate the effectiveness of the proposed attack method. We also introduced artificial noise into the power traces to compare the proposed attack’s performance at different noise levels. Our results demonstrate that the first step of the proposed attack achieves a higher success rate than Meyer’s attack at all noise levels. For example, at high noise levels, the difference in the success rates is up to 50%. In steps 3 and 4, an average performance improvement of 18.5% greater than Meyer’s proposed method is obtained. The proposed attack effectively extends the target to more noisy environments than previous attacks, thereby increasing the threat of SCA on CTR DRBGs. Full article

(1) Background: Side-channel attacks (SCAs) exploit unintended information leakage to compromise cryptographic security. In cyber-physical systems (CPSs), embedded systems are inherently constrained by limited resources, restricting the implementation of complex countermeasures. Traditional countermeasures, such as hiding techniques, attempt to obscure power consumption patterns; however, their effectiveness has been increasingly challenged. This study evaluates the vulnerability of dummy power traces against deep learning-based SCAs (DL-SCAs). (2) Methods: A power trace dataset was generated using a simulation environment based on Quick Emulator (QEMU) and GNU Debugger (GDB), integrating dummy traces to obfuscate execution signatures. DL models, including a Recurrent Neural Network (RNN), a Bidirectional RNN (Bi-RNN), and a Multi-Layer Perceptron (MLP), were used to evaluate classification performance. (3) Results: The models trained with dummy traces achieved high classification accuracy, with the MLP model reaching 97.81% accuracy and an F1-score of 97.77%. Despite the added complexity, DL models effectively distinguished real and dummy traces, highlighting limitations in existing hiding techniques. (4) Conclusions: These findings highlight the need for adaptive countermeasures against DL-SCAs. Future research should explore dynamic obfuscation techniques, adversarial training, and comprehensive evaluations of broader cryptographic algorithms. This study underscores the urgency of evolving security paradigms to defend against artificial intelligence-powered attacks. Full article

This research introduces Fortified-Edge 2.0, a novel authentication framework that addresses critical security and privacy challenges in Physically Unclonable Function (PUF)-based systems for collaborative edge computing (CEC). Unlike conventional methods that transmit full binary Challenge–Response Pairs (CRPs) and risk exposing sensitive data, Fortified-Edge 2.0 employs a machine-learning-driven feature-abstraction technique to extract and utilize only essential characteristics of CRPs, obfuscating the raw binary sequences. These feature vectors are then processed using lightweight cryptographic primitives, including ECDSA, to enable secure authentication without exposing the original CRP. This eliminates the need to transmit sensitive binary data, reducing the attack surface and bandwidth usage. The proposed method demonstrates strong resilience against modeling attacks, replay attacks, and side-channel threats while maintaining the inherent efficiency and low power requirements of PUFs. By integrating PUF unpredictability with ML adaptability, this research delivers a scalable, secure, and resource-efficient solution for next-generation authentication in edge environments. Full article

The rapid devolopment of Internet of Vehicles (IoV) and Autonomous Connected Vehicles (ACVs) has increased the complexity of in-vehicle networks, exposing security vulnerabilities in traditional Controller Area Network (CAN) systems. CAN security faces dual challenges: stringent computational constraints imposed by automotive functional safety requirements and the impracticality of protocol modifications in multi-device networks. To address this, we propose a lightweight intrusion detection algorithm leveraging information entropy to analyze side-channel CAN message ID distributions. Evaluated in terms of detection accuracy, false positive rate, and sensitivity to bus load variations, the algorithm was implemented on an NXP MPC-5748G embedded platform through the AutoSar Framework. Experimental results demonstrate robust performance under low computational resources, achieving high detection accuracy with high recall (>80%) even at 10% bus load fluctuation thresholds. This work provides a resource-efficient security framework compatible with existing CAN infrastructures, effectively balancing attack detection efficacy with the operational constraints of automotive embedded systems. Full article

Among the multiple important properties that characterize strong S-boxes for symmetric cryptography and are used in their designs, this study focuses on two: the non-linearity property, a classical security metric, and the confusion coefficient variance property, a statistical proxy for side channel resistance under the Hamming weight leakage model. Given an S-box, two sets can be created: the set of affine-shifted S-boxes, where S-boxes have the same non-linearity value, and the set of Hamming weight classes, where S-boxes have the same confusion coefficient variance value. The inherent values of these two properties ensure resistance to cryptographic attacks; however, if the value of one property increases, it will imply a decrease in the value of the other property. In view of the aforementioned fact, attaining a trade-off becomes a complex undertaking. The impetus for this research stems from the following hypothesis: if an initial S-box already exhibits a trade-off, it would be advantageous to employ a method that generates new S-boxes while preserving the balance. A thorough review of the extant literature reveals the absence of any methodology that encompasses the aforementioned elements. The present paper proposes a novel methodology for generating an affine-shifted subset of S-boxes, ensuring that the resulting subset possesses the same confusion coefficient variance value. We provide insights on the optimal search strategy to optimize non-linearity and confusion coefficient variance. The proposed methodology guarantees the preservation of constant values on the designated. It is possible to incorporate these properties into a comprehensive design scheme, in which case the remaining S-box properties are to be examined. We also demonstrate that, despite the fact that this subset contains S-boxes with the theoretical resistance to side channel attacks under the Hamming weight model, the S-boxes are in different Hamming weight classes. Full article

The broadening adoption of interconnected systems within smart city environments is fundamental for the progression of digitally driven economies, enabling the refinement of city administration, the enhancement of public service delivery, and the fostering of ecologically sustainable progress, thereby aligning with global sustainability benchmarks. However, the pervasive distribution of Internet of things (IoT) apparatuses introduces substantial security risks, attributable to the confidential nature of processed data and the heightened susceptibility to cybernetic intrusions targeting essential infrastructure. Commonly, these devices exhibit deficiencies stemming from restricted computational capabilities and the absence of uniform security standards. The resolution of these security challenges is paramount for the full realization of the advantages afforded by IoT without compromising system integrity. Cryptographic protocols represent the most viable solutions for the mitigation of these security vulnerabilities. However, the limitations inherent in IoT edge nodes complicate the deployment of robust cryptographic algorithms, which are fundamentally reliant on finite-field multiplication operations. Consequently, the streamlined execution of this operation is pivotal, as it will facilitate the effective deployment of encryption algorithms on these resource-limited devices. Therefore, the presented research concentrates on the formulation of a spatially and energetically efficient hardware implementation for the finite-field multiplication operation. The proposed arithmetic unit demonstrates significant improvements in hardware efficiency and energy consumption compared to state-of-the-art designs, while its systolic architecture provides inherent timing-attack resistance through deterministic operation. The regular structure not only enables these performance advantages but also facilitates future integration of error-detection and masking techniques for comprehensive side-channel protection. This combination of efficiency and security makes the multiplier particularly suitable for integration within encryption processors in resource-constrained IoT edge nodes, where it can enable secure data communication in smart city applications without compromising operational effectiveness or urban development goals. Full article