On Borrowed Time -- Preventing Static Side-Channel Analysis
- URL: http://arxiv.org/abs/2307.09001v2
- Date: Fri, 06 Dec 2024 14:56:52 GMT
- Title: On Borrowed Time -- Preventing Static Side-Channel Analysis
- Authors: Robert Dumitru, Thorben Moos, Andrew Wabnitz, Yuval Yarom,
- Abstract summary: adversaries exploit leakage or response behaviour of integrated circuits in a static state.
Members of this class include Static Power Side-Channel Analysis (SCA), Laser Logic State Imaging (LLSI) and Impedance Analysis (IA)
- Score: 13.896152066919036
- License:
- Abstract: In recent years a new class of side-channel attacks has emerged. Instead of targeting device emissions during dynamic computation, adversaries now frequently exploit the leakage or response behaviour of integrated circuits in a static state. Members of this class include Static Power Side-Channel Analysis (SCA), Laser Logic State Imaging (LLSI) and Impedance Analysis (IA). Despite relying on different physical phenomena, they all enable the extraction of sensitive information from circuits in a static state with high accuracy and low noise -- a trait that poses a significant threat to many established side-channel countermeasures. In this work, we point out the shortcomings of existing solutions and derive a simple yet effective countermeasure. We observe that in order to realise their full potential, static side-channel attacks require the targeted data to remain unchanged for a certain amount of time. For some cryptographic secrets this happens naturally, for others it requires stopping the target circuit's clock. Our proposal, called Borrowed Time, hinders an attacker's ability to leverage such idle conditions, even if full control over the global clock signal is obtained. For that, by design, key-dependent data may only be present in unprotected temporary storage when strictly needed. Borrowed Time then continuously monitors the target circuit and upon detecting an idle state, securely wipes sensitive contents. We demonstrate the need for our countermeasure and its effectiveness by mounting practical static power SCA attacks against cryptographic systems on FPGAs, with and without Borrowed Time. In one case we attack a masked implementation and show that it is only protected with our countermeasure in place. Furthermore we demonstrate that secure on-demand wiping of sensitive data works as intended, affirming the theory that the technique also effectively hinders LLSI and IA.
Related papers
- Underload: Defending against Latency Attacks for Object Detectors on Edge Devices [21.359326502877487]
A new class of latency attacks are reported recently targeting the real-time processing capability of object detectors.
We take an initial attempt to defend against this attack via background-attentive adversarial training.
Experiments demonstrate the defense effectiveness of restoring real-time processing capability from $13$ FPS to $43$ FPS.
arXiv Detail & Related papers (2024-12-03T05:00:26Z) - PTPsec: Securing the Precision Time Protocol Against Time Delay Attacks Using Cyclic Path Asymmetry Analysis [1.765099515298011]
Precision Time Protocol (PTP) can accomplish high-precision time synchronization in trusted environments.
Time delay attacks pose the highest threat to the protocol, enabling attackers to diverge targeted clocks undetected.
This work proposes an approach to detect and counteract delay attacks against PTP based on cyclic path asymmetry measurements.
arXiv Detail & Related papers (2024-01-19T12:35:00Z) - RandOhm: Mitigating Impedance Side-channel Attacks using Randomized Circuit Configurations [6.388730198692013]
We introduce RandOhm, which exploits a moving target defense (MTD) strategy based on the partial reconfiguration (PR) feature of mainstream FPGAs.
We demonstrate that the information leakage through the PDN impedance could be significantly reduced via runtime reconfiguration of the secret-sensitive parts of the circuitry.
In contrast to existing PR-based countermeasures, RandOhm deploys open-source bitstream manipulation tools to speed up the randomization and provide real-time protection.
arXiv Detail & Related papers (2024-01-17T02:22:28Z) - DynamiQS: Quantum Secure Authentication for Dynamic Charging of Electric Vehicles [61.394095512765304]
Dynamic Wireless Power Transfer (DWPT) is a novel technology that allows charging an electric vehicle while driving.
Recent advancements in quantum computing jeopardize classical public key cryptography.
We propose DynamiQS, the first post-quantum secure authentication protocol for dynamic wireless charging.
arXiv Detail & Related papers (2023-12-20T09:40:45Z) - FreqFed: A Frequency Analysis-Based Approach for Mitigating Poisoning
Attacks in Federated Learning [98.43475653490219]
Federated learning (FL) is susceptible to poisoning attacks.
FreqFed is a novel aggregation mechanism that transforms the model updates into the frequency domain.
We demonstrate that FreqFed can mitigate poisoning attacks effectively with a negligible impact on the utility of the aggregated model.
arXiv Detail & Related papers (2023-12-07T16:56:24Z) - Modulation to the Rescue: Identifying Sub-Circuitry in the Transistor Morass for Targeted Analysis [7.303095838216346]
Physical attacks form one of the most severe threats against secure computing platforms.
We present and compare two techniques, namely laser logic state imaging (LLSI) and lock-in thermography (LIT)
We show that the time required to identify specific regions can be drastically reduced, thus lowering the complexity of physical attacks requiring positional information.
arXiv Detail & Related papers (2023-09-18T13:59:57Z) - The Adversarial Implications of Variable-Time Inference [47.44631666803983]
We present an approach that exploits a novel side channel in which the adversary simply measures the execution time of the algorithm used to post-process the predictions of the ML model under attack.
We investigate leakage from the non-maximum suppression (NMS) algorithm, which plays a crucial role in the operation of object detectors.
We demonstrate attacks against the YOLOv3 detector, leveraging the timing leakage to successfully evade object detection using adversarial examples, and perform dataset inference.
arXiv Detail & Related papers (2023-09-05T11:53:17Z) - Overload: Latency Attacks on Object Detection for Edge Devices [47.9744734181236]
This paper investigates latency attacks on deep learning applications.
Unlike common adversarial attacks for misclassification, the goal of latency attacks is to increase the inference time.
We use object detection to demonstrate how such kind of attacks work.
arXiv Detail & Related papers (2023-04-11T17:24:31Z) - The Dark Side of AutoML: Towards Architectural Backdoor Search [49.16544351888333]
EVAS is a new attack that leverages NAS to find neural architectures with inherent backdoors and exploits such vulnerability using input-aware triggers.
EVAS features high evasiveness, transferability, and robustness, thereby expanding the adversary's design spectrum.
This work raises concerns about the current practice of NAS and points to potential directions to develop effective countermeasures.
arXiv Detail & Related papers (2022-10-21T18:13:23Z) - Robust Tracking against Adversarial Attacks [69.59717023941126]
We first attempt to generate adversarial examples on top of video sequences to improve the tracking robustness against adversarial attacks.
We apply the proposed adversarial attack and defense approaches to state-of-the-art deep tracking algorithms.
arXiv Detail & Related papers (2020-07-20T08:05:55Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.