Related papers: On Borrowed Time -- Preventing Static Side-Channel Analysis

On Borrowed Time -- Preventing Static Side-Channel Analysis

URL: http://arxiv.org/abs/2307.09001v2
Date: Fri, 06 Dec 2024 14:56:52 GMT
Title: On Borrowed Time -- Preventing Static Side-Channel Analysis
Authors: Robert Dumitru, Thorben Moos, Andrew Wabnitz, Yuval Yarom,
Abstract summary: adversaries exploit leakage or response behaviour of integrated circuits in a static state.<n>Members of this class include Static Power Side-Channel Analysis (SCA), Laser Logic State Imaging (LLSI) and Impedance Analysis (IA)
Score: 13.896152066919036
License: http://creativecommons.org/licenses/by-nc-nd/4.0/
Abstract: In recent years a new class of side-channel attacks has emerged. Instead of targeting device emissions during dynamic computation, adversaries now frequently exploit the leakage or response behaviour of integrated circuits in a static state. Members of this class include Static Power Side-Channel Analysis (SCA), Laser Logic State Imaging (LLSI) and Impedance Analysis (IA). Despite relying on different physical phenomena, they all enable the extraction of sensitive information from circuits in a static state with high accuracy and low noise -- a trait that poses a significant threat to many established side-channel countermeasures. In this work, we point out the shortcomings of existing solutions and derive a simple yet effective countermeasure. We observe that in order to realise their full potential, static side-channel attacks require the targeted data to remain unchanged for a certain amount of time. For some cryptographic secrets this happens naturally, for others it requires stopping the target circuit's clock. Our proposal, called Borrowed Time, hinders an attacker's ability to leverage such idle conditions, even if full control over the global clock signal is obtained. For that, by design, key-dependent data may only be present in unprotected temporary storage when strictly needed. Borrowed Time then continuously monitors the target circuit and upon detecting an idle state, securely wipes sensitive contents. We demonstrate the need for our countermeasure and its effectiveness by mounting practical static power SCA attacks against cryptographic systems on FPGAs, with and without Borrowed Time. In one case we attack a masked implementation and show that it is only protected with our countermeasure in place. Furthermore we demonstrate that secure on-demand wiping of sensitive data works as intended, affirming the theory that the technique also effectively hinders LLSI and IA.

Related papers

Chypnosis: Stealthy Secret Extraction using Undervolting-based Static Side-channel Attacks [3.4482813947866693]
We introduce a novel class of static side-channel attacks, called Chypnosis, that enables adversaries to freeze a chip's internal clock. We demonstrate that, by rapidly dropping a chip's voltage below the standard nominal levels, the attacker can bypass the clock and voltage sensors and put the chip in a so-called brownout condition. We show that not only are all clock sources deactivated, but various clock and voltage sensors also fail to detect the event.
arXiv Detail & Related papers (2025-04-15T21:43:33Z)
Unveiling ECC Vulnerabilities: LSTM Networks for Operation Recognition in Side-Channel Attacks [6.373405051241682]
We propose a novel approach for performing side-channel attacks on elliptic curve cryptography. We adopt a long-short-term memory (LSTM) neural network to analyze a power trace and identify patterns of operation. We show that current countermeasures, specifically the coordinate randomization technique, are not sufficient to protect against side channels.
arXiv Detail & Related papers (2025-02-24T17:02:40Z)
Underload: Defending against Latency Attacks for Object Detectors on Edge Devices [21.359326502877487]
A new class of latency attacks are reported recently targeting the real-time processing capability of object detectors.<n>We take an initial attempt to defend against this attack via background-attentive adversarial training.<n>Experiments demonstrate the defense effectiveness of restoring real-time processing capability from $13$ FPS to $43$ FPS.
arXiv Detail & Related papers (2024-12-03T05:00:26Z)
RandOhm: Mitigating Impedance Side-channel Attacks using Randomized Circuit Configurations [6.388730198692013]
We introduce RandOhm, which exploits a moving target defense (MTD) strategy based on the partial reconfiguration (PR) feature of mainstream FPGAs. We demonstrate that the information leakage through the PDN impedance could be significantly reduced via runtime reconfiguration of the secret-sensitive parts of the circuitry. In contrast to existing PR-based countermeasures, RandOhm deploys open-source bitstream manipulation tools to speed up the randomization and provide real-time protection.
arXiv Detail & Related papers (2024-01-17T02:22:28Z)
DynamiQS: Quantum Secure Authentication for Dynamic Charging of Electric Vehicles [61.394095512765304]
Dynamic Wireless Power Transfer (DWPT) is a novel technology that allows charging an electric vehicle while driving. Recent advancements in quantum computing jeopardize classical public key cryptography. We propose DynamiQS, the first post-quantum secure authentication protocol for dynamic wireless charging.
arXiv Detail & Related papers (2023-12-20T09:40:45Z)
FreqFed: A Frequency Analysis-Based Approach for Mitigating Poisoning Attacks in Federated Learning [98.43475653490219]
Federated learning (FL) is susceptible to poisoning attacks. FreqFed is a novel aggregation mechanism that transforms the model updates into the frequency domain. We demonstrate that FreqFed can mitigate poisoning attacks effectively with a negligible impact on the utility of the aggregated model.
arXiv Detail & Related papers (2023-12-07T16:56:24Z)
The Adversarial Implications of Variable-Time Inference [47.44631666803983]
We present an approach that exploits a novel side channel in which the adversary simply measures the execution time of the algorithm used to post-process the predictions of the ML model under attack. We investigate leakage from the non-maximum suppression (NMS) algorithm, which plays a crucial role in the operation of object detectors. We demonstrate attacks against the YOLOv3 detector, leveraging the timing leakage to successfully evade object detection using adversarial examples, and perform dataset inference.
arXiv Detail & Related papers (2023-09-05T11:53:17Z)
Spatial-Frequency Discriminability for Revealing Adversarial Perturbations [53.279716307171604]
Vulnerability of deep neural networks to adversarial perturbations has been widely perceived in the computer vision community. Current algorithms typically detect adversarial patterns through discriminative decomposition for natural and adversarial data. We propose a discriminative detector relying on a spatial-frequency Krawtchouk decomposition.
arXiv Detail & Related papers (2023-05-18T10:18:59Z)
Overload: Latency Attacks on Object Detection for Edge Devices [47.9744734181236]
This paper investigates latency attacks on deep learning applications. Unlike common adversarial attacks for misclassification, the goal of latency attacks is to increase the inference time. We use object detection to demonstrate how such kind of attacks work.
arXiv Detail & Related papers (2023-04-11T17:24:31Z)
The Dark Side of AutoML: Towards Architectural Backdoor Search [49.16544351888333]
EVAS is a new attack that leverages NAS to find neural architectures with inherent backdoors and exploits such vulnerability using input-aware triggers. EVAS features high evasiveness, transferability, and robustness, thereby expanding the adversary's design spectrum. This work raises concerns about the current practice of NAS and points to potential directions to develop effective countermeasures.
arXiv Detail & Related papers (2022-10-21T18:13:23Z)
Robust Tracking against Adversarial Attacks [69.59717023941126]
We first attempt to generate adversarial examples on top of video sequences to improve the tracking robustness against adversarial attacks. We apply the proposed adversarial attack and defense approaches to state-of-the-art deep tracking algorithms.
arXiv Detail & Related papers (2020-07-20T08:05:55Z)

This list is automatically generated from the titles and abstracts of the papers in this site.