Auflistung nach Schlagwort "Side-Channel Attacks"
1 - 2 von 2
Treffer pro Seite
Sortieroptionen
- ZeitschriftenartikelEvaluation of (power) side-channels in cryptographic implementations(it - Information Technology: Vol. 61, No. 1, 2019) Bache, Florian; Plump, Christina; Wloka, Jonas; Güneysu, Tim; Drechsler, RolfSide-channel attacks enable powerful adversarial strategies against cryptographic devices and encounter an ever-growing attack surface in today’s world of digitalization and the internet of things. While the employment of provably secure side-channel countermeasures like masking have become increasingly popular in recent years, great care must be taken when implementing these in actual devices. The reasons for this are two-fold: The models on which these countermeasures rely do not fully capture the physical reality and compliance with the requirements of the countermeasures is non-trivial in complex implementations. Therefore, it is imperative to validate the SCA-security of concrete instantiations of cryptographic devices using measurements on the actual device. In this article we propose a side-channel evaluation framework that combines an efficient data acquisition process with state-of-the-art confidence interval based leakage assessment. Our approach allows a sound assessment of the potential susceptibility of cryptographic implementations to side-channel attacks and is robust against noise in the evaluation system. We illustrate the steps in the evaluation process by applying them to a protected implementation of AES.
- ZeitschriftenartikelSoftware-based microarchitectural attacks(it - Information Technology: Vol. 60, No. 5-6, 2018) Gruss, DanielModern processors are highly optimized systems where every single cycle of computation time matters. Many optimizations depend on the data that is being processed. Microarchitectural attacks leak this data (side channels) or exploit physical imperfections to take control of the entire system (fault attacks). In my thesis (D. Gruss. Software-based Microarchitectural Attacks . PhD thesis, Graz University of Technology, 2017), I improved over state of the art in microarchitectural attacks and defenses in three dimensions. I cover these briefly in this summary. First, I show that attacks can be fully automated. Second, I present several novel previously unknown side channels. Third, I show that attacks can be mounted in highly restricted environments such as sandboxed JavaScript code in websites, and on any computer system including smartphones, tablets, personal computers, and commercial cloud systems. These results formed one of the corner stones for attacks like Meltdown (M. Lipp et al. Meltdown: Reading kernel memory from user space. In USENIX Security Symposium , 2018) and Spectre (P. Kocher et al. Spectre attacks: Exploiting speculative execution. In S&P , 2019) which were discovered months after the thesis was concluded.