The Experts below are selected from a list of 195 Experts worldwide ranked by ideXlab platform
Wayne Burleson - One of the best experts on this subject based on the ideXlab platform.
-
Combining Clock and Voltage Noise Countermeasures Against Power Side-Channel Analysis
2019 IEEE 30th International Conference on Application-specific Systems Architectures and Processors (ASAP), 2019Co-Authors: Jacqueline Lagasse, Christopher Bartoli, Wayne BurlesonAbstract:The power side-channel continues to be a Major Vulnerability in many critical systems. Numerous countermeasures have been proposed since its discovery as a serious Vulnerability, including both hardware and software implementations. Each countermeasure has its own drawback, with some of the more popular countermeasures incurring 3-4x overhead in area and power. While this is acceptable for some devices, other lightweight devices can not tolerate this amount of overhead. In addition, most countermeasures are quite invasive to the design process, requiring modification to the design and additional validation. This work explores two relatively non-invasive countermeasures, both the detailed implementations and the interactions: 1) clock randomization, and 2) supply voltage noise, by real collecting power traces from a state-of-the-art FPGA board and using the Correlation Power Analysis (CPA) attack. Counter-attacks and their impact on the countermeasure efficacy are also explored. The key result is that the combined effects of the two countermeasures is greater than the impact of either countermeasure when used independently.
-
ASAP - Combining Clock and Voltage Noise Countermeasures Against Power Side-Channel Analysis
2019 IEEE 30th International Conference on Application-specific Systems Architectures and Processors (ASAP), 2019Co-Authors: Jacqueline Lagasse, Christopher Bartoli, Wayne BurlesonAbstract:The power side-channel continues to be a Major Vulnerability in many critical systems. Numerous countermeasures have been proposed since its discovery as a serious Vulnerability, including both hardware and software implementations. Each countermeasure has its own drawback, with some of the more popular countermeasures incurring 3-4x overhead in area and power. While this is acceptable for some devices, other lightweight devices can not tolerate this amount of overhead. In addition, most countermeasures are quite invasive to the design process, requiring modification to the design and additional validation. This work explores two relatively non-invasive countermeasures, both the detailed implementations and the interactions: 1) clock randomization, and 2) supply voltage noise, by real collecting power traces from a state-of-the-art FPGA board and using the Correlation Power Analysis (CPA) attack. Counter-attacks and their impact on the countermeasure efficacy are also explored. The key result is that the combined effects of the two countermeasures is greater than the impact of either countermeasure when used independently.
Steve Weddell - One of the best experts on this subject based on the ideXlab platform.
-
FPT - Cryptographic techniques in redundant number systems
2015 International Conference on Field Programmable Technology (FPT), 2015Co-Authors: Jason Motha, Andrew Bainbridge-smith, Steve WeddellAbstract:This paper proposes a modification to standard cryptographic techniques. The key idea is to mitigate side channel attacks by dynamically changing the encryption key with redundant numbers at each encryption step. Side channel attacks currently are a Major Vulnerability; they exploit the implementation of the cryptosystem rather than attacking the cryptosystem. Side channel attacks have a wide range of vectors, such as timing and power analysis, they manage to extract the key by detecting patterns in the execution. Redundant number systems allow numbers to have different representations whist evaluating to the same numeric value. The property is useful as the bit pattern of the key changes with each iteration whilst still transmitting an equivalent key. This redundant number system is to be implemented on an FPGA to show feasibility and measure performance.
-
Cryptographic techniques in redundant number systems
2015 International Conference on Field Programmable Technology (FPT), 2015Co-Authors: Jason Motha, Andrew Bainbridge-smith, Steve WeddellAbstract:This paper proposes a modification to standard cryptographic techniques. The key idea is to mitigate side channel attacks by dynamically changing the encryption key with redundant numbers at each encryption step. Side channel attacks currently are a Major Vulnerability; they exploit the implementation of the cryptosystem rather than attacking the cryptosystem. Side channel attacks have a wide range of vectors, such as timing and power analysis, they manage to extract the key by detecting patterns in the execution. Redundant number systems allow numbers to have different representations whist evaluating to the same numeric value. The property is useful as the bit pattern of the key changes with each iteration whilst still transmitting an equivalent key. This redundant number system is to be implemented on an FPGA to show feasibility and measure performance.
Jin Song Dong - One of the best experts on this subject based on the ideXlab platform.
-
Formal Analysis of a Single Sign-On Protocol Implementation for Android
2015 20th International Conference on Engineering of Complex Computer Systems (ICECCS), 2015Co-Authors: Quanqi Ye, Kailong Wang, Jin Song DongAbstract:As the boom of social networking, Single Sign-On (SSO) services developed by Major commercial service providers like Facebook, Google and Twitter, have been widely used by web-based service providers as an alternative authentication scheme. Despite rich research has focused on browser-based web applications, little has been conducted on the implementation of SSO on mobile platforms. However, we reveal that due to the fundamental difference of isolation mechanism in mobile OS and applications from the origin-based isolation in browsers, the SSO encounters a novel attack surface and adversarial models. We perform the first formal analysis on the implementation of the most widely used SSO service -- Facebook Login. Our study takes as input the available implementation and dynamic execution traces of Facebook SDK for Android, from which we abstract the implementation-level protocol. The protocol is then modeled in typed Pi-calculus, and automatically checked against the mobile platform specific attack models in a protocol verifier Proverif. Our study has successfully identified a Major Vulnerability, which allows an attacker to steal authentication credentials from victims and log into their Facebook accounts.
Jacqueline Lagasse - One of the best experts on this subject based on the ideXlab platform.
-
Combining Clock and Voltage Noise Countermeasures Against Power Side-Channel Analysis
2019 IEEE 30th International Conference on Application-specific Systems Architectures and Processors (ASAP), 2019Co-Authors: Jacqueline Lagasse, Christopher Bartoli, Wayne BurlesonAbstract:The power side-channel continues to be a Major Vulnerability in many critical systems. Numerous countermeasures have been proposed since its discovery as a serious Vulnerability, including both hardware and software implementations. Each countermeasure has its own drawback, with some of the more popular countermeasures incurring 3-4x overhead in area and power. While this is acceptable for some devices, other lightweight devices can not tolerate this amount of overhead. In addition, most countermeasures are quite invasive to the design process, requiring modification to the design and additional validation. This work explores two relatively non-invasive countermeasures, both the detailed implementations and the interactions: 1) clock randomization, and 2) supply voltage noise, by real collecting power traces from a state-of-the-art FPGA board and using the Correlation Power Analysis (CPA) attack. Counter-attacks and their impact on the countermeasure efficacy are also explored. The key result is that the combined effects of the two countermeasures is greater than the impact of either countermeasure when used independently.
-
ASAP - Combining Clock and Voltage Noise Countermeasures Against Power Side-Channel Analysis
2019 IEEE 30th International Conference on Application-specific Systems Architectures and Processors (ASAP), 2019Co-Authors: Jacqueline Lagasse, Christopher Bartoli, Wayne BurlesonAbstract:The power side-channel continues to be a Major Vulnerability in many critical systems. Numerous countermeasures have been proposed since its discovery as a serious Vulnerability, including both hardware and software implementations. Each countermeasure has its own drawback, with some of the more popular countermeasures incurring 3-4x overhead in area and power. While this is acceptable for some devices, other lightweight devices can not tolerate this amount of overhead. In addition, most countermeasures are quite invasive to the design process, requiring modification to the design and additional validation. This work explores two relatively non-invasive countermeasures, both the detailed implementations and the interactions: 1) clock randomization, and 2) supply voltage noise, by real collecting power traces from a state-of-the-art FPGA board and using the Correlation Power Analysis (CPA) attack. Counter-attacks and their impact on the countermeasure efficacy are also explored. The key result is that the combined effects of the two countermeasures is greater than the impact of either countermeasure when used independently.
Jason Motha - One of the best experts on this subject based on the ideXlab platform.
-
FPT - Cryptographic techniques in redundant number systems
2015 International Conference on Field Programmable Technology (FPT), 2015Co-Authors: Jason Motha, Andrew Bainbridge-smith, Steve WeddellAbstract:This paper proposes a modification to standard cryptographic techniques. The key idea is to mitigate side channel attacks by dynamically changing the encryption key with redundant numbers at each encryption step. Side channel attacks currently are a Major Vulnerability; they exploit the implementation of the cryptosystem rather than attacking the cryptosystem. Side channel attacks have a wide range of vectors, such as timing and power analysis, they manage to extract the key by detecting patterns in the execution. Redundant number systems allow numbers to have different representations whist evaluating to the same numeric value. The property is useful as the bit pattern of the key changes with each iteration whilst still transmitting an equivalent key. This redundant number system is to be implemented on an FPGA to show feasibility and measure performance.
-
Cryptographic techniques in redundant number systems
2015 International Conference on Field Programmable Technology (FPT), 2015Co-Authors: Jason Motha, Andrew Bainbridge-smith, Steve WeddellAbstract:This paper proposes a modification to standard cryptographic techniques. The key idea is to mitigate side channel attacks by dynamically changing the encryption key with redundant numbers at each encryption step. Side channel attacks currently are a Major Vulnerability; they exploit the implementation of the cryptosystem rather than attacking the cryptosystem. Side channel attacks have a wide range of vectors, such as timing and power analysis, they manage to extract the key by detecting patterns in the execution. Redundant number systems allow numbers to have different representations whist evaluating to the same numeric value. The property is useful as the bit pattern of the key changes with each iteration whilst still transmitting an equivalent key. This redundant number system is to be implemented on an FPGA to show feasibility and measure performance.
