Cache Speculation Side-Channels


Cache timing side-channels are a well understood concept in the area of security research. As such, this whitepaper will provide a simple conceptual overview rather than an in-depth explanation. The basic principle behind cache timing side-channels is that the pattern of allocations into the cache, and, in particular, which cache sets have been used for the allocation, can be determined by m... » read more

Evaluating Side-Channel Vulnerabilities


By Bart Stevens and Gary Kenworthy In a book chapter titled “Security of Crypto IP Core: Issues and Countermeasures,” authors Debapriya Basu Roy and Debdeep Mukhopadhyay recently explored various side-channel vulnerabilities that can be exploited by an attacker. “An adversary can observe the power consumption, timing performance, electromagnetic radiation or even acoustic behavior o... » read more

Imperfect Silicon, Near-Perfect Security


Some chipmakers, under pressure to add security to rapidly growing numbers of IoT devices, have rediscovered a "fingerprinting" technique used primarily as an anti-counterfeiting measure. [getkc id="227" kc_name="Physically unclonable functions"] (PUFs) are used to assign a unique identification number based on inconsistencies in the speed with which current causes a series of logic gates to... » read more

Bypassing Encryption With Side-Channel Attacks


Devices and systems that implement robust encryption/decryption algorithms using cryptographic keys were historically considered secure. Nevertheless, there is a category of attacks that simply ignore the mathematic properties of a cryptographic system – and instead focuses on its physical implementation in hardware. This vector is known as side-channel attacks, which are commonly referred... » read more

Protecting Electronic Systems From Side-Channel Attacks


During the early days of safecracking, rudimentary rotary locks were compromised by feel or sound to determine the correct combination. Following in this tradition, malicious actors are now exploiting side-channel attacks (SCA) to compromise cryptographic systems. To be sure, all physical electronic systems routinely leak information about the internal process of computing via fluctuating level... » read more

Thwarting Side-Channel Attacks With DPA-Protected Software Libraries


All physical electronic systems routinely leak information about the internal process of computing via fluctuating levels of power consumption and electro-magnetic emissions. Much like the early days of safecracking, electronic side-channel attacks (SCA) eschew a brute force approach to extracting keys and other secret information from a device or system. Moreover, SCA conducted against elec... » read more

Putting A Hardware Root-of-Trust To Work In An Anti-Counterfeiting IC


An anti-counterfeiting security IC is conceptually rather simple: during manufacture, it is securely programmed with some secret data. Then during operation, it can prove to a verifying host that it knows that secret data. This “proof of knowledge” is often all that can be expected of a low-cost security IC. This prove-you-know-the-secret authentication process between the security IC an... » read more

The Evolution Of Side-Channel Attacks


A side-channel attack can perhaps best be defined as any attack based on information gained from the physical implementation of a cryptosystem, rather than brute force or theoretical weaknesses in the algorithms. Put simply, all physical electronic systems routinely leak information about their internal process of computing via their power consumption or electromagnetic emanations. This mean... » read more

Side-Channel Attacks


There are many techniques available for hackers to gain access to a system and obtain secret keys or other proprietary information– from invasive methods, such as microprobing, to noninvasive methods, such as cryptoanalysis. However, one of the easiest and most effective ways to extract the contents of a chip is through a side-channel attack using power analysis. To read more, click here. » read more

Fixing Security Holes


Connected devices can do everything from save lives to improve the quality of life. They also destroy that quality or cause harm if these things or systems of things are not secure. Security is a complex multi-level problem. It spans the entire seven-layer OSI communication stack, as well as the software that is used to run, manage and operate hardware. And it needs to be dealt with from mul... » read more

← Older posts