Can The Hardware Supply Chain Remain Secure?


Malware in computers has been a reality since the 1990s, but lately the focus has shifted to hardware. So far, the semiconductor industry has been lucky because well-publicized threats were either limited or unproven. But sooner or later, luck runs out. Last year saw two significant incidents that shook people’s faith in the integrity of hardware security. The first was the Meltdown/Spectr... » read more

Introduction to Side-Channel Attacks


Side-channel attacks conducted against electronic gear are relatively simple and inexpensive to execute. Such attacks include simple power analysis (SPA) and Differential Power Analysis (DPA). An attacker does not need to know specific implementation details of the cryptographic device to perform these attacks and extract keys. As all physical electronic systems routinely leak information, effe... » read more

Cache Speculation Side-Channels


This whitepaper looks at the susceptibility of Arm implementations following research findings from security researchers, including Google and MIT, on new potential cache timing side-channels exploiting processor speculation. This paper also outlines possible mitigations that can be employed for software designed to run on existing Arm processors. To read more, click here. » read more

System Bits: Aug. 21


Two types of computers create faster, less energy-intensive image processor for autonomous cars, security cameras, medical devices Stanford University researchers reminded that the image recognition technology that underlies today’s autonomous cars and aerial drones depends on artificial intelligence. These are the computers that essentially teach themselves to recognize objects like a dog, ... » read more

Cache Speculation Side-Channels


Cache timing side-channels are a well understood concept in the area of security research. As such, this whitepaper will provide a simple conceptual overview rather than an in-depth explanation. The basic principle behind cache timing side-channels is that the pattern of allocations into the cache, and, in particular, which cache sets have been used for the allocation, can be determined by m... » read more

Evaluating Side-Channel Vulnerabilities


By Bart Stevens and Gary Kenworthy In a book chapter titled “Security of Crypto IP Core: Issues and Countermeasures,” authors Debapriya Basu Roy and Debdeep Mukhopadhyay recently explored various side-channel vulnerabilities that can be exploited by an attacker. “An adversary can observe the power consumption, timing performance, electromagnetic radiation or even acoustic behavior o... » read more

Imperfect Silicon, Near-Perfect Security


Some chipmakers, under pressure to add security to rapidly growing numbers of IoT devices, have rediscovered a "fingerprinting" technique used primarily as an anti-counterfeiting measure. [getkc id="227" kc_name="Physically unclonable functions"] (PUFs) are used to assign a unique identification number based on inconsistencies in the speed with which current causes a series of logic gates to... » read more

Bypassing Encryption With Side-Channel Attacks


Devices and systems that implement robust encryption/decryption algorithms using cryptographic keys were historically considered secure. Nevertheless, there is a category of attacks that simply ignore the mathematic properties of a cryptographic system – and instead focuses on its physical implementation in hardware. This vector is known as side-channel attacks, which are commonly referred... » read more

Protecting Electronic Systems From Side-Channel Attacks


During the early days of safecracking, rudimentary rotary locks were compromised by feel or sound to determine the correct combination. Following in this tradition, malicious actors are now exploiting side-channel attacks (SCA) to compromise cryptographic systems. To be sure, all physical electronic systems routinely leak information about the internal process of computing via fluctuating level... » read more

Thwarting Side-Channel Attacks With DPA-Protected Software Libraries


All physical electronic systems routinely leak information about the internal process of computing via fluctuating levels of power consumption and electro-magnetic emissions. Much like the early days of safecracking, electronic side-channel attacks (SCA) eschew a brute force approach to extracting keys and other secret information from a device or system. Moreover, SCA conducted against elec... » read more

← Older posts