Cache Speculation Side-Channels


This whitepaper looks at the susceptibility of Arm implementations following research findings from security researchers, including Google and MIT, on new potential cache timing side-channels exploiting processor speculation. This paper also outlines possible mitigations that can be employed for software designed to run on existing Arm processors. To read more, click here. » read more

System Bits: Aug. 21


Two types of computers create faster, less energy-intensive image processor for autonomous cars, security cameras, medical devices Stanford University researchers reminded that the image recognition technology that underlies today’s autonomous cars and aerial drones depends on artificial intelligence. These are the computers that essentially teach themselves to recognize objects like a dog, ... » read more

Cache Speculation Side-Channels


Cache timing side-channels are a well understood concept in the area of security research. As such, this whitepaper will provide a simple conceptual overview rather than an in-depth explanation. The basic principle behind cache timing side-channels is that the pattern of allocations into the cache, and, in particular, which cache sets have been used for the allocation, can be determined by m... » read more

Evaluating Side-Channel Vulnerabilities


By Bart Stevens and Gary Kenworthy In a book chapter titled “Security of Crypto IP Core: Issues and Countermeasures,” authors Debapriya Basu Roy and Debdeep Mukhopadhyay recently explored various side-channel vulnerabilities that can be exploited by an attacker. “An adversary can observe the power consumption, timing performance, electromagnetic radiation or even acoustic behavior o... » read more

Imperfect Silicon, Near-Perfect Security


Some chipmakers, under pressure to add security to rapidly growing numbers of IoT devices, have rediscovered a "fingerprinting" technique used primarily as an anti-counterfeiting measure. [getkc id="227" kc_name="Physically unclonable functions"] (PUFs) are used to assign a unique identification number based on inconsistencies in the speed with which current causes a series of logic gates to... » read more

Bypassing Encryption With Side-Channel Attacks


Devices and systems that implement robust encryption/decryption algorithms using cryptographic keys were historically considered secure. Nevertheless, there is a category of attacks that simply ignore the mathematic properties of a cryptographic system – and instead focuses on its physical implementation in hardware. This vector is known as side-channel attacks, which are commonly referred... » read more

Protecting Electronic Systems From Side-Channel Attacks


During the early days of safecracking, rudimentary rotary locks were compromised by feel or sound to determine the correct combination. Following in this tradition, malicious actors are now exploiting side-channel attacks (SCA) to compromise cryptographic systems. To be sure, all physical electronic systems routinely leak information about the internal process of computing via fluctuating level... » read more

Thwarting Side-Channel Attacks With DPA-Protected Software Libraries


All physical electronic systems routinely leak information about the internal process of computing via fluctuating levels of power consumption and electro-magnetic emissions. Much like the early days of safecracking, electronic side-channel attacks (SCA) eschew a brute force approach to extracting keys and other secret information from a device or system. Moreover, SCA conducted against elec... » read more

Putting A Hardware Root-of-Trust To Work In An Anti-Counterfeiting IC


An anti-counterfeiting security IC is conceptually rather simple: during manufacture, it is securely programmed with some secret data. Then during operation, it can prove to a verifying host that it knows that secret data. This “proof of knowledge” is often all that can be expected of a low-cost security IC. This prove-you-know-the-secret authentication process between the security IC an... » read more

The Evolution Of Side-Channel Attacks


A side-channel attack can perhaps best be defined as any attack based on information gained from the physical implementation of a cryptosystem, rather than brute force or theoretical weaknesses in the algorithms. Put simply, all physical electronic systems routinely leak information about their internal process of computing via their power consumption or electromagnetic emanations. This mean... » read more

← Older posts