LEA is 128-bit lightweight block cipher introduced in WISA 2013. However, the authors investigated security evaluation of LEA on a theoretical basis only. LEA can be implemented in various platforms having throughput and a small size. We ﬁrst investigated its security strength against **power** **analysis** **attacks** on a hardware implementation. Our results showed that LEA implementation reamins vulnerable to **power** **analysis** **attacks**. According to our research, this is the ﬁrst experimental result of an LEA hardware implementation. Based on our results, implementing LEA with countermeasures is essential. For a future study, we plan to investigate other types of platforms and compare performance between countermeasure and non-countermeasure implementations.

Show more
Compared to masking, shuffling does not require modifica- tions of the algorithm. It is an algorithm-agnostic implemen- tation and can possibly be automated for any cryptographic algorithms. What’s more, it can be easily implemented after other countermeasures as an add-on protection for cryptogra- phyic systems. However, manual implementation of shuffling still requires knowledge of the specific algorithm and may not fully exploit the independence between operations in complex algorithms. Recent works [9], [10], [11], [12], [13] indicate a nascent trend towards automating the application of countermeasures to increase the security of the systems against **power** **analysis** **attacks**. They have focused on masking AES, including automatic instruction sensitivity quantification and local random precharging [9], a general code morphing engine design with alternative code segments that mitigate **power** leakage [10], compiler assisted masking implementation [11], and automatic security evaluation and verification [12], [13]. However, to the best of our knowledge, there is no automation work for operation shuffling/permutation yet.

Show more
Cryptographic devices often deal with secret information as well as privacy of the users. So-called Side-Channel **Analysis** (SCA) **attacks** target the implementation of cryptographic schemes and are independent of their mathematical security. For example, [3] exploits the response time of an RSA implementation to retrieve the used secret key. Introduction of Differential **Power** **Analysis** (DPA) **attacks** [16] resulted in extensive research in refining **attacks** and developing counter- measures. Although timing **attacks** might even work over the Internet, **power** **analysis** **attacks** are thought to require physical access to the device, i.e., to connect an oscilloscope to measure the **power** consumption or the electromagnetic emanation in the near proximity. Yet, in the following, we prove this assumption to be wrong. This falls well within the line what has been seen for fault **attacks**. Before Rowhammer [14], fault **attacks** were thought to require some sort of physical access to induce a fault into the target. Instead, the attack can lead to pure-software based privilege escalation from an underprivileged user. Furthermore, it can be introduced remotely as well, even at a very high abstraction level [11].

Show more
In practical scenarios the ability to capture a node, perform the attack, and return the node all within a short window reduces the risk of detection. The approach of [7] requires an attacker to passively wait for a transmissions to record **power** traces. While passively waiting is a reasonable approach for the 2060 traces required by [7] to break a software AES implementation, this could entail an unreasonably long wait period for the thousands of traces typically required to break a hardware AES peripherals [8]. Our work allows an attacker to rapidly force the operation to occur, and collecting 20 000 traces can be accomplished in 1560 minutes (depends on network stack and how much other trac node must process).

Show more
30 Read more

Since any capacitance is impeding high frequency components of the signal, it makes sense to consider what frequency range of signals are valuable for **power** **analysis**. It is not easy to determine an exact range of frequencies of interest. The architecture of the Cyclone III FPGA masks this information. The maximum frequency of the instantaneous **power** consumption is related to the fastest rise time of the hardware interconnects of the FPGA. This information isn’t publicly available from Altera for competitive reasons. Further com- plicating matters is the fact that exact implementation is determined by the Quartus II Fitter. Therefore, the final implementation is a combination of Logic Elements placed in certain locations with different length interconnects between them.

Show more
110 Read more

The simplest form of **power** **attacks** is Simple **Power** **analysis** (SPA). SPA directly analyzes the **power** consumption of a single execution of a cryptographic operation. The details of encryption algorithms such as DES and AES are fully exposed to the public so an at- tacker always knows the steps in the algorithm. Oftentimes these implementations are open-sourced as in the case of the popular program OpenSSL [46]. For example, precise current traces of an algorithm can be extracted and show if a branch in code was taken or not taken. This means algorithms where the execution path is data dependent can be easily broken with SPA. However, in most cases the small variation in **power** consumption is not enough to discover the exact instruction path in hardware implementations. Countermea- sures against SPA are also quite simple, the implementation should avoid using branches that depend on keys. This approach can incur significant penalties [29].

Show more
72 Read more

Compared to physical **power** extraction, circuit simulation significantly reduces the complexity of mounting a **power** **analysis** attack, and provides quicker feedback during the implementation and study of a cryptographic device. This ultimately reduces the cost of iterative testing and experimentation. The **attacks** evaluated as part of this research were performed on simulated trace data, building off of a design and simulation flow established in a previous research project that focused on attacking an ASIC implementation of the AES block cipher [10]. The existing methodology was altered to significantly reduce the time required to compile, simulate, and extract the **power** traces without sacrificing the quality of the results.

Show more
106 Read more

Abstract—The current practice in board-level integration is to incorporate chips and components from numerous vendors. A fully trusted supply chain for all used components and chipsets is an important, yet extremely difficult to achieve, prerequisite to validate a complete board-level system for safe and secure operation. An increasing risk is that most chips nowadays run software or firmware, typically updated throughout the system lifetime, making it practically impossible to validate the full system at every given point in the manufacturing, integration and operational life cycle. This risk is elevated in devices that run 3rd party firmware. In this paper we show that an FPGA used as a common accelerator in various boards can be reprogrammed by software to introduce a sensor, suitable as a remote **power** **analysis** side-channel attack vector at the board-level. We show successful **power** **analysis** **attacks** from one FPGA on the board to another chip implementing RSA and AES cryptographic modules. Since the sensor is only mapped through firmware, this threat is very hard to detect, because data can be exfiltrated without requiring inter-chip communication between victim and attacker. Our results also prove the potential vulnerability in which any untrusted chip on the board can launch such **attacks** on the remaining system.

Show more
In this paper we try to close the gap between theoretical considerations regarding the influence of measurement factors on the feasibility of static **power** **analysis** **attacks** and their practical verification on actual hardware. We answer the question whether an adversary can physically force a device to leak more information by controlling specific operating parameters and provide informative numbers in this regard based on more than two months of non-stop measurements. In particular we have acquired 19 distinct sets with a cardinality of at least 5 million measurements per set in a controlled environment, each for a different temperature- voltage-combination (-20 to 90 ◦ C, 1.62 to 1.98 V), which took roughly 2.7 days for each set. Afterwards, for the most effective temperature-voltage-combination (90 ◦ C and 1.98 V), we recorded another 8 sets of traces for different lengths of the measurement interval. Our results show very clearly that, in this case study, increasing the temperature exponentially increases the signal, that increasing the supply voltage only marginally increases the signal and finally that increasing the measurement interval exponentially decreases the noise. Additionally, it becomes obvious that all three measurement factors can effectively be combined to lower the number of measurements that are required for a successful key recovery to a minimum. Control over these parameters – in theory – allows to eliminate any source of noise except for the algorithmic noise, which highly depends on the particular implementation as well as the concrete attack scenario and will always be present in **power** measurements [40]. Setup-wise we have built upon [27], but (1) improved the construction of the DC amplifier to obtain stable results at extreme temperatures, (2) built a custom low-pass filter, and (3) employed a simple post-processing technique. All these modifications have been verified to be useful in diminishing

Show more
14 Read more

Abstract. A protection circuit can be added into cryptographic systems to detect both soft errors and injected faults required by Differential Fault **Analysis** (DFA) **attacks**. While such protection can improve the reliability of the target devices significantly and counteract DFA, they will also incur extra **power** consumption and other resource overhead. In this paper, we analyze the side- channel **power** leakage of AES protection methods against fault **attacks** and quantify the amount. We implement six different schemes and launch correlation **power** **analysis** **attacks** on them. The results show that the protection circuits have all increased the **power** leakage and therefore make the system more vulnerable to **power** **analysis** **attacks**. We further compare different protection schemes in terms of **power** consumption, area, fault coverage, and side-channel leakage. Our results demonstrate trade-offs among multiple design metrics, and suggest that reliability, security, and costs have to be all considered together in the design phase of cryptographic systems.

Show more
10 Read more

Abstract. By shrinking the technology and reducing the energy require- ments of integrated circuits, producing ultra-low-**power** devices has prac- tically become possible. Texas Instruments as a pioneer in developing FRAM-based products announced a couple of different microcontroller (MCU) families based on the low-**power** and fast Ferroelectric RAM tech- nology. Such MCUs come with embedded cryptographic module(s) as well as the assertion that – due to the underlying ultra-low-**power** tech- nology – mounting successful side-channel **analysis** (SCA) **attacks** has become very difficult. In this work we practically evaluate this claimed hardness by means of state-of-the-art **power** **analysis** **attacks**. The leak- age sources and corresponding **attacks** are presented in order to give an overview on the potential risks of making use of such platforms in security-related applications. In short, we partially confirm the given as- sertion. Some modules, e.g., the embedded cryptographic accelerator, can still be attacked but with slightly immoderate effort. On the contrary, the other leakage sources are easily exploitable leading to straightforward **attacks** being able to recover the secrets.

Show more
15 Read more

includes **power** consumption, electromagnetic radiation, system run times, acous- tic and etc. which are correlated with the secret values during data processing. **Power**-**analysis** **attacks** are a powerful type of side-channel attack originally de- scribed by Kocher. This class of **attacks** has been applied successfully against the implementations of popular public-key cryptosystems RSA and Elgamal (13) which make use of exponentiation algorithms. The primary side-channel **attacks** against modular exponentiation algorithms rely on certain physical phenomena, which allows one to distinguish between multiplication and squaring operations (12). Messerges et al. proposed three types of **power**-**analysis** **attacks** against RSA with multiple random plaintexts(14). To mitigate these **attacks**, the im- plementations of modular exponentiation utilize a same sequence of instructions for multiplication and squaring operations, which makes it challenging to dif- ferentiate between these two operations for random input messages in practice (11). In response, various methods have been proposed that use the leak of sen- sitive information during the decryption process of chosen messages (18; 20; 16). In particular, several chosen-message **attacks** have been applied on public key encryption in (1; 2; 6; 8; 7; 9; 10; 11; 15; 19).

Show more
16 Read more

zeros) thus |Y | = 3, or Y = “01” (i.e. the realization of the random variable Y consists of a zero and a one digit) thus |Y | = 2. Then the attacker’s goal is to calculate and exploit the conditional probability For many different realizations x of X and y and Y. Equation 1 is the mathematical definition for the conditional probability. Enhancing Simple **Power**-**Analysis** **Attacks** on Elliptic Curve Cryptosystems, It is an important observation that the calculation of the right hand side of (1) requires the knowledge of the probability to be in a specific state of the point multiplication algorithm (the terminology used here will be explained in the next section). This is because in order to calculate the probabilities P(X = x), one has to calculate the sum of the probabilities of all possible sequences of digits that lead to the pattern x. Since such a sequence can basically start from any state of the algorithm, the probabilities are dependent on the probability of the starting-state.

Show more
14 Read more

Countermeasures. One good solution to avoid these **attacks** is to propose ef- ficient and low **power** cryptographic implementations for the encryption algo- rithms [26]. To disturb DPA and RPA/ZPA, Binary Expansion algorithm that has random initial point is used [27]. The work in [28] suggested to use message masking prior exponentiation with a random value (r) to prevent MESD and ZESD and use exponent masking to prevent SEMD. The exponentiation can be masked by the addition of random multiple of Φ(N)= (p – 1)(q – 1). i.e., ê = e+ Φ(N). The computation of modular exponentiation proceeds from the random starting point towards the MSB using the right-to-left binary exponentiation al- gorithm, returns to the starting point and then moves towards the LSB using the left-to-right binary exponentiation algorithm [29]. The authors in [30] presented a randomized window-scanning RSA scheme resistant to **power** **analysis** **attacks**, specifically to the CPA that uses different inputs to the same algorithm and ana- lyze the **power** consumption traces. Even if the attacker was able to recover the bits, it will be difficult to put those key bits in the correct order.

Show more
11 Read more

The coupling model market **power** exchanges (PXS - **power** exchanges) allocates the available transmission capacity default in spot **power** exchange transactions. EU policy is the solution to achieve the single market in energy. Overall, average prices in the competitive market area reduced by coupling demonstrated CWE regions - France, Germany, the Netherlands and Belgium (price coupling) and Scandinavia (coupling volume). In Central Europe - Eastern (CEE), Hungary managed coupling Czech and Slovak markets and in parallel, coupling conducts Poland and Romania.

Show more
Liability Identification: Users of vehicles are liable for their deliberate or accidental actions that disrupt the operation of other nodes, or the transportation system. Several **attacks** are known which will be classified depending on the layer the attacker uses. At the physical layer and link layers the attacker will disturb the system either by jamming or overloading the channel with messages. Flooding false messages or rebroadcasting a recent message is also an attainable attack.

As a consequence, most countermeasures against fault **attacks** do not focus on such **attacks**, but on **attacks** exploiting changes of intermediate values and usually try to detect such a change (detection-based), or to destroy the exploitable information if a fault happens (infective countermeasures). Such countermeasures implicitly assume that the release of “fault-free” ciphertexts in the presence of a fault-inducing attacker does not reveal any exploitable information. In this work, we show that this assumption is not valid and we present novel fault **attacks** that work in the presence of detection-based and infective countermeasures. The **attacks** exploit the fact that intermediate values leading to “fault-free” ciphertexts show a non-uniform distribution, while they should be distributed uniformly. The presented **attacks** are entirely practical and are demonstrated to work for software implementations of AES and for a hardware co-processor. These practical **attacks** rely on fault induction by means of clock glitches and hence, are achieved using only low-cost equipment. This is feasible because our attack is very robust under noisy fault induction attempts and does not require the attacker to model or profile the exact fault effect. We target two types of countermeasures as examples: simple time redundancy with comparison and several infective countermeasures. However, our **attacks** can be applied to a wider range of countermeasures and are not restricted to these two countermeasures. Keywords: fault attack · infective countermeasure · fault detection · countermeasure · statistical ineffective fault attack · SIFA

Show more
26 Read more

Side-channel **attacks** are alarming for this world because every walk of our lives depends on the usage of technology and sharing information to it. Nowadays, our information is preserved in the cloud, and we have no idea about the security of this information. We all want our information to be private and safe. Manufacturers of electronic devices come forward to make their products secure from side-channel **attacks**. Security experts and cryptologists are trying to come up with a solution to prevent these types of **attacks** on cryptographic implementations or devices to protect an individuals private information from leaking or being abused. This field of research is not only of academic interest but also manufacturers of cryptographic devices demand it, because there have been many examples of **attacks** on real-world cryptographic devices such as the bit-stream encryption in Xilinx FPGAs [1], the KeeLoq remote entry system [2], the YubiKey multi-factor authentication token [3], Mifare DESFire contactless payment cards [4], etc. These **attacks** made the manu- facturers of these cryptographic devices and security experts aware of them.

Show more
78 Read more

In the elongation **attacks**, an adversary constructs artificially extended routes, potentially traversing every node in the network. This is done to increase packet path lengths, causing packets to be processed by a number of nodes that is independent of hop count along the shortest path between the adversary and packet destination. A malicious insider has number of ways to induce topology change. For instance, it can falsely claim that a link is down or can even claim a new link to a non-existing node.