At Conferences:
Hardening microprocessors against side-channel attacks is a critical aspect of ensuring their security. A key step in this process is identifying and mitigating ``leaky" hardware modules, which leak information during the execution of cryptographic algorithms. In this paper, we explore how different leakage detection methods, the Side-channel Vulnerability Factor (SVF) and the Test Vector Leakage Assessment (TVLA), contribute to hardening of microprocessors. We conduct experiments on two RISC-V cores, SHAKTI and Ibex, using two cryptographic algorithms, SHA-3 and AES. Our findings suggest that SVF and TVLA can provide valuable insights into identifying leaky modules. However, the effectiveness of these methods can vary depending on the specific core and cryptographic algorithm in use. We conclude that the choice of leakage detection method should be based not only on computational cost but also on the specific requirements of the system, the implementation of the algorithm examined and the nature of the potential threats.
Electronic devices that populate the Internet of Things play increasingly important roles in our everyday lives. When these devices process, store, or communicate personal or company-critical data, digital security becomes a necessity. However, mechanisms to secure electronic systems have a significant influence on the cost of the system and come with an overhead in energy consumption, computational delay, and (silicon) chip area. Therefore, developing secure electronic systems is a balancing act between minimizing the overhead and maximizing the security. Moreover, in rapidly evolving markets, there is another parameter that can have a negative influence on the security strength of electronic devices, namely the time to market: it takes longer to bring a secure product to the market than to develop a product with no or little security measures in place. In the PROACT project, we tackle the challenge of maximizing the security strength while minimizing the overhead w.r.t. energy consumption, computational delay, and hardware resources, as well as reducing the time to market of digital electronic systems. We specifically focus on the fast development of efficient cryptographic hardware with protection against physical attacks, i.e., attacks that exploit the physical implementation of cryptographic algorithms. Physical attacks are categorized into (1) side-channel analysis attacks that target the extraction of secret information by monitoring side-channels like the power consumption, the electromagnetic emanation or the timing of the device, and (2) fault analysis attacks that aim at introducing computational errors that lead to the leakage of secret information. Physical security is of vital importance when potential attackers can easily get in the vicinity of an electronic system. This is the case in, e.g., medical sensor devices, wearables and implants, which are typically constrained in energy budget, cost and form factor, and are therefore the perfect use case for the results of PROACT.
Fault injection attacks have caused implementations to behave unexpectedly, resulting in a spectacular bypass of security features and even the extraction of cryptographic keys. Clearly, developers want to ensure the robustness of the software against faults and eliminate production weaknesses that could lead to exploitation. Several fault simulators have been released that promise cost-effective evaluations against fault attacks. In this paper, we set out to discover how suitable such tools are, for a developer who wishes to create robust software against fault attacks. We found four open-source fault simulators that employ different techniques to navigate faults, which we objectively compare and discuss their benefits and drawbacks. Unfortunately, none of the four open-source fault simulators employ artificial intelligence (AI) techniques. However, AI was successfully applied to improve the fault simulation of cryptographic algorithms, though none of these tools is open source. We suggest improvements to open-source fault simulators inspired by the AI techniques used by cryptographic fault simulators.
The security ensured by cryptographic protocols, in use today, would no longer be enough to thwart the malicious intentions of adversaries due to the advancement of quantum computers. Quantum algorithms like Shor’s algorithm [1] and Grover’s algorithm [2] have already been implemented, albeit on a much smaller scale system, to demonstrate their effects on currently used cryptographic standards. This has led to the development of post-quantum cryptographic schemes which can be categorised into one of lattice-based, code-based, hash-based, multivariate, or supersingular elliptic curve isogeny. Apart from classical adversaries, these cryptographic schemes needs to be robust against quantum adversaries. Hence, various standardization bodies (NIST [3], ETSI [4], etc.) have initiated research towards the development, implementation and deployment of post-quantum cryptographic standards. However, each of the standards considered individually has only a discrete set of criteria that do not help evaluate the post-quantum cryptographic algorithm from all perspectives. This motivated us to design an exhaustive, comprehensive and complete framework for quantum-attack resistance evaluation of a cryptographic algorithms. In this paper, we provide an ameliorated framework for standardizing post-quantum cryptographic algorithms comprised of an exhaustive, comprehensive, and complete set of criteria. These criteria have been complied with from the available standardization work. The framework is exhaustive because it comprises criteria corresponding to all the security notions. It is comprehensive because the framework includes criteria pertaining to both theoretical and implementation aspects. Since the framework put forth the criteria required for evaluating symmetric and asymmetric algorithms, it is considered to be complete. This ameliorated framework is the research contribution of this paper.
@ICIRCA 2020
Association rule mining is utilized to take care of various types of area issues. These days' affiliation rule mining has been stretched out to huge information. As a result of the gigantic measure of information, a solitary way the sequential procedure isn't adequate subsequently. The most basic piece of ARM is discovering a potential relationship between things in an enormous exchange based dataset. The well-known algorithms in particular apriori and FP Growth has been identified & implemented those algorithms using the WEKA (version 3.7.10) tool.