1 - 10 of 42
-
PublicationBreaking TrustZone memory isolation and secure boot through malicious hardware on a modern FPGA-SoC( 2022)FPGA-SoCs are heterogeneous embedded computing platforms consisting of reconfigurable hardware and high-performance processing units. This combination offers flexibility and good performance for the design of embedded systems. However, allowing the sharing of resources between an FPGA and an embedded CPU enables possible attacks from one system on the other. This work demonstrates that a malicious hardware block contained inside the reconfigurable logic can manipulate the memory and peripherals of the CPU. Previous works have already considered direct memory access attacks from malicious logic on platforms containing no memory isolation mechanism. In this work, such attacks are investigated on a modern platform which contains state-of-the-art memory and peripherals isolation mechanisms. We demonstrate two attacks capable of compromising a Trusted Execution Environment based on ARM TrustZone and show a new attack capable of bypassing the secure boot configuration set by a device owner via the manipulation of Battery-Backed RAM and eFuses from malicious logic.
-
PublicationMobile Contactless Fingerprint Recognition: Implementation, Performance and Usability Aspects( 2022)This work presents an automated contactless fingerprint recognition system for smart-phones. We provide a comprehensive description of the entire recognition pipeline and discuss important requirements for a fully automated capturing system. In addition, our implementation is made publicly available for research purposes. During a database acquisition, a total number of 1360 contactless and contact-based samples of 29 subjects are captured in two different environmental situations. Experiments on the acquired database show a comparable performance of our contactless scheme and the contact-based baseline scheme under constrained environmental influences. A comparative usability study on both capturing device types indicates that the majority of subjects prefer the contactless capturing method. Based on our experimental results, we analyze the impact of the current COVID-19 pandemic on fingerprint recognition systems. Finally, implementation aspects of contactless fingerp rint recognition are summarized.
-
PublicationA Systematic Review on Model Watermarking for Neural Networks( 2021)Machine learning (ML) models are applied in an increasing variety of domains. The availability of large amounts of data and computational resources encourages the development of ever more complex and valuable models. These models are considered the intellectual property of the legitimate parties who have trained them, which makes their protection against stealing, illegitimate redistribution, and unauthorized application an urgent need. Digital watermarking presents a strong mechanism for marking model ownership and, thereby, offers protection against those threats. This work presents a taxonomy identifying and analyzing different classes of watermarking schemes for ML models. It introduces a unified threat model to allow structured reasoning on and comparison of the effectiveness of watermarking methods in different scenarios. Furthermore, it systematizes desired security requirements and attacks against ML model watermarking. Based on that framework, representative literature from the field is surveyed to illustrate the taxonomy. Finally, shortcomings and general limitations of existing approaches are discussed, and an outlook on future research directions is given.
-
PublicationThe Stream Exchange Protocol: A Secure and Lightweight Tool for Decentralized Connection Establishment( 2021)With the growing availability and prevalence of internet-capable devices, the complexity of networks and associated connection management increases. Depending on the use case, different approaches in handling connectivity have emerged over the years, tackling diverse challenges in each distinct area. Exposing centralized web-services facilitates reachability; distributing information in a peer-to-peer fashion offers availability; and segregating virtual private sub-networks promotes confidentiality. A common challenge herein lies in connection establishment, particularly in discovering, and securely connecting to peers. However, unifying different aspects, including the usability, scalability, and security of this process in a single framework, remains a challenge. In this paper, we present the Stream Exchange Protocol (SEP) collection, which provides a set of building blocks for secure, lightweight, and decentralized connection establishment. These building blocks use unique identities that enable both the identification and authentication of single communication partners. By utilizing federated directories as decentralized databases, peers are able to reliably share authentic data, such as current network locations and available endpoints. Overall, this collection of building blocks is universally applicable, easy to use, and protected by state-of-the-art security mechanisms by design. We demonstrate the capabilities and versatility of the SEP collection by providing three tools that utilize our building blocks: a decentralized file sharing application, a point-to-point network tunnel using the SEP trust model, and an application that utilizes our decentralized discovery mechanism for authentic and asynchronous data distribution.
-
PublicationChosen Ciphertext k-Trace Attacks on Masked CCA2 Secure Kyber( 2021)
-
PublicationFinding the Needle in the Haystack: Metrics for Best Trace Selection in Unsupervised Side-Channel Attacks on Blinded RSA( 2021)For asymmetric ciphers, such as RSA and ECC, side-channel attacks on the underlying exponentiation are mitigated by countermeasures like constant-time implementation and blinding. This restricts an attacker to a single side-channel trace for an attack as a different representation of the private key is used for each exponentiation. In this work, we propose an unsupervised machine learning framework for side-channel attacks on asymmetric cryptography that analyzes leakage in multiple side-channel traces, identifying the best trace for key retrieval. We apply Principal Component Analysis (PCA) preprocessing followed by a classification step that assigns segments of traces to elementary operations of the Square and Multiply exponentiation of RSA. In order to estimate the attack complexity for each trace in terms of key enumeration effort, we introduce two new metrics: The Entropy-based Cost Function (EBCF) is used to select a trace for the attack as well as bits which have to be brute-forced if not all bits can be determined correctly from this single trace. To reduce brute-force complexity further, we introduce Illegal Sequence Detection (ISD) to remove brute-force candidates which do not fit to the Square-and-Multiply scheme. We first provide a proof of concept for 320-bit key length traces and, moving towards a more realistic scenario, retrieve the key from a 1024-bit RSA implementation protected by message and exponent blinding. We are able to select the trace with the least remaining brute-force complexity from 1000 power measurements of the signature generation with randomized inputs and blinding values on a 32-bit ARM Cortex-M4 microcontroller.
-
PublicationMachine learning of physical unclonable functions using helper data. Revealing a pitfall in the fuzzy commitment scheme( 2021)Physical Unclonable Functions (PUFs) are used in various key-generation schemes and protocols. Such schemes are deemed to be secure even for PUFs with challenge-response behavior, as long as no responses and no reliability information about the PUF are exposed. This work, however, reveals a pitfall in these constructions: When using state-of-the-art helper data algorithms to correct noisy PUF responses, an attacker can exploit the publicly accessible helper data and challenges. We show that with this public information and the knowledge of the underlying error correcting code, an attacker can break the security of the system: The redundancy in the error correcting code reveals machine learnable features and labels. Learning these features and labels results in a predictive model for the dependencies between different challenge-response pairs (CRPs) without direct access to the actual PUF response. We provide results based on simulated data of a k-SUM PUF model and an Ar biter PUF model. We also demonstrate the attack for a k-SUM PUF model generated from real data and discuss the impact on more recent PUF constructions such as the Multiplexer PUF and the Interpose PUF. The analysis reveals that especially the frequently used repetition code is vulnerable: For a SUM-PUF in combination with a repetition code, e.g., already the observation of 800 challenges and helper data bits suffices to reduce the entropy of the key down to one bit. The analysis also shows that even other linear block codes like the BCH, the Reed-Muller, or the Single Parity Check code are affected by the problem. The code-dependent insights we gain from the analysis allow us to suggest mitigation strategies for the identified attack. While the shown vulnerability advances Machine Learning (ML) towards realistic attacks on key-storage systems with PUFs, our analysis also facilitates a better understanding and evaluation of existing approaches and protocols with PUFs.
-
PublicationSecurity and trust in open source security tokens( 2021)Using passwords for authentication has been proven vulnerable in countless security incidents. Hardware security tokens effectively prevent most password-related security issues and improve security indisputably. However, we would like to highlight that there are new threats from attackers with physical access which need to be discussed. Supply chain adversaries may manipulate devices on a large scale and install backdoors before they even reach end users. In evil maid scenarios, specific devices may even be attacked while already in use. Hence, we thoroughly investigate the security and trustworthiness of seven commercially available open source security tokens, including devices from the two market leaders: SoloKeys and Nitrokey. Unfortunately, we identify and practically verify significant vulnerabilities in all seven examined tokens. Some of them are based on severe, previously undiscovered, vulnerabilities of two major microcontrollers which are used at a large scale in various products. Our findings clearly emphasize the significant threat from supply chain and evil maid scenarios since the attacks are practical and only require moderate attacker efforts. Fortunately, we are able to describe software-based countermeasures as effective improvements to retrofit the examined devices. To improve the security and trustworthiness of future security tokens, we also derive important general design recommendations.
-
PublicationBeyond Cache Attacks: Exploiting the Bus-based Communication Structure for Powerful On-Chip Microarchitectural Attacks( 2021)System-on-Chips (SoCs) are a key enabling technology for the Internet-of-Things (IoT), a hyper-connected world where on- and inter-chip communication is ubiquitous. SoCs usually integrate cryptographic hardware cores for confidentiality and authentication services. However, these components are prone to implementation attacks. During the operation of a cryptographic core, the secret key may passively be inferred through cache observations. Access-driven attacks exploiting these observations are therefore a vital threat to SoCs operating in IoT environments. Previous works have shown the feasibility of these attacks in the SoC context. Yet, the SoC communication structure can be used to further improve access-based cache attacks. The communication attacks are not as well-understood as other micro-architectural attacks. It is important to raise the awareness of SoC designers of such a threat. To this end, we present four contributions. First, we demonstrate an improved Prime+Probe attack on four different AES-128 implementations (original transformation tables, T0-Only, T2KB, and S-Box). As a novelty, this attack exploits the collisions of the bus-based SoC communication to further increase its efficiency. Second, we explore the impact of preloading on the efficiency of our communication-optimized attack. Third, we integrate three countermeasures (shuffling, mini-tables, and Time-Division Multiple Access (TDMA) bus arbitration) and evaluate their impact on the attack. Although shuffling and mini-tables countermeasures were proposed in previous work, their application as countermeasures against the bus-based attack was not studied before. In addition, TDMA as a countermeasure for bus-based attacks is an original contribution of this work. Fourth, we further discuss the implications of our work in the SoC design and its perspective with the new cryptographic primitives proposed in the ongoing National Institute of Standard and Technology Lightweight Cryptography competition. The results show that our improved communication-optimized attack is efficient, speeding up full key recovery by up to 400 times when compared to the traditional Prime+Probe technique. Moreover, the protection techniques are feasible and effectively mitigate the proposed improved attack.
-
PublicationDOMREP-An Orthogonal Countermeasure for Arbitrary Order Side-Channel and Fault Attack Protection( 2021)Protection against physical attacks is a major requirement for cryptographic implementations on devices which can be accessed by attackers. Side-channel and fault injection attacks are the most common types of physical attacks. In this work we present a novel generic solution for simultaneous protection against side-channel and fault attacks with arbitrary order. We combine domain oriented masking and repetition codes in an orthogonal way and call this approach DOMREP. The resistance against side-channel attacks and fault attacks can be scaled independently of each other, for the protection against higher-order side-channel analysis and the injection of multiple faults including SIFA. We develop the generic concept of orthogonal protection, and implement the DOMREP concept on GIMLI, a round two NIST LWC competition candidate, on a Xilinx Artix-7 FPGA. Our implementation of GIMLI is verified to be resistant against univariate first-order side-channel attacks by TVLA. The resistance against SIFA is verified by means of fault emulation of single as well as multiple bit faults. Our implementation of GIMLI achieves the expected security level according to these measurements. We also provide numbers for the area overhead for our protected implementation of GIMLI.
- 1 (current)
- 2
- 3
- 4
- 5