Explore the vast range of titles available.

Cache attacks are widespread on microprocessors and multi-processor system-on-chips but have not yet spread to heterogeneous systems-on-chip such as SoC-FPGA that are found in increasing numbers of applications on servers or in the cloud. This type of SoC has two parts: a processing system that includes hard components and ARM processor cores and a programmable logic part that includes logic gates to be used to implement custom designs. The two parts communicate via memory-mapped interfaces. One of these interfaces is the accelerator coherency port that provides optional cache coherency between the two parts. In this paper, we discuss the practicability and potential threat of inside-SoC cache attacks using the cache coherency mechanism of a complex heterogeneous SoC-FPGA. We provide proof of two cache timing attacks Flush+Reload and Evict+Time when SoC-FPGA is targeted, and proof of hidden communication using a cache-based covert channel. The heterogeneous SoC-FPGA Xilinx Zynq-7010 is used as an experimental target.

Encrypting the mapping relationship between physical and cache addresses has been a promising technique to prevent conflict-based cache side-channel attacks. However, this method is not foolproof and the attackers can still build a side-channel despite the increased difficulty of finding the minimal eviction set. To address this issue, we propose a new protection method that integrates both address encryption and timing noise extension mechanisms. By adding the timing noise extension mechanism to the address encryption method, we can randomly generate cache misses that prevent the attackers from pruning the eviction set. Our analysis shows that the timing noise extension mechanism can cause the attackers to fail in obtaining accurate timing information for accessing memory. Furthermore, our proposal reduces the timing noise generating rate, minimizing performance overhead. Our experiments on SPEC CPU 2017 show that the integrated mechanism only resulted in a tiny performance overhead of 2.9%.

Security loopholes exploiting the flaws of practical apparatus, especially non-ideal photon detectors, are pressing issues in practical quantum communication. We propose a simple quantum secure direct communication protocol based on single-photon Bell-state measurement and remove side-channel attacks on photon detectors. This quantum communication protocol in principle works in a deterministic way, and it does not require the two-photon interference of photons from independent sources. The single-photon Bell-state measurement with a unity efficiency can be constructed with only linear optics, which significantly simplifies its experimental implementation. Furthermore, we prove that our quantum secure direct communication protocol is immune to general detector-side-channel attacks.

SAEAES is the authenticated encryption algorithm instantiated by combining the SAEB mode of operation with AES, and a candidate of the NIST’s lightweight cryptography competition. Using AES gives the advantage of backward compatibility with the existing accelerators and coprocessors that the industry has invested in so far. Still, the newer lightweight block cipher (e.g., GIFT) outperforms AES in compact implementation, especially with the side-channel attack countermeasure such as threshold implementation. This paper aims to implement the first threshold implementation of SAEAES and evaluate the cost we are trading with the backward compatibility. We design a new circuit architecture using the column-oriented serialization based on the recent 3-share and uniform threshold implementation (TI) of the AES S-box based on the generalized changing of the guards. Our design uses 18,288 GE with AES’s occupation reaching 97% of the total area. Meanwhile, the circuit area is roughly three times the conventional SAEB-GIFT implementation (6229 GE) because of a large memory size needed for the AES’s non-linear key schedule and the extended states for satisfying uniformity in TI.

McEliece cryptosystem (MECS) is one of the oldest public key cryptosystems, and the oldest PKC that is conjectured to be post-quantum secure. In this paper we survey the current state of the implementation issues and security of MECS, and its variants. In the first part we focus on general decoding problem, structural attacks, and the selection of parameters in general. We summarize the details of MECS based on irreducible binary Goppa codes, and review some of the implementation challenges for this system. Furthermore, we survey various proposals that use alternative codes for MECS, and point out some attacks on modified systems. Finally, we review notable existing implementations on low-resource platforms, and conclude with the topic of side channels in the implementations of MECS

Side-channel analysis has become a widely recognized threat to the security of cryptographic implementations. Different side-channel attacks, as well as countermeasures, have been proposed in the literature. Such attacks pose a severe threat to both hardware and software cryptographic implementations, especially in the IoT environment where the attacker may easily gain physical access to a device, leaving it vulnerable to tampering. In this paper, we provide a comprehensive survey regarding the non-invasive passive side-channel analysis. We describe both non-profiled and profiled attacks, related security metrics, countermeasures against such attacks, and leakage-assessment methodologies, as available in the literature of more than twenty years of research.

The invention of smart low-power devices and ubiquitous Internet connectivity have facilitated the shift of many labour-intensive jobs into the digital domain. The shortage of skilled workforce and the growing food demand have led the agriculture sector to adapt to the digital transformation. Smart sensors and systems are used to monitor crops, plants, the environment, water, soil moisture, and diseases. The transformation to digital agriculture would improve the quality and quantity of food for the ever-increasing human population. This paper discusses the security threats and vulnerabilities to digital agriculture, which are overlooked in other published articles. It also provides a comprehensive review of the side-channel attacks (SCA) specific to digital agriculture, which have not been explored previously. The paper also discusses the open research challenges and future directions.

This paper explores the security vulnerability of Personal Identification Number (PIN) or numeric passwords. Entry Device (PEDs) that use small strings of data (PINs, keys or passwords) as means of verifying the legitimacy of a user. Today, PEDs are commonly used by personnel in different industrial and consumer electronic applications, such as entry at security checkpoints, ATMs and customer kiosks, etc. In this paper, we propose a side-channel attack on a 4–6 digit random PIN key, and a PIN key user verification method. The intervals between two keystrokes are extracted from the acoustic emanation and used as features to train machine-learning models. The attack model has a 60% chance to recover the PIN key. The verification model has an 88% accuracy on identifying the user. Our attack methods can perform key recovery by using the acoustic side-channel at low cost. As a countermeasure, our verification method can improve the security of PIN entry devices.

Over the last decades, the Cache Side Channel Attack (CSCA) seriously threatens the security of user information, which repeatedly highlights the security of cache. Even though the secure cache design can mitigate or defend against this attack, the high design period and tap-out cost reduce the development of the specific designs. Therefore, many researchers focus on proposing a secure cache model to analyse the CSCA and simplify the secure design. Nowadays, the cache model can be divided into 1) Indicator analysis model; 2) Cache verify model; 3) Cache abstract model. However, most of these models focus on the establishment phase of CSCA, regardless of the usage phase of CSCA. On the other hand, the granularity of the cache model is either the entire cache or a single cache line, which can’t describe the cache behaviour in CSCA clearly. To overcome these limitations, we proposed a novel cache model based on state transition and gave a formal specification of CSCA by this model in this work. Firstly, we summarize 11 basic states of the cache set and point to the target state in the process of CSCA. Then we describe the CSCA from three aspects: pre-attack cost, state transition cost, and detection accuracy, which gives a more comprehensive analysis of CSCA.

Covert channels enable hidden communication that poses significant security risks, particularly when smartphones are used as transmitters. This paper presents the first end-to-end implementation and evaluation of an electromagnetic (EM) covert channel on modern Samsung Galaxy S21, S22, and S23 smartphones (Samsung Electronics Co., Ltd., Suwon, Republic of Korea). We first demonstrate that a previously proposed method relying on zero-volume playback is no longer effective on these devices. Through a detailed analysis of EM emissions in the 0.1–2.5 MHz range, we discovered that consistent, volume-independent signals can be generated by exploiting the hardware’s recovery delay after silent audio playback. Based on these findings, we developed a complete system comprising a stealthy Android application for transmission, a time-based modulation scheme, and a demodulation technique designed around the characteristics of the generated signals to ensure reliable reception. The channel’s reliability and robustness were validated through evaluations of modulation time, probe distance, and message length. Experimental results show that the maximum error-free bit rate (bits per second, bps) reached 0.558 bps on Galaxy S21 and 0.772 bps on Galaxy S22 and Galaxy S23. Reliable communication was feasible up to 0.5 cm with a near-field probe, and a low alignment-aware bit error rate (BER) was maintained even for 100-byte messages. This work establishes a practical threat, and we conclude by proposing countermeasures to mitigate this vulnerability.