发布求助
文献互助 智能选刊 最新文献

2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)最新文献

筛选
英文 中文
Malicious CAN-message attack against advanced driving assistant system 针对高级驾驶辅助系统的恶意can报文攻击
2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) Pub Date : 2017-05-01 DOI: 10.1109/HST.2017.7951822
M. Shiozaki, Takaya Kubota, Masashi Nakano, Yuuki Nakazawa, T. Fujino
{"title":"Malicious CAN-message attack against advanced driving assistant system","authors":"M. Shiozaki, Takaya Kubota, Masashi Nakano, Yuuki Nakazawa, T. Fujino","doi":"10.1109/HST.2017.7951822","DOIUrl":"https://doi.org/10.1109/HST.2017.7951822","url":null,"abstract":"Along with the progress of connected vehicles, cyber-attacks exploiting the vulnerability of vehicle network have been reported in research papers. Against threat of such attacks, there have been proposed various countermeasures such as disturbing the malicious message by utilizing the transmission period, or invalidating the received message by checking the Message Authentication Code (MAC). In addition, the security of sensor of vehicle is also attracted with the rapid development of autonomous vehicle technique. In this paper, we studied the vulnerability of Advanced Driving Assistance System (ADAS) widely mounted on recent vehicles. In our experiments, the emergency brake system is activated easier than the normal brake system (parking brake, brake pedal) by sending the fake ADAS-ECU message from the ODB-II port. The previously proposed countermeasures utilizing the message transmission period is difficult to apply in the emergency, since the control-message-interval deviates from the normal transmission cycle. Moreover, the ADAS system is invalidated by deceiving other ECUs and range-finding sensors. We focus on checksum included in the current data field separately from CRC field of CAN message and suggest the MAC scheme without a greatly changing the existing vehicle infrastructure. The robustness on the emergency, the amount of payload increased, and the possibility of spoofing attack is investigated.","PeriodicalId":190635,"journal":{"name":"2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"221 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"116012593","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 1
Cache timing attacks on recent microarchitectures 最新微体系结构中的缓存定时攻击
2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) Pub Date : 2017-05-01 DOI: 10.1109/HST.2017.7951819
A. Andreou, A. Bogdanov, Elmar Tischhauser
{"title":"Cache timing attacks on recent microarchitectures","authors":"A. Andreou, A. Bogdanov, Elmar Tischhauser","doi":"10.1109/HST.2017.7951819","DOIUrl":"https://doi.org/10.1109/HST.2017.7951819","url":null,"abstract":"Cache timing attacks have been known for a long time, however since the rise of cloud computing and shared hardware resources, such attacks found new potentially devastating applications. One prominent example is S$A (presented by Irazoqui et al at S&P 2015) which is a cache timing attack against AES or similar algorithms in virtualized environments. This paper applies variants of this cache timing attack to Intel's latest generation of microprocessors. It enables a spy-process to recover cryptographic keys, interacting with the victim processes only over TCP. The threat model is a logically separated but CPU co-located attacker with root privileges. We report successful and practically verified applications of this attack against a wide range of microarchitectures, from a two-core Nehalem processor (i5-650) to two-core Haswell (i7-4600M) and four-core Skylake processors (i7-6700). The attack results in full key recovery. Compared to earlier processor generations, the attacks are more involved, but still of practical complexity, requiring between 219 and 221 encryptions. For the last two processors, the cache slice selection algorithm (CSSA) was not known before and had to be reverse engineered as part of this work. This is the first time CSSAs for the Skylake architecture are reported. Our attacks demonstrate that cryptographic applications in cloud computing environments using key-dependent tables for acceleration are still vulnerable even on recent architectures, including Skylake. Our reverse engineering of the CSSAs of these processors will also be beneficial for developers in many other contexts, for instance for implementing page colouring in modern operating systems.","PeriodicalId":190635,"journal":{"name":"2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"7 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"124029292","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Improving reliability of weak PUFs via circuit techniques to enhance mismatch 利用电路技术提高弱puf的可靠性,增强失配
2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) Pub Date : 2017-05-01 DOI: 10.1109/HST.2017.7951814
Vinay C. Patil, Arunkumar Vijayakumar, Daniel E. Holcomb, S. Kundu
{"title":"Improving reliability of weak PUFs via circuit techniques to enhance mismatch","authors":"Vinay C. Patil, Arunkumar Vijayakumar, Daniel E. Holcomb, S. Kundu","doi":"10.1109/HST.2017.7951814","DOIUrl":"https://doi.org/10.1109/HST.2017.7951814","url":null,"abstract":"In recent years, SRAM-based and other Weak PUFs have found applications in tamper sensitive key storage and ID generation. SRAM-based PUFs, for example, rely on intrinsic process variations to enable repeatable and unique start-up behavior of their outputs. However, noise in the system can compromise repeatability of SRAM start-up behavior. To obviate this problem, a number of solutions such as fuzzy extraction and error correcting codes have been proposed to generate a stable key from PUF cells. However, these methods require a large number of initial PUF bits. In this work, we discuss circuit techniques that create new Weak PUFs by modifying the cross-coupled elements of a traditional storage cell to amplify the impact of process variations and create a higher degree of mismatch. With increased mismatch, the intrinsic error rates of the new PUF cells decrease, thereby reducing the number of PUF cells and amount of auxiliary circuitry needed for fuzzy extraction or ECC. Our results show that the new designs give 4x to 9x reduction in error rates compared to a standard cross-coupled inverter design. We also highlight the area savings that can be achieved in hardware implementations of ECC systems due to improving the inherent reliability of the PUF cells.","PeriodicalId":190635,"journal":{"name":"2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"28 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"128762795","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 11
Detection of counterfeit ICs using public identification sequences 使用公共识别序列检测伪造ic
2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) Pub Date : 2017-05-01 DOI: 10.1109/HST.2017.7951827
P. Samarin, Kerstin Lemke-Rust
{"title":"Detection of counterfeit ICs using public identification sequences","authors":"P. Samarin, Kerstin Lemke-Rust","doi":"10.1109/HST.2017.7951827","DOIUrl":"https://doi.org/10.1109/HST.2017.7951827","url":null,"abstract":"We present a new method for protecting chips against counterfeits that makes the IC identification more accessible to the end user. Our method requires the original chip manufacturer to frequently publish identification sequences for each IC. These sequences are excerpts from the output of a stream cipher that is embedded in the protected chip and parameterized by a secret unique key. The key initialization is done by a trusted party after manufacturing. For IC verification, the end user measures the side channel leakage of the chip under test. The chip is assessed to be genuine if the end user finds a significant correlation between the observed side channel leakage and several previously published identification sequences.","PeriodicalId":190635,"journal":{"name":"2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"23 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"125932827","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 3
Characterising a CPU fault attack model via run-time data analysis 通过运行时数据分析表征CPU故障攻击模型
2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) Pub Date : 2017-05-01 DOI: 10.1109/HST.2017.7951802
Martin S. Kelly, K. Mayes, John Walker
{"title":"Characterising a CPU fault attack model via run-time data analysis","authors":"Martin S. Kelly, K. Mayes, John Walker","doi":"10.1109/HST.2017.7951802","DOIUrl":"https://doi.org/10.1109/HST.2017.7951802","url":null,"abstract":"Effective software defences against errors created by fault attacks need to anticipate the probable error response of the target micro-controller. The range of errors and their probability of occurrence is referred to as the Fault Model. Software defences are necessarily a compromise between the impact of an error, its likelihood of occurrence, and the cost of the defence in terms of code size and execution time. In this work we first create a fault insertion system and then use it to demonstrate a technique for precisely triggering and capturing individual error responses within a running micro-controller. This enables a more realistic calibration of a micro-controller's fault model. We apply the system to a representative micro-controller and the results show that error insertion is far more predictable than anticipated, and is consistent over a wide range of experimental tolerances. This observation undermines some widely deployed software defences recommended for fault attack protection.","PeriodicalId":190635,"journal":{"name":"2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"57 4","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"120904123","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 10
Exploring timing side-channel attacks on path-ORAMs 探索对路径oram的定时边信道攻击
2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) Pub Date : 2017-05-01 DOI: 10.1109/HST.2017.7951800
Chongxi Bao, Ankur Srivastava
{"title":"Exploring timing side-channel attacks on path-ORAMs","authors":"Chongxi Bao, Ankur Srivastava","doi":"10.1109/HST.2017.7951800","DOIUrl":"https://doi.org/10.1109/HST.2017.7951800","url":null,"abstract":"In recent research, it has been demonstrated that the pattern (or sequence) of memory access made to the server or external storage can leak very sensitive information even if the underlying data is encrypted. To mitigate this leakage, oblivious RAM (ORAM) has been proposed to provide provable security by hiding the access patterns. Ever since its introduction, substantial effort has been made to make ORAM more efficient. Different efficient ORAM protocols satisfy the original ORAM specification but vary in implementation details. While these ORAM protocols have been proved to be secure against an attacker who can observe the processor's output pins, the leakage from inside timing side-channels is still possible. In this paper, we identify three common leakage points in many efficient Path-ORAM implementations and design various timing side-channel attacks on them. Both FPGA-based and simulator-based experimental results show that significant amount of information can be leaked through inside timing side-channels. We also discuss several countermeasures to mitigate the proposed attacks. We hope that the analysis in this paper would motivate a new line of research to make ORAMs more secure to such attacks.","PeriodicalId":190635,"journal":{"name":"2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"129618091","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 8
New clone-detection approach for RFID-based supply chains 基于rfid的供应链克隆检测新方法
2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) Pub Date : 2017-05-01 DOI: 10.1109/HST.2017.7951810
Hoda Maleki, Reza Rahaeimehr, Chenglu Jin, Marten van Dijk
{"title":"New clone-detection approach for RFID-based supply chains","authors":"Hoda Maleki, Reza Rahaeimehr, Chenglu Jin, Marten van Dijk","doi":"10.1109/HST.2017.7951810","DOIUrl":"https://doi.org/10.1109/HST.2017.7951810","url":null,"abstract":"Radio-Frequency Identification (RFID) tags have been widely used as a low-cost wireless method for detection of counterfeit product injection in supply chains. In order to adequately perform authentication, current RFID monitoring schemes need to either have a persistent online connection between supply chain partners and the back-end database or have a local database on each partner site. A persistent online connection is not guaranteed and local databases on each partner site impose extra cost and security issues. We solve this problem by introducing a new scheme in which a small Non-Volatile Memory (NVM) embedded in RFID tag is used to function as a tiny “encoded local database”. In addition our scheme resists “tag tracing” so that each partner's operation remains private. Our scheme can be implemented in less than 1200 gates satisfying current RFID technology requirements.","PeriodicalId":190635,"journal":{"name":"2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"58 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114399461","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 4
Breaking active-set backward-edge CFI 打破active-set后边缘CFI
2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) Pub Date : 2017-05-01 DOI: 10.1109/HST.2017.7951803
M. Theodorides, D. Wagner
{"title":"Breaking active-set backward-edge CFI","authors":"M. Theodorides, D. Wagner","doi":"10.1109/HST.2017.7951803","DOIUrl":"https://doi.org/10.1109/HST.2017.7951803","url":null,"abstract":"Hardware-Assisted Flow Integrity extension (HAFIX) was proposed as a defense against code-reuse attacks that exploit backward edges (returns). HAFIX provides finegrained protection by confining return addresses to only target call sites in functions active on the call stack. We study whether the backward-edge policy in HAFIX is sufficient to prevent code-reuse exploits on real-world programs. In this paper, we present three general attacks that exploit weaknesses in HAFIX and demonstrate these attacks are effective in case studies examining Nginx web server, Exim mail server, and PHP. We then propose improvements to HAFIX we believe will improve its effectiveness against code-reuse attacks.","PeriodicalId":190635,"journal":{"name":"2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"114948055","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 14
Take a moment and have some t: Hypothesis testing on raw PUF data 花点时间对原始PUF数据进行一些t:假设检验
2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) Pub Date : 2017-05-01 DOI: 10.1109/HST.2017.7951811
Vincent Immler, Matthias Hiller, J. Obermaier, G. Sigl
{"title":"Take a moment and have some t: Hypothesis testing on raw PUF data","authors":"Vincent Immler, Matthias Hiller, J. Obermaier, G. Sigl","doi":"10.1109/HST.2017.7951811","DOIUrl":"https://doi.org/10.1109/HST.2017.7951811","url":null,"abstract":"Systems based on PUFs derive secrets from physical variation and it is difficult to measure the security level of the obtained PUF response bits in practice. We evaluate raw PUF data to assess the quality of the physical source to detect undesired imperfections in the circuit to provide feedback for the PUF designer and improve the achieved security level. Complementing previous work on correlations across a PUF structure, we apply Welch's i-test to quantify the indistinguishability between distributions of different PUF responses, i.e., the values from on-chip locations measured across multiple devices. The threshold levels of the i-test depend on the number of evaluated PUF cells and the desired confidence of the hypothesis test. These i-values are computed from the statistical moments, such as mean and variance, of the tested distributions and indicate if they were not drawn from the same source. We identify that the quantization of the raw PUF data evaluates different statistical moments. Therefore, it is important to evaluate the indistinguishability of the raw PUF data concerning the critical moment which is used by the quantizer. To demonstrate the benefits of the presented evaluation method, we apply this test to public, real-world RO PUF data. As result, the designer is given specific information to optimize later processing steps or the underlying PUF structure. Complementing tests of the NIST 800-90b test suite further substantiate the chosen approach.","PeriodicalId":190635,"journal":{"name":"2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"25 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"134206555","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 12
Improving FPGA based SHA-3 structures 改进基于FPGA的SHA-3结构
2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST) Pub Date : 2017-05-01 DOI: 10.1109/HST.2017.7951823
Magnus Sundal, R. Chaves
{"title":"Improving FPGA based SHA-3 structures","authors":"Magnus Sundal, R. Chaves","doi":"10.1109/HST.2017.7951823","DOIUrl":"https://doi.org/10.1109/HST.2017.7951823","url":null,"abstract":"This work is focused on FPGA based implementations of the SHA-3 hash functions. The existing literature classifies the existing implementations according to the adopted structural optimization techniques, namely: folding, pipelining and unrolling. Several structures have been proposed in the state-of-the-art, which vary mainly in the level of folding and the number of pipeline stages. While unfolded structures allow obtaining higher throughputs, folded structures require less area resources at a cost of lower throughputs. It should be noted that due to the dependencies within the round caused by the step-mappings, the complexity increases as the folding technique is adopted. As suggested by the literature, the best results are achieved when using a slice-wise approach, rather than a lane-wise folding. With this approach, the resulting structure is able to process 16 slices on each iteration. However, special care must be taken regarding data dependencies in the θ and ρ step-mappings, in order to provide the necessary input values for the computation of the slices on each iteration. The ρ step-mapping dependencies were solved by re-scheduling the round computation as Rresc = θ ο ι ο χ ο π ο ρ. With this, it is possible to split the round computation into two parts, one computing θ and the other computing π,χ, and ι, with the ρ step-mapping embedded into the state memory. This approach, considering a tradeoff between performance and throughout, allows to mitigate the data dependency, thus allowing to improve the Throughput per Area efficiency regarding the existing state-of-the-art by up to 50%.","PeriodicalId":190635,"journal":{"name":"2017 IEEE International Symposium on Hardware Oriented Security and Trust (HOST)","volume":"9 1","pages":"0"},"PeriodicalIF":0.0,"publicationDate":"2017-05-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"132961074","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":0,"RegionCategory":"","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
引用次数: 0
首页 上一页 下一页 尾页
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
请完成安全验证×
相关产品
×
本文献相关产品
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:604180095
Book学术官方微信