SaTC: STARSS: Small: Combined Side-channel Attacks and Mathematical Foundations of Combined Countermeasures

SaTC：STARSS：小：组合侧信道攻击和组合对策的数学基础

• 批准号: 1929774
• 负责人: Selcuk Kose
• 金额: $ 20.92万
• 依托单位: University of Rochester
• 依托单位国家: 美国
• 项目类别: Standard Grant
• 财政年份: 2019
• 资助国家: 美国
• 起止时间: 2019-01-01 至 2021-09-30
• 项目状态: 已结题
• 来源: https://www.nsf.gov/awardsearch/showAward?AWD_ID=1929774&HistoricalAwards=false
• 关键词: SaTC; STARSS; Small; Combined; Side

Digital information has become an integral part of our daily lives and there is a growing concern about the security of information. The amount of information that should be kept secure is increasing with the proliferation of high-tech electronics such as smart-phones, tablets, and wearable devices. Accordingly, the number of attacks from malicious parties to obtain the secret information that is stored in a secure (i.e., encrypted) device increases. Side-channel attacks are widely used to extract information from an integrated circuit (IC) or a smart card by observing different leakage sources such as power consumption, timing information, temperature, electromagnetic (EM) emanations, and acoustic waves while loading/executing/storing information. Due to the low cost and potentially non-invasive nature, side-channel attacks pose a serious threat to the security of personal, commercial, and military information. By providing design guidelines against side-channel attacks, our project benefits companies, governments, and individuals in securing the digital information.This project investigates the power and feasibility of combined side-channel attacks including both physical side-channel attacks (i.e., power, timing, and electromagnetic) and fault injection attacks. Since each attack vector leverages a different leakage mechanism, the countermeasures against different attack vectors may differ significantly. Accordingly, mathematical foundations of combined countermeasures against multiple attack vectors are developed. In this project, the existing resources are utilized as a countermeasure against combined attacks together with dedicated countermeasures to minimize the energy and performance overheads of security. This project provides several opportunities to underrepresented groups and undergraduate students to engage in hardware security research.

数字信息已成为我们日常生活中不可或缺的一部分，并且对信息的安全越来越关注。随着高科技电子产品（例如智能手机，平板电脑和可穿戴设备）的扩散，应保持安全的信息量正在增加。因此，恶意当事方的攻击数量以获取存储在安全（即加密）设备中的秘密信息增加。侧通道攻击通过观察不同的泄漏源，例如功耗，定时信息，温度，电磁（EM）发射和声波，在加载/执行/存储信息时，通过观察不同的泄漏来源（例如功耗，定时信息，温度，电磁（EM）发射）来从集成电路（IC）或智能卡中提取信息。由于成本较低和潜在的非侵入性，侧渠攻击对个人，商业和军事信息的安全构成了严重威胁。通过针对侧道攻击提供设计指南，我们的项目使公司，政府和个人在确保数字信息方面有利。本项目调查了联合侧渠道攻击的权力和可行性，包括物理侧向通道攻击（即功率，时间，时机和电气电磁）和故障入射攻击。由于每个攻击矢量利用了不同的泄漏机制，因此针对不同攻击媒介的对策可能会有很大差异。因此，开发了针对多个攻击向量的组合对策的数学基础。在该项目中，现有资源被用作对合并攻击的对策，以及专用的对策，以最大程度地减少安全性的能量和性能开销。该项目为代表性不足的小组和本科生提供了一些机会，可以从事硬件安全研究。

项目成果

A Secure Hardware-Assisted AMI Authentication Scheme for Smart Cities

• DOI: 10.1109/mce.2020.3040717
• 发表时间: 2021-07
• 期刊: IEEE Consumer Electronics Magazine
• 影响因子: 4.5
• 作者: Fathi H. Amsaad;Selçuk Köse

A New Class of Covert Channels Exploiting Power Management Vulnerabilities

利用电源管理漏洞的新型隐蔽通道

• DOI: 10.1109/lca.2018.2860006
• 发表时间: 2018
• 期刊: IEEE Computer Architecture Letters
• 影响因子: 2.3
• 作者: Khatamifard, S. Karen;Wang, Longfei;Kose, Selcuk;Karpuzcu, Ulya R.
• 通讯作者: Karpuzcu, Ulya R.