Viable cryptosystem designs must address power analysis attacks, and masking is a commonly proposed technique for defending against these side-channel attacks It is possible to overcome simple masking by using higher-order techniques, but apparently only at some cost in terms of generality, number of required samples from the device being attacked, and computational complexity We make progress towards ascertaining the significance of these costs by exploring a couple of attacks that attempt to efficiently employ second-order techniques to overcome masking In particular, we consider two variants of second-order differential power analysis: Zero-Offset 2DPA and FFT 2DPA

Towards efficient second-order power analysis

Data deduplication has attracted many cloud service providers (CSPs) as a way to reduce storage costs. Even though the general deduplication approach has been increasingly accepted, it comes with many security and privacy problems due to the outsourced data delivery models of cloud storage. To deal with specific security and privacy issues, secure deduplication techniques have been proposed for cloud data, leading to a diverse range of solutions and trade-offs. Hence, in this article, we discuss ongoing research on secure deduplication for cloud data in consideration of the attack scenarios exploited most widely in cloud storage. On the basis of classification of deduplication system, we explore security risks and attack scenarios from both inside and outside adversaries. We then describe state-of-the-art secure deduplication techniques for each approach that deal with different security issues under specific or combined threat models, which include both cryptographic and protocol solutions. We discuss and compare each scheme in terms of security and efficiency specific to different security goals. Finally, we identify and discuss unresolved issues and further research challenges for secure deduplication in cloud storage.

A Survey of Secure Data Deduplication Schemes for Cloud Storage Systems

Recent research has demonstrated that there is no sharp distinction between passive attacks based on side-channel leakage and active attacks based on fault injection. Fault behavior can be processed as side-channel information, offering all the benefits of Differential Power Analysis including noise averaging and hypothesis testing by correlation. This paper introduces Differential Fault Intensity Analysis, which combines the principles of Differential Power Analysis and fault injection. We observe that most faults are biased - such as single-bit, two-bit, or three-bit errors in a byte - and that this property can reveal the secret key through a hypothesis test. Unlike Differential Fault Analysis, we do not require precise analysis of the fault propagation. Unlike Fault Sensitivity Analysis, we do not require a fault sensitivity profile for the device under attack. We demonstrate our method on an FPGA implementation of AES with a fault injection model. We find that with an average of 7 fault injections, we can reconstruct a full 128-bit AES key.

Differential Fault Intensity Analysis

Privacy-preserving deduplication of encrypted data with dynamic ownership management in fog computing

Hardware security and trust have become a pressing issue during the last two decades due to the globalization of the semiconductor supply chain and ubiquitous network connection of computing devices. Computing hardware is now an attractive attack surface for launching powerful cross-layer security attacks, allowing attackers to infer secret information, hijack control flow, compromise system root-of-trust, steal intellectual property (IP), and fool machine learners. On the other hand, security practitioners have been making tremendous efforts in developing protection techniques and design tools to detect hardware vulnerabilities and fortify hardware design against various known hardware attacks. This article presents an overview of hardware security and trust from the perspectives of threats, countermeasures, and design tools. By introducing the most recent advances in hardware security research and developments, we aim to motivate hardware designers and electronic design automation tool developers to consider the new challenges and opportunities of incorporating an additional dimension of security into robust hardware design, testing, and verification.

/pdf/an-overview-of-hardware-security-and-trust-threats-23kzez8m8y.pdf

An Overview of Hardware Security and Trust: Threats, Countermeasures, and Design Tools

Cloud storage services possibly store only a single copy of redundant data to save disk space and provide links to that copy rather storing other actual copies of data. This is called deduplication. If deduplication is performed across different accounts at each client side, this is classified into cross-user source-based deduplication. However, cross-user source-based deduplication can server as a side-channel of breaching user's privacy. To protect user's privacy, Harnik et al. proposed a randomized solution for cross-user source-based deduplication, user's privacy is, however, still at risk with a high probability. In this paper, we propose a new cross-user source-based deduplication providing dramatically enhanced security.

Privacy-preserving cross-user source-based data deduplication in cloud storage

Recently, gray-box attacks on white-box cryptographic implementations have succeeded. These attacks are more efficient than white-box attacks because they can be performed without detailed knowledge of the target implementation. The success of the gray-box attack is reportedly due to the unbalanced encodings used to generate the white-box lookup table. In this paper, we propose a method to protect the gray-box attack against white-box implementations. The basic idea is to apply the masking technique before encoding intermediate values during the white-box lookup table generation. Because we do not require any random source in runtime, it is possible to perform efficient encryption and decryption using our method. The security and performance analysis shows that the proposed method can be a reliable and efficient countermeasure.

A Masked White-Box Cryptographic Implementation for Protecting Against Differential Computation Analysis

/pdf/a-masked-white-box-cryptographic-implementation-for-147nayommw.pdf

A Masked White-box Cryptographic Implementation for Protecting against Differential Computation Analysis.

Conventional cryptographic algorithms are not sufficient to protect secret keys and data in white-box environments, where an attacker has full visibility and control over an executing software code. For this reason, cryptographic algorithms have been redesigned to be resistant to white-box attacks. The first white-box AES (WB-AES) implementation was thought to provide reliable security in that all brute force attacks are infeasible even in white-box environments; however, this proved not to be the case. In particular, Billet and others presented a cryptanalysis of WB-AES with 230 time complexity, and Michiels and others generalized it for all substitution-linear transformation ciphers. Recently, a collision-based cryptanalysis was also reported. In this paper, we revisit Chow and others's first WB-AES implementation and present a conditional re-encoding method for cryptanalysis protection. The experimental results show that there is approximately a 57% increase in the memory requirement and a 20% increase in execution speed.

Conditional Re-encoding Method for Cryptanalysis-Resistant White-Box AES

Disclosed herein are a method of preventing fault-injection attacks on Chinese Remainder Theorem (CRT)-Rivest Shamir Adleman (RSA) cryptographic operations, and a recording medium for storing a program implementing the same First, the method receives first and second primes, that is, different primes, and a randomly selected prime, that is, a random prime, which are used for CRT-RSA cryptographic operations Thereafter, a cumulative value is calculated by performing an XOR (Exclusive OR) operation on the first prime, the second prime, and the random prime using a push function Thereafter, the first prime, the second prime, and the random prime are loaded by performing an XOR operation on the cumulative value using a pop function corresponding to the push function Finally, CRT-RSA operations are executed by computing modulo operations based on the first prime and the second prime

Method of preventing fault-injection attacks on Chinese Remainder Theorem-Rivest Shamir Adleman cryptographic operations and recording medium for storing program implementing the same

Seungkwang Lee

Papers

Privacy-preserving cross-user source-based data deduplication in cloud storage

A Masked White-Box Cryptographic Implementation for Protecting Against Differential Computation Analysis

A Masked White-box Cryptographic Implementation for Protecting against Differential Computation Analysis.

Conditional Re-encoding Method for Cryptanalysis-Resistant White-Box AES

Method of preventing fault-injection attacks on Chinese Remainder Theorem-Rivest Shamir Adleman cryptographic operations and recording medium for storing program implementing the same