scholarly journals Cache Misses and the Recovery of the Full AES 256 Key

2019 ◽  
Vol 9 (5) ◽  
pp. 944 ◽  
Author(s):  
Samira Briongos ◽  
Pedro Malagón ◽  
Juan-Mariano de Goyeneche ◽  
Jose Moya
Keyword(s):  
Cloud Computing ◽  
Traditional Approach ◽  
Memory Access ◽  
Side Channel ◽  
Sensitive Information ◽  
Significant Information ◽  
Shared Cache ◽  
Novel Approach ◽  
Source Of Information ◽  
Cache Attacks

The CPU cache is a hardware element that leaks significant information about the software running on the CPU. Particularly, any application performing sequences of memory access that depend on sensitive information, such as private keys, is susceptible to suffer a cache attack, which would reveal this information. In most cases, side-channel cache attacks do not require any specific permission and just need access to a shared cache. This fact, combined with the spread of cloud computing, where the infrastructure is shared between different customers, has made these attacks quite popular. Traditionally, cache attacks against AES use the information about the victim to access an address. In contrast, we show that using non-access provides much more information and demonstrate that the power of cache attacks has been underestimated during these last years. This novel approach is applicable to existing attacks: Prime+Probe, Flush+Reload, Flush+Flush and Prime+Abort. In all cases, using cache misses as source of information, we could retrieve the 128-bit AES key with a reduction in the number of samples of between 93% and 98% compared to the traditional approach. Further, this attack was adapted and extended in what we call the encryption-by-decryption cache attack (EBD), to obtain a 256-bit AES key. In the best scenario, our approach obtained the 256 bits of the key of the OpenSSL AES T-table-based implementation using fewer than 10,000 samples, i.e., 135 milliseconds, proving that AES-256 is only about three times more complex to attack than AES-128 via cache attacks. Additionally, the proposed approach was successfully tested in a cross-VM scenario.

scholarly journals Cache Misses and the Recovery of the Full AES 256 Key

2019 ◽  
Author(s):  
Samira Briongos ◽  
Pedro Malagón ◽  
Juan-Mariano de Goyeneche ◽  
Jose M. Moya
Keyword(s):  
Cloud Computing ◽  
Information Leakage ◽  
Side Channel ◽  
Sensitive Information ◽  
Sources Of Information ◽  
Shared Cache ◽  
Novel Approach ◽  
Memory Accesses ◽  
Cache Attacks

In recent years, CPU caches have revealed themselves as one of the most powerful sources of information leakage. This information leakage affects any implementation whose memory accesses, to data or instructions, depend on sensitive information such as private keys. In most cases, side-channel cache attacks do not require any specific permission and just need access to a shared cache. This fact, combined with the spread of cloud computing, where the infrastructure is shared between different customers, have made these attacks quite popular. In this paper, we present a novel approach to exploit the information obtained from the CPU cache. First, we introduce a non-access attack that provides a 97\% reduction in the number of encryptions required to obtain a 128-bit AES key. Next, this attack is adapted and extended in what we call the encryption-by-decryption cache attack or EBD, to obtain a 256-bit AES key. When EBD is applied to AES-256, we are able to obtain the 256 bits of the key with less than 10000 encryptions. These results make EBD, to the best of our knowledge, the first practical attack on AES-256 and also demonstrate that AES-256 is only about 3 times more complex to attack than AES-128 via cache attacks. In both cases the target is the AES T-table-based implementation, and we also demonstrate that our approach works in a cross-VM scenario.

scholarly journals My(o) Armband Leaks Passwords

2021 ◽  
Vol 5 (4) ◽  
pp. 1-24
Author(s):  
Matthias Gazzari ◽  
Annemarie Mattmann ◽  
Max Maass ◽  
Matthias Hollick
Keyword(s):  
Neural Networks ◽  
Open Access ◽  
Augmented Reality ◽  
Source Code ◽  
Sensor Data ◽  
Side Channel ◽  
Sensitive Information ◽  
Myo Armband ◽  
The Given ◽  
Source Of Information

Wearables that constantly collect various sensor data of their users increase the chances for inferences of unintentional and sensitive information such as passwords typed on a physical keyboard. We take a thorough look at the potential of using electromyographic (EMG) data, a sensor modality which is new to the market but has lately gained attention in the context of wearables for augmented reality (AR), for a keylogging side-channel attack. Our approach is based on neural networks for a between-subject attack in a realistic scenario using the Myo Armband to collect the sensor data. In our approach, the EMG data has proven to be the most prominent source of information compared to the accelerometer and gyroscope, increasing the keystroke detection performance. For our end-to-end approach on raw data, we report a mean balanced accuracy of about 76 % for the keystroke detection and a mean top-3 key accuracy of about 32 % on 52 classes for the key identification on passwords of varying strengths. We have created an extensive dataset including more than 310 000 keystrokes recorded from 37 volunteers, which is available as open access along with the source code used to create the given results.

Novel Private Matching Protocol Suitable for Cloud Computing

2013 ◽  
Vol 373-375 ◽  
pp. 1678-1681
Author(s):  
Jian Wang ◽  
Xiao Yu Qi
Keyword(s):  
Cloud Computing ◽  
Cloud Service ◽  
The Internet ◽  
Sensitive Information ◽  
Security Issue ◽  
Research Focus ◽  
Novel Approach ◽  
Private Matching

In cloud computing users always hope their identity can’t be disclosed while they access the cloud service. Although there are many research focus on the security issue in cloud, none work has been carefully addressed about the proposed problem. To allay users' concerns of disclosure of their identity, we proposed a novel approach based on private matching protocol to protect users’ sensitive information in cloud computing. Besides, this paper also states the new problem of privacy indexing in the internet and proves that our proposed protocol can avoid privacy indexing in the cloud.

scholarly journals Subjective Knowledge, Perceived Risk, and Information Search when Purchasing a Franchise: A Comparative Exploration from Australia

2021 ◽  
Vol 14 (8) ◽  
pp. 338
Author(s):  
Peter Balsarini ◽  
Claire Lambert ◽  
Maria M. Ryan ◽  
Martin MacCarthy
Keyword(s):  
Decision Making ◽  
Information Search ◽  
Perceived Risk ◽  
Traditional Approach ◽  
Growth Strategy ◽  
Local Market ◽  
Significant Information ◽  
Subjective Knowledge ◽  
Decision Making Processes ◽  
The Relationship

Franchising has long been a method by which organizations seek to expand and facilitate local market development. However, franchising as a growth strategy can often be hampered by lack of suitable franchisees. To mitigate this shortage, some franchisors have engaged in recruiting franchisees internally from the ranks of their employees in addition to the traditional approach of recruiting franchisees externally. Predominantly franchisees are individuals rather than corporations and thus purchasing a franchise should most commonly be characterized as a consumer acquisition. To explore the relationship between subjective knowledge, perceived risk, and information search behaviors when purchasing a franchise qualitative interviews were conducted with franchisees from the restaurant industry. Half of these respondents were externally recruited having never worked for the franchisor and half were internally recruited having previously been employees of the franchisor. The external recruits expressed a strong desire to own their own business and engaged in extensive decision-making processes with significant information search when purchasing their franchises. Contrastingly, the internal recruits expressed a strong desire to be their own boss and engaged in limited, bordering on habitual decision-making processes with negligible information search when acquiring their franchises. The results reveal that differences in subjective knowledge and perceived risk appear to significantly impact the extent of information search between these two groups. A model of the relationship between subjective knowledge, perceived risk and information search in the purchasing of a franchise is developed that reconciles these findings. The findings also have practical implications for franchisors’ franchisee recruiting efforts which are integral to their capacity to develop local markets.

Relative consumption, relative wealth, and long-run growth: when and why is the standard analysis prone to incorrect conclusions?

2021 ◽  
pp. 1-25
Author(s):  
Franz X. Hof ◽  
Klaus Prettner
Keyword(s):  
Growth Rate ◽  
Traditional Approach ◽  
Total Change ◽  
Relative Consumption ◽  
Fundamental Factor ◽  
Elasticity Of Intertemporal Substitution ◽  
Relative Wealth ◽  
Novel Approach ◽  
Long Run ◽  
Two Parameters

Abstract We employ a novel approach for analyzing the effects of relative consumption and relative wealth preferences on economic growth. In the pertinent literature, these effects are usually assessed by examining the dependence of the growth rate on the two parameters of the utility function that seem to measure the strength of the relative consumption and the relative wealth motives. Applying our fundamental factor approach, we identify specifications in which the traditional approach yields incorrect qualitative conclusions. The problematic specifications have the common unpleasant property that the parameter that seems to determine the strength of the relative consumption motive actually also affects the elasticity of intertemporal substitution of absolute consumption (and the strength of the relative wealth motive). Since the standard approach is unaware of the additional effect(s), it attributes the total change in the growth rate incorrectly to the change in the strength of the relative consumption motive.

scholarly journals Device-Based Security to Improve User Privacy in the Internet of Things †

Sensors ◽  
2018 ◽  
Vol 18 (8) ◽  
pp. 2664 ◽  
Author(s):  
Luis Belem Pacheco ◽  
Eduardo Pelinson Alchieri ◽  
Priscila Mendez Barreto
Keyword(s):  
Cloud Computing ◽  
Internet Of Things ◽  
Single Point ◽  
Data Access ◽  
Cloud Services ◽  
Sensitive Information ◽  
User Privacy ◽  
Privacy And Security ◽  
Iot Devices ◽  
And Control

The use of Internet of Things (IoT) is rapidly growing and a huge amount of data is being generated by IoT devices. Cloud computing is a natural candidate to handle this data since it has enough power and capacity to process, store and control data access. Moreover, this approach brings several benefits to the IoT, such as the aggregation of all IoT data in a common place and the use of cloud services to consume this data and provide useful applications. However, enforcing user privacy when sending sensitive information to the cloud is a challenge. This work presents and evaluates an architecture to provide privacy in the integration of IoT and cloud computing. The proposed architecture, called PROTeCt—Privacy aRquitecture for integratiOn of internet of Things and Cloud computing, improves user privacy by implementing privacy enforcement at the IoT devices instead of at the gateway, as is usually done. Consequently, the proposed approach improves both system security and fault tolerance, since it removes the single point of failure (gateway). The proposed architecture is evaluated through an analytical analysis and simulations with severely constrained devices, where delay and energy consumption are evaluated and compared to other architectures. The obtained results show the practical feasibility of the proposed solutions and demonstrate that the overheads introduced in the IoT devices are worthwhile considering the increased level of privacy and security.

Static Analysis of Run-Time Inter-Core Interferences for Concurrent Programs in Shared Cache Multicore Architectures

2012 ◽  
Vol 198-199 ◽  
pp. 523-527
Author(s):  
Fang Yuan Chen ◽  
Dong Song Zhang ◽  
Zhi Ying Wang
Keyword(s):  
Multicore Processors ◽  
Mapping Method ◽  
Concurrent Programs ◽  
Multicore Architectures ◽  
Shared Resources ◽  
Worst Case ◽  
Shared Cache ◽  
Address Mapping ◽  
Novel Approach ◽  
Time Systems

Worst-Case Execution Time (WCET) is crucial in real-time systems and is very challenging in multicore processors due to the possible runtime inter-thread interferences caused by shared resources. This paper proposes a novel approach to analyze runtime inter-core interferences for consecutive or inconsecutive concurrent programs. Our approach can reasonably estimate runtime inter-core interferences in shared cache by introducing lifetime and instruction fetching timing relations analysis into address mapping method. Compared with the method based on lifetime alone, our proposed approach efficiently improves the tightness of WCET estimation.

Sign in / Sign up

Export Citation Format

Share Document