A Survey of Microarchitectural Side-channel Vulnerabilities, Attacks, and Defenses in Cryptography

Lou, Xiaoxuan; Zhang, Tianwei; Jiang, Jun; Zhang, Yinqian

doi:10.1145/3456629

Cited by 53 publications

(20 citation statements)

References 198 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The methods analyzed by the survey were not specific to hardware-based fault injection attacks, which require techniques to analyze the software at least at the instruction level or below. Lou et al [24] reviewed methods for microarchitectural side-channel attacks. Since fault injection attacks are used as a precursor for side-channel analysis, many of the methods discussed in the survey are also applicable to fault injection attacks and give an insight into novel countermeasures against fault injection attacks.…”

Section: Related Workmentioning

confidence: 99%

“…The purpose of these surveys was to inform IoT hardware designers of the threats posed by fault injection attacks. The surveys presented in [1,2,24] were specifically aimed at cryptography devices and software, making the survey results specific and not generalizable for all IoT systems. The existing surveys do not focus on fault injection attack detection methods.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

A Systematic Review of Fault Injection Attacks on IoT Systems

2022

View full text Add to dashboard Cite

The field of the Internet of Things (IoT) is growing at a breakneck pace and its applications are becoming increasingly sophisticated with time. Fault injection attacks on IoT systems are aimed at altering software behavior by introducing faults into the hardware devices of the system. Attackers introduce glitches into hardware components, such as the clock generator, microcontroller, and voltage source, which can affect software functioning, causing it to misbehave. The methods proposed in the literature to handle fault injection attacks on IoT systems vary from hardware-based attack detection using system-level properties to analyzing the IoT software for vulnerabilities against fault injection attacks. This paper provides a systematic review of the various techniques proposed in the literature to counter fault injection attacks at both the system level and the software level to identify their limitations and propose solutions to address them. Hybrid attack detection methods at the software level are proposed to enhance the security of IoT systems against fault injection attacks. Solutions to the identified limitations are suggested using machine learning, dynamic code instrumentation tools, hardware emulation platforms, and concepts from the software testing domain. Future research possibilities, such as the use of software fault injection tools and supervised machine learning for attack detection at the software level, are investigated.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

A Systematic Review of Fault Injection Attacks on IoT Systems

2022

View full text Add to dashboard Cite

show abstract

“…Kayaalp et al [50] further relaxed the assumptions of the attacks and achieved a better resolution. Various extensive survey studies have listed the threats at different cache levels [51,52].…”

Section: Motivationsmentioning

confidence: 99%

Noise-Free Security Assessment of Eviction Set Construction Algorithms with Randomized Caches

2022

View full text Add to dashboard Cite

Cache timing attacks, i.e., a class of remote side-channel attack, have become very popular in recent years. Eviction set construction is a common step for many such attacks, and algorithms for building them are evolving rapidly. On the other hand, countermeasures are also being actively researched and developed. However, most countermeasures have been designed to secure last-level caches and few of them actually protect the entire memory hierarchy. Cache randomization is a well-known mitigation technique against cache attacks that has a low-performance overhead. In this study, we attempted to determine whether address randomization on first-level caches is worth considering from a security perspective. In this paper, we present the implementation of a noise-free cache simulation framework that enables the analysis of the behavior of eviction set construction algorithms. We show that randomization at the first level of caches (L1) brings about improvements in security but is not sufficient to mitigate all known algorithms, such as the recently developed Prime–Prune–Probe technique. Nevertheless, we show that L1 randomization can be combined with a lightweight random eviction technique in higher-level caches to mitigate known conflict-based cache attacks.

show abstract

“…In his seminal work, Kocher [46] demonstrated that the power consumption of a device leaks information about the data it processes, allowing the recovery of cryptographic keys. Since then, research has demonstrated leakage of sensitive information via other side-channels, including electromagnetic emanations (EM) [34,62], timing [10,18,60], micro-architectural components [12,35,51], and even acoustic and photonic emanations [36,48].…”

Section: Introductionmentioning

confidence: 99%