When Reverse-Engineering Meets Side-Channel Analysis – Digital Lockpicking in Practice

Oswald, David; Strobel, Daehyun; Schellenberg, Falk; Kasper, Timo; Paar, Christof

doi:10.1007/978-3-662-43414-7_29

Cited by 8 publications

(6 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Adding noise into the traces is an alternative approach, as the injected artifical noise makes information extraction more difficult for attackers [Demme et al 2012]. Another approach is to frequently derive and update key information such that the side-channel attacker cannot gather sufficient information for breaking the key value before the next key update [Oswald et al 2014;Xiao et al 2014]. Physical unclonable functions (PUFs) are an effective hardware security solution [Suh and Devadas 2007;Holcomb and Fu 2014]; however, side-channel attacks can still break PUFs [Rostami et al 2014].…”

Section: Maximizementioning

confidence: 99%

Fundamental Challenges Toward Making the IoT a Reachable Reality

Xue

Nazarian

et al. 2017

ACM Trans. Des. Autom. Electron. Syst.

View full text Add to dashboard Cite

Constantly advancing integration capability is paving the way for the construction of the extremely large scale continuum of the Internet where entities or things from vastly varied domains are uniquely addressable and interacting seamlessly to form a giant networked system of systems known as the Internet-of-Things (IoT). In contrast to this visionary networked system paradigm, prior research efforts on the IoT are still very fragmented and confined to disjoint explorations of different applications, architecture, security, services, protocol, and economical domains, thus preventing design exploration and optimization from a unified and global perspective. In this context, this survey article first proposes a mathematical modeling framework that is rich in expressivity to capture IoT characteristics from a global perspective. It also sets forward a set of fundamental challenges in sensing, decentralized computation, robustness, energy efficiency, and hardware security based on the proposed modeling framework. Possible solutions are discussed to shed light on future development of the IoT system paradigm. . 2017. Fundamental challenges toward making IoT a reachable reality: A model-centric investigation.

show abstract

Section: Maximizementioning

confidence: 99%

Fundamental Challenges Toward Making the IoT a Reachable Reality

Xue

Nazarian

et al. 2017

ACM Trans. Des. Autom. Electron. Syst.

View full text Add to dashboard Cite

show abstract

“…SCA has gained considerable attention since its introduction in 1996 [1]. One reason for this is that many realworld targets were broken due to their susceptibility to side-channel attacks (e.g., [10] and [12]- [15]).…”

Section: Side-channel Analysismentioning

confidence: 99%

“…The widespread digital locking system 3060 analyzed in [7] and [10] is based on an undisclosed, proprietary cryptographic protocol. The latest revision is termed ''Generation 2'' or ''G2-based'' system by the manufacturer.…”

Section: Case Study I: the Simonsvoss Digital Locking Systemmentioning

confidence: 99%

See 1 more Smart Citation

Microcontrollers as (In)Security Devices for Pervasive Computing Applications

et al. 2014

Self Cite

View full text Add to dashboard Cite

Often overlooked, microcontrollers are the central component in embedded systems which drive the evolution toward the Internet of Things (IoT). They are small, easy to handle, low cost, and with myriads of pervasive applications.An increasing number of microcontroller-equipped systems are security and safety critical. In this tutorial, we take a critical look at the security aspects of today's microcontrollers. We demonstrate why the implementation of sensitive applications on a standard microcontroller can lead to severe security problems. To this end, we summarize various threats to microcontroller-based systems, including side-channel analysis and different methods for extracting embedded code. In two case studies, we demonstrate the relevance of these techniques in real-world applications: Both analyzed systems, a widely used digital locking system and the YubiKey 2 onetime password generator, turned out to be susceptible to attacks against the actual implementations, allowing an adversary to extract the cryptographic keys which, in turn, leads to a total collapse of the system security.

show abstract

“…The physical properties that can be extracted are, for examples, the execution time of a cryptographic algorithm [1], the electromagnetic emanation [2] or the power consumption of the device [3]. From an industrial point of view, side-channel attacks lead to extremely effective and successful attacks against (certified and uncertified) industrial products [4][5][6].…”

Section: Introductionmentioning

confidence: 99%