The Big Mac attack showed that an RSA implementation, protected with conventional side-channel countermeasures can be exploited on the basis of an operand sharing property of field multiplications with a single trace ...
详细信息
Buffer overflow and stack smashing have been one of the most popular software based vulnerabilities in literature. There have been multiple works which have used these vulnerabilities to induce powerful attacks to tri...
详细信息
ISBN:
(纸本)9781509027910
Buffer overflow and stack smashing have been one of the most popular software based vulnerabilities in literature. There have been multiple works which have used these vulnerabilities to induce powerful attacks to trigger malicious code snippets or to achieve privilege escalation. In this work, we attempt to implement hardware level security enforcement to mitigate such attacks on OpenRISC architecture. We have analyzed the given exploits [5] in detail and have identified two major vulnerabilities in the exploit codes: memory corruption by non-secure memcpy() and return address modification by buffer overflow. We have individually addressed each of these exploits and have proposed a combination of compiler and hardware level modification to prevent them. The advantage of having hardware level protection against these attacks provides reliable security against the popular software level countermeasures.
True Random Number Generator (TRNG) circuits are important components of cryptographic systems. Lack of statistical randomness in the generated bitstreams from a TRNG can result in compromised keys, leading to serious...
True Random Number Generator (TRNG) circuits are important components of cryptographic systems. Lack of statistical randomness in the generated bitstreams from a TRNG can result in compromised keys, leading to serious security breaches. In this paper, we describe a Hardware Trojan Horse (HTH)-based attack on the TRNG of an FPGA-based cryptosystem, that results in reduced entropy and increased predictability of the generated keys. The proposed HTH does not cause any functional failure in the cryptosystem, and its impact is undetectable by analysis of the compromised bitstream using standard statistical randomness testing software suites (NIST, two enhanced versions of NIST Dieharder, and LIL-tests), and by a circuit-level HTH detection technique using Transition Effect Ring Oscillator (TERO). Finally, we show that the impact of the HTH can be detected by applying Wavelet Transform on the compromised bitstream.
暂无评论