Preparing an arduino nano board to perform a power analysis side channel attack and explaining how that can be used to break RSA. Also proof I can't count. RSA video: https://www.youtube.com/watch?v=sYCzu04ftaY rhme2 by riscure: http://rhme.riscure.com/home Oscilloscope: Rigol DS2072A Soldering Station: Weller WD1 -=[ 💻 Related Products ]=- → Soldering station:* https://amzn.to/2SII4du → Oscilloscope:* https://amzn.to/2SMsDAY → Cheaper Oscilloscope:* https://amzn.to/2RCzCyX -=[ 🔴 Stuff I use ]=- → Microphone:* https://amzn.to/2LW6ldx → Graphics tablet:* https://amzn.to/2C8djYj → Camera#1 for streaming:* https://amzn.to/2SJ66VM → Lens for streaming:* https://amzn.to/2CdG31I → Connect Camera#1 to PC:* https://amzn.to/2VDRhWj → Camera#2 for electronics:* https://amzn.to/2LWxehv → Lens for macro shots:* https://amzn.to/2C5tXrw → Keyboard:* https://amzn.to/2LZgCFD → Headphones:* https://amzn.to/2M2KhxW -=[ ❤️ Support ]=- → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: https://twitter.com/LiveOverflow/ → Website: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/ -=[ 📄 P.S. ]=- All links with "*" are affiliate links. LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
Views: 18850 LiveOverflow
A complete introduction to side channel power analysis (also called differential power analysis). This is part of training available that will be available at http://www.ChipWhisperer.io shortly - also in person at Blackhat USA 2016 (see https://www.blackhat.com/us-16/).
Views: 12593 Colin O'Flynn
Terrible DPA explanation and sharing my experience solving the side channel analysis challenge "piece of scake" from the rhme2 CTF. A real DPA tutorial by Colin O'Flynn: https://www.youtube.com/watch?v=OlX-p4AGhWs The ChipWhisperer AES tutorial: http://www.newae.com/sidechannel/cwdocs/tutorial.html ChipWhsiperer: http://newae.com/tools/chipwhisperer/ The DPA paper: https://www.rambus.com/introduction-to-differential-power-analysis-and-related-attacks/ rhme2 challenge files: https://github.com/Riscure/Rhme-2016 -=[ 🔴 Stuff I use ]=- → Microphone:* https://amzn.to/2LW6ldx → Graphics tablet:* https://amzn.to/2C8djYj → Camera#1 for streaming:* https://amzn.to/2SJ66VM → Lens for streaming:* https://amzn.to/2CdG31I → Connect Camera#1 to PC:* https://amzn.to/2VDRhWj → Camera#2 for electronics:* https://amzn.to/2LWxehv → Lens for macro shots:* https://amzn.to/2C5tXrw → Keyboard:* https://amzn.to/2LZgCFD → Headphones:* https://amzn.to/2M2KhxW -=[ ❤️ Support ]=- → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: https://twitter.com/LiveOverflow/ → Website: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/ -=[ 📄 P.S. ]=- All links with "*" are affiliate links. LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm. #CTF #HardwareSecurity
Views: 40066 LiveOverflow
Your software may be secure, but what about the computer it's running on? Nathaniel Graff describes how private data can be extracted from a running system without even needing a software exploit. Learn how data can be inadvertently leaked and what can be done to prevent it. Featuring a live demo with an oscilloscope!
Views: 3053 White Hat Cal Poly
What is SIDE-CHANNEL ATTACK? What does SIDE-CHANNEL ATTACK mean? SIDE-CHANNEL ATTACK meaning - SIDE-CHANNEL ATTACK definition - SIDE-CHANNEL ATTACK explanation. Source: Wikipedia.org article, adapted under https://creativecommons.org/licenses/by-sa/3.0/ license. SUBSCRIBE to our Google Earth flights channel - https://www.youtube.com/channel/UC6UuCPh7GrXznZi0Hz2YQnQ In cryptography, a side-channel attack is any attack based on information gained from the physical implementation of a cryptosystem, rather than brute force or theoretical weaknesses in the algorithms (compare cryptanalysis). For example, timing information, power consumption, electromagnetic leaks or even sound can provide an extra source of information, which can be exploited to break the system. Some side-channel attacks require technical knowledge of the internal operation of the system on which the cryptography is implemented, although others such as differential power analysis are effective as black-box attacks. Many powerful side-channel attacks are based on statistical methods pioneered by Paul Kocher. Attempts to break a cryptosystem by deceiving or coercing people with legitimate access are not typically called side-channel attacks: see social engineering and rubber-hose cryptanalysis. For attacks on computer systems themselves (which are often used to perform cryptography and thus contain cryptographic keys or plaintexts), see computer security. The rise of Web 2.0 applications and software-as-a-service has also significantly raised the possibility of side-channel attacks on the web, even when transmissions between a web browser and server are encrypted (e.g., through HTTPS or WiFi encryption), according to researchers from Microsoft Research and Indiana University. General classes of side channel attack include: Cache attack — attacks based on attacker's ability to monitor cache accesses made by the victim in a shared physical system as in virtualized environment or a type of cloud service. Timing attack — attacks based on measuring how much time various computations take to perform. Power-monitoring attack — attacks that make use of varying power consumption by the hardware during computation. Electromagnetic attack — attacks based on leaked electromagnetic radiation, which can directly provide plaintexts and other information. Such measurements can be used to infer cryptographic keys using techniques equivalent to those in power analysis or can be used in non-cryptographic attacks, e.g. TEMPEST (aka van Eck phreaking or radiation monitoring) attacks. Acoustic cryptanalysis — attacks that exploit sound produced during a computation (rather like power analysis). Differential fault analysis — in which secrets are discovered by introducing faults in a computation. Data remanence — in which sensitive data are read after supposedly having been deleted. Row hammer — in which off-limits memory can be changed by accessing adjacent memory. Optical - in which secrets and sensitive data can be read by visual recording using a high resolution camera, or other devices that have such capabilities (see examples below). In all cases, the underlying principle is that physical effects caused by the operation of a cryptosystem (on the side) can provide useful extra information about secrets in the system, for example, the cryptographic key, partial state information, full or partial plaintexts and so forth. The term cryptophthora (secret degradation) is sometimes used to express the degradation of secret key material resulting from side-channel leakage. A cache side-channel attack works by monitoring security critical operations such as AES T-table entry or modular exponentiation multiplicand accesses. Attacker then is able to recover the secret key depending on the accesses made (or not made) by the victim, deducing the encryption key. Also, unlike some of the other side-channel attacks, this method does not create a fault in the ongoing cryptographic operation and is invisible to the victim.
Views: 5010 The Audiopedia
Demonstration of a timing-based side channel attack. This attack takes advantage of a known timing imbalance in the standard ANSI C memcmp function, in which it exits as soon as a compared byte does not match. This results in the function taking a longer time given the more bytes that match between the compared blocks of memory. As long as there's a measurable timing imbalance, a system can be exploited regardless of the particular compare process used. More hardware hacking projects and presentations can be found at http://www.grandideastudio.com/portfolio/security/ NOTE: I FAIL AT MATH! From 1:24-1:33 where I'm describing the maximum possible key press combinations for a 4-digit PIN with 4 choices each (4*4*4*4), I incorrectly state 1024 as the answer. That's not true. It's 256. Still, the timing attack is an extremely useful method to reduce the keyspace needed for a brute force attack.
Views: 3983 Joe Grand
MIT 6.858 Computer Systems Security, Fall 2014 View the complete course: http://ocw.mit.edu/6-858F14 Instructor: Nickolai Zeldovich In this lecture, Professor Zeldovich discusses side-channel attacks, specifically timing attacks. License: Creative Commons BY-NC-SA More information at http://ocw.mit.edu/terms More courses at http://ocw.mit.edu
Views: 12046 MIT OpenCourseWare
by Taylor Hornby In 2013, Yuval Yarom and Katrina Falkner discovered the FLUSH+RELOAD L3 cache side-channel. So far it has broken numerous implementations of cryptography including, notably, the AES and ECDSA in OpenSSL and the RSA GnuPG. Given FLUSH+RELOAD's astounding success at breaking cryptography, we're lead to wonder if it can be applied more broadly, to leak useful information out of regular applications like text editors and web browsers whose main functions are not cryptography. In this talk, I'll briefly describe how the FLUSH+RELOAD attack works, and how it can be used to build input distinguishing attacks. In particular, I'll demonstrate how when the user Alice browses around the top 100 Wikipedia pages, the user Bob can spy on which of those pages she's visiting. This isn't an earth-shattering attack, but as the code I'm releasing shows, it can be implemented reliably. My goal is to convince the community that side channels, FLUSH+RELOAD in particular, are useful for more than just breaking cryptography. The code I'm releasing is a starting point for developing better attacks. If you have access to a vulnerable CPU running a suitable OS, you should be able to reproduce the attack within minutes after watching the talk and downloading the code.
Views: 10634 Black Hat
hardware security - Introduction to Side Channel Attacks To get certificate subscribe at: https://www.coursera.org/learn/hardware-security ================================== Hardware security playlist: https://www.youtube.com/playlist?list=PL2jykFOD1AWZRNhehPCsDLhfRkM1abYHd ================================== About this course: In this course, we will study security and trust from the hardware perspective. Upon completing the course, students will understand the vulnerabilities in current digital system design flow and the physical attacks to these systems. They will learn that security starts from hardware design and be familiar with the tools and skills to build secure and trusted hardware.
Views: 1145 intrigano
Hello Guys !! In this video I will be talking about side channel attack by hackers to compromise a physical system by implementing a computer system to monitor various things of the system including time ,power consumption, electromagnetic radiation and even sound. You can save your system by attackers if you have knowledge of this attack. =================================== Our Website To Learn Cyber Security : https://technicalnavigator.in =================================== ============================================= ▶ Stay Safe On Internet ▶ Stay Legal Always ▶ Videos Of Ethical Hacking, Tips n Tricks, Cyber Security & Technology. ============================================== ---------CONNECT WITH ME-------------- ♥️ Twitter - https://goo.gl/wsmezo ♥️ Facebook Page - https://goo.gl/NSdiAa ♥️ Instagram - https://goo.gl/RRxMbk ♥️ Instagram TV - https://goo.gl/qXRmva ♥️ Telegram Channel - https://t.me/technicalnavigator ♥️ Telegram Group - https://t.me/TN_Family --------------------------------------------------------------------------------------------- Note : ALL THE IMAGES/PICTURES SHOWN IN THE VIDEO BELONGS TO THE RESPECTED OWNERS AND NOT ME.. I AM NOT THE OWNER OF ANY PICTURE/IMAGE SHOWN IN THE VIDEO -------------------------------------------------------------------------------------------- DISCLAIMER : THIS VIDEO IS FOR EDUCATIONAL PURPOSE ONLY. Please do not use this method for illegal or malicious activities because hacking is crime.if you do this then it's can land you in jail. Copyright Disclaimer Under Section 107 of the Copyright Act 1976, allowance is made for "fair use" for purposes such as criticism, comment, news reporting, teaching, scholarship, and research. Fair use is a use permitted by copyright statute that might otherwise be infringing. Non-profit, educational or personal use tips the balance in favor of fair use.
Views: 1351 Technical Navigator
*Switch video to HD Mode to see all details *Get slides etc at www.ChipWhisperer.com. *Items for sale at ColoradoMicroDevices.com
Views: 7464 Colin O'Flynn
Cryptography and Network Security by Prof. D. Mukhopadhyay, Department of Computer Science and Engineering, IIT Kharagpur. For more details on NPTEL visit http://nptel.iitm.ac.in
Views: 5894 nptelhrd
by Pieter Robyns At: FOSDEM 2019 https://video.fosdem.org/2019/AW1.120/sdr_em_sidechannel_attacks.webm Electromagnetic (EM) side-channel attacks exploit the EM radiation that inherently leaks from electronic systems during various computations. Patterns in the amplitude or frequency of this radiation can be analyzed to break even theoretically secure cryptographic algorithms such as RSA and AES. In this presentation, we will cover the various challenges involved with successfully performing EM side-channel attacks using relatively low-cost Software Defined Radios (SDRs) and EM probes. More concretely, we will discuss the measurement setup, trace capture process, trace alignment / filtering, and Correlation Electromagnetic Attack (CEMA) for a scenario in which an Arduino Duemilanove is executing a software AES algorithm with an unknown key. Finally, we will see how artificial neural networks can be used to reduce the complexity of performing successful EM side-channel attacks. In present-day communications systems, cryptographic algorithms (ciphers) provide confidentiality and integrity of data through secret pieces of information (i.e. shared or private keys) known only to the communicating parties. However, as shown in numerous previous works, measuring the physical properties of hardware during executions of a cipher can reveal information about its current state. When sufficient information leaks through these so-called "side-channels", an adversary can compute the key. In this presentation, we will examine the EM side channel, which originates from electromagnetic radiation leaking from a device. Performing EM side-channel attacks used to require rather expensive oscilloscopes with high sample rate ADCs. With the advent of inexpensive SDRs such as the RTL-SDR and advances in AI, the bar to perform such attacks has been adequately lowered. We will learn how to use the open-source ElectroMagnetic Mining Array (EMMA) tool to capture leakages emanated by an Arduino Duemilanove during the execution of an AES encryption operation. Next, a standard CEMA attack will be performed. This attack correlates the measured amplitude of a signal with the hamming weight of part of the key in order to determine which key was used during the execution of the cipher. Finally, we will examine applications of neural networks to side-channel analysis. Both traditional deep Convolutional Neural Networks (CNNs) as well as a novel "correlation optimization" (CO) method using shallow neural networks will be discussed. Room: AW1.120 Scheduled start: 2019-02-03 15:30:00+01
Views: 228 FOSDEM
Demo of ChipWhisperer software attacking an AES Encryption Example. Check out the full-length video at http://www.youtube.com/watch?v=OlX-p4AGhWs describing how SCA/DPA works, and check out ChipWhisperer.io for more about this project!
Views: 6690 Colin O'Flynn
Plore Hacker Electronic locks are becoming increasingly common on consumer-grade safes, particularly those used to secure guns. This talk explores vulnerabilities of several UL-listed Type 1 "High Security" electronic safe locks. Using side-channel attacks, we recover the owner-configured keycodes on two models of these locks from outside of locked safes without any damage to the locks or safes. Discussion includes power-line analysis, timing attacks, and lockout-defeat strategies on embedded devices. An embedded software developer with a background in electrical engineering, Plore has long been fascinated by computer security and locks. One day he found himself wondering if the trust bestowed on electronic locks was actually misplaced. He decided to investigate.
Views: 939 HackersOnBoard
In a casual conversation with Thomas “Halvar Flake” Dullien I suggested that performance counters could be used as a software mitigation for the row hammer exploit he and Mark Seaborn had developed. Thomas encouraged me to research it and it became suggestion for a software solution for row hammer. I presented this research with Nishat Herath during Black Hat 2015. While researching row hammer I noticed that the methodology I was developing could be important in mitigating cache side channel attacks and this led me into an almost year long project researching these attacks. In this talk we’ll focus on, how the micro architectural design of modern computers enables an attacker to breach trust boundaries. Specifically we’ll focus on how the cache subsystem of modern x86 computers can be abused to gain access to private data. Cache side channel attacks have been around for years, but have had a renaissance due to the emergence of a large, shared 3rd level cache and gained relevance through the spread of cloud computing due to increase attack surface. There are many side channels possible in modern computers; however, the cache is most likely the most important due to its central position in the computer. Given that cache side channel attacks are enabled by the CPU design, software defenses become notoriously difficult and yet at the same time in many cases it becomes the only viable solution. Cache side channel attacks are relevant when an attacker already has access to the same hardware as the victim, but is stopped by local restrictions such as user privileges, virtual machines or sandboxes. At first this seems restrictive, but modern computing is full of examples of such scenarios. Virtual machines in cloud computers is the classic example and cache side channel attacks easily reach across otherwise iron clad boundaries between virtual machines. Thin clients, java script running locally on web pages or multi user systems are other common examples. Despite of modern cache side channel attacks being relatively new, many important attacks have already been demonstrated: – Exfiltration of RSA 2048 private keys from co-located VM hosted in the amazon cloud – AES key extraction – ECDSA key extraction – Spying on keyboard input – Spying on mouse cursor – Breaking KASRL (Kernel Address Space Randomization Layout) ====== Anders Fogh is a co-founder and the vice president of engineering at Protect Software GmbH. He has led numerous low level engineering efforts in the past 11 years. Prior to that he worked at VOB GmbH and Pinnacle System where he was responsible for major developments in video and CD/DVD recording software. Since 1993 he has been an avid malware hobbyist and has reverse engineering experience with operating systems from DOS to present day OSs as well as devices ranging from DVD players to USB sticks. He holds a master’s degree in economics from the University of Aarhus. He was the first to suggest a software solution to the row hammer bug and spoke at Black Hat 2015 with Nishat Herath on the topic of using performance counters for security out comes.
Views: 1371 Hack In The Box Security Conference
Electronic locks are becoming increasingly common on consumer-grade safes, particularly those used to secure guns. This talk explores vulnerabilities of several UL-listed Type 1 "High Security" electronic safe locks. Using side-channel attacks, we recover the owner-configured keycodes on two models of these locks from outside of locked safes without any damage to the locks or safes. Discussion includes power-line analysis, timing attacks, and lockout-defeat strategies on embedded devices. Bio: An embedded software developer with a background in electrical engineering, Plore has long been fascinated by computer security and locks. One day he found himself wondering if the trust bestowed on electronic locks was actually misplaced. He decided to investigate.
Views: 3802 DEFCONConference
FPGA-Based Remote Power Side-Channel Attacks Mark Zhao (Cornell University) Presented at the 2018 IEEE Symposium on Security & Privacy May 21–23, 2018 San Francisco, CA http://www.ieee-security.org/TC/SP2018/ ABSTRACT The rapid adoption of heterogeneous computing has driven the integration of Field Programmable Gate Arrays (FPGAs) into cloud datacenters and flexible System-on-Chips (SoCs). This paper shows that the integrated FPGA introduces a new security vulnerability by enabling software-based power side-channel attacks without physical proximity to a target system. We first demonstrate that an on-chip power monitor can be built on a modern FPGA using ring oscillators (ROs), and characterize its ability to observe the power consumption of other modules on the FPGA or the SoC. Then, we show that the RO- based FPGA power monitor can be used for a successful power analysis attack on an RSA cryptomodule on the same FPGA. Additionally, we show that the FPGA-based power monitor can observe the power consumption of a CPU on the same SoC, and demonstrate that the FPGA-to-CPU power side-channel attack can break timing-channel protection for a RSA program running on a CPU. This work introduces and demonstrates remote power side-channel attacks using an FPGA, showing that the common assumption that power side-channel attacks require specialized equipment and physical access to the victim hardware is not true for systems with an integrated FPGA.
Views: 489 IEEE Symposium on Security and Privacy
If you find our videos helpful you can support us by buying something from amazon. https://www.amazon.com/?tag=wiki-audio-20 Side-channel attack In cryptography, a side-channel attack is any attack based on information gained from the physical implementation of a cryptosystem, rather than brute force or theoretical weaknesses in the algorithms (compare cryptanalysis).For example, timing information, power consumption, electromagnetic leaks or even sound can provide an extra source of information, which can be exploited to break the system. -Video is targeted to blind users Attribution: Article text available under CC-BY-SA image source in video https://www.youtube.com/watch?v=FOLvJXfdvEk
Views: 880 WikiAudio
Seminar from toorcon 16 Side channel attacks against hardware targets often appear difficult to software specialists. Power analysis attacks are a class of side channel attacks relying on sampling a devices power consumption during cryptographic operations. This talk will focus on setup and implementation for differential power analysis attacks against DES and include a brief overview of both simple and template power analysis attacks. We begin with an introduction to power analysis attacks, hardware requirements and setup. Then, an implementation of a differential power analysis attack will be shown against a simple target.
Views: 2341 Timur Duehr
We will look at a collection of mathematical problems suggested by side-channel attacks against public key cryptosystems, and how the techniques inspired by this work relate to a variety of different applications. First, we discuss the cold boot attack, a side-channel attack against disk encryption systems that uses the phenomenon of DRAM remanence to recover encryption keys from a running computer. In the course of the attack, however, there may be errors introduced in the keys that the attacker obtains. It turns out that the structure of the key data in an AES key schedule can allow an attacker to more efficiently recover the private key in the presence of such errors. We extend this idea to a RSA private keys, and show how the structure of RSA private key data can allow an attacker to recover a key in the presence of random errors from 27 of the bits of the original key. Most previous work on RSA key recovery used the lattice-based techniques introduced by Coppersmith for finding low-degree roots of polynomials modulo numbers of unknown factorization. We will show how powerful analogies from algebraic number theory allow us to translate this theorem from the ring of integers to the ring of polynomials and beyond. This sort of intellectual arbitrage allows us to give a faster algorithm for list decoding of Reed-Solomon codes along with a natural extension to multi-point algebraic geometric codes, as well as an algorithm to find small solutions to polynomials over ideals in number fields.
Views: 1126 Microsoft Research
See https://wiki.newae.com/Tutorial_CW305-2_Breaking_AES_on_FPGA for full details.
Views: 888 NewAE Technology Inc.
This is an explanation of the Kocher et al paper on Differential Power Analysis. errata 1: DPA and SPA are non-invasive errata 2: In last round of DES, the left and right halves don't get exchanged I have a blog here: www.cryptologie.net
Views: 7636 David Wong
CEO/CTO at NewAE Technology Inc, Colin O'Flynn talks about his training on side channel power analysis at Hardware Security Training. Watch as Colin highlights the most important takeaways from his class and elaborates on the open-source ChipWhisperer project. Read more about Hardware Security Training and other presented topics: https://medium.com/pentester-academy-blog/hardware-security-training-ec67c17b989a
Views: 340 Pentester Academy TV
In this video, we illustrate a proximity-based attack though a side channel in a wireless sensor. We assume that malware (i.e., a logic bomb) is already loaded on the node and we send a trigger to activate the malware through the light sensor. The trigger is the specific pattern "bad" transmitted using the cell phone LED using Morse code. The attack causes the computer to crash and illustrates that sensory channels can be just as devastating as traditional network channels.
Views: 1420 GTCapGroup
See full tutorial posted at http://www.newae.com/sidechannel/cwdocs/tutorialglitch.html (includes video). See this project at SolidCon May 22nd in San Francisco, or attend my Blackhat Training (https://www.blackhat.com/us-14/training/advanced-embedded-hardware-hacking-power-analysis-and-glitching-with-the-chipwhisperer.html)!
Views: 3921 Colin O'Flynn
Check out the project on Hackaday: http://hackaday.io/project/956-ChipWhisperer , and I'll be at O'Reilly Solid in May: http://solidcon.com/solid2014/public/schedule/detail/33655
Views: 11926 Colin O'Flynn
Details of the event: https://www.blackhat.com/us-13/briefings.html#OFlynn Full details of code/slides will be uploaded after event to: www.ChipWhisperer.com www.newae.com/blackhat
Views: 940 Colin O'Flynn
The video demonstrates live detection and mitigation of a cache side channel attack extracting RSA keys from a web server. Our lab setup includes a single physical machine running the KVM hypervisor and three Virtual Machines (VMs). The first two are a web server and client repeatedly running a TLS handshake and the third VM is an attacker who tries to extract the server’s private RSA key. The host runs a detection module and a mitigation module. The detection module uses statistics on cache hits and misses provided by hardware counters in the CPU to detect cache-based side channel attacks. The mitigation module makes dummy memory accesses that introduce noise to the measurements that the attacker makes. The server uses the GNU-TLS library, which implements RSA operations by the square-and-multiply algorithm. Each RSA decryption takes the server approximately 65 milliseconds to complete using a 4096 bits private key. The attacker uses the Prime & Probe technique for tracking the accesses of other tenants to a specific cache set in the Last Level Cache (LLC). The demonstration shows successful detection of the attack along with its mitigation. Further information about the approach can be found by clicking the links below: - https://www.mikelangelo-project.eu/wp-content/uploads/2016/06/MIKELANGELO-WP3.4-BGU-v1.0.pdf - Section 4 in https://www.mikelangelo-project.eu/wp-content/uploads/2017/01/MIKELANGELO-WP3.2-IBM-v2.0.pdf Contacts: Niv Gilboa, Gabriel Scalosub MIKELANGELO project http://www.mikelangelo-project.eu CREDITS Produced by Daniel Vladušič - [email protected] Music - Haus Guest, Gunnar Olsen
Views: 211 MIKELANGELO project
By: Colin O'Flynn Power analysis attacks present a devious method of cracking cryptographic systems. But looking at papers published in this field show that often the equipment used is fairly expensive: the typical oscilloscope used often has at least a 1 GSPS sampling rate, and then various probes and amplifiers also add to this cost. What is a poor researcher to do without such tools? This presentation will give a detailed description of how to setup a power analysis lab for a few hundred dollars, one that provides sufficient performance to attack real devices. It's based on some open-source hardware & software I developed, and is small enough to fit in your pocket. This will be demonstrated live against a microcontroller implementing AES, with details provided so attendees can duplicate the demonstration. This includes an open-hardware design for the capture board, open-source Python tools for doing the capture, and open-source example attacks. Underlying theory behind side-channel attacks will be presented, giving attendees a complete picture of how such attacks work.
Views: 512 Black Hat
Philip James https://2018.pycon-au.org/talks/45261-all-in-the-timing-sidechannel-attacks/ Here, you’ll learn about a category of security issue known as side channel attacks. You’ll be amused to see how features like automatic data compression, short-circuit execution, and deterministic hashing can be abused to bypass security systems. No security background knowledge is required. Python, PyCon, PyConAU, australia, programming, sydney This video is licensed under CC BY 3.0 AU ‹https://creativecommons.org/licenses/by/3.0/au/›. PyCon Australia (“PyCon AU”) is the national conference for the Python Programming Community, bringing together professional, student and enthusiast developers with a love for developing with Python. PyCon AU, the national Python Language conference, is on again this August in Sydney, at the International Convention Centre, Sydney, August 24 - 28 2018. Python, PyCon, PyConAU
Views: 155 PyCon Australia
See http://www.newae.com/openadc . Full documentation forthcoming.
Views: 3623 Colin O'Flynn
Solving the AES whitebox crypto challenge without even touching crypto or AES. The tools: https://github.com/SideChannelMarvels Challenge: https://github.com/Riscure/Rhme-2017/tree/master/prequalifications/White%20Box%20Unboxing -=[ 🔴 Stuff I use ]=- → Microphone:* https://amzn.to/2LW6ldx → Graphics tablet:* https://amzn.to/2C8djYj → Camera#1 for streaming:* https://amzn.to/2SJ66VM → Lens for streaming:* https://amzn.to/2CdG31I → Connect Camera#1 to PC:* https://amzn.to/2VDRhWj → Camera#2 for electronics:* https://amzn.to/2LWxehv → Lens for macro shots:* https://amzn.to/2C5tXrw → Keyboard:* https://amzn.to/2LZgCFD → Headphones:* https://amzn.to/2M2KhxW -=[ ❤️ Support ]=- → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🐕 Social ]=- → Twitter: https://twitter.com/LiveOverflow/ → Website: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/ -=[ 📄 P.S. ]=- All links with "*" are affiliate links. LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
Views: 7177 LiveOverflow
https://media.ccc.de/v/SHA2017-169-attacking_openssl_using_side-channel_attacks The RSA case study Side channel attacks (SCA) gained attention in the past years. New low cost tools like Chip-Whisperer proved that these attacks are not any more a theoretical, academic risk but a real threat to the security of the embedded systems. Many cryptographic products are now being developed having this attacks in mind and countermeasures are being implemented. This is the case of the omnipresent OpenSSL, which implement protections against side channel attacks to prevent the extraction of the secret key. In our presentation, we will briefly introduce SCA to the audience and discuss later the countermeasures implemented in the OpenSSL RSA and our attack that allows us to bypass them. #NetworkSecurity Praveen Vadnala Lukasz Chmielewski
Views: 339 SHA2017
Power Analysis Attacks for Cheapskates Presented By: Colin O'Flynn Power analysis attacks present a devious method of cracking cryptographic systems. But looking at papers published in this field show that often the equipment used is fairly expensive: the typical oscilloscope used often have at least a 1 GSPS sampling rate, and then various probes and amplifiers also add to this cost. What is a poor researcher to do without such tools? This presentation will give a detailed description of how to setup a power analysis lab for a few hundred dollars, one that provides sufficient performance to attack real devices. It's based on some open-source hardware & software I developed, and is small enough to fit in your pocket. This will be demonstrated live against a microcontroller implementing AES, with details provided so attendees can duplicate the demonstration. This includes an open-hardware design for the capture board & open-source Python tools for doing the capture. Underlying theory behind side-channel attacks will be presented, giving attendees a complete picture of how such attacks work
Views: 86 TalksDump
Emerging trends in computation such as cloud computing, virtualization, and trusted computing require that computation be carried out in remote and hostile environments, where attackers have unprecedented access to the devices, the data and the programs. This poses new problems and challenges for cryptography. In this talk, I will present two such challenges, and my recent work towards solving them. 1. Protecting against Side-channel Attacks: Computing devices leak information to the outside world not just through input-output interaction, but through physical characteristics of computation such as power consumption, timing, and electro-magnetic radiation. Such information leakage betrays information about the secrets stored within the devices, and has been successfully utilized to break many cryptographic algorithms in common use. These attacks are commonly called side-channel attacks. Side-channel attacks are particularly easy to carry out when the device is in the physical proximity of an attacker, as is often the case for modern devices such as smart-cards, TPM chips, mobile phones and laptops. In the first part of the talk, I will describe my recent work that lays the foundation of leakage-resilient cryptography ΓÇô the design of cryptographic schemes that protect against large classes of side-channel attacks. 2. Computing on Encrypted Data: Security in the setting of cloud computing involves a delicate balance of privacy and functionality: while the client must encrypt its data to keep it private from the server, it should also allow for the server to compute on the encrypted data. Can we simultaneously achieve these opposing goals? In the second part of the talk, I will describe an elementary construction of a cryptographic mechanism that allows computation on encrypted data (also called a fully homomorphic encryption scheme). Both these works leverage new mathematical techniques based on geometric objects called lattices.
Views: 282 Microsoft Research
Side-channel attacks on mobile devices have gained increasing attention since their introduction in 2007. While traditional side-channel attacks, such as power analysis attacks and electromagnetic analysis attacks, required physical presence of the attacker as well as expensive equipment, an (unprivileged) application is all it takes to exploit the leaking information on modern mobile devices. Given the vast amount of sensitive information that are stored on smartphones, the ramifications of side-channel attacks affect both the security and privacy of users and their devices. In this talk, I will begin with an overview of existing side-channel attacks on mobile devices and argue for the need of a new categorization system as side-channel attacks have evolved significantly since their introduction during the smartcard era. I will explain how our proposed categorization system will help to facilitate the development of novel countermeasures and provide insights into possible future research directions. In the second part of my talk, I will present our latest work on how an adversary can exploit side-channel information, in this case power from the phone battery, to maliciously control a public charging station in order to exfiltrate data from a smartphone via a USB charging cable (i.e. without using the data transfer functionality).
Views: 261 Hackmanit GmbH
Technical talks from the Real World Crypto conference series.
Views: 1751 Real World Crypto
Side-Channel Analysis By, Mostafa Taha: PhD student in the Secure Embedded Systems lab of Virginia Tech Abstract: Side-Channel Analysis is a collective term for passive non-invasive implementation attacks. It refers to the process by which, an adversary exploits any unintentional output of a cryptographic module to reveal secret information about that module. Unintentional outputs, also called side-channel outputs, include power consumption, electromagnetic radiation, execution time, and others. In this presentation, we will explore the world of embedded security, and side-channel analysis. We will start with the introduction and motivation to this research field. Then, we will focus on two cryptographic algorithms, AES as a block cipher, and Keccak as a hashing function. We will show some recent work on the attack side and the protection side of both algorithms
Views: 98 VT-MENA Seminar
By coding assembly instructions that force to increase and stabilize power consumption, one can exfiltrate data from an isolated PC after its infection. I used a Dell Latitude 3340 PC with an iconic video playing, by simulating normal user activity and launching my binary. At the same time, I measured the current consumption using a clamp meter.
Views: 66 Maksym Zaitsev
If you thought the security practices of regular software was bad, just wait until you start learning about the security of embedded hardware systems. Recent open-source hardware tools have made this field accessible to a wider range of researchers, and this presentation will show you how to perform these attacks for equipment costing $200. Attacks against a variety of real systems will be presented: AES-256 bootloaders, internet of things devices, hardware crypto tokens, and more. All of the attacks can be replicated by the attendees, using either their own tools if such equipped (such as oscilloscopes and pulse generators), the open-hardware ChipWhisperer-Lite, or an FPGA board of their own design. The hands-on nature of this talk is designed to introduce you to the field, and give you the confidence to pick up some online tutorials or books and work through them. Even if you've never tried hardware hacking before, the availability of open-source hardware makes it possible to follow published tutorials and learn all about side-channel power analysis and glitching attacks for yourself. Speaker Bio: Colin O'Flynn has been working with security on embedded systems for several years. He has designed the open-source ChipWhisperer project which won 2nd place in the 2014 Hackaday Prize, and developed an even lower-cost version called the ChipWhisperer-Lite, which was the focus of a Kickstarter in 2015. Twitter: @colinoflynn
Views: 8345 DEFCONConference
A preview of the latest online security training from Riscure. Learn more at our website: https://www.riscure.com/training/deep-learning-side-channel-analysis-online-training/
Views: 126 Riscure