Timing attacks break a cryptosystem by time measurement to recover keys. Most available countermeasures protect block ciphers based on the safety of modules. This paper gives a complete definition of timing attacks an...Timing attacks break a cryptosystem by time measurement to recover keys. Most available countermeasures protect block ciphers based on the safety of modules. This paper gives a complete definition of timing attacks and studies the vulnerability of operations and modules on timing attacks. We present a method to transfer the security of the algorithm to that of secure operations by reduction. As a result, we hopefully tend to reconcile the provable security notions and modem cryptography with real-world implementations of block ciphers.展开更多
In any side-channel attack, it is desirable to exploit all the available leakage data to compute the distinguisher’s values. The profiling phase is essential to obtain an accurate leakage model, yet it may not be exh...In any side-channel attack, it is desirable to exploit all the available leakage data to compute the distinguisher’s values. The profiling phase is essential to obtain an accurate leakage model, yet it may not be exhaustive. As a result, information theoretic distinguishers may come up on previously unseen data, a phenomenon yielding empty bins. A strict application of the maximum likelihood method yields a distinguisher that is not even sound. Ignoring empty bins reestablishes soundness, but seriously limits its performance in terms of success rate. The purpose of this paper is to remedy this situation. In this research, we propose six different techniques to improve the performance of information theoretic distinguishers. We study t</span></span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;">hem thoroughly by applying them to timing attacks, both with synthetic and real leakages. Namely, we compare them in terms of success rate, and show that their performance depends on the amount of profiling, and can be explained by a bias-variance analysis. The result of our work is that there exist use-cases, especially when measurements are noisy, where our novel information theoretic distinguishers (typically the soft-drop distinguisher) perform the best compared to known side-channel distinguishers, despite the empty bin situation.展开更多
As wireless sensor networks (WSN) are deployed in fire monitoring, object tracking applications, security emerges as a central requirement. A case that Sybil node illegitimately reports messages to the master node w...As wireless sensor networks (WSN) are deployed in fire monitoring, object tracking applications, security emerges as a central requirement. A case that Sybil node illegitimately reports messages to the master node with multiple non-existent identities (ID) will cause harmful effects on decision-making or resource allocation in these applications. In this paper, we present an efficient and lightweight solution for Sybil attack detection based on the time difference of arrival (TDOA) between the source node and beacon nodes. This solution can detect the existence of Sybil attacks, and locate the Sybil nodes. We demonstrate efficiency of the solution through experiments. The experiments show that this solution can detect all Sybil attack cases without missing.展开更多
The timing and Hamming weight attacks on the data encryption standard (DES) cryptosystem for minimal cost encryption scheme is presented in this article. In the attack, timing information on encryption processing is...The timing and Hamming weight attacks on the data encryption standard (DES) cryptosystem for minimal cost encryption scheme is presented in this article. In the attack, timing information on encryption processing is used to select and collect effective plaintexts for attack. Then the collected plaintexts are utilized to infer the expanded key differences of the secret key, from which most bits of the expanded secret key are recovered. The remaining bits of the expanded secret key are deduced by the correlations between Hamming weight values of the input of the S-boxes in the first-round. Finally, from the linear relation of the encryption time and the secret key's Hamming weight, the entire 56 bits of the secret key are thoroughly recovered. Using the attack, the minimal cost encryption scheme can be broken with 2^23 known plaintexts and about 2^21 calculations at a success rate a 〉 99%. The attack has lower computing complexity, and the method is more effective than other previous methods.展开更多
This paper presents a computationally efficient real-time trajectory planning framework for typical unmanned combat aerial vehicle (UCAV) performing autonomous air-to-surface (A/S) attack. It combines the benefits...This paper presents a computationally efficient real-time trajectory planning framework for typical unmanned combat aerial vehicle (UCAV) performing autonomous air-to-surface (A/S) attack. It combines the benefits of inverse dynamics optimization method and receding horizon optimal control technique. Firstly, the ground attack trajectory planning problem is mathematically formulated as a receding horizon optimal control problem (RHC-OCP). In particular, an approximate elliptic launch acceptable region (LAR) model is proposed to model the critical weapon delivery constraints. Secondly, a planning algorithm based on inverse dynamics optimization, which has high computational efficiency and good convergence properties, is developed to solve the RHCOCP in real-time. Thirdly, in order to improve robustness and adaptivity in a dynamic and uncer- tain environment, a two-degree-of-freedom (2-DOF) receding horizon control architecture is introduced and a regular real-time update strategy is proposed as well, and the real-time feedback can be achieved and the not-converged situations can be handled. Finally, numerical simulations demon- strate the efficiency of this framework, and the results also show that the presented technique is well suited for real-time implementation in dynamic and uncertain environment.展开更多
Gaussian sampling over the integers is one of the fundamental building blocks of lattice-based cryptography.Among the extensively used trapdoor sampling algorithms,it is ineluctable until now.Under the influence of nu...Gaussian sampling over the integers is one of the fundamental building blocks of lattice-based cryptography.Among the extensively used trapdoor sampling algorithms,it is ineluctable until now.Under the influence of numerous side-channel attacks,it is still challenging to construct a Gaussian sampler that is generic,efficient,and resistant to timing attacks.In this paper,our contribution is three-fold.First,we propose a secure,efficient exponential Bernoulli sampling algorithm.It can be applied to Gaussian samplers based on rejection samplings.We apply it to FALCON,a candidate of round 3 of the NIST post-quantum cryptography standardization project,and reduce its signature generation time by 13–14%.Second,we develop an isochronous Gaussian sampler based on rejection sampling.Our Algorithm can securely sample from Gaussian distributions with different standard deviations and arbitrary centers.We apply it to PALISADE(S&P 2018),an open-source lattice-based cryptography library.During the online phase of trapdoor sampling,the running time of the G-lattice sampling algorithm is reduced by 44.12%while resisting timing attacks.Third,we improve the efficiency of the COSAC sampler(PQC 2020).The new COSAC sampler is 1.46x-1.63x faster than the original and has the lowest expected number of trials among all Gaussian samplers based on rejection samplings.But it needs a more efficient algorithm sampling from the normal distribution to improve its performance.展开更多
As promising alternatives in building future main memory systems, emerging non-volatile memory(NVM) technologies can increase memory capacity in a cost-effective and power-efficient way. However, NVM is facing securit...As promising alternatives in building future main memory systems, emerging non-volatile memory(NVM) technologies can increase memory capacity in a cost-effective and power-efficient way. However, NVM is facing security threats due to its limited write endurance: a malicious adversary can wear out the cells and cause the NVM system to fail quickly. To address this issue, several wear-leveling schemes have been proposed to evenly distribute write traffic in a security-aware manner. In this study, we present a new type of timing attack, remapping timing attack(RTA), based on information leakage from the remapping latency difference in NVM. Our analysis and experimental results show that RTA can cause three of the latest wear-leveling schemes(i.e., region-based start-gap,security refresh, and multi-way wear leveling) to lose their effectiveness in several days(even minutes), causing failure of NVM. To defend against such an attack, we further propose a novel wear-leveling scheme called the ‘security region-based start-gap(security RBSG)', which is a two-stage strategy using a dynamic Feistel network to enhance the simple start-gap wear leveling with level-adjustable security assurance. The theoretical analysis and evaluation results show that the proposed security RBSG not only performs well when facing traditional malicious attacks, but also better defends against RTA.展开更多
Cooperative guidance strategy for multiple hypersonic gliding vehicles system with flight constraints and cooperative constraints is investigated.This paper mainly cares about the coordination of the entry glide fligh...Cooperative guidance strategy for multiple hypersonic gliding vehicles system with flight constraints and cooperative constraints is investigated.This paper mainly cares about the coordination of the entry glide flight phase and driving-down phase.Different from the existing results,both the attack time and the attack angle constraints are considered simultaneously.Firstly, for the entry glide flight phase, a two-stage method is proposed to achieve the rapid cooperative trajectories planning, where the control signal corridors are designed based on the quasi-equilibrium gliding conditions.In the first stage, the bank angle curve is optimized to achieve the attack angle coordination.In the second stage, the angle of attack curve is optimized to achieve the attack time coordination.The optimized parameters can be obtained by the secant method.Secondly, for the driving-down phase, the cooperative terminal guidance law is designed where the terminal attack time and attack angle are considered.The guidance law is then transformed into the bank angle and angle of attack commands.The cooperative guidance strategy is summarized as an algorithm.Finally, a numerical simulation example with three hypersonic gliding vehicles is provided for revealing the effectiveness of the acquired strategy and algorithm.展开更多
基金Supported by the National Natural Science Foun-dation of China(60573031) the Foundation of National Laboratoryfor Modern Communications(51436060205J W0305) the Founda-tion of Senior Visiting Scholarship of Fudan University
文摘Timing attacks break a cryptosystem by time measurement to recover keys. Most available countermeasures protect block ciphers based on the safety of modules. This paper gives a complete definition of timing attacks and studies the vulnerability of operations and modules on timing attacks. We present a method to transfer the security of the algorithm to that of secure operations by reduction. As a result, we hopefully tend to reconcile the provable security notions and modem cryptography with real-world implementations of block ciphers.
文摘In any side-channel attack, it is desirable to exploit all the available leakage data to compute the distinguisher’s values. The profiling phase is essential to obtain an accurate leakage model, yet it may not be exhaustive. As a result, information theoretic distinguishers may come up on previously unseen data, a phenomenon yielding empty bins. A strict application of the maximum likelihood method yields a distinguisher that is not even sound. Ignoring empty bins reestablishes soundness, but seriously limits its performance in terms of success rate. The purpose of this paper is to remedy this situation. In this research, we propose six different techniques to improve the performance of information theoretic distinguishers. We study t</span></span><span style="font-family:Verdana;"><span style="font-family:Verdana;"><span style="font-family:Verdana;">hem thoroughly by applying them to timing attacks, both with synthetic and real leakages. Namely, we compare them in terms of success rate, and show that their performance depends on the amount of profiling, and can be explained by a bias-variance analysis. The result of our work is that there exist use-cases, especially when measurements are noisy, where our novel information theoretic distinguishers (typically the soft-drop distinguisher) perform the best compared to known side-channel distinguishers, despite the empty bin situation.
基金the Specialized Research Foundation for the Doctoral Program of Higher Education(Grant No.20050248043)
文摘As wireless sensor networks (WSN) are deployed in fire monitoring, object tracking applications, security emerges as a central requirement. A case that Sybil node illegitimately reports messages to the master node with multiple non-existent identities (ID) will cause harmful effects on decision-making or resource allocation in these applications. In this paper, we present an efficient and lightweight solution for Sybil attack detection based on the time difference of arrival (TDOA) between the source node and beacon nodes. This solution can detect the existence of Sybil attacks, and locate the Sybil nodes. We demonstrate efficiency of the solution through experiments. The experiments show that this solution can detect all Sybil attack cases without missing.
基金supported by the National Basic Research Program of China (2007CB807902, 2007CB807903)the Education Innovation Foundation of Institution and University of Beijing (2004).
文摘The timing and Hamming weight attacks on the data encryption standard (DES) cryptosystem for minimal cost encryption scheme is presented in this article. In the attack, timing information on encryption processing is used to select and collect effective plaintexts for attack. Then the collected plaintexts are utilized to infer the expanded key differences of the secret key, from which most bits of the expanded secret key are recovered. The remaining bits of the expanded secret key are deduced by the correlations between Hamming weight values of the input of the S-boxes in the first-round. Finally, from the linear relation of the encryption time and the secret key's Hamming weight, the entire 56 bits of the secret key are thoroughly recovered. Using the attack, the minimal cost encryption scheme can be broken with 2^23 known plaintexts and about 2^21 calculations at a success rate a 〉 99%. The attack has lower computing complexity, and the method is more effective than other previous methods.
基金supported by the National Defense Foundation of China(No.403060103)
文摘This paper presents a computationally efficient real-time trajectory planning framework for typical unmanned combat aerial vehicle (UCAV) performing autonomous air-to-surface (A/S) attack. It combines the benefits of inverse dynamics optimization method and receding horizon optimal control technique. Firstly, the ground attack trajectory planning problem is mathematically formulated as a receding horizon optimal control problem (RHC-OCP). In particular, an approximate elliptic launch acceptable region (LAR) model is proposed to model the critical weapon delivery constraints. Secondly, a planning algorithm based on inverse dynamics optimization, which has high computational efficiency and good convergence properties, is developed to solve the RHCOCP in real-time. Thirdly, in order to improve robustness and adaptivity in a dynamic and uncer- tain environment, a two-degree-of-freedom (2-DOF) receding horizon control architecture is introduced and a regular real-time update strategy is proposed as well, and the real-time feedback can be achieved and the not-converged situations can be handled. Finally, numerical simulations demon- strate the efficiency of this framework, and the results also show that the presented technique is well suited for real-time implementation in dynamic and uncertain environment.
基金This work is supported in part by National Natural Science Foundation of China(No.U1936209 and No.62002353)China Postdoctoral Science Foundation(No.2021M701726)Yunnan Provincial Major Science and Technology Special Plan Projects(No.202103AA080015).
文摘Gaussian sampling over the integers is one of the fundamental building blocks of lattice-based cryptography.Among the extensively used trapdoor sampling algorithms,it is ineluctable until now.Under the influence of numerous side-channel attacks,it is still challenging to construct a Gaussian sampler that is generic,efficient,and resistant to timing attacks.In this paper,our contribution is three-fold.First,we propose a secure,efficient exponential Bernoulli sampling algorithm.It can be applied to Gaussian samplers based on rejection samplings.We apply it to FALCON,a candidate of round 3 of the NIST post-quantum cryptography standardization project,and reduce its signature generation time by 13–14%.Second,we develop an isochronous Gaussian sampler based on rejection sampling.Our Algorithm can securely sample from Gaussian distributions with different standard deviations and arbitrary centers.We apply it to PALISADE(S&P 2018),an open-source lattice-based cryptography library.During the online phase of trapdoor sampling,the running time of the G-lattice sampling algorithm is reduced by 44.12%while resisting timing attacks.Third,we improve the efficiency of the COSAC sampler(PQC 2020).The new COSAC sampler is 1.46x-1.63x faster than the original and has the lowest expected number of trials among all Gaussian samplers based on rejection samplings.But it needs a more efficient algorithm sampling from the normal distribution to improve its performance.
基金Project supported by the National High-Tech R&D Program(863)of China(Nos.2015AA015301 and 2015AA016701)the National Natural Science Foundation of China(Nos.61303046,61472153,61502190,and 61232004)+2 种基金the State Key Laboratory of Computer Architecture(No.CARCH201505)the Wuhan Applied Basic Research Project,China(No.2015010101010004)the Engineering Research Center of Data Storage Systems and Technology,Ministry of Education,China
文摘As promising alternatives in building future main memory systems, emerging non-volatile memory(NVM) technologies can increase memory capacity in a cost-effective and power-efficient way. However, NVM is facing security threats due to its limited write endurance: a malicious adversary can wear out the cells and cause the NVM system to fail quickly. To address this issue, several wear-leveling schemes have been proposed to evenly distribute write traffic in a security-aware manner. In this study, we present a new type of timing attack, remapping timing attack(RTA), based on information leakage from the remapping latency difference in NVM. Our analysis and experimental results show that RTA can cause three of the latest wear-leveling schemes(i.e., region-based start-gap,security refresh, and multi-way wear leveling) to lose their effectiveness in several days(even minutes), causing failure of NVM. To defend against such an attack, we further propose a novel wear-leveling scheme called the ‘security region-based start-gap(security RBSG)', which is a two-stage strategy using a dynamic Feistel network to enhance the simple start-gap wear leveling with level-adjustable security assurance. The theoretical analysis and evaluation results show that the proposed security RBSG not only performs well when facing traditional malicious attacks, but also better defends against RTA.
基金supported by the National Natural Science Foundation of China(Nos.61922008,61973013,61873011,61803014)the Innovation Zone Project of China(No.18-163-00-TS-001-001-34)+3 种基金the Beijing Natural Science Foundation of China(No.4182035)the Young Elite Scientists Sponsorship Program by CAST of China(No.017QNRC001)the Aeronautical Science Foundation of China(No.20170151001)the Special Research Project of Chinese Civil Aircraft,the State Key Laboratory of Intelligent Control and Decision of Complex Systems,the Key Laboratory of System Control and Information Processing,and the Shananxi Key Laboratory of Integrated and Intelligent Navigation(No.SKLIIN-20180105)。
文摘Cooperative guidance strategy for multiple hypersonic gliding vehicles system with flight constraints and cooperative constraints is investigated.This paper mainly cares about the coordination of the entry glide flight phase and driving-down phase.Different from the existing results,both the attack time and the attack angle constraints are considered simultaneously.Firstly, for the entry glide flight phase, a two-stage method is proposed to achieve the rapid cooperative trajectories planning, where the control signal corridors are designed based on the quasi-equilibrium gliding conditions.In the first stage, the bank angle curve is optimized to achieve the attack angle coordination.In the second stage, the angle of attack curve is optimized to achieve the attack time coordination.The optimized parameters can be obtained by the secant method.Secondly, for the driving-down phase, the cooperative terminal guidance law is designed where the terminal attack time and attack angle are considered.The guidance law is then transformed into the bank angle and angle of attack commands.The cooperative guidance strategy is summarized as an algorithm.Finally, a numerical simulation example with three hypersonic gliding vehicles is provided for revealing the effectiveness of the acquired strategy and algorithm.