Search for: All records

As post-quantum cryptography (PQC) nears standardization and eventual deployment, it is increasingly important to understand the security of the implementations of selected schemes. In this paper, we conduct such an investigation, uncovering concerning findings about many of the finalists of the NIST PQC standardization competition. Specifically, we show Rowhammer-based attacks on the Kyber and BIKE Key Exchange Mechanisms and the Dilithium Digital Signature scheme that enable complete recovery of the secret key with only a moderate amount of effort – no supercomputers, or months of precomputation. Moreover, we experimentally carry out our attacks using a combination of Rowhammer, performance degradation, and memory massaging techniques, showing that our attacks are practically feasible. Our results show that such side-channel based attacks are a critical concern and need to be considered when new cryptographic schemes are standardized, when standard implementations are developed, and when instances are deployed. We conclude with recommendations on implementation techniques that harden cryptographic schemes against Rowhammer attacks. 

Capacitive sensing technology is widely applied in ubiquitous sensing. Its low-power consumption enables it to be used in a wide variety of Industry 4.0 applications. Capacitive Sensors can be combined into Arrays (CSAs) with mutual capacitive sensing to reduce external wiring requirements. For instance, the Texas Instruments (TI) MSP430FR2676 can capture and process data from 8×8 capacitive sensor grids. However, it is limited to supporting only 64 sensors. We propose a design incorporating daisy-chaining of CSAs via the I2C serial protocol to enable support for 256 sensors. We also demonstrate a rapid prototyping implementation of 128 sensors. The extended work we plan is to implement the prototype on custom Printed Circuit Boards (PCB) and maximize data update frequency. This architecture can find relevance in industries like manufacturing and farming, enhancing precision in the interaction between robots and humans/objects. 

Capacitive sensors are common ubiquitous sensing devices that permeate through many industries. The overwhelming majority of touchscreens use capacitive sensor arrays for the precise detection of touch. Many MEMS sensors use capacitance as the variable that is manipulated to detect the sensed parameter (e.g. accelerometers). However, the use of non-rigid, ambient, or custom capacitive sensor arrays has not seen the same level of adoption. CSAs (capacative sensor arrays) can be made from a wide array of materials and techniques-including 3d printing and laser ablation-to rapidly create CSAs that can be custom fit to enable proximity, force, and touch detection. This work investigates some of these materials and how they can be fabricated in a laboratory environment with a single robotic arm. 

Web decentralization has the potential to radically change the way we produce, store, and manage data. Much of the focus of decentralization has been on blockchain tech-nologies which have high energy requirements. An alternative and potentially complementary decentralization technology exists in the form of the Solid project. Solid primarily exists for the decentralization of online social data that is prevalent in social media. However, many of the key challenges to realizing a decentralized social web exist in the current Internet of Things (IoT). IoT-especially industrial IoT-is currently a collection of many intranets of things rather than an interconnected network of machines. Those devices that are public facing produce data and consume commands often devoid of context. Devices at the edge are resource constrained and the overhead of many decentralization technologies may be technologically infeasible or would result in performance degradation. It is our hypothesis that a mechanism to overcome some of these challenges can exist in the form of a client bridge to integrate IoT devices with the Solid infrastructure, which would in turn enable finer access control and improved context that are necessary to realize a more interconnected Internet of Things. This work demonstrates the feasibility of this paradigm, and plots future directions to bring this technology to fruition. 

Post-quantum cryptography (PQC) refers to cryptographic algorithms that are thought to be secure against a cryptanalytic attack by a quantum computer. Before PQC algorithms can be widely deployed to replace the current standards such as the RSA algorithm, they need to be rigorously evaluated theoretically and practically. In this work, we present a cloud-based infrastructure being developed for performing side-channel analysis on PQC algorithms for the research community. Multiple types of side-channel attacks, such as timing attacks, power attacks, and electromagnetic attacks can be applied on different types of devices, such as FPGA devices and microcontrollers. An automated tool flow is being developed that can run executables on the target devices, collect traces (e.g., power consumption waveforms and electromagnetic radiation signals), perform leakage assessment (using Test Vector Leakage Assessment), and generate analysis reports. Remote users access the infrastructure through a web portal by uploading the hardware or software implementations of cryptographic algorithms. Side-channel attack and leakage analysis are performed on the given implementation. Finally, the user is informed for downloading the analysis report from the portal.