The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
This paper introduces dudect: a tool to assess whether a piece of code runs in constant time or not on a given platform. We base our approach on leakage detection techniques, resulting in a very compact, easy to use and easy to maintain tool. Our methodology fits in around 300 lines of C and runs on the target platform. The approach is substantially different from previous solutions. Contrary to others,...
The detection of malicious hardware logic (hardware Trojan) requires test patterns that succeed in exciting the malicious logic part. Testing of all possible input patterns is often prohibitively expensive. As an alternative, we explored previously the applicability of the combinatorial testing principles. In this paper, we turn our focus on the efficiency of this approach for triggering the hidden...
Traditionally, card emulation mode in Near Field Communication devices makes use of a hardware Secure Element (SE) as a secure storage and execution environment for applications. However, a different way of card emulation that bypasses the SE has emerged, referred to as Host-based Card Emulation (HCE). HCE relies on the phone CPU for processing power, sharing it with other running processes. This...
RSA cryptographic algorithm has long achieved cryptographic and market maturity. However, RSA implementations, after the discovery of Side Channel Attacks (SCA), are susceptible to a variety of different attacks that target the hardware structure rather than the algorithm itself. There are a wide range of countermeasures that can be applied on the RSA structure in order to protect the algorithm from...
Cryptographic algorithms are routinely used toper form computationally intense operations over increasingly larger volumes of data, and in order to meet the high throughput requirements of the applications, are often implemented by VLSI designs. The high complexity of such implementations raises concern about their reliability. In order to improve upon the testability of sequential circuits, both...
In today's world there is a growing demand for real-time implementation of cryptographic algorithms which are being used in secure communication systems, networks and security systems. Traditional computing techniques involved the use of application specific integrated circuits to achieve high performance but with extremely inflexible hardware design meanwhile the flexibility of hardware design was...
Most pseudorandom number generators (PRNGs) scale poorly to massively parallel high-performance computation because they are designed as sequentially dependent state transformations. We demonstrate that independent, keyed transformations of counters produce a large alternative class of PRNGs with excellent statistical properties (long period, no discernable structure or correlation). These counter-based...
Developing multithreaded programs in shared-memory systems is difficult. One key reason is the nondeterminism of thread interaction, which may result in one code input producing different outputs in different runs. Unfortunately, enforcing determinism by construction typically comes at a performance, hardware, or programmability cost. An alternative is to check during testing whether code is deterministic...
Scan technology carries the potential of being misused as a ??side channel?? to leak out the secret information of crypto cores. To address such a design challenge, this paper proposes a design-for-secure-test (DFST) solution for crypto cores by adding a stimuli-launched flip-flop into the traditional scan flip-flop to maintain the high test quality without compromising the security.
We report our experiences in designing and implementing several hardware Trojans within the framework of the Embedded System Challenge competition that was held as part of the Cyber Security Awareness Week (CSAW) at the Polytechnic Institute of New York University in October 2008. Due to the globalization of the Integrated Circuit (IC) manufacturing industry, hardware Trojans constitute an increasingly...
The paper assesses in terms of fault coverage the testing effectiveness of built-in self test for the non-linear operations of the advanced encryption standard (AES). The testing method we propose is particularly attractive due to its reduced hardware implementation overhead and simple error control. The mechanism can be applied both as a concurrent testing solution and as an off-line test. The pseudorandom...
In this paper we consider the problem of designing a data structure that can perform fast multiset membership testing in deterministic time. Our primary goal is to develop a hardware implementation of the data structure which uses only embedded memory blocks. Prior efforts to solve this problem involve hashing into multiple bloom filters. Such approach needs a priori knowledge of the number of elements...
Cryptographic devices have to be fully testable in order to ensure proper functionalities. On the other hand, security requirements restrict the use of some testing techniques, such as scan chains. Built-In Self Tests may be a solution, but they often require expensive additional components included into the circuitry. The possibility of using the ciphering circuit itself to perform the self test...
In the relatively young field of fault-tolerant cryptography, the main research effort has focused exclusively on the protection of the data path of cryptographic circuits. To date, however, we have not found any work that aims at protecting the control logic of these circuits against fault attacks, which thus remains the proverbial Achilles' heel. Motivated by a hypothetical yet realistic fault analysis...
Mobile agents are identified as the future platform for distributed electronic services (F. Hohl). However, hosts visited by mobile agents can be malicious and try to analyse or modify the agent code, data or behaviour. In this paper we will present the state of the art of securing mobile agents against malicious hosts and an approach that we suggest. In such state of the art, we identify strong and...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.