On the Importance of Pooling Layer Tuning for Profiling Side-Channel Analysis

In recent years, the advent of deep neural networks opened new perspectives for security evaluations with side-channel analysis. Profiling attacks now benefit from capabilities offered by convolutional neural networks, such as dimensionality reduction and the inherent ability to reduce the trace desynchronization effects. These neural...

Efficient Circuits for Permuting and Mapping Packed Values Across Leveled Homomorphic Ciphertexts

Cloud services are an essential part of our digital infrastructure as organizations outsource large amounts of data storage and computations. While organizations typically keep sensitive data in encrypted form at rest, they decrypt it when performing computations, leaving the cloud provider free to observe the data. Unfortunately, access to...

Deep Learning-Based Side-Channel Analysis Against AES Inner Rounds

Side-channel attacks (SCA) focus on vulnerabilities caused by insecure implementations and exploit them to deduce useful information about the data being processed or the data itself through leakages obtained from the device. There have been many studies exploiting these leakages, and most of the state-of-the-art attacks have been shown to...

Lighter is Better: A Lighter Multi-client Verifiable Outsourced Computation with Hybrid Homomorphic Encryption

Gordon et al. (TCC 2015) systematically studied the security of Multi-client Verifiable Computation (MVC), in which a set of computationally-weak clients outsource the computation of a general function f over their private inputs to an untrusted server. They introduced the universally composable (UC) security of MVC and proposed a scheme...

On the Effect of Clock Frequency on Voltage and Electromagnetic Fault Injection

We investigate the influence of clock frequency on the success rate of a fault injection attack. In particular, we examine the success rate of voltage and electromagnetic fault attacks for varying clock frequencies. Using three different tests that cover different components of a System-on-Chip, we perform fault injection while its CPU...

For Your Voice Only: Exploiting Side Channels in Voice Messaging for Environment Detection

Voice messages are an increasingly popular method of communication, accounting for more than 200 million messages a day. Sending audio messages requires a user to invest lesser effort than texting while enhancing the message’s meaning by adding an emotional context (e.g., irony). Unfortunately, we suspect that voice messages might provide...

DEKS: A Secure Cloud-Based Searchable Service Can Make Attackers Pay

Many practical secure systems have been designed to prevent real-world attacks via maximizing the attacking cost so as to reduce attack intentions. Inspired by this philosophy, we propose a new concept named delay encryption with keyword search (DEKS) to resist the notorious keyword guessing attack (KGA), in the context of secure cloud-based...

Upside Down: Exploring the Ecosystem of Dark Web Data Markets

Large-scale dark web marketplaces have been around for more than a decade. So far, academic research has mainly focused on drug and hacking-related offers. However, data markets remain understudied, especially given their volatile nature and distinct characteristics based on shifting iterations. In this paper, we perform a large-scale study...

VAL: Volume and Access Pattern Leakage-Abuse Attack with Leaked Documents

Searchable Encryption schemes provide secure search over encrypted databases while allowing admitted information leakages. Generally, the leakages can be categorized into access and volume pattern. In most existing SE schemes, these leakages are caused by practical designs but are considered an acceptable price to achieve high search...

No-Directional and Backward-Leak Uni-Directional Updatable Encryption Are Equivalent

Updatable encryption (UE) enables the cloud server to update the previously sourced encrypted data to a new key with only an update token received from the client. Two interesting works have been proposed to clarify the relationships among various UE security notions. Jiang (ASIACRYPT 2020) proved the equivalence of every security notion in...

Combining ID’s, Attributes, and Policies in Hyperledger Fabric

This work aims to provide a more secure access control in Hyperledger Fabric blockchain by combining multiple ID’s, attributes, and policies with the components that regulate access control. The access control system currently used by Hyperledger Fabric is first completely analyzed. Next, a new implementation is proposed that builds upon the...

ID-Based Self-encryption via Hyperledger Fabric Based Smart Contract

This paper offers a prototype of a Hyperledger Fabric-IPFS based network architecture including a smart contract based encryption scheme that meant to improve the security of user’s data that is being uploaded to the distributed ledger. A new extension to the self-encryption scheme was deployed by integrating data owner’s identity into the...