Search results for: side-channel attacks

binary

Mixed-signal circuits can stop side-channel attacks against IoT devices

Purdue University innovators have unveiled technology that is 100 times more resilient to electromagnetic and power attacks, to stop side-channel attacks against IoT devices. Securing IoT devices against side-channel attacks Security of embedded devices is essential in today’s internet-connected world. Security is typically guaranteed mathematically using a small secret key to encrypt the private messages. When these computationally secure encryption algorithms are implemented on a physical hardware, they leak critical side-channel information in the form … More

Washington D.C. workshop on side-channel analysis attacks on embedded devices

Cryptography Research will hold a one-day workshop about how to thwart attacks on embedded devices like mobile communication systems. The workshop is entitled: “An Introduction to Side-Channel Analysis, SPA, DPA and Timing Attacks” and will take place at the Crowne Plaza Washington DC/Silver Spring Hotel on August 14, 2008. This is the third in a series of embedded system security workshops CRI has run this year. Participants will get up to speed on side-channel attacks, … More

vectors

Malware and ransomware attack volume down due to more targeted attacks

Cybercriminals are leveraging more evasive methods to target businesses and consumers, a SonicWall report reveals. “Cybercriminals are honing their ability to design, author and deploy stealth-like attacks with increasing precision, while growing their capabilities to evade detection by sandbox technology,” said SonicWall President and CEO Bill Conner. “Now more than ever, it’s imperative that organizations detect and respond quickly, or run the risk of having to negotiate what’s being held at ransom from criminals so … More

Intel processor

Intel releases updates to plug TPM-FAIL flaws, foil ZombieLoad v2 attacks

Intel’s Patch Tuesday releases are rarely so salient as those pushed out this month: the semiconductor chip manufacturer has patched a slew of high-profile vulnerabilities in their chips and drivers. TPM-FAIL TPM-FAIL is a name given to vulnerabilities found in some Intel’s firmware-based TPM (fTPM) and STMicroelectronics’ TPM chipsets, discovered by Ahmad “Daniel” Moghimi and Berk Sunar from Worcester Polytechnic Institute, Thomas Eisenbarth from University of Lübeck and Nadia Heninger from University of California at … More

complex

Week in review: VirtualBox 0day, GPU side channel attacks, vulnerable self-encrypting SSDs

Here’s an overview of some of last week’s most interesting news and articles: Five key considerations when developing a Security Operations Center Organizations should start with the following five key considerations if they are to get the most out of their SOC. How financial institutions can change the economics of fraud The volume of data breaches has bolstered fraudster’s ability to waltz through the front doors of businesses using synthetic identities. VirtualBox Guest-to-Host escape 0day … More

Google Chrome

Chrome users get Site Isolation by default to ward off Spectre attacks

Site Isolation, the optional security feature added to Chrome 63 late last year to serve as protection against Spectre information disclosure attacks, has been enabled by default for all desktop Chrome users who upgraded to Chrome 67. How Site Isolation mitigates risk of Spectre attacks “In January, Google Project Zero disclosed a set of speculative execution side-channel attacks that became publicly known as Spectre and Meltdown. An additional variant of Spectre was disclosed in May. … More

keys

CRIME, TIME, BREACH and HEIST: A brief history of compression oracle attacks on HTTPS

The HEIST vulnerability was presented at Black Hat USA 2016 by Mathy Vanhoef and Tom Van Goethem. In this presentation, new techniques were presented that enhanced previously presented padding oracle attacks on HTTPS, making them more practical. In a padding oracle attack, the attacker has partial control of part of a message that contains secret information, and is compressed, then encrypted before being sent over the network. An example of this is a web page … More

DJI drone

Researchers discover how to pinpoint the location of a malicious drone operator

Researchers at Ben-Gurion University of the Negev (BGU) have determined how to pinpoint the location of a drone operator who may be operating maliciously or harmfully near airports or protected airspace by analyzing the flight path of the drone. Drones (small commercial unmanned aerial systems) pose significant security risks due to their agility, accessibility and low cost. As a result, there is a growing need to develop methods for detection, localization and mitigation of malicious … More

Intertrust whiteCryption Secure Key Box

Intertrust launches enterprise-ready white-box cryptography solution for web apps

Intertrust announced the launch of whiteCryption Secure Key Box (SKB) for Web at the RSA Conference 2020. The first and only enterprise-ready white-box cryptography solution for web applications, it ensures that web apps can be used without fear of exposing the underlying keys and credentials to cyberattack. SKB for Web brings Intertrust’s proven whiteCryption white-box technology, which prevents hackers from extracting keys using either static or dynamic methods, to web applications. SKB for Web is … More

Crypto Quantique raises $8M to address the growing challenges of end-to-end IoT security

Crypto Quantique, a privately held company with a mission to revolutionize the IoT with quantum driven cybersecurity, announced that it has raised an $8 million seed round led by ADV along with participation from Entrepreneur First, amongst others. Crypto Quantique’s disruptive cybersecurity technology, uses the most advanced techniques in cryptography and quantum physics to address the growing challenges of end-to-end IoT security. Its unique feature is that a single chip can generate multiple, unique, unforgeable … More

OpenSSH

OpenSSH adds protection against Spectre, Meltdown, RAMBleed

OpenSSH, a widely used suite of programs for secure (SSH protocol-based) remote login, has been equipped with protection against side-channel attacks that could allow attackers to extract private keys from memory. About OpenSSH OpenSSH is the most popular implementation of the SSH (Secure Shell) protocol. It encrypts all traffic to stymie eavesdropping, connection hijacking, and similar attacks, and provides several authentication methods, a variety of configuration options and various tunneling capabilities. The suite is incorporated … More

Field-programmable gate arrays

Scientists uncover vulnerability in FPGAs, affecting cloud services and IoT

Field-programmable gate arrays (FPGAs) are, so to say, a computer manufacturer’s “Lego bricks”: electronic components that can be employed in a more flexible way than other computer chips. Even large data centers that are dedicated to cloud services, such as those provided by some big technology companies, often resort to FPGAs. To date, the use of such services has been considered as relatively secure. Recently, however, scientists at Karlsruhe Institute of Technology (KIT) uncovered potential … More