Input Bytes Research Articles

A 7-Gbps SCA-Resistant Multiplicative-Masked AES Engine in Intel 4 CMOS

A multiplicative masked advanced encryption standard (AES)-128/-256 engine with measured side-channel resistance to correlation power and electromagnetic (EM) attacks in Intel 4 CMOS process is presented. While conventional additive masking offers significant improvements in minimum-time-to-disclosure (MTD) for the extracted key bytes, mask compensations in non-linear Sboxes incur >100% area overheads. Multiplicative masking provides a simpler computation of non-linear inverse operation by converting the inputs from an additive to a multiplicative domain. However, multiplicative masked AES designs suffer from zero-value attacks, where “0” valued inputs on Sbox bytes exhibit distinct power signatures compared to a random input byte. The AES engine implements dual-rail zero-value attack detection and mitigation circuits to counteract zero-valued input Sbox bytes. Low-overhead mask conversion and multiplicative Sbox datapath circuits enable <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$1.8\times $ </tex-math></inline-formula> and 50% reduction in area and performance overheads, respectively. The countermeasure enables 34000–40 <inline-formula xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink"> <tex-math notation="LaTeX">$000\times $ </tex-math></inline-formula> improvements in measured MTD against correlation power and EM attacks compared to an unprotected AES implementation while limiting the area and performance overheads to 65% and 4%, respectively.

CAMFuzz: Explainable Fuzzing with Local Interpretation

Grey-box fuzzing techniques have been widely used in software bug finding. In general, there are many decisions to make in the fuzzing process, including which code block in the target program should be explored first, which bytes of an input seed should be mutated to reach the target code block, and how to mutate the chosen input bytes. However, existing solutions usually rely on random exploration or certain heuristics to choose where and how to fuzz, which limits the efficiency of fuzzing. In this paper, we propose a novel solution CAMFuzz to guide the fuzzing process with explainable decisions in explainable artificial intelligence (XAI). First, we propose a dynamic weight adjustment algorithm, which considers both the difficulty of reaching a block and the number of unvisited blocks nearby, to find code blocks worthy to explore first. Second, we utilize a widely used local interpretation technique, i.e., class activation mapping (CAM), to recognize which part of an input seed should be mutated to reach a given target code block. Therefore, CAMFuzz can distinguish which part of code in the program is more important and which positions in the input file should be mutated first, in order to achieve a better code coverage and bug finding efficiency. Third, to further help the fuzzer increase fuzzing efficiency, we leverage a lightweight static program analysis to help the fuzzer identify magic values. We implement a prototype of CAMFuzz and evaluate it on 13 real-world programs (including 11 open source targets, 2 closed-source commercial products including a Microsoft component and Hancom Office) Results show that CAMFuzz outperforms state-of-the-art fuzzers in both code coverage and bug finding. To detail, CAMFuzz on average achieves 2.07times more bugs and 1.17times coverage improvements. In total, it found 19 previously unknown vulnerabilities, of which 6 have been assigned by CVE so far.

Adversarial EXEmples

Recent work has shown that adversarial Windows malware samples—referred to as adversarial EXE mples in this article—can bypass machine learning-based detection relying on static code analysis by perturbing relatively few input bytes. To preserve malicious functionality, previous attacks either add bytes to existing non-functional areas of the file, potentially limiting their effectiveness, or require running computationally demanding validation steps to discard malware variants that do not correctly execute in sandbox environments. In this work, we overcome these limitations by developing a unifying framework that does not only encompass and generalize previous attacks against machine-learning models, but also includes three novel attacks based on practical, functionality-preserving manipulations to the Windows Portable Executable file format. These attacks, named Full DOS , Extend , and Shift , inject the adversarial payload by respectively manipulating the DOS header, extending it, and shifting the content of the first section. Our experimental results show that these attacks outperform existing ones in both white-box and black-box scenarios, achieving a better tradeoff in terms of evasion rate and size of the injected payload, while also enabling evasion of models that have been shown to be robust to previous attacks. To facilitate reproducibility of our findings, we open source our framework and all the corresponding attack implementations as part of the secml-malware Python library. We conclude this work by discussing the limitations of current machine learning-based malware detectors, along with potential mitigation strategies based on embedding domain knowledge coming from subject-matter experts directly into the learning process.

Efficient implementations of Bloom filter using block RAMs and DSP slices on the FPGA

SummaryThis paper presents efficient FPGA implementations for the Bloom filter, in which a large set P of L‐byte patterns are registered beforehand. Our Bloom filter circuit performs the byte stream pattern test such that it receives an input byte stream t and outputs the bit stream in every clock cycle. Each bit of the output bit stream is 1 if an L‐byte sequence of t starting from the corresponding position is identical with one of the patterns in P. Our circuits use rolling hash functions to compute signatures of all patterns in P registered in Ultra RAMs of the Xilinx UltraScale+ FPGA VU9P. We present two types of implementations, DSP‐based implementation and RAM‐based implementation to compute rolling hash functions of L‐byte sequences using DSP slices and Block RAMs in the FPGA, respectively. The experimental results show that both DSP‐based and RAM‐based Bloom filter circuits for 4800K patterns of length 1024 can perform the byte stream pattern test for 1.1 Gps and 1.3 Gbps input byte streams, respectively, with false positive probability 10−12. Moreover, we can configure DSP‐based and RAM‐based Bloom filter circuits for 100K patterns to work for 54.9 Gbps and 62.2 Gbps input byte streams, respectively, with false positive probability 10−12.

Heterogeneous Multiprocessor Matching Degree Scheduling Algorithm Based on OpenCL Framework

In a heterogeneous multi-core system, the merits of the task scheduling algorithm have a great impact on the efficiency of the system. This paper implements a matching degree scheduling algorithm based on heterogeneous multiprocessor. Before the actual scheduling, the static task feature value and the processor core configuration feature value are mapped into the same European space, and the “program-core-distance” matching value is calculated by using the WED. In the actual scheduling, the matching value and the size of the input byte are obtained, and the tasks are matched with the processor under the influence of the two to determine the execution order of the tasks on each processor. The scheduling method based on OpenCL framework is compared with the traditional scheduling algorithm. It shows that the scheduling scheme implemented in this paper has significantly improved efficiency when executing tasks.

АРХІТЕКТУРА СИСТЕМИ ДЕДУБЛІКАЦІЇ ТА РОЗПОДІЛУ ДАНИХ У ХМАРНИХ СХОВИЩАХ ПІД ЧАС РЕЗЕРВНОГО КОПІЮВАННЯ

The conceptual model of the system is developed and described in detail. An intelligent system of deduplication and distribution of data in the cloud storage is developed, the description of the software is described, the stages of the user's work are considered. Testing of the projected system was carried out. Several control samples are described and results are analyzed. The purpose of the system is to deduplicate and distribute data in cloud repositories in such a way that the end result of the backup is to eliminate duplicate pieces of data using distributed computing and cloud repositories. By picking the right approach to distribute tasks and data during deduplication, you can harness the full potential of cloud-based distributed systems to increase backup speed and bandwidth. Analyzes (disadvantages and advantages of using different approaches) are analyzed and effective methods of solution are selected: hybrid block-level deduplication, splitting of data flow on the basis of Rabin's digital imprint, distribution of data based on hash values of blocks of deduplication and use of distributed index. Block-level deduplication involves two types of data flow splitting into blocks, a fixed-length, algorithm-based split. Fixed-length partitioning is rather trivial and fast with respect to the complexity of the algorithm, but the downside is that data is displaced at the beginning of the stream, since the blocks that will follow after the changes will be considered new. However, in the case of partitioning of blocks of variable length, the point of proper partitioning is determined by the algorithm. This algorithm should work with infinite data flows using the ring hash function. The algorithm absorbs each input byte of data from the stream, and as soon as the value of the annular hash function corresponds to the previously specified template, it also serves as a point of splitting the stream into blocks. Thus, if the data is changed or displaced by a couple of bytes, only the data block that covers the data will be considered new. However, in order to track changes and correctly set breakpoints, it is necessary to check the input data for a specific preset digital pattern - a hash value. It is a common practice to calculate a hash value every time an input byte is received in a data stream. The point of partition will be the moment when the resulting hash value matches the specified pattern. To do these calculations effectively, an algorithm has been devised for the ring hash. One of the most common ring hash algorithms is a digital Rabin imprint. During the analysis of the solutions, the Rust programming language for client-side writing, the Scala programming language for the server-side, the Akka distributed computing management tool, and Amazon S3 as the cloud repository were selected.

Scalable Algorithms for NFA Multi-Striding and NFA-Based Deep Packet Inspection on GPUs

Finite state automata (FSA) are used by many network processing applications to match complex sets of regular expressions in network packets. In order to make FSA-based matching possible even at the ever-increasing speed of modern networks, multi-striding has been introduced. This technique increases input parallelism by transforming the classical FSA that consumes input byte by byte into an equivalent one that consumes input in larger units. However, the algorithms used today for this transformation are so complex that they often result unfeasible for large and complex rule sets. This paper presents a set of new algorithms that extend the applicability of multi-striding to complex rule sets. These algorithms can transform nondeterministic finite automata (NFA) into their multi-stride form with reduced memory and time requirements. Moreover, they exploit the massive parallelism of graphical processing units for NFA-based matching. The final result is a boost of the overall processing speed on typical regex-based packet processing applications, with a speedup of almost one order of magnitude compared to the current state-of-the-art algorithms.

Collaborative reversing of input formats and program data structures for security applications

Reversing the syntactic format of program inputs and data structures in binaries plays a vital role for understanding program behaviors in many security applications. In this paper, we propose a collaborative reversing technique by capturing the mapping relationship between input fields and program data structures. The key insight behind our paper is that program uses corresponding data structures as references to parse and access different input fields, and every field could be identified by reversing its corresponding data structure. In details, we use a finegrained dynamic taint analysis to monitor the propagation of inputs. By identifying base pointers for each input byte, we could reverse data structures and conversely identify fields based on their referencing data structures. We construct several experiments to evaluate the effectiveness. Experiment results show that our approach could effectively reverse precise input formats, and provide unique benefits to two representative security applications, exploit diagnosis and malware analysis.

Hardware Accelerator to Detect Multi-Segment Virus Patterns

Multi-segment pattern is a common virus structure, and there are 2229 multi-segment patterns in the ClamAV virus database version 54. We observe that (i) the pattern set contains over 100 nondistinctive short segments, e.g. 2 bytes of zero; (ii) some of the 2-byte segments can appear many times in one or more patterns; (iii) some patterns contain a large number of 2-byte segments; (iv) many short segments are substrings/suffixes of other longer segments; and (v) adjacent segments may contain overlapping bytes. The aforementioned properties pose great difficulties to the conventional detection methods. Instead of viewing the virus signature as a byte sequence, we regard the pattern to be composed of a sequence of tokens, where each token corresponds to a segment. We transform the input byte stream into a token stream. The detection engine will then process the token stream to determine if any virus signatures can be found. Our detection method for the 2229 multi-segment patterns can be implemented on a field programmable gate array (FPGA) using 290KB on-chip memory. The device can operate at 170MHz and it can process 1 byte per cycle. The processing architecture is memory based. When the pattern set is updated, the FPGA need not be reconfigured.

Fault Rate Analysis: Breaking Masked AES Hardware Implementations Efficiently

In 2011, Li presented clockwise collision analysis on nonprotected Advanced Encryption Standard (AES) hardware implementation. In this brief, we first propose a new clockwise collision attack, called fault rate analysis (FRA), on masked AES. Then, we analyze the critical and noncritical paths of the S-box and find that, for its three input bytes, namely, the input value, the input mask, and the output mask, the path relating to the output mask is much shorter than those relating to the other two inputs. Therefore, some sophisticated glitch cycles can be chosen such that the values in the critical path of the whole S-box are destroyed but this short path is not affected. As a result, the output mask does not offer protection to the S-box, which leads to a more efficient attack. Compared with three attacks on masking countermeasures at the Workshop on Cryptographic Hardware and Embedded Systems 2010 and 2011, our method only costs about 8% of their time and 4% of their storage space.

TCAM-based NFA implementation

Regular expression matching as the core packet inspection engine of network systems has long been striving to be both fast in matching speed (like DFA) and scalable in storage space (like NFA). Recently, ternary content addressable memory (TCAM) has been investigated as a promising way out, by implementing DFA using TCAM for regular express matching. In this paper, we present the first method for implementing NFA using TCAM. Through proper TCAM encoding, our method matches each input byte with one single TCAM lookup --- operating at precisely the same speed as DFA, while using a number of TCAM entries that can be close to NFA size. These properties make our method an important step along a new path --- TCAM-based NFA implementation --- towards the long-standing goal of fast and scalable regular expression matching.

Implications of Executing Compression and Encryption Applications on General Purpose Processors

Compression and encryption applications are important components of modern multimedia workloads. These workloads are typically executed on application specific integrated circuits (ASICs), application specific processors (ASPs), or general purpose processors (GPPs). GPPs are flexible and allow changes in the applications and algorithms better than ASICs and ASPs. However, executing these applications on GPPs is done at a high cost. In this paper, we analyze media compression and encryption applications from the perspective of executing them on a programmable general purpose processor versus ASPs. We select 12 programs from various types of compression and encryption applications. The instruction mix, data types of memory operations, and memory access workloads during the execution of these programs are analyzed. Most of these applications involve processing the data through execution phases (e.g., quantization, encoding, etc.) and temporary results are stored and retrieved between these phases. A metric called overhead memory-access bandwidth per input and output byte is defined to characterize the temporary storage and retrieval of data during execution. We observe that more than 90 percent of the memory accesses made by these programs are temporary data stores and loads arising from the general purpose nature of the execution platform. We also verify the robustness of the proposed metric on different experimental environments using various input data properties and compiler optimizations.