Supervisory Control and Data Acquisition (SCADA) systems that operate our critical infrastructures are subject to increased cyber attacks. Due to the use of request-response communication in polling, SCADA traffic exhibits stable and predictable communication patterns. This paper provides a timing-based anomaly detection system that uses the statistical attributes of the communication patterns....

In this paper, we develop a model for the timing and deterrence of terrorist attacks due to exogenous dynamics. The defender moves first and the attacker second in a two-stage game which is repeated over T periods. We study the effects of dynamics of several critical components of counter-terrorism games, including the unit defence costs (eg, immediately after an attack, the defender would easi...

As a countermeasure against the famous Bleichenbacher attack on RSA based ciphersuites, all TLS RFCs starting from RFC 2246 (TLS 1.0) propose “to treat incorrectly formatted messages in a manner indistinguishable from correctly formatted RSA blocks”. In this paper we show that this objective has not been achieved yet (cf. Table 1): We present four new Bleichenbacher side channels, and three suc...

We propose efficient algorithms and formulas that improve the performance of side-channel protected elliptic curve computations, with special focus on scalar multiplication exploiting the GallantLambert-Vanstone (CRYPTO 2001) and Galbraith-Lin-Scott (EUROCRYPT 2009) methods. Firstly, by adapting Feng et al.’s recoding to the GLV setting, we derive new regular algorithms for variable-base scalar...

This research focuses on the performance and timing behavior of a two level survivability architecture. The lower level of the architecture involves attack analysis based on kernel attack signatures and survivability handlers. Higher level survivability mechanisms are implemented using migratory autonomous agents. The potential for fast response to, and recovery from, malicious attacks is the m...

In any side-channel attack, it is desirable to exploit all the available leakage data compute distinguisher’s values. The profiling phase essential obtain an accurate model, yet may not be exhaustive. As a result, information theoretic distinguishers come up on previously unseen data, phenomenon yielding empty bins. A strict application of maximum likelihood method yields distinguisher that eve...

Security in passive resource-constrained Radio Frequency Identification (RFID) tags is of much interest nowadays. Supply-chain, inventory management are the areas where low-cost and secure batchmode authentication of RFID tags is required. Resistance against illegal tracking, cloning, timing, and replay attacks are necessary for a secure RFID authentication scheme. Reader authentication is also...

this study aims to better understand the effect of practice schedule and feedback providing types. in two separate experiments the contextual interference effect in bandwidth and self-control feedback conditions on relative and absolute timing learning was examined. in experiment i, the effect of contextual interference using bandwidth and self-control feedback on absolute timing learning (para...

This paper introduces a new class of optical fault injection attacks called bumping attacks. These attacks are aimed at data extraction from secure embedded memory, which usually stores critical parts of algorithms, sensitive data and cryptographic keys. As a security measure, read-back access to the memory is not implemented leaving only authentication and verification options for integrity ch...