Nesnelerin İnternetinde Çok Katmanlı Algılayıcı Kullanarak Zamanlama Analizi Saldırısı ile Özel Anahtar Tahminlemesi
Year 2021,
, 385 - 390, 20.10.2021
Muhammed Saadetdin Kaya
,
Kenan İnce
Abstract
Doğrudan kaynağa erişim olmasa bile, gizlenmek istenen veriler hakkında bilgi sahibi olunmasını sağlayan yan kanal saldırılarından biri olan Zamanlama Analizi Saldırıları; bir işlemin veya algoritmanın farklı şartlar altında harcadığı sürelerin yorumlanmasıyla, sistem hakkında bilgi edinmeyi amaçlayan bir saldırı türüdür. Bu çalışmada, belirlenmiş bir senaryodaki özel anahtarın zamanlama analizi yöntemiyle Çok Katmanlı Algılayıcı (MLP – Multilayer Perceptron) kullanılarak sistem analiz edilmiştir. Analiz sonucunda zamanlama bilgisi kullanılarak gizli anahtarın tahminlenmesi amaçlanmıştır. Yapılan çalışma sonucunda sunulan yöntemle, %95’in üzerinde doğruluk oranına sahip bir şekilde gizli anahtar tahminlenmiş olup, Nesnelerin İnterneti (IoT – Internet of Things) alanında zamanlama analizi saldırılarının ciddi bir tehdit oluşturabileceği ortaya koyulmuştur.
Supporting Institution
İnönü Üniversitesi
Project Number
FBG-2020-2143
Thanks
Bu çalışma, İnönü Üniversitesi Bilimsel Araştırma Projeleri Bölümü'nün (BAPB) FBG-2020-2143 sayılı projesi ile desteklenmiştir. Yazar, değerli geri bildirimleri için İnönü Üniversitesi BAPB’ye teşekkür eder.
References
- Kocher, P. C. (1996, August). Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Annual International Cryptology Conference (pp. 104-113). Springer, Berlin, Heidelberg.
- Janke, M., & Laackmann, P. (2002). Power and timing analysis attacks against security controllers. Infineon Technologies AG, Technology Update, Smart Cards.
- Anderson, R., & Kuhn, M. (1996, November). Tamper resistance-a cautionary note. In Proceedings of the second Usenix workshop on electronic commerce (Vol. 2, pp. 1-11).
- Ordu, L., & Yalçın, S. B. Ö. (2016, December) Yan-Kanal Analizi Saldırılarına Genel Bakış.
- Öztemel, E. (2003). Yapay sinir ağlari. PapatyaYayincilik, Istanbul.
- Libbrecht, M. W., & Noble, W. S. (2015). Machine learning applications in genetics and genomics. Nature Reviews Genetics, 16(6), 321-332.
- Kourou, K., Exarchos, T. P., Exarchos, K. P., Karamouzis, M. V., & Fotiadis, D. I. (2015). Machine learning applications in cancer prognosis and prediction. Computational and structural biotechnology journal, 13, 8-17.
- Vovk, V., Gammerman, A., & Saunders, C. (1999). Machine-learning applications of algorithmic randomness.
- Gardner, M. W., & Dorling, S. R. (1998). Artificial neural networks (the multilayer perceptron)—a review of applications in the atmospheric sciences. Atmospheric environment, 32(14-15), 2627-2636.
- Isa, N. A. M., & Mamat, W. M. F. W. (2011). Clustered-hybrid multilayer perceptron network for pattern recognition application. Applied Soft Computing, 11(1), 1457-1466.
- Hontoria, L., Aguilera, J., & Zufiria, P. (2005). An application of the multilayer perceptron: solar radiation maps in Spain. Solar energy, 79(5), 523-530.
- Teoh, T. T., Chiew, G., Franco, E. J., Ng, P. C., Benjamin, M. P., & Goh, Y. J. (2018, July). Anomaly detection in cyber security attacks on networks using MLP deep learning. In 2018 International Conference on Smart Computing and Electronic Enterprise (ICSCEE) (pp. 1-5). IEEE.
- Ben Fredj, O., Mihoub, A., Krichen, M., Cheikhrouhou, O., & Derhab, A. (2020, November). CyberSecurity attack prediction: a deep learning approach. In 13th International Conference on Security of Information and Networks (pp. 1-6).
- Aseeri, A. O., Zhuang, Y., & Alkatheiri, M. S. (2018, July). A machine learning-based security vulnerability study on xor pufs for resource-constraint internet of things. In 2018 IEEE International Congress on Internet of Things (ICIOT) (pp. 49-56). IEEE.
- Anitha, A. A., & Arockiam, L. (2019). ANNIDS: artificial neural network based intrusion detection system for Internet of Things. Int. J. Innov. Technol. Explor. Eng. Regul, (2019), 8.
- Liu, C., Yang, J., Chen, R., Zhang, Y., & Zeng, J. (2011, July). Research on immunity-based intrusion detection technology for the Internet of Things. In 2011 Seventh International Conference on Natural Computation (Vol. 1, pp. 212-216). IEEE.
- Ullah, F., Naeem, H., Jabbar, S., Khalid, S., Latif, M. A., Al-Turjman, F., & Mostarda, L. (2019). Cyber security threats detection in internet of things using deep learning approach. IEEE Access, 7, 124379-124389.
- Zarpelão, B. B., Miani, R. S., Kawakani, C. T., & de Alvarenga, S. C. (2017). A survey of intrusion detection in Internet of Things. Journal of Network and Computer Applications, 84, 25-37.
Timing Analysis Attack For Private Key Prediction Using Multilayer Perceptron in IoT
Year 2021,
, 385 - 390, 20.10.2021
Muhammed Saadetdin Kaya
,
Kenan İnce
Abstract
Timing Analysis Attacks are one of the side channel attacks that allows to be informed about the data that is wanted to be hidden, even if there is no direct access to the source. It is a type of attack aimed at learning about the system by interpreting the amount of time that a process of algorithm spends under different circumstances. In this study, the system was analyzed using a multilayer sensor (MLP – Multilayer Perceptron) by timing analysis of the private key in a specified scenario. As a result of the analysis, it is aimed to estimate the secret key using timing information. As a result of the analysis, it is aimed to estimate the secret key using timing information. As a result of the study, the secret key was estimated with an accuracy rate of more than 95% and it was revealed that timing analysis attacks could pose a serious threat in the Internet of Things (IoT) area.
Project Number
FBG-2020-2143
References
- Kocher, P. C. (1996, August). Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In Annual International Cryptology Conference (pp. 104-113). Springer, Berlin, Heidelberg.
- Janke, M., & Laackmann, P. (2002). Power and timing analysis attacks against security controllers. Infineon Technologies AG, Technology Update, Smart Cards.
- Anderson, R., & Kuhn, M. (1996, November). Tamper resistance-a cautionary note. In Proceedings of the second Usenix workshop on electronic commerce (Vol. 2, pp. 1-11).
- Ordu, L., & Yalçın, S. B. Ö. (2016, December) Yan-Kanal Analizi Saldırılarına Genel Bakış.
- Öztemel, E. (2003). Yapay sinir ağlari. PapatyaYayincilik, Istanbul.
- Libbrecht, M. W., & Noble, W. S. (2015). Machine learning applications in genetics and genomics. Nature Reviews Genetics, 16(6), 321-332.
- Kourou, K., Exarchos, T. P., Exarchos, K. P., Karamouzis, M. V., & Fotiadis, D. I. (2015). Machine learning applications in cancer prognosis and prediction. Computational and structural biotechnology journal, 13, 8-17.
- Vovk, V., Gammerman, A., & Saunders, C. (1999). Machine-learning applications of algorithmic randomness.
- Gardner, M. W., & Dorling, S. R. (1998). Artificial neural networks (the multilayer perceptron)—a review of applications in the atmospheric sciences. Atmospheric environment, 32(14-15), 2627-2636.
- Isa, N. A. M., & Mamat, W. M. F. W. (2011). Clustered-hybrid multilayer perceptron network for pattern recognition application. Applied Soft Computing, 11(1), 1457-1466.
- Hontoria, L., Aguilera, J., & Zufiria, P. (2005). An application of the multilayer perceptron: solar radiation maps in Spain. Solar energy, 79(5), 523-530.
- Teoh, T. T., Chiew, G., Franco, E. J., Ng, P. C., Benjamin, M. P., & Goh, Y. J. (2018, July). Anomaly detection in cyber security attacks on networks using MLP deep learning. In 2018 International Conference on Smart Computing and Electronic Enterprise (ICSCEE) (pp. 1-5). IEEE.
- Ben Fredj, O., Mihoub, A., Krichen, M., Cheikhrouhou, O., & Derhab, A. (2020, November). CyberSecurity attack prediction: a deep learning approach. In 13th International Conference on Security of Information and Networks (pp. 1-6).
- Aseeri, A. O., Zhuang, Y., & Alkatheiri, M. S. (2018, July). A machine learning-based security vulnerability study on xor pufs for resource-constraint internet of things. In 2018 IEEE International Congress on Internet of Things (ICIOT) (pp. 49-56). IEEE.
- Anitha, A. A., & Arockiam, L. (2019). ANNIDS: artificial neural network based intrusion detection system for Internet of Things. Int. J. Innov. Technol. Explor. Eng. Regul, (2019), 8.
- Liu, C., Yang, J., Chen, R., Zhang, Y., & Zeng, J. (2011, July). Research on immunity-based intrusion detection technology for the Internet of Things. In 2011 Seventh International Conference on Natural Computation (Vol. 1, pp. 212-216). IEEE.
- Ullah, F., Naeem, H., Jabbar, S., Khalid, S., Latif, M. A., Al-Turjman, F., & Mostarda, L. (2019). Cyber security threats detection in internet of things using deep learning approach. IEEE Access, 7, 124379-124389.
- Zarpelão, B. B., Miani, R. S., Kawakani, C. T., & de Alvarenga, S. C. (2017). A survey of intrusion detection in Internet of Things. Journal of Network and Computer Applications, 84, 25-37.