Securing the web against frequent cyber attacks is a big concern as attackers usually intend to snitch private information, financial information, deface and damages websites to prove their hacking capabilities. This type of vandalism may drive many corporations that conduct their business through the web to suffer financial and reputation damages. One of the most dangerous cyber attacks is the...

Encryption is often employed to protect sensitive information stored in memory and storage. It is the most powerful countermeasure against data breach, but it has performance overhead. As a low-cost alternative to encryption, an access-control memory (ACM) has been introduced, which integrates an access-control mechanism with memory. While ACM minimizes the performance overhead of encryption, i...

The Advanced Encryption Standard (AES) algorithm has been widely used to secure communication systems. However, the encryption algorithm is vulnerable to fault injection attacks and various attack methods have been studied. Some methods are just proposed in theory and have not been validated in practice. In this paper, we actualize a fault injection attack on an FPGA AES implementation. We prop...

We present Spectrogram, a machine learning based statistical anomaly detection (AD) sensor for defense against web-layer code-injection attacks. These attacks include PHP file inclusion, SQL-injection and cross-sitescripting; memory-layer exploits such as buffer overflows are addressed as well. Statistical AD sensors offer the advantage of being driven by the data that is being protected and no...

The goal of a fault injection attack is to extract a secret key which is embedded in a cryptographic device by injecting a fault during execution of the algorithm. In particular, an attacker can extract the master key of the advanced encryption standard (AES) using only a one-byte fault injection. We propose a new countermeasure method resistant to fault injection attacks by checking the differ...

A fault is a defect in a program, usually difficult to pinpoint .A faults may occur at single points or distributed points. In software testing, fault injection is a technique of introducing faults into the code for improving the coverage and usually used with stress testing for robustness of the developed software. When the fault-tolerance mechanisms detect an error, they may initiate several ...

The new at-speed on-line IDDQ testing method is based upon the properties of a special class of security circuits. These circuits implement dual-rail encoding and return-to-spacer protocol, where the spacer is either all-zeroes or all-ones. The alternating spacers of different polarity guarantee that all wires switch once within each clock cycle, thus making energy consumed within a clock cycle...