Dawu Gu’s research while affiliated with Shanghai Jiao Tong University and other places

What is this page?


This page lists works of an author who doesn't have a ResearchGate profile or hasn't added the works to their profile yet. It is automatically generated from public (personal) data to further our legitimate goal of comprehensive and accurate scientific recordkeeping. If you are this author and want this page removed, please let us know.

Publications (338)


Trace Copilot: Automatically Locating Cryptographic Operations in Side-Channel Traces by Firmware Binary Instrumenting
  • Article
  • Full-text available

December 2024

·

12 Reads

IACR Transactions on Cryptographic Hardware and Embedded Systems

Shipei Qu

·

Yuxuan Wang

·

Jintong Yu

·

[...]

·

Dawu Gu

A common assumption in side-channel analysis is that the attacker knows the cryptographic algorithm implementation of the victim. However, many labsetting studies implicitly extend this assumption to the knowledge of the source code, by inserting triggers to measure, locate or align the Cryptographic Operations (CO) in the trace. For real-world attacks, the source code is typically unavailable, which poses a challenge for locating the COs thus reducing the effectiveness of many methods. In contrast, obtaining the (partial) binary firmware is more prevalent in practical attacks on embedded devices. While binary code theoretically encapsulates necessary information for side-channel attacks on software-implemented cryptographic algorithms, there is no systematic study on leveraging this information to facilitate side-channel analysis. This paper introduces a novel and general framework that utilizes binary information for the automated locating of COs on side-channel traces. We first present a mechanism that maps the execution flow of binary instructions onto the corresponding side-channel trace through a tailored static binary instrumentation process, thereby transforming the challenge of locating COs into one of tracing cryptographic code execution within the binary. For the latter, we propose a method to retrieve binary instruction addresses that are equivalent to the segmenting boundaries of the COs within side-channel traces. By identifying the mapping points of these instructions on the trace, we can obtain accurate segmentation labeling for the sidechannel data. Further, by employing the well-labeled side-channel segments obtained on a profiling device, we can readily identify the locations of COs within traces collected from un-controllable target devices. We evaluate our approach on various devices and cryptographic software, including a real-world secure boot program. The results demonstrate the effectiveness of our method, which can automatically locate typical COs, such as AES or ECDSA, in raw traces using only the binary firmware and a profiling device. Comparison experiments indicate that our method outperforms existing techniques in handling noisy or jittery traces and scales better to complex COs. Performance evaluation confirms that the runtime and storage overheads of the proposed approach are practical for real-world deployment.

Download


Fig. 4: Performance evaluation of extra lookaside buffer
RISecure-PUF: Multipurpose PUF-Driven Security Extensions with Lookaside Buffer in RISC-V

November 2024

·

6 Reads

RISC-V's limited security features hinder its use in confidential computing and heterogeneous platforms. This paper introduces RISecure-PUF, a security extension utilizing existing Physical Unclonable Functions for key generation and secure protocol purposes. A one-way hash function is integrated to ensure provable security against modeling attacks, while a lookaside buffer accelerates batch sampling and minimizes reliance on error correction codes. Implemented on the Genesys 2 FPGA, RISecure-PUF improves at least 2.72×2.72\times in batch scenarios with negligible hardware overhead and a maximum performance reduction of 10.7%10.7\%, enabled by reusing the hash function module in integrated environments such as cryptographic engines.


Fig. 2: IR of the uninit options function compiled with O0 and O3, and our ways to slice the instructions, corresponding to the computational contents in the same color.
Fig. 3: Example of our graph representation, consisting of four types of flow: 1 ⃝ Sequential flow, 2 ⃝ Data parallel flow, 3 ⃝ Data dependence flow and 4 ⃝ Jump flow.
Fig. 6: Siamese neural network for fine-tuning RoBERTa model on similar slices with identical computation contents but different syntax.
Fig. 11: Visualization of attention coefficients between a pair of similar functions during inference. The intensity and thickness of the line correspond to the attention coefficient, with darker and thicker lines indicating a higher degree of similarity between the connected slices.
StrTune: Data Dependence-based Code Slicing for Binary Similarity Detection with Fine-tuned Representation

November 2024

·

19 Reads

Binary Code Similarity Detection (BCSD) is significant for software security as it can address binary tasks such as malicious code snippets identification and binary patch analysis by comparing code patterns. Recently, there has been a growing focus on artificial intelligence-based approaches in BCSD due to their scalability and generalization. Because binaries are compiled with different compilation configurations, existing approaches still face notable limitations when comparing binary similarity. First, BCSD requires analysis on code behavior, and existing work claims to extract semantic, but actually still makes analysis in terms of syntax. Second, directly extracting features from assembly sequences, existing work cannot address the issues of instruction reordering and different syntax expressions caused by various compilation configurations. In this paper, we propose StrTune, which slices binary code based on data dependence and perform slice-level fine-tuning. To address the first limitation, StrTune performs backward slicing based on data dependence to capture how a value is computed along the execution. Each slice reflects the collecting semantics of the code, which is stable across different compilation configurations. StrTune introduces flow types to emphasize the independence of computations between slices, forming a graph representation. To overcome the second limitation, based on slices corresponding to the same value computation but having different syntax representation, StrTune utilizes a Siamese Network to fine-tune such pairs, making their representations closer in the feature space.



Enabling Authorized Fine-Grained Data Retrieval Over Aggregated Encrypted Medical Data in Cloud-Assisted E-Health Systems

October 2024

·

3 Reads

IEEE Transactions on Cloud Computing

Encrypted medical data outsourced to cloud servers can be used for personal health certification, health monitoring, and medical research. These data are essential to support the development of the medical industry. However, the traditional peer-to-peer data-sharing paradigm can lead to data abuse by malicious data analysis centers. Moreover, the encryption used to protect users' outsourced privacy restricts the flexibility of data retrieval. Based on the modified double trapdoor cryptosystem, we propose an authorized data retrieval scheme over aggregated encrypted medical data (ADR-AED) in cloud-assisted e-healthcare systems. In ADR-AED, patients can access and decrypt personal data and authorize the data analysis center (DAC) to retrieve corresponding data. Specifically, we design an authorized retrieval-test mechanism for a group of patients to DAC. This allows DAC to extract valuable information from a threshold number of authorized users. Additionally, each patient can flexibly retrieve finegrained medical data in different periods and submit them to a doctor for diagnostic analysis. The security analysis and performance evaluation demonstrate the feasibility of ADRAED in the deployment of cloud-assisted e-healthcare systems



Optimized Hardware-Software Co-Design for Kyber and Dilithium on RISC-V SoC FPGA

July 2024

·

6 Reads

·

2 Citations

IACR Transactions on Cryptographic Hardware and Embedded Systems

Kyber and Dilithium are both lattice-based post-quantum cryptography (PQC) algorithms that have been selected for standardization by the American National Institute of Standards and Technology (NIST). NIST recommends them as two primary algorithms to be implemented for most use cases. As the applications of RISC-V processors move from specialized scenarios to general scenarios, efficient implementations of PQC algorithms on general-purpose RISC-V platforms are required. In this work, we present an optimized hardware-software co-design for Kyber and Dilithium on the industry’s first RISC-V System-on-Chip (SoC) Field Programmable Gate Array (FPGA) platform. The performance of both algorithms is enhanced through the utilization of hardware acceleration and software optimization, while a certain level of flexibility is still maintained. The polynomial arithmetic operations in Kyber and Dilithium are accelerated by the customized accelerators. We employ a unified high-level architecture to depict their shared characteristics and design dedicated underlying modular multipliers to explore their distinctive features. The hashing functions are optimized using RISC-V assembly instructions, resulting in improved performance and reduced code size without additional hardware resources. For other operations involving matrices and vectors, we present a multi-core acceleration scheme based on the multi-core RISC-V Microprocessor Sub-System (MSS). Combining these acceleration and optimization methods, experimental results show that the overall performance of Kyber and Dilithium across different security levels improves by 3 to 5 times, while the utilized FPGA resources account for less than 5% of the total resources provided by the platform.




Citations (56)


... Their results suggest that Falcon and CRYSTALS-Kyber offer a promising combination for securing WSNs, though other combinations may outperform them depending on applicationspecific factors. Current research trends in PQC have focused on optimizing lattice-based algorithms through hardware-software co-design, utilizing hardware acceleration on RISC-V platforms [24], [25]. ...

Reference:

Integrating Post-Quantum Cryptography and Blockchain to Secure Low-Cost IoT Devices
Optimized Hardware-Software Co-Design for Kyber and Dilithium on RISC-V SoC FPGA

IACR Transactions on Cryptographic Hardware and Embedded Systems

... A promising approach is to patch the firmware directly to inject the signals for synchronization as in the source code, and the techniques for directly modifying binary code logic are often referred to as binary instrumenting or rewriting [SHC20,DBMP23,QZZG23]. Applying such an approach requires answering two questions: 1) where to inject the code for accurate CO locating within the side-channel trace, and 2) what code to inject to efficiently bring the information in binary code analysis into side-channel analysis. ...

Trapped by Your WORDs: (Ab)using Processor Exception for Generic Binary Instrumentation on Bare-metal Embedded Devices
  • Citing Conference Paper
  • November 2024

... It achieves better efficiency for certain types of computation that map well to R1CS (addition gates do not contribute to R1CS's complexity). Some other works [87][88][89][90] add more features to the zk-SNARK in this category like updatable setup and accelerators. PIOP with inner-product argument (IPA). ...

Efficient KZG-Based Univariate Sum-Check and Lookup Argument
  • Citing Conference Paper
  • April 2024

Lecture Notes in Computer Science

... Oh et al (2022) reduce PWA (progressive web application) attack surface by blocking unnecessary web APIs, employing record-and-replay web API profiling to identify needed web APIs and eliminating unnecessary entries through compiler-assisted debloating in the browser. Wang et al (2023) developed the HODOR tool to minimize the attack surface of Node.js applications with the goal of strengthening security against arbitrary code execution vulnerabilities. They construct call graphs for Node.js ...

HODOR: Shrinking Attack Surface on Node.js via System Call Limitation
  • Citing Conference Paper
  • November 2023

... This poses a challenge to sender performance in large networks due to the risk of deadlock from failure to coordinate with other requests. Existing PCH schemes [6], [7], [14]- [17] inherit the Lightning Network [4] -Onion routing Raidon [5], Flare [9] -Onion routing Sprites (FC '19) [10] --REVIVE (CCS '17) [11] --Spider (NSDI '20) [12] -Onion routing Flash (CoNEXT '19) [13] --TumbleBit (NDSS '17) [6], A 2 L (S&P '21) [7] Fixed Standard RSA assumption and ECDSA unforgeability BlindHub (S&P '23) [14], Accio (CCS '23) [15] Blind/randomizable signatures Perun (S&P '19) [16], Commit-Chains [17] -Teechan [18], Speedster (AsiaCCS '22) [19] -TEE-enabled for all nodes Teechain (SOSP '19) [20] -TEE-enabled for all nodes RouTEE [21], SORTEE [22] TEE-enabled single PCH /set of service nodes Splicer (ICDCS '23) [1] Standard RSA assumption Splicer + (This work) TEE-enabled multi-PCHs * indicates that the scheme implements the property; while that it does not; and indicates that the scheme provides part of this property. 1 The column "Optimal hub placement" only considers schemes that use PCH; 2 The last column only considers dependencies on schemes with privacy protection. ...

Accio: Variable-Amount, Optimized-Unlinkable and NIZK-Free Off-Chain Payments via Hubs
  • Citing Conference Paper
  • November 2023

... Weak PUFs are typically used for trusted key generation in cryptographic engines [8], while strong PUFs are utilized for lightweight authentication protocols [9]. In recent years, research has increasingly focused on employing strong PUFs in advanced security protocols, such as key agreement [10], [11], authenticated encryption [12] and even PKI [13], further expanding the potential applications of PUF technology. With the emerging research that leverage PUFs for enhanced security, it is evident that the RISC-V architecture could benefit from a dual approach, integrating secure key generation functionalities alongside support for secure protocol implementation. ...

Old School, New Primitive: Towards Scalable PUF-based Authenticated Encryption Scheme in IoT
  • Citing Article
  • December 2023

IEEE Transactions on Computer-Aided Design of Integrated Circuits and Systems

... For the convenience of explanation, we take V M U 1 as an illustration. We consider that the Certificate Authority (CA) and RSUs are trusted entities in line with the assumption in [8], [9]. The CA maintained by government agencies first generates a specific number of pseudonyms and allocates them to RSUs in the form of pseudonym sets [4], [10]. ...

Enabling Fast and Privacy-Preserving Broadcast Authentication With Efficient Revocation for Inter-Vehicle Connections
  • Citing Article
  • January 2023

IEEE Transactions on Mobile Computing

... Now, AKE protocols have been widely deployed on the Internet to achieve the functions of confidentiality, integrity and authentication. Currently, several types of commonly used AKE protocols include the passwordbased authenticated key exchange (PAKE) protocols such as [2,11,13,18] et al., the certificate-based AKE protocols such as HMQV [8], TLS 1.3 [15] and the protocols in [7] et al., and the identity-based AKE protocols such as [4,10,17] et al. ...

EKE Meets Tight Security in the Universally Composable Framework
  • Citing Chapter
  • May 2023

Lecture Notes in Computer Science

... Here, A ↩ UðZ m×n q Þ: , U ↩ UðZ m×k q Þ: , and S ↩ χ n×k and E ↩ χ m×k are sampled independently. A tighter 6 IET Information Security reduction is presented in [29]. For simplicity, we use Multi-LWE k n; q; m; χ to denote corresponding multisecret LWE problem. ...

Almost Tight Multi-user Security Under Adaptive Corruptions & Leakages in the Standard Model
  • Citing Chapter
  • April 2023

Lecture Notes in Computer Science

... Essentially, it's a network of autonomous devices spread out across a geographic area that work together to keep tabs on various physical or environmental factors. Security measures are necessary to guarantee the authenticity and privacy of sensitive data in WSNs since these networks might function in potentially dangerous environments [6]. Although it differs significantly from more conventional security mechanisms, WSN security is an essential area of study. ...

Statistical Differential Fault Analysis of the Saturnin Lightweight Cryptosystem in the Mobile Wireless Sensor Networks
  • Citing Article
  • January 2023

IEEE Transactions on Information Forensics and Security