直播預告 · CDN Security & FPGA Security Research - Week 18

上周因為設備故障沒有成功直播，非常抱歉，後期會補上相關的論文分享。第十八周直播，也是本學期的倒數第二次直播了，歡迎關注~

小廣告：1月13日（周六）8:30-12:00，InForSec網安國際論壇學術與產業清華對話 將於清華大學FIT樓多功能廳舉行，屆時將有陳浩（UCD）、黃正（百度）、潘劍鋒（360）、南雨宏（復旦）等多位業界與學術界嘉賓帶來精彩分享，屆時也將在www.edu.cn/live 教育網進行同步直播，歡迎各位關注！

時間: 2018-1-11, 14:00-16:00

鏈接: https://www.douyu.com/nisllive

CDN-on-Demand: An Affordable DDoS Defense via Untrusted Clouds

• Source: NDSS 2016
• Author: Yossi Gilad(The Hebrew University of Jerusalem), etc
• Sharer: 靳子豪
• Link：https://pdfs.semanticscholar.org/a8ea/dd9da04bda03c172186d243b7fcbf425fd34.pdf

Abstract: We present CDN-on-Demand, a software-based defense that administrators of small to medium websites install to resist powerful DDoS attacks, with a fraction of the cost of comparable commercial CDN services. Upon excessive load, CDNon-Demand serves clients from a scalable set of proxies that it automatically deploys on multiple IaaS cloud providers. CDN-onDemand can use less expensive and less trusted clouds to minimize costs. This is facilitated by the clientless secure-objects, which is a new mechanism we present. This mechanism avoids trusting the hosts with private keys or user-data, yet does not require installing new client programs. CDN-on-Demand also introduces the origin-connectivity mechanism, which ensures that essential communication with the content-origin is possible, even in case of severe DoS attacks.

A critical feature of CDN-on-Demand is in facilitating easy deployment. We introduce the origin-gateway module, which deploys CDN-on-Demand automatically and transparently, i.e., without introducing changes to web-server configuration or website content. We implement CDN-on-Demand and evaluate each component separately as well as the complete system.

On the Power of Optical Contactless Probing: Attacking Bitstream Encryption of FPGAs

• Source: CCS 2017
• Author: Shahin Tajik(TU Berlin), etc
• Sharer: 岳力 (@ScoutEx)
• Link: Cryptology ePrint Archive: Report 2017/822

Abstract: Modern Integrated Circuits (ICs) employ several classes of countermeasures to mitigate physical attacks. Recently, a powerful semi-invasive attack relying on optical contactless probing has been introduced, which can assist the attacker in circumventing the integrated countermeasures and probe the secret data on a chip. This attack can be mounted using IC debug tools from the backside of the chip. The first published attack based on this technique was conducted against a proof-of-concept hardware implementation on a Field Programmable Gate Array (FPGA). Therefore, the success of optical probing techniques against a real commercial device without any knowledge of the hardware implementation is still questionable. The aim of this work is to assess the threat of optical contactless probing in a real attack scenario. To this end, we conduct an optical probing attack against the bitstream encryption feature of a common FPGA.

We demonstrate that the adversary is able to extract the plaintext data containing sensitive design information and intellectual property (IP). In contrast to previous optical attacks from the IC backside, our attack does not require any device preparation or silicon polishing, which makes it a non-invasive attack. Additionally, we debunk the myth that small technology sizes are unsusceptible to optical attacks, as we use an optical resolution of about 1 um to successfully attack a 28 nm device. Based on our time measurements, an attacker needs less than 10 working days to conduct the optical analysis and reverse-engineer the security-related parts of the hardware. Finally, we propose and discuss potential countermeasures, which could make the attack more challenging.

推薦閱讀：