I am a Ph.D. candidate working with Prof. Bernard Menezes and Prof. G. Sivakumar at Department of Computer science and engineering, IIT Bombay. I hold a M.Tech (2012) and B.E. (2009) in Computer Science and Engineering from Defence Institute of Advanced Technology (DU), Pune and Anna University Chennai respectively. I joined IIT Bombay in 2013 and expecting to complete my doctorate by the end of 2018. I am part of Information Security Research and Development Center (ISRDC) in IIT Bombay.
The software implementation of AES is an especially attractive target for cache-based side channel attacks on AES since it makes extensive use of cache-resident table look-ups. Modern processors employ hardware prefetching to reduce memory latency (cache lines are fetched in anticipation of their future use). This greatly complicates access-driven attacks since they are unable to distinguish between a line fetched on demand versus one prefetched and not subsequently used during a run of a victim running AES. Our multi-threaded spy code and key retrieval algorithms are designed to succeed even in the presence of prefetching albeit at the cost of requiring more blocks of ciphertext.
We demonstrate through implementations on real machines corroborated by analytical models that, with probability 95%, we can recover the AES key using 25 blocks of ciphertext in the presence of prefetching and, stunningly, a mere 3-5 blocks with prefetching disabled. Moreover, our implementation is error-tolerant and also succeeds on the i3/i5/i7 processors which are equipped with highly aggressive prefetchers. Currently, we are working on Intel Software Guard Extension (SGX) which provides protected areas of execution in memory as a prevention against side channel attacks.
Wikipedia Excerpt on our work: "In March 2016, Ashokkumar C., Ravi Prakash Giri and Bernard Menezes pre-
sented a very efficient side-channel attack on AES that can recover the complete 128-bit AES key . . . ",
A mini Cloud (IaaS) has been implemented using OpenStack. It provides Infrastructure as a Service along with Storage as a Service (S3 like service). As a part of an enhanced mutual authentication scheme was proposed. The scheme uses two way handshake between cloud server and user and withstands various known attacks.
The objective of this R&D project was perform a detailed IO performance comparison of physical system, local storage VM and shared storage VM. It was concluded that in most of the cases the local storage performed better than shared storage though in random read/write IO not much difference in the performance was observed.