linear biases in aegis keystream
play

Linear Biases in AEGIS Keystream Brice Minaud ANSSI, France SAC - PowerPoint PPT Presentation

Nov 26, 2022 •667 likes •1.07k views

Linear Biases in AEGIS Keystream Brice Minaud ANSSI, France SAC August 15, 2014 Plan 1 Blockwise Stream Ciphers 2 Presentation of AEGIS 3 Linear Biases in AEGIS 1/22 Blockwise Stream Ciphers 2/22 Authenticated Encryption Schemes C

  1. Linear Biases in AEGIS Keystream Brice Minaud ANSSI, France SAC – August 15, 2014

  2. Plan 1 Blockwise Stream Ciphers 2 Presentation of AEGIS 3 Linear Biases in AEGIS 1/22

  3. Blockwise Stream Ciphers 2/22

  4. Authenticated Encryption Schemes C i +1 C i P i − 1 P i P i +1 F i F i +1 This requires F − 1 for decryption. i 3/22

  5. Authenticated Encryption Schemes C i +1 C i P i − 1 P i P i +1 F i F i +1 This is malleable. 3/22

  6. Authenticated Encryption Schemes C i +1 C i P i − 1 P i P i +1 P i − 1 P i F i F i +1 P i is inserted into the state after C i is output. 3/22

  7. Blockwise Stream Cipher C i +1 C i P i − 1 P i P i +1 K i +1 P i − 1 P i F i F i +1 A single round behaves like a stream cipher. K i + 1 depends on P i , P i − 1 , . . . but not P i + 1 . 3/22

  8. Blockwise Stream Ciphers in CAESAR Duplex constructions behave in this way. So do many CAESAR candidates. AEGIS, Artemia, Ascon, CBEAM, ICEPOLE, Keyak, Ketje, MORUS, PAES, PANDA, π -Cipher, 2/3 PRIMATEs, STRIBOB, Tiaoxin... 3/22

  9. Keystream Biases C i C i +1 C i +2 P i P i +1 P i +2 K i +1 K i +2 K i P i − 1 P i P i +1 F i F i +1 F i +2 4/22

  10. Keystream Biases C i C i +1 C i +2 P i P i +1 P i +2 K i +1 K i +2 K i P i − 1 P i P i +1 F i F i +1 F i +2 Assume we know, say, P i − 1 , P i , P i + 1 , (e.g. headers). We are interested in P i + 2 . 4/22

  11. Keystream Biases C i C i +1 C i +2 P i P i +1 P i +2 K i +1 K i +2 K i P i − 1 P i P i +1 F i F i +1 F i +2 4/22

  12. Keystream Biases C i C i +1 C i +2 P i P i +1 P i +2 K i +1 K i +2 K i P i − 1 P i P i +1 F i F i +1 F i +2 5/22

  13. Keystream Biases C i C i +1 C i +2 P i P i +1 P i +2 K i +1 K i +2 K i P i − 1 P i P i +1 F i F i +1 F i +2 Assume knowing P i − 1 , P i , P i + 1 , there exists a bias on : α i · K i ⊕ α i + 1 · K i + 1 ⊕ α i + 2 · K i + 2 Then α i · C i ⊕ α i + 1 · C i + 1 ⊕ α i + 2 · C i + 2 gives us information on α i + 2 · P i + 2 . 5/22

  14. Keystream Biases C i C i +1 C i +2 P i P i +1 P i +2 K i +1 K i +2 K i P i − 1 P i P i +1 F i F i +1 F i +2 Thus, if P i − 1 , . . . , P i + 2 is encrypted enough times for the bias on α i · K i ⊕ α i + 1 · K i + 1 ⊕ α i + 2 · K i + 2 to be significant, we recover information on P i + 2 . This type of attack is independent of the key or nonce. It is not considered in most security analyses. 6/22

  15. Keystream Biases C i C i +1 C i +2 P i P i +1 P i +2 K i +1 K i +2 K i P i − 1 P i P i +1 F i F i +1 F i +2 In summary, knowing P i − 1 , P i , P i + 1 , we want to find a bias on : α i · K i ⊕ α i + 1 · K i + 1 ⊕ α i + 2 · K i + 2 We call this a “keystream” bias. 7/22

  16. Our Results on AEGIS Cipher (Single) Keystream Bias Data 2 154 (est. 2 140 ) 2 − 77 AEGIS-128 2 − 89 2 178 AEGIS-256 The data requirements are far below a generic attack. However they are also far above any realistic threat. Above security parameters for AEGIS-128. The biases involve only 3 consecutive rounds, while the size of the inner state is 5 (resp. 6) times the size of the output per round. 8/22

  17. Presentation of AEGIS 9/22

  18. AEGIS AEGIS : authenticated cipher introduced at SAC 2013 by Hongjun Wu and Bart Preneel. CAESAR candidate. AES-NI pipeline ⇒ outstanding speed in software. Simple structure. Already inspired other designs : Tiaoxin, PAES. 10/22

  19. AEGIS Three variants : AEGIS-128, AEGIS-128L, AEGIS-256. AEGIS-128 : 128-bit blocks, 128-bit nonce, 128-bit tag, 128-bit key. AEGIS-256 : 128-bit blocks, 128-bit nonce, 128-bit tag, 256-bit key. Process of AEGIS 1 Initialization. 2 Processing of associated data. 3 Encryption. 4 Finalization and tag generation. 11/22

  20. Round function of AEGIS-128 S i ,0 S i ,1 S i ,2 S i ,3 S i ,4 128 128 128 128 128 R R R R R P i * * S i +1,0 S i +1,1 S i +1,2 S i +1,3 S i +1,4 Inner state : 5 × 128 bits in registers S i , 0 , . . ., S i , 4 . R : one round of AES, no key addition. P i : plaintext block number i . 12/22

  21. Round function of AEGIS-128 S i ,0 S i ,1 S i ,2 S i ,3 S i ,4 128 128 128 128 128 R R R R R P i * * S i +1,0 S i +1,1 S i +1,2 S i +1,3 S i +1,4 Output : C i = S i , 1 ⊕ ( S i , 2 & S i , 3 ) ⊕ S i , 4 ⊕ P i where & denotes bitwise AND . 13/22

  22. Round function of AEGIS-256 S i ,0 S i ,1 S i ,2 S i ,3 S i ,4 S i ,5 128 128 128 128 128 128 R R R R R R P i * * S i +1,0 S i +1,1 S i +1,2 S i +1,3 S i +1,4 S i +1,5 Output : C i = S i , 1 ⊕ ( S i , 2 & S i , 3 ) ⊕ S i , 4 ⊕ S i , 5 ⊕ P i 14/22

  23. Linear Biases in AEGIS 15/22

  24. Output at round i K i = S i , 1 ⊕ ( S i , 2 & S i , 3 ) ⊕ S i , 4 α · K i = α · S i , 1 ⊕ α · ( S i , 2 & S i , 3 ) ⊕ α · S i , 4 16/22

  25. Output at round i K i = S i , 1 ⊕ ( S i , 2 & S i , 3 ) ⊕ S i , 4 α · K i = α · S i , 1 ⊕ α · ( S i , 2 & S i , 3 ) ⊕ α · S i , 4 Lemma If X , Y are n -bit uniformly random variables, the events : α · ( X & Y ) = 0 α · ( X & Y ) = α · X α · ( X & Y ) = α · Y α · ( X & Y ) = α · ( X ⊕ Y ) ⊕ 1 all have probability 1 / 2 + 2 − hw ( α ) − 1 . 16/22

  26. Linear approximation of & Hence, with the same probability : α · K i = α · ( S i , 1 ⊕ S i , 4 ) α · K i = α · ( S i , 1 ⊕ S i , 2 ⊕ S i , 4 ) α · K i = α · ( S i , 1 ⊕ S i , 3 ⊕ S i , 4 ) α · K i = α · ( S i , 1 ⊕ S i , 2 ⊕ S i , 3 ⊕ S i , 4 ) ⊕ 1 We write : K i ≈ S i , 1 ⊕ [ S i , 2 ] ⊕ [ S i , 3 ] ⊕ S i , 4 This is our output at round i . 17/22

  27. Output at round i + 1 S i ,0 S i ,1 R R R R R * * S i +1,1 S i + 1 , 1 ⊕ S i , 1 = R ( S i , 0 ) S i +2,2 18/22

  28. Output at round i + 1 S i ,0 S i ,1 R R R R R * * S i +1,1 S i + 1 , 1 ⊕ S i , 1 = R ( S i , 0 ) K i ≈ S i , 1 ⊕ [ S i , 2 ] ⊕ [ S i , 3 ] ⊕ S i , 4 S i +2,2 K i + 1 ⊕ K i ≈ R ( S i , 0 ) ⊕ [ R ( S i , 1 )] ⊕ [ R ( S i , 2 )] ⊕ R ( S i , 3 ) 18/22

  29. Output at round i + 2 S i ,0 S i ,1 S i ,2 R R R R R R * * R R R R R * * S i +2,2 S i + 2 , 2 ⊕ S i , 2 = R ( S i + 1 , 1 ) ⊕ R ( S i + 1 , 1 ⊕ R ( S i , 0 )) 19/22

  30. Output at round i + 2 If we approximate (with a probability cost) : β · R ( X ) = α · X Then : β · ( R ( S i + 1 , 1 ) ⊕ R ( S i + 1 , 1 ⊕ R ( S i , 0 ))) = α · S i + 1 , 1 ⊕ α · S i + 1 , 1 ⊕ α · R ( S i , 0 ) = α · R ( S i , 0 ) Hence we approximate : S i + 2 , 2 ⊕ S i , 2 = R ( S i + 1 , 1 ) ⊕ R ( S i + 1 , 1 ⊕ R ( S i , 0 )) ≈ D ( R ( S i , 0 )) where D ( X ) = R ( U ) ⊕ R ( U ⊕ X ) , U uniformly random. K i + 2 ⊕ K i ≈ D ( R ( S i , 4 )) ⊕ [ D ( R ( S i , 0 ))] ⊕ [ D ( R ( S i , 1 ))] ⊕ D ( R ( S i , 2 )) 20/22

  31. Final bias K i ≈ S 1 ⊕ [ S 2 ] ⊕ [ S 3 ] ⊕ S 4 K i + 1 ⊕ K i ≈ R ( S 0 ) ⊕ [ R ( S 1 )] ⊕ [ R ( S 2 )] ⊕ R ( S 3 ) K i + 2 ⊕ K i ≈ [ D ( R ( S 0 ))] ⊕ [ D ( R ( S 1 ))] ⊕ D ( R ( S 2 )) ⊕ D ( R ( S 4 )) 21/22

  32. Final bias K i ≈ S 1 ⊕ [ S 2 ] ⊕ [ S 3 ] ⊕ S 4 K i + 1 ⊕ K i ≈ R ( S 0 ) ⊕ [ R ( S 1 )] ⊕ [ R ( S 2 )] ⊕ R ( S 3 ) K i + 2 ⊕ K i ≈ [ D ( R ( S 0 ))] ⊕ [ D ( R ( S 1 ))] ⊕ D ( R ( S 2 )) ⊕ D ( R ( S 4 )) Choose masks α , β , γ such that with good probability : α · X = β · R ( X ) β · Y = γ · D ( Y ) and We consider : α · K i ⊕ β · ( K i + 1 ⊕ K i ) ⊕ γ · ( K i + 2 ⊕ K i ) Any two terms in the same column will cancel out. 21/22

  33. Final bias K i ≈ S 1 ⊕ [ S 2 ] ⊕ [ S 3 ] ⊕ S 4 K i + 1 ⊕ K i ≈ R ( S 0 ) ⊕ [ R ( S 1 )] ⊕ [ R ( S 2 )] ⊕ R ( S 3 ) K i + 2 ⊕ K i ≈ [ D ( R ( S 0 ))] ⊕ [ D ( R ( S 1 ))] ⊕ D ( R ( S 2 )) ⊕ D ( R ( S 4 )) 21/22

  34. Final bias K i ≈ S 1 ⊕ [ S 2 ] ⊕ [ S 3 ] ⊕ S 4 K i + 2 ⊕ K i ≈ [ D ( R ( S 0 ))] ⊕ [ D ( R ( S 1 ))] ⊕ D ( R ( S 2 )) ⊕ D ( R ( S 4 )) 21/22

  35. Final bias K i ≈ S 1 ⊕ S 2 ⊕ S 4 K i + 2 ⊕ K i ≈ D ( R ( S 1 )) ⊕ D ( R ( S 2 )) ⊕ D ( R ( S 4 )) 21/22

  36. Final bias K i ≈ S 1 ⊕ S 2 ⊕ S 4 K i + 2 ⊕ K i ≈ D ( R ( S 1 )) ⊕ D ( R ( S 2 )) ⊕ D ( R ( S 4 )) Thus α · K i ⊕ γ · ( K i ⊕ K i + 2 ) is biased. 21/22

  37. Final bias K i ≈ S 1 ⊕ S 2 ⊕ S 4 K i + 2 ⊕ K i ≈ D ( R ( S 1 )) ⊕ D ( R ( S 2 )) ⊕ D ( R ( S 4 )) Thus α · K i ⊕ γ · ( K i ⊕ K i + 2 ) is biased. Probability cost : essentially 3 × the cost of : α · X = β · R ( X ) and β · Y = γ · D ( Y ) Plus the cost of linearizing & in the K i ’s. Total : 3 · ( 12 + 6 ) + 5 + 2 · 9 = 77 ⇒ bias 2 − 77 . AEGIS-256 : bias 2 − 89 . 21/22

  38. Conclusion Attack model rarely taken into account in security analyses. Theoretical cryptanalysis of AEGIS-256 (high data requirements). Further work to be carried out on other authenticated ciphers with similar stream cipher-like behavior. 22/22

  39. Questions Thank you for your attention.

Recommend

On The Distribution of Linear Biases: Three Instructive Examples Mohamed Ahmed Abdelraheem 1 ,

On The Distribution of Linear Biases: Three Instructive Examples Mohamed Ahmed Abdelraheem 1 ,

On The Distribution of Linear Biases: Three Instructive Examples Mohamed Ahmed Abdelraheem 1 , Martin Agren 2 , Peter Beelen 1 , and Gregor Leander 1 1 Technical University of Denmark 2 Lund University, Sweden 120820 / Santa Barbara Outline 1

584 views • 41 slides
AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu Bart Preneel Nanyang

AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu Bart Preneel Nanyang

AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu Bart Preneel Nanyang Technological University KU Leuven and iMinds DIAC 2016 AEGIS 1 AEGIS: A shield carried by Athena and Zeus DIAC 2016 AEGIS 2 Different Design

524 views • 18 slides
Science Achievements of the DEEP2 & AEGIS surveys by Koo, Faber, and the DEEP & AEGIS

Science Achievements of the DEEP2 & AEGIS surveys by Koo, Faber, and the DEEP & AEGIS

Science Achievements of the DEEP2 & AEGIS surveys by Koo, Faber, and the DEEP & AEGIS Teams Supported by CARA, UCO/Lick Observatory, the National Science Foundation, and NASA DEEP2 basics Officially finished: 53,000 spectra

505 views • 31 slides
AEGIS Academic and Educational Grid Initiative of Serbia http://www.aegis.rs/ Antun Balaz

AEGIS Academic and Educational Grid Initiative of Serbia http://www.aegis.rs/ Antun Balaz

AEGIS Academic and Educational Grid Initiative of Serbia http://www.aegis.rs/ Antun Balaz (NGI_AEGIS Technical Manager) Dusan Vudragovic (NGI_AEGIS Deputy Manager) SCL, Institute of Physics Belgrade EGI-InSPIRE SA1 Kickoff Meeting 1

506 views • 15 slides
AEgIS experiment: a summary of the run and a first glimpse of the data DAMARA SAC Meeting

AEgIS experiment: a summary of the run and a first glimpse of the data DAMARA SAC Meeting

AEgIS experiment: a summary of the run and a first glimpse of the data DAMARA SAC Meeting Angela Gligorova, Nicola Pacifico 23.08.2012, IFT, University of Bergen Outline Overview of the Aegis apparatus for the May-June 2012 run

738 views • 24 slides
Introduction Design Key Scheduling Keystream Generation Security

Introduction Design Key Scheduling Keystream Generation Security

MARC: Modified ARC4 Jianliang Zheng and Jie Li The City University of New York Contents Introduction Design Key Scheduling Keystream Generation Security Statistical Testing Performance Testing Introduction RC4

588 views • 16 slides
The AEgIS Experiment Measuring the Gravitational Interaction of Antimatter Andreas Knecht / CERN

The AEgIS Experiment Measuring the Gravitational Interaction of Antimatter Andreas Knecht / CERN

The AEgIS Experiment Measuring the Gravitational Interaction of Antimatter Andreas Knecht / CERN on behalf of the AEgIS collaboration LEAP 2013, 10/6/2013 AEgIS Collaboration University of Oslo and University CERN, Switzerland of Bergen,

1.35k views • 35 slides
Capital Budgeting: Biases (Welch, Chapter 13-5) Ivo Welch More Biases Overconfidence Are you

Capital Budgeting: Biases (Welch, Chapter 13-5) Ivo Welch More Biases Overconfidence Are you

Capital Budgeting: Biases (Welch, Chapter 13-5) Ivo Welch More Biases Overconfidence Are you overconfident? (Note that this can also affect proper volatility estimates in real options.) 90% Confidence Interval Give a 90% confidence interval

517 views • 13 slides
GRAVITY AND ANTIMATTER: THE AEGIS EXPERIMENT AT CERN DAVIDE PAGANO UNIVERSIT DEGLI STUDI DI

GRAVITY AND ANTIMATTER: THE AEGIS EXPERIMENT AT CERN DAVIDE PAGANO UNIVERSIT DEGLI STUDI DI

GRAVITY AND ANTIMATTER: THE AEGIS EXPERIMENT AT CERN DAVIDE PAGANO UNIVERSIT DEGLI STUDI DI BRESCIA & INFN PAVIA on behalf of the AEgIS collaboration TAUP 2017 - XV International Conference on Topics in Astroparticle and Underground

338 views • 15 slides
Fast Correlation Attacks and Linear Codes Lauri Tarkkala November 25, 2004 1

Fast Correlation Attacks and Linear Codes Lauri Tarkkala November 25, 2004 1

Fast Correlation Attacks and Linear Codes Lauri Tarkkala November 25, 2004 1 Brief Recap: Stream ciphers Let P be the set of plaintext symbols. Let K be the set of keystream symbols. Let C be the set of ciphertext

332 views • 16 slides
AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu, Bart Preneel Nanyang Technological

AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu, Bart Preneel Nanyang Technological

AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu, Bart Preneel Nanyang Technological University, Katholieke Universiteit Leuven Presented at DIAC 1 Classification of Authenticated Encryption AEGIS Design rationale

635 views • 19 slides
Unconscious Bias 1 Questions to Start: Are we aware of our unconscious biases? Do we accept

Unconscious Bias 1 Questions to Start: Are we aware of our unconscious biases? Do we accept

Unconscious Bias 1 Questions to Start: Are we aware of our unconscious biases? Do we accept them? What types of biases are you aware of? Do you have experience with your own or seen biases in others? Activity: You are working

289 views • 14 slides
Stream Ciphers Stream Ciphers 1 Stream Ciphers Generalization of one-time pad Trade

Stream Ciphers Stream Ciphers 1 Stream Ciphers Generalization of one-time pad Trade

Stream Ciphers Stream Ciphers 1 Stream Ciphers Generalization of one-time pad Trade provable security for practicality Stream cipher is initialized with short key Key is stretched into long keystream Keystream is used like

512 views • 35 slides
Breakout for small group discussions Topics Understanding your biases Awareness of

Breakout for small group discussions Topics Understanding your biases Awareness of

8/18/2020 Listen and Learn about Racial Justice 1 Presentation then Q&A Breakout for small group discussions Topics Understanding your biases Awareness of how biases affect behaviors Discerning your voice and your role

465 views • 13 slides
New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4 Subhamoy Maitra ,

New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4 Subhamoy Maitra ,

New Form of Permutation Bias and Secret Key Leakage in Keystream Bytes of RC4 Subhamoy Maitra , ISI, Kolkata Goutam Paul , Jadavpur University, Kolkata Roadmap Introduction Related Work and Contribution Bias in the Permutation

531 views • 36 slides
Investigating Potential Investigating Potential Biases in Aerosol Light Biases in Aerosol Light

Investigating Potential Investigating Potential Biases in Aerosol Light Biases in Aerosol Light

Investigating Potential Investigating Potential Biases in Aerosol Light Biases in Aerosol Light Absorption Absorption Measurements Measurements Christine Walsh Lund University (Lund, Sweden) NOAA ERSL (Aerosol Research Group) Overview of

354 views • 17 slides
Heuristics and biases Tina Nane 2 Heuristics and biases Lotto Icon by Dapete is

Heuristics and biases Tina Nane 2 Heuristics and biases Lotto Icon by Dapete is

1 Heuristics and biases Tina Nane 2 Heuristics and biases Lotto Icon by Dapete is licensed under CC BY 2.5 2 Heuristics and biases Heuristics Lotto Icon by Dapete is licensed under CC BY 2.5 Tricks, rules of thumb,

372 views • 23 slides
TEXT AND TEXT AND AUTOMATED BIASES AUTOMATED BIASES NATURAL LANGUAGES ARE THE NATURAL

TEXT AND TEXT AND AUTOMATED BIASES AUTOMATED BIASES NATURAL LANGUAGES ARE THE NATURAL

TEXT AND TEXT AND AUTOMATED BIASES AUTOMATED BIASES NATURAL LANGUAGES ARE THE NATURAL LANGUAGES ARE THE BASE HUMAN COMMUNICATION BASE HUMAN COMMUNICATION we learn from books of all kinds about complex topics and keep ourself updated

532 views • 51 slides
Biases in Decision Making Alexander Felfernig alexander.felfernig@ist.tugraz.at Decision Biases

Biases in Decision Making Alexander Felfernig alexander.felfernig@ist.tugraz.at Decision Biases

Institute for Software Technology International Workshop on Decision Making and Recommender Systems, Bolzano, 2014 Biases in Decision Making Alexander Felfernig alexander.felfernig@ist.tugraz.at Decision Biases & Recommender Systems 1

1.11k views • 53 slides
Spectral and Radiometric Issues for Level 1C L. Larrabee Strow and Scott Hannon Atmospheric

Spectral and Radiometric Issues for Level 1C L. Larrabee Strow and Scott Hannon Atmospheric

Introduction Scan Angle Biases Doppler Effect Biases IASI vs AIRS Biases Conclusions Spectral and Radiometric Issues for Level 1C L. Larrabee Strow and Scott Hannon Atmospheric Spectroscopy Laboratory (ASL) Physics Department and Joint

437 views • 20 slides
RC South, Task Force Aegis I n t e g r i t y - S e r v i c e - E x c e l l e n c e Qalat

RC South, Task Force Aegis I n t e g r i t y - S e r v i c e - E x c e l l e n c e Qalat

RC South, Task Force Aegis I n t e g r i t y - S e r v i c e - E x c e l l e n c e Qalat Provincial Reconstruction Team Capt Rockie Wilson Civil Affairs CAT-E (Engineer) Team Leader, Qalat PRT Training - Mission 5-week Combat Skills

961 views • 29 slides
Philip Harrison, Khangelani Moyo & Yan Yang Introduction Within the broad aegis of de

Philip Harrison, Khangelani Moyo & Yan Yang Introduction Within the broad aegis of de

Strategy and Tactics: Chinese Immigrants and Diasporic Spaces in Johannesburg, South Africa Philip Harrison, Khangelani Moyo & Yan Yang Introduction Within the broad aegis of de Certeaus work, we engage the historical and

935 views • 56 slides
Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random

Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random

Design and Implementation of the AEGIS Single-Chip Secure Processor Using Physical Random Functions G. Edward Suh, Charles W. ODonnell, Ishan Sachdev, and Srinivas Devadas Massachusetts Institute of Technology 1 New Security Challenges

356 views • 31 slides
AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing G. Edward Suh, Dwaine

AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing G. Edward Suh, Dwaine

AEGIS: Architecture for Tamper-Evident and Tamper-Resistant Processing G. Edward Suh, Dwaine Clarke, Blaise Gassend, Marten van Dijk, Srinivas Devadas Massachusetts Institute of Technology L C S Cases for Physical Security Applications

519 views • 23 slides

More recommend