on the spectral features of robust probing security
play

On the spectral features of robust probing security Maria Chiara - PowerPoint PPT Presentation

Sep 12, 2022 •502 likes •1.03k views

Context Theoretical contribution Applications Complexity Conclusion On the spectral features of robust probing security Maria Chiara Molteni 1 Vittorio Zaccaria 2 1 Dipartimento di Informatica Giovanni Degli Antoni Universit` a degli

  1. Context Theoretical contribution Applications Complexity Conclusion On the spectral features of robust probing security Maria Chiara Molteni 1 Vittorio Zaccaria 2 1 Dipartimento di Informatica ”Giovanni Degli Antoni” Universit` a degli Studi di Milano 2 Department of Electronics, Information and Bioengineering Politecnico di Milano Cryptographic Hardware and Embedded Systems (CHES) September 2020 1 / 39

  2. Context Theoretical contribution Applications Complexity Conclusion Overview Context Theoretical contribution Applications Complexity Conclusion 2 / 39

  3. Context Theoretical contribution Applications Complexity Conclusion d -probing security 3 / 39

  4. Context Theoretical contribution Applications Complexity Conclusion d -probing security 3 / 39

  5. Context Theoretical contribution Applications Complexity Conclusion d -probing security 3 / 39

  6. Context Theoretical contribution Applications Complexity Conclusion d -probing security Probing attack The attacker places a probe on a wire of interest and recover some information about the value carried along that wire during computation. 3 / 39

  7. Context Theoretical contribution Applications Complexity Conclusion d -probing security Definition A gadget is d -probing secure if, given at most d probes, it is impossible to derive information about the secret values, also encoded in the masks/shares. Example x secret, x 0 and x 1 shares such that x = x 0 + x 1 1-probing secure NOT 1-probing secure 4 / 39

  8. Context Theoretical contribution Applications Complexity Conclusion d -Non Interference security Definition A gadget is d -NI if, given at most d probes, it is possible to derive information about at most d masks/shares of any secret value. Example x secret, x 0 and x 1 shares such that x = x 0 + x 1 1-NI 5 / 39

  9. Context Theoretical contribution Applications Complexity Conclusion d -Strong Non Interference security Definition A gadget is d -SNI if, given at most d 1 internal probes and d 2 output probes such that d 1 + d 2 = d , it is possible to derive information about at most d 1 masks/shares of any secret value. Example x secret, x 0 and x 1 shares such that x = x 0 + x 1 NOT 1-SNI 6 / 39

  10. Context Theoretical contribution Applications Complexity Conclusion d -Strong Non Interference security Definition A gadget is d -SNI if, given at most d 1 internal probes and d 2 output probes such that d 1 + d 2 = d , it is possible to derive information about at most d 1 secret values, also encoded in the masks/shares. Example x secret, x 0 and x 1 shares such that x = x 0 + x 1 1-SNI Internal probe Output probe 7 / 39

  11. Context Theoretical contribution Applications Complexity Conclusion Robust Probing Security Extended Probes Probes that model the leakage situation in presence of some physical defaults. Types od Extended probes 1 ◮ Modelling glitches, i.e. combinatorial recombination ◮ Modelling transitions, i.e. memory recombinations ◮ Modelling couplings, i.e.routing recombinations 1 S. Faust et Al., Composable Masking Schemes in the Presence of Physical Defaults and the Robust Probing Model 8 / 39

  12. Context Theoretical contribution Applications Complexity Conclusion Motivation: mathematical improvement Research standpoint ◮ Previous works: instance-by-instance approaches or tools (maskVerif 2 ) ◮ Our work: new conceptual tools to derive general solutions and rules Development standpoint ◮ Previous works: efficient approaches might need validation ◮ Our work: further verification approach based on the exact theory of Boolean Functions 2 G. Barthe et Al., maskVerif: automated analysis of software and hardware higher-order masked implementations. 9 / 39

  13. Context Theoretical contribution Applications Complexity Conclusion Our contribution Exploited tools ◮ Boolean Function Theory ◮ Walsh Matrices ◮ Tensor Product ◮ String Diagrams New contributions ◮ Vulnerability Profile ◮ Composition Rules ◮ Classification of Extended Probes 10 / 39

  14. Context Theoretical contribution Applications Complexity Conclusion Our method Walsh Matrix ◮ Given a Boolean function f , with m inputs and n outputs, any element of its Walsh matrix is: � ( − 1) ω T f ( x ) ⊕ α T x ˆ f ω,α = x ∈ F n 2 ◮ Matrix that describes the results profile of a Boolean Function ◮ To any matrix corresponds only one function and viceversa ◮ Its dimension is 2 n × 2 m Correlation Matrix Matrix computed from the Walsh matrix: � W f ( ω, α ) := (ˆ f ω,α � = 0) 11 / 39

  15. Context Theoretical contribution Applications Complexity Conclusion Our method Example     a 0 + r 0 + r 1 o 0   =   f ( a 0 , a 1 , r 0 , r 1 ) = a 1 + r 0 + r 1 o 1 a 1 + r 0 p 0 Correlation matrix � W f : 0 0 0 0 0 0 0 0 1 1 1 1 1 1 1 1 γ r 1 0 0 0 0 1 1 1 1 0 0 0 0 1 1 1 1 γ r 0 0 0 1 1 0 0 1 1 0 0 1 1 0 0 1 1 γ a 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 0 1 γ a 0 γ p 0 γ o 1 γ o 0 0 0 0 1 0 0 1 1 0 1 0 1 1 0 1 1 1 0 0 1 1 0 1 1 1 1 0 1 1 1 1 1 12 / 39

  16. Context Theoretical contribution Applications Complexity Conclusion Our method Compact representation of � W f Reshaping of the Correlation matrix � W f , by compacting the spectral coefficients, taking into account only the number of shares of each original variable. Example 0 0 0 1 1 1 2 2 2 ρ 0 1 2 0 1 2 0 1 2 α π ω 0 0 1 0 1 1 0 2 1 1 0 1 1 1 1 1 1 2 1 α , ρ , ω and φ are called the compact spectral indexes of the input, randoms, output and probe respectively 13 / 39

  17. Context Theoretical contribution Applications Complexity Conclusion Vulnerability Profile Vulnerability Profile of a function Tensor product of the regular Walsh transform of a function f and of its probes f π , multiplied by W δ Composition h • k Function f W f O f I f O kh W k W h I h O k π h W k π W h π W f π O f π k ∆ h ∆ O h π W δ f ∆ I ⊗ k ∆ 14 / 39

  18. Context Theoretical contribution Applications Complexity Conclusion Classification of the Extended Probes Classification 1. Pure Probe ( ◦ ): placed on a wire computing w ( x ), it gives information about all the inputs of the function: � w π ( x ) = x i x i ∈ support ( w ) 15 / 39

  19. Context Theoretical contribution Applications Complexity Conclusion Classification of the Extended Probes Classification 2. Composed Probe ( ♠ ): placed on a wire computing w ( x ) = w a • w b , it gives information about the values: w k ( x ) = ( w a π • w b )( x ) where w b ( x ) is different from the identity. 16 / 39

  20. Context Theoretical contribution Applications Complexity Conclusion Classification of the Extended Probes Classification 3. Output Probe ( ↑ ): placed on an actual output of the function; during composition of functions, it could produce new probes 17 / 39

  21. Context Theoretical contribution Applications Complexity Conclusion Classification of the Extended Probes Classification 4. Internal Probe : placed on an internal wire; it couldn’t produce new probes when composing functions 18 / 39

  22. Context Theoretical contribution Applications Complexity Conclusion Applications Applications to multiplication gadgets ◮ CMS: analysis and improvement ◮ DOM-indep: analysis 19 / 39

  23. Context Theoretical contribution Applications Complexity Conclusion Consolidating Masking Scheme CMS 3 multiplication scheme ◮ Evolution of the ISW scheme, meant to provide d -probing security and protection against glitches ◮ s = d + 1 is the number of shares, a i and b i are the inputs’ shares and c i are the output’s shares ◮ Every c i is computed in a logic cone , which involves s pairs ( a i , b h ) ◮ Adjacent cones share only a random bit ◮ Internal bits within a cone preserve uniformity ◮ Three layers: non-linear ( N ), refresh ( R ) and compression ( C ), the latter two separated by a register 3 O. Reparaz et Al., Consolidating Masking Schemes 20 / 39

  24. Context Theoretical contribution Applications Complexity Conclusion CMS and probing security Problem This scheme is not robust- d -probing secure for d ≥ 3 4 a 1 b 0 a 1 b 3 b 1 a 0 compression layer C a 1 b 2 refsesh layer R a 0 b 2 r 5 r 4 non-linear layer N r 6 r 3 ⊕ ⊕ ⊕ a 1 b 1 ⊕ ⊕ r 7 r 2 a 0 b 3 ⊕ ⊕ ⊕ r 8 ⊕ r 1 c 1 c 0 a 2 b 0 ⊕ ⊕ a 0 b 0 c 2 c 3 r 9 r 0 ⊕ ⊕ ⊕ ⊕ a 2 b 3 r 10 r 15 ⊕ ⊕ a 3 b 1 ⊕ ⊕ ⊕ r 11 r 14 r 12 r 13 a 2 b 2 a 3 b 2 a 2 b 3 a 3 b 1 a 3 b 0 4 T. Moos et Al., Glitch-Resistant Masking Revisited 21 / 39

  25. Context Theoretical contribution Applications Complexity Conclusion Analysis of the CMS probing security through our classification of extended probes Types of probes ◮ Pure internal probes at the output of R : information about { a i , b j , r h 1 , r h 2 } ◮ Composed output probes at the output of C : information about d values computed as a i · b j + r h 1 + r h 2 Fail of CMS, for d ≥ 3 b 0 b 1 b 2 . . . b d Secret b placing only one a 0 c 0 c 0 c 0 . . . c 0 a 1 c 1 c 1 c 1 . . . c 1 composed probe and two pure a 2 c 2 c 2 c 2 . . . c 2 . probes . . a d c d c d c d . . . c d 22 / 39

Recommend

A Spectral View of Adversarially Robust Features Shivam Garg Vatsal Sharan * Brian Zhang *

A Spectral View of Adversarially Robust Features Shivam Garg Vatsal Sharan * Brian Zhang *

A Spectral View of Adversarially Robust Features Shivam Garg Vatsal Sharan * Brian Zhang * Gregory Valiant Stanford University What are adversarial examples? Adding small amount of well-crafted noise to the test data fools the classifier More

574 views • 14 slides
Glitch-Resistant Masking Revisited or Why Proofs in the Robust Probing Model are Needed Thorben

Glitch-Resistant Masking Revisited or Why Proofs in the Robust Probing Model are Needed Thorben

Glitch-Resistant Masking Revisited or Why Proofs in the Robust Probing Model are Needed Thorben Moos 1 , Amir Moradi 1 , Tobias Schneider 2 and Franois-Xavier Standaert 2 Horst Grtz Institute for IT Security, Ruhr-Universitt Bochum,

694 views • 46 slides
Random Probing Security Verification, Composition, Expansion and New Constructions Sonia Belad 1

Random Probing Security Verification, Composition, Expansion and New Constructions Sonia Belad 1

Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Random Probing Security Verification, Composition, Expansion and New Constructions Sonia Belad 1 , Jean-Sbastien Coron 2 Emmanuel

1.04k views • 99 slides
Searching for spectral features in the g -ray sky Alejandro Ibarra Technische Universitt

Searching for spectral features in the g -ray sky Alejandro Ibarra Technische Universitt

Searching for spectral features in the g -ray sky Alejandro Ibarra Technische Universitt Mnchen Oslo 5 November 2014 Outline Motivation Indirect dark matter searches with gamma-rays. Overcoming backgrounds Gamma-ray spectral

1.33k views • 85 slides
Physical Defaults & the Robust Probing Model Sebastian Faust, Vincent Grosso, Santos Merino

Physical Defaults & the Robust Probing Model Sebastian Faust, Vincent Grosso, Santos Merino

Composable Masking Schemes in the Presence of Physical Defaults & the Robust Probing Model Sebastian Faust, Vincent Grosso, Santos Merino Del Pozo, Clara Paglialonga, Franois-Xavier Standaert TU Darmstadt (Germany), Radbout University

774 views • 39 slides
PROTEIN-FILM VOLTAMMETRY- ELECTROCHEMICAL SPECTROSCOPY FOR PROBING THE REDOX FEATURES OF

PROTEIN-FILM VOLTAMMETRY- ELECTROCHEMICAL SPECTROSCOPY FOR PROBING THE REDOX FEATURES OF

PROTEIN-FILM VOLTAMMETRY- ELECTROCHEMICAL SPECTROSCOPY FOR PROBING THE REDOX FEATURES OF BIOCATALYSTS RUBIN GULABOSKI , Goce Delcev lcev Unive versity sity-St Stip ip , MACEDONIA Proteins play crucial role in Energy conversion and the ATP

827 views • 71 slides
The Robustness of Go A study of Go and its ecosystem Agenda - What does it mean to be robust?

The Robustness of Go A study of Go and its ecosystem Agenda - What does it mean to be robust?

The Robustness of Go A study of Go and its ecosystem Agenda - What does it mean to be robust? - Robust features of Go - Fragile features of Go - Giving up - Well, actually: Erlang - A new hope About me Francesc Campoy (@francesc /

822 views • 57 slides
On Moment Problems in Robust Control, Spectral Estimation, Image Processing and System

On Moment Problems in Robust Control, Spectral Estimation, Image Processing and System

On Moment Problems in Robust Control, Spectral Estimation, Image Processing and System Identification Anders Lindquist Shanghai Jiao Tong University, China, and the Royal Institute of Technology, Stockholm, Sweden University of Maryland May,

937 views • 38 slides
New features in LS-DYNA R7.1.1 Newest release - published in April 2014 Robust production

New features in LS-DYNA R7.1.1 Newest release - published in April 2014 Robust production

New features in LS-DYNA R7.1.1 Newest release - published in April 2014 Robust production version is R6.1.2 Presentation about major new solid mechanics features: Material Models, Element Technology, Metal Forming, Occupant Safety,

514 views • 48 slides
Probing Features in the Primordial Power Spectrum Arman Shafieloo Korea Astronomy and Space

Probing Features in the Primordial Power Spectrum Arman Shafieloo Korea Astronomy and Space

Probing Features in the Primordial Power Spectrum Arman Shafieloo Korea Astronomy and Space Science Institute (KASI) & University of Science and Technology (UST) General Relativity - The Next Generation February 19 - 23, 2018 YITP, Kyoto

438 views • 42 slides
Probing for Open DNS Resolvers John Kristoff jtk@depaul.edu Midwest Security Workshop jtk

Probing for Open DNS Resolvers John Kristoff jtk@depaul.edu Midwest Security Workshop jtk

Probing for Open DNS Resolvers John Kristoff jtk@depaul.edu Midwest Security Workshop jtk (jtk@depaul.edu) DNS Probing September 30, 2006 1 / 9 Open Resolvers Recursive - open access to a full resolver Forwarder - proxy access to a

371 views • 9 slides
Occultations for Probing for Probing Occultations Atmosphere and Climate: Atmosphere and

Occultations for Probing for Probing Occultations Atmosphere and Climate: Atmosphere and

I nstitute for G eophysics, A strophysics, and M eteorology / U niversity of G raz A tmospheric R emote S ensing and Cli mate Sys tem Research Group ARSCliSys on the art of understanding the climate system Occultations for Probing for Probing

570 views • 12 slides
Robust Spectral Compressed Sensing via Structured Matrix Completion Yuxin Chen Electrical

Robust Spectral Compressed Sensing via Structured Matrix Completion Yuxin Chen Electrical

July 2013 Robust Spectral Compressed Sensing via Structured Matrix Completion Yuxin Chen Electrical Engineering, Stanford University Joint Work with Yuejie Chi Page 1 Sparse Fourier Representation/Approximation Fourier representation of a

486 views • 25 slides
Orientation Effects on Spectral Emission Features of Quasars Susanna Bisogni Harvard

Orientation Effects on Spectral Emission Features of Quasars Susanna Bisogni Harvard

Orientation Effects on Spectral Emission Features of Quasars Susanna Bisogni Harvard Smithsonian Center for Astrophysics INAF Osservatorio Astrofisico di Arcetri In collaboration with: Alessandro Marconi, Guido Risaliti

265 views • 22 slides
Feature Extraction Combining Feature Extraction Combining Spectral Noise Reduction and Spectral

Feature Extraction Combining Feature Extraction Combining Spectral Noise Reduction and Spectral

Feature Extraction Combining Feature Extraction Combining Spectral Noise Reduction and Spectral Noise Reduction and Cepstral Histogram Equalization Cepstral Histogram Equalization For Robust ASR For Robust ASR J.C. Segura, M.C. Bentez, A.

418 views • 23 slides
Recap In the first lecture we distinguished periodic sounds Spectral features of fricatives

Recap In the first lecture we distinguished periodic sounds Spectral features of fricatives

Recap In the first lecture we distinguished periodic sounds Spectral features of fricatives and stops (same patterns repeats every cycle) from aperiodic sounds (no regularity in the pattern of air perturbations). C s m v hc v

623 views • 13 slides
Spectral Clustering Spectral Clustering? Spectral methods Methods using eigenvectors of

Spectral Clustering Spectral Clustering? Spectral methods Methods using eigenvectors of

Spectral Clustering Spectral Clustering? Spectral methods Methods using eigenvectors of some matrices Involve eigen-decomposition (or spectral decomposition) Seungjin Choi Spectral clustering methods: Algorithms that cluster data

501 views • 10 slides
Chapter 7: Unix Security Chapter 7: 1 Objectives Understand the security features provided

Chapter 7: Unix Security Chapter 7: 1 Objectives Understand the security features provided

Chapter 7: Unix Security Chapter 7: 1 Objectives Understand the security features provided by a typical operating system. Introduce the basic Unix security model. See how general security principles are implemented in an actual

733 views • 59 slides
Tight Private Circuits: Achieving Probing Security with the Least Refreshing Sonia Belaid,

Tight Private Circuits: Achieving Probing Security with the Least Refreshing Sonia Belaid,

Tight Private Circuits: Achieving Probing Security with the Least Refreshing Sonia Belaid, Dahmun Goudarzi, and Matthieu Rivain dahmun.goudarzi@pqshield.com 1 Side-Channel Attacks and Higher-Order Masking in 1 in 2 in 3

655 views • 52 slides
Robust Spectral Inference for Joint Stochastic Matrix Factorization Kun Dong Cornell University

Robust Spectral Inference for Joint Stochastic Matrix Factorization Kun Dong Cornell University

Robust Spectral Inference for Joint Stochastic Matrix Factorization Kun Dong Cornell University October 20, 2016 K. Dong (Cornell University) Robust Spectral Inference for Joint Stochastic Matrix Factorization October 20, 2016 1 / 17

205 views • 17 slides
Tao Probing the End of the World 1 - 1 - Masato

Tao Probing the End of the World 1 - 1 - Masato

@YITP WS Tao Probing the End of the World 1 - 1 - Masato Taki RIKEN , i THES group .Yagi (KIAS) [ arXiv:1504.03672] Collaboration w/ S-S.Kim and F 2015.11/12 Tao Probing the End of the World new

1.01k views • 81 slides
Make iOS App more Robust and Security through Fuzzing Wei Wang & Zhaowei Wang 2016-10-14

Make iOS App more Robust and Security through Fuzzing Wei Wang & Zhaowei Wang 2016-10-14

Make iOS App more Robust and Security through Fuzzing Wei Wang & Zhaowei Wang 2016-10-14 About us ID: Proteas, Shrek_wzw Working at: Qihoo 360 Nirvan Team Focused on: iOS and OS X Security Research Twitter: @ProteasWang,

703 views • 42 slides
Roadmap for Section 7.2. Windows Security Features Components of the Security System Windows

Roadmap for Section 7.2. Windows Security Features Components of the Security System Windows

Unit OS7: Security 7.2. Windows Security Components and Concepts Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section 7.2. Windows Security Features Components of the Security

453 views • 14 slides
Combining Temporal And Spectral Features in HMM-based Drum Transcription Jouni Paulus, Anssi

Combining Temporal And Spectral Features in HMM-based Drum Transcription Jouni Paulus, Anssi

Drum Transcription Proposed Method Simulations Summary Combining Temporal And Spectral Features in HMM-based Drum Transcription Jouni Paulus, Anssi Klapuri Institute of Signal Processing Tampere University of Technology Tampere, Finland

216 views • 9 slides

More recommend