photo from iain tate on flickr photo from becky stern on
play

+ = Photo from Iain Tate on Flickr Photo from Becky Stern on - PowerPoint PPT Presentation

Mar 27, 2024 •687 likes •1.02k views

A C OMPREHENSIVE E VALUATION OF M UTUAL I NFORMATION A NALYSIS U SING A F AIR E VALUATION F RAMEWORK Carolyn Whitnall, Elisabeth Oswald carolyn.whitnall@bris.ac.uk Department of Computer Science, University of Bristol 16 th August 2011 C. W

  1. A C OMPREHENSIVE E VALUATION OF M UTUAL I NFORMATION A NALYSIS U SING A F AIR E VALUATION F RAMEWORK Carolyn Whitnall, Elisabeth Oswald carolyn.whitnall@bris.ac.uk Department of Computer Science, University of Bristol 16 th August 2011 C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 1 / 1

  2. Photo from Casey Marshall on Flickr + = Photo from Iain Tate on Flickr Photo from Becky Stern on Flickr Algorithm = Measurements! + Device But how to make the most of those measurements? C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 2 / 1

  3. W HAT IS A S IDE -C HANNEL D ISTINGUISHER ? C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 3 / 1

  4. W HAT IS A S IDE -C HANNEL D ISTINGUISHER ? C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 3 / 1

  5. W HAT IS A S IDE -C HANNEL D ISTINGUISHER ? C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 3 / 1

  6. W HAT IS A S IDE -C HANNEL D ISTINGUISHER ? C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 3 / 1

  7. W HAT IS A S IDE -C HANNEL D ISTINGUISHER ? C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 3 / 1

  8. W HAT IS A S IDE -C HANNEL D ISTINGUISHER ? C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 3 / 1

  9. W HAT IS A S IDE -C HANNEL D ISTINGUISHER ? 0.6 3 # standard deviations 0.4 Distinguisher value 2 0.2 1 0 0 −1 −0.2 −2 −0.4 0 0 10 10 20 20 30 30 40 40 50 50 60 60 Key hypothesis True key Nearest rival C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 3 / 1

  10. W HAT IS A S IDE -C HANNEL D ISTINGUISHER ? 0.6 3 # standard deviations 0.4 Distinguisher value 2 0.2 1 0 0 −1 −0.2 −2 −0.4 0 0 10 10 20 20 30 30 40 40 50 50 60 60 Key hypothesis True key Nearest rival C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 3 / 1

  11. W HAT IS A S IDE -C HANNEL D ISTINGUISHER ? 0.6 3 # standard deviations 0.4 Distinguisher value 2 0.2 1 0 0 −1 −0.2 −2 −0.4 0 0 10 10 20 20 30 30 40 40 50 50 60 60 Key hypothesis True key Nearest rival C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 3 / 1

  12. W HAT IS A S IDE -C HANNEL D ISTINGUISHER ? 0.6 3 # standard deviations 0.4 Distinguisher value 2 0.2 1 0 0 −1 −0.2 −2 −0.4 0 0 10 10 20 20 30 30 40 40 50 50 60 60 Key hypothesis True key Nearest rival C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 3 / 1

  13. W HAT M AKES A G OOD D ISTINGUISHER ? T HE USUAL APPROACH . . . Desirable metric: “# of trace measurements required for key recovery” Not like-for-like: Practical outcomes highly sensitive to estimator choice Not computable: Sampling distributions (usually) unknown O UR CONTRIBUTION ‘True’ distinguishing vectors can be directly computed for well-defined hypothetical scenarios Theoretic advantages � = ⇒ practical advantages (unequal estimation costs) BUT Certain characteristics have a strong bearing on likely practical outcomes What features of the theoretic distinguishing vectors most contribute to its estimatability? C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 5 / 1

  14. W HAT M AKES A G OOD D ISTINGUISHER ? T HE USUAL APPROACH . . . Desirable metric: “# of trace measurements required for key recovery” Not like-for-like: Practical outcomes highly sensitive to estimator choice Not computable: Sampling distributions (usually) unknown O UR CONTRIBUTION ‘True’ distinguishing vectors can be directly computed for well-defined hypothetical scenarios Theoretic advantages � = ⇒ practical advantages (unequal estimation costs) BUT Certain characteristics have a strong bearing on likely practical outcomes What features of the theoretic distinguishing vectors most contribute to its estimatability? C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 5 / 1

  15. ‘A F AIR E VALUATION F RAMEWORK ’ 0.6 3 Correct key ranking in the theoretic vector 0.4 # standard deviations Distinguisher value 2 0.2 1 ◮ Distinguisher must isolate key in theory to stand a 0 0 −1 chance in practice −0.2 −2 −0.4 0 0 10 10 20 20 30 30 40 40 50 50 60 60 Key hypothesis Nearest-rival distinguishing score – # s.d. between correct key value and highest ranked alternative ◮ The smaller the margin, the fewer the traces needed for estimation! Average minimum support – how large an input support does the distinguisher need? ◮ An attack which needs to ‘see more inputs’ will inevitably need more traces C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 6 / 1

  16. ‘A F AIR E VALUATION F RAMEWORK ’ 0.6 3 Correct key ranking in the theoretic vector 0.4 # standard deviations Distinguisher value 2 0.2 1 ◮ Distinguisher must isolate key in theory to stand a 0 0 −1 chance in practice −0.2 −2 −0.4 0 0 10 10 20 20 30 30 40 40 50 50 60 60 Key hypothesis 0.6 Nearest-rival distinguishing score – # s.d. between 3 0.4 # standard deviations Distinguisher value 2 correct key value and highest ranked alternative 0.2 1 0 0 ◮ The smaller the margin, the fewer the traces needed −1 −0.2 for estimation! −2 −0.4 0 0 10 10 20 20 30 30 40 40 50 50 60 60 Key hypothesis Average minimum support – how large an input support does the distinguisher need? ◮ An attack which needs to ‘see more inputs’ will inevitably need more traces C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 6 / 1

  17. ‘A F AIR E VALUATION F RAMEWORK ’ 0.6 3 Correct key ranking in the theoretic vector 0.4 # standard deviations Distinguisher value 2 0.2 1 ◮ Distinguisher must isolate key in theory to stand a 0 0 −1 chance in practice −0.2 −2 −0.4 0 0 10 10 20 20 30 30 40 40 50 50 60 60 Key hypothesis 0.6 Nearest-rival distinguishing score – # s.d. between 3 0.4 # standard deviations Distinguisher value 2 correct key value and highest ranked alternative 0.2 1 0 0 ◮ The smaller the margin, the fewer the traces needed −1 −0.2 for estimation! −2 −0.4 0 0 10 10 20 20 30 30 40 40 50 50 60 60 Key hypothesis Average minimum support – how large an input 1 Theoretic success rate 0.8 support does the distinguisher need? 0.6 0.4 ◮ An attack which needs to ‘see more inputs’ will 0.2 inevitably need more traces 0 0 10 20 30 40 Support size C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 6 / 1

  18. T HE D ISTINGUISHERS AT A G LANCE . . . MIA: M UTUAL INFORMATION Defined as: D ( k ) = I ( L k ∗ + ε ; M k ) = H ( L k ∗ + ε ) − H ( L k ∗ + ε | M k ) , where � H is the differential entropy: H ( X ) = − x ∈X p X ( x ) log 2 ( p X ( x )) Functional of the distribution —estimation problematic DPA outcomes extremely sensitive to estimator choice; no ‘ideal’ exists No general results for the sampling distributions CPA: P EARSON ’ S CORRELATION COEFFICIENT Cov ( L k ∗ + ε, M k ) √ Var ( L k ∗ + ε ) √ Defined as: D ( k ) = ρ ( L k ∗ + ε, M k ) = Var ( M k ) Function of distributional moments —estimation simple Sample correlation coefficient suits a broad range of assumptions Lots of ‘nice’ results for its sampling distribution C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 7 / 1

  19. T HE D ISTINGUISHERS AT A G LANCE . . . MIA: M UTUAL INFORMATION Defined as: D ( k ) = I ( L k ∗ + ε ; M k ) = H ( L k ∗ + ε ) − H ( L k ∗ + ε | M k ) , where � H is the differential entropy: H ( X ) = − x ∈X p X ( x ) log 2 ( p X ( x )) Functional of the distribution —estimation problematic DPA outcomes extremely sensitive to estimator choice; no ‘ideal’ exists No general results for the sampling distributions CPA: P EARSON ’ S CORRELATION COEFFICIENT Cov ( L k ∗ + ε, M k ) √ Var ( L k ∗ + ε ) √ Defined as: D ( k ) = ρ ( L k ∗ + ε, M k ) = Var ( M k ) Function of distributional moments —estimation simple Sample correlation coefficient suits a broad range of assumptions Lots of ‘nice’ results for its sampling distribution C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 7 / 1

  20. W HY ‘M UTUAL I NFORMATION A NALYSIS ’? Proposed (Gierlichs et al. , 2008) as an enhancement to correlation DPA: Optimal in an information theoretic sense – quantifies total dependence Generic – should work even without a good power model However . . . correlation DPA frequently performs better in empirical comparisons What can we learn from a theoretic evaluation? Distinguisher Power model Abbreviation Correlation DPA Hamming weight CPA(HW) Hamming weight MIA(HW) Mutual Information Analysis Identity MIA(ID) C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 8 / 1

  21. W HY ‘M UTUAL I NFORMATION A NALYSIS ’? Proposed (Gierlichs et al. , 2008) as an enhancement to correlation DPA: Optimal in an information theoretic sense – quantifies total dependence Generic – should work even without a good power model However . . . correlation DPA frequently performs better in empirical comparisons What can we learn from a theoretic evaluation? Distinguisher Power model Abbreviation Correlation DPA Hamming weight CPA(HW) Hamming weight MIA(HW) Mutual Information Analysis Identity MIA(ID) C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 8 / 1

Recommend

Photo courtesy of Casbr(@flickr.com) - granted under creative commons licence - attribution Photo

Photo courtesy of Casbr(@flickr.com) - granted under creative commons licence - attribution Photo

Photo courtesy of Casbr(@flickr.com) - granted under creative commons licence - attribution Photo courtesy of Sharon Mollerus(@flickr.com) - granted under creative commons licence - attribution Photo courtesy of Gaspa(@flickr.com) - granted under

248 views • 11 slides
ITKAN CNT Presentation March 14, 2019 Photo Credit: Jeff McC, Flickr, Creative Commons 4

ITKAN CNT Presentation March 14, 2019 Photo Credit: Jeff McC, Flickr, Creative Commons 4

Photo Credit: clarkmaxwell/Flickr, Creative Commons License ITKAN CNT Presentation March 14, 2019 Photo Credit: Jeff McC, Flickr, Creative Commons 4 URBAN FLOODING 8 Urban Flooding Defined The inundation of property in a built

723 views • 18 slides
Drawing Birds in Pencil Comparing Two Birds Photo courtesy of (Hefin Owen@flickr.com) Photo

Drawing Birds in Pencil Comparing Two Birds Photo courtesy of (Hefin Owen@flickr.com) Photo

Drawing Birds in Pencil Comparing Two Birds Photo courtesy of (Hefin Owen@flickr.com) Photo courtesy of (Tony Smith@flickr.com) - granted under creative commons licence attribution - granted under creative commons licence attribution

452 views • 14 slides
Photo by frankieleon - Creative Commons Attribution License

Photo by frankieleon - Creative Commons Attribution License

Photo by frankieleon - Creative Commons Attribution License https://www.flickr.com/photos/23307937@N04 ! Created with Haiku Deck ! Photo by BAMCorp - Creative Commons Attribution-ShareAlike License https://www.flickr.com/photos/60766987@N00 !

374 views • 12 slides
Risk Pools and Adverse Selection General Idea Quality of Pool More Important Than Size Photo

Risk Pools and Adverse Selection General Idea Quality of Pool More Important Than Size Photo

Colorado Division of Insurance Risk Pools and Adverse Selection General Idea Quality of Pool More Important Than Size Photo by flickr iLoveMountains.org Photo by flickr user marcn Where is Adverse Selection Market Do healthy people

228 views • 9 slides
1 Photo: SOS program in Elenos, Greece Photo: SOS Sanothimi, Nepal 2 3 4 5 6 6 7 7

1 Photo: SOS program in Elenos, Greece Photo: SOS Sanothimi, Nepal 2 3 4 5 6 6 7 7

1 Photo: SOS program in Elenos, Greece Photo: SOS Sanothimi, Nepal 2 3 4 5 6 6 7 7 (US Department of Health and Human Services) 8 Photo: SOS Macedonia 9 10 10 11 Photo: SOS Guatemala 11 Photo: SOS

657 views • 30 slides
Photo by woodleywonderworks - Creative Commons Attribution License

Photo by woodleywonderworks - Creative Commons Attribution License

Photo by woodleywonderworks - Creative Commons Attribution License https://www.flickr.com/photos/73645804@N00 Created with Haiku Deck Animoto Video: Tournament Photos http://video214.com/play/aI15Aa4bqP8BJXEM1dQ8Tg /s/dark Photo by

556 views • 29 slides
What is a Faberg Egg? Photo courtesy of Thomas Kohler Smith(@flickr.com) - granted under

What is a Faberg Egg? Photo courtesy of Thomas Kohler Smith(@flickr.com) - granted under

What is a Faberg Egg? Photo courtesy of Thomas Kohler Smith(@flickr.com) - granted under creative commons licence - attribution A Faberg egg is considered to be any one of about 70 jewelled eggs made by Peter Carl Faberg between 1885

518 views • 15 slides
A task setting PowerPoint Pack about digestion. Photo courtesy of Sam Howzit (@flickr.com) -

A task setting PowerPoint Pack about digestion. Photo courtesy of Sam Howzit (@flickr.com) -

A task setting PowerPoint Pack about digestion. Photo courtesy of Sam Howzit (@flickr.com) - granted under creative commons licence - attribution Photo courtesy of classicasleep* (@flickr.com) - granted under creative commons licence - attribution

379 views • 10 slides
Photo by Images_of_Money - Creative Commons Attribution License

Photo by Images_of_Money - Creative Commons Attribution License

Photo by Images_of_Money - Creative Commons Attribution License https://www.flickr.com/photos/59937401@N07 Created with Haiku Deck Photo by GotCredit - Creative Commons Attribution License https://www.flickr.com/photos/30576334@N05 Created with

289 views • 26 slides
THE PROBLEM #WorldofAsphalt Photo: Rosenberger 1 2/8/2019 I71 in Cincinnati, OH Photo:

THE PROBLEM #WorldofAsphalt Photo: Rosenberger 1 2/8/2019 I71 in Cincinnati, OH Photo:

2/8/2019 Best Practices for Construction of Longitudinal Joints Wayne Jones, P.E. Senior Regional Engineer Asphalt Institute THE PROBLEM #WorldofAsphalt Photo: Rosenberger 1 2/8/2019 I71 in Cincinnati, OH Photo: Grass Photo:

627 views • 30 slides
Photo by Leo Hidalgo (@yompyz) - Creative Commons Attribution License

Photo by Leo Hidalgo (@yompyz) - Creative Commons Attribution License

Photo by Leo Hidalgo (@yompyz) - Creative Commons Attribution License https://www.flickr.com/photos/69474058@N03 Created with Haiku Deck Photo by Curtox - Creative Commons Attribution-NonCommercial-ShareAlike License

652 views • 25 slides
Field study Field study 4 commercial organic herds Jan 2012 to March 2013 Insemination

Field study Field study 4 commercial organic herds Jan 2012 to March 2013 Insemination

Different production environments - the same genetic material Effect of sire on pig leg health in commercial organic herds Photo: Jenny Svenns-Gillner, SLU Photo: Anna Wallenbeck Photo: Haoyu Liu Photo: Eva Persson Photo: Maria Alarik Anna

184 views • 3 slides
Green First Ken Moraff, EPA New England Falmouth, MA 12/8/11 Photo:

Green First Ken Moraff, EPA New England Falmouth, MA 12/8/11 Photo:

Green First Ken Moraff, EPA New England Falmouth, MA 12/8/11 Photo: http://www.flickr.com/photos/vintagehalloweencollector/3619346215/ Causal Relationships for Narragansett Bay Storm-water Disposable runoff Watershed Atmospheric

435 views • 15 slides
Entrepreneurship and Innovation Management Autumn 2017 Photo: FryskLab/flickr Lecture 2: Customer

Entrepreneurship and Innovation Management Autumn 2017 Photo: FryskLab/flickr Lecture 2: Customer

Entrepreneurship and Innovation Management Autumn 2017 Photo: FryskLab/flickr Lecture 2: Customer development, and the business model The course structure Introduction to entrepreneurship and innovation Opportunity Entrepreneurial

858 views • 51 slides
The Dark Art of Rails Plugins James Adam reevoo.com This could be you! Im hacking ur Railz

The Dark Art of Rails Plugins James Adam reevoo.com This could be you! Im hacking ur Railz

The Dark Art of Rails Plugins James Adam reevoo.com This could be you! Im hacking ur Railz appz!!1! Photo: http://flickr.com/photos/toddhiestand/197704394/ Anatomy of a plugin Photo: http://flickr.com/photos/guccibear2005/206352128/ lib

1.08k views • 68 slides
What is a digital photo, really? Fabian Tamp //capnfabs.net/photo

What is a digital photo, really? Fabian Tamp //capnfabs.net/photo

What is a digital photo, really? Fabian Tamp //capnfabs.net/photo http://guide-images.ifixit.net/igi/fR1pdbj2GxX6wlDM CC BY-SA 3.0 Color Filter Mosaic https://commons.wikimedia.org/wiki/File:Bayer_pattern_on_sensor.svg CC BY-SA 3.0 (Bayer

256 views • 23 slides
Photo by star5112 - Creative Commons Attribution-ShareAlike License

Photo by star5112 - Creative Commons Attribution-ShareAlike License

Photo by star5112 - Creative Commons Attribution-ShareAlike License https://www.flickr.com/photos/24509941@N00 Created with Haiku Deck Photo by RobertFrancis - Creative Commons Attribution-NonCommercial-ShareAlike License

776 views • 52 slides
Our Title Slide.Audrey HAS LEEM Team at I-CORPS June 22, 2015 LEEM Team Photo Photo Photo

Our Title Slide.Audrey HAS LEEM Team at I-CORPS June 22, 2015 LEEM Team Photo Photo Photo

Our Title Slide.Audrey HAS LEEM Team at I-CORPS June 22, 2015 LEEM Team Photo Photo Photo Photo Guoyao Xu, EL, Gavin McCormick, EL, Carol J. Miller, PI, Chris Theriot, IM, Wayne State Watt Time Wayne State Shepherd Advisors

463 views • 19 slides
S C A L I N G H A D O O P I N & O U T O F T H E P R I VAT E C L O U D P R I VA T E C

S C A L I N G H A D O O P I N & O U T O F T H E P R I VAT E C L O U D P R I VA T E C

J E F F K R A M E R ( H P H E L I O N ) S C A L I N G H A D O O P I N & O U T O F T H E P R I VAT E C L O U D P R I VA T E C L O U D S A R E L I K E Flickr Photo by John Lustig

751 views • 20 slides
Photo by Stfan - Creative Commons Attribution-NonCommercial-ShareAlike License

Photo by Stfan - Creative Commons Attribution-NonCommercial-ShareAlike License

Photo by Stfan - Creative Commons Attribution-NonCommercial-ShareAlike License https://www.flickr.com/photos/49462908@N00 Created with Haiku Deck Photo by dullhunk - Creative Commons Attribution License

399 views • 28 slides
Implementation Whats the Photo ID Requirement? Beginning in 2016, each voter voting in

Implementation Whats the Photo ID Requirement? Beginning in 2016, each voter voting in

Photo Identification Implementation Whats the Photo ID Requirement? Beginning in 2016, each voter voting in person must show a photo ID bearing a reasonable resemblance of that voter in order to vote a regular ballot. The photo ID

559 views • 7 slides
NEW FRONTIERS Photo positional only. To be replaced with drilling photo. NEW GROWTH Our new,

NEW FRONTIERS Photo positional only. To be replaced with drilling photo. NEW GROWTH Our new,

NEW FRONTIERS Photo positional only. To be replaced with drilling photo. NEW GROWTH Our new, drill-ready zinc-copper-gold project is a transformational transaction September 2019 COMPANY PROFILE Sk Skaergaard Greenland 100% owned

595 views • 26 slides
NEW FRONTIERS Photo positional only. To be replaced with drilling photo. NEW GROWTH Our new,

NEW FRONTIERS Photo positional only. To be replaced with drilling photo. NEW GROWTH Our new,

NEW FRONTIERS Photo positional only. To be replaced with drilling photo. NEW GROWTH Our new, drill-ready zinc-copper-gold project is a transformational transaction 29 August 2019 COMPANY PROFILE Sk Skaergaard Greenland 100% owned

327 views • 30 slides

More recommend