s tandard dpa attack
play

S TANDARD DPA ATTACK 0.6 Distinguisher value 3 # std deviations - PowerPoint PPT Presentation

Feb 18, 2023 •195 likes •560 views

R OBUST P ROFILING FOR DPA-S TYLE A TTACKS Carolyn Whitnall 1 , Elisabeth Oswald 1 1 Department of Computer Science, University of Bristol carolyn.whitnall@bris.ac.uk September 2015 C. W HITNALL (U NIVERSITY OF B RISTOL ) C LUSTERING FOR DPA CHES

  1. R OBUST P ROFILING FOR DPA-S TYLE A TTACKS Carolyn Whitnall 1 , Elisabeth Oswald 1 1 Department of Computer Science, University of Bristol carolyn.whitnall@bris.ac.uk September 2015 C. W HITNALL (U NIVERSITY OF B RISTOL ) C LUSTERING FOR DPA CHES 2015 1 / 19

  2. I NTRODUCTION Top line: Extracting ‘portable’ power models for DPA attacks. ML key recovery ‘Standard’ DPA with fully profiled with ‘standard’ templates models (e.g. HW) ‘Standard’ DPA with approximated leakage models Outline: I Preliminaries: ‘Standard’ DPA; different ‘types’ of power model; unsupervised ( k -means) clustering. I Proposed methodology: unsupervised clustering for building nominal power models. I Experimental results. C. W HITNALL (U NIVERSITY OF B RISTOL ) C LUSTERING FOR DPA CHES 2015 2 / 19

  3. I NTRODUCTION Top line: Extracting ‘portable’ power models for DPA attacks. ML key recovery ‘Standard’ DPA with fully profiled with ‘standard’ templates models (e.g. HW) ‘Standard’ DPA with approximated leakage models Outline: I Preliminaries: ‘Standard’ DPA; different ‘types’ of power model; unsupervised ( k -means) clustering. I Proposed methodology: unsupervised clustering for building nominal power models. I Experimental results. C. W HITNALL (U NIVERSITY OF B RISTOL ) C LUSTERING FOR DPA CHES 2015 2 / 19

  4. ‘S TANDARD DPA ATTACK ’ 0.6 Distinguisher value 3 # std deviations 0.4 2 0.2 1 0 0 − 1 − 0.2 − 2 − 0.4 0 0 20 20 40 40 60 60 Key hypothesis True key Nearest rival C. W HITNALL (U NIVERSITY OF B RISTOL ) C LUSTERING FOR DPA CHES 2015 3 / 19

  5. D IFFERENT TYPES OF POWER MODEL The power model M can approximate the deterministic part of the leakage L at different ‘levels’ . . . L EVEL C ORRESPONDENCE A SSOCIATED ATTACKS Bayesian templates, M ⇡ L Direct stochastic profiling Pearson’s correlation M ⇡ α L Proportional coefficient { z | M ( z ) < M ( z 0 ) } ⇡ Spearman’s rank Ordinal { z | L ( z ) < L ( z 0 ) } 8 z 0 2 Z correlation coefficient ‘Partition’-based: { z | M ( z ) = M ( z 0 ) } ⇡ Nominal mutual information, { z | L ( z ) = L ( z 0 ) } 8 z 0 2 Z variance ratio, etc. C. W HITNALL (U NIVERSITY OF B RISTOL ) C LUSTERING FOR DPA CHES 2015 4 / 19

  6. D IFFERENT TYPES OF POWER MODEL The power model M can approximate the deterministic part of the leakage L at different ‘levels’ . . . L EVEL C ORRESPONDENCE A SSOCIATED ATTACKS Bayesian templates, M ⇡ L Direct stochastic profiling Pearson’s correlation M ⇡ α L Proportional coefficient { z | M ( z ) < M ( z 0 ) } ⇡ Spearman’s rank Ordinal { z | L ( z ) < L ( z 0 ) } 8 z 0 2 Z correlation coefficient ‘Partition’-based: { z | M ( z ) = M ( z 0 ) } ⇡ Nominal mutual information, { z | L ( z ) = L ( z 0 ) } 8 z 0 2 Z variance ratio, etc. C. W HITNALL (U NIVERSITY OF B RISTOL ) C LUSTERING FOR DPA CHES 2015 4 / 19

  7. D IFFERENT TYPES OF POWER MODEL The power model M can approximate the deterministic part of the leakage L at different ‘levels’ . . . L EVEL C ORRESPONDENCE A SSOCIATED ATTACKS Bayesian templates, M ⇡ L Direct stochastic profiling Pearson’s correlation M ⇡ α L Proportional coefficient { z | M ( z ) < M ( z 0 ) } ⇡ Spearman’s rank Ordinal { z | L ( z ) < L ( z 0 ) } 8 z 0 2 Z correlation coefficient ‘Partition’-based: { z | M ( z ) = M ( z 0 ) } ⇡ Nominal mutual information, { z | L ( z ) = L ( z 0 ) } 8 z 0 2 Z variance ratio, etc. C. W HITNALL (U NIVERSITY OF B RISTOL ) C LUSTERING FOR DPA CHES 2015 4 / 19

  8. D IFFERENT TYPES OF POWER MODEL The power model M can approximate the deterministic part of the leakage L at different ‘levels’ . . . L EVEL C ORRESPONDENCE A SSOCIATED ATTACKS Bayesian templates, M ⇡ L Direct stochastic profiling Pearson’s correlation M ⇡ α L Proportional coefficient { z | M ( z ) < M ( z 0 ) } ⇡ Spearman’s rank Ordinal { z | L ( z ) < L ( z 0 ) } 8 z 0 2 Z correlation coefficient ‘Partition’-based: { z | M ( z ) = M ( z 0 ) } ⇡ Nominal mutual information, { z | L ( z ) = L ( z 0 ) } 8 z 0 2 Z variance ratio, etc. C. W HITNALL (U NIVERSITY OF B RISTOL ) C LUSTERING FOR DPA CHES 2015 4 / 19

  9. D IFFERENT TYPES OF POWER MODEL The power model M can approximate the deterministic part of the leakage L at different ‘levels’ . . . L EVEL C ORRESPONDENCE A SSOCIATED ATTACKS Bayesian templates, M ⇡ L Direct stochastic profiling Pearson’s correlation M ⇡ α L Proportional coefficient { z | M ( z ) < M ( z 0 ) } ⇡ Spearman’s rank Ordinal { z | L ( z ) < L ( z 0 ) } 8 z 0 2 Z correlation coefficient ‘Partition’-based: { z | M ( z ) = M ( z 0 ) } ⇡ Nominal mutual information, { z | L ( z ) = L ( z 0 ) } 8 z 0 2 Z variance ratio, etc. C. W HITNALL (U NIVERSITY OF B RISTOL ) C LUSTERING FOR DPA CHES 2015 4 / 19

  10. U NSUPERVISED CLUSTERING Task: Arrange objects s.t. those inside a given group are similar whilst those in different groups are dissimilar . Assumption: Number or characteristics of the underlying classes are a priori unknown (unlike supervised classification). Method: Large selection of iterative trial-and-error solutions: I Cluster models vary: hierarchical, centroid-based, density- or distribution-based, graph-based . . . I ‘Similarity’ measures vary: Euclidean distance, correlation, Hamming, Manhattan . . . N.B.: Notoriously difficult to match the best-suited learning algorithm to a given problem. C. W HITNALL (U NIVERSITY OF B RISTOL ) C LUSTERING FOR DPA CHES 2015 5 / 19

  11. U NSUPERVISED CLUSTERING Task: Arrange objects s.t. those inside a given group are similar whilst those in different groups are dissimilar . Assumption: Number or characteristics of the underlying classes are a priori unknown (unlike supervised classification). Method: Large selection of iterative trial-and-error solutions: I Cluster models vary: hierarchical, centroid-based, density- or distribution-based, graph-based . . . I ‘Similarity’ measures vary: Euclidean distance, correlation, Hamming, Manhattan . . . N.B.: Notoriously difficult to match the best-suited learning algorithm to a given problem. C. W HITNALL (U NIVERSITY OF B RISTOL ) C LUSTERING FOR DPA CHES 2015 5 / 19

  12. U NSUPERVISED CLUSTERING Task: Arrange objects s.t. those inside a given group are similar whilst those in different groups are dissimilar . Assumption: Number or characteristics of the underlying classes are a priori unknown (unlike supervised classification). Method: Large selection of iterative trial-and-error solutions: I Cluster models vary: hierarchical, centroid-based, density- or distribution-based, graph-based . . . I ‘Similarity’ measures vary: Euclidean distance, correlation, Hamming, Manhattan . . . N.B.: Notoriously difficult to match the best-suited learning algorithm to a given problem. C. W HITNALL (U NIVERSITY OF B RISTOL ) C LUSTERING FOR DPA CHES 2015 5 / 19

  13. U NSUPERVISED CLUSTERING Task: Arrange objects s.t. those inside a given group are similar whilst those in different groups are dissimilar . Assumption: Number or characteristics of the underlying classes are a priori unknown (unlike supervised classification). Method: Large selection of iterative trial-and-error solutions: I Cluster models vary: hierarchical, centroid-based, density- or distribution-based, graph-based . . . I ‘Similarity’ measures vary: Euclidean distance, correlation, Hamming, Manhattan . . . N.B.: Notoriously difficult to match the best-suited learning algorithm to a given problem. C. W HITNALL (U NIVERSITY OF B RISTOL ) C LUSTERING FOR DPA CHES 2015 5 / 19

  14. P ROPOSED METHODOLOGY G ENERAL STRATEGY 1 Partition the profiling traces according to the intermediate values and compute the means { ¯ t z } z 2 Z . 2 Obtain a mapping M : Z � ! M by clustering the mean traces. Values in Z not represented in the profiling dataset are mapped to cluster C + 1 (i.e. an ‘other’ category). 3 Use M as the (nominal) power model in ‘partition-based’ DPA against the target traces. E XAMPLE INSTANTIATION Clustering algorithm: Principal component analysis followed by k -means clustering. DPA distinguisher: Univariate and multivariate variance ratio. Benchmark: Correlation DPA using the first principal component to approximate a ‘proportional’ power model. C. W HITNALL (U NIVERSITY OF B RISTOL ) C LUSTERING FOR DPA CHES 2015 6 / 19

  15. P ROPOSED METHODOLOGY G ENERAL STRATEGY 1 Partition the profiling traces according to the intermediate values and compute the means { ¯ t z } z 2 Z . 2 Obtain a mapping M : Z � ! M by clustering the mean traces. Values in Z not represented in the profiling dataset are mapped to cluster C + 1 (i.e. an ‘other’ category). 3 Use M as the (nominal) power model in ‘partition-based’ DPA against the target traces. E XAMPLE INSTANTIATION Clustering algorithm: Principal component analysis followed by k -means clustering. DPA distinguisher: Univariate and multivariate variance ratio. Benchmark: Correlation DPA using the first principal component to approximate a ‘proportional’ power model. C. W HITNALL (U NIVERSITY OF B RISTOL ) C LUSTERING FOR DPA CHES 2015 6 / 19

Recommend

B EYOND 'S TANDARD 'M ODEL ' AT 'LHC

B EYOND 'S TANDARD 'M ODEL ' AT 'LHC

B EYOND 'S TANDARD 'M ODEL ' AT 'LHC XXVI'Seminario'Nazionale'di'Fisica'Nucleare'e'Subnucleare'Francesco'Romano Otranto,'9G10'Giugno'2014' Lecture'2:'Exofca Shahram'Rahatlou hQp://www.roma1.infn.it/people/rahatlou/ D IRECT 'S

773 views • 42 slides
P ROTEIN -L IGAND S TANDARD B INDING F REE -E NERGY C ALCULATIONS Chris Chipot Laboratoire

P ROTEIN -L IGAND S TANDARD B INDING F REE -E NERGY C ALCULATIONS Chris Chipot Laboratoire

P ROTEIN -L IGAND S TANDARD B INDING F REE -E NERGY C ALCULATIONS P ROTEIN -L IGAND S TANDARD B INDING F REE -E NERGY C ALCULATIONS Chris Chipot Laboratoire International Associ CNRS-UIUC, Unit Mixte de Recherche n 7565, Universit de

419 views • 27 slides
Attack on Traffic Systems These attack examples have happened in the past. We will take an

Attack on Traffic Systems These attack examples have happened in the past. We will take an

From start to finish how a cyber attack would be performed on traffic system, we will go over first day &gt;&gt; exploitation of the device &gt;&gt; the real-world aftermath. Mission Secure, Inc. Attack on Traffic Systems These attack examples

556 views • 18 slides
CAE P S tandard 4: I ts language , sugge ste d e vide nc e , and que stio ns to addre ss

CAE P S tandard 4: I ts language , sugge ste d e vide nc e , and que stio ns to addre ss

CAE P S tandard 4: I ts language , sugge ste d e vide nc e , and que stio ns to addre ss Monday, Apr il 25th (5:00 pm E DT ) Pre se nte d b y De b o ra h E ldridg e , CAE P Adviso r L CVinc 1@ g ma il.c o m CONNE CT WI T H

708 views • 37 slides
ISO-T IME ML: A N I NTERNATIONAL S TANDARD FOR S EMANTIC ANNOTATION James Pustejovsky*, Kiyong

ISO-T IME ML: A N I NTERNATIONAL S TANDARD FOR S EMANTIC ANNOTATION James Pustejovsky*, Kiyong

ISO-T IME ML: A N I NTERNATIONAL S TANDARD FOR S EMANTIC ANNOTATION James Pustejovsky*, Kiyong Lee, Harry Bunt, Laurent Romary ISO *Computer Science Department Brandeis University ISO LREC 2010 ISO Malta May19, 2010 ISO O UTLINE

722 views • 44 slides
(S TANDARD O PERATING P ROTOCOLS ) IN H OSPITALS W ORLDWIDE The High 5s Project was launched in

(S TANDARD O PERATING P ROTOCOLS ) IN H OSPITALS W ORLDWIDE The High 5s Project was launched in

S IGNIFICANT I MPROVEMENTS IN P ATIENT S AFETY U SING H IGH 5 S SOP S (S TANDARD O PERATING P ROTOCOLS ) IN H OSPITALS W ORLDWIDE The High 5s Project was launched in 2006 by WHO and the WHO Collaborating Center on Patient Safety TJC to

766 views • 34 slides
A Standard f A S tandard for or High Quality High Quality Instruction Instruction

A Standard f A S tandard for or High Quality High Quality Instruction Instruction

Charles Smith, Ph.D. Executive Director, David P. Weikart Center for Youth Program Quality #readyby21 A Standard f A S tandard for or High Quality High Quality Instruction Instruction Higherorderengagement

386 views • 36 slides
ATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on

ATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on

ATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on Deep Neural Networks Yandong Li* 1 Lijun Li* 1 Liqiang Wang 1 Tong Zhang 2 Boqing Gong 3 *Equal Contribution 1 University of Central Florida 2 Hong

440 views • 11 slides
Detecting a Biological Attack The attack will not be obvious; it may take hours or days to know.

Detecting a Biological Attack The attack will not be obvious; it may take hours or days to know.

Detecting a Biological Attack The attack will not be obvious; it may take hours or days to know. Current biological diagnostics are very effective at identifying agents, but theyre slow. We already have an infrastruc- ture in place to

233 views • 8 slides
ss 8 Class Cl CSC 495/583 Topics of Software Security PLT, GOT &amp; Return-to-plt Attack

ss 8 Class Cl CSC 495/583 Topics of Software Security PLT, GOT &amp; Return-to-plt Attack

ss 8 Class Cl CSC 495/583 Topics of Software Security PLT, GOT &amp; Return-to-plt Attack &amp; GOT Overwrite Attack Dr. Si Chen (schen@wcupa.edu) Review Page 2 ret2libc Attack Page 3 libc C standard library Provides

662 views • 36 slides
.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A

.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A

.tr DDoS Attack December 2015 Attila zgit .tr ccTLD Manager Dec, 2015 .tr DDoS Attack A Summary of a 3 weeks long experience 2016-03-07 Dec 2015 DDoS Attack on .TR 2 Before DDoS q Infrequent Small scale DoS and DDos Attacks Few

606 views • 14 slides
A New Side-Channel Attack on RSA Prime Generation Thomas Finke, Max Gebhardt, Werner Schindler

A New Side-Channel Attack on RSA Prime Generation Thomas Finke, Max Gebhardt, Werner Schindler

A New Side-Channel Attack on RSA Prime Generation Thomas Finke, Max Gebhardt, Werner Schindler Federal Office for Information Security (BSI), Germany Lausanne, September 7, 2009 Outline r Introduction and Motivation r The Attack r Basic attack

514 views • 25 slides
Cryptanalysis of PRINT CIPHER : The Invariant Subspace Attack Gregor Leander, Mohamed

Cryptanalysis of PRINT CIPHER : The Invariant Subspace Attack Gregor Leander, Mohamed

Description of PRINT CIPHER The Attack Relation To Truncated Differential Attack Conclusion Cryptanalysis of PRINT CIPHER : The Invariant Subspace Attack Gregor Leander, Mohamed Abdelraheem, Huda AlKhzaimi, and Erik Zenner DTU Mathematics

598 views • 37 slides
TCPDB.DAT case Archive file signatures Attack surface Attack vectors Defense Conclusions P A

TCPDB.DAT case Archive file signatures Attack surface Attack vectors Defense Conclusions P A

Introduction Motivation SAP compression algorithms Archive file programs SAP archive file formats CAR SAR v2.00 SAR v2.01 Relative/absolute paths TCPDB.DAT case Archive file signatures Attack surface Attack vectors

913 views • 49 slides
Ransomware Attack Briefing Presidents Leadership Council October 21, 2019 August 8 Cyberattack

Ransomware Attack Briefing Presidents Leadership Council October 21, 2019 August 8 Cyberattack

Ransomware Attack Briefing Presidents Leadership Council October 21, 2019 August 8 Cyberattack Summary : The attack was severe and sophisticated; categorized as a catastrophic attack. It was highly strategic with regard to timing

329 views • 16 slides
ASCs 5.1 Surround ATTACK Wall walls and corners. Its name, ATTACK is an acronym that

ASCs 5.1 Surround ATTACK Wall walls and corners. Its name, ATTACK is an acronym that

December 7-8, 2001, Beverly Hills, CA. Corporation, at the Surround 2001 International Conference and Technology Showcase, .E., President of Acoustic Sciences Transcript of a seminar presented by Arthur Noxon P ASCs 5.1 Surround ATTACK Wall

243 views • 6 slides
Identifying Attack Vectors Professor Larry Heimann Web Application Security Information Systems

Identifying Attack Vectors Professor Larry Heimann Web Application Security Information Systems

Identifying Attack Vectors Professor Larry Heimann Web Application Security Information Systems Nothing is in isolation Attack surface An attack surface is the total number of possible attack vectors Think of a house, with the

309 views • 15 slides
R Revisions to S i i S tandard Conditions d d C di i Colorado S moke Management Permits

R Revisions to S i i S tandard Conditions d d C di i Colorado S moke Management Permits

6/ 17/ 15 proposed R Revisions to S i i S tandard Conditions d d C di i Colorado S moke Management Permits Opening Comments Opening Comments Overview Overview S S pecified health message on 1(+) form of pecified health message

339 views • 22 slides
Attack Class: Address Spoofing L. Todd Heberlein 23 Oct 1996 Net Squared Inc. todd@NetSQ.com

Attack Class: Address Spoofing L. Todd Heberlein 23 Oct 1996 Net Squared Inc. todd@NetSQ.com

Attack Class: Address Spoofing L. Todd Heberlein 23 Oct 1996 Net Squared Inc. todd@NetSQ.com Overview of Talk l Introduction l Background material l Attack class l Example attack l Popular questions l Extensions UCD Vulnerabilities Group l

759 views • 24 slides
Recent Attack Technologies Neil Long OxCert Introduction Hope for audience participation!

Recent Attack Technologies Neil Long OxCert Introduction Hope for audience participation!

Recent Attack Technologies Neil Long OxCert Introduction Hope for audience participation! At least two aspects Target payloads Attack origins Future? arenas Attack Payloads Buffer overflow Format strings

535 views • 18 slides
Introduction Attack Graphs Model Creation Analysis of Attack Graphs

Introduction Attack Graphs Model Creation Analysis of Attack Graphs

EVA Evolutionary Vulnerability Analyzer A Framework for Network Analysis and Risk Assessment Dr. Melissa Danforth Department of Computer Science California State University, Bakersfield Introduction Attack Graphs Model Creation

684 views • 50 slides
Attack- based Domain Transition Analysis Susan Hinrichs shinrich@ uiuc.edu Prasad Naldurg

Attack- based Domain Transition Analysis Susan Hinrichs shinrich@ uiuc.edu Prasad Naldurg

Attack- based Domain Transition Analysis Susan Hinrichs shinrich@ uiuc.edu Prasad Naldurg prasadn@ microsoft.com SE Linux Symposium Attack- based DTA 1 06 Outline Motivation Review of type enforcement transitions Attack

471 views • 18 slides
The Crossfire Attack Min Suk Kang Soo Bum Lee Virgil D. Gligor ECE Department and CyLab,

The Crossfire Attack Min Suk Kang Soo Bum Lee Virgil D. Gligor ECE Department and CyLab,

The Crossfire Attack Min Suk Kang Soo Bum Lee Virgil D. Gligor ECE Department and CyLab, Carnegie Mellon University May 20 2013 Old: DDoS Attacks against Single Servers typical attack : floods server with HTTP, UDP, SYN, ICMP packets

613 views • 28 slides
Medusa: Microarchitectural Data Leakage via Automated Attack Synthesis Daniel Moghimi

Medusa: Microarchitectural Data Leakage via Automated Attack Synthesis Daniel Moghimi

Medusa: Microarchitectural Data Leakage via Automated Attack Synthesis Daniel Moghimi Moritz Lipp Berk Sunar Michael Schwarz 2018: Meltdown Attack? 2 2018: Meltdown Attack? Virtual Address Space User Space CPU Registers

1.14k views • 63 slides

More recommend