taylor expansion of maximum likelihood attacks
play

Taylor Expansion of Maximum Likelihood Attacks Institut Nicolas - PowerPoint PPT Presentation

Feb 06, 2023 •303 likes •913 views

Taylor Expansion of Maximum Likelihood Attacks Institut Nicolas Bruneau 1 , 2 , Sylvain Guilley 1 , 3 , Mines-Telecom Annelie Heuser 1 , Olivier Rioul 1 , cois-Xavier Standaert 4 , Yannick Teglia 2 Fran 1 T el ecom-ParisTech, Crypto

  1. Taylor Expansion of Maximum Likelihood Attacks Institut Nicolas Bruneau 1 , 2 , Sylvain Guilley 1 , 3 , Mines-Telecom Annelie Heuser 1 , Olivier Rioul 1 , cois-Xavier Standaert 4 , Yannick Teglia 2 Fran¸ 1 T´ el´ ecom-ParisTech, Crypto & ComNum Group, Paris, FRANCE 2 STMicroelectronics, AST division, Rousset, FRANCE 3 Secure-IC S.A.S., Rennes, FRANCE 4 Universit´ e Catholique de Louvain, Louvain-la-Neuve, BELGIQUE STMicroelectronics Cryptarchi 2016 — La Grande Motte, France

  2. Introduction Rounded Optimal Attack Case Study Outline Introduction Side-Channel Analysis as a Threat Protection Methods Template Attacks Rounded Optimal Attack Truncated Taylor Expansion Complexity Case Study Protected Table Recomputation Implementation Bi-Variate Attacks Multi-Variate Attacks 2/29 Taylor Expansion of Maximum Likelihood Attacks Juin 2016

  3. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Outline Introduction Side-Channel Analysis as a Threat Protection Methods Template Attacks Rounded Optimal Attack Case Study 3/29 Taylor Expansion of Maximum Likelihood Attacks Juin 2016

  4. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Side-Channel Analysis on Embedded Systems [GMN + 11] noisy measurement moments: µ , σ , etc . distributions: side-channel 0xc7 probe !!! Preprocessing: Distinguisher: - filtering - extract link w/ a model leakage - denoising w/ wavelets - for many possible keys - time/freq. analysis 0xc7 - dimensionality reduction (PCA, LDA) ? ? ? ? ... ... 0x00 0x01 0xc7 0xff 4/29 Taylor Expansion of Maximum Likelihood Attacks Juin 2016

  5. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks ( d − 1) th-Order Masking: Principle Aim The sensitive variable Z is randomly split into Ω shares: ⇒ need random masks M i , 0 < i < Ω Z . . . Z ⊥ M 1 ⊥ ... ⊥ M Ω − 1 M Ω − 1 M 1 Consequence Increases the minimum key-dependent statistical moment 5/29 Taylor Expansion of Maximum Likelihood Attacks Juin 2016

  6. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks ( d − 1) th-Order Masking: Principle Aim The sensitive variable Z is randomly split into Ω shares: ⇒ need random masks M i , 0 < i < Ω Z . . . Z ⊥ M 1 ⊥ ... ⊥ M Ω − 1 M Ω − 1 M 1 Consequence Increases the minimum key-dependent statistical moment 5/29 Taylor Expansion of Maximum Likelihood Attacks Juin 2016

  7. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks ( d − 1) th-Order Masking: Principle Aim The sensitive variable Z is randomly split into Ω shares: ⇒ need random masks M i , 0 < i < Ω Z . . . Z ⊥ M 1 ⊥ ... ⊥ M Ω − 1 M 1 M Ω − 1 Consequence Increases the minimum key-dependent statistical moment 5/29 Taylor Expansion of Maximum Likelihood Attacks Juin 2016

  8. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Shuffling: Principle Aim Randomize the order of execution ⇒ need a random permutation π Z 1 Z 2 Z 3 Z 4 6/29 Taylor Expansion of Maximum Likelihood Attacks Juin 2016

  9. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Shuffling: Principle Aim Randomize the order of execution ⇒ need a random permutation π Z 1 Z 2 Z 3 Z 4 6/29 Taylor Expansion of Maximum Likelihood Attacks Juin 2016

  10. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Shuffling: Principle Aim Randomize the order of execution ⇒ need a random permutation π Z 1 Z 2 Z 3 Z 4 6/29 Taylor Expansion of Maximum Likelihood Attacks Juin 2016

  11. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Shuffling: Principle Aim Randomize the order of execution ⇒ need a random permutation π Z 1 Z 2 Z 3 Z 4 6/29 Taylor Expansion of Maximum Likelihood Attacks Juin 2016

  12. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Shuffling: Principle Aim Randomize the order of execution ⇒ need a random permutation π Z 1 Z 2 Z 3 Z 4 6/29 Taylor Expansion of Maximum Likelihood Attacks Juin 2016

  13. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Shuffling: Principle Aim Randomize the order of execution ⇒ need a random permutation π Z 1 Z 2 Z 3 Z 4 6/29 Taylor Expansion of Maximum Likelihood Attacks Juin 2016

  14. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Shuffling: Principle Aim Randomize the order of execution ⇒ need a random permutation π Z 1 Z 2 Z 3 Z 4 6/29 Taylor Expansion of Maximum Likelihood Attacks Juin 2016

  15. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Shuffling: Principle Aim Randomize the order of execution ⇒ need a random permutation π Z 1 Z 2 Z 3 Z 4 6/29 Taylor Expansion of Maximum Likelihood Attacks Juin 2016

  16. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Shuffling: Principle Aim Randomize the order of execution ⇒ need a random permutation π Z 1 Z 2 Z 3 Z 4 Consequences Increase the noise in the attacks. 6/29 Taylor Expansion of Maximum Likelihood Attacks Juin 2016

  17. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Summary of the Protection Parameters The security level of the protections depends on these parameters: Masking ◮ Ω: the number of shares (link to the numbers of masks) ◮ O : the order (i.e. the minimal key dependent statistical moment) Shuffling ◮ Π the size of the permutation 7/29 Taylor Expansion of Maximum Likelihood Attacks Juin 2016

  18. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Template Attacks Template attacks are the most powerful in a information-theoretic sense [CRR02]. Off-line Profiling The leakage model is learned: ◮ non-parametric methods (e.g. histogram, kernel methods...) ◮ parametric methods (e.g. mixture models) Online Attack Recover the key using the models by applying a maximum likelihood (ML) attack 8/29 Taylor Expansion of Maximum Likelihood Attacks Juin 2016

  19. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Template Attacks Template attacks are the most powerful in a information-theoretic sense [CRR02]. Off-line Profiling The leakage model is learned: ◮ non-parametric methods (e.g. histogram, kernel methods...) ◮ parametric methods (e.g. mixture models) Online Attack Recover the key using the models by applying a maximum likelihood (ML) attack 8/29 Taylor Expansion of Maximum Likelihood Attacks Juin 2016

  20. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Parametric or Non-Parametric ? Parametric The only random part is the noise with known distribution. ◮ easy to estimate; ◮ shuffle and mask are known; ◮ many templates are learned. Non-Parametric Shuffle and masks are part of the noise. ◮ can be hard to estimate ⇒ curse of dimensionality; ◮ shuffle and mask are unknown. 9/29 Taylor Expansion of Maximum Likelihood Attacks Juin 2016

  21. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Notations for the Online attack The attack are applied on: ◮ D leakage points; ◮ Q traces. For each trace the leakage model is X = y ( t , k ∗ , R ) + N where: ◮ X is the leakage measurement; ◮ y = y ( t , k ∗ , R ) is the deterministic part of the model that depends on the correct key k ∗ , some known text t , and the unknown random values (masks and permutations) R ; ◮ N is a random noise, which follows a Gaussian distribution � � − z 2 1 p N ( z ) = 2 πσ 2 exp . √ 2 σ 2 1 We let γ = 2 σ 2 be the SNR parameter. 10/29 Taylor Expansion of Maximum Likelihood Attacks Juin 2016

  22. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Maximum Likelihood Attacks Theorem (Maximum Likelihood [ ? ]) When the y ( t , k , R ) are known then the optimal distinguisher ( OPT ) is given by R DQ × R DQ F n → 2 Q log E exp −� x ( q ) − y ( t ( q ) , k , R ) � 2 � ( x , y ( t , k , R )) �→ argmax 2 σ 2 k ∈ F n q =1 2 where expectation E is applied to the random variable R ∈ R and � · � is the Euclidean norm: D 2 � 2 � � x ( q ) − y ( t ( q ) , k , R ) � � x ( q ) � − y d ( t ( q ) , k , R ) = . � � d � d =1 11/29 Taylor Expansion of Maximum Likelihood Attacks Juin 2016

Recommend

Taylor Expansion of Maximum Likelihood Attacks Institut Nicolas Bruneau 1 , 2 , Sylvain Guilley 1

Taylor Expansion of Maximum Likelihood Attacks Institut Nicolas Bruneau 1 , 2 , Sylvain Guilley 1

Taylor Expansion of Maximum Likelihood Attacks Institut Nicolas Bruneau 1 , 2 , Sylvain Guilley 1 , 3 , Mines-Telecom Annelie Heuser 1 , Olivier Rioul 1 , cois-Xavier Standaert 4 , Yannick Teglia 5 Fran 1 T el ecom-ParisTech, Crypto

1.04k views • 62 slides
Maximum Likelihood properties Maximum parsimony Maximum likelihood Experimental design

Maximum Likelihood properties Maximum parsimony Maximum likelihood Experimental design

N. Salamin c Sept 2007 Lecture outline Maximum likelihood in phylogenetics Definition Phylogenetics and bioinformatics for evolution Maximum likelihood and models Likelihood of a tree Computational complexity Statistical Maximum

697 views • 30 slides
Outline n Maximum likelihood (ML) n Priors, and maximum a posteriori (MAP) n

Outline n Maximum likelihood (ML) n Priors, and maximum a posteriori (MAP) n

Maximum Likelihood (ML), Expectation Maximization (EM) Pieter Abbeel UC Berkeley EECS Many slides adapted from Thrun, Burgard and Fox, Probabilistic Robotics Outline n Maximum likelihood (ML) n Priors, and maximum a posteriori (MAP) n

649 views • 23 slides
Maximum Likelihood Estimation CS 446 Maximum likelihood: abstract formulation Weve had one

Maximum Likelihood Estimation CS 446 Maximum likelihood: abstract formulation Weve had one

Maximum Likelihood Estimation CS 446 Maximum likelihood: abstract formulation Weve had one main meta-algorithm) this semester: (Regularized) ERM principle: pick the model that minimizes an average loss over training data. 1 / 76

643 views • 45 slides
Maximum Likelihood Estimation CS 446 Maximum likelihood: abstract formulation Weve had one

Maximum Likelihood Estimation CS 446 Maximum likelihood: abstract formulation Weve had one

Maximum Likelihood Estimation CS 446 Maximum likelihood: abstract formulation Weve had one main meta-algorithm this semester: (Regularized) ERM principle: pick the model that minimizes an average loss over training data. 1 / 70

599 views • 42 slides
1 Being Normal, Simultaneously Maximizing Likelihood with Uniform Now have two equations, two

1 Being Normal, Simultaneously Maximizing Likelihood with Uniform Now have two equations, two

Likelihood of Data Maximum Likelihood Estimator The Maximum Likelihood Estimator (MLE) of , Consider n I.I.D. random variables X 1 , X 2 , ..., X n is the value of that maximizes L ( ) X i a sample from density function f (X

419 views • 3 slides
Binary choice 3.3 Maximum likelihood estimation Michel Bierlaire Maximum likelihood

Binary choice 3.3 Maximum likelihood estimation Michel Bierlaire Maximum likelihood

Binary choice 3.3 Maximum likelihood estimation Michel Bierlaire Maximum likelihood estimation We now estimate the values of the unknown parameters 1 ,. . . , K from a sample of observations drawn at random from the population. Each

758 views • 8 slides
Maximum likelihood models Tues. Feb. 27, 2018 1 Overview of today Informal notion of

Maximum likelihood models Tues. Feb. 27, 2018 1 Overview of today Informal notion of

COMP 546 Lecture 14 Maximum likelihood models Tues. Feb. 27, 2018 1 Overview of today Informal notion of likelihood Formal definition of likelihood as conditional probability Maximum likelihood problems (sketch) 2 Scene

960 views • 40 slides
Maximum Likelihood (ML), Expectation Maximization (EM) Pieter Abbeel UC Berkeley EECS Many

Maximum Likelihood (ML), Expectation Maximization (EM) Pieter Abbeel UC Berkeley EECS Many

Maximum Likelihood (ML), Expectation Maximization (EM) Pieter Abbeel UC Berkeley EECS Many slides adapted from Thrun, Burgard and Fox, Probabilistic Robotics Outline n Maximum likelihood (ML) n Priors, and maximum a posteriori (MAP) n

630 views • 46 slides
Binary choice 3.3 Maximum likelihood estimation Michel Bierlaire Output of the estimation

Binary choice 3.3 Maximum likelihood estimation Michel Bierlaire Output of the estimation

Binary choice 3.3 Maximum likelihood estimation Michel Bierlaire Output of the estimation We explain here the various outputs from the maximum likelihood esti- mation procedure. Solution of the maximum likelihood estimation The main

170 views • 5 slides
Chapter 8: Estimation In this chapter we will cover: 1. The likelihood and maximum likelihood

Chapter 8: Estimation In this chapter we will cover: 1. The likelihood and maximum likelihood

Chapter 8: Estimation In this chapter we will cover: 1. The likelihood and maximum likelihood estimation ( 8.3, 8.5 Rice) 2. Introduction to decision theory( 15.115.3) The likelihood function We have seen many cases where we have

413 views • 10 slides
15-388/688 - Practical Data Science: Maximum likelihood estimation, nave Bayes J. Zico Kolter

15-388/688 - Practical Data Science: Maximum likelihood estimation, nave Bayes J. Zico Kolter

15-388/688 - Practical Data Science: Maximum likelihood estimation, nave Bayes J. Zico Kolter Carnegie Mellon University Spring 2018 1 Outline Maximum likelihood estimation Naive Bayes Machine learning and maximum likelihood 2 Outline

352 views • 22 slides
PARALLELIZATION OF MAXIMUM LIKELIHOOD MOTIVATION To analyze large amount of data using

PARALLELIZATION OF MAXIMUM LIKELIHOOD MOTIVATION To analyze large amount of data using

MAYANK KALE PARALLELIZATION OF MAXIMUM LIKELIHOOD MOTIVATION To analyze large amount of data using computationally intensive, model-based optimality criterion such as maximum likelihood (ML), there must be development in parallel and

273 views • 5 slides
Lecture 7: Maximum Likelihood Estimation (MLE) Maximum a Posteriori (MAP) Aykut Erdem

Lecture 7: Maximum Likelihood Estimation (MLE) Maximum a Posteriori (MAP) Aykut Erdem

Lecture 7: Maximum Likelihood Estimation (MLE) Maximum a Posteriori (MAP) Aykut Erdem October 2016 Hacettepe University Administrative Assignment 2 will be out on Thursday It is due November 10 (i.e. in 2 weeks) You will

831 views • 70 slides
Lecture 8: Maximum Likelihood Estimation (MLE) (contd.) Maximum a posteriori (MAP)

Lecture 8: Maximum Likelihood Estimation (MLE) (contd.) Maximum a posteriori (MAP)

Lecture 8: Maximum Likelihood Estimation (MLE) (contd.) Maximum a posteriori (MAP) estimation Nave Bayes Classifier Aykut Erdem March 2016 Hacettepe University Last time Flipping a Coin I have a coin, if I flip it, whats the

932 views • 82 slides
Maximum likelihood and EM algorithm (after the Chapter 8) Pasha Zusmanovich, deCODE Statistics

Maximum likelihood and EM algorithm (after the Chapter 8) Pasha Zusmanovich, deCODE Statistics

1 Maximum likelihood and EM algorithm (after the Chapter 8) Pasha Zusmanovich, deCODE Statistics Colloquium March 30, 2007 2 What is likelihood and what it is good for? Likelihood is just a conditional probability. Formal definition Given

775 views • 42 slides
ECON 626: Applied Microeconomics Lecture 11: Maximum Likelihood Estimation Professors: Pamela

ECON 626: Applied Microeconomics Lecture 11: Maximum Likelihood Estimation Professors: Pamela

ECON 626: Applied Microeconomics Lecture 11: Maximum Likelihood Estimation Professors: Pamela Jakiela and Owen Ozier Maximum Likelihood: Motivation So far, weve been thinking about average treatment effects, but the ATE may or may not be

564 views • 23 slides
Lecture 3. Inadmissibility of Maximum Likelihood Estimate and James-Stein Estimator Yuan Yao

Lecture 3. Inadmissibility of Maximum Likelihood Estimate and James-Stein Estimator Yuan Yao

Lecture 3. Inadmissibility of Maximum Likelihood Estimate and James-Stein Estimator Yuan Yao Hong Kong University of Science and Technology March 4, 2020 Outline Recall: PCA in Noise Maximum Likelihood Estimate Example: Multivariate Normal

496 views • 46 slides
Maximum Likelihood Setting parameters Chris Williams, School of Informatics We choose a

Maximum Likelihood Setting parameters Chris Williams, School of Informatics We choose a

Maximum Likelihood Setting parameters Chris Williams, School of Informatics We choose a parametric model p ( x | ) University of Edinburgh Overview We are given data x 1 , . . . , x n Maximum likelihood parameter estimation

46 views • 3 slides
CS 287 Advanced Robotics (Fall 2019) Lecture 13: Kalman Smoother, Maximum A Posteriori, Maximum

CS 287 Advanced Robotics (Fall 2019) Lecture 13: Kalman Smoother, Maximum A Posteriori, Maximum

CS 287 Advanced Robotics (Fall 2019) Lecture 13: Kalman Smoother, Maximum A Posteriori, Maximum Likelihood, Expectation Maximization Pieter Abbeel UC Berkeley EECS Outline n Kalman smoothing n Maximum a posteriori sequence n Maximum likelihood

865 views • 68 slides
Density Estimation Parametric techniques Maximum Likelihood Maximum A Posteriori

Density Estimation Parametric techniques Maximum Likelihood Maximum A Posteriori

1 Density Estimation Parametric techniques Maximum Likelihood Maximum A Posteriori Bayesian Inference G aussian M ixture M odels (GMM) EM-Algorithm Non-parametric techniques Histogram Parzen Windows

496 views • 11 slides
Density Estimation Parametric techniques Maximum Likelihood Maximum A Posteriori

Density Estimation Parametric techniques Maximum Likelihood Maximum A Posteriori

1 Density Estimation Parametric techniques Maximum Likelihood Maximum A Posteriori Bayesian Inference G aussian M ixture M odels (GMM) EM-Algorithm Non-parametric techniques Histogram Parzen Windows

168 views • 16 slides
Simulated maximum likelihood for time series models with nonlinear non-Gaussian observation

Simulated maximum likelihood for time series models with nonlinear non-Gaussian observation

Simulated maximum likelihood for time series models with nonlinear non-Gaussian observation equations: new results and an application Siem Jan Koopman Vrije Universiteit Amsterdam Tinbergen Institute Simulated maximum likelihood for time

602 views • 32 slides
Curve Fitting Re-visited, Bishop1.2.5 Maximum Likelihood Bishop 1.2.5 Model Likelihood

Curve Fitting Re-visited, Bishop1.2.5 Maximum Likelihood Bishop 1.2.5 Model Likelihood

Curve Fitting Re-visited, Bishop1.2.5 Maximum Likelihood Bishop 1.2.5 Model Likelihood differentiation Maximum Likelihood N N t n | y ( x n , w ) , 1 p ( t | x , w , ) = . (1.61) n =1 As we did in the

597 views • 49 slides

More recommend