taylor expansion of maximum likelihood attacks
play

Taylor Expansion of Maximum Likelihood Attacks Institut Nicolas - PowerPoint PPT Presentation

Jan 14, 2024 •402 likes •1.04k views

Taylor Expansion of Maximum Likelihood Attacks Institut Nicolas Bruneau 1 , 2 , Sylvain Guilley 1 , 3 , Mines-Telecom Annelie Heuser 1 , Olivier Rioul 1 , cois-Xavier Standaert 4 , Yannick Teglia 5 Fran 1 T el ecom-ParisTech, Crypto

  1. Taylor Expansion of Maximum Likelihood Attacks Institut Nicolas Bruneau 1 , 2 , Sylvain Guilley 1 , 3 , Mines-Telecom Annelie Heuser 1 , Olivier Rioul 1 , cois-Xavier Standaert 4 , Yannick Teglia 5 Fran¸ 1 T´ el´ ecom-ParisTech, Crypto & ComNum Group, Paris, FRANCE 2 STMicroelectronics, AST division, Rousset, FRANCE 3 Secure-IC S.A.S., Rennes, FRANCE 4 Universit´ e Catholique de Louvain, Louvain-la-Neuve, BELGIQUE 5 Gemalto, La Ciotat, FRANCE STMicroelectronics ASIACRYPT 2016 — Hanoi, Vietnam

  2. Introduction Rounded Optimal Attack Case Study Nicolas Bruneau, Sylvain Guilley, Annelie Heuser, Olivier Rioul, Fran¸ cois-Xavier Standaert, Yannick Teglia 2/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  3. Introduction Rounded Optimal Attack Case Study Outline Introduction Side-Channel Analysis as a Threat Protection Methods Template Attacks Rounded Optimal Attack Truncated Taylor Expansion Complexity Case Study Protected Table Recomputation Implementation Bi-Variate Attacks Multi-Variate Attacks 3/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  4. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Outline Introduction Side-Channel Analysis as a Threat Protection Methods Template Attacks Rounded Optimal Attack Case Study 4/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  5. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Side-Channel Analysis on Embedded Systems noisy measurement moments: µ , σ , etc . distributions: side-channel 0xc7 probe !!! Preprocessing: Distinguisher: - filtering - extract link w/ a model leakage - denoising w/ wavelets - for many possible keys - time/freq. analysis 0xc7 - dimensionality reduction (PCA, LDA) ? ? ? ? ... ... 0x00 0x01 0xc7 0xff 5/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  6. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks (Ω − 1) th-Order Masking: Principle Aim The sensitive variable Z is randomly split into Ω shares: ⇒ need random masks M i , 0 < i < Ω Z . . . Z ⊥ M 1 ⊥ ... ⊥ M Ω − 1 M 1 M Ω − 1 6/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  7. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks (Ω − 1) th-Order Masking: Principle Aim The sensitive variable Z is randomly split into Ω shares: ⇒ need random masks M i , 0 < i < Ω Z . . . Z ⊥ M 1 ⊥ ... ⊥ M Ω − 1 M 1 M Ω − 1 6/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  8. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks (Ω − 1) th-Order Masking: Principle Aim The sensitive variable Z is randomly split into Ω shares: ⇒ need random masks M i , 0 < i < Ω Z . . . Z ⊥ M 1 ⊥ ... ⊥ M Ω − 1 M 1 M Ω − 1 Consequence Increases the minimum key-dependent statistical moment. 6/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  9. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Shuffling: Principle Aim Randomize the order of execution ⇒ need a random permutation π Z 1 7/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  10. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Shuffling: Principle Aim Randomize the order of execution ⇒ need a random permutation π Z 1 Z 2 7/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  11. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Shuffling: Principle Aim Randomize the order of execution ⇒ need a random permutation π Z 1 Z 2 Z 3 7/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  12. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Shuffling: Principle Aim Randomize the order of execution ⇒ need a random permutation π Z 1 Z 2 Z 3 Z 4 7/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  13. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Shuffling: Principle Aim Randomize the order of execution ⇒ need a random permutation π Z 3 7/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  14. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Shuffling: Principle Aim Randomize the order of execution ⇒ need a random permutation π Z 1 Z 3 7/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  15. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Shuffling: Principle Aim Randomize the order of execution ⇒ need a random permutation π Z 1 Z 2 Z 3 7/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  16. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Shuffling: Principle Aim Randomize the order of execution ⇒ need a random permutation π Z 1 Z 2 Z 3 Z 4 7/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  17. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Shuffling: Principle Aim Randomize the order of execution ⇒ need a random permutation π Z 1 Z 2 Z 3 Z 4 Consequences The attacks are applied on the sum of the variables ⇒ increases the algorithmic noise. 7/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  18. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Protection Parameters The security level of the protections depends on these parameters: Masking ◮ Ω: the number of shares (Ω − 1 masks); ◮ O : the order (i.e. the minimal key-dependent statistical moment). Perfect masking scheme ⇔ O = Ω. Shuffling ◮ Π the size of the permutation. 8/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  19. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Template Attacks Template attacks are the most powerful in a information-theoretic sense [Chari et al., 2002]. Offline Profiling The leakage model is learned: ◮ non-parametric methods (e.g. histogram, kernel methods...); ◮ parametric methods (e.g. mixture models). Online Attack Recover the key using the models by applying a maximum likelihood (ML) attack. 9/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  20. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Parametric or Non-Parametric ? Parametric The only random part is the noise with known distribution. ◮ easy to estimate; ◮ shuffle and mask are known; ◮ many templates are learned. Non-Parametric Shuffle and masks are part of the noise. ◮ can be hard to estimate ⇒ curse of dimensionality; ◮ shuffle and mask are unknown. 10/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  21. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Parametric or Non-Parametric ? Parametric The only random part is the noise with known distribution. ◮ easy to estimate; ◮ shuffle and mask are known; ◮ many templates are learned. Non-Parametric Shuffle and masks are part of the noise. ◮ can be hard to estimate ⇒ curse of dimensionality; ◮ shuffle and mask are unknown. 10/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  22. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Notations for the Online attack The attacks are applied on: ◮ Q queries (i.e. the traces). ◮ D dimension (i.e. the number of leakage samples); A leakage measurement is X = y ( t , k ∗ , R ) + N where: ◮ y ( t , k ∗ , R ) is the deterministic part of the model; ◮ the secret key k ∗ and the plaintext t are n -bit words; ◮ R is the random countermeasure; ◮ N is a random Gaussian noise of variance σ 2 . 11/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  23. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Maximum Likelihood Attacks Theorem (Maximum Likelihood [Bruneau et al., 2014]) When the model is known the optimal distinguisher ( OPT ) consists in maximizing the sum over all traces q = 1 , . . . , Q of the log-likelihood: Q log E exp −� x ( q ) − y ( t ( q ) , k , R ) � 2 � LL = , 2 σ 2 q =1 where expectation E is applied to the random variable R ∈ R and � · � is the Euclidean norm on R D . 1 For convenience we let γ = 2 σ 2 be the SNR parameter. 12/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

Recommend

Taylor Expansion of Maximum Likelihood Attacks Institut Nicolas Bruneau 1 , 2 , Sylvain Guilley 1

Taylor Expansion of Maximum Likelihood Attacks Institut Nicolas Bruneau 1 , 2 , Sylvain Guilley 1

Taylor Expansion of Maximum Likelihood Attacks Institut Nicolas Bruneau 1 , 2 , Sylvain Guilley 1 , 3 , Mines-Telecom Annelie Heuser 1 , Olivier Rioul 1 , cois-Xavier Standaert 4 , Yannick Teglia 2 Fran 1 T el ecom-ParisTech, Crypto

913 views • 60 slides
Maximum Likelihood properties Maximum parsimony Maximum likelihood Experimental design

Maximum Likelihood properties Maximum parsimony Maximum likelihood Experimental design

N. Salamin c Sept 2007 Lecture outline Maximum likelihood in phylogenetics Definition Phylogenetics and bioinformatics for evolution Maximum likelihood and models Likelihood of a tree Computational complexity Statistical Maximum

697 views • 30 slides
Outline n Maximum likelihood (ML) n Priors, and maximum a posteriori (MAP) n

Outline n Maximum likelihood (ML) n Priors, and maximum a posteriori (MAP) n

Maximum Likelihood (ML), Expectation Maximization (EM) Pieter Abbeel UC Berkeley EECS Many slides adapted from Thrun, Burgard and Fox, Probabilistic Robotics Outline n Maximum likelihood (ML) n Priors, and maximum a posteriori (MAP) n

649 views • 23 slides
Maximum Likelihood Estimation CS 446 Maximum likelihood: abstract formulation Weve had one

Maximum Likelihood Estimation CS 446 Maximum likelihood: abstract formulation Weve had one

Maximum Likelihood Estimation CS 446 Maximum likelihood: abstract formulation Weve had one main meta-algorithm) this semester: (Regularized) ERM principle: pick the model that minimizes an average loss over training data. 1 / 76

643 views • 45 slides
Maximum Likelihood Estimation CS 446 Maximum likelihood: abstract formulation Weve had one

Maximum Likelihood Estimation CS 446 Maximum likelihood: abstract formulation Weve had one

Maximum Likelihood Estimation CS 446 Maximum likelihood: abstract formulation Weve had one main meta-algorithm this semester: (Regularized) ERM principle: pick the model that minimizes an average loss over training data. 1 / 70

599 views • 42 slides
1 Being Normal, Simultaneously Maximizing Likelihood with Uniform Now have two equations, two

1 Being Normal, Simultaneously Maximizing Likelihood with Uniform Now have two equations, two

Likelihood of Data Maximum Likelihood Estimator The Maximum Likelihood Estimator (MLE) of , Consider n I.I.D. random variables X 1 , X 2 , ..., X n is the value of that maximizes L ( ) X i a sample from density function f (X

419 views • 3 slides
Binary choice 3.3 Maximum likelihood estimation Michel Bierlaire Maximum likelihood

Binary choice 3.3 Maximum likelihood estimation Michel Bierlaire Maximum likelihood

Binary choice 3.3 Maximum likelihood estimation Michel Bierlaire Maximum likelihood estimation We now estimate the values of the unknown parameters 1 ,. . . , K from a sample of observations drawn at random from the population. Each

758 views • 8 slides
Maximum likelihood models Tues. Feb. 27, 2018 1 Overview of today Informal notion of

Maximum likelihood models Tues. Feb. 27, 2018 1 Overview of today Informal notion of

COMP 546 Lecture 14 Maximum likelihood models Tues. Feb. 27, 2018 1 Overview of today Informal notion of likelihood Formal definition of likelihood as conditional probability Maximum likelihood problems (sketch) 2 Scene

960 views • 40 slides
Maximum Likelihood (ML), Expectation Maximization (EM) Pieter Abbeel UC Berkeley EECS Many

Maximum Likelihood (ML), Expectation Maximization (EM) Pieter Abbeel UC Berkeley EECS Many

Maximum Likelihood (ML), Expectation Maximization (EM) Pieter Abbeel UC Berkeley EECS Many slides adapted from Thrun, Burgard and Fox, Probabilistic Robotics Outline n Maximum likelihood (ML) n Priors, and maximum a posteriori (MAP) n

630 views • 46 slides
Binary choice 3.3 Maximum likelihood estimation Michel Bierlaire Output of the estimation

Binary choice 3.3 Maximum likelihood estimation Michel Bierlaire Output of the estimation

Binary choice 3.3 Maximum likelihood estimation Michel Bierlaire Output of the estimation We explain here the various outputs from the maximum likelihood esti- mation procedure. Solution of the maximum likelihood estimation The main

170 views • 5 slides
Chapter 8: Estimation In this chapter we will cover: 1. The likelihood and maximum likelihood

Chapter 8: Estimation In this chapter we will cover: 1. The likelihood and maximum likelihood

Chapter 8: Estimation In this chapter we will cover: 1. The likelihood and maximum likelihood estimation ( 8.3, 8.5 Rice) 2. Introduction to decision theory( 15.115.3) The likelihood function We have seen many cases where we have

413 views • 10 slides
15-388/688 - Practical Data Science: Maximum likelihood estimation, nave Bayes J. Zico Kolter

15-388/688 - Practical Data Science: Maximum likelihood estimation, nave Bayes J. Zico Kolter

15-388/688 - Practical Data Science: Maximum likelihood estimation, nave Bayes J. Zico Kolter Carnegie Mellon University Spring 2018 1 Outline Maximum likelihood estimation Naive Bayes Machine learning and maximum likelihood 2 Outline

352 views • 22 slides
PARALLELIZATION OF MAXIMUM LIKELIHOOD MOTIVATION To analyze large amount of data using

PARALLELIZATION OF MAXIMUM LIKELIHOOD MOTIVATION To analyze large amount of data using

MAYANK KALE PARALLELIZATION OF MAXIMUM LIKELIHOOD MOTIVATION To analyze large amount of data using computationally intensive, model-based optimality criterion such as maximum likelihood (ML), there must be development in parallel and

273 views • 5 slides
Lecture 7: Maximum Likelihood Estimation (MLE) Maximum a Posteriori (MAP) Aykut Erdem

Lecture 7: Maximum Likelihood Estimation (MLE) Maximum a Posteriori (MAP) Aykut Erdem

Lecture 7: Maximum Likelihood Estimation (MLE) Maximum a Posteriori (MAP) Aykut Erdem October 2016 Hacettepe University Administrative Assignment 2 will be out on Thursday It is due November 10 (i.e. in 2 weeks) You will

831 views • 70 slides
Lecture 8: Maximum Likelihood Estimation (MLE) (contd.) Maximum a posteriori (MAP)

Lecture 8: Maximum Likelihood Estimation (MLE) (contd.) Maximum a posteriori (MAP)

Lecture 8: Maximum Likelihood Estimation (MLE) (contd.) Maximum a posteriori (MAP) estimation Nave Bayes Classifier Aykut Erdem March 2016 Hacettepe University Last time Flipping a Coin I have a coin, if I flip it, whats the

932 views • 82 slides
Maximum likelihood and EM algorithm (after the Chapter 8) Pasha Zusmanovich, deCODE Statistics

Maximum likelihood and EM algorithm (after the Chapter 8) Pasha Zusmanovich, deCODE Statistics

1 Maximum likelihood and EM algorithm (after the Chapter 8) Pasha Zusmanovich, deCODE Statistics Colloquium March 30, 2007 2 What is likelihood and what it is good for? Likelihood is just a conditional probability. Formal definition Given

775 views • 42 slides
ECON 626: Applied Microeconomics Lecture 11: Maximum Likelihood Estimation Professors: Pamela

ECON 626: Applied Microeconomics Lecture 11: Maximum Likelihood Estimation Professors: Pamela

ECON 626: Applied Microeconomics Lecture 11: Maximum Likelihood Estimation Professors: Pamela Jakiela and Owen Ozier Maximum Likelihood: Motivation So far, weve been thinking about average treatment effects, but the ATE may or may not be

564 views • 23 slides
Lecture 3. Inadmissibility of Maximum Likelihood Estimate and James-Stein Estimator Yuan Yao

Lecture 3. Inadmissibility of Maximum Likelihood Estimate and James-Stein Estimator Yuan Yao

Lecture 3. Inadmissibility of Maximum Likelihood Estimate and James-Stein Estimator Yuan Yao Hong Kong University of Science and Technology March 4, 2020 Outline Recall: PCA in Noise Maximum Likelihood Estimate Example: Multivariate Normal

496 views • 46 slides
Maximum Likelihood Setting parameters Chris Williams, School of Informatics We choose a

Maximum Likelihood Setting parameters Chris Williams, School of Informatics We choose a

Maximum Likelihood Setting parameters Chris Williams, School of Informatics We choose a parametric model p ( x | ) University of Edinburgh Overview We are given data x 1 , . . . , x n Maximum likelihood parameter estimation

46 views • 3 slides
CS 287 Advanced Robotics (Fall 2019) Lecture 13: Kalman Smoother, Maximum A Posteriori, Maximum

CS 287 Advanced Robotics (Fall 2019) Lecture 13: Kalman Smoother, Maximum A Posteriori, Maximum

CS 287 Advanced Robotics (Fall 2019) Lecture 13: Kalman Smoother, Maximum A Posteriori, Maximum Likelihood, Expectation Maximization Pieter Abbeel UC Berkeley EECS Outline n Kalman smoothing n Maximum a posteriori sequence n Maximum likelihood

865 views • 68 slides
Density Estimation Parametric techniques Maximum Likelihood Maximum A Posteriori

Density Estimation Parametric techniques Maximum Likelihood Maximum A Posteriori

1 Density Estimation Parametric techniques Maximum Likelihood Maximum A Posteriori Bayesian Inference G aussian M ixture M odels (GMM) EM-Algorithm Non-parametric techniques Histogram Parzen Windows

496 views • 11 slides
Density Estimation Parametric techniques Maximum Likelihood Maximum A Posteriori

Density Estimation Parametric techniques Maximum Likelihood Maximum A Posteriori

1 Density Estimation Parametric techniques Maximum Likelihood Maximum A Posteriori Bayesian Inference G aussian M ixture M odels (GMM) EM-Algorithm Non-parametric techniques Histogram Parzen Windows

168 views • 16 slides
Simulated maximum likelihood for time series models with nonlinear non-Gaussian observation

Simulated maximum likelihood for time series models with nonlinear non-Gaussian observation

Simulated maximum likelihood for time series models with nonlinear non-Gaussian observation equations: new results and an application Siem Jan Koopman Vrije Universiteit Amsterdam Tinbergen Institute Simulated maximum likelihood for time

602 views • 32 slides
Curve Fitting Re-visited, Bishop1.2.5 Maximum Likelihood Bishop 1.2.5 Model Likelihood

Curve Fitting Re-visited, Bishop1.2.5 Maximum Likelihood Bishop 1.2.5 Model Likelihood

Curve Fitting Re-visited, Bishop1.2.5 Maximum Likelihood Bishop 1.2.5 Model Likelihood differentiation Maximum Likelihood N N t n | y ( x n , w ) , 1 p ( t | x , w , ) = . (1.61) n =1 As we did in the

597 views • 49 slides

More recommend