Machine-learning-based side-channel evaluation of elliptic-curve cryptographic FPGA processor

Security of embedded systems is the need of the hour. A mathematically secure algorithm runs on a cryptographic chip on these systems, but secret private data can be at risk due to side-channel leakage information. This research focuses on retrieving secret-key information, by performing machine-learning-based analysis on leaked power-consumption signals, from Field Programmable Gate Array (FPGA) implementation of the elliptic-curve algorithm captured from a Kintex-7 FPGA chip while the elliptic-curve cryptography (ECC) algorithm is running on it. This paper formalizes the methodology for preparing an input dataset for further analysis using machine-learning-based techniques to classify the secret-key bits. Research results reveal how pre-processing filters improve the classification accuracy in certain cases, and show how various signal properties can provide accurate secret classification with a smaller feature dataset. The results further show the parameter tuning and the amount of time required for building the machine-learning models

On the design of efficient caching systems

Content distribution is currently the prevalent Internet use case, accounting for the majority of global Internet traffic and growing exponentially. There is general consensus that the most effective method to deal with the large amount of content demand is through the deployment of massively distributed caching infrastructures as the means to localise content delivery traffic. Solutions based on caching have been already widely deployed through Content Delivery Networks. Ubiquitous caching is also a fundamental aspect of the emerging Information-Centric Networking paradigm which aims to rethink the current Internet architecture for long term evolution. Distributed content caching systems are expected to grow substantially in the future, in terms of both footprint and traffic carried and, as such, will become substantially more complex and costly. This thesis addresses the problem of designing scalable and cost-effective distributed caching systems that will be able to efficiently support the expected massive growth of content traffic and makes three distinct contributions. First, it produces an extensive theoretical characterisation of sharding, which is a widely used technique to allocate data items to resources of a distributed system according to a hash function. Based on the findings unveiled by this analysis, two systems are designed contributing to the abovementioned objective. The first is a framework and related algorithms for enabling efficient load-balanced content caching. This solution provides qualitative advantages over previously proposed solutions, such as ease of modelling and availability of knobs to fine-tune performance, as well as quantitative advantages, such as 2x increase in cache hit ratio and 19-33% reduction in load imbalance while maintaining comparable latency to other approaches. The second is the design and implementation of a caching node enabling 20 Gbps speeds based on inexpensive commodity hardware. We believe these contributions advance significantly the state of the art in distributed caching systems

Machine-learning-based side-channel evaluation of elliptic-curve cryptographic FPGA processor.

Security of embedded systems is the need of the hour. A mathematically secure algorithm runs on a cryptographic chip on these systems, but secret private data can be at risk due to side-channel leakage information. This research focuses on retrieving secret-key information, by performing machine-learning-based analysis on leaked power-consumption signals, from Field Programmable Gate Array (FPGA) implementation of the elliptic-curve algorithm captured from a Kintex-7 FPGA chip while the elliptic-curve cryptography (ECC) algorithm is running on it. This paper formalizes the methodology for preparing an input dataset for further analysis using machine-learning-based techniques to classify the secret-key bits. Research results reveal how pre-processing filters improve the classification accuracy in certain cases, and show how various signal properties can provide accurate secret classification with a smaller feature dataset. The results further show the parameter tuning and the amount of time required for building the machine-learning modelsUniversity of Derb

Mobile health apps use among Jordanian outpatients: A descriptive study

Our purpose in this descriptive cross-sectional study was to examine the prevalence of mobile health (mHealth) apps use, factors associated with downloading mHealth apps, and to describe characteristics of mHealth apps use among Jordanian patients in government-sponsored outpatient clinics. A total of 182 (41.6%) of the 438 outpatients who completed questionnaires downloaded mHealth apps. Common reasons for downloading mHealth apps included tracking physical activity, losing weight, learning exercises, as well as monitoring, and controlling diet. More than two thirds of the users (70%) stopped using the apps they downloaded due to loss of interest, lack of anticipated support, too time consuming, or better apps available. The most common personal reasons for never downloading mHealth apps were lack of interest, in good health, and the most common technical reasons included a limited data plan, lack of trust, cost, and complexity of the apps. We also found that gender, age, weight, and educational level influenced the decision whether to download mHealth apps or not. We have shown the potential in mHealth apps use among Jordanian patients is promising, and health care systems must adopt this technology as well as work through population needs and preferences to supply it

Public policies and food systems in Latin America

Food problems are the order of the day. Solving the problems of hunger and malnutrition, producing and guaranteeing access to healthy food, preserving the environment, valuing local cultures and ensuring citizen participation are some of the many challenges that permeate the dynamics of food systems. This book addresses the role of Latin American public policies and actions in the configuration of healthy and sustainable food systems. Written by scholars specialized in various disciplines (economy, sociology, policy science, etc.) and hailing from ten Latin American countries, it provides a historical overview of national food policies, examines recent policy changes and explores innovative urban and rural experiences at local level. The authors also discuss the challenges of developing specific policy objectives related to sustainable food systems. This book shows how référentiels for public food policies have become more integrated in Latin America and takes a closer look at several promising local initiatives. However, it also highlights the many constraints in fostering sustainable food systems in the region, such as persistent competition among production models, land tenure inequalities and coordination issues among actors and state bodies. It will be of interest to a scientific audience of teachers and food systems professionals, as well as any readers interested in policy dynamics in Latin America

Future network systems and security : first international conference, FNSS 2015, Paris, France, June 11-13, 2015, Proceedings

This book constitutes the refereed proceedings of the International Conference on Future Network Systems and Security, FNSS 2015, held in Paris, France, in June 2015. The 13 full papers presented were carefully reviewed and selected from 34 submissions. The papers focus on the technology, communications, systems and security aspects of relevance to the network of the future

Development as a Battlefield

Development as a Battlefield is an innovative exploration of conflict and development, phenomena that are often regarded as ostensibly antagonistic. It invites readers to reconsider socio-political and economic developments in the MENA region and beyond. Readership: Academic libraries and institutional libraries, scholars and post-graduate students, development and policy specialists and practitioners interested in the development-conflict nexus, global security, international relations, development cycles, development policy and practice, citizens’ role in society, anthropology, history, political sociology and political economy, globalisation, migration, women, the Middle East and North Africa

Side-channel timing attack on content privacy of named data networking

Tese de Doutoramento em Engenharia Electrónica e de ComputadoresA diversity of current applications, such as Netflix, YouTube, and social media, have used the Internet mainly as a content distribution network. Named Data Networking (NDN) is a network paradigm that attempts to answer today’s applications need by naming the content. NDN promises an optimized content distribution through a named content-centric design. One of the NDN key features is the use of in-network caching to improve network efficiency in terms of content distribution. However, the cached contents may put the consumer privacy at risk. Since the time response of cached contents is different from un-cached contents, the adversary may distinguish the cached contents (targets) from un-cached ones, through the side-channel timing responses. The scope of attack can be towards the content, the name, or the signature. For instance, the adversary may obtain the call history, the callee or caller location on a trusted Voice over NDN (VoNDN) and the popularity of contents in streaming applications (e.g. NDNtube, NDNlive) through side-channel timing responses of the cache. The side-channel timing attack can be mitigated by manipulating the time of the router responses. The countermeasures proposed by other researches, such as additional delay, random/probabilistic caching, group signatures, and no-caching can effectively be used to mitigate the attack. However, the content distribution may be affected by pre-configured countermeasures which may go against the goal of the original NDN paradigm. In this work, the detection and defense (DaD) approach is proposed to mitigate the attack efficiently and effectively. With the DaD usage, an attack can be detected by a multi-level detection mechanism, in order to apply the countermeasures against the adversarial faces. Also, the detections can be used to determine the severity of the attack. In order to detect the behavior of an adversary, a brute-force timing attack was implemented and simulated with the following applications and testbeds: i. a trusted application that mimics the VoNDN and identifies the cached certificate on a worldwide NDN testbed, and ii. a streaming-like NDNtube application to identify the popularity of videos on the NDN testbed and AT&T company. In simulation primary results showed that the multi-level detection based on DaD mitigated the attack about 39.1% in best-route, and 36.6% in multicast communications. Additionally, the results showed that DaD preserves privacy without compromising the efficiency benefits of in-network caching in NDNtube and VoNDN applications.Várias aplicações atuais, como o Netflix e o YouTube, têm vindo a usar a Internet como uma rede de distribuição de conteúdos. O Named Data Networking (NDN) é um paradigma recente nas redes de comunicações que tenta responder às necessidades das aplicações modernas, através da nomeação dos conteúdos. O NDN promete uma otimização da distribuição dos conteúdos usando uma rede centrada nos conteúdos. Uma das características principais do NDN é o uso da cache disponivel nos nós da rede para melhorar a eficiência desta em termos de distribuição de conteúdos. No entanto, a colocação dos conteúdos em cache pode colocar em risco a privacidade dos consumidores. Uma vez que a resposta temporal de um conteúdo em cache é diferente do de um conteúdo que não está em cache, o adversário pode distinguir os conteúdos que estão em cache dos que não estão em cache, através das respostas de side-channel. O objectivo do ataque pode ser direcionado para o conteúdo, o nome ou a assinatura da mensagem. Por exemplo, o adversário pode obter o histórico de chamadas, a localização do callee ou do caller num serviço seguro de voz sobre NDN (VoNDN) e a popularidade do conteúdos em aplicações de streaming (e.g. NDNtube, NDNlive) através das respostas temporais de side-channel. O side-channel timing attack pode ser mitigado manipulando o tempo das respostas dos routers. As contramedidas propostas por outros pesquisadores, tais como o atraso adicional, o cache aleatório /probabilístico, as assinaturas de grupo e não fazer cache, podem ser efetivamente usadas para mitigar um ataque. No entanto, a distribuição de conteúdos pode ser afetada por contramedidas pré-configuradas que podem ir contra o propósito original do paradigma NDN. Neste trabalho, a abordagem de detecção e defesa (DaD) é proposta para mitigar o ataque de forma eficiente e eficaz. Com o uso do DaD, um ataque pode ser detectado por um mecanismo de detecção multi-nível, a fim de aplicar as contramedidas contra as interfaces dos adversários. Além disso, as detecções podem ser usadas para determinar a gravidade do ataque. A fim de detectar o comportamento de um adversário, um timing attack de força-bruta foi implementado e simulado com as seguintes aplicações e plataformas (testbeds): i. uma aplicação segura que implementa o VoNDN e identifica o certificado em cache numa plataforma NDN mundial; e ii. uma aplicação de streaming do tipo NDNtube para identificar a popularidade de vídeos na plataforma NDN da empresa AT&T. Os resultados da simulação mostraram que a detecção multi-nível oferecida pelo DaD atenuou o ataque cerca de 39,1% em best-route e 36,5% em comunicações multicast. Para avaliar o efeito nos pedidos legítimos, comparou-se o DaD com uma contramedida estática, tendo-se verificado que o DaD foi capaz de preservar todos os pedidos legítimos

Defense and traceback mechanisms in opportunistic wireless networks

 In this thesis, we have identified a novel attack in OppNets, a special type of packet dropping attack where the malicious node(s) drops one or more packets (not all the packets) and then injects new fake packets instead. We name this novel attack as the Catabolism attack and propose a novel attack detection and traceback approach against this attack referred to as the Anabolism defence. As part of the Anabolism defence approach we have proposed three techniques: time-based, Merkle tree based and Hash chain based techniques for attack detection and malicious node(s) traceback. We provide mathematical models that show our novel detection and traceback mechanisms to be very effective and detailed simulation results show our defence mechanisms to achieve a very high accuracy and detection rate