On the Practical Security of a Leakage Resilient Masking Scheme

At TCC 2012, Dziembowski and Faust show how to construct leakage resilient circuits using secret sharing based on the inner product [2]. At Asiacrypt 2012, Ballash et al. turned the latter construction into an efficient masking scheme and they apply it to protect an implementation of AES against side-channel attacks [1]. The so-called Inner-Product masking (IPmasking for short) was claimed to be secure with respect to two different security models: the $\lambda$-limited security model (Section 4 of [1]), and the dth-order security model (see definitions p.8 of [1]). In the former model, the security proof makes sense for a sharing dimension $n > 130$ which is acknowledged impractical by the authors. In the latter model, the scheme is claimed secure up to the order $d = n-1$. In this note, we contradict the dth-order security claim by exhibiting a 1st-order flaw in the masking algorithm for any chosen sharing dimension n

Why Cryptography Should Not Rely on Physical Attack Complexity

This book presents two practical physical attacks. It shows how attackers can reveal the secret key of symmetric as well as asymmetric cryptographic algorithms based on these attacks, and presents countermeasures on the software and the hardware level that can help to prevent them in the future. Though their theory has been known for several years now, since neither attack has yet been successfully implemented in practice, they have generally not been considered a serious threat. In short, their physical attack complexity has been overestimated and the implied security threat has been underestimated. First, the book introduces the photonic side channel, which offers not only temporal resolution, but also the highest possible spatial resolution. Due to the high cost of its initial implementation, it has not been taken seriously. The work shows both simple and differential photonic side channel analyses. Then, it presents a fault attack against pairing-based cryptography. Due to the need for at least two independent precise faults in a single pairing computation, it has not been taken seriously either. Based on these two attacks, the book demonstrates that the assessment of physical attack complexity is error-prone, and as such cryptography should not rely on it. Cryptographic technologies have to be protected against all physical attacks, whether they have already been successfully implemented or not. The development of countermeasures does not require the successful execution of an attack but can already be carried out as soon as the principle of a side channel or a fault attack is sufficiently understood

Monitoring and Analysis of Novel Psychoactive Substances in Trends Databases, Surface Web and the Deep Web, with Special Interest and Geo-Mapping of the Middle East

BACKGROUND Novel or new psychoactive substances (NPS), also known as designer drugs and research chemicals, represent a relatively recent phenomenon which can be traced back to the last decade or even earlier. The growth of this phenomenon and its electronic trade (e-trade) has been logarithmic and alarming; its aftermaths are not limited to; the economy, individual and public health, or illicit drug trade. The discipline of NPS has been extensively studied since 2010. However, there are still deficits in; data from the Middle East and the developing world including Arabic countries (1), application of data science and inferential hypothesis testing (2), implementation of the principles and theories of social science (3), utilization of experimental designs including randomised controlled trials (RCT) and quasiexperimental studies (4), and ultimately the enactment of real-time web analysis and the realization of tools of knowledge discovery in databases (5). AIM AND OBJECTIVES This study will implement an innovative research approach by combining observational analyses and data science; the aim is to provide generalizable (inferential) data in relation to NPS e-commerce activities on both divisions of the web, surface and deep. The pinnacle objective is to; assess the proportional magnitude of NPS e-commerce activity in the Middle East (1), provide a thorough analysis of the e-vendors on the darknet, both globally and regionally (Middle East) (2), correlate change in trends of e-commerce with time (3), provide recommendations for future studies in relation to the ecommerce activity in the Middle East (4), and to discuss the colossal potential of data mining technologies (5). MATERIALS AND METHODS This dissertation embodies the integrative and combinatorial approach towards the investigation of the e-trade (e-commerce) of NPS; it is made of integrated studies allocated into eleven results chapters. The utilised investigative tools represent a mixed-breed of observational web analytics including; literature review (1), cross-sectional studies and surveys (2, 3), internet snapshots (4), retrospective analyses (5), and critical appraisal (6). These analyses took place in both appendices of the web (surface web and the anonymous deep web); the analyses specifically involved; Google Trends database (1), literature databases (2), drug fora (3), social communication e-media (3), news and media networks (4), Grams search engine of the deep web (5), the darknet and its e-marketplace (6), Alphabay, Agora, Valhalla, Hansa, other dedicated e-markets for NPS e-trade (7). Additional extrapolations were concluded via the use of surveys and e-surveys in a population of medical students from Iraq. The potentials for knowledge discovery in databases (KDD) were also discussed in all chapters. Each chapter was thoroughly investigated via; data science tools (I), inferential statistics and hypothesis testing (II). The latter was dependent on using the Microsoft Excel 2016, the Statistical Package for the Social Sciences (SPSS), and some online tools of data science. RESULTS AND DISCUSSION A systematic review of approximately 600 PubMed-indexed articles of NPS literature showed; attempts of NPS research started to evolve after 2010, almost one-third of the research output (36%) was of relevance to toxicology and analytic chemistry, while reviews and cross-sectional studies were less common (15%, 18%). The analysis of the individual basis of power showed that NPS researchers, legislators, and policymakers are lagging behind, whereas terrorist possesses the highest possible power. Power scores of e-vendors scored highest in the UK, US, and eastern Europe, while being almost absent in the Middle East. The complimentary usage of PubMed, drug fora, and Google Trends was successful in extrapolating the most trending and high-risk NPS; the contribution from the Middle East to incidents of intoxications and fatalities was absent except for Israel. Deep web analysis, including the darknet emarketplace, has shown that the contribution of the Middle East never exceeded 7% of the total etrade, data were limited to; Iran, Israel, Turkey, Afghanistan, Oman, United Arab Emirates, and Saudi Arabia. Other Arabic countries included; Egypt, Morocco, and Algeria. It was interesting to observe the e-vendors of NPS operating in the Middle East were highly involved in e-trade activities in other nations, primarily; the UK, Western Europe and Scandinavia, US, Canada, Australia, and New Zealand. Surveys and internet snapshots unveiled the lack of awareness and very low prevalence of (ab)use of NPS within the selected Iraqi population. Captagon was highly prevalent in the Middle East, unlike NBOMe and octodrine. In summary, the contribution from the Middle East was microscopic when compared to the developed world; it did not exceed 7% of the entire NPS phenomenon e-trade. Similarly, the NPS research in the region of the Middle East can be described to be in its infancy. The overall level-of-evidence of this dissertation is assumed to be of level-2b according to the classification system imposed by the Oxford Center for Evidence-Based Medicine (2009). CONCLUSION The growth of the NPS phenomenon, including the e-commerce and its links to terrorism, are reaching unprecedented levels. Unless some reasonable efforts and ingenious upgrades of the current research methodologies, the NPS trade and e-trade will continue to prevail rendering all its counter-attempts fade into dust; these attempts are not only limited to NPS research but also into; legislative actions, policy planning, and counter-terrorism. Upgrades should affect these front lines; increasing the quality and quantity of studies in developed countries including Middle Eastern and Arabic countries (1), incorporation of efficient use of data science and advanced web analytics (2), compulsory training of data science, biostatistics, and basic neuroscience for all NPS researchers, chemists, and toxicologists (3), validation and incorporation of data mining and real-time analyses (4), inclusion of the rarely-used experimental studies including RCTs, pragmatic RCTs, and animal modelling (5), enhancement and potentiation of internet snapshot techniques (6), and full exploitation of trends databases of the surface web (7). Perhaps, the integration of real-time data mining and data crunching, and inferential data science technique will represent the climax armament to antagonise the alarming e-trade