Actuación en zonas antiguas de pueblos y ciudades

Actuación en zonas antiguas de pueblos y ciudade

From Improved Leakage Detection to the Detection of Points of Interests in Leakage Traces

Leakage detection usually refers to the task of identifying data-dependent information in side-channel measurements, independent of whether this information can be exploited. Detecting Points-Of-Interest (POIs) in leakage traces is a complementary task that is a necessary first step in most side-channel attacks, where the adversary wants to turn this information into (e.g.) a key recovery. In this paper, we discuss the differences between these tasks, by investigating a popular solution to leakage detection based on a t-test, and an alternative method exploiting Pearson\u27s correlation coefficient. We first show that the simpler t-test has better sampling complexity, and that its gain over the correlation-based test can be predicted by looking at the Signal-to-Noise Ratio (SNR) of the leakage partitions used in these tests. This implies that the sampling complexity of both tests relates more to their implicit leakage assumptions than to the actual statistics exploited. We also put forward that this gain comes at the cost of some intuition loss regarding the localization of the exploitable leakage samples in the traces, and their informativeness. Next, and more importantly, we highlight that our reasoning based on the SNR allows defining an improved t-test with significantly faster detection speed (with approximately 5 times less measurements in our experiments), which is therefore highly relevant for evaluation laboratories. We finally conclude that whereas t-tests are the method of choice for leakage detection only, correlation-based tests exploiting larger partitions are preferable for detecting POIs. We confirm this intuition by improving automated tools for the detection of POIs in the leakage measurements of a masked implementation, in a black box manner and without key knowledge, thanks to a correlation-based leakage detection test

Administration of single-dose GnRH agonist in the luteal phase in ICSI cycles: a meta-analysis

<p>Abstract</p> <p>Background</p> <p>The effects of gonadotrophin-releasing hormone agonist (GnRH-a) administered in the luteal phase remains controversial. This meta-analysis aimed to evaluate the effect of the administration of a single-dose of GnRH-a in the luteal phase on ICSI clinical outcomes.</p> <p>Methods</p> <p>The research strategy included the online search of databases. Only randomized studies were included. The outcomes analyzed were implantation rate, clinical pregnancy rate (CPR) per transfer and ongoing pregnancy rate. The fixed effects model was used for odds ratio. In all trials, a single dose of GnRH-a was administered at day 5/6 after ICSI procedures.</p> <p>Results</p> <p>All cycles presented statistically significantly higher rates of implantation (P < 0.0001), CPR per transfer (P = 0.006) and ongoing pregnancy (P = 0.02) in the group that received luteal-phase GnRH-a administration than in the control group (without luteal-phase-GnRH-a administration). When meta-analysis was carried out only in trials that had used long GnRH-a ovarian stimulation protocol, CPR per transfer (P = 0.06) and ongoing pregnancy (P = 0.23) rates were not significantly different between the groups, but implantation rate was significant higher (P = 0.02) in the group that received luteal-phase-GnRH-a administration. On the other hand, the results from trials that had used GnRH antagonist multi-dose ovarian stimulation protocol showed statistically significantly higher implantation (P = 0.0002), CPR per transfer (P = 0.04) and ongoing pregnancy rate (P = 0.04) in the luteal-phase-GnRH-a administration group. The majority of the results presented heterogeneity.</p> <p>Conclusions</p> <p>These findings demonstrate that the luteal-phase single-dose GnRH-a administration can increase implantation rate in all cycles and CPR per transfer and ongoing pregnancy rate in cycles with GnRH antagonist ovarian stimulation protocol. Nevertheless, by considering the heterogeneity between the trials, it seems premature to recommend the use of GnRH-a in the luteal phase. Additional randomized controlled trials are necessary before evidence-based recommendations can be provided.</p

Software countermeasures for control flow integrity of smart card C codes

International audienceFault attacks can target smart card programs in order to disrupt an execution and gain an advantage over the data or the embedded functionalities. Among all possible attacks, control flow attacks aim at disrupting the normal execution flow. Identifying harmful control flow attacks as well as designing countermeasures at software level are tedious and tricky for developers. In this paper, we propose a methodology to detect harmful intra-procedural jump attacks at source code level and to automatically inject formally-proven countermeasures. The proposed software countermeasures defeat 100% of attacks that jump over at least two C source code statements or beyond. Experiments show that the resulting code is also hardened against unexpected function calls and jump attacks at assembly level

Very High Order Masking: Efficient Implementation and Security Evaluation

In this paper, we study the performances and security of recent masking algorithms specialized to parallel implementations in a 32-bit embedded software platform, for the standard AES Rijndael and the bitslice cipher Fantomas. By exploiting the excellent features of these algorithms for bitslice implementations, we first extend the recent speed records of Goudarzi and Rivain (presented at Eurocrypt 2017) and report realistic timings for masked implementations with 32 shares. We then observe that the security level provided by such implementations is uneasy to quantify with current evaluation tools. We therefore propose a new ``multi-model evaluation methodology which takes advantage of different (more or less abstract) security models introduced in the literature. This methodology allows us to both bound the security level of our implementations in a principled manner and to assess the risks of overstated security based on well understood parameters. Concretely, it leads us to conclude that these implementations withstand worst-case adversaries with >2^64 measurements under falsifiable assumptions

Masking Proofs are Tight (and How to Exploit it in Security Evaluations)

Evaluating the security level of a leaking implementation against side-channel attacks is a challenging task. This is especially true when countermeasures such as masking are implemented since in this case: (i) the amount of measurements to perform a key recovery may become prohibitive for certification laboratories, and (ii) applying optimal (multivariate) attacks may be computationally intensive and technically challenging. In this paper, we show that by taking advantage of the tightness of masking security proofs, we can significantly simplify this evaluation task in a very general manner. More precisely, we show that the evaluation of a masked implementation can essentially be reduced to the one of an unprotected implementation. In addition, we show that despite optimal attacks against masking schemes are computationally intensive for large number of shares, heuristic (soft analytical side-channel) attacks can approach optimality very efficiently. As part of this second contribution, we also improve over the recent multivariate (aka horizontal) side-channel attacks proposed at CHES 2016 by Battistello et al

On the Use of Independent Component Analysis to Denoise Side-Channel Measurements

International audienceIndependent Component Analysis (ICA) is a powerful technique for blind source separation. It has been successfully applied to signal processing problems, such as feature extraction and noise reduction , in many different areas including medical signal processing and telecommunication. In this work, we propose a framework to apply ICA to denoise side-channel measurements and hence to reduce the complexity of key recovery attacks. Based on several case studies, we afterwards demonstrate the overwhelming advantages of ICA with respect to the commonly used preprocessing techniques such as the singular spectrum analysis. Mainly, we target a software masked implementation of an AES and a hardware unprotected one. Our results show a significant Signal-to-Noise Ratio (SNR) gain which translates into a gain in the number of traces needed for a successful side-channel attack. This states the ICA as an important new tool for the security assessment of cryptographic implementations