Side-channel based intrusion detection for industrial control systems

Industrial Control Systems are under increased scrutiny. Their security is historically sub-par, and although measures are being taken by the manufacturers to remedy this, the large installed base of legacy systems cannot easily be updated with state-of-the-art security measures. We propose a system that uses electromagnetic side-channel measurements to detect behavioural changes of the software running on industrial control systems. To demonstrate the feasibility of this method, we show it is possible to profile and distinguish between even small changes in programs on Siemens S7-317 PLCs, using methods from cryptographic side-channel analysis.Comment: 12 pages, 7 figures. For associated code, see https://polvanaubel.com/research/em-ics/code

Prolactin

During an oral glucose tolerance test (OGTT) glucose and insulin levels were measured in 26 patients with prolactin-producing pituitary tumours without growth hormone excess. Basal glucose and insulin levels did not differ from the values of an age-matched control group. After glucose load the hyperprolactinaemic patients showed a decrease in glucose tolerance and a hyperinsulinaemia. Bromocriptine (CB 154), which suppressed PRL, improved glucose tolerance and decreased insulin towards normal in a second OGTT. — Human PRL or CB 154 had no significant influence on insulin release due to glucose in the perfused rat pancreas. — These findings suggest a diabetogenic effect of PRL. CB 154 might be a useful drug in improving glucose utilization in hormone-active pituitary tumours

Error-Tolerant Algebraic Side-Channel Attacks Using BEE

Algebraic side-channel attacks are a type of side-channel analysis which can recover the secret information with a small number of samples (e.g., power traces). However, this type of side-channel analysis is sensitive to measurement errors which may make the attacks fail. In this paper, we propose a new method of algebraic side-channel attacks which considers noisy leakages as integers restricted to intervls and finds out the secret information with a constraint programming solver named BEE. To demonstrate the efficiency of this new method in algebraic side-channel attacks, we analyze some popular implementations of block ciphers---PRESENT, AES, and SIMON under the Hamming weight or Hamming distance leakage model. For AES, our method requires the least leakages compared with existing works under the same error model. For both PRESENT and SIMON, we provide the first analytical results of them under algebraic side-channel attacks in the presence of errors. To further demonstrate the wide applicability of this new method, we also extend it to cold boot attacks. In the cold boot attacks against AES, our method increases the success rate by over $25\%$ than previous works

Cardiorespiratory fitness, adiposity and incident asthma in adults

Available large-scale prospective studies on adiposity and asthma used body mass index as an indicator of adiposity. Studies involving more accurate measures of adiposity, such as body fat percentage (BF%), are needed to confirm or contrast body mass index - related results. Cardiorepiratory fitness is a strong predictor of morbidity and mortality, and the available literature suggests that moderate-high cardiorespiratory fitness reduces many of the health hazards associated with obesity. The present study aimed: 1) to examine whether cardiorespiratory fitness and/or BF% are associated with subsequent acquisition of asthma in adults; and 2) to test the hypothesis that a high cardiorespiratory fitness level can reduce the risk of incident asthma in individuals with excess adiposity

Making Masking Security Proofs Concrete - Or How to Evaluate the Security of any Leaking Device

We investigate the relationships between theoretical studies of leaking cryptographic devices and concrete security evaluations with standard side-channel attacks. Our contributions are in four parts. First, we connect the formal analysis of the masking countermeasure proposed by Duc et al. (Eurocrypt 2014) with the Eurocrypt 2009 evaluation framework for side-channel key recovery attacks. In particular, we re-state their main proof for the masking countermeasure based on a mutual information metric, which is frequently used in concrete physical security evaluations. Second, we discuss the tightness of the Eurocrypt 2014 bounds based on experimental case studies. This allows us to conjecture a simplified link between the mutual information metric and the success rate of a side-channel adversary, ignoring technical parameters and proof artifacts. Third, we introduce heuristic (yet well-motivated) tools for the evaluation of the masking countermeasure when its independent leakage assumption is not perfectly fulfilled, as it is frequently encountered in practice. Thanks to these tools, we argue that masking with non-independent leakages may provide improved security levels in certain scenarios. Eventually, we consider the tradeoff between measurement complexity and key enumeration in divide-and-conquer side-channel attacks, and show that it can be predicted based on the mutual information metric, by solving a non-linear integer programming problem for which efficient solutions exist. The combination of these observations enables significant reductions of the evaluation costs for certification bodies