Security of data science and data science for security

In this chapter, we present a brief overview of important topics regarding the connection of data science and security. In the first part, we focus on the security of data science and discuss a selection of security aspects that data scientists should consider to make their services and products more secure. In the second part about security for data science, we switch sides and present some applications where data science plays a critical role in pushing the state-of-the-art in securing information systems. This includes a detailed look at the potential and challenges of applying machine learning to the problem of detecting obfuscated JavaScripts

Grafting Trees: a Fault Attack against the SPHINCS framework

Because they require no assumption besides the preimage or collision resistance of hash functions, hash-based signatures are a unique and very attractive class of post-quantum primitives. Among them, the schemes of the SPHINCS family are arguably the most practical stateless schemes, and can be implemented on embedded devices such as FPGAs or smart cards. This naturally raises the question of their resistance to implementation attacks. In this paper, we propose the first fault attack against the framework underlying SPHINCS, Gravity-SPHINCS and SPHINCS+. Our attack allows to forge any message signature at the cost of a single faulted message. Furthermore, the fault model is very reasonable and the faulted signatures remain valid, which renders our attack both stealthy and practical. As the attack involves a non-negligible computational cost, we propose a fine-grained trade-off allowing to lower this cost by slightly increasing the number of faulted messages. Our attack is generic in the sense that it does not depend on the underlying hash function(s) used

Fault Detection Structures of the S-boxes and the Inverse S-boxes for the Advanced Encryption Standard

Fault detection schemes for the Advanced Encryption Standard are aimed at detecting the internal and malicious faults in its hardware implementations. In this paper, we present fault detection structures of the S-boxes and the inverse S-boxes for designing high performance architectures of the Advanced Encryption Standard. We avoid utilizing the look-up tables for implementing the S-boxes and the inverse S-boxes and their parity predictions. Instead, logic gate implementations based on composite fields are used. We modify these structures and suggest new fault detection schemes for the S-boxes and the inverse S-boxes. Using the closed formulations for the predicted parity bits, the proposed fault detection structures of the S-boxes and the inverse S-boxes are simulated and it is shown that the proposed schemes detect all single faults and almost all random multiple faults. We have also synthesized the modified S-boxes, inverse S-boxes, mixed S-box/inverse S-box structures, and the whole AES encryption using the 0.18 μ CMOS technology and have obtained the area, delay, and power consumption overheads for their fault detection schemes. Furthermore, the fault coverage and the overheads in terms of the space complexity and time delay are compared to those of the previously reported ones

Editorial in IEEE Transactions on Very Large Scale Integration (VLSI) Systems

International audienceAs I start my second two-year term (2017–2018) as the Editor-in-Chief (EIC) of the IEEE Transactions on Very Large Scale Integration Systems (TVLSI), I wish the TVLSI readership a very happy new year and continued professional success. It gives me great pleasure to report on the state of the journal and our performance metrics. Over the past two years, TVLSI has seen a healthy increase in the number of submissions—from 687 in 2014 to 770 in 2015, and at the time of writing of this editorial, we are at 760 submissions for 2016. We expect the number of submissions for 2016 to cross 800 before the end of the year. TVLSI, therefore, continues to be the premier archival journal for university researchers and industry practitioners in the broad area of VLSI system design