Data Oblivious Genome Variants Search on Intel SGX

We show how to build a practical, private data oblivious genome variants search using Intel SGX. More precisely, we consider the problem posed in Track 2 of the iDash Privacy and Security Workshop 2017 competition, which was to search for variants with high $\chi^{2}$ statistic among certain genetic data over two populations. The winning solution of this iDash competition (developed by Carpov and Tortech) is extremely efficient, but not memory oblivious, which potentially made it vulnerable to a whole host of memory- and cache-based side channel attacks on SGX. In this paper, we adapt a framework in which we can exactly quantify this leakage. We provide a memory oblivious implementation with reasonable information leakage at the cost of some efficiency. Our solution is roughly an order of magnitude slower than the non-memory oblivious implementation, but still practical and much more efficient than naive memory-oblivious solutions--it solves the iDash problem in approximately 5 minutes. In order to do this, we develop novel definitions and models for oblivious dictionary merging, which may be of independent theoretical interest

An automated quasi-continuous capillary refill timing device

Capillary refill time (CRT) is a simple means of cardiovascular assessment which is widely used in clinical care. Currently, CRT is measured through manual assessment of the time taken for skin tone to return to normal colour following blanching of the skin surface. There is evidence to suggest that manually assessed CRT is subject to bias from ambient light conditions, a lack of standardisation of both blanching time and manually applied pressure, subjectiveness of return to normal colour, and variability in the manual assessment of time. We present a novel automated system for CRT measurement, incorporating three components: a non-invasive adhesive sensor incorporating a pneumatic actuator, a diffuse multi-wavelength reflectance measurement device, and a temperature sensor; a battery operated datalogger unit containing a self contained pneumatic supply; and PC based data analysis software for the extraction of refill time, patient skin surface temperature, and sensor signal quality. Through standardisation of the test, it is hoped that some of the shortcomings of manual CRT can be overcome. In addition, an automated system will facilitate easier integration of CRT into electronic record keeping and clinical monitoring or scoring systems, as well as reducing demands on clinicians. Summary analysis of volunteer (n = 30) automated CRT datasets are presented, from 15 healthy adults and 15 healthy children (aged from 5 to 15 years), as their arms were cooled from ambient temperature to 5°C. A more detailed analysis of two typical datasets is also presented, demonstrating that the response of automated CRT to cooling matches that of previously published studies

Tight Private Circuits: Achieving Probing Security with the Least Refreshing

Masking is a common countermeasure to secure implementations against side-channel attacks. In 2003, Ishai, Sahai, and Wagner introduced a formal security model, named t-probing model, which is now widely used to theoretically reason on the security of masked implementations. While many works have provided security proofs for small masked components, called gadgets, within this model, no formal method allowed to securely compose gadgets with a tight number of shares (namely, t + 1) until recently. In 2016, Barthe et al. filled this gap with maskComp, a tool checking the security of masking schemes composed of several gadgets. This tool can achieve provable security with tight number of shares by inserting mask-refreshing gadgets at carefully selected locations. However the method is not tight in the sense that there exists some compositions of gadgets for which it cannot exhibit a flaw nor prove the security. As a result, it is overconservative and might insert more refresh gadgets than actually needed to ensure t-probing security. In this paper, we exhibit the first tool, referred to as tightPROVE, able to clearly state whether a shared circuit composed of standard gadgets (addition, multiplication, and refresh) is t-probing secure or not. Given such a composition, our tool either produces a probing-security proof (valid at any order) or exhibits a security flaw that directly implies a probing attack at a given order. Compared to maskComp, tightPROVE can drastically reduce the number of required refresh gadgets to get a probing security proof, and thus the randomness requirement for some secure shared circuits. We apply our method to a recent AES implementation secured with higher-order masking in bitslice and we show that we can save all the refresh gadgets involved in the s-box layer, which results in an significant performance gain

A Generic Protection against High-Order Differential Power Analysis

Abstract. Differential Power Analysis (DPA) on smart-cards was intro-duced by Paul Kocher [11] in 1998. Since, many countermeasures have been introduced to protect cryptographic algorithms from DPA attacks. Unfortunately these features are known not to be efficient against high order DPA (even of second order). In these paper we will first describe new specialized first order attack and remind how are working high or-der DPA attacks. Then we will show how these attacks can be applied to two usual actual countermeasures. Eventually we will present a method of protection (and apply it to the DES) which seems to be secure against any order DPA type attacks. The figures of a real implementation of this method will be given too