Practical Improvements of Profiled Side-Channel Attacks on a Hardware Crypto-Accelerator

Abstract. This article investigates the relevance of the theoretical frame-work on profiled side-channel attacks presented by F.-X. Standaert et al. at Eurocrypt 2009. The analyses consist in a case-study based on side-channel measurements acquired experimentally from a hardwired crypto-graphic accelerator. Therefore, with respect to previous formal analyses carried out on software measurements or on simulated data, the inves-tigations we describe are more complex, due to the underlying chip’s architecture and to the large amount of algorithmic noise. In this dif-ficult context, we show however that with an engineer’s mindset, two techniques can greatly improve both the off-line profiling and the on-line attack. First, we explore the appropriateness of different choices for the sensitive variables. We show that a skilled attacker aware of the regis-ter transfers occurring during the cryptographic operations can select the most adequate distinguisher, thus increasing its success rate. Sec-ond, we introduce a method based on the thresholding of leakage data to accelerate the profiling or the matching stages. Indeed, leveraging on an engineer’s common sense, it is possible to visually foresee the shape of some eigenvectors thereby anticipating their estimation towards their asymptotic value by authoritatively zeroing weak components containing mainly non-informational noise. This method empowers an attacker, in that it saves traces when converging towards correct values of the secret. Concretely, we demonstrate a 5 times speed-up in the on-line phase of the attack.

Efficient template attacks

This is the accepted manuscript version. The final published version is available from http://link.springer.com/chapter/10.1007/978-3-319-08302-5_17.Template attacks remain a powerful side-channel technique to eavesdrop on tamper-resistant hardware. They model the probability distribution of leaking signals and noise to guide a search for secret data values. In practice, several numerical obstacles can arise when implementing such attacks with multivariate normal distributions. We propose efficient methods to avoid these. We also demonstrate how to achieve significant performance improvements, both in terms of information extracted and computational cost, by pooling covariance estimates across all data values. We provide a detailed and systematic overview of many different options for implementing such attacks. Our experimental evaluation of all these methods based on measuring the supply current of a byte-load instruction executed in an unprotected 8-bit microcontroller leads to practical guidance for choosing an attack algorithm.Omar Choudary is a recipient of the Google Europe Fellowship in Mobile Security, and this research is supported in part by this Google Fellowship

Asymptotic information leakage under one-try attacks

We study the asymptotic behaviour of (a) information leakage and (b) adversary’s error probability in information hiding systems modelled as noisy channels. Specifically, we assume the attacker can make a single guess after observing n independent executions of the system, throughout which the secret information is kept fixed. We show that the asymptotic behaviour of quantities (a) and (b) can be determined in a simple way from the channel matrix. Moreover, simple and tight bounds on them as functions of n show that the convergence is exponential. We also discuss feasible methods to evaluate the rate of convergence. Our results cover both the Bayesian case, where a prior probability distribution on the secrets is assumed known to the attacker, and the maximum-likelihood case, where the attacker does not know such distribution. In the Bayesian case, we identify the distributions that maximize the leakage. We consider both the min-entropy setting studied by Smith and the additive form recently proposed by Braun et al., and show the two forms do agree asymptotically. Next, we extend these results to a more sophisticated eavesdropping scenario, where the attacker can perform a (noisy) observation at each state of the computation and the systems are modelled as hidden Markov models

Outcome of Diagnostic Tests Using Samples from Patients with Culture-Proven Human Monocytic Ehrlichiosis: Implications for Surveillance

We describe the concordance among results from various laboratory tests using samples derived from nine culture-proven cases of human monocytic ehrlichiosis (HME) caused by Ehrlichia chaffeensis. A class-specific indirect immunofluorescence assay for immunoglobulin M (IgM) and IgG, using E. chaffeensis antigen, identified 44 and 33% of the isolation-confirmed HME patients on the basis of samples obtained at initial clinical presentation, respectively; detection of morulae in blood smears was similarly insensitive (22% positive). PCR amplifications of ehrlichial DNA targeting the 16S rRNA gene, the variable-length PCR target gene, and the groESL operon were positive for whole blood specimens obtained from all patients at initial presentation. As most case definitions of HME require a serologic response with compatible illness for a categorization of even probable disease, PCR would have been required to confirm the diagnosis of HME in all nine of these patients without the submission of a convalescent-phase serum sample. These data suggest that many, if not most, cases of HME in patients who present early in the course of the disease may be missed and underscore the limitations of serologically based surveillance systems

On the Impacts of Mathematical Realization over Practical Security of Leakage Resilient Cryptographic Schemes

In real world, in order to transform an abstract and generic cryptographic scheme into actual physical implementation, one usually undergoes two processes: mathematical realization at algorithmic level and physical realization at implementation level. In the former process, the abstract and generic cryptographic scheme is transformed into an exact and specific mathematical scheme, while in the latter process the output of mathematical realization is being transformed into a physical cryptographic module runs as a piece of software, or hardware, or combination of both. In black-box model (i.e. leakage-free setting), a cryptographic scheme can be mathematically realized without affecting its theoretical security as long as the mathematical components meet the required cryptographic properties. However, up to now, no previous work formally show that whether one can mathematically realize a leakage resilient cryptographic scheme in existent ways without affecting its practical security. Our results give a negative answer to this important question by introducing attacks against several kinds of mathematical realization of a practical leakage resilient cryptographic scheme. Our results show that there may exist a big gap between the theoretical tolerance leakage rate and the practical tolerance leakage rate of the same leakage resilient cryptographic scheme if the mathematical components in the mathematical realization are not provably secure in leakage setting. Therefore, on one hand, we suggest that all (practical) leakage resilient cryptographic schemes should at least come with a kind of mathematical realization. Using this kind of mathematical realization, its practical security can be guaranteed. On the other hand, our results inspire cryptographers to design advanced leakage resilient cryptographic schemes whose practical security is independent of the specific details of its mathematical realization

Revisiting protein aggregation as pathogenic in sporadic Parkinson and Alzheimer diseases.

The gold standard for a definitive diagnosis of Parkinson disease (PD) is the pathologic finding of aggregated α-synuclein into Lewy bodies and for Alzheimer disease (AD) aggregated amyloid into plaques and hyperphosphorylated tau into tangles. Implicit in this clinicopathologic-based nosology is the assumption that pathologic protein aggregation at autopsy reflects pathogenesis at disease onset. While these aggregates may in exceptional cases be on a causal pathway in humans (e.g., aggregated α-synuclein in SNCA gene multiplication or aggregated β-amyloid in APP mutations), their near universality at postmortem in sporadic PD and AD suggests they may alternatively represent common outcomes from upstream mechanisms or compensatory responses to cellular stress in order to delay cell death. These 3 conceptual frameworks of protein aggregation (pathogenic, epiphenomenon, protective) are difficult to resolve because of the inability to probe brain tissue in real time. Whereas animal models, in which neither PD nor AD occur in natural states, consistently support a pathogenic role of protein aggregation, indirect evidence from human studies does not. We hypothesize that (1) current biomarkers of protein aggregates may be relevant to common pathology but not to subgroup pathogenesis and (2) disease-modifying treatments targeting oligomers or fibrils might be futile or deleterious because these proteins are epiphenomena or protective in the human brain under molecular stress. Future precision medicine efforts for molecular targeting of neurodegenerative diseases may require analyses not anchored on current clinicopathologic criteria but instead on biological signals generated from large deeply phenotyped aging populations or from smaller but well-defined genetic-molecular cohorts

Insulin but not phorbol ester treatment increases phosphorylation of vinculin by protein kinase C in BC3H-1 myocytes

AbstractInsulin was found to increase protein kinase C activity in BC3H-1 myocytes as determined by in vitro phosphorylation of both a lysine-rich histone fraction (histone III-S) and vinculin. TPA treatment for 20 min or 18 h provoked an apparent loss of histone-directed but not vinculin-directed phosphorylation by cytosolic C-kinase. Thus, chronic TPA-induced ‘desensitization’ or ‘depletion’ of cellular protein kinase C is more apparent than real, and is not a valid means for evaluating the role of C-kinase in hormone action

Actuación en zonas antiguas de pueblos y ciudades

Actuación en zonas antiguas de pueblos y ciudade