Data Oblivious Genome Variants Search on Intel SGX

We show how to build a practical, private data oblivious genome variants search using Intel SGX. More precisely, we consider the problem posed in Track 2 of the iDash Privacy and Security Workshop 2017 competition, which was to search for variants with high $\chi^{2}$ statistic among certain genetic data over two populations. The winning solution of this iDash competition (developed by Carpov and Tortech) is extremely efficient, but not memory oblivious, which potentially made it vulnerable to a whole host of memory- and cache-based side channel attacks on SGX. In this paper, we adapt a framework in which we can exactly quantify this leakage. We provide a memory oblivious implementation with reasonable information leakage at the cost of some efficiency. Our solution is roughly an order of magnitude slower than the non-memory oblivious implementation, but still practical and much more efficient than naive memory-oblivious solutions--it solves the iDash problem in approximately 5 minutes. In order to do this, we develop novel definitions and models for oblivious dictionary merging, which may be of independent theoretical interest

Improving Secure Device Insertion in Home Ad Hoc Networks

Home ad-hoc networks are sets of devices that interact to offer enhanced services to the users. These networks are heterogeneous, dynamic and fully decentralized. Moreover, they generally lack of a skilled administrator. These properties dramatically reduce the efficiency of classical security approaches: even defining the boundaries of such networks can be difficult. Ways to solve this problem where recently found, using the concept of secure long-term communities. Solutions rely on one critical operation: the secure insertion of a device in the home ad-hoc network. In this paper, we propose two ways to improve this operation, using store-and-forward techniques. The first improvement deals with the ability to realize insertion under loose connectivity circumstances. The other improvement deals with the ability for the user to use any trusted device in order to realize insertion. Keywords: Network Security, Key-management

Tight Private Circuits: Achieving Probing Security with the Least Refreshing

Masking is a common countermeasure to secure implementations against side-channel attacks. In 2003, Ishai, Sahai, and Wagner introduced a formal security model, named t-probing model, which is now widely used to theoretically reason on the security of masked implementations. While many works have provided security proofs for small masked components, called gadgets, within this model, no formal method allowed to securely compose gadgets with a tight number of shares (namely, t + 1) until recently. In 2016, Barthe et al. filled this gap with maskComp, a tool checking the security of masking schemes composed of several gadgets. This tool can achieve provable security with tight number of shares by inserting mask-refreshing gadgets at carefully selected locations. However the method is not tight in the sense that there exists some compositions of gadgets for which it cannot exhibit a flaw nor prove the security. As a result, it is overconservative and might insert more refresh gadgets than actually needed to ensure t-probing security. In this paper, we exhibit the first tool, referred to as tightPROVE, able to clearly state whether a shared circuit composed of standard gadgets (addition, multiplication, and refresh) is t-probing secure or not. Given such a composition, our tool either produces a probing-security proof (valid at any order) or exhibits a security flaw that directly implies a probing attack at a given order. Compared to maskComp, tightPROVE can drastically reduce the number of required refresh gadgets to get a probing security proof, and thus the randomness requirement for some secure shared circuits. We apply our method to a recent AES implementation secured with higher-order masking in bitslice and we show that we can save all the refresh gadgets involved in the s-box layer, which results in an significant performance gain

Spectral approach for correlation power analysis

Published in Lecture Notes in Computer Science, vol 10194, pp. 238-253, Springer, Cham 2017International audienceThis paper provides a new approach to perform Correlation Power Analysis (CPA) attack. Power analysis attacks are side channel attacks based on power consumption measures on a device running a cryptographic algorithm with a CMOS technology based circuitry. Unlike most of CPA attacks that are based on statistical attacks, this paper proposes a new approach based on spectral analysis. The interest lies in the reduction of the attack complexity. The complexity is quasi linear in the size of the table of values of the S-box whereas it is quadratic with statistical attacks. It is shown that it can be easily extended to a so-called multidimensional attack. The attack is experimented on a AES S-box

SCA-Resistance for AES: How Cheap Can We Go?

Contains fulltext : 191728.pdf (Publisher’s version ) (Open Access