An analytic model for non-spherical lenses in covariant MOdified Newtonian Dynamics

Strong gravitational lensing by galaxies in MOdified Newtonian Dynamics (MOND) has until now been restricted to spherically symmetric models. These models were able to account for the size of the Einstein ring of observed lenses, but were unable to account for double-imaged systems with collinear images, as well as four-image lenses. Non-spherical models are generally cumbersome to compute numerically in MOND, but we present here a class of analytic non-spherical models that can be applied to fit double-imaged and quadruple-imaged systems. We use them to obtain a reasonable MOND fit to ten double-imaged systems, as well as to the quadruple-imaged system Q2237+030 which is an isolated bulge-disc lens producing an Einstein cross. However, we also find five double-imaged systems and three quadruple-imaged systems for which no reasonable MOND fit can be obtained with our models. We argue that this is mostly due to the intrinsic limitation of the analytic models, even though the presence of small amounts of additional dark mass on galaxy scales in MOND is also plausible.Comment: 10 pages, 6 figures, references update

Defeating ISO9797-1 MAC Algo 3 by Combining Side-Channel and Brute Force Techniques

Side-channel analysis is a well-known and efficient hardware technique to recover embedded secrets in microprocessors. Over the past years, the state-of-the-art side-channel attacks has significantly increased, leading to a myriad of vulnerability paths that secure codes must withstand. Nowadays most of the attacks target the cryptographic algorithms, but very few exploit the cryptographic protocol. In this paper, we present a new attack that exploits the information exchange at the cryptographic protocol level in order to disclose the secret key. This attack is applicable to the MAC calculations standardized in ISO/IEC 9797-1 especially the MAC algorithm 3 with the DES function. This protocol is spread in secure products nowadays, this is the case typically for some EMV implementations. By using a side-channel technique combined with a reasonable brute force effort, we show that the secret key can be fully retrieved even though the DES implementation seems to be well-protected against side-channel attacks

Is Gravitational Lensing by Intercluster Filaments Always Negligible?

Intercluster filaments negligibly contribute to the weak lensing signal in general relativity (GR), $\gamma_{N}\sim 10^{-4}-10^{-3}$. In the context of relativistic modified Newtonian dynamics (MOND) introduced by Bekenstein, however, a single filament inclined by $\approx 45^\circ$ from the line of sight can cause substantial distortion of background sources pointing towards the filament's axis ($\kappa=\gamma=(1-A^{-1})/2\sim 0.01$); this is rigorous for infinitely long uniform filaments, but also qualitatively true for short filaments ($\sim 30$Mpc), and even in regions where the projected matter density of the filament is equal to zero. Since galaxies and galaxy clusters are generally embedded in filaments or are projected on such structures, this contribution complicates the interpretation of the weak lensing shear map in the context of MOND. While our analysis is of mainly theoretical interest providing order-of-magnitude estimates only, it seems safe to conclude that when modeling systems with anomalous weak lensing signals, e.g. the "bullet cluster" of Clowe et al., the "cosmic train wreck" of Abell 520 from Mahdavi et al., and the "dark clusters" of Erben et al., filamentary structures might contribute in a significant and likely complex fashion. On the other hand, our predictions of a (conceptual) difference in the weak lensing signal could, in principle, be used to falsify MOND/TeVeS and its variations.Comment: 11 pages, 6 figures, published versio

Distinguishing multiplications from squaring operations

Abstract. In this paper we present a new approach to attacking a modular exponentiation and scalar multiplication based by distinguishing multiplications from squaring operations using the instantaneous power consumption. Previous approaches have been able to distinguish these operations based on information of the specific implementation of the embedded algorithm or the relationship between specific plaintexts. The proposed attack exploits the expected Hamming weight of the result of the computed operations. We extrapolate our observations and assess the consequences for elliptic curve cryptosystems when unified formulae for point addition are used

Chicken or the Egg - Computational Data Attacks or Physical Attacks

Side-channel and fault injection analyses are well-known domains that have been used for years to evaluate the resistance of hardware based products. These techniques remain a threat for the secret assets embedded in products like smart cards or System On Chip. But most of these products contain nowadays several strong protections rendering side-channel and fault attacks difficult or inefficient. For two decades embedded cryptography for payment, pay tv, identity areas have relied a lot on secure elements. Nowadays more alternative solutions on mobile phones appear with the aim to offer software-based security services including payment and security solutions as the HCE and DRM products. Cryptographic operations running in such applications are then executed most often on unprotected hardware devices. Therefore the binary code is often accessible to attackers who can use static and dynamic reverse engineering techniques to extract and analyse operations including data modification as faults. Hence, hiding or obfuscating secrets and/or whitebox cryptography becomes a strong alternatives to secure element storage for assets. We explain in this paper how directly from the binary or with the extracted source code we can perform statistical and fault analyses using similar techniques as those used in hardware-based security. This concerns particularly side-channel or fault injections techniques. Using our tool and virtualization technique, an attacker can emulate and trace and modify any chosen computational data (memory or register manipulation, any machine language operation) executed in the mobile application. It means the attacker is not no longer restricted by any physical limitations imposing a leakage model (and additional noise) or making fault injection tied with physical limitations. Hence statistical and fault attacks can go potentially further in software-based implementation compared to hardware based devices. As a consequence, complex techniques like high order, collision and horizontal statistical attacks become very efficient and can be easily performed on the computational data execution traces. A similar consequence applies for fault injection attacks. Hence the word statistical and fault analysis on computational data becomes more appropriate and one can wonder who has been the first between computational data or physical attack techniques? Chicken or the Egg

Security in Embedded Public Key Cryptography

International audienc

Daily life for a Secure Product in the Industry

International audienc

Updated Recommendations for Blinded Exponentiation vs. Single Trace Analysis

International audienceSide-channel analysis has become a very powerful tool helpful for attackers trying to recover the secrets embedded in microprocessors such as smartcards. Since the initial publications from Kocher et al. many improvements on side-channel techniques have been proposed. At the same time developers have designed countermeasures to counterfeit those threats. The challenge for securing smart devices remains rough. The most complex techniques like Differential, Correlation and Mutual-information analysis are more studied today than simple side-channel analysis which seems less considered as said less powerful. We revisit in this paper the simple side-channel analysis attacks previously published. Relying on previous leakage models we design two new methods to build chosen message which allows more efficient analysis on blinded exponentiation. We also show that, contrarily to common belief, with our chosen message method simple side-channel analysis can be successful also in some hashed message models. In a second step we introduce a more precise but realistic leakage model for hardware multipliers which leads us to new results on simple side-channel efficiency. Relying on these models we show that even with big base multipliers leakages can be exploited to recover the secret exponent on blinded exponentiations

Generating Provable Primes Efficiently on Embedded Devices

ISBN : 978-3-642-30056-1International audienceThis paper introduces new techniques to generate provable prime numbers efficiently on embedded devices such as smartcards, based on variants of Pocklington's and the Brillhart-Lehmer-Selfridge-Tuckerman-Wagstaff theorems. We introduce two new generators that, combined with cryptoprocessor-specific optimizations, open the way to efficient and tamper-resistant on-board generation of provable primes. We also report practical results from our implementations. Both our theoretical and experimental results show that constructive methods can generate provable primes essentially as efficiently as state-of-the-art generators for probable primes based on Fermat and Miller-Rabin pseudo-tests. We evaluate the output entropy of our two generators and provide techniques to ensure a high level of resistance against physical attacks. This paper intends to provide practitioners with the first practical solutions for fast and secure generation of provable primes in embedded security devices

Passive and Active Combined Attacks on AES Combining Fault Attacks and Side Channel Analysis

International audienc