photo from iain tate on flickr photo from becky stern on
play

+ = Photo from Iain Tate on Flickr Photo from Becky Stern on - PowerPoint PPT Presentation

Mar 27, 2024 •687 likes •1.02k views

A C OMPREHENSIVE E VALUATION OF M UTUAL I NFORMATION A NALYSIS U SING A F AIR E VALUATION F RAMEWORK Carolyn Whitnall, Elisabeth Oswald carolyn.whitnall@bris.ac.uk Department of Computer Science, University of Bristol 16 th August 2011 C. W

  1. A C OMPREHENSIVE E VALUATION OF M UTUAL I NFORMATION A NALYSIS U SING A F AIR E VALUATION F RAMEWORK Carolyn Whitnall, Elisabeth Oswald carolyn.whitnall@bris.ac.uk Department of Computer Science, University of Bristol 16 th August 2011 C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 1 / 1

  2. Photo from Casey Marshall on Flickr + = Photo from Iain Tate on Flickr Photo from Becky Stern on Flickr Algorithm = Measurements! + Device But how to make the most of those measurements? C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 2 / 1

  3. W HAT IS A S IDE -C HANNEL D ISTINGUISHER ? C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 3 / 1

  4. W HAT IS A S IDE -C HANNEL D ISTINGUISHER ? C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 3 / 1

  5. W HAT IS A S IDE -C HANNEL D ISTINGUISHER ? C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 3 / 1

  6. W HAT IS A S IDE -C HANNEL D ISTINGUISHER ? C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 3 / 1

  7. W HAT IS A S IDE -C HANNEL D ISTINGUISHER ? C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 3 / 1

  8. W HAT IS A S IDE -C HANNEL D ISTINGUISHER ? C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 3 / 1

  9. W HAT IS A S IDE -C HANNEL D ISTINGUISHER ? 0.6 3 # standard deviations 0.4 Distinguisher value 2 0.2 1 0 0 −1 −0.2 −2 −0.4 0 0 10 10 20 20 30 30 40 40 50 50 60 60 Key hypothesis True key Nearest rival C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 3 / 1

  10. W HAT IS A S IDE -C HANNEL D ISTINGUISHER ? 0.6 3 # standard deviations 0.4 Distinguisher value 2 0.2 1 0 0 −1 −0.2 −2 −0.4 0 0 10 10 20 20 30 30 40 40 50 50 60 60 Key hypothesis True key Nearest rival C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 3 / 1

  11. W HAT IS A S IDE -C HANNEL D ISTINGUISHER ? 0.6 3 # standard deviations 0.4 Distinguisher value 2 0.2 1 0 0 −1 −0.2 −2 −0.4 0 0 10 10 20 20 30 30 40 40 50 50 60 60 Key hypothesis True key Nearest rival C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 3 / 1

  12. W HAT IS A S IDE -C HANNEL D ISTINGUISHER ? 0.6 3 # standard deviations 0.4 Distinguisher value 2 0.2 1 0 0 −1 −0.2 −2 −0.4 0 0 10 10 20 20 30 30 40 40 50 50 60 60 Key hypothesis True key Nearest rival C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 3 / 1

  13. W HAT M AKES A G OOD D ISTINGUISHER ? T HE USUAL APPROACH . . . Desirable metric: “# of trace measurements required for key recovery” Not like-for-like: Practical outcomes highly sensitive to estimator choice Not computable: Sampling distributions (usually) unknown O UR CONTRIBUTION ‘True’ distinguishing vectors can be directly computed for well-defined hypothetical scenarios Theoretic advantages � = ⇒ practical advantages (unequal estimation costs) BUT Certain characteristics have a strong bearing on likely practical outcomes What features of the theoretic distinguishing vectors most contribute to its estimatability? C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 5 / 1

  14. W HAT M AKES A G OOD D ISTINGUISHER ? T HE USUAL APPROACH . . . Desirable metric: “# of trace measurements required for key recovery” Not like-for-like: Practical outcomes highly sensitive to estimator choice Not computable: Sampling distributions (usually) unknown O UR CONTRIBUTION ‘True’ distinguishing vectors can be directly computed for well-defined hypothetical scenarios Theoretic advantages � = ⇒ practical advantages (unequal estimation costs) BUT Certain characteristics have a strong bearing on likely practical outcomes What features of the theoretic distinguishing vectors most contribute to its estimatability? C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 5 / 1

  15. ‘A F AIR E VALUATION F RAMEWORK ’ 0.6 3 Correct key ranking in the theoretic vector 0.4 # standard deviations Distinguisher value 2 0.2 1 ◮ Distinguisher must isolate key in theory to stand a 0 0 −1 chance in practice −0.2 −2 −0.4 0 0 10 10 20 20 30 30 40 40 50 50 60 60 Key hypothesis Nearest-rival distinguishing score – # s.d. between correct key value and highest ranked alternative ◮ The smaller the margin, the fewer the traces needed for estimation! Average minimum support – how large an input support does the distinguisher need? ◮ An attack which needs to ‘see more inputs’ will inevitably need more traces C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 6 / 1

  16. ‘A F AIR E VALUATION F RAMEWORK ’ 0.6 3 Correct key ranking in the theoretic vector 0.4 # standard deviations Distinguisher value 2 0.2 1 ◮ Distinguisher must isolate key in theory to stand a 0 0 −1 chance in practice −0.2 −2 −0.4 0 0 10 10 20 20 30 30 40 40 50 50 60 60 Key hypothesis 0.6 Nearest-rival distinguishing score – # s.d. between 3 0.4 # standard deviations Distinguisher value 2 correct key value and highest ranked alternative 0.2 1 0 0 ◮ The smaller the margin, the fewer the traces needed −1 −0.2 for estimation! −2 −0.4 0 0 10 10 20 20 30 30 40 40 50 50 60 60 Key hypothesis Average minimum support – how large an input support does the distinguisher need? ◮ An attack which needs to ‘see more inputs’ will inevitably need more traces C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 6 / 1

  17. ‘A F AIR E VALUATION F RAMEWORK ’ 0.6 3 Correct key ranking in the theoretic vector 0.4 # standard deviations Distinguisher value 2 0.2 1 ◮ Distinguisher must isolate key in theory to stand a 0 0 −1 chance in practice −0.2 −2 −0.4 0 0 10 10 20 20 30 30 40 40 50 50 60 60 Key hypothesis 0.6 Nearest-rival distinguishing score – # s.d. between 3 0.4 # standard deviations Distinguisher value 2 correct key value and highest ranked alternative 0.2 1 0 0 ◮ The smaller the margin, the fewer the traces needed −1 −0.2 for estimation! −2 −0.4 0 0 10 10 20 20 30 30 40 40 50 50 60 60 Key hypothesis Average minimum support – how large an input 1 Theoretic success rate 0.8 support does the distinguisher need? 0.6 0.4 ◮ An attack which needs to ‘see more inputs’ will 0.2 inevitably need more traces 0 0 10 20 30 40 Support size C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 6 / 1

  18. T HE D ISTINGUISHERS AT A G LANCE . . . MIA: M UTUAL INFORMATION Defined as: D ( k ) = I ( L k ∗ + ε ; M k ) = H ( L k ∗ + ε ) − H ( L k ∗ + ε | M k ) , where � H is the differential entropy: H ( X ) = − x ∈X p X ( x ) log 2 ( p X ( x )) Functional of the distribution —estimation problematic DPA outcomes extremely sensitive to estimator choice; no ‘ideal’ exists No general results for the sampling distributions CPA: P EARSON ’ S CORRELATION COEFFICIENT Cov ( L k ∗ + ε, M k ) √ Var ( L k ∗ + ε ) √ Defined as: D ( k ) = ρ ( L k ∗ + ε, M k ) = Var ( M k ) Function of distributional moments —estimation simple Sample correlation coefficient suits a broad range of assumptions Lots of ‘nice’ results for its sampling distribution C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 7 / 1

  19. T HE D ISTINGUISHERS AT A G LANCE . . . MIA: M UTUAL INFORMATION Defined as: D ( k ) = I ( L k ∗ + ε ; M k ) = H ( L k ∗ + ε ) − H ( L k ∗ + ε | M k ) , where � H is the differential entropy: H ( X ) = − x ∈X p X ( x ) log 2 ( p X ( x )) Functional of the distribution —estimation problematic DPA outcomes extremely sensitive to estimator choice; no ‘ideal’ exists No general results for the sampling distributions CPA: P EARSON ’ S CORRELATION COEFFICIENT Cov ( L k ∗ + ε, M k ) √ Var ( L k ∗ + ε ) √ Defined as: D ( k ) = ρ ( L k ∗ + ε, M k ) = Var ( M k ) Function of distributional moments —estimation simple Sample correlation coefficient suits a broad range of assumptions Lots of ‘nice’ results for its sampling distribution C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 7 / 1

  20. W HY ‘M UTUAL I NFORMATION A NALYSIS ’? Proposed (Gierlichs et al. , 2008) as an enhancement to correlation DPA: Optimal in an information theoretic sense – quantifies total dependence Generic – should work even without a good power model However . . . correlation DPA frequently performs better in empirical comparisons What can we learn from a theoretic evaluation? Distinguisher Power model Abbreviation Correlation DPA Hamming weight CPA(HW) Hamming weight MIA(HW) Mutual Information Analysis Identity MIA(ID) C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 8 / 1

  21. W HY ‘M UTUAL I NFORMATION A NALYSIS ’? Proposed (Gierlichs et al. , 2008) as an enhancement to correlation DPA: Optimal in an information theoretic sense – quantifies total dependence Generic – should work even without a good power model However . . . correlation DPA frequently performs better in empirical comparisons What can we learn from a theoretic evaluation? Distinguisher Power model Abbreviation Correlation DPA Hamming weight CPA(HW) Hamming weight MIA(HW) Mutual Information Analysis Identity MIA(ID) C. W HITNALL (U NIVERSITY OF B RISTOL ) E VALUATING MIA CRYPTO 2011 8 / 1

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Photo courtesy of Casbr(@flickr.com) - granted under creative commons licence - attribution Photo

Photo courtesy of Casbr(@flickr.com) - granted under creative commons licence - attribution Photo

Photo courtesy of Casbr(@flickr.com) - granted under creative commons licence - attribution Photo courtesy of Sharon Mollerus(@flickr.com) - granted under creative commons licence - attribution Photo courtesy of Gaspa(@flickr.com) - granted under

248 views • 11 slides
ITKAN CNT Presentation March 14, 2019 Photo Credit: Jeff McC, Flickr, Creative Commons 4

ITKAN CNT Presentation March 14, 2019 Photo Credit: Jeff McC, Flickr, Creative Commons 4

Photo Credit: clarkmaxwell/Flickr, Creative Commons License ITKAN CNT Presentation March 14, 2019 Photo Credit: Jeff McC, Flickr, Creative Commons 4 URBAN FLOODING 8 Urban Flooding Defined The inundation of property in a built

723 views • 18 slides
Drawing Birds in Pencil Comparing Two Birds Photo courtesy of (Hefin Owen@flickr.com) Photo

Drawing Birds in Pencil Comparing Two Birds Photo courtesy of (Hefin Owen@flickr.com) Photo

Drawing Birds in Pencil Comparing Two Birds Photo courtesy of (Hefin Owen@flickr.com) Photo courtesy of (Tony Smith@flickr.com) - granted under creative commons licence attribution - granted under creative commons licence attribution

452 views • 14 slides
Photo by frankieleon - Creative Commons Attribution License

Photo by frankieleon - Creative Commons Attribution License

Photo by frankieleon - Creative Commons Attribution License https://www.flickr.com/photos/23307937@N04 ! Created with Haiku Deck ! Photo by BAMCorp - Creative Commons Attribution-ShareAlike License https://www.flickr.com/photos/60766987@N00 !

374 views • 12 slides
Risk Pools and Adverse Selection General Idea Quality of Pool More Important Than Size Photo

Risk Pools and Adverse Selection General Idea Quality of Pool More Important Than Size Photo

Colorado Division of Insurance Risk Pools and Adverse Selection General Idea Quality of Pool More Important Than Size Photo by flickr iLoveMountains.org Photo by flickr user marcn Where is Adverse Selection Market Do healthy people

228 views • 9 slides
1 Photo: SOS program in Elenos, Greece Photo: SOS Sanothimi, Nepal 2 3 4 5 6 6 7 7

1 Photo: SOS program in Elenos, Greece Photo: SOS Sanothimi, Nepal 2 3 4 5 6 6 7 7

1 Photo: SOS program in Elenos, Greece Photo: SOS Sanothimi, Nepal 2 3 4 5 6 6 7 7 (US Department of Health and Human Services) 8 Photo: SOS Macedonia 9 10 10 11 Photo: SOS Guatemala 11 Photo: SOS

657 views • 30 slides
Photo by woodleywonderworks - Creative Commons Attribution License

Photo by woodleywonderworks - Creative Commons Attribution License

Photo by woodleywonderworks - Creative Commons Attribution License https://www.flickr.com/photos/73645804@N00 Created with Haiku Deck Animoto Video: Tournament Photos http://video214.com/play/aI15Aa4bqP8BJXEM1dQ8Tg /s/dark Photo by

556 views • 29 slides
What is a Faberg Egg? Photo courtesy of Thomas Kohler Smith(@flickr.com) - granted under

What is a Faberg Egg? Photo courtesy of Thomas Kohler Smith(@flickr.com) - granted under

What is a Faberg Egg? Photo courtesy of Thomas Kohler Smith(@flickr.com) - granted under creative commons licence - attribution A Faberg egg is considered to be any one of about 70 jewelled eggs made by Peter Carl Faberg between 1885

518 views • 15 slides
A task setting PowerPoint Pack about digestion. Photo courtesy of Sam Howzit (@flickr.com) -

A task setting PowerPoint Pack about digestion. Photo courtesy of Sam Howzit (@flickr.com) -

A task setting PowerPoint Pack about digestion. Photo courtesy of Sam Howzit (@flickr.com) - granted under creative commons licence - attribution Photo courtesy of classicasleep* (@flickr.com) - granted under creative commons licence - attribution

379 views • 10 slides
Photo by Images_of_Money - Creative Commons Attribution License

Photo by Images_of_Money - Creative Commons Attribution License

Photo by Images_of_Money - Creative Commons Attribution License https://www.flickr.com/photos/59937401@N07 Created with Haiku Deck Photo by GotCredit - Creative Commons Attribution License https://www.flickr.com/photos/30576334@N05 Created with

289 views • 26 slides
THE PROBLEM #WorldofAsphalt Photo: Rosenberger 1 2/8/2019 I71 in Cincinnati, OH Photo:

THE PROBLEM #WorldofAsphalt Photo: Rosenberger 1 2/8/2019 I71 in Cincinnati, OH Photo:

2/8/2019 Best Practices for Construction of Longitudinal Joints Wayne Jones, P.E. Senior Regional Engineer Asphalt Institute THE PROBLEM #WorldofAsphalt Photo: Rosenberger 1 2/8/2019 I71 in Cincinnati, OH Photo: Grass Photo:

627 views • 30 slides
Photo by Leo Hidalgo (@yompyz) - Creative Commons Attribution License

Photo by Leo Hidalgo (@yompyz) - Creative Commons Attribution License

Photo by Leo Hidalgo (@yompyz) - Creative Commons Attribution License https://www.flickr.com/photos/69474058@N03 Created with Haiku Deck Photo by Curtox - Creative Commons Attribution-NonCommercial-ShareAlike License

652 views • 25 slides
Field study Field study 4 commercial organic herds Jan 2012 to March 2013 Insemination

Field study Field study 4 commercial organic herds Jan 2012 to March 2013 Insemination

Different production environments - the same genetic material Effect of sire on pig leg health in commercial organic herds Photo: Jenny Svenns-Gillner, SLU Photo: Anna Wallenbeck Photo: Haoyu Liu Photo: Eva Persson Photo: Maria Alarik Anna

184 views • 3 slides
Green First Ken Moraff, EPA New England Falmouth, MA 12/8/11 Photo:

Green First Ken Moraff, EPA New England Falmouth, MA 12/8/11 Photo:

Green First Ken Moraff, EPA New England Falmouth, MA 12/8/11 Photo: http://www.flickr.com/photos/vintagehalloweencollector/3619346215/ Causal Relationships for Narragansett Bay Storm-water Disposable runoff Watershed Atmospheric

435 views • 15 slides
Entrepreneurship and Innovation Management Autumn 2017 Photo: FryskLab/flickr Lecture 2: Customer

Entrepreneurship and Innovation Management Autumn 2017 Photo: FryskLab/flickr Lecture 2: Customer

Entrepreneurship and Innovation Management Autumn 2017 Photo: FryskLab/flickr Lecture 2: Customer development, and the business model The course structure Introduction to entrepreneurship and innovation Opportunity Entrepreneurial

858 views • 51 slides
The Dark Art of Rails Plugins James Adam reevoo.com This could be you! Im hacking ur Railz

The Dark Art of Rails Plugins James Adam reevoo.com This could be you! Im hacking ur Railz

The Dark Art of Rails Plugins James Adam reevoo.com This could be you! Im hacking ur Railz appz!!1! Photo: http://flickr.com/photos/toddhiestand/197704394/ Anatomy of a plugin Photo: http://flickr.com/photos/guccibear2005/206352128/ lib

1.08k views • 68 slides
Measures of core inflation in Switzerland An evaluation of alternative calculation methods for

Measures of core inflation in Switzerland An evaluation of alternative calculation methods for

Measures of core inflation in Switzerland An evaluation of alternative calculation methods for monetary policy Marco Huwiler 11th Ottawa Group Conference Neuchtel, 27-29 May 2009 Overview Motivation Traditional measures of core

713 views • 30 slides
Course : Data mining Topic : Rank aggregation Aristides Gionis Aalto University Department of

Course : Data mining Topic : Rank aggregation Aristides Gionis Aalto University Department of

Course : Data mining Topic : Rank aggregation Aristides Gionis Aalto University Department of Computer Science visiting in Sapienza University of Rome fall 2016 reading Cynthia Dwork, Ravi Kumar, Moni Naor, D. Sivakumar: Rank aggregation

719 views • 34 slides
Lie Superalgebras and Sage Daniel Bump July 26, 2018 With the connivance of Brubaker, Schilling

Lie Superalgebras and Sage Daniel Bump July 26, 2018 With the connivance of Brubaker, Schilling

Generalities gl (m|n) Lie Superalgebras and Sage Daniel Bump July 26, 2018 With the connivance of Brubaker, Schilling and Scrimshaw. 1/19 Generalities gl (m|n) Lie Methods in Sage Lie methods in WeylCharacter class: Compute characters of

583 views • 19 slides
ECON2228 Notes 7 Christopher F Baum Boston College Economics 20142015 cfb (BC Econ)

ECON2228 Notes 7 Christopher F Baum Boston College Economics 20142015 cfb (BC Econ)

ECON2228 Notes 7 Christopher F Baum Boston College Economics 20142015 cfb (BC Econ) ECON2228 Notes 6 20142015 1 / 41 Chapter 8: Heteroskedasticity In laying out the standard regression model, we made the assumption of homoskedasticity

772 views • 41 slides
Extending R through packages: Theres a package for everything R packages are available on CRAN

Extending R through packages: Theres a package for everything R packages are available on CRAN

Extending R through packages: Theres a package for everything R packages are available on CRAN (Comprehensive R Archive Network) Well be working with the package ggplot2 ggplot2: A grammar of graphics Traditional plotting: You are a

169 views • 16 slides
CS1150 Principles of Computer Science Boolean, Selection Statements Yanyan Zhuang Department of

CS1150 Principles of Computer Science Boolean, Selection Statements Yanyan Zhuang Department of

CS1150 Principles of Computer Science Boolean, Selection Statements Yanyan Zhuang Department of Computer Science http://www.cs.uccs.edu/~yzhuang CS1150 UC. Colorado Springs Review What happens when we create a Scanner? o Scanner input =

617 views • 23 slides
E x ploring relationships E XP L OR ATOR Y DATA AN ALYSIS IN P YTH ON Allen Do w ne y Professor

E x ploring relationships E XP L OR ATOR Y DATA AN ALYSIS IN P YTH ON Allen Do w ne y Professor

E x ploring relationships E XP L OR ATOR Y DATA AN ALYSIS IN P YTH ON Allen Do w ne y Professor , Olin College Height and w eight EXPLORATORY DATA ANALYSIS IN PYTHON Scatter plot brfss = pd.read_hdf('brfss.hdf5', 'brfss') height =

505 views • 38 slides
Latent class analysis with Stata Isabel Canette Principal Mathematician and Statistician

Latent class analysis with Stata Isabel Canette Principal Mathematician and Statistician

Latent class analysis with Stata Isabel Canette Principal Mathematician and Statistician StataCorp LLC 2018 Mexican Stata Users Group Meeting Tlaxcala, August 16-17, 2018 Introduction Latent class analysis (LCA) comprises a set of

512 views • 26 slides

More recommend