random probing security
play

Random Probing Security Verification, Composition, Expansion and New - PowerPoint PPT Presentation

Feb 03, 2023 •47 likes •1.04k views

Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Random Probing Security Verification, Composition, Expansion and New Constructions Sonia Belad 1 , Jean-Sbastien Coron 2 Emmanuel

  1. Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Random Probing Security Verification, Composition, Expansion and New Constructions Sonia Belaïd 1 , Jean-Sébastien Coron 2 Emmanuel Prouff 3 , Matthieu Rivain 1 and Abdul Rahman Taleb 1 1 CryptoExperts, France 2 University of Luxembourg 3 ANSSI, France August 7, 2020 S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 1 / 20

  2. Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Side-Channel Attacks S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 2 / 20

  3. Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Side-Channel Attacks S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 2 / 20

  4. Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Countermeasure Higher-order Masking Sensitive variable x , group ( G , ⋆ ) : S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 3 / 20

  5. Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Countermeasure Higher-order Masking Sensitive variable x , group ( G , ⋆ ) : x = x 0 ⋆ . . . ⋆ x n − 2 ⋆ x n − 1 � �� � ���� S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 3 / 20

  6. Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Countermeasure Higher-order Masking Sensitive variable x , group ( G , ⋆ ) : x = x 0 ⋆ . . . ⋆ x n − 2 ⋆ x n − 1 � �� � ���� uniformly at random from G S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 3 / 20

  7. Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Countermeasure Higher-order Masking Sensitive variable x , group ( G , ⋆ ) : x = x 0 ⋆ . . . ⋆ x n − 2 ⋆ x n − 1 � �� � ���� x ⋆ x 0 ··· ⋆ x n − 2 uniformly at random from G S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 3 / 20

  8. Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Countermeasure Higher-order Masking Sensitive variable x , group ( G , ⋆ ) : x = x 0 ⋆ . . . ⋆ x n − 2 ⋆ x n − 1 � �� � ���� x ⋆ x 0 ··· ⋆ x n − 2 uniformly at random from G Security of masking schemes? S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 3 / 20

  9. Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Leakage Models Definitions Convenient Realistic

  10. Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Leakage Models Definitions Convenient t -probing model t leaking variables Realistic

  11. Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Leakage Models Definitions Convenient t -probing model t leaking variables Random probing model each variable leaks with proba. p Realistic

  12. Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Leakage Models Definitions Convenient t -probing model t leaking variables Random probing model each variable leaks with proba. p Noisy Leakage model noisy leakage of all the variables Realistic S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 4 / 20

  13. Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Leakage Models Existing Works S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 5 / 20

  14. Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Leakage Models Existing Works • Reduction property [Duc et al., 2014] Random Probing Noisy Leakage Probing Security = ⇒ = ⇒ Security Security S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 5 / 20

  15. Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Leakage Models Existing Works • Reduction property [Duc et al., 2014] Random Probing Noisy Leakage Probing Security = ⇒ = ⇒ Security Security Random Probing Constructions: S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 5 / 20

  16. Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Leakage Models Existing Works • Reduction property [Duc et al., 2014] Random Probing Noisy Leakage Probing Security = ⇒ = ⇒ Security Security Random Probing Constructions: • [Ajtai, 2011, Andrychowicz et al., 2016] based on expander graphs S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 5 / 20

  17. Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Leakage Models Existing Works • Reduction property [Duc et al., 2014] Random Probing Noisy Leakage Probing Security = ⇒ = ⇒ Security Security Random Probing Constructions: • [Ajtai, 2011, Andrychowicz et al., 2016] based on expander graphs • [Ananth et al., 2018] based on secure multi-party computa- � tions O ( | C | . poly ( κ )) for a circuit C , tolerated leakage proba. ≈ 2 − 25 � . S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 5 / 20

  18. Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Random Probing Model Contributions S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 6 / 20

  19. Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Random Probing Model Contributions • VRAPS Tool : (V)erifier of (RA)ndom (P)robing (S)ecurity. S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 6 / 20

  20. Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Random Probing Model Contributions • VRAPS Tool : (V)erifier of (RA)ndom (P)robing (S)ecurity. • Random probing composability / expandability for global security level amplification (inspired from [Ananth et al., 2018]). S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 6 / 20

  21. Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Random Probing Model Contributions • VRAPS Tool : (V)erifier of (RA)ndom (P)robing (S)ecurity. • Random probing composability / expandability for global security level amplification (inspired from [Ananth et al., 2018]). • Efficient instantiation from base gadgets in O ( | C | .κ 7 . 5 ) tolerating leakage probability ≈ 2 − 8 . S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 6 / 20

  22. Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Random Probing Security Definition ( p , ǫ ) -Random Probing Security p || p p × r p p p + p + + Add × Mult. || Copy r Random

  23. Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Random Probing Security Definition ( p , ǫ ) -Random Probing Security p W set of wires || p p × r p p p + p + + Add × Mult. Failure Probability ǫ || Copy r Random S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 7 / 20

  24. Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Random Probing Security Definition ( p , ǫ ) -Random Probing Security p W set of wires || p p × r p p p Independent from secret inputs ? + p + + Add × Mult. Failure Probability ǫ || Copy r Random S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 7 / 20

  25. Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Random Probing Security Definition ( p , ǫ ) -Random Probing Security p W set of wires || p p × r p p p Independent from secret inputs ? + yes p no + + Add × Mult. Failure Probability ǫ || Copy r Random S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 7 / 20

  26. Introduction Random Probing Security Random Probing Composability Random Probing Expandability Conclusion Random Probing Security Definition ( p , ǫ ) -Random Probing Security p W set of wires || p p × r p p p Independent from secret inputs ? + yes p no + Simulation Success + Add × Mult. Failure Probability ǫ || Copy r Random S. Belaid, JS. Coron, E. Prouff, M. Rivain, A. Taleb Random Probing Security 7 / 20

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Probing for Open DNS Resolvers John Kristoff jtk@depaul.edu Midwest Security Workshop jtk

Probing for Open DNS Resolvers John Kristoff jtk@depaul.edu Midwest Security Workshop jtk

Probing for Open DNS Resolvers John Kristoff jtk@depaul.edu Midwest Security Workshop jtk (jtk@depaul.edu) DNS Probing September 30, 2006 1 / 9 Open Resolvers Recursive - open access to a full resolver Forwarder - proxy access to a

371 views • 9 slides
Occultations for Probing for Probing Occultations Atmosphere and Climate: Atmosphere and

Occultations for Probing for Probing Occultations Atmosphere and Climate: Atmosphere and

I nstitute for G eophysics, A strophysics, and M eteorology / U niversity of G raz A tmospheric R emote S ensing and Cli mate Sys tem Research Group ARSCliSys on the art of understanding the climate system Occultations for Probing for Probing

570 views • 12 slides
On the spectral features of robust probing security Maria Chiara Molteni 1 Vittorio Zaccaria 2 1

On the spectral features of robust probing security Maria Chiara Molteni 1 Vittorio Zaccaria 2 1

Context Theoretical contribution Applications Complexity Conclusion On the spectral features of robust probing security Maria Chiara Molteni 1 Vittorio Zaccaria 2 1 Dipartimento di Informatica Giovanni Degli Antoni Universit` a degli

1.03k views • 52 slides
Tight Private Circuits: Achieving Probing Security with the Least Refreshing Sonia Belaid,

Tight Private Circuits: Achieving Probing Security with the Least Refreshing Sonia Belaid,

Tight Private Circuits: Achieving Probing Security with the Least Refreshing Sonia Belaid, Dahmun Goudarzi, and Matthieu Rivain dahmun.goudarzi@pqshield.com 1 Side-Channel Attacks and Higher-Order Masking in 1 in 2 in 3

655 views • 52 slides
Tao Probing the End of the World 1 - 1 - Masato

Tao Probing the End of the World 1 - 1 - Masato

@YITP WS Tao Probing the End of the World 1 - 1 - Masato Taki RIKEN , i THES group .Yagi (KIAS) [ arXiv:1504.03672] Collaboration w/ S-S.Kim and F 2015.11/12 Tao Probing the End of the World new

1.01k views • 81 slides
Sample or Random Security A Security Model for Segment-Based Visual Cryptography Sebastian

Sample or Random Security A Security Model for Segment-Based Visual Cryptography Sebastian

Sample or Random Security A Security Model for Segment-Based Visual Cryptography Sebastian Pape Dortmund Technical University March 5th, 2014 Financial Cryptography and Data Security 2014 Sebastian Pape Sample or Random Security March

541 views • 25 slides
Revisiting iOS Kernel (In)Security: Attacking the Early Random PRNG Tarjei Mandt CanSecWest 2014

Revisiting iOS Kernel (In)Security: Attacking the Early Random PRNG Tarjei Mandt CanSecWest 2014

Revisiting iOS Kernel (In)Security: Attacking the Early Random PRNG Tarjei Mandt CanSecWest 2014 tm@azimuthsecurity.com @kernelpool About Me Senior Security Researcher at Azimuth Security Masters degree in Information Security

1.24k views • 76 slides
Linear probing with constant independence Anna Pagh, Rasmus Pagh, and Milan Ru i IT

Linear probing with constant independence Anna Pagh, Rasmus Pagh, and Milan Ru i IT

Linear probing with constant independence Anna Pagh, Rasmus Pagh, and Milan Ru i IT University of Copenhagen STOC 2007 Hashing with linear probing Hashing with linear probing Hashing with linear probing Hashing with linear probing

827 views • 48 slides
Perspectives: Improving SSH-style authentication using multi-path probing Dan Wendlandt, David

Perspectives: Improving SSH-style authentication using multi-path probing Dan Wendlandt, David

Perspectives: Improving SSH-style authentication using multi-path probing Dan Wendlandt, David G. Andersen, Adrian Perrig - ATC'08 By Hassan Shahid Khan CS 598 - COMPUTER SECURITY IN THE PHYSICAL WORLD In the beginning of times.. Telnet

1.11k views • 31 slides
PSEUDO-RANDOM FUNCTIONS We want to answer the question: What is a good block cipher? where

PSEUDO-RANDOM FUNCTIONS We want to answer the question: What is a good block cipher? where

Recall We studied security of function families (in particular, block ciphers) against key recovery. But we saw that security against key recovery is not su ffi cient to ensure that natural usages of a block cipher are secure. PSEUDO-RANDOM

268 views • 13 slides
Cache misses for lookup, existing of random ints Cache misses for lookup, non-existing of random

Cache misses for lookup, existing of random ints Cache misses for lookup, non-existing of random

The hash tables Googles dense and sparse hash tables Use open addressing Quadratic probing SGI Is a chained hash table Referred to as gnu in graphs One-table and Two-table Doubly linked: Rather large compartments

645 views • 29 slides
Glitch-Resistant Masking Revisited or Why Proofs in the Robust Probing Model are Needed Thorben

Glitch-Resistant Masking Revisited or Why Proofs in the Robust Probing Model are Needed Thorben

Glitch-Resistant Masking Revisited or Why Proofs in the Robust Probing Model are Needed Thorben Moos 1 , Amir Moradi 1 , Tobias Schneider 2 and Franois-Xavier Standaert 2 Horst Grtz Institute for IT Security, Ruhr-Universitt Bochum,

694 views • 46 slides
Probing trans-Neptunian Objects Probing trans-Neptunian Objects with stellar occultations in Gaia

Probing trans-Neptunian Objects Probing trans-Neptunian Objects with stellar occultations in Gaia

Probing trans-Neptunian Objects Probing trans-Neptunian Objects with stellar occultations in Gaia occultations in Gaia era era with stellar Bruno Sicardy Observatoire de Paris - LESIA & universit Pierre et Marie Curie Solar system

908 views • 41 slides
Full Indifferentiable Security of the Xor of Two or More Random Permutations Using the 2 Method

Full Indifferentiable Security of the Xor of Two or More Random Permutations Using the 2 Method

Full Indifferentiable Security of the Xor of Two or More Random Permutations Using the 2 Method Srimanta Bhattacharya and Mridul Nandi Indian Statistical Institute, Kolkata. Eurocrypt 2018 Tel Aviv, Israel 30th April, 2018 Outline 1

1.8k views • 162 slides
Bypassing Different Defense Schemes via Crash-Resistant Probing of Address Space Robert Gawlik

Bypassing Different Defense Schemes via Crash-Resistant Probing of Address Space Robert Gawlik

Bypassing Different Defense Schemes via Crash-Resistant Probing of Address Space Robert Gawlik Ruhr University Bochum Horst Grtz Institute for IT-Security Bochum, Germany About me Playing with InfoSec since 2010 Currently in academia

1.13k views • 84 slides
Random Numbers RANDOM VS PSEUDO RANDOM Truly Random numbers From Wolfram: A random number

Random Numbers RANDOM VS PSEUDO RANDOM Truly Random numbers From Wolfram: A random number

Random Numbers RANDOM VS PSEUDO RANDOM Truly Random numbers From Wolfram: A random number is a number chosen as if by chance from some specified distribution such that selection of a large set of these numbers reproduces the underlying

720 views • 12 slides
Chapter 5: Integer Compositions and Partitions and Set Partitions Prof. Tesler Math 184A Fall

Chapter 5: Integer Compositions and Partitions and Set Partitions Prof. Tesler Math 184A Fall

Chapter 5: Integer Compositions and Partitions and Set Partitions Prof. Tesler Math 184A Fall 2017 Prof. Tesler Ch. 5: Compositions and Partitions Math 184A / Fall 2017 1 / 46 5.1. Compositions A strict composition of n is a tuple of

677 views • 46 slides
Secure Protocol Composition Anupam Datta Ante Derek John C. Mitchell Dusko Pavlovic

Secure Protocol Composition Anupam Datta Ante Derek John C. Mitchell Dusko Pavlovic

Secure Protocol Composition Anupam Datta Ante Derek John C. Mitchell Dusko Pavlovic Stanford University Kestrel Institute FMSE Oct 30, 2003 Motivation Divide-and-Conquer paradigm in security IKE: Phase 1: 4 sub-protocols

320 views • 29 slides
Composite Link Requirements draft-so-yong-mpls-ctg-requirement-00.txt Ning So

Composite Link Requirements draft-so-yong-mpls-ctg-requirement-00.txt Ning So

Composite Link Requirements draft-so-yong-mpls-ctg-requirement-00.txt Ning So ning.so@verizonbusiness.com Andrew Malis andrew.g.malis@verizon.com Dave McDysan dave.mcdysan@verizon.com Lucy Yong lucyyong@huawei.com Fredric Jounay

370 views • 13 slides
Value Objects public class CustForm extends ActionForm { public interface CustomerService {

Value Objects public class CustForm extends ActionForm { public interface CustomerService {

Power of Value Power Use of Value Objects in Domain Driven Design QCon London 2009 Dan Bergh Johnsson Partner and Spokesperson Omegapoint AB, Sweden phrase stolen SmallTalk Value Objects public class CustForm extends ActionForm {

1.04k views • 71 slides
The algebra of functions Given two functions, say f ( x ) = x 2 and g ( x ) = x + 1 , we can, in

The algebra of functions Given two functions, say f ( x ) = x 2 and g ( x ) = x + 1 , we can, in

The algebra of functions Given two functions, say f ( x ) = x 2 and g ( x ) = x + 1 , we can, in obvious ways, add, subtract, multiply and divide these functions. For example, the function f + g is defined simply by Elementary Functions ( f + g )(

404 views • 5 slides
Building complex DP algorithms using composition Privacy & Fairness in Data Science CS848

Building complex DP algorithms using composition Privacy & Fairness in Data Science CS848

Building complex DP algorithms using composition Privacy & Fairness in Data Science CS848 Fall 2019 2 Outline Recap Laplace Mechanism Composition Theorems Optimizing accuracy of DP algorithms Utilizing Parallel

972 views • 45 slides
Composition of product-form Generalized Stochastic Petri Nets: a modular approach Simonetta

Composition of product-form Generalized Stochastic Petri Nets: a modular approach Simonetta

Composition of product-form Generalized Stochastic Petri Nets: a modular approach Simonetta Balsamo and Andrea Marin Universit` a Ca Foscari di Venezia Dipartimento di Informatica Italy October 2009 Introduction Problems in exact

290 views • 17 slides
A Composition Theorem for Conical Juntas Mika G o os University of Toronto IBM Almaden

A Composition Theorem for Conical Juntas Mika G o os University of Toronto IBM Almaden

A Composition Theorem for Conical Juntas Mika G o os University of Toronto IBM Almaden T.S. Jayram G o os and Jayram A composition theorem for conical juntas 29th May 2016 1 / 12 Motivation Randomised communication A ND -O R

784 views • 24 slides

More recommend