side channel countermeasures dissection
play

Side-Channel Countermeasures Dissection and the Limits of Closed - PowerPoint PPT Presentation

Sep 30, 2022 •313 likes •2.22k views

Introduction Countermeasures Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Side-Channel Countermeasures Dissection and the Limits of Closed Source Security Evaluations Olivier Bronchain Fran

  1. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion What About Real-World Targets ? A few published attacks on real products exist: Olivier Bronchain Side-Channel Countermeasures’ Dissection 5 / 27

  2. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion What About Real-World Targets ? A few published attacks on real products exist: ◮ Key recovery for bitstream encryption keys (Moradi et al ., 2011) Olivier Bronchain Side-Channel Countermeasures’ Dissection 5 / 27

  3. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion What About Real-World Targets ? A few published attacks on real products exist: ◮ Key recovery for bitstream encryption keys (Moradi et al ., 2011) ◮ Update forgery on HP Light Bumps (Ronen et al ., 2016) Olivier Bronchain Side-Channel Countermeasures’ Dissection 5 / 27

  4. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion What About Real-World Targets ? A few published attacks on real products exist: ◮ Key recovery for bitstream encryption keys (Moradi et al ., 2011) ◮ Update forgery on HP Light Bumps (Ronen et al ., 2016) ◮ Car opening against Tesla Key Fob (Wouters et al ., 2019) Olivier Bronchain Side-Channel Countermeasures’ Dissection 5 / 27

  5. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion What About Real-World Targets ? A few published attacks on real products exist: ◮ Key recovery for bitstream encryption keys (Moradi et al ., 2011) ◮ Update forgery on HP Light Bumps (Ronen et al ., 2016) ◮ Car opening against Tesla Key Fob (Wouters et al ., 2019) Once (huge) reverse engineering done, attacks are straightforward. Olivier Bronchain Side-Channel Countermeasures’ Dissection 5 / 27

  6. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion What About Real-World Targets ? A few published attacks on real products exist: ◮ Key recovery for bitstream encryption keys (Moradi et al ., 2011) ◮ Update forgery on HP Light Bumps (Ronen et al ., 2016) ◮ Car opening against Tesla Key Fob (Wouters et al ., 2019) Once (huge) reverse engineering done, attacks are straightforward. ◮ These examples are however not reflective of certified products Olivier Bronchain Side-Channel Countermeasures’ Dissection 5 / 27

  7. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion What About Real-World Targets ? A few published attacks on real products exist: ◮ Key recovery for bitstream encryption keys (Moradi et al ., 2011) ◮ Update forgery on HP Light Bumps (Ronen et al ., 2016) ◮ Car opening against Tesla Key Fob (Wouters et al ., 2019) Once (huge) reverse engineering done, attacks are straightforward. ◮ These examples are however not reflective of certified products ◮ We lack practically relevant examples of ”sound combinations of countermeasures” Olivier Bronchain Side-Channel Countermeasures’ Dissection 5 / 27

  8. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Useful step in this direction: ANSSI’s Implem. Open-source protected AES: Olivier Bronchain Side-Channel Countermeasures’ Dissection 6 / 27

  9. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Useful step in this direction: ANSSI’s Implem. Open-source protected AES: ◮ From a team of experts Olivier Bronchain Side-Channel Countermeasures’ Dissection 6 / 27

  10. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Useful step in this direction: ANSSI’s Implem. Open-source protected AES: ◮ From a team of experts ◮ Mixed countermeasures Olivier Bronchain Side-Channel Countermeasures’ Dissection 6 / 27

  11. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Useful step in this direction: ANSSI’s Implem. Open-source protected AES: ◮ From a team of experts ◮ Mixed countermeasures ◮ Preliminary leakage assessment Olivier Bronchain Side-Channel Countermeasures’ Dissection 6 / 27

  12. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Useful step in this direction: ANSSI’s Implem. Open-source protected AES: ◮ From a team of experts ◮ Mixed countermeasures ◮ Preliminary leakage assessment !! Educational purpose only !! Olivier Bronchain Side-Channel Countermeasures’ Dissection 6 / 27

  13. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Useful step in this direction: ANSSI’s Implem. Open-source protected AES: ◮ From a team of experts ◮ Mixed countermeasures ◮ Preliminary leakage assessment !! Educational purpose only !! It could be used to study: Olivier Bronchain Side-Channel Countermeasures’ Dissection 6 / 27

  14. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Useful step in this direction: ANSSI’s Implem. Open-source protected AES: ◮ From a team of experts ◮ Mixed countermeasures ◮ Preliminary leakage assessment !! Educational purpose only !! It could be used to study: 1. Effectiveness of mixed countermeasures Olivier Bronchain Side-Channel Countermeasures’ Dissection 6 / 27

  15. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Useful step in this direction: ANSSI’s Implem. Open-source protected AES: ◮ From a team of experts ◮ Mixed countermeasures ◮ Preliminary leakage assessment !! Educational purpose only !! It could be used to study: 1. Effectiveness of mixed countermeasures 2. Security on popular 32-bit MCU’s Olivier Bronchain Side-Channel Countermeasures’ Dissection 6 / 27

  16. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Useful step in this direction: ANSSI’s Implem. Open-source protected AES: ◮ From a team of experts ◮ Mixed countermeasures ◮ Preliminary leakage assessment !! Educational purpose only !! It could be used to study: 1. Effectiveness of mixed countermeasures 2. Security on popular 32-bit MCU’s 3. Impact of open designs for worst-case security evaluations Olivier Bronchain Side-Channel Countermeasures’ Dissection 6 / 27

  17. 5000 4000 3000 2000 Current 1000 0 1000 2000 15 20 25 30 35 40 45 time Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Profiled Side-Channel Attacks in Worst-case analysis in two phases: Olivier Bronchain Side-Channel Countermeasures’ Dissection 7 / 27

  18. 5000 4000 3000 2000 Current 1000 0 1000 2000 15 20 25 30 35 40 45 time Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Profiled Side-Channel Attacks in Worst-case analysis in two phases: 1. Profiling / Learning target behavior Olivier Bronchain Side-Channel Countermeasures’ Dissection 7 / 27

  19. 5000 4000 3000 2000 Current 1000 0 1000 2000 15 20 25 30 35 40 45 time Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Profiled Side-Channel Attacks in . . . k 0 k 1 k 15 p 0 p 1 p 15 Sbox Sbox Sbox x 0 x 1 x 15 Linear Layer Worst-case analysis in two phases: 1. Profiling / Learning target behavior ◮ Algorithm/Implementation knowledge Olivier Bronchain Side-Channel Countermeasures’ Dissection 7 / 27

  20. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Profiled Side-Channel Attacks in 5000 . . . k 0 k 1 k 15 4000 3000 p 0 p 1 p 15 2000 Current Sbox Sbox Sbox 1000 0 x 0 x 1 x 15 1000 2000 15 20 25 30 35 40 45 Linear Layer time Worst-case analysis in two phases: 1. Profiling / Learning target behavior ◮ Algorithm/Implementation knowledge ◮ Leakage examples in controlled settings (i.e. known randomness) Olivier Bronchain Side-Channel Countermeasures’ Dissection 7 / 27

  21. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Profiled Side-Channel Attacks in 5000 . . . k 0 k 1 k 15 4000 3000 x=0xff p 0 p 1 p 15 2000 Current Sbox Sbox Sbox 1000 0 x=0x0f x 0 x 1 x 15 1000 2000 15 20 25 30 35 40 45 Linear Layer time x=0x00 Worst-case analysis in two phases: 1. Profiling / Learning target behavior ◮ Algorithm/Implementation knowledge ◮ Leakage examples in controlled settings (i.e. known randomness) Olivier Bronchain Side-Channel Countermeasures’ Dissection 7 / 27

  22. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Profiled Side-Channel Attacks in 5000 . . . k 0 k 1 k 15 4000 3000 x=0xff p 0 p 1 p 15 2000 Current Sbox Sbox Sbox 1000 0 x=0x0f x 0 x 1 x 15 1000 2000 15 20 25 30 35 40 45 Linear Layer time x=0x00 Worst-case analysis in two phases: 1. Profiling / Learning target behavior ◮ Algorithm/Implementation knowledge ◮ Leakage examples in controlled settings (i.e. known randomness) 2. Attack Olivier Bronchain Side-Channel Countermeasures’ Dissection 7 / 27

  23. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Profiled Side-Channel Attacks in 5000 . . . k 0 k 1 k 15 4000 3000 x=0xff p 0 p 1 p 15 2000 Current Sbox Sbox Sbox 1000 0 x=0x0f x 0 x 1 x 15 1000 2000 15 20 25 30 35 40 45 Linear Layer time x=0x00 Worst-case analysis in two phases: 1. Profiling / Learning target behavior ◮ Algorithm/Implementation knowledge ◮ Leakage examples in controlled settings (i.e. known randomness) 2. Attack ◮ Extract information from leakage Olivier Bronchain Side-Channel Countermeasures’ Dissection 7 / 27

  24. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Profiled Side-Channel Attacks in 5000 . . . k 0 k 1 k 15 4000 3000 x=0xff p 0 p 1 p 15 2000 Current Sbox Sbox Sbox 1000 0 x=0x0f x 0 x 1 x 15 1000 2000 15 20 25 30 35 40 45 Linear Layer time x=0x00 Worst-case analysis in two phases: 1. Profiling / Learning target behavior ◮ Algorithm/Implementation knowledge ◮ Leakage examples in controlled settings (i.e. known randomness) 2. Attack ◮ Extract information from leakage ◮ Processing for secret recovery Olivier Bronchain Side-Channel Countermeasures’ Dissection 7 / 27

  25. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Content Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Olivier Bronchain Side-Channel Countermeasures’ Dissection 8 / 27

  26. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures At a high level: Olivier Bronchain Side-Channel Countermeasures’ Dissection 9 / 27

  27. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures At a high level: ◮ Affine masking on bytes Olivier Bronchain Side-Channel Countermeasures’ Dissection 9 / 27

  28. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures At a high level: ◮ Affine masking on bytes ◮ Multiplicative mask r m (same for all the 16-bytes) Olivier Bronchain Side-Channel Countermeasures’ Dissection 9 / 27

  29. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures At a high level: ◮ Affine masking on bytes ◮ Multiplicative mask r m (same for all the 16-bytes) ◮ Additive mask r a Olivier Bronchain Side-Channel Countermeasures’ Dissection 9 / 27

  30. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures At a high level: ◮ Affine masking on bytes ◮ Multiplicative mask r m (same for all the 16-bytes) ◮ Additive mask r a ◮ Requires alternative Sbox table pre-computation Olivier Bronchain Side-Channel Countermeasures’ Dissection 9 / 27

  31. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures At a high level: ◮ Affine masking on bytes ◮ Multiplicative mask r m (same for all the 16-bytes) ◮ Additive mask r a ◮ Requires alternative Sbox table pre-computation ◮ Shuffled execution Olivier Bronchain Side-Channel Countermeasures’ Dissection 9 / 27

  32. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures At a high level: ◮ Affine masking on bytes ◮ Multiplicative mask r m (same for all the 16-bytes) ◮ Additive mask r a ◮ Requires alternative Sbox table pre-computation ◮ Shuffled execution ◮ One permutation for the 16 Sboxes Olivier Bronchain Side-Channel Countermeasures’ Dissection 9 / 27

  33. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures At a high level: ◮ Affine masking on bytes ◮ Multiplicative mask r m (same for all the 16-bytes) ◮ Additive mask r a ◮ Requires alternative Sbox table pre-computation ◮ Shuffled execution ◮ One permutation for the 16 Sboxes ◮ Another permutation for the 4 MixColumns Olivier Bronchain Side-Channel Countermeasures’ Dissection 9 / 27

  34. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures At a high level: ◮ Affine masking on bytes ◮ Multiplicative mask r m (same for all the 16-bytes) ◮ Additive mask r a ◮ Requires alternative Sbox table pre-computation ◮ Shuffled execution ◮ One permutation for the 16 Sboxes ◮ Another permutation for the 4 MixColumns ◮ Both are pre-computed Olivier Bronchain Side-Channel Countermeasures’ Dissection 9 / 27

  35. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures Inputs Pre-computation Encryption Olivier Bronchain Side-Channel Countermeasures’ Dissection 10 / 27

  36. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures Inputs Pre-computation Encryption � R a � P r m , r in , r out Olivier Bronchain Side-Channel Countermeasures’ Dissection 10 / 27

  37. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures Inputs Pre-computation Encryption � R a � Multiplicative P r m , r in , r out Pre-Computation Sbox ′ Olivier Bronchain Side-Channel Countermeasures’ Dissection 10 / 27

  38. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures Inputs Pre-computation Encryption � R a C = ( r m ⊗ � � P ) ⊕ � R a � Multiplicative P r m , r in , r out Pre-Computation Sbox ′ Olivier Bronchain Side-Channel Countermeasures’ Dissection 10 / 27

  39. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures Inputs Pre-computation Encryption � R a C = ( r m ⊗ � � P ) ⊕ � R a � Multiplicative P AddRoundKey r m , r in , r out Pre-Computation Sbox ′ Olivier Bronchain Side-Channel Countermeasures’ Dissection 10 / 27

  40. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures Inputs Pre-computation Encryption � R a C = ( r m ⊗ � � P ) ⊕ � R a � Multiplicative P AddRoundKey r m , r in , r out Pre-Computation r in Sbox ′ Olivier Bronchain Side-Channel Countermeasures’ Dissection 10 / 27

  41. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures Inputs Pre-computation Encryption � R a C = ( r m ⊗ � � P ) ⊕ � R a � Multiplicative P AddRoundKey r m , r in , r out Pre-Computation r in Sbox ′ Sbox ′ Olivier Bronchain Side-Channel Countermeasures’ Dissection 10 / 27

  42. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures Inputs Pre-computation Encryption � R a C = ( r m ⊗ � � P ) ⊕ � R a � Multiplicative P AddRoundKey r m , r in , r out Pre-Computation r in Sbox ′ Sbox ′ r out Olivier Bronchain Side-Channel Countermeasures’ Dissection 10 / 27

  43. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures Inputs Pre-computation Encryption � R a C = ( r m ⊗ � � P ) ⊕ � R a � Multiplicative P AddRoundKey r m , r in , r out Pre-Computation r in Sbox ′ Sbox ′ r out ShiftRows ShiftRows MixColumns MixColumns Olivier Bronchain Side-Channel Countermeasures’ Dissection 10 / 27

  44. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures Inputs Pre-computation Encryption � R a C = ( r m ⊗ � � P ) ⊕ � R a � Multiplicative P AddRoundKey r m , r in , r out Pre-Computation r in Sbox ′ seed 1 Sbox ′ seed 2 r out seed ′ 1 ShiftRows ShiftRows seed ′ 2 MixColumns MixColumns Olivier Bronchain Side-Channel Countermeasures’ Dissection 10 / 27

  45. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures Inputs Pre-computation Encryption � R a C = ( r m ⊗ � � P ) ⊕ � R a � Multiplicative P AddRoundKey r m , r in , r out Pre-Computation r in Sbox ′ Perm. over seed 1 { 0 , . . . , 15 } 16 Sbox ′ seed 2 Computation 16 p � C , p � R a r out Perm. over seed ′ 1 { 0 , 1 , 2 , 3 } 2 ShiftRows ShiftRows seed ′ 2 Computation 2 MixColumns MixColumns p ′ C , p ′ � � R a Olivier Bronchain Side-Channel Countermeasures’ Dissection 10 / 27

  46. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures Inputs Pre-computation Encryption � R a C = ( r m ⊗ � � P ) ⊕ � R a � Multiplicative P p � AddRoundKey C r m , r in , r out Pre-Computation r in Sbox ′ Perm. over seed 1 { 0 , . . . , 15 } 16 Sbox ′ seed 2 p � Computation C 16 p � C , p � R a r out Perm. over seed ′ 1 { 0 , 1 , 2 , 3 } p � 2 p � ShiftRows ShiftRows seed ′ R a C 2 Computation 2 p ′ p ′ MixColumns MixColumns � � C R a p ′ C , p ′ � � R a Olivier Bronchain Side-Channel Countermeasures’ Dissection 10 / 27

  47. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Optimal Distinguisher Profiled attacks are based on secret con- ditional distribution which depends on the countermeasures. Full expression is written as f[ � o 2 f[ � l | x ] ∝ � � � � l | r m , r a , c , o 1 , o 2 ] r m r a o 1 Olivier Bronchain Side-Channel Countermeasures’ Dissection 11 / 27

  48. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Optimal Distinguisher Profiled attacks are based on secret con- ditional distribution which depends on the countermeasures. Full expression is written as f[ � o 2 f[ � l | x ] ∝ � � � � l | r m , r a , c , o 1 , o 2 ] r m r a o 1 Mult. mask Olivier Bronchain Side-Channel Countermeasures’ Dissection 11 / 27

  49. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Optimal Distinguisher Profiled attacks are based on secret con- ditional distribution which depends on the countermeasures. Full expression is written as Add. mask f[ � o 2 f[ � l | x ] ∝ � � � � l | r m , r a , c , o 1 , o 2 ] r m r a o 1 Mult. mask Olivier Bronchain Side-Channel Countermeasures’ Dissection 11 / 27

  50. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Optimal Distinguisher Profiled attacks are based on secret con- ditional distribution which depends on the countermeasures. Full expression is written as Add. mask f[ � o 2 f[ � l | x ] ∝ � � � � l | r m , r a , c , o 1 , o 2 ] r m r a o 1 Mult. mask Perm. on shares Olivier Bronchain Side-Channel Countermeasures’ Dissection 11 / 27

  51. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Optimal Distinguisher Profiled attacks are based on secret con- ditional distribution which depends on the countermeasures. Full expression is written as Add. mask Template f[ � o 2 f[ � l | x ] ∝ � � � � l | r m , r a , c , o 1 , o 2 ] r m r a o 1 Mult. mask Perm. on shares Olivier Bronchain Side-Channel Countermeasures’ Dissection 11 / 27

  52. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Optimal Distinguisher Profiled attacks are based on secret con- ditional distribution which depends on the countermeasures. Optimal but rapidly out of reach: Full expression is written as Add. mask Template f[ � o 2 f[ � l | x ] ∝ � � � � l | r m , r a , c , o 1 , o 2 ] r m r a o 1 Mult. mask Perm. on shares Olivier Bronchain Side-Channel Countermeasures’ Dissection 11 / 27

  53. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Optimal Distinguisher Profiled attacks are based on secret con- ditional distribution which depends on the countermeasures. Optimal but rapidly out of reach: Full expression is written as ◮ One template per Add. mask Template randomness combination f[ � o 2 f[ � l | x ] ∝ � � � � l | r m , r a , c , o 1 , o 2 ] r m r a o 1 Mult. mask Perm. on shares Olivier Bronchain Side-Channel Countermeasures’ Dissection 11 / 27

  54. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Optimal Distinguisher Profiled attacks are based on secret con- ditional distribution which depends on the countermeasures. Optimal but rapidly out of reach: Full expression is written as ◮ One template per Add. mask Template randomness combination ◮ Sum over all the possible f[ � o 2 f[ � l | x ] ∝ � � � � l | r m , r a , c , o 1 , o 2 ] r m r a o 1 randomness Mult. mask Perm. on shares Olivier Bronchain Side-Channel Countermeasures’ Dissection 11 / 27

  55. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Optimal Distinguisher Profiled attacks are based on secret con- ditional distribution which depends on the countermeasures. Optimal but rapidly out of reach: Full expression is written as ◮ One template per Add. mask Template randomness combination ◮ Sum over all the possible f[ � o 2 f[ � l | x ] ∝ � � � � l | r m , r a , c , o 1 , o 2 ] r m r a o 1 randomness Mult. mask Perm. on shares = ⇒ Hypotheses needed Olivier Bronchain Side-Channel Countermeasures’ Dissection 11 / 27

  56. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures Dissection f[ � r m Pr[ r m | � l | x ] ∝ � l r m ] · � r a Assuming ⊥ leakages on secret: �� � o 1 f [ � l r a | r a , o 1 ] · Pr[ o 1 | � · l o 1 ] �� � o 2 f [ � l c | c , o 2 ] · Pr[ o 2 | � · l o 2 ] Olivier Bronchain Side-Channel Countermeasures’ Dissection 12 / 27

  57. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures Dissection Mult. mask f[ � r m Pr[ r m | � l | x ] ∝ � l r m ] · � r a Assuming ⊥ leakages on secret: �� � o 1 f [ � l r a | r a , o 1 ] · Pr[ o 1 | � · l o 1 ] �� � o 2 f [ � l c | c , o 2 ] · Pr[ o 2 | � · l o 2 ] Olivier Bronchain Side-Channel Countermeasures’ Dissection 12 / 27

  58. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures Dissection Mult. mask Add. mask + Perm f[ � r m Pr[ r m | � l | x ] ∝ � l r m ] · � r a Assuming ⊥ leakages on secret: �� � o 1 f [ � l r a | r a , o 1 ] · Pr[ o 1 | � · l o 1 ] �� � o 2 f [ � l c | c , o 2 ] · Pr[ o 2 | � · l o 2 ] Olivier Bronchain Side-Channel Countermeasures’ Dissection 12 / 27

  59. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures Dissection Mult. mask Add. mask + Perm f[ � r m Pr[ r m | � l | x ] ∝ � l r m ] · � r a Assuming ⊥ leakages on secret: �� � o 1 f [ � l r a | r a , o 1 ] · Pr[ o 1 | � · l o 1 ] �� � o 2 f [ � l c | c , o 2 ] · Pr[ o 2 | � · l o 2 ] Enc. + Perm Olivier Bronchain Side-Channel Countermeasures’ Dissection 12 / 27

  60. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures Dissection Mult. mask Add. mask + Perm f[ � r m Pr[ r m | � l | x ] ∝ � l r m ] · � r a Assuming ⊥ leakages on secret: �� � o 1 f [ � l r a | r a , o 1 ] · Pr[ o 1 | � · l o 1 ] �� � o 2 f [ � l c | c , o 2 ] · Pr[ o 2 | � · l o 2 ] Enc. + Perm Countermeasures’ Dissection: Olivier Bronchain Side-Channel Countermeasures’ Dissection 12 / 27

  61. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures Dissection Mult. mask Add. mask + Perm f[ � r m Pr[ r m | � l | x ] ∝ � l r m ] · � r a Assuming ⊥ leakages on secret: �� � o 1 f [ � l r a | r a , o 1 ] · Pr[ o 1 | � · l o 1 ] �� � o 2 f [ � l c | c , o 2 ] · Pr[ o 2 | � · l o 2 ] Enc. + Perm Countermeasures’ Dissection: ◮ What: From combined countermeasures, expected multiplicative effect Olivier Bronchain Side-Channel Countermeasures’ Dissection 12 / 27

  62. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures Dissection Mult. mask Add. mask + Perm f[ � r m Pr[ r m | � l | x ] ∝ � l r m ] · � r a Assuming ⊥ leakages on secret: �� � o 1 f [ � l r a | r a , o 1 ] · Pr[ o 1 | � · l o 1 ] �� � o 2 f [ � l c | c , o 2 ] · Pr[ o 2 | � · l o 2 ] Enc. + Perm Countermeasures’ Dissection: ◮ What: From combined countermeasures, expected multiplicative effect ◮ Reduce it to a small factor, ideally of 1. Olivier Bronchain Side-Channel Countermeasures’ Dissection 12 / 27

  63. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures Dissection Mult. mask Add. mask + Perm f[ � r m Pr[ r m | � l | x ] ∝ � l r m ] · � r a Assuming ⊥ leakages on secret: �� � o 1 f [ � l r a | r a , o 1 ] · Pr[ o 1 | � · l o 1 ] �� � o 2 f [ � l c | c , o 2 ] · Pr[ o 2 | � · l o 2 ] Enc. + Perm Countermeasures’ Dissection: ◮ What: From combined countermeasures, expected multiplicative effect ◮ Reduce it to a small factor, ideally of 1. ◮ How: Bias the sums by independent partial attacks on secrets (i.e. shares) Olivier Bronchain Side-Channel Countermeasures’ Dissection 12 / 27

  64. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures Dissection Mult. mask Add. mask + Perm f[ � r m Pr[ r m | � l | x ] ∝ � l r m ] · � r a Assuming ⊥ leakages on secret: �� � o 1 f [ � l r a | r a , o 1 ] · Pr[ o 1 | � · l o 1 ] �� � o 2 f [ � l c | c , o 2 ] · Pr[ o 2 | � · l o 2 ] Enc. + Perm Countermeasures’ Dissection: ◮ What: From combined countermeasures, expected multiplicative effect ◮ Reduce it to a small factor, ideally of 1. ◮ How: Bias the sums by independent partial attacks on secrets (i.e. shares) ◮ ց attack time complexity because terms are removed Olivier Bronchain Side-Channel Countermeasures’ Dissection 12 / 27

  65. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Countermeasures Dissection Mult. mask Add. mask + Perm f[ � r m Pr[ r m | � l | x ] ∝ � l r m ] · � r a Assuming ⊥ leakages on secret: �� � o 1 f [ � l r a | r a , o 1 ] · Pr[ o 1 | � · l o 1 ] �� � o 2 f [ � l c | c , o 2 ] · Pr[ o 2 | � · l o 2 ] Enc. + Perm Countermeasures’ Dissection: ◮ What: From combined countermeasures, expected multiplicative effect ◮ Reduce it to a small factor, ideally of 1. ◮ How: Bias the sums by independent partial attacks on secrets (i.e. shares) ◮ ց attack time complexity because terms are removed ◮ ց number of templates because not joint on all randomness Olivier Bronchain Side-Channel Countermeasures’ Dissection 12 / 27

  66. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Content Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Olivier Bronchain Side-Channel Countermeasures’ Dissection 13 / 27

  67. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Measurement Setup Composed of ◮ Cortex-M4 Atmel ◮ High end EM Probe ◮ PicoScope 5000 series sampling at 1GHz Olivier Bronchain Side-Channel Countermeasures’ Dissection 14 / 27

  68. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Measurement Setup Composed of ◮ Cortex-M4 Atmel ◮ High end EM Probe ◮ PicoScope 5000 series sampling at 1GHz Olivier Bronchain Side-Channel Countermeasures’ Dissection 14 / 27

  69. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Measurement Setup Composed of ◮ Cortex-M4 Atmel ◮ High end EM Probe ◮ PicoScope 5000 series sampling at 1GHz Olivier Bronchain Side-Channel Countermeasures’ Dissection 14 / 27

  70. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Measurement Setup Composed of ◮ Cortex-M4 Atmel ◮ High end EM Probe ◮ PicoScope 5000 series sampling at 1GHz How to extract information in ? Olivier Bronchain Side-Channel Countermeasures’ Dissection 14 / 27

  71. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Profiling (e.g., permutation) 1. Compute SNR seed ′ 1 seed ′ 2 0 . 10 SNR 0 . 05 0 . 00 0 . 0 0 . 2 0 . 4 0 . 6 0 . 8 1 . 0 × 10 − 3 time [ s ] Olivier Bronchain Side-Channel Countermeasures’ Dissection 15 / 27

  72. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Profiling (e.g., permutation) 1. Compute SNR seed ′ 1 seed ′ 2 0 . 10 2. Select points of interest SNR 0 . 05 0 . 00 0 . 0 0 . 2 0 . 4 0 . 6 0 . 8 1 . 0 × 10 − 3 time [ s ] Olivier Bronchain Side-Channel Countermeasures’ Dissection 15 / 27

  73. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Profiling (e.g., permutation) 1. Compute SNR seed ′ 1 seed ′ 2 0 . 10 2. Select points of interest SNR 0 . 05 0 . 00 0 . 0 0 . 2 0 . 4 0 . 6 0 . 8 1 . 0 × 10 − 3 time [ s ] 3000 Olivier Bronchain Side-Channel Countermeasures’ Dissection 15 / 27

  74. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Profiling (e.g., permutation) 1. Compute SNR seed ′ 1 seed ′ 2 0 . 10 2. Select points of interest SNR 0 . 05 3. Train projection 0 . 00 0 . 0 0 . 2 0 . 4 0 . 6 0 . 8 1 . 0 × 10 − 3 time [ s ] 3000 PCA Training Olivier Bronchain Side-Channel Countermeasures’ Dissection 15 / 27

  75. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Profiling (e.g., permutation) 1. Compute SNR seed ′ 1 seed ′ 2 0 . 10 2. Select points of interest SNR 0 . 05 3. Train projection 0 . 00 0 . 0 0 . 2 0 . 4 0 . 6 0 . 8 1 . 0 × 10 − 3 time [ s ] 3000 3000 PCA Training PCA Olivier Bronchain Side-Channel Countermeasures’ Dissection 15 / 27

  76. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Profiling (e.g., permutation) 1. Compute SNR seed ′ 1 seed ′ 2 0 . 10 2. Select points of interest SNR 0 . 05 3. Train projection 0 . 00 0 . 0 0 . 2 0 . 4 0 . 6 0 . 8 1 . 0 × 10 − 3 time [ s ] 4. Project to subspace 3000 3000 PCA Training PCA 3 20 0 . 200 0 . 175 15 0 . 150 10 1 ] f [ l 2 | seed ′ 0 . 125 l 1 0 . 100 5 0 . 075 0 . 050 0 0 . 025 − 5 0 . 000 − 15 − 10 − 5 0 5 − 10 − 5 0 5 10 15 l 2 l 0 Olivier Bronchain Side-Channel Countermeasures’ Dissection 15 / 27

  77. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Profiling (e.g., permutation) 1. Compute SNR seed ′ 1 seed ′ 2 0 . 10 2. Select points of interest SNR 0 . 05 3. Train projection 0 . 00 0 . 0 0 . 2 0 . 4 0 . 6 0 . 8 1 . 0 × 10 − 3 time [ s ] 4. Project to subspace 5. Fit pdf estimation (i.e. gauss.) 3000 3000 f [ � l o 1 | o 1 = 0] PCA Training PCA 3 20 0 . 200 0 . 175 15 0 . 150 10 1 ] f [ l 2 | seed ′ 0 . 125 l 1 0 . 100 5 0 . 075 0 . 050 0 0 . 025 − 5 0 . 000 − 15 − 10 − 5 0 5 − 10 − 5 0 5 10 15 l 2 l 0 Olivier Bronchain Side-Channel Countermeasures’ Dissection 15 / 27

  78. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Profiling (e.g., permutation) 1. Compute SNR seed ′ 1 seed ′ 2 0 . 10 2. Select points of interest SNR 0 . 05 3. Train projection 0 . 00 0 . 0 0 . 2 0 . 4 0 . 6 0 . 8 1 . 0 × 10 − 3 time [ s ] 4. Project to subspace 5. Fit pdf estimation (i.e. gauss.) 3000 3000 f [ � l o 1 | o 1 = 0] PCA Training PCA 3 20 0 . 200 0 . 175 15 0 . 150 10 1 ] f [ l 2 | seed ′ 0 . 125 l 1 0 . 100 5 0 . 075 0 . 050 0 f [ � 0 . 025 l o 1 | o 1 = 1] − 5 0 . 000 − 15 − 10 − 5 0 5 − 10 − 5 0 5 10 15 l 2 l 0 Olivier Bronchain Side-Channel Countermeasures’ Dissection 15 / 27

  79. Introduction Countermeasures’ Dissection Information Extraction Attack Results Closed Source Evaluation Conclusion Partial Attacks 0 . 03 1. Measure a trace Signal [ mV ] 0 . 02 0 . 01 0 . 00 − 0 . 01 0 . 0 0 . 2 0 . 4 0 . 6 0 . 8 1 . 0 time [ s ] × 10 − 3 PCA Training Olivier Bronchain Side-Channel Countermeasures’ Dissection 16 / 27

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 18

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer FSE 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

635 views • 30 slides
Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . . . 1 / 21

I SAP Towards Side-channel Secure AE Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Thomas Unterluggauer ESC 2017 www.iaik.tugraz.at Introduction Problem: side-channel attacks Countermeasures: hiding, masking, TI . .

476 views • 33 slides
HOST SCA Countermeasures I ECE 525 Side-Channel Analysis (SCA) Countermeasures Reference

HOST SCA Countermeasures I ECE 525 Side-Channel Analysis (SCA) Countermeasures Reference

HOST SCA Countermeasures I ECE 525 Side-Channel Analysis (SCA) Countermeasures Reference Mangard et. al, "Power Analysis Attacks, Revealing the Secrets of Smart Cards", Springer, 2009 Power analysis attacks are effective because the

479 views • 19 slides
Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet

Randomness as countermeasures against Side Channel Attacks Nadia El Mrabet nadia.el-mrabet@emse.fr Mines St Etienne WRACH2019, April 17, 2019 Side channel attacks Physical counter measures Algorithmic counter measures Arithmetical

900 views • 36 slides
Generalized Polynomial Decomposition for S-boxes with Application to Side-Channel Countermeasures

Generalized Polynomial Decomposition for S-boxes with Application to Side-Channel Countermeasures

Generalized Polynomial Decomposition for S-boxes with Application to Side-Channel Countermeasures Dahmun Goudarzi, Matthieu Rivain, Srinivas Vivek, and Damien Vergnaud Background 2 Secure Software S-box Implementations Higher-Order

636 views • 25 slides
HOST SCA Countermeasures II ECE 525 Introduction We propose a technique called Side-channel

HOST SCA Countermeasures II ECE 525 Introduction We propose a technique called Side-channel

HOST SCA Countermeasures II ECE 525 Introduction We propose a technique called Side-channel Power Resistance for Encryption Algo- rithms using Dynamic Partial Reconfiguration or SPREAD As a countermeasure to DPA, CPA and other types of

689 views • 10 slides
Towards the Automatic Applications of Side Channel Countermeasures Francesco Regazzoni Francesco

Towards the Automatic Applications of Side Channel Countermeasures Francesco Regazzoni Francesco

Towards the Automatic Applications of Side Channel Countermeasures Francesco Regazzoni Francesco Regazzoni 23 October 2015, Chia, Italy P. 1 Contents 1 Motivations 2 DPA Resistant Synthesis 3 DPA Resistant Place and Route 4 DPA

1.01k views • 55 slides
Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat DC

Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat DC

Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat DC February 21, 2008 Black Hat USA 2007 Agenda Advances in Embedded Systems Security From USB stick to game console Current

673 views • 42 slides
Provably secure compilation of side-channel countermeasures: the case of cryptographic

Provably secure compilation of side-channel countermeasures: the case of cryptographic

Provably secure compilation of side-channel countermeasures: the case of cryptographic constant-time Gilles Barthe Benjamin Grgoire Vincent Laporte CSF18, 2018-07-12 Vincent Laporte et alii Provably secure compilation of

501 views • 25 slides
Side Channel Attacks and Countermeasures for Embedded Systems Job de Haas Black Hat USA

Side Channel Attacks and Countermeasures for Embedded Systems Job de Haas Black Hat USA

Side Channel Attacks and Countermeasures for Embedded Systems Job de Haas Black Hat USA August 2, 2007 Black Hat USA 2007 Agenda Advances in Embedded Systems Security From USB stick to game console Current attacks

533 views • 41 slides
Overview of Countermeasures against Implementation Attacks Marcel Medwed marcel.medwed@nxp.com

Overview of Countermeasures against Implementation Attacks Marcel Medwed marcel.medwed@nxp.com

Overview of Countermeasures against Implementation Attacks Marcel Medwed marcel.medwed@nxp.com Outline Motivation & general mechanisms Side-channel countermeasures Fault countermeasures Conclusions 2 Design and Security of

549 views • 40 slides
Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks

Elliptic Curves Side-Channel Countermeasures Conclusion Elliptic Curve Cryptography on Embedded Devices Scalar Multiplication and Side-Channel Attacks Vincent Verneuil 1 , 2 1 Inside Secure 2 Institut de Math ematiques de Bordeaux S

2.22k views • 188 slides
Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of

Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of

Plaintext: A Missing Feature for Enhancing the Power of Deep Learning in Side-Channel Analysis? Breaking multiple layers of side-channel countermeasures Anh-Tuan Hoang, Neil Hanley and Mire ONeill CHES 2020 14-18 September 2020 Outline

620 views • 21 slides
Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat

Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat

Side Channel Analysis and Embedded Systems Impact and Countermeasures Job de Haas Black Hat Europe 2008 Black Hat Europe 2008 Agenda Advances in Embedded Systems Security From USB stick to game console Current attacks

653 views • 42 slides
Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider

Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider and Amir Moradi Friday, September 11 th , 2015 Motivation Physical Attacks & Countermeasures input output input output Timing, Power, EM,

746 views • 47 slides
Side Channel Analysis & Countermeasures Begl Bilgin 27 Dec. 2014 - IAM Alumni Meeting

Side Channel Analysis & Countermeasures Begl Bilgin 27 Dec. 2014 - IAM Alumni Meeting

Side Channel Analysis & Countermeasures Begl Bilgin 27 Dec. 2014 - IAM Alumni Meeting Adversary Models 2 Adversary Models 2 Adversary Models Black-box Gray-box White-box 3 Adversary Models Black-box Gray-box White-box Key

1.45k views • 118 slides
1 : 1 million scale mapping of India and the International Map of the World in the early 20 th

1 : 1 million scale mapping of India and the International Map of the World in the early 20 th

1 : 1 million scale mapping of India and the International Map of the World in the early 20 th Century David Forrest University of Glasgow Alastair Pearson University of Portsmouth Project funded by: Best & McColl fellowships of AGS

437 views • 19 slides
JBHS 2020 Senior Parent islands and good hiding places. Information Jack Britt Administrative

JBHS 2020 Senior Parent islands and good hiding places. Information Jack Britt Administrative

Three hundred years ago, thousands of pirates sailed around the world. It was called the Golden Age of Piracy. The Caribbean Sea was very popular with pirates because there were many small JBHS 2020 Senior Parent islands and good

405 views • 17 slides
Mixtures of equispaced Normal distributions and their use for testing symmetry in univariate data

Mixtures of equispaced Normal distributions and their use for testing symmetry in univariate data

Mixtures of equispaced Normal distributions and their use for testing symmetry in univariate data Silvia Bacci 1 , Francesco Bartolucci Dipartimento di Economia, Finanza e Statistica - Universit di Perugia University of Naples

439 views • 23 slides
Learning in the Time of Coronavirus: District Leaders on Managing Change, Maintaining

Learning in the Time of Coronavirus: District Leaders on Managing Change, Maintaining

WEBINAR Learning in the Time of Coronavirus: District Leaders on Managing Change, Maintaining High-Quality Learning for All, and Innovating for Future Success June 24, 2020 Agenda 1. Welcome and Introduction 2. Case Study: Lindsay Unified

1.01k views • 37 slides
Ministerio del Interior Ministerio del Interior Ministerio del Interior Ministerio del Interior

Ministerio del Interior Ministerio del Interior Ministerio del Interior Ministerio del Interior

Ministerio del Interior Ministerio del Interior Ministerio del Interior Ministerio del Interior About 13 years ago, Peter Steiner published a cartoon in The New Yorker that made us smile and think think smile Ministerio del Interior

1.09k views • 30 slides
REFORMATION IMAGES 21H.343J / CC.120J Spring 2016 1 This image is in the public domain. This

REFORMATION IMAGES 21H.343J / CC.120J Spring 2016 1 This image is in the public domain. This

REFORMATION IMAGES 21H.343J / CC.120J Spring 2016 1 This image is in the public domain. This image is in the public domain. Albrecht Drer, Erasmus , 1526 Hans Holbein the Younger, Erasmus , 1523 2 Erasmus, Novum Instrumentum , 1516 edition,

260 views • 11 slides
SiD Muon R&D SiPM Studies, RPC Aging Studies H. Band University of Wisconsin SiD Muon

SiD Muon R&D SiPM Studies, RPC Aging Studies H. Band University of Wisconsin SiD Muon

SiD Muon R&D SiPM Studies, RPC Aging Studies H. Band University of Wisconsin SiD Muon Expected Backgrounds Barrel -Beam halo induced muons 3 10 -3 /cm 2 - pulse train Endcap -2 hadrons & 4 10 -2 /cm 2 - pulse

586 views • 30 slides
An Approach Based on Bayesian Networks for Query Selectivity Estimation Max Halford 12 Philippe

An Approach Based on Bayesian Networks for Query Selectivity Estimation Max Halford 12 Philippe

An Approach Based on Bayesian Networks for Query Selectivity Estimation Max Halford 12 Philippe Saint-Pierre 1 Franck Morvan 2 1 Toulouse Institute of Mathematics (IMT) 2 Toulouse Institute of Informatics Research (IRIT) DASFAA 2019, Chiang Mai

680 views • 30 slides

More recommend