sifa
play

SIFA Statistical Ineffective Fault Attacks Rump Session at CHES - PowerPoint PPT Presentation

Dec 19, 2022 •233 likes •413 views

SIFA Statistical Ineffective Fault Attacks Rump Session at CHES 2018 Based on work of: Christoph Dobraunig, Maria Eichlseder, Hannes Gro, Thomas Korak, Stefan Mangard, Florian Mendel, Robert Primas Are Protected Implementations Hard to

  1. SIFA Statistical Ineffective Fault Attacks Rump Session at CHES 2018 Based on work of: Christoph Dobraunig, Maria Eichlseder, Hannes Groß, Thomas Korak, Stefan Mangard, Florian Mendel, Robert Primas

  2. Are Protected Implementations Hard to Attack? P E C 1 / 6

  3. Are Protected Implementations Hard to Attack? P E C 1 / 6

  4. Are Protected Implementations Hard to Attack? P E E E E E = C 1 / 6

  5. Are Protected Implementations Hard to Attack? P E E E E E = C SIFA can attack masked implementations of arbitrary order and with arbitrary error detection capabilities single fault per execution of the primitive typically effort does not significantly increase with higher protection order 1 / 6

  6. Path to SIFA Statistical Fault Attacks Ineffective Fault Attacks ([FJLT13], [DEKLM16]) ([Cla07]) Statistical Ineffective Fault Attacks ([DEKMMP18], [DEGMMP18]) 2 / 6

  7. Where to Fault? Instruction 1 Susceptible Not Susceptible Masked S-box Instruction 688 Example of masked AES in Software [SS16] and byte-stuck-at-0 3 / 6

  8. Which Fault Models? Successful attacks when we: Flip one bit Set one byte to zero Set one bit to zero Randomize one byte Randomize one bit Skip an instruction Flip one byte ... 4 / 6

  9. Which Fault Models? Successful attacks when we: Flip one bit Set one byte to zero Set one bit to zero Randomize one byte Randomize one bit Skip an instruction Flip one byte ... 4 / 6

  10. Which Fault Models? Successful attacks when we: Flip one bit Set one byte to zero Set one bit to zero Randomize one byte Randomize one bit Skip an instruction Flip one byte ... 4 / 6

  11. Which Fault Models? Successful attacks when we: Flip one bit Set one byte to zero Set one bit to zero Randomize one byte Randomize one bit Skip an instruction Flip one byte ... 4 / 6

  12. Which Fault Models? Successful attacks when we: Flip one bit Set one byte to zero Set one bit to zero Randomize one byte Randomize one bit Skip an instruction Flip one byte ... 4 / 6

  13. Which Fault Models? Successful attacks when we: Flip one bit Set one byte to zero Set one bit to zero Randomize one byte Randomize one bit Skip an instruction Flip one byte ... 4 / 6

  14. Which Fault Models? Successful attacks when we: Flip one bit Set one byte to zero Set one bit to zero Randomize one byte Randomize one bit Skip an instruction Flip one byte ... 4 / 6

  15. Thank you https://eprint.iacr.org/2018/071 https://eprint.iacr.org/2018/357 5 / 6

  16. Bibliography I [Cla07] C. Clavier Secret External Encodings Do Not Prevent Transient Fault Analysis Cryptographic Hardware and Embedded Systems – CHES 2007 [DEGMMP18] C. Dobraunig, M. Eichlseder, H. Gross, S. Mangard, F. Mendel, and R. Primas Statistical Ineffective Fault Attacks on Masked AES with Fault Countermeasures To appear at ASIACRYPT 2018, 2018 [DEKLM16] C. Dobraunig, M. Eichlseder, T. Korak, V. Lomn´ e, and F. Mendel Statistical Fault Attacks on Nonce-Based Authenticated Encryption Schemes Advances in Cryptology – ASIACRYPT 2016 [DEKMMP18] C. Dobraunig, M. Eichlseder, T. Korak, S. Mangard, F. Mendel, and R. Primas SIFA: Exploiting Ineffective Fault Inductions on Symmetric Cryptography IACR Transactions on Cryptographic Hardware and Embedded Systems 2018:3, 2018

  17. Bibliography II T. Fuhr, ´ [FJLT13] E. Jaulmes, V. Lomn´ e, and A. Thillard Fault Attacks on AES with Faulty Ciphertexts Only Fault Diagnosis and Tolerance in Cryptography – FDTC 2013 [SS16] P. Schwabe and K. Stoffelen All the AES You Need on Cortex-M3 and M4 Selected Areas in Cryptography – SAC 2016

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

SIFA: Exploiting Ineffective Fault Inductions on Symmetric Cryptography Christoph Dobraunig 1 ,

SIFA: Exploiting Ineffective Fault Inductions on Symmetric Cryptography Christoph Dobraunig 1 ,

SIFA: Exploiting Ineffective Fault Inductions on Symmetric Cryptography Christoph Dobraunig 1 , Maria Eichlseder 1 , Thomas Korak 2 , Stefan Mangard 1 , Florian Mendel 2 , Robert Primas 1 1 Graz University of Technology, Austria

730 views • 54 slides
AVRIL 27 th 2020 ILO COOP UNIT WEBINAIR Outline Introduction Women in Africa

AVRIL 27 th 2020 ILO COOP UNIT WEBINAIR Outline Introduction Women in Africa

Presentation by Dr. Chiyoge B. Sifa Regional Director The Alliance Africa AVRIL 27 th 2020 ILO COOP UNIT WEBINAIR Outline Introduction Women in Africa Women in Coops Challenges and way forward Introduction Introd.Contd

278 views • 23 slides
Plenary Talk - Malta October 2017 #MaltaGiG Joss Bland-Hawthorn ASTRO 3D Centre of Excellence

Plenary Talk - Malta October 2017 #MaltaGiG Joss Bland-Hawthorn ASTRO 3D Centre of Excellence

Plenary Talk - Malta October 2017 #MaltaGiG Joss Bland-Hawthorn ASTRO 3D Centre of Excellence SIfA, University of Sydney u Lessons learned in this decade from the near field u Gas accre:on onto L* galaxies #MaltaGiG Stellar Mass &

1.52k views • 42 slides
Local Search Techniques Marijn J.H. Heule Warren A. Hunt Jr. The University of Texas at Austin

Local Search Techniques Marijn J.H. Heule Warren A. Hunt Jr. The University of Texas at Austin

Local Search Techniques Marijn J.H. Heule Warren A. Hunt Jr. The University of Texas at Austin Heule & Hunt (UT Austin) Local Search Techniques 1 / 8 Local Search: Generic structure Generic structure of local search Sat solvers 1: for i

759 views • 16 slides
Flip-Flop One-bit Memory Something to Remember What I Remember D Q Remember Now! What I

Flip-Flop One-bit Memory Something to Remember What I Remember D Q Remember Now! What I

Flip-Flop One-bit Memory Something to Remember What I Remember D Q Remember Now! What I Remember Q Chapter 5 Edge-Triggered 1 3 CSc 314 T W Bennet Mississippi College CSc 314 T W Bennet Mississippi College State

660 views • 14 slides
The state with the field H perpendicular to the easy magnetization the two sublattices is more

The state with the field H perpendicular to the easy magnetization the two sublattices is more

Spin flop and Spin flop two examples of metamagnetic transitions For and antiferromagnetic compound T N T Zeeman energy in an applied field H , E = - 0HM = - 0H 2 , The state with the field H

408 views • 5 slides
Refresh: Counting. CS70: On to probability. Key Points First Rule of counting: Objects from a

Refresh: Counting. CS70: On to probability. Key Points First Rule of counting: Objects from a

Refresh: Counting. CS70: On to probability. Key Points First Rule of counting: Objects from a sequence of choices: n i possibilitities for i th choice. Uncertainty does not mean nothing is known Modeling Uncertainty: Probability Space

622 views • 7 slides
Shohreh Sharif Mansouri and Elena Dubrova Department of Electronic Systems Royal Institute of

Shohreh Sharif Mansouri and Elena Dubrova Department of Electronic Systems Royal Institute of

An Improved Hardware Implementation of the Grain-128a Stream Cipher Shohreh Sharif Mansouri and Elena Dubrova Department of Electronic Systems Royal Institute of Technology (KTH), Stockholm Email:{shsm,dubrova}@kth.se Overview Motivation

556 views • 24 slides
A modified form of Cheneys Algorithm to allow mutator to progress during a GC cycle Main idea

A modified form of Cheneys Algorithm to allow mutator to progress during a GC cycle Main idea

A modified form of Cheneys Algorithm to allow mutator to progress during a GC cycle Main idea of Bakers algorithm Dont let the mutator see a white object Cannot disrupt collect During collection each mutator read from

392 views • 16 slides
FLIP the (Flow) Table: Fast LIghtweight Policy-preserving SDN Updates Stefano Vissicchio

FLIP the (Flow) Table: Fast LIghtweight Policy-preserving SDN Updates Stefano Vissicchio

FLIP the (Flow) Table: Fast LIghtweight Policy-preserving SDN Updates Stefano Vissicchio (UCLouvain) stefano.vissicchio@uclouvain.be INFOCOM 13th April 2016 Joint work with Luca Cittadini (Roma Tre University) SDN controller Operators

812 views • 70 slides
Chapter 3 Learn how to design simple logic circuits. Understand how digital circuits work

Chapter 3 Learn how to design simple logic circuits. Understand how digital circuits work

Chapter 3 Objectives Understand the relationship between Boolean logic and digital computer circuits. Chapter 3 Learn how to design simple logic circuits. Understand how digital circuits work together to Boolean Algebra and form

448 views • 19 slides
State Prof. Hakim Weatherspoon CS 3410 Computer Science Cornell University [Weatherspoon,

State Prof. Hakim Weatherspoon CS 3410 Computer Science Cornell University [Weatherspoon,

State Prof. Hakim Weatherspoon CS 3410 Computer Science Cornell University [Weatherspoon, Bala, Bracy, and Sirer] Goals for Today State How do we store one bit? Attempts at storing (and changing) one bit - Set-Reset Latch - D Latch

736 views • 38 slides
Lesson 9 Clocks, Memory elements, (Flip-flops, Latches and Registers) And Processors A A basic

Lesson 9 Clocks, Memory elements, (Flip-flops, Latches and Registers) And Processors A A basic

Lesson 9 Clocks, Memory elements, (Flip-flops, Latches and Registers) And Processors A A basic MIPS implementation We examine implementation of the following instructions o The memory-reference instructions load word (lw) and store word

885 views • 19 slides
Chapter 5 Synchronous Sequential Logic 5-1 Outline ! Sequential Circuits ! Latches ! Flip-Flops

Chapter 5 Synchronous Sequential Logic 5-1 Outline ! Sequential Circuits ! Latches ! Flip-Flops

Chapter 5 Synchronous Sequential Logic 5-1 Outline ! Sequential Circuits ! Latches ! Flip-Flops ! Analysis of Clocked Sequential Circuits ! State Reduction and Assignment ! Design Procedure 5-2 1 Sequential Circuits ! Consist of a

595 views • 30 slides
Modeling Safe and Efficient Tumbles of an Acrobatically Inclined Robot Rachel Cleaveland

Modeling Safe and Efficient Tumbles of an Acrobatically Inclined Robot Rachel Cleaveland

Modeling Safe and Efficient Tumbles of an Acrobatically Inclined Robot Rachel Cleaveland December 10, 2019 October 19th, 2019 - Simone Biles takes the world record for the most medals won by a single gymnast at the world championships

232 views • 20 slides
DEF CON 27 Capture the Flag Finals Shortman The CTF Live Attack/Defense CTF 16 Teams from all

DEF CON 27 Capture the Flag Finals Shortman The CTF Live Attack/Defense CTF 16 Teams from all

DEF CON 27 Capture the Flag Finals Shortman The CTF Live Attack/Defense CTF 16 Teams from all over the world Must qualify by either winning a qualifier or finishing in the top X in the Defcon qualifier CTF Pre-qualified Teams DEF CON 2018

792 views • 49 slides
Flipper: Fault-Tolerant Distributed Network Management and Control Subhrendu Chattopadhyay ,

Flipper: Fault-Tolerant Distributed Network Management and Control Subhrendu Chattopadhyay ,

Introduction SDN Flipper Properties of Flipper Simulation Results Emulation Results Conclusion Flipper: Fault-Tolerant Distributed Network Management and Control Subhrendu Chattopadhyay , Niladri Sett, Sukumar Nandi, and Sandip Chakraborty

334 views • 30 slides
Supervised Learning via Decision Trees Lecture 8 Supervised Learning via Decision Trees March

Supervised Learning via Decision Trees Lecture 8 Supervised Learning via Decision Trees March

Wentworth Institute of Technology COMP3770 Artificial Intelligence | Spring 2017 | Derbinsky Supervised Learning via Decision Trees Lecture 8 Supervised Learning via Decision Trees March 27, 2017 1 Wentworth Institute of Technology

546 views • 52 slides
Supervised Learning via Decision Trees Lecture 9 Supervised Learning via Decision Trees March

Supervised Learning via Decision Trees Lecture 9 Supervised Learning via Decision Trees March

Wentworth Institute of Technology COMP3770 Artificial Intelligence | Spring 2016 | Derbinsky Supervised Learning via Decision Trees Lecture 9 Supervised Learning via Decision Trees March 22, 2016 1 Wentworth Institute of Technology

542 views • 52 slides
Pinball Wizardry Youre a wizard, Harry Historical Stuff (OG machines) Quick History

Pinball Wizardry Youre a wizard, Harry Historical Stuff (OG machines) Quick History

Pinball Wizardry Youre a wizard, Harry Historical Stuff (OG machines) Quick History 1930s: Baffle Ball! 1933: Electrification 1947: First flippers introduced 1970s: Solid state electronics: circuit boards,

596 views • 37 slides
Mercy Housing reflections on NOAH with support from JPMorganChase 4/4/2018 1 4/4/2018 2

Mercy Housing reflections on NOAH with support from JPMorganChase 4/4/2018 1 4/4/2018 2

Mercy Housing reflections on NOAH with support from JPMorganChase 4/4/2018 1 4/4/2018 2 Why d y did we engage i in NOAH/W /Wor orkfor orce H e Housing To support communities and families where essential workers such as

764 views • 6 slides
Effectors CSCI545 Introduction to Robotics Hadi Moradi Previous Lecture Introduction to

Effectors CSCI545 Introduction to Robotics Hadi Moradi Previous Lecture Introduction to

6/29/2010 Effectors CSCI545 Introduction to Robotics Hadi Moradi Previous Lecture Introduction to Robots Introduction to Robots Basics of Manipulators 1 6/29/2010 Effector vs. Actuator Effector: Any device affecting

630 views • 19 slides
Week 4 Create content. Drive traffic. Pre-sell MVP. Week 5 - Email marketing funnel. More

Week 4 Create content. Drive traffic. Pre-sell MVP. Week 5 - Email marketing funnel. More

OUR PLAN Week 1 Find a niche. Validate the niche. Week 2 Determine value proposition. Choose a product offering. Week 3 Website development. Setup sales funnel. Week 4 Create content. Drive traffic. Pre-sell MVP. Week 5 - Email

544 views • 27 slides
Digital Games An Introduction What are Digital Games? Commonly referred to as video games

Digital Games An Introduction What are Digital Games? Commonly referred to as video games

Digital Games An Introduction What are Digital Games? Commonly referred to as video games People who play video games are called gamers Rapidly growing industry Generated close to USD 100 billion in revenue in 2015

706 views • 45 slides

More recommend