taylor expansion of maximum likelihood attacks
play

Taylor Expansion of Maximum Likelihood Attacks Institut Nicolas - PowerPoint PPT Presentation

Jan 14, 2024 •402 likes •1.04k views

Taylor Expansion of Maximum Likelihood Attacks Institut Nicolas Bruneau 1 , 2 , Sylvain Guilley 1 , 3 , Mines-Telecom Annelie Heuser 1 , Olivier Rioul 1 , cois-Xavier Standaert 4 , Yannick Teglia 5 Fran 1 T el ecom-ParisTech, Crypto

  1. Taylor Expansion of Maximum Likelihood Attacks Institut Nicolas Bruneau 1 , 2 , Sylvain Guilley 1 , 3 , Mines-Telecom Annelie Heuser 1 , Olivier Rioul 1 , cois-Xavier Standaert 4 , Yannick Teglia 5 Fran¸ 1 T´ el´ ecom-ParisTech, Crypto & ComNum Group, Paris, FRANCE 2 STMicroelectronics, AST division, Rousset, FRANCE 3 Secure-IC S.A.S., Rennes, FRANCE 4 Universit´ e Catholique de Louvain, Louvain-la-Neuve, BELGIQUE 5 Gemalto, La Ciotat, FRANCE STMicroelectronics ASIACRYPT 2016 — Hanoi, Vietnam

  2. Introduction Rounded Optimal Attack Case Study Nicolas Bruneau, Sylvain Guilley, Annelie Heuser, Olivier Rioul, Fran¸ cois-Xavier Standaert, Yannick Teglia 2/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  3. Introduction Rounded Optimal Attack Case Study Outline Introduction Side-Channel Analysis as a Threat Protection Methods Template Attacks Rounded Optimal Attack Truncated Taylor Expansion Complexity Case Study Protected Table Recomputation Implementation Bi-Variate Attacks Multi-Variate Attacks 3/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  4. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Outline Introduction Side-Channel Analysis as a Threat Protection Methods Template Attacks Rounded Optimal Attack Case Study 4/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  5. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Side-Channel Analysis on Embedded Systems noisy measurement moments: µ , σ , etc . distributions: side-channel 0xc7 probe !!! Preprocessing: Distinguisher: - filtering - extract link w/ a model leakage - denoising w/ wavelets - for many possible keys - time/freq. analysis 0xc7 - dimensionality reduction (PCA, LDA) ? ? ? ? ... ... 0x00 0x01 0xc7 0xff 5/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  6. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks (Ω − 1) th-Order Masking: Principle Aim The sensitive variable Z is randomly split into Ω shares: ⇒ need random masks M i , 0 < i < Ω Z . . . Z ⊥ M 1 ⊥ ... ⊥ M Ω − 1 M 1 M Ω − 1 6/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  7. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks (Ω − 1) th-Order Masking: Principle Aim The sensitive variable Z is randomly split into Ω shares: ⇒ need random masks M i , 0 < i < Ω Z . . . Z ⊥ M 1 ⊥ ... ⊥ M Ω − 1 M 1 M Ω − 1 6/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  8. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks (Ω − 1) th-Order Masking: Principle Aim The sensitive variable Z is randomly split into Ω shares: ⇒ need random masks M i , 0 < i < Ω Z . . . Z ⊥ M 1 ⊥ ... ⊥ M Ω − 1 M 1 M Ω − 1 Consequence Increases the minimum key-dependent statistical moment. 6/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  9. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Shuffling: Principle Aim Randomize the order of execution ⇒ need a random permutation π Z 1 7/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  10. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Shuffling: Principle Aim Randomize the order of execution ⇒ need a random permutation π Z 1 Z 2 7/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  11. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Shuffling: Principle Aim Randomize the order of execution ⇒ need a random permutation π Z 1 Z 2 Z 3 7/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  12. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Shuffling: Principle Aim Randomize the order of execution ⇒ need a random permutation π Z 1 Z 2 Z 3 Z 4 7/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  13. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Shuffling: Principle Aim Randomize the order of execution ⇒ need a random permutation π Z 3 7/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  14. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Shuffling: Principle Aim Randomize the order of execution ⇒ need a random permutation π Z 1 Z 3 7/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  15. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Shuffling: Principle Aim Randomize the order of execution ⇒ need a random permutation π Z 1 Z 2 Z 3 7/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  16. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Shuffling: Principle Aim Randomize the order of execution ⇒ need a random permutation π Z 1 Z 2 Z 3 Z 4 7/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  17. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Shuffling: Principle Aim Randomize the order of execution ⇒ need a random permutation π Z 1 Z 2 Z 3 Z 4 Consequences The attacks are applied on the sum of the variables ⇒ increases the algorithmic noise. 7/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  18. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Protection Parameters The security level of the protections depends on these parameters: Masking ◮ Ω: the number of shares (Ω − 1 masks); ◮ O : the order (i.e. the minimal key-dependent statistical moment). Perfect masking scheme ⇔ O = Ω. Shuffling ◮ Π the size of the permutation. 8/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  19. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Template Attacks Template attacks are the most powerful in a information-theoretic sense [Chari et al., 2002]. Offline Profiling The leakage model is learned: ◮ non-parametric methods (e.g. histogram, kernel methods...); ◮ parametric methods (e.g. mixture models). Online Attack Recover the key using the models by applying a maximum likelihood (ML) attack. 9/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  20. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Parametric or Non-Parametric ? Parametric The only random part is the noise with known distribution. ◮ easy to estimate; ◮ shuffle and mask are known; ◮ many templates are learned. Non-Parametric Shuffle and masks are part of the noise. ◮ can be hard to estimate ⇒ curse of dimensionality; ◮ shuffle and mask are unknown. 10/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  21. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Parametric or Non-Parametric ? Parametric The only random part is the noise with known distribution. ◮ easy to estimate; ◮ shuffle and mask are known; ◮ many templates are learned. Non-Parametric Shuffle and masks are part of the noise. ◮ can be hard to estimate ⇒ curse of dimensionality; ◮ shuffle and mask are unknown. 10/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  22. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Notations for the Online attack The attacks are applied on: ◮ Q queries (i.e. the traces). ◮ D dimension (i.e. the number of leakage samples); A leakage measurement is X = y ( t , k ∗ , R ) + N where: ◮ y ( t , k ∗ , R ) is the deterministic part of the model; ◮ the secret key k ∗ and the plaintext t are n -bit words; ◮ R is the random countermeasure; ◮ N is a random Gaussian noise of variance σ 2 . 11/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

  23. Introduction Side-Channel Analysis as a Threat Rounded Optimal Attack Protection Methods Case Study Template Attacks Maximum Likelihood Attacks Theorem (Maximum Likelihood [Bruneau et al., 2014]) When the model is known the optimal distinguisher ( OPT ) consists in maximizing the sum over all traces q = 1 , . . . , Q of the log-likelihood: Q log E exp −� x ( q ) − y ( t ( q ) , k , R ) � 2 � LL = , 2 σ 2 q =1 where expectation E is applied to the random variable R ∈ R and � · � is the Euclidean norm on R D . 1 For convenience we let γ = 2 σ 2 be the SNR parameter. 12/30 Taylor Expansion of Maximum Likelihood Attacks December 2016

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Taylor Expansion of Maximum Likelihood Attacks Institut Nicolas Bruneau 1 , 2 , Sylvain Guilley 1

Taylor Expansion of Maximum Likelihood Attacks Institut Nicolas Bruneau 1 , 2 , Sylvain Guilley 1

Taylor Expansion of Maximum Likelihood Attacks Institut Nicolas Bruneau 1 , 2 , Sylvain Guilley 1 , 3 , Mines-Telecom Annelie Heuser 1 , Olivier Rioul 1 , cois-Xavier Standaert 4 , Yannick Teglia 2 Fran 1 T el ecom-ParisTech, Crypto

913 views • 60 slides
Maximum Likelihood properties Maximum parsimony Maximum likelihood Experimental design

Maximum Likelihood properties Maximum parsimony Maximum likelihood Experimental design

N. Salamin c Sept 2007 Lecture outline Maximum likelihood in phylogenetics Definition Phylogenetics and bioinformatics for evolution Maximum likelihood and models Likelihood of a tree Computational complexity Statistical Maximum

697 views • 30 slides
Outline n Maximum likelihood (ML) n Priors, and maximum a posteriori (MAP) n

Outline n Maximum likelihood (ML) n Priors, and maximum a posteriori (MAP) n

Maximum Likelihood (ML), Expectation Maximization (EM) Pieter Abbeel UC Berkeley EECS Many slides adapted from Thrun, Burgard and Fox, Probabilistic Robotics Outline n Maximum likelihood (ML) n Priors, and maximum a posteriori (MAP) n

649 views • 23 slides
Maximum Likelihood Estimation CS 446 Maximum likelihood: abstract formulation Weve had one

Maximum Likelihood Estimation CS 446 Maximum likelihood: abstract formulation Weve had one

Maximum Likelihood Estimation CS 446 Maximum likelihood: abstract formulation Weve had one main meta-algorithm) this semester: (Regularized) ERM principle: pick the model that minimizes an average loss over training data. 1 / 76

643 views • 45 slides
Maximum Likelihood Estimation CS 446 Maximum likelihood: abstract formulation Weve had one

Maximum Likelihood Estimation CS 446 Maximum likelihood: abstract formulation Weve had one

Maximum Likelihood Estimation CS 446 Maximum likelihood: abstract formulation Weve had one main meta-algorithm this semester: (Regularized) ERM principle: pick the model that minimizes an average loss over training data. 1 / 70

599 views • 42 slides
1 Being Normal, Simultaneously Maximizing Likelihood with Uniform Now have two equations, two

1 Being Normal, Simultaneously Maximizing Likelihood with Uniform Now have two equations, two

Likelihood of Data Maximum Likelihood Estimator The Maximum Likelihood Estimator (MLE) of , Consider n I.I.D. random variables X 1 , X 2 , ..., X n is the value of that maximizes L ( ) X i a sample from density function f (X

419 views • 3 slides
Binary choice 3.3 Maximum likelihood estimation Michel Bierlaire Maximum likelihood

Binary choice 3.3 Maximum likelihood estimation Michel Bierlaire Maximum likelihood

Binary choice 3.3 Maximum likelihood estimation Michel Bierlaire Maximum likelihood estimation We now estimate the values of the unknown parameters 1 ,. . . , K from a sample of observations drawn at random from the population. Each

758 views • 8 slides
Maximum likelihood models Tues. Feb. 27, 2018 1 Overview of today Informal notion of

Maximum likelihood models Tues. Feb. 27, 2018 1 Overview of today Informal notion of

COMP 546 Lecture 14 Maximum likelihood models Tues. Feb. 27, 2018 1 Overview of today Informal notion of likelihood Formal definition of likelihood as conditional probability Maximum likelihood problems (sketch) 2 Scene

960 views • 40 slides
Maximum Likelihood (ML), Expectation Maximization (EM) Pieter Abbeel UC Berkeley EECS Many

Maximum Likelihood (ML), Expectation Maximization (EM) Pieter Abbeel UC Berkeley EECS Many

Maximum Likelihood (ML), Expectation Maximization (EM) Pieter Abbeel UC Berkeley EECS Many slides adapted from Thrun, Burgard and Fox, Probabilistic Robotics Outline n Maximum likelihood (ML) n Priors, and maximum a posteriori (MAP) n

630 views • 46 slides
Binary choice 3.3 Maximum likelihood estimation Michel Bierlaire Output of the estimation

Binary choice 3.3 Maximum likelihood estimation Michel Bierlaire Output of the estimation

Binary choice 3.3 Maximum likelihood estimation Michel Bierlaire Output of the estimation We explain here the various outputs from the maximum likelihood esti- mation procedure. Solution of the maximum likelihood estimation The main

170 views • 5 slides
Chapter 8: Estimation In this chapter we will cover: 1. The likelihood and maximum likelihood

Chapter 8: Estimation In this chapter we will cover: 1. The likelihood and maximum likelihood

Chapter 8: Estimation In this chapter we will cover: 1. The likelihood and maximum likelihood estimation ( 8.3, 8.5 Rice) 2. Introduction to decision theory( 15.115.3) The likelihood function We have seen many cases where we have

413 views • 10 slides
15-388/688 - Practical Data Science: Maximum likelihood estimation, nave Bayes J. Zico Kolter

15-388/688 - Practical Data Science: Maximum likelihood estimation, nave Bayes J. Zico Kolter

15-388/688 - Practical Data Science: Maximum likelihood estimation, nave Bayes J. Zico Kolter Carnegie Mellon University Spring 2018 1 Outline Maximum likelihood estimation Naive Bayes Machine learning and maximum likelihood 2 Outline

352 views • 22 slides
PARALLELIZATION OF MAXIMUM LIKELIHOOD MOTIVATION To analyze large amount of data using

PARALLELIZATION OF MAXIMUM LIKELIHOOD MOTIVATION To analyze large amount of data using

MAYANK KALE PARALLELIZATION OF MAXIMUM LIKELIHOOD MOTIVATION To analyze large amount of data using computationally intensive, model-based optimality criterion such as maximum likelihood (ML), there must be development in parallel and

273 views • 5 slides
Lecture 7: Maximum Likelihood Estimation (MLE) Maximum a Posteriori (MAP) Aykut Erdem

Lecture 7: Maximum Likelihood Estimation (MLE) Maximum a Posteriori (MAP) Aykut Erdem

Lecture 7: Maximum Likelihood Estimation (MLE) Maximum a Posteriori (MAP) Aykut Erdem October 2016 Hacettepe University Administrative Assignment 2 will be out on Thursday It is due November 10 (i.e. in 2 weeks) You will

831 views • 70 slides
Lecture 8: Maximum Likelihood Estimation (MLE) (contd.) Maximum a posteriori (MAP)

Lecture 8: Maximum Likelihood Estimation (MLE) (contd.) Maximum a posteriori (MAP)

Lecture 8: Maximum Likelihood Estimation (MLE) (contd.) Maximum a posteriori (MAP) estimation Nave Bayes Classifier Aykut Erdem March 2016 Hacettepe University Last time Flipping a Coin I have a coin, if I flip it, whats the

932 views • 82 slides
Maximum likelihood and EM algorithm (after the Chapter 8) Pasha Zusmanovich, deCODE Statistics

Maximum likelihood and EM algorithm (after the Chapter 8) Pasha Zusmanovich, deCODE Statistics

1 Maximum likelihood and EM algorithm (after the Chapter 8) Pasha Zusmanovich, deCODE Statistics Colloquium March 30, 2007 2 What is likelihood and what it is good for? Likelihood is just a conditional probability. Formal definition Given

775 views • 42 slides
Fast Compressive Sampling Using Fast Compressive Sampling Using Structurally Random Matrices

Fast Compressive Sampling Using Fast Compressive Sampling Using Structurally Random Matrices

Fast Compressive Sampling Using Fast Compressive Sampling Using Structurally Random Matrices Presented by: Thong Do (thongdo@jhu.edu) g ( g @j ) The Johns Hopkins University A joint work with Prof. Trac Tran , The Johns Hopkins University

726 views • 25 slides
in memory: an evolution of attacks Mathias Payer &lt;mathias.payer@nebelwelt.net&gt; UC

in memory: an evolution of attacks Mathias Payer &lt;mathias.payer@nebelwelt.net&gt; UC

in memory: an evolution of attacks Mathias Payer &lt;mathias.payer@nebelwelt.net&gt; UC Berkeley Images (c) MGM, WarGames, 1983 Memory attacks: an ongoing war Vulnerability classes according to CVE Memory attacks: an ongoing war David

725 views • 44 slides
A High-Quality and Fast Maximal Independent Set Algorithm for GPUs Martin Burtscher and Sindhu

A High-Quality and Fast Maximal Independent Set Algorithm for GPUs Martin Burtscher and Sindhu

A High-Quality and Fast Maximal Independent Set Algorithm for GPUs Martin Burtscher and Sindhu Devale Department of Computer Science Overview Introduction Serial and parallel algorithms Our parallel algorithm Optimizations

962 views • 61 slides
VOLA Guide for Using Vola Event Management and Timing Software for Season 18-19 Race Results

VOLA Guide for Using Vola Event Management and Timing Software for Season 18-19 Race Results

VOLA Guide for Using Vola Event Management and Timing Software for Season 18-19 Race Results Software usskiandsnowboard.org/sport-development/officials-development/timing-race-administration vola.fr/en/timing/logiciels/suite-skialp (correct

1.29k views • 87 slides
Why do banks not lend: An experiment testing contractual frictions. 1 Ali Choudhary 1 and Anil Jain

Why do banks not lend: An experiment testing contractual frictions. 1 Ali Choudhary 1 and Anil Jain

Introduction Experiment Results Conclusion Why do banks not lend: An experiment testing contractual frictions. 1 Ali Choudhary 1 and Anil Jain 2 1 State Bank of Pakistan and CEP, LSE 2 Federal Reserve Board of Governors January 7, 2020 1 The

393 views • 16 slides
How Should CMMI Evaluations Attempt to Account for Model Overlap? Workgroup members: Gregory

How Should CMMI Evaluations Attempt to Account for Model Overlap? Workgroup members: Gregory

How Should CMMI Evaluations Attempt to Account for Model Overlap? Workgroup members: Gregory Boyer, Susannah Cafardi, Philip Cotterill, Tim Day, Franklin Hendrick, Jennifer Lloyd, Patricia Markovich, Kelsey Weaver Objective Develop a strategy

501 views • 18 slides
Partnering and Pragmatic Trials in a Learning Health Care System AcademyHealth Annual Research

Partnering and Pragmatic Trials in a Learning Health Care System AcademyHealth Annual Research

Partnering and Pragmatic Trials in a Learning Health Care System AcademyHealth Annual Research Meeting By: Anna Spier June 25, 2017 J- PALs U.S. Health Care Delivery Initiative (HCDI) HCDI develops rigorous evidence of strategies to

913 views • 32 slides
Escalating Privileges in Linux using Fault Injection Niek Timmers Cristofaro Mune

Escalating Privileges in Linux using Fault Injection Niek Timmers Cristofaro Mune

Escalating Privileges in Linux using Fault Injection Niek Timmers Cristofaro Mune timmers@riscure.com c.mune@pulse-sec.com ( @ tieknimmers) ( @ pulsoid) September 25, 2017 Fault Injection A definition... Introducing faults in a target

969 views • 47 slides

More recommend