Liran Lerman - Academia.edu (original) (raw)

Papers by Liran Lerman

Lecture Notes in Computer Science, 2015

Lecture Notes in Computer Science, 2014

ABSTRACT Side-channel attacks challenge the security of cryptographic devices. A widespread count... more ABSTRACT Side-channel attacks challenge the security of cryptographic devices. A widespread countermeasure against these attacks is the masking approach. Masking combines sensitive variables with secret random values to reduce its leakage. In 2012, Nassar et al. (DATE, pp 1173–1178. IEEE, 2012) presented a new lightweight (low-cost) boolean masking countermeasure to protect the implementation of the Advanced Encryption Standard (AES) block-cipher. This masking scheme represents the target algorithm of the DPAContest V4 (http:// www. dpacontest. org/ home/ , 2013). In this paper, we present the first machine learning attack against a specific masking countermeasure (more precisely the low-entropy boolean masking countermeasure of Nassar et al.), using the dataset of the DPAContest V4. We succeeded to extract each targeted byte of the key of the masked AES with \(7.8\) traces during the attacking phase with a strategy based solely on machine learning models. Finally, we compared our proposal with (1) a stochastic attack, (2) a strategy based on template attack and (3) a multivariate regression attack. We show that an attack based on a machine learning model reduces significantly the number of traces required during the attacking step compared to these profiling attacks when analyzing the same leakage information.

Lecture Notes in Computer Science, 2013

Side channel attacks take advantage of information leakages in cryptographic devices. Template at... more Side channel attacks take advantage of information leakages in cryptographic devices. Template attacks form a family of side channel attacks which is reputed to be extremely effective. This kind of attacks assumes that the attacker fully controls a cryptographic device before attacking a similar one. In this paper, we propose to relax this assumption by generalizing the template attack using a method based on a semi-supervised learning strategy. The effectiveness of our proposal is confirmed by software simulations as well as by experiments on a 8-bit microcontroller.

Lecture Notes in Computer Science, 2013

ABSTRACT The goal of a profiling attack is to challenge the security of a cryptographic device in... more ABSTRACT The goal of a profiling attack is to challenge the security of a cryptographic device in the worst case scenario. Though template attack is reputed as the strongest power analysis attack, they effectiveness is strongly dependent on the validity of the Gaussian assumption. This led recently to the appearance of nonparametric approaches, often based on machine learning strategies. Though these approaches outperform template attack, they tend to neglect the potential source of information available in the temporal dependencies between power values. In this paper, we propose an original multi-class profiling attack that takes into account the temporal dependence of power traces. The experimental study shows that the time series analysis approach is competitive and often better than static classification alternatives.

International Journal of Applied Cryptography, 2014

Power analysis attack: an approach based on machine learning 1 Power analysis attack: an approach... more Power analysis attack: an approach based on machine learning 1 Power analysis attack: an approach based on machine learning Abstract: In cryptography, a side channel attack is any attack based on the analysis of measurements related to the physical implementation of a cryptosystem. Nowadays, the possibility of collecting a large amount of observations paves the way to the adoption of machine learning techniques, i.e. techniques able to extract information and patterns from large datasets. The use of statistical techniques for side channel attacks is not new. Techniques like Template Attack have shown their effectiveness in recent years. However these techniques rely on parametric assumptions and are often limited to small dimensionality setting, which limits their range of application. This paper explores the use of machine learning techniques to relax such assumption and to deal with high dimensional feature vectors.

Constructive Side-Channel Analysis and Secure Design, COSADE, Feb 24, 2011

Les systèmes de détection d'intrusion sont largement répandus de nos jours pour la sécurité ... more Les systèmes de détection d'intrusion sont largement répandus de nos jours pour la sécurité de systèmes informatiques. Ils permettent à la fois de détecter et de répondre à une attaque en temps réel ou en hors-ligne. Cet état de l'art présente un mélange prometteur: les systèmes de détection d'intrusion basés sur le machine learning.

Lecture Notes in Computer Science, 2015

Lecture Notes in Computer Science, 2014

ABSTRACT Side-channel attacks challenge the security of cryptographic devices. A widespread count... more ABSTRACT Side-channel attacks challenge the security of cryptographic devices. A widespread countermeasure against these attacks is the masking approach. Masking combines sensitive variables with secret random values to reduce its leakage. In 2012, Nassar et al. (DATE, pp 1173–1178. IEEE, 2012) presented a new lightweight (low-cost) boolean masking countermeasure to protect the implementation of the Advanced Encryption Standard (AES) block-cipher. This masking scheme represents the target algorithm of the DPAContest V4 (http:// www. dpacontest. org/ home/ , 2013). In this paper, we present the first machine learning attack against a specific masking countermeasure (more precisely the low-entropy boolean masking countermeasure of Nassar et al.), using the dataset of the DPAContest V4. We succeeded to extract each targeted byte of the key of the masked AES with \(7.8\) traces during the attacking phase with a strategy based solely on machine learning models. Finally, we compared our proposal with (1) a stochastic attack, (2) a strategy based on template attack and (3) a multivariate regression attack. We show that an attack based on a machine learning model reduces significantly the number of traces required during the attacking step compared to these profiling attacks when analyzing the same leakage information.

Lecture Notes in Computer Science, 2013

Side channel attacks take advantage of information leakages in cryptographic devices. Template at... more Side channel attacks take advantage of information leakages in cryptographic devices. Template attacks form a family of side channel attacks which is reputed to be extremely effective. This kind of attacks assumes that the attacker fully controls a cryptographic device before attacking a similar one. In this paper, we propose to relax this assumption by generalizing the template attack using a method based on a semi-supervised learning strategy. The effectiveness of our proposal is confirmed by software simulations as well as by experiments on a 8-bit microcontroller.

Lecture Notes in Computer Science, 2013

ABSTRACT The goal of a profiling attack is to challenge the security of a cryptographic device in... more ABSTRACT The goal of a profiling attack is to challenge the security of a cryptographic device in the worst case scenario. Though template attack is reputed as the strongest power analysis attack, they effectiveness is strongly dependent on the validity of the Gaussian assumption. This led recently to the appearance of nonparametric approaches, often based on machine learning strategies. Though these approaches outperform template attack, they tend to neglect the potential source of information available in the temporal dependencies between power values. In this paper, we propose an original multi-class profiling attack that takes into account the temporal dependence of power traces. The experimental study shows that the time series analysis approach is competitive and often better than static classification alternatives.

International Journal of Applied Cryptography, 2014

Power analysis attack: an approach based on machine learning 1 Power analysis attack: an approach... more Power analysis attack: an approach based on machine learning 1 Power analysis attack: an approach based on machine learning Abstract: In cryptography, a side channel attack is any attack based on the analysis of measurements related to the physical implementation of a cryptosystem. Nowadays, the possibility of collecting a large amount of observations paves the way to the adoption of machine learning techniques, i.e. techniques able to extract information and patterns from large datasets. The use of statistical techniques for side channel attacks is not new. Techniques like Template Attack have shown their effectiveness in recent years. However these techniques rely on parametric assumptions and are often limited to small dimensionality setting, which limits their range of application. This paper explores the use of machine learning techniques to relax such assumption and to deal with high dimensional feature vectors.

Constructive Side-Channel Analysis and Secure Design, COSADE, Feb 24, 2011

Les systèmes de détection d'intrusion sont largement répandus de nos jours pour la sécurité ... more Les systèmes de détection d'intrusion sont largement répandus de nos jours pour la sécurité de systèmes informatiques. Ils permettent à la fois de détecter et de répondre à une attaque en temps réel ou en hors-ligne. Cet état de l'art présente un mélange prometteur: les systèmes de détection d'intrusion basés sur le machine learning.