Category Archive: Academic

Sep 06

Algebraic side-channel attacks: Use of SAT solvers with non-profiled attacks.

Master thesis by Florian Delporte

Abstract

In 2009, Mathieu Renauld and François-Xavier Standaert proposed new kinds of
powerful attacks combining Algebraic Attacks with Side-channel Attack (SCA). As ex-
ample of such attacks, they used a Bayesian template attack against Present. The results
of this attack were very good since they managed to recover the correct key with only
one SCA.
Based on these results, one could wonder if any SCA could be used for these attacks
and if some additional steps would be required to be compatible with an Algebraic
Attack. To answer this question, we will perform an Algebraic Side-channel Attack
(ASCA) using a very simple yet powerful SCA: the Correlation Power Analysis.
This attack analyzes the power traces recorded from a cryptographic device in order
to compute the correlation between these traces and the hypotheses. These n best hy-
potheses can then be inserted into the Algebraic Attack to find the correct hypothesis.
The problem of a Correlation Power Analysis is that its performance degrades when
the traces are too noisy or when there is not enough data. These poor performances
introduce impossibilities in the Algebraic Attack by rejecting the correct hypothesis key.
This means that when the performances of the SCA degrade, the Algebraic Attack
is unable to correct these errors and the performance of the constructed ASCA cannot
be better than the Correlation Power Analysis.
Based on this ascertainment, we proposed several properties that a SCA needs to
respect in order to be a good candidate for an ASCA:
These attacks should never introduce impossibilities in the Algebraic Attack by being
very efficient even when the side-channel traces are noisy or when there are not enough
power traces. Or the SCA could use an additional step to detect the impossibilities
before sending its results to the Algebraic Attack.
The candidate should be able to extract information about the cryptographic device
during all the encryption process and not only at a specific moment such as in a typical
Correlation Power Analysis.
Finally, we stated that a good ASCA should be able to perform a tradeoff between
the amount of side-channel traces and the computation time of the Algebraic Attack in
order to find the correct solution every time with sometimes a long computation time
when the traces are not good enough.
An additional goal of this master thesis is the presentation of an automated tool
called CryptoSAT allowing to describe a cryptographic algorithm by a Satisfiability
Problem (SAT) problem. This tool will be used in order to construct the SAT problem
defining the Present block cipher. In this work we will show how easy it is to use this
tool.

The code of Present for CryptoSAT is available for download.

The project was supervised by Nikita Veshchikov.

The director of the project is Olivier Markowitch.

Jul 06

Simulator of Enigma I

Enigma is an electro-mechanical cryptographic machine that is able to encrypt and decrypt messages. Various versions of this machine were used in the middle of the 20th century.

The goal of this work was to create a web application using javascript (with use of html and css). The web application provides a visual and functional simulations of Enigma I machine.

This program was developed by Hakim Boulahya during his third year of BA in Computer Sciences. You can download the javascript source code and his report (in French). You can also try this simulator on Hakim’s web-page.

The project was supervised by Nikita Veshchikov.

The director of the project is Olivier Markowitch.

Jul 06

Simulator of Enigma M3

Enigma is an electro-mechanical cryptographic machine that is able to encrypt and decrypt messages. Various versions of this machine were used in the middle of the 20th century.

The goal of this work was to create a Java application that is able to simulate the model M3 of Enigma machine. The project was developed by David Fishel during his third year of BA in Computer Sciences. You can download the Java source code and his report (in French).

The project was supervised by Nikita Veshchikov.

The director of the project is Olivier Markowitch.

Feb 27

Implementation aspects of Keccak

The purpose of this work is to scientifically analyze the gain obtained by implementing a parallel mode of use on top of Keccak. This includes tree hash modes and parallel authenticated encryption schemes. The student’s tasks would include:
– to model the performance of a mode as a function of its parameters;
– to measure the actual performance and to scientifically compare it to
the model;
– to propose optimal parameters or to fine-tune the mode.

Supervision: Keccak team – Director : Olivier Markowitch (ULB)

Feb 27

Side-channel aspects of Keccak-based authentication and/or encryption schemes

The purpose of this work is to analyze the sensitivity to side-channel attacks of an implementation of the Keccak-f round function, which is relevant to any FIPS 202 instance in the presence of a key, or to the Keyak or Ketje authenticated encryption schemes. The student’s tasks would include:
– to model the leakage;
– to analyze an implementation;
– to scientifically compare the obtained results to the model;
– to propose countermeasures (or improvements thereof).

Supervision: Keccak team – Director : Olivier Markowitch (ULB)

Jan 25

Secured RTOS, HIPPEROS as a case study

The aim of the thesis is to propose measures to introduce security in the architecture of a modern Real-Time Operating System (RTOS) in the sense of allowing Multiple Levels of Security (MILS). This means both the security of the RTOS itself related to the authentication of the kernel, updates, drivers, services, … as well as the secure management of applications (for example: registration of a new application, update and upgrade of applications and execution of applications) and the security of data inside applications. The student would study the HIPPEROS architecture and propose, based on the state-of-the-art of secure operating systems, how to smoothly integrate such an architecture in the existing development process of HIPPEROS. The study would allow developers to implement practically and easily the proposed architecture in the operating system.

One of the challenges is to define a predictable real-time architecture. An interesting aspect of the proposed work is to deal with different domains of computer sciences: operating systems, real-time and security.

References

Contacts: Olivier Markowitch and Joël Goossens

Jan 08

Comparison of acquisition techniques for side channel attacks

In order to conduct a side channel attack such as power analysis, we first need
to collect data (power traces). There exist several ways to acquire power traces from a device, each of these techniques also have several parameters. The goal of this master thesis (rather oriented to electronic aspects) is to compare different acquisition techniques that might be used for power analysis.

Contact : Liran Lerman et Olivier Markowitch

Oct 25

Advances in secure remote electronic voting: Public dissertation

This friday 2015-10-30T16:30, Jérôme Dossogne will discuss his work regarding advances in secure remote electronic voting.

Apr 18

CALL FOR PAPERS | eDemocracy

CALL FOR PAPERS | eDemocracy.

 

e-Democracy 2015: Citizen rights in the world of the new computing paradigms 
6th International Conference on 
e-Democracy
CALL FOR PAPERS 
December 10-11, 2015, Athens, Greece
www.edemocracy2015.eu

Information and communication technologies move fast; faster than society, faster than governments, faster than the law. Connectivity is already impressive, but the near future brings about the interconnection of everything, via the Internet of Things. It also brings fundamental changes to our computing paradigm, with cloud computing gaining momentum and being expected to become the prevalent computing paradigm in the years to come. Increasingly more data are being collected, about almost everything one can imagine; and they remain there, in cyberspace, for ever, sometimes even resisting efforts to delete them. These data are so attractive that a new science, going by the name “big data” has already emerged. All these developments constitute in most cases an improvement in our everyday lives, but sometimes infringe our rights as citizens. The challenge, therefore, is to safeguard citizen rights in the face of a new era, landmarked by new computing paradigms.
This is the theme of the 6th occasion of the International Conference on e-Democracy that will be held in Athens, the cradle of democracy, on 10-11 December 2015. The conference is organized by the Scientific Council for the Information Society, in co-operation with the Hellenic Data Protection Authority and a substantial number of European and Greek universities and academia. It is intended, similarly to previous occasions, to provide a forum for presenting and debating the latest developments in the field, from a technical, political, and legal point of view.
The conference will include keynote addresses, tutorials, panels, Ph.D. colloquia and sessions, workshops, special, regular and poster sessions. All papers will be peer reviewed. Acceptance will be based on quality, relevance, and originality. Accepted papers will be published in the conference proceedings and selected papers will be invited to participate (after the necessary enhancements) to the evaluation process for inclusion in special issues of peer-reviewed journals.
The working language of the 6th International Conference on “e-Democracy ‘15: Challenges for Citizen Rights in the World of the New Computing Paradigms” is English. It is possible, however, that papers on Greek Law cases of e-Democracy issues be presented in Greek.
Topics of interest
The topics of interest include, but are not limited to, the following:

  • e-Democracy and e-Participation
      o e-Campaigning, e-Politics
      o e-Voting
      o Information and Consultation Platforms
      o Collaborative working environments for e-Democracy
      o Social computing and e-Democracy

• e-Government

    o Open and Big Data for e-Government
    o Cloud computing for e-Government
    o m-Government
    o e-Government services and administrative burdens
    o Business process modeling for e-Government systems
    o Tools and models for e-Government development
    o Case studies and European projects

• Security, Privacy and Trust

    o Security, Privacy and Trust in e-Business services
    o Security, Privacy and Trust in e-Government services
    o Security, Privacy and Trust in Online Social Network Services
    o Cloud Computing Security and Privacy
    o Identity Management, Identity Theft and Trust Management
    o Information Audit and Trust
    o Digital Rights Management
    o Trust and Reputation in Digital Environments
    o Cyber attacks and advances on network security
    o Cryptographic Technologies
    o Anonymisation Methodologies and Best Practices
    o Privacy by Design and Default Methodologies
    o Tracking Technologies and Do-Not-Track Systems
    o Privacy Impact Assessment Methodologies
    o Privacy Enhancing Location and Mobility Management
    o Security and Privacy Audit, Risk and Governance
    o Security and Data Protection Education
    o Tradeoffs between security and efficiency, usability, reliability and cost

• e-Crime, e-Fraud and Digital Forensics

    o Cyber Crime Detection and Prevention
    o Internet Fraud, Cyber War
    o Computer Forensics and Anti-forensics

• Social, legal and ethical issues

    o Digital Divide
    o Internet Addiction
    o Transparency and Accountability in Data Protection
    o Ethics in Digital Societies
    o Surveillance Technologies and Legal Implications
    o Freedom of Expression and Privacy
    o Freedom of Information and Privacy
    o Social factors of collaborative creativity

Important Dates
Full paper submission deadline: May 31, 2015
Notification of decision: July 15, 2015
Camera-ready deadline: July 30, 2015

Instructions for Authors
Submitted papers must not substantially overlap with papers that have been published or that have been simultaneously submitted to a journal or a conference with proceedings. All submissions should be appropriately anonymised (i.e., papers should not contain author names or affiliations, or obvious citations). Submissions should be at most 15 pages, including the bibliography and well-marked appendices, and should follow the LNCS style (http://www.springeronline.com/lncs). Submissions are to be made to the submission web site at https://easychair.org/conferences/?conf=edemocracy15. Only pdf files will be accepted. Submissions not meeting these guidelines risk rejection without consideration of their merits. Papers must be received by the deadline of 31 May 2015 (11:59 p.m. American Samoa time). Authors of accepted papers must guarantee that their papers will be presented at the conference. Efforts will be made to publish the conference proceedings by Springer in the Lecture Notes in Computer Science (LNCS) series.

The authors of selected accepted papers will be invited to extend their work for further publication in the Emerald journal Information and Computer Security (http://www.emeraldinsight.com/journal/ics# ).

Conference Steering Committee
Sokratis K. Katsikas, University of Piraeus, Greece (Chair)
Vassilis Zorkadis, Vice-President of SCIS, Greece (Vice-chair)
Philippos Mitletton, Secretary General of SCIS, Greece (Secretary)
Lazaros Iliadis, Democritus University of Thrace, Greece
Constantina Costopoulou, Agricultural University of Athens, Greece
Constantine Yialouris, Agricultural University of Athens, Greece
Elias Pimenidis, University of the West of England, UK
Spyros Voulgaris, Vrije Universiteit, The Netherlands
Irene Vassilaki, Board member of SCIS, Greece
Charalampos Patrikakis, Technological Educational Institute of Piraeus, Greece

Conference Honorary Chair
Alexander B. Sideridis, Agricultural University of Athens, Greece

Program Committee Chair
Sokratis K. Katsikas, University of Piraeus, Greece

Program Committee
Isaac Agudo, University of Malaga, Spain
Evgenia Alexandropoulou, University of Macedonia, Greece
Zacharoula Andreopoulou, Aristotle University of Thessaloniki, Greece
Maria Bottis, Ionian University, Greece
Christos Bouras, University of Patras, Greece
Athena Bourka, ENISA, Greece
David Chadwick, University of Kent, UK
Vassilios Chryssikopoulos, Ionian University, Greece
Nathan Clarke,University of Plymouth, UK
Tina Costopoulou, Agricultural University of Athens, Greece
Ernesto Damiani, University of Milan, Italy
Sabrina De Capitani Di Vimercati, University of Milan, Italy
Christos Douligeris, University of Piraeus, Greece
Carmen Fernández-Gago, University of Malaga, Spain
Simone Fischer-Hübner, Karlstad University, Sweden
Sara Foresti,University of Milan, Italy
Steven Furnell, University of Plymouth, UK
Jürgen Fuß,University of Applied Sciences Upper Austria,Austria
Dimitris Geneiatakis, EC Joint Research Center Ispra, Italy
Christos Georgiadis, University of Macedonia, Greece
Dimitris Gouscos, University of Athens, Greece
Stefanos Gritzalis, University of the Aegean, Greece
Mp.Gupta,Indian Institute of Technology Delhi (IIT Delhi), India
Marit Hansen,Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein, Germany
Lazaros Iliadis, Democritus University of Thrace, Greece
Dimitra Kaklamani, National Technical University of Athens, Greece
Christos Kalloniatis, University of the Aegean, Greece
Ioanna Kantzavelou, Technological Educational Institute of Athens, Greece
Maria Karyda, University of the Aegean, Greece
Vasilis Katos, Bournemouth University, UK
Spyros Kokolakis, University of the Aegean, Greece
Nicholas Kolokotronis, University of Peloponnese, Greece
Panayiotis Kotzanikolaou, University of Piraeus, Greece
Costas Lambrinoudakis, University of Piraeus, Greece
Maria Lambrou, University of the Aegean, Greece
Konstantinos Limniotis, University of Athens, Greece
Antonio Lioy, Politecnico di Torino, Italy
Javier Lopez, University of Malaga, Spain
Nikos Lorentzos, Agricultural University of Athens, Greece
Euripidis Loukis, University of the Aegean, Greece
Emmanouil Magkos, Ionian University, Greece
Vicky Manthou, University of Macedonia, Greece
Nikolaos Marianos, University of the Aegean, Greece
Giannis Marias, Athens University of Economics and Business, Greece
Olivier Markowitch, Université Libre de Bruxelles (ULB), Belgium
Vashek Matyas, Masaryk University, Czech Republic
Vojtech Merunka, Czech Technical University in Prague, Czech Republic
Lilian Mitrou, University of the Aegean, Greece
Martin Molhanec, Czech Technical University in Prague, Czech Republic
Haris Mouratidis, University of Brighton, UK
Maria Ntaliani, Agricultural University of Athens, Greece
Christoforos Ntantogian, University of Piraeus, Greece
Martin Olivier, University of Pretoria, South Africa
Rolf Oppliger, eSECURITY Technologies, Switzerland
Andreas Pashalidis, K.U.Leuven, Belgium
Charalampos Patrikakis, National Technical University of Athens, Greece
Guenther Pernul, University of Regensburg,Germany
Elias Pimenidis, University of the West of England, UK
Nineta Polemi, University of Piraeus, Greece
Bart Preneel, K.U. Leuven, Belgium
Andreja Pucihar, University of Maribor, Slovenia
Gerald Quirchmayr, University of Vienna, Austria
Muttukrishnan Rajarajan, City University, UK
Kai Rannenberg, Goethe University Frankfurt, Germany
Panagiotis Rizomiliotis, University of the Aegean, Greece
Carsten Rudolph, Fraunhofer Institute for Secure Information Technology, Germany
Christoph Ruland, University of Siegen, Germany
Pierangela Samarati, University of Milan, Italy
Einar Snekkenes, Gjovik University College, Norway
Miguel Soriano,U niversitat Politècnica de Catalunya (UPC), Spain
Diomidis Spinellis, Athens University of Economics and Business, Greece
Paul Spirakis,University of Patras, Greece
Stephanie Teufel, University of Fribourg, iimt, Switzerland
Marianthi Theocharidou, Athens University of Economics & Business, Greece
Yannis Theocharis,University of Mannheim, Germany
Aggeliki Tsochou,Ionian University, Greece
Irene Vassilaki, SCIS, Greece
Maro Vlachopoulou, University of Macedonia, Greece
Vasileios Vlachos, Technological Educational Institute of Larissa, Greece
Spyros Voulgaris, VU University Amsterdam, The Netherlands
Edgar Weippl, Vienna University of Technology, Austria
Christos Xenakis, University of Piraeus, Greece
Constantine Yialouris, Agricultural University of Athens, Greece
Jianying Zhou, Institute for infocomm research, Singapore
Vassilis Zorkadis, Hellenic Data Protection Authority, Greece
Sotiris Karetsos, Agricultural University of Athens, Greece

Download CfP

Apr 10

ASMx86 Course x86 Disassembly – Wikibooks, open books for an open world

x86 Disassembly – Wikibooks, open books for an open world.

Older posts «

» Newer posts