Omar Choudary

Efficient Template Attacks

Template attacks remain a powerful side-channel technique to eavesdrop on tamper-resistant hardware. They model the probability distribution of leaking signals and noise to guide a search for secret data values. In practice, several numerical obstacles can arise when implementing such attacks with multivariate normal distributions. We propose efficient methods to avoid these. We also demonstrate how to achieve significant performance improvements, both in terms of information extracted and computational cost, by pooling covariance estimates across all data values. We provide a detailed and systematic overview of many different options for implementing such attacks. Our experimental evaluation of all these methods based on measuring the supply current of a byte-load instruction executed in an unprotected 8-bit microcontroller leads to practical guidance for choosing an attack algorithm.

MARCH: mobile augmented reality for cultural heritage

We present MARCH, a complete solution for enhanced cultural heritage discovery using the mobile phone. Simply point the camera of a mobile device at prehistoric cave engravings. Then MARCH augments the captured images with the experts drawings, highlighting in real time the animal engravings, which are almost impossible to observe with the naked eye. We have created a mobile augmented reality application which runs at 14 FPS for 320x240 frames on a Nokia N95 smartphone. We describe the optimizations and the requirements needed to obtain these results on mobile devices.

Template Attacks on Different Devices

Template attacks remain a most powerful side-channel technique to eavesdrop on tamper-resistant hardware. They use a profiling step to compute the parameters of a multivariate normal distribution from a training device and an attack step in which the parameters obtained during profiling are used to infer some secret value (e.g. cryptographic key) on a target device. Evaluations using the same device for both profiling and attack can miss practical problems that appear when using different devices. Recent studies showed that variability caused by the use of either different devices or different acquisition campaigns on the same device can have a strong impact on the performance of template attacks. In this paper, we explore further the effects that lead to this decrease of performance, using four different Atmel XMEGA 256 A3U 8-bit devices. We show that a main difference between devices is a DC offset and we show that this appears even if we use the same device in different acquisition campaigns. We then explore several variants of the template attack to compensate for these differences. Our results show that a careful choice of compression method and parameters is the key to improving the performance of these attacks across different devices. In particular we show how to maximise the performance of template attacks when using Fisher’s Linear Discriminant Analysis or Principal Component Analysis. Overall, we can reduce the entropy of an unknown 8-bit value below 1.5 bits even when using different devices.

Mobile guide applications using representative visualizations

Recent developments of hardware capabilities on mobile devices have made Location Based Services(LBS) very popular. This triggered an increasing need of rich visual content in mobile guide applications. This paper presents two original approaches for using representative visualizations: artistic views which represent an arbitrary deformation made by an artist and perspective views(3D-like) obtained from 3D models. Both approaches are based on learning GPS-to-image relations. We show an efficient use of the thin-plate spline for registering GPS coordinates with images. We also show the implementation of our guiding system on two mobile platforms.

SECURITY ANALYSIS AND DECRYPTION OF FILEVAULT 2

This paper describes the first security evaluation of FileVault 2, a volume encryption mechanism that was introduced in Mac OS X 10.7 (Lion). The evaluation results include the identification of the algorithms and data structures needed to successfully read an encrypted volume. Based on the analysis, an open-source tool named libfvde was developed to decrypt and mount volumes encrypted with FileVault 2. The tool can be used to perform forensic investigations on FileVault 2 encrypted volumes. Additionally, the evaluation discovered that part of the user data was left unencrypted; this was subsequently fixed in the CVE-2011-3212 operating system update.

Make noise and whisper: a solution to relay attacks (transcript of discussion)

In the uninterrupted part of my presentation I explained the core of our solution and presented one example for method 1. The solution is described in detail in the paper. In the next paragraphs the discussion continues at the point where I present one example of transaction between Alice and Bob (see the image below). OK, what happened in a different case? So in this case Bob will insert an error. Alice again sends the same bit, the white ball, which is a one, and Bob will insert an error this time. What would you expect to happen? Well, after the computation what you can see is that on the channel we get the black ball. What means that? From Alices perspective that means that she can detect that Bob has inserted an error because the output was different than the input. From Bobs perspective, its not very clear what happened, because he inserted a black ball which means that he was inserting an error. Therefore he has no idea if Alice was inserting a white ball or a black ball, so this was the same if Alice was inserting a black ball as well.