Presentation is loading. Please wait.

Presentation is loading. Please wait.

Practical Difficulties of Physical Attacks

Published byJohanna Messner Modified over 6 years ago

Similar presentations

Presentation on theme: "Practical Difficulties of Physical Attacks"— Presentation transcript:

1 Practical Difficulties of Physical Attacks
Christophe Giraud © 2010 Oberthur Technologies

2 Overview On the Difficulty When Setting-up Side-Channel Countermeasures A Practical Point of View on Physical Attacks The Story of a Successful Attack © 2010 Oberthur Technologies November 20, 2018

3 On the Difficulty When Setting-up Side-Channel Countermeasures
© 2010 Oberthur Technologies

4 Theoretical Cryptanalysis
Plaintext The treasure is hidden in the kitchen cupboard Captain Cook Cryptographic Black Box Ciphertext oiE9SOjdf4sdf% 68sdLKFfkjù£kj édf654dg5KUE 4fos9uI$pjPrg9iè 6dskojOI%F87 34dgfkl09m°k6 Find from and The treasure is hidden in the kitchen cupboard Captain Cook oiE9SOjdf4sdf% 68sdLKFfkjù£kj édf654dg5KUE 4fos9uI$pjPrg9iè 6dskojOI%F87 34dgfkl09m°k6 Hacker’s aim: © 2010 Oberthur Technologies November 20, 2018

5 Side-Channel Analysis
Timing Power consumption Electromagnetic radiations Plaintext Ciphertext The treasure is hidden in the kitchen cupboard Captain Cook oiE9SOjdf4sdf% 68sdLKFfkjù£kj édf654dg5KUE 4fos9uI$pjPrg9iè 6dskojOI%F87 34dgfkl09m°k6 Temperature Sound © 2010 Oberthur Technologies November 20, 2018

6 Question : If LH is known, is it easy to adapt S ?
Leakages When developing a sensitive application on an embedded device: An hardware H which leaks LH is used A software S is developed to be executed on H During the life of the device, the attackers will observe LH(S) The developer’s objective: Adapt S such that LH(S) does not leak Question : If LH is known, is it easy to adapt S ? © 2010 Oberthur Technologies November 20, 2018

7 A Simple Microprocessor Architecture
© 2010 Oberthur Technologies November 20, 2018

8 Possible leakages of a known architecture
Code example : R3  R3 & R4 R1  R1  R6 Leaking model of the processor : Access bus leaking in the HD model Memory cells leaking in the HW model What are the leakages observed during the XOR operation? © 2010 Oberthur Technologies November 20, 2018

9 R3  R3 AND R4 R1  R1 XOR R6 R0 R1 R2 Op1 R3 Instruction Op2 R4 R5 R6
© 2010 Oberthur Technologies November 20, 2018

10 R3  R3 AND R4 R0 R1 R2 R3&R4 Op1 R3 Instruction Op2 R4 R4 R5 R6 R7
© 2010 Oberthur Technologies November 20, 2018

11 R1  R1 XOR R6 R0 R1 R2 R1R6 Op1 R3&R4 Instruction Op2 R4 R5
Leakages: (R3, R1) (R4, R6) Leakages: (R3&R4, R1R6) R4 R6 R1R6 R7 © 2010 Oberthur Technologies November 20, 2018

12 Possible leakages of a known architecture
Code example : R3  R3 & R4 R1  R1  R6 What are the leakages observed during the XOR operation? (R3, R1) (R4, R6) (R3&R4, R1R6) R1R6 Complex leakages © 2010 Oberthur Technologies November 20, 2018

13 Possible leakages of a known architecture
An example from real life: R1  R1  R3 R0  R0  R1 Analysis: R1  XOR R1, R3 R1 = Mask R3 = Random  R1 = Mask  Random R0  XOR R0, R1 R0 = SensitiveValue  Random R1 = Mask  Random  R0 = SensitiveValue  Mask SensitiveValue  Random Random Mask SensitiveValue  Mask SensitiveValue © 2010 Oberthur Technologies November 20, 2018

14 Microprocessor architecture
Leaks in the HD model Leaks in the HW model © 2010 Oberthur Technologies November 20, 2018

15 Possible leakages of a known architecture
Now let us observe a piece of code using RAM access: R0  LOAD Key R1  LOAD Input R2  LOAD Random R2  XOR R2, R1 ; R2 = Input  Random R0  XOR R0, R2 ; R0 = Input  Random  Key R0  STORE R0 Identify leakages when using interlaced dedicated code is a difficult task Input  Key RAM CPU Input  Key © 2010 Oberthur Technologies November 20, 2018

16 Possible leakages of a known architecture
CPU RAM CPU RNG DES CPU RAM RNG © 2010 Oberthur Technologies November 20, 2018

17 Question : If LH is known, is it easy to adapt S ?
First Conclusion Question : If LH is known, is it easy to adapt S ? Answer : No Implementing efficient software side-channel countermeasures requires: The precise architecture of the chip A deep analysis of the possible leakages If the architecture is unknown: Implement second-order countermeasures to resist first-order attacks This prevents each and every kind of Hamming distance leakages But very costly overhead ! © 2010 Oberthur Technologies November 20, 2018

18 A Practical Point of View on Physical Attacks
© 2010 Oberthur Technologies

19 Dependencies The practicality of a side channel attack depends on the time required to perform the statistical treatment Therefore it depends on the curves’ size which depends on : The kind of side channel which is used: Power Analysis: sample rate >50MS/s Electromagnetic Analysis: sample rate >2GS/s Example on a 1ms algorithm: PA: point curve EMA: point curve EMA PA © 2010 Oberthur Technologies November 20, 2018

20 Dependencies The curves’ size depends on :
The knowledge of the implementation : NO: must use a quite large curve: > 500 points in PA > 20 000 points in EMA YES but synchronisation event at the beginning of the algorithm ? YES: can isolate precisely where the leakages are 10 points per instruction in PA, 400 points per instruction in EMA NO: can’t identify precisely where the leakages are 100 points in PA, 4 000 points in EMA © 2010 Oberthur Technologies November 20, 2018

21 Side Channel Analysis Let us take a practical example : First-order:
Full knowledge of the implementation of an AES No synchronisation event at the beginning of the algorithm. No information in PA, the attacker must use EMA 4000-point curve CEMA succeeds on the SBox output by using traces only Impossible to perform Profiled attacks First-order: Easy to put into practice Attack’s characteristics: 30 seconds and 5 MB of RAM Second-order: Curve length after the combination step: points Attack’s characteristics: 18 hours and 8 GB of RAM Third-order: Curve length after the combination step: points Attack’s characteristics: 4 years and 16 TB of RAM © 2010 Oberthur Technologies November 20, 2018

22 How can we mount fast high-order attacks in practice?
Side Channel Analysis Open problem: How can we mount fast high-order attacks in practice? Partial answer: use the Frequency domain: If n sensitive variables leaks at the same frequency, one point represents the leakages of these n variables However, all the other variables manipulated during our measurement leaking at this frequency will induce noise © 2010 Oberthur Technologies November 20, 2018

23 The goal of SCA in industry
In industry, the goal of an attacker is to validate the resistance of an implementation exhaustive testing For instance on the AES, the attacker first performs 1O-SCA on temporary values depending on 8 and 16 bits of the key Performing all these attacks: 4 days Secondly, evaluator performs 2O-SCA on each and every 8-bit or 16-bit key dependant values : more than 6 months! One can say that the attacker can bypass some testing if proofreading seems conclusive But as shown before, even if the code seems to be secure, you can't certify it! © 2010 Oberthur Technologies November 20, 2018

24 Synchronisation: a barely known problem
The synchronisation could be the most difficult step of an attack: Open problem: How to efficiently synchronise several signals ? © 2010 Oberthur Technologies November 20, 2018

25 Fault Analysis Definition:
n-order FA = disturb the component n times during one execution of the algorithm Practicality of n-order FA if the component is very easy to disturb: First order : easy to mount Second order : easy to mount Third order & more : easy to mount However: a fault cannot only disturb the value of a variable, it can: avoid the execution of a piece of code, transform an instruction into another, modify pointers, etc… © 2010 Oberthur Technologies November 20, 2018

26 Fault Analysis Fault Injection DES
In most cases we can’t foresee the consequences of a fault It is very difficult to exploit a fault It is therefore (very difficult)n to exploit a n-order active attack © 2010 Oberthur Technologies November 20, 2018

27 Second Conclusion High-Order Attacks are very time consuming
Need to find more efficient methods for HOSCA Practical validation of the resistance of an algorithm against each and every possible attack is impossible. In practice, the attacks which are performed are identified by using: Knowledge of the chips architecture Weaknesses identified during proofreading But everything depends on the evaluator’s expertise! © 2010 Oberthur Technologies November 20, 2018

28 The Story of a Successful Attack
© 2010 Oberthur Technologies

29 Target Of Evaluation resistant to attackers with attack potential of
Common Criteria During an evaluation, successful attacks are rated by using the JIL quotation. Typical requested level is VAN 5. Even if an attack is performed on a product, the product is certified with the highest level if the JIL quotation of the attack is above 31. How to rate an attack? VAN.1 VAN.2 VAN.3 VAN.4 VAN.5 Range of values Target Of Evaluation resistant to attackers with attack potential of VAN 0-15 No rating 1 16-20 Basic 2 21-24 Enhanced-basic 3 25-30 Moderate 4 31 and above High 5 © 2010 Oberthur Technologies November 20, 2018

30 How to rate an attack? Divided into 2 phases:
Identification : definition of the attack Exploitation : once a script is published on the world wide web Each phase is evaluated following 6 criteria: Elapsed time, Expertise, Knowledge of the Target Of Evaluation (TOE), Access to the TOE, Equipment needed to carry out an attack, Open samples or Samples with known secrets. © 2010 Oberthur Technologies November 20, 2018

31 Let us see how to do on an example
Rating of a DPA to retrieve DES key during DES calculation Factor Comment Identification Exploitation Elapsed Time Expertise Knowledge of TOE Access to TOE Equipment Open Sample / Known Key Points Sub Total Total © 2010 Oberthur Technologies November 20, 2018

32 Elapsed Time Identification Exploitation < one hour < one day 1
Factor Comment Identification Exploitation Elapsed Time Expertise Knowledge of TOE Access to TOE Equipment Open Sample / Known Key Points Sub Total Total Identification Exploitation < one hour < one day 1 3 < one week 2 4 < one month 6 > one month 5 8 Not practical * Not practical  3/5 years Elapsed Time 20,000 traces takes about 3 hours. Signal analysis and running the DPA analysis software will take a few hours < 1 day (1) (3) © 2010 Oberthur Technologies November 20, 2018

33 Expertise Identification Exploitation Layman Proficient 2 Expert 5 4
Factor Comment Identification Exploitation Elapsed Time Expertise Knowledge of TOE Access to TOE Equipment Open Sample / Known Key Points Sub Total Total Identification Exploitation Layman Proficient 2 Expert 5 4 Multiple Expert 7 6 © 2010 Oberthur Technologies November 20, 2018

34 Expertise Layman No particular expertise Proficient Familiar with
• security behaviour, classical attacks Expert • Developers knowledge namely algorithms, protocols, hardware structures, principles and concepts of security • Techniques and tools for the definition of new attacks Equipment: The level of expertise depends on the degree to which tools require experience to drive them • Oscilloscope • Optical Microscope • Chemistry (etching, grinding),Microprober • Laser Cutter, Radiation • Plasma (etching, grinding), Focused Ion Beam (FIB) • Scanning Electron Microscope (SEM) • Atomic Force Microscope (AFM) Knowledge: The level of expertise depends on knowledge of • Common Product information • Common Algorithms, Protocols • Common Cryptography • DPA, DFA, DEMA • Reverse Engineering • Smartcard specific hardware structures • Principles and concepts of security • Developers knowledge © 2010 Oberthur Technologies November 20, 2018

35 Expertise Identification Exploitation Layman Proficient 2 Expert 5 4
Factor Comment Identification Exploitation Elapsed Time Expertise Knowledge of TOE Access to TOE Equipment Open Sample / Known Key Points Sub Total Total Identification Exploitation Layman Proficient 2 Expert 5 4 Multiple Expert 7 6 Expertise For Identification, the attacker must be an Expert for setting up the measurement and specifying the algorithms for further signal processing. Only a Proficient attacker is required when the attack is repeated in the Exploitation phase. Expert (5) Proficient (2) © 2010 Oberthur Technologies November 20, 2018

36 Very critical hardware design
Knowledge of the TOE Factor Comment Identification Exploitation Elapsed Time Expertise Knowledge of TOE Access to TOE Equipment Open Sample / Known Key Points Sub Total Total Identification Exploitation Public Restricted 2 Sensitive 4 3 Critical 6 5 Very critical hardware design 9 NA © 2010 Oberthur Technologies November 20, 2018

37 Knowledge of the TOE Public Information in the public domain
Restricted This corresponds to assets which are passed about during the various phases of smartcard development. Suitable examples might be the functional specification, guidance documentation or administrative documents usually prepared for smartcard issuers/customers. Sensitive HLD and LLD information. Critical Implementation representation (Design and Source Code). Very critical The designs of modern ICs involves not only huge data bases but also sophisticated bespoke tools. Therefore, the access to useful data requires an enormous and time consuming effort which would make detection likely even with the support from an insider. © 2010 Oberthur Technologies November 20, 2018

38 Knowledge of the TOE Identification Exploitation Public Restricted 2
Factor Comment Identification Exploitation Elapsed Time Expertise Knowledge of TOE Access to TOE Equipment Open Sample / Known Key Points Sub Total Total Identification Exploitation Public Restricted 2 Sensitive 4 3 Critical 6 5 Very critical 9 NA Knowledge of TOE No knowledge of the TOE is necessary Public (0) © 2010 Oberthur Technologies November 20, 2018

39 Access to TOE Identification Exploitation < 10 samples
Factor Comment Identification Exploitation Elapsed Time Expertise Knowledge of TOE Access to TOE Equipment Open Sample / Known Key Points Sub Total Total Identification Exploitation < 10 samples < 100 samples 2 4 > 100 samples 3 6 Not practical * Not practical: identification: > min(2000, n/(1+log(n)2)) exploitation: > min(500, n/(1+log(n)3)) Access to TOE Only a single TOE is required. < 10 Samples (0) © 2010 Oberthur Technologies November 20, 2018

40 Equipment Identification Exploitation None Standard 1 2 Specialized 3
Factor Comment Identification Exploitation Elapsed Time Expertise Knowledge of TOE Access to TOE Equipment Open Sample / Known Key Points Sub Total Total Identification Exploitation None Standard 1 2 Specialized 3 4 Bespoke 5 6 Multiple Bespoke 7 8 © 2010 Oberthur Technologies November 20, 2018

41 Equipment Tool Equipment Scanning electron microscope (SEM) Bespoke
UV-light emitter Standard Flash light Low-end visible-light microscope Climate chamber Voltage supply Analogue oscilloscope Chip card reader PC or work station Signal analysis software Signal generation software High-end visible-light microscope and camera Specialized UV light microscope and camera Micro-probe Workstation Laser equipment Signal and function processor High-end digital oscilloscope Signal analyzer Tools for chemical etching (wet) Tools for chemical etching (plasma) Tools for grinding Tool Equipment Scanning electron microscope (SEM) Bespoke E-beam tester Atomic Force Microscope (AFM) Focused Ion Beam (FIB) New Tech Design Verification and Failure Analysis Tools © 2010 Oberthur Technologies November 20, 2018

42 Equipment Factor Comment Identification Exploitation Elapsed Time Expertise Knowledge of TOE Access to TOE Equipment Open Sample / Known Key Points Sub Total Total Identification Exploitation None Standard 1 2 Specialized 3 4 Bespoke 5 6 Multiple Bespoke 7 8 Equipment The equipment includes dedicated equipment built to collect the power traces, a high-end digital oscilloscope, and non-standard, home-grown DPA analysis software. Specialized (3) (4) © 2010 Oberthur Technologies November 20, 2018

43 Open Samples & Samples with known secrets
Factor Comment Identification Exploitation Elapsed Time Expertise Knowledge of TOE Access to TOE Equipment Open Sample / Known Key Points Sub Total Total Identification phase only PUBLIC or not required RESTRICTED SENSITIVE CRITICAL Open Samples 2 4 6 Samples with known secret Open Samples: Devices on which the attacker can load its own code Samples with known secrets: Devices containing the algorithm to evaluate using a key which is known (but not chosen) Open Sample / Known Key No open samples nor Samples with known key are required to mount such an attack Public (0) NA © 2010 Oberthur Technologies November 20, 2018

44 Final rating of DPA on DES
Factor Comment Identification Exploitation Elapsed Time 20,000 traces takes about 3 hours. Signal analysis and running the DPA analysis software will take a few hours < 1 day (1) (3) Expertise For Identification, the attacker must be an Expert for setting up the measurement and specifying the algorithms for further signal processing. Only a Proficient attacker is required when the attack is repeated in the Exploitation phase. Expert (5) Proficient (2) Knowledge of TOE No knowledge of the TOE is necessary Public (0) Access to TOE Only a single TOE is required. < 10 Samples Equipment The equipment includes dedicated equipment built to collect the power traces, a high-end digital oscilloscope, and non-standard, home-grown DPA analysis software. Specialized (4) Open Sample / Known Key No open samples nor Samples with known key are required to mount such an attack NA Points Sub Total 9 Total 18 VAN.2 © 2010 Oberthur Technologies November 20, 2018

45 2ODPA on 1ODPA-resistant DES
Countermeasure : Boolean masking + Table recomputation Factor Comment Identification Exploitation Elapsed Time Pure data collection of the minimum 150,000 examples takes less than 1 day (assuming 24 hours/day collection with 0.5 seconds per example). In reality, such data collection sessions are likely to need to be repeated as part of the development of the attack. Using sufficient pre-processing and the adjustment of the higher order analysis also require planning, execution and analysis time. < 1 week (2) (4) Expertise For identification, the attacker must be an Expert and capable of deriving new attacks, since the higher order analysis must be adjusted based on the implementation and the countermeasures. Only a Proficient attacker is required when the attack is repeated in the Exploitation phase. Expert (5) Proficient Knowledge of TOE Since the possible vulnerability is identified using sensitive design knowledge is assumed for the identification phase. Since the script used for the exploitation "includes" all information no further knowledge is required for the exploitation. Sensitive Public (0) Access to TOE Only a single card is required. < 10 Samples Equipment The equipment includes equipment built to collect the power data, a digital oscilloscope, and analysis software based on a ‘typical’ home-developed DPA tool. Specialized (3) Open Sample / Known Key It is assumed that samples with known key are managed accordingly. NA Points Sub Total 18 10 Total 28 VAN.4 © 2010 Oberthur Technologies November 20, 2018

46 2ODFA on 1ODFA-resistant DES
Countermeasure : DES + DES-1 followed by a verification Factor Comment Identification Exploitation Elapsed Time Sample preparation is needed and a straightforward setup is sufficient. Localization in space and time is not obvious but is still simple (no complex desynchronisation between both computations). < 1 week (2) (4) Expertise A multiple fault injection is necessary as well as a very precise synchronisation to obtain exactly the same error on both computations justifying the need of a expert for identification and expert for the exploitation step. Expert (5) Knowledge of TOE Since the possible vulnerability is identified using sensitive design knowledge is assumed for the identification phase. Since the script used for the exploitation "includes" all information no further knowledge is required for the exploitation. Sensitive Public (0) Access to TOE If a bad comparison detected by the device leads to a loss a functionality, the attack needs more than 10 samples < 100 Samples Equipment Fault injection equipment based on a laser. Specialized (3) Open Sample / Known Key No open samples are required. NA Points Sub Total 16 Total 32 VAN.5 © 2010 Oberthur Technologies November 20, 2018

47 Do we need to take Profiled Attacks into account?
Factor Comment Identification Exploitation Elapsed Time ? Expertise For identification, the attacker must be an Expert and capable of deriving new attacks, since Profiled Attacks must be adjusted based on the implementation and the countermeasures. Only a Proficient attacker is required when the attack is repeated in the Exploitation phase. Expert (5) Proficient (2) Knowledge of TOE Since the possible vulnerability is identified using sensitive design knowledge is assumed for the identification phase. Since the script used for the exploitation "includes" all information no further knowledge is required for the exploitation. Critical (6) Public (0) Access to TOE Only one device is required < 10 Samples Open Sample / Known Key Open samples are required to perform the profiling Sensitive (4) NA Equipment The equipment includes equipment built to collect the power data, a digital oscilloscope, and analysis software based on a ‘typical’ home-developed DPA tool. Specialized (3) Points Sub Total 18 6 Total 24 No if Time  7 points. For instance : > 1 week in identification > 1 day in exploitation © 2010 Oberthur Technologies November 20, 2018

48 Third Conclusion Don’t need to take all possible attacks into account
FA rated as more powerful than PA/EMA since : it requires a higher expertise the card can detect such attacks and thus kill itself From an industrial point of view, the objective is to resist a high potential attacker to obtain the certification and to reach the best performances in terms of timings and memory consumption. However, our objective is also to resist a high potential attacker over the next few years and to avoid that a hacker breaks one of our products and publishes the result in the news © 2010 Oberthur Technologies November 20, 2018

49 Final Conclusion & Perspectives
Not always easy to protect a software against 1O-SCA Difficult to put HO-SCA in practice Impossible to perform in practice every possible attack on an implementation Attacks rating: FA has a higher rate than PA / EMA Profiled attacks must be taken into account but their field of action is very limited Perspectives: Without profiling, propose efficient methods to select points of interest to mount efficient HO-SCA in practice Propose efficient synchronisation methods, efficient in terms of information loss and in terms of performances How to compare 2 attacks ? JIL quotation? © 2010 Oberthur Technologies November 20, 2018

50 Any Questions ? © 2010 Oberthur Technologies November 20, 2018

Download ppt "Practical Difficulties of Physical Attacks"

Similar presentations

Smart Card security analysis Smart Card security analysis Marc Witteman, TNO.

Smart Card security analysis Smart Card security analysis Marc Witteman, TNO.
CRT RSA Algorithm Protected Against Fault Attacks WISTP - 5/10/07 Arnaud BOSCHER Spansion EMEA Robert NACIRI Oberthur Card Systems Emmanuel PROUFF Oberthur.

CRT RSA Algorithm Protected Against Fault Attacks WISTP - 5/10/07 Arnaud BOSCHER Spansion EMEA Robert NACIRI Oberthur Card Systems Emmanuel PROUFF Oberthur.
G53SEC 1 Hardware Security The (slightly) more tactile side of security.

G53SEC 1 Hardware Security The (slightly) more tactile side of security.
Low Cost Attack on Tamper Resistant Devices Ross Anderson, Markus Kuhn Songpol Manoonpong.

Low Cost Attack on Tamper Resistant Devices Ross Anderson, Markus Kuhn Songpol Manoonpong.
Physical Unclonable Functions and Applications

Physical Unclonable Functions and Applications
White-Box Cryptography

White-Box Cryptography
Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.

Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.
Khaled A. Al-Utaibi  Computers are Every Where  What is Computer Engineering?  Design Levels  Computer Engineering Fields  What.

Khaled A. Al-Utaibi  Computers are Every Where  What is Computer Engineering?  Design Levels  Computer Engineering Fields  What.
1 Authors: MILENA STANOJLOVIĆ PREDRAG PETKOVIĆ LABORATORY FOR ELECTRONIC DESIGN AUTOMATION Faculty of Electronic Engineering University of Nis.

1 Authors: MILENA STANOJLOVIĆ PREDRAG PETKOVIĆ LABORATORY FOR ELECTRONIC DESIGN AUTOMATION Faculty of Electronic Engineering University of Nis.
Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea 34901784 443099

Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea
Side-Channel Attacks on Smart Cards. Timing Analysis Cryptosystems take different amount of time to process different inputs. Performance optimisations.

Side-Channel Attacks on Smart Cards. Timing Analysis Cryptosystems take different amount of time to process different inputs. Performance optimisations.
Hardware Basics: Inside the Box 2  2001 Prentice Hall2.2 Chapter Outline “There is no invention – only discovery.” Thomas J. Watson, Sr. What Computers.

Hardware Basics: Inside the Box 2  2001 Prentice Hall2.2 Chapter Outline “There is no invention – only discovery.” Thomas J. Watson, Sr. What Computers.
Radu Muresan CODES+ISSS'04, September 8-10, 2004, Stockholm, Sweden1 Current Flattening in Software and Hardware for Security Applications Authors: R.

Radu Muresan CODES+ISSS'04, September 8-10, 2004, Stockholm, Sweden1 Current Flattening in Software and Hardware for Security Applications Authors: R.
PH4705/ET4305: A/D: Analogue to Digital Conversion

PH4705/ET4305: A/D: Analogue to Digital Conversion
Automatic Application of Power Analysis Countermeasures Ali Galip Bayrak Francesco Regazzoni David Novo Philip Brisk François-Xavier Standaert Paolo Ienne.

Automatic Application of Power Analysis Countermeasures Ali Galip Bayrak Francesco Regazzoni David Novo Philip Brisk François-Xavier Standaert Paolo Ienne.
SIDE CHANNEL ATTACKS Presented by: Vishwanath Patil Abhay Jalisatgi.

SIDE CHANNEL ATTACKS Presented by: Vishwanath Patil Abhay Jalisatgi.
What Exactly are the Techniques of Software Verification and Validation www.softwaretestinggenius.com A Storehouse of Vast Knowledge on Software Testing.

What Exactly are the Techniques of Software Verification and Validation A Storehouse of Vast Knowledge on Software Testing.
Cryptography Week-6.

Cryptography Week-6.
TESTING.

TESTING.
Linear Fault Analysis of Block Ciphers Zhiqiang Liu 1, Dawu Gu 1, Ya Liu 1, Wei Li 2 1. Shanghai Jiao Tong University 2. Donghua University ACNS 2012 June.

Linear Fault Analysis of Block Ciphers Zhiqiang Liu 1, Dawu Gu 1, Ya Liu 1, Wei Li 2 1. Shanghai Jiao Tong University 2. Donghua University ACNS 2012 June.

Similar presentations

Ads by Google