R.L. Lagendijk
Please Note
15 records found
1
Strive to Fail
Deep Learning-based Side-channel Analysis for Evaluators
Although cryptographic algorithms are designed to be mathematically secure, their physical implementations can introduce vulnerabilities. When cryptographic algorithms run on hardware, devices unintentionally leak information through side channels such as power consumption, electromagnetic radiation, and timing behavior. These leakages can be exploited through side-channel analysis to recover secret information, including cryptographic keys.
Security evaluation laboratories assess the resistance of cryptographic implementations against such attacks. However, this process is costly and must strike a balance between thoroughness and practical limitations on time, budget, data, and computational resources. Deep learning-based side-channel analysis (DL-SCA) is attractive in this context because neural networks can learn leakage characteristics directly from traces, reducing the need for manual preprocessing and explicit statistical assumptions. At the same time, deep learning introduces new costs, caused by sensitivity to neural network hyperparameter selection, instability, and overfitting in its training process.
The central problem addressed in this thesis is the tension between the benefits and costs of deep learning in side-channel evaluation. On the one hand, deep learning can reduce evaluation effort by relaxing assumptions about leakage models and reducing dependence on known data. On the other hand, it can make evaluation more expensive due to model selection, hyperparameter tuning, and the risk of overfitting. This thesis investigates how DL-SCA can be made more practical, reliable, and cost-effective for security evaluation workflows.
To this end, the thesis studies several strategies for improving DL-SCA without relying on excessive hyperparameter tuning. It examines the impact of increasing the amount of training data, regularization techniques, and ensemble learning. These approaches aim to improve generalization, robustness, and attack stability under realistic evaluation constraints. The thesis also investigates two deep learning approaches that relax major assumptions in classical SCA: leakage model-flexible DL-SCA, which avoids relying on fixed leakage models such as Hamming weight or identity, and deep learning-based blind SCA, which reduces dependence on plaintext or ciphertext by learning from noisy labels. ...
Although cryptographic algorithms are designed to be mathematically secure, their physical implementations can introduce vulnerabilities. When cryptographic algorithms run on hardware, devices unintentionally leak information through side channels such as power consumption, electromagnetic radiation, and timing behavior. These leakages can be exploited through side-channel analysis to recover secret information, including cryptographic keys.
Security evaluation laboratories assess the resistance of cryptographic implementations against such attacks. However, this process is costly and must strike a balance between thoroughness and practical limitations on time, budget, data, and computational resources. Deep learning-based side-channel analysis (DL-SCA) is attractive in this context because neural networks can learn leakage characteristics directly from traces, reducing the need for manual preprocessing and explicit statistical assumptions. At the same time, deep learning introduces new costs, caused by sensitivity to neural network hyperparameter selection, instability, and overfitting in its training process.
The central problem addressed in this thesis is the tension between the benefits and costs of deep learning in side-channel evaluation. On the one hand, deep learning can reduce evaluation effort by relaxing assumptions about leakage models and reducing dependence on known data. On the other hand, it can make evaluation more expensive due to model selection, hyperparameter tuning, and the risk of overfitting. This thesis investigates how DL-SCA can be made more practical, reliable, and cost-effective for security evaluation workflows.
To this end, the thesis studies several strategies for improving DL-SCA without relying on excessive hyperparameter tuning. It examines the impact of increasing the amount of training data, regularization techniques, and ensemble learning. These approaches aim to improve generalization, robustness, and attack stability under realistic evaluation constraints. The thesis also investigates two deep learning approaches that relax major assumptions in classical SCA: leakage model-flexible DL-SCA, which avoids relying on fixed leakage models such as Hamming weight or identity, and deep learning-based blind SCA, which reduces dependence on plaintext or ciphertext by learning from noisy labels.
Human Insight vs. Artificial Intelligence: A Thematic Analysis
Comparing Manual and LLM Approaches to Understanding How Smokers Experience Preparatory Activities in a Digital Cessation Intervention
Cryptosystems for Secure and Efficient Cloud Services
From Key Management, Secure Computing, and Search Functionality
This thesis investigates cryptographic solutions for secure and efficient cloud services, addressing key challenges in security, efficiency, and functionality. We focus on three core areas: updatable encryption (UE) to ensure long-termsecurity for stored data, fully homomorphic encryption (FHE) for efficient computation over encrypted data, and searchable encryption (SE) to maintain search functionality over outsourced encrypted data.... ...
This thesis investigates cryptographic solutions for secure and efficient cloud services, addressing key challenges in security, efficiency, and functionality. We focus on three core areas: updatable encryption (UE) to ensure long-termsecurity for stored data, fully homomorphic encryption (FHE) for efficient computation over encrypted data, and searchable encryption (SE) to maintain search functionality over outsourced encrypted data....
Towards Robust Deep Learning
Deep Latent Variable Modeling against Out-of-Distribution and Adversarial Inputs
A central insight of this work is that algorithmic stability plays a crucial role in generalizing to in-distribution data. Motivated by this, the thesis formulates a dual perspective on stability with respect to the hypotheses and explores whether this perspective facilitates the separation of problematic inputs under two main lenses: epistemic uncertainty estimation and the choice of an appropriate inductive bias. By grounding our approach in generative modeling with a latent variable based on an information bottleneck and, specifically, employing Variational Autoencoders (VAEs), we first leverage Bayesian inference over model parameters to estimate the model’s uncertainty with respect to a particular input. Second, we investigate the required properties of both VAE maps and latent representations from a topological perspective. This reveals how OoD inputs predominantly map onto empty regions — or “holes” — in the latent manifold. Finally, we discover that adversarial examples likewise exhibit similar behavior. This finding is then used to craft new scoring functions that reliably distinguish between inliers, outliers, and adversarial attacks. ...
A central insight of this work is that algorithmic stability plays a crucial role in generalizing to in-distribution data. Motivated by this, the thesis formulates a dual perspective on stability with respect to the hypotheses and explores whether this perspective facilitates the separation of problematic inputs under two main lenses: epistemic uncertainty estimation and the choice of an appropriate inductive bias. By grounding our approach in generative modeling with a latent variable based on an information bottleneck and, specifically, employing Variational Autoencoders (VAEs), we first leverage Bayesian inference over model parameters to estimate the model’s uncertainty with respect to a particular input. Second, we investigate the required properties of both VAE maps and latent representations from a topological perspective. This reveals how OoD inputs predominantly map onto empty regions — or “holes” — in the latent manifold. Finally, we discover that adversarial examples likewise exhibit similar behavior. This finding is then used to craft new scoring functions that reliably distinguish between inliers, outliers, and adversarial attacks.
Decision Tree Learning
Algorithms for Robust Prediction and Policy Optimization
Decision trees were popularized in the 1980s and extensively studied, but there is still room for improvement. The most popular algorithms for learning decision trees are fast but do not necessarily lead to the best performance. They are not robust, meaning tiny changes in the data can negatively influence the quality of their predictions. Also, the existing algorithms cannot be directly applied to problems where multiple sequential predictions have to be made. Therefore, this dissertation studies several techniques for learning decision trees for robustness and sequential decision making problems.
In Part I of the dissertation, we consider the problem of optimizing decision trees to make good predictions while being robust to small changes in the data. In Chapter 4, we tackle the problem of learning good decision trees quickly in this setting. We improved the runtime of an existing algorithm by speeding up one of the key operations. In Chapter 5, we solve the problem of finding the best possible robust decision tree. The idea is to formulate the problem as an Integer-Linear Program, a special mathematical problem that can be solved with highly optimized algorithms. In Chapter 6, we propose a method that allows learning of models that are more flexible in terms of robustness, i.e., by allowing data changes in different shapes. To create an efficient algorithm, we optimize only the model’s predictions, not the model’s question part. Finally, in Chapter 7, we use techniques for improving data privacy to enable robustness against another kind of data change: someone adding or removing data.
Part II of this dissertation is about sequential decision making problems. In these settings, we control a device or agent that tries to achieve some goal in a potentially uncertain environment. Sequential decision making problems are significantly different from the supervised learning problems considered in Part I since the data is not pre-collected. This class of problems encompasses many real-life problems; one of the simplest of those could be a thermostat that measures the temperature in a room and needs to decide whether to turn a heater on or off constantly. Highly complex problems such as self-driving cars can be modeled similarly. We aim to find a controller represented by a simple decision tree for such problems. Such a controller is called a policy, and by representing it with a small decision tree, humans can understand it. In Chapter 9, we assume that we have a perfect mathematical description of the problem and use it to find the best possible decision tree via Integer Programming techniques. Later in Chapter 10, we assume that we can only interact with the environment and do not have a mathematical description of the problem. In this setting, we find good policies by iteratively updating the tree to achieve better scores using gradient information.
In our research, we have developed various algorithms for learning decision trees in settings that are hard to optimize with existing methods: robust predictions and sequential decision making. We hope that our work on decision tree learning for these settings allows human-understandable machine learning to be used in more real applications in the future. By improving model understanding and robustness, we aim to enable machine learning systems that humans can trust.
...
Decision trees were popularized in the 1980s and extensively studied, but there is still room for improvement. The most popular algorithms for learning decision trees are fast but do not necessarily lead to the best performance. They are not robust, meaning tiny changes in the data can negatively influence the quality of their predictions. Also, the existing algorithms cannot be directly applied to problems where multiple sequential predictions have to be made. Therefore, this dissertation studies several techniques for learning decision trees for robustness and sequential decision making problems.
In Part I of the dissertation, we consider the problem of optimizing decision trees to make good predictions while being robust to small changes in the data. In Chapter 4, we tackle the problem of learning good decision trees quickly in this setting. We improved the runtime of an existing algorithm by speeding up one of the key operations. In Chapter 5, we solve the problem of finding the best possible robust decision tree. The idea is to formulate the problem as an Integer-Linear Program, a special mathematical problem that can be solved with highly optimized algorithms. In Chapter 6, we propose a method that allows learning of models that are more flexible in terms of robustness, i.e., by allowing data changes in different shapes. To create an efficient algorithm, we optimize only the model’s predictions, not the model’s question part. Finally, in Chapter 7, we use techniques for improving data privacy to enable robustness against another kind of data change: someone adding or removing data.
Part II of this dissertation is about sequential decision making problems. In these settings, we control a device or agent that tries to achieve some goal in a potentially uncertain environment. Sequential decision making problems are significantly different from the supervised learning problems considered in Part I since the data is not pre-collected. This class of problems encompasses many real-life problems; one of the simplest of those could be a thermostat that measures the temperature in a room and needs to decide whether to turn a heater on or off constantly. Highly complex problems such as self-driving cars can be modeled similarly. We aim to find a controller represented by a simple decision tree for such problems. Such a controller is called a policy, and by representing it with a small decision tree, humans can understand it. In Chapter 9, we assume that we have a perfect mathematical description of the problem and use it to find the best possible decision tree via Integer Programming techniques. Later in Chapter 10, we assume that we can only interact with the environment and do not have a mathematical description of the problem. In this setting, we find good policies by iteratively updating the tree to achieve better scores using gradient information.
In our research, we have developed various algorithms for learning decision trees in settings that are hard to optimize with existing methods: robust predictions and sequential decision making. We hope that our work on decision tree learning for these settings allows human-understandable machine learning to be used in more real applications in the future. By improving model understanding and robustness, we aim to enable machine learning systems that humans can trust.
While deep learning offers substantial benefits, it faces security challenges stemming from potentially unreliable models and untrustworthy training data. Such vulnerabilities can compromise model functionality through maliciously perturbed inputs or by introducing model Trojans, where adversaries embed triggers in input data to activate harmful behaviors.
Despite significant research on adversarial and backdoor attacks, along with their countermeasures in various deep learning systems, there remains a critical demand for innovative technical solutions to mitigate persistent vulnerabilities and bolster the security and robustness of these systems.
This thesis addresses three key security challenges, including (1) low attack robustness against common image transformations and anomaly frequency perturbations in backdoor triggers under centralized learning; (2) anomaly backdoor features and parameters introduced by current attack methods under decentralized learning; and (3) the significant drop in both clean and robust accuracy caused by global image restoration using diffusion models in adversarial purification.
In examining the vulnerabilities of centralized deep learning systems, Chapter 2 focuses on backdoor attacks against CNNs and Transformers as a malicious data provider. The thesis leverages an evolutionary algorithm to optimize the frequency properties of the designed trigger to maximize attack effectiveness, robustness against image transformation operations, and stealthiness in dual space under the black-box setting.
In investigating the security issues in the decentralized scenarios, Chapters 3 and 4 focuses on backdoor attacks against federated learning from the perspective of a malicious client. In Chapter 3, we propose a backdoor attack to disguise malicious updates of the adversary as benign at the parameter level by backdoor neuron constraint and model camouflage. In Chapter 4, we utilize the power of generative adversarial networks to produce stealthy and flexible triggers that minimize the representation distance between poisoned and benign samples.
To enhance the security of deep learning through data perspective, the thesis focuses on adversarial purification to improve the model robustness against adversarial attacks. In Chapter 5, we identify perturbed image regions through multi-scale superpixel segmentation and occlusion analysis, subsequently using diffusion models for in painting while maintaining visual consistency. ...
While deep learning offers substantial benefits, it faces security challenges stemming from potentially unreliable models and untrustworthy training data. Such vulnerabilities can compromise model functionality through maliciously perturbed inputs or by introducing model Trojans, where adversaries embed triggers in input data to activate harmful behaviors.
Despite significant research on adversarial and backdoor attacks, along with their countermeasures in various deep learning systems, there remains a critical demand for innovative technical solutions to mitigate persistent vulnerabilities and bolster the security and robustness of these systems.
This thesis addresses three key security challenges, including (1) low attack robustness against common image transformations and anomaly frequency perturbations in backdoor triggers under centralized learning; (2) anomaly backdoor features and parameters introduced by current attack methods under decentralized learning; and (3) the significant drop in both clean and robust accuracy caused by global image restoration using diffusion models in adversarial purification.
In examining the vulnerabilities of centralized deep learning systems, Chapter 2 focuses on backdoor attacks against CNNs and Transformers as a malicious data provider. The thesis leverages an evolutionary algorithm to optimize the frequency properties of the designed trigger to maximize attack effectiveness, robustness against image transformation operations, and stealthiness in dual space under the black-box setting.
In investigating the security issues in the decentralized scenarios, Chapters 3 and 4 focuses on backdoor attacks against federated learning from the perspective of a malicious client. In Chapter 3, we propose a backdoor attack to disguise malicious updates of the adversary as benign at the parameter level by backdoor neuron constraint and model camouflage. In Chapter 4, we utilize the power of generative adversarial networks to produce stealthy and flexible triggers that minimize the representation distance between poisoned and benign samples.
To enhance the security of deep learning through data perspective, the thesis focuses on adversarial purification to improve the model robustness against adversarial attacks. In Chapter 5, we identify perturbed image regions through multi-scale superpixel segmentation and occlusion analysis, subsequently using diffusion models for in painting while maintaining visual consistency.
Side-Channel Analysis with Deep Learning
An Evergrowing Ally in Hardware Security Evaluation
While traditional SCA attacks rely on a cryptanalyst’s expertise to extract features from the leakages of one or multiple traces and analyze their observations through statistical methods to recover the secret key. Deep Learning-based Side- Channel Analysis (DLSCA) attacks bring a new perspective to the field. DLSCA attacks rely on automating feature extraction using a task-specific algorithm. For most DLSCA attacks, an expert is still needed, but the expert’s work is shifted to training this algorithm. Among the different deep learning architectures, the most used in DLSCA are the Multilayer Perceptron (MLP) and the Convolutional Neural Networks (CNN). Those methods are Neural Networks (NN) trained to find patterns in a collected dataset of side-channel traces to recover the secret key given a proper tuning of their hyperparameters and a successful training process.
This thesis investigates the use of deep learning in side-channel analysis of symmetric and public-key cryptography and other applications of side-channel analysis. We go through the application of DLSCA for implementations of AES and ASCON in symmetric cryptography and EdDSA in public-key cryptography. We also explore the use of deep learning to enhance TEMPEST-like side-channel analysis and the use of side-channel analysis to reverse engineer neural networks.
The main contributions of this thesis are as follows. First, we show the performances that can reach a MLP on a dataset of an AES implementation protected with a masking countermeasure. We demonstrate that MLP can defeat the masking countermeasure and recover the secret key with a high success rate for many configurations of hyperparameters and power intermediate models and even with very few parameters.
Second, we present an application of CNN in the side-channel analysis of the lightweight authenticated encryption algorithm ASCON on a 32-bit microcontroller. We demonstrate that the reference implementation is vulnerable to DLSCA attacks and that the same attack can be applied to a masked implementation but cannot completely recover the secret key.
Third, we propose a single-trace attack on the ephemeral key of EdDSA on the elliptic curve 25519. We show that the attack can recover the secret key from a single execution of an implementation on a 32-bit microcontroller. This attack is based on a CNN, and we demonstrate that, of the other profiling methods explored, the CNN is the most efficient for this attack. Furthermore, we systematize this attack and show that it can be applied to a different target and implement countermeasures against side-channel analysis.
Finally, we demonstrate the use of side-channel analysis and deep learning in different applications than cryptographic implementations. We present a methodology to evaluate TEMPEST attacks using deep learning. We focus the analysis of the electromagnetic emanations of mobile devices without visual line of sight, to build a testbed with a standard setup that can be used to test different attacker models. A second application is the use of side-channel analysis to reverse engineer neural networks on GPU. We show that side-channel analysis of the electromagnetic emanations of a GPU can be used to recover several hyperparameters of a neural network during the inference phase.
Our main research goal is to apply deep learning to side-channel analysis to develop new attacks for existing implementations and countermeasures, and we believe that this thesis is a step in that direction regarding the aforementioned contributions. We also believe that the reading of this thesis will shine the light on the potential of deep learning in side-channel analysis and inspire future research in this field to help to secure the electronics of tomorrow. ...
While traditional SCA attacks rely on a cryptanalyst’s expertise to extract features from the leakages of one or multiple traces and analyze their observations through statistical methods to recover the secret key. Deep Learning-based Side- Channel Analysis (DLSCA) attacks bring a new perspective to the field. DLSCA attacks rely on automating feature extraction using a task-specific algorithm. For most DLSCA attacks, an expert is still needed, but the expert’s work is shifted to training this algorithm. Among the different deep learning architectures, the most used in DLSCA are the Multilayer Perceptron (MLP) and the Convolutional Neural Networks (CNN). Those methods are Neural Networks (NN) trained to find patterns in a collected dataset of side-channel traces to recover the secret key given a proper tuning of their hyperparameters and a successful training process.
This thesis investigates the use of deep learning in side-channel analysis of symmetric and public-key cryptography and other applications of side-channel analysis. We go through the application of DLSCA for implementations of AES and ASCON in symmetric cryptography and EdDSA in public-key cryptography. We also explore the use of deep learning to enhance TEMPEST-like side-channel analysis and the use of side-channel analysis to reverse engineer neural networks.
The main contributions of this thesis are as follows. First, we show the performances that can reach a MLP on a dataset of an AES implementation protected with a masking countermeasure. We demonstrate that MLP can defeat the masking countermeasure and recover the secret key with a high success rate for many configurations of hyperparameters and power intermediate models and even with very few parameters.
Second, we present an application of CNN in the side-channel analysis of the lightweight authenticated encryption algorithm ASCON on a 32-bit microcontroller. We demonstrate that the reference implementation is vulnerable to DLSCA attacks and that the same attack can be applied to a masked implementation but cannot completely recover the secret key.
Third, we propose a single-trace attack on the ephemeral key of EdDSA on the elliptic curve 25519. We show that the attack can recover the secret key from a single execution of an implementation on a 32-bit microcontroller. This attack is based on a CNN, and we demonstrate that, of the other profiling methods explored, the CNN is the most efficient for this attack. Furthermore, we systematize this attack and show that it can be applied to a different target and implement countermeasures against side-channel analysis.
Finally, we demonstrate the use of side-channel analysis and deep learning in different applications than cryptographic implementations. We present a methodology to evaluate TEMPEST attacks using deep learning. We focus the analysis of the electromagnetic emanations of mobile devices without visual line of sight, to build a testbed with a standard setup that can be used to test different attacker models. A second application is the use of side-channel analysis to reverse engineer neural networks on GPU. We show that side-channel analysis of the electromagnetic emanations of a GPU can be used to recover several hyperparameters of a neural network during the inference phase.
Our main research goal is to apply deep learning to side-channel analysis to develop new attacks for existing implementations and countermeasures, and we believe that this thesis is a step in that direction regarding the aforementioned contributions. We also believe that the reading of this thesis will shine the light on the potential of deep learning in side-channel analysis and inspire future research in this field to help to secure the electronics of tomorrow.
In data processing, we focus on data anonymization and location data perturbation in supply chains. Data de-identification is essential to comply with privacy laws, such as GDPR, before possible sharing or analysis. We propose an anonymization algorithm by combining differential privacy and k-anonymity to achieve stronger privacy guarantees or better data utility than using them alone. Meanwhile, we consider trajectory hiding under possible attacks and real maps, which propose a more practical solution to share trajectory data under privacy protection.
In data management, we address secure data sharing with cryptographic protocols. Data sharing is vital in data management to advance collaboration and knowledge. However, possible data breaches and malicious inputs can lead to potential financial loss and identity theft. In this thesis, we propose a framework for sharing logistic data in a privacy-preserving way using blockchain and cryptographic protocols. Differential privacy is applied to anonymize data, while cryptographic protocols enhance privacy during data transmission.
In data analysis, we pay attention to privacy-preserving machine learning. Machine learning models are usually trained on large datasets which may contain sensitive personal information. It is important to consider privacy protection during the training and utilization of models. We use differential privacy and secure multi-party computation techniques to design a framework for collaborative learning among multiple parties against inference attacks. Also, we utilize zero-knowledge proof to validate model integrity without leaking the model. ...
In data processing, we focus on data anonymization and location data perturbation in supply chains. Data de-identification is essential to comply with privacy laws, such as GDPR, before possible sharing or analysis. We propose an anonymization algorithm by combining differential privacy and k-anonymity to achieve stronger privacy guarantees or better data utility than using them alone. Meanwhile, we consider trajectory hiding under possible attacks and real maps, which propose a more practical solution to share trajectory data under privacy protection.
In data management, we address secure data sharing with cryptographic protocols. Data sharing is vital in data management to advance collaboration and knowledge. However, possible data breaches and malicious inputs can lead to potential financial loss and identity theft. In this thesis, we propose a framework for sharing logistic data in a privacy-preserving way using blockchain and cryptographic protocols. Differential privacy is applied to anonymize data, while cryptographic protocols enhance privacy during data transmission.
In data analysis, we pay attention to privacy-preserving machine learning. Machine learning models are usually trained on large datasets which may contain sensitive personal information. It is important to consider privacy protection during the training and utilization of models. We use differential privacy and secure multi-party computation techniques to design a framework for collaborative learning among multiple parties against inference attacks. Also, we utilize zero-knowledge proof to validate model integrity without leaking the model.
Security evaluation and certification assess the product’s security features against industry best practices and regulatory standards. These processes aim to independently verify the claims made about the product’s security, fostering and maintaining trust among users. Given the evolving landscape of security threats and increasing security concerns, the need for more efficient and resource-effective security evaluations has become evident. Fault injection and side-channel analysis are commonly conducted as part of this assessment, and recent studies have demonstrated that integrating artificial intelligence (AI) methods can significantly enhance their performance. Moreover, this integration can provide more automated and optimized attacks for security evaluation.
This thesis aims to advance AI-based implementation attacks by investigating current AI frameworks, with the objective of improving the efficiency and effectiveness of these attacks across various scenarios. We target specific challenges within AI-based fault injection (AIFI) and deep learning-based SCA (DLSCA), addressing gaps in the current methodologies and proposing solutions that significantly impact their performance and efficiency. We focus on hyperparameter tuning of the utilized AI methods, portability of the attacks, and alternative evaluation metrics within the AI frameworks.
Hyperparameter tuning is critical but can be a time-intensive process. By investigating specific hyperparameters, we can identify those crucial for the performance, guiding a more efficient tuning process. This thesis focuses on initialization methods, revealing no universally optimal initialization method. Instead, we offer a strategic approach to selecting initialization methods that can lead to improved and more reliable performance in specific scenarios. Next, we provide practical AI-based solutions to enhance the portability of FI parameter search results across different samples of the same target and SCA profiling models across different public datasets (targets). This approach makes security evaluation more efficient by leveraging data and findings to expedite evaluations on other targets. Furthermore, this enables future efforts to develop universal methods to help standardize the AI-based implementation attacks for security evaluation. Lastly, we revisit and refine evaluation metrics within the AI-based implementation attacks, proposing new metrics better aligned with the considered objectives. We present new XIX XX SUMMARY metrics for evaluating the performance of AI-based FI parameter search to find distant vulnerable regions of the target alongside algorithms for this objective. On the other hand, we improve the training process of DLSCA by introducing a training scheme involving the redefinition of the labels and a metric that can evaluate the generality of the profiling model, enabling better assessment for early stopping and model tuning.
Through its exploration of AI-based implementation attacks, this thesis offers valuable insights and practical solutions that significantly enhance the field. By improving the efficiency and effectiveness of AI-based implementation attacks, this research not only aids security analysts but also offers a foundation for future standardization efforts of these attacks for security evaluation.
...
Security evaluation and certification assess the product’s security features against industry best practices and regulatory standards. These processes aim to independently verify the claims made about the product’s security, fostering and maintaining trust among users. Given the evolving landscape of security threats and increasing security concerns, the need for more efficient and resource-effective security evaluations has become evident. Fault injection and side-channel analysis are commonly conducted as part of this assessment, and recent studies have demonstrated that integrating artificial intelligence (AI) methods can significantly enhance their performance. Moreover, this integration can provide more automated and optimized attacks for security evaluation.
This thesis aims to advance AI-based implementation attacks by investigating current AI frameworks, with the objective of improving the efficiency and effectiveness of these attacks across various scenarios. We target specific challenges within AI-based fault injection (AIFI) and deep learning-based SCA (DLSCA), addressing gaps in the current methodologies and proposing solutions that significantly impact their performance and efficiency. We focus on hyperparameter tuning of the utilized AI methods, portability of the attacks, and alternative evaluation metrics within the AI frameworks.
Hyperparameter tuning is critical but can be a time-intensive process. By investigating specific hyperparameters, we can identify those crucial for the performance, guiding a more efficient tuning process. This thesis focuses on initialization methods, revealing no universally optimal initialization method. Instead, we offer a strategic approach to selecting initialization methods that can lead to improved and more reliable performance in specific scenarios. Next, we provide practical AI-based solutions to enhance the portability of FI parameter search results across different samples of the same target and SCA profiling models across different public datasets (targets). This approach makes security evaluation more efficient by leveraging data and findings to expedite evaluations on other targets. Furthermore, this enables future efforts to develop universal methods to help standardize the AI-based implementation attacks for security evaluation. Lastly, we revisit and refine evaluation metrics within the AI-based implementation attacks, proposing new metrics better aligned with the considered objectives. We present new XIX XX SUMMARY metrics for evaluating the performance of AI-based FI parameter search to find distant vulnerable regions of the target alongside algorithms for this objective. On the other hand, we improve the training process of DLSCA by introducing a training scheme involving the redefinition of the labels and a metric that can evaluate the generality of the profiling model, enabling better assessment for early stopping and model tuning.
Through its exploration of AI-based implementation attacks, this thesis offers valuable insights and practical solutions that significantly enhance the field. By improving the efficiency and effectiveness of AI-based implementation attacks, this research not only aids security analysts but also offers a foundation for future standardization efforts of these attacks for security evaluation.
Why does the machine punish?
The effects of the use of machine learning in criminal sentencing on the application of the theories of punishment
Statistical Analysis in Cyberspace
Data veracity, completeness, and clustering
Notwithstanding the interest and great effort, blockchain is still a new and evolving technology, and numerous challenges need to be addressed.
To name a few, security, privacy, scalability, smart contracts, and economic aspects with their manifold sub-challenges can be mentioned.Among the research challenges, in this thesis, we investigate three crucial ones for the long-term functionality of the Bitcoin-like blockchains, which are security, scalability, and economic aspects.Our works can be divided into two subjects: transaction propagation and payment channel networks.
Transaction propagation or advertisement refers to the dissemination of newly created transactions of clients in the mining network.In this thesis, we investigate the lack of incentives for transaction propagation and provide an incentive mechanism for peer-to-peer mining networks. Moreover, we focus on the inefficient routing of the transactions and propose a smart routing mechanism.
Payment channel networks (PCN) are promising layer-2 protocols aiming to improve the scalability of blockchains.In this thesis, we present three works on the PCNs.Firstly, we investigate the incentives to participate in multi-hop payments and propose a profit strategy that would encourage the use of PCNs.
Secondly, we propose the first Bitcoin-compatible virtual channel constructions on payment channels that improve the efficiency and availability of multi-hop payments. Finally, we introduce the first post-quantum PCN utilizing our post-quantum adaptor signature scheme. Our works mainly focus on Bitcoin and its PCN, Lightning Network, yet they can be applied to the blockchains and cryptocurrencies having similar characteristics. ...
Notwithstanding the interest and great effort, blockchain is still a new and evolving technology, and numerous challenges need to be addressed.
To name a few, security, privacy, scalability, smart contracts, and economic aspects with their manifold sub-challenges can be mentioned.Among the research challenges, in this thesis, we investigate three crucial ones for the long-term functionality of the Bitcoin-like blockchains, which are security, scalability, and economic aspects.Our works can be divided into two subjects: transaction propagation and payment channel networks.
Transaction propagation or advertisement refers to the dissemination of newly created transactions of clients in the mining network.In this thesis, we investigate the lack of incentives for transaction propagation and provide an incentive mechanism for peer-to-peer mining networks. Moreover, we focus on the inefficient routing of the transactions and propose a smart routing mechanism.
Payment channel networks (PCN) are promising layer-2 protocols aiming to improve the scalability of blockchains.In this thesis, we present three works on the PCNs.Firstly, we investigate the incentives to participate in multi-hop payments and propose a profit strategy that would encourage the use of PCNs.
Secondly, we propose the first Bitcoin-compatible virtual channel constructions on payment channels that improve the efficiency and availability of multi-hop payments. Finally, we introduce the first post-quantum PCN utilizing our post-quantum adaptor signature scheme. Our works mainly focus on Bitcoin and its PCN, Lightning Network, yet they can be applied to the blockchains and cryptocurrencies having similar characteristics.
The goal of this thesis is to implement a new state-merging heuristic which will speedup the state machine building procedure without a significant loss on the quality of the model, and use it to detect malicious host on network traffic data. The new state-merging heuristic is utilizing the Locality-sensitive Hashing concept to store the future traces of each state and simplify the consistency check for the merge of two states. The network traffic data used are in the NetFlow format, and they are encoded and converted into traces in order to build the state machine model and measure its performance. The state machine built is modeling a malicious behavior and used to classify other hosts.
We show that the models built can effectively detect the malicious hosts, with its performance being comparable to the one of a state-of-the-art model. At the same time, the time needed to build the model is much less when compared to the time needed by other state-merging heuristics. ...
The goal of this thesis is to implement a new state-merging heuristic which will speedup the state machine building procedure without a significant loss on the quality of the model, and use it to detect malicious host on network traffic data. The new state-merging heuristic is utilizing the Locality-sensitive Hashing concept to store the future traces of each state and simplify the consistency check for the merge of two states. The network traffic data used are in the NetFlow format, and they are encoded and converted into traces in order to build the state machine model and measure its performance. The state machine built is modeling a malicious behavior and used to classify other hosts.
We show that the models built can effectively detect the malicious hosts, with its performance being comparable to the one of a state-of-the-art model. At the same time, the time needed to build the model is much less when compared to the time needed by other state-merging heuristics.
CAML-IDS
A framework for the correct assessment of machine learning-based intrusion detection systems
Such methodologies include training and testing IDSs with unrealistic data and using uninformative metrics to determine performance. In this research, we perform a case study using one such IDS. This IDS is trained and evaluated using real network traffic collected from a real-world network. Additionally, we test its performance on actual attack traffic. This research demonstrates that an IDS that is trained with unrealistic data performs nowhere near as well as is claimed by the author when trained using real network traffic. Finally, we propose CAML-IDS, a framework for the correct assessment of machine learning-based intrusion detection systems. This framework can assist future IDS research by preventing incorrect evaluation, in turn preventing the formulation of incorrect research. ...
Such methodologies include training and testing IDSs with unrealistic data and using uninformative metrics to determine performance. In this research, we perform a case study using one such IDS. This IDS is trained and evaluated using real network traffic collected from a real-world network. Additionally, we test its performance on actual attack traffic. This research demonstrates that an IDS that is trained with unrealistic data performs nowhere near as well as is claimed by the author when trained using real network traffic. Finally, we propose CAML-IDS, a framework for the correct assessment of machine learning-based intrusion detection systems. This framework can assist future IDS research by preventing incorrect evaluation, in turn preventing the formulation of incorrect research.
Strape SDK
A gesture-based peer-to-peer transaction system
using gestures. OK, a smart wallet app, combines authentication, marketing and payment services in a single
app. By choice, peer-to-peer payments were excluded from the initial design of the OK app, because no
compelling user experience for this type of payment was available, yet. With Strape there is. To incorporate
the Strape functionality inOKand other host applications, the Strape functionality needs to be made available
as an SDK.
The goal of the project is therefore twofold: An SDK must be developed that provides the gesture-based
functionality and adheres to a number of integration use cases for various possible hosting applications. First,
it should be possible to initiate transactions by using gestures, and authorize the transactions by tapping on
a discovered user and swiping it towards them. Secondly, the SDK should be structured in such a way that it
is possible for a host application to fully integrate the SDK.
The system is implemented using a set of configurable classes with the business logic and a data provider
that handles all data mutation and persistence. Furthermore, it holds views that can be extended by a host
application for further customization. Discovery is implemented by using Bluetooth Low Energy, a protocol
that enables constant advertisement and scanning of users in proximity. To ensure testability and maintainability,
aModel-View-Presenter architecture is used.
The SDK is implemented in OK at various points in the app, namely as a favorite between payment accounts,
IDs and tickets, as a shortcut in the main overview and as an overlay with transaction objects. OK
mostly uses the standard SDK configuration variables.
The project was managed using Scrum with 1-week sprints. Version control was handled by Git and
SemVer and the project was continuously integrated by using Bitrise. Although a connection to the Strape
Virtual Account System was planned, time constraints and prioritization of the core Strape functionality resulted
in leaving it out of the final product.
The result satisfies the project goal in that an SDK is realized comprising the core Strape functionality
with the specified integration requirements. Furthermore, a first version of the SDK is integrated in the OK
app, satisfying all UI integration requirements. The project has showed us the importance of the necessary
overhead with software development projects such as this one. We recommend developing the requirements
we deemed out of scope for this project to complete the entire peer-to-peer transaction proposition. ...
using gestures. OK, a smart wallet app, combines authentication, marketing and payment services in a single
app. By choice, peer-to-peer payments were excluded from the initial design of the OK app, because no
compelling user experience for this type of payment was available, yet. With Strape there is. To incorporate
the Strape functionality inOKand other host applications, the Strape functionality needs to be made available
as an SDK.
The goal of the project is therefore twofold: An SDK must be developed that provides the gesture-based
functionality and adheres to a number of integration use cases for various possible hosting applications. First,
it should be possible to initiate transactions by using gestures, and authorize the transactions by tapping on
a discovered user and swiping it towards them. Secondly, the SDK should be structured in such a way that it
is possible for a host application to fully integrate the SDK.
The system is implemented using a set of configurable classes with the business logic and a data provider
that handles all data mutation and persistence. Furthermore, it holds views that can be extended by a host
application for further customization. Discovery is implemented by using Bluetooth Low Energy, a protocol
that enables constant advertisement and scanning of users in proximity. To ensure testability and maintainability,
aModel-View-Presenter architecture is used.
The SDK is implemented in OK at various points in the app, namely as a favorite between payment accounts,
IDs and tickets, as a shortcut in the main overview and as an overlay with transaction objects. OK
mostly uses the standard SDK configuration variables.
The project was managed using Scrum with 1-week sprints. Version control was handled by Git and
SemVer and the project was continuously integrated by using Bitrise. Although a connection to the Strape
Virtual Account System was planned, time constraints and prioritization of the core Strape functionality resulted
in leaving it out of the final product.
The result satisfies the project goal in that an SDK is realized comprising the core Strape functionality
with the specified integration requirements. Furthermore, a first version of the SDK is integrated in the OK
app, satisfying all UI integration requirements. The project has showed us the importance of the necessary
overhead with software development projects such as this one. We recommend developing the requirements
we deemed out of scope for this project to complete the entire peer-to-peer transaction proposition.