Lowering the Bar: Deep Learning for Side Channel Analysis. Guilherme Perin, Baris Ege, Jasper van December 4, 2018
|
|
- Heather Fletcher
- 5 years ago
- Views:
Transcription
1 Lowering the Bar: Deep Learning for Side Channel Analysis Guilherme Perin, Baris Ege, Jasper van December 4,
2 Before Signal processing Leakage modeling 2
3 After 3
4 Helping security Implementation flaws Vulnerabilities Source of leakages Fixes / Improvement Activation paths Secure Product Faster certification Metrics 4
5 Power / EM side channel analysis 5
6 6
7 Power analysis Some crypto algorithm 7
8 Example (huge) leakage Data leakage Noise 8
9 Signal processing Raw trace Processed trace 9
10 Misalignment 10
11 AES-128 first round attack Unknown k 0 k 1 k 2 k 3 k 4 k 5 k 6 k 7 Known k 8 k 12 k 9 k 13 k 10 k 14 k 11 k 15 Leakage model, Power prediction i 0 i 1 i 2 i 3 x 0 x 1 x 2 x 3 s 0 s 1 s 2 s 3 i 4 i 8 i 5 i 9 i 6 i 10 i 7 i 11 x 4 x 8 x 5 x 9 x 6 x 10 x 7 x 11 S-BOX s 4 s 8 s 5 s 9 s 6 s 10 s 7 s 11 i 12 i 13 i 14 i 15 Key Addition x 12 x 13 x 14 x 15 s 12 s 13 s 14 s 15 11
12 Points of interest selection Correlation, T-test, Difference of Means Data leakage Noise Samples showing statistical dependency between intermediate (key-related) data and power consumption. 12
13 Concept of Template Analysis Ciphertext Keys Open Sample Measure Learn (Profiling) Phase Leakage Model Templates Input Fixed Key Closed Sample Measure Attack (Exploitation) Phase Input Analysis 13
14 Key Byte Rank Key recovery AES key bytes 0-15 Number of traces 14
15 The actual process Setup Analysis Acquisition Processing 15
16 Deep learning background 16
17 Deep Learning Data with labels cat cat cat dog dog dog 17
18 Deep Learning Data with labels machine Cat (%) Dog (%) Train a machine to classify these data Error function BACK-PROPAGATION ALGORITHM 18
19 Deep Learning Data with labels Trained Cat (%) machine Dog (%) Train a machine to classify these data Test the machine on new data 19
20 Deep Learning Data with labels Train a machine to classify these data Change parameters No Trained machine Machine = Deep Neural Network Cat Test the machine on new data Is classification accuracy good enough? Yes We are done! 20
21 Convolutional Neural Networks (CNNs) Input Layer (the size is equivalent to the number of samples) Output Layer (the size is equivalent to the number of classes) Conv. Layers (feature extractor + encoding) Dense Layers (classifiers) The convolutional layers are able to detect the features independently of their positions 21
22 Creating training/test/validation data sets features label samples HW = 5 samples HW = 7 samples HW = 3 samples HW = 4 Leakage model 22
23 Classification Trained Model Trace (samples) 0.02 HW = 4 HW = HW = Key enumeration using output probabilities (Bayes) HW = Softmax ( p i = 1) 23
24 Deep learning on side channels in practice 24
25 Step 1: Define initial hyper-parameters HW = 0 HW = 1 25
26 Step 2: Make sure it s capable of learning Increase the number of training traces and observe the training and validation accuracy Overfitting too fast? Training accuracy: 100% Validation accuracy: low Neural network is too big for the number of traces and samples 26
27 Step 3: Make it generalize Make sure the training accuracy/recall is increasing NN is learning from its training set Validation recall stays above the minimum threshold value = model is generalizing = 1/9 (9 is the number of classes HW of a byte) 27
28 Step 3: Make it generalize Regularization techniques: x 2 x 2 x 2 L1, L2 (penalty applied to the weights) Dropout Data Augmentation (+traces) Early Stopping x 1 x 1 Linear Separation Good Regularization Overfitting Low Training Accuracy Low Validation Accuracy Good Training Accuracy Good Validation Accuracy x 1 High Training Accuracy Low Validation Accuracy 28
29 Key Byte Rank Step 4: Key Recovery In this analysis, we only need slightly-above coin flip accuracy! Number of traces 29
30 Getting keys from the thingz! 30
31 Piñata AES-128 with misalignment 31
32 Key Byte Rank Bypassing Misalignment with CNNs Neural Network: Input Layer > ConvLayer > 36 > 36 > 36 > Output Layer Training/validation/test sets: 90000/5000/5000 traces of 500 samples Leakage Model: HW of S-Box Out (Round 1) 9 classes Use Data Augmentation as regularization technique to improve generalization Results for key byte 0: Number of traces 32
33 Breaking protected ECC on Piñata Supervised deep learning attack: - Curve25519, Montgomery ladder, scalar blinding - Messy signal - Brute-force methods for ECC are needed if test accuracy < 100% - Need to get (almost) all bits from one trace! 33
34 Breaking protected ECC Misaligned traces Unsupervised/Supervised Horizontal Attack: 60% success rate Deep learning: 90% success rate Deep learning( + data augmentation): 99.4% success rate Data augmentation: 25k 200k traces. Input (4000) 3 Conv Layers (10 filters) 4 Dense Layers (100 Neurons) Output (2 Classes) RELU TANH SOFTMAX 34
35 Breaking AES with First-Order Masking Target published in 2013 ( 40k traces available AES-256 (Atmel ATMega-163 smart card) Countermeasure: Rotating S-box Masking (RSM) 35
36 How does DPA contest V4 masking work? Masking is expensive in performance and memory Rotating mask helps by pre-computing masked S-boxes 36
37 Second order attack on masked implementations XM 1 XM 2 X 1 X 2 Y 1 Y 2 We cannot predict YM j, but we can predict Y j We cannot measure Y j, but we can measure YM j YM 1 = M (i+1) Y 1 YM 2 = M (i+1) Y 2 YM 1 YM 2 YM 1 YM 2 = Y 1 Y 2 By measuring two S-box output leakage points (YM 1 and YM 2 ), and subtracting their values, we get a value that corresponds to the leakage of Y 1 Y 2 second order attack Cost: Must know or guess position of YM j leakage Attacking two S boxes 2 sub keys quadratic complexity 37
38 Breaking AES with First-Order Masking Neural Network: Input Layer > ConvLayer > 50 > 50 > 50 > Output Layer Training/validation/test sets: 36000/2000/2000 traces Leakage Model: HW of S-Box Out (Round 1) 9 classes Results for key byte 0: The processing of 8 traces is sufficient to recover the key 1/9 38
39 1 st cool thing DL is up there with dozens of SCA research teams 39
40 2 nd cool thing This shouldn t work why? 40
41 Identifying leakage 41
42 Where is the leak? Correlation Analysis Correlation Template Analysis POI Deep Learning Visualization Techniques? 42
43 Visualization Object detection in images Visualizing what neural networks learn from input data (proposed by Keras creator): Observe effect of occlusion (input blocking) Create heat maps of class activations Something else (1%). Elephant (99%). Something else (80%). Elephant (20%). Feature location 43
44 Activation path (illustration) Input Data Conv. Pooling Conv. Pooling Feature Map Dense Layers Output HW = 5 Feature Extraction + Dimensionality Reduction Feature Combination + Classification 44
45 Our method Input Data Conv. Pooling Conv. Pooling Feature Map Dense Layers Output HW = 5 Feature Extraction + Dimensionality Reduction Feature Combination + Classification 45
46 Results (unprotected target) Raw trace T-test (first round key byte) CPA succeeds CPA fails Our visualization method 46
47 Digging deeper 47
48 Leakage Assessment (White-box) 40k Traces HW (Masked S-Box Out) ID (Masked S-Box Out) HW (S-Box Out) ID (S-Box Out) 48
49 Visualize the learned features (CNN) Validation accuracy: Key Byte 0 rank: 16 Leaking section 49
50 Optimized results / / Overfitting Very small generalization Select leaking section No Overfitting Significant generalization Key byte 0 found (rank 1) after: 9 traces! Helping DL by sample selection improves quality 50
51 Actual (HW) Actual (HW) Confusion Matrix Predicted (HW) Ideal (when we have high accuracy) Predicted (HW) Expected Predicted HW 0 HW 2, HW 4, HW6 HW 1 HW 3, HW 5 HW 2 HW 2, HW 4, HW6 HW 3 HW 3, HW 5 HW 4 HW 2, HW 4, HW6 HW 5 HW 3, HW 5 HW 6 HW 2, HW 4, HW6 HW 7 HW 3, HW 5 HW 8 HW 2, HW 4, HW6 Imperfect leakage, but good enough 51
52 Wrapping up 52
53 Thoughts on Spectre & friends Spectre relies on 1d measurement: time Plain old statistics probably better than DL Speculation: DL could be useful for an attacker that combines multiple micro-architectural side channels 53
54 Key takeaways If SCA is a concern, DL can exploit and identify leakage DL does SCA art + science and scales DL still requires humans, the bar is low, not yet at 0 More automation needed to put a dent in insecurity 54
55 I want to learn more!? By Colin & Jasper Deeplearningbook.org riscure.com/training bookstores nostarch 55
56 References S. Haykin, Neural Networks and Learning Machines. E. Cagli et al, Breaking Cryptographic Implementations Using Deep Learning Benadjila et al, Study of Deep Learning Techniques for Side-Channel Analysis and Introduction to ADCAD Database H. Maghrebi et al, Convolutional Neural Networks with Data Augmentation Against Jitter-Based Countermeasures Zhang et al, Understanding deep learning requires re-thinking generalization Keskar et al, On Large-Batch Training for Deep Learning: Generalization Gap and Sharp Minima, Shwartz and Tishby, Opening the black-box of Deep Learning via Information, 56
57 Riscure B.V. Frontier Building, Delftechpark XJ Delft The Netherlands Phone: Riscure North America 550 Kearny St., Suite 330 San Francisco, CA USA Phone: Riscure China Room , No. 989, Changle Road, Shanghai China Phone: Challenge your 57
Unboxing the whitebox. Jasper van CTO Riscure North America ICMC 16
Unboxing the whitebox Jasper van Woudenberg @jzvw CTO Riscure North America ICMC 16 Riscure Certification Pay TV, EMVco, smart meter, CC Evaluation & consultancy Mobile (TEE/HCE/WBC) Secure architecture
More informationDeep Learning for Embedded Security Evaluation
Deep Learning for Embedded Security Evaluation Emmanuel Prouff 1 1 Laboratoire de Sécurité des Composants, ANSSI, France April 2018, CISCO April 2018, CISCO E. Prouff 1/22 Contents 1. Context and Motivation
More informationNon-Profiled Deep Learning-Based Side-Channel Attacks
Non-Profiled Deep Learning-Based Side-Channel Attacks Benjamin Timon UL Transaction Security, Singapore benjamin.timon@ul.com Abstract. Deep Learning has recently been introduced as a new alternative to
More informationControlled Fault Injection: Wishful Thinking, Thoughtful Engineering,
Controlled Fault Injection: Wishful Thinking, Thoughtful Engineering, or just LUCK? FDTC 2017 Panelists: Ilia Polian, Marc Joye, Ingrid Verbauwhede Marc Witteman, Johann Heyszl The Fault Attack Process
More informationPractical DFA on AES. Marc Witteman CTO June 13, 2013
Practical DFA on AES Marc Witteman CTO June 13, 2013 DFA on AES, how hard is that? 2003 Gilles Piret and Jean-Jacques Quisquater 2 faults 2013 Christophe Giraud and Adrian Thillard 1 fault 2013 Riscure
More informationApplying TVLA to Public Key Cryptographic Algorithms. Michael Tunstall Gilbert Goodwill
Applying TVLA to Public Key Cryptographic Algorithms Michael Tunstall Gilbert Goodwill Introduction Test Vector Leakage Assessment (TVLA) was proposed in 2012 Efficient in evaluating the presence of leakage
More informationSide channel attack: Power Analysis. Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut
Side channel attack: Power Analysis Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut Conventional Cryptanalysis Conventional cryptanalysis considers crypto systems as mathematical objects Assumptions:
More informationPower Analysis Attacks
Power Analysis Attacks Elisabeth Oswald Computer Science Department Crypto Group eoswald@cs.bris.ac.uk Elisabeth.Oswald@iaik.tugraz.at Outline Working principle of power analysis attacks DPA Attacks on
More informationWhen Hardware Attacks. Marc Witteman
When Hardware Attacks scale Marc Witteman Croatian Summer school 2017 Attack exploitation space: time vs distance Remote software protocol key brute force Fast relay attack mitm side channel Slow Hardware
More informationOnce upon a time... A first-order chosen-plaintext DPA attack on the third round of DES
A first-order chosen-plaintext DPA attack on the third round of DES Oscar Reparaz, Benedikt Gierlichs KU Leuven, imec - COSIC CARDIS 2017 Once upon a time... 14 November 2017 Benedikt Gierlichs - DPA on
More informationConvolutional Neural Networks. Computer Vision Jia-Bin Huang, Virginia Tech
Convolutional Neural Networks Computer Vision Jia-Bin Huang, Virginia Tech Today s class Overview Convolutional Neural Network (CNN) Training CNN Understanding and Visualizing CNN Image Categorization:
More informationPerceptron: This is convolution!
Perceptron: This is convolution! v v v Shared weights v Filter = local perceptron. Also called kernel. By pooling responses at different locations, we gain robustness to the exact spatial location of image
More informationA Systematic Approach to the Side-Channel Analysis of ECC Implementations with Worst-Case Horizontal Attacks
A Systematic Approach to the Side-Channel Analysis of ECC Implementations with Worst-Case Horizontal Attacks Romain Poussier, François-Xavier Standaert: Université catholique de Louvain Yuanyuan Zhou:
More informationHOST Differential Power Attacks ECE 525
Side-Channel Attacks Cryptographic algorithms assume that secret keys are utilized by implementations of the algorithm in a secure fashion, with access only allowed through the I/Os Unfortunately, cryptographic
More informationTrace Augmentation: What Can Be Done Even Before Preprocessing in a Profiled SCA?
Trace Augmentation: What Can Be Done Even Before Preprocessing in a Profiled SCA? Sihang Pu 1 Yu Yu 1 Weijia Wang 1 Zheng Guo 1 Junrong Liu 1 Dawu Gu 1 Lingyun Wang 2 Jie Gan 3 Shanghai Jiao Tong University,
More informationPractical Electromagnetic Template Attack on HMAC
Practical Electromagnetic Template Attack on HMAC Pierre Alain Fouque 1 Gaétan Leurent 1 Denis Réal 2,3 Frédéric Valette 2 1ENS,75Paris,France. 2CELAR,35Bruz,France. 3INSA-IETR,35Rennes,France. September
More informationWhite-Box Cryptography
Based on: J. W. Bos, C. Hubain, W. Michiels, P. Teuwen. In CHES 2016: Differential computation analysis: Hiding your white-box designs is not enough. White-Box Cryptography Don't Forget About Grey Box
More informationDynamic Routing Between Capsules
Report Explainable Machine Learning Dynamic Routing Between Capsules Author: Michael Dorkenwald Supervisor: Dr. Ullrich Köthe 28. Juni 2018 Inhaltsverzeichnis 1 Introduction 2 2 Motivation 2 3 CapusleNet
More informationNatural Language Processing CS 6320 Lecture 6 Neural Language Models. Instructor: Sanda Harabagiu
Natural Language Processing CS 6320 Lecture 6 Neural Language Models Instructor: Sanda Harabagiu In this lecture We shall cover: Deep Neural Models for Natural Language Processing Introduce Feed Forward
More informationDeep Learning. Visualizing and Understanding Convolutional Networks. Christopher Funk. Pennsylvania State University.
Visualizing and Understanding Convolutional Networks Christopher Pennsylvania State University February 23, 2015 Some Slide Information taken from Pierre Sermanet (Google) presentation on and Computer
More informationMachine Learning. Deep Learning. Eric Xing (and Pengtao Xie) , Fall Lecture 8, October 6, Eric CMU,
Machine Learning 10-701, Fall 2015 Deep Learning Eric Xing (and Pengtao Xie) Lecture 8, October 6, 2015 Eric Xing @ CMU, 2015 1 A perennial challenge in computer vision: feature engineering SIFT Spin image
More informationDeep Learning with Tensorflow AlexNet
Machine Learning and Computer Vision Group Deep Learning with Tensorflow http://cvml.ist.ac.at/courses/dlwt_w17/ AlexNet Krizhevsky, Alex, Ilya Sutskever, and Geoffrey E. Hinton, "Imagenet classification
More informationKaggle Data Science Bowl 2017 Technical Report
Kaggle Data Science Bowl 2017 Technical Report qfpxfd Team May 11, 2017 1 Team Members Table 1: Team members Name E-Mail University Jia Ding dingjia@pku.edu.cn Peking University, Beijing, China Aoxue Li
More informationIntroduction to Software Countermeasures For Embedded Cryptography
Introduction to Software Countermeasures For Embedded Cryptography David Vigilant UMPC Master, 1 st December, 2017 Outline 1 Context and Motivations 2 Basic Rules and Countermeasures Examples Regarding
More informationStudy of Residual Networks for Image Recognition
Study of Residual Networks for Image Recognition Mohammad Sadegh Ebrahimi Stanford University sadegh@stanford.edu Hossein Karkeh Abadi Stanford University hosseink@stanford.edu Abstract Deep neural networks
More informationBreaking the Bitstream Decryption of FPGAs
Breaking the Bitstream Decryption of FPGAs 05. Sep. 2012 Amir Moradi Embedded Security Group, Ruhr University Bochum, Germany Acknowledgment Christof Paar Markus Kasper Timo Kasper Alessandro Barenghi
More informationDeep Learning for Computer Vision II
IIIT Hyderabad Deep Learning for Computer Vision II C. V. Jawahar Paradigm Shift Feature Extraction (SIFT, HoG, ) Part Models / Encoding Classifier Sparrow Feature Learning Classifier Sparrow L 1 L 2 L
More informationRiscure Inspector Release Notes
Date 15 January 2018 Modified behavior Issue number INS-7594 INS-7593 INS-7709 INS-7620 INS-7427 INS-7576 Description Modified behavior: During module execution it was possible to start another module
More informationImageNet Classification with Deep Convolutional Neural Networks
ImageNet Classification with Deep Convolutional Neural Networks Alex Krizhevsky Ilya Sutskever Geoffrey Hinton University of Toronto Canada Paper with same name to appear in NIPS 2012 Main idea Architecture
More informationThe Davies-Murphy Power Attack. Sébastien Kunz-Jacques Frédéric Muller Frédéric Valette DCSSI Crypto Lab
The Davies-Murphy Power Attack Sébastien Kunz-Jacques Frédéric Muller Frédéric Valette DCSSI Crypto Lab Introduction Two approaches for attacking crypto devices traditional cryptanalysis Side Channel Attacks
More informationNeural Networks. Single-layer neural network. CSE 446: Machine Learning Emily Fox University of Washington March 10, /10/2017
3/0/207 Neural Networks Emily Fox University of Washington March 0, 207 Slides adapted from Ali Farhadi (via Carlos Guestrin and Luke Zettlemoyer) Single-layer neural network 3/0/207 Perceptron as a neural
More informationCPSC 340: Machine Learning and Data Mining. Deep Learning Fall 2016
CPSC 340: Machine Learning and Data Mining Deep Learning Fall 2016 Assignment 5: Due Friday. Assignment 6: Due next Friday. Final: Admin December 12 (8:30am HEBB 100) Covers Assignments 1-6. Final from
More informationBreaking Korea Transit Card with Side-Channel Attack
Breaking Korea Transit Card with Side-Channel Attack -Unauthorized Recharging- Black Hat Asia 2017 Tae Won Kim, Tae Hyun Kim, and Seokhie Hong Outline 1. Attack Goal & Scenario 2. Target Device Details
More informationSIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017
SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017 WHAT WE DO What we do Robust and Efficient Cryptographic Protocols Research in Cryptography and
More informationMobile Banking application security
Mobile Banking application security Learning from the HCE security experience to improve security of mobile banking applications 1 Mobile Banking application security Contents 1 Introduction... 3 1.1 What
More informationMasking vs. Multiparty Computation: How Large is the Gap for AES?
Masking vs. Multiparty Computation: How Large is the Gap for AES? Vincent Grosso 1, François-Xavier Standaert 1, Sebastian Faust 2. 1 ICTEAM/ELEN/Crypto Group, Université catholique de Louvain, Belgium.
More informationCMU Lecture 18: Deep learning and Vision: Convolutional neural networks. Teacher: Gianni A. Di Caro
CMU 15-781 Lecture 18: Deep learning and Vision: Convolutional neural networks Teacher: Gianni A. Di Caro DEEP, SHALLOW, CONNECTED, SPARSE? Fully connected multi-layer feed-forward perceptrons: More powerful
More information6. Convolutional Neural Networks
6. Convolutional Neural Networks CS 519 Deep Learning, Winter 2017 Fuxin Li With materials from Zsolt Kira Quiz coming up Next Thursday (2/2) 20 minutes Topics: Optimization Basic neural networks No Convolutional
More informationECE 5470 Classification, Machine Learning, and Neural Network Review
ECE 5470 Classification, Machine Learning, and Neural Network Review Due December 1. Solution set Instructions: These questions are to be answered on this document which should be submitted to blackboard
More informationKeras: Handwritten Digit Recognition using MNIST Dataset
Keras: Handwritten Digit Recognition using MNIST Dataset IIT PATNA February 9, 2017 1 / 24 OUTLINE 1 Introduction Keras: Deep Learning library for Theano and TensorFlow 2 Installing Keras Installation
More informationClassifying Depositional Environments in Satellite Images
Classifying Depositional Environments in Satellite Images Alex Miltenberger and Rayan Kanfar Department of Geophysics School of Earth, Energy, and Environmental Sciences Stanford University 1 Introduction
More informationCENG 783. Special topics in. Deep Learning. AlchemyAPI. Week 11. Sinan Kalkan
CENG 783 Special topics in Deep Learning AlchemyAPI Week 11 Sinan Kalkan TRAINING A CNN Fig: http://www.robots.ox.ac.uk/~vgg/practicals/cnn/ Feed-forward pass Note that this is written in terms of the
More informationDeep Learning. Deep Learning provided breakthrough results in speech recognition and image classification. Why?
Data Mining Deep Learning Deep Learning provided breakthrough results in speech recognition and image classification. Why? Because Speech recognition and image classification are two basic examples of
More informationKeras: Handwritten Digit Recognition using MNIST Dataset
Keras: Handwritten Digit Recognition using MNIST Dataset IIT PATNA January 31, 2018 1 / 30 OUTLINE 1 Keras: Introduction 2 Installing Keras 3 Keras: Building, Testing, Improving A Simple Network 2 / 30
More informationPower Analysis of MAC-Keccak: A Side Channel Attack. Advanced Cryptography Kyle McGlynn 4/12/18
Power Analysis of MAC-Keccak: A Side Channel Attack Advanced Cryptography Kyle McGlynn 4/12/18 Contents Side-Channel Attack Power Analysis Simple Power Analysis (SPA) Differential Power Analysis (DPA)
More informationLecture 20: Neural Networks for NLP. Zubin Pahuja
Lecture 20: Neural Networks for NLP Zubin Pahuja zpahuja2@illinois.edu courses.engr.illinois.edu/cs447 CS447: Natural Language Processing 1 Today s Lecture Feed-forward neural networks as classifiers simple
More informationSpread: a new layer for profiled deep-learning side-channel attacks
Spread: a new layer for profiled deep-learning side-channel attacks Christophe Pfeifer 1,2 and Patrick Haddad 3 1 Karlsruhe Institute of Technology, Karlsruhe, Germany 2 Grenoble INP - Ensimag, Grenoble,
More informationIntro to Deep Learning. Slides Credit: Andrej Karapathy, Derek Hoiem, Marc Aurelio, Yann LeCunn
Intro to Deep Learning Slides Credit: Andrej Karapathy, Derek Hoiem, Marc Aurelio, Yann LeCunn Why this class? Deep Features Have been able to harness the big data in the most efficient and effective
More informationEM Analysis in the IoT Context: Lessons Learned from an Attack on Thread
EM Analysis in the IoT Context: Lessons Learned from an Attack on Thread Daniel Dinu 1, Ilya Kizhvatov 2 1 Virginia Tech 2 Radboud University Nijmegen CHES 2018 Outline 1 Introduction 2 Side-Channel Vulnerability
More informationINF 5860 Machine learning for image classification. Lecture 11: Visualization Anne Solberg April 4, 2018
INF 5860 Machine learning for image classification Lecture 11: Visualization Anne Solberg April 4, 2018 Reading material The lecture is based on papers: Deep Dream: https://research.googleblog.com/2015/06/inceptionism-goingdeeper-into-neural.html
More informationInception Network Overview. David White CS793
Inception Network Overview David White CS793 So, Leonardo DiCaprio dreams about dreaming... https://m.media-amazon.com/images/m/mv5bmjaxmzy3njcxnf5bml5banbnxkftztcwnti5otm0mw@@._v1_sy1000_cr0,0,675,1 000_AL_.jpg
More informationDECISION TREES & RANDOM FORESTS X CONVOLUTIONAL NEURAL NETWORKS
DECISION TREES & RANDOM FORESTS X CONVOLUTIONAL NEURAL NETWORKS Deep Neural Decision Forests Microsoft Research Cambridge UK, ICCV 2015 Decision Forests, Convolutional Networks and the Models in-between
More informationIndex. Springer Nature Switzerland AG 2019 B. Moons et al., Embedded Deep Learning,
Index A Algorithmic noise tolerance (ANT), 93 94 Application specific instruction set processors (ASIPs), 115 116 Approximate computing application level, 95 circuits-levels, 93 94 DAS and DVAS, 107 110
More informationDeep Learning Cook Book
Deep Learning Cook Book Robert Haschke (CITEC) Overview Input Representation Output Layer + Cost Function Hidden Layer Units Initialization Regularization Input representation Choose an input representation
More informationCOMP 551 Applied Machine Learning Lecture 16: Deep Learning
COMP 551 Applied Machine Learning Lecture 16: Deep Learning Instructor: Ryan Lowe (ryan.lowe@cs.mcgill.ca) Slides mostly by: Class web page: www.cs.mcgill.ca/~hvanho2/comp551 Unless otherwise noted, all
More informationDeep Learning and Its Applications
Convolutional Neural Network and Its Application in Image Recognition Oct 28, 2016 Outline 1 A Motivating Example 2 The Convolutional Neural Network (CNN) Model 3 Training the CNN Model 4 Issues and Recent
More informationDeep Learning for Computer Vision with MATLAB By Jon Cherrie
Deep Learning for Computer Vision with MATLAB By Jon Cherrie 2015 The MathWorks, Inc. 1 Deep learning is getting a lot of attention "Dahl and his colleagues won $22,000 with a deeplearning system. 'We
More informationReport: Privacy-Preserving Classification on Deep Neural Network
Report: Privacy-Preserving Classification on Deep Neural Network Janno Veeorg Supervised by Helger Lipmaa and Raul Vicente Zafra May 25, 2017 1 Introduction In this report we consider following task: how
More information3D Convolutional Neural Networks for Landing Zone Detection from LiDAR
3D Convolutional Neural Networks for Landing Zone Detection from LiDAR Daniel Mataruna and Sebastian Scherer Presented by: Sabin Kafle Outline Introduction Preliminaries Approach Volumetric Density Mapping
More informationDeep Learning. Practical introduction with Keras JORDI TORRES 27/05/2018. Chapter 3 JORDI TORRES
Deep Learning Practical introduction with Keras Chapter 3 27/05/2018 Neuron A neural network is formed by neurons connected to each other; in turn, each connection of one neural network is associated
More informationMachine Learning 13. week
Machine Learning 13. week Deep Learning Convolutional Neural Network Recurrent Neural Network 1 Why Deep Learning is so Popular? 1. Increase in the amount of data Thanks to the Internet, huge amount of
More informationSide-Channel Attack against RSA Key Generation Algorithms
Side-Channel Attack against RSA Key Generation Algorithms CHES 2014 Aurélie Bauer, Eliane Jaulmes, Victor Lomné, Emmanuel Prouff and Thomas Roche Agence Nationale de la Sécurité des Systèmes d Information
More informationVulnerability of machine learning models to adversarial examples
Vulnerability of machine learning models to adversarial examples Petra Vidnerová Institute of Computer Science The Czech Academy of Sciences Hora Informaticae 1 Outline Introduction Works on adversarial
More informationSecurity against Timing Analysis Attack
International Journal of Electrical and Computer Engineering (IJECE) Vol. 5, No. 4, August 2015, pp. 759~764 ISSN: 2088-8708 759 Security against Timing Analysis Attack Deevi Radha Rani 1, S. Venkateswarlu
More informationHello Edge: Keyword Spotting on Microcontrollers
Hello Edge: Keyword Spotting on Microcontrollers Yundong Zhang, Naveen Suda, Liangzhen Lai and Vikas Chandra ARM Research, Stanford University arxiv.org, 2017 Presented by Mohammad Mofrad University of
More informationSupplementary A. Overview. C. Time and Space Complexity. B. Shape Retrieval. D. Permutation Invariant SOM. B.1. Dataset
Supplementary A. Overview This supplementary document provides more technical details and experimental results to the main paper. Shape retrieval experiments are demonstrated with ShapeNet Core55 dataset
More informationECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria. Stefan Mangard.
Building Secure Hardware ECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria Stefan Mangard Infineon Technologies, Munich, Germany Stefan.Mangard@infineon.com Outline Assets and Requirements
More informationRiscure Inspector Release Notes
Date 4 December 2018 Modified behavior INS-7918 INS-8291 INS-8293 INS-8294 INS-8861 INS-8939 INS-8961 INS-8979 INS-8986 Modified behavior: When using the distribution module when choosing 'get Y range
More information3 Object Detection. BVM 2018 Tutorial: Advanced Deep Learning Methods. Paul F. Jaeger, Division of Medical Image Computing
3 Object Detection BVM 2018 Tutorial: Advanced Deep Learning Methods Paul F. Jaeger, of Medical Image Computing What is object detection? classification segmentation obj. detection (1 label per pixel)
More informationMETRIC LEARNING BASED DATA AUGMENTATION FOR ENVIRONMENTAL SOUND CLASSIFICATION
METRIC LEARNING BASED DATA AUGMENTATION FOR ENVIRONMENTAL SOUND CLASSIFICATION Rui Lu 1, Zhiyao Duan 2, Changshui Zhang 1 1 Department of Automation, Tsinghua University 2 Department of Electrical and
More informationCOMP9444 Neural Networks and Deep Learning 7. Image Processing. COMP9444 c Alan Blair, 2017
COMP9444 Neural Networks and Deep Learning 7. Image Processing COMP9444 17s2 Image Processing 1 Outline Image Datasets and Tasks Convolution in Detail AlexNet Weight Initialization Batch Normalization
More informationDissecting Leakage Resilient PRFs with Multivariate Localized EM Attacks
Dissecting Leakage Resilient PRFs with Multivariate Localized EM Attacks A Practical Security Evaluation on FPGA Florian Unterstein Johann Heyszl Fabrizio De Santis a Robert Specht, 13.04.2017 a Technical
More informationMicro-Architectural Attacks and Countermeasures
Micro-Architectural Attacks and Countermeasures Çetin Kaya Koç koc@cs.ucsb.edu Çetin Kaya Koç http://koclab.org Winter 2017 1 / 25 Contents Micro-Architectural Attacks Cache Attacks Branch Prediction Attack
More informationMasking as a Side-Channel Countermeasure in Hardware
Masking as a Side-Channel Countermeasure in Hardware 6. September 2016 Ruhr-Universität Bochum 1 Agenda Physical Attacks and Side Channel Analysis Attacks Measurement setup Power Analysis Attacks Countermeasures
More informationSkin Lesion Classification and Segmentation for Imbalanced Classes using Deep Learning
Skin Lesion Classification and Segmentation for Imbalanced Classes using Deep Learning Mohammed K. Amro, Baljit Singh, and Avez Rizvi mamro@sidra.org, bsingh@sidra.org, arizvi@sidra.org Abstract - This
More informationSafety verification for deep neural networks
Safety verification for deep neural networks Marta Kwiatkowska Department of Computer Science, University of Oxford UC Berkeley, 8 th November 2016 Setting the scene Deep neural networks have achieved
More informationImproved Brute Force Search Strategies for Single Trace and Few Traces Template Attacks on the DES Round Keys
Improved Brute Force Search Strategies for Single Trace and Few Traces Template Attacks on the DES Round Keys Mathias Wagner, Stefan Heyse mathias.wagner@nxp.com Abstract. We present an improved search
More informationC-Brain: A Deep Learning Accelerator
C-Brain: A Deep Learning Accelerator that Tames the Diversity of CNNs through Adaptive Data-level Parallelization Lili Song, Ying Wang, Yinhe Han, Xin Zhao, Bosheng Liu, Xiaowei Li State Key Laboratory
More informationA Simple Power Analysis Attack Against the Key Schedule of the Camellia Block Cipher
A Simple Power Analysis Attack Against the Key Schedule of the Camellia Block Cipher Lu Xiao and Howard M. Heys 2 QUALCOMM Incorporated, lxiao@qualcomm.com 2 Electrical and Computer Engineering, Faculty
More informationSecond-Order Power Analysis Attacks against Precomputation based Masking Countermeasure
, pp.259-270 http://dx.doi.org/10.14257/ijsh.2016.10.3.25 Second-Order Power Analysis Attacks against Precomputation based Masking Countermeasure Weijian Li 1 and Haibo Yi 2 1 School of Computer Science,
More informationHow multi-fault injection. of smart cards. Marc Witteman Riscure. Session ID: RR-201 Session Classification: Advanced
How multi-fault injection breaks Title the of Presentation security of smart cards Marc Witteman Riscure Session ID: RR-201 Session Classification: Advanced Imagine you could turn your BART EZ Rider fare
More informationDifferential Computation Analysis Hiding your White-Box Designs is Not Enough. Joppe W. Bos
Differential Computation Analysis Hiding your White-Box Designs is Not Enough Joppe W. Bos 1. Who am I Finished PhD@laboratory for cryptologic algorithms at EPFL, Lausanne, Switzerland under supervision
More informationRSA POWER ANALYSIS OBFUSCATION: A DYNAMIC FPGA ARCHITECTURE THESIS. John W. Barron, Captain, USAF AFIT/GE/ENG/12-02
RSA POWER ANALYSIS OBFUSCATION: A DYNAMIC FPGA ARCHITECTURE THESIS John W. Barron, Captain, USAF AFIT/GE/ENG/12-02 DEPARTMENT OF THE AIR FORCE AIR UNIVERSITY AIR FORCE INSTITUTE OF TECHNOLOGY Wright-Patterson
More informationFuzzy Set Theory in Computer Vision: Example 3
Fuzzy Set Theory in Computer Vision: Example 3 Derek T. Anderson and James M. Keller FUZZ-IEEE, July 2017 Overview Purpose of these slides are to make you aware of a few of the different CNN architectures
More informationNeural Networks. CE-725: Statistical Pattern Recognition Sharif University of Technology Spring Soleymani
Neural Networks CE-725: Statistical Pattern Recognition Sharif University of Technology Spring 2013 Soleymani Outline Biological and artificial neural networks Feed-forward neural networks Single layer
More informationTowards Neural Network Patching: Evaluating Engagement-Layers and Patch-Architectures
Towards Neural Network Patching: Evaluating Engagement-Layers and Patch-Architectures Sebastian Kauschke, David H. Lehmann Knowledge Engineering Group, TU Darmstadt, Germany kauschke@ke.tu-darmstadt.de
More informationLecture 37: ConvNets (Cont d) and Training
Lecture 37: ConvNets (Cont d) and Training CS 4670/5670 Sean Bell [http://bbabenko.tumblr.com/post/83319141207/convolutional-learnings-things-i-learned-by] (Unrelated) Dog vs Food [Karen Zack, @teenybiscuit]
More informationCS 523: Multimedia Systems
CS 523: Multimedia Systems Angus Forbes creativecoding.evl.uic.edu/courses/cs523 Today - Convolutional Neural Networks - Work on Project 1 http://playground.tensorflow.org/ Convolutional Neural Networks
More informationComo funciona o Deep Learning
Como funciona o Deep Learning Moacir Ponti (com ajuda de Gabriel Paranhos da Costa) ICMC, Universidade de São Paulo Contact: www.icmc.usp.br/~moacir moacir@icmc.usp.br Uberlandia-MG/Brazil October, 2017
More informationSpatial Localization and Detection. Lecture 8-1
Lecture 8: Spatial Localization and Detection Lecture 8-1 Administrative - Project Proposals were due on Saturday Homework 2 due Friday 2/5 Homework 1 grades out this week Midterm will be in-class on Wednesday
More informationWeighted Convolutional Neural Network. Ensemble.
Weighted Convolutional Neural Network Ensemble Xavier Frazão and Luís A. Alexandre Dept. of Informatics, Univ. Beira Interior and Instituto de Telecomunicações Covilhã, Portugal xavierfrazao@gmail.com
More informationAccelerating Convolutional Neural Nets. Yunming Zhang
Accelerating Convolutional Neural Nets Yunming Zhang Focus Convolutional Neural Nets is the state of the art in classifying the images The models take days to train Difficult for the programmers to tune
More informationAn Exploration of Computer Vision Techniques for Bird Species Classification
An Exploration of Computer Vision Techniques for Bird Species Classification Anne L. Alter, Karen M. Wang December 15, 2017 Abstract Bird classification, a fine-grained categorization task, is a complex
More informationUsing Machine Learning for Classification of Cancer Cells
Using Machine Learning for Classification of Cancer Cells Camille Biscarrat University of California, Berkeley I Introduction Cell screening is a commonly used technique in the development of new drugs.
More informationEE 511 Neural Networks
Slides adapted from Ali Farhadi, Mari Ostendorf, Pedro Domingos, Carlos Guestrin, and Luke Zettelmoyer, Andrei Karpathy EE 511 Neural Networks Instructor: Hanna Hajishirzi hannaneh@washington.edu Computational
More informationarxiv: v1 [stat.ml] 21 Feb 2018
Detecting Learning vs Memorization in Deep Neural Networks using Shared Structure Validation Sets arxiv:2.0774v [stat.ml] 2 Feb 8 Elias Chaibub Neto e-mail: elias.chaibub.neto@sagebase.org, Sage Bionetworks
More informationNVIDIA FOR DEEP LEARNING. Bill Veenhuis
NVIDIA FOR DEEP LEARNING Bill Veenhuis bveenhuis@nvidia.com Nvidia is the world s leading ai platform ONE ARCHITECTURE CUDA 2 GPU: Perfect Companion for Accelerating Apps & A.I. CPU GPU 3 Intro to AI AGENDA
More informationA physical level perspective
UMass CS 660 Advanced Information Assurance Spring 2011Guest Lecture Side Channel Analysis A physical level perspective Lang Lin Who am I 5 th year PhD candidate in ECE Advisor: Professor Wayne Burleson
More informationConvolutional Neural Network for Facial Expression Recognition
Convolutional Neural Network for Facial Expression Recognition Liyuan Zheng Department of Electrical Engineering University of Washington liyuanz8@uw.edu Shifeng Zhu Department of Electrical Engineering
More informationFuzzy Set Theory in Computer Vision: Example 3, Part II
Fuzzy Set Theory in Computer Vision: Example 3, Part II Derek T. Anderson and James M. Keller FUZZ-IEEE, July 2017 Overview Resource; CS231n: Convolutional Neural Networks for Visual Recognition https://github.com/tuanavu/stanford-
More information