Paul Bottinelli scite author profile

Paul Bottinelli

3Publications

11Citation Statements Received

63Citation Statements Given

How they've been cited

How they cite others

Affiliations

École Polytechnique Fédérale de Lausanne, Computer Science Laboratory of Lille

Publications

Order By: Most citations

Computational aspects of correlation power analysis

Bottinelli

Bos

2016

J Cryptogr Eng

View full text Add to dashboard Cite

Since the discovery of simple power attacks, the cryptographic research community has developed significantly more advanced attack methods. The idea behind most algorithms remains to perform a statistical analysis by correlating the power trace obtained when executing a cryptographic primitive to a key-dependent guess. With the advancements of cryptographic countermeasures, it is not uncommon that sophisticated (higher order) power attacks require computation on many millions of power traces to find the desired correlation. In this paper, we study the computational aspects of calculating the most widely used correlation coefficient: the Pearson product-moment correlation coefficient. We study various time-memory trade-off techniques which apply specifically to the cryptologic setting and present methods to extend already completed computations using incremental versions. Moreover, we show how this technique can be applied to second-order attacks, reducing the attack cost significantly when adding new traces to an existing dataset. We also present methods which allow one to split the potentially huge trace set into smaller, more manageable chunks to reduce the memory requirements. Our parallel implementation of these techniques highlights the benefits of this approach as it allows efficient computations on power measurements consisting of hundreds of gigabytes on a single modern workstation.

show abstract

Property-testing real-world authorization systems

Sharifi

Bottinelli

Tripunitara

2013

View full text Add to dashboard Cite

We motivate and address the problem of testing for properties of interest in real-world implementations of authorization systems. We adopt a 4-stage process: (1) express a property precisely using existential second-order logic, (2) establish types of traces that are necessary and sufficient to establish a property, (3) adopt finitizing assumptions and show that under those assumptions, verifying a property is in PSPACE, and, (4) use a model-checker as a tracegenerator to generate instances of traces, and exercise the implementation to check for those traces. We discuss our design of a corresponding testing-system, and its use to test for qualitatively different kinds of properties in two commercial authorization systems. One is a database system that we call the D System, and the other is a file-sharing system that we call the I System. (We use pseudonyms at the request of the respective vendors.) In the context of the D System, our testing has uncovered several issues with its authorization system in the context of procedures that aggregate SQL statements that, to our knowledge, are new to the research literature. For the I System, we have established that it possesses several properties of interest.

show abstract

Breaking the IOC Authenticated Encryption Mode

Bottinelli

Reyhanitabar

Vaudenay

2014

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Paul Bottinelli

Computational aspects of correlation power analysis

Property-testing real-world authorization systems

Breaking the IOC Authenticated Encryption Mode

Contact Info

Product

Resources

About