Verify the security compliance
(Monday, Nov 4, 2019)
Objectives When it goes to undertake security verification, the first question usually popping up is: tell me if you can break it? And if so, how difficult it is? This question is valuable, as it can be directly related to the risk of fraud. Indeed, if I know how easy an adversary can break a system, it becomes possible to understand the threat, perform a risk analysis and define a strategy to remediate or respond to the risk.
About mobile application security
(Friday, Oct 4, 2019)
An increasing number of mobile applications create or handle sensitive data. Some also perform sensitive transactions. This is for instance the case for eHealth mobile applications managing data with a high privacy concern, or also electronic ticketing where mobile applications manage the payment and the access to public transportation. As there is something at stake, an unavoidable threat comes along and protecting these data and transactions is necessary. Trust in the new digital services can be achieved if we are confident that the system cannot be compromised.
Scared: open source side-channel library by eShard
(Thursday, Sep 26, 2019)
In short: eShard recently released Scared, a new open source Python library for side-channel attacks. Scared is a professional side-channel framework with easy-to-use APIs and great performance to run side-channel analyses.Try it on Binder! During CHES 2019 conference in Atlanta, eShard presented its newly released open source library for side-channel attacks named Scared. With Scared, our goal is to provide a professional open source side-channel framework for people to develop their side-channel projects
eShard's vision given at Innovation Cybersecurity Ecosystem at Block71 (ICE71)
(Tuesday, Sep 10, 2019)
In this post, Jean-Luc Khaou, CBO, is sharing eShard’s vision in an interview conducted by ICE71. Courtesy of ICE71 Innovation Cybersecurity Ecosystem at Block71 ICE71 is the Singapore first cybersecurity entrepreneur hub. eShard is part of the Scale program, designed to help international and local startups grow their business in Singapore, and within the Asia Pacific region. Q: What is eShard about, and your role in it?
Optimized White-Box Tracing for Efficient Side-Channel Attacks
(Monday, Sep 9, 2019)
Analyzing the strength of a White-Boxed Cryptography (WBC) Algorithm turned to a point when Bos et al. showed that the secret key can be fully recovered by tracing the corresponding binary atCHES 2016. Examining the data traces resulting from the binary analysis turns out to be very powerful as it may lead to the secret with a minimum software reverse engineering effort and mathematical skills. For this reason, tracing is now part of the minimum toolkit that WBC analysts should exploit as part of the state-of-the-art.
Non-Profiled Deep Learning Side-Channel attacks with Sensitivity Analysis
(Monday, Aug 19, 2019)
At CHES 2019 conference, eShard will be on stage to present new Side-Channel analysis methods based on Deep Learning. The talk will focus on the paper “Non-Profiled Deep Learning-based Side-Channel attacks with Sensitivity Analysis” published in the second issue of the TCHES 2019 journal. In this post we present the digest of the paper ahead of the talk. Courtesy of Besir Kurtulmus - Algorithmia Deep Learning and Side-Channel attacks Side-Channel attacks are usually divided into two categories: