Wavelet Selection and Employment for Side-Channel Disassembly
Side-channel analysis, originally used in cryptanalysis is growing in use cases, both offensive and defensive. Wavelet analysis is a commonly employed time-frequency analysis technique used across disciplines, with a variety of purposes, and has shown increasing prevalence within side-channel literature. This paper explores wavelet selection and analysis parameters for use in side-channel analysis, particularly power side-channel-based instruction disassembly and classification. Experiments are conducted on an ATmega328P microcontroller and a subset of the AVR instruction set. Classification performance is evaluated with a time-series convolutional neural network (CNN) at clock-cycle fidelity. This work demonstrates that wavelet selection and employment parameters have meaningful impact on analysis outcomes. Practitioners should make informed decisions and consider optimizing these factors similarly to machine learning architecture and hyperparameters. We conclude that the gaus1 wavelet with scales 1-21 and grayscale colormap provided the best balance of classification performance, time, and memory efficiency in our application.
Updated: 2021-07-25 18:59:41
标题: 小波选择和应用于侧信道拆卸
摘要: 边信道分析最初用于密码分析,现在在攻击和防御方面的应用越来越广泛。小波分析是一种常用的时间频率分析技术,被广泛应用于各个学科领域,具有各种不同的用途,并且在边信道文献中的使用越来越普遍。本文探讨了用于边信道分析的小波选择和分析参数,特别是基于功耗边信道的指令分解和分类。实验在ATmega328P微控制器和AVR指令集的一个子集上进行。分类性能通过时序卷积神经网络(CNN)在时钟周期精度下进行评估。这项工作表明,小波选择和使用参数对分析结果具有明显影响。实践者应该做出明智的决策,并考虑优化这些因素,类似于机器学习架构和超参数。我们得出结论,使用gau1小波,尺度为1-21,灰度色图,在我们的应用中提供了最佳的分类性能、时间和内存效率的平衡。
更新时间: 2021-07-25 18:59:41
领域: cs.CR,eess.SP
Privacy-Preserving Dynamic Personalized Pricing with Demand Learning
The prevalence of e-commerce has made detailed customers' personal information readily accessible to retailers, and this information has been widely used in pricing decisions. When involving personalized information, how to protect the privacy of such information becomes a critical issue in practice. In this paper, we consider a dynamic pricing problem over $T$ time periods with an \emph{unknown} demand function of posted price and personalized information. At each time $t$, the retailer observes an arriving customer's personal information and offers a price. The customer then makes the purchase decision, which will be utilized by the retailer to learn the underlying demand function. There is potentially a serious privacy concern during this process: a third party agent might infer the personalized information and purchase decisions from price changes from the pricing system. Using the fundamental framework of differential privacy from computer science, we develop a privacy-preserving dynamic pricing policy, which tries to maximize the retailer revenue while avoiding information leakage of individual customer's information and purchasing decisions. To this end, we first introduce a notion of \emph{anticipating} $(\varepsilon, \delta)$-differential privacy that is tailored to dynamic pricing problem. Our policy achieves both the privacy guarantee and the performance guarantee in terms of regret. Roughly speaking, for $d$-dimensional personalized information, our algorithm achieves the expected regret at the order of $\tilde{O}(\varepsilon^{-1} \sqrt{d^3 T})$, when the customers' information is adversarially chosen. For stochastic personalized information, the regret bound can be further improved to $\tilde{O}(\sqrt{d^2T} + \varepsilon^{-2} d^2)$
Updated: 2021-07-25 18:53:42
标题: 隐私保护动态个性化定价与需求学习
摘要: 电子商务的普及使得详细的客户个人信息对零售商变得更加容易获取,并且这些信息在定价决策中被广泛使用。当涉及到个性化信息时,如何保护这些信息的隐私在实践中成为一个关键问题。在本文中,我们考虑了一个包含$T$个时间段的动态定价问题,其中包含已发布价格和个性化信息的\emph{未知}需求函数。在每个时间$t$,零售商观察到到达的客户的个人信息并提供一个价格。然后客户做出购买决定,这将被零售商用来学习潜在的需求函数。在这个过程中可能存在严重的隐私问题:第三方代理可能会从定价系统的价格变化中推断出个性化信息和购买决策。利用计算机科学中差分隐私的基本框架,我们开发了一个保护隐私的动态定价策略,试图在最大化零售商收入的同时避免个体客户信息和购买决策的信息泄露。为此,我们首先引入了一个与动态定价问题相关的\emph{预期}$(\varepsilon, \delta)$-差分隐私概念。我们的策略在遗憾方面同时实现了隐私保障和性能保障。粗略地说,对于$d$维个性化信息,当客户的信息是敌对选择时,我们的算法实现了期望遗憾在$\tilde{O}(\varepsilon^{-1} \sqrt{d^3 T})$数量级。对于随机个性化信息,遗憾界限可以进一步提高到$\tilde{O}(\sqrt{d^2T} + \varepsilon^{-2} d^2)$。
更新时间: 2021-07-25 18:53:42
领域: cs.CR,cs.GT,cs.LG,stat.ML
The Dark (and Bright) Side of IoT: Attacks and Countermeasures for Identifying Smart Home Devices and Services
We present a new machine learning-based attack that exploits network patterns to detect the presence of smart IoT devices and running services in the WiFi radio spectrum. We perform an extensive measurement campaign of data collection, and we build up a model describing the traffic patterns characterizing three popular IoT smart home devices, i.e., Google Nest Mini, Amazon Echo, and Amazon Echo Dot. We prove that it is possible to detect and identify with overwhelming probability their presence and the services running by the aforementioned devices in a crowded WiFi scenario. This work proves that standard encryption techniques alone are not sufficient to protect the privacy of the end-user, since the network traffic itself exposes the presence of both the device and the associated service. While more work is required to prevent non-trusted third parties to detect and identify the user's devices, we introduce Eclipse, a technique to mitigate these types of attacks, which reshapes the traffic making the identification of the devices and the associated services similar to the random classification baseline.
Updated: 2021-07-25 08:26:23
标题: 物联网的黑暗(和明亮)面:攻击和对策,用于识别智能家居设备和服务
摘要: 我们提出了一种新的基于机器学习的攻击方法,利用网络模式来检测WiFi无线电频谱中智能物联网设备和运行服务的存在。我们进行了大量的数据收集测量活动,并建立了描述三种流行IoT智能家居设备的流量模式的模型,即Google Nest Mini,Amazon Echo和Amazon Echo Dot。我们证明,在拥挤的WiFi场景中,有可能以极大的概率检测和识别出这些设备的存在以及运行的服务。这项工作证明了仅靠标准加密技术是不足以保护最终用户的隐私的,因为网络流量本身暴露了设备和相关服务的存在。虽然还需要更多的工作来防止不受信任的第三方检测和识别用户的设备,但我们介绍了Eclipse,一种缓解这类攻击的技术,通过重塑流量来使设备和相关服务的识别类似于随机分类基线。
更新时间: 2021-07-25 08:26:23
领域: cs.CR,cs.LG