The DeepLearningEpilepsyDetectionChallenge: design, implementation, andtestofanewcrowdsourced AIchallengeecosystem Isabell Kiral*, Subhrajit Roy*, Todd Mummert*, Alan Braz*, Jason Tsay, Jianbin Tang, Umar Asif, Thomas Schaffter, Eren Mehmet, The IBM Epilepsy Consortium◊ , Joseph Picone, Iyad Obeid, Bruno De Assis Marques, Stefan Maetschke, Rania Khalaf†, Michal RosenZvi† , Gustavo Stolovitzky† , Mahtab Mirmomeni† , Stefan Harrer† * These authors contributed equally to this work † Corresponding authors: rkhalaf@us.ibm.com, rosen@il.ibm.com, gustavo@us.ibm.com, mahtabm@au1.ibm.com, sharrer@au.ibm.com ◊ Members of the IBM Epilepsy Consortium are listed in the Acknowledgements section J. Picone and I. Obeid are with Temple University, USA. T. Schaffter is with Sage Bionetworks, USA. E. Mehmet is with the University of Illinois at UrbanaChampaign, USA. All other authors are with IBM Research in USA, Israel and Australia. Introduction This decade has seen an evergrowing number of scientific fields benefitting from the advances in machine learning technology and tooling. More recently, this trend reached the medical domain, with applications reaching from cancer diagnosis [1] to the development of brainmachineinterfaces [2]. While Kaggle has pioneered the crowdsourcing of machine learning challenges to incentivise data scientists from around the world to advance algorithm and model design, the increasing complexity of problem statements demands of participants to be expert datamore »
Practical State Recovery Attacks against Legacy RNG Implementations
The ANSI X9.17/X9.31 pseudorandom number generator design was first standardized in 1985, with variants incorporated into numerous cryptographic standards over the next three decades. The design uses timestamps together with a statically keyed block cipher to produce pseudorandom output. It has been known since 1998 that the key must remain secret in order for the output to be secure. However, neither the FIPS 1402 standardization process nor NIST's later descriptions of the algorithm specified any process for key generation. We performed a systematic study of publicly available FIPS 140 2 certifications for hundreds of products that implemented the ANSI X9.31 random number generator, and found twelve whose certification documents use of static, hardcoded keys in source code, leaving the implementation vulnerable to an attacker who can learn this key from the source code or binary. In order to demonstrate the practicality of such an attack, we develop a full passive decryption attack against FortiGate VPN gateway products using FortiOS v4 that recovers the private key in seconds. We measure the prevalence of this vulnerability on the visible Internet using active scans, and demonstrate state recovery and full private key recovery in the wild. Our work highlights the extent to which more »
 Award ID(s):
 1651344
 Publication Date:
 NSFPAR ID:
 10097174
 Journal Name:
 CCS '18 Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security
 Volume:
 2018
 Page Range or eLocationID:
 265 to 280
 Sponsoring Org:
 National Science Foundation
More Like this


Memoryhard functions (MHFs) are a key cryptographic primitive underlying the design of moderately expensive password hashing algorithms and egalitarian proofs of work. Over the past few years several increasingly stringent goals for an MHF have been proposed including the requirement that the MHF have high sequential spacetime (ST) complexity, parallel spacetime complexity, amortized areatime (aAT) complexity and sustained space complexity. DataIndependent Memory Hard Functions (iMHFs) are of special interest in the context of password hashing as they naturally resist sidechannel attacks. iMHFs can be specified using a directed acyclic graph (DAG) $G$ with $N=2^n$ nodes and low indegree and the complexity of the iMHF can be analyzed using a pebbling game. Recently, Alwen et al. [CCS'17] constructed an DAG called DRSample which has aAT complexity at least $\Omega\left( N^2/\log N\right)$. Asymptotically DRSample outperformed all prior iMHF constructions including Argon2i, winner of the password hashing competition (aAT cost $\mathcal{O}\left(N^{1.767}\right)$), though the constants in these bounds are poorly understood. We show that the the greedy pebbling strategy of Boneh et al. [ASIACRYPT'16] is particularly effective against DRSample e.g., the aAT cost is $\mathcal{O}\left( N^2/\log N\right)$. In fact, our empirical analysis {\em reverses} the prior conclusion of Alwen et al. that DRSample providesmore »

This paper explores the security of a singlestage residue number system (RNS) pseudorandom number generator (PRNG), which has previously been shown to provide extremely highquality outputs when evaluated through available RNG statistical test suites or in using Shannon and singlestage Kolmogorov entropy metrics. In contrast, rather than blindly performing statistical analyses on the outputs of the singlestage RNS PRNG, this paper provides both white box and black box analyses that facilitate reverse engineering of the underlying RNS number generation algorithm to obtain the residues, or equivalently key, of the RNS algorithm. We develop and demonstrate a conditional entropy analysis that permits extraction of the key given a priori knowledge of state transitions as well as reverse engineering of the RNS PRNG algorithm and parameters (but not the key) in problems where the multiplicative RNS characteristic is too large to obtain a priori state transitions. We then discuss multiple defenses and perturbations for the RNS system that fool the original attack algorithm, including deliberate noise injection and code hopping. We present a modification to the algorithm that accounts for deliberate noise, but rapidly increases the search space and complexity. Lastly, we discuss memory requirements and time required for the attacker andmore »

Obeid, I. ; Selesnik, I. ; Picone, J. (Ed.)The Neuronix highperformance computing cluster allows us to conduct extensive machine learning experiments on big data [1]. This heterogeneous cluster uses innovative scheduling technology, Slurm [2], that manages a network of CPUs and graphics processing units (GPUs). The GPU farm consists of a variety of processors ranging from lowend consumer grade devices such as the Nvidia GTX 970 to higherend devices such as the GeForce RTX 2080. These GPUs are essential to our research since they allow extremely computeintensive deep learning tasks to be executed on massive data resources such as the TUH EEG Corpus [2]. We use TensorFlow [3] as the core machine learning library for our deep learning systems, and routinely employ multiple GPUs to accelerate the training process. Reproducible results are essential to machine learning research. Reproducibility in this context means the ability to replicate an existing experiment – performance metrics such as error rates should be identical and floatingpoint calculations should match closely. Three examples of ways we typically expect an experiment to be replicable are: (1) The same job run on the same processor should produce the same results each time it is run. (2) A job run on a CPU and GPU should producemore »

The adaptation of the InternetofThings (IoT) for consumer electronics has enabled us to uplift everyday life. Lowpower smart and secure computing devices are needed to sustain the expected growth of consumer IoT. Adiabatic switching is a modern approach that recycles the energy stored in load capacitance to save energy. Further, the cryptographic circuit designed using adiabatic switching is secure against the Correlation Power Analysis (CPA) attack in contrast to the same circuit designed using standard CMOS. In this paper, we propose 2SPGAL, a 2phase sinusoidal signal based clocking implementation of Symmetric Pass Gate Adiabatic Logic (SPGAL). As a case study, we simulated the design of PRESENT80 (a lightweight cryptographic scheme) one round with an inbuilt Power Clock Generator (PCG) with 45nm technology. The 2SPGAL shows on an average 82.76% and 67.35% better energy saving compared to standard CMOS, and 2EESPFAL (another 2phase adiabatic logic), respectively at a frequency range from 100 kHz to 25 MHz with a load of 1 fF. The 2SPGAL has 16.78% savings of the number of transistors compared to 2EESPFAL for implementation of one round PRESENT80. Further, the CPA attacks reveal the key in standard CMOS, however, 2SPGAL PRESENT80 adiabatic logic design was successful to protectmore »