-
Multi-Screaming-Channel Attacks: Frequency Diversity for Enhanced Attacks
Authors:
Jeremy Guillaume,
Maxime Pelcat,
Amor Nafkha,
Rubén Salvador
Abstract:
Side-channel attacks consist of retrieving internal data from a victim system by analyzing its leakage, which usually requires proximity to the victim in the range of a few millimetres. Screaming channels are EM side channels transmitted at a distance of a few meters. They appear on mixed-signal devices integrating an RF module on the same silicon die as the digital part. Consequently, the side ch…
▽ More
Side-channel attacks consist of retrieving internal data from a victim system by analyzing its leakage, which usually requires proximity to the victim in the range of a few millimetres. Screaming channels are EM side channels transmitted at a distance of a few meters. They appear on mixed-signal devices integrating an RF module on the same silicon die as the digital part. Consequently, the side channels are modulated by legitimate RF signal carriers and appear at the harmonics of the digital clock frequency. While initial works have only considered collecting leakage at these harmonics, late work has demonstrated that the leakage is also present at frequencies other than these harmonics. This result significantly increases the number of available frequencies to perform a screaming-channel attack, which can be convenient in an environment where multiple harmonics are polluted. This work studies how this diversity of frequencies carrying leakage can be used to improve attack performance. We first study how to combine multiple frequencies. Second, we demonstrate that frequency combination can improve attack performance and evaluate this improvement according to the performance of the combined frequencies. Finally, we demonstrate the interest of frequency combination in attacks at 15 and, for the first time to the best of our knowledge, at 30 meters. One last important observation is that this frequency combination divides by 2 the number of traces needed to reach a given attack performance.
△ Less
Submitted 3 April, 2025;
originally announced April 2025.
-
Integrating problem structuring methods with formal design theory: collective water management policy design in Tunisia
Authors:
Berkay Tosunlu,
Joseph H. A. Guillaume,
Alexis Tsoukiàs,
Emeline Hassenforder,
Samia Chrii,
Houssem Braiki,
Irene Pluchinotta
Abstract:
Groundwater management, especially in regions like Tunisia, is challenging due to diverse stakeholder interests and the dry structure of climate, which is extremely challenging for the sustainability of water resources. This paper proposes an innovative approach to policy design by merging Problem Structuring Methods (PSMs) and the Policy-Knowledge, Concepts, Proposals (P-KCP) methodology. Utilizi…
▽ More
Groundwater management, especially in regions like Tunisia, is challenging due to diverse stakeholder interests and the dry structure of climate, which is extremely challenging for the sustainability of water resources. This paper proposes an innovative approach to policy design by merging Problem Structuring Methods (PSMs) and the Policy-Knowledge, Concepts, Proposals (P-KCP) methodology. Utilizing cognitive maps and value trees, the study aims to generate new collective groundwater management practices. Bridging decision theory and design theory, the study addresses the gap in new alternative generation and highlights the P-KCP's role in innovative policy design. Integrating PSMs and C-K theory, the framework expands policy alternatives and advocates for participatory approaches. It emphasizes adaptability across contexts, provides replicable process descriptions, and encourages the creation of unconventional policy solutions. Ultimately, this comprehensive framework offers a practical guide for policy innovation and collaboration.
△ Less
Submitted 4 October, 2024;
originally announced October 2024.
-
Conflict Transformation and Management. From Cognitive Maps to Value Trees
Authors:
Berkay H. Tosunlu,
Joseph H. A. Guillaume,
Alexis Tsoukiàs
Abstract:
Conflict transformation and management are complex decision processes with extremely high stakes at hand and could greatly benefit from formal approaches to decision support. For this purpose we develop a general framework about how to use problem structuring methods for such purposes. More precisely we show how to transform cognitive maps to value trees in order to promote a more design-oriented…
▽ More
Conflict transformation and management are complex decision processes with extremely high stakes at hand and could greatly benefit from formal approaches to decision support. For this purpose we develop a general framework about how to use problem structuring methods for such purposes. More precisely we show how to transform cognitive maps to value trees in order to promote a more design-oriented approach to decision support aiming at constructing innovative solutions for conflict management purposes. We show that our findings have a much wider validity since they allow to move from a descriptive representation of a problem situation to a more prescriptive one using formal procedures and models.
△ Less
Submitted 12 December, 2023;
originally announced December 2023.
-
Attacking at non-harmonic frequencies in screaming-channel attacks
Authors:
Jeremy Guillaume,
Maxime Pelcat,
Amor Nafkha,
Ruben Salvador
Abstract:
Screaming-channel attacks enable Electromagnetic (EM) Side-Channel Attacks (SCAs) at larger distances due to higher EM leakage energies than traditional SCAs, relaxing the requirement of close access to the victim. This attack can be mounted on devices integrating Radio Frequency (RF) modules on the same die as digital circuits, where the RF can unintentionally capture, modulate, amplify, and tran…
▽ More
Screaming-channel attacks enable Electromagnetic (EM) Side-Channel Attacks (SCAs) at larger distances due to higher EM leakage energies than traditional SCAs, relaxing the requirement of close access to the victim. This attack can be mounted on devices integrating Radio Frequency (RF) modules on the same die as digital circuits, where the RF can unintentionally capture, modulate, amplify, and transmit the leakage along with legitimate signals. Leakage results from digital switching activity, so the hypothesis of previous works was that this leakage would appear at multiples of the digital clock frequency, i.e., harmonics. This work demonstrates that compromising signals appear not only at the harmonics and that leakage at non-harmonics can be exploited for successful attacks. Indeed, the transformations undergone by the leaked signal are complex due to propagation effects through the substrate and power and ground planes, so the leakage also appears at other frequencies. We first propose two methodologies to locate frequencies that contain leakage and demonstrate that it appears at non-harmonic frequencies. Then, our experimental results show that screaming-channel attacks at non-harmonic frequencies can be as successful as at harmonics when retrieving a 16-byte AES key. As the RF spectrum is polluted by interfering signals, we run experiments and show successful attacks in a more realistic, noisy environment where harmonic frequencies are contaminated by multi-path fading and interference. These attacks at non-harmonic frequencies increase the attack surface by providing attackers with an increased number of potential frequencies where attacks can succeed.
△ Less
Submitted 8 April, 2025; v1 submitted 27 November, 2023;
originally announced November 2023.
-
Fast unfolding of communities in large networks: 15 years later
Authors:
Vincent Blondel,
Jean-Loup Guillaume,
Renaud Lambiotte
Abstract:
The Louvain method was proposed 15 years ago as a heuristic method for the fast detection of communities in large networks. During this period, it has emerged as one of the most popular methods for community detection, the task of partitioning vertices of a network into dense groups, usually called communities or clusters. Here, after a short introduction to the method, we give an overview of the…
▽ More
The Louvain method was proposed 15 years ago as a heuristic method for the fast detection of communities in large networks. During this period, it has emerged as one of the most popular methods for community detection, the task of partitioning vertices of a network into dense groups, usually called communities or clusters. Here, after a short introduction to the method, we give an overview of the different generalizations and modifications that have been proposed in the literature, and also survey the quality functions, beyond modularity, for which it has been implemented.
△ Less
Submitted 10 November, 2023;
originally announced November 2023.
-
Virtual Triggering: a Technique to Segment Cryptographic Processes in Side Channel Traces
Authors:
Jeremy Guillaume,
Maxime Pelcat,
Amor Nafkha,
Rubén Salvador
Abstract:
Side-Channel Attacks (SCAs) exploit data correla-tion in signals leaked from devices to jeopardize confidentiality. Locating and synchronizing segments of interest in traces from Cryptographic Processes (CPs) is a key step of the attack. The most common method consists in generating a trigger signal to indicate to the attacker the start of a CP. This paper proposes a method called Virtual Triggeri…
▽ More
Side-Channel Attacks (SCAs) exploit data correla-tion in signals leaked from devices to jeopardize confidentiality. Locating and synchronizing segments of interest in traces from Cryptographic Processes (CPs) is a key step of the attack. The most common method consists in generating a trigger signal to indicate to the attacker the start of a CP. This paper proposes a method called Virtual Triggering (VT) that removes the need for the trigger signal and automates trace segmentation. When the time between repetitions is not constant, further trace alignment techniques are required. Building on VT, we propose a simple method to learn representative segment templates from a profiling device similar to the victim, and to automatically locate and pull out these segments from other victim devices using simple pattern recognition. We evaluate VT on screaming channel attacks [1], which initially used a Frequency Component (FC) known to appear at a single time in leaked signals, as a trigger to segment traces. We demonstrate that VT not only performs equivalently to FC on a standard attack scenario, but we also show how using VT with the automatic pullout technique improves the attack efficiency and enables more realistic attack scenarios. Thanks to VT, screaming channel attacks can now: (1) succeed with only half of the segments collected compared to the FC trigger from the original attack; and (2) absorb time variations between CPs.
△ Less
Submitted 21 October, 2022;
originally announced October 2022.
-
Sniffer deployment in urban area for human trajectory reconstruction and contact tracing
Authors:
Antoine Huchet,
Jean-Loup Guillaume,
Yacine Ghamri-Doudane
Abstract:
To study the propagation of information from individual to individual, we need mobility datasets. Existing datasets are not satisfactory because they are too small, inaccurate or target a homogeneous subset of population. To draw valid conclusions, we need sufficiently large and heterogeneous datasets. Thus we aim for a passive non-intrusive data collection method, based on sniffers that are to be…
▽ More
To study the propagation of information from individual to individual, we need mobility datasets. Existing datasets are not satisfactory because they are too small, inaccurate or target a homogeneous subset of population. To draw valid conclusions, we need sufficiently large and heterogeneous datasets. Thus we aim for a passive non-intrusive data collection method, based on sniffers that are to be deployed at some well-chosen street intersections. To this end, we need optimization techniques for efficient placement of sniffers. We introduce a heuristic, based on graph theory notions like the vertex cover problem along with graph centrality measures.
△ Less
Submitted 29 July, 2022;
originally announced August 2022.
-
How does a Pre-Trained Transformer Integrate Contextual Keywords? Application to Humanitarian Computing
Authors:
Barriere Valentin,
Jacquet Guillaume
Abstract:
In a classification task, dealing with text snippets and metadata usually requires dealing with multimodal approaches. When those metadata are textual, it is tempting to use them intrinsically with a pre-trained transformer, in order to leverage the semantic information encoded inside the model. This paper describes how to improve a humanitarian classification task by adding the crisis event type…
▽ More
In a classification task, dealing with text snippets and metadata usually requires dealing with multimodal approaches. When those metadata are textual, it is tempting to use them intrinsically with a pre-trained transformer, in order to leverage the semantic information encoded inside the model. This paper describes how to improve a humanitarian classification task by adding the crisis event type to each tweet to be classified. Based on additional experiments of the model weights and behavior, it identifies how the proposed neural network approach is partially over-fitting the particularities of the Crisis Benchmark, to better highlight how the model is still undoubtedly learning to use and take advantage of the metadata's textual semantics.
△ Less
Submitted 7 November, 2021;
originally announced November 2021.
-
A Generalized and Adaptive Method for Community Detection
Authors:
Romain Campigotto,
Patricia Conde Céspedes,
Jean-Loup Guillaume
Abstract:
Complex networks represent interactions between entities. They appear in various contexts such as sociology, biology, etc., and they generally contain highly connected subgroups called communities. Community detection is a well-studied problem and most of the algorithms aim to maximize the Newman-Girvan modularity function, the most popular being the Louvain method (it is well-suited on very large…
▽ More
Complex networks represent interactions between entities. They appear in various contexts such as sociology, biology, etc., and they generally contain highly connected subgroups called communities. Community detection is a well-studied problem and most of the algorithms aim to maximize the Newman-Girvan modularity function, the most popular being the Louvain method (it is well-suited on very large graphs). However, the classical modularity has many drawbacks: we can find partitions of high quality in graphs without community structure, e.g., on random graphs; it promotes large communities. Then, we have adapted the Louvain method to other quality functions. In this paper, we describe a generic version of the Louvain method. In particular, we give a sufficient condition to plug a quality function into it. We also show that global performance of this new version is similar to the classical Louvain algorithm, that promotes it to the best rank of the community detection algorithms.
△ Less
Submitted 10 June, 2014;
originally announced June 2014.
-
Temporal Reachability Graphs
Authors:
John Whitbeck,
Marcelo Dias de Amorim,
Vania Conan,
Jean-Loup Guillaume
Abstract:
While a natural fit for modeling and understanding mobile networks, time-varying graphs remain poorly understood. Indeed, many of the usual concepts of static graphs have no obvious counterpart in time-varying ones. In this paper, we introduce the notion of temporal reachability graphs. A (tau,delta)-reachability graph} is a time-varying directed graph derived from an existing connectivity graph.…
▽ More
While a natural fit for modeling and understanding mobile networks, time-varying graphs remain poorly understood. Indeed, many of the usual concepts of static graphs have no obvious counterpart in time-varying ones. In this paper, we introduce the notion of temporal reachability graphs. A (tau,delta)-reachability graph} is a time-varying directed graph derived from an existing connectivity graph. An edge exists from one node to another in the reachability graph at time t if there exists a journey (i.e., a spatiotemporal path) in the connectivity graph from the first node to the second, leaving after t, with a positive edge traversal time tau, and arriving within a maximum delay delta. We make three contributions. First, we develop the theoretical framework around temporal reachability graphs. Second, we harness our theoretical findings to propose an algorithm for their efficient computation. Finally, we demonstrate the analytic power of the temporal reachability graph concept by applying it to synthetic and real-life datasets. On top of defining clear upper bounds on communication capabilities, reachability graphs highlight asymmetric communication opportunities and offloading potential.
△ Less
Submitted 30 July, 2012;
originally announced July 2012.
-
Fast unfolding of communities in large networks
Authors:
Vincent D. Blondel,
Jean-Loup Guillaume,
Renaud Lambiotte,
Etienne Lefebvre
Abstract:
We propose a simple method to extract the community structure of large networks. Our method is a heuristic method that is based on modularity optimization. It is shown to outperform all other known community detection method in terms of computation time. Moreover, the quality of the communities detected is very good, as measured by the so-called modularity. This is shown first by identifying lan…
▽ More
We propose a simple method to extract the community structure of large networks. Our method is a heuristic method that is based on modularity optimization. It is shown to outperform all other known community detection method in terms of computation time. Moreover, the quality of the communities detected is very good, as measured by the so-called modularity. This is shown first by identifying language communities in a Belgian mobile phone network of 2.6 million customers and by analyzing a web graph of 118 million nodes and more than one billion links. The accuracy of our algorithm is also verified on ad-hoc modular networks. .
△ Less
Submitted 25 July, 2008; v1 submitted 4 March, 2008;
originally announced March 2008.
