scholarly journals Security Analysis of HMAC/NMAC by Using Fault Injection

2013 ◽  
Vol 2013 ◽  
pp. 1-6 ◽  
Author(s):  
Kitae Jeong ◽  
Yuseop Lee ◽  
Jaechul Sung ◽  
Seokhie Hong
Keyword(s):  
Computational Complexity ◽  
Fault Injection ◽  
Security Analysis ◽  
Hash Functions ◽  
Main Idea ◽  
Secret Key ◽  
Key Recovery ◽  
Injection Attacks ◽  
Fault Injection Attacks ◽  
Key Recovery Attacks

In Choukri and Tunstall (2005), the authors showed that if they decreased the number of rounds in AES by injecting faults, it is possible to recover the secret key. In this paper, we propose fault injection attacks on HMAC/NMAC by applying the main idea of their attack. These attacks are applicable to HMAC/NMAC based on the MD-family hash functions and can recover the secret key with the negligible computational complexity. Particularly, these results on HMAC/NMAC-SHA-2 are the first known key recovery attacks so far.

scholarly journals Misuse-Free Key-Recovery and Distinguishing Attacks on 7-Round Ascon

2021 ◽  
pp. 130-155
Author(s):  
Raghvendra Rohit ◽  
Kai Hu ◽  
Sumanta Sarkar ◽  
Siwei Sun
Keyword(s):  
Boolean Functions ◽  
Security Analysis ◽  
Third Party ◽  
Secret Key ◽  
Lightweight Cryptography ◽  
Key Recovery ◽  
Caesar Competition ◽  
Recovery Technique ◽  
Dimensional Cube ◽  
Key Recovery Attacks

Being one of the winning algorithms of the CAESAR competition and currently a second round candidate of the NIST lightweight cryptography standardization project, the authenticated encryption scheme Ascon (designed by Dobraunig, Eichlseder, Mendel, and Schläffer) has withstood extensive self and third-party cryptanalysis. The best known attack on Ascon could only penetrate up to 7 (out of 12) rounds due to Li et al. (ToSC Vol I, 2017). However, it violates the data limit of 264 blocks per key specified by the designers. Moreover, the best known distinguishers of Ascon in the AEAD context reach only 6 rounds. To fill these gaps, we revisit the security of 7-round Ascon in the nonce-respecting setting without violating the data limit as specified in the design. First, we introduce a new superpoly-recovery technique named as partial polynomial multiplication for which computations take place between the so-called degree-d homogeneous parts of the involved Boolean functions for a 2d-dimensional cube. We apply this method to 7-round Ascon and present several key recovery attacks. Our best attack can recover the 128-bit secret key with a time complexity of about 2123 7-round Ascon permutations and requires 264 data and 2101 bits memory. Also, based on division properties, we identify several 60 dimensional cubes whose superpolies are constant zero after 7 rounds. We further improve the cube distinguishers for 4, 5 and 6 rounds. Although our results are far from threatening the security of full 12-round Ascon, they provide new insights in the security analysis of Ascon.

scholarly journals Novel Fault Injection Attack without Artificial Trigger

2020 ◽  
Vol 10 (11) ◽  
pp. 3849
Author(s):  
HanSeop Lim ◽  
JongHyeok Lee ◽  
Dong-Guk Han
Keyword(s):  
Power Analysis ◽  
Fault Injection ◽  
Electromagnetic Emission ◽  
Injection System ◽  
Injection Time ◽  
Secret Key ◽  
Injection Attacks ◽  
Input Signals ◽  
Fault Injection Attack ◽  
Fault Injection Attacks

Theoretical process of fault injection attacks is defined as a process of recovering a secret key assuming that an attacker can inject faults into a specific targeted operation. Therefore, an artificial triggering is required to execute such an attack. However, when conducting analysis on real devices, artificial triggering needs to rely on a powerful assumption, such as manipulation of internal codes. In this paper, we propose a novel fault injection system using Input/Output (I/O) signals of target devices as a trigger for relaxing an attacker assumption. This system does not require an implementation of artificial triggering as input signals are used as a trigger in transmission of plaintexts for fault injection attacks. As a result, the attacker can perform fault injection attacks concerning the entire encryption process. To decide the fault injection time based on the trigger, the proposed system applies simple power analysis (SPA), employing electromagnetic emission of target devices. Considering that the fault injection time identified by SPA can be relatively vague compared with that obtained using a system based on an artificial triggering, we address this problem by proposing a process to recover the secret key without knowing the byte index of an injected fault.

scholarly journals A comment on information leakage from robust code-based checkers detecting fault attacks on cryptographic primitives

10.29007/r2sc ◽  
2019 ◽  
Author(s):  
Osnat Keren ◽  
Ilia Polian
Keyword(s):  
Error Detection ◽  
Fault Injection ◽  
Information Leakage ◽  
Secret Key ◽  
Cryptographic Primitives ◽  
Significant Information ◽  
Injection Attacks ◽  
Robust Codes ◽  
Fault Injection Attacks ◽  
The Relationship

Cryptographic hardware primitives must be protected against fault-injection attacks. Security-oriented error-detecting codes provide (probabilistic) guarantees for detection of maliciously injected faults even under assumption of a sophisticated attacker with access to powerful equipment.In this paper, we revisit the earlier finding that error-detection infrastructure may increase the undesired information leakage. We formalize the information leakage from the checker response by means of mutual information. We apply our analysis to the best security-oriented robust codes known today. We prove that the probability of an undetected attack is exponentially smaller than the entropy loss due to information leak from the checker. This means that an attack will be detected far before the attacker will gain significant information. Given a bound for acceptable information leakage (e.g., 0.5 bits of a 128-bit secret key), our analysis allows the designer to easily choose the number of redundant bits required to stay below that bound. The obtained results extend our knowledge about the relationship between detection capabilities of codes and information leakage due to them.

Diving Deep into the Weak Keys of Round Reduced Ascon

2021 ◽  
pp. 74-99
Author(s):  
Raghvendra Rohit ◽  
Santanu Sarkar
Keyword(s):  
Security Analysis ◽  
Theoretical Framework ◽  
Algebraic Degree ◽  
Data Complexity ◽  
Major Result ◽  
Secret Key ◽  
Key Recovery ◽  
Weak Keys ◽  
Key Recovery Attacks

At ToSC 2021, Rohit et al. presented the first distinguishing and key recovery attacks on 7 rounds Ascon without violating the designer’s security claims of nonce-respecting setting and data limit of 264 blocks per key. So far, these are the best attacks on 7 rounds Ascon. However, the distinguishers require (impractical) 260 data while the data complexity of key recovery attacks exactly equals 264. Whether there are any practical distinguishers and key recovery attacks (with data less than 264) on 7 rounds Ascon is still an open problem.In this work, we give positive answers to these questions by providing a comprehensive security analysis of Ascon in the weak key setting. Our first major result is the 7-round cube distinguishers with complexities 246 and 233 which work for 282 and 263 keys, respectively. Notably, we show that such weak keys exist for any choice (out of 64) of 46 and 33 specifically chosen nonce variables. In addition, we improve the data complexities of existing distinguishers for 5, 6 and 7 rounds by a factor of 28, 216 and 227, respectively. Our second contribution is a new theoretical framework for weak keys of Ascon which is solely based on the algebraic degree. Based on our construction, we identify 2127.99, 2127.97 and 2116.34 weak keys (out of 2128) for 5, 6 and 7 rounds, respectively. Next, we present two key recovery attacks on 7 rounds with different attack complexities. The best attack can recover the secret key with 263 data, 269 bits of memory and 2115.2 time. Our attacks are far from threatening the security of full 12 rounds Ascon, but we expect that they provide new insights into Ascon’s security.

scholarly journals Private circuits II versus fault injection attacks

2015 ◽  
Author(s):  
Henitsoa Rakotomalala ◽  
Xuan Thuy Ngo ◽  
Zakaria Najm ◽  
Jean-Luc Danger ◽  
Sylvain Guilley
Keyword(s):  
Fault Injection ◽  
Injection Attacks ◽  
Fault Injection Attacks

An on-chip glitchy-clock generator for testing fault injection attacks

2011 ◽  
Vol 1 (4) ◽  
pp. 265-270 ◽  
Author(s):  
Sho Endo ◽  
Takeshi Sugawara ◽  
Naofumi Homma ◽  
Takafumi Aoki ◽  
Akashi Satoh
Keyword(s):  
Fault Injection ◽  
Clock Generator ◽  
Injection Attacks ◽  
On Chip ◽  
Fault Injection Attacks
Sign in / Sign up

Export Citation Format

Share Document