Single Trace Analysis on Constant Time CDT Sampler and Its Countermeasure

Suhri Kim; Seokhie Hong

doi:10.3390/app8101809

Single Trace Analysis on Constant Time CDT Sampler and Its Countermeasure

Applied Sciences ◽

10.3390/app8101809 ◽

2018 ◽

Vol 8 (10) ◽

pp. 1809 ◽

Cited By ~ 4

Author(s):

Suhri Kim ◽

Seokhie Hong

Keyword(s):

Gaussian Elimination ◽

Cumulative Distribution ◽

Constant Time ◽

Key Generation ◽

Secret Key ◽

Secret Keys ◽

Open Issue ◽

Single Trace ◽

Lattice Based Cryptography ◽

Timing Attacks

The Gaussian sampler is an integral part in lattice-based cryptography as it has a direct connection to security and efficiency. Although it is theoretically secure to use the Gaussian sampler, the security of its implementation is an open issue. Therefore, researchers have started to investigate the security of the Gaussian sampler against side-channel attacks. Since the performance of the Gaussian sampler directly affects the performance of the overall cryptosystem, countermeasures considering only timing attacks are applied in the literature. In this paper, we propose the first single trace power analysis attack on a constant-time cumulative distribution table (CDT) sampler used in lattice-based cryptosystems. From our analysis, we were able to recover every sampled value in the key generation stage, so that the secret key is recovered by the Gaussian elimination. By applying our attack to the candidates submitted to the National Institute of Standards and Technology (NIST), we were able to recover over 99% of the secret keys. Additionally, we propose a countermeasure based on a look-up table. To validate the efficiency of our countermeasure, we implemented it in Lizard and measure its performance. We demonstrated that the proposed countermeasure does not degrade the performance.

Download Full-text

Horizontal Side-Channel Vulnerabilities of Post-Quantum Key Exchange and Encapsulation Protocols

ACM Transactions on Embedded Computing Systems ◽

10.1145/3476799 ◽

2021 ◽

Vol 20 (6) ◽

pp. 1-22

Author(s):

Furkan Aydin ◽

Aydin Aysu ◽

Mohit Tiwari ◽

Andreas Gerstlauer ◽

Michael Orshansky

Keyword(s):

Key Exchange ◽

Power Measurement ◽

Side Channel ◽

Digital Information ◽

Secret Key ◽

Secret Keys ◽

Key Exchange Protocols ◽

Horizontal Side ◽

Single Trace ◽

Lattice Based Cryptography

Key exchange protocols and key encapsulation mechanisms establish secret keys to communicate digital information confidentially over public channels. Lattice-based cryptography variants of these protocols are promising alternatives given their quantum-cryptanalysis resistance and implementation efficiency. Although lattice cryptosystems can be mathematically secure, their implementations have shown side-channel vulnerabilities. But such attacks largely presume collecting multiple measurements under a fixed key, leaving the more dangerous single-trace attacks unexplored. This article demonstrates successful single-trace power side-channel attacks on lattice-based key exchange and encapsulation protocols. Our attack targets both hardware and software implementations of matrix multiplications used in lattice cryptosystems. The crux of our idea is to apply a horizontal attack that makes hypotheses on several intermediate values within a single execution all relating to the same secret, and to combine their correlations for accurately estimating the secret key. We illustrate that the design of protocols combined with the nature of lattice arithmetic enables our attack. Since a straightforward attack suffers from false positives, we demonstrate a novel extend-and-prune procedure to recover the key by following the sequence of intermediate updates during multiplication. We analyzed two protocols, Frodo and FrodoKEM , and reveal that they are vulnerable to our attack. We implement both stand-alone hardware and RISC-V based software realizations and test the effectiveness of the proposed attack by using concrete parameters of these protocols on physical platforms with real measurements. We show that the proposed attack can estimate secret keys from a single power measurement with over 99% success rate.

Download Full-text

MIMO-Based Secret Key Generation Strategies

International Journal of Mobile Computing and Multimedia Communications ◽

10.4018/ijmcmc.2014070102 ◽

2014 ◽

Vol 6 (3) ◽

pp. 22-55 ◽

Cited By ~ 6

Author(s):

Kan Chen ◽

Bala Natarajan

Keyword(s):

Key Management ◽

Multiple Input Multiple Output ◽

Key Generation ◽

Secret Key ◽

Secret Key Generation ◽

Cooperative Mimo ◽

Multiple Input ◽

Secret Keys ◽

Input Multiple Output ◽

Network Technologies

Over the last decade, physical layer secret key generation (PHY-SKG) techniques that exploit reciprocity of wireless channels have attracted considerable interest among researchers in the field of wireless communication. Compared to traditional cryptographic methods, PHY-SKG techniques offer the following advantages: a computationally bounded adversary does not need to be assumed; PHY-SKG avoids the requirement of key management, and secret keys can be dynamically replenished. Additionally, PHY-SKG can enhance existing security schemes because it operates independently of higher layer security schemes. However, a key drawback of PHY-SKG is low secret key generation rate (SKGR), a critical performance metric. Therefore, the role of advanced network technologies (e.g., multiple input multiple output (MIMO) and cooperative MIMO) must be explored to enhance SKGR. This paper describes how MIMO and cooperative MIMO techniques can enhance SKGR.

Download Full-text

Stealthy Secret Key Generation

Entropy ◽

10.3390/e22060679 ◽

2020 ◽

Vol 22 (6) ◽

pp. 679 ◽

Cited By ~ 1

Author(s):

Pin-Hsun Lin ◽

Carsten R. Janda ◽

Eduard A. Jorswieck ◽

Rafael F. Schaefer

Keyword(s):

Source Model ◽

Equivalent Model ◽

Stochastic Orders ◽

Key Generation ◽

Secret Key ◽

Stochastic Dependence ◽

Secret Key Generation ◽

Secret Keys ◽

The One ◽

Source Form

In order to make a warden, Willie, unaware of the existence of meaningful communications, there have been different schemes proposed including covert and stealth communications. When legitimate users have no channel advantage over Willie, the legitimate users may need additional secret keys to confuse Willie, if the stealth or covert communication is still possible. However, secret key generation (SKG) may raise Willie’s attention since it has a public discussion, which is observable by Willie. To prevent Willie’s attention, we consider the source model for SKG under a strong secrecy constraint, which has further to fulfill a stealth constraint. Our first contribution is that, if the stochastic dependence between the observations at Alice and Bob fulfills the strict more capable criterion with respect to the stochastic dependence between the observations at Alice and Willie or between Bob and Willie, then a positive stealthy secret key rate is identical to the one without the stealth constraint. Our second contribution is that, if the random variables observed at Alice, Bob, and Willie induced by the common random source form a Markov chain, then the key capacity of the source model SKG with the strong secrecy constraint and the stealth constraint is equal to the key capacity with the strong secrecy constraint, but without the stealth constraint. For the case of fast fading models, a sufficient condition for the existence of an equivalent model, which is degraded, is provided, based on stochastic orders. Furthermore, we present an example to illustrate our results.

Download Full-text

Physical Layer Key Generation in 5G and Beyond Wireless Communications: Challenges and Opportunities

Entropy ◽

10.3390/e21050497 ◽

2019 ◽

Vol 21 (5) ◽

pp. 497 ◽

Cited By ~ 19

Author(s):

Guyue Li ◽

Chen Sun ◽

Junqing Zhang ◽

Eduard Jorswieck ◽

Bin Xiao ◽

...

Keyword(s):

Wireless Communications ◽

Communication Systems ◽

Multiple Input Multiple Output ◽

Key Distribution ◽

Physical Layer ◽

Sensitive Information ◽

Key Generation ◽

Secret Key ◽

Challenges And Opportunities ◽

Secret Keys

The fifth generation (5G) and beyond wireless communications will transform many exciting applications and trigger massive data connections with private, confidential, and sensitive information. The security of wireless communications is conventionally established by cryptographic schemes and protocols in which the secret key distribution is one of the essential primitives. However, traditional cryptography-based key distribution protocols might be challenged in the 5G and beyond communications because of special features such as device-to-device and heterogeneous communications, and ultra-low latency requirements. Channel reciprocity-based key generation (CRKG) is an emerging physical layer-based technique to establish secret keys between devices. This article reviews CRKG when the 5G and beyond networks employ three candidate technologies: duplex modes, massive multiple-input multiple-output (MIMO) and mmWave communications. We identify the opportunities and challenges for CRKG and provide corresponding solutions. To further demonstrate the feasibility of CRKG in practical communication systems, we overview existing prototypes with different IoT protocols and examine their performance in real-world environments. This article shows the feasibility and promising performances of CRKG with the potential to be commercialized.

Download Full-text

A novel secret key generation based on image link

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i2.5.10048 ◽

2018 ◽

Vol 7 (2.5) ◽

pp. 23

Author(s):

A H. Sulaiman ◽

I F.T. Al-Shaikhli ◽

M R. Wahiddin ◽

S Houri ◽

N Jamil ◽

...

Keyword(s):

Key Distribution ◽

Key Generation ◽

Symmetric Encryption ◽

Secret Key ◽

String Length ◽

Secret Key Generation ◽

Pattern Length ◽

Secret Keys ◽

Infusion Protocol ◽

Novel Algorithm

One of the main problems with symmetric encryption is key distribution especially when involving large number of users i.e to generate identical keys at different locations. To address this challenge, we proposed a novel algorithm of secret key infusion protocol (SKIP) to generatean identical secret key. While, the key is generated based on a provided image link, starting pattern and string length which must be kept in secret as the algorithm is publicly known. The image from website must be a static image and used as the input of random bits to produce string of hexadecimal values. In a case where image link is compromised, the adversary has to guess other layers of parameters in starting pattern and string length. The generated secret keys were identical at two different locations. In other observation, different secret keys were generated even with the same image link and pattern length but different starting pattern.

Download Full-text

BloothAir

ACM Transactions on Cyber-Physical Systems ◽

10.1145/3448254 ◽

2021 ◽

Vol 5 (3) ◽

pp. 1-22

Author(s):

Kai Li ◽

Ning Lu ◽

Jingjing Zheng ◽

Pei Zhang ◽

Wei Ni ◽

...

Keyword(s):

Effective Means ◽

Quantization Scheme ◽

Key Generation ◽

Secret Key ◽

Secret Key Generation ◽

Channel Quantization ◽

Smart Farming ◽

Secret Keys ◽

Radio Transceiver ◽

Mismatch Rate

Thanks to flexible deployment and excellent maneuverability, autonomous drones have been recently considered as an effective means to act as aerial data relays for wireless ground devices with limited or no cellular infrastructure, e.g., smart farming in a remote area. Due to the broadcast nature of wireless channels, data communications between the drones and the ground devices are vulnerable to eavesdropping attacks. This article develops BloothAir, which is a secure multi-hop aerial relay system based on Bluetooth Low Energy ( BLE ) connected autonomous drones. For encrypting the BLE communications in BloothAir, a channel-based secret key generation is proposed, where received signal strength at the drones and the ground devices is quantized to generate the secret keys. Moreover, a dynamic programming-based channel quantization scheme is studied to minimize the secret key bit mismatch rate of the drones and the ground devices by recursively adjusting the quantization intervals. To validate the design of BloothAir, we build a multi-hop aerial relay testbed by using the MX400 drone platform and the Gust radio transceiver, which is a new lightweight onboard BLE communicator specially developed for the drone. Extensive real-world experiments demonstrate that the BloothAir system achieves a significantly lower secret key bit mismatch rate than the key generation benchmarks, which use the static quantization intervals. In addition, the high randomness of the generated secret keys is verified by the standard NIST test, thereby effectively protecting the BLE communications in BloothAir from the eavesdropping attacks.

Download Full-text

Identity-Based Identification Scheme without Trusted Party against Concurrent Attacks

Security and Communication Networks ◽

10.1155/2020/8820271 ◽

2020 ◽

Vol 2020 ◽

pp. 1-9

Author(s):

Fei Tang ◽

Jiali Bao ◽

Yonghong Huang ◽

Dong Huang ◽

Fuqun Wang

Keyword(s):

Random Oracle Model ◽

Random Oracle ◽

Bilinear Pairing ◽

Key Generation ◽

Secret Key ◽

Key Escrow ◽

Identification Scheme ◽

Identification Schemes ◽

Secret Keys ◽

Identity Based

Identification schemes support that a prover who holding a secret key to prove itself to any verifier who holding the corresponding public key. In traditional identity-based identification schemes, there is a key generation center to generate all users’ secret keys. This means that the key generation center knows all users’ secret key, which brings the key escrow problem. To resolve this problem, in this work, we define the model of identity-based identification without a trusted party. Then, we propose a multi-authority identity-based identification scheme based on bilinear pairing. Furthermore, we prove the security of the proposed scheme in the random oracle model against impersonation under passive and concurrent attacks. Finally, we give an application of the proposed identity-based identification scheme to blockchain.

Download Full-text

A Novel Secret Key Generation Method in OFDM System for Physical Layer Security

International Journal of Interdisciplinary Telecommunications and Networking ◽

10.4018/ijitn.2016010103 ◽

2016 ◽

Vol 8 (1) ◽

pp. 21-34 ◽

Cited By ~ 1

Author(s):

Wang Dong ◽

Hu Aiqun ◽

Peng Linning

Keyword(s):

Orthogonal Frequency Division Multiplexing ◽

Data Extraction ◽

Gray Code ◽

Extraction Process ◽

Physical Layer ◽

Key Generation ◽

Ofdm Systems ◽

Secret Key ◽

Randomness Test ◽

Secret Keys

In this paper, a novel physical layer key generation method for extracting secret key from mutual channel information in orthogonal frequency division multiplexing (OFDM) systems has been proposed. Firstly, a well-designed data extraction process has been introduced to reduce the redundancy and inconsistency of channel state information (CSI). After that, a new quantization method using gray code is proposed. Furthermore, an associated method is designed to reduce key error rate (KER). With these improvements, higher key generation rate (KGR) can be obtained compared to existing methods. Finally, available secret keys have been generated after information reconciliation and privacy amplification. The proposed method has been analyzed and verified in long term evolution advanced (LTE-A) systems and the generated secret keys have passed randomness test.

Download Full-text

Secure PHY Layer Key Generation in the Asymmetric Power Line Communication Channel

Electronics ◽

10.3390/electronics9040605 ◽

2020 ◽

Vol 9 (4) ◽

pp. 605 ◽

Cited By ~ 1

Author(s):

Federico Passerini ◽

Andrea M. Tonello

Keyword(s):

Communication Channel ◽

Physical Layer ◽

Power Line ◽

Power Line Communication ◽

Key Generation ◽

Secret Key ◽

Privacy And Security ◽

Common Information ◽

Secret Keys ◽

Asymmetric Power

Leakage of information in power line communication (PLC) networks is a threat to privacy and security. A way to enhance security is to encode the transmitted information with the use of a secret key. If the communication channel exhibits common characteristics at both ends and these are unknown to a potential eavesdropper, then it is possible to locally generate a common secret key at the two communication ends without the need for sharing it through the broadcast channel. This is known as physical layer key generation. To this aim, known techniques have been developed exploiting the transfer function of symmetric channels. However, the PLC channel is in general not symmetric, but just reciprocal. Therefore, in this paper, we first analyze the characteristics of the channel to verify whether physical layer key generation can be implemented. Then, we propose two novel methods that exploit the reciprocity of the PLC channel to generate common information by the two intended users. This information is processed through different quantization techniques to generate secret keys locally. To assess the security of the generated keys, we analyze the spatial correlation of PLC channels. This allows verifying whether the eavesdropper’s channels are weakly correlated with the intended users’ channel. Consequently, it is found that the information leaked to a possible eavesdropper has very low correlation to the locally generated key. The analysis and proposed methods are validated on a measurement dataset.

Download Full-text

Cache-Timing Attacks on RSA Key Generation

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2019.i4.213-242 ◽

2019 ◽

pp. 213-242 ◽

Cited By ~ 1

Author(s):

Alejandro Cabrera Aldaya ◽

Cesar Pereida García ◽

Luis Manuel Alvarez Tapia ◽

Billy Bob Brumley

Keyword(s):

Constant Time ◽

Key Generation ◽

Limited Information ◽

Key Recovery ◽

Lattice Problem ◽

Timing Attack ◽

Problem Instances ◽

Single Trace ◽

Bulk Processing ◽

Trace Cache

During the last decade, constant-time cryptographic software has quickly transitioned from an academic construct to a concrete security requirement for real-world libraries. Most of OpenSSL’s constant-time code paths are driven by cryptosystem implementations enabling a dedicated flag at runtime. This process is perilous, with several examples emerging in the past few years of the flag either not being set or software defects directly mishandling the flag. In this work, we propose a methodology to analyze security-critical software for side-channel insecure code path traversal. Applying our methodology to OpenSSL, we identify three new code paths during RSA key generation that potentially leak critical algorithm state. Exploiting one of these leaks, we design, implement, and mount a single trace cache-timing attack on the GCD computation step. We overcome several hurdles in the process, including but not limited to: (1) granularity issues due to word-size operands to the GCD function; (2) bulk processing of desynchronized trace data; (3) non-trivial error rate during information extraction; and (4) limited high-confidence information on the modulus factors. Formulating lattice problem instances after obtaining and processing this limited information, our attack achieves roughly a 27% success rate for key recovery using the empirical data from 10K trials.

Download Full-text