scholarly journals Re-Keying Scheme Revisited: Security Model and Instantiations

2019 ◽  
Vol 9 (5) ◽  
pp. 1002 ◽  
Author(s):  
Yuichi Komano ◽  
Shoichi Hirose
Keyword(s):  
Block Cipher ◽  
Black Box ◽  
System Level ◽  
Side Channel ◽  
Security Model ◽  
Symmetric Encryption ◽  
Secret Key ◽  
Session Key ◽  
Tweakable Block Cipher ◽  
Definition Of

The re-keying scheme is a variant of the symmetric encryption scheme where a sender (respectively, receiver) encrypts (respectively, decrypts) plaintext with a temporal session key derived from a master secret key and publicly-shared randomness. It is one of the system-level countermeasures against the side channel attacks (SCAs), which make attackers unable to collect enough power consumption traces for their analyses by updating the randomness (i.e., session key) frequently. In 2015, Dobraunig et al. proposed two kinds of re-keying schemes. The first one is a scheme without the beyond birthday security, which fixes the security vulnerability of the previous re-keying scheme of Medwed et al. Their second scheme is an abstract scheme with the beyond birthday security, which, as a black-box, consists of two functions; a re-keying function to generate a session key and a tweakable block cipher to encrypt plaintext. They assumed that the tweakable block cipher was ideal (namely, secure against the related key, chosen plaintext, and chosen ciphertext attacks) and proved the security of their scheme as a secure tweakable block cipher. In this paper, we revisit the re-keying scheme. The previous works did not discuss security in considering the SCA well. They just considered that the re-keying scheme was SCA resistant when the temporal session key was always refreshed with randomness. In this paper, we point out that such a discussion is insufficient by showing a concrete attack. We then introduce the definition of an SCA-resistant re-keying scheme, which captures the security against such an attack. We also give concrete schemes and discuss their security and applications.

scholarly journals SITM: See-In-The-Middle Side-Channel Assisted Middle Round Differential Cryptanalysis on SPN Block Ciphers

2019 ◽  
pp. 95-122
Author(s):  
Shivam Bhasin ◽  
Jakub Breier ◽  
Xiaolu Hou ◽  
Dirmanto Jap ◽  
Romain Poussier ◽  
...  
Keyword(s):  
Block Cipher ◽  
State Of The Art ◽  
Block Ciphers ◽  
Differential Cryptanalysis ◽  
Side Channel ◽  
Secret Key ◽  
Side Channel Analysis ◽  
Cryptographic Algorithms ◽  
Channel Analysis ◽  
Symmetric Block

Side-channel analysis constitutes a powerful attack vector against cryptographic implementations. Techniques such as power and electromagnetic side-channel analysis have been extensively studied to provide an efficient way to recover the secret key used in cryptographic algorithms. To protect against such attacks, countermeasure designers have developed protection methods, such as masking and hiding, to make the attacks harder. However, due to significant overheads, these protections are sometimes deployed only at the beginning and the end of encryption, which are the main targets for side-channel attacks.In this paper, we present a methodology for side-channel assisted differential cryptanalysis attack to target middle rounds of block cipher implementations. Such method presents a powerful attack vector against designs that normally only protect the beginning and end rounds of ciphers. We generalize the attack to SPN based ciphers and calculate the effort the attacker needs to recover the secret key. We provide experimental results on 8-bit and 32-bit microcontrollers. We provide case studies on state-of-the-art symmetric block ciphers, such as AES, SKINNY, and PRESENT. Furthermore, we show how to attack shuffling-protected implementations.

scholarly journals A Side-Channel Attack on a Masked IND-CCA Secure Saber KEM Implementation

2021 ◽  
pp. 676-707
Author(s):  
Kalle Ngo ◽  
Elena Dubrova ◽  
Qian Guo ◽  
Thomas Johansson
Keyword(s):  
Error Correcting Codes ◽  
Side Channel ◽  
Secret Key ◽  
Side Channel Attack ◽  
Order Model ◽  
Session Key ◽  
Key Recovery ◽  
Message Recovery ◽  
Recovery Approach

In this paper, we present a side-channel attack on a first-order masked implementation of IND-CCA secure Saber KEM. We show how to recover both the session key and the long-term secret key from 24 traces using a deep neural network created at the profiling stage. The proposed message recovery approach learns a higher-order model directly, without explicitly extracting random masks at each execution. This eliminates the need for a fully controllable profiling device which is required in previous attacks on masked implementations of LWE/LWR-based PKEs/KEMs. We also present a new secret key recovery approach based on maps from error-correcting codes that can compensate for some errors in the recovered message. In addition, we discovered a previously unknown leakage point in the primitive for masked logical shifting on arithmetic shares.

scholarly journals Charge Based Power Side-Channel Attack Methodology for an Adiabatic Cipher

Electronics ◽  
2021 ◽  
Vol 10 (12) ◽  
pp. 1438
Author(s):  
Krithika Dhananjay ◽  
Emre Salman
Keyword(s):  
Power Analysis ◽  
Block Cipher ◽  
Side Channel ◽  
Secret Key ◽  
Side Channel Attack ◽  
Ultra Low Power ◽  
Target Signal ◽  
Adiabatic Circuit ◽  
A Charge ◽  
The Internet Of Things

SIMON is a block cipher developed to provide flexible security options for lightweight hardware applications such as the Internet-of-things (IoT). Safeguarding such resource-constrained hardware from side-channel attacks poses a significant challenge. Adiabatic circuit operation has recently received attention for such applications due to ultra-low power consumption. In this work, a charge-based methodology is developed to mount a correlation power analysis (CPA) based side-channel attack to an adiabatic SIMON core. The charge-based method significantly reduces the attack complexity by reducing the required number of power samples by two orders of magnitude. The CPA results demonstrate that the required measurements-to-disclosure (MTD) to retrieve the secret key of an adiabatic SIMON core is 4× higher compared to a conventional static CMOS based implementation. The effect of increase in the target signal load capacitance on the MTD is also investigated. It is observed that the MTD can be reduced by half if the load driven by the target signal is increased by 2× for an adiabatic SIMON, and by 5× for a static CMOS based SIMON. This sensitivity to target signal capacitance of the adiabatic SIMON can pose a serious concern by facilitating a more efficient CPA attack.

LM-DAE: Low-Memory Deterministic Authenticated Encryption for 128-bit Security

2020 ◽  
pp. 1-38
Author(s):  
Yusuke Naito ◽  
Yu Sasaki ◽  
Takeshi Sugawara
Keyword(s):  
Block Cipher ◽  
State Of The Art ◽  
Block Size ◽  
Query Complexity ◽  
Side Channel ◽  
Authenticated Encryption ◽  
Implementation Cost ◽  
Tweakable Block Cipher ◽  
Deterministic Authenticated Encryption ◽  
State Size

This paper proposes a new lightweight deterministic authenticated encryption (DAE) scheme providing 128-bit security. Lightweight DAE schemes are practically important because resource-restricted devices sometimes cannot afford to manage a nonce properly. For this purpose, we first design a new mode LM-DAE that has a minimal state size and uses a tweakable block cipher (TBC). The design can be implemented with low memory and is advantageous in threshold implementations (TI) as a side-channel attack countermeasure. LM-DAE further reduces the implementation cost by eliminating the inverse tweak schedule needed in the previous TBC-based DAE modes. LM-DAE is proven to be indistinguishable from an ideal DAE up to the O(2n) query complexity for the block size n. To achieve 128-bit security, an underlying TBC must handle a 128-bit block, 128-bit key, and 128+4-bit tweak, where the 4-bit tweak comes from the domain separation. To satisfy this requirement, we extend SKINNY-128-256 with an additional 4-bit tweak, by applying the elastic-tweak proposed by Chakraborti et al. We evaluate the hardware performances of the proposed scheme with and without TI. Our LM-DAE implementation achieves 3,717 gates, roughly 15% fewer than state-of-the-art nonce-based schemes, thanks to removing the inverse tweak schedule.

scholarly journals CRAFT: Lightweight Tweakable Block Cipher with Efficient Protection Against DFA Attacks

2019 ◽  
pp. 5-45 ◽  
Author(s):  
Christof Beierle ◽  
Gregor Leander ◽  
Amir Moradi ◽  
Shahram Rasoolzadeh
Keyword(s):  
Block Cipher ◽  
Fault Analysis ◽  
Side Channel ◽  
Cryptographic Primitives ◽  
Area Overhead ◽  
Differential Fault Analysis ◽  
Hardware Implementations ◽  
Efficient Protection ◽  
Channel Analysis ◽  
Tweakable Block Cipher

Traditionally, countermeasures against physical attacks are integrated into the implementation of cryptographic primitives after the algorithms have been designed for achieving a certain level of cryptanalytic security. This picture has been changed by the introduction of PICARO, ZORRO, and FIDES, where efficient protection against Side-Channel Analysis (SCA) attacks has been considered in their design. In this work we present the tweakable block cipher CRAFT: the efficient protection of its implementations against Differential Fault Analysis (DFA) attacks has been one of the main design criteria, while we provide strong bounds for its security in the related-tweak model. Considering the area footprint of round-based hardware implementations, CRAFT outperforms the other lightweight ciphers with the same state and key size. This holds not only for unprotected implementations but also when fault-detection facilities, side-channel protection, and their combination are integrated into the implementation. In addition to supporting a 64-bit tweak, CRAFT has the additional property that the circuit realizing the encryption can support the decryption functionality as well with very little area overhead.

scholarly journals Spook: Sponge-Based Leakage-Resistant Authenticated Encryption with a Masked Tweakable Block Cipher

2020 ◽  
pp. 295-349 ◽  
Author(s):  
Davide Bellizia ◽  
Francesco Berti ◽  
Olivier Bronchain ◽  
Gaëtan Cassiers ◽  
Sébastien Duval ◽  
...  
Keyword(s):  
Block Cipher ◽  
Block Size ◽  
Minimum Cost ◽  
Side Channel ◽  
Authenticated Encryption ◽  
Side Channel Attacks ◽  
Mode Of Operation ◽  
Channel Analysis ◽  
Tweakable Block Cipher ◽  
Software And Hardware

This paper defines Spook: a sponge-based authenticated encryption with associated data algorithm. It is primarily designed to provide security against side-channel attacks at a low energy cost. For this purpose, Spook is mixing a leakageresistant mode of operation with bitslice ciphers enabling efficient and low latency implementations. The leakage-resistant mode of operation leverages a re-keying function to prevent differential side-channel analysis, a duplex sponge construction to efficiently process the data, and a tag verification based on a Tweakable Block Cipher (TBC) providing strong data integrity guarantees in the presence of leakages. The underlying bitslice ciphers are optimized for the masking countermeasures against side-channel attacks. Spook is an efficient single-pass algorithm. It ensures state-of-the-art black box security with several prominent features: (i) nonce misuse-resilience, (ii) beyond-birthday security with respect to the TBC block size, and (iii) multiuser security at minimum cost with a public tweak. Besides the specifications and design rationale, we provide first software and hardware implementation results of (unprotected) Spook which confirm the limited overheads that the use of two primitives sharing internal components imply. We also show that the integrity of Spook with leakage, so far analyzed with unbounded leakages for the duplex sponge and a strongly protected TBC modeled as leak-free, can be proven with a much weaker unpredictability assumption for the TBC. We finally discuss external cryptanalysis results and tweaks to improve both the security margins and efficiency of Spook.

Scan-Based Side-Channel Attack on the Camellia Block Cipher Using Scan Signatures

2015 ◽  
Vol E98.A (12) ◽  
pp. 2547-2555 ◽  
Author(s):  
Huiqian JIANG ◽  
Mika FUJISHIRO ◽  
Hirokazu KODERA ◽  
Masao YANAGISAWA ◽  
Nozomu TOGAWA
Keyword(s):  
Block Cipher ◽  
Side Channel ◽  
Side Channel Attack

Minority Presidents in a Coalitional World

2018 ◽  
Author(s):  
Paul Chaisty ◽  
Nic Cheeseman ◽  
Timothy J. Power
Keyword(s):  
Coalition Formation ◽  
Cost Minimization ◽  
Analytical Framework ◽  
System Level ◽  
Current State ◽  
Key Concepts ◽  
Definition Of

This chapter summarizes the main parameters of coalitional presidentialism and the key concepts, definitions, explanatory frameworks, indicators, and propositions. It summarizes our understanding of coalitional presidentialism; the distinction between coalition formation and maintenance; the definition of coalitions; the multidimensional understanding of coalition management (the ‘presidential toolbox’); and an analytical framework that emphasizes the motivation of presidents to achieve cost minimization under constraints determined by system-level, coalition-level, and conjunctural factors. It also summarizes our main empirical findings: (1) the characteristics of presidential tools, (2) the substantive patterns of their deployment, (3) the factors that shape the costs of using these tools, (4) the actual (observed) costs of using them, and (5) the potential for imperfect substitutability of these tools. Finally, it concludes with some reflections on the current state of the research on comparative presidentialism.

scholarly journals Modeling advanced security aspects of key exchange and secure channel protocols

2020 ◽  
Vol 62 (5-6) ◽  
pp. 287-293
Author(s):  
Felix Günther
Keyword(s):  
Building Blocks ◽  
Key Exchange ◽  
Internet Security ◽  
Streaming Data ◽  
Transport Layer ◽  
Security Model ◽  
Secret Key ◽  
Multi Stage ◽  
Key Exchange Protocols ◽  
Secure Channel

AbstractSecure connections are at the heart of today’s Internet infrastructure, protecting the confidentiality, authenticity, and integrity of communication. Achieving these security goals is the responsibility of cryptographic schemes, more specifically two main building blocks of secure connections. First, a key exchange protocol is run to establish a shared secret key between two parties over a, potentially, insecure connection. Then, a secure channel protocol uses that shared key to securely transport the actual data to be exchanged. While security notions for classical designs of these components are well-established, recently developed and standardized major Internet security protocols like Google’s QUIC protocol and the Transport Layer Security (TLS) protocol version 1.3 introduce novel features for which supporting security theory is lacking.In my dissertation [20], which this article summarizes, I studied these novel and advanced design aspects, introducing enhanced security models and analyzing the security of deployed protocols. For key exchange protocols, my thesis introduces a new model for multi-stage key exchange to capture that recent designs for secure connections establish several cryptographic keys for various purposes and with differing levels of security. It further introduces a formalism for key confirmation, reflecting a long-established practical design criteria which however was lacking a comprehensive formal treatment so far. For secure channels, my thesis captures the cryptographic subtleties of streaming data transmission through a revised security model and approaches novel concepts to frequently update key material for enhanced security through a multi-key channel notion. These models are then applied to study (and confirm) the security of the QUIC and TLS 1.3 protocol designs.

Sign in / Sign up

Export Citation Format

Share Document