A Key Management Scheme for DPA-Protected Authenticated Encryption
|
|
- Helena Payne
- 5 years ago
- Views:
Transcription
1 A Key Management Scheme for DPA-Protected Authenticated Encryption Mostafa Taha and Patrick Schaumont Virginia Tech DIAC-2013 This research was supported in part by the VT-MENA program of Egypt, and by NSF grant no
2 Leakage-Resilient Cryptography Classical Cryptography Input Key Algorithm Output 2
3 Leakage-Resilient Cryptography Side-Channel Analysis Algorithm Input Key Output Execution Time Power Consumption Electromagnetic Radiation Acoustic Waves Photonic Emission Fault Detection 3
4 Leakage-Resilient Cryptography Side-Channel Analysis Algorithm Input Key Is this a problem? Output Execution Time Power Consumption Electromagnetic Radiation Acoustic Waves Photonic Emission Fault Detection 3
5 Differential Power Analysis P K S The key in DPA is to find a sensitive intermediate variable that depends on: a controllable/observable input. and a fixed unknown. Where the unknown is affected by a small part of the key. 4
6 Leakage-Resilient Cryptography 1- Hardware Protection Input Key Algorithm Output 5
7 Leakage-Resilient Cryptography 1- Hardware Protection Input Key Algorithm Output Typically at High Cost (typically 2x). 5
8 Leakage-Resilient Cryptography 2- Leakage-Resilient Cryptography Algorithm Input Key Output 6
9 Leakage-Resilient Cryptography 2- Leakage-Resilient Cryptography Algorithm Input Key Output New Primitive Special Mode of operation (compatible with current modes) 6
10 Leakage-Resilient Cryptographic Primitive Stream Ciphers: [DP08, P09, YSPY10] Block Ciphers: [FPS12] Digital Signatures: [BSW11] Public-Key Encryption: [NS12] and many more 7
11 Leakage-Resilient Cryptographic Primitive Stream Ciphers: [DP08, P09, YSPY10] Block Ciphers: [FPS12] Digital Signatures: [BSW11] Public-Key Encryption: [NS12] and many more However: The assumptions used are controversial. High-overhead initialization procedure. Not a current solution (still needs standardization). 7
12 Leakage-Resilient Mode of Operation Are current modes DPA-protected? 8
13 Leakage-Resilient Mode of Operation Are current modes DPA-protected? No Different design requirement. The IV/nonce is not secret, hence the same attack methodology can be used. 8
14 Leakage-Resilient Mode of Operation Are current modes DPA-protected? No Different design requirement. The IV/nonce is not secret, hence the same attack methodology can be used. Research Goals: Current: Design a compatible DPA-protection add-on. Future: Include the DPA-protection in a new AE mode. 8
15 Outline Introduction Design Model Security Requirements of the New Scheme Previous Work NLFSR-Based Scheme Concluding Remarks 9
16 Design Model Initialization Encryption Key Propagation Master Key Initialization Vector Session Key K1 K2 K3 In AES Out In AES Out In AES Out 10
17 Design Model Initialization Encryption Key Propagation Master Key Initialization Vector Session Key K1 K2 K3 In AES Out In AES Out In AES Out Goal: protection against any differential attack. This is NOT shifting the problem, but separating it. 10
18 Design Model Initialization Encryption Key Propagation Master Key Initialization Vector Direct Leakage Session Key K1 K2 K3 In AES Out In AES Out In AES Out Goal: protection against any differential attack. This is NOT shifting the problem, but separating it. 10
19 Design Model Initialization Encryption Key Propagation Master Key Initialization Vector Direct Leakage Session Key K1 K2 K3 In AES Out In AES Out In AES Out Combined Information Leakage Goal: protection against any differential attack. This is NOT shifting the problem, but separating it. 10
20 Design Model Initialization Encryption Key Propagation Master Key Initialization Vector Direct Leakage Session Key K1 K2 K3 In AES Out In AES Out In AES Out Combined Information Leakage Goal: protection against any differential attack. This is NOT shifting the problem, but separating it. 10
21 Design Model Initialization Encryption Key Propagation Master Key Initialization Vector Direct Leakage Session Key K1 K2 K3 In AES Out In AES Out In AES Out Combined Information Leakage Goal: protection against any differential attack. This is NOT shifting the problem, but separating it. 10
22 Security Requirements Initialization: Maximum Diffusion. Compatible with current AES modes. (no additional secrets or exchanged variables) One-wayness. DPA-hard, without depending on the Hardware. Small hardware overhead. Master Key Initialization Vector Session Key 11
23 Security Requirements Key Propagation: Non-linearity. Prevent divide-and-conquer. Forward Security (better). Small hardware overhead. Session Key K1 K2 K3 12
24 Previous Work Contribution Initialization Propagation [Kocher03] DES DES [MSGR10] Modular Multiplication [GFM10] NLM and AES AES [Kocher11] Tree structure of Hashing Hashing [MSJ12] [BSH..13] Current Proposal Improved tree of AES Minimum SP Network NLFSR-based scheme They are all: High cost. Or, depend on other hardware protections. 13
25 Current Proposal Why NLFSR? High DPA-attack complexity. Current DPA attack on Grain leaves 30 bits of the key for exhaustive search [FGKV07]. High diffusion and one-wayness. High non-linearity. Low hardware overhead, as learned from the estream results. What are the preferred properties of the NLFSR for the best DPA-protection? 14
26 DPA of a Generic LFSRs I 0 I 1 C C C C C C I 2 I n 15
27 DPA of a Generic LFSRs I 0 I 1 C C C C C C I 2 I n 1 st input bit: One sensitive variable of high leakage. The output of the feedback function can be found. 15
28 DPA of a Generic LFSRs I 0 I 1 C C C C C C I 2 I n 1 st input bit. 2 nd input bit: 16
29 DPA of a Generic LFSRs I 0 I 1 C C C C C C I 2 I n 1 st input bit. 2 nd input bit: Sensitive variable of high leakage. The output of the feedback function can be found. 16
30 DPA of a Generic LFSRs I 0 I 1 C C C C C C I 2 I n 1 st input bit. 2 nd input bit: Sensitive variable of high leakage. The output of the feedback function can be found. Sensitive variable of low leakage. Intermediate unknown can be found. 16
31 DPA of a Generic LFSRs I 0 I 1 C C C C C C I 2 I n 1 st input bit. 2 nd input bit: Sensitive variable of high leakage. The output of the feedback function can be found. Sensitive variable of low leakage. Intermediate unknown can be found. Is it useful? depends on the computational hierarchy. 16
32 DPA of a Generic LFSRs I 0 I 1 C C C C C C I 2 I n 1 st input bit. 2 nd input bit. n th input bit: A linear equation of n unknowns. 17
33 DPA of a Generic LFSRs I 0 I 1 C C C C C C I 2 I n 1 st input bit. 2 nd input bit. n th input bit: A linear equation of n unknowns. LFSRs are directly breakable after reaching all state bits 17
34 DPA of a Generic NLFSRs I 0 Non-linear function I 1 I 2 I n 18
35 DPA of a Generic NLFSRs I 0 Non-linear function I 1 I 2 I n 1 st input bit: One sensitive variable of high leakage. The output of the feedback function can be found. 18
36 DPA of a Generic LFSRs I 0 Non-linear function I 1 I 2 I n 1 st input bit. 2 nd input bit: Operation at the known bit: 19
37 DPA of a Generic LFSRs I 0 Non-linear function I 1 I 2 I n 1 st input bit. 2 nd input bit: Operation at the known bit: XOR: The output of the feedback function can be found. Intermediate unknown can be found. Is it useful? AND: Only the intermediate unknown (low leakage) can be found. Is it useful? depends on the computational hierarchy. 19
38 DPA of a Generic LFSRs I 0 Non-linear function I 1 I 2 I n 1 st input bit. 2 nd input bit: Operation at the known bit: XOR: The output of the feedback function can be found. Intermediate unknown can be found. Is it useful? AND: Only the intermediate unknown (low leakage) can be found. Is it useful? depends on the computational hierarchy. 19
39 DPA of a Generic LFSRs I 0 Non-linear function I 1 I 2 I n 1 st input bit. 2 nd input bit. n th input bit: Only an intermediate variable within the feedback function 20
40 DPA of a Generic LFSRs I 0 Non-linear function I 1 I 2 I n 1 st input bit. 2 nd input bit. n th input bit: Only an intermediate variable within the feedback function NLFSRs can still be broken by focusing on small operations within the feedback function 20
41 DPA of a Generic LFSRs I 0 Non-linear function I 1 I 2 I n Solution: Implement the feedback function in memory. 21
42 DPA of a Generic NLFSRs Preferred properties: Large internal state. High number of feedback taps. Feedback function includes the first state bit. Either: The first bit is ANDed at the top of computational hierarchy. Or, the feedback function is implemented using memory. Maximum period. 22
43 Comparison between NLFSRs Grain Trivium KeeLoq [D12] [RSWZ12] Best Internal State :24 25,27 27 Feedback taps 13 3*5 7 3:7 18:21 21 Include 1 st bit No No Yes Yes Yes Yes 1 st bit ANDed No No Yes No No No Maximum period??? Yes Yes Yes 23
44 Comparison between NLFSRs Grain Trivium KeeLoq [D12] [RSWZ12] Best Internal State :24 25,27 27 Feedback taps 13 3*5 7 3:7 18:21 21 Include 1 st bit No No Yes Yes Yes Yes 1 st bit ANDed No No Yes No No No Maximum period??? Yes Yes Yes The best available NLFSR is still not optimal. 23
45 Current Work Choose a new feedback function. Increase the parallelism. Implementation Practical DPA attack. 24
46 Future Work Include the DPA-protection in a new AE mode Most modes of operation including major AE modes keep the Key as a constant. Updating the Key can provide a free DPA-protection in new designs. 25
47 Concluding Remaks DPA-protection can be achieved by a special mode of operation. We propose a light-weight primitive that can achieve a high level of DPA security. We are working on including the DPA-protection in a new AE mode. Collaborations are welcomed 26
48 Thank You Questions? 27
ECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria. Stefan Mangard.
Building Secure Hardware ECRYPT II Workshop on Physical Attacks November 27 th, Graz, Austria Stefan Mangard Infineon Technologies, Munich, Germany Stefan.Mangard@infineon.com Outline Assets and Requirements
More informationELECTRONICS DEPARTMENT
ELECTRONICS DEPARTMENT By Eng. 28 th Mar MUSTAFA 2012 M. Efficient SHIPLEImplementation of AES Algorithm Immune to DPA Attack Cryptography processing plaintext cipher text format Block Cipher Stream Cipher
More informationDifferential Fault Analysis of Trivium
Differential Fault Analysis of Trivium Michal Hojsík 1, 3 and Bohuslav Rudolf 2, 3 1 The Selmer Center, University of Bergen, Norway 2 National Security Authority, Czech Republic 3 Department of Algebra,
More informationSIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017
SIDE CHANNEL ATTACKS AGAINST IOS CRYPTO LIBRARIES AND MORE DR. NAJWA AARAJ HACK IN THE BOX 13 APRIL 2017 WHAT WE DO What we do Robust and Efficient Cryptographic Protocols Research in Cryptography and
More informationThe embedded security challenge: Protecting bits at rest
The embedded security challenge: Protecting bits at rest Patrick Schaumont schaum@vt.edu Acknowledgements: Eric Simpson, Pengyuan Yu Secure Embedded Systems Group ECE Department Secret bits-at-rest Hi-Res
More informationExternal Encodings Do not Prevent Transient Fault Analysis
External Encodings Do not Prevent Transient Fault Analysis Christophe Clavier Gemalto, Security Labs CHES 2007 Vienna - September 12, 2007 Christophe Clavier CHES 2007 Vienna September 12, 2007 1 / 20
More informationSAT Solvers in the Context of Cryptography
SAT Solvers in the Context of Cryptography v2.0 Presentation at Montpellier Mate Soos UPMC LIP6, PLANETE team INRIA, SALSA Team INRIA 10th of June 2010 Mate Soos (UPMC LIP6, PLANETE team SAT INRIA, solvers
More informationHOST Differential Power Attacks ECE 525
Side-Channel Attacks Cryptographic algorithms assume that secret keys are utilized by implementations of the algorithm in a secure fashion, with access only allowed through the I/Os Unfortunately, cryptographic
More informationDifferential Power Analysis of MAC-Keccak at Any Key-Length
Differential Power Analysis of MAC-Keccak at Any Key-Length Mostafa Taha and Patrick Schaumont Secure Embedded Systems Center for Embedded Systems for Critical Applications Bradley Department of ECE Virginia
More informationPower Analysis of MAC-Keccak: A Side Channel Attack. Advanced Cryptography Kyle McGlynn 4/12/18
Power Analysis of MAC-Keccak: A Side Channel Attack Advanced Cryptography Kyle McGlynn 4/12/18 Contents Side-Channel Attack Power Analysis Simple Power Analysis (SPA) Differential Power Analysis (DPA)
More informationPractical Electromagnetic Template Attack on HMAC
Practical Electromagnetic Template Attack on HMAC Pierre Alain Fouque 1 Gaétan Leurent 1 Denis Réal 2,3 Frédéric Valette 2 1ENS,75Paris,France. 2CELAR,35Bruz,France. 3INSA-IETR,35Rennes,France. September
More informationT Cryptography and Data Security
T-79.159 Cryptography and Data Security Lecture 10: 10.1 Random number generation 10.2 Key management - Distribution of symmetric keys - Management of public keys Kaufman et al: Ch 11.6; 9.7-9; Stallings:
More informationSide channel attack: Power Analysis. Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut
Side channel attack: Power Analysis Chujiao Ma, Z. Jerry Shi CSE, University of Connecticut Conventional Cryptanalysis Conventional cryptanalysis considers crypto systems as mathematical objects Assumptions:
More informationA Chosen-key Distinguishing Attack on Phelix
A Chosen-key Distinguishing Attack on Phelix Yaser Esmaeili Salehani* and Hadi Ahmadi** * Zaeim Electronic Industries Co., Tehran, Iran. ** School of Electronic Engineering, Sharif University of Technology,
More informationCache Timing Attacks in Cryptography
Cache Timing Attacks in Cryptography Erik Zenner Technical University Denmark (DTU) Institute for Mathematics e.zenner@mat.dtu.dk DTU, Oct. 10, 2007 Erik Zenner (DTU-MAT) Cache Timing Attacks in Cryptography
More informationChapter 3 Block Ciphers and the Data Encryption Standard
Chapter 3 Block Ciphers and the Data Encryption Standard Last Chapter have considered: terminology classical cipher techniques substitution ciphers cryptanalysis using letter frequencies transposition
More informationCryptographic Concepts
Outline Identify the different types of cryptography Learn about current cryptographic methods Chapter #23: Cryptography Understand how cryptography is applied for security Given a scenario, utilize general
More informationSymmetric Key Cryptography
Symmetric Key Cryptography Jooyoung Lee School of Computing (GSIS), KAIST Outline 1. Introduction to Symmetric Key Crypto 2. Stream Ciphers 3. Block Ciphers 3.1 DES 3.2 AES 3.3 Modes of Operations 3.4
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.2 Secret Key Cryptography CSC 474/574 Dr. Peng Ning 1 Agenda Generic block cipher Feistel cipher DES Modes of block ciphers Multiple encryptions Message
More informationNIST s Lightweight Crypto Standardization Process
NIST s Lightweight Crypto Standardization Process Meltem Sönmez Turan National Institute of Standards and Technology, Gaithersburg, MD, USA National Institute of Standards and Technology Founded in 1901,
More informationIntroduction to information Security
First lecture Introduction to information Security Why Computer and information Security Cryptography Secret key algorithms: DES/AES Public key algorithms: RSA One-way hash functions & message digests:
More informationCSCE 813 Internet Security Symmetric Cryptography
CSCE 813 Internet Security Symmetric Cryptography Professor Lisa Luo Fall 2017 Previous Class Essential Internet Security Requirements Confidentiality Integrity Authenticity Availability Accountability
More informationA Countermeasure Circuit for Secure AES Engine against Differential Power Analysis
A Countermeasure Circuit for Secure AES Engine against Differential Power Analysis V.S.Subarsana 1, C.K.Gobu 2 PG Scholar, Member IEEE, SNS College of Engineering, Coimbatore, India 1 Assistant Professor
More information1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class
1.264 Lecture 27 Security protocols Symmetric cryptography Next class: Anderson chapter 10. Exercise due after class 1 Exercise: hotel keys What is the protocol? What attacks are possible? Copy Cut and
More informationT Cryptography and Data Security
T-79.4501 Cryptography and Data Security Lecture 10: 10.1 Random number generation 10.2 Key management - Distribution of symmetric keys - Management of public keys Stallings: Ch 7.4; 7.3; 10.1 1 The Use
More informationCIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm
CIS 4360 Introduction to Computer Security Fall 2010 WITH ANSWERS in bold Name:.................................... Number:............ First Midterm Instructions This is a closed-book examination. Maximum
More information1-7 Attacks on Cryptosystems
1-7 Attacks on Cryptosystems In the present era, not only business but almost all the aspects of human life are driven by information. Hence, it has become imperative to protect useful information from
More information3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some
3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some popular block ciphers Triple DES Advanced Encryption
More informationStream ciphers. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 91
Stream ciphers Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 91 Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 92 Stream Cipher Suppose you want to encrypt
More informationImproved Multi-Dimensional Meet-in-the-Middle Cryptanalysis of KATAN
Improved Multi-Dimensional Meet-in-the-Middle Cryptanalysis of KATAN Shahram Rasoolzadeh and Håvard Raddum Simula Research Laboratory {shahram,haavardr}@simula.no Abstract. We study multidimensional meet-in-the-middle
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 14: Folklore, Course summary, Exam requirements Ion Petre Department of IT, Åbo Akademi University 1 Folklore on
More informationOnce upon a time... A first-order chosen-plaintext DPA attack on the third round of DES
A first-order chosen-plaintext DPA attack on the third round of DES Oscar Reparaz, Benedikt Gierlichs KU Leuven, imec - COSIC CARDIS 2017 Once upon a time... 14 November 2017 Benedikt Gierlichs - DPA on
More informationStandardisation efforst in lightweight cryptography
Standardisation efforts in lighweight cryptography February 2, 2014 Outline Motivation for standardisation. Keeloq. Standardisation processes and structures at ISO. What is in the ISO standards currently?
More informationCOZMO - A New Lightweight Stream Cipher
COZMO - A New Lightweight Stream Cipher Rhea Bonnerji 0000-0002-5825-8800, Simanta Sarkar 0000-0002-4210-2764, Krishnendu Rarhi 0000-0002-5794-215X, Abhishek Bhattacharya School of Information Technology,
More informationImproved Attack on Full-round Grain-128
Improved Attack on Full-round Grain-128 Ximing Fu 1, and Xiaoyun Wang 1,2,3,4, and Jiazhe Chen 5, and Marc Stevens 6, and Xiaoyang Dong 2 1 Department of Computer Science and Technology, Tsinghua University,
More informationKey-Evolution Schemes Resilient to Space Bounded Leakage
Key-Evolution Schemes Resilient to Space Bounded Leakage Stefan Dziembowski Tomasz Kazana Daniel Wichs Main contribution We propose a secure scheme for deterministic key-evolution Properties: leakage-resilient
More informationCSC 774 Network Security
CSC 774 Network Security Topic 2. Review of Cryptographic Techniques CSC 774 Dr. Peng Ning 1 Outline Encryption/Decryption Digital signatures Hash functions Pseudo random functions Key exchange/agreement/distribution
More informationUnboxing the whitebox. Jasper van CTO Riscure North America ICMC 16
Unboxing the whitebox Jasper van Woudenberg @jzvw CTO Riscure North America ICMC 16 Riscure Certification Pay TV, EMVco, smart meter, CC Evaluation & consultancy Mobile (TEE/HCE/WBC) Secure architecture
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 2 Cryptographic Tools First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Cryptographic Tools cryptographic algorithms
More informationCryptography Functions
Cryptography Functions Lecture 3 1/29/2013 References: Chapter 2-3 Network Security: Private Communication in a Public World, Kaufman, Perlman, Speciner Types of Cryptographic Functions Secret (Symmetric)
More informationSecure Design Methodology and The Tree of Trust
Secure Design Methodology and The Tree of Trust Secure Embedded Systems Group ECE Department Virginia Tech The new Cool: Reverse Engineering... Microsoft Zune (http://bunniestudios.com) Under the Hood
More informationCryptography for Resource Constrained Devices: A Survey
Cryptography for Resource Constrained Devices: A Survey Jacob John Dept. of Computer Engineering Sinhgad Institute of Technology Pune, India. jj31270@yahoo.co.in Abstract Specifically designed and developed
More informationContent of this part
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 5 More About Block Ciphers Israel Koren ECE597/697 Koren Part.5.1 Content of this
More informationCorrelated Keystreams in Moustique
, Vincent Rijmen, Tor Bjørstad, Christian Rechberger, Matt Robshaw and Gautham Sekar K.U. Leuven, ESAT-COSIC The Selmer Center, University of Bergen Graz University of Technology France Télécom Research
More informationThe Rectangle Attack
The Rectangle Attack and Other Techniques for Cryptanalysis of Block Ciphers Orr Dunkelman Computer Science Dept. Technion joint work with Eli Biham and Nathan Keller Topics Block Ciphers Cryptanalysis
More informationWhite-Box Cryptography State of the Art. Paul Gorissen
White-Box Cryptography State of the Art Paul Gorissen paul.gorissen@philips.com Outline Introduction Attack models White-box cryptography How it is done Interesting properties State of the art Conclusion
More informationMasking as a Side-Channel Countermeasure in Hardware
Masking as a Side-Channel Countermeasure in Hardware 6. September 2016 Ruhr-Universität Bochum 1 Agenda Physical Attacks and Side Channel Analysis Attacks Measurement setup Power Analysis Attacks Countermeasures
More informationMessage Authentication and Hash function 2
Message Authentication and Hash function 2 Concept and Example 1 SHA : Secure Hash Algorithm Four secure hash algorithms, SHA-11, SHA-256, SHA-384, and SHA-512. All four of the algorithms are iterative,
More informationA New Attack with Side Channel Leakage during Exponent Recoding Computations
A New Attack with Side Channel Leakage during Exponent Recoding Computations Yasuyuki Sakai 1 and Kouichi Sakurai 2 1 Mitsubishi Electric Corporation, 5-1-1 Ofuna, Kamakura, Kanagawa 247-8501, Japan ysakai@iss.isl.melco.co.jp
More informationCryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption
More informationImproved Multi-Dimensional Meet-in-the-Middle Cryptanalysis of KATAN
Improved Multi-Dimensional Meet-in-the-Middle Cryptanalysis of KATAN Shahram Rasoolzadeh and Håvard Raddum Simula Research Laboratory Abstract. We study multidimensional meet-in-the-middle attacks on the
More informationSummary on Crypto Primitives and Protocols
Summary on Crypto Primitives and Protocols Levente Buttyán CrySyS Lab, BME www.crysys.hu 2015 Levente Buttyán Basic model of cryptography sender key data ENCODING attacker e.g.: message spatial distance
More informationCan Lightweight Cryptography Deliver Heavyweight Security?
Intro Security Examples Conclusions Can Lightweight Cryptography Deliver Heavyweight Security? Orr Dunkelman Computer Science Department University of Haifa 28 th March, 2016 Orr Dunkelman Can Lightweight
More informationCIS 4360 Secure Computer Systems Symmetric Cryptography
CIS 4360 Secure Computer Systems Symmetric Cryptography Professor Qiang Zeng Spring 2017 Previous Class Classical Cryptography Frequency analysis Never use home-made cryptography Goals of Cryptography
More informationAn Improved Cryptanalysis of Lightweight Stream Cipher Grain-v1
An Improved Cryptanalysis of Lightweight Stream Cipher Grain-v1 Miodrag J. Mihaljević 1, Nishant Sinha 2, Sugata Gangopadhyay 2, Subhamoy Maitra 3, Goutam Paul 3 and Kanta Matsuura 4 1 Mathematical Institute,
More informationComputer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Cryptography Part II Paul Krzyzanowski Rutgers University Spring 2018 March 23, 2018 CS 419 2018 Paul Krzyzanowski 1 Block ciphers Block ciphers encrypt a block of plaintext at a
More informationCSCI 454/554 Computer and Network Security. Topic 2. Introduction to Cryptography
CSCI 454/554 Computer and Network Security Topic 2. Introduction to Cryptography Outline Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues 2 Basic Concepts and Definitions
More informationSymmetric Encryption Algorithms
Symmetric Encryption Algorithms CS-480b Dick Steflik Text Network Security Essentials Wm. Stallings Lecture slides by Lawrie Brown Edited by Dick Steflik Symmetric Cipher Model Plaintext Encryption Algorithm
More informationSymmetric Cryptography. Chapter 6
Symmetric Cryptography Chapter 6 Block vs Stream Ciphers Block ciphers process messages into blocks, each of which is then en/decrypted Like a substitution on very big characters 64-bits or more Stream
More information2/7/2013. CS 472 Network and System Security. Mohammad Almalag Lecture 2 January 22, Introduction To Cryptography
CS 472 Network and System Security Mohammad Almalag malmalag@cs.odu.edu Lecture 2 January 22, 2013 Introduction To Cryptography 1 Definitions Cryptography = the science (art) of encryption Cryptanalysis
More informationA physical level perspective
UMass CS 660 Advanced Information Assurance Spring 2011Guest Lecture Side Channel Analysis A physical level perspective Lang Lin Who am I 5 th year PhD candidate in ECE Advisor: Professor Wayne Burleson
More informationOutline. Cryptography. Encryption/Decryption. Basic Concepts and Definitions. Cryptography vs. Steganography. Cryptography: the art of secret writing
Outline CSCI 454/554 Computer and Network Security Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues Topic 2. Introduction to Cryptography 2 Cryptography Basic Concepts
More informationThe Davies-Murphy Power Attack. Sébastien Kunz-Jacques Frédéric Muller Frédéric Valette DCSSI Crypto Lab
The Davies-Murphy Power Attack Sébastien Kunz-Jacques Frédéric Muller Frédéric Valette DCSSI Crypto Lab Introduction Two approaches for attacking crypto devices traditional cryptanalysis Side Channel Attacks
More informationComputer Security 3/23/18
s s encrypt a block of plaintext at a time and produce ciphertext Computer Security 08. Cryptography Part II Paul Krzyzanowski DES & AES are two popular block ciphers DES: 64 bit blocks AES: 128 bit blocks
More informationUsing Error Detection Codes to detect fault attacks on Symmetric Key Ciphers
Using Error Detection Codes to detect fault attacks on Symmetric Key Ciphers Israel Koren Department of Electrical and Computer Engineering Univ. of Massachusetts, Amherst, MA collaborating with Luca Breveglieri,
More informationECE 646 Lecture 8. Modes of operation of block ciphers
ECE 646 Lecture 8 Modes of operation of block ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5 th and 6 th Edition, Chapter 6 Block Cipher Operation II. A. Menezes, P.
More informationCryptography BITS F463 S.K. Sahay
Cryptography BITS F463 S.K. Sahay BITS-Pilani, K.K. Birla Goa Campus, Goa S.K. Sahay Cryptography 1 Terminology Cryptography: science of secret writing with the goal of hiding the meaning of a message.
More informationDifferential Cryptanalysis
Differential Cryptanalysis See: Biham and Shamir, Differential Cryptanalysis of the Data Encryption Standard, Springer Verlag, 1993. c Eli Biham - March, 28 th, 2012 1 Differential Cryptanalysis The Data
More informationMessage Authentication Codes and Cryptographic Hash Functions
Message Authentication Codes and Cryptographic Hash Functions Readings Sections 2.6, 4.3, 5.1, 5.2, 5.4, 5.6, 5.7 1 Secret Key Cryptography: Insecure Channels and Media Confidentiality Using a secret key
More informationAttacks on Advanced Encryption Standard: Results and Perspectives
Attacks on Advanced Encryption Standard: Results and Perspectives Dmitry Microsoft Research 29 February 2012 Design Cryptanalysis history Advanced Encryption Standard Design Cryptanalysis history AES 2
More informationOn Boolean and Arithmetic Masking against Differential Power Analysis
On Boolean and Arithmetic Masking against Differential Power Analysis [Published in Ç.K. Koç and C. Paar, Eds., Cryptographic Hardware and Embedded Systems CHES 2000, vol. 1965 of Lecture Notes in Computer
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationWhoamI. Attacking WBC Implementations No con Name 2017
Attacking WBC Implementations No con Name 2017 1 WHO I AM EDUCATION: Computer Science MSc in IT security COMPANY & ROLES: HCE Security Evaluator R&D Engineer WBC project Responsible of Android security
More informationAnalysis, demands, and properties of pseudorandom number generators
Analysis, demands, and properties of pseudorandom number generators Jan Krhovják Department of Computer Systems and Communications Faculty of Informatics, Masaryk University Brno, Czech Republic Jan Krhovják
More informationCipher Suite Configuration Mode Commands
The Cipher Suite Configuration Mode is used to configure the building blocks for SSL cipher suites, including the encryption algorithm, hash function, and key exchange. Important The commands or keywords/variables
More informationSusceptibility of estream Candidates towards Side Channel Analysis
Susceptibility of estream Candidates towards Side Channel Analysis Benedikt Gierlichs 1, Lejla Batina 1, Christophe Clavier 2, Thomas Eisenbarth 3, Aline Gouget 4, Helena Handschuh 5, Timo Kasper 3, Kerstin
More informationCSC/ECE 774 Advanced Network Security
Computer Science CSC/ECE 774 Advanced Network Security Topic 2. Network Security Primitives CSC/ECE 774 Dr. Peng Ning 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange;
More informationNetwork Security. Lecture# 6 Lecture Slides Prepared by: Syed Irfan Ullah N.W.F.P. Agricultural University Peshawar
Network Security Lecture# 6 Lecture Slides Prepared by: Syed Irfan Ullah N.W.F.P. Agricultural University Peshawar Modern Block Ciphers now look at modern block ciphers one of the most widely used types
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 2.1 Introduction to Cryptography CSC 474/574 By Dr. Peng Ning 1 Cryptography Cryptography Original meaning: The art of secret writing Becoming a science that
More informationCPS2323. Symmetric Ciphers: Stream Ciphers
Symmetric Ciphers: Stream Ciphers Content Stream and Block Ciphers True Random (Stream) Generators, Perfectly Secure Ciphers and the One Time Pad Cryptographically Strong Pseudo Random Generators: Practical
More informationBasic Concepts and Definitions. CSC/ECE 574 Computer and Network Security. Outline
CSC/ECE 574 Computer and Network Security Topic 2. Introduction to Cryptography 1 Outline Basic Crypto Concepts and Definitions Some Early (Breakable) Cryptosystems Key Issues 2 Basic Concepts and Definitions
More informationCryptography and Network Security Chapter 7. Fourth Edition by William Stallings
Cryptography and Network Security Chapter 7 Fourth Edition by William Stallings Chapter 7 Confidentiality Using Symmetric Encryption John wrote the letters of the alphabet under the letters in its first
More informationSynthesis of Fault-Attack Countermeasures for Cryptographic Circuits
Synthesis of Fault-Attack Countermeasures for Cryptographic Circuits Hassan Eldib, Meng Wu, and Chao Wang CAV, July 23, 2016 Cryptographic Algorithm: an example Plaintext Chip Ciphertext 0110 1001 1011
More informationPower Analysis of MAC-Keccak: A Side Channel Attack
Power Analysis of MAC-Keccak: A Side Channel Attack Advanced Cryptography Kyle McGlynn Professor Stanislaw Radziszowski May 6, 2018 1 Introduction Recently in the spring of 2017, two documents were discovered
More informationNON LINEAR FEEDBACK STREAM CIPHER
NON LINEAR FEEDBACK STREAM CIPHER *Dr.R. Siva Ram Prasad **G.Murali ***S.Gopi Krishna Research Director, Dept. of CSE, Head, Dept. of CSE, Head, Dept. of CSE, Acharya Nagarjuna University, R.K College
More informationPower Analysis Attacks
Power Analysis Attacks Elisabeth Oswald Computer Science Department Crypto Group eoswald@cs.bris.ac.uk Elisabeth.Oswald@iaik.tugraz.at Outline Working principle of power analysis attacks DPA Attacks on
More informationBCA III Network security and Cryptography Examination-2016 Model Paper 1
Time: 3hrs BCA III Network security and Cryptography Examination-2016 Model Paper 1 M.M:50 The question paper contains 40 multiple choice questions with four choices and student will have to pick the correct
More informationStream Ciphers. Stream Ciphers 1
Stream Ciphers Stream Ciphers 1 Stream Ciphers Generate a pseudo-random key stream & xor to the plaintext. Key: The seed of the PRNG Traditional PRNGs (e.g. those used for simulations) are not secure.
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationIntroduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers
Introduction to Modern Cryptography Lecture 2 Symmetric Encryption: Stream & Block Ciphers Stream Ciphers Start with a secret key ( seed ) Generate a keying stream i-th bit/byte of keying stream is a function
More informationSpecTre: A Tiny Side-Channel Resistant Speck Core for FPGAs
SpecTre: A Tiny Side-Channel Resistant Speck Core for FPGAs Cong Chen, Mehmet Sinan Inci, Mostafa Taha*, and Thomas Eisenbarth Worcester Polytechnic Institute, Worcester, MA 01609, USA Email: {cchen3,
More informationA New Architecture of High Performance WG Stream Cipher
A New Architecture of High Performance WG Stream Cipher Grace Mary S. 1, Abhila R. Krishna 2 1 P G Scholar, VLSI and Embedded Systems, Department of ECE T K M Institute of Technology, Kollam, India 2 Assistant
More informationIntroduction to Software Countermeasures For Embedded Cryptography
Introduction to Software Countermeasures For Embedded Cryptography David Vigilant UMPC Master, 1 st December, 2017 Outline 1 Context and Motivations 2 Basic Rules and Countermeasures Examples Regarding
More informationCache Timing Attacks on estream Finalists
Cache Timing Attacks on estream Finalists Erik Zenner Technical University Denmark (DTU) Institute for Mathematics e.zenner@mat.dtu.dk Echternach, Jan. 9, 2008 Erik Zenner (DTU-MAT) Cache Timing Attacks
More informationOutline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 4 Department of Electrical and Computer Engineering Cleveland State University wenbing@ieee.org Outline Review
More informationCryptographic Primitives A brief introduction. Ragesh Jaiswal CSE, IIT Delhi
Cryptographic Primitives A brief introduction Ragesh Jaiswal CSE, IIT Delhi Cryptography: Introduction Throughout most of history: Cryptography = art of secret writing Secure communication M M = D K (C)
More informationFPGA Implementation of WG Stream Cipher
FPGA Implementation of WG Stream Cipher Anna Johnson Assistant Professor,ECE Department, Jyothi Engineering College,Thrissur Abstract Cryptography is the technique of providing security to a network. The
More informationAn Improved Hardware Implementation of the Quark Hash Function
An Improved Hardware Implementation of the Quark Hash Function Shohreh Sharif Mansouri and Elena Dubrova Department of Electronic Systems Royal Institute of Technology (KTH), Stockholm Email:{shsm,dubrova}@kth.se
More informationMulti-Stage Fault Attacks
Multi-Stage Fault Attacks Applications to the Block Cipher PRINCE Philipp Jovanovic Department of Informatics and Mathematics University of Passau March 27, 2013 Outline 1. Motivation 2. The PRINCE Block
More information