390 research outputs found
Efficient Error detection Architectures for Low-Energy Block Ciphers with the Case Study of Midori Benchmarked on FPGA
Achieving secure, high performance implementations for constrained applications such as implantable and wearable medical devices is a priority in efficient block ciphers. However, security of these algorithms is not guaranteed in presence of malicious and natural faults. Recently, a new lightweight block cipher, Midori, has been proposed which optimizes the energy consumption besides having low latency and hardware complexity. This algorithm is proposed in two energy-efficient varients, i.e., Midori64 and Midori128, with block sizes equal to 64 and 128 bits. In this thesis, fault diagnosis schemes for variants of Midori are proposed. To the best of the our knowledge, there has been no fault diagnosis scheme presented in the literature for Midori to date. The fault diagnosis schemes are provided for the nonlinear S-box layer and for the round structures with both 64-bit and 128-bit Midori symmetric key ciphers. The proposed schemes are benchmarked on field-programmable gate array (FPGA) and their error coverage is assessed with fault-injection simulations. These proposed error detection architectures make the implementations of this new low-energy lightweight block cipher more reliable
Fault Space Transformation: A Generic Approach to Counter Differential Fault Analysis and Differential Fault Intensity Analysis on AES-like Block Ciphers
Classical fault attacks such as Differential Fault Analysis~(DFA) as well as biased fault attacks such as the Differential Fault Intensity Analysis~(DFIA) have been a major threat to cryptosystems in recent times. DFA uses pairs of fault-free and faulty ciphertexts to recover the secret key. DFIA, on the other hand, combines principles of side channel analysis and fault attacks to try and extract the key using faulty ciphertexts only. Till date, no effective countermeasure that can thwart both DFA as well as DFIA based attacks has been reported in the literature to the best of our knowledge. In particular, traditional redundancy based countermeasures that assume uniform fault distribution are found to be vulnerable against DFIA due to its use of biased fault models. In this work, we propose a novel generic countermeasure strategy that combines the principles of redundancy with that of fault space transformation to achieve security against both DFA and DFIA based attacks on AES-like block ciphers. As a case study, we have applied our proposed technique to to obtain temporal and spatial redundancy based countermeasures for AES-128, and have evaluated their security against both DFA and DFIA via practical experiments on a SASEBO-GII board. Results show that our proposed countermeasure makes it practically infeasible to obtain a single instance of successful fault injection, even in the presence of biased fault models
AONT-LT: a Data Protection Scheme for Cloud and Cooperative Storage Systems
We propose a variant of the well-known AONT-RS scheme for dispersed storage
systems. The novelty consists in replacing the Reed-Solomon code with rateless
Luby transform codes. The resulting system, named AONT-LT, is able to improve
the performance by dispersing the data over an arbitrarily large number of
storage nodes while ensuring limited complexity. The proposed solution is
particularly suitable in the case of cooperative storage systems. It is shown
that while the AONT-RS scheme requires the adoption of fragmentation for
achieving widespread distribution, thus penalizing the performance, the new
AONT-LT scheme can exploit variable length codes which allow to achieve very
good performance and scalability.Comment: 6 pages, 8 figures, to be presented at the 2014 High Performance
Computing & Simulation Conference (HPCS 2014) - Workshop on Security, Privacy
and Performance in Cloud Computin
A masking method based on orthonormal spaces, protecting several bytes against both SCA and FIA with a reduced cost
In the attacker models of Side-Channel Attacks (SCA) and Fault Injection Attacks (FIA), the opponent has access to a noisy version of the internal behavior of the hardware. Since the end of the nineties, many works have shown that this type of attacks constitutes a serious threat to cryptosystems implemented in embedded devices. In the state-of-the-art, there exist several countermeasures to protect symmetric encryption (especially AES-128). Most of them protect only against one of these two attacks (either SCA or FIA). The main known counter-measure against SCA is masking; it makes the complexity of SCA growing exponentially with its order d. The most general version of masking is based on error correcting codes. It has the advantage of offering in principle a protection against both types of attacks (SCA and FIA), but all the functions implemented in the algorithm need to be masked accordingly, and this is not a simple task in general. We propose a particular version of such construction that has several advantages: it has a very low computation complexity, it offers a concrete protection against both SCA and FIA, and finally it allows flexibility: being not specifically dedicated to AES, it can be applied to any block cipher with any S-boxes. In the state-of-art, masking schemes all come with pros and cons concerning the different types of complexity (time, memory, amount of randomness). Our masking scheme concretely achieves the complexity of the best known scheme, for each complexity typ
Timing the Transient Execution: A New Side-Channel Attack on Intel CPUs
The transient execution attack is a type of attack leveraging the
vulnerability of modern CPU optimization technologies. New attacks surface
rapidly. The side-channel is a key part of transient execution attacks to leak
data. In this work, we discover a vulnerability that the change of the EFLAGS
register in transient execution may have a side effect on the Jcc (jump on
condition code) instruction after it in Intel CPUs. Based on our discovery, we
propose a new side-channel attack that leverages the timing of both transient
execution and Jcc instructions to deliver data. This attack encodes secret data
to the change of register which makes the execution time of context slightly
slower, which can be measured by the attacker to decode data. This attack
doesn't rely on the cache system and doesn't need to reset the EFLAGS register
manually to its initial state before the attack, which may make it more
difficult to detect or mitigate. We implemented this side-channel on machines
with Intel Core i7-6700, i7-7700, and i9-10980XE CPUs. In the first two
processors, we combined it as the side-channel of the Meltdown attack, which
could achieve 100\% success leaking rate. We evaluate and discuss potential
defenses against the attack. Our contributions include discovering security
vulnerabilities in the implementation of Jcc instructions and EFLAGS register
and proposing a new side-channel attack that does not rely on the cache system
SELINDA: a secure, scalable and light-weight data collection protocol for smart grids
Security in the smart grid is a challenge as an increasing number of sensors and measurement devices are connected to the power grid. General purpose security protocols are not suitable for providing data security to devices with limited memory, computational power and network connectivity. In this paper, we develop a secure and light-weight scalable security protocol that allows a power system operator (PO) to collect data from measurement devices (MDs) using data collectors (DCs). The security protocol trades off between computations and device memory requirements and provides flexible association between DC and MDs. These features allow data to be securely transferred from MDs to PO via mobile or untrustworthy DCs. We analyze the complexity and security of the protocol and validate its performance using experiments. Our results confirm that our proposed protocol collects data in a secure, fast and efficient manner. © 2013 IEEE.published_or_final_versio
Differential Fault Analysis Automation
Characterization of all possible faults in a cryptosystem exploitable for fault attacks is a problem
which is of both theoretical and practical interest for the cryptographic community. The complete
knowledge of exploitable fault space is desirable while designing optimal countermeasures for any
given crypto-implementation. In this paper, we address the exploitable fault characterization problem
in the context of Differential Fault Analysis (DFA) attacks on block ciphers. The formidable size
of the fault spaces demands an automated albeit fast mechanism for verifying each individual fault
instance and neither the traditional, cipher-specific, manual DFA techniques nor the generic and au-
tomated Algebraic Fault Attacks (AFA) [10] fulfill these criteria. Further, the diversified structures
of different block ciphers suggest that such an automation should be equally applicable to any block
cipher. This work presents an automated framework for DFA identification, fulfilling all aforemen-
tioned criteria, which, instead of performing the attack just estimates the attack complexity for each
individual fault instance. A generic and extendable data-mining assisted dynamic analysis frame-
work capable of capturing a large class of DFA distinguishers is devised, along with a graph-based
complexity analysis scheme. The framework significantly outperforms another recently proposed
one [6], in terms of attack class coverage and automation effort. Experimental evaluation on AES and
PRESENT establishes the effectiveness of the proposed framework in detecting most of the known
DFAs, which eventually enables the characterization of the exploitable fault space
- …