113,185 research outputs found
Related-Key Boomerang Attacks on GIFT with Automated Trail Search Including BCT Effect
In Eurocrypt 2018, Cid et al. proposed a novel notion called the boomerang connectivity table, which formalised the switch property in the middle round of boomerang distinguishers in a unified approach. In this paper, we present a generic model of the boomerang connectivity table with automatic search technique for the first time, and search for (related-key) boomerang distinguishers directly by combining with the search of (related-key) differential characteristics. With the technique, we are able to find 19-round related-key boomerang distinguishers in the lightweight block cipher \textsc{Gift}-64 and \textsc{Gift}-128. Interestingly, a transition that is not predictable by the conventional switches is realised in a boomerang distinguisher predicted by the boomerang connectivity table. In addition, we experimentally extend the 19-round distinguisher by one more round. A 23-round key-recovery attack is presented on \textsc{Gift}-64 based on the distinguisher, which covers more rounds than previous known results in the single-key setting.
Although the designers of \textsc{Gift} do not claim related-key security, bit positions of the key addition and 16-bit rotations were chosen to optimize the related-key differential bound. Indeed, the designers evaluated related-key differential attacks. This is the first work to present better related-key attacks than the simple related-key differential attack
An Assurance Framework for Independent Co-assurance of Safety and Security
Integrated safety and security assurance for complex systems is difficult for
many technical and socio-technical reasons such as mismatched processes,
inadequate information, differing use of language and philosophies, etc.. Many
co-assurance techniques rely on disregarding some of these challenges in order
to present a unified methodology. Even with this simplification, no methodology
has been widely adopted primarily because this approach is unrealistic when met
with the complexity of real-world system development.
This paper presents an alternate approach by providing a Safety-Security
Assurance Framework (SSAF) based on a core set of assurance principles. This is
done so that safety and security can be co-assured independently, as opposed to
unified co-assurance which has been shown to have significant drawbacks. This
also allows for separate processes and expertise from practitioners in each
domain. With this structure, the focus is shifted from simplified unification
to integration through exchanging the correct information at the right time
using synchronisation activities
Integrated Safety and Security Risk Assessment Methods: A Survey of Key Characteristics and Applications
Over the last years, we have seen several security incidents that compromised
system safety, of which some caused physical harm to people. Meanwhile, various
risk assessment methods have been developed that integrate safety and security,
and these could help to address the corresponding threats by implementing
suitable risk treatment plans. However, an overarching overview of these
methods, systematizing the characteristics of such methods, is missing. In this
paper, we conduct a systematic literature review, and identify 7 integrated
safety and security risk assessment methods. We analyze these methods based on
5 different criteria, and identify key characteristics and applications. A key
outcome is the distinction between sequential and non-sequential integration of
safety and security, related to the order in which safety and security risks
are assessed. This study provides a basis for developing more effective
integrated safety and security risk assessment methods in the future
- …