Cifra contínua baseada no filtro de Bloom

A Linear Feedback Shift Register (LFSR) is a building block that is frequently used to build fast, hardware-based stream ciphers. However, the fact that an LFSR is bit oriented makes it inefficient when implemented by microprocessors. On the other hand, LFSR’s have a very well-defined internal behavior, defined by a carefully chosen (primitive) feedback polynomial, which facilitates the evaluation of their quality using mathematical tools but also their cryptanalysis. This work consisted on creating a generalized LFSR where the information stored in each stage of the shift register is a 64-bit word, instead of a single bit. Furthermore, a variable feedback polynomial is used instead of a fixed one, for making cryptanalysis harder. The variability of the feedback polynomial is given by the state of a Bloom filter. A Bloom filter is a well defined construction used to detect a possible repetition of a value observed in the past, and was used in our stream generator to provide a hard-to-model, always changing state. The evolution of the Bloom filter state is cyclic, in the sense that during some iterations it accumulates ones (1’s), while in other iterations it accumulates zeros (0’s). The number of iterations in each case is not fixed, it is given by an accumulated number of collisions in the Bloom filter itself.Um Linear Feedback Shift Register (LFSR) é um elemento base usado frequentemente para desenvolver cifras contínuas, baseadas em hardware, de forma rápida. Contudo, pelo facto de serem orientados ao bit tornam-se ineficientes quando implementadas em microprocessadores. Por outro lado, os LFSRs têm um comportamento bem conhecido, definido pelo seu polinómio de realimentação, o que facilita a análise das suas propriedades com recurso a ferramentas matemáticas mas também a sua cripto análise. Este trabalho consistiu na criação de um LFSR generalizado cujos registos possuem palavras de 64 bits em vez de um único. Utiliza-se também um polinómio de realimentação variável, com vista a dificultar a sua criptanalise. A variabilidade do gerador é definida por um filtro de Bloom. Um filtro de Bloom é um método bem conhecido para detetar possı́veis repetições de um valor e é utilizado neste gerador com vista a torná-lo difı́cil de analisar devido ao seu estado em constante modificação. O estado do filtro é cı́clico, visto que em algumas iterações acumula uns (1’s) enquanto que nas seguintes acumula zeros (0’s). O número de iterações em cada caso varia com o número de colisões detetados pelo próprio filtro.Mestrado em Engenharia de Computadores e Telemátic

Optimized architecture for SNOW 3G

SNOW 3G is a synchronous, word-oriented stream cipher used by the 3GPP standards as a confidentiality and integrity algorithms. It is used as first set in long term evolution (LTE) and as a second set in universal mobile telecommunications system (UMTS) networks. The cipher uses 128-bit key and 128 bit IV to produce 32-bit ciphertext. The paper presents two techniques for performance enhancement. The first technique uses novel CLA architecture to minimize the propagation delay of the 232 modulo adders. The second technique uses novel architecture for S-box to minimize the chip area. The presented work uses VHDL language for coding. The same is implemented on the FPGA device Virtex xc5vfx100e manufactured by Xilinx. The presented architecture achieved a maximum frequency of 254.9 MHz and throughput of 7.2235 Gbps

Transparent code authentication at the processor level

The authors present a lightweight authentication mechanism that verifies the authenticity of code and thereby addresses the virus and malicious code problems at the hardware level eliminating the need for trusted extensions in the operating system. The technique proposed tightly integrates the authentication mechanism into the processor core. The authentication latency is hidden behind the memory access latency, thereby allowing seamless on-the-fly authentication of instructions. In addition, the proposed authentication method supports seamless encryption of code (and static data). Consequently, while providing the software users with assurance for authenticity of programs executing on their hardware, the proposed technique also protects the software manufacturers’ intellectual property through encryption. The performance analysis shows that, under mild assumptions, the presented technique introduces negligible overhead for even moderate cache sizes

Cryptanalysis of Symmetric Cryptographic Primitives

Symmetric key cryptographic primitives are the essential building blocks in modern information security systems. The overall security of such systems is crucially dependent on these mathematical functions, which makes the analysis of symmetric key primitives a goal of critical importance. The security argument for the majority of such primitives in use is only a heuristic one and therefore their respective security evaluation continually remains an open question. In this thesis, we provide cryptanalytic results for several relevant cryptographic hash functions and stream ciphers. First, we provide results concerning two hash functions: HAS-160 and SM3. In particular, we develop a new heuristic for finding compatible differential paths and apply it to the the Korean hash function standard HAS-160. Our heuristic leads to a practical second order collision attack over all of the HAS-160 function steps, which is the first practical-complexity distinguisher on this function. An example of a colliding quartet is provided. In case of SM3, which is a design that builds upon the SHA-2 hash and is published by the Chinese Commercial Cryptography Administration Office for the use in the electronic authentication service system, we study second order collision attacks over reduced-round versions and point out a structural slide-rotational property that exists in the function. Next, we examine the security of the following three stream ciphers: Loiss, SNOW 3G and SNOW 2.0. Loiss stream cipher is designed by Dengguo Feng et al. aiming to be implemented in byte-oriented processors. By exploiting some differential properties of a particular component utilized in the cipher, we provide an attack of a practical complexity on Loiss in the related-key model. As confirmed by our experimental results, our attack recovers 92 bits of the 128-bit key in less than one hour on a PC with 3 GHz Intel Pentium 4 processor. SNOW 3G stream cipher is used in 3rd Generation Partnership Project (3GPP) and the SNOW 2.0 cipher is an ISO/IEC standard (IS 18033-4). For both of these two ciphers, we show that the initialization procedure admits a sliding property, resulting in several sets of related-key pairs. In addition to allowing related-key key recovery attacks against SNOW 2.0 with 256-bit keys, the presented properties reveal non-random behavior of the primitives, yield related-key distinguishers for the two ciphers and question the validity of the security proofs of protocols based on the assumption that these ciphers behave like perfect random functions of the key-IV. Finally, we provide differential fault analysis attacks against two stream ciphers, namely, HC-128 and Rabbit. In this type of attacks, the attacker is assumed to have physical influence over the device that performs the encryption and is able to introduce random faults into the computational process. In case of HC-128, the fault model in which we analyze the cipher is the one in which the attacker is able to fault a random word of the inner state of the cipher but cannot control its exact location nor its new faulted value. Our attack requires about 7968 faults and recovers the complete internal state of HC-128 by solving a set of 32 systems of linear equations over Z2 in 1024 variables. In case of Rabbit stream cipher, the fault model in which the cipher is analyzed is the one in which a random bit of the internal state of the cipher is faulted, however, without control over the location of the injected fault. Our attack requires around 128 − 256 faults, precomputed table of size 2^41.6 bytes and recovers the complete internal state of Rabbit in about 2^38 steps

Analysis and Design of a Stream Cipher

Random numbers have a myriad of applications within the realms of information security, among others: session keys, prime numbers used in asymmetric cryptosystems, challenge values or cipher sequences in Vernam-based stream ciphers. Precisely, stream ciphers constitute the main core of current symmetric encryption, either with algorithms that have been designed specifically for such task, like Salsa20 or ChaCha, or utilizing suitable operation modes in conjunction with block ciphers. This project will consist in the design, development and analysis of a stream cipher and its associated components: cipher sequence generator, filters, etc.Los números aleatorios tienen muchas aplicaciones en la seguridad de la información, entre otros: claves de sesión, los números primos que se utilizan en criptosistemas asimétricos, los valores de desafío o las secuencias cifrantes en los criptosistemas de cifrado en flujo de tipo Vernam. En concreto, los cifradores en flujo forman la base del cifrado simétrico en la actualidad, bien con algoritmos diseñados específicamente como Salsa20 o ChaCha o mediante la utilización de los modos de operación adecuados en cifradores en bloque. El proyecto consistirá en el diseño, desarrollo y análisis de un cifrador en flujo y sus componentes asociados: generador de secuencia cifrante, filtros, etc

On the Efficiency of Software Implementations of Lightweight Block Ciphers from the Perspective of Programming Languages

Lightweight block ciphers are primarily designed for resource constrained devices. However, due to service requirements of large-scale IoT networks and systems, the need for efficient software implementations can not be ruled out. A number of studies have compared software implementations of different lightweight block ciphers on a specific platform but to the best of our knowledge, this is the first attempt to benchmark various software implementations of a single lightweight block cipher across different programming languages and platforms in the cloud architecture. In this paper, we defined six lookup-table based software implementations for lightweight block ciphers with their characteristics ranging from memory to throughput optimized variants. We carried out a thorough analysis of the two costs associated with each implementation (memory and operations) and discussed possible trade-offs in detail. We coded all six types of implementations for three key settings (64, 80, 128 bits) of LED (a lightweight block cipher) in four programming languages (Java, C#, C++, Python). We highlighted the impact of choice relating to implementation type, programming language, and platform by benchmarking the seventy-two implementations for throughput and software efficiency on 32 & 64-bit platforms for two major operating systems (Windows & Linux) on Amazon Web Services Cloud. The results showed that these choices can affect the efficiency of a cryptographic primitive by a factor as high as 400

Covert timing channels, caching, and cryptography

Side-channel analysis is a cryptanalytic technique that targets not the formal description of a cryptographic primitive but the implementation of it. Examples of side-channels include power consumption or timing measurements. This is a young but very active field within applied cryptography. Modern processors are equipped with numerous mechanisms to improve the average performance of a program, including but not limited to caches. These mechanisms can often be used as side-channels to attack software implementations of cryptosystems. This area within side-channel analysis is called microarchitecture attacks, and those dealing with caching mechanisms cache-timing attacks. This dissertation presents a number of contributions to the field of side-channel analysis. The introductory portion consists of a review of common cache architectures, a literature survey of covert channels focusing mostly on covert timing channels, and a literature survey of cache-timing attacks, including selective related results that are more generally categorized as side-channel attacks such as traditional timing attacks. This dissertation includes eight publications relating to this field. They contain contributions in areas such as side-channel analysis, data cache-timing attacks, instruction cache-timing attacks, traditional timing attacks, and fault attacks. Fundamental themes also include attack mitigations and efficient yet secure software implementation of cryptosystems. Concrete results include, but are not limited to, four practical side-channel attacks against OpenSSL, each implemented and leading to full key recovery