A Security Analysis of IoT Encryption: Side-channel Cube Attack on Simeck32/64

Simeck, a lightweight block cipher has been proposed to be one of the encryption that can be employed in the Internet of Things (IoT) applications. Therefore, this paper presents the security of the Simeck32/64 block cipher against side-channel cube attack. We exhibit our attack against Simeck32/64 using the Hamming weight leakage assumption to extract linearly independent equations in key bits. We have been able to find 32 linearly independent equations in 32 key variables by only considering the second bit from the LSB of the Hamming weight leakage of the internal state on the fourth round of the cipher. This enables our attack to improve previous attacks on Simeck32/64 within side-channel attack model with better time and data complexity of 2^35 and 2^11.29 respectively.Comment: 12 pages, 6 figures, 4 tables, International Journal of Computer Networks & Communication

The Potential for Machine Learning Analysis over Encrypted Data in Cloud-based Clinical Decision Support - Background and Review

This paper appeared at the 8th Australasian Workshop on Health Informatics and Knowledge Management (HIKM 2015), Sydney, Australia, January 2015. Conferences in Research and Practice in Information Technology (CRPIT), Vol. 164, Anthony Maeder and Jim Warren, Ed. Reproduction for academic, not-for profit purposes permitted provided this text is includedIn an effort to reduce the risk of sensitive data exposure in untrusted networks such as the public cloud, increasing attention has recently been given to encryption schemes that allow specific computations to occur on encrypted data, without the need for decryption. This relies on the fact that some encryption algorithms display the property of homomorphism, which allows them to manipulate data in a meaningful way while still in encrypted form. Such a framework would find particular relevance in Clinical Decision Support (CDS) applications deployed in the public cloud. CDS applications have an important computational and analytical role over confidential healthcare information with the aim of supporting decision-making in clinical practice. This review paper examines the history and current status of homomoprhic encryption and its potential for preserving the privacy of patient data underpinning cloud-based CDS applications

Linear Cryptanalysis of Reduced-Round SIMECK Variants

SIMECK is a family of 3 lightweight block ciphers designed by Yang et al. They follow the framework used by Beaulieu et al. from the United States National Security Agency (NSA) to design SIMON and SPECK. A cipher in this family with K-bit key and N-bit block is called SIMECKN=K.We show that the security of this block cipher against linear cryptanalysis is not as good as its predecessors SIMON. More precisely, while the best known linear attack for SIMON32/64, using algorithm 1 of Matsui, covers 13 rounds we present a linear attack in this senario which covers 14 rounds of SIMECK32/64. Similarly, using algorithm 1 of Matsui, we present attacks on 19 and 22 rounds of SIMECK48/96 and SIMECK64/128 respectively, compare them with known attacks on 16 and 19 rounds SIMON48/96 and SIMON64/128 respectively. In addition, we use algorithm 2 of Matsui to attack 18, 23 and 27 rounds of SIMECK32/64, SIMECK48/96 and SIMECK64/128 respectively, compare them with known attacks on 18, 19 and 21 rounds SIMON32/64, SIMON48/96 and SIMON64/128 respectively

Pen and Paper Arguments for SIMON and SIMON-like Designs

In this work, we analyze the resistance of SIMON-like ciphers against differential attacks without using computer-aided methods. In this context, we first define the notion of a SIMON-like cipher as a generalization of the SIMON design. For certain instances, we present a method for proving the resistance against differential attacks by upper bounding the probability of a differential characteristic by $2^{-2T+2}$ where $T$ denotes the number of rounds. Interestingly, if $2n$ denotes the block length, our result is sufficient in order to bound the probability by $2^{-2n}$ for all full-round variants of SIMON and Simeck. Thus, it guarantees security in a sense that, even having encryptions of the full codebook, one cannot expect a differential characteristic to hold. The important difference between previous works is that our proof can be verified by hand and thus contributes towards a better understanding of the design. However, it is to mention that we do not analyze the probability of multi-round differentials. Although there are much better bounds known, especially for a high number of rounds, they are based on experimental search like using SAT/SMT solvers. While those results have already shown that SIMON can be considered resistant against differential cryptanalysis, our argument gives more insights into the design itself. As far as we know, this work presents the first non-experimental security argument for full-round versions of several SIMON-like instances

Tradeoff Attacks on Symmetric Ciphers

Tradeoff attacks on symmetric ciphers can be considered as the generalization of the exhaustive search. Their main objective is reducing the time complexity by exploiting the memory after preparing very large tables at a cost of exhaustively searching all the space during the precomputation phase. It is possible to utilize data (plaintext/ciphertext pairs) in some cases like the internal state recovery attacks for stream ciphers to speed up further both online and offline phases. However, how to take advantage of data in a tradeoff attack against block ciphers for single key recovery cases is still unknown. We briefly assess the state of art of tradeoff attacks on symmetric ciphers, introduce some open problems and discuss the security criterion on state sizes. We discuss the strict lower bound for the internal state size of keystream generators and propose more practical and fair bound along with our reasoning. The adoption of our new criterion can break a fresh ground in boosting the security analysis of small keystream generators and in designing ultra-lightweight stream ciphers with short internal states for their usage in specially low source devices such as IoT devices, wireless sensors or RFID tags

Linear Cryptanalysis of Round Reduced SIMON

SIMON is a family of lightweight block ciphers that was proposed by U.S National Security Agency (NSA). A cipher in this family with $K$-bit key and $N$-bit block is called SIMON ${N}/{K}$. In this paper we analyze the security of SIMON against linear cryptanalysis. We present several linear characteristics for all variants of SIMON with reduced number of rounds. Our best linear characteristic covers SIMON 32/64 reduced to 13 rounds out of 32 rounds with the bias of $2^{-16}$. In addition, we describe a connection between linear and differential characteristics for SIMON. This connection is then exploited by using the differential characteristics of the previous work of Abed \textit{et al.} to construct linear characteristics presented in this work. Our attacks extend to all variants of SIMON covering more number of rounds compared to the previous results on linear cryptanalysis. We have implemented our attacks for small scale variants of SIMON and our experiments confirm the theoretical bias of various characteristics presented in this work. %We also verified the results for SIMON32/64 experimentally to see whether implementation confirms theory. So far, our results are the best known with respect to linear cryptanalysis for any variant of SIMON

Differential Analysis on Simeck and SIMON with Dynamic Key-guessing Techniques

The Simeck family of lightweight block ciphers was proposed in CHES 2015 which combines the good design components from NSA designed ciphers SIMON and SPECK. Dynamic key-guessing techniques were proposed by Wang {\it et al.} to greatly reduce the key space guessed in differential cryptanalysis and work well on SIMON. In this paper, we implement the dynamic key-guessing techniques in a program to automatically give out the data in dynamic key-guessing procedure and thus simplify the security evaluation of SIMON and Simeck like block ciphers regarding differential attacks. We use the differentials from Kölbl {\it et al.}\u27s work and also a differential with lower Hamming weight we find using Mixed Integer Linear Programming method to attack 22-round Simeck32, 28-round Simeck48 and 35-round Simeck64. Besides, we launch the same attack procedure on four members of SIMON family by use of newly proposed differentials in CRYPTO2015 and get new attack results on 22-round SIMON32/64, 24-round SIMON48/96, 28, 29-round SIMON64/96 and 29, 30-round SIMON64/128. As far as we are concerned, our results on SIMON64 are currently the best results

Improved Linear Trails for the Block Cipher Simon

Simon is a family of block ciphers designed by the NSA and published in 2013. Due to their simple structure and the fact that the specification lacked security design rationale, the ciphers have been the subject of much cryptanalytic work, especially using differential and linear cryptanalysis. We improve previously published linear trail bias estimations by presenting a novel method to calculate the bias of short linear hulls in Simon and use them to construct longer linear approximations. By using these linear approximations we present key recovery attacks of up to 25 rounds for Simon64/128, 24 rounds for Simon32/64, Simon48/96, and Simon64/96, and 23 rounds for Simon48/72. The attacks on Simon32 and Simon48 are currently the best attacks on these versions. The attacks on Simon64 do not cover as many rounds as attacks using differential cryptanalysis but they work in the more natural setting of known plaintexts rather than chosen plaintexts

Software Optimisation of Lightweight Klein Encryption in the Internet of Things

The Internet of Things (IoT) and Wireless Sensor Network (WSN) devices are prone to security vulnerabilities, especially when they are resource constrained. Lightweight cryptography is a promising encryption concept for IoT and WSN devices, that can mitigate these vulnerabilities. For example, Klein encryption is a lightweight block cipher, which has achieved popularity for the trade-off between performance and security. In this paper, we propose one novel method to enhance the efficiency of the Klein block cipher and the effects on the Central Processing Unit (CPU), memory usage, and processing time. Furthermore, we evaluated another approach on the performance of the Klein encryption iterations. These approaches were implemented in the Python language and ran on the Raspberry PI 3. We evaluated and analysed the results of two modified encryption algorithms and confirm that two enhancing techniques lead to significantly improved performance compared to the original algorithm