Deriving ChaCha20 Key Streams From Targeted Memory Analysis

There can be performance and vulnerability concerns with block ciphers, thus stream ciphers can used as an alternative. Although many symmetric key stream ciphers are fairly resistant to side-channel attacks, cryptographic artefacts may exist in memory. This paper identifies a significant vulnerability within OpenSSH and OpenSSL and which involves the discovery of cryptographic artefacts used within the ChaCha20 cipher. This can allow for the cracking of tunneled data using a single targeted memory extraction. With this, law enforcement agencies and/or malicious agents could use the vulnerability to take copies of the encryption keys used for each tunnelled connection. The user of a virtual machine would not be alerted to the capturing of the encryption key, as the method runs from an extraction of the running memory. Methods of mitigation include making cryptographic artefacts difficult to discover and limiting memory access

Investigations into Decrypting Live Secure Traffic in Virtual Environments

Malicious agents increasingly use encrypted tunnels to communicate with external servers. Communications may contain ransomware keys, stolen banking details, or other confidential information. Rapid discovery of communicated contents through decrypting tunnelled traffic can support effective means of dealing with these malicious activities.Decrypting communications requires knowledge of cryptographic algorithms and artefacts, such as encryption keys and initialisation vectors. Such artefacts may exist in volatile memory when software applications encrypt. Virtualisation technologies can enable the acquisition of virtual machine memory to support the discovery of these cryptographic artefacts.A framework is constructed to investigate the decryption of potentially malicious communications using novel approaches to identify candidate initialisation vectors, and use these to discover candidate keys. The framework focuses on communications that use the Secure Shell and Transport Layer Security protocols in virtualised environments for different operating systems, protocols, encryption algorithms, and software implementations. The framework minimises virtual machine impact, and functions at an elevated level to make detection by virtual machine software difficult.The framework analyses Windows and Linux memory and validates decrypts for both protocols when the Advanced Encryption Standard symmetric block or ChaCha20 symmetric stream algorithms are used for encryption. It also investigates communications originating from malware clients, such as bot and ransomware, that use Windows cryptographic libraries.The framework correctly decrypted tunnelled traffic with near certainty in almost all experiments. The analysis durations ranged from sub-second to less than a minute, demonstrating that decryption of malicious activity before network session completion is possible. This can enable in-line detection of unknown malicious agents, timely discovery of ransomware keys, and knowledge of exfiltrated confidential information

Novel lightweight video encryption method based on ChaCha20 stream cipher and hybrid chaotic map

In the recent years, an increasing demand for securing visual resource-constrained devices become a challenging problem due to the characteristics of these devices. Visual resource-constrained devices are suffered from limited storage space and lower power for computation such as wireless sensors, internet protocol (IP) camera and smart cards. Consequently, to support and preserve the video privacy in video surveillance system, lightweight security methods are required instead of the existing traditional encryption methods. In this paper, a new light weight stream cipher method is presented and investigated for video encryption based on hybrid chaotic map and ChaCha20 algorithm. Two chaotic maps are employed for keys generation process in order to achieve permutation and encryption tasks, respectively. The frames sequences are encrypted-decrypted based on symmetric scheme with assist of ChaCha20 algorithm. The proposed lightweight stream cipher method has been tested on several video samples to confirm suitability and validation in term of encryption–decryption procedures. The performance evaluation metrics include visual test, histogram analysis, information entropy, correlation analysis and differential analysis. From the experimental results, the proposed lightweight encryption method exhibited a higher security with lower computation time compared with state-of-the-art encryption methods

A proposed lightweight image encryption using ChaCha with hyperchaotic maps

Image encryption plays a pivotal rule in enhancing telecommunications media. Since Privacy is necessary in our daily life in many areas, the personal image will be encrypted when it sent it over the Internet to the recipient to maintain privacy issue. In this paper, the image is encrypted using ChaCha symmetric stream cipher with Hyperchaotic Map. Due to the sensitivity characteristics of initial conditions, pseudo randomness chaotic maps and control parameters in chaotic, Hyperchaotic maps is use, higher security is obtained via using initial seed number, variance of parameters, and unpredictable direction of chaotic. The suggested lightweight image encryption has confirmed robustness contra brute force attacks by providing a massive key space. Furthermore, the suggested lightweight image encryption is eligible to defense from statistical cracking, insecurity of image based on criteria's histogram correlation and entropy

A Secure Lightweight Wireless M-Bus Protocol for IoT: Leveraging the Noise Protocol Framework

The expansion of smart metering within the Internet of Things (IoT) ecosystem underscores the need for robust security protocols that safeguard data transmission while optimizing device efficiency. Wireless Meter-Bus (wM-Bus), a key protocol for remote meter reading in utility systems such as gas, water, and heat meters, faces significant security challenges. This dissertation introduces a method to enhance wM-Bus security by integrating the Noise Protocol Framework (NPF), which secures wM-Bus against vulnerabilities and optimizes for the energy constraints of IoT devices. Initially examining wM-Bus security issues, particularly in battery-operated smart meters, the study explores the NPF’s lightweight, adaptable security solutions. Implementation analysis focuses on NPF handshake patterns NX (non-interactive with public key transmission by the initiator) and XX (mutual public key exchange), assessing their compatibility with wM-Bus through metrics such as memory use, packet size, and handshake time. Findings reveal that these patterns significantly outperform traditional methods like Transport Layer Security (TLS) in reducing energy consumption, thereby extending IoT devices’ operational lifespan. The study achieved a 5\% battery-life reduction with NX and a 25\% battery-life reduction with XX, enhancing both security and efficiency. These implementations also improved system security by reducing handshake times by up to 4.7\% and minimizing packet sizes by up to 68.38\%, critical for mitigating security threats. They also showed improvement in memory consumption compared to TLS. The proposed lightweight protocol effectively balances advanced security and efficiency, maintaining data confidentiality, integrity, and availability in smart metering without sacrificing performance. Security testing against the Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege (STRIDE) model confirmed the resilience of this new protocol, thereby enhancing the security framework. This research not only establishes a more secure foundation for smart metering but also sets a precedent for future studies on integrating lightweight cryptographic frameworks in IoT environments

Securing the in-vehicle network

Recent research into automotive security has shown that once a single electronic vehicle component is compromised, it is possible to take control of the vehicle. These components, called Electronic Control Units, are embedded systems which manage a significant part of the functionality of a modern car. They communicate with each other via the in-vehicle network, known as the Controller Area Network, which is the most widely used automotive bus. In this thesis, we introduce a series of novel proposals to improve the security of both the Controller Area Network bus and the Electronic Control Units. The Controller Area Network suffers from a number of shortfalls, one of which is the lack of source authentication. We propose a protocol that mitigates this fundamental shortcoming in the Controller Area Network bus design, and protects against a number of high profile media attacks that have been published. We derive a set of desirable security and compatibility properties which an authentication protocol for the Controller Area Network bus should possess. We evaluate our protocol, along with other proposed protocols in the literature, with respect to the defined properties. Our systematic analysis of the protocols allows the automotive industry to make an informed choice regarding the adoption suitability of these solutions. However, it is not only the communication of Electronic Control Units that needs to be secure, but the firmware running on them as well. The growing number of Electronic Control Units in a vehicle, together with their increasing complexity, prompts the need for automated tools to test their security. Part of the challenge in designing such a tool is the diversity of Electronic Control Unit architectures. To this end, this thesis presents a methodology for extracting the Control Flow Graph from the Electronic Control Unit firmware. The Control Flow Graph is a platform independent representation of the firmware control flow, allowing us to abstract from the underlying architecture. We present a fuzzer for Electronic Control Unit firmware fuzz-testing via Controller Area Network. The extracted Control Flow Graph is tagged with static data used in instructions which influence the control flow of the firmware. It is then used to create a set of input seeds for the fuzzer, and in altering the inputs during the fuzzing process. This approach represents a step towards an efficient fuzzing methodology for Electronic Control Units. To our knowledge, this is the first proposal that uses static analysis to guide the fuzzing of Electronic Control Units