Side-channel Analysis of Six SHA-3 Candidates

In this paper we study six 2nd round SHA-3 candidates from a side-channel cryptanalysis point of view. For each of them, we give the exact procedure and appropriate choice of selection functions to perform the attack. Depending on their inherent structure and the internal primitives used (Sbox, addition or XOR), some schemes are more prone to side channel analysis than others, as shown by our simulations

First Experimental Result of Power Analysis Attacks on a FPGA Implementation of LEA

The lightweight encryption algorithm (LEA) is a 128-bit block cipher introduced in 2013. It is based on Addition, rotation, XOR operations for 32-bit words. Because of its structure,it is useful for several devices to achieve a high speed of encryption and low-power consumption.However, side-channel attacks on LEA implementations have not been examined.In this study, we perform a power analysis attack on LEA. We implemented LEA with 128-bit key size on FPGA in a straightforward manner. Our experimental results show that we can successfully retrieve a 128-bit master key by attacking a first round encryption

Side-channel Analysis of Gr{\o}stl and Skein

International audienceIn this work, a detailed study of two finalists of the SHA-3 competition from the side-channel analysis point of view is provided. For both functions when used as a MAC, this paper presents detected strategies for performing a power analysis. Besides the classical HMAC mode, two additionally proposed constructions, the envelope MAC for Grøstl and the Skein-MAC for Skein are analyzed. Consequently, examples of software countermeasures thwarting first-order DPA or CPA are given. For the validation of our choices, HMAC-Grøstl, HMAC-Skein as well as the countermeasures were implemented on a 32-bit ARM-based smart card, and power analysis attacks were mounted in practice on both unprotected and protected implementations. Finally, the performance difference between both versions is discussed

Breaking Ed25519 in WolfSSL

Ed25519 is an instance of the Elliptic Curve based signature scheme EdDSA that was recently introduced to solve an inconvenience of the more established ECDSA. Namely, both schemes require the generation of a random value (scalar of the ephemeral key pair) during the signature generation process and the secrecy of this random value is critical for security: knowledge of one such a random value, or partial knowledge of a series of them, allows reconstructing the signer\u27s private key. In ECDSA it is not specified how to generate this random value and hence implementations critically rely on the quality of random number generators and are challenging to implement securely. EdDSA removes this dependence by deriving the secret deterministically from the message and a long-term auxiliary key using a cryptographic hash function. The feature of determinism has received wide support as enabling secure implementations and in particular deployment of Ed25519 is spectacular. Today Ed25519 is used in numerous security protocols, networks and both software and hardware security products e.g. OpenSSH, Tor, GnuPG etc. In this paper we show that in use cases where power or electromagnetic leakage can be exploited, exactly the mechanism that makes EdDSA deterministic complicates its secure implementation. In particular, we break an Ed25519 implementation in WolfSSL, which is a suitable use case for IoT applications. We apply differential power analysis (DPA) on the underlying hash function, SHA-512, requiring only 4000 traces. Finally, we present a tweak to the EdDSA protocol that is cheap and effective against the described attack while keeping the claimed advantage of EdDSA over ECDSA in terms of featuring less things that can go wrong e.g. the required high-quality randomness. However, we do argue with our countermeasure that some randomness (that need not be perfect) might be hard to avoid

Arithmetic Addition over Boolean Masking - Towards First- and Second-Order Resistance in Hardware

A common countermeasure to thwart side-channel analysis attacks is algorithmic masking. For this, algorithms that mix Boolean and arithmetic operations need to either apply two different masking schemes with secure conversions or use dedicated arithmetic units that can process Boolean masked values. Several proposals have been published that can realize these approaches securely and efficiently in software. But to the best of our knowledge, no hardware design exists that fulfills relevant properties such as efficiency and security at the same time. In this paper, we present two design strategies to realize a secure and efficient arithmetic adder for Boolean-masked values. First, we introduce an architecture based on the ripple-carry adder that targets low-cost applications. The second architecture is based on a pipelined Kogge-Stone adder and targets high-performance applications. In particular, all our implementations adopt the threshold implementation approach to improve their resistance against SCA attacks even in the presence of glitches. We evaluated the security of our designs practically against SCA using a non-specific statistical t-test. Based on our analysis, we show that our constructions not only achieve resistance against first- and (univariate) second-order attacks but also require fewer random bits per operation compared to any existing software-based approach

The KISS principle in Software-Defined Networking: An architecture for Keeping It Simple and Secure

Security is an increasingly fundamental requirement in Software-Defined Networking (SDN). However, the pace of adoption of secure mechanisms has been slow, which we estimate to be a consequence of the performance overhead of traditional solutions and of the complexity of the support infrastructure required. As a first step to addressing these problems, we propose a modular secure SDN control plane communications architecture, KISS, with innovative solutions in the context of key distribution and secure channel support. A comparative analysis of the performance impact of essential security primitives guided our selection of basic primitives for KISS. We further propose iDVV, the integrated device verification value, a deterministic but indistinguishable-from-random secret code generation protocol, allowing the local but synchronized generation/verification of keys at both ends of the channel, even on a per-message basis. iDVV is expected to give an important contribution both to the robustness and simplification of the authentication and secure communication problems in SDN. We show that our solution, while offering the same security properties, outperforms reference alternatives, with performance improvements up to 30% over OpenSSL, and improvement in robustness based on a code footprint one order of magnitude smaller. Finally, we also prove and test randomness of the proposed algorithms

The KISS principle in Software-Defined Networking: An architecture for Keeping It Simple and Secure

Security is an increasingly fundamental requirement in Software-Defined Networking (SDN). However, the pace of adoption of secure mechanisms has been slow, which we estimate to be a consequence of the performance overhead of traditional solutions and of the complexity of the support infrastructure required. As a first step to addressing these problems, we propose a modular secure SDN control plane communications architecture, KISS, with innovative solutions in the context of key distribution and secure channel support. A comparative analysis of the performance impact of essential security primitives guided our selection of basic primitives for KISS. We further propose iDVV, the integrated device verification value, a deterministic but indistinguishable-from-random secret code generation protocol, allowing the local but synchronized generation/verification of keys at both ends of the channel, even on a per-message basis. iDVV is expected to give an important contribution both to the robustness and simplification of the authentication and secure communication problems in SDN. We show that our solution, while offering the same security properties, outperforms reference alternatives, with performance improvements up to 30% over OpenSSL, and improvement in robustness based on a code footprint one order of magnitude smaller. Finally, we also prove and test randomness of the proposed algorithms

Differential Fault Analysis of SHA3-224 and SHA3-256

The security of SHA-3 against different kinds of attacks are of vital importance for crypto systems with SHA-3 as the security engine. In this paper, we look into the differential fault analysis of SHA-3, and this is the first work to conquer SHA3-224 and SHA3-256 using differential fault analysis. Comparing with one existing related work, we relax the fault models and make them realistic for different implementation architectures. We analyze fault propagation in SHA-3 under such single-byte fault models, and propose to use fault signatures at the observed output for analysis and secret retrieval. Results show that the proposed method can effectively identify the injected single-byte faults, and then recover the whole internal state of the input of last round $\chi$ operation ($\chi^{22}_i$) for both SHA3-224 and SHA3-256

A Unified Security Model of Authenticated Key Exchange with Specific Adversarial Capabilities

The most widely accepted models in the security proofs of Authenticated Key Exchange protocols are the Canetti-Krawczyk and extended Canetti-Krawczyk models that admit different adversarial queries with ambiguities and incomparable strength. It is desirable to incorporate specific and powerful adversarial queries into a single unified security model and establish a more practical-oriented security notion. Concerning the security of one-round implicitly authenticated Diffie-Hellman key exchange protocols, we present a unified security model that has many advantages over the previous ones. In the model, a system environment is set up, all of adversarial queries are practically interpreted and definitely characterized through physical environment, and some rigorous rules of secret leakage are also specified. To demonstrate usability of our model, a new protocol based on the OAKE protocol is proposed, which satisfies the presented strong security notion and attains high efficiency. The protocol is proven secure in random oracle model under gap Diffie-Hellman assumption

Power Analysis Attacks on Keccak

Side Channel Attacks (SCA) exploit weaknesses in implementations of cryptographic functions resulting from unintended inputs and outputs such as operation timing, electromagnetic radiation, thermal/acoustic emanations, and power consumption to break cryptographic systems with no known weaknesses in the algorithm’s mathematical structure. Power Analysis Attack (PAA) is a type of SCA that exploits the relationship between the power consumption and secret key (secret part of input to some cryptographic process) information during the cryptographic device normal operation. PAA can be further divided into three categories: Simple Power Analysis (SPA), Differential Power Analysis (DPA) and Correlation Power Analysis (CPA). PAA was first introduced in 1998 and mostly focused on symmetric-key block cipher Data Encryption Standard (DES). Most recently this technique has been applied to cryptographic hash functions. Keccak is built on sponge construction, and it provides a new Message Authentication Code (MAC) function called MAC-Keccak. The focus of this thesis is to apply the power analysis attacks that use CPA technique to extract the key from the MAC-Keccak. So far there are attacks of physical hardware implementations of MAC-Keccak using FPGA development board, but there has been no side channel vulnerability assessment of the hardware implementations using simulated power consumption waveforms. Compared to physical power extraction, circuit simulation significantly reduces the complexity of mounting a power attack, provides quicker feedback during the implementation/study of a cryptographic device, and that ultimately reduces the cost of testing and experimentation. An attack framework was developed and applied to the Keccak high speed core hardware design from the SHA-3 competition, using gate-level circuit simulation. The framework is written in a modular fashion to be flexible to attack both simulated and physical power traces of AES, MAC-Keccak, and future crypto systems. The Keccak hardware design is synthesized with the Synopsys 130-nm CMOS standard cell library. Simulated instantaneous power consumption waveforms are generated with Synopsys PrimeTime PX. 1-bit, 2-bit, 4-bit, 8-bit, and 16-bit CPA selection function key guess size attacks are performed on the waveforms to compare/analyze the optimization and computation effort/performance of successful key extraction on MAC-Keccak using 40 byte key size that fits the whole bottom plane of the 3D Keccak state. The research shows the larger the selection function key guess size used, the better the signal-noise-ratio (SNR), therefore requiring fewer numbers of traces needed to be applied to retrieve the key but suffer from higher computation effort time. Compared to larger selection function key guess size, smaller key guess size has lower SNR that requires higher number of applied traces for successful key extraction and utilizes less computational effort time. The research also explores and analyzes the attempted method of attacking the second plane of the 3D Keccak state where the key expands beyond 40 bytes using the successful approach against the bottom plane