Degenerate Fault Attacks on Elliptic Curve Parameters in OpenSSL

In this paper, we describe several practically exploitable fault attacks against OpenSSL\u27s implementation of elliptic curve cryptography, related to the singular curve point decompression attacks of Blömer and Günther (FDTC2015) and the degenerate curve attacks of Neves and Tibouchi (PKC 2016). In particular, we show that OpenSSL allows to construct EC key files containing explicit curve parameters with a compressed base point. A simple single fault injection upon loading such a file yields a full key recovery attack when the key file is used for signing with ECDSA, and a complete recovery of the plaintext when the file is used for encryption using an algorithm like ECIES. The attack is especially devastating against curves with $j$-invariant equal to 0 such as the Bitcoin curve secp256k1, for which key recovery reduces to a single division in the base field. Additionally, we apply the present fault attack technique to OpenSSL\u27s implementation of ECDH, by combining it with Neves and Tibouchi\u27s degenerate curve attack. This version of the attack applies to usual named curve parameters with nonzero $j$-invariant, such as P192 and P256. Although it is typically more computationally expensive than the one against signatures and encryption, and requires multiple faulty outputs from the server, it can recover the entire static secret key of the server even in the presence of point validation. These various attacks can be mounted with only a single instruction skipping fault, and therefore can be easily injected using low-cost voltage glitches on embedded devices. We validated them in practice using concrete fault injection experiments on a Rapsberry Pi single board computer running the up to date OpenSSL command line tools---a setting where the threat of fault attacks is quite significant

Secure Data Aggregation in Wireless Sensor Networks. Homomorphism versus Watermarking Approach

International audienceWireless sensor networks are now in widespread use to monitor regions, detect events and acquire information. Since the deployed nodes are separated, they need to cooperatively communicate sensed data to the base station. Hence, transmissions are a very energy consuming operation. To reduce the amount of sending data, an aggregation approach can be applied along the path from sensors to the sink. However, usually the carried information contains confidential data. Therefore, an end-to-end secure aggregation approach is required to ensure a healthy data reception. End-to-end encryption schemes that support operations over cypher-text have been proved important for private party sensor network implementations. These schemes offer two main advantages: end-to-end concealment of data and ability to operate on cipher text, then no more decryption is required for aggregation. Unfortunately, nowadays these methods are very complex and not suitable for sensor nodes having limited resources. In this paper, we propose a secure end-to-end encrypted-data aggregation scheme. It is based on elliptic curve cryptography that exploits a smaller key size. Additionally, it allows the use of higher number of operations on cypher-texts and prevents the distinction between two identical texts from their cryptograms. These properties permit to our approach to achieve higher security levels than existing cryptosystems in sensor networks. Our experiments show that our proposed secure aggregation method significantly reduces computation and communication overhead and can be practically implemented in on-the-shelf sensor platforms. By using homomorphic encryption on elliptic curves, we thus have realized an efficient and secure data aggregation in sensor networks. Lastly, to enlarge the aggregation functions that can be used in a secure wireless sensor network, a watermarking-based authentication scheme is finally proposed

Discrete Logarithm Cryptography

The security of many cryptographic schemes relies on the intractability of the discrete logarithm problem (DLP) in groups. The most commonly used groups to deploy such schemes are the multiplicative (sub)groups of finite fields and (hyper)elliptic curve groups over finite fields. The elements of these groups can be easily represented in a computer and the group arithmetic can be efficiently implemented. In this thesis we first study certain subgroups of characteristic-two and characteristic-three finite field groups, with the goal of obtaining more efficient representation of elements and more efficient arithmetic in the corresponding groups. In particular, we propose new compression techniques and exponentiation algorithms, and discuss some potential benefits and applications. Having mentioned that intractability of DLP is a basis for building cryptographic protocols, one should also take into consideration how a system is implemented. It has been shown that realistic (validation) attacks can be mounted against elliptic curve cryptosystems in the case that group membership testing is omitted. In the second part of the thesis, we extend the notion of validation attacks from elliptic curves to hyperelliptic curves, and show that singular curves can be used effectively in such attacks. Finally, we tackle a specific location-privacy problem called the nearby friend problem. We formalize the security model and then propose a new protocol and its extensions that solve the problem in the proposed security model. An interesting feature of the protocol is that it does not depend on any cryptographic primitive and its security is primarily based on the intractability of the DLP. Our solution provides a new approach to solve the nearby friend problem and compares favorably with the earlier solutions to this problem

Physical attacks on pairing-based cryptography

In dieser Dissertation analysieren wir Schwächen paarungsbasierter kryptographischer Verfahren gegenüber physikalischen Angriffen wie Seitenkanalangriffen und Fehlerangriffen. Verglichen mit weitverbreiteten Primitiven, beispielsweise basierend auf elliptischen Kurven, ist noch relativ wenig über Angriffsmöglichkeiten aufpaarungsbasierte Verfahren bekannt. Ein Grund dafür ist die hohe Komplexität paarungsbasierter Kryptographie und fehlende Standards für die Festlegung von Parametern, Algorithmen und Verfahren. Des Weiteren läßt sich Wissen aus dem Zusammenhang mit elliptischen Kurven aufgrundstruktureller Unterschiede nicht direkt übertragen. Um ein besseres Verständnis des Problems zu erlangen, präsentieren wir in dieser Arbeit neue physikalische Angriffe auf paarungsbasierte Kryptographie. Unsere Ergebnisse, einschließlich deren praktische Umsetzung, machen deutlich, dass physikalische Angriffe eine Gefahr für die Implementierung paarungsbasierter kryptographischer Verfahren darstellen. Diese Gefahr sollte weiter untersucht und bei der Realisierung dieser Verfahren berücksichtig werden. Weiterhin zeigen unsere Ergebnisse, dass eine Einigung über verwendete Parameter, Algorithmen und Verfahren erzielt werden sollte, um die Komplexität von paarungsbasierter Kryptographie hinischtlich physikalische rAngriffe zu vermindern.In this thesis, we analyze the vulnerability of pairing-based cryptographic schemes against physical attacks like side-channel attacks (SCAs) or fault attacks (FAs). Compared to well-established cryptographic schemes, for example, from standard elliptic curve cryptography (ECC), less is known about weaknesses of pairing-based cryptography (PBC) against those attacks. Reasons for this shortcoming are the complexity of PBC and a missing consensus on parameters, algorithms, and schemes,e.g., in the form of standards. Furthermore, the structural difference between ECC and PBC prevents a direct application of the results from ECC. To get a better understanding of the subject, we present new physical attacks on PBC. Our results, including the practical realizations of our attacks, show that physical attacks are a threat for PBC and need further investigation. Our work also shows that the community should agree on parameters, algorithms, and schemes to reduce the complexity of PBC with respect to physical attacks.Peter Günther ; Supervisor: Prof. Dr. rer. nat. Johannes BlömerTag der Verteidigung: 14.03.2016Universität Paderborn, Univ., Dissertation, 201

Key Compression for Isogeny-Based Cryptosystems

We present a method for key compression in quantum-resistant isogeny-based cryptosystems, which reduces storage and transmission costs of per-party public information by a factor of two, with no effect on the security level of the scheme. We achieve this reduction by compressing both the representation of an elliptic curve, and torsion points on said curve. Compression of the elliptic curve is achieved by associating each j-invariant to a canonical choice of elliptic curve, and the torsion points will be represented as linear combinations with respect to a canonical choice of basis for this subgroup. This method of compressing public information can be applied to numerous isogeny-based protocols, such as key exchange, zero-knowledge identification, and public-key encryption. The details of utilizing compression for each of these cryptosystems is explained. We provide implementation results showing the computational cost of key compression and decompression at various security levels. Our results show that isogeny-based cryptosystems achieve the smallest possible key sizes among all existing families of post-quantum cryptosystems at practical security levels

Implementation of cryptographic algorithms and protocols

The purpose of the project is to provide a practical survey of both the principles and practice of cryptography. Cryptography has become an essential tool in transmission of information. Cryptography is the central part of several fields: information security and related issues, particularly, authentication, and access control. Cryptography encompasses a large number of algorithms which are used in building secure applications

Data Encryption and Decryption Using Hill Cipher Method and Self Repetitive Matrix

Since times immemorial, security of data to maintain its confidentiality, proper access control, integrity and availability has been a major issue in data communication. As soon as a sensitive message was etched on a clay tablet or written on the royal walls, then it must have been foremost in the sender’s mind that the information should not get intercepted and read by a rival. Codes, hence, form an important part of our history, starting from the paintings of Da Vinci and Michelangelo to the ancient Roman steganographic practices the necessity of data hiding was obvious

Watermarking Technique for Multimedia Documents in the Frequency Domain

In order to secure and maintain the authenticity and integrity of multimedia documents, we use digital watermarking. This discipline can be applied to images, audios, and videos. For this reason, and to be independent of the nature of the signal composing the document to be watermarked, we will propose in this chapter two watermarking techniques, one for the audio and another for the image to watermark a video containing the two components audio and image. MDCT is combined with Watson model and a motion detection algorithm in the image watermarking technique and is combined with a psychoacoustic model to elaborate the audio watermarking technique. For the two techniques, the bits of the mark will be duplicated to increase the capacity of insertion and then inserted into the least significant bit (LSB). We will use an error correction code (Hamming) on the mark for more reliability in the detection phase. To highlight our experimental results point of view robustness and imperceptibility, we will compare the proposed techniques with some other existing techniques

Effect of Intratympanic Gentamicin Therapy in Meniere’s disease

INTRODUCTION: Prosper Meniere was the first person to describe the symptoms of Meniere’s disease in1861. He proposed that the pathologic locus was in the labyrinth. Meniere’s disease is a disorder of the inner ear. The symptom complex of Meniere’s disease consists of spontaneous, episodic attacks of vertigo, fluctuating sensorineural hearing loss, tinnitus, sensation of aural fullness. Meniere’s disease is often idiopathic and it can be caused by distention of endolymphatic space. Incidence of Meniere’s disease is more common in patient attending neuro otology clinic with dizziness. This disease has peak incidence in working age group between 30 to 60 years. Gentamicin is an amino glycoside antibiotic that is preferentially toxic to the dark cell and hair cells of the vestibular labyrinth. It is less cochlea toxic when compared with other amino glycoside. Now the gentamicin perfusion has emerged as a predominant therapy for incapacitating the vertigo of Meniere’s disease. This study has been done to find out the effect of intratympanic gentamicin therapy in Meniere’s disease. AIMS OF STUDY: 1. To diagnose the patients with very definite and definite Meniere’s disease using electrocochleography. 2. To study the effectiveness of intratympanic gentamicin therapy in vertigo control. 3. To compare the intratympanic gentamicin therapy and oral therapy in Meniere’s disease. 4. To study the post intratympanic gentamicin therapy electrocochleographic changes. 5. To study the changes in hearing level, pre and post intratympanic gentamicin therapy. MATERIALS: This study was a prospective study. Institutional ethical committee clearance was obtained for the study. During the study period Jan 2010 to Nov 2010, the patients attending the outpatient department of the Upgraded Institute of Otorhinolaryngology, Madras Medical College & Government General Hospital, and Chennai were screened for Meniere’s disease. These patients were explained about the study. Those who have given consent were included in the study as per inclusion and exclusion criteria. Inclusion Criteria: People attending neuro – otologic clinic were classified into Very definite and Definite Meniere’s disease according to AAO HNS classification. AAO-HNS CLASSIFICATION: VERY DEFINITE MERIERE’S DISEASE • The patient has had at least two attacks of sudden vertigo has lasted more than 20 minutes but less than a day along with Deafness, Tinnitus, Aural fullness, Glycerol dehydration test positive, EcochG positive. DEFINITE MENIERE’S DISEASE; • Episodic vertigo, Deafness, Tinnitus, Aural fullness, Positive glycerol positive test, Typical EcochG finding not present. Both male and female, age > 15 years. Exclusion Criteria: People with previous ear disease like CSOM, congenital malformation, People with previous ear surgeries, syphilis, intracranial tumour, People on ototoxic drugs, head injury, any other major exanthematous illness, People with positive family history of HOH. Sample Size: 50. Control Group: The patients were attending neuro-otologic clinic with symptoms of Meniere’s disease. The patient is treated with oral betahistine. CONCLUSION: In this study 60% of patients were diagnosed with very definite Meniere’s disease and 40% of patients were diagnosed definite Meniere’s disease using ECochG. In this study 60% of patients showed improvements of vertigo control with intratympanic gentamicin therapy, while in control group only 30% of patients showed improvements. My study shows that intatympanic gentamicin therapy is more effective in controlling vertigo in Meniere’s disease patients. Post intra tympanic gentamicin therapy ECochG was significantly improved. In this study 10% of patients showed worsening of hearing level with intratympanic gentamicin therapy, while in 6.7% of patients showed worsening of hearing with oral therapy

Aerospace medicine and biology: A continuing bibliography with indexes, supplement 190, February 1979

This bibliography lists 235 reports, articles, and other documents introduced into the NASA scientific and technical information system in January 1979