994 research outputs found
Tight Time-Memory Trade-offs for Symmetric Encryption
Concrete security proofs give upper bounds on the attacker\u27s advantage as a function of its time/query complexity. Cryptanalysis suggests however that other resource limitations - most notably, the attacker\u27s memory - could make the achievable advantage smaller, and thus these proven bounds too pessimistic. Yet, handling memory limitations has eluded existing security proofs.
This paper initiates the study of time-memory trade-offs for basic symmetric cryptography. We show that schemes like counter-mode encryption, which are affected by the Birthday Bound, become more secure (in terms of time complexity) as the attacker\u27s memory is reduced.
One key step of this work is a generalization of the Switching Lemma: For adversaries with bits of memory issuing distinct queries, we prove an -to- bit random function indistinguishable from a permutation as long as . This result assumes a combinatorial conjecture, which we discuss, and implies right away trade-offs for deterministic, stateful versions of CTR and OFB encryption.
We also show an unconditional time-memory trade-off for the security of randomized CTR based on a secure PRF. Via the aforementioned conjecture, we extend the result to assuming a PRP instead, assuming only one-block messages are encrypted.
Our results solely rely on standard PRF/PRP security of an underlying block cipher. We frame the core of our proofs within a general framework of indistinguishability for streaming algorithms which may be of independent interest
AES-CBC Software Execution Optimization
With the proliferation of high-speed wireless networking, the necessity for
efficient, robust and secure encryption modes is ever increasing. But,
cryptography is primarily a computationally intensive process. This paper
investigates the performance and efficiency of IEEE 802.11i approved Advanced
Encryption Standard (AES)-Rijndael ciphering/deciphering software in Cipher
Block Chaining (CBC) mode. Simulations are used to analyse the speed, resource
consumption and robustness of AES-CBC to investigate its viability for image
encryption usage on common low power devices. The detailed results presented in
this paper provide a basis for performance estimation of AES cryptosystems
implemented on wireless devices. The use of optimized AES-CBC software
implementation gives a superior encryption speed performance by 12 - 30%, but
at the cost of twice more memory for code size.Comment: 8 pages, IEEE 200
Performance Evaluation of Round 2 Submission for the NIST Post-Quantum Cryptography Project
This paper looks at the submissions for round 2 of a competition held by National Institute of Standards and Technology (NIST) to find an encryption standard resistant to attacks by post-quantum computers. NIST announced its call for submissions in February 2016 with a deadline of November 2017 and announced the 69 algorithms that made the cut for round 1. In January 2019 the candidates for round 2 were announced with round 3 projected for 2020/2021
An Information-Theoretic Proof of the Streaming Switching Lemma for Symmetric Encryption
Motivated by a fundamental paradigm in cryptography, we consider a recent
variant of the classic problem of bounding the distinguishing advantage between
a random function and a random permutation. Specifically, we consider the
problem of deciding whether a sequence of values was sampled uniformly with
or without replacement from , where the decision is made by a streaming
algorithm restricted to using at most bits of internal memory. In this
work, the distinguishing advantage of such an algorithm is measured by the KL
divergence between the distributions of its output as induced under the two
cases. We show that for any the distinguishing advantage is
upper bounded by , and even by when
for any constant where it is nearly
tight with respect to the KL divergence
The Memory-Tightness of Authenticated Encryption
This paper initiates the study of the provable security of authenticated encryption (AE) in the memory-bounded setting. Recent works – Tessaro and Thiruvengadam (TCC \u2718), Jaeger and Tessaro (EUROCRYPT \u2719), and Dinur (EUROCRYPT \u2720) – focus on confidentiality, and look at schemes for which trade-offs between the attacker\u27s memory and its data complexity are inherent. Here, we ask whether these results and techniques can be lifted to the full AE setting, which additionally asks for integrity.
We show both positive and negative results. On the positive side, we provide tight memory-sensitive bounds for the security of GCM and its generalization, CAU (Bellare and Tackmann, CRYPTO \u2716). Our bounds apply to a restricted case of AE security which abstracts the deployment within protocols like TLS, and rely on a new memory-tight reduction to corresponding restricted notions of confidentiality and integrity. In particular, our reduction uses an amount of memory which linearly depends on that of the given adversary, as opposed to only imposing a constant memory overhead as in earlier works (Auerbach et al., CRYPTO \u2717).
On the negative side, we show that a large class of black-box reductions cannot generically lift confidentiality and integrity security to a joint definition of AE security in a memory-tight way
Super-Linear Time-Memory Trade-Offs for Symmetric Encryption
We build symmetric encryption schemes from a pseudorandom
function/permutation with domain size which have very high
security -- in terms of the amount of messages they can securely
encrypt -- assuming the adversary has bits of memory. We aim
to minimize the number of calls we make to the underlying
primitive to achieve a certain , or equivalently, to maximize the
achievable for a given . We target in
particular , in contrast to recent works (Jaeger and
Tessaro, EUROCRYPT \u2719; Dinur, EUROCRYPT \u2720) which aim to beat the
birthday barrier with one call when .
Our first result gives new and explicit bounds for the
Sample-then-Extract paradigm by Tessaro and Thiruvengadam (TCC
\u2718). We show instantiations for which .
If , Thiruvengadam and Tessaro\u27s weaker bounds
only guarantee when . In contrast, here,
we show this is true already for .
We also consider a scheme by Bellare, Goldreich and Krawczyk (CRYPTO
\u2799) which evaluates the primitive on independent random
strings, and masks the message with the XOR of the outputs. Here, we
show , using new combinatorial bounds
on the list-decodability of XOR codes which are of independent
interest. We also study best-possible attacks against this
construction
Designing Flexible, Energy Efficient and Secure Wireless Solutions for the Internet of Things
The Internet of Things (IoT) is an emerging concept where ubiquitous physical objects (things) consisting of sensor, transceiver, processing hardware and software are interconnected via the Internet. The information collected by individual IoT nodes is shared among other often heterogeneous devices and over the Internet.
This dissertation presents
flexible, energy efficient and secure wireless solutions in the IoT application domain. System design and architecture designs are discussed envisioning a near-future world where wireless communication among heterogeneous IoT devices are seamlessly enabled.
Firstly, an energy-autonomous wireless communication system for ultra-small, ultra-low power IoT platforms is presented. To achieve orders of magnitude energy efficiency improvement, a comprehensive system-level framework that jointly optimizes various system parameters is developed. A new synchronization protocol and modulation schemes are specified for energy-scarce ultra-small IoT nodes. The dynamic link adaptation is proposed to guarantee the ultra-small node to always operate in the most energy efficiency mode, given an operating scenario. The outcome is a truly energy-optimized wireless communication system to enable various new applications such as implanted smart-dust devices.
Secondly, a configurable Software Defined Radio (SDR) baseband processor is designed and shown to be an efficient platform on which to execute several IoT wireless standards. It is a custom SIMD execution model coupled with a scalar unit and several architectural optimizations: streaming registers, variable bitwidth, dedicated ALUs, and an optimized reduction network. Voltage scaling and clock gating are employed to further reduce the power, with a more than a 100% time margin reserved for reliable operation in the near-threshold region.
Two upper bound systems are evaluated. A comprehensive power/area estimation indicates that the overhead of realizing SDR flexibility is insignificant. The benefit of baseband SDR is quantified and evaluated.
To further augment the benefits of a flexible baseband solution and to address the security issue of IoT connectivity, a light-weight Galois Field (GF) processor is proposed. This processor enables both energy-efficient block coding and symmetric/asymmetric cryptography kernel processing for a wide range of GF sizes (2^m, m = 2, 3, ..., 233) and arbitrary irreducible polynomials. Program directed connections among primitive GF arithmetic units enable dynamically configured parallelism to efficiently perform either four-way SIMD GF operations, including multiplicative inverse, or a long bit-width GF product in a single cycle. This demonstrates the feasibility of a unified architecture to enable error correction coding flexibility and secure wireless communication in the low power IoT domain.PHDComputer Science & EngineeringUniversity of Michigan, Horace H. Rackham School of Graduate Studieshttps://deepblue.lib.umich.edu/bitstream/2027.42/137164/1/yajchen_1.pd
Side-Channel Protected MPSoC through Secure Real-Time Networks-on-Chip
The integration of Multi-Processors System-on-Chip (MPSoCs) into the Internet -of -Things (IoT) context brings new opportunities, but also represent risks. Tight real-time constraints and security requirements should be considered simultaneously when designing MPSoCs. Network-on-Chip (NoCs) are specially critical when meeting these two conflicting characteristics. For instance the NoC design has a huge influence in the security of the system. A vital threat to system security are so-called side-channel attacks based on the NoC communication observations. To this end, we propose a NoC security mechanism suitable for hard real-time systems, in which schedulability is a vital design requirement. We present three contributions. First, we show the impact of the NoC routing in the security of the system. Second, we propose a packet route randomisation mechanism to increase NoC resilience against side-channel attacks. Third, using an evolutionary optimisation approach, we effectively apply route randomisation while controlling its impact on hard real-time performance guarantees. Extensive experimental evidence based on analytical and simulation models supports our findings
- …