Efficient Cache Attacks on AES, and Countermeasures

We describe several software side-channel attacks based on inter-process leakage through the state of the CPU’s memory cache. This leakage reveals memory access patterns, which can be used for cryptanalysis of cryptographic primitives that employ data-dependent table lookups. The attacks allow an unprivileged process to attack other processes running in parallel on the same processor, despite partitioning methods such as memory protection, sandboxing, and virtualization. Some of our methods require only the ability to trigger services that perform encryption or MAC using the unknown key, such as encrypted disk partitions or secure network links. Moreover, we demonstrate an extremely strong type of attack, which requires knowledge of neither the specific plaintexts nor ciphertexts and works by merely monitoring the effect of the cryptographic process on the cache. We discuss in detail several attacks on AES and experimentally demonstrate their applicability to real systems, such as OpenSSL and Linux’s dm-crypt encrypted partitions (in the latter case, the full key was recovered after just 800 writes to the partition, taking 65 milliseconds). Finally, we discuss a variety of countermeasures which can be used to mitigate such attacks.     

Efficient Untargeted White-Box Adversarial Attacks Based on Simple Initialization

Adversarial examples(AEs)are an additive amalgamation of clean examples and artificially malicious perturbations.Attackers often leverage random noise and multiple random restarts to initialize perturbation starting points,thereby increasing the diversity of AEs.Given the non-convex nature of the loss function,employing random-ness to augment the attack's success rate may lead to considerable computational overhead.To overcome this challenge,we introduce the one-hot mean square error loss to guide the initialization.This loss is combined with the strongest first-order attack,the projected gradient descent,alongside a dynamic attack step size adjustment strategy to form a comprehensive attack process.Through experimental validation,we demonstrate that our method outperforms base-line attacks in constrained attack budget scenarios and regular experimental settings.This establishes it as a reliable measure for assessing the robustness of deep learning models.We explore the broader application of this initialization strategy in enhancing the defense impact of few-shot classification models.We aspire to provide valuable insights for the community in designing attack and defense mechanisms.     

电磁攻击方法与能量攻击方法的对比

旁道攻击是避开复杂的密码算法，利用密码算法在软硬件实现中泄露出的各种信息进行攻击，电磁攻击和能量攻击是两种不同旁道攻击方法，二者既有共同之处，又有各自的特点，可以通过实验分析，进行对比。     

Bug Attacks

In this paper we present a new kind of cryptanalytic attack which utilizes bugs in the hardware implementation of computer instructions. The best-known example of such a bug is the Intel division bug, which resulted in slightly inaccurate results for extremely rare inputs. Whereas in most applications such bugs can be viewed as a minor nuisance, we show that in the case of RSA (even when protected by OAEP), Pohlig–Hellman and ElGamal encryption such bugs can be a security disaster: decrypting ciphertexts on any computer which multiplies even one pair of numbers incorrectly can lead to full leakage of the secret key, sometimes with a single well-chosen ciphertext. As shown by recent revelation of top secret NSA documents by Edward Snowden, intentional hardware modifications is a method that was used by the USA to weaken the security of commercial equipment sent to targeted organizations.     

谈谈如何制作幻灯片

主要介绍制作幻灯片的两种方法,以及在制作过程中如何给图片配制令人满意的颜色,最后介绍如何处理幻灯片等的一些知识。     

数据加密算法IDEA的错误引入攻击研究

文中研究对IDEA的一个差分错误分析方法。它基于暂时随机的比特错误,并利用IDEA中群运算的差分特性。模拟实验表明,该攻击方法能够确定IDEA初始密钥中的62个比特。给出对IDEA的一个基于永久性错误的错误引入攻击方法。该攻击要求攻击者能够永久地毁掉密码设备中的几个寄存器,并使得它们寄存的值总为零。利用该攻击,攻击者可以找出IDEA初始密钥中的96个比特。     

防止外部网络的攻击

本文从当前网络安全的情况出发，讨论如何利用路由器、防火墙来防范来自外部网络的侵扰，同时也就网络服务器的系统安全作了一个简短的论述。     

Attacks on MacDES MAC algorithm

Two new attacks are given on a cipher block chaining-message authentication code algorithm which is in the final stages of being standardised as MAC algorithm 4 in ISO/IEC FDIS 9797-1. The attacks are significantly more efficient than previously known attacks, which means that the inclusion of this scheme in the standard will need to be reconsidered     

一种抵制Ad Hoc泛洪攻击的方法

移动Ad Hoc网络的节点常被安装在无人看护的地方,并且缺乏对物理窃听的防范.因此,移动网络节点容易受到安全威胁.当受到拒绝服务攻击的时候,Ad Hoc网络表现的特别脆弱.在这篇文章中,我们分析了一种新的DoS攻击――Ad Hoc泛洪攻击,在Ad Hoc网络中当使用按需路由的协议时,很容易受到这种泛洪攻击的威胁.它能使整个网络处于一种拒绝服务的状态.入侵者广播大量的路由请求分组,或者发送大量的攻击数据包以耗尽带宽和节点的资源,从而使正常的通信被拒绝.而后提出了泛洪攻击预防方法(Flooding Attack Prevention FAP).这种方法能够有效地防止移动自组织网络中的Ad Hoc泛洪攻击.FAP方法是由邻居抑制和路径切断两个方面组成.当入侵者广播大量的路由请求分组时,它的邻居就会察觉到高频的路由请求,它会根据收到的查询率来降低它和入侵者之间通信的优先级,而且,无服务的低优先级查询最终会被丢弃.当入侵者发送大量的攻击数据包给一个目标节点时,这个节点可能会切断这条路径并且不再和入侵者建立路径.因此,在移动自组织网络中,可以通过FAP来防止Ad Hoc泛洪攻击.     

The Politics of DDoS Attacks

News about distributed-denial-of-service attacks on Estonian government Web sites might have represented more smoke than fire, but it also revealed a new political battlefield. Networking veterans say public officials' accusations can make ad hoc "hacktivism" seem like a state-sponsored attack. When you add porous network defenses and a credulous media, you've got the potential for a real problem.     

DES的破译探讨

介绍了几种DES破译方法的复杂性,证明DES的密钥变换函数是不封闭的。最后通过模拟实验证明采用多层神经网络直接破译16轮DES是不可行的。     

A Security Protocol Resistant to Intermittent Position Trace Attacks and Desynchronization Attacks in RFID Systems

Radio frequency identification (RFID) technology will become more popular in various applications in the near future. But the security issues in RFID systems have hindered this technical promotion seriously. The extant RFID security protocols have serious insufficiency and flaws to resistance trace attacks and desynchronization attacks. In this paper, we propose a security protocol that can against the intermittent position trace attacks and desynchronization attacks. We prove the security of the proposed protocol by data reduction method with the learning parity with noise and formally verify the functionality of the proposed scheme by using Colored Petri Nets.     

对SDPA动态口令方案的攻击及其改进

对SDPA方案进行了详细、系统的分析,找出其弱点并进行了有效攻击.运用公钥加密体制、对称加密算法对原来的动态口令方案进行了改进.改进的方案使用户和服务器之间进行相互认证,建立了多个共享密钥,对改进方案的安全性进行了理论分析,证明其性能明显提高.     

New Second-Preimage Attacks on Hash Functions

In this work, we present several new generic second-preimage attacks on hash functions. Our first attack is based on the herding attack and applies to various Merkle–Damgård-based iterative hash functions. Compared to the previously known long-message second-preimage attacks, our attack offers more flexibility in choosing the second-preimage message at the cost of a small computational overhead. More concretely, our attack allows the adversary to replace only a few blocks in the original target message to obtain the second preimage. As a result, our new attack is applicable to constructions previously believed to be immune to such second-preimage attacks. Among others, these include the dithered hash proposal of Rivest, Shoup’s UOWHF, and the ROX constructions. In addition, we also suggest several time-memory-data tradeoff attack variants, allowing for a faster online phase, and even finding second preimages for shorter messages. We further extend our attack to sequences stronger than the ones suggested in Rivest’s proposal. To this end we introduce the kite generator as a new tool to attack any dithering sequence over a small alphabet. Additionally, we analyse the second-preimage security of the basic tree hash construction. Here we also propose several second-preimage attacks and their time-memory-data tradeoff variants. Finally, we show how both our new and the previous second-preimage attacks can be applied even more efficiently when multiple short messages, rather than a single long target message, are available.     

网络攻击又出新花样

在网络这个不断更新换代的世界里,网络中的安全漏洞无处不在。即便旧的安全漏洞补上了,新的安全漏洞又将不断涌现。如今,利用这些存在的漏洞和安全缺陷对系统和资源进行的网络攻击又出新花样,互联网上甚至还出现了出售病毒、代人勒索、诈骗和恐吓,按件取酬的有组织团伙。流氓软件成为网民公敌“流氓软件”主要是通过“强行捆绑”方式来实现的。强行捆绑就是在网友下载的软件上,捆绑了其它未经网友同意下载并安装的软件、插件,这些流氓软件安装的时候非常隐蔽,它会随着下载过程侵入你的电脑。“流氓软件”主要分为广告软件、间谍软件、浏览器…     

Unconditionally Secure Steganography Against Active Attacks

In this paper, we study unconditionally secure stegosystems against active attacks over an insecure channel in which an adversary can read and write a message. More specifically, we propose an information-theoretic model for steganography in the presence of active adversaries by extending both Simmons' and Cachin's works; and we show a generic construction of stegosystems secure against active attacks by using authenticated encryption in unconditional setting. Although the idea behind this construction is already used in different models (i.e., computational models and/or information-theoretic models with passive adversaries) of steganography, our contribution lies in showing the construction methodology provides provable and unconditional security against active adversaries.     

Rotational Rebound Attacks on Reduced Skein

In this paper we combine two powerful methods of symmetric cryptanalysis: rotational cryptanalysis and the rebound attack. Rotational cryptanalysis was designed for the analysis of bit-oriented designs like ARX (Addition-Rotation-XOR) schemes. It has been applied to several hash functions and block ciphers, including the new standard SHA-3 (Keccak). The rebound attack is a start-from-the-middle approach for finding differential paths and conforming pairs in byte-oriented designs like Substitution-Permutation networks and AES. We apply our new compositional attack to the reduced version of the hash function Skein, a finalist of the SHA-3 competition. Our attack penetrates more than two thirds of the Skein core—the cipher Threefish, and made the designers to change the submission in order to prevent it. The rebound part of our attack has been significantly enhanced to deliver results on the largest number of rounds. We also use neutral bits and message modification methods from the practice of collision search in MD5 and SHA-1 hash functions. These methods push the rotational property through more rounds than previous analysis suggested, and eventually establish a distinguishing property for the reduced Threefish cipher. We formally prove that such a property cannot be found for an ideal cipher within the complexity limits of our attack. The complexity estimates are supported by extensive experiments.     

Improved Practical Attacks on Round-Reduced Keccak

The Keccak hash function is the winner of NIST’s SHA-3 competition, and so far it showed remarkable resistance against practical collision finding attacks: After several years of cryptanalysis and a lot of effort, the largest number of Keccak rounds for which actual collisions were found was only 2. In this paper, we develop improved collision finding techniques which enable us to double this number. More precisely, we can now find within a few minutes on a single PC actual collisions in the standard Keccak-224 and Keccak-256, where the only modification is to reduce their number of rounds to 4. When we apply our techniques to 5-round Keccak, we can get in a few days near collisions, where the Hamming distance is 5 in the case of Keccak-224 and 10 in the case of Keccak-256. Our new attack combines differential and algebraic techniques, and uses the fact that each round of Keccak is only a quadratic mapping in order to efficiently find pairs of messages which follow a high probability differential characteristic. Since full Keccak has 24 rounds, our attack does not threaten the security of the hash function.