Blind mask template attacks on masked cryptographic algorithm

Masking is a countermeasure against differential power analysis (DPA) attacks on cryptographic devices by using random masks to randomize the leaked power of sensitive information.Template attacks (TA) against cryptographic devices with masking countermeasure by far require attackers have knowledge of masks at the profiling phase.This requirement not only increase the prerequisite of template attacking,but also lead to some sort of difference between the experimental encryption codes of the profiling device and the codes of commercial cryptographic devices,which might degrade performance in real world attacking.Blind mask template attack directly learns templates for the combination of no mask intermediate values without the need of knowing the masks of training power traces,and then uses these templates to attack masked cryptographic devices.Both traditional Gaussian distribution and neural network were adopted as the templates in experiments.Experimental results verified the feasibility of this new approach.The success rate of neural network based blind mask template attacking against masked cryptographic devices is very close to that of traditional template attacks against cryptographic devices without masking countermeasure.     

Kernel-based template attacks of cryptographic circuits using static power

Side-channel attacks using static power have been shown to be successful against cryptographic circuits in different environments. This class of attacks exploits the power leakage when the circuit is in a static state, during which the power leakage is expected to be a fixed value. Due to the low signal-to-noise ratio of static power, usually more traces are needed for a static power attack to reach the same success rate as a dynamic power attack. The probabilistic distribution pattern of static power varies significantly in different devices, which further poses challenges to the accurate modeling of static power. In this paper we propose non-parametric template attacks which use a kernel methodology to improve the accuracy of modeling static power consumption. The proposed template attacks are tested using transistor-level simulations of circuits designed with a 45-nm standard cell library. Our test results show that our approach improves the success rate of template attacks using static power in cases where the distribution of static power consumption cannot be accurately modeled by Gaussian models.     

Novel Reversible Design of Advanced Encryption Standard Cryptographic Algorithm for Wireless Sensor Networks

The quantum of power consumption in wireless sensor nodes plays a vital role in power management since more number of functional elements are integrated in a smaller space and operated at very high frequencies. In addition, the variations in the power consumption pave the way for power analysis attacks in which the attacker gains control of the secret parameters involved in the cryptographic implementation embedded in the wireless sensor nodes. Hence, a strong countermeasure is required to provide adequate security in these systems. Traditional digital logic gates are used to build the circuits in wireless sensor nodes and the primary reason for its power consumption is the absence of reversibility property in those gates. These irreversible logic gates consume power as heat due to the loss of per bit information. In order to minimize the power consumption and in turn to circumvent the issues related to power analysis attacks, reversible logic gates can be used in wireless sensor nodes. This shifts the focus from power-hungry irreversible gates to potentially powerful circuits based on controllable quantum systems. Reversible logic gates theoretically consume zero power and have accurate quantum circuit model for practical realization such as quantum computers and implementations based on quantum dot cellular automata. One of the key components in wireless sensor nodes is the cryptographic algorithm implementation which is used to secure the information collected by the sensor nodes. In this work, a novel reversible gate design of 128-bit Advanced Encryption Standard (AES) cryptographic algorithm is presented. The complete structure of AES algorithm is designed by using combinational logic circuits and further they are mapped to reversible logic circuits. The proposed architectures make use of Toffoli family of reversible gates. The performance metrics such as gate count and quantum cost of the proposed designs are rigorously analyzed with respect to the existing designs and are properly tabulated. Our proposed reversible design of AES algorithm shows considerable improvements in the performance metrics when compared to existing designs.     

基于NCL电路的抗故障攻击设计研究

作为旁路攻击的一种重要方式,故障攻击为攻击者对密码系统实施攻击提供了更加丰富的信息和手段,并几乎攻破了当前所有主流的密码体制。针对故障攻击的防御问题,大量的防御方案被提出,但大都在空间/时间代价、故障覆盖率等方面存在不足。该文以NCL(Null Convention Logic)电路及双轨编码的强鲁棒性特点为基础,通过综合运用轨间信号同步、传播延迟匹配、非法编码检测及自反馈等手段,提出一种电路级故障攻击防御方法。分析及实验表明,该防御方法能够以较小的代价实现有效的故障检测,抑制各类故障的传播,并能非常方便地扩展至自动化综合过程中。     

A delay-bounded event-monitoring and adversary-identification protocol in resource-constraint sensor networks

Event monitoring is a common application in wireless sensor networks. For event monitoring, a number of sensor nodes are deployed to monitor certain phenomenon. When an event is detected, the sensor nodes report it to a base station (BS), where a network operator can take appropriate action based on the event report. In this paper, we are interested in scenarios where the event must be reported within a time bound to the BS possibly over multiple hops. However, such event reports can be hampered by compromised nodes in the middle that drop, modify, or delay the event report.To defend against such an attack, we propose Sem, a Secure Event Monitoring protocol against arbitrary malicious attacks by Byzantine adversary nodes. Sem provides the following provable security guarantees. As long as the compromised nodes want to stay undetected, a legitimate sensor node can report an event to the BS within a bounded time. If the compromised nodes prevent the event from being reported to the BS within the bounded time, the BS can identify a pair of nodes that is guaranteSchool of Electrical and Computer Engineeringed to contain at least one compromised node. To the best of our knowledge, no prior work in the literature can provide such guarantees.Sem is designed to use the minimum level of asymmetric cryptography during normal operation when there is no attack, and use cryptographic primitives more liberally when an attack is detected. This design has the advantage that the overall Sem protocol is lightweight in terms of the computational resources and the network traffic required by the cryptographic operations. We also show an operational example of Sem using TOSSIM simulations.     

Quarantine region scheme to mitigate spam attacks in wireless-sensor networks

The quarantine region scheme (QRS) is introduced to defend against spam attacks in wireless sensor networks where malicious antinodes frequently generate dummy spam messages to be relayed toward the sink. The aim of the attacker is the exhaustion of the sensor node batteries and the extra delay caused by processing the spam messages. Network-wide message authentication may solve this problem with a cost of cryptographic operations to be performed over all messages. QRS is designed to reduce this cost by applying authentication only whenever and wherever necessary. In QRS, the nodes that detect a nearby spam attack assume themselves to be in a quarantine region. This detection is performed by intermittent authentication checks. Once quarantined, a node continuously applies authentication measures until the spam attack ceases. In the QRS scheme, there is a trade-off between the resilience against spam attacks and the number of authentications. Our experiments show that, in the worst-case scenario that we considered, a not quarantined node catches 80 percent of the spam messages by authenticating only 50 percent of all messages that it processes.     

针对密码芯片的电磁模板分析攻击

给出一种简单的电磁信号的获取办法,说明密码芯片的电磁信号能够用一个手工绕制的金属线圈获取,并且其信号幅度和操作数的汉明重量相关.在描述模板攻击原理和步骤的基础上,介绍了针对密码芯片的电磁模板分析攻击,并且针对一个单片机(AT89C52)上实现的DES密码系统进行了电磁模板分析攻击实验,实验成功恢复了DES第16轮使用的48位子密钥.     

Practical Cryptanalysis of Bluetooth Encryption with Condition Masking

In this paper, we study the security of a general two-level E0-like encryption model and its instance, the real-world Bluetooth encryption scheme. Both unconditional and conditional correlation properties of the two-level model are investigated in theory and a key-recovery framework based on condition masking, that studies how to choose the condition to get better tradeoffs on the time/memory/data complexity curve, is refined. A novel design criterion to resist the attack is proposed and analyzed. Inspired by these cryptanalytic principles, we describe more threatening and real time attacks on two-level E0. It is shown that only the latest four inputs going into the FSM play the most important role in determining the magnitude of the conditional correlation and the data complexity analysis of the previous practical attacks on two-level E0 are inaccuracy. A new decoding method to improve the data complexity is provided. In the known-IV scenario, if the first 24 bits of \(2^{24}\) frames are available, the secret key can be reliably found with \(2^{25}\) on-line computations, \(2^{21.1}\) off-line computations and 4 MB memory. Then, we convert the attack into a ciphertext-only attack, which needs the first 24 bits of \(2^{26}\) frames and all the complexities are under \(2^{26}\). This is the first practical ciphertext-only attack on the real Bluetooth encryption scheme so far. A countermeasure is suggested to strengthen the security of Bluetooth encryption in practical applications.     

A Comprehensive FPGA-Based Assessment on Fault-Resistant AES against Correlation Power Analysis Attack

The secret key used in a cryptosystem can be retrieved by physical attacks such as side-channel analysis (SCA) and fault analysis (FA) attacks. Traditionally, countermeasures for different physical attacks are developed in a separate fashion. To lay a solid foundation for countermeasure development for the emerging combined attacks, it is imperative to thoroughly study how the countermeasure for one attack affects the efficiency of other attack. In this work, we use a FPGA-based platform to investigate whether and how the FA countermeasure can influence the efficiency of the correlation power analysis (CPA) attack. Unlike the previous work using simulations on the S-Box only, our assessments are based on the FPGA emulation of the entire AES. In addition to considering different error detection codes, we compare the key retrieval speed of the CPA attack in the scenarios of using different power models, redundancy types for fault detection, modules under fault protection, and practical FPGA synthesis optimization. Furthermore, we propose a new countermeasure that integrates dynamic masking and error deflection to simultaneously thwart CPA and FA attacks. Experimental results show that for 100,000 power traces, our method successfully prevents the key leakage while other methods leak at least five AES subkey bytes. Meanwhile, our simulation also confirms that the proposed method reduces the success rate of FA attacks by up to 90 % over the other methods.     

Attack-resilient time synchronization for wireless sensor networks

The existing time synchronization schemes in sensor networks were not designed with security in mind, thus leaving them vulnerable to security attacks. In this paper, we first identify various attacks that are effective to several representative time synchronization schemes, and then focus on a specific type of attack called delay attack, which cannot be addressed by cryptographic techniques. Next we propose two approaches to detect and accommodate the delay attack. Our first approach uses the generalized extreme studentized deviate (GESD) algorithm to detect multiple outliers introduced by the compromised nodes; our second approach uses a threshold derived using a time transformation technique to filter out the outliers. Finally we show the effectiveness of these two schemes through extensive simulations.     

顶层金属防护层研究综述

以聚焦离子束攻击和微探针攻击为代表的侵入式物理攻击对集成电路安全造成了极大威胁。目前主流的抗侵入式物理攻击的手段是顶层金属防护层。顶层金属防护层采用顶层金属形成复杂的布线网络,以遮蔽芯片加密模块等关键组件,再配合完整性感知单元,实现对侵入式物理攻击的有效感知与防护。顶层金属防护层以较低的开销实现了芯片抵抗物理攻击能力的提升,大大增加了攻击成本。总结了近年来顶层金属防护层的研究成果,介绍了防护层面临的挑战和未来的发展方向。     

RIPEMD with two-round compress function is not collision-free

In 1990 Rivest introduced the cryptographic hash function MD4. The compress function of MD4 has three rounds. After partial attacks against MD4 were found, the stronger mode RIPEMD was designed as a European proposal in 1992 (RACE project). Its compress function consists of two parallel lines of modified versions of MD4-compress. RIPEMD is currently being considered to become an international standard (ISO/IEC Draft 10118-3). However, in this paper an attack against RIPEMD is described, which leads to comparable results with the previously known attacks against MD4: The reduced versions of RIPEMD, where the first or the last round of the compress function is omitted, are not collision-free. Moreover, it turns out that the methods developed in this note can be applied to find collisions for the full MD4.     

A 0.003-mm2, 0.35-V, 82-pJ/conversion ultra-low power CMOS all digital temperature sensor for on-die thermal management

In this paper, a 0.35 V, 82 pJ/conversion ring oscillator based ultra-low power CMOS all digital temperature sensor is presented for on-die thermal management. We utilize subthreshold circuit operation to reduce power and adopt an all-digital architecture, consisting of only standard digital gates. Additionally, a linearization technique is proposed to correct the nonlinear characteristics of subthreshold MOSFETs. A bulk-driven 1-bit gated digitally controlled oscillator is designed for the temperature sensing node. Also, a 1-bit time-to-digital converter is employed in order to double the fine effective resolution of the sensor. The proposed digital temperature sensor has been designed in a 90-nm regular V _T CMOS process. After a two-point calibration, the sensor has a maximum error of ?0.68 to +0.61 °C over the operating temperature range from 0 to 100 °C, while the effective resolution reaches 0.069 °C/LSB. Under a supply voltage of 0.35 V, the power dissipation is only 820 nW with the conversion rate of 10K samples/s at room temperature. Also, the sensor occupies a small area of 0.003 mm².     

AES-Based Security Coprocessor IC in 0.18-$muhbox m$CMOS With Resistance to Differential Power Analysis Side-Channel Attacks

Security ICs are vulnerable to side-channel attacks (SCAs) that find the secret key by monitoring the power consumption or other information that is leaked by the switching behavior of digital CMOS gates. This paper describes a side-channel attack resistant coprocessor IC fabricated in 0.18-$muhbox m$CMOS consisting of an Advanced Encryption Standard (AES) based cryptographic engine, a fingerprint-matching engine, template storage, and an interface unit. Two functionally identical coprocessors have been fabricated on the same die. The first coprocessor was implemented using standard cells and regular routing techniques. The second coprocessor was implemented using a logic style called wave dynamic differential logic (WDDL) and a layout technique called differential routing to combat the differential power analysis (DPA) side-channel attack. Measurement-based experimental results show that a DPA attack on the insecure coprocessor requires only 8000 encryptions to disclose the entire 128-bit secret key. The same attack on the secure coprocessor does not disclose the entire secret key even after 1 500 000 encryptions.     

Quark: A Lightweight Hash

The need for lightweight (that is, compact, low-power, low-energy) cryptographic hash functions has been repeatedly expressed by professionals, notably to implement cryptographic protocols in RFID technology. At the time of writing, however, no algorithm exists that provides satisfactory security and performance. The ongoing SHA-3 Competition will not help, as it concerns general-purpose designs and focuses on software performance. This paper thus proposes a novel design philosophy for lightweight hash functions, based on the sponge construction in order to minimize memory requirements. Inspired by the stream cipher Grain and by the block cipher KATAN (amongst the lightest secure ciphers), we present the hash function family Quark, composed of three instances: u-Quark, d-Quark, and s-Quark. As a sponge construction, Quark can be used for message authentication, stream encryption, or authenticated encryption. Our hardware evaluation shows that Quark compares well to previous tentative lightweight hash functions. For example, our lightest instance u-Quark conjecturally provides at least 64-bit security against all attacks (collisions, multicollisions, distinguishers, etc.), fits in 1379 gate-equivalents, and consumes on average 2.44 μW at 100 kHz in 0.18 μm ASIC. For 112-bit security, we propose s-Quark, which can be implemented with 2296 gate-equivalents with a power consumption of 4.35 μW.     

Secure routing in wireless sensor networks: attacks and countermeasures

We consider routing security in wireless sensor networks. Many sensor network routing protocols have been proposed, but none of them have been designed with security as a goal. We propose security goals for routing in sensor networks, show how attacks against ad-hoc and peer-to-peer networks can be adapted into powerful attacks against sensor networks, introduce two classes of novel attacks against sensor networks––sinkholes and HELLO floods, and analyze the security of all the major sensor network routing protocols. We describe crippling attacks against all of them and suggest countermeasures and design considerations. This is the first such analysis of secure routing in sensor networks.     

A programmable analog hearing aid system-on-chip with frequency compensation

An analog hearing aid with the function of frequency compensation is proposed and implemented considering the human factors. Introducing the current-mode technique, a filter designed by the state space methodology is integrated in the hearing aid to offer the function which only appears in the DSP unit of digital hearing aid. Combined with the filter embedded in the driver circuit adopting the minimum current selecting technique, the enhance frequency compensation can well match to the common low-frequency hearing loss with a stopband attenuation of 80 dB/dec. Moreover, a low-noise automatic gain control (AGC) is presented to improve the programmability with discreet gains, knee points and compression ratios. To enhance the comfortable level, the attack time and release time is set 20 and 100 ms with a peak detector. The input-referred noise is below 5 μVrms. The hearing aid can drive a 16 Ω receiver at the supply voltage of 1 V. The die area is 2.3 × 1.5 mm² (AGC) and 0.93 × 0.86 mm² (driver) in a 0.13 μm standard CMOS process and 1 × 1 mm² (filter) in a 0.35 μm standard CMOS process.     

FPGA密码芯片改进掩码防护方法研究

功耗攻击已对密码芯片物理安全性构成严峻威胁,对其攻击和防御的研究是密码旁路分析的热点问题。文中给出了一种DES伪随机掩码算法的设计和实现方法,分析了算法抗功耗攻击的安全性。结果表明:一般的DES伪随机掩码算法只能抵抗一阶差分功耗攻击,不能有效防御二阶差分功耗攻击。为抵御二阶DPA攻击,采用掩码方法对DES掩码算法结构进行了改进,在理论上具有抗DPA攻击的能力。     

Differential cryptanalysis of Lucifer

Differential cryptanalysis was introduced as an approach to analyze the security of DES-like cryptosystems. The first example of a DES-like cryptosystem was Lucifer, the direct predecessor of DES, which is still believed by many people to be much more secure than DES, since it has 128 key bits, and since no attacks against (the full variant of) Lucifer were ever reported in the cryptographic literature. In this paper we introduce a new extension of differential cryptanalysis, devised to extend the class of vulnerable cryptosystems. This new extension suggests key-dependent characteristics, calledconditional characteristics, selected to increase the characteristics' probabilities for keys in subsets of the key space. The application of conditional characteristics to Lucifer shows that more than half of the keys of Lucifer are insecure, and the attack requires about 2³⁶ complexity and chosen plaintexts to find these keys. The same extension can also be used to attack a new variant of DES, called RDES, which was designed to be immune against differential cryptanalysis. These new attacks flash new light on the design of DES, and show that the transition of Lucifer to DES strengthened the later cryptosystem.     

The effectiveness of a current flattening circuit as countermeasure against DPA attacks

This paper presents an on-chip current flattening circuit designed in 0.18-μm CMOS technology, which can be integrated with secure microsystems, such as smart cards, as a countermeasure against power analysis attacks. The robustness of the proposed countermeasure is evaluated by measuring the number of current traces required for a differential power analysis attack. We analyze the relationship between the required number of current traces and the dynamic current variations, and we show empirically that the required numbers of current traces is proportional to an inverse of the square of the rms value of the flattened current. Finally, we evaluate the effectiveness of the proposed design by using the experimental results of the fabricated chip. The analysis of the experimental results confirms the effectiveness of the current flattening circuit.