Results 1  10
of
15
Cold Boot Key Recovery by Solving Polynomial Systems with Noise
"... Abstract. A method for extracting cryptographic key material from DRAM used in modern computers has been recently proposed in [9]; the technique was called Cold Boot attacks. When considering block ciphers, such as the AES and DES, simple algorithms were also proposed in [9] to recover the cryptogra ..."
Abstract

Cited by 12 (0 self)
 Add to MetaCart
(Show Context)
Abstract. A method for extracting cryptographic key material from DRAM used in modern computers has been recently proposed in [9]; the technique was called Cold Boot attacks. When considering block ciphers, such as the AES and DES, simple algorithms were also proposed in [9] to recover the cryptographic key from the observed set of round subkeys in memory (computed via the cipher’s key schedule operation), which were however subject to errors due to memory bits decay. In this work we extend this analysis to consider key recovery for other ciphers used in Full Disk Encryption (FDE) products. Our algorithms are also based on closest code word decoding methods, however apply a novel method for solving a set of nonlinear algebraic equations with noise based on Integer Programming. This method should have further applications in cryptology, and is likely to be of independent interest. We demonstrate the viability of the Integer Programming method by applying it against the Serpent block cipher, which has a much more complex key schedule than AES. Furthermore, we also consider the Twofish key schedule, to which we apply a dedicated method of recovery. 1
Analysis of the Algebraic Side Channel Attack
"... At CHES 2009, Renauld, Standaert and VeyratCharvillon introduced a new kind of attack called Algebraic SideChannel Attacks (ASCA). They showed that sidechannel information leads to effective algebraic attacks. These results are mostly experiments since strongly based on the use of a SAT solver. ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
At CHES 2009, Renauld, Standaert and VeyratCharvillon introduced a new kind of attack called Algebraic SideChannel Attacks (ASCA). They showed that sidechannel information leads to effective algebraic attacks. These results are mostly experiments since strongly based on the use of a SAT solver. This article presents a theoretical study in order to explain and to characterize the algebraic phase of these attacks. We study more general algebraic attacks based on Gröbner methods. We show that the complexity of the Gröbner basis computations in these attacks depends on a new notion of algebraic immunity defined in this paper, and on the distribution of the leakage information of the cryptosystem. We also study two examples of common leakage models: the Hamming weight and the Hamming distance models. For instance the study in the case of the Hamming weight model gives that the probability of obtaining at least 64 (resp. 130) linear relations is about 50 % for the substitution layer of PRESENT (resp. AES). Moreover if the Sboxes are replaced by functions maximizing the new al
Algebraic SideChannel Attacks Beyond the Hamming Weight Leakage Model
"... Abstract. Algebraic sidechannel attacks (ASCA) are a method of cryptanalysis which allow performing key recoveries with very low data complexity. In an ASCA, the sidechannel leaks of a device under test (DUT) are represented as a system of equations, and a machine solver is used to find a key whic ..."
Abstract

Cited by 7 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Algebraic sidechannel attacks (ASCA) are a method of cryptanalysis which allow performing key recoveries with very low data complexity. In an ASCA, the sidechannel leaks of a device under test (DUT) are represented as a system of equations, and a machine solver is used to find a key which satisfies these equations. A primary limitation of the ASCA method is the way it tolerates errors. If the correct key is excluded from the system of equations due to noise in the measurements, the attack will fail. On the other hand, if the DUT is described in a more robust manner to better tolerate errors, the loss of information may make computation time intractable. In this paper, we first show how this robustnessinformation tradeoff can be simplified by using an optimizer, which exploits the probability data output by a sidechannel decoder, instead of a standard SAT solver. For this purpose, we describe a way of representing the leak equations as vectors of aposteriori probabilities, enabling a natural integration of template attacks and ASCA. Next, we put forward the applicability of ASCA against devices which does not conform to simple leakage models (e.g. based on the Hamming weight of the manipulated data). We finally report on various experiments that illustrate the strengths and weaknesses of standard and optimizing solvers in various settings, hence demonstrating the versatility of ASCA. 1
Automatic Security Evaluation and (Relatedkey) Differential Characteristic Search:
"... Abstract. In this paper, we propose two systematic methods to describe the differential property of an Sbox with linear inequalities based on logical condition modelling and computational geometry. In one method, inequalities are generated according to some conditional differential properties of ..."
Abstract

Cited by 5 (3 self)
 Add to MetaCart
(Show Context)
Abstract. In this paper, we propose two systematic methods to describe the differential property of an Sbox with linear inequalities based on logical condition modelling and computational geometry. In one method, inequalities are generated according to some conditional differential properties of the Sbox; in the other method, inequalities are extracted from the Hrepresentation of the convex hull of all possible differential patterns of the Sbox. For the second method, we develop a greedy algorithm for selecting a given number of inequalities from the convex hull. Using these inequalities combined with MixedInteger Linear Programming (MILP) technique, we propose an automatic method for evaluating the security of bitoriented block ciphers against the (relatedkey) differential attacks, and several techniques for obtaining tighter security bounds. we successfully prove that 24round PRESENT80 is secure enough to resist against standard relatedkey differential attacks, and the probability of the best relatedkey differential characteristic of full LBlock is upper bounded by 2−60. These are the tightest security bound with respect to relatedkey differential attack published so far for PRESENT80 and LBlock. Also, we present a new tool for finding (relatedkey) characteristics automatically for bitoriented block ciphers. Using this tool, we obtain new relatedkey characteristics for LBlock, DESL and PRESENT128, which cover larger number of rounds or have larger probability than all previously known results. The methodology presented in this paper is generic, automatic and applicable to many bitoriented block ciphers, including but not limited to
Tolerant algebraic sidechannel analysis of AES,” Cryptology ePrint Archive, Report 2012/092
, 2012
"... Abstract. We report on a Tolerant Algebraic SideChannel Analysis (TASCA) attack on an AES implementation, using an optimizing pseudoBoolean solver to recover the secret key from a vector of Hamming weights corresponding to a single encryption. We first develop a boundary on the maximum error rate ..."
Abstract

Cited by 5 (1 self)
 Add to MetaCart
(Show Context)
Abstract. We report on a Tolerant Algebraic SideChannel Analysis (TASCA) attack on an AES implementation, using an optimizing pseudoBoolean solver to recover the secret key from a vector of Hamming weights corresponding to a single encryption. We first develop a boundary on the maximum error rate that can be tolerated as a function of the set size output by the decoder and the number of measurements. Then, we show that the TASCA approach is capable of recovering the secret key from errored traces in a reasonable time for error rates approaching this theoretical boundary – specifically, the key was recovered in 10 hours on average from 100 measurements with error rates of up to 20%. We discovered that, perhaps counterintuitively, there are strong incentives for the attacker to use as few leaks as possible to recover the key. We describe the equation setup, the experiment setup and discuss the results.
Pragmatism vs. Elegance: comparing two approaches to Simple Power Attacks on AES
"... Abstract. Simple sidechannel attacks trade off data complexity (i.e. the number of sidechannel observations needed for a successful attack) with computational complexity (i.e. the number of operations applied to the sidechannel traces). In the specific example of Simple Power Analysis (SPA) atta ..."
Abstract

Cited by 3 (2 self)
 Add to MetaCart
Abstract. Simple sidechannel attacks trade off data complexity (i.e. the number of sidechannel observations needed for a successful attack) with computational complexity (i.e. the number of operations applied to the sidechannel traces). In the specific example of Simple Power Analysis (SPA) attacks on the Advanced Encryption Standard (AES), two approaches can be found in the literature, one which is a pragmatic approach that involves basic techniques such as efficient enumeration of key candidates, and one that is seemingly more elegant and uses algebraic techniques. Both of these different techniques have been used in complementary settings: the pragmatic attacks were solely applied to the key schedule whereas the more elegant methods were only applied to the encryption rounds. In this article, we investigate how these methods compare in what we consider to be a more practical setting in which adversaries gain access to erroneous information about both key schedule and encryption rounds. We conclude that the pragmatic enumeration technique better copes with erroneous information which makes it more interesting in practice. 1
The spy in the sandbox  practical cache attacks in javascript
 CoRR
, 2015
"... We present a microarchitectural sidechannel attack that runs entirely in the browser. In contrast to previous work in this genre, our attack does not require the attacker to install software on the victim’s machine; to facilitate the attack, the victim needs only to browse to an untrusted webpage ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
We present a microarchitectural sidechannel attack that runs entirely in the browser. In contrast to previous work in this genre, our attack does not require the attacker to install software on the victim’s machine; to facilitate the attack, the victim needs only to browse to an untrusted webpage that contains attackercontrolled content. This makes our attack model highly scalable, and extremely relevant and practical to today’s Web, as most desktop browsers currently used to access the Internet are affected by such side channel threats. Our attack, which is an extension to the lastlevel cache attacks of Liu et al. [14], allows a remote adversary to recover information belonging to other processes, users, and even virtual machines running on the same physical host with the victim web browser. We describe the fundamentals behind our attack, and evaluate its performance characteristics. In addition, we show how it can be used to compromise user privacy in a common setting, letting an attacker spy after a victim that uses private browsing. Defending against this side channel is possible, but the required countermeasures can exact an impractical cost on benign uses of the browser.
A New Model for ErrorTolerant SideChannel Cube Attacks
 CHES'13, LNCS
, 2013
"... Abstract. Sidechannel cube attacks are a class of leakage attacks on block ciphers in which the attacker is assumed to have access to some leaked information on the internal state of the cipher as well as the plaintext/ciphertext pairs. The known DinurShamir model and its variants require errorf ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Sidechannel cube attacks are a class of leakage attacks on block ciphers in which the attacker is assumed to have access to some leaked information on the internal state of the cipher as well as the plaintext/ciphertext pairs. The known DinurShamir model and its variants require errorfree data for at least part of the measurements. In this paper, we consider a new and more realistic model which can deal with the case when all the leaked bits are noisy. In this model, the key recovery problem is converted to the problem of decoding a binary linear code over a binary symmetric channel with the crossover probability which is determined by the measurement quality and the cube size. We use the maximum likelihood decoding method to recover the key. As a case study, we demonstrate efficient key recovery attacks on PRESENT. We show that the full 80bit key can be restored with 210.2 measurements with an error probability of 19.4 % for each measurement.
Automatic Security Evaluation for Bitoriented Block Ciphers in Relatedkey Model: Application to PRESENT80, LBlock and Others ⋆
"... Abstract. Since AES and PRESENT are two international standard block ciphers representing the most elegant design strategies for byteoriented and bitoriented designs respectively, we regard AES and PRESENT the two most significant candidates to scrutinize with respect to relatedkey differential a ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Abstract. Since AES and PRESENT are two international standard block ciphers representing the most elegant design strategies for byteoriented and bitoriented designs respectively, we regard AES and PRESENT the two most significant candidates to scrutinize with respect to relatedkey differential attack. In EUROCRYPT 2010 and CRYPTO 2013, the security of AES with respect to relatedkey differential attack has been completely analyzed by Alex Biryukov et al and PierreAlain Fouque et al with automatic relatedkey differential characteristic searching tools. In this paper, we propose two methods to describe the differential behaviour of an Sbox with linear inequalities based on logical condition modelling and computational geometry. In one method, inequalities are generated according to some conditional differential properties of the Sbox; in the other method, inequalities are extracted from the Hrepresentation of the convex hull of all possible differential patterns of the Sbox. For the second method, we develop a greedy algorithm
Reliable Information Extraction for Single Trace Attacks
"... Abstract—Sidechannel attacks using only a single trace crucially rely on the capability of reliably extracting sidechannel information (e.g. Hamming weights of intermediate target values) from traces. In particular, in original versions of simple power analysis (SPA) or algebraic side channel att ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
Abstract—Sidechannel attacks using only a single trace crucially rely on the capability of reliably extracting sidechannel information (e.g. Hamming weights of intermediate target values) from traces. In particular, in original versions of simple power analysis (SPA) or algebraic side channel attacks (ASCA) it was assumed that an adversary can correctly extract the Hamming weight values for all the intermediates used in an attack. Recent developments in error tolerant SPA style attacks relax this unrealistic requirement on the information extraction and bring renewed interest to the topic of template building or training suitable machine learning classifiers. In this work we ask which classifiers or methods, if any, are most likely to return the true Hamming weight among their first (say s) ranked outputs. We experiment on two data sets with different leakage characteristics. Our experiments show that the most suitable classifiers to reach the required performance for pragmatic SPA attacks are Gaussian templates, Support Vector Machines and Random Forests, across the two data sets that we considered. We found no configuration that was able to satisfy the requirements of an error tolerant ASCA in case of complex leakage. I.