Cited By
View all- Shruti Rani SSah DGianini G(2023)Attribute-Based Encryption Schemes for Next Generation Wireless IoT Networks: A Comprehensive SurveySensors10.3390/s2313592123:13(5921)Online publication date: 26-Jun-2023
Leakage and Tamper Resilient Permutation-Based Cryptography
Pages 859 - 873
Abstract
Implementation attacks such as power analysis and fault attacks have shown that, if potential attackers have physical access to a cryptographic device, achieving practical security requires more considerations apart from just cryptanalytic security. In recent years, and with the advent of micro-architectural or hardware-oriented attacks, it became more and more clear that similar attack vectors can also be exploited on larger computing platforms and without the requirement of physical proximity of an attacker. While newly discovered attacks typically come with implementation recommendations that help counteract a specific attack vector, the process of constantly patching cryptographic code is quite time consuming in some cases, and simply not possible in other cases.
What adds up to the problem is that the popular approach of leakage resilient cryptography only provably solves part of the problem: it discards the threat of faults. Therefore, we put forward the usage of leakage and tamper resilient cryptographic algorithms, as they can offer built-in protection against various types of physical and hardware oriented attacks, likely including attack vectors that will only be discovered in the future. In detail, we present the - to the best of our knowledge - first framework for proving the security of permutation-based symmetric cryptographic constructions in the leakage and tamper resilient setting. As a proof of concept, we apply the framework to a sponge-based stream encryption scheme called asakey and provide a practical analysis of its resistance against side channel and fault attacks.
References
[1]
Nasour Bagheri, Navid Ghaedi, and Somitra Kumar Sanadhya. Differential Fault Analysis of SHA-3. In INDOCRYPT, pages 253--269, 2015.
[2]
Guy Barwell, Daniel P. Martin, Elisabeth Oswald, and Martijn Stam. Authenticated Encryption in the Face of Protocol and Side Channel Leakage. In Tsuyoshi Takagi and Thomas Peyrin, editors, ASIACRYPT, volume 10624 of LNCS, pages 693--723. Springer, 2017.
[3]
Daniel J. Bernstein. Cache-timing attacks on AES, 2004.
[4]
Francesco Berti, Olivier Pereira, Thomas Peters, and François-Xavier Standaert. On Leakage-Resilient Authenticated Encryption with Decryption Leakages. IACR Trans. Symmetric Cryptol., 2017(3):271--293, 2017.
[5]
Francesco Berti, Olivier Pereira, and François-Xavier Standaert. Reducing the Cost of Authenticity with Leakages: a CIML2-Secure AE Scheme with One Call to a Strongly Protected Tweakable Block Cipher. In Johannes Buchmann, Abderrahmane Nitaj, and Tajje eddine Rachidi, editors, AFRICACRYPT, volume 11627 of LNCS, pages 229--249. Springer, 2019.
[6]
Guido Bertoni, Joan Daemen, Michael Peeters, Gilles Van Assche, and Ronny Van Keer. eXtended Keccak Code Package.
[7]
Guido Bertoni, Joan Daemen, Michaël Peeters, Gilles Van Assche, and Ronny Van Keer. Keyak. Submission to the CAESAR competition, 2014.
[8]
Guido Bertoni, Joan Daemen, Michaël Peeters, Gilles Van Assche, Ronny Van Keer, and Benoît Viguier. KangarooTwelve: Fast Hashing Based on Keccak-p. In Bart Preneel and Frederik Vercauteren, editors, ACNS, volume 10892 of LNCS, pages 400--418. Springer, 2018.
[9]
Eli Biham and Adi Shamir. Differential Cryptanalysis of DES-like Cryptosystems. In Alfred Menezes and Scott A. Vanstone, editors, CRYPTO, volume 537 of LNCS, pages 2--21. Springer, 1990.
[10]
Eli Biham and Adi Shamir. Differential Fault Analysis of Secret Key Cryptosystems. In Burton S. Kaliski Jr., editor, CRYPTO, volume 1294 of LNCS, pages 513--525. Springer, 1997.
[11]
Olivier Bronchain, Julien M. Hendrickx, Clément Massart, Alex Olshevsky, and François-Xavier Standaert. Leakage Certification Revisited: Bounding Model Errors in Side-Channel Security Evaluations. In Alexandra Boldyreva and Daniele Micciancio, editors, CRYPTO, volume 11692 of LNCS, pages 713--737. Springer, 2019.
[12]
Joan Daemen, Bart Mennink, and Gilles Van Assche. Full-State Keyed Duplex with Built-In Multi-user Support. In Tsuyoshi Takagi and Thomas Peyrin, editors, ASIACRYPT, volume 10625 of LNCS, pages 606--637. Springer, 2017.
[13]
Christoph Dobraunig, Maria Eichlseder, Hannes Groß, Stefan Mangard, Florian Mendel, and Robert Primas. Statistical Ineffective Fault Attacks on Masked AES with Fault Countermeasures. In Thomas Peyrin and Steven D. Galbraith, editors, ASIACRYPT, volume 11273 of LNCS, pages 315--342. Springer, 2018.
[14]
Christoph Dobraunig, Maria Eichlseder, Thomas Korak, Stefan Mangard, Florian Mendel, and Robert Primas. SIFA: Exploiting Ineffective Fault Inductions on Symmetric Cryptography. IACR Trans. Cryptogr. Hardw. Embed. Syst., 2018(3):547-- 572, 2018.
[15]
Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, Bart Mennink, Robert Primas, and Thomas Unterluggauer. Isap v2.0. IACR Trans. Symmetric Cryptol., 2020(S1):390--416, 2020.
[16]
Christoph Dobraunig, Maria Eichlseder, Stefan Mangard, Florian Mendel, and Thomas Unterluggauer. ISAP - Towards Side-Channel Secure Authenticated Encryption. IACR Trans. Symmetric Cryptol., 2017(1):80--105, 2017.
[17]
Christoph Dobraunig, Stefan Mangard, Florian Mendel, and Robert Primas. Fault Attacks on Nonce-Based Authenticated Encryption: Application to Keyak and Ketje. In Carlos Cid and Michael J. Jacobson Jr., editors, SAC, volume 11349 of LNCS, pages 257--277. Springer, 2018.
[18]
Christoph Dobraunig and Bart Mennink. Leakage Resilience of the Duplex Construction. In Steven D. Galbraith and Shiho Moriai, editors, ASIACRYPT, volume 11923 of LNCS, pages 225--255. Springer, 2019.
[19]
Yevgeniy Dodis, Yael Tauman Kalai, and Shachar Lovett. On cryptography with auxiliary input. In Michael Mitzenmacher, editor, ACM STOC, pages 621--630. ACM, 2009.
[20]
Yevgeniy Dodis and Krzysztof Pietrzak. Leakage-Resilient Pseudorandom Functions and Side-Channel Attacks on Feistel Networks. In Tal Rabin, editor, CRYPTO, volume 6223 of LNCS, pages 21--40. Springer, 2010.
[21]
Stefan Dziembowski and Krzysztof Pietrzak. Leakage-Resilient Cryptography. In IEEE FOCS 2008, pages 293--302. IEEE Computer Society, 2008.
[22]
Sebastian Faust, Krzysztof Pietrzak, and Joachim Schipper. Practical LeakageResilient Symmetric Cryptography. In Prouff and Schaumont [45], pages 213--232.
[23]
Thomas Fuhr, Éliane Jaulmes, Victor Lomné, and Adrian Thillard. Fault attacks on AES with faulty ciphertexts only. In Wieland Fischer and Jörn-Marc Schmidt, editors, FDTC, pages 108--118. IEEE Computer Society, 2013.
[24]
Benjamin Fuller and Ariel Hamlin. Unifying Leakage Classes: Simulatable Leakage and Pseudoentropy. In Anja Lehmann and Stefan Wolf, editors, ICITS 2015, volume 9063 of LNCS, pages 69--86. Springer, 2015.
[25]
Daniel Gruss. Software-based Microarchitectural Attacks. PhD thesis, Graz University of Technology, 2017.
[26]
Daniel Gruss, Moritz Lipp, Michael Schwarz, Daniel Genkin, Jonas Juffinger, Sioli O'Connell, Wolfgang Schoechl, and Yuval Yarom. Another flip in the wall of rowhammer defenses. In IEEE SP, pages 245--261. IEEE Computer Society, 2018.
[27]
Daniel Gruss, Clémentine Maurice, and Stefan Mangard. Rowhammer.js: A remote software-induced fault attack in javascript. In Juan Caballero, Urko Zurutuza, and Ricardo J. Rodríguez, editors, DIMVA, volume 9721 of LNCS, pages 300--321. Springer, 2016.
[28]
Yoongu Kim, Ross Daly, Jeremie Kim, Chris Fallin, Ji-Hye Lee, Donghyuk Lee, Chris Wilkerson, Konrad Lai, and Onur Mutlu. Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. In ACM/IEEE ISCA, pages 361--372. IEEE Computer Society, 2014.
[29]
Paul C. Kocher. Leak-resistant cryptographic indexed key update, March 25 2003. US Patent 6,539,092.
[30]
Paul C. Kocher, Joshua Jaffe, and Benjamin Jun. Differential Power Analysis. In Michael J. Wiener, editor, CRYPTO, volume 1666 of LNCS, pages 388--397. Springer, 1999.
[31]
Moritz Lipp, Misiker Tadesse Aga, Michael Schwarz, Daniel Gruss, Clémentine Maurice, Lukas Raab, and Lukas Lamster. Nethammer: Inducing rowhammer faults through network requests. CoRR, abs/1805.04956, 2018.
[32]
Moritz Lipp, Andreas Kogler, David Oswald, Michael Schwarz, Catherine Easdon, Claudio Canella, and Daniel Gruss. PLATYPUS: Software-based Power SideChannel Attacks on x86. In IEEE SP. IEEE, 2021.
[33]
Jake Longo, Daniel P. Martin, Elisabeth Oswald, Daniel Page, Martijn Stam, and Michael Tunstall. Simulatable Leakage: Analysis, Pitfalls, and New Constructions. In Palash Sarkar and Tetsu Iwata, editors, ASIACRYPT, volume 8873 of LNCS, pages 223--242. Springer, 2014.
[34]
Pei Luo, Yunsi Fei, Liwei Zhang, and A. Adam Ding. Differential Fault Analysis of SHA-3 Under Relaxed Fault Models. J. Hardware and Systems Security, 1(2):156-- 172, 2017.
[35]
Stefan Mangard, Elisabeth Oswald, and Thomas Popp. Power Analysis Attacks. Springer, 2007.
[36]
Daniel P. Martin, Elisabeth Oswald, Martijn Stam, and Marcin Wójcik. A Leakage Resilient MAC. In Jens Groth, editor, IMACC 2015, volume 9496 of LNCS, pages 295--310. Springer, 2015.
[37]
Marcel Medwed, François-Xavier Standaert, and Antoine Joux. Towards SuperExponential Side-Channel Security with Efficient Leakage-Resilient PRFs. In Prouff and Schaumont [45], pages 193--212.
[38]
Marcel Medwed, François-Xavier Standaert, Ventzislav Nikov, and Martin Feldhofer. Unknown-Input Attacks in the Parallel Setting: Improving the Security of the CHES 2012 Leakage-Resilient PRF. In Jung Hee Cheon and Tsuyoshi Takagi, editors, ASIACRYPT, volume 10031 of LNCS, pages 602--623, 2016.
[39]
Kit Murdock, David Oswald, Flavio D. Garcia, Jo Van Bulck, Daniel Gruss, and Frank Piessens. Plundervolt: Software-based fault injection attacks against intel sgx. In IEEE SP, pages 1149--1165. IEEE Computer Society, 2020.
[40]
National Institute of Standards and Technology. FIPS PUB 202: SHA-3 Standard: Permutation-based hash and extendable-output functions. Federal Information Processing Standards Publication 202, U.S. Department of Commerce, 8 2015.
[41]
Colin OFlynn. ChipWhisperer-Lite (CW1173) Basic Board.
[42]
Olivier Pereira, François-Xavier Standaert, and Srinivas Vivek. Leakage-Resilient Authentication and Encryption from Symmetric Cryptographic Primitives. In Indrajit Ray, Ninghui Li, and Christopher Kruegel, editors, CCS, pages 96--108. ACM, 2015.
[43]
Peter Pessl, Daniel Gruss, Clémentine Maurice, Michael Schwarz, and Stefan Mangard. DRAMA: exploiting DRAM addressing for cross-cpu attacks. In Thorsten Holz and Stefan Savage, editors, USENIX, pages 565--581. USENIX Association, 2016.
[44]
Krzysztof Pietrzak. A Leakage-Resilient Mode of Operation. In Antoine Joux, editor, EUROCRYPT, volume 5479 of LNCS, pages 462--482. Springer, 2009.
[45]
Emmanuel Prouff and Patrick Schaumont, editors. CHES, volume 7428 of LNCS. Springer, 2012.
[46]
Ali Aydin Selçuk. On Probability of Success in Linear and Differential Cryptanalysis. J. Cryptology, 21(1):131--147, 2008.
[47]
François-Xavier Standaert, Olivier Pereira, and Yu Yu. Leakage-Resilient Symmetric Cryptography under Empirically Verifiable Assumptions. In Ran Canetti and Juan A. Garay, editors, CRYPTO, volume 8042 of LNCS, pages 335--352. Springer, 2013.
[48]
François-Xavier Standaert, Olivier Pereira, Yu Yu, Jean-Jacques Quisquater, Moti Yung, and Elisabeth Oswald. Leakage Resilient Cryptography in Practice. In Ahmad-Reza Sadeghi and David Naccache, editors, Towards Hardware-Intrinsic Security - Foundations and Practice, Information Security and Cryptography, pages 99--134. Springer, 2010.
[49]
Mostafa M. I. Taha and Patrick Schaumont. Side-Channel Analysis of MACKeccak. In IEEE HOST, pages 125--130, 2013.
[50]
Mostafa M. I. Taha and Patrick Schaumont. Side-channel countermeasure for SHA-3 at almost-zero area overhead. In IEEE HOST, pages 93--96. IEEE Computer Society, 2014.
[51]
Yukiyasu Tsunoo, Teruo Saito, Tomoyasu Suzaki, Maki Shigeri, and Hiroshi Miyauchi. Cryptanalysis of DES implemented on computers with cache. In Colin D. Walter, Çetin Kaya Koç, and Christof Paar, editors, CHES, volume 2779 of LNCS, pages 62--76. Springer, 2003.
[52]
Florian Unterstein, Johann Heyszl, Fabrizio De Santis, and Robert Specht. Dissecting Leakage Resilient PRFs with Multivariate Localized EM Attacks - A Practical Security Evaluation on FPGA. In Sylvain Guilley, editor, COSADE 2017, volume 10348 of LNCS, pages 34--49. Springer, 2017.
[53]
Florian Unterstein, Johann Heyszl, Fabrizio De Santis, Robert Specht, and Georg Sigl. High-Resolution EM Attacks Against Leakage-Resilient PRFs Explained - And an Improved Construction. In Nigel P. Smart, editor, CT-RSA, volume 10808 of LNCS, pages 413--434. Springer, 2018.
[54]
Victor van der Veen, Yanick Fratantonio, Martina Lindorfer, Daniel Gruss, Clémentine Maurice, Giovanni Vigna, Herbert Bos, Kaveh Razavi, and Cristiano Giuffrida. Drammer: Deterministic rowhammer attacks on mobile platforms. In Edgar R. Weippl, Stefan Katzenbeisser, Christopher Kruegel, Andrew C. Myers, and Shai Halevi, editors, CCS, pages 1675--1689. ACM, 2016.
[55]
Yu Yu and François-Xavier Standaert. Practical Leakage-Resilient Pseudorandom Objects with Minimum Public Randomness. In Ed Dawson, editor, CT-RSA, volume 7779 of LNCS, pages 223--238. Springer, 2013.
[56]
Yu Yu, François-Xavier Standaert, Olivier Pereira, and Moti Yung. Practical leakage-resilient pseudorandom generators. In Ehab Al-Shaer, Angelos D. Keromytis, and Vitaly Shmatikov, editors, CCS, pages 141--151. ACM, 2010.
Index Terms
- Leakage and Tamper Resilient Permutation-Based Cryptography
Recommendations
A countermeasure against cryptographic key leakage in cloud: public-key encryption with continuous leakage and tampering resilience
Public-key encryption is an important security mechanism used in cloud environment. To ensure the confidentiality of data encrypted using public-key encryption, countermeasures against cryptographic key leakage by side-channel attacks should be applied ...
Leakage-Resilient Certificateless Key Encapsulation Scheme
The previous adversary models of public key cryptography usually have a nature assumption that permanent/temporary secret (private) keys must be kept safely and internal secret states are not leaked to an adversary. However, in practice, it is difficult ...
Leakage-Resilient Revocable Identity-Based Signature with Cloud Revocation Authority
Very recently, side-channel attacks have threatened all traditional cryptographic schemes. Typically, in traditional cryptography, private/secret keys are assumed to be completely hidden to adversaries. However, by side-channel attacks, an adversary may ...
Comments
Please enable JavaScript to view thecomments powered by Disqus.Information & Contributors
Information
Published In
November 2022
3598 pages
ISBN:9781450394505
DOI:10.1145/3548606
- General Chairs:
- Heng Yin,
- Angelos Stavrou,
- Program Chairs:
- Cas Cremers,
- Elaine Shi
Copyright © 2022 Owner/Author.
This work is licensed under a Creative Commons Attribution International 4.0 License.
Sponsors
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 07 November 2022
Check for updates
Author Tags
Qualifiers
- Research-article
Conference
CCS '22
Sponsor:
CCS '22: 2022 ACM SIGSAC Conference on Computer and Communications Security
November 7 - 11, 2022
CA, Los Angeles, USA
Acceptance Rates
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%
Upcoming Conference
CCS '25
- Sponsor:
- sigsac
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- View Citations1Total Citations
- 428Total Downloads
- Downloads (Last 12 months)137
- Downloads (Last 6 weeks)20
Reflects downloads up to 17 Dec 2024
Other Metrics
Citations
Cited By
View all- Shruti Rani SSah DGianini G(2023)Attribute-Based Encryption Schemes for Next Generation Wireless IoT Networks: A Comprehensive SurveySensors10.3390/s2313592123:13(5921)Online publication date: 26-Jun-2023
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign in