Due to the strong attacking ability, fast speed, simple implementation and other characteristics, differential fault analysis has become an important method to evaluate the security of cryptosystem in the Internet of ...Due to the strong attacking ability, fast speed, simple implementation and other characteristics, differential fault analysis has become an important method to evaluate the security of cryptosystem in the Internet of Things. As one of the AES finalists, the Serpent is a 128-bit Substitution-Permutation Network(SPN) cryptosystem. It has 32 rounds with the variable key length between 0 and 256 bits, which is flexible to provide security in the Internet of Things. On the basis of the byte-oriented model and the differential analysis, we propose an effective differential fault attack on the Serpent cryptosystem. Mathematical analysis and simulating experiment show that the attack could recover its secret key by introducing 48 faulty ciphertexts. The result in this study describes that the Serpent is vulnerable to differential fault analysis in detail. It will be beneficial to the analysis of the same type of other iterated cryptosystems.展开更多
Power analysis is a non-invaslve attack against cryptographic hardware, which effectively exploits runtime power consumption characteristics of circuits. This paper proposes a new power model which combines Hamming Di...Power analysis is a non-invaslve attack against cryptographic hardware, which effectively exploits runtime power consumption characteristics of circuits. This paper proposes a new power model which combines Hamming Distance model and the model based on the template value of power consumption in combinational logic circuit. The new model can describe the power consumption characteristics of sequential logic circuits and those of combinational logic as well. The new model can be used to improve the existing power analysis methods and detect the information leakage of power consumption. Experimental results show that, compared to CPA(Correlation Power Analysis) method, our proposed attack which adopt the combinational model is more efficient in terms of the number of required power traces.展开更多
In this paper,we propose a hybrid power model that includes the power consumption of not only the registers but also part of the combinational logic.By doing knownkey analysis with this hybrid model,power side-channel...In this paper,we propose a hybrid power model that includes the power consumption of not only the registers but also part of the combinational logic.By doing knownkey analysis with this hybrid model,power side-channel leakage caused by correct keys can be detected.In experiment,PRINTcipher and DES algorithms were chosen as analysis targets and combinational logic s-box unit was selected to build power template.The analysis results showed the signal-to-noise ratio(SNR) power consumption increase of more than 20%after considering s-box's power consumption so that the information of keys can be obtained with just half number of power traces.In addition,the side channel-leakage detection capability of our method also shows better effectiveness that can identify the correct keys.展开更多
Integer overflow vulnerability will cause buffer overflow. The research on the relationship between them will help us to detect integer overflow vulnerability. We present a dynamic analysis methods RICB (Run-time Int...Integer overflow vulnerability will cause buffer overflow. The research on the relationship between them will help us to detect integer overflow vulnerability. We present a dynamic analysis methods RICB (Run-time Integer Checking via Buffer overflow). Our approach includes decompile execute file to assembly language; debug the execute file step into and step out; locate the overflow points and checking buffer overflow caused by integer overflow. We have implemented our approach in three buffer overflow types: format string overflow, stack overflow and heap overflow. Experiments results show that our approach is effective and efficient. We have detected more than 5 known integer overflow vulnerabilities via buffer overflow.展开更多
Timing attacks break a cryptosystem by time measurement to recover keys. Most available countermeasures protect block ciphers based on the safety of modules. This paper gives a complete definition of timing attacks an...Timing attacks break a cryptosystem by time measurement to recover keys. Most available countermeasures protect block ciphers based on the safety of modules. This paper gives a complete definition of timing attacks and studies the vulnerability of operations and modules on timing attacks. We present a method to transfer the security of the algorithm to that of secure operations by reduction. As a result, we hopefully tend to reconcile the provable security notions and modem cryptography with real-world implementations of block ciphers.展开更多
The CLC protocol (proposed by Tzung-Her Chen, Wei-Bin Lee and Hsing-Bai Chen, CLC, for short) is a new three-party password-authenticated key exchange (3PAKE) protocol. This CLC protocol provides a superior round ...The CLC protocol (proposed by Tzung-Her Chen, Wei-Bin Lee and Hsing-Bai Chen, CLC, for short) is a new three-party password-authenticated key exchange (3PAKE) protocol. This CLC protocol provides a superior round efficiency (only three rounds), and its resources required for computation are relatively few. However, we find that the leakage of values VA and VB in the CLC protocol will make a man-in-the-middle attack feasible in practice, where VA and VB are the authentication information chosen by the server for the participants A and B. In this paper, we describe our attack on the CLC protocol and further present a modified 3PAKE protocol, which is essentially an improved CLC protocol. Our protocol can resist attacks available, including man-in-the-middle attack we mount on the initial CLC protocol. Meanwhile, we allow that the participants choose their own pass- words by themselves, thus avoiding the danger that the server is controlled in the initialization phase. Also, the computational cost of our protocol is lower than that of the CLC protocol.展开更多
基金supported by the National Natural Science Foundation of China under Grant No.61003278,No.61073150 and No.61202371Innovation Program of Shanghai Municipal Education Commission under Grant No.14ZZ066+5 种基金the open research fund of State Key Laboratory of Information Securitythe Opening Project of Shanghai Key Laboratory of Integrate Administration Technologies for Information Securitythe Fundamental Research Funds for the Central Universities,National Key Basic Research Program of China under Grant No.2013CB338004China Postdoctoral Science Foundation under Grant No.2012M521829Shanghai Postdoctoral Research Funding Program under Grant No.12R21414500the National Social Science Foundation of China under Grant No.13CFX054
文摘Due to the strong attacking ability, fast speed, simple implementation and other characteristics, differential fault analysis has become an important method to evaluate the security of cryptosystem in the Internet of Things. As one of the AES finalists, the Serpent is a 128-bit Substitution-Permutation Network(SPN) cryptosystem. It has 32 rounds with the variable key length between 0 and 256 bits, which is flexible to provide security in the Internet of Things. On the basis of the byte-oriented model and the differential analysis, we propose an effective differential fault attack on the Serpent cryptosystem. Mathematical analysis and simulating experiment show that the attack could recover its secret key by introducing 48 faulty ciphertexts. The result in this study describes that the Serpent is vulnerable to differential fault analysis in detail. It will be beneficial to the analysis of the same type of other iterated cryptosystems.
基金supported by Major State Basic Research Development Program(No. 2013CB338004)National Natural Science Foundation of China(No.61402286, 61202372,61202371,61309021)National Science and Technology Major Project of the Ministry of Science and Technology of China (No.2014ZX01032401-001)
文摘Power analysis is a non-invaslve attack against cryptographic hardware, which effectively exploits runtime power consumption characteristics of circuits. This paper proposes a new power model which combines Hamming Distance model and the model based on the template value of power consumption in combinational logic circuit. The new model can describe the power consumption characteristics of sequential logic circuits and those of combinational logic as well. The new model can be used to improve the existing power analysis methods and detect the information leakage of power consumption. Experimental results show that, compared to CPA(Correlation Power Analysis) method, our proposed attack which adopt the combinational model is more efficient in terms of the number of required power traces.
基金supported by Major State Basic Research Development Program(No. 2013CB338004)National Natural Science Foundation of China(No.61402286, 61472250,61472249,61202372)+1 种基金National Science and Technology Major Project of the Ministry of Science and Technology of China (No.2014ZX01032401-001)Plan of Action for the Innovation of Science and Technology of Shanghai Municipal Science and Technology Commission(No.14511100300)
文摘In this paper,we propose a hybrid power model that includes the power consumption of not only the registers but also part of the combinational logic.By doing knownkey analysis with this hybrid model,power side-channel leakage caused by correct keys can be detected.In experiment,PRINTcipher and DES algorithms were chosen as analysis targets and combinational logic s-box unit was selected to build power template.The analysis results showed the signal-to-noise ratio(SNR) power consumption increase of more than 20%after considering s-box's power consumption so that the information of keys can be obtained with just half number of power traces.In addition,the side channel-leakage detection capability of our method also shows better effectiveness that can identify the correct keys.
基金Supported by the National Natural Science Foundation of China (60903188), Shanghai Education Commission Innovation Foundation (11YZ192) and World Expo Science and Technology Special Fund of Shanghai Science and Technology Commission (08dz0580202).
文摘Integer overflow vulnerability will cause buffer overflow. The research on the relationship between them will help us to detect integer overflow vulnerability. We present a dynamic analysis methods RICB (Run-time Integer Checking via Buffer overflow). Our approach includes decompile execute file to assembly language; debug the execute file step into and step out; locate the overflow points and checking buffer overflow caused by integer overflow. We have implemented our approach in three buffer overflow types: format string overflow, stack overflow and heap overflow. Experiments results show that our approach is effective and efficient. We have detected more than 5 known integer overflow vulnerabilities via buffer overflow.
基金Supported by the National Natural Science Foun-dation of China(60573031) the Foundation of National Laboratoryfor Modern Communications(51436060205J W0305) the Founda-tion of Senior Visiting Scholarship of Fudan University
文摘Timing attacks break a cryptosystem by time measurement to recover keys. Most available countermeasures protect block ciphers based on the safety of modules. This paper gives a complete definition of timing attacks and studies the vulnerability of operations and modules on timing attacks. We present a method to transfer the security of the algorithm to that of secure operations by reduction. As a result, we hopefully tend to reconcile the provable security notions and modem cryptography with real-world implementations of block ciphers.
基金Acknowledgements: This paper is supported by National Natural Science Foundation of China (No. 60203012) and Shanghai Rising-Star Project (No. 02QD14027).
基金Supported by the National High Technology Research and Development Program of China (863 Program)(2006AA01Z405)
文摘The CLC protocol (proposed by Tzung-Her Chen, Wei-Bin Lee and Hsing-Bai Chen, CLC, for short) is a new three-party password-authenticated key exchange (3PAKE) protocol. This CLC protocol provides a superior round efficiency (only three rounds), and its resources required for computation are relatively few. However, we find that the leakage of values VA and VB in the CLC protocol will make a man-in-the-middle attack feasible in practice, where VA and VB are the authentication information chosen by the server for the participants A and B. In this paper, we describe our attack on the CLC protocol and further present a modified 3PAKE protocol, which is essentially an improved CLC protocol. Our protocol can resist attacks available, including man-in-the-middle attack we mount on the initial CLC protocol. Meanwhile, we allow that the participants choose their own pass- words by themselves, thus avoiding the danger that the server is controlled in the initialization phase. Also, the computational cost of our protocol is lower than that of the CLC protocol.