1 S-polynomials eliminating the leading term Buchberger's criterion and algorithm 2 Wavelet Design construct wavelet filters 3 Proof of the Buchberger Criterion two lemmas proof of the Buchberger criterion termination and elimination

Gröbner Bases와 응용

Low Cost Cryptography.- Quark: A Lightweight Hash.- PRINTcipher: A Block Cipher for IC-Printing.- Sponge-Based Pseudo-Random Number Generators.- Efficient Implementations I.- A High Speed Coprocessor for Elliptic Curve Scalar Multiplications over .- Co-Z Addition Formulae and Binary Ladders on Elliptic Curves.- Efficient Techniques for High-Speed Elliptic Curve Cryptography.- Side-Channel Attacks and Countermeasures I.- Analysis and Improvement of the Random Delay Countermeasure of CHES 2009.- New Results on Instruction Cache Attacks.- Correlation-Enhanced Power Analysis Collision Attack.- Side-Channel Analysis of Six SHA-3 Candidates.- Tamper Resistance and Hardware Trojans.- Flash Memory 'Bumping' Attacks.- Self-referencing: A Scalable Side-Channel Approach for Hardware Trojan Detection.- When Failure Analysis Meets Side-Channel Attacks.- Efficient Implementations II.- Fast Exhaustive Search for Polynomial Systems in .- 256 Bit Standardized Crypto for 650 GE - GOST Revisited.- Mixed Bases for Efficient Inversion in and Conversion Matrices of SubBytes of AES.- SHA-3.- Developing a Hardware Evaluation Method for SHA-3 Candidates.- Fair and Comprehensive Methodology for Comparing Hardware Performance of Fourteen Round Two SHA-3 Candidates Using FPGAs.- Performance Analysis of the SHA-3 Candidates on Exotic Multi-core Architectures.- XBX: eXternal Benchmarking eXtension for the SUPERCOP Crypto Benchmarking Framework.- Fault Attacks and Countermeasures.- Public Key Perturbation of Randomized RSA Implementations.- Fault Sensitivity Analysis.- PUFs and RNGs.- An Alternative to Error Correction for SRAM-Like PUFs.- New High Entropy Element for FPGA Based True Random Number Generators.- The Glitch PUF: A New Delay-PUF Architecture Exploiting Glitch Shapes.- New Designs.- Garbled Circuits for Leakage-Resilience: Hardware Implementation and Evaluation of One-Time Programs.- ARMADILLO: A Multi-purpose Cryptographic Primitive Dedicated to Hardware.- Side-Channel Attacks and Countermeasures II.- Provably Secure Higher-Order Masking of AES.- Algebraic Side-Channel Analysis in the Presence of Errors.- Coordinate Blinding over Large Prime Fields.

Cryptographic hardware and embedded systems : CHES 2010 : 12th international workshop, Santa Barbara, USA, August 17-20, 2010 : proceedings

Internet of Things (IoT) is transforming everyone’s life by providing features, such as controlling and monitoring of the connected smart objects. IoT applications range over a broad spectrum of services including smart cities, homes, cars, manufacturing, e-healthcare, smart control system, transportation, wearables, farming, and much more. The adoption of these devices is growing exponentially, that has resulted in generation of a substantial amount of data for processing and analyzing. Thus, besides bringing ease to the human lives, these devices are susceptible to different threats and security challenges, which do not only worry the users for adopting it in sensitive environments, such as e-health, smart home, etc., but also pose hazards for the advancement of IoT in coming days. This article thoroughly reviews the threats, security requirements, challenges, and the attack vectors pertinent to IoT networks. Based on the gap analysis, a novel paradigm that combines a network-based deployment of IoT architecture through software-defined networking (SDN) is proposed. This article presents an overview of the SDN along with a thorough discussion on SDN-based IoT deployment models, i.e., centralized and decentralized. We further elaborated SDN-based IoT security solutions to present a comprehensive overview of the software-defined security (SDSec) technology. Furthermore, based on the literature, core issues are highlighted that are the main hurdles in unifying all IoT stakeholders on one platform and few findings that emphases on a network-based security solution for IoT paradigm. Finally, some future research directions of SDN-based IoT security technologies are discussed.

An In-Depth Analysis of IoT Security Requirements, Challenges, and Their Countermeasures via Software-Defined Security

Detection of Fault Data Injection Attack on UAV Using Adaptive Neural Network

In this paper, we introduce a new approach to side-channel key recovery, that combines the low time/memory complexity and noise tolerance of standard (divide and conquer) differential power analysis with the optimal data complexity of algebraic side-channel attacks. Our fundamental contribution for this purpose is to change the way of expressing the problem, from the system of equations used in algebraic attacks to a code, essentially inspired by low density parity check codes. We then show that such codes can be efficiently decoded, taking advantage of the sparsity of the information corresponding to intermediate variables in actual leakage traces. The resulting soft analytical side-channel attacks work under the same profiling assumptions as template attacks, and directly exploit the vectors of probabilities produced by these attacks. As a result, we bridge the gap between popular side-channel distinguishers based on simple statistical tests and previous approaches to analytical side-channel attacks that could only exploit hard information so far.

/pdf/soft-analytical-side-channel-attacks-2z0154rv2w.pdf

Soft Analytical Side-Channel Attacks

Algebraic fault analysis (AFA), which combines algebraic cryptanalysis with fault attacks, has represented serious threats to the security of lightweight block ciphers. Inspired by an earlier framework for the analysis of side-channel attacks presented at EUROCRYPT 2009, a new generic framework is proposed to analyze and evaluate algebraic fault attacks on lightweight block ciphers. We interpret AFA at three levels: 1) the target; 2) the adversary; and 3) the evaluator. We describe the capability of an adversary in four parts: 1) the fault injector; 2) the fault model describer; 3) the cipher describer; and 4) the machine solver. A formal fault model is provided to cover most of current fault attacks. Different strategies of building optimal equation set are also provided to accelerate the solving process. At the evaluator level, we consider the approximate information metric and the actual security metric. These metrics can be used to guide adversaries, cipher designers, and industrial engineers. To verify the feasibility of the proposed framework, we make a comprehensive study of AFA on an ultra-lightweight block cipher called LBlock. Three scenarios are exploited, which include injecting a fault to encryption, to key scheduling, or modifying the round number or counter. Our best results show that a single fault injection is enough to recover the master key of LBlock within the affordable complexity in each scenario. To verify the generic feature of the proposed framework, we apply AFA to three other block ciphers, i.e., Data Encryption Standard, PRESENT, and Twofish. The results demonstrate that our framework can be used for different ciphers with different structures.

A Framework for the Analysis and Evaluation of Algebraic Fault Attacks on Lightweight Block Ciphers

Algebraic side-channel attack (ASCA) is a powerful cryptanalysis technique different from conventional side-channel attacks. This paper studies ASCA from three aspects: enhancement, analysis and application. To enhance ASCA, we propose a generic method, called Multiple Deductions-based ASCA (MDASCA), to cope the multiple deductions caused by inaccurate measurements or interferences. For the first time, we show that ASCA can exploit cache leakage models. We analyze the attacks and estimate the minimal amount of leakages required for a successful ASCA on AES under different leakage models. In addition, we apply MDASCA to attack AES on an 8-bit microcontroller under Hamming weight leakage model, on two typical microprocessors under access driven cache leakage model, and on a 32-bit ARM microprocessor under trace driven cache leakage model. Many better results are achieved compared to the previous work. The results are also consistent with the theoretical analysis. Our work shows that MDASCA poses great threats with its excellence in error tolerance and new leakage model exploitation.

MDASCA: an enhanced algebraic side-channel attack for error tolerance and new leakage model exploitation

This paper proposes some techniques to improve algebraic fault analysis (AFA). First, we show that building the equation set for the decryption of a cipher can accelerate the solving procedure. Second, we propose a method to represent the injected faults with algebraic equations when the accurate fault location is unknown. We take Piccolo as an example to illustrate our AFA and compare it with differential fault analysis (DFA). Only one fault injection is required to break Piccolo with the improved AFA. Finally, we extend the proposed AFA to other lightweight block ciphers, such as MIBS, LED, and DES. For the first time, the full secret key of DES can be recovered with only a single fault injection.

Improved algebraic fault analysis: a case study on piccolo and applications to other lightweight block ciphers

This paper proposes a fault analysis technique on LED by combining algebraic cryptanalysis and differential fault analysis (DFA). The technique is called algebraic differential fault analysis (ADFA). In ADFA on LED, we use DFA to deduce the possible fault differences of the correct and faulty S-Box input in the last round, and convert them into algebraic equations. We then combine the equation set of LED with the injected fault and use the CryptoMiniSat solver to recover the secret key. Our experiments show that, on a common PC, ADFA can succeed on LED under the nibble-based fault model within three minutes and with only one fault injection, which is more efficient than previous DFA work. To evaluate DFA on LED, we first propose an improved evaluation algorithm of DFA, then provide a modified ADFA approach to compute the solutions for the secret key. The results are more accurate than previous work. We also successfully extend ADFA on LED to other fault models using a single fault injection, where traditional DFAs are difficult to launch.

Improving and Evaluating Differential Fault Analysis on LED with Algebraic Techniques

Algebraic side-channel attack (ASCA) is a typical technique that relies on a general solver to solve the equations of a cipher and its side-channel leaks. It falls under analytical side-channel attack and can recover the entire key at once. Many ASCAs are proposed against the AES, and they utilize the Grobner basis-based, SAT-based, or optimizer-based solver. The advantage of the general solver approach is its generic feature, which can be easily applied to different cryptographic algorithms. The disadvantage is that it is difficult to take into account the specialized properties of the targeted cryptographic algorithms. The results vary depending on what type of solver is used, and the time complexity is quite high when considering the error-tolerant attack scenarios. Thus, we were motivated to find a new approach that would lessen the influence of the general solver and reduce the time complexity of ASCA. This paper proposes a new analytical side-channel attack on AES by exploiting the incomplete diffusion feature in one AES round. We named our technique incomplete diffusion analytical side-channel analysis (IDASCA). Different from previous ASCAs, IDASCA adopts a specialized approach to recover the secret key of AES instead of the general solver. Extensive attacks are performed against the software implementation of AES on an 8-bit microcontroller. Experimental results show that: 1) IDASCA can exploit the side-channel leaks in all AES rounds using a single power trace; 2) it has less time complexity and more robustness than previous ASCAs, especially when considering the error-tolerant attack scenarios; and 3) it can calculate the reduced key search space of AES for the given amount of side-channel leaks. IDASCA can also interpret the mechanism behind previous ASCAs on AES from a quantitative perspective, such as why ASCA can work under unknown plaintext/ciphertext scenarios and what are the extreme cases in ASCAs.

/pdf/exploiting-the-incomplete-diffusion-feature-a-specialized-292jw3l8rw.pdf

Exploiting the Incomplete Diffusion Feature: A Specialized Analytical Side-Channel Attack Against the AES and Its Application to Microcontroller Implementations

Shize Guo

Papers

A Framework for the Analysis and Evaluation of Algebraic Fault Attacks on Lightweight Block Ciphers

MDASCA: an enhanced algebraic side-channel attack for error tolerance and new leakage model exploitation

Improved algebraic fault analysis: a case study on piccolo and applications to other lightweight block ciphers

Improving and Evaluating Differential Fault Analysis on LED with Algebraic Techniques

Exploiting the Incomplete Diffusion Feature: A Specialized Analytical Side-Channel Attack Against the AES and Its Application to Microcontroller Implementations