Showing papers on "Authenticated encryption published in 2023"

MGM beyond the birthday bound

Abstract: In this work we study the security of Russian authenticated encryption with associated data mode that is known as MGM. We examine the mode properties under the condition that we have $$\mathcal {O}\left( 2^{n/2} \right) $$ queries, where n is the state size of the used block cipher. Two attacks that are based on birthday paradox are proposed. One of these attacks does not reuse nonse and allows you to generate a message with the correct authentication code without knowing the secret key. It should be noted that the number of protected information on one key with MGM mode does not exceed $$2^{n/2}$$ bits.

Secure and Efficient Certificateless Searchable Authenticated Encryption Scheme Without Random Oracle for Industrial Internet of Things

Abstract: Today, the development of the Industrial Internet of Things (IIoT) has led to a rapid increase in industrial data. More and more industrial enterprises outsource local data to cloud service providers. To ensure the security of user data, encryption technology is necessary. Certificateless searchable authenticated encryption (CLSAE) can solve the problem of ciphertext retrieval for the IIoT. The security of most of the existing CLSAE schemes is proved in the random oracle model, but these schemes may have security risks in real application scenarios. We provide a new CLSAE scheme, which can resist both inside and outside keyword guessing attacks, and its security is proved in the standard model. We compare the scheme proposed in this article with other existing CLSAE schemes. Not using expensive operations, the new scheme is more efficient and more in line with the needs of the IIoT.

A Comprehensive Review of Lightweight Authenticated Encryption for IoT Devices

Abstract: Internet of Things (IoT) is a promising technology for creating smart environments, smart systems, and smart services. Since security is a fundamental requirement of IoT platforms, solutions that can provide both encryption and authenticity simultaneously have recently attracted much attention from academia and industry. This article analyses in detail state-of-the-art lightweight authenticated encryption (LAE) targeted to IoT systems. This work provides a thorough description of the algorithms, and the study systematically classifies them to facilitate understanding of relevant intricacies of the schemes. Among reviewed algorithms, there is a trade-off to retain design security, resources cost, and efficient performance. ACORN is the effective scheme on various platforms in terms of utilization of resources and power consumption, while MORUS and AES-CLOC are the fastest in hardware platforms. However, they are susceptible to misuse despite their resistance to side channel attacks. In contrast, JOLTICK, PRIMATESs, COLM, DeoxysII, OCB, and AES-JAMBU are provably resistant to nonce misuse. The challenges for possible future research are summarized. Overall, the article provides researchers and developers with practical guidance on various design aspects and limitations as well as open research challenges in the current lightweight authenticated encryption for IoT.

Old School, New Primitive: Towards Scalable PUF-based Authenticated Encryption Scheme in IoT

Abstract: The Internet of Things (IoT) facilitates the information exchange between people and smart devices. It needs cryptographic measures to secure its communications and interconnected objects. However, cyber-physical attacks pose a great challenge to the protection of secret keys inside. Physically Unclonable Function (PUF) is a promising hardware primitive with unclonable structures providing tamper evidence for a device. Moreover, a PUF instance has a unique set of randomized challenge-response pairs. Although it can be integrated into a security scheme to replace long-term keys, designing a dedicated PUF-based cryptographic algorithm that supports peer-to-peer communication remains a challenging field to explore. In this paper, we propose SPEAR, a scalable PUF-based authenticated encryption scheme that uses no cryptographic primitives other than PUF and hash functions. SPEAR can be deployed on peer IoT devices that have performed a handshake protocol to obtain shared credentials. Its security under the chosen ciphertext attack is formally proved using the game-playing technique, and it is still secure when attackers physically extract the credentials. In addition, we give a variant, xSPEAR, to involve associated data and avoid the nonce reuse problem. Compared to other PUF-based ciphers, it performs better in terms of storage overhead and PUF evaluation times. SPEAR first realizes scalable authenticated encryption based on PUF and can be a practical solution for IoT.

Structure improvement scheme of authentication encryption algorithm SAEAES

Abstract: With the rapid development of authenticated encryption (AE) algorithms in recent years, especially after the CAESAR (Competition for Authenticated Encryption: Security, Applicability and Robustness) competition was launched, a large number of excellent authenticated encryption algorithms have emerged, making the analysis of authenticated encryption algorithms a hot research issue. The CAESAR competition was launched under the sponsorship of IACR in 2014, aiming to collect excellent authentication encryption algorithms from all over the world. SAEAES is a relatively excellent authentication encryption algorithm in the CAESAR competition. In this paper, the sponge structure of SAEAES is improved by introducing the MD (Merkle Damgard) iterative structure. At the same time, in order to improve the ability to resist collision attacks, fixed point attacks and cluster attacks, the MD iterative structure itself is also improved.

Enhanced and authenticated cipher block chaining mode

Abstract: Due to the increased attacks on different applications, data security has become crucial. Many modes can be used to operate the advanced encryption standard (AES), some of which provide integrity, and some outperform other modes in security and simplicity. In this paper, the chain block cipher (CBC) mode has been modified to provide more security to the encrypted data by making it robust against the bit-flipping attack and adding an integrity approach using the keyedhash function. In addition, using the keyd-hash function increases the number of keys needed in CBC-AES to two keys, and this can make the proposed model more secure against bruteforce attacks and Grover’s quantum search algorithm.

A note on LASSI: a lightweight authenticated key agreement protocol for fog-enabled IoT deployment

Abstract: Abstract We show that the scheme [Int. J. Inf. Sec., 21(6), 1373-1387] is flawed, in which the user encrypts the temporary ID using a symmetric key encryption in order to achieve the anonymity target. If the shared key for such a symmetric key encryption is really available, the scheme can be greatly simplified. We want to stress that the ultimate use of a key agreement scheme is just to establish a shared key for some symmetric key encryption, but not vise versa.

Authenticated Encryption Engine for IoT Application

Abstract: With the increase of connected devices in IoT paradigm for various domains that include wireless sensor networks, edge computing, embedded systems. Hence the cryptographic primitives deployed on these devices have to be lightweight as the devices used are low cost and low energy. The cryptographic techniques and algorithms for data confidentiality only aim at providing data privacy, but the authenticity of the data is not being addressed. Hence Authenticated Encryption (AE) is used to provide a higher level of security. Authenticated encryption is a scheme used to provide authenticity along with confidentiality of the data. In this pper, AE is implemented using a lightweight PRESENT encryption algorithm and hashing SPONGENT algorithm. These algorithms have the smallest foot-print compared to other lightweight algorithms. The proposed design uses a PRESENT block cipher for the key size variants of 80 bits and 128 bits for a block size of 64-bit and SPONGENT variants of 88, 128, and 256 bits for authentication. Simulation, analysis, inference, and synthesis of the proposed architectures i.e. Encryption then MAC (EtM) is implemented on the target platform ARTY A7 100T. A comparative analysis states that the combination of the PRESENT 80 block cipher and SPONGENT 88 variant is best suited for the resource-constrained Internet of Things applications as the world is slowly approaching the brink of mankind’s next technological revolution.

Sponge-based Parallel Authenticated Encryption with Variable Tag length and Side-Channel Protection

Abstract: Authenticated Encryption (AE) protects confidentiality and integrity at the same time. The sponge construction is based on an iterated permutation or transformation that can be used to implement hashing, and AE schemes, among others. Sponge-based AE schemes offer desirable characteristics like parallelizability and incrementality. In addition, they provide security features such as protection against Chosen Plaintext Attacks, Chosen-Ciphertext Attacks, and Side-Channel Attacks (SCAs). Traditionally AE schemes assume the tag length, also called the stretch, as a fixed parameter per key, and the security is proved according to that assumption. However, the variable tag length per key could happen due to misconfiguration or misuse. In that case, the security would be violated, so it is vital to accommodate variable tag length without sacrificing other desirable features. Reyhanitabar et al. proposed Key Equivalent Separation by Stretch feature and concretized it for protection against tag length misuse attacks in block cipher-based AE schemes. However, the problem remains unresolved for sponge-based constructions, where current sponge-based schemes are vulnerable to tag length variation under the same key attacks. This work aims to bridge this gap by proposing a parallel, sponge-based AE scheme with a variable tag length per key that protects against SCAs and suggesting a lower bound for the recommended tag length. Finally, the security of the proposed scheme is discussed, and its performance is analyzed after implementing the proposed AE scheme in the C programming language.

A Break Of Barrier To Classical Differential Fault Attack On The Nonce-Based Authenticated Encryption Algorithm

Abstract: It had always been believed that there was an inherent barrier to Differential Fault Attack (DFA) on the nonce-based authenticated encryption algorithm. At CHES 2016, Saha et al. proposed an Internal Differential Fault Attack on a parallelizable counter-mode algorithm. They induce the attack to classical DFA at the expense of one more fault injection in every encryption process. In this paper, we propose the DFA on HYENA, which is a nonce-based authenticated encryption mode for GIFT-128. Our work is the first pure classical DFA on a nonce-based authenticated encryption algorithm with only one fault injected in every decryption process. Firstly, we give the DFA on GIFT-128 with a fault injected into the 39th-round input. Based on this work, we inject a fault in the underlying GIFT-128 of a HYENA decryption process and make this decryption process still generate the correct tag and output plaintext. This makes the necessary conditions of DFA satisfied. Experiments show that at most 56 key bits of HYENA can be recovered with only a few faulty ciphertexts. In addition, our fault injection is easier to achieve than most other work about fault attack, because the injection location is relatively random and the fault type can be arbitrary. It should be noted that the left 72 key bits cannot be recovered in this way.

QCB is Blindly Unforgeable

Abstract: QCB is a proposal for a post-quantum secure, rate-one authenticated encryption with associated data scheme (AEAD) based on classical OCB3 and $$\varTheta $$ CB, which are vulnerable against a quantum adversary in the Q2 setting. The authors of QCB prove integrity under plus-one unforgeability, whereas the proof of the stronger definition of blind unforgeability has been left as an open problem. After a short overview of QCB and the current state of security definitions for authentication, this work proves blind unforgeability of QCB. Finally, the strategy of using tweakable block ciphers in authenticated encryption is generalised to a generic blindly unforgeable AEAD model.

Leakage-Resilient Certificateless Signcryption Scheme Under a Continual Leakage Model

Abstract: Signature can be used to verify the integrity of both a message and the identity of a signer, whereas encryption can be used to ensure the confidentiality of a message. In the past, cryptography researchers have studied and proposed numerous certificateless signcryption (CLSC) schemes to combine the benefits of both signature and encryption. However, these schemes may not be robust enough to withstand side-channel attacks. Through such attacks, an attacker can constantly retrieve a portion of a private key of the system, and could eventually recover the entire private key. Leakage-resilient certificateless signcryption (LR-CLSC) can ensure its security when the attacker launches such attacks. As far as we know, the existing LR-CLSC schemes can only guarantee the security under a bounded leakage model, where the portion of the private key that an attacker can obtain through side-channel attacks is limited. In this paper, we propose the $first$ LR-CLSC scheme under a continual leakage model. Also, we demonstrate the proposed scheme is secure for the existential unforgeability and the ciphertexts indistinguishability against attackers with side-channel attacking abilities.

Encryption and Authentication in Smart Transducers Implemented in RISC-V Softcore Processors

Abstract: The safety of transducers is critical in their industrial use. In a growing connectivity scenario, a security breach can be maliciously exploited. Implemented in software, the messages using the ChaCha20 and Poly1305 algorithms have high computational costs. Verilog implementations of these algorithms add encryption and authentication peripherals to a RISC-V softcore, releasing computational power in an IEEE 1451 transducer. The presented concept is implemented in a Nexys A7 FPGA board, using RVfpgaNexys softcore implementation.

A New Authentication Protocol for Hardware-Based Authentication Systems in an IoT Environment

Abstract: Many companies have recently introduced smart IoT and wearable devices. Most of these devices have sensors that interact with them as well as features that enable them to connect to the Internet. However, if proper security and safety are not considered, the extent of damage will be greatly increased. This research work proposes a novel authentication scheme for two devices that can mutually authenticate and use dynamic keys for encryption and decryption based on the AES-GCM authenticated encryption algorithm. The security framework of the proposed scheme demonstrates that it is resistant to a variety of common attacks and enhances security in an IoT environment.

Reconsidering Generic Composition: the modes A10, A11 and A12 are insecure

Abstract: Authenticated Encryption ( $$\textsf{AE}$$ ) achieves privacy and authenticity with a single scheme. It is possible to obtain an $$\textsf{AE}$$ scheme gluing together an encryption scheme (privacy secure) and a Message Authentication Code (authenticity secure). This approach is called generic composition and its security has been studied by Namprempre et al. [20]. They looked into all the possible gluings of an encryption scheme with a secure $$\textsf{MAC}$$ to obtain a nonce-based $$\textsf{AE}$$ -scheme. The encryption scheme is either $$\textsf{IV}$$ -based (that is, with an additional random input, the initialization vector [ $$\textsf{IV}$$ ]) or nonce-based (with an input to be used once, the nonce). Nampremepre et al. assessed the security/insecurity of all possible composition combinations except for 4 (N4, A10, A11 and A12). Berti et al. [9] showed that N4 is insecure and that the remaining modes (A10, A11, and A12) are either all secure or insecure. Here, we prove that these modes are all insecure with a counterexample.

Enhanced and authenticated cipher block chaining mode

Abstract: Due to the increased attacks on different applications, data security has become crucial. Many modes can be used to operate the advanced encryption standard (AES), some of which provide integrity, and some outperform other modes in security and simplicity. In this paper, the chain block cipher (CBC) mode has been modified to provide more security to the encrypted data by making it robust against the bit-flipping attack and adding an integrity approach using the keyedhash function. In addition, using the keyd-hash function increases the number of keys needed in CBC-AES to two keys, and this can make the proposed model more secure against bruteforce attacks and Grover’s quantum search algorithm.

Lightweight and flexible hardware implementation of authenticated encryption algorithm SIMON‐Galois/Counter Mode

Abstract: This brief proposes a new lightweight authenticated encryption algorithm SIMON-GCM for Internet of Things (IoT) security, which realizes the combination of SIMON block cipher and Galois/Counter Mode (GCM). The designed SIMON circuit supports 128/192/256-bit key size, which improves the flexibility and enlarges the range of applications. Moreover, the scheme of 32-cycle Galois field (GF) multiplier in GF(2128) is adopted to effectively reduce the hardware cost of the Galois Hash (GHASH) function in GCM. At the same time, a finite state machine (FSM) is used to run the SIMON and GHASH modules in parallel, thus shortening the authenticated encryption time. The whole circuit is designed and implemented in field programmable gate array (FPGA) platforms. It is measured to yield a throughput of 32.4 Gbps when consuming 331 slices in Artix-7. Compared with the existing authenticated encryption algorithms, the proposed algorithm achieves lower resource consumption and better flexibility.