Authenticated encryption

About: Authenticated encryption is a research topic. Over the lifetime, 1328 publications have been published within this topic receiving 25968 citations. The topic is also known as: AEAD & Authenticated Encryption with Associated Data.

On masked galois-field multiplication for authenticated encryption resistant to side channel analysis

Abstract: This paper presents a side-channel attack on masked Galois-field (GF) multiplication used in authenticated encryptions including AES-GCM and a new countermeasure against the proposed attack. While the previous side-channel attack is likely to recover the full key of GHASH in AES-GCM, no countermeasure has been discussed and evaluated until now. In this paper, we first apply a straightforward masking countermeasure to GF multiplication for GHASH and show that the masked GF multiplication is resistant to the previous attack. We then show the straightforward masked GHASH can be defeated by a new attack utilizing the variance of power trace. The feasibility of the new attack is demonstrated by an experiment with power traces measured from a smart card operating the masked GHASH. Finally, we propose a new masking countermeasure against the proposed attack.

Construction and uses of variable-input-length tweakable ciphers

Abstract: Innovations in the construction and use of variable-input-length tweakable ciphers ("VILTCs"). In some cases, a VILTC uses an initialization vector that is protected from exposure outside an encryption/decryption system in order to provide enhanced security with efficient performance. For example, a system for encryption and/or decryption includes two fixed-input-length tweakable block ciphers ("FIL TBCs") and a VILTC. The first FIL TBC is adapted to produce a fixed-length initialization vector. The VILTC is adapted to produce a variable-length output string using the fixed-length initialization vector as a tweak. The second FIL TBC is adapted to produce a fixed-length output string. In this way, the first FIL TBC and the second FIL TBC protect the fixed-length initialization vector from exposure outside the system. In other cases, a VILTC is used for a reliable and efficient implementation of authenticated encryption/decryption with associated data.

Practical evaluation of code injection in encrypted firmware updates

Abstract: Several firmware update mechanisms in microcontrollers still make use of confidentiality-only block cipher modes, ultimately lulling the users into a false sense of security. In this work we show how easy it is to apply well known malleability attacks to successfully inject arbitrary code into an encrypted firmware image. We demonstrate this vulnerability by attacking the Advanced Encryption Standard in Cipher Block Chaining mode on an ARM-based microcontroller. The attack makes use of patterns in the structure of the firmware image to obtain known-plaintexts which may be used to modify an encrypted image. Subsequently, malicious code may be injected to extract the memory contents of the device. This work shall help motivate the use of authenticated encryption modes even in resource constrained devices.

Authenticated encryption device with wireless communication function

Abstract: The utility model relates to the technical field of identity authentication, and particularly relates to an authenticated encryption device with a wireless communication function. According to the authenticated encryption device, various terminal users are connected with a bank server by using a special safety encryption authenticated device. The authenticated encryption device has a direct working mode and an indirect working mode. The direct working mode refers to a mode that the device provided by the utility model and a terminal device are respectively connected with the bank server to form two different SSL (Secure Sockets Layer) communication links. The indirect working mode refers to a mode that the device provided by the utility model is provided with a USB (Universal Serial Bus) interface, and is connected with the terminal device through a USB data wire, so as to form an SSL communication link. The device provided by the utility model not only can ensure the security of an electronic bank transaction, but also is adaptive to various terminals simultaneously, so that the safety authentication of the electronic bank transaction is unrelated to the terminal type. The authenticated encryption device with the wireless communication function has the advantages that not only can the long-distance audit be realized by using the direct working mode, but also the near-distance audit can be realized by using the indirect working mode. The problem that a conventional safe authenticated encryption device is inconvenient to use can be solved. The authenticated encryption device with the wireless communication function has the beneficial effects that the problem that an E-bank transaction is unrelated to the terminal type can be solved on the premise of the safe transaction; and the strong applicability is realized.