Authenticated encryption

About: Authenticated encryption is a research topic. Over the lifetime, 1328 publications have been published within this topic receiving 25968 citations. The topic is also known as: AEAD & Authenticated Encryption with Associated Data.

Authenticated secret key generation in delay-constrained wireless systems

Abstract: With the emergence of 5G low-latency applications, such as haptics and V2X, low-complexity and low-latency security mechanisms are needed. Promising lightweight mechanisms include physical unclonable functions (PUF) and secret key generation (SKG) at the physical layer, as considered in this paper. In this framework, we propose (i) a zero round trip time (0-RTT) resumption authentication protocol combining PUF and SKG processes, (ii) a novel authenticated encryption (AE) using SKG, and (iii) pipelining of the AE SKG and the encrypted data transfer in order to reduce latency. Implementing the pipelining at PHY, we investigate a parallel SKG approach for multi-carrier systems, where a subset of the subcarriers are used for SKG and the rest for data transmission. The optimal solution to this PHY resource allocation problem is identified under security, power, and delay constraints, by formulating the subcarrier scheduling as a subset-sum 0−1 knapsack optimization. A heuristic algorithm of linear complexity is proposed and shown to incur negligible loss with respect to the optimal dynamic programming solution. All of the proposed mechanisms have the potential to pave the way for a new breed of latency aware security protocols.

Nonlinear Invariant Attack

Abstract: In this paper we introduce a new type of attack, called nonlinear invariant attack. As application examples, we present new attacks that are able to distinguish the full versions of the tweakable block ciphers Scream, iScream and Midori64 in a weak-key setting. Those attacks require only a handful of plaintext-ciphertext pairs and have minimal computational costs. Moreover, the nonlinear invariant attack on the underlying tweakable block cipher can be extended to a ciphertext-only attack in well-known modes of operation such as CBC or CTR. The plaintext of the authenticated encryption schemes SCREAM and iSCREAM can be practically recovered only from the ciphertexts in the nonce-respecting setting. This is the first result breaking a security claim of SCREAM. Moreover, the plaintext in Midori64 with well-known modes of operation can practically be recovered. All of our attacks are experimentally verified.

Authenticated encryption for FPGA bitstreams

Abstract: FPGA bitstream encryption blocks theft of the design in the FPGA bitstream by preventing unauthorized copy and reverse engineering. By itself, encryption does not protect against tampering with the bitstream, so without additional capabilities, bitstream encryption cannot prevent the FPGA from executing an unauthorized bitstream. An unauthorized bitstream might be generated by trial and error to cause the FPGA to leak confidential data, including the decrypted bitstream. Strong authentication detects tampering with the bitstream, providing a root of trust that enables applications that require protection of sensitive data in a hostile environment. This paper describes the SHA HMAC-based bitstream authentication algorithm and protocol in Virtex-6 FPGAs and shows how they are integrated in the bitstream.

EscApe: Diagonal Fault Analysis of APE

Abstract: This work presents an adaptation of the classical diagonal fault attack on APE which is a member of the PRIMATEs family of authenticated encryption (AE) schemes. APE is the first nonce misuse-resistant permutation based AE scheme and is one of the submissions to the CAESAR competition. In this work we showcase how nonce reuse can be misused in the context of differential fault analysis of on-line authenticated encryption schemes like APE. Using the misuse, we finally present a diagonal fault attack on APE-80 that is able to reduce the key-search space from \(2^{160}\) to \(2^{25}\) using just two random uni-word (A word in this context is a 5-bit vector.) diagonal faults. Increasing the number of faults to \(4\) results in the unique identification of the key with a high probability. We find that both the AES-like internal permutation and the last round cipher-text output contribute to the reduction in key-space. We also provide theoretical analysis on the average reduction in the key-search space of the attack. To the best of our knowledge, this work reports the first fault analysis of a Sponge based mode of operation when used in the context of authenticated encryption.