Showing papers on "Collision attack published in 2018"

Trust-Based Distributed Authentication Method for Collision Attack Avoidance in VANETs

Abstract: A vehicular ad hoc network (VANET) is a collection of mobile vehicles that aids roadside communication through vehicle-to-vehicle and vehicle-to-infrastructure operation modes. The network is autonomous and, hence, requires a wide range of security measures to protect its communications from attack. Recent studies on VANET security have focused on resolving the issues due to computation and distribution density of the vehicles. Probability distribution measures have been administered for detecting collision attacks, which increases the computational complexity. In this paper, a trust-based distributed authentication (TDA) method that relies on a global trust server and vehicle behavior for avoiding collision attacks is proposed. This method ensures both inter-vehicular and intra-vehicular communication security in the network. In addition, a channel state routing protocol (CSRP) is proposed to improve the communication reliability among the vehicles. Reliable vehicles are identified according to the on-board unit (OBU) energy and the channel state of the vehicle to deliver seamless communication. The biased methods are assimilated to improve the communication reliability by avoiding collision attacks and improving secured packets flow in VANETs. In particular, the CSRP minimizes the energy exploitation of OBUs and time delay. TDA improves the security of the network by improving the collision recognition rate and the broadcast rate.

Earthquake — A NoC-based optimized differential cache-collision attack for MPSoCs

Abstract: Multi-Processor Systems-on-Chips (MPSoCs) are a platform for a wide variety of applications and use-cases. The high on-chip connectivity, the programming flexibility, and the reuse of IPs, however, also introduce security concerns. Problems arise when applications with different trust and protection levels share resources of the MPSoC, such as processing units, cache memories and the Network-on-Chip (NoC) communication structure. If a program gets compromised, an adversary can observe the use of these resources and infer (potentially secret) information from other applications. In this work, we explore the cache-based attack by Bogdanov et al., which infers the cache activity of a target program through timing measurements and exploits collisions that occur when the same cache location is accessed for different program inputs. We implement this differential cache-collision attack on the MPSoC Glass and introduce an optimized variant of it, the Earthquake Attack, which leverages the NoC-based communication to increase attack efficiency. Our results show that Earthquake performs well under different cache line and MPSoC configurations, illustrating that cache-collision attacks are considerable threats on MPSoCs.

Fast Near Collision Attack on the Grain v1 Stream Cipher

Abstract: Modern stream ciphers often adopt a large internal state to resist various attacks, where the cryptanalysts have to deal with a large number of variables when mounting state recovery attacks. In this paper, we propose a general new cryptanalytic method on stream ciphers, called fast near collision attack, to address this situation. It combines a near collision property with the divide-and-conquer strategy so that only subsets of the internal state, associated with different keystream vectors, are recovered first and merged carefully later to retrieve the full large internal state. A self-contained method is introduced and improved to derive the target subset of the internal state from the partial state difference efficiently. As an application, we propose a new key recovery attack on Grain v1, one of the 7 finalists selected by the eSTREAM project, in the single-key setting. Both the pre-computation and the online phases are tailored according to its internal structure, to provide an attack for any fixed IV in \(2^{75.7}\) cipher ticks after the pre-computation of \(2^{8.1}\) cipher ticks, given \(2^{28}\)-bit memory and about \(2^{19}\) keystream bits. Practical experiments on Grain v1 itself whenever possible and on a 80-bit reduced version confirmed our results.

MD5 Secured Cryptographic Hash Value

Abstract: Over the past two decades, significant researches have been done in analyzing the MD5 algorithm to address its collision problem. This paper enhanced the original MD5 by adding four logical operations to increase the security of the message to become free from collision attack. To test the enhanced algorithm, different data with collision problems using the MD5 Collision generator were used. The avalanche effect was measured, and the result provided more than 50%-bit change. The enhanced MD5 was also tested against dictionary attack using online cracking tools and these tools failed to crack and revert the message digest into plain text. Overall, the enhanced algorithm mitigated the collision problem of MD5.

Fast Near Collision Attack on the Grain v1 Stream Cipher.

Abstract: Modern stream ciphers often adopt a large internal state to resist various attacks, where the cryptanalysts have to deal with a large number of variables when mounting state recovery attacks. In this paper, we propose a general new cryptanalytic method on stream ciphers, called fast near collision attack, to address this situation. It combines a near collision property with the divide-and-conquer strategy so that only subsets of the internal state, associated with different keystream vectors, are recovered first and merged carefully later to retrieve the full large internal state. A self-contained method is introduced and improved to derive the target subset of the internal state from the partial state difference efficiently. As an application, we propose a new key recovery attack on Grain v1, one of the 7 finalists selected by the eSTREAM project, in the single-key setting. Both the pre-computation and the online phases are tailored according to its internal structure, to provide an attack for any fixed IV in \(2^{75.7}\) cipher ticks after the pre-computation of \(2^{8.1}\) cipher ticks, given \(2^{28}\)-bit memory and about \(2^{19}\) keystream bits. Practical experiments on Grain v1 itself whenever possible and on a 80-bit reduced version confirmed our results.

Mitigation and Improving SHA-1 Standard Using Collision Detection Approach

Abstract: This paper introduces a collision detection methodology and an improved version of Secure Hash Algorithm (SHA-1) standard. The proposed work helps to protect weak primitives from any possible collision attack. Two designs are implemented to help protect and improve SHA-1 standard. The first design employs near collision detection approach that was proposed by Marc Stevens. The second design is the proposed work that employs two block calculation schemes. Both designs are tested and verified for examples of collided messages. The designs can detect the collision probability and produce a different hash for weak messages that are susceptible to collision attack.

Right or wrong collision rate analysis without profiling: full-automatic collision fault attack

Abstract: In CHES 2010, Fault Sensitivity Analysis (FSA) on Advanced Encryption Standard (AES) hardware circuit based on S-box setup-time acquired by injecting clock glitches is proposed. Soon after, some improvements of FSA were presented such as colliding timing characteristics from Moradi et al. However, the acquisition of timing characteristics requires complex procedure due to the very gradual decrease of clock glitch cycle and the heavy requirements of setup-time samples. In HOST 2015, Wang et al. presented template-based right or wrong collision rate attack to improve the efficiency of FSA, but its profiling and plaintexts-choice procedures required too many encryptions. In this paper, we fix only one specific clock glitch cycle, and take the right or wrong collision rate as a collision distinguisher. So, the whole process is a non-profiling collision attack which can be executed automatically without massive pre-computations and interactions between PC and signal generator. According to the experiments, 256 encryptions are enough for exactly deciding whether two plaintext bytes can induce an S-box collision. Compared with the existing power analysis and FSA-based attacks on AES hardware, it costs negligible time (about 6.65 s) and storage space (only one byte), and no offline computations for finding the collision between two masked S-boxes. Furthermore, our study shows that the signal-to-noise ratio in FSA-based attacks is much higher than power-based attacks.

Entropy Reduction for the Correlation-Enhanced Power Analysis Collision Attack

Abstract: Side Channel Attacks are an important attack vector on secure AES implementations. The Correlation-Enhanced Power Analysis Collision Attack by Moradi et al. [MME10] is a powerful collision attack that exploits leakage caused by collisions in between S-Box computations of AES. The attack yields observations from which the AES key can be inferred. Due to noise, an insufficient number of collisions, or errors in the measurement setup, the attack does not find the correct AES key uniquely in practice, and it is unclear how to determine the key in such a scenario. Based on a theoretical analysis on how to quantify the remaining entropy, we derive a practical search algorithm. Both our theoretical analysis and practical experiments show that even in a setting with high noise or few available traces we can either successfully recover the full AES key or reduce its entropy significantly.

Cryptanalysis of 1-Round KECCAK

Abstract: In this paper, we give the first pre-image attack against 1-round KECCAK-512 hash function, which works for all variants of 1-round KECCAK. The attack gives a preimage of length less than 1024 bits by solving a system of 384 linear equations. We also give a collision attack against 1-round KECCAK using similar analysis.

Improved MD5 through the extension of 1024 Message Input Block

Abstract: MD5 cryptographic hash function is greatly affected by collision vulnerability and as a result dramatically affects not only the security of the message but most importantly the integrity of the data. In this study, a new method for the padding process of the original message was introduced and additional operations on the internal processes are implemented. The result of the computing simulation indicates that the extension of the message block from 512 to 1024-bit blocks and expansion of the length of the resulting value per round from 32 to 64 bits together with added operations increases the security of the modified message digest hash function. An evaluation on the produced hash value has been conducted using the avalanche effect test that resulted to a value of 56.91 and randomness test to assess the randomization value into which a remarkable output of 56.45 and 55.93 respectively has been obtained into which it has considerably been attested that collision concern has been addressed.

Privacy preserving secret key extraction protocol for multi-authority attribute-based encryption techniques in cloud computing

Abstract: In the existing privacy-preserving multi-authority attribute-based encryption (MA-ABE) techniques, the users receive their secret keys from multiple authorities, where each authority maintains a different set of user attributes with major control established by a central authority (CA), who manages all the attribute-related activities (causes collision attack). Also, as the secret key is derived from user sensitive attributes, the authorities may collect and analyse the user attributes to recognise a user's identity which leads to compromised key attack and insider attack. In order to solve these issues, we propose a privacy preserving secret key extraction (PPSE) protocol, which stores user attributes in fuzzy attribute set format over hash index. This enables easier extraction of the secret key from outsourced user attributes and it eliminates the need for the involvement of a central authority for user attribute management. We implemented PPSE using Charm crypto (Akinyele et al., 2013) and the experimental results show that our scheme provides higher levels of user access provision with improved security and privacy.

T_SM: Elliptic Curve Scalar Multiplication Algorithm Secure Against Single-Trace Attacks

Abstract: At present, Elliptic Curve Digital Signature Algorithm (ECD-SA) is extensively used because its implementation can be achieved more efficiently with the same security level compared to RSA and Digital Signature Algorithm (DSA). In particular, blockchain and Fast IDentity Online (FIDO), which are attracting attention as key infrastructure technologies to lead the fourth industrial revolution, use ECDSA. However, scalar multiplication, which is the main operation of ECDSA, has been reported to be vulnerable to side-channel attacks that use only a single-trace. Notably, there is no perfectly secure countermeasure against Collision Attack (CA), which is the main form of attack using a single-trace. As the attacks become more and more sophisticated and powerful, such as CA, taking countermeasures against them is required. Thus, in this paper, we propose a new scalar multiplication algorithm called the T_SM method. It is secure against Simple Power Analysis (SPA) and Key Bit-dependent Attack (KBA). In particular, the T_SM method can fully cope with CA. To the best of our knowledge, the T_SM method is the first countermeasure against SPA, CA, and KBA. Although it requires memory for pre-computation tables, it has a computational advantage when we apply it to cryptosystems, such as ECDSA, which use ordinary scalar multiplication based on a fixed point P and random scalar k. The main operation consists of the smallest number of operations compared with existing scalar multiplication algorithms in which P is fixed.

Enhancing MD5 Collision Susceptibility

Abstract: Collision vulnerability of MD5 cryptographic hash function greatly affects the data integrity and authenticity of the hash value. In this study, the researchers introduced a new method for the padding process of the original message and implemented additional operations in the cryptographic hash function of MD5. The simulation results show that the enhancements made in the message digest hash function have provided additional security in generating hash value. The avalanche results provided good impact in protecting the integrity of the new message digest hash value. The randomness test obtained impressive random hash generation. More importantly, the enhancements have addressed MD5 collision susceptibility.

A Novel Multiple-Bits Collision Attack Based on Double Detection with Error-Tolerant Mechanism

Abstract: Side-channel collision attacks are more powerful than traditional side-channel attack without knowing the leakage model or establishing the model. Most attack strategies proposed previously need quantities of power traces with high computational complexity and are sensitive to mistakes, which restricts the attack efficiency seriously. In this paper, we propose a multiple-bits side-channel collision attack based on double distance voting detection (DDVD) and also an improved version, involving the error-tolerant mechanism, which can find all 120 relations among 16 key bytes when applied to AES (Advanced Encryption Standard) algorithm. In addition, we compare our collision detection method called DDVD with the Euclidean distance and the correlation-enhanced collision method under different intensity of noise, which indicates that our detection technique performs better in the circumstances of noise. Furthermore, 4-bit model of our collision detection method is proven to be optimal in theory and in practice. Meanwhile the corresponding practical attack experiments are also performed on a hardware implementation of AES-128 on FPGA board successfully. Results show that our strategy needs less computation time but more traces than LDPC method and the online time for our strategy is about 90% less than CECA and 96% less than BCA with 90% success rate.

New method and system for selecting plaintext combined attack by CRT-RSA

Abstract: The invention belongs to the field of information security, and discloses a new method and system for selecting a plaintext combined attack by CRT-RSA. In the attack process, the dp and dq of the CRT-RSA algorithm are used as targets, and then the private key parameters p, q are derived; during the plaintext collision attack process, multiple sets of plaintext pairs are selected and superimposed,and the modular multiplication power consumption difference is subjected to secondary treatment as the collision classification set; in the attack process, combined with the access number power consumption power exponent Hamming weight information leakage in the CRT-RSA modular power exponentiation process, the modular multiplication power segmentation is performed, and the plaintext collision attack is selected by segments. The invention combines other information leakage in the process of CRT-RSA modular exponentiation (such as access number power consumption power exponent Hamming weight information leakage), performs modular multiplication power segmentation, implements segmented selection of plaintext collision attacks, and can avoid local collision attack errors, which improves the attack accuracy. Finally, the private key parameters p, q are derived, and the private key d value is restored.