Techniques of Side Channel Cryptanalysis

Muir, James

January 2001

The traditional model of cryptography examines the security of cryptographic primitives as mathematical functions. This approach does not account for the physical side effects of using these primitives in the real world. A more realistic model employs the concept of a <I>side channel</I>. A side channel is a source of information that is inherent to a physical implementation of a primitive. Research done in the last half of the 1990s has shown that the information transmitted by side channels, such as execution time, computational faults and power consumption, can be detrimental to the security of ciphers like DES and RSA. This thesis surveys the techniques of side channel cryptanalysis presented in [Kocher1996], [Boneh1997], and [Kocher1998] and shows how side channel information can be used to break implementations of DES and RSA. Some specific techniques covered include the timing attack, differential fault analysis, simple power analysis and differential power analysis. Possible defenses against each of these side channel attacks are also discussed.

Mathematics

cryptanalysis

side channel

timing attack

power analysis

fault analysis

Uppföljning av patienter med Transitorisk Ischemisk Attack (TIA)- och minor stroke som medverkat i TIA-skolan på Enköpings lasarett

Skogmo, Emelie, Nyblom, Emelie

January 2011

The purpose of this study was to investigate how patients who had undergone Hallberg's  TIA-school at Enköpings Lasarett rate their physical and mental health 18 months after participation. Another purpose was to examine whether they re-diagnosed with a TIA or suffered a stroke. The design of the quantitative study was longitudinal and descriptive. In the study 16 patients participated and to measure their mental and physical health the questionnaire SF36 was used. The results showed that none of the participants suffered a new TIA or stroke since participation in the TIA-school. The participants' self-rated health measured with SF36 showed the highest values ​​in the areas of social function, emotional role function and physical role function. Which indicates a good self-rated health in these areas. Participants were asked how their physical and mental health limited them in everyday life. The majority of participants was not limited at all during the day, either physically (50%) or psychologically (62.5%). Our results demonstrate that a TIA-school like the one at Enköpings Lasarett may have long-term effects on an individual basis, but this effect can not be demonstrated in all off the patients.

transient ischemic attack

stroke prevention

HRQOL lifestyle

lifestyle school.

A Probabilistic-Based Framework for INFOSEC Alert Correlation

Qin, Xinzhou

15 July 2005

Deploying a large number of information security (INFOSEC) systems can provide in-depth protection for systems and networks. However, the sheer number of security alerts output by security sensors can overwhelm security analysts from performing effective analysis and taking timely response. Therefore, alert correlation is the core component in a security management system. Most of existing alert correlation techniques depend on a priori and hard-coded domain knowledge that lead to their limited capabilities of detecting new attack strategies. These approaches also focus more on the aggregation and analysis of raw security alerts, and build basic or low-level attack scenarios. This thesis focuses on discovering novel attack strategies with analysis of security alerts. Our framework helps security administrator aggregate redundant alerts, intelligently correlate security alerts, analyze attack strategies, and take appropriate actions against forthcoming attacks. In alert correlation, we have developed an integrated correlation system with three complementary correlation mechanisms. We have developed a probabilistic-based correlation engine that incorporates domain knowledge to correlate alerts that have direct causal relationship. We have developed a statistical analysis-based and a temporal analysis-based correlation engines to discover attack transition patterns in which attack steps do not have direct causal relationship in terms of security and performance measure but exhibit statistical and temporal patterns. We construct attack scenarios and conduct attack path analysis based on the correlation results. Security analysts are presented with aggregated information on attack strategies from the integrated correlation system. In attack plan recognition, we address the challenges of identifying attacker's high-level strategies and intentions as well as predicting upcoming attacks. We apply graph-based techniques to correlating isolated attack scenarios derived from low-level alert correlation based on their relationship in attack plans. We conduct probabilistic inference to evaluate the likelihood of attack goal(s) and predict potential upcoming attacks based on observed attack activities. We evaluate our algorithms using DARPA's Grand Challenge Problem (GCP) data sets and live traffic data collected from our backbone network. The results show that our approach can effectively discover novel attack strategies, provide a quantitative analysis of attack scenarios and identify attack plans.

Security management

Attack scenario analysis

Alert correlation

Intrusion detection

Code Automation for Vulnerability Scanner

Wu, Ching-Chang

06 July 2003

With enormous vulnerability discovered and Internet prevailing in the word, users confront with the more dangerous environment. As a result, the users have to understand the system risk necessarily. The vulnerability scanner provides the functionality that could check if the system is vulnerable. Nessus is a vulnerability scanner. It provides the customization capability that users could defined the security check. It develops a attack language called NASL. By use of NASL, users could write the security check by themselves. But before writing the security check, the users must know the architecture of Nessus and study how to write the security check by NASL. Different vulnerabilities have different the detection approach and communications method. If users don't know about above knowledge, they couldn¡¦t write the security check. In this research, we develop a automatic mechanism of generating code for the Nessus scanner and produce a security check. And we also provide two approaches to produce the security check. The one is the modularization. It takes part of function codes into a module, and combines the modules into a security check. The other one is package. The users can't involve the attack code and just only fill in some of parameters to produce the security check. This research proposes the design above and actually implements a system to generate attack codes. It attempts to decrease the needs of knowledge to users about security check, reduce the error rates by human typos, and enhance the efficiency and correctness for writing the security check

Vulnerability Scanner

Code Automation

Attack Language

Network Security

A method of Weil sum in multivariate quadratic cryptosystem

Harayama, Tomohiro

17 September 2007

A new cryptanalytic application is proposed for a number theoretic tool Weil sum to the birthday attack against multivariate quadratic trapdoor function. This new customization of the birthday attack is developed by evaluating the explicit Weil sum of the underlying univariate polynomial and the exact number of solutions of the associated bivariate equation. I designed and implemented new algorithms for computing Weil sum values so that I could explicitly identify some class of weak Dembowski- Ostrom polynomials and the equivalent forms in the multivariate quadratic trapdoor function. This customized attack, also regarded as an equation solving algorithm for the system of some special quadratic equations over finite fields, is fundamentally different from the Grobner basis methods. The theoretical observations and experiments show that the required computational complexity of the attack on these weak polynomial instances can be asymptotically less than the square root complexity of the common birthday attack by a factor as large as 2^(n/8) in terms of the extension degree n of F2n. I also suggest a few open problems that any MQ-based short signature scheme must explicitly take into account for the basic design principles.

Weil sum

birthday attack

MQ trapdoor

multivariate quadratic cryptosystem

Deterrence and the national security strategy of 2002 : a round peg for a round hole /

Robinson, George M.

January 2003

Thesis (M.A. in National Security Affairs)--Naval Postgraduate School, December 2003. / Thesis advisor(s): James A. Russell, Jeff Knopf. Includes bibliographical references (p. 77-80). Also available online.

Characterization of high-calcium fly ash for evaluating the sulfate resistance of concrete

Kruse, Karla Anne

25 June 2012

Concrete structures are often exposed to sulfates, which are typically found in groundwater and soils, in agricultural run-off, in industrial facilities, and in other source points. These sulfates may attack concrete and significantly shorten the service life of concrete due to reactions between sulfate ions and concrete constituents. These reactions form expansive and deleterious compounds that lead to cracking and spalling of the concrete. This reaction is a function of the sulfate solution but also the physical, chemical, and mineralogical properties of the cement and supplemental cementitious materials (SCMs). It is widely understood that the addition of some fly ashes, by-products of coal combustion power plants, improve the sulfate resistance of the concrete but some fly ash additions actually reduce the sulfate resistance. This project aims to understand this relationship between fly ash and sulfate resistance. Using sulfate testing results on mortar previously obtained at The University of Texas at Austin, this research evaluated the mineralogical, chemical, and physical characteristics of fly ash and attempted to link these measured characteristics (or combinations thereof) to sulfate resistance of concrete. / text

Fly ash

Sulfate resistance

ASTM C1012

Sulfate attack

On the Applicability of a Cache Side-Channel Attack on ECDSA Signatures : The Flush+Reload attack on the point multiplication in ECDSA signature generation process

Josyula, Sai Prashanth

January 2015

Context. Digital counterparts of handwritten signatures are known as Digital Signatures. The Elliptic Curve Digital Signature Algorithm (ECDSA) is an Elliptic Curve Cryptography (ECC) primitive, which is used for generating and verifying digital signatures. The attacks that target an implementation of a cryptosystem are known as side-channel attacks. The Flush+Reload attack is a cache side-channel attack that relies on cache hits/misses to recover secret information from the target program execution. In elliptic curve cryptosystems, side-channel attacks are particularly targeted towards the point multiplication step. The Gallant-Lambert-Vanstone (GLV) method for point multiplication is a special method that speeds up the computation for elliptic curves with certain properties. Objectives. In this study, we investigate the applicability of the Flush+Reload attack on ECDSA signatures that employ the GLV method to protect point multiplication. Methods. We demonstrate the attack through an experiment using the curve secp256k1. We perform a pair of experiments to estimate both the applicability and the detection rate of the attack in capturing side-channel information. Results. Through our attack, we capture side-channel information about the decomposed GLV scalars. Conclusions. Based on an analysis of the results, we conclude that for certain implementation choices, the Flush+Reload attack is applicable on ECDSA signature generation process that employs the GLV method. The practitioner should be aware of the implementation choices which introduce vulnerabilities, and avoid the usage of such ECDSA implementations.

Digital signatures

Elliptic curve cryptography

GLV method

Side-channel attack

Die ontwikkeling en evaluering van 'n traumabegeleidingsprogram vir slagoffers van plaasaanvalle : 'n maatskaplikewerk-ondersoek / Susanna Catharina Schutte

Schutte, Susanna Catharina

January 2004

South Africans live in a traumatized society where crime and violence are a big crisis. It is specially farm attacks that in the recent time show an increase. At the moment there are 274 farmers per 100 000 of the population in comparison with for example 153 policemen per 100 000, that are being murdered each year. In this study, a trauma counselling program is established, especially to give social support to victims of farm attacks. There are different reasons why a trauma counselling program for victims of farm attacks bas to be established: Farm attacks increase rapidly, - more than any other crimes. Farm attacks and - murder are brutal and gruesome. The farm attackers focus on torture and the infliction of severe pain and suffering. The fear that is inspired by this, leads to the termination of basic assumptions such as, that people are invulnerable, that there is a reason for everything happening and that something good will come forth. The termination of these basic assumptions lead to long term bio psychological changes in the life of the victim, his/her family and loved ones that saw or heard about the attack. This form of traumatization needs counselling. The purpose of this research was to determine the traumatic experience and the needs of victims after a farm attack. Through explanatory, descriptive, and exploratory evaluative research a way to establish and to guide the victims to take control of their lives, on the same level of social functioning as before the attack, is suggested. In this study the focus were on the following goals: Knowledge has to be gathered about the intensity of the attack and post traumatic stress reaction To achieve this aim a questionnaire for victims of farm attacks in the Northwest province has been designed and completed. The results show that there is a need for a trauma counselling program for victims of farm attacks. A trauma counselling program was designed after the results of the questionnaire were interpreted, other programs evaluated, and behavioural models studied The group work process seems to be the most appropriate to implement. The single system as method was used to evaluate the effectiveness of the designed counselling program. The results showed that the program could be used successfully to bring the necessary and desired changes in the lives of the victims of farm attacks / Thesis (Ph.D. (Social Work))--North-West University, Potchefstroom Campus, 2004.

Farm attack

Victim

Counselling

Counseling

Trauma counselling program

Analysis and Design of Clock-glitch Fault Injection within an FPGA

Dadjou, Masoumeh

January 2013

In modern cryptanalysis, an active attacker may induce errors during the computation of a cryptographic algorithm and exploit the faulty results to extract information about the secret key in embedded systems. This kind of attack is called a fault attack. There have been various attack mechanisms with diff erent fault models proposed in the literature. Among them, clock glitch faults support practically dangerous fault attacks on cryptosystems. This thesis presents an FPGA-based practical testbed for characterizing exploitable clock glitch faults and uniformly evaluating cryptographic systems against them. Concentrating on Advanced Encryption Standard (AES), simulation and experimental results illustrates proper features for the clock glitches generated by the implemented on-chip glitch generator. These glitches can be injected reliably with acceptably accurate timing. The produced faults are random but their eff ect domain is finely controllable by the attacker. These features makes clock glitch faults practically suitable for future possible complete fault attacks on AES. This research is important for investigating the viability and analysis of fault injections on various cryptographic functions in future embedded systems.

fault attack

clock glitch

AES

FPGA

Electrical and Computer Engineering