RCB: leakage-resilient authenticated encryption via re-keying

Megha Agrawal; Tarun Kumar Bansal; Donghoon Chang; Amit Kumar Chauhan; Seokhie Hong; Jinkeon Kang; Somitra Kumar Sanadhya

doi:10.1007/s11227-016-1824-6

TEDT2 – Highly Secure Leakage-Resilient TBC-Based Authenticated Encryption

10.1007/978-3-030-88238-9_14 ◽

2021 ◽

pp. 275-295

Author(s):

Eik List

Keyword(s):

Authenticated Encryption ◽

Leakage Resilient

Download Full-text

Isap v2.0

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2020.is1.390-416 ◽

2020 ◽

pp. 390-416 ◽

Cited By ~ 1

Author(s):

Christoph Dobraunig ◽

Maria Eichlseder ◽

Stefan Mangard ◽

Florian Mendel ◽

Bart Mennink ◽

...

Keyword(s):

Encryption Algorithm ◽

Side Channel ◽

Design Rationale ◽

Authenticated Encryption ◽

Lightweight Cryptography ◽

Fault Attacks ◽

Low Area ◽

Constrained Environments ◽

Leakage Resilient

We specify Isap v2.0, a lightweight permutation-based authenticated encryption algorithm that is designed to ease protection against side-channel and fault attacks. This design is an improved version of the previously published Isap v1.0, and offers increased protection against implementation attacks as well as more efficient implementations. Isap v2.0 is a candidate in NIST’s LightWeight Cryptography (LWC) project, which aims to identify and standardize authenticated ciphers that are well-suited for applications in constrained environments. We provide a self-contained specification of the new Isap v2.0 mode and discuss its design rationale. We formally prove the security of the Isap v2.0 mode in the leakage-resilient setting. Finally, in an extensive implementation overview, we show that Isap v2.0 can be implemented securely with very low area requirements. https://isap.iaik.tugraz.at

Download Full-text

Improved Leakage-Resistant Authenticated Encryption based on Hardware AES Coprocessors

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2021.i3.641-676 ◽

2021 ◽

pp. 641-676

Author(s):

Olivier Bronchain ◽

Charles Momin ◽

Thomas Peters ◽

François-Xavier Standaert

Keyword(s):

Encryption Scheme ◽

Authenticated Encryption ◽

Mode Of Operation ◽

Secure Software ◽

Software Updates ◽

Leakage Resilient

We revisit Unterstein et al.’s leakage-resilient authenticated encryption scheme from CHES 2020. Its main goal is to enable secure software updates by leveraging unprotected (e.g., AES, SHA256) coprocessors available on low-end microcontrollers. We show that the design of this scheme ignores an important attack vector that can significantly reduce its security claims, and that the evaluation of its leakage-resilient PRF is quite sensitive to minor variations of its measurements, which can easily lead to security overstatements. We then describe and analyze a new mode of operation for which we propose more conservative security parameters and show that it competes with the CHES 2020 one in terms of performances. As an additional bonus, our solution relies only on AES-128 coprocessors, an

Download Full-text

Is RCB a Leakage Resilient Authenticated Encryption Scheme?

Secure IT Systems - Lecture Notes in Computer Science ◽

10.1007/978-3-319-70290-2_3 ◽

2017 ◽

pp. 39-52

Author(s):

Farzaneh Abed ◽

Francesco Berti ◽

Stefan Lucks

Keyword(s):

Encryption Scheme ◽

Authenticated Encryption ◽

Leakage Resilient

Download Full-text

Leakage-Resilient Authenticated Encryption from Leakage-Resilient Pseudorandom Functions

Constructive Side-Channel Analysis and Secure Design - Lecture Notes in Computer Science ◽

10.1007/978-3-030-68773-1_15 ◽

2021 ◽

pp. 315-337

Author(s):

Juliane Krämer ◽

Patrick Struck

Keyword(s):

Authenticated Encryption ◽

Pseudorandom Functions ◽

Leakage Resilient

Download Full-text

Retrofitting Leakage Resilient Authenticated Encryption to Microcontrollers

IACR Transactions on Cryptographic Hardware and Embedded Systems ◽

10.46586/tches.v2020.i4.365-388 ◽

2020 ◽

pp. 365-388

Author(s):

Florian Unterstein ◽

Marc Schink ◽

Thomas Schamberger ◽

Lars Tebelmann ◽

Manuel Ilg ◽

...

Keyword(s):

Side Channel ◽

Authenticated Encryption ◽

Side Channel Attacks ◽

Non Invasive ◽

Cryptographic Keys ◽

Protection Mechanisms ◽

Leakage Resilient ◽

Commercial Off The Shelf ◽

Iot Devices ◽

Physical Access

The security of Internet of Things (IoT) devices relies on fundamental concepts such as cryptographically protected firmware updates. In this context attackers usually have physical access to a device and therefore side-channel attacks have to be considered. This makes the protection of required cryptographic keys and implementations challenging, especially for commercial off-the-shelf (COTS) microcontrollers that typically have no hardware countermeasures. In this work, we demonstrate how unprotected hardware AES engines of COTS microcontrollers can be efficiently protected against side-channel attacks by constructing a leakage resilient pseudo random function (LR-PRF). Using this side-channel protected building block, we implement a leakage resilient authenticated encryption with associated data (AEAD) scheme that enables secured firmware updates. We use concepts from leakage resilience to retrofit side-channel protection on unprotected hardware AES engines by means of software-only modifications. The LR-PRF construction leverages frequent key changes and low data complexity together with key dependent noise from parallel hardware to protect against side-channel attacks. Contrary to most other protection mechanisms such as time-based hiding, no additional true randomness is required. Our concept relies on parallel S-boxes in the AES hardware implementation, a feature that is fortunately present in many microcontrollers as a measure to increase performance. In a case study, we implement the protected AEAD scheme for two popular ARM Cortex-M microcontrollers with differing parallelism. We evaluate the protection capabilities in realistic IoT attack scenarios, where non-invasive EM probes or power consumption measurements are employed by the attacker. We show that the concept provides the side-channel hardening that is required for the long-term security of IoT devices.

Download Full-text

On Leakage-Resilient Authenticated Encryption with Decryption Leakages

IACR Transactions on Symmetric Cryptology ◽

10.46586/tosc.v2017.i3.271-293 ◽

2017 ◽

pp. 271-293 ◽

Cited By ~ 6

Author(s):

Francesco Berti ◽

Olivier Pereira ◽

Thomas Peters ◽

François-Xavier Standaert

Keyword(s):

Encryption Scheme ◽

Authenticated Encryption ◽

Cryptographic Primitives ◽

Leakage Resilient ◽

New Construction

At CCS 2015, Pereira et al. introduced a pragmatic model enabling the study of leakage-resilient symmetric cryptographic primitives based on the minimal use of a leak-free component. This model was recently used to prove the good integrity and confidentiality properties of an authenticated encryption scheme called DTE when the adversary is only given encryption leakages. In this paper, we extend this work by analyzing the case where decryption leakages are also available. We first exhibit attacks exploiting such leakages against the integrity of DTE (and variants) and show how to mitigate them. We then consider message confidentiality in a context where an adversary can observe decryption leakages but not the corresponding messages. The latter is motivated by applications such as secure bootloading and bitstream decryption. We finally formalize the confidentiality requirements that can be achieved in this case and propose a new construction satisfying them, while providing integrity properties with leakage that are as good as those of DTE.

Download Full-text