fault based almost universal forgeries on cloc and silc
play

Fault Based Almost Universal Forgeries on CLOC and SILC Avik - PowerPoint PPT Presentation

Mar 05, 2023 •230 likes •554 views

Motivation Description of CLOC and SILC Fault Based Almost Universal Forgery on CLOC Fault Based Almost Universal Forgery on SILC Implementation of Fault Conclusion Fault Based Almost Universal Forgeries on CLOC and SILC Avik Chakraborti

  1. Motivation Description of CLOC and SILC Fault Based Almost Universal Forgery on CLOC Fault Based Almost Universal Forgery on SILC Implementation of Fault Conclusion Fault Based Almost Universal Forgeries on CLOC and SILC Avik Chakraborti (ISI, Kolkata) Joint Work With Debapriya Basu Roy (IIT Kharagpur) Donghoon Chang (IIIT, Delhi) S V Dilip Kumar (IIT Kharagpur) Debdeep Mukhopadhyay (IIT Kharagpur) and Mridul Nandi (ISI, Kolkata) September, 2016 Fault Analysis on CLOC and SILC

  2. Motivation Description of CLOC and SILC Fault Based Almost Universal Forgery on CLOC Fault Based Almost Universal Forgery on SILC Implementation of Fault Conclusion Motivation 1 Description of CLOC and SILC 2 Fault Based Almost Universal Forgery on CLOC 3 Fault Based Almost Universal Forgery on SILC 4 Implementation of Fault 5 Conclusion 6 Fault Analysis on CLOC and SILC

  3. Motivation Description of CLOC and SILC Fault Based Almost Universal Forgery on CLOC Fault Based Almost Universal Forgery on SILC Implementation of Fault Conclusion Generic Fault Based Existential Forgery on AE Schemes Make a fault injected encryption query ( N , A , M ) and receive ( C , T ). Fault is injected at known bit positions N and A to result in N ′ and A ′ respectively. Make a valid forge with ( N ′ , A ′ , C , T ). Non-Trivial k ( k ≫ 1) forgery using one or very few faults Fault Analysis on CLOC and SILC

  4. Motivation Description of CLOC and SILC Fault Based Almost Universal Forgery on CLOC Fault Based Almost Universal Forgery on SILC Implementation of Fault Conclusion Motivation 1 Description of CLOC and SILC 2 Fault Based Almost Universal Forgery on CLOC 3 Fault Based Almost Universal Forgery on SILC 4 Implementation of Fault 5 Conclusion 6 Fault Analysis on CLOC and SILC

  5. Motivation Description of CLOC and SILC Fault Based Almost Universal Forgery on CLOC Fault Based Almost Universal Forgery on SILC Implementation of Fault Conclusion Description of CLOC Hash Encrypt A 1 A 2 A a ozp ( N ) V M 1 M 2 M m − 1 M m fix 1 fix 1 fix 1 fix 0 ⊕ ⊕ ⊕ E k E k E k E k f 1 E k E k E k ⊕ ⊕ ⊕ ⊕ i V C 1 C 2 C m − 1 C m V ← Hash K ( N , A ) , C ← Enc K ( V , M ) , T ← PRF K ( V , C ) Fault Analysis on CLOC and SILC

  6. Motivation Description of CLOC and SILC Fault Based Almost Universal Forgery on CLOC Fault Based Almost Universal Forgery on SILC Implementation of Fault Conclusion Description of SILC Differes with CLOC in Hash K . Enc K and PRF K are same. Hash Encrypt A 1 A a len ( A ) M 1 M 2 M m − 1 M m N V fix 1 fix 1 fix 1 zpp ⊕ ⊕ ⊕ E k E k E k E k E k E k E k g ⊕ ⊕ ⊕ ⊕ i V C 1 C 2 C m − 1 C m V ← Hash K ( N , A ) , C ← Enc K ( V , M ) , T ← PRF K ( V , C ) Fault Analysis on CLOC and SILC

  7. Motivation Description of CLOC and SILC Fault Based Almost Universal Forgery on CLOC Single Bit Fault Based Forgery on CLOC Fault Based Almost Universal Forgery on SILC Almost Universal Fault Based Forgery on CLOC Implementation of Fault Conclusion Motivation 1 Description of CLOC and SILC 2 Fault Based Almost Universal Forgery on CLOC 3 Single Bit Fault Based Forgery on CLOC Almost Universal Fault Based Forgery on CLOC Fault Based Almost Universal Forgery on SILC 4 Implementation of Fault 5 Conclusion 6 Fault Analysis on CLOC and SILC

  8. Motivation Description of CLOC and SILC Fault Based Almost Universal Forgery on CLOC Single Bit Fault Based Forgery on CLOC Fault Based Almost Universal Forgery on SILC Almost Universal Fault Based Forgery on CLOC Implementation of Fault Conclusion Fault Model Fault e injected at the first bit of the n -bit input state of the second block cipher call in Enc K . Fault e M 1 M 2 M 3 M 4 V r fix 1 fix 1 fix 1 X 1 X 2 X E k E k E k E k Y Y 1 Y 2 ⊕ ⊕ ⊕ ⊕ C 1 C 2 C 3 C 4 Fault Analysis on CLOC and SILC

  9. Motivation Description of CLOC and SILC Fault Based Almost Universal Forgery on CLOC Single Bit Fault Based Forgery on CLOC Fault Based Almost Universal Forgery on SILC Almost Universal Fault Based Forgery on CLOC Implementation of Fault Conclusion Phase 1 of the Forgery Construct a faulty ip/op pair and 2 valid ip/op pairs corresponding to E K by one enc query. 1 enc query ( N r , A r , M = ( M 1 , M 2 , M 3 , M 4 )) Receives ( C = ( C 1 , C 2 , C 3 , C 4 ) , T ) Computes ( X , Y ) , ( X 1 , Y 1 ) , ( X 2 , Y 2 ) Fault Analysis on CLOC and SILC

  10. Motivation Description of CLOC and SILC Fault Based Almost Universal Forgery on CLOC Single Bit Fault Based Forgery on CLOC Fault Based Almost Universal Forgery on SILC Almost Universal Fault Based Forgery on CLOC Implementation of Fault Conclusion Phase 2 ′ ), that produces Construct two colliding associated data ( A , A same V under same N A 1 A 2 A 3 ozp ( N ) A 1 A ′ A ′ ozp ( N ) 2 3 Y + X 1 Y 1 + X 2 Y + X 2 Y 2 + X 2 fix 0 ⊕ ⊕ ⊕ fix 0 ⊕ ⊕ ⊕ X 1 X 2 X 2 X 2 X X E k E k E k E k E k E k f 1 f 1 Y 1 Y 2 Y 2 Y 2 Y Y V V Fault Analysis on CLOC and SILC

  11. Motivation Description of CLOC and SILC Fault Based Almost Universal Forgery on CLOC Single Bit Fault Based Forgery on CLOC Fault Based Almost Universal Forgery on SILC Almost Universal Fault Based Forgery on CLOC Implementation of Fault Conclusion Phase 3 and Phase 4 Phase 3 Construct ( C ∗ , T ∗ ) under N , A and M ∗ by a single encryption query Phase 4 ′ , C ∗ , T ∗ ) Forge ( N , A Fault Analysis on CLOC and SILC

  12. Motivation Description of CLOC and SILC Fault Based Almost Universal Forgery on CLOC Single Bit Fault Based Forgery on CLOC Fault Based Almost Universal Forgery on SILC Almost Universal Fault Based Forgery on CLOC Implementation of Fault Conclusion Motivation 1 Description of CLOC and SILC 2 Fault Based Almost Universal Forgery on CLOC 3 Single Bit Fault Based Forgery on CLOC Almost Universal Fault Based Forgery on CLOC Fault Based Almost Universal Forgery on SILC 4 Implementation of Fault 5 Conclusion 6 Fault Analysis on CLOC and SILC

  13. Motivation Description of CLOC and SILC Fault Based Almost Universal Forgery on CLOC Single Bit Fault Based Forgery on CLOC Fault Based Almost Universal Forgery on SILC Almost Universal Fault Based Forgery on CLOC Implementation of Fault Conclusion Different Steps for the Almost Universal Forgery on CLOC Any ( N , A = ( A 1 , · · · , A a ) , M = ( M 1 , · · · , M m )), except A 1 fixed Obtain faulty ip-op pair X and Y (like Phase 1) A 1 = X Compute all BC ip-op pairs during A processing Requires a enc queries ′ colliding with A at V Find A Enc query: ( N , A ′ , M ) → ( C , T ) Forge with ( N , A , C , T ) Fault Analysis on CLOC and SILC

  14. Motivation Description of CLOC and SILC Fault Based Almost Universal Forgery on CLOC Single Bit Fault Based Forgery on CLOC Fault Based Almost Universal Forgery on SILC Almost Universal Fault Based Forgery on CLOC Implementation of Fault Conclusion What does Almost Mean? I 1 = A 1 = X , O 1 = Y = E k ( I 1 ) X 1 = A 2 ⊕ O 1 , Y 1 = E k ( X 1 ) X a − 1 = A a ⊕ Y a − 2 , Y a − 1 = E k ( X a − 1 ) Restriction Only A 1 = X No restrictions on N and M Fault Analysis on CLOC and SILC

  15. Motivation Description of CLOC and SILC Fault Based Almost Universal Forgery on CLOC Single Bit Fault Based Forgery on CLOC Fault Based Almost Universal Forgery on SILC Almost Universal Fault Based Forgery on CLOC Implementation of Fault Conclusion First Encrytion Query Query with N , A and any a single block message M r = M r 1 . Receive ( C r 1 , T r ) Compute E k ( V ) = M r 1 ⊕ C r 1 Fault Analysis on CLOC and SILC

  16. Motivation Description of CLOC and SILC Fault Based Almost Universal Forgery on CLOC Single Bit Fault Based Forgery on CLOC Fault Based Almost Universal Forgery on SILC Almost Universal Fault Based Forgery on CLOC Implementation of Fault Conclusion Next a-2 Encrytion Queries For i=1 to a-2 Make an encryption query ( N , A , M = ( M ′ 1 = E k ( V ) ⊕ X i , M ′ 2 ) and receive ( C ′ = ( C ′ 1 , C ′ 2 ) , T ′ ). Compute Y i = M ′ 2 ⊕ C ′ 2 . Compute X i +1 = A i +2 ⊕ Y i . Fault Analysis on CLOC and SILC

  17. Motivation Description of CLOC and SILC Fault Based Almost Universal Forgery on CLOC Single Bit Fault Based Forgery on CLOC Fault Based Almost Universal Forgery on SILC Almost Universal Fault Based Forgery on CLOC Implementation of Fault Conclusion Last 2 Encrytion Queries Make an encryption query ( N , A , M = ( M ′ 1 = E k ( V ) ⊕ X a − 1 , M ′ 2 ) and receive ( C ′ = ( C ′ 1 , C ′ 2 ) , T ′ ) Compute Y a − 1 = M ′ 2 ⊕ C ′ 2 Find a colliding associated data A ′ for A (colliding at V ) (Same as Phase 2) Make an encryption query ( N , A ′ , M ) and receive ( C , T ) Fault Analysis on CLOC and SILC

  18. Motivation Description of CLOC and SILC Fault Based Almost Universal Forgery on CLOC Single Bit Fault Based Forgery on CLOC Fault Based Almost Universal Forgery on SILC Almost Universal Fault Based Forgery on CLOC Implementation of Fault Conclusion Valid Forge ( N , A , C , T ) is a Valid forge Fault Analysis on CLOC and SILC

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CLOC, SILC and OTR Kazuhiko Minematsu (NEC Corporation) Recent Advances in Authenticated

CLOC, SILC and OTR Kazuhiko Minematsu (NEC Corporation) Recent Advances in Authenticated

CLOC, SILC and OTR Kazuhiko Minematsu (NEC Corporation) Recent Advances in Authenticated Encryption 2016 Kolkata, India 1 Outline Describe AE schemes, CLOC, SILC and OTR Merged as CLOC and SILC for CAESAR Both are CAESAR

1.18k views • 66 slides
Updates on CLOC and SILC Version 3 Tetsu Iwata*, Kazuhiko Minematsu, Jian Guo, Sumio Morioka, and

Updates on CLOC and SILC Version 3 Tetsu Iwata*, Kazuhiko Minematsu, Jian Guo, Sumio Morioka, and

Updates on CLOC and SILC Version 3 Tetsu Iwata*, Kazuhiko Minematsu, Jian Guo, Sumio Morioka, and Eita Kobayashi DIAC 2016 September 26, 2016, Nagoya, Japan * Supported in part by JSPS KAKENHI, Grant in Aid for Scientific Research (B), Grant

317 views • 30 slides
1 MPI-based SILC system Data transfer: the sequential case Currently based on a client-server

1 MPI-based SILC system Data transfer: the sequential case Currently based on a client-server

Outline Workshop on State-of-the-Art in Scientific and Parallel Computing (PARA '06) Ume, Sweden, June 18-21, 2006 Background Ways of using matrix computation libraries Distributed SILC: An easy-to-use Distributed SILC interface

232 views • 4 slides
Overview Overview What is SILC? What is SILC? Analysis of the SILC Protocol with

Overview Overview What is SILC? What is SILC? Analysis of the SILC Protocol with

Overview Overview What is SILC? What is SILC? Analysis of the SILC Protocol with Analysis of the SILC Protocol with Stands for Stands for S S ecure ecure I I nternet nternet L L ive ive C C onferencing. onferencing. Murphi

475 views • 5 slides
William S. Richardson School Of Law Community Legal Outreach Center (CLOC) UHM 12-306 University

William S. Richardson School Of Law Community Legal Outreach Center (CLOC) UHM 12-306 University

William S. Richardson School Of Law Community Legal Outreach Center (CLOC) UHM 12-306 University of Hawaii at Mnoa COMMUNITY LEGAL OUTREACH CENTER (CLOC) June, 2015 Circulation Library Stacks Utility/Restrooms Classrooms Student Areas

306 views • 11 slides
Universal Credit Universal Credit Universal Credit is for working-age people aged over 18 and

Universal Credit Universal Credit Universal Credit is for working-age people aged over 18 and

Universal Credit Universal Credit Universal Credit is for working-age people aged over 18 and under State Pension age. Universal Credit will replace a number of current benefits: income-based Jobseekers Allowance (JSA);

332 views • 14 slides
Revisiting MAC Forgeries, Weak Keys and Provable Security of GCM Bo Zhu, Yin Tan and Guang Gong

Revisiting MAC Forgeries, Weak Keys and Provable Security of GCM Bo Zhu, Yin Tan and Guang Gong

Revisiting MAC Forgeries, Weak Keys and Provable Security of GCM Bo Zhu, Yin Tan and Guang Gong University of Waterloo, Canada CANS 2013 Nov 20, 2013 1 of 28 MAC Forgeries, Weak Keys and Provable Security of GCM Galois/Counter Mode (GCM)

957 views • 56 slides
Matching and Optimizing the Matching and Optimizing the SILC / ILC sections SILC / ILC sections

Matching and Optimizing the Matching and Optimizing the SILC / ILC sections SILC / ILC sections

Matching and Optimizing the Matching and Optimizing the SILC / ILC sections SILC / ILC sections of the CW Linac (v7) of the CW Linac (v7) J.-F. Ostiguy APC/Fermilab ostiguy@fnal.gov JFO/20090910 Assumptions Assumptions Type 4 cryostat

276 views • 26 slides
Motivation S T A T I S T I K A U S T R I A D i e I n f o r m a t i o n s m a n a g e r EU-SILC

Motivation S T A T I S T I K A U S T R I A D i e I n f o r m a t i o n s m a n a g e r EU-SILC

Motivation S T A T I S T I K A U S T R I A D i e I n f o r m a t i o n s m a n a g e r EU-SILC poverty rates High quality indicators on national- but estimates on sub-national level have poor accuracy SAE-Methods modelling

729 views • 15 slides
Learning objectives Understand the basic ideas of fault-based testing How knowledge of a

Learning objectives Understand the basic ideas of fault-based testing How knowledge of a

Learning objectives Understand the basic ideas of fault-based testing How knowledge of a fault model can be used to Fault-Based Testing create useful tests and judge the quality of test cases Understand the rationale of

296 views • 5 slides
Fault Detection and Mitigation in WLAN RSS Nearest Neighbor Fingerprint-based Positioning

Fault Detection and Mitigation in WLAN RSS Nearest Neighbor Fingerprint-based Positioning

Introduction - Motivation - Fault Model - Measurement Setup Fault Detection and Mitigation in WLAN RSS Nearest Neighbor Fingerprint-based Positioning Algorithm - Fault Detection - Fault Tolerance Hybrid Positioning Algorithm Christos

708 views • 41 slides
Cloc ock Del elta Com ompres ession on for for Scalable e Order er-R -Rep eplay of Non

Cloc ock Del elta Com ompres ession on for for Scalable e Order er-R -Rep eplay of Non

Cloc ock Del elta Com ompres ession on for for Scalable e Order er-R -Rep eplay of Non of on-D -Det eter erministic Pa Parallel el Application ons SC15 Kento Sato , Dong H. Ahn, Ignacio Laguna, Gregory L. Lee, Martin Schulz

590 views • 47 slides
Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault

Lecture 10: Fault Tolerance Fault Tolerant Concurrent Computing The main principles of fault tolerant programming are: Fault Detection - Knowing that a fault exists Fault Recovery - having atomic instructions that can be rolled back in

361 views • 18 slides
Universal Credit 1 Universal Credit - overview Housing Benefit Income based Income based

Universal Credit 1 Universal Credit - overview Housing Benefit Income based Income based

Universal Credit 1 Universal Credit - overview Housing Benefit Income based Income based Jobseekers Employment Allowance and Support Allowance Universal Credit Working Child Tax Tax Credit Credits Income Support Will replace

197 views • 17 slides
Voting-based fault detection and diagnosis in systems with multiple operating conditions Carlos F

Voting-based fault detection and diagnosis in systems with multiple operating conditions Carlos F

Voting-based fault detection and diagnosis in systems with multiple operating conditions Carlos F . Alcala Controls Research Group May 18, 2016 1 / 39 Outline Introduction 1 Fault detection and diagnosis with PCA 2 Voting-based Fault

1.34k views • 108 slides
Purpose IFIP International Conference on Network and Parallel Computing (NPC 2006) October 24,

Purpose IFIP International Conference on Network and Parallel Computing (NPC 2006) October 24,

Purpose IFIP International Conference on Network and Parallel Computing (NPC 2006) October 24, 2006, in Tokyo, Japan A model-based analysis of the benefits and cost in the SILC framework SILC: A simple interface for matrix computation

701 views • 4 slides
Ultrafast Imaging of Laser-Driven Plasma-Accelerators Malte C. Kaluza Institute of Optics and

Ultrafast Imaging of Laser-Driven Plasma-Accelerators Malte C. Kaluza Institute of Optics and

Plasma Diagnostics Ultrafast Imaging of Laser-Driven Plasma-Accelerators Malte C. Kaluza Institute of Optics and Quantum Electronics, Friedrich-Schiller-Universitt Jena, Germany Helmholtz-Institute Jena 1 Outline Plasma Diagnostics

430 views • 17 slides
from WAVES, FIELDS HUYGHENS & to SPACETIME EINSTEIN PCES 3.2 THE ADVENT of the FIELD

from WAVES, FIELDS HUYGHENS & to SPACETIME EINSTEIN PCES 3.2 THE ADVENT of the FIELD

PCES 3.1 from WAVES, FIELDS HUYGHENS & to SPACETIME EINSTEIN PCES 3.2 THE ADVENT of the FIELD THEORY DECRIPTION of NATURE All of the developments to come in the theory of fields, and even quantum mechanics, were ultimately seeded

549 views • 6 slides
ExpEYES An Open Source Portable Science Lab www.expeyes.in www.expeyes.in Praveen Patil

ExpEYES An Open Source Portable Science Lab www.expeyes.in www.expeyes.in Praveen Patil

Exploring the Phenomena of Sound and Electromagnetic Induction with ExpEYES An Open Source Portable Science Lab www.expeyes.in www.expeyes.in Praveen Patil Subhash Desai INDIA THEORY Experiment .. and it goes in circles. Our Science

527 views • 30 slides
Ultrahighenergy galactic cosmic rays from distributed focused acceleration R. Schlickeiser, S.

Ultrahighenergy galactic cosmic rays from distributed focused acceleration R. Schlickeiser, S.

Ultrahighenergy galactic cosmic rays from distributed focused acceleration R. Schlickeiser, S. Artmann, C. Z oller Fokker-Planck . . . Institut f ur Theoretische Physik Diffusion . . . Lehrstuhl IV: Weltraum- und Astrophysik

394 views • 25 slides
1761 & 1769 1874 & 1882 2004 & 2012 "We are now on the eve of the second

1761 & 1769 1874 & 1882 2004 & 2012 "We are now on the eve of the second

T RANSIT OF V ENUS : 1761 & 1769 1874 & 1882 2004 & 2012 "We are now on the eve of the second transit of a pair, after which there will be no other till the twenty-first century of our era has dawned upon the earth and the

550 views • 27 slides
Slide 7 / 57 Slide 8 / 57 4 What speed do all electromagnetic waves travel at 5 Red light, a

Slide 7 / 57 Slide 8 / 57 4 What speed do all electromagnetic waves travel at 5 Red light, a

Slide 1 / 57 Slide 2 / 57 8th Grade Electromagnetic Radiation CW-HW Slides 2015-10-23 www.njctl.org Slide 3 / 57 Slide 4 / 57 1 What are some sources of electromagnetic radiation? Classwork #1: What is Electromagnetic Radiation c = f c

120 views • 10 slides
Mechanical Waves Introduction to Waves Types of Waves Traveling Waves Waves on a

Mechanical Waves Introduction to Waves Types of Waves Traveling Waves Waves on a

Mechanical Waves Introduction to Waves Types of Waves Traveling Waves Waves on a String Homework 1 Introduction to Waves Wave motion appears in almost every branch of physics, e.g. sound, light, radio and other

116 views • 11 slides
Fiber Bragg Grating (FBG) Sensors For Micromegas S. Campopiano, A. Iadicicco (University of

Fiber Bragg Grating (FBG) Sensors For Micromegas S. Campopiano, A. Iadicicco (University of

Fiber Bragg Grating (FBG) Sensors For Micromegas S. Campopiano, A. Iadicicco (University of Naples Parthenope) M. Della Pietra (University of Naples Parthenope and INFN sez Naples) V. Canale, P. Iengo (INFN sez. Naples and University

488 views • 19 slides

More recommend