standardization of simon and
play

Standardization of Simon and Speck Tomer Ashur, Atul Luykx - PowerPoint PPT Presentation

Apr 10, 2023 •514 likes •770 views

An Account of the ISO/IEC Standardization of Simon and Speck Tomer Ashur, Atul Luykx Imec-COSIC KU Leuven ISO/IEC Meeting, Jaipur, India Dual EC NSA-designed PRNG (DRBG) Backdoored Snowden revelations: Project Bullrun

  1. An Account of the ISO/IEC Standardization of Simon and Speck Tomer Ashur, Atul Luykx Imec-COSIC KU Leuven

  2. ISO/IEC Meeting, Jaipur, India

  3. Dual EC • NSA-designed PRNG (DRBG) • Backdoored • Snowden revelations: Project Bullrun • Standardized by ISO November 2005 (before NIST) • “a challenge in finesse” – NSA Bernstein, Lange, Niederhagen , “Dual EC: A Standardized Back Door”, eprint 2015/767

  4. ISO/IEC Meeting, Jaipur, India • Study Period on NSA proposal for new cryptographic algorithms • Debby Wallner – US Head of Delegation

  5. Simon and Speck • Block cipher families Block Size Key Size 32 64 • Used in modes of operation for 48 72 encryption, authentication/integrity, 96 build hash functions, … 64 96 128 Plaintext 96 96 144 128 128 E 192 Key 256 Ciphertext

  6. People are still making new block ciphers? What’s wrong with the AES? (Or triple DES…) • Diversity • Country preferences: China, Korea, Russia, Japan, … • Research • Implementation-targeted ciphers • MPC-friendly ciphers • Side channel resistance • Performance, efficiency gains

  7. Beaulieu, Shors, Smith, Treatman- Clark, Weeks, Wingers, “Notes on the design and analysis of SIMON and SPECK”, eprint 2017/560

  8. Why Standardize at ISO? • Country A develops algorithm X • Country B does not like X, it blocks all products containing X “… two key WTO Agreements … explicitly urge regulators to base their measures on relevant international standards to avoid unnecessary barriers to trade. These Agreements go as far as to say that measures that are based on relevant international standards are assumed to be in compliance with WTO rules.” Pascal Lamy, former director general WTO https://www.iso.org/news/2011/09/Ref1463.html

  9. What about NIST? “We will encourage NSA to bring proposed algorithms to conferences and standards organizations – e.g., SIMON, SPECK” John Kelsey, NIST Real World Crypto 2015

  10. Recap • 2013: Simon and Speck made public on eprint • Snowden revelations, Dual EC revoked from standards • NIST tells NSA to get external vetting • ISO comes with WTO benefit Simon and Speck submitted for consideration to ISO/IEC October 2014 Rejected from ISO/IEC JTC 1 SC 27 April 2018

  11. Goal Shed some light on the process which leads governments and industries to agree upon the algorithms which secure their digital communications. • When is ISO/IEC the right venue? • Relationship with NSA? • NOT: Tell you whether you should use Simon or Speck or not.

  12. ISO/IEC JTC 1 SC 27 WG 2 • ISO: International Organization for Standardization • IEC: International Electrotechnical Commission • JTC 1: Information technology • SC 27: IT Security techniques (21 SCs) • WG 2: Cryptography and security mechanisms (5 WGs) • (SC 31: Automatic identification and data capture techniques) • (WG 4: Radio communications)

  13. ISO/IEC Process • Registration through national bodies 1. Study period • Two-layered consensus: expert + national bodies 2. Working draft • Consensus = no sustained opposition 3. Committee draft (not the same as unanimity) 4. Draft International • Decisions made at physical meetings Standard 5. FDIS 6. Publication

  14. Timeline Oct. 2014 Oct. 2015 Oct. 2016 Oct. 2017 Mexico City, Mexico Jaipur, India Abu Dhabi, UAE Berlin, Germany Kuching, Malaysia Tampa, Florida, USA Hamilton, New Zealand Wuhan, China Apr. 2015 Apr. 2016 Apr. 2017 Apr. 2018

  15. • Modes of operation for an n-bit block cipher algorithm (10116) • Entity authentication (9798) • Message authentication codes (MACs) (9797) • Non-repudiation (13888) • Digital signatures with appendix (14888) • Hash-functions (10118) • Key management (11770) • Cryptographic techniques based on elliptic curves (15946) • Time-stamping services (18014) • Prime number generation (18032) • Encryption algorithms (18033) • Lightweight cryptography (29192) • Anonymous entity authentication (20009) • Anonymous digital signatures (20008) • Secret sharing (19592) • Study periods

  16. Observations • Consensus ill-defined – unclear when a vote needed to be taken by experts, national bodies, when a vote needed to be taken, how that vote should be taken • Positive outcome: all clarified during Simon and Speck process • Significant amount of time and resources • Limits participation • Most participate for short periods of time • Lack of expertise • Usual suspects: France, Germany, US, UK, Japan, Korea, Russia, China, Belgium, Luxembourg • Burden of proof on those dissenting • Not ideal for security standards

  17. Resulting Difficulties • 3.5 years from start to finish, despite significant opposition at every meeting • Procedural mistakes, in favor of Simon and Speck standardization • Each country needs to be approached individually, asking whether they were ok with the standardization of Simon and Speck, otherwise automatic approval

  18. Technical Discussion • Cryptanalytic Results • Generic Attacks

  19. Cryptanalysis • Lack of security rationale (“can’t release internal analysis”) • Many publications but… • Any attack is a new result • ARX ciphers generally less well understood in academia • Hardly any analysis on key schedule • Aggressive decision: “30% security margin”

  20. Generic Attacks • Block ciphers always used in modes of operation: birthday bound attacks (Sweet32) • Tiny block and key sizes • April 2016: defend 48 bit block sizes (CTR mode fixes Block Size Key Size birthday bound problems??) 32 64 • October 2016: 48 bit removed, 64 bit remains 48 72 96 • April 2017: all candidates below 128 bit block size 64 96 removed 128 96 96 144 128 128 192 256

  21. Backdoors? • “Where are we going to install a backdoor, in the AND or the XOR?” • Is it possible to backdoor block ciphers? • Implies PKE • Whitebox crypto

  22. Alternatives? • AES is good for the vast majority of use cases • Lightweight ciphers PRESENT, CLEFIA already standardized • Chaskey, LEA, RC5 • Key schedules poorly understood: use permutation-based crypto • Tweakable block ciphers much preferred to avoid birthday bound attacks • NIST lightweight cryptography competition

  23. Summary • “Working Group 2 (WG 2) feels that both algorithms included in the amendment are not properly motivated and their security properties are not sufficiently understood.” • Not a statement about the security or the quality of the algorithms nor about the work done by the designers nor the editors. • Given the available information and the opposing opinions about the security of the algorithms they do not enjoy the level of confidence required for inclusion in ISO/IEC JTC 1/SC 27 standards.

  24. Conclusions Erosion of Trust Lack of Necessity It takes time to build these

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Standardization Using Output Goal Tables Standardization Concepts The purpose of

Standardization Using Output Goal Tables Standardization Concepts The purpose of

Standardization Using Output Goal Tables Standardization Concepts The purpose of standardization is to reduce variability in fish catchability (q); a more constant q helps CPUE data track population trends more accurately Components to

413 views • 13 slides
TEST STANDARDIZATION: SOME PRACTICAL GUIDANCE Why standardization matters: a review LEARNING

TEST STANDARDIZATION: SOME PRACTICAL GUIDANCE Why standardization matters: a review LEARNING

TEST STANDARDIZATION: SOME PRACTICAL GUIDANCE Why standardization matters: a review LEARNING Impact of the testing setting POL and de-centralized testing on standardization examples considerations OBJECTIVES Systematically managing the

558 views • 20 slides
Protocols, Checklists and I HAVE NOTHING TO DISCLOSE Standardization Steven L. Clark, M.D.

Protocols, Checklists and I HAVE NOTHING TO DISCLOSE Standardization Steven L. Clark, M.D.

Protocols, Checklists and I HAVE NOTHING TO DISCLOSE Standardization Steven L. Clark, M.D. Texas Childrens Hospital/Baylor College of Medicine AUDIENCE RESPONSE QUESTION PROTOCOLS AND STANDARDIZATION Rationale for standardization How

266 views • 11 slides
Standardization Considerations Standardization Positioning for Town of Cary Parks, Recreation

Standardization Considerations Standardization Positioning for Town of Cary Parks, Recreation

Standardization Considerations Standardization Positioning for Town of Cary Parks, Recreation & Cultural Resources CURRENT SITUATION IMAGE CONTROL: CPRCR has so much to ofger, yet, the message of its programs, benefjts and ownership may

789 views • 21 slides
Updated and latest news from international standardization International ISO standardization

Updated and latest news from international standardization International ISO standardization

Updated and latest news from international standardization International ISO standardization seminar for the reliability technology and cost area. Statoil Business Centre, Stavanger, 26 April 2016 Runar steb, Advisor, Statoil ISO/TC 67/WG4

676 views • 18 slides
Standardization Strategy for FMBC Realization for FMBC Realization Standardization activity

Standardization Strategy for FMBC Realization for FMBC Realization Standardization activity

Standardization Strategy for FMBC Realization for FMBC Realization Standardization activity for Telecom Operators FMBC with ultra 3G in NEW ERA Standardization areas for FMBC Summary Summary 2009.9.8 Hi Hiroshi TANAKA

575 views • 10 slides
Standardization Strategies and Service Innovation in Health Care Ole Hanseth Standardization

Standardization Strategies and Service Innovation in Health Care Ole Hanseth Standardization

Process Strategies Standardization Strategies and Service Innovation in Health Care Ole Hanseth Standardization strategies Standardization: formal, de facto The formal model (telecom, ) De facto the market A regime

368 views • 13 slides
Standardization: A Primer Ken Krechmer www.isology.com krechmer@csrstds.com +1-650-856-8836 1

Standardization: A Primer Ken Krechmer www.isology.com krechmer@csrstds.com +1-650-856-8836 1

ITU Kaleidoscope 2014 Living in a converged world - impossible without standards? Standardization: A Primer Ken Krechmer www.isology.com krechmer@csrstds.com +1-650-856-8836 1 Standardization Books Standards and Standardization. Norman

348 views • 11 slides
IETF & ITU Standardization Activities IETF & ITU Standardization Activities Emile Stephan

IETF & ITU Standardization Activities IETF & ITU Standardization Activities Emile Stephan

IETF & ITU Standardization Activities IETF & ITU Standardization Activities Emile Stephan Current Documents Current Documents RMON Protocol Identifier for IPv6 and MPLS Authors: Emile Stephan, Jordi Palet RFC3919

272 views • 9 slides
Blockchains, the web and standardization: the big opportunity conversation starter Keynote

Blockchains, the web and standardization: the big opportunity conversation starter Keynote

Blockchains, the web and standardization: the big opportunity conversation starter Keynote Arvind Narayanan Princeton University @random_walker Standardization: is it too soon? Are Bitcoin and other blockchains sound? Academic research on

445 views • 27 slides
Standardization of Geographic Names in Humanitarian Information Management (Towards a

Standardization of Geographic Names in Humanitarian Information Management (Towards a

Standardization of Geographic Names in Humanitarian Information Management (Towards a Humanitarian Spatial Data Infrastructure) Suha Ulgen & Craig Williams United Nations Geographic Information Working Group Standardization of Geographic

504 views • 17 slides
Standardization in Soundscape Research sten Axelsson Department of Psychology, Stockholm

Standardization in Soundscape Research sten Axelsson Department of Psychology, Stockholm

Standardization in Soundscape Research sten Axelsson Department of Psychology, Stockholm University ISO/TC 43/SC 1/WG 54 In 2008 the International Organization for Standardization (ISO)decided to put together a new expert working group

381 views • 21 slides
The U.S. Standardization System S. Joe Bhatia ANSI President and CEO Hosted by: U.S.

The U.S. Standardization System S. Joe Bhatia ANSI President and CEO Hosted by: U.S.

Hosted by: The U.S. Standardization System S. Joe Bhatia ANSI President and CEO Hosted by: U.S. Standardization System a market driven approach In the U.S. alone, there are more than one hundred thousand standards These documents

311 views • 12 slides
Standardization and testing of powertrain components Van den Bossche Peter Vrije Universiteit

Standardization and testing of powertrain components Van den Bossche Peter Vrije Universiteit

Type to enter text Standardization and testing of powertrain components Van den Bossche Peter Vrije Universiteit Brussel IEC TC69 EGVIA 2014 EV Standardization Landscape EV electrical aspects Wireless charging interface (if not charging)

332 views • 17 slides
Bienvenue ICT technical standardization Focus on Cloud Computing Mr. Nicolas Domenjoud

Bienvenue ICT technical standardization Focus on Cloud Computing Mr. Nicolas Domenjoud

Bienvenue ICT technical standardization Focus on Cloud Computing Mr. Nicolas Domenjoud Responsable secteur TIC & Normalisation ILNAS/OLN 04 February 2020 AGENDA I ICT TECHNICAL STANDARDIZATION II STANDARDS ANALYSIS

581 views • 36 slides
ILNAS Breakfast Smart Cities Standardization ILNAS 15.12.2017 AGENDA 09:00 - 09:05 |

ILNAS Breakfast Smart Cities Standardization ILNAS 15.12.2017 AGENDA 09:00 - 09:05 |

ILNAS Breakfast Smart Cities Standardization ILNAS 15.12.2017 AGENDA 09:00 - 09:05 | Introduction Dr. Jean-Philippe HUMBERT, ILNAS 09:05 - 09:10 | Standardization in Luxembourg Mr. Jrme HOEROLD, ILNAS (OLN - National Standards Body)

1.21k views • 58 slides
ISO 14001 2015 Changes Andrew Thornhill Craig Thornton IRM Systems Pty Ltd Mango Limited

ISO 14001 2015 Changes Andrew Thornhill Craig Thornton IRM Systems Pty Ltd Mango Limited

ISO 14001 2015 Changes Andrew Thornhill Craig Thornton IRM Systems Pty Ltd Mango Limited andrew@irmsystems.com.au craig@mangolive.com Mango Craig Thornton Chief Marketing Officer, Mango Limited craig@mangolive.com New

407 views • 18 slides
SQL/PGQ & GQL STATUS Keith W. Hare Convenor, ISO/IEC JTC1 SC32 WG3 Database Languages

SQL/PGQ & GQL STATUS Keith W. Hare Convenor, ISO/IEC JTC1 SC32 WG3 Database Languages

2019-03-05 W3C Workshop on Web Standardization for Graph Data 1 SQL/PGQ & GQL STATUS Keith W. Hare Convenor, ISO/IEC JTC1 SC32 WG3 Database Languages Senior Consultant, JCC Consulting, Inc. 2 W3C Workshop on Web Standardization for

203 views • 19 slides
Knowledge mechanisms in IEEE 1471 & ISO/IEC 42010 Rich Hilliard r.hilliard@computer.org Two

Knowledge mechanisms in IEEE 1471 & ISO/IEC 42010 Rich Hilliard r.hilliard@computer.org Two

Knowledge mechanisms in IEEE 1471 & ISO/IEC 42010 Rich Hilliard r.hilliard@computer.org Two Themes Knowledge mechanisms in IEEE 1471 and ISO/IEC 42010 2000 edition and on-going revision Toward a (bigger) picture of Architectural

948 views • 45 slides
Govern well thy appetite, lest Sin Surprise thee, and her black attendant Death. John

Govern well thy appetite, lest Sin Surprise thee, and her black attendant Death. John

Tie ISO 31 000 standard on risk management Eric Marsden <emarsden@risk-engineering.org> Govern well thy appetite, lest Sin Surprise thee, and her black attendant Death. John Milton, Paradise Lost efgective risk management

615 views • 43 slides
The ISO Standardization Process of PLAID: A Cryptographers Perspective Real World Cryptography

The ISO Standardization Process of PLAID: A Cryptographers Perspective Real World Cryptography

The ISO Standardization Process of PLAID: A Cryptographers Perspective Real World Cryptography Workshop 2015 Arno Mittelbach based on joint work with Jean Paul Degabriele, Victoria Fehr, Marc Fischlin, Tommaso Gagliardoni, Felix Gnther,

488 views • 24 slides
MBUI in relationship to ISO/IEC 24752 Universal Remote Console Jochen Frey , Jan Alexandersson,

MBUI in relationship to ISO/IEC 24752 Universal Remote Console Jochen Frey , Jan Alexandersson,

MBUI in relationship to ISO/IEC 24752 Universal Remote Console Jochen Frey , Jan Alexandersson, Ingo Zinnikus, DFKI Gottfried Zimmermann, University of Tuebingen Gorka Epelde, Vicomtech The Universal Remote Console (URC) is a combination of

417 views • 16 slides
cryptography in ITU-T and ISO/IEC Hao Hao Qi Qin* CAS Q S Quant ntum Netw twork rk Co., .,

cryptography in ITU-T and ISO/IEC Hao Hao Qi Qin* CAS Q S Quant ntum Netw twork rk Co., .,

QCrypt 2020 Industry session August 12, 2020 E-meeting Standardization of quantum cryptography in ITU-T and ISO/IEC Hao Hao Qi Qin* CAS Q S Quant ntum Netw twork rk Co., ., Ltd td. *qinhao@casquantumnet.com Quantum key distribution:

161 views • 13 slides
Towards an ISO standard for dialogue act annotation Harry Bunt, Jan Alexandersson, Jean Carletta,

Towards an ISO standard for dialogue act annotation Harry Bunt, Jan Alexandersson, Jean Carletta,

Towards an ISO standard for dialogue act annotation Harry Bunt, Jan Alexandersson, Jean Carletta, Jae-Woong Choe, Koiti Hasida, Volha Petukhova, Andrei Popescu-Belis, Claudia Soria, David Traum, Kiyong Lee, Laurent Romary Speaking next Me

527 views • 29 slides

More recommend