Abstract
Implementation attacks such as power analysis and fault attacks have shown that, if potential attackers have physical access to a cryptographic device, achieving practical security requires more considerations apart from just cryptanalytic security. In recent years, and with the advent of micro-architectural or hardware-oriented attacks, it became more and more clear that similar attack vectors can also be exploited on larger computing platforms and without the requirement of physical proximity of an attacker. While newly discovered attacks typically come with implementation recommendations that help counteract a specific attack vector, the process of constantly patching cryptographic code is quite time consuming in some cases, and simply not possible in other cases.
What adds up to the problem is that the popular approach of leakage resilient cryptography only provably solves part of the problem: it discards the threat of faults. Therefore, we put forward the usage of leakage and tamper resilient cryptographic algorithms, as they can offer built-in protection against various types of physical and hardware oriented attacks, likely including attack vectors that will only be discovered in the future. In detail, we present the - to the best of our knowledge - first framework for proving the security of permutation-based symmetric cryptographic constructions in the leakage and tamper resilient setting. As a proof of concept, we apply the framework to a sponge-based stream encryption scheme called asakey and provide a practical analysis of its resistance against side channel and fault attacks
What adds up to the problem is that the popular approach of leakage resilient cryptography only provably solves part of the problem: it discards the threat of faults. Therefore, we put forward the usage of leakage and tamper resilient cryptographic algorithms, as they can offer built-in protection against various types of physical and hardware oriented attacks, likely including attack vectors that will only be discovered in the future. In detail, we present the - to the best of our knowledge - first framework for proving the security of permutation-based symmetric cryptographic constructions in the leakage and tamper resilient setting. As a proof of concept, we apply the framework to a sponge-based stream encryption scheme called asakey and provide a practical analysis of its resistance against side channel and fault attacks
| Originalsprache | englisch |
|---|---|
| Titel | CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security |
| Erscheinungsort | New York, NY |
| Herausgeber (Verlag) | Association of Computing Machinery |
| Seiten | 859–873 |
| Seitenumfang | 15 |
| ISBN (elektronisch) | 978-1-4503-9450-5 |
| DOIs | |
| Publikationsstatus | Veröffentlicht - 7 Nov. 2022 |
| Veranstaltung | 2022 ACM SIGSAC Conference on Computer and Communications Security: ACM CSS 2022 - Los Angeles, USA / Vereinigte Staaten Dauer: 7 Nov. 2022 → 11 Nov. 2022 |
Publikationsreihe
| Name | Proceedings of the ACM Conference on Computer and Communications Security |
|---|---|
| ISSN (Print) | 1543-7221 |
Konferenz
| Konferenz | 2022 ACM SIGSAC Conference on Computer and Communications Security |
|---|---|
| Kurztitel | ACM CSS 2022 |
| Land/Gebiet | USA / Vereinigte Staaten |
| Ort | Los Angeles |
| Zeitraum | 7/11/22 → 11/11/22 |
ASJC Scopus subject areas
- Software
- Computernetzwerke und -kommunikation