HAKIN9 EXTRA 6/2012

Timing Attacks on AES
By Vincent Rijmen
In this article, we explain two timing attacks on AES. Firstly, by way of introduction, we show how a naive implementation of the finite field operations used in the MixColumns step of AES leads to a simple attack. This attack can also be avoided easily. Next, we show an attack based on the timing differences caused by the working of cache memory. The attack assumes that an attacker can make accurate timing measurements and requires a bit more analysis, but is also more difficult to counter.

Timing Attacks Against RSA Revisited
By Qi Chai
To make our attacks more instructive and concise, we consider a “local” attacking scenario such that Eve is able to access the target device, e.g., a server or a tamper-resistant smartcard, that stores the private key and runs RSA encryption and decryption (implemented by the right to left square-and-multiply) when stimulated, and Eve has a physical clone of the target device, e.g., another server of the same model or another smartcard. In addition, we assume that Eve is able to measure the time spent on the RSA decryption on the target device and any other operations on the cloned device that do not request secret parameters.

Variant Pseudo-Random Number Generator
By Weizhong Yang, Jeffrey Zhi J. Zheng
Variant Pseudo-Random Number Generator (VPRNG) based on the Variant Logic framework – an extension of Cellular Automata (CA) – is proposed to construct a PRNG. A list of classical methods on PRNG, BBS, ANSI X9.17 and DES were used in comparison under the NIST Statistical Test Suite, the measurement results show that the VPRNG can produce a better pseudo-random number series in most cases than the compared models.
Keywords: PRNG, Variant Logic, CA, Cryptanalytic attacks, Timing attack

SafeSlinger: Easy-to-Use and Secure Public-Key Exchange
By Michael W. Farb, Yue-Hsun Lin, Adrian Perrig, Jonathan McCune
SafeSlinger is a system for secure exchange of authentic information between two smartphones, and a user interface for secure messaging. In essence, SafeSlinger exchanges contact information, containing public keys in addition to standard contact list information such as name, picture, phone numbers, email addresses, etc. Thanks to the association between the individual holding the phone and the public key that is exchanged, users (with the help of the SafeSlinger App) can later associate digital communication with the previously met individual by verifying a digital signature. To make SafeSlinger usable, the cryptographic aspects are mostly hidden from the user, and we have built-in several approaches to make SafeSlinger tolerant to user error.

Overview of Side Channel and Timing Attacks
By Martin Rublik
Attacking the system design is mostly a theoretic task, but breaking it, has severe consequences to the system and its practical use. In cryptography these types of attack are mostly algorithmic attacks and are of course implementation independent. Therefore when a practical algorithmic attack on cryptographic system is found the system needs to be replaced where applicable. An example of such an attack would be design flaws in WEP [1] that lead to WPA/WPA2 rollout or flaws found in MD5 hash algorithm [2] that lead to global hash algorithm change in X.509 certificates.

The Dichotomy of Symmetric vs. Asymmetric Cryptography
By Wayne Patterson
Around the time of the introduction of the DES, Diffie and Hellman [8] described a model by which the key management problem as described above could be solved. Their concept was to suppose that it could be possible for a key K to have two components, a public part that we will call Kp and a secret part that we will call Ks. Thus the entire key could be described as K = (Kp, Ks). We would furthermore require that only the public part of the key, Kp, would be necessary for encryption, but the entire key K would be necessary to decrypt.

Timing Attack Against the CBC Operating Mode
By Matthieu Bontrond
Block ciphers algorithms require also to be used with an operating mode. Various works have been performed around operating modes providing authentication of the underlying data. Nevertheless they are still not widely deployed and some communication protocols use older operating modes. One of the most common operating modes is the CBC mode (Cipher Block Chaining). In particular, this operating mode is commonly used with the DES/TDES encryption algorithm. Despites a drawback inherent to the chaining operation, this operating mode is simple and no flaws have been reported.

Automated Algebraic Cryptanalysis
By Theodosis Mourouzis
Crypto-designers’ aim is that the underlying system of equations is not solvable faster than exhaustive key search. In general, solving a random multivariate system of equations is NP-hard [11]. However, in most cryptographic schemes, their rich algebraic and geometric properties can be further exploited to solve the underlying system. In this article, we provide an introduction to algebraic cryptanalysis and we describe how this 2-step process can be considered as an automated cryptanalytic process. Such attacks have been a big success for stream ciphers, however for block ciphers, until recently, only a limited number of rounds could be broken. In the last section we present a key recovery algebraic attack for 4 rounds of the Russian government standard block cipher GOST [7] given 2 known pairs of plaintexts and ciphertexts [13].

Cache-Timing Attacks on Symmetric Cryptographic Primitives
By Michael Wisher
Cache timing attacks apply to symmetric cryptographic primitives – block and stream ciphers – when they use operations that access memory based on secret key material.
They apply to a majority of block ciphers, which since the Data Encryption Standard, have traditionally relied heavily on substitution (s-) boxes. These are operations that implement highly non-linear equations to obscure the relationship between the key and the ciphertext. Commonly, ciphers use 4×4, 8×8 or 8×32 s-boxes, where an mxn s-box takes an m-bit input and outputs an n-bit output.

Timing Attacks on Practical Quantum Cryptographic Systems
By Nitin Jain
A quest for the answer to this question began roughly a decade ago and has led to some astonishing results [Leuchs, 2011]; see Fig. 5. Termed ‘quantum hacking’, this research field has witnessed many successful proof-of-principle attacks devised and performed on practical QKD systems. The attacks primarily show how an eavesdropper obtains partial or full info about the secret key without breaching the QBER threshold. It should be stressed that a majority of the eavesdropping strategies utilized differences between the security proof of the QKD protocol (a.k.a. the theoretical model) and the actual implementation. These differences mainly arise due to technical imperfections or deficiencies of the hardware, such as single-photon detectors.

An Interview with Vitaliy Mokosiy
What exactly should any user know regarding this tool? Are there some specific technical features?
Bandura provides quick and efficient imaging of damaged hard drives. The maximum speed rate of imaging is 256 MB/s. It is only limited by the hard disk’s internal transfer rate. Also, it is very important to point out that you can stop the imaging process at any time, and you may resume it later. I would like to emphasize the following features: a colored 3.3-inch screen, erasing speed up to 280 MB/s, write protection for source port, autosaving of all results and steps during the process to the USB flash, firmware updates through the same USB flash, etc. By the way, all Bandura firmware updates are totally free.