Filters








770 Hits in 6.0 sec

Algorithm Substitution Attacks: State Reset Detection and Asymmetric Modifications

Philip Hodges, Douglas Stebila
2021 IACR Transactions on Symmetric Cryptology  
First, we formalize and study the use of state resets to detect ASAs, and show that many published stateful ASAs are detectable with simple practical methods relying on state resets.  ...  In this paper, we study algorithm substitution attacks (ASAs), where an algorithm in a cryptographic scheme is substituted for a subverted version.  ...  Detecting Ateniese, Magri, and Venturi's ASA using simple state reset Ateniese, Magri, and Venturi [AMV15] describe two different symmetric algorithm substitution attacks on signature schemes.  ... 
doi:10.46586/tosc.v2021.i2.389-422 fatcat:3p5txsxlgrfr3a3cbsnc36vkym

Algorithm Substitution Attacks against Receivers [article]

Marcel Armour, Bertram Poettering
2022 IACR Cryptology ePrint Archive  
This work describes a class of Algorithm Substitution Attack (ASA) generically targeting the receiver of a communication between two parties.  ...  We present a new class of attack that targets the decryption algorithm of an encryption scheme for symmetric encryption and public key encryption, or the verification algorithm for an authentication scheme  ...  Acknowledgements The research of Armour was supported by the EPSRC and the UK government as part of the Centre for Doctoral Training in Cyber Security at Royal Holloway, University of London (EP/P009301  ... 
dblp:journals/iacr/ArmourP22 fatcat:rhlzdghjlrg5zfabfcguqnpxvu

ASAP: Algorithm Substitution Attacks on Cryptographic Protocols [article]

Sebastian Berndt, Jan Wichelmann, Claudius Pott, Tim-Henrik Traving, Thomas Eisenbarth
2020 IACR Cryptology ePrint Archive  
Kleptography or algorithm substitution attacks (ASA) describe techniques to place backdoors right into cryptographic primitives.  ...  Our analysis shows that careful design of ASAs makes detection unlikely while leaking long-term secrets within a few messages in the case of TLS and WireGuard, allowing impersonation attacks.  ...  If it does not, we reset the function's encryption state and try again with a different eIV.  ... 
dblp:journals/iacr/BerndtWPTE20 fatcat:vjmaha7v65ftvfkdat5vndoujm

The Sorcerer's Apprentice Guide to Fault Attacks

H. Bar-El, H. Choukri, D. Naccache, M. Tunstall, C. Whelan
2006 Proceedings of the IEEE  
Several examples of attacks stemming from the exploiting of faults are explained. Finally a series of countermeasures to thwart these attacks are described.  ...  Since then various mechanisms for fault creation and propagation have been discovered and researched.  ...  Practical applications of these attacks were presented. These applications included attacks on keys and symmetric and asymmetric cryptosystems.  ... 
doi:10.1109/jproc.2005.862424 fatcat:djg7jmfjxbdjbpm3mehfbjqjtu

Information Attacks on Online Social Networks

Enrico Franchi, Agostino Poggi, Michele Tomaiuolo
2014 Journal of Information Technology Research  
Apparently harmless information can be exploited, and the more information the attacker has, the more severe and sophisticated the attack can be.  ...  The communication and transport component. It encapsulates basic inter-networking and adhoc networking functionalities. Moreover, we can distinguish two different kinds of attackers: 1. Intruders.  ...  ., any message and any piece of information can be guaranteed to come from the owner of the key: a clone could be easily detected.  ... 
doi:10.4018/jitr.2014070104 fatcat:u3yw2d6t55cblbd3mdvuqmbxty

Overview about attacks on smart cards

Wolfgang Rankl
2003 Information Security Technical Report  
However, security is not only dependent on the specialised hardware of the microcontroller or on the cryptographic algorithms implemented in the operating system software.  ...  The essential property of a smart card is its ability to offer a secure environment for data and programmes.  ...  The descriptions of the attacks represent the state-of-the-art, and they are intended for persons who are inexperienced in the topic of smart card security.  ... 
doi:10.1016/s1363-4127(03)00107-9 fatcat:amuptu63tjd4rbfckfkhwycnna

Space-time encoding scheme for DDoS attack traceback

M. Muthuprasanna, G. Manimaran
2005 GLOBECOM '05. IEEE Global Telecommunications Conference, 2005.  
Marking this information elsewhere could lead to packet fragmentation and/or attack amplification when a clever attack is launched.  ...  Several IP Traceback schemes employing packet marking have been proposed to trace attacks that use source address spoofing, such as DoS/DDoS attacks.  ...  ACKNOWLEDGMENT The authors would like to thank Srikanta Tirthapura and Basheer Al-Duwairi for their valuable inputs in the analysis and simulations carried out in this paper respectively.  ... 
doi:10.1109/glocom.2005.1577967 dblp:conf/globecom/MuthuprasannaM05 fatcat:zyqhsdlkkffojb4vdg2bltm7he

Thwarting Fault Attacks using the Internal Redundancy Countermeasure (IRC) [article]

Benjamin Lac, Anne Canteaut, Jacques J. A. Fournier, Renaud Sirdey
2017 IACR Cryptology ePrint Archive  
We report practical experiments showing that IRC successfully thwarts fault attacks on the block cipher PRIDE and on the stream cipher TRIVIUM for which we protect both the initialization and the keystream  ...  Keywords: IRC ¤ Physical attacks ¤ Fault attacks ¤ SIMD instructions ¤ Software countermeasure ¤ Lightweight cryptography ¤ IoT.  ...  of the cryptographic algorithm so that the attacker has no mastery of the data being manipulated and no means to understand what is happening.  ... 
dblp:journals/iacr/LacCFS17a fatcat:keiehy43avdtncktodlberaena

Machine Learning for Reliable Network Attack Detection in SCADA Systems

Rocio Lopez Perez, Florian Adamsky, Ridha Soua, Thomas Engel
2018 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)  
Traditional Intrusion Detection Systems (IDSs) cannot detect attacks that are not already present in their databases.  ...  In this paper, we assess Machine Learning (ML) for intrusion detection in SCADA systems using a real data set collected from a gas pipeline system and provided by the Mississippi State University (MSU)  ...  We thank Dominic Dunlop for his review and comments that greatly improved the manuscript.  ... 
doi:10.1109/trustcom/bigdatase.2018.00094 dblp:conf/trustcom/PerezAS018 fatcat:7vkbaegacnbnja3zxyar6hfjja

Thwarting Fault Attacks against Lightweight Cryptography using SIMD Instructions

Benjamin Lac, Anne Canteaut, Jacques J. A. Fournier, Renaud Sirdey
2018 2018 IEEE International Symposium on Circuits and Systems (ISCAS)  
We report practical experiments showing that IRC successfully thwarts fault attacks on the block cipher PRIDE and on the stream cipher TRIVIUM for which we protect both the initialization and the keystream  ...  Keywords: IRC¨Physical attacks¨Fault attacks¨SIMD instructionsS oftware countermeasure¨Lightweight cryptography¨IoT.  ...  of the cryptographic algorithm so that the attacker has no mastery of the data being manipulated and 3 no means to understand what is happening.  ... 
doi:10.1109/iscas.2018.8351693 dblp:conf/iscas/LacCFS18 fatcat:o3y3tyygtredpkehx57pw3umha

Timing Analysis of Algorithm Substitution Attacks in a Post-Quantum TLS Protocol

Dúnia Marchiori, Alexandre A. Giron, João Pedro A. do Nascimento, Ricardo Custódio
2021 Anais do XXI Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg 2021)   unpublished
One of the most prominent subsets of these attacks is called Algorithm Substitution Attacks (ASA), where a subverted implementation leaks sensitive information.  ...  Results show that timing analysis can distinguish our Falcon subversion, but it is not enough to detect our attacks deployed in TLS.  ...  In the stateful setting, the disadvantage is that the attack could be detected with a state reset (see Section 2.4).  ... 
doi:10.5753/sbseg.2021.17311 fatcat:3jkrc3p2rvbqbi5trz4met24yu

Physical Fault Injection and Side-Channel Attacks on Mobile Devices: A Comprehensive Analysis [article]

Carlton Shepherd, Konstantinos Markantonakis, Nico van Heijningen, Driss Aboulkassimi, Clément Gaine, Thibaut Heckmann, David Naccache
2021 arXiv   pre-print
In total, we comprehensively survey over 50 fault injection and side-channel attack papers published between 2009-2021.  ...  We evaluate the prevailing methods, compare existing attacks using a common set of criteria, identify several challenges and shortcomings, and suggest future directions of research.  ...  The authors would like to thank the EXFILES WP5 project partners for comments and discussions around the topic of this work.  ... 
arXiv:2105.04454v5 fatcat:27ldfag7ejgvxh7cbs2qnevb24

A Versatile Framework for Implementation Attacks on Cryptographic RFIDs and Embedded Devices [chapter]

Timo Kasper, David Oswald, Christof Paar
2010 Lecture Notes in Computer Science  
The corresponding data acquisition system for side-channel attacks makes precise power and EM analyses possible.  ...  We thereby disprove the common belief that highly sophisticated and expensive equipment is required to conduct such attacks.  ...  For state-of-the-art implementations of cryptographic algorithms, these attacks generally demand for highly sophisticated equipment and require a very strong and well-funded adversary, while we are considering  ... 
doi:10.1007/978-3-642-17499-5_5 fatcat:yd7vx5jw5vh2boctlr2z2hjxcm

Fake BTS Attacks of GSM System on Software Radio Platform

Yubo Song, Kan Zhou, Xi Chen
2012 Journal of Networks  
The extension model and algorithms of recognition and resistance of attacks is presented.  ...  The authors' previous method played more emphasis on the feasibility that ant colony algorithm applied to community detection.  ...  Our system adjusts the state with attackers' progress. When the attacker gets appropriate results in a multi-step attack, system moves from Normal state to the Attempt state and so on.  ... 
doi:10.4304/jnw.7.2.275-281 fatcat:3ejjimllcvewjeifopbvhl3zmi

A Survey on Privacy-Preserving Authentication Schemes in VANETs: Attacks, Challenges and Open Issues

Sagheer Ahmed Jan, Noor Ul Amin, Mohamed Othman, Mazhar Ali Khan, Arif Iqbal Umar, Abdul Basir
2021 IEEE Access  
We have classified privacy and authentication schemes into four major groups with their security mechanisms, security requirements, strength, limitations, attacks countermeasures and performance measures  ...  The rapid growth in vehicles results in VANETs becoming large-scale, dynamic, heterogeneous and it is possible for the attacker to harm vehicular communication which leads to life-endangering situations  ...  ACKNOWLEDGMENT The authors would like to thank the financial support and facilities provided by Universiti Putra Malaysia and the Ministry of Education Malaysia for the execution, completion and publication  ... 
doi:10.1109/access.2021.3125521 fatcat:ddws5e32ffhdxaep6nhpa4wsfu
« Previous Showing results 1 — 15 out of 770 results