Orlt, Maximilian (2024)
Leakage and Fault Resilience of Cryptographic Implementations.
Technische Universität Darmstadt
doi: 10.26083/tuprints-00027794
Dissertation, Erstveröffentlichung, Verlagsversion
Kurzbeschreibung (Abstract)
Modern cryptography is the science to develop cryptographic primitives for secure communication in the presence of an adversary. The security of these primitives is usually proven in the black box model, which restricts the adversary to manipulate only the inputs of the primitives and to observe their outputs. However, Paul Kocher demonstrated at CRYPTO’96 that real-world implementations of such primitives can be attacked not only via their input-output behavior but also via so-called side-channels. The latter allow the adversary to learn information about inner computations, e.g., by measuring the runtime or power consumption of the device that executes the primitive. Shortly after, at EUROCRYPT’97, Boneh et al. even advanced the research on implementation attacks by injecting faults, manipulating inner computations using methods such as laser beams or electromagnetic pulses. Their attacks illustrate the vulnerability of implementations that are provable secure in the black box model. As a consequence, Ishai et al. formalized those attacks and investigated provably secure countermeasures for side-channel and fault attacks at CRYPTO’03 and EUROCRYPT’06, respectively.
Following their new research direction, this thesis addresses leakage and fault resilience of cryptographic implementations. As a first step, this thesis presents methods to protect arbitrary computations against side-channel attacks, focusing on masked circuits in the random probing model. We propose two different approaches to prove security, namely the so called Probe Distribution Table (PDT) and Dependency Graph (DG). While the PDT significantly improves concrete security results of state-of-the-art constructions, the DG allows for an asymptotic security analysis which is particularly efficient for affine circuits. As a second step, this thesis introduces two fault-resilient cryptographic primitives to address faults in secret values such as keys and passwords. The first primitive, fuzzy asymmetric password-authenticated key exchange (faPAKE), deals with typos in passwords, allowing two parties to generate a common key based on partial password knowledge. The second primitive is a deterministic authenticated encryption scheme which is provably secure against fault attacks, and which allows for secure communication in the presence of malicious faults on the secret key. Finally, the thesis presents two secure compilers that combine fault and leakage viiresilience, addressing scenarios where an adversary can simultaneously probe and fault the internal computation. Given that standalone fault and leakage resilience is not sufficient to ensure combined resilience, we introduce a new security property, the so-called fault-invariance, that allows proofs to ensure security against combined attacks.
| Typ des Eintrags: | Dissertation | ||||
|---|---|---|---|---|---|
| Erschienen: | 2024 | ||||
| Autor(en): | Orlt, Maximilian | ||||
| Art des Eintrags: | Erstveröffentlichung | ||||
| Titel: | Leakage and Fault Resilience of Cryptographic Implementations | ||||
| Sprache: | Englisch | ||||
| Referenten: | Faust, Prof. Dr. Sebastian ; Standaert, Prof. Dr. François-Xavier | ||||
| Publikationsjahr: | 20 August 2024 | ||||
| Ort: | Darmstadt | ||||
| Kollation: | 204 Seiten in verschiedenen Zählungen | ||||
| Datum der mündlichen Prüfung: | 5 Februar 2024 | ||||
| DOI: | 10.26083/tuprints-00027794 | ||||
| URL / URN: | https://tuprints.ulb.tu-darmstadt.de/27794 | ||||
| Kurzbeschreibung (Abstract): | Modern cryptography is the science to develop cryptographic primitives for secure communication in the presence of an adversary. The security of these primitives is usually proven in the black box model, which restricts the adversary to manipulate only the inputs of the primitives and to observe their outputs. However, Paul Kocher demonstrated at CRYPTO’96 that real-world implementations of such primitives can be attacked not only via their input-output behavior but also via so-called side-channels. The latter allow the adversary to learn information about inner computations, e.g., by measuring the runtime or power consumption of the device that executes the primitive. Shortly after, at EUROCRYPT’97, Boneh et al. even advanced the research on implementation attacks by injecting faults, manipulating inner computations using methods such as laser beams or electromagnetic pulses. Their attacks illustrate the vulnerability of implementations that are provable secure in the black box model. As a consequence, Ishai et al. formalized those attacks and investigated provably secure countermeasures for side-channel and fault attacks at CRYPTO’03 and EUROCRYPT’06, respectively. Following their new research direction, this thesis addresses leakage and fault resilience of cryptographic implementations. As a first step, this thesis presents methods to protect arbitrary computations against side-channel attacks, focusing on masked circuits in the random probing model. We propose two different approaches to prove security, namely the so called Probe Distribution Table (PDT) and Dependency Graph (DG). While the PDT significantly improves concrete security results of state-of-the-art constructions, the DG allows for an asymptotic security analysis which is particularly efficient for affine circuits. As a second step, this thesis introduces two fault-resilient cryptographic primitives to address faults in secret values such as keys and passwords. The first primitive, fuzzy asymmetric password-authenticated key exchange (faPAKE), deals with typos in passwords, allowing two parties to generate a common key based on partial password knowledge. The second primitive is a deterministic authenticated encryption scheme which is provably secure against fault attacks, and which allows for secure communication in the presence of malicious faults on the secret key. Finally, the thesis presents two secure compilers that combine fault and leakage viiresilience, addressing scenarios where an adversary can simultaneously probe and fault the internal computation. Given that standalone fault and leakage resilience is not sufficient to ensure combined resilience, we introduce a new security property, the so-called fault-invariance, that allows proofs to ensure security against combined attacks. |
||||
| Alternatives oder übersetztes Abstract: |
|
||||
| Status: | Verlagsversion | ||||
| URN: | urn:nbn:de:tuda-tuprints-277948 | ||||
| Sachgruppe der Dewey Dezimalklassifikatin (DDC): | 000 Allgemeines, Informatik, Informationswissenschaft > 004 Informatik | ||||
| Fachbereich(e)/-gebiet(e): | 20 Fachbereich Informatik 20 Fachbereich Informatik > Angewandte Kryptographie |
||||
| Hinterlegungsdatum: | 20 Aug 2024 13:13 | ||||
| Letzte Änderung: | 21 Aug 2024 08:24 | ||||
| PPN: | |||||
| Referenten: | Faust, Prof. Dr. Sebastian ; Standaert, Prof. Dr. François-Xavier | ||||
| Datum der mündlichen Prüfung / Verteidigung / mdl. Prüfung: | 5 Februar 2024 | ||||
| Export: | |||||
| Suche nach Titel in: | TUfind oder in Google | ||||
 |
Frage zum Eintrag |
Optionen (nur für Redakteure)
 |
Redaktionelle Details anzeigen |
Drucken
Impressum