Hassan Musallam Ahmed Qahur Al Mahri scite author profile

Hassan Musallam Ahmed Qahur Al Mahri

Sign up to set email alerts

|

5Publications

5Citation Statements Received

98Citation Statements Given

How they've been cited

How they cite others

Affiliations

Queensland University of Technology

Publications

Order By: Most citations

Random Fault Attacks on a Class of Stream Ciphers

¹

,

²

,

³

et al. 2019

Security and Communication Networks

View full text Add to dashboard Cite

In this paper, we show that stream ciphers with a particular form of ciphertext output function are vulnerable to differential fault attacks using random faults. The CAESAR competition candidates Tiaoxin-346 and AEGIS-128L both fall into this category, and we show that our attack can be used to recover the secret key of Tiaoxin-346 and the entire state of AEGIS-128L with practical complexity. In the case of AEGIS-128L, the attack can be applied in a ciphertext-only scenario. Our attacks are more practical than previous fault attacks on these ciphers, which assumed bit-flipping faults. Although we also consider other ways of mitigating our attacks, we recommend that cipher designers avoid the form of ciphertext output function that we have identified.

Fault Attacks on XEX Mode with Application to Certain Authenticated Encryption Modes

¹

,

²

,

³

et al. 2017

View full text Add to dashboard Cite

Tweaking Generic OTR to Avoid Forgery Attacks

¹

,

²

,

³

et al. 2016

View full text Add to dashboard Cite

A fundamental flaw in the ++AE authenticated encryption mode

¹

,

²

,

³

et al. 2018

View full text Add to dashboard Cite

In this article, we analyse a block cipher mode of operation for authenticated encryption known as ++AE (plus-plus-AE). We show that this mode has a fundamental flaw: the scheme does not verify the most significant bit of any block in the plaintext message. This flaw can be exploited by choosing a plaintext message and then constructing multiple forged messages in which the most significant bit of certain blocks is flipped. All of these plaintext messages will generate the same authentication tag. This forgery attack is deterministic and guaranteed to pass the ++AE integrity check. The success of the attack is independent of the underlying block cipher, key or public message number. We outline the mathematical proofs for the flaw in the ++AE algorithm. We conclude that ++AE is insecure as an authenticated encryption mode of operation.

Fault analysis of AEZ

¹

,

²

,

³

et al. 2018

Concurrency and Computation

View full text Add to dashboard Cite

Summary AEZ is a block cipher mode based on AES which uses three 128‐bit keys. The algorithm has been updated several times during the three rounds of the CAESAR cryptographic competition. Cryptanalytic results presented on AEZ to date do not breach its security. This paper describes a fault injection analysis on AEZ. We focus on analysing AEZ v4.2 but also investigate the applicability of these analyses to the recent version AEZ v5. This paper shows that all three 128‐bit keys in AEZ v4.2 can be uniquely retrieved using only three random‐valued single byte fault injections. A similar approach using four fault injections can uniquely recover all three keys of AEZ v5. The feasibility of this fault injection methodology has been proven against AES in previous works.

1

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Copyright © 2024 scite LLC. All rights reserved.

Made with 💙 for researchers

Part of the Research Solutions Family.