Impossible meet-in-the-middle fault analysis on the LED lightweight cipher in VANETs

Li, Wei; Rijmen, Vincent; Tao, Zhihua; Wang, Qingju; Chen, Hua; Liu, Yunwen; Li, Chaoyun; Ya, Liu

doi:10.1007/s11432-017-9209-0

Cited by 5 publications

(8 citation statements)

References 31 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Then, WK can be obtained according to the following formula: 16 ). (14) According to the key schedule of Midori, the adversary makes further derivations to obtain K 0 . The equations are shown in Equations (15) to (19).…”

Section: Analysis Of Fault Difference Equationsmentioning

confidence: 99%

“…Since Boneh et al [9] used fault attacks to break RSA, effective fault analysis methods have become research hotspot. In lightweight block encryption analysis, fault attacks have been extended to impossible differential fault attack (IDFA) [10], impossible differential attack (IDA) [11,12], algebraic fault attack (AFA) [13], impossible meet-in-the-middle attack (IMMA) [14], differential fault attack (DFA) [15] and blind fault attack [16]. These methods mainly analyze the characteristic relationship between the data of the cryptosystem after the injection fault and obtain the secret key by means of solver and mathematical analysis.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

An Effective Simulation Analysis of Transient Electromagnetic Multiple Faults

Liang

Sun

Zhu

et al. 2020

Sensors

View full text Add to dashboard Cite

Embedded encryption devices and smart sensors are vulnerable to physical attacks. Due to the continuous shrinking of chip size, laser injection, particle radiation and electromagnetic transient injection are possible methods that introduce transient multiple faults. In the fault analysis stage, the adversary is unclear about the actual number of faults injected. Typically, the single-nibble fault analysis encounters difficulties. Therefore, in this paper, we propose novel ciphertext-only impossible differentials that can analyze the number of random faults to six nibbles. We use the impossible differentials to exclude the secret key that definitely does not exist, and then gradually obtain the unique secret key through inverse difference equations. Using software simulation, we conducted 32,000 random multiple fault attacks on Midori. The experiments were carried out to verify the theoretical model of multiple fault attacks. We obtain the relationship between fault injection and information content. To reduce the number of fault attacks, we further optimized the fault attack method. The secret key can be obtained at least 11 times. The proposed ciphertext-only impossible differential analysis provides an effective method for random multiple faults analysis, which would be helpful for improving the security of block ciphers.

show abstract

Section: Analysis Of Fault Difference Equationsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

An Effective Simulation Analysis of Transient Electromagnetic Multiple Faults

Liang

Sun

Zhu

et al. 2020

Sensors

View full text Add to dashboard Cite

show abstract

“…This scheme requires 2 16 key searches to correctly guess the secret key. Li et al proposed a novel impossible meet‐in‐the‐middle fault analysis to break the LED. In this attack, the faults can be inserted into the fourth last round of the LED, and subsequently the more rounds are affected.…”

Section: Related Workmentioning

confidence: 99%

Correlation power analysis and effective defense approach on light encryption device block cipher

Kumar

Reddy

Tripathy

et al. 2019

Security and Privacy

View full text Add to dashboard Cite

Recently many works have shown that one of the weaknesses of cryptographic algorithms is power analysis attacks on its hardware implementation. This side channel analysis (SCA) is of interest because such attack can leak information of cryptographic algorithms. So, developing attack resistant mechanism is important for hardware security modules. This paper investigates the vulnerability of light encryption device (LED) block cipher, against correlation power analysis. LED is a lightweight block cipher targeted for compact hardware implementation to protect ubiquitous computing data. We use Chipwhisperer capture hardware to capture power traces during encryption of randomly generated plain texts using the same secret key. Our proposed attack successfully retrieves all 64 bits of secret key correctly using only 300 power traces and 256 key guesses. Furthermore, we propose a simple but effective mitigation technique to prevent such attacks. K E Y W O R D SChipwhisperer, correlation power analysis, LED block cipher 1 Security Privacy. 2019;2:e87.wileyonlinelibrary.com/journal/spy2

show abstract

“…The PRESENT block cipher was standardised by ISO/IEC 29192-2 [14] and the SIMON cipher has been standardised by ISO as a part of the radio frequency identification (RFID) air interface standard, International Standard ISO/29167-21 for use by commercial entities. The security and robustness of PRESENT, SIMON, and LED are investigated in [11][12][13][14][15][16][17][18] by testing resistance against different attacks such as linear attack, differential attack, boomerang attack, higher-order differential attack, interpolation attack, impossible differential attack, improved zero-correlation attack, cube tester, square/collision attack, impossible meet-in-the-middle (MITM) fault analysis, algebraic, and rectangle. The slide attack is a block cipher cryptanalysis technique [13] that exploits the degree of selfsimilarity of a permutation.…”

Section: Introductionmentioning

confidence: 99%

Flexible structures of lightweight block ciphers PRESENT, SIMON and LED

Rashidi¹

2020

IET Circuits, Devices & Systems

View full text Add to dashboard Cite

Security and privacy of the Internet of Things (IoT) systems are critical challenges in many data-sensitive applications. The IoT systems are constrained in terms of execution time, flexibility and computational resources. In recent years, many encryption algorithms have been proposed to provide the security of IoT communication. In this study, flexible and high-throughput hardware structures of the PRESENT, SIMON, and LED lightweight block ciphers are presented for IoT applications. The proposed flexible structures can perform various configurations of these block ciphers to support variable key sizes. For example, the PRESENT, SIMON, and LED ciphers support key sizes (80, 128 bits), (96, 144, 128, 192, and 256 bits), and (64, 128 bits), respectively. Therefore, these architectures provide versatile implementations that enable adaptive security level using a variable key size. In the proposed structures, sub-blocks of the ciphers are implemented based on optimised circuits. In the PRESENT and LED ciphers, the S-boxes are implemented based on area-optimised logic circuits. The implementation results of proposed flexible architectures are achieved in 180 nm CMOS technology. Area, throughput and throughput/area of the proposed structures have improved compared to other related works.

show abstract

Impossible meet-in-the-middle fault analysis on the LED lightweight cipher in VANETs

Cited by 5 publications

References 31 publications

An Effective Simulation Analysis of Transient Electromagnetic Multiple Faults

An Effective Simulation Analysis of Transient Electromagnetic Multiple Faults

Correlation power analysis and effective defense approach on light encryption device block cipher

Flexible structures of lightweight block ciphers PRESENT, SIMON and LED

Contact Info

Product

Resources

About