On Leakage-Resilient Authenticated Encryption with Decryption Leakages

Berti, Francesco; Pereira, Olivier; Peters, Thomas; Standaert, François‐Xavier

doi:10.46586/tosc.v2017.i3.271-293

Cited by 32 publications

(17 citation statements)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…(2) Cloud-based video surveillance saves a lot of storage resources and provides a convenient and low-cost monitoring capability for small-scale scene applications such shops and families. However, shops and families often lack security awareness and protection skills, which makes web cameras and monitors (most of the time, the monitor is just a normal personal computer) vulnerable [ 33 , 34 ].…”

Section: Our Workmentioning

confidence: 99%

Secure Video Surveillance Framework in Smart City

Xiezhang

Yang

et al. 2021

Sensors

View full text Add to dashboard Cite

In the construction process of smart cities, more and more video surveillance systems have been deployed for traffic, office buildings, shopping malls, and families. Thus, the security of video surveillance systems has attracted more attention. At present, many researchers focus on how to select the region of interest (RoI) accurately and then realize privacy protection in videos by selective encryption. However, relatively few researchers focus on building a security framework by analyzing the security of a video surveillance system from the system and data life cycle. By analyzing the surveillance video protection and the attack surface of a video surveillance system in a smart city, we constructed a secure surveillance framework in this manuscript. In the secure framework, a secure video surveillance model is proposed, and a secure authentication protocol that can resist man-in-the-middle attacks (MITM) and replay attacks is implemented. For the management of the video encryption key, we introduced the Chinese remainder theorem (CRT) on the basis of group key management to provide an efficient and secure key update. In addition, we built a decryption suite based on transparent encryption to ensure the security of the decryption environment. The security analysis proved that our system can guarantee the forward and backward security of the key update. In the experiment environment, the average decryption speed of our system can reach 91.47 Mb/s, which can meet the real-time requirement of practical applications.

show abstract

Section: Our Workmentioning

confidence: 99%

Secure Video Surveillance Framework in Smart City

Xiezhang

Yang

et al. 2021

Sensors

View full text Add to dashboard Cite

show abstract

“…In [BBC + 20], the authors present a practical side-channel attack against a tag verification implemented on an ARM Cortex-M0. It can directly be used to forge valid messages under adversarial control [BPPS17], and therefore to break the integrity of a software update. We repeat that experiment with two differences: (i) we use an ARM Cortex-M4 which is more noisy, and (ii) we do template attacks in a linear subspace instead of directly in the leakage domain.…”

Section: Tag Recovery Attackmentioning

confidence: 99%

“…While this appears as a strong motivation given the challenge of implementing masking securely on low-end devices [BS20], we observe that the main security property that is required for this purpose is ciphertext integrity with leakage in decryption. As discussed in [BPPS17], this property can be reached with two calls to a strongly protected block cipher and letting most of the other parts of the implementation leak in an unbounded manner. Yet, it requires a careful instantiation of the tag verification.…”

Section: Introductionmentioning

confidence: 99%

“…Namely, either this tag verification is protected at the implementation level (e.g., via masking), which contradicts the goal of relying only on hardware coprocessors, or it has to be designed such that leaking the verified value cannot lead to forgeries. It is shown in [BPPS17] that an inverse-based verification can remain secure with unbounded leakages. The variant in [DEM + 20] achieves a similar result without inverse, but based on a slightly stronger assumption, which translates into security against Simple Power Analysis (SPA).…”

Section: Introductionmentioning

confidence: 99%

“…We finally mention that the issue of secure tag comparison is not a new one in cryptography. It has been frequently discussed in the context of authenticated encryption and has for example been put forward by both Barwell et al [BPS15] and Berti et al [BPPS17].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Improved Leakage-Resistant Authenticated Encryption based on Hardware AES Coprocessors

Bronchain

Momin

Peters

et al. 2021

TCHES

Self Cite

View full text Add to dashboard Cite

We revisit Unterstein et al.’s leakage-resilient authenticated encryption scheme from CHES 2020. Its main goal is to enable secure software updates by leveraging unprotected (e.g., AES, SHA256) coprocessors available on low-end microcontrollers. We show that the design of this scheme ignores an important attack vector that can significantly reduce its security claims, and that the evaluation of its leakage-resilient PRF is quite sensitive to minor variations of its measurements, which can easily lead to security overstatements. We then describe and analyze a new mode of operation for which we propose more conservative security parameters and show that it competes with the CHES 2020 one in terms of performances. As an additional bonus, our solution relies only on AES-128 coprocessors, an

show abstract