Random Differential Fault Attacks on the Lightweight Authenticated Encryption Stream Cipher Grain-128AEAD

Salam, Iftekhar; Ooi, Thian Hooi; Xue, Luxin; Yau, Wei-Chuen; Pieprzyk, Josef; Phan, Raphaël C.‐W.

doi:10.1109/access.2021.3078845

Cited by 12 publications

(13 citation statements)

References 26 publications

(29 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Salam et al [67] presented three differential fault attack models to Grain-128AEAD to recover the state of the Grain using a small number of faulty outputs. To identify potential fault targets, they generated and analyzed the algebraic normal form (ANF) of consecutive keystream bits.…”

Section: Differential Fault Attacks (Dfa)mentioning

confidence: 99%

A Review of the NIST Lightweight Cryptography Finalists and Their Fault Analyses

2022

Self Cite

View full text Add to dashboard Cite

The security of resource-constrained devices is critical in the IoT field, given that everything is interconnected. Therefore, the National Institute of Standards and Technology (NIST) initialized the lightweight cryptography (LWC) project to standardize the lightweight cryptography algorithms for resource-constrained devices. After two rounds, the NIST announced the finalists in 2021. The finalist algorithms are Ascon, Elephant, GIFT-COFB, Grain-128AEAD, ISAP, PHOTON-Beetle, Romulus, SPARKLE, TinyJambu, and Xoodyak. The final round of the competition is still in progress, and the NIST will select the winner based on their and third-party evaluations. In this paper, we review the 10 finalists mentioned above, discuss their constructions, and classify them according to the underlying primitives. In particular, we analyze these ciphers from different perspectives, such as cipher specifications and structures, design primitives, security parameters, advantages and disadvantages, and existing cryptanalyses. We also review existing analyses of these finalists with a specific focus on the review of fault attacks. We hope the study compiled in this paper will benefit the cryptographic community by providing an easy-to-grasp overview of the NIST LWC finalists.

show abstract

Section: Differential Fault Attacks (Dfa)mentioning

confidence: 99%

A Review of the NIST Lightweight Cryptography Finalists and Their Fault Analyses

2022

Self Cite

View full text Add to dashboard Cite

show abstract

“…This work presents a set of fault attacks that successfully recovers the majority of the internal state bits of Grain-128AEAD [2,3] . As an improvement of the research by Salam et al [4] , we have investigated two more relaxed fault attack models-a two-byte moderate control model assuming the injection of a random fault into two consecutive bytes and a four-byte moderate control model assuming the injection of a random fault into four consecutive bytes. This paper shows that the improved attack, a combined probabilistic-deterministic fault attack of more relaxed moderate control models, is feasible to identify all the required target fault registers in the linear feedback shift register (LFSR).…”

Section: Introductionmentioning

confidence: 99%

Improved differential fault analysis of Grain128-AEAD

Fang,

Salam,

Yau

2024

Journal of Surveillance, Security and Safety

View full text Add to dashboard Cite

The number of smart devices connected to the Internet has been constantly increasing, and as a result, lightweight cryptography (LWC) has become more important in the past decade. The Lightweight Cryptography (LWC) Project is an initiative taken by the National Institute of Standards and Technology (NIST) to standardize such LWC algorithms. Grain128-AEAD, which was submitted to the NIST LWC project, is an encryption algorithm that provides both confidentiality and integrity assurance. Third-party security analysis of the submitted ciphers is an important aspect of the evaluation of the submission to the NIST LWC project. Although several pieces of existing research, such as the bit-flipping attack, random fault attack, and deterministic random fault attack, have examined the security of Grain128-AEAD, there is still room for improvement in the fault attack models of these studies. This work aims to fill this research gap by analyzing the security margin of Grain128-AEAD against a series of improved differential fault attacks. In this study, we developed a probabilistic random fault attack and applied it to Grain128-AEAD. As an improvement of the existing research, a probabilistic approach can be applied to a more relaxed moderate control attack model. The existing moderate control model assumes the fault to be injected within any bit of a given byte, whereas the faults in our improved approach can be injected within any bits of a two-byte/four-byte segment, thereby relaxing the fault precision. The results indicate that the improved moderate control requires 388 keystreams for the two-byte model and 279 for the four-byte model to identify the target fault locations for implementing a state recovery attack. The relaxed fault attack models presented in this work are more practical to implement; hence, the findings of this research have improved the existing studies and narrowed the current research gap on the fault attack models of Grain128-AEAD. % To maintain consistency in terminology, "Grain-128AEAD" has been revised to "Grain128-AEAD" in both the abstract and the main text. Please confirm this revision.

show abstract

“…This way it minimizes energy consumption during the computation and saves the battery life of the IoT devices. Existing research ignored prior information of the compression percentage, however, the proposed approach has taken into account how much compression required for any input dataset. This makes it a user‐centered approach. The proposed model uses stream cipher 25,26 for the encryption and decryption in order to ensure the security during the data transmission from client to server side or vice‐versa. Stream cipher is the faster and more secure technique for light‐weighted IoT devices as it uses simple XOR operation, and it is also reliable for data transmission which is continuous in nature.…”

Section: Introductionmentioning

confidence: 99%

“…Stream ciphers are generally best for the cases where the amount of data is either continuous or unknown such as network streams. Salam et al in 2021 26 Grain‐128AEAD is a lightweight authenticated encryption stream cipher that has been subjected to an independent third‐party analysis for fault attacks. Camtepe et al in 2021 27 researcher proposed solutions for joint compression and encryption (compcrypt).…”

Section: Introductionmentioning

confidence: 99%

“…This makes it a user-centered approach. • The proposed model uses stream cipher 25,26 for the encryption and decryption in order to ensure the security during the data transmission from client to server side or vice-versa. Stream cipher is the faster and more secure technique for light-weighted IoT devices as it uses simple XOR operation, and it is also reliable for data transmission which is continuous in nature.…”

mentioning

confidence: 99%

See 1 more Smart Citation

IoT streamed data handling model using delta encoding

Jindal

Kumar

Patidar

2022

Int J Communication

View full text Add to dashboard Cite

Summary Internet of Thing (IoT) is a trending internet connectivity extension to connect physical devices on the heterogeneous networks to meet application requirements on various grounds, that is, health, agriculture, industry, and so forth. The amount of streamed data is generated by the IoT devices and processed via IoT device itself or external resources such as Cloud/Fog by considering real‐time constraints. The problem arises in real‐time data transmission when a huge amount of stream data is generated from IoT devices, and it travels through the network and needs to be processed on low‐speed IoT infrastructure. Considering this scenario, there is an extremely requirement for designing a model relying on real‐time stream data handling for speedy transmission considering IoT device real‐time communication constraint. On the other hand, IoT devices are also very sensitive towards energy consumption during the streamed data transmission, and low battery devices become a barrier in data handling in real‐time. To overcome these limitations, a model is proposed to compress and encrypt the data stream during the IoT network transmission. In this model, delta encoding facilitates the compression in form of deltas. To ensure security requirements, a light weighted stream cipher encryption technique is proposed. For the experimentation, a test‐bed setup is prepared to utilize Raspberry Pi (IoT device), CPU, and collectors to collect data stream. The proposed approach is compared with the baseline model, that is, LDPC encoding on temperature sensor datasets. As an outcome, the data are compressed up to 37.59%, and the average transmission time and the average power consumption are reduced by 72.57% and 68.86%, respectively.

show abstract

Random Differential Fault Attacks on the Lightweight Authenticated Encryption Stream Cipher Grain-128AEAD

Cited by 12 publications

References 26 publications

A Review of the NIST Lightweight Cryptography Finalists and Their Fault Analyses

A Review of the NIST Lightweight Cryptography Finalists and Their Fault Analyses

Improved differential fault analysis of Grain128-AEAD

IoT streamed data handling model using delta encoding

Contact Info

Product

Resources

About