Simple AEAD Hardware Interface (SÆHI) in a SoC

Saarinen, Markku–Juhani O.

doi:10.1145/2666141.2666144

Cited by 6 publications

(3 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Theorem 2 Sponge modes with strong permutations such as DuplexWrap [4] or BLNK [39] are not vulnerable to adaptive-chosen-plaintext attacks.…”

Section: Theorem 1 Aes-gcm Is Not Vulnerable To Adaptive-chosenplaintmentioning

confidence: 99%

The BRUTUS automatic cryptanalytic framework

Saarinen

2015

J Cryptogr Eng

View full text Add to dashboard Cite

This report summarizes our results from security analysis covering all 57 competitions for authenticated encryption: security, applicability, and robustness (CAE-SAR) first-round candidates and over 210 implementations. We have manually identified security issues with three candidates, two of which are more serious, and these ciphers have been withdrawn from the competition. We have developed a testing framework, BRUTUS, to facilitate automatic detection of simple security lapses and susceptible statistical structures across all ciphers. From this testing, we have security usage notes on four submissions and statistical notes on a further four. We highlight that some of the CAESAR algorithms pose an elevated risk if employed in real-life protocols due to a class of adaptive-chosen-plaintext attacks. Although authenticated encryption with associated data are often defined (and are best used) as discrete primitives that authenticate and transmit only complete messages, in practice, these algorithms are easily implemented in a fashion that outputs observable ciphertext data when the algorithm has not received all of the (attacker-controlled) plaintext. For an implementor, this strategy appears to offer seemingly harmless and compliant storage and latency advantages. If the algorithm uses the same state for secret keying information, encryption, and integrity protection, and the internal mixing permutation is not cryptographically strong, an attacker can exploit the ciphertext-plaintext feedback loop to reveal Much of this research was carried out during the tenure of an ERCIM "Alain Bensoussan" Fellowship Programme, hosted at Department of Telematics, NTNU, Norway. secret state information or even keying material. We conclude that the main advantages of exhaustive, automated cryptanalysis are that it acts as a very necessary sanity check for implementations and gives the cryptanalyst insights that can be used to focus more specific attack methods on given candidates.

show abstract

“…Theorem 2 Sponge modes with strong permutations such as DuplexWrap [4] or BLNK [39] are not vulnerable to adaptive-chosen-plaintext attacks.…”

Section: Theorem 1 Aes-gcm Is Not Vulnerable To Adaptive-chosenplaintmentioning

confidence: 99%

The BRUTUS automatic cryptanalytic framework

Saarinen

2015

J Cryptogr Eng

View full text Add to dashboard Cite

show abstract

“…Authenticated encryption with associated data (AEAD) algorithms provide confidentiality and integrity protection in a single operation [4]. Deploying an AEAD algorithm on an IoT device and authenticating encryption before sending any data can protect the confidentiality and integrity of the data from the data-producer side and can ensure no information leakage or data-stealing during data transmission.…”

Section: Introductionmentioning

confidence: 99%

“…In comparison, the dedicated cryptography hardware has high performance, low power consumption, high efficiency, and fewer ROM/RAM resources. Moreover, the dedicated cryptography hardware extends the battery life of battery-powered IoT devices [4] and provides a higher level of security [8]. These advantages of dedicated hardware motivate us to develop dedicated hardware architectures for SM4-CCM that are suitable for resource-constrained IoT devices.…”

Section: Introductionmentioning

confidence: 99%

Exploration of the High-Efficiency Hardware Architecture of SM4-CCM for IoT Applications

Chen

2022

Electronics

View full text Add to dashboard Cite

The widespread use of the internet of things (IoT) is due to the value of the data collected by IoT devices. These IoT devices generate, process, and exchange large amounts of safety-critical or privacy-sensitive data. Before transmission, the data should be protected against information leakage and data stealing. Deploying authenticated encryption with additional data (AEAD) algorithms on IoT devices ensures data confidentiality and integrity. However, AEAD algorithms are computationally intensive, while IoT devices are resource constrained or even battery powered. Therefore, a low-cost, low-power, and high-efficiency method of implementing an AEAD algorithm into resource-constrained IoT devices is required. The SM4-CCM algorithm, introduced in RFC 8998, is selected as the AEAD algorithm to address this problem. Algorithms similar to SM4-CCM (e.g., SM4 and AES-CCM) provide many architectural design references, but it is challenging to decide which architecture is the most suitable for SM4-CCM. In order to find the most efficient SM4-CCM hardware architecture, a design space exploration method is proposed. Firstly, the SM4-CCM algorithm is divided into five layers, and three candidate architectures are provided for each layer. Secondly, 63 design schemes for SM4-CCM are constructed by combining candidate architectures from each layer. Finally, a batch number of comparisons and analyses of experimental results are used to identify the most efficient one. Under TSMC 90 nm technology, the experimental results of the identified scheme show that the throughput, power consumption, and area achieve 199.99 Mbps, 1.625 mW, and 14.6 K gates, respectively. As a proof of concept, implementing this scheme on an FPGA board is also presented.

show abstract

WHIRLBOB, the Whirlpool Based Variant of STRIBOB

Saarinen

Brumley

2015

Secure IT Systems

View full text Add to dashboard Cite

Simple AEAD Hardware Interface (SÆHI) in a SoC

Cited by 6 publications

References 19 publications

The BRUTUS automatic cryptanalytic framework

The BRUTUS automatic cryptanalytic framework

Exploration of the High-Efficiency Hardware Architecture of SM4-CCM for IoT Applications

WHIRLBOB, the Whirlpool Based Variant of STRIBOB

Contact Info

Product

Resources

About