Next Issue
Previous Issue

Table of Contents

Cryptography, Volume 2, Issue 3 (September 2018)

  • Issues are regarded as officially published after their release is announced to the table of contents alert mailing list.
  • You may sign up for e-mail alerts to receive table of contents of newly released issues.
  • PDF is the official format for papers published in both, html and pdf forms. To view the papers in pdf format, click on the "PDF Full-text" link, and use the free Adobe Readerexternal link to open them.
View options order results:
result details:
Displaying articles 1-15
Export citation of selected articles as:
Open AccessArticle Comparison of Cost of Protection against Differential Power Analysis of Selected Authenticated Ciphers
Cryptography 2018, 2(3), 26; https://doi.org/10.3390/cryptography2030026 (registering DOI)
Received: 31 July 2018 / Revised: 27 August 2018 / Accepted: 10 September 2018 / Published: 19 September 2018
PDF Full-text (3173 KB) | HTML Full-text | XML Full-text
Abstract
Authenticated ciphers, which combine the cryptographic services of confidentiality, integrity, and authentication into one algorithmic construct, can potentially provide improved security and efficiencies in the processing of sensitive data. However, they are vulnerable to side-channel attacks such as differential power analysis (DPA). Although
[...] Read more.
Authenticated ciphers, which combine the cryptographic services of confidentiality, integrity, and authentication into one algorithmic construct, can potentially provide improved security and efficiencies in the processing of sensitive data. However, they are vulnerable to side-channel attacks such as differential power analysis (DPA). Although the Test Vector Leakage Assessment (TVLA) methodology has been used to confirm improved resistance of block ciphers to DPA after application of countermeasures, extension of TVLA to authenticated ciphers is non-trivial, since authenticated ciphers have expanded input and output requirements, complex interfaces, and long test vectors which include protocol necessary to describe authenticated cipher operations. In this research, we upgrade the FOBOS test architecture with capability to perform TVLA on authenticated ciphers. We show that FPGA implementations of the CAESAR Round 3 candidates ACORN, Ascon, CLOC (with AES and TWINE primitives), SILC (with AES, PRESENT, and LED primitives), JAMBU (with AES and SIMON primitives), and Ketje Jr.; as well as AES-GCM, are vulnerable to 1st order DPA. We then use threshold implementations to protect the above cipher implementations against 1st order DPA, and verify the effectiveness of countermeasures using the TVLA methodology. Finally, we compare the unprotected and protected cipher implementations in terms of area, performance (maximum frequency and throughput), throughput-to-area (TP/A) ratio, power, and energy per bit (E/bit). Our results show that ACORN consumes the lowest number of resources, has the highest TP/A ratio, and is the most energy-efficient of all DPA-resistant implementations. However, Ketje Jr. has the highest throughput. Full article
Figures

Figure 1

Open AccessArticle On the Performance and Security of Multiplication in GF(2N)
Cryptography 2018, 2(3), 25; https://doi.org/10.3390/cryptography2030025
Received: 2 August 2018 / Revised: 4 September 2018 / Accepted: 13 September 2018 / Published: 18 September 2018
PDF Full-text (357 KB) | HTML Full-text | XML Full-text
Abstract
Multiplications in GF(2N) can be securely optimized for cryptographic applications when the integer N is small and does not match machine words (i.e., N<32). In this paper, we present a set of optimizations applied to
[...] Read more.
Multiplications in G F ( 2 N ) can be securely optimized for cryptographic applications when the integer N is small and does not match machine words (i.e., N < 32 ). In this paper, we present a set of optimizations applied to DAGS, a code-based post-quantum cryptographic algorithm and one of the submissions to the National Institute of Standards and Technology’s (NIST) Post-Quantum Cryptography (PQC) standardization call. Full article
(This article belongs to the Special Issue Code-Based Cryptography)
Open AccessArticle A New Visual Multi-Secrets Sharing Scheme by Random Grids
Cryptography 2018, 2(3), 24; https://doi.org/10.3390/cryptography2030024
Received: 19 August 2018 / Revised: 11 September 2018 / Accepted: 14 September 2018 / Published: 17 September 2018
PDF Full-text (3793 KB) | HTML Full-text | XML Full-text
Abstract
In (2, 2)-visual secret sharing (VSS) schemes, a common type of (k, n)-threshold VSS schemes, secret information can be decoded directly through only two shares by using a human vision system. Several studies have analyzed methods of simplifying the decoding
[...] Read more.
In (2, 2)-visual secret sharing (VSS) schemes, a common type of (k, n)-threshold VSS schemes, secret information can be decoded directly through only two shares by using a human vision system. Several studies have analyzed methods of simplifying the decoding process and refining encoding to pass more secret images through two identical shares. However, limited secret images are retrieved, and the quality of the recovered images is low. This paper proposes an advanced (2, 2)-VSS scheme that can embed N secret images into two rectangular shares. Compared with other related VSS schemes, more secret images can be encrypted and the distortion is adjustable in the proposed scheme, yielding more flexibility in theory and practice. Full article
(This article belongs to the Special Issue Visual Cryptography)
Figures

Figure 1

Open AccessArticle A Secure Algorithm for Inversion Modulo 2k
Cryptography 2018, 2(3), 23; https://doi.org/10.3390/cryptography2030023
Received: 21 August 2018 / Revised: 10 September 2018 / Accepted: 12 September 2018 / Published: 13 September 2018
PDF Full-text (223 KB) | HTML Full-text | XML Full-text
Abstract
Modular inversions are widely employed in public key crypto-systems, and it is known that they imply a bottleneck due to the expensive computation. Recently, a new algorithm for inversions modulo pk was proposed, which may speed up the calculation of a modulus
[...] Read more.
Modular inversions are widely employed in public key crypto-systems, and it is known that they imply a bottleneck due to the expensive computation. Recently, a new algorithm for inversions modulo p k was proposed, which may speed up the calculation of a modulus dependent quantity used in the Montgomery multiplication. The original algorithm lacks security countermeasures; thus, a straightforward implementation may expose the input. This is an issue if that input is a secret. In the RSA-CRT signature using Montgomery multiplication, the moduli are secrets (primes p and q). Therefore, the moduli dependent quantities related to p and q must be securely computed. This paper presents a security analysis of the novel method considering that it might be used to compute secrets. We demonstrate that a Side Channel Analysis leads to disclose the data being manipulated. In consequence, a secure variant for inversions modulo 2 k is proposed, through the application of two known countermeasures. In terms of performance, the secure variant is still comparable with the original one. Full article
(This article belongs to the Special Issue Public Key Cryptography)
Open AccessArticle Barrel Shifter Physical Unclonable Function Based Encryption
Cryptography 2018, 2(3), 22; https://doi.org/10.3390/cryptography2030022
Received: 26 July 2018 / Revised: 27 August 2018 / Accepted: 29 August 2018 / Published: 31 August 2018
PDF Full-text (986 KB) | HTML Full-text | XML Full-text
Abstract
Physical Unclonable Functions (PUFs) are designed to extract physical randomness from the underlying silicon. This randomness depends on the manufacturing process. It differs for each device. This enables chip-level authentication and key generation applications. We present an encryption protocol using PUFs as primary
[...] Read more.
Physical Unclonable Functions (PUFs) are designed to extract physical randomness from the underlying silicon. This randomness depends on the manufacturing process. It differs for each device. This enables chip-level authentication and key generation applications. We present an encryption protocol using PUFs as primary encryption/decryption functions. Each party has a PUF used for encryption and decryption. This PUF is constrained to be invertible and commutative. The focus of the paper is an evaluation of an invertible and commutative PUF based on a primitive shifting permutation network—a barrel shifter. Barrel shifter (BS) PUF captures the delay of different shift paths. This delay is entangled with message bits before they are sent across an insecure channel. BS-PUF is implemented using transmission gates for physical commutativity. Post-layout simulations of a common centroid layout 8-level barrel shifter in 0.13 μ m technology assess uniqueness, stability, randomness and commutativity properties. BS-PUFs pass all selected NIST statistical randomness tests. Stability similar to Ring Oscillator (RO) PUFs under environmental variation is shown. Logistic regression of 100,000 plaintext–ciphertext pairs (PCPs) fails to successfully model BS-PUF behavior. Full article
Figures

Figure 1

Open AccessArticle Correlation-Based Robust Authentication (Cobra) Using Helper Data Only
Cryptography 2018, 2(3), 21; https://doi.org/10.3390/cryptography2030021
Received: 3 July 2018 / Revised: 26 August 2018 / Accepted: 28 August 2018 / Published: 31 August 2018
PDF Full-text (3738 KB) | HTML Full-text | XML Full-text
Abstract
Physical unclonable function (PUF)-based authentication protocols have been proposed as a strong challenge-response form of authentication for internet of things (IoT) and embedded applications. A special class of so called strong PUFs are best suited for authentication because they are able to generate
[...] Read more.
Physical unclonable function (PUF)-based authentication protocols have been proposed as a strong challenge-response form of authentication for internet of things (IoT) and embedded applications. A special class of so called strong PUFs are best suited for authentication because they are able to generate an exponential number of challenge-response-pairs (CRPs). However, strong PUFs must also be resilient to model-building attacks. Model-building utilizes machine learning algorithms and a small set of CRPs to build a model that is able to predict the responses of a fielded chip, thereby compromising the security of chip-server interactions. In this paper, response bitstrings are eliminated in the message exchanges between chips and the server during authentication, and therefore, it is no longer possible to carry out model-building attacks in the traditional manner. Instead, the chip transmits a Helper Data bitstring to the server and this information is used for authentication instead. The server constructs Helper Data bitstrings using enrollment data that it stores for all valid chips in a secure database and computes correlation coefficients (CCs) between the chip’s Helper Data bitstring and each of the server-generated Helper Data bitstrings. The server authenticates (and identifies) the chip if a CC is found that exceeds a threshold, which is determined during characterization. The technique is demonstrated using data from a set of 500 Xilinx Zynq 7020 FPGAs, subjected to industrial-level temperature and voltage variations. Full article
(This article belongs to the Section Hardware Security)
Figures

Figure 1

Open AccessFeature PaperArticle Hardware-Based Run-Time Code Integrity in Embedded Devices
Cryptography 2018, 2(3), 20; https://doi.org/10.3390/cryptography2030020
Received: 1 August 2018 / Revised: 25 August 2018 / Accepted: 27 August 2018 / Published: 30 August 2018
PDF Full-text (1468 KB) | HTML Full-text | XML Full-text
Abstract
Attacks on embedded devices are becoming more and more prevalent, primarily due to the extensively increasing plethora of software vulnerabilities. One of the most dangerous types of these attacks targets application code at run-time. Techniques to detect such attacks typically rely on software
[...] Read more.
Attacks on embedded devices are becoming more and more prevalent, primarily due to the extensively increasing plethora of software vulnerabilities. One of the most dangerous types of these attacks targets application code at run-time. Techniques to detect such attacks typically rely on software due to the ease of implementation and integration. However, these techniques are still vulnerable to the same attacks due to their software nature. In this work, we present a novel hardware-assisted run-time code integrity checking technique where we aim to detect if executable code resident in memory is modified at run-time by an adversary. Specifically, a hardware monitor is designed and attached to the device’s main memory system. The monitor creates page-based signatures (hashes) of the code running on the system at compile-time and stores them in a secure database. It then checks for the integrity of the code pages at run-time by regenerating the page-based hashes (with data segments zeroed out) and comparing them to the legitimate hashes. The goal is for any modification to the binary of a user-level or kernel-level process that is resident in memory to cause a comparison failure and lead to a kernel interrupt which allows the affected application to halt safely. Full article
Figures

Figure 1

Open AccessEditorial Special Issue on Cryptographic Protocols
Cryptography 2018, 2(3), 19; https://doi.org/10.3390/cryptography2030019
Received: 21 August 2018 / Accepted: 21 August 2018 / Published: 22 August 2018
PDF Full-text (127 KB) | HTML Full-text | XML Full-text
(This article belongs to the Special Issue Cryptographic Protocols)
Open AccessArticle Provably Secure Covert Communication on Blockchain
Cryptography 2018, 2(3), 18; https://doi.org/10.3390/cryptography2030018
Received: 29 June 2018 / Revised: 9 August 2018 / Accepted: 13 August 2018 / Published: 20 August 2018
PDF Full-text (366 KB) | HTML Full-text | XML Full-text
Abstract
Blockchain is a public open ledger that provides data integrity in a distributed manner. It is the underlying technology of cryptocurrencies and an increasing number of related applications, such as smart contracts. The open nature of blockchain together with strong integrity guarantees on
[...] Read more.
Blockchain is a public open ledger that provides data integrity in a distributed manner. It is the underlying technology of cryptocurrencies and an increasing number of related applications, such as smart contracts. The open nature of blockchain together with strong integrity guarantees on the stored data makes it a compelling platform for covert communication. In this paper, we suggest a method of securely embedding covert messages into a blockchain. We formulate a simplified ideal blockchain model based on existing implementations and devise a protocol that enables two parties to covertly communicate through the blockchain following that model. We also formulate a rigorous definition for the security and covertness of such a protocol based on computational indistinguishability. Finally, we show that our method satisfies this definition in the random oracle model for the underlying cryptographic hash function. Full article
(This article belongs to the Special Issue Advances of Blockchain Technology and Its Applications)
Figures

Figure 1

Open AccessArticle Non-Invasive Detection Method for Recycled Flash Memory Using Timing Characteristics
Cryptography 2018, 2(3), 17; https://doi.org/10.3390/cryptography2030017
Received: 9 July 2018 / Revised: 8 August 2018 / Accepted: 10 August 2018 / Published: 12 August 2018
PDF Full-text (2850 KB) | HTML Full-text | XML Full-text
Abstract
Counterfeiting electronic components is a serious problem for the security and reliability of any electronic systems. Unfortunately, the number of counterfeit components has increased considerably after the introduction of horizontal semiconductor supply chain. In this paper, we propose and experimentally demonstrate an approach
[...] Read more.
Counterfeiting electronic components is a serious problem for the security and reliability of any electronic systems. Unfortunately, the number of counterfeit components has increased considerably after the introduction of horizontal semiconductor supply chain. In this paper, we propose and experimentally demonstrate an approach for detecting recycled Flash memory. The proposed method is based on measurement of change in Flash array characteristics (such as erase time, program time, fail bit count, etc.) with its usage. We find that erase time is the best metric to distinguish a used Flash chip from a fresh one for the following reasons: (1) erase time shows minimal variation among different fresh memory blocks/chip and (2) erase time increases significantly with usage. We verify our method for a wide range of commercial off the shelf Flash chips from several vendors, technology nodes, storage density and storage type (single-bit per cell and multi-bit per cell). The minimum detectable chip usage varies from 0.05% to 3.0% of its total lifetime depending on the exact details of the chip. Full article
Figures

Figure 1

Open AccessBrief Report Cryptanalysis of a Proposal Based on the Discrete Logarithm Problem Inside Sn
Cryptography 2018, 2(3), 16; https://doi.org/10.3390/cryptography2030016
Received: 21 May 2018 / Revised: 13 July 2018 / Accepted: 16 July 2018 / Published: 19 July 2018
PDF Full-text (251 KB) | HTML Full-text | XML Full-text
Abstract
In 2008, Doliskani et al. proposed an ElGamal-style encryption scheme using the symmetric group Sn as mathematical platform. In 2012, an improvement of the cryptosystem’s memory requirements was suggested by Othman. The proposal by Doliskani et al. in particular requires the discrete
[...] Read more.
In 2008, Doliskani et al. proposed an ElGamal-style encryption scheme using the symmetric group Sn as mathematical platform. In 2012, an improvement of the cryptosystem’s memory requirements was suggested by Othman. The proposal by Doliskani et al. in particular requires the discrete logarithm problem in Sn, using its natural representation, to be hard. Making use of the Chinese Remainder Theorem, we describe an efficient method to solve this discrete logarithm problem, yielding a polynomial time secret key recovery attack against Doliskani et al.’s proposal. Full article
(This article belongs to the Special Issue Public Key Cryptography)
Open AccessArticle An Autonomous, Self-Authenticating, and Self-Contained Secure Boot Process for Field-Programmable Gate Arrays
Cryptography 2018, 2(3), 15; https://doi.org/10.3390/cryptography2030015
Received: 12 June 2018 / Revised: 12 July 2018 / Accepted: 14 July 2018 / Published: 18 July 2018
PDF Full-text (3472 KB) | HTML Full-text | XML Full-text
Abstract
Secure booting within a field-programmable gate array (FPGA) environment is traditionally implemented using hardwired embedded cryptographic primitives and non-volatile memory (NVM)-based keys, whereby an encrypted bitstream is decrypted as it is loaded from an external storage medium, e.g., Flash memory. A novel technique
[...] Read more.
Secure booting within a field-programmable gate array (FPGA) environment is traditionally implemented using hardwired embedded cryptographic primitives and non-volatile memory (NVM)-based keys, whereby an encrypted bitstream is decrypted as it is loaded from an external storage medium, e.g., Flash memory. A novel technique is proposed in this paper that self-authenticates an unencrypted FPGA configuration bitstream loaded into the FPGA during the start-up. The internal configuration access port (ICAP) interface is accessed to read out configuration information of the unencrypted bitstream, which is then used as input to a secure hash function SHA-3 to generate a digest. In contrast to conventional authentication, where the digest is computed and compared with a second pre-computed value, we use the digest as a challenge to a hardware-embedded delay physical unclonable function (PUF) called HELP. The delays of the paths sensitized by the challenges are used to generate a decryption key using the HELP algorithm. The decryption key is used in the second stage of the boot process to decrypt the operating system (OS) and applications. It follows that any type of malicious tampering with the unencrypted bitstream changes the challenges and the corresponding decryption key, resulting in key regeneration failure. A ring oscillator is used as a clock to make the process autonomous (and unstoppable), and a novel on-chip time-to-digital-converter is used to measure path delays, making the proposed boot process completely self-contained, i.e., implemented entirely within the re-configurable fabric and without utilizing any vendor-specific FPGA features. Full article
Figures

Figure 1

Open AccessArticle An Efficient Tate Pairing Algorithm for a Decentralized Key-Policy Attribute Based Encryption Scheme in Cloud Environments
Cryptography 2018, 2(3), 14; https://doi.org/10.3390/cryptography2030014
Received: 25 May 2018 / Revised: 22 June 2018 / Accepted: 13 July 2018 / Published: 15 July 2018
PDF Full-text (3447 KB) | HTML Full-text | XML Full-text
Abstract
Attribute-based encryption (ABE) is used for achieving data confidentiality and access control in cloud environments. Most often ABE schemes are constructed using bilinear pairing which has a higher computational complexity, making algorithms inefficient to some extent. The motivation of this paper is on
[...] Read more.
Attribute-based encryption (ABE) is used for achieving data confidentiality and access control in cloud environments. Most often ABE schemes are constructed using bilinear pairing which has a higher computational complexity, making algorithms inefficient to some extent. The motivation of this paper is on achieving user privacy during the interaction with attribute authorities by improving the efficiency of ABE schemes in terms of computational complexity. As a result the aim of this paper is two-fold; firstly, to propose an efficient Tate pairing algorithm based on multi-base number representation system using point halving (TP-MBNR-PH) with bases 1/2, 3, and 5 to reduce the cost of bilinear pairing operations and, secondly, the TP-MBNR-PH algorithm is applied in decentralized KP-ABE to compare its computational costs for encryption and decryption with existing schemes. Full article
Figures

Figure 1

Open AccessArticle Intrinsic Run-Time Row Hammer PUFs: Leveraging the Row Hammer Effect for Run-Time Cryptography and Improved Security
Cryptography 2018, 2(3), 13; https://doi.org/10.3390/cryptography2030013
Received: 27 April 2018 / Revised: 22 June 2018 / Accepted: 25 June 2018 / Published: 30 June 2018
PDF Full-text (5182 KB) | HTML Full-text | XML Full-text
Abstract
Physical Unclonable Functions (PUFs) based on the retention times of the cells of a Dynamic Random Access Memory (DRAM) can be utilised for the implementation of cost-efficient and lightweight cryptographic protocols. However, as recent work has demonstrated, the times needed in order to
[...] Read more.
Physical Unclonable Functions (PUFs) based on the retention times of the cells of a Dynamic Random Access Memory (DRAM) can be utilised for the implementation of cost-efficient and lightweight cryptographic protocols. However, as recent work has demonstrated, the times needed in order to generate their responses may prohibit their widespread usage. To address this issue, the Row Hammer PUF has been proposed by Schaller et al., which leverages the row hammer effect in DRAM modules to reduce the retention times of their cells and, therefore, significantly speed up the generation times for the responses of PUFs based on these retention times. In this work, we extend the work of Schaller et al. by presenting a run-time accessible implementation of this PUF and by further reducing the time required for the generation of its responses. Additionally, we also provide a more thorough investigation of the effects of temperature variations on the Row Hammer PUF and briefly discuss potential statistical relationships between the cells used to implement it. As our results prove, the Row Hammer PUF could potentially provide an adequate level of security for Commercial Off-The-Shelf (COTS) devices, if its dependency on temperature is mitigated, and, may therefore, be commercially adopted in the near future. Full article
Figures

Figure 1

Open AccessArticle Designing Secure Heterogeneous Multicore Systems from Untrusted Components
Cryptography 2018, 2(3), 12; https://doi.org/10.3390/cryptography2030012
Received: 17 May 2018 / Revised: 22 June 2018 / Accepted: 23 June 2018 / Published: 26 June 2018
PDF Full-text (2962 KB) | HTML Full-text | XML Full-text
Abstract
In current systems-on-chip (SoCs) designs, processing elements, i.e., intellectual property (IP) cores, may come from different providers, and executable code may have varying levels of trust, all executing on the same compute platform and sharing resources. This creates a very fertile attack ground
[...] Read more.
In current systems-on-chip (SoCs) designs, processing elements, i.e., intellectual property (IP) cores, may come from different providers, and executable code may have varying levels of trust, all executing on the same compute platform and sharing resources. This creates a very fertile attack ground and represents the Achilles’ heel of heterogeneous SoC architectures and distributed connected devices. The general consensus today is that conventional approaches and software-only add-on schemes fail to provide sufficient security protections and trustworthiness. In this paper, we develop a secure heterogeneous SoC architecture named Hermes. It represents a new architectural model that integrates multiple processing elements (called tenants) of secure and non-secure cores into the same chip design while: (a) maintaining individual tenant security; (b) preventing data leakage and corruption; (c) promoting collaboration among the tenants; and (d) tolerating untrusted tenants with potentially malicious purposes. The Hermes architecture is based on a programmable secure router interface and a trust-aware routing algorithm. Depending on the trust levels of computing nodes, it is able to virtually isolate them in different access modes to the memory blocks. With secure key management and join protocols, Hermes is also able to function properly when nodes request for, or allow, memory access in a dishonest manner. With 17% hardware overhead, it enables the implementation of processing-element-oblivious secure multicore systems with a programmable distributed group key management scheme. The Hermes architecture is meant to emblematize the design of secure heterogeneous multicore computing systems out of unsecured or untrusted components using user-defined security policies to create at the hardware-level virtual zones to enforce these security and trust policies. Full article
(This article belongs to the Section Hardware Security)
Figures

Figure 1

Back to Top