Dawu Gu

Differential and linear cryptanalysis using mixed-integer linear programming

Differential and linear cryptanalysis are two of the most powerful techniques to analyze symmetric-key primitives. For modern ciphers, resistance against these attacks is therefore a mandatory design criterion. In this paper, we propose a novel technique to prove security bounds against both differential and linear cryptanalysis. We use mixed-integer linear programming (MILP), a method that is frequently used in business and economics to solve optimization problems. Our technique significantly reduces the workload of designers and cryptanalysts, because it only involves writing out simple equations that are input into an MILP solver. As very little programming is required, both the time spent on cryptanalysis and the possibility of human errors are greatly reduced. Our method is used to analyze Enocoro-128v2, a stream cipher that consists of 96 rounds. We prove that 38 rounds are sufficient for security against differential cryptanalysis, and 61 rounds for security against linear cryptanalysis. We also illustrate our technique by calculating the number of active S-boxes for AES.

Differential fault analysis on the ARIA algorithm

The ARIA algorithm is a Korean Standard block cipher, which is optimized for lightweight environments. On the basis of the byte-oriented model and the differential analysis principle, we propose a differential fault attack on the ARIA algorithm. Mathematical analysis and simulating experiment show that our attack can recover its 128-bit secret key by introducing 45 faulty ciphertexts. Simultaneously, we also present a fault detection technique for protecting ARIA against this proposed analysis. We believe that our results in this study will also be beneficial to the analysis and protection of the same type of other iterated block ciphers.

Helper Data Algorithms for PUF-Based Key Generation: Overview and Analysis

Security-critical products rely on the secrecy and integrity of their cryptographic keys. This is challenging for low-cost resource-constrained embedded devices, with an attacker having physical access to the integrated circuit (IC). Physically, unclonable functions are an emerging technology in this market. They extract bits from unavoidable IC manufacturing variations, remarkably analogous to unique human fingerprints. However, post-processing by helper data algorithms (HDAs) is indispensable to meet the stringent key requirements: reproducibility, high-entropy, and control. The novelty of this paper is threefold. We are the first to provide an in-depth and comprehensive literature overview on HDAs. Second, our analysis does expose new threats regarding helper data leakage and manipulation. Third, we identify several hiatuses/open problems in existing literature.

A Survey on Lightweight Entity Authentication with Strong PUFs

Physically unclonable functions (PUFs) exploit the unavoidable manufacturing variations of an Integrated Circuit (IC). Their input-output behavior serves as a unique IC “fingerprint.” Therefore, they have been envisioned as an IC authentication mechanism, in particular the subclass of so-called strong PUFs. The protocol proposals are typically accompanied with two PUF promises: lightweight and an increased resistance against physical attacks. In this work, we review 19 proposals in chronological order: from the original strong PUF proposal (2001) to the more complicated noise bifurcation and system of PUF proposals (2014). The assessment is aided by a unified notation and a transparent framework of PUF protocol requirements.

Impossible differential attacks on reduced-round LBlock

LBlock is a lightweight block cipher with 32 rounds, which can be implemented efficiently not only in hardware environment but also in software platforms. In this paper, by exploiting the structure of LBlock and the redundancy in its key schedule, we propose an impossible differential attack on 21-round LBlock based on a 14-round impossible differential. The data and time complexities are about 262.5 chosen plaintexts and 273.7 21-round encryptions, respectively. As far as we know, these results are the currently best results on LBlock in the single key scenario.

Android Malware Forensics: Reconstruction of Malicious Events

Smart mobile devices have been widely used and the contained sensitive information is endangered by malwares. The malicious events caused by malwares are crucial evidences for digital forensic analysis, and the main task of mobile forensic analysis is to reconstruct these events. However, the reconstruction heavily relies on the code analysis of the malware. The difficulties and challenges include how to quickly identify the suspicious programs, how to defeat the anti-forensics tricks of malicious code, and how to deduce the malicious behaviors according to the code. To address this issue, we propose systematic procedures of analyzing typical malware behaviors on the popular mobile operating system Android. Based on the procedures we discuss the deduction of Android malicious events. We also give a real malware forensic case as a reference.

New observations on impossible differential cryptanalysis of reduced-round camellia

Camellia is one of the widely used block ciphers, which has been selected as an international standard by ISO/IEC. In this paper, by exploiting some interesting properties of the key-dependent layer, we improve previous results on impossible differential cryptanalysis of reduced-round Camellia and gain some new observations. First, we introduce some new 7-round impossible differentials of Camellia for weak keys. These weak keys that work for the impossible differential take 3/4 of the whole key space, therefore, we further get rid of the weak-key assumption and leverage the attacks on reduced-round Camellia to all keys by utilizing the multiplied method. Second, we build a set of differentials which contains at least one 8-round impossible differential of Camellia with two FL/FL−1 layers. Following this new result, we show that the key-dependent transformations inserted in Camellia cannot resist impossible differential cryptanalysis effectively. Based on this set of differentials, we present a new cryptanalytic strategy to mount impossible differential attacks on reduced-round Camellia.

AppSpear: Bytecode Decrypting and DEX Reassembling for Packed Android Malware

As the techniques for Android malware detection are progressing, malware also fights back through deploying advanced code encryption with the help of Android packers. An effective Android malware detection therefore must take the unpacking issue into consideration to prove the accuracy. Unfortunately, this issue is not easily addressed. Android packers often adopt multiple complex anti-analysis defenses and are evolving frequently. Current unpacking approaches are either based on manual efforts, which are slow and tedious, or based on coarse-grained memory dumping, which are susceptible to a variety of anti-monitoring defenses. This paper conducts a systematic study on existing Android malware which is packed. A thorough investigation on 37,688 Android malware samples is conducted to take statistics of how widespread are those samples protected by Android packers. The anti-analysis techniques of related commercial Android packers are also summarized. Then, we propose AppSpear, a generic and fine-grained system for automatically malware unpacking. Its core technique is a bytecode decrypting and Dalvik executable DEX reassembling method, which is able to recover any protected bytecode effectively without the knowledge of the packer. AppSpear directly instruments the Dalvik VM to collect the decrypted bytecode information from the Dalvik Data Struct DDS, and performs the unpacking by conducting a refined reassembling process to create a new DEX file. The unpacked app is then available for being analyzed by common program analysis tools or malware detection systems. Our experimental evaluation shows that AppSpear could sanitize mainstream Android packers and help detect more malicious behaviors. To the best of our knowledge, AppSpear is the first automatic and generic unpacking system for current commercial Android packers.

Analysis of Smart Grid security standards

Smart Grid security is very important subject. Vulnerabilities from cyber, smart meter, zone management, protection procedures and security assessment will make Smart Gird risk. IEC Smart Grid Standardization, IEEE Power & Energy Society (PES), National Institute of Standards and Technology (NIST) and National Standard of Peoples Republic of China are developing the corresponding security standards for Smart Grid. In this paper, we summarized Smart Grid security key standards NIST Inter agency Report 7628, IEC 61850 & GB/T22239 security classified protection standards, IEC 62351 on Smart Grid security, ISO/IEC 15408 & GB18336 security assessment standards and ISO 27001& GB/T22080 information security management standards. We summarized the security technology in Smart Grid which the international organization are developing the corresponding standards. State Grid Corporation of China (SGCC) has begun to develop standards on the IEC in UHV power transmission, high/ultra high voltage direct current transmission aspects.

Phrase Search over Encrypted Data with Symmetric Encryption Scheme

We study the case of searching over encrypted data from a remote server. In order to retrieve the encrypted documents that satisfy a clients criteria, a special index must be built and sent by the client together with encrypted documents. A trapdoor will also be produced to offer the privilege to search on the index. In the area of searchable encryption, many works mainly focused on search criteria consisting of a single keyword or conjunctive keywords. Up until now, searching of the exact documents that contain a phrase, or consecutive keywords still remains an unsolved problem. We first define the model of phrase search over encrypted data with symmetric encryption and its security definition based on the latest security definition raised by R. Curtmola. Then we propose a construction for phrase search with symmetric encryption (PSSE), which meets the functionality of searching a phrase over encrypted documents securely and efficiently. The computing complexity of our scheme when performing a query is linear in the size of the phrase, and at a moderate communication cost between server and client as well. In addition, we prove that our scheme achieves non-adaptive security.