Roman Novak

SPA-Based Adaptive Chosen-Ciphertext Attack on RSA Implementation

We describe an adaptive chosen-ciphertext attack on a smart card implementation of the RSA decryption algorithm in the presence of side-channel information leakage. We studied the information leakage through power consumption variation. Simple power analysis (SPA) of the smart card that is widely used for secure Internet banking, Web access and remote access to corporate networks, revealed macro characteristics caused by improper implementation of Chinese remaindering. The findings can be used to eventually improve future implementations of fast RSA decryption.

Side-Channel Attack on Substitution Blocks

We describe a side-channel attack on a substitution block, which is usually implemented as a table lookup operation. In particular, we have investigated smartcard implementations. The attack is based on the identifying equal intermediate results from power measurements while the actual values of these intermediates remain unknown. A powerful attack on substitution blocks can be mounted if the same table is used in multiple iterations and if cross-iteration comparisons are possible. Adversaries can use the method as a part of reverse engineering tools on secret algorithms. In addition to the described method, other methods have to be employed to completely restore the algorithm and its accompanying secret key. We have successfully used the method in a demonstration attack on a secret authentication and session-key generation algorithm implemented on SIM cards in GSM networks. The findings provide guidance for designing smartcard solutions that are secure against this kind of attack.

A note on distributed multicast routing in point-to-point networks

Abstract The distributed algorithm for a multicast connection set-up, based on the ‘cheapest insertion’ heuristic, is reviewed. The multicast routing problem is translated into a Steiner tree problem in point-to-point networks where nodes have only a limited knowledge about the network. A solution is proposed in which the time complexity and the amount of information exchanged between network nodes are proportional to the number of members of the multicast group. The Steiner tree is constructed by means of a distributed table-passing algorithm. The analysis of the algorithm presented, backed up by simulation results, confirms its superiority over the algorithm based on ‘waving technique’. Scope and purpose Multicasting is a mechanism used in communication networks that allows distribution of information from a single source to multiple destinations. The problem of finding a multicast connection for a static group of communicating entities in connection-oriented point-to-point network can be formulated in graph theory as a minimum Steiner tree problem. Due to NP-completeness of the Steiner tree problem multicast, routing algorithms are based on heuristics. The diversity of network environments and the lack of centralised information about network topology require an effective distribution of the multicast routing algorithms among the network nodes. This article presents an alternative to the distributed algorithm proposed by Rugelj and Klavzar that implements the same heuristics for the construction of a minimum cost multicast connection in point-to-point networks. The present algorithm constitutes a substantial improvement over that previously proposed with regard to running time and the amount of the information exchanged between network nodes.

Slovene smart card and IP based health-care information system infrastructure

Slovenia initiated a nation-wide project to introduce smart cards in the health sector in 1995 and its full-scale deployment started in September 2000. Although the basic aim of the project was to support insurance related procedures, the system was designed in a flexible and open manner to present an infrastructure for the whole health sector. The functionality of the current system is described in this paper along with lessons learned so far. The upgrade of the system is outlined, with emphasis on technical details, the objective being to provide a real-time EDI based environment for a general set of applications in the medical sector, supported by the flexibility and security of modern smart card technologies. Integration with similar systems in other EU countries is discussed.

Steiner Tree Based Distributed Multicast Routing in Networks

The problem of routing multicast connections in networks is often viewed as a minimum Steiner tree problem in graphs, with additional constraints raised by the specifics of the communication network environments.

Gauss-Seidel Iterative Method as a Real-Time Pile-Up Solver of Scintillation Pulses

The pile-up rejection in nuclear spectroscopy has been confronted recently by several pile-up correction schemes that compensate for distortions of the signal and subsequent energy spectra artifacts as the counting rate increases. We study here a real-time capability of the event-by-event correction method, which at the core translates to solving many sets of linear equations. Tight time limits and constrained front-end electronics resources make well-known direct solvers inappropriate. We propose a novel approach based on the Gauss-Seidel iterative method, which turns out to be a stable and cost-efficient solution to improve spectroscopic resolution in the front-end electronics. We show the method convergence properties for a class of matrices that emerge in calorimetric processing of scintillation detector signals and demonstrate the ability of the method to support the relevant resolutions. The sole iteration-based error component can be brought below the sliding window induced errors in a reasonable number of iteration steps, thus allowing real-time operation. An area-efficient hardware implementation is proposed that fully utilizes the methods inherent parallelism.

Sign-Based Differential Power Analysis

Differential Power Analysis (DPA) by Paul Kocher et al. is expanded with the information that is hidden in the sign of power biases. The latter reveal values that collide with the DPA target value within the circuitry. With the help of cross-iteration comparisons, the interpretation of those values can provide significant amounts of the information required to reverse engineer secret algorithm. We have successfully launched a demonstration attack on a secret authentication and session-key generation algorithm implemented on SIM cards in GSM networks. The findings provide guidance for designing tamper resistant devices that are secure against this kind of attack.

Policy relationship annotations of predefined AS-level topologies

The contractual relationships between autonomous systems (AS) cannot be ignored in the research of large-scale communication protocols and architectures. It has been widely recognized that disregarding policy relationships leads to unrealistic routing paths in simulated communication networks and thus to inaccurate conclusions about the investigated problem. Current AS-level topology generators either completely overlook the relationships or make the annotation process inherent in topology generation. We propose a novel algorithm for annotating random graphs. Our approach differs from previous studies in focusing on the annotation process rather than on the topology generation, which enables reuse of the state-of-the-art topology generators. We identify five properties of viable annotations and formulate the problem as a type-of-relationship problem in random graphs (TRR) by analogy with the related problem of inferring AS relationships from measured routing data. We propose an annotation algorithm for solving the TRR problem by taking advantage of the stochastic properties found in the inferred annotations provided by the cooperative association for internet data analysis (CAIDA). The evaluation provides the evidence of high resemblance of our annotations to the measured ones.

The impact of network topology on the performance of MAP selection algorithms

The performance of the Hierarchical Mobile IPv6 (HMIPv6) protocol is affected by the Mobility Anchor Point (MAP) selection. Many MAP selection algorithms have been proposed. Researchers have based their algorithms on different operating principles, movement patterns and evaluation metrics, while the network topology model has remained essentially the same - a simple tree. Our study abolishes this restriction by expanding the research to different types of topologies. They are compared both analytically and by simulation. The results show that trees differ from other topologies in an important aspect. They do not allow the simultaneous reduction of average distance from Mobile Node (MN) to MAP and frequency of MAP changes. As a consequence, widely accepted cost functions can only be reduced by careful consideration of user-specific parameters such as speed and communication activity. We show that in other topologies, including internet models, there is no such limitation. The paper also analyses the topology characteristics that are beneficial to MAP selection, leading to simultaneous reduction of MAP distances and frequency of MAP changes. The demonstrated characteristics are verified by simulations of topology evolution.

Proxy MAP for Intra-domain Route Optimization in Hierarchical Mobile IP

The capability of Hierarchical Mobile IP (HMIP) for intra-domain route optimization is impaired when it is combined with Network Mobility (NEMO) technology. Deviations from the optimum path, caused by traffic aggregation in the Mobility Anchor Point (MAP), can be observed within a hierarchical domain. The problem is particularly noticeable in domains that span the mesh network topology. The lack of intra-domain path optimization in multi-level Mobile IP (MIP) leads to inefficient use of network resources. A Proxy Mobility Anchor Point (PMAP) functionality is proposed in domain nodes to enable intra-domain path optimization in multi-level MIP. Numerical evaluation and simulations indicate that this proposal can improve routing efficiency and throughput. The solution can be especially rewarding in network architectures where access network is separated from global network by bottleneck links and where the majority of users accessing the network are mobile routers.