Zdenek Martinasek

Performance Evaluation of Primitives for Privacy-Enhancing Cryptography on Current Smart-Cards and Smart-Phones

The paper deals with the implementation and benchmarking of cryptographic primitives on contemporary smart-cards and smart-phones. The goal of the paper is to analyze the demands of todays common theoretical cryptographic constructions used in privacy-enhancing schemes and to find out whether they can be practically implemented on off-the-shelf hardware. We evaluate the performance of all major platforms of programmable smart-cards (JavaCards, .NET cards and MultOS cards) and three reference Android devices (a tablet and two smart-phones). The fundamental cryptographic primitives frequently used in advanced cryptographic constructions, such as user-centric attribute-based protocols and anonymous credential systems, are evaluated. In addition, we show how our results can be used for the estimation of the performance of existing and future cryptographic protocols. Therefore, we provide not only benchmarks of all modern programmable smart-card platforms but also a tool for the performance estimation of privacy-enhancing schemes which are based on popular zero-knowledge proof of knowledge protocols.

Optimization of Power Analysis Using Neural Network

In power analysis, many different statistical methods and power consumption models are used to obtain the value of a secret key from the power traces measured. An interesting method of power analysis based on multi-layer perceptron was presented in [1] claiming a \(90\,\%\) success rate. The theoretical and empirical success rates were determined to be \(80\,\%\) and \(85\,\%\), respectively, which is not sufficient enough. In the paper, we propose and realize an optimization of this power analysis method which improves the success rate to almost \(100\,\%\). The optimization is based on preprocessing the measured power traces using the calculation of the average trace and the subsequent calculation of the difference power traces. In this way, the prepared power patterns were used for neural network training and of course during the attack. This optimization is computationally undemanding compared to other methods of preprocessing usually applied in power analysis, and has a great impact on classification results. In the paper, we compare the results of the optimized method with the original implementation. We highlight positive and also some negative impacts of the optimization on classification results.

General scheme of differential power analysis

Power analysis observes the power consumption of cryptographic device depending on its activity and following attack uses the measured power traces to determine some sensitive information to abuse the device. Differential power analysis attacks are the most popular because the attacker does not need detailed knowledge about the attacked device but on the other hand, these attacks use mathematical approach and power consumption models. Understanding and the subsequent realization of the whole attack is not an easy task by no means. Therefore, this article describes the general schema on which all analyses are based on and best known statistical test including the basic power simulation models. We realized the best known power analysis based on correlation coefficient with a detailed description of the individual steps and we adjusted the general schema for this concrete example for better understanding of the attack. After reading the article, the reader is well familiarized about any context of the complex problems of differential power analysis.

Evaluation of Software-Oriented Block Ciphers on Smartphones

The main purpose of block ciphers is to ensure data confidentiality, integrity and robustness against security attacks. Nevertheless, several ciphers also try to be efficient in encryption and decryption phases, have a small energy consumption and/or small memory footprint. These ciphers are usually optimized for certain software or hardware platforms. In this work, we analyze lightweight and classic block ciphers. Further, we implement an application which employs 20 current software-oriented block ciphers and benchmark them on a smartphone. The experimental results and the performance evaluation of ciphers are presented. Moreover, we compare the performance of two forms of implementation by native JAVA cryptography APIs and by an external cryptography provider. In addition, we measure the current consumption of the selected block ciphers on a smartphone.

Acoustic attack on keyboard using spectrogram and neural network

Acoustic side channel belongs to one of the oldest side channel and currently, the acoustic attacks are focused on computer keyboards, automated teller machine and internal computer components. Different methods are used for a classification of acoustic traces measured. It primary depends on the fact if the attacker processes the measured data in time or frequency domain. These two approaches use mostly neural networks connected to dictionary using hidden Markov models for an improvement of classification results. We decided for a compromise between the time and frequency domains and we process acoustic trace measured in the time-frequency domain by using a spectrogram. We use the spectrogram as an input of a typical two-layer neural network with the back propagation learning algorithm. This approach is based on a simple algorithm and does not use any other tool to improve classification results. We used widely available laptop with an integrated microphone placed in an office to analyze the potential repeatability and feasibility of the proposed method.

Profiling Power Analysis Attack Based on Multi-layer Perceptron Network

In 2013, an innovative method of power analysis was presented in Martinasek and Zeman (Radioengineering 22(2), IF 0.687, 2013) and Martinasek et al. (Smart Card Research and Advanced Applications. Lecture Notes in Computer Science. Springer International Publishing, New York, 2014). Realized experiments proved that the proposed method based on Multi-Layer Perceptron (MLP) can provide almost 100 % success rate. This description based on the first-order success rate is not appropriate enough. Moreover, the above mentioned works contain other lacks: the MLP has not been compared with other well-known attacks, an adversary uses too many points of power trace and a general description of the MLP method was not provided. In this paper, we eliminate these weaknesses by introducing the first fair comparison of power analysis attacks based on the MLP and templates. The comparison is accomplished by using the identical data sets, number of interesting points and guessing entropy as a metric. The first data set created contains the power traces of an unprotected AES implementation in order to classify the secret key stored. The second and third data sets were created independently from public available power traces corresponding to a masked AES implementation (DPA Contest v4). Secret offset is revealed depending on the number of interesting points and power traces in this experiment. Moreover, we create a general description of the MLP attack.

Robust profiled attacks: should the adversary trust the dataset?

Side-channel attacks provide tools to analyse the degree of resilience of a cryptographic device against adversaries measuring leakages (e.g. power traces) on the target device executing cryptographic algorithms. In 2002, Chari et al. introduced template attacks (TA) as the strongest parametric profiled attacks in an information theoretic sense. Few years later, Schindler et al. proposed stochastic attacks (representing other parametric profiled attacks) as improved attacks (with respect to TA) when the adversary has information on the data-dependent part of the leakage. Less than ten years later, the machine learning field provided non-parametric profiled attacks especially useful in high dimensionality contexts. In this study, the authors provide new contexts in which profiled attacks based on machine learning outperform conventional parametric profiled attacks: when the set of leakages contains errors or distortions. More precisely, the authors found that (i) profiled attacks based on machine learning remain effective in a wide range of scenarios, and (ii) TA are more sensitive to distortions and errors in the profiling and attacking sets.

Power analysis attack based on the MLP in DPA Contest v4

Power analysis represents extremely effective and successful way of side-channels attacks on so far confidential cryptographic algorithms and cryptographic devices. One of the widespread countermeasures against these power analysis attacks is the masking approach. In 2012, Nassar et al. presented a new lightweight masking countermeasure to protect the AES (Advanced Encryption Standard) implementation. This masking scheme represents the target algorithm of the DPA Contest v4. In this article, we present successful attack based on MLP (Multi-layer Perceptron) aimed on this masking countermeasure. For the first time, the MLP attack is used to reveal secret key from masked implementation of cryptographic algorithm. The article describes in detail every step of the attack implemented including the results achieved. Our attack reveal each byte of the secret key of the masked AES only with 23 power traces.

200 Gbps Hardware Accelerated Encryption System for FPGA Network Cards

We present the architecture and implementation of our encryption system designed for 200 Gbps FPGA (Field Programmable Gate Array) network cards utilizing the IPsec (IP security) protocol. To our knowledge, our hardware encryption system is the first that is able to encrypt network traffic at the full link speed of 200 Gbps using a proven algorithm in a secure mode of operation, on a network device that is already available on the market. Our implementation is based on the AES (Advanced Encryption Standard) encryption algorithm and the GCM (Galois Counter Mode) mode of operation, therefore it provides both encryption and authentication of transferred data. The design is modular and the AES can be easily substituted or extended by other ciphers. We present the full description of the architecture of our scheme, the VHDL (VHSIC Hardware Description Language) simulation results and the results of the practical implementation on the NFB-200G2QL network cards based on the Xilinx Virtex UltraScale+ chip. We also present the integration of the encryption core with the IPsec subsystem so that the resulting implementation is interoperable with other systems.

Secure and efficient two-factor zero-knowledge authentication solution for access control systems

Abstract The authentication schemes based on common chip cards such as Mifare cards are still very popular and are used in various access control systems deployed in critical infrastructure sectors, universities, companies, libraries, hospitals, and other public and private institutions. On one hand, the access control systems based on these obsolete cards and cryptographic protocols have several security flaws and can be easily attacked. On the other hand, newer authentication schemes usually need many complex cryptographic operations and thus take impractical time on current programmable smart cards during the authentication of users. In this paper, we present a secure and efficient two-factor authentication protocol for fast access control systems and user-things identification schemes based on programmable smart cards. Our protocol is based on a zero-knowledge approach, and it is protected against common attacks. Further, we implement the proposed authentication protocol on current off-the-shelf programmable smart cards in order to demonstrate its efficiency and practicality. Finally, we compare our solution with related works and show the improvement of our solution in computation and communication perspectives.