SPACE 2016

Accepted Papers -- Abstracts

The following 17 papers out of a total of 62 submissions were accepted at SPACE 2016 after a competitive peer review process and active discussions among the program committee members.

Malware Characterization using Windows API Call Sequences
Sanchit Gupta1, Sarvjeet Kaur1 and Harshit Sharma2.
Organization, Country: 1 DRDO, India, 2 NIIT, India.
Abstract: In this research we have used Windows API (Win-API) call sequences to capture the behaviour of malicious applications. Detours library by Microsoft has been used to hook the Win-APIs call sequences. To have a higher level of abstraction, related Win-APIs have been mapped to a single category. A total set of 534 important Win-APIs have been hooked and mapped to 26 categories (A...Z). Behaviour of any malicious application is captured through sequence of these 26 categories of APIs. In our study, five classes of malware have been analyzed: Worm, Trojan-Downloader, Trojan-Spy, Trojan-Dropper and Backdoor. 400 samples for each of these classes have been taken for experimentation. So a total of 2000 samples were taken as training set and their API call sequences were analyzed. For testing, 120 samples were taken for each class. Fuzzy hashing algorithm ssdeep was applied to generate fuzzy hash based signature. These signatures were matched to quantify the API call sequence homologies between test samples and training samples. Encouraging results have been obtained in classification of these samples to the above mentioned 5 categories. Further, N-gram analysis has also been done to extract different API call sequence patterns specific to each of the 5 categories of malware.

A Methodology for the Characterisation of Leakages in Combinatorial Logic
Marco Martinoli1 and Guido Bertoni2.
Organization, Country: 1 University of Bristol, United Kingdom, 2 STMicroelectronics, Italy.
Abstract: Glitches represent a great danger for hardware implementations of cryptographic schemes. Their intrinsic random nature makes them difficult to tackle and their occurrence threatens side-channel protections. Although countermeasures aiming at structurally solving the problem already exist, they usually require some effort to be applied or introduce non-negligible overhead in the design. Our work addresses the gap between such countermeasures and the naive implementation of schemes being vulnerable in the presence of glitches. Our contribution is twofold: (1) we expand the mathematical framework proposed by Brzozowski and Esik \cite{FMSD:BrzEsi03} by meaningfully adding the notion of information leakage, (2) thanks to which we define a formal methodology for the analysis of vulnerabilities in combinatorial circuits when glitches are taken into account.

A new hope on ARM Cortex-M
Erdem Alkim1, Philipp Jakubeit2 and Peter Schwabe2.
Organization, Country: 1 Ege University, Turkey, 2 Radboud University, Netherlands.
Abstract: Recently, Alkim, Ducas, Poppelmann, and Schwabe proposed a Ring-LWE-based key exchange protocol called NewHope (eprint, 2015/1092) and illustrated that this protocol is very efficient on large Intel processors. Their paper also claims that the parameter choice enables efficient implementation on small embedded processors. In this paper we show that these claims are actually correct and present NewHope software for the ARM Cortex-M family of 32-bit microcontrollers. More specifically, our software targets the low-end Cortex-M0 and the high-end Cortex-M4 processor from this family. Our software starts from the C reference implementation by the designers of NewHope and then carefully optimizes subroutines in assembly. In particular, compared to best results known so far, our NTT implementation achieves a speedup of almost a factor of 2 on the Cortex-M4. Our Cortex-M0 NTT software slightly outperforms previously best results on the Cortex-M4, a much more powerful processor. In total, the server side of the key exchange executes in only 1467101 cycles on the M0 and only 860388 on the M4; the client side executes in 1738922 cycles on the M0 and 984761 cycles on the M4.

Partially homomorphic encryption schemes over finite fields
Jian Liu1, Sihem Mesnager2 and Lusheng Chen1.
Organization, Country: 1 Nankai University, China, 2 University of Paris VIII, France.
Abstract: Homomorphic encryption scheme enables computation in the encrypted domain, which is of great importance because of its wide and growing range of applications. The main issue with the known fully (or partially) homomorphic encryption schemes is the high computational complexity and large communication cost required for their execution. In this work, we study symmetric partially homomorphic encryption schemes over finite fields, establishing relationships between homomorphisms over finite fields with q-ary functions. Our proposed partially homomorphic encryption schemes have perfect secrecy and resist cipher-only attacks to some extent.

Predictive Aging of Reliability of two Delay PUFs
Naghmeh Karimi1, Jean-Luc Danger2, Florent Lozac'H3 and Sylvain Guilley2.
Organization, Country: 1 Rutgers University, USA, 2 Institut Telecom/Telecom ParisTech, CNRS/LTCI, France, 3 Secure-IC, France.
Abstract: To protect integrated circuits against IP piracy, Physically Unclonable Functions (PUFs) are deployed. PUFs provide a specific signature for each integrated circuit.
However, environmental variations, (e.g., temperature change), power supply noise and more influential IC aging affect the functionally of PUFs. Thereby, it is important to evaluate aging effects as early as possible, preferentially at design time. In this paper we investigate the effect of aging on the stability of two delay PUFs: arbiter-PUFs and loop-PUFs and analyze the architectural impact of these PUFS on reliability decrease due to aging.

We observe that the reliability of the arbiter-PUF gets worse over time, whereas the reliability of the loop-PUF remains constant. We interpret this phenomenon by the asymmetric aging of the arbiter, because one half is active (hence aging fast) while the other is not (hence aging slow). Besides, we notice that the aging of the delay chain in the arbiter-PUF and in the loop-PUF has no impact on their reliability, since these PUFs operate differentially.

Light Weight Key Establishment Scheme for Wireless Sensor Networks
Jilna Payingat and Deepthi P.P..
Organization, Country: NIT Calicut, India.
Abstract: This paper presents a light weight key establishment technique for wireless sensor networks. The proposed method is a hybrid of two popular key exchange protocols LEAP (Localised encryption and authentication protocol) and COKE (Crypto-less over the air key establishment) and addresses the weakness of both schemes. The security analysis shows that the system is secure against active adversaries and node compromise. Compared to COKE, the proposed scheme guarantees a secret key establishment and is energy eļ¬ƒcient with a single MAC computation for secret key establishment.

A Scalable and Systolic Architectures of Montgomery Modular Multiplication for Public Key Cryptosystems Based on DSPs
Amine Mrabet1, Nadia El-Mrabet2, Ronan Lashermes3, Jean Baptiste Rigaud2, Belgacem Bouallegue4, Sihem Mesnager1 and Mohsen Machhout5.
Organization, Country: 1 University of Paris VIII, France, 2 SAS-CMP-emse, France, 3 LHS-PEC TAMIS INRIA-Rennes, France, 4 King Khalid University, Saudi Arabia, 5 University of Monastir, Tunisia.
Abstract: The arithmetic in a finite field constitutes the core of Public Key Cryptography like RSA, ECC or pairing-based cryptography. This paper discusses an efficient hardware implementation of the Coarsely Integrated Operand Scanning method (CIOS) of Montgomery modular multiplication combined with an effective systolic architecture designed with a Two-dimensional array of Processing Elements. The systolic architecture increases the speed of calculation by combining the concepts of pipelining and the parallel processing into a single concept. We propose the CIOS method for the Montgomery multiplication using a systolic architecture. As far as we know this is the first implementation of such design. The proposed architectures are designed for Field Programmable Gate Array platforms. They targeted to reduce the number of clock cycles of the modular multiplication. The presented implementation results of the CIOS algorithms focuses on different security levels useful in cryptography. This architecture have been designed in order to use the flexible DSP48 on Xilinx FPGAs. Our architecture is scalable and depends only on the number and size of words. For instance, we provide results of implementation for 8, 16, 32 and 64 bit long words in 33, 66, 132 and 264 clock cycles. We highlight the fact that for a given number of word, the number of clock cycles is constant.

Cheap and Cheerful: A Low-Cost Digital Sensor for Detecting Laser Fault Injection Attacks
Wei He, Jakub Breier and Shivam Bhasin.
Organization, Country: Nanyang Technological University, Singapore.
Abstract: Fault Injection attacks (FIAs) have become a critical threat towards prevailing security embedded systems. FIA typically exploits the maliciously induced faults in security ICs for retrieving confidential internals. Since the faults are injected by disturbing circuit behaviors, FIA can possibly be detected in advance by integrating a sensitive sensor. In this paper, a full-digital detection logic against laser fault injection is proposed, which mainly consists in a high-frequency RO watchdog and a disturbance capture for sensing frequency ripple due to laser impact. Practical experiments on Virtex-5 FPGA show that the proposed sensor has fault detection rate of 100% for both regional and single CLB injection, protecting critical cipher registers of PRESENT-80 cipher, with superior power/spatial security margin compared to a prior PLL based sensor, while maintaining extremely low cost in hardware. The proposed logic are further applied to protect complete ciphers over larger fabric, and the fine-grained fault injection using pulse laser shows a detection rate of 94.20%, and an alarm rate of 2.63:1 in this experiment. Owing to its simple digital architecture, this system can be easily applied into any security-critical ICs.

Decomposed S-Boxes and DPA Attacks: A Quantitative Case Study using PRINCE
Selvam Ravikumar, Dillibabu Shanmugam, Annadurai Suganya and Jothi Rangasamy.
Organization, Country: Society for Electronic Transactions and Security, India (SETS)
Abstract: Lightweight ciphers become indispensable and inevitable in the ubiquitous smart devices. However, the security of ciphers is often subverted by various types of attacks, especially, implementation attacks such as side-channel attacks. These attacks emphasise the necessity of providing efficient countermeasures. In this paper, our contribution is threefold: First, we propose a method to choose the efficient decomposition of S-box in terms of area. Then we slightly altered the widely used formula to improve the accuracy for weighted sum estimation of the shared S-Box. We had shown the practical implementation of two level decomposition using PRINCE S-Box. Finally, we present the first quantitative study on the efficacy of Transparency Order (TO) of decomposed S-Boxes in thwarting a side-channel attack. Using PRINCE S-Box we observe that TO-based decomposed implementation has better DPA resistivity than the naive implementation. To benchmark the DPA resistivity of TO(decomposed S-Box) implementation we arrive at an efficient threshold implementation of PRINCE, which itself merits to be an interesting contribution.

Comprehensive Laser Sensitivity Profiling and Data Register Bit-Flips for Cryptographic Fault Attacks in 65 nm FPGA
Wei He, Jakub Breier, Shivam Bhasin, Dirmanto Jap, Hock Guan Ong and Chee Lip Gan.
Organization, Country: Nanyang Technological University, Singapore.
Abstract: FPGAs have emerged as a popular platform for security sensitive applications. As a practical attack methodology, laser based fault analyses have drawn much attention in the past years due to its superior accuracy in fault perturbation into security-critical Integrated Circuits (ICs). However, due to the insufficient device information, the practical injections work are not so efficient as expected. In this paper, we thoroughly analyze the laser fault injections to data flip-flops, instead of the widely studied configuration memory bits, of a modern nanoscale FPGA. A profiling campaign based on laser chip scan is performed on an exemplary 65 nm Virtext-5 FPGA, through the delayered silicon substrate, to identify the laser sensitivity distribution of the resource array and the fundamental logic cells. The sophisticated flip-flop bit flips are realized by launching fine-grained laser perturbations on an identified Configurable Logic Block (CLB) region. The profiled laser fault sensitivity map to FPGA resource significantly facilitate high-precision logic navigation and fault injection in practical cryptographic fault attacks. We show that the observed single- and multiple-bit faults are compatible with most proposed differential or algebraic fault analyses (DFA/AFA). Finally, further discussions on capability of reported fault models to bypass fault countermeasures like parity and dual-rail logic are also given.

Solving binary MQ with Grover's algorithm
Peter Schwabe and Bas Westerbaan.
Organization, Country: Radboud Universiteit Nijmegen, Netherlands.
Abstract: The problem of solving a system of quadratic equations in multiple variables -- known as multivariate-quadratic or MQ problem -- is the underlying hard problem of various cryptosystems. For efficiency reasons, a common instantiation is to consider quadratic equations over F2. The current state of the art in solving the MQ problem over F_2 for sizes commonly used in cryptosystems is enumeration, which runs in time Theta(2^n) for a system of n variables. Grover's algorithm running on a large quantum computer is expected to reduce the time to Theta(2^(n/2)). As a building block, Grover's algorithm requires an "oracle", which is used to evaluate the quadratic equations at a superposition of all possible inputs. In this paper, we describe two different quantum circuits that provide this oracle functionality. As a corollary, we show that even a relatively small quantum computer with as little as 92 logical qubits is sufficient to break MQ instances that have been proposed for 80-bit pre-quantum security.

Towards Securing Low-Power Digital Circuits with Ultra-Low-Voltage Vdd Randomizers
Dina Kamel, Guerric de Streel, Santos Merino Del Pozo, Kashif Nawaz, Francois-Xavier Standaert, Denis Flandre and David Bol.
Organization, Country: Universite Catholique de Louvain, Belgium (UCL).
Abstract: With the exploding number of connected objects and sensitive applications, security against side-channel attacks becomes critical in low-cost and low-power IoT applications. For this purpose, established mathematical countermeasures such as masking and shuffling always require a minimum amount of noise in the adversary's measurements, that may not be guaranteed by default because of good measurement setups and powerful signal processing. In this paper, we propose to improve the protection of sensitive digital circuits by operating them at a random ultra-low voltage (ULV) supplied by a $V_{dd}$ randomizer. As the $V_{dd}$ randomization modulates the switching current, it results in a multiplicative noise on both the current consumption amplitude and its time dependence. As ULV operation increases the sensitivity of the current on the supply voltage, it magnifies the generated noise while reducing the side-channel information signal thanks to the switching current reduction. As a proof-of-concept, we prototyped a simple $V_{dd}$ randomizer based on a low-quiescent-current linear regulator with a digitally-controlled resistive feedback divider on which we apply a $4-bit$ random number stream. Using an information theoretic metric, the measurement results obtained in $65nm$ low-power CMOS confirm that such randomizers can significantly improve the security of cryptographic implementations against standard side-channel attacks in case of low physical noise in the attacks' setups, hence enabling the use of mathematical countermeasures.

Breaking Kalyna with Side Channel Attacks
Stephane Fernandes Medeiros, Francois Gerard, Nikita Veshchikov, Liran Lerman and Olivier Markowitch.
Organization, Country: Universite Libre de Bruxelles, Belgium (ULB).
Abstract: In 2015, Kalyna has been chosen as the new Ukrainian standard block cipher. Kalyna is an AES-like block cipher with a non-invertible key schedule. In this paper we perform the first side-channel analysis of Kalyna by performing a CPA attack on the round keys of Kalyna. Our work is based on simulations and real experiments performed on a software implementation on a micro-controller. Our attack extracts the round keys with probability 0.96 using 250 measurements.

Gain: Practical Key-Recovery Attacks on Round-reduced PAEQ
Dhiman Saha, Sourya Kakarla, Srinath Mandava and Dipanwita Roy Chowdhury.
Organization, Country: IIT Kharagpur, India.
Abstract: This work presents practical key-recovery attacks on round-reduced variants of CAESAR Round 2 candidate PAEQ by analyzing it in the light of guess-and-determine analysis. The attack developed here targets the mode of operation along with diffusion inside the AES based internal permutation AESQ. The first attack uses a guess-and-invert technique leading to a meet-in-the-middle attack that is able to recover the key for 6 out of the 20 rounds of \texttt{paeq-64/80/128} with reduced key entropy of $1,2^{16}$ and $2^{32}$ respectively. The second analysis extends the attack to 7 rounds using a invert-and-guess strategy which results in reduced key-space of $2^{24},2^{32}$ and $2^{40}$ for the same PAEQ variants. Finally, an 8-round attack is mounted using a guess-invert-guess strategy which works on any of the three variants with a complexity of $2^{48}$. Moreover, unlike the CICO attack mounted by the designers which works with only AESQ, our 8-round attack additionally takes into account the mode of operation of PAEQ.

VMI based Automated Real-Time Malware Detector for Virtualized Cloud Environment
Ajay Kumara M A and Jaidhar C D
Organization, Country: NIT Karnataka, India.
Abstract: The Virtual Machine Introspection (VMI) has evolved as a promising future security solution to performs an indirect investigation of the untrustworthy Guest Virtual Machine (GVM) in real-time by operating at the hypervisor in a virtualized cloud environment. The existing VMI techniques are not intelligent enough to read precisely the manipulated semantic information on their reconstructed high-level semantic view of the live GVM. In this paper, a VMI-based Automated-Internal- External (A-IntExt) system is presented that seamlessly introspects the untrustworthy Windows GVM internal semantic view (i.e Processes) to detect the hidden, dead, and malicious processes. Further, it checks the detected, hidden as well as running processes (not hidden) as benign or malicious. The prime component of the A-IntExt is the Intelligent Cross- View Analyzer (ICVA), which is responsible for detecting hidden-state information from internally and externally gathered state information of the Monitored Virtual Machine (Med_VM). The A-IntExt is designed, implemented, and evaluated by using publicly available malware and Windows real-world rootkits to measure detection proficiency as well as execution speed. The experimental results demonstrate that A-IntExt is effective in detecting malicious and hidden-state information rapidly with maximum performance overhead of 7.2%.

Fault Based Almost Universal Forgeries on CLOC and SILC
Debapriya Basu Roy1, Avik Chakraborti2, Donghoon Chang3, S V Dilip Kumar1, Debdeep Mukhopadhyay1 and Mridul Nandi2.
Organization, Country: 1 IIT Kharagpur, India, 2 ISI Kolkata, India, 3 IIIT Delhi, India.
Abstract: CLOC and SILC are two block cipher based authenticated en- cryption schemes, submitted to the CAESAR competition, that aim to use low area buffer and handle short input efficiently. The designers of the schemes claimed n/2 -bit integrity security against nonce reusing adversaries, where n is the block cipher state size in bits. In this paper, we present single fault-based almost universal forgeries on both CLOC and SILC with only one single bit fault at a fixed position of a specific block- cipher input. In the case of CLOC, the forgery can be done for almost any nonce, associated data and message triplet, except some nominal restrictions on associated data. In the case of SILC, the forgery can be done for almost any associated data and message, except some nominal restrictions on associated data along with a fixed nonce. Both the attacks on CLOC and SILC require several nonce-misusing encryption queries. This attack is independent of the underlying blockcipher and works on the encryption mode. In this paper, we provide the actual single bit fault implementation results. Finally, we provide updated constructions, that can resist the fault attack on the mode assuming the underlying block- cipher is fault resistant. We would like to note that our attacks do not violate the designers' claims as our attacks require fault. However, it shows some vulnerability of the schemes when fault is feasible.

Exploiting the Leakage: Analysis of some Authenticated Encryption schemes
Donghoon Chang, Amit Kumar Chauhan, Naina Gupta, Arpan Jati and Somitra Kumar Sanadhya.
Organization, Country: IIIT Delhi, India.
Abstract: The ongoing CAESAR competition, aimed at finding robust and secure authenticated encryption schemes provides many new submissions for analysis. We analyzed many schemes and came across a plenitude of techniques, design ideals and security notions. In view of the above, we present key recovery attacks using DPA for Joltik, Deoxys and ELmD, and a forgery attack on AEGIS. In our analysis of the various schemes, we found out that, schemes using Sponge constructions with pre-initialized keys such as Ascon, ICEPOLE, Keyak, NORX, PRIMATEs, etc. were significantly harder to attack than contemporary designs using standard building blocks from a side channel perspective. We also implement and demonstrate an attack on Joltik-BC, to recover the key in roughly 50-60 traces.

SPACE 2016 Home