Ruixue Sun,Zhiguo Shi,Rongxing Lu,Jian Qiao,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/WCSP.2012.6542795

2012-01-01

Abstract:The 60 GHz ultra-high-speed Wireless Personal Area Network (WPAN) has received considerable attention in recent years. Information security, which ensures secure communication within the network, is of particular importance. In this paper, we propose an efficient lightweight key management scheme for 60 GHz WPAN, which deploys secure encryption algorithms and one-way hash function to achieve efficient key exchange and updating managements. Detailed security analysis has shown its security provisions. In addition, performance evaluation is also provided to demonstrate its efficiency in terms of session key distribution and group key updating.

Wei Li,Wenwen Zhang,Dawu Gu,Zhi Tao,Zhihong Zhou,Ya Liu,Zhiqiang Liu

DOI: https://doi.org/10.3837/tiis.2015.02.018

2015-01-01

KSII Transactions on Internet and Information Systems

Abstract:The TWINE is a new Generalized Feistel Structure (GFS) lightweight cryptosystem in the Internet of Things. It has 36 rounds and the key lengths support 80 bits and 128 bits, which are flexible to provide security for the RFID, smart cards and other highly-constrained devices. Due to the strong attacking ability, fast speed, simple implementation and other characteristics, the differential fault analysis has become an important method to evaluate the security of lightweight cryptosystems. On the basis of the 4-bit fault model and the differential analysis, we propose an effective differential fault attack on the TWINE cryptosystem. Mathematical analysis and simulating experiments show that the attack could recover its 80-bit and 128-bit secret keys by introducing 8 faulty ciphertexts and 18 faulty ciphertexts on average, respectively. The result in this study describes that the TWINE is vulnerable to differential fault analysis. It will be beneficial to the analysis of the same type of other iterated lightweight cryptosystems in the Internet of Things.

Jing Huang,Xinjie Zhao,Yidi Wang,Shize Guo,Fan Zhang,Tianming Zheng

DOI: https://doi.org/10.1109/IMCCC.2018.00048

2018-01-01

Abstract:In January 2016, Li et al. introduced an impossible differential fault analysis on the LED cryptosystem. If one random nibble fault is injected into the preantepenultimate round of LED, 48 fault injections are required to recover the secret key. In this comment, we provide an improved scheme with theoretical analysis and experimental results. Under the same fault model, our analysis can reduce the key search space of LED to 27:92 on average with only ONE fault. The key extraction takes about 13.84 seconds on average.

Liang Dong,Hongxin Zhang,Lei Zhu,Shaofei Sun,Han Gan,Fan Zhang

DOI: https://doi.org/10.1109/access.2019.2901753

IF: 3.9

2019-01-01

IEEE Access

Abstract:This paper presents an optimal method for recovering the secret keys of the light encryption device (LED) by combining the impossible differential fault attack with the algebraic differential fault attack. The proposed optimal method effectively improves the performance of fault attacks. A fault attack model, named the redundant random nibble fault model (RRNFM), is proposed to simulate a multiple fault injection in a real-world environment. Using the optimal method and the RRNFM, the 64-bit secret key of LED can be recovered by injecting no more than six faults in 1300 experiments. We establish an equation of inverse proportionality between the number of faults injected and the remaining amount of the secret key. Using the equation, the number of fault injection can be accurately predicted, providing an effective way of evaluating fault attacks.

Amit Jana,Goutam Paul

DOI: https://doi.org/10.1007/s13389-024-00354-4

2024-05-26

Journal of Cryptographic Engineering

Abstract:This paper presents the first instance of a successful differential fault attack ( DFA ) on the nonce-based authentication scheme PHOTON-BEETLE , which was a finalist but not the winner of the NIST LwC competition. Furthermore, the paper also reveals the first differential fault attacks on several other NIST LwC schemes, including ORANGE , SIV-TEM-PHOTON , and ESTATE , which are based on sponge and SIV techniques. In general, it is a challenging task to perform DFA for any nonce-based sponge/ SIV -based AE because of a unique nonce in the encryption query. However, the decryption procedure (with a fixed nonce) is still susceptible to DFA . We propose different fault attack models, and also give theoretical estimates of the number of faulty queries to get multiple forgeries. Our simulated values corroborate closely the theoretical estimates. Finally, we devise an algorithm to recover the state based on the collected forgeries. Under the random fault attack model, to retrieve the secret key, we need approximately number of faulty queries. Also, the offline time and memory complexities of this attack are respectively and nibbles. Whereas, under the random bit fault attack model, around number of faulty queries are required to retrieve the key for PHOTON -based schemes and for AES -based scheme ESTATE . In the known fault attack model, we need around number of faulty queries to retrieve the secret key for PHOTON -based schemes and for AES -based scheme ESTATE . The time and memory complexities of the state recovery attack (for PHOTON -based schemes) are respectively and nibbles. Further, we have reduced the number of faulty queries to under the precise bit-flip fault model.

computer science, theory & methods

Wei Li,Da-wu Gu,Xiao-ling Xia,Chen Zhao,Zhi-qiang Liu,Ya Liu,Qing-ju Wang

DOI: https://doi.org/10.1080/18756891.2012.733223

IF: 2.259

2012-01-01

International Journal of Computational Intelligence Systems

Abstract:The LED is a new lightweight cipher, which was published in CHES 2011. This cipher could be applied in the Wireless Sensor Network to provide security. On the basis of the single byte-oriented fault model, we propose a differential fault analysis on the LED cipher. The attack could recover its 64-bit secret key by introducing 4 faulty ciphertexts, and 128-bit secret key by introducing 8 faulty ciphertexts. The results in this study will be beneficial to the analysis of the same type of other iterated lightweight ciphers.

Wei Li,Jiayao Li,Dawu Gu,Chaoyun Li,Tianpei Cai

DOI: https://doi.org/10.1109/tifs.2021.3102485

IF: 7.231

2021-01-01

IEEE Transactions on Information Forensics and Security

Abstract:With the development of wireless technology, the ubiquitous sensor networks have a profound effect on the way human interacts with computers, devices and environment. In order to reduce the potentially serious risks in the interaction, applying lightweight ciphers is effective to balance security, efficiency and convenience. Simeck is such a lightweight cipher that provides data confidentiality, authentication and integrity. It is significant to explore whether Simeck remains robust security. Up to now, the attacking assumptions of the previous security analysis of Simeck focus on the known-plaintext attack and the chosen-plaintext attack. There is no literature about Simeck against the ciphertext-only attack, which represents the weakest attacking capability of the attackers. On the assumption of the ciphertext-only attack, this paper proposes the security analysis of Simeck against the statistical fault analysis with a series of novel distinguishers of KDE, MME and MME-GF. The experimental results show that the proposed distinguishers can recover the secret key of Simeck in both decreasing faults and increasing reliability and accuracy. Thus, Simeck cannot resist against the statistical fault analysis with the proposed distinguishers. Furthermore, the good performance of these novel distinguishers can be applied on the PRESENT lightweight cipher. It offers the valuable reference for the design and analysis of the lightweight ciphers in the ubiquitous sensor networks.

computer science, theory & methods,engineering, electrical & electronic

Xue Gong,Ao Shen,Tianxiang Feng,Guorui Xu,Shize Guo,Fan Zhang

DOI: https://doi.org/10.1016/j.vlsi.2024.102174

IF: 1.345

2024-01-01

Integration

Abstract:Cryptographic algorithms have been employed in a variety of fields as the primary method to protect information security. The security of a cryptographic algorithm is closely related to its operating environment and physical devices. Algebraic Persistent Fault Analysis (APFA) is a new fault analysis method for block ciphers proposed in CHES 2022, which utilizes the fault that persists in encryptions and introduces algebraic analysis in the fault analysis step. In the fault injection step, as the transistors of the integrated circuit are getting smaller and tighter, even high-precision devices may cause more than one fault per injection. However, more faults may lead to a more efficient attack in the fault analysis step. In this paper, APFA for double faults is proposed, which can deal with the double faults model and reduce the number of required ciphertexts. The practicality of our fault injection is validated by laser fault injection experiments on the SRAM embedded in an ATmega163L microcontroller. The effectiveness of our fault analysis is proven by successfully recovering the key of PRESENT-128 and AES-128. The number of ciphertexts needed for key recovery is reduced by 46% compared to PFA with a single fault.

Wei Li,Chenyu Ge,Dawu Gu,Linfeng Liao,Zhiyong Gao,Xiujin Shi,Ting Lu,Ya Liu,Zhiqiang Liu

DOI: https://doi.org/10.3837/tiis.2018.07.023

2018-01-01

Abstract:With the enlargement of wireless technology, vehicular ad-hoc networks (VANETs) are rising as a hopeful way to realize smart cities and address a lot of vital transportation problems such as road security, convenience, and efficiency. To achieve data confidentiality, integrity and authentication applying lightweight cryptosystems is widely recognized as a rather efficient approach for the VANETs. The Khudra cipher is such a lightweight cryptosystem with a typical Generalized Feistel Network, and supports 80-bit secret key. Up to now, little research of fault analysis has been devoted to attacking Khudra. On the basis of the single nibble-oriented fault model, we propose a differential fault analysis on Khudra. The attack can recover its 80-bit secret key by introducing only 2 faults. The results in this study will provides vital references for the security evaluations of other lightweight ciphers in the VANETs.

Dawu Gu,Juanru Li,Sheng Li,Zhouqian Ma,Zheng Guo,Junrong Liu

DOI: https://doi.org/10.1109/fdtc.2012.16

2012-01-01

Abstract:Differential fault analysis is one of the most efficient side channel attack techniques that threat the security of block cipher. However, it often requires a penultimate or an antepenultimate round faulty encryption and is not suitable for middle round fault. This paper presents attacks combining differential fault analysis with statistical cryptanalysis techniques against lightweight ciphers. The analysis makes use of statistical cryptanalysis techniques in practice rather than theoretically, and exploits the weakness of bit-permutation adopted by many lightweight block ciphers under fault attack. Specific attacks against PRESENT and PRINT\scriptsize{CIPHER} \normalsize are given to prove the validity. The result shows that about one fifth of the iterative rounds are needed to be protected for these lightweight ciphers with bit-permutation.

Li Wei,Ge Chenyu,Gu Dawu,Liao Linfeng,Gao Zhiyong,Guo Zheng,Liu Ya,Liu Zhiqiang,Shi Xiujin

DOI: https://doi.org/10.7544/issn1000-1239.2017.20170437

2012-01-01

Chinese Journal of Computers

Abstract:The typical lightweight cipher LED ,proposed in CHES 2011 ,is applied in the Internet of things (IoT ) to provide security for RFID tags and smart cards etc .Fault analysis has become an important method of cryptanalysis to evaluate the security of lightweight ciphers ,depending on its fast speed ,simple implementation ,complex defense ,etc .On the basis of the half byte-oriented fault model ,we propose new statistical fault analysis on the LED cipher by inducing faults .Simulating experiment shows that our attack can recover its 64-bit and 128-bit secret keys with 99% probability using an SEI distinguisher ,a GF distinguisher and a GF-SEI distinguisher ,respectively .The attack can be implemented in the ciphertext-only attacking environment to improve the attacking efficiency and decrease the number of faults .It provides vital reference for security analysis of other lightweight ciphers in the Internet of things .

Hao Chen,Tao Wang,Xinjie Zhao,Fan Zhang,Yunfei Ma,Xiaohan Wang

DOI: https://doi.org/10.13232/j.cnki.jnju.2017.06.016

2017-01-01

Abstract:HIGHT is built by using ARX(addition modulo 2n,bit rotation and XOR)structure,which is suitable for resource-constrained environment such as Radio Frequency Identification(RFID)tag or ubiquitous computing system and it has been adopted as a standard block cipher by Telecommunications Technology Association(TTA)of Korea and ISO/IEC 18033-3.Since the accurate location of the injected fault cannot be successfully determined when fault failures are occurred,the success rate of the existing algebraic fault attack on HIGHT is always less than 100%.To improve the success rate and efficiency,a fault tolerant algebraic fault attack is proposed in this paper.Firstly,fault failures and its properties are studied and a complete distinguisher based on fault failures,fault locations and cipher differences for determining the accurate fault locations in all different scenarios is built.Then,HIGHT is described as a set of algebraic equations.The faulty ciphertext is generated via fault injections and fault differences are represented with algebraic equations.To make maximum use of the injected faults,fault failures are also described as a set of algebraic equations.In the meantime,the procedure of constructing algebraic equations for the inj ected faults is optimized to perform automatically to further make the attack easy to launch.Finally,the CryptoMiniSAT solver is applied to solve the equations for the key and the number of fault injections that required and success rate of the proposed attack are analyzed in theory.The simulation experiments show that compared with the existing algebraic fault attack on HIGHT,the success rate of the proposed attack has been improved to 100% and the method of con-structing algebraic equations for the injected faults is easier and can be performed automatically,the entire mater key bytes can be fully recovered in a rather smaller time by solving the algebraic equations with the CryptoMiniSAT solver,and the proposed attack can be easily extended to other cipher which has the similar structure.

Zheng Gong,Pieter Hartel,Svetla Nikova,Shao-Hua Tang,Bo Zhu

DOI: https://doi.org/10.1007/s11390-013-1411-8

IF: 1.871

2014-01-01

Journal of Computer Science and Technology

Abstract:A wireless sensor network (WSN) commonly requires lower level security for public information gathering, whilst a body sensor network (BSN) must be secured with strong authenticity to protect personal health information. In this paper, some practical problems with the message authentication codes (MACs), which were proposed in the popular security architectures for WSNs, are reconsidered. The analysis shows that the recommended MACs for WSNs, e.g., CBCMAC (TinySec), OCB-MAC (MiniSec), and XCBC-MAC (SenSec), might not be exactly suitable for BSNs. Particularly an existential forgery attack is elaborated on XCBC-MAC. Considering the hardware limitations of BSNs, we propose a new family of tunable lightweight MAC based on the PRESENT block cipher. The first scheme, which is named TuLP, is a new lightweight MAC with 64-bit output range. The second scheme, which is named TuLP-128, is a 128-bit variant which provides a higher resistance against internal collisions. Compared with the existing schemes, our lightweight MACs are both time and resource efficient on hardware-constrained devices.

Wei Li,Chun Liu,Dawu Gu,Jianning Gao,Wenqian Sun

DOI: https://doi.org/10.1109/tifs.2023.3244083

IF: 7.231

2023-01-01

IEEE Transactions on Information Forensics and Security

Abstract:Mobile wireless sensor networks (MWSNs) have blended into a new application scenario to create revolutionary intelligent cities and handle numerous challenges of security, adaptability, and robustness as wireless technology has advanced. Exploiting lightweight cryptosystems is considered one of the main approaches for MWSNs to achieve confidentiality, integrity, and authentication to prevent malicious cyberattacks and resource abuses. The Saturnin lightweight cryptosystem, presented at ToSC in 2020, can be applied to protect MWSNs. No literature suggests Saturnin can defend against a ciphertext-only attack, where the attackers are the most susceptible. This study proposes the novel statistical differential fault analysis (SDFA) in this attack scenario with double distinguishers of square Chi-maximum likelihood estimate and Dice-Hamming weight. Following the experiments, it recovered the 256-bit secret key using 656 faults in the fourth-to-last round of Saturnin. Compared to the classic statistical fault analysis (SFA), the novel SDFA can expand fault injections to the deeper round and decrease the faults by half with a reliability of at least 99%. It gives an essential reference for figuring out how secure lightweight cryptosystems in MWSNs are.

Mengxia Shuai,Ling Xiong,Changhui Wang,Nenghai Yu

DOI: https://doi.org/10.1049/iet-ifs.2019.0491

2020-01-01

IET Information Security

Abstract:With the advances in wireless communication and Internet of things, wireless body area networks (WBANs) have attracted more and more attention because of the potential in improving the quality of health care services. With the help of WBANs, the user can access the patient's life-critical data generated by miniaturised medical sensors, and remote health care monitoring services are provided. Since the open nature of wireless channel and sensitivity of transmitted information, the security and privacy of such personal data are becoming important issues that must be dealt with. In the past few years, a large number of authentication schemes had been proposed to solve these issues. However, most of the existing schemes are not secure enough. As a step toward this direction, in this study, the authors present a privacy-preserving authentication scheme with adaptive resilience of desynchronisation attacks for WBANs, in which lightweight crypto-modules are adopted to pursue the best efficiency. The proposed scheme adopts the pseudonym identity technique to provide user anonymity, and one-way hash chain technique and serial number method are employed to ensure forward secrecy and resist desynchronisation attack, respectively. Analysis and comparison results demonstrate that the proposed scheme achieves a delicate balance between security and efficiency.

Wei Li,Vincent Rijmen,Zhi Tao,Qingju Wang,Hua Chen,Yunwen Liu,Chaoyun Li,Ya Liu

DOI: https://doi.org/10.1007/s11432-017-9209-0

2018-01-01

Abstract:With the expansion of wireless technology, vehicular ad-hoc networks (VANETs) are emerging as a promising approach for realizing smart cities and addressing many serious traffic problems, such as road safety, convenience, and efficiency. To avoid any possible rancorous attacks, employing lightweight ciphers is most effective for implementing encryption/decryption, message authentication, and digital signatures for the security of the VANETs. Light encryption device (LED) is a lightweight block cipher with two basic keysize variants: LED-64 and LED-128. Since its inception, many fault analysis techniques have focused on provoking faults in the last four rounds to derive the 64-bit and 128-bit secret keys. It is vital to investigate whether injecting faults into a prior round enables breakage of the LED. This study presents a novel impossible meet-in-the-middle fault analysis on a prior round. A detailed analysis of the expected number of faults is used to uniquely determine the secret key. It is based on the propagation of truncated differentials and is surprisingly reminiscent of the computation of the complexity of a rectangle attack. It shows that the impossible meet-in-the-middle fault analysis could successfully break the LED by fault injections.

Sungjin Yu,Youngho Park

DOI: https://doi.org/10.1109/jiot.2022.3171791

IF: 10.6

2022-10-08

IEEE Internet of Things Journal

Abstract:Wireless medical sensor networks (WMSNs)-based medical systems are an emerging paradigm of the Internet of Medical Things (IoMT) in which the patients and doctors can access various healthcare services via wireless communication technology without visiting the hospital in person. However, an adversary attempts a variety of security attacks because the sensitive information in various fields is exchanged via an insecure channel. Thus, robust and lightweight authentication protocols are essential for providing dependable healthcare services in WMSN-based medical systems. Recently, Wang et al. (IEEE Internet of Things Journal, doi: 10.1109/JIOT.2021.3117762) proposed blockchain and physically unclonable functions (PUFs)-based lightweight authentication protocol for WMSN. They claimed that their protocol is resistant to cyber and physical security threats and also does provide necessary security requirements. However, we prove that their protocol is vulnerable to various security attacks, such as man-in-the-middle and session key disclosure attacks and also lacks mutual authentication. As a result, we propose a robust authentication protocol for WMSN using blockchain and PUF to address the security problems raised by Wang et al.'s scheme. we assess the security of the proposed scheme by using informal and formal security analyses, such as AVISPA simulation and the ROR oracle model. Furthermore, we present the testbed experiments using Raspberry PI 4 based on MIRACL Crypto SDK. Then, we show the performance of the enhanced scheme compared with related schemes based on testbed experiments. Consequently, our scheme is better suited for practical WMSN-based medical systems because it provides greater security and efficiency than competing schemes.

computer science, information systems,telecommunications,engineering, electrical & electronic

Wei Li,Dawu Gu,Yong Wang,Ya Liu,Zhiqiang Liu

DOI: https://doi.org/10.1109/EBISS.2010.5473514

2010-01-01

Abstract:SMS4 is a 128-bit block cipher published by as released as the symmetric-key encryption standard of Wireless Local Area Network(WLAN) by China in 2006. On the differential analysis principle, we propose an extension of differential fault attack on the SMS4 cipher. Mathematical analysis shows that our attack can recover its secret key by introducing about 40 faulty ciphertexts. Our work expands the locations of the fault injection into SMS4.

Jia Shi,Jinqiu Wu,Zhiwei Zhao,Xiaofei Qi,Wenbo Zhang,Gang Qiao,Dahong Zuo

DOI: https://doi.org/10.3390/jmse12050831

IF: 2.744

2024-05-17

Journal of Marine Science and Engineering

Abstract:Due to the open underwater channels and untransparent network deployment environments, underwater acoustic networks (UANs) are more vulnerable to hostile environments. Security research is also being conducted in cryptography, including authentication based on asymmetric algorithms and key distribution based on symmetric algorithms. In recent years, the advancement of quantum computing has made anti-quantum attacks an important issue in the field of security. Algorithms such as lattice and SPHINCS+ have become a research topic of interest in the field of security. However, within the past five years, few papers have discussed security algorithms for UANs to resist quantum attacks, especially through classical algorithms. Some existing classical asymmetric and symmetric algorithms are considered to have no prospects. From the perspective of easy deployment in engineering and anti-quantum attacks, our research focuses on a comprehensive lightweight security framework for data protection, authentication, and malicious node detection through the Elliptic Curve and Hash algorithms. Our mechanism is suitable for ad hoc scenarios with limited underwater resources. Meanwhile, we have designed a multi-party bit commitment to build a security framework for the system. A management scheme is designed by combining self-certifying with the threshold sharing algorithm. All schemes are designed based on certificate-less and ad hoc features. The proposed scheme ensures that the confidentiality, integrity, and authentication of the system are well considered. Moreover, the scheme is proven to be of unconditional security and immune to channel eavesdropping. The resource and delay issues are also taken into consideration. The simulations considered multiple variables like number of nodes, attackers, and message length to calculate proper values that can increase the efficiency of this scheme. The results in terms of delay, delivery ratio, and consumption demonstrate the suitability of the proposal in terms of security, especially for malicious node detection. Meanwhile, the computational cost has also been controlled at the millisecond level.

oceanography,engineering, marine, ocean

Yi Li,Yuling Tian

DOI: https://doi.org/10.1109/jsyst.2022.3152561

IF: 4.802

2022-01-01

IEEE Systems Journal

Abstract:In recent years, wireless sensor networks (WSNs) have been extensively used in many fields, which provide great convenience for peoples daily work and life. With the popularity of WSNs, peoples demands for related authentication protocols are developing in a comprehensive and perfect direction, and relevant designs are focusing more on two aspects: security and performance. However, current research cannot avoid the problem that security and efficiency are not compatible. Some studies use time-consuming cryptographic structures for security, while most lightweight schemes are designed without considering certain security properties, such as perfect forward secrecy, the resistance to known session-specific temporary information attack, etc. In our view, this conflict can be resolved by using lightweight cryptography primitives with special attention to protocol vulnerabilities and ever-evolving security requirements of people. By abandoning all unnecessary cryptographic structures, we propose a comprehensive lightweight three-factor authentication protocol with various security requirements, including adaptive privacy preservation, which is suitable for the user-friendly scenario in the WSN. Through security analysis, real-or-random (ROR) model proof, Automated Validation of Internet Security Protocols and Applications experimental verification, and security aspect comparison, it is proved that our protocol is superior in the security aspect. The performance experiment under MIRACL library shows that this study has advantages in performance compared with other recent research.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science