International Association
for Cryptologic Research

Protecting against physical attacks through the use of secure codes

******************************************************

Physical attacks exploit the real-life characteristics of a security device, for example (passively) monitoring its power consumption or (actively) triggering computational errors during processing, in order to recover its embedded secret keys. These attacks are particularly damaging against embedded devices.

Error-correcting codes aim at preventing errors in data by adding redundant information in data encoding in a way allowing detecting and - ideally - correcting errors. Error-correcting codes were initially designed as a protection against non-malicious errors, but might represent an interesting opportunity against malicious faults as well, and can possibly be extended in order to offer resistance against passive attacks as well.

The objective of this project is to investigate this research lead, designing codes offering resistance against physical attacks and assessing their effectiveness, in a context of smart grid/smart sensor applications.

The research will take place in the framework of a European project involving high-level academic and industrial experts. The researcher will also benefit from the dynamic research environment of the UCL Crypto Group (Université catholique de Louvain), with strong interactions with researchers working on related subjects.

The candidate should hold a PhD in mathematics, computer science or electronics, with strong interests in coding theory and cryptographic algorithms. A preliminary background in side-channel attacks is useful, but not mandatory.

Note that, due to the nature of the funding, this position is only available for a non-Belgian citizen in a situation of international mobility, i.e. the candidate should not have spent more than 24 months in Belgium over the last 3 years.

Submission: 30 May 2016
Notification: 31 August 2016
From July 1 to July 1
More Information: http://www.computer.org/cms/Computer.org/transactions/cfps/cfp_tcsi_sca.pdf

Khudra is a lightweight block cipher designed for Field Programmable Gate Array (FPGA) based platforms.

The cipher has an 18-round generalized type-2 Feistel structure with 64-bit block size.

The key schedule takes 80-bit master key and produces 32-bit round keys performing very simple operations.

In this work, we analyze the security of Khudra.

We first show that the effective round key length is 16-bit.

By the help of this observation, we improve the 14-round MITM attack proposed by Youssef et al. by reducing the memory complexity from $2^{64.8}$ to $2^{32.8}$.

Also, we propose a new guess-and-determine type attack on 14 rounds where only 2 known plaintext-ciphertext pairs are required to mount the attack in a time complexity of $2^{64}$ encryption operations.

To the best of our knowledge, this is the best attack in the single key model in terms of time, memory and data complexities where the data complexity is equal to the minimum theoretical data requirement.

Moreover, we present two observations on differential probabilities of the round function and the symmetric structure of the cipher.

We introduce $2^{40}$ weak keys for the full cipher by exploiting the symmetric structure of the cipher.

After more than six years from the launch of Bitcoin, it has become ev-

ident that the decentralized transaction ledger functionality implemented through the blockchain technology can be used not only for cryptocurrencies, but to register, confirm and transfer any kind of contract and property.

In this work we analyze the most relevant functionalities and

known issues of this technology, with the intent of pointing out the possible behaviours that are not as efficient as they should when thinking with a broader outlook. Our analysis would be the starting point for the introduction of a new approach to blockchain creation

and management, which will be the subject of a forthcoming paper.

We are looking for excellent, highly motivated and self-driven PhD students to work in the areas of applied cryptography and network security. We have (fully funded) 2 or 3 Ph.D. positions, starting from Spring 2016 (i.e., March 2016) or Fall 2016 (September 2016).

OSU offers a competitive salary, an excellent work environment, all within a close proximity of high-tech industry and natural beauties of Oregon, USA. The excellent candidates will have opportunities for research internship, collaborations and joint-projects with lead-industrial and academic organizations.

The candidates will work on the design, analysis, realization and deployment of new cryptographic schemes and protocols in various practical application domains. Research topics include but not limited to:

• Secure and Trustworthy Cloud Computing
  • Highly efficient searchable encryption and oblivious RAM
  • Distributed cloud security
• Secure and Reliable Inter-Intra Vehicular Networks
  • Time-critical authentication and integrity in inter-vehicular networks
  • Privacy for autonomous driving
• Secure and reliable smart-infrastructures (e.g., smart-grid IoTs)
• Trusted-hardware and hardware-acceleration techniques to enhance cryptographic methods

Candidates should fulfill the following requirements:

• MS degree in computer science, electrical engineering or mathematics; BS with high-GPA and research experience also considered.
• Knowledge of cryptographic protocols and primitives;
• Excellent programming skills (e.g., C, C++),
• Good Academic Writing and Presentation Skills;

To apply please send by e-mail the following documents:

• Transcripts (BS and MS)
• Curriculum vitae
• Reference letters
• Previous publications
• Research statement>

Submission: 31 March 2016
Notification: 27 May 2016
From September 12 to September 14
Location: Tokyo, Japan
More Information: http://www.iwsec.org/2016/

From September 12 to September 16
Location: Washington, DC, USA
More Information: http://2016.qcrypt.net/

The 2015 election has closed and 437 IACR members cast ballots to select three members of the Board of Directors.

The results are as follows.

• PHILLIP ROGAWAY: 284
• MICHEL ABDALLA: 247
• ANNA LYSYANSKAYA: 194
• Alexandra Boldyreva: 164
• Jon Callas: 68
• Hilarie Orman: 60

Congratulations to Phillip, Michel, and Anna, who will serve as IACR Directors for three-year terms commencing January 1, 2016, and thank you to Alexandra, Jon, and Hilarie for your contributions to the IACR and willingness to serve.

Election verification data can be found at https://vote.heliosvoting.org/helios/e/IACR2015.

IACR Election Committee (Josh Benaloh, David Pointcheval, Bart Preneel)

We describe the use of secure multi-party computation for performing a large-scale privacy-preserving statistical study on real government data. In 2015, statisticians in Estonia conducted a big data study to look for correlations between working during university studies and failing to graduate in time. The study was conducted by linking the database of individual tax payments from the Estonian Tax and Customs Board and the database of higher education events from the Ministry of Education and Research. Data collection, preparation and analysis were conducted using the Sharemind secure multi-party computation system that provided end-to-end cryptographic protection to the analysis. Using ten million tax records and half a million education records in the analysis, this is the largest cryptographically private statistical study ever conducted on real data.

Multi-HFE (Chen et al., 2009) is one of cryptosystems whose public key is a set of multivariate quadratic forms over a finite field. Its quadratic forms are constructed by a set of multivariate quadratic forms over an extension field. Recently, Bettale et al. (2013) have studied the security of HFE and multi-HFE against the min-rank attack and found that multi-HFE is not more secure than HFE of similar size. In the present paper, we propose a new attack on multi-HFE

by using a diagonalization approach. As a result, our attack can recover equivalent secret keys of multi-HFE in polynomial time for odd characteristic case. In fact, we experimentally succeeded to recover equivalent secret keys of several examples of multi-HFE in about fifteen seconds on average, which was recovered in about nine days by the min-rank attack.

Password---a secret combination of symbols---plays an important role in physical world security (e.g. watchword to prevent unauthorized entry into military forbidden area) from ancient times. With emergence and advance of digital computers and computer network, passwords are also widely adopted in cyber world security protection. In most applications, password protection stands on the frontier of cyber/physical security defense. Compromise of passwords might render the whole system insecure, and make thereafter sophisticated cryptography solution ineffective. However, secure management of a lot of random passwords is a great challenge to human brains. We propose a visual cryptography technique, which allows users to store and manage ciphertexts of randomly chosen passwords in mobile phone and decrypt them \\emph{manually} on demand. The stored passwords remain confidential, even if the mobile phone is infected by spyware (Assume the spyware can capture phone screen, and monitor phone CPU and RAM).

We also analyze the security and feasibility of proposed method.

Leveraging on this technique, we give a simple access control system based on passwords, which provides a low cost alternative solution for legacy system besides smart card based solution.

Cryptography rearranges power: it configures who can do what, from what. This makes cryptography an inherently \\textit{political} tool, and it confers on the field an intrinsically \\textit{moral} dimension. The Snowden revelations motivate a reassessment of the political and moral positioning of cryptography. They lead one to ask if our inability to effectively address mass surveillance constitutes a failure of our field. I believe that it does. I call for a community-wide effort to develop more effective means to resist mass surveillance. I plea for a reinvention of our disciplinary culture to attend not only to puzzles and math, but, also, to the societal implications of our work.

From December 9 to December 10
Location: Brussels, Belgium
More Information: https://hyperelliptic.org/PSC

Cryptography, Security & Privacy Research Group at Koç University has multiple openings for both M.Sc. and Ph.D. level applications, as well as Post-Doctoral positions. All accepted applicants will receive competitive scholarships including tuition waiver, housing, monthly stipend, computer, travel support , etc.

For more information about our group and projects, visit

http://crypto.ku.edu.tr

For applying online, and questions about the application-process, visit

http://gsse.ku.edu.tr

For summer internship opportunities, visit

http://kusrp.ku.edu.tr

For research questions, contact Asst. Prof. Alptekin Küpçü

http://home.ku.edu.tr/~akupcu

Spring 2016 MSC/PHD/POSTDOC deadline: 14 December 2015.

Summer 2016 Internship deadline: 31 January 2016 (may have a later deadline if quota remains).

The Security in Information Technology (SIT) Research Group at TU Darmstadt, Germany, headed by Prof. Dr. Michael Waidner is offering a full-time PhD position on Consent Management in Emerging Mobile and Pervasive Computing Systems.

The vacancy is within the newly established research training group \"Privacy and Trust for Mobile Users\" funded by DFG, the German Research Foundation.

We are looking for a candidate interested in working at the intersection of privacy engineering, identity management, applied cryptography, and machine learning, starting as soon as possible.

Further information: https://www.sit.informatik.tu-darmstadt.de/de/security-in-information-technology/open-positions/pre-doc-in-consent-management/

This paper presents NORX8 and NORX16, the 8-bit and 16-bit versions of the authenticated cipher NORX, one of the CAESAR candidates. These new versions are better suited for low-end systems---such as ``internet of things\'\' devices---than the original 32-bit and 64-bit versions: whereas 32-bit NORX requires 64 bytes of RAM or cache memory, NORX8 and NORX16 require just 16 and 32 bytes, respectively. Both of the low-end variants were designed to retain the security properties of the initial NORX and be fast on small CPUs.

Multi-processor systems are becoming the de-facto standard

across dierent computing domains, ranging from high-end

multi-tenant cloud servers to low-power mobile platforms.

The denser integration of CPUs creates an opportunity for

great economic savings achieved by packing processes of

multiple tenants or by bundling all kinds of tasks at vari-

ous privilege levels to share the same platform. This level

of sharing carries with it a serious risk of leaking sensitive

information through the shared microarchitectural compo-

nents. Microarchitectural attacks initially only exploited

core-private resources, but were quickly generalized to re-

sources shared within the CPU.

We present the first fine grain side channel attack that works

across processors. The attack does not require CPU co-

location of the attacker and the victim. The novelty of

the proposed work is that, for the first time the directory

protocol of high efficiency CPU interconnects is targeted.

The directory protocol is common to all modern multi-CPU

systems. Examples include AMD\'s HyperTransport, Intel\'s

Quickpath, and ARM\'s AMBA Coherent Interconnect. The

proposed attack does not rely on any specic characteristic

of the cache hierarchy, e.g. inclusiveness. Note that in-

clusiveness was assumed in all earlier works. Furthermore,

the viability of the proposed covert channel is demonstrated

with two new attacks: by recovering a full AES key in

OpenSSL, and a full ElGamal key in libgcrypt within the

range of seconds on a shared AMD Opteron server.

Modern software ecosystem is data-centric. Data exfiltration due to the attacks of Memory Scraper type malwares is an emerging threat. In this paper, we set up an appropriate mathematical model capturing the threat such attacks pose to Identity-Based Cryptosystems (IBE). Following the formalism, we demonstrate an attack on popular Boneh-Franklin CCA2 secure IBE construction that compels us to relook the fact of CCA2 being the de-facto standard of security. We offer two constructions, one identity based and another public-key based (PKE) encryption schemes capable of withstanding Ram Scraper attacks. Our design assumes a hybrid system equipped with a bare minimal \'Trusted Platform Module\' (TPM) that can only perform group exponentiation operation. Building systems to implement our IBE/PKE protocols should be feasible as well as efficient from practical standpoint.

This paper presents efficient designs and software implementations of signature schemes that are double authentication preventing. We give a general transform for constructing these double-authentication preventing signatures (DAPS) from a special class of identification schemes that we define and call trapdoor. We instantiate this to get specific schemes, namely GQ-DAPS (based on RSA) and CF-DAPS (using factoring-based claw-free functions). Our implementations, using OpenSSL\'s crypto library on an Intel Core i7, show that our DAPS schemes are not only significantly more efficient than prior DAPS schemes but competitive with in-use signature schemes that lack the double authentication preventing property.

Naveed, Kamara, and Wright\'s recent paper \"Inference Attacks on Property-Preserving Encrypted Databases\" (ACM-CCS 2015) evaluated four attacks on encrypted databases, such as those based on the design of CryptDB (Popa et al., SOSP 2011). Two of these attacks---frequency analysis and l_p-optimization---apply to deterministically encrypted columns when there is a publicly-available auxiliary data set that is \"well-correlated\" with the ciphertext column. In their experiments, frequency analysis performed at least as well as l_p-optimization for p=1, 2, and 3. We use maximum likelihood estimation to confirm their intuition and show that frequency analysis is an optimal cryptanalytic technique in this scenario.