{"title":"轻量级分组密码机插拔故障分析","authors":"Haiyan Xiao, Lifang Wang","doi":"10.1002/spy2.286","DOIUrl":null,"url":null,"abstract":"In recent years, many lightweight block ciphers were proposed to provide security for resource‐constrained environments such as Internet of Things (IoT). PIPO, which stands for “plug‐in plug‐out”, is just a lightweight bit‐sliced block cipher offering excellent performance in 8‐bit AVR software implementations. In fact, PIPO owns 64‐bit input and output, 128‐bit secret key. In this article, we consider the differential fault analysis (DFA), a typical side‐channel attack, on the PIPO cipher. More concretely, for the first time, we apply the mixed attack model, which considers the DFA on the encryption state and key schedule simultaneously, to recover PIPO's 128‐bit master key. The theoretical analysis shows that, in average, after injecting 4‐byte faults, the complexity of obtaining the master key reduces from 2128 reduces to 214. In fact, this attack model alleviates the assumption on attacker than the bit‐injection case. It should be noted that our analysis also holds for other bit‐sliced block ciphers. Finally, the simulations show that our proposed DFA on PIPO cipher is rather practical.","PeriodicalId":29939,"journal":{"name":"Security and Privacy","volume":"15 10","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2023-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Differential fault analysis on the lightweight block cipher plug‐in plug‐out\",\"authors\":\"Haiyan Xiao, Lifang Wang\",\"doi\":\"10.1002/spy2.286\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In recent years, many lightweight block ciphers were proposed to provide security for resource‐constrained environments such as Internet of Things (IoT). PIPO, which stands for “plug‐in plug‐out”, is just a lightweight bit‐sliced block cipher offering excellent performance in 8‐bit AVR software implementations. In fact, PIPO owns 64‐bit input and output, 128‐bit secret key. In this article, we consider the differential fault analysis (DFA), a typical side‐channel attack, on the PIPO cipher. More concretely, for the first time, we apply the mixed attack model, which considers the DFA on the encryption state and key schedule simultaneously, to recover PIPO's 128‐bit master key. The theoretical analysis shows that, in average, after injecting 4‐byte faults, the complexity of obtaining the master key reduces from 2128 reduces to 214. In fact, this attack model alleviates the assumption on attacker than the bit‐injection case. It should be noted that our analysis also holds for other bit‐sliced block ciphers. Finally, the simulations show that our proposed DFA on PIPO cipher is rather practical.\",\"PeriodicalId\":29939,\"journal\":{\"name\":\"Security and Privacy\",\"volume\":\"15 10\",\"pages\":\"\"},\"PeriodicalIF\":1.5000,\"publicationDate\":\"2023-01-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Security and Privacy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1002/spy2.286\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q3\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1002/spy2.286","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0
摘要
近年来,人们提出了许多轻量级分组密码来为资源受限的环境(如物联网)提供安全性。PIPO,即“plug - in plug - out”,是一种轻量级的位切片分组密码,在8位AVR软件实现中提供出色的性能。实际上,PIPO拥有64位输入和输出,128位密钥。在本文中,我们考虑了PIPO密码的差分故障分析(DFA),这是一种典型的侧信道攻击。更具体地说,我们首次应用同时考虑加密状态和密钥调度上的DFA的混合攻击模型来恢复PIPO的128位主密钥。理论分析表明,平均而言,注入4字节错误后,获得主密钥的复杂度从2128降低到214。实际上,该攻击模型比注比特攻击模型减轻了对攻击者的假设。值得注意的是,我们的分析也适用于其他位切片分组密码。最后,仿真结果表明,该算法在PIPO密码上的DFA是非常实用的。
Differential fault analysis on the lightweight block cipher plug‐in plug‐out
In recent years, many lightweight block ciphers were proposed to provide security for resource‐constrained environments such as Internet of Things (IoT). PIPO, which stands for “plug‐in plug‐out”, is just a lightweight bit‐sliced block cipher offering excellent performance in 8‐bit AVR software implementations. In fact, PIPO owns 64‐bit input and output, 128‐bit secret key. In this article, we consider the differential fault analysis (DFA), a typical side‐channel attack, on the PIPO cipher. More concretely, for the first time, we apply the mixed attack model, which considers the DFA on the encryption state and key schedule simultaneously, to recover PIPO's 128‐bit master key. The theoretical analysis shows that, in average, after injecting 4‐byte faults, the complexity of obtaining the master key reduces from 2128 reduces to 214. In fact, this attack model alleviates the assumption on attacker than the bit‐injection case. It should be noted that our analysis also holds for other bit‐sliced block ciphers. Finally, the simulations show that our proposed DFA on PIPO cipher is rather practical.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
