IET Information Security最新文献

Since their introduction in early 2000, CPA (correlation power analysis), as a cryptographic tool, has been widely used in the cryptanalysis of cryptographic algorithms (being applicable to both symmetric key ciphers as well as to public key encryption schemes). An application of the classical CPA method, along with its variants, to cryptographic algorithms that use parallel implementation of its substitution boxes (S-boxes) commonly requires more power traces to extract the secret key compared to the case when serial implementation of S-boxes is employed. To reduce the amount of power traces in this scenario, we propose a modification of the standard CPA approaches and demonstrate practically that our method performs better than the existing ones in this respect. To verify the efficiency of our improved CPA method, we apply it to the public databases of DPA Contest V2. In particular, the experimental results show that only 495 power traces are required to recover the secret key of AES. We also compare the performance of our attack to the relevant methods whose parameters are available at DPA Contest V2. The results show that compared to the best nonprofiling side-channel attack (SCA) attack, our method reduces the number of power traces required to recover the secret key by 6,566. Also, our new method performs almost similarly as the best profiling SCA attack of Benoit Gerard (in terms of the required number of power traces), thus reducing the gap in the performance of profiling and nonprofiling SCA attacks.

WARP, an efficient lightweight block cipher presented by Banik et al., offers a viable alternative to AES with its 128-bit block and a 128-bit key. It adopts a 32-nibble type-II generalized Feistel network (GFN) structure, incorporating a nibble permutation optimized for both security and efficiency. Notably, WARP has achieved the lowest hardware implementation among 128-bit block ciphers. Its bit-serial encryption-only circuit is only 763 gate equivalents (GEs). Consequently, WARP has received significant attention since its inception. The designers evaluated the number of active Sboxes for linear trails in WARP to establish its security. To further investigate WARP’s resistance against linear attacks, we employed an automated model to analyze the optimal linear trails/hulls of WARP. To achieve this, the problem will be transformed into a Boolean satisfiability problem (SAT). The constraints in conjunctive normal form (CNF) are used to describe the mask propagation of WARP and invoke the SAT solver to find valid solutions. The results allowed us to obtain the optimal correlation of the initial 21-round linear trails for WARP. Furthermore, by enumerating the linear trails within a linear hull, the distribution of linear trails is revealed, and the probability of the linear hull is improved to be more accurate. This work extends the linear distinguisher from 18 to 21 rounds. Additionally, the first independent analysis of WARP’s linear properties is presented, offering a more precise evaluation of its resistance against linear cryptanalysis.

Randomized butterfly architecture of fast Fourier transform for key cipher (RBFK) is the lightweight block cipher for Internet of things devices in an edge computing environment. Although the authors claimed that RBFK is secure against differential cryptanalysis, linear cryptanalysis, impossible differential attack, and zero correlation linear cryptanalysis, the details were not explained in the literature. Therefore, we have evaluated the security of RBFK by application of differential cryptanalysis, linear cryptanalysis, and meet-in-the-middle (MITM) attack and have found that RBFK is not secure against these attacks. This paper introduces not only a distinguish attack but also key recovery attacks on full-round RBFK. In the distinguish attack scenario, data for differential cryptanalysis are two, and the time complexity is one for an exclusive-OR operation. In the key recovery attack scenario, the data for linear cryptanalysis are one pair of known plaintext–ciphertext. The time complexity is one operation for a linear sum. Data for an MITM attack are two. The time complexity is 2⁴⁸ encryptions; the memory complexity is 2⁴⁵ bytes. Because the vulnerabilities are identified in the round function and the key scheduling part, we propose some improvements for RBFK against these attacks.

As a multireceiver variant of public key authenticated encryption with keyword search (PAEKS), broadcast authenticated encryption with keyword search (BAEKS) was proposed by Liu et al. (ACISP 2021). BAEKS focuses on receiver anonymity, where no information about the receiver is leaked from ciphertexts, which is reminiscent of the anonymous broadcast encryption. Here, there are rooms for improving their security definitions, e.g., two challenge sets of receivers are selected before the setup phase, and an adversary is not allowed to corrupt any receiver. In this paper, we propose a generic construction of BAEKS derived from PAEKS that provides ciphertext anonymity and consistency in a multireceiver setting. The proposed construction is an extension of the generic construction proposed by Libert et al. (PKC 2012) for the fully anonymous broadcast encryption and provides adaptive corruptions. We also demonstrate that the Qin et al. PAEKS scheme (ProvSec 2021) provides ciphertext anonymity and consistency in a multireceiver setting and can be employed as a building block of the proposed generic construction.

We present an inner-product matchmaking encryption (IP-ME) scheme achieving weak privacy and authenticity in prime-order groups under symmetric external Diffie–Hellman (SXDH) assumption in the standard model. We further present an IP-ME with Monotone Span Program Authenticity (IP-ME with MSP Auth) scheme, where the chosen sender policy is upgraded to MSP, and the scheme also achieves weak privacy and authenticity in prime-order groups under SXDH assumption in the standard model. Both of the schemes have more expressive functionalities than identity-based matchmaking encryption (IB-ME) scheme, and are simpler than Ateniese et al.’s modular ME scheme (Crypto’ 19). But our schemes only achieve a very limited flavor of security, which is reflected in the privacy.

With the deepening of research, how to construct a fully homomorphic signcryption scheme based on standard assumptions is a problem that we need to solve. For this question, recently, Jin et al. proposed a leveled fully homomorphic signcryption scheme from standard lattices. However, when verifying, it is supposed to unsigncrypt first as they utilize sign-then-encrypt method. This leads to users being unable to verify the authenticity of the data first, which resulting in the waste of resources. This raises another question of how to construct an fully homomorphic signcryption (FHSC) scheme with public verifiability. To solve this problem, we propose a leveled fully homomorphic signcryption scheme that can be publicly verified and show its completeness, IND-CPA security, and strong unforgeability.

Facing the potential threat raised by quantum computing, a great deal of research from many groups and industrial giants has gone into building public-key post-quantum cryptographic primitives that are resistant to the quantum attackers. Among them, there is a large number of post-quantum key encapsulation mechanisms (KEMs), whose purpose is to provide a secure key exchange, which is a very crucial component in public-key cryptography. This paper presents a formal security analysis of three lattice-based KEMs including Kyber, Saber, and SK-MLWR. We use Maude, a specification language supporting equational and rewriting logic and a high-performance tool equipped with many advanced features, such as a reachability analyzer that can be used as a model checker for invariant properties, to model the three KEMs as state machines. Because they all belong to the class of lattice-based KEMs, they share many common parts in their designs, such as polynomials, vectors, and message exchange patterns. We first model these common parts and combine them into a specification, called base specification. After that, for each of the three KEMs, by extending the base specification, we just need to model some additional parts and the mechanism execution. Once completing the three specifications, we conduct invariant model checkings with the Maude search command, pointing out a similar man-in-the-middle attack. The occurrence of this attack is due to the fact that authentication is not part of the KEMs, and therefore an active attacker can modify all communication between two honest parties.

SM4 is a popular block cipher issued by the Office of State Commercial Cryptography Administration (OSCCA) of China. In this paper, we use the bit-slicing technique that has been shown as a powerful strategy to achieve very fast software implementations of SM4. We investigate optimizations on two frontiers. First, we present a more efficient bit-sliced representation for SM4, which enables running 64 blocks in parallel with 256-bit registers. Second, we describe an optimized algorithm for data form transformations, also allowing efficient implementations of SM4 under Counter (CTR) mode and Galois/Counter mode. The above optimizations contribute to a significant performance gain on one core compared with the state-of-the-art results. This work is an extension of the conference paper at Inscrypt 2022, awarded the best paper award.

Satellite internet serves as an indispensable component of the upcoming sixth-generation networks for providing global broadband internet access service. Due to the open nature of satellite-ground communication, security issue in satellite internet has always been an important concern for both industry and academia. Although many researchers focus on secure communications in satellite internet, the literature is surprisingly sparse, with no comprehensive overview of the state-of-the-art security techniques. This paper provides an in-depth survey of secure communications for various satellite internet scenarios. Based on different security mechanisms, we first categorize the existing works of secure communications in satellite internet into two categories: cryptography-based and physical layer security-based. The former includes classical encryption-based and quantum encryption-based secure communication, and the latter is further divided into precoding-based, cooperative jamming-based, relay selection-based, and physical-layer authentication-based secure communication depending on the applied techniques. Finally, we provide some future research directions.

With the deep integration and wide application of advanced digital sensing, Internet of Things technology, and energy technology in power systems. Power information systems and physical systems are gradually being coupled and developed into power cyber–physical systems (CPS). A number of blackouts in recent years have shown that cyberspace cyber attacks on CPS can lead to the intensification and rapid spread of faults in the physical space of the power grid, and even system collapse. Aiming at the difficulty of analyzing the evolution of cyber–physical cross-space impacts of cyber-attacks, this paper proposes a cross-domain propagation impact assessment method that considers cyber–physical coupling risks caused by attacks. First, according to the multiple coupling relationship between the power system information space and physical space, the monitoring function model and the control function model are established. Second, under the effect of high-concealment attack, analyze the impact of the risk caused by its failure after it is transmitted to the physical space with different propagation probabilities. Finally, the experimental verification was carried out using the IEEE RTS79 standard test system. The simulation results show that the proposed method can comprehensively consider the cyber–physical energy supply coupling relationship, the risk propagation probability, and the operating characteristics of the information system, and effectively quantify and evaluate the impact of information space network attacks on the physical space entity power grid. It further reveals the objective law that information space risks can evolve and spread across domains under the condition of strong coupling of information physics.