The Latest Attacks on AES Mehrdad Abdi 1 بسم الله الرحمن الرحیم.

Slides:



Advertisements
Similar presentations
AES Side Channel Attacks
Advertisements

Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.
“Advanced Encryption Standard” & “Modes of Operation”
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 5
Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.
Sukesh Jain – Media Informatics
History Applications Attacks Advantages & Disadvantages Conclusion.
Towards SHA-3 Christian Rechberger, KU Leuven. Fundamental questions in CS theory Do oneway functions exist? Do collision-intractable functions exist?
CMSC 414 Computer (and Network) Security Lecture 5 Jonathan Katz.
Cryptography and Network Security
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
1 A simple algebraic representation of Rijndael Niels Ferguson Richard Schroeppel Doug Whiting.
Advanced Encryption Standard(AES) Presented by: Venkata Marella Slide #9-1.
AES clear a replacement for DES was needed
Full AES key extraction in 65 milliseconds using cache attacks
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.
Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know.
Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.
CS Network Security Lecture 2 Prof. Katz. 9/7/2000Lecture 2 - Data Encryption2 DES – Data Encryption Standard Private key. Encrypts by series of.
Lecture 23 Symmetric Encryption
CS470, A.SelcukAfter the DES1 Block Ciphers After the DES CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
AES Proposal: Rijndael Joan Daemen Vincent Rijmen “Rijndael is expected, for all key and block lengths defined, to behave as good as can be expected from.
Kevin Orr JT Schratz AES ENCRYPTION. OVERVIEW History Algorithm Uses Brute Force Attack.
Cryptanalysis. The Speaker  Chuck Easttom  
By Sean Fisk.  Not a new technology  Inherently insecure  In recent years, increased popularity.
Chapter 5 Advanced Encryption Standard. Origins clear a replacement for DES was needed –have theoretical attacks that can break it –have demonstrated.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
The Data Encryption Standard - see Susan Landau’s paper: “Standing the test of time: the data encryption standard.” DES - adopted in 1977 as a standard.
Cryptography and Network Security
Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know what the key is it's virtually indecipherable."
Linear Fault Analysis of Block Ciphers Zhiqiang Liu 1, Dawu Gu 1, Ya Liu 1, Wei Li 2 1. Shanghai Jiao Tong University 2. Donghua University ACNS 2012 June.
9/17/15UB Fall 2015 CSE565: S. Upadhyaya Lec 6.1 CSE565: Computer Security Lecture 6 Advanced Encryption Standard Shambhu Upadhyaya Computer Science &
Advance Encryption Standard. Topics  Origin of AES  Basic AES  Inside Algorithm  Final Notes.
Week 3 - Monday.  What did we talk about last time?  Secure encryption  DES.
AES Background and Mathematics CSCI 5857: Encoding and Encryption.
FORESEC Academy FORESEC Academy Security Essentials (IV)
Information Security Lab. Dept. of Computer Engineering 122/151 PART I Symmetric Ciphers CHAPTER 5 Advanced Encryption Standard 5.1 Evaluation Criteria.
1 Lect. 10 : Cryptanalysis. 2 Block Cipher – Attack Scenarios  Attacks on encryption schemes  Ciphertext only attack: only ciphertexts are given  Known.
Rijndael Advanced Encryption Standard. Overview Definitions Definitions Who created Rijndael and the reason behind it Who created Rijndael and the reason.
Description of a New Variable-Length Key, 64-Bit Block Cipher (BLOWFISH) Bruce Schneier BY Sunitha Thodupunuri.
AES: Rijndael 林志信 王偉全. Outline Introduction Mathematical background Specification Motivation for design choice Conclusion Discussion.
Advanced Encryption Standard. Origins NIST issued a new version of DES in 1999 (FIPS PUB 46-3) DES should only be used in legacy systems 3DES will be.
Exploiting Cache-Timing in AES: Attacks and Countermeasures Ivo Pooters March 17, 2008 Seminar Information Security Technology.
Lecture 23 Symmetric Encryption
Cache Attacks and Countermeasures:
Fifth Edition by William Stallings
Chapter 2 (C) –Advanced Encryption Standard. Origins clearly a replacement for DES was needed –have theoretical attacks that can break it –have demonstrated.
Advanced Encryption Standard Dr. Shengli Liu Tel: (O) Cryptography and Information Security Lab. Dept. of Computer.
Module :MA3036NI Symmetric Encryption -4 Lecture Week 5.
CRYPTOGRAPHY PRESENTED BY : NILAY JAYSWAL BRANCH : COMPUTER SCIENCE & ENGINEERING ENTRY NO. : 14BCS033 1.
CS519, © A.SelcukDifferential & Linear Cryptanalysis1 CS 519 Cryptography and Network Security Instructor: Ali Aydin Selcuk.
RC6: The Simple Cipher Presenter: Morgan Monger. RC6 Cipher Created by Ronald Rivest et al. for AES submission Follows the evolution of RC5 cipher –Parameterized.
The Advanced Encryption Standard Part 1: Overview
CSE 5/7353 – January 25 th 2006 Cryptography. Conventional Encryption Shared Key Substitution Transposition.
Understanding Cryptography by Christof Paar and Jan Pelzl Chapter 4 – The Advanced Encryption Standard (AES) ver. October 28, 2009.
CST 312 Pablo Breuer. A block of plaintext is treated as a whole and used to produce a ciphertext block of equal length Typically a block size of 64 or.
1 CPCS425: Information Security (Topic 5) Topic 5  Symmetrical Cryptography  Understand the principles of modern symmetric (conventional) cryptography.
CSE565: Computer Security Lectures 5 & 6 Advanced Encryption Standard
Triple DES.
School of Computer Science and Engineering Pusan National University
STRATEGIC ENCRYPTION
Cryptography and Network Security
Chapter -3 ADVANCED ENCRYPTION STANDARD & BLOCK CIPHER OPERATION
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Advanced Encryption Standard
Presentation transcript:

The Latest Attacks on AES Mehrdad Abdi 1 بسم الله الرحمن الرحیم

Content AES Attacks on AES – Brute force Attack – Theoretical Attacks – Side channel Attacks Conclusion Open problem References 2

AES Rijndael – Rijmen and Daemen – 1 st publish on 1998 AES Contest – AES winner (2001) 3

AES (cont.) The three criteria: [1] – Resistance against all known attacks – Speed and code compactness on a wide range of platforms – Design simplicity A fixed block size of 128 bits A key size of 128, 192, or 256 bits Number of rounds: 10, 12, 14 4

AES (cont.) Specification – Rounds transformation based on SP Network – A Simple Key Scheduler 5

Attacks on AES 6

Brute force bit is roughly equal to the number of atoms in universe The Largest successful brute force RC 5 64 bit key Distributed networks 5 years [2]

Attacks on AES Theoretical Attacks Side channel Attacks 8

XSL Multivariate quadratic equations Linearization (L) [3] – Kipnis and Shamir – HFE – Too few equations eXtended Linearization (XL) [4] – Courtois et al. – 2000 – Complexity 9 Complexity estimates showed that the XL attack would not work against the equations derived from block ciphers such as AES

XSL (cont.) eXtended Sparse Linearization (XSL) [5] – Courtois and Pieprzyk – 2002 – AES, SERPENT – The S-box of AES : algebraically simple inverse function. – Only one or two known plaintexts – High work-factor 10

XSL (cont. ) 11 Rijmen The XSL attack is not an attack. It is a dream Courtois It will become your nightmare Cid and Leurent : the XSL algorithm does not provide an efficient method for solving the AES system of equations N  !!

Related-Key Attack based on Key Scheduler weakness Related key Attack – Biham – 1992 [6] Alex Biryukov – – – 2 96 –

Biclique Microsoft Research [7] August 2011 Results: – The full AES-128 with computational complexity – The full AES-192 with computational complexity – The full AES-256 with computational complexity Why you might want to rename AES-128 into AES-126 in a few minutes

Side channel Attacks Any attack based on information gained from the physical implementation of a cryptosystem – Timing information – Power consumption – Electromagnetic leaks – Sound 14

Side channel Attacks (cont. ) AES – Cache-timing attack – 2005 – Differential fault analysis –

Cache-timing attack Bernstein – 2005 [8] – A custom server that used OpenSSL's AES encryption – 200 million chosen plaintexts – The custom server: give out as much timing information as possible 16

Cache-timing attack (cont. ) Dag Arne Osvik, Adi Shamir and Eran Tromer [9] – 2005 – AES key after only 800 operations – 65 milliseconds – The attacker to be able to run programs on the same system 17

Differential fault analysis Dhiman Saha et al. – 2009 – India [10] Inducing a random fault anywhere in one of the four diagonals of the state matrix leads to the deduction of the entire AES key

Conclusion Theoretical weaknesses on AES – Key Scheduler Side Channel Attacks AES: First public algorithm for [11] – CLASSIFIED up to SECRET : 128,192,256 bit key – TOP SECRET: 192, 256 bit key 19

Open Problems * 20 Side-Channel Attacks Cache-Timing channels S-BOX Power consumption Biclique XSL Cache Games Electromagnetic leaks Fault analysis Timing information Related-Key Key Scheduler SP Network Breaking AES Theoretically Known Plain Text Chosen Plain Text

MS Project A new key scheduler for AES resistant to related-key 21

References [1] Daemen, Rijmen, "AES Proposal : Rijndael", The First Advanced Encryption Standard Candidate Conference, N.I.S.T., [2] Ou, George (April 30, 2006). "Is encryption really crackable?". ( crackable/204) [3] Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization. - Aviad Kipnis, Adi Shamir - CRYPTO '99 [4] Nicolas Courtois, Alexander Klimov, Jacques Patarin, Adi Shamir (2000). "Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations“, LNCS 1807: 392–407 [5] Nicolas Courtois, Josef Pieprzyk (2002). "Cryptanalysis of Block Ciphers with Overdefined Systems of Equations". LNCS 2501: 267–

Reference [6] Eli Biham, New Types of Cryptanalytic Attacks Using Related Keys, Proceedings of Eurocrypt'93, LNCS 765 [7] Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger. "Biclique Cryptanalysis of the Full AES“, Microsoft Research, 2011 [8] cr.yp.to/antiforgery/cachetiming pdf [9] Dag Arne Osvik1; Adi Shamir2 and Eran Tromer2. Cache Attacks and Countermeasures: the Case of AES. Eprint 2008 [10] Dhiman Saha, Debdeep Mukhopadhyay, Dipanwita RoyChowdhury. A Diagonal Fault Attack on the Advanced Encryption Standard. Eprint [11] 23

? 24

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.