Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Latest Attacks on AES Mehrdad Abdi 1 بسم الله الرحمن الرحیم.

Published byMarianna Knight Modified over 9 years ago

Similar presentations

Presentation on theme: "The Latest Attacks on AES Mehrdad Abdi 1 بسم الله الرحمن الرحیم."— Presentation transcript:

1 The Latest Attacks on AES Mehrdad Abdi 1 بسم الله الرحمن الرحیم

2 Content AES Attacks on AES – Brute force Attack – Theoretical Attacks – Side channel Attacks Conclusion Open problem References 2

3 AES Rijndael – Rijmen and Daemen – 1 st publish on 1998 AES Contest – AES winner (2001) 3

4 AES (cont.) The three criteria: [1] – Resistance against all known attacks – Speed and code compactness on a wide range of platforms – Design simplicity A fixed block size of 128 bits A key size of 128, 192, or 256 bits Number of rounds: 10, 12, 14 4

5 AES (cont.) Specification – Rounds transformation based on SP Network – A Simple Key Scheduler 5

6 Attacks on AES 6

7 Brute force 2 256 7 256 bit is roughly equal to the number of atoms in universe The Largest successful brute force RC 5 64 bit key Distributed networks 5 years [2]

8 Attacks on AES Theoretical Attacks Side channel Attacks 8

9 XSL Multivariate quadratic equations Linearization (L) [3] – Kipnis and Shamir - 1999 – HFE – Too few equations eXtended Linearization (XL) [4] – Courtois et al. – 2000 – Complexity 9 Complexity estimates showed that the XL attack would not work against the equations derived from block ciphers such as AES

10 XSL (cont.) eXtended Sparse Linearization (XSL) [5] – Courtois and Pieprzyk – 2002 – AES, SERPENT – The S-box of AES : algebraically simple inverse function. – Only one or two known plaintexts – High work-factor 10

11 XSL (cont. ) 11 Rijmen The XSL attack is not an attack. It is a dream Courtois It will become your nightmare Cid and Leurent - 2005: the XSL algorithm does not provide an efficient method for solving the AES system of equations N  !!

12 Related-Key Attack based on Key Scheduler weakness Related key Attack – Biham – 1992 [6] Alex Biryukov – 2 119 – 2 99.5 – 2 96 – 2 35 12

13 Biclique Microsoft Research [7] August 2011 Results: – The full AES-128 with computational complexity 2 126.1 – The full AES-192 with computational complexity 2 189.7 – The full AES-256 with computational complexity 2 254.4 13 Why you might want to rename AES-128 into AES-126 in a few minutes

14 Side channel Attacks Any attack based on information gained from the physical implementation of a cryptosystem – Timing information – Power consumption – Electromagnetic leaks – Sound 14

15 Side channel Attacks (cont. ) AES – Cache-timing attack – 2005 – Differential fault analysis – 2010 15

16 Cache-timing attack Bernstein – 2005 [8] – A custom server that used OpenSSL's AES encryption – 200 million chosen plaintexts – The custom server: give out as much timing information as possible 16

17 Cache-timing attack (cont. ) Dag Arne Osvik, Adi Shamir and Eran Tromer [9] – 2005 – AES key after only 800 operations – 65 milliseconds – The attacker to be able to run programs on the same system 17

18 Differential fault analysis Dhiman Saha et al. – 2009 – India [10] Inducing a random fault anywhere in one of the four diagonals of the state matrix leads to the deduction of the entire AES key. 2 32 18

19 Conclusion Theoretical weaknesses on AES – Key Scheduler Side Channel Attacks AES: First public algorithm for [11] – CLASSIFIED up to SECRET : 128,192,256 bit key – TOP SECRET: 192, 256 bit key 19

20 Open Problems * 20 Side-Channel Attacks Cache-Timing channels S-BOX Power consumption Biclique XSL Cache Games Electromagnetic leaks Fault analysis Timing information Related-Key Key Scheduler SP Network Breaking AES Theoretically Known Plain Text Chosen Plain Text

21 MS Project A new key scheduler for AES resistant to related-key 21

22 References [1] Daemen, Rijmen, "AES Proposal : Rijndael", The First Advanced Encryption Standard Candidate Conference, N.I.S.T., 1998. [2] Ou, George (April 30, 2006). "Is encryption really crackable?". (http://www.zdnet.com/blog/ou/is-encryption-really- crackable/204) [3] Cryptanalysis of the HFE Public Key Cryptosystem by Relinearization. - Aviad Kipnis, Adi Shamir - CRYPTO '99 [4] Nicolas Courtois, Alexander Klimov, Jacques Patarin, Adi Shamir (2000). "Efficient Algorithms for Solving Overdefined Systems of Multivariate Polynomial Equations“, LNCS 1807: 392–407 [5] Nicolas Courtois, Josef Pieprzyk (2002). "Cryptanalysis of Block Ciphers with Overdefined Systems of Equations". LNCS 2501: 267– 287 22

23 Reference [6] Eli Biham, New Types of Cryptanalytic Attacks Using Related Keys, Proceedings of Eurocrypt'93, LNCS 765 [7] Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger. "Biclique Cryptanalysis of the Full AES“, Microsoft Research, 2011 [8] cr.yp.to/antiforgery/cachetiming-20050414.pdf [9] Dag Arne Osvik1; Adi Shamir2 and Eran Tromer2. Cache Attacks and Countermeasures: the Case of AES. Eprint 2008 [10] Dhiman Saha, Debdeep Mukhopadhyay, Dipanwita RoyChowdhury. A Diagonal Fault Attack on the Advanced Encryption Standard. Eprint - 2009 [11] http://en.wikipedia.org/wiki/Advanced_Encryption_Standard 23

24 ? 24

Download ppt "The Latest Attacks on AES Mehrdad Abdi 1 بسم الله الرحمن الرحیم."

Similar presentations

AES Side Channel Attacks

AES Side Channel Attacks
Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.

Origins  clear a replacement for DES was needed Key size is too small Key size is too small The variants are just patches The variants are just patches.
“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 5 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 5

Cryptography and Network Security Chapter 5
Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.

Symmetric Encryption Example: DES Weichao Wang. 2 Overview of the DES A block cipher: – encrypts blocks of 64 bits using a 64 bit key – outputs 64 bits.
Sukesh Jain – Media Informatics

Sukesh Jain – Media Informatics
History Applications Attacks Advantages & Disadvantages Conclusion.

History Applications Attacks Advantages & Disadvantages Conclusion.
Towards SHA-3 Christian Rechberger, KU Leuven. Fundamental questions in CS theory Do oneway functions exist? Do collision-intractable functions exist?

Towards SHA-3 Christian Rechberger, KU Leuven. Fundamental questions in CS theory Do oneway functions exist? Do collision-intractable functions exist?
CMSC 414 Computer (and Network) Security Lecture 5 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 5 Jonathan Katz.
Cryptography and Network Security

Cryptography and Network Security
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
1 A simple algebraic representation of Rijndael Niels Ferguson Richard Schroeppel Doug Whiting.

1 A simple algebraic representation of Rijndael Niels Ferguson Richard Schroeppel Doug Whiting.
Advanced Encryption Standard(AES) Presented by: Venkata Marella Slide #9-1.

Advanced Encryption Standard(AES) Presented by: Venkata Marella Slide #9-1.
AES clear a replacement for DES was needed

AES clear a replacement for DES was needed
Full AES key extraction in 65 milliseconds using cache attacks

Full AES key extraction in 65 milliseconds using cache attacks
1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.

1 Overview of the DES A block cipher: –encrypts blocks of 64 bits using a 64 bit key –outputs 64 bits of ciphertext A product cipher –basic unit is the.
Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.

Cryptography and Network Security (AES) Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 10/18/2009 INCS 741: Cryptography 10/18/20091Dr.
Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard It seems very simple. It is very simple. But if you don't know.

Cryptography and Network Security Chapter 5. Chapter 5 –Advanced Encryption Standard "It seems very simple." "It is very simple. But if you don't know.
Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.

Cryptography and Network Security Chapter 5 Fourth Edition by William Stallings.

Similar presentations

Ads by Google