{"id":15,"date":"2020-04-20T15:59:50","date_gmt":"2020-04-20T19:59:50","guid":{"rendered":"https:\/\/carleton.ca\/mtaha\/?page_id=15"},"modified":"2020-04-21T13:04:16","modified_gmt":"2020-04-21T17:04:16","slug":"research","status":"publish","type":"page","link":"https:\/\/carleton.ca\/mtaha\/research\/","title":{"rendered":"Research"},"content":{"rendered":"

Research<\/span><\/h3>\n
\n
\n\n\n\n
\n
\n
\n
<\/div>\n

<\/a>Research Context:<\/h3>\n

As embedded systems are being massively deployed in the automotive industry, intelligent healthcare, Internet-of-Things (IoT) and smart infrastructure, developing security-aware designs became a vital research area. These systems are not only highly-constrained design environments, but are also vulnerable to implementation attacks. Implementation attacks are practical attacks that target the underlying implementation of a cryptographic algorithm rather than its mathematical foundation. The power consumption, electromagnetic radiation, execution time and response to injected faults are side-channel outputs that can leak information about the internal secret key, an attack that is commonly called Side-Channel Analysis (SCA). SCA is a passive, noninvasive attack that can not be detected by the underlying system (other than fault injection, which is active) and can break an AES implementation after a single execution.\u00a0 For instance, an adversary can apply SCA over a legitimate sensor or control unit that he owns in order to reveal the secret key used for communication. Then, he can put this sensor in a target system in order to cause physical damage.<\/p>\n

<\/a>Summary: My research seeks a deeper and more quantified understanding of implementation attacks against critical IoT systems and proposes novel, security-aware designs that are protected against these attacks without violating usability, cost or real-time constraints.<\/i><\/h4>\n<\/div>\n

<\/a>LR-Keymill: a new crypto structures with inherent security against SCA<\/b><\/h2>\n
\n
\n
\n
<\/a><\/div>\n

In the crypto community, it is widely acknowledged that any cryptographic scheme that is built with no special countermeasure against side-channel attacks (SCA) can be easily broken. Our new research challenges this intuition. Lets introduce LR-Keymill.<\/p>\n

LR-Keymill, or Leakage Resilient Keymill, is an SCA-secured keystream generator. It accepts 128-bits of secret key and 128-bits of Initialization Vector (IV) to generate a pseudorandom binary output stream of any length. LR-Keymill consists of four NLFSRs where the feedback functions are connected together through a rotating cross-connect, as shown in the figure. The rotating cross-connect mixes the feedback functions, so that, the internal state of any register depends on the internal state of all the other register. More details about LR-Keymill can be found in these two papers, here<\/a> and here<\/a>.<\/p>\n

LR-Keymill is secured against passive SCA attacks without incorporating any special SCA countermeasures. The reason for this claim is that (very briefly), for every secret key, there is a large set of other keys that generate the exact same power signature, mandating a post-attack search phase with large time-complexity. On average, the required time-complexity after an SCA attack against the LR-Keymill is 67.9 bits. This time-complexity exceeds the birthday-boundary of AES (64 bits), and is considered safe for practical applications.<\/p>\n<\/div>\n

More details and the security proofs can be found here<\/a> and here<\/a>.<\/div>\n
\n

<\/a>Previous Work<\/h2>\n

Some of my previous research can be captured in this diagram:<\/p>\n

<\/a><\/div>\n
<\/div>\n
<\/div>\n<\/div>\n
\n

<\/a> Attacking Block-Ciphers:<\/h3>\n