J. Kelsey, B. Schneier, D. Wagner, and C. Hall. Side Channel Cryptanalysis of Product Ciphers. Journal of Computer Security, vol.8, pages 141-158, 2000.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....coalesces identical files within a local file system. LBFS [28] identifies identical portions of different files to reduce network bandwidth rather than storage usage. Convergent encryption deliberately leaks information. Other research has studied unintentional leaks through side channels [22] such as computational timing[238 measured power consumption [24] or response to injected faults [5] Like convergent encryption, BEAR[3 derives an encryption key from a partial plaintext hash. Song et al. 35] developed techniques for searching encrypted data. SALAD has similarities to the ....

J. Kelsey, B. Schneier, D. Wagner, and C. Hall, "Side Channel Cryptanalysis of Product Ciphers", Journal of Computer Security 8(2-3), 2000, pp. 141-158.

....Use of Cache Memory as a Cryptanalytic Side Channel D. Page Department of Computer Science, University of Bristol http: www.cs.bris.ac. uk Abstract We expand on the idea, proposed by Kelsey et al. [14], of cache memory being used as a side channel which leaks information during the run of a cryptographic algorithm. By using this side channel, an attacker may be able to reveal or narrow the possible values of secret information held on the target device. We describe an attack which encrypts ....

J. Kelsey, B. Schneier, D. Wagner, and C. Hall. Side Channel Cryptanalysis of Product Ciphers. In 5th European Symposium on Research in Computer Security, volume 1485, pages 97--110. Springer-Verlag, 1998.

....SCIENCE Theoretical Use of Cache Memory as Cryptanalytic Side Channel Page Theoretical Use of Cache Memory as a Cryptanalytic Side Channel D. Page Department of Computer Science, University of Bristol, UK http: www.cs.bris.ac. uk Abstract We expand on the idea, proposed by Kelsey et al. [8], of cache memory being used as a side channel which leaks information during the run of a cryptographic algorithm. By using this side channel, an attacker may be able to reveal or narrow the possible values of secret information held on the target device. As well as describing a theoretical ....

....be altered or damaged in any way during the attack. Other side channel attacks which are progressively more intrusive include timing attacks [12] electro magnetic radiation analysis [7] and glitch and fault analysis based attacks [5] In their review of sidechannel cryptanalysis, Kelsey et al. [8] state: We believe attacks based on cache hit ratio in large S box ciphers like Blowfish, CAST and Khufu are possible. 8, Section 7] 1 We show precisely how cache profiles can aid the recovery of secret information, thereby confirming this prediction. Since cache memory represents a large ....

J. Kelsey, B. Schneier, D. Wagner, and C. Hall. Side Channel Cryptanalysis of Product Ciphers. In 5th European Symposium on Research in Computer Security, volume 1485, pages 97--110. Springer-Verlag, 1998.

....of the encryption algorithms. These side channel analysis attacks are much more powerful compared to mathematical analysis based attacks. Kelsey, Schneier, Wagner, and Hall showed that even a small amount of side channel information is sufficient to break some of the common encryption algorithms [1]. Side channel attacks can be defeated by carefully designing the software hardware to either reduce the amount of side channel information that leaks or make the leakage irrelevant. Denying an attacker the ability to monitor the internal states can defeat processor flag based side channel attack ....

J. Kelsey, B. Schneier, D. Wagner, and C. Hall, "Side Channel Cryptanalysis of Product Ciphers", Proceedings of ESORICS '98, Springer-Verlag, September 1998, pp. 97-110.

....techniques, however, cannot address weaknesses in cryptographic algorithms that are due to a particular implementation in hardware. The realities of a physical implementation can be extremely difficult to control and often result in the leakage of side channel information. Techniques developed in [3] show how surprisingly little side channel information is required to break some common ciphers. Attacks have been proposed that use such information as timing measurements [4,5] power consumption [6] electromagnetic emissions [7] and faulty hardware [8,9] Eliminating side channel information ....

....using DPA. In [6] the authors outline a specific DPA attack against smartcards running the DES [12] algorithm. The purpose of this paper is to present actual results from monitoring smartcard power signals and to introduce techniques that help maximize such side channel information. Whereas [3] showed how little side channel information is required by an attacker, this paper takes the alternate approach and provides a first step towards showing how such information can be maximized. Adversaries will obviously choose attacks that maximize 1. Partially supported by NSF Grant CCR 9800070. ....

J. Kelsey, B. Schneier, D. Wagner, and C. Hall, "Side Channel Cryptanalysis of Product Ciphers," in Proceedings of ESORICS '98, Springer-Verlag, September 1998, pp. 97-110.

....we believe that CRYPTON also provides strong resistance against algebraic cryptanalysis, such as the interpolation attack. There are some kinds of non cryptographic, implementation dependent attacks on cryptosystems. These include the timing attack [11] and other side channel cryptanalysis [9], such as differential fault analysis and differential power analysis, etc. The timing attack is hard to apply to CRYPTON, since each processing steps in CRYPTON involves the same kind of operations up to byte levels. Due to the same reason, we believe that CRYPTON is more reliable against ....

J.Kelsey, B.Schneier, D.Wagner and C.Hall, Side channel cryptanalysis of product ciphers, In Computer Security-ESORICS'98, LNCS 1485, Springer-Verlag, 1998.

No context found.

John Kelsey, Bruce Schneier, David Wagner, and Chris Hall. Side Channel Cryptanalysis of Product Ciphers. Journal of Computer Security, 8:141--158, 2000.

No context found.

John Kelsey, Bruce Schneier, David Wagner, and Chris Hall. Side Channel Cryptanalysis of Product Ciphers. Journal of Computer Security, 8:141--158, 2000.

No context found.

J. Kelsey, B. Schneier, D. Wagner, "Side Channel Cryptanalysis of Product Ciphers, " ESORICS'98, LNCS 1485, Springer-Verlag, 1998.

No context found.

John Kelsey, Bruce Schneier, David Wagner, and Chris Hall. Side Channel Cryptanalysis of Product Ciphers. Journal of Computer Security, 8:141--158, 2000.

No context found.

J. Kelsey, B. Schneier, D. Wagner, and C. Hall, \Side Channel Cryptanalysis of Product Ciphers," ESORICS '98 Proceedings, Springer-Verlag, 1998, pp. pp 97-110.

....the computation [25, 26] and this has led to practical attacks on smartcards. Electromagnetic radiation [33, 16, 34] compromising emanations [36] crosstalk onto the power line [37, 35] return signals obtained by illuminating electronic equipment [3, 35] magnetic fields [32] cache hit ratios [24, 30], and even sounds given off by rotor machines [23] can similarly give the attacker a window of visibility on internal values calculated during the computation. Also of interest is the probing attack, where the attacker places a metal needle on a wire of interest and reads off the value carried ....

J. Kelsey, B. Schneier, D. Wagner, "Side Channel Cryptanalysis of Product Ciphers," ESORICS '98, LNCS 1485, Springer-Verlag, 1998.

....is secure, then so is the generation mechanism. This was done because there are quite a number of apparently secure block ciphers available in the public domain. Side Channel Attacks Side channel attacks are attacks that use additional information about the inner workings of the implementation [KSWH98b]: timing attacks [Koc96] and power analysis [Koc98] are typical examples. Many PRNGs that are otherwise secure fall apart when any additional information about their internal operations are leaked. One example of this is the RSAREF 2.0 PRNG, which can be implemented in a way that is vulnerable to ....

J. Kelsey, B. Schneier, D. Wagner, and C. Hall, "Side Channel Cryptanalysis of Product Ciphers," ESORICS '98 Proceedings, Springer-Verlag, 1998, pp. pp 97--110.

No context found.

J. Kelsey, B. Schneier, D. Wagner, C. Hall, \Side Channel Cryptanalysis of Product Ciphers,' ESORICS '98 Proceedings, Springer-Verlag, September 1998, pp. 97-110

....feel that this is a relevant criterion by which to judge block ciphers. DPA [KJJ99] is a instance of side channel attacks cryptanalysis that makes use of information other than the algorithm s inputs and outputs. Examples of side channels include timing [Koc96] power [KJJ99] radiation, etc. [KSWH98]. Paul Kocher s consulting company, Cryptography Research, has done considerable work on side channel attacks, especially DPA [CR00] They have a portfolio of patent applications that they license to companies wanting to build DPA resistant hardware. None of these patent applications a#ect the ....

J. Kelsey, B. Schneier, D. Wagner, and C. Hall, "Side Channel Cryptanalysis of Product Ciphers," ESORICS '98 Proceedings, Springer-Verlag, 1998, pp 97--110.

....bytes at a time, thus recovering the entire key. 8.9 Side Channel Cryptanalysis and Fault Analysis Resistance to these attacks was not part of the AES criteria, and hence not a major concern in this design. However, we do have these comments to make on the design. Side channel cryptanalysis [KSWH98b] uses information about the cipher in addition to the plaintext or ciphertext. Examples include timing [Koc96] power consumption (including di erential power analysis [Koc98] NMR scanning, and electronic emanations. 21 With many algorithms it is possible to reconstruct the key from these side ....

J. Kelsey, B. Schneier, D. Wagner, and C. Hall, \Side Channel Cryptanalysis of Product Ciphers," ESORICS '98 Proceedings, Springer-Verlag, 1998, to appear.

....bytes at a time, thus recovering the entire key. 8.9 Side Channel Cryptanalysis and Fault Analysis Resistance to these attacks was not part of the AES criteria, and hence not a major concern in this design. However, we do have these comments to make on the design. Side channel cryptanalysis [KSWH98b] uses information about the cipher in addition to the plaintext or ciphertext. Examples include timing [Koc96] power consumption (including di#erential power analysis [Koc98] NMR scanning, and electronic emanations. 21 With many algorithms it is possible to reconstruct the key from these side ....

J. Kelsey, B. Schneier, D. Wagner, and C. Hall, "Side Channel Cryptanalysis of Product Ciphers," ESORICS '98 Proceedings, Springer-Verlag, 1998, to appear.

No context found.

J. Kelsey, B. Schneier, D. Wagner, C. Hall, "Side Channel Cryptanalysis of Product Ciphers,' ESORICS '98 Proceedings, Springer-Verlag, September 1998, pp. 97-110

....bytes at a time, thus recovering the entire key. 8.9 Side Channel Cryptanalysis and Fault Analysis Resistance to these attacks was not part of the AES criteria, and hence not a major concern in this design. However, we do have these comments to make on the design. Side channel cryptanalysis [KSWH98b] uses information about the cipher in addition to the plaintext or ciphertext. Examples include timing [Koc96] power consumption (including differential power analysis [Koc98] NMR scanning, and electronic emanations. 21 With many algorithms it is possible to reconstruct the key from these ....

J. Kelsey, B. Schneier, D. Wagner, and C. Hall, "Side Channel Cryptanalysis of Product Ciphers," ESORICS '98 Proceedings, Springer-Verlag, 1998, to appear.

No context found.

J. Kelsey, B. Schneier, D. Wagner, and C. Hall. Side Channel Cryptanalysis of Product Ciphers. Journal of Computer Security, vol.8, pages 141-158, 2000.

No context found.

J. Kelsey, B. Schneier, D. Wagner, and C. Hall, "Side channel cryptanalysis of product ciphers," J. Computer Security, vol. 8, no. 2, pp. 141--158, 2000.

No context found.

J. Kelsey and B. Schneier and D. Wagner and C. Hall. Side Channel Cryptanalysis of Product Ciphers. In Journal of Computer Security, 8 (2-3), 141-158, 2000.

No context found.

John Kelsey, Bruce Schneier, David Wagner, Chris Hall, Side channel cryptanalysis of product ciphers, proc. 5th European Symposium on Research in Computer Security, LNCS 1485, 97--110, Springer-Verlag, 1998

No context found.

Kelsey J., Schneier B., Wagner D. and Hall S. Side channel cryptanalysis of product ciphers, Proceedings of ESORICS'98, Springer-Verlag, 1998, 97110.

No context found.

J. Kelsey, B. Schneier, D. Wagner, and C. Hall, "Side Channel Cryptanalysis of Product Ciphers," in Proc. ESORICS'98, pp. 97--110, Sept. 1998.

No context found.

J. Kelsey, B. Schneier, D.Wagner, and C. Hall, "Side channel cryptanalysis of product ciphers," ESORICS '98.

No context found.

J. Kelsey, B. Schneier, D. Wagner, and C. Hall. Side Channel Cryptanalysis of Product Ciphers. Journal of Computer Security, v. 8, n. 2-3, 2000.

No context found.

Kelsey, J., Schneier, B., Wagner, D., and Hall, C. Side Channel Cryptanalysis of Product Ciphers. Journal of Computer Security, 8 (2-3) (1995), 141-158.

No context found.

John Kelsey, Bruce Schneier, David Wagner, and Chris Hall. Side channel cryptanalysis of product ciphers. World Wide Web: Counterpane Systems and U.C. at Berkeley, circa 2000. http://www.counterpane.com, http://www.cs.berkeley.edu.

No context found.

Kelsey, J., Schneier, B., Wagner, D., Hall, C.: Side channel cryptanalysis of product ciphers. In: Computer Security (ESORICS'98). Volume 1485 of LNCS., SpringerVerlag (1998) 97--110

No context found.

J. Kelsey, B. Schneier, D. Wagner, and C. Hall, Side Channel Cryptanalysis of Product Ciphers, in Proc. of ESORICS'98, Springer-Verlag, September 1998, pp. 97-110.

No context found.

J. Kelsey, B. Schneier, D. Wagner, and C. Hall, Side Channel Cryptanalysis of Product Ciphers, in Proc. of ESORICS'98, Springer-Verlag, September 1998, pp. 97-110.

No context found.

J. Kelsey, B. Schneier, D. Wagner, and C. Hall, "Side Channel Cryptanalysis of Product Ciphers", Journal of Computer Security 8(2-3), 2000, pp. 141-158.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC