Impact of Extending Side Channel Attack on Cipher Variants: A Case Study with the HC Series of Stream Ciphers
Side channel attacks are extremely implementation specific. An attack is tailor-made for a specific cipher algorithm implemented in a specific model. A natural question is: what is the effect of a side channel technique on a variant of the cipher algorithm implemented in a similar model? The motivation for such an investigation is to study the feasibility of using a cipher variant as a mode of recovering from a successful side channels attack. As a case study, we consider the HC series of stream ciphers, viz., HC-128 and HC-256. We extend the HC-128 fault attack and the HC-256 cache analysis onto the HC-256 and HC-128 ciphers respectively under similar models. The techniques applied on one variant is not trivially translatable to the other and the issue was left open until the current work. We propose a technique to recover half the state of HC-128 using cache analysis, which can be cascaded with the differential attack towards a full state recovery and hence key recovery. Similarly, we analyze the state leakage of HC-256 under differential fault attack model to achieve partial state recovery.
KeywordsCache Analysis Cryptography eSTREAM Fault Attack Side Chanel Cryptanalysis Stream Cipher
Unable to display preview. Download preview PDF.
- 1.Bernstein, D.: Cache-timing attacks on AES (2005), http://cr.yp.to/papers.html#cachetiming
- 3.eSTREAM: the ECRYPT Stream Cipher Project, http://www.ecrypt.eu.org/stream
- 5.LAN/MAN Standard Committee. ANSI/IEEE standard 802.11b: Wireless LAN Medium Access Control (MAC) and Physical Layer (phy) Specifications (1999)Google Scholar
- 6.LAN/MAN Standard Committee. ANSI/IEEE standard 802.11i: Amendment 6: Wireless LAN Medium Access Control (MAC) and Physical Layer (phy) Specifications, Draft 3 (2003)Google Scholar
- 7.LAN/MAN Standard Committee. ANSI/IEEE standard 802.11i: Amendment 6: Wireless LAN Medium Access Control (MAC) and Physical Layer (phy) Specifications (2004)Google Scholar
- 8.Liu, Y., Qin, T.: The key and IV setup of the stream ciphers HC-256 and HC-128. In: International Conference on Networks Security, Wireless Communications and Trusted Computing, Wuhan, Hubei China, April 25-26, pp. 430–433 (2009)Google Scholar
- 9.Maitra, S., Paul, G., Raizada, S., Sen, S., Sengupta, R.: Some observations on HC-128. In: Designs, Codes and Cryptography, vol. 59(1-3), pp. 231–245 (2011)Google Scholar
- 13.Stankovski, P., Ruj, S., Hell, M., Johansson, T.: Improved distinguishers for HC-128. In: Designs, Codes and Cryptography, vol. 63(2), pp. 225–240 (2012)Google Scholar
- 15.Skorobogatov, S.P.: Semi-invasive attacks - A new approach to hardware security analysis. Technical Report No. UCAM-CL-TR-630, University of Cambridge, Computer Laborator (April 2005), http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-630.pdf
- 16.Wu, H.: The Stream Cipher HC-128 (2004), http://www.ecrypt.eu.org/stream/hcp3.html
- 19.Zenner, E.: Cache Timing Analysis of eStream Finalists. Dagstuhl Seminar Proceedings 09031, Symmetric Cryptography (March 9, 2009), http://drops.dagstuhl.de/opus/volltexte/2009/1943