Advanced search
Publication Cover
Cryptologia Latest Articles
Submit an article Journal homepage
16
Views
0
CrossRef citations to date
0
Altmetric
Research Article

Fault-assisted side-channel analysis of HMAC-Streebog

Gautham SekarCorrespondence[email protected]
View further author information
,
Mabin JosephView further author information
&
R. BalasubramanianView further author information
Published online: 14 Apr 2024

References

  • Abdelkhalek, A., R. AlTawy, and A. M. Youssef. 2015. Impossible differential properties of reduced round Streebog. In Proceedings of C2SI 2015, LNCS, Rabat, Morocco, Vol. 9084, 274–86.
  • AlTawy, R., and A. M. Youssef. 2015a. Differential fault analysis of Streebog. In Proceedings of ISPEC 2015, LNCS, Beijing, China, Vol. 9065, 35–49.
  • AlTawy, R., and A. M. Youssef. 2015b. Watch your constants: Malicious Streebog. IET Information Security 9 (6):328–33. doi: 10.1049/iet-ifs.2014.0540.
  • Biryukov, A., L. Perrin, and A. Udovenko. 2016. Reverse-engineering the S-box of Streebog, Kuznyechik and STRIBOBr1. In Proceedings of EUROCRYPT 2016, LNCS, Vol. 9665, 372–402.
  • Cojocar, L., K. Razavi, C. Giuffrida, and H. Bos. 2019. Exploiting correcting codes: On the effectiveness of ECC memory against Rowhammer attacks. In IEEE Proceedings of SP 2019, San Francisco, USA, 279–95.
  • Degtyarev, A. 2019. GOST R 34.11-2012 hash function with 512/256 bit digest. GitHub. Accessed July 18, 2023. https://github.com/adegtyarev/streebog.
  • Dinur, I., and G. Leurent. 2014. Improved generic attacks against hash-based MACs and HAIFA. In Proceedings of CRYPTO 2014, LNCS, Vol. 8616, 149–68.
  • Dolmatov, V., and A. Degtyarev. 2013. GOST R 34.11-2012: Hash function. RFC 6986. Accessed July 18, 2023. https://tools.ietf.org/html/rfc6986.
  • Fouque, P., D. Masgana, and F. Valette. 2009. Fault attack on Schnorr based identification and signature schemes. In IEEE Proceedings of FDTC 2009, Lausanne, Switzerland, 32–8.
  • Fouque, P., D. Réal, F. Valette, and M. Drissi. 2008. The carry leakage on the randomized exponent countermeasure. In Proceedings of CHES 2008, LNCS, Washington DC, USA, Vol. 5154, 198–213.
  • Garmany, B., and T. Müller. 2013. PRIME: Private RSA infrastructure for memory-less encryption. In Proceedings of ACSAC 2013, New Orleans, USA, 149–58.
  • Götzfried, J., and T. Müller. 2013. ARMORED: CPU-bound encryption for android-driven ARM devices. In IEEE Proceedings of ARES 2013, Regensburg, Germany, 161–8.
  • Halderman, J. A., S. D. Schoen, N. Heninger, W. Clarkson, W. Paul, J. A. Calandrino, A. J. Feldman, J. Appelbaum, and E. W. Felten. 2009. Lest we remember: Cold boot attacks on encryption keys. Communications of the ACM 52 (5):91–8. doi: 10.1145/1506409.1506429.
  • Hubert, C., and M. Côme. 2017. ERROL—InfraRed (IR) laser bench solution for security evaluation in 2017. GitHub. Accessed July 18, 2023. https://www.errol-laser.com/_files/ugd/1c6d8e_1e3b60623c454f02b125c891cd53a245.pdf.
  • Kim, Y., R. Daly, J. Kim, C. Fallin, J. H. Lee, D. Lee, C. Wilkerson, K. Lai, and O. Mutlu. 2014. Flipping bits in memory without accessing them: An experimental study of DRAM disturbance errors. In Proceedings of ACM/IEEE ISCA 2014, Minneapolis, USA, 361–72.
  • Kocher, P., J. Horn, A. Fogh, D. Genkin, D. Gruss, W. Haas, M. Hamburg, M. Lipp, S. Mangard, T. Prescher, et al. 2020. Spectre attacks: Exploiting speculative execution. Communications of the ACM 63 (7):93–101. doi: 10.1145/3399742.
  • Krawczyk, H., M. Bellare, and R. Canetti. 1997. HMAC: Keyed-hashing for message authentication. RFC 2104. Accessed July 18, 2023. https://tools.ietf.org/html/rfc2104.
  • Kwong, A., D. Genkin, D. Gruss, and Y. Yarom. 2020. RAMBleed: Reading bits in memory without accessing them. In Proceedings of IEEE Proceedings of SP 2020, San Francisco, USA, 695–711.
  • Lipp, M., M. Schwarz, D. Gruss, T. Prescher, W. Haas, J. Horn, S. Mangard, P. Kocher, D. Genkin, Y. Yarom, et al. 2020. Meltdown: Reading kernel memory from user space. Communications of the ACM 63 (6):46–56. doi: 10.1145/3357033.
  • Mambretti, A., M. Neugschwandtner, A. Sorniotti, E. Kirda, W. Robertson, and A. Kurmus. 2018. Let’s not speculate: Discovering and analyzing speculative execution attacks. IBM Research Report, RZ 3933, 19–37. Accessed July 18, 2023. https://domino.research.ibm.com/library/cyberdig.nsf/papers/D66E56756964D8998525835200494B74.
  • Müller, T., A. Dewald, and F. C. Freiling. 2010. AESSE: A cold-boot resistant implementation of AES. In ACM Proceedings of EUROSEC ’10, Paris, France, 42–7.
  • Müller, T., F. C. Freiling, and A. Dewald. 2011. TRESOR runs encryption securely outside RAM. In Proceedings of USENIX Security ’11, San Francisco, USA, 251–66.
  • Perrin, L. 2019. Partitions in the S-box of Streebog and Kuznyechik. IACR Transactions on Symmetric Cryptology 2019 (1):302–29. doi: 10.46586/tosc.v2019.i1.302-329.
  • Perrin, L., and A. Udovenko. 2017. Exponential S-boxes: A link between the S-boxes of BelT and Kuznyechik/Streebog. IACR Transactions on Symmetric Cryptology 2016 (2):99–124. doi: 10.46586/tosc.v2016.i2.99-124.
  • Sekar, G. 2015. Side channel cryptanalysis of Streebog. In Proceedings of SSR 2015, LNCS, Tokyo, Japan, Vol. 9497, 154–62.
  • Smyshlyaev, S., E. Alekseev, I. Oshkin, V. Popov, S. Leontiev, V. Podobaev, and D. Belyavsky. 2016. Guidelines on the cryptographic algorithms to accompany the usage of standards GOST R 34.10-2012 and GOST R 34.11-2012. RFC 7836. Accessed July 18, 2023. https://tools.ietf.org/html/rfc7836.
  • Vasiliadis, G., E. Athanasopoulos, M. Polychronakis, and S. Ioannidis. 2014. PixelVault: Using GPUs for securing cryptographic operations. In ACM Proceedings of CCS 2014, Denver, USA, 1131–42.
  • Zhang, X., Y. Tan, Y. Xue, Q. Zhang, Y. Li, C. Zhang, and J. Zheng. 2017. Cryptographic key protection against FROST for mobile devices. Cluster Computing 20 (3):2393–402. doi: 10.1007/s10586-016-0721-3.

Reprints and Corporate Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

To request a reprint or corporate permissions for this article, please click on the relevant link below:

Order Reprints Request Corporate Permissions

Academic Permissions

Please note: Selecting permissions does not provide access to the full text of the article, please see our help page How do I view content?

Obtain permissions instantly via Rightslink by clicking on the button below:

Request Academic Permissions

If you are unable to obtain permissions via Rightslink, please complete and submit this Permissions form. For more information, please visit our Permissions help page.

Related research

People also read lists articles that other readers of this article have read.

Recommended articles lists articles that we recommend and is powered by our AI driven recommendation engine.

Cited by lists all citing articles based on Crossref citations.
Articles with the Crossref icon will open in a new tab.