Simple Power Analysis (SPA) attacks are widely used against several cryptosystems, principally against cryptosystems based on modular exponentiation. Many types of SPA have been reported in the literature, Yen et al. introduced the N-1 attack, which uses chosen input messages to obtain relevant information from the attacked cryptosystem. Their attack was implemented on the square-and-multiply always and on
the BRIP algorithm, both algorithms in left-to-right form. There are possible countermeasures against this attack, but all of them are costly and time consuming. In this paper, a computationally efficient and effective method to avoid the N-1 attack is investigated.
Image encryption using chaotic sequence and its cryptanalysisIOSR Journals
ย
1) The document analyzes an image encryption algorithm that uses chaotic sequences. It finds that the algorithm can be broken with only a small number of known or chosen plaintexts using two attacks.
2) A chosen plaintext attack is described that requires only one known plaintext and two chosen plaintexts to reveal the secret chaotic sequences and encryption keys.
3) A known plaintext attack is also introduced that requires two known plaintext-ciphertext pairs to determine the secret parameters and completely break the encryption scheme.
SECURITY EVALUATION OF LIGHT-WEIGHT BLOCK CIPHERS BY GPGPUacijjournal
ย
This document summarizes a research paper that proposes using GPUs to accelerate the security evaluation of lightweight block ciphers through integral attacks. The paper first provides background on integral attacks and discusses limitations of previous evaluation methods. It then proposes a new algorithm that uses both theoretical and experimental steps to iteratively search for higher-order integral distinguishers. In the experimental step, the algorithm executes computer experiments on candidate distinguishers using a GPU to accelerate the computations. When applied to several lightweight block ciphers, the proposed method obtained more advantageous results than previous approaches.
SECURED WIRELESS COMMUNICATION THROUGH SIMULATED ANNEALING GUIDED TRAINGULARI...cscpconf
ย
In this paper, simulated annealing guided traingularized encryption using multilayer perceptron generated session key (SATMLP) has been proposed for secured wireless ommunication. Bothsender and receiver station uses identical multilayer perceptron and depending on the final output of the both side multilayer perceptron, weights vector of hidden layer get tuned in bothends. After this tunning step both perceptrons generates identical weight vectors which is consider as an one time session key. In the 1st level of encryption process traingularized sub key1 is use to encrypt the plain text. In 2nd level of encryption simulated annealing method helps to generates sub key 2 for further encryption of 1st level generated traingularized encrypted text. Finally multilayer perceptron generated one time session key is used to perform
3rd level of encryption of 2nd level generated encrypted text. Recipient will use same identical multilayer perceptron guided session key for performing deciphering process for getting the simulated annealing guided intermediate cipher text. Then using sub key 2 deciphering technique is performed to get traingularized encrypted text. Finally sub key 1 is used to generate the plain text. In this proposed technique session key is not transmitted over public channel apart from few data transfers are needed for weight simulation process. Because after synchronization process both multilayer perceptron generates identical weight vector which acts as a session key. Parametric tests are done and results are compared in terms of ChiSquare test, response time in transmission with some existing classical techniques, which shows comparable results for the proposed system.
Secured wireless communication through simulated annealing guided traingulari...csandit
ย
In this paper, simulated annealing guided traingularized encryption using multilayer perceptron
generated session key (SATMLP) has been proposed for secured wireless communication. Both
sender and receiver station uses identical multilayer perceptron and depending on the final
output of the both side multilayer perceptron, weights vector of hidden layer get tuned in both
ends. After this tunning step both perceptrons generates identical weight vectors which is
consider as an one time session key. In the 1st level of encryption process traingularized sub
key1 is use to encrypt the plain text. In 2nd level of encryption simulated annealing method
helps to generates sub key 2 for further encryption of 1st level generated traingularized
encrypted text. Finally multilayer perceptron generated one time session key is used to perform
3rd level of encryption of 2nd level generated encrypted text. Recipient will use same identical
multilayer perceptron guided session key for performing deciphering process for getting the
simulated annealing guided intermediate cipher text. Then using sub key 2 deciphering
technique is performed to get traingularized encrypted text. Finally sub key 1 is used to
generate the plain text. In this proposed technique session key is not transmitted over public
channel apart from few data transfers are needed for weight simulation process. Because after
synchronization process both multilayer perceptron generates identical weight vector which
acts as a session key. Parametric tests are done and results are compared in terms of Chi-
Square test, response time in transmission with some existing classical techniques, which shows
comparable results for the proposed system.
Adequacy of checksum algorithms for computer virus detectionUltraUploader
ย
Checksums are used to detect changes in files and detect computer viruses. However, checksum algorithms that detect random errors are not sufficient against an entity deliberately trying to fool the checksum. An attacker can insert forged data that generates the same checksum as the original. The paper discusses three types of attacks against checksums (brute force, birthday, trap door) and features needed for checksum algorithms to be resistant to attackers, such as having a long length and being non-invertible. It also describes tests to evaluate if a checksum algorithm provides even mapping and is non-invertible.
STEGANOGRAPHY BASED ASYMMETRIC KEY CRYPTOSYSTEM USING TRELLIS CODED GENETIC A...ijesajournal
ย
This paper focuses on generating a random bit sequence using Trellis coded Genetic Algorithm (TCGA)
with boolean function as source of input. Randomness of the generated bit sequence is tested using the
methods proposed by National Institute of Standards and Technology (NIST) to be used as random key
for cryptographic applications. Generated random key is transmitted using Blue Pixel Least Significant
bit (BPLSB) steganographic technique. The extracted random key is then used for image encryption and
decryption for asymmetric key cryptosystem.
Chaotic Secure Communication Using Iterated Filtering Method P. Karthik -Assistant Professor,
D. Gokul Prashanth -UG Scholar,
T. Gokul - UG Scholar,
Department of Electronics and Communication Engineering,
SNS College of Engineering, Coimbatore, India.
A Novel Method for Preventing Selective Jamming Attacks in Wireless NetworksIJMER
ย
The document proposes three novel methods to prevent selective jamming attacks in wireless networks:
1. Strong Hiding Commitment Scheme (SHCS) which uses asymmetric cryptography to commit a sender to a value while keeping it hidden.
2. Cryptographic Puzzle Hiding Scheme which generates puzzles that force attackers to spend time solving before obtaining secret keys.
3. Hiding based on All-Or-Nothing Transformation which partitions messages into blocks that are meaningless individually, preventing selective jamming until all blocks are received.
Image encryption using chaotic sequence and its cryptanalysisIOSR Journals
ย
1) The document analyzes an image encryption algorithm that uses chaotic sequences. It finds that the algorithm can be broken with only a small number of known or chosen plaintexts using two attacks.
2) A chosen plaintext attack is described that requires only one known plaintext and two chosen plaintexts to reveal the secret chaotic sequences and encryption keys.
3) A known plaintext attack is also introduced that requires two known plaintext-ciphertext pairs to determine the secret parameters and completely break the encryption scheme.
SECURITY EVALUATION OF LIGHT-WEIGHT BLOCK CIPHERS BY GPGPUacijjournal
ย
This document summarizes a research paper that proposes using GPUs to accelerate the security evaluation of lightweight block ciphers through integral attacks. The paper first provides background on integral attacks and discusses limitations of previous evaluation methods. It then proposes a new algorithm that uses both theoretical and experimental steps to iteratively search for higher-order integral distinguishers. In the experimental step, the algorithm executes computer experiments on candidate distinguishers using a GPU to accelerate the computations. When applied to several lightweight block ciphers, the proposed method obtained more advantageous results than previous approaches.
SECURED WIRELESS COMMUNICATION THROUGH SIMULATED ANNEALING GUIDED TRAINGULARI...cscpconf
ย
In this paper, simulated annealing guided traingularized encryption using multilayer perceptron generated session key (SATMLP) has been proposed for secured wireless ommunication. Bothsender and receiver station uses identical multilayer perceptron and depending on the final output of the both side multilayer perceptron, weights vector of hidden layer get tuned in bothends. After this tunning step both perceptrons generates identical weight vectors which is consider as an one time session key. In the 1st level of encryption process traingularized sub key1 is use to encrypt the plain text. In 2nd level of encryption simulated annealing method helps to generates sub key 2 for further encryption of 1st level generated traingularized encrypted text. Finally multilayer perceptron generated one time session key is used to perform
3rd level of encryption of 2nd level generated encrypted text. Recipient will use same identical multilayer perceptron guided session key for performing deciphering process for getting the simulated annealing guided intermediate cipher text. Then using sub key 2 deciphering technique is performed to get traingularized encrypted text. Finally sub key 1 is used to generate the plain text. In this proposed technique session key is not transmitted over public channel apart from few data transfers are needed for weight simulation process. Because after synchronization process both multilayer perceptron generates identical weight vector which acts as a session key. Parametric tests are done and results are compared in terms of ChiSquare test, response time in transmission with some existing classical techniques, which shows comparable results for the proposed system.
Secured wireless communication through simulated annealing guided traingulari...csandit
ย
In this paper, simulated annealing guided traingularized encryption using multilayer perceptron
generated session key (SATMLP) has been proposed for secured wireless communication. Both
sender and receiver station uses identical multilayer perceptron and depending on the final
output of the both side multilayer perceptron, weights vector of hidden layer get tuned in both
ends. After this tunning step both perceptrons generates identical weight vectors which is
consider as an one time session key. In the 1st level of encryption process traingularized sub
key1 is use to encrypt the plain text. In 2nd level of encryption simulated annealing method
helps to generates sub key 2 for further encryption of 1st level generated traingularized
encrypted text. Finally multilayer perceptron generated one time session key is used to perform
3rd level of encryption of 2nd level generated encrypted text. Recipient will use same identical
multilayer perceptron guided session key for performing deciphering process for getting the
simulated annealing guided intermediate cipher text. Then using sub key 2 deciphering
technique is performed to get traingularized encrypted text. Finally sub key 1 is used to
generate the plain text. In this proposed technique session key is not transmitted over public
channel apart from few data transfers are needed for weight simulation process. Because after
synchronization process both multilayer perceptron generates identical weight vector which
acts as a session key. Parametric tests are done and results are compared in terms of Chi-
Square test, response time in transmission with some existing classical techniques, which shows
comparable results for the proposed system.
Adequacy of checksum algorithms for computer virus detectionUltraUploader
ย
Checksums are used to detect changes in files and detect computer viruses. However, checksum algorithms that detect random errors are not sufficient against an entity deliberately trying to fool the checksum. An attacker can insert forged data that generates the same checksum as the original. The paper discusses three types of attacks against checksums (brute force, birthday, trap door) and features needed for checksum algorithms to be resistant to attackers, such as having a long length and being non-invertible. It also describes tests to evaluate if a checksum algorithm provides even mapping and is non-invertible.
STEGANOGRAPHY BASED ASYMMETRIC KEY CRYPTOSYSTEM USING TRELLIS CODED GENETIC A...ijesajournal
ย
This paper focuses on generating a random bit sequence using Trellis coded Genetic Algorithm (TCGA)
with boolean function as source of input. Randomness of the generated bit sequence is tested using the
methods proposed by National Institute of Standards and Technology (NIST) to be used as random key
for cryptographic applications. Generated random key is transmitted using Blue Pixel Least Significant
bit (BPLSB) steganographic technique. The extracted random key is then used for image encryption and
decryption for asymmetric key cryptosystem.
Chaotic Secure Communication Using Iterated Filtering Method P. Karthik -Assistant Professor,
D. Gokul Prashanth -UG Scholar,
T. Gokul - UG Scholar,
Department of Electronics and Communication Engineering,
SNS College of Engineering, Coimbatore, India.
A Novel Method for Preventing Selective Jamming Attacks in Wireless NetworksIJMER
ย
The document proposes three novel methods to prevent selective jamming attacks in wireless networks:
1. Strong Hiding Commitment Scheme (SHCS) which uses asymmetric cryptography to commit a sender to a value while keeping it hidden.
2. Cryptographic Puzzle Hiding Scheme which generates puzzles that force attackers to spend time solving before obtaining secret keys.
3. Hiding based on All-Or-Nothing Transformation which partitions messages into blocks that are meaningless individually, preventing selective jamming until all blocks are received.
MESSAGE EMBEDDED CIPHER USING 2-D CHAOTIC MAPijccmsjournal
ย
This paper constructs two encryption methods using 2-D chaotic maps, Duffings and Arnoldโs cat maps
respectively. Both of the methods are designed using message embedded scheme and are analyzed for their validity, for plaintext sensitivity, key sensitivity, known plaintext and brute-force attacks. Due to the
less key space generally many chaotic cryptosystem developed are found to be weak against Brute force attack which is an essential issue to be solved. For this issue, concept of identifiability proved to be a necessary condition to be fulfilled by the designed chaotic cipher to resist brute force attack, which is a basic attack. As 2-D chaotic maps provide more key space than 1-D maps thus they are considered to be more suitable. This work is accompanied with analysis results obtained from these developed cipher. Moreover, identifiable keys are searched for different input texts at various key values.
The methods are found to have good key sensitivity and possess identifiable keys thus concluding that they can resist linear attacks and brute-force attacks.
Message Embedded Cipher Using 2-D Chaotic Mapijccmsjournal
ย
This paper constructs two encryption methods using 2-D chaotic maps, Duffings and Arnoldโs cat maps
respectively. Both of the methods are designed using message embedded scheme and are analyzed for
their validity, for plaintext sensitivity, key sensitivity, known plaintext and brute-force attacks. Due to the
less key space generally many chaotic cryptosystem developed are found to be weak against Brute force
attack which is an essential issue to be solved. For this issue, concept of identifiability proved to be a
necessary condition to be fulfilled by the designed chaotic cipher to resist brute force attack, which is a
basic attack. As 2-D chaotic maps provide more key space than 1-D maps thus they are considered to be
more suitable. This work is accompanied with analysis results obtained from these developed cipher.
Moreover, identifiable keys are searched for different input texts at various key values.
Blinded Montgomery Powering Ladder Protected Against the Jacobi Symbol AttackCSCJournals
ย
Many physical attack types (Timing attacks, Power consumption attacks, Fault attacks, etc.) have been developed against cryptosystems, and specifically against the modular exponentiation which is the core operation of many cryptosystems, in the recent years. Indeed there is a real necessity to eliminate the vulnerabilities of the cryptosystems, like CRT-RSA or the Elliptic Curve Cryptosystem, that make them susceptible to those attacks. In 2006 Boreale described a new type of physical attack which is based in the Jacobi symbol concept, and after that, Schmidt used the same concept as Boreale to break the security of the blinded Montgomery powering ladder. In this paper a countermeasure against the Schmidt\'s attack is presented in order to make the blinded Montgomery powering ladder resistant to the Jacobi symbol attack.
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREVLSICS Design
ย
The latest innovation technology in computing devices has given a rise of compact, speedy and economical products which also embeds cryptography hardware on-chip. This device generally holds secret key and confidential information, more attention has been given to attacks on hardware which guards such secure information. The attacker may leak secret information from symmetric crypto-hardware (AES, DES etc.) using side-channel analysis, fault injection or exploiting existing test infrastructure. This paper examines various DFT based attack implementation method applied to cryptographic hardware. The paper contains an extensive analysis of attacks based on various parameters. The countermeasures are classified and analyzed in details.
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREVLSICS Design
ย
The latest innovation technology in computing devices has given a rise of compact, speedy and economical products which also embeds cryptography hardware on-chip. This device generally holds secret key and confidential information, more attention has been given to attacks on hardware which guards such secure information. The attacker may leak secret information from symmetric crypto-hardware (AES, DES etc.) using side-channel analysis, fault injection or exploiting existing test infrastructure. This paper examines various DFT based attack implementation method applied to cryptographic hardware. The paper contains an extensive analysis of attacks based on various parameters. The countermeasures are classified and analyzed in details.
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREVLSICS Design
ย
The latest innovation technology in computing devices has given a rise of compact, speedy and economical
products which also embeds cryptography hardware on-chip. This device generally holds secret key and
confidential information, more attention has been given to attacks on hardware which guards such secure
information. The attacker may leak secret information from symmetric crypto-hardware (AES, DES etc.)
using side-channel analysis, fault injection or exploiting existing test infrastructure. This paper examines
various DFT based attack implementation method applied to cryptographic hardware. The paper contains
an extensive analysis of attacks based on various parameters. The countermeasures are classified and
analyzed in details
Cryptosystem An Implementation of RSA Using Verilogijcncs
ย
This document describes an implementation of the RSA cryptosystem using Verilog for an FPGA. It presents the design of modules for key generation, encryption, and decryption. For key generation, it generates random prime numbers using an LFSR and primality tester, then calculates the public and private keys. Encryption and decryption are performed through modular exponentiation implemented with a right-to-left binary method. The modules are coded in Verilog and synthesized for an FPGA to provide a secure cryptosystem.
Cryptanalysis of Key Exchange Method Using Computational Intelligence Guided ...aciijournal
ย
In this paper, a cryptanalysis of key exchange method using multilayer perceptron (CKEMLP) has been
proposed in wireless communication of data/information. In this proposed CKEMLP technique both sender
and receiver uses an identical multilayer perceptrons for synchronization between them. After achieving
the full synchronization weights vectors of both the partiesโ becomes identical and this identical weight
vector is used as a secret session key for encryption/decryption. Different types of possible attacks during
synchronization phase are introduced in this paper. Among different types of attacks some of them can be
easily prevented by increasing the synaptic depth L. But few attacks are also there which has a great
success rate.
TOPOLOGY MAP ANALYSIS FOR EFFECTIVE CHOICE OF NETWORK ATTACK SCENARIOIJCNCJournal
ย
In general, network attack should be prohibited and information security technology should contribute to improve the trust of network communication. Almost network communication is based on IP packet that is standardized by the international organization. So, network attack does not work without following the standardized protocols and data format. Therefore, network attack also leaks information concerning adversaries by their IP packets. In this paper, we propose an effective choice for network attack scenario which counter-attacks adversary. We collect and analyze IP packets from the adversary, and derive network topology map of the adversary. The characteristics of topology map can be evaluated by the Eigen value of topology matrix. We observe the changes of characteristics of topology map by the influence of attack scenario. Then we can choose the most effective or suitable network counter-attack strategy. In this paper, we assume two kinds of attack scenarios and three types of tactics. And we show an example choice of attack using actual data of adversary which were observed by our dark-net monitoring.
OpenFlow Security Threat Detection and Defense ServicesEswar Publications
ย
The emergence of OpenFlow-capable switches de- couples control plane from the data flow plane so that they support programmable network and allow network administrators to have programmable central control of network traffic via a controller. The controller and its communication with switches and users become a malicious attack target. This paper explores major possible security threats and attacks on the controller of SDN and proposes a new approach to automatically and dynamically detect and monitor malicious behaviors on flow message passing and defend such attacks to ensure the security of SDN. We have built a FlowEye prototype at service level on Mininet API, and simulation tests are done on two feasible attacks on OpenFlow Beacon platform. The paper provides the feasibility study of such attacks and defense protection strategies in SDN security research..
A NOVEL SECURE COSINE SIMILARITY COMPUTATION SCHEME WITH MALICIOUS ADVERSARIESIJNSA Journal
ย
Similarity coefficients play an important role in many aspects. Recently, several schemes were proposed, but these schemes aimed to compute the similarity coefficients of binary data. In this paper, a novel scheme
which can compute the coefficients of integer is proposed. To the best knowledge of us, this is the first scheme which canesist malicious adversaries attack.
FAST DETECTION OF DDOS ATTACKS USING NON-ADAPTIVE GROUP TESTINGIJNSA Journal
ย
This document proposes a method for fast detection of DDoS attacks using non-adaptive group testing (NAGT). It begins with background on DDoS attacks and group testing techniques. It then describes using a strongly explicit d-disjunct matrix in NAGT to map IP addresses to "tests" performed by routers. The router counters would indicate potential hot items (attackers or victims). Two decoding algorithms are presented to identify the hot items from the test results with poly-log time complexity meeting data stream requirements. The method aims to provide early warning of DDoS attacks through efficient group testing of IP packets.
AN ANN APPROACH FOR NETWORK INTRUSION DETECTION USING ENTROPY BASED FEATURE S...IJNSA Journal
ย
With the increase in Internet users the number of malicious users are also growing day-by-day posing a serious problem in distinguishing between normal and abnormal behavior of users in the network. This has led to the research area of intrusion detection which essentially analyzes the network traffic and tries to determine normal and abnormal patterns of behavior.In this paper, we have analyzed the standard NSL-KDD intrusion dataset using some neural network based techniques for predicting possible intrusions. Four most effective classification methods, namely, Radial Basis Function Network, SelfOrganizing Map, Sequential Minimal Optimization, and Projective Adaptive Resonance Theory have been applied. In order to enhance the performance of the classifiers, three entropy based feature selection methods have been applied as preprocessing of data. Performances of different combinations of classifiers and attribute reduction methods have also been compared.
This document discusses using artificial neural networks for network intrusion detection. Specifically, it proposes a hybrid classification model that uses entropy-based feature selection to reduce the dataset, followed by four neural network techniques (RBFN, SOM, SMO, PART) for classification. It provides details on each neural network technique and the overall methodology, which uses 10-fold cross validation to evaluate performance based on standard criteria. The goal is to build an efficient intrusion detection system with low false alarms and high detection rates.
USE OF MARKOV CHAIN FOR EARLY DETECTING DDOS ATTACKSIJNSA Journal
ย
DDoS has a variety of types of mixed attacks. Botnet attackers can chain different types of DDoS attacks to confuse cybersecurity defenders. In this article, the attack type can be represented as the state of the model. Considering the attack type, we use this model to calculate the final attack probability. The final attack probability is then converted into one prediction vector, and the incoming attacks can be detected early before IDS issues an alert. The experiment results have shown that the prediction model that can make multi-vector DDoS detection and analysis easier.
This document presents a study on a proposed distributed attack detection algorithm using experimental and simulation analysis. The key points are:
1) The algorithm detects distributed denial of service attacks in wireless sensor networks using detector nodes that monitor traffic and reconstruct patterns to identify attacks.
2) Performance is affected by algorithmic parameters like time epoch length and number of detector nodes, and network parameters like node density and energy.
3) Simulation experiments quantify the attack detection rate, false positive/negative rates, and node energy utilization under variations in these parameters.
An Approach of Automatic Data Mining Algorithm for Intrusion Detection and P...IOSR Journals
ย
This document summarizes an approach for using data mining algorithms to detect network intrusions and prevent security threats. It analyzes two datasets - one containing 997 records and another containing 11,438 records - using various classification algorithms in Weka to determine the best performing ones. The algorithms examined include PART, SMO, HyperPipes, Filtered Classifier, Random Forest, Naive Bayes Updateable and KStar. Classification rate and false positive rate are used to evaluate performance. The document also discusses related work on intrusion detection using neural networks, genetic algorithms and other approaches.
MULTI-LAYER CLASSIFIER FOR MINIMIZING FALSE INTRUSIONIJNSA Journal
ย
Intrusion detection is one of the standard stages to protect computers in network security framework from several attacks. False alarms problem is critical in intrusion detection, which motivates many researchers to discover methods to minify false alarms. This paper proposes a procedure for classifying the type of intrusion according to multi-operations and multi-layer classifier for handling false alarms in intrusion detection. The proposed system is tested using on KDDcup99 benchmark. The performance showed that results obtained from three consequent classifiers are better than a single classifier. The accuracy reached 98% based on 25 features instead of using all features of KDDCup99 dataset.
Improvement of Search Algorithm for Integral Distinguisher in Subblock-Based ...ijcisjournal
ย
Integral distinguisher is the main factor of integral attack. Conventionally, higher order integral distinguisher is obtained as an extension of first order integral (conventional algorithm). The algorithm was applied to many subblock-based block ciphers, however, the conventional algorithm has some problems. We find other integral distinguisher of two sub block-based block ciphers, TWINE and LBlock, which are different from the conventional evaluations. As a solution, we propose a new algorithm to search for higher order integral distinguisher. The point of a proposal algorithm is exploitation of bijective and injective components of cipher functions. Applying the proposal algorithm to TWINE and LBlock, we confirm the results of the proposal algorithm are consistent with the results which are calculated from computer experiment. The results are the optimal distinguisher and the most advantageous one for the attackers. Our proposal algorithm contributes to development of stronger block ciphers by obtaining such integral distinguisher.
Models and approaches for Differential Power AnalysisAndrej ล imko
ย
There are many side-channel attacks, which employ power analysis for discovering secret keys. This paper describes various methods (Hamming weight, Hamming distance, Switching distance and Signed distance) and approaches, like Simple Power Analysis (SPA); different kinds of Differential Power Analysis (DPA) - first order, Single-Exponent Multiple-Data Attack (SEMD), Multiple-Exponent Single-Data Attack (MESD), Zero-Exponent Multiple-Data Attack (ZEMD), High-Order, automated template; Correlation Power Analysis (CPA); Mutual Information Analysis (MIA). At the end, there is a chapter on countermeasures against the side channel attacks.
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptxEduSkills OECD
ย
Ivรกn Bornacelly, Policy Analyst at the OECD Centre for Skills, OECD, presents at the webinar 'Tackling job market gaps with a skills-first approach' on 12 June 2024
More Related Content
Similar to HOW TO AVOID THE N-1 ATTACK WITHOUT COSTLY IMPLEMENTATIONS
MESSAGE EMBEDDED CIPHER USING 2-D CHAOTIC MAPijccmsjournal
ย
This paper constructs two encryption methods using 2-D chaotic maps, Duffings and Arnoldโs cat maps
respectively. Both of the methods are designed using message embedded scheme and are analyzed for their validity, for plaintext sensitivity, key sensitivity, known plaintext and brute-force attacks. Due to the
less key space generally many chaotic cryptosystem developed are found to be weak against Brute force attack which is an essential issue to be solved. For this issue, concept of identifiability proved to be a necessary condition to be fulfilled by the designed chaotic cipher to resist brute force attack, which is a basic attack. As 2-D chaotic maps provide more key space than 1-D maps thus they are considered to be more suitable. This work is accompanied with analysis results obtained from these developed cipher. Moreover, identifiable keys are searched for different input texts at various key values.
The methods are found to have good key sensitivity and possess identifiable keys thus concluding that they can resist linear attacks and brute-force attacks.
Message Embedded Cipher Using 2-D Chaotic Mapijccmsjournal
ย
This paper constructs two encryption methods using 2-D chaotic maps, Duffings and Arnoldโs cat maps
respectively. Both of the methods are designed using message embedded scheme and are analyzed for
their validity, for plaintext sensitivity, key sensitivity, known plaintext and brute-force attacks. Due to the
less key space generally many chaotic cryptosystem developed are found to be weak against Brute force
attack which is an essential issue to be solved. For this issue, concept of identifiability proved to be a
necessary condition to be fulfilled by the designed chaotic cipher to resist brute force attack, which is a
basic attack. As 2-D chaotic maps provide more key space than 1-D maps thus they are considered to be
more suitable. This work is accompanied with analysis results obtained from these developed cipher.
Moreover, identifiable keys are searched for different input texts at various key values.
Blinded Montgomery Powering Ladder Protected Against the Jacobi Symbol AttackCSCJournals
ย
Many physical attack types (Timing attacks, Power consumption attacks, Fault attacks, etc.) have been developed against cryptosystems, and specifically against the modular exponentiation which is the core operation of many cryptosystems, in the recent years. Indeed there is a real necessity to eliminate the vulnerabilities of the cryptosystems, like CRT-RSA or the Elliptic Curve Cryptosystem, that make them susceptible to those attacks. In 2006 Boreale described a new type of physical attack which is based in the Jacobi symbol concept, and after that, Schmidt used the same concept as Boreale to break the security of the blinded Montgomery powering ladder. In this paper a countermeasure against the Schmidt\'s attack is presented in order to make the blinded Montgomery powering ladder resistant to the Jacobi symbol attack.
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREVLSICS Design
ย
The latest innovation technology in computing devices has given a rise of compact, speedy and economical products which also embeds cryptography hardware on-chip. This device generally holds secret key and confidential information, more attention has been given to attacks on hardware which guards such secure information. The attacker may leak secret information from symmetric crypto-hardware (AES, DES etc.) using side-channel analysis, fault injection or exploiting existing test infrastructure. This paper examines various DFT based attack implementation method applied to cryptographic hardware. The paper contains an extensive analysis of attacks based on various parameters. The countermeasures are classified and analyzed in details.
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREVLSICS Design
ย
The latest innovation technology in computing devices has given a rise of compact, speedy and economical products which also embeds cryptography hardware on-chip. This device generally holds secret key and confidential information, more attention has been given to attacks on hardware which guards such secure information. The attacker may leak secret information from symmetric crypto-hardware (AES, DES etc.) using side-channel analysis, fault injection or exploiting existing test infrastructure. This paper examines various DFT based attack implementation method applied to cryptographic hardware. The paper contains an extensive analysis of attacks based on various parameters. The countermeasures are classified and analyzed in details.
HARDWARE SECURITY IN CASE OF SCAN-BASED ATTACK ON CRYPTO-HARDWAREVLSICS Design
ย
The latest innovation technology in computing devices has given a rise of compact, speedy and economical
products which also embeds cryptography hardware on-chip. This device generally holds secret key and
confidential information, more attention has been given to attacks on hardware which guards such secure
information. The attacker may leak secret information from symmetric crypto-hardware (AES, DES etc.)
using side-channel analysis, fault injection or exploiting existing test infrastructure. This paper examines
various DFT based attack implementation method applied to cryptographic hardware. The paper contains
an extensive analysis of attacks based on various parameters. The countermeasures are classified and
analyzed in details
Cryptosystem An Implementation of RSA Using Verilogijcncs
ย
This document describes an implementation of the RSA cryptosystem using Verilog for an FPGA. It presents the design of modules for key generation, encryption, and decryption. For key generation, it generates random prime numbers using an LFSR and primality tester, then calculates the public and private keys. Encryption and decryption are performed through modular exponentiation implemented with a right-to-left binary method. The modules are coded in Verilog and synthesized for an FPGA to provide a secure cryptosystem.
Cryptanalysis of Key Exchange Method Using Computational Intelligence Guided ...aciijournal
ย
In this paper, a cryptanalysis of key exchange method using multilayer perceptron (CKEMLP) has been
proposed in wireless communication of data/information. In this proposed CKEMLP technique both sender
and receiver uses an identical multilayer perceptrons for synchronization between them. After achieving
the full synchronization weights vectors of both the partiesโ becomes identical and this identical weight
vector is used as a secret session key for encryption/decryption. Different types of possible attacks during
synchronization phase are introduced in this paper. Among different types of attacks some of them can be
easily prevented by increasing the synaptic depth L. But few attacks are also there which has a great
success rate.
TOPOLOGY MAP ANALYSIS FOR EFFECTIVE CHOICE OF NETWORK ATTACK SCENARIOIJCNCJournal
ย
In general, network attack should be prohibited and information security technology should contribute to improve the trust of network communication. Almost network communication is based on IP packet that is standardized by the international organization. So, network attack does not work without following the standardized protocols and data format. Therefore, network attack also leaks information concerning adversaries by their IP packets. In this paper, we propose an effective choice for network attack scenario which counter-attacks adversary. We collect and analyze IP packets from the adversary, and derive network topology map of the adversary. The characteristics of topology map can be evaluated by the Eigen value of topology matrix. We observe the changes of characteristics of topology map by the influence of attack scenario. Then we can choose the most effective or suitable network counter-attack strategy. In this paper, we assume two kinds of attack scenarios and three types of tactics. And we show an example choice of attack using actual data of adversary which were observed by our dark-net monitoring.
OpenFlow Security Threat Detection and Defense ServicesEswar Publications
ย
The emergence of OpenFlow-capable switches de- couples control plane from the data flow plane so that they support programmable network and allow network administrators to have programmable central control of network traffic via a controller. The controller and its communication with switches and users become a malicious attack target. This paper explores major possible security threats and attacks on the controller of SDN and proposes a new approach to automatically and dynamically detect and monitor malicious behaviors on flow message passing and defend such attacks to ensure the security of SDN. We have built a FlowEye prototype at service level on Mininet API, and simulation tests are done on two feasible attacks on OpenFlow Beacon platform. The paper provides the feasibility study of such attacks and defense protection strategies in SDN security research..
A NOVEL SECURE COSINE SIMILARITY COMPUTATION SCHEME WITH MALICIOUS ADVERSARIESIJNSA Journal
ย
Similarity coefficients play an important role in many aspects. Recently, several schemes were proposed, but these schemes aimed to compute the similarity coefficients of binary data. In this paper, a novel scheme
which can compute the coefficients of integer is proposed. To the best knowledge of us, this is the first scheme which canesist malicious adversaries attack.
FAST DETECTION OF DDOS ATTACKS USING NON-ADAPTIVE GROUP TESTINGIJNSA Journal
ย
This document proposes a method for fast detection of DDoS attacks using non-adaptive group testing (NAGT). It begins with background on DDoS attacks and group testing techniques. It then describes using a strongly explicit d-disjunct matrix in NAGT to map IP addresses to "tests" performed by routers. The router counters would indicate potential hot items (attackers or victims). Two decoding algorithms are presented to identify the hot items from the test results with poly-log time complexity meeting data stream requirements. The method aims to provide early warning of DDoS attacks through efficient group testing of IP packets.
AN ANN APPROACH FOR NETWORK INTRUSION DETECTION USING ENTROPY BASED FEATURE S...IJNSA Journal
ย
With the increase in Internet users the number of malicious users are also growing day-by-day posing a serious problem in distinguishing between normal and abnormal behavior of users in the network. This has led to the research area of intrusion detection which essentially analyzes the network traffic and tries to determine normal and abnormal patterns of behavior.In this paper, we have analyzed the standard NSL-KDD intrusion dataset using some neural network based techniques for predicting possible intrusions. Four most effective classification methods, namely, Radial Basis Function Network, SelfOrganizing Map, Sequential Minimal Optimization, and Projective Adaptive Resonance Theory have been applied. In order to enhance the performance of the classifiers, three entropy based feature selection methods have been applied as preprocessing of data. Performances of different combinations of classifiers and attribute reduction methods have also been compared.
This document discusses using artificial neural networks for network intrusion detection. Specifically, it proposes a hybrid classification model that uses entropy-based feature selection to reduce the dataset, followed by four neural network techniques (RBFN, SOM, SMO, PART) for classification. It provides details on each neural network technique and the overall methodology, which uses 10-fold cross validation to evaluate performance based on standard criteria. The goal is to build an efficient intrusion detection system with low false alarms and high detection rates.
USE OF MARKOV CHAIN FOR EARLY DETECTING DDOS ATTACKSIJNSA Journal
ย
DDoS has a variety of types of mixed attacks. Botnet attackers can chain different types of DDoS attacks to confuse cybersecurity defenders. In this article, the attack type can be represented as the state of the model. Considering the attack type, we use this model to calculate the final attack probability. The final attack probability is then converted into one prediction vector, and the incoming attacks can be detected early before IDS issues an alert. The experiment results have shown that the prediction model that can make multi-vector DDoS detection and analysis easier.
This document presents a study on a proposed distributed attack detection algorithm using experimental and simulation analysis. The key points are:
1) The algorithm detects distributed denial of service attacks in wireless sensor networks using detector nodes that monitor traffic and reconstruct patterns to identify attacks.
2) Performance is affected by algorithmic parameters like time epoch length and number of detector nodes, and network parameters like node density and energy.
3) Simulation experiments quantify the attack detection rate, false positive/negative rates, and node energy utilization under variations in these parameters.
An Approach of Automatic Data Mining Algorithm for Intrusion Detection and P...IOSR Journals
ย
This document summarizes an approach for using data mining algorithms to detect network intrusions and prevent security threats. It analyzes two datasets - one containing 997 records and another containing 11,438 records - using various classification algorithms in Weka to determine the best performing ones. The algorithms examined include PART, SMO, HyperPipes, Filtered Classifier, Random Forest, Naive Bayes Updateable and KStar. Classification rate and false positive rate are used to evaluate performance. The document also discusses related work on intrusion detection using neural networks, genetic algorithms and other approaches.
MULTI-LAYER CLASSIFIER FOR MINIMIZING FALSE INTRUSIONIJNSA Journal
ย
Intrusion detection is one of the standard stages to protect computers in network security framework from several attacks. False alarms problem is critical in intrusion detection, which motivates many researchers to discover methods to minify false alarms. This paper proposes a procedure for classifying the type of intrusion according to multi-operations and multi-layer classifier for handling false alarms in intrusion detection. The proposed system is tested using on KDDcup99 benchmark. The performance showed that results obtained from three consequent classifiers are better than a single classifier. The accuracy reached 98% based on 25 features instead of using all features of KDDCup99 dataset.
Improvement of Search Algorithm for Integral Distinguisher in Subblock-Based ...ijcisjournal
ย
Integral distinguisher is the main factor of integral attack. Conventionally, higher order integral distinguisher is obtained as an extension of first order integral (conventional algorithm). The algorithm was applied to many subblock-based block ciphers, however, the conventional algorithm has some problems. We find other integral distinguisher of two sub block-based block ciphers, TWINE and LBlock, which are different from the conventional evaluations. As a solution, we propose a new algorithm to search for higher order integral distinguisher. The point of a proposal algorithm is exploitation of bijective and injective components of cipher functions. Applying the proposal algorithm to TWINE and LBlock, we confirm the results of the proposal algorithm are consistent with the results which are calculated from computer experiment. The results are the optimal distinguisher and the most advantageous one for the attackers. Our proposal algorithm contributes to development of stronger block ciphers by obtaining such integral distinguisher.
Models and approaches for Differential Power AnalysisAndrej ล imko
ย
There are many side-channel attacks, which employ power analysis for discovering secret keys. This paper describes various methods (Hamming weight, Hamming distance, Switching distance and Signed distance) and approaches, like Simple Power Analysis (SPA); different kinds of Differential Power Analysis (DPA) - first order, Single-Exponent Multiple-Data Attack (SEMD), Multiple-Exponent Single-Data Attack (MESD), Zero-Exponent Multiple-Data Attack (ZEMD), High-Order, automated template; Correlation Power Analysis (CPA); Mutual Information Analysis (MIA). At the end, there is a chapter on countermeasures against the side channel attacks.
Similar to HOW TO AVOID THE N-1 ATTACK WITHOUT COSTLY IMPLEMENTATIONS (20)
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptxEduSkills OECD
ย
Ivรกn Bornacelly, Policy Analyst at the OECD Centre for Skills, OECD, presents at the webinar 'Tackling job market gaps with a skills-first approach' on 12 June 2024
The chapter Lifelines of National Economy in Class 10 Geography focuses on the various modes of transportation and communication that play a vital role in the economic development of a country. These lifelines are crucial for the movement of goods, services, and people, thereby connecting different regions and promoting economic activities.
Leveraging Generative AI to Drive Nonprofit InnovationTechSoup
ย
In this webinar, participants learned how to utilize Generative AI to streamline operations and elevate member engagement. Amazon Web Service experts provided a customer specific use cases and dived into low/no-code tools that are quick and easy to deploy through Amazon Web Service (AWS.)
Walmart Business+ and Spark Good for Nonprofits.pdfTechSoup
ย
"Learn about all the ways Walmart supports nonprofit organizations.
You will hear from Liz Willett, the Head of Nonprofits, and hear about what Walmart is doing to help nonprofits, including Walmart Business and Spark Good. Walmart Business+ is a new offer for nonprofits that offers discounts and also streamlines nonprofits order and expense tracking, saving time and money.
The webinar may also give some examples on how nonprofits can best leverage Walmart Business+.
The event will cover the following::
Walmart Business + (https://business.walmart.com/plus) is a new shopping experience for nonprofits, schools, and local business customers that connects an exclusive online shopping experience to stores. Benefits include free delivery and shipping, a 'Spend Analyticsโ feature, special discounts, deals and tax-exempt shopping.
Special TechSoup offer for a free 180 days membership, and up to $150 in discounts on eligible orders.
Spark Good (walmart.com/sparkgood) is a charitable platform that enables nonprofits to receive donations directly from customers and associates.
Answers about how you can do more with Walmart!"
Temple of Asclepius in Thrace. Excavation resultsKrassimira Luka
ย
The temple and the sanctuary around were dedicated to Asklepios Zmidrenus. This name has been known since 1875 when an inscription dedicated to him was discovered in Rome. The inscription is dated in 227 AD and was left by soldiers originating from the city of Philippopolis (modern Plovdiv).
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...PECB
ย
Denis is a dynamic and results-driven Chief Information Officer (CIO) with a distinguished career spanning information systems analysis and technical project management. With a proven track record of spearheading the design and delivery of cutting-edge Information Management solutions, he has consistently elevated business operations, streamlined reporting functions, and maximized process efficiency.
Certified as an ISO/IEC 27001: Information Security Management Systems (ISMS) Lead Implementer, Data Protection Officer, and Cyber Risks Analyst, Denis brings a heightened focus on data security, privacy, and cyber resilience to every endeavor.
His expertise extends across a diverse spectrum of reporting, database, and web development applications, underpinned by an exceptional grasp of data storage and virtualization technologies. His proficiency in application testing, database administration, and data cleansing ensures seamless execution of complex projects.
What sets Denis apart is his comprehensive understanding of Business and Systems Analysis technologies, honed through involvement in all phases of the Software Development Lifecycle (SDLC). From meticulous requirements gathering to precise analysis, innovative design, rigorous development, thorough testing, and successful implementation, he has consistently delivered exceptional results.
Throughout his career, he has taken on multifaceted roles, from leading technical project management teams to owning solutions that drive operational excellence. His conscientious and proactive approach is unwavering, whether he is working independently or collaboratively within a team. His ability to connect with colleagues on a personal level underscores his commitment to fostering a harmonious and productive workplace environment.
Date: May 29, 2024
Tags: Information Security, ISO/IEC 27001, ISO/IEC 42001, Artificial Intelligence, GDPR
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27001 Information Security Management System - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
General Data Protection Regulation (GDPR) - Training Courses - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Chapter wise All Notes of First year Basic Civil Engineering.pptxDenish Jangid
ย
Chapter wise All Notes of First year Basic Civil Engineering
Syllabus
Chapter-1
Introduction to objective, scope and outcome the subject
Chapter 2
Introduction: Scope and Specialization of Civil Engineering, Role of civil Engineer in Society, Impact of infrastructural development on economy of country.
Chapter 3
Surveying: Object Principles & Types of Surveying; Site Plans, Plans & Maps; Scales & Unit of different Measurements.
Linear Measurements: Instruments used. Linear Measurement by Tape, Ranging out Survey Lines and overcoming Obstructions; Measurements on sloping ground; Tape corrections, conventional symbols. Angular Measurements: Instruments used; Introduction to Compass Surveying, Bearings and Longitude & Latitude of a Line, Introduction to total station.
Levelling: Instrument used Object of levelling, Methods of levelling in brief, and Contour maps.
Chapter 4
Buildings: Selection of site for Buildings, Layout of Building Plan, Types of buildings, Plinth area, carpet area, floor space index, Introduction to building byelaws, concept of sun light & ventilation. Components of Buildings & their functions, Basic concept of R.C.C., Introduction to types of foundation
Chapter 5
Transportation: Introduction to Transportation Engineering; Traffic and Road Safety: Types and Characteristics of Various Modes of Transportation; Various Road Traffic Signs, Causes of Accidents and Road Safety Measures.
Chapter 6
Environmental Engineering: Environmental Pollution, Environmental Acts and Regulations, Functional Concepts of Ecology, Basics of Species, Biodiversity, Ecosystem, Hydrological Cycle; Chemical Cycles: Carbon, Nitrogen & Phosphorus; Energy Flow in Ecosystems.
Water Pollution: Water Quality standards, Introduction to Treatment & Disposal of Waste Water. Reuse and Saving of Water, Rain Water Harvesting. Solid Waste Management: Classification of Solid Waste, Collection, Transportation and Disposal of Solid. Recycling of Solid Waste: Energy Recovery, Sanitary Landfill, On-Site Sanitation. Air & Noise Pollution: Primary and Secondary air pollutants, Harmful effects of Air Pollution, Control of Air Pollution. . Noise Pollution Harmful Effects of noise pollution, control of noise pollution, Global warming & Climate Change, Ozone depletion, Greenhouse effect
Text Books:
1. Palancharmy, Basic Civil Engineering, McGraw Hill publishers.
2. Satheesh Gopi, Basic Civil Engineering, Pearson Publishers.
3. Ketki Rangwala Dalal, Essentials of Civil Engineering, Charotar Publishing House.
4. BCP, Surveying volume 1
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) CurriculumMJDuyan
ย
(๐๐๐ ๐๐๐) (๐๐๐ฌ๐ฌ๐จ๐ง ๐)-๐๐ซ๐๐ฅ๐ข๐ฆ๐ฌ
๐๐ข๐ฌ๐๐ฎ๐ฌ๐ฌ ๐ญ๐ก๐ ๐๐๐ ๐๐ฎ๐ซ๐ซ๐ข๐๐ฎ๐ฅ๐ฎ๐ฆ ๐ข๐ง ๐ญ๐ก๐ ๐๐ก๐ข๐ฅ๐ข๐ฉ๐ฉ๐ข๐ง๐๐ฌ:
- Understand the goals and objectives of the Edukasyong Pantahanan at Pangkabuhayan (EPP) curriculum, recognizing its importance in fostering practical life skills and values among students. Students will also be able to identify the key components and subjects covered, such as agriculture, home economics, industrial arts, and information and communication technology.
๐๐ฑ๐ฉ๐ฅ๐๐ข๐ง ๐ญ๐ก๐ ๐๐๐ญ๐ฎ๐ซ๐ ๐๐ง๐ ๐๐๐จ๐ฉ๐ ๐จ๐ ๐๐ง ๐๐ง๐ญ๐ซ๐๐ฉ๐ซ๐๐ง๐๐ฎ๐ซ:
-Define entrepreneurship, distinguishing it from general business activities by emphasizing its focus on innovation, risk-taking, and value creation. Students will describe the characteristics and traits of successful entrepreneurs, including their roles and responsibilities, and discuss the broader economic and social impacts of entrepreneurial activities on both local and global scales.
This presentation was provided by Racquel Jemison, Ph.D., Christina MacLaughlin, Ph.D., and Paulomi Majumder. Ph.D., all of the American Chemical Society, for the second session of NISO's 2024 Training Series "DEIA in the Scholarly Landscape." Session Two: 'Expanding Pathways to Publishing Careers,' was held June 13, 2024.
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPRAHUL
ย
This Dissertation explores the particular circumstances of Mirzapur, a region located in the
core of India. Mirzapur, with its varied terrains and abundant biodiversity, offers an optimal
environment for investigating the changes in vegetation cover dynamics. Our study utilizes
advanced technologies such as GIS (Geographic Information Systems) and Remote sensing to
analyze the transformations that have taken place over the course of a decade.
The complex relationship between human activities and the environment has been the focus
of extensive research and worry. As the global community grapples with swift urbanization,
population expansion, and economic progress, the effects on natural ecosystems are becoming
more evident. A crucial element of this impact is the alteration of vegetation cover, which plays a
significant role in maintaining the ecological equilibrium of our planet.Land serves as the foundation for all human activities and provides the necessary materials for
these activities. As the most crucial natural resource, its utilization by humans results in different
'Land uses,' which are determined by both human activities and the physical characteristics of the
land.
The utilization of land is impacted by human needs and environmental factors. In countries
like India, rapid population growth and the emphasis on extensive resource exploitation can lead
to significant land degradation, adversely affecting the region's land cover.
Therefore, human intervention has significantly influenced land use patterns over many
centuries, evolving its structure over time and space. In the present era, these changes have
accelerated due to factors such as agriculture and urbanization. Information regarding land use and
cover is essential for various planning and management tasks related to the Earth's surface,
providing crucial environmental data for scientific, resource management, policy purposes, and
diverse human activities.
Accurate understanding of land use and cover is imperative for the development planning
of any area. Consequently, a wide range of professionals, including earth system scientists, land
and water managers, and urban planners, are interested in obtaining data on land use and cover
changes, conversion trends, and other related patterns. The spatial dimensions of land use and
cover support policymakers and scientists in making well-informed decisions, as alterations in
these patterns indicate shifts in economic and social conditions. Monitoring such changes with the
help of Advanced technologies like Remote Sensing and Geographic Information Systems is
crucial for coordinated efforts across different administrative levels. Advanced technologies like
Remote Sensing and Geographic Information Systems
9
Changes in vegetation cover refer to variations in the distribution, composition, and overall
structure of plant communities across different temporal and spatial scales. These changes can
occur natural.
Pengantar Penggunaan Flutter - Dart programming language1.pptx
ย
HOW TO AVOID THE N-1 ATTACK WITHOUT COSTLY IMPLEMENTATIONS
1. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
DOI : 10.5121/ijnsa.2012.4407 109
HOW TO AVOID THE N-1 ATTACK WITHOUT
COSTLY IMPLEMENTATIONS
David Tinoco Varela
Computational Science Graduate Program, Facultad de Estudios Superiores Cuautitlรกn,
Universidad Nacional Autรณnoma de Mรฉxico, Edo. de Mex. 54740, Mรฉxico
dativa19@comunidad.unam.mx
ABSTRACT
Simple Power Analysis (SPA) attacks are widely used against several cryptosystems, principally against
cryptosystems based on modular exponentiation. Many types of SPA have been reported in the literature,
Yen et al. introduced the N-1 attack, which uses chosen input messages to obtain relevant information
from the attacked cryptosystem. Their attack was implemented on the square-and-multiply always and on
the BRIP algorithm, both algorithms in left-to-right form. There are possible countermeasures against
this attack, but all of them are costly and time consuming. In this paper, a computationally efficient and
effective method to avoid the N-1 attack is investigated.
KEYWORDS
Simple Power Analysis, N-1 Attack, Modular Exponentiation, Embedded Devices.
1. INTRODUCTION
Since Kocher [1] described the first Side Channel Attack (SCA), many physical attacks against
cryptosystems implemented on embedded devices have been developed. Because SCAs
represent a serious threat, it is necessary to avoid them to obtain reliable cryptographic modules.
When a device executes operations of encryption or decryption, there are several measurable
physical signals, such as operating times [1], power consumption [2], and electromagnetic
radiation [3], that are correlated with the secret parameters of the cryptosystem. Basically, the
SCA obtains useful information from a device, such as a smart card, by measuring these
physical signals. The information can be used to reveal the secret key used to protect the
processed data within the appliance, and thus, the security of the cryptosystem can be
compromised.
Simple Power Analysis (SPA) and Differential Power Analysis (DPA) are well-known attacks,
both described by Kocher in [2]. The secret values from a cryptosystem can be obtained using
SPA by measuring one or few power traces from the device that is executing the algorithm. It is
possible to determine the value of the system's secret key from these measurements. To obtain
the secret key using DPA, many power consumption traces of the same algorithm with different
input messages are collected, and a statistical analysis of the traces is performed.
Primarily, an SCA is used to attack the modular exponentiation, which is the core operation of
many cryptosystems, such as RSA. Because the modular exponentiation is mainly calculated in
binary form, attacks use the measured signals to determine the binary representation of the
exponent; usually, the exponent is the secret key of the cryptosystem.
Square-and-multiply is a classic algorithm that is used to calculate the modular exponentiation.
This algorithm can be used in right-to-left or left-to-right form. This algorithm uses few
2. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
110
registers, and it is the simplest and the fastest of all known algorithms. However, this algorithm
is vulnerable to SPA because it calculates a modular multiplication and a square if the exponent
bit being processed is 1 and only a square if the exponent bit being processed is 0. Thus, an
attacker can measure the power consumption or the operating times of the algorithm's execution
to determine the binary string of the cryptosystemโs secret key.
Many modular exponentiation algorithms have been designed to prevent SPA, e.g., [4], [5], [6],
[7], [8], [9], [10], and [11]. Coron [12] provided the first algorithm created specifically to defeat
SPA using the square-and-multiply always (SaMA) algorithm, which works in a regular form.
That is, the algorithm will always calculate a multiplication followed by a square, independent
of the value of the exponent bit being processed (0 or 1).
There are many SPA techniques [13], [14]. For example, chosen-message is a technique used to
obtain relevant information from a device that is executing a cryptographic algorithm. Chosen-
message uses an input message that has a specific behaviour during the execution of the
algorithm, and that behaviour can be observed by the attacker who can obtain the secret
parameters of the cryptosystem.
Fouque and Valette proposed and implemented the Doubling Attack (DA) [13], a chosen-
message attack, against the left-to-right SaMA. In that attack, two related messages, M and
2
M , are chosen, and the behaviours of both messages in the attacked algorithm are used to
obtain the secret key. The relative Doubling Attack (RDA), an idea similar to DA, was proposed
by Yen et al. in [14]. These authors used RDA to attack the Montgomery powering ladder
algorithm [5].
One of the simplest chosen-message attacks is the 1โN attack proposed by Yen et al. in [15].
Though they explained the theoretical form of their attack against the left-to-right SaMA and
BRIP algorithms [16], Miyamoto et al. demonstrated the effectiveness of an 1โN attack in
practice [17].
Intermediate even exponents were proposed in [19] to protect the Montgomery powering ladder
algorithm against an attack that is based in the Jacobi symbol.
2. PRELIMINARIES
2.1. Modular exponentiation
The classical modular exponentiation algorithm (algorithm 1) uses the binary string of the
exponent to calculate the correct result of
โ
โ
==
1
0
2
n
i
i
i d
d
mm . In each of the iterations, this
algorithm executes a square operation and a conditional modular multiplication. Because of the
conditional multiplication, an attacker can determine the binary string of the exponent by
observing the power consumption of the device. The algorithm consumes more power when the
bit of the exponent is 1 than when the bit is 0.
Coron designed the SaMA algorithm (algorithm 2) to avoid the SPA. This algorithm is regular,
i.e., it does not have conditional multiplications and executes the same number of operations in
each of the iterations. However, algorithm 2 uses dummy operations, which can be vulnerable to
Safe Error Attacks [18].
Mamiya et al. proposed the BRIP algorithm, algorithm 3. This algorithm is regular, but it does
not use dummy operations. Randomization of the input message protects the algorithm against
3. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
111
DPA. The authors claimed that their algorithm is secure against SPA, but Yen et al.
demonstrated that algorithm 3 is vulnerable to an 1โN attack, which is a type of SPA.
Algorithm 1 Square-and-multiply left-to-right
1: Input Gm โ , 201 )( ddd n Kโ=
2: Output Gms d
โ=
3: 1]0[ โR
4: for 1โn to 0 do
5: NRR mod]0[]0[ 2
โ
6: if 1=id then
7: NmRR mod]0[]0[ โ โ
8: end if
9: end for
10: Return ]0[R
Algorithm 2 Square-and-multiply always, left-to right
1: Input Gm โ , 201 )( ddd n Kโ=
2: Output Gms d
โ=
3: 1โR
4: for 1โn to 0 do
5: NRR mod]0[ 2
โ
6: NmRR mod]0[]1[ โ โ
7: NdRR i mod][โ
8: end for
9: Return R
Algorithm 3 BRIP
1: Input Gm โ , 201 )( ddd n Kโ=
2: Output Gms d
โ=
3: rR โ]0[
4: 1]1[ โโ rR
5: 1]2[ โโ โ rmR
4: for 1โn to 0 do
5: NRR mod]0[]0[ 2
โ
6: if 0=id then
7: NRRR mod]1[]0[]0[ โ =
8: else
9: NRRR mod]2[]0[]0[ โ =
10: end if
11: end for
12: Return NRR mod]1[]0[ โ
4. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
112
2.2. N-1 Attack
In 2005, Yen et al. proposed the 1โN attack in [15]. They implemented it against modular
exponentiation algorithms 2 and 3. This attack assumes that the power traces obtained from a
device that is performing computations can be measured and compared to determine when two
values or operations are equal, even if the adversary does not know what values are being
processed. For example, if A and B are values, where AB = , the collisions of 2
A and 2
B can
be detected, even if A and B are unknown.
This attack is based on two observations:
1. - If a cryptosystem works with modulo N , NN mod1)1( 2 โกโ . This observation can
be extended to obtain NN j mod1)1( โกโ , for any even integer j .
2. - If a cryptosystem works with modulo N , NNN k mod)1()1( โโกโ , for any odd
integer k .
If a chosen value equal to 1โN is the input message, the value at the end of each of the
iterations of the attacked algorithm can take only one of two values: 1 if the bit being processed
is 0 or 1โN if the bit being processed is 1. Therefore, an attacker can observe only two patterns
in the power traces and thus can determine the binary string of the exponent.
In 2008, Miyamoto et al. [17] demonstrated and analyzed the effectiveness of the 1โN attack in
practice. They obtained power traces in which it is possible to identify when an exponent bit is 0
and when it is 1.
In [19], it was claimed that any d
m could be calculated using only even intermediate exponents
in a modular exponentiation algorithm. This idea was used to protect the Montgomery powering
ladder algorithm against an attack based on the Jacobi symbol. In section 3, this idea is used to
avoid the 1โN attack.
3. PROPOSED ALGORITHMS
In this section, the algorithms previously described and attacked with the 1โN attack are
modified to protect them against the mentioned threat.
3.1. Modified algorithms
If an attacker wants to break a cryptosystem and knows the value of the modulus N of the
cryptosystem, he can choose an input message that is equal to 1โN . The attacker sends the
chosen message to a device that runs an algorithm to encrypt and decrypt secret information.
The attacker collects one or few power traces from the device and searches for two patterns in
the power traces. Each pattern corresponds to a specific value. In this case, the value is 1 if
0=id and 1โN if 1=id .
When the attacker has found the patterns, he can determine two possible exponents, d and d ,
where d is the binary inverse of d , i.e., if 101101d = , then 010010=d . Using d and d , a
trial-and-error approach can be used to find the correct exponent and to break down the security
of the cryptosystem.
5. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
113
This scheme is illustrated in table 1, which shows the behaviour of algorithm 3 when it is
subjected to an 1โN attack. In this example, it is assumed that 1โ= Nm and d =89=1011001.
Algorithm 3 was chosen to demonstrate that two patterns could be recognized, even with a
blinded message.
Table 1. Algorithm 3 executed with an input message equal to 1โN .
i di Intermediate steps Result (Pattern)
6 1
rmR
rR
โ =
=
]0[
]0[ 2
rN โ โ )1(
5 0
rmR
rmR
โ =
โ =
2
22
]0[
]0[
rโ )1(
4 1
rmR
rmR
โ =
โ =
5
24
]0[
]0[
rN โ โ )1(
3 1
rmR
rmR
โ =
โ =
11
210
]0[
]0[
rN โ โ )1(
2 0
rmR
rmR
โ =
โ =
22
222
]0[
]0[
rโ )1(
1 0
rmR
rmR
โ =
โ =
44
244
]0[
]0[
rโ )1(
0 1
rmR
rmR
โ =
โ =
89
288
]0[
]0[
rN โ โ )1(
As shown in table 1, the presence of odd and even exponents in the intermediate steps of the
algorithm lead to two patterns in the power trace, and thus, the secret key of the cryptosystem
can be discovered.
This attack is powerful and can be easily implemented. However, to obtain the secret key, two
patterns must be present in the power trace. This attack can be avoided if there is only one
pattern in the power trace of each iteration, regardless of the processed bit. This idea is the
premise of the proposed algorithms. To implement this idea, recall that it is possible to work
with only even intermediate exponents in an algorithm [19]. Therefore, it is possible to obtain
only one visible pattern in the measured power trace. Based on this statement, algorithms 2 and
3 have been modified to obtain algorithms 4 and 5, respectively.
In algorithms 4 and 5, the first step is to change the input value m to 2
m , this square value will
affect all of the calculations in the algorithms. In each of the iterations, only even intermediate
exponents will be used in calculations. Therefore, an attacker will not be able to obtain any
information because all of the executed iterations in the algorithm will have the same pattern,
independent of the processed bit. This behavior is illustrated in table 2.
6. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
114
Algorithm 4 Modified square-and-multiply always, left-to-right
1: Input Gm โ , 201 )( ddd n Kโ=
2: Output Gms d
โ=
3: 1โR
4: mmM โ =
5: for 1โn to 1 do
6: NRR mod]0[ 2
โ
7: NMRR mod]0[]1[ โ โ
8: NdRR i mod][โ
9: end for
10: if 00 =d then
11: Return R
12: else
13: Return mR โ
14: end if
Algorithm 5 Modified BRIP
1: Input Gm โ , 201 )( ddd n Kโ=
2: Output Gms d
โ=
3: rR โ]0[
4: 1]1[ โโ rR
5: 1
]2[ โ
โ โ โ rmmR
4: for 1โn to 1 do
5: NRR mod]0[]0[ 2
โ
6: if 0=id then
7: NRRR mod]1[]0[]0[ โ =
8: else
9: NRRR mod]2[]0[]0[ โ =
10: end if
11: end for
12: if 10 =d then
13: NmRRR mod]1[]0[]0[ โ โ =
14: else
15: NRRR mod]1[]0[]0[ โ =
16: end if
12: Return ]0[R
3.2. Principle of the proposed algorithms
The explanation presented in this subsection is an extended version of that given in [19], but
here; equation (13) is presented for first time. This equation is a mathematical representation of
algorithms that work with intermediate even exponents.
7. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
115
Table 2. Algorithm 5 executed with an input message equal to 1โN and an exponent d
=89=1011001.
i di Intermediate steps Result (Pattern)
6 1
rmR
rR
โ =
=
2
2
]0[
]0[
rโ )1(
5 0
rmR
rmR
โ =
โ =
4
24
]0[
]0[
rโ )1(
4 1
rmR
rmR
โ =
โ =
10
28
]0[
]0[
rโ )1(
3 1
rmR
rmR
โ =
โ =
22
220
]0[
]0[
rโ )1(
2 0
rmR
rmR
โ =
โ =
44
244
]0[
]0[
rโ )1(
1 0
rmR
rmR
โ =
โ =
88
288
]0[
]0[
rโ )1(
0 1 89188
]1[]0[]0[ mmrrmmRRR =โ โ โ =โ โ = โ
The attacked algorithms (2 and 3) are in the left-to-right form. According to Moreno and Hasan
[11], this execution form is based in the following property; given the result of a
m , it is
possible to obtain 'a
m , where 'a is calculated by adding the bit b to a . Note that baa += 2' ,
and thus
babaa mmmm โ == + 22' )( . (1)
If equation (1) is used to calculate d
m in a modular exponentiation algorithm (algorithms 2 and
3), where โ
โ
=
โ =
1
0
2
n
i
i
idd , it is possible to obtain the following representation of it
0121 222 )))((( dddd
mmmm nn โ โ โโ LL , (2)
where n is the bit length of the exponent being processed.
If the modified algorithms (algorithms 4 and 5) were executed from iteration 1โn to 0, the
following representation could be obtained
0121 2222222
)))((( dddd
mmmm nn โ โ โโ LL . (3)
8. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
116
To understand why the proposed algorithms are executed from 1โn to 1 and why an if
statement is used in their last lines, we must consider the behaviours of equations (2) and (3)
when they are calculated using a modular exponentiation algorithm. The behaviours of both
equations will be represented using the assumption that they are executed from bit 1โnd to 0d .
In both representations, ink โโ= 1 , and each step represents an iteration. The behaviour of
equation (2) at each of the iterations of an algorithm is given by equations (4) - (7):
)(2)(2)(2)(2)(2 0132
0
1
1
)))(((1Step ddddd
mmmm nnn โ โ โโโ +
LL (4)
MM
)(2)(2)(2)(2)(2)(2 011
0
2
1
1 )))(((Step dddddd
mmmmi kkn
i
n
i
โ โ โโ
โ
โ +++
LL L
(5)
MM
)(2)(2)(2)(2 01
0
2
3
1
2
)(2Step dddd
mmn n
n
n
n
โ โ +++ โ
โ
โ
โ
L
(6)
)()(2)(2)(2 01
1
2
2
1
1
1Step dddd
mmn n
n
n
n
โ โ +++ โ
โ
โ
โ
L
(7)
The behaviour of equation (3) is given by equations (8) - (11):
)(22)(22)(22)(2)(2 0132
10
1
11
)))(((1Step ddddd
mmmm nnn โ โ โโ
+
โ
+
+
LL (8)
MM
)(22)(22)(22)(2)(2)(2 011
10
2
11
1
1
)))(((Step dddddd
mmmmi kkn
i
n
i
โ โ โ
+
โ
+โ
โ
+
+++
LL L
(9)
MM
)(22)(2)(2)(2 01
10
2
13
1
12
)(2Step dddd
mmn n
n
n
n
โ โ
+
โ
+โ
โ
+โ
+++ L
(10)
)(2)(2)(2)(2 01
11
2
12
1
11
1Step dddd
mmn n
n
n
n
โ โ
+
โ
+โ
โ
+โ
+++ L
(11)
It is possible to see that equation (7) is the correct result of calculating d
m . Note that the
underlined part of equation (10), ( )(2)(2)(2 1
1
2
2
1
1
ddd n
n
n
n
m +++ โ
โ
โ
โ
L
), is similar to equation (7).
To obtain equality between equations (7) and (10), the last square and the multiplication by
)(2 0d
m in equation (10) are deleted. The following expression is obtained:
)(2)(2)(2 1
1
2
2
1
1
ddd n
n
n
n
m +++ โ
โ
โ
โ
L
(12)
Now, equation (12) must be multiplied by )( 0d
m , and thus, the correct value of d
m is obtained.
Equation (3) is the representation of classic exponentiation algorithms. Here, the equation (13)
is presented, which is the representation of algorithms that work with intermediate even
exponents:
01221 2222222
)))((( ddddd
mmmmm nn โ โ โ โโ LL (13)
9. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
117
Because the proposed algorithms run from 1โn to 1, thereby eliminating the last square and the
last multiplication by )(2 0d
m , and use the if statement, which is the multiplication by )( 0d
m
where }1,0{0 โd , the correct value of d
m is computed.
3.3. Possible countermeasures
There are possible countermeasures against the 1โN attack. However, the countermeasures
have characteristics that make them impractical. Some possible countermeasures and their
disadvantages are discussed below:
1. Blind the message. In this countermeasure, the message, m , is blinded using a random
value, r . This idea can be seen as a correct form to protect the modular exponentiation.
However, it can be observed that algorithm 3 blinds the message and it remains vulnerable
to the 1โN attack [15]. The best technique for message blinding under this scheme is that
proposed by Fumaroli and Vigilant [20]. However, their technique requires an additional
register to save 1โ
r and n additional square operations, where n is the number of bits of
the exponent.
2. Blind the modulus, mentioned in [6, section 3.2]. In this countermeasure, the modulus, N ,
is blinded using a random value, r . This idea seems like a good proposal, however, there
are two disadvantages in its implementation:
2.1. The bit length of the modulus is increased, for what the operations will be calculated
with bigger integers; thus, the runtime of the algorithm will be longer, and the power
consumption of the algorithm will be higher.
2.2. There are standards used in the manufacturing of crypto devices, such as smart cards. If
the bit length of the modulus is increased, the modulus will not be coupled with the
standards.
3. Block the special input message, 1โN . This might be the most logical reaction against this
type of attack. However, according to Yen et al. [15], it is possible to choose messages with
a modified 1โN value. For example, the attacker can choose two input values, im and
ij mNm โ โ= )1( , and collect the two related power consumption traces of computing
Nm d
i mod and Nm d
j mod . The adversary can detect the collisions when
Nmm k
j
k
i modโก and deduce the value of d . To avoid this modified attack, the
relationship between two input messages can be checked to determine if
NNmm ij mod)1( โโ โก for every pair i and j . According to Yen et al. this is extremely
difficult and infeasible to implement in practice because the input messages, im and jm ,
might not be consecutive messages, and it is not possible to store all of the previous
messages required to perform the detection of that relationship.
In table 3, it is possible to see the behaviour of two executions of the algorithm 2 when two
input messages equal to 1m and 12 )1( mNm โ โ= are used in the algorithm. In this example, it
was assumed that d =89=1011001.
10. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
118
Table 3 shows that the visible patterns in both executions of algorithm 2 are equal when the bit
being processed is 0 and are different when the bit being processed is 1. This characteristic can
be used by an attacker to recognize the binary string of the secret key, d .
Table 3. Comparison of executions of algorithm 2 using input message 1m and input message
)1(12 โโ = Nmm .
i di Intermediate steps
when the input is
equal to m1.
Intermediate steps
when the input is
equal to m2.
Comparison of
the pattern of
the register R.
6 1
1
1]1[
1]0[
mR
mR
R
=
=
=
)1(
)1(]1[
1]0[
1
1
โโ =
โโ =
=
NmR
NmR
R Different
5 0
2
1
3
1
2
1
]1[
]0[
mR
mR
mR
=
=
=
2
1
3
1
2
1
)1(]1[
]0[
mR
NmR
mR
=
โโ =
= Equal
4 1
5
1
5
1
4
1
]1[
]0[
mR
mR
mR
=
=
=
)1(
)1(]1[
]0[
5
1
5
1
4
1
โโ =
โโ =
=
NmR
NmR
mR Different
3 1
11
1
11
1
10
1
]1[
]0[
mR
mR
mR
=
=
=
)1(
)1(]1[
]0[
11
1
11
1
10
1
โโ =
โโ =
=
NmR
NmR
mR Different
2 0
22
1
23
1
22
1
]1[
]0[
mR
mR
mR
=
=
=
22
1
23
1
22
1
)1(]1[
]0[
mR
NmR
mR
=
โโ =
= Equal
1 0
44
1
45
1
44
1
]1[
]0[
mR
mR
mR
=
=
=
44
1
45
1
44
1
)1(]1[
]0[
mR
NmR
mR
=
โโ =
= Equal
0 1
89
1
89
1
88
1
]1[
]0[
mR
mR
mR
=
=
=
)1(
)1(]1[
]0[
89
1
89
1
88
1
โโ =
โโ =
=
NmR
NmR
mR Different
3.4. Advantages of and commentaries on our modified algorithms
The modified algorithms have almost the same runtime as the original versions of them. They
only require an additional if statement. Algorithm 4 requires one more register than algorithm 2
to save mmM โ = , but algorithm 5 does not require any extra register.
11. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
119
The proposed algorithms do not require that the message be blinded to avoid an 1โN attack1
because in each intermediate step, the resulting value will always be equal to 1 (if the input
message is equal to 1โN ) regardless of the value of the exponent's bit being processed by the
algorithm. The attacker cannot determine the secret key because there is only one observable
pattern in the power trace.
The bit length of the modulus, or any other value, does not need to be increased in the proposed
algorithms. Therefore, the algorithms are in accordance with the standards used to manufacture
crypto devices.
Additionally, this strategy is useful to avoid attacks that use a modified 1โN value because the
congruence Nmm k
j
k
i mod1 โกโ will always be true in each intermediate step of the algorithm,
disregarding the value of the exponent bit being processed. Therefore, it is not necessary to
check the relationship between input messages, which is very costly and impractical. This
protection can be observed in table 4, where it is possible to see the behaviour of two executions
of the algorithm 4 when input messages, 1m and 12 )1( mNm โ โ= , are used in the algorithm. In
this example, it was assumed that d =89=1011001.
In table 4, it is possible to see that the patterns of the two executions of the algorithm are equal.
Therefore, an attacker cannot distinguish between a bit that is 0 and a bit that is 1. It is important
to note that line 4 in algorithm 4 eliminates the value 1โN of the message 2m :
2
1
2
1
22
1
2
11122 1)1())1(())1(())1(( mmNmNmNmNmmmM =โ =โโ =โโ =โโ โ โโ =โ =
Owing to the characteristics described in this section, it is possible to say that this method is
better than existing methods.
As was said before, this method can be easily implemented in practice. Therefore, it can be
implemented in protocols where embedded devices and cryptosystems based in modular
exponentiation are used; an example of a possible application is given in [21].
4. CONCLUSIONS
In this paper, we have presented two algorithms based in the intermediate even exponents that
are secure against the 1โN attack.
The proposed algorithms do not require additional runtime because they perform the same
number of operations as the original versions (algorithms 2 and 3). Additionally, they do not
increase the bit length of their parameters, i.e., they do not require a larger modulus to be secure
against this type of attack. Therefore, they are in accordance with the manufacturing standards
of embedded devices, such as smart cards.
Through this paper, has been shown that the proposed algorithms provide security against
attacks in which the input message is equal to 1โN and in which the input message is a
modification of the 1โN value, like mN โ โ1 , without costly steps and without impractical
solutions.
1
We are referring to the characteristics of the method against an 1โN attack, but it is necessary to blind
the message to avoid other types of attacks on the algorithms.
12. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
120
This protection against 1โN attacks is easy to implement. Because it does not require
additional implementation costs, it can be used in practice. This strategy does not sacrifice
runtime and offers better security than existing methods.
ACKNOWLEDGEMENTS
We would like to thank the referee for carefully reading this paper and for his constructive
suggestions. This paper was supported, in part, by project CONS-18 of FES-C UNAM.
Table 4. Comparison of two executions of algorithm 4, one using an input message 1m and the
other using an input message )1(12 โโ = Nmm .
i di Intermediate steps
when the input is
equal to m1.
Intermediate steps
when the input is
equal to m2.
Comparison of
the pattern of
the register R.
6 1
2
1
2
1]1[
1]0[
mR
mR
R
=
=
=
2
1
2
1]1[
1]0[
mR
mR
R
=
=
= Equal
5 0
4
1
6
1
4
1
]1[
]0[
mR
mR
mR
=
=
=
4
1
6
1
4
1
]1[
]0[
mR
mR
mR
=
=
= Equal
4 1
10
1
10
1
8
1
]1[
]0[
mR
mR
mR
=
=
=
10
1
10
1
8
1
]1[
]0[
mR
mR
mR
=
=
= Equal
3 1
22
1
22
1
20
1
]1[
]0[
mR
mR
mR
=
=
=
22
1
22
1
20
1
]1[
]0[
mR
mR
mR
=
=
= Equal
2 0
44
1
46
1
44
1
]1[
]0[
mR
mR
mR
=
=
=
44
1
46
1
44
1
]1[
]0[
mR
mR
mR
=
=
= Equal
1 0
88
1
90
1
88
1
]1[
]0[
mR
mR
mR
=
=
=
88
1
90
1
88
1
]1[
]0[
mR
mR
mR
=
=
= Equal
0 1
1
88
11 mmmRR โ =โ =
89
1mR = )1(
)1(
1
88
1
1
โโ โ =
โโ โ =
NmmR
NmRR
)1(89
1 โโ = NmR
Different
13. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
121
REFERENCES
[1] P. Kocher, (1996), โTiming attacks on implementations of Diffie-Hellman, RSA, DSS, and other
systems.โ In Koblitz, N., ed.: Advances in Cryptology-CRYPTO 96. Volume 1109 of Lecture in
Notes in Computer Science, pp. 104-113.
[2] P.C. Kocher, J. Jaffe, and B. Jun, (1999), โDifferential Power Analysis.โ In Wiener, M., Ed.:
Advances in Cryptology-CRYPTO โ99. Volume 1666 of Lecture Notes in Computer Science, pp.
388-397.
[3] J.J. Quisquater and D. Samyde, (2001), โElectromagnetic analysis (ema): Measures and counter-
measures for smart cardsโ. Smart Card Programming and Securit, pp. 200-210.
[4] M. Joye, (2002), โRecovering lost efficiency of exponentiation algorithms on smart cardsโ. IET
Electronics Letters, Vol. 38, No. 19, pp. 1095-1097.
[5] M. Joye and S.M. Yen. (2002), โThe montgomery powering ladder.โ In Cryptographic Hardware
and Embedded Systems-CHES 2002, 2523 of Lecture Notes in Computer Science, pp. 291-302.
[6] C. Giraud, (2006), โAn rsa implementation resistant to fault attacks and to simple power analysisโ.
IEEE Transactions on computers, Vol. 55, No. 9, pp. 1116-1120.
[7] J.C. Ha, J.H. Park, S.J. Moon and S.M. Yen, (2007), โProvably secure countermeasure resistant to
several types of power attack for ECCโ. Springer Information Security Applications, pp. 333-344.
[8] D.Z. Sun, J.P. Huai, J.Z. Sun and Z.F. Cao, (2007), โAn efficient modular exponentiation
algorithm against simple power analysis attacksโ, IEEE Transactions on Consumer Electronics,
Vol. 53, No. 4, pp. 1718-1723.
[9] M. Joye, (2007), โHighly regular right-to-left algorithms for scalar multiplication.โ Cryptographic
Hardware and Embedded Systems-CHES 2007, 4727 of Lecture in Notes in Computer Science, pp.
135โ147.
[10] J.C. Ha, C.H. Jun, J.H. Park, S.J. Moon, and C.K. Kim, (2008), โA new crt-rsa scheme resistant to
power analysis and fault attacks.โ Third 2008 International Conference on Convergence and
Hybrid Information Technology, pp. 351-356.
[11] C. Moreno and M.A. Hasan, (2011), โSPA-resistant binary exponentiation with optimal execution
timeโ, Springer Journal of Cryptographic Engineering, pp. 1-13.
[12] J.S. Coron, (1999), โResistance against differential power analysis for elliptic curve
cryptosystems.โ In Ko, Paar, C., Eds.: Cryptographic Hardware and Embedded Systems-CHES
2002. Vol. 1717 of Lecture Notes in Computer Science, pp. 292-302.
[13] P.A. Fouque and F. Valette, (2003), โThe doubling attackโwhy upwards is better than
downwards.โ In Cryptographic Hardware and Embedded Systems-CHES 2003, LNCS 2779, pp.
269-280.
[14] S.M. Yen, L.C. Ko, S.J. Moon, and J.C. Ha, (2005), โRelative doubling attack against montgomery
ladder.โ In Information Security and Cryptology-ICISC 2005, 3935 of Lecture Notes in Computer
Science, pp. 117-128.
[15] S.M. Yen, W.C. Lien, S.J. Moon, and J.C. Ha, (2005), โPower analysis by exploiting chosen
message and internal collisions-vulnerability of checking mechanism for rsa-decryption.โ Progress
in CryptologyโMycrypt 2005, 3715 of Lecture Notes in Computer Science, pp. 183-195.
14. International Journal of Network Security & Its Applications (IJNSA), Vol.4, No.4, July 2012
122
[16] H. Mamiya, A. Miyaji, and H. Morimoto, (2004), โEfficient countermeasures against rpa, dpa, and
spa.โ Cryptographic Hardware and Embedded Systems-CHES 2004, 3156 of Lecture Notes in
Computer Science, pp. 343-356.
[17] A. Miyamoto, N. Homma, T. Aoki and A. Satoh, (2008), โEnhanced power analysis attack using
chosen message against RSA hardware implementations.โ IEEE International Symposium on
Circuits and Systems, pp. 3282-3285.
[18] S.M. Yen, S. Kim, S. Lim, and S. Moon, (2001), โA countermeasure against one physical
cryptanalysis may benefit another attackโ. Information Security and Cryptology-ICISC 2001, 2288
of Lecture Notes in Computer Science, pp.414-427.
[19] D. Tinoco Varela, (2012), โBlinded Montgomery Powering Ladder Protected Against the Jacobi
Symbol Attackโ, International Journal of Security (IJS), Vol. 6, No. 3, pp. 15-27.
[20] G. Fumaroli and D. Vigilant, (2006), โBlinded fault resistant exponentiation.โ Fault Diagnosis and
Tolerance in Cryptography, 4236 of Lecture Notes in Computer Science, pp. 62-70.
[21] Hayam K. Al-Anie, Mohammad A. Alia and Adnan A. Hnaif, (2011), โE-Voting protocol based on
public-key cryptography.โ International Journal of Network Security & Its Applications (IJNSA),
Vol.3, No.4, pp. 87-98.