Ing. Josef Kokeš, Ph.D.

Článek

10.1007/s42979-022-01222-w

Katedra informační bezpečnosti

In this paper we propose a set of algorithms that can automatically detect the use of AES and automatically recover both the encryption key and the plaintext, assuming that we can control the code flow of the encrypting program, e.g., when an application is performing encryption without the user’s permission. The first algorithm makes use of the fact that we can monitor accesses to the AES S-Box and deduce the desired data from these accesses; the approach is suitable to software-based AES implementations, both naïve and optimized. To demonstrate the feasibility of this approach we designed a tool which implements the algorithm for Microsoft Windows running on the Intel x86 architecture. The tool has been successfully tested against a set of applications using different cryptographic libraries and common user applications. We also discuss the options of recovering the same data when hardware-assisted AES implementations on Intel-compatible architectures are used.

Stať ve sborníku

10.5220/0010255201720180

Katedra informační bezpečnosti

In this paper we propose an algorithm that can automatically detect the use of AES and automatically recover both the encryption key and the plaintext. It makes use of the fact that we can monitor accesses to the AES S-Box and deduce the desired data from these accesses; the approach is suitable to software-based AES implementations, both naíve and optimized. To demonstrate the feasibility of this approach we designed a tool which implements the algorithm for Microsoft Windows running on the Intel x86 architecture. The tool has been successfully tested against a set of applications using different cryptographic libraries and common user applications.

Stať ve sborníku

Katedra počítačových systémů

We present results of linear cryptanalysis of Baby Rijndael, a reduced-size model of Rijndael. The results were obtained using exhaustive search of all approximations and all keys and show some curious properties of both linear cryptanalysis and Baby Rijndael, particularly the existence of different classes of linear approximations with significantly different success rates of recovery of the cipher’s key.

Stať ve sborníku

Katedra počítačových systémů

Při analýze šifry Baby Rijndael jsme narazili na něekolik zvláštností v chování techniky lineární kryptoanalýzy. Zaměřili jsme se na důkladný průzkum těchto vlastností a odhalili dosud nepopsané závislosti mezi výběrem lineárních aproximací a úspěšností odhalení šifrovacího klíče.Ukazujeme, že mezi jednotlivými lineárními aproximacemi panují značné kvalitativní rozdíly, přestože pravděpodobnostní odchylka jednotlivých aproximací je stejná. Podobné rozdíly nalezneme také při aplikaci těchto aproximací na odhalení různých bitů klíče.

Stať ve sborníku

Katedra počítačových systémů

We discuss the current results of cryptanalysis of the AES, and propose an alternative technique for overcoming the computational problems related to them, which is building a reduced-size model of the cipher and applying the cryptanalysis to that, while gradually increasing the size to get an estimate for the level of scaling of particular cryptographic attacks. Our current results suggest that this is a promising idea, with a potential for further understanding of the conditional security of the cipher. We also present several research directions using this technique, and our dissertation goals.