Ing. Josef Kokeš, Ph.D.

Article

10.1007/s42979-022-01222-w

Department of Information Security

In this paper we propose a set of algorithms that can automatically detect the use of AES and automatically recover both the encryption key and the plaintext, assuming that we can control the code flow of the encrypting program, e.g., when an application is performing encryption without the user’s permission. The first algorithm makes use of the fact that we can monitor accesses to the AES S-Box and deduce the desired data from these accesses; the approach is suitable to software-based AES implementations, both naïve and optimized. To demonstrate the feasibility of this approach we designed a tool which implements the algorithm for Microsoft Windows running on the Intel x86 architecture. The tool has been successfully tested against a set of applications using different cryptographic libraries and common user applications. We also discuss the options of recovering the same data when hardware-assisted AES implementations on Intel-compatible architectures are used.

Proceedings paper

10.5220/0010255201720180

Department of Information Security

In this paper we propose an algorithm that can automatically detect the use of AES and automatically recover both the encryption key and the plaintext. It makes use of the fact that we can monitor accesses to the AES S-Box and deduce the desired data from these accesses; the approach is suitable to software-based AES implementations, both naíve and optimized. To demonstrate the feasibility of this approach we designed a tool which implements the algorithm for Microsoft Windows running on the Intel x86 architecture. The tool has been successfully tested against a set of applications using different cryptographic libraries and common user applications.

Proceedings paper

Department of Computer Systems

We present results of linear cryptanalysis of Baby Rijndael, a reduced-size model of Rijndael. The results were obtained using exhaustive search of all approximations and all keys and show some curious properties of both linear cryptanalysis and Baby Rijndael, particularly the existence of different classes of linear approximations with significantly different success rates of recovery of the cipher’s key.

Proceedings paper

Department of Computer Systems

While analyzing Baby Rijndael, we encountered several irregularities in the behavior of the chosen linear cryptanalysis technique. We focused on the detailed study of these properties and discovered as yet unpublished dependency between the choice of a linear approximation and the success rate of recovery of the encryption key. We demonstrate that there are significant qualitative differences between individual linear approximation, despite the fact that the probability bias of these approximations is constant. We can find similar differences also when applying these approximations to recovery of different key bits.

Proceedings paper

Department of Computer Systems

We discuss the current results of cryptanalysis of the AES, and propose an alternative technique for overcoming the computational problems related to them, which is building a reduced-size model of the cipher and applying the cryptanalysis to that, while gradually increasing the size to get an estimate for the level of scaling of particular cryptographic attacks. Our current results suggest that this is a promising idea, with a potential for further understanding of the conditional security of the cipher. We also present several research directions using this technique, and our dissertation goals.