Beschreibung |
Once you have a block cipher, you need a "mode of operation" to employ the block cipher for anything "useful", such as 1 • modes for encryption, e.g., the counter mode, • modes for authentication, e.g., variants of the CBC-MAC, • and authenticated encryption modes, e.g., the Galois-Counter Mode (GCM) or the offset-code-book (OCB) mode. Most of the modes have been proven secure -- and yet, there are attacks against these modes. The proofs are always based on a certain set of assumptions, such as a "nonce" never being used a second time, or the decryption of an invalid ciphertext never been compromised. Thus, "non-standard attacks" or "misuse scenarios", where the adversary may exploit a seemingly innocent but actually flawed implementation of the mode, allow the adversary to bypass the proven security claims. Moreover, typical proofs consider adversaries to learn inputs and outputs of the mode (except for the secret key), but not any internal data. Another way to bypass proven security claims and to attack a mode is to gather "side-channel" information about internal data, e.g., by measuring the response time in a cryptographic protocol, or by measuring the power consumption of a device running the operation. The seminar is about • nonstandard attacks, • side-channel attacks, • "robust" modes to withstand nonstandard attacks, • and "leakage-resilient" modes for resistance to side-channel attacks. |