Traffic analysis is a type of attack on secure communications systems, in which the adversary extracts useful patterns and information from the observed traffic. This paper improves and extends an efficient traffic analysis attack, called “statistical disclosure attack.” Moreover, we propose a solution to defend against the improved (and, a fortiori, the original) statistical disclosure attack....

SIMON is a block cipher developed to provide flexible security options for lightweight hardware applications such as the Internet-of-things (IoT). Safeguarding resource-constrained from side-channel attacks poses significant challenge. Adiabatic circuit operation has recently received attention due ultra-low power consumption. In this work, charge-based methodology mount correlation analysis (C...

Outsourced computations enable more efficient solutions towards practical problems that require major computations. Nevertheless, users’ privacy remains as a major challenge, as the service provider can access users’ data freely. It has been shown that fully homomorphic encryption schemes might be the perfect solution, as it allows one party to process users’ data homomorphically, without the n...

SASC (Server-Aided Secret Computation) protocols enable a client (a smart card) to borrow computing power from a server (e.g., an untrustworthy auxiliary device like an ATM) without revealing its secret information. In this paper, we propose a new active attack on server-aided secret computation protocols. We describe our attack by using Beguin and Quisquater’s protocol. (We modify the protocol...

In cloud computing, multiple users can share the same physical machine that can potentially leak secret information, in particular when the memory de-duplication is enabled. Flush+Reload attack is a cache-based attack that makes use of resource sharing. T-table implementation of AES is commonly used in the crypto libraries like OpenSSL. Several Flush+Reload attacks on T-table implementat...

In information security, ignorance is not bliss. It is always stated that hiding the protocols (let the other be ignorant about it) does not increase the security of organizations. However, there are cases that ignorance creates protocols. In this paper, we propose distributed contingency logic, a proper extension of contingency (ignorance) logic. Intuitively, a formula is distributed contingen...

Steganography is the branch of information hiding for secret communication. The simplest and widely used steganography is the LSB based approach due to its visual quality with high embedding capacity. However, LSB based steganography techniques are not secure against statistical steganalysis mainly χ2 attack and Regular Singular (RS) attack. These two staganalysis can easily estimate the hidden...

In the article we show an attack on the cryptographic protocol of electronic auction with extended requirements [1]. The found attack consists of authentication breach and secret retrieval. It is a kind of “man in the middle attack”. The intruder impersonates an agent and learns some secret information. We have discovered this flaw using OFMC an automatic tool of cryptographic protocol verifica...

This article presents a simple power-analysis (SPA) attack on implementations of the AES key expansion. The attack reveals the secret key of AES software implementations on smart cards by exploiting the fact that the power consumption of most smart-card processors leaks information during the AES key expansion. The presented attack efficiently utilizes this information leakage to substantially ...

Wagner, Goldberg and Briceno have recently published an attack [2] on what they believe to be Comp128, the GSM A3A8 authentication hash function [1]. Provided that the attacker has physical access to the card and to its secret PIN code (the card has to be activated), this chosen plaintext attack recovers the secret key of the personalized SIM (Secure Identification Module) card by inducing coll...