Search results

Understanding and measuring security of softwarein terms of vulnerability metrics is important when reviewingand deciding between softwares. The large number of disclosedvulnerabilities will continue to expose software intensivesystems and products to attacks, and the choice of thirdparty software will affect stability and reliability of productsincorporating this software. We collect CVE data fro

Increasingly fine-grained cloud billing creates incentives to review the software execution footprint in virtual environments. For example, virtual execution environments move towards lower overhead: from virtual machines to containers, unikernels, and serverless cloud computing. However, the execution footprint of security components in virtualized environments has either remained the same or eve

Open-Source Software (OSS) is increasingly common in industry software and enables developers to build better applications, at a higher pace, and with better security. These advantages also come with the cost of including vulnerabilities through these third-party libraries. The largest publicly available database of easily machine-readable vulnerabilities is the National Vulnerability Database (NV

In post-quantum cryptography (PQC), Learning With Errors (LWE) is one of the dominant underlying mathematical problems. For example, in NIST's PQC standardization process, the Key Encapsulation Mechanism (KEM) protocol chosen for standardization was Kyber, an LWE-based scheme. The primal and the dual attacks are the two main strategies considered for solving the underlying LWE problem of multiple

In this paper, we present two new provable nonce-misuseresistantAEAD modes based on tweakable block ciphers and universalhash functions. These new modes target equipping high-speed applicationswith nonce-misuse-resistant AEAD (MRAE). The first mode, LowLatency Synthetic IV (LLSIV), targets similar performance on single-coreplatforms to SCT-2, while eliminating the bottlenecks that make SCT-2not fu

In this paper, we revisit the question of key recovery using side-channel analysis for unrolled, single-cycle block ciphers. In particular, we study the Princev2 cipher. While it has been shown vulnerable in multiple previous studies, those studies were performed on side-channel friendly ASICs or older FPGAs (e.g., Xilinx Virtex II on the SASEBO-G board), and using mostly expensive equipment. We s

Properties of the Grain-128AEAD key re-introduction, as part of the cipher initialization, are analyzed and discussed. We consider and analyze several possible alternatives for key re-introduction and identify weaknesses, or potential weaknesses, in them. Our results show that it seems favorable to separate the state initialization, the key re-introduction, and the A/R register initialization into

Weaknesses in the Grain-128AEAD key re-introduction, as part of thecipher initialization, are analyzed and discussed. We consider and analyzeseveral possible alternatives for key re-introduction and identify weaknesses, or potential weaknesses, in them. Our results show that it seemsfavorable to separate the state initialization, the key re-introduction, andthe A/R register initialization into thr

Sanctions can take many forms and is a complex area considering the purpose of the use. When discussing sanctions one of the main difficulties is that it has different definitions and includes a variety of terms. Sanctions are often used when pressuring a country to change their behaviour or conduct. Sanctions can also be seen as restrictive measures or embargoes. The United Nations applies sancti

It is well known that load balancing in data centers can lead to unnecessary energy usage if all servers are kept active. Usingdynamic server provisioning, the number of servers that serve requests can be reduced by turning off idle servers and thereby savingenergy. However, such a scheme, usually increases the risk of instability of server queues. In this work, we analyze the trade-offbetween ene

Side-channel attacks on cryptographic algorithms targets the implementation of the algorithm. Information can leak from the implementation in several different ways and, in this paper, electromagnetic radiation from an FPGA is considered. We examine to which extent key information from an AES implementation can be deduced using a low-end oscilloscope. Moreover, we examine how the antenna's distanc

Grain-128AEAD is a stream cipher supporting authenticated encryptionwith associated data, and it is currently in round 2 of the NIST lightweight cryptostandardization process. In this paper we present and benchmark software implementations of the cipher, targeting constrained processors. The processors chosen arethe 8-bit (AVR) and 16-bit (MSP) processors used in the FELICS-AEAD framework.Both hig

The Learning with Errors (LWE) problem is one of the main mathematical foundations of post-quantum cryptography. One of the main groups of algorithms for solving LWE is the Blum-Kalai-Wasserman (BKW) algorithm. This paper presents new improvements for BKW-style algorithms for solving LWE instances. We target minimum concrete complexity and we introduce a new reduction step where we partially reduc

We consider the problem of designing distinguishers and nonrandomness detectors for stream ciphers using the maximum degree monomial test. We construct an improved algorithm to determine the subset of key and IV-bits used in the test. The algorithm is generic, and can be applied to any stream cipher. In addition to this, the algorithm is highly tweakable, and can be adapted depending on the desire

In this paper we present an approach to gaining increased anonymity from authorities within a VANET. Standardization organizations and researchers working on VANETs recognize privacy as highly important. However, most research focuses on privacy from other vehicles and external attackers, as opposed to privacy from system-administrating authorities. Our proposed solution forces authorities to reso

The Learning with Errors problem (LWE) has become a central topic in recent cryptographic research. In this paper, we present a new solving algorithm combining important ideas from previous work on improving the Blum-Kalai-Wasserman (BKW) algorithm and ideas from sieving in lattices. The new algorithm is analyzed and demonstrates an improved asymptotic performance. For the Regev parameters $q=n^2$

SNOW 3G is a stream cipher designed in 2006 by ETSI/SAGE, serving in 3GPP as one of the standard algorithms for data confidentiality and integrity protection. It is also included in the 4G LTE standard. In this paper we derive vectorized linear approximations of the finite state machine in SNOW3G. In particular,we show one 24-bit approximation with a bias around 2−37 and one byte-oriented approxim

Code-based cryptography is one of the main techniques enabling cryptographic primitives in a post-quantum scenario. In particular, the MDPC scheme is a basic scheme from which many other schemes have been derived. These schemes rely on iterative decoding in the decryption process and thus have a certain small probability p of having a decryption (decoding) error.In this paper we show a very fundam