Filtyp
In this paper, we show that a software implementation of IND-CCA-secure Saber key encapsulation mechanism protected by first-order masking and shuffling can be broken by deep learning-based power analysis. Using an ensemble of deep neural networks trained at the profiling stage, we can recover the session key and the secret key from 257 × N and 24 × 257 × N traces, respectively, where N is the num
A key enabler for Industry 4.0 is Fifth Generation Wireless Specifications (5G), within which network slicing is a promising technique to ensure customized quality of service for specific end-user groups in industrial scenarios. Massive Multiple Input Multiple Output (MIMO) plays a significant role in 5G but network slicing for massive MIMO has not yet been addressed. In this paper, we propose a n
Cloud-RAN (C-RAN) is a promising paradigm for the next generation radio access network infrastructure, which offers centralized and coordinated base-band signal processing in a BBU pool. This requires extremely low latency fronthaul links to achieve real-time signal processing. In this paper, we investigate massive MIMO pilot scheduling in a C-RAN infrastructure under a factory automation scenario
5G promises to usher in the industrial 4.0 era. In that era, intricately managed autonomous industrial sites with for example remotely controller equipment and autonomous units promise previously unseen levels of efficiency. Although such scenarios are elusive, they come with strict long-since established safety requirements. To uphold such requirements, intelligent industrial 5G networks, that ac
The area of Internet of Things (IoT) is growing and it affects a large amount of users, which means that security is important. Many parts of IoT systems are built with Open Source Software, for which security vulnerabilities are available. It is important to update the software when vulnerabilities are detected, but it is unclear to what extent this is done in industry today. This study presents
With the help of modern technologies and advances in communication systems, the functionality of Industrial control systems (ICS) has been enhanced leading toward to have more efficient and smarter ICS. However, this makes these systems more and more connected and part of a networked system. This can provide an entry point for attackers to infiltrate the system and cause damage with potentially ca
Cloud computing has become a prominent technology for the computing paradigm in various industrial sectors nowadays. For most industrial applications to perform in real-time, the support of periodic computing is required. However, it remains a challenge when the computing is executed in a cloud, since both the network connection and the cloud environment are uncertain. In this paper, we propose a
The increase in both the use of open-source software (OSS) and the number of new vulnerabilities reported in this software constitutes an increased threat to businesses, people, and our society. To mitigate this threat, vulnerability information must be efficiently handled in organizations. In addition, where e.g., IoT devices are integrated into systems, such information must be disseminated from
During recent years, research on authenticated encryption has been thriving through two highly active and practice-motivated research directions: provably secure leakage-resilience schemes and key- or context-commitment security. However, the intersection of both fields had been overlooked until very recently. In ToSC 1/2024, Struck and Weish\"aupl studied generic compositions of Encryption scheme
Social norms play a fundamental role in holding groups together. The rationale behind most of them is to coordinate individual actions into a beneficial societal outcome. However, there are cases where pro-social behavior within a community seems, to the contrary, to cause inefficiencies and suboptimal collective outcomes. An explanation for this is that individuals in a society are of different t
The evolution of the fifth-generation network (5G) increases the demand and use of Internet of Things (IoT) devices extensively. The increased number of IoT devices increases the possibility of new attack surfaces, and thus even resource-constrained IoT devices need secure communication. In this work, we consider the Julia Key Agreement (JKA) protocol, which has been proposed as a secure and effic
Security has been recognized as a leading barrier for IoT adoption. The growing number of connected devices and reported software vulnerabilities increases the importance firmware updates. Maturity models for software security do include parts of this, but are lacking in several aspects. This paper presents and evaluates a maturity model (HAVOSS) for handling vulnerabilities in third party OSS and
The Internet of Things (IoT) paradigm, has opened up the possibility of using the ubiquity of small devices to route information without the necessity of being connected to a Wide Area Network (WAN). Use cases of IoT devices sending updates that are routed and delivered by other IoT devices have been proposed in the literature. In this paper we focus on receivers only interested in the freshest up
We present a simple key-recovery attack on the LCMQ Authentication Protocol, an RFID authentication protocol proposed by Li, Gong, and Qin in 2013. We show that a successful attack is performed by solving a Learning Parity with Noise instance in a not-too-large dimension. For the proposed LCMQ parameters, the attack requires only a few invocations with the tag under attack. When there is no restri
The Module Learning With Errors (MLWE)-based Key Encapsulation Mechanism (KEM) Kyber is NIST's new standard scheme for post-quantum encryption. As a building block, Kyber uses a Chosen Plaintext Attack (CPA)-secure Public Key Encryption (PKE) scheme, referred to as Kyber.CPAPKE. In this paper we study the robustness of Kyber.CPAPKE against key mismatch attacks.We demonstrate that Kyber's security
In this paper, we introduce OT-PCA, a novel approach for conducting Plaintext-Checking (PC) oracle based side-channel attacks, specifically designed for Hamming Quasi-Cyclic (HQC). By calling the publicly accessible HQC decoder, we build offline templates that enable efficient extraction of soft information for hundreds of secret positions with just a single PC oracle call. Our method addresses cr
In this paper, we introduce an oracle version of the Restricted Syndrome Decoding Problem (RSDP) and propose novel authentication protocols based on the hardness of this problem. They follow the basic structure of the HB-family of authentication protocols and later improvements but demonstrate several advantages.An appropriate choice of multiplicative subgroup and ring structure gives rise to a ve
The Learning with Errors (LWE) problem receives much attention in cryptography, mainly due to its fundamental significance in post-quantum cryptography. Among its solving algorithms, the Blum-Kalai-Wasserman (BKW) algorithm, originally proposed for solving the Learning Parity with Noise (LPN) problem, performs well, especially for certain parameter settings with cryptographic importance. The BKW a
The problem of decoding random codes is a fundamental problem for code-based cryptography, including recent code-based candidates in the NIST post-quantum standardization process. In this paper, we present a novel Sieving-style Information-set Decoding algorithm, addressing the task of solving the syndrome decoding problem. Our approach involves maintaining a list of weight-2p solution vectors to
Lattice-based cryptography is in the process of being standardized. Several proposals to deal with side-channel information using lattice reduction exist. However, it has been shown that algorithms based on Bayesian updating are often more favorable in practice. In this work, we define distribution hints; a type of hint that allows modelling probabilistic information. These hints generalize most p
