| Block ciphers are the essential component of the modern cryptography and they are widely used in the field of information security because they are easy to standardize,have efficient implementation in both software and hardware,and provide rapid encryption and decryption.The security analysis of block ciphers has always been an important research direction of cryptography.Fault analysis is one of the security analysis methods for the block ciphers.The attacker can inject faults by laser,voltage and magnetic to interfere with the process of encryption to produce the faulty ciphertexts.Finally,the cryptosystem can be broken by exploiting the leaked information from the ciphertexts.This method is applicable in real life,and can examine the security attributes of block ciphers.The ciphertext-only fault analysis is one kind of fault analysis that based on the assumption of ciphertext-only attacks.The attacker injects random faults during the process of cryptographic devices.The faulty ciphertexts from the device and the subkey candidates are utilized to deduce the intermediate state.Then,the distinguisher analyzes the statistical information of the intermediate states and picks up the expected candidate.Under this circumstance,the secret key can be recovered by using the faulty ciphertexts only,while the attacker owns the weakest ability of listening to the encrypted communication.In a nutshell,the ciphertext-only fault analysis is easier to implement in the environment with limited resources and has more flexible application prospects.TWINE is a lightweight block cipher proposed at the SAC in 2012.It is applied to ensure the security of highly-constrained devices in the Internet of Things.Up to now,its attacking assumptions of the previous security analysis focus on known-plaintext attacks and chosen-plaintext attacks.There is little knowledge of TWINE against ciphertext-only attacks,which belong the weakest attacking assumptions.This paper discusses whether the TWINE cryptosystem can resist the ciphertext-only fault analysis and proposes the new distinguishers of MLE-HE,HW-HE and HW-MLE-HE to improve the attack efficiency.The attacker injects the random nibble faults into the encryption and uses the distinguishers to analyze the faulty intermediate states.The complexity,success probability,number of faults,accuracy and latency are used to measure the performance of different distinguishers.The experimental results show that the novel proposed distinguishers of MLE-HE?HW-HE and HW-MLEHE only require 132,128 and 124 faults to recover the subkey with a success probability over 99%,which effectively reduce the number of faults and have a better effect.The results are valid for enhancing the protection of the information in the Internet of thing.SMS4 is the first commercial block cipher standard that announced by the Chinese government.It is used in the WAPI security protocol of wireless local area network to safeguard the information security.Up till now,there is no research that discuss the SMS4 cryptosystem against the ciphertextonly fault analysis.This paper utilizes the ciphertext-only fault analysis to examine the security of SMS4.The attacker injects random byte faults into the encryption.Then,the distinguishers are leveraged to analysis the faulty intermediate states which are calculated from the faulty ciphertexts and the subkey candidates.The experimental results show that the novel distinguishers of HW-SEI and BC-HW need only 148 and 140 faults to recover the secret key of SMS4 with a success probability over 99%,which reduce the number of faults and the cost of attacks.The results offer a valuable reference to increase the security of the data transmission in the WLAN.This paper implements a new ciphertext-only fault analysis on the TWINE cryptosystem and the SMS4 cryptosystem.The research acts as a reference for the security analysis of block ciphers with the similar structure and provides new ideas for the design of block ciphers in the Internet of Things and WLAN. |
PDF Full Text Request