To our best knowledge, this is the first successful bitstream modification attack on SNOW 3G. As a result, it becomes possible to recover the key from a known plaintext-ciphertext pair. By changing the content of some look-up tables in the bitstream, we reduce the non-linear state updating function of SNOW 3G to a linear one. In this paper, we show that SNOW 3G can be broken by a fault attack based on bitstream modification. It is believed to be resistant to classical cryptanalysis. SNOW 3G is one of the core algorithms for confidentiality and integrity in several 3GPP wireless communication standards, including the new Next Generation (NG) 5G. 1275-1278 Conference paper, Published paper (Refereed) Abstract
Hardware id trivium keygen generator iso#
Institute of Electrical and Electronics Engineers (IEEE), 2020 Keywordsbitstream modification, fault injection, FPGA, reverse engineering, stream cipher, ISO Standards, Bit stream, International standards, ISO/IEC, Keystream, Modification attack, Nonlinear state, Power penalty, Stream Ciphers, Binary sequences We present an algorithm for injecting dummy LUTs directly into the bitstream without causing any performance or power penalty. We also propose a countermeasure against bitstream modification attacks which obfuscates the bitstream using dummy and camouflaged LUTs which look legitimate to the attacker. This makes it possible to recover the key from 288 keystream bits using at most 219.41 operations. By changing the content of three LUTs in the bitstream, we reduce the non-linear state updating function of Trivium to a linear one.
In this paper, we present a bitstream modification attack on the Trivium stream cipher, an international standard under ISO/IEC 29192-3. 640-647 Conference paper, Published paper (Refereed) Abstract Identifiers urn:nbn:se:kth:diva-296415 (URN) 10.1109/TCSII.2021.3066338 (DOI) 000645863300031 () 2-s2.0-85103197023 (Scopus ID)ΔΆ020 (English) In: VLSI in Computers and Processors: Proceedings 38th IEEE International Conference on Computer Design, ICCD 2020, Institute of Electrical and Electronics Engineers (IEEE), 2020, p. Other Electrical Engineering, Electronic Engineering, Information Engineering IEEE-INST ELECTRICAL ELECTRONICS ENGINEERS INC, 2021 KeywordsField programmable gate arrays, Entropy, Generators, Training, Side-channel attacks, Deep learning, Power measurement, TRNG, side-channel attack, power analysis, FPGA, bitstream modification The combined attack opens a new attack vector which makes possible what is not achievable with pure bitstream modification or side-channel analysis. We demonstrate the attack on the example of an open source AIS-20/31 compliant ring oscillator-based TRNG implemented in Xilinx Artix-7 28nm FPGAs. In this brief, we show that an attack combining power analysis with bitstream modification is capable of classifying the output bits of a TRNG implemented in FPGAs from a single power measurement. A compromised TRNG may lead to a system-wide loss of security. True Random Number Generators (TRNGs) create a hardware-based, non-deterministic noise that is used for generating keys, initialization vectors, and nonces in a variety of applications requiring cryptographic protection. 1710-1714 Article in journal (Refereed) Published Abstract 2021 (English) In: IEEE Transactions on Circuits and Systems - II - Express Briefs, ISSN 1549-7747, E-ISSN 1558-3791, Vol.