Adaptive chosen all inputs model for analyzing key derivation functions against bit-flip and timing side-channel attacks
Cryptographic keys are vital to ensure secure communication and secure electronic transaction. Key Derivation Function (KDF) is used to generate these cryptographic keys from a private string, salt and context information. A salt is a random string while the context information is the application sp...
| Main Author: | |
|---|---|
| Format: | Thesis |
| Language: | English English English |
| Published: |
2019
|
| Subjects: | |
| Online Access: | http://eprints.uthm.edu.my/539/ http://eprints.uthm.edu.my/539/1/24p%20KOH%20WEN%20WEN.pdf http://eprints.uthm.edu.my/539/2/KOH%20WEN%20WEN%20COPYRIGHT%20DECLARATION.pdf http://eprints.uthm.edu.my/539/3/KOH%20WEN%20WEN%20WATERMARK.pdf |
| _version_ | 1848887223267622912 |
|---|---|
| author | Koh, Wen Wen |
| author_facet | Koh, Wen Wen |
| author_sort | Koh, Wen Wen |
| building | UTHM Institutional Repository |
| collection | Online Access |
| description | Cryptographic keys are vital to ensure secure communication and secure electronic transaction. Key Derivation Function (KDF) is used to generate these cryptographic keys from a private string, salt and context information. A salt is a random string while the context information is the application specific data such as identities of communicating parties. Due to the importance of the KDF, it is mandatory to ensure the design of KDF may withstand any types of attacks. Nowadays, there are five security models used to analyze the security of KDF proposals. However, none of these security models take into account the KDF analysis against the bit-flipping attack and timing side-channel attack. Therefore, this research proposes a new security model, namely Adaptive Chosen All Inputs Model (ACAM) for analyzing the security of KDF proposals against these attacks. This research proves the implication relationship and non-implication relationship between the ACAM and the existing security model, namely Adaptive Chosen Public Inputs Model with Multiple Salts (CPM). The ACAM analyzes the security of KDF proposals in terms of the bit-flipping attack and timing side-channel attack. The result showed that only the stream cipher based KDF is vulnerable to the bit-flipping attack. However, all the existing KDFs are vulnerable to the timing side-channel attack. Finally, this research conducts the practical timing side-channel attack on KDFs that are constructed using hash functions, stream ciphers, and block ciphers. Different constructions of KDFs have resulted in different timing variation. The timing variation can reveal the length of private string and the types of cryptographic primitives used to build the KDFs. Hence, this research proposes a randomness timing solution based on the concept of random ‘for’ loop to the KDFs. The randomness timing solution protects the security of KDFs but decreases the performance of KDFs. This research brings benefits to the security researchers in which ACAM security model can be used as the benchmark to determine whether the design of KDFs consists of security weakness in terms of bit-flipping attack and timing side-channel attack.
vi |
| first_indexed | 2025-11-15T19:50:58Z |
| format | Thesis |
| id | uthm-539 |
| institution | Universiti Tun Hussein Onn Malaysia |
| institution_category | Local University |
| language | English English English |
| last_indexed | 2025-11-15T19:50:58Z |
| publishDate | 2019 |
| recordtype | eprints |
| repository_type | Digital Repository |
| spelling | uthm-5392021-08-05T03:11:58Z http://eprints.uthm.edu.my/539/ Adaptive chosen all inputs model for analyzing key derivation functions against bit-flip and timing side-channel attacks Koh, Wen Wen QA299.6-433 Analysis Cryptographic keys are vital to ensure secure communication and secure electronic transaction. Key Derivation Function (KDF) is used to generate these cryptographic keys from a private string, salt and context information. A salt is a random string while the context information is the application specific data such as identities of communicating parties. Due to the importance of the KDF, it is mandatory to ensure the design of KDF may withstand any types of attacks. Nowadays, there are five security models used to analyze the security of KDF proposals. However, none of these security models take into account the KDF analysis against the bit-flipping attack and timing side-channel attack. Therefore, this research proposes a new security model, namely Adaptive Chosen All Inputs Model (ACAM) for analyzing the security of KDF proposals against these attacks. This research proves the implication relationship and non-implication relationship between the ACAM and the existing security model, namely Adaptive Chosen Public Inputs Model with Multiple Salts (CPM). The ACAM analyzes the security of KDF proposals in terms of the bit-flipping attack and timing side-channel attack. The result showed that only the stream cipher based KDF is vulnerable to the bit-flipping attack. However, all the existing KDFs are vulnerable to the timing side-channel attack. Finally, this research conducts the practical timing side-channel attack on KDFs that are constructed using hash functions, stream ciphers, and block ciphers. Different constructions of KDFs have resulted in different timing variation. The timing variation can reveal the length of private string and the types of cryptographic primitives used to build the KDFs. Hence, this research proposes a randomness timing solution based on the concept of random ‘for’ loop to the KDFs. The randomness timing solution protects the security of KDFs but decreases the performance of KDFs. This research brings benefits to the security researchers in which ACAM security model can be used as the benchmark to determine whether the design of KDFs consists of security weakness in terms of bit-flipping attack and timing side-channel attack. vi 2019-12 Thesis NonPeerReviewed text en http://eprints.uthm.edu.my/539/1/24p%20KOH%20WEN%20WEN.pdf text en http://eprints.uthm.edu.my/539/2/KOH%20WEN%20WEN%20COPYRIGHT%20DECLARATION.pdf text en http://eprints.uthm.edu.my/539/3/KOH%20WEN%20WEN%20WATERMARK.pdf Koh, Wen Wen (2019) Adaptive chosen all inputs model for analyzing key derivation functions against bit-flip and timing side-channel attacks. Masters thesis, Universiti Tun Hussein Onn Malaysia. |
| spellingShingle | QA299.6-433 Analysis Koh, Wen Wen Adaptive chosen all inputs model for analyzing key derivation functions against bit-flip and timing side-channel attacks |
| title | Adaptive chosen all inputs model for analyzing key derivation functions against bit-flip and timing side-channel attacks |
| title_full | Adaptive chosen all inputs model for analyzing key derivation functions against bit-flip and timing side-channel attacks |
| title_fullStr | Adaptive chosen all inputs model for analyzing key derivation functions against bit-flip and timing side-channel attacks |
| title_full_unstemmed | Adaptive chosen all inputs model for analyzing key derivation functions against bit-flip and timing side-channel attacks |
| title_short | Adaptive chosen all inputs model for analyzing key derivation functions against bit-flip and timing side-channel attacks |
| title_sort | adaptive chosen all inputs model for analyzing key derivation functions against bit-flip and timing side-channel attacks |
| topic | QA299.6-433 Analysis |
| url | http://eprints.uthm.edu.my/539/ http://eprints.uthm.edu.my/539/1/24p%20KOH%20WEN%20WEN.pdf http://eprints.uthm.edu.my/539/2/KOH%20WEN%20WEN%20COPYRIGHT%20DECLARATION.pdf http://eprints.uthm.edu.my/539/3/KOH%20WEN%20WEN%20WATERMARK.pdf |