Lightweight Ciphers Cryptanalysis And Component Optimization Design

With the rapid development of Internet of Things(IoT)technology,IoT has occupied daily life in areas as diverse as smart city,smart home,intelligent transportation and intelligent healthcare.While IoT brings convenience to our life,security issues become increasingly prominent and security incidents occur frequently.IoT links numerous terminal devices such as RFID tags,industrial controllers,sensor nodes and smart cards.IoT terminal devices acquire a large amount of privacy or sensitive information and send it to the server through the network for monitoring,control and analysis.In order to prevent the adversary from attacking the IoT data acquisition and transmission process,designers can use cryptographic technology to effectively and reliably guarantee the authentication,confidentiality,data integrity and access control of the IoT.Most IoT terminal devices have resource constraints such as computing,storage,power supply and size.Therefore,for resource-constrained devices,lightweight ciphers should be used for security.There has been a large amount of work done by the academic community related to lightweight ciphers.This includes the design and analysis of lightweight ciphers algorithms and the optimization and implementation of cryptography components.Because side channel attacks pose a certain threat to cryptography products,a secure implementation should be considered to resist side channel attacks when theoretically secure cryptography algorithms are deployed in actual products.This paper mainly focuses on the cryptanalysis of lightweight ciphers,the optimization and design of cryptographic components and the security deployment method of cryptographic algorithm.In the design and implementation of cryptographic algorithms,the security and performance of cryptographic algorithms are two main factors that designers pay attention to.The research contents of this paper involve theoretical analysis and security implementation in terms of security,and includes component optimization and design in terms of performance.Our research results have theoretical and practical application value for the design and implementation of cryptographic algorithms.The specific research contents are as follows.Cryptanalysis of SKINNY-AEAD M1/M3:SKINNY-AEAD is one of the second-round candidates of the Lightweight Cryptography Standardization project held by NIST.SKINNYAEAD M1 is the primary member of six SKINNY-AEAD schemes,while SKINNY-AEAD M3 is another member with a small tag.In the design document,only security analyses of their underlying primitive SKINNY-128-384 are provided.Besides,there are no valid third-party analyses on SKINNY-AEAD M1/M3 according to our knowledge.This paper focuses on constructing the first third-party security analyses on them under a nonce-respecting scenario.By taking the encryption mode of SKINNY-AEAD into consideration and exploiting several properties of SKINNY,we can deduce some necessary constraints on the input and tweakey differences of related-tweakey impossible differential distinguishers.Under these constraints,we can find distinguishers suitable for mounting powerful tweakey recovery attacks.With the help of the automatic searching algorithms based on STP,we find some 14-round distinguishers.Based on one of these distinguishers,we mount a 20-round and an 18-round tweakey recovery attack on SKINNY-AEAD M1/M3.To the best of our knowledge,all these attacks are the best ones so far.Optimization and design of cryptographic components:In order to improve the hardware implementation performance of cryptography algorithm,the existing work mainly focuses on two aspects:optimizing the existing cryptographic components or designing lightweight cryptographic components.In terms of optimizing the existing cryptographic components,we propose a new optimizing scheme for the coordinate functions of an S-box,which could find circuit expressions with optimal gate equivalent complexity(GEC)using SAT solvers under a depth-L framework.To obtain a better GEC performance in the optimizing scheme,we first propose the ternary and area profile models for SAT problems.The former introduces multiple efficient 3-input logic gates,and the latter takes the different weights of various gates into account in solving.To demonstrate the validity and usefulness,we use our optimizing methodology to search optimized implementation of a given 4-bit S-box with the forced independent property.The experimental results show that the SAT optimization method based on mathematical tools proposed in this paper can make the area optimization rate of the circuit reach 23%.In terms of designing lightweight cryptographic components,this paper proposes a new algorithm with a layered structure to search for 8-bit SKINNY-like S-boxes.The new constructed S-boxes have comparable security properties with the original 8-bit SKINNY S-box.Besides,due to our searching algorithm’s rules and constraints,SKINNY-like Sboxes have other features of lightweight implementation,low multiplicative complexity,low AND depth,and an effective inverse.Eventually,the searching algorithm outputs 224 000 8-bit SKINNY-like S-boxes.The cipher designers can use these new S-boxes to construct lightweight block ciphers with easy-to-mask property and efficient implementation performance.Secure deployment and implementation of cryptographic algorithm in IoT firmware update scheme:In the IEEE S&P 2017,Shamir et al.exploited side-channel power analysis(SCPA)and approximately 5000 power traces to recover the global AESCCM key that Philip Hue lamps use to decrypt and authenticate new firmware.Based on the recovered key,the attacker could create a malicious firmware update and load it to Philip Hue lamps to cause Internet of Things(IoT)security issues.Inspired by the work of Shamir et al.,we propose an AES-CCM-based firmware update scheme against SCPA and denial of service(DoS)attacks.The proposed scheme applied in IoT terminal devices includes two aspects of design(i.e.,bootloader and application layer).Firstly,in the bootloader,the number of updates per unit time is limited to prevent the attacker from acquiring a sufficient number of useful traces in a short time,which can effectively counter an SCPA attack.Secondly,in the application layer,using the proposed handshake protocol,the IoT device can access the IoT server to regain update permission,which can defend against DoS attacks.Moreover,on the STM32F405+M25P40 hardware platform,we implement Philips’and the proposed modified schemes.Experimental results show that compared with the firmware update scheme of Philips Hue smart lamps,the proposed scheme additionally requires only 2.35 KB of Flash memory and a maximum of 0.32 s update time to effectively enhance the security of the AES-CCM-based firmware update process.