Skip to main content
SpringerLink
Log in

Midgame Attacks and Defense Against Them

  • Conference paper
  • First Online:
Cyber Security, Cryptology, and Machine Learning (CSCML 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13914))

  • 605 Accesses

Abstract

In this paper, we propose the Midgame Security attack model, where it is assumed that at some point in the middle of computation with a secret key, and after some secure work (typically but not necessarily initial one), the powerful adversary sees the entire internal state and attempts key recovery/forgery. This security model is motivated by a few trends: First and primarily, it may represent a model in which part of the computation is done in a possibly insecure environment (e.g., the emerging modes of cloud server delegation, hosting environment, general pc, the cloud, etc.), where the insecure environment performs the bulk of the work, after some initial or intermediate (relatively small amount of) work at a trusted location which holds the cryptographic keys (client, co-processor, trusted hardware with leakage countermeasures, an enclave in the cloud, etc.). Secondly, from a leakage perspective, the model represents a total leakage in the system at some point after some secured work has been done without leakage (perhaps at a different location). The model is novel (though, superficially, it has a flavor of forward security), and is most meaningful to demonstrate exposures of constructions where there is an obvious lengthy progress of computation (e.g., MACing or (Authenticated) Encrypting of long messages) which is done without the cryptographic keys present, and when we want short usage of keys (to minimize their exposure). In these cases, initially in secure periods the key may be blended into the state of the computation and an attacker task is to recover that key in spite of the blending from the leakage from the environment which never hold any key. We employ the new model to analyze numerous concrete cryptosystems and mainly find key recovery or forgery attacks. We first compare HMAC based on the SHA-3 finalists in this new midgame security model. One thing we show is that the domain extension of Keccak, called the sponge construction, is exposed in a HMAC-Keccak mode, and thus if there is an exposed state, the key is recoverable. Secondly, we analyze the midgame security of several popular message authentication codes, encryption, and authenticated-encryption (AE) schemes. We show that all known (authenticated) encryption schemes based on block ciphers, and that six ECRYPT stream ciphers out of the seven we examined are not secure against the midgame attacks. We note that from the point of view of risk analysis of overall systems, midgame attacks which may use a strong (but realizable) state exposure attack, may nevertheless open the door for new exposure deserving of considerations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Aumasson, J., Henzen, L., Meier, W., Phan, R.C.-W.: SHA-3 proposal BLAKE-version 1.3 (2010). https://131002.net/blake/blake.pdf

  2. Babbage, S., Dodd, M.: The stream cipher MICKEY 2.0. The eSTREAM Projosemanukect - eSTREAM Phase 3. http://www.ecrypt.eu.org/stream/

  3. Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_1

    Chapter  Google Scholar 

  4. Bellare, M., Yee, B.: Forward-security in private-key cryptography. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 1–18. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36563-X_1

    Chapter  Google Scholar 

  5. Bellizia, D., et al.: Mode-level vs. implementation-level physical security in symmetric cryptography a practical guide through the leakage-resistance jungle. http://eprint.iacr.org/2020/211.pdf

  6. Berbain, C., et al.: SOSEMANUK, a fast software-oriented stream cipher. The eSTREAM Project - eSTREAM Phase 3. http://www.ecrypt.eu.org/stream/

  7. Bernstein, D.J.: Salsa20 specification. The eSTREAM Project - eSTREAM Phase 3. http://www.ecrypt.eu.org/stream/

  8. Berti, F., Koeune, F., Pereira, O., Peters, T., Standaert, F.-X.: Ciphertext integrity with misuse and leakage: definition and efficient constructions with symmetric primitives. In: AsiaCCS 2018, pp. 37–50 (2018)

    Google Scholar 

  9. Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: Keccak sponge function family main document. Submission to NIST (Round 1) (2008). http://keccak.noekeon.org/Keccak-main-1.0.pdf

  10. Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: Duplexing the sponge: single-pass authenticated encryption and other applications. Submission to the NIST second SHA-3 workshop (2010). http://csrc.nist.gov/groups/ST/hash/sha-3/Round2/Aug2010/documents/papers/DAEMEN_DuplexSponge.pdf

  11. Bertoni, G., Daemen, J., Peeters, M., Assche, G.V.: The Keccak SHA-3 submission. Submission to NIST (Round 3) (2011). http://keccak.noekeon.org/Keccak-submission-3.pdf

  12. Blaze, M.: High-bandwidth encryption with low-bandwidth smartcards. In: Gollmann, D. (ed.) FSE 1996. LNCS, vol. 1039, pp. 33–40. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-60865-6_40

    Chapter  MATH  Google Scholar 

  13. Blaze, M., Feigenbaum, J., Naor, M.: A formal treatment of remotely keyed encryption. In: Nyberg, K. (ed.) EUROCRYPT 1998. LNCS, vol. 1403, pp. 251–265. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054131

    Chapter  Google Scholar 

  14. Boesgaard, M., Vesterager, M., Christensen, T., Zenner, E.: The Stream Cipher Rabbit. The eSTREAM Project - eSTREAM Phase 3. http://www.ecrypt.eu.org/stream/

  15. Cannière, C.D., Preneel, B.: Trivium Specifications. The eSTREAM Project - eSTREAM Phase 3. http://www.ecrypt.eu.org/stream/

  16. Dworkin, M.: Recommendation for Block Cipher Modes of Operation. NIST Special Publication 800-38A 2001 Edition. http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf

  17. Dworkin, M.: Recommendation for Block Cipher Modes of Operation: The CCM Mode for Authentication and Confidentiality. NIST Special Publication 800-38C 2004 Edition. http://csrc.nist.gov/publications/nistpubs/800-38C/SP800-38C_updated-July20_2007.pdf

  18. Dworkin, M.: Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication. NIST Special Publication 800-38B 2005 Edition. http://csrc.nist.gov/publications/nistpubs/800-38B/SP_800-38B.pdf

  19. Dworkin, M.: Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC. NIST Special Publication 800-38D 2005 Edition. http://csrc.nist.gov/publications/nistpubs/800-38D/SP-800-38D.pdf

  20. Dworkin, M.: Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping Morris Dworkin. NIST Special Publication 800-38F 2011 Edition. http://csrc.nist.gov/publications/drafts/800-38F/Draft-SP800-38F_Aug2011.pdf

  21. Ferguson, N., et al.: The Skein Hash Function Family. Submission to NIST (Round 3) (2010). http://www.skein-hash.info/sites/default/files/skein1.3.pdf

  22. Gauravaram, P., et al.: Grøstl - a SHA-3 candidate. Submission to NIST (Round 3) (2011). http://www.groestl.info/Groestl.pdf

  23. Halderman, J.A., et al.: Lest we remember: cold boot attacks on encryption keys. In: USENIX Security Symposium, pp. 91–98 (2008)

    Google Scholar 

  24. Hell, M., Johansson, T., Meier, W.: A Stream Cipher Proposal: Grain-128. The eSTREAM Project - eSTREAM Phase 3. http://www.ecrypt.eu.org/stream/

  25. Hoerder, S., Wójcik, M., Tillich, S., Page, D.: An evaluation of hash functions on a power analysis resistant processor architecture. In: Ardagna, C.A., Zhou, J. (eds.) WISTP 2011. LNCS, vol. 6633, pp. 160–174. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-21040-2_11

    Chapter  Google Scholar 

  26. Petit, C., Standaert, F., Pereira, O., Malkin, T., Yung, M.: A block cipher based pseudo random number generator secure against side-channel key recovery. In: Proceedings of the 2008 ACM Symposium on Information, Computer and Communications Security, ASIACCS 2008, pp. 56–65 (2008)

    Google Scholar 

  27. Pietrzak, K.: A leakage-resilient mode of operation. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 462–482. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01001-9_27

    Chapter  Google Scholar 

  28. Preneel, B., van Oorschot, P.C.: On the security of two MAC algorithms. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 19–32. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_3

    Chapter  Google Scholar 

  29. Rogaway, P., Bellare, M., Black, J.: OCB: a block-cipher mode of operation for efficient authenticated encryption. ACM Trans. Inf. Syst. Secur. (TISSEC) 6(3), 365–403 (2003)

    Article  Google Scholar 

  30. Standaert, F.-X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel key recovery attacks. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 443–461. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-01001-9_26

    Chapter  Google Scholar 

  31. Wu, H.: The Stream Cipher HC-128. The eSTREAM Project - eSTREAM Phase 3. https://www.ecrypt.eu.org/stream/

  32. Wu, H.: The Hash Function JH. Submission to NIST (Round 3) (2011). https://www3.ntu.edu.sg/home/wuhj/research/jh/jh_round3.pdf

  33. Yasuda, K.: “Sandwich’’ is indeed secure: how to authenticate a message with just one hashing. In: Pieprzyk, J., Ghodosi, H., Dawson, E. (eds.) ACISP 2007. LNCS, vol. 4586, pp. 355–369. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73458-1_26

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. National Institute of Standards and Technology, Gaithersburg, MD, USA

    Donghoon Chang

  2. Strativia, Largo, MD, USA

    Donghoon Chang

  3. Department of Computer Science, Indraprastha Institute of Information Technology Delhi (IIIT-Delhi), Delhi, India

    Donghoon Chang

  4. Google Inc., Mountain View, USA

    Moti Yung

  5. Department of Computer Science, Columbia University, New York, USA

    Moti Yung

Authors
  1. Donghoon Chang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Moti Yung
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Moti Yung .

Editor information

Editors and Affiliations

  1. Ben-Gurion University of the Negev, Be’er Sheva, Israel

    Shlomi Dolev

  2. Ben-Gurion University of the Negev, Be’er Sheva, Israel

    Ehud Gudes

  3. Zama, Meythet, France

    Pascal Paillier

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chang, D., Yung, M. (2023). Midgame Attacks and Defense Against Them. In: Dolev, S., Gudes, E., Paillier, P. (eds) Cyber Security, Cryptology, and Machine Learning. CSCML 2023. Lecture Notes in Computer Science, vol 13914. Springer, Cham. https://doi.org/10.1007/978-3-031-34671-2_33

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-34671-2_33

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-34670-5

  • Online ISBN: 978-3-031-34671-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation