research-article

An Enhanced SHA3-based Hashing Method: A Side-channel attack countermeasure

Authors:

A. Samir Abo-Taleb,

Salwa ElramlyAuthors Info & Claims

ICSIE '19: Proceedings of the 8th International Conference on Software and Information Engineering

Pages 145 - 150

https://doi.org/10.1145/3328833.3328879

Published: 09 April 2019 Publication History

Abstract

When a software implementation of a security system is considered, side channel attacks are on the spot threat. Side-channel attacks, considered in this work, are a class of physical attacks in which an adversary tries to exploit physical information leakages such as timing information, power consumption, or electromagnetic radiation to estimate security system parameters during performing security algorithms. New system architecture features, such as larger cache sizes and multicore processors, have increased the prevalence of side channels, in addition to, the availability of measurement apparatuses to an attacker. Thus, software developers must be aware of the potential for side-channel attacks and plan appropriately. In this paper, we propose a software implementation of a hashing method based on SHA3-512 hashing algorithm that can counteract the side-channel attacks. To achieve our goal, we use three techniques, first, we shuffle the dataset, salt, and process selector arrays using "Fisher Yates" algorithm. Second, we use volatile memory objects to hold critical data. Finally, we apply the thread locking technique where at most one thread can access the critical objects at a time. Experimental results show that our proposed hashing method is more secure than other related methods. Although there is a trade-off between hashing security and hashing processing time, the processing time of the proposed hashing method is still acceptable.

References

[1]

Kollmitzer, Christian, Pivk, Mario "Applied Quantum Cryptography".

[2]

Understanding Cryptography- A Textbook for Students and Practitioners- Christof Paar • Jan Pelzl.

[3]

Guide to Elliptic Curve Cryptography-Darrel Hankerson, Alfred Menezes, Scott Vanstone.

[4]

Jonathan Katz,"Public-Key Cryptography -- PKC 2015", 18th IACR International Conference on Practice and Theory in Public-Key Cryptography, Gaithersburg, MD, USA, March 30 - April 1, 2015.

[5]

Jean-Philippe Aumasson, Willi Meier, Raphael C.-W. Phan, Luca Henzen " The Hash Function BLAKE".

Digital Library

[6]

Rivest, R.: The MD4 Message Digest Algorithm. Springer, Heidelberg (1990)

[7]

Rivest, R.: The MD5 Message-Digest Algorithm. RFC Editor (1992).

Digital Library

[8]

US Department of Commerce/National Institute of Standards and Technology: Secure Hash Standard (SHS). Fips Publication (1995)

[9]

D. Eastlake, 3rd and P. Jones, "Us secure hash algorithm 1 (sha1): Rfc3174," Internet Engineering Task Force, United States, 2001.

Digital Library

[10]

William Stallings," Cryptography and Network Security".

[11]

Guido Bertoni; Joan Daemen; Michaël Peeters; Gilles Van Assche. "The Keccak sponge function family: Specifications summary". Retrieved 2011-05-11.

[12]

NIST, Third-Round Report of the SHA-3 Cryptographic Hash Algorithm Competition.

[13]

X. Zheng and J. Jin, "Research for the application and safety of md5 algorithm in password authentication," in Proceedings of the 9th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD), 2012, pp. 2216--2219.

[14]

X. Wang and Y. Hongbo, "How to break md5 and other hash functions," in Advances in Cryptology - EUROCRYPT, 2005.

Digital Library

[15]

A. P. Ratna, P. D. Purnamasari, A. Shaugi, and A. Salman, "Analysis and comparison of md5 and sha-1 algorithm implementation in simpleo authentication based security system," in Proceedings of IEEE International Conference on QiR (Quality in Research), Yogyakarta, 2013, pp. 99--104.

[16]

Jesse Varsalone, Matthew McFadden,"Defense against the Black Arts" in How Hackers Do What They Do and How to Protect against It.

Digital Library

[17]

K. Enhancing Salted Password Hashing Technique Using Swapping Elements in an Array Algorithm (IJCST Vol. 9, Issue 1, Jan - March 2018).

[18]

Sirapat Boonkrong, Chaowalit Somboonpattanakit," Dynamic Salt Generation and Placement for Secure Password Storing", IAENG International Journal of Computer Science, 43:1, IJCS_43_1_04.

[19]

Suresh Chandra Satapathy, Joao Manuel R.S. Tavares, Vikrant Bhateja, J. R. Mohanty, "Information and Decision Sciences" in Proceedings of the 6th International Conference on FICTA.

[20]

A Statistical Test Suite for Random and Pseudorandom Number Generators for Cryptographic Applications- Special Publication 800-22 Revision 1a.

[21]

FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION-SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions- FIPS PUB 202.

[22]

Himansu Sekhar Behera, Durga Prasad Mohapatra, " Computational Intelligence in Data Mining---Volume 2 " in Proceedings of the International Conference on CIDM, 5-6 December 2015.

[23]

James J. (Jong Hyuk) Park, Shu-Ching Chen, Kim-Kwang Raymond Choo, "Advanced Multimedia and Ubiquitous Engineering" in proceedings of the 11th International Conference on Multimedia and Ubiquitous Engineering (MUE2017) and the 12th International Conference on Future Information Technology (FutureTech2017).

Cited By

Haridas TS.D. UG. VKrishnan MMuni S(2024)Chaos-based audio encryption: Efficacy of 2D and 3D hyperchaotic systemsFranklin Open10.1016/j.fraope.2024.100158(100158)Online publication date: Sep-2024
https://doi.org/10.1016/j.fraope.2024.100158
Jasim AKashmar A(2023)An Evaluation of RSA and a Modified SHA-3 for a New Design of Blockchain TechnologyArtificial Intelligence for Smart Healthcare10.1007/978-3-031-23602-0_28(477-489)Online publication date: 10-Jun-2023
https://doi.org/10.1007/978-3-031-23602-0_28

Index Terms

An Enhanced SHA3-based Hashing Method: A Side-channel attack countermeasure
1. Security and privacy
  1. Cryptography
    1. Public key (asymmetric) techniques
      1. Digital signatures

Recommendations

Side-channel analysis of MAC-Keccak hardware implementations
HASP '15: Proceedings of the Fourth Workshop on Hardware and Architectural Support for Security and Privacy

As Keccak has been selected as the new SHA-3 standard, Message Authentication Code (MAC) (MAC-Keccak) using a secret key will be widely used for integrity checking and authenticity assurance. Recent works have shown the feasibility of side-channel ...
Protecting Enclaves from Intra-Core Side-Channel Attacks through Physical Isolation
CYSARM'20: Proceedings of the 2nd Workshop on Cyber-Security Arms Race

Systems that protect enclaves from privileged software must consider software-based side-channel attacks. Our system isolates enclaves on separate secure cores to stop attackers from running on the same core as the victim, which mitigates intra-core ...
Trade-offs in Protecting Keccak Against Combined Side-Channel and Fault Attacks
Constructive Side-Channel Analysis and Secure Design
Abstract
When deployed in a potentially hostile environment, security-critical devices are susceptible to physical attacks. Consequently, cryptographic implementations need to be protected against side-channel analysis, fault attacks and attacks that ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

ICSIE '19: Proceedings of the 8th International Conference on Software and Information Engineering

April 2019

276 pages

ISBN:9781450361057

DOI:10.1145/3328833

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 09 April 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article
Research
Refereed limited

Conference

ICSIE '19

ICSIE '19: 2019 8th International Conference on Software and Information Engineering

April 9 - 12, 2019

Cairo, Egypt

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
86
Total Downloads

Downloads (Last 12 months)12
Downloads (Last 6 weeks)1

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Haridas TS.D. UG. VKrishnan MMuni S(2024)Chaos-based audio encryption: Efficacy of 2D and 3D hyperchaotic systemsFranklin Open10.1016/j.fraope.2024.100158(100158)Online publication date: Sep-2024
https://doi.org/10.1016/j.fraope.2024.100158
Jasim AKashmar A(2023)An Evaluation of RSA and a Modified SHA-3 for a New Design of Blockchain TechnologyArtificial Intelligence for Smart Healthcare10.1007/978-3-031-23602-0_28(477-489)Online publication date: 10-Jun-2023
https://doi.org/10.1007/978-3-031-23602-0_28

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten