pSHIELD<strong>System</strong> <strong>Architecture</strong> <strong>Design</strong>PUmodular reduction algorithms focuses on the reduction of memory accesses and appears as the fastestresult for this platform.3.2.3.1 Attacks on CryptosystemsThere are a number of techniques that have been used in the past to exploit weaknesses of somecryptographic algorithms and are currently used as basic evaluation criteria for new algorithms. Thecommon aim of these attacks is to reveal partially or entirely the information encrypted in interceptedmessages, or to extract some information internal to the encryption process (without initially knowing anysecrets). They include:• Brute force attack - traversing the entire encryption key space in order to learn the encryption key• Dictionary attack - related to the brute force attack in that a set of keywords are used as possiblevalues of the encryption key (or a pass phrase)• Chosen cipher text attack - obtaining information about a secret decryption key by submitting arange of cipher texts to decrypt• Adaptive chosen cipher text attack - a version of chosen cipher text attack in which the attackerinteractively selects subsequent cipher texts based on the results of decryption of the previousones• Cipher text-only attack - the attacker has access to a limited set of cipher texts• Known plain text attack - the attacker has access to a number of cipher texts together with thecorresponding plain texts• Chosen plain text attack - the attacker can encrypt an arbitrary set of chosen plain texts• Adaptive chosen plain text attack - like above, but the attacker chooses subsequent plain text forencryption based on the previous results• Related-key attack - the attacker has access to encryption of a plain text under several differentkeys whose exact values may not be known but which are somehow mathematically relatedIn addition to these general attack methods, there is also a range of more general cryptanalytictechniques that may be used to study the properties of ciphers. They include frequency analysis,differential cryptanalysis, linear cryptanalysis, statistical cryptanalysis and mod-n cryptanalysis. Finally,there are also attacks on hashing functions (e.g., birthday attack) that aim at finding collisions in hashfunctions or attacks on random number generators that exploit a generator’s statistical weaknesses tosimplify breaking a cipher that uses it.3.2.3.2 Attacks on ProtocolsCommunication and security protocols can be attacked in a number of ways by intercepting and insertingmessages in the communication channel. These attacks are even easier to perform in wireless networkssince there might be little difficulty in accessing the channel, unless a more sophisticated technology suchas direct-sequence spread spectrum (DSSS) or frequency hopping is used.• Replay attack - resending of some captured messages in order to confuse the protocol or toexploit some of its weaknesses• Wormhole attack - a form of a replay attack that uses a low-latency and long-range transmissionlink to intercept communications in one part of the network and then to reproduce them in anothernetwork region, for example, with the goal of authenticating the attacker• Man-in-the-middle attack - the attacker intercepts all communications from a node A, modifiesthem and sends to a node B in such a way that both A and B have the illusion of directcommunication with each otherPUD2.3.2Issue 5 Page 36 of 122
pSHIELD<strong>System</strong> <strong>Architecture</strong> <strong>Design</strong>PU• Bit flipping attack - selectively flipping bits in intercepted messages in order to achieve desiredprotocol behaviour, for example, to route traffic to different recipients or to change the messagetype• Attack on key distribution protocols - preventing or intercepting key distribution in the networkmight severely affect the entire safety infrastructure of the system• Routing protocol attacks - the attacker may influence the contents of routing tables of somenetwork nodes or even to introduce corrupt nodes to affect communication in the network3.2.3.3 Asymmetric CryptographyAsymmetric cryptography, also known as public key cryptography, is based on the disposition of two typesof keys, a public key and a private key, that are used in the cryptographic operations. Intuitively, the publickey is made available by a given entity to potential senders while the private key is kept hidden by thatentity. A message sent to an X receiver should be encrypted by X’s public key where X can later decrypt itusing its private key.There are mainly three well-known types of asymmetric cryptography algorithms (Eisenbarth & Kumar,2007): Elliptic Curve Cryptography (ECC), Rivest Shamir Adleman (RSA) and EL-Gamal. Depending onthe target application and scenario specifications, implementations of the aforementioned approaches canbe in software, hardware or a co-design of both.3.2.3.4 Symmetric CryptographySymmetric ciphers use the same key or a pair of trivially-related keys (e.g., one is a linear transformationof the other) for both encryption and decryption of messages. Historically, symmetric ciphers precede theirasymmetric counterparts and although less versatile in their applications, they continue to be widely useddue to the fact that they are typically several orders of magnitude faster, as well as, they can beimplemented more efficiently. The main downside of symmetric key cryptography is the need to establisha secure communication channel for key exchange between the communicating parties before the actualcommunications can begin. As a result, asymmetric (public key) cryptography is often used to exchangesymmetric session keys between the two parties and then to use a symmetric cipher to encrypt allsubsequent communications.Symmetric ciphers can be grouped into two broad categories: stream ciphers and block ciphers. Theformer combine a pseudo-random bit sequence with the plaintext (typically an XOR) and, thus, operate onindividual bits or bytes of the plaintext, while the latter use fixed-size blocks of plaintext. Stream ciphersare typically faster and simpler to implement than block ciphers, both in software and in hardware, and arebetter suited for encryption of transmissions of streams of large amounts of data (e.g., video streams).However, stream ciphers have been reported to have serious security vulnerabilities when not usedcarefully. In particular, keys should never be reused otherwise the plaintext can be easily recovered.Block ciphers use fixed-size blocks of plaintext, typically of 128 bits and transform them in a sequence ofoperations, called rounds. Encryption of messages longer than the block size is done using a mode ofoperation, i.e. a technique of partitioning the plaintext into a sequence of blocks and then chaining theirencryption to construct the cipher text of the entire message. Encryption of plaintexts smaller than theblock size is done using a padding scheme.3.2.3.5 Message Authentication CodesThe ability to create a unique and non-forgeable digest of a message is of great practical importance. Inparticular, message authentication can be implemented by directly linking the sender's identity to themessage's contents in form of a message authentication code (MAC). There are two general ways ofimplementing MACs: using cryptographic hash functions and running block ciphers running special modessuch as, for example, cipher block chaining (CBC).PUD2.3.2Issue 5 Page 37 of 122