Algorithm Substitution Attacks: Detecting ASAs Using State Reset and Making ASAs Asymmetric

dc.contributor.authorHodges, Philip
dc.date.accessioned2021-08-27T15:39:08Z
dc.date.available2021-08-27T15:39:08Z
dc.date.issued2021-08-27
dc.date.submitted2021-08-17
dc.description.abstractThe field of cryptography has made incredible progress in the last several decades. With the formalization of security goals and the methods of provable security, we have achieved many privacy and integrity guarantees in a great variety of situations. However, all guarantees are limited by their assumptions on the model's adversaries. Edward Snowden's revelations of the participation of the National Security Agency (NSA) in the subversion of standardized cryptography have shown that powerful adversaries will not always act in the way that common cryptographic models assume. As such, it is important to continue to expand the capabilities of the adversaries in our models to match the capabilities and intentions of real world adversaries, and to examine the consequences on the security of our cryptography. In this thesis, we study Algorithm Substitution Attacks (ASAs), which are one way to model this increase in adversary capability. In an ASA, an algorithm in a cryptographic scheme Λ is substituted for a subverted version. The goal of the adversary is to recover a secret that will allow them to compromise the security of Λ, while requiring that the attack is undetectable to the users of the scheme. This model was first formally described by Bellare, Paterson, and Rogaway (Crypto 2014), and allows for the possibility of a wide variety of cryptographic subversion techniques. Since their paper, many successful ASAs on various cryptographic primitives and potential countermeasures have been demonstrated. We will address several shortcomings in the existing literature. First, we formalize and study the use of state resets to detect ASAs. While state resets have been considered as a possible detection method since the first papers on ASAs, future works have only informally reasoned about the effect of state resets on ASAs. We show that many published ASAs that use state are detectable with simple practical methods relying on state resets. Second, we add to the study of asymmetric ASAs, where the ability to recover secrets is restricted to the attacker who implemented the ASA. We describe two asymmetric ASAs on symmetric encryption based on modifications to previous ASAs. We also generalize this result, allowing for any symmetric ASA (on any cryptographic scheme) satisfying certain properties to be transformed into an asymmetric ASA. This work demonstrates the broad application of the techniques first introduced by Bellare, Paterson, and Rogaway (Crypto 2014) and Bellare, Jaeger, and Kane (CCS 2015) and reinforces the need for precise definitions surrounding detectability of stateful ASAs.en
dc.identifier.urihttp://hdl.handle.net/10012/17286
dc.language.isoenen
dc.pendingfalse
dc.publisherUniversity of Waterlooen
dc.subjectalgorithm substitution attacken
dc.subjectsymmetric encryptionen
dc.subjectstate reseten
dc.subjectkleptographyen
dc.titleAlgorithm Substitution Attacks: Detecting ASAs Using State Reset and Making ASAs Asymmetricen
dc.typeMaster Thesisen
uws-etd.degreeMaster of Mathematicsen
uws-etd.degree.departmentCombinatorics and Optimizationen
uws-etd.degree.disciplineCombinatorics and Optimizationen
uws-etd.degree.grantorUniversity of Waterlooen
uws-etd.embargo.terms0en
uws.contributor.advisorStebila, Douglas
uws.contributor.affiliation1Faculty of Mathematicsen
uws.peerReviewStatusUnrevieweden
uws.published.cityWaterlooen
uws.published.countryCanadaen
uws.published.provinceOntarioen
uws.scholarLevelGraduateen
uws.typeOfResourceTexten

Files

Original bundle

Now showing 1 - 1 of 1
Loading...
Thumbnail Image
Name:
Hodges_Philip.pdf
Size:
790.36 KB
Format:
Adobe Portable Document Format
Description:

License bundle

Now showing 1 - 1 of 1
No Thumbnail Available
Name:
license.txt
Size:
6.4 KB
Format:
Item-specific license agreed upon to submission
Description: