KSII Transactions on Internet and Information Systems (TIIS)

Korean Society for Internet Information (한국인터넷정보학회)
권호 표지
DOI QR코드

DOI QR Code

Security Analysis of the Whirlpool Hash Function in the Cloud of Things

  • Li, Wei (School of Computer Science and Technology, Donghua University) ;
  • Gao, Zhiyong (School of Computer Science and Technology, Donghua University) ;
  • Gu, Dawu (Department of Computer Science and Engineering, Shanghai Jiao Tong University) ;
  • Ge, Chenyu (School of Computer Science and Technology, Donghua University) ;
  • Liao, Linfeng (School of Computer Science and Technology, Donghua University) ;
  • Zhou, Zhihong (College of Information Security, Shanghai Jiao Tong University) ;
  • Liu, Ya (Department of Computer Science and Engineering, University of Shanghai for Science and Technology) ;
  • Liu, Zhiqiang (Department of Computer Science and Engineering, Shanghai Jiao Tong University)
  • Received : 2016.07.24
  • Accepted : 2016.11.15
  • Published : 2017.01.31
Download PDF
⟨ Previous Next ⟩

Abstract

With the advancement and deployment of leading-edge telecommunication technologies for sensing and collecting, computing related information, Cloud of Things (CoTs) has emerged as a typical application platform that is envisioned to revolutionize the daily activities of human society, such as intelligent transportation, modern logistics, food safety, environmental monitoring, etc. To avoid any possible malicious attack and resource abuse, employing hash functions is widely recognized as one of the most effective approaches for CoTs to achieve message integrity and data authentication. The Whirlpool hash function has served as part of the joint ISO/IEC 10118-3 International Standard by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). In this paper, we propose an effective differential fault analysis on Whirlpool in the byte-oriented random fault model. The mathematical analysis and experimental results show that 8 random faults on average are required to obtain the current 512-bit message input of whirlpool and the secret key of HMAC-Whirlpool. Our work demonstrates that Whirlpool and HMAC-Whirlpool are both vulnerable to the single byte differential fault analysis. It provides a new reference for the security analysis of the same structure of the hash functions in the CoTs.

Keywords

References

  1. M. Aazam, I. Khan, A. A. Alsaffar and E. Huh: "Cloud of Things: integrating Internet of Things and cloud computing and the issues involved," in Proc. of Int. Bhurban Conf. on Applied Sciences and Technology, pp. 414-419, January 14-18, 2014.
  2. M. Aazam, E. Huh, M. St-Hilaire, C. Lung and I. Lambadaris: "Cloud of Things: integration of IoT with cloud computing," in Proc. of Robots and Sensor Clouds, vol. 36, pp. 77-94, August 18, 2016.
  3. T. Bhattasali, R. Chaki and N. Chaki, "Secure and trusted Cloud of Things," in Proc. of 2013 Annual IEEE India Conf., pp. 1-6, December 13-15, 2013.
  4. P. Barreto and V. Rijmen: "The Whirlpool hashing function," in Proc. of 1st open NESSIE Workshop, pp. 543-553, November, 2000.
  5. B. Preneel: "New European schemes for signature, integrity and encryption (NESSIE): a status report," in Proc. of Int. Workshop on Practice and Theory in Public Key Cryptography, pp. 297-309, February 12-14, 2002.
  6. Y. Sasaki: "Meet-in-the-middle preimage attacks on AES hashing modes and an application to Whirlpool," in Proc. of Int. Workshop on Fast Software Encryption, pp. 378-396, February 13-16, 2011.
  7. M. Lamberger, F. Mendel, C. Rechberger, V. Rijmen and M. Schlaffer: "Rebound distinguishers: results on the full Whirlpool compression function," in Proc. of Int. Conf. on the Theory and Application of Cryptology and Information Security, pp. 126-143, December 6-10, 2009.
  8. F. Mendel, C. Rechberger, M. Schläffer and S. S. Thomsen: "The rebound attack: cryptanalysis of reduced Whirlpool and Grostl," in Proc. of Int. Conf. Fast Software Encryption, pp. 260-276, February 22-25, 2009.
  9. S. Wu, D. Feng, W. Wu, J. Guo, L. Dong and J. Zou: "(Pseudo) preimage attack on round-reduced Grostl hash function and others," in Proc. of Int. Conf. Fast Software Encryption, pp. 127-145, March 19-21, 2012.
  10. Y. Sasaki, L. Wang, S. Wu and W. Wu: "Investigating fundamental security requirements on Whirlpool: improved preimage and collision attacks," in Proc. of Int. Conf. Theory and Application of Cryptology and Information Security, pp. 562-579.December 2-6, 2012.
  11. M. Iwamoto, T. Peyrin and Y. Sasaki: "Limited-birthday distinguishers for hash functions," in Proc. of Int. Conf. Theory and Application of Cryptology and Information Security, pp. 504-523, December 1-5, 2013.
  12. M. Ma, B. Li, R. Hao and X. Li: "Improved cryptanalysis on reduced-round GOST and Whirlpool hash function," in Proc. of Int. Conf. Applied Cryptography and Network Security, pp. 289-307, June 10-13, 2014.
  13. J. Guo, Y. Sasaki, L. Wang and S. Wu: "Cryptanalysis of HMAC/NMAC-Whirlpool," in Proc. of Int. Conf. Theory and Application of Cryptology and Information Security, pp. 21-40, December 1-5, 2013.
  14. J. Guo, Y. Sasaki, L. Wang, M. Wu and L. Wen: "Equivalent key recovery attacks against HMAC and NMAC with Whirlpool reduced to 7 rounds," in Proc. of Int. Conf. Fast Software Encryption, pp. 571-590, March 3-5, 2014.
  15. D. Boneh, R. A. DeMillo, R. J. Lipton and M. Yung: "On the importance of checking cryptographic protocols for faults," in Proc. of Int. Conf. Theory Application Cryptographic Techniques, pp. 37-51, May 11-15, 1997.
  16. D. Boneh, R. A. DeMillo and R. J. Lipton: "On the importance of eliminating errors in cryptographic computations," J. CRYPTOL., vol. 14, no. 2, pp. 101-119, March, 2001. https://doi.org/10.1007/s001450010016
  17. E. Biham and A. Shamir: "Differential fault analysis of secret key cryptosystems," in Proc. of 17th Annual Int. Cryptology Conf., pp. 513-525, August 15-19, 1997.
  18. M. Joye, J. J. Quisquater, Y. Sung-Ming and M. Yung, "Observability analysis-detecting when improved cryptosystems fail," in Proc. of Cryptographer's Track RSA Conf., pp. 17-29, February 18-22, 2002.
  19. I. C. Lin and C. C. Chang: "Security enhancement for digital signature schemes with fault tolerance in RSA," Inform. Sciences, vol. 177, no. 19, pp. 4031-4039, February 24-24, 2007. https://doi.org/10.1016/j.ins.2007.03.035
  20. L. Hemme and L. Hoffmann: "Differential fault analysis on the SHA1 compression function," in Proc. of Fault Diagnosis and Tolerance in Cryptography, pp. 54-62, September 28-28, 2011.
  21. W. Fischer and A. C. Reuter: "Differential fault analysis on Grostl," in Proc. of Int. Workshop on Fault Diagnosis and Tolerance in Cryptography, pp. 44-54, September 9-9, 2012.
  22. R. AlTawy and A. M. Youssef: "Differential fault analysis of Streebog," in Proc. of Int. Conf. on Information Security Practice and Experience, pp. 35-49, May 5-8, 2015.
  23. N. Bagheri, N. Ghaedi and K. S. Sanadhya: "Differential fault analysis of SHA-3," in Proc. of Int. Conf. in Cryptology, pp. 253-269, December 6-9, 2015.
  24. G. Piret and J. J. Quisquater: "A differential fault attack technique against SPN structures, with application to the AES and KHAZAD," in Proc. of Int. Workshop on Cryptographic Hardware and Embedded Systems, pp. 77-88, September 8-10, 2003.
  25. M. Amir, T. M. S. Mohammad and S. Mahmoud: "A generalized method of differential fault attack against AES cryptosystem," in Proc. of Int. Workshop on Cryptographic Hardware and Embedded Systems, pp. 91-100, October 10-13, 2006.
  26. P. Dusart, G. Letourneux and O. Vivolo, "Differential fault analysis on A.E.S," in Proc. of 1st Int. Conf. Applied Cryptography and Network Security, pp. 293-306, October 16-19, 2003.
  27. J. Blomer and J. P. Seifert: "Fault based cryptanalysis of the advanced encryption standard (AES)," in Proc. of Int. Conf. on Financial Cryptography, pp. 162-181, January 27-30, 2003.
  28. M. Bellare, R. Canetti and H. Krawczyk: "Keying hash functions for message authentication," in Proc. of Annual Int. Cryptology Conf., pp. 1-15, August 18-22, 1996.
  29. M. Karpovsky, K. J. Kulikowski and A. Taubin: "Differential fault analysis attack resistant architectures for the Advanced Encryption Standard," in Proc. of Int. Conf. Smart Card Research and Advanced Applications VI, pp. 177-192, August 22-27, 2004.

Cited by

  1. A secure hash function based on feedback iterative structure vol.13, pp.3, 2017, https://doi.org/10.1080/17517575.2018.1564942