[en] SecureMemory (SM), CryptoMemory (CM) and CryptoRF (CR) are the Atmel chip families with wide applications in practice. They implement a proprietary stream cipher, which we call the Atmel cipher, to provide authenticity, confidentiality and integrity. At CCS’2010, it was shown that given 1 keystream frame, the secret key in SM protected by the simple version of the cipher can be recovered in 2^39.4 cipher ticks and if 2640 keystream frames are available, the secret key in CM guarded by the more complex version of the cipher can be restored in 2^58 cipher ticks. In this paper, we show much more efficient and practical attacks on both versions of the Atmel cipher. The idea is to dynamically reconstruct the internal state of the underlying register by exploiting the different diffusion speeds of the different cells. For SM, we can recover the secret key in 2^29.8 cipher ticks given 1 keystream frame; for CM, we can recover the secret key in 2^50 cipher ticks with around 24 frames. Practical implementation of the full attack confirms our results.
Disciplines :
Sciences informatiques
Identifiants :
UNILU:UL-CONFERENCE-2012-038
Auteur, co-auteur :
BIRYUKOV, Alex ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
KIZHVATOV, Ilya ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
ZHANG, Bin ; University of Luxembourg > Faculty of Science, Technology and Communication (FSTC) > Computer Science and Communications Research Unit (CSC)
Langue du document :
Anglais
Titre :
Cryptanalysis of the Atmel Cipher in SecureMemory, CryptoMemory and CryptoRF
Date de publication/diffusion :
2011
Nom de la manifestation :
Applied Cryptography and Network Security - 9th International Conference
Lieu de la manifestation :
Nerja, Espagne
Date de la manifestation :
June 7-10, 2011
Manifestation à portée :
International
Titre de l'ouvrage principal :
Applied Cryptography and Network Security - 9th International Conference
Aerts, W., Biham, E., de Moitie, D., de Mulder, E., Dunkelman, O., Indesteege, S., Keller, N., Preneel, B., Vandenbosch, G., Verbauwhede, I.: A practical attack on KeeLoq. Journal of Cryptology (to appear).
Benhammou, J.P., Colnot, V.C., Moore, D.J.: Secure memory device for smart cards, US Patent 7395435 B2 (July 2008).
Benhammou, J.P., Jarboe, M.: Security at an affordable price. Atmel Applications Journal 3, 29-30 (2004).
Dinur, I., Shamir, A.: Cube Attacks on Tweakable Black Box Polynomials. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 278-299. Springer, Heidelberg (2009).
Dinur, I., Shamir, A.: Breaking Grain-128 with Dynamic Cube Attacks. In: Fast Software Encryption-FSE 2011. Springer, Heidelberg (2011) (to appear).
Dipert, B.: The Zune HD: more than an iPod touch wanna-be? EDN, p. 20 (October 2009).
Garcia, F.D., van Rossum, P., Verdult, R., Schreur, R.W.: Dismantling SecureMemory, CryptoMemory and CryptoRF. In: 17th ACM Conference on Computer and Communications Security-CCS 2010, pp. 250-259. ACM Press, New York (2010), http://eprint.iacr.org/2010/169.
Viterbi, A.J.: Error bounds for convolutional codes and an asymptotically optimum decoding algorithm. IEEE Transactions on Information Theory 13(2), 260-269 (1967).
