#	Pagina
attuale pagina	/open-h2020/projects/201629/results.html

Report

Teaser, summary, work performed and final results

Periodic Reporting for period 1 - POMEGRANATE (Practice-Oriented Security Models and Granular Designs for Future-Proof Authenticated Encryption)

Teaser

Summary

Authenticated-Encryption (AE) algorithms are cryptographic tools for providing data confidentiality and integrity services simultaneously. AE algorithms are ubiquitous in protocols to secure the very fundamentals of the information and communication infrastructure, being adopted into widely deployed protocols, such as TLS, SSH, IPsec, IEEE 802.11 (Wi-Fi) and ANSI C12.22 (Smart Grid). A wide range of recently reported security vulnerabilities and exploits, arisen from either using insecure designs to achieve the AE goal or misusing supposedly secure AE schemes, motivated the cryptographic community to run the CAESAR competition for designing new AE algorithms, boosting research on AE. Yet a critical look at the classical security models for AE, defined over the last decade, that guided the constructions of CAESAR submissions, and a review of practical applications for AE algorithms reveals several inconsistencies and remaining problems that must be carefully investigated before moving towards adoption of next-generation AE schemes for widespread use in governmental, industrial and financial ICT systems.

POMEGRANATE revisited the existing security models and robustness features for AE schemes and developed fine-grained security models and modular design paradigms that can flexibly capture a widening spectrum of disparate security and performance requirements in several emerging application environments such as Internet of Things (IoT), secure communication in Automotive system and 5G infrastructure. The project identified important ongoing challenges and provided solutions towards bridging the gaps between the theory and practice of AE in these important practical use cases. The results will also impact the development and evaluation of new lightweight AE algorithms in the ongoing international standardization projects; in particular NISTâ€™s lightweight cryptography project and AUTOSAR standards for Automotive industry, as we have been actively contributing to these standardization activities.

Work performed

The project technical activities have been carried out in three phases (each corresponding to a planned work package), followed by a final phase for dissemination and exploitation of the results.

In Phase 1 (WP1) of the project we made requirement analysis for practical systems employing AE algorithms. Our focus was on requirement analysis for an emerging class of practical application for AE schemes in use cases that require high-performance lightweight AE algorithms for short messages. The selection of this special problem was motivated by its high practical impact on several industrial use cases, such as secure in-vehicle communication over the CAN FD bus in automotive systems, massive IoT, critical communication in 5G, and Narrowband IoT (NB-IoT) applications. In these usage scenarios the messages to be securely communicated are very short, e.g. in the range of one byte to a few hundred bytes. Our analysis revealed the need for new security models and new design paradigms for constructing AE algorithms that can achieve high performance in these use cases that require secure processing and communication of very short messages.

In Phase 2 (WP2) we investigated different approaches towards defining new security models and design paradigms for lightweight and high performance AE schemes to fulfil the requirements of analyzed use cases for short messages as raised by our analysis in previous phase. We devised a new kind of low-level primitiveâ€”calling it a tweakable forkcipherâ€”that does yield the most efficient AE design for short messages. We formally defined the syntax and security notions of forkciphers, by putting forth the notion of a pseudorandom tweakable forked permutation. We showed the feasibility of efficiently instantiating a forkcipher by a design called ForkAES.
In Phase 3 (WP3), based on our new primitiveâ€”tweakable forkciphersâ€”we designed three provably secure AE modes of operation, all suitable for short messages, but having some different features. Our three new designs, called PAEF, SAEF and fGCM, are efficiently implemented when instantiated with ForkAES. The ForkAES-based instances of our schemes were compared to standard general-purpose AEAD schemes and the results show that our schemes beat all the existing blockcipher-based AEAD modes when instantiated with AES, for the shortest queries.

Finally, we carried out several activities towards dissemination, communication and exploitation of the results. Based on the results obtained in previous phases, we have published a paper that contain all technical details. Our paper is made available at Cryptology ePrint Archive: Report 2018/916, which is an open access online repository of cryptologic research. The paper is also submitted to IACR Eurocrpt 2019 for peer review. In addition to the publication of the results as a paper, we have been presenting the results to European companies and standardization consortiums that are potentially interested in implementation and exploitation of the results in real-world products (e.g. Elektrobit Automotive GmbH, Continental AG, and AUTOSAR standardization consortium) where the researcher has been working as a senior security expert since conclusion of his MSCA fellowship/project in KU Leuven.

Final results

We designed new AE schemes that exceed in efficiency over all previous general-purpose modular AE designs at processing (very) short inputs. The main ingredient in our solution is a new low-level primitive, called a tweakable forkcipher, which we introduced and formalized its security model during this project.

POMEGRANATE included both theoretical and practical components, entailing cutting-edge academic and industry research useful for the information and communication security in real-world use cases. By providing new enhanced security models and design paradigms, the project has an impact on real-world applications of AE algorithms in emerging new application environments with unconventional requirements and constraints; namely, providing fine-grained AE designs usable for security of Internet of Things (IoT), critical communication in 5G and secure in-vehicle communication in Automotive systems, with strict requirements on performance and latency. The results also impact the development and evaluation of new lightweight AE algorithms in the ongoing standardization projects such as NISTâ€™s lightweight cryptography project for ICT applications and AUTOSAR standards for Automotive industry. The researcher has been actively contributing to these standardization activities.

The project provided the researcher with opportunity to forge joint collaboration with leading scientists in KU Leuven and industry experts (e.g. Elektrobit Automotive GmbH and Continental AG). This significantly improved the research and networking skills of the candidate and ensured achieving the project goals.

POMEGRANATE contributed towards maintaining and strengthening the Europeâ€™s position as a prominent leader in secure and reliable ICT technologies. Our economic, political, and social life today is largely based on modern ICT. This increased dependence on IT poses several new security and privacy challenges not only on individuals but also on the society as a whole. Boosting research on the foundations of practice-oriented, future-proof cryptographic technology shall allow Europe to remain a major player in key industrial and academic innovations in this field.