Fast correlation attacks on certain stream ciphers
Journal of Cryptology
Cube Attacks on Tweakable Black Box Polynomials
EUROCRYPT '09 Proceedings of the 28th Annual International Conference on Advances in Cryptology: the Theory and Applications of Cryptographic Techniques
Dismantling SecureMemory, CryptoMemory and CryptoRF
Proceedings of the 17th ACM conference on Computer and communications security
Breaking Grain-128 with dynamic cube attacks
FSE'11 Proceedings of the 18th international conference on Fast software encryption
Journal of Cryptology
Power analysis of atmel cryptomemory --- recovering keys from secure EEPROMs
CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
Gone in 360 seconds: Hijacking with Hitag2
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Attacking atmel's cryptomemory EEPROM with special-purpose hardware
ACNS'13 Proceedings of the 11th international conference on Applied Cryptography and Network Security
Hi-index | 0.00 |
SecureMemory (SM), CryptoMemory (CM) and CryptoRF (CR) are the Atmel chip families with wide applications in practice. They implement a proprietary stream cipher, which we call the Atmel cipher, to provide authenticity, confidentiality and integrity. At CCS'2010, it was shown that given 1 keystream frame, the secret key in SM protected by the simple version of the cipher can be recovered in 239.4 cipher ticks and if 2640 keystream frames are available, the secret key in CM guarded by the more complex version of the cipher can be restored in 258 cipher ticks. In this paper, we show much more efficient and practical attacks on both versions of the Atmel cipher. The idea is to dynamically reconstruct the internal state of the underlying register by exploiting the different diffusion speeds of the different cells. For SM, we can recover the secret key in 229.8 cipher ticks given 1 keystream frame; for CM, we can recover the secret key in 250 cipher ticks with around 24 frames. Practical implementation of the full attack confirms our results.