Open AccessTiming Analysis of Algorithm Substitution Attacks in a Post-Quantum TLS Protocol
Author(s) -
Dúnia Marchiori,
Alexandre Augusto Giron,
João Pedro Adami do Nascimento,
Ricardo Felipe Custódio
Publication year - 2021
Language(s) - English
Resource type - Conference proceedings
DOI - 10.5753/sbseg.2021.17311
Subject(s) - computer science , cryptography , implementation , public key cryptography , digital signature algorithm , protocol (science) , algorithm , cryptographic protocol , computer security , computer network , encryption , programming language , medicine , alternative medicine , pathology
Snowden's revelations about mass surveillance brought to public attention devastating attacks on cryptographic algorithm implementations. One of the most prominent subsets of these attacks is called Algorithm Substitution Attacks (ASA), where a subverted implementation leaks sensitive information. Recently, it has been proposed to modify TLS implementations to use Post-Quantum Cryptography (PQC). In this paper, we propose and analyze ASA in two PQC schemes that can be used in TLS. We attacked the Kyber Key Encapsulation Mechanism (KEM) and Falcon Signature and successfully deployed them in a TLS implementation. Results show that timing analysis can distinguish our Falcon subversion, but it is not enough to detect our attacks deployed in TLS.