Abstract
Kleptography is the study of pilfering secure data secretly and subliminally. The concept of inserting backdoors was introduced two decades ago by Young and Yung. However, still it is a serious threat for modern cryptography. Different studies have proved that exploiting implementation errors of cryptographic algorithms needs less effort as compared to attacking its mathematical structure. Inserting the backdoor modifies the standard method of generating public and private key pairs in such away that the public information is meaningful for the attacker. This paper presents the kleptographic attack on cryptographic algorithm based on Elliptic curves. We show the technique of implementing backdoor against Edwards-curve Digital Signature Algorithm, Elliptic curve Diffie-Hellman key exchange scheme, Elliptic curve Digital Signature Algorithm, Elliptic curve Integrated Encryption Scheme, Elliptic curve ElGamal Encryption and Elliptic curve Qu-Vanstone implicit certificate scheme. In practical approach, backdoors are inserted in such a way that their identification is impossible by analyzing the output of an algorithm. Detection of kleptographic implementation is a complex task and very few studies can be found in this direction. We have explored the possibility of detection of malicious code inside the Elliptic curve based algorithms by using the idea of running time analysis. We have shown that by implementing strong Secretly Embedded Trapdoor with Universal Protection (SETUP) attack against Elliptic curve based algorithms, one can detect the presence of backdoor by analyzing the time difference in execution of an honest vs malicious version of code. We also modified the backdoor insertion mechanism in Edwards-curve Digital Signature Algorithm that results in negligible time difference making it impossible for the user to detect backdoor presence.
Highlights
For the first time in 1996 [1], Adam Young and Moti Yong, introduced the concept of inserting trapdoors inside the black-box cryptosystem
MAIN CONTRIBUTION This paper focuses on the implementation of regular Secretly Embedded Trapdoor with Universal Protection (SETUP) attack against Edwards-curve Digital Signature Algorithm and Strong SETUP attack against Elliptic curve Diffie-Hellman key exchange scheme, Elliptic curve Digital Signature Algorithm, Elliptic curve Integrated Encryption Scheme, Elliptic curve ElGamal Encryption scheme and Elliptic curve Qu-Vanstone implicit certificate scheme
The curve of malicious and honest implementation of Edwards-Curve Digital Signature Algorithm has approximately same peak on x-axis the average time is between 15 to 25 milliseconds. This shows that by even inserting one extra Elliptic curve multiplication the time difference is negligible because that extra point multiplication can be computed prior to performing signature operation
Summary
For the first time in 1996 [1], Adam Young and Moti Yong, introduced the concept of inserting trapdoors inside the black-box cryptosystem. The trapdoor information is useful only for the designer of the device and no one else can use that trapdoor information They proved that the black-box cryptography is no more secure. In their paper [1], they presented regular Secretly Embedded Trapdoor with Universal Protection (SETUP) attack against RSA, ElGamal, DSA and Kerberos. In 2001 [4], a new technique was designed in which knowledge of just one half of key enables the attacker to calculate the other half of private key of user. They implemented the attack strategy on ElGamal and DSA.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
