Robust security framework with bit‐flipping attack and timing attack for key derivation functions

Abstract

A Key Derivation Function (KDF) derives cryptographic keys from private string and public information. The security property for the cryptographic keys is indistinguishable from the random strings of equal length. The security analysis of KDFs has received increasing attention. The practice important of KDFs is reflected in the adoption of industry standards such as NIST800-135 and PKCS5. This study proposes a robust security framework that takes into consideration the side-channel attacks. The robust security framework consists of the proposed security model and existing security models. The proposed security model is known as Adaptive Chosen All Inputs Model (CAM), which analyses the security of KDFs in terms of the bit-flipping attack and timing attack. The existing security model is the Adaptive Chosen Public Inputs Model (CPM). This research shows the implication of relationship and the non-implication relationship between CAM and CPM. The simulation of security models is according to the indistinguishable game played between a challenger and an adversary. These security models are used to evaluate existing KDFs. The result shows that none of the existing KDFs are secure in CAM for both the bit-flipping attack and timing attack. Hence, this research introduces an alternative KDF that is proven secure in CAM.