Introduction

Cryptography Research Laboratory (CRL) is a research group at the Department of Computer Engineering at University of Peradeniya. The primary focus of the CRL is to conduct research on cryptographic fundamentals that enable secure communications. We develop new cryptographic schemes and formally analyse their security, implement cryptographic schemes for secure communications and work on cryptanalysis. The group is lead by Dr. Janaka Alawatugoda.

Principal Investigators

– Dr. Janaka Alawatugoda
– Professor Roshan G. Ragel

Collaborations

– Dr. Chai Wen Chuah, Tun Hussein Onn University of Malaysia
– Professor C. Pandu Rangan, Indian Institute of Technology Madras

Research Grants and Projects
  • 2018 University Research Grant of University of Peradeniya, Sri Lanka (Grant No: URG 2018/19/E), November 2018 to November 2019.
    – Project: Power analysis attacks on Trivium stream cipher
    – Investigators: Dr. Janaka Alawatugoda and Dr. Chai Wen Chuah (foreign collaborator)

– Abstract: Power analysis attacks are a relatively new type of attack which measures and analyses the power consumption of electronic circuits to extract secret information. These attacks have become a huge threat to the security of embedded systems. Therefore, identifying ciphers which are vulnerable against these type of attacks and developing countermeasures is of paramount importance. Many studies have been done on this topic. However, most of them are on block ciphers. This research focuses an attack done on Trivium, which is a stream cipher. Correlation power analysis (CPA) is used in this attack to analyze the power consumption of the cryptosystem and figure out the secret key.

 

  • Tier 01 Internal Research Grant of Research Managment Centre, Tun Hussein Onn University of Malaysia (Grant No: H082), July 2018 to July 2020.
    – Project: Analysing side-channel attacks on key exchange protocols
    – Investigators: Dr. Chai Wen Chuah, Dr. P. Siva Shamala Palaniappan, Dr. Sofia Najwa Binti Ramli and Dr. Janaka Alawatugoda (external researcher)

– Abstract: Typically, secure channels are constructed from an authenticated key exchange (AKE) protocol, which authenticates the communicating parties based on long-term public keys and establishes secret session keys, and a secure data transmission layer which uses the secret session keys to encrypt transmitting data. Particularly, in the real world scenario the TLS/SSL protocol suite is used for this purpose. First, the TLS/SSL handshake protocol exchanges a secret key (session key). Thereafter the TLS/SSL record protocol uses that session key to encrypt data. During the hand- shake protocol, both parties agree on an algorithm to encrypt data in the TLS/SSL record layer. During the past two decades side-channel attacks become a popular method of attacking various cryptographic implementations. Side-channel attacks use the leakage of secret parameters due to the execution of the of the real world implementation, to break the underlying cryptographic primitive.

In this research we aim to address the partial leakage of long-term secret keys, ephemeral secret keys and session keys of protocol participants, due to various side-channel attacks. Partial leakage of long-term secret keys, ephemeral secret keys and session keys can negatively affect the security of channel establishment and data transmission. Security models for two-party AKE protocols have developed over time to provide security, even when the adversary learns certain secret values. In this work, we will advance the modelling of security for AKE protocols by considering more granular partial leakage of long-term secret keys, ephemeral secret keys and session keys of protocol participants. Then we will construct AKE protocols which can be proven secure in the advanced security models. Thus, our project will be helpful to construct leakage-resilient protocol suites for future communication.

 

  • 2016 Investigator Driven Research Grant of National Research Council–Sri Lanka (Grant No: NRC 16-020), July 2016 to July 2017.
    – Project: Implementing server/client-side countermeasures against compression-based side-channel attacks
    – Investigators: Dr. Janaka Alawatugoda and Professor Roshan G. Ragel (mentor)

– Abstract: As the Internet developed, more and more computers and private networks are connected to the Internet. Since the Internet is a public resource, the security of the information exchanges via the Internet is not guaranteed. Therefore, ensuring the security of the information becomes an important task. Cryptography is engaged with communication systems to enforce the security of the information by establishing a secure channel for communication. A secure channel ensures that no third party can see or modify the actual messages that are being transferred. In the real world, Transport Layer Security/Secure Socket Layer (TLS/SSL) protocol suites are used for this purpose. First, the “TLS/SSL handshake protocol” exchanges a secret session key. After that, the “TLS/SSL record protocol” uses a secret session key to encrypt the messages.

In the key exchange phase (handshake protocol), various secret keys of communicating parties can be leaked to the attacker, and in the message transmission phase (record protocol), the secret session keys, as well as the plaintext messages can be leaked to the attacker, due to various side channel attacks. Much research has been carried out in analyzing the leakage of

(1)—various secret keys in the key exchange phase, and

(2)—secret session keys in the message transmission phase.

Relatively less research has been carried out in analyzing the leakage of plaintext messages in the message transmission phase. In this research, our aim is to address this research gap and deploy necessary server/client-side countermeasures to the TLS/SSL protocol suite, in order to protect the plaintext messages from side-channel attacks. Although the compression is desirable for network applications as it saves bandwidth, when data is compressed before being encrypted, the amount of compression leaks information about the quantity of redundancy in the plaintext. This side channel has led to successful CRIME and BREACH attacks on web traffic protected by the TLS/SSL protocols.

The obvious mitigation technique is to eliminate data compression before the encryption, which is not desirable as it will waste the communication bandwidth. There are a number of mitigation techniques proposed by Gluck et al. [GHP13], without formal security arguments. In 2015, Alawatugoda et al. [ASB15] formally proved the security of one mitigation techniques proposed by Gluck et al, as well as proposed a new proven secure mitigation technique; separating secrets from user inputs and fixed-dictionary compression, respectively. Currently, it is an open research question to adopt the proven secure mitigation techniques against compression-based side-channel attacks with, the real world security protocol suites such as TLS/SSL protocol suites.

Future project ideas:

– Power analysis attacks on elleptic curve ciphers
– Blockchain research

Publications
2019
  1. [In Press] de Silva, R.; Navarathna, I.; Kumarasiri, M.; Alawatugoda, J. and Chuah, C.W. On Power Analysis Attacks against Hardware Stream Ciphers. In International Journal of Information and Computer Security (IJICS), Volume xx, Issue xx, pp xxx-xxx, Inderscience, 2019. Funding: H082 and URG 2018/19/E
  2. Wei, C.C.Z.; Chuah, C.W.; Alawatugoda, J. Review on Leakage Resilient Key Exchange Security Models. In International Journal of Communication Networks and Information Security (IJCNIS), Volume 11, Issue 01, pp 119-127, Institute of Information Technology, Kohat University of Science and Technology, Pakistan, 2019. Funding: H082
2018
  1. Chuah, C.W.; Samylingam, V.; Darmawan, I.; Palaniappan, P.S.S.; Foozy, C.F.M.; Ramli, S.N. and Alawatugoda, J. Analysis of Four Historical Ciphers against Known Plaintext Frequency Statistical Attack. In International Journal of Integrated Engineering, Special Issue 2018: Data Information Engineering, Volume 10, Issue 6, pp 183-192, Penerbit UTHM, Universiti Tun Hussein Onn Malaysia, 2018. Funding: H082
  2. Alawatugoda, J.; Seralathan, V.; Peiris, N.; Wickramasinghe, C. and Chuah, C.W. Implementation of an eCK-secure Key Exchange Protocol for OpenSSL. In International Journal on Advanced Science, Engineering and Information Technology, Volume 8, Issue 5, pages 2205-2210, INSIGHT – Indonesian Society for Knowledge and Human Development, 2018. Funding: H082
2017
  1. Alupotha, J.; Prasadi, S.; Fawzan, M.; Alawatugoda, J. and Ragel, R. Implementing a Proven-secure and Cost-effective Countermeasure against the Compression Ratio Info- leak Mass Exploitation (CRIME) Attack. In Proceedings of the 12th IEEE International Conference on Industrial and Information Systems (ICIIS 2017), IEEE Press, 2017. Funding: NRC 16-020
  2. Alawatugoda, J. Generic Construction of an eCK-secure Key Exchange Protocol in the Standard Model. In International Journal of Information Security, Volume 16, Issue 5, pp 541-557, Springer, 2017. Funding: NRC 16-020
  3. Chakraborty, S.; Alawatugoda, J. and Pandu Rangan, C. Leakage-Resilient Non-Interactive Key Exchange in the Continuous-Memory Leakage Setting. In Provable Security, Volume 10592 of the series Lecture Notes in Computer Science (LNCS), Chapter 10, pp 167-187, Springer, 2017. Funding: NRC 16-020 and CCE/CEP/22/VK&CP/CSE/14-15 (Department of Information Technology, New Delhi, India)
  4. Alawatugoda, J. On the Leakage-Resilient Key Exchange. In Journal of Mathematical Cryptology, Volume 11, Issue 4, pp 215-269, Walter de Gruyter, 2017. Funding: NRC 16-020
2016
  1. Alawatugoda, J.; Ragel, R.; Eranga, D.; Jayanath, N. and Somathilaka, C. Implementing a Leakage-Resilient Storage Scheme and its Refreshing Protocol to prevent Continuous Leakage Attacks. In Proceedings of the 2016 IEEE Conference on Information and Automation for Sustainability (ICIAfS 2016). IEEE Press, 2016. Funding: NRC 16-020
  2. Weerasooriya, I.; Dhanushka, T.; Amarasinghe, N.; Alawatugoda, J. and Ragel, R. On Implementing a Client-Server setting to prevent the Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext (BREACH) Attacks. In Proceedings of the Manuf acturing and Industrial Engineering Symposium (MIES 2016). IEEE Press, 2016. Funding: NRC 16-020

Contributors

Related Projects