Cryptography Research Laboratory (CRL) – Department of Computer Engineering

– Abstract: At present providing quantum-safe security for systems became a major requirement to realize as existing secured cryptosystems may not survive after 30 years when quantum computers become a reality. Even though the existing quantum-safe cryptosystems are provably secure in theory, their security against side-channel (leakage) attacks may be problematic. In this research, we aim to construct leakage-resilient and quantum-safe cryptographic constructions.

21-021 RG/MATHS/AS_I-FR3240319461

– Project: On stronger authenticated key exchange over the Internet

– Grant: 2021 UNESCO-TWAS Research Grant for Individual Scientists (Grant No: 21-021 RG/MATHS/AS_I-FR3240319461), November 2021 to November 2023 (Ongoing).

– Investigators: Dr. Janaka Alawatugoda (PI), Dr. Taechan Kim (collaborator), Dr. Tatsuaki Okamoto (collaborator)

– Abstract: Security models for two-party authenticated key exchange (AKE) protocols have been developed over the years to address various attack scenarios against AKE protocols. The extended Canetti–Krawczyk (eCK) security model is widely used to provide security arguments for AKE protocols because of its clear definitions of security as well as advanced adversarial capabilities. Most of the eCK-secure AKE protocols are proven to be secure in the random oracle model (ROM). The ROM is an ideal-world assumption, whereas the standard model captures the real-world assumptions. In this project, we investigate different security improvements on AKE protocols, such as leakage resiliency, secure pairing-based constructions, etc. Our aim is to come up with new provable-secure protocol constructions in the standard model.

E15-FYP (Gr13)

– Project: Design of surveillance and censorship-resistant communication mechanism over the internet

– Grant: N/A. Ongoing since 2020

– Investigators: Dr. Janaka Alawatugoda. The research idea is from E15 batch Computer Engineering students Rishikeshan Lavakumar, Pasan Tennakoon, and Supipi Karunathilaka.

– Abstract: Surveillance and censorship-resistant communication have been interesting topics in online communication. In this research, we report the shortcomings of modern centralized architecture-based communication. Then we explore design techniques that protect users’ privacy. Under design techniques, we explain how distributed and decentralized systems provide the privacy that users envy along with NAT navigation techniques and methods of safeguarding privacy and anonymity in communication. Then we present our design of a hybrid decentralized communication system and utilize this to establish DTLS tunnels to maintain connectivity among devices behind NAT. Design covers explicit details of the communication protocols designed for connection establishment, communication, tunnel establishment, and connection termination. Then we present our experiments and results to measure the performance of the system in a real environment. Then we conclude the research along with the results and the shortcomings of the current design.

– Project Page: Link

H082

– Project: Analysing side-channel attacks on key exchange protocols

– Grant: Tier 01 Internal Research Grant of Research Management Centre, Tun Hussein Onn University of Malaysia (Grant No: H082), July 2018 to July 2020 (Completed).

– Investigators: Dr. Chai Wen Chuah (PI), Dr. P. Siva Shamala Palaniappan, Dr. Sofia Najwa Binti Ramli, and Dr. Janaka Alawatugoda (external researcher).

– Abstract: Typically, secure channels are constructed from an authenticated key exchange (AKE) protocol, which authenticates the communicating parties based on long-term public keys and establishes secret session keys, and a secure data transmission layer that uses the secret session keys to encrypt transmitted data. Particularly, in the real-world scenario, the TLS/SSL protocol suite is used for this purpose. First, the TLS/SSL handshake protocol exchanges a secret key (session key). Thereafter the TLS/SSL record protocol uses that session key to encrypt data. During the handshake protocol, both parties agree on an algorithm to encrypt data in the TLS/SSL record layer. During the past two decades, side-channel attacks become a popular method of attacking various cryptographic implementations. Side-channel attacks use the leakage of secret parameters due to the execution of the real-world implementation, to break the underlying cryptographic primitive.

In this research, we aim to address the partial leakage of long-term secret keys, ephemeral secret keys, and session keys of protocol participants, due to various side-channel attacks. Partial leakage of long-term secret keys, ephemeral secret keys, and session keys can negatively affect the security of channel establishment and data transmission. Security models for two-party AKE protocols have developed over time to provide security, even when the adversary learns certain secret values. In this work, we will advance the modeling of security for AKE protocols by considering more granular partial leakage of long-term secret keys, ephemeral secret keys, and session keys of protocol participants. Then we will construct AKE protocols that can be proven secure in the advanced security models. Thus, our project will be helpful to construct leakage-resilient protocol suites for future communication.

– Project Page: Link

URG2018/19/E

– Project: Power analysis attacks on Trivium stream cipher

– Grant: 2018 University Research Grant of University of Peradeniya, Sri Lanka (Grant No: URG 2018/19/E), November 2018 to November 2019 (Completed).

– Investigators: Dr. Janaka Alawatugoda (PI) and Dr. Chai Wen Chuah (foreign collaborator).

– Abstract: Power analysis attacks are a relatively new type of attack which measures and analyses the power consumption of electronic circuits to extract secret information. These attacks have become a huge threat to the security of embedded systems. Therefore, identifying ciphers which are vulnerable against these type of attacks and developing countermeasures is of paramount importance. Many studies have been done on this topic. However, most of them are on block ciphers. This research focuses on an attack done on Trivium, which is a stream cipher. Correlation power analysis (CPA) is used in this attack to analyze the power consumption of the cryptosystem and figure out the secret key.

– Github Page: Link

– Project Page: Link

NRC 16-020

– Project: Implementing server/client-side countermeasures against compression-based side-channel attacks

– Grant: 2016 Investigator Driven Research Grant of National Research Council–Sri Lanka (Grant No: NRC 16-020), July 2016 to July 2017 (Completed).

– Investigators: Dr. Janaka Alawatugoda (PI) and Professor Roshan G. Ragel (mentor).

– Abstract: As the Internet developed, more and more computers and private networks are connected to the Internet. Since the Internet is a public resource, the security of the information exchanges via the Internet is not guaranteed. Therefore, ensuring the security of the information becomes an important task. Cryptography is engaged with communication systems to enforce the security of the information by establishing a secure channel for communication. A secure channel ensures that no third party can see or modify the actual messages that are being transferred. In the real world, Transport Layer Security/Secure Socket Layer (TLS/SSL) protocol suites are used for this purpose. First, the “TLS/SSL handshake protocol” exchanges a secret session key. After that, the “TLS/SSL record protocol” uses a secret session key to encrypt the messages.

In the key exchange phase (handshake protocol), various secret keys of communicating parties can be leaked to the attacker, and in the message transmission phase (record protocol), the secret session keys, as well as the plaintext messages can be leaked to the attacker, due to various side-channel attacks. Much research has been carried out in analyzing the leakage of

(1)—various secret keys in the key exchange phase, and

(2)—secret session keys in the message transmission phase.

Relatively less research has been carried out in analyzing the leakage of plaintext messages in the message transmission phase. In this research, our aim is to address this research gap and deploy necessary server/client-side countermeasures to the TLS/SSL protocol suite, in order to protect the plaintext messages from side-channel attacks. Although compression is desirable for network applications as it saves bandwidth, when data is compressed before being encrypted, the amount of compression leaks information about the quantity of redundancy in the plaintext. This side-channel has led to successful CRIME and BREACH attacks on web traffic protected by the TLS/SSL protocols.

The obvious mitigation technique is to eliminate data compression before the encryption, which is not desirable as it will waste the communication bandwidth. There are a number of mitigation techniques proposed by Gluck et al. [GHP13], without formal security arguments. In 2015, Alawatugoda et al. [ASB15] formally proved the security of one mitigation technique proposed by Gluck et al, as well as proposed a new proven secure mitigation technique; separating secrets from user inputs and fixed-dictionary compression, respectively. Currently, it is an open research question to adopt the proven secure mitigation techniques against compression-based side-channel attacks with real-world security protocol suites such as TLS/SSL protocol suites.

– Project Page: Link

Research Publications

2021

Tennakoon, P.; Karunathilaka, S.; Lavakumar, R. and Alawatugoda, J. Anonymous and Distributed Authentication for Peer-to-Peer Networks. In IACR Cryptology ePrint Archive, Report 2021/838. Project: E15-FYP (Gr13)
Alawatugoda, J. and Okamoto, T. Standard Model Leakage-Resilient Authenticated Key Exchange using Inner-product Extractors. In IACR Cryptology ePrint Archive, Report 2021/861. Project: 21-021 RG/MATHS/AS_I-FR3240319461

2020

Chakraborty, S.; Alawatugoda, J. and Pandu Rangan, C. New Approach to Practical Leakage-Resilient Public-Key Cryptography. In Journal of Mathematical Cryptology, Volume 14, Issue 01, pp 172-201, de Gruyter, Germany. Project: URG 2018/19/E
Edussuriya, C.; Vithanage, K.; Bandara, N.; Alawatugoda, J.; Sandirigama, M.; Jayasinghe, U.; Shone, N. and Lee, G.M. BAT—Block Analytics Tool Integrated with Blockchain Based IoT Platform. In Electronics, Volume 09, Issue 09, pp 1525, MDPI, Switzerland. Funding: 2018-0-00261
Alawatugoda, J. Public-Key Encryption In The Standard Model Against Strong Leakage Adversary. In The Computer Journal, Volume 63, Issue 12, pp 1904-1914, Oxford University Press, UK. Project: URG 2018/19/E

2019

[In Press] de Silva, R.; Navarathna, I.; Kumarasiri, M.; Alawatugoda, J. and Chuah, C.W. On Power Analysis Attacks against Hardware Stream Ciphers. In International Journal of Information and Computer Security (IJICS), Volume xx, Issue xx, pp xxx-xxx, Inderscience, UK. Project: H082 and URG 2018/19/E
Wei, C.C.Z.; Chuah, C.W.; Alawatugoda, J. Review on Leakage Resilient Key Exchange Security Models. In International Journal of Communication Networks and Information Security (IJCNIS), Volume 11, Issue 01, pp 119-127, Institute of Information Technology, Kohat University of Science and Technology, Pakistan. Project: H082

2018

Chuah, C.W.; Samylingam, V.; Darmawan, I.; Palaniappan, P.S.S.; Foozy, C.F.M.; Ramli, S.N. and Alawatugoda, J. Analysis of Four Historical Ciphers against Known Plaintext Frequency Statistical Attack. In International Journal of Integrated Engineering, Special Issue 2018: Data Information Engineering, Volume 10, Issue 6, pp 183-192, Penerbit UTHM, Malaysia. Project: H082
Alawatugoda, J.; Seralathan, V.; Peiris, N.; Wickramasinghe, C. and Chuah, C.W. Implementation of an eCK-secure Key Exchange Protocol for OpenSSL. In International Journal on Advanced Science, Engineering and Information Technology, Volume 8, Issue 5, pages 2205-2210, INSIGHT – Indonesian Society for Knowledge and Human Development, Indonesia. Project: H082

2017

Alupotha, J.; Prasadi, S.; Fawzan, M.; Alawatugoda, J. and Ragel, R. Implementing a Proven-secure and Cost-effective Countermeasure against the Compression Ratio Info- leak Mass Exploitation (CRIME) Attack. In Proceedings of the 12th IEEE International Conference on Industrial and Information Systems (ICIIS 2017), IEEE Press, USA. Project: NRC 16-020
Chakraborty, S.; Alawatugoda, J. and Pandu Rangan, C. Leakage-Resilient Non-Interactive Key Exchange in the Continuous-Memory Leakage Setting. In Provable Security, Volume 10592 of the series Lecture Notes in Computer Science (LNCS), Chapter 10, pp 167-187, Springer, Germany. Project: NRC 16-020 and CCE/CEP/22/VK&CP/CSE/14-15 (Department of Information Technology, New Delhi, India)
Alawatugoda, J. Generic Construction of an eCK-secure Key Exchange Protocol in the Standard Model. In International Journal of Information Security, Volume 16, Issue 5, pp 541-557, Springer, Germany. Project: NRC 16-020
Alawatugoda, J. On the Leakage-Resilient Key Exchange. In Journal of Mathematical Cryptology, Volume 11, Issue 4, pp 215-269, Walter de Gruyter, Germany. Project: NRC 16-020

2016

Alawatugoda, J.; Ragel, R.; Eranga, D.; Jayanath, N. and Somathilaka, C. Implementing a Leakage-Resilient Storage Scheme and its Refreshing Protocol to prevent Continuous Leakage Attacks. In Proceedings of the 2016 IEEE Conference on Information and Automation for Sustainability (ICIAfS 2016). IEEE Press, USA. Project: NRC 16-020
Weerasooriya, I.; Dhanushka, T.; Amarasinghe, N.; Alawatugoda, J. and Ragel, R. On Implementing a Client-Server setting to prevent the Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext (BREACH) Attacks. In Proceedings of the Manufacturing and Industrial Engineering Symposium (MIES 2016). IEEE Press, USA. Project: NRC 16-020