Ana Salagean (Loughborough University)

Estimating the nonlinearity of cryptographic Boolean functions

Boolean functions are used as one component in the design of symmetric ciphers, e.g. the Sbox in AES, or the filtering function in stream ciphers. If these functions are linear, it opens the way to certain types of attacks (linear and differential cryptanalysis). These attacks also work if the function is not linear but can be approximated well by a linear function. This has led to the notion of nonlinearity, a parameter of the function which measures its distance to the closest linear/affine function. The nonlinearity can be computed by a O(n2^n) algorithm, where n is the number of variables. When n is large, this computation is unfeasible. Therefore, we investigate the possibility of probabilistic estimation of the nonlinearity. To do so, we use the notion of nonhomomorphicity (introduced by Zhang and Zheng), which can be estimated efficiently even for large n. We generalise several techniques developed by Bellare et al, to obtain upper and lower bounds for the honhomomorphicity in terms of the nonlinearity. These bounds then allow us to estimate the nonlinearity once a good estimate of the nonhomomorphicity was obtained. This is joint work with Pante Stanica and was first presented at the SETA 2020 conference.

Ioana Boureanu (University of Surrey)

Practical and Formal Analysis Security of Contactless Mobile Payments

In this talk, we will look at the (in)security of contactless payments made via mobile apps. These systems are a composition of the mobile app (e.g., Samsung Pay, Apple Pay) and their underlying payment protocols provided via the card registered within (e.g., Visa, Mastercard, etc.). One added complexity comes also from the various “modes” in which the apps operate; for instance, there is a standard mode as well as transit/travel mode, in which the user authentication (via fingerprint or Face-ID) on the mobile device is foregone in order to provide better usability when paying at a metro/train ticketing gate. Primarily, we show that we can abuse this usability feature of Apple Pay in Travel Mode when set up with a Visa card. The abuse results in a fraudulent payment without user-authentication, of any value, to any point-of-sale including points-of-sales what are not linked to transport companies. Also, we show that the same attack does not apply to Apple Pay with a Mastercard registered with it, or to Samsung Pay. We will explain the practical aspects of the attack, as well as some elements of formal security verification.

Robert Buhren (TU Berlin)

One Glitch to Rule them All: Fault Injection Attacks against AMD’s Secure Encrypted Virtualization

In this talk, we present our voltage fault injection attack against the AMD Secure Processor (AMD-SP / PSP). The AMD-SP is an ARM core, embedded into modern AMD CPUs. It hosts the firmware implementing the SEV API and is a single point of failure for the SEV technology. Our attack allows us to deploy custom code on the AMD-SP on Zen 1, Zen 2 and Zen 3 CPUs. We present how our attack allows attackers to fully circumvent SEV's protection guarantees. To the best of our knowledge, the presented attack cannot be mitigated and questions SEV's security promises on all affected CPU generations.