Midgame Attacks and Defense Against Them

In this paper, we propose the Midgame Security attack model, where it is assumed that at some point in the middle of computation with a secret key, and after some secure work (typically but not necessarily initial one), the powerful adversary sees the entire internal state and attempts key recovery/forgery. This security model is motivated by a few trends: First and primarily, it may represent a model in which part of the computation is done in a possibly insecure environment (e.g., the emerging modes of cloud server delegation, hosting environment, general pc, the cloud, etc.), where the insecure environment performs the bulk of the work, after some initial or intermediate (relatively small amount of) work at a trusted location which holds the cryptographic keys (client, co-processor, trusted hardware with leakage countermeasures, an enclave in the cloud, etc.). Secondly, from a leakage perspective, the model represents a total leakage in the system at some point after some secured work has been done without leakage (perhaps at a different location). The model is novel (though, superficially, it has a flavor of forward security), and is most meaningful to demonstrate exposures of constructions where there is an obvious lengthy progress of computation (e.g., MACing or (Authenticated) Encrypting of long messages) which is done without the cryptographic keys present, and when we want short usage of keys (to minimize their exposure). In these cases, initially in secure periods the key may be blended into the state of the computation and an attacker task is to recover that key in spite of the blending from the leakage from the environment which never hold any key. We employ the new model to analyze numerous concrete cryptosystems and mainly find key recovery or forgery attacks. We first compare HMAC based on the SHA-3 finalists in this new midgame security model. One thing we show is that the domain extension of Keccak, called the sponge construction, is exposed in a HMAC-Keccak mode, and thus if there is an exposed state, the key is recoverable. Secondly, we analyze the midgame security of several popular message authentication codes, encryption, and authenticated-encryption (AE) schemes. We show that all known (authenticated) encryption schemes based on block ciphers, and that six ECRYPT stream ciphers out of the seven we examined are not secure against the midgame attacks. We note that from the point of view of risk analysis of overall systems, midgame attacks which may use a strong (but realizable) state exposure attack, may nevertheless open the door for new exposure deserving of considerations.