Neural Cryptanalysis for Cyber-Physical System Ciphers Emma M. Meno Thesis submitted to the Faculty of the Virginia Polytechnic Institute and State University in partial fulfillment of the requirements for the degree of Master of Science in Computer Science and Applications Danfeng Yao, Chair Matthew Hicks Bimal Viswanath April 30, 2021 Blacksburg, Virginia Keywords: Neural Networks, Cryptanalysis, Black-Box Evaluation, Block Ciphers, Symmetric Ciphers, Lightweight Cryptography, CPS Ciphers Copyright 2021, Emma M. Meno Neural Cryptanalysis for Cyber-Physical System Ciphers Emma M. Meno (ABSTRACT) A key cryptographic research interest is developing an automatic, black-box method to pro- vide a relative security strength measure for symmetric ciphers, particularly for proprietary cyber-physical systems (CPS) and lightweight block ciphers. This thesis work extends the work of the recently-developed neural cryptanalysis method, which trains neural networks on a set of plaintext/ciphertext pairs to extract meaningful bitwise relationships and predict corresponding ciphertexts given a set of plaintexts. As opposed to traditional cryptanal- ysis, the goal is not key recovery but achieving a mimic accuracy greater than a defined base match rate. In addition to reproducing tests run with the Data Encryption Stan- dard, this work applies neural cryptanalysis to round-reduced versions and components of the SIMON/SPECK family of block ciphers and the Advanced Encryption Standard. This methodology generated a metric able to rank the relative strengths of rounds for each cipher as well as algorithmic components within these ciphers. Given the current neural network suite tested, neural cryptanalysis is best-suited for analyzing components of ciphers rather than full encryption models. If these models are improved, this method presents a promising future in measuring the strength of lightweight symmetric ciphers, particularly for CPS. Neural Cryptanalysis for Cyber-Physical System Ciphers Emma M. Meno (GENERAL AUDIENCE ABSTRACT) Cryptanalysis is the process of systematically measuring the strength of ciphers, algorithms used to secure data and information. Through encryption, a cipher is applied to an orig- inal message or plaintext to generate muddled message or ciphertext. The inverse of this operation, translating ciphertext back into plaintext, is decryption. Symmetric ciphers only require one shared secret key that is used during for both encryption and decryption. Ma- chine learning is a data analysis method that automates computers to learn certain data properties, which can be used to predict outputs given a set of inputs. Neural networks are one type of machine learning used to uncover relationships, chaining a series of nodes together that individually perform some operations to determine correlations. The topic of this work is neural cryptanalysis, a new approach to evaluate cipher strength relying on machine learning. In this method, the goal is to ”learn” the ciphers, using machine learning to predict what the ciphertext will be for an inputted plaintext. This is done by training the networks on plaintext/ciphertext pairs to extract meaningful relationships. If a cipher is easier to predict, it is easier to crack and thus less secure. In this work, neural cryptanalysis was applied to different real-world symmetric ciphers to rank their relatively security. This technique worked best on analyzing smaller components of the cipher algorithms rather than the entire cipher, as the ciphers were complex and the neural networks were simpler. Dedication I dedicate this to all my loved ones who supported, motivated, and believed in me, even when I did not believe in myself. I also want to dedicate this to the teachers and professors who encouraged me to pursue my passions in higher education. Mine has certainly been a unique journey, but I am grateful for every step and lesson along the way. iv Acknowledgments I first want to acknowledge Dr. Danfeng (Daphne) Yao for her mentorship and guidance throughout this thesis process. I would also like to acknowledge Ya Xiao, whose project was the launching point for my work, for her help in deciphering and understanding the neural cryptanalysis methodology and source code. Further, I want to thank my committee members Dr. Matthew Hicks and Dr. Bimal Viswanath for their time and input. Finally, I would like to acknowledge Dr. Cliff Shaffer, who assisted me throughout my Accelerated Masters’ program experience. v Contents List of Figures x 1 Introduction 1 1.1 Introduction to Cyber-physical Systems ..................... 1 1.2 Motivation for Neural Cryptanalysis ...................... 2 1.3 Research Contributions .............................. 3 1.4 Thesis Layout ................................... 3 2 Review of Literature 5 2.1 Symmetric Cipher Cryptanalysis ........................ 5 2.2 Lightweight Cipher Cryptanalysis ........................ 5 2.3 Deep Learning in Cryptanalysis ......................... 6 2.4 Neural Cryptanalysis ............................... 7 3 Experimental Setup 9 3.1 Methodology & Metrics ............................. 9 3.2 Neural Network Architectures .......................... 11 3.3 Testing Environment and Implementation ................... 12 vi 4 Data Encryption Standard 14 4.1 Background .................................... 14 4.1.1 DES Structure .............................. 15 4.1.2 DES Previous Cryptanalysis ....................... 17 4.2 Neural Cryptanalysis Results .......................... 18 4.2.1 Round-Reduced DES Across Different Networks ............ 19 4.2.2 DES Decryption ............................. 22 5 SIMON and SPECK Lightweight Ciphers 25 5.1 Background .................................... 25 5.2 SIMON/SPECK Previous Cryptanalysis .................... 26 5.3 SIMON Ciphers .................................. 26 5.3.1 SIMON Structure ............................. 27 5.3.2 Neural Cryptanalysis Results ...................... 28 5.4 SPECK Ciphers .................................. 32 5.4.1 SPECK Structure ............................ 32 5.4.2 Neural Cryptanalysis Results ...................... 35 6 Advanced Encryption Standard 39 6.1 Background .................................... 39 6.1.1 AES Structure .............................. 40 vii 6.1.2 AES Previous Cryptanalysis ....................... 42 6.2 Neural Cryptanalysis Results .......................... 43 6.2.1 AES Across Different Networks ..................... 43 6.2.2 Round-Reduced AES ........................... 44 6.2.3 AES Algorithm Components ...................... 47 7 Discussion 54 7.1 Fat/Shallow Network Architecture ....................... 54 7.2 Encryption vs. Decryption Mode ........................ 55 7.3 Relative Security of Cipher Rounds ....................... 55 7.4 Security of Algorithmic Components ...................... 56 7.5 Neural Cryptanalysis on Full Cipher Algorithms ................ 57 7.6 Application of Neural Cryptanalysis to CPS .................. 58 8 Conclusion & Future Work 59 8.1 Future Work ................................... 59 8.1.1 Fine-Tuning Architectures ........................ 59 8.1.2 Testing/Training Split .......................... 60 8.1.3 Incorporating White-Box Knowledge .................. 60 8.1.4 AI-Based Attack Capabilities ...................... 61 8.1.5 Comparative Metric to Traditional Cryptanalysis ........... 61 viii 8.1.6 NIST Lightweight Cryptography .................... 62 8.2 Conclusions .................................... 62 Bibliography 64 Appendices 70 Appendix A Neural Network Code Implementation 71 ix List of Figures 3.1 Cipher Data Collection Process ......................... 10 3.2 Security Indicator Generation .......................... 11 3.3 Three neural network architectures applied in experiments [1] ........ 11 3.4 Tensorflow model training in Ubuntu terminal ................. 13 4.1 General DES structure [2] ............................ 16 4.2 DES encryption round [2] ............................ 17 4.3 DES function [2] ................................. 18 4.4 DES Encryption and Decryption Algorithms [2] ................ 19 4.5 Predicted Accuracy on 1-round DES ...................... 21 4.6 Attack capacity summary for round-reduced DES [1] ............. 22 4.7 Predicted Accuracy on 1-round DES for Encryption vs. Decryption Mode .. 23 4.8 Predicted Accuracy on 2-round DES for Encryption vs. Decryption Mode .. 24 5.1 Feistel stepping within SIMON round function [3] ............... 27 5.2 SIMON three-word key expansion [3] ...................... 28 5.3 Predicted Accuracy of SIMON64/96 Across Different Network Architectures 30 5.4 Predicted Accuracy of 2-round SIMON64/96 on Different Network Architectures 31 x 5.5 Predicted Accuracy of Round-Reduced SIMON64/96 ............. 33 5.6 SPECK round function after i encryption steps [3] ............... 34 5.7 SPECK key expansion [3] ............................ 34 5.8 SPECK round function split into Feistel-like steps [3] ............. 35 5.9 Predicted Accuracy of SPECK64/96 on Different Network Architectures .. 37 5.10 Predicted Accuracy of Round-Reduced SPECK64/96 ............. 38 6.1 State array input and output for AES [4] .................... 40 6.2 AES Cipher Round Structure [4] ........................ 41 6.3 Predicted Accuracy of AES Across Different Network Architectures ..... 45 6.4 Predicted Accuracy of Round-Reduced AES .................. 46 6.5 Predicted Accuracy on AES SubBytes Across Different Network Architectures 47 6.6 Predicted Accuracy on AES ShiftRows