Cryptanalysis

Image removed.

Cryptanalysis is a core function for cybersecurity research. 2014 has been a very productive year so far for research in this area. The work cited below looks at AES, biclique, Lightweight Welch-Gong Stream Ciphers, and a number of smart card issues, and power injection and use, among other things. These works appeared between January and October of 2014.

  • Heys, H., "Integral Cryptanalysis Of The BSPN Block Cipher," Communications (QBSC), 2014 27th Biennial Symposium on, pp.153, 158, 1-4 June 2014. doi: 10.1109/QBSC.2014.6841204 In this paper, we investigate the application of integral cryptanalysis to the Byte-oriented Substitution Permutation Network (BSPN) block cipher. The BSPN block cipher has been shown to be an efficient block cipher structure, particularly for environments using 8-bit microcontrollers. In our analysis, we are able to show that integral cryptanalysis has limited success when applied to BSPN. A first order attack, based on a deterministic integral, is only applicable to structures with 3 or fewer rounds, while higher order attacks and attacks using a probabilistic integral were found to be only applicable to structures with 4 or less rounds. Since a typical BSPN block cipher is recommended to have 8 or more rounds, it is expected that the BSPN structure is resistant to integral cryptanalysis.
    Keywords: cryptography ;integral equations; microcontrollers; probability; BSPN block cipher; block cipher structure; byte-oriented substitution permutation network; deterministic integral; first order attack; higher order attacks ;integral cryptanalysis; microcontrollers; probabilistic integral; word length 8 bit; Ciphers; Encryption; Microcontrollers; Probabilistic logic; Probability; Resistance; block ciphers; cryptanalysis; cryptography (ID#:14-2784)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6841204&isnumber=6841165
  • Dadhich, A; Gupta, A; Yadav, S., "Swarm Intelligence Based Linear Cryptanalysis Of Four-Round Data Encryption Standard Algorithm," Issues and Challenges in Intelligent Computing Techniques (ICICT), 2014 International Conference on, pp.378,383, 7-8 Feb. 2014. doi: 10.1109/ICICICT.2014.6781312 The proliferation of computers, internet and wireless communication capabilities into the physical world has led to ubiquitous availability of computing infrastructure. With the expanding number and type of internet capable devices and the enlarged physical space of distributed and cloud computing, computer systems are evolving into complex and pervasive networks. Amidst the aforesaid rapid growth in technology, secure transmission of data is also equally important. The amount of sensitive information deposited and transmitted over the internet is absolutely critical and needs principles that enforce legal and restricted use and interpretation of data. The data needs to be protected from eavesdroppers and potential attackers who undermine the security processes and perform actions in excess of their permissions. Cryptography algorithms form a central component of the security mechanisms used to safeguard network transmissions and data storage. As the encrypted data security largely depends on the techniques applied to create, manage and distribute the keys, therefore a cryptographic algorithm might be rendered useless due to poor management of the keys. This paper presents a novel computational intelligence based approach for known ciphertext-only cryptanalysis of four-round Data Encryption Standard algorithm. In ciphertext-only attack, the encryption algorithm used and the ciphertext to be decoded are known to cryptanalyst and is termed as the most difficult attack encountered in cryptanalysis. The proposed approach uses Swarm Intelligences to deduce optimum keys according to their fitness values and identifies the best keys through a statistical probability based fitness function. The results suggest that the proposed approach is intelligent in finding missing key bits of the Data Encryption Standard algorithm.
    Keywords: cloud computing; cryptography; probability; statistical analysis; swarm intelligence; Internet; ciphertext-only attack; ciphertext-only cryptanalysis; cloud computing; computational intelligence based approach; cryptography algorithms; data storage; distributed computing; four-round data encryption standard algorithm; network transmissions; secure data transmission; statistical probability based fitness function; swarm intelligence based linear cryptanalysis; Cryptography; MATLAB; NIST; Ciphertext; Cryptanalysis Cryptography; Information Security ;Language model; Particle Swarm Optimization; Plaintext; Swarm Intelligence (ID#:14-2785)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6781312&isnumber=6781240
  • Alghazzawi, D.M.; Hasan, S.H.; Trigui, M.S., "Advanced Encryption Standard - Cryptanalysis Research," Computing for Sustainable Global Development (INDIACom), 2014 International Conference on, pp.660,667, 5-7 March 2014. doi: 10.1109/IndiaCom.2014.6828045 Advanced Encryption Standard (AES) has been the focus of Cryptanalysis since it was released in the 2001, November. The research gained more important when AES as declared as the Type-1 Suite-B Encryption Algorithm, by the NSA in 2003(CNSSP-15). Which makes it deemed suitable for being utilized for encryption of the both Classified & Unclassified security documents and system. The following papers discusses the Cryptanalysis research being carried out on the AES and discusses the different techniques being used establish the advantages of the algorithm being used in Security systems. It would conclude by the trying to assess the duration in which AES can be effectively used in the National Security Applications.
    Keywords: algebraic codes; cryptography; standards; AES; Advanced Encryption Standard; NSA encryption algorithm; algebraic attack; cryptanalysis research; national security applications; security systems; Ciphers; Classification algorithms; Encryption; Equations; Timing; Cryptanalysis; Encryption; Network Security (ID#:14-2786)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6828045&isnumber=6827395
  • Kumar, R.; Jovanovic, P.; Polian, I, "Precise Fault-Injections Using Voltage And Temperature Manipulation For Differential Cryptanalysis," On-Line Testing Symposium (IOLTS), 2014 IEEE 20th International, pp.43, 48, 7-9 July 2014. doi: 10.1109/IOLTS.2014.6873670 State-of-the-art fault-based cryptanalysis methods are capable of breaking most recent ciphers after only a few fault injections. However, they require temporal and spatial accuracies of fault injection that were believed to rule out low-cost injection techniques such as voltage, frequency or temperature manipulation. We investigate selection of supply-voltage and temperature values that are suitable for high-precision fault injection even up to a single bit. The object of our studies is an ASIC implementation of the recently presented block cipher PRINCE, for which a two-stage fault attack scheme has been suggested lately. This attack requires, on average, about four to five fault injections in well-defined locations. We show by electrical simulations that voltage-temperature points exist for which faults show up at locations required for a successful attack with a likelihood of around 0.1%. This implies that the complete attack can be mounted by approximately 4,000 to 5,000 fault injection attempts, which is clearly feasible.
    Keywords: application specific integrated circuits; cryptography; fault diagnosis; integrated circuit design ;block cipher PRINCE; differential cryptanalysis; electrical simulations; fault-based cryptanalysis methods; high-precision fault injection; low-cost injection techniques; supply-voltage selection; temperature manipulation; temperature values; two-stage fault attack scheme; voltage manipulation; voltage-temperature points; Ciphers; Circuit faults; Clocks; Logic gates; Mathematical model; Temperature distribution (ID#:14-2787)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6873670&isnumber=6873658
  • Bhateja, A; Kumar, S., "Genetic Algorithm With Elitism For Cryptanalysis Of Vigenere Cipher," Issues and Challenges in Intelligent Computing Techniques (ICICT), 2014 International Conference on, pp.373,377, 7-8 Feb. 2014. doi: 10.1109/ICICICT.2014.6781311 In today's world, with increasing usage of computer networks and internet, the importance of network, computer and information security is obvious. One of the widely used approaches for information security is Cryptography. Cryptanalysis is a way to break the cipher text without having the encryption key. This paper describes a method of deciphering encrypted messages of Vigenere cipher cryptosystems by Genetic Algorithm using elitism with a novel fitness function. Roulette wheel method, two point crossover and cross mutation is used for selection and for the generation of the new population. We conclude that the proposed algorithm can reduce the time complexity and gives better results for such optimization problems.
    Keywords: cryptography; genetic algorithms; Internet; Vigenere cipher; computer networks; computer security; cross mutation; cryptanalysis; cryptography; elitism; encryption key; fitness function; genetic algorithm; information security; network security; roulette wheel method; two point crossover; Ciphers; Genetic algorithms; Genetics; Lead; Size measurement; Vigenere cipher; chromosomes; cryptanalysis; elitism; fitness function; genes; genetic algorithm (ID#:14-2788)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6781311&isnumber=6781240
  • Lin Ding; Chenhui Jin; Jie Guan; Qiuyan Wang, "Cryptanalysis of Lightweight WG-8 Stream Cipher," Information Forensics and Security, IEEE Transactions on, vol.9, no.4, pp.645,652, April 2014. doi: 10.1109/TIFS.2014.2307202 WG-8 is a new lightweight variant of the well-known Welch-Gong (WG) stream cipher family, and takes an 80-bit secret key and an 80-bit initial vector (IV) as inputs. So far no attack on the WG-8 stream cipher has been published except the attacks by the designers. This paper shows that there exist Key-IV pairs for WG-8 that can generate keystreams, which are exact shifts of each other throughout the keystream generation. By exploiting this slide property, an effective key recovery attack on WG-8 in the related key setting is proposed, which has a time complexity of 253.32 and requires 252 chosen IVs. The attack is minimal in the sense that it only requires one related key. Furthermore, we present an efficient key recovery attack on WG-8 in the multiple related key setting. As confirmed by the experimental results, our attack recovers all 80 bits of WG-8 in on a PC with 2.5-GHz Intel Pentium 4 processor. This is the first time that a weakness is presented for WG-8, assuming that the attacker can obtain only a few dozen consecutive keystream bits for each IV. Finally, we give a new Key/IV loading proposal for WG-8, which takes an 80-bit secret key and a 64-bit IV as inputs. The new proposal keeps the basic structure of WG-8 and provides enough resistance against our related key attacks.
    Keywords: computational complexity; cryptography; microprocessor chips;80-bit initial vector;80-bit secret key; Intel Pentium 4 processor; Welch-Gong stream cipher; frequency 2.5 GHz; key recovery attack; keystream generation; lightweight WG-8 stream cipher cryptanalysis; related key attack; slide property; time complexity; Ciphers; Clocks; Equations; Proposals; Time complexity;Cryptanalysis;WG-8;lightweight stream cipher; related key attack (ID#:14-2789)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6746224&isnumber=6755552
  • Madhusudhan, R.; Kumar, S.R., "Cryptanalysis of a Remote User Authentication Protocol Using Smart Cards," Service Oriented System Engineering (SOSE), 2014 IEEE 8th International Symposium on, pp.474,477, 7-11 April 2014. doi: 10.1109/SOSE.2014.84 Remote user authentication using smart cards is a method of verifying the legitimacy of remote users accessing the server through insecure channel, by using smart cards to increase the efficiency of the system. During last couple of years many protocols to authenticate remote users using smart cards have been proposed. But unfortunately, most of them are proved to be unsecure against various attacks. Recently this year, Yung-Cheng Lee improved Shin et al.'s protocol and claimed that their protocol is more secure. In this article, we have shown that Yung-Cheng-Lee's protocol too has defects. It does not provide user anonymity; it is vulnerable to Denial-of-Service attack, Session key reveal, user impersonation attack, Server impersonation attack and insider attacks. Further it is not efficient in password change phase since it requires communication with server and uses verification table.
    Keywords: computer network security; cryptographic protocols; message authentication ;smart cards; Yung-Cheng-Lee's protocol; cryptanalysis; denial-of-service attack; insecure channel; insider attacks; legitimacy verification; password change phase; remote user authentication protocol; server impersonation attack; session key; smart cards; user impersonation attack; verification table;Authentication;Bismuth;Cryptography;Protocols;Servers;Smart cards; authentication; smart card; cryptanalysis; dynamic id (ID#:14-2790)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6830951&isnumber=6825948
  • Phuong Ha Nguyen; Sahoo, D.P.; Mukhopadhyay, D.; Chakraborty, R.S., "Cryptanalysis of Composite PUFs (Extended abstract-invited talk)," VLSI Design and Test, 18th International Symposium on, pp.1,2, 16-18 July 2014.doi: 10.1109/ISVDAT.2014.6881035 In recent years, Physically Unclonable Functions (PUFs) have become important cryptographic primitive and are used in secure systems to resist physical attacks. Since PUFs have many useful properties such as memory-leakage resilience, unclonablity, tampering-resistance, PUF has drawn great interest in academia as well as industry. As extremely useful hardware security primitives, PUFs are used in various proposed applications such as device authentication and identification, random number generation, and intellectual property protection. One of important requirement to PUFs is that PUFs should have small hardware overhead in order to be utilized in lightweight application such as RFID. To achieve this goal, Composite PUFs are developed and introduced in RECONFIG2013 and HOST2014. In a nutshell, Composite PUFs are built by using many small PUFs primitives. In this talk, we show that Composite PUFs introduced in RECONFIG2013 are not secure by presenting its cryptanalysis.
    Keywords: cryptography; data protection; message authentication; random number generation; composite PUFs cryptanalysis; cryptographic primitive; device authentication; intellectual property protection; physically unclonable functions; random number generation; Authentication; Computational modeling; Hardware; Industries; Random number generation; PUF; Physically unclonable function; cryptanalysis (ID#:14-2791)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6881035&isnumber=6881034
  • Huixian Li; Liaojun Pang, "Cryptanalysis of Wang et al.'s Improved Anonymous Multi-Receiver Identity-Based Encryption Scheme," Information Security, IET , vol.8, no.1, pp.8,11, Jan. 2014. doi: 10.1049/iet-ifs.2012.0354 Fan et al. proposed an anonymous multi-receiver identity-based encryption scheme in 2010, and showed that the identity of any legal receiver can be kept anonymous to anyone else. In 2012, Wang et al. pointed out that Fan et al.'s scheme cannot achieve the anonymity and that every legal receiver can determine whether the other is one of the legal receivers. At the same time, they proposed an improved scheme based on Fan et al.'s scheme to solve this anonymity problem. Unfortunately, the authors find that Wang et al.'s improved scheme still suffers from the same anonymity problem. Any legal receiver of Wang et al.'s improved scheme can judge whether anyone else is a legal receiver or not. In this study, the authors shall give the detailed anonymity analysis of Wang et al.'s improved scheme.
    Keywords: broadcasting; cryptography; receivers; telecommunication security; Wang et al improved scheme ;anonymity problem; anonymous multireceiver identity-based encryption scheme; cryptanalysis; legal receiver (ID#:14-2792)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6687152&isnumber=6687150
  • Sarvabhatla, Mrudula; Giri, M.; Vorugunti, Chandra Sekhar, "Cryptanalysis of “a Biometric-Based User Authentication Scheme For Heterogeneous Wireless Sensor Networks”," Contemporary Computing (IC3), 2014 Seventh International Conference on, pp.312,317, 7-9 Aug. 2014. doi: 10.1109/IC3.2014.6897192 With the advancement of Internet of Things (IoT) technology and rapid growth of WSN applications, provides an opportunity to connect WSN to IoT, which results in the secure sensor data can be accessible via in secure Internet. The integration of WSN and IoT effects lots of security challenges and requires strict user authentication mechanism. Quite a few isolated user verification or authentication schemes using the password, the biometrics and the smart card have been proposed in the literature. In 2013, A.K Das et al. designed a biometric-based remote user verification scheme using smart card for heterogeneous wireless sensor networks. A.K Das et al insisted that their scheme is secure against several known cryptographic attacks. Unfortunately, in this manuscript we will show that their scheme fails to resist replay attack, user impersonation attack, failure to accomplish mutual authentication and failure to provide data privacy.
    Keywords: Authentication; Biometrics (access control); Elliptic curve cryptography; Smart cards; Wireless sensor networks; Biometric; Cryptanalysis; Smart Card; User Authentication; Wireless Sensor Networks (ID#:14-2793)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6897192&isnumber=6897132
  • Aboud, S.J.; Al-fayoumi, M., "Cryptanalysis Of Password Authentication System," Computer Science and Information Technology (CSIT), 2014 6th International Conference on, pp.14,17, 26-27 March 2014. doi: 10.1109/CSIT.2014.6805972 The password authentication systems have been increasing in recent years. Therefore authors have been concentrated these days on introducing more password authentication systems. Thus, in 2011, Lee et al., presented an enhanced system to resolve the vulnerabilities of selected system. But, we notice that Lee et al., system is still weak to server attack and stolen smart card attack. Also, a password change protocol of the system is neither suitable to users nor low efficient. There is no handy data can be gained from the values kept in smart cards. Therefore, a stolen smart card attack can be blocked. To prevent server attack, we suggest transferring a user authentication operation from servers to a registration centre, which can guarantee every server, has another private key.
    Keywords: cryptography; message authentication; smart cards; cryptanalysis; password authentication system; password change protocol; private key; registration centre; server attack; stolen smart card attack; user authentication operation; Authentication; Computer hacking; Cryptography; Protocols; Servers; Smart cards (ID#:14-2794)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6805972&isnumber=6805962
  • Ahmadi, S.; Ahmadian, Z.; Mohajeri, J.; Aref, M.R., "Low-Data Complexity Biclique Cryptanalysis of Block Ciphers With Application to Piccolo and HIGHT," Information Forensics and Security, IEEE Transactions on, vol.9, no.10, pp.1641,1652, Oct. 2014. doi: 10.1109/TIFS.2014.2344445 In this paper, we present a framework for biclique cryptanalysis of block ciphers which extremely requires a low amount of data. To that end, we enjoy a new representation of biclique attack based on a new concept of cutset that describes our attack more clearly. Then, an algorithm for choosing two differential characteristics is presented to simultaneously minimize the data complexity and control the computational complexity. Then, we characterize those block ciphers that are vulnerable to this technique and among them, we apply this attack on lightweight block ciphers Piccolo-80, Piccolo-128, and HIGHT. The data complexity of these attacks is only 16-plaintext-ciphertext pairs, which is considerably less than the existing cryptanalytic results. In all the attacks, the computational complexity remains the same as the previous ones or even it is slightly improved.
    Keywords: Ciphers; Computational complexity; Encryption; Optimization; Schedules; Biclique cryptanalysis; attack complexity; lightweight block ciphers (ID#:14-2795)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6868260&isnumber=6891522
  • Mala, H., "Biclique-based Cryptanalysis Of The Block Cipher SQUARE," Information Security, IET, vol.8, no.3, pp.207, 212, May 2014. doi: 10.1049/iet-ifs.2011.0332 SQUARE, an eight-round substitution-permutation block cipher, is considered as a predecessor of the advanced encryption standard (AES). Recently, the concept of biclique-based key recovery of block ciphers was introduced and applied to full-round versions of three variants of AES. In this paper, this technique is applied to analyse the block cipher SQUARE. First, a biclique for three rounds of SQUARE using independent related-key differentials has been found. Then, an attack on this cipher is presented, with a data complexity of about 248 chosen plaintexts and a time complexity of about 2125.7 encryptions. The attack is the first successful attack on full-round SQUARE in the single-key scenario.
    Keywords: computational complexity; cryptography; AES; advanced encryption standard; biclique-based cryptanalysis; biclique-based key recovery; block cipher SQUARE; block ciphers; data complexity; eight-round substitution-permutation block cipher ;independent related-key differentials; time complexity (ID#:14-2796)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6786901&isnumber=6786849
  • Kramer, J.; Kasper, M.; Seifert, J.-P., "The Role Of Photons In Cryptanalysis," Design Automation Conference (ASP-DAC), 2014 19th Asia and South Pacific, pp.780, 787, 20-23 Jan. 2014 doi: 10.1109/ASPDAC.2014.6742985 Photons can be exploited to reveal secrets of security ICs like smartcards, secure microcontrollers, and cryptographic coprocessors. One such secret is the secret key of cryptographic algorithms. This work gives an overview about current research on revealing these secret keys by exploiting the photonic side channel. Different analysis methods are presented. It is shown that the analysis of photonic emissions also helps to gain knowledge about the attacked device and thus poses a threat to modern security ICs. The presented results illustrate the differences between the photonic and other side channels, which do not provide fine-grained spatial information. It is shown that the photonic side channel has to be addressed by software engineers and during chip design.
    Keywords: photons; private key cryptography; cryptanalysis; integrated circuit; photonic emissions; photonic side channel; photons; secret keys; security IC; Algorithm design and analysis; Cryptography; Detectors; Integrated circuits; Photonics; Random access memory (ID#:14-2797)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6742985&isnumber=6742831
  • Xu, J.; Hu, L.; Sun, S., "Cryptanalysis of Two Cryptosystems Based On Multiple Intractability Assumptions," Communications, IET , vol.8, no.14, pp.2433,2437, Sept. 25 2014. doi: 10.1049/iet-com.2013.1101 Two public key cryptosystems based on the two intractable number-theoretic problems, integer factorisation and simultaneous Diophantine approximation, were proposed in 2005 and 2009, respectively. In this study, the authors break these two cryptosystems for the recommended minimum parameters by solving the corresponding modular linear equations with small unknowns. For the first scheme, the public modulus is factorised and the secret key is recovered with the Gauss algorithm. By using the LLL basis reduction algorithm for a seven-dimensional lattice, the public modulus in the second scheme is also factorised and the plaintext is recovered from a ciphertext. The author's attacks are efficient and verified by experiments which were done within 5s.
    Keywords: (not provided) (ID#:14-2798)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6900024&isnumber=6900021
  • Kuo, Po-Chun; Cheng, Chen-Mou, "Lattice-based Cryptanalysis — How To Estimate The Security Parameter Of Lattice-Based Cryptosystem," Consumer Electronics - Taiwan (ICCE-TW), 2014 IEEE International Conference on, pp.53,54, 26-28 May 2014. doi: 10.1109/ICCE-TW.2014.6904097 The usual cryptosystem behind debit card is RSA cryptosystem, which would be broken immediately by quantum computer. Thus, post-quantum cryptography rises and aims to develop cryptosystems which resist the quantum attack. Lattice-based cryptography is one on post-quantum cryptography, and is used to construct various cryptosystems. The central problem behind the lattice-based cryptosystem is Shortest Vector Problem (SVP), finding the shortest vector in the given lattice. Based on the previous results, we re-design the implementation method to improve the performance on GPU. Moreover, we implement and compare the enumeration and sieve algorithm to solve SVP on GPU. Thus, we can estimate the security parameter of lattice-based cryptosystem in reasonable way.
    Keywords: Algorithm design and analysis; Approximation algorithms; Cryptography; Graphics processing units; Lattices; Vectors (ID#:14-2799)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6904097&isnumber=6903991
  • Jun Xu; Lei Hu; Siwei Sun; Yonghong Xie, "Cryptanalysis of Countermeasures Against Multiple Transmission Attacks on NTRU," Communications, IET, vol.8, no.12, pp.2142, 2146, August 14 2014. doi: 10.1049/iet-com.2013.1092 The original Number Theory Research Unit (NTRU) public key cryptosystem is vulnerable to multiple transmission attacks, and the designers of NTRU presented two countermeasures to prevent such attacks. In this study, the authors show that the first countermeasure is still not secure, the plaintext can be revealed by a linearisation attack technique. Moreover, they demonstrate that the first countermeasure is even not secure for broadcast attacks, a class of more general attacks than multiple transmission attacks. For the second countermeasure, they show that one special case of its padding function for the plaintext is also insecure and the original plaintext can be obtained by lattice methods.
    Keywords: public key cryptography; broadcast attacks; lattice methods; linearisation attack technique; multiple transmission attacks; original NTRU public key cryptosystem (ID#:14-2800)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6871476&isnumber=6871466
  • Li Wei; Tao Zhi; Gu Dawu; Sun Li; Qu Bo; Liu Zhiqiang; Liu Ya, "An Effective Differential Fault Analysis On The Serpent Cryptosystem In The Internet of Things," Communications, China , vol.11, no.6, pp.129,139, June 2014. doi: 10.1109/CC.2014.6879011 Due to the strong attacking ability, fast speed, simple implementation and other characteristics, differential fault analysis has become an important method to evaluate the security of cryptosystem in the Internet of Things. As one of the AES finalists, the Serpent is a 128-bit Substitution-Permutation Network (SPN) cryptosystem. It has 32 rounds with the variable key length between 0 and 256 bits, which is flexible to provide security in the Internet of Things. On the basis of the byte-oriented model and the differential analysis, we propose an effective differential fault attack on the Serpent cryptosystem. Mathematical analysis and simulating experiment show that the attack could recover its secret key by introducing 48 faulty ciphertexts. The result in this study describes that the Serpent is vulnerable to differential fault analysis in detail. It will be beneficial to the analysis of the same type of other iterated cryptosystems.
    Keywords: Internet of Things; computer network security; mathematical analysis; private key cryptography; Internet of Things; SPN cryptosystem; Serpent cryptosystem; byte-oriented model; cryptosystem security; differential fault analysis; differential fault attack; faulty ciphertexts; mathematical analysis; secret key recovery; substitution-permutation network cryptosystem; word length 0 bit to 256 bit; Educational institutions; Encryption; Internet of Things; Schedules; cryptanalysis; differential fault analysis ;internet of things; serpent (ID#:14-2801)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6879011&isnumber=6878993
  • Tauleigne, R.; Datcu, O.; Stanciu, M., "Thwarting Cryptanalytic Attacks Based On The Correlation Function," Communications (COMM), 2014 10th International Conference on, pp.1, 4, 29-31 May 2014. doi: 10.1109/ICComm.2014.6866745 Many studies analyze the encrypted transmission using the synchronization of chaotic signals. This requires the exchange of an analog synchronization signal, which almost always is a state of the chaotic generator. However, very few different chaotic structures are used for this purpose, still. The uniqueness of their dynamics allows the identification of these structures by simple autocorrelation. In order to thwart all cryptanalytic attacks based on the identification of this dynamics, we propose a numerical method without memory in order to reversibly destroy the shape of the transmitted signal. After analog-to-digital conversion of the synchronization signal, we apply permutations of the weights of its bits to each binary word. These permutations significantly change the shape of the transmitted signal, increasing its versatility and spreading its spectrum. If the message is simply added to the synchronization signal, being the easiest to decrypt, it undergoes the same transformation. It is therefore extremely difficult to detect the message in the transmitted signal by using a temporal analysis, as well as a frequency one. The present work illustrates the proposed method for the chaotic Colpitts oscillator. Nevertheless, the algorithm does not depend on the chosen chaotic generator. Finally, by only increasing the size of the permutation matrix, the complexity of the change in the waveform is increased in a factorial way.
    Keywords: analogue-digital conversion; chaos generators; correlation methods; cryptography; oscillators; signal detection; synchronisation; analog synchronization signal analog-to-digital conversion; autocorrelation function; chaotic Colpitts oscillator; chaotic generator; chaotic structure identification; encrypted signal transmission; frequency analysis; message detection; temporal analysis; thwarting cryptanalytic attacks; weight permutation matrix; Chaotic communication; Computer hacking; Receivers; Shape; Synchronization; Transmitters; chaotic system; correlation; cryptanalysis; encryption; synchronization (ID#:14-2802)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6866745&isnumber=6866648
  • Ali, A, "Some Words On Linearisation Attacks On FCSR-Based Stream Ciphers," Applied Sciences and Technology (IBCAST), 2014 11th International Bhurban Conference on, pp.195, 202, 14-18 Jan. 2014. doi: 10.1109/IBCAST.2014.6778145 Linearisation attacks are effective against those stream ciphers whose analysis theory depends on the properties of 2-adic numbers. This paper discuses these attacks in the context of Feedback with Carry Shift Register (FCSR) based stream ciphers. In this context, linearisation attacks build upon the theory of linearisation intervals of the FCSR state update function. The paper presents detailed theoretical results on FCSRs, which describe various operational aspects of the FCSR state update function in relation to the linearisation intervals. Linearisation attacks combine these theoretical results on FCSRs with the concepts of well-known techniques of cryptanalysis, which depends upon the structures of specific ciphers to be analysed such as linear cryptanalysis, correlation attacks, guess-and-determine attacks, and algebraic attacks. In the context of FCSR-based stream ciphers, the paper describes three variants of linearisation attacks. These variants are named as “Conventional Linearisation Attacks”, “Fast Linearisation Attacks” and “Improved Linearisation Attacks”. These variants of linearisation attacks provide trade-offs between data, time and memory complexities with respect to each other. Moreover this paper also presents a detailed comparison of linearisation attacks with other well-known techniques of cryptanalysis.
    Keywords: algebra; cryptography; shift registers; FCSR state update function ;FCSR-based stream ciphers; Feedback with Carry Shift Register; algebraic attacks; conventional linearisation attacks; correlation attacks; fast linearisation attacks; guess-and-determine attacks; improved linearisation attacks; linear cryptanalysis; linearisation interval theory; trade-offs; Adders; Ciphers; Equations; Hamming weight; Mathematical model; Registers; CLAs; FLAs; ILAs; New results; linearisation attacks; tradeoffs (ID#:14-2803)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6778145&isnumber=6778084
  • Khan, AK.; Mahanta, H.J., "Side Channel Attacks And Their Mitigation Techniques," Automation, Control, Energy and Systems (ACES), 2014 First International Conference on, pp.1,4, 1-2 Feb. 2014. doi: 10.1109/ACES.2014.6807983 Side channel cryptanalysis is one of the most volatile fields of research in security prospects. It has proved that cryptanalysis is no more confined to its dependence on plain text or cipher text. Indeed side channel attack uses the physical characteristics of the cryptographic device to find the cryptographic algorithm used and also the secret key. It is one of the most efficient techniques and has successfully broken almost all the cryptographic algorithms today. In this paper we aim to present a review on the various side channel attacks possible. Also, the techniques proposed to mitigate such an attack have been stated.
    Keywords: cryptography; cryptographic device; ivolatile field; mitigation technique ;security prospect; side channel attack; side channel cryptanalysis; Ciphers ;Elliptic curve cryptography; Encryption; Hardware; Timing; AES; DES; DPA; Power Analysis; SPA; cryptographic device (ID#:14-2804)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6807983&isnumber=6807973
  • Rudra, M.R.; Daniel, N.A; Nagoorkar, V.; Hoe, D.H.K., "Designing Stealthy Trojans With Sequential Logic: A Stream Cipher Case Study," Design Automation Conference (DAC), 2014 51st ACM/EDAC/IEEE, pp.1,4, 1-5 June 2014. doi: 10.1145/2593069.2596677 This paper describes how a stealthy Trojan circuit can be inserted into a stream cipher module. The stream cipher utilizes several shift register-like structures to implement the keystream generator and to process the encrypted text. We demonstrate how an effective trigger can be built with the addition of just a few logic gates inserted between the shift registers and one additional flip-flop. By distributing the inserted Trojan logic both temporally and over the logic design space, the malicious circuit is hard to detect by both conventional and more recent static analysis methods. The payload is designed to weaken the cipher strength, making it more susceptible to cryptanalysis by an adversary.
    Keywords: cryptography; flip-flops; invasive software; logic design; sequential circuits; shift registers; cipher strength; cryptanalysis; encrypted text ;flip-flop; keystream generator; logic design space; logic gates; malicious circuit; sequential logic; shift register-like structures; static analysis methods; stealthy trojan circuit; stream cipher module; trojan logic; Ciphers; Encryption; Hardware; Logic gates; Shift registers; Trojan horses; hardware trojan; sequential-based Trojan; stream cipher (ID#:14-2805)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6881499&isnumber=6881325
  • Chouhan, D.S.; Mahajan, R.P., "An Architectural Framework For Encryption & Generation Of Digital Signature Using DNA Cryptography," Computing for Sustainable Global Development (INDIACom), 2014 International Conference on, pp.743,748, 5-7 March 2014. doi: 10.1109/IndiaCom.2014.6828061 As most of the modern encryption algorithms are broken fully/partially, the world of information security looks in new directions to protect the data it transmits. The concept of using DNA computing in the fields of cryptography has been identified as a possible technology that may bring forward a new hope for hybrid and unbreakable algorithms. Currently, several DNA computing algorithms are proposed for cryptography, cryptanalysis and steganography problems, and they are proven to be very powerful in these areas. This paper gives an architectural framework for encryption & Generation of digital signature using DNA Cryptography. To analyze the performance; the original plaintext size and the key size; together with the encryption and decryption time are examined also the experiments on plaintext with different contents are performed to test the robustness of the program.
    Keywords: biocomputing; digital signatures; DNA computing; DNA cryptography; architectural framework; cryptanalysis; decryption time; digital signature encryption; digital signature generation ;encryption algorithms; encryption time; information security; key size; plaintext size; steganography; Ciphers; DNA; DNA computing; Digital signatures; Encoding; Encryption; DNA; DNA computing DNA cryptography; DNA digital coding (ID#:14-2806)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6828061&isnumber=6827395
  • Te-Yu Chen; Chung-Huei Ling; Min-Shiang Hwang, "Weaknesses of the Yoon-Kim-Yoo Remote User Authentication Scheme Using Smart Cards," Electronics, Computer and Applications, 2014 IEEE Workshop on, pp.771,774, 8-9 May 2014. doi: 10.1109/IWECA.2014.6845736 A user authentication scheme is a mechanism employed by a server to authenticate the legality of a user before he/she is allowed to access the resource or service provided by the server. Due to the Internet's openness and lack of security concern, the user authentication scheme is one of the most important security primitives in the Internet activities. Many researchers have been devoted to the study of this issue. There are many authentication schemes have been proposed up to now. However, most of these schemes have both the advantages and disadvantages. Recently, Yoon, Kim and Yoo proposed a remote user authentication scheme which is an improvement of Liaw et al.'s scheme. Unfortunately, we find their scheme is not secure enough. In this paper, we present some flaws in Yoon-Kim-Yoo's scheme. This proposed cryptanalysis contributes important heuristics on the secure concern when researchers design remote user authentication schemes.
    Keywords: Internet; cryptography; message authentication; smart cards; Internet activities; Yoon-Kim-Yoo remote user authentication scheme weakness; cryptanalysis; security primitives; smart cards; Cryptography; Entropy; Ice; Smart card; cryptography; guessing attack; user authentication (ID#:14-2807)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6845736&isnumber=6845536
  • Ximeng Liu; Jianfeng Ma; Jinbo Xiong; Qi Li; Tao Zhang; Hui Zhu, "Threshold Attribute-Based Encryption With Attribute Hierarchy For Lattices In The Standard Model," Information Security, IET, vol.8, no.4, pp.217,223, July 2014. doi: 10.1049/iet-ifs.2013.0111 Attribute-based encryption (ABE) has been considered as a promising cryptographic primitive for realising information security and flexible access control. However, the characteristic of attributes is treated as the identical level in most proposed schemes. Lattice-based cryptography has been attracted much attention because of that it can resist to quantum cryptanalysis. In this study, lattice-based threshold hierarchical ABE (lattice-based t-HABE) scheme without random oracles is constructed and proved to be secure against selective attribute set and chosen plaintext attacks under the standard hardness assumption of the learning with errors problem. The notion of the HABE scheme can be considered as the generalisation of traditional ABE scheme where all attributes have the same level.
    Keywords: authorisation; cryptography; attribute characteristics; attribute hierarchy; cryptographic primitive; flexible access control; information security; lattice-based cryptography; lattice-based t-HABE scheme; lattice-based threshold hierarchical ABE scheme; plaintext attacks; quantum cryptanalysis; random oracles; selective attribute set; standard model; threshold attribute-based encryption (ID#:14-2808)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6842406&isnumber=6842405
  • Shao-zhen Chen; Tian-min Xu, "Biclique Key Recovery for ARIA-256," Information Security, IET, vol.8, no.5, pp.259,264, Sept. 2014. doi: 10.1049/iet-ifs.2012.0353 In this study, combining the biclique cryptanalysis with the meet-in-the-middle (MITM) attack, the authors present the first key recovery method for the full ARIA-256 faster than brute-force. The attack requires 280 chosen plaintexts, and the time complexity is about 2255.2 full-round ARIA encryptions.
    Keywords: cryptography; MITM attack; biclique cryptanalysis; biclique key recovery; first key recovery method; full-round ARIA encryptions; meet-in-the-middle attack; time complexity (ID#:14-2809)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6881822&isnumber=6881821
  • Zadeh, AA; Heys, H.M., "Simple Power Analysis Applied To Nonlinear Feedback Shift Registers," Information Security, IET, vol.8, no.3, pp.188, 198, May 2014. doi: 10.1049/iet-ifs.2012.0186 Linear feedback shift registers (LFSRs) and nonlinear feedback shift register (NLFSRs) are major components of stream ciphers. It has been shown that, under certain idealised assumptions, LFSRs and LFSR-based stream ciphers are susceptible to cryptanalysis using simple power analysis (SPA). In this study, the authors show that SPA can be practically applied to a CMOS digital hardware circuit to determine the bit values of an NLFSR and SPA therefore has applicability to NLFSR-based stream ciphers. A new approach is used with the cryptanalyst collecting power consumption information from the system on both edges (triggering and non-triggering) of the clock in the digital hardware circuit. The method is applied using simulated power measurements from an 80-bit NLFSR targeted to an 180 nm CMOS implementation. To overcome inaccuracies associated with mapping power measurements to the cipher data, the authors offer novel analytical techniques which help the analysis to find the bit values of the NLFSR. Using the obtained results, the authors analyse the complexity of the analysis on the NLFSR and show that SPA is able to successfully determine the NLFSR bits with modest computational complexity and a small number of power measurement samples.
    Keywords: CMOS logic circuits; computational complexity; cryptography; power aware computing; shift registers; CMOS digital hardware circuit; LFSR; LFSR-based stream ciphers; NLFSR-based stream ciphers; SPA; bit value determination; cipher data; clock edges; computational complexity; cryptanalysis; digital hardware circuit; linear feedback shift registers; nonLFSR; nonlinear feedback shift registers; power consumption information; simple power analysis; simulated power measurements; size 180 nm; stream ciphers; word length 80 bit (ID#:14-2810)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6786955&isnumber=6786849
  • Harish, P.D.; Roy, S., "Energy Oriented Vulnerability Analysis on Authentication Protocols for CPS," Distributed Computing in Sensor Systems (DCOSS), 2014 IEEE International Conference on, pp.367,371, 26-28 May 2014. doi: 10.1109/DCOSS.2014.52 In this work we compute the energy generated by modular exponentiation, a widely used powerful tool in password authentication protocols for cyber physical systems. We observe modular exponentiation to be an expensive operation in terms of energy consumption in addition to be known to be computationally intensive. We then analyze the security and energy consumption an advanced smart card based password authentication protocol for cyber physical systems, that use modular exponentiation. We devise a generic cryptanalysis method on the protocol, in which the attacker exploits the energy and computational intensive nature of modular exponentiation to a perform denial of service (DoS) attack. We also show other similar protocols to be vulnerable to this attack. We then suggest methods to prevent this attack.
    Keywords: authorisation; energy conservation; CPS; DoS attack; cyber physical systems; denial-of-service attack; energy consumption; energy oriented vulnerability analysis;modular exponentiation; smart card based password authentication protocol; Authentication; Energy consumption; Energy measurement; Protocols; Servers; Smart cards (ID#:14-2811)
    URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=6846192&isnumber=6846129

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.