Cryptanalysis 2015 | Science of Security Virtual Organization

Cryptanalysis 2015


	Cryptanalysis 2015

Cryptanalysis is a core function for cybersecurity research. The work cited below looks at issues related to the Science of Security including cyber physical systems, composability, resilience, and metrics. These works appeared in 2015.

Kokes, J.; Lorencz, R., "Linear cryptanalysis of Baby Rijndael," in e-Technologies and Networks for Development (ICeND),2015 Forth International Conference on, pp. 1-6, 21-23 Sept. 2015. doi: 10.1109/ICeND.2015.7328533

Abstract: We present results of linear cryptanalysis of Baby Rijndael, a reduced-size model of Rijndael. The results were obtained using exhaustive search of all approximations and all keys and show some curious properties of both linear cryptanalysis and Baby Rijndael, particularly the existence of different classes of linear approximations with significantly different success rates of recovery of the cipher's key.

Keywords: approximation theory; cryptography; Baby Rijndael; Rijndael reduced-size model; cipher key recovery; exhaustive search; linear approximation; linear cryptanalysis; Algorithm design and analysis; Approximation algorithms; Ciphers; Linear approximation; Pediatrics; Baby Rijndael; Linear cryptanalysis; key recovery; linear approximations; success rate (ID#: 15-8401)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7328533&isnumber=7328528

Divya, R.; Muthukumarasamy, S., "An Impervious QR-Based Visual Authentication Protocols to Prevent Black-Bag Cryptanalysis," in Intelligent Systems and Control (ISCO), 2015 IEEE 9th International Conference on, pp. 1-6, 9-10 Jan. 2015. doi: 10.1109/ISCO.2015.7282330

Abstract: Black-bag cryptanalysis is used to acquire the cryptographic secrets from the target computers and devices through burglary or covert installation of keylogging and Trojan horse hardware/software. To overcome black-bag cryptanalysis, the secure authentication protocols are required. It mainly focuses on keylogging where the keylogger hardware or software is used to capture the client's keyboard strokes to intercept the password. They consider various root kits residing in PCs (Personnel Computers) to observe the client's behavior that breaches the security. The QR code can be used to design the visual authentication protocols to achieve high usability and security. The two authentication protocols are Time based One-Time-Password protocol and Password-based authentication protocol. Through accurate analysis, the protocols are proved to be robust to several authentication attacks. And also by deploying these two protocols in real-world applications especially in online transactions, the strict security requirements can be satisfied.

Keywords: QR codes; cryptographic protocols; invasive software; message authentication; QR code; QR-based visual authentication protocol; Trojan horse hardware/software; authentication attack; black-bag cryptanalysis; burglary; covert installation; cryptographic secret; keylogger hardware; keylogger software; keylogging; online transaction; password-based authentication protocol; personnel computer; secure authentication protocol; time based one-time-password protocol;Encryption;Hardware;Keyboards;Personnel;Protocols;Robustness;Android; Attack; Authentication; Black-bag cryptanalysis; Keylogging; Malicious code; Pharming; Phishing; QR code; Session hijacking; visualization (ID#: 15-8402)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7282330&isnumber=7282219

Madhusudan, R.; Valiveti, A., "Cryptanalysis of Remote User Authentication Scheme with Key Agreement," in Computer, Communications, and Control Technology (I4CT), 2015 International Conference on, pp. 476-480, 21-23 April 2015. doi: 10.1109/I4CT.2015.7219623

Abstract: Password authentication with smart card is one of the most convenient and effective two-factor authentication mechanisms for remote systems to assure one communicating party of the legitimacy of the corresponding party by acquisition of corroborative evidence. This technique has been widely deployed for various kinds of authentication applications, such as remote host login, online banking, e-commerce and e-health. Recently, Kumari et al. presented a dynamic-identity-based user authentication scheme with session key agreement. In this research, we illustrate that Kumari et al.'s scheme violates the purpose of dynamic-identity contrary to author's claim. We show that once the smart card of an arbitrary user is lost, messages of all registered users are at risk. Using information from an arbitrary smart card, an adversary can impersonate any user of the system.

Keywords: cryptography; message authentication; smart cards; corroborative evidence acquisition; cryptanalysis; dynamic-identity-based user authentication scheme; password authentication; remote user authentication scheme; session key agreement; smart card; two-factor authentication mechanisms; Authentication; Bismuth; Nickel; Servers; Silicon; Smart cards; Smartcard; authentication; cryptanalysis; dynamic-id based authentication scheme (ID#: 15-8403)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7219623&isnumber=7219513

Kexin Qiao; Lei Hu; Siwei Sun; Xiaoshuang Ma, "Related-Key Rectangle Cryptanalysis of Reduced-Round Block Cipher MIBS," in Application of Information and Communication Technologies (AICT), 2015 9th International Conference on, pp. 216-220, 14-16 Oct. 2015. doi: 10.1109/ICAICT.2015.7338549

Abstract: A related-key rectangle attack treats a block cipher as a cascade of two sub-ciphers to construct distinguishers. In this paper, by introducing related-key differential characteristics with high probability for each sub-cipher, we construct a distinguisher for 13-round MIBS80, a Feistel block cipher with key length of 80 bits, and launch a key-recovery attack on 15-round MIBS80 with time complexity of 267 and data complexity of 249. A similar attack is also launched on 13-round MIBS64, a version of the cipher with 64-bit keys. This is the first and a textbook related-key rectangle cryptanalysis on MIBS block cipher.

Keywords: computational complexity; cryptography; 13-round MIBS80; 15-round MIBS80; 64-bit keys; Feistel block cipher; data complexity; key-recovery attack; reduced-round block cipher MIBS; related-key rectangle cryptanalysis; time complexity; word length 64 bit; word length 80 bit; Ciphers; Computational modeling ;Lead; Schedules; Time complexity; MIBS block cipher; rectangle attack; rectangle distinguisher; related-key differential attack (ID#: 15-8404)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7338549&isnumber=7338496

Ergun, S., "Cryptanalysis of a Double Scroll Based “True” Random Bit Generator," in Circuits and Systems (MWSCAS), 2015 IEEE 58th International Midwest Symposium on, pp. 1-4, 2-5 Aug. 2015. doi: 10.1109/MWSCAS.2015.7282066

Abstract: An algebraic cryptanalysis of a “true” random bit generator (RBG) based on a double-scroll attractor is provided. An attack system is proposed to analyze the security weaknesses of the RBG. Convergence of the attack system is proved using synchronization of chaotic systems with unknown parameters called auto-synchronization. All secret parameters of the RBG are recovered from a scalar time series using auto-synchronization where the other information available are the structure of the RBG and output bit sequence obtained from the RBG. Simulation and numerical results verifying the feasibility of the attack system are given. The RBG doesn't fulfill NIST-800-22 statistical test suite, the next bit can be predicted, while the same output bit stream of the RBG can be reproduced.

Keywords: cryptography; random number generation; synchronisation; RBG; algebraic cryptanalysis; attack system; attack system convergence; autosynchronization; chaotic system synchronization; double-scroll attractor; double-scroll based random bit generator; output bit sequence; output bit stream; scalar time series; secret parameter recovery; security weaknesses analysis; unknown parameters; Chaotic communication; Generators; Oscillators; Random number generation; Synchronization (ID#: 15-8405)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7282066&isnumber=7281994

Chun-Ta Li; Cheng-Chi Lee; Hua-Hsuan Chen; Min-Jie Syu; Chun-Cheng Wang, "Cryptanalysis of an Anonymous Multi-Server Authenticated Key Agreement Scheme Using Smart Cards and Biometrics," in Information Networking (ICOIN), 2015 International Conference on, pp. 498-502, 12-14 Jan. 2015. doi: 10.1109/ICOIN.2015.7057955

Abstract: With the growing popularity of network applications, multi-server architectures are becoming an essential part of heterogeneous networks and numerous security mechanisms have been widely studied in recent years. To protect sensitive information and restrict the access of precious services for legal privileged users only, smart card and biometrics based password authentication schemes have been widely utilized for various transaction-oriented environments. In 2014, Chuang and Chen proposed an anonymous multi-server authenticated key agreement scheme based on trust computing using smart cards, password, and biometrics. They claimed that their three-factor scheme achieves better efficiency and security as compared to those for other existing biometrics-based and multi-server schemes. Unfortunately, in this paper, we found that the user anonymity of Chuang-Chen's authentication scheme cannot be protected from an eavesdropping attack during authentication phase. Moreover, their scheme is vulnerable to smart card lost problems, many logged-in users' attacks and denial-of-service attacks and is not easily reparable.

Keywords: biometrics (access control); cryptography; message authentication; smart cards; trusted computing; anonymous multiserver authenticated key agreement scheme; biometrics; cryptanalysis; denial-of-service attacks; eavesdropping attack; password authentication; smart card loss problems; trusted computing; user anonymity; Authentication; Biometrics (access control);Computer crime; Cryptography; Servers; Smart cards; Anonymity; Authentication; Biometrics; Cryptanalysis; Multi-server; Password; Smart cards (ID#: 15-8406)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7057955&isnumber=7057846

Harikrishnan, T.; Babu, C., "Cryptanalysis of Hummingbird Algorithm with Improved Security and Throughput," in VLSI Systems, Architecture, Technology and Applications (VLSI-SATA), 2015 International Conference on, pp. 1-6, 8-10 Jan. 2015. doi: 10.1109/VLSI-SATA.2015.7050460

Abstract: Hummingbird is a Lightweight Authenticated Cryptographic Encryption Algorithm. This light weight cryptographic algorithm is suitable for resource constrained devices like RFID tags, Smart cards and wireless sensors. The key issue of designing this cryptographic algorithm is to deal with the trade off among security, cost and performance and find an optimal cost-performance ratio. This paper is an attempt to find out an efficient hardware implementation of Hummingbird Cryptographic algorithm to get improved security and improved throughput by adding Hash functions. In this paper, we have implemented an encryption and decryption core in Spartan 3E and have compared the results with the existing lightweight cryptographic algorithms. The experimental results show that this algorithm has higher security and throughput with improved area than the existing algorithms.

Keywords: cryptography; telecommunication security; Hash functions; RFID tags; Spartan 3E;decryption core; hummingbird algorithm cryptanalysis; hummingbird cryptographic algorithm; lightweight authenticated cryptographic encryption algorithm; optimal cost-performance ratio; resource constrained devices; security ;smart cards; wireless sensors; Authentication; Ciphers; Logic gates; Protocols; Radiofrequency identification; FPGA Implementation; Lightweight Cryptography; Mutual authentication protocol; Security analysis (ID#: 15-8407)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7050460&isnumber=7050449

Chia-Mei Chen; Tien-Ho Chang, "The Cryptanalysis of WPA & WPA2 in the Rule-Based Brute Force Attack, an Advanced and Efficient Method," in Information Security (AsiaJCIS), 2015 10th Asia Joint Conference on, pp. 37-41, 24-26 May 2015. doi: 10.1109/AsiaJCIS.2015.14

Abstract: The development of kinds of mobile device is a nonlinear but in a tremendous hopping way. The security of wireless LAN is far more important, and its mainly present protection is the WPA & WPA2 protocol which is a complex tough algorithm. This exploratory study shows that there is a security gap by the social human factors which are the weak passwords. Traditionally, brute force password attack is using the dictionary files that is aimless and extremely labor work. Now, we proposed 10 rule-based methods which are globally inclusive and culturally exclusive and prove the insecurity of WPA & WPA2 by 100 empirical and valuable real wireless encrypted packets of WPA & WPA2. The evidence shows that there is a 68 % of cracking rate and then do the passwords patterns analysis as well.

Keywords: computer network security; cryptographic protocols; mobile computing; mobile handsets; wireless LAN;WPA protocol;WPA2 protocol; brute force password attack; complex tough algorithm; cracking rate; cryptanalysis; dictionary files; mobile device; passwords patterns; rule-based brute force attack; rule-based methods; security gap; social human factors; weak passwords; wireless LAN; wireless encrypted packets; Communication system security; Dictionaries; Encryption; Force; Wireless LAN; Wireless communication; brute force attack; cryptanalysis in WPA & WPA2; dictionary attack; rule-based; wireless security (ID#: 15-8408)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7153933&isnumber=7153836

Wicik, R.; Gliwa, R.; Komorowski, P., "Cryptanalysis of Alternating Step Generators," in Military Communications and Information Systems (ICMCIS), 2015 International Conference on, pp. 1-6, 18-19 May 2015. doi: 10.1109/ICMCIS.2015.7158683

Abstract: Alternate clocking of linear feedback shift registers is the popular technique used to increase the linear complexity of binary sequences produced by keystream generators designed for stream ciphers. The analysis of the best known attacks on the alternating step generator led us to add nonlinear filtering functions and the nonlinear scrambler to the construction. In this paper we give complexities of these attacks applied to the modified alternating step generator with nonlinear filters and the scrambler. We also suggest minimum lengths of registers in the original alternating step generator to make it resistant to the attacks.

Keywords: binary sequences; communication complexity; cryptography; function generators; nonlinear filters; shift registers; alternate clocking; alternating step generator; binary sequences; cryptanalysis; keystream generators; linear complexity; linear feedback shift registers; nonlinear filtering functions; nonlinear scrambler; stream cipher; Clocks; Correlation; Generators; Shift registers; Time complexity; feedback shift register; keystream generator; stream cipher (ID#: 15-8409)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7158683&isnumber=7158667

Yongming Jin; Hongsong Zhu; Zhiqiang Shi; Xiang Lu; Limin Sun, "Cryptanalysis and Improvement of Two RFID-OT Protocols Based on Quadratic Residues," in Communications (ICC), 2015 IEEE International Conference on, pp. 7234-7239, 8-12 June 2015. doi: 10.1109/ICC.2015.7249481

Abstract: The ownership transfer of RFID tag means a tagged product changes control over the supply chain. Recently, Doss et al. proposed two secure RFID tag ownership transfer (RFID-OT) protocols based on quadratic residues. However, we find that they are vulnerable to the desynchronization attack. The attack is probabilistic. As the parameters in the protocols are adopted, the successful probability is 93.75%. We also show that the use of the pseudonym of the tag h(TID) and the new secret key KTID are not feasible. In order to solve these problems, we propose the improved schemes. Security analysis shows that the new protocols can resist in the desynchronization attack and other attacks. By optimizing the performance of the new protocols, it is more practical and feasible in the large-scale deployment of RFID tags.

Keywords: cryptographic protocols; probability; radiofrequency identification; supply chains; RFID-OT protocol improvement; cryptanalysis; desynchronization attack; probability; quadratic residue; radio frequency identification; secure RFID tag ownership transfer protocol; security analysis; supply chain; Cryptography; Information systems; Privacy; Protocols; Radiofrequency identification; Servers; Ownership Transfer; Protocol; Quadratic Residues; RFID; Security (ID#: 15-8410)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7249481&isnumber=7248285

Upadhyay, D.; Shah, T.; Sharma, P., "Cryptanalysis of Hardware Based Stream Ciphers and Implementation of GSM Stream Cipher to Propose A Novel Approach for Designing N-Bit LFSR Stream Cipher," in VLSI Design and Test (VDAT), 2015 19th International Symposium on, pp. 1-6, 26-29 June 2015. doi: 10.1109/ISVDAT.2015.7208129

Abstract: With increasing use of network applications, security has become a major issue. Strong encryption mechanisms are required for securing important data. This encryption is provided by a strong cipher, capable of producing strong and highly random sequence of pseudo-random numbers. Through this paper, we present a detailed study of existing LFSR (Linear Feedback Shift Register) based hardware ciphers and an experimental approach to implement A5/1 algorithm on hardware platform. From this detailed study a generic cipher compatible with various network applications like smart cards, mobile phones, wireless LAN etc. has been proposed.

Keywords: cellular radio; cryptography; random sequences; shift registers; telecommunication security;A5/1 algorithm; GSM stream cipher; hardware based stream cipher cryptanalysis; linear feedback shift register; n-bit LFSR stream cipher designing; pseudo-random numbers. random sequence; Authentication; Ciphers; Clocks; Encryption; Hardware; Logic gates;A5/1;Cipher; LAN(Local Area Network); LFSR(Linear Feedback Shift Register) (ID#: 15-8411)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7208129&isnumber=7208044

Arnaud, B.; Nicolas, B.; Eric, F., "Automatic Search for a Maximum Probability Differential Characteristic in a Substitution-Permutation Network," in System Sciences (HICSS), 2015 48th Hawaii International Conference on, pp. 5165-5174, 5-8 Jan. 2015. doi: 10.1109/HICSS.2015.610

Abstract: The algorithm presented in this paper computes a maximum probability differential characteristic in a Substitution-Permutation Network (or SPN). Such characteristics can be used to prove that a cipher is practically secure against differential cryptanalysis or on the contrary to build the most effective possible attack. Running in just a few second on 64 or 128-bit SPN, our algorithm is an important tool for both cryptanalists and designers of SPN.

Keywords: cryptography; probability; SPN; automatic search; cipher; differential cryptanalysis; maximum probability differential characteristic; substitution-permutation network; Algorithm design and analysis; Ciphers; Complexity theory; Encryption; Optimization; Cryptanalysis; Software security; Substitution-Permutation Network; software assurance (ID#: 15-8412)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7070434&isnumber=7069647

Yuanwen Huang; Chattopadhyay, A.; Mishra, P., "Trace Buffer Attack: Security Versus Observability Study in Post-Silicon Debug," in Very Large Scale Integration (VLSI-SoC), 2015 IFIP/IEEE International Conference on, pp. 355-360, 5-7 Oct. 2015. doi: 10.1109/VLSI-SoC.2015.7314443

Abstract: Since the standardization of AES/Rijndael symmetric-key cipher by NIST in 2001, it gained widespread acceptance in various protocols and withstood intense scrutiny from the theoretical cryptanalysts. From the physical implementation point of view, however, AES remained vulnerable. Practical attacks on AES via fault injection, differential power analysis, scan-chain and cache-access timing have been demonstrated so far. Along this line, in this paper, we propose a novel and effective attack, termed Trace Buffer Attack. Trace buffers are extensively used for post-silicon debug of digital designs. We identify this as a source of information leakage and show that, unless proper countermeasure is taken, Trace Buffer Attack is capable of partially recovering the secret keys of different AES implementations. We report the detailed process of trace-buffer attack with experimental results. We also propose a countermeasure in order to avoid such attack.

Keywords: buffer storage; cryptography; observability; AES cipher; NIST; Rijndael symmetric-key cipher standardization; cache-access timing; differential power analysis; digital design; fault injection; information leakage; observability; post-silicon debug; scan-chain; secret key partial recovery; security countermeasure; theoretical cryptanalysis; trace buffer attack; Ciphers; Encryption; Memory management; Observability; Registers; AES; Cryptanalysis; Cryptography; Post-silicon Debug; Trace Buffer (ID#: 15-8413)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7314443&isnumber=7314373

Brodic, D.; Milivojevic, Z.N.; Maluckov, C.A., "Characterization of the Script Using Adjacent Local Binary Patterns," in Telecommunications and Signal Processing (TSP), 2015 38th International Conference on, pp. 1-4, 9-11 July 2015. doi: 10.1109/TSP.2015.7296388

Abstract: The paper proposed an algorithm for the identification of the script by adjacent local binary patterns (ALBP). In the first phase, each letter in the text is modeled with the so-called script type, which is based on its status in the baseline area. Then, the feature extraction is made with the adjacent local binary pattern (ALBP). According to ALBP, the distinctive features of the script are set and stored for further analysis. Because of the difference in script characteristics, the analysis shows significant diversity between different scripts. Hence, it represents the key point for decision-making process of script identification. The proposed method is tested on the example of old Slavic printed documents, which contain Latin and Glagolitic script. The results of experiments are encouraging.

Keywords: cryptography; decision making; feature extraction; natural language processing; statistical analysis; text analysis; ALBP; Glagolitic script; Latin script; adjacent local binary patterns; cryptanalysis; decision-making process; feature extraction; old Slavic printed documents; script characterization; script identification; Algorithm design and analysis; Ciphers; Databases; Feature extraction; Hafnium; Statistical analysis; adjacent local binary pattern; cryptanalysis; script recognition; statistical analysis (ID#: 15-8414)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7296388&isnumber=7296206

Ergun, Salih, "On the Security of a Double-Scroll Based "True" Random Bit Generator," in Signal Processing Conference (EUSIPCO), 2015 23rd European, pp. 2058-2061, Aug. 31 2015-Sept. 4 2015. doi: 10.1109/EUSIPCO.2015.7362746

Abstract: This paper is on the security of a true random bit generator (RBG) based on a double-scroll attractor. A clone system is proposed to analyze the security weaknesses of the RBG and its convergence is proved using master slave synchronization scheme. All secret parameters of the RBG are revealed where the only information available are the structure of the RBG and a scalar time series observed from the double-scroll at-tractor. Simulation and numerical results verifying the feasibility of the clone system are given such that the RBG doesn't fulfill NIST-800-22 statistical test suite, not only the next bit but also the same output bit stream of the RBG can be reproduced.

Keywords: Chaos; Cloning; Generators; Random number generation; Synchronization; Random number generator; continuous-time chaos; cryptanalysis; synchronization of chaotic systems; truly random (ID#: 15-8415)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7362746&isnumber=7362087

Phuong Ha Nguyen; Sahoo, D.P.; Chakraborty, R.S.; Mukhopadhyay, D., "Efficient Attacks on Robust Ring Oscillator PUF with Enhanced Challenge-Response Set," in Design, Automation & Test in Europe Conference & Exhibition (DATE), 2015, pp. 641-646, 9-13 March 2015. Doi: (not provided)

Abstract: Physically Unclonable Function (PUF) circuits are an important class of hardware security primitives that promise a paradigm shift in applied cryptography. Ring Oscillator PUF (ROPUF) is an important PUF variant, but it suffers from hardware overhead limitations, which in turn restricts the size of its challenge space. To overcome this fundamental shortcoming, improved ROPUF variants based on the subset selection concept have been proposed, which significantly “expand” the challenge space of a ROPUF at acceptable hardware overhead. In this paper, we develop cryptanalytic attacks on a previously proposed low-overhead and robust ROPUF variant. The proposed attacks are practical as they have quadratic time and data complexities in the worst case. We demonstrate the effectiveness of the proposed attack by successfully attacking a public domain dataset acquired from FPGA implementations.

Keywords: copy protection; cryptography; field programmable gate arrays; oscillators; FPGA; PUF circuits; ROPUF; challenge-response set; cryptanalytic attacks; cryptography; data complexities; hardware security primitives; physically unclonable function circuits; public domain dataset; quadratic time; ring oscillator PUF; Algorithm design and analysis; Complexity theory; Cryptography; Hardware; Prediction algorithms; Ring oscillators; Cryptanalysis; hardware-intrinsic security; physically unclonable function (PUF); ring oscillator PUF (ROPUF) (ID#: 15-8416)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7092468&isnumber=7092347

Sbiaa, Fatma; Baganne, Adel; Zeghid, Medien; Tourki, Rached, "A New Approach for Encryption System Based on Block Cipher Algorithms And Logistic Function," In Systems, Signals & Devices (SSD), 2015 12th International Multi-Conference on, pp. 1-5, 16-19 March 2015. doi: 10.1109/SSD.2015.7348107

Abstract: In this paper, a new approach for encryption system based on a block cipher algorithm and a logistic function is proposed. The main goal of the present work is to study the weaknesses of different operating modes in order to propose appropriate modifications. The experimental results show that the proposed modifications can be easily implemented and they do not need high level of consumption or hardware occupation. In addition, the security analysis proved the resistance of the new algorithms to statistical attacks, differential attacks and initial key sensibility.

Keywords: Chaos; Decision support systems; Indexes; Sensitivity; AES; Chaos; Security analysis; Symmetric cryptography; attacks; block cipher; cryptanalysis; operating modes; update function (ID#: 15-8417)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7348107&isnumber=7348090

Alabaichi, A.; Salih, A.I., "Enhance Security of Advance Encryption Standard Algorithm Based on Key-Dependent S-Box," in Digital Information Processing and Communications (ICDIPC), 2015 Fifth International Conference on, pp. 44-53, 7-9 Oct. 2015. doi: 10.1109/ICDIPC.2015.7323004

Abstract: Cryptographic algorithms uniquely define the mathematical steps required to encrypt and decrypt messages in a cryptographic system. Shortly, they protect data from unauthorized access. The process of encryption is a crucial technique to ensure the protection of important electronic information and allows two parties to communicate and prevent unauthorized parties from accessing the information simultaneously. The process of encrypting information is required to be dynamic in nature to ensure protection from novel and advanced techniques used by cryptanalysts. The substitution box (S-box) is a key fundamental of contemporary symmetric cryptosystems as it provides nonlinearity to cryptosystems and enhances the security of their cryptography. This paper discusses the enhancement of the AES algorithm and describes the process, which involves the generation of dynamic S-boxes for Advance Encryption Standard (AES). The generated S-boxes are more dynamic and key-dependent which make the differential and linear cryptanalysis more difficult. NIST randomness tests and correlation coefficient were conducted on the proposed dynamic AES algorithm, their results showing that it is superior to the original AES with security verified.

Keywords: authorisation; cryptography; data protection; AES algorithm; NIST randomness tests; advance encryption standard algorithm; contemporary symmetric cryptosystems; correlation coefficient; cryptographic algorithms; cryptographic system; data protection; differential cryptanalysis; dynamic S-boxes; electronic information protection; information access; key-dependent S-box; linear cryptanalysis; messages decryption; security; substitution box; unauthorized access; unauthorized parties; Ciphers; Correlation coefficient; Encryption; Heuristic algorithms; Standards; AES;NIST test; S-box; correlation coefficient; dynamic S-box; inverse S-box; permutation (ID#: 15-8418)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7323004&isnumber=7322996

Islam, C.S.; Mollah, M.S.H., "Timing SCA Against HMAC to Investigate from the Execution Time of Algorithm Viewpoint," in Informatics, Electronics & Vision (ICIEV), 2015 International Conference on, pp. 1-6, 15-18 June 2015. doi: 10.1109/ICIEV.2015.7333988

Abstract: Phasor Measurement Units (PMUs), or synchrophasors, are rapidly being deployed in the smart grid with the goal of measuring phasor quantities concurrently from wide area distribution substations. There are a variety of security attacks on the PMU communications infrastructure. Timing Side Channel Attack (SCA) is one of these possible attacks. In this paper, timing side channel vulnerability against execution time of the HMAC-SHA1 authentication algorithm is considered. Both linear and negative binomial regression are used to model some security features of the stored key, e.g., its length and Hamming weight. The goal is to reveal secret-related information based on leakage models. The results would mitigate the cryptanalysis process of an attacker.

Keywords: phasor measurement; regression analysis; substations; HMAC-SHA1 authentication algorithm; Hamming weight; PMU communications infrastructure; cryptanalysis process; linear binomial regression; negative binomial regression; phasor measurement units; secret-related information; security attacks; synchrophasors; timing SCA; timing side channel attack; timing side channel vulnerability; wide area distribution substations; Authentication; Data models; Hamming weight; Linear regression; Phasor measurement units; Predictive models; Timing; PMU; Phasor; hamming weight; side Channel Attack; smart grid; timing Attack (ID#: 15-8419)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7333988&isnumber=7333967

Ghosh, S.; Chowdhury, D.R., "Preventing Fault Attack on Stream Cipher Using Randomization," in Hardware Oriented Security and Trust (HOST), 2015 IEEE International Symposium on, pp. 88-91, 5-7 May 2015. doi: 10.1109/HST.2015.7140243

Abstract: Fault attacks are one of the most popular side channel attacks. It has been mounted on numerous stream ciphers successfully. Almost all the winners of the eSTREAM project have been cryptanalyzed using fault attack techniques even if they were shown to be secure against algebraic cryptanalysis techniques. Beside, very little research work exists in the contemporary literature to prevent fault attacks on stream ciphers and most of them are attack specific. This necessitates a generalized fault attack prevention technique for stream ciphers. In the current paper, fault attacks on stream ciphers are formalized and a generalized approach to thwart this kind of attacks is proposed using fault randomization. It is also proved that the proposed countermeasure nullifies the advantage of performing fault analysis techniques. We validate our scheme taking Grain-128 as crypto primitive along with FPGA implementation.

Keywords: cryptography; FPGA implementation; algebraic cryptanalysis techniques; eSTREAM project; fault attack techniques; fault randomization; side channel attacks; stream cipher; Boolean functions; Ciphers; Hardware; Probabilistic logic; Silicon; DFA; Fault Randomization; Grain; Infective Countermeasure; Stream Cipher (ID#: 15-8420)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7140243&isnumber=7140225

Junhan Yang; Bo Su, "IB-KEM Based Password Authenticated Key Exchange Protocol," in Signal Processing, Communications and Computing (ICSPCC), 2015 IEEE International Conference on, pp. 1-6, 19-22 Sept. 2015. doi: 10.1109/ICSPCC.2015.7338831

Abstract: Cryptanalysis of Chang et al. proposed a communication-efficient three-party password authenticated key exchange protocol, we found that their protocol easily suffers from password-compromise impersonation attack and privileged impersonation attack. In this paper, we introduce a novel three-party password authenticated key exchange protocol based on IB-KEM under HDH assumption. Security analysis has shown that our protocol achieved the following security requirements: (1) Forward security; (2) Mutual authentication; (3) Off-line/on-line password guessing attack resistance; (4) Password compromise impersonation attack resistance; (5) Privileged impersonation attack resistance.

Keywords: cryptographic protocols; telecommunication security; IB-KEM based password authenticated key exchange protocol; cryptanalysis; forward security; mutual authentication; password compromise impersonation attack resistance; password guessing attack resistance; privileged impersonation attack resistance; security analysis; three-party password authenticated key exchange protocol; Authentication; Cryptography; Encapsulation; Protocols; Resistance; Servers; 3PAKE; HDH; IB-KEM; password compromise impersonation attack; privileged impersonation attack (ID#: 15-8421)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7338831&isnumber=7338753

Bora, S.; Sen, P.; Pradhan, C., "Novel Color Image Encryption Technique Using Blowfish and Cross Chaos Map," in Communications and Signal Processing (ICCSP), 2015 International Conference on, pp.0879-0883, 2-4 April 2015. doi: 10.1109/ICCSP.2015.7322621

Abstract: Data security requirement increased due to transmission of huge data over the communication channel. For this, we have proposed a double encryption technique using Blowfish algorithm and Cross chaos map. These techniques have been chosen due to their resistance over the cryptanalysis attacks. Parameters such as NPCR (Number of Pixels Changing Rate), UACI (Unified Average Changing Intensity) and CC (Correlation Co-efficient) are used for the effectiveness of our proposed technique. The result provides a high level of security.

Keywords: cryptography; image colour analysis; Blowfish chaos map; NPCR; UACI; communication channel; correlation coefficient; cross chaos map; cryptanalysis attacks; data security requirement; double encryption technique; novel color image encryption technique; number of pixels changing rate; unified average changing intensity; Chaos; Communication channels; Encryption; Matrix decomposition; Resistance; Blowfish; Cross Chaos Map; Decryption; Encryption (ID#: 15-8422)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7322621&isnumber=7322423

Upadhyaya, Akanksha; Shokeen, Vinod; Srivastava, Garima, "Image Encryption: Using AES, Feature Extraction and Random No. Generation," in Reliability, Infocom Technologies and Optimization (ICRITO) (Trends and Future Directions), 2015 4th International Conference on, pp. 1-4, 2-4 Sept. 2015. doi: 10.1109/ICRITO.2015.7359286

Abstract: During data transmission, data can be transmitted in the form of text, image, audio and video, hence securing all kinds of data is most essential in today's era. Securing Image data is one of the major concern and a complex term. Various visual cryptographic techniques have been developed for confidentiality, authenticity and integrity of images during transmission and when it is received at other end. This paper proposes an Image encryption technique on the basis of 128-bit AES, Feature extraction and random no. generation. Applying AES in two levels and generating key on the basis of feature extraction makes the system more confidential and secure against cryptanalysis attacks.

Keywords: AES; Digital Image; Image encryption; Least significant bit; Visual Cryptography (ID#: 15-8423)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7359286&isnumber=7359191

Ragini, K.; Sivasankar, S., "Security And Performance Analysis of Identity Based Schemes in Sensor Networks," in Innovations in Information, Embedded and Communication Systems (ICIIECS), 2015 International Conference on, pp. 1-5, 19-20 March 2015. doi: 10.1109/ICIIECS.2015.7192881

Abstract: Security and efficient data transmission without any hurdles caused by external Attackers is an issue in sensor networks. This paper deals with the provision of an assured efficient data transmission in the sensor networks. To ensure this requirement Hash based Message Authentication Code (HMAC) and Message Digest (MD) is envisaged by employing identity based digital signature scheme (IBS). Identity based scheme is an encryption scheme that generates an operation of developing secret code with secret key that protects the data during transmission without any cryptanalysis. To achieve the above requisite the modalities used in HMAC and MD5 which simulates the functional efficiency &security of data transmission in sensor networks.

Keywords: data communication; data protection; digital signatures; private key cryptography; telecommunication security; wireless sensor networks; HMAC; IBS; MD; data protection; data transmission security; hash based message authentication code; identity based digital signature scheme; message digest; secret key encryption scheme; wireless sensor network security; Authentication; Cryptography; Data communication; Message authentication; Wireless sensor networks; HMAC; Hash algorithm; IBS; MD5; Security (ID#: 15-8424)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7192881&isnumber=7192777

Chandrasekaran, J.; Jayaraman, T.S., "A Fast and Secure Image Encryption Algorithm Using Number Theoretic Transforms and Discrete Logarithms," in Signal Processing, Informatics, Communication and Energy Systems (SPICES), 2015 IEEE International Conference on, pp. 1-5, 19-21 Feb. 2015

doi: 10.1109/SPICES.2015.7091491

Abstract: Many of the Internet applications such as video conferencing, military image databases, personal online photograph albums and cable television require a fast and efficient way of encrypting images for storage and transmission. In this paper, discrete logarithms are used for generation of random keys and Number Theoretic Transform (NTT) is used as a transformation technique prior to encryption. The implementation of NTT is simple as it uses arithmetic for real sequences. Encryption and decryption involves the simple and reversible XOR operation of image pixels with the random keys based on discrete logarithms generated independently at the transmitter and receiver. Experimental results with the standard bench mark test images proposed in the USC-SIPI data base confirm the enhanced key sensitivity and strong resistivity of the algorithm against brute force attack and statistical crypt analysis. The computational complexity of the algorithm in terms of number of operations and number of rounds is very small in comparison with the other image encryption algorithms. The randomness of the keys generated has been tested and is found in accordance with the statistical test suite for security requirements of cryptographic modules as recommended by National Institute of Standards and Technology (NIST).

Keywords: computational complexity; cryptography; image processing; number theory; statistical analysis; transforms; Internet; NTT; USC-SIPI database; brute force attack; computational complexity; cryptographic modules; decryption; discrete logarithms; enhanced key sensitivity; fast image encryption algorithm ;image pixels; number theoretic transforms; random keys generation; receiver; reversible XOR operation; secure image encryption algorithm; standard benchmark test images; statistical cryptanalysis; transmitter; Chaotic communication; Ciphers; Correlation; Encryption; Transforms; Discrete Logarithms ;Image Encryption; Number Theoretic Transforms (ID#: 15-8425)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7091491&isnumber=7091354

Jiageng Chen; Miyaj, A.; Sato, H.; Chunhua Su, "Improved Lightweight Pseudo-Random Number Generators for the Low-Cost RFID Tags," in Trustcom/BigDataSE/ISPA, 2015 IEEE, vol. 1, pp. 17-24, 20-22 Aug. 2015. doi: 10.1109/Trustcom.2015.352

Abstract: EPC Gen2 tags are working as international RFID standards for the use in the supply chain worldwide, such tags are computationally weak devices and unable to perform even basic symmetric-key cryptographic operations. For this reason, to implement robust and secure pseudo-random number generators (PRNG) is a challenging issue for low-cost Radio-frequency identification (RFID) tags. In this paper, we study the security of LFSR-based PRNG implemented on EPC Gen2 tags and exploit LFSR-based PRNG to provide a better constructions. We provide a cryptanalysis against the J3Gen which is LFSR-based PRNG and proposed by Sugei et al. [1], [2] for EPC Gen2 tags using distinguish attack and make observations on its input using NIST randomness test. We also test the PRNG in EPC Gen2 RFID Tags by using the NIST SP800-22. As a counter-measure, we propose two modified models based on the security analysis results. We show that our results perform better than J3Gen in terms of computational and statistical property.

Keywords: cryptography; radiofrequency identification; random number generation; telecommunication security EPC Gen2 tags; LFSR-based PRNG security; NIST SP800-22; NIST randomness test; cryptanalysis; international RFID standards; lightweight pseudorandom number generators; low-cost RFID tags; radiofrequency identification; security analysis; symmetric-key cryptographic operations; Cryptography; Generators; NIST; Polynomials; RFID tags; EPC Gen2 RFID tag; lightweight PRNG; randomness test (ID#: 15-8426)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7345260&isnumber=7345233

Idzikowska, E., "Faults Detection Schemes for PP-2 Cipher," in Military Communications and Information Systems (ICMCIS), 2015 International Conference on, pp. 1-4, 18-19 May 2015. doi: 10.1109/ICMCIS.2015.7158695

Abstract: Hardware implementations of cryptographic systems are becoming more and more popular, due to new market needs and to reduce costs. However, system security may be seriously compromised by implementation attacks, such as side channel analysis or fault analysis. Fault-based side-channel cryptanalysis is very effective against symmetric and asymmetric encryption algorithms. Although hardware and time redundancy based Concurrent Error Detection (CED) architectures can be used to thwart such attacks, they entail significant overheads. In this paper we investigate systematic approaches to low-cost CED techniques for symmetric encryption algorithm PP-2, based on inverse relationships that exist between encryption and decryption at algorithm level, round level, and operation level. We show architectures that explore tradeoffs among performance penalty, area overhead, and fault detection latency.

Keywords: cryptography; error detection; fault diagnosis; redundancy; CED architectures; PP-2 cipher; algorithm level decryption; asymmetric encryption algorithms; cryptographic systems; fault analysis; fault detection latency; fault detection schemes; fault-based side-channel cryptanalysis; hardware implementations; implementation attacks; low-cost CED techniques; operation level decryption; round level decryption; side channel analysis; symmetric encryption algorithm; system security; time redundancy based concurrent error detection architectures; Ciphers; Encryption; Fault detection; Hardware; Redundancy; Registers; CED; PP-2; error detection latency fault detection; hardware redundancy; time redundancy (ID#: 15-8427)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7158695&isnumber=7158667

Ogawa, K.; Inoue, T., "Practically Secure Update of Scrambling Scheme," in Broadband Multimedia Systems and Broadcasting (BMSB), 2015 IEEE International Symposium on, pp. 1-7, 17-19 June 2015.

doi: 10.1109/BMSB.2015.7177195

Abstract: Content distributed by broadcast and multicast services is often encrypted (scrambled) to protect copyrighted material. When any cryptanalysis of the current cryptographic scheme (scrambling scheme) used in such services is found, the scheme must be updated. However, the scheme cannot be updated suddenly because a lot of subscribers have receivers with the current scheme. We propose two cryptographic scheme updating methods. They have trade-off relationship between security and transmission bit rate. They use both current and new cryptographic schemes simultaneously, but their transmission bit rates do not need to be doubled. In addition, they are practically secure from the viewpoint of service quality.

Keywords: copy protection; cryptography; multicast communication; quality of service; telecommunication security; television broadcasting; television receivers; broadcast services; copyrighted material; cryptanalysis; cryptographic scheme; multicast services; scrambling scheme; service quality; transmission bit rate; Bit rate; Broadcasting; Encryption; Real-time systems; Receivers (ID#: 15-8428)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7177195&isnumber=7177182

Aditya, S.; Mittal, V., "Multi-layered Crypto Cloud Integration of oPass," in Computer Communication and Informatics (ICCCI), 2015 International Conference on, pp. 1-7, 8-10 Jan. 2015. doi: 10.1109/ICCCI.2015.7218114

Abstract: One of the most popular forms of user authentication is the Text Passwords. It is due to its convenience and simplicity. Still, the passwords are susceptible to be taken and compromised under various threats and weaknesses. In order to overcome these problems, a protocol called oPass was proposed. A cryptanalysis of it was done. We found out four kinds of attacks which could be done on it i.e. Use of SMS service, Attacks on oPass communication links, Unauthorized intruder access using the master password, Network attacks on untrusted web browser. One of them was Impersonation of the User. In order to overcome these problems in cloud environment, a protocol is proposed based on oPass to implement multi-layer crypto-cloud integration with oPass which can handle this kind of attack.

Keywords: cloud computing; cryptography; SMS service; Short Messaging Service; cloud environment; cryptanalysis; master password; multilayered crypto cloud integration; oPass communication links; oPass protocol;text password; user authentication; user impersonation; Authentication; Cloud computing; Encryption; Protocols; Servers; Cloud; Digital Signature; Impersonation; Network Security; RSA; SMS; oPass (ID#: 15-8429)

URL: http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7218114&isnumber=7218046

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications.