Survey and Benchmark of Block Ciphers for Wireless Sensor Networks

Cryptographic algorithms play an important role in the security architecture of wireless sensor networks (WSNs). Choosing the most storage- and energy-efficient block cipher is essential, due to the facts that these networks are meant to operate without human intervention for a long period of time with little energy supply, and that available storage is scarce on these sensor nodes. However, to our knowledge, no systematic work has been done in this area so far.We construct an evaluation framework in which we first identify the candidates of block ciphers suitable for WSNs, based on existing literature and authoritative recommendations. For evaluating and assessing these candidates, we not only consider the security properties but also the storage- and energy-efficiency of the candidates. Finally, based on the evaluation results, we select the most suitable ciphers for WSNs, namely Skipjack, MISTY1, and Rijndael, depending on the combination of available memory and required security (energy efficiency being implicit). In terms of operation mode, we recommend Output Feedback Mode for pairwise links but Cipher Block Chaining for group communications

Dynamic MDS Matrices for Substantial Cryptographic Strength

Ciphers get their strength from the mathematical functions of confusion and diffusion, also known as substitution and permutation. These were the basics of classical cryptography and they are still the basic part of modern ciphers. In block ciphers diffusion is achieved by the use of Maximum Distance Separable (MDS) matrices. In this paper we present some methods for constructing dynamic (and random) MDS matrices.Comment: Short paper at WISA'10, 201

Threshold Implementations of all 3x3 and 4x4 S-boxes

Side-channel attacks have proven many hardware implementations of cryptographic algorithms to be vulnerable. A recently proposed masking method, based on secret sharing and multi-party computation methods, introduces a set of sufficient requirements for implementations to be provably resistant against first-order DPA with minimal assumptions on the hardware. The original paper doesn\u27t describe how to construct the Boolean functions that are to be used in the implementation. In this paper, we derive the functions for all invertible $3 \times 3$, $4 \times 4$ S-boxes and the $6 \times 4$ DES S-boxes. Our methods and observations can also be used to accelerate the search for sharings of larger (e.g. $8 \times 8$) S-boxes. Finally, we investigate the cost of such protection

Multi-shape symmetric encryption mechanism for nongeneric attacks mitigation

Static cyphers use static transformations for encryption and decryption. Therefore, the attacker will have some knowledge that can be exploited to construct assaults since the transformations are static. The class of attacks which target a specific cypher design are called Non-Generic Attacks. Whereby, dynamic cyphers can be utilised to mitigate non-generic attacks. Dynamic cyphers aim at mitigating non-generic attacks by changing how the cyphers work according to the value of the encryption key. However, existing dynamic cyphers either degrade the performance or decrease the cypher’s actual security. Hence, this thesis introduces a Multi-Shape Symmetric Encryption Mechanism (MSSEM) which is capable of mitigating non-generic attacks by eliminating the opponents’ leverage of accessing the exact operation details. The base cyphers that have been applied in the proposed MSSEM are the Advanced Encryption Standard (AES) competition finalists, namely Rijndael, Serpent, MARS, Twofish, and RC6. These cyphers satisfy three essential criteria, such as security, performance, and expert input. Moreover, the modes of operation used by the MSSEM are the secure modes suggested by the National Institute of Standards and Technology, namely, Cipher Block Chaining (CBC), Cipher Feedback Mode (CFB), Output Feedback Mode (OFB), and Counter (CTR). For the proposed MSSEM implementation, the sender initially generates a random key using a pseudorandom number generator such as Blum Blum Shub (BBS) or a Linear Congruential Generator (LCG). Subsequently, the sender securely shares the key with the legitimate receiver. Besides that, the proposed MSSEM has an entity called the operation table that includes sixty different cypher suites. Each cypher suite has a specific cypher and mode of operation. During the run-time, one cypher suite is randomly selected from the operation table, and a new key is extracted from the master key with the assistance of SHA-256. The suite, as well as the new key, is allowed to encrypt one message. While each of the messages produces a new key and cypher suite. Thus, no one except communicating parties can access the encryption keys or the cypher suites. Furthermore, the security of MSSEM has been evaluated and mathematically proven to resist known and unknown attacks. As a result, the proposed MSSEM successfully mitigates unknown non-generic attacks by a factor of 2−6. In addition, the proposed MSSEM performance is better than MODEM since MODEM generates 4650 milliseconds to encrypt approximately 1000 bytes, whereas MSSEM needs only 0.14 milliseconds. Finally, a banking system simulation has been tested with the proposed MSSEM in order to secure inbound and outbound system traffic

Using quantum key distribution for cryptographic purposes: a survey

The appealing feature of quantum key distribution (QKD), from a cryptographic viewpoint, is the ability to prove the information-theoretic security (ITS) of the established keys. As a key establishment primitive, QKD however does not provide a standalone security service in its own: the secret keys established by QKD are in general then used by a subsequent cryptographic applications for which the requirements, the context of use and the security properties can vary. It is therefore important, in the perspective of integrating QKD in security infrastructures, to analyze how QKD can be combined with other cryptographic primitives. The purpose of this survey article, which is mostly centered on European research results, is to contribute to such an analysis. We first review and compare the properties of the existing key establishment techniques, QKD being one of them. We then study more specifically two generic scenarios related to the practical use of QKD in cryptographic infrastructures: 1) using QKD as a key renewal technique for a symmetric cipher over a point-to-point link; 2) using QKD in a network containing many users with the objective of offering any-to-any key establishment service. We discuss the constraints as well as the potential interest of using QKD in these contexts. We finally give an overview of challenges relative to the development of QKD technology that also constitute potential avenues for cryptographic research.Comment: Revised version of the SECOQC White Paper. Published in the special issue on QKD of TCS, Theoretical Computer Science (2014), pp. 62-8

HARPOCRATES: An Approach Towards Efficient Encryption of Data-at-rest

This paper proposes a new block cipher called HARPOCRATES, which is different from traditional SPN, Feistel, or ARX designs. The new design structure that we use is called the substitution convolution network. The novelty of the approach lies in that the substitution function does not use fixed S-boxes. Instead, it uses a key-driven lookup table storing a permutation of all 8-bit values. If the lookup table is sufficiently randomly shuffled, the round sub-operations achieve good confusion and diffusion to the cipher. While designing the cipher, the security, cost, and performances are balanced, keeping the requirements of encryption of data-at-rest in mind. The round sub-operations are massively parallelizable and designed such that a single active bit may make the entire state (an 8 × 16 binary matrix) active in one round. We analyze the security of the cipher against linear, differential, and impossible differential cryptanalysis. The cipher’s resistance against many other attacks like algebraic attacks, structural attacks, and weak keys are also shown. We implemented the cipher in software and hardware; found that the software implementation of the cipher results in better throughput than many well-known ciphers. Although HARPOCRATES is appropriate for the encryption of data-at-rest, it is also well-suited in data-in-transit environments

SoK: Security Evaluation of SBox-Based Block Ciphers

Cryptanalysis of block ciphers is an active and important research area with an extensive volume of literature. For this work, we focus on SBox-based ciphers, as they are widely used and cover a large class of block ciphers. While there have been prior works that have consolidated attacks on block ciphers, they usually focus on describing and listing the attacks. Moreover, the methods for evaluating a cipher\u27s security are often ad hoc, differing from cipher to cipher, as attacks and evaluation techniques are developed along the way. As such, we aim to organise the attack literature, as well as the work on security evaluation. In this work, we present a systematization of cryptanalysis of SBox-based block ciphers focusing on three main areas: (1) Evaluation of block ciphers against standard cryptanalytic attacks; (2) Organisation and relationships between various attacks; (3) Comparison of the evaluation and attacks on existing ciphers