3,713 research outputs found
Small Scale AES Toolbox: Algebraic and Propositional Formulas, Circuit-Implementations and Fault Equations
Cryptography is one of the key technologies ensuring security in the digital
domain. As such, its primitives and implementations have been extensively analyzed both
from a theoretical, cryptoanalytical perspective, as well as regarding their capabilities to
remain secure in the face of various attacks.
One of the most common ciphers, the Advanced Encryption Standard (AES) (thus far)
appears to be secure in the absence of an active attacker. To allow for the testing and
development of new attacks or countermeasures a small scale version of the AES with a
variable number of rounds, number of rows, number of columns and data word size, and a
complexity ranging from trivial up to the original AES was developed.
In this paper we present a collection of various implementations of the relevant small scale
AES versions based on hardware (VHDL and gate-level), algebraic representations (Sage
and CoCoA) and their translations into propositional formulas (in CNF). Additionally, we
present fault attack equations for each version.
Having all these resources available in a single and well structured package allows researchers
to combine these different sources of information which might reveal new patterns or solving
strategies. Additionally, the fine granularity of difficulty between the different small scale
AES versions allows for the assessment of new attacks or the comparison of different attacks
On the Saddle-point Solution and the Large-Coalition Asymptotics of Fingerprinting Games
We study a fingerprinting game in which the number of colluders and the
collusion channel are unknown. The encoder embeds fingerprints into a host
sequence and provides the decoder with the capability to trace back pirated
copies to the colluders.
Fingerprinting capacity has recently been derived as the limit value of a
sequence of maximin games with mutual information as their payoff functions.
However, these games generally do not admit saddle-point solutions and are very
hard to solve numerically. Here under the so-called Boneh-Shaw marking
assumption, we reformulate the capacity as the value of a single two-person
zero-sum game, and show that it is achieved by a saddle-point solution.
If the maximal coalition size is k and the fingerprinting alphabet is binary,
we show that capacity decays quadratically with k. Furthermore, we prove
rigorously that the asymptotic capacity is 1/(k^2 2ln2) and we confirm our
earlier conjecture that Tardos' choice of the arcsine distribution
asymptotically maximizes the mutual information payoff function while the
interleaving attack minimizes it. Along with the asymptotic behavior, numerical
solutions to the game for small k are also presented.Comment: submitted to IEEE Trans. on Information Forensics and Securit
Lime: Data Lineage in the Malicious Environment
Intentional or unintentional leakage of confidential data is undoubtedly one
of the most severe security threats that organizations face in the digital era.
The threat now extends to our personal lives: a plethora of personal
information is available to social networks and smartphone providers and is
indirectly transferred to untrustworthy third party and fourth party
applications.
In this work, we present a generic data lineage framework LIME for data flow
across multiple entities that take two characteristic, principal roles (i.e.,
owner and consumer). We define the exact security guarantees required by such a
data lineage mechanism toward identification of a guilty entity, and identify
the simplifying non repudiation and honesty assumptions. We then develop and
analyze a novel accountable data transfer protocol between two entities within
a malicious environment by building upon oblivious transfer, robust
watermarking, and signature primitives. Finally, we perform an experimental
evaluation to demonstrate the practicality of our protocol
On the Design of Perceptual MPEG-Video Encryption Algorithms
In this paper, some existing perceptual encryption algorithms of MPEG videos
are reviewed and some problems, especially security defects of two recently
proposed MPEG-video perceptual encryption schemes, are pointed out. Then, a
simpler and more effective design is suggested, which selectively encrypts
fixed-length codewords (FLC) in MPEG-video bitstreams under the control of
three perceptibility factors. The proposed design is actually an encryption
configuration that can work with any stream cipher or block cipher. Compared
with the previously-proposed schemes, the new design provides more useful
features, such as strict size-preservation, on-the-fly encryption and multiple
perceptibility, which make it possible to support more applications with
different requirements. In addition, four different measures are suggested to
provide better security against known/chosen-plaintext attacks.Comment: 10 pages, 5 figures, IEEEtran.cl
Safe abstractions of data encodings in formal security protocol models
When using formal methods, security protocols are usually modeled at a high level of abstraction. In particular, data encoding and decoding transformations are often abstracted away. However, if no assumptions at all are made on the behavior of such transformations, they could trivially lead to security faults, for example leaking secrets or breaking freshness by collapsing nonces into constants. In order to address this issue, this paper formally states sufficient conditions, checkable on sequential code, such that if an abstract protocol model is secure under a Dolev-Yao adversary, then a refined model, which takes into account a wide class of possible implementations of the encoding/decoding operations, is implied to be secure too under the same adversary model. The paper also indicates possible exploitations of this result in the context of methods based on formal model extraction from implementation code and of methods based on automated code generation from formally verified model
Attacks on quantum key distribution protocols that employ non-ITS authentication
We demonstrate how adversaries with unbounded computing resources can break
Quantum Key Distribution (QKD) protocols which employ a particular message
authentication code suggested previously. This authentication code, featuring
low key consumption, is not Information-Theoretically Secure (ITS) since for
each message the eavesdropper has intercepted she is able to send a different
message from a set of messages that she can calculate by finding collisions of
a cryptographic hash function. However, when this authentication code was
introduced it was shown to prevent straightforward Man-In-The-Middle (MITM)
attacks against QKD protocols.
In this paper, we prove that the set of messages that collide with any given
message under this authentication code contains with high probability a message
that has small Hamming distance to any other given message. Based on this fact
we present extended MITM attacks against different versions of BB84 QKD
protocols using the addressed authentication code; for three protocols we
describe every single action taken by the adversary. For all protocols the
adversary can obtain complete knowledge of the key, and for most protocols her
success probability in doing so approaches unity.
Since the attacks work against all authentication methods which allow to
calculate colliding messages, the underlying building blocks of the presented
attacks expose the potential pitfalls arising as a consequence of non-ITS
authentication in QKD-postprocessing. We propose countermeasures, increasing
the eavesdroppers demand for computational power, and also prove necessary and
sufficient conditions for upgrading the discussed authentication code to the
ITS level.Comment: 34 page
- …