6 research outputs found
Algebraic Attack on the Alternating Step(r,s)Generator
The Alternating Step(r,s) Generator, ASG(r,s), is a clock-controlled sequence
generator which is recently proposed by A. Kanso. It consists of three
registers of length l, m and n bits. The first register controls the clocking
of the two others. The two other registers are clocked r times (or not clocked)
(resp. s times or not clocked) depending on the clock-control bit in the first
register. The special case r=s=1 is the original and well known Alternating
Step Generator. Kanso claims there is no efficient attack against the ASG(r,s)
since r and s are kept secret. In this paper, we present an Alternating Step
Generator, ASG, model for the ASG(r,s) and also we present a new and efficient
algebraic attack on ASG(r,s) using 3(m+n) bits of the output sequence to find
the secret key with O((m^2+n^2)*2^{l+1}+ (2^{m-1})*m^3 + (2^{n-1})*n^3)
computational complexity. We show that this system is no more secure than the
original ASG, in contrast to the claim of the ASG(r,s)'s constructor.Comment: 5 pages, 2 figures, 2 tables, 2010 IEEE International Symposium on
Information Theory (ISIT2010),June 13-18, 2010, Austin, Texa
Scan-based Attacks on Linear Feedback Shift Register Based Stream Ciphers
In this paper, we present an attack on stream cipher implementations by determining the scan chain structure of the linear feedback shift registers in their implementations. Although scan Design-for-Test (DFT) is a powerful testing scheme, we show that it can be used to retrieve the information stored in a crypto chip thus compromising its theoretically proven security
Tester for chosen sub-standard of the IEEE 802.1Q
Tato práce se zabĂ˝vá analyzovánĂm IEEE 802.1Q standardu TSN skupiny a návrhem testovacĂho modulu. TestovacĂ modul je napsán v jazyku VHDL a je moĹľnĂ© jej implementovat do Intel Stratix® V GX FPGA (5SGXEA7N2F45C2) vĂ˝vojovĂ© desky. Standard IEEE 802.1Q (TSN) definuje deterministickou komunikace pĹ™es Ethernet sĂt, v reálnĂ©m ÄŤase, poĹľĂvánĂm globálnĂho ÄŤasu a správnĂ˝m rozvrhem vysĂlánĂm a pĹ™Ăjmem zpráv. HlavnĂ funkce tohoto standardu jsou: ÄŤasová synchronizace, plánovánĂ provozu a konfigurace sĂtÄ›. KaĹľdá z tÄ›chto funkcĂ je definovaná pomocĂ vĂce rĹŻznĂ˝ch podskupin tohoto standardu. Podle definice IEEE 802.1Q standardu je moĹľno tyto podskupiny vzájemnÄ› libovolnÄ› kombinovat. NÄ›kterĂ© podskupiny standardu nemohou fungovat nezávisle, musĂ vyuĹľĂvat funkce jinĂ˝ch podskupin standardu. Realizace funkce podskupin standardu je moĹľná softwarovÄ›, hardwarovÄ›, nebo jejich kombinacĂ. Na základÄ› výše uvedenĂ˝ch fakt, implementace podskupin standardu, kterĂ© jsou softwarovÄ› souvisejĂcĂ, byly vylouÄŤenĂ©. Taky byly vylouÄŤenĂ© podskupiny standardĹŻ, kterĂ© jsou závislĂ© na jinĂ˝ch podskupinách. IEEE 802.1Qbu byl vybrán jako vhodná část pro realizaci hardwarovĂ©ho testu. RĹŻznĂ© zpĹŻsoby testovánĂ byly vysvÄ›tleny jako DFT, BIST, ATPG a dalšà jinĂ© techniky. Pro hardwarovĂ© testovánĂ byla vybrána „Protocol Aware (PA)“technika, protoĹľe tato technika zrychluje testovánĂ, dovoluje opakovanou pouĹľitelnost a taky zkracuje dobu uvedenĂ na trh. TestovacĂ modul se skládá ze dvou objektĹŻ (generátor a monitor), kterĂ© majĂ implementovanou IEEE 802.1Qbu podskupinu standardu. Funkce generátoru je vygenerovat náhodnĂ© nebo nenáhodnĂ© impulzy a potom je poslat do testovanĂ©ho zaĹ™Ăzeni ve správnĂ©m definovanĂ©m protokolu. Funkce monitoru je pĹ™ijat ethernet rámce a ověřit jejich správnost. Objekty jsou navrhnuty stejnĂ˝m zpĹŻsobem na „TOP“úrovni a skládajĂ se ze ÄŤtyĹ™ modulĹŻ: Avalon MM rozhranĂ, dvou šablon a jednoho portu. Avalon MM rozhranĂ bylo vytvoĹ™eno pro komunikaci softwaru s hardwarem. Tento modul pĹ™ijme pakety ze softwaru a potom je dekĂłduje podle definovanĂ©ho protokolu a „pod-protokolu “. „Pod-protokol“se skládá z pĹ™Ăkazu a hodnoty danĂ©ho pĹ™Ăkazu. Podle dekĂłdovanĂ©ho pĹ™Ăkazu a hodnot danĂ˝ch pĹ™Ăkazem je kontrolovanĂ˝ celĂ˝ objekt. Ĺ ablona se pouĹľĂvá na generovánĂ nebo ověřovánĂ náhodnĂ˝ch nebo nenáhodnĂ˝ch dat. DvÄ› šablony byly implementovány pro expresnĂ ověřovánĂ nebo preempÄŤnĂ transakce, definovanĂ© IEEE 802.1Qbu. Porty byly vytvoĹ™enĂ© pro komunikaci mezi testovanĂ˝m zaĹ™ĂzenĂm a šablonou podle danĂ©ho standardu. Port „generátor“má za Ăşkol vybrat a vyslat rámce podle priority a ÄŤasu vysĂlanĂ. Port „monitor“pĹ™ijme rámce do „content-addressable memory”, která ověřuje priority rámce a podle toho je posĂlá do správnĂ© šablony. VĂ˝sledky prokázaly, Ĺľe tato testovacĂ technika dosahuje vysokĂ© rychlosti a rychlĂ© implementace.This master paper is dealing with the analysis of IEEE 802.1Q group of TSN standards and with the design of HW tester. Standard IEEE 802.1Qbu has appeared to be an optimal solution for this paper. Detail explanation of this sub-standard are included in this paper. As HW test the implementation, a protocol aware technique was chosen in order to accelerate testing. Paper further describes architecture of this tester, with detail explanation of the modules. Essential issue of protocol aware controlling objects by SW, have been resolved and described. Result proof that this technique has reached higher speed of testing, reusability, and fast implementation.
Stream ciphers for secure display
In any situation where private, proprietary or highly confidential material is being dealt with, the need to consider aspects of data security has grown ever more important. It is usual to secure such data from its source, over networks and on to the intended recipient. However, data security considerations typically stop at the recipient's processor, leaving connections to a display transmitting raw data which is increasingly in a digital format and of value to an adversary. With a progression to wireless display technologies the prominence of this vulnerability is set to rise, making the implementation of 'secure display' increasingly desirable. Secure display takes aspects of data security right to the display panel itself, potentially minimising the cost, component count and thickness of the final product. Recent developments in display technologies should help make this integration possible. However, the processing of large quantities of time-sensitive data presents a significant challenge in such resource constrained environments. Efficient high- throughput decryption is a crucial aspect of the implementation of secure display and one for which the widely used and well understood block cipher may not be best suited. Stream ciphers present a promising alternative and a number of strong candidate algorithms potentially offer the hardware speed and efficiency required. In the past, similar stream ciphers have suffered from algorithmic vulnerabilities. Although these new-generation designs have done much to respond to this concern, the relatively short 80-bit key lengths of some proposed hardware candidates, when combined with ever-advancing computational power, leads to the thesis identifying exhaustive search of key space as a potential attack vector. To determine the value of protection afforded by such short key lengths a unique hardware key search engine for stream ciphers is developed that makes use of an appropriate data element to improve search efficiency. The simulations from this system indicate that the proposed key lengths may be insufficient for applications where data is of long-term or high value. It is suggested that for the concept of secure display to be accepted, a longer key length should be used