16 research outputs found
Secure and authenticated data communication in wireless sensor networks
© 2015 by the authors; licensee MDPI, Basel, Switzerland. Securing communications in wireless sensor networks is increasingly important as the diversity of applications increases. However, even today, it is equally important for the measures employed to be energy efficient. For this reason, this publication analyzes the suitability of various cryptographic primitives for use in WSNs according to various criteria and, finally, describes a modular, PKI-based framework for confidential, authenticated, secure communications in which most suitable primitives can be employed. Due to the limited capabilities of common WSN motes, criteria for the selection of primitives are security, power efficiency and memory requirements. The implementation of the framework and the singular components have been tested and benchmarked in our tested of IRISmotes
Tabu Cryptanalysis of VMPC Stream Cipher
In the era of global informatization, transmitting and storing information in digital form it is very important to ensure an adequate level of security of ciphers used. Cryptanalysis deals with studying the level of security, thus
exposing the weakness of theoretical and implemented cryptographic solutions. In this paper cryptanalysis of stream cipher VMPC using Tabu Search is shown. From estimates made on a full version of VMPC cipher we concluded that about 2157 possibilities needs to be checked in order to find the proper one, which would
be the best attack known so far
Message Authentication (MAC) Algorithm For The VMPC-R (RC4-like) Stream Cipher
We propose an authenticated encryption scheme for the VMPC-R stream cipher. VMPC-R is an RC4-like algorithm proposed in 2013. It was created in a challenge to find a bias-free cipher within the RC4 design scope and to the best of our knowledge no security weakness in it has been published to date. The contribution of this paper is an algorithm to compute Message Authentication Codes (MACs) along with VMPC-R encryption. We also propose a simple method of transforming the MAC computation algorithm into a hash function
An Overview of Cryptography (Updated Version, 3 March 2016)
There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. One essential aspect for secure communications is that of cryptography...While cryptography is necessary for secure communications, it is not by itself sufficient. This paper describes the first of many steps necessary for better security in any number of situations.
A much shorter, edited version of this paper appears in the 1999 edition of Handbook on Local Area Networks published by Auerbach in September 1998
State recovery of RC4 and Spritz Revisited
We provide an improved complexity analysis of backtracking-based state recovery
attacks on RC4 and Spritz. Comparing new estimates with known results on Spritz,
our analysis shows a significantly lower complexity estimate for simple
state recovery attack as well as special state recovery attack.
We validated the estimates by performing experiments for selected feasible parameters.
We also propose a prefix check optimization for simple state recovery attack on
Spritz. We believe that the simple state recovery attack with this optimization
and so-called ``change order\u27\u27 optimization inspired by Knudsen et al. attack on
RC4 constitutes currently the best state recovery attack on Spritz (when no
special state is observed)
Statistical weakness in Spritz against VMPC-R: in search for the RC4 replacement
We found a statistical weakness in the Spritz algorithm designed by Ronald L. Rivest and Jacob C. N. Schuldt. For N=8: Prob(output(x)=output(x+2)) = 1/N + 0.000498. The bias becomes statistically significant (for N=8) after observing about 2^21.9 outputs. Analogous bias occurs for N=16. We propose an algorithm (VMPC-R) which for N=8 produced 2^46.8 (31 million times more) outputs which remained undistinguishable from random in the same battery of tests. Supported by a series of additional statistical tests and security analyses we present VMPC-R as an algorithm we hope can be considered a worthwhile replacement for RC4
Spritz---a spongy RC4-like stream cipher and hash function.
This paper reconsiders the design of the stream cipher RC4, and
proposes an improved variant, which we call ``Spritz\u27\u27
(since the output comes in fine drops rather than big
blocks.)
Our work leverages the considerable cryptanalytic work done
on the original RC4 and its proposed variants. It also uses
simulations extensively to search for biases and to guide the
selection of intermediate expressions.
We estimate that Spritz can produce output with about 24 cycles/byte
of computation. Furthermore, our statistical tests suggest that about bytes of output are needed before one can reasonably distinguish Spritz output from random output; this is a marked improvement over RC4. [Footnote:
However, see Appendix F for references
to more recent work that suggest that our estimates of
the work required to break Spritz may be optimistic.]
In addition, we formulate Spritz as a ``sponge (or sponge-like)
function,\u27\u27 (see Bertoni et al.), which can ``Absorb\u27\u27 new
data at any time, and from which one can ``Squeeze\u27\u27 pseudorandom
output sequences of arbitrary length. Spritz can thus be easily
adapted for use as a cryptographic hash function, an encryption
algorithm, or a message-authentication code generator. (However, in
hash-function mode, Spritz is rather slow.
Settling the mystery of in RC4
In this paper, using probability transition matrix, at first we revisit the work of Mantin on finding the probability distribution of RC4 permutation after the completion of KSA. After that, we extend the same idea to analyse the probabilities during any iteration of Pseudo Random Generation Algorithm. Next, we study the bias (where is the -th output keystream bit), which is one of the significant biases observed in RC4 output keystream. This bias has played an important role in the plaintext recovery attack proposed by Isobe et al. in FSE 2013. However, the accurate theoretical explanation of the bias of is still a mystery. Though several attempts have been made to prove this bias, none of those provides accurate justification.
Here, using the results found with the help of probability transition matrix we justify this bias of accurately and settle this issue. The bias obtained from our proof matches perfectly with the experimental observations
Randomized stopping times and provably secure pseudorandom permutation generators
Conventionally, key-scheduling algorithm (KSA) of a cryptographic scheme runs for predefined number of steps. We suggest a different approach by utilization of randomized stopping rules to generate permutations which are indistinguishable from uniform ones. We explain that if the stopping time of such a shuffle is a Strong Stationary Time and bits of the secret key are not reused then these algorithms are immune against timing attacks.
We also revisit the well known paper of Mironov~\cite{Mironov2002} which analyses a card shuffle which models KSA of RC4. Mironov states that expected time till reaching uniform distribution is while we prove that steps are enough (by finding a new strong stationary time for the shuffle).
Nevertheless, both cases require bits of randomness while one can replace the shuffle used in RC4 (and in Spritz) with a better shuffle which is optimal and needs only bits
On Data Complexity of Distinguishing Attacks vs. Message Recovery Attacks on Stream Ciphers
We revisit the different approaches used in the literature to estimate
the data complexity of distinguishing attacks on stream ciphers and analyze their inter-relationships. In the process, we formally argue which approach is applicable (or not applicable) in what scenario. To our knowledge, this is the first kind of such an exposition. We also perform a rigorous statistical analysis of the message recovery attack that exploits a distinguisher and show that in practice there is a significant gap between the data complexities of a message recovery attack and the underlying distinguishing attack. This gap is not necessarily determined by a constant factor as a function of the false positive and negative rate, as one would expect. Rather this gap is also a function of the number of samples of the distinguishing attack. We perform a case study on RC4 stream cipher to demonstrate that the typical complexities for message recovery attack inferred in the literature are but under-estimates and the actual estimates are quite larger