Survey and Benchmark of Block Ciphers for Wireless Sensor Networks

Cryptographic algorithms play an important role in the security architecture of wireless sensor networks (WSNs). Choosing the most storage- and energy-efficient block cipher is essential, due to the facts that these networks are meant to operate without human intervention for a long period of time with little energy supply, and that available storage is scarce on these sensor nodes. However, to our knowledge, no systematic work has been done in this area so far.We construct an evaluation framework in which we first identify the candidates of block ciphers suitable for WSNs, based on existing literature and authoritative recommendations. For evaluating and assessing these candidates, we not only consider the security properties but also the storage- and energy-efficiency of the candidates. Finally, based on the evaluation results, we select the most suitable ciphers for WSNs, namely Skipjack, MISTY1, and Rijndael, depending on the combination of available memory and required security (energy efficiency being implicit). In terms of operation mode, we recommend Output Feedback Mode for pairwise links but Cipher Block Chaining for group communications

Improved Related-Key Attacks on DESX and DESX+

In this paper, we present improved related-key attacks on the original DESX, and DESX+, a variant of the DESX with its pre- and post-whitening XOR operations replaced with addition modulo $2^{64}$. Compared to previous results, our attack on DESX has reduced text complexity, while our best attack on DESX+ eliminates the memory requirements at the same processing complexity

HUC-HISF: A Hybrid Intelligent Security Framework for Human-centric Ubiquitous Computing

制度:新 ; 報告番号:乙2336号 ; 学位の種類:博士(人間科学) ; 授与年月日:2012/1/18 ; 早大学位記番号:新584

Cracking y ataques físicos sobre dispositivos electrónicos

Cracking - Ataques - Físicos - Dispositivos - Electrónico

Cryptanalysis of Dedicated Cryptographic Hash Functions

In this thesis we study the security of a number of dedicated cryptographic hash functions against cryptanalytic attacks. We begin with an introduction to what cryptographic hash functions are and what they are used for. This is followed by strict definitions of the security properties often required from cryptographic hash functions. FSB hashes are a class of hash functions derived from a coding theory problem. We attack FSB by modeling the compression function of the hash by a matrix in GF(2). We show that collisions and preimages can easily be found in FSB with the proposed security parameters. We describe a meet-in-the-middle attack against the FORK-256 hash function. The attack requires 2^112.8 operations to find a collision, which is a 38000-fold improvement over the expected 2^128 operations. We then present a method for finding slid pairs for the compression function of SHA-1; pairs of inputs and messages that produce closely related outputs in the compression function. We also cryptanalyse two block ciphers based on the compression function of MD5, MDC-MD5 and the Kaliski-Robshaw "Crab" encryption algorithm. VSH is a hash function based on problems in number theory that are believed to be hard. The original proposal only claims collision resistance; we demonstrate that VSH does not meet the other hash function requirements of preimage resistance, one-wayness, and collision resistance of truncated variants. To explore more general cryptanalytic attacks, we discuss the d-Monomial test, a statistical test that has been found to be effective in distinguishing iterated Boolean circuits from real random functions. The test is applied to the SHA and MD5 hash functions. We present a new hash function proposal, LASH, and its initial cryptanalysis.The LASH design is based on a simple underlying primitive, and some of its security can be shown to be related to lattice problems

Cryptanalysis of Dedicated Cryptographic Hash Functions

In this thesis we study the security of a number of dedicated cryptographic hash functions against cryptanalytic attacks. We begin with an introduction to what cryptographic hash functions are and what they are used for. This is followed by strict definitions of the security properties often required from cryptographic hash functions. FSB hashes are a class of hash functions derived from a coding theory problem. We attack FSB by modeling the compression function of the hash by a matrix in GF(2). We show that collisions and preimages can easily be found in FSB with the proposed security parameters. We describe a meet-in-the-middle attack against the FORK-256 hash function. The attack requires 2^112.8 operations to find a collision, which is a 38000-fold improvement over the expected 2^128 operations. We then present a method for finding slid pairs for the compression function of SHA-1; pairs of inputs and messages that produce closely related outputs in the compression function. We also cryptanalyse two block ciphers based on the compression function of MD5, MDC-MD5 and the Kaliski-Robshaw "Crab" encryption algorithm. VSH is a hash function based on problems in number theory that are believed to be hard. The original proposal only claims collision resistance; we demonstrate that VSH does not meet the other hash function requirements of preimage resistance, one-wayness, and collision resistance of truncated variants. To explore more general cryptanalytic attacks, we discuss the d-Monomial test, a statistical test that has been found to be effective in distinguishing iterated Boolean circuits from real random functions. The test is applied to the SHA and MD5 hash functions. We present a new hash function proposal, LASH, and its initial cryptanalysis.The LASH design is based on a simple underlying primitive, and some of its security can be shown to be related to lattice problems

Fault Analysis of the KTANTAN Family of Block Ciphers: A Revisited Work of Fault Analysis of the KATAN Family of Block Ciphers

This paper investigates the security of the KTANTAN block cipher against differential fault analysis. This attack is considered to be first side channel analysis of KTANTAN in the literature. KTANTAN is a relative to the KATAN block cipher. Therefore, the previous fault analysis on KATAN family of block cipher is revisited. Similar to KATAN, KTANTAN has three variants namely KTANTAN32, KTANTAN48 and KTANTAN64. The inner structure of KTANTAN is similar to KATAN except the key schedule algorithms. KATAN has been practically broken by using fault analysis, employing a transient single-bit fault model, with the assumption is that the attacker is able to inject faults randomly into the internal state of the cipher. The attack is empowerd by extended cube method similarly as applied on KATAN. The complexity of this attack is $2^{74}$ for KTANTAN32 and $2^{76}$ for both KTANTAN48 and KTANTAN64. Furthermore, based on the obtained results, this paper concludes that KTANTAN is more robust against fault analysis compared to KATAN

Application of Fault Analysis to Some Cryptographic Standards

Cryptanalysis methods can be classified as pure mathematical attacks, such as linear and differential cryptanalysis, and implementation dependent attacks such as power analysis and fault analysis. Pure mathematical attacks exploit the mathematical structure of the cipher to reveal the secret key inside the cipher. On the other hand, implementation dependent attacks assume that the attacker has access to the cryptographic device to launch the attack. Fault analysis is an example of a side channel attack in which the attacker is assumed to be able to induce faults in the cryptographic device and observe the faulty output. Then, the attacker tries to recover the secret key by combining the information obtained from the faulty and the correct outputs. Even though fault analysis attacks may require access to some specialized equipment to be able to insert faults at specific locations or at specific times during the computation, the resulting attacks usually have time and memory complexities which are far more practical as compared to pure mathematical attacks. Recently, several AES-based primitives were approved as new cryptographic standards throughout the world. For example, Kuznyechik was approved as the standard block cipher in Russian Federation, and Kalyna and Kupyna were approved as the standard block cipher and the hash function, respectively, in Ukraine. Given the importance of these three new primitives, in this thesis, we analyze their resistance against fault analysis attacks. Firstly, we modified a differential fault analysis (DFA) attack that was applied on AES and applied it on Kuzneychik. Application of DFA on Kuznyechik was not a trivial task because of the linear transformation layer used in the last round of Kuznyechik. In order to bypass the effect of this linear transformation operation, we had to use an equivalent representation of the last round which allowed us to recover the last two round keys using a total of four faults and break the cipher. Secondly, we modified the attack we applied on Kuzneychik and applied it on Kalyna. Kalyna has a complicated key scheduling and it uses modulo 264 addition operation for applying the first and last round keys. This makes Kalyna more resistant to DFA as com- pared to AES and Kuznyechik but it is still practically breakable because the number of key candidates that can be recovered by DFA can be brute-forced in a reasonable time. We also considered the case where the SBox entries of Kalyna are not known and showed how to recover a set of candidates for the SBox entries. Lastly, we applied two fault analysis attacks on Kupyna hash function. In the first case, we assumed that the SBoxes and all the other function parameters are known, and in the second case we assumed that the SBoxes were kept secret and attacked the hash function accordingly. Kupyna can be used as the underlying hash function for the construction of MAC schemes such as secret IV, secret prefix, HMAC or NMAC. In our analysis, we showed that secret inputs of Kupyna can be recovered using fault analysis. To conclude, we analyzed two newly accepted standard ciphers (Kuznyechik, Kalyna) and one newly approved standard hash function (Kupyna) for their resistance against fault attacks. We also analyzed Kalyna and Kupyna with the assumption that these ciphers can be deployed with secret user defined SBoxes in order to increase their security