Gaming security by obscurity

Shannon sought security against the attacker with unlimited computational powers: *if an information source conveys some information, then Shannon's attacker will surely extract that information*. Diffie and Hellman refined Shannon's attacker model by taking into account the fact that the real attackers are computationally limited. This idea became one of the greatest new paradigms in computer science, and led to modern cryptography. Shannon also sought security against the attacker with unlimited logical and observational powers, expressed through the maxim that "the enemy knows the system". This view is still endorsed in cryptography. The popular formulation, going back to Kerckhoffs, is that "there is no security by obscurity", meaning that the algorithms cannot be kept obscured from the attacker, and that security should only rely upon the secret keys. In fact, modern cryptography goes even further than Shannon or Kerckhoffs in tacitly assuming that *if there is an algorithm that can break the system, then the attacker will surely find that algorithm*. The attacker is not viewed as an omnipotent computer any more, but he is still construed as an omnipotent programmer. So the Diffie-Hellman step from unlimited to limited computational powers has not been extended into a step from unlimited to limited logical or programming powers. Is the assumption that all feasible algorithms will eventually be discovered and implemented really different from the assumption that everything that is computable will eventually be computed? The present paper explores some ways to refine the current models of the attacker, and of the defender, by taking into account their limited logical and programming powers. If the adaptive attacker actively queries the system to seek out its vulnerabilities, can the system gain some security by actively learning attacker's methods, and adapting to them?Comment: 15 pages, 9 figures, 2 tables; final version appeared in the Proceedings of New Security Paradigms Workshop 2011 (ACM 2011); typos correcte

A Robust Image Hashing Algorithm Resistant Against Geometrical Attacks

This paper proposes a robust image hashing method which is robust against common image processing attacks and geometric distortion attacks. In order to resist against geometric attacks, the log-polar mapping (LPM) and contourlet transform are employed to obtain the low frequency sub-band image. Then the sub-band image is divided into some non-overlapping blocks, and low and middle frequency coefficients are selected from each block after discrete cosine transform. The singular value decomposition (SVD) is applied in each block to obtain the first digit of the maximum singular value. Finally, the features are scrambled and quantized as the safe hash bits. Experimental results show that the algorithm is not only resistant against common image processing attacks and geometric distortion attacks, but also discriminative to content changes

Cryptanalysis of symmetric key primitives

Block ciphers and stream ciphers are essential building blocks that are used to construct computing systems which have to satisfy several security objectives. Since the security of these systems depends on the security of its parts, the analysis of these symmetric key primitives has been a goal of critical importance. In this thesis we provide cryptanalytic results for some recently proposed block and stream ciphers. First, we consider two light-weight block ciphers, TREYFER and PIFEA-M. While TREYFER was designed to be very compact in order to fit into constrained environments such as smart cards and RFIDs, PIFEA-M was designed to be very fast in order to be used for the encryption of multimedia data. We provide a related-key attack on TREYFER which recovers the secret key given around 2 11 encryptions and negligible computational effort. As for PIFEA-M, we provide evidence that it does not fulfill its design goal, which was to defend from certain implementation dependant differential attacks possible on previous versions of the cipher. Next. we consider the NGG stream cipher, whose design is based on RC4 and aims to increase throughput by operating with 32-bit or 64-bit values instead of with 8-bit values. We provide a distinguishing attack on NGG which requires just one keystream word. We also show that the first few kilobytes of the keystream may leak information about the secret key which allows the cryptanalyst to recover the secret key in an efficient way. Finally, we consider GGHN, another RC4-like cipher that operates with 32-bit words. We assess different variants of GGHN-Iike algorithms with respect to weak states, in which all internal state words and output elements are even. Once GGHN is absorbed in such a weak state, the least significant bit of the plaintext words will be revealed only by looking at the ciphertext. By modelling the algorithm by a Markov chain and calculating the chain absorption time, we show that the average number of steps required by these algorithms to enter this weak state can be lower than expected at first glance and hence caution should be exercised when estimating this numbe

A NOVEL JOINT PERCEPTUAL ENCRYPTION AND WATERMARKING SCHEME (JPEW) WITHIN JPEG FRAMEWORK

Due to the rapid growth in internet and multimedia technologies, many new commercial applications like video on demand (VOD), pay-per-view and real-time multimedia broadcast etc, have emerged. To ensure the integrity and confidentiality of the multimedia content, the content is usually watermarked and then encrypted or vice versa. If the multimedia content needs to be watermarked and encrypted at the same time, the watermarking function needs to be performed first followed by encryption function. Hence, if the watermark needs to be extracted then the multimedia data needs to be decrypted first followed by extraction of the watermark. This results in large computational overhead. The solution provided in the literature for this problem is by using what is called partial encryption, in which media data are partitioned into two parts - one to be watermarked and the other is encrypted. In addition, some multimedia applications i.e. video on demand (VOD), Pay-TV, pay-per-view etc, allow multimedia content preview which involves „perceptual‟ encryption wherein all or some selected part of the content is, perceptually speaking, distorted with an encryption key. Up till now no joint perceptual encryption and watermarking scheme has been proposed in the literature. In this thesis, a novel Joint Perceptual Encryption and Watermarking (JPEW) scheme is proposed that is integrated within JPEG standard. The design of JPEW involves the design and development of both perceptual encryption and watermarking schemes that are integrated in JPEG and feasible within the „partial‟ encryption framework. The perceptual encryption scheme exploits the energy distribution of AC components and DC components bitplanes of continuous-tone images and is carried out by selectively encrypting these AC coefficients and DC components bitplanes. The encryption itself is based on a chaos-based permutation reported in an earlier work. Similarly, in contrast to the traditional watermarking schemes, the proposed watermarking scheme makes use of DC component of the image and it is carried out by selectively substituting certain bitplanes of DC components with watermark bits. vi ii Apart from the aforesaid JPEW, additional perceptual encryption scheme, integrated in JPEG, has also been proposed. The scheme is outside of joint framework and implements perceptual encryption on region of interest (ROI) by scrambling the DCT blocks of the chosen ROI. The performances of both, perceptual encryption and watermarking schemes are evaluated and compared with Quantization Index modulation (QIM) based watermarking scheme and reversible Histogram Spreading (RHS) based perceptual encryption scheme. The results show that the proposed watermarking scheme is imperceptible and robust, and suitable for authentication. Similarly, the proposed perceptual encryption scheme outperforms the RHS based scheme in terms of number of operations required to achieve a given level of perceptual encryption and provides control over the amount of perceptual encryption. The overall security of the JPEW has also been evaluated. Additionally, the performance of proposed separate perceptual encryption scheme has been thoroughly evaluated in terms of security and compression efficiency. The scheme is found to be simpler in implementation, have insignificant effect on compression ratios and provide more options for the selection of control factor

Analysis of Countermeasures Against Remote and Local Power Side Channel Attacks using Correlation Power Analysis

Countermeasures and deterrents to power side-channel attacks targeting the alteration or scrambling of the power delivery network have been shown to be effective against local attacks where the malicious agent has physical access to the target system. However, remote attacks that capture the leaked information from within the IC power grid are shown herein to be nonetheless effective at uncovering the secret key in the presence of these countermeasures/deterrents. Theoretical studies and experimental analysis are carried out to define and quantify the impact of integrated voltage regulators, voltage noise injection, and integration of on-package decoupling capacitors for both remote and local attacks. An outcome yielded by the studies is that the use of an integrated voltage regulator as a countermeasure is effective for a local attack. However, remote attacks are still effective and hence break the integrated voltage regulator countermeasure. From the experimental analysis, it is observed that within the range of designs\u27 practical values, the adoption of on-package decoupling capacitors provides only a 1.3x increase in the minimum number of traces required to discover the secret key. However, the injection of noise in the IC power delivery network yields a 37x increase in the minimum number of traces to discover. Thus, increasing the number of on-package decoupling capacitors or the impedance between locally measured power and the IC power grid should not be relied on as countermeasures to power side-channel attacks, for remote attack schemes. Noise injection should be considered as it is more effective at scrambling the leaked signal to eliminate sensitive identifying information

Security and complexity of the McEliece cryptosystem based on QC-LDPC codes

In the context of public key cryptography, the McEliece cryptosystem represents a very smart solution based on the hardness of the decoding problem, which is believed to be able to resist the advent of quantum computers. Despite this, the original McEliece cryptosystem, based on Goppa codes, has encountered limited interest in practical applications, partly because of some constraints imposed by this very special class of codes. We have recently introduced a variant of the McEliece cryptosystem including low-density parity-check codes, that are state-of-the-art codes, now used in many telecommunication standards and applications. In this paper, we discuss the possible use of a bit-flipping decoder in this context, which gives a significant advantage in terms of complexity. We also provide theoretical arguments and practical tools for estimating the trade-off between security and complexity, in such a way to give a simple procedure for the system design.Comment: 22 pages, 1 figure. This paper is a preprint of a paper accepted by IET Information Security and is subject to Institution of Engineering and Technology Copyright. When the final version is published, the copy of record will be available at IET Digital Librar

Digital Watermarking Security

As creative works (e.g. books, films, music, photographs) become increasingly available in digital formats in a highly connected world, it also becomes increasingly difficult to secure intellectual property rights. Digital watermarking is one potential technology to aid intellectual property owners in controlling and tracking the use of their works. Surveys the state of digital watermarking research and examines the attacks that the technology faces and how it fares against them. Digital watermarking is an inherently difficult design problem subject to many constraints. The technology currently faces an uphill battle to be secure against relatively simple attacks