20 research outputs found

    Studies on error linear complexity measures for multisequences

    Get PDF
    Ph.DDOCTOR OF PHILOSOPH

    Contributions to Confidentiality and Integrity Algorithms for 5G

    Get PDF
    The confidentiality and integrity algorithms in cellular networks protect the transmission of user and signaling data over the air between users and the network, e.g., the base stations. There are three standardised cryptographic suites for confidentiality and integrity protection in 4G, which are based on the AES, SNOW 3G, and ZUC primitives, respectively. These primitives are used for providing a 128-bit security level and are usually implemented in hardware, e.g., using IP (intellectual property) cores, thus can be quite efficient. When we come to 5G, the innovative network architecture and high-performance demands pose new challenges to security. For the confidentiality and integrity protection, there are some new requirements on the underlying cryptographic algorithms. Specifically, these algorithms should: 1) provide 256 bits of security to protect against attackers equipped with quantum computing capabilities; and 2) provide at least 20 Gbps (Gigabits per second) speed in pure software environments, which is the downlink peak data rate in 5G. The reason for considering software environments is that the encryption in 5G will likely be moved to the cloud and implemented in software. Therefore, it is crucial to investigate existing algorithms in 4G, checking if they can satisfy the 5G requirements in terms of security and speed, and possibly propose new dedicated algorithms targeting these goals. This is the motivation of this thesis, which focuses on the confidentiality and integrity algorithms for 5G. The results can be summarised as follows.1. We investigate the security of SNOW 3G under 256-bit keys and propose two linear attacks against it with complexities 2172 and 2177, respectively. These cryptanalysis results indicate that SNOW 3G cannot provide the full 256-bit security level. 2. We design some spectral tools for linear cryptanalysis and apply these tools to investigate the security of ZUC-256, the 256-bit version of ZUC. We propose a distinguishing attack against ZUC-256 with complexity 2236, which is 220 faster than exhaustive key search. 3. We design a new stream cipher called SNOW-V in response to the new requirements for 5G confidentiality and integrity protection, in terms of security and speed. SNOW-V can provide a 256-bit security level and achieve a speed as high as 58 Gbps in software based on our extensive evaluation. The cipher is currently under evaluation in ETSI SAGE (Security Algorithms Group of Experts) as a promising candidate for 5G confidentiality and integrity algorithms. 4. We perform deeper cryptanalysis of SNOW-V to ensure that two common cryptanalysis techniques, guess-and-determine attacks and linear cryptanalysis, do not apply to SNOW-V faster than exhaustive key search. 5. We introduce two minor modifications in SNOW-V and propose an extreme performance variant, called SNOW-Vi, in response to the feedback about SNOW-V that some use cases are not fully covered. SNOW-Vi covers more use cases, especially some platforms with less capabilities. The speeds in software are increased by 50% in average over SNOW-V and can be up to 92 Gbps.Besides these works on 5G confidentiality and integrity algorithms, the thesis is also devoted to local pseudorandom generators (PRGs). 6. We investigate the security of local PRGs and propose two attacks against some constructions instantiated on the P5 predicate. The attacks improve existing results with a large gap and narrow down the secure parameter regime. We also extend the attacks to other local PRGs instantiated on general XOR-AND and XOR-MAJ predicates and provide some insight in the choice of safe parameters

    A multistep strategy for polynomial system solving over finite fields and a new algebraic attack on the stream cipher Trivium

    Get PDF
    In this paper we introduce a multistep generalization of the guess-and-determine or hybrid strategy for solving a system of multivariate polynomial equations over a finite field. In particular, we propose performing the exhaustive evaluation of a subset of variables stepwise, that is, by incrementing the size of such subset each time that an evaluation leads to a polynomial system which is possibly unfeasible to solve. The decision about which evaluation to extend is based on a preprocessing consisting in computing an incomplete Grobner basis after the current evaluation, which possibly generates linear polynomials that are used to eliminate further variables. If the number of remaining variables in the system is deemed still too high, the evaluation is extended and the preprocessing is iterated. Otherwise, we solve the system by a Grobner basis computation. Having in mind cryptanalytic applications, we present an implementation of this strategy in an algorithm called MultiSolve which is designed for polynomial systems having at most one solution. We prove explicit formulas for its complexity which are based on probability distributions that can be easily estimated by performing the proposed preprocessing on a testset of evaluations for different subsets of variables. We prove that an optimal complexity of MultiSolve is achieved by using a full multistep strategy with a maximum number of steps and in turn the classical guess-and-determine strategy, which essentially is a strategy consisting of a single step, is the worst choice. Finally, we extensively study the behaviour of MultiSolve when performing an algebraic attack on the well-known stream cipher Trivium

    Applications of the Galois Model LFSR in Cryptography

    Get PDF
    The linear feedback shift-register is a widely used tool for generating cryptographic sequences. The properties of the Galois model discussed here offer many opportunities to improve the implementations that already exist. We explore the overall properties of the phases of the Galois model and conjecture a relation with modular Golomb rulers. This conjecture points to an efficient method for constructing non-linear filtering generators which fulfil Golic s design criteria in order to maximise protection against his inversion attack. We also produce a number of methods which can improve the rate of output of sequences by combining particular distinct phases of smaller elementary sequences

    STATISTICAL PROPERTIES OF PSEUDORANDOM SEQUENCES

    Get PDF
    Random numbers (in one sense or another) have applications in computer simulation, Monte Carlo integration, cryptography, randomized computation, radar ranging, and other areas. It is impractical to generate random numbers in real life, instead sequences of numbers (or of bits) that appear to be ``random yet repeatable are used in real life applications. These sequences are called pseudorandom sequences. To determine the suitability of pseudorandom sequences for applications, we need to study their properties, in particular, their statistical properties. The simplest property is the minimal period of the sequence. That is, the shortest number of steps until the sequence repeats. One important type of pseudorandom sequences is the sequences generated by feedback with carry shift registers (FCSRs). In this dissertation, we study statistical properties of N-ary FCSR sequences with odd prime connection integer q and least period (q-1)/2. These are called half-ℓ-sequences. More precisely, our work includes: The number of occurrences of one symbol within one period of a half-ℓ-sequence; The number of pairs of symbols with a fixed distance between them within one period of a half-ℓ-sequence; The number of triples of consecutive symbols within one period of a half-ℓ-sequence. In particular we give a bound on the number of occurrences of one symbol within one period of a binary half-ℓ-sequence and also the autocorrelation value in binary case. The results show that the distributions of half-ℓ-sequences are fairly flat. However, these sequences in the binary case also have some undesirable features as high autocorrelation values. We give bounds on the number of occurrences of two symbols with a fixed distance between them in an ℓ-sequence, whose period reaches the maximum and obtain conditions on the connection integer that guarantee the distribution is highly uniform. In another study of a cryptographically important statistical property, we study a generalization of correlation immunity (CI). CI is a measure of resistance to Siegenthaler\u27s divide and conquer attack on nonlinear combiners. In this dissertation, we present results on correlation immune functions with regard to the q-transform, a generalization of the Walsh-Hadamard transform, to measure the proximity of two functions. We give two definitions of q-correlation immune functions and the relationship between them. Certain properties and constructions for q-correlation immune functions are discussed. We examine the connection between correlation immune functions and q-correlation immune functions

    Physical Layer Securities in Wireless Communication Systems

    Get PDF
    Due to the tremendous advancement in the semiconductor and microelectronics technologies, wireless technologies have blossomed in the recent decades. The large scale deployment of wireless networks have revolutionized the way people live. They bring a great deal of convenience and enjoyment to us. Undoubtedly, we have become more and more dependent on these wireless technologies. These include cellular and radio frequency identification (RFID) technologies. However, with great technologies also come great risks and threats. Unlike wired transmissions, the nature of wireless transmissions result in the transmitted signals over the channel can be easily intercepted and eavesdropped by malicious adversaries. Therefore, security and privacy of the employed wireless communication system are easily compromised compared to the wired communication system. Consequently, securing wireless network has attracted a lot of attention in the recent years and it has huge practical implications. Securing wireless networks can be and indeed are performed at all layers of a network protocol stack. These include application, network, data link and physical (PHY) layers. The primary focus of our research is on the PHY layer approaches for securing and attacking wireless networks. In this thesis, we identify three research topics and present our results. They are: 1) PHY layer phase encryption (P-Enc) vs XOR encryption (XOR-Enc); 2) PHY layer signaling scheme to ensure the confidentiality of the transmitted messages from the tag to the reader in RFID systems. 3) Active eavesdropping attack framework under frequency hopping spread spectrum (FHSS) RFID systems. In the first work, we introduce a new OFDM encryption scheme which we call OFDM-Enc, different from convectional XOR-Enc, OFDM-Enc encrypts data by multiplying each of in-phase and quadrature component of the time domain OFDM symbol by a keystream bit. We then perform an initial investigation on the security of OFDM-Enc. We show it is secure against all attacks that are considered in this work. Moreover, depending on the modulation type, OFDM would potentially reduce the keystream size required for encryption, while still achieving the required security level. We also conduct simulations to compare OFDM-Enc with conventional XOR-Enc. We show indeed OFDM-Enc is viable and can achieve good performances. Then we extend OFDM-Enc to general communication systems. Since the encryption is essentially done by changing the phase of the data constellations, we just adopt the term P-Enc. In addition, we form mathematical formulations in order to compare between P-Enc and XOR-Enc in terms of efficiency, security and hardware complexity. Furthermore, we show P-Enc at the PHY layer can prevent traffic analysis attack, which cannot be prevented with the upper layer encryptions. Finally, simulations are conducted again to compare the performance of P-Enc and XOR-Enc. In the second work, we are interested in protecting tag's data from leaking or being compromised to malicious adversaries. As discussed earlier, due to the nature of wireless channels, communications between the tag and the reader is susceptible to eavesdropping. The conventional method uses encryption for confidentiality protection of transmitted messages. However, this requires to pre-share keys between the reader and the tag. As a result, a key management and distribution system needs to be put in place. This introduces heavy system overhead. In this work, we first propose a new PHY layer RFID privacy protection method which requires no pre-shared keys and would achieve the same goal. We also perform theoretical analysis to first validate of our proposed scheme. Finally, we conduct experiments to further verify the feasibility our proposed scheme under the passive eavesdropping attack model. In the third work, we present a new attack on the FHSS RFID system called active eavesdropping attack. In most semi-passive and passive RFID systems, tag to reader communications are accomplished via backscattering modulation. This implies the tag is not required to identify the frequency of the legitimate reader's transmitted signal, it simply responds to a reader's query by setting its impedance in the circuitry to low and high to represent bit 1 and 0. The attacker exploits this design weakness of the tag and broadcasts his own continuous wave (CW) at a different frequency. Consequently, the eavesdropper receives two copies of responses: one from his own broadcasted CW and one from reader's CW. We perform theoretical analysis to show the optimal strategy for the attacker in terms of the decoding error probability. Finally, we conduct simulations and experiments to verify with our theoretical results

    Provable security against generic attacks on stream ciphers

    Get PDF

    Lightweight cryptography on ultra-constrained RFID devices

    Full text link
    Devices of extremely small computational power like RFID tags are used in practice to a rapidly growing extent, a trend commonly referred to as ubiquitous computing. Despite their severely constrained resources, the security burden which these devices have to carry is often enormous, as their fields of application range from everyday access control to human-implantable chips providing sensitive medical information about a person. Unfortunately, established cryptographic primitives such as AES are way to 'heavy' (e.g., in terms of circuit size or power consumption) to be used in corresponding RFID systems, calling for new solutions and thus initiating the research area of lightweight cryptography. In this thesis, we focus on the currently most restricted form of such devices and will refer to them as ultra-constrained RFIDs. To fill this notion with life and in order to create a profound basis for our subsequent cryptographic development, we start this work by providing a comprehensive summary of conditions that should be met by lightweight cryptographic schemes targeting ultra-constrained RFID devices. Building on these insights, we then turn towards the two main topics of this thesis: lightweight authentication and lightweight stream ciphers. To this end, we first provide a general introduction to the broad field of authentication and study existing (allegedly) lightweight approaches. Drawing on this, with the (n,k,L)^-protocol, we suggest our own lightweight authentication scheme and, on the basis of corresponding hardware implementations for FPGAs and ASICs, demonstrate its suitability for ultra-constrained RFIDs. Subsequently, we leave the path of searching for dedicated authentication protocols and turn towards stream cipher design, where we first revisit some prominent classical examples and, in particular, analyze their state initialization algorithms. Following this, we investigate the rather young area of small-state stream ciphers, which try to overcome the limit imposed by time-memory-data tradeoff (TMD-TO) attacks on the security of classical stream ciphers. Here, we present some new attacks, but also corresponding design ideas how to counter these. Paving the way for our own small-state stream cipher, we then propose and analyze the LIZARD-construction, which combines the explicit use of packet mode with a new type of state initialization algorithm. For corresponding keystream generator-based designs of inner state length n, we prove a tight (2n/3)-bound on the security against TMD-TO key recovery attacks. Building on these theoretical results, we finally present LIZARD, our new lightweight stream cipher for ultra-constrained RFIDs. Its hardware efficiency and security result from combining a Grain-like design with the LIZARD-construction. Most notably, besides lower area requirements, the estimated power consumption of LIZARD is also about 16 percent below that of Grain v1, making it particularly suitable for passive RFID tags, which obtain their energy exclusively through an electromagnetic field radiated by the reading device. The thesis is concluded by an extensive 'Future Research Directions' chapter, introducing various new ideas and thus showing that the search for lightweight cryptographic solutions is far from being completed

    Some Words on Cryptanalysis of Stream Ciphers

    Get PDF
    In the world of cryptography, stream ciphers are known as primitives used to ensure privacy over a communication channel. One common way to build a stream cipher is to use a keystream generator to produce a pseudo-random sequence of symbols. In such algorithms, the ciphertext is the sum of the keystream and the plaintext, resembling the one-time pad principal. Although the idea behind stream ciphers is simple, serious investigation of these primitives has started only in the late 20th century. Therefore, cryptanalysis and design of stream ciphers are important. In recent years, many designs of stream ciphers have been proposed in an effort to find a proper candidate to be chosen as a world standard for data encryption. That potential candidate should be proven good by time and by the results of cryptanalysis. Different methods of analysis, in fact, explain how a stream cipher should be constructed. Thus, techniques for cryptanalysis are also important. This thesis starts with an overview of cryptography in general, and introduces the reader to modern cryptography. Later, we focus on basic principles of design and analysis of stream ciphers. Since statistical methods are the most important cryptanalysis techniques, they will be described in detail. The practice of statistical methods reveals several bottlenecks when implementing various analysis algorithms. For example, a common property of a cipher to produce n-bit words instead of just bits makes it more natural to perform a multidimensional analysis of such a design. However, in practice, one often has to truncate the words simply because the tools needed for analysis are missing. We propose a set of algorithms and data structures for multidimensional cryptanalysis when distributions over a large probability space have to be constructed. This thesis also includes results of cryptanalysis for various cryptographic primitives, such as A5/1, Grain, SNOW 2.0, Scream, Dragon, VMPC, RC4, and RC4A. Most of these results were achieved with the help of intensive use of the proposed tools for cryptanalysis
    corecore