Comparative Study of Symmetric Key Algorithms-Des, AES and Blowfish

This paper presents a peer analysis in the field of encryption algorithms, concentrating on private key block ciphers which are generally used for bulk data and link encryption. We have initially surveyed some of the popular and efficient algorithms currently in use. This paper focuses mainly on the different kinds of encryption techniques that are existing, and comparative study together as a literature survey. This study extends to the performance parameters used in encryption processes and analyzing on their security issues. Cryptography is the practice and study of hiding information. Prior to the modern age, cryptography was almost synonymous with encryption i.e. the conversion of information from a readable state to unreadable state. In order to avoid unwanted persons being able to read the information, senders retain the ability to decrypt the information. There are three types of Cryptography. They are Asymmetric-key cryptography, symmetric key cryptography and hashing. Encryption methods in which both the sender and receiver share the same key are referred to as symmetric key cryptography. This paper provides a comparison between symmetric key algorithms such as DES, AES, and Blowfish. The comparison is made on the basis of these parameters such as block size and key size

Directional Modulation via Symbol-Level Precoding: A Way to Enhance Security

Wireless communication provides a wide coverage at the cost of exposing information to unintended users. As an information-theoretic paradigm, secrecy rate derives bounds for secure transmission when the channel to the eavesdropper is known. However, such bounds are shown to be restrictive in practice and may require exploitation of specialized coding schemes. In this paper, we employ the concept of directional modulation and follow a signal processing approach to enhance the security of multi-user MIMO communication systems when a multi-antenna eavesdropper is present. Enhancing the security is accomplished by increasing the symbol error rate at the eavesdropper. Unlike the information-theoretic secrecy rate paradigm, we assume that the legitimate transmitter is not aware of its channel to the eavesdropper, which is a more realistic assumption. We examine the applicability of MIMO receiving algorithms at the eavesdropper. Using the channel knowledge and the intended symbols for the users, we design security enhancing symbol-level precoders for different transmitter and eavesdropper antenna configurations. We transform each design problem to a linearly constrained quadratic program and propose two solutions, namely the iterative algorithm and one based on non-negative least squares, at each scenario for a computationally-efficient modulation. Simulation results verify the analysis and show that the designed precoders outperform the benchmark scheme in terms of both power efficiency and security enhancement.Comment: This manuscript is submitted to IEEE Journal of Selected Topics in Signal Processin

S-Box Implementation of AES is NOT side-channel resistant

Several successful cache-based attacks have provided strong impetus for developing side channel resistant software implementations of AES. One of the best-known countermeasures - use of a minimalist 256-byte look-up table - has been employed in the latest (assembly language) versions. Software and hardware prefetching and out-of-order execution in modern processors have served to further shrink the attack surface. Despite these odds, we devise and implement two strategies to retrieve the complete AES key. The first uses adaptively chosen plaintext and random plaintext in a 2-round attack. The second strategy employs only about 50 blocks of random plaintext in a novel single round attack. The attack can be extended to spying on table accesses during decryption in a ciphertext-only attack. We also present an analytical model to explain the effect of false positives and false negatives and capture various practical tradeoffs involving number of blocks of plaintext, offline computation time for key retrieval and success probability

Analyzing Multi-key Security Degradation

Contains fulltext : 179039.pdf (preprint version ) (Closed access) Contains fulltext : 179039.pdf (Publisher’s version ) (Open Access)nul

Lower data attacks on Advanced Encryption Standard

The Advanced Encryption Standard (AES) is one of the most commonly used and analyzed encryption algorithms. In this work, we present new combinations of some prominent attacks on AES, achieving new records in data requirements among attacks, utilizing only $2^4$ and $2^{16}$ chosen plaintexts (CP) for 6-round and 7-round AES-192/256 respectively. One of our attacks is a combination of a meet-in-the-middle (MiTM) attack with a square attack mounted on 6-round AES-192/256 while another attack combines an MiTM attack and an integral attack, utilizing key space partitioning technique, on 7-round AES-192/256. Moreover, we illustrate that impossible differential (ID) attacks can be viewed as the dual of MiTM attacks in certain aspects which enables us to recover the correct key using the meet-in-the-middle (MiTM) technique instead of sieving through all potential wrong keys in our ID attack. Furthermore, we introduce the constant guessing technique in the inner rounds which significantly reduces the number of key bytes to be searched. The time and memory complexities of our attacks remain marginal

The need for polymorphic encryption algorithms: A review paper

Current symmetric ciphers including the Advanced Encryption Standard (AES) are deterministic and open. Using standard ciphers is necessary for interoperability. However, it gives the potential opponent significant leverage, as it facilitates all the knowledge and time he needs to design effective attacks. In this review paper, we highlight prominent contributions in the field of symmetric encryption. Furthermore, we shed light on some contributions that aim at mitigating potential threats when using standard symmetric ciphers. Furthermore, we highlight the need for more practical contributions in the direction of polymorphic or multishape ciphers

New Key Expansion Function of Rijndael 128-Bit Resistance to The Related-Key Attacks

A master key of special length is manipulated based on the key schedule to create round sub-keys in most block ciphers. A strong key schedule is described as a cipher that will be more resistant to various forms of attacks, especially in related-key model attacks. Rijndael is the most common block cipher, and it was adopted by the National Institute of Standards and Technology, USA in 2001 as an Advance Encryption Standard. However, a few studies on cryptanalysis revealed that a security weakness of Rijndael refers to its vulnerability to related-key differential attack as well as the related-key boomerang attack, which is mainly caused by the lack of nonlinearity in the key schedule of Rijndael. In relation to this, constructing a key schedule that is both efficient and provably secure has been an ongoing open problem. Hence, this paper presents a method to improve the key schedule of Rijndael 128-bit for the purpose of making it more resistance to the related-key differential and boomerang attacks. In this study, two statistical tests, namely the Frequency test and the Strict Avalanche Criterion test were employed to respectively evaluate the properties of bit confusion and bit diffusion. The results showed that the proposed key expansion function has excellent statistical properties and agrees with the concept of Shannons diffusion and confusion bits. Meanwhile, the Mixed Integer Linear Programming based approach was adopted to evaluate the resistance of the proposed approach towards the related-key differential and boomerang attacks. The proposed approach was also found to be resistant against the two attacks discovered in the original Rijndael. Overall, these results proved that the proposed approach is able to perform better compared to the original Rijndael key expansion function and that of the previous research

Length-preserving authenticated encryption of storage blocks

Digital storage is often protected by individually authenticating and encrypting each storage unit, usually a disk block or a memory page. This results in one ciphertext and authentication tag per unit. Where used, these tags are written to external memory locations or to different blocks within the same device, but this has two main drawbacks. First, it is not always possible to use external memory, or to allocate extra blocks to store the tags. Second, storing the tag in a different location than the ciphertext requires two IO requests for each read or write: one request for the ciphertext, another for the tag. In this thesis, I ask and resolve the question: is it possible to use data compression to provide length-preserving storage protection, providing integrity and confidentiality, removing the need for external storage or extra blocks. The thesis contributes to the research of block-level data protection, and analyses existing protection methods for data protection of block devices, such as dm-crypt and dm-verity in Linux, as well as RAM protections such as AMD SEV-SNP. Previous compression-based solutions are analysed and found not to be fully length-preserving. The thesis presents LP-SP, a length-preserving storage protection method that does not need external storage or extra blocks for tags. Additionally, a prototype implementation in the device-mapper in Linux provides compression and performance measurements. These measurements result in LP-SP being especially useful in RAM and other environments with high compression rates

Algoritmos criptográficos e o seu desempenho no Arduíno

O Arduíno é uma plataforma muito robusta e multifacetada utilizada em diversas situações e, cada vez mais, um elemento relevante na arquitetura da Internet das Coisas. Ao disponibilizar várias interfaces de comunicação sem fios, pode ser utilizado para controlar eletrodomésticos, portas, sensores de temperatura, etc. permitindo implementar facilmente a comunicação entre estas “coisas”. Nesta tese foram estudadas as principais redes sem fios utilizadas pelo Arduíno (Bluetooth Low Energy [BLE], Wi-Fi e ZigBee) para tentar perceber qual a que tem o melhor desempenho, vantagens e desvantagens de cada uma, quais os módulos necessários para permitir ao Arduíno utilizar esse tipo de rede sem fios, quais as principais funções para que foram projetadas quando criadas e qual o sistema de segurança utilizado nestas redes. Estas diferentes tecnologias sem fios permitem uma maior mobilidade e uma maior flexibilidade no desenho das estruturas de rede do que as redes com fios convencionais. Porém, este tipo de redes têm uma grande desvantagem já que qualquer um dentro do alcance da rede sem fios consegue intercetar o sinal que está a ser transmitido. Para solucionar e proteger a informação que é transmitida por estas redes foram desenvolvidos vários algoritmos de criptografia. Estes dados encriptados só podem ser lidos por dispositivos que tenham uma determinada chave. Os algoritmos de criptografia Data Encryption Standard (DES), Triple DES (TDES), Advanced Encryption Standard (AES), eXtended TEA (XTEA) Corrected Block TEA (XXTEA) estão entre as técnicas mais conhecidos e usadas tualmente. Nesta tese foram analisados estes algoritmos e as suas vulnerabilidades, tendo também sido feito um levantamento dos principais ataques existentes para avaliar se ainda são seguros atualmente. De forma a avaliar a possibilidade de utilizar o Arduíno em aplicações que utilizem comunicações sem fios com segurança, foram realizados testes de desempenho com os algoritmos de criptografia estudados, usando bibliotecas já existentes. Nos testes de desempenho implementados verificou-se que o AES é bastante mais rápido do que as outras soluções, oferecendo ainda uma maior segurança. Já o TDES verificou-se ser bastante lento, justificando o porquê de o algoritmo ser pouco usado, sendo ao longo dos anos substituído pelo AES. O XXTEA ficou em posição intermédia no teste de desempenho, tendo uma relação segurança/desempenho interessante e revelando-se assim uma escolha melhor do que o TDES.The Arduino is a very robust and multifaceted platform used in many situations and, increasingly, a relevant element in the Internet of Things. By providing several wireless communication interfaces, it can be used to control household appliances, doors, temperature sensors, etc. Allowing easy implementation of communication between these "things". In this thesis the main wireless networks used by Arduino (Bluetooth Low Energy [BLE], Wi-Fi and ZigBee) were studied to try to understand which one has the best performance, the advantages and disadvantages of each one, the modules needed to implement each wireless network and what security system are used. These different wireless technologies allow for greater mobility and greater flexibility in the design of network structures than conventional wired networks. However, such networks have a major disadvantage since anyone within the range of the wireless network can intercept the signal being transmitted. Several cryptographic algorithms have been developed to solve and protect the information that is transmitted by these networks. This encrypted data can only be read by devices that have a certain key. Triple Encryption Standard (DES), Advanced Encryption Standard (AES), eXtended TEA (XTEA) and Corrected Block TEA (XXTEA) encryption algorithms are among the best known and currently used algorithms. In this thesis these algorithms have been analyzed to compare their vulnerabilities and to identify the main existing attacks. In order to evaluate the possibility of using Arduino in applications that use wireless communications with security, performance tests were implemented using existing libraries. The results show that the AES is much faster than the other algorithms, offering even greater security. TDES was found to be quite slow, justifying why the algorithm has little used, and why over the years has been replaced by AES. The XXTEA was ranked in the middle of the performance test, having an interesting safety/performance ratio proving it to be a better choice than TDES