1,341 research outputs found
An FPGA implementation of the advanced encryption standard with support for counter and feedback modes
The Advanced Encryption Standard (AES) is a symmetric key block cipher approved by the National Institute of Standards and Technology (NIST). AES replaced the Data Encryption Standard (DES) as a standard encryption algorithm within the United States government. It is widely used in both software and hardware applications and transactions. Different confidentiality modes of operation allow a symmetric key block cipher to provide additional data confidentiality by altering the output in respect to previously processed input data. These modes include Cipher Block Chaining, Cipher Feedback, Output Feedback and Counter modes. Electronic Codebook (ECB) mode does not enhance the confidentiality of the original cipher. This thesis presents an implementation of AES on a field-programmable gate array (FPGA). The design improves upon similar implementations that only employ ECB mode by supporting all five confidentiality modes of operation. The unified design supports all applicable key sizes and offers competitive throughput and resource utilization compared to designs lacking additional confidentiality modes. The design occupies 7452 slices of a Xilinx Virtex-II Pro XC2VP50 and features a maximum clock speed of 56.3 MHz. Throughputs up to 480.427 Mbps, 423.906 Mbps and 379.284 Mbps for 128-bit, 192-bit and 256-bit keys are produced for all five modes of operation. A straightforward level of key agility allows encryption and decryption operations to proceed uninterrupted at the expense of throughput. This feature is ideal when it is necessary to change the key for each block of data. A physical hardware prototype of the design is employed as further demonstration of the design's functional abilities
A new method for format preserving encryption in high-data rate communications
In some encryption systems it is necessary to preserve the format and length of the encrypted data. This kind of encryption is called FPE (Format Preserving Encryption). Currently, only two AES (Advanced Encryption Standard) modes of operation recommended by the NIST (National Institute of Standards and Technology) are able to implement FPE algorithms, FF1 and FF3. These modes work in an electronic codebook fashion and can be configured to encrypt databases with an arbitrary format and length. However, there are no stream cipher proposals able to implement FPE encryption for high data rate information flows. The main novelty of this work is a new block cipher operation mode proposal to implement an FPE algorithm in a stream cipher fashion. It has been called CTR-MOD and it is based on a standard block cipher working in CTR (Counter) mode and a modulo operation. The confidentiality of this mode is analyzed in terms of its IND- CPA (Indistinguishability under Chosen Plaintext Attack) advantage of any adversary attacking it. Moreover, the encryption scheme has been implemented on an FPGA (Field Programmable Gate Array) and has been integrated in a Gigabit Ethernet interface to test an encrypted optical link with a real high data rate traffic flow
Year 2010 Issues on Cryptographic Algorithms
In the financial sector, cryptographic algorithms are used as fundamental techniques for assuring confidentiality and integrity of data used in financial transactions and for authenticating entities involved in the transactions. Currently, the most widely used algorithms appear to be two-key triple DES and RC4 for symmetric ciphers, RSA with a 1024-bit key for an asymmetric cipher and a digital signature, and SHA-1 for a hash function according to international standards and guidelines related to the financial transactions. However, according to academic papers and reports regarding the security evaluation for such algorithms, it is difficult to ensure enough security by using the algorithms for a long time period, such as 10 or 15 years, due to advances in cryptanalysis techniques, improvement of computing power, and so on. To enhance the transition to more secure ones, National Institute of Standards and Technology (NIST) of the United States describes in various guidelines that NIST will no longer approve two-key triple DES, RSA with a 1024-bit key, and SHA-1 as the algorithms suitable for IT systems of the U.S. Federal Government after 2010. It is an important issue how to advance the transition of the algorithms in the financial sector. This paper refers to issues regarding the transition as Year 2010 issues in cryptographic algorithms. To successfully complete the transition by 2010, the deadline set by NIST, it is necessary for financial institutions to begin discussing the issues at the earliest possible date. This paper summarizes security evaluation results of the current algorithms, and describes Year 2010 issues, their impact on the financial industry, and the transition plan announced by NIST. This paper also shows several points to be discussed when dealing with Year 2010 issues.Cryptographic algorithm; Symmetric cipher; Asymmetric cipher; Security; Year 2010 issues; Hash function
High-level Cryptographic Abstractions
The interfaces exposed by commonly used cryptographic libraries are clumsy,
complicated, and assume an understanding of cryptographic algorithms. The
challenge is to design high-level abstractions that require minimum knowledge
and effort to use while also allowing maximum control when needed.
This paper proposes such high-level abstractions consisting of simple
cryptographic primitives and full declarative configuration. These abstractions
can be implemented on top of any cryptographic library in any language. We have
implemented these abstractions in Python, and used them to write a wide variety
of well-known security protocols, including Signal, Kerberos, and TLS.
We show that programs using our abstractions are much smaller and easier to
write than using low-level libraries, where size of security protocols
implemented is reduced by about a third on average. We show our implementation
incurs a small overhead, less than 5 microseconds for shared key operations and
less than 341 microseconds (< 1%) for public key operations. We also show our
abstractions are safe against main types of cryptographic misuse reported in
the literature
A dynamical systems approach to the discrimination of the modes of operation of cryptographic systems
Evidence of signatures associated with cryptographic modes of operation is
established. Motivated by some analogies between cryptographic and dynamical
systems, in particular with chaos theory, we propose an algorithm based on
Lyapunov exponents of discrete dynamical systems to estimate the divergence
among ciphertexts as the encryption algorithm is applied iteratively. The
results allow to distinguish among six modes of operation, namely ECB, CBC,
OFB, CFB, CTR and PCBC using DES, IDEA, TEA and XTEA block ciphers of 64 bits,
as well as AES, RC6, Twofish, Seed, Serpent and Camellia block ciphers of 128
bits. Furthermore, the proposed methodology enables a classification of modes
of operation of cryptographic systems according to their strength.Comment: 14 pages, 10 figure
Recommended from our members
LEE: Light‐Weight Energy‐Efficient encryption algorithm for sensor networks
Data confidentiality in wireless sensor networks is mainly achieved by RC5 and Skipjack encryption algorithms. However, both algorithms have their weaknesses, for example RC5 supports variable-bit rotations, which are computationally expensive operations and Skipjack uses a key length of 80-bits, which is subject to brute force attack. In this paper we introduce a light-weight energy- fficient encryption-algorithm (LEE) for tiny embedded devices, such as sensor network nodes. We present experimental results of LEE under real sensor nodes operating in TinyOS. We also discuss the secrecy of our algorithm by presenting a security analysis of various tests and cryptanalytic attacks
Combining message encryption and authentication
The first part of the paper explains the need for combining message encryption and authentication. We begin with the example to emphasize the fact that privacy‡ does not imply authenticity. Then we prove, one needs both privacy and authenticity, even if one's aim is just getting privacy. In the second part we present an overview of different methods for providing authenticated encryption (AE) i.e. generic compositions, single-pass modes and two-pass combined modes. We analyze what are the advantages and disadvantages of different AE constructions. In the third part of the paper we focus on nonce§ based authenticated encryption modes. Our motivation is the wish to know the methodology of designing authenticated encryption mode of operation. We take into consideration a few most important properties, e.g. parallelizability, memory requirements and pre-processing capability. We analyze possibilities of choice of underlying encryption and authentication components and their order in a message we also try to answer. What does single-key mode really mean? Finally we mention the importance of provable security theory in the security of authenticated encryption modes
- …