297 research outputs found
Benchmarking Block Ciphers for Wireless Sensor Networks
Choosing the most storage- and energy-efficient block cipher specifically for wireless sensor networks (WSNs) is not as straightforward as it seems. To our knowledge so far, there is no systematic evaluation framework for the purpose. We have identified the candidates of block ciphers suitable for WSNs based on existing literature. For evaluating and assessing these candidates, we have devised a systematic framework that not only considers the security properties but also the storage- and energy-efficency of the candidates. Finally, based on the evaluation results, we have selected the suitable ciphers for WSNs, namely Rijndael for high security and energy efficiency requirements; and MISTY1 for good storage and energy efficiency
Survey and Benchmark of Block Ciphers for Wireless Sensor Networks
Cryptographic algorithms play an important role in the security architecture of wireless sensor networks (WSNs). Choosing the most storage- and energy-efficient block cipher is essential, due to the facts that these networks are meant to operate without human intervention for a long period of time with little energy supply, and that available storage is scarce on these sensor nodes. However, to our knowledge, no systematic work has been done in this area so far.We construct an evaluation framework in which we first identify the candidates of block ciphers suitable for WSNs, based on existing literature and authoritative recommendations. For evaluating and assessing these candidates, we not only consider the security properties but also the storage- and energy-efficiency of the candidates. Finally, based on the evaluation results, we select the most suitable ciphers for WSNs, namely Skipjack, MISTY1, and Rijndael, depending on the combination of available memory and required security (energy efficiency being implicit). In terms of operation mode, we recommend Output Feedback Mode for pairwise links but Cipher Block Chaining for group communications
Multidimensional Zero-Correlation Linear Cryptanalysis of the Block Cipher KASUMI
The block cipher KASUMI is widely used for security in many synchronous
wireless standards. It was proposed by ETSI SAGE for usage in 3GPP (3rd
Generation Partnership Project) ciphering algorthms in 2001. There are a great
deal of cryptanalytic results on KASUMI, however, its security evaluation
against the recent zero-correlation linear attacks is still lacking so far. In
this paper, we select some special input masks to refine the general 5-round
zero-correlation linear approximations combining with some observations on the
functions and then propose the 6-round zero-correlation linear attack on
KASUMI. Moreover, zero-correlation linear attacks on the last 7-round KASUMI
are also introduced under some weak keys conditions. These weak keys take
of the whole key space.
The new zero-correlation linear attack on the 6-round needs about
encryptions with known plaintexts. For the attack under weak keys
conditions on the last 7 round, the data complexity is about known
plaintexts and the time complexity encryptions
Key classification attack on block ciphers
In this paper, security analysis of block ciphers with key length greater
than block length is proposed. When key length is significantly greater than
block length and the statistical distribution of cipher system is like a
uniform distribution, there are more than one key which map fixed input to
fixed output. If a block cipher designed sufficiently random, it is expected
that the key space can be classified into same classes. Using such classes of
keys, our proposed algorithm would be able to recover the key of block cipher
with complexity O(max(2^n, 2^{k-n}) where n is block length and k is key
length. We applied our algorithm to 2- round KASUMI block cipher as sample
block cipher by using weakness of functions that used in KASUMI
Regular complete permutation polynomials over quadratic extension fields
Let be any positive integer which is relatively prime to and
. Let be any permutation polynomials over
is an invertible linear map over
and . In this paper,
we prove that, for suitable and , the map
could be -regular complete permutation polynomials over quadratic extension
fields.Comment: 10 pages. arXiv admin note: substantial text overlap with
arXiv:2212.1286
Eavesdropping on GSM: state-of-affairs
In the almost 20 years since GSM was deployed several security problems have
been found, both in the protocols and in the - originally secret -
cryptography. However, practical exploits of these weaknesses are complicated
because of all the signal processing involved and have not been seen much
outside of their use by law enforcement agencies.
This could change due to recently developed open-source equipment and
software that can capture and digitize signals from the GSM frequencies. This
might make practical attacks against GSM much simpler to perform.
Indeed, several claims have recently appeared in the media on successfully
eavesdropping on GSM. When looking at these claims in depth the conclusion is
often that more is claimed than what they are actually capable of. However, it
is undeniable that these claims herald the possibilities to eavesdrop on GSM
using publicly available equipment.
This paper evaluates the claims and practical possibilities when it comes to
eavesdropping on GSM, using relatively cheap hardware and open source
initiatives which have generated many headlines over the past year. The basis
of the paper is extensive experiments with the USRP (Universal Software Radio
Peripheral) and software projects for this hardware.Comment: 5th Benelux Workshop on Information and System Security (WISSec
2010), November 201
A Practical-Time Attack on the A5/3 Cryptosystem Used in Third Generation GSM Telephony
The privacy of most GSM phone conversations is currently protected by the 20+ years old A5/1 and A5/2 stream ciphers, which were repeatedly shown to be cryptographically weak. They will soon be replaced in third generation networks by a new A5/3 block cipher called KASUMI, which is a modified version of the MISTY cryptosystem. In this paper we describe a new type of attack called a sandwich attack, and use it to construct a simple distinguisher for 7 of the 8 rounds of KASUMI with an amazingly high probability of . By using this distinguisher and analyzing the single remaining round, we can derive the complete 128 bit key of the full KASUMI by using only 4 related keys, data, bytes of memory, and time. These complexities are so small that we have actually simulated the attack in less than two hours on a single PC, and experimentally verified its correctness and complexity. Interestingly, neither our technique nor any other published attack can break MISTY in less than the complexity of exhaustive search, which indicates that the changes made by the GSM Association in moving from MISTY to KASUMI resulted in a much weaker cryptosystem
- …