Survey and Benchmark of Block Ciphers for Wireless Sensor Networks

Cryptographic algorithms play an important role in the security architecture of wireless sensor networks (WSNs). Choosing the most storage- and energy-efficient block cipher is essential, due to the facts that these networks are meant to operate without human intervention for a long period of time with little energy supply, and that available storage is scarce on these sensor nodes. However, to our knowledge, no systematic work has been done in this area so far.We construct an evaluation framework in which we first identify the candidates of block ciphers suitable for WSNs, based on existing literature and authoritative recommendations. For evaluating and assessing these candidates, we not only consider the security properties but also the storage- and energy-efficiency of the candidates. Finally, based on the evaluation results, we select the most suitable ciphers for WSNs, namely Skipjack, MISTY1, and Rijndael, depending on the combination of available memory and required security (energy efficiency being implicit). In terms of operation mode, we recommend Output Feedback Mode for pairwise links but Cipher Block Chaining for group communications

Characterizations of the Degraded Boolean Function and Cryptanalysis of the SAFER Family

This paper investigates the degradation properties of Boolean functions from the aspects of the distributions of dierences and linear masks, and shows two characterizations of the degraded Boolean function. One is that there exists a linear space of the input dierences, where the dierentials with the zero output dierence have probability 1; Another one is that the input linear masks of the nonzero-correlation linear approximations are included in a linear space. Those two linear spaces are orthogonal spaces. Moreover, the degradation properties are showed about the exponentiation type S-box of the SAFER block ciphers, which are applied to reduce the compute complexity in the zero-correlation linear attacks on 5-round SAFER SK/128, 4(5)-round SAFER+/128(256) and 5(6)-round SAFER++/128(256). In the attacks, some of the linear properties of PHT employed as the linear layer by the SAFER block ciphers are investigated and some zero-correlation approximations for SAFER SK, SAFER+, and SAFER++ are identied, when only the least one or two signicant bits are considered. The results show that more rounds of some of the SAFER block ciphers can be attacked, by considering the degradation properties and the zero-correlation linear relations

A Salad of Block Ciphers

This book is a survey on the state of the art in block cipher design and analysis. It is work in progress, and it has been for the good part of the last three years -- sadly, for various reasons no significant change has been made during the last twelve months. However, it is also in a self-contained, useable, and relatively polished state, and for this reason I have decided to release this \textit{snapshot} onto the public as a service to the cryptographic community, both in order to obtain feedback, and also as a means to give something back to the community from which I have learned much. At some point I will produce a final version -- whatever being a ``final version\u27\u27 means in the constantly evolving field of block cipher design -- and I will publish it. In the meantime I hope the material contained here will be useful to other people

Quantitative security of block ciphers:designs and cryptanalysis tools

Block ciphers probably figure in the list of the most important cryptographic primitives. Although they are used for many different purposes, their essential goal is to ensure confidentiality. This thesis is concerned by their quantitative security, that is, by measurable attributes that reflect their ability to guarantee this confidentiality. The first part of this thesis deals with well know results. Starting with Shannon's Theory of Secrecy, we move to practical implications for block ciphers, recall the main schemes on which nowadays block ciphers are based, and introduce the Luby-Rackoff security model. We describe distinguishing attacks and key-recovery attacks against block ciphers and show how to turn the firsts into the seconds. As an illustration, we recall linear cryptanalysis which is a classical example of statistical cryptanalysis. In the second part, we consider the (in)security of block ciphers against statistical cryptanalytic attacks and develop some tools to perform optimal attacks and quantify their efficiency. We start with a simple setting in which the adversary has to distinguish between two sources of randomness and show how an optimal strategy can be derived in certain cases. We proceed with the practical situation where the cardinality of the sample space is too large for the optimal strategy to be implemented and show how this naturally leads to the concept of projection-based distinguishers, which reduce the sample space by compressing the samples. Within this setting, we re-consider the particular case of linear distinguishers and generalize them to sets of arbitrary cardinality. We show how these distinguishers between random sources can be turned into distinguishers between random oracles (or block ciphers) and how, in this setting, one can generalize linear cryptanalysis to Abelian groups. As a proof of concept, we show how to break the block cipher TOY100, introduce the block cipher DEAN which encrypts blocks of decimal digits, and apply the theory to the SAFER block cipher family. In the last part of this thesis, we introduce two new constructions. We start by recalling some essential notions about provable security for block ciphers and about Serge Vaudenay's Decorrelation Theory, and introduce new simple modules for which we prove essential properties that we will later use in our designs. We then present the block cipher C and prove that it is immune against a wide range of cryptanalytic attacks. In particular, we compute the exact advantage of the best distinguisher limited to two plaintext/ciphertext samples between C and the perfect cipher and use it to compute the exact value of the maximum expected linear probability (resp. differential probability) of C which is known to be inversely proportional to the number of samples required by the best possible linear (resp. differential) attack. We then introduce KFC a block cipher which builds upon the same foundations as C but for which we can prove results for higher order adversaries. We conclude both discussions about C and KFC by implementation considerations

Consequences of Short Term Mobility Across Heterogeneous Risk Environments: The 2014 West African Ebola Outbreak

abstract: In this dissertation the potential impact of some social, cultural and economic factors on Ebola Virus Disease (EVD) dynamics and control are studied. In Chapter two, the inability to detect and isolate a large fraction of EVD-infected individuals before symptoms onset is addressed. A mathematical model, calibrated with data from the 2014 West African outbreak, is used to show the dynamics of EVD control under various quarantine and isolation effectiveness regimes. It is shown that in order to make a difference it must reach a high proportion of the infected population. The effect of EVD-dead bodies has been incorporated in the quarantine effectiveness. In Chapter four, the potential impact of differential risk is assessed. A two-patch model without explicitly incorporate quarantine is used to assess the impact of mobility on communities at risk of EVD. It is shown that the overall EVD burden may lessen when mobility in this artificial high-low risk society is allowed. The cost that individuals in the low-risk patch must pay, as measured by secondary cases is highlighted. In Chapter five a model explicitly incorporating patch-specific quarantine levels is used to show that quarantine a large enough proportion of the population under effective isolation leads to a measurable reduction of secondary cases in the presence of mobility. It is shown that sharing limited resources can improve the effectiveness of EVD effective control in the two-patch high-low risk system. Identifying the conditions under which the low-risk community would be willing to accept the increases in EVD risk, needed to reduce the total number of secondary cases in a community composed of two patches with highly differentiated risks has not been addressed. In summary, this dissertation looks at EVD dynamics within an idealized highly polarized world where resources are primarily in the hands of a low-risk community – a community of lower density, higher levels of education and reasonable health services – that shares a “border” with a high-risk community that lacks minimal resources to survive an EVD outbreak.Dissertation/ThesisDoctoral Dissertation Applied Mathematics 201

The Decriminalisation of Abortion: an Argument for Modernisation

While abortion is now offered as a routine part of modern NHS-funded reproductive healthcare, the legal framework regulating it remains rooted in the punitive, conservative values of the mid-Victorian era. This article argues that this framework is in need of fundamental reform to modernise it in line with the clinical science and moral values of the 21st century. It assesses the current statutory framework regulating abortion against the purposes that are typically claimed to motivate it: the protection of women; and the prevention and condemnation of the intentional destruction of fetal life. It argues that it fails to achieve either of these broad aims and that we should thus remove specific criminal penalties relating to abortion. This, it is suggested, would be likely to have very limited impact on the incidence of abortion but would, however, better recognise contemporary medical realities and moral thinking

X-Risk Analysis for AI Research

Artificial intelligence (AI) has the potential to greatly improve society, but as with any powerful technology, it comes with heightened risks and responsibilities. Current AI research lacks a systematic discussion of how to manage long-tail risks from AI systems, including speculative long-term risks. Keeping in mind the potential benefits of AI, there is some concern that building ever more intelligent and powerful AI systems could eventually result in systems that are more powerful than us; some say this is like playing with fire and speculate that this could create existential risks (x-risks). To add precision and ground these discussions, we provide a guide for how to analyze AI x-risk, which consists of three parts: First, we review how systems can be made safer today, drawing on time-tested concepts from hazard analysis and systems safety that have been designed to steer large processes in safer directions. Next, we discuss strategies for having long-term impacts on the safety of future systems. Finally, we discuss a crucial concept in making AI systems safer by improving the balance between safety and general capabilities. We hope this document and the presented concepts and tools serve as a useful guide for understanding how to analyze AI x-risk