61,738 research outputs found
On the Security of 2-Key Triple DES
This paper reconsiders the security offered by 2-key triple DES, an
encryption technique that remains widely used despite recently being
de-standardised by NIST. A generalisation of the 1990 van Oorschot-Wiener
attack is described, constituting the first advance in cryptanalysis of 2-key
triple DES since 1990. We give further attack enhancements that together imply
that the widely used estimate that 2-key triple DES provides 80 bits of
security can no longer be regarded as conservative; the widely stated assertion
that the scheme is secure as long as the key is changed regularly is also
challenged. The main conclusion is that, whilst not completely broken, the
margin of safety for 2-key triple DES is slim, and efforts to replace it, at
least with its 3-key variant, should be pursued with some urgency.Comment: Typos in v1 fixe
Design and Implementation of Triple DES Encryption Scheme
The speed of exhaustive key searches against DES after 1990 began to cause discomfort amongst users of DES. However, users did not want to replace DES as it takes an enormous amount of time and money to change encryption algorithms that are widely adopted and embedded in large security architectures. The DES algorithm was replaced by the Advanced Encryption Standard (AES) by the National Institute of Standards and Technology (NIST). The pragmatic approach was not to abandon the DES completely, but to change the manner in which DES is used. DES is often used in conjunction with Triple DES. It derives from single DES but the technique is used in triplicate and involves three sub keys and key padding when necessary, such as instances where the keys must be increased to 64 bits in length. Known for its compatibility and flexibility, software can easily be converted for Triple DES inclusion. Therefore, it may not be nearly as obsolete as deemed by NIST. This led to the modified schemes of Triple DES (sometimes known as 3DES).3DES is a way to reuse DES implementations, by chaining three instances of DES with different keys. 3DES is believed to still be secure because it requires 2^112 brute-force operations which is not achievable with foreseeable technology. While AES is a totally new encryption that uses the substitution-permutation network, 3DES is just an adaptation to the older DES encryption that relied on the balanced Feistel network. But since it is applied three times, the implementer can choose to have 3 discrete 56 bit keys, or 2identical and 1 discrete, or even three identical keys. This means that 3DES can have encryption key lengths of 168, 112, or 56 bit encryption key lengths respectively. But due to certain vulnerabilities when reapplying the same encryption thrice, it leads to slower performance. In this paper we present a pipelined implementation in VHDL, in Electronic Code Book (EBC) mode, of this commonly used Cryptography scheme with aim to improve performance. We achieve a 48-stage pipeline depth by implementing a TDES key buffer and right rotations in the DES decryption key scheduler. We design and verify our implementation using ModelSim SE 6.3f and Xilinx ISE 8.1i. We gather cost and throughput information from the synthesis and Timing results and compare the performance of our design to common implementations presented in other literatures
Ciphertext and Plaintext Leakage Reveals the Entire TDES Key
SCA(Side-channel analysis) is a well-known method to recover the sensitive data stored in security products. Meanwhile numerous countermeasures for hardware implementation of cryptographic algorithms are proposed to protect the internal data against this attack fortunately. However, some designs are not aware that the protection of the plaintext and ciphertext is also crucial. In this work, we attack an implementation TDES(triple DES) by taking advantage of such leakages detected in a widely used commercial product which is based on the hardware platform that passed the EAL5+ certification. In particular, we guess entire DES keys to construct hypotheses for the intermediate outputs in a TDES calculation. The time cost for this approach is nearly of that by a brute force. Furthermore, if in addition leakage about the key becomes available, the attack costs become practical. That is, reducing the key entropy of every DES key to allows an enumeration of the entire TDES in 21.6 hours
Review on DNA Cryptography
Cryptography is the science that secures data and communication over the
network by applying mathematics and logic to design strong encryption methods.
In the modern era of e-business and e-commerce the protection of
confidentiality, integrity and availability (CIA triad) of stored information
as well as of transmitted data is very crucial. DNA molecules, having the
capacity to store, process and transmit information, inspires the idea of DNA
cryptography. This combination of the chemical characteristics of biological
DNA sequences and classical cryptography ensures the non-vulnerable
transmission of data. In this paper we have reviewed the present state of art
of DNA cryptography.Comment: 31 pages, 12 figures, 6 table
Dynamic Selection of Symmetric Key Cryptographic Algorithms for Securing Data Based on Various Parameters
Most of the information is in the form of electronic data. A lot of
electronic data exchanged takes place through computer applications. Therefore
information exchange through these applications needs to be secure. Different
cryptographic algorithms are usually used to address these security concerns.
However, along with security there are other factors that need to be considered
for practical implementation of different cryptographic algorithms like
implementation cost and performance. This paper provides comparative analysis
of time taken for encryption by seven symmetric key cryptographic algorithms
(AES, DES, Triple DES, RC2, Skipjack, Blowfish and RC4) with variation of
parameters like different data types, data density, data size and key sizes.Comment: 8 pages, 4 figures, Fifth International Conference on Communications
Security & Information Assurance (CSIA 2014) May 24~25, 2014, Delhi, Indi
Quantifying Shannon's Work Function for Cryptanalytic Attacks
Attacks on cryptographic systems are limited by the available computational
resources. A theoretical understanding of these resource limitations is needed
to evaluate the security of cryptographic primitives and procedures. This study
uses an Attacker versus Environment game formalism based on computability logic
to quantify Shannon's work function and evaluate resource use in cryptanalysis.
A simple cost function is defined which allows to quantify a wide range of
theoretical and real computational resources. With this approach the use of
custom hardware, e.g., FPGA boards, in cryptanalysis can be analyzed. Applied
to real cryptanalytic problems, it raises, for instance, the expectation that
the computer time needed to break some simple 90 bit strong cryptographic
primitives might theoretically be less than two years.Comment: 19 page
- …