Practical Algebraic Attacks on the Hitag2 Stream Cipher in RFID Transponders

Talk given at eSmart 2010. How to attack the Hitag2 cipher in RFID trannsponders

Strengthening Crypto-1 Cipher Against Algebraic Attacks

In the last few years, several studies addressed the problem of data security in Mifare Classic. One of its weaknesses is the low random number quality. This causes SAT solver attacks to have lower complexity. In order to strengthen Crypto-1 against SAT solver attacks, a modification of the feedback function with better cryptographic properties is proposed. It applies a primitive polynomial companion matrix. SAT solvers cannot directly attack the feedback shift register that uses the modified Boolean feedback function, the register has to be split into smaller groups. Experimental testing showed that the amount of memory and CPU time needed were highest when attacking the modified Crypto-1 using the modified feedback function and the original filter function. In addition, another modified Crypto-1, using the modified feedback function and a modified filter function, had the lowest percentage of revealed variables. It can be concluded that the security strength and performance of the modified Crypto-1 using the modified feedback function and the modified filter function are better than those of the original Crypto-1

A survey on machine learning applied to symmetric cryptanalysis

In this work we give a short review of the recent progresses of machine learning techniques applied to cryptanalysis of symmetric ciphers, with particular focus on artificial neural networks. We start with some terminology and basics of neural networks, to then classify the recent works in two categories: "black-box cryptanalysis", techniques that not require previous information about the cipher, and "neuro-aided cryptanalysis", techniques used to improve existing methods in cryptanalysis

Attacks in Stream Ciphers: A Survey

Nowadays there are different types of attacks in block and stream ciphers. In this work we will present some of the most used attacks on stream ciphers. We will present the newest techniques with an example of usage in a cipher, explain and comment. Previous we will explain the difference between the block ciphers and stream ciphers

Where's Crypto?: Automated Identification and Classification of Proprietary Cryptographic Primitives in Binary Code

The continuing use of proprietary cryptography in embedded systems across many industry verticals, from physical access control systems and telecommunications to machine-to-machine authentication, presents a significant obstacle to black-box security-evaluation efforts. In-depth security analysis requires locating and classifying the algorithm in often very large binary images, thus rendering manual inspection, even when aided by heuristics, time consuming. In this paper, we present a novel approach to automate the identification and classification of (proprietary) cryptographic primitives within binary code. Our approach is based on Data Flow Graph (DFG) isomorphism, previously proposed by Lestringant et al. Unfortunately, their DFG isomorphism approach is limited to known primitives only, and relies on heuristics for selecting code fragments for analysis. By combining the said approach with symbolic execution, we overcome all limitations of their work, and are able to extend the analysis into the domain of unknown, proprietary cryptographic primitives. To demonstrate that our proposal is practical, we develop various signatures, each targeted at a distinct class of cryptographic primitives, and present experimental evaluations for each of them on a set of binaries, both publicly available (and thus providing reproducible results), and proprietary ones. Lastly, we provide a free and open-source implementation of our approach, called Where's Crypto?, in the form of a plug-in for the popular IDA disassembler.Comment: A proof-of-concept implementation can be found at https://github.com/wheres-crypto/wheres-crypt

Extending SAT solvers to cryptographic problems

Abstract. Cryptography ensures the confidentiality and authenticity of information but often relies on unproven assumptions. SAT solvers are a powerful tool to test the hardness of certain problems and have successfully been used to test hardness assumptions. This paper extends a SAT solver to efficiently work on cryptographic problems. The paper further illustrates how SAT solvers process cryptographic functions using automatically generated visualizations, introduces techniques for simplifying the solving process by modifying cipher representations, and demonstrates the feasibility of the approach by solving three stream ciphers. To optimize a SAT solver for cryptographic problems, we extended the solver's input language to support the XOR operation that is common in cryptography. To better understand the inner workings of the adapted solver and to identify bottlenecks, we visualize its execution. Finally, to improve the solving time significantly, we remove these bottlenecks by altering the function representation and by pre-parsing the resulting system of equations. The main contribution of this paper is a new approach to solving cryptographic problems by adapting both the problem description and the solver synchronously instead of tweaking just one of them. Using these techniques, we were able to solve a well-researched stream cipher 2 6 times faster than was previously possible

Criptografía ligera en internet de las cosas para la industria

La Criptografía Ligera o Liviana (Lightweight Cryptography) es uno de los temas de actualidad de la Criptología. Una gran variedad de algoritmos “livianos” han sido diseñados para garantizar Confidencialidad, Autenticidad e Integridad de los datos en dispositivos de lo que se ha dado en llamar Internet de las Cosas (IoT por sus siglas en inglés). Algunos de ellos surgen del ámbito académico y se aplican en la Industria; otros son propietarios, desarrollados por las empresas para satisfacer sus requerimientos de seguridad. En este trabajo se presenta el estado del arte de algunos de tales algoritmos empleados en diferentes dispositivos IoT. Se describen brevemente sus características criptológicas generales y se muestran los diferentes ataques a los que fueron sometidos. Finalmente se enumeran algunas de las tendencias para el diseño e implementación de dichas primitivas.VIII Workshop Seguridad informática.Red de Universidades con Carreras en Informátic

Criptografía ligera en internet de las cosas para la industria

La Criptografía Ligera o Liviana (Lightweight Cryptography) es uno de los temas de actualidad de la Criptología. Una gran variedad de algoritmos “livianos” han sido diseñados para garantizar Confidencialidad, Autenticidad e Integridad de los datos en dispositivos de lo que se ha dado en llamar Internet de las Cosas (IoT por sus siglas en inglés). Algunos de ellos surgen del ámbito académico y se aplican en la Industria; otros son propietarios, desarrollados por las empresas para satisfacer sus requerimientos de seguridad. En este trabajo se presenta el estado del arte de algunos de tales algoritmos empleados en diferentes dispositivos IoT. Se describen brevemente sus características criptológicas generales y se muestran los diferentes ataques a los que fueron sometidos. Finalmente se enumeran algunas de las tendencias para el diseño e implementación de dichas primitivas.VIII Workshop Seguridad informática.Red de Universidades con Carreras en Informátic