Analysing the IOBC Authenticated Encryption Mode

Abstract. The idea of combining a very simple form of added plaintext redundancy with a special mode of data encryption to provide data in-tegrity is an old one; however, despite its wide deployment in protocols such as Kerberos, it has largely been superseded by provably secure au-thenticated encryption techniques. In this paper we cryptanalyse a block cipher mode of operation called IOBC, possibly the only remaining en-cryption mode designed for such use that has not previously been ana-lyzed. We show that IOBC is subject to known-plaintext-based forgery attacks with a complexity of around 2n=3, where n is the block cipher block length.

Why have public key infrastructures failed so far

Abstract Purpose -To overview and discuss the technical, economical, legal, and social reasons why public key infrastructures (PKIs) have failed so far, summarizing the lessons learned, and giving expectations about the future development of the field. Design/methodology/approach -A detailed analysis of the developments in the PKI field, pointing out the achievements so far and the issues that still remain unsolved. Findings -The possible reasons for the failure of PKI technology. Originality/value -Identifies and analyses the problems of PKIs considering the different perspectives, i.e. not only the technical issues but also other issues like the economical, legal, and social issues that have also influenced the failure of PKIs

A Reduction-Based Proof for Authentication and Session Key Security in 3-Party Kerberos

Kerberos is one of the earliest network security protocols, providing authentication between clients and servers with the assistance of trusted servers. It remains widely used, notably as the default authentication protocol in Microsoft Active Directory (thus shipped with every major operating system), and is the ancestor of modern single sign-on protocols like OAuth and OpenID Connect. There have been many analyses of Kerberos in the symbolic (Dolev--Yao) model, which is more amenable to computer-aided verification tools than the computational model, but also idealizes messages and cryptographic primitives more. Reduction-based proofs in the computational model can provide assurance against a richer class of adversaries, and proofs with concrete probability analyses help in picking security parameters, but Kerberos has had no such analyses to date. We give a reduction-based security proof of Kerberos authentication and key establishment, focusing on the mandatory 3-party mode. We show that it is a secure authentication protocol under standard assumptions on its encryption scheme; our results can be lifted to apply to quantum adversaries as well. As has been the case for other real-world authenticated key exchange (AKE) protocols, the standard AKE security notion of session key indistinguishability cannot be proven for Kerberos since the session key is used in the protocol itself, breaking indistinguishability. We provide two positive results despite this: we show that the standardized but optional sub-session mode of Kerberos does yield secure session keys, and that the hash of the main session key is also a secure session key under Krawczyk\u27s generalization of the authenticated and confidential channel establishment (ACCE) model

The design of a secure data communication system

The recent results of using a new type of chosen-plaintext attack, which is called differential cryptanalysis, makes most published conventional secret-key block cipher systems vulnerable. The need for a new conventional cipher which resists all known attacks was the main inspiration of this work. The design of a secret-key block cipher algorithm called DCU-Cipher, that resists all known cryptanalysis methods is proposed in this dissertation. The proposed method is workable for either 64-bit plaintext/64-bit ciphertext blocks, or 128-bit plaintext/128-bit ciphertext blocks. The secret key in both styles is 128-bit long. This method has only four rounds and the main transformation function in this cipher algorithm is based on four mixed operations. The proposed method is suitable for both hardware and software implementation. It is also suitable for cryptographic hash function implementations. Two techniques for file and/or data communication encryption are also proposed here. These modes are modified versions of the Cipher-Block Chaining mode, by which the threat of the known-plaintext differential cyptanalytical attack is averted. An intensive investigation of the best known Identity-based key exchange schemes is also presented. The idea behind using such protocols, is providing an authenticated secret-key by using the users identification tockens. These kind of protocols appeared recently and are not standardized as yet. None of these protocols have been compared with previous proposals. Therefore one can not realize the efficiency and the advantages of a new proposed protocol without comparing it with other existing schemes of the same type. The aim of this investigation is to clarify the advantages and the disadvantages of each of the best known schemes and compare these schemes from the complixity and the speed viewpoint