Showing papers on "Cipher published in 2005"

Efficient aggregation of encrypted data in wireless sensor networks

Abstract: Wireless sensor networks (WSNs) are ad-hoc networks composed of tiny devices with limited computation and energy capacities. For such devices, data transmission is a very energy-consuming operation. It thus becomes essential to the lifetime of a WSN to minimize the number of bits sent by each device. One well-known approach is to aggregate sensor data (e.g., by adding) along the path from sensors to the sink. Aggregation becomes especially challenging if end-to-end privacy between sensors and the sink is required. In this paper, we propose a simple and provably secure additively homomorphic stream cipher that allows efficient aggregation of encrypted data. The new cipher only uses modular additions (with very small moduli) and is therefore very well suited for CPU-constrained devices. We show that aggregation based on this cipher can be used to efficiently compute statistical values such as mean, variance and standard deviation of sensed data, while achieving significant bandwidth gain.

A block cipher based on a suitable use of the chaotic standard map

Abstract: Due to their features of ergodicity, sensitivity to initial conditions and sensitivity to control parameters, etc., chaotic maps have good potential for information encryption. In this paper, a block cipher based on the chaotic standard map is proposed, which is composed of three parts: a confusion process based on chaotic standard map, a diffusion function, and a key generator. The parameter sensitivity of the standard map is analyzed, and the confusion process based on it is proposed. A diffusion function with high diffusion speed is designed, and a key generator based on the chaotic skew tent map is derived. Some cryptanalysis on the security of the designed cipher is carried out, and its computational complexity is analyzed. Experimental results show that the new cipher has satisfactory security with a low cost, which makes it a potential candidate for encryption of multimedia data such as images, audios and even videos.

A related-key rectangle attack on the full KASUMI

Abstract: KASUMI is an 8-round Feistel block cipher used in the confidentiality and the integrity algorithms of the 3GPP mobile communications. As more and more 3GPP networks are being deployed, more and more users use KASUMI to protect their privacy. Previously known attacks on KASUMI can break up to 6 out of the 8 rounds faster than exhaustive key search, and no attacks on the full KASUMI have been published. In this paper we apply the recently introduced related-key boomerang and rectangle attacks to KASUMI, resulting in an attack that is faster than exhaustive search against the full cipher. We also present a related-key boomerang distinguisher for 6-round KASUMI using only 768 adaptively chosen plaintexts and ciphertexts encrypted or decrypted under four related keys. Recently, it was shown that the security of the entire encryption system of the 3GPP networks cannot be proven using only the “ordinary” assumption that the underlying cipher (KASUMI) is a Pseudo-Random Permutation. It was also shown that if we assume that KASUMI is also secure with respect to differential-based related-key attacks then the security of the entire system can be proven. Our results show that theoretically, KASUMI is not secure with respect to differential-based related-key attacks, and thus, the security of the entire encryption system of the 3GPP cannot be proven at this time.

Enhanced 1-D Chaotic Key-Based Algorithm for Image Encryption

Abstract: A recently proposed Chaotic-Key Based Algorithm (CKBA) has been shown to be unavoidably susceptible to chosen/known-plaintext attacks and ciphertext-only attacks. In this paper we enhance the CKBA algorithm three-fold: 1) we change the 1-D chaotic Logistic map to a piecewise linear chaotic map (PWLCM) to improve the balance property, 2) we increase the key size to 128 bits, and 3) we add two more cryptographic primitives and extend the scheme to operate on multiple rounds so that the chosen/knownplaintext attacks are no longer possible. The new cipher has much stronger security and its performance characteristics remain very good.

Improved time-memory trade-offs with multiple data

Abstract: In this paper we study time/memory/data trade-off attacks from two points of view. We show that Time-Memory trade-off (TMTO) by Hellman may be extended to Time/Memory/Key trade-off. For example, AES with 128-bit key has only 85-bit security if 243 encryptions of an arbitrary fixed text under different keys are available to the attacker. Such attacks are generic and are more practical than some recent high complexity chosen related-key attacks on round-reduced versions of AES. They constitute a practical threat for any cipher with 80-bit or shorter keys and are marginally practical for 128-bit key ciphers. We show that UNIX password scheme even with carefully generated passwords is vulnerable to practical trade-off attacks. Our second contribution is to present a unifying framework for the analysis of multiple data trade-offs. Both Babbage-Golic (BG) and Biryukov-Shamir (BS) formulas can be obtained as special cases of this framework. Moreover we identify a new class of single table multiple data trade-offs which cannot be obtained either as BG or BS trade-off. Finally we consider the analysis of the rainbow method of Oechslin and show that for multiple data, the TMTO curve of the rainbow method is inferior to the TMTO curve of the Hellman method.

Short Paper: Enhanced 1-D Chaotic Key-Based Algorithm for Image Encryption

Abstract: A recently proposed Chaotic-Key Based Algorithm (CKBA) has been shown to be unavoidably susceptible to chosen/known-plaintext attacks and ciphertext-only attacks. In this paper we enhance the CKBA algorithm three-fold: 1) we change the 1-D chaotic Logistic map to a piecewise linear chaotic map (PWLCM) to improve the balance property, 2) we increase the key size to 128 bits, and 3) we add two more cryptographic primitives and extend the scheme to operate on multiple rounds so that the chosen/knownplaintext attacks are no longer possible. The new cipher has much stronger security and its performance characteristics remain very good.

Area Efficient Hardware Implementation of Elliptic Curve Cryptography by Iteratively Applying Karatsuba's Method

Abstract: Securing communication channels is especially needed in wireless environments, but applying cipher mechanisms in software is limited by the calculation and energy resources of mobile devices. If hardware is applied to realize cryptographic operations, cost becomes an issue. We describe an approach which tackles all three of these points. We implemented a hardware accelerator for polynomial multiplication in extended Galois fields (GF) applying Karatsuba's method iteratively. With this approach, the area required is reduced to 2.1 mm/sup 2/ in comparison to 6.2 mm/sup 2/ for the standard application of Karatsuba's method, i.e., for its recursive application. Our approach also reduces the energy consumption to 60 per cent of the original approach. The price we have to pay for this achievement is an increased execution time. In our implementation, a polynomial multiplication takes 3 clock cycles, whereas the recursive Karatsuba approach needs only one clock cycle. However, considering area, energy and calculation speed, we are convinced that the benefits of our approach outweigh its drawback.

Measuring encryption quality for bitmap images encrypted with rijndael and KAMKAR block ciphers

Abstract: mina avman@,yioo.com Abstract: In his piper, the petfarmme of applicalion of fijndxl Cipher (Am) and KAWR Cipher to Bitv images is shrdied comparing the qualiw of encryption of the two ciphers when inlroducing inmge encryption 7be method 01 opplicaiion of the ciphers io EMF images ir explained A mw meme for encryp~iion quality is introduced insteud of judging the encryption quality by mere visual inrpecrion To test this encvption pdity -mmiue, we encrypt the imuges using huo dt@erent ~pproorhes. the Elec@onic Codpbook (ECB) mode grid the Ciph;;j-Bi+k Chaining (CBC) mode. We pr? that +be .numerical re*& given ly &U pnqx~~d m+waring technique agree wilh !hare taken by visual impection MdpreviouE results known wore about the &ormame o/ ECB and CBC mds in image enctyption

Addition of Camellia Cipher Suites to Transport Layer Security (TLS)

Abstract: This document proposes the addition of new cipher suites to the Transport Layer Security (TLS) protocol to support the Camellia encryption algorithm as a bulk cipher algorithm. [STANDARDS-TRACK]

Deciphering of fragmented enciphered data packets

Abstract: The deciphering of fragmented enciphered IP packets is perfomed without requiring reassembly of the fragments fragmented packets. When a first frame is deciphered a characteristic poly-tuple is saved against the state of the cipher, particularly an output vector. When the next frame comes in, the cipher would continue on from that previously saved state after a look-up of the poly-tuple. Each frame would then be sent on, deciphered, but still representing a fragment of the original packet. The poly-tuple employed for the look-up includes the identity and protocol fields from the IP header and at least one of the source IP address and the destination IP address. The deciphering process may commence with the combination of input data with an initialising vector and proceed by combining input data with a vector fed back from the output of the deciphering engine. The saved cipher state is employed as the initialising vector for the next frame.

Symmetric‐key block cipher for image and text cryptography

Abstract: Public-key cryptography has been widely accepted as the method in which data is encrypted, using algorithms such as the widely known and popularly used RSA algorithm. However, management of the public-key and its storage is an on-going issue. To avoid these problems the symmetric-key approach can be taken, where there is only one key and it must be kept secret. Presented in this paper is a new cipher based on symmetric-key cryptography, called the NASA/Kennedy Cipher (N/KC), and further designed as a block cipher using 128-bit blocks. The minimum key size is set at 128 bits with a maximum allowable of 2048 bits, modulus 2. The main focus of this work is encryption of image data for the purpose of protecting intellectual properties. However, empirical results are presented on N/KC's ability of encrypting and decrypting text data in the form of vectors and documents as well. © 2005 Wiley Periodicals, Inc. Int J Imaging Syst Technol, 15, 178–188, 2005

Conditional estimators: an effective attack on A5/1

Abstract: Irregularly-clocked linear feedback shift registers (LFSRs) are commonly used in stream ciphers. We propose to harness the power of conditional estimators for correlation attacks on these ciphers. Conditional estimators compensate for some of the obfuscating effects of the irregular clocking, resulting in a correlation with a considerably higher bias. On GSM's cipher A5/1, a factor two is gained in the correlation bias compared to previous correlation attacks. We mount an attack on A5/1 using conditional estimators and using three weaknesses that we observe in one of A5/1's LFSRs (known as R2). The weaknesses imply a new criterion that should be taken into account by cipher designers. Given 1500–2000 known-frames (about 4.9–9.2 conversation seconds of known keystream), our attack completes within a few tens of seconds to a few minutes on a PC, with a success rate of about 91%. To complete our attack, we present a source of known-keystream in GSM that can provide the keystream for our attack given 3–4 minutes of GSM ciphertext, transforming our attack to a ciphertext-only attack.

System and method for improving client response times using an integrated security and packet optimization framework

Abstract: A system and method for providing integrated secured and optimized packet messaging is described. A plurality of request packets staged in a packet queue from a requesting client and specifying content for retrieval from a destination server are categorized. The content is retrieved from the destination server. The retrieved content is optimized for at least one such request packet. The retrieved content is exchanged as secure content protected using a cipher negotiated with the requesting client for at least one such request packet.

The WG Stream Cipher

Abstract: In this paper we propose a new synchronous stream cipher, called WG cipher. The cipher is based on WG (Welch-Gong) transformations. The WG cipher has been designed to produce keystream with guaranteed randomness properties, i.e., balance, long period, large and exact linear complexity, 3-level additive autocorrelation, and ideal 2-level multiplicative autocorrelation. It is resistant to Time/Memory/Data tradeoff attacks, algebraic attacks and correlation attacks. The cipher can be implemented with a small amount of hardware.

A related-key rectangle attack on the full KASUMI

Abstract: KASUMI is an 8-round Feistel block cipher used in the confidentiality and the integrity algorithms of the 3GPP mobile communications. As more and more 3GPP networks are being deployed, more and more users use KASUMI to protect their privacy. Previously known attacks on KASUMI can break up to 6 out of the 8 rounds faster than exhaustive key search, and no attacks on the full KASUMI have been published. In this paper we apply the recently introduced related-key boomerang and rectangle attacks to KASUMI, resulting in an attack that is faster than exhaustive search against the full cipher. We also present a related-key boomerang distinguisher for 6-round KASUMI using only 768 adaptively chosen plaintexts and ciphertexts encrypted or decrypted under four related keys. Recently, it was shown that the security of the entire encryption system of the 3GPP networks cannot be proven using only the ordinary assumption that the underlying cipher (KASUMI) is a Pseudo-Random Permutation. It was also shown that if we assume that KASUMI is also secure with respect to differential-based related-key attacks then the security of the entire system can be proven. Our results show that theoretically, KASUMI is not secure with respect to differential-based related-key attacks, and thus, the security of the entire encryption system of the 3GPP cannot be proven at this time.

Encryption method, encryption apparatus, data storage distribution apparatus and data delivery system

Abstract: Data to be encrypted is effectively encrypted by a data delivery system for encrypting the data to be encrypted with a transmitting apparatus and decrypting a cipher thereof with a receiving apparatus. In a configuration for encrypting and decrypting the data to be encrypted by using a random number sequence generated by a random number generating portion for generating the random number sequence uniquely decided from an input parameter, the transmitting apparatus generates the input parameter to perform encryption based on metadata of the data to be encrypted while the receiving apparatus generates the input parameter to perform cipher decryption based on the metadata embedded in the data to be encrypted.

The SEED Encryption Algorithm

Abstract: This document describes the SEED encryption algorithm, which has been adopted by most of the security systems in the Republic of Korea. Included are a description of the cipher and the key scheduling algorithm (Section 2), the S-boxes (Appendix A), and a set of test vectors (Appendix B). This memo provides information for the Internet community.

InvMixColumn decomposition and multilevel resource sharing in AES implementations

Abstract: Hardware implementations of cryptography face increasingly more stringent demands for lower cost and greater computational power. In order to meet those demands, more efficient approaches to implementations are needed. This paper presents detailed studies of MixColumn and InvMixColumn operations used in Advanced Encryption Standard that aim at their hardware implementations in constrained environments. Our studies are supported by mathematical analysis of both transformations and lead to efficient serial and parallel decompositions. Furthermore, deeper resource sharing is demonstrated at word-, byte- and bit-level. All derived architectures are evaluated using popular low-cost field-programmable gate arrays. Application of proposed methods resulted in reduction of reconfigurable logic area of the complete cipher by up to 20%.

Memory encryption for digital video

Abstract: A method for protecting data between a circuit and a memory is disclosed. The method generally includes the steps of (A) generating a particular address among a plurality of addresses for accessing a particular area among a plurality of areas in the memory, (B) determining a particular key among a plurality of keys associated with the particular area, (C) generating a cipher stream from both the particular address and the particular key and (D) modifying a data item with the cipher stream such that the data item is encrypted during a transfer between the circuit and the memory.

Method for generating and retrieving index of encrypted document and encrypted document retrieval system

Abstract: PROBLEM TO BE SOLVED: To further accelerate retrieval processing while improving secrecy by generating an index of an encrypted document by a safe method. SOLUTION: A user terminal (terminal apparatus) 12 captures the input of a word to be registered as an index value, encrypts the word, converts the cipher into a certain value by applying unidirectional function operation to convert the bit string of the cipher into a certain length, and turns on a bit position corresponding to each value to register an index value. A data center (center apparatus) 20 generates an index tree by grouping and hierarchically arranging similar indexes out of registered indexes, and when an encrypted retrieval keyword is received, compares the index of the received retrieval keyword with the index tree to determine the existence of a retrieval key. COPYRIGHT: (C)2007,JPO&INPIT

A quantum cipher with near optimal key-recycling

Abstract: Assuming an insecure quantum channel and an authenticated classical channel, we propose an unconditionally secure scheme for encrypting classical messages under a shared key, where attempts to eavesdrop the ciphertext can be detected. If no eavesdropping is detected, we can securely re-use the entire key for encrypting new messages. If eavesdropping is detected, we must discard a number of key bits corresponding to the length of the message, but can re-use almost all of the rest. We show this is essentially optimal. Thus, provided the adversary does not interfere (too much) with the quantum channel, we can securely send an arbitrary number of message bits, independently of the length of the initial key. Moreover, the key-recycling mechanism only requires one-bit feedback. While ordinary quantum key distribution with a classical one time pad could be used instead to obtain a similar functionality, this would need more rounds of interaction and more communication.

How to maximize software performance of symmetric primitives on pentium III and 4 processors

Abstract: This paper discusses the state-of-the-art software optimization methodology for symmetric cryptographic primitives on Pentium III and 4 processors. We aim at maximizing speed by considering the internal pipeline architecture of these processors. This is the first paper studying an optimization of ciphers on Prescott, a new core of Pentium 4. Our AES program with 128-bit key achieves 251 cycles/block on Pentium 4, which is, to our best knowledge, the fastest implementation of AES on Pentium 4. We also optimize SNOW2.0 keystream generator. Our program of SNOW2.0 for Pentium III runs at the rate of 2.75 iops/cycle, which seems the most efficient code ever made for a real-world cipher primitive. For FOX128 block cipher, we propose a technique for speeding-up by interleaving two independent blocks using a register group separation. Finally we consider fast implementation of SHA512 and Whirlpool, two hash functions with a genuine 64-bit architecture. It will be shown that new SIMD instruction sets introduced in Pentium 4 excellently contribute to fast hashing of SHA512.

Py (Roo): A Fast and Secure Stream Cipher using Rolling Arrays.

Abstract: Py (pronounced Roo, a shorthand for Kangaroo) is a new stream cipher designed especially for the Ecrypt stream cipher contest. It is based on a new kind of primitive, which we call Rolling Arrays. It also uses various other ideas from many types of ciphers, including variable rotations and permutations. In some sense, this design is a kind of a new type of rotor machine, which is specially designed with operations that are very efficient in software. The allowed stream size is 2 bytes in each stream (or 2 in the smaller version Py6). The security claims of the cipher are that no key recovery attacks can be performed with complexity smaller than that of exhaustive search, and distinguishing attacks are also impractical with a similar complexity. The speed of the cipher is impressively fast, as it is more than 2.5 times faster than RC4 on a Pentium III (with less than 2.9 cycles/byte when implemented with the API of NESSIE and tested with the NESSIE software).

Encrypting units of work based on a trust level

Abstract: A method, apparatus, system, and signal-bearing medium that, in an embodiment, determine a cipher strength based on a trust level associated with a request, create a unit of work based on the request, encrypt the unit of work into a message based on the cipher strength, and send the message to grid servers. In various embodiments, the trust level may be determined based on a security token associated with the request or based on a zone from which the request originates. In various embodiments, the request originates from a client that belongs to the zone or originates from one of the grid servers that belongs to the zone. In an embodiment, a request from a grid server may be associated with a response to a previous unit of work that the grid server executed.

Methods and systems for communicating over a quantum channel

Abstract: Alice generates a sequence of key bits forming an initial cryptographic key. Alice then uses the sequence of key bits and a sequence of cipher bits to control respective control parameters of a quantum encoding process applied to a sequence of quantum pulses, where the sequence of cipher bits used is known to Bob. Alice then releases the encoded pulses towards Bob over a quantum channel. Bob uses the previously agreed-upon sequence of cipher bits to control a control parameter, such as the quantum basis, of a quantum detection process applied to the pulses received from Alice, thus producing a detection outcome for each received pulse. Bob then derives a final cryptographic key from the detection outcomes. Because the cipher bits used to select the quantum bases used by both Alice and Bob are known by both parties, the method allows the final cryptographic key to be distributed with full basis alignment compared to 50% for BB84, thus allowing efficient quantum key distribution over multiple hops.

General principles of algebraic attacks and new design criteria for cipher components

Abstract: This paper is about the design of multivariate public key schemes, as well as block and stream ciphers, in relation to recent attacks that exploit various types of multivariate algebraic relations. We survey these attacks focusing on their common fundamental principles and on how to avoid them. From this we derive new very general design criteria, applicable for very different cryptographic components. These amount to avoiding (if possible) the existence of, in some sense “too simple” algebraic relations. Though many ciphers that do not satisfy this new paradigm probably still remain secure, the design of ciphers will never be the same again. Keywords: algebraic attacks, polynomial relations, multivariate equations, finite fields, design of cryptographic primitives, generalised linear cryptanalysis, multivariate public key encryption and signature schemes, HFE, Quartz, Sflash, stream ciphers, Boolean functions, combiners with memory, block ciphers, AES, Rijndael, Serpent, elimination methods, Grobner bases.

Robust encryption for secure image transmission over wireless channels

Abstract: The security of multimedia data transmitted over wireless networks is of increased interest. Encryption mechanisms securely transmit multimedia data over insecure networks. A major issue that has received very little attention so far is that the very same properties that gives ciphers (encryption mechanisms) their cryptographic strength make them sensitive to channel errors as well. In addition, this would enhance the error propagation inherent in compressed data. Therefore provision of security for multimedia transmission over wireless channel results in throughput loss. Nevertheless this lost throughput is traded for increased security. To our knowledge there has been no substantial effort to optimize this tradeoff. Opportunistic encryption proposed in this work is a way to optimize the tradeoff between security offered and the throughput lost due to a cipher. We show that opportunistic encryption methods that adapt to channel variations will lead to an overall increase in the system performance. Two broad scenarios based on channel knowledge are considered, (a) exact channel state information up to a finite time horizon is known and (b) only the average signal-to-noise ratio (SNR) is known. Proposed opportunistic encryption framework is found to achieve significant gains in throughput compared to fixed block length encryption methods for a wide range of average SNR values. We have shown that applying opportunistic encryption on JPEG compressed image results in a better quality of received image and improved security compared to fixed block length encryption.

Method and apparatus for securing media access control (MAC) addresses

Abstract: An apparatus and method for securing media access control (MAC) addresses in a wireless local area network (LAN) environment are provided. In the method of securing MAC addresses, a cryptographically generated address (CGA) is generated using a predetermined cipher algorithm, a ciphered MAC address is extracted from the CGA, and communication is performed using the ciphered MAC address. Accordingly, it is possible to strengthen the security of MAC addresses.

Attack the dragon

Abstract: Dragon is a word oriented stream cipher submitted to the ECRYPT project, it operates on key sizes of 128 and 256 bits. The original idea of the design is to use a nonlinear feedback shift register (NLFSR) and a linear part (counter), combined by a filter function to generate a new state of the NLFSR and produce the keystream. The internal state of the cipher is 1088 bits, i.e., any kinds of TMD attacks are not applicable. In this paper we present two statistical distinguishers that distinguish Dragon from a random source both requiring around O(2155) words of the keystream. In the first scenario the time complexity is around O(2155+32) with the memory complexity O(232), whereas the second scenario needs only O(2155) of time, but O(296) of memory. The attack is based on a statistical weakness introduced into the keystream by the filter function F. This is the first paper presenting an attack on Dragon, and it shows that the cipher does not provide full security when the key of size 256 bits is used.