Showing papers on "Cipher published in 2010"

Verifiable, leak-resistant encryption and decryption

Abstract: This patent describes techniques usable by devices to encrypt and decrypt sensitive data to in a manner that provides security from external monitoring attacks The encrypting device has access to a base secret cryptographic value (key) that is also known to the decrypting device The sensitive data are decomposed into segments, and each segment is encrypted with a separate encryption key derived from the base key and a message identifier to create a set of encrypted segments The encrypting device uses the base secret cryptographic value to create validators that prove that the encrypted segments for this message identifier were created by a device with access to the base key The decrypting device, upon receiving an encrypted segments and validator(s), uses the validator to verify the message identifier and that the encrypted segment are unmodified, then uses a cryptographic key derived from the base key and message identifier to decrypt the segments Derived keys and validators are produced using methods designed to preserve security even if cipher and hashing operations leak information Embodiments for systems including SoCs, firmware loading, FPGAs and network communications are described

Securing computation against continuous leakage

Abstract: We present a general method to compile any cryptographic algorithm into one which resists side channel attacks of the only computation leaks information variety for an unbounded number of executions. Our method uses as a building block a semantically secure subsidiary bit encryption scheme with the following additional operations: key refreshing, oblivious generation of cipher texts, leakage resilience re-generation, and blinded homomorphic evaluation of one single complete gate (e.g. NAND). Furthermore, the security properties of the subsidiary encryption scheme should withstand bounded leakage incurred while performing each of the above operations. We show how to implement such a subsidiary encryption scheme under the DDH intractability assumption and the existence of a simple secure hardware component. The hardware component is independent of the encryption scheme secret key. The subsidiary encryption scheme resists leakage attacks where the leakage is computable in polynomial time and of length bounded by a constant fraction of the security parameter.

A 3-subset meet-in-the-middle attack: cryptanalysis of the lightweight block cipher KTANTAN

Abstract: In this paper we describe a variant of existing meet-in-the-middle attacks on block ciphers. As an application, we propose meetin-the-middle attacks that are applicable to the KTANTAN family of block ciphers accepting a key of 80 bits. The attacks are due to some weaknesses in its bitwise key schedule. We report an attack of time complexity 275.170 encryptions on the full KTANTAN32 cipher with only 3 plaintext/ciphertext pairs and well as 275.044 encryptions on the full KTANTAN48 and 275.584 encryptions on the full KTANTAN64 with 2 plaintext/ciphertext pairs. All these attacks work in the classical attack model without any related keys. In the differential related-key model, we demonstrate 218- and 174- round differentials holding with probability 1. This shows that a strong related-key property can translate to a successful attack in the nonrelated-key setting. Having extremely low data requirements, these attacks are valid even in RFID-like environments where only a very limited amount of text material may be available to an attacker.

Visual cryptographic steganography in images

Abstract: In today's information age, information sharing and transfer has increased exponentially. The threat of an intruder accessing secret information has been an ever existing concern for the data communication experts. Cryptography and steganography are the most widely used techniques to overcome this threat. Cryptography involves converting a message text into an unreadable cipher. On the other hand, steganography embeds message into a cover media and hides its existence. Both these techniques provide some security of data neither of them alone is secure enough for sharing information over an unsecure communication channel and are vulnerable to intruder attacks. Although these techniques are often combined together to achieve higher levels of security but still there is a need of a highly secure system to transfer information over any communication media minimizing the threat of intrusion. In this paper we propose an advanced system of encrypting data that combines the features of cryptography, steganography along with multimedia data hiding. This system will be more secure than any other these techniques alone and also as compared to steganography and cryptography combined systems Visual steganography is one of the most secure forms of steganography available today. It is most commonly implemented in image files. However embedding data into image changes its color frequencies in a predictable way. To overcome this predictability, we propose the concept of multiple cryptography where the data will be encrypted into a cipher and the cipher will be hidden into a multimedia image file in encrypted format. We shall use traditional cryptographic techniques to achieve data encryption and visual steganography algorithms will be used to hide the encrypted data.

Known plaintext attack on double random phase encoding using fingerprint as key and a method for avoiding the attack

Abstract: We have shown that the application of double random phase encoding (DRPE) to biometrics enables the use of biometrics as cipher keys for binary data encryption. However, DRPE is reported to be vulnerable to known-plaintext attacks (KPAs) using a phase recovery algorithm. In this study, we investigated the vulnerability of DRPE using fingerprints as cipher keys to the KPAs. By means of computational experiments, we estimated the encryption key and restored the fingerprint image using the estimated key. Further, we propose a method for avoiding the KPA on the DRPE that employs the phase retrieval algorithm. The proposed method makes the amplitude component of the encrypted image constant in order to prevent the amplitude component of the encrypted image from being used as a clue for phase retrieval. Computational experiments showed that the proposed method not only avoids revealing the cipher key and the fingerprint but also serves as a sufficiently accurate verification system.

Image Encryption Using Chaos and Block Cipher

Abstract: In this paper, a novel image encryption scheme is proposed based on combination of pixel shuffling and new modified version of simplified AES. Chaotic baker’s map is used for shuffling and improving S-AES efficiency through S-box design. Chaos is used to expand diffusion and confusion in the image. Due to sensitivity to initial conditions, chaotic baker’s map has a good potential for designing dynamic permutation map and S-box. In order to evaluate performance, the proposed algorithm was measured through a series of tests. These tests included visual test and histogram analysis, randomness test, information entropy, encryption quality, correlation analysis, differential analysis and sensitivity analysis. Experimental results show that the new cipher has satisfactory security and is more efficient than AES which makes it a potential candidate for encryption of multimedia data.

Single- and Multi-core Configurable AES Architectures for Flexible Security

Abstract: As networking technology advances, the gap between network bandwidth and network processing power widens. Information security issues add to the need for developing high-performance network processing hardware, particularly that for real-time processing of cryptographic algorithms. This paper presents a configurable architecture for Advanced Encryption Standard (AES) encryption, whose major building blocks are a group of AES processors. Each AES processor provides 219 block cipher schemes with a novel on-the-fly key expansion design for the original AES algorithm and an extended AES algorithm. In this multicore architecture, the memory controller of each AES processor is designed for the maximum overlapping between data transfer and encryption, reducing interrupt handling load of the host processor. This design can be applied to high-speed systems since its independent data paths greatly reduces the input/output bandwidth problem. A test chip has been fabricated for the AES architecture, using a standard 0.25-?m CMOS process. It has a silicon area of 6.29 mm2, containing about 200,500 logic gates, and runs at a 66-MHz clock. In electronic codebook (ECB) and cipher-block chaining (CBC) cipher modes, the throughput rates are 844.9, 704, and 603.4 Mb/s for 128-, 192-, and 256-b keys, respectively. In order to achieve 1-Gb/s throughput (including overhead) at the worst case, we design a multicore architecture containing three AES processors with 0.18-?m CMOS process. The throughput rate of the architecture is between 1.29 and 3.75 Gb/s at 102 MHz. The architecture performs encryption and decryption of large data with 128-b key in CBC mode using on-the-fly key generation and composite field S-box, making it more cost effective (with better thousand-gate/gigabit-per-second ratio) than conventional methods.

Differential Fault Analysis against AES-192 and AES-256 with Minimal Faults

Abstract: The naive implementation of AES is known to be vulnerable to Differential Fault Analysis (DFA). We can findthe key of AES-128 (AES with 128-bit key) with one pair of correct and faulty cipher texts. Recently several works on the extension of the attack to AES with 192 and 256-bit key have been published. Due to the longer key size and the characteristic of AES key schedule, we need subtle caution in attacking AES-192and AES-256. We propose new DFA against AES with 192 and256-bit key. We could retrieve AES-192 key with two pairs of correct and faulty cipher texts. With three pairs we could succeed in finding the key of AES-256. These are the minimal faults among the existing methods.

Differential Fault Analysis on PRESENT Key Schedule

Abstract: PRESENT is a lightweight block cipher designed by A. Bogdanov et al. in 2007 for extremely constrained environments such as RFID tags and sensor networks, where the AES is not suitable for. In this paper, the strength of PRESENT against the differential fault attack on the key schedule is explored. Our attack adopts the nibble oriented model of random faults and assumes that the attacker can induce a single nibble fault on the round key. The attack can efficiently recover the secret key with the computational complexity of $2^{29}$, and sixty-four pairs of correct and faulty cipher texts on average.

An encryption algorithm inspired from DNA

Abstract: DNA cryptography is a new promising direction in cryptography research that emerged with the progress in DNA computing field. DNA can be used not only to store and transmit information, but also to perform computations. The massive parallelism and extraordinary information density inherent in this molecule are exploited for cryptographic purposes, and several DNA based algorithms are proposed for encryption, authentification and so on. The current main difficulties of DNA cryptography are the absence of theoretical basis, the high tech lab requirements and computation limitations. In this paper, a symmetric key bloc cipher algorithm is proposed. It includes a step that simulates ideas from the processes of transcription (transfer from DNA to mRNA) and translation (from mRNA into amino acids). This algorithm is, we believe, efficient in computation and very secure, since it was designed following recommendations of experts in cryptography and focuses on the application of the fundamental principles of Shannon: Confusion and diffusion. Tests were conducted and the results are very satisfactory.

Rotational Rebound Attacks on Reduced Skein

Abstract: In this paper we combine two powerful methods of symmetric cryptanalysis: rotational cryptanalysis and the rebound attack. Rotational cryptanalysis was designed for the analysis of bit-oriented designs like ARX (Addition-Rotation-XOR) schemes. It has been applied to several hash functions and block ciphers, including the new standard SHA-3 (Keccak). The rebound attack is a start-from-the-middle approach for finding differential paths and conforming pairs in byte-oriented designs like Substitution-Permutation networks and AES. We apply our new compositional attack to the reduced version of the hash function Skein, a finalist of the SHA-3 competition. Our attack penetrates more than two thirds of the Skein core--the cipher Threefish, and made the designers to change the submission in order to prevent it. The rebound part of our attack has been significantly enhanced to deliver results on the largest number of rounds. We also use neutral bits and message modification methods from the practice of collision search in MD5 and SHA-1 hash functions. These methods push the rotational property through more rounds than previous analysis suggested, and eventually establish a distinguishing property for the reduced Threefish cipher. We formally prove that such a property cannot be found for an ideal cipher within the complexity limits of our attack. The complexity estimates are supported by extensive experiments.

Cryptanalysis of the DECT standard cipher

Abstract: The DECT Standard Cipher (DSC) is a proprietary 64-bit stream cipher based on irregularly clocked LFSRs and a non-linear output combiner. The cipher is meant to provide confidentiality for cordless telephony. This paper illustrates how the DSC was reverse-engineered from a hardware implementation using custom firmware and information on the structure of the cipher gathered from a patent. Beyond disclosing the DSC, the paper proposes a practical attack against DSC that recovers the secret key from 215 keystreams on a standard PC with a success rate of 50% within hours; somewhat faster when a CUDA graphics adapter is available.

Feedback image encryption algorithm with compound chaotic stream cipher based on perturbation

Abstract: In this paper, two new one-dimensional chaotic functions are designed using Devaney chaotic definition. And a dynamically shifting compound chaotic function is constructed based on the two new one-dimensional chaotic functions. The properties of compound chaotic functions are also proved. A new feedback image encryption algorithm is designed using the new compound chaos and an image pixel permutation, 3D baker scheme is described in detail. In the scheme, a new dynamic block dividing the 3D baker is put forward using the compound chaotic map, and the key space expands. In order to produce avalanche effect and sensitivity of cipher to plaintext, the round times are designed to control the cycle. The entropy analysis, difference analysis, weak-key analysis, statistical analysis, cipher random analysis, and cipher sensibility analysis depending on key and plaintext are introduced to test the security of the new scheme of image encryption. The tests show that the image encryption method passes the random tests of NIST FIPS 140-2(2001) and SP 800-22 standards. This paper also solves the problem of short periods and low precision of one-dimensional chaotic function by perturbation.

Differential fault analysis of HC-128

Abstract: HC-128 is a high speed stream cipher with a 128-bit secret key and a 128-bit initialization vector. It has passed all the three stages of the ECRYPT stream cipher project and is a member of the eSTREAM software portfolio. In this paper, we present a differential fault analysis attack on HC-128. The fault model in which we analyze the cipher is the one in which the attacker is able to fault a random word of the inner state of the cipher but cannot control its exact location nor its new faulted value. To perform the attack, we exploit the fact that some of the inner state words in HC-128 may be utilized several times without being updated. Our attack requires about 7968 faults and recovers the complete internal state of HC-128 by solving a set of 32 systems of linear equations over Z2 in 1024 variables.

A Modified Hill Cipher Involving Interweaving and Iteration

Abstract: This paper deals with a modification of the Hill cipher. In this, we have introduced interweaving in each step of the iteration. The interweaving of the resulting plaintext, at each stage of the iteration, and the multiplication with the key matrix leads to confusion and diffusion. From the cryptanalysis performed in this investigation, we have found that the cipher is a strong one.

Security overhead and performance for aggregation with fragment retransmission (AFR) in very high-speed wireless 802.11 LANs

Abstract: In this paper, we study the overhead introduced by the advanced encryption standard cipher in the context of wireless LANs, specifically at the medium access control layer, as described in the 802.11 standard developed by the 802.11n task group. The advanced encryption standard is incorporated into existing aggregation schemes for 802.11 wireless LANs in order to achieve secure transmission of frames. We compute the maximum throughput, optimal frame, and fragment sizes which can be achieved in this context and compare them to the optimal values when encryption is not used. We evaluate the delay performance of such a scheme in the context of encryption and study asymptotic properties of the medium access control layer efficiency, expected frame size, and throughput.

Grain of Salt --- an Automated Way to Test Stream Ciphers through SAT Solvers

Abstract: In this paper we describe Grain of Salt, a tool developed to automatically test stream ciphers against standard SAT solver-based attacks. The tool takes as input a set of configuration options and the definition of each filter and feedback function of the stream cipher. It outputs a problem in the language of SAT solvers describing the cipher. The tool can automatically generate SAT problem instances for Crypto-1, HiTag2, Grain, Bivium-B and Trivium. In addition, through a simple text-based interface it can be extended to generate problems for any stream cipher that employs shift registers, feedback and filter functions to carry out its work.

Dismantling SecureMemory, CryptoMemory and CryptoRF

Abstract: The Atmel chip families SecureMemory, CryptoMemory, and CryptoRF use a proprietary stream cipher to guarantee authenticity, confidentiality, and integrity. This paper describes the cipher in detail and points out several weaknesses. One is the fact that the three components of the cipher operate largely independently; another is that the intermediate output generated by two of those components is strongly correlated with the generated keystream. For SecureMemory, a single eavesdropped trace is enough to recover the secret key with probability 0.57 in 2^{39} cipher ticks. This is a factor of 2^{31.5} faster than a brute force attack. On a 2 GHz laptop, this takes around 10 minutes. With more traces, the secret key can be recovered with virtual certainty without significant additional cost in time. For CryptoMemory and CryptoRF, if one has 2640 traces it is possible to recover the key in 2^{52} cipher ticks, which is 2^{19} times faster than brute force. On a 50 machine cluster of 2 GHz quad-core machines this would take less than 2 days.

Communication terminal, communication system, communication method and communication program

Abstract: A communication terminal that can adjust which section of a one-time pad cipher key is used and achieve cipher communication when there is a possibility that the one-time pad cipher keys are not completely matched between communication terminals. A cipher key transfer device acquires a one-time pad cipher key from a key sharing system, divides the acquired one-time pad cipher key with a predetermined number of bits, and transfers the same to a mobile communication terminal after converting the same into one-time pad cipher key cartridges. Along with the partner's terminal, the mobile communication terminal negotiates which one-time pad cipher key cartridge will be used to perform cipher communication, decides the one-time pad cipher key cartridge to be used, and begins cipher communication.

Method and system for fetching cipher

Abstract: A method for cipher taking back includes receiving account number desired to take cipher back and sent from applicant client end by server, carrying out interaction of server with applicant client endand contact person client end corresponding said account number to judge whether status certification of applicant is passed or not and generating new cipher for said account number by server as wellas sending new cipher to applicant client end if it is or otherwise ending this time of flow The system used for realizing said method is also disclosed

A Survey on Cryptography and Steganography Methods for Information Security

Abstract: This paper deals with the tidings of cryptography in history, how it has played a vital role in World War -1, World War-2. It also deals with the Substitution, Transposition Cryptographic techniques and Steganography principles which can be used to maintain the confidentiality of computerized and none computerized information files. A number of well known techniques have been adapted for computer usage including the Ceaser cipher, Mono alphabetic cipher, Homophonic substitution, Bale cipher, Play fair cipher, Poly alphabetic cipher, Vigenere Cipher, Onetime pad cipher, Vernam ciphers, Play Color Cipher and usage of rotor machine in Substitutions, Rail fence technique, more complex permutations for more secure transposition and some Steganography principle were briefly discussed with merits and demerits. Finally it gives the broad knowledge on almost all the cryptographic and Steganography principles where a reader or scholar have lot of scope for updating or invention of more secure algorithms to fulfill the global needs in information security.

Tweaking AES

Abstract: In this paper we present a tweak for the key schedule of AES in a form of a few additional basic operations such as rotations and S-boxes. This leads to a new cipher, which we call xAES, and which is resistant against the latest related-key differential attacks found in AES. xAES has a speed benchmark close to the one of AES even in the applications which use a frequent change of the master key.

A dynamic password authentication method and service end system

Abstract: This invention discloses a method for authenticating dynamic ciphered codes including: presetting a corresponding relation of the account number of a user and the number of its mobile terminal device, generating a character string randomly according to the request of the user and sending it to the mobile terminal device, generating cipher prompt information randomly according to the authentication application of the user and sending it to the client end stipulating that character combination of specific bits in the string is the dynamic code of the authentication application this time, the user end inputs dynamic codes according to the character string received by the mobile terminal device and the code prompt information received by the client end to judge the validity of the dynamic code, if it is effective, the authentication is passed.

Impossible differential cryptanalysis on feistel ciphers with SP and SPS round functions

Abstract: Impossible differential cryptanalysis is well known to be effective in analyzing the security of block ciphers. Known result shows that there always exists 5-round impossible differentials of a Feistel cipher with bijective round function. However, if more details of the round function are known, the result could be improved. This paper mainly studies the impossible differentials of Feistel ciphers with both SP and SPS round functions where the linear transformation P is defined over Fn×n2. For Feistel ciphers with SP round functions, any column of P ⊕ P-1 whose Hamming weight is greater than 1 corresponds to some 6-round impossible differentials. The existence of some 7-round impossible differentials can be determined by counting the times that 1 appears at some special positions of P and P-1. Some 8-round impossible differentials can be found by computing the rank of some sub-matrix of P. Impossible differentials of Camellia found by these techniques are well consistent with previously known results. For Feistel ciphers with SPS round functions, by determining the rank of some sub-matrix of P, 6- round impossible differentials can be found, which improves the results on E2 by one round. These results tell that when designing a Feistel cipher with SP or SPS round function where the diffusion layer is selected from Fn×n2, the linear transformation should be chosen carefully to make the cipher secure against impossible differential cryptanalysis.

Comparative Analysis of S-boxes Based on Graphical SAC

Abstract: Substitution box (S-box) is generally the only non-linear component of block cipher. That is why; security of a cipher is centralized on the characteristics of an S-box, which are measure of its resistance against different cryptanalytic techniques. In this regard, it is important to investigate the new designs of S-boxes for these characteristics. In this letter we analyze AES, APA, Gray, Lui J and Graph Isomorphism S-boxes for graphically Strict Avalanche Criterion and also observe that how close these S-boxes are to the original AES in these analyses.

A hybrid approach to steganography embedding at darkest and brightest pixels

Abstract: In this paper we present a technique for secure communication between two parties Alice and Bob We use both cryptography and image steganography We encrypt the secret message by using a new cipher which is extended from Hill cipher Then the cipher text of the secret message is embedded into the carrier image in 6th, 7th and 8th bit locations of the darkest and brightest pixels Here 8th bit means the least significant bit in a byte (ie called LSB) Here brightest pixels means having a gray value in the range 224 to 255 in 8 bit gray scale and darkest pixels means having gray value in the range 0 to 31 in 8 bit gray scale As these darkest and brightest pixels are spread across the image randomly, the intruder will not be able to identify those pixels After embedding the resultant image will be sent to the receiver, the receiver will apply the reverse operation what the sender has done and get the secret information

System and method for managing secure information within a hybrid portable computing device

Abstract: A method and system for managing secure information within a portable computing device are disclosed. The portable computing device includes a program module for communicating with a secure element that is part of the portable computing device. The secure element may receive messages utilizing the decrypted crypto keys derived from a non-padded cipher in order to establish a secure communications channel. The secure element may store at least one of a substantial encryption key for server authentication and a substantial encryption key for decrypting encrypted data stored locally within the portable computing device. If an incorrect password is entered after a predetermined number of times, the secure element may activate security measures which may permanently disable the secure element. To establish secure communications between the secure element and a CPU of the portable computing device, a password based encryption algorithm utilizing a non-padded cipher may be employed.