Showing papers on "Key size published in 2008"

Reverse-engineering a cryptographic RFID tag

Abstract: The security of embedded devices often relies on the secrecy of proprietary cryptographic algorithms. These algorithms and their weaknesses are frequently disclosed through reverse-engineering software, but it is commonly thought to be too expensive to reconstruct designs from a hardware implementation alone. This paper challenges that belief by presenting an approach to reverse-engineering a cipher from a silicon implementation. Using this mostly automated approach, we reveal a cipher from an RFID tag that is not known to have a software or micro-code implementation. We reconstruct the cipher from the widely used Mifare Classic RFID tag by using a combination of image analysis of circuits and protocol analysis. Our analysis reveals that the security of the tag is even below the level that its 48-bit key length suggests due to a number of design flaws. Weak random numbers and a weakness in the authentication protocol allow for pre-computed rainbow tables to be used to find any key in a matter of seconds. Our approach of deducing functionality from circuit images is mostly automated, hence it is also feasible for large chips. The assumption that algorithms can be kept secret should therefore to be avoided for any type of silicon chip.

Secure wireless communications: Secret keys through multipath

Abstract: Secure wireless communications is a challenging problem due to the shared nature of the wireless medium. Most existing security protocols apply cryptographic techniques for bit scrambling at the application layer by exploiting a shared secret key between pairs of communicating nodes. However, more recent research argues that multipath propagation - a salient feature of wireless channels - provides a physical resource for secure communications. In this context, we propose a protocol that exploits the inherent randomness in multipath wireless channels for generating secret keys through channel estimation and quantization. Our approach is particularly attractive in wideband channels which exhibit a large number of statistically independent degrees of freedom (DoF), thereby enabling the generation of large, more-secure, keys. We show that the resulting keys are distinct for distinct pairwise links with a probability that increases exponentially with the key-size/channel DoF. We also characterize the probability that the two users sharing a common link generate the same key. This characterization is used to analyze the energy consumption in successful acquisition of a secret key by the two users. For a given key size, our results show that there is an optimum transmit power, and an optimum quantization strategy, that minimizes the energy consumption. The proposed approach to secret key generation through channel quantization also obviates the problem of key pre-distribution inherent to many existing cryptographic approaches.

A block cipher based pseudo random number generator secure against side-channel key recovery

Abstract: We study the security of a block cipher-based pseudorandom number generator (PRNG), both in the black box world and in the physical world, separately. We first show that the construction is a secure PRNG in the ideal cipher model. Then, we demonstrate its security against a Bayesian side-channel key recovery adversary. As a main result, we show that our construction guarantees that the success rate of the adversary does not increase with the number of physical observations, but in a limited and controlled way. Besides, we observe that, under common assumptions on side-channel attack strategies, increasing the security parameter (typically the block cipher key size) by a polynomial factor involves an increase of a side-channel attack complexity by an exponential factor, making the probability of a successful attack negligible. We believe this work provides a first interesting example of the way the algorithmic design of a cryptographic scheme influences its side-channel resistance.

ERAP: ECC Based RFID Authentication Protocol

Abstract: RFID tags are a new generation of small devices used for identification in many applications today. RFID authentication plays an important role in applications where security and privacy is a major concern. As an example, RFID has gained appreciation as an emerging technology to thwart counterfeiting problems. Public key cryptography (PKC) provides an impeccable solution to the counterfeiting problem. One recent family of public key cryptosystem is elliptic curve cryptography (ECC) which is a better choice than RSA cryptographic system because of its shorter key length. In this paper, we propose a secure, mutual offline authentication protocol which is based on ECC. Finally, we present security analysis of our proposed authentication protocol.

A practical attack on KeeLoq

Abstract: KeeLoq is a lightweight block cipher with a 32-bit block size and a 64-bit key. Despite its short key size, it is widely used in remote keyless entry systems and other wireless authentication applications. For example, authentication protocols based on KeeLoq are supposedly used by various car manufacturers in anti-theft mechanisms. This paper presents a practical key recovery attack against KeeLoq that requires 216 known plaintexts and has a time complexity of 244.5 KeeLoq encryptions. It is based on the slide attack and a novel approach to meet-in-the-middle attacks. The fully implemented attack requires 65 minutes to obtain the required data and 7.8 days of calculations on 64 CPU cores. A variant which requires 216 chosen plaintexts needs only 3.4 days on 64 CPU cores. Using only 10 000 euro, an attacker can purchase a cluster of 50 dual core computers that will find the secret key in about two days. We investigated the way KeeLoq is intended to be used in practice and conclude that our attack can be used to subvert the security of real systems. An attacker can acquire chosen plaintexts in practice, and one of the two suggested key derivation schemes for KeeLoq allows to recover the master secret from a single key.

Effect of Security Increment to Symmetric Data Encryption through AES Methodology

Abstract: The selective application of technological and related procedural safeguards is an important responsibility of every organization in providing adequate security to its electronic data systems. Protection of data during transmission or while in storage may be necessary to maintain the confidentiality and integrity of the information represented by the data. The algorithm uniquely defines the mathematical steps required to transform data into a cryptographic cipher and also to transform the cipher back to the original form. Data encryptions standard (DES) use 64 bits block size as well as 64 bits key size that are vulnerable to brute-force, attack. But for both efficiency and security, a larger block size is desirable. The advanced encryption standard (AES,) that uses 128 bit block size as well as 128 bits key size was introduced by NIST In this paper, we showed the effect in security increment through AES methodology. To do this, we propose an algorithm which is higher secure than Rijndael algorithm (by comparing the key size) but less efficient than that. The difference of efficiency between Rijndael and our propose algorithm is very negligible. We explain all this term in this paper.

New Results on the Key Scheduling Algorithm of RC4

Abstract: A new bias is detected in the key scheduling algorithm of RC4 and a novel framework that advantageously combines this new bias with the existing ones is proposed. Using the new bias, a different algorithm is proposed to retrieve the RC4 key given the state table. The new method not only improves the success probability but also provides a more efficient way of calculation in comparison with the previous methods for any key size. The efficiency of the algorithm is demonstrated experimentally. If the key length is 40 bits, the secret key is retrieved with a 99% success rate in 0.007 seconds. The success probability for retrieving the 128 bit RC4 key is also increased significantly. 128-bit key can be retrieved with 3% success rate in 185 seconds and 7.45% success rate in 1572 seconds on a 2.67GHz Intel CPU.

SOSEMANUK: a fast software-oriented stream cipher

Abstract: Sosemanuk is a new synchronous software-oriented stream cipher, corresponding to Profile 1 of the ECRYPT call for stream cipher primitives. Its key length is variable between 128 and 256 bits. It ac- commodates a 128-bit initial value. Any key length is claimed to achieve 128-bit security. The Sosemanuk cipher uses both some basic design principles from the stream cipher SNOW 2.0 and some transformations derived from the block cipher SERPENT. Sosemanuk aims at improv- ing SNOW 2.0 both from the security and from the efficiency points of view. Most notably, it uses a faster IV-setup procedure. It also requires a reduced amount of static data, yielding better performance on several architectures.

Copyright Protection in Wireless Sensor Networks by Watermarking

Abstract: Since the data of wireless sensor networks play an important role in the communication, many strategies have been devised to protect the security of sensor networks. Due to the importance of copyright protection for valuable sensor data, we present a robust watermark algorithm as the solution in this paper. We make use of the numerical characteristic of sending time of the sensor packet to embed watermark. We compare the performance of three watermarking schemes, i.e., the method without key, the method with 8-bit key length, and with 16-bit key length, through conducting lots of simulation experiments. Simulation results show that our scheme can effectively protect the copyright of data while obtaining the tradeoff on computational cost.

Applying Genetic Algorithms for Searching Key-Space of Polyalphabetic Substitution Ciphers.

Abstract: In this paper the Cryptanalysis of polyalphabetic by applying Genetic algorithm is presented. The applicability of Genetic algorithms for searching the key space of encryption scheme is studied. In Vigenere cipher, guessing the key size is done by applying Genetic Algorithm. The frequency analysis is used as an essential factor in objective function.

A novel approach towards realizing optimum data transfer and Automatic Variable Key(AVK) in cryptography

Abstract: Summary High Level Information security needs research and Investigation due to increasing security threats & attacks with increasing volume of Information traffic. In literature huge studies are made but all with a fixed secret key, but variable encryption scheme and key transport protocol. Hardly any research has attempted to address the issue of time variant key, where the secret key will vary from session to session. Shannon documented the theory of perfect secrecy with time variant key. An idea of time variant key in name of Automatic Variable Key has been recently introduced [35]. This paper deals with the efficient transmission of data from source to destination dynamically based on optimum path selection in certain distributed models[6]. The concept behind this security enhancement is that a shared secret key is agreed upon for a session. In order to solve key distribution problem, use of quantum channel[7] for sending information about key is being explored. A single photon can represent a bit 0 or 1. The phase or state of polarization of the photon may be used for identifying the 0 or 1. In this paper it has been shown that security enhancement through quantum channels can be ensured by varying the key, that is, changing the phase using non-orthogonal measurement bases It has also been shown how AVK can be applied in Vernum Cipher. This paper also points out application of AVK (Automatic Variable Key) in curves[8,9], AES[10] , RSA[11,12] , diffusion and message digest [13]and it is shown that it increases security level during transmission.

Secure Localization Using Elliptic Curve Cryptography in Wireless Sensor Networks

Abstract: Summary The crucial problem in Wireless Sensor Networks (WSNs) is position estimation or Localization, due to their dynamic method of deployment. There are several methods in determining their physical locations but the greatest challenge imposed is in communicating with their authenticated neighbors, their precise location in a secured manner. The mutual authentication between sensor nodes is of vital importance i.e. node should only accept and forward their own precise location messages from authenticated neighbors. The objective of this paper is to solve this problem of insecurity in sensor networks. Against the popular belief that public key cryptographic schemes are not practical for sensors, an authentication technique which makes use of Elliptic Curve Cryptography (ECC) along with the TOA positioning scheme is implemented. ECC has got excellent enhanced features which include smaller key size, lesser bandwidth, higher computational capability and lesser hardware. This new technique is compared for its performance with RivestShamir-Adelman (RSA) and Mean Power with Rivest-ShamirAdelman (MPRSA). The simulation results clearly indicate that ECC is well suited for secure localization in sensor networks as it satisfies the constraints of the sensor networks which include minimum bandwidth, power, energy and computational speed.

Improved Nonce Construction Scheme for AES CCMP to Evade Initial Counter Prediction

Abstract: IEEE 802.11i standard offers arguably uncompromised confidentiality and integrity services by utilizing advance encryption standard in counter with cipher block chaining message authentication code protocol (AES CCMP). However the Nonce construction mechanism employed in the standard is weak, leading to Initial Counter prediction. Resultantly, the effective Key Length used for encryption is reduced from 128 to 85 bits and Time Memory Trade Off (TMTO) attack becomes a possibility. In this paper, an improved Nonce construction scheme is proposed for the AES CCMP to effectively prevent Initial Counter Prediction and the possibility of a subsequent TMTO attack. The proposed technique involves randomization of the Nonce value to make it unpredictable. The devised technique can be easily employed as a software upgrade in the existing 802.11i based Wireless Local Area Network (WLAN) devices, without any requirement of hardware up gradation.

Fast Implementation for Modular Inversion and Scalar Multiplication in the Elliptic Curve Cryptography

Abstract: Modular inversion and Scalar multiplication are the kernel for computations in the GF(p) used by many public-key cryptosystem in data security systems. Various algorithms have been used for both software and hardware implementation of GF (p) inversion, but its application is limited because of the constraint of its speed. In this paper, a fast GF(p) inversion algorithm is proposed which can be used in both software and hardware realizations and is particularly suitable for VLSI implementations. Also an efficient algorithm for scalar multiplication in ECC is discussed and the corresponding comparative results are given. The results of numerical tests and performance comparisons manifests that the proposed algorithms can remarkably improve the computational efficiency. Hence, it has practical significance for the implementation of ECC and is expected to be applied to data security.

Network Security Using Biometric and Cryptography

Abstract: We propose a biometrics-based(fingerprint)Encryption / Decryption Scheme, in which unique key is generated using partial portion of combined sender's and receiver's fingerprints. From this unique key a random sequence is generated, which is used as an asymmetric key for both Encryption and Decryption. Above unique Key is send by the sender after Watermaking it in sender's fingerprint along with Encrypted Message. The computational requirement and network security features are addressed. Proposed system has a advantage that for public key, it has not to search from a database and security is maintained.

Implementation of Hardware Encryption Engine for Wireless Communication on a Reconfigurable Instruction Cell Architecture

Abstract: Security issues emerged in recent years as the fast development of wireless technology, especially for mobile devices where computing resources are sparse. This paper presents the implementation of RC4 as well as AES (Advanced Encryption Standard) cipher algorithm, which are widely used in IEEE 802.11 as well as IEEE 802.16 and other standards. The implementations target a novel reconfigurable instruction cell array (RICA) based architecture which has recently been developed, with the aim of achieving low power, high performance and programming flexibility. As our simulation result shows RC4 stream cipher throughput achieves as high as 60 Mbps with 128 bits key size and 1024 bits data buffer packet. The AES algorithm has also been implemented on RICA, achieving a throughput of 55.6 Mbps with typical 128 bits key and 128 bits block size after optimization. Compared to commercial hardware encryption architecture of the same wireless application domain, our architecture exhibits superiority in several aspects.

On fault-based attacks and countermeasures for elliptic curve cryptosystems

Abstract: For some applications, elliptic curve cryptography (ECC) is an attractive choice because it achieves the same level of security with a much smaller key size in comparison with other schemes such as those that are based on integer factorization or discrete logarithm. Unfortunately, cryptosystems including those based on elliptic curves have been subject to attacks. For example, fault-based attacks have been shown to be a real threat in today’s cryptographic implementations. In this thesis, we consider fault-based attacks and countermeasures for ECC. We propose a new fault-based attack against the Montgomery ladder elliptic curve scalar multiplication (ECSM) algorithm. For security reasons, especially to provide resistance against fault-based attacks, it is very important to verify the correctness of computations in ECC applications. We deal with protections to fault attacks against ECSM at two levels: module and algorithm. For protections at the module level, where the underlying scalar multiplication algorithm is not changed, a number of schemes and hardware structures are presented based on re-computation or parallel computation. It is shown that these structures can be used for detecting errors with a very high probability during the computation of ECSM. For protections at the algorithm level, we use the concepts of point verification (PV) and coherency check (CC). We investigate the error detection coverage of PV and CC for the Montgomery ladder ECSM algorithm. Additionally, we propose two algorithms based on the double-and-add-always method that are resistant to the safe error (SE) attack. We demonstrate that one of these algorithms also resists the sign change fault (SCF) attack.

Security proof of differential phase shift quantum key distribution in the noiseless case

Abstract: Differential phase shift quantum key distribution systems have a high potential for achieving high speed key generation. However, its unconditional security proof is still missing, even though it has been proposed for many years. Here, we prove its security against collective attacks with a weak coherent light source in the noiseless case (i.e., no bit error). The only assumptions are that quantum theory is correct, the devices are perfect and trusted and the key size is infinite. Our proof works on threshold detectors. We compute the lower bound of the secret key generation rate using the information-theoretical security proof method. Our final result shows that the lower bound of the secret key generation rate per pulse is linearly proportional to the channel transmission probability if Bob's detection counts obey the binomial distribution.

Dynamic Substitution Model

Abstract: In this paper, we present the Dynamic Substitution Model (DSM) and its variant the Static Substitution Model (SSM). In DSM and SSM, the secret encryption key is divided into a primary key and a secondary key. DSM is a model that allows any block cipher to accept a variable length secondary key, this is achieved by substituting some bits of the cipher's expanded key with the secondary key. SSM is a variant of DSM, where the secondary key length and the positions of the replaced bits of the subkeys are determined in the design time. We used the Advanced Encryption Standard (AES) to demonstrate the usage of DSM and SSM models.

Elliptic Curve Cryptography a new way for encryption

Abstract: Upcoming technologies in the field of information security. The idea of elliptic curve cryptography (ECC), and how it's a better promise for a faster and more secure method of encryption in comparison to the current standards in the public key cryptographic algorithms of RSA. And the possibilities of making more efficient on chip implementation of the ECC and how the work is progressing in the area.

Analysis of RSA over Gaussian Integers Algorithm

Abstract: In this paper we analyze the extended RSA algorithm into the field of Gaussian integers. We examine in depth the perceived advantages of this extension, such as security and efficiency. We found that the extended RSA is slightly less efficient and could be more secure only if RSA is not as strong as factoring (even in this case it is not guaranteed to add security).

Key selection device and process for content-addressable memory

Abstract: A method and a computer readable medium having executable instructions are provided. The method and instructions when executed generates a first look-up key from a group of look-up key units stored in a data storage, generation of the first look up key being completed prior to the completion of a key generation processing cycle. A next look-up key unit from the group of look-up key units stored in the data storage may be skipped over when the next look up key corresponds to a second look-up key that has a key length equal to or smaller than a predetermined key length. A third look-up key unit may be selected from the group of look-up key units, the third look-up key unit associated with a third look-up key having a key length greater than a second predetermined key length, the second predetermined key length being greater than the first predetermined key length. The first look-up key and a portion of the third look-up key sequentially may be output during the same output processing cycle.

Method for realizing user-defined security level

Abstract: The invention discloses a method for realizing the user-defined security level, which relates to the field of the mobile communication and the information security and is invented in order to realize that the user defines the security level himself or herself according to the used service type and service application scenario. The method comprises the steps that: (1) a terminal determines the key length to which the specified security level corresponds according to the mapping relation between the security level and the key length for realizing the security level; (2) the terminal determines the times of the key agreement, N, and negotiates with the network side to generate the security keys with determined length with the number N through N times of the key agreement; (3) the keys with length to which the specified security level corresponds are generated by calculating the security keys with the determined length with the number N. The invention applies few modifications to the 3G network signaling and can realize the user-defined security level on the present 3G network, and generate the security keys with various lengths under the circumstance that the present key agreement process is not changed.

A New Secure E-mail Scheme Based on Elliptic Curve Cryptography Combined Public Key

Abstract: A new secure e-mail system based on elliptic curve cryptography combined public key algorithm is proposed to provide security e-mail services more efficiently and easily. Compared with other secure e-mail protocol such as PGP and S/MIME, it needn't set up the third on-line certificate agent, with less key storage space and low calculation demand, especially suitable for the application in private network and intranet environment.

A High-Speed Design of Montgomery Multiplier

Abstract: With the increase of key length used in public cryptographic algorithms such as RSA and ECC, the speed of Montgomery multiplication becomes a bottleneck. This paper proposes a high speed design of Montgomery multiplier. Firstly, a modified scalable high-radix Montgomery algorithm is proposed to reduce critical path. Secondly, a high-radix clock-saving dataflow is proposed to support high-radix operation and one clock cycle delay in dataflow. Finally, a hardware-reused architecture is proposed to reduce the hardware cost and a parallel radix-16 design of data path is proposed to accelerate the speed. By using HHNEC 0.25 μm standard cell library, the implementation results show that the total cost of Montgomery multiplier is 130 KGates, the clock frequency is 180 MHz and the throughput of 1024-bit RSA encryption is 352 kbps. This design is suitable to be used in high speed RSA or ECC encryption/decryption. As a scalable design, it supports any key-length encryption/decryption up to the size of on-chip memory.

Encrypted-content retrieval system

Abstract: PROBLEM TO BE SOLVED: To provide an encrypted-content retrieval system increasing the speed of a retrieval processing to contents requiring a security protection SOLUTION: An encrypted-content retrieval system prepares a retrieval-object information section containing part of a privacy information carrying out an encryption to be a retrieval object, or an information such as a meta data annexed to the privacy information The encryption is carried out to the retrieval-object information section apart from a privacy information body A cipher key having a key length proper and shorter to the value of the whole retrieval-object information is used for the encryption carried out to the retrieval-object information section When a retrieval is carried out, only the retrieval-object information section is decoded, and a computational complexity required for a decoding processing in the case of the retrieval is reduced by the decoding only of the retrieval-object information section allocating the cipher key having the value of the information higher than the retrieval-object information section and having the long key length COPYRIGHT: (C)2008,JPO&INPIT