DOCSLIB.ORG

Ciphertext-Only Cryptanalysis on Hardened Mifare Classic Cards Extended

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Ciphertext-Only Cryptanalysis on Hardened Mifare Classic Cards Extended Eindhoven University of Technology MASTER Ciphertext-only cryptanalysis on hardened mifare classic cards extended Meijer, C.F.J. Award date: 2016 Link to publication Disclaimer This document contains a student thesis (bachelor's or master's), as authored by a student at Eindhoven University of Technology. Student theses are made available in the TU/e repository upon obtaining the required degree. The grade received is not published on the document as presented in the repository. The required complexity or quality of research of student theses may vary by program, and the required minimum study period may vary in duration. General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain EINDHOVEN UNIVERSITY OF TECHNOLOGY MASTER THESIS Ciphertext-only Cryptanalysis on Hardened Mifare Classic Cards Extended The paradox of keeping things secret Supervisors: Author: dr. ing. Roel VERDULT Carlo MEIJER prof. dr. Boris SKORIC´ A thesis submitted in fulfilment of the requirements for the degree of Master of Science in Information Security Technology Department of Mathematics and Computer Science August 17, 2016 EINDHOVEN UNIVERSITY OF TECHNOLOGY Abstract Faculty of Computer Science Department of Mathematics and Computer Science Master of Science Ciphertext-only Cryptanalysis on Hardened Mifare Classic Cards Extended The paradox of keeping things secret by Carlo MEIJER Despite a series of attacks, MIFARE Classic is still the world’s most widely de- ployed contactless smartcard on the market. The Classic uses a proprietary stream ci- pher CRYPTO1 to provide confidentiality and mutual authentication between card and reader. However, once the cipher was reverse engineered, many serious vulnerabili- ties surfaced. A number of passive and active attacks were proposed that exploit these vulnerabilities. The most severe key recovery attacks only require wireless interaction with a card. System integrators consider such card-only attacks as one of the most seri- ous threat vectors to their MIFARE Classic-based systems, since it allows the adversary to avoid camera detection, which is often present at an access control entrance or pub- lic transport gate. However, all card-only attacks proposed in the literature depend on implementation mistakes which can easily be mitigated without breaking backwards compatibility with the existing reader infrastructure. Consequently, many manufactures and system integrators started to deploy “fixed” MIFARE Classic cards which are resilient to such vulnerabilities. However, these coun- termeasures are rather palliating and inadequate for a cryptographically insecure ci- pher such as CRYPTO1. In support of this proposition, we present a novel cipher-text card-only attack that exploits a crucial and mandatory step in the authentication proto- col and which solely depends on the cryptographic weaknesses of the CRYPTO1 cipher. Hence, in order to avoid this attack, all cards and readers should be upgraded to sup- port an alternative authentication protocol which inherently breaks their backwards compatibility. Our attack requires only a few minutes of wireless interaction with the card, in an uncontrolled environment and can be performed with consumer-grade hardware. The information obtained allows an adversary to drop the computational complexity from 248 to approximately 230, which enabled us to practically recover a secret key from a hardened MIFARE Classic card in about 5 minutes on an single core consumer laptop. iii Acknowledgements This reasearch is conducted as a master thesis for the master Information Security Technology, which is offered by Eindhoven University of Technology. Though, the entire research took place at the Radboud University Nijmegen. This thesis is an extension of the paper [MV15], by myself and Roel Verdult. This thesis contains, among other extensions, proofs of lemmas that were omitted in the original paper due to space restrictions. Furthermore, a number of errors in the paper have been identified and corrected in this thesis. I would like to take the opportunity to thank my supervisor, Roel Verdult. I still remember my first appearance in Roel’s office, exchanging ideas about what an inter- esting research topic. Although I really liked the idea of performing cryptanalysis on hardened MIFARE Classic, I was reluctant since, at that time, I was neither experienced nor skilled in the field of cryptanalysis. However, Roel pointed me to some literature and convinced me to give it a try. Roel’s confidence in my abilities, useful insights and guidance have been crucial ingredients during this research, as well as for my personal development. It has been a great pleasure to work with you, Roel. The next person I would like to thank is Tanja Lange. She was my intended su- pervisor and has supervised me throughout the research. Unfortunately, due to time constraints, I had to switch to Boris Skori´cduring the time when the graduation took place. Although we didn’t see each other much in person during the research, her feedback has contributed immensely to the quality of my paper and this thesis. As for her contribution: I remember the submission deadline for my paper being 1PM, and receiving the last batch of feedback at 6.39AM, so I still had enough time to merge them in the final revision. I think that says it all. Thank you so much. Finally, I would like to thank Boris Skori´c,who helped me a lot getting all the pa- perwork done for my graduation. I first introduced myself about a month before my defense. Thank you so much for your support and the nice and speedy arrangement. The responsible disclosure, giving a talk at a scientific conference, the media at- tention. Working on this research has been a truly unforgettable experience. Thanks everyone involved for making it possible. v Contents Abstract iii Acknowledgementsv 1 Introduction1 1.1 Research Question...............................2 1.2 Contribution...................................2 1.3 Overview.....................................3 2 Related work5 2.1 General Stream Cipher attacks........................5 2.2 Attacks on MIFARE Classic..........................5 2.2.1 Keystream recovery attack.......................5 2.2.2 Genuine reader attacks.........................6 2.2.3 Card-only attacks............................6 3 Background7 3.1 MIFARE Classic cards.............................7 3.2 Memory Structure................................7 3.3 Notation.....................................8 3.4 Cipher and Tag Nonces.............................8 3.5 Authentication Protocol and Initialization..................9 3.5.1 Nested authentication......................... 10 4 Known Vulnerabilities 11 4.1 Short Key Length................................ 11 4.2 Predictable Nonces............................... 11 4.3 The Nested Authentication.......................... 11 4.4 Parity bits.................................... 12 4.5 Keystream leakage through errors...................... 13 4.6 LFSR Rollback.................................. 13 4.7 Odd Inputs to the Filter Function....................... 13 5 Attacking Mifare Classic 15 5.1 Offline Brute Force Attack........................... 16 5.2 Sum Property.................................. 16 5.3 Splitting the Sum property........................... 19 5.4 Determining the sum property at time 8................... 22 5.5 Differential Analysis.............................. 24 5.5.1 Combining two sum properties.................... 25 5.5.2 Combining additional sum properties................ 26 5.6 Filter Flip Property............................... 27 vii 6 Performance analysis 31 7 Conclusion 35 7.1 Recommendations............................... 36 viii List of Figures 3.2.1 Memory layout of a MIFARE Classic card...................7 3.4.1 Structure of the CRYPTO1 stream cipher...................9 4.4.1 The encryption of parity bits.......................... 12 5.3.1 Sum values and probabilities. Probabilities are obtained by averaging over 8192 random cipher states........................ 22 6.0.1 Median leftover complexity.......................... 31 6.0.2 Leftover search space with the correct key................... 32 6.0.3 Number of samples involved in the statistics................ 33 ix List of Tables 1.0.1 The MIFARE Classic compatible cards.....................2 7.0.1 Comparison of card-only attacks....................... 35 xi Chapter 1 Introduction MIFARE Classic cards occupy a considerable part of the contactless smartcard market. Such cards offer, in addition to simple identification, a modest amount of memory and cryptographic capability, making them suitable for applications such as access control and fare collection systems. The MIFARE Classic cards are still widely deployed in many public transport pay- ment systems. Examples of such systems include the Oyster Card1 in London, the Charlie Card in Boston2, the EasyCard in Taiwan3, and the OV-chipkaart in the Nether- lands4. In addition to public transport, it is also still used for contactless access control systems, integrated in many office buildings, including even high-security
Load more

Recommended publications
  • Methods for Symmetric Key Cryptography and Cryptanalysis EWM Phd Summer School, Turku, June 2009
    Methods for Symmetric Key Cryptography and Cryptanalysis EWM PhD Summer School, Turku, June 2009 Kaisa Nyberg [email protected] Department of Information and Computer Science Helsinki University of Technology and Nokia, Finland Methods for Symmetric Key Cryptography and Cryptanalysis – 1/32 This lecture is dedicated to the memory of Professor Susanne Dierolf a dear and supporting friend, a highly respected colleague, and a great European Woman in Mathematics, who passed away in May 2009 at the age of 64 in Trier, Germany. Methods for Symmetric Key Cryptography and Cryptanalysis – 2/32 Outline 1. Boolean function Linear approximation of Boolean function Related probability distribution 2. Cryptographic encryption primitives Linear approximation of block cipher Linear approximation of stream cipher 3. Cryptanalysis and attack scenarios Key information deduction on block cipher Distinguishing attack on stream cipher Initial state recovery of stream cipher 4. Conclusions Methods for Symmetric Key Cryptography and Cryptanalysis – 3/32 Boolean Functions Methods for Symmetric Key Cryptography and Cryptanalysis – 4/32 Binary vector space n Z 2 the space of n-dimensional binary vectors ¨ sum modulo 2 Given two vectors 1 n 1 n n a = ´a ; : : : ; a µ; b = ´b ; : : : ; b µ ¾ Z 2 the inner product (dot product) is defined as 1 1 n n a ¡ b = a b ¨ ¡ ¡ ¡ ¨ a b : Then a is called the linear mask of b. Methods for Symmetric Key Cryptography and Cryptanalysis – 5/32 Boolean function n f : Z 2 Z 2 Boolean function. Linear Boolean function is of the form f ´x µ = u ¡ x for some n fixed linear mask u ¾ Z 2.
    [Show full text]
  • Politecnico Di Torino
    POLITECNICO DI TORINO Master Degree Course in Electronic Engineering Master Degree Thesis Evaluation of Encryption Algorithm Security in Heterogeneous Platform against Differential Power Analysis Attack Supervisor: Candidate: Prof. Stefano DI CARLO Fiammetta VOLPE Student ID: 235145 A.A. 2017/2018 Summary An embedded system security can be violated at different levels of abstraction: the vulnerability is not only present from software point of view, but also the hardware can be attacked. This thesis is focused on an hardware attack at logic/microelectronic level called Differential Power Analysis (DPA), included in the larger categories of the Power Analysis (PA) and Side-Channel Anal- ysis, catalogued like a passive and non-invasive attack, since it includes the observation of the normal behaviour of the device without any physical alteration. As a consequence, this kind of attack could be extremely dangerous and it doesn’t leave any trace. A DPA attack is essentially based on the principle that the power consumption is correlated to the activity of the device during data encryption, so also to the used encryption key. Thus, using statistical analysis on a sufficiently large number of power traces, it is possible to detect the correct hypothesis for the key. Due to the improvement of FPGAs in terms of capacity and performance and the significant in- crement of the value of handled data, it is essential to do an analysis of the level of vulnerability of the device. For this reason, the MachXO2-7000 FPGA included, together with a STM32F4 CPU and a SLJ52G SECURITY CONTROLLER-SMART CARD, inside the BGA chip SEcubeTM, appositely designed for security goals, is the chosen target for this thesis.
    [Show full text]
  • Generic Attacks on Stream Ciphers
    Generic Attacks on Stream Ciphers John Mattsson Generic Attacks on Stream Ciphers 2/22 Overview What is a stream cipher? Classification of attacks Different Attacks Exhaustive Key Search Time Memory Tradeoffs Distinguishing Attacks Guess-and-Determine attacks Correlation Attacks Algebraic Attacks Sidechannel Attacks Summary Generic Attacks on Stream Ciphers 3/22 What is a stream cipher? Input: Secret key (k bits) Public IV (v bits). Output: Sequence z1, z2, … (keystream) The state (s bits) can informally be defined as the values of the set of variables that describes the current status of the cipher. For each new state, the cipher outputs some bits and then jumps to the next state where the process is repeated. The ciphertext is a function (usually XOR) of the keysteam and the plaintext. Generic Attacks on Stream Ciphers 4/22 Classification of attacks Assumed that the attacker has knowledge of the cryptographic algorithm but not the key. The aim of the attack Key recovery Prediction Distinguishing The information available to the attacker. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-chipertext Generic Attacks on Stream Ciphers 5/22 Exhaustive Key Search Can be used against any stream cipher. Given a keystream the attacker tries all different keys until the right one is found. If the key is k bits the attacker has to try 2k keys in the worst case and 2k−1 keys on average. An attack with a higher computational complexity than exhaustive key search is not considered an attack at all. Generic Attacks on Stream Ciphers 6/22 Time Memory Tradeoffs (state) Large amounts of precomputed data is used to lower the computational complexity.
    [Show full text]
  • Cryptanalysis Techniques for Stream Cipher: a Survey
    International Journal of Computer Applications (0975 – 8887) Volume 60– No.9, December 2012 Cryptanalysis Techniques for Stream Cipher: A Survey M. U. Bokhari Shadab Alam Faheem Syeed Masoodi Chairman, Department of Research Scholar, Dept. of Research Scholar, Dept. of Computer Science, AMU Computer Science, AMU Computer Science, AMU Aligarh (India) Aligarh (India) Aligarh (India) ABSTRACT less than exhaustive key search, then only these are Stream Ciphers are one of the most important cryptographic considered as successful. A symmetric key cipher, especially techniques for data security due to its efficiency in terms of a stream cipher is assumed secure, if the computational resources and speed. This study aims to provide a capability required for breaking the cipher by best-known comprehensive survey that summarizes the existing attack is greater than or equal to exhaustive key search. cryptanalysis techniques for stream ciphers. It will also There are different Attack scenarios for cryptanalysis based facilitate the security analysis of the existing stream ciphers on available resources: and provide an opportunity to understand the requirements for developing a secure and efficient stream cipher design. 1. Ciphertext only attack 2. Known plain text attack Keywords Stream Cipher, Cryptography, Cryptanalysis, Cryptanalysis 3. Chosen plaintext attack Techniques 4. Chosen ciphertext attack 1. INTRODUCTION On the basis of intention of the attacker, the attacks can be Cryptography is the primary technique for data and classified into two categories namely key recovery attack and communication security. It becomes indispensable where the distinguishing attacks. The motive of key recovery attack is to communication channels cannot be made perfectly secure. derive the key but in case of distinguishing attack, the From the ancient times, the two fields of cryptology; attacker’s motive is only to derive the original from the cryptography and cryptanalysis are developing side by side.
    [Show full text]
  • 6.5.4 Nested Authentication Attack
    PDF hosted at the Radboud Repository of the Radboud University Nijmegen The following full text is a publisher's version. For additional information about this publication click this link. http://hdl.handle.net/2066/140089 Please be advised that this information was generated on 2021-10-04 and may be subject to change. The (in)security of proprietary cryptography Roel Verdult Copyright c Roel Verdult, 2015 ISBN: 978-94-6259-622-1 IPA Dissertation Series: 2015-10 URL: http://roel.verdult.xyz/publications/phd_thesis-roel_verdult.pdf Typeset using LATEX The work in this dissertation has been carried out under the auspices of the research school IPA (Institute for Programming research and Algorithmics). For more information, visit http://www.win.tue.nl/ipa/ XY-pic is used for typesetting graphs and diagrams in schematic rep- U x hx,yi resentations of logical composition of visual components. XY-pic allows X ×Z Y p X the style of pictures to match well with the exquisite quality of the y q f g surrounding TEX typeset material [RM99]. For more information, visit Y Z http://xy-pic.sourceforge.net/ msc Example User Machine 1 Machine 2 Machine 3 The message sequence diagrams, charts and protocols in this disserta- control drill test startm1 tion are facilitated by the MSC macro package [MB01, BvDKM13]. It startm2 log continue allows LATEX users to easily include Message Sequence Charts in their free output texts. For more information, visit http://satoss.uni.lu/software/mscpackage/ The graphical art of this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.
    [Show full text]
  • A New Stream Cipher Based on Nonlinear Dynamic System
    2018 26th European Signal Processing Conference (EUSIPCO) A new Stream cipher based on Nonlinear dynamic system 1st O. Mannai 2nd R. Becheikh 3rd R. Rhouma Risc Laboratory Risc Laboratory and S. Belghith National Engineering School of Tunis National Engineering School of Tunis Risc Laboratory Tunis El Manar University Tunis El Manar University National Engineering School of Tunis 1002, Tunis, Tunisia 1002, Tunis, Tunisia Tunis El Manar University email address: [email protected] 1002, Tunis, Tunisia Abstract—In this paper, we introduce a new synchronous very large linear complexity, large period and white-noise stream cipher. The core of the cipher is the Ikeda system which statistics. It is on this basis that, the eSTREAM candidates can be seen as a Nonlinear Feedback Shift Register (NLFSR) of were launched [8] to determine secure and efficient stream length 7 plus one memory. The cipher takes 256-bit key as input and generates in each iteration an output of 16-bits. A single key ciphers that might become useful for widespread adoption. is allowed to generate up to 264 output bits. A security analysis has been carried out and it has been showed that the output In this paper, we propose a new synchronous stream cipher sequence produced by the scheme is pseudorandom in the sense (SSC) where the keystream is generated independently from that they cannot be distinguished from truly random sequence the plaintext. The design of the SSC is based on the Ikeda and resist to well-known stream cipher attacks. system. The specific properties of this chaotic system as the Keywords— Stream ciphers; NLFSR; Distinguishing at- extremely complex chaotic behavior introduces a nonlinearity tack; diffusion; confusion.
    [Show full text]
  • Linear Biases in AEGIS Keystream
    Linear Biases in AEGIS Keystream Brice Minaud ANSSI, 51, boulevard de la Tour-Maubourg, 75700 Paris 07 SP, France [email protected] Abstract. AEGIS is an authenticated cipher introduced at SAC 2013, which takes advantage of AES-NI instructions to reach outstanding speed in software. Like LEX, Fides, as well as many sponge-based designs, AEGIS leaks part of its inner state each round to form a keystream. In this paper, we investigate the existence of linear biases in this keystream. Our main result is a linear mask with bias 2−89 on the AEGIS-256 keystream. The resulting distinguisher can be exploited to recover bits of a partially known message encrypted 2188 times, regardless of the keys used. We also consider AEGIS-128, and find a surprising correlation between ciphertexts at rounds i and i + 2, although the biases would require 2140 data to be detected. Due to their data requirements, neither attack threatens the practical security of the cipher. Key words: Cryptanalysis, AEGIS, CAESAR 1 Introduction Traditional block cipher-based encryption ensures the confidentiality of encrypted data: it is infeasible for anyone to decipher a message without knowledge of the secret encryption key. However there is a compelling need for ciphers achieving at once confidentiality and authenticity; that is, ciphers in- tegrating a form of integrity check guaranteeing that the encrypted message does originate from its purported sender. Any tampering of the data will result in its rejection by the deciphering algorithm. The CAESAR [cae13] authenticated cipher competition, sponsored by the National Institute of Stan- dards and Technology, crystallizes the community's growing interest in this type of cipher.
    [Show full text]
  • Stream Ciphers: a Comparative Study of Attacks and Structures
    International Journal of Computer Applications (0975 – 8887) Volume 83 – No1, December 2013 Stream Ciphers: A Comparative Study of Attacks and Structures Daniyal M. Alghazzawi Syed Hamid Hasan Mohamed Salim Trigui Information Security Research Group Faculty of Computing and Information Technology Department of Information Systems King Abdulaziz University Kingdom of Saudi Arabia ABSTRACT operation modes. S0 & Kc are the initial S-bit and KC Bit In the latest past, research work has been done in the region of cypher key, respectively that the stream cipher is laden with. steam ciphers and as a answer of which, several design The key stream Zt is generated by the output function ‘O’ of the stream cipher at every time interval t. A plain-text digit P models for stream ciphers were projected. In Order to t appreciate a international standard for data encryption that is encrypted by this key stream digit through E, an encryption would prove good in the due course of time, endure the action function, which results in the cipher-text C . Then U, the states of cryptanalysis algorithms and reinforce the security that will t update function updates the state S . the three equations that take longer to be broken, this research work was taken up. t There is no standard model for Stream cipher and their design, state the rules of the encryption process are as follows: in comparison to block ciphers, is based on a number of Z = O(S , K ) structures. We would not try to evaluate the different designs t t c taken up by various stream ciphers, different attacks agreed C = E(P , Z ) out on these stream ciphers and the result of these attacks.
    [Show full text]
  • Photonic Encryption Using All Optical Logic
    SANDIA REPORT SAND 2003-4474 Unlimited Release Printed December 2003 Photonic Encryption using All Optical Logic Jason D Tang, Thomas D Tarman, and Lyndon G Pierson Ethan L. Blansett and G. Allen Vawter Perry J. Robertson and Richard Schroeppel Prepared by Sandia National Laboratories Albuquerque, New Mexico 87185 and Livermore, California 94550 Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear Security Administration under Contract DE-AC04-94AL85000. Approved for public release; further dissemination unlimited. Issued by Sandia National Laboratories, operated for the United States Department of Energy by Sandia Corporation. NOTICE: This report was prepared as an account of work sponsored by an agency of the United States Government. Neither the United States Government, nor any agency thereof, nor any of their employees, nor any of their contractors, subcontractors, or their employees, make any warranty, express or implied, or assume any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represent that its use would not infringe privately owned rights. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise, does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States Government, any agency thereof, or any of their contractors or subcontractors. The views and opinions expressed herein do not necessarily state or reflect those of the United States Government, any agency thereof, or any of their contractors. Printed in the United States of America.
    [Show full text]
  • Introduction to Cryptanalysis: Attacking Stream Ciphers
    Introduction to Cryptanalysis: Attacking Stream Ciphers Roel Verdult Institute for Computing and Information Sciences Radboud University Nijmegen, The Netherlands. [email protected] Abstract. This article contains an elementary introduction to the cryptanalysis of stream ciphers. Initially, a few historical examples are given to explain the core aspects of cryptography and the various properties of stream ciphers. We define the mean- ing of cryptographic strength and show how to identify weaknesses in a cryptosystem. Then, we show how these cryptographic weaknesses can be exploited and attacked by a number of cryptanalytic techniques. The academic literature includes many articles there use complex mathematical notations to represent trivial cryptanalytic techniques. Contrarily, this paper tries to put forward the most commonly used cryptanalytic tech- niques by using only simplistic and comprehensible examples. The addressed techniques are used in several scientific articles to mount practical attacks on real cryptosystems. 1 Introduction This manuscript is an excerpt of the third chapter in the doctoral dissertation of Roel Ver- dult [120]. The first chapters of this book contains a theoretical background with an elemen- tary description of security protocols, cryptographic primitives and cryptanalytic attacks. 1.1 Cryptographic strength The strength of a cryptographic algorithm is expressed in the total amount of computations an adversary needs to perform to recover the secret key. It is often referred to as the compu- tational complexity of the cipher. For a perfectly secure cipher, the computational complexity is the same as the key space, sometimes referred to as the entropy of the key. The key space refers to the set of all possible keys and represents the total number of combinations using all secret key bits.
    [Show full text]
  • Improved Cryptanalysis of the Stream Cipher Polar Bear
    中国科技论文在线 http://www.paper.edu.cn C h inese Journa1 of E lectron ics V o1.16,N o.3,July 20 07 Im proved C ryptanalysis of the Stream C ipher P olar B ear冰 H U A N G X iaoli1,2 and W U C huankun1 (1.The S tate K ey Laboratory of Inform ation Security,Institute of S oftw aFe, C hinese A cadem y of Sciences,Beijing 1 00080, C hina) (2.Graduate S chool of C hinese A cadem y of Sciences,Beijing 1 00080, C hina) A b stract ---—— T his PaP er gives a guess-and-.determ ine th e first ev alu a tio n ro u n d ,i.e.,th e eS T R E A M w ish es to carry attack against p olar b ear,w hich is one of th e cand idate p o lar b ea r to th e se con d p h as e o f it. st r e a m c iph e r s o f e STR EA M . V le c h o s e t h r e e d iffler e n t T here are m any attacks ap plicable to stream ciphers,such c le a r t e xt g r o u p s u nd e r di ffe re n t a s s u m p t io n s , a nd o nl y as key recovery attac ks[¨ lin ear cry p tan aly sis[7。,a lge b raic considered the flrst th ree cy cles in each grou P.Som e values , attac k s[ ,引 d istin g u ish in g a tta ck s [2,1 11 a n d so o n . . L a t e ly J . in each gro uP w ere recovered through k now n constant va l— M a ttsso n [101 a n d M H asanzadeh e£以 【9】presented guess—and- u es an d som e relation s in th e p revious and current g rou ps. . W _e recover th e in itial state of p olar bear com pletely w ith determ ine attacks on polar b ear w ith tim e com plexity O (2 ) tim e com plex ity 0 (236·80).In this respect,our results are and O (2 · ) resp ectively. m ugh be tter than that of the tw o recent
    [Show full text]
  • Cryptography on a Customized Network Mathematics And
    Cryptography on a Customized Network Ricardo Martinho Ferreira Miranda Thesis to obtain the Master of Science Degree in Mathematics and Applications Examination Committee Chairperson: Prof. Maria Cristina Sales Viana Serodioˆ Sernadas Supervisor: Prof. Paulo Alexandre Carreira Mateus Co-supervisor: Bruno Neto de Oliveira Tavares Member of the Committee: Prof. Andre´ Nuno Carvalho Souto November 2017 Acknowledgements I want to thank both my supervisors Paulo Mateus and Bruno Tavares for all their support and guid- ance. I would also like to thank my dearest friend Sofia Brito, whose counseling and motivation were crucial aspects in the overcoming of the most difficult moments. i ii Resumo Construir uma rede segura para ser utilizada em aplicac¸oes˜ reais onde ha´ restric¸oes˜ impostas as` capacidades dos elementos da rede e a` transferenciaˆ de informac¸ao˜ necessita uma analise´ crip- tografica´ costumizada de forma a proteger as comunicac¸oes˜ e detectar e minimizar as vulnerabilidades do sistema que poderao˜ ser exploradas. Neste documento, uma rede com essas condic¸oes˜ e´ apre- sentada, procura-se encontrar um esquema topologico´ otimo´ antes de se escolherem os componentes criptograficos´ da rede embutidos nas comunicac¸oes˜ e armazenamento e posteriormente analiza-se a sua seguranc¸a. De entre as alternativas escrutinadas, apenas uma e´ escolhida como a soluc¸ao,˜ por comparac¸ao˜ em termos de performance, seguranc¸a e adaptac¸ao˜ as` restric¸oes˜ impostas. Esta soluc¸ao˜ e´ implementada usando as linguagens de programac¸ao˜ C e Java. Prova-se que os esquemas de encriptac¸ao˜ e protocolos escolhidos sao˜ opc¸oes˜ altamente adequadas e o seu uso na pratica´ e´ acon- selhado.
    [Show full text]