DOCSLIB.ORG

Fortify Crypto Manifesto

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Fortify Crypto Manifesto Crypto Manifesto Yekaterina Tsipenyuk OʼNeil Security Research Group Fortify Software March 12, 2009 2215 BRIDGEPOINTE PARKWAY, SUITE 400, SAN MATEO, CA 94404 USA P 650 358 5600 F 650 358 4600 WWW.FORTIFY.COM Contents Overview .....................................................................................................3 Cryptographic Hash Functions.................................................................4 Encryption and Encoding Standards.......................................................5 Guidelines for Encryption Keys ...............................................................6 Pseudo-Random Number Generators......................................................7 References .................................................................................................8 2215 BRIDGEPOINTE PARKWAY, SUITE 400, SAN MATEO, CA 94404 USA P 650 358 5600 F 650 358 4600 WWW.FORTIFY.COM Overview Experts in the security community have indicted many commonly used cryptographic algorithms as insecure. Bases for these claims of insecurity often include advances in cryptographic research that have demonstrated previously unknown weakness in algorithms and advances in the computational power of readily available hardware. In the face of an ongoing stream of advice from an active security community, the struggle for software developers has long been to differentiate problems that introduce real risk to their systems from hypothetical research focused on attacks that wonʼt be feasible in the mainstream for years. This document provides best-practice guidelines for using modern cryptography in software systems. These guidelines are backed up by the research of the security community and strive to align themselves with the practical tradeoffs between maximal security and acceptable paranoia. Even though there are a number of cryptographic primitives we could discuss, we limit the scope of this document to the following: • Cryptographic Hashes • Encryption and Encoding • Symmetric and Public Keys • Pseudo-Random Number Generators (PRNGs) The following table summarizes guidelines in each of these areas, which are described in more detail throughout the remainder of the paper: Avoid Use Cryptographic Hashes MD2, MD4, RIPEMD-160, SHA- MD5, SHA-1 224, SHA-256, SHA- 384, SHA-512 Encryption and Encoding RC2, RC4, 3DES, AES DES, Base 64 Encoding Functions Symmetric Keys (AES) < 128 bits >= 128 bits Public Keys (RSA) < 1024 bits >= 2048 bits with OAEP padding Pseudo-Random Number Generators (PRNGs) Statistical Cryptographic PRNGs PRNGs 2215 BRIDGEPOINTE PARKWAY, SUITE 400, SAN MATEO, CA 94404 USA P 650 358 5600 F 650 358 4600 WWW.FORTIFY.COM Cryptographic Hashes The cryptographic hashes RIPEMD, RIPEMD-160, MD2, MD4, MD5, and the SHA family, including SHA-1 SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512 are among the most widely know and used cryptographic hash algorithms. Despite their widespread use, there are security risks associated with several of these algorithms. Collisions have been found in MD2 as early as 1997 [11] and, in 2004, MD2 was found vulnerable to pre-image attacks that enable the recovery of the original value based on its hash [9]. These findings clearly illustrate that MD2 is no longer safe for use in security-sensitive contexts. Researchers at Shandong University discovered attacks on a number of cryptographic functions, including HAVAL-128, MD4, MD5, RIPEMD, and SHA-0. These findings described attacks that found collisions in about 15 minutes [17]. This was the wake-up-call that caused security-space leaders such as Microsoft to ban the use of MD4 and MD5 algorithms by their development teams [4]. Furthermore, a recent research project determined that it was possible to mount a man-in- the-middle attack on Secure Sockets Layer (SSL) by creating rogue certificates issued by rogue Certification Authorities (CAs) with only homegrown array of machines [13]. This attack exploited the weakness that the Shandong researchers had found in MD5. This discovery together with Domain Name System (DNS) weakness demonstrated in the summer of 2008 [5], resulted in the possibility of undetectable phishing attacks on the Internet. This vulnerability was picked up by the United States Computer Emergency Response Team (US-CERT), which now urges software developers, CAs, website owners, and users to avoid implementing MD5 in any capacity [15]. Once the weaknesses in MD4 and MD5 were illustrated, some proposed SHA-1 as a more secure alternative. However, the same researchers from Shandong University showed that collisions can be found in SHA-1 as well, with complexities less than the theoretical bound [16]. Today, Microsoft has banned SHA-1 [4] for internal use and the National Institute for Standards and Technology (NIST) suggests phasing out the use of SHA-1 by 2010 [10]. The Fortify Security Research Group (SRG) recommends that developers avoid using MD2, MD4, MD5, and SHA-1 for computing hashes on sensitive information, such as passwords, certificates or any security-relevant values where it is important avoid collisions and retain pre-image resistance. Fortify Source Code Analyzer (SCA) enforces this by flagging uses of any of these algorithms in code. 2215 BRIDGEPOINTE PARKWAY, SUITE 400, SAN MATEO, CA 94404 USA P 650 358 5600 F 650 358 4600 WWW.FORTIFY.COM Encryption and Encoding There are a number of encryption algorithms that can be used to stop attackers from accessing secrets. Some of the most popular encryption algorithms are RC2, RC4, DES, triple DES (3DES), AES, among others. Microsoft developers misused RC4 on various occasions and Microsoft now prohibits the use of RC4 in code development [4]. One such incident is described by Hongjun Wu [18]: Because the initialization vector (IV) used together with the key to encrypt two different documents remained the same, encryption could be broken by simply XOR-ing two ciphertexts. A number of other attacks on RC4 are known to the security community, including one that famously breaks the Wired Equivalent Privacy (WEP) protocol that uses RC4 in less than a minute [14]. Microsoft has also banned the use of the DES encryption algorithm [4], because it has been broken [3]. Although there are attacks on 3DES, the best attack requires around 232 known plaintexts, 2113 steps, 290 single DES encryptions, and 288 memory, which is currently impractical [8] due to hardware constraints. The National Institute of Standards and Technology suggests phasing out 2-key 3DES by 2010, and 3-key 3DES – by 2030 [1]. There is also some controversy concerning the security of RC2. Although research suggested that RC2 is resistant to differential cryptanalysis, it is still unclear how resistant it is to linear cryptanalysis [7]. RC2 has also demonstrated weaknesses to related-key attacks [6]. Microsoft advises against its use [2]. Many people mistakenly think of base-64 encoding as a form of encryption. Base-64 encoding is useful for transmitting binary data over a communication channel designed to transmit character data. However, considering that its character space is only size 64, the scheme does not attempt to provide the same security guarantees as strong cryptographic encryption algorithms. For this reason, it should not be used for protecting secrets. Fortify SCA issues high-severity warnings when it finds the use of RC4 or DES algorithms and lower severity warnings when it finds the use of RC2. It also issues warnings whenever passwords are base-64 decoded before use. 2215 BRIDGEPOINTE PARKWAY, SUITE 400, SAN MATEO, CA 94404 USA P 650 358 5600 F 650 358 4600 WWW.FORTIFY.COM Guidelines for Encryption Keys The suggested length for symmetric keys (particularly AES keys) is no less than 128 bits, while the suggested length for RSA keys is no less than 1024 bits, with 2048-bit keys providing better security [4][10]. In the case of RSA keys, it is also important to choose the right padding scheme, which can prevent a number of attacks that potentially work against RSA without padding. Public-Key Cryptography Standard (PKCS) #1 v.2.1 recommends the use of Optimal Asymmetric Encryption Padding (OAEP) for new applications [12]. Fortify SCA reports higher severity warnings when the code uses RSA keys with fewer than 1024 bits in length and lower severity warnings when RSA keys are between 1024 and 2048 bits in length. 2215 BRIDGEPOINTE PARKWAY, SUITE 400, SAN MATEO, CA 94404 USA P 650 358 5600 F 650 358 4600 WWW.FORTIFY.COM Pseudo-Random Number Generators When unpredictability is critical, as in most in security-sensitive contexts, it is important to use strong cryptographic rather than statistical PRNGs. Unlike cryptographic PRNGs, statistical pseudo-random number generators produce highly predictable output, which makes it trivial for an attacker to guess the values of generated strings. However, statistical PRNGs are acceptable when predictability is not a concern – for example, for generating the order in which images are displayed in a slideshow application. Fortify SCA reports a warning whenever it encounters the use of a statistical PRNG. 2215 BRIDGEPOINTE PARKWAY, SUITE 400, SAN MATEO, CA 94404 USA P 650 358 5600 F 650 358 4600 WWW.FORTIFY.COM References [1] Elaine Barker, William Barker, William Burr, William Polk, and Miles Smid. “Recommendation for Key Management – Part 1: General (Revised)”. NIST Special Publication 800-57. http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1.pdf . [2] Andrew Cushman. “Microsoft Security Fundamentals”. EUSecWest, London, February 20,
Load more

Recommended publications
  • Improved Related-Key Attacks on DESX and DESX+
    Improved Related-key Attacks on DESX and DESX+ Raphael C.-W. Phan1 and Adi Shamir3 1 Laboratoire de s´ecurit´eet de cryptographie (LASEC), Ecole Polytechnique F´ed´erale de Lausanne (EPFL), CH-1015 Lausanne, Switzerland [email protected] 2 Faculty of Mathematics & Computer Science, The Weizmann Institute of Science, Rehovot 76100, Israel [email protected] Abstract. In this paper, we present improved related-key attacks on the original DESX, and DESX+, a variant of the DESX with its pre- and post-whitening XOR operations replaced with addition modulo 264. Compared to previous results, our attack on DESX has reduced text complexity, while our best attack on DESX+ eliminates the memory requirements at the same processing complexity. Keywords: DESX, DESX+, related-key attack, fault attack. 1 Introduction Due to the DES’ small key length of 56 bits, variants of the DES under multiple encryption have been considered, including double-DES under one or two 56-bit key(s), and triple-DES under two or three 56-bit keys. Another popular variant based on the DES is the DESX [15], where the basic keylength of single DES is extended to 120 bits by wrapping this DES with two outer pre- and post-whitening keys of 64 bits each. Also, the endorsement of single DES had been officially withdrawn by NIST in the summer of 2004 [19], due to its insecurity against exhaustive search. Future use of single DES is recommended only as a component of the triple-DES. This makes it more important to study the security of variants of single DES which increase the key length to avoid this attack.
    [Show full text]
  • Related-Key Statistical Cryptanalysis
    Related-Key Statistical Cryptanalysis Darakhshan J. Mir∗ Poorvi L. Vora Department of Computer Science, Department of Computer Science, Rutgers, The State University of New Jersey George Washington University July 6, 2007 Abstract This paper presents the Cryptanalytic Channel Model (CCM). The model treats statistical key recovery as communication over a low capacity channel, where the channel and the encoding are determined by the cipher and the specific attack. A new attack, related-key recovery – the use of n related keys generated from k independent ones – is defined for all ciphers vulnera- ble to single-key recovery. Unlike classical related-key attacks such as differential related-key cryptanalysis, this attack does not exploit a special structural weakness in the cipher or key schedule, but amplifies the weakness exploited in the basic single key recovery. The related- key-recovery attack is shown to correspond to the use of a concatenated code over the channel, where the relationship among the keys determines the outer code, and the cipher and the attack the inner code. It is shown that there exists a relationship among keys for which the communi- cation complexity per bit of independent key is finite, for any probability of key recovery error. This may be compared to the unbounded communication complexity per bit of the single-key- recovery attack. The practical implications of this result are demonstrated through experiments on reduced-round DES. Keywords: related keys, concatenated codes, communication channel, statistical cryptanalysis, linear cryptanalysis, DES Communicating Author: Poorvi L. Vora, [email protected] ∗This work was done while the author was in the M.S.
    [Show full text]
  • Related-Key Cryptanalysis of 3-WAY, Biham-DES,CAST, DES-X, Newdes, RC2, and TEA
    Related-Key Cryptanalysis of 3-WAY, Biham-DES,CAST, DES-X, NewDES, RC2, and TEA John Kelsey Bruce Schneier David Wagner Counterpane Systems U.C. Berkeley kelsey,schneier @counterpane.com [email protected] f g Abstract. We present new related-key attacks on the block ciphers 3- WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA. Differen- tial related-key attacks allow both keys and plaintexts to be chosen with specific differences [KSW96]. Our attacks build on the original work, showing how to adapt the general attack to deal with the difficulties of the individual algorithms. We also give specific design principles to protect against these attacks. 1 Introduction Related-key cryptanalysis assumes that the attacker learns the encryption of certain plaintexts not only under the original (unknown) key K, but also under some derived keys K0 = f(K). In a chosen-related-key attack, the attacker specifies how the key is to be changed; known-related-key attacks are those where the key difference is known, but cannot be chosen by the attacker. We emphasize that the attacker knows or chooses the relationship between keys, not the actual key values. These techniques have been developed in [Knu93b, Bih94, KSW96]. Related-key cryptanalysis is a practical attack on key-exchange protocols that do not guarantee key-integrity|an attacker may be able to flip bits in the key without knowing the key|and key-update protocols that update keys using a known function: e.g., K, K + 1, K + 2, etc. Related-key attacks were also used against rotor machines: operators sometimes set rotors incorrectly.
    [Show full text]
  • Performance and Energy Efficiency of Block Ciphers in Personal Digital Assistants
    Performance and Energy Efficiency of Block Ciphers in Personal Digital Assistants Creighton T. R. Hager, Scott F. Midkiff, Jung-Min Park, Thomas L. Martin Bradley Department of Electrical and Computer Engineering Virginia Polytechnic Institute and State University Blacksburg, Virginia 24061 USA {chager, midkiff, jungmin, tlmartin} @ vt.edu Abstract algorithms may consume more energy and drain the PDA battery faster than using less secure algorithms. Due to Encryption algorithms can be used to help secure the processing requirements and the limited computing wireless communications, but securing data also power in many PDAs, using strong cryptographic consumes resources. The goal of this research is to algorithms may also significantly increase the delay provide users or system developers of personal digital between data transmissions. Thus, users and, perhaps assistants and applications with the associated time and more importantly, software and system designers need to energy costs of using specific encryption algorithms. be aware of the benefits and costs of using various Four block ciphers (RC2, Blowfish, XTEA, and AES) were encryption algorithms. considered. The experiments included encryption and This research answers questions regarding energy decryption tasks with different cipher and file size consumption and execution time for various encryption combinations. The resource impact of the block ciphers algorithms executing on a PDA platform with the goal of were evaluated using the latency, throughput, energy- helping software and system developers design more latency product, and throughput/energy ratio metrics. effective applications and systems and of allowing end We found that RC2 encrypts faster and uses less users to better utilize the capabilities of PDA devices.
    [Show full text]
  • Hemiunu Used Numerically Tagged Surface Ratios to Mark Ceilings Inside the Great Pyramid Hinting at Designed Spaces Still Hidden Within
    Archaeological Discovery, 2018, 6, 319-337 http://www.scirp.org/journal/ad ISSN Online: 2331-1967 ISSN Print: 2331-1959 Hemiunu Used Numerically Tagged Surface Ratios to Mark Ceilings inside the Great Pyramid Hinting at Designed Spaces Still Hidden Within Manu Seyfzadeh Institute for the Study of the Origins of Civilization (ISOC)1, Boston University’s College of General Studies, Boston, USA How to cite this paper: Seyfzadeh, M. Abstract (2018). Hemiunu Used Numerically Tagged Surface Ratios to Mark Ceilings inside the In 1883, W. M. Flinders Petrie noticed that the vertical thickness and height Great Pyramid Hinting at Designed Spaces of certain stone courses of the Great Pyramid2 of Khufu/Cheops at Giza, Still Hidden Within. Archaeological Dis- Egypt markedly increase compared to those immediately lower periodically covery, 6, 319-337. https://doi.org/10.4236/ad.2018.64016 and conspicuously interrupting a general trend of progressive course thinning towards the summit. Having calculated the surface area of each course, Petrie Received: September 10, 2018 further noted that the courses immediately below such discrete stone thick- Accepted: October 5, 2018 Published: October 8, 2018 ness peaks tended to mark integer multiples of 1/25th of the surface area at ground level. Here I show that the probable architect of the Great Pyramid, Copyright © 2018 by author and Khufu’s vizier Hemiunu, conceptualized its vertical construction design using Scientific Research Publishing Inc. surface areas based on the same numerical principles used to design his own This work is licensed under the Creative Commons Attribution International mastaba in Giza’s western cemetery and conspicuously used this numerical License (CC BY 4.0).
    [Show full text]
  • Development of the Advanced Encryption Standard
    Volume 126, Article No. 126024 (2021) https://doi.org/10.6028/jres.126.024 Journal of Research of the National Institute of Standards and Technology Development of the Advanced Encryption Standard Miles E. Smid Formerly: Computer Security Division, National Institute of Standards and Technology, Gaithersburg, MD 20899, USA [email protected] Strong cryptographic algorithms are essential for the protection of stored and transmitted data throughout the world. This publication discusses the development of Federal Information Processing Standards Publication (FIPS) 197, which specifies a cryptographic algorithm known as the Advanced Encryption Standard (AES). The AES was the result of a cooperative multiyear effort involving the U.S. government, industry, and the academic community. Several difficult problems that had to be resolved during the standard’s development are discussed, and the eventual solutions are presented. The author writes from his viewpoint as former leader of the Security Technology Group and later as acting director of the Computer Security Division at the National Institute of Standards and Technology, where he was responsible for the AES development. Key words: Advanced Encryption Standard (AES); consensus process; cryptography; Data Encryption Standard (DES); security requirements, SKIPJACK. Accepted: June 18, 2021 Published: August 16, 2021; Current Version: August 23, 2021 This article was sponsored by James Foti, Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology (NIST). The views expressed represent those of the author and not necessarily those of NIST. https://doi.org/10.6028/jres.126.024 1. Introduction In the late 1990s, the National Institute of Standards and Technology (NIST) was about to decide if it was going to specify a new cryptographic algorithm standard for the protection of U.S.
    [Show full text]
  • Bruce Schneier 2
    Committee on Energy and Commerce U.S. House of Representatives Witness Disclosure Requirement - "Truth in Testimony" Required by House Rule XI, Clause 2(g)(5) 1. Your Name: Bruce Schneier 2. Your Title: none 3. The Entity(ies) You are Representing: none 4. Are you testifying on behalf of the Federal, or a State or local Yes No government entity? X 5. Please list any Federal grants or contracts, or contracts or payments originating with a foreign government, that you or the entity(ies) you represent have received on or after January 1, 2015. Only grants, contracts, or payments related to the subject matter of the hearing must be listed. 6. Please attach your curriculum vitae to your completed disclosure form. Signatur Date: 31 October 2017 Bruce Schneier Background Bruce Schneier is an internationally renowned security technologist, called a security guru by the Economist. He is the author of 14 books—including the New York Times best-seller Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World—as well as hundreds of articles, essays, and academic papers. His influential newsletter Crypto-Gram and blog Schneier on Security are read by over 250,000 people. Schneier is a fellow at the Berkman Klein Center for Internet and Society at Harvard University, a Lecturer in Public Policy at the Harvard Kennedy School, a board member of the Electronic Frontier Foundation and the Tor Project, and an advisory board member of EPIC and VerifiedVoting.org. He is also a special advisor to IBM Security and the Chief Technology Officer of IBM Resilient.
    [Show full text]
  • Data Encryption Standard
    Data Encryption Standard The Data Encryption Standard (DES /ˌdiːˌiːˈɛs, dɛz/) is a Data Encryption Standard symmetric-key algorithm for the encryption of electronic data. Although insecure, it was highly influential in the advancement of modern cryptography. Developed in the early 1970s atIBM and based on an earlier design by Horst Feistel, the algorithm was submitted to the National Bureau of Standards (NBS) following the agency's invitation to propose a candidate for the protection of sensitive, unclassified electronic government data. In 1976, after consultation with theNational Security Agency (NSA), the NBS eventually selected a slightly modified version (strengthened against differential cryptanalysis, but weakened against brute-force attacks), which was published as an official Federal Information Processing Standard (FIPS) for the United States in 1977. The publication of an NSA-approved encryption standard simultaneously resulted in its quick international adoption and widespread academic scrutiny. Controversies arose out of classified The Feistel function (F function) of DES design elements, a relatively short key length of the symmetric-key General block cipher design, and the involvement of the NSA, nourishing Designers IBM suspicions about a backdoor. Today it is known that the S-boxes that had raised those suspicions were in fact designed by the NSA to First 1975 (Federal Register) actually remove a backdoor they secretly knew (differential published (standardized in January 1977) cryptanalysis). However, the NSA also ensured that the key size was Derived Lucifer drastically reduced such that they could break it by brute force from [2] attack. The intense academic scrutiny the algorithm received over Successors Triple DES, G-DES, DES-X, time led to the modern understanding of block ciphers and their LOKI89, ICE cryptanalysis.
    [Show full text]
  • Security in Sensor Networks in Section 6
    CS 588: Cryptography SSeeccuurriittyy iinn SSeennssoorr NNeettwwoorrkkss By: Stavan Parikh Tracy Barger David Friedman Date: December 6, 2001 Table of Contents 1. INTRODUCTION .................................................................................................................................... 1 2. SENSOR NETWORKS............................................................................................................................ 2 2.1. CONSTRAINTS...................................................................................................................................... 2 2.1.1. Hardware .................................................................................................................................... 2 2.1.2. Energy......................................................................................................................................... 2 2.1.3. Communication & Addressing .................................................................................................... 3 2.1.4. Trust Model................................................................................................................................. 3 2.2. SECURITY REQUIREMENTS .................................................................................................................. 3 2.2.1. Confidentiality............................................................................................................................. 3 2.2.2. Authenticity ................................................................................................................................
    [Show full text]
  • Meet-In-The-Middle Attacks on Reduced-Round XTEA*
    Meet-in-the-Middle Attacks on Reduced-Round XTEA⋆ Gautham Sekar⋆⋆, Nicky Mouha⋆ ⋆ ⋆, Vesselin Velichkov†, and Bart Preneel 1 Department of Electrical Engineering ESAT/SCD-COSIC, Katholieke Universiteit Leuven, Kasteelpark Arenberg 10, B-3001 Heverlee, Belgium. 2 Interdisciplinary Institute for BroadBand Technology (IBBT), Belgium. {Gautham.Sekar,Nicky.Mouha,Vesselin.Velichkov, Bart.Preneel}@esat.kuleuven.be Abstract. The block cipher XTEA, designed by Needham and Wheeler, was published as a technical report in 1997. The cipher was a result of fixing some weaknesses in the cipher TEA (also designed by Wheeler and Needham), which was used in Microsoft’s Xbox gaming console. XTEA is a 64-round Feistel cipher with a block size of 64 bits and a key size of 128 bits. In this paper, we present meet-in-the-middle attacks on twelve vari- ants of the XTEA block cipher, where each variant consists of 23 rounds. Two of these require only 18 known plaintexts and a computational ef- fort equivalent to testing about 2117 keys, with a success probability of 1−2 −1025. Under the standard (single-key) setting, there is no attack re- ported on 23 or more rounds of XTEA, that requires less time and fewer data than the above. This paper also discusses a variant of the classical meet-in-the-middle approach. All attacks in this paper are applicable to XETA as well, a block cipher that has not undergone public analysis yet. TEA, XTEA and XETA are implemented in the Linux kernel. Keywords: Cryptanalysis, block cipher, meet-in-the-middle attack, Feis- tel network, XTEA, XETA.
    [Show full text]
  • Evaluation of Key Dependent S-Box Based Data Security Algorithm Using Hamming Distance and Balanced Output
    TEM J. 2016; 5:67–75 Evaluation of Key Dependent S-Box Based Data Security Algorithm using Hamming Distance and Balanced Output Balajee Maram K 1, J M Gnanasekar 2 1 Research and Development Centre, Bharathiar University, Coimbatore, Dept. of CSE, GMRIT, Rajam, India. 2Department of Computer Science & Engineering, Sri Venkateswara College of Engineering, Sriperumbudur Tamil Nadu, India Abstract: Data security is a major issue because of 1. INTRODUCTION rapid evolution of data communication over unsecured internetwork. Here the proposed system is concerned In digital communication, the data is being with the problem of randomly generated S-box. The captured by hackers [1]. Such type of attacks can be generation of S-box depends on Pseudo-Random- reduced by Data Encryption and Decryption Number-Generators and shared-secret-key. The Algorithms [2]. Symmetric-key encryption and process of Pseudo-Random-Number-Generator Asymmetric-key encryption are two categories of depends on large prime numbers. All Pseudo-Random- Encryption Algorithms. Symmetric-Key Numbers are scrambled according to shared-secret- cryptography algorithms are 1000 times faster than the Asymmetric-encryption algorithms [3]. Still, the key. After scrambling, the S-box is generated. In this data is being exchanged in insecure communication research, large prime numbers are the inputs to the channels [4]. The block ciphers such as DES (Data Pseudo-Random-Number-Generator. The proposed S- Encryption Standard) [5], AES (Advanced box will reduce the complexity of S-box generation. Encryption Standard) [6], and EES (Escrowed Based on S-box parameters, it experimentally Encryption Standard) [7] are popular Cryptography investigates the quality and robustness of the proposed algorithms.
    [Show full text]
  • Applications of Search Techniques to Cryptanalysis and the Construction of Cipher Components. James David Mclaughlin Submitted F
    Applications of search techniques to cryptanalysis and the construction of cipher components. James David McLaughlin Submitted for the degree of Doctor of Philosophy (PhD) University of York Department of Computer Science September 2012 2 Abstract In this dissertation, we investigate the ways in which search techniques, and in particular metaheuristic search techniques, can be used in cryptology. We address the design of simple cryptographic components (Boolean functions), before moving on to more complex entities (S-boxes). The emphasis then shifts from the construction of cryptographic arte- facts to the related area of cryptanalysis, in which we first derive non-linear approximations to S-boxes more powerful than the existing linear approximations, and then exploit these in cryptanalytic attacks against the ciphers DES and Serpent. Contents 1 Introduction. 11 1.1 The Structure of this Thesis . 12 2 A brief history of cryptography and cryptanalysis. 14 3 Literature review 20 3.1 Information on various types of block cipher, and a brief description of the Data Encryption Standard. 20 3.1.1 Feistel ciphers . 21 3.1.2 Other types of block cipher . 23 3.1.3 Confusion and diffusion . 24 3.2 Linear cryptanalysis. 26 3.2.1 The attack. 27 3.3 Differential cryptanalysis. 35 3.3.1 The attack. 39 3.3.2 Variants of the differential cryptanalytic attack . 44 3.4 Stream ciphers based on linear feedback shift registers . 48 3.5 A brief introduction to metaheuristics . 52 3.5.1 Hill-climbing . 55 3.5.2 Simulated annealing . 57 3.5.3 Memetic algorithms . 58 3.5.4 Ant algorithms .
    [Show full text]