DOCSLIB.ORG

Design and Implementation of Lightweight and Secure Cryptographic Algorithms for Embedded Devices Lama Sleem

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Design and Implementation of Lightweight and Secure Cryptographic Algorithms for Embedded Devices Lama Sleem Design and implementation of lightweight and secure cryptographic algorithms for embedded devices Lama Sleem To cite this version: Lama Sleem. Design and implementation of lightweight and secure cryptographic algorithms for embedded devices. Cryptography and Security [cs.CR]. Université Bourgogne Franche-Comté, 2020. English. NNT : 2020UBFCD018. tel-03101356 HAL Id: tel-03101356 https://tel.archives-ouvertes.fr/tel-03101356 Submitted on 7 Jan 2021 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. THESE` DE DOCTORAT DE L’ETABLISSEMENT´ UNIVERSITE´ BOURGOGNE FRANCHE-COMTE´ PREPAR´ EE´ A` L’UNIVERSITE´ DE FRANCHE-COMTE´ Ecole´ doctorale n°37 Sciences Pour l’Ingenieur´ et Microtechniques Doctorat d’Informatique par LAMA SLEEM Design and implementation of lightweight and secure cryptographic algorithms for embedded devices Conception et implementation´ d’algorithmes cryptographiques legers´ et securis´ es´ pour dispositifs embarques´ These` present´ ee´ et soutenue a` Belfort, le 17 Janvier 2020 Composition du Jury : OUSSAMA BAZZI PROFESSEUR UNIVERISTE Rapporteur LIBANAISE PIERRE SPITERI PROFESSEUR ENSEEIHT Rapporteur CHRISTOPHE GUYEUX PROFESSEUR Universite´ Bourgogne Examinateur Franche-Comte´ FLAVIEN VERNIER MAˆITRE DE CONFERENCES´ Universite´ Savoie Examinateur Mont Blanc RAPHAEL¨ COUTURIER PROFESSEUR Universite´ Bourgogne Directeur de these` Franche-Comte´ N◦ X X X école doctorale sciences pour l’ingénieur et microtechniques Title: Design and implementation of lightweight and secure cryptographic algorithms for embedded devices Keywords: Image encryption, Encryption, Decryption, Confusion, Diffusion, dynamic key, Security tests. Abstract: Living in an era where new devices are astonishing considering their high capabilities, shedding the light over different aspects this platform possesses. new visions and terms have emerged. Moving to smart phones, Wireless Sensor Then, in order to propose any new security solution and validate its robustness and the Networks, high-resolution cameras, pads and much more, has mandated the need level of randomness of the ciphered image, a simple and efficient test is proposed. This to rethink the technological strategy that is used today. Starting from social media, test proposes using the randomness tools, TestU01 and Practrand, in order to assure a where apparently everything is being exposed, moving to highly powerful surveillance high level of randomness. After running these tests on well known ciphers, some flaws cameras, in addition to real time health monitoring, it can be seen that a high amount were exposed. of data is being stored in the Cloud and servers. This introduced a great challenge Proceeding to the next part, a novel proposal for enhancing the well-known ultra for their storage and transmission especially in the limited resourced platforms that are lightweight cipher scheme, Speck, is proposed. The main contribution of this work characterized by: (a) limited computing capabilities, (b) limited energy and source of is to obtain a better version compared to Speck. In this proposal, 26 rounds in Speck power and (c) open infrastructures that transmit data over wireless unreliable networks. were reduced to 7 rounds in Speck-R while enhancing the execution time by at least One of the extensively studied platforms is the Vehicular Ad-hoc Networks which tends 50%. First, we validate that Speck-R meets the randomness tests that are previously to have many limitations concerning the security field. proposed. Additionally, a dynamic substitution layer adds more security against key In this dissertation, we focus on improving the security of transmitted multimedia related attacks and highly fortifies the cipher. Speck-R was implemented on different contents in different limited platforms, while preserving a high security level. Limitations limited arduino chips and in all cases, Speck-R was ahead of Speck. of these platforms are taken into consideration while enhancing the execution time of the Then, in order to prove that this cipher can be used for securing images, especially secure cipher. Additionally, if the proposed cipher is to be used for images, the intrinsic in VANETS/IoV, where images can be extensively re/transmitted, several tests were voluminous and complex nature of the managed images is also taken into account. exerted and results showed that Speck-R indeed possesses the high level of security In the first part, we surveyed one of the limited platforms that is interesting for many desired in any trusted cipher. Extensive experiments validate our proposal from researchers, which is the Vehicular Ad-hoc Networks. In order to pave the way for both security and performance point of views and demonstrate the robustness of the researchers to find new efficient security solutions, it is important to have one reference proposed scheme against the most-known types of attacks. that can sum most of the recent works. It almost investigates every aspect in this field Titre : Design and implementation of lightweight and secure cryptographic algorithms for embedded devices Mots-cles´ : Chiffrement d’images, Chiffrement, Dechiffrement,´ Confusion, Diffusion, dynamique Tests de securit´ e.´ Resum´ e´ : Nous vivons actuellement dans une ere` avec sans cesse de nouveaux appareils nombres pseudo aleatoires,´ TestU01 et Practrand. Apres` avoir effectue´ ces tests sur technologiques (smartphone, reseaux´ de capteurs sans fil, aux cameras´ haute des algorithmes de chiffrement bien connus, certaines failles ont et´ e´ exposees´ et une resolution,´ etc). En partant des medias´ sociaux, en passant par des cameras´ de nouvelle proposition visant a` ameliorer´ le systeme` de chiffrement ultra-leger´ Speck est surveillance tres` puissantes, et sans oublier la surveillance de la sante´ en temps proposee.´ La principale contribution de ce travail est d’obtenir une meilleure version reel,´ on constate qu’une grande quantite´ de donnees´ est stockee´ dans le cloud et par rapport a` Speck. Dans cette nouvelle proposition, appelee´ Speck-R, nous utilisons les serveurs. Cela represente´ un grand defi´ de stockage et de transmission, en seulement 7 iterations´ contrairement a` Speck qui en utilise 26 et nous reduisons´ le particulier dans les plates-formes aux ressources limitees´ qui sont caracteris´ ees´ par temps d’execution´ d’au moins 50%. Tout d’abord, nous validons que Speck-R repond´ : (a) des capacites´ de calcul limitees,´ (b) une source d’energie´ limitees´ et (c) des aux tests de statistiques pour mesurer l’aleatoire,´ proposes´ prec´ edemment.´ De plus, infrastructures ouvertes qui transmettent des donnees´ sur des reseaux´ sans fil peu nous avons rajoute´ un systeme` de cle´ dynamique qui procure plus de securit´ e´ contre les fiables. Dans cette these,` nous nous concentrons sur l’amelioration´ de la securit´ e´ des attaques liees´ a` la cle.´ Speck-R a et´ e´ implement´ e´ sur differentes´ cartes de type arduino contenus multimedia´ transmis sur des plates-formes a` capacite´ de calcul limitee,´ tout et dans tous les cas, Speck-R etait´ plus rapide que Speck. Ensuite, afin de prouver que en preservant´ un niveau de securit´ e´ elev´ e.´ Dans la premiere` partie, nous avons etudi´ e´ ce chiffrement peut etreˆ utilise´ pour securiser´ les images, en particulier dans les reseaux´ les reseaux´ ad hoc vehiculaire.´ Nous avons propose´ un etat´ de l’art qui permet de VANETS/IoV, plusieurs tests ont et´ e´ effectues´ et les resultats´ montrent que Speck- resumer´ la plupart des travaux recents´ et d’explorer presque tous les aspects de ce R possede` effectivement le haut niveau de securit´ e´ souhaite.´ Des experimentations´ domaine en illustrant les differents´ aspects que possede` cette plateforme. Ensuite, afin valident notre proposition du point de vue de la securit´ e´ et de la performance et de proposer une nouvelle solution de securit´ e´ et de valider sa robustesse et le niveau de demontrent´ la robustesse du systeme` propose´ face aux types d’attaques les plus caractere` aleatoire´ d’une image chiffree,´ nous avons propose´ un test simple et efficace. connus. Celui-ci est base´ sur des outils pour tester statistiquement le caractere` aleatoire´ de Universite´ Bourgogne Franche-Comte´ 32, avenue de l’Observatoire 25000 Besanon, France ABSTRACT Design and implementation of lightweight and secure cryptographic algorithms for embedded devices Lama SLEEM University of Bourgogne Franche Comte,´ 2020 Supervisor:Raphael¨ COUTURIER Living in an era where new devices are astonishing considering their high capabilities, new visions and terms have emerged. Moving to smart phones, Wireless Sensor Net- works, high-resolution cameras, pads and much more, has mandated the need to rethink the technological strategy that is used today. Starting from social media, where appar- ently everything is being exposed, moving to highly powerful surveillance cameras, in addition to real time health monitoring, it can be seen that a high amount of data is being stored in the Cloud and servers. This introduced a great challenge for their storage
Load more

Recommended publications
  • Improved Related-Key Attacks on DESX and DESX+
    Improved Related-key Attacks on DESX and DESX+ Raphael C.-W. Phan1 and Adi Shamir3 1 Laboratoire de s´ecurit´eet de cryptographie (LASEC), Ecole Polytechnique F´ed´erale de Lausanne (EPFL), CH-1015 Lausanne, Switzerland [email protected] 2 Faculty of Mathematics & Computer Science, The Weizmann Institute of Science, Rehovot 76100, Israel [email protected] Abstract. In this paper, we present improved related-key attacks on the original DESX, and DESX+, a variant of the DESX with its pre- and post-whitening XOR operations replaced with addition modulo 264. Compared to previous results, our attack on DESX has reduced text complexity, while our best attack on DESX+ eliminates the memory requirements at the same processing complexity. Keywords: DESX, DESX+, related-key attack, fault attack. 1 Introduction Due to the DES’ small key length of 56 bits, variants of the DES under multiple encryption have been considered, including double-DES under one or two 56-bit key(s), and triple-DES under two or three 56-bit keys. Another popular variant based on the DES is the DESX [15], where the basic keylength of single DES is extended to 120 bits by wrapping this DES with two outer pre- and post-whitening keys of 64 bits each. Also, the endorsement of single DES had been officially withdrawn by NIST in the summer of 2004 [19], due to its insecurity against exhaustive search. Future use of single DES is recommended only as a component of the triple-DES. This makes it more important to study the security of variants of single DES which increase the key length to avoid this attack.
    [Show full text]
  • Vector Boolean Functions: Applications in Symmetric Cryptography
    Vector Boolean Functions: Applications in Symmetric Cryptography José Antonio Álvarez Cubero Departamento de Matemática Aplicada a las Tecnologías de la Información y las Comunicaciones Universidad Politécnica de Madrid This dissertation is submitted for the degree of Doctor Ingeniero de Telecomunicación Escuela Técnica Superior de Ingenieros de Telecomunicación November 2015 I would like to thank my wife, Isabel, for her love, kindness and support she has shown during the past years it has taken me to finalize this thesis. Furthermore I would also liketo thank my parents for their endless love and support. Last but not least, I would like to thank my loved ones such as my daughter and sisters who have supported me throughout entire process, both by keeping me harmonious and helping me putting pieces together. I will be grateful forever for your love. Declaration The following papers have been published or accepted for publication, and contain material based on the content of this thesis. 1. [7] Álvarez-Cubero, J. A. and Zufiria, P. J. (expected 2016). Algorithm xxx: VBF: A library of C++ classes for vector Boolean functions in cryptography. ACM Transactions on Mathematical Software. (In Press: http://toms.acm.org/Upcoming.html) 2. [6] Álvarez-Cubero, J. A. and Zufiria, P. J. (2012). Cryptographic Criteria on Vector Boolean Functions, chapter 3, pages 51–70. Cryptography and Security in Computing, Jaydip Sen (Ed.), http://www.intechopen.com/books/cryptography-and-security-in-computing/ cryptographic-criteria-on-vector-boolean-functions. (Published) 3. [5] Álvarez-Cubero, J. A. and Zufiria, P. J. (2010). A C++ class for analysing vector Boolean functions from a cryptographic perspective.
    [Show full text]
  • The First Biclique Cryptanalysis of Serpent-256
    The First Biclique Cryptanalysis of Serpent-256 Gabriel C. de Carvalho1, Luis A. B. Kowada1 1Instituto de Computac¸ao˜ – Universidade Federal Fluminense (UFF) – Niteroi´ – RJ – Brazil Abstract. The Serpent cipher was one of the finalists of the AES process and as of today there is no method for finding the key with fewer attempts than that of an exhaustive search of all possible keys, even when using known or chosen plaintexts for an attack. This work presents the first two biclique attacks for the full-round Serpent-256. The first uses a dimension 4 biclique while the second uses a dimension 8 biclique. The one with lower dimension covers nearly 4 complete rounds of the cipher, which is the reason for the lower time complex- ity when compared with the other attack (which covers nearly 3 rounds of the cipher). On the other hand, the second attack needs a lot less pairs of plain- texts for it to be done. The attacks require 2255:21 and 2255:45 full computations of Serpent-256 using 288 and 260 chosen ciphertexts respectively with negligible memory. 1. Introduction The Serpent cipher is, along with MARS, RC6, Twofish and Rijindael, one of the AES process finalists [Nechvatal et al. 2001] and has not had, since its proposal, its full round versions attacked. It is a Substitution Permutation Network (SPN) with 32 rounds, 128 bit block size and accepts keys of sizes 128, 192 and 256 bits. Serpent has been targeted by several cryptanalysis [Kelsey et al. 2000, Biham et al. 2001b, Biham et al.
    [Show full text]
  • Reconsidering the Security Bound of AES-GCM-SIV
    Background on AES-GCM-SIV Fixing the Security Bound Improving Key Derivation Final Remarks Reconsidering the Security Bound of AES-GCM-SIV Tetsu Iwata1 and Yannick Seurin2 1Nagoya University, Japan 2ANSSI, France March 7, 2018 — FSE 2018 T. Iwata and Y. Seurin Reconsidering AES-GCM-SIV’s Security FSE 2018 1 / 26 Background on AES-GCM-SIV Fixing the Security Bound Improving Key Derivation Final Remarks Summary of the contribution • we reconsider the security of the AEAD scheme AES-GCM-SIV designed by Gueron, Langley, and Lindell • we identify flaws in the designers’ security analysis and propose a new security proof • our findings leads to significantly reduced security claims, especially for long messages • we propose a simple modification to the scheme (key derivation function) improving security without efficiency loss T. Iwata and Y. Seurin Reconsidering AES-GCM-SIV’s Security FSE 2018 2 / 26 Background on AES-GCM-SIV Fixing the Security Bound Improving Key Derivation Final Remarks Summary of the contribution • we reconsider the security of the AEAD scheme AES-GCM-SIV designed by Gueron, Langley, and Lindell • we identify flaws in the designers’ security analysis and propose a new security proof • our findings leads to significantly reduced security claims, especially for long messages • we propose a simple modification to the scheme (key derivation function) improving security without efficiency loss T. Iwata and Y. Seurin Reconsidering AES-GCM-SIV’s Security FSE 2018 2 / 26 Background on AES-GCM-SIV Fixing the Security Bound Improving Key Derivation Final Remarks Summary of the contribution • we reconsider the security of the AEAD scheme AES-GCM-SIV designed by Gueron, Langley, and Lindell • we identify flaws in the designers’ security analysis and propose a new security proof • our findings leads to significantly reduced security claims, especially for long messages • we propose a simple modification to the scheme (key derivation function) improving security without efficiency loss T.
    [Show full text]
  • Advanced Encryption Standard (Aes) Modes of Operation
    ADVANCED ENCRYPTION STANDARD (AES) MODES OF OPERATION 1 Arya Rohan Under the guidance of Dr. Edward Schneider University of Maryland, College Park MISSION: TO SIMULATE BLOCK CIPHER MODES OF OPERATION FOR AES IN MATLAB Simulation of the AES (Rijndael Algorithm) in MATLAB for 128 bit key-length. Simulation of the five block cipher modes of operation for AES as per FIPS publication. Comparison of the five modes based on Avalanche Effect. Future Work 2 OUTLINE A brief history of AES Galois Field Theory De-Ciphering the Algorithm-ENCRYPTION De-Ciphering the Algorithm-DECRYPTION Block Cipher Modes of Operation Avalanche Effect Simulation in MATLAB Conclusion & Future Work References 3 A BRIEF HISTORY OF AES 4 In January 1997, researchers world-over were invited by NIST to submit proposals for a new standard to be called Advanced Encryption Standard (AES). From 15 serious proposals, the Rijndael algorithm proposed by Vincent Rijmen and Joan Daemen, two Belgian cryptographers won the contest. The Rijndael algorithm supported plaintext sizes of 128, 192 and 256 bits, as well as, key-lengths of 128, 192 and 256 bits. The Rijndael algorithm is based on the Galois field theory and hence it gives the algorithm provable 5 security properties. GALOIS FIELD 6 GALOIS FIELD - GROUP Group/Albelian Group: A group G or {G, .} is a set of elements with a binary operation denoted by . , that associates to each ordered pair (a, b) of elements in G an element (a . b) such that the following properties are obeyed: Closure: If a & b belong to G, then a . b also belongs to G.
    [Show full text]
  • Chapter 3 – Block Ciphers and the Data Encryption Standard
    Chapter 3 –Block Ciphers and the Data Cryptography and Network Encryption Standard Security All the afternoon Mungo had been working on Stern's Chapter 3 code, principally with the aid of the latest messages which he had copied down at the Nevin Square drop. Stern was very confident. He must be well aware London Central knew about that drop. It was obvious Fifth Edition that they didn't care how often Mungo read their messages, so confident were they in the by William Stallings impenetrability of the code. —Talking to Strange Men, Ruth Rendell Lecture slides by Lawrie Brown Modern Block Ciphers Block vs Stream Ciphers now look at modern block ciphers • block ciphers process messages in blocks, each one of the most widely used types of of which is then en/decrypted cryptographic algorithms • like a substitution on very big characters provide secrecy /hii/authentication services – 64‐bits or more focus on DES (Data Encryption Standard) • stream ciphers process messages a bit or byte at a time when en/decrypting to illustrate block cipher design principles • many current ciphers are block ciphers – better analysed – broader range of applications Block vs Stream Ciphers Block Cipher Principles • most symmetric block ciphers are based on a Feistel Cipher Structure • needed since must be able to decrypt ciphertext to recover messages efficiently • bloc k cihiphers lklook like an extremely large substitution • would need table of 264 entries for a 64‐bit block • instead create from smaller building blocks • using idea of a product cipher 1 Claude
    [Show full text]
  • Optimizing the Block Cipher Resource Overhead at the Link Layer Security Framework in the Wireless Sensor Networks
    Proceedings of the World Congress on Engineering 2008 Vol I WCE 2008, July 2 - 4, 2008, London, U.K. Optimizing the Block Cipher Resource Overhead at the Link Layer Security Framework in the Wireless Sensor Networks Devesh C. Jinwala, Dhiren R. Patel and Kankar S. Dasgupta, data collected from different sensor nodes. Since the Abstract—The security requirements in Wireless Sensor processing of the data is done on-the-fly, while being Networks (WSNs) and the mechanisms to support the transmitted to the base station; the overall communication requirements, demand a critical examination. Therefore, the costs are reduced [2]. Due to the multi-hop communication security protocols employed in WSNs should be so designed, as and the in-network processing demanding applications, the to yield the optimum performance. The efficiency of the block cipher is, one of the important factors in leveraging the conventional end-to-end security mechanisms are not performance of any security protocol. feasible for the WSN [3]. Hence, the use of the standard In this paper, therefore, we focus on the issue of optimizing end-to-end security protocols like SSH, SSL [4] or IPSec [5] the security vs. performance tradeoff in the security protocols in WSN environment is rejected. Instead, appropriate link in WSNs. As part of the exercise, we evaluate the storage layer security architecture, with low associated overhead is requirements of the block ciphers viz. the Advanced Encryption required. Standard (AES) cipher Rijndael, the Corrected Block Tiny Encryption Algorithm (XXTEA) using the Output Codebook There are a number of research attempts that aim to do so.
    [Show full text]
  • Design Development and Performance Evaluation of Low Complexity Cryptographic Algorithm for Security in IOT
    7 III March 2019 http://doi.org/10.22214/ijraset.2019.3454 International Journal for Research in Applied Science & Engineering Technology (IJRASET) ISSN: 2321-9653; IC Value: 45.98; SJ Impact Factor: 6.887 Volume 7 Issue III, Mar 2019- Available at www.ijraset.com Design Development and Performance Evaluation of Low Complexity Cryptographic Algorithm for Security in IOT Neha Parashar1, Rajveer Singh2 1, 2Rajasthan College of Engineering for Women Abstract: Internet of Things (IoT) is promising future technology is expected to connect billions of devices. Expected to produce more communication Data peaks and data security can be a threat. This The size of the device in this architecture is basically small, Low power consumption. Traditional encryption algorithm in general Due to its complexity and requirements, it is computationally expensive Many rounds of encryption are basically a waste of constraints Gadget energy. Less complicated algorithm, however, possible Compromise required integrity. It is a 64-bit block password that requires a 64-bit key to encrypt data. The architecture of the algorithm is a mixture of feistel and a uniform replacement - to replace the network Simulation. The results show that the algorithm provides just a substantial security five rounds of encryption. Index Terms: IoT, Security; Encryption; Wireless Sensor Network, WSN, I. INTRODUCTION Internet of Things (IoT) is turning into one Emerging research and practice areas of discussion in recent years of implementation. Internet of Things is a model including the general ability to perceive entities Communicate with other devices using the Internet [1]. Due to Broadband Internet is now generally available at its cost the connection is also reduced, with more gadgets and sensors connecting to it [2].
    [Show full text]
  • Feistel Like Construction of Involutory Binary Matrices with High Branch Number
    Feistel Like Construction of Involutory Binary Matrices With High Branch Number Adnan Baysal1,2, Mustafa C¸oban3, and Mehmet Ozen¨ 3 1TUB¨ ITAK_ - BILGEM,_ PK 74, 41470, Gebze, Kocaeli, Turkey, [email protected] 2Kocaeli University, Department of Computer Engineering, Faculty of Engineering, Institute of Science, 41380, Umuttepe, Kocaeli, Turkey 3Sakarya University, Faculty of Arts and Sciences, Department of Mathematics, Sakarya, Turkey, [email protected], [email protected] August 4, 2016 Abstract In this paper, we propose a generic method to construct involutory binary matrices from a three round Feistel scheme with a linear round function. We prove bounds on the maximum achievable branch number (BN) and the number of fixed points of our construction. We also define two families of efficiently implementable round functions to be used in our method. The usage of these families in the proposed method produces matrices achieving the proven bounds on branch numbers and fixed points. Moreover, we show that BN of the transpose matrix is the same with the original matrix for the function families we defined. Some of the generated matrices are Maximum Distance Binary Linear (MDBL), i.e. matrices with the highest achievable BN. The number of fixed points of the generated matrices are close to the expected value for a random involution. Generated matrices are especially suitable for utilising in bitslice block ciphers and hash functions. They can be implemented efficiently in many platforms, from low cost CPUs to dedicated hardware. Keywords: Diffusion layer, bitslice cipher, hash function, involution, MDBL matrices, Fixed points. 1 Introduction Modern block ciphers and hash functions use two basic layers iteratively to provide security: confusion and diffusion.
    [Show full text]
  • Block Ciphers
    Block Ciphers Chester Rebeiro IIT Madras CR STINSON : chapters 3 Block Cipher KE KD untrusted communication link Alice E D Bob #%AR3Xf34^$ “Attack at Dawn!!” message encryption (ciphertext) decryption “Attack at Dawn!!” Encryption key is the same as the decryption key (KE = K D) CR 2 Block Cipher : Encryption Key Length Secret Key Plaintext Ciphertext Block Cipher (Encryption) Block Length • A block cipher encryption algorithm encrypts n bits of plaintext at a time • May need to pad the plaintext if necessary • y = ek(x) CR 3 Block Cipher : Decryption Key Length Secret Key Ciphertext Plaintext Block Cipher (Decryption) Block Length • A block cipher decryption algorithm recovers the plaintext from the ciphertext. • x = dk(y) CR 4 Inside the Block Cipher PlaintextBlock (an iterative cipher) Key Whitening Round 1 key1 Round 2 key2 Round 3 key3 Round n keyn Ciphertext Block • Each round has the same endomorphic cryptosystem, which takes a key and produces an intermediate ouput • Size of the key is huge… much larger than the block size. CR 5 Inside the Block Cipher (the key schedule) PlaintextBlock Secret Key Key Whitening Round 1 Round Key 1 Round 2 Round Key 2 Round 3 Round Key 3 Key Expansion Expansion Key Key Round n Round Key n Ciphertext Block • A single secret key of fixed size used to generate ‘round keys’ for each round CR 6 Inside the Round Function Round Input • Add Round key : Add Round Key Mixing operation between the round input and the round key. typically, an ex-or operation Confusion Layer • Confusion layer : Makes the relationship between round Diffusion Layer input and output complex.
    [Show full text]
  • Related-Key Statistical Cryptanalysis
    Related-Key Statistical Cryptanalysis Darakhshan J. Mir∗ Poorvi L. Vora Department of Computer Science, Department of Computer Science, Rutgers, The State University of New Jersey George Washington University July 6, 2007 Abstract This paper presents the Cryptanalytic Channel Model (CCM). The model treats statistical key recovery as communication over a low capacity channel, where the channel and the encoding are determined by the cipher and the specific attack. A new attack, related-key recovery – the use of n related keys generated from k independent ones – is defined for all ciphers vulnera- ble to single-key recovery. Unlike classical related-key attacks such as differential related-key cryptanalysis, this attack does not exploit a special structural weakness in the cipher or key schedule, but amplifies the weakness exploited in the basic single key recovery. The related- key-recovery attack is shown to correspond to the use of a concatenated code over the channel, where the relationship among the keys determines the outer code, and the cipher and the attack the inner code. It is shown that there exists a relationship among keys for which the communi- cation complexity per bit of independent key is finite, for any probability of key recovery error. This may be compared to the unbounded communication complexity per bit of the single-key- recovery attack. The practical implications of this result are demonstrated through experiments on reduced-round DES. Keywords: related keys, concatenated codes, communication channel, statistical cryptanalysis, linear cryptanalysis, DES Communicating Author: Poorvi L. Vora, [email protected] ∗This work was done while the author was in the M.S.
    [Show full text]
  • Towards the Generation of a Dynamic Key-Dependent S-Box to Enhance Security
    Towards the Generation of a Dynamic Key-Dependent S-Box to Enhance Security 1 Grasha Jacob, 2 Dr. A. Murugan, 3Irine Viola 1Research and Development Centre, Bharathiar University, Coimbatore – 641046, India, [email protected] [Assoc. Prof., Dept. of Computer Science, Rani Anna Govt College for Women, Tirunelveli] 2 Assoc. Prof., Dept. of Computer Science, Dr. Ambedkar Govt Arts College, Chennai, India 3Assoc. Prof., Dept. of Computer Science, Womens Christian College, Nagercoil, India E-mail: [email protected] ABSTRACT Secure transmission of message was the concern of early men. Several techniques have been developed ever since to assure that the message is understandable only by the sender and the receiver while it would be meaningless to others. In this century, cryptography has gained much significance. This paper proposes a scheme to generate a Dynamic Key-dependent S-Box for the SubBytes Transformation used in Cryptographic Techniques. Keywords: Hamming weight, Hamming Distance, confidentiality, Dynamic Key dependent S-Box 1. INTRODUCTION Today communication networks transfer enormous volume of data. Information related to healthcare, defense and business transactions are either confidential or private and warranting security has become more and more challenging as many communication channels are arbitrated by attackers. Cryptographic techniques allow the sender and receiver to communicate secretly by transforming a plain message into meaningless form and then retransforming that back to its original form. Confidentiality is the foremost objective of cryptography. Even though cryptographic systems warrant security to sensitive information, various methods evolve every now and then like mushroom to crack and crash the cryptographic systems. NSA-approved Data Encryption Standard published in 1977 gained quick worldwide adoption.
    [Show full text]