DOCSLIB.ORG

Group Theoretic Properties of Rijndael-Like Ciphers

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Group Theoretic Properties of Rijndael-Like Ciphers View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by Elsevier - Publisher Connector Discrete Applied Mathematics 156 (2008) 3139–3149 www.elsevier.com/locate/dam Group theoretic properties of Rijndael-like ciphers Rudiger¨ Sparr∗, Ralph Wernsdorf Rohde & Schwarz SIT GmbH, 12489 Berlin, Germany Received 27 February 2007; received in revised form 24 October 2007; accepted 19 December 2007 Available online 10 March 2008 Abstract We provide conditions for which the round functions of an `-bit Rijndael-like block cipher generate the alternating group on the set f0; 1g`. These conditions show that the class of Rijndael-like ciphers whose round functions generate the alternating group on their message space is large, and includes both the actual Rijndael and the block cipher used by the compression function of the WHIRLPOOL hash function. The result indicates that there is no trapdoor design for a Rijndael-like cipher based on the imprimitivity of the group action of its proper round functions which is difficult to detect. c 2008 Elsevier B.V. All rights reserved. Keywords: Cryptography; Permutation groups; Block ciphers; Rijndael; Hash functions 1. Introduction An SP network is an iterated block cipher in which each round realizes Shannon’s principle of confusion and diffusion [29] by the use of substitutions and permutations, respectively. A widely-used class of SP networks is defined by invertible confusion and diffusion layers, followed by the XOR-operation of the round key with the state. Here the confusion layer is a parallel application of nonlinear substitutions to the subblocks of the state, while the diffusion layer is a linear transformation of the entire state. An important example of such an SP network is the Rijndael block cipher [8,9], which is defined for various block bit sizes `b and key bit lengths `k, where `b; `k 2 f128; 160; 192; 224; 256g. The versions for the block size of 128 bit and key length of 128, 192, and 256 bits were adopted by the NIST as the Advanced Encryption Standard (AES) [24]. Rijndael is designed to have the maximum known immunity against differential cryptanalysis [3] and linear cryptanalysis [18] (see [26]). Since the end of the AES selection process much research has focused on the structural and algebraic aspects of Rijndael, which includes the analysis of several alternative representations of the AES as well as some group theoretic investigations of the AES components (see, e.g., [2,6,11,17,21,32]). The exploration of the structural properties of a block cipher can yield new insights, which may provide the foundation for a further cryptanalysis of the cipher. In the case of the AES, algebraic relations and simple algebraic representations of the cipher have been found [11,21] which might provide useful starting points for further cryptanalytic work. In this paper we provide several new results on group theoretic properties of Rijndael-like ciphers with applications to some important block ciphers. For several block ciphers, including the DES [22] and AES, results on the group ∗ Corresponding author. Fax: +49 30 65884 180. E-mail addresses: [email protected] (R. Sparr), [email protected] (R. Wernsdorf). 0166-218X/$ - see front matter c 2008 Elsevier B.V. All rights reserved. doi:10.1016/j.dam.2007.12.011 3140 R. Sparr, R. Wernsdorf / Discrete Applied Mathematics 156 (2008) 3139–3149 theoretic properties of their components have already been found (see, e.g., [10,17,30–32]). A first motivation for the investigation of the group theoretic structure of a block cipher is to exclude undesirable properties, such as short cycles or non-trivial factor groups for the group generated by the round functions of the cipher. For example, it was shown in [27] that if the group generated by the round functions of a block cipher acts imprimitively on the state space, then there is an exploitable weakness in the cipher. Moreover, it is possible to give examples of DES-like block ciphers, which have a trapdoor with respect to this property, but nevertheless possess a certain resistance against classical linear and differential cryptanalysis (see [27]). A further motivation to study the group theoretic properties of a block cipher stems from a connection to the Markov cipher approach to classical differential cryptanalysis [16, 25]. If it can be shown that the round functions of a block cipher generate the alternating group on the message space, then for all corresponding Markov ciphers the chain of differences is irreducible and aperiodic, which means that after sufficiently many rounds of the cipher all differences become equally probable [12]. As the AES round functions generate the alternating group on the state space [32], after sufficiently many AES rounds all differences will roughly be equally probable with respect to the Markov cipher theory approach (see also [1, Section 3.2]). However, as shown in [20], it is not sufficient for a block cipher to be practically strong if the group generated by the round functions of the cipher is large. This corresponds to our results found in this paper for the class of Rijndael- like SP networks (cf. Remark 2 and Theorems 3 and 4). Furthermore, as pointed out in [7], for a given set of round functions which generates a large permutation group on the message space, it might be possible to approximate this set by another set of round functions which generates only a small permutation group on the message space. Our results show that the class of Rijndael-like ciphers whose round functions generate the alternating group on their message space is large and includes both the actual Rijndael and the block cipher used by the compression function of the WHIRLPOOL hash function [13]. This indicates that for Rijndael-like ciphers there is no trapdoor design based on the imprimitivity of the group action of its proper round functions which is difficult to detect. The paper is organized as follows. In Section 2 we provide some notions and facts from the theory of permutation groups which are used in this paper. In Section 3 we prove some properties of groups generated by the round functions of a Rijndael-like SP network, which we call SP functions in this paper. Furthermore, we provide conditions for the substitution and the linear diffusion layer of SP functions such that the group generated by those functions is equal to the alternating group on the state space. In Section 4 we first define our model for a Rijndael-like block cipher, which is intended to have sufficient generality to comprise most ciphers being similar to the actual Rijndael. Then we derive conditions for Rijndael-like round functions such that the group generated by these functions is equal to the alternating group on the state space. In Section 5 we apply the results obtained in the preceding sections to the actual Rijndael block cipher [9] and show that the round functions of Rijndael for every block size of 32 · n bits, n 2 f4; 5; 6; 7; 8g, generate the alternating group on the set f0; 1g32n. Here we also study some consequences of this result for the security of Rijndael. In Section 6 we show that the round functions of the block cipher used by the compression function of the WHIRLPOOL hash function [13] generate the alternating group on the set f0; 1g512. Furthermore, we study the impact of this result for the security goals of WHIRLPOOL, like preimage resistance, second preimage resistance, and collision resistance. In Section 7 we conclude the paper. 2. Preliminaries 2.1. Notation The finite field of cardinality q is denoted by GF.q/ and the set of all m × n-matrices over GF.q/ is denoted mn by Mm;n.GF.q//, where we write Mn.GF.q// instead of Mn;n.GF.q//. Elements of GF.q/ are identified with mn matrices b 2 Mm;n.GF.q// via the mapping ι V GF.q/ ! Mm;n.GF.q//, a 7! b, defined by bi j D aniC j , for all 0 ≤ i < m, 0 ≤ j < n. For any b 2 Mm;n.GF.q//, we write wH .b/ for the Hamming weight of b, which is defined as the number of non-zero entries of b. We write . f ◦ g/.x/ D f .g.x// for compositions of functions f; g. The cardinality of a set X is denoted by jXj. 2.2. Group theoretical background In this section we present some background from the theory of permutation groups which is used in this paper. For any nonempty finite set X, the group of all bijective mappings of X to itself is denoted by SX and is called the R. Sparr, R. Wernsdorf / Discrete Applied Mathematics 156 (2008) 3139–3149 3141 symmetric group on X. If n > 0 is a natural number and X D f1;:::; ng, we write Sn instead of SX . Any subgroup of SX is called a permutation group on X. Let `; n denote natural numbers such that 0 < ` ≤ n. A permutation group G ≤ Sn is called `-transitive if, for any pair of `-tuples .a1;:::; a`/ and .b1;:::; b`/ with ai 6D a j ; bi 6D b j for i 6D j, there is a permutation g 2 G with g.ai / D bi for i D 1; : : : ; `. A 1-transitive permutation group is said to be transitive. If G is a permutation group on a set X and a 2 X, the subgroup of all g 2 G such that g.a/ D a is denoted by Ga. For multiple transitivity the following proposition holds (cf.
Load more

Recommended publications
  • Chapter 3 – Block Ciphers and the Data Encryption Standard
    Chapter 3 –Block Ciphers and the Data Cryptography and Network Encryption Standard Security All the afternoon Mungo had been working on Stern's Chapter 3 code, principally with the aid of the latest messages which he had copied down at the Nevin Square drop. Stern was very confident. He must be well aware London Central knew about that drop. It was obvious Fifth Edition that they didn't care how often Mungo read their messages, so confident were they in the by William Stallings impenetrability of the code. —Talking to Strange Men, Ruth Rendell Lecture slides by Lawrie Brown Modern Block Ciphers Block vs Stream Ciphers now look at modern block ciphers • block ciphers process messages in blocks, each one of the most widely used types of of which is then en/decrypted cryptographic algorithms • like a substitution on very big characters provide secrecy /hii/authentication services – 64‐bits or more focus on DES (Data Encryption Standard) • stream ciphers process messages a bit or byte at a time when en/decrypting to illustrate block cipher design principles • many current ciphers are block ciphers – better analysed – broader range of applications Block vs Stream Ciphers Block Cipher Principles • most symmetric block ciphers are based on a Feistel Cipher Structure • needed since must be able to decrypt ciphertext to recover messages efficiently • bloc k cihiphers lklook like an extremely large substitution • would need table of 264 entries for a 64‐bit block • instead create from smaller building blocks • using idea of a product cipher 1 Claude
    [Show full text]
  • Feistel Like Construction of Involutory Binary Matrices with High Branch Number
    Feistel Like Construction of Involutory Binary Matrices With High Branch Number Adnan Baysal1,2, Mustafa C¸oban3, and Mehmet Ozen¨ 3 1TUB¨ ITAK_ - BILGEM,_ PK 74, 41470, Gebze, Kocaeli, Turkey, [email protected] 2Kocaeli University, Department of Computer Engineering, Faculty of Engineering, Institute of Science, 41380, Umuttepe, Kocaeli, Turkey 3Sakarya University, Faculty of Arts and Sciences, Department of Mathematics, Sakarya, Turkey, [email protected], [email protected] August 4, 2016 Abstract In this paper, we propose a generic method to construct involutory binary matrices from a three round Feistel scheme with a linear round function. We prove bounds on the maximum achievable branch number (BN) and the number of fixed points of our construction. We also define two families of efficiently implementable round functions to be used in our method. The usage of these families in the proposed method produces matrices achieving the proven bounds on branch numbers and fixed points. Moreover, we show that BN of the transpose matrix is the same with the original matrix for the function families we defined. Some of the generated matrices are Maximum Distance Binary Linear (MDBL), i.e. matrices with the highest achievable BN. The number of fixed points of the generated matrices are close to the expected value for a random involution. Generated matrices are especially suitable for utilising in bitslice block ciphers and hash functions. They can be implemented efficiently in many platforms, from low cost CPUs to dedicated hardware. Keywords: Diffusion layer, bitslice cipher, hash function, involution, MDBL matrices, Fixed points. 1 Introduction Modern block ciphers and hash functions use two basic layers iteratively to provide security: confusion and diffusion.
    [Show full text]
  • Block Ciphers
    Block Ciphers Chester Rebeiro IIT Madras CR STINSON : chapters 3 Block Cipher KE KD untrusted communication link Alice E D Bob #%AR3Xf34^$ “Attack at Dawn!!” message encryption (ciphertext) decryption “Attack at Dawn!!” Encryption key is the same as the decryption key (KE = K D) CR 2 Block Cipher : Encryption Key Length Secret Key Plaintext Ciphertext Block Cipher (Encryption) Block Length • A block cipher encryption algorithm encrypts n bits of plaintext at a time • May need to pad the plaintext if necessary • y = ek(x) CR 3 Block Cipher : Decryption Key Length Secret Key Ciphertext Plaintext Block Cipher (Decryption) Block Length • A block cipher decryption algorithm recovers the plaintext from the ciphertext. • x = dk(y) CR 4 Inside the Block Cipher PlaintextBlock (an iterative cipher) Key Whitening Round 1 key1 Round 2 key2 Round 3 key3 Round n keyn Ciphertext Block • Each round has the same endomorphic cryptosystem, which takes a key and produces an intermediate ouput • Size of the key is huge… much larger than the block size. CR 5 Inside the Block Cipher (the key schedule) PlaintextBlock Secret Key Key Whitening Round 1 Round Key 1 Round 2 Round Key 2 Round 3 Round Key 3 Key Expansion Expansion Key Key Round n Round Key n Ciphertext Block • A single secret key of fixed size used to generate ‘round keys’ for each round CR 6 Inside the Round Function Round Input • Add Round key : Add Round Key Mixing operation between the round input and the round key. typically, an ex-or operation Confusion Layer • Confusion layer : Makes the relationship between round Diffusion Layer input and output complex.
    [Show full text]
  • Related-Key Cryptanalysis of 3-WAY, Biham-DES,CAST, DES-X, Newdes, RC2, and TEA
    Related-Key Cryptanalysis of 3-WAY, Biham-DES,CAST, DES-X, NewDES, RC2, and TEA John Kelsey Bruce Schneier David Wagner Counterpane Systems U.C. Berkeley kelsey,schneier @counterpane.com [email protected] f g Abstract. We present new related-key attacks on the block ciphers 3- WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA. Differen- tial related-key attacks allow both keys and plaintexts to be chosen with specific differences [KSW96]. Our attacks build on the original work, showing how to adapt the general attack to deal with the difficulties of the individual algorithms. We also give specific design principles to protect against these attacks. 1 Introduction Related-key cryptanalysis assumes that the attacker learns the encryption of certain plaintexts not only under the original (unknown) key K, but also under some derived keys K0 = f(K). In a chosen-related-key attack, the attacker specifies how the key is to be changed; known-related-key attacks are those where the key difference is known, but cannot be chosen by the attacker. We emphasize that the attacker knows or chooses the relationship between keys, not the actual key values. These techniques have been developed in [Knu93b, Bih94, KSW96]. Related-key cryptanalysis is a practical attack on key-exchange protocols that do not guarantee key-integrity|an attacker may be able to flip bits in the key without knowing the key|and key-update protocols that update keys using a known function: e.g., K, K + 1, K + 2, etc. Related-key attacks were also used against rotor machines: operators sometimes set rotors incorrectly.
    [Show full text]
  • Cryptanalysis of a Reduced Version of the Block Cipher E2
    Cryptanalysis of a Reduced Version of the Block Cipher E2 Mitsuru Matsui and Toshio Tokita Information Technology R&D Center Mitsubishi Electric Corporation 5-1-1, Ofuna, Kamakura, Kanagawa, 247, Japan [email protected], [email protected] Abstract. This paper deals with truncated differential cryptanalysis of the 128-bit block cipher E2, which is an AES candidate designed and submitted by NTT. Our analysis is based on byte characteristics, where a difference of two bytes is simply encoded into one bit information “0” (the same) or “1” (not the same). Since E2 is a strongly byte-oriented algorithm, this bytewise treatment of characteristics greatly simplifies a description of its probabilistic behavior and noticeably enables us an analysis independent of the structure of its (unique) lookup table. As a result, we show a non-trivial seven round byte characteristic, which leads to a possible attack of E2 reduced to eight rounds without IT and FT by a chosen plaintext scenario. We also show that by a minor modification of the byte order of output of the round function — which does not reduce the complexity of the algorithm nor violates its design criteria at all —, a non-trivial nine round byte characteristic can be established, which results in a possible attack of the modified E2 reduced to ten rounds without IT and FT, and reduced to nine rounds with IT and FT. Our analysis does not have a serious impact on the full E2, since it has twelve rounds with IT and FT; however, our results show that the security level of the modified version against differential cryptanalysis is lower than the designers’ estimation.
    [Show full text]
  • Lecture Four
    Lecture Four Today’s Topics . Historic Symmetric ciphers . Modern symmetric ciphers . DES, AES . Asymmetric ciphers . RSA . Next class: Protocols Example Ciphers . Shift cipher: each plaintext characters is replaced by a character k to the right. (When k=3, it’s a Caesar cipher). “Watch out for Brutus!” => “Jngpu bhg sbe Oehghf!” . Only 25 choices! Not hard to break by brute force. Substitution Cipher: each character in plaintext is replaced by a corresponding character of ciphertext. E.g., cryptograms in newspapers. plaintext code: a b c d e f g h i f k l m n o p q r s t u v w x y z ciphertext code: m n b v c x z a s d f g h j k l p o i u y t r e w q . 26! Possible pairs. Is is really that hard to break? Substitution ciphers . The Caesar cipher has a small key space, but doesn’t create a statistical independence between the plaintext and the ciphertext. The best ciphers allow no statistical attacks, thereby forcing a brute force, exhaustive search; all the security lies with the key space. As cryptographic algorithms matured, the statistical independence between the plaintext and cipher text increased. Ciphers . The caesar cipher, hill cipher, and playfair cipher all work with a single alphabet for doing substitutions . They are monoalphabetic substitutions. A more complex (and more robust) alternative is to use different substitution mappings on various portions of the plaintext. Polyalphabetic substitutions. More ciphers . Vigenère cipher: each character of plaintext is encrypted with a different a cipher key.
    [Show full text]
  • A Proposed SAFER Plus Security Algorithm Using Fast Walsh Hadamard Transform for Bluetooth Technology D.Sharmila 1, R.Neelaveni 2
    International Journal of Wireless & Mobile Networks (IJWMN), Vol 1, No 2, November 2009 A Proposed SAFER Plus Security algorithm using Fast Walsh Hadamard transform for Bluetooth Technology D.Sharmila 1, R.Neelaveni 2 1(Research Scholar), Associate Professor, Bannari Amman Institute of Technology, Sathyamangalam. Tamil Nadu-638401. [email protected] 2 Asst.Prof. PSG College of Technology, Coimbatore.Tamil Nadu -638401. [email protected] ABSTRACT realtime two-way voice transfer providing data rates up to 3 Mb/s. It operates at 2.4 GHz frequency in the free ISM-band (Industrial, Scientific, and Medical) using frequency hopping In this paper, a modified SAFER plus algorithm is [18]. Bluetooth can be used to connect almost any kind of presented. Additionally, a comparison with various device to another device. Typical range of Bluetooth communication varies from 10 to 100 meters indoors. security algorithms like pipelined AES, Triple DES, Bluetooth technology and associated devices are susceptible Elliptic curve Diffie Hellman and the existing SAFER plus to general wireless networking threats, such as denial of service attacks, eavesdropping, man-in-the-middle attacks, are done. Performance of the algorithms is evaluated message modification, and resource misappropriation. They based on the data throughput, frequency and security are also threatened by more specific Bluetooth-related attacks that target known vulnerabilities in Bluetooth level. The results show that the modified SAFER plus implementations and specifications. Attacks against algorithm has enhanced security compared to the existing improperly secured Bluetooth implementations can provide attackers with unauthorized access to sensitive information algorithms. and unauthorized usage of Bluetooth devices and other Key words : Secure And Fast Encryption Routine, Triple Data systems or networks to which the devices are connected.
    [Show full text]
  • Confusion and Diffusion
    Confusion and Diffusion Ref: William Stallings, Cryptography and Network Security, 3rd Edition, Prentice Hall, 2003 Confusion and Diffusion 1 Statistics and Plaintext • Suppose the frequency distribution of plaintext in a human-readable message in some language is known. • Or suppose there are known words or phrases that are used in the plaintext message. • A cryptanalysist can use this information to break a cryptographic algorithm. Confusion and Diffusion 2 Changing Statistics • Claude Shannon suggested that to complicate statistical attacks, the cryptographer could dissipate the statistical structure of the plaintext in the long range statistics of the ciphertext. • Shannon called this process diffusion . Confusion and Diffusion 3 Changing Statistics (p.2) • Diffusion can be accomplished by having many plaintext characters affect each ciphertext character. • An example of diffusion is the encryption of a message M=m 1,m 2,... using a an averaging: y n= ∑i=1,k mn+i (mod26). Confusion and Diffusion 4 Changing Statistics (p.3) • In binary block ciphers, such as the Data Encryption Standard (DES), diffusion can be accomplished using permutations on data, and then applying a function to the permutation to produce ciphertext. Confusion and Diffusion 5 Complex Use of a Key • Diffusion complicates the statistics of the ciphertext, and makes it difficult to discover the key of the encryption process. • The process of confusion , makes the use of the key so complex, that even when an attacker knows the statistics, it is still difficult to deduce the key. Confusion and Diffusion 6 Complex Use of a Key(p.2) • Confusion can be accomplished by using a complex substitution algorithm.
    [Show full text]
  • Safer Than You Think! Revising the Transit Safety Narrative 1 September 2021
    www.vtpi.org [email protected] 250-508-5150 Safer Than You Think! Revising the Transit Safety Narrative 1 September 2021 Todd Litman Victoria Transport Policy Institute Abstract Public transportation is overall a relatively safe (low crash risk) and secure (low crime risk) mode of transport. Transit travel has about a tenth the traffic casualty (death or injury) rate as automobile travel, and transit-oriented neighborhood residents have about a fifth the per capita crash casualty rate as in automobile-oriented areas. Transit also tends to have lower overall crime rates than automobile travel, and many transit service improvements can further increase security by improving surveillance and economic opportunities for at-risk populations. Despite its relative safety and security, many people consider public transit dangerous, and so are reluctant to use it or support service expansions in their communities. Various factors contribute to this excessive fear, including the nature of public transit travel, heavy media coverage of transit- related crashes and crimes, and conventional traffic safety messages which emphasize danger rather than safety. Transit agencies can help create a new safety narrative by better measuring and communicating transit’s overall safety and security impacts, and providing better guidance concerning how users and communities can enhance transit safety and security. A summary version of this report was published as, “A New Transit Safety Narrative” Journal of Public Transportation, Vol. 17, No. 4, 2014, pp.121-142; at www.nctr.usf.edu/wp-content/uploads/2014/12/JPT17.4_Litman.pdf. It was also published as, The Hidden Traffic Safety Solution: Public Transportation, American Public Transportation Association (www.apta.com); at www.apta.com/mediacenter/pressreleases/2016/Pages/Hidden-Traffic-Safety-Solution.aspx Todd Litman 2013-2021 You are welcome and encouraged to copy, distribute, share and excerpt this document and its ideas, provided the author is given attribution.
    [Show full text]
  • What You Should Know for the Final Exam
    MATC16 Cryptography and Coding Theory G´abor Pete University of Toronto Scarborough What you should know for the final exam Principles and goals of cryptography: Kerckhoff’s principle. Shannon’s confusion and diffusion. Possible attack situations (cipher- text only, chosen plaintext, etc.). Possible goals of attacker, and the corresponding tasks of cryptography (confidentiality, data integrity, authentication, non-repudiation). [Chap- ter 1, plus page 38 and http://en.wikipedia.org/wiki/Confusion_and_diffusion for diffusion & confusion.] Classical cryptosystems: Number theory basics: infinitely many primes exist, basics of modular arithmetic, extended Euclidean algorithm, solving ax+by = d, inverting numbers and matrices (mod n). [Sections 3.1-3 and 3.8.] Shift and affine ciphers. Their ciphertext only and known plaintext attacks. Composition of two affine ciphers is again an affine cipher. [Sections 2.1-2.] Substitution ciphers in general. [Section 2.4] Vigen`ere cipher. Known plaintext attack. Ciphertext only: finding the key length, then frequency analysis. [Section 2.3.] Hill cipher. Known plaintext attack. [Section 2.7.] One-time pad. LFSR sequences. Known plaintext attack, finding the recursion. [Sections 2.9 and 11.] Basics of Enigma. [Section 2.12, up to middle of page 53.] The DES: Feistel systems, simplified and real DES (without the exact expansion functions and S-boxes and permutations, of course), how decryption works in these DES versions. How the extra parity check bits in the real DES key ensure error detection. How confusion and diffusion are fulfilled in DES. [Sections 4.1-2 and 4.4.] Double and Triple DES. Meet-in-the-middle attack. (I mentioned here that one can organize the two lists of length n and find a match between them in almost linear time (n log n) instead of the naive approach that would give only n2, and hence would ruin the attack completely.
    [Show full text]
  • A Lightweight Encryption Algorithm for Secure Internet of Things
    Pre-Print Version, Original article is available at (IJACSA) International Journal of Advanced Computer Science and Applications, Vol. 8, No. 1, 2017 SIT: A Lightweight Encryption Algorithm for Secure Internet of Things Muhammad Usman∗, Irfan Ahmedy, M. Imran Aslamy, Shujaat Khan∗ and Usman Ali Shahy ∗Faculty of Engineering Science and Technology (FEST), Iqra University, Defence View, Karachi-75500, Pakistan. Email: fmusman, [email protected] yDepartment of Electronic Engineering, NED University of Engineering and Technology, University Road, Karachi 75270, Pakistan. Email: firfans, [email protected], [email protected] Abstract—The Internet of Things (IoT) being a promising and apply analytics to share the most valuable data with the technology of the future is expected to connect billions of devices. applications. The IoT is taking the conventional internet, sensor The increased number of communication is expected to generate network and mobile network to another level as every thing mountains of data and the security of data can be a threat. The will be connected to the internet. A matter of concern that must devices in the architecture are essentially smaller in size and be kept under consideration is to ensure the issues related to low powered. Conventional encryption algorithms are generally confidentiality, data integrity and authenticity that will emerge computationally expensive due to their complexity and requires many rounds to encrypt, essentially wasting the constrained on account of security and privacy [4]. energy of the gadgets. Less complex algorithm, however, may compromise the desired integrity. In this paper we propose a A. Applications of IoT: lightweight encryption algorithm named as Secure IoT (SIT).
    [Show full text]
  • Stream and Block Ciphers
    Symmetric Cryptography Block Ciphers and Stream Ciphers Stream Ciphers K Seeded by a key K the stream cipher Stream ⃗z generates a random bit-stream z. Cipher A stream of plain-text bits p is XORed with the pseudo-random stream to obtain the cipher text stream c ⃗c=⃗p⊕⃗z and ⃗p=⃗c⊕⃗z ⃗c cipher text ⃗p plain text The same stream generator (using the same seed) ⃗z key stream used for both encryption and decryption Stream Ciphers K →¯zk ¯c=¯p⊕¯z k ¯ci=¯pi ⊕¯z k ¯c j=¯p j ⊕¯zk Attacker has access to ¯ci and ¯c j ¯ci⊕¯c j=(¯pi⊕¯zk )⊕(¯p j⊕¯z k)=¯pi⊕ ¯p j ● XORing two cipher-texts encrypted using the same seed results in XOR of corresponding plain-texts ● Redundancy in plain-text structure can be easily used to determine both plain- texts ● And hence, the key stream ● Never reuse seed? ● Impractical ● Extend seed using an initial value (IV) which can be sent in the clear ● Never reuse IV Block Ciphers ● C=E(P,K) ● P=D(C,K) ● E() and D() are algorithms ● P is a block of “plain text” (m bits) ● C is the corresponding “cipher text” (also m bits) ● K is the secret key (k bits long) ● (k,m) block cipher – k-bit keysize, m-bit blocksize ● (m+k)-bit input, m-bit output Desired Properties ● The most efficient attack should be the brute-force attack (complexity depends only on key length) ● Knowledge of any number of plain-cipher text pairs, still does not reveal any information regarding any bit of the key.
    [Show full text]