DOCSLIB.ORG

Cryptographic Key Infrastructure for Security Services Protecting Tt&C And

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Cryptographic Key Infrastructure for Security Services Protecting Tt&C And C RYPTOGRAPHIC K EY I NFRASTRUCTURE FOR S E C U R I T Y S E R VI C E S P R O T E C T I N G TT&C A N D P A Y L O A D L I N K S O F S PA C E M ISSIONS ESTEC/CONTRACT NO. 4000103681 May 2011 – April 2014 MARCIO JULIATO, DEPT. OF ECE, UNIV. OF WATERLOO CATHERINE GEBOTYS, DEPT. OF ECE, UNIV. OF WATERLOO IGNACIO AGUILAR SANCHEZ, ESTEC, ESA 1 Table of Contents Table of Contents ............................................................................................................ 2 List of Acronyms ............................................................................................................. 5 List of Figures .................................................................................................................. 7 List of Tables .................................................................................................................... 8 Chapter 1 : Report Summary ................................................................................................. 9 1.1 Introduction ............................................................................................................... 10 1.2 Background ............................................................................................................... 10 1.3 Purpose and Scope ..................................................................................................... 12 1.4 Programme Outline .................................................................................................... 12 1.5 Output ....................................................................................................................... 15 1.6 Relevant References .................................................................................................. 16 Chapter 2 : Key Management Fundamental Requirements ................................................... 18 2.1 Scope ......................................................................................................................... 19 2.2 Space Mission Scenarios ............................................................................................ 20 2.2.1 Orbital Types and Associated Parameters ............................................................ 20 2.2.2 Communication Scenarios ................................................................................... 21 2.2.3 Summary of Parameters....................................................................................... 22 2.3 Key Roles, Scopes and Hierarchy .............................................................................. 23 2.3.1 Determining Key Roles and Scopes ..................................................................... 23 2.3.2 Proposed Key Hierarchy and Justification ........................................................... 24 2.4 Algorithms and Attacks ............................................................................................. 27 2.4.1 Assumptions on Threat and Trust Models ............................................................ 27 2.4.2 Attacks against AES ............................................................................................ 28 2.4.3 Related Key Attacks ............................................................................................ 29 2.4.4 Exhaustive Search Attacks................................................................................... 29 2.4.5 Successful Forgery .............................................................................................. 36 2.5 Cryptoperiods and Key Lengths ................................................................................. 38 2.5.1 Related Work ...................................................................................................... 38 2.5.2 Data Complexity in Related Key Attacks ............................................................. 40 2.5.3 Data Complexity of a Successful Forgery ............................................................ 41 2 2.5.4 Time Complexity of Attacks based on Exhaustive Search ................................. 42 2.5.5 Determining Key Lengths .................................................................................... 45 2.5.6 Defining Cryptoperiods ....................................................................................... 48 2.6 Instrument/Payload Data Distribution ........................................................................ 50 2.6.1 ESA-Controlled Data Distribution ....................................................................... 50 2.6.2 Direct Data Distribution with ESA Knowledge of Keys .................................... 50 2.6.3 Direct Data Distribution with User Key Management .......................................... 51 2.7 Over the Air Re-Keying ............................................................................................. 53 2.7.1 LEO (Sentinel-like) Missions .............................................................................. 53 2.7.2 GEO (Meteosat-like) Missions ............................................................................ 55 2.8 Appendix: Improved Bounds on CMAC Forgery Probability ..................................... 57 Chapter 3 : Key Management Fundamental Requirements (Supplement) and Trusted Platform Research ............................................................................................................... 58 3.1 Scope ......................................................................................................................... 59 3.2 Revisiting Authentication Cryptoperiods.................................................................... 60 3.2.1 Updated Equations for Authentication Mechanisms ............................................. 60 3.2.2 Computation of Pue for Reed-Solomon Codes..................................................... 60 3.2.3 Successful Forgery against Authentication Mechanisms ...................................... 61 3.2.4 Graphical Analysis of PErr and PForg for TC ......................................................... 62 3.2.5 Graphical Analysis of PErr and PForg for TM ........................................................ 64 3.2.6 Probability of Accepting Forged Data .................................................................. 65 3.2.7 Updated Authentication Cryptoperiods ................................................................ 67 3.2.8 Conclusions and Recommendations ..................................................................... 69 3.3 Trusted Platform to Support Key Management .......................................................... 71 3.3.1 Key Management Goals and Infrastructure .......................................................... 71 3.3.2 Related Work ...................................................................................................... 72 3.3.3 Communication Scenarios ................................................................................... 74 3.3.4 Secret and Keying Materials ................................................................................ 74 3.3.5 Rekeying Procedure with Hop-by-Hop Secrecy ................................................... 76 3.3.6 Rekeying Procedure with End-to-End Secrecy ..................................................... 84 3.3.7 Hop-by-Hop Onboard Integrity Check ................................................................. 90 3.3.8 End-to-End Onboard Integrity Check .................................................................. 94 3 3.3.9 Complexity Evaluation ........................................................................................ 96 3.3.10 Study Cases ..................................................................................................... 101 3.4 Appendix: Probability of Undetected Errors for Reed-Solomon Codes ..................... 108 Chapter 4 : Reconfigurable and Distributed Key Management ....................................... 111 4.1 Scope ....................................................................................................................... 112 4.2 Key Transport .......................................................................................................... 113 4.2.1 Original Key Transport Approach...................................................................... 113 4.2.2 Improved Key Transport based on Nonces ........................................................ 114 4.2.3 Improved Key Transport based on Timestamps ................................................. 116 4.3 Key Agreement ........................................................................................................ 118 4.3.1 Diffie-Hellman .................................................................................................. 118 4.3.2 Man-In-The-Middle Attacks .............................................................................. 118 4.3.3 Related Work .................................................................................................... 120 4.3.4 Password Authenticated Key Exchange ............................................................. 121 4.3.5 TPM-Supported Key Agreement Protocol ......................................................... 121 4.3.6 TPM-Supported Key Agreement Protocol with Timestamps .............................. 123 4.3.7 TPM-Supported Key Agreement Protocol with Control Center Reporting ......... 125 4.3.8 Discussions ......................................................................................................
Load more

Recommended publications
  • The First Biclique Cryptanalysis of Serpent-256
    The First Biclique Cryptanalysis of Serpent-256 Gabriel C. de Carvalho1, Luis A. B. Kowada1 1Instituto de Computac¸ao˜ – Universidade Federal Fluminense (UFF) – Niteroi´ – RJ – Brazil Abstract. The Serpent cipher was one of the finalists of the AES process and as of today there is no method for finding the key with fewer attempts than that of an exhaustive search of all possible keys, even when using known or chosen plaintexts for an attack. This work presents the first two biclique attacks for the full-round Serpent-256. The first uses a dimension 4 biclique while the second uses a dimension 8 biclique. The one with lower dimension covers nearly 4 complete rounds of the cipher, which is the reason for the lower time complex- ity when compared with the other attack (which covers nearly 3 rounds of the cipher). On the other hand, the second attack needs a lot less pairs of plain- texts for it to be done. The attacks require 2255:21 and 2255:45 full computations of Serpent-256 using 288 and 260 chosen ciphertexts respectively with negligible memory. 1. Introduction The Serpent cipher is, along with MARS, RC6, Twofish and Rijindael, one of the AES process finalists [Nechvatal et al. 2001] and has not had, since its proposal, its full round versions attacked. It is a Substitution Permutation Network (SPN) with 32 rounds, 128 bit block size and accepts keys of sizes 128, 192 and 256 bits. Serpent has been targeted by several cryptanalysis [Kelsey et al. 2000, Biham et al. 2001b, Biham et al.
    [Show full text]
  • Hardness Evaluation of Solving MQ Problems
    MQ Challenge: Hardness Evaluation of Solving MQ Problems Takanori Yasuda (ISIT), Xavier Dahan (ISIT), Yun-Ju Huang (Kyushu Univ.), Tsuyoshi Takagi (Kyushu Univ.), Kouichi Sakurai (Kyushu Univ., ISIT) This work was supported by “Strategic Information and Communications R&D Promotion Programme (SCOPE), no. 0159-0091”, Ministry of Internal Affairs and Communications, Japan. The first author is supported by Grant-in-Aid for Young Scientists (B), Grant number 24740078. Fukuoka MQ challenge MQ challenge started on April 1st. https://www.mqchallenge.org/ ETSI Quantum Safe Workshop 2015/4/3 2 Why we need MQ challenge? • Several public key cryptosystems held contests which solve the associated basic mathematical problems. o RSA challenge(RSA Laboratories), ECC challenge(Certicom), Lattice challenge(TU Darmstadt) • Lattice challenge (http://www.latticechallenge.org/) o Target: Short vector problem o 2008 – now continued • Multivariate public-key cryptsystem (MPKC) also need to evaluate the current state-of-the-art in practical MQ problem solvers. We planed to hold MQ challenge. ETSI Quantum Safe Workshop 2015/4/3 3 Multivariate Public Key Cryptosystem (MPKC) • Advantage o Candidate for post-quantum cryptography o Used for both encryption and signature schemes • Encryption: Simple Matrix scheme (ABC scheme), ZHFE scheme • Signature: UOV, Rainbow o Efficient encryption and decryption and signature generation and verification. • Problems o Exact estimate of security of MPKC schemes o Huge length of secret and public keys in comparison with RSA o New application and function ETSI Quantum Safe Workshop 2015/4/3 4 MQ problem MPKC are public key cryptosystems whose security depends on the difficulty in solving a system of multivariate quadratic polynomials with coefficients in a finite field .
    [Show full text]
  • Side Channel Analysis Attacks on Stream Ciphers
    Side Channel Analysis Attacks on Stream Ciphers Daehyun Strobel 23.03.2009 Masterarbeit Ruhr-Universität Bochum Lehrstuhl Embedded Security Prof. Dr.-Ing. Christof Paar Betreuer: Dipl.-Ing. Markus Kasper Erklärung Ich versichere, dass ich die Arbeit ohne fremde Hilfe und ohne Benutzung anderer als der angegebenen Quellen angefertigt habe und dass die Arbeit in gleicher oder ähnlicher Form noch keiner anderen Prüfungsbehörde vorgelegen hat und von dieser als Teil einer Prüfungsleistung angenommen wurde. Alle Ausführungen, die wörtlich oder sinngemäß übernommen wurden, sind als solche gekennzeichnet. Bochum, 23.März 2009 Daehyun Strobel ii Abstract In this thesis, we present results from practical differential power analysis attacks on the stream ciphers Grain and Trivium. While most published works on practical side channel analysis describe attacks on block ciphers, this work is among the first ones giving report on practical results of power analysis attacks on stream ciphers. Power analyses of stream ciphers require different methods than the ones used in todays most popular attacks. While for the majority of block ciphers it is sufficient to attack the first or last round only, to analyze a stream cipher typically the information leakages of many rounds have to be considered. Furthermore the analysis of hardware implementations of stream ciphers based on feedback shift registers inevitably leads to methods combining algebraic attacks with methods from the field of side channel analysis. Instead of a direct recovery of key bits, only terms composed of several key bits and bits from the initialization vector can be recovered. An attacker first has to identify a sufficient set of accessible terms to finally solve for the key bits.
    [Show full text]
  • Petawatt and Exawatt Class Lasers Worldwide
    Petawatt and exawatt class lasers worldwide Colin Danson, Constantin Haefner, Jake Bromage, Thomas Butcher, Jean-Christophe Chanteloup, Enam Chowdhury, Almantas Galvanauskas, Leonida Gizzi, Joachim Hein, David Hillier, et al. To cite this version: Colin Danson, Constantin Haefner, Jake Bromage, Thomas Butcher, Jean-Christophe Chanteloup, et al.. Petawatt and exawatt class lasers worldwide. High Power Laser Science and Engineering, Cambridge University Press, 2019, 7, 10.1017/hpl.2019.36. hal-03037682 HAL Id: hal-03037682 https://hal.archives-ouvertes.fr/hal-03037682 Submitted on 3 Dec 2020 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. High Power Laser Science and Engineering, (2019), Vol. 7, e54, 54 pages. © The Author(s) 2019. This is an Open Access article, distributed under the terms of the Creative Commons Attribution licence (http://creativecommons.org/ licenses/by/4.0/), which permits unrestricted re-use, distribution, and reproduction in any medium, provided the original work is properly cited. doi:10.1017/hpl.2019.36 Petawatt and exawatt class lasers worldwide Colin N. Danson1;2;3, Constantin Haefner4;5;6, Jake Bromage7, Thomas Butcher8, Jean-Christophe F. Chanteloup9, Enam A. Chowdhury10, Almantas Galvanauskas11, Leonida A.
    [Show full text]
  • Speke Cycle Route
    www.LetsTravelWise.org 1253 330 0151 Telephone: need. might you else 090305/IS/TM/08O9/P anything and times, the through you talk will bike. by easily more Speke around get and person local a – 33 22 200 0871 travel to way wiser a is cycling how shows leaflet This future. our and us on Traveline call want, for move wise a is out them trying Merseyside, in options of lots have We Updated you train or bus which out find To Getting around Speke on your bike your on Speke around Getting September journey. each making of way Manchester. best the about think to need all we cities big other in seen pollution and and Widnes Warrington, in stations 2011. congestion the avoid to want we If slower. getting is travel car meaning Cycle Speke Cycle for outwards and Centre City the in MA. rapidly, rising is Merseyside in car by made being trips of number the Central Liverpool and Street Lime but journeys, their of many or all for TravelWise already are people Most Liverpool towards stations rail Cross Hunts and Parkway South Liverpool from both operate trains Line City and Northern Frequent Centre. City car. a without journeys make the to Parkway South Liverpool from minutes 15 to 10 about takes only It to everyone for easier it make to aim we Merseytravel, and Authorities Local Merseyside the by Funded sharing. car and transport public cycling, trains. Merseyside walking, more – travel sustainable more encourage to aims TravelWise all on free go Bikes problem. a be can parking where Centre City Liverpool into travelling when or workplace, your or school to get to easier it makes www.transpenninetrail.org.uk Web: This way.
    [Show full text]
  • Hardware Implementation of Four Byte Per Clock RC4 Algorithm Rourab Paul, Amlan Chakrabarti, Senior Member, IEEE, and Ranjan Ghosh
    JOURNAL OF LATEX CLASS FILES, VOL. 6, NO. 1, JANUARY 2007 1 Hardware Implementation of four byte per clock RC4 algorithm Rourab Paul, Amlan Chakrabarti, Senior Member, IEEE, and Ranjan Ghosh, Abstract—In the field of cryptography till date the 2-byte in 1-clock is the best known RC4 hardware design [1], while 1-byte in 1-clock [2], and the 1-byte in 3 clocks [3][4] are the best known implementation. The design algorithm in[2] considers two consecutive bytes together and processes them in 2 clocks. The design [1] is a pipelining architecture of [2]. The design of 1-byte in 3-clocks is too much modular and clock hungry. In this paper considering the RC4 algorithm, as it is, a simpler RC4 hardware design providing higher throughput is proposed in which 6 different architecture has been proposed. In design 1, 1-byte is processed in 1-clock, design 2 is a dynamic KSA-PRGA architecture of Design 1. Design 3 can process 2 byte in a single clock, where as Design 4 is Dynamic KSA-PRGA architecture of Design 3. Design 5 and Design 6 are parallelization architecture design 2 and design 4 which can compute 4 byte in a single clock. The maturity in terms of throughput, power consumption and resource usage, has been achieved from design 1 to design 6. The RC4 encryption and decryption designs are respectively embedded on two FPGA boards as co-processor hardware, the communication between the two boards performed using Ethernet. Keywords—Computer Society, IEEEtran, journal, LATEX, paper, template.
    [Show full text]
  • Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 Family
    Bicliques for Preimages: Attacks on Skein-512 and the SHA-2 family Dmitry Khovratovich1 and Christian Rechberger2 and Alexandra Savelieva3 1Microsoft Research Redmond, USA 2DTU MAT, Denmark 3National Research University Higher School of Economics, Russia Abstract. We present the new concept of biclique as a tool for preimage attacks, which employs many powerful techniques from differential cryptanalysis of block ciphers and hash functions. The new tool has proved to be widely applicable by inspiring many authors to publish new re- sults of the full versions of AES, KASUMI, IDEA, and Square. In this paper, we demonstrate how our concept results in the first cryptanalysis of the Skein hash function, and describe an attack on the SHA-2 hash function with more rounds than before. Keywords: SHA-2, SHA-256, SHA-512, Skein, SHA-3, hash function, meet-in-the-middle attack, splice-and-cut, preimage attack, initial structure, biclique. 1 Introduction The last years saw an exciting progress in preimage attacks on hash functions. In contrast to collision search [29, 26], where differential cryptanalysis has been in use since 90s, there had been no similarly powerful tool for preimages. The situation changed dramatically in 2008, when the so-called splice-and-cut framework has been applied to MD4 and MD5 [2, 24], and later to SHA-0/1/2 [1, 3], Tiger [10], and other primitives. Despite amazing results on MD5, the applications to SHA-x primitives seemed to be limited by the internal properties of the message schedule procedures. The only promising element, the so-called initial structure tool, remained very informal and complicated.
    [Show full text]
  • *UPDATED Canadian Values 07-04 201 7/26/2016 4:42:21 PM *UPDATED Canadian Values 07-04 202 COIN VALUES: CANADA 02 .0 .0 12
    CANADIAN VALUES By Michael Findlay Large Cents VG-8 F-12 VF-20 EF-40 MS-60 MS-63R 1917 1.00 1.25 1.50 2.50 13. 45. CANADA COIN VALUES: 1918 1.00 1.25 1.50 2.50 13. 45. 1919 1.00 1.25 1.50 2.50 13. 45. 1920 1.00 1.25 1.50 3.00 18. 70. CANADIAN COIN VALUES Small Cents PRICE GUIDE VG-8 F-12 VF-20 EF-40 MS-60 MS-63R GEORGE V All prices are in U.S. dollars LargeL Cents C t 1920 0.20 0.35 0.75 1.50 12. 45. Canadian Coin Values is a comprehensive retail value VG-8 F-12 VF-20 EF-40 MS-60 MS-63R 1921 0.50 0.75 1.50 4.00 30. 250. guide of Canadian coins published online regularly at Coin VICTORIA 1922 20. 23. 28. 40. 200. 1200. World’s website. Canadian Coin Values is provided as a 1858 70. 90. 120. 200. 475. 1800. 1923 30. 33. 42. 55. 250. 2000. reader service to collectors desiring independent informa- 1858 Coin Turn NI NI 2500. 5000. BNE BNE 1924 6.00 8.00 11. 16. 120. 800. tion about a coin’s potential retail value. 1859 4.00 5.00 6.00 10. 50. 200. 1925 25. 28. 35. 45. 200. 900. Sources for pricing include actual transactions, public auc- 1859 Brass 16000. 22000. 30000. BNE BNE BNE 1926 3.50 4.50 7.00 12. 90. 650. tions, fi xed-price lists and any additional information acquired 1859 Dbl P 9 #1 225.
    [Show full text]
  • IEEE P1363.2: Password-Based Cryptography
    IEEE P1363.2: Password-based Cryptography David Jablon CTO, Phoenix Technologies NIST PKI TWG - July 30, 2003 What is IEEE P1363.2? • “Standard Specification for Password-Based Public-Key Cryptographic Techniques” • Proposed standard • Companion to IEEE Std 1363-2000 • Product of P1363 Working Group • Open standards process PKI TWG July 2003 IEEE P1363.2: Password-based Cryptography 2 One of several IEEE 1363 standards • Std 1363-2000 • Sign, Encrypt, Key agreem’t, using IF, DL, & EC families • P1363a • Same goals & families as 1363-2000 • P1363.1: Lattice family • Same goals as 1363-2000, Different family • P1363.2: Password-based • Same families • More ambitious goals PKI TWG July 2003 IEEE P1363.2: Password-based Cryptography 3 Scope of P1363.2 • Modern “zero knowledge” password methods • Uses public key techniques • Uses two or more parties • Needs no other infrastructure • Authenticated key establishment • Resists attack on low-grade secrets • passwords, password-derived keys, PINs, ... PKI TWG July 2003 IEEE P1363.2: Password-based Cryptography 4 Rationale (1) • Why low-grade secrets? • People have trouble with high-grade keys • storage -- memorizing • input -- attention to detail • output -- typing • Passwords are ubiquitous • Easy for people to memorize, recognize, and type. • Reduce security/convenience tradeoffs. PKI TWG July 2003 IEEE P1363.2: Password-based Cryptography 5 Rationale (2) • Why use public-key techniques? • Symmetric methods can’t do it. • Why new methods? • Different than symmetric, hash, or other PK crypto. • AES, SHA-1, DH, and RSA can’t do it alone. PKI TWG July 2003 IEEE P1363.2: Password-based Cryptography 6 Chosen Password Quality Summarized from Distribution Morris & Thompson ‘79, Klein ‘90, Spafford ‘92 0 30 or so 60 or so Password Entropy (bits) History of protocols that fail to dictionary attack (or worse) • Clear text password π • Password as a key Eπ (verifiable text) • (e.g.
    [Show full text]
  • Nist Sp 800-77 Rev. 1 Guide to Ipsec Vpns
    NIST Special Publication 800-77 Revision 1 Guide to IPsec VPNs Elaine Barker Quynh Dang Sheila Frankel Karen Scarfone Paul Wouters This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-77r1 C O M P U T E R S E C U R I T Y NIST Special Publication 800-77 Revision 1 Guide to IPsec VPNs Elaine Barker Quynh Dang Sheila Frankel* Computer Security Division Information Technology Laboratory Karen Scarfone Scarfone Cybersecurity Clifton, VA Paul Wouters Red Hat Toronto, ON, Canada *Former employee; all work for this publication was done while at NIST This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-77r1 June 2020 U.S. Department of Commerce Wilbur L. Ross, Jr., Secretary National Institute of Standards and Technology Walter Copan, NIST Director and Under Secretary of Commerce for Standards and Technology Authority This publication has been developed by NIST in accordance with its statutory responsibilities under the Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq., Public Law (P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, including minimum requirements for federal information systems, but such standards and guidelines shall not apply to national security systems without the express approval of appropriate federal officials exercising policy authority over such systems. This guideline is consistent with the requirements of the Office of Management and Budget (OMB) Circular A-130. Nothing in this publication should be taken to contradict the standards and guidelines made mandatory and binding on federal agencies by the Secretary of Commerce under statutory authority.
    [Show full text]
  • Analysing and Patching SPEKE in ISO/IEC
    1 Analysing and Patching SPEKE in ISO/IEC Feng Hao, Roberto Metere, Siamak F. Shahandashti and Changyu Dong Abstract—Simple Password Exponential Key Exchange reported. Over the years, SPEKE has been used in several (SPEKE) is a well-known Password Authenticated Key Ex- commercial applications: for example, the secure messaging change (PAKE) protocol that has been used in Blackberry on Blackberry phones [11] and Entrust’s TruePass end-to- phones for secure messaging and Entrust’s TruePass end-to- end web products. It has also been included into international end web products [16]. SPEKE has also been included into standards such as ISO/IEC 11770-4 and IEEE P1363.2. In the international standards such as IEEE P1363.2 [22] and this paper, we analyse the SPEKE protocol as specified in the ISO/IEC 11770-4 [24]. ISO/IEC and IEEE standards. We identify that the protocol is Given the wide usage of SPEKE in practical applications vulnerable to two new attacks: an impersonation attack that and its inclusion in standards, we believe a thorough allows an attacker to impersonate a user without knowing the password by launching two parallel sessions with the victim, analysis of SPEKE is both necessary and important. In and a key-malleability attack that allows a man-in-the-middle this paper, we revisit SPEKE and its variants specified in (MITM) to manipulate the session key without being detected the original paper [25], the IEEE 1363.2 [22] and ISO/IEC by the end users. Both attacks have been acknowledged by 11770-4 [23] standards.
    [Show full text]
  • Deep Learning-Based Cryptanalysis of Lightweight Block Ciphers
    Hindawi Security and Communication Networks Volume 2020, Article ID 3701067, 11 pages https://doi.org/10.1155/2020/3701067 Research Article Deep Learning-Based Cryptanalysis of Lightweight Block Ciphers Jaewoo So Department of Electronic Engineering, Sogang University, Seoul 04107, Republic of Korea Correspondence should be addressed to Jaewoo So; [email protected] Received 5 February 2020; Revised 21 June 2020; Accepted 26 June 2020; Published 13 July 2020 Academic Editor: Umar M. Khokhar Copyright © 2020 Jaewoo So. +is is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited. Most of the traditional cryptanalytic technologies often require a great amount of time, known plaintexts, and memory. +is paper proposes a generic cryptanalysis model based on deep learning (DL), where the model tries to find the key of block ciphers from known plaintext-ciphertext pairs. We show the feasibility of the DL-based cryptanalysis by attacking on lightweight block ciphers such as simplified DES, Simon, and Speck. +e results show that the DL-based cryptanalysis can successfully recover the key bits when the keyspace is restricted to 64 ASCII characters. +e traditional cryptanalysis is generally performed without the keyspace restriction, but only reduced-round variants of Simon and Speck are successfully attacked. Although a text-based key is applied, the proposed DL-based cryptanalysis can successfully break the full rounds of Simon32/64 and Speck32/64. +e results indicate that the DL technology can be a useful tool for the cryptanalysis of block ciphers when the keyspace is restricted.
    [Show full text]