Algebraic attacks on clock-controlled stream ciphers

Stream ciphers are encryption algorithms used for ensuring the privacy of digital telecommunications. They have been widely used for encrypting military communications, satellite communications, pay TV encryption and for voice encryption of both fixed lined and wireless networks. The current multi year European project eSTREAM, which aims to select stream ciphers suitable for widespread adoptation, reflects the importance of this area of research. Stream ciphers consist of a keystream generator and an output function. Keystream generators produce a sequence that appears to be random, which is combined with the plaintext message using the output function. Most commonly, the output function is binary addition modulo two. Cryptanalysis of these ciphers focuses largely on analysis of the keystream generators and of relationships between the generator and the keystream it produces. Linear feedback shift registers are widely used components in building keystream generators, as the sequences they produce are well understood. Many types of attack have been proposed for breaking various LFSR based stream ciphers. A recent attack type is known as an algebraic attack. Algebraic attacks transform the problem of recovering the key into a problem of solving multivariate system of equations, which eventually recover the internal state bits or the key bits. This type of attack has been shown to be effective on a number of regularly clocked LFSR based stream ciphers. In this thesis, algebraic attacks are extended to a number of well known stream ciphers where at least one LFSR in the system is irregularly clocked. Applying algebriac attacks to these ciphers has only been discussed previously in the open literature for LILI-128. In this thesis, algebraic attacks are first applied to keystream generators using stop-and go clocking. Four ciphers belonging to this group are investigated: the Beth-Piper stop-and-go generator, the alternating step generator, the Gollmann cascade generator and the eSTREAM candidate: the Pomaranch cipher. It is shown that algebraic attacks are very effective on the first three of these ciphers. Although no effective algebraic attack was found for Pomaranch, the algebraic analysis lead to some interesting findings including weaknesses that may be exploited in future attacks. Algebraic attacks are then applied to keystream generators using (p; q) clocking. Two well known examples of such ciphers, the step1/step2 generator and the self decimated generator are investigated. Algebraic attacks are shown to be very powerful attack in recovering the internal state of these generators. A more complex clocking mechanism than either stop-and-go or the (p; q) clocking keystream generators is known as mutual clock control. In mutual clock control generators, the LFSRs control the clocking of each other. Four well known stream ciphers belonging to this group are investigated with respect to algebraic attacks: the Bilateral-stop-and-go generator, A5/1 stream cipher, Alpha 1 stream cipher, and the more recent eSTREAM proposal, the MICKEY stream ciphers. Some theoretical results with regards to the complexity of algebraic attacks on these ciphers are presented. The algebraic analysis of these ciphers showed that generally, it is hard to generate the system of equations required for an algebraic attack on these ciphers. As the algebraic attack could not be applied directly on these ciphers, a different approach was used, namely guessing some bits of the internal state, in order to reduce the degree of the equations. Finally, an algebraic attack on Alpha 1 that requires only 128 bits of keystream to recover the 128 internal state bits is presented. An essential process associated with stream cipher proposals is key initialization. Many recently proposed stream ciphers use an algorithm to initialize the large internal state with a smaller key and possibly publicly known initialization vectors. The effect of key initialization on the performance of algebraic attacks is also investigated in this thesis. The relationships between the two have not been investigated before in the open literature. The investigation is conducted on Trivium and Grain-128, two eSTREAM ciphers. It is shown that the key initialization process has an effect on the success of algebraic attacks, unlike other conventional attacks. In particular, the key initialization process allows an attacker to firstly generate a small number of equations of low degree and then perform an algebraic attack using multiple keystreams. The effect of the number of iterations performed during key initialization is investigated. It is shown that both the number of iterations and the maximum number of initialization vectors to be used with one key should be carefully chosen. Some experimental results on Trivium and Grain-128 are then presented. Finally, the security with respect to algebraic attacks of the well known LILI family of stream ciphers, including the unbroken LILI-II, is investigated. These are irregularly clock- controlled nonlinear filtered generators. While the structure is defined for the LILI family, a particular paramater choice defines a specific instance. Two well known such instances are LILI-128 and LILI-II. The security of these and other instances is investigated to identify which instances are vulnerable to algebraic attacks. The feasibility of recovering the key bits using algebraic attacks is then investigated for both LILI- 128 and LILI-II. Algebraic attacks which recover the internal state with less effort than exhaustive key search are possible for LILI-128 but not for LILI-II. Given the internal state at some point in time, the feasibility of recovering the key bits is also investigated, showing that the parameters used in the key initialization process, if poorly chosen, can lead to a key recovery using algebraic attacks.

Cerebellar augmented joint control for a humanoid robot

The joints of a humanoid robot experience disturbances of markedly different magnitudes during the course of a walking gait. Consequently, simple feedback control techniques poorly track desired joint trajectories. This paper explores the addition of a control system inspired by the architecture of the cerebellum to improve system response. This system learns to compensate the changes in load that occur during a cycle of motion. The joint compensation scheme, called Trajectory Error Learning, augments the existing feedback control loop on a humanoid robot. The results from tests on the GuRoo platform show an improvement in system response for the system when augmented with the cerebellar compensator.

Distributed control of gait for a humanoid robot

This paper describes a walking gait for a humanoid robot with a distributed control system. The motion for the robot is calculated in real time on a central controller, and sent over CAN bus to the distributed control system. The distributed control system loosely follows the motion patterns from the central controller, while also acting to maintain stability and balance. There is no global feedback control system; the system maintains its balance by the interaction between central gait and soft control of the actuators. The paper illustrates a straight line walking gait and shows the interaction between gait generation and the control system. The analysis of the data shows that successful walking can be achieved without maintaining strict local joint control, and without explicit global balance coordination.

Robust tracking control of autonomous underwater vehicles in the presence of disturbance inputs

An autonomous underwater vehicle (AUV) is expected to operate in an ocean in the presence of poorly known disturbance forces and moments. The uncertainties of the environment makes it difficult to apply open-loop control scheme for the motion planning of the vehicle. The objective of this paper is to develop a robust feedback trajectory tracking control scheme for an AUV that can track a prescribed trajectory amidst such disturbances. We solve a general problem of feedback trajectory tracking of an AUV in SE(3). The feedback control scheme is derived using Lyapunov-type analysis. The results obtained from numerical simulations confirm the asymptotic tracking properties of the feedback control law. We apply the feedback control scheme to different mission scenarios, with the disturbances being initial errors in the state of the AUV.

Frank-starling control of a left ventricular assist device

A physiological control system was developed for a rotary left ventricular assist device (LVAD) in which the target pump flow rate (LVADQ) was set as a function of left atrial pressure (LAP), mimicking the Frank-Starling mechanism. The control strategy was implemented using linear PID control and was evaluated in a pulsatile mock circulation loop using a prototyped centrifugal pump by varying pulmonary vascular resistance to alter venous return. The control strategy automatically varied pump speed (2460 to 1740 to 2700 RPM) in response to a decrease and subsequent increase in venous return. In contrast, a fixed-speed pump caused a simulated ventricular suction event during low venous return and higher ventricular volumes during high venous return. The preload sensitivity was increased from 0.011 L/min/mmHg in fixed speed mode to 0.47L/min/mmHg, a value similar to that of the native healthy heart. The sensitivity varied automatically to maintain the LAP and LVADQ within a predefined zone. This control strategy requires the implantation of a pressure sensor in the left atrium and a flow sensor around the outflow cannula of the LVAD. However, appropriate pressure sensor technology is not yet commercially available and so an alternative measure of preload such as pulsatility of pump signals should be investigated.

Collective dynamics and control of a 3-D small-world network with time delays

The paper presents a detailed analysis on the collective dynamics and delayed state feedback control of a three-dimensional delayed small-world network. The trivial equilibrium of the model is first investigated, showing that the uncontrolled model exhibits complicated unbounded behavior. Then three control strategies, namely a position feedback control, a velocity feedback control, and a hybrid control combined velocity with acceleration feedback, are then introduced to stabilize this unstable system. It is shown in these three control schemes that only the hybrid control can easily stabilize the 3-D network system. And with properly chosen delay and gain in the delayed feedback path, the hybrid controlled model may have stable equilibrium, or periodic solutions resulting from the Hopf bifurcation, or complex stranger attractor from the period-doubling bifurcation. Moreover, the direction of Hopf bifurcation and stability of the bifurcation periodic solutions are analyzed. The results are further extended to any "d" dimensional network. It shows that to stabilize a "d" dimensional delayed small-world network, at least a "d – 1" order completed differential feedback is needed. This work provides a constructive suggestion for the high dimensional delayed systems.

Analysis of nonlinear sequences and streamciphers

Streamciphers are common cryptographic algorithms used to protect the confidentiality of frame-based communications like mobile phone conversations and Internet traffic. Streamciphers are ideal cryptographic algorithms to encrypt these types of traffic as they have the potential to encrypt them quickly and securely, and have low error propagation. The main objective of this thesis is to determine whether structural features of keystream generators affect the security provided by stream ciphers.These structural features pertain to the state-update and output functions used in keystream generators. Using linear sequences as keystream to encrypt messages is known to be insecure. Modern keystream generators use nonlinear sequences as keystream.The nonlinearity can be introduced through a keystream generator's state-update function, output function, or both. The first contribution of this thesis relates to nonlinear sequences produced by the well-known Trivium stream cipher. Trivium is one of the stream ciphers selected in a final portfolio resulting from a multi-year project in Europe called the ecrypt project. Trivium's structural simplicity makes it a popular cipher to cryptanalyse, but to date, there are no attacks in the public literature which are faster than exhaustive keysearch. Algebraic analyses are performed on the Trivium stream cipher, which uses a nonlinear state-update and linear output function to produce keystream. Two algebraic investigations are performed: an examination of the sliding property in the initialisation process and algebraic analyses of Trivium-like streamciphers using a combination of the algebraic techniques previously applied separately by Berbain et al. and Raddum. For certain iterations of Trivium's state-update function, we examine the sets of slid pairs, looking particularly to form chains of slid pairs. No chains exist for a small number of iterations.This has implications for the period of keystreams produced by Trivium. Secondly, using our combination of the methods of Berbain et al. and Raddum, we analysed Trivium-like ciphers and improved on previous on previous analysis with regards to forming systems of equations on these ciphers. Using these new systems of equations, we were able to successfully recover the initial state of Bivium-A.The attack complexity for Bivium-B and Trivium were, however, worse than exhaustive keysearch. We also show that the selection of stages which are used as input to the output function and the size of registers which are used in the construction of the system of equations affect the success of the attack. The second contribution of this thesis is the examination of state convergence. State convergence is an undesirable characteristic in keystream generators for stream ciphers, as it implies that the effective session key size of the stream cipher is smaller than the designers intended. We identify methods which can be used to detect state convergence. As a case study, theMixer streamcipher, which uses nonlinear state-update and output functions to produce keystream, is analysed. Mixer is found to suffer from state convergence as the state-update function used in its initialisation process is not one-to-one. A discussion of several other streamciphers which are known to suffer from state convergence is given. From our analysis of these stream ciphers, three mechanisms which can cause state convergence are identified.The effect state convergence can have on stream cipher cryptanalysis is examined. We show that state convergence can have a positive effect if the goal of the attacker is to recover the initial state of the keystream generator. The third contribution of this thesis is the examination of the distributions of bit patterns in the sequences produced by nonlinear filter generators (NLFGs) and linearly filtered nonlinear feedback shift registers. We show that the selection of stages used as input to a keystream generator's output function can affect the distribution of bit patterns in sequences produced by these keystreamgenerators, and that the effect differs for nonlinear filter generators and linearly filtered nonlinear feedback shift registers. In the case of NLFGs, the keystream sequences produced when the output functions take inputs from consecutive register stages are less uniform than sequences produced by NLFGs whose output functions take inputs from unevenly spaced register stages. The opposite is true for keystream sequences produced by linearly filtered nonlinear feedback shift registers.

Robust control algorithm for grid-interfaced three-phase inverters with high-bandwidth LCL filter

The paper introduces the design of robust current and voltage control algorithms for a grid-connected three-phase inverter which is interfaced to the grid through a high-bandwidth three-phase LCL filter. The algorithms are based on the state feedback control which have been designed in a systematic approach and improved by using oversampling to deal with the issues arising due to the high-bandwidth filter. An adaptive loop delay compensation method has also been adopted to minimize the adverse effects of loop delay in digital controller and to increase the robustness of the control algorithm in the presence of parameter variations. Simulation results are presented to validate the effectiveness of the proposed algorithm.

Mathematical modeling of the cancer cell’s control circuitry : paving the way to individualized therapeutic strategies

Cancer is a disease of signal transduction in which the dysregulation of the network of intracellular and extracellular signaling cascades is sufficient to thwart the cells finely-tuned biochemical control mechanisms. A keen interest in the mathematical modeling of cell signaling networks and the regulation of signal transduction has emerged in recent years, and has produced a glimmer of insight into the sophisticated feedback control and network regulation operating within cells. In this review, we present an overview of published theoretical studies on the control aspects of signal transduction, emphasizing the role and importance of mechanisms such as ‘ultrasensitivity’ and feedback loops. We emphasize that these exquisite and often subtle control strategies represent the key to orchestrating ‘simple’ signaling behaviors within the complex intracellular network, while regulating the trade-off between sensitivity and robustness to internal and external perturbations. Through a consideration of these apparent paradoxes, we explore how the basic homeostasis of the intracellular signaling network, in the face of carcinogenesis, can lead to neoplastic progression rather than cell death. A simple mathematical model is presented, furnishing a vivid illustration of how ‘control-oriented’ models of the deranged signaling networks in cancer cells may enucleate improved treatment strategies, including patient-tailored combination therapies, with the potential for reduced toxicity and more robust and potent antitumor activity.

Contactless and replaceable modularized battery energy storage system for electric vehicles

A novel replaceable, modularized energy storage system with wireless interface is proposed for a battery operated electric vehicle (EV). The operation of the proposed system is explained and analyzed with an equivalent circuit and an averaged state-space model. A non-linear feedback linearization based controller is developed and implemented to regulate the DC link voltage by modulating the phase shift ratio. The working and control of the proposed system is verified through simulation and some preliminary results are presented.

Tracking control of a class of Hamiltonian mechanical systems with disturbances

This paper presents a trajectory-tracking control strategy for a class of mechanical systems in Hamiltonian form. The class is characterised by a simplectic interconnection arising from the use of generalised coordinates and full actuation. The tracking error dynamic is modelled as a port-Hamiltonian Systems (PHS). The control action is designed to take the error dynamics into a desired closed-loop PHS characterised by a constant mass matrix and a potential energy with a minimum at the origin. A transformation of the momentum and a feedback control is exploited to obtain a constant generalised mass matrix in closed loop. The stability of the close-loop system is shown using the close-loop Hamiltonian as a Lyapunov function. The paper also considers the addition of integral action to design a robust controller that ensures tracking in spite of disturbances. As a case study, the proposed control design methodology is applied to a fully actuated robotic manipulator.

Energy-based motion control of a slender hull unmanned underwater vehicle

This paper presents a motion control system for tracking of attitude and speed of an underactuated slender-hull unmanned underwater vehicle. The feedback control strategy is developed using the Port-Hamiltonian theory. By shaping of the target dynamics (desired dynamic response in closed loop) with particular attention to the target mass matrix, the influence of the unactuated dynamics on the controlled system is suppressed. This results in achievable dynamics independent of stable uncontrolled states. Throughout the design, the insight of the physical phenomena involved is used to propose the desired target dynamics. Integral action is added to the system for robustness and to reject steady disturbances. This is achieved via a change of coordinates that result in input-to-state stable (ISS) target dynamics. As a final step in the design, an anti-windup scheme is implemented to account for limited actuator capacity, namely saturation. The performance of the design is demonstrated through simulation with a high-fidelity model.

The Dragon stream cipher: Design, analysis and implementation issues

Dragon is a word-based stream cipher. It was submitted to the eSTREAM project in 2005 and has advanced to Phase 3 of the software profile. This paper discusses the Dragon cipher from three perspectives: design, security analysis and implementation. The design of the cipher incorporates a single word-based non-linear feedback shift register and a non-linear filter function with memory. This state is initialized with 128- or 256-bit key-IV pairs. Each clock of the stream cipher produces 64 bits of keystream, using simple operations on 32-bit words. This provides the cipher with a high degree of efficiency in a wide variety of environments, making it highly competitive relative to other symmetric ciphers. The components of Dragon were designed to resist all known attacks. Although the design has been open to public scrutiny for several years, the only published attacks to date are distinguishing attacks which require keystream lengths greatly exceeding the stated 264 bit maximum permitted keystream length for a single key-IV pair.

Bias in the nonlinear filter generator output sequence

Nonlinear filter generators are common components used in the keystream generators for stream ciphers and more recently for authentication mechanisms. They consist of a Linear Feedback Shift Register (LFSR) and a nonlinear Boolean function to mask the linearity of the LFSR output. Properties of the output of a nonlinear filter are not well studied. Anderson noted that the m-tuple output of a nonlinear filter with consecutive taps to the filter function is unevenly distributed. Current designs use taps which are not consecutive. We examine m-tuple outputs from nonlinear filter generators constructed using various LFSRs and Boolean functions for both consecutive and uneven (full positive difference sets where possible) tap positions. The investigation reveals that in both cases, the m-tuple output is not uniform. However, consecutive tap positions result in a more biased distribution than uneven tap positions, with some m-tuples not occurring at all. These biased distributions indicate a potential flaw that could be exploited for cryptanalysis.