The BRUTUS Automatic Cryptanalytic Framework: Testing CAESAR Authenticated Encryption Candidates for Weaknesses

This report summarizes our results from security analysis covering all 57 competitions for authenticated encryption: security, applicability, and robustness (CAESAR) first-round candidates and over 210 implementations. We have manually identified security issues with three candidates, two of which are more serious, and these ciphers have been withdrawn from the competition. We have developed a testing framework, BRUTUS, to facilitate automatic detection of simple security lapses and susceptible statistical structures across all ciphers. From this testing, we have security usage notes on four submissions and statistical notes on a further four. We highlight that some of the CAESAR algorithms pose an elevated risk if employed in real-life protocols due to a class of adaptive-chosen-plaintext attacks. Although authenticated encryption with associated data are often defined (and are best used) as discrete primitives that authenticate and transmit only complete messages, in practice, these algorithms are easily implemented in a fashion that outputs observable ciphertext data when the algorithm has not received all of the (attacker-controlled) plaintext. For an implementor, this strategy appears to offer seemingly harmless and compliant storage and latency advantages. If the algorithm uses the same state for secret keying information, encryption, and integrity protection, and the internal mixing permutation is not cryptographically strong, an attacker can exploit the ciphertext–plaintext feedback loop to reveal secret state information or even keying material. We conclude that the main advantages of exhaustive, automated cryptanalysis are that it acts as a very necessary sanity check for implementations and gives the cryptanalyst insights that can be used to focus more specific attack methods on given candidates.

Improving composite damage modelling through automatic placement of cohesive elements

Numerous experimental studies of damage in composite laminates have shown that intralaminar (in-plane) matrix cracks lead to interlaminar delamination (out-of-plane) at ply interfaces. The smearing of in-plane cracks over a volume, as a consequence of the use of continuum damage mechanics, does not always effectively capture the full extent of the interaction between the two failure mechanisms. A more accurate representation is obtained by adopting a discrete crack approach via the use of cohesive elements, for both in-plane and out-of-plane damage. The difficulty with cohesive elements is that their location must be determined a priori in order to generate the model; while ideally the position of the crack migration, and more generally the propagation path, should be obtained as part of the problem’s solution. With the aim of enhancing current modelling capabilities with truly predictive capabilities, a concept of automatic insertion of interface elements is utilized. The consideration of a simple traction criterion in relation to material strength, evaluated at each node of the model (or of the regions of the model where it is estimated cracks might form), allows for the determination of initial crack location and subsequent propagation by the insertion of cohesive elements during the course of the analysis. Several experimental results are modelled using the commercial package ABAQUS/Standard with an automatic insertion subroutine developed in this work, and the results are presented to demonstrate the capabilities of this technique.