990 resultados para weak key-IV combinations


Relevância:

100.00% 100.00%

Publicador:

Resumo:

A5/1 is a shift register based stream cipher which provides privacy for the GSM system. In this paper, we analyse the loading of the secret key and IV during the initialisation process of A5/1. We demonstrate the existence of weak key-IV pairs in the A5/1 cipher due to this loading process; these weak key-IV pairs may generate one, two or three registers containing all-zero values, which may lead in turn to weak keystream sequences. In the case where two or three registers contain only zeros, we describe a distinguisher which leads to a complete decryption of the affected messages.

Relevância:

100.00% 100.00%

Publicador:

Resumo:

Stream ciphers are symmetric key cryptosystems that are used commonly to provide confidentiality for a wide range of applications; such as mobile phone, pay TV and Internet data transmissions. This research examines the features and properties of the initialisation processes of existing stream ciphers to identify flaws and weaknesses, then presents recommendations to improve the security of future cipher designs. This research investigates well-known stream ciphers: A5/1, Sfinks and the Common Scrambling Algorithm Stream Cipher (CSA-SC). This research focused on the security of the initialisation process. The recommendations given are based on both the results in the literature and the work in this thesis.

Relevância:

100.00% 100.00%

Publicador:

Resumo:

Multi-party key agreement protocols indirectly assume that each principal equally contributes to the final form of the key. In this paper we consider three malleability attacks on multi-party key agreement protocols. The first attack, called strong key control allows a dishonest principal (or a group of principals) to fix the key to a pre-set value. The second attack is weak key control in which the key is still random, but the set from which the key is drawn is much smaller than expected. The third attack is named selective key control in which a dishonest principal (or a group of dishonest principals) is able to remove a contribution of honest principals to the group key. The paper discusses the above three attacks on several key agreement protocols, including DH (Diffie-Hellman), BD (Burmester-Desmedt) and JV (Just-Vaudenay). We show that dishonest principals in all three protocols can weakly control the key, and the only protocol which does not allow for strong key control is the DH protocol. The BD and JV protocols permit to modify the group key by any pair of neighboring principals. This modification remains undetected by honest principals.

Relevância:

100.00% 100.00%

Publicador:

Resumo:

Dragon is a word-based stream cipher. It was submitted to the eSTREAM project in 2005 and has advanced to Phase 3 of the software profile. This paper discusses the Dragon cipher from three perspectives: design, security analysis and implementation. The design of the cipher incorporates a single word-based non-linear feedback shift register and a non-linear filter function with memory. This state is initialized with 128- or 256-bit key-IV pairs. Each clock of the stream cipher produces 64 bits of keystream, using simple operations on 32-bit words. This provides the cipher with a high degree of efficiency in a wide variety of environments, making it highly competitive relative to other symmetric ciphers. The components of Dragon were designed to resist all known attacks. Although the design has been open to public scrutiny for several years, the only published attacks to date are distinguishing attacks which require keystream lengths greatly exceeding the stated 264 bit maximum permitted keystream length for a single key-IV pair.

Relevância:

100.00% 100.00%

Publicador:

Resumo:

An initialisation process is a key component in modern stream cipher design. A well-designed initialisation process should ensure that each key-IV pair generates a different key stream. In this paper, we analyse two ciphers, A5/1 and Mixer, for which this does not happen due to state convergence. We show how the state convergence problem occurs and estimate the effective key-space in each case.

Relevância:

100.00% 100.00%

Publicador:

Resumo:

This paper presents an analysis of the stream cipher Mixer, a bit-based cipher with structural components similar to the well-known Grain cipher and the LILI family of keystream generators. Mixer uses a 128-bit key and 64-bit IV to initialise a 217-bit internal state. The analysis is focused on the initialisation function of Mixer and shows that there exist multiple key-IV pairs which, after initialisation, produce the same initial state, and consequently will generate the same keystream. Furthermore, if the number of iterations of the state update function performed during initialisation is increased, then the number of distinct initial states that can be obtained decreases. It is also shown that there exist some distinct initial states which produce the same keystream, resulting in a further reduction of the effective key space

Relevância:

100.00% 100.00%

Publicador:

Resumo:

Sfinks is a shift register based stream cipher designed for hardware implementation and submitted to the eSTREAM project. In this paper, we analyse the initialisation process of Sfinks. We demonstrate a slid property of the loaded state of the Sfinks cipher, where multiple key-IV pairs may produce phase shifted keystream sequences. The state update functions of both the initialisation process and keystream generation and also the pattern of the padding affect generation of the slid pairs.

Relevância:

100.00% 100.00%

Publicador:

Resumo:

Well-designed initialisation and keystream generation processes for stream ciphers should ensure that each key-IV pair generates a distinct keystream. In this paper, we analyse some ciphers where this does not happen due to state convergence occurring either during initialisation, keystream generation or both. We show how state convergence occurs in each case and identify two mechanisms which can cause state convergence.

Relevância:

100.00% 100.00%

Publicador:

Resumo:

A5/1 is a shift register based stream cipher which uses a majority clocking rule to update its registers. It is designed to provide privacy for the GSM system. In this paper, we analyse the initialisation process of A5/1. We demonstrate a sliding property of the A5/1 cipher, where every valid internal state is also a legitimate loaded state and multiple key-IV pairs produce phase shifted keystream sequences. We describe a possible ciphertext only attack based on this property.

Relevância:

100.00% 100.00%

Publicador:

Resumo:

So far, low probability differentials for the key schedule of block ciphers have been used as a straightforward proof of security against related-key differential analysis. To achieve resistance, it is believed that for cipher with k-bit key it suffices the upper bound on the probability to be 2− k . Surprisingly, we show that this reasonable assumption is incorrect, and the probability should be (much) lower than 2− k . Our counter example is a related-key differential analysis of the well established block cipher CLEFIA-128. We show that although the key schedule of CLEFIA-128 prevents differentials with a probability higher than 2− 128, the linear part of the key schedule that produces the round keys, and the Feistel structure of the cipher, allow to exploit particularly chosen differentials with a probability as low as 2− 128. CLEFIA-128 has 214 such differentials, which translate to 214 pairs of weak keys. The probability of each differential is too low, but the weak keys have a special structure which allows with a divide-and-conquer approach to gain an advantage of 27 over generic analysis. We exploit the advantage and give a membership test for the weak-key class and provide analysis of the hashing modes. The proposed analysis has been tested with computer experiments on small-scale variants of CLEFIA-128. Our results do not threaten the practical use of CLEFIA.

Relevância:

40.00% 40.00%

Publicador:

Resumo:

We introduce the notion of distributed password-based public-key cryptography, where a virtual high-entropy private key is implicitly defined as a concatenation of low-entropy passwords held in separate locations. The users can jointly perform private-key operations by exchanging messages over an arbitrary channel, based on their respective passwords, without ever sharing their passwords or reconstituting the key. Focusing on the case of ElGamal encryption as an example, we start by formally defining ideal functionalities for distributed public-key generation and virtual private-key computation in the UC model. We then construct efficient protocols that securely realize them in either the RO model (for efficiency) or the CRS model (for elegance). We conclude by showing that our distributed protocols generalize to a broad class of “discrete-log”-based public-key cryptosystems, which notably includes identity-based encryption. This opens the door to a powerful extension of IBE with a virtual PKG made of a group of people, each one memorizing a small portion of the master key.

Relevância:

40.00% 40.00%

Publicador:

Resumo:

Few attempts have been made to improve the activity of plant compounds with low antimicrobial efficacy. (+)-Catechin, a weak antimicrobial tea flavanol, was combined with putative adjuncts and tested against different species of bacteria. Copper(II) sulphate enhanced (+)-catechin activity against Pseudomonas aeruginosa but not Staphylococcus aureus, Proteus mirabilis or Escherichia coli. Attempts to raise the activity of (+)-catechin against two unresponsive species, S. aureus and E. coli, with iron(II) sulphate, iron(III) chloride, and vitamin C, showed that iron(II) enhanced (+)-catechin against S. aureus, but not E. coli; neither iron(III) nor combined iron(II) and copper(II), enhanced (+)-catechin activity against either species. Vitamin C enhanced copper(II) containing combinations against both species in the absence of iron(II). Catalase or EDTA added to active samples removed viability effects suggesting that active mixtures had produced H2O2via the action of added metal(II) ions. H2O2 generation by (+)-catechin plus copper(II) mixtures and copper(II) alone could account for the principal effect of bacterial growth inhibition following 30 minute exposures as well as the antimicrobial effect of (+)-catechin–iron(II) against S. aureus. These novel findings about a weak antimicrobial flavanol contrast with previous knowledge of more active flavanols with transition metal combinations. Weak antimicrobial compounds like (+)-catechin within enhancement mixtures may therefore be used as efficacious agents. (+)-Catechin may provide a means of lowering copper(II) or iron(II) contents in certain crop protection and other products.

Relevância:

40.00% 40.00%

Publicador:

Resumo:

This dissertation deals with the problem of making inference when there is weak identification in models of instrumental variables regression. More specifically we are interested in one-sided hypothesis testing for the coefficient of the endogenous variable when the instruments are weak. The focus is on the conditional tests based on likelihood ratio, score and Wald statistics. Theoretical and numerical work shows that the conditional t-test based on the two-stage least square (2SLS) estimator performs well even when instruments are weakly correlated with the endogenous variable. The conditional approach correct uniformly its size and when the population F-statistic is as small as two, its power is near the power envelopes for similar and non-similar tests. This finding is surprising considering the bad performance of the two-sided conditional t-tests found in Andrews, Moreira and Stock (2007). Given this counter intuitive result, we propose novel two-sided t-tests which are approximately unbiased and can perform as well as the conditional likelihood ratio (CLR) test of Moreira (2003).

Relevância:

30.00% 30.00%

Publicador:

Resumo:

The following exegesis will detail the key advantages and disadvantages of combining a traditional talk show genre with a linear documentary format using a small production team and a limited budget in a fast turnaround weekly environment. It will deal with the Australian Broadcasting Corporation series Talking Heads, broadcast weekly in the early evening schedule for the network at 18.30 with the presenter Peter Thompson. As Executive Producer for the programme at its inception I was responsible for setting it up for the ABC in Brisbane, a role that included selecting most of the team to work on the series and commissioning the music, titles and all other aspects required to bring the show to the screen. What emerged when producing this generic hybrid will be examined at length, including: „h The talk show/documentary hybrid format needs longer than 26¡¦30¡¨ to be entirely successful. „h The type of presenter ideally suited to the talk show/documentary format requires someone who is genuinely interested in their guests and flexible enough to maintain the format against tangential odds. „h The use of illustrative footage shot in a documentary style narrative improves the talk show format. iv „h The fast turnaround of the talk show/documentary hybrid puts tremendous pressure on the time frames for archive research and copyright clearance and therefore needs to be well-resourced. „h In a fast turnaround talk show/documentary format the field components are advantageous but require very low shooting ratios to be sustainable. „h An intimate set works best for a talk show hybrid like this. Also submitted are two DVDs of recordings of programmes I produced and directed from the first and third series. These are for consideration in the practical component of this project and reflect the changes that I made to the series.