Algebraic attacks on clock-controlled stream ciphers

Stream ciphers are encryption algorithms used for ensuring the privacy of digital telecommunications. They have been widely used for encrypting military communications, satellite communications, pay TV encryption and for voice encryption of both fixed lined and wireless networks. The current multi year European project eSTREAM, which aims to select stream ciphers suitable for widespread adoptation, reflects the importance of this area of research. Stream ciphers consist of a keystream generator and an output function. Keystream generators produce a sequence that appears to be random, which is combined with the plaintext message using the output function. Most commonly, the output function is binary addition modulo two. Cryptanalysis of these ciphers focuses largely on analysis of the keystream generators and of relationships between the generator and the keystream it produces. Linear feedback shift registers are widely used components in building keystream generators, as the sequences they produce are well understood. Many types of attack have been proposed for breaking various LFSR based stream ciphers. A recent attack type is known as an algebraic attack. Algebraic attacks transform the problem of recovering the key into a problem of solving multivariate system of equations, which eventually recover the internal state bits or the key bits. This type of attack has been shown to be effective on a number of regularly clocked LFSR based stream ciphers. In this thesis, algebraic attacks are extended to a number of well known stream ciphers where at least one LFSR in the system is irregularly clocked. Applying algebriac attacks to these ciphers has only been discussed previously in the open literature for LILI-128. In this thesis, algebraic attacks are first applied to keystream generators using stop-and go clocking. Four ciphers belonging to this group are investigated: the Beth-Piper stop-and-go generator, the alternating step generator, the Gollmann cascade generator and the eSTREAM candidate: the Pomaranch cipher. It is shown that algebraic attacks are very effective on the first three of these ciphers. Although no effective algebraic attack was found for Pomaranch, the algebraic analysis lead to some interesting findings including weaknesses that may be exploited in future attacks. Algebraic attacks are then applied to keystream generators using (p; q) clocking. Two well known examples of such ciphers, the step1/step2 generator and the self decimated generator are investigated. Algebraic attacks are shown to be very powerful attack in recovering the internal state of these generators. A more complex clocking mechanism than either stop-and-go or the (p; q) clocking keystream generators is known as mutual clock control. In mutual clock control generators, the LFSRs control the clocking of each other. Four well known stream ciphers belonging to this group are investigated with respect to algebraic attacks: the Bilateral-stop-and-go generator, A5/1 stream cipher, Alpha 1 stream cipher, and the more recent eSTREAM proposal, the MICKEY stream ciphers. Some theoretical results with regards to the complexity of algebraic attacks on these ciphers are presented. The algebraic analysis of these ciphers showed that generally, it is hard to generate the system of equations required for an algebraic attack on these ciphers. As the algebraic attack could not be applied directly on these ciphers, a different approach was used, namely guessing some bits of the internal state, in order to reduce the degree of the equations. Finally, an algebraic attack on Alpha 1 that requires only 128 bits of keystream to recover the 128 internal state bits is presented. An essential process associated with stream cipher proposals is key initialization. Many recently proposed stream ciphers use an algorithm to initialize the large internal state with a smaller key and possibly publicly known initialization vectors. The effect of key initialization on the performance of algebraic attacks is also investigated in this thesis. The relationships between the two have not been investigated before in the open literature. The investigation is conducted on Trivium and Grain-128, two eSTREAM ciphers. It is shown that the key initialization process has an effect on the success of algebraic attacks, unlike other conventional attacks. In particular, the key initialization process allows an attacker to firstly generate a small number of equations of low degree and then perform an algebraic attack using multiple keystreams. The effect of the number of iterations performed during key initialization is investigated. It is shown that both the number of iterations and the maximum number of initialization vectors to be used with one key should be carefully chosen. Some experimental results on Trivium and Grain-128 are then presented. Finally, the security with respect to algebraic attacks of the well known LILI family of stream ciphers, including the unbroken LILI-II, is investigated. These are irregularly clock- controlled nonlinear filtered generators. While the structure is defined for the LILI family, a particular paramater choice defines a specific instance. Two well known such instances are LILI-128 and LILI-II. The security of these and other instances is investigated to identify which instances are vulnerable to algebraic attacks. The feasibility of recovering the key bits using algebraic attacks is then investigated for both LILI- 128 and LILI-II. Algebraic attacks which recover the internal state with less effort than exhaustive key search are possible for LILI-128 but not for LILI-II. Given the internal state at some point in time, the feasibility of recovering the key bits is also investigated, showing that the parameters used in the key initialization process, if poorly chosen, can lead to a key recovery using algebraic attacks.

Twelve-month effectiveness of a parent-led, family-focused weight-management program for prepubertal children : a randomized, controlled trial

BACKGROUND Parenting-skills training may be an effective age-appropriate child behavior-modification strategy to assist parents in addressing childhood overweight. OBJECTIVE Our goal was to evaluate the relative effectiveness of parenting-skills training as a key strategy for the treatment of overweight children. DESIGN The design consisted of an assessor-blinded, randomized, controlled trial involving 111 (64% female) overweight, prepubertal children 6 to 9 years of age randomly assigned to parenting-skills training plus intensive lifestyle education, parenting-skills training alone, or a 12-month wait-listed control. Height, BMI, and waist-circumference z score and metabolic profile were assessed at baseline, 6 months, and 12 months (intention to treat). RESULTS After 12 months, the BMI z score was reduced by ∼10% with parenting-skills training plus intensive lifestyle education versus ∼5% with parenting-skills training alone or wait-listing for intervention. Waist-circumference z score fell over 12 months in both intervention groups but not in the control group. There was a significant gender effect, with greater reduction in BMI and waist-circumference z scores in boys compared with girls. CONCLUSION Parenting-skills training combined with promoting a healthy family lifestyle may be an effective approach to weight management in prepubertal children, particularly boys. Future studies should be powered to allow gender subanalysis.

Family-focused weight management program for five- to nine-year-olds incorporating parenting skills training with healthy lifestyle information to support behaviour modification

his case study aims to describe how general parenting principles can be used as part of parent-led, family-focused child weight management that is in line with current Australian Clinical Practice Guidelines. A parent-led, family-focused child weight management program was designed for use by dietitians with parents of young children (five- to nine-year-olds). The program utilises the cornerstones of overweight treatment: diet, activity, behaviour modification and family support delivered in an age-appropriate, family-focused manner. Parents participate in 16 sessions (4 parenting-focused, 8 lifestyle-focused and 4 individual telephone support calls) conducted weekly, fortnightly then monthly over six months. This case study illustrates how a family used the program, resulting in reduced degree of overweight and stabilised waist circumference in the child over 12 months. In conclusion, linking parenting skills to healthy family lifestyle education provides an innovative approach to family-focused child weight management. It addresses key Australian Clinical Practice Guidelines, works at the family level, and provides a means for dietitians to easily adopt age-appropriate behaviour modification as part of their practice.

Design and analysis of group key exchange protocols

A group key exchange (GKE) protocol allows a set of parties to agree upon a common secret session key over a public network. In this thesis, we focus on designing efficient GKE protocols using public key techniques and appropriately revising security models for GKE protocols. For the purpose of modelling and analysing the security of GKE protocols we apply the widely accepted computational complexity approach. The contributions of the thesis to the area of GKE protocols are manifold. We propose the first GKE protocol that requires only one round of communication and is proven secure in the standard model. Our protocol is generically constructed from a key encapsulation mechanism (KEM). We also suggest an efficient KEM from the literature, which satisfies the underlying security notion, to instantiate the generic protocol. We then concentrate on enhancing the security of one-round GKE protocols. A new model of security for forward secure GKE protocols is introduced and a generic one-round GKE protocol with forward security is then presented. The security of this protocol is also proven in the standard model. We also propose an efficient forward secure encryption scheme that can be used to instantiate the generic GKE protocol. Our next contributions are to the security models of GKE protocols. We observe that the analysis of GKE protocols has not been as extensive as that of two-party key exchange protocols. Particularly, the security attribute of key compromise impersonation (KCI) resilience has so far been ignored for GKE protocols. We model the security of GKE protocols addressing KCI attacks by both outsider and insider adversaries. We then show that a few existing protocols are not secure against KCI attacks. A new proof of security for an existing GKE protocol is given under the revised model assuming random oracles. Subsequently, we treat the security of GKE protocols in the universal composability (UC) framework. We present a new UC ideal functionality for GKE protocols capturing the security attribute of contributiveness. An existing protocol with minor revisions is then shown to realize our functionality in the random oracle model. Finally, we explore the possibility of constructing GKE protocols in the attribute-based setting. We introduce the concept of attribute-based group key exchange (AB-GKE). A security model for AB-GKE and a one-round AB-GKE protocol satisfying our security notion are presented. The protocol is generically constructed from a new cryptographic primitive called encapsulation policy attribute-based KEM (EP-AB-KEM), which we introduce in this thesis. We also present a new EP-AB-KEM with a proof of security assuming generic groups and random oracles. The EP-AB-KEM can be used to instantiate our generic AB-GKE protocol.

Efficacy of a progressive walking program and glucosamine sulphate supplementation on osteoarthritic symptoms of the hip and knee: a feasibility trial

Introduction: Management of osteoarthritis (OA) includes the use of non-pharmacological and pharmacological therapies. Although walking is commonly recommended for reducing pain and increasing physical function in people with OA, glucosamine sulphate has also been used to alleviate pain and slow the progression of OA. This study evaluated the effects of a progressive walking program and glucosamine sulphate intake on OA symptoms and physical activity participation in people with mild to moderate hip or knee OA. Methods: Thirty-six low active participants (aged 42 to 73 years) were provided with 1500 mg glucosamine sulphate per day for 6 weeks, after which they began a 12-week progressive walking program, while continuing to take glucosamine. They were randomized to walk 3 or 5 days per week and given a pedometer to monitor step counts. For both groups, step level of walking was gradually increased to 3000 steps/day during the first 6 weeks of walking, and to 6000 steps/day for the next 6 weeks. Primary outcomes included physical activity levels, physical function (self-paced step test), and the WOMAC Osteoarthritis Index for pain, stiffness and physical function. Assessments were conducted at baseline and at 6-, 12-, 18-, and 24-week follow-ups. The Mann Whitney Test was used to examine differences in outcome measures between groups at each assessment, and the Wilcoxon Signed Ranks Test was used to examine differences in outcome measures between assessments. Results: During the first 6 weeks of the study (glucosamine supplementation only), physical activity levels, physical function, and total WOMAC scores improved (P<0.05). Between the start of the walking program (Week 6) and the final follow-up (Week 24), further improvements were seen in these outcomes (P<0.05) although most improvements were seen between Weeks 6 and 12. No significant differences were found between walking groups. Conclusions: In people with hip or knee OA, walking a minimum of 3000 steps (~30 minutes), at least 3 days/week, in combination with glucosamine sulphate, may reduce OA symptoms. A more robust study with a larger sample is needed to support these preliminary findings. Trial Registration: Australian Clinical Trials Registry ACTRN012607000159459.

Implementing a Pattern and Structure Mathematics Awareness Program (PASMAP) in kindergarten

This paper provides an interim report of a large empirical evaluation study in progress. An intervention was implemented to evaluate the effectiveness of the Pattern and Structure Mathematical Awareness Program (PASMAP) on Kindergarten students’ mathematical development. Four large schools (two from Sydney and two from Brisbane), 16 teachers and their 316 students participated in the first phase of a 2-year longitudinal study. Eight of 16 classes implemented the PASMAP program over three school terms. This paper provides an overview of key aspects of the intervention, and preliminary analysis of the impact of PASMAP on students’ representation, abstraction and generalisation of mathematical ideas.

Evaluation of the Scottsdale Loop 101 automated speed enforcement demonstration program

Speeding is recognized as a major contributing factor in traffic crashes. In order to reduce speed-related crashes, the city of Scottsdale, Arizona implemented the first fixed-camera photo speed enforcement program (SEP) on a limited access freeway in the US. The 9-month demonstration program spanning from January 2006 to October 2006 was implemented on a 6.5 mile urban freeway segment of Arizona State Route 101 running through Scottsdale. This paper presents the results of a comprehensive analysis of the impact of the SEP on speeding behavior, crashes, and the economic impact of crashes. The impact on speeding behavior was estimated using generalized least square estimation, in which the observed speeds and the speeding frequencies during the program period were compared to those during other periods. The impact of the SEP on crashes was estimated using 3 evaluation methods: a before-and-after (BA) analysis using a comparison group, a BA analysis with traffic flow correction, and an empirical Bayes BA analysis with time-variant safety. The analysis results reveal that speeding detection frequencies (speeds> or =76 mph) increased by a factor of 10.5 after the SEP was (temporarily) terminated. Average speeds in the enforcement zone were reduced by about 9 mph when the SEP was implemented, after accounting for the influence of traffic flow. All crash types were reduced except rear-end crashes, although the estimated magnitude of impact varies across estimation methods (and their corresponding assumptions). When considering Arizona-specific crash related injury costs, the SEP is estimated to yield about $17 million in annual safety benefits.