Bucket attack on numeric set watermarking model and safeguards

Numeric set watermarking is a way to provide ownership proof for numerical data. Numerical data can be considered to be primitives for multimedia types such as images and videos since they are organized forms of numeric information. Thereby, the capability to watermark numerical data directly implies the capability to watermark multimedia objects and discourage information theft on social networking sites and the Internet in general. Unfortunately, there has been very limited research done in the field of numeric set watermarking due to underlying limitations in terms of number of items in the set and LSBs in each item available for watermarking. In 2009, Gupta et al. proposed a numeric set watermarking model that embeds watermark bits in the items of the set based on a hash value of the items’ most significant bits (MSBs). If an item is chosen for watermarking, a watermark bit is embedded in the least significant bits, and the replaced bit is inserted in the fractional value to provide reversibility. The authors show their scheme to be resilient against the traditional subset addition, deletion, and modification attacks as well as secondary watermarking attacks. In this paper, we present a bucket attack on this watermarking model. The attack consists of creating buckets of items with the same MSBs and determine if the items of the bucket carry watermark bits. Experimental results show that the bucket attack is very strong and destroys the entire watermark with close to 100% success rate. We examine the inherent weaknesses in the watermarking model of Gupta et al. that leave it vulnerable to the bucket attack and propose potential safeguards that can provide resilience against this attack.

Cryptanalysis of LASH

We show that the LASH-x hash function is vulnerable to attacks that trade time for memory, including collision attacks as fast as 2(4x/11) and preimage attacks as fast as 2(4x/7). Moreover, we briefly mention heuristic lattice based collision attacks that use small memory but require very long messages that are expected to find collisions much faster than 2 x/2. All of these attacks exploit the designers’ choice of an all zero IV. We then consider whether LASH can be patched simply by changing the IV. In this case, we show that LASH is vulnerable to a 2(7x/8) preimage attack. We also show that LASH is trivially not a PRF when any subset of input bytes is used as a secret key. None of our attacks depend upon the particular contents of the LASH matrix – we only assume that the distribution of elements is more or less uniform.

Known and chosen key differential distinguishers for block ciphers

In this paper we investigate the differential properties of block ciphers in hash function modes of operation. First we show the impact of differential trails for block ciphers on collision attacks for various hash function constructions based on block ciphers. Further, we prove the lower bound for finding a pair that follows some truncated differential in case of a random permutation. Then we present open-key differential distinguishers for some well known round-reduced block ciphers.

Extensions of the cube attack based on low degree annihilators

At Crypto 2008, Shamir introduced a new algebraic attack called the cube attack, which allows us to solve black-box polynomials if we are able to tweak the inputs by varying an initialization vector. In a stream cipher setting where the filter function is known, we can extend it to the cube attack with annihilators: By applying the cube attack to Boolean functions for which we can find low-degree multiples (equivalently annihilators), the attack complexity can be improved. When the size of the filter function is smaller than the LFSR, we can improve the attack complexity further by considering a sliding window version of the cube attack with annihilators. Finally, we extend the cube attack to vectorial Boolean functions by finding implicit relations with low-degree polynomials.

Cryptanalysis of the LAKE hash family

We analyse the security of the cryptographic hash function LAKE-256 proposed at FSE 2008 by Aumasson, Meier and Phan. By exploiting non-injectivity of some of the building primitives of LAKE, we show three different collision and near-collision attacks on the compression function. The first attack uses differences in the chaining values and the block counter and finds collisions with complexity 233. The second attack utilizes differences in the chaining values and salt and yields collisions with complexity 242. The final attack uses differences only in the chaining values to yield near-collisions with complexity 299. All our attacks are independent of the number of rounds in the compression function. We illustrate the first two attacks by showing examples of collisions and near-collisions.

The collision induced loss of carbon monoxide from deprotonated benzyl benzoate in the gas phase. An anionic 1,2-Wittig type rearrangement

The ion PhCO2--CHPh, upon collision activation, undergoes competitive losses of CO and CO2 of which the former process produces the base peak of the spectrum. Product ion and substituent effect (Hammett) studies indicate that PhCO2--CHPh cyclises to a deprotonated hydroxydiphenyloxirane which ring opens to PhCOCH(O-)Ph. This anion then undergoes an anionic 1,2-Wittig type rearrangement {through [PhCO- (PhCHO)]} to form Ph2CHO- and CO. The mechanism of the 1,2-rearrangement has been probed by an ab initio study [at MP4(SDTQ)/6-31++G(d,p) level] of the model system HCOCH2O- →; MeO- + CO The analogous system RCO2--CHPh (R = alkyl) similarly loses CO, and the migratory aptitudes of the alkyl R groups in this reaction are Bu′ > Me > Et ∼Pri). This trend correlates with the order of anion basicities (i.e. the order of ΔG○acid values of RH), supporting the operation of an anion migration process. The loss of CO2 from PhCO2--CHPh yields Ph2CH- as the anionic product: several mechanistic scenarios are possible, one of which involves an initial ipso nucleophilic substitution.

The loss of carbon dioxide from activated perbenzoate anions in the gas phase : Unimolecular rearrangement via epoxidation of the benzene ring

The unimolecular reactivities of a range of perbenzoate anions (X-C6H5CO3-), including the perbenzoate anion itself (X=H), nitroperbenzoates (X=para-, meta-, ortho-NO2), and methoxyperbenzoates (X=para-, meta-OCH3) were investigated in the gas phase by electrospray ionization tandem mass spectrometry. The collision-induced dissociation mass spectra of these compounds reveal product ions consistent with a major loss of carbon dioxide requiring unimolecular rearrangement of the perbenzoate anion prior to fragmentation. Isotopic labeling of the perbenzoate anion supports rearrangement via an initial nucleophilic aromatic substitution at the ortho carbon of the benzene ring, while data from substituted perbenzoates indicate that nucleophilic attack at the ipso carbon can be induced in the presence of electron-withdrawing moieties at the ortho and para positions. Electronic structure calculations carried out at the B3LYP/6311++G(d,p) level of theory reveal two competing reaction pathways for decarboxylation of perbenzoate anions via initial nucleophilic substitution at the ortho and ipso positions, respectively. Somewhat surprisingly, however, the computational data indicate that the reaction proceeds in both instances via epoxidation of the benzene ring with decarboxylation resulting-at least initially-in the formation of oxepin or benzene oxide anions rather than the energetically favored phenoxide anion. As such, this novel rearrangement of perbenzoate anions provides an intriguing new pathway for epoxidation of the usually inert benzene ring.

An attack-localizing watermarking scheme for natural language documents

We present a text watermarking scheme that embeds a bitstream watermark Wi in a text document P preserving the meaning, context, and flow of the document. The document is viewed as a set of paragraphs, each paragraph being a set of sentences. The sequence of paragraphs and sentences used to embed watermark bits is permuted using a secret key. Then, English language sentence transformations are used to modify sentence lengths, thus embedding watermarking bits in the Least Significant Bits (LSB) of the sentences’ cardinalities. The embedding and extracting algorithms are public, while the secrecy and security of the watermark depends on a secret key K. The probability of False Positives is extremely small, hence avoiding incidental occurrences of our watermark in random text documents. Majority voting provides security against text addition, deletion, and swapping attacks, further reducing the probability of False Positives. The scheme is secure against the general attacks on text watermarks such as reproduction (photocopying, FAX), reformatting, synonym substitution, text addition, text deletion, text swapping, paragraph shuffling and collusion attacks.

Converse results to the Wiener attack on RSA

A well-known attack on RSA with low secret-exponent d was given by Wiener about 15 years ago. Wiener showed that using continued fractions, one can efficiently recover the secret-exponent d from the public key (N,e) as long as d < N 1/4. Interestingly, Wiener stated that his attack may sometimes also work when d is slightly larger than N 1/4. This raises the question of how much larger d can be: could the attack work with non-negligible probability for d=N 1/4 + ρ for some constant ρ > 0? We answer this question in the negative by proving a converse to Wiener’s result. Our result shows that, for any fixed ε > 0 and all sufficiently large modulus lengths, Wiener’s attack succeeds with negligible probability over a random choice of d < N δ (in an interval of size Ω(N δ )) as soon as δ > 1/4 + ε. Thus Wiener’s success bound dattack, which are guaranteed to succeed even when δ > 1/4. The known attacks in this class (by Verheul and Van Tilborg and Dujella) run in exponential time, so it is natural to ask whether there exists an attack in this class with subexponential run-time. Our second converse result answers this question also in the negative.

Crossword puzzle attack on NLS

NLS is one of the stream ciphers submitted to the eSTREAM project. We present a distinguishing attack on NLS by Crossword Puzzle (CP) attack method which is introduced in this paper. We build the distinguisher by using linear approximations of both the non-linear feedback shift register (NFSR) and the nonlinear filter function (NLF). Since the bias of the distinguisher depends on the Konst value, which is a key-dependent word, we present the graph showing how the bias of distinguisher vary with Konst. In result, we estimate the bias of the distinguisher to be around O(2^−30). Therefore, we claim that NLS is distinguishable from truly random cipher after observing O(2^60) keystream words. The experiments also show that our distinguishing attack is successful on 90.3% of Konst among 2^32 possible values. We extend the CP attack to NLSv2 which is a tweaked version of NLS. In result, we build a distinguisher which has the bias of around 2− 48. Even though this attack is below the eSTREAM criteria (2^−40), the security margin of NLSv2 seems to be too low.

Distinguishing attack on SOBER-128 with linear masking

We present a distinguishing attack against SOBER-128 with linear masking. We found a linear approximation which has a bias of 2^− − 8.8 for the non-linear filter. The attack applies the observation made by Ekdahl and Johansson that there is a sequence of clocks for which the linear combination of some states vanishes. This linear dependency allows that the linear masking method can be applied. We also show that the bias of the distinguisher can be improved (or estimated more precisely) by considering quadratic terms of the approximation. The probability bias of the quadratic approximation used in the distinguisher is estimated to be equal to O(2^− − 51.8), so that we claim that SOBER-128 is distinguishable from truly random cipher by observing O(2^103.6) keystream words.

How should future building structure and emergency response cope with bushfire attack?

Bushfires are regular occurrences in the Australian landscape which can, under adverse weather conditions, give rise to losses of life, property, infrastructure, environmental and cultural values. Where property loss is involved, historical surveys of house losses have focussed on ember, radiant heat and flame contact as key bushfire attack mechanisms. Although often noted, little work has been done to quantify the impact of fire generated or fire enhanced wind and pyro-convective events on house loss and to improve construction practice within Australia. It is well known that strong winds are always associated with bushfire events. It is less well known, although increasingly shown through anecdotal evidence, that bushfires are not a passive companion of wind, but indeed they interact with winds and can together cause significant damages to exposed buildings and ecological structures. Previous studies have revealed the effects of wind, fire and structure interactions with the result of increased pressure coefficient distributions on the windward side of a building downstream of a fire front. This paper presents a further analysis of the result in relations to the relevant standards and fire weather conditions. A review of wind code and bushfire code was conducted. Based on the result of the current study, the authors believe it is necessary to consider wind as an attack mechanism in bushfire events. The results of the study will also have implications on bushfire emergency management, design of emergency shelters, perception of danger, emergency evacuation and on risk assessment.

Multiple modular additions and crossword puzzle attack on NLSv2

NLS is a stream cipher which was submitted to the eSTREAM project. A linear distinguishing attack against NLS was presented by Cho and Pieprzyk, which was called Crossword Puzzle (CP) attack. NLSv2 is a tweak version of NLS which aims mainly at avoiding the CP attack. In this paper, a new distinguishing attack against NLSv2 is presented. The attack exploits high correlation amongst neighboring bits of the cipher. The paper first shows that the modular addition preserves pairwise correlations as demonstrated by existence of linear approximations with large biases. Next, it shows how to combine these results with the existence of high correlation between bits 29 and 30 of the S-box to obtain a distinguisher whose bias is around 2^−37. Consequently, we claim that NLSv2 is distinguishable from a random cipher after observing around 2^74 keystream words.

Decision strategies for automated visual collision avoidance

This paper provides a preliminary analysis of an autonomous uncooperative collision avoidance strategy for unmanned aircraft using image-based visual control. Assuming target detection, the approach consists of three parts. First, a novel decision strategy is used to determine appropriate reference image features to track for safe avoidance. This is achieved by considering the current rules of the air (regulations), the properties of spiral motion and the expected visual tracking errors. Second, a spherical visual predictive control (VPC) scheme is used to guide the aircraft along a safe spiral-like trajectory about the object. Lastly, a stopping decision based on thresholding a cost function is used to determine when to stop the avoidance behaviour. The approach does not require estimation of range or time to collision, and instead relies on tuning two mutually exclusive decision thresholds to ensure satisfactory performance.

Detection of sinkhole attack in wireless sensor networks

Generally wireless sensor networks rely of many-to-one communication approach for data gathering. This approach is extremely susceptible to sinkhole attack, where an intruder attracts surrounding nodes with unfaithful routing information, and subsequently presents selective forwarding or change the data that carry through it. A sinkhole attack causes an important threat to sensor networks and it should be considered that the sensor nodes are mostly spread out in open areas and of weak computation and battery power. In order to detect the intruder in a sinkhole attack this paper suggests an algorithm which firstly finds a group of suspected nodes by analyzing the consistency of data. Then, the intruder is recognized efficiently in the group by checking the network flow information. The proposed algorithm's performance has been evaluated by using numerical analysis and simulations. Therefore, accuracy and efficiency of algorithm would be verified.