Initialisation flaws in the A5-GMR-1 satphone encryption algorithm

A5-GMR-1 is a synchronous stream cipher used to provide confidentiality for communications between satellite phones and satellites. The keystream generator may be considered as a finite state machine, with an internal state of 81 bits. The design is based on four linear feedback shift registers, three of which are irregularly clocked. The keystream generator takes a 64-bit secret key and 19-bit frame number as inputs, and produces an output keystream of length between $2^8$ and $2^{10}$ bits. Analysis of the initialisation process for the keystream generator reveals serious flaws which significantly reduce the number of distinct keystreams that the generator can produce. Multiple (key, frame number) pairs produce the same keystream, and the relationship between the various pairs is easy to determine. Additionally, many of the keystream sequences produced are phase shifted versions of each other, for very small phase shifts. These features increase the effectiveness of generic time-memory tradeoff attacks on the cipher, making such attacks feasible.

Secure stream cipher initialisation processes

Stream ciphers are symmetric key cryptosystems that are used commonly to provide confidentiality for a wide range of applications; such as mobile phone, pay TV and Internet data transmissions. This research examines the features and properties of the initialisation processes of existing stream ciphers to identify flaws and weaknesses, then presents recommendations to improve the security of future cipher designs. This research investigates well-known stream ciphers: A5/1, Sfinks and the Common Scrambling Algorithm Stream Cipher (CSA-SC). This research focused on the security of the initialisation process. The recommendations given are based on both the results in the literature and the work in this thesis.

Word-perfect Gatsby overcomes its flaws

Review of 'Gatz', Elevator Repair Company / Brisbane Powerhouse, published in The Australian, 12 May 2009.

State convergence in the initialisation of stream ciphers

An initialisation process is a key component in modern stream cipher design. A well-designed initialisation process should ensure that each key-IV pair generates a different key stream. In this paper, we analyse two ciphers, A5/1 and Mixer, for which this does not happen due to state convergence. We show how the state convergence problem occurs and estimate the effective key-space in each case.

State convergence in the initialisation of the Sfinks stream cipher

Sfinks is a shift register based stream cipher designed for hardware implementation. The initialisation state update function is different from the state update function used for keystream generation. We demonstrate state convergence during the initialisation process, even though the individual components used in the initialisation are one-to-one. However, the combination of these components is not one-to-one.

Slid pairs in the initialisation of the A5/1 stream cipher

A5/1 is a shift register based stream cipher which uses a majority clocking rule to update its registers. It is designed to provide privacy for the GSM system. In this paper, we analyse the initialisation process of A5/1. We demonstrate a sliding property of the A5/1 cipher, where every valid internal state is also a legitimate loaded state and multiple key-IV pairs produce phase shifted keystream sequences. We describe a possible ciphertext only attack based on this property.

Fatal flaws : the risks for beneficiaries who assist a suicide

The recent criminal conviction of Queensland teacher Merin Nielsen for aiding the suicide of an elderly acquaintance, Frank Ward, raises some timely issues, particularly for succession lawyers.

Weaknesses in the initialisation process of the Common Scrambling Algorithm Stream Cipher

The Common Scrambling Algorithm Stream Cipher (CSASC) is a shift register based stream cipher designed to encrypt digital video broadcast. CSA-SC produces a pseudo-random binary sequence that is used to mask the contents of the transmission. In this paper, we analyse the initialisation process of the CSA-SC keystream generator and demonstrate weaknesses which lead to state convergence, slid pairs and shifted keystreams. As a result, the cipher may be vulnerable to distinguishing attacks, time-memory-data trade-off attacks or slide attacks.

Correcting flaws in Mitchell’s analysis of EPBC

Efficient error-Propagating Block Chaining (EPBC) is a block cipher mode intended to simultaneously provide both confidentiality and integrity protection for messages. Mitchell’s analysis pointed out a weakness in the EPBC integrity mechanism that can be used in a forgery attack. This paper identifies and corrects a flaw in Mitchell’s analysis of EPBC, and presents other attacks on the EPBC integrity mechanism.

Improved Kalman filter initialisation using neurofuzzy estimation

It is traditional to initialise Kalman filters and extended Kalman filters with estimates of the states calculated directly from the observed (raw) noisy inputs, but unfortunately their performance is extremely sensitive to state initialisation accuracy: good initial state estimates ensure fast convergence whereas poor estimates may give rise to slow convergence or even filter divergence. Divergence is generally due to excessive observation noise and leads to error magnitudes that quickly become unbounded (R.J. Fitzgerald, 1971). When a filter diverges, it must be re initialised but because the observations are extremely poor, re initialised states will have poor estimates. The paper proposes that if neurofuzzy estimators produce more accurate state estimates than those calculated from the observed noisy inputs (using the known state model), then neurofuzzy estimates can be used to initialise the states of Kalman and extended Kalman filters. Filters whose states have been initialised with neurofuzzy estimates should give improved performance by way of faster convergence when the filter is initialised, and when a filter is re started after divergence

Flaws in the current method for calculating methane emissions during dairy manure management in New Zealand

New Zealand's Greenhouse Gas Inventory (the NZ Inventory) currently estimates methane (CH4) emissions from anaerobic dairy effluent ponds by: (1) determining the total pond volume across New Zealand; (2) dividing this volume by depth to obtain the total pond surface area; and (3) multiplying this area by an observational average CH4 flux. Unfortunately, a mathematically erroneous determination of pond volume has led to an imbalanced equation and a geometry error was made when scaling-up the observational CH4 flux. Furthermore, even if these errors are corrected, the nationwide estimate still hinges on field data from a study that used a debatable method to measure pond CH4 emissions at a single site, as well as a potentially inaccurate estimation of the amount of organic waste anaerobically treated. The development of a new methodology is therefore critically needed.

Talbot effect of a grating with different kinds of flaws

The Talbot effect of a grating with different kinds of flaws is analyzed with the finite-difference time-domain (FDTD) method. The FDTD method can show the exact near-field distribution of different flaws in a high-density grating, which is impossible to obtain with the conventional Fourier transform method. The numerical results indicate that if a grating is perfect, its Talbot imaging should also be perfect; if the grating is distorted, its Talbot imaging will also be distorted. Furthermore, we evaluate high-density gratings by detecting the near-field distribution with the scanning near-field optical microscopy technique. Experimental results are also given. (c) 2005 Optical Society of America.