Jianyong Huang

On the internal structure of ALPHA-MAC

Alpha-MAC is a MAC function which uses the building blocks of AES. This paper studies the internal structure of this new design. First, we provide a method to find second preimages based on the assumption that a key or an intermediate value is known. The proposed searching algorithm exploits the algebraic properties of the underlying block cipher and needs to solve eight groups of linear functions to find a second preimage. Second, we show that our idea can also be used to find internal collisions under the same assumption. We do not make any claims that those findings in any way endanger the security of this MAC function. Our contribution is showing how algebraic properties of AES can be used for analysis of this MAC function.

Security analysis of michael: the IEEE 802.11i message integrity code

The latest IEEE 802.11i uses a keyed hash function, called Michael, as the message integrity code. This paper describes some properties and weaknesses of Michael. We provide a necessary and sufficient condition for finding collisions of Michael. Our observation reveals that the collision status of Michael only depends on the second last block message and the output of the block function in the third last round. We show that Michael is not collision-free by providing a method to find collisions of this keyed hash function. Moreover, we develop a method to find fixed points of Michael. If the output of the block function in any round is equal to any of these fixed points, a packet forgery attack could be mounted against Michael. Since the Michael value is encrypted by RC4, the proposed packet forgery attack does not endanger the security of the whole TKIP system.

Personal firewall for Pocket PC 2003: design & implementation

Personal digital assistants (PDAs) are widely used and becoming indispensable tools of everyday life. Wired or wireless connection enables PDA users to connect to the Internet from any place, making security an extremely important issue in a pervasive computing environment. This paper investigates how to build a personal firewall for PDAs running Pocket PC 2003. This personal firewall allows the PDA user to perform access control based on a user-defined policy, and hence provides a security perimeter between the public network and the PDA. We provide a complete technical detail on how the firewall can be built in a Pocket PC 2003 device. To the best of our knowledge, this is the first design and implementation of personal firewalls for Pocket PC 2003 device which is explicit, open source and successfully implemented in any Pocket PC 2003 compatible devices, including HP iPaq H5550 and XDA2 02 smart phone.

Repeated Differential Properties of the AES-128 and AES-256 Key Schedules

In this paper, we further study the key schedule of the AES algorithm and present some repeated differential properties of the AES-128 and AES-256 key schedules. We define the concept of repeated differential pattern for the AES-128 key schedule, and the notion of double-sized repeated differential pattern for the AES-256 key schedule. We show that if we use the key schedule to expand two 128-bit (or 256-bit) secret keys with the repeated differential pattern (or double-sized repeated differential pattern), the resultant 10-round (or 14-round) sub keys have a large number of bytes in common and the differential pattern has strong repeated features.

A Five-Round Algebraic Property of the Advanced Encryption Standard

This paper presents a five-round algebraic property of theAdvanced Encryption Standard (AES). In the proposed property, wemodify twenty bytes from five intermediate values at some fixedlocations in five consecutive rounds, and we show that after fiverounds of operations, such modifications do not change theintermediate result and finally still produce the same ciphertext.We introduce an algorithm named Δ, and the algorithmaccepts a plaintext and a key as two inputs and outputs twentybytes, which are used in the five-round property. We demonstratethat the Δalgorithm has 20 variants for AES-128, 28variants for AES-192 and 36 variants for AES-256. By employing theΔalgorithm, we define a modified version of the AESalgorithm, the ΔAES. The ΔAES callsthe Δalgorithm to generate twenty bytes, and usesthese twenty bytes to modify the AES round keys. TheΔAES employs the same key scheduling algorithm,constants and round function as the AES. For a plaintext and a key,the AES and the ΔAES produce the sameciphertext.

A five-round algebraic property of AES and its application to the ALPHA-MAC

We present a five-round algebraic property of the advanced encryption standard (AES), and we show that this algebraic property can be used to analyse the internal structure of ALPHA-MAC whose underlying block cipher is AES. In the proposed property, we modify 20 bytes from five intermediate values at some fixed locations in five consecutive rounds, and we show that after five rounds of operations, such modifications do not change the intermediate result and finally, still produce the same ciphertext. By employing the proposed five-round algebraic property of AES, we provide a method to find second preimages of the ALPHA-MAC based on the assumption that a key or an intermediate value is known. We also show that our idea can also be used to find internal collisions of the ALPHA-MAC under the same assumption.

Differential fault analysis of LEX

LEX is a stream cipher based on the round transformation of the AES block cipher, and it was selected for the final phase evaluation of the eSTREAM project. LEX is 2.5 times faster than AES both in software and in hardware. In this paper, we present a differential fault attack on LEX. The fault model assumes that the attacker is able to flip a random bit of the internal state of the cipher but cannot control the exact location of the induced fault. Our attack requires 40 faults, and recovers the secret key with 216 operations.