Marine Minier

Sosemanuk, a Fast Software-Oriented Stream Cipher

Sosemanuk is a new synchronous software-oriented stream cipher, corresponding to Profile 1 of the ECRYPT call for stream cipher primitives. Its key length is variable between 128 and 256 bits. It accommodates a 128-bit initial value. Any key length is claimed to achieve 128-bit security. The Sosemanuk cipher uses both some basic design principles from the stream cipher SNOW 2.0 and some transformations derived from the block cipher SERPENT. Sosemanuk aims at improving SNOW 2.0 both from the security and from the efficiency points of view. Most notably, it uses a faster IV-setup procedure. It also requires a reduced amount of static data, yielding better performance on several architectures.

Distinguishers for Ciphers and Known Key Attack against Rijndael with Large Blocks

Knudsen and Rijmen introduced the notion of known-key distinguishers in an effort to view block cipher security from an alternative perspective e.g. a block cipher viewed as a primitive underlying some other cryptographic construction such as a hash function; and applied this new concept to construct a 7-round distinguisher for the AES and a 7-round Feistel cipher. In this paper, we give a natural formalization to capture this notion, and present new distinguishers that we then use to construct known-key distinguishers for Rijndael with Large Blocks up to 7 and 8 rounds.

Resiliency of wireless sensor networks: Definitions and analyses

This paper considers security in wireless sensor networks (WSNs), focusing at the routing layer. We propose to analyze the behavior of some routing protocols according to attacks stemming from compromised nodes. Such malicious nodes could disrupt the routing functionality (node replication, Sybil attacks or Black-Grey-Sink holes). For such adversary models traditional cryptographic solutions are not enough by themselves but need to be completed by algorithmic solutions considering “beyond cryptography” approaches. Emphasizing internal attacks, with security features of routing in mind, we define the resiliency as the ability of a network to continue to operate in presence of k compromised nodes, i.e. the capacity of a network to endure and overcome internal attacks. In this context, we analyze four particular routing protocols (DSR, Gradient based, Greedy forwarding and Random walk routing). Using intensive simulations, we test their resiliency in presence of several compromised nodes in several adversary models.

Detecting wormhole attacks in wireless networks using local neighborhood information

Wormhole attacks enable an attacker with limited resources and no cryptographic material to disrupt wireless networks. In a wormhole attack, an attacker records packets (or bits) at one location in the network, tunnels them (possibly selectively) to another location and retransmits them there into the network. In this paper, we present an algorithm for detecting and thus defending against wormhole attacks in wireless multi-hop networks. This algorithm uses only local and neighborhood information without requiring clock synchronization, location information or dedicated hardware. Moreover, the algorithm is independent of wireless communication models. We present simulation results for grid-like topologies and for random topologies and show that the algorithm is able to detect wormhole attacks in all cases whereas the number of false alarms (false detections) decreases rapidly if the network is sufficiently dense.

Survey and benchmark of stream ciphers for wireless sensor networks

For security applications in wireless sensor networks (WSNs), choosing best algorithms in terms of energy-efficiency and of small-storage requirements is a real challenge because the sensor networks must be autonomous. In [22], the authors have benchmarked on a dedicated platform some block-ciphers using severalmodes of operations and have deduced the best block cipher to use in the context of WSNs. This article proposes to study on a dedicated platform of sensors some stream ciphers. First, we sum-up the security provided by the chosen stream ciphers (especially the ones dedicated to software uses recently proposed in the European Project Ecrypt, workpackage eStream [27]) and presents some implementation tests performed on the platform [16].

Improving integral attacks against Rijndael-256 up to 9 rounds

Rijndael is a block cipher designed by V. Rijmen and J. Daemen and it was chosen in its 128-bit block version as AES by the NIST in October 2000. Three key lengths - 128, 192 or 256 bits - are allowed. In the original contribution describing Rijndael [4], two other versions have been described: Rijndael-256 and Rijndael-192 that respectively use plaintext blocks of length 256 bits and 192 bits under the same key lengths and that have been discarded by the NIST. This paper presents an efficient distinguisher between 4 inner rounds of Rijndael- 256 and a random permutation of the blocks space, by exploiting the existence of semi-bijective and Integral properties induced by the cipher. We then present three attacks based upon the 4 rounds distinguisher against 7, 8 and 9 rounds versions of Rijndael-256 using the extensions proposed by N. ferguson et al. in [6]. The best cryptanalysis presented here works against 9 rounds of Rijndael-256 under a 192-bit key and requires 2128 - 2119 chosen plaintexts and 2188 encryptions.

Extended Generalized Feistel Networks Using Matrix Representation

While Generalized Feistel Networks have been widely studied in the literature as a building block of a block cipher, we propose in this paper a unified vision to easily represent them through a matrix representation. We then propose a new class of such schemes called Extended Generalized Feistel Networks well suited for cryptographic applications. We instantiate those proposals into two particular constructions and we finally analyze their security.

Hierarchical Node Replication Attacks Detection in Wireless Sensor Networks

Wireless sensor networks (WSNs) are composed of numerous low-cost, low-power sensor nodes communicating at short distance through wireless links. Sensors are densely deployed to collect and transmit data of the physical world to one or few destinations called the sinks. Because of open deployment in hostile environment and the use of low-cost materials, powerful adversaries could capture them to extract sensitive information (encryption keys, identities, addresses, etc.). When nodes may be compromised, “beyond cryptography” algorithmic solutions must be envisaged to complement the cryptographic solutions. This paper addresses the problem of nodes replication; that is, an adversary captures one or several nodes and inserts duplicated nodes at any location in the network. If no specific detection mechanisms are established, the attacker could lead many insidious attacks. In this work, we first introduce a new hierarchical distributed algorithm for detecting node replication attacks using a Bloom filter mechanism and a cluster head selection (see also Znaidi et al. (2009)). We present a theoretical discussion on the bounds of our algorithm. We also perform extensive simulations of our algorithm for random topologies, and we compare those results with other proposals of the literature. Finally, we show the effectiveness of our algorithm and its energy efficiency.

A related key impossible differential attack against 22 rounds of the lightweight block cipher LBlock

LBlock is a new lightweight block cipher proposed by Wu and Zhang (2011) [12] at ACNS 2011. It is based on a modified 32-round Feistel structure. It uses keys of length 80 bits and message blocks of length 64 bits. In this letter, we examine the security arguments given in the original article and we show that we can improve the impossible differential attack given in the original article on 20 rounds by constructing a 22-round related key impossible differential attack that relies on intrinsic weaknesses of the key schedule. This attack has a complexity of 2^7^0 cipher operations using 2^4^7 plaintexts. This result was already published in Minier and Naya-Plasencia (2011) [9].

Some Results on FCSR Automata With Applications to the Security of FCSR-Based Pseudorandom Generators

This article describes new theoretical results concerning the general behavior of a feedback with carry shift register (FCSR) automaton. They help to better understand how the initial parameters must be chosen to use this automaton as a basic block of a filtered stream cipher. These results especially concern the structure of the transition graph of an FCSR automaton and the number of iterations of the FCSR transition function required to reach the main part of the graph. A potential linear weakness and a easy way to prevent the corresponding attack are also given.