Matthew Henricksen

Bit-Pattern Based Integral Attack

Integral attacks are well-known to be effective against byte-based block ciphers. In this document, we outline how to launch integral attacks against bit-based block ciphers. This new type of integral attack traces the propagation of the plaintext structure at bit-level by incorporating bit-pattern based notations. The new notation gives the attacker more details about the properties of a structure of cipher blocks. The main difference from ordinary integral attacks is that we look at the pattern the bits in a specific position in the cipher block has through the structure. The bit-pattern based integral attack is applied to Noekeon, Serpent and present reduced up to 5, 6 and 7 rounds, respectively. This includes the first attacks on Noekeon and present using integral cryptanalysis. All attacks manage to recover the full subkey of the final round.

Dragon: a fast word based stream cipher

This paper presents Dragon, a new stream cipher constructed using a single word based non-linear feedback shift register and a non-linear filter function with memory. Dragon uses a variable length key and initialisation vector of 128 or 256 bits, and produces 64 bits of keystream per iteration. At the heart of Dragon are two highly optimised 8 × 32 s-boxes. Dragon uses simple operations on 32-bit words to provide a high degree of efficiency in a wide variety of environments, making it highly competitive when compared with other word based stream ciphers. The components of Dragon are designed to resist all known attacks.

A novel use of RBAC to protect privacy in distributed health care information systems

This paper examines the access control requirements of distributed health care information networks. Since the electronic sharing of an individuals personal health information requires their informed consent, health care information networks need an access control framework that can capture and enforce individual access policies tailored to the specific circumstances of each consumer. Role Based Access Control (RBAC) is examined as a candidate access control framework. While it is well suited to the task in many regards, we identify a number of shortcomings, particularly in the range of access policy expression types that it can support. For efficiency and comprehensibility, access policies that grant access to a broad range of entities whilst explicitly denying it to subgroups of those entities need to be supported in health information networks. We argue that RBAC does not support policies of this type with sufficient flexibility and propose a novel adaptation of RBAC principles to address this shortcoming. We also describe a prototype distributed medical information system that embodies the improved RBAC model.

EPCBC: a block cipher suitable for electronic product code encryption

In this paper, we present EPCBC, a lightweight cipher that has 96-bit key size and 48-bit/96-bit block size. This is suitable for Electronic Product Code (EPC) encryption, which uses low-cost passive RFID-tags and exactly 96 bits as a unique identifier on the item level. EPCBC is based on a generalized PRESENT with block size 48 and 96 bits for the main cipher structure and customized key schedule design which provides strong protection against related-key differential attacks, a recent class of powerful attacks on AES. Related-key attacks are especially relevant when a block cipher is used as a hash function. In the course of proving the security of EPCBC, we could leverage on the extensive security analyses of PRESENT, but we also obtain new results on the differential and linear cryptanalysis bounds for the generalized PRESENT when the block size is less than 64 bits, and much tighter bounds otherwise. Further, we analyze the resistance of EPCBC against integral cryptanalysis, statistical saturation attack, slide attack, algebraic attack and the latest higher-order differential cryptanalysis from FSE 2011 [11]. Our proposed cipher would be the most efficient at EPC encryption, since for other ciphers such as AES and PRESENT, it is necessary to encrypt 128-bit blocks (which results in a 33% overhead being incurred). The efficiency of our proposal therefore leads to huge market implications. Another contribution is an optimized implementation of PRESENT that is smaller and faster than previously published results.

Strengthening the Key Schedule of the AES

In this paper we present practical guidelines for designing secure block cipher key schedules. In particular we analyse the AES key schedule and discuss its security properties both from a theoretical viewpoint, and in relation to published attacks exploiting weaknesses in its key schedule. We then propose and analyse an efficient and more secure key schedule.

Comments on "Analysis and Improvement of a Secure and Efficient Handover Authentication Based on Bilinear Pairing Functions"

Usually the main primitive in building a secure wireless authentication is a cryptographic algorithm, such as digital signature scheme. He et al. proposed a handover authentication protocol in [1] (IEEE Trans. Wireless Commun., vol. 11, no. 1, 2011) and a distributed reprogramming protocol in [3] (IEEE Trans. Ind. Electron., vol. 59, no. 11, 2012) for wireless networks. Both protocols are based on an identity-based signature scheme which is claimed to be secure yet efficient. Very recently, He et al. pointed out that such a signature scheme is vulnerable to the key compromised problem. They proposed a simple modification to fix this problem without losing the efficiency and security of the scheme in both [2] (IEEE Commun. Lett., vol. 16, no. 8, 2012) and [4] (IEEE Trans. Ind. Electron., to appear). In this letter, we show that the proposed modification remains vulnerable to the key compromised problem.

Side-channel analysis of the K2 stream cipher

In this paper we provide the first side-channel analysis of the K2 stream cipher. K2 is a fast and secure stream cipher built upon the strengths of SNOW 2.0. We apply timing attacks, power analysis, and differential fault analysis to K2. We show that naively implemented K2 is vulnerable to cache-timing attacks, and describe how to implement efficient countermeasures to protect K2 against side-channel attacks in hardware and software.

Tiny Dragon - An Encryption Algorithm for Wireless Sensor Networks

Information security is an essential consideration of any distributed network. However, security primitives that provide encryption and authentication are not always suitable for resource-constrained devices, such as the nodes on a wireless sensor network. Here we present a specification for a symmetric cipher especially designed for a wireless sensor network. We build upon the work of Dawson et. al [3] in their general purpose cipher Dragon and on Lim et al. [6] who provided a Dragon-based authentication component for wireless sensor networks. Dragons internal state is quite large and unsuitable for constrained devices, and the authentication component works only for very short messages. We present Tiny Dragon, a cipher that uses an 80-bit key in conjunction with a 34-byte state to provide joint encryption and authentication for messages of any length. Compared to Dragon, Tiny Dragon has a greatly reduced implementation footprint, improved per-bit security and is more suitable for deployment in hardware and software. We provide a short security analysis to provide confidence in the algorithm.

Using Recoverable Key Commitment to Defend Against Truncation Attacks in Mobile Agents

Protection of data integrity in mobile agents has drawn much attention in recent years. Various degrees of agent data integrity have been achieved by a number of proposed schemes. A known vulnerability of these published techniques is the truncation attack. In the truncation attack, either two visited hosts collude to discard the partial results collected between their respective visits, or one revisited server deletes all entries between its two visits. In this paper we propose a “recoverable key commitment” technique to effectively defend against the truncation attack. It also prevents other known attacks such as modification, insertion and deletion.

AES variants secure against related-key differential and boomerang attacks

In this paper, we present a framework for protection against the recent related-key differential and boomerang attacks on AES by Biryukov et al. Then we study an alternative AES key schedule proposed by May et al. at ACISP 2002 as a possible candidate to protect against these related key attacks. We find that there exist equivalent keys for this key schedule and in response, we propose an improvement to overcome this weakness. We proceed to prove, using our framework, that our improved May et al.s key schedule is secure against relatedkey differential and boomerang attacks. Since May et al.s key schedule is not on-the-fly (which is a requirement for some hardware implementations), we propose an on-the-fly AES key schedule that is resistant against related-key differential and boomerang attacks.