Renato Menicocci

Towards the Certification of Cloud Services

The need of a certification process for cloud-based services is emerging as a way to address some of the remaining obstacles facing the effective development and diffusion of the cloud-computing paradigm. In this paper we move the first steps towards a complete approach containing a conceptual framework where the specifications of basic, hybrid and incremental certification models for cloud-based services can be given. Specifically, we focus on the definition of a unifying meta-model to provide representational guidelines for (i) the definition of the security properties to be certified, (ii) the types of evidence underlying them, (iii) the phases of the certificate life cycle, as well as of all mechanisms for generating supporting evidence.

Correlation Analysis of the Alternating Step Generator

The alternating step generator is a well-known keystream generator consisting of two stop/go clocked LFSRs, LFSR1 and LFSR2, whose clocks are controlled by another LFSR, LFSR3, which is clocked regularly. A probabilistic analysis of this generator is conducted which shows that the posterior probabilites of individual bits of the first derivatives of the regularly clocked LFSR1 and LFSR2 sequences, when conditioned on a given segment of the first derivative of the keystream sequence, can be computed efficiently in a number of probabilistic models of interest. The expected values of these probabilities, for a random keystream sequence, are derived by an approximate theoretical analysis and are also verified by systematic computer experiments. It is pointed out that these posterior probabilities can be enhanced in a resynchronization scenario and thus used for a low-complexity fast correlation attack on the two LFSRs. More generally, it is argued that even without resynchronization these probabilities may be significantly different from one half for fast correlation attacks based on iterative decoding algorithms to be successful, although with incresead complexity. A related method for computing the posterior probabilities of individual bits of the LFSR3 sequence, when conditioned on both the keystream sequence and the LFSR1 and LFSR2 sequences, is also developed. As these posterior probabilities are much more different from one half, they can be used for a low-complexity fast correlation attack on LFSR3, provided that the initial states of LFSR1 and LFSR2 are previously reconstructed.

Edit Probability Correlation Attack on the Alternating Step Generator

Given an edit transformation defined by the stop/go clocking in the alternating step generator, an edit probability for two binary strings of appropriate lengths is proposed. corresponds alternating An efficient recursive algorithm for the edit probability computation is derived. It is pointed out how this edit probability can be used to mount a statistically optimal correlation attack on each of the clock-controlled shift registers individually. By estimating the underlying false alarm probability, it is shown that the minimum output sequence length required to be known for a successful attack is linear in the length of the respective shift register. This is illustrated by experimental attacks on relatively short shift registers.

Edit Probability Correlation Attacks on Stop/ Go Clocked Keystream Generators

Abstract. Divide-and-conquer correlation attacks on the alternating step generator, the bilateral stop/ go generator, and the alleged A5 generator are proposed. They are based on appropriately defined edit probabilities incorporating the stop/ go clocking in these generators. Recursive algorithms for the efficient computation of the edit probabilities are derived. It is shown how the edit probabilities can be used to mount statistically optimal correlation attacks on the corresponding subsets of stop/ go clocked shift registers. By using a statistical hypothesis testing method for estimating the underlying false alarm probability, it is argued that the minimum output sequence length required to be known for a successful attack is linear in the total length of the targeted shift registers. This is illustrated by experimental attacks on the alternating step generator and the bilateral stop/ go generator composed of relatively short shift registers.

Statistical distinguishers for irregularly decimated linear recurring sequences

A clock-controlled linear feedback shift register (LFSR) is a simple keystream generator consisting of an LFSR whose clock is controlled by another LFSR so that the output is an irregularly decimated LFSR sequence. Statistical distinguishers for keystream generators are algorithms whose objective is to distinguish the keystream sequence from a purely random sequence. Previously proposed statistical distinguishers for clock-controlled LFSRs are based on detecting binary linear relations in the keystream sequence that hold with a probability sufficiently different from one half. In this paper, a novel approach based on the correlation analysis of clock-controlled LFSRs is introduced. It significantly reduces the required computation time and essentially consists of a probabilistic reconstruction of bits in the regularly clocked LFSR sequence that satisfy the LFSR recurrence or any linear recurrence derived from low-weight multiples of the LFSR characteristic polynomial. The keystream sequence length and the computation time required for a reliable statistical distinction are analyzed both theoretically and experimentally. The new approach shows that there is no need to deal with the majority bits of blocks of LFSR bits as proposed recently. If individual bits or blocks of bits are considered instead, then the underlying probabilities can be computed theoretically instead of heuristically, which in turn allows a simple and general theoretical analysis of the keystream sequence length required

A systematic attack on clock controlled cascades

Cascades of clock controlled shift registers play an important role in the design of pseudorandom generators for stream cipher cryptography. In this paper, an attack for breaking a kind of such cascades is presented.

Edit Distance Correlation Attack on the Alternating Step Generator

A novel edit distance between two binary input strings and one binary output string of appropriate lengths which incorporates the stop/go clocking in the alternating step generator is introduced. An efficient recursive algorithm for the edit distance computation is derived. The corresponding correlation attack on the two stop/go clocked shift registers is then proposed. By systematic computer simulations, it is shown that the minimum output segment length required for a successful attack is linear in the total length of the two stop/go clocked shift registers. This is verified by experimental attacks on relatively short shift registers.

Advanced security service certificate for SOA : certified services go digital!

Service-oriented architectures (SOA) constitute a major architectural style for large-scale infrastructures and applications built from loosely-coupled services and subject to dynamic configuration, operation and evolution. They are the structuring principle of a multitude of applications and the enabling technology for recent software paradigms like Mashup or SaaS.

Computation of Edit Probabilities and Edit Distances for the A5-Type Keystream Generator

Several edit probabilities and edit distances incorporating the stop/go clocking in the well-known A5-type keystream generator are proposed. Recursive algorithms for their efficient computation are derived. It is shown how the edit probabilities can be used to mount statistically optimal correlation attacks on any two of the three stop/go clocked shift registers. By using a method for estimating the underlying false alarm probability, it is argued that the minimum output sequence length required to be known for a successful attack is linear in the total length of the respective shift registers.

Edit Probability Correlation Attack on the Bilateral Stop/Go Generator

Given an edit transformation defined by the stop/go clocking in the bilateral stop/go generator, an edit probability for two binary strings of appropriate lengths is proposed. An efficient recursive algorithm for the edit probability computation is derived. It is pointed out how this edit probability can be used to mount a correlation attack on one of two clock-controlled shift registers. By estimating the underlying false alarm probability, it is shown that the minimum output sequence length required to be known for a successful attack is linear in the length of the shift register. This is illustrated by experimental correlation attacks on relatively short shift registers.