Polynomiální rovnice nad konečnými tělesy a algebraická kryptoanalýza / Polynomial equations over finite fields and algebraic cryptanalysis

Seidl, Jan

January 2014

Title: Polynomial equations over finite fields and algebraic cryptanalysis Author: Jan Seidl Department: Department of Algebra Supervisor: doc. RNDr. David Stanovský, Ph.D., Department of Algebra Abstract: The present work deals with the procedure of algebraic crypta- nalysis, in which the problem of breaking cipher is at first converted to the problem of finding solutions to polynomial systems of equations and then the problem of finding a solution to this equation is converted to the SAT problem. The work specifically describes the methods that allow you to con- vert the problem of breaking cipher RC4 to the SAT problem. The individual methods were programmed in Mathematica programming language and then applied to RC4 with a word length of 2, 3. For finding of satisfiable evaluation of the resulting logical formula was used SAT-solver CryptoMiniSAT. In case of RC4 with word length 2 the solution was reached in the range from 0.09 to 0.34 second. In case of RC4 with word length 3 the solution was reached in the range from 1.10 to 1.23 second. Keywords: RC4, SAT, CryptoMiniSAT 1

RC4; CryptoMiniSAT; SAT

Design and Analysis of RC4-like Stream Ciphers

McKague, Matthew

January 2005

RC4 is one of the most widely used ciphers in practical software applications. In this thesis we examine security and design aspects of RC4. First we describe the functioning of RC4 and present previously published analyses. We then present a new cipher, Chameleon which uses a similar internal organization to RC4 but uses different methods. The remainder of the thesis uses ideas from both Chameleon and RC4 to develop design strategies for new ciphers. In particular, we develop a new cipher, RC4B, with the goal of greater security with an algorithm comparable in simplicity to RC4. We also present design strategies for ciphers and two new ciphers for 32-bit processors. Finally we present versions of Chameleon and RC4B that are implemented using playing-cards.

Mathematics

cryptography

rc4

symmetric cipher

cipher

Design and Analysis of RC4-like Stream Ciphers

McKague, Matthew

January 2005

RC4 is one of the most widely used ciphers in practical software applications. In this thesis we examine security and design aspects of RC4. First we describe the functioning of RC4 and present previously published analyses. We then present a new cipher, Chameleon which uses a similar internal organization to RC4 but uses different methods. The remainder of the thesis uses ideas from both Chameleon and RC4 to develop design strategies for new ciphers. In particular, we develop a new cipher, RC4B, with the goal of greater security with an algorithm comparable in simplicity to RC4. We also present design strategies for ciphers and two new ciphers for 32-bit processors. Finally we present versions of Chameleon and RC4B that are implemented using playing-cards.

Mathematics

cryptography

rc4

symmetric cipher

cipher

Analýza šifrovacích algoritmů ve standardu 802.11 / Analysis of Cryptographic Algorithms 802.11

Vojtíšek, Jindřich

January 2014

This work deals with wireless standard 802.11, primaly about security algorithms used in them. Further there is made analysis of algorithms WEP, WPA and WPA2. This algorithms are described how coding by them works and for easier understandig are added block schemes of their principles. In practical part is realized algorithms WEP, WPA and WPA2 in program Matlab simulink. Model is complemented by graphs which shows how data changes when comming throught this systems.

Encryption of Computer Peripheral Devices

Norman, Kelly Robert

20 March 2006

Computer peripherals, such as keyboards, scanners, printers, cameras, and Personal Data Assistants (PDAs) typically communicate with a host PC via an unencrypted protocol, leaving them vulnerable to eavesdropping techniques, such as keyloggers. An encryption system was developed that is simple enough to be used in peripherals that do not have large amounts of processing power and memory. A software driver loaded in the operating system of the host computer communicates with a simple 8-bit microcontroller in the peripheral device. The driver handles key generation, key exchange, and provides decrypted data to the operating system. A key exchange protocol allows the driver and microcontroller to securely exchange randomly generated keys. The system can function without user intervention, but will alert a user if a non-encrypting or non-authorized peripheral device is detected. The system is designed to be implemented over a variety of interfaces including PS/2, RS-232, TCP/IP over Ethernet, 802.11, and Bluetooth. A demonstration system was built, which encrypts data on the PS/2 bus between a keyboard and the host computer. Several ciphers were considered for use in encryption. The RC4 cipher was selected for encrypting and decrypting the data in a demonstration system because of it's speed and efficiency when working with 8-bit data. The driver and the microcontroller share a hard-coded key, which is used to encrypt a randomly generated session key, in order to provide a secure exchange of the session key. The demonstration system performs well, without introducing enough latency to be noticed by the user, and the microcontroller is idle over 95% of the time, even when a fast typist is using the keyboard.

Encryption

computer peripheral

microcontroller

RC4

Computer Sciences

Construction Engineering and Management

Säkerhet i trådlösa nätverk

Karlsson, Jonas, Ingemannsen, Richard

January 2002

Användandet av trådlösa nätverk ökar med rask takt och blir allt vanligare. Enligt en artikel i Computer Sweden kommer de trådlösa näten att ha 20 miljoner användare om 4 år. Analysföretaget Gartner Group har nyligen gjort en undersökning bland företag, vars syfte var att ta reda på hur stort intresset var för WLAN. Resultatet visade att 50% av företagen funderar på att köpa och installera WLAN-lösningar (Planet Wireless september 2001). Syftet med detta arbete var att beskriva hur den inbyggda krypteringsfunktionen WEP som för Wired Equivalent Privacy fungerar och hur säker den är, dvs hur lätt man kan knäcka krypteringen. Följande frågeställningar har besvarats genom litteraturstudier och ett praktiskt försök: Hur är trådlösa nät uppbyggda? Hur fungerar den inbyggda krypteringen WEP och hur säker är den? Vad kan man göra förutom att använda sig av WEP för att skydda sig mot avlyssning/intrång? Det praktiska försöket bestod av att knäcka WEP-krypterade filer med hjälp av programmet WEPCrack. Resultatet från detta försök visade att det var praktiskt möjligt att få fram den hemliga nyckeln. Vi har fått bekräftat att vårt antagande, ?Baserat på de artiklar och tidningar vi har läst, antar vi att säkerheten i WLAN inte är tillfredsställande och nu vill vi på djupare plan ta reda på hur det ligger till med detta?, stämmer överens med den slutsats vi har kommit fram till. Slutsatsen är att WLAN är osäkra och att WEP går att knäcka. / jcsunset@hotmail.com richard.ingemannsen@swipnet.se

WLAN

trådlösa

WEP

nät

RC4

IV

kryptering

säkerhet

WEPCrack

Computer Sciences

Datavetenskap (datalogi)

Network Security for Embedded Systems

Lessner, Dirk

Unknown Date

It is widely recognised that security is a concern in the design of a wide range of embedded systems. However, security for embedded systems remains an unsolved problem, which could create greater challenges in the future than security for mainstream computers today. The promise of universal connectivity for embedded systems creates increased possibilities for malicious users to gain unauthorised access to sensitive information. All modern security protocols use private-key and public-key algorithms. This thesis investigates three important cryptography algorithms (RC4, AES, and RSA) and their relevance to networked embedded systems. Limitations in processing power, battery life, communication bandwidth, memory and costs constrain the applicability of existing cryptography standards for small embedded devices. A mismatch between wide arithmetic for security (32 bit word operations) and embedded data bus widths (often only 8 or 16 bits) combined with a lack of certain operations (e. g., multi precision arithmetic) highlight a gap in the domain of networked embedded systems security. The aim of this thesis is to find feasible security solutions for networked embedded system applications. The above mentioned cryptography algorithms have been ported to three hardware platforms (Rabbit RCM3000, Xilinx Virtex 4 FPGA with MicroBlaze softcore, and a Linux desktop machine) in order to simulate several real world scenarios. Three applications – bidirectional transmission with encryption and decryption for various payload length, unidirectional transmission with very short payload, and encrypted data streaming – were developed to meet the simulation requirements. Several timing results were collected and used for calculating the achieved throughput. The Rabbit hardware platform, which represents the lower end in this thesis, was able to perform the RC4 crypto algorithm with a throughput of about 155 kbit/s. Thus the RC4 crypto algorithm was proven to outperform the AES crypto algorithm by a factor of 5, with AES achieving a throughput of about 32 kbit/s with the same hardware platform. The throughput was similar with the streaming application and UDP data transport. Without performing a cryto algorithm, the streaming application was able to process up to 1.5 Mbit/s. RSA was not implemented on the Rabbit hardware platform. The MicroBlaze hardware platform outperformed the Rabbit system by a factor of 5 – 10. It reached a throughput up to 1.5 Mbit/s with RC4 and up to 130 kbit/s with AES. The RSA algorithm reached up to 0.8 kbit/s on this hardware platform, showing that public-key ciphers are only suitable for short payload data, such as the exchange of a session key. The Linux machine was included in this test only to provide a reference to a non embedded system. The Linux performance was better than the MicroBlaze system by a factor of between 67 – 770, and better than the Rabbit platform by a factor of between 645 – 3125. Both the RC4 and the AES crypto algorithm reached a throughput of up to 100 Mbit/s on the Linux machine, with a throughput of up to 130 kbit/s reached with RSA. Hence, the Rabbit platform combined with the RC4 algorithm is suitable, for example, for MP3 streams with up to 150 kbit/s. The Rabbit platform with the AES algorithm could be used for low quality audio streams, for example for speech announcements. If a higher throughput is required, for example for video streams, the MicroBlaze could be an appropriate platform with throughput of up to 1.5 Mbit/s. Low cost embedded systems like Atmel AVR are not suitable for processing cipher algorithms developed in C. It is widely recommended that assembly language is used to develop such platforms.

Embedded Systems

Rabbit

MicroBlaze

Xilinx

FPGA

Cryptography

Cipher Algorithm

AES

RSA

RC4

Linux

C

C#

Assembly Language

.NET

Applications of finite field computation to cryptology : extension field arithmetic in public key systems and algebraic attacks on stream ciphers

Wong, Kenneth Koon-Ho

January 2008

In this digital age, cryptography is largely built in computer hardware or software as discrete structures. One of the most useful of these structures is finite fields. In this thesis, we explore a variety of applications of the theory and applications of arithmetic and computation in finite fields in both the areas of cryptography and cryptanalysis. First, multiplication algorithms in finite extensions of prime fields are explored. A new algebraic description of implementing the subquadratic Karatsuba algorithm and its variants for extension field multiplication are presented. The use of cy- clotomic fields and Gauss periods in constructing suitable extensions of virtually all sizes for efficient arithmetic are described. These multiplication techniques are then applied on some previously proposed public key cryptosystem based on exten- sion fields. These include the trace-based cryptosystems such as XTR, and torus- based cryptosystems such as CEILIDH. Improvements to the cost of arithmetic were achieved in some constructions due to the capability of thorough optimisation using the algebraic description. Then, for symmetric key systems, the focus is on algebraic analysis and attacks of stream ciphers. Different techniques of computing solutions to an arbitrary system of boolean equations were considered, and a method of analysing and simplifying the system using truth tables and graph theory have been investigated. Algebraic analyses were performed on stream ciphers based on linear feedback shift registers where clock control mechanisms are employed, a category of ciphers that have not been previously analysed before using this method. The results are successful algebraic attacks on various clock-controlled generators and cascade generators, and a full algebraic analyses for the eSTREAM cipher candidate Pomaranch. Some weaknesses in the filter functions used in Pomaranch have also been found. Finally, some non-traditional algebraic analysis of stream ciphers are presented. An algebraic analysis on the word-based RC4 family of stream ciphers is performed by constructing algebraic expressions for each of the operations involved, and it is concluded that each of these operations are significant in contributing to the overall security of the system. As far as we know, this is the first algebraic analysis on a stream cipher that is not based on linear feedback shift registers. The possibility of using binary extension fields and quotient rings for algebraic analysis of stream ciphers based on linear feedback shift registers are then investigated. Feasible algebraic attacks for generators with nonlinear filters are obtained and algebraic analyses for more complicated generators with multiple registers are presented. This new form of algebraic analysis may prove useful and thereby complement the traditional algebraic attacks. This thesis concludes with some future directions that can be taken and some open questions. Arithmetic and computation in finite fields will certainly be an important area for ongoing research as we are confronted with new developments in theory and exponentially growing computer power.

Bezpečnost bezdrátových počítačových sítí / Security of wireless computer networks

Jelínek, Martin

January 2010

The master's thesis deals with the issue of Wireless Local Area Network (WLAN) from the viewpoint of the security and functional principle of security mechanisms. The transition to the issue concerning the security is accompanied by the methods of wireless data transmission operating on the level of physical layer (FHSS, DSSS, OFDM, MIMO), which is followed by the summary of individual 802.11 standards. The next part deals with the issue of shared transmission medium (CSMA/CA), influence of interference and correcting mechanisms (RTS/CTS). Within the security, the principles of the authentication along with the commonly used methods of security (WEP, WPA, WPA2) are described in detail. The first part concerning security deals with the security in the form of the WEP protocol, which is considered insufficient nowadays and points out the imperfect implementation and the consequent risks. The following part describes the security in the form of WPA which eliminates the implementation weaknesses of the previous WEP security protocol. The description of commonly used mechanisms of authentication (PSK, 802.1x), required temporary key management (PTK, GTK), data integrity (MIC) and encryption which uses TKIP protocol are also included. The last part, possible WLAN security, is aimed at the full support of 802.11i standard, which is called WPA2 (sometimes RSN). That part describes the basic encryption security element CCMP, which is based on the AES block cipher modes. The practical part of the thesis deals with the security verification of current wireless networks. In the process of verification the accessible HW means and programming tools of Open Source Software (OSS) are used. By means of verification it has been pointed out that there are possible security risks resulting from the security method which has been used. Also several recommendations how to reduce the security risks of the used method to minimum are mentioned.

Design, Implementation and Cryptanalysis of Modern Symmetric Ciphers

Henricksen, Matthew

January 2005

The main objective of this thesis is to examine the trade-offs between security and efficiency within symmetric ciphers. This includes the influence that block ciphers have on the new generation of word-based stream ciphers. By incorporating block-cipher like components into their designs, word-based stream ciphers have experienced hundreds-fold improvement in speed over bit-based stream ciphers, without any observable security degradation. The thesis also emphasizes the importance of keying issues in block and stream ciphers, showing that by reusing components of the principal cipher algorithm in the keying algorithm, security can be enhanced without loss of key-agility or expanding footprint in software memory. Firstly, modern block ciphers from four recent cipher competitions are surveyed and categorized according to criteria that includes the high-level structure of the block cipher, the method in which non-linearity is instilled into each round, and the strength of the key schedule. In assessing the last criterion, a classification by Carter [45] is adopted and modified to improve its consistency. The classification is used to demonstrate that the key schedule of the Advanced Encryption Standard (AES) [62] is surprisingly flimsy for a national standard. The claim is supported with statistical evidence that shows the key schedule suffers from bit leakage and lacks sufficient diffusion. The thesis contains a replacement key schedule that reuses components from the cipher algorithm, leveraging existing analysis to improve security, and reducing the cipher's implementation footprint while maintaining key agility. The key schedule is analyzed from the perspective of an efficiency-security tradeoff, showing that the new schedule rectifies an imbalance towards e±ciency present in the original. The thesis contains a discussion of the evolution of stream ciphers, focusing on the migration from bit-based to word-based stream ciphers, from which follows a commensurate improvement in design flexibility and software performance. It examines the influence that block ciphers, and in particular the AES, have had upon the development of word-based stream ciphers. The thesis includes a concise literature review of recent styles of cryptanalytic attack upon stream ciphers. Also, claims are refuted that one prominent word-based stream cipher, RC4, suffers from a bias in the first byte of each keystream. The thesis presents a divide and conquer attack against Alpha1, an irregularly clocked bit-based stream cipher with a 128-bit state. The dominating aspect of the divide and conquer attack is a correlation attack on the longest register. The internal state of the remaining registers is determined by utilizing biases in the clocking taps and launching a guess and determine attack. The overall complexity of the attack is 261 operations with text requirements of 35,000 bits and memory requirements of 2 29.8 bits. MUGI is a 64-bit word-based cipher with a large Non-linear Feedback Shift Register (NLFSR) and an additional non-linear state. In standard benchmarks, MUGI appears to su®er from poor key agility because it is implemented on an architecture for which it is not designed, and because its NLFSR is too large relative to the size of its master key. An unusual feature of its key initialization algorithm is described. A variant of MUGI, entitled MUGI-M, is proposed to enhance key agility, ostensibly without any loss of security. The thesis presents a new word-based stream cipher called Dragon. This cipher uses a large internal NLFSR in conjunction with a non-linear filter to produce 64 bits of keystream in one round. The non-linear filter looks very much like the round function of a typical modern block cipher. Dragon has a native word size of 32 bits, and uses very simple operations, including addition, exclusive-or and s-boxes. Together these ensure high performance on modern day processors such as the Intel Pentium family. Finally, a set of guidelines is provided for designing and implementing symmetric ciphers on modern processors, using the Intel Pentium 4 as a case study. Particular attention is given to understanding the architecture of the processor, including features such as its register set and size, the throughput and latencies of its instruction set, and the memory layouts and speeds. General optimization rules are given, including how to choose fast primitives for use within the cipher. The thesis describes design decisions that were made for the Dragon cipher with respect to implementation on the Intel Pentium 4. Block Ciphers, Word-based Stream Ciphers, Cipher Design, Cipher Implementa- tion, -

Block Ciphers

Word-based Stream Ciphers

Cipher Design

Cipher Implementation

Cryptanalysis

Key Schedule Classifcation

Key Agility

Advanced Encryption Standard

RC4

Alpha1

MUGI

Dragon

Correlation Attacks

Divide and Conquer Attacks

Intel Pentium 4