New mobile phone algorithms a real world story
|
|
- Rudolph Young
- 5 years ago
- Views:
Transcription
1 New mobile phone algorithms a real world story Steve Babbage 17 February LTE algorithms, for SKEW 2011 C1 - Unrestricted
2 Standards groups 2 LTE algorithms, for SKEW 2011 C1 - Unrestricted
3 First generation 3 LTE algorithms, for SKEW 2011 C1 - Unrestricted
4 GSM security architecture SIM Visited network Home network Authentication and cipher key generation algorithm A3/A8 RAND K i AKA RAND RAND RAND, XRES, K C XRES K C K i AKA RES K C K C RES RES = XRES? Encryption algorithm A5 ENCRYPT USING K C 4 LTE algorithms, for SKEW 2011 C1 - Unrestricted
5 GSM security limitations > Key length > One-way authentication > Unprotected signalling > A5/1, A5/2 5 LTE algorithms, for SKEW 2011 C1 - Unrestricted
6 UMTS security architecture (slightly simplified) SIM Visited network Home network RAND K XRES MAC AKA SQN CK IK Check SQN Check MAC CK, IK Authentication and key agreement algorithm f1 f5 RAND, SQN, MAC RES ENCRYPT USING CK INTEGRITY PROTECT USING IK RAND, XRES, CK, IK, SQN, MAC RES = XRES? RAND K XRES MAC AKA SQN CK IK Encryption algorithm UEA, integrity algorithm UIA 6 LTE algorithms, for SKEW 2011 C1 - Unrestricted
7 First UMTS algorithms, UEA1 / UIA1 KASUMI (CK ) BLKCTR = 1 BLKCTR = 2 BLKCTR = n A BLKCTR = 0 KASUMI (CK) KASUMI (CK) KASUMI (CK) KASUMI (CK) A5/3 UEA1 (but 64-bit key) First 64 bits Second 64 bits Third 64 bits Last 64 bits KASUMI (IK) KASUMI (IK) KASUMI (IK) KASUMI (IK) KASUMI (IK ) MAC (left 32 bits) 7 LTE algorithms, for SKEW 2011 C1 - Unrestricted
8 Image from So now we can replace A5/1 with A5/3 8 LTE algorithms, for SKEW 2011 C1 - Unrestricted
9 Second UMTS algorithms, UEA2 / UIA2 > SNOW 3G Why not AES? Why not SNOW 2.0? 9 LTE algorithms, for SKEW 2011 C1 - Unrestricted
10 LTE security architecture (part 1) SIM Visited network Home network Authentication and key agreement algorithm f1 f5 RAND K AKA SQN RAND K AKA SQN RAND, SQN, MAC RAND, XRES, CK, IK, SQN, MAC, K ASME XRES MAC CK IK XRES MAC CK IK Check SQN Check MAC CK, IK RES PLMN ID RES = XRES? PLMN ID K ASME K ASME 10 LTE algorithms, for SKEW 2011 C1 - Unrestricted
11 GSM security limitations > Key length > One-way authentication > Unprotected signalling > A5/1, A5/2 > Same key regardless of algorithm choice 11 LTE algorithms, for SKEW 2011 C1 - Unrestricted
12 LTE security architecture (part 2) SIM Visited network Home network K ASME K ASME ALG ID ALG ID Kα MOBILITY SIGNALLING: K α ALG ID Kβ ENCRYPT USING K α INTEGRITY PROTECT USING K β K β ALG ID ALG ID ALG ID Kγ Kδ RADIO RESOURCE SIGNALLING: ENCRYPT USING K γ INTEGRITY PROTECT USING K δ K γ K δ ALG ID ALG ID Encryption algorithm EEA, integrity algorithm EIA ALG ID USER PLANE: ALG ID K ε ENCRYPT USING K ε K ε 12 LTE algorithms, for SKEW 2011 C1 - Unrestricted
13 Original LTE algorithms (from day one) > Based on SNOW-3G 128-EEA1: straightforward stream cipher use 128-EIA1: polynomial UHF Identical to UMTS algorithms > Could have been based on Kasumi or AES; chose AES 128-EEA2: AES in counter mode 128-EIA2: AES in CMAC mode 13 LTE algorithms, for SKEW 2011 C1 - Unrestricted
14 The designers DACAS: Data Assurance and communication security research center, Chinese Academy of Sciences Dongdai Lin Xiutao Feng 14 LTE algorithms, for SKEW 2011 C1 - Unrestricted
15 May Aug Sep Oct Nov Dec Jan Feb Mar Apr May Aug Sep Oct Nov Dec Jan Feb Mar Apr May Plan A SAGE Paid expert team Algorithm acceptance (hopefully) Public Under NDA 15 LTE algorithms, for SKEW 2011 C1 - Unrestricted
16 May Aug Sep Oct Nov Dec Jan Feb Mar Apr May Aug Sep Oct Nov Dec Jan Feb Mar Apr May Plan B SAGE Agree and sign NDA Paid expert team Algorithm acceptance (hopefully) Public LTE algorithms, for SKEW 2011 C1 - Unrestricted
17 Take your time Advanced Encryption Standard process From Wikipedia, the free encyclopedia Start of the process On January 2, 1997, NIST announced that they wished to choose a successor to DES to be known as AES. The result of this feedback was a call for new algorithms on September 12, 1997 Rounds one and two In the nine months that followed, fifteen different designs were created and submitted. NIST held two conferences to discuss the submissions (AES1, August 1998 and AES2, March 1999), and in August 1999 they announced that they were narrowing the field from fifteen to five. AES3 conference in April Selection of the winner On October 2, 2000, NIST announced that Rijndael had been selected as the proposed AES. 17 LTE algorithms, for SKEW 2011 C1 - Unrestricted
18 Encryption COUNT DIRECTION COUNT DIRECTION BEARER LENGTH BEARER LENGTH KEY EEA KEY EEA KEYSTREAM BLOCK KEYSTREAM BLOCK PLAINTEXT BLOCK CIPHERTEXT BLOCK PLAINTEXT BLOCK Sender Receiver 18 LTE algorithms, for SKEW 2011 C1 - Unrestricted
19 Integrity COUNT DIRECTION MESSAGE COUNT DIRECTION MESSAGE BEARER LENGTH BEARER LENGTH KEY EIA KEY EIA Sender MAC-I Receiver XMAC-I 19 LTE algorithms, for SKEW 2011 C1 - Unrestricted
20 ZUC named after Zu Chongzhi 20 LTE algorithms, for SKEW 2011 C1 - Unrestricted
21 ZUC One of these words mixed into LFSR during nonlinear initialisation 21 LTE algorithms, for SKEW 2011 C1 - Unrestricted
22 Encryption algorithm 128-EEA3 22 LTE algorithms, for SKEW 2011 C1 - Unrestricted
23 Integrity algorithm 128-EIA3 Universal Hash Function 23 LTE algorithms, for SKEW 2011 C1 - Unrestricted
24 Initial SAGE > Fit for purpose > Smells OK Must be not just strong, but free of suspicion 24 LTE algorithms, for SKEW 2011 C1 - Unrestricted
25 May Aug Sep Oct Nov Dec Jan Feb Mar Apr May Aug Sep Oct Nov Dec Jan Feb Mar Apr May Plan B SAGE Agree and sign NDA Paid expert team Algorithm acceptance (hopefully) Public LTE algorithms, for SKEW 2011 C1 - Unrestricted
26 May Aug Sep Oct Nov Dec Jan Feb Mar Apr May Aug Sep Oct Nov Dec Jan Feb Mar Apr May Plan C SAGE Agree and sign NDA Expert team contract Paid expert team Algorithm acceptance (hopefully) Public LTE algorithms, for SKEW 2011 C1 - Unrestricted
27 External expert team > Codes and Ciphers Limited Carlos Cid, Sean Murphy, Fred Piper, Matthew Dodd > Alice and Bob Technologies Lars Knudsen, Bart Preneel, Vincent Rijmen > Several corrections / improvements to existing > All standard attack types considered all seem unlikely to succeed > Strength inherited from SNOW-like construction > Some components not fully explained > Like most UHF MACs not robust against nonce reuse 27 LTE algorithms, for SKEW 2011 C1 - Unrestricted
28 Conclusion of the SAGE and paid > Transparency is vital nothing suspicious 28 LTE algorithms, for SKEW 2011 C1 - Unrestricted
29 May Aug Sep Oct Nov Dec Jan Feb Mar Apr May Aug Sep Oct Nov Dec Jan Feb Mar Apr May Plan C SAGE Agree and sign NDA Expert team contract Paid expert team Algorithm acceptance (hopefully) Public LTE algorithms, for SKEW 2011 C1 - Unrestricted
30 May Aug Sep Oct Nov Dec Jan Feb Mar Apr May Aug Sep Oct Nov Dec Jan Feb Mar Apr May Plan D SAGE Agree and sign NDA Expert team contract Paid expert team Go public Public Algorithm acceptance (hopefully) LTE algorithms, for SKEW 2011 C1 - Unrestricted
31 Crypto rump session 31 LTE algorithms, for SKEW 2011 C1 - Unrestricted
32 IACR newsletter 32 LTE algorithms, for SKEW 2011 C1 - Unrestricted
33 The ZUC Forum 33 LTE algorithms, for SKEW 2011 C1 - Unrestricted
34 The first post 34 LTE algorithms, for SKEW 2011 C1 - Unrestricted
35 Questions > Why not AES? > Why not estream? > Chinese algorithm means China can break it? > Is there something wrong with the other LTE algorithms? > What happens now to the other LTE algorithms? > Why does China get this special privilege? > If every other country insists on a home-grown algorithm, will every LTE phone have to support 200 algorithms? > Authenticated encryption? 35 LTE algorithms, for SKEW 2011 C1 - Unrestricted
36 ZUC-10 Workshop 36 LTE algorithms, for SKEW 2011 C1 - Unrestricted
37 Loss of entropy in initialisation (1) Z mixed into LFSR during nonlinear initialisation Matthew Dodd (private communication) Bing Sun et al (ZUC workshop) 37 LTE algorithms, for SKEW 2011 C1 - Unrestricted
38 Loss of entropy in initialisation (2) z f s 16 = f z If s 16 = 0, set s 16 = Whatever f is z = f gives the same result as z = f Two IVs colliding state 38 LTE algorithms, for SKEW 2011 C1 - Unrestricted Hongjun Wu et al (AsiaCrypt rump session, IACR eprint archive)
39 Forgery attack on EIA3 0 Fuhr/Gilbert/Reinhard/Videau (ZUC workshop, IACR eprint archive) 39 LTE algorithms, for SKEW 2011 C1 - Unrestricted
40 New versions 40 LTE algorithms, for SKEW 2011 C1 - Unrestricted
41 May Aug Sep Oct Nov Dec Jan Feb Mar Apr May Aug Sep Oct Nov Dec Jan Feb Mar Apr May Plan D SAGE Agree and sign NDA Expert team contract Paid expert team Go public Public Algorithm acceptance (hopefully) LTE algorithms, for SKEW 2011 C1 - Unrestricted
42 May Aug Sep Oct Nov Dec Jan Feb Mar Apr May Aug Sep Oct Nov Dec Jan Feb Mar Apr May Plan E SAGE Agree and sign NDA Expert team contract Paid expert team Go public Public Algorithm revision Algorithm Algorithm acceptance acceptance (hopefully) (hopefully) Public LTE algorithms, for SKEW 2011 C1 - Unrestricted
43 Thank you or 43 LTE algorithms, for SKEW 2011 C1 - Unrestricted
44 f8 construction for UMTS > Note: a single frame of UMTS keystream will contain no more than bits (so bit blocks) Pre-whitening constant is fixed within a frame, different for different frames > Pre-whitening constant prevents known input/output pairs for single KASUMI > Simple OFB mode allows short cycles unlikely, but bad if they do happen > Pre-whitening plus simple counter mode gives distinguisher with 2 32 keystream blocks: e.g. if A is pre-whitening constant and C is block counter, if [A C] = [A C ] then likely that [A (C + d)] = [A (C + d)] for some small d > Simple counter mode without pre-whitening also gives block distinguisher: No collisions > With the f8 construction, and individual frames limited to bit blocks, the only distinguishers we found needed substantially more than 2 32 blocks In fact, more than 2 32 frames and frame counter COUNT is only 32 bits anyway 44 LTE algorithms, for SKEW 2011 C1 - Unrestricted
Design and Analysis of Cryptographic Algorithms for Mobile Communication Systems. Henri Gilbert Orange Labs.
Design and Analysis of Cryptographic Algorithms for Mobile Communication Systems Henri Gilbert Orange Labs {firstname.lastname@orange-ftgroup.com} outline development of cryptographic algorithms for a
More informationAEGIS. A Fast Authenticated Encryption Algorithm. Nanyang Technological University KU Leuven and iminds DIAC 2014 AEGIS 1
AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu Bart Preneel Nanyang Technological University KU Leuven and iminds 1 AEGIS: A shield carried by Athena and Zeus 2 Different Design Approaches:
More informationECE 646 Lecture 8. Modes of operation of block ciphers
ECE 646 Lecture 8 Modes of operation of block ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5 th and 6 th Edition, Chapter 6 Block Cipher Operation II. A. Menezes, P.
More informationWinter 2011 Josh Benaloh Brian LaMacchia
Winter 2011 Josh Benaloh Brian LaMacchia Symmetric Cryptography January 20, 2011 Practical Aspects of Modern Cryptography 2 Agenda Symmetric key ciphers Stream ciphers Block ciphers Cryptographic hash
More informationStream Ciphers and Block Ciphers
Stream Ciphers and Block Ciphers Ruben Niederhagen September 18th, 2013 Introduction 2/22 Recall from last lecture: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.
More informationStream Ciphers and Block Ciphers
Stream Ciphers and Block Ciphers 2MMC10 Cryptology Fall 2015 Ruben Niederhagen October 6th, 2015 Introduction 2/32 Recall: Public-key crypto: Pair of keys: public key for encryption, private key for decryption.
More informationSecurity functions in mobile communication systems
Security functions in mobile communication systems Dr. Hannes Federrath University of Technology Dresden Security demands Security functions of GSM Known attacks on GSM Security functions of UMTS Concepts
More informationAEGIS. A Fast Authenticated Encryption Algorithm. Nanyang Technological University KU Leuven and iminds DIAC 2015 AEGIS 1
AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu Bart Preneel Nanyang Technological University KU Leuven and iminds 1 AEGIS: A shield carried by Athena and Zeus 2 Different Design Approaches:
More informationKey Separation in Twofish
Twofish Technical Report #7 Key Separation in Twofish John Kelsey April 7, 2000 Abstract In [Mur00], Murphy raises questions about key separation in Twofish. We discuss this property of the Twofish key
More informationAEGIS. A Fast Authenticated Encryption Algorithm. Nanyang Technological University KU Leuven and iminds DIAC 2016 AEGIS 1
AEGIS A Fast Authenticated Encryption Algorithm Hongjun Wu Bart Preneel Nanyang Technological University KU Leuven and iminds DIAC 2016 AEGIS 1 AEGIS: A shield carried by Athena and Zeus DIAC 2016 AEGIS
More informationContents. GSM and UMTS Security. Cellular Radio Network Architecture. Introduction to Mobile Telecommunications
Royal Holloway, University of London, IC3 Network Security, 13 November 2006 Contents GSM and UMTS Security Introduction to mobile telecommunications Second generation systems - GSM security Third generation
More informationSome Aspects of Block Ciphers
Some Aspects of Block Ciphers Palash Sarkar Applied Statistics Unit Indian Statistical Institute, Kolkata India palash@isical.ac.in CU-ISI Tutorial Workshop on Cryptology, 17 th July 2011 Palash Sarkar
More informationNetwork Security: Cellular Security. Tuomas Aura T Network security Aalto University, Nov-Dec 2013
Network Security: Cellular Security Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2013 Outline Cellular networks GSM security architecture and protocols Counters UMTS AKA and session
More informationLecture 1 Applied Cryptography (Part 1)
Lecture 1 Applied Cryptography (Part 1) Patrick P. C. Lee Tsinghua Summer Course 2010 1-1 Roadmap Introduction to Security Introduction to Cryptography Symmetric key cryptography Hash and message authentication
More informationGoals of Modern Cryptography
Goals of Modern Cryptography Providing information security: Data Privacy Data Integrity and Authenticity in various computational settings. Data Privacy M Alice Bob The goal is to ensure that the adversary
More informationComputer Security CS 526
Computer Security CS 526 Topic 4 Cryptography: Semantic Security, Block Ciphers and Encryption Modes CS555 Topic 4 1 Readings for This Lecture Required reading from wikipedia Block Cipher Ciphertext Indistinguishability
More informationPrevious Intranet Initial intranet created in 2002 Created solely by Information Systems Very utilitarian i Created to permit people to access forms r
ACHIEVA Cafe Steve McDonell Previous Intranet Initial intranet created in 2002 Created solely by Information Systems Very utilitarian i Created to permit people to access forms remotely Not much content
More informationUndergraduate Admission File
Undergraduate Admission File June 13, 2007 Information Resources and Communications Office of the President University of California Overview Population The Undergraduate Admission File contains data on
More informationCryptography Functions
Cryptography Functions Lecture 3 1/29/2013 References: Chapter 2-3 Network Security: Private Communication in a Public World, Kaufman, Perlman, Speciner Types of Cryptographic Functions Secret (Symmetric)
More informationBlock Ciphers. Secure Software Systems
1 Block Ciphers 2 Block Cipher Encryption function E C = E(k, P) Decryption function D P = D(k, C) Symmetric-key encryption Same key is used for both encryption and decryption Operates not bit-by-bit but
More informationNIST Cryptographic Toolkit
Cryptographic Toolkit Elaine Barker ebarker@nist.gov National InformationSystem Security Conference October 16, 2000 Toolkit Purpose The Cryptographic Toolkit will provide Federal agencies, and others
More informationUpdate on NIST Post-Quantum Cryptography Standardization. Lily Chen National Institute of Standards and Technology USA
Update on NIST Post-Quantum Cryptography Standardization Lily Chen National Institute of Standards and Technology USA Where we are? Dec 2016 NIST Announcement of Call for Proposals on post-quantum cryptography
More informationAn Introduction to new Stream Cipher Designs
An Introduction to new Stream Cipher Designs Ways of Turning Your Data into Line Noise T. E. Bjørstad The Selmer Center, Department of Informatics University of Bergen, Norway 25th Chaos Communications
More informationOn the Applicability of Distinguishing Attacks Against Stream Ciphers
On the Applicability of Distinguishing Attacks Against Stream Ciphers Greg Rose, Philip Hawkes QUALCOMM Australia {ggr, phawkes}@qualcomm.com Abstract. We demonstrate that the existence of distinguishing
More informationCryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology
Cryptography & Key Exchange Protocols Faculty of Computer Science & Engineering HCMC University of Technology Outline 1 Cryptography-related concepts 2 3 4 5 6 7 Key channel for symmetric cryptosystems
More informationData Integrity & Authentication. Message Authentication Codes (MACs)
Data Integrity & Authentication Message Authentication Codes (MACs) Goal Ensure integrity of messages, even in presence of an active adversary who sends own messages. Alice (sender) Bob (receiver) Fran
More informationETSI TS V3.4.0 ( )
TS 133 103 V3.4.0 (2000-10) Technical Specification Universal Mobile Telecommunications System (UMTS); 3G Security; Integration Guidelines (3GPP TS 33.103 version 3.4.0 Release 1999) 1 TS 133 103 V3.4.0
More informationHOST Cryptography III ECE 525 ECE UNM 1 (1/18/18)
AES Block Cipher Blockciphers are central tool in the design of protocols for shared-key cryptography What is a blockcipher? It is a function E of parameters k and n that maps { 0, 1} k { 0, 1} n { 0,
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More informationStream Ciphers An Overview
Stream Ciphers An Overview Palash Sarkar Indian Statistical Institute, Kolkata email: palash@isicalacin stream cipher overview, Palash Sarkar p1/51 Classical Encryption Adversary message ciphertext ciphertext
More informationCryptographic Hash Functions
Cryptographic Hash Functions Çetin Kaya Koç koc@cs.ucsb.edu Çetin Kaya Koç http://koclab.org Winter 2017 1 / 34 Cryptographic Hash Functions A hash function provides message integrity and authentication
More informationLecture 2: Secret Key Cryptography
T-79.159 Cryptography and Data Security Lecture 2: Secret Key Cryptography Helger Lipmaa Helsinki University of Technology helger@tcs.hut.fi 1 Reminder: Communication Model Adversary Eve Cipher, Encryption
More informationData Integrity & Authentication. Message Authentication Codes (MACs)
Data Integrity & Authentication Message Authentication Codes (MACs) Goal Ensure integrity of messages, even in presence of an active adversary who sends own messages. Alice (sender) Bob (reciever) Fran
More informationAIMMS Function Reference - Date Time Related Identifiers
AIMMS Function Reference - Date Time Related Identifiers This file contains only one chapter of the book. For a free download of the complete book in pdf format, please visit www.aimms.com Aimms 3.13 Date-Time
More informationContent of this part
UNIVERSITY OF MASSACHUSETTS Dept. of Electrical & Computer Engineering Introduction to Cryptography ECE 597XX/697XX Part 4 The Advanced Encryption Standard (AES) Israel Koren ECE597/697 Koren Part.4.1
More informationBlock ciphers used to encode messages longer than block size Needs to be done correctly to preserve security Will look at five ways of doing this
Lecturers: Mark D. Ryan and David Galindo. Cryptography 2015. Slide: 74 Block ciphers used to encode messages longer than block size Needs to be done correctly to preserve security Will look at five ways
More informationQuestioning the Feasibility of UMTS GSM Interworking Attacks
Questioning the Feasibility of UMTS GSM Interworking Attacks Christoforos Ntantogian 1, Christos Xenakis 2 1 Department of Informatics and Telecommunications, University of Athens, Greece 2 Department
More informationCOMP4109 : Applied Cryptography
COMP4109 : Applied Cryptography Fall 2013 M. Jason Hinek Carleton University Applied Cryptography Day 8 (and maybe 9) secret-key primitives Message Authentication Codes Pseudorandom number generators 2
More informationCryptography Trends: A US-Based Perspective. Burt Kaliski, RSA Laboratories IPA/TAO Cryptography Symposium October 20, 2000
Cryptography Trends: A US-Based Perspective Burt Kaliski, RSA Laboratories IPA/TAO Cryptography Symposium October 20, 2000 Outline Advanced Encryption Standard Dominant design Thoughts on key size Advanced
More information1 Achieving IND-CPA security
ISA 562: Information Security, Theory and Practice Lecture 2 1 Achieving IND-CPA security 1.1 Pseudorandom numbers, and stateful encryption As we saw last time, the OTP is perfectly secure, but it forces
More informationCourse Business. Midterm is on March 1. Final Exam is Monday, May 1 (7 PM) Allowed to bring one index card (double sided) Location: Right here
Course Business Midterm is on March 1 Allowed to bring one index card (double sided) Final Exam is Monday, May 1 (7 PM) Location: Right here 1 Cryptography CS 555 Topic 18: AES, Differential Cryptanalysis,
More informationEncryption. INST 346, Section 0201 April 3, 2018
Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:
More informationCIMA Asia. Interactive Timetable Live Online
CIMA Asia Interactive Timetable 2017 2018 Live Online Version 1 Information last updated 09 October 2017 Please note: Information and dates in this timetable are subject to change. CIMA Cert BA Course
More informationScanned by CamScanner
Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Scanned by CamScanner Symmetric-Key Cryptography CS 161: Computer Security
More informationInformation Security CS526
Information CS 526 Topic 3 Ciphers and Cipher : Stream Ciphers, Block Ciphers, Perfect Secrecy, and IND-CPA 1 Announcements HW1 is out, due on Sept 10 Start early, late policy is 3 total late days for
More informationGSM Security Overview
GSM Security Overview Mehdi Hassanzadeh Mehdi.Hassanzadeh@ii.uib.no Selmer Center, University of Bergen, Norway Norsk ryptoseminar, Bergen, November 9-10, 2011 Agenda A5 Overview : Attack History on A5/1
More informationFreedom of Information Act 2000 reference number RFI
P. Norris By email to: xxxxxxxxxxxxxxxxxxxxxx@xxxxxxxxxxxxxx.xxm 02 November 2011 Dear P. Norris Freedom of Information Act 2000 reference number RFI20111218 Thank you for your request under the Freedom
More informationECE 646 Lecture 7. Modes of Operation of Block Ciphers. Modes of Operation. Required Reading:
C 646 Lecture 7 Modes of Operation of Block Ciphers Required Reading: I. W. Stallings, "Cryptography and Network-Security," 5th dition, Chapter 6 Block Cipher Operation II. A. Menezes, P. van Oorschot,
More informationCommunication and Distributed Systems Seminar on : LTE Security. By Anukriti Shrimal May 09, 2016
Communication and Distributed Systems Seminar on : LTE Security By Anukriti Shrimal May 09, 2016 LTE network with interfaces LTE Security 2 Contents LTE Security : Why, What, How EPS Architecture Design
More informationSymmetric Cryptography
CSE 484 (Winter 2010) Symmetric Cryptography Tadayoshi Kohno Thanks to Dan Boneh, Dieter Gollmann, John Manferdelli, John Mitchell, Vitaly Shmatikov, Bennet Yee, and many others for sample slides and materials...
More informationRef:
Cryptography & digital signature Dec. 2013 Ref: http://cis.poly.edu/~ross/ 2 Cryptography Overview Symmetric Key Cryptography Public Key Cryptography Message integrity and digital signatures References:
More informationDATE OF BIRTH SORTING (DBSORT)
DATE OF BIRTH SORTING (DBSORT) Release 3.1 December 1997 - ii - DBSORT Table of Contents 1 Changes Since Last Release... 1 2 Purpose... 3 3 Limitations... 5 3.1 Command Line Parameters... 5 4 Input...
More information3 rd SKINNY Breaking Competition
3 rd SKINNY Breaking Competition C. Beierle, J. Jean, S. Kӧlbl, G. Leander, A. Moradi, T. Peyrin, Y. Sasaki, P. Sasdrich and S.M. Sim Eurocrypt 2018 Rump Session@ Tel Aviv 01/May/2018 SKINNY Overview Lightweight
More informationBlock cipher modes. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 75
Block cipher modes Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 75 Lecturers: Mark D. Ryan and David Galindo. Cryptography 2017. Slide: 76 Block cipher modes Block ciphers (like
More information3GPP TS V4.0.0 ( )
TS 35.205 V4.0.0 (2001-04) Technical Specification 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; 3G Security; Specification of the MILENAGE Algorithm Set:
More informationOutline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 4 Department of Electrical and Computer Engineering Cleveland State University wenbing@ieee.org Outline Review
More informationStakeholder consultation process and online consultation platform
Stakeholder consultation process and online consultation platform Grant agreement no.: 633107 Deliverable No. D6.2 Stakeholder consultation process and online consultation platform Status: Final Dissemination
More informationSecret Key Cryptography
Secret Key Cryptography 1 Block Cipher Scheme Encrypt Plaintext block of length N Decrypt Secret key Cipher block of length N 2 Generic Block Encryption Convert a plaintext block into an encrypted block:
More information9/30/2016. Cryptography Basics. Outline. Encryption/Decryption. Cryptanalysis. Caesar Cipher. Mono-Alphabetic Ciphers
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng Basic concepts in cryptography systems Secret cryptography Public cryptography 1 2 Encryption/Decryption Cryptanalysis
More informationrte_security: An update and introducing PDCP
rte_security: An update and introducing PDCP Akhil Goyal (NXP) Hemant Agrawal (NXP) DPDK Summit Dublin- 2018 Agenda Rte_security A brief recap PDCP - Introduction Rte_security Updates for PDCP Protocol
More informationCryptography Basics. IT443 Network Security Administration Slides courtesy of Bo Sheng
Cryptography Basics IT443 Network Security Administration Slides courtesy of Bo Sheng 1 Outline Basic concepts in cryptography systems Secret key cryptography Public key cryptography Hash functions 2 Encryption/Decryption
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 2 Cryptographic Tools First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Cryptographic Tools cryptographic algorithms
More informationCryptography: Symmetric Encryption [continued]
CSE 484 / CSE M 584: Computer Security and Privacy Cryptography: Symmetric Encryption [continued] Fall 2016 Ada (Adam) Lerner lerner@cs.washington.edu Thanks to Franzi Roesner, Dan Boneh, Dieter Gollmann,
More informationUnderstanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl
Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 5 More About Block Ciphers ver. November 26, 2010 Last modified 10-2-17
More informationCache Timing Attacks in Cryptography
Cache Timing Attacks in Cryptography Erik Zenner Technical University Denmark (DTU) Institute for Mathematics e.zenner@mat.dtu.dk DTU, Oct. 10, 2007 Erik Zenner (DTU-MAT) Cache Timing Attacks in Cryptography
More informationSNOW 3G Stream Cipher Operation and Complexity Study
Contemporary Engineering Sciences, Vol. 3, 2010, no. 3, 97-111 SNOW 3G Stream Cipher Operation and Complexity Study Ghizlane ORHANOU ghizlane.orhanou@gmail.com Said EL HAJJI elhajji@fsr.ac.ma Youssef BENTALEB
More informationCIMA Asia. Interactive Timetable Live Online
CIMA Asia Interactive Timetable 2018 Live Online Information version 8 last updated 04/05/18 Please note information and dates are subject to change. Premium Learning Partner 2018 CIMA Cert BA Course Overview
More informationChapter 3 Block Ciphers and the Data Encryption Standard
Chapter 3 Block Ciphers and the Data Encryption Standard Last Chapter have considered: terminology classical cipher techniques substitution ciphers cryptanalysis using letter frequencies transposition
More informationIntroduction to Cryptology. Lecture 17
Introduction to Cryptology Lecture 17 Announcements HW7 due Thursday 4/7 Looking ahead: Practical constructions of CRHF Start Number Theory background Agenda Last time SPN (6.2) This time Feistel Networks
More information3 Symmetric Cryptography
CA4005: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 3 Symmetric Cryptography Symmetric Cryptography Alice Bob m Enc c = e k (m) k c c Dec m = d k (c) Symmetric cryptography uses the same secret key k for encryption
More informationNIST Post- Quantum Cryptography Standardiza9on
NIST Post- Quantum Cryptography Standardiza9on Lily Chen Cryptographic Technology Group Computer Security Division, Informa9on Technology Lab Na9onal Ins9tute of Standards and Technology (NIST) NIST Crypto
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationCryptography Introduction
Cryptography Introduction Last Updated: Aug 20, 2013 Terminology Access Control o Authentication Assurance that entities are who they claim to be o Authorization Assurance that entities have permission
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms
Introduction to Network Security Missouri S&T University CPE 5420 Data Integrity Algorithms Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of
More information3GPP TS V ( )
TS 33.401 V11.5.0 (2012-09) Technical Specification 3rd Generation Partnership Project; Technical Specification Group Services and System Aspects; System Architecture Evolution (SAE); Security architecture
More informationUnderstanding Cryptography by Christof Paar and Jan Pelzl. Chapter 4 The Advanced Encryption Standard (AES) ver. October 28, 2009
Understanding Cryptography by Christof Paar and Jan Pelzl www.crypto-textbook.com Chapter 4 The Advanced Encryption Standard (AES) ver. October 28, 29 These slides were prepared by Daehyun Strobel, Christof
More informationComputational Security, Stream and Block Cipher Functions
Computational Security, Stream and Block Cipher Functions 18 March 2019 Lecture 3 Most Slides Credits: Steve Zdancewic (UPenn) 18 March 2019 SE 425: Communication and Information Security 1 Topics for
More informationDaniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven
Goals of authenticated encryption Daniel J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven More details, credits: competitions.cr.yp.to /features.html Encryption sender
More informationThe Rectangle Attack
The Rectangle Attack and Other Techniques for Cryptanalysis of Block Ciphers Orr Dunkelman Computer Science Dept. Technion joint work with Eli Biham and Nathan Keller Topics Block Ciphers Cryptanalysis
More informationNetwork Security Essentials Chapter 2
Network Security Essentials Chapter 2 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Encryption What is encryption? Why do we need it? No, seriously, let's discuss this. Why do we need
More informationNew Time-Memory-Data Trade-Off Attack on the Estream Finalists and Modes of Operation of Block Ciphers
New Time-Memory-Data Trade-Off Attack on the Estream Finalists and Modes of Operation of Block Ciphers Khoongming Khoo DSO National Laboratories, 20 Science Park Drive, S118230, Singapore. kkhoongm@dso.org.sg
More informationECE596C: Handout #7. Analysis of DES and the AES Standard. Electrical and Computer Engineering, University of Arizona, Loukas Lazos
ECE596C: Handout #7 Analysis of DES and the AES Standard Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract. In this lecture we analyze the security properties of DES and
More informationPrivate-Key Encryption
Private-Key Encryption Ali El Kaafarani Mathematical Institute Oxford University 1 of 50 Outline 1 Block Ciphers 2 The Data Encryption Standard (DES) 3 The Advanced Encryption Standard (AES) 4 Attacks
More informationVlad Kolesnikov Bell Labs
Vlad Kolesnikov Bell Labs DIMACS/Northeast Big Data Hub Workshop on Privacy and Security for Big Data Apr 25, 2017 You are near Starbucks; here is a special Legislation may require user consent each time
More informationCryptography MIS
Cryptography MIS-5903 http://community.mis.temple.edu/mis5903sec011s17/ Cryptography History Substitution Monoalphabetic Polyalphabetic (uses multiple alphabets) uses Vigenere Table Scytale cipher (message
More informationFundamentals of Computer Security
Fundamentals of Computer Security Spring 2015 Radu Sion Ciphers 2005-15 Portions copyright by Matt Bishop and Wikipedia. Used with permission Overview m 3 m 2 m 1 cipher c i Bob Alice cipher -1 m 1 m 2
More informationFeedback Week 4 - Problem Set
4/26/13 Homework Feedback Introduction to Cryptography Feedback Week 4 - Problem Set You submitted this homework on Mon 17 Dec 2012 11:40 PM GMT +0000. You got a score of 10.00 out of 10.00. Question 1
More informationHow to Use Your Block Cipher? Palash Sarkar
How to Use Your Block Cipher? Palash Sarkar Applied Statistics Unit Indian Statistical Institute, Kolkata India palash@isical.ac.in IACITS New Delhi, 2 nd April 2009 Palash Sarkar (ISI, Kolkata) Using
More informationS. Erfani, ECE Dept., University of Windsor Network Security
4.11 Data Integrity and Authentication It was mentioned earlier in this chapter that integrity and protection security services are needed to protect against active attacks, such as falsification of data
More informationA New Attack on the LEX Stream Cipher
A New Attack on the LEX Stream Cipher Orr Dunkelman, and Nathan Keller, École Normale Supérieure Département d Informatique, CNRS, INRIA 5 rue d Ulm, 50 Paris, France. orr.dunkelman@ens.fr Einstein Institute
More information3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some
3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some popular block ciphers Triple DES Advanced Encryption
More informationIntroduction to Cryptographic Systems. Asst. Prof. Mihai Chiroiu
Introduction to Cryptographic Systems Asst. Prof. Mihai Chiroiu Vocabulary In cryptography, cyphertext is the result of encryption performed on plaintext using an algorithm, called a cipher. Decryption
More informationLecture Note 05 Date:
P.Lafourcade Lecture Note 05 Date: 29.09.2009 Security models 1st Semester 2008/2009 MANGEOT Guillaume ROJAT Antoine THARAUD Jrmie Contents 1 Block Cipher Modes 2 1.1 Electronic Code Block (ECB) [Dwo01]....................
More informationBlock ciphers. CS 161: Computer Security Prof. Raluca Ada Popa. February 26, 2016
Block ciphers CS 161: Computer Security Prof. Raluca Ada Popa February 26, 2016 Announcements Last time Syntax of encryption: Keygen, Enc, Dec Security definition for known plaintext attack: attacker provides
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationHardware Architectures
Hardware Architectures Secret-key Cryptography Public-key Cryptography Cryptanalysis AES & AES candidates estream candidates Hash Functions SHA-3 Montgomery Multipliers ECC cryptosystems Pairing-based
More informationAPNIC elearning: Cryptography Basics
APNIC elearning: Cryptography Basics 27 MAY 2015 03:00 PM AEST Brisbane (UTC+10) Issue Date: Revision: Introduction Presenter Sheryl Hermoso Training Officer sheryl@apnic.net Specialties: Network Security
More informationTwo Attacks on Reduced IDEA (Extended Abstract)
1 Two Attacks on Reduced IDEA (Extended Abstract) Johan Borst 1, Lars R. Knudsen 2, Vincent Rijmen 2 1 T.U. Eindhoven, Discr. Math., P.O. Box 513, NL-5600 MB Eindhoven, borst@win.tue.nl 2 K.U. Leuven,
More informationMisuse-resistant crypto for JOSE/JWT
Misuse-resistant crypto for JOSE/JWT Neil Madden OAuth Security Workshop, 2018 1 JOSE Content Encryption Methods Provide authenticated encryption AES-CBC with HMAC-SHA2 Requires random 128-bit IV Must
More informationImplementation of the block cipher Rijndael using Altera FPGA
Regular paper Implementation of the block cipher Rijndael using Altera FPGA Piotr Mroczkowski Abstract A short description of the block cipher Rijndael is presented. Hardware implementation by means of
More information