on related key attacks and kasumi the case of a5 3
play

On related-key attacks and KASUMI: the case of A5/3 Phuong Ha Nguyen - PowerPoint PPT Presentation

Feb 22, 2023 •352 likes •624 views

Motivation 64-bit key version of Kasumi used for A5/3 Upper bound for any 3-round related-key differential over A5/3 Resistance against Crypto2010 Attack Conclusion On related-key attacks and KASUMI: the case of A5/3 Phuong Ha Nguyen 1 ,

  1. Motivation 64-bit key version of Kasumi used for A5/3 Upper bound for any 3-round related-key differential over A5/3 Resistance against Crypto2010 Attack Conclusion On related-key attacks and KASUMI: the case of A5/3 Phuong Ha Nguyen 1 , M.J.B. Robshaw 2 , Huaxiong Wang 1 1 Nanyang Technological University, Singapore 2 Applied Cryptography Group, Orange Labs, France NG0007HA@e.ntu.edu.sg , hxwang@ntu.edu.sg matt.robshaw@orange-ftgroup.com INDOCRYPT 2011, 11-14 DEC 2011 Phuong Ha Nguyen, M.J.B. Robshaw, Huaxiong Wang On related-key attacks and KASUMI: the case of A5/3

  2. Motivation 64-bit key version of Kasumi used for A5/3 Upper bound for any 3-round related-key differential over A5/3 Resistance against Crypto2010 Attack Conclusion Talk Overview Motivation 1 64-bit key version of Kasumi used for A5/3 2 Structure of 128-bit key version Structure of 64-bit key version Upper bound for any 3-round related-key differential over 3 A5/3 Resistance against Crypto2010 Attack 4 Conclusion 5 Phuong Ha Nguyen, M.J.B. Robshaw, Huaxiong Wang On related-key attacks and KASUMI: the case of A5/3

  3. Motivation 64-bit key version of Kasumi used for A5/3 Upper bound for any 3-round related-key differential over A5/3 Resistance against Crypto2010 Attack Conclusion Phuong Ha Nguyen, M.J.B. Robshaw, Huaxiong Wang On related-key attacks and KASUMI: the case of A5/3

  4. Motivation 64-bit key version of Kasumi used for A5/3 Upper bound for any 3-round related-key differential over A5/3 Resistance against Crypto2010 Attack Conclusion Content and Motivation Presenting Kasumi version with 64-bit key used for A5/3. Prove that the upper bound for any three-round related-key differential over Kasumi with 64-bit key is 2 − 18 Based on the upper bound, the Crypto2010 attack on 128-bit key version of Kasumi is not applicable to 64-bit version. Phuong Ha Nguyen, M.J.B. Robshaw, Huaxiong Wang On related-key attacks and KASUMI: the case of A5/3

  5. Motivation 64-bit key version of Kasumi used for A5/3 Structure of 128-bit key version Upper bound for any 3-round related-key differential over A5/3 Structure of 64-bit key version Resistance against Crypto2010 Attack Conclusion 128-bit key version of Kasumi The block cipher Kasumi with 128-bit key is used in 3G networks and it resists well against traditional linear and differential cryptanalysis. The 128-bit key K is divided into eight 16-bit word , i.e K = ( K 0 , K 1 , K 2 , K 3 , K 4 , K 5 , K 6 , K 7 ) . Related-key differential cryptanalysis is the differential cryptanalysis has not only the differences in the input and output texts but also in the key. The 128-bit version is broken in practical time by attack of Crypto2010 which based on the related-key techniques. Phuong Ha Nguyen, M.J.B. Robshaw, Huaxiong Wang On related-key attacks and KASUMI: the case of A5/3

  6. Motivation 64-bit key version of Kasumi used for A5/3 Structure of 128-bit key version Upper bound for any 3-round related-key differential over A5/3 Structure of 64-bit key version Resistance against Crypto2010 Attack Conclusion FIGURE 2: Computation graph for the encryption process of the KASUMI cipher Phuong Ha Nguyen, M.J.B. Robshaw, Huaxiong Wang On related-key attacks and KASUMI: the case of A5/3

  7. Motivation 64-bit key version of Kasumi used for A5/3 Structure of 128-bit key version Upper bound for any 3-round related-key differential over A5/3 Structure of 64-bit key version Resistance against Crypto2010 Attack Conclusion FIGURE 1: FUNCTION FL Phuong Ha Nguyen, M.J.B. Robshaw, Huaxiong Wang On related-key attacks and KASUMI: the case of A5/3

  8. Motivation 64-bit key version of Kasumi used for A5/3 Structure of 128-bit key version Upper bound for any 3-round related-key differential over A5/3 Structure of 64-bit key version Resistance against Crypto2010 Attack Conclusion FIGURE 3: FUNCTION F0 AND FI Phuong Ha Nguyen, M.J.B. Robshaw, Huaxiong Wang On related-key attacks and KASUMI: the case of A5/3

  9. Motivation 64-bit key version of Kasumi used for A5/3 Structure of 128-bit key version Upper bound for any 3-round related-key differential over A5/3 Structure of 64-bit key version Resistance against Crypto2010 Attack Conclusion FIGURE 4: KEY SCHEDULE Phuong Ha Nguyen, M.J.B. Robshaw, Huaxiong Wang On related-key attacks and KASUMI: the case of A5/3

  10. Motivation 64-bit key version of Kasumi used for A5/3 Structure of 128-bit key version Upper bound for any 3-round related-key differential over A5/3 Structure of 64-bit key version Resistance against Crypto2010 Attack Conclusion 64-bit key version of Kasumi The 64-bit key version of Kasumi is modified to adapt the requirement for the algorithm A5/3, i.e there are only 64-bit key used. The key schedule is similar to that of original one, the only difference is the redundancy is added, i.e K = ( K 0 , K 1 , K 2 , K 3 , K 0 , K 1 , K 2 , K 3 ) or K 0 = K 4 , K 1 = K 5 , K 2 = K 6 , K 3 = K 7 . The 64-bit key version resists well again Crypto2010 attack. To deeply understand this resistance, the upper bound of any 3-round related key differential is studied. For the sake of convenience, the word ”block cipher Kasumi” refers to ”the 64-bit key version of Kasumi”. Phuong Ha Nguyen, M.J.B. Robshaw, Huaxiong Wang On related-key attacks and KASUMI: the case of A5/3

  11. Motivation 64-bit key version of Kasumi used for A5/3 Upper bound for any 3-round related-key differential over A5/3 Resistance against Crypto2010 Attack Conclusion the general structure of Kasumi The block cipher Kasumi consists of 8 rounds R 1 , . . . , R 8 . In R i := FL → FO or FO → FL In function FL:= (AND,ROTATION) → (OR,ROTATION). In function FO:= FI 1 → FI 2 → FI 3 In function FI i := S 9 → S 7 → S 9 → S 7 . Phuong Ha Nguyen, M.J.B. Robshaw, Huaxiong Wang On related-key attacks and KASUMI: the case of A5/3

  12. Motivation 64-bit key version of Kasumi used for A5/3 Upper bound for any 3-round related-key differential over A5/3 Resistance against Crypto2010 Attack Conclusion To prove the upper bound for 3-round related-key differential, we have done in 4 following steps: 1 proving the upper bound for FI with key difference ∆( KI ) � = 0 is 2 − 6 2 In a round of Kasumi, if FO has one active ∆ KI then the upper bound of a differential characteristic of the round is 2 − 6 . If there are at least two active ∆ KI , then the upper bound is 2 − 12 3 The upper bound for any 3-round consecutive is less or equal to the product of upper bound of 2 any rounds of them. 4 Proving the upper bound for any 3-round related-key differential is 2 − 18 All the above steps are formalized in the following lemmas and theorem. Phuong Ha Nguyen, M.J.B. Robshaw, Huaxiong Wang On related-key attacks and KASUMI: the case of A5/3

  13. Motivation 64-bit key version of Kasumi used for A5/3 Upper bound for any 3-round related-key differential over A5/3 Resistance against Crypto2010 Attack Conclusion Lemma 1 Lemma For any (active or inactive) input difference to the KASUMI function FI with key difference ∆( KI ) � = 0 , the probability of a differential characteristic is ≤ 2 − 6 . Proof. The result comes from the fact that when only one S 7 is active then the probability of differential is 2 − 6 and this probability is the upper bound. Phuong Ha Nguyen, M.J.B. Robshaw, Huaxiong Wang On related-key attacks and KASUMI: the case of A5/3

  14. Motivation 64-bit key version of Kasumi used for A5/3 Upper bound for any 3-round related-key differential over A5/3 Resistance against Crypto2010 Attack Conclusion Phuong Ha Nguyen, M.J.B. Robshaw, Huaxiong Wang On related-key attacks and KASUMI: the case of A5/3

  15. Motivation 64-bit key version of Kasumi used for A5/3 Upper bound for any 3-round related-key differential over A5/3 Resistance against Crypto2010 Attack Conclusion Lemma 2 Lemma In a round of KASUMI, if FO has one active ∆ KI then the maximum probability of a differential characteristic is 2 − 6 . If there are at least two active ∆ KI then the maximum probability of a differential characteristic is 2 − 12 . Proof. Please find the proof in paper. Phuong Ha Nguyen, M.J.B. Robshaw, Huaxiong Wang On related-key attacks and KASUMI: the case of A5/3

  16. Motivation 64-bit key version of Kasumi used for A5/3 Upper bound for any 3-round related-key differential over A5/3 Resistance against Crypto2010 Attack Conclusion Lemma 3 Lemma Write the key inputs to FO as ( KO 1 , KO 2 , KO 3 ) and ( KI 1 , KI 2 , KI 3 ) . For any (active or inactive) text input to FO, and for any active key difference in at least one of ( KO 1 , KO 2 , or KO 3 ) there must be at least one FI function that is differentially active except in the following three cases: 1 ∆( KO 1 ) � = 0 , ∆( KO 2 ) = 0 , and ∆( KO 3 ) = 0 . 2 ∆( KO 1 ) = 0 , ∆( KO 2 ) � = 0 , and ∆( KO 3 ) � = 0 . 3 ∆( KO 1 ) � = 0 , ∆( KO 2 ) � = 0 , and ∆( KO 3 ) � = 0 . Proof. Please find the proof in the paper. Phuong Ha Nguyen, M.J.B. Robshaw, Huaxiong Wang On related-key attacks and KASUMI: the case of A5/3

  17. Motivation 64-bit key version of Kasumi used for A5/3 Upper bound for any 3-round related-key differential over A5/3 Resistance against Crypto2010 Attack Conclusion Phuong Ha Nguyen, M.J.B. Robshaw, Huaxiong Wang On related-key attacks and KASUMI: the case of A5/3

Recommend

On the Provable Security of the Iterated Even-Mansour Cipher against Related-Key and Chosen-Key

On the Provable Security of the Iterated Even-Mansour Cipher against Related-Key and Chosen-Key

Introduction Related-Key Attacks Chosen-Key Attacks Conclusion On the Provable Security of the Iterated Even-Mansour Cipher against Related-Key and Chosen-Key Attacks Benot Cogliati 1 and Yannick Seurin 2 1 Versailles University, France 2

1.23k views • 94 slides
Related-Key Attacks Orr Dunkelman Department of Computer Science, University of Haifa Faculty of

Related-Key Attacks Orr Dunkelman Department of Computer Science, University of Haifa Faculty of

Related-Key Attacks Slide Statistical RK Related-Key Attacks Orr Dunkelman Department of Computer Science, University of Haifa Faculty of Mathematics and Computer Science Weizmann Institute of Science June 2nd, 2011 Orr Dunkelman

441 views • 42 slides
Case presentation Non diabetic patient with hypoglycemic attacks 30 years old Non

Case presentation Non diabetic patient with hypoglycemic attacks 30 years old Non

Case presentation Non diabetic patient with hypoglycemic attacks 30 years old Non diabetic female patient History of several unexplained hypoglycaemic attacks CECT- Pancreatic head lesion Serum insulin level- elevated

432 views • 29 slides
Generic Related-key Attacks for HMAC Thomas Peyrin, Yu Sasaki and Lei Wang Nanyang Technological

Generic Related-key Attacks for HMAC Thomas Peyrin, Yu Sasaki and Lei Wang Nanyang Technological

Introduction A generic related-key attack on HMAC Conclusion Generic Related-key Attacks for HMAC Thomas Peyrin, Yu Sasaki and Lei Wang Nanyang Technological University - Singapore NTT - Japan Asiacrypt 2012 Beijing, China - December 5, 2012

3.43k views • 42 slides
A Unified Approach to Related-Key Attacks Orr Dunkelman Katholieke Universitiet Leuven, Dept.

A Unified Approach to Related-Key Attacks Orr Dunkelman Katholieke Universitiet Leuven, Dept.

A Unified Approach to Related-Key Attacks Orr Dunkelman Katholieke Universitiet Leuven, Dept. of Electrical Engineering ESAT- SCD/COSIC joint work with Eli Biham and Nathan Keller 1/46 Outline of the Talk Previous Results: Original

600 views • 46 slides
CASE STUDY 2 FAINTING ATTACKS FAINTING ANYTHING FROM A NUISANCE TO SERIOUS A 55 year old man

CASE STUDY 2 FAINTING ATTACKS FAINTING ANYTHING FROM A NUISANCE TO SERIOUS A 55 year old man

CASE STUDY 2 FAINTING ATTACKS FAINTING ANYTHING FROM A NUISANCE TO SERIOUS A 55 year old man was admitted to coronary care after an episode of blackout or syncope as doctors call it. Over the last 6-9 months he had four additional episodes

349 views • 9 slides
Empirical study of the impact of Metasploit-related attacks in 4 years of attack traces E.

Empirical study of the impact of Metasploit-related attacks in 4 years of attack traces E.

Empirical study of the impact of Metasploit-related attacks in 4 years of attack traces E. Ramirez-Silva and M. Dacier Eurcom Institute - Sophia Antipolis, France ASIAN'07 December 11, 2007- Doha, Qatar Introduction Overview Introduction

584 views • 42 slides
Related-key Attacks Against Full Hummingbird-2 Markku-Juhani O. Saarinen mjos@iki.fi Research

Related-key Attacks Against Full Hummingbird-2 Markku-Juhani O. Saarinen mjos@iki.fi Research

Related-key Attacks Against Full Hummingbird-2 Markku-Juhani O. Saarinen mjos@iki.fi Research (and my travel!) sponsored by current Intellectual Property owners of Hummingbird-2. Fast Software Encryption 2013 Singapore, Singapore 13 March

719 views • 25 slides
Outline Cases in Sport Related Case 1: Concussion Management 16 y/o FB Player, helmet to

Outline Cases in Sport Related Case 1: Concussion Management 16 y/o FB Player, helmet to

10/23/2018 Outline Cases in Sport Related Case 1: Concussion Management 16 y/o FB Player, helmet to helmet contact The Team Approach Case 2: 17 y/o Cheerleader, MVA Case 3: Panel: - Aimee Custer, PsyD 48 y/o Cyclist,

319 views • 5 slides
s rsrt Case study: information sharing

s rsrt Case study: information sharing

s rsrt Case study: information sharing in incident response Tyler Moore Phishing attacks Challenges of information sharing To combat phishing attacks, defenders take down the

913 views • 13 slides
It Its only a ly a case e rep eport and nd related ed n nonsen ense

It Its only a ly a case e rep eport and nd related ed n nonsen ense

It Its only a ly a case e rep eport and nd related ed n nonsen ense David Juurlink University of Toronto CSIM 2018 Oblig igatory D Disclosure S e Slide Personal income Clinical billings Salary support UofT,

927 views • 74 slides
IoDDoS The Internet of Distributed Denial of Service Attacks A Case Study of the Mirai

IoDDoS The Internet of Distributed Denial of Service Attacks A Case Study of the Mirai

SPAWAR S YSTEMS C ENTER P ACIFIC IoDDoS The Internet of Distributed Denial of Service Attacks A Case Study of the Mirai Malware and IoT-Based Botnets 24-26 April, 2017 Presented at the 2 nd International Conference Presented by Roger

654 views • 20 slides
Improved Constructions of PRFs Secure Against Related-Key Attacks Kevin Lewi Hart Montgomery

Improved Constructions of PRFs Secure Against Related-Key Attacks Kevin Lewi Hart Montgomery

Improved Constructions of PRFs Secure Against Related-Key Attacks Kevin Lewi Hart Montgomery Ananth Raghunathan Stanford University Pseudorandom Functions (PRFs) x { 0 , 1 } R k K x k PRF PRF( k , x ) x Rand Rand(

565 views • 23 slides
Case Law Update 2017 Work related and non work related injury Lower court applied

Case Law Update 2017 Work related and non work related injury Lower court applied

10/3/2017 Flug v. Wal Mart Associates, Inc., 2017 Wis. 72 (2017) Case Law Update 2017 Work related and non work related injury Lower court applied 102.42(1m) Inconceivable decisions from the Supreme Court found the Statute did not

439 views • 6 slides
Analysis of ECC Implementations with Worst-Case Horizontal Attacks Romain Poussier,

Analysis of ECC Implementations with Worst-Case Horizontal Attacks Romain Poussier,

A Systematic Approach to the Side-Channel Analysis of ECC Implementations with Worst-Case Horizontal Attacks Romain Poussier, Franois-Xavier Standaert: Universit catholique de Louvain Yuanyuan Zhou: Universit catholique de Louvain &

410 views • 37 slides
S -adic conjecture November 2, 2010 What is it? Related results The case # S = 1 S -adic

S -adic conjecture November 2, 2010 What is it? Related results The case # S = 1 S -adic

What is it? Related results The case # S = 1 S -adic conjecture November 2, 2010 What is it? Related results The case # S = 1 S -adic sequence Let a be a letter of a finite alphabet A and S = { 0 , 1 , . . . , m 1 } be a finite set

571 views • 29 slides
NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3

NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3

CMPS122: COMPUTER SECURITY NETWORKING ATTACKS NETWORKING ATTACKS NOTICES Lab #2 extended to Feb. 17 @ 23:59 HW #3 due tonight NETWORKING ATTACKS LAST TIME TCP/IP networking stack Physical layer Data link layer Network

1.1k views • 61 slides
Attacks only get better: The case of OCB2 Tetsu Iwata Nagoya University Real World Crypto 2020,

Attacks only get better: The case of OCB2 Tetsu Iwata Nagoya University Real World Crypto 2020,

Attacks only get better: The case of OCB2 Tetsu Iwata Nagoya University Real World Crypto 2020, New York, USA January 810, 2020 1 / 28 This talk is based on Akiko Inoue, Tetsu Iwata, Kazuhiko Minematsu, and Bertram Poettering

650 views • 50 slides
Channel Attacks on the AES Key Schedule Franois DASSANCE Inside Secure Alexandre VENELLI

Channel Attacks on the AES Key Schedule Franois DASSANCE Inside Secure Alexandre VENELLI

Combined Fault and Side- Channel Attacks on the AES Key Schedule Franois DASSANCE Inside Secure Alexandre VENELLI Inside Secure FDTC 2012 09/09/2012 Outline 1. Combined attack 2. Related work on combined attacks Asymmetric

496 views • 28 slides
ON THE APPLICABILITY OF BINARY CLASSIFICATION TO DETECT MEMORY ACCESS ATTACKS IN IOT C&ESAR

ON THE APPLICABILITY OF BINARY CLASSIFICATION TO DETECT MEMORY ACCESS ATTACKS IN IOT C&ESAR

ON THE APPLICABILITY OF BINARY CLASSIFICATION TO DETECT MEMORY ACCESS ATTACKS IN IOT C&ESAR 2018- Rennes | CEA Leti | KERROUMI Sanaa | 08/11/18 SOMMAIRE IoT node Related works Problem statement Proposed methodology Results Take out and

752 views • 36 slides
Automatic Cryptanalysis of Block Ciphers with CP A case study: related key differential

Automatic Cryptanalysis of Block Ciphers with CP A case study: related key differential

Automatic Cryptanalysis of Block Ciphers with CP A case study: related key differential cryptanalysis David Gerault LIMOS, University Clermont Auvergne This presentation is inspired by 4 papers written with Pascal Lafourcade, Marine Minier,

455 views • 26 slides
Climate Diplomacy under related international processes other than the UNFCCC: the specific case

Climate Diplomacy under related international processes other than the UNFCCC: the specific case

Climate Diplomacy under related international processes other than the UNFCCC: the specific case of human rights Matthew McKinnon Project Manager, Climate Vulnerable Forum Support United Nations Development Programme

238 views • 6 slides
The Montreal case The Montreal case 1 The Montreal case The Montreal case 2 Montreal 1992

The Montreal case The Montreal case 1 The Montreal case The Montreal case 2 Montreal 1992

The Montreal case The Montreal case 1 The Montreal case The Montreal case 2 Montreal 1992 Montreal 19922012 : Waterrelated investments related investments Value ($) $ / yr $ / yr Life expectancy (yrs) 30G$ 300M$ / yr 300M$ / yr 100

900 views • 17 slides
Attacks on the global financial network SWIFT: A case analysis and Detection of Payment Fraud

Attacks on the global financial network SWIFT: A case analysis and Detection of Payment Fraud

Attacks on the global financial network SWIFT: A case analysis and Detection of Payment Fraud Global Readiness Hiscox Cyber Readiness Report 2017 57% Experienced an attack in the past year The incidence of cyber-attack is 42% have to

738 views • 15 slides

More recommend