My latest Math Review on Quantum Keys

February 5, 2013 2 Comments

Click MR2921421 to download my review of Skobelev’s article On the Computational Security of Quantum Algorithms. Hint: Eve wins if she can control the classical channel and have good stats on the pseudo-random number generator.

Filed under Cryptanalysis, Encryption, Key Generation, Mathematical Reviews, Quantum Cryptography Tagged with , , ,

Attacks on Cryptographic Systems (Part I)

March 22, 2011 8 Comments

  • Soft Attacks
    No matter how sophisticated the attack techniques become, one must not forget that when the ultimate goal is to obtain the secret message, coercion or social engineering are often the most effective attack techniques. These attacks are based on using physical or psychological threats, robbery, bribery, embezzlement, etc. The attacks are mostly directed to human links of the data security chain.
    Social Networks have become a launching pad for these kind of attacks. In a typical soft attack such as the so-called spear-phishing, e-mail addresses and information about the victims social circle is harvested from social networks and then used to send targeted e-mail with malware that cause to reveal secret information for access to secured systems.
  • Brute Force Attacks
    Assuming, as Kerchoff’s principle recommends, that the algorithm used for encryption and the general context of the message are known to the cryptanalyst, the brute-force attack involves the determination of the specific key being used to encrypt a particular text. When successful, the attacker will also be able to decipher all future messages until the keys are changed. One way to determine the key entails exhaustive search of the key-space (defined as the set of all possible valid keys for the particular crypto-system).
    Brute force is a passive, off-line attack in which the attacker Eve passively eavesdrops the communication channel and records cipher text exchanges for further analysis, without interacting with either Alice or Bob.
    To estimate the time that a successful brute-force attack will take we need to know the size of the key-space and the speed at which each key can be tested. If N_k is the number of valid keys and we can test N_s keys per second, it will take, on average \frac{1}{2}(\frac{N_k}{N_s}) seconds to find the proper key by brute-force.
    The threat that a brute-force attack poses cannot be underestimated in the real world. Most financial institutions use cipher-systems based on DES. Keys of length 56-bits, such as the one used by the
    standard implementation of DES, can be obtained by brute-force using computer hardware and software available since the late 1990’s. Indeed, to counter this possibility, most contemporary implementations of DES use a derivative known as Triple-DES (or 3-DES) which uses three different 56-bit keys instead of one. The effective key length for the combined 3-DES key is a more secure 168 bits.
    Brute force analysis have been used in combination with other attacks as was the case for the deciphering of the Enigma. The famous bombes were an example of the brute-force approach working in combination with a mathematical method that provided an important reduction of the key-space.

To be continued…..

Advertisement

Filed under Cryptanalysis, Cryptography, Hacking, Security, Technology Tagged with , , , ,

Page on authentication added

February 22, 2011 Leave a comment

I’ve added a page on authentication that sums up several posts and put them in one place.
Check it out on the right side under “Look Inside”

Filed under Authentication, Cryptography Tagged with ,

from Backdoor to Backdoor

February 20, 2011 Leave a comment

While the FBI was accused to set a backdoor to OpenBSD, the NSA clears the record on DES.
There are many stories about sneaking sophisticated chunks of code that make perfectly good encryption system to leak information. Something like this is extremely difficult to do without nobody noticing it and I think that it must be considered as a lot of unnecessary trouble for the guys that rather will nicely ask for the keys to your front door.

Filed under Cryptanalysis, Cryptography, History, in the News, InSecurity, Security, Software, Technology Tagged with , , , ,

The book gets excellent review at Amazon.com

November 19, 2010 4 Comments

A very nice surprise from the comment pages at Amazon.com, a 5 star rating for the Cryptography book authored by A. Bruen and myself.

The reviewer consider the book a Insightful Interdisciplinary Orientation on the subject, and gave this book the highest rating among similar books.

Thanks.

 

Bonus:

We are in good company too!

image

Filed under CryptoBook, Cryptography, e-commerce, in the News, Math & Computers Tagged with , , , , ,

GSM encryption really broken

February 20, 2010 Leave a comment

GSM (Global System for Mobile communications) is an open, digital cellular technology used for voice and data services.

GSM supports voice calls and data transfer as well as the transmission of SMS. It operates in the 900MHz and 1.8GHz bands in Europe and the 1.9GHz and 850MHz bands in the US.

Australia, Canada and many South American countries use the 850MHz band for GSM and 3G. There are an estimated 4 billion users in more than 218 countries and its encryption scheme is irreversible broken by now.

At the 26th Chaos Communication Congress Nohl and Paget presented their plan to work out a code book for the A5/1 cipher used by GSM. Karsten Hohl, has recently announce that the full GSM codebook had been produced and the result is a 2TB file that can be used to decrypt and hear the audio in a matter of hours. This represents a turning point, because the big expense and time spent on the creation of the tables does not need to be repeated. The tables are available to hackers that need only to sniff the GSM traffic and spend only a few hours of searching through the tables to be able to hear the conversation.

The GSM spec includes a stronger cipher, A5/3, but both, the phone and the base station have to be able to handle it, otherwise the exchange will reverse back to the weaker cipher.  Carriers are very slow to make the necessary changes and A5/3 does not seem to have a very long life anyways.

 

Related links:

 

Cracking GSM phone crypto via distributed computing

The A5/1 code table site

 

Filed under Cryptanalysis, Cryptography, Encryption, Hacking, InSecurity, networks Tagged with ,

Ontario privacy commissioner orders ‘strong encryption’ of health records

February 9, 2010 Leave a comment

My prediction is that we are going to see more and more of these privacy commissioner orders as the guys in charge get more serious about not being sued.

Filed under Cryptography, Encryption, in the News, InSecurity, Security Tagged with , ,

The ‘Enigma’ of the broken GSM phones Encryption

December 31, 2009 Leave a comment

Although it has been known for a few years, the weakness of encryption schemes for GSM phones is in the spotlight again. This time thanks to a group of hackers that made the whole business of listening in, easy and cheap.

GSM has been known to be hackable for years, but the problem is not being fixed as proactively as it should.

Could be drawn with the situation of the Enigma machines being sold around the world after WWII?

 

 

Filed under Cryptography, Encryption, ENIGMA, Hacking, in the News, InSecurity Tagged with , , , , ,

More reviews for the AMS

November 2, 2009 Leave a comment

I have a few new reviews of papers on cryptography in my updated page. For those interested in the security of NMAC and HMAC or affiliation hiding key exchanges, I recommend reading the reviews. They include links to relevant papers.

Filed under AMS, Authentication, Cryptanalysis, Cryptography, Encryption, Information Theory, Security Tagged with , , , ,

Alan Turing

September 17, 2009 Leave a comment

He deserved much better

National Post
14 Sep 2009

In the very distant future, the name of Alan Turing (1912-1954) will be among the very few for which the 20th century is remembered, long after most of the politicians, artists and celebrities have receded into confusion and oblivion. His stature is…read more…

Filed under Cryptanalysis, Cryptography, Encryption, ENIGMA, in the News, Infomation Theory Tagged with , , , ,

Older posts