Results 1  10
of
107
A Cryptographic File System for Unix
, 1993
"... Although cryptographic techniques areplaying an increasingly important role in modern computing system security,userlevel tools for encrypting file data arecumbersome and suffer from a number of inherent vulnerabilities. The Cryptographic File System (CFS) pushes encryption services into the file sy ..."
Abstract

Cited by 224 (4 self)
 Add to MetaCart
Although cryptographic techniques areplaying an increasingly important role in modern computing system security,userlevel tools for encrypting file data arecumbersome and suffer from a number of inherent vulnerabilities. The Cryptographic File System (CFS) pushes encryption services into the file system itself. CFS supports securestorage at the system level through a standardUnix file system interface to encrypted files. Users associate a cryptographic key with the directories they wish to protect. Files in these directories (as well as their pathname components) aretransparently encrypted and decrypted with the specified key without further user intervention; cleartext is never stored on a disk or sent to a remote file server.CFS can use any available file system for its underlying storage without modification, including remote file servers such as NFS. System management functions, such as file backup, work in a normal manner and without knowledge of the key. This paper describes the ...
Markov Ciphers and Differential Cryptanalysis
 Advances in Cryptology  CRYPTO '91
, 1991
"... This paper considers the security of iterated block ciphers against the differential cryptanalysis introduced by Biham and Shamir. Differential cryptanalysis is a chosenplaintext attack on secretkey block ciphers that are based on iterating a cryptographically weak function r times (e.g., the 16r ..."
Abstract

Cited by 114 (3 self)
 Add to MetaCart
This paper considers the security of iterated block ciphers against the differential cryptanalysis introduced by Biham and Shamir. Differential cryptanalysis is a chosenplaintext attack on secretkey block ciphers that are based on iterating a cryptographically weak function r times (e.g., the 16round Data Encryption Standard (DES)). It is shown that the success of suchattacks on an rround cipher depends on the existence of (r1)round differentials that have high probabilities, where an iround differential is de#ned as a couple ##; # # such that a pair of distinct plaintexts with difference # can result in a pair of ith round outputs that have di#erence #, for an appropriate notion of "difference". The probabilities of such differentials can be used to determine a lower bound on the complexity of a differential cryptanalysis attack and to show when an rround cipher is not vulnerable to suchattacks. The concept of "Markov ciphers" is introduced for iterated ciphers because of its significance in differential cryptanalysis. If an iterated cipher is Markov and its round subkeys are independent, then the sequence of differences at each round output forms a Markov chain. It follows from a result of Biham and Shamir that DES is a Markov cipher. It is shown that, for the appropriate notion of "difference", the Proposed Encryption Standard (PES) of Lai and Massey, which is an 8round iterated cipher, is a Markov cipher, as are also the miniversion of PES with block length 8, 16 and 32 bits. It is shown that PES(8) and PES(16) are immune to differential cryptanalysis after sufficiently many rounds. A detailed cryptanalysis of the fullsize PES is given and shows that the very plausibly most probable 7round di#erential has a probability about 2
Side Channel Cryptanalysis of Product Ciphers
 JOURNAL OF COMPUTER SECURITY
, 1998
"... Building on the work of Kocher [Koc96], Jaffe, and Yun [KJY98], we discuss the notion of sidechannel cryptanalysis: cryptanalysis using implementation data. We discuss the notion of sidechannel attacks and the vulnerabilities they introduce, demonstrate sidechannel attacks against three produ ..."
Abstract

Cited by 80 (7 self)
 Add to MetaCart
Building on the work of Kocher [Koc96], Jaffe, and Yun [KJY98], we discuss the notion of sidechannel cryptanalysis: cryptanalysis using implementation data. We discuss the notion of sidechannel attacks and the vulnerabilities they introduce, demonstrate sidechannel attacks against three product ciphers  timing attack against IDEA, processorflag attack against RC5, and Hamming weight attack against DES  and then generalize our research to other cryptosystems.
The Architecture and Implementation of NetworkLayer Security Under Unix
 In UNIX Security Symposium IV Proceedings, Pages 2939
, 1993
"... swIPe is a networklayer security protocol for the IP protocol suite. This paper presents the architecture, design philosophy, and performance of an implementation of swIPe under several variants of Unix. swIPe provides authentication, integrity, and confidentiality of IP datagrams, and is completel ..."
Abstract

Cited by 66 (5 self)
 Add to MetaCart
swIPe is a networklayer security protocol for the IP protocol suite. This paper presents the architecture, design philosophy, and performance of an implementation of swIPe under several variants of Unix. swIPe provides authentication, integrity, and confidentiality of IP datagrams, and is completely compatible with the existing IP infrastructure. To maintain this compatibility, swIPe is implemented using an encapsulation protocol. Mechanism (the details of the protocol) is decoupled from policy (what and when to protect) and key management. swIPe under Unix is implemented using a virtual network interface. The parts of the implementation that process incoming and outgoing packets are entirely in the kernel; parameter setting and exception handling, however, are managed by userlevel processes. The performance of swIPe on modern workstations is primarily limited only by the speed of the underlying authentication and encryption algorithms; the mechanism overhead is negligible in our prototype. 1.
Twofish: A 128Bit Block Cipher
 in First Advanced Encryption Standard (AES) Conference
, 1998
"... Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bit ..."
Abstract

Cited by 56 (8 self)
 Add to MetaCart
Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bitwise rotations, and a carefully designed key schedule. A fully optimized implementation of Twofish encrypts on a Pentium Pro at 17.8 clock cycles per byte, and an 8bit smart card implementation encrypts at 1660 clock cycles per byte. Twofish can be implemented in hardware in 14000 gates. The design of both the round function and the key schedule permits a wide variety of tradeoffs between speed, software size, key setup time, gate count, and memory. We have extensively cryptanalyzed Twofish; our best attack breaks 5 rounds with 2 22.5 chosen plaintexts and 2 51 effort.
Hash Functions Based on Block Ciphers
 Proc. of EUROCRYPT 92
, 1993
"... . Iterated hash functions based on block ciphers are treated. Five attacks on an iterated hash function and on its round function are formulated. The wisdom of strengthening such hash functions by constraining the last block of the message to be hashed is stressed. Schemes for constructing mbit ..."
Abstract

Cited by 54 (7 self)
 Add to MetaCart
. Iterated hash functions based on block ciphers are treated. Five attacks on an iterated hash function and on its round function are formulated. The wisdom of strengthening such hash functions by constraining the last block of the message to be hashed is stressed. Schemes for constructing mbit and 2mbit hash round functions from mbit block ciphers are studied. A principle is formalized for evaluating the strength of hash round functions, viz., that applying computationally simple #in both directions# invertible transformations to the input and output of a hash round function yields a new hash round function with the same security. By applying this principle, four attacks on three previously proposed 2mbit hash round functions are formulated. Finally, three new hash round functions based on an mbit block cipher with a 2mbit key are proposed. 1 Introduction This paper is intended to provide a rather rounded treatment of hash functions that are obtained by iterati...
Rolebased access control on the web
 ACM Transactions on Information and System Security
, 2001
"... Current approaches to access control on Web servers do not scale to enterprisewide systems because they are mostly based on individual user identities. Hence we were motivated by the need to manage and enforce the strong and efficient RBAC access control technology in largescale Web environments. ..."
Abstract

Cited by 46 (2 self)
 Add to MetaCart
Current approaches to access control on Web servers do not scale to enterprisewide systems because they are mostly based on individual user identities. Hence we were motivated by the need to manage and enforce the strong and efficient RBAC access control technology in largescale Web environments. To satisfy this requirement, we identify two different architectures for RBAC on the Web, called userpull and serverpull. To demonstrate feasibility, we implement each architecture by integrating and extending wellknown technologies such as cookies, X.509, SSL, and LDAP, providing compatibility with current Web technologies. We describe the technologies we use to implement RBAC on the Web in different architectures. Based on our experience, we also compare the tradeoffs of the different approaches.
Efficient Arithmetic in Finite Field Extensions with Application in Elliptic Curve Cryptography
 Journal of Cryptology
, 2000
"... . This contribution focuses on a class of Galois field used to achieve fast finite field arithmetic which we call an Optimal Extension Field (OEF), first introduced in [3]. We extend this work by presenting an adaptation of Itoh and Tsujii's algorithm for finite field inversion applied to OEFs. I ..."
Abstract

Cited by 46 (7 self)
 Add to MetaCart
. This contribution focuses on a class of Galois field used to achieve fast finite field arithmetic which we call an Optimal Extension Field (OEF), first introduced in [3]. We extend this work by presenting an adaptation of Itoh and Tsujii's algorithm for finite field inversion applied to OEFs. In particular, we use the facts that the action of the Frobenius map in GF (p m ) can be computed with only m 1 subfield multiplications and that inverses in GF (p) may be computed cheaply using known techniques. As a result, we show that one extension field inversion can be computed with a logarithmic number of extension field multiplications. In addition, we provide new extension field multiplication formulas which give a performance increase. Further, we provide an OEF construction algorithm together with tables of Type I and Type II OEFs along with statistics on the number of pseudoMersenne primes and OEFs. We apply this new work to provide implementation results using these me...
Cryptographic Hash Functions: A Survey
, 1995
"... This paper gives a survey on cryptographic hash functions. It gives an overview of all types of hash functions and reviews design principals and possible methods of attacks. It also focuses on keyed hash functions and provides the applications, requirements, and constructions of keyed hash functions ..."
Abstract

Cited by 35 (7 self)
 Add to MetaCart
This paper gives a survey on cryptographic hash functions. It gives an overview of all types of hash functions and reviews design principals and possible methods of attacks. It also focuses on keyed hash functions and provides the applications, requirements, and constructions of keyed hash functions.
Chaos and Cryptography: Block Encryption Ciphers Based on Chaotic Maps
 IEEE Transactions on Circuits and SystemsI: Fundamental Theory and Applications
, 2001
"... Abstract—This paper is devoted to the analysis of the impact of chaosbased techniques on block encryption ciphers. We present several chaos based ciphers. Using the wellknown principles in the cryptanalysis we show that these ciphers do not behave worse than the standard ones, opening in this way ..."
Abstract

Cited by 35 (0 self)
 Add to MetaCart
Abstract—This paper is devoted to the analysis of the impact of chaosbased techniques on block encryption ciphers. We present several chaos based ciphers. Using the wellknown principles in the cryptanalysis we show that these ciphers do not behave worse than the standard ones, opening in this way a novel approach to the design of block encryption ciphers. Index Terms—Block encryption ciphers, chaos, cryptography, Sboxes. I.