Results 1  10
of
42
Unsafe at any key size; An analysis of the WEP encapsulation
, 2000
"... The IEEE 802.11 standard [1] defines the Wired Equivalent Privacy, or WEP, encapsulation of 802.11 data frames. The goal of WEP is to provide data privacy to the level of a wired network. The 802.11 design community generally concedes that the WEP encapsulation fails to meet its design goal, but wid ..."
Abstract

Cited by 65 (1 self)
 Add to MetaCart
The IEEE 802.11 standard [1] defines the Wired Equivalent Privacy, or WEP, encapsulation of 802.11 data frames. The goal of WEP is to provide data privacy to the level of a wired network. The 802.11 design community generally concedes that the WEP encapsulation fails to meet its design goal, but widely attributes this failure to WEP's use of 40bit RC4 (see [2] or [3] for a description of RC4) as its encryption mechanism. Even at this late date, it is still repeatedly suggested, asserted, and assumed that WEP could meet its design goal by migrating from 40bit to 104 or 128bit RC4 keys instead. This report seeks dispel this notion once and for all: it is infeasible to achieve privacy with the WEP encapsulation by simply increasing key size. The submission reports easily implemented, practical attacks against WEP that succeed regardless of the key size or the cipher. In particular, as currently defined, WEP's usage of encryption is a fundamentally unsound construction; the WEP encapsulation remains insecure whether its key length is 1 bit or 1000 or any other size whatsoever, and the same remains true when any other stream cipher replaces RC4. The weakness stems from WEP's usage of its initialization vector. This vulnerability prevents the WEP encapsulation from providing a meaningful notion of privacy at any key size. The deficiency of the WEP encapsulation design arises from attempts to adapt RC4 to an environment for which it is poorly suited. This submission accordingly argues to replace RC4 by different cryptographic primitives in new work going forward. It identifies the characteristics needed by any encryption algorithm that can effectively provide data privacy in a wireless environment, and recommends candidate replacement algorithms and a replacement encapsula...
Twofish: A 128Bit Block Cipher
 in First Advanced Encryption Standard (AES) Conference
, 1998
"... Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bit ..."
Abstract

Cited by 54 (8 self)
 Add to MetaCart
Twofish is a 128bit block cipher that accepts a variablelength key up to 256 bits. The cipher is a 16round Feistel network with a bijective F function made up of four keydependent 8by8bit Sboxes, a fixed 4by4 maximum distance separable matrix over GF(2 8 ), a pseudoHadamard transform, bitwise rotations, and a carefully designed key schedule. A fully optimized implementation of Twofish encrypts on a Pentium Pro at 17.8 clock cycles per byte, and an 8bit smart card implementation encrypts at 1660 clock cycles per byte. Twofish can be implemented in hardware in 14000 gates. The design of both the round function and the key schedule permits a wide variety of tradeoffs between speed, software size, key setup time, gate count, and memory. We have extensively cryptanalyzed Twofish; our best attack breaks 5 rounds with 2 22.5 chosen plaintexts and 2 51 effort.
Fast Hashing on the Pentium
 Advances in Cryptology, Proceedings Crypto'96, LNCS 1109
, 1996
"... With the advent of the Pentium processor parallelization finally became available to Intel based computer systems. One of the design principles of the MD4family of hash functions (MD4, MD5, SHA1, RIPEMD160) is to be fast on the 32bit Intel processors. This paper shows that carefully coded im ..."
Abstract

Cited by 37 (4 self)
 Add to MetaCart
With the advent of the Pentium processor parallelization finally became available to Intel based computer systems. One of the design principles of the MD4family of hash functions (MD4, MD5, SHA1, RIPEMD160) is to be fast on the 32bit Intel processors. This paper shows that carefully coded implementations of these hash functions are able to exploit the Pentium's superscalar architecture to its maximum e#ect: the performance with respect to execution on a nonparallel architecture increases by about 60%. This is an important result in view of the recent claims on the limited data bandwidth of these hash functions.
Analyzing and Modeling Encryption Overhead For Sensor Network Nodes
 IN PROC. 2ND ACM INTERNATIONAL CONFERENCE ON WIRELESS SENSOR NETWORKS AND APPLICATIONS, 2003
, 2003
"... Recent research in sensor networks has raised security issues for small embedded devices. Security concerns are motivated by the deployment of a large number of sensory devices in the field. Limitations in processing power, battery life, communication bandwidth and memory constrain the applicability ..."
Abstract

Cited by 31 (0 self)
 Add to MetaCart
Recent research in sensor networks has raised security issues for small embedded devices. Security concerns are motivated by the deployment of a large number of sensory devices in the field. Limitations in processing power, battery life, communication bandwidth and memory constrain the applicability of existing cryptography standards for small embedded devices. A mismatch between wide arithmetic for security (32 bit word operations) and embedded data bus widths (often only 8 or 16 bits) combined with lack of certain operations (e.g., multiply) in the ISA present other challenges. This paper
FloatingPoint Arithmetic And Message Authentication
, 2000
"... There is a wellknown class of message authentication systems guaranteeing that attackers will have a negligible chance of successfully forging a message. This paper shows how one of these systems can hash messages at extremely high speed  much more quickly than previous systems at the same securi ..."
Abstract

Cited by 28 (8 self)
 Add to MetaCart
There is a wellknown class of message authentication systems guaranteeing that attackers will have a negligible chance of successfully forging a message. This paper shows how one of these systems can hash messages at extremely high speed  much more quickly than previous systems at the same security level  using IEEE floatingpoint arithmetic. This paper also presents a survey of the literature in a unified mathematical framework.
Fast Software Encryption: Designing Encryption Algorithms for Optimal Software Speed on the Intel Pentium Processor
 THE INTEL PENTIUM PROCESSOR, " FAST SOFTWARE ENCRYPTION, 4TH INTERNATIONAL WORKSHOP PROCEEDINGS
, 1997
"... Most encryption algorithms are designed without regard to their performance on topoftheline microprocessors. This paper discusses general optimization principles algorithms designers should keep in mind when designing algorithms, and analyzes the performance of RC4, SEAL, RC5, Blowfish, and ..."
Abstract

Cited by 22 (4 self)
 Add to MetaCart
Most encryption algorithms are designed without regard to their performance on topoftheline microprocessors. This paper discusses general optimization principles algorithms designers should keep in mind when designing algorithms, and analyzes the performance of RC4, SEAL, RC5, Blowfish, and Khufu/Khafre on the Intel Pentium with respect to those principles. Finally, we suggest directions for algorithm design, and give example algorithms, that take performance into account.
Mercy: A fast large block cipher for disk sector encryption
 Proc. Fast Software Encryption 2000, LNCS 1978
, 2000
"... Abstract. We discuss the special requirements imposed on the underlying cipher of systems which encrypt each sector of a disk partition independently, and demonstrate a certificational weakness in some existing block ciphers including Bellare and Rogaway’s 1999 proposal, proposing a new quantitative ..."
Abstract

Cited by 21 (0 self)
 Add to MetaCart
Abstract. We discuss the special requirements imposed on the underlying cipher of systems which encrypt each sector of a disk partition independently, and demonstrate a certificational weakness in some existing block ciphers including Bellare and Rogaway’s 1999 proposal, proposing a new quantitative measure of avalanche. To address these needs, we present Mercy, a new block cipher accepting large (4096bit) blocks, which uses a keydependent state machine to build a bijective F function for a Feistel cipher. Mercy achieves 9 cycles/byte on a Pentium compatible processor.
Fast Hashing and Stream Encryption with PANAMA
 PANAMA,” Fast Software Encryption, LNCS 1372
, 1998
"... We present a cryptographic module that can be used both as a cryptographic hash function and as a stream cipher. High performance is achieved through a combination of low workfactor and a high degree of parallelism. Throughputs of 5.1 bits/cycle for the hashing mode and 4.7 bits/cycle for the strea ..."
Abstract

Cited by 18 (3 self)
 Add to MetaCart
We present a cryptographic module that can be used both as a cryptographic hash function and as a stream cipher. High performance is achieved through a combination of low workfactor and a high degree of parallelism. Throughputs of 5.1 bits/cycle for the hashing mode and 4.7 bits/cycle for the stream cipher mode are demonstrated on a commercially available VLIW microprocessor.
The Performance Measurement of Cryptographic Primitives on Palm Devices
 In Proceedings of the 17th Annual Computer Security Applications Conference (ACSAC
, 2001
"... We developed and evaluated several cryptographic system libraries for Palm OS £ which include stream and block ciphers, hash functions and multipleprecision integer arithmetic operations. We noted that the encryption speed of SSC2 outperforms both ARC4 (Alleged RC4) and SEAL 3.0 if the plaintext is ..."
Abstract

Cited by 14 (0 self)
 Add to MetaCart
We developed and evaluated several cryptographic system libraries for Palm OS £ which include stream and block ciphers, hash functions and multipleprecision integer arithmetic operations. We noted that the encryption speed of SSC2 outperforms both ARC4 (Alleged RC4) and SEAL 3.0 if the plaintext is small. On the other hand, SEAL 3.0 almost doubles the speed of SSC2 when the plaintext is considerably large. We also observed that the optimized Rijndael with 8KB of lookup tables is ¤ times faster than DES. In addition, our results show that implementing the cryptographic algorithms as system libraries does not degrade their performance significantly. Instead, they provide great flexibility and code management to the algorithms. Furthermore, the test results presented in this paper provide a basis for performance estimation of cryptosystems implemented on PalmPilot TM. 1.
BEAST: A fast block cipher for arbitrary blocksizes
, 1996
"... This paper describes BEAST, a new blockcipher for arbitrary size blocks. It is a LubyRackoff cipher and fast when the blocks are large. BEAST is assembled from cryptographic hash functions and stream ciphers. It is provably secure if these building blocks are secure. For smartcard applications, a v ..."
Abstract

Cited by 11 (1 self)
 Add to MetaCart
This paper describes BEAST, a new blockcipher for arbitrary size blocks. It is a LubyRackoff cipher and fast when the blocks are large. BEAST is assembled from cryptographic hash functions and stream ciphers. It is provably secure if these building blocks are secure. For smartcard applications, a variant BEASTRK is proposed, where the bulk operations can be done by the smartcard's host without knowing the key. Only fast keydependent operations remain to be done by the smartcard. 1 INTRODUCTION Based on random functions, Luby and Rackoff (1988) described provably secure block ciphers. This theoretical breakthrough is of practical interest, since it enables us to assemble a secure cipher from secure components. Components are known, which we can reasonably expect to be secure. In this paper, the hash function SHA1 (see Schneier, 1995) and the stream cipher SEAL (Rogaway and Coppersmith, 1993) are considered as components, though other choices would do, as well (Lucks, 1996). SHA1 ...