Entries Tagged "cryptanalysis"

Page 14 of 22

Improving the Security of Four-Digit PINs on Cell Phones

The author of this article notices that it’s often easy to guess a cell phone PIN because of smudge marks on the screen. Those smudge marks indicate the four PIN digits, so an attacker knows that the PIN is one of 24 possible permutations of those digits.

Then he points out that if your PIN has only three different digits—1231, for example—the PIN can be one of 36 different possibilities.

So it’s more security, although not much more secure.

Posted on January 6, 2012 at 6:30 AMView Comments

Man-in-the-Middle Attack Against SSL 3.0/TLS 1.0

It’s the Browser Exploit Against SSL/TLS Tool, or BEAST:

The tool is based on a blockwise-adaptive chosen-plaintext attack, a man-in-the-middle approach that injects segments of plain text sent by the target’s browser into the encrypted request stream to determine the shared key. The code can be injected into the user’s browser through JavaScript associated with a malicious advertisement distributed through a Web ad service or an IFRAME in a linkjacked site, ad, or other scripted elements on a webpage.

Using the known text blocks, BEAST can then use information collected to decrypt the target’s AES-encrypted requests, including encrypted cookies, and then hijack the no-longer secure connection. That decryption happens slowly, however; BEAST currently needs sessions of at least a half-hour to break cookies using keys over 1,000 characters long.

The attack, according to Duong, is capable of intercepting sessions with PayPal and other services that still use TLS 1.0­which would be most secure sites, since follow-on versions of TLS aren’t yet supported in most browsers or Web server implementations.

While Rizzo and Duong believe BEAST is the first attack against SSL 3.0 that decrypts HTTPS requests, the vulnerability that BEAST exploits is well-known; BT chief security technology officer Bruce Schneier and UC Berkeley’s David Wagner pointed out in a 1999 analysis of SSL 3.0 that “SSL will provide a lot of known plain-text to the eavesdropper, but there seems to be no better alternative.” And TLS’s vulnerability to man-in-the middle attacks was made public in 2009. The IETF’s TLS Working Group published a fix for the problem, but the fix is unsupported by SSL.

Another article.

EDITED TO ADD: Good analysis.

Posted on September 23, 2011 at 1:37 PMView Comments

Smartphone Keystroke Logging Using the Motion Sensor

Clever:

“When the user types on the soft keyboard on her smartphone (especially when she holds her phone by hand rather than placing it on a fixed surface), the phone vibrates. We discover that keystroke vibration on touch screens are highly correlated to the keys being typed.”

Applications like TouchLogger could be significant because they bypass protections built into both Android and Apple’s competing iOS that prevent a program from reading keystrokes unless it’s active and receives focus from the screen. It was designed to work on an HTC Evo 4G smartphone. It had an accuracy rate of more than 70 percent of the input typed into the number-only soft keyboard of the device. The app worked by using the phone’s accelerometer to gauge the motion of the device each time a soft key was pressed.

Paper here. More articles.

Posted on August 23, 2011 at 2:09 PMView Comments

New Attack on AES

Biclique Cryptanalysis of the Full AES,” by Andrey Bogdanov, Dmitry Khovratovich, and Christian Rechberger.

Abstract. Since Rijndael was chosen as the Advanced Encryption Standard, improving upon 7-round attacks on the 128-bit key variant or upon 8-round attacks on the 192/256-bit key variants has been one of the most difficult challenges in the cryptanalysis of block ciphers for more than a decade. In this paper we present a novel technique of block cipher cryptanalysis with bicliques, which leads to the following results:

  • The first key recovery attack on the full AES-128 with computational complexity 2126.1.
  • The first key recovery attack on the full AES-192 with computational complexity 2189.7.
  • The first key recovery attack on the full AES-256 with computational complexity 2254.4.
  • Attacks with lower complexity on the reduced-round versions of AES not considered before, including an attack on 8-round AES-128 with complexity 2124.9.
  • Preimage attacks on compression functions based on the full AES versions.

In contrast to most shortcut attacks on AES variants, we do not need to assume related-keys. Most of our attacks only need a very small part of the codebook and have small memory requirements, and are practically verified to a large extent. As our attacks are of high computational complexity, they do not threaten the practical use of AES in any way.

This is what I wrote about AES in 2009. I still agree with my advice:

Cryptography is all about safety margins. If you can break n round of a cipher, you design it with 2n or 3n rounds. What we’re learning is that the safety margin of AES is much less than previously believed. And while there is no reason to scrap AES in favor of another algorithm, NST should increase the number of rounds of all three AES variants. At this point, I suggest AES-128 at 16 rounds, AES-192 at 20 rounds, and AES-256 at 28 rounds. Or maybe even more; we don’t want to be revising the standard again and again.

And for new applications I suggest that people don’t use AES-256. AES-128 provides more than enough security margin for the forseeable future. But if you’re already using AES-256, there’s no reason to change.

The advice about AES-256 was because of a 2009 attack, not this result.

Again, I repeat the saying I’ve heard came from inside the NSA: “Attacks always get better; they never get worse.”

Posted on August 18, 2011 at 6:12 AMView Comments

Zodiac Cipher Cracked

I admit I don’t pay much attention to pencil-and-paper ciphers, so I knew nothing about the Zodiac cipher. Seems it has finally been broken:

The Zodiac Killer was a serial killer who preyed on couples in Northern California in the years between 1968 and 1970. Of his seven confirmed victims, five died. More victims and attacks are suspected.

The killer sent four messages to newspapers in California’s Bay Area, only one of which has ever been decrypted. This first message ­ split into three parts ­ claimed Zodiac wanted to kill victims so that they would become his slaves in the afterlife.

The 408-symbol cryptogram was cracked by Donald and Bettye Harden of Salinas, California.

Code and solution—with photos—here.

EDITED TO ADD (8/5): Solution seems to be a hoax.

Posted on August 5, 2011 at 12:25 PMView Comments

Breaking the Xilinx Virtex-II FPGA Bitstream Encryption

It’s a power-analysis attack, which makes it much harder to defend against. And since the attack model is an engineer trying to reverse-engineer the chip, it’s a valid attack.

Abstract: Over the last two decades FPGAs have become central components for many advanced digital systems, e.g., video signal processing, network routers, data acquisition and military systems. In order to protect the intellectual property and to prevent fraud, e.g., by cloning an FPGA or manipulating its content, many current FPGAs employ a bitstream encryption feature. We develop a successful attack on the bitstream encryption engine integrated in the widespread Virtex-II Pro FPGAs from Xilinx, using side-channel analysis. After measuring the power consumption of a single power-up of the device and a modest amount of o-line computation, we are able to recover all three different keys used by its triple DES module. Our method allows extracting secret keys from any real-world device where the bitstream encryption feature of Virtex-II Pro is enabled. As a consequence, the target product can be cloned and manipulated at will of the attacker. Also, more advanced attacks such as reverse engineering or the introduction of hardware Trojans become potential threats. As part of the side-channel attack, we were able to deduce certain internals of the hardware encryption engine. To our knowledge, this is the first attack against the bitstream encryption of a commercial FPGA reported in the open literature.

Posted on August 1, 2011 at 12:29 PMView Comments

World War II Tunny Cryptanalysis Machine Rebuilt at Bletchley Park

Neat:

The rebuild team had only a few photographs, partial circuit diagrams and the fading memories of a few original Tunny operators to go on. Nonetheless a team led by John Pether and John Whetter was able to complete this restoration work.

Pether explained that getting the electronics to work proved to be the most difficult part of the restoration process.

“We’ve succeeded in rebuilding Tunny with scraps of evidence, and although we are very proud of our work it is rather different from the truly astonishing achievement of Bill Tutte’s re-engineering of the Lorenz machine,” he said. “Sourcing 200 suitable relays and dealing with the complex wiring schedules was difficult, but we really got in tune with the original team when we had to set up the electronic timing circuits. They were a continuous source of problems then as they are even now for the rebuild team—except the original team didn’t even have the benefit of digital storage oscilloscopes.”

The rebuild took place in four stages: the construction of a one-wheel Tunny to ensure that timing circuits and relays worked correctly, followed by progressively more complex five-, seven- and 12-wheel Tunny. At each stage, the rebuilds were tested. Key components for the Tunny rebuild were salvaged from decommissioned analogue telephone exchanges, donated by BT. The same components were used to complete the earlier Colussus rebuild project.

Now they have a working Tunny to complement their working Colossus and working Bombe.

Posted on June 3, 2011 at 1:49 PMView Comments

1 12 13 14 15 16 22

Sidebar photo of Bruce Schneier by Joe MacInnis.