基于BBS产生器和椭圆曲线的改进RC4算法

针对RC4算法密钥流序列随机性不高,易受故障引入攻击、区分攻击和“受戒礼攻击”的问题,提出了一种基于BBS产生器和椭圆曲线的RC4改进算法。该算法利用随机比特产生器和随机大素数生成种子密钥Key,利用椭圆曲线产生秘密整数,在每次输出后对S盒中元素重新赋值,生成随机性很高的密钥流序列。改进RC4算法可以通过NIST随机性测试,其中频率检验、游程检验和Maurer检验等比RC4算法分别高出0.129 18,0.107 39,0.197 64,能够有效防止不变性弱密钥的产生,抵抗“受戒礼”攻击;密钥流序列分布均匀,不存在偏差,能够有效抵御区分攻击;基于椭圆曲线产生的秘密整数猜测困难,S盒内部状态不能获知,能够抵抗“故障引入”攻击。理论和实验证明改进RC4算法的随机性和安全性高于RC4算法。     

基于椭圆曲线的改进RC4算法

针对流密码（RC4）算法存在不变性弱密钥、密钥流序列随机性不高和算法初始状态可以被破解等问题，提出一种基于椭圆曲线的RC4改进算法。该算法利用椭圆曲线、哈希函数和伪随机数产生器生成初始密钥，在S盒和指针的作用下进行非线性变换最终生成具有高随机性的密钥流序列。美国国家标准与技术研究院（NIST）随机性测试结果表明，改进算法的频率检验、游程检验和Maurer指标比原RC4算法分别高出0.13893，0.13081和0.232050，能有效防止不变性弱密钥的产生，抵抗"受戒礼"攻击；初始密钥是一个分布均匀的随机数，不存在偏差，能够有效抵御区分攻击；椭圆曲线、哈希函数具有单向不可逆性，伪随机数产生器具有高密码强度，初始密钥猜测赋值困难，不易破解，能够抵抗状态猜测攻击。理论和实验结果表明改进RC4算法的随机性和安全性高于原RC4算法。     

一种抗截获攻击的RC算法

现有关于注册码(RC)软件保护方式的改进中缺乏对增强其抗截获欺骗能力的研究。针对两种常见的截获欺骗攻击模型,提出一种抗截获欺骗攻击的RC软件保护算法Anti-ISA RCSP,在不改变RC算法和验证算法的前提下,通过使用密钥协商和加密技术,提高现有RC软件保护的有效性。分析表明,在增加信息交互和时空需求代价下该算法可以解决现有RC保护手段的难题,其安全强度与密钥协商过程和加密算法的安全性相当。     

对不同种子密钥长度的RC4算法的明文恢复攻击

针对不同种子密钥长度的RC4算法的明文恢复问题,提出了对经过不同种子密钥长度（8字节、16字节、22字节）的RC4算法加密的明文的明文恢复攻击。首先利用统计算法在2³²个不同种子密钥的条件下统计了RC4算法每个密钥流输出字节的t值分布,发现了RC4算法密钥流输出序列存在偏差;然后,利用单字节偏差规律和双字节偏差规律给出了对经RC4算法加密的明文的前256字节的攻击算法。实验结果表明,在密文量为2³¹的条件下,除了第4字节外,攻击算法能够以100%的成功率恢复明文的前196字节。对于种子密钥长度为8字节的RC4算法,前256字节的恢复成功率都超过了91%;相应的,种子密钥长度为16字节的RC4算法,前256字节的恢复成功率都超过87%;种子密钥长度为22字节的RC4算法,前256字节的恢复成功率都超过了81%。所提攻击算法拓展了原有攻击密钥长度为16字节的RC4算法的范围,且在实际应用中能够更好地恢复经RC4算法加密的明文。     

对流密码RC4的区分攻击

在流密码体制下,RC4算法经过密钥初始化部分后所得的内部状态不是均匀分布的。为此,证明了算法密钥流第1个输出字分布的不均匀性,其等于186的概率为0.003 892 5。利用该输出字分布的不均匀性,给出改进的RC4区分攻击,攻击所需的数据为224 Byte,区分优势为0.84。通过实验验证了该区分攻击的有效性。     

针对RC4算法的无线局域网攻击

无线局域网的802.11标准采用WEP(有线等价保密协议),用来保护链路层的通信不被窃听和其他攻击。该文首先分析了WEP协议中使用的RC4加密算法,然后给出该算法里在密钥时序安排里的两种安全漏洞,这些安全漏洞导致了针对无线局域网的可行的攻击手段存在。最后根据RC4加密算法存在的相关密钥漏洞对无线局域网进行攻击并成功获取密钥,并给出一些改进攻击手段的设想。     

RC4密码的改进方法及其性能分析

针对RC4密码技术在工程应用中存在的弱密钥和相关密钥攻击、不变性弱点、数据流偏向性弱点等安全问题,提出一种将ECC技术与RC4技术相结合的方法。对改进后的RC4的数据处理效率、密钥管理、安全性能进行研究和分析。改进后的RC4技术在保证与RC4数据处理效率相近的同时,对当前针对RC4流密码的密码分析方法具有一定的抗攻击性。该技术较好地解决了密钥的共享和更新问题,具有重要的工程应用意义。     

流密码Grain-128密钥恢复攻击及改进

流密码Grain-128是Grain v1算法的密钥增长版本。为探讨流密码Grain-128的安全性,指出Grain-128密钥流生成器的3个布尔函数的设计缺陷,在此基础上给出流密码Grain-128一种基于密钥流生成器中间内部状态的密钥恢复攻击。该攻击的计算复杂度和空间复杂度都为O(256)。为了抵抗该攻击,对Grain-128密钥流生成器的设计进行了改进。安全性分析表明,改进后的流密码Grain-128能够抵抗所提出的密钥恢复攻击。     

基于激活标志位的改进RFID密钥无线生成算法

针对现有三种常见无线射频识别密钥无线生成场景下,设计的相应密钥生成算法中存在的算法理论证明缺失、重放攻击、密钥伪造攻击以及RFID标签身份ID泄露的安全性问题,设计了更安全的基于激活标志位的改进RFID系统密钥无线生成算法。改进算法仅基于多种超轻量级位运算来组合构建安全的算法框架、降低成本和提高效率;利用激活标志位AckBit机制以及新鲜性机制抵抗重放、密钥伪造攻击;通过完整GNY逻辑证明过程与安全性对比进行分析,证明了目标算法的安全可行性。最后,给出原算法与改进算法之间的标签成本代价对比,表明改进的算法在满足低成本的条件下具有更高的安全性。     

IPSec中密钥交换协议IKE的安全性分析与改进

介绍了IKE协议,研究了IKE协议的安全性问题。对中间人攻击进行了分析并提出了一种改进cookie生成算法;针对拒绝服务攻击分析了系统安全性缺陷,并针对此类缺陷作出了算法改进;在前两种改进方案的基础上设计了一种新的口令认证密钥交换协议,经验证,新的口令认证密钥交换协议更安全有效。     

Finding an internal state of RC4 stream cipher

The RC4 is a stream cipher widely deployed in software applications due to its simplicity and efficiency. The paper presents a cryptanalytic attack that employs the tree representation of this cipher and introduces an abstraction in the form of general conditions for managing the information about its internal state. In order to find the initial state, the tree of general conditions is searched applying the hill-climbing strategy. The complexity of this attack is lower than that of an exhaustive search. The attack is derived from a general cryptanalytic approach for a class of table-shuffling ciphers, whose next-state function permutes the table entries. Incorporating the general conditions in the existing backtracking algorithm, the estimated complexity of the cryptanalytic attack is decreased below the best published result but the RC4 still remains a quite secure cipher in practice.     

基于Camellia算法的快速流密码算法设计与特性研究

Camellia算法作为欧洲分组密码加密标准,与AES算法具有一致的安全性与适用性。以Camellia算法为核心部件,从部分轮函数F中提取4个字节的中间状态作为密钥流输出,设计了一种新的快速流密码算法,并分析了它的相关特性。分析结果表明,该算法的密钥流生成速度和密钥流随机性与同类型的LEX算法大致相当,但由于每个Camellia模块的输入与密钥均发生了改变,因此该算法可以有效地抵抗LEX算法所不能抵抗的滑动攻击。     

The study of selective encryption of motion vector based on the S-Box for the security improvement in the process of video

The Selective Encryption method encrypts the important and requisite parts of data. Since the method does not encrypt the whole of data, the amount of computation is small,which makes it faster and the resources can be used efficiently. The existing selective algorithms have vulnerabilities to the plain text attack and the image restoration attack using the motion vector. They are also vulnerable to the attack in storing and transmitting of the random table data using in encrypt and scramble. In this paper, we propose the selective encryption algorithm of motion vector based on S-Box to remove the vulnerabilities of the existing selective algorithms. The motion vectors generated by the end of motion estimation function of video encoding/decoding xored with S-Box table, are replaced to certain location by using mapping table. The S-Box and mapping table are generated by the secret key through the Rivest Cipher 4 (RC4) encryption algorithm. The proposed algorithm enhances the resistance against attacks through the reinforcement of video security, and thus, reduces the vulnerabilities of the existing algorithms such as I-Frame selective encryption and MVEA. Even though the level of security of the proposed algorithm is higher than the bit scrambling algorithms, it has much better security and higher processing rate than others selective algorithms.     

改进的多步法快速相关攻击及其应用

本文提出了两个新的流密码多步法快速相关攻击算法.第一个算法适用于噪音不是很大,而攻击者只有很少预计算资源的环境.第二个算法适用于高噪音而只能获得有限密钥流的场合.新算法均适用于任何形式的LFSR,并在所考虑情况下优于以前的结果.作为应用,本文分别给出一级蓝牙流密码E0和LILI-128新的密钥恢复攻击.给定237比特密钥流和228字节存储空间,针对一级蓝牙流密码E0的新攻击可以在235.1次操作中完成.给定224比特密钥流和224.5字节存储,针对LILI-128的新攻击复杂度为270.6次操作.     

A novel secure solution of using mixed reality in data transmission for bowel and jaw surgical telepresence: enhanced rivest cipher RC6 block cipher

Security threats are crucial challenges that deter Mixed reality (MR) communication in medical telepresence. This research aims to improve the security by reducing the chances of types of various attacks occurring during the real-time data transmission in surgical telepresence as well as reduce the time of the cryptographic algorithm and keep the quality of the media used. The proposed model consists of an enhanced RC6 algorithm in combination. Dynamic keys are generated from the RC6 algorithm mixed with RC4 to create dynamic S-box and permutation table, preventing various known attacks during the real-time data transmission. For every next session, a new key is created, avoiding possible reuse of the same key from the attacker. The results obtained from our proposed system are showing better performance compared to the state of art. The resistance to the tested attacks is measured throughout the entropy, Pick to Signal Noise Ratio (PSNR) is decreased for the encrypted image than the state of art, structural similarity index (SSIM) closer to zero. The execution time of the algorithm is decreased for an average of 20%. The proposed system is focusing on preventing the brute force attack occurred during the surgical telepresence data transmission. The paper proposes a framework that enhances the security related to data transmission during surgeries with acceptable performance.

     

基于分布式计算的RC4加密算法的暴力破解

加密算法的安全性很大程度上取决于暴力破解的不可行性。暴力破解加密算法是密码学的研究方向之一。本文采用分布式计算方法,设计了暴力破解RCA加密算法的软件。在局域网内实现了对40位的RCA算法的暴力破解,并对软件的破解速度进行了测试。测试结果表明,40住的RCA抵抗暴力攻击的能力是很脆弱的。因此,用RCA算法加密也是很不安全的。     

Breaking a novel image encryption scheme based on an improper fractional order chaotic system

In this paper, we analyze the security of a recent image encryption algorithm based on an improper fractional-order chaotic system suggested by Zhao et al. The fatal flaw in the cryptosystem is that the keystream generated depends on neither the plain-image nor the cipher-image. Another main issue with this algorithm is using the same key (the last key in the keystream) in all encryption equations. Based on these points, it is easy to recover the plain-image and the keystream by applying chosen plaintext attack in only one plain-image. Both mathematical analysis and experimental results confirm the feasibility of this attack. As a result, the cryptosystem under study is not suitable for cryptography.