Cryptanalysis of mCrypton—A lightweight block cipher for security of RFID tags and sensors

mCrypton is a 64‐bit lightweight block cipher designed for use in low‐cost and resource‐constrained applications such as RFID tags and sensors in wireless sensor networks. In this paper, we investigate the strength of this cipher against related‐key impossible differential cryptanalysis. First, we construct two 6‐round related‐key impossible differentials for mCrypton‐96 and mCrypton‐128. Then, using these distinguishers, we present 9‐round related‐key impossible differential attacks on these two versions. The attack on mCrypton‐96 requires 2^59.9 chosen plaintexts, and has a time complexity of about 2^74.9 encryptions. The data and time complexities for the attack on mCrypton‐128 are 2^59.7 chosen plaintexts and 2^66.7 encryptions, respectively. Copyright © 2011 John Wiley & Sons, Ltd.     

Improved impossible differential and biclique cryptanalysis of HIGHT

HIGHT is a lightweight block cipher introduced in CHES 2006 by Hong et al as a block cipher suitable for low‐resource applications. In this paper, we propose improved impossible differential and biclique attacks on HIGHT block cipher both exploiting the permutation‐based property of the cipher's key schedule algorithm as well as its low diffusion. For impossible differential attack, we found a new 17‐round impossible differential characteristic that enables us to propose a new 27‐round impossible differential attack. The total time complexity of the attack is 2^120.4 where an amount of 2^59.3 chosen plaintext‐ciphertext pairs and 2^107.4 memory are required. We also instantiate a new biclique cryptanalysis of HIGHT, which is based on the new idea of splitting each of the forward and backward keys into 2 parts where the computations associated to each one are performed independently. The time complexity and data complexity of this attack are 2^125.7 and 2⁴², respectively. To the best of our knowledge, this is the fastest biclique attack on full‐round HIGHT.     

Cryptanalysis of an efficient three‐party password‐based key exchange scheme

Three‐party password‐authenticated key exchange (3PAKE) protocols allow entities to negotiate a secret session key with the aid of a trusted server with whom they share a human‐memorable password. Recently, Lou and Huang proposed a simple 3PAKE protocol based on elliptic curve cryptography, which is claimed to be secure and to provide superior efficiency when compared with similar‐purpose solutions. In this paper, however, we show that the solution is vulnerable to key‐compromise impersonation and offline password guessing attacks from system insiders or outsiders, which indicates that the empirical approach used to evaluate the scheme's security is flawed. These results highlight the need of employing provable security approaches when designing and analyzing PAKE schemes. Copyright © 2011 John Wiley & Sons, Ltd.     

减轮SPECK算法的不可能差分分析

SPECK系列算法是2013年由美国国家安全局提出的轻量分组密码算法。算法整体为变形的Feistel结构,轮函数为模整数加法、循环移位和异或的组合,即所谓的ARX模块。在不可能差分研究方面,目前仅有LEE等人给出了SPECK 64算法的一些6轮不可能差分特征。该文进一步找到了SPECK 32/64算法和SPECK 48/96算法的一些6轮不可能差分特征,并在其前面添加1轮后面添加3轮,给出了对两个算法的10轮不可能差分分析。     

Cryptanalysis of an identity‐based authenticated key exchange protocol

Authenticated key exchange protocols represent an important cryptographic mechanism that enables several parties to communicate securely over an open network. Elashry, Mu, and Susilo proposed an identity‐based authenticated key exchange (IBAKE) protocol where different parties establish secure communication by means of their public identities.The authors also introduced a new security notion for IBAKE protocols called resiliency, that is, if the secret shared key is compromised, the entities can generate another shared secret key without establishing a new session between them. They then claimed that their IBAKE protocol satisfies this security notion. We analyze the security of their protocol and prove that it has a major security flaw, which renders it insecure against an impersonation attack. We also disprove the resiliency property of their scheme by proposing an attack where an adversary can compute any shared secret key if just one secret bit is leaked.     

一类分组密码变换簇抵抗线性密码分析的安全性评估

线性密码分析是针对分组密码的强有力的攻击方法，估计分组密码抵抗线性密码分析的能力是分组密码安全性评估的重要内容之一.基于实际应用背景，提出了"四分组类CLEFIA变换簇"的概念，并利用变换簇中两种特殊分组密码结构的线性逼近之间的关系，给出了变换簇中所有密码结构抵抗线性密码分析的安全性评估结果，并提出了需要进一步探讨的若干问题.这种利用变换簇对分组密码进行研究的方法，为分组密码的安全性评估提供了一个较为新颖的思路.     

Security analysis of mCrypton proper to low‐cost ubiquitous computing devices and applications

mCrypton, which is a mini‐version of Crypton, is a 64‐bit block cipher with three key size options (64 bits, 96 bits, 128 bits). It was designed for use in low‐cost ubiquitous wireless devices and resource‐constrained tiny devices such as low‐cost Radio‐Frequency Identification tags and sensors in Ubiquitous Sensor Network. In this paper we show that 8‐round mCrypton with 128‐bit key is vulnerable to related‐key rectangle attack. We first describe how to construct two related‐key truncated differentials on which 7‐round related‐key rectangle distinguisher is based and then we exploit it to attack 8‐round mCrypton. This attack requires 2⁴⁶ dada and 2⁴⁶ time complexities, which is faster than exhaustive search. This is the first known cryptanalytic result on mCrypton. Copyright © 2009 John Wiley & Sons, Ltd.     

Cryptanalysis and enhancements of efficient three‐party password‐based key exchange scheme

In this paper, we first showed that Lou and Huang's three‐party password‐based key exchange protocol is still vulnerable to offline dictionary attacks. Thereafter, we proposed an enhanced protocol that can defeat the attack described and yet is efficient. Finally, we provided the rigorous proof of the security for it. Copyright © 2011 John Wiley & Sons, Ltd.     

Cryptanalysis of a simple three‐party password‐based key exchange protocol

In order to secure communications between two clients with a trusted server's help in public network environments, a three‐party authenticated key exchange (3PAKE) protocol is used to provide the transaction confidentiality and the efficiency. In 2009, Huang proposed a simple three‐party password‐based authenticated key exchange (HS‐3PAKE) protocol without any server's public key. By analysis, Huang claimed that the proposed HS‐3PAKE protocol is not only secure against various attacks, but also more efficient than previously proposed 3PAKE protocols. However, this paper demonstrates that HS‐3PAKE protocol is vulnerable to undetectable online password guessing attacks and off‐line password guessing attacks by any other user. Copyright © 2010 John Wiley & Sons, Ltd.     

Cryptanalysis of a dynamic identity‐based remote user authentication scheme with verifiable password update

In the authentication scheme, it is important to ensure that the user's identity changed dynamically with the different sessions, which can protect the user's privacy information from being tracked. Recently, Chang et al. proposed an untraceable dynamic identity‐based remote user authentication scheme with verifiable password update. However, our analysis show that the property of untraceability can easily be broken by the legal user of the system. Besides, we find the scheme of Chang et al. vulnerable to offline password guessing attack, impersonation attack, stolen smart card attack, and insider attack. Copyright © 2013 John Wiley & Sons, Ltd.     

Context‐Aware Active Services in Ubiquitous Computing Environments

With the advent of ubiquitous computing environments, it has become increasingly important for applications to take full advantage of contextual information, such as the user's location, to offer greater services to the user without any explicit requests. In this paper, we propose context‐aware active services based on context‐aware middleware for URC systems (CAMUS). The CAMUS is a middleware that provides context‐aware applications with a development and execution methodology. Accordingly, the applications based on CAMUS respond in a timely fashion to contextual information. This paper presents the system architecture of CAMUS and illustrates the content recommendation and control service agents with the properties, operations, and tasks for context‐aware active services. To evaluate CAMUS, we apply the proposed active services to a TV application domain. We implement and experiment with a TV content recommendation service agent, a control service agent, and TV tasks based on CAMUS. The implemented content recommendation service agent divides the user's preferences into common and specific models to apply other recommendations and applications easily, including the TV content recommendations.     

Cryptanalysis and improvement of ‘a robust smart‐card‐based remote user password authentication scheme’

With the use of smart card in user authentication mechanisms, the concept of two‐factor authentication came into existence. This was a forward move towards more secure and reliable user authentication systems. It elevated the security level by requiring a user to possess something in addition to know something. In 2010, Sood et al. and Song independently examined a smart‐card‐based authentication scheme proposed by Xu et al. They showed that in the scheme of Xu et al., an internal user of the system can turn hostile to impersonate other users of the system. Both of them also proposed schemes to improve the scheme of Xu et al. Recently, Chen et al. identified some security problems in the improved schemes proposed by Sood et al. and Song. To fix these problems, Chen et al. presented another scheme, which they claimed to provide mutual authentication and withstand lost smart card attack. Undoubtedly, in their scheme, a user can also verify the legitimacy of server, but we find that the scheme fails to resist impersonation attacks and privileged insider attack. We also show that the scheme does not provide important features such as user anonymity, confidentiality to air messages, and revocation of lost/stolen smart card. Besides, the scheme defies the very purpose of two‐factor security. Furthermore, an attacker can guess a user's password from his or her lost/stolen smart card. To meet these challenges, we propose a user authentication method with user anonymity. We show through analysis and comparison that the proposed scheme exhibits enhanced efficiency in contrast to related schemes, including the scheme of Chen et al. Copyright © 2013 John Wiley & Sons, Ltd.     

Revised anonymous authentication protocol for adaptive client‐server infrastructure

Rapid evolution in information and communication technologies has facilitated us to experience mobile communication in our daily routine. Mobile user can only avail the services from the server, once he/she is able to accomplish authentication process successfully. In the recent past, several researchers have contributed diverse authentication protocols for mobile client‐server environment. Currently, Lu et al designed two‐factor protocol for authenticating mobile client and server to exchange key between them. Lu et al emphasized that their scheme not only offers invincibility against potential security threats but also offers anonymity. Although this article reveals the facts that their protocol is vulnerable against client and server impersonation, man‐in‐the‐middle, server key breach, anonymity violation, client traceability, and session‐specific temporary attacks, therefore, we have enhanced their protocol to mitigate the above mention vulnerabilities. The enhanced protocol's security strength is evaluated through formal and informal security analysis. The security analysis and performance comparison endorses the fact that our protocol is able to offer more security with least possible computation complexity.     

Donor–Acceptor Poly(3‐hexylthiophene)‐block‐Pendent Poly(isoindigo) with Dual Roles of Charge Transporting and Storage Layer for High‐Performance Transistor‐Type Memory Applications

Field‐effect transistor memories usually require one additional charge storage layer between the gate contact and organic semiconductor channel. To avoid such complication, new donor–acceptor rod–coil diblock copolymers (P3HT₄₄‐b‐Piso_n) of poly(3‐hexylthiophene) (P3HT)‐block‐poly(pendent isoindigo) (Piso) are designed, which exhibit high performance transistor memory characteristics without additional charge storage layer. The P3HT and Piso blocks are acted as the charge transporting and storage elements, respectively. The prepared P3HT₄₄‐b‐Piso_n can be self‐assembled into fibrillar‐like nanostructures after the thermal annealing process, confirmed by atomic force microscopy and grazing‐incidence X‐ray diffraction. The lowest‐unoccupied molecular orbital levels of the studied polymers are significantly lowered as the block length of Piso increases, leading to a stronger electron affinity as well as charge storage capability. The field‐effect transistors (FETs) fabricated from P3HT₄₄‐b‐Piso_n possess p‐type mobilities up to 4.56 × 10^?2 cm² V^?1 s^?1, similar to that of the regioregular P3HT. More interestingly, the FET memory devices fabricated from P3HT₄₄‐b‐Piso_n exhibit a memory window ranging from 26 to 79 V by manipulating the block length of Piso, and showed stable long‐term data endurance. The results suggest that the FET characteristics and data storage capability can be effectively tuned simultaneously through donor/acceptor ratio and thin film morphology in the block copolymer system.     

A Link Between Integrals and Higher‐Order Integrals of SPN Ciphers

Integral cryptanalysis, which is based on the existence of (higher‐order) integral distinguishers, is a powerful cryptographic method that can be used to evaluate the security of modern block ciphers. In this paper, we focus on substitution‐permutation network (SPN) ciphers and propose a criterion to characterize how an r‐round integral distinguisher can be extended to an (r+1)‐round higher‐order integral distinguisher. This criterion, which builds a link between integrals and higher‐order integrals of SPN ciphers, is in fact based on the theory of direct decomposition of a linear space defined by the linear mapping of the cipher. It can be directly utilized to unify the procedure for finding 4‐round higher‐order integral distinguishers of AES and ARIA and can be further extended to analyze higher‐order integral distinguishers of various block cipher structures. We hope that the criterion presented in this paper will benefit the cryptanalysts and may thus lead to better cryptanalytic results.     

Cryptanalysis and improvement of a three‐party password‐based authenticated key exchange protocol with user anonymity using extended chaotic maps

Three‐party password‐authenticated key exchange (3PAKE) protocols allow two clients to agree on a secret session key through a server via a public channel. 3PAKE protocols have been designed using different arithmetic aspects including chaotic maps. Recently, Lee et al. proposed a 3PAKE protocol using Chebyshev chaotic maps and claimed that their protocol has low computation and communication cost and can also resist against numerous attacks. However, this paper shows that in spite of the computation and communication efficiency of the Lee et al. protocol, it is not secure against the modification attack. To conquer this security weakness, we propose a simple countermeasure, which maintains the computation and communication efficiency of the Lee et al. protocol. Copyright © 2014 John Wiley & Sons, Ltd.     

Beyond von‐Neumann Computing with Nanoscale Phase‐Change Memory Devices

Historically, the application of phase‐change materials and devices has been limited to the provision of non‐volatile memories. Recently, however, the potential has been demonstrated for using phase‐change devices as the basis for new forms of brain‐like computing, by exploiting their multilevel resistance capability to provide electronic mimics of biological synapses. Here, a different and previously under‐explored property that is also intrinsic to phase‐change materials and devices, namely accumulation, is exploited to demonstrate that nanometer‐scale electronic phase‐change devices can also provide a powerful form of arithmetic computing. Complicated arithmetic operations are carried out, including parallel factorization and fractional division, using simple nanoscale phase‐change cells that process and store data simultaneously and at the same physical location, promising a most efficient and effective means for implementing beyond von‐Neumann computing. This same accumulation property can be used to provide a particularly simple form phase‐change integrate‐and‐fire “neuron”, which, by combining both phase‐change synapse and neuron electronic mimics, potentially opens up a route to the realization of all‐phase‐change neuromorphic processing.     

A survey on IP‐based wireless sensor network solutions

Wireless sensor networks (WSNs) are composed of thousands of smart‐sensing nodes, which capture environment data for a sink node. Such networks present new challenges when compared with traditional computer networks, namely in terms of smart node hardware constraints and very limited energy resources. Ubiquitous computing can benefit from WSNs from the perspective that sensed data can be used instead of the user without explicit intervention, turning ubiquitous computing into a reality. Internet connectivity in WSNs is highly desirable, featuring sensing services at a global scale. Two main approaches are considered: proxy based or sensor node stack based. This second approach turns sensors into data‐producing hosts also known as ‘The Internet of Things’. For years, the TCP/IP (Transmission Control Protocol/Internet Protocol) suite was considered inappropriate for WSNs, mainly due to the inherent complexity and protocol overhead for such limited hardware. However, recent studies made connecting WSNs to the Internet possible, namely using sensor node stack based approaches, enabling integration into the future Internet. This paper surveys the current state‐of‐the‐art on the connection of WSNs to the Internet, presents related achievements, and provides insights on how to develop IP‐based communication solutions for WSNs today. Copyright © 2010 John Wiley & Sons, Ltd.     

High Electroactive Material Loading on a Carbon Nanotube@3D Graphene Aerogel for High‐Performance Flexible All‐Solid‐State Asymmetric Supercapacitors

Freestanding carbon‐based hybrids, specifically carbon nanotube@3D graphene (CNTs@3DG) hybrid, are of great interest in electrochemical energy storage. However, the large holes (about 400 µm) in the commonly used 3D graphene foams (3DGF) constitute as high as 90% of the electrode volume, resulting in a very low loading of electroactive materials that is electrically connected to the carbon, which makes it difficult for flexible supercapacitors to achieve high gravimetric and volumetric energy density. Here, a hierarchically porous carbon hybrid is fabricated by growing 1D CNTs on 3D graphene aerogel (CNTs@3DGA) using a facile one‐step chemical vapor deposition process. In this architecture, the 3DGA with ample interconnected micrometer‐sized pores (about 5 µm) dramatically enhances mass loading of electroactive materials comparing with 3DGF. An optimized all‐solid‐state asymmetric supercapacitor (AASC) based on MnO₂@CNTs@3DGA and Ppy@CNTs@3DGA electrodes exhibits high volumetric energy density of 3.85 mW h cm^?3 and superior long‐term cycle stability with 84.6% retention after 20 000 cycles, which are among the best reported for AASCs with both electrodes made of pseudocapacitive electroactive materials.     

Studies of photorefractive properties of a novel dye‐doped nematic liquid crystal system

We examine here photorefractive and dielectric properties of a novel system: nematic liquid crystal mixture doped with 1‐(5‐methylfuran‐2‐yl)‐3‐(4‐dimethylaminophenyl)‐propenon dye. Kinetics of formation of refractive index gratings induced by light in a two‐wave mixing experiment in this dye‐doped nematic liquid crystal together with dielectric relaxation and ionic conductivity are investigated. We perform a degenerate four‐wave mixing experiment, enabling us to observe the generation of an optical phase conjugation signal by the studied system, and report on some optical microscope observations of hydrodynamic instabilities related to charge injection from the electrodes and ionic current flow through liquid crystal layer. We discuss the results in reference to other similar liquid crystalline materials. Copyright © 2000 John Wiley & Sons, Ltd.