李小波,管海兵,李小勇,宦飞

2010-01-01

Journal of Computer Applications

Abstract:Microsoft Office is the most widely used office software.Office security is mainly carried out through encryption.Since Office97 was released,file encryption function of Microsoft Office software has been continuously improved.However,Office document security encryption is still difficult to ensure.This paper analyzed the process of Office file encryption/decryption,and the existence of the attack,and various versions of Office encryption/decryption algorithms.The cracking experiment were designed,and experimental data were obtained with time as the indicator.It was discussed whether Office encrypted files were safe.

CQ Li,S Li,D Zhang,G Chen

DOI: https://doi.org/10.1049/ip-vis:20045234

2006-01-01

IEE Proceedings - Vision Image and Signal Processing

Abstract:A voice-over-Internet protocol technique with a new hierarchical data security protection (HDSP) scheme using a secret chaotic bit sequence has been recently proposed. Some insecure properties of the HDSP scheme are pointed out and then used to develop known/chosen-plaintext attacks. The main findings are: given n known plaintexts, about (100 - (50/2(n)))% of secret chaotic bits can be uniquely determined; given only one specially-chosen plaintext, all secret chaotic bits can be uniquely derived; and the secret key can be derived with practically small computational complexity when only one plaintext is known (or chosen). These facts reveal that HDSP is very weak against known/chosen-plaintext attacks. Experiments are given to show the feasibility of the proposed attacks. It is also found that the security of HDSP against the brute-force attack is not practically strong. Some countermeasures are discussed for enhancing the security of HDSP and several basic principles are suggested for the design of a secure encryption scheme.

Jingxin Hong,Zefeng Chen,Jun Hu

DOI: https://doi.org/10.1109/icasid.2015.7405655

2015-01-01

Abstract:Microsoft Office is the most popular office software. Office document security is mainly carried out through encryption by the software encryption function. But as the new decoding method is put forward and the computer speed is accelerated rapidly, the document security has been questioned. This paper analyzed the whole process of Office 2013 file encryption/decryption, designed a contrast experiment with the former version of Office 2010, then cracked respectively the password on CPU computing computer and GPU computing platform by password brute-force method, and experimental data were obtained with time as the indicator. It was discussed whether Office 2013 encrypted files were safe.

HU Liang,CHI Ling,YUAN Wei,LI Hong-tu,CHU Jian-feng

DOI: https://doi.org/10.13413/j.cnki.jdxblxb.2012.03.011

2012-01-01

Abstract:Based on security risks for RC4 algorithm,we presented some improvements.The improved algorithm can resist the fault induction attack via adding the self-error detection phase,and resist Knudsen's attack via adding the byte conversion phase.After analyzing the security of the improved algorithm,we proved that the improved algorithm can resist the fault induction attack and Knudsen's attack validly,the security of the RC4 algorithm is hence enhanced.

Jing Lv,Bin Zhang,Dongdai Lin

DOI: https://doi.org/10.1007/978-3-319-05149-9_2

2013-01-01

Abstract:In FSE 2011, Maitra and Paul observed that there exists negative bias in the first byte of the RC4 keystream towards 0. In this paper, we give our theoretical proof of this bias. This bias immediately provide distinguisher for RC4, and ciphertext only attack on broadcast RC4. Additionally, we discover some new weaknesses of the keystream bytes even after the first <InlineEquation ID=\"IEq1\" <EquationSource Format=\"TEX\"$$N$$</EquationSource> <EquationSource Format=\"MATHML\" <math xmlns:xlink=\"http://www.w3.org/1999/xlink\" <mi>N</mi> </math> </EquationSource> </InlineEquation> rounds of the PRGA, where <InlineEquation ID=\"IEq2\" <EquationSource Format=\"TEX\"$$N$$</EquationSource> <EquationSource Format=\"MATHML\" <math xmlns:xlink=\"http://www.w3.org/1999/xlink\" <mi>N</mi> </math> </EquationSource> </InlineEquation> is the size of the RC4 permutation, generally, <InlineEquation ID=\"IEq3\" <EquationSource Format=\"TEX\"$$N=256$$</EquationSource> <EquationSource Format=\"MATHML\" <math xmlns:xlink=\"http://www.w3.org/1999/xlink\" <mrow> <mi>N</mi> <mo>=</mo> <mn>256</mn> </mrow> </math> </EquationSource> </InlineEquation>. The weaknesses in turn provide us with certain state information from the keystream bytes no matter how many initial bytes are thrown away.

Zhangjie Fu,Xingming Sun,Jie Xi

DOI: https://doi.org/10.1109/jcn.2015.000091

2015-10-01

Journal of Communications and Networks

Abstract:MS Office suit software is the most widely used electronic documents by a large number of users in the world, which has absolute predominance in office software market. MS Office 2007-2013 documents, which use new office open extensible markup language (OOXML) format, could be illegally used as cover mediums to transmit secret information by offenders, because they do not easily arouse others suspicion. This paper proposes nine forensic methods and an integrated forensic tool for OOXML format documents on the basis of researching the potential information hiding methods. The proposed forensic methods and tool cover three categories; document structure, document content, and document format. The aim is to prevent covert communication and provide security detection technology for electronic documents downloaded by users. The proposed methods can prevent the damage of secret information embedded by offenders. Extensive experiments based on real data set demonstrate the effectiveness of the proposed methods.

computer science, information systems,telecommunications

Jing Lv,Bin Zhang,Dongdai Lin

2013-01-01

Abstract:RC4, designed by Rivest in 1987, is the most widely deployed stream cipher in practical applications. In this paper, two new class of statistical biases inherent in RC4 are depicted and it is shown that the RC4 keystream is distinguishable from random no matter how many initial bytes have been dumped. RC4A, proposed by Paul and Preneel at FSE 2004 to strengthen the security of RC4, is also found to be vulnerable to similar attacks. Instead, a new pseudorandom bit generator RC4B is proposed, which is believed to provide better immunity against the known attacks.

WANG Jun

DOI: https://doi.org/10.3969/j.issn.1009-3044.2012.23.013

2012-01-01

Abstract:Along with the social informatization is getting higher and higher,the data stored in the DBMS to security requirements are also gradually improve.Systems generally will require the user to input the password,that is,by setting a password to protect the security of the database.It’s talking about commonly used methods of password analysis about database encryption.It’s obvious that encryption algorithm has been greatly enhanced in the new version through to the contrast analysis between an encrypted database of Access 2003 and an encrypt ed database of Access 2010,improved the password security of Access 2010.

Lijuan Chen,Ying Yang,Jizhi Wang,Zhenya Chen,Liqiang Wen,Guang Yang

DOI: https://doi.org/10.2991/978-94-6239-145-1_25

2016-01-01

Abstract:Microsoft Office is undoubtedly the best of the office application suites available on the planet, hence very high market share for Word 2003 processing and a certain market demand for Word 2003 document password cracking. Our past research has focused on the cracking programme of encrypted Word document. In this paper, however, we propose a scheme that can crack Word 2003 document password based on the supercomputer made in China (Sunway Bluelight MPP supercomputer) by analyzing Microsoft Office document file format, Word 2003 document encryption mechanism and vulnerability that exists in the encryption mechanism.

Fanping Zeng

2008-01-01

Abstract:When used in application, RC4 cipher technology has some problems, such as weak keys and related key attacks, invariance weakness,,byte bias and so on.This paper presents an improved RC4 cipher technology, which combines the ECC cipher and the RC4 stream cipher.Theemphasis is analyzing the efficiency, the management of keys, and the capability of the improved RC4 cipher.The result indicates that the efficiencyof the improved RC4 is just a litter lower than RC4 stream cipher while the security is much better than RC4.It has good repellency of the currentattacks which aim at RC4 stream cipher.What is more, the improved RC4 cipher has a good way to solve the problems about key management andkey update, which is very significant in application.

Seifedine Kadry,Mohamad Smaili

DOI: https://doi.org/10.48550/arXiv.1111.5641

2011-11-23

Cryptography and Security

Abstract:This paper develops a new algorithm to improve the security of RC4. Given that RC4 cipher is widely used in the wireless communication and has some weaknesses in the security of RC4 cipher, our idea is based on the combination of the RC4 and the poly alphabetic cipher Vigen\`ere to give a new and more secure algorithm which we called VRC4. In this technique the plain text is encrypted using the classic RC4 cipher then re-encrypt the resulted cipher text using Vigen\`ere cipher to be a more secure cipher text. For simplicity, we have implemented our new algorithm in Java Script taking into consideration two factors: improvement of the security and the time complexity. To show the performance of the new algorithm, we have used the well known network cracking software KisMac.

Chenpeng Xue,Ning Jiang,Xiaoyan Zhao,Anke Zhao,Yanhua Hong,Qiu Kun

DOI: https://doi.org/10.1364/cleopr.2018.f2d.2

2018-01-01

Abstract:We propose a new stream-cipher generation scheme based on the correlated physical random bit generation with synchronized chaotic lasers and pseudo-random bit extension RC4 algorithm. The proposed scheme shows high-security, extensible rate and strong robustness.

Zhe-Ming Lu,Zong-Hui Wang,Yong-Liang Liu

DOI: https://doi.org/10.24507/ijicic.17.04.1257

2021-01-01

Abstract:Nowadays, multimedia documents can be easily recreated or modified and then distributed over the Internet or via smart mobile phones; thus copyright protection, copy protection, content authentication and source tracing have become main issues in the big data era. In the past, many multipurpose information hiding schemes have been proposed to solve these problems. However, existing schemes are mainly designed for digital audiovisual documents, but seldom designed for office files, WEB pages, PDF files or software codes. Furthermore, there are few schemes considering how to embed multilevel fingerprints to trace multiple distribution processes. Based on above backgrounds, this paper presents a multipurpose framework based on multilevel multichannel information hiding to provide a more robust and conflict-prevented scheme with whole life cycle and full protection. This framework is developed for all kinds of multimedia documents to protect and/or authenticate and/or trace a multimedia document in its entire life time. In order to make our framework work better as an organic whole, we define a watermark information structure to discriminate and recognize different watermarks and also provide some required control information for watermark extraction or further embedding. To test the effectiveness of the proposed framework, we develop three simulation interfaces for images web pages and PPT files respectively. Experimental results demonstrate that our framework is effective and our scheme can embed multiple watermarks and can extract all watermarks correctly and independently.

Jing Lv,Dongdai Lin

2013-01-01

Abstract:The stream cipher RC4 was designed by R.Rivest in 1987, and it is a widely deployed cipher. Many predictive states of RC4 for some special indices i were presented in the last 20 years. In this paper, we present several long term predictive states. These states increase the probability to guess part of the internal state in a known plaintext attack and present a cryptanalytic weakness of RC4. This paper also analyzes possible long term bias in the keystream and further propose a search method for the long term predictive states.

Huafei Zhu,Lixin Ran,Yumin Wang

IF: 1.019

1999-01-01

Chinese Journal of Electronics

Abstract:Cryptographic hash functions are very important for cryptographic protocols such as signature scheme and message authentication. Based on the pioneer work of X. Lai et al., a new framework of hash algorithm is developed in this paper. In our hash scheme, an extra pseudorandom keystream generator is not needed which may be more conveniently for practical use. We have proved that the security of the new hash scheme is equivalent to that of feedback shift registers (FSRs) controlled by 2m - bit security keys.

Yu HAO,Yong SHI,Zhi XUE

DOI: https://doi.org/10.3969/j.issn.1673-629X.2017.10.021

2017-01-01

Abstract:With the rapid development of Internet and communication technology,the computer network pays more and more attention in information,which also emphasizes the increasing importance of information security technology. Electronic documents have become the most commonly used carrier in information storage and transmission and thus the problem of computer file leakage has generated more hidden,latent and harmful properties than other classical methods,increasing the difficulty in prevention of leakage. Since a new default file format is introduced in Microsoft Office 2007 document,which is called Office Open XML format and provides a new ideas for infor-mation hiding in Excel documents. An information hiding method based on Office Open XML file format is proposed in investigation of features of Office documents and XML specifications. With different kinds of files,such as DOCX,PPTX and XLSX,it adopts different i-dentifier attribute,which finds or creates a segment with this attribute to hide information by changing the attribute value. Experiment re-sults show that it can hide large capacity information and thus is safety with high capacity and security,which has solved poor robustness of the existing methods.

邢新景,张朝阳,王匡

DOI: https://doi.org/10.3969/j.issn.1003-8329.2003.04.009

2003-01-01

Wireless Communication Technology

Abstract:The WEP security algorithm used in IEEE 802.11 wireless LAN is introduced. Under the basis of a systematical analysis, flaws embedded in WEP are pointed out, and correspondingly, several attacking methods are provided to prove the weakness of WEP. The upgraded version of WEP algorithm-TKIP was also introduced and analyzed. At last, some potential solutions to the security problems are also proposed in using existing IEEE 802.11 equipments.

Fan Zhang,Zhijie Jerry Shi

DOI: https://doi.org/10.1109/ITNG.2008.183

2008-01-01

Abstract:Elliptic curve cryptography (ECC) has been adopted in many systems because it requires shorter keys than traditional public-key algorithms in primary fields. However, power analysis attacks can exploit the power consumption of ECC devices to retrieve secret keys. In this paper, we propose an efficient window-based countermeasure that is secure against existing power analysis attacks. Compared to previous counter- measures, our method has low memory overhead, requiring only a table of w+1 entries when the window size is w bits. It also has better performance than many algorithms that perform one point addition or subtraction for every bit in the scalar.

裴照君,段哲民,王海涛

DOI: https://doi.org/10.3969/j.issn.1007-757x.2008.10.008

2008-01-01

Abstract:The quick universality of the Internet makes the network transfer much more sensitive data,just like the credit card account needs to be ensured the security of information,the request for ensuring the security of the network data is urgently proposed.Aiming at this problem.we composed a complete information security program and developed an information security system possessing the functions of encryption,decryption and digital signature by using of CryptoAPI provided by Microsoft.Though tests and practical use,this system was testified to be of convenient encryption/decryption capability,which has high and practical value.

Dong Hailiang,Liu Jianfeng,Hu Huaping,Yue Hong

DOI: https://doi.org/10.3969/j.issn.1000-386X.2011.12.023

2011-01-01

Abstract:As there are such weaknesses in Menezes-Vanstone algorithm as vulnerable to known plaintext attack and low encryption efficiency,improvements are made by introducing Combined-Random-Number method.A new improved Menezes-Vanstone algorithm,called CRN-Menezes-Vanstone,which is based on combined random number,is proposed.OpenSSL,which is an open source software package,is used to realize the Combined-Random-Number method.Analysis and experiment illustrates that there are significant improvements on security and encryption efficiency with the new algorithm.