谢满德,沈海斌,竺红卫

DOI: https://doi.org/10.3969/j.issn.1004-3365.2004.06.003

2004-01-01

Abstract:The fundamental principle of differential power analysis (DPA) attacks against universal cryptosystems and a particular theory of DPA attacks against data encryption standard (DES) algorithm are described in detail. An improved algorithm is proposed for DPA. Based on the analysis of noise characteristics of the power signals, an approach to modeling the signal-to-noise ratio (SNR) is proposed and corresponding theory is demonstrated. Finally, experimental results of the algorithm are presented.

CQ Li,S Li,D Zhang,G Chen

DOI: https://doi.org/10.1049/ip-vis:20045234

2006-01-01

IEE Proceedings - Vision Image and Signal Processing

Abstract:A voice-over-Internet protocol technique with a new hierarchical data security protection (HDSP) scheme using a secret chaotic bit sequence has been recently proposed. Some insecure properties of the HDSP scheme are pointed out and then used to develop known/chosen-plaintext attacks. The main findings are: given n known plaintexts, about (100 - (50/2(n)))% of secret chaotic bits can be uniquely determined; given only one specially-chosen plaintext, all secret chaotic bits can be uniquely derived; and the secret key can be derived with practically small computational complexity when only one plaintext is known (or chosen). These facts reveal that HDSP is very weak against known/chosen-plaintext attacks. Experiments are given to show the feasibility of the proposed attacks. It is also found that the security of HDSP against the brute-force attack is not practically strong. Some countermeasures are discussed for enhancing the security of HDSP and several basic principles are suggested for the design of a secure encryption scheme.

Ruoyu Shen,Shengqi Lu,Yunlei Zhao

DOI: https://doi.org/10.3969/j.issn.1000-386x.2017.11.049

2017-01-01

Abstract:Secure Sockets Layer/Transport Layer Security (SSL/TLS) is intended to provide a secure channel for network communications,providing authentication,confidentiality and integrity.Due to the complexity and loopholes in the design and implementation of protocol leading to many security risks,the development of the new version of TLS1.3 caused widespread concern in the information security academia and industry.We outlined the protocol structure of TLS1.3.On this basis,several innovative changes of TLS1.3 were systematically analysed and combed,such as key schedule,PSK and 0-RTT.We reviewed the attacks received by the protocols for the last 10 years,and extracted the principle of each attack and TLS1.3 response to these attacks.And we made some predictions about the future development of TLS and make some recommendations.

Zhibo Wang,Wei Ma,Bei Gong

DOI: https://doi.org/10.1109/smartblock52591.2020.00023

2020-01-01

Abstract:RSA encryption algorithm is widely used in information and communication systems to protect the security of information. But the protocol failure would bring a lot of risks to RSA encryption systems. In this paper, the security of RSA encryption system and detailed risks brought by protocol failure which is result of improper choices of parameters discussed. Furthermore, an at-tack scheme of these risks and corresponding pseudo-code are proposed in this paper. This attack scheme would provide warnings for designers and users of RSA encryption systems.

Wu Liu,Ping Ren,Yong Zhang,Hai-xin Duan

DOI: https://doi.org/10.1109/CTC.2010.15

2010-01-01

Abstract:With more and more security threat events happened aiming at financial web services, there is an increasing amount of transactions performed over the Internet. As a de-facto standard the security protocol SSL (Secure Sockets Layer) or TLS (Transport Layer Security) is used to create a secure connection to web services. This paper analyze the weakness of the SSL and TLS protocols, based on which, we designed and implemented a root-kit for network based SSL and TLS traffic decrypt ion , which is called SSL-DP. With the experiment of SSL-DP we can see that SSL/TLS protocol is not secure enough to protect the important network information such as E-commerce etc.

Zhaohui Hu,Qi Chen,Ruizhao Yu

DOI: https://doi.org/10.3321/j.issn:1002-8331.2001.10.020

2001-01-01

Abstract:This article introduces the implementation of TCP Protocol and the technique of Port Scanning based on the characteristic of TCP Protocol,at the same time,the several implementations of Port Scanning are also described. We also analyze the potential external attacks that can be made because of the weakness of operation system and the ways to avoid suck kinds of attack are also put up.

Minghan Chen,Fangyan Dai,Bingjie Yan,Jieren Cheng,Longjuan Wang

DOI: https://doi.org/10.48550/arXiv.2002.01391

2020-02-05

Abstract:Distributed network of the computer and the design defects of the TCP protocol are given to the network attack to be multiplicative. Based on the simple and open assumptions of the TCP protocol in academic and collaborative communication environments, the protocol lacks secure authentication. In this paper, by adding RSA-based cryptography technology, RSA-based signature technology, DH key exchange algorithm, and HAMC-SHA1 integrity verification technology to the TCP protocol, and propose a security strategy which can effectively defend against TCP session hijacking.

Cryptography and Security

Muneer Alwazzeh,Sameer Karaman,Mohammad Nur Shamma

DOI: https://doi.org/10.13052/jcsm2245-1439.933

2020-07-01

Journal of Cyber Security and Mobility

Abstract:Network security and related issues have been discussed thoroughly in this paper, especially at transport layer security network protocol, which concern with confidentiality, integrity, availability, authentication, and accountability. To mitigate and defeat Man-in-the-middle-attacks, we have proposed a new model which consists of sender and receiver systems and utilizes a combination of blowfish (BF) and Advanced Encryption Standard (AES) algorithms, symmetric key agreement to distribute public keys, Elliptic Curve Cryptography (ECC) to create secret key, and then Diffe Hellman (DH) for key exchange. Both SHA-256 hashing and Elliptic Curve Digital Signature Algorithm (ECDSA) have been applied for integrity, and authentication, respectively.

Kevin Benton,Ty Bross

DOI: https://doi.org/10.48550/arXiv.1308.3559

2013-08-16

Abstract:Man in the middle attacks are a significant threat to modern e-commerce and online communications, even when such transactions are protected by TLS. We intend to show that it is possible to detect man-in-the-middle attacks on SSL and TLS by detecting timing differences between a standard SSL session and an attack we created.

Cryptography and Security

Mingming Zhang,Xiaofeng Zheng,Kaiwen Shen,Ziqiao Kong,Chaoyi Lu,Yu Wang,Haixin Duan,Shuang Hao,Baojun Liu,Min Yang

DOI: https://doi.org/10.1145/3372297.3417252

2020-01-01

Abstract:HTTPS is principally designed for secure end-to-end communication, which adds confidentiality and integrity to sensitive data transmission. While several man-in-the-middle attacks (e.g., SSL Stripping) are available to break the secured connections, state-of-the-art security policies (e.g., HSTS) have significantly increased the cost of successful attacks. However, the TLS certificates shared by multiple domains make HTTPS hijacking attacks possible again. In this paper, we term the HTTPS MITM attacks based on the shared TLS certificates as HTTPS Context Confusion Attack (SCC Attack). Despite a known threat, it has not yet been studied thoroughly. We aim to fill this gap with an in-depth empirical assessment of SCC Attack. We find the attack can succeed even for servers that have deployed current best practice of security policies. By rerouting encrypted traffic to another flawed server that shares the TLS certificate, attackers can bypass the security practices, hijack the ongoing HTTPS connections, and subsequently launch additional attacks including phishing and payment hijacking. Particularly, vulnerable HTTP headers from a third-party server are exploitable for this attack, and it is possible to hijack an already-established secure connection. Through tests on popular websites, we find vulnerable subdomains under 126 apex domains in Alexa top 500 sites, including large vendors like Alibaba, JD, and Microsoft. Meanwhile, through a large-scale measurement, we find that TLS certificate sharing is prominent, which uncovers the high potential of such attacks, and we summarize the security dependencies among different parties. For responsible disclosure, we have reported the issues to affected vendors and received positive feedback. Our study sheds light on an influential attack surface of the HTTPS ecosystem and calls for proper mitigation against MITM attacks.

Hao Chen,Tao Wang,Fan Zhang,Xinjie Zhao

DOI: https://doi.org/10.13245/j.hust.170214

2017-01-01

Abstract:The SOSEMANUK stream cipher is a member of the finalists of the eSTREAM proj ect.In this paper,the previous known attacks against SOSEMANUK was presented and discussed.Firstly, SOSEMANUK was described as a set of equations involving the public and key variables at bit level. Secondly,the attacker was assumed to be able to fault a random inner state word and the faults were described as a set of equations by analyzing the propagation of faults.Thirdly,the CryptoMinisat sol-ver was adapted to recover the secret inner state by guessing certain inner state words and solving the combined equations.The results show that the first round attack recovers the secret internal states, requires 20 faults and the computational complexity is dramatically reduced to O(296 ).The first two rounds attack recovers the whole states,requires 10 faults without guessing any inner state word, which is better than the previous known cryptanalytic results.

邢新景,张朝阳,王匡

DOI: https://doi.org/10.3969/j.issn.1003-8329.2003.04.009

2003-01-01

Wireless Communication Technology

Abstract:The WEP security algorithm used in IEEE 802.11 wireless LAN is introduced. Under the basis of a systematical analysis, flaws embedded in WEP are pointed out, and correspondingly, several attacking methods are provided to prove the weakness of WEP. The upgraded version of WEP algorithm-TKIP was also introduced and analyzed. At last, some potential solutions to the security problems are also proposed in using existing IEEE 802.11 equipments.

Tian Wang,Xiaoxin Cui,Yewen Ni,Dunshan Yu,Xiaole Cui,Gang Qu

DOI: https://doi.org/10.1109/asianhost.2017.8353995

2017-01-01

Abstract:In cold boot attacks, attackers attempt to retrieve encryption keys from the memory after the system is powered off. One representative cold boot attack, known as HMM algorithm, can break RSA with success probabilities as high as 82%. However, it, like other cold boot attacks, uses the symmetric memory decay model, which assumes that a bit is equally likely to change from 1 to 0 and from 0 to 1. It also requires that the bit error probability to be relatively small, which means that the attack must be launched within seconds of system power off. In this paper, we first show that under more realistic assumptions, HMM's success probability drops to 2.3%. We then propose a practical improvement of HMM algorithm with a proven lower bound on success probability and low runtime complexity. We conduct simulation and the results confirm that our approach improves HMM's chance of breaking RSA to 49.96%.

Fabian Bäumer,Marcus Brinkmann,Jörg Schwenk

2024-05-08

Abstract:The SSH protocol provides secure access to network services, particularly remote terminal login and file transfer within organizational networks and to over 15 million servers on the open internet. SSH uses an authenticated key exchange to establish a secure channel between a client and a server, which protects the confidentiality and integrity of messages sent in either direction. The secure channel prevents message manipulation, replay, insertion, deletion, and reordering. At the network level, SSH uses the Binary Packet Protocol over TCP. In this paper, we show that the SSH Binary Packet Protocol is no longer a secure channel: SSH channel integrity (INT-PST, aINT-PTXT, and INT-sfCTF) is broken for three widely used encryption modes. This allows prefix truncation attacks where encrypted packets at the beginning of the SSH channel can be deleted without the client or server noticing it. We demonstrate several real-world applications of this attack. We show that we can fully break SSH extension negotiation (RFC 8308), such that an attacker can downgrade the public key algorithms for user authentication or turn off a new countermeasure against keystroke timing attacks introduced in OpenSSH 9.5. Further, we identify an implementation flaw in AsyncSSH that, together with prefix truncation, allows an attacker to redirect the victim's login into a shell controlled by the attacker. We also performed an internet-wide scan and found that 71.6% of SSH servers support a vulnerable encryption mode, while 63.2% even list it as their preferred choice. We identify two root causes that enable these attacks: First, the SSH handshake supports optional messages that are not authenticated. Second, SSH does not reset message sequence numbers when activating encryption keys. Based on this analysis, we propose effective and backward-compatible changes to SSH that mitigate our attacks.

Cryptography and Security

Xihong Wu

2008-01-01

Abstract:When the information is transmitting in the network,it is danger because of the sniffers.A common method to protect the information is encryption.At present,the RSA algorithm is best.This paper analyses the principle,the detecting methods and defending measures of network sniffing.At the same time,it describes in details on the RSA algorithm and runs the program.The analysis on the theory and experiments indicates that the RSA algorithm can guarantee the confidentiality and integrity of the information.The RSA algorithm can prevent effectively the information being sniffered.

Nir Drucker,Shay Gueron

DOI: https://doi.org/10.1007/s00145-021-09387-y

2021-05-25

Journal of Cryptology

Abstract:TLS 1.3 allows two parties to establish a shared session key from an out-of-band agreed pre-shared key (PSK). The PSK is used to mutually authenticate the parties, under the assumption that it is not shared with others. This allows the parties to skip the certificate verification steps, saving bandwidth, communication rounds, and latency. In this paper, we identify a vulnerability in this specific TLS 1.3 option by showing a new "reflection attack" that we call "Selfie." This attack uses the fact that TLS does not mandate explicit authentication of the server and the client, and leverages it to break the protocol's mutual authentication property. We explain the root cause of this TLS 1.3 vulnerability, provide a fully detailed demonstration of a Selfie attack using the TLS implementation of OpenSSL, and propose mitigation. The Selfie attack is the first attack on TLS 1.3 after its official release in 2018. It is surprising because it uncovers an interesting gap in the existing TLS 1.3 models that the security proofs rely on. We explain the gap in these model assumptions and show how it affects the proofs in this case.

computer science, theory & methods,engineering, electrical & electronic,mathematics, applied

Sohaib ul Hassan,Iaroslav Gridin,Ignacio M. Delgado-Lozano,Cesar Pereida García,Jesús-Javier Chi-Domínguez,Alejandro Cabrera Aldaya,Billy Bob Brumley

DOI: https://doi.org/10.1145/3372297.3421761

2020-08-14

Abstract:Recent work on Side Channel Analysis (SCA) targets old, well-known vulnerabilities, even previously exploited, reported, and patched in high-profile cryptography libraries. Nevertheless, researchers continue to find and exploit the same vulnerabilities in old and new products, highlighting a big issue among vendors: effectively tracking and fixing security vulnerabilities when disclosure is not done directly to them. In this work, we present another instance of this issue by performing the first library-wide SCA security evaluation of Mozilla's NSS security library. We use a combination of two independently-developed SCA security frameworks to identify and test security vulnerabilities. Our evaluation uncovers several new vulnerabilities in NSS affecting DSA, ECDSA, and RSA cryptosystems. We exploit said vulnerabilities and implement key recovery attacks using signals---extracted through different techniques such as timing, microarchitecture, and EM---and improved lattice methods.

Cryptography and Security

An-Ping Li

DOI: https://doi.org/10.48550/arXiv.0710.2970

2007-10-16

Cryptography and Security

Abstract:In this paper, we present a generic attack for ciphers, which is in essence a collision attack on the secret keys of ciphers .

Chen Ai,Zixing Lu,Qing Liu

2012-01-01

Abstract:This paper proposes a new method of chosen-message SPA attacks based on the analysis of the CRT and the ZDN algorithm.It reveals the difference between the modular square and the modular multiplication to the power trace directly.In the experiment on the 8051 chip,the accuracy rate of recovery key achieves 99%.The amount of the plaintext in this method we can choose is large.If the defense is depend on the method forbidding given plaintexts only,it can't defense the new attack.This method can be used to check up whether or not the chip has defenses on the base number.At last,it summarizes the countermeasure against this method.

Majid Mumtaz,Luo Ping

DOI: https://doi.org/10.1080/09720529.2018.1564201

2019-01-01

Journal of Discrete Mathematical Sciences and Cryptography

Abstract:RSA public key cryptosystem is the de-facto standard use in worldwide technologies as a strong encryption/decryption and digital signature scheme. RSA successfully defended forty years of attack since invention. In this study we survey, its past, present advancements and upcoming challenges that needs concrete analysis and as a counter measure against possible threats according to underlying algebraic structure. Past studies shows us some attacks on RSA by inspecting flaws on relax model using weak public/private keys, integer factorization problem, and some specific low parameter selection attacks. Such flaws can not hamper the security of RSA cryptosystem by at large, but can explore possible vulnerabilities for more deep understanding about underlying mathematics and improper parameter selection. We describe a brief survey of past findings and detail description about specific attacks. A comprehensive survey of known attacks on RSA cryptosystem shows us that a well implemented algorithm is unbreakable and it survived against a number of cryptanalytic attacks since last forty years.