Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
public:papers:infocomm2016 [2016-01-13 16:06] petrspublic:papers:infocomm2016 [2018-03-31 15:00] (current) – [New results on reduced-round Tiny Encryption Algorithm using genetic programming] xkubice8
Line 1: Line 1:
 ====== New results on reduced-round Tiny Encryption Algorithm using genetic programming ====== ====== New results on reduced-round Tiny Encryption Algorithm using genetic programming ======
-**Authors: Karel KubicekJiri Novotny, Petr Svenda, Martin Ukrop**+**Authors: Karel KubíčekJiří Novotný, Petr Švendaand Martin Ukrop**
  
-<note tip>This paper is not published yet, therefore page is not yet finalzed</note> 
 **Abstract:** //Analysis of cryptoprimitives usually requires extensive **Abstract:** //Analysis of cryptoprimitives usually requires extensive
 work of a skilled cryptanalyst. Some automation is possible, work of a skilled cryptanalyst. Some automation is possible,
Line 25: Line 24:
 randomness distinguisher.// randomness distinguisher.//
  
-  * Journal page: [[http://www.hiradastechnika.hu|Infocommunication journal]] +  * Journal page: [[http://www.infocommunications.hu/2016_1|Infocommunication journal]]. 
-  * Download author pre-print of the paper: {{:public:papers:secamplif_wistp15.pdf|pdf}} +  * Download author pre-print of the paper: {{:public:papers:infocom:infocommunications2016.pdf|pdf}}. 
-  * Download used version of EACirc tool and configuration files: {{:public:papers:fixme.zip|zip source code}}, {{:public:papers:fixme.exe.zip|executable file}}+  * Download used version of EACirc tool and configuration files: {{:public:papers:infocom:eacirc-3.0.zip|zip source code}}, {{:public:papers:infocom:tea_experiment.zip|executable file}} or current version from [[https://github.com/crocs-muni/EACirc/releases|github]].
  
 **Bibtex:** **Bibtex:**
-FIXME +  @article{eacirc-tea2016
-   @inproceedings{secrecyamplif_wistp2015+      title = {New results on reduced-round Tiny Encryption Algorithm using genetic programming}
-     author = {Radim O\v{s}\v{t}\'{a}dal \Petr \v{S}venda \and V{\'a}clav Maty{\'a}\v{s}}, +      author = {Karel Kubíček and Jiří Novotný and Petr Švenda and Martin Ukrop}, 
-     title = {On Secrecy Amplification Protocols}, +      journal = {IEEE Infocommunications}, 
-     booktitle = {The 9th WISTP International Conference on Information Security Theory and Practice (WISTP’2015), +      volume = {8}, 
-     LNCS 9311}, +      number = {1}, 
-     year = {2015}, +      pages = {2--9}, 
-     pages = {3--19}, +      year = {2016}, 
-     doi = {10.1007/978-3-319-24018-3 1}, +      publisher = {Scientific Association for Infocommunications, Budapest, Hungary}, 
-     publisher = {Springer+  }
-   } +
-   +
-  +
  
----- 
 ---- ----
  
 +==== What is this paper about? =====
  
 +Automatized randomness testing is useful for checking one of the expected cipher properties – output ciphertext should be indistinguishable from a stream of truly random data. The common way to automate testing of randomness is using statistical batteries. But the limitation of the standard batteries for randomness testing is the fact they implement a fixed set of tests and can detect only a limited set of patterns and statistical irregularities.
  
-===== What is this paper about? =====+In this work we use EACirc -- a framework for constructing empirical tests of randomness. Capabilities of EACirc are compared with previous results as well as conventional statistical batteries analysing Tiny Encryption Algorithm.
  
-FIXME - update to this paper +//EACirc consistently performs better than NIST STS. Dieharder is able to detect small deviances in one additional roundBut analysis of EACirc output can provide information valuable for the cipher’s designer. We analyzed successful randomness tests and found the weak byte of limited TEA output.//
- +
-The secrecy amplification protocol provides description how messages with a fresh key material should be propagated inside a target network to provide secure link key to nodes with key currently compromised by an attackerAs wireless networks running on batteries are targeted, not only protocol's success rate (number of newly secured links), but also message overhead (significantly impacting energy consumption) must be considered.  +
- +
-//A secrecy amplification protocol can be pretty effective: a network with 50-70 % of compromised links can be turned into network with 95+ % secure links for the price of small hundreds of messages (per node) in only tens of seconds.//+
  
 **In this we paper, we:** **In this we paper, we:**
-  * Gave motivation, why secrecy amplification protocols should be used -- if enough neighbours are available in network and random compromise pattern is assumed, network with only 30 % secure can be turned into network with more then 95 % secure links.  +  * Give motivation for randomness testing and provided comparison of available tools
-  * Provided survey of all published secrecy amplification protocols (13 in total)+  * Summarize approach of previous works based on evolution algorithms and extended it by our approach
-  * Established upper bound of secrecy amplification protocol success rate for given network+  * Analyze TEA limited to 1 to 5 rounds with different plaintext types using both statistical batteries and EACirc
-  * Compared protocols wrt message efficiency, number of links they are able to secure and other characteristics+  * Interprete various results from statistical batteries and EACirc on different plaintext types
-  * Discussed how hard is to execute secrecy amplification protocol in practice on real node (TelosB, TinyOS)+  * Compare performance and data usage for many experiments settings
-  * Introduced new class of hybrid secrecy amplification protocols, which are easier to synchronize and provide very good tradeoff between number of secure links (higher the better) and messages transmitted (lower the better)+  * Analyze resulting randomness test created by EACirc.
- +
-{{:public:papers:secure_links_random.png|}}+
  
-//Figure showing increase in the number of secured links after secrecy amplification protocols in the random +{{:public:papers:infocom:eac_circuit4.png?500nolink|}}
-compromise pattern on network with 20.3 legal neighbours on average. With in- +
-creasing number of neighbouring nodes the general effectiveness of protocol grows. +
-As can be seen, a strong majority of secure links (> 90%) can be obtained even +
-when the initial network had 70% of compromised links.//+
  
-{{:public:papers:sa_normalized_messages.png|}}+//In the case of 4-round TEA on counter plaintexts (type 1), we analyzed several distinguishers with the fitness over 98%In all of these circuits (see for example figure above) the distinguisher decision is based on the fourth byte of TEA ciphertext. The fourth byte is usually almost unchanged (operations affect only some bits).//
  
-//Figure showing increase in the number of secured links per message used during the protocol execution (random compromise pattern, 20.3 legal neighbours on average). The higher value is better - more links are secured per single message. Node-oriented protocols send significantly more messages with rising network density making them less effective per single message. This stands especially for 4-party node-oriented protocols, which are the least effective. The best tradeoff shows group-oriented and hybrid protocols.//  +{{:public:papers:infocom:eac_circuit_128tv_2.png?700nolink|}}
- +
  
 +//We also analyzed 4-round TEA on plaintexts suitable for strict avalanche criterion testing (type 3). In this case, the input layer had 16 input nodes, capable of processing two blocks of TEA ciphertext at once. Analyzed distinguishers (for example figure above) commonly combine the fourth byte of the first ciphertext block with the fourth byte of the second ciphertext block.//