The ISC International Journal of Information Security

Abstract Impossible-differential cryptanalysis is one of the powerful methods utilized for evaluating the robustness of block ciphers; however, mCrypton is one of the block ciphers whose master key has not been recovered with this method in the single-key scenario. This paper first clarifies the branch number of the linear layer of mCrypton block ciphers with an observation. It has been shown that the branch number of the linear layer in mCrypton block cipher is four. Then, using this result, a 4-round impossible differential in a single-key scenario has been found. On the other hand, by exploiting the result of several observations, some vulnerabilities in the key-schedule algorithm were discovered and introduced. As a result, by exploiting the discovered vulnerabilities and 4-round property, impossible-differential cryptanalysis was successfully applied to seven rounds of mCrypton-64. To our knowledge, this is the first impossible differential cryptanalysis applied on mCrypton-64. In addition, this method requires 2^36.0 bytes of memory, 2^59.0 chosen plaintexts (with the corresponding ciphertexts), and 2^59.6 encryptions to recover the master key.

Abstract Attribute-based encryption (ABE) is one of the recommended tools to secure real systems like the Internet of Things (IoT). Almost all the ABE schemes utilize bilinear map operations, known as pairings. The challenge with these schemes is that performing pairings results in high computation costs and IoT devices are typically resource-constrained, so, efficient pairing-free ABE schemes have been proposed to solve this issue. These schemes utilize classical cryptographic operations instead of heavy bilinear pairings. Recently, two pairing-free ciphertext-policy attribute-based encryption schemes have been proposed (by Das et al. and Sowjanya et al.). According to their claims, their schemes are secure against collusion attacks and provide indistinguishability in a selective-set security model. The first scheme also has been claimed to be secure against forgery attacks. In this paper, we show that the first scheme is vulnerable to ciphertext-only, collusion between four or more data users with specific features, and forgery attacks. We also show that the second scheme is vulnerable to a key recovery attack, which can lead to a collusion attack. So, even though they are highly efficient, they have some security vulnerabilities that can violate the claims of the authors.

Abstract Ciphertext-policy attribute-based encryption(CP-ABE) is considered a promising solution for secure data sharing in the cloud environment. Although very well expressiveness in ABE constructions can be achieved using a linear secret sharing scheme(LSSS), there is a significant drawback in such constructions. In the LSSS-based ABE constructions, the number of heavy pairing operations increases with an increase in the number of required attributes in the decryption. In this paper, we propose an LSSS-based CP-ABE scheme with a fixed number of pairings(four pairings) during the decryption process. In our scheme increasing the number of required attributes in the decryption does not affect the number of pairings. The simulation shows that our scheme has significant advantages in the encryption and the decryption processes compared to previous schemes. In addition, we use the outsourcing method in the decryption to get better performance on the user side. The main burden of decryption computations is done by the cloud without revealing any information about the plaintext. Furthermore, in our revocation method, the users’ communication channels are not used during the revocation process. All of these features make our scheme suitable for applications such as IoT. The proposed scheme is selectively CPA-secure in the standard model.

Abstract Machine to machine (M2M) communication, which is also known as machine type communication (MTC), is one of the most fascinating parts of mobile communication technology and also an important practical application of the Internet of Things. The main objective of this type of communication, is handling massive heterogeneous devices with low network overheads and high security guarantees. Hence, various protocols and schemes were proposed to achieve security requirements in M2M communication and reduce computational and communication costs. In this paper, we propose the group-based secure lightweight handover authentication (GSLHA) protocol for M2M communication in LTE and future 5G networks. The proposed protocol mutually authenticates a group of MTC devices (MTCDs) and a new eNodeB (eNB) when these simultaneously enter the coverage of the eNB with considering all the cellular network requirements. The security analysis and formal verification by using the AVISPA tool show that the protocol has been able to achieve all the security goals and overcome various attacks. In addition, the comparative performance analysis of the handover authentication protocols shows that the proposed protocol has the best computational and communication overheads.

Abstract In the biclique attack, a shorter biclique usually results in less data complexity, but at the expense of more computational complexity. The early abort technique can be used in partial matching part of the biclique attack in order to slightly reduce the computations. In this paper, we make use of this technique, but instead of slight improvement in the computational complexity, we keep the amount of this complexity the same and reduce the data complexity enormously by a shorter biclique.
With this approach, we analysed full-round of LBlock, and also LBlock with modified key schedule (which was designed to resist biclique attack) both with data complexity 2^12, while the data complexity of the best biclique attack on the former was 2^52 and for the latter there is no attack on the full-round cipher, so far. Then we proposed a new key schedule that is more resistant against biclique cryptanalysis, though the low diffusion of the cipher makes it vulnerable to this attack regardless of the strength of the key schedule. Also using this method, we analyzed TWINE-80 with 2^12 data complexity. The lowest data complexity for the prior attack on the TWINE-80 was 2^60. In all the attacks presented in this paper, the computational complexities are slightly improved in comparison to the existing attacks.

Abstract In recent years, determining the common information privately and efficiently between two mutually mistrusting parties have become an important issue in social networks. Many Private Set Intersection (PSI) protocols have been introduced to address this issue. By applying these protocols, two parties can compute the intersection between their sets without disclosing any information about components that are not in the intersection. Due to the broad range of computational resources that the cloud can provide for its users, determining the set intersection by cloud may decrease the computational cost of the users. The proposed protocols by Abadi et al. are two protocols in this context. In this paper, we show that their protocols are vulnerable to eavesdropping attack. Also, a solution is proposed to secure the protocol against mentioned attack. Moreover, we analyze the performance of both O-PSI and modified O-PSI protocols and show that our scheme is comparable with the O-PSI protocol. Actually, one trivial solution for the Abadi et al.’s proposed schemes is to use a secure channel like TLS. However, in the performance evaluation, we compare our applied modification with this trivial solution, and show that our proposed modification is more efficient as some extra encryptions imposed by TLS are no longer required.

Abstract Impossible differential attack is a well-known mean to examine robustness of block ciphers. Using impossible differential cryptanalysis, we analyze security of a family of lightweight block ciphers, named Midori, that are designed considering low
energy consumption. Midori state size can be either 64 bits for Midori64 or 128 bits for Midori128; however, both versions have key size equal to 128 bits.
In this paper, we mainly study security of Midori64. To this end, we use various techniques such as early-abort, memory reallocation, miss-in-the-middle and turning to account the inadequate key schedule algorithm of Midori64. We first show two new 7round impossible differential characteristics which are, to the best of our knowledge, the longest impossible differential characteristics found for Midori64. Based on the new characteristics, we mount three impossible differential attacks for 10, 11, and 12 rounds on Midori64 with 2 87.7 , 2 90.63 , and 2 90.51 time complexity, respectively, to retrieve the master-key.

Abstract The A5/1 algorithm is one of the most famous stream cipher algorithms used for over-the-air communication privacy in GSM. The purpose of this paper is to analyze several weaknesses of A5/1, including an improvement to an attack and investigation of the A5/1 state transition. Biham and Dunkelman proposed an attack on A5/1 with a time and data complexity of 2^39.91and 2^21.1, respectively. In this paper, we propose a method for identification and elimination of useless states from the pre-computed tables and a new approach to access the table in the online phase of the attack which reduces the time complexity to 2^37.89 and the required memory in half. Furthermore, we discuss another weakness of A5/1 by investigating its internal state transition and its key stream sequence period. Consequently, the internal states are divided into two classes, initially periodic and ultimately periodic. The presented model is verified using a variety of simulations which are consistent with the theoretical results.

Abstract Chi-square tests are generally used for distinguishing purposes; however when they are combined to simultaneously test several independent variables, extra notation is required. In this study, the chi-square statistics in some previous works is revealed to be computed half of its real value. Therefore, the notion of Multi _ Chi-square tests is formulated to avoid possible future confusions. In order to show the application of Multi _ Chi square tests, two new tests are introduced and applied to reduce round Trivium as a special case. These tests are modifications of the ANF monomial test, and when applied to Trivium with the same number of rounds, the data complexity of them is roughly 2⁴ times smaller than that of former ANF monomial test. In a Multi _ Chi-square test the critical degrees of freedom is defined to be the minimum value of the degrees of freedom for which the test is successful at distinguishing the samples set from random. This study investigates the relation between this critical value and the chi-square statistic of a Multi _ Chi-square test. In the sequel, by exploiting this relation, a method to approximate the data complexity of a distinguishing Multi _ Chi-square test is introduced and shown to perform properly in the special case of reduced round Trivium.

Abstract Mu et al. have proposed an electronic voting protocol and claimed that it protects anonymity of voters, detects double voting and authenticates eligible voters. It has been shown that it does not protect voter's privacy and prevent double voting. After that, several schemes have been presented to fulfill these properties. However, many of them suffer from the same weaknesses. In this paper, getting Asadpour et al.'s scheme as one of the latest ones and showing its weaknesses, we propose a new voting scheme which is immune to the weaknesses of previous schemes without losing efficiency. The scheme, is based on a special structure, which directly uses the identity of the voter, hides it in that structure and reveals it after double voting. We also, show that the security of this scheme depends on hardness of RSA cryptosystem, Discrete Logarithm problem and Representation problem.