This document provides an introduction to a self-study course in block-cipher cryptanalysis. It outlines the course structure, which guides students through analyzing increasingly complex block ciphers by first reproducing published cryptanalyses and then developing their own attacks. The course is organized by topic, beginning with basic techniques like differential cryptanalysis and progressing to more advanced ciphers. The goal is for students to gain hands-on experience breaking algorithms in order to learn cryptanalysis and potentially develop publishable results.
This document provides a self-study course in block-cipher cryptanalysis organized by Schneier. It lists published block cipher algorithms and cryptanalyses in order of type and difficulty for students to attempt to reproduce published attacks. The goal is for students to gain experience breaking algorithms on their own to learn cryptanalysis techniques. Schneier provides background readings and guides students through lessons involving different attacks like differential and linear cryptanalysis against algorithms like DES, FEAL, and others.
1) The document provides advice for MSCS students at Georgia Tech, focusing on key skills and best practices to succeed in the program.
2) It emphasizes learning essential skills like using man pages and checking return values, as well as joining professional organizations, keeping up with technical news, and learning classic computer science texts.
3) The author also recommends choosing useful programming languages like C, learning version control, and balancing coursework by being aware of project due dates and not overloading certain classes.
The document discusses a presentation on ethical hacking by Amol Deshmukh, Dhiraj Bahakar, and Amol Dambale. It defines ethical hacking as legal hacking done with permission to identify vulnerabilities from the internet in a non-destructive manner. Ethical hacking is needed because hackers compromise computers to steal or damage information, while ethical hackers have the same skills but find vulnerabilities to improve security. The ethical hacking process involves formulating a plan, executing tests, and evaluating results to uncover vulnerabilities and strengthen the system.
Here is a brief presentation Jonathan Rajewski gave on March 15, 2012 in my FOR270 Anti-Forensics and Network Forensics course. The lecture was a mini lecture on Cryptanalysis and explored the encryption and decryption of the ROT13, Columnar Transposition Cipher and Vigenère Square .
Hacking involves gaining unauthorized access to computer systems, which is illegal. There are different types of hackers, including white hats who help find security vulnerabilities, black hats who hack with malicious intent, and grey hats in between. Reasons for hacking include financial gain, showing off skills, or just for fun. Experts recommend using antivirus software, avoiding suspicious links and downloads, and keeping software updated to help prevent hacking.
This document provides a tutorial on linear and differential cryptanalysis. It summarizes the attacks and applies them to a simple substitution-permutation network cipher as an example. The tutorial explains how to construct linear expressions to exploit the nonlinear properties of the cipher's S-boxes. It also introduces the "piling-up principle", which shows that combining independent biased variables results in a cumulative bias according to a simple formula. The overall goal is to provide an intuitive explanation of these cryptanalysis techniques for novice cryptanalysts.
this presentation is on block cipher modes which are used for encryption and decryption to any message.That are Defined by the National Institute of Standards and Technology . Block cipher modes of operation are part of symmetric key encryption algorithm.
i hope you may like this.
This document provides a self-study course in block-cipher cryptanalysis organized by Schneier. It lists published block cipher algorithms and cryptanalyses in order of type and difficulty for students to attempt to reproduce published attacks. The goal is for students to gain experience breaking algorithms on their own to learn cryptanalysis techniques. Schneier provides background readings and guides students through lessons involving different attacks like differential and linear cryptanalysis against algorithms like DES, FEAL, and others.
1) The document provides advice for MSCS students at Georgia Tech, focusing on key skills and best practices to succeed in the program.
2) It emphasizes learning essential skills like using man pages and checking return values, as well as joining professional organizations, keeping up with technical news, and learning classic computer science texts.
3) The author also recommends choosing useful programming languages like C, learning version control, and balancing coursework by being aware of project due dates and not overloading certain classes.
The document discusses a presentation on ethical hacking by Amol Deshmukh, Dhiraj Bahakar, and Amol Dambale. It defines ethical hacking as legal hacking done with permission to identify vulnerabilities from the internet in a non-destructive manner. Ethical hacking is needed because hackers compromise computers to steal or damage information, while ethical hackers have the same skills but find vulnerabilities to improve security. The ethical hacking process involves formulating a plan, executing tests, and evaluating results to uncover vulnerabilities and strengthen the system.
Here is a brief presentation Jonathan Rajewski gave on March 15, 2012 in my FOR270 Anti-Forensics and Network Forensics course. The lecture was a mini lecture on Cryptanalysis and explored the encryption and decryption of the ROT13, Columnar Transposition Cipher and Vigenère Square .
Hacking involves gaining unauthorized access to computer systems, which is illegal. There are different types of hackers, including white hats who help find security vulnerabilities, black hats who hack with malicious intent, and grey hats in between. Reasons for hacking include financial gain, showing off skills, or just for fun. Experts recommend using antivirus software, avoiding suspicious links and downloads, and keeping software updated to help prevent hacking.
This document provides a tutorial on linear and differential cryptanalysis. It summarizes the attacks and applies them to a simple substitution-permutation network cipher as an example. The tutorial explains how to construct linear expressions to exploit the nonlinear properties of the cipher's S-boxes. It also introduces the "piling-up principle", which shows that combining independent biased variables results in a cumulative bias according to a simple formula. The overall goal is to provide an intuitive explanation of these cryptanalysis techniques for novice cryptanalysts.
this presentation is on block cipher modes which are used for encryption and decryption to any message.That are Defined by the National Institute of Standards and Technology . Block cipher modes of operation are part of symmetric key encryption algorithm.
i hope you may like this.
RC4 is a symmetric key stream cipher algorithm invented in 1987. It operates by combining a pseudo-random keystream with plaintext using XOR operations. The keystream is generated from an initial random permutation of bytes. RC4 has been used to encrypt network traffic but weaknesses have been found, including biases in the early output bytes that allow recovery of encryption keys. While simple and fast, RC4 is no longer considered secure for many applications.
Hackers can be categorized into several types based on their activities and motivations. White hat hackers conduct security testing for non-malicious purposes, black hats violate security to cause harm or for personal gain, and grey hats may engage in both legal and illegal acts not for personal profit. Hackers may also be classified as elite, script kiddies with little technical skills, or neophytes just starting out. The term originally referred to programmers and computer enthusiasts in the 1960s who valued open information sharing. Over time distinct hacker subcultures formed around activities like hardware modification, art, and computer security.
In cryptography, a block cipher is a deterministic algorithm operating on ... Systems as a means to effectively improve security by combining simple operations such as .... Finally, the cipher should be easily cryptanalyzable, such that it can be ...
This document provides an overview of Kerberos, an authentication protocol used to securely identify clients within a non-secure network. It discusses Kerberos' design which includes clients, a Key Distribution Center (KDC) consisting of an authentication and ticket granting server, and services. It also defines common Kerberos terms and describes how Kerberos works by having the KDC issue tickets to allow clients access to services. Key features of Kerberos include centralized credential management and reduced protocol weaknesses. A limitation is that compromising the KDC puts the entire infrastructure at risk.
The document discusses the Data Encryption Standard (DES) cipher. It was the most widely used symmetric cipher but has been replaced by the Advanced Encryption Standard (AES). DES encrypts data in 64-bit blocks using a 56-bit key. It operates by applying an initial permutation to the plaintext block, dividing it into halves, and performing 16 rounds of substitution and permutation using 48-bit subkeys generated from the main key. Each round includes expanding, XORing with the subkey, and applying S-boxes and permutations to provide diffusion and confusion.
Kerberos : An Authentication ApplicationVidulatiwari
This document presents an overview of Kerberos authentication protocol. Kerberos was developed at MIT to provide strong authentication on insecure networks. It uses a centralized authentication server and relies on symmetric encryption. The document describes the requirements for Kerberos, differences between versions 4 and 5, key concepts like tickets and authenticators, and the message exchanges involved in the authentication process. The strengths of Kerberos are highlighted as mutual authentication between clients and servers without sending passwords in plain text across the network.
This document discusses the Kerberos authentication protocol. It provides a high-level overview of Kerberos, including its history, terminology, working, environment, database, and administrator. Kerberos provides strong authentication for physically insecure networks using trusted third parties and time-stamped tickets. While it ensures passwords are not sent in the clear, Kerberos is vulnerable if users choose poor passwords and relies on all machines being designed for its authentication.
Kerberos is a network authentication protocol that was developed at MIT in the 1980s to allow nodes communicating over an insecure network to verify each other's identity. It uses tickets and session keys to allow clients and servers to communicate over a non-secure network and establish the identity of the users and servers. The Kerberos authentication process involves three main exchanges between the client, authentication server (KDC), and target server to authenticate users and allow access to services.
Hacking involves modifying systems outside of their intended purpose. It is commonly done by teenagers and young adults using computers. Reasons for hacking include profit, protest, and challenge. Hacking can damage information, enable theft, compromise systems, and cost businesses millions per year. Hackers can be black hats who intend harm, white hats who perform security work, or gray hats who do both. Common attack types include DoS, password guessing, and man-in-the-middle. Hacking tools are widely available online, and passwords can be cracked using dictionary, brute force, and other attacks.
Hacking refers to gaining unauthorized access to computer systems or networks. There are different types of hacking such as website hacking, email hacking, network hacking, password hacking, and online banking hacking. Ethical hacking involves testing a system's security vulnerabilities to help secure it. The document discusses these types of hacking in further detail, explaining how they work and can be prevented. It emphasizes using strong passwords, protecting computers, only downloading from trusted sources, and not using public networks without protection. Ethical hackers play an important role in evaluating security systems.
Hacking can take many forms, both legal and illegal. The document outlines different types of hacking such as website, email, network, and password hacking. Ethical hacking is performed legally by computer experts to test vulnerabilities, while illegal hacking can have serious consequences like fines, imprisonment, and computer seizure. Proper precautions are recommended to prevent hacking threats.
This document provides an overview of the Kerberos network authentication protocol. It discusses that Kerberos was developed at MIT to allow secure authentication over insecure networks. It provides a high-level overview of how Kerberos uses tickets and session keys to authenticate users and allow access to services without reentering passwords. The document also summarizes the Needham-Schroeder protocol that inspired part of Kerberos' design and discusses some applications and weaknesses of the Kerberos protocol.
This document discusses ethical hacking. It defines ethical hacking as testing systems for security purposes with permission, compared to cracking which is hacking without permission for malicious reasons. It outlines different types of hackers like script kiddies, white hat hackers who hack legally for security work, grey hat hackers who can help or harm, and black hat hackers who hack criminally. The document advises on security practices like using antiviruses and strong passwords to prevent hacking.
This document provides an overview of cryptography. It defines cryptography as the science of securing messages from attacks. It discusses basic cryptography terms like plain text, cipher text, encryption, decryption, and keys. It describes symmetric key cryptography, where the same key is used for encryption and decryption, and asymmetric key cryptography, which uses different public and private keys. It also covers traditional cipher techniques like substitution and transposition ciphers. The document concludes by listing some applications of cryptography like e-commerce, secure data, and access control.
1. Formulate a testing plan with the client to identify systems to evaluate and the scope of testing allowed.
2. Remotely or locally access the target systems to find vulnerabilities by simulating common attacks.
3. Report any found vulnerabilities to the client along with recommendations on how to remedy security issues.
The document discusses ethical hacking and describes hackers. It defines ethical hacking as evaluating a system's security vulnerabilities by attempting to break into computer systems. Ethical hackers possess strong programming and networking skills and detailed hardware/software knowledge. They evaluate systems by determining what intruders can access, what they can do with that information, and if intruder attempts can be detected. The document outlines different types of hackers and classes them as black hats, white hats, gray hats, and ethical hackers based on their motivations and how they use their skills.
The document provides an overview of encryption, including what it is, why it is used, and how it works. Encryption is the process of encoding information to protect it, while decryption is decoding the information. There are two main types of encryption: asymmetric encryption which uses public and private keys, and symmetric encryption which uses a shared key. Encryption is used to secure important data like health records, credit cards, and student information from being stolen or read without permission. It allows senders to encode plain text into ciphertext using a key.
This document provides an overview of various computer networking concepts and components. It begins with definitions of networking basics like communications and telecommunications. It then describes the essential parts of a basic network including a message, transmitter, medium, receiver and destination. The document outlines different network topologies like bus, ring, star, star-bus and mesh. It also discusses network types like peer-to-peer and client-server networks. The document provides details on common networking media and components including coaxial cable, twisted pair cables, optical fibers, wireless transmission, hubs, gateways, routers, bridges and switches. It concludes with a brief introduction to the IEEE 802 family of standards related to local and metropolitan area networks.
The document discusses security threats and solutions for e-commerce. It outlines various threats like human error, espionage, hacking and fraud. It then describes goals of network security like confidentiality, integrity and authentication. Further, it explains encryption techniques like symmetric algorithms (DES, 3DES, AES), asymmetric algorithms and digital signatures to secure e-commerce transactions and communication channels. Key requirements for e-commerce security are also highlighted such as message privacy, integrity, authentication and non-repudiation of transactions.
This document provides an introduction and overview of a course on data structures and algorithms. It discusses the importance and fundamental nature of the topics covered in the course. The course will focus on commonly used data structures like lists, trees, and graphs, as well as related algorithms for tasks like searching, sorting, and graph operations. It will also cover reasoning about the correctness and efficiency of algorithms. The document provides recommendations for textbooks to reference and related courses that provide useful background knowledge.
This document provides an introduction and overview of a course on data structures and algorithms. It discusses the importance and fundamental nature of the topics covered in the course. The course will focus on commonly used data structures like lists, trees, and graphs, as well as related algorithms for tasks like searching, sorting, and graph operations. It will also cover reasoning about the correctness and efficiency of algorithms. The document provides recommendations for textbooks to reference and related courses that provide useful background knowledge.
RC4 is a symmetric key stream cipher algorithm invented in 1987. It operates by combining a pseudo-random keystream with plaintext using XOR operations. The keystream is generated from an initial random permutation of bytes. RC4 has been used to encrypt network traffic but weaknesses have been found, including biases in the early output bytes that allow recovery of encryption keys. While simple and fast, RC4 is no longer considered secure for many applications.
Hackers can be categorized into several types based on their activities and motivations. White hat hackers conduct security testing for non-malicious purposes, black hats violate security to cause harm or for personal gain, and grey hats may engage in both legal and illegal acts not for personal profit. Hackers may also be classified as elite, script kiddies with little technical skills, or neophytes just starting out. The term originally referred to programmers and computer enthusiasts in the 1960s who valued open information sharing. Over time distinct hacker subcultures formed around activities like hardware modification, art, and computer security.
In cryptography, a block cipher is a deterministic algorithm operating on ... Systems as a means to effectively improve security by combining simple operations such as .... Finally, the cipher should be easily cryptanalyzable, such that it can be ...
This document provides an overview of Kerberos, an authentication protocol used to securely identify clients within a non-secure network. It discusses Kerberos' design which includes clients, a Key Distribution Center (KDC) consisting of an authentication and ticket granting server, and services. It also defines common Kerberos terms and describes how Kerberos works by having the KDC issue tickets to allow clients access to services. Key features of Kerberos include centralized credential management and reduced protocol weaknesses. A limitation is that compromising the KDC puts the entire infrastructure at risk.
The document discusses the Data Encryption Standard (DES) cipher. It was the most widely used symmetric cipher but has been replaced by the Advanced Encryption Standard (AES). DES encrypts data in 64-bit blocks using a 56-bit key. It operates by applying an initial permutation to the plaintext block, dividing it into halves, and performing 16 rounds of substitution and permutation using 48-bit subkeys generated from the main key. Each round includes expanding, XORing with the subkey, and applying S-boxes and permutations to provide diffusion and confusion.
Kerberos : An Authentication ApplicationVidulatiwari
This document presents an overview of Kerberos authentication protocol. Kerberos was developed at MIT to provide strong authentication on insecure networks. It uses a centralized authentication server and relies on symmetric encryption. The document describes the requirements for Kerberos, differences between versions 4 and 5, key concepts like tickets and authenticators, and the message exchanges involved in the authentication process. The strengths of Kerberos are highlighted as mutual authentication between clients and servers without sending passwords in plain text across the network.
This document discusses the Kerberos authentication protocol. It provides a high-level overview of Kerberos, including its history, terminology, working, environment, database, and administrator. Kerberos provides strong authentication for physically insecure networks using trusted third parties and time-stamped tickets. While it ensures passwords are not sent in the clear, Kerberos is vulnerable if users choose poor passwords and relies on all machines being designed for its authentication.
Kerberos is a network authentication protocol that was developed at MIT in the 1980s to allow nodes communicating over an insecure network to verify each other's identity. It uses tickets and session keys to allow clients and servers to communicate over a non-secure network and establish the identity of the users and servers. The Kerberos authentication process involves three main exchanges between the client, authentication server (KDC), and target server to authenticate users and allow access to services.
Hacking involves modifying systems outside of their intended purpose. It is commonly done by teenagers and young adults using computers. Reasons for hacking include profit, protest, and challenge. Hacking can damage information, enable theft, compromise systems, and cost businesses millions per year. Hackers can be black hats who intend harm, white hats who perform security work, or gray hats who do both. Common attack types include DoS, password guessing, and man-in-the-middle. Hacking tools are widely available online, and passwords can be cracked using dictionary, brute force, and other attacks.
Hacking refers to gaining unauthorized access to computer systems or networks. There are different types of hacking such as website hacking, email hacking, network hacking, password hacking, and online banking hacking. Ethical hacking involves testing a system's security vulnerabilities to help secure it. The document discusses these types of hacking in further detail, explaining how they work and can be prevented. It emphasizes using strong passwords, protecting computers, only downloading from trusted sources, and not using public networks without protection. Ethical hackers play an important role in evaluating security systems.
Hacking can take many forms, both legal and illegal. The document outlines different types of hacking such as website, email, network, and password hacking. Ethical hacking is performed legally by computer experts to test vulnerabilities, while illegal hacking can have serious consequences like fines, imprisonment, and computer seizure. Proper precautions are recommended to prevent hacking threats.
This document provides an overview of the Kerberos network authentication protocol. It discusses that Kerberos was developed at MIT to allow secure authentication over insecure networks. It provides a high-level overview of how Kerberos uses tickets and session keys to authenticate users and allow access to services without reentering passwords. The document also summarizes the Needham-Schroeder protocol that inspired part of Kerberos' design and discusses some applications and weaknesses of the Kerberos protocol.
This document discusses ethical hacking. It defines ethical hacking as testing systems for security purposes with permission, compared to cracking which is hacking without permission for malicious reasons. It outlines different types of hackers like script kiddies, white hat hackers who hack legally for security work, grey hat hackers who can help or harm, and black hat hackers who hack criminally. The document advises on security practices like using antiviruses and strong passwords to prevent hacking.
This document provides an overview of cryptography. It defines cryptography as the science of securing messages from attacks. It discusses basic cryptography terms like plain text, cipher text, encryption, decryption, and keys. It describes symmetric key cryptography, where the same key is used for encryption and decryption, and asymmetric key cryptography, which uses different public and private keys. It also covers traditional cipher techniques like substitution and transposition ciphers. The document concludes by listing some applications of cryptography like e-commerce, secure data, and access control.
1. Formulate a testing plan with the client to identify systems to evaluate and the scope of testing allowed.
2. Remotely or locally access the target systems to find vulnerabilities by simulating common attacks.
3. Report any found vulnerabilities to the client along with recommendations on how to remedy security issues.
The document discusses ethical hacking and describes hackers. It defines ethical hacking as evaluating a system's security vulnerabilities by attempting to break into computer systems. Ethical hackers possess strong programming and networking skills and detailed hardware/software knowledge. They evaluate systems by determining what intruders can access, what they can do with that information, and if intruder attempts can be detected. The document outlines different types of hackers and classes them as black hats, white hats, gray hats, and ethical hackers based on their motivations and how they use their skills.
The document provides an overview of encryption, including what it is, why it is used, and how it works. Encryption is the process of encoding information to protect it, while decryption is decoding the information. There are two main types of encryption: asymmetric encryption which uses public and private keys, and symmetric encryption which uses a shared key. Encryption is used to secure important data like health records, credit cards, and student information from being stolen or read without permission. It allows senders to encode plain text into ciphertext using a key.
This document provides an overview of various computer networking concepts and components. It begins with definitions of networking basics like communications and telecommunications. It then describes the essential parts of a basic network including a message, transmitter, medium, receiver and destination. The document outlines different network topologies like bus, ring, star, star-bus and mesh. It also discusses network types like peer-to-peer and client-server networks. The document provides details on common networking media and components including coaxial cable, twisted pair cables, optical fibers, wireless transmission, hubs, gateways, routers, bridges and switches. It concludes with a brief introduction to the IEEE 802 family of standards related to local and metropolitan area networks.
The document discusses security threats and solutions for e-commerce. It outlines various threats like human error, espionage, hacking and fraud. It then describes goals of network security like confidentiality, integrity and authentication. Further, it explains encryption techniques like symmetric algorithms (DES, 3DES, AES), asymmetric algorithms and digital signatures to secure e-commerce transactions and communication channels. Key requirements for e-commerce security are also highlighted such as message privacy, integrity, authentication and non-repudiation of transactions.
This document provides an introduction and overview of a course on data structures and algorithms. It discusses the importance and fundamental nature of the topics covered in the course. The course will focus on commonly used data structures like lists, trees, and graphs, as well as related algorithms for tasks like searching, sorting, and graph operations. It will also cover reasoning about the correctness and efficiency of algorithms. The document provides recommendations for textbooks to reference and related courses that provide useful background knowledge.
This document provides an introduction and overview of a course on data structures and algorithms. It discusses the importance and fundamental nature of the topics covered in the course. The course will focus on commonly used data structures like lists, trees, and graphs, as well as related algorithms for tasks like searching, sorting, and graph operations. It will also cover reasoning about the correctness and efficiency of algorithms. The document provides recommendations for textbooks to reference and related courses that provide useful background knowledge.
This document provides a summary of a study guide for logic written by Peter Smith. Some key points:
- The study guide aims to help philosophy and mathematics students teach themselves logic, as many universities do not offer sufficient logic courses.
- It covers material from introductory logic up to advanced topics in areas like model theory, computability, and set theory. Readers can choose which sections are most relevant.
- The study guide is long due to its broad scope, but readers should not feel overwhelmed and can jump around to topics that interest them. It provides recommendations on textbooks and how to structure independent logic learning.
This document provides a summary of a study guide for logic written by Peter Smith. Some key points:
- The study guide aims to help philosophy and mathematics students teach themselves logic, as many universities do not offer sufficient logic courses.
- It covers material from introductory logic up to advanced topics in areas like model theory, computability, and set theory. Readers can choose which sections are most relevant.
- The author hopes the guide will help students navigate the large literature on logic and find appropriate textbooks to work through independently or in study groups. It draws on the author's experience teaching logic and accumulating over 300 logic textbooks over many years.
This document summarizes the key stages and steps for conducting an effective literature review. It outlines three main stages: 1) acquiring general domain knowledge and identifying problems, 2) identifying solution approaches and active communities, and 3) building a solution to the identified problem. It provides guidance on finding relevant literature sources and following citation trails. The document also reviews the objectives and procedures for each stage of the literature review process to ensure a thorough understanding of the problem domain and approaches.
This document provides guidance on structuring and presenting data in the dissertation process. It discusses:
1. The importance of structuring the data presentation chapter logically based on themes, objectives, or concepts from the literature review rather than just presenting all raw data.
2. The need to discuss sampling methods, validity, and reliability to establish credibility before presenting any findings.
3. Tips for effective data presentation including using tables, figures, and narrative analysis to interpret results while maintaining objectivity and considering multiple explanations.
4. The chapter should draw specific conclusions from each data cluster or theme but stop short of overall conclusions, leaving synthesis for the end. Proper referencing is also emphasized.
This document provides guidance on structuring and presenting data in the dissertation process. It discusses:
1. The importance of structuring the data presentation chapter logically based on themes, objectives, or concepts from the literature review rather than just presenting all raw data.
2. The need to discuss sampling methods, validity, and reliability to establish credibility before presenting any findings.
3. Tips for effective data presentation including using tables, figures, and providing clear interpretation to avoid assumptions. Conclusions should be drawn throughout to aid readability.
4. The chapter should conclude by revisiting the research aims and objectives and synthesizing any overall conclusions or recommendations, while considering implications and need for further work.
The document discusses two patterns - FINALLY FOR EACH RELEASE and EXECUTE-AROUND METHOD - for dealing with exception safety when acquiring and releasing resources in Java. FINALLY FOR EACH RELEASE uses try-finally blocks to ensure resources are released after acquisition even if an exception occurs during use. EXECUTE-AROUND METHOD avoids repetition by encapsulating the acquire, use, and release steps in a single method. The document also discusses how Java idioms are influenced by language features and how patterns must consider context and consequences to avoid unintended issues.
This document provides guidance on qualitative data analysis methods, including:
- The process of immersion in qualitative data through repeated reading/listening to become familiar with the content.
- Coding qualitative data by applying abstract representations or labels to segments of data that are relevant to the research question.
- Developing codes that are data-derived (based on the explicit content) or researcher-derived (conceptual interpretations).
- Using analytical memos and diaries to document the analysis process, including emerging codes, themes, and interpretations.
- Identifying themes by examining codes for patterns and relationships that answer the research question. Themes capture broader meanings than codes.
CHAPTER 18 MaNagiNg risk aND rEcOVEry 645 1 conduct.docxketurahhazelhurst
CHAPTER 18 MaNagiNg risk aND rEcOVEry 645
1 conduct a survey amongst colleagues, friends and acquaintances of how they cope with the
possibility that their computers might ‘fail’, either in terms of ceasing to operate effectively, or
in losing data. Discuss how the concept of redundancy applies in such failure.
2 ‘ We have a test bank where we test batches of 100 of our products continuously for 7 days and
nights. This week only 3 failed, the first after 10 hours, the second after 72 hours, and the third after
1,020 hours. ’ What is the failure rate in percentage terms and in time terms for this product?
3 an automatic testing process takes samples of ore from mining companies and subjects them
to four sequential tests. The reliability of the four different test machines that perform the
tasks is different. The first test machine has a reliability of 0.99, the second has a reliability
of 0.92, the third has a reliability of 0.98, and the fourth a reliability of 0.95. if one of the
machines stops working, the total process will stop. What is the reliability of the total process?
4 For the product-testing example in Problem 2, what is the mean time between failures (MTBF)
for the products?
5 in terms of its effectiveness at managing the learning process, how does a university detect
failures? What could it do to improve its failure detection processes?
6 review your own (and your friends’) approach to protecting against malicious data theft.
What is the biggest risk that you/they face?
SELECTED FURTHER READING
Breakwell, G.M. (2014) The psychology of risk , Cambridge University Press, Cambridge.
an interesting book focused on the broader psychological aspects of risk.
Melnyk, S., Closs, D., Griffis, S., Zobel, C. and Macdonald, J. (2014) Understanding supply chain
resilience, Supply Chain Management Review , January/February, 34–41.
a nice article outlining the key aspects of failure, prevention and resilience in operations and supply
networks.
Regester , M. and Larkin, J. (2008) Risk Issues and Crisis Management: A Casebook of Best Practice ,
Kogan Page, London .
aimed at practising managers with lots of advice. good for getting the flavour of how it is in practice.
Simchi-Levi, D., Schmidt, W. and Wei, Y. (2014) From superstorms to factory fires: managing
unpredictable supply-chain disruptions, Harvard Business Review , vol. 92, no. 1–2, 97–101.
another practitioner-focused article looking at the low-probability, high-impact end of the failure
continuum.
PROBLEMS AND APPLICATIONS
M18_SLAC8678_08_SE_C18.indd 645 6/2/16 1:50 PM
Sociology 517 Graduate Seminar: Professor Matsueda
Deviance and Social Control: Criminological Theory Spring 2015
WRITING A USEFUL PRÉCIS FOR A RESEARCH ARTICLE
An important skill that academic researchers inevitably acquire is a way of writing a brief synopsis, or
préci ...
What makes a model simple? Do we know what is likely before we see data? Can we use this to make better models. Existing and new approaches for bringing in more knowledge to solve machine learning problems.
Coding in Deductive Qualitative AnalysisJane Gilgun
This article discusses how to use open, axial, and selective coding in the analysis of qualitative data when researchers conduct studies using deductive qualitative analysis (DQA). Unlike grounded theory, DQA begins with preliminary codes that both guide the research and that researchers expect to test and to change in the course of doing the research. This article reports on email exchanges with two students that Jane Gilgun had. Jane is a professor at the University of Minnesota, Twin Cities, USA. the students are Anke Reints, a PhD student at the Vrije Universiteit Brussel, Belgium, and Ben Duncan, a student at Tennessee State University, USA.
This document provides tips for writing a thesis. It discusses starting the writing process early by choosing a title and outline. The outline should summarize the argument in one sentence for each chapter. Material should be collected in a binder as it is researched. Examiners will want to understand the thesis quickly, so the abstract, conclusions, and contents should clearly convey the purpose and findings. Getting feedback from others helps improve the thesis before examination. Regularly interacting with potential examiners also helps them understand and appreciate the research.
CSEC640 - Weeks 4 and 5 Individual Assignment
Description
The course module #4 covers very important concepts of how Denial of Service (DoS) attacks work.
However, the module does not discuss detection, prevention, or mitigation of DoS attacks (or
Distributed DoS). The task of this individual assignment is to write a research paper/report in these
topics.
The document discusses organizing computational biology projects. It recommends using a logical directory structure with a common root directory for related projects. Within each project directory, it suggests top-level directories for data, results, source code, documents, and binaries. For results directories, it advises creating subdirectories for each experiment with names indicating the date and topic. Maintaining a lab notebook to document experiments and their progress and conclusions is also recommended.
This document provides an introduction to Howard Seltman's book on experimental design and analysis. It outlines the course objectives to teach students the relationships between experimental design concepts and statistical analysis methods. While focusing on examples from the behavioral and social sciences, the content is applicable across disciplines. The book emphasizes learning statistical analysis through hands-on practice with real and simulated data sets. It provides typographical conventions to guide readers through both core and optional material. The author's background in clinical research and statistics is intended to benefit students in properly designing, analyzing and interpreting experimental results.
ISSC362Course SummaryCourse ISSC362 Title IT SecuritTatianaMajor22
ISSC362
Course Summary
Course : ISSC362 Title : IT Security: Attack & Defense
Length of Course : 8 Faculty :
Prerequisites : N/A Credit Hours : 3
Description
Course Description:
This course examines the techniques and technologies for penetration of networks, detection of attacks, and
prevention of attacks. This course addresses the techniques, the technologies, and the methodologies used
by cyber intruders (hackers) to select a target and launch an attack. Students will gain insight into the motives
and desired goals of hackers as well as effective tools and techniques used as countermeasures ensuring
data assets remain secure. This course focuses on techniques and technologies to detect such attacks even
while the attack is in progress; early detection enables the administrator to track the movements of the
hacker and to discover the intent and goals of the hacker. This course assesses the various
countermeasures to keep the system out of the “sights” of the hacker and to keep the hacker out of the
perimeter of the target network. This course also explores the laws and the legal considerations in
prosecuting computer crime.
Course Scope:
This course will allow students to see how attacks target networks and the methodology they follow. Students
will also learn how to respond to hacking attacks and how to fend them off. With the help of the experts in the
Information Systems Security and Assurance Series, the book will provide examples of information security
concepts and procedures are presented throughout the course.
Page: 1 of 8 Date: 6/21/2020 3:01:15 AM
Objectives
After successfully completing this course, you will be able to:
1. Show how attackers map organizations
2. Describe common port scanning techniques
3. Identify some of the tools used to perform enumeration
4. Explain the significance of wireless security
5. List the issues facing Web servers
6. Describe the characteristics of malware
7. List the ways of detecting Trojans
8. Describe the process of DoS attacks
9. Describe the benefits of automated assessment tools
10. List the components of incident response
11. List the detective methods of IDS
Outline
Week 1: Course Overview Getting Started Introduction to Ethical Hacking
Activities
Reading: Chapters 1, 2, 3 and 4
PPT Review: Lessons 1, 2 and 3 (Physical Security)
Week 1 Discussion
Lab
Week 2: Footprinting, Port Scanning and Enumeration
Activities
Reading: Chapters 5, 6, and 7
PPT Review: Lessons 3 (Footprinting) and 4
Week 2 Discussion
Lab
Week 3: Web and Database Attacks
Activities
Reading: Chapter 9
PPT Review: Lesson 6
Week 3 Discussion
Lab
Page: 2 of 8 Date: 6/21/2020 3:01:15 AM
Week 4: Malware, Worms, Viruses, Trojans and Backdoors
Activities
Reading: Chapters 10 and 11
PPT Review: Lesson 7
Week 4 Discussion
Lab
Week 5: Network Traffic Analysis
Activities
Reading: Chapters 12 and 13
PPT Review: Lesson 8
Week 5 Discussion
Midterm
Lab
Week 6: Wireless Vulnerabilities
Act ...
This document provides an overview and introduction to the textbook "Experimental Design and Analysis" by Howard J. Seltman. The textbook is intended as required reading material for an experimental design course taught at Carnegie Mellon University.
The introduction outlines some of the key topics that will be covered in the textbook, including experimental design principles, specific experimental design types and their corresponding statistical analyses, and concepts like power and multiple comparisons. It also provides background on the author's experience in experimental design and statistical analysis from both an academic and clinical perspective.
The document concludes by outlining the overall structure and contents of the textbook, with the early chapters providing a review of relevant statistical concepts and later chapters covering specific experimental designs and analyses in more
This document outlines the structure and objectives of a workshop on Grounded Theory. The workshop will introduce participants to the basic principles and procedures of Grounded Theory. It will cover topics such as the origins and theoretical underpinnings of Grounded Theory, how to conduct Grounded Theory research through procedures like open coding, theoretical sampling and memo writing, and putting the analysis together to build a theory. By the end of the workshop, participants will understand and have hands-on experience with Grounded Theory to help inform their own research.
This document discusses different levels of research in computer science, from exploratory work to proofs. It begins by defining research and the scientific method. It then outlines 5 levels of research:
1) Product or implementation, which can be innovative but lacks a hypothesis.
2) Proposing something different through a new approach or application with literature review.
3) Proposing something supposedly better by improving on existing well-studied problems.
4) Achieving provably better results on standard benchmarks and advancing the state of the art.
5) Engaging in theoretical proof work through theorems and lemmas to address problems. The role of the supervisor in advising the research is also discussed.
Similar to A SELF-STUDY COURSE IN BLOCK-CIPHER CRYPTANALYSIS Bruce Schneier (20)
Securing the Data in Big Data Security Analytics by Kevin Bowers, Nikos Triandopoulos of RSA Laboratories and catherine Hart and Ari Juels of Bell Canada
The document discusses mobile device security concerns for enterprises and proposes a solution using Good Technology's mobile device management platform. It outlines key security risks like protecting confidential data and access. The proposed solution would allow centralized management of various mobile platforms through Good while leveraging existing Exchange and Blackberry investments. It compares the costs and architecture of Good Technology to the existing Blackberry Enterprise Server solution, finding Good Technology more cost effective. The document also discusses business, legal and privacy considerations of the proposed employee-owned mobile device policy.
Mark K. Mellis of Stanford University's Information Security Office gave a briefing on securing mobile devices. He discussed risks of loss, theft, or spying of mobile devices and tips for using passcodes, updating software, backups, and encryption. If a device is lost or stolen, he recommends immediately changing network passwords and potentially wiping the device remotely if it is enrolled in Stanford's Mobile Device Management program.
IBM Security Strategy Intelligence, Integration and Expertise
by Marc van Zadelhoff, VP, WW Strategy and Product Management and Joe Ruthven IBM MEA Security Leader
This document discusses the challenges that big data poses for cybersecurity. It notes that the volume, variety, and velocity of data has increased dramatically due to factors like the growth of the internet and consumer technology. This has led to unprecedented growth in cyber threats that security companies must address. The document argues that successfully protecting users requires efficiently processing big data to generate intelligence through techniques like specialized search algorithms, machine learning, and analyzing relationships in the data. It maintains that a combination of automated analysis and human insight is needed to understand the evolving threat landscape.
This document outlines the top 10 big data security and privacy challenges as identified by the Cloud Security Alliance. It discusses each challenge in terms of use cases. The challenges are: 1) secure computations in distributed programming frameworks, 2) security best practices for non-relational data stores, 3) secure data storage and transaction logs, 4) end-point input validation/filtering, 5) real-time security/compliance monitoring, 6) scalable and composable privacy-preserving data mining and analytics, 7) cryptographically enforced access control and secure communication, 8) granular access control, 9) granular audits, and 10) data provenance. Each challenge is described briefly and accompanied by example use cases.
The document discusses big data analysis and provides an introduction to key concepts. It is divided into three parts: Part 1 introduces big data and Hadoop, the open-source software framework for storing and processing large datasets. Part 2 provides a very quick introduction to understanding data and analyzing data, intended for those new to the topic. Part 3 discusses concepts and references to use cases for big data analysis in the airline industry, intended for more advanced readers. The document aims to familiarize business and management users with big data analysis terms and thinking processes for formulating analytical questions to address business problems.
This document provides an overview of public key infrastructure (PKI). It discusses how PKI uses public key cryptography and digital certificates to securely distribute public keys. A PKI relies on certificate authorities (CAs) to issue and revoke certificates binding public keys to their owners. It also discusses the roles of CAs, registration authorities, repositories, and clients in a PKI. The document outlines how standards bodies are working to develop PKI standards and the need for testing interoperability between PKI components. It notes that while PKI can support some applications today, a global public key infrastructure is not yet achievable and full interoperability has not been established.
The document provides an overview of public key infrastructure (PKI) and how it works. It explains foundational concepts like encryption, authentication, and digital signatures. It then discusses how PKI enables the use of public/private key cryptography to securely distribute keys and authenticate parties through the use of digital certificates verified by a certificate authority. The document covers common algorithms like RSA, ECC, AES, and hash functions and provides recommendations around implementing and securing a PKI.
This document discusses public key infrastructures (PKI) and their components. It describes how PKI can enable secure communication, notarization, time-stamping, non-repudiation, and privilege management through the use of certificates, digital signatures, and trusted third parties. It also outlines some of the pitfalls of PKI, such as key compromises, difficulties with revocation, and human errors in certificate validation. Finally, it examines the technical details of how certificates, certification authorities, certificate paths, and trust models function within a PKI.
This document provides an introduction to distributed security concepts and public key infrastructure (PKI). It describes different methods of remote access computing including single sign-on using Kerberos or NIS. It also discusses security building blocks like encryption, digital signatures, and hash algorithms. The document outlines the key elements of PKI including certificate authorities, public/private key pairs, identity certificates, and LDAP servers. It provides details on SSL/TLS and the SSL handshake process.
The Open Science Grid (OSG) is a collaboration between scientific communities, universities, and laboratories to operate a shared high-performance computing infrastructure. The OSG provides common software, security, and services to enable distributed computing across contributed resources. It supports over 30 user communities, including physics experiments like ATLAS and LIGO. The OSG aims to make scientific research more effective by stimulating new computational approaches and building expertise for future distributed computing. It faces challenges in sustaining resources, ensuring security and software evolution, optimizing resource sharing, and maintaining community collaboration at its large scale.
The Open Science Grid Consortium aims to build a sustainable national production Grid infrastructure in the United States that will support scientific collaborations. It will build upon existing Grid infrastructures like Grid3 and SAMGrid by integrating distributed computing facilities at laboratories and universities. The Consortium plans to evolve this infrastructure to meet the long-term computational needs of the experimental physics community in the US, which will require increasing its scale, performance, and capabilities by an order of magnitude or more. It also seeks to accommodate the needs of other science partners by developing a flexible framework of services and ensuring the coherent operation of the whole system.
This document summarizes a presentation on grid security given at an Atlas Tier 2 meeting. It discusses the rapidly changing security environment with new federal guidelines, threats from attacks and vulnerabilities in middleware and applications. Recent security events from the past weeks are noted. The presentation emphasizes designing security into systems from the beginning through practices like mutual authentication, logging, and patching. Examples from SLAC's Atlas experience and a proposed updated user agreement policy are provided. The Open Science Grid security team and plans for security auditing, dynamic firewall ports, identity management and securing middleware are briefly outlined.
The document summarizes the security activities of the Open Science Grid (OSG). It discusses OSG's goals of enabling open science collaboration while maintaining security. OSG models its security operations on the NIST 800-53 guidelines and uses an integrated security management approach. Key activities include vulnerability management, inter-grid coordination, education and training, and an iterative process of assessing and improving controls. The overall aim is to support scientific research securely and without hindering open collaboration.
This document outlines the goals and procedures of the OSG Security team. It discusses operational security through vulnerability identification, fire drills to test readiness, and educating members. The document describes how to report security incidents and software vulnerabilities. It provides information on OSG certificates and the registration and approval process. Upcoming fire drills are mentioned to test jobs submitted through Glide-in WMS. Finally, it notes security tools and packages provided like CA cert bundles and Pakiti vulnerability database.
Andrew Hanushevsky gave a presentation on using xrootd proxies to provide scalable and secure remote access to data. Proxies allow clients outside a firewall to access data servers behind the firewall. Proxy clusters provide load balancing and redundancy. Authentication between proxies and servers can be handled through a security transformation that establishes a shared session key. This simplifies key management in large clustered systems and allows access across multiple firewalls. xrootd was designed with security in mind through features like support for security transforms and easy administration of clustered proxies.
The document summarizes a presentation given at the MWSG Meeting at Stanford Linear Accelerator Laboratory on June 5-6, 2006. The presentation discusses the Privilege Project, including its goals of delivering finer-grained authorization of processing resources, key achievements in deploying the authorization infrastructure, and current and future plans such as simplifying the architecture and extending privilege enforcement to network management.
More from Information Security Awareness Group (20)
Beyond Degrees - Empowering the Workforce in the Context of Skills-First.pptxEduSkills OECD
Iván Bornacelly, Policy Analyst at the OECD Centre for Skills, OECD, presents at the webinar 'Tackling job market gaps with a skills-first approach' on 12 June 2024
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) CurriculumMJDuyan
(𝐓𝐋𝐄 𝟏𝟎𝟎) (𝐋𝐞𝐬𝐬𝐨𝐧 𝟏)-𝐏𝐫𝐞𝐥𝐢𝐦𝐬
𝐃𝐢𝐬𝐜𝐮𝐬𝐬 𝐭𝐡𝐞 𝐄𝐏𝐏 𝐂𝐮𝐫𝐫𝐢𝐜𝐮𝐥𝐮𝐦 𝐢𝐧 𝐭𝐡𝐞 𝐏𝐡𝐢𝐥𝐢𝐩𝐩𝐢𝐧𝐞𝐬:
- Understand the goals and objectives of the Edukasyong Pantahanan at Pangkabuhayan (EPP) curriculum, recognizing its importance in fostering practical life skills and values among students. Students will also be able to identify the key components and subjects covered, such as agriculture, home economics, industrial arts, and information and communication technology.
𝐄𝐱𝐩𝐥𝐚𝐢𝐧 𝐭𝐡𝐞 𝐍𝐚𝐭𝐮𝐫𝐞 𝐚𝐧𝐝 𝐒𝐜𝐨𝐩𝐞 𝐨𝐟 𝐚𝐧 𝐄𝐧𝐭𝐫𝐞𝐩𝐫𝐞𝐧𝐞𝐮𝐫:
-Define entrepreneurship, distinguishing it from general business activities by emphasizing its focus on innovation, risk-taking, and value creation. Students will describe the characteristics and traits of successful entrepreneurs, including their roles and responsibilities, and discuss the broader economic and social impacts of entrepreneurial activities on both local and global scales.
How Barcodes Can Be Leveraged Within Odoo 17Celine George
In this presentation, we will explore how barcodes can be leveraged within Odoo 17 to streamline our manufacturing processes. We will cover the configuration steps, how to utilize barcodes in different manufacturing scenarios, and the overall benefits of implementing this technology.
This presentation was provided by Racquel Jemison, Ph.D., Christina MacLaughlin, Ph.D., and Paulomi Majumder. Ph.D., all of the American Chemical Society, for the second session of NISO's 2024 Training Series "DEIA in the Scholarly Landscape." Session Two: 'Expanding Pathways to Publishing Careers,' was held June 13, 2024.
Level 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.pptHenry Hollis
The History of NZ 1870-1900.
Making of a Nation.
From the NZ Wars to Liberals,
Richard Seddon, George Grey,
Social Laboratory, New Zealand,
Confiscations, Kotahitanga, Kingitanga, Parliament, Suffrage, Repudiation, Economic Change, Agriculture, Gold Mining, Timber, Flax, Sheep, Dairying,
A Visual Guide to 1 Samuel | A Tale of Two HeartsSteve Thomason
These slides walk through the story of 1 Samuel. Samuel is the last judge of Israel. The people reject God and want a king. Saul is anointed as the first king, but he is not a good king. David, the shepherd boy is anointed and Saul is envious of him. David shows honor while Saul continues to self destruct.
A SELF-STUDY COURSE IN BLOCK-CIPHER CRYPTANALYSIS Bruce Schneier
1. A Self-Study Course in Block-Cipher Cryptanalysis
Schneier
A SELF-STUDY COURSE IN
BLOCK-CIPHER CRYPTANALYSIS
Bruce Schneier
ADDRESS: Counterpane Internet Security, In., 3031 Tisch Way, San Jose CA 95128 USA.
schneier@counterpane.com.
ABSTRACT: Studying cryptanalysis is difficult because there is no standard textbook, and
no way of knowing which cryptanalytic problems are suitable for different levels of students. This paper attempts to organize the existing literature of block-cipher cryptanalysis in a way that students can use to learn cryptanalytic techniques and ways to break
new algorithms.
KEYWORDS: Cryptanalysis, block ciphers.
1
INTRODUCTION
Ever since writing Applied Cryptography, I have been asked to recommend a
book on cryptanalysis. My unfortunate answer is that while there are several
good books on cryptography, there are no books, good or bad, on cryptanalysis.
It is a void that I don’t see being filled anytime soon; cryptanalysis is such a
fast-moving field that any book of techniques would be obsolete before it was
printed. And even if the book could somehow remain current, it would do little
to teach cryptanalysis.
The only way to learn cryptanalysis is through practice. A student simply
has to break algorithm after algorithm, inventing new techniques and modifying existing ones. Reading others’ cryptanalysis results helps, but there is no
substitute for experience.
This answer prompts another question: where does one get practice? The
Internet is an endless source of mediocre algorithm designs, and some even creep
into the academic literature, but the beginning cryptanalysis student has no way
of knowing which algorithms are worth studying and which are beyond his ability.
Trying to break algorithms that have already been broken (without looking at
the breaks first) is the only answer.
Now the question becomes: which ciphers should one try to break, and in
what order? This paper is my attempt at an answer, and in this answer, I hope
to facilitate the study of cryptanalysis.
1
2. CRYPTOLOGIA
Month Year
Volume
Number
This is a self-study course in block-cipher cryptanalysis. With it, a student
can follow a semi-ordered path through the academic literature and emerge out
the other side fully capable of breaking new algorithms and publishing new cryptanalytic results.
What I have done is to list published algorithms and published cryptanalyses
in a coherent order: by type of cryptanalysis and difficulty. A student’s task is
to read papers describing algorithms, and then attempt to reproduce published
cryptanalytic results. (It is definitely more difficult to learn cryptanalysis from
academic papers than from a distilled textbook, but the sooner a student gets
used to reading academic papers, the better off he will be.) The results, in other
published papers, serve as an “answer key.”
The answer key is never definitive; it is very probable that there are other,
and better, attacks than what has been published. Some cryptanalysis papers
contain mistakes. Students taking this course could end up with publishable
results themselves.
Even the best student will not be able to find every published break without
looking at the associated cryptanalysis paper. Many of these results were discovered by some of the best cryptanalytic minds in academia. I feel that a student
should spend at least a week trying to break an algorithm without looking at
the cryptanalysis paper, and after that just quickly skimming the result—or just
reading the abstract, introduction, and conclusion—and then again trying to
break the algorithm for at least another three days.
If a student still can’t break the cipher, it makes sense at this point to read and
study the published cryptanalysis. If a student can’t break any of the ciphers—
especially the easy ones—it’s a good indication that he should find another line
of work.
The lessons are in order, but the ordering is loose in places. The first lessons
are easier, but then I try to mix things up a bit. Students should feel free to skip
lessons that are hard and go back to them, or even skip a few entirely (there are
quite a lot of them). It is also not my intention for a student to fully complete
one lesson before going on to the next. A smart student will probably work on
several lessons at once.
Good luck.
2
WHAT DOES IT MEAN TO “BREAK” A CIPHER?
Breaking a cipher doesn’t necessarily mean finding a practical way for an eavesdropper to recover the plaintext from just the ciphertext. In academic cryptography, the rules are relaxed considerably. Breaking a cipher simply means
finding a weakness in the cipher that can be exploited with a complexity less
2
3. A Self-Study Course in Block-Cipher Cryptanalysis
Schneier
than brute-force. Never mind that brute-force might require 2128 encryptions; an
attack requiring 2110 encryptions would be considered a break. Breaks might also
require unrealistic amounts of known or chosen plaintext—256 blocks—or unrealistic amounts of storage: 280 . Simply put, a break can just be a “certificational
weakness”: evidence that the cipher does not perform as advertised.
Successful cryptanalysis might mean showing a break against a reduced-round
variant of the cipher—8-round DES versus the full 16-round DES, for example—
or a simplified variant of the cipher. Most breaks start out as cryptanalysis
against reduced-round variants, and are eventually (maybe years later) extended
to the full cipher. In fact, a break on a reduced-round version of a cipher is often
a publishable result.
3
WHY BLOCK CIPHERS?
Academic research in block ciphers has progressed along a different course than
research in stream ciphers. Block cipher papers have traditionally been concrete designs (with specific parameters and names) or breaks of those designs.
Stream cipher papers are more often general design or analysis techniques, with
general applications and examples. While stream-cipher cryptanalysis is at
least as important as block cipher cryptanaysis, and in military circles more
important, it is much harder to string a course together using existing academic papers. A good survey paper on stream ciphers is available online at
http://www.rsasecurity.com/rsalabs/technotes.
4
PREREQUISITES
It will be almost impossible to understand some cryptanalytic results without
a good understanding of simple concepts from probability and statistics. The
Handbook of Applied Cryptography has a very fast-paced introduction of a great
deal of probability theory; however, students learning this for the first time may
find that a dedicated textbook on probability and statistics provides a gentler
introduction to the subject.
Other topics from discrete mathematics and computer science are also useful, though they are not strictly necessary to know. A student should know, or
be prepared to learn, linear algebra, group theory, complexity theory, combinatorics, and graph theory. These could be profitably studied concurrently with
cryptanalysis.
It is impossible to really understand a cryptanalytic attack without implementing it. Implementing an attack described in a paper can be very instructive;
implementing a new attack of your own invention often exposes subtleties that
3
4. CRYPTOLOGIA
Month Year
Volume
Number
theoretical analysis fails to. For that reason, mathematical programming in a
language such as C is also a required skill.
4.1
Historical Background
The cryptanalysis of pre-computer encryption algorithms is not really applicable to the cryptanalysis of modern algorithms, but it makes for interesting reading and is a good example of the mindset required to perform cryptanalysis. I don’t consider this a required prerequisite, but the interested student should consider reading Helen Fourche Gaines, Cryptanalysis: A Study
of Ciphers and their Solution (Dover Publications, 1939). Also interesting are
the volumes written by William F. Friedman and reprinted by Aegean Park
Press: Elements of Cryptanalysis; Military Cryptanalysis, Parts I, II, III, and
IV; The Riverbank Publications, Parts I, II, and III; and Military Cryptanalytics, Part I, Vol. 1 and 2, and Part II, Vol. 1 and 2. Aegean Park Press is at
http://www.aegeanparkpress.com/books/.
A careful reading of David Kahn, The Codebreakers (The Macmillan Company, 1967), is indispensible for an understanding of the history of cryptography.
I recommend it highly.
5
OBTAINING COURSE MATERIAL
The papers used in the course come from the proceedings of many different
conferences. I have tried to avoid obscure publications, but invariably some have
crept in. This means that many good block ciphers are not listed above: CAST is
a prime example. Please don’t take a cipher’s exclusion from the list as evidence
of strength or weakness; it is simply a matter of availability.
Almost all papers come from Springer-Verlag conference proceedings, all published in the Lecture Notes in Computer Science (LNCS) series. Most university
libraries subscribe to the entire LNCS series. At a minimum, a student should
have the CD-ROM consisting of all the Crypto and Eurocrypt proceedings (available from Springer-Verlag), and the proceedings from the Fast Software Encryption (FSE) series. There are many more papers in those proceedings worth
reading than the ones listed here.
I maintain a Web page at http://www.counterpane.com with pointers to the
papers on the WWW. Among the CD-ROM, the FSE proceedings, and my Web
resources, it is possible to do almost everything in the course.
4
5. A Self-Study Course in Block-Cipher Cryptanalysis
Schneier
6
6.1
THE COURSE
Background
Read at least two of the following: B. Schneier, Applied Cryptography, Second
Edition (John Wiley & Sons, 1996); D.R. Stinson, Cryptography: Theory and
Practice (CRC Press, 1995); and A.J. Menezes, P.C. van Oorschot, and S.A.
Vanstone, Handbook of Applied Cryptography (CRC Press, 1997). Concentrate
on the chapters on block ciphers, but I recommend strongly that you read the
entire books.
6.2
Basic Cryptanalysis
Try to cryptanalyze the following simplified algorithms:
•
•
•
•
•
•
•
•
8-round RC5 without any rotations.
8-round RC5 with the rotation amount equal to the round number.
12-round DES without any S-boxes.
8 rounds of Skipjack’s rule B. (A description of Skipjack can be found on
the World Wide Web.)
4-round DES.
A generic cipher that is “closed” (i.e., encrypting with key A and then key
B is the same as encrypting with key C, for all keys).
6-round DES.
4 rounds of Skipjack’s rule A followed by four rounds of Skipjack’s rule B.
All of these algorithms are described in B. Schneier, Applied Cryptography,
Second Edition (John Wiley & Sons, 1996) and A.J. Menezes, P.C. van Oorschot,
and S.A. Vanstone, Handbook of Applied Cryptography (CRC Press, 1997). If you
can’t break the specific variants listed above, what further simplifications can you
break? Can you break even more reduced-round variants?
6.3
Cryptanalysis of FEAL
It seems that almost every modern cryptanalytic attack works against FEAL.
First read the algorithm: A. Shimizu and S. Miyaguchi, “Fast Data Encipherment
Algorithm FEAL” (Advances in Cryptology — EUROCRYPT ’87 Proceedings,
Springer-Verlag, 1988, pp. 267–278). Now, try to break it. Some attacks can be
found in: B. Den Boer, “Cryptanalysis of F.E.A.L.” (Advances in Cryptology —
EUROCRYPT ’88 Proceedings, Springer-Verlag, 1988, pp. 275–280); H. Gilbert
5
6. CRYPTOLOGIA
Month Year
Volume
Number
and P. Chasse, “A Statistical Attack on the FEAL-8 Cryptosystem” (Advances
in Cryptology — CRYPTO ’90 Proceedings, Springer-Verlag, 1991, pp. 22–33);
and A. Tardy-Corfdir and H. Gilbert, “A Known Plaintext Attack of FEAL-4
and FEAL-6” (Advances in Cryptology — CRYPTO ’91 Proceedings, SpringerVerlag, 1992, pp. 172–182). You can also reinvent both differential and linear
cryptanalysis if you try hard enough.
6.4
Differential Cryptanalysis
Read Chapters 1 through 5 of E. Biham and A. Shamir, Differential Cryptanalysis
of the Data Encryption Standard (Springer-Verlag, 1993). If you can’t find the
book, read E. Biham and A. Shamir, “Differential Cryptanalysis of the Full
16-Round DES (Advances in Cryptology — CRYPTO ’91 Proceedings, SpringerVerlag, 1992, pp. 487–496).
6.5
Differential Cryptanalysis of FEAL
Attack FEAL using differential cryptanalysis. One solution, which is the first
paper to talk about differential attacks, is S. Murphy, “The Cryptanalysis of
FEAL-4 with 20 Chosen Plaintexts” (Journal of Cryptology, V. 2, N. 3, 1990,
pp. 145–154). Also see Chapter 6 of E. Biham and A. Shamir, Differential
Cryptanalysis of the Data Encryption Standard (Springer-Verlag, 1993).
6.6
Differential Cryptanalysis of LOKI-89
The first version of LOKI is now called LOKI-89. Read L. Brown, J. Pieprzyk,
and J. Seberry, “LOKI: A Cryptographic Primitive for Authentication and Secrecy Applications” (Advances in Cryptology — AUSCRYPT ’90 Proceedings,
Springer-Verlag, 1990, pp. 229–236). Find a differential attack; a solution is
in L.R. Knudsen, “Cryptanalysis of LOKI” (Advances in Cryptology — ASIACRYPT ’91, Springer-Verlag, 1993, pp. 22–35). Biham and Shamir’s book also
discusses this cryptanalysis.
6.7
Differential Cryptanalysis of MacGuffin
Read M. Blaze and B. Schneier, “The MacGuffin Block Cipher Algorithm” (Fast
Software Encryption, Second International Workshop Proceedings, Springer-Verlag, 1995, pp. 97–110). Try to break the cipher. A differential attack is in V. Rijmen and B. Preneel, “Cryptanalysis of MacGuffin” (Fast Software Encryption,
Second International Workshop Proceedings, Springer-Verlag, 1995, pp. 353–358).
6
7. A Self-Study Course in Block-Cipher Cryptanalysis
Schneier
There are many more attacks, none of which have been published. It is worth
spending time on this algorithm, even going back to it again later in this course.
As you learn more techniques, you will discover more attacks.
6.8
Differential Cryptanalysis of Khafre
Read the description of Khafre in R.C. Merkle, “Fast Software Encryption Functions” (Advances in Cryptology — CRYPTO ’90 Proceedings, Springer-Verlag,
1991, pp. 476–501). Try to break it. A differential attack is in E. Biham and
A. Shamir, “Differential Cryptanalysis of Snefru, Khafre, REDOC II, LOKI, and
Lucifer” (Advances in Cryptology — CRYPTO ’91 Proceedings, Springer-Verlag,
1992, pp. 156–171). See also Biham and Shamir’s book.
6.9
Differential Cryptanalysis of PES
The precursor to IDEA was PES; see X. Lai and J. Massey, “A Proposal for a
New Block Encryption Standard” (Advances in Cryptology — EUROCRYPT
’90 Proceedings, Springer-Verlag, 1991, pp. 389–404). Try to break it using
differential cryptanalysis. Results (and a redesign) are in X. Lai, J. Massey,
and S. Murphy, “Markov Ciphers and Differential Cryptanalysis” (Advances in
Cryptology — CRYPTO ’91 Proceedings, Springer-Verlag, 1991, pp. 17–38).
6.10
Linear Cryptanalysis
Read M. Matsui, “Linear Cryptanalysis Method for DES Cipher” (Advances in
Cryptology — EUROCRYPT ’93 Proceedings, Springer-Verlag, 1994, pp. 386–
397). Try to improve on the results. A solution is in M. Matsui, “The First
Experimental Cryptanalysis of the Data Encryption Standard” (Advances in
Cryptology — CRYPTO ’94 Proceedings, Springer-Verlag, 1994, pp. 1–11).
6.11
Linear Cryptanalysis of FEAL
Try to break FEAL using linear cryptanalysis techniques. Solutions are in
M. Matsui and A. Yamagishi, “A New Method for Known Plaintext Attack
of FEAL Cipher” (Advances in Cryptology — EUROCRYPT ’92 Proceedings,
Springer-Verlag, 1993, pp. 81–91), and K. Ohta and K. Aoki, “Linear Cryptanalysis of the Fast Data Encipherment Algorithm” (Advances in Cryptology —
CRYPTO ’94 Proceedings, Springer-Verlag, 1994, pp. 12–16). See also S. Moriai,
K. Aoki, and K. Ohta, “Improving the Search Algorithm for the Best Linear Ex7
8. CRYPTOLOGIA
Month Year
Volume
Number
pression” (Advances in Cryptology — CRYPTO ’95 Proceedings, Springer-Verlag,
1995, pp. 157–170).
6.12
Conditional Differential Characteristics
Conditional characteristics are introduced in I. Ben-Aroya and E. Biham, “Differential Cryptanalysis of Lucifer” (Advances in Cryptology — CRYPTO ’93
Proceedings, Springer-Verlag, 1994, pp. 187–199). Read Sections 1–3, on Lucifer
and conditional characteristics. Then try to find the attack before reading Section 4. Read the beginning of Section 5, on RDES. Try to find the attack before
reading the rest of the paper.
6.13
Rotational Related-Key Cryptanalysis
Read the results against LOKI-89 and LOKI-91 in E. Biham, “New Types of
Cryptanalytic Attacks Using Related Keys” (Journal of Cryptology, V. 7, N. 4,
1994, pp. 229–246). If you can’t get the journal, read the preliminary copy
(Advances in Cryptology — EUROCRYPT ’93, Springer-Verlag, 1994, pp. 398–
409). Attack the DES variant described in Section 5 (section 6 in the Eurocrypt
version).
6.14
Differential-Linear Cryptanalysis
Read S. Langford and M. Hellman, “Differential-Linear Cryptanalysis” (Advances in Cryptology — CRYPTO ’94 Proceedings, Springer-Verlag, 1994, pp.
17–26). Try to apply these techniques to FEAL. The answer is in K. Aoki and
K. Ohta, “Differential-Linear Cryptanalysis of FEAL-8” (IEICE Transactions:
Fundamentals of Electronics, Communications, and Computer Sciences (Japan),
V. E79-A, N. 1, 1996, pp. 20–27). Good luck finding the above; it’s a Japanese
journal.
6.15
Relations Between Differential and Linear Cryptanalysis
Read E. Biham, “On Matsui’s Linear Cryptanalysis” (Advances in Cryptology
— EUROCRYPT ’94 Proceedings, Springer-Verlag, 1995, pp. 398–412), and
F. Chabaud and S. Vaudenay, “Links Between Differential and Linear Cryptanalysis” (Advances in Cryptology — EUROCRYPT ’94 Proceedings, SpringerVerlag, 1995, pp. 356–365).
8
9. Schneier
6.16
A Self-Study Course in Block-Cipher Cryptanalysis
Higher-Order Differential Cryptanalysis
If you can find it, read X. Lai, “Higher Order Derivatives and Differential Cryptanalysis” (Communications and Cryptograpy, Kluwer Academic Publishers, 1994,
pp. 227–233). Read Section 4 of L.R. Knudsen, “Truncated and Higher Order
Differentials” (Fast Software Encryption, 2nd International Workshop Proceedings, Springer-Verlag, 1995, pp. 196–211).
6.17
Higher-Order Differential Cryptanalysis of KN-Cipher
Read K. Nyberg and L.R. Knudsen, “Provable Security Against Differential
Cryptanalysis” (Journal of Cryptology, V. 8, N. 1, 1995, pp. 27–37). The cipher in Section 5 is called KN-Cipher; try to break it using higher-order differentials. Kiefer is also described in K. Kiefer, “A New Design Concept for
Building Secure Block Ciphers” (Proceedings of Pragocrypt ’96, CTU Publishing
House, 1996, pp. 30–41. A good solution is in T. Shimoyama, S. Moriai, and
T. Kaneko, “Improving the Higher Order Differential Attack and Cryptanalysis
of the KN Cipher” (Information Security. First International Workshop ISW
’97 Proceedings, Springer-Verlag, 1998, pp. 32–42).
6.18
Multiple Linear Approximations
Read B. Kaliski Jr., and M. Robshaw, “Linear Cryptanalysis Using Multiple Approximations” (Advances in Cryptology — CRYPTO ’94 Proceedings, SpringerVerlag, 1994, pp. 26–39). Try to break FEAL using these techniques. One solution is in B. Kaliski Jr., and M. Robshaw, “Linear Cryptanalysis Using Multiple
Approximations and FEAL” (Fast Software Encryption, Second International
Workshop Proceedings, Springer-Verlag, 1995, pp. 249–264).
6.19
Cryptanalysis of TWOPRIME
Read C. Ding, V. Niemi, A. Renvall, and A. Salomaa, “TWOPRIME: A Fast
Stream Ciphering Algorithm” (Fast Software Encryption, 4th International
Workshop Proceedings, Springer-Verlag, 1997, pp. 88–102). TWOPRIME is really a block cipher. Try to break it; there are all sorts of attacks. Results are
in D. Coppersmith, D. Wagner, B. Schneier, and J. Kelsey, “Cryptanalysis of
TWOPRIME” (Fast Software Encryption, 5th International Workshop Proceedings, Springer-Verlag, 1998, pp. 32–48).
9
10. CRYPTOLOGIA
6.20
Month Year
Volume
Number
Cryptanalysis of Blowfish
Read B. Schneier, “Description of a New Variable-Length Key, 64-Bit Block
Cipher (Blowfish)” (Fast Software Encryption, Cambridge Security Workshop
Proceedings, Springer-Verlag, 1994, pp. 191–204), and try to break Blowfish.
Some results were published in S. Vaudenay, “On the Weak Keys in Blowfish”
(Fast Software Encryption, 3rd International Workshop Proceedings, SpringerVerlag, 1996, pp. 27–32). There is also a differential attack against five-round
Blowfish in V. Rijmen’s PhD thesis.
6.21
Cryptanalysis of ICE
Read M. Kwan, “The Design of ICE Encryption Algorithm” (Fast Software Encryption, 4th International Workshop Proceedings, Springer-Verlag, 1997, pp. 69–
82). A differential attack is in B. Van Rompay, L.R. Knudsen, and V. Rijmen,
“Differential Cryptanalysis of ICE Encryption Algorithm” (Fast Software Encryption, 5th International Workshop Proceedings, Springer-Verlag, 1998, pp.
270–283.
6.22
Cryptanalysis of LOKI-91
LOKI was redesigned; the new version was called LOKI-91. Read L. Brown,
M. Kwan, J. Pieprzyk, and J. Seberry, “Improving Resistance to Differential
Cryptanalysis and the Redesign of LOKI” (Advances in Cryptology — ASIACRYPT ’91 Proceedings, Springer-Verlag, 1993, pp. 36–50). Look for any kind
of cryptanalysis; some results can be found in L.R. Knudsen, “Cryptanalysis of
LOKI91” (Advances in Cryptology — AUSCRYPT ’92, Springer-Verlag, 1993,
pp. 196–208). A linear attack (on LOKI-91 and LOKI-89) can be found in
T. Tokita, T. Sorimachi, and M. Matsui, “Linear Cryptanalysis of LOKI and
s2 DES” (Advances in Cryptology — ASIACRYPT ’94, Springer-Verlag, 1995,
pp. 293–303).
6.23
Cryptanalysis of CMEA
Read Sections 1 and 2 of D. Wagner, B. Schneier, and J. Kelsey, “Cryptanalysis of the Cellular Message Encryption Algorithm” (Advances in Cryptology —
CRYPTO ’97 Proceedings, Springer-Verlag, 1997, pp. 526–537). Try to break
the algorithm before reading the rest of the paper.
10
11. A Self-Study Course in Block-Cipher Cryptanalysis
Schneier
6.24
Cryptanalysis of IDEA
IDEA is described (it’s called IPES) in X. Lai, J. Massey, and S. Murphy,
“Markov Ciphers and Differential Cryptanalysis” (Advances in Cryptology —
EUROCRYPT ’91 Proceedings, Springer-Verlag, 1991, pp. 17–38). The easiest
analysis is to try to find weak keys; one answer is in J. Daemen, R. Govaerts, and
J. Vandewalle, “Weak Keys for IDEA” (Advances in Cryptology — CRYPTO ’93
Proceedings, Springer-Verlag, 1994, pp. 224–231). Look for other attacks; some
solutions are in W. Meier, “On the Security of the IDEA Block Cipher” (Advances in Cryptology — EUROCRYPT ’93 Proceedings, Springer-Verlag, 1994,
pp. 371–385), and P. Hawkes and L. O’Connor, “On Applying Linear Cryptanalysis to IDEA” (Advances in Cryptology — ASIACRYPT ’96, Springer-Verlag,
1996, pp. 105–115).
6.25
Truncated Differentials
Read L.R. Knudsen, “Truncated and Higher Order Differentials” (Fast Software
Encryption, 2nd International Workshop Proceedings, Springer-Verlag, 1995, pp.
196–211), Sections 1 though 4. Try to apply the techniques of truncated differentials before reading the results in Section 5. Try to break SAFER using truncated differentials. Results are in L.R. Knudsen and T.A Berson, “Truncated
Differentials of SAFER Fast Software Encryption, 3rd International Workshop
Proceedings, Springer-Verlag, 1996, pp. 15–26).
6.26
Differential Related-Key Cryptanalysis
Read J. Kelsey, B. Schneier, and D. Wagner, “Key-Schedule Cryptanalysis of
IDEA, G-DES, GOST, SAFER, and Triple-DES” (Advances in Cryptology —
CRYPTO ’96 Proceedings, Springer-Verlag, 1996, pp. 237–251). Try to apply the
techniques to 3-Way, DES-X, and TEA before reading J. Kelsey, B. Schneier, and
D. Wagner, “Related-Key Cryptanalysis of 3-WAY, Biham-DES, CAST, DESX, NewDES, RC2, and TEA” (Information and Communications Security, First
International Conference Proceedings, Springer-Verlag, 1997, pp. 203–207).
6.27
Generalizations of Linear Cryptanalysis
Read C. Harpes, G. Kramer, and J. Massey, “A Generalization of Linear Cryptanalysis and the Applicability of Matsui’s Piling-up Lemma” (Advances in Cryptology — EUROCRYPT ’95 Proceedings, Springer-Verlag, 1995, pp. 24–38),
C. Harpes and J. Massey, “Partitioning Cryptanalysis” (Fast Software Encryption, 4th International Workshop Proceedings, Springer-Verlag, 1997, pp. 13–27).
11
12. CRYPTOLOGIA
Month Year
Volume
Number
Try to apply the techniques to DES before reading Appendix C of the second
paper. Read Sections 1 though 4 of B. Kaliski Jr. and M. Robshaw, “Linear Cryptanalysis Using Multiple Approximations” (Advances in Cryptology —
CRYPTO ’94 Proceedings, Springer-Verlag, 1994, pp. 26–39). Try applying the
techniques to LOKI91 before reading Section 5.
6.28
Cryptanalysis of Akelarre
´
Read G. Alvarez, D. De la Guia, F. Montoya, and A. Peinado, “Akelarre: A New
Block Cipher Algorithm” (Workshop on Selected Areas in Cryptography (SAC
’96) Workshop Record, Queens University, 1996, pp. 1–14). Try to break the
algorithm. Results are in L.R. Knudsen and V. Rijmen, “Two Rights Sometimes
Make a Wrong” (Workshop on Selected Areas in Cryptography (SAC ’97) Workshop Record, School of Computer Science, Carleton University, 1997, pp. 213–
223) and N. Ferguson and B. Schneier, “Cryptanalysis of Akelarre” (Workshop
on Selected Areas in Cryptography (SAC ’97) Workshop Record, School of Computer Science, Carleton University, 1997, pp. 201–212). A description of Akelarre
is in the last paper, if you can’t find any of the others.
6.29
Whitening
Read J. Kilian and p. Rogaway, “How to Protect DES Against Exhaustive Key
Search” (Advances in Cryptology — CRYPTO ’96 Proceedings, Springer-Verlag,
1996, pp. 252–267).
6.30
Theory of Differential and Linear Cryptanalysis
Read the following papers: K. Nyberg, “Linear Approximation of Block Ciphers” (Advances in Cryptology — EUROCRYPT ’94 Proceedings, SpringerVerlag, 1995, pp. 439–444), K. Nyberg and L. Knudsen, “Provable Security
Against a Differential Attack,” (Journal of Cryptology, V. 8, N. 1, 1995, pp. 27–
37), and K. Nyberg and L. Knudsen, “Provable Security Against a Differential
Cryptanalysis” (Advances in Cryptology — CRYPTO ’92 Proceedings, SpringerVerlag, 1993, pp. 566–574).
6.31
Cryptanalysis of VINO
Read A. Di Porto and W. Wolfowicz, “VINO: A Block Cipher Including Variable Permutations” (Fast Software Encryption, Cambridge Security Workshop
12
13. A Self-Study Course in Block-Cipher Cryptanalysis
Schneier
Proceedings, Springer-Verlag, 1994, pp. 205–210). No cryptanalysis has been
published; try to be the first.
6.32
Interpolation Attack
Read Sections 1 through 3.3 of T. Jakobsen and L. Knudsen, “The Interpolation
Attack on Block Ciphers” (Fast Software Encryption, 4th International Workshop Proceedings, Springer-Verlag, 1997, pp. 28–40). Read the modifications to
SHARK in Section 3.4, and attempt to break it before reading the rest of the
paper.
6.33
Attacks on Non-Surjective Round Functions
Read E. Biham and A. Biryukov, “An Improvement of Davies’ Attack on DES”
(Advances in Cryptology — EUROCRYPT ’94 Proceedings, Springer-Verlag,
1995, pp. 461–467). Also worth reading is B. Rijmen, B. Preneel, and E. De
Win, “On Weaknesses of Non-surjective Round Functions” (Designs, Codes, and
Cryptography, V. 12, N. 3, 1997, pp. 253–266).
6.34
Cryptanalysis of Khufu
Read the description of Khufu in R.C. Merkle, “Fast Software Encryption Functions” (Advances in Cryptology — CRYPTO ’90 Proceedings, Springer-Verlag,
1991, pp. 476–501). Try to break it. An analysis is in H. Gilbert and P. Chauvaud, “A Chosen-Plaintext Attack on the 16-Round Khufu Cryptosystem” (Advances in Cryptology — CRYPTO ’94 Proceedings, Springer-Verlag, 1994, pp.
359–368.)
6.35
Cryptanalysis of SAFER
Read J. L. Massey, “SAFER K-64: A Byte-Oriented Block-Ciphering Algorithm” (Fast Software Encryption, Cambridge Security Workshop Proceedings,
Springer-Verlag, 1994, pp. 1–17). Try to attack the cipher. Results can be found
in J. L. Massey, “SAFER K-64: One Year Later” (Fast Software Encryption,
2nd International Workshop Proceedings, Springer-Verlag, 1995, pp. 212–241);
S. Vaudenay, “On the Need for Multipermutations: Cryptanalysis of MD4 and
SAFER” (Fast Software Encryption, Second International Workshop Proceedings, Springer-Verlag, 1995, pp. 286–297); and L.R. Knudsen, “A Key-Schedule
Weakness in SAFER K-64” (Advances in Cryptology—CRYPTO ’95 Proceedings,
Springer-Verlag, 1995, pp. 274–286).
13
14. CRYPTOLOGIA
6.36
Month Year
Volume
Number
Modes of Operation
Read E. Biham, “On Modes of Operation” (Fast Software Encryption, Cambridge
Security Workshop Proceedings, Springer-Verlag, 1994, pp. 116–120) and E. Biham, “Cryptanalysis of Multiple Modes of Operation” (Advances in Cryptology
— ASIACRYPT ’94 Proceedings, Springer-Verlag, 1995, pp. 278–292). Read
Sections 1 and 2 of E. Biham, “Cryptanalysis of Ladder-DES” (Fast Software
Encryption, 4th International Workshop Proceedings, Springer-Verlag, 1997, pp.
134–138). Try to break the construction before reading the rest of the paper.
Also read D. Wagner, “Analysis of Some Recently Proposed Modes of Operation”
(Fast Software Encryption, 5th International Workshop Proceedings, SpringerVerlag, 1998, pp. 254–269), and try to break the constructions before reading
the analysis.
6.37
Advanced Cryptanalysis of IDEA
Try to break IDEA using truncated differentials and differential-linear characteristics. Results are in J. Borst, L.R. Knudsen, and V. Rijmen, “Two Attacks
on Reduced IDEA” (Advances in Cryptology — EUROCRYPT ’97, SpringerVerlag, 1997, pp. 1–13) and P. Hawkes, “Differential-Linear Weak Key Classes
of IDEA” (Advances in Cryptology — EUROCRYPT ’98 Proceedings, SpringerVerlag, 1998, pp. 112–126).
6.38
Cryptanalysis of TEA
Read D. Wheeler and R. Needham, “TEA, a Tiny Encryption Algorithm” (Fast
Software Encryption, 2nd International Workshop Proceedings, Springer-Verlag,
1995, pp. 97–110). No cryptanalysis, except of the key schedule, has been published; try to be the first.
6.39
Cryptanalysis of RC5
Read R.L. Rivest, “The RC5 Encryption Algorithm” (Fast Software Encryption,
2nd International Workshop Proceedings, Springer-Verlag, 1995, pp. 86–96). Try
to break RC5. You can find some results in B.S. Kaliski and Y.L. Yin, “On Differential and Linear Cryptanalysis of the RC5 Encryption Algorithm” (Advances
in Cryptology—CRYPTO ’95 Proceedings, Springer-Verlag, 1995, pp. 445–454);
L.R. Knudsen and W. Meier, “Improved Differential Attacks on RC5” (Advances
in Cryptology — CRYPTO ’96 Proceedings, Springer-Verlag, 1996, pp. 216–
228); and A.A. Selcuk, “New Results in Linear Cryptanalysis of RC5” (Fast
14
15. A Self-Study Course in Block-Cipher Cryptanalysis
Schneier
Software Encryption, 5th International Workshop Proceedings, Springer-Verlag,
1998, pp. 1–16).
6.40
Cryptanalysis of MISTY
Read M. Matsui, “New Structure of Block Ciphers with Provable Security
Against Differential and Linear Cryptanalysis” (Fast Software Encryption, 3rd
International Workshop Proceedings, Springer-Verlag, 1996, pp. 205–218) and
M. Matsui, “New Block Encryption Algorithm MISTY” (Fast Software Encryption, 4th International Workshop Proceedings, Springer-Verlag, 1997, pp. 54–68).
The only published cryptanalytic result I know of is in Japanese: H. Tanaka,
K. Hisamatsu, and T. Kaneko, “Higher Order Differential Attack of MISTY
without FL Functions” (The Institute of Electronics, Information, and Communication Engineers, ISEC98-5, 1998).
6.41
Cryptanalysis of Square
Read J. Daemen, L. Knudsen, and V. Rijmen, “The Block Cipher Square” (Fast
Software Encryption, 4th International Workshop Proceedings, Springer-Verlag,
1997, pp. 149–165), except for Section 6. Try to attack the cipher before reading
that section.
6.42
AES Submissions
In 1998, the National Instutute of Standards and Technology solicited candidate
block ciphers to replace DES. Fifteen submissions were received, of which five
have been selected for the second round. Read about the process and the submissions at the NIST Web site, which includes links to details on the various submissions and links to various papers on cryptanalysis: http://www.nist.gov/aes/.
Break what you can; send NIST the results. Here’s your chance to affect the future encryption standard.
7
CONCLUSION
The only way to become a good algorithm designer is to be a good cryptanalyst:
to break algorithms. Lots of them. Again and again. Only after a student has
demonstrated his ability to cryptanalyze the algorithms of others will his own
designs be taken seriously.
Given that many many ciphers are invented every year—some published, some
patented, some proprietary—how do cryptanalysts know which ones are worth
15
16. CRYPTOLOGIA
Month Year
Volume
Number
further study? They look at the pedigree of the algorithm. An algorithm that
has been invented by someone who has shown that he can break algorithms—he’s
studied the literature, perhaps using this course, and published a few breaks on
his own that had not been discovered before—is much more likely to invent a
secure cipher than someone who has done a cursory read of the literature and
then invented something. In both cases the inventor believes his cipher is secure;
in the former case the inventor’s opinion is worth something.
Cryptanalysts also look at the supporting documentation associated with the
design. Again, design is easy and analysis is hard. Designs that come with
extensive analyses—breaks of simplified variants, reduced-round versions, alternate implementations—show that the inventor knew what he was doing when he
created the cipher. When we designed Twofish, we spent over 1000 man-hours
on cryptanalysis. We wrote a book consisting primarily of cryptanalysis. To us,
this level of work is what it takes to design a new cipher. Only after this level of
analysis by the designers should third-party cryptanalysis start. It’s the “price
of admission,” as it were.
Anyone can create an algorithm that he himself cannot break. It’s not even
very difficult. What is difficult is cryptanalysis. And only an experienced cryptanalyst can design a good cipher. And the only way to get that experience is to
analyze other people’s ciphers.
BIOGRAPHICAL SKETCH
Bruce Schneier is Chief Technical Officer of Counterpane Internet Security, Inc., a
managed security firm, and a cryptography consultant. He designed the Blowfish
algorithm, still unbroken after years of cryptanalysis, and the Twofish encryption
algorithm that is currently a finalist for AES. Schneier is the author of Applied
Cryptography (John Wiley & Sons, 1994 and 1996), the seminal work in its
field. Now in its second edition, Applied Cryptography has sold over 100,000
copies worldwide and has been translated into three languages. His papers have
appeared at dozens of international conferences. He is a frequent writer and
lecturer on the topics of cryptography, computer security, and privacy.
16