著者
Hayato Kimura Keita Emura Takanori Isobe Ryoma Ito Kazuto Ogawa Toshihiro Ohigashi
出版者
情報処理学会
雑誌
情報処理学会論文誌 (ISSN:18827764)
巻号頁・発行日
vol.64, no.9, 2023-09-15

Cryptanalysis in a blackbox setting using deep learning is powerful because it does not require the attacker to have knowledge about the internal structure of the cryptographic algorithm. Thus, it is necessary to design a symmetric key cipher that is secure against cryptanalysis using deep learning. Kimura et al. (AIoTS 2022) investigated deep learning-based attacks on the small PRESENT-[4] block cipher with limited component changes, identifying characteristics specific to these attacks which remain unaffected by linear/differential cryptanalysis. Finding such characteristics is important because exploiting such characteristics can make the target cipher vulnerable to deep learning-based attacks. Thus, this paper extends a previous method to explore clues for designing symmetric-key cryptographic algorithms that are secure against deep learning-based attacks. We employ small PRESENT-[4] with two weak S-boxes, which are known to be weak against differential/linear attacks, to clarify the relationship between classical and deep learning-based attacks. As a result, we demonstrated the success probability of our deep learning-based whitebox analysis tends to be affected by the success probability of classical cryptanalysis methods. And we showed our whitebox analysis achieved the same attack capability as traditional methods even when the S-box of the target cipher was changed to a weak one.------------------------------This is a preprint of an article intended for publication Journal ofInformation Processing(JIP). This preprint should not be cited. Thisarticle should be cited as: Journal of Information Processing Vol.31(2023) (online)DOI http://dx.doi.org/10.2197/ipsjjip.31.550------------------------------
著者
Toshihiro Ohigashi Shuya Kawaguchi Kai Kobayashi Hayato Kimura Tatsuya Suzuki Daichi Okabe Takuya Ishibashi Hiroshi Yamamoto Maki Inui Ryo Miyamoto Kazuyoshi Furukawa Tetsuya Izu
出版者
Information Processing Society of Japan
雑誌
Journal of Information Processing (ISSN:18826652)
巻号頁・発行日
vol.29, pp.548-558, 2021 (Released:2021-09-15)
参考文献数
19

In 2018, Takita et al. proposed a construction method of a fake QR code by adding stains to a target QR code, that probabilistically leads users to a malicious website. The construction abused the error-correction of error-correcting code used in the QR code, namely, the added stains induce decoding errors in black and white detection by a camera, so that the decoded URL leads to the malicious website. Also, the same authors proposed a detection method against such fake QR codes by comparing decoded URLs among multiple QR code readings since the decoded URLs may differ because of its probabilistic property. However, the detection method cannot work well over a few readings. Moreover, the proposed detection method does not consider the environmental or accidental changes such as sudden sunshine or reflection, nor recognizes the fake QR code as non-fake when the probability is low. This paper proposes new detection methods for such fake QR codes by analyzing information obtained from the error-correcting process. This paper also reports results from implementing the new detection methods on an Android smartphone. Results show that a combination of these detection methods works very well compared to when using only a single detection method.
著者
Sonu JHA Subhadeep BANIK Takanori ISOBE Toshihiro OHIGASHI Santanu SARKAR
出版者
The Institute of Electronics, Information and Communication Engineers
雑誌
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences (ISSN:09168508)
巻号頁・発行日
vol.E101-A, no.11, pp.1869-1879, 2018-11-01

In this paper we present proofs for the new biases in RC4 which were experimentally found and listed out (without theoretical justifications and proofs) in a paper by Vanhoef et al. in USENIX 2015. Their purpose was to exploit the vulnerabilities of RC4 in TLS using the set of new biases found by them. We also show (and prove) new results on couple of very strong biases residing in the joint distribution of three consecutive output bytes of the RC4 stream cipher. These biases provides completely new distinguisher for RC4 taking roughly O(224) samples to distinguish streams of RC4 from a uniformly random stream. We also provide a list of new results with proofs relating to some conditional biases in the keystreams of the RC4 stream cipher.
著者
Hayato Kimura Keita Emura Takanori Isobe Ryoma Ito Kazuto Ogawa Toshihiro Ohigashi
出版者
Information Processing Society of Japan
雑誌
Journal of Information Processing (ISSN:18826652)
巻号頁・発行日
vol.31, pp.550-561, 2023 (Released:2023-09-15)
参考文献数
40

Cryptanalysis in a blackbox setting using deep learning is powerful because it does not require the attacker to have knowledge about the internal structure of the cryptographic algorithm. Thus, it is necessary to design a symmetric key cipher that is secure against cryptanalysis using deep learning. Kimura et al. (AIoTS 2022) investigated deep learning-based attacks on the small PRESENT-[4] block cipher with limited component changes, identifying characteristics specific to these attacks which remain unaffected by linear/differential cryptanalysis. Finding such characteristics is important because exploiting such characteristics can make the target cipher vulnerable to deep learning-based attacks. Thus, this paper extends a previous method to explore clues for designing symmetric-key cryptographic algorithms that are secure against deep learning-based attacks. We employ small PRESENT-[4] with two weak S-boxes, which are known to be weak against differential/linear attacks, to clarify the relationship between classical and deep learning-based attacks. As a result, we demonstrated the success probability of our deep learning-based whitebox analysis tends to be affected by the success probability of classical cryptanalysis methods. And we showed our whitebox analysis achieved the same attack capability as traditional methods even when the S-box of the target cipher was changed to a weak one.
著者
Ryoichi TERAMURA Toshihiro OHIGASHI Hidenori KUWAKADO Masakatu MORII
出版者
The Institute of Electronics, Information and Communication Engineers
雑誌
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences (ISSN:09168508)
巻号頁・発行日
vol.E94-A, no.1, pp.10-18, 2011-01-01

Conventional class of weak keys on RC4 stream cipher is defined as a specific case that combinations of the first three bytes of secret key satisfy two relational equations. This paper expands and generalizes the classes of weak keys using generalized relational equations and special classes of the internal state (called predictive state). We derive the probability that generalized classes of weak keys leak the information of bytes of the secret key. Furthermore, we enumerate the generalized classes of weak keys and show that most of them leak more information of the secret key than Roos' one.
著者
Ryoichi TERAMURA Yasuo ASAKURA Toshihiro OHIGASHI Hidenori KUWAKADO Masakatu MORII
出版者
The Institute of Electronics, Information and Communication Engineers
雑誌
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences (ISSN:09168508)
巻号頁・発行日
vol.E93-A, no.1, pp.164-171, 2010-01-01

Conventional efficient key recovery attacks against Wired Equivalent Privacy (WEP) require specific initialization vectors or specific packets. Since it takes much time to collect the packets sufficiently, any active attack should be performed. An Intrusion Detection System (IDS), however, will be able to prevent the attack. Since the attack logs are stored at the servers, it is possible to prevent such an attack. This paper proposes an algorithm for recovering a 104-bit WEP key from any IP packets in a realistic environment. This attack needs about 36,500 packets with a success probability 0.5, and the complexity of our attack is equivalent to about 220 computations of the RC4 key setups. Since our attack is passive, it is difficult for both WEP users and administrators to detect our attack.