Network Adversary Attacks against Secure Encryption Schemes
Summary :
We show that, in practice, a network adversary can achieve decidedly non-negligible advantage in attacking provable key-protection properties; e.g., the “existential key recovery” security and “multi-key hiding” property of typical nonce-based symmetric encryption schemes whenever these schemes are implemented with standard block ciphers. We also show that if a probabilistic encryption scheme uses certain standard block ciphers (e.g., two-key 3DES), then enforcing the security bounds necessary to protect against network adversary attacks will render the scheme impractical for network applications that share group keys amongst many peers. The attacks presented here have three noteworthy implications. First, they help identify key-protection properties that separate the notion of indistinguishability from random bits (IND$) from the strictly weaker notion of indistinguishability of ciphertexts (IND); also, they help establish new relationships among these properties. Second, they show that nonce-based symmetric encryption schemes are typically weaker than probabilistic ones. Third, they illustrate the need to account for the Internet-level growth of adversary capabilities when establishing the useful lifetime of standard block-cipher parameters.
- Publication
- IEICE TRANSACTIONS on Communications Vol.E98-B No.2 pp.267-279
- Publication Date
- 2015/02/01
- Publicized
- Online ISSN
- 1745-1345
- DOI
- 10.1587/transcom.E98.B.267
- Type of Manuscript
- PAPER
- Category
- Fundamental Theories for Communications
Authors
Virgil D. GLIGOR
Carnegie Mellon University
Bryan PARNO
Microsoft Research
Ji Sun SHIN
Sejong University
Keyword
Latest Issue
Copyrights notice of machine-translated contents
The copyright of the original papers published on this site belongs to IEICE. Unauthorized use of the original or translated papers is prohibited. See IEICE Provisions on Copyright for details.
Cite this
Copy
Virgil D. GLIGOR, Bryan PARNO, Ji Sun SHIN, "Network Adversary Attacks against Secure Encryption Schemes" in IEICE TRANSACTIONS on Communications,
vol. E98-B, no. 2, pp. 267-279, February 2015, doi: 10.1587/transcom.E98.B.267.
Abstract: We show that, in practice, a network adversary can achieve decidedly non-negligible advantage in attacking provable key-protection properties; e.g., the “existential key recovery” security and “multi-key hiding” property of typical nonce-based symmetric encryption schemes whenever these schemes are implemented with standard block ciphers. We also show that if a probabilistic encryption scheme uses certain standard block ciphers (e.g., two-key 3DES), then enforcing the security bounds necessary to protect against network adversary attacks will render the scheme impractical for network applications that share group keys amongst many peers. The attacks presented here have three noteworthy implications. First, they help identify key-protection properties that separate the notion of indistinguishability from random bits (IND$) from the strictly weaker notion of indistinguishability of ciphertexts (IND); also, they help establish new relationships among these properties. Second, they show that nonce-based symmetric encryption schemes are typically weaker than probabilistic ones. Third, they illustrate the need to account for the Internet-level growth of adversary capabilities when establishing the useful lifetime of standard block-cipher parameters.
URL: https://globals.ieice.org/en_transactions/communications/10.1587/transcom.E98.B.267/_p
Copy
@ARTICLE{e98-b_2_267,
author={Virgil D. GLIGOR, Bryan PARNO, Ji Sun SHIN, },
journal={IEICE TRANSACTIONS on Communications},
title={Network Adversary Attacks against Secure Encryption Schemes},
year={2015},
volume={E98-B},
number={2},
pages={267-279},
abstract={We show that, in practice, a network adversary can achieve decidedly non-negligible advantage in attacking provable key-protection properties; e.g., the “existential key recovery” security and “multi-key hiding” property of typical nonce-based symmetric encryption schemes whenever these schemes are implemented with standard block ciphers. We also show that if a probabilistic encryption scheme uses certain standard block ciphers (e.g., two-key 3DES), then enforcing the security bounds necessary to protect against network adversary attacks will render the scheme impractical for network applications that share group keys amongst many peers. The attacks presented here have three noteworthy implications. First, they help identify key-protection properties that separate the notion of indistinguishability from random bits (IND$) from the strictly weaker notion of indistinguishability of ciphertexts (IND); also, they help establish new relationships among these properties. Second, they show that nonce-based symmetric encryption schemes are typically weaker than probabilistic ones. Third, they illustrate the need to account for the Internet-level growth of adversary capabilities when establishing the useful lifetime of standard block-cipher parameters.},
keywords={},
doi={10.1587/transcom.E98.B.267},
ISSN={1745-1345},
month={February},}
Copy
TY - JOUR
TI - Network Adversary Attacks against Secure Encryption Schemes
T2 - IEICE TRANSACTIONS on Communications
SP - 267
EP - 279
AU - Virgil D. GLIGOR
AU - Bryan PARNO
AU - Ji Sun SHIN
PY - 2015
DO - 10.1587/transcom.E98.B.267
JO - IEICE TRANSACTIONS on Communications
SN - 1745-1345
VL - E98-B
IS - 2
JA - IEICE TRANSACTIONS on Communications
Y1 - February 2015
AB - We show that, in practice, a network adversary can achieve decidedly non-negligible advantage in attacking provable key-protection properties; e.g., the “existential key recovery” security and “multi-key hiding” property of typical nonce-based symmetric encryption schemes whenever these schemes are implemented with standard block ciphers. We also show that if a probabilistic encryption scheme uses certain standard block ciphers (e.g., two-key 3DES), then enforcing the security bounds necessary to protect against network adversary attacks will render the scheme impractical for network applications that share group keys amongst many peers. The attacks presented here have three noteworthy implications. First, they help identify key-protection properties that separate the notion of indistinguishability from random bits (IND$) from the strictly weaker notion of indistinguishability of ciphertexts (IND); also, they help establish new relationships among these properties. Second, they show that nonce-based symmetric encryption schemes are typically weaker than probabilistic ones. Third, they illustrate the need to account for the Internet-level growth of adversary capabilities when establishing the useful lifetime of standard block-cipher parameters.
ER -
FlyerIEICE has prepared a flyer regarding multilingual services. Please use the one in your native language.
English
