International Association
for Cryptologic Research

Name: Pouyan Sepehrdad
Topic: Statistical and Algebraic Cryptanalysis of Lightweight and Ultra-Lightweight Symmetric Primitives
Category: secret-key cryptography

Description:

Symmetric cryptographic primitives such as block and stream ciphers are the building blocks in many cryptographic \r\nprotocols. Having such blocks which provide provable security against various types of attacks is often hard. On the \r\nother hand, if possible, such designs are often too costly to be implemented and are usually ignored by practitioners.\r\nMoreover, in RFID protocols or sensor networks, we need lightweight and ultra-lightweight algorithms. Hence, \r\ncryptographers often search for a fair trade-off between security and usability depending on the application. Contrary \r\nto public key primitives, which are often based on some hard problems, security in symmetric key is often based on some\r\nheuristic assumptions. Often, the researchers in this area argue that the security is based on the confidence level the \r\ncommunity has in their design. Consequently, everyday symmetric protocols appear in the literature and stay secure \r\nuntil someone breaks them. In this thesis, we evaluate the security of multiple symmetric primitives against statistical \r\nand algebraic attacks. This thesis is composed of two distinct parts:

\r\n\r\n

In the first part, we investigate the security of RC4 stream cipher against statistical attacks. We focus on its applications \r\nin WEP and WPA protocols. We revisit the previous attacks on RC4 and optimize them. In fact, we propose a framework\r\non how to deal with a pool of biases for RC4 in an optimized manner. During this work, we found multiple new weaknesses \r\nin the corresponding applications. We show that the current best attack on WEP can still be improved. We compare our \r\nresults with the state of the art implementation of the WEP attack on Aircrack-ng program and improve its success rate.\r\nNext, we propose a theoretical key recovery and distinguishing attacks on WPA, which cryptographically break the protocol. \r\nWe perform an extreme amount of experiments to make sure that the proposed theor[...]