Get an update on changes of the IACR web-page here. For questions, contact newsletter (at) iacr.org. You can also receive updates via:
To receive your credentials via mail again, please click here.
You can also access the full news archive.
Symmetric cryptographic primitives such as block and stream ciphers are the building blocks in many cryptographic \r\nprotocols. Having such blocks which provide provable security against various types of attacks is often hard. On the \r\nother hand, if possible, such designs are often too costly to be implemented and are usually ignored by practitioners.\r\nMoreover, in RFID protocols or sensor networks, we need lightweight and ultra-lightweight algorithms. Hence, \r\ncryptographers often search for a fair trade-off between security and usability depending on the application. Contrary \r\nto public key primitives, which are often based on some hard problems, security in symmetric key is often based on some\r\nheuristic assumptions. Often, the researchers in this area argue that the security is based on the confidence level the \r\ncommunity has in their design. Consequently, everyday symmetric protocols appear in the literature and stay secure \r\nuntil someone breaks them. In this thesis, we evaluate the security of multiple symmetric primitives against statistical \r\nand algebraic attacks. This thesis is composed of two distinct parts:\r\n\r\n
In the first part, we investigate the security of RC4 stream cipher against statistical attacks. We focus on its applications \r\nin WEP and WPA protocols. We revisit the previous attacks on RC4 and optimize them. In fact, we propose a framework\r\non how to deal with a pool of biases for RC4 in an optimized manner. During this work, we found multiple new weaknesses \r\nin the corresponding applications. We show that the current best attack on WEP can still be improved. We compare our \r\nresults with the state of the art implementation of the WEP attack on Aircrack-ng program and improve its success rate.\r\nNext, we propose a theoretical key recovery and distinguishing attacks on WPA, which cryptographically break the protocol. \r\nWe perform an extreme amount of experiments to make sure that the proposed theor[...]
Elliptic curve based cryptosystems are nowadays increasingly used in protocols involving public-key cryptography. This is particularly true in the context of embedded devices which are subject to strong cost, resources, and efficiency constraints, since elliptic curve cryptography requires significantly smaller key sizes compared to other cryptosystems such as RSA.\r\n
The following study focuses in the first part on secure and efficient implementation of elliptic curve cryptography in embedded devices, especially smart cards. Designing secure implementations requires to take into account physical attacks which can target embedded devices. These attacks include in particular side-channel analysis which may infer information on a secret key manipulated from a component by monitoring how it interacts with its environment, and fault analysis in which an adversary can disturb the normal functioning of a device with the same goal.\r\n
In the second part of this thesis, we study these attacks and their impact on the implementation of the most used public-key cryptosystems. In particular, we propose new analysis techniques and new countermeasures for these cryptosystems, together with specific attacks on the AES block cipher.[...]
• Senior hands-on engineer with broad experience in cryptography
• Experienced with designing and implementing cryptographic algorithms and key management systems
• Must be familiar with algorithms and protocols including AES-CBC, AES-GCM, SHA, EC-DH, EC-DSA, random number generation, PKI
• Knowledge of Suite B crypto, TLS, smartcards/CAC, X.509, soft certificates, PKCS11
• Experience developing crypto APIs for both internal and external use
• Must have strong skills with C/C++ and/or Java programming languages on multiple platforms
• Ability to work with and mentor a team of programmers
• Ability to obtain US security clearance.
• Familiar with FIPS 140-2 process, VPNs, S/MIME, data at rest crypto, and other cryptographic products.
• Familiar with DoD and US Federal requirements and regulations related to cryptography for SBU/CUI and classified data.
• Familiar with secure voice protocols, such as SRTP, SIP/TLS, SSIP, zRTP, etc.
• Ability to create high-level software design documents.
• Experience writing device drivers, low-level APIs, or software development kits.
• Familiar with implementing crypto in hardware in ASIC or FPGA-based systems
• BA/BS, MS, Ph.D. degree in Cryptography, Mathematics, Computer Science, Software Engineering, Computer Engineering, Electrical Engineering or equivalent experience.
• CISSP, CSSLP, or SANS certifications