A natural language approach to automated cryptanalysis of two-time pads

Mason, Joshua; Watkins, Kathryn; Eisner, Jason; Stubblefield, Adam

doi:10.1145/1180405.1180435

Cited by 14 publications

(8 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…N-gram analysis [18,27] can be used in conjunction with frequency analysis or on its own. Like frequency analysis, lists of n-character strings, or n-grams, can be tallied from a representative training set.…”

Section: Common Methodsmentioning

confidence: 99%

“…The two-time-pad problem [27] describes how a key is reused to encrypt two plaintexts P and P', where P ⊕ key and P' ⊕ key can be XORed to recover P ⊕ P'. Although XOR-based streamcipher attacks are well-known, these weaknesses have not stopped storage designers from using fast encryption modes to support efficient random in-place updates without re-encrypting the remaining file after the updated file location.…”

Section: Contributions and Non-contributionsmentioning

confidence: 99%

“…Much of the related work on algorithms [18,27,42] and implementations [40,9] of cryptanalysis on two-time pads was already discussed in Sections 3.1 and 3.2. Most of the work reviewing two-time pad vulnerabilities is explored in the context of network communications.…”

Section: Related Workmentioning

confidence: 99%

See 2 more Smart Citations

When cryptography meets storage

Diesburg

Meyers

Lary

et al. 2008

Proceedings of the 4th ACM International Workshop on Storage Security and Survivability

View full text Add to dashboard Cite

Confidential data storage through encryption is becoming increasingly important.Designers and implementers of encryption methods of storage media must be aware that storage has different usage patterns and properties compared to securing other information media such as networks. In this paper, we empirically demonstrate two-time pad vulnerabilities in storage that are exposed via shifting file contents, in-place file updates, storage mechanisms hidden by layers of abstractions, inconsistencies between memory and disk content, and backups. We also demonstrate how a simple application of Bloom filters can automatically extract plaintexts from two-time pads. Further, our experience sheds light on system research directions to better support cryptographic assumptions and guarantees.

show abstract

Section: Common Methodsmentioning

confidence: 99%

Section: Contributions and Non-contributionsmentioning

confidence: 99%

See 1 more Smart Citation

When cryptography meets storage

Diesburg

Meyers

Lary

et al. 2008

Proceedings of the 4th ACM International Workshop on Storage Security and Survivability

View full text Add to dashboard Cite

show abstract

“…The usage of the same counter value T 0 in combination with the same group key can break the confidentiality of group communication because of the "Two-Time-Pad problem" [11].…”

Section: Counter Repetition In Aes-ctrmentioning

confidence: 99%

“…This procedure is not explicitly described. The only description given on the sequence number is quoted as follows and does not refer to resynchronization: "To ensure data integrity and data freshness, HMAC [11] in combination with SHA 256 [12] and a sequence number are used." [2].…”

Section: Resynchronization Of Sequence Counter Left Openmentioning

confidence: 99%

On the security of security extensions for IP-based KNX networks

Judmayer

Krammer

Kästner

2014

2014 10th IEEE Workshop on Factory Communication Systems (WFCS 2014)

View full text Add to dashboard Cite

The traditional areas of application for building automation systems (BAS) like heating, ventilation and air conditioning as well as lighting and shading are more and more extended by services requiring a more robust security infrastructure like alarm-and access control systems. Additionally, building automation networks get integrated into existing IP-based networks, or even communicate directly over the Internet. Therefore, the attack surface of BAS has increased dramatically. This requires a solid security architecture and a profound knowledge of possible attack vectors. This work reviews two security extensions for KNXnet/IP regarding their individual security properties. Thereby, it is pointed out that the current version of the draft specification, called KNXnet/IP Secure, lacks some relevant details and has certain limitations concerning the provided level of security.

show abstract