Indistinguishable of AES-Based PRNG against Modification Attack Based on Statistical Distance Tests and Entropy Measures

Similar documents
Pseudo-random Functions

CHAPTER VI Statistical Analysis of Experimental Data

Pseudo-random Functions. PRG vs PRF

NP!= P. By Liu Ran. Table of Contents. The P versus NP problem is a major unsolved problem in computer

Functions of Random Variables

Summary of the lecture in Biostatistics

NP!= P. By Liu Ran. Table of Contents. The P vs. NP problem is a major unsolved problem in computer

Lecture 3. Sampling, sampling distributions, and parameter estimation

best estimate (mean) for X uncertainty or error in the measurement (systematic, random or statistical) best

Estimation of Stress- Strength Reliability model using finite mixture of exponential distributions

Chapter 8. Inferences about More Than Two Population Central Values

Module 7: Probability and Statistics

Lecture 7. Confidence Intervals and Hypothesis Tests in the Simple CLR Model

Chapter 13, Part A Analysis of Variance and Experimental Design. Introduction to Analysis of Variance. Introduction to Analysis of Variance

Bootstrap Method for Testing of Equality of Several Coefficients of Variation

8.1 Hashing Algorithms

(Monte Carlo) Resampling Technique in Validity Testing and Reliability Testing

Econometric Methods. Review of Estimation

Comparison of Dual to Ratio-Cum-Product Estimators of Population Mean

For combinatorial problems we might need to generate all permutations, combinations, or subsets of a set.

1. BLAST (Karlin Altschul) Statistics

Introduction to local (nonparametric) density estimation. methods

Random Variables and Probability Distributions

1 Mixed Quantum State. 2 Density Matrix. CS Density Matrices, von Neumann Entropy 3/7/07 Spring 2007 Lecture 13. ψ = α x x. ρ = p i ψ i ψ i.

Solving Constrained Flow-Shop Scheduling. Problems with Three Machines

Chapter 5 Properties of a Random Sample

2. Independence and Bernoulli Trials

Bayes Estimator for Exponential Distribution with Extension of Jeffery Prior Information

Discrete Mathematics and Probability Theory Fall 2016 Seshia and Walrand DIS 10b

Simple Linear Regression

A New Family of Transformations for Lifetime Data

Some Notes on the Probability Space of Statistical Surveys

Introduction to Probability

A tighter lower bound on the circuit size of the hardest Boolean functions

ENGI 3423 Simple Linear Regression Page 12-01

Simulation Output Analysis

{ }{ ( )} (, ) = ( ) ( ) ( ) Chapter 14 Exercises in Sampling Theory. Exercise 1 (Simple random sampling): Solution:

The Selection Problem - Variable Size Decrease/Conquer (Practice with algorithm analysis)

Lecture Notes Types of economic variables

Assignment 5/MATH 247/Winter Due: Friday, February 19 in class (!) (answers will be posted right after class)

ECONOMETRIC THEORY. MODULE VIII Lecture - 26 Heteroskedasticity

hp calculators HP 30S Statistics Averages and Standard Deviations Average and Standard Deviation Practice Finding Averages and Standard Deviations

UNIVERSITY OF OSLO DEPARTMENT OF ECONOMICS

Chapter 11 Systematic Sampling

Chapter 8: Statistical Analysis of Simulated Data

To use adaptive cluster sampling we must first make some definitions of the sampling universe:

A note on An efficient certificateless aggregate signature with constant pairing computations

CIS 800/002 The Algorithmic Foundations of Data Privacy October 13, Lecture 9. Database Update Algorithms: Multiplicative Weights

Parameter, Statistic and Random Samples

Lecture 02: Bounding tail distributions of a random variable

1. Overview of basic probability

PTAS for Bin-Packing

Hard Core Predicates: How to encrypt? Recap

d dt d d dt dt Also recall that by Taylor series, / 2 (enables use of sin instead of cos-see p.27 of A&F) dsin

9 U-STATISTICS. Eh =(m!) 1 Eh(X (1),..., X (m ) ) i.i.d

Investigating Cellular Automata

The Mathematical Appendix

3. Basic Concepts: Consequences and Properties

is the score of the 1 st student, x

2SLS Estimates ECON In this case, begin with the assumption that E[ i

Chapter 4 (Part 1): Non-Parametric Classification (Sections ) Pattern Classification 4.3) Announcements

Analysis of Variance with Weibull Data

Entropy ISSN by MDPI

Special Instructions / Useful Data

2.28 The Wall Street Journal is probably referring to the average number of cubes used per glass measured for some population that they have chosen.

Midterm Exam 1, section 1 (Solution) Thursday, February hour, 15 minutes

Permutation Tests for More Than Two Samples

A New Measure of Probabilistic Entropy. and its Properties

Outline. Point Pattern Analysis Part I. Revisit IRP/CSR

TESTS BASED ON MAXIMUM LIKELIHOOD

SPECIAL CONSIDERATIONS FOR VOLUMETRIC Z-TEST FOR PROPORTIONS

CHAPTER 4 RADICAL EXPRESSIONS

Unimodality Tests for Global Optimization of Single Variable Functions Using Statistical Methods

ABOUT ONE APPROACH TO APPROXIMATION OF CONTINUOUS FUNCTION BY THREE-LAYERED NEURAL NETWORK

Evaluation of uncertainty in measurements

UNIVERSITY OF OSLO DEPARTMENT OF ECONOMICS

Lecture 9: Tolerant Testing

X ε ) = 0, or equivalently, lim

Bounds on the expected entropy and KL-divergence of sampled multinomial distributions. Brandon C. Roy

A NEW LOG-NORMAL DISTRIBUTION

Statistics of Random DNA

ESS Line Fitting

Point Estimation: definition of estimators

STATISTICAL PROPERTIES OF LEAST SQUARES ESTIMATORS. x, where. = y - ˆ " 1

The number of observed cases The number of parameters. ith case of the dichotomous dependent variable. the ith case of the jth parameter

9.1 Introduction to the probit and logit models

MULTIDIMENSIONAL HETEROGENEOUS VARIABLE PREDICTION BASED ON EXPERTS STATEMENTS. Gennadiy Lbov, Maxim Gerasimov

Lecture 1. (Part II) The number of ways of partitioning n distinct objects into k distinct groups containing n 1,

PROJECTION PROBLEM FOR REGULAR POLYGONS

Comparing Different Estimators of three Parameters for Transmuted Weibull Distribution

( ) = ( ) ( ) Chapter 13 Asymptotic Theory and Stochastic Regressors. Stochastic regressors model

= 1. UCLA STAT 13 Introduction to Statistical Methods for the Life and Health Sciences. Parameters and Statistics. Measures of Centrality

STA 105-M BASIC STATISTICS (This is a multiple choice paper.)

Bias Correction in Estimation of the Population Correlation Coefficient

Homework 1: Solutions Sid Banerjee Problem 1: (Practice with Asymptotic Notation) ORIE 4520: Stochastics at Scale Fall 2015

STK4011 and STK9011 Autumn 2016

STA302/1001-Fall 2008 Midterm Test October 21, 2008

Lecture 2 - What are component and system reliability and how it can be improved?

The Occupancy and Coupon Collector problems

Dimensionality Reduction and Learning

Transcription:

Idstgushable of AES-Based PRNG agast Modfcato Attack Based o Statstcal Dstace Tests ad Etropy Measures Sat Idarja ad Belawat Wdjaja Abstract Due to prevous research, AES-based PRNG s ot affected by serto attack ( radom maer) uder level of sgfcat α = 0.01, eve t caused some faled tests radomess. Completg the research, the wrters do the observato of the modfcato attack radom maer agast the output sequece of AES-based PRNG that s lmted to 1-bt modfcato attack. The tests are performed by applyg statstcal dstace test betwee the output sequece before ad after the attack. To assure the attack effect, we also measure the etropy values of the sequece before ad after attack ad compare them. The attack scearo s stll the same as the prevous research [see 3], except replacg the serto wth modfcato ad parameter = 0.001. The results show that the modfcato attack does ot gve the sgfcat effect o the radomess property of the AES-based PRNG. It was proved from 60 expermets of 1-bt modfcato attack, that the maxmum statstcal dstaces are stll far away from = 0.001. Ad the chage of the etropy source after the attack are very small ad also stll far away from the = 0.001. Idex Terms AES based PRNG, modfcato attack, statstcal dstace, etropy. I. INTRODUCTION Radomess s a very mportat role cryptographc applcato. The purpose s to guaraty that the crtcal tems such as ecrypto keys, seed, talzato vector (IV), oce (umber oly oce), ad other parameters that are eeded cryptographc applcato are radom. Ths lead to assure that the cryptographc system s ot weak agast the adversary attacks [1]. Some attacks are focus o radom geerators (RNGs/PRNGs) order to reduce or eve destroy the radomess property of the geerators. The attacks ca be performed several approaches, such as compromse the teral state to fgure out the seed (put) of the radom geerator, mapulate the output to make t bas, By destroyg the radomess property of the RNG/PRNG, the cryptographc system wll fal that lead to the dsclosure of the secret value such as key or/ad the message. [2] From prevous research wth ttle Measurg the Iserto attack effect o radomess property of AES-based PRNG, t was proved that the effect of serto attack s ot sgfcat reducg the radomess property of AES-based PRNG. From total 145 expermets wth 10 3 Mauscrpt receved December 24, 2012; revsed March 1, 2013. Sat Idarja s wth Natoal Crypto Isttute, Idoesa (e-mal: sat.darja@sts-c.ac.d, sat_darja@yahoo.com). Belawat Wdjaja s wth Faculty of Computer Scece, Uversty of Idoesa (e-mal : bela@cs.u.ac.d). samples of szes 10 6 bts, t was showed that the radomess reducto s about 21,4% whch faled at most oly 3 tests each expermet uder level of sgfcatly α = 0.01. Ad from the statstcal dstace test, the output sequeces of the AES-based PRNG before ad after the serto attack could ot be dstgushed uder = 0.01 [3]. Ht prevous paper dd ot clude CBC-mode. I ths paper we propose 1-bt modfcato attack agast AES-based PRNG for all varat each mode of CBC, OFB, CTR ad CBC. The purpose s to see the effect of the modfcato attack agast radomess property of AES-based PRNG comparg wth the effect of the serto attack. The scearo attack s stll the same wth the prevous research, oly replace the serto bt process at the poted locato wth the bt modfcato by flppg the target bt to ts complemet such bt 1 to 0 ad vce versa. From expermet results, t s showed that the modfcato attack does ot gve sgfcat effects agast the radomess property of the AES-based PRNG. It s proved from the whole statstcal dstace tests ad the etropy measuremets that the dfferet betwee the output sequeces before ad after the attack s very lttle ad stll far away from = 0.001. II. BACKGROUND THEORIES A. Advaced Ecrypto Stadard (AES) As we kow AES s wdely used some securty applcato for ecrypto ad also as PRNG usg mode ecrypto. AES s adopted as a substtuto of Data Ecrypto Stadard (DES). AES has 128-bt legth of block wth three varety of keys are 128-bts, 192-bts ad 256-bts. AES parameter ca be see o Table 1. There are 4 dfferet stages used a sgle roud of AES.e. byte substtuto, shft row, mx colums, ad add roud key. For the last roud there s o shft row [4]. I a block cpher mplemetato, there are some modes of ecrypto ca be used to provde the sutable structure certa applcato such as develop AES-based PRNG,.e. Electroc Code Book (EBC), Cpher Block Chag (CBC), Output Feedback (OFB) ad Cpher Feedback (CFB) ad Couter Mode (CTR) [4]. B. Cocept of Radomess All Radom sequeces geerally dvded to two classes.e. truly radom sequeces ad pseudoradom sequeces, that produced by RNG ad PRNG respectvely. RNG s defed as a system whose outputs cossts of fully upredctable (.e., statstcally depedet ad ubased) DOI: 10.7763/LNSE.2013.V1.68 314

bts. I securty applcatos, the upredctablty of the output mples that the geerator must be also ot observable or eve mapulated by ay attacker. A true radom bt geerator usually based o some kd of o-determstc pheomea. PRNG s defed as a fucto that, oce talzed wth some radom value (called the seed), outputs a sequeces that appears radom, the sese that a observer who does ot kow the value of the seed caot dstgush the output from that of a (true) radom geerator. PRNG s a determstc process where put t back the same state wll reproduce the same sequece. [5] C. Statstcal Dstace Statstcal dstace s used to see the closeess betwee two dfferet dstrbutos. Here, a output sequece of AES-based PRNG s assumed as a varable radom that has uform dstrbuto. The dstrbuto s assumed to be chaged after the attack. So that to measure whether they are dfferet ad ca be dstgushed, they wll be tested usg statstcal dstace. Defto 1 Let x ad y be radom varables takg o values a fte set S. The statstcal dstace betwee x ad y s defed as [6]. S 1/ 2 Pr( x ) Pr( y ) (1) Corollary: If we apply the statstcal dstace patter the the statstcal dstace betwee x ad y become 1 Pr( x ) Pr( y ) (2) 2 S Defto 2 A algorthm D dstgushes x ad y wth the advatage f ad oly f Pr( D ( x) 1) Pr( D( 1) (3) If the statstcal dstace betwee x ad y s less tha the o algorthm dstgushes x ad y wth advatage. Ad from other lterature t s stated that two radom varables are -closed f (x, based o the maxmum statstcal dstace [7] max Pr( X ) Pr( Y ) S Goldrech also sad that two esembles X ad Y are statstcally close f ther statstcal dfferece s eglgble, where the statstcal dfferece (also kow as varato dstace) s defed as the fucto (1). He sad that f the esembles X ad Y are statstcally close, the they are also polyomal-tme-dstgushable [8]. D. Etropy A good pseudoradom geerator should be upredctable. Ths meas that the geerato of each output bt should be mutually exclusve ad mutually depedet oe aother. Beg upredctable wll cause of guessg the ext bt s feasble for a adversary eve has some kowledge of (4) prevous bts. Ths property s related to ucertaty of the output sequece, the more ucerta of the sequece the more upredctable. Defto 3 Cosder a dscreet radom varable X, wth possble outcome x, = 1, 2,,. The the Self formato of the evet X = x s defed as 1 I( x ) log log x ) x ) (5) Cosder a bary source whch tosses a far co wth output a 1 f a head ad a 0 f a tal. The formato cotaed of each output s log 2 (0.5)= 1 bt. Suppose a radom sequece X = x 1, x 2,, x are produced statstcally depedet by ths source, the the total possble outputs are 2 wth equal probablty 1/2 of each. The formato value of a -bt block s m I( x ) log x ) log (2 2 2 ) m Etropy s a ucertaty measuremet of a dstrbuto that deotes the average self-formato of a radom varable. Defto 4 Cosder a probablty dstrbuto D = p 1, p 2,, p the the etropy of D s defed as 1 H b ( D) p log p p log (6) b p E. Attack o PRNG b 1 1 The most mportat problem that ca cause the defects o radom geerator, s a mapulato attempts such as ject a sgal to force the output stream bts whch s udetected statstcal test. I other words, the radom source stll passes the radomess statstcal tests eve t was jected by certa sgal. [5]. Goldrech sad that moder cryptography s cocered wth the costructo of schemes that should be able to wthstad ay abuse, ad the schemes are desged so as to mata a desred fuctoalty, eve uder malcous attempts amed at makg them devate from ther fuctoalty. A adversary attackg a system wll try to mapulate the evromet to utypcal states. [8]. Other attack s by mapulatg a Troja horse that lvg the system to provde the access to get a crtcal etty produced such as the seed of the radom geerator or the output stream bts. A Troja horse also could be mapulated to defect the statstc dstrbuto of output of the radom geerator such that the output s very sestve to the put etropy. A attacker also ca put a Troja horse the RNG/PRNG (hdde) wthout detectable to perform some attacks such as serto, deleto or eve repetto of the output produced so that the radomess s ot a guaraty [10]. III. EXPERIMENTS AND RESULTS A. Expermet Model Attack s mouted o each output sequece of all 3 (three) varats of AES wth 4 (four) dfferet mode CBC, OFB, 315

CFB ad CTR. Total radom output samples of oe varat are 1000 samples wth sze 10 6 of each sample. The seed that s used to produce the output sequece are the same for all varat ad geerated usg Radom C. AES-based PRNG seed To assure the results, we also measure the etropy value of the sequece before ad after the attack. Ad we see whether the dfferece s sgfcat or ot by usg the same parameter = 0.001. If the dfferece bgger tha = 0.001 tha we could say that the attack has the sgfcat effect o the radomess of the PRNG, otherwse ot. The tests are mouted based o o overlappg patter 1, 2, 3, 4 ad 8 to see the effect chages o the PRNG. 010 Modfcato Attack 5 levels 32 64 12 8 001 110 011 25 6 010 51 2 101 B. Results The expermet results show that the modfcato attack does ot affect sgfcatly o the AES-based PRNG. The maxmum statstcal dstace for AES-128, AES-192 ad AES-256 are 0.00002885, 0.0000237 ad 0.00002578 respectvely. All the values occurred o CBC-mode 32-bt level, whch are stll far away from the parameter = 0.001. Calculato of (x, ad Etropy Data of (x, ad Etropy Fg. 1. Expermet model. Attack s coducted by flppg the poted bt that s determed based o a radom sequece. The locato of modfcato bt s determed based o the decmal value of 2 log b bts where b bts are take from a radom sequece. The radom sequece s also geerated by Radom C. The modfcato attack s performed fve level blocks are 32-bts, 64-bts, 128-bts, 256-bts ad 256-bts. See the expermet model Fg. 1. To see the effect of the serto attack o the radomess property of AES-based PRNG, the sequece before ad after modfcato attack wll be evaluated by moutg the statstcal dstace test. To assure the result of the statstcal dstace test, the two sequeces (before ad after the attack) wll be evaluated by measurg the etropy value of each ad the compare them to see ay chage of the etropy value after the attack. Frst, we assume that the two output sequeces (from the AES-based PRNG) before ad after the attack are havg dfferet dstrbuto because of the attack. Our hypothess that the two sequeces ca be dstgushed uder a lttle parameter of = 0.001 (dfferet wth prevous research that used stregthe parameter,.e., = 0.01). Here we measure the statstcal dstace based o the maxmum dstace ad the values of (x,. If the maxmum statstcal dstace betwee two dstrbuto s less the = 0.001 the the two dstrbutos are -close or the two dstrbuto could ot be dstgushed. Ths meat that the modfcato attack does ot gve the effect sgfcatly o the radomess property of the PRNG. O the other sde, f the maxmum statstcal dstace are bgger tha the = 0.001 the we could say the two sequeces ca be dstgushed uder the advatage of = 0.001. Ths leads to the cocluso that the attack has the sgfcat attack o the PRNG. b). Max etropy dfferece Fg. 2. Modfcato attack effect o AES-128 CTR. b). Max etropy dfferece Fg. 3. 1-bt modfcato attack effect o AES-128 CBC. The example of expermet results of the attack o AES-128 wth mode CTR, CBC, CFB ad OFB are preseted Fg. 2 to Fg. 5, respectvely. Frst part of each fgure shows all maxmum statstcal dstace values from each expermet (part a) ad secod part shows all maxmum etropy dfferece values obtaed from each expermet (part b). O part b, we specfy the hghest maxmum etropy value. From the results, we could see that geeral the attack gves more effect o level block 32-bt of modfcato ad wll decrease for the bgger sze (64-bt, 128-bt, 256-bt ad 512-bt). It happeed because bgger sze of block caused lesser bt to be chaged. Because all the maxmum dstace values resulted stll far away uder = 0.001, the to see the attack effect o each varace or mode, the we focus o statstcal dstace values that are bgger tha 0.00001. 316

b). Max etropy dfferece Fg. 4. 1-bt modfcato attack effect o AES-128 CFB. AES-varace s dfferetly affected agast the modfcato attack based o radomess test usg NIST tools. As a slght comparso from prevous research, the mode CTR has the worst effect agast the serto attack, otherwse the mode CFB s less affected agast the serto attack. Ths cotradctve wth the fact the modfcato attack results where s mode CTR ths case got the less effect. From a lttle comparso betwee the result of 1-bt serto attack o AES-128 mode OFB (see Fg. 4) ad o AES-192 mode OFB (see Fg. 6), we ca fd a terestg fact where the total values that acheve 0.00001 or more o Fg. 6 s 20 values or 80% that very further tha occurred o Fg. 4 whch oly has 6 values or 24%. b). Max etropy dfferece Fg. 5. 1-bt modfcato attack effect o AES-128 OFB. From all varaces, we detfy that total maxmum statstcal dstace that bgger tha 0.00001 for all modes are close, but we ca see that mode CTR has the lowest amout whch dcates that the attack effect o ths mode s less sgfcat tha others (see Table I). O the other sde, mode CBC got the worse effect. Ad from the etropy measuremets, as we ca see o Table II, the maxmum etropy dfferece values for each mode o each varace are stll less tha 0.0001. TABLE I: COMPOSITION OF MAX STATISTICAL DISTANCE VALUE > 0.00001 ON EACH VARIANCE AES-128 AES-192 AES-256 CTR 5(20%) 3(15%) 3(15%) CBC 6(24%) 6(24%) 9(36%) CFB 6(24%) 5(20%) 6(24%) OFB 3(12%) 5(20%) 6(24%) TABLE II: MAXIMUM DIFFERENCE ENTROPY VALUES ON EACH MODE AES-128 AES-192 AES-256 CTR 0.00007079 0.00008018 0.00007546 CBC 0.00013602 0.00015587 0.00016850 CFB 0.00008354 0.00007970 0.00007328 OFB 0.00008734 0.00008229 0.00008171 These all bggest etropy dfferece values occurred level block 32-bt o patter 8. The terestg facts that all the bggest maxmum statstcal dstace value o each varace, occurred o mode CBC o level block 32-bt. O Table II, we ca also see that the etropy dfferece o mode CBC s bgger tha the other modes. Ths dcates that the modfcato attack affects AES-based PRNG wth mode BC more sgfcatly tha other modes. Furthermore, f t wll be aalyzed more whether each of b). Max etropy dfferece Fg. 6. 1-bt serto attack effect o AES-192 CFB. TABLE III: THE COMPARISON 1-BIT MODIFICATION ATTACK AND 1-BIT INSERTION ATTACK AES-128 max stat dstace dfferece 1-bt radom serto max etropy dfferece 32 64 128 32 64 128 OFB 0.0000400 0.0000431 0.0000416 0.0001255 0.0001364 0.0001453 CTR 0.0000397 0.0000373 0.0000368 0.0001194 0.0001194 0.0001340 CFB 0.0000518 0.0000472 0.0000559 0.0001672 0.0001343 0.0001556 max stat dstace dfferece 1-bt modfcato max etropy dfferece 32 64 128 32 64 128 OFB 0.0000206 0.0000103 0.0000104 0.0000873 0.0000479 0.0000732 CTR 0.0000225 0.0000098 0.0000075 0.0000755 0.0000570 0.0000489 CFB 0.0000179 0.0000125 0.0000094 0.0000111 0.0000068 0.0000044 Ths dcates that o ths case, the 1-bt serto attack gves more sgfcat effect rather tha the modfcato attack. It mght be because the serto attack chages ot oly the patter but also cause the posto shftg of the cosecutve bts at some places. Otherwse the modfcato attack oly chages the patter but ot cause the posto chage or shftg bts. To see more deeply we provde the comparso of the two attacks o AES-128 wth mode OFB, CTR ad CFB block level 32-bt, 64-bt ad 128-bt (see Table III). We ca see that all the values o the serto attack are bgger tha o the modfcato attack. Ths dcates that the last attack gve less effect tha the frst. To get more complete results, we wll explore more ths comparso ( progress). From the measuremet of the etropy value we could see that the dfferece betwee the sequece before ad after the attack stll very small ad far away from the parameter = 0.001. Eve the bggest statstcal dstace value for each varace are stll less tha 0.0001 whch s dcates that the 317

1-bt modfcato attack does ot gve the sgfcat effect uder = 0.001. From the results we could sad that there s o sgfcat chage o the etropy value of each two compared sequeces. Ths meas that the etropy after the attack s stll close to the etropy value before the attack. It leads to the thought that the modfcato attack does t gve the sgfcat effect agast the AES-based PRNG. Ths stregtheed the statstcal dstace test results. So from the two measuremets that provde all values stll smaller the parameter = 0.001, the we come to the cocluso that the output sequeces from the AES-based PRNG before ad after the attack stll could ot be dstgushed uder = 0.001. Ad from the partal comparso betwee the 1-bt modfcato attack ad the 1-bt serto attack, we see that the frst attack has the smaller value that dcates the modfcato attack has less sgfcat effect tha the serto attack. IV. CONCLUSION AND OPEN PROBLEM Based o the expermets, we coclude that the modfcato attack does ot affect sgfcatly agast the radomess property of the AES-based PRNG uder advatage of = 0.001. Ad the modfcato attack also does ot cause the sgfcat chage o the etropy values of the output of the AES-based PRNG uder advatage of = 0.001. To completg the research, t s stll eed to exted the research o other PRNG algorthm or stream cpher to see whether ths attack does ot gve the effect sgfcatly oly o AES or also o the other algorthm. Ad also t s stll eed to explore the theoretcal approach to prove why ths modfcato attack does ot affect the radomess property of the output sequeces of a AES-based PRNG. Uversty of Idoesa ad Dr. Ade from Computer Scece faculty, Uversty of Idoesa for the dea to exted the research to modfcato attack. Thaks to our freds Ad Nugraha, Kempo ad Ggh from Natoal Crypto Isttute for help us performg the expermets REFERENCES [1] D. Eastlke, J. Schller, ad S. Crocker. (2005). Radomess Requremets for Securty, RFC 4086 (obsoletes RFC1750). [Ole]. Avalable: http://www.etf.org/rfc/rfc4086.txt [2] N. Ferguso ad B. Scheer, Practcal Cryptography, Wley Publshg, Ic., Idaapols, USA, 2003. [3] S. Idarja ad B. Wdjaja, Measurg the serto attack effect o radomess property of AES-based PRNG, IPCSIT, vol. 40 2012, pp. 118-122. [4] S. Wllam, Cryptography ad Network Securty: Prcples ad Practces, 4 th ed., Pearso Educato, Ic., 2005. [5] H. C. A. V. Tlborg, Ecyclopeda of Cryptography ad Securty, Sprger, USA, 2005. [6] Farashah, Schoemaker, ad Sdoreko, Effcet of Pseudoradom Geerators based o DDH Assumpto, Proc. the 10 th PKC coferece, Sprger-verlag, Berl, 2007. [7] Y. Wag, A comparso of two approaches to the radomess, Theor. Comput. Sc., vol. 276, o. 1-2, pp. 449-459, 2002. [8] O. Goldrech, Foudato of Cryptography: Volume I Basc Tools, Eglad: Cambrdge Uversty Press, 2001. [9] R. Bose, Iformato Theory, Codg ad Cryptography, Tata McGraw Hll, New Delh, 2002. [10] Y. Adam ad Y. Mot, Malcous Cryptography, USA: Joh Wlley & Sos, 2004, Sat Idarja was bor Jakarta, Idoesa, o August 29, 1969. She s Academc Staff of Natoal Crypto Isttute, Idoesa. She s Magster of Iformato System Maagemet, Uversty of Guadarma, Idoesa 2006. She roles as a studet of Doctoral Program Faculty of Computer Scece, Uversty of Idoesa sce September 2010. Belawat Wdjaja s Academc Staff of Faculty of Computer Scece, Uversty of Idoesa. She obtaed her Doctor of Phlosophy, Departmet of Mathematcs, Uversty of Ketucky, USA 1968. ACKNOWLEDGMENT Thaks to Dr. Kk from Mathematcal Departmet, 318

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback