Towards a Cryptanalysis of Scrambled Spectral-Phase Encoded OCDMA

Similar documents
Encryption at the Speed of Light? Towards a cryptanalysis of an optical CDMA encryption scheme

Lecture 32. Handout or Document Camera or Class Exercise. Which of the following is equal to [53] [5] 1 in Z 7? (Do not use a calculator.

B. Substitution Ciphers, continued. 3. Polyalphabetic: Use multiple maps from the plaintext alphabet to the ciphertext alphabet.

DUBLIN CITY UNIVERSITY

Public Key Cryptography Great Ideas in Theoretical Computer Science Saarland University, Summer 2014

Cryptography Math 1580 Silverman First Hour Exam Mon Oct 2, 2017

Example Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext

Cryptography. Module in Autumn Term 2016 University of Birmingham. Lecturers: Mark D. Ryan and David Galindo

Cryptanalysis on short messages encrypted with M-138 cipher machine

Problem Sheet 1 Probability, random processes, and noise

DES Data Encryption standard

Digital Modulation Schemes

Block Ciphers Security of block ciphers. Symmetric Ciphers

Classical Cryptography

OFDM Based Low Power Secured Communication using AES with Vedic Mathematics Technique for Military Applications

A Practical Method to Achieve Perfect Secrecy

DUBLIN CITY UNIVERSITY

Data security (Cryptography) exercise book

Diffie-Hellman key-exchange protocol

Conditional Cube Attack on Reduced-Round Keccak Sponge Function

Lecture 1: Introduction

Generic Attacks on Feistel Schemes

Lecture #2. EE 471C / EE 381K-17 Wireless Communication Lab. Professor Robert W. Heath Jr.

Introduction to Cryptography

Network Security: Secret Key Cryptography

MA 111, Topic 2: Cryptography

The number theory behind cryptography

Secret Key Systems (block encoding) Encrypting a small block of text (say 128 bits) General considerations for cipher design:

Simulation of Optical CDMA using OOC Code

Physical Layer: Modulation, FEC. Wireless Networks: Guevara Noubir. S2001, COM3525 Wireless Networks Lecture 3, 1

Merkle s Puzzles. c Eli Biham - May 3, Merkle s Puzzles (8)

M.E(I.T) Student, I.T Department, L.D College Of Engineering, Ahmedabad, Gujarat, India

ElGamal Public-Key Encryption and Signature

Stream Ciphers And Pseudorandomness Revisited. Table of contents

CHAPTER 2. Instructor: Mr. Abhijit Parmar Course: Mobile Computing and Wireless Communication ( )

Digital modulation techniques

Cryptography CS 555. Topic 20: Other Public Key Encryption Schemes. CS555 Topic 20 1

Quasi group based crypto-system

Generic Attacks on Feistel Schemes

Chapter 4 MASK Encryption: Results with Image Analysis

Thus there are three basic modulation techniques: 1) AMPLITUDE SHIFT KEYING 2) FREQUENCY SHIFT KEYING 3) PHASE SHIFT KEYING

Downloaded from 1

Chapter 4 The Data Encryption Standard

Example Enemy agents are trying to invent a new type of cipher. They decide on the following encryption scheme: Plaintext converts to Ciphertext

Discrete Mathematics & Mathematical Reasoning Multiplicative Inverses and Some Cryptography

Chapter 4. Part 2(a) Digital Modulation Techniques

Wireless Communication Fading Modulation

Lecture 3: Wireless Physical Layer: Modulation Techniques. Mythili Vutukuru CS 653 Spring 2014 Jan 13, Monday

Multi-user, 10 Gb/s spectrally. coded O-CDMA system with hybrid chip and slot-level timing coordination

Secure Function Evaluation

Cryptography, Number Theory, and RSA

EE 418 Network Security and Cryptography Lecture #3

Chapter 7 Multiple Division Techniques for Traffic Channels

Secure communication based on noisy input data Fuzzy Commitment schemes. Stephan Sigg

Mathematics Explorers Club Fall 2012 Number Theory and Cryptography

TMA4155 Cryptography, Intro

Wireless Communication: Concepts, Techniques, and Models. Hongwei Zhang

Modulation (7): Constellation Diagrams

Running head: SIMPLE SECRECY. Simple Secrecy: Analog Stream Cipher for Secure Voice Communication. John Campbell

Fundamentals of Digital Communication

Mobile & Wireless Networking. Lecture 2: Wireless Transmission (2/2)

Chaos based Communication System Using Reed Solomon (RS) Coding for AWGN & Rayleigh Fading Channels

B.Tech II Year II Semester (R13) Supplementary Examinations May/June 2017 ANALOG COMMUNICATION SYSTEMS (Electronics and Communication Engineering)

Amplitude Frequency Phase

Dr. V.U.K.Sastry Professor (CSE Dept), Dean (R&D) SreeNidhi Institute of Science & Technology, SNIST Hyderabad, India. P = [ p

CAPACITY ENRICHMENT OCDMA BASED ON ALGORITHM OF NOVEL FLEXIBLE CROSS CORRELATION (FCC) ADDRESS CODE

RF Basics 15/11/2013

Lecture 3 Concepts for the Data Communications and Computer Interconnection

Department of Electronics and Communication Engineering 1

Digital data (a sequence of binary bits) can be transmitted by various pule waveforms.

QUESTION BANK SUBJECT: DIGITAL COMMUNICATION (15EC61)

Problems from the 3 rd edition

FPGA BASED DIGITAL QPSK MODULATORS FOR ADVANCED KA-BAND REGENERATIVE PAYLOAD. Kishori Lal Sah, TVS Ram, V. Ramakrishna and Dr.

A STENO HIDING USING CAMOUFLAGE BASED VISUAL CRYPTOGRAPHY SCHEME

Universitas Sumatera Utara

PROJECT 5: DESIGNING A VOICE MODEM. Instructor: Amir Asif

MAT 302: ALGEBRAIC CRYPTOGRAPHY. Department of Mathematical and Computational Sciences University of Toronto, Mississauga.

Chapter 1 INTRODUCTION TO SOURCE CODING AND CHANNEL CODING. Whether a source is analog or digital, a digital communication

Journal of Discrete Mathematical Sciences & Cryptography Vol. ( ), No., pp. 1 10

High Diffusion Cipher: Encryption and Error Correction in a Single Cryptographic Primitive

A Cryptosystem Based on the Composition of Reversible Cellular Automata

Automated Analysis and Synthesis of Block-Cipher Modes of Operation

Codes and Nomenclators

EE 460L University of Nevada, Las Vegas ECE Department

EE 418: Network Security and Cryptography

o Broken by using frequency analysis o XOR is a polyalphabetic cipher in binary

Design of a Digital Transmission System Using ASAK for the Transmission and Reception of Text Messages Using LABVIEW

COHERENT DETECTION OPTICAL OFDM SYSTEM

Drill Time: Remainders from Long Division

Spread Spectrum. Chapter 18. FHSS Frequency Hopping Spread Spectrum DSSS Direct Sequence Spread Spectrum DSSS using CDMA Code Division Multiple Access

Chaos Encryption Method Based on Large Signal Modulation in Additive Nonlinear Discrete-Time Systems

Chapter-1: Introduction

Symmetric-key encryption scheme based on the strong generating sets of permutation groups

A Novel Encryption System using Layered Cellular Automata

CSCI-1680 Physical Layer Rodrigo Fonseca

QUESTION BANK EC 1351 DIGITAL COMMUNICATION YEAR / SEM : III / VI UNIT I- PULSE MODULATION PART-A (2 Marks) 1. What is the purpose of sample and hold

HY448 Sample Problems

CONSTRUCTION AND PERFORMANCE STUDIES OF A PSEUDO-ORTHOGONAL CODE FOR FIBER OPTIC CDMA LAN

DIGITAL COMMINICATIONS

V.Sorge/E.Ritter, Handout 2

Transcription:

Towards a Cryptanalysis of Scrambled Spectral-Phase Encoded OCDMA Sharon Goldberg* Ron Menendez **, Paul R. Prucnal* *, **Telcordia Technologies OFC 27, Anaheim, CA, March 29, 27

Secret key Security for Encryption Schemes Ciphertext Plaintext E k (m 1 ), E k (m 2 ),, E k (m 1 ) k Alice k Bob Defining security: Ciphertext Only (COA): Given ciphertexts, Eve can t recover m 1,, m 1 Known Plaintext (KPA): Given ciphertexts, Eve can t learn m 1 even if m 2,, m 1 known e.g., SONET header e.g., SONET payload Kerchoff s Principle (1883): System should be secure even if encryption / decryption algorithms are known, as long as key is secret.

Secret key The (Digital) One Time Pad Ciphertext Plaintext E k (m) = k XOR m k k Every bit of plaintext gets new bit of key so Eve cannot learn m 1 even if m 2,, m 1 known Major Limitation: key length = message length Generating and sharing the key is expensive Digital solutions: Block ciphers like AES, Stream ciphers like RC4 Can we encrypt at data optically faster than we could electronically? Can optics do more than the digital one-time-pad?

Encoder Spectral Phase Encoded Optical CDMA (1) W i = 1 Data cosωit π π Codeword network Codeword Time ω 1 ω 2. ω W Codeword in time Codeword in time Use orthogonal codewords W frequencies W codewords

Encoder Spectral Phase Encoded OCDMA Data Codewords Plaintext Secret key Previous ciphertext-only attacks: On-off-keying: Eve uses energy detection to distinguish & 1 Isolated code: Eve learns codeword by comparing adjacent phase elements [Shake 5] Eve uses spectrum to distinguish & 1 [Leaird-Jiang-Weiner 5]

Encoder Spectral Phase Encoded OCDMA Data Codewords Plaintext Secret key Previous ciphertext-only attacks: Use constant energy modulation On-off-keying: Eve uses energy detection to distinguish (2-code-keying & 1 or PSK) Isolated code: Eve learns codeword by comparing adjacent phase elements [Shake 5] Eve uses spectrum to distinguish & 1 [Leaird-Jiang-Weiner 5]

Scrambled Spectral Phase Encoded OCDMA (1) Encoder Data Codewords Previous ciphertext-only attacks: On-off-keying: Eve uses energy detection Use constant energy modulation (2-code-keying or PSK) Isolated code: Eve learns codeword by comparing Use adjacent N tributaries phase elements (Inverse Mux) [Shake 5] Eve uses spectrum to distinguish & 1 [Leaird-Jiang-Weiner 5] Small codeset: Eve builds detector, tries decoding with each of the W possible codewords

Scrambled Spectral Phase Encoded OCDMA (1) Encoder Data Codewords Key Key Previous ciphertext-only attacks: On-off-keying: Eve uses energy detection Use constant energy modulation (2-code-keying or PSK) Isolated code: Eve learns codeword by comparing Use adjacent N tributaries phase elements (Inverse Mux) [Shake 5] Eve uses spectrum to distinguish & 1 [Leaird-Jiang-Weiner 5] Small codeset: Eve builds detector, tries decoding with each of the W possible codewords Now there are 2 W codewords [Menendez-et.al-25] [Xue-Du-Yoo-Ding-26]

Scrambled Spectral Phase Encoded OCDMA (2) Encoder φ 1 φ 2 φ N Data Codewords Key Key Extra entropy: N unknown intertributary phases! W unknown key bits

Encoder Security of Scrambled SPE-OCDMA φ 1 Unknown to Eve φ 2 φ N Plaintext Data Codewords Key Brute Force: Ciphertext-only exhaustive search thru 2 Frequencies keys

Encoder Security of Scrambled SPE-OCDMA φ 1 Unknown φ 2 φ N Plaintext Data Codewords Key Here we assume all secrecy in the system comes from the scrambler key. By Kerchoff s Principle, we assume that codewords are known to Eve. Brute Force: Result 1: Result 2: Ciphertext-only exhaustive search thru 2 Frequencies keys Known plaintext exhaustive search thru 2 Tributaries keys Need 1 known plaintext and 1 set of measurements Can immediately learn key without exhaustive search Need 2 known plaintexts and 2 sets of measurements

Encoder Data Eve s set of measurements φ 1 φ 2 φ N Codewords Key E ( t) = k i N i j= 1 Electric field at frequency ω i Key phases Tributaries θ dj cos( ω t + φ ) ij Codes i Inter-tributary phases Data Plaintext j Use balanced coherent detection at each frequency [Shake 25] E i LO (t) i = cosω t In our attacks: For each known plaintext, we assume Eve gets W simultaneous (noise-free) current measurements i Obtain analog measure of current I i ( t) k Measurement N i j= 1 θ d ij j cos( φ ) j

Result 1: Reducing exhaustive search space W Frequencies W Frequencies y y= = diag(k) Θ T d d measurement real valued Θ T W Frequencies W W Frequencies key codes discrete {1,-1} discrete {1,-1} cos(φ) N Tribs N Tribs N Tribs plaintext discrete {1,-1} cos(φ) N Tribs inter-trib phases real valued known?secret known known?unknown 1. Eve obtains a coherent measurement set y and a known plaintext d 2. Eve has W equations in W + N unknowns On computer, guess just N key bits then solve for W-N remaining key bits 3. Eve tries the key on decoder. Stop if ungarbled data, else repeat step 2. Brute Force: Result 1: Ciphertext-only exhaustive search thru 2 Frequencies keys Known plaintext exhaustive search thru 2 Tributaries keys

Result 2: Learning the key with 2 known plaintexts W Frequencies y = diag(k) d measurement real valued known changes W Frequencies key discrete {1,-1}? secret fixed Θ T W Frequencies codes discrete {1,-1} known fixed N Tribs plaintext discrete {1,-1} known changes cos(φ) N Tribs inter-trib phases real valued? unknown changes 1. Eve gets 2 coherent measurement / known plaintext pairs (y 1,d 1 ) (y 2,d 2 ) 2. Eve has 2W equations in W + 2N unknowns where 2N W On computer solve the equations for the key k. What is dimension of solution space for this system of equations? If dimension N, there are 2 N solutions and Eve learns nothing. If there is a unique solution, Eve has learned the key

Result 2: Learning the key with 2 known plaintexts What is dimension of solution space for this system of equations? If there is a unique solution, Eve has learned the key For a system using Hadamard codes (e.g. [Menendez25]) with 2N=W Eve gets 2 plaintexts d 1,d 2 chosen at random and 2 noise-free measurements Probability of unique sol'n 1.75.5.25 4 8 16 32 64 128 Number of Tributaries N Theorem: If either known plaintext represents an odd number of bits then there is a unique solution. at least 75% of plaintext pairs give a unique solution Result 2: Can immediately learn key (w.h.p.) without exhaustive search Need 2 known plaintexts and 2 sets of measurements

Conclusion and Open Problems Scrambled spectral-phase encoded OCDMA: All secrecy from scrambler key (2 Frequencies keys) Tributary codewords are known Binary scrambling phases Plaintext Trib 1 Trib N combine Scram Key Our Attacks: Simultaneously measure electric field at f i for all f i Co-polarized local oscillator phase- & time- synchronized with incoming signal Coherent balanced detection and noise-free analog current measurement Parallelism is important! Results: Known plaintext exhaustive search thru 2 Tributaries keys (Need 1 known plaintext and 1 set of measurements ) Can immediately learn key without exhaustive search (Need 2 known plaintexts and 2 sets of measurements ) Open Issues: How often must the key be changed to secure the system? Non-idealized measurements (noisy matrices / integer linear programming) Including the tributary codewords in the key (i.e., make them secret)

Thanks: Boaz Barak Jennifer Rexford Moses Charikar Eugene Brevdo Parts of this work were supported by DARPA

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback