Attacks on Message Stream Encryption
نویسنده
چکیده
Message Stream Encryption (MSE) provides obfuscation, data confidentiality, and limited authentication to BitTorrent clients. Although obfuscation of header and payload data was the main design goal of MSE, users understandably still expect data confidentiality and authentication from their BitTorrent clients. In this paper, we present numerous attacks on the MSE protocol itself, independent of clients. We then test many popular BitTorrent clients for vulnerability to these attacks, resulting in a number of serious vulnerabilities in popular clients. These results are timely and significant due to the high penetration rate of BitTorrent clients.
منابع مشابه
VMPC-MAC: A Stream Cipher Based Authenticated Encryption Scheme
A stream cipher based algorithm for computing Message Authentication Codes is described. The algorithm employs the internal state of the underlying cipher to minimize the required additional-toencryption computational effort and maintain general simplicity of the design. The scheme appears to provide proper statistical properties, a comfortable level of resistance against forgery attacks in a c...
متن کاملCycling Attacks on GCM, GHASH and Other Polynomial MACs and Hashes
The Galois/Counter Mode (GCM) of operation has been standardized by NIST to provide singlepass authenticated encryption. The GHASH authentication component of GCM belongs to a class of WegmanCarter polynomial hashes that operate in the field GF(2). We present message forgery attacks that are made possible by its extremely smooth-order multiplicative group which splits into 512 subgroups. GCM us...
متن کاملPerformance Analysis of Hummingbird Cryptographic Algorithm using FPGA
Hummingbird is a novel ultralightweight Cryptographic Algorithm aiming at resource-constrained devices. It has a hybrid structure of block cipher and stream cipher and was developed with both lightweight software and lightweight hardware implementations for constrained devices in mind. Moreover, Hummingbird has been shown to be resistant to the most common attacks to block ciphers and stream ci...
متن کاملAnother Look at Tightness
We examine a natural, but non-tight, reductionist security proof for deterministic message authentication code (MAC) schemes in the multi-user setting. If security parameters for the MAC scheme are selected without accounting for the non-tightness in the reduction, then the MAC scheme is shown to provide a level of security that is less than desirable in the multi-user setting. We find similar ...
متن کاملAuthentication Failures in NIST version of GCM
In this note, we study the security of the Galois/Counter mode authenticated encryption recently published by NIST. We show how an adversary can recover the secret key of the keyed hash function underlying the authentication, using a chosen IV attack. Once this secret key is known, the encryption mode is no longer authenticated. As a con sequence, all chosen ciphertext attacks against the conf...
متن کامل