Security problems with improper implementations of improved FEA-M

Shujun Li; Kwok Tung Lo

doi:10.1016/j.jss.2006.05.002

Security problems with improper implementations of improved FEA-M

Shujun Li, Kwok Tung Lo

Research output: Journal article publication › Journal article › Academic research › peer-review

8 Citations (Scopus)

Abstract

This paper reports security problems with improper implementations of an improved version of FEA-M (fast encryption algorithm for multimedia). It is found that an implementation-dependent differential chosen-plaintext attack or its chosen-ciphertext counterpart can reveal the secret key of the cryptosystem, if the involved (pseudo-)random process can be tampered (for example, through a public time service). The implementation-dependent differential attack is very efficient in complexity and needs only O(n2) chosen plaintext or ciphertext bits. In addition, this paper also points out a minor security problem with the selection of the session key. In real implementations of the cryptosystem, these security problems should be carefully avoided, or the cryptosystem has to be further enhanced to work under such weak implementations.

Original language	English
Pages (from-to)	791-794
Number of pages	4
Journal	Journal of Systems and Software
Volume	80
Issue number	5
DOIs	https://doi.org/10.1016/j.jss.2006.05.002
Publication status	Published - 1 May 2007

Keywords

Chosen-ciphertext attack
Chosen-plaintext attack
Differential attack
FEA-M
Insecure implementation
Multimedia encryption
Pseudo-random process

ASJC Scopus subject areas

Computer Science Applications
Information Systems
Software

More information

10.1016/j.jss.2006.05.002

Cite this

@article{90f50618a3d2421cacf7e1e93f81a882,

title = "Security problems with improper implementations of improved FEA-M",

abstract = "This paper reports security problems with improper implementations of an improved version of FEA-M (fast encryption algorithm for multimedia). It is found that an implementation-dependent differential chosen-plaintext attack or its chosen-ciphertext counterpart can reveal the secret key of the cryptosystem, if the involved (pseudo-)random process can be tampered (for example, through a public time service). The implementation-dependent differential attack is very efficient in complexity and needs only O(n2) chosen plaintext or ciphertext bits. In addition, this paper also points out a minor security problem with the selection of the session key. In real implementations of the cryptosystem, these security problems should be carefully avoided, or the cryptosystem has to be further enhanced to work under such weak implementations.",

keywords = "Chosen-ciphertext attack, Chosen-plaintext attack, Differential attack, FEA-M, Insecure implementation, Multimedia encryption, Pseudo-random process",

author = "Shujun Li and Lo, {Kwok Tung}",

year = "2007",

month = may,

day = "1",

doi = "10.1016/j.jss.2006.05.002",

language = "English",

volume = "80",

pages = "791--794",

journal = "Journal of Systems and Software",

issn = "0164-1212",

publisher = "Elsevier Inc.",

number = "5",

}

TY - JOUR

T1 - Security problems with improper implementations of improved FEA-M

AU - Li, Shujun

AU - Lo, Kwok Tung

PY - 2007/5/1

Y1 - 2007/5/1

N2 - This paper reports security problems with improper implementations of an improved version of FEA-M (fast encryption algorithm for multimedia). It is found that an implementation-dependent differential chosen-plaintext attack or its chosen-ciphertext counterpart can reveal the secret key of the cryptosystem, if the involved (pseudo-)random process can be tampered (for example, through a public time service). The implementation-dependent differential attack is very efficient in complexity and needs only O(n2) chosen plaintext or ciphertext bits. In addition, this paper also points out a minor security problem with the selection of the session key. In real implementations of the cryptosystem, these security problems should be carefully avoided, or the cryptosystem has to be further enhanced to work under such weak implementations.

AB - This paper reports security problems with improper implementations of an improved version of FEA-M (fast encryption algorithm for multimedia). It is found that an implementation-dependent differential chosen-plaintext attack or its chosen-ciphertext counterpart can reveal the secret key of the cryptosystem, if the involved (pseudo-)random process can be tampered (for example, through a public time service). The implementation-dependent differential attack is very efficient in complexity and needs only O(n2) chosen plaintext or ciphertext bits. In addition, this paper also points out a minor security problem with the selection of the session key. In real implementations of the cryptosystem, these security problems should be carefully avoided, or the cryptosystem has to be further enhanced to work under such weak implementations.

KW - Chosen-ciphertext attack

KW - Chosen-plaintext attack

KW - Differential attack

KW - FEA-M

KW - Insecure implementation

KW - Multimedia encryption

KW - Pseudo-random process

UR - http://www.scopus.com/inward/record.url?scp=33847643270&partnerID=8YFLogxK

U2 - 10.1016/j.jss.2006.05.002

DO - 10.1016/j.jss.2006.05.002

M3 - Journal article

VL - 80

SP - 791

EP - 794

JO - Journal of Systems and Software

JF - Journal of Systems and Software

SN - 0164-1212

IS - 5

ER -

Security problems with improper implementations of improved FEA-M

Abstract

Keywords

ASJC Scopus subject areas

More information

Other files and links

Fingerprint

Cite this