![]() | Only 14 pages are availabe for public view |
Abstract Key exchange is one of the major concerns in cryptography. Many protocols are proposed since the seminal paper of Diffie-Hellman which introduced the concept of the public key. While many of the protocols are proven to be secure, one of the major drawback is it depends on a computationally intensive mathematical problems like modular exponentiation and discrete logarithm. While these algorithms are systematic, dealing with long keys is not an easy task. The long key used in public key cryptography is a must in order to prevent exhaustive search and force the attacker to attempt solving the hard mathematical problem. If these algorithms are required to be implemented as software programs, the developer should create an algorithm to deal with slice of the key or plaintext with the maximum data length that the processor supports but this is very time consuming. It can also be developed on FPGAs or ASIC chips to exploit the parallel nature of these devices. However, the cryptographic keys are really very long and there is no FPGA or ASIC that can support doing mathematical computations on it and even this requires dealing with slices of key but with larger size than that is supported by processors. Most of the two previous directions focus on classical cryptography to achieve fast secure key exchange. In this thesis, we aim to explore non classical approaches for key exchange and see whether it can provide an alternative mechanism for fast secure key exchange. Neural cryptography is found to be a recent non classical approach for achieving key exchange between two parties. It is based on a physical phenomenon called synchronization and a learning approach called mutual learning that achieves the synchronization by training the networks using identical input patterns and exchanging the output values Neural cryptography is a simple protocol which has several advantages in terms of implementation and execution such as simple arithmetic, scalability and parallel implementation. However, the security of the neural cryptography is still under arguments. The classical key exchange protocols outperform neural cryptography in terms of mathematical formulation and security proof. Relying on well defined hard mathematical problems, it is easy to judge the security strength of a classical cryptographic protocol. However, neural cryptography is still a new area in the field of cryptography and its security is based on probabilistic analysis. The bidirectional learning between the two communicating parties has an advantage over the unidirectional learning that the attacker uses in terms of synchronization time. This thesis aims to explore the neural cryptography as an alternative strategy for key exchange. In order to reach this goal, we focus on three main directions. First, we target improving the security of neural cryptography. Second, the neural key exchange protocol is analyzed from security perspective. Third, we extend the neural cryptography so that it provides more cryptographic services. In order to achieve the first goal, an algorithm is proposed to improve the security of neural cryptography by injecting controlled noise over the communication channel where only the two parties can detect and remove. The algorithm comes in two forms. One injects the noise on the input channel which is called Synchronization with Common Secret Feedback(SCSFB) and one injects the noise on the output channel which we call (Dont Trust My Partner)(DTMP). The two algorithms are combined together to achieve higher security. An attacker listening to the communication will not be able to cancel the noise and hence will not be able to learn so that it cannot obtain the final session key. Moreover, the mutual learning algorithm that is the core of the neural cryptography is modified in order to make the neural key exchange authenticated so that only two specific parties can obtain the final key. The second goal is accomplished by investigating the neural cryptography parameters to uncover its contribution to neural dynamics and hence its impact on the security of the algorithm. Some results are obtained from our analysis. The parameter N which represents the number of weights per network is analyzed and found that it contributes to the protocol security significantly and its impact appears especially when the attacker starts with initial weight configurations close to that of any of the two parties. It is found that this parameter is responsible for increasing the uncertainty of the network output and reducing the probability that the attacker has a frequent output matching with any of the two parties. Also, the input pattern generation mechanism is investigated. The Linear Feedback Shift Register (LFSR) was proposed previously to be an input vector generator that leads to fast synchronization. This mechanism is investigated and found to reduce the security of the protocol significantly. Also, an attack strategy is proposed that works on analyzing the difference between the successive input patterns and estimating the hidden perceptrons outputs. Another part achieved within the second goal is investigating the robustness of neural cryptography against physical implementation attacks. The power analysis attack is applied to the neural cryptography in order to find a vulnerability to break into the protocol. After that, a countermeasure hiding technique is implemented to make the power consumption uniform in order to prevent power analysis attacks from revealing information about the secret key. Moreover, two Trojan insertion based attacks are proposed to reveal secret information via either side channel or public channel. In order to achieve the third goal, the neural cryptography protocol is extended to deal with multi party configuration which is termed at Neural group Key Exchange (NGKE). Two algorithms are proposed to exchange key between multiple parties with logarithmic complexity using binary tree architecture. Moreover, a password authenticated form of the NGKE protocol is proposed so that only legal parties can learn from the information exchanged through the channel. |