| 1. |
- Dansarie, Marcus, doktorand, 1985-, et al.
(författare)
-
Breaking HALFLOOP-24
- 2022
-
Ingår i: IACR Transactions on Symmetric Cryptology. - Bochum : Ruhr-Universität Bochum. - 2519-173X. ; :3, s. 217-238
-
Tidskriftsartikel (refereegranskat)abstract
- HALFLOOP-24 is a tweakable block cipher that is used to protect automatic link establishment messages in high frequency radio, a technology commonly used by government agencies and industries that need highly robust long-distance communications. We present the first public cryptanalysis of HALFLOOP-24 and show that HALFLOOP-24, despite its key size of 128 bits, is far from providing 128 bit security. More precisely, we give attacks for ciphertext-only, known-plaintext, chosen-plaintext and chosen-ciphertext scenarios. In terms of their complexities, most of them can be considered practical. However, in the real world, the amount of available data is too low for our attacks to work. Our strongest attack, a boomerang key-recovery, finds the first round key with less than 210 encryption and decryption queries. In conclusion, we strongly advise against using HALFLOOP-24.
|
|
| 2. |
- Dansarie, Marcus, doktorand, 1985-
(författare)
-
Cryptanalysis of the SoDark Cipher for HF Radio Automatic Link Establishment
- 2021
-
Ingår i: IACR Transactions on Symmetric Cryptology. - : Ruhr University Bochum. - 2519-173X. ; 2021:3, s. 36-53
-
Tidskriftsartikel (refereegranskat)abstract
- The SoDark cipher is used to protect transmitted frames in the second and third generation automatic link establishment (ALE) standards for high frequency (HF) radios. The cipher is primarily meant to prevent unauthorized linking and attacks on the availability of HF radio networks. This paper represents the first known security analysis of the cipher used by the second generation ALE protocol—the de facto world standard—and presents a related-tweak attack on the full eight round version of the algorithm. Under certain conditions, collisions of intermediate states several rounds into the cipher can be detected from the ciphertext with high probability. This enables testing against the intermediate states using only parts of the key. The best attack is a chosen-ciphertext attack which can recover the secret key in about an hour with 100% probability, using 29 chosen ciphertexts.
|
|
| 3. |
- Liwång, Hans, 1974-, et al.
(författare)
-
Ship security analysis : the effect of ship speed and effective lookout
- 2013
-
Ingår i: Proceedings of the ASME 32nd International Conference on Ocean, Offshore and Arctic Engineering (OMAE 2013). - : ASME Press. - 9780791855324
-
Konferensbidrag (refereegranskat)abstract
- The threat of piracy to commercial shipping is a concern for the protection and safeguarding of human lives, property and environment. Therefore, ships under piracy threat should follow security measures suggested by the International Maritime Organization (IMO) and the Contact Group on Piracy off the Coast of Somali. It is, therefore, important to choose the proper security measures for the right situation.This study presents a simulation model that can be used for probabilistic risk assessments regarding the operation of commercial ships. This investigation specifically studies the pirate approach phase and quantifies the effect of ship speed and effective lookout. The purpose of introducing probabilistic risk assessment into the analysis of pirate attacks is to meet safety goals more effectively through a well-balanced combination of proactive and reactive measures whilst keeping focus on the intended over all purpose of the particular ship.The study presents collected and documented knowledge regarding pirate capability, intention and likelihood to perform attacks. The knowledge is collected from experts with experience from the situation off the Horn of Africa. The collected information is input to an influence analysis that identifies the network of influences that govern the skiff approach. The simulation model describes piracy characteristics and decision making on the threatened ship, the characteristics and countermeasures of the ship under attack, as well as weather.Based on a comparison with available statistics the overall conclusion of the work is that the threat analysis and the simulation model can quantify and explain how the studied risk control options affect the probability of a successful approach. The result therefore exemplifies how a quantified ship security analysis can support the recommendations in industry guidelines and also enable recommendations that to a greater extent can facilitate an educated decision by the ship operators.
|
|
| 4. |
- Dansarie, Marcus, doktorand, 1985-
(författare)
-
sboxgates : A program for finding low gate count implementations of S-boxes
- 2021
-
Ingår i: Journal of Open Source Software. - : Open Journals. - 2475-9066. ; 6:62, s. 1-3
-
Tidskriftsartikel (refereegranskat)abstract
- S-boxes are often the only nonlinear components in modern block ciphers. They are commonly selected to comply with very specific criteria in order to make a cipher secure against, for example, linear and differential attacks. An M x N S-box can be thought of as a lookup table that relates an M-bit input value to an N-bit output value, or as a set of N boolean functions of M variables (Schneier, 1996).Although cipher specifications generally describe S-boxes using their lookup tables, they can also be described as boolean functions or logic gate circuits. sboxgates, which is presented here, finds equivalent logic gate circuits for S-boxes, given their lookup table specification. Generated circuits are output in a human-readable XML format. The software can convert the output files into C or CUDA (a parallel computing platform for Nvidia GPUs) source code. The generated circuits can also be converted to the DOT graph description language for visualization with Graphviz (Ellson et al., 2002).
|
|
| 5. |
- Erdeniz, Robert
(författare)
-
Operations planning revisited : theoretical and practical implications of methodology
- 2016
-
Ingår i: Defence Studies. - London : Routledge. - 1470-2436 .- 1743-9698. ; 16:3, s. 248-269
-
Tidskriftsartikel (refereegranskat)abstract
- Parts of NATO’s contemporary planning framework called the comprehensive operations planning directive (COPD), and parts of the operation-level planning process should be revised since they suffer from methodological inconsistency. This claim is defended by discussing contradicting methodological properties and heuristics applied when framing and managing a military problem in accordance with the COPD. The methodological inconsistency within the COPD; in other words, simultaneously applying contradictory methodological properties, implies one theoretical and three practical implications. The theoretical implication is summarised in a meta-theoretical framework and explained by discussing five methodological properties: non-linearity, emergence, independently changeable generalisations, invariance and boundaries. The three practical implications of methodology imply that methodology is guiding: the problem-frame, conceptual development and action. To improve military planners’ understanding and management of these four identified implications, NATO is recommended to develop a “handbook of methodology.” The purpose of such a handbook should be to emphasise the utility of methodology when planning military operations.
|
|
| 6. |
- Liwång, Hans
(författare)
-
Risk-based ship security analysis : a decision-support approach
- 2015
-
Doktorsavhandling (övrigt vetenskapligt/konstnärligt)abstract
- The protection of shipping does not come without hazards and threats for military forces, individual civilian ship operators and crews. With particular focus on security threats, this thesis is about how to prepare for such operations without introducing unnecessary risks, i.e., supporting conscious risk-taking related to ship security. It examines both civilian and military aspects of maritime security and therefore draws from the experience of both fields.Maritime safety regulations, guidelines and methods have a history and culture of systematic research, development and implementation. In contrast, international security is highly politicised and therefore less transparent. Unfortunately, comprehensive studies of ship security risk are rare. Moreover, applying risk-based approaches to security areas requires special considerations, and the limited research in this field has led to a knowledge gap.To reduce the identified challenges with respect to security risk analysis, the goal of this thesis is to improve security decision support by defining an approach to ship security analysis. To increase overall safety, this approach must facilitate compromises between traditional maritime safety and maritime security. Accordingly, the objective is to develop an approach that is both systematic and gives the decision maker an appropriate picture of the security risks. To examine the requirements for a security decision-support approach, the work in the appended papers studies both threats to naval vessels and the security threat posed to commercial vessels by pirates. The results of the studies can be used to further develop military doctrines and civilian guidelines.This study shows that the description and quantification of the (concept of) operation in the risk analysis is central for implementing both security and naval ship survivability. In addition, the crew’s risk perception, procedural safeguards and how the implemented risk controls are perceived have an important role not only in risk analysis but also in deciding the effectiveness of implemented controls. It is also concluded that only using expected values—not collecting and using uncertainties—in the analysis can lead to misleading results. Therefore, the uncertainty treatment offered by a quantitative approach is crucial for risk understanding, especially if the aim is to find robust control options or to support the development of a resilient culture.
|
|
| 7. |
- Liwång, Hans, 1974-, et al.
(författare)
-
Probabilistic Risk Assessment for Integrating Survivability and Safety Measures on Naval Ships
- 2012
-
Ingår i: International Journal of Maritime Engineering. - 1479-8751 .- 1740-0716. ; 154:A1, s. A21-A30
-
Tidskriftsartikel (refereegranskat)abstract
- Conflicts of today are characterized by both traditional and irregular tactics and by non-state actors making innovative use of modern technologies. These conditions set new demands on naval ships. The aim of this investigation is to describe how, based on probabilistic risk assessment, the concept of operation for a naval ship can be turned into safety scenarios to be used in the evaluation of risk. In this investigation, civilian state-of-the-art methods for probabilistic risk assessment are merged with the specific demands of naval ships. Relevant aspects of safety culture, codes, regulations and rules are analysed with respect to requirements on safety scenarios, and military operational research with respect to modelling military systems. The results show that the scenarios must have calculable probability and must be adapted to the vessel in question. Results from simulations show that modelling operational tasks is one way to support experts in the definition of safety scenarios.
|
|
| 8. |
- Liwång, Hans, 1974, et al.
(författare)
-
Quantitative risk analysis – Ship security analysis for effective risk control options
- 2013
-
Ingår i: Safety Science. - : Elsevier BV. - 0925-7535 .- 1879-1042. ; 58:1, s. 98-112
-
Tidskriftsartikel (refereegranskat)abstract
- This study reviews ship security assessment. The objectives are to explore the possibilities for quantifying and performing a more thorough ship security risk analysis than that described in the International Ship and Port Facility Security code and to evaluate to what extent this more detailed analysis increases ship security and facilitate the effective selection of risk control options.The study focuses on Somali-based maritime piracy, using piracy on the Indian Ocean as a case study. Data are collected using questionnaires and interviews with civilian and military security experts who possess firsthand experience of piracy off the coast of Somalia. The data are collected specifically for this study and describe and quantify the threat’s capability, intent and likelihood of exploiting a ship’s vulnerability. Based on the collected description of the threat, the study analyzes and describes: probability of detection by pirates, probability of successful approach, and probability of successful boarding.The performed work shows good agreement between calculated probabilities and frequencies in the cited incident reports. Also, the developed scenarios describe the most important influences on the analysed areas. The research therefore shows that the proposed risk-based approach, which uses structurally collected and documented information on the threat, can increase ship security by assisting in selecting risk control options. The approach also allows for a better understanding of the causal relationship between threat and risk than that provided in today’s security analysis by ship owners, for example. This understanding is crucial to choosing effective and robust risk control options.
|
|
