论文信息 - The (in)security of proprietary cryptography

The (in)security of proprietary cryptography

Proprietary cryptography is a term used to describe custom encryption techniques that are kept secret by its designers to add additional security. It is questionable if such an approach increases the cryptographic strength of the underlying mathematical algorithms. The security of proprietary encryption techniques relies entirely on the competence of the semi - conductor companies, which keep the technical description strictly confidential after designing. It is difficult to give a public and independent security assessment of the cryptography, without having access to the detailed information of the design. The first part of this dissertation is dedicated to an introduction of the general field of computer security and cryptography. It includes an extensive description of the theoretical background that refers to related literature and gives a summary of well - known cryptographic at tack techniques. Additionally, a broad summary of related scientific research on proprietary cryptography is given. Finally, the technical part of this doctoral dissertation presents serious weaknesses in widely deployed proprietary cryptosystems, which are still actively used by billions of consumers in their daily lives.

Roel Verdult | Roel Verdult

[1] Guang Gong,et al. BUPLE: Securing Passive RFID Communication through Physical Layer Enhancements , 2011, RFIDSec.

[2] Thomas A. Berson,et al. A key distribution protocol using event markers , 1983, TOCS.

[3] David Brumley,et al. Remote timing attacks are practical , 2003, Comput. Networks.

[4] Christof Paar,et al. Side-channel attacks on the bitstream encryption mechanism of Altera Stratix II: facilitating black-box analysis using software reverse-engineering , 2013, FPGA '13.

[5] Maurizio Rebaudengo,et al. Probabilistic DCS: An RFID reader-to-reader anti-collision protocol , 2011, J. Netw. Comput. Appl..

[6] Markus G. Kuhn,et al. Analysis of a denial of service attack on TCP , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[7] Erik Tews,et al. Security analysis of a widely deployed locking system , 2013, CCS.

[8] A. J. van der Ploeg,et al. Efficient abstractions for visualization and interaction , 2015 .

[9] Fpm Frank Stappers. Bridging formal models : an engineering perspective , 2012 .

[10] van Mf Marcel Amstel,et al. Assessing and improving the quality of model transformations , 2012 .

[11] Frederik Armknecht,et al. Algebraic Attacks on Combiners with Memory , 2003, CRYPTO.

[12] Colin Boyd,et al. Protocols for Authentication and Key Establishment , 2003, Information Security and Cryptography.

[13] Avishai Wool,et al. Cryptanalysis of the Bluetooth E0 Cipher Using OBDD's , 2006, ISC.

[14] Pankaj Rohatgi,et al. Partitioning attacks: or how to rapidly clone some GSM cards , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[15] Erik Tews,et al. FPGA Implementation of an Improved Attack against the DECT Standard Cipher , 2010, ICISC.

[16] J. K. Berendsen,et al. Abstraction, prices and probability in model checking timed automata , 2010 .

[17] Maurizio Rebaudengo,et al. Fair Anti-Collision Protocol in Dense RFID Networks , 2010 .

[18] Thomas Johansson,et al. Another attack on A5/1 , 2003, IEEE Trans. Inf. Theory.

[19] Willi Meier,et al. Fast Algebraic Attacks on Stream Ciphers with Linear Feedback , 2003, CRYPTO.

[20] Flavio D. Garcia,et al. A Practical Attack on the MIFARE Classic , 2008, CARDIS.

[21] Mark Timmer,et al. Efficient modelling, generation and analysis of Markov automata , 2013 .

[22] Itsik Mantin,et al. A Practical Attack on the Fixed RC4 in the WEP Mode , 2005, ASIACRYPT.

[23] Andrey Bogdanov,et al. On the Security and Efficiency of Real-World Lightweight Authentication Protocols , 2008 .

[24] Itsik Mantin,et al. Predicting and Distinguishing Attacks on RC4 Keystream Generator , 2005, EUROCRYPT.

[25] Jacques Stern,et al. Security Proofs for Signature Schemes , 1996, EUROCRYPT.

[26] Ross J. Anderson. Cryptography and competition policy: issues with 'trusted computing' , 2003, PODC '03.

[27] Stephen Thomas Kent. Encryption-based protection for interactive user/computer communication , 1977 .

[28] Erik Tews,et al. Practical attacks against WEP and WPA , 2009, WiSec '09.

[29] Marcin Czenko,et al. TuLiP : reshaping trust management , 2009 .

[30] Jovan Dj. Golic. On the Security of Nonlinear Filter Generators , 1996, FSE.

[31] Young-Joo Moon,et al. Stochastic models for quality of service of component connectors , 2011 .

[32] Frédéric Valette,et al. SCARE of the DES , 2005, ACNS.

[33] Rita Mayer-Sommer,et al. Smartly Analyzing the Simplicity and the Power of Simple Power Analysis on Smartcards , 2000, CHES.

[34] Ralf W. Seifert,et al. Applications of RFID in Supply Chains , 2007 .

[35] Erik Tews,et al. An Efficient FPGA Implementation for an DECT Brute-Force Attacking Scenario , 2009, 2009 Fifth International Conference on Wireless and Mobile Communications.

[36] Thomas S. Messerges,et al. Investigations of Power Analysis Attacks on Smartcards , 1999, Smartcard.

[37] Lawrence A. Gordon,et al. The economics of information security investment , 2002, TSEC.

[38] Nicolas Courtois,et al. The Dark Side of Security by Obscurity - and Cloning MiFare Classic Rail and Building Passes, Anywhere, Anytime , 2009, SECRYPT.

[39] Serge Vaudenay,et al. Smashing WEP in a Passive Attack , 2013, FSE.

[40] Alexander Maximov,et al. New State Recovery Attack on RC4 , 2008, CRYPTO.

[41] A. Rodriguez Yakushev,et al. Towards Getting Generic Programming Ready for Prime Time , 2009 .

[42] Christophe Clavier. An Improved SCARE Cryptanalysis Against a Secret A3/A8 GSM Algorithm , 2007, ICISS.

[43] Cristina Cifuentes,et al. Decompilation of binary programs , 1995, Softw. Pract. Exp..

[44] Somayeh Malakuti Khah Olun Abadi. Event composition model: achieving naturalness in runtime enforcement , 2011 .

[45] Alfons Laarman,et al. Scalable multi-core model checking , 2014 .

[46] Avishai Wool,et al. Picking Virtual Pockets using Relay Attacks on Contactless Smartcard , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[47] Farhad Arbab,et al. Model Checking of Component Connectors , 2007, 31st Annual International Computer Software and Applications Conference (COMPSAC 2007).

[48] Alfred Menezes,et al. Handbook of Applied Cryptography , 2018 .

[49] Christof Paar,et al. When Reverse-Engineering Meets Side-Channel Analysis - Digital Lockpicking in Practice , 2013, Selected Areas in Cryptography.

[50] Minh Tri Ngo,et al. Qualitative and Quantitative Information Flow Analysis for Multi-threaded Programs , 2014 .

[51] J. Buchmann. DECT Security Analysis , 2011 .

[52] Henri Gilbert,et al. On the Security of IV Dependent Stream Ciphers , 2007, FSE.

[53] George Kesidis,et al. Denial-of-service attack-detection techniques , 2006, IEEE Internet Computing.

[54] Tingting Han,et al. Diagnosis, Synthesis and Analysis of Probabilistic Models , 2009, Ausgezeichnete Informatikdissertationen.

[55] Gerhard de Koning Gans,et al. Outsmarting smart cards , 2013 .

[56] Philip Hawkes,et al. Exploiting Multiples of the Connection Polynomial in Word-Oriented Stream Ciphers , 2000, ASIACRYPT.

[57] Nicolas Courtois. Algebraic Attacks on Combiners with Memory and Several Outputs , 2003, ICISC.

[58] Thomas Johansson,et al. Fast Correlation Attacks through Reconstruction of Linear Polynomials , 2000, CRYPTO.

[59] Bin Zhang,et al. New Guess-and-Determine Attack on the Self-Shrinking Generator , 2006, ASIACRYPT.

[60] Ahmad-Reza Sadeghi,et al. An Open Approach for Designing Secure Electronic Immobilizers , 2005, ISPEC.

[61] Bn Bogdan Vasilescu. Social aspects of collaboration in online software communities , 2014 .

[62] Kenneth G. Paterson,et al. On the Security of RC4 in TLS , 2013, USENIX Security Symposium.

[63] Milosch Meriac. Heart of Darkness-exploring the uncharted backwaters of HID iCLASS , 2010 .

[64] John Gilmore,et al. Cracking DES - secrets of encryption research, wiretap politics and chip design: how federal agencies subvert privacy , 1998 .

[65] Ross J. Anderson,et al. Optical Fault Induction Attacks , 2002, CHES.

[66] Jean-Sébastien Coron,et al. Merkle-Damgård Revisited: How to Construct a Hash Function , 2005, CRYPTO.

[67] Kab Kevin Verbeek. Algorithms for cartographic visualization , 2012 .

[68] Ross J. Anderson. Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[69] William A. Arbaugh,et al. Security problems in 802.11-based networks , 2003, CACM.

[70] Hugo Jonker,et al. Security matters : privacy in voting and fairness in digital exchange , 2009 .

[71] Christian Krause,et al. Reconfigurable Component Connectors , 2011 .

[72] Andrey Bogdanov,et al. A Hardware-Assisted Realtime Attack on A5/2 Without Precomputations , 2007, CHES.

[73] Jin Hong,et al. A Comparison of Cryptanalytic Tradeoff Algorithms , 2012, Journal of Cryptology.

[74] Oscar H. Ibarra,et al. On spiking neural P systems , 2006, Natural Computing.

[75] Tom Staijen,et al. Graph-based Specification and Verification for Aspect-Oriented Languages , 2010 .

[76] Alex Biryukov,et al. Slide Attacks , 1999, FSE.

[77] J.L. Smith,et al. Some cryptographic techniques for machine-to-machine data communications , 1975, Proceedings of the IEEE.

[78] Ariel J. Feldman,et al. Lest we remember: cold-boot attacks on encryption keys , 2008, CACM.

[79] A. Morali,et al. IT architecture-based confidentiality risk assessment in networks of organizations , 2011 .

[80] Steve H. Weingart. Physical Security Devices for Computer Subsystems: A Survey of Attacks and Defences , 2000, CHES.

[81] Sergei P. Skorobogatov. Local heating attacks on Flash memory devices , 2009, 2009 IEEE International Workshop on Hardware-Oriented Security and Trust.

[82] S. Georgievska. Probability and Hiding in Concurrent Processes ( thesis abstract ) , 2011 .

[83] Stefan Mangard,et al. Successfully Attacking Masked AES Hardware Implementations , 2005, CHES.

[84] Matti Valovirta,et al. Experimental Security Analysis of a Modern Automobile , 2011 .

[85] D. Whiting. IEEE P802.11 Wireless LANs, AES Encryption & Authentication Using CTR Mode & CBC-MAC , 2000 .

[86] Gerhard P. Hancke,et al. Practical NFC Peer-to-Peer Relay Attack Using Mobile Phones , 2010, RFIDSec.

[87] Paul C. van Oorschot,et al. Improving Implementable Meet-in-the-Middle Attacks by Orders of Magnitude , 1996, CRYPTO.

[88] Joeri de Ruiter,et al. The SmartLogic Tool: Analysing and Testing Smart Card Protocols , 2012, 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation.

[89] Stefan Mangard,et al. Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Ciphers , 2006, CT-RSA.

[90] Alex Biryukov,et al. Real Time Cryptanalysis of A5/1 on a PC , 2000, FSE.

[91] Richard Cole,et al. Cascading divide-and-conquer: A technique for designing parallel algorithms , 1989, 28th Annual Symposium on Foundations of Computer Science (sfcs 1987).

[92] de A. Bruin,et al. Service-oriented discovery of knowledge : foundations, implementations and applications , 2010 .

[93] Eli Biham,et al. A Practical Attack on KeeLoq , 2008, Journal of Cryptology.

[94] Enes Pasalic. On Guess and Determine Cryptanalysis of LFSR-Based Stream Ciphers , 2009, IEEE Transactions on Information Theory.

[95] Seokhie Hong,et al. A note on "Improved Fast Correlation Attacks on Stream Ciphers" , 2010, IACR Cryptol. ePrint Arch..

[96] Christof Paar,et al. Breaking KeeLoq in a Flash: On Extracting Keys at Lightning Speed , 2009, AFRICACRYPT.

[97] John Ioannidis,et al. Using the Fluhrer, Mantin, and Shamir Attack to Break WEP , 2002, NDSS.

[98] Mjm Marcel Roeloffzen. Kinetic data structures in the black-box model , 2013 .

[99] Adi Shamir,et al. RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis , 2014, CRYPTO.

[100] Erik Poll,et al. A Comparison of Time-Memory Trade-Off Attacks on Stream Ciphers , 2013, AFRICACRYPT.

[101] James Bret Michael,et al. Cube-Type Algebraic Attacks on Wireless Encryption Protocols , 2009, Computer.

[102] Adi Shamir,et al. A Practical-Time Related-Key Attack on the KASUMI Cryptosystem Used in GSM and 3G Telephony , 2010, Journal of Cryptology.

[103] Bas Basten,et al. Ambiguity Detection for Programming Language Grammars , 2011 .

[104] Serge Vaudenay,et al. Discovery and Exploitation of New Biases in RC4 , 2010, Selected Areas in Cryptography.

[105] Cristina Cifuentes,et al. Reverse compilation techniques , 1994 .

[106] M. D. Berg,et al. Optimal Geometric Data Structures , 2007 .

[107] Wenyuan Xu,et al. Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study , 2010, USENIX Security Symposium.

[108] Kevin Fu,et al. Pacemakers and Implantable Cardiac Defibrillators: Software Radio Attacks and Zero-Power Defenses , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[109] Michiel Helvensteijn,et al. Abstract delta modeling : software product lines and beyond , 2014 .

[110] Eli Biham,et al. Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[111] Andrey Bogdanov,et al. Biclique Cryptanalysis of the Full AES , 2011, ASIACRYPT.

[112] S. Scotchmer,et al. The Law and Economics of Reverse Engineering , 2002 .

[113] Keting Jia,et al. Improved Cryptanalysis of the Block Cipher KASUMI , 2012, Selected Areas in Cryptography.

[114] Lei Hu,et al. Cube Cryptanalysis of Hitag2 Stream Cipher , 2011, CANS.

[115] Tiago Espinha,et al. Web Service Growing Pains: Understanding Services and Their Clients , 2015 .

[116] Eli Biham,et al. Instant Ciphertext-Only Cryptanalysis of GSM Encrypted Communication , 2003, Journal of Cryptology.

[117] S Sjoerd Cranen,et al. Getting the point : obtaining and understanding fixpoints in model checking , 2015 .

[118] Flavio D. Garcia,et al. Off-Line Karma: A Decentralized Currency for Peer-to-peer and Grid Applications , 2005, ACNS.

[119] Miguel E. Andrés,et al. Quantitative Analysis of Information Leakage in Probabilistic and Nondeterministic Systems , 2011, ArXiv.

[120] Morris Dworkin,et al. Special Publication 800-38C, Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality , 2003 .

[121] Ahmad-Reza Sadeghi,et al. Privilege Escalation Attacks on Android , 2010, ISC.

[122] Bruce Schneier,et al. Mod n Cryptanalysis, with Applications Against RC5P and M6 , 1999, FSE.

[123] Collin Mulliner,et al. Vulnerability Analysis and Attacks on NFC-Enabled Mobile Phones , 2009, 2009 International Conference on Availability, Reliability and Security.

[124] Bart Preneel,et al. A New Keystream Generator MUGI , 2002, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[125] Vincent Rijmen,et al. The Design of Rijndael: AES - The Advanced Encryption Standard , 2002 .

[126] Flavio D. Garcia,et al. Wirelessly lockpicking a smart card reader , 2014, International Journal of Information Security.

[127] Christof Paar,et al. KeeLoq and Side-Channel Analysis-Evolution of an Attack , 2009, 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC).

[128] Frédéric Muller. Differential Attacks against the Helix Stream Cipher , 2004, FSE.

[129] Shai Halevi,et al. Scream: A Software-Efficient Stream Cipher , 2002, FSE.

[130] Helena Handschuh,et al. Reducing the Collision Probability of Alleged Comp128 , 1998, CARDIS.

[131] Eli Biham,et al. Cryptanalysis of Skipjack Reduced to 31 Rounds Using Impossible Differentials , 1999, Journal of Cryptology.

[132] Hendrik Michaël van der Bijl,et al. On changing models in model-based testing , 2011 .

[133] Marko C. J. D. van Eekelen,et al. Prevent Session Hijacking by Binding the Session to the Cryptographic Network Credentials , 2013, NordSec.

[134] Martin E. Hellman,et al. A cryptanalytic time-memory trade-off , 1980, IEEE Trans. Inf. Theory.

[135] Antoine Joux,et al. Algebraic Cryptanalysis of Hidden Field Equation (HFE) Cryptosystems Using Gröbner Bases , 2003, CRYPTO.

[136] Dorothy E. Denning,et al. Cryptography and Data Security , 1982 .

[137] Adrianus Johannus Paulus Jeckmans. Cryptographically-Enhanced Privacy for Recommender Systems , 2014 .

[138] Ljp Luc Engelen. From napkin sketches to reliable software , 2012 .

[139] Hossein Rahmani,et al. Analysis of protein-protein interaction networks by means of annotated graph mining algorithms , 2012 .

[140] Dengguo Feng,et al. A Byte-Based Guess and Determine Attack on SOSEMANUK , 2010, ASIACRYPT.

[141] Don Coppersmith,et al. The Data Encryption Standard (DES) and its strength against attacks , 1994, IBM J. Res. Dev..

[142] Yu Sasaki,et al. Meet-in-the-Middle Preimage Attacks Against Reduced SHA-0 and SHA-1 , 2009, CRYPTO.

[143] Mohammad Mahdi Jaghoori,et al. Time At Your Service: Schedulability Analysis of Real-Time and Distributed Services , 2010 .

[144] Marc Stevens,et al. New Collision Attacks on SHA-1 Based on Optimal Joint Local-Collision Analysis , 2013, EUROCRYPT.

[145] Arthur I. Baars,et al. Embedded Compilers , 2009 .

[146] Bruce Schneier,et al. Cryptanalysis of the cellular message encryption algorithm , 1997 .

[147] Stephanie Kemper,et al. Modelling and analysis of real-time coordination patterns , 2011 .

[148] Teruo Saito. A Single-Key Attack on 6-Round KASUMI , 2011, IACR Cryptol. ePrint Arch..

[149] Erik Tews,et al. Breaking 104 Bit WEP in Less Than 60 Seconds , 2007, WISA.

[150] Adriaan Middelkoop,et al. Inference of Program Properties with Attribute Grammars, Revisited , 2012 .

[151] Eli Biham,et al. Cryptanalysis of the A5/1 GSM Stream Cipher , 2000, INDOCRYPT.

[152] Jakob Jonsson,et al. On the Security of CTR + CBC-MAC , 2002, Selected Areas in Cryptography.

[153] Dong Hoon Lee,et al. Cryptanalysis of INCrypt32 in HID's iCLASS Systems , 2013, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[154] Jovan Dj. Golic,et al. Linear Cryptanalysis of Bluetooth Stream Cipher , 2002, EUROCRYPT.

[155] Rjm Rolf Theunissen. Supervisory control in health care systems , 2015 .

[156] Oded Goldreich,et al. On the power of cascade ciphers , 1985, TOCS.

[157] Louis Goubin,et al. A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems , 2003, Public Key Cryptography.

[158] Ross J. Anderson. Searching for the Optimum Correlation Attack , 1994, FSE.

[159] David Evans,et al. Reverse-Engineering a Cryptographic RFID Tag , 2008, USENIX Security Symposium.

[160] Martin Novotný,et al. A Real-World Attack Breaking A5/1 within Hours , 2008, CHES.

[161] Lester S. Hill. Concerning Certain Linear Transformation Apparatus of Cryptography , 1931 .

[162] Hüseyin Demirci,et al. Improved Meet-in-the-Middle Attacks on AES , 2009, INDOCRYPT.

[163] Flavio D. Garcia,et al. Dismantling Megamos Crypto: Wirelessly Lockpicking a Vehicle Immobilizer , 2013, USENIX Security Symposium.

[164] James H. Cross,et al. Reverse engineering and design recovery: a taxonomy , 1990, IEEE Software.

[165] Cor-Paul Bezemer,et al. Performance Optimization of Multi-Tenant Software Systems , 2014 .

[166] Christof Paar,et al. An Embedded System for Practical Security Analysis of Contactless Smartcards , 2007, WISTP.

[167] Roel Verdult,et al. Practical Attacks on NFC Enabled Cell Phones , 2011, 2011 Third International Workshop on Near Field Communication.

[168] Ronald Middelkoop,et al. Capturing and exploiting abstract views of states in OO verification , 2011 .

[169] Dina Hadžiosmanović,et al. The process matters: cyber security in industrial control systems , 2014 .

[170] Flavio D. Garcia,et al. Gone in 360 Seconds: Hijacking with Hitag2 , 2012, USENIX Security Symposium.

[171] Paul C. van Oorschot,et al. Parallel Collision Search with Cryptanalytic Applications , 2013, Journal of Cryptology.

[172] D. E. Nadales Agut,et al. A Compositional Interchange Format for Hybrid Systems: Design and Implementation , 2012 .

[173] Christof Paar,et al. All You Can Eat or Breaking a Real-World Contactless Payment System , 2010, Financial Cryptography.

[174] Morris J. Dworkin. SP 800-38C. Recommendation for Block Cipher Modes of Operation: the CCM Mode for Authentication and Confidentiality , 2004 .

[175] Flavio D. Garcia,et al. Dismantling iClass and iClass Elite , 2012, ESORICS.

[176] Lionel Mamane,et al. Interactive mathematical documents: creation and presentation , 2004 .

[177] Haroon Ahmed,et al. Multilayer integrated-circuit imaging with contrast enhancement in a large-area, high-resolution electron-beam system , 2000 .

[178] Flavio D. Garcia,et al. Tutorial: Proxmark, the Swiss Army Knife for RFID Security Research , 2012 .

[179] Thomas Siegenthaler,et al. Decrypting a Class of Stream Ciphers Using Ciphertext Only , 1985, IEEE Transactions on Computers.

[180] M.A. Khan,et al. FSM based Manchester encoder for UHF RFID tag emulator , 2008, 2008 International Conference on Computing, Communication and Networking.

[181] Lawrence Bodin,et al. Evaluating information security investments using the analytic hierarchy process , 2005, CACM.

[182] Herbert Bos,et al. Howard: A Dynamic Excavator for Reverse Engineering Data Structures , 2011, NDSS.

[183] Heinrich Theodor Vierhaus,et al. Synchronization Fault Cryptanalysis for Breaking A5/1 , 2005, WEA.

[184] Flavio D. Garcia,et al. Security Flaw in MIFARE Classic , 2008 .

[185] Elisa Costante,et al. Privacy throughout the data cycle , 2015 .

[186] Vladimir V. Chepyzhov,et al. A Simple Algorithm for Fast Correlation Attacks on Stream Ciphers , 2000, FSE.

[187] Ana Sokolova,et al. Probabilistic Anonymity and Admissible Schedulers , 2007, ArXiv.

[188] R.S.S. O'Connor,et al. Incompleteness & completeness : formalizing logic and analysis in type theory , 2005 .

[189] Moiez A. Tapia,et al. Complete Solution of Boolean Equations , 1980, IEEE Transactions on Computers.

[190] Bruce Schneier,et al. SECURITY PITFALLS IN CRYPTOGRAPHY , 1998 .

[191] J. van den Berg,et al. Reasoning about Java programs in PVS using JML , 2009 .

[192] Mitsuru Matsui,et al. New Block Encryption Algorithm MISTY , 1997, FSE.

[193] Markus G. Kuhn,et al. Tamper resistance: a cautionary note , 1996 .

[194] M. Hirano,et al. Keyless entry system with radio card transponder (automobiles) , 1988 .

[195] Ueli Maurer,et al. Cascade ciphers: The importance of being first , 1993, Journal of Cryptology.

[196] Bart Jacobs,et al. Crossing Borders: Security and Privacy Issues of the European e-Passport , 2006, IWSEC.

[197] Christof Paar,et al. Don't Trust Satellite Phones: A Security Analysis of Two Satphone Standards , 2012, 2012 IEEE Symposium on Security and Privacy.

[198] Bart Preneel,et al. Differential-Linear Attacks Against the Stream Cipher Phelix , 2007, FSE.

[199] Willi Meier,et al. Fast correlation attacks on certain stream ciphers , 1989, Journal of Cryptology.

[200] Flavio D. Garcia. Proof of concept , cloning the OV-Chip card Public transport system in The Netherlands , 2008 .

[201] Frank W. Takes. Algorithms for analyzing and mining real-world graphs , 2014 .

[202] John Businge,et al. Co-evolution of the Eclipse SDK Framework and Its Third-Party Plug-Ins , 2013, 2013 17th European Conference on Software Maintenance and Reengineering.

[203] Emmanuele Zambon,et al. Towards optimal IT availability planning: methods and tools , 2011 .

[204] Gildas Avoine,et al. RFID Distance Bounding Protocol with Mixed Challenges to Prevent Relay Attacks , 2009, CANS.

[205] Douglas R. Stinson,et al. Cryptography: Theory and Practice , 1995 .

[206] Serge Vaudenay,et al. Passive-Only Key Recovery Attacks on RC4 , 2007, Selected Areas in Cryptography.

[207] Pascal Junod,et al. Characterization and Improvement of Time-Memory Trade-Off Based on Perfect Tables , 2008, TSEC.

[208] Roman Novak,et al. Side-Channel Attack on Substitution Blocks , 2003, ACNS.

[209] Amos Fiat,et al. Rigorous time/space tradeoffs for inverting functions , 1991, STOC '91.

[210] Serge Vaudenay,et al. Links Between Differential and Linear Cryptanalysis , 1994, EUROCRYPT.

[211] K. Tsirogiannis,et al. Analysis of flow and visibility on triangulated terrains , 2011 .

[212] Flavio D. Garcia,et al. Computational Soundness of Non-Malleable Commitments , 2008, ISPEC.

[213] Avishai Wool,et al. Uniform Framework for Cryptanalysis of the Bluetooth E₀ Cipher , 2005, SecureComm.

[214] Richard J. Lipton,et al. On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[215] Jean-Jacques Quisquater,et al. Practical Algebraic Attacks on the Hitag2 Stream Cipher , 2009, ISC.

[216] K. Rose,et al. XY-pic Reference Manual , 1999 .

[217] John Ioannidis,et al. A key recovery attack on the 802.11b wired equivalent privacy protocol (WEP) , 2004, TSEC.

[218] Jan Tretmans,et al. Model Based Testing with Labelled Transition Systems , 2008, Formal Methods and Testing.

[219] Dirk Fox,et al. Advanced Encryption Standard (AES) , 1999, Datenschutz und Datensicherheit.

[220] Stefan Lucks,et al. Analysis of the E0 Encryption System , 2001, Selected Areas in Cryptography.

[221] Andrey Bogdanov,et al. Linear Slide Attacks on the KeeLoq Block Cipher , 2007, Inscrypt.

[222] Klaus-Jürgen Bathe,et al. Direct solution of large systems of linear equations , 1974 .

[223] Wouter Meulemans,et al. Similarity measures and algorithms for cartographic schematization , 2014 .

[224] C. J. Boogerd,et al. Focusing Automatic Code Inspections , 2010 .

[225] Christophe Clavier,et al. Correlation Power Analysis with a Leakage Model , 2004, CHES.

[226] Jongsung Kim,et al. Advanced Differential-Style Cryptanalysis of the NSA's Skipjack Block Cipher , 2009, Cryptologia.

[227] David A. Wagner,et al. Truncated Differentials and Skipjack , 1999, CRYPTO.

[228] Edward J. Groth,et al. Generation of binary sequences with controllable complexity , 1971, IEEE Trans. Inf. Theory.

[229] J. Kwisthout,et al. The Computational Complexity of Probabilistic Networks , 2009 .

[230] Erik Tews,et al. Attacks on the DECT Authentication Mechanisms , 2009, CT-RSA.

[231] Mohammed G. Khatib. MEMS-Based Storage Devices : Integration in Energy-Constrained Mobile Systems , 2009 .

[232] Bruce Schneier,et al. Cryptographic Design Vulnerabilities , 1998, Computer.

[233] Sander van der Burg,et al. A Reference Architecture for Distributed Software Deployment , 2013 .

[234] G. J. Kuhn. Algorithms for self-synchronizing ciphers , 1988, COMSIG 88@m_Southern African Conference on Communications and Signal Processing. Proceedings.

[235] Trajce Dimkov,et al. Alignment of organizational security policies: Theory and Practice , 2012 .

[236] M Muhammad Atif,et al. Formal modeling and verification of distributed failure detectors , 2011 .

[237] Eli Biham,et al. Rigorous Bounds on Cryptanalytic Time/Memory Tradeoffs , 2006, CRYPTO.

[238] Mark Handley,et al. The final nail in WEP's coffin , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[239] Joos Vandewalle,et al. On the time-memory tradeoff between exhaustive key search and table precomputation , 1998 .

[240] Stefan Dietzel,et al. Resilient in-network aggregation for vehicular networks , 2015 .

[241] Georgeta Igna,et al. Performance analysis of real-time task systems using timed automata , 2013 .

[242] Matthew Green,et al. Security Analysis of a Cryptographically-Enabled RFID Device , 2005, USENIX Security Symposium.

[243] Lejla Batina,et al. Using NFC Phones for Proving Credentials , 2012, MMB/DFT.

[244] Frank Rubin,et al. Decrypting a Stream Cipher Based on J-K Flop-Flops , 1979, IEEE Trans. Computers.

[245] Chris Wysopal,et al. Responsible Vulnerability Disclosure Process , 2002 .

[246] Srdjan Capkun,et al. Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars , 2010, NDSS.

[247] Lacramioara Astefanoaei,et al. An executable theory of multi-agent systems refinement , 2011 .

[248] van den,et al. Composition and synchronization of real-time components upon one processor , 2013 .

[249] Rafik Chaabouni. Break WEP Faster with Statistical Analysis , 2013, IACR Cryptol. ePrint Arch..

[250] Flavio D. Garcia,et al. Dismantling SecureMemory, CryptoMemory and CryptoRF , 2010, CCS '10.

[251] Ahmad-Reza Sadeghi,et al. Anti-theft Protection: Electronic Immobilizers , 2006 .

[252] Adi Shamir,et al. A Practical Attack on Broadcast RC4 , 2001, FSE.

[253] Claude Carlet,et al. On Correlation-Immune Functions , 1991, CRYPTO.

[254] van Pja Paul Tilburg. From computability to executability : a process-theoretic view on automata theory , 2011 .

[255] James A. Reeds,et al. "Cracking" a Random Number Generator , 1977, Cryptologia.

[256] Claude Carlet,et al. An Infinite Class of Balanced Functions with Optimal Algebraic Immunity, Good Immunity to Fast Algebraic Attacks and Good Nonlinearity , 2008, ASIACRYPT.

[257] Andrew S. Tanenbaum,et al. RFID Guardian: A Battery-Powered Mobile Device for RFID Privacy Management , 2005, ACISP.

[258] Guo Yanhong,et al. Copyright Protection Model of Embedded Systems and Its Applications in Digital TV Set-Top-Box , 2008, 2008 International Symposium on Computational Intelligence and Design.

[259] Jja Jeroen Keiren,et al. Advanced reduction techniques for model checking , 2013 .

[260] Bin Zhang,et al. Real Time Cryptanalysis of Bluetooth Encryption with Condition Masking - (Extended Abstract) , 2013, CRYPTO.

[261] Anja Guzzi,et al. Supporting Developers' Teamwork from within the IDE , 2015 .

[262] Thomas Siegenthaler,et al. Correlation-immunity of nonlinear combining functions for cryptographic applications , 1984, IEEE Trans. Inf. Theory.

[263] J. M. Wisenfeld. Electro-optic sampling of high-speed devices and integrated circuits , 1990 .

[264] Christof Paar,et al. On the Power of Power Analysis in the Real World: A Complete Break of the KeeLoqCode Hopping Scheme , 2008, CRYPTO.

[265] T. Tomoda,et al. Keyless entry system with radio card transponder , 1988 .

[266] Joost Winter,et al. Coalgebraic Characterizations of Automata-Theoretic Classes , 2014 .

[267] Adi Shamir,et al. A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[268] Òóøø Ý Ü Ø Ò Ò¹¹¹ññò××óòòð Ú Blockinøóö Ò ´¾ Ò Μ × Ü Ø,et al. Correlation Properties of the Bluetooth Combiner , 1999 .

[269] Ross J. Anderson. Tree Functions and Cipher Systems , 1991, Cryptologia.

[270] Marijn Paul Schraagen,et al. Aspects of record linkage , 2014 .

[271] Andrey Bogdanov. Cryptanalysis of the KeeLoq block cipher , 2007, IACR Cryptol. ePrint Arch..

[272] Bart Jacobs,et al. Dismantling MIFARE Classic , 2008, ESORICS.

[273] Toshinobu Kaneko,et al. A Study on Higher Order Differential Attack of KASUMI , 2007, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[274] Josef Langer,et al. Security Vulnerabilities of the NDEF Signature Record Type , 2011, 2011 Third International Workshop on Near Field Communication.

[275] Georg Sigl,et al. Semi-invasive EM attack on FPGA RO PUFs and countermeasures , 2011 .

[276] Serge Vaudenay,et al. Cryptanalysis of an E0-like Combiner with Memory , 2008, Journal of Cryptology.

[277] Eric Blossom,et al. GNU radio: tools for exploring the radio frequency spectrum , 2004 .

[278] Bart Preneel,et al. Offline NFC payments with electronic vouchers , 2009, MobiHeld '09.

[279] M.E. Hellman,et al. Privacy and authentication: An introduction to cryptography , 1979, Proceedings of the IEEE.

[280] Dan S. Wallach,et al. Analysis of an electronic voting system , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[281] Willi Meier,et al. The Conditional Correlation Attack: A Practical Attack on Bluetooth Encryption , 2005, CRYPTO.

[282] Quynh H. Dang,et al. Secure Hash Standard | NIST , 2015 .

[283] Ali Aydin Selçuk,et al. A Meet-in-the-Middle Attack on 8-Round AES , 2008, FSE.

[284] Flavio D. Garcia,et al. Sound Computational Interpretation of Symbolic Hashes in the Standard Model , 2006, IWSEC.

[285] Jean-Sébastien Coron,et al. Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[286] Dawn Xiaodong Song,et al. Timing Analysis of Keystrokes and Timing Attacks on SSH , 2001, USENIX Security Symposium.

[287] Maolin Zhang,et al. Research on Contactless IC Card Simulation Technology , 2013 .

[288] Flavio D. Garcia,et al. A Toolbox for RFID Protocol Analysis , 2012 .

[289] Jean-Jacques Quisquater,et al. ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[290] Alex Biryukov,et al. Block Ciphers and Stream Ciphers: The State of the Art , 2004, IACR Cryptol. ePrint Arch..

[291] Marcel Verhoef,et al. Modeling and validating distributed embedded real-time control systems , 2009 .

[292] Jovan Dj. Golic,et al. Cryptanalysis of Alleged A5 Stream Cipher , 1997, EUROCRYPT.

[293] Matthias Krause. BDD-Based Cryptanalysis of Keystream Generators , 2002, EUROCRYPT.

[294] Siva Sai Yerubandi,et al. Differential Power Analysis , 2002 .

[295] Eli Biham,et al. Impossible Fault Analysis of RC4 and Differential Fault Analysis of RC4 , 2005, FSE.

[296] Gerhard P. Hancke,et al. A Practical Relay Attack on ISO 14443 Proximity Cards , 2005 .

[297] William Millan,et al. Cryptanalysis of ORYX , 1998, Selected Areas in Cryptography.

[298] David A. Wagner,et al. The Boomerang Attack , 1999, FSE.

[299] Ingrid Verbauwhede,et al. Differential power and electromagnetic attacks on a FPGA implementation of elliptic curve cryptosystems , 2007, Comput. Electr. Eng..

[300] C. Causer. The Art of War , 2011, IEEE Potentials.

[301] Lester S. Hill. Cryptography in An Algebraic Alphabet , 1929 .

[302] Josef Pieprzyk,et al. Cryptanalysis of Block Ciphers with Overdefined Systems of Equations , 2002, ASIACRYPT.

[303] Frank Stajano,et al. The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks , 1999, Security Protocols Workshop.

[304] van der,et al. Domain specific languages and their type systems , 2014 .

[305] Stafford E. Tavares,et al. Cryptanalysis of RC4-like Ciphers , 1998, Selected Areas in Cryptography.

[306] Bruno Blanchet,et al. An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[307] T. V. Bui,et al. A software architecture for body area sensor networks : flexibility and trustworthiness , 2015 .

[308] Martin E. Hellman,et al. On the security of multiple encryption , 1981, CACM.

[309] Rex A. Dwyer. A faster divide-and-conquer algorithm for constructing delaunay triangulations , 1987, Algorithmica.

[310] Pim Vullers,et al. Efficient implementations of attribute-based credentials on smart cards , 2014 .

[311] André Weimerskirch,et al. State of the Art: Embedding Security in Vehicles , 2007, EURASIP J. Embed. Syst..

[312] Jung-Hsuan Wu,et al. A Security Module for Car Appliances , 2007 .

[313] Amir Rahmati,et al. TARDIS: Time and Remanence Decay in SRAM to Implement Secure Protocols on Embedded Devices without Clocks , 2012, USENIX Security Symposium.

[314] Vincent Rijmen,et al. The Block Cipher Square , 1997, FSE.

[315] Bart Preneel,et al. Improved Meet-in-the-Middle Attacks on Reduced-Round DES , 2007, INDOCRYPT.

[316] Flavio D. Garcia,et al. Exposing iClass Key Diversification , 2011, WOOT.

[317] Srdjan Capkun,et al. Realization of RF Distance Bounding , 2010, USENIX Security Symposium.

[318] Christophe Clavier,et al. Side Channel Analysis for Reverse Engineering (SCARE) - An Improved Attack Against a Secret A3/A8 GSM Algorithm , 2004, IACR Cryptol. ePrint Arch..

[319] Mitsuru Matsui,et al. Linear Cryptanalysis Method for DES Cipher , 1994, EUROCRYPT.

[320] Douglas C. Sicker,et al. Security and Lock-In , 2004, Economics of Information Security.

[321] Claude Castelluccia,et al. Extending SAT Solvers to Cryptographic Problems , 2009, SAT.

[322] David McGrew. Counter Mode Security: Analysis and Recommendations , 2002 .

[323] Bart Preneel,et al. A New Weakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher , 2004, FSE.

[324] Jacques Stern,et al. Software-Hardware Trade-Offs: Application to A5/1 Cryptanalysis , 2000, CHES.

[325] Dhp Dirk Gerrits. Pushing and pulling : computing push plans for disk-shaped robots, and dynamic labelings for moving points , 2013 .

[326] Martin Henzl,et al. A concept of automated vulnerability search in contactless communication applications , 2012, 2012 IEEE International Carnahan Conference on Security Technology (ICCST).

[327] Jung-Hsuan Wu,et al. Design of an In-vehicle Anti-theft Component , 2008, 2008 Eighth International Conference on Intelligent Systems Design and Applications.

[328] Christophe De Cannière,et al. Trivium: A Stream Cipher Construction Inspired by Block Cipher Design Principles , 2006, ISC.

[329] Christian Brandt,et al. Don't Push It: Breaking iButton Security , 2013, FPS.

[330] Gerhard P. Hancke,et al. Confidence in smart token proximity: Relay attacks revisited , 2009, Comput. Secur..

[331] Gerald J. Popek,et al. Encryption and Secure Computer Networks , 1979, CSUR.

[332] Nicolas Courtois,et al. Higher Order Correlation Attacks, XL Algorithm and Cryptanalysis of Toyocrypt , 2002, ICISC.

[333] Joeri de Ruiter,et al. Designed to Fail: A USB-Connected Reader for Online Banking , 2012, NordSec.

[334] Satya N. Atluri,et al. A Novel Time Integration Method for Solving A Large System of Non-Linear Algebraic Equations , 2008 .

[335] Ed Dawson,et al. A Comparison of Fast Correlation Attacks , 1996, FSE.

[336] Bin Zhang,et al. Cryptanalysis of the Atmel Cipher in SecureMemory, CryptoMemory and CryptoRF , 2011, ACNS.

[337] Edwin L. Key,et al. An analysis of the structure and complexity of nonlinear binary sequence generators , 1976, IEEE Trans. Inf. Theory.

[338] Adi Shamir,et al. Weaknesses in the Key Scheduling Algorithm of RC4 , 2001, Selected Areas in Cryptography.

[339] Guang Gong,et al. How to develop clairaudience - active eavesdropping in passive RFID systems , 2012, 2012 IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks (WoWMoM).

[340] Morris J. Dworkin,et al. SP 800-38D. Recommendation for Block Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC , 2007 .

[341] Simson L. Garfinkel,et al. RFID: Applications, Security, and Privacy , 2005 .

[342] Sun Tzu. Art of war , 2011 .

[343] Sjouke Mauw,et al. Drawing Message Sequence Charts with LATEX , 2001 .

[344] Eli Biham,et al. Initial Observations on Skipjack: Cryptanalysis of Skipjack-3XOR , 1998, Selected Areas in Cryptography.

[345] J.A. Stankovic,et al. Denial of Service in Sensor Networks , 2002, Computer.

[346] Andrey Bogdanov,et al. Attacks on the Keeloq Block Cipher and Authentication Systems , 2007 .

[347] Michael Ian Shamos,et al. Divide-and-conquer in multidimensional space , 1976, STOC '76.

[348] Eli Biham,et al. A Related-Key Rectangle Attack on the Full KASUMI , 2005, ASIACRYPT.

[349] Fred Piper,et al. Stream Ciphers , 1982, EUROCRYPT.

[350] Thomas Bäck,et al. Mixed-integer evolution strategies for parameter optimization and their applications to medical image analysis , 2005 .

[351] Gerhard P. Hancke. Practical attacks on proximity identification systems , 2006, 2006 IEEE Symposium on Security and Privacy (S&P'06).

[352] Eli Biham,et al. Conditional Estimators: An Effective Attack on A5/1 , 2005, Selected Areas in Cryptography.

[353] Amparo Fúster-Sabater,et al. Cryptanalysis of the A5/2 Algorithm , 2000, IACR Cryptol. ePrint Arch..

[354] D. Costa. Formal models for component connectors , 2010 .

[355] Morris J. Dworkin,et al. SP 800-38B. Recommendation for Block Cipher Modes of Operation: the CMAC Mode for Authentication , 2005 .

[356] Scott R. Fluhrer. Improved key recovery of level 1 of the Bluetooth Encryption System , 2002, IACR Cryptol. ePrint Arch..

[357] Erik Tews,et al. Cryptanalysis of the DECT Standard Cipher , 2010, FSE.

[358] W. Kuijper. Compositional Synthesis of Safety Controllers , 2012 .

[359] Ingrid Verbauwhede,et al. Revisiting Higher-Order DPA Attacks: , 2010, CT-RSA.

[360] Bart Preneel,et al. Cryptanalysis of the Bluetooth Stream Cipher , 2022 .

[361] H. Hansen. Coalgebraic Modelling : Applications in Automata theory and Modal logic , 2009 .

[362] D. E. Muller. A method for solving algebraic equations using an automatic computer , 1956 .

[363] Mark Blunden,et al. Related Key Attacks on Reduced Round KASUMI , 2001, FSE.

[364] Goutam Paul,et al. (Non-)Random Sequences from (Non-)Random Permutations—Analysis of RC4 Stream Cipher , 2012, Journal of Cryptology.

[365] Hovav Shacham,et al. Comprehensive Experimental Analyses of Automotive Attack Surfaces , 2011, USENIX Security Symposium.

[366] Claude E. Shannon,et al. Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..

[367] Martin R. Albrecht,et al. Algebraic Techniques in Differential Cryptanalysis , 2009, IACR Cryptol. ePrint Arch..

[368] Christof Paar,et al. Breaking Ciphers with COPACOBANA - A Cost-Optimized Parallel Code Breaker , 2006, CHES.

[369] Flavio D. Garcia,et al. Sound and complete computational interpretation of symbolic hashes in the standard model , 2006, Theor. Comput. Sci..

[370] Gildas Avoine,et al. The Swiss-Knife RFID Distance Bounding Protocol , 2008, ICISC.

[371] Eli Biham,et al. Differential cryptanalysis of DES-like cryptosystems , 1990, Journal of Cryptology.

[372] Goutam Paul,et al. Permutation After RC4 Key Scheduling Reveals the Secret Key , 2007, Selected Areas in Cryptography.

[373] Ari Juels,et al. RFID security and privacy: a research survey , 2006, IEEE Journal on Selected Areas in Communications.

[374] Russ Housley,et al. Security flaws in 802.11 data link protocols , 2003, CACM.

[375] M. J. de Mol,et al. Reasoning about functional programs : Sparkle, a proof assistant for Clean , 2009 .

[376] Paul C. Kocher,et al. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[377] Thomas Johansson,et al. A fast correlation attack on LILI-128 , 2002, Inf. Process. Lett..

[378] van Mj Muck Weerdenburg,et al. Efficient rewriting techniques , 2009 .

[379] Sebastiaan Gijsbert Marinus Cornelissen,et al. Evaluating Dynamic Analysis Techniques for Program Comprehension , 2009 .

[380] Whitfield Diffie,et al. New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[381] S.J.E. Wilton,et al. A CPLD-based RC4 cracking system , 1999, Engineering Solutions for the Next Millennium. 1999 IEEE Canadian Conference on Electrical and Computer Engineering (Cat. No.99TH8411).

[382] L. Lensink,et al. Applying formal methods in software development , 2013 .

[383] Chen-Mou Cheng,et al. MIFARE Classic: Practical Attacks and Defenses , 2010 .

[384] David A. Wagner,et al. Intercepting mobile communications: the insecurity of 802.11 , 2001, MobiCom '01.

[385] Flavio D. Garcia,et al. Towards a Practical Solution to the RFID Desynchronization Problem , 2010, RFIDSec.

[386] John Viega,et al. The Security and Performance of the Galois/Counter Mode (GCM) of Operation , 2004, INDOCRYPT.

[387] Gerhard de Koning Gans. Analysis of the MIFARE Classic used in the OV-Chipkaart project , 2008 .

[388] Markus G. Kuhn,et al. An RFID Distance Bounding Protocol , 2005, First International Conference on Security and Privacy for Emerging Areas in Communications Networks (SECURECOMM'05).

[389] Xiaoyun Wang,et al. How to Break MD5 and Other Hash Functions , 2005, EUROCRYPT.

[390] A. Th. Schwarzbacher,et al. Determination of Pin Types and Minimisation of Test Vectors in Unknown CMOS Integrated Circuits , 2006 .

[391] Flaminia L. Luccio,et al. Secure Recharge of Disposable RFID Tickets , 2011, Formal Aspects in Security and Trust.

[392] Eli Biham,et al. A Fast New DES Implementation in Software , 1997, FSE.

[393] Ross J. Anderson,et al. On a new way to read data from memory , 2002, First International IEEE Security in Storage Workshop, 2002. Proceedings..

[394] Francis Olivier,et al. Electromagnetic Analysis: Concrete Results , 2001, CHES.

[395] R. Bakhshi. Gossiping Models : Formal Analysis of Epidemic Protocols , 2011 .

[396] Tim K. Cocx,et al. Metrics and visualisation for crime analysis and genomics , 2005 .

[397] Sandra Dominikus,et al. Strong Authentication for RFID Systems Using the AES Algorithm , 2004, CHES.

[398] Karina R. Olmos Joffré. Strategies for Context Sensitive Program Transformation , 2009 .

[399] Gerhard P. Hancke,et al. Practical Relay Attack on Contactless Transactions by Using NFC Mobile Phones , 2011, IACR Cryptol. ePrint Arch..

[400] Abraham Sinkov,et al. Elementary Cryptanalysis: A Mathematical Approach , 1970 .

[401] Hugo Krawczyk,et al. The Order of Encryption and Authentication for Protecting Communications (or: How Secure Is SSL?) , 2001, CRYPTO.

[402] Dionisios N. Pnevmatikatos,et al. Fast, FPGA-based Rainbow Table creation for attacking encrypted mobile communications , 2013, 2013 23rd International Conference on Field programmable Logic and Applications.

[403] Bruce Schneier,et al. Related-key cryptanalysis of 3-WAY, Biham-DES, CAST, DES-X, NewDES, RC2, and TEA , 1997, ICICS.

[404] John C. Mitchell,et al. Abstraction and refinement in protocol derivation , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..

[405] Chen-Mou Cheng,et al. A Practical Experience with RFID Security , 2009, 2009 Tenth International Conference on Mobile Data Management: Systems, Services and Middleware.

[406] Tim K. Cocx,et al. Algorithmic tools for data-oriented law enforcement , 2009 .

[407] Martin Hell,et al. Grain: a stream cipher for constrained environments , 2007, Int. J. Wirel. Mob. Comput..

[408] Frank S. de Boer,et al. Combining Monitoring with Run-Time Assertion Checking , 2014, SFM.

[409] Alex Biryukov,et al. Improved Time-Memory Trade-Offs with Multiple Data , 2005, Selected Areas in Cryptography.

[410] Carl E. Landwehr,et al. Computer security , 2001, International Journal of Information Security.

[411] Pankaj Rohatgi,et al. Introduction to differential power analysis , 2011, Journal of Cryptographic Engineering.

[412] A. Juels,et al. The security implications of VeriChip cloning. , 2006, Journal of the American Medical Informatics Association : JAMIA.

[413] Morris J. Dworkin,et al. SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions , 2015 .

[414] Philippe Oechslin,et al. Making a Faster Cryptanalytic Time-Memory Trade-Off , 2003, CRYPTO.

[415] Charalampos Manifavas,et al. Chameleon - A New Kind of Stream Cipher , 1997, FSE.

[416] Adi Shamir,et al. Cube Attacks on Tweakable Black Box Polynomials , 2009, IACR Cryptol. ePrint Arch..

[417] Samy Bengio,et al. Special Uses and Abuses of the Fiat-Shamir Passport Protocol , 1987, CRYPTO.

[418] Eduardo Zambon,et al. Abstract Graph Transformation - Theory and Practice , 2013 .

[419] Claude Carlet,et al. Algebraic Attacks and Decomposition of Boolean Functions , 2004, EUROCRYPT.

[420] Erich Kaltofen,et al. Solving systems of nonlinear polynomial equations faster , 1989, ISSAC '89.

[421] Serge Vaudenay,et al. Faster Correlation Attack on Bluetooth Keystream Generator E0 , 2004, CRYPTO.

[422] Saeed Sedghi,et al. Towards Provably Secure Efficiently Searchable Encryption , 2012 .

[423] Zinaida Benenson,et al. Tampering with Motes: Real-World Physical Attacks on Wireless Sensor Networks , 2006, SPC.

[424] Alexander Maximov,et al. An Improved Correlation Attack on A5/1 , 2004, Selected Areas in Cryptography.

[425] Vera Pless,et al. Encryption Schemes for Computer Confidentiality , 1977, IEEE Transactions on Computers.

[426] Yanjing Wang,et al. Epistemic Modelling and Protocol Dynamics , 2010 .

[427] Goutam Paul,et al. Attack on Broadcast RC4 Revisited , 2011, FSE.

[428] M. Ufuk Çaglayan,et al. Relay Attacks on Bluetooth Authentication and Solutions , 2004, ISCIS.

[429] Andreas Klein,et al. Attacks on the RC4 stream cipher , 2008, Des. Codes Cryptogr..

[430] Sean Murphy,et al. Pairs and triplets of DES S-boxes , 2004, Journal of Cryptology.

[431] Beatrice Fraboni,et al. Layout reconstruction of complex silicon chips , 1993 .

[432] Christof Paar,et al. Fuming Acid and Cryptanalysis: Handy Tools for Overcoming a Digital Locking and Access Control System , 2013, CRYPTO.

[433] Andrey Bogdanov,et al. PRESENT: An Ultra-Lightweight Block Cipher , 2007, CHES.

[434] Maria Kalenderi,et al. Breaking the GSM A5/1 cryptography algorithm with rainbow tables and high-end FPGAS , 2012, 22nd International Conference on Field Programmable Logic and Applications (FPL).

[435] V. Strassen. Gaussian elimination is not optimal , 1969 .

[436] Martin Novotný,et al. Breaking Hitag2 with Reconfigurable Hardware , 2011, 2011 14th Euromicro Conference on Digital System Design.

[437] Fides Aarts,et al. Tomte : bridging the gap between active learning and real-world systems , 2014 .

[438] Walter T. Penzhorn,et al. Correlation Attacks on Stream Ciphers: Computing Low-Weight Parity Checks Based on Error-Correcting Codes , 1996, FSE.

[439] Nicolas Courtois. Fast Algebraic Attacks on Stream Ciphers with Linear Feedback , 2003, CRYPTO.

[440] Thomas S. Messerges,et al. Using Second-Order Power Analysis to Attack DPA Resistant Software , 2000, CHES.

[441] Ingrid Verbauwhede,et al. Power Analysis of Atmel CryptoMemory - Recovering Keys from Secure EEPROMs , 2012, CT-RSA.

[442] Joos Vandewalle,et al. Hash Functions Based on Block Ciphers: A Synthetic Approach , 1993, CRYPTO.

[443] Flavio D. Garcia,et al. Sound Computational Interpretation of Formal Hashes , 2006, IACR Cryptol. ePrint Arch..

[444] Yang Zhenye,et al. New Method of Hardware Encryption against Piracy , 2009, 2009 International Forum on Information Technology and Applications.

[445] Ali Aydin Selçuk,et al. A New Meet-in-the-Middle Attack on the IDEA Block Cipher , 2003, Selected Areas in Cryptography.

[446] B. Lijnse,et al. TOP to the rescue. Task-oriented programming for incident response applications , 2005 .

[447] Manfred Josef Aigner,et al. Semi-passive RFID development platform for implementing and attacking security tags , 2010, 2010 International Conference for Internet Technology and Secured Transactions.

[448] Bart Jacobs,et al. Logical Formalisation and Analysis of the Mifare Classic Card in PVS , 2011, ITP.

[449] David A. Basin,et al. Provably repairing the ISO/IEC 9798 standard for entity authentication , 2012, J. Comput. Secur..

[450] Sergei Skorobogatov,et al. Semi-invasive attacks: a new approach to hardware security analysis , 2005 .

[451] Flavio D. Garcia,et al. Modeling Privacy for Off-Line RFID Systems , 2010, CARDIS.

[452] N Neda Noroozi,et al. Improving input-output conformance testing theories , 2014 .

[453] Sandra Kay Miller. Facing the Challenge of Wireless Security , 2001, Computer.

[454] Xuejia Lai,et al. Markov Ciphers and Differential Cryptanalysis , 1991, EUROCRYPT.

[455] Axel Belinfante,et al. JTorX: exploring model-based testing , 2014 .

[456] M. S. Greiler,et al. Test Suite Comprehension for Modular and Dynamic Systems , 2013 .

[457] Thomas Johansson,et al. A New Version of the Stream Cipher SNOW , 2002, Selected Areas in Cryptography.

[458] Philip Hawkes,et al. Guess-and-Determine Attacks on SNOW , 2002, Selected Areas in Cryptography.

[459] Louis Granboulan. Flaws in differential cryptanalysis of Skipjack , 2001, IACR Cryptol. ePrint Arch..

[460] Flavio D. Garcia,et al. Wirelessly Pickpocketing a Mifare Classic Card , 2009, 2009 30th IEEE Symposium on Security and Privacy.

[461] Gergely Alpár,et al. Attribute-based identity management : [bridging the cryptographic design of ABCs with the real world] , 2015 .

[462] Cunsheng Ding,et al. The Differential Cryptanalysis and Design of Natural Stream Ciphers , 1993, FSE.

[463] Huaxiong Wang,et al. Advanced Meet-in-the-Middle Preimage Attacks: First Results on Full Tiger, and Improved Results on MD4 and SHA-2 , 2010, ASIACRYPT.

[464] Werner Schindler,et al. Random Number Generators for Cryptographic Applications , 2009, Cryptographic Engineering.

[465] Gregory V. Bard,et al. Algebraic and Slide Attacks on KeeLoq , 2008, FSE.

[466] Vladimir V. Chepyzhov,et al. On A Fast Correlation Attack on Certain Stream Ciphers , 1991, EUROCRYPT.

[467] Roel Verdult. The (In)security of Proprietary Cryptography ; De (on)veiligheid van propriëtaire cryptografie , 2015 .

[468] Stefan Savage,et al. Inferring Internet denial-of-service activity , 2001, TOCS.

[469] Eli Biham,et al. Differential Cryptanalysis of the Data Encryption Standard , 1993, Springer New York.

[470] David P. Leech,et al. The Economic Impacts of NIST's Data Encryption Standard (DES) Program , 2001 .

[471] R. Chung-Wei Phan. Cryptanalysis of full Skipjack block cipher , 2002 .

[472] Aah Ammar Osaiweran. Formal development of control software in the medical systems domain , 2012 .

[473] Nicolas Courtois,et al. Algebraic Attacks on the Crypto-1 Stream Cipher in MiFare Classic and Oyster Cards , 2008, IACR Cryptol. ePrint Arch..

[474] Scw Bas Ploeger,et al. Improved verification methods for concurrent systems , 2009 .

[475] Natarajan Shankar,et al. Formal Verification for Fault-Tolerant Architectures: Prolegomena to the Design of PVS , 1995, IEEE Trans. Software Eng..

[476] Hasan Sözer,et al. Architecting Fault-Tolerant Software Systems , 2009 .

[477] Elaine B. Barker,et al. The Keyed-Hash Message Authentication Code (HMAC) | NIST , 2002 .

[478] Alex Biryukov,et al. Cryptanalytic Time/Memory/Data Tradeoffs for Stream Ciphers , 2000, ASIACRYPT.

[479] Andreas Klein. Stream Ciphers , 2013 .

[480] Barron Cornelius Housel. A study of decompiling machine languages into high-level machine independent languages , 1973 .

[481] Eli Biham,et al. Efficient Reconstruction of RC4 Keys from Internal States , 2008, FSE.

[482] Serge Vaudenay,et al. Cryptanalysis of Bluetooth Keystream Generator Two-Level E0 , 2004, ASIACRYPT.

[483] Stefan Mangard,et al. A Simple Power-Analysis (SPA) Attack on Implementations of the AES Key Expansion , 2002, ICISC.

[484] H. Markowitz. The Elimination form of the Inverse and its Application to Linear Programming , 1957 .

[485] B. J. Arnoldus,et al. An illumination of the template enigma : software code generation with templates , 2011 .

[486] William Millan,et al. Improved Attack on the Cellular Authentication and Voice Encryption Algorithm (CAVE) , 2004, Cryptographic Algorithms and their Uses.

[487] Frederik Armknecht,et al. Improving Fast Algebraic Attacks , 2004, FSE.

[488] Avishai Wool,et al. How to Build a Low-Cost, Extended-Range RFID Skimmer , 2006, USENIX Security Symposium.

[489] Kim van Erkelens,et al. Evaluation of the feasible attacks against RFID tags for access control systems , 2014 .

[490] Simon Heron,et al. Encryption: Advanced Encryption Standard (AES) , 2009 .

[491] Jon Louis Bentley,et al. Multidimensional divide-and-conquer , 1980, CACM.

[492] R. A. Rueppel. Analysis and Design of Stream Ciphers , 2012 .

[493] Jovan Dj. Golic,et al. Linear Statistical Weakness of Alleged RC4 Keystream Generator , 1997, EUROCRYPT.

[494] Hu Chuan-Gan,et al. On The Shift Register Sequences , 2004 .

[495] Latest Generation Technology for Immobilizer Systems , 2000 .

[496] Karsten Nohl,et al. Peeling Away Layers of an RFID Security System , 2011, Financial Cryptography.

[497] Z Zvezdan Protic,et al. Configuration management for models : generic methods for model comparison and model co-evolution , 2011 .

[498] van Mpwj Michiel Osch. Model-based testing of hybrid systems , 2007 .

[499] Alex Biryukov,et al. Real Time Cryptanalysis of the Alleged A5/1 on a PC , 1999 .

[500] Ilya Mironov,et al. (Not So) Random Shuffles of RC4 , 2002, IACR Cryptol. ePrint Arch..

[501] Frank Rubin,et al. Decrypting a Stream Cipher Based on j-k Flip-Flops , 1981, Cryptologia.