On Neurocryptanalysis of DES and 3DES

In the past few years, and more often recently, I have received several emails asking questions about two papers that I have published back in 2012. The papers are:

Mohammed M. Alani, Neuro-Cryptanalysis of DES and Triple-DES, published in proceedings of the 19th International Conference on Neural Information Processing (ICONIP2012), Nov. 2012, Doha, Qatar.(LNCS 7667/2012, Springer, http://doi.org/jqm)

Mohammed M. Alani, Neuro-Cryptanalysis of DES, Proceedings of the World Congress on Internet Security 2012, June 10th-12th, 2012, University of Guelph, Ontario, Canada.(IEEE Xplore)

Hence, I would like to clarify a few things.

The work published in these two papers was done back in 2008-2010 based on the initial idea that I presented in my masters thesis in 2003. The first set of results I received at that time were unbelievable in comparison to other cryptanalysis techniques in terms of number of known-plaintext-ciphertext pairs, time, and processing needed. However, soon I came to know that they were not realistic.

I prepared the first version of the paper back in 2009 and sent it to the International Journal of Information Security. At that time, the EiC was Prof.Dieter Gollmann. I received a rejection letter from Prof.Gollmann only a few days later. I responded to the letter with some explanation of the points that I have apparently misrepresented in the paper. From there, we kept corresponding for about 6 months. I found that Prof.Gollmann’s support and comments were extremely useful and have shifted my thinking on how the experiment was supposed to be done. For that, I will remain thankful to him. Later on, I decided to send it to a conference instead. Seeking faster approval before someone else presents the same idea.

What is motivating me to write this post, is the fact that I have received several emails from different researchers around the world saying that they were not able to reproduce the same results. This actually got me to investigate the mater and see why these results could not be reproduced.

The first issue I faced was the loss of the original experiments data that were previously used. Since 2009, I have moved to live in 4 different countries, and apparently I have lost much of my old research data in the process of moving. Hence, I could not reproduce the same results because I did not have access to the same data. It needs to be clear to fellow researchers that it is absolutely normal to have varying degrees of success in the proposed method, as described in the second paper. Those of you who are experienced in training neural networks are aware that the success and failure can be heavily dependent on the initial weights among other variables, and not solely dependent on your data.

I have been asked several times to share the MATLAB code as well. There was no ‘code’ as in a complete program. Back then, I used the neural networks toolbox of MATLAB2008. I used direct commands like:

net = newff(input, output, … , {'logsig' 'logsig'}, 'trainscg');
train(....)

I used plaintext that was generated by a pseudo-random number generator. Then I encrypted the text using my own implementation of DES. Then, I wrote a small program to transform ciphertext into a matrix of zeros and ones so that I use this matrix for NN training in MATLAB. This transformation is done through removing the parity bit of each byte and then producing the ASCII code in bits.

I had success in about 10% of the experiments that I have done back then. I remember doing hundreds and hundreds of experiments. It is obvious that the presented results were selected from hundreds of failures. As I mentioned earlier, the starting conditions of training were a lot and in my experiments I left most of them to be handled by MATLAB. This might have reduced the time I needed to succeed in some of these experiences, but it definitely did not make the reproduction of these results any easier.

This post is not written in the intent of defending the papers, nor in arguing their accuracy. The intention behind this post is to clarify some issues and reasons why you might not be able to reproduce the exact same results.

The bottom line is that I can understand that some researchers are facing difficulties in reproducing the results due to my reliance on MATLAB in using default values, or MATLAB initialization of other important values. However, this does not nullify the importance and potential of the method presented in these two papers.

Paper: Android Users Privacy Awareness Survey

ABSTRACT

Having a share of over 80% of the smartphone market, Android has become an important mobile operating system that is used by billions of users on daily basis. With the widespread use of smartphones in general, and Android in specific, privacy concerns grow with that expansion in the user base. With the millions of applications being downloaded by users daily, it is becoming increasingly difficult to differentiate between the good and the bad in terms of security and privacy. In this paper, we present the results of a survey conducted among 4027 Android users worldwide. This survey was conducted to measure the awareness of Android users regarding their privacy. The study measures the users’ interaction with the permissions required by different applications they install. The results of the survey show apparent weakness in the awareness of Android users regarding the privacy of their data.

Citation Info:

Mohammed M. Alani, “Android Users Privacy Awareness Survey”, International Journal of Interactive Mobile Technology (i-JIM), Vol 11, No 3, pp 130-144.

Full-text (open-access) can be accessed through the link: https://doi.org/10.3991/ijim.v11i3.6605

Book: Elements of Cloud Computing Security

This work serves as a thorough, yet simple-to-read, reference on various aspects of cloud computing security. The text opens with an introduction to the general concepts of cloud computing necessary to build a basic understanding of the cloud, followed by a discussion of aspects of security. The work then examines how cloud security differs from conventional information security, and reviews cloud-specific classes of threats and attacks. A range of varying threats in cloud computing are covered, from threats of data loss and data breaches, to threats to availability and threats posed by malicious insiders. The text discusses cloud security attacks on different levels, including attacks on the hypervisor, and on the confidentiality of data. Newer attacks, such as side-channel attacks and resource-freeing attacks, are also described. The work concludes with a set of general security recommendations for the cloud.

 

eBook ISBN 978-3-319-41411-9

Softcover ISBN 978-3-319-41410-2

Link: Elements of Cloud Computing Security: A Survey of Key Practicalities

Are You Certified?

If you have a certification in any Information Technology field, you are invited to write a review of your certification. Express your thoughts about the certification. Tell other people what you think of the certifications, how you got it and how it affected your career. Share your opinion with certification seekers.

Certifications.Reviews invites you to write your review and have it linked to your twitter/Linkedin/website/blog/..etc . If you’re interested, you can find more information and fill the review form on this page:

https://www.certifications.reviews/be-a-reviewer/

If you don’t have a certification, you can help others by sharing this post with your friends and colleagues.

Thank you.

Launching a new adventure called Certifications.Reviews

Its been a long time since I worked on a new personal project. I created RouterGeek.net back in 2005 and it had hit success a few months later. I worked on updating it for a few years, then I got busy with my PhD. and ended up turning the website into a small book that was published by Springer in 2012. Since then, I have been busy moving around from one country to another (one of the byproducts of being Iraqi).

A few weeks ago, the idea hit me. What is my favorite thing? Teaching, and passing knowledge to other people. Most of my academic interests are too complicated and might not be interesting to a large audience. I decided to go to a non-academic knowledge passing; certifications. Industrial certifications in the field of Information Technology are growing into a necessity for professionals and job seekers. So, my question was “How can I help?”.

I decided to create a website that talks to certification seekers in a simple way, explaining to them what the exam is all about. Not only by my own words, but using their own words. Eliminating all the big terms and complexity of exam description by experts. The idea is simple. Hear what other people think about the certification exam. What is this exam about? How did others achieve their goals? How did the exam change their lives? What is next?

When you, as a certification seeker, hear these words coming from the mouth of a fellow regular person in a simple language, it takes away your fear and clarifies ambiguities of this exam. I thought that this is a good idea and for me as person who had many certification exams, I believed that this can help me a lot.

So, I started a website called Certifications.Reviews. The website is designed to serve as a platform for certifications takers and seekers to exchange important information and tips.

After settling on the main idea, I was thinking that I should spice up the idea a little. I kept thinking, as a certification seeker, what do I need? The answer was a time table!

So, I sat down and developed a simple algorithm to create time tables on-demand. I put together a small application and a server to host it. The application lets you select the certification vendor, certification, the book that you are using, and the number of hours you plan to study per day. Voala..a time table is generated. I kept adding books to the time table database which now carries 30+ books in different specializations.

So many more ideas are going to be added to the site gradually. Joggling an academic job with a new project is not that easy, apparently. Stay tuned! there is much more to come!

Paper: MANET Security: A Survey

ABSTRACT

Mobile Ad hoc Networks are being adopted in more and more applications in our daily life. Mobile computing and mobile ad hoc networks in particular have become a daily need. As mobile ad hoc networks have been target for many attacks, the security of these networks has become an essential part of their existence. This paper provides a review of the current threats and how these threats are mitigated. The paper also discusses common attacks on mobile ad hoc networks and classifies these attacks in various classification types. The paper also discusses various countermeasures to mitigate the risks of attacks.

 

Citation Info:

Mohammed M. Alani, MANET Security: A Survey, published in the 4th IEEE International Conference on Control System, Computing, and Engineering, Penang, Malaysia, November 2014.

Full text available on IEEE Xplore on this link: http://dx.doi.org/10.1109/ICCSCE.2014.7072781

How to export Gantt chart from MS-Project 2010

I am not a “MS-Project” expert of any kind. Its just that a lot of my students need this, so I thought I would put it on the web for them as well as anyone else. Without wasting more time, here are the steps:

1. Mark all the rows in the WBS in MS-Project by clicking on the numbers on the side and sliding the pointer to the last row of project tasks.

1

2. Click on the small arrow next to “Copy” in the toolbar.

2

3. Click on “Copy Picture” from the small drop-down menu.

3

4. In the new window that is shown do the following:

a. Select “To GIF image file”

b. Select the location and the file name

c. Select “Selected Rows”

d. Select the proper dates for the start and end of your project. It is very important to select the correct dates that are used in the list or your Gantt Chart would not be complete.

e. Click on “OK”.

The file is now saved and can be easily added to your Word document.

4