Your search keyword '"Harry Bartlett"' showing total 36 results

1. Refining the search space of Alltop monomials

Author

Joanne Hall, Aiden Price, and Harry Bartlett

Subjects

Algebra and Number Theory, Discrete Mathematics and Combinatorics

Abstract

Alltop functions have applications to code-division multiple access (CDMA) systems and mutually unbiased bases (MUBs). Alltop functions construct MUBs and CDMA signal sets, and this motivates the continued search for further Alltop functions. The discovery of further Alltop functions is hindered by the computational complexity of verification. This paper narrows the search space through the introduction of a characteristic cubic polynomial and provides a verification process for Alltop monomials with a reduced computational complexity. Computational results lead to the conjecture that there are no further Alltop monomials.

Published

2022

2. Algebraic Attacks on Grain-Like Keystream Generators

Author

Matthew Beighton, Harry Bartlett, Leonie Simpson, and Kenneth Koon-Ho Wong

Published

2022

3. Impact of driving style and traffic condition on emissions and fuel consumption during real-world transient operation

Author

G.M. Hasan Shahariar, Timothy A. Bodisco, Ali Zare, Mojibul Sajjad, M.I. Jahirul, Thuy Chu Van, Harry Bartlett, Zoran Ristovski, and Richard J. Brown

Subjects

History, Fuel Technology, Polymers and Plastics, General Chemical Engineering, Organic Chemistry, Energy Engineering and Power Technology, Business and International Management, Industrial and Manufacturing Engineering

Published

2022

4. A fundamental flaw in the ++AE authenticated encryption mode

Author

Ed Dawson, Hassan Musallam Ahmed Qahur Al Mahri, Kenneth Koon-Ho Wong, Harry Bartlett, and Leonie Simpson

Subjects

Block cipher mode of operation, Authenticated encryption, Computer science, 68p25, Data_CODINGANDINFORMATIONTHEORY, 0102 computer and information sciences, 02 engineering and technology, caesar, 01 natural sciences, Most significant bit, QA1-939, 0202 electrical engineering, electronic engineering, information engineering, Hardware_ARITHMETICANDLOGICSTRUCTURES, 94a60, Block cipher, Authentication, forgery attack, business.industry, Applied Mathematics, block cipher, Plaintext, ++ae, Computer Science Applications, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Computational Mathematics, Symmetric-key algorithm, 010201 computation theory & mathematics, symmetric encryption, Key (cryptography), 020201 artificial intelligence & image processing, authenticated encryption, business, Algorithm, Mathematics

Abstract

In this article, we analyse a block cipher mode of operation for authenticated encryption known as ++AE (plus-plus-AE). We show that this mode has a fundamental flaw: the scheme does not verify the most significant bit of any block in the plaintext message. This flaw can be exploited by choosing a plaintext message and then constructing multiple forged messages in which the most significant bit of certain blocks is flipped. All of these plaintext messages will generate the same authentication tag. This forgery attack is deterministic and guaranteed to pass the ++AE integrity check. The success of the attack is independent of the underlying block cipher, key or public message number. We outline the mathematical proofs for the flaw in the ++AE algorithm. We conclude that ++AE is insecure as an authenticated encryption mode of operation.

Published

2018

5. MRI measurements of the thoracic aorta and pulmonary artery

Author

Viviana Rodriguez, Abdi-Aziz Mohamed, Harry Bartlett, Richard Slaughter, Leyla Beck, Christian Hamilton-Craig, and Wendy Strugnell

Subjects

Adult, Male, Aortic arch, Cardiac-Gated Imaging Techniques, Aorta, Thoracic, Pulmonary Artery, 030204 cardiovascular system & hematology, 030218 nuclear medicine & medical imaging, 03 medical and health sciences, Imaging, Three-Dimensional, 0302 clinical medicine, Reference Values, medicine.artery, Ascending aorta, medicine, Humans, Thoracic aorta, Radiology, Nuclear Medicine and imaging, Prospective Studies, Cardiac skeleton, Mean diameter, business.industry, Steady-state free precession imaging, Middle Aged, Magnetic Resonance Imaging, Healthy Volunteers, Clinical Practice, Oncology, Pulmonary artery, cardiovascular system, Female, business, Nuclear medicine

Abstract

The purpose of this study was to obtain a range of normal measurements of the adult thoracic aorta and main pulmonary artery using cardiac MRI, and to assess agreement between measurements made on ECG-gated two-dimensional (2D) breath held steady-state-free precession (SSFP), and three-dimensional (3D) breath held SSFP image acquisitions. Forty-nine normal volunteers underwent cardiac MRI using a 1.5T system. Two independent examiners measured the ascending aorta, aortic arch, descending thoracic aorta and main pulmonary artery in pre-defined locations. Overall, inter-observer agreement for all measurements was excellent. Close agreement was observed in aortic diameters obtained from the 2D and 3D SSFP methods in six of the nine aortic measurement sites. There was a tendency for the 3D measurements to be smaller than the 2D measurements but this was only significant at two sites, the aortic annulus, and the ascending aorta. There was a significance difference in aortic measurements between the left carotid artery (LC) and the left subclavian artery (LSC). Normal values for transverse diameters of the thoracic aorta and main pulmonary artery were established using 2D and 3D non-contrast MR sequences in healthy adults. Overall both inter-observer agreement, and agreement between 2D and 3D techniques was good. Mean diameter differences demonstrated at the aortic annulus, ascending aorta and aortic arch between LC and LSC although significant were less than one millimetre and unlikely to be important in clinical practice.

Published

2017

6. Security Analysis of Fountain V1

Author

Matthew Beighton, Harry Bartlett, and Leonie Simpson

Subjects

Security analysis, Cipher, Computer science, business.industry, NIST, Plaintext, Cryptography, Data_CODINGANDINFORMATIONTHEORY, State (computer science), Boolean function, business, Correlation attack, Algorithm

Abstract

This paper analyses the security of the lightweight cryptographic algorithm Fountain (V1), which is a candidate in the current NIST competition for such ciphers. We examine the Boolean functions used in Fountain for state update and output. We show that correlations exist between S-box functions and some register stages that may lead to correlation attacks if certain update functions are detectable. We also show that the state update function avoids state convergence in any phase of cipher operation, but state collisions may be forced in one bit position, for select states, by manipulating the associated data or plaintext.

Published

2020

7. Differential Random Fault Attacks on Certain CAESAR Stream Ciphers

Author

Harry Bartlett, Ed Dawson, Leonie Simpson, and Kenneth Koon-Ho Wong

Subjects

Computer science, 020206 networking & telecommunications, 02 engineering and technology, Function (mathematics), Fault (power engineering), 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), 020201 artificial intelligence & image processing, Side channel attack, State (computer science), Arithmetic, Differential (infinitesimal), Stream cipher, Bitwise operation

Abstract

We show that a particular class of stream ciphers – namely those in which the output function contains a bitwise AND operation – are susceptible to a differential fault attack using random faults. Several finalists and other candidates from the recent CAESAR competition fall into this category, including the AEGIS variants, Tiaoxin and the MORUS family. Attack outcomes range from key or full state recovery for Tiaoxin, to full state recovery for the AEGIS family and partial state recovery for MORUS. We present attack requirements and success probabilities on these ciphers, along with design considerations to mitigate against this attack.

Published

2020

8. Distinguishing Attacks on Linearly Filtered NFSRs with Decimated Output

Author

Kenneth Koon-Ho Wong, Harry Bartlett, Leonie Simpson, and Matthew Beighton

Subjects

Nonlinear system, Computer science, Keystream, Algorithm, Distinguishing attack, Stream cipher, Nonlinear feedback shift register, Shift register

Abstract

This paper presents an investigation into the resistance of linearly filtered nonlinear feedback shift registers (LF-NFSRs) against distinguishing attacks. We formalise the method described by Orumiehchiha, Pieprzyk, Steinfeld and Bartlett and then extend it to develop a more efficient, systematic framework for accurately distinguishing an arbitrary LF-NFSR. Our method is then generalised to distinguish arbitrary LF-NFSRs with regularly decimated output sequences. The proposed method is demonstrated through application to the example LF-NFSR used by Orumiehchiha et al. with improved results. Additionally, our new method can be accurately applied to much larger registers and can predict how much output is needed to find the strongest bias. To demonstrate this, we derive time and keystream requirement estimates for our attacks on each variant of the Grain family of stream ciphers under weak key-IV pairs.

Published

2020

9. Random Fault Attacks on a Class of Stream Ciphers

Author

Md. Iftekhar Salam, Harry Bartlett, Kenneth Koon-Ho Wong, Ed Dawson, Leonie Simpson, and Hassan Musallam Ahmed Qahur Al Mahri

Subjects

Article Subject, Computer Networks and Communications, Computer science, 020206 networking & telecommunications, 02 engineering and technology, Function (mathematics), Fault (power engineering), Computer security, computer.software_genre, Cipher, Ciphertext, lcsh:Technology (General), 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), lcsh:T1-995, 020201 artificial intelligence & image processing, State (computer science), Differential (infinitesimal), lcsh:Science (General), computer, Stream cipher, Information Systems, lcsh:Q1-390

Abstract

In this paper, we show that stream ciphers with a particular form of ciphertext output function are vulnerable to differential fault attacks using random faults. The CAESAR competition candidates Tiaoxin-346 and AEGIS-128L both fall into this category, and we show that our attack can be used to recover the secret key of Tiaoxin-346 and the entire state of AEGIS-128L with practical complexity. In the case of AEGIS-128L, the attack can be applied in a ciphertext-only scenario. Our attacks are more practical than previous fault attacks on these ciphers, which assumed bit-flipping faults. Although we also consider other ways of mitigating our attacks, we recommend that cipher designers avoid the form of ciphertext output function that we have identified.

Published

2019

10. Fault analysis of AEZ

Author

Kenneth Koon-Ho Wong, Hassan Musallam Ahmed Qahur Al Mahri, Ed Dawson, Harry Bartlett, and Leonie Simpson

Subjects

Authenticated encryption, Computer Networks and Communications, Computer science, business.industry, Byte, 020206 networking & telecommunications, Cryptography, 02 engineering and technology, Fault (power engineering), computer.software_genre, Computer Science Applications, Theoretical Computer Science, Computational Theory and Mathematics, 0202 electrical engineering, electronic engineering, information engineering, Key (lock), 020201 artificial intelligence & image processing, Fault analysis, Data mining, business, computer, Software, Block cipher

Abstract

AEZ is a block cipher mode based on AES which uses three 128-bit keys. The algorithm has been updated several times during the three rounds of the CAESAR cryptographic competition. Cryptanalytic results presented on AEZ to date do not breach its security. This paper describes a fault injection analysis on AEZ. We focus on analysing AEZ v4.2 but also investigate the applicability of these analyses to the recent version AEZ v5. This paper shows that all three 128-bit keys in AEZ v4.2 can be uniquely retrieved using only three random-valued single byte fault injections. A similar approach using four fault injections can uniquely recover all three keys of AEZ v5. The feasibility of this fault injection methodology has been proven against AES in previous works.

Published

2018

11. Fault Attacks on the Authenticated Encryption Stream Cipher MORUS

Author

Ed Dawson, Harry Bartlett, Iftekhar Salam, Kenneth Koon-Ho Wong, and Leonie Simpson

Subjects

Authenticated encryption, Computer Networks and Communications, Computer science, Key recovery, 02 engineering and technology, Hardware_PERFORMANCEANDRELIABILITY, Fault (power engineering), lcsh:Technology, key recovery, Component (UML), 0202 electrical engineering, electronic engineering, information engineering, MORUS, CAESAR, authenticated encryption, forgery, fault attack, Transient (computer programming), Stream cipher, lcsh:T, business.industry, Applied Mathematics, 020206 networking & telecommunications, Computer Science Applications, Computational Theory and Mathematics, Key (cryptography), 020201 artificial intelligence & image processing, Fault model, business, Software, Computer network

Abstract

This paper investigates the application of fault attacks to the authenticated encryption stream cipher algorithm MORUS. We propose fault attacks on MORUS with two different goals: one to breach the confidentiality component, and the other to breach the integrity component. For the fault attack on the confidentiality component of MORUS, we propose two different types of key recovery. The first type is a partial key recovery using a permanent fault model, except for one of the variants of MORUS where the full key is recovered with this model. The second type is a full key recovery using a transient fault model, at the cost of a higher number of faults compared to the permanent fault model. Finally, we describe a fault attack on the integrity component of MORUS, which performs a forgery using the bit-flipping fault model.

Published

2018

12. Fault attacks on Tiaoxin-346

Author

Kenneth Koon-Ho Wong, Ed Dawson, Hassan Musallam Ahmed Qahur Al Mahri, Harry Bartlett, Iftekhar Salam, and Leonie Simpson

Subjects

Authenticated encryption, Key-recovery attack, 020205 medical informatics, Computer science, business.industry, Cryptography, Hardware_PERFORMANCEANDRELIABILITY, 02 engineering and technology, Fault injection, Fault (power engineering), Cipher, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Fault model, business, Algorithm, Stream cipher

Abstract

This paper describes two different fault injection attacks on the authenticated encryption stream cipher Tiaoxin-346, a third round candidate in the CAESAR cryptographic competition. The first type of fault injection uses a bit-flipping fault model to conduct a forgery attack. The number of faulty bits required for this forgery attack is twice the number of bit modifications made in the input message. The second type of fault injection uses a random fault model in a differential fault attack to recover the secret key of the cipher. A successful attack can be performed with 36 random multi-byte faults and a computational complexity of 236. This second attack improves on the previous key recovery attack of Dey et. al., as the random fault model we use is more practical than the bit flipping model used in their attack.Ed Dawson

Published

2018

13. Investigating Cube Attacks on the Authenticated Encryption Stream Cipher MORUS

Author

Iftekhar Salam, Leonie Simpson, Harry Bartlett, Ed Dawson, Josef Pieprzyk, and Kenneth Koon-Ho Wong

Published

2017

14. A Fault-based Attack on AEZ v4.2

Author

Ed Dawson, Kenneth Koon-Ho Wong, Hassan Musallam Ahmed Qahur Al Mahri, Leonie Simpson, and Harry Bartlett

Subjects

Authenticated encryption, Key-recovery attack, Authentication, Exploit, business.industry, Computer science, Distributed computing, 020206 networking & telecommunications, 02 engineering and technology, Encryption, Fault (power engineering), 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Differential (infinitesimal), business, Cryptographic nonce

Abstract

This paper investigates differential fault attacks against AEZ v4.2 authenticated encryption scheme. AEZ uses three different 128-bit keys (I, J, L) and can potentially work without a nonce or with a repeated nonce. Under these conditions, this paper identifies the best place to apply differential fault attacks. We exploit the structure of AEZ to minimise the total number of faults required for key recovery. We propose an approach that can reduce the number of fault injections required to retrieve all three AEZ keys, I, J and L, from six to four such that these keys are uniquely determined. As a second step, we further reduce the fault injections to three without reducing the success rate of the key recovery attack. This improvement to differential fault attacks on AEZ makes these attacks more practical. The attacks in this paper are verified experimentally using a generic implementation of AEZ v4.2 developed in C.

Published

2017

15. On-board measurements of particle and gaseous emissions from a large cargo vessel at different operating conditions

Author

Liping Yang, Thuy Chu-Van, Ali Mohammad Pourkhesalian, Zoran Ristovski, Hossein Enshaei, Thomas J. Rainey, Rouzbeh Abbassi, Sanaz Jahangiri, Richard J. C. Brown, Harry Bartlett, U-Shen Kam, Vikram Garaniya, Richard W. Kimball, and Ali Zare

Subjects

010504 meteorology & atmospheric sciences, Particle number, Aircraft, Health, Toxicology and Mutagenesis, Air pollution, 010501 environmental sciences, Toxicology, medicine.disease_cause, 01 natural sciences, Air Pollution, Ultrafine particle, medicine, Particle Size, Ships, 0105 earth and related environmental sciences, Vehicle Emissions, Air Pollutants, Mode (statistics), General Medicine, Particulates, Pollution, Particle, Environmental science, Particulate Matter, Particle size, Gases, Current (fluid), Sulfur, Marine engineering, Environmental Monitoring

Abstract

This study investigated particle and gaseous emission factors from a large cargo vessel for her whole voyage including at berth, manoeuvring and cruising. Quantification of these factors assists in minimising the uncertainty in the current methods of exhaust gas emission factor estimation. Engine performance and emissions from the main marine engine were measured on-board while the ship was manoeuvring and cruising at sea. Emissions of an auxiliary engine working at 55% of maximum continuous rating (MCR) were measured when the ship was at actual harbour stopovers. Gaseous and particle emission factors in this study are presented in g kWh-1 or # kWh-1, and compared with previous studies. Results showed that the SO2 emission factor is higher than that of previous studies due to the high sulphur content of the fuel used. The particle number size distributions showed only one mode for different operating conditions of the ship, with a peak at around 40-50 nm, which was dominated by ultrafine particles. Emission factors of CO, HC, PM and PN observed during ship manoeuvring were much higher than that of those recorded at cruising condition. These findings highlight the importance of quantification and monitoring ship emissions in close proximity to port areas, as they can have the highest impact on population exposure.

Published

2017

16. CHURNs: Freshness Assurance for Humans

Author

Juan Gonzalez Nieto, Colin Boyd, Kenneth Radke, and Harry Bartlett

Subjects

Protocol (science), Authentication, General Computer Science, Computer science, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, Computer security, computer.software_genre, Path (graph theory), The Internet, business, computer, Replay attack, Randomness, Cryptographic nonce

Abstract

We present CHURNs, a method for providing freshness and authentication assurances to human users. In computer-to-computer protocols, it has long been accepted that assurances of freshness such as random nonces are required to prevent replay attacks. Typically, no such assurance of freshness is presented to a human in a human-and-computer protocol. A Computer–HUman Recognisable Nonce (CHURN) is a computer-aided random sequence that the human has a measure of control over and input into. Our approach overcomes limitations such as ‘humans cannot do random’ and that humans will follow the easiest path. Our findings show that CHURNs are significantly more random than values produced by unaided humans; that humans may be used as a second source of randomness, and we give measurements as to how much randomness can be gained from humans using our approach; and that our CHURN-generator makes the user feel more in control, thus removing the need for complete trust in devices and underlying protocols. We give an example of how a CHURN may be used to provide assurances of freshness and authentication for humans in a widely used protocol.

Published

2014

17. Security analysis of linearly filtered NLFSRs

Author

Josef Pieprzyk, Ron Steinfeld, Mohammad Ali Orumiehchiha, and Harry Bartlett

Subjects

Security analysis, Theoretical computer science, Cryptography, key recovery attack, law.invention, non-linear feedback shift register, linearly filtered nlfsr, cryptanalysis, law, QA1-939, Hardware_ARITHMETICANDLOGICSTRUCTURES, Stream cipher, Vulnerability (computing), Mathematics, Shift register, Key-recovery attack, distinguishing attack, business.industry, Applied Mathematics, Computer Science Applications, Computational Mathematics, Computer engineering, Cryptanalysis, business, Distinguishing attack

Abstract

Non-linear feedback shift register (NLFSR) ciphers are cryptographic tools of choice of the industry especially for mobile communication. Their attractive feature is a high efficiency when implemented in hardware or software. However, the main problem of NLFSR ciphers is that their security is still not well investigated. The paper makes a progress in the study of the security of NLFSR ciphers. In particular, we show a distinguishing attack on linearly filtered NLFSR (or LF-NLFSR) ciphers. We extend the attack to a linear combination of LF-NLFSRs. We investigate the security of a modified version of the Grain stream cipher and show its vulnerability to both key recovery and distinguishing attacks.

Published

2013

18. Indirect message injection for MAC generation

Author

Ed Dawson, Leonie Simpson, Mufeed Al Mashrafi, Harry Bartlett, and Kenneth Koon-Ho Wong

Subjects

Authenticated encryption, Design stage, mac, Computer science, business.industry, Applied Mathematics, Keystream, message injection, stream ciphers, side-channel attacks, collision attacks, Computer Science Applications, Computational Mathematics, Indirect injection, forgery attacks, QA1-939, Side channel attack, business, Implementation, Stream cipher, Mathematics, Computer network

Abstract

This paper presents a model for the generation of a MAC tag using a stream cipher. The input message is used indirectly to control segments of the keystream that form the MAC tag. Several recent proposals can be considered as instances of this general model, as they all perform message accumulation in this way. However, they use slightly different processes in the message preparation and finalisation phases. We examine the security of this model for different options and against different types of attack, and conclude that the indirect injection model can be used to generate MAC tags securely for certain combinations of options. Careful consideration is required at the design stage to avoid combinations of options that result in susceptibility to forgery attacks. Additionally, some implementations may be vulnerable to side-channel attacks if used in Authenticated Encryption (AE) algorithms. We give design recommendations to provide resistance to these attacks for proposals following this model.

Published

2013

19. Fault Attacks on XEX Mode with Application to Certain Authenticated Encryption Modes

Author

Kenneth Koon-Ho Wong, Ed Dawson, Leonie Simpson, Hassan Musallam Ahmed Qahur Al Mahri, and Harry Bartlett

Subjects

060201 languages & linguistics, Authenticated encryption, Differential fault analysis, business.industry, Computer science, 06 humanities and the arts, 02 engineering and technology, Fault (power engineering), Mode (computer interface), 0602 languages and literature, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), 020201 artificial intelligence & image processing, business, Computer network, Cryptographic nonce, Block cipher

Abstract

The XOR-Encrypt-XOR (XEX) block cipher mode was introduced by Rogaway in 2004. XEX mode uses nonce-based secret masks (L) that are distinct for each message. The existence of secret masks in XEX mode prevents the application of conventional fault attack techniques, such as differential fault analysis. This work investigates other types of fault attacks against XEX mode that either eliminate the effect of the secret masks or retrieve their values. Either of these outcomes enables existing fault attack techniques to then be applied to recover the secret key. To estimate the success rate and feasibility, we ran simulations for ciphertext-only fault attacks against 128-bit AES in XEX mode. The paper discusses also the relevance of the proposed fault attacks to certain authenticated encryption modes based on XEX, such as OCB2, OTR, COPA, SHELL and ElmD. Finally, we suggest effective countermeasures to provide resistance to these fault attacks.

Published

2017

20. Relationships between HMG-CoA reductase inhibitors (statin) use and strength, balance and falls in older people

Author

Harry Bartlett, Jeffrey Rowland, Kim Delbaere, Wendy Haerer, and Stephen R. Lord

Subjects

medicine.medical_specialty, Statin, biology, business.industry, medicine.drug_class, nutritional and metabolic diseases, Muscle weakness, Statin treatment, Physical medicine and rehabilitation, HMG-CoA reductase, Internal Medicine, Physical therapy, biology.protein, Muscle strength, Medicine, Accidental fall, medicine.symptom, business, Older people, Balance (ability)

Abstract

Free to read Aims To investigate associations between HMG-CoA reductase inhibitor (statin) use and muscle strength, balance, mobility and falls in older people. Methods Five hundred community-dwelling people aged 70–90 years provided information about their medication use and undertook tests of lower limb strength, postural sway, leaning balance (maximal balance range and coordinated stability tests) and functional mobility. Participants were then followed up for 12 months with respect to falls. Results After adjusting for general health in analyses of covariance procedures, statin users had poorer maximal balance range than non-statin users (P = 0.017). Statin and non-statin users did not differ with respect to strength, postural sway, mobility or falls experienced in the follow-up year. Conclusion In a sample of healthy older people, statin use was not associated with muscle weakness, postural sway, reduced mobility or falls. Statin users, however, had poorer leaning balance which may potentially increase fall risk in this group.

Published

2012

21. Impact of pain location, organ system and treating speciality on timely delivery of analgesia in emergency departments

Author

Scott Bennetts, Chris Jackson, Ogilvie Thom, Steven Doherty, Harry Bartlett, Hamish Rodda, Kim Hansen, and Melanie Price

Subjects

medicine.medical_specialty, Pain score, business.industry, Emergency department, Logistic regression, Triage, Institutional repository, Emergency medicine, Emergency Medicine, medicine, Presentation (obstetrics), business, Organ system, Cohort study

Abstract

Objective: This retrospective, observational cohort study investigated whether the clinical features of a patient's pain, including anatomical location, organ system and likely treating speciality, impact on the delivery of analgesia within 30min in EDs. Methods: Data were obtained from 24 centres across Australia between April 2008 and March 2009. Principal outcome was delivery of analgesia within 30min or less. Factors that might explain any differences were analysed, including anatomical location of the pain, likely treating speciality, organ system affected, age, sex, day and time of presentation, hospital location, documented pain score and triage category. Analysis was by the χ -test for independence of proportions and multiple logistic regression. A P-value

Published

2011

22. Finding state collisions in the authenticated encryption stream cipher ACORN

Author

Harry Bartlett, Kenneth Koon-Ho Wong, Ed Dawson, Josef Pieprzyk, Leonie Simpson, and Iftekhar Salam

Subjects

Authenticated encryption, 020205 medical informatics, Initialization vector, Computer science, business.industry, Cryptography, 02 engineering and technology, Computer security, computer.software_genre, Symmetric-key algorithm, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, Key (cryptography), Communication source, State (computer science), business, Stream cipher, computer

Abstract

This paper analyzes the authenticated encryption algorithm ACORN, a candidate in the CAESAR cryptographic competition. We identify weaknesses in the state update function of ACORN which result in collisions in the internal state of ACORN. This paper shows that for a given set of key and initialization vector values we can construct two distinct input messages which result in a collision in the ACORN internal state. Using a standard PC the collision can be found almost instantly when the secret key is known. This flaw can be used by a message sender to create a forged message which will be accepted as legitimate.

Published

2016

23. Forgery attacks on ++AE authenticated encryption mode

Author

Harry Bartlett, Ed Dawson, Hassan Musallam Ahmed Qahur Al Mahri, Kenneth Koon-Ho Wong, and Leonie Simpson

Subjects

Block cipher mode of operation, Authenticated encryption, business.industry, Computer science, Plaintext, Cryptography, Data_CODINGANDINFORMATIONTHEORY, Computer security, computer.software_genre, Watermarking attack, Symmetric-key algorithm, Hardware_ARITHMETICANDLOGICSTRUCTURES, business, CCM mode, computer, Computer network, Block cipher

Abstract

In this paper, we analyse a block cipher mode of operation submitted in 2014 to the cryptographic competition for authenticated encryption (CAESAR). This mode is designed by Recacha and called ++AE (plus-plus-ae). We propose a chosen plaintext forgery attack on ++AE that requires only a single chosen message query to allow an attacker to construct multiple forged messages. Our attack is deterministic and guaranteed to pass ++AE integrity check. We demonstrate the forgery attack using 128-bit AES as the underlying block cipher. Hence, ++AE is insecure as an authenticated encryption mode of operation.

Published

2016

24. Tweaking Generic OTR to Avoid Forgery Attacks

Author

Harry Bartlett, Kenneth Koon-Ho Wong, Leonie Simpson, Hassan Musallam Ahmed Qahur Al Mahri, and Ed Dawson

Subjects

Authenticated encryption, Discrete mathematics, business.industry, Computer science, Computer security, computer.software_genre, Finite field, Symmetric-key algorithm, Primitive polynomial, Physics::Accelerator Physics, business, Tweaking, computer, Block size, Computer Science::Cryptography and Security

Abstract

This paper considers the security of the Offset Two-Round (OTR) authenticated encryption mode [9] with respect to forgery attacks. The current version of OTR gives a security proof for specific choices of the block size (n) and the primitive polynomial used to construct the finite field \(\mathbb {F}_{2^n}\). Although the OTR construction is generic, the security proof is not. For every choice of finite field the distinctness of masking coefficients must be verified to ensure security. In this paper, we show that some primitive polynomials result in collisions among the masking coefficients used in the current instantiation, from which forgeries can be constructed. We propose a new way to instantiate OTR so that the masking coefficients are distinct in every finite field \(\mathbb {F}_{2^n}\), thus generalising OTR without reducing the security of OTR.

Published

2016

25. Investigating Cube Attacks on the Authenticated Encryption Stream Cipher ACORN

Author

Iftekhar Salam, Ed Dawson, Josef Pieprzyk, Kenneth Koon-Ho Wong, Harry Bartlett, and Leonie Simpson

Subjects

Triple DES, Block cipher mode of operation, Authenticated encryption, Theoretical computer science, business.industry, Computer science, Stream cipher attack, Sponge function, 0102 computer and information sciences, 02 engineering and technology, Encryption, 01 natural sciences, Cipher, 010201 computation theory & mathematics, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Cube attack, business, Stream cipher, Algorithm, Block cipher

Abstract

We investigated the application of cube attacks to MORUS, a candidate in the CAESAR competition. We applied the cube attack to a version of MORUS where the initialization phase is reduced from 16 steps to 4. Our analysis shows that the cube attack can successfully recover the secret key of MORUS-640 with a total complexity of about 2^10 for this reduced version, and similarly for MORUS-1280 with complexity 2^9. Additionally, we obtained cubes resulting in distinguishers for 5 steps of the initialization of MORUS- 1280; these can distinguish the cipher output function from a random function with complexity of 2^8. All our attacks are verified experimentally. Currently, the cube attack does not threaten the security of MORUS if the full initialization phase is performed.

Published

2016

26. Flaws in the Initialisation Process of Stream Ciphers

Author

Ed Dawson, Ali Alhamdan, Leonie Simpson, Harry Bartlett, and Kenneth Koon-Ho Wong

Subjects

Theoretical computer science, Differential cryptanalysis, Computer science, Component (UML), Stream cipher attack, Fluhrer, Mantin and Shamir attack, Key (cryptography), Process (computing), Slide attack, Stream cipher

Abstract

The initialisation process is a key component in modern stream cipher design. A well-designed initialisation process should not reveal any information about the secret key, or possess properties that may help to facilitate attacks. This paper analyses the initialisation processes of shift register based stream ciphers and identifies four flaws which lead to compression, state convergence, the existence of slid pairs and possible weak Key-IV combinations. These flaws are illustrated using the A5/1 stream cipher as a case study. We also provide some design recommendations for the intialisation process in stream ciphers, to overcome these and other flaws.

Published

2015

27. Weaknesses in the Initialisation Process of the Common Scrambling Algorithm Stream Cipher

Author

Kenneth Koon-Ho Wong, Ed Dawson, Ali Alhamdan, Leonie Simpson, and Harry Bartlett

Subjects

Theoretical computer science, Computer science, business.industry, Encryption, Common Scrambling Algorithm, Pseudorandom binary sequence, Transmission (telecommunications), Cipher, State (computer science), Hardware_ARITHMETICANDLOGICSTRUCTURES, business, Stream cipher, Algorithm, Shift register

Abstract

The Common Scrambling Algorithm Stream Cipher (CSA-SC) is a shift register based stream cipher designed to encrypt digital video broadcast. CSA-SC produces a pseudo-random binary sequence that is used to mask the contents of the transmission. In this paper, we analyse the initialisation process of the CSA-SC keystream generator and demonstrate weaknesses which lead to state convergence, slid pairs and shifted keystreams. As a result, the cipher may be vulnerable to distinguishing attacks, time-memory-data trade-off attacks or slide attacks.

Published

2014

28. A General Model for MAC Generation Using Direct Injection

Author

Mufeed Juma ALMashrafi, Kenneth Koon-Ho Wong, Leonie Simpson, Ed Dawson, and Harry Bartlett

Subjects

Nonlinear filter, Computer science, Hash function, Matrix representation, SOBER-128, State (computer science), Collision, Algorithm, Stream cipher, Generator (mathematics)

Abstract

This paper presents a model for generating a MAC tag by injecting the input message directly into the internal state of a nonlinear filter generator. This model generalises a similar model for unkeyed hash functions proposed by Nakano et al. We develop a matrix representation for the accumulation phase of our model and use it to analyse the security of the model against man-in-the-middle forgery attacks based on collisions in the final register contents. The results of this analysis show that some conclusions of Nakano et al regarding the security of their model are incorrect. We also use our results to comment on several recent MAC proposals which can be considered as instances of our model and specify choices of options within the model which should prevent the type of forgery discussed here. In particular, suitable initialisation of the register and active use of a secure nonlinear filter will prevent an attacker from finding a collision in the final register contents which could result in a forged MAC.

Published

2013

29. Slide attacks on the Sfinks stream cipher

Author

Harry Bartlett, Ed Dawson, Kenneth Koon-Ho Wong, Ali Alhamdan, and Leonie Simpson

Subjects

Cipher, business.industry, Computer science, Keystream, Real-time computing, SFINKS, Cryptography, eSTREAM, Parallel computing, Slide attack, business, Padding, Stream cipher

Abstract

Sfinks is a shift register based stream cipher designed for hardware implementation and submitted to the eSTREAM project. In this paper, we analyse the initialisation process of Sfinks. We demonstrate a slid property of the loaded state of the Sfinks cipher, where multiple key-IV pairs may produce phase shifted keystream sequences. The state update functions of both the initialisation process and keystream generation and also the pattern of the padding affect generation of the slid pairs.

Published

2012

30. Impact of pain location, organ system and treating speciality on timely delivery of analgesia in emergency departments

Author

Kim, Hansen, Ogilvie, Thom, Hamish, Rodda, Melanie, Price, Chris, Jackson, Scott, Bennetts, Steven, Doherty, and Harry, Bartlett

Subjects

Adult, Aged, 80 and over, Male, Analgesics, Adolescent, Australia, Infant, Pain, Middle Aged, Drug Administration Schedule, Cohort Studies, Young Adult, Child, Preschool, Multivariate Analysis, Humans, Female, Analgesia, Child, Emergency Service, Hospital, Aged, Retrospective Studies

Abstract

This retrospective, observational cohort study investigated whether the clinical features of a patient's pain, including anatomical location, organ system and likely treating speciality, impact on the delivery of analgesia within 30 min in EDs.Data were obtained from 24 centres across Australia between April 2008 and March 2009. Principal outcome was delivery of analgesia within 30 min or less. Factors that might explain any differences were analysed, including anatomical location of the pain, likely treating speciality, organ system affected, age, sex, day and time of presentation, hospital location, documented pain score and triage category. Analysis was by the χ(2)-test for independence of proportions and multiple logistic regression. A P-value0.05 was considered statistically significant.There were 4598 patients, of whom 2578 were male. The median age was 36 years (range 0-103). Both limb origin of pain (χ(2) = 46.1, P0.001) and documentation of a pain score (χ(2) = 48.6, P0.001) were strongly associated with delivery of analgesia within 30 min. Attending a rural ED was a significant risk factor for delayed analgesia (χ(2) = 12.5, P0.001). Burns patients (40.2%, 47 of 117, P0.001) and orthopaedic patients (26.1%, 259 of 992, P0.001) were much more likely to received analgesia within 30 min than the mean (19.5%, 896 of 4598).Patients presenting with burns, orthopaedic conditions or with a limb location of pain are more likely to receive analgesia within 30 min in Australian EDs. Clinicians should be aware of possible trends in the delivery of timely analgesia to patients with pain.

Published

2012

31. Analysis of Indirect Message Injection for MAC Generation Using Stream Ciphers

Author

Kenneth Koon-Ho Wong, Ed Dawson, Leonie Simpson, Harry Bartlett, and Mufeed Juma ALMashrafi

Subjects

Computer science, Stream cipher attack, SFINKS, Computer security, computer.software_genre, Correlation attack, Stream cipher, computer

Abstract

This paper presents a model for generating a MAC tag with a stream cipher using the input message indirectly. Several recent proposals represent instances of this model with slightly different options. We investigate the security of this model for different options, and identify cases which permit forgery attacks. Based on this, we present a new forgery attack on version 1.4 of 128-EIA3. Design recommendations to enhance the security of proposals following this general model are given.

Published

2012

32. Algebraic analysis of the SSS stream cipher

Author

Ed Dawson, Mufeed Juma ALMashrafi, Kenneth Koon-Ho Wong, Leonie Simpson, and Harry Bartlett

Subjects

Theoretical computer science, Cipher, Computer science, Keystream, Stream cipher attack, Fluhrer, Mantin and Shamir attack, Two-square cipher, Affine cipher, Algorithm, Stream cipher, Transposition cipher

Abstract

Both the SSS and SOBER-t32 stream cipher designs use a single word-based shift register and a nonlinear filter function to produce keystream. In this paper we show that the algebraic attack method previously applied to SOBER-t32 is prevented from succeeding on SSS by the use of the keydependent substitution box (SBox) in the nonlinear filter of SSS. Additional assumptions and modifications to the SSS cipher in an attempt to enable algebraic analysis result in other difficulties that also render the algebraic attack infeasible. Based on these results, we conclude that a well-chosen key-dependent substitution box used in the nonlinear filter of the stream cipher provides resistance against such algebraic attacks.

Published

2011

33. A prospective pilot study evaluating the 'cardiac decompensation score' in the setting of intraaortic balloon counterpulsation

Author

Peter Lewis, Mary Courtney, Harry Bartlett, Daniel V. Mullany, Fiona Coyer, and Shane Townsend

Subjects

Adult, Male, Cardiac function curve, medicine.medical_specialty, Cardiac output, Pilot Projects, Critical Care Nursing, Tertiary referral hospital, Risk Assessment, Sensitivity and Specificity, Severity of Illness Index, Statistics, Nonparametric, law.invention, law, medicine, Humans, Single-Blind Method, In patient, Hospital Mortality, Prospective Studies, Intensive care medicine, Aged, Monitoring, Physiologic, Aged, 80 and over, Heart Failure, Observer Variation, Intra-Aortic Balloon Pumping, Intraaortic balloon, business.industry, Middle Aged, Prognosis, medicine.disease, Intensive care unit, Survival Rate, Treatment Outcome, Cardiac decompensation, Heart failure, Emergency medicine, Female, Queensland, business

Abstract

The study objective was to determine whether the ‘cardiac decompensation score’ could identify cardiac decompensation in a patient with existing cardiac compromise managed with intraaortic balloon counterpulsation (IABP). A one-group, posttest-only design was utilised to collect observations in 2003 from IABP recipients treated in the intensive care unit of a 450 bed Australian, government funded, public, cardiothoracic, tertiary referral hospital. Twenty-three consecutive IABP recipients were enrolled, four of whom died in ICU (17.4%). All non-survivors exhibited primarily rising scores over the observation period (p < 0.001) and had final scores of 25 or higher. In contrast, the maximum score obtained by a survivor at any time was 15. Regardless of survival, scores for the 23 participants were generally decreasing immediately following therapy escalation (p = 0.016). Further reflecting these changes in patient support, there was also a trend for scores to move from rising to falling at such treatment escalations (p = 0.024). This pilot study indicates the ‘cardiac decompensation score’ to accurately represent changes in heart function specific to an individual patient. Use of the score in conjunction with IABP may lead to earlier identification of changes occurring in a patient's cardiac function and thus facilitate improved IABP outcomes.

Published

2011

34. State Convergence in the Initialisation of Stream Ciphers

Author

Sui-Guan Teo, Ed Dawson, Leonie Simpson, Harry Bartlett, Kenneth Koon-Ho Wong, and Ali Alhamdan

Subjects

Computer science, Keystream, Component (UML), Real-time computing, Convergence (routing), Key (cryptography), Process (computing), Convergence problem, State (computer science), Stream cipher, Algorithm

Abstract

An initialisation process is a key component in modern stream cipher design. A well-designed initialisation process should ensure that each key-IV pair generates a different keystream. In this paper, we analyse two ciphers, A5/1 and Mixer, for which this does not happen due to state convergence. We show how the state convergence problem occurs and estimate the effective key-space in each case.

Published

2011

35. Determinants of in-hospital and long-term surgical outcomes after repair of postinfarction ventricular septal rupture

Author

Satsuki Fukushima, Jivesh Choudhary, Peter Pohlner, Homayoun Jalali, Peter Tesar, Hemant Sharma, Harry Bartlett, and Andrew Clarke

Subjects

Pulmonary and Respiratory Medicine, Male, medicine.medical_specialty, Time Factors, Infarction, Kaplan-Meier Estimate, Risk Assessment, Ventricular Septal Rupture, Risk Factors, Internal medicine, medicine, Humans, cardiovascular diseases, Myocardial infarction, Hospital Mortality, Cardiac Surgical Procedures, Aged, Proportional Hazards Models, Retrospective Studies, Surgical repair, Heart Failure, Ejection fraction, Chi-Square Distribution, business.industry, Middle Aged, medicine.disease, Surgery, Cardiac surgery, medicine.anatomical_structure, Logistic Models, Treatment Outcome, cardiovascular system, Cardiology, Tachycardia, Ventricular, Female, business, Cardiology and Cardiovascular Medicine, Mace, Artery

Abstract

ObjectivesSurgical repair of post–myocardial infarction ventricular septal rupture is challenging with reported early mortality being substantial. In addition, congestive cardiac failure and ventricular tachyarrhythmia frequently occur long term after the operation, although frequency and predictive factors of these events have been poorly identified.MethodsA consecutive series of 68 patients who underwent repair of postinfarction ventricular septal rupture by 14 surgeons between 1988 and 2007 was studied. Fifty-eight (85%) patients underwent repair in an urgent setting (

Published

2009

36. Modified RV short axis series--a new method for cardiac MRI measurement of right ventricular volumes

Author

Robyn Riley, l Richard E Slaughter, Andrew J Trotter, Harry Bartlett, and W. Strugnell

Subjects

medicine.medical_specialty, Short axis, Heart Diseases, Heart Ventricles, Magnetic Resonance Imaging, Cine, End systole, Internal medicine, medicine, Image Processing, Computer-Assisted, Humans, Radiology, Nuclear Medicine and imaging, cardiovascular diseases, Prospective Studies, End diastole, Pulmonary Valve, Tricuspid valve, Radiological and Ultrasound Technology, business.industry, Reproducibility of Results, Stroke Volume, Standard technique, Myocardial Contraction, Data set, medicine.anatomical_structure, Ventricle, Pulmonary valve, cardiovascular system, Cardiology, Ventricular Function, Right, Heart Transplantation, Tricuspid Valve, Cardiology and Cardiovascular Medicine, business

Abstract

Purpose. The current standard image orientation employed in the MRI assessment of right ventricular volumes uses a series of short axis cine acquisitions located with respect to a horizontal long axis view with the first slice placed across the atrio-ventricular valve plane at end diastole. Inherent inaccuracies are encountered with the use of this image orientation due to difficulty in defining the tricuspid valve and the border between atrium and ventricle on the resultant images. Our experience indicates that because the tricuspid valve is usually not in-plane in the slice the atrio-ventricular margin is difficult to distinguish. This leads to inaccuracies in measurements at the base of the RV and miscalculation of the RV volume. The purpose of this study was to assess an alternative method of image orientation aimed at increasing the accuracy of RV volume measurements using current commercially available CMRI sequences. This technique, the modified RV short axis series, is oriented to the outflow tract of the right ventricle. Method. We undertook a prospective study of 50 post cardiac transplant patients. A series of LV short axis multi-slice cine acquisition FIESTA images was acquired using the current standard technique. From this data set, LVand RV stroke volumes were derived on an Advantage Windows workstation using planimetry of the endocardial and epicardial borders in end systole and end diastole. Our new technique involved obtaining a set of multi-slice cine acquisition FIESTA images in a plane perpendicular to a line from the centre of the pulmonary valve to the apex of the RV. Planimetry of the RV was then performed and a stroke volume calculated using the same method of analysis. RV stroke volumes obtained from both techniques were compared with LV stroke volumes. Three operators independently derived RV data sets. Results. On the images acquired with the new technique, the tricuspid valve was easier to define leading to more accurate and reproducible planimetry of ventricular borders. RV stroke volumes calculated from the new method showed better agreement with LV stroke volumes than with the current method. These results were consistent across the three operators. Conclusions. This new method improves visualisation of the tricuspid valve and makes analysis easier and less prone to operator error than the current standard technique for MRI assessment of RV volumes.

Published

2005