Registrar's Department - Award/Graduation


		iSecures Lab

Consultancies & Analyses

We welcome consultancies from both the industry and the academia on the analyses of security schemes and systems. Given below is a list of such schemes that we have analyzed.

Block Ciphers

Advanced Encryption Standard (AES)

This is the standard encryption method endorsed by the U.S National Institute of Standards & Technology (NIST) for the protection of non-classified confidential information. This will replace the Data Encryption Standard (DES) for use in automatic teller machines (ATMs), smart cards, online transactions, etc. Our analyses of the AES includes its security against the impossible differential cryptanalysis and the Square attack.

Relevant Publications:

Phan, R. C.-W. & Siddiqi, M. U., (2001). Generalized Impossible Differentials of Advanced Encryption Standard, IEE Electronics Letters 37(14), 896-898.

Phan, R. C.-W., (2002). Classes of Impossible Differentials of Advanced Encryption Standard, IEE Electronics Letters, 38(11), 508-510.

Phan, R. C.-W., (2002). Mini Advanced Encryption Standard (Mini-AES): A Testbed for Cryptanalysis Students, Cryptologia, XXVI(4), 283-306.

Phan, R. C.-W., (2003). Impossible Differential Cryptanalysis of Mini-AES, Cryptologia, XXVII(4).

Phan, R. C.-W., (2003). Cryptanalysis of the Advanced Encryption Standard (AES): 2002 ± 5. in "Techno-Legal Aspects of Information Society and New Economy: an Overview". Eds. A. Mendez-Villaz, et al., Formatex, Spain, pp. 269-276.

Phan, R. C.-W., (2002, July). State-of-the-art in Cryptography: The Advanced Encryption Standard (AES). Proceedings of the 2nd World Engineering Congress (WEC2002), ICT Conference, Kuching, Malaysia, pp. 397-399.

Phan, R. C.-W., (2004). Impossible Differential Cryptanalysis of 7-round Advanced Encryption Standard (AES), Information Processing Letters, Elsevier Science, 91(1), 33-38.

DES Variants

Since the introduction of the Data Encryption Standard (DES) in 1977, many variants have emerged with better security claims. We have analyzed the key schedules of several such variants, including the original DES, variants of the triple-DES and DESX, and their modes of operation.

Relevant Publications:

Phan, R. C.-W. & Furuya, S. (2002, November). Sliding Properties of the DES Key Schedule and Potential Extensions to the Slide Attacks. Proceedings of the International Conference on Information Security & Cryptology (ICISC 2002), Seoul, Korea, Lecture Notes in Computer Science (LNCS), Vol. 2587, Springer-Verlag, pp. 138-148.

Phan, R. C.-W. (2004, February). Related-Key Attacks on Triple-DES and DESX. Proceedings of the RSA Conference - Cryptographers' Track (CT-RSA 2004), San Francisco, U.S.A, Lecture Notes in Computer Science (LNCS), Vol. 2964, Springer-Verlag, pp. 15-24.

Phan, R. C.-W. & Handschuh, H. (2004, September). On Related-Key and Collision Attacks: The Case for the IBM 4758 Cryptoprocessor. Proceedings of the 7th Information Security Conference (ISC 2004), Palo Alto, U.S.A., Lecture Notes in Computer Science (LNCS), Vol. 3225, Springer-Verlag, pp. 111-122.

Digital Watermarking Schemes

Digital watermarking schemes allow owners of copyrighted contents to embed unique watermarks into these contents in order to proof ownership. Further, watermarks that are unique to each buyer (in such cases, the watermarks would be called fingerprints) could be embedded into the copies of these contents sold to buyers, and this will allow for tracing the buyers who illegal distributed their copies. Digital watermarking is a special case of informating hiding, and is also closely related to steganography: the science of hidden messages.

Relevant Publications:

Phan, R. C.-W. & H.-C. Ling (2003, October). Steganalysis of Random LSB Insertion Using Discrete Logarithms Proposed at CITA03. Proceedings of the MMU International Symposium on Information & Communication Technologies (M2USIC 2003), PJ, Malaysia, pp. 56-59.

Goi, B.-M., Phan, R. C.-W., Yang, Y., Bao, F., Deng, R. H. & Siddiqi, M. U., (2004, June). Cryptanalysis of Two Anonymous Buyer-Seller Watermarking Procotols and An Improvement for True Anonymity. Proceedings of the Applied Cryptography & Network Security (ACNS 2004), Yellow Mountain, China, Lecture Notes in Computer Science (LNCS), Vol. 3089, Springer-Verlag, pp. 369-382.

Phan, R. C.-W. & Ling, H.-C. (2004, October). Flaws in Generic Watermark Detection Protocols Based on Zero-Knowledge Proofs. Proceedings of the 3rd International Workshop on Digital Watermarking (IWDW 2004), Seoul, Korea, Lecture Notes in Computer Science (LNCS), Springer-Verlag, to appear.

Then, H.H.P. & Wang, Y.C. (2005, December). Perceiving Digital Watermark Detection as Image Classification Problem using Support Vector Machine. Proceedings of the 4th International Conference of Information Technology in Asia (CITA '05), Kuching, Malaysia, pp.198-206. Best Paper Award.

Then, H.H.P. & Wang, Y.C. (2006, January). Support Vector Machine as Digital Image Watermark Detector. Proceedings of the IS&T SPIE Electronic Imaging (EI '06), San Jose, CA, USA, to appear.

Authentication & Key Establishment Protocols

Protocols are a sequence of steps that need to be taken between two or more parties communicating with each other. Authentication protocols allow parties to verify the authenticity of the other parties while key establishment allows them to agree on secret keys for communicating securely. We have analyzed several of these protocols.

Relevant Publications:

Phan, R. C.-W. (2003, July). Attacks on ATM Authentication Protocols Proposed at WEC2002. Proceedings of the Conference on IT in Asia (CITA 2003), Kuching, Malaysia, pp. 275-277.

Phan, R. C.-W. (2003, October). Collusion Attacks on Secret Keys Multiplication (SKM) Group Re-keying Scheme Proposed at CITA03. Proceedings of the MMU International Symposium on Information & Communication Technologies (M2USIC 2003), PJ, Malaysia, pp. 53-55.

B. M. Goi & Phan, R. C.-W. (2003, October). Attacks on Authentication Protocols for Wireless Networks proposed at M2USIC 2001, and Some Countermeasure. Proceedings of the MMU International Symposium on Information & Communication Technologies (M2USIC 2003), PJ, Malaysia, pp. 49-52.

Phan, R. C.-W. & Goi, B.-M. (2004). Further Attacks and Comments on Security of Two Remote User Authentication Schemes Using Smart Cards, IEEE Transactions on Consumer Electronics, 50(2).

Mohammed, L. A., Ramli, A.R. & Daud, M. (2004, May). Counter Measures against Replay Attacks on ATM Authentication Protocols. Proceedings of the Intelligent Systems and Information Technology Symposium (ISITS), UPM, Malaysia, pp. 92- 97.

Mohammed, L. A., Ramli, A.R. & Daud, M.B. (2004). Strengthening ATM Authentication Protocols. Brunei Darussalam Journal of Technology and Commerce, to appear.

Ang, M.-C. & Phan, R. C.-W. (2004, November). Attacks on Secure SSM Architecture Proposed at ICON 2002. Proceedings of the IEEE International Conference on Networks (ICON 2004), Singapore, IEEE, to appear.

Security of Smart cards, ATMs and Other Financial Systems

We have also analyzed the MyKad and iVEST smart cards, ATM-based protocols and the IBM 4758 cryptoprocessor used with most ATMs.

Relevant Publications:

Phan, R. C.-W. (2003, July). Attacks on ATM Authentication Protocols Proposed at WEC2002. Proceedings of the Conference on IT in Asia (CITA 2003), Kuching, Malaysia, pp. 275-277.

Phan, R. C.-W. & Mohammed, L. A. (2003, September). On the Security and Design Of MyKad. Proceedings of the Asia Pacific Conference on Communication (APCC 2003), Penang, Malaysia, pp. 142-145.

Phan, R. C.-W. & Goi, B.-M. (2004). Further Attacks and Comments on Security of Two Remote User Authentication Schemes Using Smart Cards, IEEE Transactions on Consumer Electronics, 50(2).

Phan, R. C.-W. (2004, June). A Word of Caution to MyKad Application Developers: Attacks on iVEST Client Software. Proceedings of the International on Work With Computing Systems (WWCS 2004), KL, Malaysia.

Mohammed, L. A., Ramli, A.R., Prakash V., & Daud, M. (2004). Smart card Technology - Past, Present, and Future, International Journal of The Computer, The Internet and Management, 12(1), 12-22.

Mohammed, L. A., Ramli, A.R. & Daud, M.B. (2004). Strengthening ATM Authentication Protocols. Brunei Darussalam Journal of Technology and Commerce, to appear.

Phan, R. C.-W. & Handschuh, H. (2004, September). On Related-Key and Collision Attacks: The Case for the IBM 4758 Cryptoprocessor. Proceedings of the 7th Information Security Conference (ISC 2004), Palo Alto, U.S.A., Lecture Notes in Computer Science (LNCS), Vol. 3225, Springer-Verlag, pp. 111-122.

Online Security

When users user web browsers to communicate on the internet with web servers, the security of such online transactions need to be protected. The means to provide online security include the de facto SSL standard by Netscape, Inc, the TLS suite by the IETF.

Relevant Publications:

Phan, R. C.-W., (2003). Security Technologies for Online Transactions. in "Managing e-Businesses in the 21st Century". Eds. S. K. Sharma, J ND Gupta, Heidelberg Press, Australia, pp. 199-212.

Phan, R. C.-W. (2002, October). Towards Secure e-commerce in the Asia Pacific Region. Proceedings of the Asia Pacific Economics & Business (APEB 2002) Conference, Kuching, Malaysia, pp. 635-640.

Mohammed, L. A., Ramli, A. R. & Daud, M. B. (2003, May). Computer Vulnerabilities Trends. Proceedings of the 4^th International Conference on Disaster Management, Langkawi, Malaysia, pp. 98-107.

Mohammed, L. A., Ramli, A.R. & Daud, M. (2004, June). Online Distance Learning - A Guide to Security Modeling Approach. Proceedings of the 7th International Conference on Work With Computing Systems (WWCS 2004), Kuala Lumpur, Malaysia.

Mohammed, L. A., Mering, J. & Ramli, A.R. (2004, June). Security issues in designing Mobile Learning Programs. Proceedings of the 7th International Conference on Management Education 2004, Kuala Lumpur, Malaysia.