Security Problems with Improper Implementations of Improved FEA-M

TL;DR

This paper identifies security vulnerabilities in improperly implemented versions of the FEA-M encryption algorithm, demonstrating that certain attacks can compromise the secret key if the pseudo-random process is tampered with.

Contribution

It reveals implementation-dependent differential attacks on FEA-M and highlights security issues related to session key selection, emphasizing the need for careful implementation.

Findings

Differential chosen-plaintext attack can reveal the secret key.

Implementation-dependent attacks are highly efficient, requiring only O(n^2) bits.

Security problems related to session key selection are identified.

Abstract

This paper reports security problems with improper implementations of an improved version of FEA-M (fast encryption algorithm for multimedia). It is found that an implementation-dependent differential chosen-plaintext attack or its chosen-ciphertext counterpart can reveal the secret key of the cryptosystem, if the involved (pseudo-)random process can be tampered (for example, through a public time service). The implementation-dependent differential attack is very efficient in complexity and needs only $O(n^2)$ chosen plaintext or ciphertext bits. In addition, this paper also points out a minor security problem with the selection of the session key. In real implementations of the cryptosystem, these security problems should be carefully avoided, or the cryptosystem has to be further enhanced to work under such weak implementations.