Comparison the insertion attack effects on randomness property of Dragon and Rabbit stream cipher

Abstract

Pseudorandom generator as the heart of security system is a potential target by an adversary to weaken or derail the system performance. One possible active attack on a pseudorandom generator is an insertion attack on a random sequence generated by the pseudo random number generator, in order to reduce or even omit the randomness property of the output sequence. In this paper, authors tried to measure the effect of the insertion attack on stream cipher algorithms, Dragon and Rabbit. The insertion attack performed in five levels of insertion block (32-bit, 64-bit, 128-bit, 256-bit and 512-bit), by inserting 1 bit-through 3-bits in a random manner. The bits inserted are in random form and extreme form. To measure the insertion attack effects, the sequences before and after insertion attack are evaluated by performing statistical distance tests and entropy measures, under the advantage parameter e = 0.0001. From the statistical distance tests, it is found that the insertion attack with random bits does not effect the randomness property of Dragon and Rabbit under advantage of e = 0.0001, but it does under e = 0.00001 by indication that more than 60% the value of maximum statistical distance exceeded 0.0001. Meanwhile, from the entropy difference tests we found that more than 20% the maximum entropy difference has already exceeded the value e = 0.0001, which proved that the insertion attack using random bits does affect the randomness property of Dragon and Rabbit extreme under advantage e = 0.0001. On the other hand, it was shown that the insertion attack using extreme bits affects the randomness property of Dragon and Rabbit significantly under advantage of e = 0.0001 where more than 95% the test values exceeded the advantage value. This results proved that the insertion attack is a potential treats that should not be disobeyed.