Security implications of selective encryption

  • Authors:

  • Reine Lundin;Stefan Lindskog

  • Affiliations:

  • Karlstad University, Sweden;Karlstad University, Sweden

  • Venue:
  • Proceedings of the 6th International Workshop on Security Measurements and Metrics
  • Year:
  • 2010

  • Entropy of selectively encrypted strings

    WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication

Quantified Score

Hi-index 0.00

Visualization

Abstract

To be able to perform an analytical and more exact description of security, quantitative security measures are desirable. Two proposed quantitative security measures are entropy and guesswork. When breaking an encrypted message, entropy measures the average number of guesses in an optimal binary search attack, whereas guesswork measures the average number of guesses in an optimal linear search attack. In this paper, we continue to investigate the security implications of a generic selective encryption procedure. That is, how entropy and guesswork changes with the number of encrypted units, i.e., the encryption level. This is done for languages up to the second order by deriving equations for entropy of selectively encrypted messages and then transferring the result to guesswork through an equation relating the two measures. Furthermore, unlike entropy, guesswork does not possess the chain rule, however, through the equation relating entropy and guesswork an equation connecting the different guessworks is derived.