On the security of the WinRAR encryption feature

@article{Yeo2006OnTS,
  title={On the security of the WinRAR encryption feature},
  author={Gary S.-W. Yeo and Raphael C.-W. Phan},
  journal={International Journal of Information Security},
  year={2006},
  volume={5},
  pages={115-123}
}
  • Gary S.-W. Yeo, R. Phan
  • Published 1 April 2006
  • Computer Science
  • International Journal of Information Security
Originally written to provide the file compression feature, computer software such as WinRAR and WinZip now also provide encryption features due to the rising need for security and privacy protection of files within a computer system or for sharing within a network. However, since compression has been much in use well before users saw the need for security, most are more familiar with compression software than they are with security ones. Therefore, encryption-enabled compression software such… Expand
A Method to Ensure the Confidentiality of the Compressed Data
TLDR
This study investigates the secure compression solutions, and proposes a practical method to keep contents of the compressed data hidden, based on the Burrows–Wheeler transform, which is an elegant alternative to the standard encryption approaches with the advantage of supporting the compressed pattern matching, while still pertaining the confidentiality. Expand
A New Compression Scheme for Secure Transmission
TLDR
A novel algorithm, the new compression with encryption and compression (CEC), is proposed to secure and compress the data and provides more confidentiality and authentication between two communication systems. Expand
The weakness of WinRAR encrypted archives to compression side-channel attacks
Arthur-Durett, Kristine MS, Purdue University, December 2014. The weakness of WinRAR encrypted archives to compression side-channel attacks. Major Professor: Eugene Spafford. This paper explores theExpand
On scrambling the Burrows-Wheeler transform to provide privacy in lossless compression
TLDR
This study investigates methods to provide privacy in BWT by using a randomly selected permutation of the input symbols as the lexicographical order, and unifying compression and security in a single step instead of the two-level compress-then-encrypt paradigm. Expand
Secure Compression and Pattern Matching Based on Burrows-Wheeler Transform
TLDR
This paper provides the first solution based on Burrows-Wheeler Transform (BWT) to solve the problem of secure searchable compressed data structures and shows that the scheme is secure under a new security definition, called isomophism-restricted IND-CPA security. Expand
Implementation Of Huffman Bigram Compression Algorithm In .Txt Extension Files
TLDR
Huffman bigram algorithm can compress the size of file extension .txt become smaller than the previous size, more the number of the same pairs of characters in a file then the compression process will be maximized. Expand
Mathematical modeling of the propagation of malware: a review
  • Á. M. Rey
  • Computer Science
  • Secur. Commun. Networks
  • 2015
TLDR
A critical review of the mathematical models proposed to date to simulate malware propagation in a network of computers or mobile devices to determine the deficits and possible alternatives for improving them is offered. Expand
A Method to Ensure the Confidentiality of the Compressed Data
  • M. O. Kulekci
  • Computer Science
  • 2011 First International Conference on Data Compression, Communications and Processing
  • 2011
TLDR
This study investigates the secure compression solutions, and proposes a practical method to keep contents of the compressed data hidden, based on the Burrows -- Wheeler transform ({BWT}) such that a randomly selected permutation of the input symbols are used as the lexicographical ordering during the construction. Expand

References

SHOWING 1-10 OF 12 REFERENCES
Analysis of the WinZip encryption method
  • T. Kohno
  • Computer Science
  • IACR Cryptol. ePrint Arch.
  • 2004
TLDR
Several attacks against WinZip’s new encryption method, dubbed “AE-2" or “Advanced Encryption, version two” are exhibited, which further underscore the subtlety of designing cryptographically secure software. Expand
Attacking and repairing the winZip encryption scheme
TLDR
Several attacks against WinZip's new encryption method, dubbed "AE-2" or "Advanced Encryption, version two," are exhibited, which further underscore the subtlety of designing cryptographically secure software. Expand
Compression and Information Leakage of Plaintext
TLDR
This paper describes a somewhat different kind of side-channel provided by data compression algorithms, yielding information about their inputs by the size of their outputs, and discusses ways to use this apparently very small leak of information in surprisingly powerful ways. Expand
Security engineering - a guide to building dependable distributed systems (2. ed.)
TLDR
In almost 600 pages of riveting detail, Ross Anderson warns us not to be seduced by the latest defensive technologies, never to underestimate human ingenuity, and always use common sense in defending valuables. Expand
Authenticated Encryption: Relations among Notions and Analysis of the Generic Composition Paradigm
TLDR
This work considers two possible notions of authenticity for authenticated encryption schemes, namely integrity of plaintexts and integrity of ciphertexts, and relates them to the standard notions of privacy IND-CCA and NM-CPA by presenting implications and separations between all notions considered. Expand
ZIP Attacks with Reduced Known Plaintext
TLDR
For the most popular zippers on the Internet, there is a fast attack that does not require any information about the files in the archive; instead, it gets doubly-encrypted plaintext by exploiting a weakness in the pseudorandom-number generator. Expand
Fast Verification of Hash Chains
TLDR
This work presents a method to speed up the verification of a hash chain by outputting some extra information in addition to the chain’s end value x n, and shows lower bounds for the length of this extra information. Expand
A Known Plaintext Attack on the PKZIP Stream Cipher
TLDR
The PKZIP program is one of the more widely used archive/ compression programs on personal computers, and is used by most BBS's and ftp sites to compress their archives. Expand
A Specification for Rijndael, the AES Algorithm
TLDR
The input, the output and the cipher key for Rijndael are each bit sequences containing 128, 192 or 256 bits with the constraint that the input and output sequences have the same length. Expand
Protocol Interactions and the Chosen Protocol Attack
TLDR
This paper presents a new attack, called the chosen protocol attack, in which an attacker may write a new protocol using the same key material as a target protocol, which is individually very strong, but which interacts with the target protocol in a security-relevant way. Expand
...
1
2
...