Stream Ciphers - RC4. F. Sozzani, G. Bertoni, L. Breveglieri. Foundations of Cryptography - RC4 pp. 1 / 16

Similar documents
Stream Ciphers. Stream Ciphers 1

Double-DES, Triple-DES & Modes of Operation

RC4. Invented by Ron Rivest. A stream cipher Generate keystream byte at a step

Stream ciphers. Lecturers: Mark D. Ryan and David Galindo. Cryptography Slide: 91

Chapter 6 Contemporary Symmetric Ciphers

AN INTEGRATED BLOCK AND STREAM CIPHER APPROACH FOR KEY ENHANCEMENT

Information Security CS526

Introduction to Modern Cryptography. Lecture 2. Symmetric Encryption: Stream & Block Ciphers

Design Of High Performance Rc4 Stream Cipher For Secured Communication

Network Security Essentials

Enhancing Security of Improved RC4 Stream Cipher by Converting into Product Cipher

Information Security CS526

05 - WLAN Encryption and Data Integrity Protocols

page 1 Introduction to Cryptography Benny Pinkas Lecture 3 November 18, 2008 Introduction to Cryptography, Benny Pinkas

Introduction to Cryptography. Lecture 3

PRNGs & DES. Luke Anderson. 16 th March University Of Sydney.

Secret Key Algorithms (DES)

Symmetric Encryption. Thierry Sans

Network Security Essentials Chapter 2

3 Symmetric Key Cryptography 3.1 Block Ciphers Symmetric key strength analysis Electronic Code Book Mode (ECB) Cipher Block Chaining Mode (CBC) Some

Content of this part

Cryptography. Summer Term 2010

Outline. Data Encryption Standard. Symmetric-Key Algorithms. Lecture 4

Cipher Suite Configuration Mode Commands

Chapter 6: Contemporary Symmetric Ciphers

U-II BLOCK CIPHER ALGORITHMS

Partial Image Encryption using RC4 Stream Cipher Approach and Embedded in an Image

Encryption. INST 346, Section 0201 April 3, 2018

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl

Advanced Encryption Standard and Modes of Operation. Foundations of Cryptography - AES pp. 1 / 50

Cryptography. Dr. Michael Schneider Chapter 10: Pseudorandom Bit Generators and Stream Ciphers

SPECIALIZED COPROCESSOR FOR IMPLEME TI G THE RC4 STREAM CIPHER

APNIC elearning: Cryptography Basics

Introduction to Cryptography. Lecture 3

1.264 Lecture 28. Cryptography: Asymmetric keys

Computer Security CS 526

EEC-682/782 Computer Networks I

Cryptography MIS

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

Cryptography and Network Security Chapter 7

How crypto fails in practice? CSS, WEP, MIFARE classic. *Slides borrowed from Vitaly Shmatikov

EEC-484/584 Computer Networks

Winter 2011 Josh Benaloh Brian LaMacchia

Encryption I. An Introduction

Computer Security. 08. Cryptography Part II. Paul Krzyzanowski. Rutgers University. Spring 2018

EEC-682/782 Computer Networks I

Computer Security 3/23/18

Practical Aspects of Modern Cryptography

Secret Key Algorithms (DES) Foundations of Cryptography - Secret Key pp. 1 / 34

Chapter 8. Network Security. Need for Security. An Introduction to Cryptography. Transposition Ciphers One-Time Pads

CIS 4360 Secure Computer Systems Symmetric Cryptography

Computer Security: Principles and Practice

CSC 474/574 Information Systems Security

An Efficient Stream Cipher Using Variable Sizes of Key-Streams

Introduction to Cryptography. Vasil Slavov William Jewell College

Symmetric Key Algorithms. Definition. A symmetric key algorithm is an encryption algorithm where the same key is used for encrypting and decrypting.

GSM Based Navigation of Missile

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Analyzing Wireless Security in Columbia, Missouri

Hash Function. Guido Bertoni Luca Breveglieri. Fundations of Cryptography - hash function pp. 1 / 18

A Class of Weak Keys in the RC4 Stream Cipher Preliminary Draft

CIS 6930/4930 Computer and Network Security. Topic 3.1 Secret Key Cryptography (Cont d)

Cryptography. Historical Encoding. Encryption Media. Intro to Encryption 8/24/2010. COMP620 Information Privacy & Security 1

Introduction to information Security

How many DES keys, on the average, encrypt a particular plaintext block to a particular ciphertext block?

Cryptography and Network Security

Cryptography [Symmetric Encryption]

Princess Nora Bint Abdulrahman University College of computer and information sciences Networks department Networks Security (NET 536)

Lecture 1 Applied Cryptography (Part 1)

Encryption Details COMP620

David Wetherall, with some slides from Radia Perlman s security lectures.

Cryptography Functions

DataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.

Security in IEEE Networks

BLOWFISH ALGORITHM ON ITS OWN CLOUD COMPUTER PERFORMANCE AND IMPLEMENTATION

BCA III Network security and Cryptography Examination-2016 Model Paper 1

Data Encryption Standard (DES)

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

COSC4377. Chapter 8 roadmap

CSE 127: Computer Security Cryptography. Kirill Levchenko

Cryptographic Concepts

Introduction to Cryptography. Lecture 6

Report on Evaluation of Symmetric-Key Cryptographic Techniques

Full Plaintext Recovery Attack on Broadcast RC4

ECE 646 Lecture 8. Modes of operation of block ciphers

6 Block Ciphers. 6.1 Block Ciphers CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

PROTECTING CONVERSATIONS

Wireless Security. Comp Sci 3600 Security. Attacks WEP WPA/WPA2. Authentication Encryption Vulnerabilities

Introduction to Symmetric Cryptography

WAP Security. Helsinki University of Technology S Security of Communication Protocols

CS-435 spring semester Network Technology & Programming Laboratory. Stefanos Papadakis & Manolis Spanakis

Symmetric Cryptography

CSCE 715: Network Systems Security

Cryptography. Submitted to:- Ms Poonam Sharma Faculty, ABS,Manesar. Submitted by:- Hardeep Gaurav Jain

Using block ciphers 1

CS 161 Computer Security. Week of September 11, 2017: Cryptography I

Block Cipher Operation. CS 6313 Fall ASU

Stream Ciphers An Overview

Computer and Data Security. Lecture 3 Block cipher and DES

Summary on Crypto Primitives and Protocols

Transcription:

Stream Ciphers - RC4 F. Sozzani, G. Bertoni, L. Breveglieri Foundations of Cryptography - RC4 pp. 1 / 16

Overview RC4 is a stream cipher using a symmetric key it was developed in 1987 by Ronald Rivest and kept as a trade secret by RSA Data Security on september 9 1994, the RC4 algorithm was anonymously posted through Internet to the Cyperpunks anonymous remailers list since then RC4 is in the public domain Foundations of Cryptography - RC4 pp. 2 / 16

Introduction RC4 has a programmable secret key of length from 1 to 256 bytes and a state table of 256 bytes secret key is used to initialize the state table state table is used to generate a pseudo random sequence of bytes and then a pseudo random stream of bits such bit stream is XORed with the plaintext to produce the ciphertext every element (byte) in the state table is swapped at least once Foundations of Cryptography - RC4 pp. 3 / 16

Introduction the key of RC4 is often limited to 40 bits because of export restrictions currently RC4 is used with a key of 128 bits RC4 may have keys from 1 to 2048 bits some applications of RC4: many commercial software packages: Lotus Notes, MS Office and Oracle Secure SQ. network protocols: SSL, IPSec and WEP copy protection: inside MS XBOX Foundations of Cryptography - RC4 pp. 4 / 16

RC4 Description RC4 consists of two parts: key schedule (to initialize the state table) pseudo random generation, also called even keystream generator and the data path, which is simply the XOR of the data bit stream and the generated pseudo random key stream this is very similar to the structure of a generic symmetric key block cipher Foundations of Cryptography - RC4 pp. 5 / 16

RC4 Key Schedule initialization for i = 0 to 2 n -1 j = 0 S [ i ] = i scrambling for i = 0 to 2 n -1 j = j + S[ i ] + K[ i mod l ] swap (S[ i ], S[ j ]) K= key array l = size of array K (bytes) n = size (expressed as number of bits) of the words of the tables, generally is 8 S[ ] = the state table composed by 2 n words of n bits Foundations of Cryptography - RC4 pp. 6 / 16

RC4 Pseudo Random Generation (PRNG) initialization i = 0 j = 0 generation loop i = i + 1 j = j + S[ i ] swap (S[ i ], S[ j ]) output z = S[ S[ i ] + S[ j ] ] bit stream z is XORED to the data steam Foundations of Cryptography - RC4 pp. 7 / 16

Strenghts difficulty of knowing the state difficulty of knowing which location in the state table is used to select each value in the sequence encryption in software is about 10 times faster than DES Foundations of Cryptography - RC4 pp. 8 / 16

Weaknesses vulnerable to analytic attacks to the state table there are a few theoretical attacks performed on the RC4 algorithm; one of the best known has been developed by Fhlurer, Martin and Shamir there are some weak keys (one every 256 keys may be a weak key): the output encrypted bytes depend on a small number of key bits Foundations of Cryptography - RC4 pp. 9 / 16

RC4 Hygiene Rules the initial 512 bytes of output must be dropped in order to defeat weak key attacks and other attacks related to key schedule since RC4 is used as a one-time-pad one it should never use the same key twice; most protocols use a random IV (Initialization Vector) appended to the secret key; then a hash function (e.g. SHA-1) should be applied so as to defeat related key attacks no more than 2 30.6 bytes should be encrypted with RC4 at a time (longer sequences are not enough pseudo random) to encrypt larger data streams one should preferably use AES in counter mode (AES-CTR), which works like a stream cipher Foundations of Cryptography - RC4 pp. 10 / 16

SW Performances two implementations in C differing as for the word size of the state table S version 1 (word size = 8 bits) version 2 (word size = 32 bits) Pentium 1GHz ARM 926 270 MHz version 1 6.6 MBytes / s 10 MBytes / s version 2 46 MBytes / s 10 MBytes / s Foundations of Cryptography - RC4 pp. 11 / 16

HW Implementations there is not much bibliography about the HW implementation of the RC4 algorithm Most of the time SW is good enough Foundations of Cryptography - RC4 pp. 12 / 16

HW Implementations algorithm is simple and implementation is quite straightforward main drawback is the necessity of a memory to store state table S, which requires a memory of 256 bytes suppose that one memory access plus one addition takes one clock cycle, then the time latency to output an encrypted or decrypted byte is of five clock cycles time necessary to execute the five operations: read S[i], read S[j], write S[i], write S[j] and read S(S[i] + S[j]) Foundations of Cryptography - RC4 pp. 13 / 16

About RC4 on WEP the Wired Equivalent Privacy protocol (WEP) uses the RC4 algorithm for encryption three attacks exist against WEP: wordlist, brute force and statistical analysis statistical analysis is possible due to the clear transmission of the Initialization Vector and of a guessable first byte of plaintext Foundations of Cryptography - RC4 pp. 14 / 16

References 1. R.Rivest http://theory.lcs.mit.edu/~rivest/faq.html 2. Fluhrer, S., Mantin, I. and Shamir, A. Weaknesses in the key scheduling algorithm of RC4 Eighth Annual Workshop on Selected Areas in Cryptography (August 2001) 3. http://www.cs.rice.edu/~astubble/wep/wep_attack.html 4. http://www.rsasecurity.com/rsalabs/technotes/wep.html 5. http://www.rsasecurity.com/rsalabs/technotes/wep-fix.html 6. https://www1.ietf.org/mail-archive/workinggroups/cfrg/current/msg00273.html 7. Matthews, Jr., Donald P. System and method for a fast hardware implementation of RC4 Compaq Computer Corporation, November 23, 1998 US Patent 6,549,622 Foundations of Cryptography - RC4 pp. 15 / 16

References 8. P. Hamalainen, M. Hannikainen, T. Hamalainen, J. Saarinen Hardware Implementation of the Improved WEP and RC4 Encryption Algorithm for Wireless Terminal EUSIPCO 2000, Tampere Finland, pp. 2289-2292, 2000 9. Andrew bunnie Huang, Keeping Secrets in Hardware: the Microsoft Xbox Case Study, CHES2002 Foundations of Cryptography - RC4 pp. 16 / 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback