nach oben

Wireless Personal Communications

Erschienen in:

17.08.2016

Optimization of the Security-Performance Tradeoff in RC4 Encryption Algorithm

verfasst von: Poonam Jindal, Brahmjit Singh

Erschienen in: Wireless Personal Communications | Ausgabe 3/2017

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

In this paper, we have investigated different vulnerabilities in RC4 and its enhanced variants to overcome the security attacks. It is established that in spite of several proposals, RC4 is not secure enough and a trade-off is always sought between security and network performance for overall provisioning of the secure communication. The main goal of the work presented in this paper is the optimization of security-performance tradeoff. We have proposed three RC4 variants referred to as RC4-M1, RC4-M2 and RC4-M3. Security of the proposed schemes is analyzed in terms of randomness and computational complexity. All the proposed variants qualify the NIST statistical test suite of randomness satisfactorily. The proposed schemes also offer computational complexity in terms of greater number of operations relative to the existing variants. The strength of the proposed schemes has been analyzed against different cryptanalytic attempts and shown the resistance of proposed schemes against attacks. The security-performance tradeoff has been analyzed in terms of run time, CPU cycles consumed, energy cost, and throughput. Encryption time of the proposed schemes—RC4-M1, RC4-M2 and RC4-M3 is 30.1, 10 and 48.7 % less as compared to RC4+ respectively. The results clearly indicate that the computation load of the proposed variants is significantly reduced as compared to the RC4+, concluding that the proposed schemes are computationally efficient. Our results and their analysis also recognize the suitability of the security algorithms for particular application areas.

Vorheriger Artikel Bee System Based Base Station Cooperation Technique for Mobile Cellular Networks

Nächster Artikel Road Aware Geographical Routing Protocol Coupled with Distance, Direction and Traffic Density Metrics for Urban Vehicular Ad Hoc Networks

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Menezes, A. J., van Oorschot, P. C., & Vanstone, S. A. (1996). Hand-book of applied cryptography (2011th ed.). Boca Raton: CRC Press (fifth printing).CrossRef

Stinson, D. R. (1995). Cryptography: Theory and practice (2005th ed.). Boca Raton: CRC Press.MATH

Biryukov, A., Shamir, A., & Wagner, D. (2000). Real time cryptanalysis of A5/1 on a PC. In B. Schneier (Ed.), FSE, volume 1978 of lecture notes in computer science (pp. 1–18). New York: Springer.

Bluetooth, T. M. (2010). Bluetooth specification, v4.0. E0 encryption algorithm described in volume 2, pp. 1072–1081. http://www.bluetooth.org.

Briceno, M., Goldberg, I., & Wagner, D. (1998). A pedagogical implementation of the GSM A5/1 and A5/2 “voice privacy” encryption algorithms. http://www.scard.org/gsm/a51.html.

Third Generation Partnership Project. (2006). Specification of the 3GPP confidentiality and integrity algorithms UEA2 & UIA2. ETSI/SAGE Specification Document 2: SNOW 3G Specification, v1.1, pp. 1–27. ESTI/SAGE Specifications.

ECRYPT Stream Cipher Project eSTREAM. The current eSTREAM portfolio. http://www.ecrypt.eu.org/stream/index.html.

ECRYPT Stream Cipher Project eSTREAM. Software performance results from the eSTREAM project. http://www.ecrypt.eu.org/stream/perf/#results.

Rivest, R. L. (2001). RSA security response to weaknesses in key scheduling algorithm of RC4. Technical note, RSA Data Security, Inc.

10.

Nawaz, Y., Gupta, K. C., & Gong, G. (2005). A 32-bit RC4-like keystream generator. IACR Cryptology ePrint Archive, 2005, 175.MATH

11.

Biham, E., & Seberry, J. (2006). Pypy: Another version of Py. eSTREAM, ECRYPT Stream Cipher Project, Report, 38, 2006.

12.

Biham, E., & Seberry, J. (2007). Tweaking the IV setup of the Py family of stream ciphers—The ciphers TPy, TPypy, and TPy6. http://www.cs.technion.ac.il/biham/. Accessed 25 Jan 2007. 2, 4.

13.

Rukhin, A., Soto, J., Nechvatal, J., Smid, M., & Barker, E. (2001). A statistical test suite for random and pseudorandom number generators for cryptographic applications. Mclean: Booz-Allen and Hamilton Inc Mclean Va.

14.

Maitra, S., & Paul, G. (2008). Analysis of RC4 and proposal of additional layers for better security margin. In D. R. Chowdhury, V. Rijmen, A. Das (Eds.), Progress in cryptology INDOCRYPT 2008 (pp. 27–39). Springer: Berlin.CrossRef

15.

Jindal, P., & Singh, B. (2015). RC4 encryption-A literature survey. Procedia Computer Science, 46, 697–705.CrossRef

16.

Roos, A. (1995). A class of weak keys in the RC4 stream cipher. Two posts in sci.crypt, message-id 43u1eh$1j3@hermes.is.co.za and 44ebge$llf@hermes.is.co.za, http://www.impic.org/papers/WeakKeys-report.pdf.

17.

Paul, G., Rathi, S., & Maitra, S. (2008). On non-negligible bias of the first output byte of RC4 towards the first three bytes of the secret key. Designs, Codes and Cryptography, 49(1–3), 123–134 (initial version in proceedings of WCC 2007).MathSciNetCrossRefMATH

18.

Wagner, D. A. (1995). My RC4 weak keys. Post in sci.crypt, messageid 447o1 l$cbj@cnn.Princeton.EDU. http://www.cs.berkeley.edu/~daw/my-posts/my-rc4-weak-keys.

19.

Grosul, A. L., & Wallach, D. S. (2000). A related-key cryptanalysis of RC4. Technical Report TR-00-358, Department of Computer Science, Rice University.

20.

Biham, E., & Dunkelman, O. (2007). Differential cryptanalysis in stream ciphers. IACR Cryptology ePrint Archive, 2007, 218.

21.

Matsui, M. (2009). Key collisions of the RC4 stream cipher. In O. Dunkelman (Ed.), FSE, volume 5665 of lecture notes in computer science (pp. 38–50). New York: Springer.

22.

Chen, J., & Miyaji, A. (2011). How to find short RC4 colliding key pairs. In X. Lai, J. Zhou, & H. Li (Eds.), ISC volume 7001 of lecture notes in computer science (pp. 32–46). Springer: New York.

23.

Maitra, S., Paul, G., Sarkar, S., Lehmann, M., & Meier, W. (2013). New results on generalization of roostype biases and related keystreams of RC4. In A. Youssef, A. Nitaj, & A. E. Hassanien (Eds.), AFRICACRYPT, volume 7918 of lecture notes in computer science (pp. 222–239). New York: Springer.

24.

Paul, G., & Maitra, S. (2007). Permutation after RC4 key scheduling reveals the secret key. In C. M. Adams, A. Miri, & BIBLIOGRAPHY M. J. Wiener (Eds.), Selected areas in cryptography, volume 4876 of lecture notes in computer science, (pp. 360–377). Springer.

25.

Biham, E., & Carmeli, Y. (2008). Efficient reconstruction of RC4 keys from internal states. In K. Nyberg (Ed.), FSE, volume 5086 of lecture notes in computer science (pp. 270–288). New York: Springer.

26.

Akgün, M., Kavak, P., & Demirci, H. (2008). New results on the key scheduling algorithm of RC4. In D. Chowdhury, V. Rijmen, & A. Das (Eds.), INDOCRYPT, volume 5365 of lecture notes in computer science (pp. 40–52). New York: Springer.

27.

Khazaei, S., & Meier, W. (2008). On reconstruction of RC4 keys from internal states. In J. Calmet, W. Geiselmann, & J. Müller-Quade (Eds.), MMICS, volume 5393 of lecture notes in computer science (pp. 179–189). New York: Springer.

28.

Basu, R., Maitra, S., Paul, G., & Talukdar, T. (2009). On some sequences of the secret pseudo-random index j in RC4 key scheduling. In M. Bras-Amorós & T. Høholdt (Eds.), AAECC, volume 5527 of lecture notes in computer science (pp. 137–148). New York: Springer.

29.

Fluhrer, S. R., Mantin, I., & Shamir, A. (2001). Weaknesses in the key scheduling algorithm of RC4. In S. Vaudenay & A. M. Youssef (Eds.), Selected areas in cryptography, volume 2259 of lecture notes in computer science (pp. 1–24). New York: Springer.

30.

Korek. (2004). Need security pointers. http://www.netstumbler.org/showthread.php?postid=89036#pos%t89036.

31.

Korek. (2004). Next generation of WEP attacks? http://www.netstumbler.org/showpost.php?p=93942&postcount=%35.

32.

Mantin, I. (2005). A practical attack on the fixed RC4 in the WEP mode. In B. K. Roy (Ed.), ASIACRYPT, volume 3788 of lecture notes in computer science (pp. 395–411). New York: Springer.

33.

Klein, A. (2008). Attacks on the RC4 stream cipher. Designs, Codes and Cryptography, 48(3), 269–286 (published online in 2006, and accepted in WCC 2007 workshop).MathSciNetCrossRefMATH

34.

Tews, E., Weinmann, R.-P., & Pyshkin, A. (2007). Breaking 104 bit WEP in less than 60 seconds. In S. Kim, M. Yung, & H.-W. Lee (Eds.), WISA, volume 4867 of lecture notes in computer science (pp. 188–202). New York: Springer.

35.

Vaudenay, S., & Vuagnoux, M. (2007). Passive-only key recovery attacks on RC4. In C. M. Adams, A. Miri, & M. J. Wiener (Eds.), Selected areas in cryptography, volume 4876 of lecture notes in computer science (pp. 344–359). New York: Springer.

36.

Tews, E., & Beck, M. (2009). Practical attacks against WEP and WPA. In D. A. Basin, S. Capkun, & W. Lee (Eds.), WISEC (pp. 79–86). New york: ACM.CrossRef

37.

Sepehrdad, P. (2012). Statistical and algebraic cryptanalysis of lightweight and ultra-lightweight symmetric primitives. Ph.D. thesis No. 5415, École Polytechnique Fédérale de Lausanne (EPFL). http://lasecwww.epfl.ch/~sepehrdad/Pouyan_Sepehrdad_PhD_Thesis.pdf.

38.

Sepehrdad, P., Vaudenay, S., & Vuagnoux, M. (2010). Discovery and exploitation of new biases in RC4. In A. Biryukov, G. Gong, & D. R. Stinson (Eds.), Selected areas in cryptography, volume 6544 of lecture notes in computer science (pp. 74–91). New York: Springer.

39.

Sepehrdad, P., Vaudenay, S., & Vuagnoux, M. (2011). Statistical attack on RC4—Distinguishing WPA. In K. G. Paterson (Ed.), EUROCRYPT, volume 6632 of lecture notes in computer science (pp. 343–363). New York: Springer.

40.

Sepehrdad, P., Sušil, P., Vaudenay, S., & Vuagnoux, M. (2013). Smashing WEP in a passive attack. In S. Morial (Ed.), Internaional Workshop on Fast Software Encryption (pp. 155–178). Berlin: Springer.

41.

Knudsen, L. R., Meier, W., Preneel, B., Rijmen, V., & Verdoolaege, S. (1998). Analysis methods for (alleged) RC4. In K. Ohta & D. Pei (Eds.), ASIACRYPT, volume 1514 of lecture notes in computer science (pp. 327–341). New York: Springer.

42.

Mister, S., & Tavares, S. E. (1998). Cryptanalysis of RC4-like ciphers. In S. E. Tavares & H. Meijer (Eds.), Selected areas in cryptography, volume 1556 of lecture notes in computer science (pp. 131–143). New York: Springer.

43.

Golic, J. D. (2000). Iterative probabilistic cryptanalysis of RC4 keystream generator. In E. Dawson, A. Clark, & C. Boyd (Eds.), ACISP, volume 1841 of lecture notes in computer science (pp. 220–233). New York: Springer.

44.

Shiraishi, Y., Ohigashi, T., & Morii, M. (2003). An improved internal-state reconstruction method of a stream cipher RC4. In M. H. Hamza (Ed.), Proceedings of Communication, Network, and Information security, Track 440–088, Newyork, USA, December 10–12, (pp.440–488). Canada: ACTA press.

45.

Tomasevic, V., Bojanic, S., & Nieto-Taladriz, O. (2007). Finding an internal state of RC4 stream cipher. Information Sciences, 177(7), 1715–1727.MathSciNetCrossRefMATH

46.

Maximov, A., & Khovratovich, D. (2008). New state recovery attack on RC4. In D. Wagner (Ed.), CRYPTO, volume 5157 of lecture notes in computer science (pp. 297–316). New York: Springer.

47.

Golic, J. D., & Morgari, G. (2008). Iterative probabilistic reconstruction of RC4 internal states. IACR Cryptology ePrint Archive, 2008, 348.

48.

Gupta, S. S., Maitra, S., Paul, G., & Sarkar, S. (2011). Proof of empirical RC4 biases and new key correlations. In A. Miri & S. Vaudenay (Eds.), Selected areas in cryptography, volume 7118 of lecture notes in computer science (pp. 151–168). New York: Springer.

49.

Gupta, S. S., Maitra, S., Paul, G., & Sarkar, S. (2014). (Non-) Random Sequences from (Non-) Random Permutations—Analysis of RC4 stream cipher. Journal of Cryptology, 27(1), 67–108.CrossRefMATH

50.

Isobe, T., Ohigashi, T., Watanabe, Y., & Morii, M. (2013). Full plaintext recovery attack on broadcast RC4. In Proceedings of the 20th international workshop on fast software encryption (FSE 2013).

51.

Sarkar, S., Gupta, S. S., Paul, G., & Maitra, S. (2013). Proving TLS-attack related open biases of RC4. IACR Cryptology ePrint Archive, 2013, 502.MATH

52.

Jenkins Jr, R. J. (1996). ISAAC and RC4. http://burtleburtle.net/bob/rand/isaac.html.

53.

Mantin, I., & Shamir, A. (2001). A practical attack on broadcast RC4. In M. Matsui (Ed.), FSE, volume 2355 of lecture notes in computer science (pp. 152–164). New York: Springer.

54.

Mantin, I. (2001). Analysis of the stream cipher RC4. Master’s thesis, The Weizmann Institute of Science, Israel. www.wisdom.weizmann.ac.il/~itsik/RC4/RC4.html.

55.

Paul, G., Maitra, S., & Srivastava, R. (2007). On non-randomness of the permutation after RC4 key scheduling. In S. Boztas & H. F. Lu (Eds.), AAECC, volume 4851 of lecture notes in computer science (pp. 100–109). New York: Springer.

56.

Sarkar, S. (2015). Further non-randomness in RC4, RC4A and VMPC. Cryptography and Communications, 7(3), 317–330.MathSciNetCrossRefMATH

57.

Maitra, S., Paul, G., & Gupta, S. S. (2011). Attack on broadcast RC4 revisited. In A. Joux (Ed.), FSE, volume 6733 of lecture notes in computer science (pp. 199–217). New York: Springer.

58.

AlFardan, N., Bernstein, D., Paterson, K. G., Poettering, B., & Schuldt, J. C. N. (2013). On the security of RC4 in TLS. In USENIX security symposium. Presented at FSE 2013 as an invited talk [14] by Dan Bernstein. Full version of the research paper and relevant results are available online at http://www.isg.rhul.ac.uk/tls/.

59.

Golic, J. D. (1997). Linear statistical weakness of alleged RC4 keystream generator. In W. Fumy (Ed.), EUROCRYPT, volume 1233 of lecture notes in computer science (pp. 226–238). New York: Springer.

60.

Fluhrer, S. R., & McGrew, D. A. (2000). Statistical analysis of the alleged RC4 keystream generator. In B. Schneier (Ed.), FSE, volume 1978 of lecture notes in computer science (pp. 19–30). New York: Springer.

61.

Mantin, I. (2005). Predicting and distinguishing attacks on RC4 keystream generator. In R. Cramer (Ed.), EUROCRYPT, volume 3494 of lecture notes in computer science (pp. 491–506). New York: Springer.

62.

Basu, Riddhipratim, Ganguly, Shirshendu, Maitra, Subhamoy, & Paul, Goutam. (2008). A complete characterization of the evolution of RC4 pseudo random generation algorithm. Journal of Mathematical Cryptology, 2(3), 257–289.MathSciNetCrossRefMATH

63.

Jindal, P., & Singh, B. (2015). A survey on RC4 stream cipher. Journal of Computer Network and Information Security, 2015(7), 37–45.CrossRef

64.

Gong, G., Gupta, K. C., Hell, M., & Nawaz, Y. (2005). Towards a general RC4-like keystream generator. In D. Feng, D. Lin, M. Yung (Eds.), Information security and cryptology (pp. 162–174). Springer: Berlin.CrossRef

65.

Orumiehchiha, M. A., Pieprzyk, J., Shakour, E., & Steinfeld, R. (2013). Cryptanalysis of RC4 (n, m) Stream Cipher. In Proceedings of the 6th international conference on security of information and networks, (pp. 165–172). ACM.

66.

Xie, J., & Pan, X. (2010). An improved RC4 stream cipher. In 2010 International conference on computer application and system modeling (ICCASM), (Vol. 7, pp. V7–156). IEEE.

67.

Paul, G., Maitra, S., & Chattopadhyay, A. (2013). Quad-RC4: Merging Four RC4 States towards a 32-bit stream cipher. IACR Cryptology ePrint Archive, 2013, 572.

68.

Kherad, F. J., Naji, H. R., Malakooti, M. V., & Haghighat, P. (2010). A new symmetric cryptography algorithm to secure e-commerce transactions. In 2010 International conference on financial theory and engineering (ICFTE), (pp. 234–237). IEEE.

69.

Weerasinghe, T. D. B. (2014). An effective RC4 stream cipher. IACR Cryptology ePrint Archive, 2014, 171.

70.

Jindal, P., & Singh, B. (2014). Performance analysis of modified RC4 encryption algorithm. In Recent advances and innovations in engineering (ICRAIE), (pp. 1–5). IEEE.

71.

Lv, J., Zhang, B., & Lin, D. (2013). Distinguishing attacks on RC4 and a new improvement of the cipher. IACR Cryptology ePrint Archive, 2013, 176.

72.

Khine, L. L. (2009). A new variant of RC4 stream cipher. World Academy of Science, Engineering and Technology, 50, 958–961.

73.

Naik, K., & Wei, D. S. (2001). Software implementation strategies for power-conscious systems. Mobile Networks and Applications, 6(3), 291–305.CrossRefMATH

74.

Farkas, K., Wellnitz, O., Dick, M., Gu, X., Busse, M., Effelsberg, W., et al. (2006). Realtime service provisioning for mobile and wireless networks. Computer Communications, 29(5), 540–550.CrossRef

75.

Jindal, P., & Singh, B. (2015). Experimental study to analyze the security performance in wireless LANs. Wireless Personal Communications, 83(3), 2085–2131.CrossRef

Titel: Optimization of the Security-Performance Tradeoff in RC4 Encryption Algorithm
verfasst von: Poonam Jindal
Brahmjit Singh
Publikationsdatum: 17.08.2016
Verlag: Springer US
Erschienen in: Wireless Personal Communications / Ausgabe 3/2017
Print ISSN: 0929-6212
Elektronische ISSN: 1572-834X
DOI: https://doi.org/10.1007/s11277-016-3603-3

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Springer Professional "Wirtschaft"

Weitere Artikel der Ausgabe 3/2017

Improving Web Performance in Home Broadband Access Networks

End-to-End Link Reliable Energy Efficient Multipath Routing for Mobile Ad Hoc Networks

Bee System Based Base Station Cooperation Technique for Mobile Cellular Networks

The Implications of Cognitive Femtocell Based Spectrum Allocation Over Macrocell Networks

New CRLH-Based Planar Slotted Antennas with Helical Inductors for Wireless Communication Systems, RF-Circuits and Microwave Devices at UHF–SHF Bands

An Extended-AMATA Indoor Propagation Model for GSM 900/1800 MHz and Wi-Fi 2.4 GHz Frequencies