Scribd
Upload
70 views28 pages

5 Modern Stream Ciphers

Uploaded by

joeonlinepurchasing
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
70 views28 pages

5 Modern Stream Ciphers

Uploaded by

joeonlinepurchasing
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 28

MODERN STREAM CIPHERS

In a modern stream cipher, encryption and decryption


are done r bits at a time. We have a plaintext bit stream
P = pn…p2 p1, a ciphertext bit stream
C = cn…c2 c1, and a key bit stream K = kn…k2 k1, in
which pi , ci , and ki are r-bit words.

Topics discussed in this section:


• Synchronous Stream Ciphers
• Nonsynchronous Stream Ciphers

5.1
Continued
Figure 5.20 Stream cipher

Note
In a modern stream cipher, each r-bit word in the
plaintext stream is enciphered using an r-bit word
in the key stream to create the corresponding r-bit
word in the ciphertext stream.
5.2
Synchronous Stream Ciphers

Note
In a synchronous stream cipher the key is
independent of the plaintext or ciphertext.

Figure 5.22 One-time pad

5.3
Continued
Example 5.17
What is the pattern in the ciphertext of a one-time pad cipher
in each of the following cases?
a. The plaintext is made of n 0’s.
b. The plaintext is made of n 1’s.
c. The plaintext is made of alternating 0’s and 1’s.
d. The plaintext is a random string of bits.

Solution
a. Because 0  ki = ki , the ciphertext stream is the same as
the key stream. If the key stream is random, the
ciphertext is also random. The patterns in the plaintext
are not preserved in the ciphertext.
5.4
Continued
Example 5.7 (Continued)

b. Because 1  ki = ki where ki is the complement of ki , the


ciphertext stream is the complement of the key stream. If
the key stream is random, the ciphertext is also random.
Again the patterns in the plaintext are not preserved in
the ciphertext.
c. In this case, each bit in the ciphertext stream is either the
same as the corresponding bit in the key stream or the
complement of it. Therefore, the result is also a random
string if the key stream is random.
d. In this case, the ciphertext is definitely random because
the exclusive-or of two random bits results in a random
bit.

5.5
Nonsynchronous Stream Ciphers

In a nonsynchronous stream cipher, each key in the key


stream depends on previous plaintext or ciphertext.

Note
In a nonsynchronous stream cipher, the key
depends on either the plaintext or ciphertext.

5.6
Stream Ciphers
Stream Ciphers
➢ process message bit by bit (as a stream)
➢ have a pseudo random keystream
➢ combined (XOR) with plaintext bit by bit
➢ randomness of stream key completely
destroys statistically properties in message
⚫ Ci = Mi XOR StreamKeyi
➢ but must never reuse stream key
⚫ otherwise can recover messages (cf book
cipher)
Stream Cipher Structure
Stream Cipher Properties
➢ some design considerations are:
⚫ long period with no repetitions
⚫ statistically random
⚫ depends on large enough key
⚫ large linear complexity
➢ properly designed, can be as secure as a
block cipher with same size key
➢ but usually simpler & faster
RC4
➢ a proprietary cipher owned by RSA DSI
➢ another Ron Rivest design, simple but effective
➢ variable key size, byte-oriented stream cipher
➢ widely used (web SSL/TLS, wireless WEP)
➢ key forms random permutation of all 8-bit values
➢ uses that permutation to scramble input info
processed a byte at a time
RC4 Key Schedule
➢ startswith an array S of numbers: 0..255
➢ use key to well and truly shuffle
➢ S forms internal state of the cipher

for i = 0 to 255 do
S[i] = i
T[i] = K[i mod keylen])
j = 0
for i = 0 to 255 do
j = (j + S[i] + T[i]) (mod 256)
swap (S[i], S[j])
RC4 Encryption
➢ encryption continues shuffling array values
➢ sum of shuffled pair selects "stream key"
value from permutation
➢ XOR S[t] with next byte of message to
en/decrypt
i = j = 0
for each message byte Mi
i = (i + 1) (mod 256)
j = (j + S[i]) (mod 256)
swap(S[i], S[j])
t = (S[i] + S[j]) (mod 256)
Ci = Mi XOR S[t]
RC4 Overview
RC4 Security
➢ claimed secure against known attacks
⚫ have some analyses, none practical
➢ resultis very non-linear
➢ since RC4 is a stream cipher, must never
reuse a key
➢ have a concern with WEP, but due to key
handling rather than RC4 itself
Confidentiality Using
Symmetric Encryption
Confidentiality using Symmetric
Encryption
➢ traditionally
symmetric encryption is used
to provide message confidentiality
Placement of Encryption

➢ have two major placement alternatives


➢ link encryption
⚫ encryption occurs independently on every link
⚫ implies must decrypt traffic between links
⚫ requires many devices, but paired keys
➢ end-to-end encryption
⚫ encryption occurs between original source
and final destination
⚫ need devices at each end with shared keys
Placement of Encryption
Placement of Encryption

➢ when using end-to-end encryption must


leave headers in clear
⚫ so network can correctly route information
➢ hence although contents protected, traffic
pattern flows are not
➢ ideally want both at once
⚫ end-to-end protects data contents over entire
path and provides authentication
⚫ link protects traffic flows from monitoring
Placement of Encryption
➢ canplace encryption function at various
layers in OSI Reference Model
⚫ link encryption occurs at layers 1 or 2
⚫ end-to-end can occur at layers 3, 4, 6, 7
⚫ as move higher less information is encrypted
but it is more secure though more complex
with more entities and keys
Encryption vs Protocol Level
Traffic Analysis
➢ ismonitoring of communications flows
between parties
⚫ useful both in military & commercial spheres
⚫ can also be used to create a covert channel
➢ link encryption obscures header details
⚫ but overall traffic volumes in networks and at
end-points is still visible
➢ traffic padding can further obscure flows
⚫ but at cost of continuous traffic
Key Distribution
➢ symmetric schemes require both parties to
share a common secret key
➢ issue is how to securely distribute this key
➢ often secure system failure due to a break
in the key distribution scheme
Key Distribution
➢ given parties A and B have various key
distribution alternatives:
1. A can select key and physically deliver to B
2. third party can select & deliver key to A & B
3. if A & B have communicated previously can
use previous key to encrypt a new key
4. if A & B have secure communications with a
third party C, C can relay key between A & B
Key Hierarchy
➢ typically
have a hierarchy of keys
➢ session key
⚫ temporary key
⚫ used for encryption of data between users
⚫ for one logical session then discarded
➢ master key
⚫ used to encrypt session keys
⚫ shared by user & key distribution center
Key Distribution Scenario
Key Distribution Issues
➢ hierarchies of KDC’s required for large
networks, but must trust each other
➢ session key lifetimes should be limited for
greater security
➢ use of automatic key distribution on behalf
of users, but must trust system
➢ use of decentralized key distribution
➢ controlling key usage

You might also like