140 likes | 373 Views
NETW 05A: APPLIED WIRELESS SECURITY Encryption. By Mohammad Shanehsaz Spring 2005. Objectives. Differentiate between the following encryption schemes in terms of efficiency and security RC4 RC5 DES/3DES AES (FIPS 197). RC4. Developed by Ron Rivest of RSA Security
E N D
NETW 05A: APPLIED WIRELESS SECURITY Encryption By Mohammad Shanehsaz Spring 2005
Objectives • Differentiate between the following encryption schemes in terms of efficiency and security • RC4 • RC5 • DES/3DES • AES (FIPS 197)
RC4 • Developed by Ron Rivest of RSA Security • Variable length stream cipher • Used in WEP, TKIP, MPPE, SSL, TLS and many other security protocols • Fast and efficient • The RC4 algorithm is capable of key lengths of up to 256 bits, and is typically implemented in 64 bits, 128 bits, and 256 • Considered moderately secure
RC4 • A stream cipher generates what is called a keystream a sequence of bits used as a key • The generation of the keystream can be synchronous - independent of the plaintext and ciphertext (most common stream cipher design), or it can be self-synchronizing -depend on the data and its encryption • Encryption is accomplished by combining the keystream with the plaintext, usually with bitwise XOR operation
RC5 • Developed in 1994 by Ron Rivest of RSA security • It is a block cipher • Developed for use in software • It is used in applications such as Citrix Secure ICA (a technology that provides the foundation for turning any client device thin or fat into a very thin client) • RC5 has variable block size (32 bits, 64 bits and 128 bits), variable key size (ranges from 0 bits to 2040 bits) and a variable number of rounds (0 to 255)
RC5 • There are three routines in RC5: • key expansion, • encryption, and • decryption • In key-expansion, the user-provided secret key is expanded to fill a key table whose size depends on the number of rounds • Key table is used in both encryption & decryption • The encryption routine consists of three primitive operations: • integer addition, • bitwise XOR, and • variable rotation
DES • In 1972 NIST (the National Institute of Standard and Technology) decided that a strong algorithm was needed to protect non-classified information and be available to the general public • In 1974 IBM submitted the lucifer algorithm to NIST • NIST enlisted the help of the National Security Agency (NSA) to evaluate it • The key length originally 128 bits was reduced to 56 bits
DES • The modified Lucifer algorithm was adopted by NIST as a federal standard in 1976, and its name was changed to Data Encryption Standard (DES) • In 1997 NIST abandoned their official endorsement of DES because a 56 bit key was not large enough for high security applications • Encrypts and decrypts data in 64-bit blocks (56 bit key plus 8 parity bits) • DES takes 64 bit block of plaintext as input and outputs 64 bit block of ciphertext • DES has 16 rounds • DES has been cracked
Triple DES ( 3DES ) • Minor variation of DES standard • Three times slower than regular DES • Takes three 64-bit keys for an overall key of 192 bits (there are actually 168 bits because of 8 bit parity) • The data encrypted with one key then decrypted with second key and encrypted with the third key • Care should be taken to ensure that all three keys are different, otherwise it revert to standard DES if any two keys are the same – except slower • This standard is currently being used by US government for Federal Information Processing Standards (FIPS)
Advanced Encryption Standard • NIST proposed Rijndael algorithm for use in AES • NIST announced selection of AES as part of FIPS 197 • AES is block cipher and CPU-intensive algorithm • IEEE’s 802.11i draft includes definitions for the use of AES for encryption • More robust then TKIP and would replace WEP and RC4 • Capable of 128, 192, and 256 bit keys, and is considered un-crackable by today’s standard
Advanced Encryption Standard • When AES is used as part of WLAN infrastructure devices such as bridges or APs it will be necessary to use either an encryption co-processor or very strong main CPU in the devices • Existing WLAN adapters cannot be retrofitted with AES so new APs and wireless cards will be needed
Summary • RSA’s RC4 is used in many security protocols including WEP and SSL • WEP is inherently weak but the weakness is not due to RC4 encryption • TKIP and other similar key rotation schemes correct the problem with WEP while retaining RC4 stream cipher • RC5 is the most well-known block cipher • RC5 is a parameterized algorithm with a variable block size, variable key size and a variable number of rounds
Summary • RC5 uses key expansion, encryption and decryption routines (three routines) • RC5 is used in Citrix’s SecureICA thin client technology • DES, an encryption with 56 bit keys, became the US government’s encryption standard in 1977 but will be replaced by AES • 3DES with 3 successive 56-bit keys, is stronger solution but much slower, and it will be replaced with AES • AES utilizes the Rijndael encryption algorithm with max of 256-bit keys, it is considered uncrackable
Resources • CWSP certified wireless security professional, from McGraw-Hill