Presentation is loading. Please wait.

Presentation is loading. Please wait.

This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

Similar presentations


Presentation on theme: "This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed."— Presentation transcript:

1 This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. NETW 05A: APPLIED WIRELESS SECURITY Encryption By Mohammad Shanehsaz Spring 2005

2 This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Objectives Differentiate between the following encryption schemes in terms of efficiency and security RC4 RC5 DES/3DES AES (FIPS 197)

3 This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. RC4 Developed by Ron Rivest of RSA Security Variable length stream cipher Used in WEP, TKIP, MPPE, SSL, TLS and many other security protocols Fast and efficient The RC4 algorithm is capable of key lengths of up to 256 bits, and is typically implemented in 64 bits, 128 bits, and 256 Considered moderately secure

4 This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. RC4 A stream cipher generates what is called a keystream a sequence of bits used as a key The generation of the keystream can be synchronous - independent of the plaintext and ciphertext (most common stream cipher design), or it can be self-synchronizing - depend on the data and its encryption Encryption is accomplished by combining the keystream with the plaintext, usually with bitwise XOR operation

5 This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. RC5 Developed in 1994 by Ron Rivest of RSA security It is a block cipher Developed for use in software It is used in applications such as Citrix Secure ICA (a technology that provides the foundation for turning any client device thin or fat into a very thin client) RC5 has variable block size (32 bits, 64 bits and 128 bits), variable key size (ranges from 0 bits to 2040 bits) and a variable number of rounds (0 to 255)

6 This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. RC5 There are three routines in RC5: key expansion, encryption, and decryption In key-expansion, the user-provided secret key is expanded to fill a key table whose size depends on the number of rounds Key table is used in both encryption & decryption The encryption routine consists of three primitive operations: integer addition, bitwise XOR, and variable rotation

7 This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. DES In 1972 NIST (the National Institute of Standard and Technology) decided that a strong algorithm was needed to protect non- classified information and be available to the general public In 1974 IBM submitted the lucifer algorithm to NIST NIST enlisted the help of the National Security Agency (NSA) to evaluate it The key length originally 128 bits was reduced to 56 bits

8 This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. DES The modified Lucifer algorithm was adopted by NIST as a federal standard in 1976, and its name was changed to Data Encryption Standard (DES) In 1997 NIST abandoned their official endorsement of DES because a 56 bit key was not large enough for high security applications Encrypts and decrypts data in 64-bit blocks (56 bit key plus 8 parity bits) DES takes 64 bit block of plaintext as input and outputs 64 bit block of ciphertext DES has 16 rounds DES has been cracked

9 This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Triple DES ( 3DES ) Minor variation of DES standard Three times slower than regular DES Takes three 64-bit keys for an overall key of 192 bits (there are actually 168 bits because of 8 bit parity) The data encrypted with one key then decrypted with second key and encrypted with the third key Care should be taken to ensure that all three keys are different, otherwise it revert to standard DES if any two keys are the same – except slower This standard is currently being used by US government for Federal Information Processing Standards (FIPS)

10 This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Advanced Encryption Standard NIST proposed Rijndael algorithm for use in AES NIST announced selection of AES as part of FIPS 197 AES is block cipher and CPU-intensive algorithm IEEE’s i draft includes definitions for the use of AES for encryption More robust then TKIP and would replace WEP and RC4 Capable of 128, 192, and 256 bit keys, and is considered un-crackable by today’s standard

11 This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Advanced Encryption Standard When AES is used as part of WLAN infrastructure devices such as bridges or APs it will be necessary to use either an encryption co-processor or very strong main CPU in the devices Existing WLAN adapters cannot be retrofitted with AES so new APs and wireless cards will be needed

12 This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Summary RSA’s RC4 is used in many security protocols including WEP and SSL WEP is inherently weak but the weakness is not due to RC4 encryption TKIP and other similar key rotation schemes correct the problem with WEP while retaining RC4 stream cipher RC5 is the most well-known block cipher RC5 is a parameterized algorithm with a variable block size, variable key size and a variable number of rounds

13 This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Summary RC5 uses key expansion, encryption and decryption routines (three routines) RC5 is used in Citrix’s SecureICA thin client technology DES, an encryption with 56 bit keys, became the US government’s encryption standard in 1977 but will be replaced by AES 3DES with 3 successive 56-bit keys, is stronger solution but much slower, and it will be replaced with AES AES utilizes the Rijndael encryption algorithm with max of 256-bit keys, it is considered uncrackable

14 This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect those of the National Science Foundation. Resources CWSP certified wireless security professional, from McGraw-Hill


Download ppt "This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed."

Similar presentations


Ads by Google