Embed Size (px)
Citation preview
Tharindu WeerasingheMSc/EE/08/MSc/24
Supervised by: Dr. Manjula Sandirigama
Dr. Disala Uduwawala
HYBRID?A
stream cipher & block cipher are
combined together to get
a secured HYBRID cipher text
WHY?
There are many ways to combine cryptographic algorithms to get new algorithms. The impetus behind the combination is increasing security.
When we consider a block or stream cipher alone, we must admit that the strength of security is low.
In this research, the focus was, combining a block cipher with a stream cipher to enhance the strength of the cipher.
WHY?
Combined (Hybrid) ciphers are more secured thanstream or block ciphers alone.
They can be used as encryption algorithms in manysoftware applications used in networks...(e.g. Emailclients, Enterprise applications, etc…
Combining 3DES with RC4 is a new experience as 3DEShas a high complexity and that of RC4 is less.
BACKGROUND
What is a block cipher?
In cryptography, a block cipher is a symmetric keycipher operating on fixed-length groups of bits calledblocks, with an unvarying transformations.
Might take 128 bit input and output 128 bit block ofcipher text. The key can be of any finite size.
Decryption is the inverse function of encryption
Example of a Block Cipher
DES
Data Encryption Standard – commonly used blockcipher , but it is vulnerable to timing attacks . And it isobsolete now. But its enhancements like Triple DES &AES are still in the scene.Designed by IBM and the NSA, standardized in 1977.
Most widespread block cipher used by federal agencies,banks (ATM machines), SSL, ...Key length 56, block length 64.
DES Structure….
Triple DES (3DES)?
3DES is not a group, then the resultant cipher text is much harder to break using exhaustive search: 2112
attempts instead of 256 attempts.This is like having 3 DES blocks with 3 keys (or one key)in between the input and output.
Three-key 3DES has an effective key length of 168 bits and is defined as follows:
C = E(K3, D(K2, E(K1, P)))
BACKGROUND (Contd.)
What is a stream cipher?
In cryptography, a stream cipher is a symmetric key cipherwhere plaintext bits are combined with a pseudorandom cipherbit stream (key stream), typically by an exclusive-or (XOR)operation.
In a stream cipher the plaintext digits are encrypted one at atime, and the transformation of successive digits varies duringthe encryption. An alternative name is a state cipher, as theencryption of each digit is dependent on the current state. Inpractice, the digits are typically single bits or bytes.
Stream cipher (contd.)
A stream cipher makes use of a much smaller andmore convenient key — 128 bits, for example. Based onthis key, it generates a pseudorandom key stream whichcan be combined with the plaintext digits in a similarfashion to the one-time pad.
Example of a Stream Cipher
RC4
In cryptography, RC4 (also known as ARC4 orARCFOUR meaning Alleged RC4) is the most widely-used software stream cipher & used in popularprotocols such as Secure Sockets Layer (SSL) (to protectInternet traffic) and WEP (to secure wireless networks).While remarkable for its simplicity and speed in software.
RC4, described a bit…
RC4, described a bit…
RC4 generates a pseudorandom stream of bits (a keystream). As with any stream cipher, these can be used forencryption by combining it with the plaintext using bit-wiseXOR; decryption is performed the same way (since exclusive-or is a symmetric operation).
To generate the key stream, the cipher makes use of a secretinternal state which consists of two parts:
A permutation of all 256 possible bytes. (denoted "S" in the
figure)
Two 8-bit index-pointers. (denoted "i" and "j“ in the figrue)
RC4 (key stream)
Problems with Block or Stream cipher alone…
Block cipher problem
All block ciphers share two common theoreticalvulnerabilities, because they all encrypt multiple blockswith a single key.
If an attacker can extract the key for one block, then hebreaks other blocks with almost zero effort. Also, anattacker can collect many blocks encrypted with a singlekey, which may allow attacks that are impossible againsta single block.
Stream cipher problem
All stream ciphers using a simple invertible operation as thecombiner have a common theoretical vulnerability.
Given some known or guessed plaintext, it is trivial for anadversary to recover some of the pseudorandom maskingmaterial.
For example, using P for plaintext, C for cipher text, R for(pseudo) random data, and ^ for the most
common combining function, bitwise exclusive OR, we get:encryption: C = P^Rdecryption: P = C^Rbut this means the enemy (if he has P) can do:recover R: R = C^P
To overcome those problems?
Join stream and block ciphers
In this research 3DES & RC4!
MY ALGORITHM (BIG Picture)
BLOCK Cipher(Triple DES Encryption)
STREAM Cipher(RC4 Encryption)
BLOCK Cipher(Triple DES Decryption)
STREAM Cipher(RC4 Decryption)
Input
Output
Cipher 2
Cipher 1
Plaintext 2
Plaintext 1
MY ALGORITHM (Overview)
What about my application?The whole application (encryption/decryption demonstrator) is written in Java.
Implementing the algorithm on paper is much easierthan getting the practical outcome of it.
Technology used: Java EE together its standardcryptographic libraries
IN MY JAVA PROGRAMS?
3DES, RC4 and the Hybrid Algorithms
It will take an input (plaintext) as an argument value and encrypt it with DES, and RC4 then it will decrypt it with RC4 and DES and finally output the result….
In between I have shown the cipher texts
It will calculate the execution time as well…
ENCRYPTION TIMES
DECRYPTION TIMEs
QUESTIONS?
I myself have some questions
1. Why don’t you encrypt more than two times ?2. Can you say use this is in GSM ?3. What are the attacks that this algorithm might face ?4. Any enhancements of this? (Combine AES with RC4 ?) I have done it too…
ENHACEMENT BASED ON THIS RESEARCH…
A CRYPTO TOOL TO
EVALUATE CRYPTOGRAPHIC ALGORITHMS
LOOK THE CRYPTO TOOL BY ME…
GO…
REFERENCES
Cryptography and Network Security Principles and Practices, Fourth Edition By William Stallings
Types and Modes Combined Algorithm for Data Encryption and Decryption (D.M.A.B. Mailewa1, T.D.B. Weerasinghe2, S.P.J
Perera3 ,C.A. Munasinghe4 Department of Computer Engineering, Faculty of Engineering, University of Peradeniya1234
Evaluation of the RC4 Algorithm for Data Encryption(Allam Mousa (1) and Ahmad Hamad (2)(1) Electrical Engineering Department An-Najah University, Nablus, Palestine(2) Systems EngineerPalTel Company, Nablus, Palestine
REFERENCES (contd.)
Combining stream ciphers and block ciphers - Sandy Harris
Internet (Wikipedia, DES & RSA references)
THANK YOU!
