NETW 05A: APPLIED
WIRELESS SECURITY
Encryption
By Mohammad Shanehsaz
Spring 2005
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Objectives
Differentiate between the following
encryption schemes in terms of efficiency
and security




RC4
RC5
DES/3DES
AES (FIPS 197)
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
RC4
Developed by Ron Rivest of RSA Security
Variable length stream cipher
Used in WEP, TKIP, MPPE, SSL, TLS and
many other security protocols
Fast and efficient
The RC4 algorithm is capable of key
lengths of up to 256 bits, and is typically
implemented in 64 bits, 128 bits, and 256
Considered moderately secure
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
RC4
A stream cipher generates what is called a
keystream a sequence of bits used as a key
The generation of the keystream can be
synchronous - independent of the plaintext
and ciphertext (most common stream cipher
design), or it can be self-synchronizing depend on the data and its encryption
Encryption is accomplished by combining the
keystream with the plaintext, usually with
bitwise XOR operation
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
RC5
Developed in 1994 by Ron Rivest of RSA security
It is a block cipher
Developed for use in software
It is used in applications such as Citrix Secure ICA
(a technology that provides the foundation for
turning any client device thin or fat into a very
thin client)
RC5 has variable block size (32 bits, 64 bits and
128 bits), variable key size (ranges from 0 bits to
2040 bits) and a variable number of rounds (0 to
255)
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
RC5
There are three routines in RC5:



key expansion,
encryption, and
decryption
In key-expansion, the user-provided secret key is
expanded to fill a key table whose size depends on the
number of rounds
Key table is used in both encryption & decryption
The encryption routine consists of three primitive
operations:



integer addition,
bitwise XOR, and
variable rotation
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
DES
In 1972 NIST (the National Institute of
Standard and Technology) decided that a
strong algorithm was needed to protect nonclassified information and be available to the
general public
In 1974 IBM submitted the lucifer algorithm
to NIST
NIST enlisted the help of the National
Security Agency (NSA) to evaluate it
The key length originally 128 bits was
reduced to 56 bits
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
DES
The modified Lucifer algorithm was adopted by NIST
as a federal standard in 1976, and its name was
changed to Data Encryption Standard (DES)
In 1997 NIST abandoned their official endorsement
of DES because a 56 bit key was not large enough
for high security applications
Encrypts and decrypts data in 64-bit blocks (56 bit
key plus 8 parity bits)
DES takes 64 bit block of plaintext as input and
outputs 64 bit block of ciphertext
DES has 16 rounds
DES has been cracked
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Triple DES ( 3DES )
Minor variation of DES standard
Three times slower than regular DES
Takes three 64-bit keys for an overall key of 192 bits
(there are actually 168 bits because of 8 bit parity)
The data encrypted with one key then decrypted with
second key and encrypted with the third key
Care should be taken to ensure that all three keys
are different, otherwise it revert to standard DES if
any two keys are the same – except slower
This standard is currently being used by US
government for Federal Information Processing
Standards (FIPS)
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Advanced Encryption Standard
NIST proposed Rijndael algorithm for use in AES
NIST announced selection of AES as part of
FIPS 197
AES is block cipher and CPU-intensive algorithm
IEEE’s 802.11i draft includes definitions for the
use of AES for encryption
More robust then TKIP and would replace WEP
and RC4
Capable of 128, 192, and 256 bit keys, and is
considered un-crackable by today’s standard
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Advanced Encryption Standard
When AES is used as part of WLAN
infrastructure devices such as bridges
or APs it will be necessary to use either
an encryption co-processor or very
strong main CPU in the devices
Existing WLAN adapters cannot be
retrofitted with AES so new APs and
wireless cards will be needed
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Summary
RSA’s RC4 is used in many security protocols
including WEP and SSL
WEP is inherently weak but the weakness is not
due to RC4 encryption
TKIP and other similar key rotation schemes
correct the problem with WEP while retaining RC4
stream cipher
RC5 is the most well-known block cipher
RC5 is a parameterized algorithm with a variable
block size, variable key size and a variable
number of rounds
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Summary
RC5 uses key expansion, encryption and
decryption routines (three routines)
RC5 is used in Citrix’s SecureICA thin client
technology
DES, an encryption with 56 bit keys, became the
US government’s encryption standard in 1977
but will be replaced by AES
3DES with 3 successive 56-bit keys, is stronger
solution but much slower, and it will be replaced
with AES
AES utilizes the Rijndael encryption algorithm
with max of 256-bit keys, it is considered
uncrackable
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.
Resources
CWSP certified wireless security
professional, from McGraw-Hill
This work is supported by the
National Science Foundation under
Grant Number DUE-0302909.
Any opinions, findings and conclusions or recommendations expressed in this material are
those of the author(s) and do not necessarily reflect those of the National Science Foundation.