1 / 14

NETW 05A: APPLIED WIRELESS SECURITY Encryption

NETW 05A: APPLIED WIRELESS SECURITY Encryption. By Mohammad Shanehsaz Spring 2005. Objectives. Differentiate between the following encryption schemes in terms of efficiency and security RC4 RC5 DES/3DES AES (FIPS 197). RC4. Developed by Ron Rivest of RSA Security

landen
Download Presentation

NETW 05A: APPLIED WIRELESS SECURITY Encryption

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NETW 05A: APPLIED WIRELESS SECURITY Encryption By Mohammad Shanehsaz Spring 2005

  2. Objectives • Differentiate between the following encryption schemes in terms of efficiency and security • RC4 • RC5 • DES/3DES • AES (FIPS 197)

  3. RC4 • Developed by Ron Rivest of RSA Security • Variable length stream cipher • Used in WEP, TKIP, MPPE, SSL, TLS and many other security protocols • Fast and efficient • The RC4 algorithm is capable of key lengths of up to 256 bits, and is typically implemented in 64 bits, 128 bits, and 256 • Considered moderately secure

  4. RC4 • A stream cipher generates what is called a keystream a sequence of bits used as a key • The generation of the keystream can be synchronous - independent of the plaintext and ciphertext (most common stream cipher design), or it can be self-synchronizing -depend on the data and its encryption • Encryption is accomplished by combining the keystream with the plaintext, usually with bitwise XOR operation

  5. RC5 • Developed in 1994 by Ron Rivest of RSA security • It is a block cipher • Developed for use in software • It is used in applications such as Citrix Secure ICA (a technology that provides the foundation for turning any client device thin or fat into a very thin client) • RC5 has variable block size (32 bits, 64 bits and 128 bits), variable key size (ranges from 0 bits to 2040 bits) and a variable number of rounds (0 to 255)

  6. RC5 • There are three routines in RC5: • key expansion, • encryption, and • decryption • In key-expansion, the user-provided secret key is expanded to fill a key table whose size depends on the number of rounds • Key table is used in both encryption & decryption • The encryption routine consists of three primitive operations: • integer addition, • bitwise XOR, and • variable rotation

  7. DES • In 1972 NIST (the National Institute of Standard and Technology) decided that a strong algorithm was needed to protect non-classified information and be available to the general public • In 1974 IBM submitted the lucifer algorithm to NIST • NIST enlisted the help of the National Security Agency (NSA) to evaluate it • The key length originally 128 bits was reduced to 56 bits

  8. DES • The modified Lucifer algorithm was adopted by NIST as a federal standard in 1976, and its name was changed to Data Encryption Standard (DES) • In 1997 NIST abandoned their official endorsement of DES because a 56 bit key was not large enough for high security applications • Encrypts and decrypts data in 64-bit blocks (56 bit key plus 8 parity bits) • DES takes 64 bit block of plaintext as input and outputs 64 bit block of ciphertext • DES has 16 rounds • DES has been cracked

  9. Triple DES ( 3DES ) • Minor variation of DES standard • Three times slower than regular DES • Takes three 64-bit keys for an overall key of 192 bits (there are actually 168 bits because of 8 bit parity) • The data encrypted with one key then decrypted with second key and encrypted with the third key • Care should be taken to ensure that all three keys are different, otherwise it revert to standard DES if any two keys are the same – except slower • This standard is currently being used by US government for Federal Information Processing Standards (FIPS)

  10. Advanced Encryption Standard • NIST proposed Rijndael algorithm for use in AES • NIST announced selection of AES as part of FIPS 197 • AES is block cipher and CPU-intensive algorithm • IEEE’s 802.11i draft includes definitions for the use of AES for encryption • More robust then TKIP and would replace WEP and RC4 • Capable of 128, 192, and 256 bit keys, and is considered un-crackable by today’s standard

  11. Advanced Encryption Standard • When AES is used as part of WLAN infrastructure devices such as bridges or APs it will be necessary to use either an encryption co-processor or very strong main CPU in the devices • Existing WLAN adapters cannot be retrofitted with AES so new APs and wireless cards will be needed

  12. Summary • RSA’s RC4 is used in many security protocols including WEP and SSL • WEP is inherently weak but the weakness is not due to RC4 encryption • TKIP and other similar key rotation schemes correct the problem with WEP while retaining RC4 stream cipher • RC5 is the most well-known block cipher • RC5 is a parameterized algorithm with a variable block size, variable key size and a variable number of rounds

  13. Summary • RC5 uses key expansion, encryption and decryption routines (three routines) • RC5 is used in Citrix’s SecureICA thin client technology • DES, an encryption with 56 bit keys, became the US government’s encryption standard in 1977 but will be replaced by AES • 3DES with 3 successive 56-bit keys, is stronger solution but much slower, and it will be replaced with AES • AES utilizes the Rijndael encryption algorithm with max of 256-bit keys, it is considered uncrackable

  14. Resources • CWSP certified wireless security professional, from McGraw-Hill

More Related