Wireless Communication Security Lecture 7 PDF

Summary

This lecture notes cover Wireless Communication Security, specifically focusing on Data Encryption Algorithms. It details different kinds of stream ciphers, including symmetric encryption and cryptographic techniques.

Full Transcript

Wireless Communication Security
prepared by

Dr/ Ahmed Ali Rosas

LECTURE 7
Data Encryption Algorithms
 contents
Elements of radio frequency theory
Data Encryption Algorithms
Elements of information security with applications
in the wireless environment
Elements of physical layer security (the wiretap channel)
Elements of RFID systems security analysis with case studies: the
electronic passport Elements of WLAN security analysis
WiFi- Bluetooth system security
Security in mobile telephony systems 2G, 3G,4Gand opportunities in 5G.
Data Encryption Algorithms
 Symmetric encryption algorithms
stream ciphers.
A stream cipher, breaks a plaintext message down into single bits, which then are
converted individually into ciphertext using key bits.
each plaintext digit is encrypted one at a time with the with the corresponding digit
of the keystream, to give a digit of the ciphertext stream.
they generate keystream (pseudorandom bits) from the key and encrypt the
plaintext by XORing it with the pseudorandom bits
(Note: some people say stream ciphers encrypt data by individual bits, others say
by bytes [8 bits])
A stream cipher is a cipher that encrypts (and decrypts) with the flow — the data
flow, that is. stream ciphers encrypt data in long, pseudorandom streams. Basically,
this means you can process one bit of data at a time instead of waiting for a data
block to form.
Symmetric encryption algorithms
stream ciphers.
Symmetric encryption algorithms
stream ciphers.
 Symmetric encryption algorithm - stream Ciphers
1. The cipher combines a key (128/256 bits) and a
nonce digit (64-128 bits) in order to generate the
keystream

2. a pseudorandom number (keystream) XORed
with the plaintext to generate the ciphertext.

3. The keystream must be different for each
encryption iteration even though the key and
nonce can be reused to maintain security.

In order to build the keystream, stream encryption
ciphers generate a unique nonce (a number used
only once) utilising feedback shift registers “nonce”
If a value is 8 bits, for instance, there are 2^8 possible
messages before we have to change the key
 Symmetric encryption algorithms
stream ciphers (modes of operation).
Synchronous stream ciphers (key auto-key, or KAK) — These types of ciphers
generate keystreams independently of any previous plaintext or ciphertexts
the most popular stream cipher modes produce a string of bits using pseudorandom
number generators and combine it with the key to create the keystream, which is
then XORed with the plaintext to produce the ciphertext
Self-synchronizing stream ciphers/ Asynchronous stream Ciphers (ciphertext
autokey or CTAK) These ciphers, on the other hand, rely on previous ciphertext
bits to generate keystreams
The previous ciphertext block's fixed size (N-bits) and symmetric key are used to
generate the keystream block via a self-synchronizing stream cipher, also known as
ciphertext autokey. Asynchronous stream cipher can recognize active attacks by
altering the ciphertext, which changes the information in the subsequent keystream.
 Symmetric encryption algorithms
Types of Stream Ciphers.
Stateful stream ciphers – the stream possesses an internal state that changes
during the stream generation process
 Symmetric encryption algorithms
Types of Stream Ciphers.
Counter-based stream ciphers – the stream lacks an internal state, which is
replaced by a counter incremented with each step. N is the nonce, which
should be unique for each applied key (important for key rotation).
 Symmetric encryption algorithms
Types of Stream Ciphers.
LFSR (Linear Feedback Shift Register). It’s a shift register whose input bit is
a linear function of its previous state, used for generating random values for
keystream. Proper usage of such a generator exhibits strong statistical
properties; however, this doesn’t necessarily mean that such a register
possesses appropriate cryptographic properties.
 Symmetric encryption algorithm - stream Ciphers
LFSR (Linear Feedback Shift Register). Shift registers of this type, with XOR
operations on certain bits, create looped bit representations of numbers generated by the
register. For example, a given 4-bit register loops in a cycle of 16 possibilities (which is the
optimal value, the maximum), generating binary numbers from 0000 to 1111. In practice,
such registers are longer and are represented in polynomial form, where the number of bits
in the register is the highest power of the polynomial.
Security of LFSR
In LFSR registers, output and state bits are linked by “m” linear equations, which can be
solved using clever mathematical and computational techniques. In practice, cryptography
employs additional cryptographic mechanisms to enhance the LFSR concept
cryptographically. Filtered LFSR registers or Clock-controlled generators or nonlinear FSR
registers are used. These introduce additional transformations that render the linear
equations mentioned earlier nonlinear, making them either impossible or difficult to solve.
 Symmetric encryption algorithms
nonlinear FSR (NFSR) registers Because LFSRs are inherently linear, one technique
for removing the linearity is to feed the outputs of several parallel LFSRs into a non-linear
Boolean function to form a combination generator. Various properties of such a combining
function are critical for ensuring the security of the resultant scheme, for example, in order
to avoid correlation attacks.
 Symmetric encryption algorithm - stream Ciphers
LFSRs Clock-controlled generators
Normally LFSRs are stepped regularly. One approach to introducing non-linearity is to
have the LFSR clocked irregularly, controlled by the output of a second LFSR. Such
generators include
stop-and-go generator
alternating step generator
shrinking generator.
 Symmetric encryption algorithm - stream Ciphers
LFSRs Clock-controlled generators
An alternating step generator comprises three LFSRs, which we will call LFSR0, LFSR1 and
LFSR2 for convenience. The output of one of the registers decides which of the other two is to be
used; for instance, if LFSR2 outputs a 0, LFSR0 is clocked, and if it outputs a 1, LFSR1 is clocked
instead. The output is the exclusive OR of the last bit produced by LFSR0 and LFSR1.

The stop-and-go generator (Beth and Piper, 1984) consists of two LFSRs. One LFSR is clocked if
the output of a second is a 1, otherwise it repeats its previous output. This output is then (in some
versions) combined with the output of a third LFSR clocked at a regular rate.

The shrinking generator takes a different approach. Two LFSRs are used, both clocked regularly.
If the output of the first LFSR is 1, the output of the second LFSR becomes the output of the
generator. If the first LFSR outputs 0, however, the output of the second is discarded, and no bit is
output by the generator. This mechanism suffers from timing attacks on the second generator, since
the speed of the output is variable in a manner that depends on the second generator's state. This
can be alleviated by buffering the output
 Symmetric encryption algorithm - stream Ciphers
River Cipher (RC4)
A quick and easy encryption algorithm called RC4/ARC4/ARCFOUR was created in 1987 to
accomplish byte-by-byte encryption utilizing 64 - or 128-bit length keys. Transport Layer Security,
and the IEEE 802.11 WLAN standard all use extensively RC4.
a nonlinear update function. For example, Klimov and Shamir proposed triangular functions (T-
Functions) with a single cycle on n bit words
 Symmetric encryption algorithm - stream Ciphers
A5/1 (for GSM cell)
114 bit sequence of keystream
which is XORed with the 114 bits o fmodulation.
initialized using a 64-bit key
a publicly known 22-bit frame number.
combination of three linear-feedback shift registers
 Public-key cryptography, or asymmetric cryptography,
is the field of cryptographic systems that use pairs of related keys. Each key pair consists of
a public key and a corresponding private key. Key pairs are generated with cryptographic
algorithms based on mathematical problems termed one-way functions.
Security of public-key cryptography depends on keeping the private key secret; the public
key can be openly distributed without compromising security. Asymmetric encryption
algorithms use two different keys for encryption and decryption.
The key used for encryption is the public key, and the key used for decryption is the private
key. Both the keys must belong to the receiver.
In a public-key encryption system, anyone with a public key can encrypt a message, yielding
a ciphertext, but only those who know the corresponding private key can decrypt the
ciphertext to obtain the original message
The process for the above image is as follows:
Step 1: Alice uses Bob’s public key to encrypt
the message
Step 2: The encrypted message is sent to Bob
Step 3: Bob uses his private key to decrypt the
message
 Public-key cryptography
Digital signatures: Verification of document origin and signature authenticity is possible
today thanks to asymmetric key cryptography.
TLS/SSL handshake: Asymmetric key cryptography plays a significant role in verifying
website server authenticity, exchanging the necessary encryption keys required, and
generating a session using those keys to ensure maximum security. Instead of the rather
insecure HTTP website format.
Crypto-currency: Asymmetric key cryptography uses blockchain technology to authorize
cryptocurrency transactions and maintain the integrity of its decentralized architecture.
Key sharing: This cryptography category can also be used to exchange secret keys for
symmetric encryption since keeping such keys private is of utmost importance in its system.
 Advantages Public-key cryptography
No key sharing: Asymmetric key cryptography overcomes the biggest flaw of symmetric
key cryptography since it doesn’t need to exchange any keys that can decrypt data.
Proof of owner: Since it links the private and public keys together, a message is decrypted
using a private key. It stands as evidence that the message originated from the rightful owner
who has the private key.
Longer key lengths: Asymmetric encryption algorithms have key sizes up to 4096 bits that
significantly increase the cipher and ciphertext security.
Tamper-proof: Hackers can’t modify data during transmission since doing so will prevent
the receiver's private key from decrypting the message, thus informing the receiver that the
message has been meddled with.
 What are examples of asymmetric cryptography
The RSA (Rivest-Shamir-Adleman) algorithm -- the most widely used asymmetric
algorithm -- is embedded in SSL/TLS, which is used to provide secure communications over
a computer network. RSA derives its security from the computational difficulty of factoring
large integers that are the product of two large prime numbers.
Multiplying two large primes is easy, but the difficulty of determining the original numbers
from the product -- factoring -- forms the basis of public key cryptography security. The
time it takes to factor the product of two sufficiently large primes is beyond the capabilities
of most attackers.
RSA keys are typically 1,024 or 2,048 bits long, but experts believe 1,024-bit keys will be
broken soon due to the advent of quantum computing, which is why government and
industry are moving to a minimum key length of 2,048-bits..
 What are examples of asymmetric cryptography
Elliptic curve cryptography (ECC) is gaining favor with many security experts as an
alternative to RSA. ECC is a public key encryption technique based on elliptic curve theory.
It can create faster, smaller and more efficient cryptographic keys through the properties of
the elliptic curve equation.

To break ECC, an attacker must compute an elliptic curve discrete logarithm, which is
significantly more difficult than factoring. As a result, ECC key sizes can be significantly
smaller than those required by RSA while delivering equivalent security with lower
computing power and battery resource usage.