Enhancing Security and Speed of RC4
Total Page:16
File Type:pdf, Size:1020Kb
International Journal of Computing and Network Technology ISSN 2210-1519 Int. J. Com. Net. Teach. 3, No. 2 (May 2015) Enhancing Security and Speed of RC4 Maytham M. Hammood1, 2, Kenji Yoshigoe1and Ali M. Sagheer3 1 Department of Computer Science, University of Arkansas at Little Rock, Little Rock, USA 2Department of Computer Science and Mathematics, University of Tikrit, Iraq 3Computer College, University of Anbar, Iraq Received: 10 Dec. 2014, Revised: 15 March, 2015, Accepted: 1 April 2015, Published: 1 (May) 2015 Abstract: Wireless communication security is a critical factor for secure communication among large scale of wireless networks. A limited resource constraint, such as power and memory size presents a significant challenge to implement existing cryptographic algorithms. One of the most important symmetric cryptographic algorithms is Rivest Cipher 4 (RC4) stream cipherthatis utilized in many real-time security applications. However, the RC4 cipher shows some weaknesses, including a correlation problem between the public known outputs of the internal state. In this paper, we propose RC4 stream cipher with a random initial state (RRC4) to solve the weak keys problem of the RC4 using a random initialization of internal state S. We also propose RC4 stream cipher with two state tables (RC4-2S) to solve the correlation problem between the public known outputs of the internal state using permutation between state1 (S1) and state 2 (S2) while requiring less time than RC4. Finally, we propose RC4 stream cipher with two state tables togenerate four keys (RC4-2S+) in each cycle which further enhances randomness overRC4-2S and RRC4. Keywords: Encryption, Stream Cipher, RC4, Random Number Generator attack can cause immediate loss of synchronization [3]. 1. INTRODUCTION Asynchronous stream ciphers depend on the previously Cryptographic algorithms that can provide fast generated ciphertext in order to continue generating new implementation, small size, low complexity, and high ones, yet it cannot regenerate the same sequence of security for resource-constrained devices such as ciphertext. On the other hand, synchronous stream wireless sensor devices are imperative. Conventional ciphers can regenerate a sequence of ciphertext because a cryptographic algorithms are sequences of processes or key sequence is independent of the plaintext. This case is rules, used to encrypt or decrypt messages in a referred to as self-synchronized because of the ability to cryptographic system to provide security services. re-synchronize after insertion or deletion of bits. Conventional cryptographic algorithms are very complex Although self-synchronization can be an important and consume a significant amount of power when used property, this type of the stream cipher has not received by resource-constrained devices for the provision of much attention [4]. secure communication [1]. These include symmetric and In the literature, there are many stream cipher asymmetric key algorithms, but asymmetric key algorithms presented to implement high-performance algorithms are inappropriate for resource-constrained software. Such algorithms include the following: A5/1 devices for several reasons, including the limited storage [5], ORYX [35], LEVIATHAN [36], IDEA [37], MUGI space and excessive energy usage [1, 2]. Therefore, [38], W7 [40], RC4, Helix [39], SNOW [32], SOBER security schemes should rely on symmetric key [34], and SEAL [33]. One-time pad, which is stronger cryptography, especially when systems have limited than all of these aforementioned algorithms, is hardware resources. unbreakable since it never uses the same key more than Stream ciphers can be classified as synchronous and once. Consequently, the sequence key is truly random asynchronous. In a synchronous stream cipher, a and not generated in a deterministic manner as is the case sequence of keys is generated independently from the with other algorithms. Thus, an attacker cannot deduce plaintext and ciphertext. The drawback of synchronous is any information about the key from ciphertext [6]. The that both the sender and the receiver have to be robustness of stream ciphers depends on Pseudo-Random synchronized for key usages. It can detect any deletion or Number Generator (PRNG) which has proved to be insertion of bits by an active attack directly, yet such an resistant to attacks if it passes the statistical tests. E-mail: [email protected], [email protected], [email protected] http://journals.uob.edu.bh 38 Maytham M. Hammood, et. al.: Enhancing Security and Speed of RC4 RC4 is a proprietary stream cipher that was designed weakness in the first two output bytes of the RC4 key in 1987 by Ron Rivest. RC4 is widely used in security stream generator. They argued that the number of outputs software based on the stream cipher, including one in the required for distinguishing the output of the RC4 random encryption of traffic to and from secure websites such as sequence with the presence of bias is 128, and they Transport Layer Security (TLS), Secure Socket Layer recommended the use of 256 to overcome this bias. (SSL), and Wired Equivalent Privacy (WEP) RC4A is considered to be robust against most of the implementations. RC4 is fast in comparison to other weaknesses of RC4, particularly its weakness of algorithms, and it has a simple design hardware distribution in the first two output bytes. However, after implementation [7]. In addition, RC4 is five times faster one year, Maximov [11] proposed distinguishing attack than Data Encryption Standard (DES) and fifteen times on both VMPC and RC4A, which can distinguish the faster than Triple-DES [4]. cipher output from a truly random number. Many stream ciphers use a de-facto RC4 standard for Yu and Zhang [12] presented RC4 state combined with meeting specific requirements, such as the limited the hash function without affecting the simplicity and storage size and power of the devices; however, there are efficiency. The RC4 state based on the hash function can many weaknesses found in stream ciphers caused by generate Message Authentication Code (MAC). The mathematical relationships between the key, ciphertext, enhancement includes the offset, forward, and backward and plaintext which attackers can use to assess the properties of RC4 states where the authors use offset to security of the cryptographic algorithms via ignore the first few bytes of the key and started cryptanalysis. Thus, the goal is to create a sequence of encrypting the data in determining the position which has keys that approaches true randomness [8]. led to an increase in the time of execution. Pardeep and The structures of stream ciphers are presented more Pateriya [13] proposed PardeepCipher-RC4 (PC-RC4) as than block ciphers. The security of the cryptographic an extension to the RC4 algorithm to improve algorithms can be assessed by cryptanalysis. Many randomness in KSA and PRGA, yet it increased the weaknesses found in stream ciphers are triggered by execution time. Kamble and Meshram found that RC4 mathematical relations between the key, ciphertext, and had a weakness to differential attack and showed how the plaintext. The primary aim is to produce a random key plain text can be retrieved. In addition, the authors asymptotic to the true random key [8]. Cryptanalysis recommended how to avoid this attack using different refers to theoretical knowledge and uses numerous sizes of key of greater than 32 bits [14]. statistical tools to find weaknesses in the ciphertext or Kadry and Smaili [15] presented Vigenère RC4 cryptosystems. (VRC4) which is a combination of the RC4 and the poly The rest of the paper is organized as follows. Section alphabetic cipher Vigenère. The plaintext is encrypted 2 reviewsrelated works. Section 3 presents the using the classic RC4 cipher followed by re-encrypting description of RC4, and Section 4 shows some by Vigenère, which results in increased time of weaknesses of RC4. We then present our proposed execution. Mironov [16] presented a new model of RC4 algorithms to enhance RC4 algorithm in section 5. and analyzed it by applying the theory of the random Section 6 describes the evaluation, and Section 7 presents permutation. Based on this study, he recommended the results of the analysis. Section 8 concludes the paper. discarding at least the first 512 bytes to avoid those weaknesses which have led to an increase in the 2. RELATED WORK execution time.Mousa and Hamad examined the analysis Many researchers have tried to enhance the security of the effect of different parameters of the RC4 algorithm of RC4 and create variant algorithms. However, this such as the execution time and the file size and enhancement slowed the implementation speed. On the concluded that the speed of encryption and decryption other hand, many researchers have attempted to improve time is affected by the length of the encryption key and algorithmic speed, but this caused a decrease in the the size of the data file [17].Yao et al. presented analysis randomness. Zoltak [8] proposed Variably Modified and enhancement of the security of the RC4 algorithm by Permutation Composition (VMPC) which was designed using public key encryption with RC4, which has led to to be efficient in software implementations and solved a an increase in the size of the system and the time of weakness found in the RC4 Key Scheduling Algorithm execution [18]. (KSA) that had been described by Fluhrer et al.[9].The Chefranov and Mazurova [19] presented an extension structure of Pseudo-Random Generation Algorithm of RC4 (RC4E) in which they combined RC4 with a (PRGA) in VMPC was more complex in comparison simple Heap’s algorithm to provide enumeration of all with the RC4 which makes it more resistant to attacks. potential permutations for periodic change of RC4 state. Paul and Preneel [10] presented RC4A as an However, their algorithm requires additional memory to enhancement over RC4 after exploring a new statistical keep one more permutation compared with RC4. RC4+ http://journals.uob.edu.bh Int.