The Design of a Secure Data Communication System By Moutasem Shafa’amry B .E n g ., m .S c . A Dissertation Presented in Fulfilment of the Requirements for the Ph.D. Degree. Dublin City University Supervisor Dr. Michael Scott School of Computer Applications February 1994 Declaration I herby certify that this material, which I now submit for assessment on the programme of study leading to the award of Ph.D degree in Computer Science is entirely my own work and has not been taken from the work of others save and to extent that such work has been cited and acknowledged within the text of my work. Signed:..................................... D ate:. .. f c$ $ k . Moutasem Shafa 'amry fldçnoiuledgements I would lifçe to express my heartfelt gratitude to Dr. Michael Scott zufwse help, supervision andguidance were invaluaôle during my period o f study. Sincere thanks are expressed to Andrew Me Carren and Qary K&ghfor all tfieir fqnd help and assistance. I would also lifce to than^ my fellow postgraduate students at the Sciooi of Computer Applications for titeir tqndness, encouragement and patience in answering all my questions, and for tfieir assistance in proof reading tfte text which has improved my English. EspeciaC than/çs to my sincere friend Abdul-Cjani Ola6i whose tireless encouragement heCped me to compCete my study. I Would also Ci/(e to than^ the School o f Computer Applications for its financial support. Many thanlçs are also e?(pressed to the management 6oard of the Scientific Studies and Research Centre for their help and encouragement. I The Design of a Secure Data Communication System Moutasem Shafa’amry B.Eng., M.Sc. Abstract The recent results of using a new type of chosen-plaintext attack, which is called differential cryptanalysis, makes most published conventional secret-key block cipher systems vulnerable. The need for a new conventional cipher which resists all known attacks was the main inspiration of this work. The design of a secret-key block cipher algorithm called DCU-Cipher, that resists all known cryptanalysis methods is proposed in this dissertation. The proposed method is workable for either 64-bit plaintext/64-bit ciphertext blocks, or 128-bit plaintext/128-bit ciphertext blocks. The secret key in both styles is 128-bit long. This method has only four rounds and the main transformation function in this cipher algorithm is based on four mixed operations. The proposed method is suitable for both hardware and software implementation. It is also suitable for cryptographic hash function implementations. Two techniques for file and/or data communication encryption are also proposed here. These modes are modified versions of the Cipher-Block Chaining mode, by which the threat of the known-plaintext differential cyptanalytical attack is averted. An intensive investigation of the best known Identity-based key exchange schemes is also presented. The idea behind using such protocols, is providing an authenticated secret-key by using the users identification tockens. These kind of protocols appeared recently and are not standardized as yet. None of these protocols have been compared with previous proposals. Therefore one can not realize the efficiency and the advantages of a new proposed protocol without comparing it with other existing schemes of the same type. The aim of this investigation is to clarify the advantages and the disadvantages of each of the best known schemes and compare these schemes from the complixity and the speed viewpoint. The design of a Secure Dala Communication System Table of Contents Chapter 1 Introduction........................................................................... 1 Chapter 2 Cryptographic Algorithms and Key Exchange Protocols .......................................................................................... 6 2.1 Cryptographic Algorithm s........................................................................... 6 2.1.1 Conventional Block Cipher Algorithms .................................. 8 2.1.2 Public-Key Cipher Algorithm s............................................... 16 2.2 Key Exchange Protocols........................................................................... 21 2.2.1. Identity-Based Key Exchange Protocols ............................. 23 2.3 File and Communication Security......................................................... 33 2.3.1 Cipher Block Chaining (CBC) ............................................ 34 2.3.2 Cipher Feedback (CFB) ......................................................... 34 2.3.3 Output Feedback (OFB) ......................................................... 36 2.4. Conclusion ................................................................................................ 37 Chapter 3 Methods of Cryptographic Attack ............................... 40 3.1 Exhaustive attack........................................................................................ 41 3.2 Crypt-analytical Methods ......................................................................... 43 III The design of a Secure Data Communication System 3.3 Meet-in-the-middle attack ....................... .............................................. 44 3.4 Differential Cryptanalysis ......................................................................... 45 3.5 Conclusion .................................................................................................. 47 Chapter 4 The Design of a Secure Communication System ........................ 48 4.1 Introduction..................................... .......................................................... 48 4.2 The Design of a Cipher S ystem .............................................................. 49 4.2.1 The Design Requirements: ............................... ................. 50 4.2.2 The General Structure of DCU-Cipher................................. 53 4.2.3 The Transformation Function F ............................... 55 4.2.4 The Key Schedule..................................................................... 58 4.2.5 The Decryption Algorithm:..................................................... 60 4.2.6 The Group Operations Characteristics .......... , .................... 60 4.2.6 Achieving the Design Requirement inDCU-Cipher 63 4.3 The Design of Encryption Modes of Operation .................................. 66 4.3.1 Meyer-Matyas Encryption M o d e ............................................ 68 4.3.2 New Proposed Encryption M odes......................................... 70 4.4 Using DCU-Cipher for Message Authentication (Hashing function) ............ 78 4.5 Conclusion .................................................................................................. 81 Chapter 5 The Implementation and T ests ............................... 82 5.1 The implementation .................................................................................. 82 5.2 T e s ts ............................................................................................................ 83 5.2.1 Frequency Test ......................................................................... 86 5.2.2 Serial Test ................................................................................... 87 5.2.3 Runs T e st..................................................................................... 89 5.2.3 The Universal Test ................................................................... 91 5.2.1 Avalanche T e s t........................................................................... 94 5.2.2 Strict Avalanche Criterion test (SAC) ................................. 97 5.2.2.1 Plaintext-Ciphertext Avalanche E ffect................. 97 IV The design of a Secure Data Communication System 5.2.2.2 Key-Ciphertext Avalanche E ffe c t........................ 100 5.4 Conclusion ................................................................................................. 103 Chapter 6 Concluding Remarks....................................................... 104 Bibliography............................................................................................ 106 Appendix - A The Source Code of DCU-Cipher .......................... A-I Appendix - B The Source code of Tests Programmes ................. B-I Appendix - C The Results of the Avalanche Test ........................ C-I Appendix - D The results of Strict Avalanche Test ..................... D-I V Chapter 1: Introduction Chapter 1 Introduction Although the need to keep certain messages secret has been appreciated for thousands of years, it is only recently that information security has become commercially important and thereby widely recognized as a necessity. Until the end of the second world war, military and diplomatic communications were the only major application areas for cryptographic techniques. The vast development in electronic data processing and telecommunications, leading to computer networks of ever-growing size, results in an increasing vulnerability of these systems to various attacks. The potential damage that can caused by such an attack is often tremendous, which explains the recent commercial interest in protecting information systems. No prophetic skills are required to foresee a dramatic growth in the need for cryptographic techniques in the near future. Cryptography is today understood to be the science of secure communications or, more generally, of information security. However, it was not until 1949, when Shannon published his paper titled "Communication theory of secrecy systems", that cryptology