3. WHY?
There are many ways to combine cryptographic
algorithms to get new algorithms. The impetus behind
the combination is increasing security.
When we consider a block or stream cipher alone, we
must admit that the strength of security is low.
In this research, the focus was, combining a block
cipher with a stream cipher to enhance the strength of
the cipher.
4. WHY?
Combined (Hybrid) ciphers are more secured than
stream or block ciphers alone.
They can be used as encryption algorithms in many
software applications used in networks...(e.g. Email
clients, Enterprise applications, etc…
Combining 3DES with RC4 is a new experience as 3DES
has a high complexity and that of RC4 is less.
5. BACKGROUND
What is a block cipher?
In cryptography, a block cipher is a symmetric key
cipher operating on fixed-length groups of bits called
blocks, with an unvarying transformations.
Might take 128 bit input and output 128 bit block of
cipher text. The key can be of any finite size.
Decryption is the inverse function of encryption
6. Example of a Block Cipher
DES
Data Encryption Standard – commonly used block
cipher , but it is vulnerable to timing attacks . And it is
obsolete now. But its enhancements like Triple DES &
AES are still in the scene.
Designed by IBM and the NSA, standardized in 1977.
Most widespread block cipher used by federal agencies,
banks (ATM machines), SSL, ...
Key length 56, block length 64.
8. Triple DES (3DES)?
3DES is not a group, then the resultant cipher text is
much harder to break using exhaustive search: 2112
attempts instead of 256 attempts.
This is like having 3 DES blocks with 3 keys (or one key)
in between the input and output.
Three-key 3DES has an effective key length of 168 bits
and is defined as follows:
C = E(K3, D(K2, E(K1, P)))
9. BACKGROUND (Contd.)
What is a stream cipher?
In cryptography, a stream cipher is a symmetric key cipher
where plaintext bits are combined with a pseudorandom cipher
bit stream (key stream), typically by an exclusive-or (XOR)
operation.
In a stream cipher the plaintext digits are encrypted one at a
time, and the transformation of successive digits varies during
the encryption. An alternative name is a state cipher, as the
encryption of each digit is dependent on the current state. In
practice, the digits are typically single bits or bytes.
10. Stream cipher (contd.)
A stream cipher makes use of a much smaller and
more convenient key — 128 bits, for example. Based on
this key, it generates a pseudorandom key stream which
can be combined with the plaintext digits in a similar
fashion to the one-time pad.
11. Example of a Stream Cipher
RC4
In cryptography, RC4 (also known as ARC4 or
ARCFOUR meaning Alleged RC4) is the most widely-
used software stream cipher & used in popular
protocols such as Secure Sockets Layer (SSL) (to protect
Internet traffic) and WEP (to secure wireless networks).
While remarkable for its simplicity and speed in software.
13. RC4, described a bit…
RC4 generates a pseudorandom stream of bits (a key
stream). As with any stream cipher, these can be used for
encryption by combining it with the plaintext using bit-wise
XOR; decryption is performed the same way (since exclusive-
or is a symmetric operation).
To generate the key stream, the cipher makes use of a secret
internal state which consists of two parts:
A permutation of all 256 possible bytes. (denoted "S" in the
figure)
Two 8-bit index-pointers. (denoted "i" and "j“ in the figrue)
16. Block cipher problem
All block ciphers share two common theoretical
vulnerabilities, because they all encrypt multiple blocks
with a single key.
If an attacker can extract the key for one block, then he
breaks other blocks with almost zero effort. Also, an
attacker can collect many blocks encrypted with a single
key, which may allow attacks that are impossible against
a single block.
17. Stream cipher problem
All stream ciphers using a simple invertible operation as the
combiner have a common theoretical vulnerability.
Given some known or guessed plaintext, it is trivial for an
adversary to recover some of the pseudorandom masking
material.
For example, using P for plaintext, C for cipher text, R for
(pseudo) random data, and ^ for the most
common combining function, bitwise exclusive OR, we get:
encryption: C = P^R
decryption: P = C^R
but this means the enemy (if he has P) can do:
recover R: R = C^P
18. To overcome those problems?
Join stream and block ciphers
In this research 3DES & RC4!
21. What about my application?
The whole application (encryption/decryption
demonstrator) is written in Java.
Implementing the algorithm on paper is much easier
than getting the practical outcome of it.
Technology used: Java EE together its standard
cryptographic libraries
22. IN MY JAVA PROGRAMS?
3DES, RC4 and the Hybrid Algorithms
It will take an input (plaintext) as an argument value
and encrypt it with DES, and RC4 then it will decrypt it
with RC4 and DES and finally output the result….
In between I have shown the cipher texts
It will calculate the execution time as well…
25. QUESTIONS?
I myself have some questions
1. Why don’t you encrypt more than two times ?
2. Can you say use this is in GSM ?
3. What are the attacks that this algorithm might face ?
4. Any enhancements of this? (Combine AES with RC4 ?) I
have done it too…
26. ENHACEMENT BASED ON THIS
RESEARCH…
A CRYPTO TOOL
TO
EVALUATE
CRYPTOGRAPHIC ALGORITHMS
31. REFERENCES
Cryptography and Network Security Principles and
Practices, Fourth Edition By William Stallings
Types and Modes Combined Algorithm for Data
Encryption and Decryption (D.M.A.B. Mailewa1, T.D.B. Weerasinghe2, S.P.J
Perera3 ,C.A. Munasinghe4 Department of Computer Engineering, Faculty of Engineering,
University of Peradeniya1234
Evaluation of the RC4 Algorithm for Data Encryption
(Allam Mousa (1) and Ahmad Hamad (2)
(1) Electrical Engineering Department An-Najah University, Nablus, Palestine
(2) Systems EngineerPalTel Company, Nablus, Palestine