A lightweight stream cipher
for mobile devices using RSA and Message feedback
Rahul Yadav1, Praveen
Kr. Vishnoi2, Sohit Teotia3, Dhirendra Yadav4
1, 2Dept. of IT, SITE, Nathdwara, Rajasthan
3Dept. of MCA, IET, Alwar, Rajasthan
4Dept. of CS, JPTC, Samirpur, Himanchal Pradesh
1yadav.rahul@live.com, 2erpv89@gmail.com,
3sohitt@gmail.com, 4dhirendra.yadav.ballia@gmail.com
Abstract:
An encryption method is presented to implement a symmetric stream cipher for
which we have used message stream as an One Time Pad and RSA to initiate the
first One Time Pad in each cryptographic step previous stream of message is
used as One Time Pad for X-OR operation on next stream of message.
Scheme presented here ensure the
secure establishment of Key (First One Time Pad) with the help of well known
RSA algorithm and in subsequent cryptographic steps securely transferred
message stream is used as One Time Pad for next step.
Key
Words & Phrases: RSA algorithm, One Time Pad, Symmetric Cryptosystem,
Stream Cipher, Key Feedback, SYMBIAN Mobile Devices.
I. INTRODUCTION
Memory
and processing speed of personal computing systems have increased drastically
over the past few decades in the terms of processors with huge space for
scalability. But for mobile devices especially SYMBIAN based devices have
observed slow and steady growth. Most of the popular cryptographic systems are
aimed for the computers and mobile devices often suffer in terms of memory and
processing speed in order to incorporate security algorithms.
Here
a model for Lightweight and symmetric stream cipher system is introduced which
provide the level of security of the
higher order of most popular symmetric stream cipher, RC4.The private key is
used of the form of One Time Pad with low redundancy in key and for each cryptographic
step a new Key with automatic update is used through message feedback approach.
Hence no Key exchange is required rather than the first step where we establish
a session.[1]
II. SYMBIAN OS BASED MOBILE
DEVICES
Symbian is a mobile operating system (OS)
and computing platform designed for smart phones and
currently maintained by Nokia. The Symbian platform is the successor to
Symbian OS and Nokia Series 60; unlike Symbian OS, which needed an
additional user interface system, Symbian includes a user interface
component based on S60 5th Edition. The latest version, Symbian3,
was officially released in Q4 2010, first used in the Nokia N8. In May
2011 an update, Symbian Anna, was officially announced, followed by Symbian
Belle in August 2011.
Symbian
OS was originally developed
by Symbian Ltd. It is a descendant of Psion's EPOC and runs
exclusively on ARM processors, although an unreleased x86 port
existed. Some estimates indicate that the cumulative number of mobile devices
shipped with the Symbian OS up to the end of Q2 2010 is 385 million.
By
April 5, 2011, Nokia released Symbian under a new license and converted to a
proprietary shared-source model as opposed to an open source project. On
February 11, 2011, Nokia announced that it would migrate away from Symbian
to Windows Phone 7. In June 22, 2011 Nokia has made an agreement
with Accenture as an outsourcing program. Accenture will provide
Symbian based software development and support services to Nokia through 2016
and about 2,800 Nokia employees will be Accenture employees at early October
2011. [5]
III. COMPARISON OF PROCESSING
/ MEMORY CAPACITY BETWEEN COMPUTERS AND SYMBIAN MOBILES
When
we compare the memory and the processing capacity between the computers and SYMBIAN
based devices against the minimum hardware requirements of applications and
platform used we find portable SYMBIAN devices far behind but users
expectations are very high for the same. So the security systems also need to
be efficient enough to overcome all the limitations of mobile devices. Here a
comparison of these requirements is made. [5]
Windows NT
|
Minimum Requirement
|
Recommended
|
Secondary Storage
|
128 MB
|
2 GB with 1 GB Free
|
CPU
|
25 MHz
|
150 MHz
|
RAM
|
12 MB
|
64 MB
|
TABLE 1. REQUIREMENT
SPECIFICATIONS OF WINDOWS NT
Windows XP
|
Minimum Requirement
|
Recommended
|
Secondary Storage
|
1.7 GB
|
5 GB with 2 GB Free
|
CPU
|
2.26 MHz
|
3.0 GHz Duel Processor
|
RAM
|
64-128 MB
|
512 MB
|
TABLE 2. REQUIREMENT
SPECIFICATIONS OF WINDOWS XP
Apple MAC
|
Minimum Requirement
|
Recommended
|
Secondary Storage
|
1.5 GB
|
5 GB with 2 GB Free
|
CPU
|
150 MHz
|
1.7 GHz
|
RAM
|
128 MB
|
512 MB
|
TABLE 3. REQUIREMENT
SPECIFICATIONS OF APPLE MAC
SYMBIAN Mobile Devices
|
Low Tier SYMBIAN
|
Mid Tier SYMBIAN
|
High Tier SYMBIAN
|
Secondary Storage
|
162 MB
|
256 MB
|
1 GB
|
CPU
|
220-250 MHz
|
399-528 MHz
|
600 MHz
|
RAM
|
32-64 MB
|
64-128 MB
|
128-256 MB
|
TABLE 4. REQUIREMENT
SPECIFICATIONS OF SYMBIAN MOBILE DEVICES
Platform
|
CPU & RAM
|
Secondary Storage
|
Windows NT / XP
|
Highly Expandable
|
Highly Expandable
|
Open Sources
|
Highly Expandable
|
Highly Expandable
|
Apple MAC
|
Less Expandable
|
Less Expandable
|
SYMBIAN
|
Non Expandable
|
Less Expandable
|
TABLE 5. SUPPORT TO HARDWARE
EXPANSION (FOR MAC SYSTEM PARAMETERS ARE AGAINST THE STANDARD APPLE HARDWARE)
This
comparison is made to calibrate the typical differences between computers and SYMBIAN
mobile devices when scalability factor is excluded. Furthermore scalability
offered by these platforms offers different levels of expandability and we
found the SYMBIAN devices to be tightly bound with pre-installation hardware requirements,
in terms of storage and processing power.
IV. LIMITATIONS ASSOCIATED
WITH IMPLEMENTATION OF NORMAL CIPHER SYSTEMS IN SYMBIANS IN CONTEXT OF
ALGORITHM DEVELOPMENT.
Whenever
a network connection leaves a building, security to data is a must. . To obtain
security objectives cryptographic techniques are used to block outside traffic
from mingling with shared internal network. Crypto processing will require a
lot of resources and many hosts will reap significant performance benefits if
processing load is reduced. In this context different encryption algorithms
will be discussed in terms of their computational overhead, confidentiality
& authentication. Even though cryptography can resolve the security
problem, it also creates some drawbacks. The major part of the disadvantage is computational
overhead. There is no perfect encryption
algorithm so far. So people who want more secure system are trying to make the
encryption algorithm more complex so that no one can break the system. But
complex encryption algorithm takes more time to encrypt a message as the
complexity of the crypto system increases.
In other words, if you want to use more secure system, you have to spend
more time on communication. Another
problem is data overhead. During the securing procedure, depending on the
algorithm that used to make it secure, it may generate some additional data. It
is also an overhead in network point of view.[2]
V. ONE TIME PAD
In cryptography,
the one-time pad (OTP) is a type of encryption, which has
been proven to be impossible to crack if used correctly. Each bit or
character from the plaintext is encrypted by a modular addition with
a bit or character from a secret random key (or pad) of
the same length as the plaintext, resulting in a cipher text. If the key
is truly random, as large as or greater than the plaintext, never reused
in whole or part, and kept secret, the cipher text will be impossible to
decrypt or break without knowing the key. It has also been proven that any
cipher with the perfect secrecy property must use keys with effectively the
same requirements as OTP keys.[5] However,
practical problems have prevented one-time pads from being widely used.
First
described by Frank Miller in 1882, the one-time pad was re-invented in 1917 and
patented a couple of years later. It is derived from the Vernam cipher,
named after Gilbert Vernam, one of its inventors. Vernam's system was a
cipher that combined a message with a key read from a punched tape loop.
In its original form Vernam's system was not unbreakable because the key could
be reused. One-time use came a little later when Joseph Mauborgne recognized
that if the key tape were totally random, cryptanalytic difficulty
would be increased.[5]
VI. STREAM CIPHER
[Rue86] A stream cipher is a symmetric cipher which operates with a time-varying
transformation on individual plaintext digits. By contrast, block ciphers
operate with a fixed transformation on large blocks of plaintext digits. More
precisely, in a stream cipher a sequence of plaintext digits, m0m1 . . ., is
encrypted into a sequence of cipher text digits c0c1 . . . as follows: a
pseudorandom sequence s0s1 . . ., called the running-key or the key stream, is
produced by a finite state automaton whose initial state is determined by a
secret key. The i-th key stream digit only depends on the secret key and on the
(i−1) previous plaintext digits. Then, the i-th ciphertext digit is obtained by
combining the i-th plaintext digit with the i-th keystream digit. Stream
ciphers are classified into two types: synchronous stream ciphers and
asynchronousstream ciphers.
The
most famous stream cipher is the Vernam cipher, also called one-time pad that
leads to perfect secrecy (the ciphertext gives no information about the
plaintext). Stream ciphers have several advantages which make them suitable for
some applications. Most notably, they are usually faster and have a lower
hardware complexity than block ciphers. They are also appropriate when buffering is limited, since
the digits are individually encrypted and decrypted. Moreover, synchronous
stream ciphers are not affected
by error-propagation.[3]
VII. RC4: STREAM CIPHER
APPROACH
In cryptography, RC4 (also
known as ARC4 or ARCFOUR meaning Alleged RC4)
is the most widely used software stream cipher and is used in popular
protocols such as Secure Sockets Layer (SSL) (to protect Internet
traffic) and WEP (to secure wireless networks). While remarkable for
its simplicity and speed in software, RC4 has weaknesses that argue against its
use in new systems. It is especially vulnerable when the beginning of the
output key stream is not discarded, or nonrandom or related keys are
used; some ways of using RC4 can lead to very
insecure cryptosystems such asWEP.
RC4
uses a variable length key from 1 to 256 bytes to initialize a 256-byte state
table. The state table is used for
subsequent generation of pseudo-random bytes and then to generate a
pseudo-random stream which is XORed with the plaintext to give the
ciphertext. Each element in the state
table is swapped at least once.
•
The RC4 key is often limited to 40 bits, because of export restrictions but it
is sometimes used as a 128 bit key. It
has the capability of using keys between 1 and 2048 bits. RC4 is used in many commercial software
packages such as Lotus Notes and Oracle Secure SQL.
•
The RC4 algorithm works in two phases, key setup and ciphering. Key setup is the first and most difficult
phase of this algorithm. During a N-bit
key setup (N being your key length), the encryption key is used to generate an
encrypting variable using two arrays, state and key, and N-number of mixing
operations. These mixing operations
consist of swapping bytes, modulo operations, and other formulas. A modulo operation is the process of yielding
a remainder from division. For example,
11/4 is 2 remainder 3; therefore eleven mod four would be equal to three.
•
Once the encrypting variable is produced from the key setup, it enters the
ciphering phase, where it is XORed with the plain text message to create an
encrypted message. XOR is the logical
operation of comparing two binary bits. If the bits are different, the result
is 1. If the bits are the same, the
result is 0. Once the receiver gets the
encrypted message, he decrypts it by XORing the encrypted message with the same
encrypting variable.
VIII. LIMITATIONS FOUND IN RC4
FOR SPEEDUP PERFORMANCE ON SYMBIANS
Being
efficiently fast for the computer systems, RC4 algorithm is based on the use of
a random permutation. Analysis shows that the period of the cipher is
overwhelming likely to be greater than 10100. Eight to sixteen
machine operations are required per output byte, and the cipher can be expected
to run very quickly in software. We can fast the process and improve the
operations for mobile devices by giving attention to the fallowing improvement
areas.
1.
Elimination of
pseudorandom number generator
2.
Elimination of
Static Vector array S[256].
a.
Non initialization
of S vector.
b.
Skipping of the
permutation of S vector.
c.
Removal of time
complex swap operations on S vector.
IX. RSA CRYPTOSYSTEM
There
are three stages of RSA[4] operations named
1.
Key Generation
2.
Encryption
3.
Decryption
Process.
Key Generation
— Select two distinct large prime numbers, says p, q
— Calculate n= p*q
— Calculate φ(n) = (p - 1) * (q - 1)
— Select e : gcd(φ(n), e) == 1
— Calculate d ≡ e-1 mod φ(n)
Your Keys are
Private Key: (d,
n)
Public Key: (e,
n)
Encryption:
to encrypt a message block M using the public key (e, n) into cipher C
C= Me mod n
Decryption:
to decrypt a cipher block C using the private key (d, n) into message M
M= Cd mod n
X. PROPOSED MODEL
The
proposal is consisting of two step cipher scheme. Initially we exchange the key
element of the RSA scheme, where the communication initiator device A sends a
communication request to device B. Device B responds with its public key
element (e, n) of RSA cryptosystem. Now in the scenario where the flow of the
data stream is from Device A to Device B, i.e. Device A acts as a sender and
Device B acts as a receiver. Now the cryptographic operations can be sought of
a two step process;
1.
RSA Mode
2.
Message feedback
mode
In
RSA mode a session key is established and the first stream of message having
128 bits is securely transferred. In Message feedback mode the message stream
of previous cryptographic step is used as a Private Key of One Time Pad forms. Security
of the model is completely dependent over the RSA session establishment
mechanism. The detailed operations are as:
1)
RSA Mode:
a)
RSA Public key
elements are shared between communicating devices, and after this Device B
having key elements (e, n) and (d, n) both. Device A have public key element
(e, n) only.
b)
Device A encrypts
the very first message stream M0 having 128 bits into cipher stream
C0 using the public key (e, n) of Device B.
c)
Device A transmits
C0 to Device B.
d)
On receiving of C0
Device B decrypts it using his own private key (d, n) and get M0.
2)
Message feedback
mode: After RSA operations on very first message stream M0 of 128
bit subsequent message streams Mn can be ciphered with the help of Mn-1
using it as One Time Pad for X-OR operation.
a)
Encryption at
Device A
For Mn where n>0
Cn = Mn ⊕ Mn-1 ……(1)
b)
Decryption at
Device B
For Cn where n>0
Mn =
Cn ⊕ Mn-1 ……(2)
XI. ADVANTAGES OF PROPOSED SYSTEM AND SECURITY LEVEL
OFFERED
The security of this system
needs to be examined in more detail. In particular, the difficulty of factoring
large numbers should be examined very closely. The reader is urged to find a
way to “break" the system. Once the method has withstood all attacks for a
sufficient length of time it may be used with a reasonable amount of confidence.[4]
RSA's security
management strategy brings together the ISO 27001 framework, a tightly
integrated set of core security technologies, strategic professional services,
and a vibrant user community to make enterprise security management more
efficient and effective.
The integrated Security Management Suite at the heart of this approach will include the RSA Archer eGRC Suite, RSA enVision for security information and event management (SIEM), and RSA Data Loss Prevention (DLP). It will provide a single hub to correlate and act on information from across your enterprise, including a wide variety of third-party point products. You'll be able to access information security within its business context and respond more appropriately. You can also take advantage of purpose-built solutions to specific business challenges, such as RSA Archer Incident Management and RSA Cloud Security and Compliance Solutions.
The integrated Security Management Suite at the heart of this approach will include the RSA Archer eGRC Suite, RSA enVision for security information and event management (SIEM), and RSA Data Loss Prevention (DLP). It will provide a single hub to correlate and act on information from across your enterprise, including a wide variety of third-party point products. You'll be able to access information security within its business context and respond more appropriately. You can also take advantage of purpose-built solutions to specific business challenges, such as RSA Archer Incident Management and RSA Cloud Security and Compliance Solutions.
XII. CONCLUSION
The main results
drown from this work are following:
1. Higher level
of security offered for normal mobile communication.
2. The security
level of proposed model has the same level of security to offer as RSA
cryptosystem does.
3. Advantages of
Public key cryptography with simplicity of Private Key environment.
4. A hybrid
model which try to have advantages of both Public Key and Private Key
cryptosystems
5. The
exhaustive operations of RC4 algorithms are eliminated.
6. Message
feedback ensures the data integrity while communication over a communication
medium in Public domain.
7. The security
lies totally on RSA operations, which is approximately infeasible to break.
REFERENCES
[1]
Stallings W., Cryptography and Network Security, 4e, Pearson Education - New
Delhi, 2002
[2]
A.V.N.Krishna, and Dr. A.Vinaya Babu, Pipeline
Data Compression and Encryption Techniques in E-Learning environment,@ http://www.jatit.org/volumes/research-papers/Pipeline_Data_Compression_3_1.pdf
[3] R.A. Rueppel. Analysis and
design of stream ciphers. Springer-Verlag, 1986
[4] Rivest R.L. et.al. ‘A method
for obtaining digital signatures and publickey cryptosystems’, Commun. Of the
ACM, Vol 21, No 2, February 1978
[5] http://en.wikipedia.org/wiki/
No comments:
Post a Comment