Tuesday, October 16, 2012

Cyberspace and Cybersecurity: Archive Post 5

As of the start of this blog, I am in my second course for my Masters of Science in Cybersecurity. This is an archived posting from the first course.

Topic - Encryption Algorithm
Describe one encryption algorithm.
From March 2, 2012.

Rivest Cipher 4

RC4 is a light weight encryption algorithm that can easily be implemented in all programming languages. It is a symmetric encryption, which means that the encryption and decryption functions are the same and utilize the same key. As a stream cipher, RC4 can be used to encrypt any length of plaintext without having to pad out to a block size and cipher text is created by bitwise adding the keystream and plaintext modulo two, commonly known as XOR. "It is a variable key-size stream cipher with byte-oriented operations. The algorithm is based on the use of a random permutation. Analysis shows that the period of the cipher is overwhelmingly likely to be greater than 10100" (What is RC4)

RC4 was used as the first wireless networking encryption in the Wireless Equivalent Privacy standard by IEEE 802.11. (Vacca, 2009, pg 172) Despite the algorithm itself being fairly secure, the implementation used in WEP uses a fixed shared key, derived from the access point password, and an Initialization Vector (IV) to generate the keystream. Since all packets use the same shared key, the only difference seeding the keystream comes from the IV, which is only 24 bits. Borisov et al at Berkeley studied the security provided by WEP and summarized the weakness caused by the small IV well. " Such a small space of initialization vectors guarantees the reuse of the same key stream. A busy access point, which constantly sends 1500 byte packets at 11Mbps, will exhaust the space of IVs after 1500*8/(11*10^6)*2^24 = ~18000 seconds, or 5 hours" (Borisov et al)

Borisov, N., Goldberg, I., & Wagner, D. Security of the WEP algorithm. Retrieved from http://www.isaac.cs.berkeley.edu/isaac/wep-faq.html

Vacca, J. R. (2009). Computer and Information Security Handbook. Burlington, MA: Morgan Kaufmann.

What is RC4? Retrieved from https://www.rsa.com/rsalabs/node.asp?id=2250

No comments:

Post a Comment