Tharindu Weerasinghe, profile picture
Uploaded byTharindu Weerasinghe
432 views

Analysis of a Modified RC4

This document analyzes a modified version of the RC4 stream cipher algorithm. The original RC4 algorithm is described, along with its key scheduling algorithm and pseudo-random generation algorithm. The modified algorithm makes a small change to the output generation by adding an additional parameter to the XOR operation. Tests were conducted to analyze the secrecy and performance of the modified algorithm compared to the original RC4 algorithm over variable key lengths and data sizes. The results showed that the modified algorithm had better secrecy and comparable or better performance than the original RC4 algorithm.

Embed presentation

Download to read offline
International Journal of Computer Applications (0975 – 8887) Volume 51– No.22, August 2012 12 Analysis of a Modified RC4 Algorithm T.D.B Weerasinghe MSc.Eng, BSc.Eng (Hons), MIEEE, AMIE (SL) Software Engineer IFS R&D International, 363, Udugama, Kandy, Sri Lanka ABSTRACT In this paper, analysis of a simply modified RC4 algorithm is presented. RC4 is the most widely used stream cipher and it is not considered as a cipher that is strong in security. Many alternatives have been proposed to improve RC4 key generation and pseudo random number generation but the thoughts behind this work is to try out a simple modification of RC4’s PRGA, where we can mention like this: Output = M XOR GeneratedKey XOR j After having done the modification the modified algorithm is tested for its secrecy and performance and analyzed over the variable key length with respect to those of the original RC4. The results show that the modified algorithm is better than the original RC4 in the aspects of secrecy and performance. General Terms Symmetric Key Algorithms, Stream Cipher, RC4 KSG, RC4 PRGA Keywords Secrecy of RC4, Modified RC4 1. INTRODUCTION RC4 is the most widely used stream cipher. In open literature there are a lot of modifications done in-order to improve the security and performance level of the particular algorithm. In this research the focus was to slightly alter the Output generation by adding one parameter into the XOR operation. The initial idea behind this change was aroused by the article published online by Likai Liu [7]. The intension behind this concept was to check the secrecy level and performance by doing the particular change and observe the results. Since Shannon’s theories of secrecy of ciphers are not used regularly in the area in Cryptography (in open literature); the idea was to select them as the criterion for secrecy measurement. Performance is analyzed by measuring the encryption time of each cipher. Bo th secrecy and performance are analyzed over the variable key lengths which varied from 64 bits to 1856 bits. (Key lengths of RC4 can vary from 40 bits to 2048 bits). All the algorithms were written in Java as well as the time calculation (in microseconds) and secrecy measurements are also done using two separate Java programs. To generate a random alpha numeric character key, random character generation in Java is used! 2. RC4 ALGORITHM RC4 is the widely used stream cipher. In this section, the original RC4 is described in a nutshell. The following description is illustrated from a research work done by Yassir Nawaz et. al. [1] The RC4 algorithm has of two major parts: The key scheduling algorithm (KSA) and the pseudo-random generation algorithm (PRGA). l - Length of the initial key in bytes N - Size of the array S or the S-box in words. Normally RC4 is used with a n = 8 and array size N = 28 . In the first phase of RC4 operation an identity permutation (0, 1..., N-1) is loaded in the array S. A secret key K (initial key) is then used to initialize S to a random permutation by shuffling the words in S. During the second phase, PRGA produces random words from the permutation in S. An iteration of the PRGA loop produces one output word that constructs the running key stream (generated key stream). The keystream is bit-wise XORed with the plaintext to obtain the ciphertext. [1] for i = 0 to (N-1) S[i] = i; j = 0; for i = 0 to (N-1) j = (j + S[i] + K[i mod l]) mod N; swap (S[i], S[j]) i = 0, j =0; Output Generation Loop: i = (i+1) mod N; j = (j+S[i]) mod N; swap (S[i], S[j]); Output = S[(S[i] + S[j]) mod N]; The general structures of KSA and PRGA are shown in the above figrue. The original RC4 can be illustrated as follows because n = 8 and N = 28 (256) KSA: for i = 0 to 255 S[i] = i; j=0 for i = 0 to 255
International Journal of Computer Applications (0975 – 8887) Volume 51– No.22, August 2012 13 j = (j+S[i]+K[i mod l]) mod 256; swap S[i] and S[j]; PRGA : i = 0, j=0; for x = 0 to L-1 i = (i+1) mod 256; j = (j+S[i]) mod 256; swap S[i] and S[j]; GeneratedKey = S[ (S[i] + S[j]) mod 256] ; Output = M[x] XOR GeneratedKey; Where ‘M’ is the plain text message and ‘L’ is its length. [4] 3. MODIFIED RC4 Here is the pseudo code of the modified RC4: KSA: for i = 0 to 255 S[i] = i; j=0 for i = 0 to 255 j = (j+S[i]+K[i mod l]) mod 256; swap S[i] and S[j]; PRGA: i = 0, j=0; for x = 0 to L-1 i = (i+1) mod 256; j = (j+S[i]) mod 256; swap S[i] and S[j]; GeneratedKey = S[ (S[i] + S[j]) mod 256] ; Output = M[x] XOR GeneratedKey XOR j; Where ‘M’ is the plaintext message and ‘L’ is its length. [4] 4. SECRECY OF CIPHERS 4.1 Definitions related to secrecy Entropy: Entropy of a message X, called H(X), is the minimum number of bits needed to encode all possible occurrences (meanings) of the message, assuming all messages are equally likely. [5]  Entropy of a given message X is defined by the weighted average: n H(X )  P(xi )log P(xi ) 1 Uncertainty: Uncertainty of a message is the number of plaintext bits that must be recovered when the message is scrambled in cipher text in order to learn the plaintext. The uncertainty of a message is measured by its entropy. [5] Higher the number of bits, higher the uncertainty. Equivocation: Equivocation is the uncertainty of a message that can be reduced by given additional information. [5]  Equivocation is the conditional entropy of X given Y: HY (X )  {X ,Y}P(X ,Y)log2[PY (X )] HY (X )  {Y}P(Y ){X}PY (X )log2[PY (X )] Secrecy of ciphers: Secrecy of a cipher is calculated in terms of the key equivocation Hc (K) of a key K for a given cipher text C; that is the amount of uncertainty in K given C: [5] Hc (K)  {C}P(C){K}Pc (K)log2[Pc (K)] Note: This is the equation used in the secrecy calculation in this research and it was used in some of my previous work [2], [3] and all the above definitions were derived from theories of Shannon related to entropy and secrecy. Claude Elwood Shannon [April 30, 1916 – February 24, 2001] is called the Father of Information Theory. All the above equations/definitions are illustrated from the lecture notes of Dr.Issa Traore of the University of Victoria, British Columbia, Canada. URL: www.ece.uvic.ca/~itraore/elec567-04/notes/elec6704- 6-2.pdf 4.2 Calculation of the secrecy of ciphers How the calculation is done in the program:  Consider the highlighted part first: That is the entropy of K given the relevant cipher. (This cipher has come due to this key) o Calculate how often each key byte has appeared in the key. o And then calculate the probability of each byte appears (given the cipher) in the key and get the summation of Pc(K) * log2Pc(K).  Then consider the other part: Calculating P(C) and the summation. o Calculate how often each cipher byte has appeared in the cipher text. o And then calculate the probability of each byte appears in the key and get the summation (for all possibilities of the cipher bytes). This cipher is related to the above key; i.e. this cipher is obtained by encrypting plain text with the above key. Then get the multiplication of the highlighted part and
International Journal of Computer Applications (0975 – 8887) Volume 51– No.22, August 2012 14 P(C) is calculated and finally the summation of all possibilities is calculated. 5. RESEARCH METHOD 5.1 Method for analyzing secrecy This is done in two categories. 1. With a variable key length. (then the input text is fixed; considered as a password) 2. With a variable data size. (then the key size is kept fixed – 128 bits) Category 1: Secrecy values of ciphertexts related to different key lengths ranging from 64 bits to 1856 bits are obtained and the average value is calculated. For each key length, to normalize the results, experiment is carried-out for 100 random keys. For example, if you consider a 64 bit key, then required values are taken for 100 different 64 bit keys. Here, the input is a constant/fixed value as the variable is the key length. After calculations the comparison of the average secrecy values of both RC4 and modified RC4 ciphertexts is possible, over the length of the random key. Used input: #THARINDU_WEERASINGHE# Thus, the secrecy analysis is done in the first category! Category 2:  In this category the key length is fixed. (128 bits) Data size has been varied from 10 KB to 100KB. Here, at each instance the input is given as a text file containing alpha numeric values. 5.1.1 Java method to calculate secrecy: [6] public static double calculateSecrecy(byte[] key, byte[] cipher, int start) { final double p_k = 1.0 * countedKey[i] / key.length; final double p_c = 1.0 * countedCipher[i] / cipher.length; if (p_k > 0) { entropy += p_k * log2(p_k); secrecy += -p_c * entropy; } } return secrecy; } 5.2 Method for analyzing performance This is also done in two categories. 1. With a variable key length. (then the input text is fixed; considered as a password) 2. With a variable data size. (then the key size is kept fixed – 128 bits) Category 1: The encryption times (in microseconds) for different key lengths (64 bits to 1856 bits) are measured and the normalization is done similarly as in the secrecy analysis. By comparing the average encryption times of both RC4 and modified RC4 over the length of the random key, the performance analysis is done! Category 2:  In this category the key length is fixed. (128 bits) Data size has been varied from 10 KB to 100KB. Here, at each instance the input is given as a text file containing alpha numeric values similarly as in the secrecy analysis. Encryption time is measured under the above normalization mechanism. double entropy = 0; double secrecy = 0; final int[] countedKey = countByteDistribution(key, start, key.length- 1); final int[] countedCipher = countByteDistribution(cipher, start, cipher.length-1); for (int i=0;i<256;i++) { 5.3 Method of generating the initial key With the help of java.security.SecureRandom and java.math.BigInteger, streams of random alphanumeric characters are generated. Example code: new BigInteger(40, random).toString(32); Need to change the first parameter of the BigInteger according to the required key length in bytes. E.g. If you need a random key having a length of 40bytes then you need to input 200 there. See below for the example: new BigInteger(200, random).toString(32);
International Journal of Computer Applications (0975 – 8887) Volume 51– No.22, August 2012 15 Key Length/Bits Average Encryption Time of RC4/ µs Average Encryption Time of modified RC4/ µs 64 101.4 97.3 320 84.1 74.2 576 85.7 76.5 832 88.2 78.7 1088 90.8 76.1 1344 91.1 77.6 1600 83.1 76.3 1856 85.1 80.3 5.4 Method of analyzing the overall results The idea behind the research was to modify the existing RC4 algorithm in order to check how it responds towards the secrecy of the cipher generated as well as the overall performance of the algorithm. Since the secrecy calculation is hardly used to evaluate security level of a cipher in open literature, the focus was to check the secrecy of the generated cipher text in order to evaluate the modified algorithm over the original one! The variation of the secrecy over the different key sizes is studied to give the result of the research with respect to the secrecy. Initial thought (prior to the outcome) was the secrecy level of the modified cipher should be higher than that of the original cipher because the modification leads to an additional operation. The average secrecy is calculated by running the Performance is measured by calculating the average encryption time. All the tests were carried out in a machine which has the following configuration:  Intel® Core™ i3 CPU, M370 @ 2.40 GHz  1.86 GB usable RAM  MS Windows 7 Home Basic (32 bit) 6. RESULTS AND ANALYSIS Table 1. Average Secrecy Value Vs Key Length Fig 1: Average Secrecy Value Vs Key Length Table 2. Average Encryption Time Vs Key Length Key Length/Bits Average Secrecy of RC4 Average Secrecy of modified RC4 64 0.032519153 0.021913237 320 0.110192092 0.153905248 576 0.180718271 0.190528341 832 0.15384488 0.198225548 1088 0.148745008 0.204488399 1344 0.178802549 0.176788808 1600 0.1718984 0.219518034 1856 0.191389199 0.22001954 Fig. 2: Average Encryption Time Vs Key Length
International Journal of Computer Applications (0975 – 8887) Volume 51– No.22, August 2012 16 Data Size/KB Average Encryption Time of RC4/ µs Average Encryption Time of modified RC4/ µs 10 2272 2146 20 4791 4059 30 6600 6393 40 7417 7173 50 8191 8227 60 9959 9351 70 9717 9616 80 10507 10389 90 11490 11777 100 12153 11997 Table 3. Average Secrecy Value Vs Data Size Data Size/KB Average Secrecy of RC4 Average Secrecy of modified RC4 10 0.2032 0.2021 20 0.20658 0.20756 30 0.2016 0.20127 40 0.20759 0.2125 50 0.20879 0.2145 60 0.20333 0.20656 70 0.21173 0.21416 80 0.20387 0.2033 90 0.20134 0.20418 100 0.2029 0.20557 Fig. 3: Average Secrecy Value Vs Data Size Table 4. Average Encryption Time Vs Data Size Fig. 4: Average Encryption Time Vs Data Size 7. CONCLUSIONS AND FUTURE WORK Conclusion with respect to password type inputs: As shown by the Fig 1, modified RC4 has better average secrecy than that of the original RC4. Both curves does not have smooth variation because of the limited number of samples, 100 to be précised (sample keys) taken for the experiment. But if we can test this for larger number of sample then the curve will have a smooth variation. If this is further explained if we take one instance of the experiment: consider the initial key length is 40 bits then we do have 2^40 number of possible keys. If we are to take the average secrecy of the instance where we have the key length of 40 bits then we need to get the secrecy values for all 2^40 keys which is unrealistic. So, in this research 100 sample keys are considered. (For measuring both secrecy and performance) As far as the performance is concerned, the modified RC4 has the upper hand of the original RC4. By looking at the graph shown in the Fig 2, it is proved that the modification has lead to decrease the encryption time; hence the higher performance is achieved. Conclusion with respect to the input messages that have larger data sizes: As depicted in Fig. 3 the secrecy of the modified RC4 against the data size is more often than not, higher than that of original RC4. But again the measurements and calculations are done for 100 different keys (note: in this experiment the key size is taken as the most common size used 128 bits) and the curve could have been smoother if the numbers of samples are higher. (E.g. 10000 samples) When it comes to the performance, it is obvious that the ‘modification’ has improved the performance (refer: Fig.4) General conclusion: Thus, a conclusion can be made upon the evident results, as the simple modification has done an enormous improvement of the RC4 (regardless of the limited number of samples taken – even for the limited number of keys modified RC4 gave good results, thus it is clearly obvious that if more samples were taken the results could have been much better. So, the simple modification in made RC4 to give better secrecy and performance simultaneously. Suggested future work: Same known plaintext attack for the modified RC4 and original RC4 and evaluate the tolerance levels.
International Journal of Computer Applications (0975 – 8887) Volume 51– No.22, August 2012 17 REFERENCES [1] Yassir Nawaz and Kishan Chand Gupta and Guang Gong. 2005. A 32-bit RC4-like Keystream Generator. In Cryptology ePrint Archive: Report 2005/175. [2] T.D.B Weerasinghe. 2012. Analysis of a Hybrid Cipher Algorithm for Data Encryption. In IFRSA’s International Journal of Computing, VOL.2 No.2, 397-401 [3]T.D.B Weerasinghe. 2012. Secrecy and Performance Analysis of Symmetric Key Encryption Algorithms. In IAES International Journal of Information and Network Security, VOL.1 No.2, 77-87 [4] Allam Mousa and Ahmad Hamad. 2006. Evaluation of the RC4 Algorithm for Data Encryption. In International Journal of Computer Science and Applications, VOL.3, No.2, 44-56 [5] Lecture notes of Dr.Issa Traore of the University of Victoria, British Columbia, Canada, related to secrecy of ciphers. URL: www.ece.uvic.ca/~itraore/elec567- 04/notes/elec6704-6-2.pdf [6] http://web17.webbpro.de/index.php?page=entropy [7] http://lifecs.likai.org/2011/12/evaluating-rc4-as- pseudo-random-number.html

More Related Content

PDF
An effective RC4 Stream Cipher
byTharindu Weerasinghe
 
PPTX
I mage encryption using rc5
bySuramrit Singh
 
PPTX
Rc6 algorithm
byChethan Chetu
 
PDF
IJEIR_1615
byGaurav pal
 
PPT
RC4&RC5
byguestff64339
 
PDF
Realizing Fine-Grained and Flexible Access Control to Outsourced Data with At...
byMateus S. H. Cruz
 
PDF
Cryptography Workbook
byArthyR3
 
PDF
ENKI: Access Control for Encrypted Query Processing
byMateus S. H. Cruz
 
An effective RC4 Stream Cipher
byTharindu Weerasinghe
 
I mage encryption using rc5
bySuramrit Singh
 
Rc6 algorithm
byChethan Chetu
 
IJEIR_1615
byGaurav pal
 
RC4&RC5
byguestff64339
 
Realizing Fine-Grained and Flexible Access Control to Outsourced Data with At...
byMateus S. H. Cruz
 
Cryptography Workbook
byArthyR3
 
ENKI: Access Control for Encrypted Query Processing
byMateus S. H. Cruz
 

What's hot

PDF
Cs8792 cns - Public key cryptosystem (Unit III)
byArthyR3
 
PDF
Narrow bicliques cryptanalysisoffullidea
byRifad Mohamed
 
PDF
Crack Wep Wifi Under100seconds
bymvde3000
 
PDF
RC6
byZellagui Amine
 
PDF
IS Unit 3_Public Key Cryptography
bySarthak Patel
 
PDF
The Cryptol Epilogue: Swift and Bulletproof VHDL
byUlisses Costa
 
PDF
Cs6701 cryptography and network security
byArthyR3
 
PDF
DBMask: Fine-Grained Access Control on Encrypted Relational Databases
byMateus S. H. Cruz
 
PPTX
Shilpa ppt
byshilpa kanhurkar
 
PDF
CRYPTOGRAPHY AND NETWORK SECURITY
byKathirvel Ayyaswamy
 
PPTX
Tiny encryption algorithm
byFarah M. Altufaili
 
PPTX
DATA SECURITY WITH AES ENCRYPTION, ELLIPTIC CURVE ENCRYPTION AND SIGNATURE
byMohammed Abdul Lateef
 
PDF
Modern Cryptography
byJames McGivern
 
PPTX
Homomorphic encryption and Private Machine Learning Classification
byMohammed Ashour
 
PDF
LDPC Codes
bySahar Foroughi
 
PDF
Design And Implementation Of Tiny Encryption Algorithm
byIJERA Editor
 
PDF
Computer security module 1
byDeepak John
 
PPTX
Low power ldpc decoder implementation using layer decoding
byajithc0003
 
PDF
Survey on asymmetric key cryptography algorithms
byEditor Jacotech
 
PDF
cns 2marks
byilakiyadinesh
 
Cs8792 cns - Public key cryptosystem (Unit III)
byArthyR3
 
Narrow bicliques cryptanalysisoffullidea
byRifad Mohamed
 
Crack Wep Wifi Under100seconds
bymvde3000
 
RC6
byZellagui Amine
 
IS Unit 3_Public Key Cryptography
bySarthak Patel
 
The Cryptol Epilogue: Swift and Bulletproof VHDL
byUlisses Costa
 
Cs6701 cryptography and network security
byArthyR3
 
DBMask: Fine-Grained Access Control on Encrypted Relational Databases
byMateus S. H. Cruz
 
Shilpa ppt
byshilpa kanhurkar
 
CRYPTOGRAPHY AND NETWORK SECURITY
byKathirvel Ayyaswamy
 
Tiny encryption algorithm
byFarah M. Altufaili
 
DATA SECURITY WITH AES ENCRYPTION, ELLIPTIC CURVE ENCRYPTION AND SIGNATURE
byMohammed Abdul Lateef
 
Modern Cryptography
byJames McGivern
 
Homomorphic encryption and Private Machine Learning Classification
byMohammed Ashour
 
LDPC Codes
bySahar Foroughi
 
Design And Implementation Of Tiny Encryption Algorithm
byIJERA Editor
 
Computer security module 1
byDeepak John
 
Low power ldpc decoder implementation using layer decoding
byajithc0003
 
Survey on asymmetric key cryptography algorithms
byEditor Jacotech
 
cns 2marks
byilakiyadinesh
 

Similar to Analysis of a Modified RC4

PPTX
RC4 Algorithm4 information security pptx
bybadboiOP
 
PPTX
Fundamentals of Information Encryption
byAmna Magzoub
 
PDF
RSA and RC4 Cryptosystem Performance Evaluation Using Image and Text
byYekini Nureni
 
PPTX
Overview on Cryptography and Network Security
byDr. Rupa Ch
 
PPT
RC4-Basics-Presentation_hill cipher_ceasercipheer.ppt
bysrivisundararaju
 
PPTX
Cryptography-101
byVishal Punjabi
 
PPTX
Cryptography - 101
byn|u - The Open Security Community
 
PDF
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
byeditor1knowledgecuddle
 
PDF
Cryptography for Smalltalkers
byESUG
 
PDF
03-VU-NetSec-Modern-Ciphers all important questions and answers
bySyedSajjadHussainSha7
 
PDF
Colour Based Cryptography
byIRJET Journal
 
PPTX
Different types of Symmetric key Cryptography
bysubhradeep mitra
 
PDF
Analysing space complexity of various encryption algorithms 2
byIAEME Publication
 
PDF
Computer security module 2
byDeepak John
 
PPTX
Cryptography in discrete structure .pptx
byayeshaimtiaz067
 
PPTX
Information and data security pseudorandom number generation and stream cipher
byMazin Alwaaly
 
PDF
Nearest Prime Cipher for Data Confidentiality and Integrity
byEswar Publications
 
PDF
Analysis of symmetric key cryptographic algorithms
byIRJET Journal
 
PDF
Color Cryptography using Substitution Method
byijtsrd
 
PPT
ch4dsjandasndklasmkldnasdnasndasddjsajdjopasjdopsadopasopdkasod
bysathyaparvathi1804
 
RC4 Algorithm4 information security pptx
bybadboiOP
 
Fundamentals of Information Encryption
byAmna Magzoub
 
RSA and RC4 Cryptosystem Performance Evaluation Using Image and Text
byYekini Nureni
 
Overview on Cryptography and Network Security
byDr. Rupa Ch
 
RC4-Basics-Presentation_hill cipher_ceasercipheer.ppt
bysrivisundararaju
 
Cryptography-101
byVishal Punjabi
 
Cryptography - 101
byn|u - The Open Security Community
 
Comparative Analysis of Cryptographic Algorithms and Advanced Cryptographic A...
byeditor1knowledgecuddle
 
Cryptography for Smalltalkers
byESUG
 
03-VU-NetSec-Modern-Ciphers all important questions and answers
bySyedSajjadHussainSha7
 
Colour Based Cryptography
byIRJET Journal
 
Different types of Symmetric key Cryptography
bysubhradeep mitra
 
Analysing space complexity of various encryption algorithms 2
byIAEME Publication
 
Computer security module 2
byDeepak John
 
Cryptography in discrete structure .pptx
byayeshaimtiaz067
 
Information and data security pseudorandom number generation and stream cipher
byMazin Alwaaly
 
Nearest Prime Cipher for Data Confidentiality and Integrity
byEswar Publications
 
Analysis of symmetric key cryptographic algorithms
byIRJET Journal
 
Color Cryptography using Substitution Method
byijtsrd
 
ch4dsjandasndklasmkldnasdnasndasddjsajdjopasjdopsadopasopdkasod
bysathyaparvathi1804
 

More from Tharindu Weerasinghe

PPTX
Professionalism & Industry Expectations from undergraduates
byTharindu Weerasinghe
 
PPTX
Importance of Knowing what you need to Know!
byTharindu Weerasinghe
 
PDF
C Propgramming.pdf
byTharindu Weerasinghe
 
PDF
Basics of Computer Networks in Sinhala
byTharindu Weerasinghe
 
PDF
Data Structures & Algorithms in Sinhala
byTharindu Weerasinghe
 
PDF
Object Oriended Programming in Sinhala
byTharindu Weerasinghe
 
PDF
Tips For A Better Undergraduate Research
byTharindu Weerasinghe
 
PDF
Basics of Block Chain
byTharindu Weerasinghe
 
PDF
Basics of IoT
byTharindu Weerasinghe
 
PDF
REST API Basics
byTharindu Weerasinghe
 
PDF
Cloud Conputing Basics and some Related Research Topics
byTharindu Weerasinghe
 
PDF
Basic Concepts and Trends in Emerging Technologies
byTharindu Weerasinghe
 
PDF
Introcution to EJB
byTharindu Weerasinghe
 
PDF
Introduction to Enterprise Applications and Tools
byTharindu Weerasinghe
 
PPT
Introduction to Agile Software Development & Python
byTharindu Weerasinghe
 
PDF
Agile Languages for Rapid Prototyping
byTharindu Weerasinghe
 
PPTX
Things to ponder before you start building [cooperate] software
byTharindu Weerasinghe
 
PDF
How to make screens and the internet safe for Children
byTharindu Weerasinghe
 
PDF
Different Concepts on Databases
byTharindu Weerasinghe
 
PPTX
A Survey Study on Higher Education Trends among Sri Lankan IT Professionals
byTharindu Weerasinghe
 
Professionalism & Industry Expectations from undergraduates
byTharindu Weerasinghe
 
Importance of Knowing what you need to Know!
byTharindu Weerasinghe
 
C Propgramming.pdf
byTharindu Weerasinghe
 
Basics of Computer Networks in Sinhala
byTharindu Weerasinghe
 
Data Structures & Algorithms in Sinhala
byTharindu Weerasinghe
 
Object Oriended Programming in Sinhala
byTharindu Weerasinghe
 
Tips For A Better Undergraduate Research
byTharindu Weerasinghe
 
Basics of Block Chain
byTharindu Weerasinghe
 
Basics of IoT
byTharindu Weerasinghe
 
REST API Basics
byTharindu Weerasinghe
 
Cloud Conputing Basics and some Related Research Topics
byTharindu Weerasinghe
 
Basic Concepts and Trends in Emerging Technologies
byTharindu Weerasinghe
 
Introcution to EJB
byTharindu Weerasinghe
 
Introduction to Enterprise Applications and Tools
byTharindu Weerasinghe
 
Introduction to Agile Software Development & Python
byTharindu Weerasinghe
 
Agile Languages for Rapid Prototyping
byTharindu Weerasinghe
 
Things to ponder before you start building [cooperate] software
byTharindu Weerasinghe
 
How to make screens and the internet safe for Children
byTharindu Weerasinghe
 
Different Concepts on Databases
byTharindu Weerasinghe
 
A Survey Study on Higher Education Trends among Sri Lankan IT Professionals
byTharindu Weerasinghe
 

Recently uploaded

PDF
Branches of AI – perception, reasoning, learning, and action.pdf
byVyankateshBhaurkar1
 
PPTX
Symmetrical faults in power system .pptx
byRased Khan
 
PPTX
Biological Oxygen Demand (BOD) Numericals-2026.pptx
byChemical Engineering Dept. NIT Rourkela-769008, Odisha, India
 
PPTX
analog communication part two lecture note
byhirutfanta1212
 
PDF
Performance Benchmarking Strategies for AI/HPC/EdgeAI
byDanny Jiang
 
PPTX
Unit II Introduction to C programming ppts
bypawarbhaktiit
 
PDF
lecture notes digital_design_examples.pdf
bygeekcooder2020
 
PPTX
Steam Turbines basicsproperties power plant-1.pptx
byAjitParwani
 
PDF
Java Programming core java and basics concepts
byHarish Khodke
 
PPTX
analog communication part one lecture note
byhirutfanta1212
 
PPTX
The Most Dangerous Asset in Your Plant Is the One You Ignore | CXO Guide to H...
byMaintWiz Technologies Private Limited
 
PDF
Yes, we put AI agents in production. No, don't try this at home
byMarie-Alice Blete
 
PDF
Foundations of AI and ML - Mechanical Engineering Perspectives.pdf
byVyankateshBhaurkar1
 
PPTX
review of transistor circuit and applications
bysophieshuqinghuang
 
PDF
UNIT02_TRE_GEOMETRIC DESIGN.pdf_________
byAaquib Ansari
 
PPTX
1.1 Structure of Materials_Material science.pptx
byDr. Sandip Thorat
 
PPTX
Why Precision Matters CO2 N2 Gas Filling Systems Neometrix
byNeometrix_Engineering_Pvt_Ltd
 
PPTX
High Voltage Direct Current Circuit Breakers.pptx
byJawadAmjad16
 
PPTX
HVAC_Design_Course_Mech_Engineering.pptx
bysabermona665
 
PDF
Flexibility Matrix Method of Analysis- Part B
byDr. Nitin Naik
 
Branches of AI – perception, reasoning, learning, and action.pdf
byVyankateshBhaurkar1
 
Symmetrical faults in power system .pptx
byRased Khan
 
Biological Oxygen Demand (BOD) Numericals-2026.pptx
byChemical Engineering Dept. NIT Rourkela-769008, Odisha, India
 
analog communication part two lecture note
byhirutfanta1212
 
Performance Benchmarking Strategies for AI/HPC/EdgeAI
byDanny Jiang
 
Unit II Introduction to C programming ppts
bypawarbhaktiit
 
lecture notes digital_design_examples.pdf
bygeekcooder2020
 
Steam Turbines basicsproperties power plant-1.pptx
byAjitParwani
 
Java Programming core java and basics concepts
byHarish Khodke
 
analog communication part one lecture note
byhirutfanta1212
 
The Most Dangerous Asset in Your Plant Is the One You Ignore | CXO Guide to H...
byMaintWiz Technologies Private Limited
 
Yes, we put AI agents in production. No, don't try this at home
byMarie-Alice Blete
 
Foundations of AI and ML - Mechanical Engineering Perspectives.pdf
byVyankateshBhaurkar1
 
review of transistor circuit and applications
bysophieshuqinghuang
 
UNIT02_TRE_GEOMETRIC DESIGN.pdf_________
byAaquib Ansari
 
1.1 Structure of Materials_Material science.pptx
byDr. Sandip Thorat
 
Why Precision Matters CO2 N2 Gas Filling Systems Neometrix
byNeometrix_Engineering_Pvt_Ltd
 
High Voltage Direct Current Circuit Breakers.pptx
byJawadAmjad16
 
HVAC_Design_Course_Mech_Engineering.pptx
bysabermona665
 
Flexibility Matrix Method of Analysis- Part B
byDr. Nitin Naik
 

Analysis of a Modified RC4

  • 1.
    International Journal ofComputer Applications (0975 – 8887) Volume 51– No.22, August 2012 12 Analysis of a Modified RC4 Algorithm T.D.B Weerasinghe MSc.Eng, BSc.Eng (Hons), MIEEE, AMIE (SL) Software Engineer IFS R&D International, 363, Udugama, Kandy, Sri Lanka ABSTRACT In this paper, analysis of a simply modified RC4 algorithm is presented. RC4 is the most widely used stream cipher and it is not considered as a cipher that is strong in security. Many alternatives have been proposed to improve RC4 key generation and pseudo random number generation but the thoughts behind this work is to try out a simple modification of RC4’s PRGA, where we can mention like this: Output = M XOR GeneratedKey XOR j After having done the modification the modified algorithm is tested for its secrecy and performance and analyzed over the variable key length with respect to those of the original RC4. The results show that the modified algorithm is better than the original RC4 in the aspects of secrecy and performance. General Terms Symmetric Key Algorithms, Stream Cipher, RC4 KSG, RC4 PRGA Keywords Secrecy of RC4, Modified RC4 1. INTRODUCTION RC4 is the most widely used stream cipher. In open literature there are a lot of modifications done in-order to improve the security and performance level of the particular algorithm. In this research the focus was to slightly alter the Output generation by adding one parameter into the XOR operation. The initial idea behind this change was aroused by the article published online by Likai Liu [7]. The intension behind this concept was to check the secrecy level and performance by doing the particular change and observe the results. Since Shannon’s theories of secrecy of ciphers are not used regularly in the area in Cryptography (in open literature); the idea was to select them as the criterion for secrecy measurement. Performance is analyzed by measuring the encryption time of each cipher. Bo th secrecy and performance are analyzed over the variable key lengths which varied from 64 bits to 1856 bits. (Key lengths of RC4 can vary from 40 bits to 2048 bits). All the algorithms were written in Java as well as the time calculation (in microseconds) and secrecy measurements are also done using two separate Java programs. To generate a random alpha numeric character key, random character generation in Java is used! 2. RC4 ALGORITHM RC4 is the widely used stream cipher. In this section, the original RC4 is described in a nutshell. The following description is illustrated from a research work done by Yassir Nawaz et. al. [1] The RC4 algorithm has of two major parts: The key scheduling algorithm (KSA) and the pseudo-random generation algorithm (PRGA). l - Length of the initial key in bytes N - Size of the array S or the S-box in words. Normally RC4 is used with a n = 8 and array size N = 28 . In the first phase of RC4 operation an identity permutation (0, 1..., N-1) is loaded in the array S. A secret key K (initial key) is then used to initialize S to a random permutation by shuffling the words in S. During the second phase, PRGA produces random words from the permutation in S. An iteration of the PRGA loop produces one output word that constructs the running key stream (generated key stream). The keystream is bit-wise XORed with the plaintext to obtain the ciphertext. [1] for i = 0 to (N-1) S[i] = i; j = 0; for i = 0 to (N-1) j = (j + S[i] + K[i mod l]) mod N; swap (S[i], S[j]) i = 0, j =0; Output Generation Loop: i = (i+1) mod N; j = (j+S[i]) mod N; swap (S[i], S[j]); Output = S[(S[i] + S[j]) mod N]; The general structures of KSA and PRGA are shown in the above figrue. The original RC4 can be illustrated as follows because n = 8 and N = 28 (256) KSA: for i = 0 to 255 S[i] = i; j=0 for i = 0 to 255
  • 2.
    International Journal ofComputer Applications (0975 – 8887) Volume 51– No.22, August 2012 13 j = (j+S[i]+K[i mod l]) mod 256; swap S[i] and S[j]; PRGA : i = 0, j=0; for x = 0 to L-1 i = (i+1) mod 256; j = (j+S[i]) mod 256; swap S[i] and S[j]; GeneratedKey = S[ (S[i] + S[j]) mod 256] ; Output = M[x] XOR GeneratedKey; Where ‘M’ is the plain text message and ‘L’ is its length. [4] 3. MODIFIED RC4 Here is the pseudo code of the modified RC4: KSA: for i = 0 to 255 S[i] = i; j=0 for i = 0 to 255 j = (j+S[i]+K[i mod l]) mod 256; swap S[i] and S[j]; PRGA: i = 0, j=0; for x = 0 to L-1 i = (i+1) mod 256; j = (j+S[i]) mod 256; swap S[i] and S[j]; GeneratedKey = S[ (S[i] + S[j]) mod 256] ; Output = M[x] XOR GeneratedKey XOR j; Where ‘M’ is the plaintext message and ‘L’ is its length. [4] 4. SECRECY OF CIPHERS 4.1 Definitions related to secrecy Entropy: Entropy of a message X, called H(X), is the minimum number of bits needed to encode all possible occurrences (meanings) of the message, assuming all messages are equally likely. [5]  Entropy of a given message X is defined by the weighted average: n H(X )  P(xi )log P(xi ) 1 Uncertainty: Uncertainty of a message is the number of plaintext bits that must be recovered when the message is scrambled in cipher text in order to learn the plaintext. The uncertainty of a message is measured by its entropy. [5] Higher the number of bits, higher the uncertainty. Equivocation: Equivocation is the uncertainty of a message that can be reduced by given additional information. [5]  Equivocation is the conditional entropy of X given Y: HY (X )  {X ,Y}P(X ,Y)log2[PY (X )] HY (X )  {Y}P(Y ){X}PY (X )log2[PY (X )] Secrecy of ciphers: Secrecy of a cipher is calculated in terms of the key equivocation Hc (K) of a key K for a given cipher text C; that is the amount of uncertainty in K given C: [5] Hc (K)  {C}P(C){K}Pc (K)log2[Pc (K)] Note: This is the equation used in the secrecy calculation in this research and it was used in some of my previous work [2], [3] and all the above definitions were derived from theories of Shannon related to entropy and secrecy. Claude Elwood Shannon [April 30, 1916 – February 24, 2001] is called the Father of Information Theory. All the above equations/definitions are illustrated from the lecture notes of Dr.Issa Traore of the University of Victoria, British Columbia, Canada. URL: www.ece.uvic.ca/~itraore/elec567-04/notes/elec6704- 6-2.pdf 4.2 Calculation of the secrecy of ciphers How the calculation is done in the program:  Consider the highlighted part first: That is the entropy of K given the relevant cipher. (This cipher has come due to this key) o Calculate how often each key byte has appeared in the key. o And then calculate the probability of each byte appears (given the cipher) in the key and get the summation of Pc(K) * log2Pc(K).  Then consider the other part: Calculating P(C) and the summation. o Calculate how often each cipher byte has appeared in the cipher text. o And then calculate the probability of each byte appears in the key and get the summation (for all possibilities of the cipher bytes). This cipher is related to the above key; i.e. this cipher is obtained by encrypting plain text with the above key. Then get the multiplication of the highlighted part and
  • 3.
    International Journal ofComputer Applications (0975 – 8887) Volume 51– No.22, August 2012 14 P(C) is calculated and finally the summation of all possibilities is calculated. 5. RESEARCH METHOD 5.1 Method for analyzing secrecy This is done in two categories. 1. With a variable key length. (then the input text is fixed; considered as a password) 2. With a variable data size. (then the key size is kept fixed – 128 bits) Category 1: Secrecy values of ciphertexts related to different key lengths ranging from 64 bits to 1856 bits are obtained and the average value is calculated. For each key length, to normalize the results, experiment is carried-out for 100 random keys. For example, if you consider a 64 bit key, then required values are taken for 100 different 64 bit keys. Here, the input is a constant/fixed value as the variable is the key length. After calculations the comparison of the average secrecy values of both RC4 and modified RC4 ciphertexts is possible, over the length of the random key. Used input: #THARINDU_WEERASINGHE# Thus, the secrecy analysis is done in the first category! Category 2:  In this category the key length is fixed. (128 bits) Data size has been varied from 10 KB to 100KB. Here, at each instance the input is given as a text file containing alpha numeric values. 5.1.1 Java method to calculate secrecy: [6] public static double calculateSecrecy(byte[] key, byte[] cipher, int start) { final double p_k = 1.0 * countedKey[i] / key.length; final double p_c = 1.0 * countedCipher[i] / cipher.length; if (p_k > 0) { entropy += p_k * log2(p_k); secrecy += -p_c * entropy; } } return secrecy; } 5.2 Method for analyzing performance This is also done in two categories. 1. With a variable key length. (then the input text is fixed; considered as a password) 2. With a variable data size. (then the key size is kept fixed – 128 bits) Category 1: The encryption times (in microseconds) for different key lengths (64 bits to 1856 bits) are measured and the normalization is done similarly as in the secrecy analysis. By comparing the average encryption times of both RC4 and modified RC4 over the length of the random key, the performance analysis is done! Category 2:  In this category the key length is fixed. (128 bits) Data size has been varied from 10 KB to 100KB. Here, at each instance the input is given as a text file containing alpha numeric values similarly as in the secrecy analysis. Encryption time is measured under the above normalization mechanism. double entropy = 0; double secrecy = 0; final int[] countedKey = countByteDistribution(key, start, key.length- 1); final int[] countedCipher = countByteDistribution(cipher, start, cipher.length-1); for (int i=0;i<256;i++) { 5.3 Method of generating the initial key With the help of java.security.SecureRandom and java.math.BigInteger, streams of random alphanumeric characters are generated. Example code: new BigInteger(40, random).toString(32); Need to change the first parameter of the BigInteger according to the required key length in bytes. E.g. If you need a random key having a length of 40bytes then you need to input 200 there. See below for the example: new BigInteger(200, random).toString(32);
  • 4.
    International Journal ofComputer Applications (0975 – 8887) Volume 51– No.22, August 2012 15 Key Length/Bits Average Encryption Time of RC4/ µs Average Encryption Time of modified RC4/ µs 64 101.4 97.3 320 84.1 74.2 576 85.7 76.5 832 88.2 78.7 1088 90.8 76.1 1344 91.1 77.6 1600 83.1 76.3 1856 85.1 80.3 5.4 Method of analyzing the overall results The idea behind the research was to modify the existing RC4 algorithm in order to check how it responds towards the secrecy of the cipher generated as well as the overall performance of the algorithm. Since the secrecy calculation is hardly used to evaluate security level of a cipher in open literature, the focus was to check the secrecy of the generated cipher text in order to evaluate the modified algorithm over the original one! The variation of the secrecy over the different key sizes is studied to give the result of the research with respect to the secrecy. Initial thought (prior to the outcome) was the secrecy level of the modified cipher should be higher than that of the original cipher because the modification leads to an additional operation. The average secrecy is calculated by running the Performance is measured by calculating the average encryption time. All the tests were carried out in a machine which has the following configuration:  Intel® Core™ i3 CPU, M370 @ 2.40 GHz  1.86 GB usable RAM  MS Windows 7 Home Basic (32 bit) 6. RESULTS AND ANALYSIS Table 1. Average Secrecy Value Vs Key Length Fig 1: Average Secrecy Value Vs Key Length Table 2. Average Encryption Time Vs Key Length Key Length/Bits Average Secrecy of RC4 Average Secrecy of modified RC4 64 0.032519153 0.021913237 320 0.110192092 0.153905248 576 0.180718271 0.190528341 832 0.15384488 0.198225548 1088 0.148745008 0.204488399 1344 0.178802549 0.176788808 1600 0.1718984 0.219518034 1856 0.191389199 0.22001954 Fig. 2: Average Encryption Time Vs Key Length
  • 5.
    International Journal ofComputer Applications (0975 – 8887) Volume 51– No.22, August 2012 16 Data Size/KB Average Encryption Time of RC4/ µs Average Encryption Time of modified RC4/ µs 10 2272 2146 20 4791 4059 30 6600 6393 40 7417 7173 50 8191 8227 60 9959 9351 70 9717 9616 80 10507 10389 90 11490 11777 100 12153 11997 Table 3. Average Secrecy Value Vs Data Size Data Size/KB Average Secrecy of RC4 Average Secrecy of modified RC4 10 0.2032 0.2021 20 0.20658 0.20756 30 0.2016 0.20127 40 0.20759 0.2125 50 0.20879 0.2145 60 0.20333 0.20656 70 0.21173 0.21416 80 0.20387 0.2033 90 0.20134 0.20418 100 0.2029 0.20557 Fig. 3: Average Secrecy Value Vs Data Size Table 4. Average Encryption Time Vs Data Size Fig. 4: Average Encryption Time Vs Data Size 7. CONCLUSIONS AND FUTURE WORK Conclusion with respect to password type inputs: As shown by the Fig 1, modified RC4 has better average secrecy than that of the original RC4. Both curves does not have smooth variation because of the limited number of samples, 100 to be précised (sample keys) taken for the experiment. But if we can test this for larger number of sample then the curve will have a smooth variation. If this is further explained if we take one instance of the experiment: consider the initial key length is 40 bits then we do have 2^40 number of possible keys. If we are to take the average secrecy of the instance where we have the key length of 40 bits then we need to get the secrecy values for all 2^40 keys which is unrealistic. So, in this research 100 sample keys are considered. (For measuring both secrecy and performance) As far as the performance is concerned, the modified RC4 has the upper hand of the original RC4. By looking at the graph shown in the Fig 2, it is proved that the modification has lead to decrease the encryption time; hence the higher performance is achieved. Conclusion with respect to the input messages that have larger data sizes: As depicted in Fig. 3 the secrecy of the modified RC4 against the data size is more often than not, higher than that of original RC4. But again the measurements and calculations are done for 100 different keys (note: in this experiment the key size is taken as the most common size used 128 bits) and the curve could have been smoother if the numbers of samples are higher. (E.g. 10000 samples) When it comes to the performance, it is obvious that the ‘modification’ has improved the performance (refer: Fig.4) General conclusion: Thus, a conclusion can be made upon the evident results, as the simple modification has done an enormous improvement of the RC4 (regardless of the limited number of samples taken – even for the limited number of keys modified RC4 gave good results, thus it is clearly obvious that if more samples were taken the results could have been much better. So, the simple modification in made RC4 to give better secrecy and performance simultaneously. Suggested future work: Same known plaintext attack for the modified RC4 and original RC4 and evaluate the tolerance levels.
  • 6.
    International Journal ofComputer Applications (0975 – 8887) Volume 51– No.22, August 2012 17 REFERENCES [1] Yassir Nawaz and Kishan Chand Gupta and Guang Gong. 2005. A 32-bit RC4-like Keystream Generator. In Cryptology ePrint Archive: Report 2005/175. [2] T.D.B Weerasinghe. 2012. Analysis of a Hybrid Cipher Algorithm for Data Encryption. In IFRSA’s International Journal of Computing, VOL.2 No.2, 397-401 [3]T.D.B Weerasinghe. 2012. Secrecy and Performance Analysis of Symmetric Key Encryption Algorithms. In IAES International Journal of Information and Network Security, VOL.1 No.2, 77-87 [4] Allam Mousa and Ahmad Hamad. 2006. Evaluation of the RC4 Algorithm for Data Encryption. In International Journal of Computer Science and Applications, VOL.3, No.2, 44-56 [5] Lecture notes of Dr.Issa Traore of the University of Victoria, British Columbia, Canada, related to secrecy of ciphers. URL: www.ece.uvic.ca/~itraore/elec567- 04/notes/elec6704-6-2.pdf [6] http://web17.webbpro.de/index.php?page=entropy [7] http://lifecs.likai.org/2011/12/evaluating-rc4-as- pseudo-random-number.html