Oxford Brookes University

ASSESSED COURSEWORK

School of Technology

TO BE COMPLETED BY STUDENT(S) Department: Module No: School of Technology P00011 Module Title: Assignment Title or No: Research and Study Methods Mini Project

If this is a group assignment, please enter all group members nos., names, and if relevant, group no. or name.

Student No(s): 09099225

Student Name(s): (Surname , first name) Bempenis, Michail

Group:

Statement of Compliance: We declare that the work submitted is our own and that the work we submit is fully in accordance with the University regulations regarding assessments (see overleaf). Student Signature(s): signed MB Date: 25 Nov 2009

TO BE COMPLETED BY SCHOOL Received by: Date Received by School:

Markers Name:

Markers Signature:

Weighting of this assignment as a % of the whole module: Areas of achievement:

Areas for further development:

Grade / mark (unmoderated):

Date:

FORM: LT1 Assessed Coursework Coversheet

Version: September 2009

Oxford Brookes University ASSESSED COURSEWORK

School of Technology

Module Number: Project Title:

P00011 Data security for Wireless Communication Systems: A study of various popular crypto algorithms and their suitability. - This topic should cover various popular crypto algorithms based on block, stream, and public key ciphers and their suitability for mobile communication devices in terms power, speed of operation, chip area requirement, reliability, etc. This should include techniques based on, for example, ECC, RSA, AES, Kasumi, etc.

Student Name: Student Number: Proposed by:

Bempenis Michail 09099225 Dr. Abusaleh Jabir

Date of submission: 25 November 2009

Oxford Brookes University ASSESSED COURSEWORK

School of Technology

Abstract
In our days Nowdays/Recent trend suggests, it is crystal clear that security issues are becoming an everyday worry for a wide group of electronic systems that control, store, access and communicate important and sensitive data. In recent years the role of wireless communication systems has broadened significantly and the total knowledge dealing with them has grown a great deal as well. However, security policies for wireless systems need to focus attention to additional areas that are not always addressed for wired systems, because of the special characteristics make wireless systems distinguish from any other electronic systems. In this study, the main issues for security applied on communication systems are reviewed in the context of satisfaction of security requirements and provision of security services being available to mitigate the potential threats for any kind of network. Additionally, cryptographic algorithms -the core of security systems are discussed, their major categories are listed, the most popular ciphers as of block, stream and public key ones are described in detail with figures, as well as many evaluations in terms of power, speed of operation, chip area requirement and reliability are illustrated. With a lot of security approaches for wireless systems have been suggested till now, potential improvements of security for wireless devices with low processing power and small size and memory capacities are more than challenging in our days.
Para. 3 Para. 2 Para. 1 wordy=

Oxford Brookes University ASSESSED COURSEWORK

School of Technology

Table of Contents
1. Introduction... 1 2. Fundamentals.....1 2.1 Security requirements... 1 2.2 Basic Terminology....... 2 2.3 Security Services...... 2 3. Cryptographic Algorithms... 3 3.1 Asymmetric key algorithms..... 3 3.2 Symmetric key algorithms....4 3.2.1 Block and Stream ciphers....... 4 3.3 Hash algorithms....7 4. Suitability of cryptographic algorithms.. 7 4.1 Hardware and software implementation...... 8 4.2 Power management.. 8 5. Conclusions.... 11 References... 12

Oxford Brookes University ASSESSED COURSEWORK

School of Technology

List of Abbreviations
AES DES DH DSA ECC MAC RC4 RSA SHA SSL WEP 3DES 3G Advanced Encryption Standard Data Encryption Standard Diffie-Hellman Digital Signature Algorithm Elliptic Curve Cryptography Message Authentication Code Rivest Cipher 4 Rivest, Shamir and Adleman Secure Hash Algorithm Secure Sockets Layer Wired Equivalency Protocol triple-Data Encryption Standard Third Generation

Oxford Brookes University ASSESSED COURSEWORK

School of Technology

1. Introduction

Does not contain an overview the article. Organization of the paper/report/article..

The very last years Recently/In recent years, wireless systems technology, which actually coexists with, extends, and even competes with wired communication services, has provided high quality connectivity and communication services with previously unknown flexibility and mobility characteristics. However the commercialization of wireless communications resulted in the rise of the potential for adversarial interactions, which are motivated by various harming concerns. In the modern business world for example, vital information needs to be exchanged between parties for the successful completion of a transaction and current business practices are dependent on extensive use of computers and the Internet. In response to the rise of security problems, the technical community has developed a collection of basic technologies for addressing network security. Many of the same problems, design approaches, and even protocols that have been developed for wired network security can be applied to wireless network security too, in a way that it could simply be considered as a subtopic of general network security. On the other hand, cryptographic algorithms are still troublesome for wireless systems because of kind of difficulties in their implementation. Many scientists believe that a number of cryptographic algorithms have been proven unsuitable for wireless systems devices -especially for handheld devices, because these devices operate in a different way and their specific limitations as of power consumption and chip area requirements for example, affect a great deal the network security features. The impact of those parameters on existing security systems should not be disregarded as many studies for this topic have been developed and apparently will be discussed on the following paragraphs of this study.

2. Fundamentals
2.1 Security requirements
The objective of communication security, which wireless systems should satisfy as well, is the preservation of the three following principles [4]: Confidentiality: the communication data are only released to authorized parties of the network. Integrity: the data in the communication process retain their completeness and are not able to be modified by any unauthorized party.
1

Oxford Brookes University ASSESSED COURSEWORK

School of Technology

Availability: authorized parties are allowed timely access and adequate bandwidth to access the data.

2.2 Basic Terminology

Plaintext is the initial message or initial data to be encrypted. Its form is understandable by all every parties [2]. Ciphertext is the text produced as a result of encryption process. Its form is secret for everybody other than the valid communicating parties [2]. Encryption: the process which through implementation of a cryptographic algorithm and the use of cryptographic material (mainly cryptographic keys) transforms the plaintext to ciphertext [2]. Encryption or cryptographic algorithm is the formula that performs the necessary transformations so that the plaintext to be encrypted [2]. Decryption: the inverse procedure than that encryption performs [2]. Cryptographic key is the main part of the provisioned cryptographic material that is typically used for the cryptographic algorithm. Key or keys are strictly delivered to the legitimate communicating parties only [1]. Security protocol: includes a formal sequence of steps to be followed by two or more parties of a network and decides which encryption algorithms should be used, so that security services to be carried out successfully [2].

2.3 Security Services

Security services or security objectives have been developed to counter the potential threats against the security system. They have many uses in general network security and are an important part of wireless network security. The three main categories are traced as follows [1]: Data origin authentication or integrity protection ensures that the receiver of a message is able to ascertain that the received message originated from an authorized party as well as that its contents were not changed during transmission. Confidentiality protection is the most popular security service. Confidentiality protection allows the sender party to know that only a designated receiver and

Oxford Brookes University ASSESSED COURSEWORK

School of Technology

not any unplanned eavesdropper is able to read the contents of the message it sent. Replay protection ensures that undesirable replaying of previous messages can not be committed. Sequence of replayed messages captured during a legitimate transaction can block the receiver partys processing, so that receiver to refuse services to legitimate parties.

3. Cryptographic Algorithms
As it has already been mentioned above, cryptographic algorithms require cryptographic material in order security services to be provided successfully. Generally, both communicating parties possess and use in common cryptographic keys which management over the time is one of the most significant and complex field of security procedure for wireless systems [1]. Cryptographic algorithms usually define the security characteristics of the key management system, but at the same time they can be roughly divided, depending on the number of keys are used during the encryption process, into two main types which will be discussed comprehensively in the following paragraphs [1], [3].

3.1 Asymmetric key algorithms

Public key or asymmetric algorithms use different keys, especially a pair of keys, namely public key and private key for encryption and decryption, respectively [2], [3]. In order asymmetric algorithms to be performed, confidential material is not required to be transmitted as well as disposal in advance of secret material to the both parties. Instead, communicating parties originate a pair of keys, one private not available to any other party and one public, which is not confidential and can be transmitted through open links of the network to the communicating parties [1]. They are not based on simple operations with bits as symmetric algorithms do, but on tough computational mathematical functions -namely algorithmical [3]. Furthermore, it is noted that asymmetric key algorithms are widely developed for data origin authentication services and key delivery/exchange purposes [1]. The most typical examples asymmetric key algorithms are discussed above:

Oxford Brookes University ASSESSED COURSEWORK

School of Technology

Rivest, Shamir and Adleman (RSA) is the most popular of the category and is based on the difficulty of integer resolving [2], [7]. It is usually used to secure wed traffic and e-mail in the Secure Sockets Layer (SSL) protocol [7]. Diffie-Hellman (DH) is based on that of the discrete logarithm problem in integer fields [2]. Elliptic Curve Cryptography (ECC) algorithm is based on difficulty of solving the discrete logarithm problem in integer fields. Related to RSA algorithm, ECC achieves better storage efficiencies, lower power consumption, higher speed and security per key bit. These advantages explain why ECC is used in mobile devices which processor power, energy availability, bandwidth, and storage are limited [7].

3.2 Symmetric key algorithms

Conventional, shared, secret key or symmetric algorithms use the same key on both encryption and decryption process [2], [3]. The key is a high entropy random bit cryptographic pattern that is combined with the plaintext to produce the ciphertext [1]. The key should be kept secret from all other parties except from the communicating ones. In case of its revelation, the eavesdropper unfortunately will be able to perform the identical cryptographic operations that had been considered to be performed only by the legitimate parties [1]. Consequently, the not-legitimate party could play the role of a legitimate one, or to decrypt encrypted messages legitimate parties sent. Last but not least, it is noted that symmetric algorithms are mainly used to provide confidentiality protection services [2]. 3.2.1 Block and Stream ciphers

Further division of symmetric algorithms can be achieved considering the way the cryptographic algorithm processes the plaintext, either bit by bit or block by block. So, the two basic subcategories are presented below, as well as the most typical examples are discussed above: Block ciphers In this case, fixed-size plaintext blocks considered as input are encrypted into ideally equal ciphertext fixed-size blocks considered as output. Additionally, the process

Oxford Brookes University ASSESSED COURSEWORK

School of Technology

requires the data to be passed through sequence of operations which are usually called rounds [2]. They are more popular than stream ciphers, are used in many Internet standards as well as 3G mobile communications and last but not least they constitute fundamental building blocks for wireless internet security [1]. Advanced Encryption Standard (AES) algorithm can use independently 128, 192 or 256 bits either for input-output or keys. Figure 1 above illustrates its structure on encryption and decryption procedure, and Figure 2 its block diagram respectively [7].

Figure 1: AES cipher structure [7]

Oxford Brookes University ASSESSED COURSEWORK

School of Technology

Figure 2: Block diagram of AES [7]

Kasumi is the base cipher for data origin authentication and confidentiality services of Third Generation (3G) mobile communications. Kasumi encrypts blocks of 64-bits and uses 128-bit key with eight operation rounds [4], [7]. Figure 3 illustrates an indicial block diagram of Kasumi algorithm [7].

Figure 3: Block diagram of Kasumi argorithm [7]

DES algorithm operates on 64-bit block of data, uses a 56-bit key and there are sixteen rounds of identical operations [7]. If the DES
6

Oxford Brookes University ASSESSED COURSEWORK

School of Technology

operation is performed three consecutive times the algorithm referred as 3-DES, the security level increases, but on the contrary, the performance reduces because 48 round operations are required. Figure 4 illustrates the block diagram of DES algorithm [7].

Figure 4: Block diagram of DES algorithm [7]

Stream ciphers

The plaintext is transformed to ciphertext on a bit-by-bit or byte-by-byte basis. There are used in cases where buffering is very limited or when incoming traffic is processed on a byte-by-byte basis [1]. There are not detailed internet standards for stream ciphers but on the other hand they are specialized and usually provided under particular requirements [1]. Rivest Cipher 4 (RC4) is the most popular cipher of this category. It is used in many protocols (SSL, WEP) and is characterized for its high speed in software and its simplicity [8].

3.3 Hash Algorithms

A cryptographic hash function is actually a noninvertible function that maps the bytes in a message to a unique message digest. When a shared key is an argument to the function in addition to the bytes of the message, a cryptographic hash function is often called a keyed hash. A message digest formed using a keyed hash from both the message and a secret key shared between two parties is called a message

Oxford Brookes University ASSESSED COURSEWORK

School of Technology

authentication code (MAC), which are developed a great deal in Internet security protocols for data origin authentication [1]. Secure Hash Algorithm-1 (SHA-1) is one of the most common hash functions in Internet security protocols. It is used for example to calculate message digests and for several other applications. Finally, it is noted that in order a SHA-1 message digest to be calculated only the bits of the message are required and not any kind of key [1].

4. Suitability of cryptographic algorithms

The various above-mentioned cryptographic algorithms can achieve and provide similar security functionalities and services respectively. However, the difficulties in implementation of cryptographic algorithms on wireless communication devices maintain their selection as an open issue. For this reason in this section, their suitability is being evaluated in terms of some vital characteristics for mobile communication devises, as those of power consumption, hardware area requirements, speed of operation and reliability.

4.1 Hardware and Software Implementation

On one hand, cipher implementations in hardware are highly suggested, because software solutions may be easier but not acceptable for real time, high-speed and lowpower consumption applications in wireless communication devices [5], [7]. On the other hand, many researchers suggest solutions in software, because the huge amount of calculations of cryptographic algorithm require extra chip area for hardware, not usually available on mobile or handheld devices for example [5]. Considering existing literature and many studies accumulated so far to evaluate the various algorithms, the following outputs could be argued: In terms of hardware, stream ciphers for example have usually simpler circuitry and consequently lower chip area requirements [1]. In terms of software, 3DES algorithm for example is slow for software implementations related to DES and other block ciphers. This characteristic actually constitutes the main drawback of 3DES ciphers, as well.

Oxford Brookes University ASSESSED COURSEWORK

School of Technology

In terms of speed of operation, stream ciphers seems to be faster than block ciphers [1], asymmetric algorithms tend to require more complex arithmetic processing and to be considerably slower than symmetric key algorithms [1]. Additionally, RC4 is a good choice of algorithm for high speed applications, because of its high speed operation and good performance [2]. Last but not least, it is noted that ECC algorithm achieves higher speed than that of RSA algorithm [7].

4.2 Power management

Many studies have been carried out in the field of wireless communication energy management, especially of the power consumed by a handheld device. This is normal if we take into consideration the high scale variations recorded in power consumed by cryptographic algorithms of the same category. Generally, it can be noted that energy consumed by these devices is a function of the size of data transmitted, and the security level of the service as illustrated for example in Figure 5 [6].

Figure 5: Energy consumed by secure wireless data transmission of 64KB data using (a) DES and (b) 3DES encryption [6]

Furthermore, Figure 6 illustrates power consumption for various symmetric algorithms as a result of a specific study [2], from where the following observations have been derived from and are discussed above: RC4 is a good choice of algorithm for high speed applications, but its energy cost it relatively high to AES algorithm for example. AES algorithm offers a good combination of security and energy efficiency (both key setup and encryption).
9

Oxford Brookes University ASSESSED COURSEWORK

School of Technology

Figure 6: Power consumption for various symmetric algorithms [2]

Additional outcomes related to the power consumption from different studies are presented above [2], [6]: Power consumed by AES algorithm in software is five times less than that is required by 3DES [6], as illustrated in Table 1.

Encryption software implementation 3DES (192-bit) Energy/bit (J) Throughput (Mbps) 0.3349 4.976 128-bit 0.0666 25.963 AES 192-bit 0.07 24.58 256-bit 0.075 24.1

Table 1: Energy consumed by optimized software implementations of 3DES and AES encryption [6]

The amount of power required for symmetric algorithms performance is not critically affected by the size of the key, contrary to that of asymmetric algorithms [2]. Table 2 illustrates the energy consumption of the AES algorithm for various key sizes.

Key size (bits)

Key setup (J)

10

Average power of various operating modes (J/B)

Oxford Brookes University ASSESSED COURSEWORK

School of Technology

128 192 256

7.83 7.87 9.92

1.59 1.9075 2.0725

Table 2: Energy costs of AES variants [2]

The amount of energy consumption of symmetric algorithms is related to the key-setup cost. The level of security services provided by a cryptographic algorithm can be compromised for power supplies by the key size and number of rounds. Particularly, symmetric algorithms are the best example of this trade-off philosophy [2].

ECC algorithm achieves lower power consumption than that of RSA algorithm [7].

Last but not least, potential solutions suggested by many researchers so that wireless devices to reduce the power levels consuming during encryption procedure include adapting communication according to the application requirements, regulating of energy used by the mobile transmitter during active communication, alterations between different modes of operation, and finally delaying of unit operation during idle periods [6].

5. Conclusions

Well written

In this study the basic concepts and characteristics of security for communication systems have been discussed. An interesting start to design a reliable security system is to designate the security services that are basically required and then to evaluate the cryptographic algorithm and material that their implementation will provide the security requirements. In addition to all above-mentioned, we examined the basic cryptographic algorithms suitability for mobile communication devices in relation to their limitations (energy, speed of operation, hardware and software) and reached the following conclusions:
bullet 1.High scale variations in power consumption are recorded between points

cryptographic algorithms of same category. 2. Performance of asymmetric algorithms consumes the highest amount of power in relation to other algorithms, i.e sometimes five times more than that

11

Oxford Brookes University ASSESSED COURSEWORK

School of Technology

symmetric ones consume. On the contrary, hash algorithms require the lowest amount of power. 3. The amount of power required for symmetric algorithms performance is not critically affected by the size of the key. On the contrary, asymmetric algorithms power consumption is highly related to the key size. 4. The level of security services provided by a cryptographic algorithm can be compromised for power supplies by parameters as the key size and number of rounds. 5. Asymmetric algorithms have generally lower performance in term of speed of operation, and 6. Last but not least, stream ciphers seem to be faster than block ciphers as well as they have usually simpler circuitry and consequently lower chip area requirements. Furthermore, we did not omit to present a number of interesting suggestions submitted by researchers and constitute potential solutions (e. g scalable encryption) to wireless devices limitations, as well as future work for study in the field of cryptographic algorithms.
Words: 2884 (figures, tables and reference list are not included)

References
1. Kempf, J. Wireless internet security. Architecture and Protocols. New York: Cambridge University Press, 2008. 2. Potlapally, N. et all. A study of the Energy Consumption Characteristics of Cryptographic Algorithms and Security Protocols. IEEE Transactions on Mobile Computing 5 (2), 2006, pp.128 142. 3. Gritzalis, S. Basic Cryptographic Topics. Samos: University of Aigaon, 2002. 4. Giannattasio, G. et all. A guide to the Wireless Engineering Body of Knowledge. New Jersey: John Wiley and Sons, 2009. 5. Sklavos, N. Zhang, X. Wireless Security and Cryptography. Specifications and Implementations. Boca Raton: CRC Press, 2007. 6. Karri, R. Mishra, P. Minimizing Energy Consumption of Secure Wireless Session with QoS Constraints. Proceedings, IEEE International Conference on Communication, New York, 2002. 7. Howon, K. Sunggu L. Design and Implementation of a Private and Public Key Crypto Processor and its Application to a Security System. IEEE Transactions on Consumer Electronics 50 (1), 2004, pp.214-224.
12

Oxford Brookes University ASSESSED COURSEWORK

School of Technology

8. RC4. Wikipedia. Available at: http://en.wikipedia.org/wiki/RC4 (Accessed: 23 November 2009).

Bibliography
Stallings, W. Cryptograpgy and Network Security. USA: Person Education, Inc, 2006.

13