# Cryptographic Protocols For Uob Computer Science Essay

Published:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Cryptography can be termed to be the art and science of encrypting data, using deception and mathematics to hide and/or scrabble data, in order to make such data unintelligible and unaltered during transmission from one point to the other. It has become one of the most vital feature of our networks as security of data during transmission has become the most critical requirement of any network system. This paper presents a critical evaluation and analysis of the cryptographic protocols that can be implemented to secure a UoB Manufacturing Limited's network system.

Keywords: UoB, Cryptography, Encryption, Decryption, Cryptosystem, Key, Network, Protocols.

Overview

Taking a decision on the encryption standard to adopt for a business organization's network system requires a good understanding of the data security requirements of such organization, its network layout and configurations. The decision maker must also know in depth the various encryption standards that exist and the key criteria for adopting any of them. These are precisely, the goals and objective of this paper.

This paper is developed to enable UoB Manufacturing Limited, otherwise known as UoB, choose the most suitable encryption standard for its network system. It reveals most of the encryption algorithms and standards used today and highlights their features, advantages and disadvantages. It matches what is understood to be UoB data security requirements with the criteria for choosing any of these encryption standard, thereby serving as a knowledge base for the IT staff of UoB to make a proper and informed decision on the most suitable cryptographic protocol to adopt.

The next chapter, Chapter three, introduces the basic concepts of cryptography, the types and methods of encryption. It also reveals what determines the strength of a cryptographic system and the criteria for choosing an encryption standard. The chapter is concluded by analyzing UoB networks and its data security requirements.

Chapter four thoroughly gives an in-depth analysis of various kinds of cryptographic standards that can be adopted by UoB. It reveals their strong and weak points as well as the pros and cons of adopting them into the UoB network system.

It is important to note that the rules, conclusions and recommendations in this document should not serve as a dogma for UoB technical staff. The decision of what to adopt will be left entirely to UoB after the expected analysis and due diligence required have been carried out. However, all information required by UoB to make a proper and informed decision will be included in this the document.

Introduction

The choice of a cryptographic protocol for a UoB's network system can be made only after a careful analysis of various cryptosystems commonly and currently in use at present. This analysis should expose the strong and weak points of cryptographic mechanisms under consideration as well as best method of implementation. Findings from this analysis are then matched with the data security requirements of UoB's network system to fully determine a cryptographic protocols suitability.

A cryptosystem is the fusion of all cryptographic components that are required for encryption and decryption to take place. These components include, the hardware and/or software, protocols, algorithms and keys. These components work together in tandem to transform any plaintext to ciphertext, and ensure these ciphertext remains intact during transmission until it reaches its destination when it is then transformed back to a plaintext. Thus, the strength of an encryption method comes from the algorithm, secrecy of key generation and management, the length of the key, the initialization vectors and essentially, how they all work together within the cryptosystem (Henry K, 2004, p. 669).

UoB's network systems requires a cryptographic protocol that can provide the following services;

Confidentiality: Ensures only authorized entities can have any sort of access to the information being processed. Unauthorized entities do not have access

Integrity: Ensures information remains unaltered throughout the transmission cycle.

Authentication: Ensures verification of entities that creates and decipher the information

Authorization: Ensures an individual is given the right and access levels to information being processed only if his identity has been proven.

Non-repudiation: Ensures the sender of information being process cannot deny sending the message.

Analysis of various cryptographic methods must seek to determine how well each of them can support and manage these services. And in addition to the analysis of strength of these method forms the approach to how well we can determine a cryptographic protocol suitability for UoB's Network System.

## Definitions and Concepts

There are various types of cryptographic methods, commonly used today that can be critically reviewed for UoB's network systems adoption. These methods, can be broadly categorized into Symmetric and Asymmetric cryptography. These are also referred to as Secret Key and Public Key cryptography respectively.

In a network system, transmitted data are encrypted and decrypted using an encryption algorithm. The algorithm generates keys (Cryptovariables) which are used to encrypt data by combining key bits with the data bits. The longer the number of bits a key has the more the number of possible combinations of bits which is what makes it difficult to decode. Symmetric encryption uses only one key to encrypt and decrypt data while asymmetric encryption use two different keys, one for encryption and the other for decryption.

The symmetric encryption can also be sub divided to Stream ciphers and Block Ciphers. Stream Ciphers are encryption method that involves data been encrypted bit by bit. While Block Ciphers does its encryption by breaking plaintexts into blocks of data before encryption. Both use the exclusive or operations.

The following are the list of symmetric algorithms that we will be analyzing for UoB's network system;

RC2

RC4

RC5

RC6

AES (Advanced Encryption Standard)

DES (Digital Encryption Standard)

Triple DES

WEP

WPA

The Asymmetric algorithms under review will be as follows;

RSA

Diffie-Hellman

ElGamal

These lists include techniques developed by Ron Rivest, who have made a lot of personal contributions and also worked with teams of individuals in developing cryptographic techniques that span through different types. His techniques include RC2, RC4, RC5 and RC6 for the symmetric ciphers and RAS for asymmetric ciphers. Thus, analysis of each of these techniques will be carried out in the following chapter.

## CRYPTOGRAPHIC MECHANISMS

## Symmetric Techniques

## Asymmetric Techniques

## Protocols

## Common Application

## Type

## Inventor

## Protocols

## Common Application

## Type

## Notes

RC2

Wired Networks

Block

Ron Rivest

RSA

Wired

Networks

## -

RC4

Wired Networks

Stream

Ron Rivest

Diffie-Hellman

Wired

Networks

## -

Whitfield Diffie and Martin Hellman

RC5

Wired Networks

Block

Ron Rivest

ElGamal

Wired

Networks

## -

T ElGamal

RC6

Wired Networks

Block

Ron Rivest, Matt Robshaw, Ray Sidney, Yiqun Lisa Yin

AES

Wired Networks

Block

Rijndael

DES

Wired

Networks

Block

NIST

Triple DES

Wired

Networks

Block

NIST

Keberos

Wired/Wireless Networks

## -

MIT

WEP

Wireless Network

## -

WEP2

Wireless Network

## -

WPA

Wireless Network

## -

WPA2

Wireless Network

## -

## Figure 1 shows a table of cryptographic techniques under review and their classifications.

Analysis

## SEGMENT B

## SEGMENT A

## Figure2: UoB's Network Diagram

UoB's network has several segments that can broadly be grouped into wired and wireless categories. One segment from each category (Segment A and B) will be the subject of analysis to determine the best choice of cryptographic protocols with Segment A representing the wired segments and Segment B, the wireless segments of UoB network. The approach will be to benchmark each of these protocols on some parameters developed from what the key criteria in choosing encryption protocols are.

These criteria include Strength of Algorithm, Key Length, Security of the key generation and exchange, Key management and distribution and speed. The benchmark parameters will also include network security requirements such as how well the protocols under review handle Confidentiality, Integrity, Authentication, Authorization and Non-repudiation services.

## Cryptographic Techniques for Wired Segment A

## RC2 Encryption Protocol

RC2 ("Rivest Cipher") was developed by Ron Rivest in 1987 as a replacement for Data Encryption Standard (DES). It is a 64-bit symmetric block cipher and that has a variable key size from 40 bits to 128-bits in increments of 8 bits. However RC2 is known to be weak and can easily be broken by some cryptanalysis techniques notably, related key attack (Kelsey et al., 1997). Generally not so much has been done with RC2 in the recent times because of its poor reputation of being easily cracked.

## RC4 Encryption Protocol

RC4 is a symmetric stream cipher also developed by Ron Rivest in 1987. It is a variable-key-size cipher with a key size of up to 2048 bits (256 bytes). It has a proven record of being very fast and efficient. Its security is unknown, but breaking it does not seem trivial either. Because of its speed, it may have uses in certain applications such as in secured communication encrypting traffic to and from secure a web sites using the SSL protocol. It performs an initialization process using a key of arbitrary length to generate a number that will then be exclusive-ored with the data stream . Thus it's a two stage process the performs initialization and the operation processes (A. Mousa et al., 2006). However RC4 exhibits some weakness when implemented under some conditions. For example when the initial part of the output keystream is not discarded or when nonrandom or related keys are used. It is also known to be weak when a single keystream is used twice. (J. Golic, 1997).

## RC5 Encryption Protocol

RC5 was designed by Ron Rivest in 1994. It is a symmetric block cipher with a variable block sizes of 32, 64 or 128 bits and also variable key sizes of 0 to 2040 bits. It has allowable number of rounds of 0 to 255. These variable features enable it to be a parameterized algorithm, thus providing the opportunity for great flexibility in both the performance characteristics and the level of security (B.S. Kaliski Jnr et al, 1998). There are two distinguishing features of RC5. The first feature is the heavy use of data-dependent rotations. Analysis have shown that data-dependent rotations are helpful for preventing differential and linear cryptanalysis. The second feature is the exceptional simplicity of the cipher, with the objective of making analysis easier. (B.S. Kaliski Jnr et al, 1998).

## RC6 Encryption Protocol

RC6 symmetric block cipher was developed from RC5 by a team consisting of Ron Rivest, Matt Robshaw, Ray Sidney, and Yiqun Lisa Yin, in 1997, to have an encryption standard that can compete in the Advanced Encryption Standard (AES) competition. RC6 has a block size of 128 bits and key sizes of 128, 192 and 256 bits. It has a structure that is similar to RC5 and can also be parameterized like RC5. The main difference is that RC6's algorithm comes with an extra multiplication operation. This is to make the rotation dependent on every bit of a plaintext. New features in RC6 include the use of four working registers instead of two, and the inclusion of integer multiplication as an additional primitive operation. All of these additions provides greater security, fewer rounds, and increased throughput (R. Rivest et al, 1998)

Generally speaking since the development of RC2 there have been greater improvement in terms of security and performance in the subsequent, developments. This implies that RC6 has been the strongest of the RC series developed by Ron Rivest. The following sections introduces other encryption protocols and how they compare in strength and performance to RC6.

## Advanced Encryption Standard (AES)

This is a symmetric encryption standard selected and adopted by the US government after it made an open request for the submission of encryption standards that will improve on the weakness of the Data Encryption Standard in use at that time. After testing several algorithm submitted, Rijndael algorithm was chosen for adoption based on security, performance, efficiency, ease of implementation and flexibility. The algorithm was finally ratified as a federal standard in May 2002.

AES uses different key lengths standards namely, AES-128, AES-192 and AES-256 with each of them having 128-bit block size with key sizes of 28, 192 and 256 bit respectively. Each additional bit in the key effectively doubles the strength of the algorithm, when defined as the time necessary for an attacker to stage a brute force attack, i.e. an exhaustive search of all possible key combinations in order to find the right one which could take more that a life time. AES, irrespective of any of the key length standards, has had reputation to be very a efficient, strong and robust encryption mechanism. And the fact that it was chosen to be a standard encryption standard ahead of RC6 proves the point.

## Data Encryption Standard (DES)

The Data Encryption Standard (DES) is a block cipher developed in 1976 by the National Bureau of Standards as an official Federal Information Processing Standard (FIPS) for the United States. It is a symmetric cipher with a short key of 56-bit. Although it paved way for modern usage of block ciphers, its short key however makes it susceptible to cryptanalysis. DES is now considered to be insecure for many applications. This prompted the US government to look for a replacement hence, the emergence of AES.

## Triple Data Encryption Standard ( 3 DES)

3 DES was developed to be the initial solution to the problems that plagues the Data Encryption Standard (DES). Its operations was simply to apply the original the Data Encryption Standard (DES) cipher algorithm three times for encryption process. It is a simple method of increasing DES key size to protect against attacks without having a new algorithm. It was eventually replaced by AES.

## Kerberos

This a network authentication protocol which ensures that authentication takes place at every layer of communication among nodes of a network system. It was designed and developed by Massachusetts Institute of Technology (MIT) to suite a client network providing a platform whereby the client and servers verifies each other's identity. They are known for protection against eavesdropping and replay attacks. It is also based on symmetric key cryptography and requires a trusted third party. It is been use on most network systems platforms now (Linux, Windows). With increasing use of the internet, Kerberos was designed meet the new security requirements on internet based connections and networks.

## RSA

RSA is a public key algorithm known to be suitable for digital signature and data encryption. It was an invention that tool public key cryptography to another level and is widely used form ecommerce because it has an up-to-date implementations. It also uses two long keys for encryption and decryption which makes it hard to break. One key is made public and used to encrypt message while the other is a secret key owned by the recipient of a message. This other key is used to decrypt the message.

RSA is however slower than other encryption methods and vulnerable in some cases to man-in-the-middle-attacks.

## Diffie-Hellman

Diffie-Hellman is a cryptographic protocol enables that enables secret key exchange over an unsecured channel. The Exchanged key is then used for future communications using a symmetric cipher. This mechanism is quite efficient but does not provide authentication thus, could bee vulnerable to man-in-the-middle-attack.

## ElGamal

ElGamal is an asymmetric cipher for for public-key cryptography that is based on the Diffie-Hellman key agreement. Developed in 1985 by Taher Elgamal, it is used to develop recent versions of GNU Privacy Guard software then recent versions of PGP and other cryptosystems (T. ElGamal, 1985)

## Cryptographic Techniques for Wired Segment B

## Wired Equivalent Privacy (WEP)

Wired Equivalent Privacy (WEP) is an algorithm designed for IEEE 802.11 wireless networks security. It was developed to be the solution to problems with Wireless networks that was fast becoming more susceptible to eavesdropping than the wired networks. It was intended to provide confidentiality but several vulnerabilities were exposed by cryptanalysts. WEP is now known widely to be very weak and its connection can be compromised in a short time (IEEE Std 802.11-1997).

## Wired Equivalent Privacy (WEP2)

Upon realization the WEP can be cracked easily, WEP2 was developed as a stopgap enhancement. The original WEP and WEP2 were finally dropped when it became clear that the WEP algorithm was deficient.

## Wi-Fi Protected Access (WPA) & Wi-Fi Protected Access2 (WPA2)

In 2003 and 2004 respectively, WPA & WPA2 were developed by Wi-FiÂ® Alliance as interoperable Wi-Fi security specifications for network systems as a solution to the weaknesses in Wired Equivalent Privacy (WEP). WPA provides protection to all networks by ensuring that only authorized users have access to network services.WPA2 ensures that data remains protected while offering all other security features of WPA. WPA2 uses the Advanced Encryption Standard (AES) for data encryption to address the security problems of WEP. Both are still being used actively to protect, small, medium and enterprise networks.