Enhancing Confidentiality And Integrity In Ieee 802 11i Wireless Networks Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Secure data encryption is an essential part of modern communication tech­nologies. It can help to prevent unau­thorized access to sensitive data. This is particularly important for wireless networks where anyone can eavesdrop on the communication. Data transmitted across a network is vulnerable to many types of attack. One crucial step in the process of protecting this data is to encrypt it before transmission using an appropriate algorithm. They need to be used in an appropriate way governed by a protocol to be effective. All too often in application development provision of security is an afterthought and badly implemented. A solution to this problem would be the provision of a relatively simple interface to provide security while hiding the details from users. This interface should be able to support and swap cryptographic algorithms with ease and support related cryptographic concepts like key management in an easy to use way.

AES-CCMP (Advances Encryption Standard - Counter Mode with Cipher Block Chaining Mode Protocol) with non-linear arrangement of S-box and Key scheduling is a new wireless security standard that provides the highest level of security by utilizing the newest and strongest 128-bit AES encryption algorithm to encrypt and authenticate the data at the same time. This paper discusses software implementation of AES-CCMP which makes it computationally feasible to solve all sorts of security issues in wireless networks with ease of deployment.

Keywords: Encryption, AES-CCMP, S-box, security issues, wireless network.

1. Introduction

Mobility support is a salient feature of wireless networks that grant the users anytime anywhere network access. Despite their promising feature, security has become one major concern in wireless networks. Wireless local area networks (WLAN) are groups of wireless networking nodes within a limited geographic area, such as an office building or campus that are capable of having radio communication. WLANs are usually implemented as extensions to existing wired local area networks (LAN) to provide enhanced user mobility and network access. The most widely implemented WLAN technologies are based on the IEEE 802.11 standard and its amendments.

1.1 IEEE 802.11i

The National Institute of Standards and Technology (NIST) recommends that organizations with existing legacy IEEE 802.11 implementations develop and implement migration strategies to move to IEEE 802.11i-based security because of its superior capabilities. IEEE 802.11i, an IEEE standard ratified June 24, 2004, is designed to provide enhanced security in the Medium Access Control (MAC) layer for 802.11networks. The 802.11i specification defines two classes of security algorithms: Robust Security Network Association (RSNA), and Pre-RSNA. Pre-RSNA security consists of Wired Equivalent Privacy (WEP) and 802.11 entity authentication. RSNA provides two data confidentiality protocols, called the Temporal Key Integrity Protocol (TKIP) and the Counter-mode/CBC-MAC Protocol (CCMP), and the RSNA establishment procedure, including 802.1X authentication and key management protocols.

1.2 Advanced Encryption Standard (AES)

The Advanced Encryption Standard (AES) is an encryption standard adopted by the U.S. government. The standard comprises three block ciphers, AES-128, AES-192 and AES-256, adopted from a larger collection originally published as Rijndael. Each of these ciphers has a 128-bit block size, with key sizes of 128, 192 and 256 bits, respectively. AES is the first publicly accessible and open cipher approved by the NSA for top secret information.

Figure 1.1 Block diagram of AES

AES Process Cycle

The Basic Structure of the AES

AES is a block cipher developed in effort to address threatened key size of Data Encryption Standard (DES). It allows the data length of 128 bits while supporting three different key lengths, 128, 192, and 256 bits. As such, a mathematical description of the AES is given in Galois Field (28). Each round of the whole operation is divided into four basic blocks where data are treated at either byte or bit level. The byte structure seems to be natural for low profile microprocessor (such as 8-bit CPU and microcontrollers). The array of bytes organized as a 4Ã-4 matrix is also called "state". Those four basic steps that describe one round of the AES; BytesSub, ShiftRow, MixColumn, and AddRoundKey are also known as layers.

Bytes Sub Transformation

This operation is a non-linear byte substitution. It composes of two sub-transformations; multiplicative inverse and affine transformation. In typical implementations, these two sub-steps are combined into a single table lookup called substitution box or S-box.

Shift Row Transformation

This transformation is a linear diffusion process, operates on individual row, i.e. each row of the array is rotated by a certain number of byte positions.

Mix Column Transformation

This is also a linear diffusion process. A column vector is multiplied (in GF(28)) with a fixed matrix where bytes are treated as a polynomial of degree less than 4.

Add Round Key

In each round of the AES process, each byte of the array is added (respect to GF(28)) to a byte of the corresponding array of the round subkeys. Round keys are generated by a procedure called "Round Key Expansion" or "KeyScheduling". Those sub-keys are derived from the original keys by EXORing of two previous columns. For columns that are in multiples of four, the process involves round constants addition, byte substitution and shift operations.

All four layers described above have corresponding inverse operations. Excluding the first and the last round, the AES with 128-bit round key proceed for nine iterations. First round of the encryption performs EXOR with the original key and the last round skips MixColumn transform. The deciphering is the reverse order of the ciphering process. Operation steps are similar and at the comparable complexity. As such the same set of hardware can be shared by both processes. However, the inverse MixColumn operation requires matrix elements that are quite complicated compared with {01}, {02} or {03} of the forward one. This results in the slight complicated deciphering hardware.

Block cipher

In cryptography, a block cipher is a symmetric key cipher operating on fixed-length groups of bits, called blocks, with an unvarying transformation. A block cipher encryption algorithm might take (for example) a 128-bit block of plaintext as input, and output a corresponding 128-bit block of cipher text. The exact transformation is controlled using a second input - the secret key. Decryption is similar: the decryption algorithm takes, in this example, a 128-bit block of cipher text together with the secret key, and yields the original 128-bit block of plaintext. To encrypt messages longer than the block size (128 bits in the above example), a mode of operation is used.

Block ciphers can be contrasted with stream ciphers; a stream cipher operates on individual digits one at a time and the transformation varies during the encryption. The distinction between the two types is not always clear-cut: a block cipher, when used in certain modes of operation, acts effectively as a stream cipher.

Security in AES

The only successful published attacks against the full AES were side-channel attacks on some specific implementations. The National Security Agency (NSA) reviewed all the AES finalists, including Rijndael, and stated that all of them were secure enough for U.S. Government non-classified data and announced that AES may be used to protect classified information.

The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths. The implementation of AES in products intended to protect national security systems and/or information must be reviewed and certified by NSA prior to their acquisition and use.

AES has 10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys. By 2006, the best known attacks were on 7 rounds for 128-bit keys, 8 rounds for 192-bit keys, and 9 rounds for 256-bit keys.

Figure1.2 AES key expansion

2. Existing Methods

Temporal Key Integrity Protocol or TKIP is a security protocol used in the IEEE 802.11 wireless networking standard. TKIP was designed by the IEEE 802.11i task group and the Wi-Fi Alliance as a solution to replace WEP without requiring the replacement of legacy hardware. This was necessary because the breaking of WEP had left WiFi networks without viable link-layer security, and a solution was required for already deployed hardware.

Wired Equivalent Privacy (WEP) is a deprecated algorithm to secure IEEE 802.11 wireless networks. Wireless networks broadcast messages using radio and are thus more susceptible to eavesdropping than wired networks.

3. Proposed Method


CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) is an IEEE 802.11i encryption protocol created to replace both TKIP, the mandatory protocol in WPA, and WEP, the earlier, insecure protocol. CCMP is a mandatory part of the WPA2 standard, an optional part of the WPA standard, and a required option for Robust Security Network (RSN) Compliant networks. CCMP is also used in the ITU-T G.hn home and business networking standard.

CCMP, part of the 802.11i standard, uses the Advanced Encryption Standard (AES) algorithm. Unlike in TKIP, key management and message integrity is handled by a single component built around AES using a 128-bit key, a 128-bit block, and 10 rounds of encoding per the FIPS 197 standard.

CCM mode (Counter with CBC-MAC) is a mode of operation for cryptographic block ciphers. It is an authenticated encryption algorithm designed to provide both authentication and privacy. CCM mode is only defined for block ciphers with a block length of 128 bits. In RFC 3610, it is defined for use with AES.

Rijndael Algorithm

The Rijndael algorithm is a new generation symmetric block cipher that supports key sizes of 128, 192 and 256 bits, with data handled in 128-bit blocks - however, in excess of AES design criteria, the block sizes can mirror those of the keys. Rijndael uses a variable number of rounds, depending on key/block sizes, as follows: 9 rounds if the key/block size is 128 bits, 11 rounds if the key/block size is 192 bits, 13 rounds if the key/block size is 256 bits

Rijndael is a substitution linear transformation cipher, not requiring a Feistel network. It use triple discreet invertible uniform transformations (layers). Specifically, these are: Linear Mix Transform; Non-linear Transform and Key Addition Transform. Even before the first round, a simple key addition layer is performed, which adds to security. Thereafter, there are Nr-1 rounds and then the final round. The transformations form a State when started but before completion of the entire process.

The State can be thought of as an array, structured with 4 rows and the column number being the block length divided by bit length (for example, divided by 32). The cipher key similarly is an array with 4 rows, but the key length divided by 32 to give the number of columns. The blocks can be interpreted as unidimensional arrays of 4-byte vectors.

The exact transformations occur as follows: the byte subtransformation is nonlinear and operates on each of the State bytes independently - the invertible S-box (substitution table) is made up of 2 transformations. The shiftrow transformation sees the State shifted over variable offsets. The shift offset values are dependent on the block length of the State. The mixcolumn transformation sees the State columns take on polynomial characteristics over a Galois Field values (28), multiplied x4 + 1 (modulo) with a fixed polynomial. Finally, the roundkey transform is XORed to the State. The key schedule helps the cipher key determine the round keys through key expansion and round selection.

Overall, the structure of Rijndael displays a high degree of modular design, which should make modification to counter any attack developed in the future much simpler than with past algorithm designs.

Design and Implementation

Implementation of the CCMP block can be viewed as a single process with inputs and outputs, as shown in Fig. 3.1. The decryption phase has the same inputs as the encryption phase (except that the input MPDU is encrypted). This is because the header information, including the CCMP header, is transmitted across the link in the clear text and can therefore be extracted by the receiver prior to decryption.

The implementation of CCMP must keep a sequence counter called PN, which increments for each packet processed.

Figure. 3.1. Encryption and Decryption with CCMP

This prevents an attacker to reuse a packet that has previously been sent. The PN is 48-bits long; large enough to ensure it never overflows. Implementation of the CCMP encryption block is shown in Fig. 3.2. There are two stages: first, the MIC is calculated and appended to the MPDU, and then the entire MPDU is encrypted to produce the results. Both stages use same software module for AES encryption as shown in Fig. 3.3. Here plaintext data can be the first block of 128-bits of CBC-MAC or subsequent XOR data of 128-bits, or the first 128-bits block of IV (Initial Value) or each incremented block of IV in CBC-CTR mode. An encrypted MPDU contains two more fields than an unencrypted MPDU. It has the CCMP header and the MIC value. The MIC value is 8 octets (64-bits).

Figure 3.2. CCMP Encryption Block

Figure. 3.3. AES encryption algorithm

Study of Non-Linear Arrangement of S-Box

"Variations to S-box and Mix Column Transformations of AES", suggest variations are designed over the Galois field GF(28) generated by the primitive polynomial x8 + x6 + x5 + x + 1. The proposed S-box is constructed by computing the powers of a primitive root in F*257 and taking the multiplicative inverse of the resulting entries as in Rijndael's algorithm.

"Active Boolean Function Nonlinearity Measurement", by Terry Ritter, gives a detailed discussion of cryptographic nonlinearity, what it means and how it is computed. Nonlinearity is the number of bits which must change in the truth table of a Boolean function to reach the closest affine function. If cryptosystems based on linear or affine functions are inherently weak, the ability to measure nonlinearity is the ability to measure one form of strength.

"Making AES Stronger: AES with Key Dependent S-Box", describes AES-KDS as block cipher in which the block length and the key length are specified according to AES specification. The round function resembles that of AES, but is composed of 5 stages rather than 4 stages. The extra stage named Dynamic S-box is introduced at the beginning of the round function.

"Boolean Function Design using Hill Climbing Methods", William Millan, Andrew Clark and Ed Dawson, outlines a general approach to the iterative incremental improvement of the cryptographic properties of arbitrary Boolean functions. It gives an overview of the different options available, concentrating on reducing the maximum value of the Walsh-Hadamard transform and autocorrelation function.

The cryptographic strength of the AES depends strongly on the choice of S-box. The S-box in AES provides the non-linearity in the cipher. The S-box used is derived from the multiplicative inverse over GF(28), known to have good non-linearity properties. To avoid attacks based on simple algebraic properties, the S-box is constructed by combining the inverse function with an invertible affine transformation. Rijndael is derived form Square algorithm, and is very algebraic. The structure of Square is a substitution-permutation network with eight rounds, operating on 128-bit blocks and using a 128-bit key.

We overcome the weaknesses of the existing S-Box by improving the nonlinearity of S-box by using the Discrete Logarithms for the design of S-box. We also adopt a new algebraic method to increase the complexity of the S-box.

AES byte substitutions are done using non-linear S-boxes. S-boxes are represented as 16x16 arrays where rows and columns are represented as hexadecimal arrays. For two hexadecimal numbers r & c, the S-box returns s (r,c).

Discrete Logarithms

The variations of the S-Box are designed over the Galois field GF(28) generated by the primitive polynomial x8 + x6 + x5 + x + 1. The proposed S-box is constructed by computing the powers of a primitive root in F*257 and taking the multiplicative inverse of the resulting entries as in Rijndael's algorithm. An S-box that uses composition of an exponent mapping in a prime field and multiplicative inverse mapping in GF(28) is proposed. The exponent mapping with the base element chosen as a primitive root in the prime field is differentially 2-uniform and the multiplicative inverse mapping is differentially 4-uniform . The new S-box is expected to be strong because it has been remarked in that this mapping is complex enough to be used a round function of DES.

Since the components in Rijndael's algorithm are independent, a couple of algorithms with varying degrees of security and efficiency can be designed by choosing the proposed S-box along with the rest of the components of Rijndael.

Conclusion and Future work

This paper discussed an efficient software implementation of AES-CCMP block cipher to satisfy the security requirements of Secure Wireless Networks. Present work involves the S-Box analysis in the Non linear Environment. The work has been simulated in the NS2 Simulator Environment using OTCL and C++ coding. The security and the performance analysis based on linear and non linear environment is being analysed and the animator and analytical output is under research. More research work is required to get better performance result when off loading the encryption process from main processor. In future a hardware/software co-design implementation of AES-CCMP could be taken up.