7.3 Encryption Schemes in WLANs

AES Evaluation Criteria

The algorithms submitted for consideration were evaluated on three major criteria: security, cost, and algorithm and implementation characteristics, based on the following:

• Security : Resistance of the algorithm to cryptanalysis, soundness of its mathematical basis, randomness of the algorithm output, and relative security compared with other candidates

• Cost : Licensing requirements, computational speed and efficiency on various platforms, and memory requirements ”speed of the algorithm on a variety of platforms, based on 128-, 192-, and 256-bit keys

• Algorithm and implementation characteristics : Flexibility, suitability to hardware and software, and the simplicity (or complexity) of the algorithm

Rijndael is an iterated block cipher, meaning that the initial input block and cipher key undergoe multiple transformation cycles before producing the output. AES was designed to handle additional block sizes and key lengths, but they are not adopted in the FIPS 197. The AES will specify three key sizes: 128, 192, and 256 bits. In decimal terms, this means that there are approximately:

 3.4  1,038 possible 128-bit keys    6.2  1,057 possible 192-bit keys    1.1  1,077 possible 256-bit keys 

In comparison, DES keys are 56 bits long, which means there are approximately 7.2 — 1,016 possible DES keys. Thus, there are approximately 10 ²¹ more AES 128-bit keys than DES 56-bit keys.

The AES cipher is based on round operations. Each round has a roundkey of 128 bits and the result of the previous round as input. The round-keys can be precomputed or generated on-the-fly from the input key. Because of its regular structure, it can be implemented efficiently in hardware. Decryption is computed by application of the inverse functions of the round operations. The algorithm is written so that block length and/or key length can easily be extended in multiples of 32 bits, and the system is specifically designed for efficient implementation in hardware or software on a range of processors.

Rijndael is a substitution-linear transformation network with 10, 12, or 14 rounds, depending on the key size. A data block to be encrypted by Rijndael is split into an array of bytes, and each encryption operation is byte-oriented. Rijndael's round function consists of four layers. In the first layer, an eight-by-eight S-box is applied to each byte. The second and third layers are linear mixing layers , in which the rows of the array are shifted and the columns are mixed. In the fourth layer, subkey bytes are XORed into each byte of the array. In the last round, the column mixing is omitted.

The sequence of operations for the round function differs from encryption, which often results in separated encryption and decryption circuits. Computational performance of software implementations often differ between encryption and decryption because the inverse operations performed during the round function are more complex than the corresponding operation for encryption.

How DES Works

In DES, the plaintext is converted into a sequence of bits (0s and 1s), in blocks of 64 bits apiece, padded with trailing 0s when the message is not an even multiple of 64. For example, encoding of an 8-bit sequence looks as follows :

 00100001 is A    00100010 is B    00100011 is C    00010000 is a blank-space    00010001 is !, etc. 

In DES, the 64-bit block, corresponding to plaintext, is entered into the algorithm, and a corresponding 64-bit block, corresponding to ciphertext, is returned by the algorithm. It is a 16-round Feistel cipher and was originally designed for implementation in hardware. Feistel ciphers are a special class of iterated block ciphers where the ciphertext is calculated from the plaintext by repeated application of the same transformation or round function (hence, a Feistel round).

In a Feistel cipher, the text being encrypted is split into two halves . The round function f is applied to one half using a subkey, and the output of f is XORed with the other half. The two halves are then swapped. Each round follows the same pattern, except for the last round where there is no swap. Feistel cipher encryption and decryption are structurally identical, although the subkeys used during encryption at each round are taken in reverse order during decryption. The key length is 56 bits, but because every eighth bit in the 64-bit block is an internal arithmetic check that is not used by the encryption algorithm, the encryption key is expressed as a 64-bit number. The algorithm is considered open , found freely in the public domain, even though it is patented by IBM Corporation. Nowadays, various implementations of DES are in widespread use.

After initial permutation of the plaintext, the block is broken into a left and right half, 32 bits apiece. Then there are 16 rounds of identical operations, in which data is combined within the key. The resulting right and left halves are joined, and a final permutation concludes the calculation.

In DES, the two most fundamental component operations are permutation and XOR (exclusive OR). In a permutation step, the order of the bits in the 64-bit sequence is rearranged, an operation that can easily be reversed . In an XOR step, each bit is subject to the operation x XOR y = z , where z = 1 if x = 1 or y = 1 but not both; whereas z = 0 if both x = 0 and y = 0 or both x = 1 and y = 1. For example:

 011001110000101010110110011100001010101101100111000010101010101  XOR  111100001010001010111111000010100010101111110000101000101010101 --------------------------------------------------------------------      100101111010100000001001011110101000000010010111101010000000000 

The XOR operation is likewise easily reversed. If t is the plaintext, k is the key, c is the ciphertext, and t XOR k = c , then c XOR k = t . Both permutation and XOR operations have mathematical properties that ensure the ciphertext is exactly the same size as the plaintext, and each of these operations is reversible. DES consists of a complex sequence of permutations and XORs. For details on the exact working of the DES algorithm, the reader is encouraged to consult the online works of John J. G. Savard [8]. He presents a very good explanation of the process at the detail level.

Modulo Arithmetic

The term x modulo n , or x mod n , denotes the (whole number) remainder of the division of x by n . Modulo arithmetic is one of the greatest mathematical foundations used in modern cryptography. Modulo arithmetic, or so-called clock arithmetic, is the mathematical method by which we determine, say, that six hours after ten o'clock, it is four o'clock. That is, the ordinary clock is a modulo-12 device, and [(6+10) mod 12] equals 4. Similarly, the second hand and minute hand on the clock are modulo-60 devices, and the military clock is a modulo-24 device. Modulo arithmetic has the advantage that integer arithmetic can be performed on huge integers with absolute accuracy, without the need for having intermediate calculations exceed a predetermined size ”namely, the square of the modulus . The essential steps in asymmetric encryption by the RSA Method are as follows:

 Public key: n = product prime numbers,  p  and  q  .  e  is relatively prime to ((  p  -1)(  q  -1))    Private key:  d  = (  e  -1) mod ((  p  -1)(  q  -1))    Encryption:  c  = (  te  ) mod  n  Decryption:  t  = (  cd  ) mod  n  

So we have the following variable representations:

 n is the (public) product.    e is the public (encryption) key.    d is the private (decryption) key.    t is the plaintext.    c is the ciphertext. 

After determining prime numbers p and q , the next step is calculating values for n , e , and d . At this point, we may simply discard p and q . The receiver distributes numbers ( n , e ) publicly, but d is kept secret and known only to the receiver. In order to properly decrypt messages, the receiver needs to keep the numbers n and d .