Authors: Sheena Mathew, K. Poulose Jacob

Abstract:

Extensive use of the Internet coupled with the marvelous growth in e-commerce and m-commerce has created a huge demand for information security. The Secure Socket Layer (SSL) protocol is the most widely used security protocol in the Internet which meets this demand. It provides protection against eaves droppings, tampering and forgery. The cryptographic algorithms RC4 and HMAC have been in use for achieving security services like confidentiality and authentication in the SSL. But recent attacks against RC4 and HMAC have raised questions in the confidence on these algorithms. Hence two novel cryptographic algorithms MAJE4 and MACJER-320 have been proposed as substitutes for them. The focus of this work is to demonstrate the performance of these new algorithms and suggest them as dependable alternatives to satisfy the need of security services in SSL. The performance evaluation has been done by using practical implementation method.

Keywords: Confidentiality, HMAC, Integrity, MACJER-320, MAJE4, RC4, Secure Socket Layer

Digital Object Identifier (DOI): doi.org/10.5281/zenodo.1327720

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 1828

References:

[1] Transport layer Security, Wikipedia, http://en.wikipedia.org/wiki/Secure_Sockets_Layer
[2] C.Allen and T.Dierks, The TLS Protocol Version 1.0. Internet Draft, Internet Engineering Task Force, November 1997, http://tools.ietf.org/html/rfc2246
[3] Security Protocols Overview An RSA Data Security Brief, www.comms.scitech.susx.ac.uk/fft/crypto/security-protocols.pdf
[4] George Apostolopoulos, Vinod peris, Prashant Pradhan, Debanjan Sahi, "Securing Electronic Commerce: Reducing the SSL Overhead", IEEE Network, 14(4) : pp. 8-16, July 2000.
[5] S. Fluhrer, I. Mantin, A. Shamir, " Weakness in the key scheduling Algorithm of RC4", Proceedings in the selected Areas in Cryptography 2001, SAC-01, LNCS vol.2259, pp. 1-24, Springer-Verlag, 2001.
[6] Xiaoyun Wang and Hongbo Yu, "How to break MD5 and other hash functions", Advances in Cryptology - EUROCRYPT, LNCS 3494, Springer-Verlag , pp.19-35, 2005.
[7] Sheena Mathew, K.Paulose Jacob, "A New Fast Stream Cipher: MAJE4", Proceedings of IEEE, INDICON 2005, pp60-63, 2005.
[8] National Institute of Standards and Technology (NIST) (2002), FIPS- 180-2: Secure Hash Standard, at http://csrc.nist.gov/publications/fips/fips 180-2/fips 180-2.pdf.
[9] Sheena Mathew, K. Poulose Jacob, "JERIM-320: A New 320-bit Hash Function with Higher Security", International Journal of Computers, Systems and Signals, to be published.
[10] A.Roos, "A Class of weak keys in the RC4 stream cipher", sci.crypt, 1995.
[11] D.Wagner, " My RC4 weak keys", sci.crypt, September 1995.
[12] A.I.Grosul and D.S.Wallach, "A Related Key Cryptanalysis of RC4", Manuscript from Department of Computer Science, Rice University, 6 June 2000.
[13] J.Dj.Golic, "Linear statistical Weakness of alleged RC4 keystream generator", Advances in Cryptology - Eurocrypt 97, LNCS vol. 1233, pp.226-238, Springer-Verlag, 1997.
[14] S.R.Fluhrer and D.A.McGrew, "Statistical Analysis of the Alleged RC4 Keystream Generator", Proceedings of Fast Software Encryption 2000, LNCS vol. 1978, pp.19-30, Springer-Verlag, 2001.
[15] S.Mister and S.E.Tavares, "Cryptanalysis of RC4-like Ciphers", Proceedings of SAC-98, LNCS vol. 1556, pp.131-143, Springer- V0000erlag, 1999.
[16] L.Knudsen, W.Meier, B.Preneel, V.Rijmen and S.Verdoolaege, "Analysis methods for (alleged) RC4", Advances in Cryptology - AsiaCrypt 98, LNCS vol.1514, pp.327-341, Springer -Verlag, 1998.
[17] J.Dj.Golic, "Iterative Probabilistic Cryptanalysis of RC4 Keystream Generator", Proceedings of ACISP 2000, LNCS vol.1841, pp. 220-233, Springer - Verlag, 2000.
[18] I.Mantin and A. Shamir, " A Practical Attack on Broadcast RC4", Proceedings of Fast Software Encryption, 2001, LNCS, vol.xx, pp.152- 164, Springer-Verlag, 2002.
[19] I.Mironov, "(Not so) Random Shuffles of RC4", Advances in Cryptology -CRYPTO-2002, LNCS vol.2442, pp. 304-319, Springer Verlag, 2002.
[20] Andreas Klein, "Attacks on the RC4 stream cipher", Designs, Codes and Cryptography, 2007
[21] Subhamoy Maitra and Goutam Paul, "Many keystream bytes of RC4 leak secret key information", Cryptology ePrint Archieve, Report 2007/261, 2007, http://eprint.iacr.org/.
[22] Serge Vaudenay and Martin Vuagnoux, Passive-only key recovery attacks on RC4. In Selected Areas in Cryptography 2007, Lecturer Notes in Computer Science, Springer 2007
[23] Toshihiro Ohigashi, Hidenori Kuwakado, and Masakatu Morii, "A Key recovery attack on WEP with less packets", Technical Report of IEICE, ISEC Nov., 2007
[24] D.E.Knuth, The Art of Computer Programming, Vol.2, Seminumerical Algorithms, Third Edition, Addison - Wesley, 1997.
[25] Mihir Bellare, Ran Canetti, Hugo Krawczyk (1996), "Keying Hash Functions for Message Authentication", Advances in Cryptology- CRYPTO, LNCS 1109, Springer- Verlag, pp 1-15.
[26] Jongsung Kim, Alex Biryukov, Bart Preneel, Seokhie Hong (2006), "On the Security of HMAC and NMAC Based on HAVAL, MD4, MD5, SHA-0 and SHA-1", Proceedings of SCN, LNCS 4116, Springer- Verlag, pp 242-256.
[27] Christian Rechberger and Vincent Rijmen, "Note on Distinguishing, Forgery, and Second Preimage Attacks on HMAC-SHA-1 and a Method to Reduce the Key Entropy of NMAC", 2006, URL: http://citeseer.ist.psu.edu/cache/papers/cs2/338/http:zSzzSzeprint.iacr.or gzSz2006zSz290.pdf/note-on-distinguishing-forgery.pdf
[28] Mihir Bellare, Ran Canetti, Hugo Krawczyk (1996), "Message Authentication using Hash Functions the HMAC Construction, CryptoBytes, Vol 2, No.1, RSA Laboratories pp 1-5.
[29] Gene Tsudik (1992), "Message Authentication with One-Way Hash Functions", Proceedings of IEEE-INFOCOM, pp 2055-2059.
[30] Thomas Calabrese (2006), "Information Security Intelligence Cryptographic Principles and Applications", Thomson Delmar Learning, India.
[31]Wagner D., "A Generalized Birthday Problem", Proceedings of Crypto '02, LNCS vol. 2442, Springer-Verlag, 2002.
[32] H. Dobbertin (1996) "Cryptanalysis of MD4", Fast Software Encryption, LNCS 1039, Springer-Verlag, 53-69.