Escolar Documentos
Profissional Documentos
Cultura Documentos
Ricardo Goulart
ragoulart@hotmail.com
RC4
“Classificado como algoritmo de Criptografia simétrica(DES,
AES,IDEA)
-Algoritmos rápidos
- Única chave para cifragem e decifragem.
Canal seguro
Chave
K
RC4
É um Stream Cipher.
Gera ilimitados bytes pseudo aleatórios
Possui chave de tamanho variável.
Não é considerado um dos melhores sistemas criptográficos
RC4
“RC4 (also known as ARC4 or ARCFOUR) is the most widely-used stream
cipher and it is used in popular protocols such as Secure Sockets Layer
(SSL) (to protect Internet traffic) and wireless networks. While remarkable
in its simplicity, RC4 falls short of the high standards of security set by
cryptographers, and some ways of using RC4 can lead to very insecure
cryptosystems. It is not recommended for use in new systems. However,
some systems based on RC4 are secure enough for practical use.”Origem:
Wikipédia,
“The main factors which helped its deployment over such a wide range of
applications consisted in its impressive speed and simplicity.
Implementations in both software and hardware are very easy to develop”.
RC4
História
1987 Ron Rivest desenvolve o algoritmo RC4 para RSA(Rivest, Samir and
Aderman) Data Security, Inc., Especializada em sist. encriptação.
Foi, um segredo comercial bem protegido, popular, e utilizado largamente em
software, como Lotus Notes, Apple Computer’s AOCE, Oracle Secure SQL,
Internet Explorer, Netscape e Adobe Acrobat.[SCH 96]
Em Set 1994, é postado um código fonte em uma mailing list dedicada à
criptografia (Cypherpunks) supostamente equivalente ao RC4. Espalhou-se
rápido pela rede e foi confirmada a compatilidade com o RC4.
RC4
Algoritmo
As transformações são lineares, não há cálculos complexos, já que o sistema funciona
por permutações e somas de valores inteiros.
Usa um array, que a cada utilização, tem seus valores permutados, e misturados com a
chave, o que provoca que seja muito dependente desta. A chave, usada na inicialização
do array, pode ter até 256 bytes (2048 bits).
Key Setup
S [0] .. S [255].
2. Initialize the S-box. Fill each entry first with it's index:
Fill another array of the same size (256) with the key, repeating
bytes as necessary.
Stream Generation
To encrypt, XOR the value K with the next byte of the plaintext. To
decrypt, XOR the value K with the next byte of the ciphertext.
KSA(K) RC4
Initialization:
S ← 0, 1, . . . ,N − 1 j ← 0
Scrambling:
For i ← 0 . . . N − 1
j ← j + S[i] + K[i mod ]
S[i] ↔ S[j]
PRGA(S)
Initialization:
i←0
j←0
Generation loop:
i←i+1
j ← j + S[i]
S[i] ↔ S[j]
t ← S[i] + S[j]
Output z ← S[t]
RC4
Fragilidade do RC4
2001 - publicação de artigos sobre a fragilidade do protocolo WEP: O
Intercepting Mobile Communication, UCB e
o Weakness in the Key Scheduling Algorithm of RC4, escrito pelo CISCO
e Instituto Weizmann, Israel.. Esses dois artigos atacam o WEP,
alegando ou dando a entender que a sua maior fragilidade é o seu
algoritmo de criptografia.
O primeiro artigo ensina como se consegue, sem o conhecimento prévio
da chave ter acesso às informações criptografadas.
RC4
Weaknesses in the Key Scheduling Algorithm of RC4
Scott Fluhrer1, Itsik Mantin2 - 1Cisco Systems, 2The Weizmann Institute
Present several weaknesses in the key scheduling algorithm of RC4, and
describe their cryptanalytic significance. Identify a large number of weak keys,
in which knowledge of a small number of key bits suffices to determine many
state and output bits with non-negligible probability. It´s possible to use these
weak keys to construct new distinguishers for RC4, and to mount related key
attacks with practical complexities. Show that RC4 is completely insecure in a
common mode of operation which is used in WEP, in which a fixed secret key
is concatenated with known IV modifiers in order to encrypt different
messages.
The new passive ciphertext-only attack on this mode can recover an arbitrarily
long key in a negligible amount of time which grows only linearly with its size,
both for 24 and 128 bit IV modifiers. – 396 citações.
RC4
Vantagens
Conforme Bruce Schneier ,quatro (possíveis) vantagens do RC4:
•encriptação é rápida (cerca de 10 vezes mais rápida que o DES).
•RC4 pode estar em 21700 possíveis estados.
•Segundo RSADSI é imune a criptoanálise diferencial e integral?
•Nada impede que possa ser generalizado para vetores e palavras maiores.
What you see is what you get!
Many stream ciphers are based on linear feedback shift registers (LFSRs),
which while efficient in hardware are less so in software. The design of RC4
avoids the use of LFSRs, and is ideal for software implementation.
RC4
Desvantagens ?
Defesa do RC4?
Maior fragilidade observada é na forma que foi implementado no WEP.
Defesa do RC4?
RC4 is likely to remain the algorithm of choice for many applications and
embedded systems. (Of course, strong block ciphers like AES or RC6 should
also routinely be considered as candidates for any new application, particularly
when authentication is also required, since block ciphers can utilize modes of
operation, that efficiently provide both confidentiality and integrity.)
The initial key scheduling component of RC4 should for now be routinely
amended for new applications to include hashing and/or discarding the first
256 bytes of pseudo-random output. (This has in any case been RSA's routine
recommendation.).
RC4
Sistemas de criptografia baseados no RC4
WEP e WPA
CipherSaber
BitTorrent protocol encryption
Microsoft Point-to-Point Encryption
SSL- Secure Sockets Layer (optionally)
Secure shell (optionally)
Kerberos (optionally)