NET 3106

Network Security

Stream Cipher - Rivest Cipher 4

(RC4)

1
 Content
• Random Numbers
• Stream Cipher
• Introduction to Rivest Cipher 4 (RC4)
Key Scheduling Algorithm (KSA)

Pseudorandom Generation Algorithm (PRGA)

2
 Symmetric Cipher Type
• Way in which plaintext is processed: (Recap)
1. Block (only one block at a time)

2. Stream (process elements continuously)

3
 Random Numbers
•Key Generation: Random numbers are used to generate cryptographic
keys.
•Initialization Vectors (IV): It used to introduce randomness into the
encryption process.
•Nonces: Random numbers in cryptography that are used once to
prevent replay attacks and ensure the freshness of data.
•Salt Values: In password-based key derivation functions are used to
enhance the security of stored passwords.

4
 Random Numbers
•Generation of asymmetric keys for RSA public-key encryption.
•Generation of key stream for symmetric stream cipher.
•Generation of symmetric key as temporary session key.
•In key distribution scenarios (Kerberos to prevent from reply attack)

•In all cases its critical that these values be

Unpredictability (statistically random)
Randomness (uniform distribution (same frequency of zeros and ones),
independent)

5
 Pseudorandom
Number Generators
• Pseudorandom Number Generator (PRNG): An algorithm that uses
mathematical formulas to produce sequences of semi-random
numbers.

•PRNGs generate a sequence of numbers that approximates the

properties of random numbers.

•The PRNG-generated sequence is not truly random because it is

completely determined by an initial value called seed, but it can pass
many tests of randomness.
6
 Pseudorandom
Number Generators
• True random number generator (TRNG) : input is a random value (system
time).
•Pseudorandom number generator (PRNG) : input is a fixed value + feedback
•Pseudorandom function (PRF) : input is a fixed value + feedback + specific
value (e.g. user ID).

7
 Stream Cipher
•Stream cipher is symmetric encryption method.

•A stream cipher encrypts a continuous string of binary numbers by

using time varying transformations on plaintext information.

• It operates bit-by-bit or Byte-by-Byte, using keystreams to create

ciphertext for arbitrary lengths of plaintext messages.

•RC4 is the most popular stream cipher.

8
 Stream Cipher
• The key is unpredictable and input to pseudorandom byte generator.
• The output of pseudorandom byte generator is called keystream.
• Keystream will combine with plaintext stream using XOR.

9
 Stream Cipher’s benefits
•Speed. This form of encryption is typically faster than block ciphers.

•Low complexity. It's easy to incorporate stream ciphers into modern

programs.

•Serial nature. By bit-by-bit processing, it allows to send information

when it's ready rather than waiting for everything to be done.

•Ease of implementation and use.

10
 Usage of Stream Cipher
•Communication Security: Stream ciphers are widely used to secure
communication channels when data is transmitted, such as voice
calls, video streams, and instant messaging (confidentiality).

•File and Disk Encryption: Stream ciphers can be employed to encrypt

files or entire disks (mostly using block ciphers).

•Wireless Security: Stream ciphers played a crucial role in securing

wireless communication protocols, such as Wi-Fi (e.g., WEP and
WPA) and Bluetooth.
11
 Usage of Stream Cipher
•(SSL and TLS): Stream ciphers are used within SSL and TLS protocols to provide secure
communication between web browsers and servers. They ensure the confidentiality
and integrity of data transmitted over HTTPS connections.
“IETF issued RFC 7465 prohibiting the use of RC4 in TLS (Prohibiting
RC4 Cipher Suites, February 2015). In its latest TLS guidelines, NIST
also prohibited the use of RC4 for government use (SP 800-52,
Guidelines for the Selection, Configuration, and Use of Transport
Layer Security (TLS) Implementations, September 2013).”

•Remote Access and Virtual Private Networks (VPNs): Stream ciphers

are commonly employed in remote access to create secure tunnels for
transmitting data between remote users and private networks.

12
 Rivest Cipher 4 (RC4)
•RC4 was invented in 1987 by Ron Rivest, and it is the most
extensively used stream cipher because of its speed and simplicity.
•Encrypt one byte at a time.
•RC4 generates a pseudorandom stream of bits (a keystream) for
encryption and decryption, is combined using XOR.
•Key size 1 to 256 bytes (8 to 2048 bits).
•Can be used as a random number generator (WEP).
•Popular method for WEP, WPA and SSL.

13
 RC4 Structure
•Contain Key Scheduling Algorithm (KSA) and Pseudorandom
Generation Algorithm (PRGA) steps:

Initialization

Stream Generation

14
 RC4 Structure
•Key Scheduling Algorithm (KSA)
A variable length key, (usually between 40 and 256 bits), is used to
initialize the 256-byte state vector (S) (permutation)

•Pseudorandom Generation Algorithm (PRGA)

To generate the keystream

•In the RC4, the security is achieved through the unpredictability

and randomness of the generated keystream.

15
 key Scheduling
Algorithm (KSA)
• The key-scheduling algorithm is used to initialize the permutation
in the array "S".

•"Key length" is defined as the number of bytes in the key and can
be in the range 1 ≤ key length ≤ 256, typically between 5 and 16,
corresponding to a key length of 40–128 bits.

•First, the array "S" is initialized to the identity permutation. S is

then processed for 256 iterations in a similar way to the main
PRGA, but also mixes in bytes of the key at the same time.
16
 Initialization
Initialization

Next we use T to produce the initial permutation of S.

Because the only operation on S is a swap, the only effect is a

permutation.
17
 Stream Generation

• To encrypt, XOR the value k with the next byte of plaintext.

• To decrypt, XOR the value k with the next byte of ciphertext.

18
19
1st Step: Initial State
of S and T

20
 2 Step: Initial
nd

Permutation of S

21
3rd Step: Stream
Generation

22
 RC4 Disadvantages
•Vulnerabilities: RC4 has several known vulnerabilities that make it
unsuitable for new applications.
•Security weaknesses: RC4 has some inherent weaknesses in its
design.

RC4A is a more powerful variation of RC4.

RC4A+ is a modified version of RC4 with a more complex 3-phase
key schedule that is 1.7 times longer than the basic RC4.
AES-CTR (Advanced Encryption Standard in Counter Mode) and
ChaCha20 are examples of secure stream cipher algorithms.

24
 Compare Symmetric Cipher
Factors DES 3DES AES RC4 RC6
Ron Rivest, Matt
Joan
Ron Rivest Robshaw, Ray
Designer IBM 1975 IBM 1978 Daemen and Vinc
1994 Sidney, and Yiqun
ent Rijmen 2001
Lisa Yin 1998
Cipher type Block Block Block Stream Block
128, 192, 256 128, 192, 256
Key length 56 bits 112 bits bits 40-2048 bits
Rounds 16 48 10, 12, 14 256 20
Algorithm Feistel Feistel SPN Feistel Feistel
Structure
Block size 64 bits 64 bits 128 bits - 128 bits
Faster than
Speed Slow Very Slow Fast Fast DES, slower
than AES
Adequate Excellent Adequate
Security Not secure security security Not secure security

25
 Summary
• Random Numbers

• Stream Cipher

• Encryption steps of RC4

Key Scheduling Algorithm (KSA)

Pseudorandom Generation Algorithm (PRGA)

• Compare symmetric ciphers

26
 Q&A

Any question?!

27