Use of Novel Algorithms MAJE4 and MACJER-320 for Achieving Confidentiality and Message Authentication in SSL and TLS
Extensive use of the Internet coupled with the
marvelous growth in e-commerce and m-commerce has created a
huge demand for information security. The Secure Socket Layer
(SSL) protocol is the most widely used security protocol in the
Internet which meets this demand. It provides protection against
eaves droppings, tampering and forgery. The cryptographic
algorithms RC4 and HMAC have been in use for achieving security
services like confidentiality and authentication in the SSL. But recent
attacks against RC4 and HMAC have raised questions in the
confidence on these algorithms. Hence two novel cryptographic
algorithms MAJE4 and MACJER-320 have been proposed as
substitutes for them. The focus of this work is to demonstrate the
performance of these new algorithms and suggest them as dependable
alternatives to satisfy the need of security services in SSL. The
performance evaluation has been done by using practical
implementation method.
[1] Transport layer Security, Wikipedia,
http://en.wikipedia.org/wiki/Secure_Sockets_Layer
[2] C.Allen and T.Dierks, The TLS Protocol Version 1.0. Internet Draft,
Internet Engineering Task Force, November 1997,
http://tools.ietf.org/html/rfc2246
[3] Security Protocols Overview An RSA Data Security Brief,
www.comms.scitech.susx.ac.uk/fft/crypto/security-protocols.pdf
[4] George Apostolopoulos, Vinod peris, Prashant Pradhan, Debanjan Sahi,
"Securing Electronic Commerce: Reducing the SSL Overhead", IEEE
Network, 14(4) : pp. 8-16, July 2000.
[5] S. Fluhrer, I. Mantin, A. Shamir, " Weakness in the key scheduling
Algorithm of RC4", Proceedings in the selected Areas in Cryptography
2001, SAC-01, LNCS vol.2259, pp. 1-24, Springer-Verlag, 2001.
[6] Xiaoyun Wang and Hongbo Yu, "How to break MD5 and other hash
functions", Advances in Cryptology - EUROCRYPT, LNCS 3494,
Springer-Verlag , pp.19-35, 2005.
[7] Sheena Mathew, K.Paulose Jacob, "A New Fast Stream Cipher:
MAJE4", Proceedings of IEEE, INDICON 2005, pp60-63, 2005.
[8] National Institute of Standards and Technology (NIST) (2002), FIPS-
180-2: Secure Hash Standard, at
http://csrc.nist.gov/publications/fips/fips 180-2/fips 180-2.pdf.
[9] Sheena Mathew, K. Poulose Jacob, "JERIM-320: A New 320-bit Hash
Function with Higher Security", International Journal of Computers,
Systems and Signals, to be published.
[10] A.Roos, "A Class of weak keys in the RC4 stream cipher", sci.crypt,
1995.
[11] D.Wagner, " My RC4 weak keys", sci.crypt, September 1995.
[12] A.I.Grosul and D.S.Wallach, "A Related Key Cryptanalysis of RC4",
Manuscript from Department of Computer Science, Rice University, 6
June 2000.
[13] J.Dj.Golic, "Linear statistical Weakness of alleged RC4 keystream
generator", Advances in Cryptology - Eurocrypt 97, LNCS vol. 1233,
pp.226-238, Springer-Verlag, 1997.
[14] S.R.Fluhrer and D.A.McGrew, "Statistical Analysis of the Alleged RC4
Keystream Generator", Proceedings of Fast Software Encryption 2000,
LNCS vol. 1978, pp.19-30, Springer-Verlag, 2001.
[15] S.Mister and S.E.Tavares, "Cryptanalysis of RC4-like Ciphers",
Proceedings of SAC-98, LNCS vol. 1556, pp.131-143, Springer-
V0000erlag, 1999.
[16] L.Knudsen, W.Meier, B.Preneel, V.Rijmen and S.Verdoolaege,
"Analysis methods for (alleged) RC4", Advances in Cryptology -
AsiaCrypt 98, LNCS vol.1514, pp.327-341, Springer -Verlag, 1998.
[17] J.Dj.Golic, "Iterative Probabilistic Cryptanalysis of RC4 Keystream
Generator", Proceedings of ACISP 2000, LNCS vol.1841, pp. 220-233,
Springer - Verlag, 2000.
[18] I.Mantin and A. Shamir, " A Practical Attack on Broadcast RC4",
Proceedings of Fast Software Encryption, 2001, LNCS, vol.xx, pp.152-
164, Springer-Verlag, 2002.
[19] I.Mironov, "(Not so) Random Shuffles of RC4", Advances in
Cryptology -CRYPTO-2002, LNCS vol.2442, pp. 304-319, Springer
Verlag, 2002.
[20] Andreas Klein, "Attacks on the RC4 stream cipher", Designs, Codes
and Cryptography, 2007
[21] Subhamoy Maitra and Goutam Paul, "Many keystream bytes of RC4
leak secret key information", Cryptology ePrint Archieve, Report
2007/261, 2007, http://eprint.iacr.org/.
[22] Serge Vaudenay and Martin Vuagnoux, Passive-only key recovery
attacks on RC4. In Selected Areas in Cryptography 2007, Lecturer Notes
in Computer Science, Springer 2007
[23] Toshihiro Ohigashi, Hidenori Kuwakado, and Masakatu Morii, "A Key
recovery attack on WEP with less packets", Technical Report of IEICE,
ISEC Nov., 2007
[24] D.E.Knuth, The Art of Computer Programming, Vol.2, Seminumerical
Algorithms, Third Edition, Addison - Wesley, 1997.
[25] Mihir Bellare, Ran Canetti, Hugo Krawczyk (1996), "Keying Hash
Functions for Message Authentication", Advances in Cryptology-
CRYPTO, LNCS 1109, Springer- Verlag, pp 1-15.
[26] Jongsung Kim, Alex Biryukov, Bart Preneel, Seokhie Hong (2006), "On
the Security of HMAC and NMAC Based on HAVAL, MD4, MD5,
SHA-0 and SHA-1", Proceedings of SCN, LNCS 4116, Springer-
Verlag, pp 242-256.
[27] Christian Rechberger and Vincent Rijmen, "Note on Distinguishing,
Forgery, and Second Preimage Attacks on HMAC-SHA-1 and a Method
to Reduce the Key Entropy of NMAC", 2006, URL:
http://citeseer.ist.psu.edu/cache/papers/cs2/338/http:zSzzSzeprint.iacr.or
gzSz2006zSz290.pdf/note-on-distinguishing-forgery.pdf
[28] Mihir Bellare, Ran Canetti, Hugo Krawczyk (1996), "Message
Authentication using Hash Functions the HMAC Construction,
CryptoBytes, Vol 2, No.1, RSA Laboratories pp 1-5.
[29] Gene Tsudik (1992), "Message Authentication with One-Way Hash
Functions", Proceedings of IEEE-INFOCOM, pp 2055-2059.
[30] Thomas Calabrese (2006), "Information Security Intelligence
Cryptographic Principles and Applications", Thomson Delmar Learning,
India.
[31]Wagner D., "A Generalized Birthday Problem", Proceedings of Crypto
'02, LNCS vol. 2442, Springer-Verlag, 2002.
[32] H. Dobbertin (1996) "Cryptanalysis of MD4", Fast Software
Encryption, LNCS 1039, Springer-Verlag, 53-69.
[1] Transport layer Security, Wikipedia,
http://en.wikipedia.org/wiki/Secure_Sockets_Layer
[2] C.Allen and T.Dierks, The TLS Protocol Version 1.0. Internet Draft,
Internet Engineering Task Force, November 1997,
http://tools.ietf.org/html/rfc2246
[3] Security Protocols Overview An RSA Data Security Brief,
www.comms.scitech.susx.ac.uk/fft/crypto/security-protocols.pdf
[4] George Apostolopoulos, Vinod peris, Prashant Pradhan, Debanjan Sahi,
"Securing Electronic Commerce: Reducing the SSL Overhead", IEEE
Network, 14(4) : pp. 8-16, July 2000.
[5] S. Fluhrer, I. Mantin, A. Shamir, " Weakness in the key scheduling
Algorithm of RC4", Proceedings in the selected Areas in Cryptography
2001, SAC-01, LNCS vol.2259, pp. 1-24, Springer-Verlag, 2001.
[6] Xiaoyun Wang and Hongbo Yu, "How to break MD5 and other hash
functions", Advances in Cryptology - EUROCRYPT, LNCS 3494,
Springer-Verlag , pp.19-35, 2005.
[7] Sheena Mathew, K.Paulose Jacob, "A New Fast Stream Cipher:
MAJE4", Proceedings of IEEE, INDICON 2005, pp60-63, 2005.
[8] National Institute of Standards and Technology (NIST) (2002), FIPS-
180-2: Secure Hash Standard, at
http://csrc.nist.gov/publications/fips/fips 180-2/fips 180-2.pdf.
[9] Sheena Mathew, K. Poulose Jacob, "JERIM-320: A New 320-bit Hash
Function with Higher Security", International Journal of Computers,
Systems and Signals, to be published.
[10] A.Roos, "A Class of weak keys in the RC4 stream cipher", sci.crypt,
1995.
[11] D.Wagner, " My RC4 weak keys", sci.crypt, September 1995.
[12] A.I.Grosul and D.S.Wallach, "A Related Key Cryptanalysis of RC4",
Manuscript from Department of Computer Science, Rice University, 6
June 2000.
[13] J.Dj.Golic, "Linear statistical Weakness of alleged RC4 keystream
generator", Advances in Cryptology - Eurocrypt 97, LNCS vol. 1233,
pp.226-238, Springer-Verlag, 1997.
[14] S.R.Fluhrer and D.A.McGrew, "Statistical Analysis of the Alleged RC4
Keystream Generator", Proceedings of Fast Software Encryption 2000,
LNCS vol. 1978, pp.19-30, Springer-Verlag, 2001.
[15] S.Mister and S.E.Tavares, "Cryptanalysis of RC4-like Ciphers",
Proceedings of SAC-98, LNCS vol. 1556, pp.131-143, Springer-
V0000erlag, 1999.
[16] L.Knudsen, W.Meier, B.Preneel, V.Rijmen and S.Verdoolaege,
"Analysis methods for (alleged) RC4", Advances in Cryptology -
AsiaCrypt 98, LNCS vol.1514, pp.327-341, Springer -Verlag, 1998.
[17] J.Dj.Golic, "Iterative Probabilistic Cryptanalysis of RC4 Keystream
Generator", Proceedings of ACISP 2000, LNCS vol.1841, pp. 220-233,
Springer - Verlag, 2000.
[18] I.Mantin and A. Shamir, " A Practical Attack on Broadcast RC4",
Proceedings of Fast Software Encryption, 2001, LNCS, vol.xx, pp.152-
164, Springer-Verlag, 2002.
[19] I.Mironov, "(Not so) Random Shuffles of RC4", Advances in
Cryptology -CRYPTO-2002, LNCS vol.2442, pp. 304-319, Springer
Verlag, 2002.
[20] Andreas Klein, "Attacks on the RC4 stream cipher", Designs, Codes
and Cryptography, 2007
[21] Subhamoy Maitra and Goutam Paul, "Many keystream bytes of RC4
leak secret key information", Cryptology ePrint Archieve, Report
2007/261, 2007, http://eprint.iacr.org/.
[22] Serge Vaudenay and Martin Vuagnoux, Passive-only key recovery
attacks on RC4. In Selected Areas in Cryptography 2007, Lecturer Notes
in Computer Science, Springer 2007
[23] Toshihiro Ohigashi, Hidenori Kuwakado, and Masakatu Morii, "A Key
recovery attack on WEP with less packets", Technical Report of IEICE,
ISEC Nov., 2007
[24] D.E.Knuth, The Art of Computer Programming, Vol.2, Seminumerical
Algorithms, Third Edition, Addison - Wesley, 1997.
[25] Mihir Bellare, Ran Canetti, Hugo Krawczyk (1996), "Keying Hash
Functions for Message Authentication", Advances in Cryptology-
CRYPTO, LNCS 1109, Springer- Verlag, pp 1-15.
[26] Jongsung Kim, Alex Biryukov, Bart Preneel, Seokhie Hong (2006), "On
the Security of HMAC and NMAC Based on HAVAL, MD4, MD5,
SHA-0 and SHA-1", Proceedings of SCN, LNCS 4116, Springer-
Verlag, pp 242-256.
[27] Christian Rechberger and Vincent Rijmen, "Note on Distinguishing,
Forgery, and Second Preimage Attacks on HMAC-SHA-1 and a Method
to Reduce the Key Entropy of NMAC", 2006, URL:
http://citeseer.ist.psu.edu/cache/papers/cs2/338/http:zSzzSzeprint.iacr.or
gzSz2006zSz290.pdf/note-on-distinguishing-forgery.pdf
[28] Mihir Bellare, Ran Canetti, Hugo Krawczyk (1996), "Message
Authentication using Hash Functions the HMAC Construction,
CryptoBytes, Vol 2, No.1, RSA Laboratories pp 1-5.
[29] Gene Tsudik (1992), "Message Authentication with One-Way Hash
Functions", Proceedings of IEEE-INFOCOM, pp 2055-2059.
[30] Thomas Calabrese (2006), "Information Security Intelligence
Cryptographic Principles and Applications", Thomson Delmar Learning,
India.
[31]Wagner D., "A Generalized Birthday Problem", Proceedings of Crypto
'02, LNCS vol. 2442, Springer-Verlag, 2002.
[32] H. Dobbertin (1996) "Cryptanalysis of MD4", Fast Software
Encryption, LNCS 1039, Springer-Verlag, 53-69.
@article{"International Journal of Information, Control and Computer Sciences:49260", author = "Sheena Mathew and K. Poulose Jacob", title = "Use of Novel Algorithms MAJE4 and MACJER-320 for Achieving Confidentiality and Message Authentication in SSL and TLS", abstract = "Extensive use of the Internet coupled with the
marvelous growth in e-commerce and m-commerce has created a
huge demand for information security. The Secure Socket Layer
(SSL) protocol is the most widely used security protocol in the
Internet which meets this demand. It provides protection against
eaves droppings, tampering and forgery. The cryptographic
algorithms RC4 and HMAC have been in use for achieving security
services like confidentiality and authentication in the SSL. But recent
attacks against RC4 and HMAC have raised questions in the
confidence on these algorithms. Hence two novel cryptographic
algorithms MAJE4 and MACJER-320 have been proposed as
substitutes for them. The focus of this work is to demonstrate the
performance of these new algorithms and suggest them as dependable
alternatives to satisfy the need of security services in SSL. The
performance evaluation has been done by using practical
implementation method.", keywords = "Confidentiality, HMAC, Integrity, MACJER-320,MAJE4, RC4, Secure Socket Layer", volume = "2", number = "3", pages = "615-7", }
