2010 International Conference on Financial Theory and Engineering
A New Symmetric Cryptography Algorithm to Secure E-Commerce Transactions Fahime Javdan Kherad
Mohammad V. Malakooti Department of Computer Engineering, IAU
Department of Computer Engineering, IAU Dubai, U.A.E.
[email protected]
Dubai, U.A.E.
[email protected]
Hamid R. Naji Department of Computer Engineering, IAU
Payman Haghighat Department of Computer Engineering, IAU
Dubai, U.A.E.
[email protected]
Dubai, U.A.E.
core of RC4 in our research, in which returns a random byte. Notice that the PRGA does not return an easily determined index of the state table
Abstract— In this research we have proposed a new selfdeveloped symmetric algorithm called FJ RC-4, which is derived from RC4. Our studies shown that KSA is the vulnerable stage of RC4, whereas a new self-developed symmetric algorithm, FJ-RC4, is an attempt to increase the security of RC4 by introducing the new algorithm for the KSA stage. We have investigated and compared the robustness of the RC4 and FJ-RC4 and shown that FJ-RC4 is stronger than RC4 against the attacks. In addition, it takes more time to find key in FJ-RC4 and requires more resources. Thus, it would lead us to a more secure algorithm in addition to the fact that FJ-RC4 keeps RC4 simplicity in the core algorithm, PRGA. In addition this idea can be more efficient if KSA and PRGA stages are conducted concurrently.
Although RC4 is popular and fast due to its short and simple PRGA (core) algorithm but several weaknesses have been found in KSA stage of RC4. Thus, we have decided to study on this matter in order to come up with a solution to improve RC4 algorithm, in which it was necessary to make KSA much more complicated so that it could be against the attacks. II.
RC4 has attracted much attention because of its simple algorithm that can be used for cryptography. The simplicity of the four lines round algorithm makes it easy to be used for the implementation and as a result reducing the likelihood of errors. Moreover, the number of operations required for the encryption /decryption processes is quite small and make it efficient. Further, only a few bytes of operations are required making it efficient when implemented on small processors such as those found in smart cards, and the memory requirements are reasonable. After studying RC4, we developed a cipher, called FJRC4, which turned out to resemble RC4 to a great extent. Although it has several important differences on Key scheduling, FJ-RC4 is built from a new KSA, which uses the key stream in three stage processes and shares PRGA structures with RC4. One key difference in the PRGA is that FJ-RC4 is not a one stage encryption but it involves threestage encryption. It means that the plain text is encrypted with the first portion of the key stream and the encrypted message is encrypted with the second portion of the key stream, and finally the double encrypted message will be encrypted with the third portion of the key stream. We will explain the details of the FJ-RC4 and its functions for clearance. The strong resemblance between FJ RC4 and RC4 is in their algorithm for doing the encryption and decryption using the key stream and combine the Plain
Keywords- Symmetric Cryptography Algorithm, Stream Cipher, RC4
I.
INTRODUCTION
One of the most popular and fastest symmetric algorithms is called RC4 in which it used in popular protocols such as Secure Socket Layer to protect Internet traffic and WEP to secure Wireless Networks. RC4, also known as ARC4 (Alleged RC4), was developed by Ron Rivest at RSA security in 1987, and it was kept as a trade secret until 1994, when it was posted anonymously to the cipher punks mailing list[1]. Two key weaknesses were discovered within a year for the RC4 algorithm. RC4 is a stream cipher that means it essentially generates a Pseudorandom Streams of bits (key streams) which is combined with plain text using bit-wise Exclusive OR for the encryption process. The decryption process is the same way as encryption and encrypted message will be combined with the same key streams using bit-wise Exclusive OR. Due to the symmetric property of the XOR the plain text will be recovered from the cipher text without any error RC4 algorithm has two stages, the Key Scheduling Algorithm( KSA) that initializes the state table to be a "random" permutation based on the key[2]., and the Pseudo Random Generator Algorithm(PRGA) which is called the 234 978-1-4244-7759-3/10 $26.00 © 2010 IEEE
FJ-RC4: A NEW SELF DEVELOPED ALGORITHM
encryption will be combined with the first sub-key array, array[0], using bit-wise Exclusive OR for the first stage of encryption process. The result from this step will be combined with the second sub-key array, array[1], using bitwise Exclusive OR for the second stage of encryption process. Finally, the result from step 2 will be combined with the third sub-array, array[2] , using bit-wise Exclusive OR for the third stage of encryption. The third encryption process will produce the cipher string by the FJ-RC4
text or Cipher using the bit-wise Exclusive OR of the key stream for the encryption processes. After describing FJRC4, We analyze its performance in compare with the RC4 regarding to the speed of algorithm, memory usage and security. We have shown that FJ-RC4 is stronger than RC4 while it takes longer time to perform three-stage encryption but indicated that encrypted message is more secure. Educating the consumer on security issues is still in the infancy stage but will prove to be the most critical element of the e-commerce security architecture. Possibly the greatest weakness of RC4 and similar ciphers is the time it takes to complete the key schedule. It is not easy to design a fast key schedule for these ciphers; the internal state must be filled or shuffled and the size of the internal state puts a lower bound on the number of operations required. The analysis also has shown that the biases caused by insufficient shuffling in the key schedule can produce biases in the output, making it even more difficult to have an efficient key schedule. III.
B. Decryptions It should be mentioned that bit-wise Exclusive OR operation has symmetric property and original string can be
FJ-RC4 ALGORITHM
A. Key Schedule Algorithm The key mechanism in FJ-RC4 is very similar to one that used in RC4, with the distinction that Key needs to be initialized as well as Algorithm / Pseudo code. The core of RC4 algorithm remains the same in our algorithm. It means the encryption and decryption phases are the same as RC4 which is simple and fast. However, to prevent attacks which are happening through key scheduling, we made a strong algorithm for KSA. In FJ-RC4 at beginning of the process the main key is divided by three equal portions to make three different sub-keys. If the length of main key is not divisible by three, then we use zero padding to make it divisible by three.
Fig. 1 FJ- RC4 Encryption And Decryption Algorithm
recovered from the encrypted string using the cipher string that has been encrypted by FJ-RC4. Since the main key is divided by three portions during the encryption process, thus the decryption process is in the opposite direction of the encryption process. First, the cipher string must be combined with the third sub-key array using bit-wise Exclusive OR for the first stage of decryption. The result from this step will be combined with the second subkey array using bit-wise Exclusive OR for the second stage of decryption. Finally, the result from step 2 will be combined with the third sub-array, using bit-wise Exclusive OR for the third stage of decryption. Thus, third decryption process will produce the original string by the FJ-RC4. .The Encryption And Decryption Algorithm is shown in Fig 1.
String key; String[] array = new String[3]; int remain = 3 - (key.length() % 3); if(remain != 3) { for(int i=0;i
