Furthermore, it is based on bitwise operations which are carried out quickly. Figure 2 shows EEA2 structure for encryption which has been adopted from [4]. This is the same structure to be used for decryption. These input values are written from most significant bit on the left to least significant bit on the right, so for example COUNT[0] is the most significant bit of key stream.
The least significant 64 bits of key stream1 are all 0. The output of AES is based on bits key-stream and cipher key which are explained previously. This cipher text is going to be transmitted to the receiver. The same operation will be done on the receiver side to get the plain text. The authors provide an explanation about the large changes made in the mobile network. One of the main issues by this change is discussion of security against various threats, which by progress and increases the growing complexity of networks and entry various services such as new multimedia services, Internet and e-commerce features, tried to improve the security mechanism.
For instance, one of the most evolved security mechanisms is authentication and key agreement protocol in mobile networks which have been mutual. Furthermore, there is an explanation about how user and network authenticate each other and agree on the encryption and integrity keys, by the specific and complex mechanism and algorithms. The authors provide an insight to reader about step by step process of authentication and key agreement. Also there is a note saying that during authentication process in the next generation mobile networks, key separation and key hierarchy has been added.
Also it has proposed improvement to perform terms of efficient use of bandwidth, and decrease wasted computation overhead, an improved protocol is recommended. The main reason of using several keys are produced id to provide key separation and to protect the underlying shared secret key K. LTE security requirements and key hierarchy system have been studied in previous studies.
However, the key hierarchy and its generation steps are explained in more detail to provide in-depth explanation about generating keys pattern and their purposes.
While those two algorithms each provides full security, two standard algorithms that differ in basic structure are used in 3GPP so that even if one algorithm is broken, the other can be used for continued secure use of the LTE system. Once the user and the network have authenticated each other they may begin secure communication.
Before encryption can begin, the communicating parties have to agree on the encryption algorithm also. To each EEA algorithm is assigned a 4-bit identifier. Below is the detail of each identifier has been used for algorithm selection.
The EEA0 algorithm is implemented in the way that it has the same effect as if it generates a key-stream of all zeroes. SNOW-3G has a classical stream cipher structure, producing a continuous key stream.
In Cryptography, modes of operation are the procedure of enabling the repeated and secure use of a block cipher under a single key. The counter mode can do that operation as a stream cipher. Typically, the last block must also be extended to match the cipher's block length using a suitable padding scheme. The counter mode has significant efficiency advantages over the standard encryption modes without weakening the security.
This means that the cipher key CK has to be transferred from the core network to the radio access network. The combination of HFN and the shorter counter is called COUNT-C and is used as an ever-changing input to the mask generation inside the encryption mechanism [4] and [7]. In principle, the longer counter HFN could also eventually wrap around. Fortunately, it is reset to zero whenever a new key is generated during the authentication and key agreement procedure.
The authentication events are in practice frequent enough to rule out the possibility of HFN wrap-around.
Consequently, reply of message could occur, and the messaged encrypted with the same mask would be exposed to the attacker. This isonly one bit information in the key-stream. The parameter 0 indicates uplink while 1 indicates downlink. Note that the value of LENGTH affects only the number of bits in the mask bit stream; it does not have an effect on the bits themselves in the generated stream.
The combination of all these parameters and key make EEA algorithm operation succeed. The output is called Key- stream Block. Then after stream cipher will come in the operation sequence. A cipher text will be send to the receiver.
The most significant bit starts from left to right in the figure as color of individual block goes from dark to light.
The least significant 64 bits of T1 are all 0 as shown in the figure. The main purpose of doing this is to make key stream bits so it can be used as an input in bits encryption algorithm. Subsequent counter blocks are then obtained by applying the standard integer incrementing function mod to the least significant 64 bits of the previous counter block. The final block can be less than bits. Encryption process occurs as shown in Algorithm 1.
The above algorithm process and truncated AES operation is explained in [4]. The decryption operation has the same process as encryption. At the receiver side the key-stream block has been already prepared to XOR with cipher text and gets the plain text.
It has to be noticed that the plain text is only XORed with the key-stream block and get the cipher text by using CounTer Mode. The idea of stream cipher is based on simple but yet secured cipher called the one-time pad. On the other hand, the one-time pad has one major weakness: secure transport or storage of the key becomes as demanding a task as secure transport or storage of the plaintext itself. But still one main advantage of a stream cipher is the fact that the mask bit stream can be generated in advance, even before the plaintext is known.
This helps avoiding delays in the communication. Another advantage is that the number of erroneous bits in the ciphered message introduced by a noisy channel equals the number of erroneous bits in the recovered plaintext; whereas, for a block cipher, one bit error in a ciphered block typically renders the entire block of recovered plaintext unintelligible.
This is the reason why stream ciphers are often used for channels with relatively high bit error rates, such as radio channels. This section will describe the proposed stream cipher improvement so it can make the security architecture more secure. These keys are derived from KeNB [2]. The 4-bits identifiers explained in the beginning of section 4. They are , and The literature review demonstrates that 3GPP technology uses bit wise rotation operation for deriving different function such as f1,f2,f3,f4,f5 to generate several keys.
Hence, the combination of identifier and bit wise rotation operation can be used to make EPS security mechanism more secure. Now, another key which we propose is generated as shown in Figure 7, CK2 and dynamic bit wise rotation operation which is dependent on identifier we used in our new proposed algorithm mechanism. In algorithm, we do the encryption of n plaintext blocks as shown in Algorithm 2. The block wise operational demonstration is shown in the Figure 7.
Figure 7: Ciphering Algorithm Mechanism on Sender Side and The sender will transmit cipher text to the receiver. At the receiver side the plain text will get back by apposite operation of encryption. Here, it has to be noted that deciphering operation also uses AES encryption algorithm to decrypt the cipher text.
The decryption of n cipher text blocks can be summarized below in Algorithm 3. Therefore it is one way cipher text comes.
This method does save time compare to using AES algorithm directly for plain text. The proposed algorithm was added to get the output such as input parameters, cipher key. These input values are written from most significant bit on the left to least significant bit on the right, so for example COUNT[0] is the most significant bit of key stream.
The least significant 64 bits of key stream1 are all 0. The output of AES is based on bits key-stream and cipher key which are explained previously. This cipher text is going to be transmitted to the receiver. The same operation will be done on the receiver side to get the plain text. The authors provide an explanation about the large changes made in the mobile network.
One of the main issues by this change is discussion of security against various threats, which by progress and increases the growing complexity of networks and entry various services such as new multimedia services, Internet and e-commerce features, tried to improve the security mechanism. For instance, one of the most evolved security mechanisms is authentication and key agreement protocol in mobile networks which have been mutual.
Furthermore, there is an explanation about how user and network authenticate each other and agree on the encryption and integrity keys, by the specific and complex mechanism and algorithms.
The authors provide an insight to reader about step by step process of authentication and key agreement. Also there is a note saying that during authentication process in the next generation mobile networks, key separation and key hierarchy has been added. Also it has proposed improvement to perform terms of efficient use of bandwidth, and decrease wasted computation overhead, an improved protocol is recommended.
The main reason of using several keys are produced id to provide key separation and to protect the underlying shared secret key K. LTE security requirements and key hierarchy system have been studied in previous studies. However, the key hierarchy and its generation steps are explained in more detail to provide in-depth explanation about generating keys pattern and their purposes.
While those two algorithms each provides full security, two standard algorithms that differ in basic structure are used in 3GPP so that even if one algorithm is broken, the other can be used for continued secure use of the LTE system. Once the user and the network have authenticated each other they may begin secure communication.
Before encryption can begin, the communicating parties have to agree on the encryption algorithm also. To each EEA algorithm is assigned a 4-bit identifier. Below is the detail of each identifier has been used for algorithm selection. The EEA0 algorithm is implemented in the way that it has the same effect as if it generates a key-stream of all zeroes. SNOW-3G has a classical stream cipher structure, producing a continuous key stream. In Cryptography, modes of operation are the procedure of enabling the repeated and secure use of a block cipher under a single key.
The counter mode can do that operation as a stream cipher. Typically, the last block must also be extended to match the cipher's block length using a suitable padding scheme. The counter mode has significant efficiency advantages over the standard encryption modes without weakening the security. This means that the cipher key CK has to be transferred from the core network to the radio access network.
The combination of HFN and the shorter counter is called COUNT-C and is used as an ever-changing input to the mask generation inside the encryption mechanism [4] and [7]. In principle, the longer counter HFN could also eventually wrap around. Fortunately, it is reset to zero whenever a new key is generated during the authentication and key agreement procedure.
The authentication events are in practice frequent enough to rule out the possibility of HFN wrap-around. Consequently, reply of message could occur, and the messaged encrypted with the same mask would be exposed to the attacker. This isonly one bit information in the key-stream. The parameter 0 indicates uplink while 1 indicates downlink. Note that the value of LENGTH affects only the number of bits in the mask bit stream; it does not have an effect on the bits themselves in the generated stream.
The combination of all these parameters and key make EEA algorithm operation succeed. The output is called Key- stream Block. Then after stream cipher will come in the operation sequence. A cipher text will be send to the receiver.
The most significant bit starts from left to right in the figure as color of individual block goes from dark to light. The least significant 64 bits of T1 are all 0 as shown in the figure. The main purpose of doing this is to make key stream bits so it can be used as an input in bits encryption algorithm.
Subsequent counter blocks are then obtained by applying the standard integer incrementing function mod to the least significant 64 bits of the previous counter block. The final block can be less than bits. Encryption process occurs as shown in Algorithm 1. The above algorithm process and truncated AES operation is explained in [4]. The decryption operation has the same process as encryption.
At the receiver side the key-stream block has been already prepared to XOR with cipher text and gets the plain text. It has to be noticed that the plain text is only XORed with the key-stream block and get the cipher text by using CounTer Mode. The idea of stream cipher is based on simple but yet secured cipher called the one-time pad.
On the other hand, the one-time pad has one major weakness: secure transport or storage of the key becomes as demanding a task as secure transport or storage of the plaintext itself.
But still one main advantage of a stream cipher is the fact that the mask bit stream can be generated in advance, even before the plaintext is known. This helps avoiding delays in the communication. Another advantage is that the number of erroneous bits in the ciphered message introduced by a noisy channel equals the number of erroneous bits in the recovered plaintext; whereas, for a block cipher, one bit error in a ciphered block typically renders the entire block of recovered plaintext unintelligible.
This is the reason why stream ciphers are often used for channels with relatively high bit error rates, such as radio channels. This section will describe the proposed stream cipher improvement so it can make the security architecture more secure.
These keys are derived from KeNB [2]. The 4-bits identifiers explained in the beginning of section 4. They are , and The literature review demonstrates that 3GPP technology uses bit wise rotation operation for deriving different function such as f1,f2,f3,f4,f5 to generate several keys.
Hence, the combination of identifier and bit wise rotation operation can be used to make EPS security mechanism more secure. Now, another key which we propose is generated as shown in Figure 7, CK2 and dynamic bit wise rotation operation which is dependent on identifier we used in our new proposed algorithm mechanism. In algorithm, we do the encryption of n plaintext blocks as shown in Algorithm 2. The block wise operational demonstration is shown in the Figure 7. Figure 7: Ciphering Algorithm Mechanism on Sender Side and The sender will transmit cipher text to the receiver.
At the receiver side the plain text will get back by apposite operation of encryption. Here, it has to be noted that deciphering operation also uses AES encryption algorithm to decrypt the cipher text. The decryption of n cipher text blocks can be summarized below in Algorithm 3. Therefore it is one way cipher text comes.
This method does save time compare to using AES algorithm directly for plain text. The proposed algorithm was added to get the output such as input parameters, cipher key. The input parameters set in the simulator are illustrated in Table 1 below.
Plain Text is the text which has to be encrypted and send it to the receiver.
0コメント