WIRELESS COMMUNICATIONS SECURITY

Dr. T.J.Owens CEng MIEE

Email: Thomas.Owens@brunel.ac.uk
Module Overview
Fundamentals of Cryptography
Block 1: Basic concepts of cryptography
Block 2: Simple Ciphers and Classical Ciphers and A
Complexity Measure for Security
Block 3: Modern symmetric key cryptography
Block 4: Public key cryptography

Securing the Mobile Phone Network

Block 5: GSM (2G) Telecommunications Security
Block 6: GPRS (2.5G) Security
Block 7: Wireless Application Protocol (WAP) and i-mode
Block 8: 3G Telecommunications Security

Securing laptop Wi-Fi connection to wired

network
Block 9: Wi-Fi Security Basics
Block 10: WEP
Block 11: Overview of WPA and RSN
Block 12: RADIUS, TLS, IEEE 802.11w
Block 13: Key Management in WPA and RSN
Block 14: TKIP and AES-CCMP

Securing hybrid wireless infrastructure

networks
Block 15: Securing WiMAX networks
Block 16: Securing converged Wi-Fi and UMTS networks

Block 1: Basic concepts of cryptography

Objectives
After studying this material you should
Appreciate that the central issue in data
encryption is the design of data
transformations that are easy, given a specific
piece of secret knowledge, but extremely
difficult otherwise.
Recognise that a modern cryptosystem
achieves secrecy through an algorithm which
computes a code from a key.
Understand that cryptographic techniques can
protect against eavesdropping and tampering.
Be able to calculate the Unicity Distance of a
cipher system and comprehend its
significance.
Understand how the one time pad achieves
perfect secrecy.
Appreciate that linear feedback shift registers
provide a method for approximating the one
time pad.

Boundaries

Figure: Block diagram of a communications system.

Source
Coding

Source
Decoding

Encryption

Decryption

Channel
Coding

Channel
Decoding

Figure: Coding steps in a communications system.

Cryptography
Cryptosystem or cipher system is a method of
hiding the content of messages.
Cryptography is the art of creating and using
cryptosystems.
Cryptanalysis is the art of breaking cryptosystems.
Cryptology is the study of both cryptography and
cryptanalysis.
Plain
text

Plain
text

Alice

Bob

Eve

Key Phrase Cipher

A

Features of the Example Cipher

1. Easy encoding and decoding
2. Easy to remember key.
3. The use of different alphabets for the plaintext and
ciphertext.
4. Each input symbol mapped to two output symbols.
5. Removal of redundancy in the plain text (i and j
treated as the same letter and spaces omitted.
6. Independent encoding of plaintext characters
7. Some letters from the keyphrase are discarded.

Data Security and Information Theory

Cryptosystems
Aim to transform original data (plaintext) into an
unintelligible form (ciphertext) before transmitting it
over a communication system.
This involves computing an invertible transformation
of a message that is hard to invert without some
secret knowledge known as the key.
Encoding process often called encryption and the
decoding process decryption.
An unauthorised person attempting to unauthorised
access to a communications system is a
cryptanalyst or adversary.
The key must be transmitted from Alice to Bob
by a secure channel.
Cryptosystems may be used to
Secrecy/Privacy,
Authenticity/Integrity
Anonymity/Invisibility.

assure
and

Attacks on Cipher systems

Passive wiretapping (eavesdropping)
Active wiretapping (tampering)
Eve (the cryptanalyst) knows
The encryption algorithm.
The plaintext statistics or structure.
Probability distribution of keys.
The ciphertext only attack: Eve knows
the encryption algorithm and has some
ciphertext and some knowledge of the
statistical structure of the plaintext.
The known plaintext attack. Eve knows
the encryption algorithm and has some
plaintext together with its corresponding
ciphertext.
The chosen plaintext attack. Eve
knows the encryption algorithm and is
able to choose some plaintext and
arrange that it is encrypted.

Discrete Random Variables

X denotes the number of mouse clicks

x: CLICK CLICK CLICK CLICK CLICK CLICK
Y denotes the number of keystrokes
y: KEY KEY KEY KEY KEY
we can write P( X x, Y x )
(This denotes the probability that X and Y are equal
to x)
we cannot write P( X Y)
(This would implies that random variable X is the
same as random variable Y)

10

Probability Distribution
The probability distribution of X is the set of pairs

x1 , p x1 , x2 , p x2 ,,
n

p1 p 2 p n p i 1
i 1

11

Discrete Information Sources

A discrete information source emits an endless
stream of symbols drawn from an alphabet
1 , 2 , , n

A discrete memoryless source (DMS) is a source

that emits a stream of statistically independent
symbols from its alphabet.
A binary memoryless source has an alphabet of
two symbols
Rolling a die = DMS
Tossing a coin = binary DMS

12

Uncertainty and Information

Information conveyed by a message or symbol
with probability p is
I p log b p log b 1 p

Entropy is the expected information or

n

i 1

i 1

H b X pi I p i p i log b pi

B
2
E
10

Unit of information
Bit (binary digit)
Nat (natural logarithm)
Hartley

Unit of Entropy
Bits/symbol
Nats/symbol
Hartleys/symbol

13

Ciphertext only Cryptanalysis

A

0.1
0.2
0.3
0.4
k1
k2

Consider the above source and cipher system.

The cryptanalyst knows the plaintext symbol
probabilities P(A), P(B), P(C), and P(D) and the
probability distribution of the keys (P(k1) and P(k2)
are equally likely).
The cryptanalyst needs to identify the key.
The cryptanalyst can calculate the probabilities that
any ciphertext character resulted from a particular
plaintext character.

14

For example, if ciphertext A is observed this results

from plaintext character B and k1 or plaintext
character A and k2.
So the probabilities of each of these may be
calculated as
P ( B ) P ( k1)
P ( B ) P ( k1) P ( A) P ( k 2)
P ( A) P ( k 2)
P ( A, k 2 | A)
P ( B ) P ( k1) P ( A) P (k 2)
P ( B, k1 | A)

This process may be continued to build up a table

of conditional probabilities

15

Plaintext, Key
Ciphertext A, k1 A, k2 B, k1 B, k2 C, k1 C, k2 D, k1 D, k2
A

0.333 0.667 0

0.25 0

0.333 0

Suppose the following

enciphered using k2 then

0.75 0

0.667 0

0.429 0
plaintext

Plaintext:

DCDBCDADCB

Ciphertext:

DBDCBDADBC

0
has

0.571
been

On seeing the ciphertext the cryptanalyst calculates

the probability of the two possible corresponding
plaintexts (s1 and s2) using the table as follows:
The ciphertext contains one A, three Bs, two Cs and
four Ds.

16

Calculating the product of the relevant conditional

probabilities for each key gives
1 =

0.667 0.25 3 0.667 2 0.429 4 1.57 10 4

2 =

0.33 0.75 3 0.333 2 0.5714 1.66 10 3

Then

P ( s1 | s )

1
1.57 10 4

0.086
1 2 1.57 10 4 1.66 10 3

P( s 2 | s)

2
1.66 10 3

0.914
1 2 1.57 10 4 1.66 10 3

Plaintext s2 = DCDBCDADCB and the key was k2.

17

Shannon proposed two measures of the

security of a cipher system:
Cover Time: This is the time estimated to break the
system with unlimited access to plaintext and
ciphertext, but using current computing technology.
Unicity Distance: This is the amount of ciphertext
required for the key to be identified uniquely.
Unicity Distance
For a source X with an alphabet of size and
probability distribution p p , , p the entropy is the
expected information:
1,

H b ( X ) pi log b pi
i 1

Now let ML denote a random plaintext of length L

giving ciphertext CL of length L by application of key
kx from key set K.
For any ciphertext the minimum number, n, of
cipher text symbols needed before only one key
could have generated that ciphertext is:

18

H (K )
lg H ( X )

The unicity distance is given by the equality of this

expression. For k equiprobable keys this is

lg k
lg H ( X )

19

Infinite Unicity Distance

If the unicity distance is infinite then we would have
a perfectly secure system.
We have two choices:
1.

Make the denominator zero,

H ( X ) lg

This is only true if the message is randomly

generated or is perfectly compressed, neither
of which is possible.
2.

Make the numerator infinite, H (K ) .

This would seem to require a key of infinite
size.
However, for a message of n symbols we only
need n randomly generated symbols of the key
H ( K ) n lg .
Then the unicity distance is greater than n and
we need more ciphertext characters than the n
available to break the cipher.
This is the basis of a provably unbreakable
cipher.

Perfect Secrecy

20

This gives perfect secrecy if:

M C K

ie The number of keys equals the number of

messages.
A HUGE amount of key data required.

21

The One Time Pad

The only cipher that provides perfect secrecy
Each key is used only once
Random
Sequence
PlainText

Mixer

CipherText

The one time pad is so called because the sender

at one time had a pad of paper upon each page of
which there is a truly random sequence of symbols.
A page is destroyed after use so that each key is
used only once.
The mixing function can be as simple as addition
modulo 2.

22

Approximating the One Time Pad

OTP is impractical because we cannot
mathematically generate truly random sequences.
Pseudorandom sequences, or pseudonoise, used.

Implementation Using Shift Registers

We can approximate a one-time pad by generating
an extremely long psuedorandom sequence (of
length 10 or more) and then combining the
elements of this sequence with plaintext symbols in
a very simple way.
100

The psuedorandom sequence generator in a

stream cipher consists of memory, which holds its
current state, and a next state function, which
computes a new state at each step.
The output of the sequence generator is some
function of its state.
23

In the following illustrations the arrows go both ways

between the State box and the Next State Function
box because the next state is a function of the
current state.
A closely related cipher system is the cipher
feedback (CFB) configuration where the ciphertext
is fed back into the keystream sequence generator.
Thus the ciphertext in a message depends on all
the preceding ciphertext in the message.
This can provide message authentication
preventing an adversary tampering with a message
undetected.

24

Initial
State
Key

Initial
State

State

Next State
Select
Function
Function
PlainText in
chunks of a
few bits

Key

Keystream
Mixer

CipherText

Stream Cipher

State

Next State
Select
Function
Function
PlainText in
chunks of a
few bits

Keystream
Mixer

CipherText

Cipher Feedback Mode

Wireless technologies use stream ciphers because they approximate the one-time pad and
because they only require an encryption card not an encryption and a decryption card.

25

Binary Linear Feedback Shift Registers

Binary LFSRs are used to generate very long
sequences of pseudorandom numbers.

Appropriate connections made here to generate sequence

Sn1

Sn2

S1

S0

Binary Linear Feedback Shift Register

The shift register is a sequence of bits (if it is n-bits
long, it is called an n-bit shift register).
Each time a new bit is needed, all bits in the shift
register are shifted 1 to the right.
The new left-most bit is computed as a function of
the other bits in the register. The output of the shift
register is 1 bit, often the least significant bit.

The Security of LFSRs

26

LFSRs are not secure because of their linearity.

Only 2n consecutive bits from the register are
required to attack an LFSR with n stages requires.
To obtain the state and feedback coefficients of the
register requires only one matrix inversion since we
are solving 2n linear equations.

27

Nonlinear Methods
Combine the output of two or more registers nonlinearly.
Many nonlinear combinations of LFSRs have been
proposed but all have some weaknesses making
them insecure.
The idea of a nonlinear FSR has more merit,
however, and the OFB mode of the DES block
cipher to be seen in block 4 is essentially a
nonlinear FSR.
Bluetooth deploys a stream cipher built using a
nonlinear combination of LFSRs.

28