Related-key Attack - Preventing Related-key Attacks

Preventing Related-key Attacks

One approach to preventing related-key attacks is to design protocols and applications so that encryption keys will never have a simple relationship with each other. For example, each encryption key can be generated from the underlying key material using a cryptographic hash function or other key derivation function.

For example, a replacement for WEP, Wi-Fi Protected Access (WPA), uses three levels of keys: master key, working key and RC4 key. The master WPA key is shared with each client and access point and is used in a protocol called TKIP to create new working keys frequently enough to thwart known attack methods. The working keys are then combined with a longer, 48-bit IV to form the RC4 key for each packet. This design mimics the WEP approach enough to allow WPA to be used with first-generation Wi-Fi network cards, some of which implemented portions of WEP in hardware. However, not all first-generation access points can run WPA.

Another, more conservative approach is to employ a cipher designed to prevent related-key attacks altogether, usually by incorporating a strong key schedule. A newer version of Wi-Fi Protected Access, WPA2, uses the AES block cipher instead of RC4, in part for this reason. There are related-key attacks against reduced-round AES, but unlike those against RC4, they're far from practical to implement, and WPA2's key generation functions may provide some security against them. Many older network cards cannot run WPA2.

Block ciphers (security summary)

Common algorithms	AES Blowfish DES Triple DES Serpent Twofish

Less common algorithms	Camellia CAST-128 IDEA RC2 RC5 SEED Skipjack TEA XTEA

Other algorithms	3-Way Akelarre Anubis ARIA BaseKing BassOmatic BATON BEAR and LION CAST-256 CIKS-1 CIPHERUNICORN-A CIPHERUNICORN-E CLEFIA CMEA Cobra COCONUT98 Crab Cryptomeria/C2 CRYPTON CS-Cipher DEAL DES-X DFC E2 FEAL FEA-M FROG G-DES GOST Grand Cru Hasty Pudding cipher Hierocrypt ICE IDEA NXT Intel Cascade Cipher Iraqi KASUMI KeeLoq KHAZAD Khufu and Khafre KN-Cipher Ladder-DES Libelle LOKI97 LOKI89/91 Lucifer M6 M8 MacGuffin Madryga MAGENTA MARS Mercy MESH MISTY1 MMB MULTI2 MultiSwap New Data Seal NewDES Nimbus NOEKEON NUSH PRESENT Q RC6 REDOC Red Pike S-1 SAFER SAVILLE SC2000 SHACAL SHARK SMS4 Spectr-H64 Square SXAL/MBAL Threefish Treyfer UES Xenon xmx XXTEA Zodiac

Design	Feistel network Key schedule Product cipher S-box P-box SPN

Attack (cryptanalysis)	Brute force MITM Linear Differential (Impossible Truncated Higher-order) Integral Boomerang Mod n Related-key Slide Rotational Timing XSL Interpolation Partitioning Davies'

Standardization	AES process CRYPTREC NESSIE

Misc	Avalanche effect Block size Initialization vector Key size Modes of operation Padding Piling-up lemma Weak key EFF DES cracker Key whitening

Stream ciphers

Widely used ciphers

RC4
Block ciphers in stream mode

eSTREAM Portfolio

Software	HC-256 Rabbit Salsa20/12 SOSEMANUK

Hardware	Grain MICKEY Trivium

Other ciphers

A5/1
A5/2
E0
FISH
ISAAC
MUGI
Panama
Phelix
Pike
Py
QUAD
Scream
SEAL
SNOW
SOBER
SOBER-128
VEST
WAKE

Theory

Shift register
LFSR
NLFSR
Shrinking generator
T-function
IV

Attacks

Correlation attack
Correlation immunity

Cryptography

History of cryptography Cryptanalysis Cryptography portal Outline of cryptography

Symmetric-key algorithm Block cipher Stream cipher Public-key cryptography Cryptographic hash function Message authentication code Random numbers Steganography

Read more about this topic: Related-key Attack

Famous quotes containing the words preventing and/or attacks:

“In a language known to us, we have substituted the opacity of the sounds with the transparence of the ideas. But a language we do not know is a closed place in which the one we love can deceive us, making us, locked outside and convulsed in our impotence, incapable of seeing or preventing anything.”
—Marcel Proust (1871–1922)

“The gray glaze of the past attacks all know-how....”
—John Ashbery (b. 1927)