Related-key Attack - Preventing Related-key Attacks

Preventing Related-key Attacks

One approach to preventing related-key attacks is to design protocols and applications so that encryption keys will never have a simple relationship with each other. For example, each encryption key can be generated from the underlying key material using a cryptographic hash function or other key derivation function.

For example, a replacement for WEP, Wi-Fi Protected Access (WPA), uses three levels of keys: master key, working key and RC4 key. The master WPA key is shared with each client and access point and is used in a protocol called TKIP to create new working keys frequently enough to thwart known attack methods. The working keys are then combined with a longer, 48-bit IV to form the RC4 key for each packet. This design mimics the WEP approach enough to allow WPA to be used with first-generation Wi-Fi network cards, some of which implemented portions of WEP in hardware. However, not all first-generation access points can run WPA.

Another, more conservative approach is to employ a cipher designed to prevent related-key attacks altogether, usually by incorporating a strong key schedule. A newer version of Wi-Fi Protected Access, WPA2, uses the AES block cipher instead of RC4, in part for this reason. There are related-key attacks against reduced-round AES, but unlike those against RC4, they're far from practical to implement, and WPA2's key generation functions may provide some security against them. Many older network cards cannot run WPA2.

Block ciphers (security summary)
Common
algorithms
  • AES
  • Blowfish
  • DES
  • Triple DES
  • Serpent
  • Twofish
Less common
algorithms
  • Camellia
  • CAST-128
  • IDEA
  • RC2
  • RC5
  • SEED
  • Skipjack
  • TEA
  • XTEA
Other
algorithms
  • 3-Way
  • Akelarre
  • Anubis
  • ARIA
  • BaseKing
  • BassOmatic
  • BATON
  • BEAR and LION
  • CAST-256
  • CIKS-1
  • CIPHERUNICORN-A
  • CIPHERUNICORN-E
  • CLEFIA
  • CMEA
  • Cobra
  • COCONUT98
  • Crab
  • Cryptomeria/C2
  • CRYPTON
  • CS-Cipher
  • DEAL
  • DES-X
  • DFC
  • E2
  • FEAL
  • FEA-M
  • FROG
  • G-DES
  • GOST
  • Grand Cru
  • Hasty Pudding cipher
  • Hierocrypt
  • ICE
  • IDEA NXT
  • Intel Cascade Cipher
  • Iraqi
  • KASUMI
  • KeeLoq
  • KHAZAD
  • Khufu and Khafre
  • KN-Cipher
  • Ladder-DES
  • Libelle
  • LOKI97
  • LOKI89/91
  • Lucifer
  • M6
  • M8
  • MacGuffin
  • Madryga
  • MAGENTA
  • MARS
  • Mercy
  • MESH
  • MISTY1
  • MMB
  • MULTI2
  • MultiSwap
  • New Data Seal
  • NewDES
  • Nimbus
  • NOEKEON
  • NUSH
  • PRESENT
  • Q
  • RC6
  • REDOC
  • Red Pike
  • S-1
  • SAFER
  • SAVILLE
  • SC2000
  • SHACAL
  • SHARK
  • SMS4
  • Spectr-H64
  • Square
  • SXAL/MBAL
  • Threefish
  • Treyfer
  • UES
  • Xenon
  • xmx
  • XXTEA
  • Zodiac
Design
  • Feistel network
  • Key schedule
  • Product cipher
  • S-box
  • P-box
  • SPN
Attack
(cryptanalysis)
  • Brute force
  • MITM
  • Linear
  • Differential (Impossible
  • Truncated
  • Higher-order)
  • Integral
  • Boomerang
  • Mod n
  • Related-key
  • Slide
  • Rotational
  • Timing
  • XSL
  • Interpolation
  • Partitioning
  • Davies'
Standardization
  • AES process
  • CRYPTREC
  • NESSIE
Misc
  • Avalanche effect
  • Block size
  • Initialization vector
  • Key size
  • Modes of operation
  • Padding
  • Piling-up lemma
  • Weak key
  • EFF DES cracker
  • Key whitening
Stream ciphers
Widely used ciphers
  • RC4
  • Block ciphers in stream mode
eSTREAM Portfolio
Software
  • HC-256
  • Rabbit
  • Salsa20/12
  • SOSEMANUK
Hardware
  • Grain
  • MICKEY
  • Trivium
Other ciphers
  • A5/1
  • A5/2
  • E0
  • FISH
  • ISAAC
  • MUGI
  • Panama
  • Phelix
  • Pike
  • Py
  • QUAD
  • Scream
  • SEAL
  • SNOW
  • SOBER
  • SOBER-128
  • VEST
  • WAKE
Theory
  • Shift register
  • LFSR
  • NLFSR
  • Shrinking generator
  • T-function
  • IV
Attacks
  • Correlation attack
  • Correlation immunity
Cryptography
  • History of cryptography
  • Cryptanalysis
  • Cryptography portal
  • Outline of cryptography
  • Symmetric-key algorithm
  • Block cipher
  • Stream cipher
  • Public-key cryptography
  • Cryptographic hash function
  • Message authentication code
  • Random numbers
  • Steganography

Read more about this topic:  Related-key Attack

Famous quotes containing the words preventing and/or attacks:

    After the earthquake, which had destroyed three-quarters of Lisbon, the country’s wise men had found no more efficacious means of preventing total ruin than to give the people a fine auto-da-fé.
    Voltaire [François Marie Arouet] (1694–1778)

    The rebel, unlike the revolutionary, does not attempt to undermine the social order as a whole. The rebel attacks the tyrant; the revolutionary attacks tyranny. I grant that there are rebels who regard all governments as tyrannical; nonetheless, it is abuses that they condemn, not power itself. Revolutionaries, on the other hand, are convinced that the evil does not lie in the excesses of the constituted order but in order itself. The difference, it seems to me, is considerable.
    Octavio Paz (b. 1914)