Fourth Generation (4G) cellular communications are presently being introduced to replace the current Third Generation (3G) technologies. Three major wireless communication systems can be generally classified into two categories: (1) IEEE 802.11 wireless link; and (2) 4G cellular systems which have competing candidates, namely LTE (Long Term Evolution) and WiMAX (i.e., IEEE 802.16m). Security is needed to ensure that the systems are properly functioning and to prevent misuse. In particular, encryption and authentication are crucial security mechanisms to guarantee user's privacy, as well as to block unauthorized use or access and protect revenue for mobile network operators.
Both IEEE 802.11 and WiMAX employ Advanced Encryption Standard (AES) in counter mode as a stream cipher for encryption, while LTE has two stream cipher candidates: Snow 3G and ZUC for the communication protection. However, when mobile devices become integrated platforms for various applications such as integrated sound, video, graphics or GPS data, the mobile devices become susceptible to critical physical layer attacks. Furthermore, the mobile devices become vulnerable to side-channel attacks which can be launched to hack the mobile devices. These types of attacks are independent of the security strength of the underline cryptographic algorithms.
Besides the potential for physical layer attacks, the confidentiality and integrity algorithms specified in the Third Generation Partnership Project (3GPP for short) are less efficient in terms of bandwidth efficiency, throughput and processing efficiency, storage, and power consumption, due to the complicated algorithm architecture. More importantly, the security of those cryptographic algorithms is difficult to analyze. Both stream ciphers Snow 3G and ZUC specified in 3GPP can only guarantee the period of the generated keystream. The aforementioned disadvantages may leave the doubt the security of Snow 3G and ZUC when used in 4G networks.
In a related field, with the advent of pervasive computing, various smart devices such as RFID tags, key fobs, and smart meters are becoming ubiquitous and impacting people's lives in significant ways. Their numerous applications range from access control and supply-chain management, to home automation and healthcare. Since a multitude of applications involve processing of sensitive personal information like health or biomedical data, the need for integrating cryptographic functions into embedded applications has risen significantly.
Unfortunately, these pervasive smart devices usually have extremely constrained resources in terms of computational capabilities, memory, and power supply. Hence, classical cryptographic primitives designed for full-fledged computers may not be suited for resource-constrained smart devices. Moreover, the tight cost constraints inherent in mass deployments of smart devices also bring forward impending requirements for designing new cryptographic primitives that can perform strong authentication and encryption, and provide other security functionalities for low-power applications.
A key issue of designing lightweight cryptographic algorithms is to deal with the trade-off among security, cost, and performance. When compared to asymmetric ciphers, symmetric ones are more preferable for smart devices with respect to the performance and power consumption. A host of lightweight symmetric ciphers that specifically target resource-constrained smart devices have been published in the past few years. These previous proposals can be roughly divided into the following three categories: (1) Highly optimized and compact hardware implementations for standardized block ciphers such as AES and IDEA; (2) Modifications of a classical block cipher like DES for lightweight applications; and (3) Low-cost designs, including lightweight block ciphers such as HIGHT, mCrypton, SEA, PRESENT and KATAN and KTANTAN, as well as lightweight stream ciphers such as Grain and Trivium.
While both stream ciphers Grain and Trivium can achieve relatively good performance in terms of hardware implementation, Grain can only guarantee a lower bound of periods of the generated keystreams, and Trivium does not possess any determined randomness properties by design. Those disadvantages leave doubt about the security of current stream ciphers such as Grain and Trivium, and limit their applications in practice. Moreover, both Grain and Trivium can be implemented relatively efficiently only in hardware, which may not be desirable for those embedded applications using low-power microcontrollers.
What is needed are improved methods, systems and apparatus for generating keystreams with cryptographically strong properties which address at least some of the limitations of the prior art.