A Novel Approach to combine Public-key encryption with Symmetric-key encryption

Transcription

1 Volume 1, No. 4, June 2012 ISSN The International Journal of Computer Science & Applications (TIJCSA) RESEARCH PAPER Available Online at A Novel Approach to combine Public-key encryption with Symmetric-key encryption Reena Sharma (Assistant Professor) Doon Velley Institute of Engg. & Tech. Karnal, Haryana er.sharma.reena@gmail.com ABSTRACT: P2P computing can be defined as the sharing of computer resources and services by direct exchange. P2P computing provides an alternative to the traditional client/server architecture, while employing the existing infrastructure of networks, servers, and clients. Security within network architectures is mainly a question about trust. The security solutions must be well organized so all participating entities will have faith in the security solutions. P2P is an application that runs on our computer and allows us to share files. File-sharing over P2P networks also puts the user at risk for computer viruses attached to the shared files. The security issues are especially important in peer-to-peer systems. It is because these systems are decentralized and no central administrator is responsible for the security issues. Secure data has to be protected during the transfer, if it is going to be sent to some other location. There are mainly two approaches used for authentication and encryption within a network. One approach uses symmetric algorithms with shared private keys and the other approach uses asymmetric algorithms with public keys. In this paper we are providing a novel approach to combine symmetric/public key encryption. In this paper we study the implementation of a secure application for both user and the employee. The primary focus of this paper is to provide a theoretical implementation of a new architecture for encrypting the database by combining the public key encrypton with symmetric key encryption. KEYWORDS: Data Encryption Standard, Rijndael Algorithm, Symmetric Encryption. Key Algorithm, Public Key INTRODUCTION: In this paper we have purposed a novel approach architecture for authentication in peer-to-peer networks by combining the public key encryption and secret keys encryption together. Using this concept for a new authentication mechanism we can provide an extreme secure environment by appropriately combining the symmetric key algorithms with the public key algorithms. We will also explain the public key and secret key algorithms and combine these algorithms to minimize the execution time and maximize the security. 2012, - TIJCSA All Rights Reserved 8

2 SECURITY: Security within network architectures is mainly a question about trust.the security issues are especially important in peer-to-peer systems. It is because these systems are decentralized and no central administrator is responsible for the security issues. In the P2P environment where every peer acts both as a client and a server, most of the users do not have any experience of how to support, run, or configure a server. This can open huge security holes in a system. PROPOSED CONCEPT: Here we are presenting a novel approach to combine the public key encryption with symmetric key encryption. The primary focus is to provide a theoretical implementation of a new architecture for encrypting the database. Major services offered by the intended application to both user and the employee are as follows: - Flexibility that it gives ability to add/delete users, services, employee, and documents. - Flexibility to change passwords. The secure application provides highly transparent environment to its users. There should be minimal input from the user due to security features. - The proposed application ensures that an administrator should not be able to decrypt the documents. - Recovery of documents is one of the key features that the proposed application offers is the forgotten passwords. In other words, the secure application makes sure that if a user forgets his/her password, they should not completely lose their documents. - Finally we design and develop this secure application by assuming that the communication is not secure at all. SECURITY MEASURES: One of the major objectives of the targeted secure application is to provide secure storage of the employee documents as well as maintaining authorized access to the documents for the authorized users. In order to maintain this level of security, there is a need to design a strong and secured application that let the documents of the employee being kept secret by implementing data Integrity and confidentiality as well as making the documents partially shared or available [LC08]. Our design approach, therefore, implements a complete line of defensive authentication and authorization cryptographic standards to protect the data and to maintain its integrity while at the same time making it available for the authorized users. In particular, in order to design and implement such a secured application, the following are the minimum key security-elements that should be addressed by us: User authentication and Authorization, Access Availability, Data encryption and decryption, Data integrity, and Document Accountability. Figure 1. shows the implementation of the above five security components for both employee as well as the users. Our proposed application uses the Rijndael cipher algorithm to perform data encryption and decryption. The key sharing will be secured by the implementation of the public key algorithm, RSA. The use of Rijndael cipher algorithm allows us to store the data in a compressed encrypted form which consequently results in a small-size database. Moreover, we combine the secure hash algorithm 1 (SHA1) [SS09] with the RSA (which stands for Rivest, Shamir and Adleman who first publicly described it) public key algorithm to generate the digital signature 2012, - TIJCSA All Rights Reserved 9

3 for user authentication. Previously, there were several attempts to combine the RSA algorithm with the other security mechanism to provide a fast and secure implementation. For instance, number of researchers combined RSA algorithm with the Chinese remainder theorem (CRT) [JM03, DW04]. However, none of them described the implementation detail of these algorithms. The goal of our research work is to provide an extreme secure environment by appropriately combining the secret key algorithms with the public key algorithms. KEY CLASSIFICATION: The terminology of Table 1 is used in reference to keying material. A symmetric cryptographic system is a system System Administrator Entity Employee Entity Services Offered User Entity Employee can assign document to courses Document Encryption/ Decryption Database Users can access Course documen t (Figure 1) involving two transformations one for the originator and one for the recipient both of which make use of either the same secret key (symmetric key) or two keys easily computed from each other. An asymmetric cryptographic system is a system involving two related transformations one defined by a public key (the public transformation), and another defined by a private key (the private transformation) with the property that it is computationally infeasible to determine the private transformation from the public transformation. SYMMETRIC KEY/PUBLIC KEY ENCRYPTION: Symmetric-key and public-key encryption have a number of complementary advantages. Current cryptographic systems exploit the strengths of each. An example will serve to illustrate. Public-key encryption techniques may be used to establish a key for a symmetric-key system being used by communicating entities A and B. In this scenario A and B can take advantage of the long term nature of the public/private keys of the public-key scheme and the performance efficiencies of the symmetric-key scheme. Since data encryption is frequently the most time consuming part of the encryption process, the public-key scheme for key establishment is a small fraction of the total encryption process between A and B. SYMMETRIC ENCRYPTION: 2012, - TIJCSA All Rights Reserved 10

4 In this type of encryption, the sender and the receiver agree on a secret (shared) key. Then they use this secret key to encrypt and decrypt their sent messages. For the process of symmetric cryptography, Node A and B first agree on the encryption technique to be used in encryption and decryption of communicated data. Then they agree on the secret key that both of them will use in this connection. After the encryption setup finishes, node A starts sending its data encrypted with the shared key, on the other side node B uses the same key to decrypt the encrypted messages. SECRET KEYS: Early cryptographic systems used secret key methods for encoding private data. Secret key cryptography depends on the use of private keys for authentication and encryption. Two parties have to exchange secret keys with each other over some private, secure communications channel, and these keys are used to encode and decode messages. The basis for the security of the system is the secret key itself, but the secret key must be given to any agent that needs to communicate securely with you. This opens up the possibility of keys being stolen in transit, and finding a separate, secure way to transmit secret keys may be inconvenient, expensive, or just impossible. PUBLIC KEY ENCRYPTION: Public key encryption is the other type of encryption where two keys are used. To explain more, what Key1 can encrypt only Key2 can decrypt, and vice versa. It is also known as Public Key Cryptography (PKC), because users tend to use two keys: public key, which is known to the public, and private key which is known only to the user. For the process of public key encryption we use the two keys between node A and node B. After agreeing on the type of encryption to be used in the connection, node B sends its public key to node A. Node A uses the received public key to encrypt its messages. Then when the encrypted messages arrive, node B uses its private key to decrypt them. In 1976, Diffie and Hellman [DW76] published a paper describing a means for two parties to share cryptographic keys over a public communications channel without compromising the security of their private transmissions. Essentially, the technique involves the use of two keys by each party, a private key and a public key. A message encrypted with one party's public key can only be decrypted with that party's private key. PUBLIC KEYS: At the start of a conversation, two parties independently choose random private keys, which they keep to themselves. Then they generate a public key that is based on their private key. This public key can be freely shared with anyone, and can be used to encrypt messages to the party that owns the corresponding private key. Term private key, public key symmetric key Secret key Meaning Paired keys in an asymmetric cryptographic system key in a symmetric (singlekey) cryptographic system Adjective used to describe private or symmetric key Table 1: Private, public, Symmetric, and Secret keys. 2012, - TIJCSA All Rights Reserved 11

5 PUBLIC KEY ALGORITHM: Public key algorithms use a different key for encryption and decryption, and the decryption key cannot (practically) be derived from the encryption key. Public key methods are important because they can be used to transmit encryption keys or other data securely even when the parties have no opportunity to agree on a secret key in private. All known methods are quite slow, and they are usually only used to encrypt session keys (randomly generated "normal" keys), that are then used to encrypt the bulk of the data using a symmetric cipher. RSA (Rivest-Shamir-Adelman): is the most commonly used public key algorithm. Can be used both for encryption and for signing. It is generally considered to be secure when sufficiently long keys are used (512 bits is insecure, 768 bits is moderately secure, and 1024 bits is good). The security of RSA relies on the difficulty off actoring large integers. Dramatic advances in factoring large integers would make RSA vulnerable. RSA is currently the most important public key algorithm. It is patented in the United States (expires year 2000), and free elsewhere. This is the most widely used public key algorithm. It is relatively easy to understand and implement.one should know that RSA is very vulnerable to Chosen paint attack. There is also a new timing attack. that can be used to break many implementations of RSA. The RSA algorithm is believed to be safe when used properly, but one must be very careful when using it to avoid these attacks The RSA algorithm, named for its creators Ron Rivest, Adi Shamir, and Leonard Adleman, is currently one of the favorite public key encryption methods. Here is the algorithm: Key generation: o Select random prime numbers p and q, and check that p!= q o Compute modulus n = pq o Compute phi ф,= (p - 1)(q - 1) o Select public exponent e, 1 < e < ф such that gcd(e, ф) = 1 o Compute private exponent d = e - 1 mod ф o Public key is {n, e}, private key is d Encryption: c = m e mod n, decryption: m = c d mod n Digital signature: s = H(m) d mod n, verification: m' = s e mod n, if m' = H(m) signature is correct. H is a publicly known hash function. Diffie-Hellman: is a commonly used public-key algorithm for key exchange. It is generally considered to be secure when sufficiently long keys and proper generators are used. The security of Diffie-Hellman relies on the difficulty of the discrete logarithm problem (which is believed to be computationally equivalent to factoring large integers). Diffie-Hellman is claimed to be patented in the United States, but the patent expires April 29, There are also strong rumors that the patent might in fact be invalid (there is evidence of it having been published over an year before the patent application was wiled). There is also a new timing attack that can be used to break many implementations of Diffie-Hellman. DSS (Digital Signature Standard): A signature-only mechanism endorsed by the United States Government. Its design has not been made public, and many people have found potential problems with it (e.g., leaking hidden data the signature, and revealing your secret key if you ever happen to sign two different messages using the same random number). It was recently patented by the US government, and there is also another patent on it, which is licensed at an initial payment of USD plus royalties in US and Europe. 2012, - TIJCSA All Rights Reserved 12

6 SECRET KEY ALGORITHM: Secret key algorithms use the same key for both encryption and decryption (or the other is easily derivable from the other). DES (Digital Encryption Standard): is an algorithm developed in the 1970s. It was made a standard by the US government, and has also been adopted by several other governments worldwide. It is widely used, especially in the financial industry. DES is a block cipher with 64-bit block size. It uses 56-bit keys. DES utilized symmetric-key (or private-key) encryption, in which the sender and receiver of a message share a single, common key that is used to encrypt and decrypt the message. The key is a string of digits that has been generated by a complex mathematical algorithm, or formula. Private-key encryption differs from public-key encryption, which utilizes two keys a public key to encrypt messages and a private key to decrypt them. Private-key systems are simpler and faster, but their main drawback is that both parties must somehow exchange the key in a secure manner. Public-key encryption avoids this problem because the public key can be distributed in a non-secure way, and the private key is never transmitted. In the former case, secrecy is shared between only two users, whereas in the latter, the public key is a more or less an "open secret." Thus, public-key encryption requires many more bits to rival private-key systems' level of protection. This form of encryption is fairly computer intensive, so what sometimes is done is to encrypt a one-time "secret key" with RSA technology, then encrypt the rest of the message with the secret key, then encrypt my signature in the second fashion. You then reverse this process so if the message and the signature are readable, you and only you can read it and you are ensured that I sent the message. Public key cryptography, when it's extended to include certificates for authenticating the owner of public keys, is a powerful way to authenticate agents and carry out secure communications with them. And we can carry out secure communications without the need for secondary, private channels for secret key transmissions. The main disadvantage to public key methods is the additional overhead involved in encoding and decoding information. Since it relies on a more complex mathematical algorithm, secure public key I/O involves using more CPU time per kilobyte of data transferred and received. Our proposed application (figure-2) uses the Rijndael cipher algorithm to perform data encryption and decryption. The key sharing will be secured by the implementation of the public key algorithm, RSA. The use of Rijndael cipher algorithm allows us to store the data in a compressed encrypted form which consequently results in a smallsize database. Moreover, we combine the secure hash algorithm 1 (SHA1) [SS09] with the RSA (which stands for Rivest, Shamir and Adleman who first publicly described it) public key algorithm to generate the digital signature for user authentication. Previously, there were several attempts to combine the RSA algorithm with the other security mechanism to provide a fast and secure implementation. For instance, number of researchers combined RSA algorithm with the Chinese remainder theorem (CRT) [JM03, DW04]. However, none of them described the implementation detail of these algorithms. The goal of our research work is to provide an extreme secure environment by appropriately combining the secret key algorithms with the public key algorithms. CONCLUSION: 2012, - TIJCSA All Rights Reserved 13

7 Combining these algorithms allows us to minimize the execution time (e.g., using private key algorithm such as DES rather than public key algorithm such as RSA) and maximize the security (e.g., using public key algorithm to avoid the use a secret key). For instance, RSA is about 1000 times slower than DES. This is partly a result of the fact that secure key lengths for public key algorithms are about 100 times longer than comparable-strength symmetric keys [KY09]. It is also a result of the fact that the mathematical operations required to implement the popular flavours of public-key encryption are much more complicated than those required for popular symmetrickey algorithms.using this concept for a new authentication mechanism we can provide an extreme secure environment by appropriately combining the symmetric key algorithms with the public key algorithms. The public key and secret key algorithms have been explained above and combining these algorithms allows us to minimize the execution time and maximize the security. (Figure-2) Block diagram to combine Public key Encryption with Symmetric key encryption. Users: employee or/and users Username Password Derived Bytes Algorithm Message (M) M KEY (K) IV HASH: SHA1 Algorithm Uses the Key (K) to encrypt the message (M) Encryption Rijndael Algorithm Message Digest (MD) (Generating public, private & secret key) Encrypted Message IV KEY (K) Digital Signature RSA & DES Algorithm Secret Key, Private key & Public Key MD Receiver Rijndael Algorithm & DES Algorithm SHA1 Algorithm Digital Signature (DS) Message Digest (MD) Message Digest (MD) = 2012, - TIJCSA All Rights Reserved 14

8 REFERENCES: [DW76] Diffie, W., and Hellman, M. New Directions in Cryptography. IEEE Trans. Info. Theory 22 (1976), [JV02] J. Daemen and V. Rijmen. The Design of Rijndael: AES The Advanced Encryption Standard [JM03] J. Blömer, M. Otto, J. Seifert. A new CRT-RSA algorithm secure against bellcore attacks. Proceedings of the 10th ACM Conference on Computer and Communications Security, pp , Washington D.C., USA, October [ DW04] D. Wagner. Cryptanalysis of a provably secure CRT-RSA algorithm. Proceedings of the 11th ACM conference on Computer and communications security, pp , Washington D.C., USA, [LC08] L. Catuogno and A. Santis. An internet role-game for the laboratory of network security course. Proceedings of the 13th annual conference on Innovation and technology in computer science education, pp , June [JB09] Jalpa Bani and Syed S. Rizvi. A New Dynamic Cache Flushing (DCF) Algorithm for reventing Cache Timing Attack. International Journal of Computer Science and Information Security (IJCSIS). Vol. 4, No.1, pp , [SS09] S. Sanadhya and P. Sarkar. A new hash family obtained by modifying the SHA-2 family. Proceedings of the 4th International Symposium on Information, Computer, and Communications Security, pp , Sydney, Australia, [KY09] K. Yumbul and E. Savas. Efficient, secure, and isolated execution of cryptographic algorithms on a cryptographic unit. Proceedings of the 2nd international conference on Security of information and networks, pp , Famagusta, North Cyprus, [SA09] Syed S. Rizvi, Aasia Riasat, Khaled M. Elleithy. Combining private and public key encryption techniques, International journal of network security & its application (IJNSA), Vol.2, No.1, , - TIJCSA All Rights Reserved 15