hybrid cryptographic algorithm for robust network security

8/8/2019 Hybrid Cryptographic Algorithm for Robust Network Security

1/6

Hybrid Cryptographic Algorithm for Robust Network Security

Janakiraman V S, Ganesan R, Gobi MDepartment of Computer Science and Applications, PSG College of Arts and Science,

Avinashi Road, Coimbatore 641 [email protected], [email protected], [email protected]

AbstractIt is widely recognized and accepted that data security

will play a crucial and critical role in modern times forbusinesses will be transacted over the Internet through e-commerce and m-commerce channels. To address thesesecurity concerns, various security protocols that are ofsymmetric-key and asymmetric-key type have beendeveloped. In this paper, we present a softwareimplementation of a hybrid algorithm that combines boththe symmetric key algorithm of AES and the asymmetric-key algorithm of Elliptic Curve Cryptography (ECC).

This hybrid algorithm that has been implemented alsoconsiders takes care of the integrity of data using MD5algorithm. The paper also presents future trends ofresearch.

Keywords: Authenticity, Integrity, Non-Reputability, Advanced Encryption Standard (AES), Elliptic CurveCryptosystems (ECC), Message Digest version 5 ( MD5),Symmetric Key, Asymmetric Key

1. IntroductionE-commerce and m-commerce transactions are growingat an explosive rate. The success of these depends on

how transactions are carried out in the most securedmanner. The prime requirements for any e-commerce andm-commerce transactions are Privacy, Authentication,Integrity maintenance and Non-Repudiation.

Cryptography helps us in achieving these primerequirements. Today, various cryptographic algorithmshave been developed. These are broadly classified as

symmetric key (DES, TDES, Blowfish, CAST, IDEA,RC4, RC6, AES) and asymmetric key (RSA, ECC)algorithms. In this paper, we present an hybrid algorithmfor enhanced network security.

The organization of the paper is as follows. In section 2,

we present the basics of symmetric key encryptiontechniques and describe the AES algorithm in detail. Insection 3 we explain the essentials of asymmetric keyencryption techniques. Elliptic Curve Cryptography is

described in section 4. In section 5, the hybrid algorithmis presented. We conclude the paper with directions for

future research. Appendix A, B & C provides thealgorithms for an ECC, AES and MD5 respectively.

2. Symmetric-Key Encryption TechniquesIn any symmetric-key encryption technique, both

encryption and decryption process are carried out using asingle key. These algorithms are efficient, are secure,execute at high speeds, and consume less computerresources of memory and processor time.However, symmetric key cryptographic techniques sufferfrom the disadvantages of Key distribution problem, Key

management problem and inability to digitally sign amessage. (Schneier [13], Stallings [14]).Despite these drawbacks, numerous secure symmetrickey encryption algorithms such as DES, TDES, Blowfish,

CAST, IDEA, RC4, and RC6 have been developed. Inrecent times, National Institute of Standards (NIST)

selected Rijndael algorithm as the Advanced EncryptionStandard (AES). Details on various symmetric keyalgorithms including AES can be had from (Schneier [13],Stallings [14]).

3. Asymmetric Key Encryption TechniquesThe problems associated with symmetric-key

cryptographic techniques were solved when asymmetricencryption mechanism was implemented. Here, insteadof a single key, every person has a pair of keys. One key,called the public key is known to everyone and the other

one, the private key is known only to the owner. There isa mathematical relationship between both these keys.Thus, if any message m is encrypted using any of the

key, it can be decrypted by the other portion. Variousasymmetric encryption algorithms (RSA, Elgamal) have been implemented. Details on the working ofasymmetric encryption techniques can be had fromSchneier [13], Stallings[14].Asymmetric encryption algorithms are broadly divided

into three families:1. Algorithms based on the integer factorization

problem (e.g. RSA)2. Algorithms based on the discrete logarithm problem

(e.g. DLP)3. Algorithms based on Elliptic Curves

ICGST- CNIR, Volume (7), Issue (I), July 2007

33


2/6

Despite these differences, one thing that is commonamong all these three families is that they all performextensive and complex operations on numbers, typicallymodular exponentiation

4. Elliptic Curve Cryptosystems (ECC)An elliptic curve E over a field F is defined by the

Weierstrass equation:

E/F:y2 + a1xy + a3y = x

3 + a2x2 + a4x + a6 with a1, a2, a3,

a4, a6 F.Mathematical operations involving elliptic curves includeaddition of two points, scalar multiplication, determiningthe inverse of a given point on the curve.The two most common choices for implementation ofECC are:

1. Galois Field GF(2m), also known as characteristictwo or even (containing 2

melements, where m is an

integer greater than one). In this case, equation (1)

becomes E/F: y2+xy=x

3+ax+b where a and b F,

b

0 together with a point at infinity2. Galois Field GF(p), also known as integers modulo p,

odd, or odd prime (containing p elements, where p is

an odd prime number). In this case, equation (1) can be simplified to the form E/F : y

2= x

3+ ax + b

where a and b F and 4a3 + 27b2 0 togetherwith a point at infinity()

An important characteristic of elliptic curves is that the points on the elliptic curves form a group. Details onECC can be had from Blake [1], Cohen [3], Enge [5],Hankerson [6], Koblitz [9], Menezes [10], Menezes [11],Rosing [12], Washington [16].Various researchers (Certicom[2], DeWin [4]) have

proved that ECC requires more time to break ascompared to RSA and DSA. Certicom[2] summarizes the

results of their study as: ECC provides greater efficiencythan either integer factorization systems or discretelogarithm systems, in terms of computational overheads,key sizes, and bandwidth. In implementations, thesesavings mean higher speeds, lower power consumption,and code size reductions. ECC has been accepted as a

standard by various bodies. Some of them are ANSI(American National Standards Institute), FIPS (FederalInformation Processing Standards), IEEE P1363(Institution of Electrical & Electronic Engineers), andWAP (Wireless Application Protocol).In this work, we have adopted GF(p) and have

implemented the system.

5. Hybrid Algorithm Combining AES &

ECCThe algorithm we present here combines the best features

of both symmetric and asymmetric encryption techniques.The data (plain text) that is to be transmitted is encryptedusing the AES algorithm. Details on AES can be hadfrom [7] and [15]. The AES key which is used to encryptthe data is encrypted using ECC. The cipher text of themessage and the cipher text of the key are then sent to the

receiver.

To ensure integrity of the data that is transmitted, the datais subjected to MD5 hash algorithm. The message digest

obtained by this process is also encrypted using ECCtechnique. Thus the sender sends a) Cipher text of themessage, b) Ciphertext of the AES key, and c) Ciphertext

of the message digest. The receiver upon receivinga) Cipher text of the message, b) Ciphertext of the AESkey, and c) Ciphertext of the message digest, firstdecrypts the Ciphertext of the AES key to obtain the AESkey. This is then used to decrypt the cipher text of themessage to obtain the plain text. The plaintext is again

subjected to MD5 hash algorithm. This process yields amessage digest. The ciphertext of the message digest isdecrypted using ECC technique to obtain the messagedigest sent by the sender. This value is compared with thecomputed message digest. If both of them are equal, themessage is accepted else rejected. Figure 1 shows the

sequence of operation. This hybrid algorithm is acombination of symmetric and asymmetric encryption

techniques.

6. Implementation Details

The entire implementation was carried out in Java 2,Standard Edition (J2SE) v 1.4.0.J2SE has the built-in classes for AES, and MD5. Theseclasses are available in the Java packages of java.security,

javax.crypto, javax.crypto.spec. Details on java securityarchitecture can be had from [8].The code uses these packages and the header files havethe following header.

import java.security.*;

import javax.crypto.*;

import javax.crypto.spec.*;

import java.io.*;

We developed methods in Java for elliptic curvegeneration, base point generation, keys (both public andprivate) generation and encryption and decryption usingElGamal method.

We also used the Java class of BigInteger to handle largeintegers and the method of IsProbablePrime to determinewhether the large integer is prime or not. The softwarewas running on Celeron machine @ 1.0 Ghz and 256 MBRAM.

7. ResultsWe tested this hybrid algorithm on a test data of various

sizes. Table 1 provides details on the time taken forencryption, decryption and calculation of MD5 messagedigest process. Table 2 provides information onEncryption & Decryption of 128 bit AES key and MD5message digest using ECC. Figure 2 & 3 gives the

graphical output of the results.

Table 1: Time in milliseconds for 128 bit AES encryptionand decryption and calculation of MD5 message digest

FileSize

128 bitAES

Encryption

128 bitAES

Decryption

MD5MessageDigest

50Kb 1902 1987 1364

100Kb 2275 2543 1505

150Kb 3572 3427 1632


34


3/6

Message

AES KeEncr tion

Ciphertext ofthe message

ECCtechnique

Ciphertext of the AES keyCiphertext of the message

Ciphertext of Message Digest

SENDERS SIDE

RECEIVERS SIDE Ciphertext of the AES keyCiphertext of the message

Ciphertext of the Message Digest

ElGamalDecryption

Ciphertext ofthe AES key

AES KeyCiphertext ofthe message

DecryptionMessage

Transmitted to the receiver

MD5 Hashin

ElGamal Encryptionof Message Digest

ECCTechnique

ECCTechnique

Ciphertext of

MessageDigest

ElGamal Decryption

Message Digest

MD5HashingMessa e Di est

COMPAREAccept if same. Else reject.

ElGamalEncryption

Figure 1 : Sequence of operations


35


4/6

26

28

30

32

34

36

Time (in

Milliseconds)

Encryption Decryption

Run Time Analysis of ECC

AES key (128 Bit)

MD5 Hashing

Runtime Analysis of ECC

Run Time Analysis of AES and MD5

0

500

1000

1500

2000

2500

3000

3500

4000

50Kb 100Kb 150Kb

File Size (in Kb)

Time(inMilliseconds)

Encryption (Time inMilliSec.)

Decryption (Time in

MilliSec.)

Message Digest

(MD5) Generated(Time in MilliSec.)

Runtime anal sis of AES and MD5

Table 2: Encryption & Decryption of 128 bit AES keyand MD5 message digest using ECC

Encryption Decryption

128 bit AES key 30 34

MD5 Messagedigest of theCiphertext

32 36

Figure 2: Runtime analysis of AES and MD5

Figure 3: Runtime analysis of ECC

8. AnalysisWith any cryptographic system dealing with 128 bit key,

the total number of combination is 2128

. The time

required to check all possible combinations at the rate of

rate 50 billion keys/second is approximately 5 x 1021

years.Stallings [14] states that the computational complexityfor breaking the elliptic-curve cryptosystem for an

elliptic curve key size of 150 bits is 3.8 x 1010

MIPS

(Million Instructions Per Second years). Moreover, therecommended key sizes as per National Institute ofStandards Technology are given in Table 3

Table 3: NIST Recommended Key Sizes

Symmetric Key

Size (bits)

RSA

Key Size (bits)Elliptic Curve

Key Size

(bits)

80 1024 160

112 2048 224128 3072 256

192 7680 384

256 15360 521

From table 3 it is clear that ECC fairs better than RSA interms of security.

9. ConclusionIn this paper, we have designed and implemented ahybrid algorithm in Java combining the best of bothsymmetric (AES) and asymmetric (ECC over GF(p))

methodologies. We have tested the algorithm for varioussizes of files. To ensure integrity of the data, we haveadopted the MD5 hash algorithm.In this framework, we have adopted a probabilistic

primality checking (isProbablePrime() in Java) todetermine whether the given number is prime or not. Todetermine whether the given number is prime or not, onehas to use AKS algorithm which is deterministic in

nature. The main limiting factor in AKS algorithm is theoverhead it puts on computation in terms of time and processor speed. To illustrate, for a 7 digit number,researches have indicated that AKS algorithm takes about20 hours whereas Rabin-Miller gives its verdict in less

than a second.

10. References

[1] Blake I, G. Seroussi and N. Smart (eds).Advances in Elliptic Curve Cryptography ,Cambridge University Press, 2005

[2] Certicom whitepaper, Remarks on the Securityof the Elliptic Curve Cryptosystem.. September

1997.http://www.certicom.com/research/wecc3.html

[3] Cohen H , Gerhard Frey, Handbook of Ellipticand Hyper-elliptic curve Cryptography,

Chapman & Hall /CRC, NW, FL, 2006[4] DeWin E , S. Mister, B. Preneel, and M. Wiener.

On the Performance of Signature SchemesBased on Elliptic Curves. In J. P. Buhler, editor,

Algorithmic Number Theory: ThirdInternational Symposium (ANTS 3), volumeLNCS 1423, pages 252-266. Springer-Verlag,June 21-25 1998.

[5] Enge A , Elliptic Curves and Their Applicationsto Cryptography: An Introduction, Kluwer

Academic Publishers, Norwell, MA, USA,,1999.[6] Hankerson D, Alfred Menezes, and Scott

Vanstone, Guide to Elliptic Curve Cryptography,

Springer-Verlag Professional Computing Series,New York, 2004.

[7] http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf

[8] http://java.sun.com/j2se/1.3/docs/guide/security/CryptoSpec.html

[9] Koblitz N , Algebraic aspects of cryptography,Springer-Verlag Professional Computing Series,New York, 1998

[10]Menezes A J, P. C. van Oorschot, and S. A.Vanstone. Handbook of Applied Cryptography.

CRC Press, Boca Raton, Florida, USA, 1997.[11]Menezes. A, Elliptic curve public key

cryptosystems, Kluwer Academic Publishers,Norwell, MA, USA, 1994.


36


5/6

[12]Rosing M, Implementing Elliptic CurveCryptography, Manning Publications, 1998.

[13]Schneier B . Applied Cryptography. John Wiley& Sons Inc., New York, New York, USA, 2nd

edition, 1996.[14]Stallings W. Cryptography and Network

Security. Prentice Hall, Upper Saddle River,New Jersey, USA, second edition, 1999.

[15]U.S. Department of Commerce / NationalInstitute of Standard and Technology. FIPS

PUB 197, Specification for the AdvancedEncryption Standard (AES), November 2001.Available at http://csrc.nist.gov/encryption/aes.

[16]Washington L C , Elliptic Curves: NumberTheory and Cryptography Chapman &Hall/CRC, FL, USA. 2003.

Appendix A: Elliptic curves in Galois Field GF(p)

Elliptic curves can be defined in a finite or Galois field

GF(p) y

2

mod p = x

3

+ ax + b mod p where p is aprime number.

Steps in ECC over GF(p)

The following are the steps in performing ECC.Step A: Determine the Base Point.Step B : Determine the public key and the

private key for the sender and receiver.Step C : Perform Encryption

Step D : Perform Decryption

Step A : Steps in finding the Base Point

Step 1: Take the Elliptic curvey2 mod p= x3 + ax +b mod p where p is a prime number.

Step 2 : For values from 0 to p-1, compute LHS and RHSStep 3 : Locate points P where LHS = RHS

Step 4 : Count the number of points n. The total numberof points is always n + 1 (one point at infinity)Step 5 : Find the prime factors of (n+1) and choose thelargest among them.Step 6: Find the negative point for every point computedin step 3.

Step 7 : Now perform addition operation of the each ofthe points obtained in step 3. Addition refers to finding2P, 3P, 4P, 5P.... and tabulate themStep 8 : Repeat step 7 until one gets the point at infinity.Step 9 : Identify the largest prime factor from step 5.

From the table created in step 7,locate for what points of P, the value is O (point at

infinity)Step 10: From the list of points, one can choose any pointwhich will be the base point.

Step B : Steps in Key Generation

Step 1: Sender and receiver agree on the elliptic curve Eand the base point G with order n. The order of n must belarge. Hence E,G and n are known to everyone.Step 2: Sender chooses a random number ds which is 1

hybrid cryptographic algorithm for robust network security

Documents