Secure Information exchange System

Transcription

1 Secure Information exchange System DesignFest Problem Prepared by Saravanan Raju Pradeep Rajendran Visweswara Rao Kottapalli Mohamed Fayad, PhD University of Nebraska, Lincoln Department of Computer Science and Engineering Lincoln, NE

2 Abstract Domain Description Problem Description Block Diagram Use Cases References Abstract In the new knowledge economy, corporations are vying to establish their foothold across the globe. With information being the power, transmission and mobility of this information among these virtual establishments has become a key factor to account profitability. With the advent of the Internet and high bandwidth data communication networks, the discipline of data communication networks is receiving widespread attention among the research community. With organizations connecting their intranet(s) to the public Internet, a big question associated with such an information exchange is How safe it is? Information ranging from ordinary web pages to mission critical data forms a part of today s high bandwidth traffic. The science called Cryptography promises a panacea in such a scenario, which forms the primary design activity of this article. Domain Description Assuming the complexity associated with such a domain, it is essential for the audience to get to know the fundamentals of the science called Cryptography. We describe briefly in this section the basics of cryptography: Cryptography Defined: Cryptography is the science of applying mathematics to encrypt and decrypt data. This enables one to transmit or store sensitive information across public networks aka the Internet so that it cannot be intercepted and interpreted by anyone but for the intended recipient. Encryption: The process of transforming data into a form that is as close to impossible as possible to read without the appropriate knowledge vis-à-vis a key. Its purpose is to ensure privacy by keeping information hidden from anyone for whom it is not intended, even those who have an access to the encrypted data. Decryption: Now that the data is encrypted and assuming that the information has reached the intended recipient the data has to deciphered to enable the receiver to view the contents. Decryption is the process of deciphering the encrypted key and to put in simple words it is the reverse of encryption. Secure Information exchange System 2

3 Key: The process of encryption and decryption requires the use of some secret information, referred to as a key. Depending upon the encryption mechanisms and the context, the same key is used for both encryption and decryption; for other mechanisms, the keys used for encryption and decryption differs [1]. Problem Description The process of adding security to the information forms the crux of our design objective. Our system Secured Information exchange System ( SIXS ) aspires to design the system in a robust way that would ensure secure transmission (see Fig. 3). SIXS : SIXS captures the best features of both conventional and public key cryptography. SIXS is a hybrid cryptosystem that encrypts candidate information by first compressing it. Apart from strengthening cryptographic security, data compression saves bandwidth and storage space particularly the fact that patterns or repetition of information as structures found in candidate information makes it easy for the intruder to crack the cipher. Data compression reduces these patterns in the candidate information, thereby greatly enhancing resistance to cryptanalysis. How SIXS encryption works? SIXS then generates what is called a session key, which is a unique and one-time-only secret key. By capturing random movements of the mouse, the keystrokes and other activities of the input peripherals, a random number is generated. This session key can work with a very secure, fast conventional encryption algorithm to encrypt the candidate information; the result is ciphertext. As soon as the data is encrypted, the session key is then encrypted to the recipient's public key. This public key-encrypted session key is then transmitted along with the ciphertext to the recipient (see Fig. 1). Candidate Information is encrypted with session key Session key is encrypted with Public key Cipher Text + Encrypted Session key Figure 1 Secure Information exchange System 3

4 How SIXS decryption works? The process of decryption works in the reverse with respect to what encryption did. The recipient's copy of SIXS uses the private key to recover the temporary session key generated during the sender s encryption session that SIXS uses to decrypt the conventionally encrypted ciphertext (see Fig. 2). Encrypted Information Encrypted Session Key Recipient s Private Key used to decrypt session key Candidate Information Cipher Text Session key used to decrypt Cipher text Figure 2 Secure Information exchange System 4

5 Block Diagram INPUT OUTPUT Compress? NO Decompress YES YES NO Compress Is the Message Compressed? Monitor Mouse Events and Key Strokes, and create Session Key Decrypt CipherText with Session Key Encrypt PlainText with Session Key Decrypt the Session Key with Private Key Encrypt the Session Key with Public Key Transmit the CipherText and the Encrypted Session Key Receive the CipherText and the Encrypted Session Key Infomation Transmission Figure 3 Architecture of SIXS Secure Information exchange System 5

6 Use Cases Use Case # 1: Monitor activities of input peripherals. Goal in Context: To monitor and record the mouse events, keyboard strokes and activities of other input peripherals, which can be used in generating a session key. Actors: Sender, Mouse, and Keyboard Description: All the mouse events, keyboard strokes and activities of other input peripherals made by the operator are monitored and recorded. The information gathering and monitoring is performed to generate a session key which will be a random number. Use Case # 2: Generation of Session Key Goal in Context: To generate a session key using the information gathered by monitoring the input peripheral events. Actors: Session Key Generator, and Recorded information Description: The session key is an integral part of SIXS. This session key is a large random number. The Session Key Generator using the information recorded prior to generation comes up with this one time unique number. Use Case # 3: Compress data. Goal in Context: To compress the candidate information that is to be exchanged Actors: Compressor, Candidate Information, and Decision maker Description: The information that is to be communicated is analyzed by the Decision maker which decides if the information needs to be compressed or not. If the information is to be compressed, then the compressor compresses the information not only to ensure smaller size but also to get rid of patterns. This process adds security as patterns are easy to crack. Use Case # 4: Generation of Cipher Text Goal in Context: To encrypt the candidate information using the session key Actors: Encryptor, Candidate Information, and Session Key Description: The Encryptor is in charge of adding encryption to the candidate information. To this end it uses the previously generated session key and encrypts the candidate information to produce what is called the Cipher Text. Secure Information exchange System 6

7 Use Case # 5: Session Key Encryption Goal in Context: To encrypt the session key using the public key of the recipient. Actors: Session Key, Encryptor, and Information Description: Session key is also transmitted along with the encrypted information to the recipient and so is the need to protect the session key. This is achieved by the encryptor which encrypts the session key using the public key. Use Case # 6: Transmit information. Goal in Context: To transmit the encrypted information and the encrypted session key Actors: Transmitter, and Media Description: The whole idea of the SIXS is secure information exchange. To do this the Encrypted Information and the Session Key is transmitted to the recipient by the Transmitter via a media. Use Case # 7: Receive the transmitted information and session key Goal in Context: To Receive the transmitted information and session key Actors: Receiver, Encrypted Information, and Encrypted Session Key Description: At the reception end the Receiver is in charge of receiving the transmitted Encrypted Information and the Encrypted Session Key. Various error checking mechanism are enforced to ensure error free reception which is however out of the system domain. Use Case # 8: Decryption of the receipt Session Key Goal in Context: To Decrypt the received Session Key using the private key Actors: Decryptor, the Encrypted Session Key, and Recipient s Private Key Description: The session key that was received had been encrypted at the transmission end. To decrypt the received information we have to first decrypt the encrypted session key. This is done by the Decryptor using the recipient s private key. Use Case # 9: Decryption of the Received Information Goal in Context: To decrypt the received information using the session key Actors: Decryptor, Encrypted Information, and Session Key Secure Information exchange System 7

8 Description: The received information had been encrypted at the transmission end. The information has to be decrypted. This is done by the Decryptor that decrypts the encrypted information using the previously decrypted session key. Use Case #10: Decompression of the Decrypted Information: Goal in Context: To get the original information by decompressing the now decrypted information. Actors: Decompressor, Analyzer, and decrypted information Description: The transmission end may or may not have compressed the candidate information before encrypting it. The Analyzer analyzes the now decrypted information to find out if decompression is needed to obtain the original information. If decompression is needed the decompressor decompresses the information to get the original information. Use Case #11: Sending Acknowledgement Goal in Context: The receiver after receiving the information and decryption then sends an acknowledgement to the sender. Actors: Receiver, Transmitter, Media, and Sender. Description: One of the objectives of SIXS is robustness and reliability, apart from security. Hence upon the receipt of information, decryption, decompression to the original information, the system sends an acknowledgement to the receiver letting know the sender of secure information receipt. This is unique of our system, as the traditional systems deliver an acknowledgement upon the complete receipt of information. Thus an acknowledgement after a successful decompression ensures the highest level of security and standard. References [1] R.L. Rivest, Cryptography, Handbook of Theoretical Computer Science, volume A, MIT Press/Elsevier, Amsterdam, 1990, [2] White Paper, An Introduction to Cryptography, Network Associates, 1998 [3] J. Callas, L. Donnerhacke, H. Finney, and R. Thayer, RFC Request For Comments RFC2440, Networking Working Group, November 1998, (current February 7th 2002). Secure Information exchange System 8