4 Hybrid Cryptographic Algorithm

Transcription

1 This chapter describes the MD5 hashing mechanism for general m-commerce transactions and Hybrid algorithm that combines the AES and ECC operations for the security mechanism. Part of the work is presented and published in ([GJG2007], [GGJ2008], [JGG2007], [GJG2008]). The ideas about the Hybrid algorithm are the starting point for this thesis improvement. AES and ECC algorithms are discussed in chapter3. Current standards would have to continually extend their key lengths to ensure security, which increases processing time and could make it difficult to secure small devices. ECC can provide greater security when comparing with RSA algorithm. Further work could result in significant speedups for elliptic curve systems by reducing the key size. The HECC is the best alternate for ECC based on key size. HECC can be the cryptosystem of choice for future embedded security applications and real world applications.

2 4.1 MD5 HASHING MECHANISM FOR m-commerce TRANSACTIONS The increasing use of m-commerce applications have necessitated the need for maintaining integrity of transactions. To maintain integrity, J2EE (Java 2 Enterprise Edition) provides a class called Message Digest [MEDOOOO]. The Sun Java Wireless Toolkit which is based on J2ME's Connected Limited Device Configuration (CLDC) and Mobile Information Device Profile (MIDP), do not have a class that can maintain integrity of transactions. Such a class can be designed, developed and implemented in a J2ME environment. To describe the.jar files can be created from the Sun Java Wireless. HASHING and Message Digest A hash function takes a message of any length as input and produces a fixed length string as output, sometimes termed a message digest [IIM2005]. The characteristics of a good hash function are: Should avoid collisions. Should try to spread keys evenly in the array. Should be easy to compute. The two most-commonly used hash functions are MD5 and SHA-1 [FIP2002].

3 Design of MD5 class in mobiles The MD5Pack package is designed and implemented in the Sun Java Wireless Toolkit. This Package contains the core message digest class called MDScls class which implements the functionality of MD5 algorithm. The MD5cls constructor accepts a string of any length and converts it into fixed length 128 bit message digest. The main methods used in this class are: initiateq, updateq, finalq and ashex(). The message digest result is the string type which contains the hexa-decimal value. This MD5cls class object is created and accessed from the MD5Demo class which extends the MIDlet class. This MD5Demo class is used to design the interface on mobile and is used to pass the string to main message digest class [GGJ2008] [GJG2007]. The Message Digest class is developed and implemented using Sun Java Wireless Toolkit on Intel Pentium III Celeron 933 MHz speed with 256 MB RAM. The details of the Sun Java Wireless Toolkit can be had from [JSMOOOO]. 76

4 Initial Screen Sender Screen MD generated by the Receiver Screen sender MD re-generated by the receiver Integrity Check Passed Integrity Check Failed Figure 4.1. MD5 Algorithm in Mobiles

5 .jar file creation The Java Archive (JAR) file format enables one to bundle multiple files into a single archive file. Typically a JAR file contains various class files and auxiliary resources associated with the application. Sun Java Wireless Toolkit provides necessary menus (project-^ package -> create package) for creation of.jar file and this.jar file can be transferred and executed in any mobile that supports Java. This section presented a method for designing and implementing MD5 algorithm in mobiles. The MD5 algorithm has been tested in the Sun Java Wireless Toolkit. Integrity of data is of prime importance in wide ranges of m-commerce transaction applications [GGJ2008]. 4.2 Hybrid Cryptographic Algorithm for Robust Network Security The prime requirements for any e-commerce and m-commerce transactions are Privacy, Authentication, Integrity maintenance and Non- Repudiation. Cryptography [SCH1996] helps us in achieving these prime requirements. Today, various cryptographic algorithms have been developed. These are broadly classified as symmetric key (DES, TDES, Blowfish, CAST, IDEA, RC4, RC6, AES) and asymmetric key (RSA [RSA1978], ECC [CER1997], HECC [WOL2004]) algorithms. The reason for the ECC in this algorithm is that the National Institute of Standards

6 Technology (NIST) recommended that 160 bits of key size in ECC is sufficient instead of 1024 bits key size in RSA [RSA1978] to obtain the same level of security [DMP1998]. Hence, it presents a hybrid algorithm for enhanced network security. The algorithm combines the best features of both symmetric (AES) and asymmetric (ECC) [MEN 1994] encryption techniques. The data (plain text) that is to be transmitted is encrypted using the AES algorithm. Details on AES can be had from [DMP1998]. The AES key is encrypted using ECC [MOV 1997] [CER1997] [CGF2006]. The cipher text of the message and the cipher text of the AES key are then sent to the receiver [JGG2007], To ensure integrity of the transmitted data, the data is subjected to MD5 hash algorithm. The message digest obtained by this process is also encrypted using ECC technique. Thus the sender sends a) Cipher text of the message b) Cipher text of the AES key and c) Cipher text of the message digest. The receiver receives a) Cipher text of the message b) Cipher text of the AES key and c) Cipher text of the message digest

7 Figure 4.2: Sequence of Operations izsel...nssf.../ 80

8 The preliminary step is decrypting the Cipher text of the AES key to obtain the AES key. This is then used to decrypt the cipher text of the message to obtain the plain text. The plaintext is again subjected to MD5 hash algorithm. This process yields a message digest. The cipher text of the message digest is decrypted using ECC technique to obtain the message digest sent by the sender. This value is compared with the computed message digest. If both of them are equal, the message is accepted or else rejected. This hybrid algorithm is a combination of AES and ECC encryption techniques. This hybrid algorithm is tested with various sizes of data and the following results obtained. Runtime analysis of AES and MD5 Runtime Analysis of ECC Encryption (Time in MilliSec.) Decryption (Time in MilliSec.) Message Digest (MD5) Generated (Time in MilliSec.) Encryption Decryption File Size (in Kb) Fig. 4.3b) Runtime analysis ECC Fig. 4.3a) Runtime analysis of AES and MD5

9 Stallings [STA1999] states that the computational complexity for breaking the elliptic-curve cryptosystem for an elliptic curve key size of 150 bits is 3.8 x 1010 MIPS (Million Instructions Per Second). But, the key size of the hyper-elliptic curve cryptography is still more minimal when comparing the elliptic curve cryptography to provide the same level of security. And moreover, Roberto M.Avanzi [AVA2003] and Wollinger T [TJV2003] have stated that the performance of hyperelliptic curves over prime fields is satisfactory enough to be considered as a valid alternative to elliptic curves, especially when large point groups are desired, and the bit length of the characteristic is close to (but smaller than) a multiple of the machine word length. Details of the hyperelliptic curve cryptography can be had from [KOB1998] [MOV 1997] [FAG2007] [MEN 1994], The following are the steps in MD5: Input: b-bit message Step 1: Append padding bits: Padding is performed as follows: a single "1" bit is appended to the message, and then "0" bits are appended so that the length in bits of the padded message becomes congruent to 448, modulo 512. In all, at least one bit and atmost 512 bits are appended. Step 2: Append Length: A 64-bit representation of b (the length of the message before the padding bits were added) is appended to the result of the previous step. At this point, the resulting message has a length that is an exact multiple of 512-bits.

10 Step 3: Initialize the MD Buffer: Four word buffers to compute the Message Digest. Each one is a 32-bit register. Step 4: Process Message in 16-word block Step 5: Output: The message digest produced as output in each of the 4 MD Buffer. Begin with low order byte of the Buffer and end with the high order byte of the Buffer. Algorithm Steps in AES The algorithm consists of four stages that make up a round, which is iterated 10 times for a 128-bit length key, 12 times for a 192-bit length key and 14 times for a 256-bit length key [USD2001]. Stage 1: Sub Bytes transformation is a non-linear for each byte of the block. Stage 2: Shift Rows transformation cyclically shifts (permutes) the bytes within the block. Stage 3: Mix Columns transformation groups 4-bytes together forming 4-term polynomials and multiplies the polynomials with a fixed polynomial mod(x4+l). Stage 4: Add Round Key transformation adds the round key with the block of data.

11 Elliptic curves in Galois Field GF(P) Elliptic curves can be defined in a finite or Galois field GF(p) [HAS2004]. 2 ^ y mod p = x + ax + b mod p where p is a prime number. Steps in ECO over GF(P) The following are the steps in performing ECC. Step A: Determine the Base Point. Step B: Determine the public key and the private key for the sender and receiver. Step C : Perform Encryption Step D : Perform Decryption Step A : Steps in finding the Base Point Step 1: Take the Elliptic curve y2 mod p= x3 + ax +b mod p where p is a prime number. Step 2: For values from 0 to p-1, compute LHS and RHS Step 3: Locate points P where LHS = RHS Step 4: Count the number of points n\ The total number of points is always n + 1 (one point at infinity) Step 5: Find the prime factors of (n+1) and choose the largest among them. Step 6: Find the negative point for every point computed in step 3.

12 Step7: Now perform addition operation of the each of the points obtained in step 3. Addition refers to finding 2P, 3P, 4P, 5P... and tabulate them Step 8: Repeat step 7 until one gets the point at infinity. Step 9: Identify the largest prime factor from step 5. From the table created in step 7, locate for what points of P, the value is O (point at infinity) Step 10: From the list of points, one can choose any point which will be the base point. Step B : Steps in Key Generation Step 1: Sender and receiver agree on the elliptic curve E and the base point G with order n. The order of n must be large. Hence E, G and n are known to everyone. Step 2: Sender chooses a random number d8 which is 1 < d8 < n-1. He then computes d8 * G. For him, d8 is the private key and d8 * G is the public key. Step 3 : Receiver chooses a random number dr which is 1 < dr < n-1. He then computes dr*g. For him, dr is the private key and dr * G is the public key.

13 Step C: Steps in Encryption Step 1: Both sender and receiver agree on the elliptic curve E and the base point G with order n. Hence E,G and n are known to everyone. Step 2 : Sender then encodes the message M as a point. Step 3: Sender then generates a random number k. He then computes the value of kg (again a point). Step 4: Sender takes the public key (drg) of the receiver, multiples the same with k (result is a point), and adds that with M. The result is again a point. Sender sends { kg, M + kdrg } to the receiver Step D: Steps in Decryption Receiver gets { kg, M + kdrg } sent by sender Step 1: Extracts kg portion. Step 2 : Multiples the same with his private key dr> He obtains kgdr> Step 3: He then extracts M + kdfg portion. Subtracts the output of Step 2. i.e. M + kdfg - kgdr> which results in M, the plain text.

14 4.3 Elliptic and Hyper Elliptic Curve Cryptography over Finite Field F p It has recently been reported that elliptic and hyper-elliptic curve cryptography are the two public key cryptographic techniques used to implement the cryptosystems more efficiently and effectively. Many researches are being done to implement these in both hardware and software fields. This section describes the algorithms for private key, public key generation, encryption and decryption for both elliptic curve and hyper-elliptic curve cryptography. Also, the performance of both ECC and HECC are demonstrated. Finally, the comparative study between these two is analyzed [GJG2008]. Cryptography is the branch of cryptology dealing with the design of algorithms for encryption and decryption, intended to ensure the secrecy and/or authenticity of messages. This cryptography is classified into Symmetric and Asymmetric Cryptography based on the number of keys involved in it. The former is the one form of cryptosystem [ATL2006], where the encryption and decryption are performed using the same key which is otherwise called as secret key. The latter one is another form of cryptosystem, where the encryption and decryption are performed using two different keys in which one is referred to as the public key and the other is referred to as the private key.

15 Keys generation (Public Key /Private Key) in BCC: In order to generate keys, to find out one Base Point (G) from the group of Elliptic Curve Points. The Base Point can be generated as follows: [TH01998] Find out the large prime factor (k) for the total number of points (#N) in the elliptic curve group Ep(a4,a6). Compute kp where P is the elliptic curve point in group Ep(a4>a6l- If kp = o then one can consider that P as a Base Point (G) for the key generation process. Algorithm for Keys generation: Input: Public parameters (G, E, p) Output: Public key P and private key a A A 1. aa Cr N [choose a as random prime number in N] 2. Pa< [ajg [The form of PAis a Point in the group Ep(a4,a6) ] 3. Return P and a A A For the random prime number generation in step 1, one can apply the Robbin-Miller Primality Test [JIN2005] or AKS Primality Test algorithm.

16 Elliptic Curve Encryption/Decryption: The first task is to encode the plain text message m to be sent as a (x,y) point, It is the point that will be encrypted as a cipher text and subsequently decrypted. Simply encode the message as the x or y coordinate of a point, because not all such coordinates are in elliptic curve group E^(a4,a&). The Elgamal technique requires some global parameters. Base Point G and an Elliptic group E (a,a ) are the global p 4 6 parameters for the encryption. To encrypt the message, the technique works as follows: To encrypt and send a message to B, A performs the following steps. k G N (choose k as a random positive prime number) R. Q < [k]g P < [k]po (P is receiver s public key) k B B C < (Q, P + P } (C is the Cipher Text and sent as a Point) To decrypt message, the Elgamal Decryption technique works as follows: To decrypt the Cipher Text C, B extracts the first coordinate O m from the cipher text then multiply with its Private Key (a ) and subtract the result from the second coordinate. This can be written as follows, P +kpd -a (Q) = P + kp - a (kg) = P +kpn - k(a G) m B B m B B v ' m B ' B ' P +kp - kp = P m B B m 89

17 In order to perform the above process, the various operations like multiplication of points, addition of points, and negative of a point. A has message m asked the message is encrypted as by adding kp to m. Nobody but A knows the value of k, so even though P is a B B public key, nobody can remove the mask kp For an attacker to remove B. message, the attacker would have to compute k from the given group G and [k]g i.e. Q, which is assumed very hard. This section deals with the public key cryptosystem. There are many algorithms designed based on the public key cryptography. Some of them are RSA algorithm, Diffie-Hellman Key Exchange, Elliptic Curve Cryptography (ECC) and Hyper Elliptic Curve Cryptography (HECC). Many researches are still based on the ECC and HECC. This section mainly deals with the ECC and HECC. The comparison between ECC and HECC is difficult to achieve because of differential sizes, types of operations, and the non- deterministic nature of the HEC operations, in particular the computation of GCDs (Greatest Common Divisors). In addition, a lot of the published ECC [WAS2003] results contain many platform specific optimizations which varying greatly between different implementations. The most interesting results are: 90

18 (a) ECC and HECC are in the same performance range. (b) Under certain conditions hyper elliptic curves are faster than ECC at the same level of security. This result, however, implies the use of very specific curves for HECC. The new metric is validated by comparing our theoretical and practical results. ECC and HECC Applications The need for ECC and HECC are widespread in the applications like e-commerce, m-commerce and embedded systems where the security plays a vital role. The following are the reasons why ECC and HECC are required and why it can be the best alternative compared to RSA. Both ECC and HECC are based on Discrete Logarithm Problems (DLF) which is very hard to break. The length of the key size for performing the encryption and decryption is very minimal compared to any other public-key cryptographic techniques. The following table shows the recommended key size for the various cryptographic techniques which is suggested by the National Institute of Standards Technology (NIST) [NBD2000],

19 Symmetric Key Size (bits) Table4.1: NIST Recommended Key sizes RSA Key Size (bits) Elliptic Curve Key Size (bits) Hyper-elliptic Curve Key Size (genus=2) (bits) *** kick irk* kick This section discusses the fundamental concepts of Elliptic curve and hyper elliptic curve. The working principles of ECC and HECC and the performance of both the ECC and HECC are analyzed [LAN2002]. Performance analysis of ECC and HECC Performance of ECC and HECC is analyzed as an asymmetric key cryptography by designing a digital envelope which comprises AES as symmetric key cryptography along with ECC and/or HECC respectively. Table 4.2 provides details on the time taken (Milliseconds) for Encryption and Decryption of 128 bit AES key and MD5 message digest using ECC and HECC [SKS2000] [WPW2004].

20 Table 4.2: Encryption and Decryption of ECC and HECC 128 bit AES key MD5 Message digest of the Cipher text Encryption (Ecq [ms] Decryption (Ecq [ms] Encryption (HECC) [ms] Decryption (HECC) [ms] [ms] [ms] [ms] [ms] (ECC) (ECC) (HECC) (HECC) Encryption Decryption Encryption Decryption H 128 bit AES key H MD5 Message digest of the Cipher text Figure 4.4: Performance analysis of ECC and HECC

21 Comparison of RSA,ECC and HECC Many researches have been done using ECC and HECC. The working performances of these in the software and hardware area have been compared. This highlights the performance of HECC is better than the ECC and RSA based on following resources. Roberto M.Avanzi [AVA2003] has stated that the performance of hyper-elliptic curves over prime fields is satisfactory enough to be considered as a valid alternative to elliptic curves, especially when large point groups are desired, and the bit length of the characteristic is close to (but smaller than) a multiple of the machine word length. Wollinger T s [TJV2003] contribution clearly shows that HECC - as equal alternative to ECC - can be the cryptosystem of choice for future embedded security applications and real world applications. Table 4.3: Comparison of RSA, ECC and HECC HECC(g=2) ECC RSA HECC(g=2) ECC RSA Encryption Encryption Encryption Decryption Decryption Decryption 128-bit AES key MD5 of the Ciphertext

22 B d d E n c ry p tio n E n c ry p tio n D ecry p ti on D e c ry p tio n D e c ry p tio n i > U 1 O o O o o d o E n c ry p tio n to Ik ECC RSA HECC ECC RSA (g=2) 128-bit AES key l MD5 of the Ciphertext Figure 4.5: Comparison of RSA, ECC and HECC 95