Enhanced Asymmetric Public Key Cryptography based on Diffie-Hellman and RSA Algorithm

Transcription

1 Enhanced Asymmetric Public Key Cryptography based on Diffie-Hellman and RSA Algorithm Princess Arleen S Zamora Gaduate Programs, Technological Institute of the Philippines Quezon City 1901, Philippines pazamora@sscmnl.edu.ph Bobby D Gerardo Institute of Information and Communications Technology West Visayas State University Lapaz, Iloilo City, Philippines bgerardo@wvsu.edu.ph Bartolome T Tanguilig III Graduate Programs Technological Institute of the Philippines Quezon City 1901, Philippines bttanguilig_3@yahoo.com Abstract Cryptography is one way on how to protect data. In this paper, you will see how Diffie-Hellman and RSA Asymmetric Public Key Cryptology works. The output of harmonizing these two algorithms is the Enhanced Asymmetric Public Key Cryptology that will be applied to Document Management System (DMS). Testing of the proposed algorithm is done by simulating its process. Used heap memory, class count, and CPU usage were measured to test the proposed algorithm. Keywords- RSA; DH; RSADH; Cryptology I. INTRODUCTION As data continuous to grow, protection of information is becoming very significant. Every computer system in an organization has its levels of users, and each user has its password for security. Data security can be strengthened by the use of cryptology. The researcher chooses to propose an enhancement in public key cryptology by harmonizing Diffie Hellman(DH) and Rivest, Shamir, Adleman (RSA) algorithm. The proposed algorithm will enhance security in the key exchange process of RSA and add encryption and decryption on the part of DH. The following objectives are expected to be achieved in this paper [1] to harmonize Diffie-Hellman algorithm and RSA security in key exchange process [2] to evaluate the RSADH method by demonstrating the key exchange, encryption and decryption of messages from the given processes; [3] test the performance of the proposed algorithm using used heap memory, class count, and CPU usage. II. REVIEW OF RELATED LITERATURE This section intends to review literature and studies related to Diffie-hellman and RSA cipher, synthesize, and use what applies to the topic. In 1976, Diffie and Hellman [1] proposed a scheme using exponentiation modulo q (a prime) as a public key exchange algorithm. According to their paper; New directions in cryptology, that the best known cryptographic problem is that of privacy: preventing the unauthorized extraction of information from communications over an insecure channel order to use cryptography to ensure privacy and the second problem is authentication: amenable to cryptographic solution which stands in the way of replacing contemporary business communications by teleprocessing system [1] Message authenticity is guaranteed by adding a secret key but also by attaching the date and time to each message and encrypting the entire sequence. Authentication is the heart of any system involving contracts and billing [1]. One-way authentication provides protection against third party attacks. DMS is a multiuser login account. Same as true with the given example by DH, the admin of the DMS needs to set-up his account and chooses his password. Every time the user needs to log in, it asks for a username and a secret password. The problem comes in if the system operators have legitimate reasons to access the password directory. That is the reason DH develops a new login procedure capable of judging the authenticity of the password. Steps are as follows [1]: 1) When the user first enters his password PW, the computer automatically and transparently saves f (PW) and stores this not as PW in the password directory. 2) For each login, the computer calculates f (X), where X is the proffered password, and compares f (X), where X is the proffered password and compares f (X) with the stored value f (PW). 3) If and only if they are equal, the user is accepted as being authentic. The above-mentioned steps are also true with public key cryptology. 1) When the user A sends message M to user B, he first deciphers it in his secret deciphering key and sends D A (M). 2) When user B receives the message, he can read and to make sure of its authenticity, he enciphers it using A s public enciphering key E A. 3) User B also saves D A (M) as a proof of the message that comes from A. 1

2 Preeti and Sharma proposed an improvement of Diffie- Hellman Algorithm. The enhancement was implemented in JAVA. Steps of the proposed algorithm [2] are as follows: 1) The user selects prime no. a (create two separate instances of Diffie-hellman object one for the sender and one for the receiver). 2) Sender enters a prime number. 3) Receiver also enters a prime number. 4) The sender sends p and g (safe prime number) to the receiver. 5) Then the receiver will check if p is safe or not. 6) Creates 256-bit key at sender at sender and receiver side finding the k function. 7) Performs encryption using a key at sender side or decryption at the receiver side. 8) Writes the generated key into a file for analysis purpose. The proposed differs from the DH algorithm on step number 6. Preeti and Sharma tested the two algorithms in terms of entropy, floating frequency, auto-correlation, n-gram, and periodicity. Hirose and Yoshida [3] proposed a two-party authenticated Diffie-hellman key agreement that provides forward secrecy. Interference and un-known key share are the two active attacks solved using KAP (key agreement protocol). Also, the same with other security algorithm, there is also limitations and disadvantages. One of its disadvantages is that each user needs to generate two random numbers from Zq in one execution. It also requires the user s slightly more modular exponentials than other protocol. The algorithm used by Hirose and Yoshida were analyzed and was used as a basis for the researcher to enhance the algorithm. Abdalla et al. [4] called their encryption scheme based on DH problem DHAES. It has a basic property to secure encryption (plain text attacks) and a solution for privacy under adaptive and non-adaptive ciphertext attacks. TABLE I. TABLE I. VISHAL GARG AND YISHU [6] PROPOSED ALGORITHM Sender Side 1) X a< q (user can select any random number less than q) 2) Y a = a xa mod q (Y a is a public key of sender) 3) K = Y b xa mod q (where Y b is a public key of receiver and K is a private key) 4) pow = 2 k 5) pow = pow + q Encrypt every letter of plain text using pow Receiver Side 1) X b< q (user can select any random number less than q) 2) Y b=a xb mod q (Y b is public key of receiver) 3) K = Y xb a mod q (where Y a is a public key of sender and K is a private key) 4) pow = 2 k 5) pow = pow + q Decrypt every letter of cipher text using pow Vishal Garg and Yishu [6] improve DH algorithm for network security enhancement by including pow = 2 k as step 4 (sender side) and use step 4 pow = 2 k and step 5 pow=pow = q on the receiver side. The proposed and classical DH use various parameters such as entropy, autocorrelation, etc. The reason why Rivest, Shamir, and Adleman [7] developed the method for obtaining a digital signature and public key cryptosystem is because they got motivated by the concept of Diffie-Hellman. Notably, the encryption does not increase the size of the message. Both sent messages and the ciphertext are integers ranging from 0 n-1. The author s encryption and decryption methods are: [7] 1) To encrypt the message M, use a public encryption key (e,n). a) First represent the message as an integer between 0 and n-1. (Here you break a long message into series of blocks and represent each as an integer.) Note that the purpose here is to get into the numeric form necessary for encryption. b) For the encryption part, encrypt the message by raising it to the e th power modulo n c-> ciphertext ; C E(M) M e (mod n), for message M 2) To decrypt the ciphertext, raise to another power d, then again modulo n D(C) C d (mod n), for ciphertext C. Below is the process of choosing the encryption and decryption method [6]: a) First compute n as the product of 2 large random prime p and q. Make n as public, but the factors p and q will be effectively hidden from everyone else due to difficulty factoring n. n=p*q. b) Pick the integer d to be a large and random integer and relatively prime to (p-1) (q-1) and check if it satisfies the greatest common divisor equals to 1, gcd (d, (p-1) *(q*1)) =1. c) Compute for e from p, q, and d to be multiplicative inverse of d, modulo(p-1) *(q-1), e*d 1 (mod (p 1) * (q 1)). Pointcheval-* [10] mentioned in his paper that to prove the security of the cryptographic protocol, we must first be precise on what protocol to achieve, under what kind of attack. What motivated him to do the study is in the complexity theory sense that if one can break the cryptographic protocol, one can also efficiently solve the underlying problems. The method he called reductionist security proof is the focus of his study. On his research, he gave an example on how to factor integer using RSA and discrete logarithm using Diffie-Hellman problems. From the journal entitled Comparative Study of Asymmetric Key Cryptographic Algorithms [11] the authors 2

3 claimed that Integer Factorization schemes are based on the fact that it is difficult to factor large integers. And this is one of the processes of RSA. This journal also presented Diffie- Hellman key exchange algorithm and RSA key generation and encryption and decryption. The authors review the five commonly used asymmetric key cryptology algorithms: RSA, Diffie-Hellman, ElGamal, DSA, and ECC. They concluded that RSA needs to grow to 2048 bits. They also mentioned that most practical protocols are hybrid protocols which incorporate both symmetric and public key algorithms. In 2014, Kuppuswammy and Al-Khalidi [12] proposed a hybrid encryption system using a new public key algorithm and private key algorithm. They addressed the concerns of user s privacy, authentication, and accuracy. The integration security is from the four different sources like user, application security, resources and hardware. The hybrid encryption system is a combination of RSA and AES and is an efficient technique to ensure the security of the data being transmitted. Over different text sizes, 128 bits, 256 bits, 512 bits, 1024 and 2048, Meelu and Meelu [13] tried RSA encryption and decryption process. They also mentioned that the code can be used to encrypt a word file, picture file, binary file, and text file. III. THE PROPOSED KEY EXCHANGE Enhancement is done by harmonizing Diffie-Hellman algorithm and RSA security in the key exchange process. The keys agreed upon will be used to unlock the encrypted message and the key generated will be used for encrypting and decrypting the message of a file. In this research paper, the author will use the Diffie-Hellman algorithm to encrypt and decrypt password for a certain file. If somebody tries to hack the file, even if he opens the file, he still needs to decrypt the message. Only the sender and the recipient knows the generated key. The process may take long, but the security of the file /message will be strengthened. A. Diffie-Hellman Key Exchange Algorithm[5] 1) User i chooses a random integer X i and the user j a random integer X j. Then the user i picks a random number X i from the integer set {1, 2,..., q 1}. The user i keeps X i secret, but sends Y i α Xi (mod q), (1) to the user j. Similarly, the user j chooses a random integer X j and sends Y j α Xj (mod q), (2) to the user i. 2) Both users i and j can now compute: K ij α XiXj (mod q), (3) (4) and use K ij as their common key. 3) The user i computes K ij by raising Y j to the power X i : K ij Y j Xi (mod q) (α Xj ) Xi (mod q) α XjXi α XiXj (mod q) and the user j computes K ij in a similar fashion: K ij Y i Xj (mod q), (α Xi ) Xj α XiXj (mod q). B. RSA Key Exchange Algorithm, Encryption and Decryption Algorithm RSA cryptosystems security depends on the problem of factoring large numbers. It was named after its inventor Rivest, Schamir, and Adleman (1977). The steps [7] are as follows: 1) Choose two very large prime p and q. 2) Compute for the value of n: n= pq. (1) 3) Then choose an encryption key e such that e and Φ (n) are coprime. Using Euler s totient function gcd (e, Φ(n)) =1, such that: Φ(n) = (p-1) (q-1). (2) 4) Using the Euclidean algorithm, the private key d for decryption using this formula: d = e -1 (mod Φ (n)) or ed 1 (mod Φ(n)). (3) 5) To encrypt the message m, ciphertext c corresponds to the block in the given formula below: c m e (mod n). (4) The decryption key d and the modulo n are also prime numbers and a private key while e and n are called public keys. 6) To decrypt a ciphertext: m c d (mod n). (5) It also proves that c d m ed m (mod n) because ed 1 (mod Φ (n)). C. The Enhanced Algorithm Based on the gathered research, the problem mentioned with RSA is the speed, because the security of RSA relies on factoring two (2) very large numbers. DH security is based on exponential key exchange. To solve the problem, the author will combine DH [5] and RSA [7]. Since there are two cryptographic algorithms to use, we can now have a small 3

4 prime number to make the processing faster and at the same time to tighten the security of the file/message, the agreed upon prime number will be used to encrypt and decrypt the message. The author will call this enhancement, RSADH. The process of key exchange will be as follows: 1) User i and user j choose a random integer number the two prime numbers p and q. 2) User i and user j choose their respective secret number I and J but send: User i x = q I mod p and sends to user j, (1) User j x = q J mod p and sends to user i. (2) 3) Compute for the Session Key User j k = i x ^J mod p (3) User i k =j x ^ I mod p (4) 4) The file maybe unlocked but the message is still unreadable. To encrypt the message User i and User j use p and q and get for the n and Φ. n=pq, (5) Φ = (p-1) (q-1). (6) a. Specify alphabet to the characters 5) User i and j choose an encryption key e, and the decryption d using the extended Euler Greatest Common Divisor Algorithm e * d mod Φ = 1. 6) Message is encrypted by raising it to the power e and dividing it by n. Encryption is per letter. Use the formula: IV. SIMULATION AND TESTING RESULTS The simulation of the process is done with the use of Cryptool. Algorithm was coded using Java and run the analysis using JVM monitor. TABLE II. TABLE II. KEY EXCHANGE PROCESS, ENCRYPTION, AND DECRYPTION PROCESS OF DIFFIE-HELLMAN, RSA, AND PROPOSED ALGORITHM APKC Process DH RSA Proposed Algorithm (RSADH) User i User j User i Secret User j Secret Shared Key A Shared Key B Session Key n Φ e d Plaintext coded in numbers of base Encryption to Cipher text Ciphertext coded in numbers of base The proposed algorithm used heap memory during runtime approximately increases every one minute. c 1 = m e 1(mod n) (7) 7) The ciphertext is decrypted by raising it to the power d and dividing it by n. Decryption is per letter. Use the formula: m 1 = c d 1(mod n). (8) Translate the deciphered integers into a specific alphabet. Figure 1. Figure 1. Used Heap Memory of the Proposed Algorithm The figure below shows the class being loaded during runtime of the proposed system increases as the program is calling it. 4

5 V. CONCLUSION This paper shows that Diffie-Hellman and RSA Security can be combined to make a more secured algorithm. By having two prime input for p and q, and use this input to get the e and d to strengthen the security of the file. The proposed algorithm adds security in a key exchange process of RSA using some steps of Diffie-Hellman. If ever the file will be unlocked, the message cannot be read because it is encrypted. The proposed algorithm will be used in securing file for document management system. Figure 2. Loaded Class Count of the Proposed Algorithm Figure 3 shows that the CPU usage of the proposed system in less than 95 ms is less than five percent (5%). Testing was done using Intel Core i7 (16 GB RAM). Figure 3. CPU Usage of the Proposed Algorithm REFERENCES [1] W. Diffie and M. Hellman, New Directions in Cryptography, IEEE Trans. Inform Theory, [2] Preeti and B. Sharma, Enhancement in Security by improving Diffie- Hellman Algorithm, International Journal for Advance Research in Engineering and Technology, Vol 2, Issue VI, [3] S. Hirose and S. Yoshida, An authenticated Diffie-Hellman Key Agreement Protocol Secure Against Active Attacks, Springer, Volume 1431, 1998, 2006, pp [4] Abdalla, Bellare, Rogaway, DHAES: An Encryption Scheme based on the Diffie-Hellman Problem, IEEE, [5] M.Y. Lee, Internet Security: Cryptographic Principles and Protocols, John Wiley and Sons, Ltd, 2003, p [6] V. Garg and Rishu, Improved Diffie-Hellman Algorithm for Network Security Enhancement, International J. Computer Technology and Applications, Vol 3 (4) I327-I3 [7] R.L Rivest, A. Shamir and L. Adleman, A Method for Obtaining Digital Signatures and Public Key Cryptosystems, [8] M. Ginsburg, Intranet Document Management Systems as Knowledge Ecologies, Proceedings of the 33rd Hawaii International Conference on System Sciences, IEEE, [9] M.Y. Lee, Internet Security: Cryptographic Principles and Protocols, John Wiley and Sons, Ltd, 2003, p [10] D. Pointcheval, Asymmetric Cryptology and Practical Security, Journal of Telecommunications and Information Technology. Vol 4, 2002, Page [11] Arya, Aswal, and Kumar, International Journal of Computer Science and Communication Networks. Vol 5 Page [12] P. Kuppuswammy and S. Al-Khalidi, Hybrid Encryption/Decryption Technique Using New Public Key and Symmetric Key Algorithm, MIS Review Vol 19 No2, 2014, Pages [13] P. Meelu and R. Meelu, Implementation of Public Key Cryptographic System: RSA, International Journal of Information Technology and Knowledge Management, July- December 2012, Vol 5. No.2, Pages