Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
3Activity
0 of .
Results for:
No results containing your search query
P. 1
A Robust Cryptographic System using Neighborhood-Generated Keys

A Robust Cryptographic System using Neighborhood-Generated Keys

Ratings: (0)|Views: 23 |Likes:
The ability to hide information from unauthorized individuals has been a prevalent issue over the years. Countless algorithms such as DES, AES and SHA have been developed. These algorithms depend on varying key length and key management strategies to encrypt and decrypt messages. The size of the encrypted message is so large that it therefore consumes and wastes valuable storage space when implemented in organizations that store and handle large volumes of small data. The ability to share the generated keys securely also poses a problem. This paper proposes a robust cryptographic algorithm which generates its keys from the surroundings and already-designed coding schemes. The proposed system conserves storage space and processing power. The algorithm is implemented and tested using PHP and MySQL DBMS.
The ability to hide information from unauthorized individuals has been a prevalent issue over the years. Countless algorithms such as DES, AES and SHA have been developed. These algorithms depend on varying key length and key management strategies to encrypt and decrypt messages. The size of the encrypted message is so large that it therefore consumes and wastes valuable storage space when implemented in organizations that store and handle large volumes of small data. The ability to share the generated keys securely also poses a problem. This paper proposes a robust cryptographic algorithm which generates its keys from the surroundings and already-designed coding schemes. The proposed system conserves storage space and processing power. The algorithm is implemented and tested using PHP and MySQL DBMS.

More info:

Published by: White Globe Publications (IJORCS) on Sep 12, 2012
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

11/15/2012

pdf

text

original

 
International Journal of Research in Computer ScienceeISSN 2249-8265 Volume 2 Issue 5 (2012) pp. 1-9www.ijorcs.org, A Unit of White Globe Publicationsdoi: 10.7815/ijorcs.25.2012.041
www.ijorcs.org
 
A ROBUST CRYPTOGRAPHIC SYSTEM USINGNEIGHBORHOOD-GENERATED KEYS
Samuel King Opoku
Computer Science Department, Kumasi Polytechnic, GHANA Email: samuel.k.opoku@gmail.com
 Abstract:
 
The ability to hide information fromunauthorized individuals has been a prevalent issueover the years. Countless algorithms such as DES, AES and SHA have been developed. These algorithmsdepend on varying key length and key management strategies to encrypt and decrypt messages. The size of the encrypted message is so large that it thereforeconsumes and wastes valuable storage space whenimplemented in organizations that store and handlelarge volumes of small data. The ability to share thegenerated keys securely also poses a problem. This paper proposes a robust cryptographic algorithmwhich generates its keys from the surroundings and already-designed coding schemes. The proposed system conserves storage space and processing power.The algorithm is implemented and tested using PHPand MySQL DBMS 
.
 
 Keywords:
Cryptography, DES, AES, SHA, CodingScheme, Key Management, Privacy, Security.
I.
 
INTRODUCTIONCryptography has been the technique for preventingunwanted disclosure of the content of informationthrough encryption. Encryption is therefore the methodof transforming information into an illegible format.Cryptography involves the use of keys in eithersymmetric or asymmetric way to encrypt messages [1].In symmetric cryptography, the receiver and sender of an encrypted message have the same key [1], [2] todecipher the encrypted message. The commonlyknown algorithms that use symmetric cryptography areData Encryption Standards (DES) and AdvancedEncryption Standard (AES). The problem associatedwith symmetric cryptography is the ability to share thekey securely [2].Asymmetric cryptography, on the other hand,requires the generation of two keys – public andprivate keys – for data encryption. The public key maybe distributed freely and is used for encrypting data.The private key is given to the intended recipient of the encrypted data who can decrypt the data securely[3]. Traditional asymmetric cryptography widely andeffectively used in the Internet relies on a PublicKey Infrastructure (PKI). The success of PKI dependson the availability and security of a CertificateAuthority (CA) – a central control point that everyonetrusts [4]. To ensure maximum security, private andpublic keys generated by PKI are periodicallyrefreshed as per application by the Trent [3], [4]. Trentregenerates the keys and informs the partiesrepeatedly. Each party's public key is distributed to theentire parties and the private key needs to be sent tothe party individually via a secure channel. Keydistribution in asymmetry cryptography is much easier.Authentication and non-repudiation are available inasymmetric key distribution. Compromising a privatekey of a user does not reveal messages encrypted forother users in the group. The involvement of Trent ingenerating keys however affects the privacy issue of the individuals [3]. Asymmetric cryptography isgenerally computational expensive [4].Asymmetric cryptography is used in DigitalSignature Standard (DSS), Password authenticated keyagreement technique and with key distributionalgorithms [1], [3], [5]. Commonly known algorithmsthat use asymmetric cryptography are Elliptic CurveCryptosystem (ECC), Rivest-Shamir-Adleman (RSA)[6]. Identity-Based Cryptography (IBC) has been themethod developed to eliminate the requirement of certificate distribution [7] - [9]. IBC brings free pair-wise keys without any interaction between nodesrequiring lower processing power, storage space andcommunication bandwidth. It however requiressignature scheme [7]. Protocols based on certificatelesspublic key cryptography (CL-PKC) are preferred sincethey do not need certificates to guarantee theauthenticity of public keys and does not suffer fromkey escrow of identity-based cryptography [3], [5]Data can be encrypted in three ways [10], [11]:1.
 
Stream Cipher which works by encrypting singlebits or bytes of information one a time. Thetechnique uses symmetric cryptography methods inits process2.
 
Block Cipher which is an encryption technique thatbreaks down and encrypts data into individualblocks. The size of a block is typically 64bits [12].The DES and AES have used block cipher design intheir applications [2].
 
2 Samuel King Opoku
 
www.ijorcs.org
 
3.
 
Using hash algorithm is another encryptiontechnique. It uses mathematical algorithm toconvert large amounts of data into smaller,compressed size. This technique is used in “Oneway encryption” [13] where data is not decryptedfor viewing. It provides data integrity andauthentication but no confidentiality. The generalhashing algorithms uses 128-bit hash value, 160-bithash or 256-bit hash value. 128-bit hash values areproduced by Message Digest (MD) algorithms suchas MD2, MD4 and MD5. 160-bit hash values areproduced by Secure Hash Algorithms (SHA) suchas SHA-1. Various versions of SHA’s with varyinghash values have been evolved. These includeSHA-256, SHA-384 and SHA-512 whichrespectively produce 256-bit, 384-bit and 512-bithash values. This method generate large values forsmall data and is therefore not appropriate forencrypting large number of small data that need tobe stored and retrieved in a databaseThe figure below summarizes thefunctionalities of the above algorithms.
Figure 1: Functionalities of the Various Cryptographic
 
 Algorithms
 
In spite of the above algorithms, encryptedmessages are usually subjected to attacks. Activeattackers modify system files, masquerade and changemessages with the aim to discover the key used in theencryption process. Commonly used attacks are [14]-[18]:
 A.
 
Cipher-Only (also known as Known-Cipher) Attacks:
 Attacker has ciphertext of several messages thathave been encrypted using the same encryptionalgorithm. The attacker then aims at deducing plaintextor even better, the key from the ciphertext.
 B.
 
Known-Plaintext Attacks:
Attacker has the plaintext and ciphertext of one ormore messages. The attacker tries to discover the keyused to encrypt one of the messages and use the key todecipher and read the other messages. A typicalvariation is the Linear Cryptanalysis in which theattacker evaluates the input and output values for eachSubstitution-box (S-box) [19]. With S-box, eachmessage is being encrypted with the same key [20].The attacker evaluates the probability of input valuesending up in a specific combination and assigns theseprobability values to different keys until one shows acontinual pattern of having the highest probability
C.
 
Chosen-Plaintext Attacks:
Attacker has the plaintext but can choose randomlythe plaintext to be encrypted to see the correspondingciphertext. This gives the attacker, more power andpossibly a deeper understanding of the way theencryption process works so that they gather moreinformation about the key being used. Another form of this attack is the Differential Cryptanalysis (DC). InDC, the attacker takes two messages of plaintext andfollows the changes that took place to the blocks asthey go through different S-boxes. The differencesidentified in the resulting ciphertext values are used tomap probability values to different possible keyvalues. DC has been used to break severalcryptosystems such as DES and Triple-DES [21], RC4[22] and AES [23].
 D.
 
Chosen-Ciphertext Attacks:
Attacker chooses a ciphertext to be decrypted underunknown key. The goal is to figure out the key. This isa harder attack to carry out compared to the previouslymentioned attacks. The attacker needs to have controlof the system that contains the cryptosystem
 E.
 
Side-Channel Attacks:
Attacker measures power consumption, radiationemissions and the time it takes for certain types of datato process. With this information, an attacker can work backwards by reverse-engineering the process touncover an encryption key or sensitive data. A powerattack, an attack to review the amount of heat released,has been successful in uncovering confidentialinformation from smart cards. RSA private keys wereuncovered in 1995 by measuring the relative timecryptographic operations took 
F.
 
Statistical Attacks:
Attacker identifies statistical weaknesses inalgorithm design for exploitation. For instance, aRandom Number Generation (RNG) may be biased. If 
 
 A Robust Cryptographic System using Neighborhood-Generated Keys 3
 
www.ijorcs.org
 
keys are taken directly from the output of the RNG,then the distribution of keys would also be biased. Thestatistical knowledge about the bias could be used toreduce the search time for the keys
G.
 
 Replay Attack:
Attacker captures some type of data (usuallyauthenticated information) and resubmits it with thehope of fooling the receiving device into thinking thatit is legitimate information. Time stamps and sequencenumbers are countermeasures to replay attacks.The strength of a cryptographic mechanismdepends on the length of the key and the keymanagement strategy used [11]. The length of the keyis directly proportional to the effectiveness of thealgorithm and the number of bits in the encryptedmessage. Thus storage space are usually consumed andwasted when these algorithms are implemented inorganizations that store and use large volumes of smalldata. This paper proposes a robust cryptographicalgorithm which generates its keys from thesurroundings and coding schemes. The proposedsystem conserves storage space and processing power.The algorithm is implemented and tested usingHypertext Preprocessor (PHP) and MySQL DatabaseManagement System (DBMS).II.
 
CRYPTOGRAPHIC PARAMETERS AND KEYSGENERATIONThis section describes the various elements requiredto generate the keys for the cryptographic system. Italso describes how these keys are obtained from thedatabase environment.
 A.
 
Obtaining Cryptographic Parameters
The cryptographic system designed in this work isbased on the following:1.
 
The database table which contains the amount to beencrypted has Date, Time and the Cashier’sIdentification (CashierID) as part of its fields.These fields may constitute the primary fields of thetable2.
 
The Date should be in the format dd-mm-yy ordd/mm/yy. The separator of the date elements isinconsequential to the efficiency of the system. Theelements (dd, mm, yy) are employed suchthat
 
dd,01
dd
31
;
mm,01
mm
12
and
 
yy,00
yy
99
. Designers can chooseyyyy such that
yyyy,0000
yyyy
9999
 instead of yy.3.
 
The Time should be in the format HH:MM:SS andthat
HH,00
HH
23
;
MM,01
MM
59
 and
SS,00
SS
59
 4.
 
The CashierID consists of uppercase alphanumericcharacters only. There is no such special symbol as+, =, * and -. Thus CashierID only contains Englishuppercase letters and digits. Software designers arealso allowed to include lowercase letters and thenassign coding scheme values to them.5.
 
The amount to be encrypted should be in the format
#
+
.## ,
where
#
Z
+
and 0
#
9
 6.
 
and the Kleene star, +, represents one or moreoccurrences. Thus the least amount is 0.00
 B.
 
Key Generation
The keys are generated from the fields in thedatabase table. The various elements (dd, mm, yy oryyyy, HH, MM and SS) are manipulated such that thevalue obtained for any given expression is greater thanzero. Basically, there are two keys generated. Theseare called
1
and
2
. K 
1
is obtained from date and timeelements whereas
2
is obtained from CashierID.To obtain the value of K
1
from date and time,designers are allowed to create their own formulas butthey should keep in mind that their formulas shouldsatisfy this condition,
1
> 0
. A typical generation of 
1
which is used throughout this work is given as:
K
1
=(dd
mm+SS)
(HH+MM+yy)
.With this definition of 
1
, it implies that
 
∀
1
,
1
>0 and 1
 
1
 
78011
.
1
=1
when the date isgiven as 01/01/00 (that is 1st January, 2000) and thetime of entry is 00:00:00 (that is 12:00:00 am).However,
1
=78011
when the date is 31/12/99 (thatis 31st December, 1999) and the time is 23:59:59.Since date and time do not remain constant, it impliesthat the same amount encrypted at different periodswill have different
1
values and hence different ciphertexts.The key,
2
, is obtained from the individualcharacters which constitute CashierID so that:
2
=
(
ℎ
 

 
ℎ
).
 Each character in CashierID is encoded byassigning them numeric values. The flexibility of thesystem also gives the designer the choice of values tobe assigned to the various characters. However, toimprove the efficiency of the system, designers areencouraged to assign at least two-digit value (that is avalue greater than or equal to ten) to each character.The table below shows a sample of values assigned toeach encoded character.
Table 1: Sample Coding Scheme for K 
2
Generation
 
CODING SCHEME FOR GENERATING K
2
 
A
 
21
J
 
30
S
 
39
1
 
48
 B
 
22
 K
 
31
T
 
40
2
 
49
 C
 
 
23
 L
 
32
U
 
41
3
 
50
 D
 
24
 M
 
33V
 
42
4
 
51
 

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->