,
Multi-party Supportive Symmetric Encryption
V. Nandakumar
Assistant Professor, Computer Centre, Alagappa University,Karaikudi, Tamilnadu, INDIA, Email: vnkumar62@yahoo.com
Dr. E.R.Naganathan
Professor, Department of Computer Applications, VelammalCollege of Engineering, Chennai, Tamilnadu, INDIA,Email: ern_jo@yahoo.com
Dr. S.S. Dhenakaran
Assistant Professor, Computer Centre, Alagappa University,Karaikudi, Tamilnadu, INDIA, Email: ssdarvind @yahoo.com
Abstract
Business data is a valuable asset for manyOrganizations. Organizations need security mechanisms thatprovide confidentiality for outsourcing their data services.Encrypting sensitive data is the normal approach in such asituation. Applications typically use Symmetric keys forencryption, or Asymmetric keys for their transmissions. In caseof Asymmetric encryptions they use the public keys of the signersalong with files sent. Since these identity strings are likely to bemuch shorter than generated public keys, the identity based keygeneration is an appealing option. A multi-signature schemeenables a group of signers to produce a compact, joint signatureon a common document, and has many potential uses. Existingschemes with multi signers impose requirements that make themimpractical, such as requiring a dedicated, distributed keygeneration protocol amongst potential users. These requirementslimit the use of the schemes. Multi-Party or co-operativeauthentication on information is a trusted source of security. Inthis paper, we propose an encryption scheme where eachauthorized user’s information is used to encrypt and decryptdata. This paper, presents a multi-party yet supportive, secureand identity-based scheme based on symmetric encryption,Multi-party Supportive Symmetric Encryption (MSSE). Thispaper takes an effort to resolve the security issues and also reporton the results of the implementation
Keywords:
Symmetric Encryption, Sub-key, Key Management,Key generation, Multi-party
I.
I
NTRODUCTION
Information channels are generally vulnerable toeavesdropping and attacks from outsiders. Strong cryptographyis needed to protect these channels. Traditional access controlsthat provided confidentiality were designed in-house anddepended on authorization policies. According to Forrester Research, enterprise storage needs grow at 52 percent per year [1] and organizations chose to outsource their data storage tothird parties. One of the biggest challenges raised by datastorage outsourcing was security and trust. Cryptographicapproach also provided data confidentiality. Encryption is amethod to securely share data over an insecure network or storage site. Users who communicated needed to establish amutually held secret key k. In public key cryptography twoparties communicated with a public and private key. Thefunctionality allowed the parties to establish a sharedsymmetric key and to encrypt and decrypt messages in an idealway using this key. The key was meant to be a long-termshared key never given to the parties, but be a part of thefunctionality.II.
MULTIPLE
ENCRYPTIONMultiple encryption is the process of encrypting an alreadyencrypted message one or more times, either using the same or a different algorithm. Multiple encryption algorithms allowusers to pick their own logic and the benefit of this approach isthat if an algorithm turns out to be seriously broken, supportingmultiple algorithms can make it easier for users to switch.Multiple algorithms add more complexity to the application.III.
M
ULTI
-
SIGNATURE SCHEMES
Multi-signature schemes [2] allows different signers withpublic keys to collectively sign a message, yielding a multi-signature. Multi-signature schemes greatly save oncommunication costs. In most applications these public keyswill have to be transmitted along with the multi-signature. Thepublic keys of all cosigners are needed to verify the validity of such a multi-signature schemes. The inclusion of informationthat uniquely identifies the cosigners seems inevitable for verification For example, the signers’ user names or IPaddresses could suffice for this purpose; this information mayeven already be present in package headers:IV.
I
DENTITY BASED SIGNATURES
In an identity-based signature scheme [3], the public key of a user is simply his identity, e.g. his name, email or IP address.A trusted key distribution center provides each signer with thesecret signing key corresponding to his identity. When allsigners have their secret keys issued by the same keydistribution center, individual public keys become obsolete,removing the need for explicit certification and all associatedcosts. These features make the identity-based paradigmparticularly appealing for use in conjunction with multi-signatures, leading to the concept of identity-based multi-signature (IBMS) schemes. Application implementations of IBMS schemes are rather limited. While pairings have turnedout extremely useful in the design of cryptographic protocols,they were only recently brought to the attention of cryptographers [4], and hence did not yet enjoy the sameexposure to cryptanalytic attacks by experts as other, older problems from number theory such as discrete logarithms,
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 2, February 2011229 http://sites.google.com/site/ijcsis/ISSN 1947-5500
,
factoring and RSA. Our scheme is essentially a multi-party co-operative Symmetric scheme with identity of the participatingparties. The techniques are strengthened to provide securityagainst concurrent.V.
RELATED WORK
Diffie and Hellman [5] have argued that the 56-bit key usedin the Federal Data Encryption Standard (DES) [6] is too smalland that current technology allows an exhaustive search of the256 keys. Double encryption has been suggested to strengthenthe Federal Data Encryption Standard (DES). A recent proposalsuggests that using two 56-bit keys but enciphering 3 times(encrypt with a first key, decrypt with a second key, thenencrypt with the first key again) increases security over simpledouble encryption. At the 1978 National Computer Conference,Tuchman [7] proposed a triple encryption method which usesonly two keys, K1 and K2. The plaintext is encrypted with K1,decrypted with K2, then again encrypted with K 1. Schemesthat encrypt data on the client-side, enable server-side searcheson encrypted data. [8] Introduced the first practical scheme for searching on encrypted data. The scheme enables clients toperform searches on encrypted text without disclosing anyinformation about the plaintext to untrusted servers. Theuntrusted server cannot learn the plaintext from the encryptedsearch results. The basic idea is to generate a keyed hash for the keywords and store this information inside the ciphertext.The trusted server can search the keywords by recalculatingand matching the hash value. [9] proposed a scheme to executeSQL queries over encrypted numeric data and is suitable for exact matches and also range queries. Its strategy is to store theencrypted numbers with some index information and to splitthe query into a query on the encrypted data processed by theuntrusted server and a query on the returned result for post-processing results on the client. [10] presented a scheme for searches on encrypted data using a public key system thatallows mail gateways to handle email based on whether certainkeywords exist in the encrypted message. The applicationscenario is similar to [8], but the scheme uses identity-basedencryption instead of symmetric ciphers. Using asymmetrickeys allows multiple users to encrypt data using the public key,but only the user who has the secret key can search and decryptthe data. [11, 12] enable searches on encrypted data byconstructing secure indexes. All the schemes above rely onsecret keys however, which implies single user access or sharing keys among a group of usersVI.
M
ULTI
-
PARTY
S
UPPORTIVE
S
YMMETRIC
E
NCRYPTION
(MSSE
)
The basic characteristic of MSSE is sharing of informationbetween users in the generation of the key. Each user has hisown information designed as a part of the key. This sectionintroduces the basic construction of the multi-party supportivesymmetric encryption scheme built upon symmetricencryptions. The notions of security are also discussed andproofs provided in later sections. MSSE Scheme has its ownunique features. The Key features being Variable key length,Key dependent rotation, Lengthy key schedule algorithmand Multiple Linear Functions with Variable of number of rounds.
Plain Text Symmetric Key
Fig. 2. MSSE Architecture
VII.
KEY
GENERATIONThe key will be generated with both the sender, receiver andservers name included. Since the key comprises of variouscomponents and is a combination of server and client relatedinformation, it makes it hard for the attacker to guess the key.The step by step procedure is as follows:
A.
A KEY GENERATION ALGORITHM
Sender and Receiver agree on two numbers “
p
” and “
g
” ,where p is a large prime number and g the base generator.Sender then chooses his secret odd number called “
a
”.Similarly the Receiver’s secret odd number is “
b”.
Sender andReceiver exchange their numbers. The senders email id isknown to the receiver and the receiver knows the sendersemail id. Sender knows
p, g, a, b, receivers emailID
and the
Receiver knows
p, g, b, a, senders emailID.
B
FUNCTION MAIN KEY
INPUT
: p,g,a,b and Senders Email Id, Receivers Email ID
OUTPUT
: 512 bit Secret KeyThe First part of the key
k
1
is the senders email id convertedinto its ASCII value in 192 bits or 49 bytes. The sender Computes the Key for Encryption as
k
2
=
g
b
mod
p.
TheThird part of the key
k
3
is the receivers email id convertedinto its ASCII value in 192 bits or 49 bytes. The final and
B1,B2,B3……. K1 K2 K3…….MSSE Key (K1B1,K2B2,………)RAR XOR RAL Complement
Cipher Text C1,C2…
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 2, February 2011230 http://sites.google.com/site/ijcsis/ISSN 1947-5500
,
fourth part of the encryption key is computed as
k
4
=
g
a
mod
p.
The Secret key is generated as
Key K = k
1
||k
2
||k
3
||k
4.
asdemonstrated in Fig. 1.
Fig. 1. The 512 bit Encryption key
For example,p=11 and g = 10 and a=5 and b=8 ThenK
2
= 10
5
mod 11 would be 10 and K
4
= 10
8
mod 11 would be10If the email id of the sender vnkumar62@yahoo.com , thiswould be translated into the following sequence 118 110 107117 97 114 54 50 64 121 97 104 111 111 46 99 111 109If the email id of the receiver is ssdarvind@yahoo.com , thiswould be translated into the following sequence 115 115 10097 114 118 105 115 100 64 121 97 104 111 111 46 99 111109The
Key K = k
1
||k
2
||k
3
||k
4
00001010 01110110 01111000 01110101 0111010101100001 01110110 00110110 00110010 0100000001111001 01100001 01101000 01101111 0110111100101010 01100011 01101111 01101101 011110111011110111 01100100 00110110 01110110 0111011001101001 01111000 01100100 01101000 0110111101101111 00101010 01100011 01101111 0110110100001010.Here a 432 bit key is generated. It will be split into 216 Twobit keys. It will have a minimum of 40 rounds of sub-keys for one round of the Secret key. Approximately 256 x 216 i.e 50k bytes of Plain text will be converted to Cipher text with oneround of the key.
C
KEY SCHEDULING (DIVIDE-KEY FUNCTION)
This function is called Divide-key function because it createsTwo bit keys from the secret key. The function knows thelength of the secret key in advance and then correspondinglysplits the secret key into equal 2 bit sub-keys as explained inequation (1) :
K(
1,2,3,4….l
)=K(
1to-2
, K
3to48
, ……K
l-2 to l
)
,………(1)where 1,2,4….l are the no of sub keys and l is the variablelength of the key based on the senders and receivers email id’sand agreed numbers p,g, a,b.
D MSSE ENCRYPTION ALGORITHM
Step 1: Generate 512 bit Secret key using Main_Key functionStep 2: split the Secret key into 2 bit Sub-keys with Divide-key FunctionStep 3 : counters ky=0,j=0,kcnt=keylength in bits /2For i=0 to msglength do step 512j= j+1C[i] = M[i] SHL //SHL OnceC[i] = M[i] SHL // SHL Second TimeC[i] = M[i] XOR k
j
// XOR of two bit sub keypadded with zeros to get 8 bits is doneIf j > kcnt thenJ=0End if Next iStep 4 Display CINPUT: M=(m1….m
512
) plain text and K =(k1….k
256
) 256 bitSecret key split as 2 bit keyOUTPUT: C=512 byte cipher text
E MSSE DECRYPTION ALGORITHM
Step 1: Generate 512 bit Secret key using Main_Key functionStep 2: split the Secret key into 2 bit Sub-keys with Divide-key FunctionStep 3 : counters ky=0,j=0,kcnt=keylength in bits /2For i=0 to msglength do step 512j= j+1C[i] = M[i] XOR k
j
// XOR of two bit sub keypadded with zeros to get 8 bits is doneC[i] = M[i] SHR //SHR OnceC[i] = M[i] SHR // SHR Second TimeIf j > kcnt thenJ=0End if Next iStep 4 Display MINPUT: C=(c1….c
512
) cipher text and K =(k1….k
256
) 256 bitSecret key split as 2 bit keyOUTPUT: M=512 byte plain text.
64 bit keyof Sender64 bit keyof ReceiverEmail Id of theReceiver in 192bits (49 Bytes)Email Id of theSender in 192bits (49 Bytes)
(IJCSIS) International Journal of Computer Science and Information Security,Vol. 9, No. 2, February 2011231 http://sites.google.com/site/ijcsis/ISSN 1947-5500
Search History:
Result 00 of 00
00 results for result for
p.
Multi-party Supportive Symmetric Encryption
Business data is a valuable asset for many Organizations. Organizations need security mechanisms that provide confidentiality for outsourcing their data services. Encrypting sensitive data is the normal approach in such a situation. Applications typically use Symmetric…
(More)
747
Reads
3
Readcasts
0
Embed Views
More From This User
Notes
Load more
