This action might not be possible to undo. Are you sure you want to continue?

2, February 2011

,

**Multi-party Supportive Symmetric Encryption
**

V. Nandakumar

Assistant Professor, Computer Centre, Alagappa University, Karaikudi, Tamilnadu, INDIA, Email: vnkumar62@yahoo.com

Dr. E.R.Naganathan

Professor, Department of Computer Applications, Velammal College of Engineering, Chennai, Tamilnadu, INDIA, Email: ern_jo@yahoo.com

Dr. S.S. Dhenakaran

Assistant Professor, Computer Centre, Alagappa University, Karaikudi, Tamilnadu, INDIA, Email: ssdarvind @yahoo.com Abstract—Business data is a valuable asset for many Organizations. Organizations need security mechanisms that provide confidentiality for outsourcing their data services. Encrypting sensitive data is the normal approach in such a situation. Applications typically use Symmetric keys for encryption, or Asymmetric keys for their transmissions. In case of Asymmetric encryptions they use the public keys of the signers along with files sent. Since these identity strings are likely to be much shorter than generated public keys, the identity based key generation is an appealing option. A multi-signature scheme enables a group of signers to produce a compact, joint signature on a common document, and has many potential uses. Existing schemes with multi signers impose requirements that make them impractical, such as requiring a dedicated, distributed key generation protocol amongst potential users. These requirements limit the use of the schemes. Multi-Party or co-operative authentication on information is a trusted source of security. In this paper, we propose an encryption scheme where each authorized user’s information is used to encrypt and decrypt data. This paper, presents a multi-party yet supportive, secure and identity-based scheme based on symmetric encryption, Multi-party Supportive Symmetric Encryption (MSSE). This paper takes an effort to resolve the security issues and also report on the results of the implementation Keywords: Symmetric Encryption, Sub-key, Key Management, Key generation, Multi-party

shared key never given to the parties, but be a part of the functionality. II. MULTIPLE ENCRYPTION

Multiple encryption is the process of encrypting an already encrypted message one or more times, either using the same or a different algorithm. Multiple encryption algorithms allow users to pick their own logic and the benefit of this approach is that if an algorithm turns out to be seriously broken, supporting multiple algorithms can make it easier for users to switch. Multiple algorithms add more complexity to the application. III. MULTI-SIGNATURE SCHEMES

Multi-signature schemes [2] allows different signers with public keys to collectively sign a message, yielding a multisignature. Multi-signature schemes greatly save on communication costs. In most applications these public keys will have to be transmitted along with the multi-signature. The public keys of all cosigners are needed to verify the validity of such a multi-signature schemes. The inclusion of information that uniquely identifies the cosigners seems inevitable for verification For example, the signers’ user names or IP addresses could suffice for this purpose; this information may even already be present in package headers: IV. IDENTITY BASED SIGNATURES

I.

INTRODUCTION

Information channels are generally vulnerable to eavesdropping and attacks from outsiders. Strong cryptography is needed to protect these channels. Traditional access controls that provided confidentiality were designed in-house and depended on authorization policies. According to Forrester Research, enterprise storage needs grow at 52 percent per year [1] and organizations chose to outsource their data storage to third parties. One of the biggest challenges raised by data storage outsourcing was security and trust. Cryptographic approach also provided data confidentiality. Encryption is a method to securely share data over an insecure network or storage site. Users who communicated needed to establish a mutually held secret key k. In public key cryptography two parties communicated with a public and private key. The functionality allowed the parties to establish a shared symmetric key and to encrypt and decrypt messages in an ideal way using this key. The key was meant to be a long-term

In an identity-based signature scheme [3], the public key of a user is simply his identity, e.g. his name, email or IP address. A trusted key distribution center provides each signer with the secret signing key corresponding to his identity. When all signers have their secret keys issued by the same key distribution center, individual public keys become obsolete, removing the need for explicit certification and all associated costs. These features make the identity-based paradigm particularly appealing for use in conjunction with multisignatures, leading to the concept of identity-based multisignature (IBMS) schemes. Application implementations of IBMS schemes are rather limited. While pairings have turned out extremely useful in the design of cryptographic protocols, they were only recently brought to the attention of cryptographers [4], and hence did not yet enjoy the same exposure to cryptanalytic attacks by experts as other, older problems from number theory such as discrete logarithms,

229

http://sites.google.com/site/ijcsis/ ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 9, No. 2, February 2011

,

factoring and RSA. Our scheme is essentially a multi-party cooperative Symmetric scheme with identity of the participating parties. The techniques are strengthened to provide security against concurrent. V.

RELATED WORK

**and Multiple Linear Functions with rounds.
**

Plain Text

B1,B2,B3…….

Variable of number of

Symmetric Key

K1,K2,K3…….

Diffie and Hellman [5] have argued that the 56-bit key used in the Federal Data Encryption Standard (DES) [6] is too small and that current technology allows an exhaustive search of the 256 keys. Double encryption has been suggested to strengthen the Federal Data Encryption Standard (DES). A recent proposal suggests that using two 56-bit keys but enciphering 3 times (encrypt with a first key, decrypt with a second key, then encrypt with the first key again) increases security over simple double encryption. At the 1978 National Computer Conference, Tuchman [7] proposed a triple encryption method which uses only two keys, K1 and K2. The plaintext is encrypted with K1, decrypted with K2, then again encrypted with K 1. Schemes that encrypt data on the client-side, enable server-side searches on encrypted data. [8] Introduced the first practical scheme for searching on encrypted data. The scheme enables clients to perform searches on encrypted text without disclosing any information about the plaintext to untrusted servers. The untrusted server cannot learn the plaintext from the encrypted search results. The basic idea is to generate a keyed hash for the keywords and store this information inside the ciphertext. The trusted server can search the keywords by recalculating and matching the hash value. [9] proposed a scheme to execute SQL queries over encrypted numeric data and is suitable for exact matches and also range queries. Its strategy is to store the encrypted numbers with some index information and to split the query into a query on the encrypted data processed by the untrusted server and a query on the returned result for postprocessing results on the client. [10] presented a scheme for searches on encrypted data using a public key system that allows mail gateways to handle email based on whether certain keywords exist in the encrypted message. The application scenario is similar to [8], but the scheme uses identity-based encryption instead of symmetric ciphers. Using asymmetric keys allows multiple users to encrypt data using the public key, but only the user who has the secret key can search and decrypt the data. [11, 12] enable searches on encrypted data by constructing secure indexes. All the schemes above rely on secret keys however, which implies single user access or sharing keys among a group of users VI. MULTI-PARTY SUPPORTIVE SYMMETRIC ENCRYPTION (MSSE )

MSSE Key (K1B1,K2B2,………)

RAR

XOR

RAL

Complement

Cipher Text C1,C2…

Fig. 2. MSSE Architecture

VII. KEY GENERATION The key will be generated with both the sender, receiver and servers name included. Since the key comprises of various components and is a combination of server and client related information, it makes it hard for the attacker to guess the key. The step by step procedure is as follows: A. A KEY GENERATION ALGORITHM Sender and Receiver agree on two numbers “p” and “g” , where p is a large prime number and g the base generator. Sender then chooses his secret odd number called “a”. Similarly the Receiver’s secret odd number is “b”. Sender and Receiver exchange their numbers. The senders email id is known to the receiver and the receiver knows the senders email id. Sender knows p, g, a, b, receivers emailID and the Receiver knows p, g, b, a, senders emailID. B FUNCTION MAIN KEY INPUT: p,g,a,b and Senders Email Id, Receivers Email ID OUTPUT: 512 bit Secret Key The First part of the key k1 is the senders email id converted into its ASCII value in 192 bits or 49 bytes. The sender Computes the Key for Encryption as k2 = g b mod p. The Third part of the key k3 is the receivers email id converted into its ASCII value in 192 bits or 49 bytes. The final and

The basic characteristic of MSSE is sharing of information between users in the generation of the key. Each user has his own information designed as a part of the key. This section introduces the basic construction of the multi-party supportive symmetric encryption scheme built upon symmetric encryptions. The notions of security are also discussed and proofs provided in later sections. MSSE Scheme has its own unique features. The Key features being Variable key length, Key dependent rotation, Lengthy key schedule algorithm

230

http://sites.google.com/site/ijcsis/ ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 9, No. 2, February 2011

,

fourth part of the encryption key is computed as k4 = g mod p. The Secret key is generated as Key K = k1||k2||k3||k4. as demonstrated in Fig. 1.

a

D MSSE ENCRYPTION ALGORITHM Step 1: Generate 512 bit Secret key using Main_Key function Step 2: split the Secret key into 2 bit Sub-keys with Dividekey Function Step 3 : counters ky=0,j=0,kcnt=keylength in bits /2 For i=0 to msglength do step 512 j= j+1 C[i] = M[i] SHL //SHL Once C[i] = M[i] SHL // SHL Second Time C[i] = M[i] XOR kj // XOR of two bit sub key padded with zeros to get 8 bits is done If j > kcnt then J=0 End if Next i Step 4 Display C INPUT: M=(m1….m512) plain text and K =(k1….k256) 256 bit Secret key split as 2 bit key OUTPUT: C=512 byte cipher text E MSSE DECRYPTION ALGORITHM Step 1: Generate 512 bit Secret key using Main_Key function Step 2: split the Secret key into 2 bit Sub-keys with Dividekey Function Step 3 : counters ky=0,j=0,kcnt=keylength in bits /2 For i=0 to msglength do step 512 j= j+1 C[i] = M[i] XOR kj // XOR of two bit sub key padded with zeros to get 8 bits is done C[i] = M[i] SHR //SHR Once C[i] = M[i] SHR // SHR Second Time If j > kcnt then J=0 End if Next i Step 4 Display M INPUT: C=(c1….c512) cipher text and K =(k1….k256) 256 bit Secret key split as 2 bit key OUTPUT: M=512 byte plain text.

Email Id of the Sender in 192 bits (49 Bytes)

64 bit key of Receiver

Email Id of the Receiver in 192 bits (49 Bytes)

64 bit key of Sender

Fig. 1. The 512 bit Encryption key

For example, p=11 and g = 10 and a=5 and b=8 Then K2 = 105 mod 11 would be 10 and K4= 108 mod 11 would be 10 If the email id of the sender vnkumar62@yahoo.com , this would be translated into the following sequence 118 110 107 117 97 114 54 50 64 121 97 104 111 111 46 99 111 109 If the email id of the receiver is ssdarvind@yahoo.com , this would be translated into the following sequence 115 115 100 97 114 118 105 115 100 64 121 97 104 111 111 46 99 111 109 The Key K = k1||k2||k3||k4 00001010 01110110 01111000 01110101 01110101 01100001 01110110 00110110 00110010 01000000 01111001 01100001 01101000 01101111 01101111 00101010 01100011 01101111 01101101 011110111 011110111 01100100 00110110 01110110 01110110 01101001 01111000 01100100 01101000 01101111 01101111 00101010 01100011 01101111 01101101 00001010. Here a 432 bit key is generated. It will be split into 216 Two bit keys. It will have a minimum of 40 rounds of sub-keys for one round of the Secret key. Approximately 256 x 216 i.e 50k bytes of Plain text will be converted to Cipher text with one round of the key. C KEY SCHEDULING (DIVIDE-KEY FUNCTION) This function is called Divide-key function because it creates Two bit keys from the secret key. The function knows the length of the secret key in advance and then correspondingly splits the secret key into equal 2 bit sub-keys as explained in equation (1) : K(1,2,3,4….l)=K(1to-2, K3to48, ……Kl-2 to l),………(1) where 1,2,4….l are the no of sub keys and l is the variable length of the key based on the senders and receivers email id’s and agreed numbers p,g, a,b.

231

http://sites.google.com/site/ijcsis/ ISSN 1947-5500

(IJCSIS) International Journal of Computer Science and Information Security, Vol. 9, No. 2, February 2011

,

VIII

SECURITY ANALYSIS

IX

CONCLUSION AND FUTURE SCOPE

An attacker (or a software agent) that gains privileged access to the data storage or a untrustworthy employee, can intercept the communications between clients and the server. The attacker is restricted to passive attacks, i.e. attacks are based upon observed data. In most cases the attacker is isolated from the users and initialized by the client. The goal of the attacker is to gather direct or indirect information about the stored data. The following points ensure the unpredictability of the results for the attacker • • • The algorithm involves Rotating the bits, XORs, Complements and Rotating Lefts, ensuring no test blocks of cipher text are the same.. Due to keys change for each block, it is very hard to perform the cryptanalysis on the keys. Due to 512-bit key and 2-bit Sub-Key, the cipher becomes more secure. Because, a total 2256 + 2n number of permutations are possible where 256 >= n>=2. So, brute force attack is much time taking, nearly 1.079x1028 year for a personal computer which permutes thousands of 128-bit numbers in 1 second for n=7. If we increase the value of n then the number of years required for brute force attack will increase. The lesser the size of n, the number of key generation is more. Hence, in both the cases, we are optimizing security. Since the Sub-key changes for every block, secure key exchange becomes unnecessary, reducing the network traffic. If an attacker is so lucky and he does the best guess, the probability for guessing the key will be (1/2128) or 2.938*10-39, for Number of bits it will be (1/ 27) or 7.812x10-3 when n=7 and the joint probability for both will be (1/2128)*(1/ 27) or 2.295*10-41, achieving

message confidentiality.

1. 2.

In this paper, we presented a new data encryption scheme that does not require a trusted data server. Unlike previous searchable data encryption schemes that require a shared key for multi-user access, each user in our system has a unique set of keys. The data encrypted by one user can be correctly decrypted by all the authorized users in the system. Moreover the keys can be easily revoked without any overhead, i.e. without having to re-encrypt the stored data. REFERENCES

techupdate.zdnet.com/techupdate/stories/main/0,141792851289,00.html. H. Krawczyk, \LFSR-based Hashing and Authentication", Proceedings of CRYPTO '94, Lecture Notes in Computer Science, vol. 839, Y. Desmedt, ed., Springer-Verlag, 1994, pp. 129-139 3. Shamir. Identity-based cryptosystems and signature schemes. In G. R. Blakley and D. Chaum, editors, CRYPTO’84, volume 196 of LNCS, pages 47–53. Springer Verlag, 1985. 4. Joux. A one round protocol for tripartite Diffie-Hellman. In Algorithmic Number Theory Symposium – ANTS IV, volume 1838 of LNCS, pages 385–394. Springer-Verlag, 2000. 5. Dime, W., and Hellman, M. Exhaustive cryptanalysis of the NBS data encryption standard. Computer (June 1977), 74-84. 6. National Bureau of Standards. Federal Information Processing Standards Publication No. 46, Jan 1977. Syst. Tech. J. 28 (Oct. 1949), 656-715. 7. Tuchman, W.L. Talk presented at the Nat. Computer Conf., Anaheim, CA., June 1978. 8. D. X. Song, D. Wagner, and A. Perrig. Practical techniques for searches on encrypted data. In IEEE Symposium on Security and Privacy, pages 44–55, 2000. 9. H. Hacig¨um¨us, B. R. Iyer, C. Li, and S. Mehrotra. Executing sql over encrypted data in the database-service-provider model. In M. J. Franklin, B. Moon, and A. Ailamaki, editors, SIGMOD Conference, pages 216–227. ACM, 2002. 10. D. Boneh, G. D. Crescenzo, R. Ostrovsky, and G. Persiano. Public key encryption with keyword search. In C. Cachin and J. Camenisch, editors, EUROCRYPT, volume 3027 of Lecture Notes in Computer Science, pages 506–522. Springer, 2004. 11. R. Curtmola, J. A. Garay, S. Kamara, and R. Ostrovsky. Searchable symmetric encryption: improved definitions and efficient constructions. In A. Juels, R. N. Wright, and S. D. C. di Vimercati, editors, ACM Conference on Computer and Communications Security, pages 79–88. ACM, 2006. 12. E.-J. Goh. Secure indexes. Cryptology ePrint Archive, Report 2003/216, 2003. http://eprint.iacr.org/2003/216/.

•

•

232

http://sites.google.com/site/ijcsis/ ISSN 1947-5500

- Journal of Computer Science IJCSIS March 2016 Part II
- Journal of Computer Science IJCSIS March 2016 Part I
- Journal of Computer Science IJCSIS April 2016 Part II
- Journal of Computer Science IJCSIS April 2016 Part I
- Journal of Computer Science IJCSIS February 2016
- Journal of Computer Science IJCSIS Special Issue February 2016
- Journal of Computer Science IJCSIS January 2016
- Journal of Computer Science IJCSIS December 2015
- Journal of Computer Science IJCSIS November 2015
- Journal of Computer Science IJCSIS October 2015
- Journal of Computer Science IJCSIS June 2015
- Journal of Computer Science IJCSIS July 2015
- International Journal of Computer Science IJCSIS September 2015
- Journal of Computer Science IJCSIS August 2015
- Journal of Computer Science IJCSIS April 2015
- Journal of Computer Science IJCSIS March 2015
- Fraudulent Electronic Transaction Detection Using Dynamic KDA Model
- Embedded Mobile Agent (EMA) for Distributed Information Retrieval
- A Survey
- Security Architecture with NAC using Crescent University as Case study
- An Analysis of Various Algorithms For Text Spam Classification and Clustering Using RapidMiner and Weka
- Unweighted Class Specific Soft Voting based ensemble of Extreme Learning Machine and its variant
- An Efficient Model to Automatically Find Index in Databases
- Base Station Radiation’s Optimization using Two Phase Shifting Dipoles
- Low Footprint Hybrid Finite Field Multiplier for Embedded Cryptography

Business data is a valuable asset for many Organizations. Organizations need security mechanisms that provide confidentiality for outsourcing their data services. Encrypting sensitive data is the n...

Business data is a valuable asset for many Organizations. Organizations need security mechanisms that provide confidentiality for outsourcing their data services. Encrypting sensitive data is the normal approach in such a situation. Applications typically use Symmetric keys for encryption, or Asymmetric keys for their transmissions. In case of Asymmetric encryptions they use the public keys of the signers along with files sent. Since these identity strings are likely to be much shorter than generated public keys, the identity based key generation is an appealing option. A multi-signature scheme enables a group of signers to produce a compact, joint signature on a common document, and has many potential uses. Existing schemes with multi signers impose requirements that make them impractical, such as requiring a dedicated, distributed key generation protocol amongst potential users. These requirements limit the use of the schemes. Multi-Party or co-operative authentication on information is a trusted source of security. In this paper, we propose an encryption scheme where each authorized user’s information is used to encrypt and decrypt data. This paper, presents a multi-party yet supportive, secure and identity-based scheme based on symmetric encryption, Multi-party Supportive Symmetric Encryption (MSSE). This paper takes an effort to resolve the security issues and also report on the results of the implementation

.

.

- Multiple Choice Questions Concerning Encryption
- Cryptology
- Mj 3422172221
- unit 4 e comm
- Survey of Management of Phr by Secure Cipher Text Policy Attribute Based Encryption Scheme
- Encryption
- Intro to Encryption
- Asymmetric Encryption
- symentric & asymentric
- Cryptographic Elements and Systems
- Encryption
- A Novel Paradigm in Authentication System
- 204-01_v1.0_SE_Encryption_Standards_and_Algorithms[1]
- CRYPTO_lab2Text2
- 6527 6386 Protect Security
- pkcs-7
- 48330198
- Lecture 1
- [IJCST-V3I2P35]
- Public – Private Key Encryption Using OpenSSL
- Ubuntu Administration
- ppt
- Kerr_Daniel_Thesis.pdf
- PGP for Beginners
- Best Practices in Data Protection_Encryption_KeyMgt_Tokenization
- MELJUN CORTES E-Commerce Handouts Lecture 10
- CPABE Waters
- Modulo 13
- Cryptography
- 361
- Multi-party Supportive Symmetric Encryption

Are you sure?

This action might not be possible to undo. Are you sure you want to continue?

We've moved you to where you read on your other device.

Get the full title to continue

Get the full title to continue reading from where you left off, or restart the preview.

scribd