To implement the DES algorithm as it was one of the most important security Protocols in the Linux c as it was highly secured than other operating systems.
Security Protocols is a class of cryptographic algorithms. The both of encryption and decryption process are used by using the same key. Nowadays cryptanalysis on security protocols is encouraging the use of larger key sizes and complex algorithms to fulfill the un crack able state. A protocol describes how the algorithms should be used. The Protocol which includes details about data structures and representations is called as sufficient detailed protocol. And it can be used to implement multiple, interoperable versions of a program. In whatever way, computational complexity is an increase by using this leads. By using high-end computing hardware this will develop high performance security protocols schemes by researchers. For developing cost effectively Peer -to- peer (p2p) or the enterprise grids approaches are the high-end computing systems. To improve the performance of security protocols one can use those approaches through parallel execution. And in this project we implement some security protocols like DES. In some Places, DES is also called as DEA (the Data Encryption Algorithm).
First of all I would like to thank my supervisor Glenford Mapp, for spending his valuable time, help, motivation, encouragement, and his guidance during my project which kept me on track. He gave the feedback on time so I finished my project to reach the quality for holding the degree.
I would like to thank my parents, sister for their full support and love. They are my inspiration to overcome the challenges faced during my course, as well as in finishing this project successfully.
Lastly, I would like to thank all of my friends for their kindness and help during this course.
Symmetric key cryptography also known as a private key or secret key cryptography. This method uses the same key for encryption of plain text to produce the cipher text and decryption of the cipher text to produce the original plain text. This procedure is also used to produce the secured data for transmission over the Internet. From the use of advanced algorithms the use of keys is complemented.
A security protocol is an abstract that provides a security-related function and applies cryptographic methods. In this project we implement some security protocols like DES. A 56 bit key will reach to 64 bit of data when the DES is applied. The process can run in several modes and involves 16 rounds or operations. DES consists of 16 rounds, so in order to produce the cipher text the main algorithm is to be repeated for 16 times. By using brute force attack in order to find a key it has been found that the number of rounds is exponentially proportional to the amount of time required. The security of the algorithm increases exponentially as the number of rounds increases.
In many applications and environments we use data encryption i.e., Cryptography. The specific utilization of encryption and the implementation of the DES and TDEA1 will be based on many factors particular to the computer system and its associated components. Normally, cryptography is used to secure the data from physical theft or in communications. We will provide the security when the encryption and decryption takes place. Towards the transferring of data. File security provides protection to data by encrypting it when it is recorded on a storage medium and decrypting it when it is read back from the storage medium.
History of DES
In the early 1970s the origins of DES go back. In 1972, for the protection of non classified information a strong cryptographic algorithm was needed by National Institute of Standards and Technology. A very secure, widely and cheap algorithm was required. NIST envisioned something which is available to the general public in a wide variety of applications. Such an algorithm was asked by them for public proposals. IBM submitted the Lucifer algorithm in 1974, most of NIST's design requirements is to meet which appeared. On 15 May 1973, the design criteria after consulting with the NSA, NBS. But all the submissions are turned to be unsuitable. So the second request was proposed in 1974. This time, during the period of 1973-1974 the IBM submitted a candidate who was deemed acceptable a cipher developed based on an earlier algorithm. Roy Adler, Bill Notz, Don Coppersmith, Carl Meyer, Mike Matyas, Edna Grossman, Feistel, and Bryant Tuckerman are involved in cipher design and analysis in which the IBM team was main part.
The Federal Register was published on 17 March 1975. In order to discuss the proposed standard they held two open workshops in the following year. Various parties have their some criticism, from public-key cryptography pioneers included, shortened key length citing and "S-boxes" mysterious and improper interference as evidence from the NSA. There was a suspicion that the intelligence agency was covertly weakened the algorithm so that they can,but any body can't read that encrypted message. Alan Konheim, one of DES designers commented that, "We forwarded S-boxes to Washington and all different they came back." Select Committee on Intelligence reviewed by the United States Senate and the NSA's actions to determine whether there was any improper involvement. Finding them as unclassified summary published in 1978, the Committee wrote:
"The DES development, NSA convinced IBM and the key size was reduced in sufficient; an S-box structure was indirectly assisted in development; and the final DES algorithm was certified, to the best knowledge and free from any statistical or mathematical weakness."
However, it also found that
"Any way the NSA algorithm design was not tamper. the algorithm was invented and designed by the IBM, made all pertinent decisions regarding it, and for all commercial applications concurred that the agreed upon key size was more than adequate for which the DES was intended."
Walter Tuchman, DES team another member, is saying that, "With the help of IBMers they entirely developed DES algorithm within IBM. A single wire did not dictate by the NSA". In contrast, a declassified NSA book on crypto logic state of history:
"To strengthen the algorithm against all except brute force attacks both NSA and IBM worked closely and to strengthen substitution tables, called as S-boxes. NSA tried to convince IBM to reduce the key length from 64 to 48 bits and they compromised ultimately on 56bit key." In 1990 the suspicions about hidden weaknesses in the S-boxes were allayed, Adi Shamir and Eli Biham by the open publication and independent discovery of differential cryptanalysis, for breaking block ciphers it's a general method. When the S-boxes of DES were chosen in random they have less resistant to attack and in 1970s they strongly suggesting that the IBM know about the technique back. This was absolute case in 1994; some of the original design for the S-boxes was published by the Don Coppersmith. IBM's secrecy decision was explained by the Coppersmith saying, "This was different types of crypto analysis was very useful tool, to be used by many more schemes, & national security was affected in the public domain could adverted that there was concern that such information.
The Encryption process is defined as transforming of plaintext data into cipher text. So, for maintaining the data security encryption is used. At the transmitter end the sender encrypts the data and sends it over the public network and at the receiver end the receiver has to decrypt the data to read the original data. The Data which is represented as numbers is encrypted using a key. So, to send and receive the data securely, this key should be known to both sender and receiver. The sender uses this key to encrypt the data before transmission and the receiver uses this key to decrypt the data. The process for encryption and decryption is shown in the below figure.
Cryptography is used to provide the information securely. Based on the Kirchhoff's law, all Cryptographic systems having a public algorithm and a key. Many Cryptographic algorithms consist of permutations and substitutions to transform the plaintext into the cipher text.
Cryptographic algorithms are divided into two types. They are:
- Symmetric-key algorithm
- Public-key algorithm
In this to convert the plaintext into the cipher text the Symmetric-key algorithms mangle the bits in a series of rounds parameterized by the key. The most popular symmetric-key algorithms at present are Triple DES and Rijndael (AES). This kind of Algorithms is used in some modes of operation like counter mode, cipher modes, and others.
In Public-key algorithms there are different keys for encryption and decryption (i.e. a separate key is used for encryption and a separate key is used for decryption and the decryption key cannot be derived from the encryption key). Because of this property it is possible to publish the public key. RSA is the most popular public-key algorithm and the strength of the RSA algorithm lies in the fact that it is very difficult to factor large numbers.
These algorithms are very useful in digital signatures. Using symmetric-key and public-key algorithms several schemes have been devised for digital signatures.
In this paper, we proposed both the encryption and decryption algorithms. The decryption process is just a reverse of encryption process. We used insertion, rotation, transposition, shift, complement and pack of computer operation in the two algorithms that are mentioned in this paper. We implemented these algorithms using C language and got the result of processing time.
The transformation depends on the key in which transformation is required for block of plaintext into a block of cipher text for every block cipher. To make the relationship between the plaintext and cipher text is possible in order to attempts to deduce the key. To make the relationship between the statistics of the cipher text and the value of the encryption key it seeks Confusion as complex as possible, to discover the key again their attempts.
Each of which takes input as a 6 bits and 4 bits as output where the substitution consists set of eight S-boxes. In the Table 3.3 we can show these transformations in which interpreted as follows: Box Si form a 2-bit binary number with the first and last bits as a input, the four rows in the table are defined to select one of four substitutions for Si. The sixteen columns are selected to the middle four bits. To produce the output 4-bit representation conversion is required means decimal value of cell selected by the row and column is converted. For example, in S1, for input 011001, the row is 01 (row 1) and the column is 1100 (column 12). The value in row 1, column 12 is 9, so the output is 1001.
Now we know considerations for the security comes under the 56 bit key size. It was big enough that the best direct attack was an exhaustive key search was about hard, but not bigger. As parity bits we can use the extra 8 bits, which use for hardware communications links that makes sense given the original design. However with simple s/w implementations we hit an incompatibility since each byte the top bit is 0, but the bottom bit throws away the DES key schedule!
DES (or any block cipher) forms a basic building block, which en/decrypts a fixed sized block of data. However to use these in practise, we usually need to handle arbitrary amounts of data, which may be available in advance (in which case a block mode is appropriate), and may only be available a bit/byte at a time (in which case a stream mode is used).
The problems of order independence in ECB and repetitions can be overcome by making the cipher text dependent on the all blocks before it. This is what (Cipher Block Chaining) CBS gives us, before encrypting the current message block before encrypting with the current message block. The process can be start by using the Initial Value (IV), which well known usually, ECB encrypted, CBC use when it will start. Whenever we want to send large amounts of data CBC mode is applicable, provided that in advance it's available (e.g. email, FTP, web etc)
Block mode is the generally used by CBC. An avalanche effect provides by the chaining, which means without totally erasing the total data the message which is encrypted cannot be changed.
How the last block handling is one issue, which may be that not completed. In general typically with 0's we have to pad this block, and then should recognise at other end the padding may be same or have the last byte as a count explicitly how much padding was used. Remember that if this thing is happened means the last block IS an even multiple of 8 bytes; add extra block and have a count to all are padding in the last byte.
If at a time a bit/byte of the data is only available (e.g. sensor value, terminal session etc), to encrypting it there are some approaches that are use, so that the information not delayed. As a pseudo-random number generator essentially to use the block cipher and to combine with the message these "random" bits. As mentioned before, easily inverted operators like XOR. To get things going again start with an IV and then use the next input as the cipher text. As originally defined, idea was to "consume" as much of the "random" output as needed for each message unit that bit/byte the buffer and re-encrypting before "bumping" bits out. Though this was wasteful, and as more encryptions are needed then the encryption slows down. Random bits generation is an alternate way, apply them to arrive message bits/bytes, and only cipher text back feed a full block. This is CFB-64 mode which was the most comfortable. For the use of data, and for authentication use this is the usual choice.
WORKING OF ENCRYPTION:
In this process, the key is compared with every character of data. Consider a scenario in which the string "THE SKY IS HIGH" has to be encrypted and transmitted. There are many ways to do this. One of them is a simple letter to number method in which, each letter (alphabet) in the string is represented by a particular number (digit). If one uses a direct alphabet to number representation in which A = 1, B = 2, C = 3 and so on up to Z =26 then the above string is converted into the following sequence of numbers: 20 8 5 19 11 25 9 19 8 9 7 8. This sequence of numbers is then transmitted over a network, and the receiver can decrypt the sequence of numbers using the same key in reverse to get the original message, i.e., the string "THE SKY IS HIGH". Decryption is as below: From left to right, the number 20 translates to the letter T, 8 to H, 5 to E, and so on and finally the receiver gets the entire message: "THE SKY IS HIGH". The above is a simple encryption/decryption method but in most cases the data is encrypted/decrypted using much more complex formulas and methods.
This is about 8 bits long simple key; some keys are as large as 128 bits and extremely complex. The key is to be cracked if it is larger (in bits), the more complex the encryption and the more difficult.
For the messages to be encrypted and decrypted, one should know the suitable key or keys. Formula that defines which character in the data translates to which encoded character the encryption key is in the table. There are two types of keys for encryption, one is public key encryption and the other one is private key encryption.
Private Key Encryption
Another name for Private keys is symmetrical keys. In private key encryption, same key is used to encrypt and decrypt all messages for the sender and receiver. First time the Communication is difficult to initiate. How can securely transmit to each user the single key? Anyhow, public keys encryption can be used.
Public Key Encryption
Public key encryption, or a Diffie-Hellman algorithm, uses two types of keys for encryption and decryption of data they are public key and private key. Another name for Public key is asymmetrical key. If the sender wants to send a message to receiver, the sender encrypts the message with the help of public key and the message which was encrypted is passed to the receiver, with the help of his private key he can decrypt the message. This process is referred as a one-way communication. Receiver wants to send data to the sender we can use the same principle. The message is encrypted by using sender's public key and the message can only be decrypted with private key. If public key is not there for the sender, still the message can be send by him by using digital certificate. It checks the message sent by the sender. Fig.2 describes the communication between user X & user Y by using public key encryption.
We can have various types of encryption methods, accordingly those are classified and how the plaintext processed, or transforming plaintext to cipher text we can use these types of operations. One of the two styles is the second class that can have substitution (which maps the plaintext into another element as each element) and transposition (which plaintext can be rearranged). Producing block cipher and cipher text is stream cipher we can have basically the two methods. Except the amount of data the two methods are same which on each pass to encrypts. A block cipher is of some form which uses the modern encryption schemes.
More difficult to crack a crypto key is that can be used to make a stream cipher which varies in length. Producing the cipher texts which is impossible to crack that can randomly changing the crypto key used on each bit of data. That's because with generate any repeating patterns using random keys differently and the clues required to break the crypto key which can given by cracker. The main advantage of this stream cipher is suitable for streaming application and fastness and also its main disadvantage is that it is not suitable in some architecture. The RC4 technique is the one best example of the stream cipher method.
Unlike stream ciphers (every single bit is encrypted) to encrypt data in chunks, block ciphers are designed with a specific size as shown in Fig.4. On each pass how much data should be encrypted that can be specified block cipher that is called a block and what size key can be applied to each block. For example, data should be processed in 64-bit blocks as the Data Encryption Standard (DES) specifies that DES was encrypted using a 56-bit key. To block cipher encryption there are some different algorithms. While applying the key first take the data and break it into blocks in to each block. It can produce repetitive cipher text though it is efficient. If the two blocks of data contain same information, for the resulting blocks cipher text is unique, to break the crypto key a cracker is used and the cipher text which repeats in a nonrandom fashion. For the block ciphering example is the Blowfish encryption technique.
One Way Encryption
"One way encryption" is another special type of encryption. The cipher text will be never recovered by the plaintext. To computer users this seems pointless but it's most familiar. By using one way algorithm the passwords on UNIX p.c's are encrypted. Password is enciphered when it is chosen and it is placed into permanent storage. When the systems were logged on by the user, by using this method the password at the login prompt was encrypted and that is compared with the cipher text with resultant cipher text held on disk. Who imagines the correct password an encrypted password can be done by somebody; that's why passwords are carefully chosen.
It is possible to overcome the disadvantages of each by combining public and private key cryptosystems. By using a secret key system we can exchange the data and for setting up a secure session we use these. The system will gives the authentication and security processes of public key systems and the data encryption capabilities.
Pretty Good Privacy (PGP) is a well known security system to be used for to encrypt their email. It is a best practical example for a Hybrid System.
Overview of Hybrid Encryption Approach
For network security there are various cryptographic algorithms available. Compared to asymmetric cryptographic algorithms the symmetric cryptographic algorithms are high speed. Symmetric algorithms are the best one as compared with the public key cryptographic algorithms. It has two types of keys. In those one is used for encryption and another is used for decryption. We use symmetric encryption for encryption and decryption in hybrid encryption
Hybrid Encryption Technique
Generally for Network Security we have different Cryptography algorithms. Cryptographic algorithms divided as
- Symmetric Cryptographic algorithm
- Asymmetric Cryptographic algorithm (or) Public key cryptographic systems
Symmetric Cryptographic algorithms are High speed.
Asymmetric algorithms provide High security. In this asymmetric algorithm we will have 2 keys one is for encryption and another is for decryption.
In this Hybrid encryption For Encryption and Decryption we use Symmetric algorithms, For Authentication we use Public Key algorithms.
The Hash value will be encrypted by using RSA algorithm, 1028 Bit public key.
This Encrypted hash value will be decrypted by using AES-Rijdael , 128 Session key.
The Hash value will be calculated by using SHA-512 and it is compared with Decrypted hash value. The following figures 6&7 explain this process.
Every company concern Network Security which is a prime that uses computers and takes to protect its computer systems. A compromised network security means a hacker or competitor may gain access to critical or sensitive data .normally resulting in data complete or even destruction of the system. When a user has to go through several layers of security before being able to access the desired network then only appropriate network security is achieved. The system should have more layers for more security. In charge of network security is System Administrator he has administrator privileges on the system. In fact, the system administrator and his assistants only should have administrative access to the mainframe server and related computer terminals. It will help to keep unknown people in the company from changing any data on the servers. A secure firewall for the network will also build by system administrator. This may include an encryption layer and sentinel software that automatically repels an unauthorized program from gaining access. May be the system administrator also place restrictions on employee's computer for prevent them from accessing websites that may have malicious coding or malware that will install itself on a user's computer. The both anti-adware and malware programs are available for individual computers, and as well as for networks. When network security is implemented is that of flexibility one problem that generally arises. For against employee's ability websites for their work management must balance security issues. Communication among management, the both system administrator and employees is critical for network security to operate and for the employees to be able to work with it. For efficiency and production, the security breaches are very costly and detrimental as they were evidenced in dealing with past e-mail and network viruses. In network security measures, for every year U.S. companies are spending millions of dollars. A multi-pronged attack is the company's best defense against network security breaches. Firewalls with no single point of access, frequent security updates, sharp systems administrators, and early installation of anti-adware will all help keep a network safe.
Public Key Cryptography
Two names are received by every Egyptian, one is known as great or true name, the other one is known as little or good name. The little or great name was made by the public; the great name have been appears too concealed carefully.
Symmetric systems so far all have been discussed the cryptosystems. All modern and classical block and stream ciphers were of this form.
- traditional "Symmetric key" cryptography uses "one" key
- same key can be used by both sender and receiver
- Communication can be settled if this key is disclosed
- if parties were equal the key is also "symmetric"
- forming a message & challenge is sent if the receiver does not protect by sender
Now discuss about entirely different Public key systems which uses two types of keys. Message can be encrypted by anyone who knows the public key, but may be they cannot decrypt messages or create signatures, counter-intuitive though this may seem. Working can be done by clever use of number theory problems that are easy in one way but they are hard the other way. When compared with Private Key, Public key has more securable.
Why Public-Key Cryptography?
Two key issues can be address to develop the Cryptography. Those can be discussed below
key distribution - in general how to have secure communications with your key without having to trust a KDC
- There is no need for delivering secure key
- No one should know your private key
digital signatures - from the claimed sender how to check a message
The characteristics are described below:
- To find decryption key which know only encryption key & algorithm
- computation can be done to encrypt or decrypt messages when the particular key is known
- desirable for Oneway-ness
- for encryption the two related keys can be used, other one is used for decryption (in schemes)
Public-Key Cryptosystems: Secrecy and Authentication
For both authentication and secrecy public-key schemes used and we have various components. For each of this receiver the separate key pairs are used and create secrecy keys; to create authentication keys for senders.
Private Key schemes no more or less secure than Public key schemes in both cases, the size of the key determines the security. Note that we can't compare key sizes - a 64-bit private key to a 512-bit RSA which scheme has very roughly similar security, both can given common resources.
As per the above proposed block diagram for the project .Mainly, we have to implement 4 basic modules are as follows
- Splitting the input data into two halves or parts
- Shifting the input to the 1 bit left
- Forming the different permutations for the given input data
- Implementation of the XOR operation.
The above mentioned are come under the initial simulations. In this we have 4 stages as discussed above. From the given four stages the project starts with the first stage of the initial simulations i.e., splitting the input data into two halves or parts. In this stage we have to write a program for splitting the data.
In this program we will use the pointers concept because this stage will be used at different places in the algorithm, so for good feasibility we use the pointer concept. So first discuss what a pointer is
A variable that contains the memory location of another variable is known as pointer. To describe the compiler that the variable is used as a pointer is by specifying the asterisk (*) preceding the variable name. And we have to tell the compiler what type of pointer we want. So the syntax will be as follows
By using this concept the first stage of the initial simulations is completed.
From the given four stages I already submitted the first stage. Now I am submitting the next stages. For 2nd stage we have directly have an operator in C language. The operator for left shift is <<. So we directly use this operator. For 4th stage also we have directly have an operator in C language. The operator for Xor is ^. For better use in the program we had written in the function.
For 3rd stage i.e. forming the permutations for the given input data. Again we have use the concept of pointers as discussed before. And it is written in the functions so that the task will be easy to solve.
First of all we will discuss about what is a function.
A Function is an independent program which performs some task. This can be used in a main program or any subprograms.
There are two types of functions.
- Library function (Predefined function)
- User defined function
For different kinds of applications and environments DES is used. The performance and utilization of the algorithm is based on the computer and its configuration. Generally, these algorithms are used to secure data or to protect from physical theft while communication is going between two points when it is stored in a vulnerable medium. Security for data in communication is done by encrypting the message at the sending point and decrypting the message at receiving point. Privacy for the data is done by encrypting it when it is stored on a storage capacity and decrypting it when it is read back from the storage capacity.
For giving Security in the areas of Data Security like Defense and other applications from the Hackers we developed DES Algorithm in Linux by using C so that the coding will have the security rather than windows. File security provides protection to data by enciphering it when it is recorded on a storage medium and deciphering it when it is read back from the storage medium. In this we have done total DES algorithm according to the mentioned block Diagram. By this we provide a Confidentiality as well as Message authentication.
- J. Daemen, L. R. Knudsen, and V. Rijmen: The Galois Field GF(28). http: //www.ddj.com/documents/s=936/ddj9710e/9710es1.htm, Dr. Dobb's Journal, (October 1997).
- V. Rijmen: The block cipher Rijndael. http://www.esat.kuleuven.ac.be/ ~rijmen/rijndael/, (2001).
- Wikipedia. Cryptographic protocol en.wikipedia.org/wiki/Cryptographic_protocol
- W. Stallings. Cryptography and Network Security: Principles and Practice, 3rd Edition. Prentice Hall, New Jersey, USA, 2003.
- searchSecurity.com. Data Encryption Standard. http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci213893,00.html
- FIPS PUB 46-3 FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION Reaffirmed 1999 October 25
- Langford, Susan K., Martin E. Hellman: Differential-Linear Cryptanalysis. CRYPTO 1994: 17-25
- Campbell, Keith W., Michael J. Wiener: DES is not a Group. CRYPTO 1992: pp512-520