experimental comparison between hybrid rsa-aes and rsa … · experimental comparison between...

@IJMTER-2015, All rights Reserved 588

Experimental comparison between Hybrid RSA-AES and RSA

algorithms in IP security

Ritin Behl1, Garima Sehgal2, Mridula Kumar3, Pushkar Gupta4, Shubham Garg5

1,2,3,4 ABES Engineering College, Ghaziabad,

Abstract - This research paper aims in performing encryption on the IP addresses stored in the DNS

in 2 parts. First using RSA Algorithm only then using a combination of RSA & AES algorithms.

Now, a comparison is made between RSA & the combination of RSA – AES to study their

complexities individually on the basis of a very basic parameter that is – TIME. More the amount

taken to decrypt the encrypted data, more complex & hence, more secure will be the applied

cryptography technique.

Keywords: RSA, AES, DNS, DNSSEC and cryptography.

I. INTRODUCTION

A tool based on java platform has been developed that checks the security and reliability of the

following 2 cryptographic algorithms:

1. RSA (Rivest Shamir Adleman) Algorithm

2. AES (Advanced Encryption Standard) Algorithm

With the use of the above 2 algorithms, the risk posed to the data on the World Wide Web shall

drastically decrease. This project has been developed with the purpose of providing security to DNS

resolvers through cryptography techniques. The aims of “IP SECURITY using RSA & AES” are as

follows:

1. To perform validation of the IP addresses – This means to check that whether the entered IP

address exists or not & does it match the entered (referred) domain name or not.

2. To perform encryption & decryption of the IP addresses contained in the Domain Name

Server in order to prevent the data on the internet from cyber attacks.

1.1 DNS

DNS (Domain Name System) is a hierarchical distributed database naming system for computers or

other resources connected to the Internet or any private network.DNS locates & translates the human

friendly computer domain (host) name into an internet protocol address for the purpose of locating

computer services & devices worldwide. Hence, DNS acts like a phonebook for the internet.

For example: The domain name www.example.com translates to the addresses 93.184.216.119

(IPv4) and 2606:2800:220:6d:26bf:1447:1097:aa7 (IPv6).

Figure 1: IP Translation

The DNS allows hosts on the TCP/IP protocol to be addressed by their domain names. This is

because the website name as soon as typed on the address bar of the internet browser is automatically

International Journal of Modern Trends in Engineering and Research (IJMTER) Volume 02, Issue 06, [June – 2015] ISSN (Online):2349–9745; ISSN (Print):2393-8161


converted into the IP address of the web server hosting that particular site by the DNS. Without the

DNS, an internet user will have to type the IP address of a website in order to open it which is not a

practical option. Therefore, the DNS can map a domain name to an IP address or vice- versa.

Figure 2 – Simplified working of DNS

1.2 DNSSEC

DNSSEC is a set of extensions which provides to DNS clients (resolvers) the following attributes:

I. Origin authentication of DNS data

II. Data integrity (but not availability or confidentiality)

III. Authenticated denial of existence.

DNSSEC adds a digital signature to each piece of a domain name's DNS information. When a visitor

enters the domain name's URL in a browser, the resolver (the conversion from the people-friendly

domain name URL to the numeric address used by the Internet) verifies the digital signature. The

digital signature must match the value on file at the registry, or the resolver discards the response.

Hence, IP SECURITY for DNS security extension refers to the recovery of public key for a DNS

name to confirm the authenticity of the DNS zone data. The aim of this public key validation is also

to provide a means through which any key that is linked to a DNS name can be used for purposes

other than DNS.

II. DETAILS OF EXPERIMENT

2.1 Software requirements

Project platform – Java

Operating System – Windows 7

Cryptography Algorithms – RSA and AES

Protocol – TCP/IP

Softwares – Netbeans 8.0, SQL Yog

2.2 Hardware Requirements

Main – PENTIUM 3/4

Processor

RAM – 128MB

Hard disk – 4.2GB

Clock speed – 550 MHZ

System Bus speed – 400 MHZ

Cache RAM – 256 KB



III. RSA ALGORITHM

The RSA (Rivest – Shamir – Adlemen) algorithm is a cryptosystem for public-key encryption. It is

widely used for securing sensitive data that is being sent over an insecure network such as the

Internet. It is a public key cryptography / asymmetric cryptography technique that uses 2 different

but mathematically linked keys – 1 public key & 1 private key. The public key can be shared with

anyone whereas the private key is kept secret. A user of RSA creates and then publishes a public key

based on the two large prime numbers that have been selected by the user. These prime numbers

must be kept secret. Anyone can use the public key to encrypt a message, but with currently

published methods, if the public key is large enough, only someone with knowledge of the prime

numbers can feasibly decode the message.

3.1 Steps in RSA algorithm

3 main steps of the RSA algorithm are as follows :

Step 1 –

Key generation - Whoever wants to receive secret messages creates a public key (which is

published) and a private key (kept secret). The keys are generated in a way that conceals their

construction and makes it 'difficult' to find the private key by only knowing the public key.

Step 2 –

Encryption - A secret message to any person can be encrypted by his/her public key (that could be

officially listed like phone numbers).

Step 3 –

Decryption - Only the person being addressed can easily decrypt the secret message using the

private key

3.2 Key Generation

Step 1 - Choose two distinct prime numbers p and q.

For security purposes, the integers p and q should be chosen at random and should be of

similar bit-length. Prime integers can be efficiently found using a primality test.

Step 2 - Compute n = pq.

n is used as the modulus for both the public and private keys. Its length that is usually

expressed in bits is the key length.

Step 3 - Compute φ(n) = (p − 1)(q − 1) = n - (p + q -1),

where φ is Euler's totient function. This value is kept private.

Step 4 - Choose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1;

i.e., e and φ(n) are co- prime.

e is released as the public key exponent.

e having a short bit-length and small Hamming weight results in more efficient encryption –

most commonly 216 + 1 = 65,537. However, much smaller values of e (such as 3) have been

shown to be less secure in some settings

Step 5 - Determine d as d ≡ e−1 (mod φ(n)); i.e., d is the modular multiplicative inverse of e (modulo

φ(n)).

This is more clearly stated as: solve for d given d⋅e ≡ 1 (mod φ(n))

This is often computed using the extended Euclidean algorithm. Using the pseudocode in

the Modular integers section, inputs a and n correspond to e and φ(n), respectively.

d is kept as the private key exponent.

The public key consists of the modulus n and the public (or encryption) exponent e.

The private key consists of the modulus n and the private (or decryption) exponent d, which

must be kept secret.

p, q, and φ(n) must also be kept secret because they can be used to calculate d.

3.3 Encryption

Cipher = (message)ᵉ mod n.



Figure 3: Screenshot of RSA key generation

3.4 Decryption

Message = (cipher)ᵈ mod n.

Figure 4: screenshot of RSA decryption

IV. AES ALGORITHM

AES comprises three block ciphers, AES-128, AES-192 and AES-256. Each cipher encrypts and

decrypts data in blocks of 128 bits using cryptographic keys of 128-, 192- and 256-bits, respectively.

(Rijndael was designed to handle additional block sizes and key lengths, but the functionality was

not adopted in AES.)Symmetric or secret-key ciphers use the same key for encrypting and

decrypting, so both the sender and the receiver must know and use the same secret key. All key

lengths are deemed sufficient to protect classified information up to the "Secret" level with "Top

Secret" information requiring either 192- or 256-bit key lengths.



There are 10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys -- a

round consists of several processing steps that include substitution, transposition and mixing of the

input plaintext and transform it into the final output of ciphertext.

3.1 The overall structure of AES:

The number of rounds shown is 10 for the case when the encryption key is 128 bit long.The number

of rounds is 12 when the key is 192 bits, and 14 when the key is 256.Before any round-based

processing for encryption can begin, the input state array is XORed with the first four words of the

key schedule.The same thing happens during decryption — except that now we XOR the ciphertext

state array with the last four words of the key schedule.

For encryption, each round consists of the following four steps:

Substitute bytes

Shift rows

Mix columns

Add round key.

The last step consists of XORing the output of the previous three steps with four words from the key

schedule. For decryption, each round consists of the following four steps:

Inverse shift rows

Inverse substitute bytes

Add round key

Inverse mix columns

The third step consists of XORing the output of the previous two steps with four words from the key

schedule.

Note the differences between the order in which substitution and shifting operations are carried out

in a decryption round vis-a-vis the order in which similar operations are carried out in an encryption

round.

The last round for encryption does not involve the “Mix columns” step. The last round for decryption

does not involve the “Inverse mix columns” step.

Table 1: Comparison between AES and DES

FACTORS AES DES

Key size 128,192,256 bits 56 bits

Encryption faster moderate

Decryption faster moderate

Hardware &

software

implementation

Faster in both Better in hardware

than software

V. HYBRID RSA-AES ALGORITHM

In existing systems , it uses RSA Algorithm, it is necessary to provide to prime numbers to generate

two Key pair which results in Mathematical and Brute Force Attack.

It sends the private key through the network.

Time Consumption

Low Reliability

These results in,

Low Operational Speed

Error Prone



Low Speed Communication

“In order to eliminate all these drawbacks & further enhance the algorithm’s security, RSA is

combined with the AES algorithm”.

AES algorithm has been used because of its following advantages :

AES is less susceptible to cryptanalysis than many other algorithms such as the DES.

AES supports larger key sizes than DES’s 62 & 128 bytes.

AES’s 128-bit block size makes it less open to the problem of birthday attacks.

No other algorithm other than AES has been combined with RSA because of the following

disadvantages of some selected algorithms. For example, In MD5 algorithm, decryption is not

possible. This means that there is no use of encrypting data when it cannot be decrypted.

Figure 5: Screenshot of Hybrid Key Generation

Figure 6: Screenshot of Hybrid decryption



VI. RESULTS

In the result we were getting the histograms diagram of time consumption which is showing the time

required for decryption in both RSA algorithm and hybrid RSA-AES algorithms.

Figure 7: Screenshot of Histogram diagram of time consumption

VII. CONCLUSION

When the combination of the 2 algorithms, then the following facts are observed:

Time duration for decryption is much larger than before as cleared from the figure.

This is a much more secure encryption technique than using only algorithm that is the RSA

algorithm. This is because double encryption is used – firstly RSA is applied & then, on that

encrypted data only AES algorithm is applied. So this encryption technique is more complex

and hence, more secure.

REFERENCES [1] Daniel Massey et al (DNS security introduction and requirements, 2005)

[2] What is wrong with DNS? By Duane Wessels (2006)

[3] The domain name system-past present and future By Brainne Pope (2012)

[4] Network security using cryptographic techniques (2012) – International journal of advanced research in computer

science & engineering

[5] Cryptography for network security : Failures, successes & challenges

[6] Efficient implementation of AES (2013) - International journal of advanced research in computer science &

engineering

[7] A comparative study of cryptographic algorithms

experimental comparison between hybrid rsa-aes and rsa … · experimental comparison between...

Documents