experimental comparison between hybrid rsa-aes and rsa … · experimental comparison between...
TRANSCRIPT
@IJMTER-2015, All rights Reserved 588
Experimental comparison between Hybrid RSA-AES and RSA
algorithms in IP security
Ritin Behl1, Garima Sehgal2, Mridula Kumar3, Pushkar Gupta4, Shubham Garg5
1,2,3,4 ABES Engineering College, Ghaziabad,
Abstract - This research paper aims in performing encryption on the IP addresses stored in the DNS
in 2 parts. First using RSA Algorithm only then using a combination of RSA & AES algorithms.
Now, a comparison is made between RSA & the combination of RSA – AES to study their
complexities individually on the basis of a very basic parameter that is – TIME. More the amount
taken to decrypt the encrypted data, more complex & hence, more secure will be the applied
cryptography technique.
Keywords: RSA, AES, DNS, DNSSEC and cryptography.
I. INTRODUCTION
A tool based on java platform has been developed that checks the security and reliability of the
following 2 cryptographic algorithms:
1. RSA (Rivest Shamir Adleman) Algorithm
2. AES (Advanced Encryption Standard) Algorithm
With the use of the above 2 algorithms, the risk posed to the data on the World Wide Web shall
drastically decrease. This project has been developed with the purpose of providing security to DNS
resolvers through cryptography techniques. The aims of “IP SECURITY using RSA & AES” are as
follows:
1. To perform validation of the IP addresses – This means to check that whether the entered IP
address exists or not & does it match the entered (referred) domain name or not.
2. To perform encryption & decryption of the IP addresses contained in the Domain Name
Server in order to prevent the data on the internet from cyber attacks.
1.1 DNS
DNS (Domain Name System) is a hierarchical distributed database naming system for computers or
other resources connected to the Internet or any private network.DNS locates & translates the human
friendly computer domain (host) name into an internet protocol address for the purpose of locating
computer services & devices worldwide. Hence, DNS acts like a phonebook for the internet.
For example: The domain name www.example.com translates to the addresses 93.184.216.119
(IPv4) and 2606:2800:220:6d:26bf:1447:1097:aa7 (IPv6).
Figure 1: IP Translation
The DNS allows hosts on the TCP/IP protocol to be addressed by their domain names. This is
because the website name as soon as typed on the address bar of the internet browser is automatically
International Journal of Modern Trends in Engineering and Research (IJMTER) Volume 02, Issue 06, [June – 2015] ISSN (Online):2349–9745; ISSN (Print):2393-8161
@IJMTER-2015, All rights Reserved 589
converted into the IP address of the web server hosting that particular site by the DNS. Without the
DNS, an internet user will have to type the IP address of a website in order to open it which is not a
practical option. Therefore, the DNS can map a domain name to an IP address or vice- versa.
Figure 2 – Simplified working of DNS
1.2 DNSSEC
DNSSEC is a set of extensions which provides to DNS clients (resolvers) the following attributes:
I. Origin authentication of DNS data
II. Data integrity (but not availability or confidentiality)
III. Authenticated denial of existence.
DNSSEC adds a digital signature to each piece of a domain name's DNS information. When a visitor
enters the domain name's URL in a browser, the resolver (the conversion from the people-friendly
domain name URL to the numeric address used by the Internet) verifies the digital signature. The
digital signature must match the value on file at the registry, or the resolver discards the response.
Hence, IP SECURITY for DNS security extension refers to the recovery of public key for a DNS
name to confirm the authenticity of the DNS zone data. The aim of this public key validation is also
to provide a means through which any key that is linked to a DNS name can be used for purposes
other than DNS.
II. DETAILS OF EXPERIMENT
2.1 Software requirements
Project platform – Java
Operating System – Windows 7
Cryptography Algorithms – RSA and AES
Protocol – TCP/IP
Softwares – Netbeans 8.0, SQL Yog
2.2 Hardware Requirements
Main – PENTIUM 3/4
Processor
RAM – 128MB
Hard disk – 4.2GB
Clock speed – 550 MHZ
System Bus speed – 400 MHZ
Cache RAM – 256 KB
International Journal of Modern Trends in Engineering and Research (IJMTER) Volume 02, Issue 06, [June – 2015] ISSN (Online):2349–9745; ISSN (Print):2393-8161
@IJMTER-2015, All rights Reserved 590
III. RSA ALGORITHM
The RSA (Rivest – Shamir – Adlemen) algorithm is a cryptosystem for public-key encryption. It is
widely used for securing sensitive data that is being sent over an insecure network such as the
Internet. It is a public key cryptography / asymmetric cryptography technique that uses 2 different
but mathematically linked keys – 1 public key & 1 private key. The public key can be shared with
anyone whereas the private key is kept secret. A user of RSA creates and then publishes a public key
based on the two large prime numbers that have been selected by the user. These prime numbers
must be kept secret. Anyone can use the public key to encrypt a message, but with currently
published methods, if the public key is large enough, only someone with knowledge of the prime
numbers can feasibly decode the message.
3.1 Steps in RSA algorithm
3 main steps of the RSA algorithm are as follows :
Step 1 –
Key generation - Whoever wants to receive secret messages creates a public key (which is
published) and a private key (kept secret). The keys are generated in a way that conceals their
construction and makes it 'difficult' to find the private key by only knowing the public key.
Step 2 –
Encryption - A secret message to any person can be encrypted by his/her public key (that could be
officially listed like phone numbers).
Step 3 –
Decryption - Only the person being addressed can easily decrypt the secret message using the
private key
3.2 Key Generation
Step 1 - Choose two distinct prime numbers p and q.
For security purposes, the integers p and q should be chosen at random and should be of
similar bit-length. Prime integers can be efficiently found using a primality test.
Step 2 - Compute n = pq.
n is used as the modulus for both the public and private keys. Its length that is usually
expressed in bits is the key length.
Step 3 - Compute φ(n) = (p − 1)(q − 1) = n - (p + q -1),
where φ is Euler's totient function. This value is kept private.
Step 4 - Choose an integer e such that 1 < e < φ(n) and gcd(e, φ(n)) = 1;
i.e., e and φ(n) are co- prime.
e is released as the public key exponent.
e having a short bit-length and small Hamming weight results in more efficient encryption –
most commonly 216 + 1 = 65,537. However, much smaller values of e (such as 3) have been
shown to be less secure in some settings
Step 5 - Determine d as d ≡ e−1 (mod φ(n)); i.e., d is the modular multiplicative inverse of e (modulo
φ(n)).
This is more clearly stated as: solve for d given d⋅e ≡ 1 (mod φ(n))
This is often computed using the extended Euclidean algorithm. Using the pseudocode in
the Modular integers section, inputs a and n correspond to e and φ(n), respectively.
d is kept as the private key exponent.
The public key consists of the modulus n and the public (or encryption) exponent e.
The private key consists of the modulus n and the private (or decryption) exponent d, which
must be kept secret.
p, q, and φ(n) must also be kept secret because they can be used to calculate d.
3.3 Encryption
Cipher = (message)ᵉ mod n.
International Journal of Modern Trends in Engineering and Research (IJMTER) Volume 02, Issue 06, [June – 2015] ISSN (Online):2349–9745; ISSN (Print):2393-8161
@IJMTER-2015, All rights Reserved 591
Figure 3: Screenshot of RSA key generation
3.4 Decryption
Message = (cipher)ᵈ mod n.
Figure 4: screenshot of RSA decryption
IV. AES ALGORITHM
AES comprises three block ciphers, AES-128, AES-192 and AES-256. Each cipher encrypts and
decrypts data in blocks of 128 bits using cryptographic keys of 128-, 192- and 256-bits, respectively.
(Rijndael was designed to handle additional block sizes and key lengths, but the functionality was
not adopted in AES.)Symmetric or secret-key ciphers use the same key for encrypting and
decrypting, so both the sender and the receiver must know and use the same secret key. All key
lengths are deemed sufficient to protect classified information up to the "Secret" level with "Top
Secret" information requiring either 192- or 256-bit key lengths.
International Journal of Modern Trends in Engineering and Research (IJMTER) Volume 02, Issue 06, [June – 2015] ISSN (Online):2349–9745; ISSN (Print):2393-8161
@IJMTER-2015, All rights Reserved 592
There are 10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys -- a
round consists of several processing steps that include substitution, transposition and mixing of the
input plaintext and transform it into the final output of ciphertext.
3.1 The overall structure of AES:
The number of rounds shown is 10 for the case when the encryption key is 128 bit long.The number
of rounds is 12 when the key is 192 bits, and 14 when the key is 256.Before any round-based
processing for encryption can begin, the input state array is XORed with the first four words of the
key schedule.The same thing happens during decryption — except that now we XOR the ciphertext
state array with the last four words of the key schedule.
For encryption, each round consists of the following four steps:
Substitute bytes
Shift rows
Mix columns
Add round key.
The last step consists of XORing the output of the previous three steps with four words from the key
schedule. For decryption, each round consists of the following four steps:
Inverse shift rows
Inverse substitute bytes
Add round key
Inverse mix columns
The third step consists of XORing the output of the previous two steps with four words from the key
schedule.
Note the differences between the order in which substitution and shifting operations are carried out
in a decryption round vis-a-vis the order in which similar operations are carried out in an encryption
round.
The last round for encryption does not involve the “Mix columns” step. The last round for decryption
does not involve the “Inverse mix columns” step.
Table 1: Comparison between AES and DES
FACTORS AES DES
Key size 128,192,256 bits 56 bits
Encryption faster moderate
Decryption faster moderate
Hardware &
software
implementation
Faster in both Better in hardware
than software
V. HYBRID RSA-AES ALGORITHM
In existing systems , it uses RSA Algorithm, it is necessary to provide to prime numbers to generate
two Key pair which results in Mathematical and Brute Force Attack.
It sends the private key through the network.
Time Consumption
Low Reliability
These results in,
Low Operational Speed
Error Prone
International Journal of Modern Trends in Engineering and Research (IJMTER) Volume 02, Issue 06, [June – 2015] ISSN (Online):2349–9745; ISSN (Print):2393-8161
@IJMTER-2015, All rights Reserved 593
Low Speed Communication
“In order to eliminate all these drawbacks & further enhance the algorithm’s security, RSA is
combined with the AES algorithm”.
AES algorithm has been used because of its following advantages :
AES is less susceptible to cryptanalysis than many other algorithms such as the DES.
AES supports larger key sizes than DES’s 62 & 128 bytes.
AES’s 128-bit block size makes it less open to the problem of birthday attacks.
No other algorithm other than AES has been combined with RSA because of the following
disadvantages of some selected algorithms. For example, In MD5 algorithm, decryption is not
possible. This means that there is no use of encrypting data when it cannot be decrypted.
Figure 5: Screenshot of Hybrid Key Generation
Figure 6: Screenshot of Hybrid decryption
International Journal of Modern Trends in Engineering and Research (IJMTER) Volume 02, Issue 06, [June – 2015] ISSN (Online):2349–9745; ISSN (Print):2393-8161
@IJMTER-2015, All rights Reserved 594
VI. RESULTS
In the result we were getting the histograms diagram of time consumption which is showing the time
required for decryption in both RSA algorithm and hybrid RSA-AES algorithms.
Figure 7: Screenshot of Histogram diagram of time consumption
VII. CONCLUSION
When the combination of the 2 algorithms, then the following facts are observed:
Time duration for decryption is much larger than before as cleared from the figure.
This is a much more secure encryption technique than using only algorithm that is the RSA
algorithm. This is because double encryption is used – firstly RSA is applied & then, on that
encrypted data only AES algorithm is applied. So this encryption technique is more complex
and hence, more secure.
REFERENCES [1] Daniel Massey et al (DNS security introduction and requirements, 2005)
[2] What is wrong with DNS? By Duane Wessels (2006)
[3] The domain name system-past present and future By Brainne Pope (2012)
[4] Network security using cryptographic techniques (2012) – International journal of advanced research in computer
science & engineering
[5] Cryptography for network security : Failures, successes & challenges
[6] Efficient implementation of AES (2013) - International journal of advanced research in computer science &
engineering
[7] A comparative study of cryptographic algorithms