Cryptography Converts Information From Plaintext Computer Science Essay

Published Date: 02 Nov 2017

Abstract

Cryptography converts information from plaintext into an unreadable form and this is an important technique for secure communication in today’s world. The two categories of cryptography are Asymmetric and Symmetric. In this reports, three most common symmetric key cryptography algorithms are analyzed.

In this document, background of each of the cryptography algorithms is illustrated, strategies and mechanisms are discussed. Besides that, the major attacks on each cryptography algorithms are identified to study the weaknesses. Furthermore, the applications that using the cryptography algorithms are discussed and criticisms in drawbacks and advantages are identified. Lastly, the comparison is made on speed, block size and key size.

Table of Contents

Table of Figures

Table of Tables

1.0 Introduction

The rapid changing of technology in Internet and network applications has increased the needs of protection. Security seems to be the most challenging aspects as personal privacy is rank on the top of public concern in the global networked world. There are a few threats in communication channel such as privacy threats, Denial of Service threats, data integrity threats and threats to wireless network.

Cryptography is the science of using mathematics to encrypt and decrypt data, it encodes the contents of the message in such a way that hides its contents from outsiders. Encryption is the process of coding messages into unintelligible ciphertext using mathematical algorithm and a secret key for Internet transmission.

There are two main categories of cryptography which is depends on the type of security keys. It is used to encrypt and decrypt data and these two categories are Asymmetric and Symmetric encrypt techniques. Asymmetric uses public keys for encryption and private key to the receiver for decryption purpose while Symmetric uses a single key. In Symmetric encryption, receiver and sender have to agree upon a shared key (Jawahar & Nagesh, 2011).

Examples of Asymmetric encryption are Pretty Good Privacy (PGP) and RSA, EL GAMAL while Data Encryption Standard (DES), Triple Data Encryption Standard (3DES), Advance Encryption Standard (AES) and Blowfish are the examples of Symmetric encryption. In this documentation, Data Encryption Standard (DES), Advance Encryption Standard (AES), and Blowfish will be compared in the following section.

2.0 Data Encryption Standard (DES)

2.1 Background

Data Encryption Standard (DES) was published by National Institute of Standard and Technology (NIST) and proposed by IBM. The National Institute of Standard and Technology(NIST) which named as national Bureau of Standards in 1972 judge that protection on non-classified information was needed for a strong cryptographic. Somehow the algorithm has to be cheap, secure and widely available. Thus, NIST asked for public proposals for algorithm which could be used in a wide variety of applications (Tropical Software, n.d).

According to Tropical Software (n.d), IBM proposed the Lucifer algorithm which meets the most of NIST’s requirement in 1974. Lucifer was evaluated by National Security Agency (NSA) in term of security and NSA was enlisted to help by NIST. Lastly, the modified Lucifer algorithm was accepted by NIST as a federal standard on November 23, 1976 and its name was changed to Data Encryption Standard (DES).

2.2 Strategies and mechanisms of DES

According to Engelfriet (2005), the main algorithm of DES has 16 rounds, it repeated 16 times to produce the ciphertext. Sixteen bits keys are generated from the input key, and it is one for each round. Eight so-called S-boxes are used in each round and S-boxes are fixed in the specification of the standard. Groups of six bits are mapped to groups of four bits using S-boxes and the contents have been determined by U.S National Security Agency (NSA).

2.3 Major Attack

As time passes by, key length of DES which is just 56 bits-keys was no longer enough for high security applications and there are various attacks were found that against DES (Tropical Software, n.d). Time lines of major cryptanalytic attacks against DES are stated in the table below.

Time

Details

1976

DES can be broken with complexity 1 for a very small class of weak keys.

1977

Exhaustive search is predicted to become possible within 20 years, breaking DES with complexity .

1980

A time or memory tradeoff can break DES faster at the expense of more memory.

1985

A meet-in-the-middle attack can break 6-round DES with complexity .

1987

"Davies Attack" breaks DES with complexity .

1990

Differential cryptanalysis breaks DES with chosen plaintext (full 16-round).

1993

Linear cryptanalysis can break DES with know plaintexts.

1994

Differential-linear cryptanalysis can break 8-round DES with 768 chosen plaintexts plus a brute-force search.

1994

Davies attack improved and breaks DES with known plaintexts.

Table : Timelines of DES's Major Attacks

Source: http://people.scs.carleton.ca/~maheshwa/courses/4109/Seminar11/atttack%20on%20DES.pdf [Date Accessed: 25th February 2013]

2.3.1 Exhaustive search

According to Nievergelt (n.d), exhaustive search is search that guaranteed to find all possibility sequentially in order to determine if it is the solution.

2.3.2 Time memory tradeoff

Time memory occurs where the memory use can be reduced at the cost of slower program execution. A program can run much faster normally by exploiting a time memory tradeoff (Rediff.com, n.d).

2.3.3 Meet-in-the-middle

Number of brute force permutations required to decrypt text that encrypted by more than one key can be minimized by this meet-in-the-middle attack. Therefore, it makes intruder find easier to gain access to data. In addition, it is a passive attack which intruder can only access messages but he/she cannot alter in most situations (Rouse, 2010).

2.3.4 Davies Attack

An attack based on non-uniform distribution of outputs from adjacent S-boxes and 16 parity bits of the key are determined by cryptanalyst. However, when a fixed key is used, Davies known that the expansions E in the F function of DES generates correlation between the output bits of successive S-boxes and it shows that the correlation depends on the key (Davies, Murphy Paris & Triplets 1995).

2.3.5 Differential cryptanalysis

It is a method for breaking certain classed or cryptosystems which was invented by Israeli researchers Eli Biham and Adi Shamir in 1990 (Koc, n.d). The first technique which is faster than exhaustive search to allow an attack on DES was differential cryptanalysis (McLaughlin, n.d).

2.3.6 Linear cryptanalysis

Linear cryptanalysis was announced by Matsui at EUROCRYPT 93 as a theoretical attack on DES and later successfully used in the practical cryptanalysis of DES. It tried to take advantage of high probability occurrences of linear expression involving plaintext bits and subkey bits (Heys, n.d).

2.3.7 Differential-linear cryptanalysis

Both differential and linear cryptanalysis was combined together by a technique called differential-linear cryptanalysis by Langford and Hellman in 1994. The attack uses a differential characteristic that induces a linear between two intermediate encryption values with probability one (Biham, Dunkelman, & Keller, n.d).

2.3.8 Improved Davies Attack

In 1994, Davies improved and breaks DES with known plaintexts (Jing, n.d).

2.4 Applicability and usage of DES

2.4.1 Cisco router

DES encryption algorithms and DES keys are used by Cisco routers to encrypt and decrypt data. During encrypted sessions, all DES encryption algorithms that router will be using have to enable. Moreover, cisco supports DES with 8-bit Cipher Feedback (CFB), DES with 64-bit CFB, 40-bit variation of DES with 8-bit CFB and 40-bit variation of DES with 64-bit CFB (Cisco, n.d).

2.5 Criticisms of DES

2.5.1 Drawback of DES

Weaknesses in S-boxes were found in DES. For instant, two specifically chosen inputs to an S-box can create same inputs. The size of key space is too small to be secure (CareerRide.com, 2010), Attacks that stated above was seems to against the weakness of DES. Thus, Advance Encryption Standard (AES) was introduced to replace DES to provide a better security.

2.5.2 Advantage of DES

The strength of DES is that the time of using to guess the keys. Besides that, advantages of DES over other algorithms are DES is an official United States Government standard. It has been re-certified in 1983, 1987 and 1992. In addition, DES is an ANSI and ISO standard (Lin, 1998).

3.0 Advance Encryption Standard (AES)

3.1 Background

In 1997, NIST decided to find a more robust replacement for DES. Once again, they ask for public proposals and a symmetric block cipher that encrypts data blocks of 128 bits using symmetric keys 128, 192 and 256 is the minimum requirements of the replacement. Besides that, it was required to be royalty-free for worldwide use and has to offer a better level of security to protect data for the next 20 to 30 years (Rouse, 2010). On the other hand, DES is still widely used by financial services and other industries to protect sensitive on-line applications (Tropical Software, n.d).

In 1998, 15 algorithms were selected by NIST for the replacement and it included CAST-256, CRYPTION, DEAL, DFC, E2, FROG, HPC, LOKI197, MAGENTA, MARS, RC6, Rijndael, Safer+, Serpent and Twofish (Danielyan, 2001). Later on in August 1999, NIST selected five algorithms for more extensive analysis and there were MARS, RC6, Rijndael, Serpent and Twofish (Rouse, 2010).

All of the implementations above were tested by American National Standards Institute (ANSI) C and Java languages in term of speed and reliability. Detailed analysis was provided by the global cryptographic community. NIST announced that Rijndael submitted by two Belgian cryptographers, Joan Daemen and Vincent Rijmen has been selected as the propose standard on 2nd of October 2000. The Federal Information Processing Standard (FIPS) 197, was then officially approved by the Secretary of Commerce on 6th of December 2001. Lastly, AES was created (Rouse, 2010).

3.2 Strategies and mechanisms of AES

AES supports key and block sizes of 128,192 and 256 bits. AES can be used as a Message Authentication Code (MAC) algorithm, a hash function and as a pseudo random number generator. The authors state that the strength of AES is to against differential, truncated differential, linear, interpolation, and Square attacks (Danielyan, 2001).

Some ideas of Square algorithm which is a 128-bit symmetric iterated block cipher are used in AES. Square was take advantage over both linear and differential cryptanalysis. The authors of AES do not use parts or tables from other algorithms and this make it easy to implement. Key length of AES is longer than DES and Exhaustive search would takes a longer time to find the keys (Danielyan, 2001).

3.3 Major Attack

3.3.1 Boomerang Attacks

Boomerang Attacks finding local collision in block ciphers and enhanced with the boomerang switching techniques to gain free rounds in the middle. Collision is cryptographic happen when two different inputs produce the same output. However, the attacks did not seems to be a direct threat to the security of AES but it illustrate a technique for extracting keys that is better than simply trying every possible key combination like brute force attacks (Leyden, 2009).

3.3.2 Related Key Attacks

Biryukov, Khovratovich and Nikolic was found that a related-key attack which works with complexity for one out of every kays. Related-key attack on AES-256 works for all the keys and has a better complexity which is data and time. The numbers of active S-Boxes in the key schedule are minimized by using a boomerang attack enhanced with boomerang switching techniques (Biryukov, & Khovratovich, 2009).

3.4 Applicability and usage of AES

3.4.1 WinZip

WinZip supports 128-bit AES and 256-bit AES while the numbers referring the size of the encryption keys that are used to encrypt the data. 256-bit AES provides a higher level of security than 128-bit AES but still both of it provide significantly greater security than the standard Zip 2.0 method (KBPublisher, 2013).

3.4.2 7-zip

According to James (2008), Windows has built in zip file support encryption since Windows XP. Unfortunately, there are number of commercial programs available to crack it. WinZip, WinRAR are all commercial programs that offer secure AES encryption to compressed files. 7-Zip is an open source, free utility that offers AES-256 bits encryption.

3.5 Criticisms of AES

3.5.1 Drawback of AES

There are a few limitations found in AES, firstly, the cipher and inverse cipher make use of different codes or tables. Secondly, the inverse cipher is less suited to smart cards as it takes more codes and cycles and lastly, the inverse cipher can only partially re-use circuitry which implements the cipher in hardware (Roche, 2006).

3.5.2 Advantage of AES

AES is faster when comparing with other block ciphers, AES is not based on obscure or not well understood processes and it was designed to amenable or pipelining. Besides that, the round transformation is parallel by design and this is important in dedicated hardware as it allows even faster execution (Roche, 2006)

4.0 Blowfish

4.1 Background

Blowfish, which is known as symmetric block cipher, is used as a drop-in replacement for DES or International Data Encryption Algorithm (IDEA). Bruce Schneier has invented a fast, free alternative to existing encryption algorithms in 1993. Blowfish is license-free, available free for all uses and it not patented. In addition, Blowfish algorithm has a variable key length, which can be extended from 32 bits to 448 bits and this makes Blowfish more secure (National Instruments Corporation, 2012).

4.2 Strategies and mechanisms of Blowfish

According to SplashData (n.d), Blowfish has a 64-bit block size and key length from 32 bits to 448 bits. It uses fixed S-boxes and it is a 16-round Feistel cipher and uses large key-dependent S-boxes.

C:\Users\End-User\Desktop\250px-BlowfishFFunction.svg.png

Figure : Feistel Structure of Blowfish

Source: http://www.splashdata.com/splashid/blowfish.htm [Date Accessed: 26th February 2013]

Diagram above shows the action of Blowfish. The algorithm keeps two subkey arrays, the 18-entry P-array and four 256-entry-S-boxes. Each of the line represents 32 bits, the S-boxes accept 8-bit input and produce 32-bit output. However, one entry of the P-array is used every round and after the final round, each half of the data block is XORed with one of the two remaining unused P-entries (SplashID, n.d).

4.3 Major Attack

4.3.1 Reflection Attacks

Kara and Manap have shown that weak keys do exist for Blowfish Algorithm of 16 round versions. The use of a weak key in encryption process allows an attacker to recover the key with some knowledge of encryption process. This type of attack is known as a reflection attack and it exploits the fact that each round of the Feistal network has the same structure (Gonzalez, 2007).

Reflection Attacks has two parts, the first part is concerned with identifying a key as a reflectively weak key and once it is identified, the next part is to determining the P array. Once the P array is recovered, the key can be reconstructed (Gonzalez, 2007).

4.4 Applicability and usage of Blowfish

There are plenty categories of products that use Blowfish. The examples of categories are file and disk encryption, password management, archiving tools, backup, database security, E-commerce software, E-mail encryption, encryption libraries and toolkits, file transfer, online chat, operating systems, personal database program, secure shell, secure telephony, steganography, word processors and others (Schneier.com, n.d).

4.5 Criticisms of Blowfish

4.5.1 Drawback of Blowfish

One of the disadvantages of Blowfish is the time required to initialize the algorithm with the key. Once the algorithm has been initialized, it can encrypt and decrypt data efficiently. Besides that, storing the P-array and S-boxes could be an issue for small devices with limited memory (Cottom, 2004).

4.5.2 Advantage of Blowfish

Blowfish is found to be suitable and efficient for hardware implementation. Besides that, as mentioned above, Blowfish patented and free for publics (Muller, 2011).

5.0 Comparison of DES, AES and Blowfish

5. 1 First experiment

The experiment uses the provided classes in java environment to stimulate the performance of DES, AES and Blowfish. The implementation uses managed wrappers for DES, AES, and Blowfish available in java.crypto and java.security [CryptoSpec] that wraps unmanaged implementations available in Java Cryptography Extension (JCE) and Java Cryptography Architecture (JCA) (Jawahar & Nagesh, 2011).

The evaluation is expected to update the results by using block cipher. Therefore, plaintext is divided into smaller block size as per algorithm setting given in table below.

Algorithm

Key Size (Bits)

Block Size (Bits)

DES

64

64

AES

128

128

Blowfish

128

64

Table : Algorithms' Settings

Source: http://www.ijetae.com/files/Issue2/IJETAE_1211_02.pdf [Date Accessed: 25th February 2013]

The experiments are conducted using AMD Sempron processor with 2GB of RAM. The stimulation program is compiled by the default settings in jdk 1.7 development kit for JAVA. To determine the performance of the algorithm’s speed to encrypt or decrypt data blocks of various sizes is the chosen factor of the experiments (Jawahar & Nagesh, 2011).

Comparison of DES, AES and Blowfish has been conducted in numerous modes, such as Electronic Code Book (ECB), Cipher Block Chaining (CBC), Cipher Feedback (CFB) and Output Feedback (OFB).

5.1.1 Electronic Code Book (ECB)

According to Rouse (2010), ECB is a mode of operation for a block cipher. The same plaintext value will always result in the same ciohertext value. It is used when a volume of plaintext is separated into several blocks of data and each of it will be encrypted independently of other blocks. ECB has the ability to support a separate encryption key for each block type.

Below is the comparison result over AES, DES and Blowfish in terms of processing time using ECB mode.

C:\Users\End-User\Desktop\ECB.png

Figure : Performance Results with ECB mode

Source: http://www.ijetae.com/files/Issue2/IJETAE_1211_02.pdf [Date Accessed: 25th February 2013]

Results show the superiority of Blowfish algorithm over DES and AES in term of processing time. Besides that, it also shows that AES consumes more resources when the data block size is larger (Jawahar & Nagesh, 2011).

5.1.2 Cipher Block Chaining (CBC)

CBC uses what is known as an initialization vector (IV) of a certain length of data. Each plaintext block is XORed with the immediately precious ciphertext block, and encrypted. Besides that, it uses a chaining mechanism that causes the decryption of a block of ciphertext to depend on all the preceding ciphertext blocks. A single bit error in a ciphertect block affects the decryption of all subsequent blocks and rearrangement of the order of the ciphertext blocks causes decryption to become corrupted (Rouse, 2010).

Below is the comparison result over AES, DES and Blowfish in terms of processing time using CBC mode.

C:\Users\End-User\Desktop\cbc.png

Figure : Performance Results with CBC mode

Source: http://www.ijetae.com/files/Issue2/IJETAE_1211_02.pdf [Date Accessed: 25th February 2013]

CBC required more processing time than ECB because of its key-chaining nature. The results show that the extra time added is not useful for many applications and CBC is much better than ECB in terms of protection. Blowfish algorithm remain the top of the results in term of consumes the less resources (Jawahar & Nagesh, 2011).

5.1.3 Output Feedback (OFB)

OFB has some similarities to CFB mode, it permits encryption of differing block sizes, but has the key difference that the output of the encryption block function is the feedback instead of ciphertext. The XOR value of each plaintext block is created independently of both the plaintext and cipertext. It uses an IV as CBC and CFB, changing the IV in the same plaintext block results in different ciphertext (Rouse, 2010).

Below is the comparison result over AES, DES and Blowfish in terms of processing time using OFB mode.

C:\Users\End-User\Desktop\ofb.png

Figure : Performance Results with OFB mode

Source: http://www.ijetae.com/files/Issue2/IJETAE_1211_02.pdf [Date Accessed: 25th February 2013]

OFB require less processing time than ECB and CBC as expected. Results are shown in figure above and it indicates that OFB is better for applications requiring output feedback. The results show the superiority of Blowfish algorithm over other algorithms in term of processing times once again in the third experiments that were conducted (Jawahar & Nagesh, 2011).

5.1.4 Cipher Feedback (CFB)

In contrast to CBC mode, it encrypts and transfers some plaintext values instantly one at a time. However, CFB makes use of IV as CBC.CFB uses a block cipher as a component of a random number generator. In addition, the previous ciphertect block is encrypted and the output is XORed with the current plaintext block to create the current ciphertext block in CFB mode (Rouse, 2010).

Below is the comparison result over AES, DES and Blowfish in terms of processing time using CFB mode.

C:\Users\End-User\Desktop\cfb.png

Figure : Performance Results with CFB mode

Source: http://www.ijetae.com/files/Issue2/IJETAE_1211_02.pdf [Date Accessed: 25th February 2013]

CFB require less processing time than ECB and CBC. Result shows that OFB is better than CFB in terms of processing time. The difference between four modes is hard to see by naked eye because it is relatively small but somehow Blowfish remains its best over other algorithm in terms of processing time (Jawahar & Nagesh, 2011).

5.1.5 First experiment conclusion

The experiments were performed couple of times to assure that the results are consisted and are valid to compare the different algorithms. Stimulation results showed that Blowfish has a better performance than other common encryption algorithms used. AES showed poor performance results compared to other algorithms since it requires more process power. OFB shows better performance than ECB and CBC but require more processing time than CFB. (Jawahar & Nagesh, 2011).

5.2 Second Experiment

A laptop IV 2.4 GHz CPU is used for this experiment. The ranges of input file size from 49 Kbytes to 7310.336 Kbytes. Comparative of AES, DES and Blowfish execution time is calculated in milliseconds. The result, encryption time is measured by the time of an encryption algorithms takes to create a cipher text from a plaintext and the revert process. By dividing the total plaintext in Megabytes encrypted on the total encryption time for each algorithm, the quantity of encryption scheme is calculated. Comparative results are stated as below (Elminaam, Kader & Hadhoud, 2009).

5.2.1 Comparative results of encryption algorithm with different packet size

Input Size in (Kbytes)

AES

DES

Blowfish

49

56

29

36

59

38

33

36

100

90

49

37

247

112

47

45

321

164

109

45

694

210

123

46

899

258

162

64

963

208

125

66

5354.28

1237

695

122

7310.336

1366

756

107

Average Time

374

389

60.3

Throughput (Megabytes/sec)

4.174

4.01

25.892

Table : Encryption Process Result

Source: http://www.ibimapublishing.com/journals/CIBIMA/volume8/v8n8.pdf [Date Accessed: 2rd March 2013]

5.2.2 Comparative results of decryption algorithm with different packet size

Input Size in (Kbytes)

AES

DES

Blowfish

49

63

50

38

59

58

42

26

100

60

57

52

247

76

72

66

321

149

74

92

694

142

120

89

899

171

152

102

963

164

157

80

5354.28

655

783

129

7310.336

882

953

140

Average Time

242

246

83.4

Throughput (Megabytes/sec)

6.452

6.347

18.72

Table : Decryption Process Result

Source: http://www.ibimapublishing.com/journals/CIBIMA/volume8/v8n8.pdf [Date Accessed: 2rd March 2013]

5.2.3 Second experiment conclusion

According to Table 3, superiority of Blowfish algorithm over others in terms of processing time has showed. In terms of time consumption and throughput, AES is visibility better than DES. Result in Table 4 shows that Blowfish take advantage over other algorithms in decryption process which shown in result of throughput and power consumption. In conclusion, examination of encryption and decryption process shows that Blowfish has a better performance over the others algorithms as per result of first experiment (Elminaam, Kader & Hadhoud, 2009).

6.0 Encrypted Chat System

https://lh3.googleusercontent.com/G1iAWfht9m5odwmW5eq-f4kVnkZmxdJgelUvmeZf5OKLl15ZfI9l4LqfHEqQSiUQz85aQqMYWaacu1prOmT8QJDsRNy2XQ-s01w0AOROc7IsIuDIpUEH5198

Figure : Encrypted Chat System

Figure 6 above illustrates the encrypted chat system develop. The encrypted chat system was developed using Java. It incorporates substitution and transposition encryption method for sending and receiving message.

In order to encrypt an outgoing message, the system will first apply substitution as the encryption method; substitution is applied with the help of a five digit secret key chosen by the sender. Method use to perform substitution is as below.

while(k < eMessage.length){

eCharacter[k] = (char) (eMessage[k] ^ eSecret[k % (eSecret.length)]);

k++;

}

After applying substitution, the system will then apply transposition encryption method before sending the message; construct a more complicated encryption for the outgoing message. Method use to perform transposition is as below.

for (int i = 0, j = messageEncrypt.length() - 1, x = 0; i <= j; ) {

    sb.setCharAt(x++, messageEncrypt.charAt(i++));

       if (i > j) break;

       sb.setCharAt(x++, messageEncrypt.charAt(j--));

   }

Whereas in order to decrypt an incoming message, the receiver will first have to know the five digit secret key used by the sender; without the five digit secret key, actual message sent by the sender can’t be retrieve. Method use to decrypt incoming message is as below.

for (int i = 0, j = decryptMessage.length() - 1, x = 0; i <= j; ) {

       sb.setCharAt(i++, decryptMessage.charAt(x++));

       if (i > j) break;

       sb.setCharAt(j--, decryptMessage.charAt(x++));

   }

while(k < dMessage.length){

dCharacter[k] = (char) (dMessage[k] ^ dSecret[k % (dSecret.length)]);

k++;

}

7.0 Conclusion

Although results showed that some algorithms may not results good in processing time but still all of it can be using for its purpose. For instant, DES is still widely used by financial services and other industries to protect sensitive on-line applications. Different application has difference requirements, DES, AES and Blowfish can be used for different applications to fully utilize its capabilities.

(3192 Words)