Oct 12, 2014 - cryptography can be also used for digital signing as it supports authentication of ..... banking, shopping, and filling their income tax returns.
A Dissertation
Comparative Study of Symmetric Cryptography Algorithm submitted in partial fulfillment for the award of the Degree of Master of Technology in Computer Science(Faculty of Engineering) (with specialization in Computer Science) Session: 2012-2014
Advisor : Mr. Sanjay Agal Advisor Pacific University
Submitted By: Aakanksha Sharma En. No. PU1235
Faculty of Engineering Department of Computer Science & Engineering Pacific University (PAHER), Udaipur(Rajasthan) January 2014 i
AFFIDAVIT I hereby certify that the work which is being presented in the M.Tech Dissertation on “Comparative Study of Cryptography Algorithm” in partial fulfillment of requirements for the award of the Master of Technology in Computer Science and submitted to the Department of Computer Science Engineering, Faculty of Engineering, Pacific University (PAHER), Udaipur is an authentic record of my own work carried out during the period from June 2014 to September 2014 under the supervision of Mr. Sanjay Agal, Advisor, Pacific University, Udaipur. The mater presented in this thesis has not been submitted by me for any other degree.
Signature of candidate Aakanksha Sharma M.Tech, Branch: CSE En. No.:PU1235 ________________________________________________________________________ This is to certify that the above statement made by the candidate is correct to the best of my knowledge.
Head
Signature of Supervisor
Department of CSE
Mr. Sanjay Agal
Faculty of Engineering
Supervisor
Tanveer Kazi
(Dean, Faculty of Engineering)
ii
ACKNOWLEDGEMENT I am deeply thankful to Pacific University for giving me such a great opportunity to complete my Dissertation on “Comparative Study of Cryptography Algorithm” and also their valuable guidance. I would also like to thank dean FOE. I extremely thankful to Ms. Deepti Nathawat HEAD, Department of Computer Science & Engineering, Faculty of Engineering, Pacific University (PAHER), Udaipur for providing all the facilities and technical support. I would also like to thank Mr. Sanjay Agal for his extreme support in preparing the thesis and guiding me. I am thankful to him again and again for his valuable time and to share his extra ordinary knowledge with me. I also wish to express my indebtedness to my parents as well as my family member whose blessings and support always helped me to face the challenges ahead. At the end I would like to express my sincere thanks to all my friends and others who helped me directly or indirectly during this project work. Yours Obediently Aakanksha Sharma (M. Tech Computer Science)
3
ABSTRACT Cryptography is extremely essential in today’s e-commerce world. Online transaction of data and important documents is very much general in now days. Due to people’s dependency on internet and online transaction the role of security is very important. Cryptography is one of the best technologies for secure data from different types of attacks. Due to frequent attacks, it is difficult for users to use e-commerce frequently. Cryptography is the technique by which we can secure our data from attackers. Cryptography is a “Secret-Writing” of data which i decodes data in cypher text. At the receiver end this decoded data again encrypted in the plain text. This is the basic concept of cryptography. Nowadays, the situation is very different: the Internet is used by a large number of different users and virtually all attacks against it originate from within the network. Protecting the Internet against attacks is very difficult, since effective security measures against such attacks mostly do not exist. Nowadays, the situation is very different: the Internet is used by a large number of different users and virtually all attacks against it originate from within the network. Protecting the Internet against attacks is very difficult, since effective security measures against such attacks mostly do not exist. In traditional end-to-end security solutions, only the end hosts can verify the validity and integrity of the traffic, which leads to several problems. First, they are not effective if the network infrastructure itself is under attack and unable to deliver packets. Second, they are not enough to provide sufficient security by themselves. The large amount of traffic on the current Internet is just unsolicited e-mail or other garbage, and the culprits behind attacks are rarely caught. Therefore, we feel that there is a clear need for security solutions, where the security policies are applied at every hop as the packet travels through the network. If the network infrastructure can verify the validity of the traffic, countermeasures against various attacks could be taken within the network, and not only by the end hosts. This would allow attacks to be stopped quickly and more efficiently, and would increase the chance of catching perpetrators. The aim of this research is to find out the better security strategy to increase online security, by which we can protect our data more effectively. In this research I am going to compare different cryptography algorithm.
4
The purpose of this research is to build a new algorithm with the help of previous highly secured algorithm. By enhancing the technology and security techniques this new algorithm will be generate. In this new algorithm I concentrate on the point that the drawbacks of previous algorithm will not be occur in this algorithm. I tried my best for implement this new algorithm. The proposed work of this research is firstly read all the previous cryptography algorithms deeply and then find out the new mechanism which I can add and enhance the security for data. I suppose to implement such an algorithm which consist all the advantages of previous algorithms. Cryptography is the basic technique to secure our data from different kind of attackers like: Interruption, Modification, fabrication etc. These kinds of attacks are very harmful for data and data transaction. In the cryptography at the sender’s end data is in encrypted (Plain Text) form. The sender use either private key or public key for transmit that data on the receiver end. By using key sender decrypt (Cipher Text) text into original form. Keywords: Symmetric key cryptography algorithm AES and DES, Comparison by encryption tool, Research process.
5
CONTENTS
Page No. Chapter 1 Introduction
1
1.1 What is cryptography? ……………………………………………………………...1 1.1.1. Encryption Model……………………...............................................................1 1.1.2. Symmetric key encryption………………………………………………..........2 1.1.3. 1.1.3 Public key cryptography………………....................................................4 1.1.4. Probabilistic encryption………………..............................................................5 1.2 Security analysis of algorithm……………………………….......................................5 1.3 Types of cryptography algorithm………………………………………………..........6 1.3.1 Symmetric key encryption……………………………………………………….7 1.3.2 Asymmetric key encryption………….................................................................10 Chapter 2 Review of Literature
12
Survey conducted on comparative study of symmetric key cryptography algorithms…………………………………………………………………………………12 2.1 Different comparison graph…………………………………………………………...31 2.1.1 People using web based application…………………………………………….31 2.1.2 Communicating data online………………………………….............................32 2.1.3 Password loss or unauthorized access…..............................................................32 2.1.4 Aware of online threats…………………………………………………………33 2.1.5 Aware of encryption algorithm…………………………………………………33 2.1.6 Encryption algorithm………………………………………………………........34 Chapter 3 Research Methodology
35
3.1 Purpose of research……………………………………………...................................35 3.2 Meaning of research…………………………………………………………………..35 6
3.3 Data collection procedure……………………………………………………………..37 3.4 Definition of research…………………………………………....................................39 3.5 Types of research………………………………………………...................................40 3.6 Types of research methodology………………………………....................................40 3.7 Characteristics of research…………………………………………………………....42 3.8 Research process……………………………………………………………………...44
Chapter 4 Implementation
46
4.1 Introduction…………………………………………………….................................46 4.2 Difference between AES and DES…………………………………………………..46 4.3Electronic code book (ECB)…………………………………………………………..47 4.3.1 Advantages of ECB mode……………………………………………………...48 4.3.2 Disadvantages of ECB mode…………………………………………………..49 4.3.3 Summary………………………………………………………………………..49 4.4 Cipher block chaining (CBC)………………………………………………………...49 4.4.1 Advantages of CBC mode……………………………………………………...51 4.4.2 Disadvantages of CBC mode…………………………………………………..51 4.4.3 Summary………………………………………………………………………...51 4.5 Attacks in network security……………………………………………………….......51 4.5.1 Security attacks……………………………........................................................51 4.5.2 Cryptographic attacks………………………......................................................53 4.6 Implementation of AES and DES encryption with online encryption tool…………..53 4.6.1 Introduction of encryption tool…………………………………………………53 7
4.7 Comparison of AES and DES by using online encryption tool………………….......54 4.7.1 Comparison table……………………………………………………………….54 4.7.1.1 Table according to ECB mode…………………………………………...54 4.7.1.2 Table according to CBC mode…………………………………………...55 4.8 Comparison graph of AES and DES…………………………………………………56 4.8.1 Comparison graph in ECB mode……………………………………………….56 4.8.2 Comparison graph in CBC mode……………………………………………….57 4.9 Screen shots………………………………………………………………………......58 4.9.1 DES in ECB mode……………………….....................................................58-60 4.9.2 AES in ECB mode…………………………………………………………..60-62 4.9.3 DES in CBC mode………………………………………………………….63-65 4.9.4 AES in CBC mode………………………………………………………….65-67 4.10 Chapter summary……………………………………………………………………68 Chapter 5 Conclusion and future work
69
5.1 Conclusion Point………………………………………………………………….70 5.2 Future work……………………………………………………………………….71
References……………………………………………………………………………72-73
8
List of Figures Page No. 1. Encryption Model…………………………………………….................................2 2. Symmetric key encryption……………………………………………………........3 3. Public key encryption……………………………………………………………...4 4. Probabilistic encryption………………………………………………………........5 5. Block diagram of DES cryptography algorithm…………………………………...8 6. Block diagram of AES cryptography algorithm……………...................................9 7. How to make key for RSA algorithm……………………….................................10 8. Research methodology graph……………………………….................................36 9. Data collection………………………………………………………………........37 10. Steps in quantitative approach……………………………………………………41 11. Steps in qualitative approach……………………………………………………..41 12. Steps in research process………………………………………………………….45 13. Block diagram of ECB……………………………………………………….......47 14. ECB mode encryption……………………………………………………………48 15. ECB mode decryption……………………………………………………………48 16. Block diagram of CBC……………………………………………………….......49 17. CBC mode encryption……………………………………………………………50 18. CBC mode decryption……………………………………………………………50 19. Interception attack………………………………………………………………..52 20. Modification attack………………………………………….................................52 21. Fabrication attack……………………………………………………………........52 22. Snap shot of online encryption tool…………………………………………........54
9
List of Tables Page No. 1. A comparison list of symmetric key algorithm……………………………………9 2. Comparative analysis of buffer among AES, DES and RSA………………........11 3. Different data collection paradigm and their description………………………...38 4. Types of different research paradigm……………………….................................39 5. Comparison table of AES and DES according to different factors……………...46 6. Comparison of AES and DES in ECB mode……………….................................55 7. Comparison of AES and DES in CBC mode……………….................................55
10
List of Graphs Page No. 1. A comparison graph of symmetric & asymmetric algorithm………………….6 2. Comparative analysis of buffer size in DES, AES and RSA………………...11 3. Comparison graph between AES & DES in ECB mode……………………..31 4. Comparison graph between AES & DES in CBC mode……………………..32 5. Percentage of people using web based application…………………………...32 6. Communicating data online…………………………………………………..33 7. Password loss or unauthorized access………………………………………...33 8. Aware of online threats……………………………………………………….34 9. Aware of encryption algorithm……………………………………………….56 10. Encryption algorithm…………………………………………………….........57
11
CHAPTER 1 INTRODUCTION The necessity of information security with an organization have undergone because of the wide use of internet or online mechanism in today’s organizations. In the past physical means is used to provide security to data. With the advent of computers in every field, the need for software tools for protecting files and other information stored on the computer became important. That’s why whenever we want to secure our data from different types of attacks, first we have to secure our computer and for that we need computer security. Importance of information systems is ever growing in all most all fields, electronic information takes on many of the roles, earlier they being done on papers. Few information integrity functions that the security mechanism has to support are security and confidentiality of the data to be transmitted and authentication of users. There is no single mechanism that will provide all the services specified. But we can identify a very important mechanism that supports all forms of information integrity is cryptographic technique. Encryption of information is the most common means of providing security. 1.1 What is Cryptography? Cryptography is the best secured scheme to protect our data from attacks and also save or send our data in coded form. These security mechanisms usually involve encryption & decryption and as well as generation of sub keys to be convert plain text into cipher text. For that participants select some secret information (Key), which can be used for protecting data from unauthorized users or different type of attackers. That’s why a simple security structure is prepared to understand that what basic cryptography is? The word Crypto means ―Secret‖ and Graphy means ―Writing‖ so the basic meaning of Cryptography is Secret-Writing, By which we can protect our confidential data from attackers in an effective manner. 1.1.1 Encryption Model
1
Sender’s Message
Plain text converted to cipher text using key
Cipher text converted back to plain text using the same key
Receiver’s message
Sender’s end DATA (Plain Text)
Key
Receiver’s end Plain Text converted into Cipher Text
Cipher Text converted into Plain Text
DATA (Plain Text)
Fig 1.1: Encryption Model In the above ―Encryption Model‖ we can see that plain text is converted into cipher text at the sender’s end by a key and further cipher text is converted into plain text again by a key at the receiver’s end. This process is known as Cryptography. This general model shows that: 1. Designing an algorithm for performing encryption & decryption process. 2. Generating the secret information with the help of algorithm of step 1. 3. Identifying methods for the distribution and sharing of secret information. 4. Identifying rules to be used by both the participating parties to make it secured. A crypto system is an algorithm, plus all possible plain texts, cipher texts and keys. There are two general types of key based algorithms: symmetric and public key. With most symmetric algorithms, the same key is used for both encryption and decryption , as shown in Fig 1.1 1.1.2 Symmetric-key encryption: The process of symmetric-key encryption is very fast as the users do not experience any significant time delay because of the encryption and decryption. 2
Symmetric-key encryption provides security to data by the shared key. Sender and Receiver both share the same key for encryption and decryption. Symmetric-key encryption also provide authentication. Encrypted with one symmetric key no any other data will be decrypted by the same symmetric key. That’s why the symmetric key is kept secret by both the users. Both sender and Receiver can be confident that the communication is secure and the messages specify a meaningful sense.
Sender’s Message
Plain text converted to cipher text using private key
Cipher text converted back to plain text using the same private key
Receiver’s message
Sender’s end
Receiver’s end Key
DATA
(Plain Text)
Plain Text is converted into Cipher Text using private key
Cipher Text converted into Plain Text using same private key
DATA (Plain Text)
Fig 1.2: Symmetric key encryption Symmetric-key encryption will be successful only if the symmetric key is kept secured by the both end. If the key will be discovered by the attackers, it affects both confidentiality and authentication. The success of a symmetric algorithm lies in the key, reliving the key means that anyone could encrypt and decrypt messages. As long as the communication needs to remain secure, the key must be protected between the users. Encryption and decryption with a symmetric algorithm are denoted by: E K (A) = D D K (D) = A Symmetric algorithms can be divided into two categories: i)
Stream Ciphers
ii)
Block Ciphers 3
1.Straem Cipher: Operation which perform on the plain text a single bit or byte at a time, these are called stream algorithms or stream ciphers. 2. Block Cipher: Other operation which perform on group of bits or characters. Such algorithms are called block algorithms. 1.1.3 Public Key Cryptography: In public key cryptography we use two keys for security, one key for encryption and the other for decryption. One key is called as public key which can be declared public and the other one is private that is, the key is known only to the particular user. Public key cryptography can be also used for digital signing as it supports authentication of users. The information encrypted with one key will only be decrypted with another key. The decryption key cannot be calculated from the encryption key. Fig 1.3 shows a simplified view of the way public-key encryption works.
Sender’s Message
Plain text converted to cipher text using public key of receiver
Cipher text converted back to plain text using the private key of receiver
Receiver’s message
Sender’s end
DATA (Plain Text)
Receiver’s end
Plain Text is converted into Cipher Text using public key of the Receiver
Cipher Text converted back into Plain Text using private key of the Receiver
DATA (Plain Text)
1.3 Public-key encryption
Compared with symmetric-key encryption, public-key encryption requires more computation and is therefore not always appropriate for large amounts of data. However, it's possible to use public-key encryption to send a symmetric key, which can then be used to encrypt additional data. This is the approach used by the SSL (Secure Socket Layer) 4
protocol. This provides Authentication, Integrity & Confidentiality of Information at low computing power. Since authentication of the users is very important in applications like e-commerce and other similar applications, public key cryptography is of much use. Encryption and decryption can be represented in a public key scheme is: E Kpb (A) = D D Kpv (D) = A Where Kpb is the public key and Kpv is the private key. 1.1.4 Probabilistic encryption
Sender’s Message
Plain text converted to multiple cipher texts using key
Multiple Cipher texts converted back to plain text using the same key
Receiver’s message
Sender’s end
DATA (Plain Text)
Receiver’s end
Plain Text converted into multiple Cipher Text using key
Multiple Cipher Text converted back into Plain Text using same key
DATA (Plain Text)
Fig 1.4: probabilistic Encryption
1.2 Security Analysis of algorithms: In E-Commerce we use different algorithms for cryptography. All the algorithms offers different degrees of security, it depends on how hard they are to break.
If the cost required to break an algorithm is greater than the value of the encrypted data, then the algorithm is supposed to be safe.
If the time required breaking an algorithm is longer than the time that the encrypted data must remain secret, and then also it is safe.
If the amount of data encrypted with a single key is less than the amount of data necessary to break the algorithm, it is supposed to be safe. 5
An algorithm is safe if it is difficult to discover security key and find the original text.
In that condition, only a one time pad is unbreakable in a cipher text only attack, simply by trying every possible key one by one and by checking whether the resulting plain text is meaningful. This is called a brute force attack. Cryptography is more concerned with crypto systems that are computationally infeasible to break. Any algorithm is considered computationally secure if it cannot be broken with available resources. A desirable property of any encryption algorithm is that a small change in plain text or the key should produce significant change in cipher text. Such an effect is known as avalanche effect. The more the avalanche effects of the algorithm, the better the security. Crypto analysis is the study of recovering the plain text without access to the key. It may also find weakness in a crypto system that identifies patterns which can be useful in knowing the previous results. Symmetric Algorithm Asymmetric Algorithm
File (mb)
Time (ms) Graph 1.1 A comparison graph of Symmetric and Asymmetric Algorithm 1.3 Types of cryptography algorithm: 1. Symmetric key encryption 2. Asymmetric key encryption 6
1.3.1 Symmetric key encryption: Secret-key cryptographic algorithms are categorized into either stream ciphers or block ciphers based on how they manipulate data. A stream cipher handles data one symbol, typically a bit, at a time whereas a block cipher encrypts data in fixed- length blocks. Most cryptographic algorithms used today are block ciphers and stream ciphers are used predominately in situations where transmission errors are probable and implementation resources are limited, such as mobile communication devices. Symmetric key encryption scheme or secret key encryption scheme has the following five ingredients:1) Plain text:-This is the original intelligible message or data is fed into the algorithm as input. 2) Encryption algorithm:-The encryption algorithm performs various substitutions and transformations on the plaintext. 3) Secret key: - The secret key is also input to the encryption algorithm .The key is a value independent of the plaintext. The algorithm will produce a different output depending on the specific key being used at the time .the exact substitutions and transformations performed by the algorithm depend on the key. 4) Cipher text:-This is the scrambled message produced as output .It depends on the plaintext and the secret key. For a given message, two different keys will produce two different cipher texts. The cipher text is an apparently random stream of data and, as it stands is unintelligible. 5) Decryption Algorithm: - This is essentially the encryption algorithm run in reverse. It takes the cipher text and the secret key and produces the original plaintext. In this thesis I study two Symmetric key cryptography algorithms: i)
DES (Data Encryption Standard)
ii)
AES (Advanced Encryption Standard)
1) DES: This is the most common used cryptography algorithm, which is based on data encryption standard. This algorithm was introduced by NIST (National Bureau of 7
Standards and Technology) in 1977.It is also referred as data encryption algorithm (DES). For this cryptography standard data are encrypted in 64-bit blocks and we use 56bit key for encryption. Further the algorithm converts 64-bit input in a series of steps which produce 64-bit output. For decryption this process will again do in reverse manner. Since at that time many of the authors said that due to severe attacks recorded the weaknesses of DES, which made it an insecure block cipher. 3DES is used to remove the drawbacks of DES. The main drawback of DES is brute- force attack. One approach is to design a completely new algorithm and another alternative, which would preserve the existing investment in software and equipment, is to use multiple encryptions with DES and multiple keys. This multiple key approach is the 3DES or triple DES approach .This approach is an enhancement of simple DES; it is 64 bit block size with 192 bits key size. In this standard the encryption method is similar to the one in the original DES but applied 3 times to increase the encryption level and the average safe time. It is a known fact that 3 DES is slower than other block cipher methods.
Initialization
Round 1
Round 2
Round 16
Finalization
Fig 1.5 Block Diagram of DES Cryptography Algorithm 8
2) AES: - Advanced Encryption Standard was also published by NIST in 2001. AES is a symmetric block cipher technique that is introduce to replace DES. .Besides this, its security mechanism and security strength is equal to better than 3DES and significantly improved efficiency .The
Rijndael proposal for AES
defined a cipher in which the block length and the key length can be independently specified to be 128,192 or 256 bits. The AES specification uses the same three key size alternatives but limits the block length to 128 bits.
AES-128 Schematic 10 Rounds
1.)Byte sub
4
2.)Shift Row
Input
3.)Mix Colum
1.)Byte sub
1.)Byte sub
2.)Shift Row
2.)Shift Row
3.)Mix Colum
3.)Mix Colum
4 Invertible K0
K1
Key
K2
K11
K9
4
Output 4
Fig 1.6 A Block Diagram of AES Cryptography Algorithm
Table 1.1 A comparison list of symmetric key cryptography algorithm 9
1.3.2 Asymmetric Key Encryption: In asymmetric mechanism two keys are used: private key and public key. Public key is used for encryption and private key is used for decryption . But the main problem with public key encryption is that; that it is based on mathematical functions. Asymmetric encryption techniques are almost 1000 times slower than symmetric techniques because they require more computational processing power. The example of asymmetric key algorithm is RSA algorithm which is explained below: RSA Algorithm: Developers of RSA algorithm are: Ron Rivest, Adi Shamir, and Leonard Adleman. They developed RSA in 1977. It is wildly used in various applications like Internet Browsers etc. It is also used in e-commerce at large scale. RSA is an asymmetric key security algorithm unlikely DES. It is licensed algorithm. In RSA we use two different key , one for encryption and other one is for decryption. Keys are known as public key and private key. Generation of these two keys is as follow: Two large prime numbers of the same size are generated; we call them p and q. The product of p and q gives the value n. In this case, p and q should be large enough (at least 100 digits), and are kept secret to the sender’s side. Considering the fact that n is the product of two very large prime numbers, it is practically impossible to derive out the two (i.e. p and q) from a given n. A random integer is then selected, named e; where e should be greater than 1, and the gcd (e, (p-1), (q-1)) = 1 (the value of e is called public exponent). Next, find the multiplicative inverse of e modulo (p-1) (q-1), named d (the value of d is called private exponent). The public key is (n, e) and the private key is d. One of the major benefits of RSA algorithm is that the public key can be created and sent to someone (e.g. from administrative) to encrypt a message, but only the private key of the dedicated receiver can be used to decrypt it.
10
Fig 1.7 How to make key for Encryption and Decryption in RSA Algorithm
Graph/Table 1.2 Comparative analysis of buffer size among DES, AES and RSA algorithm
11
CHAPTER 2 REVIEW OF LITERATURE K.Brindha, Ritika Sharma, Sapanna Saini 2014 study on Use of Symmetric Algorithm for Image Encryption , they present image encryption using symmetric algorithm (SA). Encryption is a method to protect data against destruction by involving special algorithm and keys to transform digital data into unreadable format before transmission over the network. The Decryption keys are used to get the original digital data back from the transmitted encrypted data form. Data encryption standard (DES) is one of the symmetric algorithms. This paper presents an analysis on DES algorithm for image encryption. The proposed idea will reproduce the original image with no information loss. A comparative study of the DES algorithm with the present image encryption algorithms is also done in this paper. KEYWORDS: AES, DES, decryption, encryption, symmetric algorithm. Vishwa gupta, Gajendra Singh and Ravindra Gupta 2012 Advance cryptography algorithm for improving data security , Information security is the process of protecting information. It protects its availability, privacy and integrity. Access to stored information on computer databases has increased greatly. More companies store business and individual information on computer than ever before. Much of the information stored is highly confidential and not for public viewing. In this paper I have developed a new cryptography algorithm which is based on block cipher concept. In this algorithm I have used logical operation like XOR and shifting operation. Experimental results show that proposed algorithm is very efficient and secured. To write this paper I have Study about information security using cryptography technique. After the detailed study of Network security using cryptography, I am presenting my proposed work. This paper is dividing in four sections. In section-I, I am presenting just basic introduction about Information Security using cryptography, in section-II, I am presenting detailed description of Information security using cryptography and various algorithms, in section-III, I am presenting my proposed algorithm, and in section IV I am Presenting summary and references where I have completed my research. The proposed algorithm has the batter speed compared with the comparing encryption algorithm. Nevertheless, the proposed algorithm improves encryption security by inserting the symmetric layer. The proposed 12
algorithm will be useful to the applications which require the same procedure of encryption and decryption. Keywords: Information security, Encryption, Decryption. Narender Tyagi and Anita Ganpati 2014 Comparative Analysis of Symmetric Key Encryption Algorithms , Computer networks were primarily used by university researchers for studying e-mail, and by corporate employees for sharing printers. Security was not an important issue at that time. But now as billions of ordinary citizens are using networks for banking, shopping, and filling their income tax returns. Network security has become an important issue and potentially massive problem in data communication. Most security problems are intentionally caused by malicious people trying to gain some benefit or harm someone. Encryption has come up as a solution, and plays an important role in information security system. In this paper a detailed theoretical study has been made on the DES, 3DES, AES and Blowfish symmetric encryption algorithms. A comparative analysis on the above symmetric encryption algorithms has been made. These algorithms consume a significant amount of computing resources such as CPU time, memory and battery power. The comparison is made on the basis of these parameters: speed, block size, and key size etc. Blowfish has better performance than other DES, 3DES, and AES algorithms. Keywords- Encryption, Decryption, Cryptography, Data Encryption standard(DES),
Asymmetric
Encryption
standard(AES),
Symmetric
Encryption,
Asymmetric Encryption Ritu Tripathi and Sanjay Agrawal 2014 Comparative Study of Symmetric and Asymmetric Cryptography Techniques, Data security is the challenging issue of today that touches many areas including computers and communication. Modern cyber security attacks have surely played with the effects of the users. Cryptography is one such technique to create certain that, authentication, integrity, availability, confidentiality and identification of user data can be maintained as well as security and privacy of data can be provided to the user. The cryptography techniques and various algorithms are used to provide the needed security to the applications. This paper provides a comparison between some symmetric and asymmetric techniques. The factors are achieving an effectiveness, flexibility and security, which is a face of researchers. As a result, the better solution to the symmetric key encryption and the asymmetric key encryption is provided. Index Terms: Cryptography; Encryption, AES, DES, 3DES, Symmetric key encryption, Asymmetric key encryption. 13
Chinmoy Ghosh and SatyendraNath Mandal 2014 A Combined Method for Image Encryption ABSTRACT Many image encryption techniques have been developed to protect confidential image information in communication through the public channel. In this paper, a combined method of image encryption has been proposed to encrypt the image. The algorithm is divided into two parts. At first, the bits of pixels are reversed and rotated based on length of key. In second part, the encrypted image has been constructed after bit-wise XOR operation between the revised pixels and key. The proposed technique has been tested on different types of images. Finally, the performance of the algorithm has been verified by some statistical analysis. Keywords-Bits reverse, Bits Rotation, Combined Method, Image Encryption, and Statistical Analysis. T.Gunasundari and Dr. K.Elangovan 2014 A Comparative Survey on Symmetric Key Encryption Algorithms, Security is the most challenging aspects in the internet and network applications. Internet and networks applications are growing very fast, so the importance and the value of the exchanged data over the internet or other media types are increasing. Hence the search for the best solution to offer the necessary protection against the data intruders’ attacks along with providing these services in time is one of the most interesting subjects in the security related communities. Cryptography is the one of the main categories of computer security that converts information from its normal form into an unreadable form. The two main characteristics that identify and differentiate one encryption algorithm from another are its ability to secure the protected data against attacks and its speed and efficiency in doing so. There are basically two techniques of cryptography-Symmetric and Asymmetric .This paper provides a fair comparison between four most common symmetric key cryptography algorithms: RC2, RC4, RC5, and RC6. Keywords: Cryptography, Symmetric key encryption, RC2, RC4, RC5, RC6. Dr. Jitendra Sheetlani and Harsh Gupta 2014 Comparative Study of a New Variable Length Key Block Cipher Technique with DES for Network Security , This study deals with A New Variable Length Key Block Cipher Technique which is a technology used to solve the problems of security of data. This paper represents the importance of Encryption of data for storage and transmission. The significance of encrypted data can be identified in light of the mushrooming applications and globalization of communication. The advantages of encrypting data manifest themselves in the form of security & confidentiality in real time applications. A fundamental problem in networking is how to communicate securely over an insecure channel, which might be controlled by an 14
adversary. The purpose of this paper is to describe our high- level abstraction for secure messaging. In this paper we also describe about Encryption and also role of encryption over the network. The goal of this paper is to provide an analysis Variable Length Key Block Cipher Technique also we compare with standard algorithm like DES in terms of computational overhead, Data overhead, complexity and security analysis. Keywords: Information Security, Block cipher, Variable key length, Encryption, Plaintext, Cipher text, DES. Sheetal Charbathia and Sandeep Sharma 2014 A Comparative Study of Rivest Cipher Algorithms, The purpose of an encryption algorithm is to provide security of data. If an encryption algorithm cannot be broken easily, then it is said to be secure. The ultimate goal is to protect data against any unauthorized access or theft. In this paper, a comparative study has been done against a family of symmetric key algorithms called the Rivest Cipher algorithms to get a hold on various security goals that the algorithms intends to provide. All the Rivest Cipher Algorithms have been described briefly with the basic working principle and other useful details. And lastly, a comparison of these algorithms considering the different parameters has been done in order to see how each version of the algorithm was different from the other and how improvements were incorporated. Due to the increasing computing power, the RC6 algorithm is vulnerable to attacks. Some measures should be taken to protect RC6 algorithm against any threat so that this algorithm can be secure for decades and more. This can be done by modifying this algorithm further. Keywords— cryptography, symmetric key cryptography, asymmetric key cryptography, hash function cryptography, RC2, RC4, RC5, RC6 Ms. Ankita Umale,, Ms. Priyanka Fulare 2014 Comparative Study of Symmetric Encryption techniques for Mobile Data Caching in WMN 1, Advanced mobile devices, known as smartphones, are a class of devices built at their core around ease of connectivity and always-on accessibility of online services. Security is one of the most challenging aspects in the internet and network applications. Symmetric key algorithms are a typically efficient and fast cryptosystem, so it has significant applications in many realms. For a Mobile adhoc network with constraint computational resources, the cryptosystem based on symmetric key algorithms is extremely suitable for such an agile and dynamic environment, along with other security strategies. The paper presents a comparison study of block ciphers such as AES, DES, 3DES, Blowfish, RC2, and RC6 on the basis of block size, key size, and speed. 15
Keywords-
Mobile caching, symmetric encryption, AES, DES, 3DES, Blowfish, RC2,
and RC6 Ali Makhmali, Hajar Mat Jani 2013 , present their paper on Comparative Study On Encryption Algorithms And Proposing A Data Management Structure and want to say that In implementing a web-based application, security is one of the most important issues to be addressed. Generally, two factors should be addressed prior to implementing the application to ensure security: the structure of data management, and data security strategy. In this research, we try to find a suitable implementation and solution to handle these two problems. These issues first led us to perform a comparative study on several encryption algorithms, and consequently, to find the most suitable one; and second, to find the best management structure of data to ensure a reasonable level of security for the clients of the web-based application.
We study and compare the concepts of five
encryption algorithms that are most widely used: DES, Triple DES, RSA, Blowfish, and AES. The focus is on the general strategy the encryption algorithms are using, and their implementation applicability on websites or web-based applications. A survey was also conducted in finding the level of awareness and concern regarding online systems’ security. Based on the findings of this study, a data management structure for storing confidential data on a server is proposed. Index Terms: AES, Blowfish, DES, Encryption Algorithms, RSA, Data Management Structure, Triple DES, Website Security Swati Paliwal , Ravindra Gupta 2013 give their review on ,A Review of Some Popular Encryption Techniques , In That review research paper concentrates on the different kinds of encryption techniques that are existing. It also frames all the techniques together as a literature survey. Aim an extensive experimental study of implementations of various available encryption techniques. Also focuses on image encryption techniques, information encryption techniques, double encryption and Chaos-based encryption techniques. This study extends to the performance parameters used in encryption processes and analyzing on their security issues. Keywords: AES, CAST, RSA and NTRU Ms.Pallavi H.Dixit, Dr.Uttam L. Bombale and Mr. Vinayak B. 2013 Comparative Implementation of Cryptographic Algorithms on ARM Platform , This paper present the 16
comparison between two cryptographic algorithm AES and Blowfish algorithm on the basis of ARM implementatiom.LPC 2148 from NXP Philips family kit is used for implementation. In Embedded system security blowfish is suitable. For comparison, we considered points like memory size, encryption cycle, and decryption cycle for both algorithms on ARM7 etc. For small embedded system like mobile, smart card etc Blowfish is best algorithm for security. Keywords: Encryption, Decryption, AES, Blowfish Mansoor Ebrahim , Shujaat Khan and Umer Bin Khalid 2013 Symmetric Algorithm Survey: A Comparative Analysis , Information Security has become an important issue in modern world as the popularity and infiltration of internet commerce and communication technologies has emerged, making them a prospective medium to the security threats. To surmount these security threats modern data communications uses cryptography an effective, efficient and essential component for secure transmission of information by implementing security parameter counting Confidentiality, Authentication, accountability, and accuracy. To achieve data security different cryptographic algorithms (Symmetric & Asymmetric) are used that jumbles data in to scribbled format that can only be reversed by the user that have to desire key. This paper presents a comprehensive comparative analysis of different existing cryptographic algorithms (symmetric) based on their Architecture, Scalability, Flexibility, Reliability, Security and Limitation that are essential for secure communication (Wired or Wireless). General Terms Algorithms, Encryption, Public Key, Private Key, Architecture, Flexibility, Overview, Scalability, Limitations, Security. Keywords: Symmetric, Asymmetric, DES, 3DES, IDEA, Serpent, Blowfish, Rijndeal, RC6, CAST, RSA, PGP, MARS, TEA, Twofish. Veerpal Kaur, Aman Singh 2013 give their research theory on ,Review of Various Algorithms Used in Hybrid Cryptography and they said that Cryptography is a technique used today for hiding any confidential information from the attack of an intruder. The study of hybrid cryptography going to present is based on the study of hybridization. Study has been performed from 1993 to 2013. All the concepts related to hybrid cryptography have been analyzed and reached at the conclusion that the use of RSA is quite expanding. Near about 200 papers have been searched related to the problem and 55 have been considered in this review based on filtering. Tabular survey has been provided for ease of use. Major scope of work has been done using RSA. Diffie-Hellman is a 17
today’s choice for algorithm implementation in any network. Another point of view is that very less use of DES is there due to some of its limitations such as less Avalanche effect. RSA, AES, SHA-1, MD5 are some of the most widely used algorithms for hybrid cryptography. The main aim of this review paper is to provide more and more information to the naïve researchers. Other objectives of this review paper are to emphasize on better performance, maximum speed of an algorithm, checking effectiveness, its efficiency and comparison with other related works. Keywords- RSA, ElGamal, hybrid of various algorithms, hybrid cryptography Rajinder Kaur, Er. Kanwalpreet Singh 2013 Comparative Analysis and Implementation of Image Encryption Algorithms, Due to the rapid growth of digital communication and multimedia application, security become an important issue of communication and storage of images. Image security has found a great need in many applications where the information (in the form of image) is to be protected from unauthorized access. Encryption is one of the ways to ensure high security. In recent years, encryption technology has been developed and many image encryption methods have been used. These methods produce randomness in the image so that the content is not visible. Encryption and decryption consume a considerable amount of time. So there is a need for an efficient algorithm. This paper proposed three different image encryption techniques for color image. Simulation results are presented and a comparative analysis of the different methods is discussed. Key Terms: - Cryptography; Correlation Coefficient; Encryption; Decryption; Histogram; Selective Image Encryption Apoorva, Yogesh Kumar 2013 Comparative Study of Different Symmetric Key Cryptography Algorithms, Cryptography is the practice and study of hiding information. Prior to the modern age, cryptography was almost synonymous with encryption i.e. the conversion of information from a readable state to nonsense. In order to avoid unwanted persons being able to read the information, senders retain the ability to decrypt the information. There are three type of Cryptography: Asymmetric-key cryptography, symmetric key cryptography and hashing. Encryption methods in which both the sender and receiver share the same key is referred to as symmetric key cryptography. This thesis provides a fair comparison between three most common symmetric key cryptography algorithms: AES, Twofish, CAST-256 and Blowfish. The comparison takes into consideration the behavior and the performance of the algorithm when different data loads 18
are used, as our main concern here is to study the performance of algorithms under different settings,. The comparison is made on the basis of these parameters: speed, block size, and key size. Keywords: Cryptography, Symmetric key, AES, CAST-256, Blowfish, Twofish. S. Govinda Rao ,D. Siva Prasad and M. Eswara Rao 2013 Universal Session Based Symmetric Cryptographic Technique to Strength the Security , In this technical paper a session based symmetric key cryptographic technique, termed as SBSKCT, has been proposed. This proposed technique is very secure and suitable for encryption of large files of any type. SBSKCT considers the plain text as a string with finite no. of binary bits. This input binary string is broken down into blocks of various sizes (of 2k order where k = 3, 4, 5, ….). The encrypted binary string is formed by shifting the bit position of each block by a certain values for a certain number of times and from this string cipher text is formed. Combination of values of block length, no. of blocks and no. of iterations generates the session based key for SBSKCT. For decryption the cipher text is considered as binary string. Using the session key information, this binary string is broken down into blocks. The decrypted binary string is formed by shifting the bit position of each block by a certain values for a certain number of times and from this string plain text is reformed. A comparison of SBSKCT with existing and industrially accepted TDES and AES has been done. Key words: Cryptographic technique, SBSKCT, TDES, AES, Session key. Er. Satish Kumar, Amritsar Mr. Amit Puri 2012 Comparative analysis of various cryptographic algorithm Does increased security provide comfort to fearful people? Or does security provide some very basic protections that we are inexperienced to believe that we don't need? During this time when the Internet provides essential communication between millions of people and is being increasingly used as a tool for commerce, trading, research & banking, security becomes a tremendously important issue to deal with. There are many aspects to security and many applications, ranging from secure commerce and payments to private communications and protecting passwords. This paper has two major purposes. The first is to define some of the terms and concepts behind basic cryptographic methods, and second is to offer a way to compare the myriad cryptographic algation on computer than ever before. Much of the information stored is highly confidential and not for public viewing. In this paper I have developed a new cryptography algorithm which is 19
based on block cipher concept. In this algorithm I have used logical operation like XOR and shifting operation. Experimental results show that proposed algorithm is very efficient and secured. To write this paper I have Study about information security using cryptography technique. After the detailed study of Network security using cryptography, I am presenting my proposed work. This paper is dividing in four sections. In section-I, I am presenting just basic introduction about Information Security using cryptography, in section-II, I am presenting detailed description of Information security using cryptography and various algorithms, in section-III, I am presenting my proposed algorithm, and in section IV I am Presenting summary and references where I have completed my research. The proposed algorithm has the batter speed compared with the comparing encryption algorithm. Nevertheless, the proposed algorithm improves encryption security by inserting the symmetric layer. The proposed algorithm will be useful to the applications which require the same procedure of encryption and decryption. Keywords: Information security, Encryption, Decryption, Cryptography Alese, B. K., Philemon E. D., Falaki, 2012 Comparative Analysis of Public-Key Encryption Schemes , The introduction of public-key cryptography by Diffie and Hellman in 1976 was an important watershed in the history of cryptography. The work sparked off interest in the cryptographic research community and soon several public-key schemes were proposed and implemented. The Rivest, Shamir and Adleman (RSA), being the first realisation of this abstract model, is the most widely used public-key scheme today. However, increased processing power and availability of cheaper processing technology occasioned by the exponential growth in digital technology has generated some security concerns, necessitating the review of security parameters for enhanced security. Enhanced processing power requirement does not favour the present class of ubiquitous mobile devices that are characterised by low power consumption, limited memory and bandwidth as they may not be able to run this cryptographic algorithm due to computational burden associated with long key lengths. And since future increase in key lengths looks likely given the current technological developments, Elliptic Curve Cryptography (ECC) has been proposed as an alternative cryptosystem because it satisfies both security requirements and efficiency with shorter key lengths. This research work focuses on the comparative analysis of RSA Encryption algorithm, ElGamal Elliptic Curve Encryption algorithm and Menezes-Vanstone Elliptic Curve 20
Encryption algorithm. These elliptic curve analogues of ElGamal Encryption scheme were implemented in Java, using classes from the Flexi provider library of ECC. The RSA algorithm used in the comparison is the Flexi provider implementation. Performance evaluation on the three algorithms based on the time lapse for their Key generation, encryption and decryption algorithms, and encrypted data size was carried out and compared. The results show that our elliptic curve-based implementations are more superior to the RSA algorithm on all comparative parameters.
Keywords: Security,
Elliptic, Curve, RSA, Crptosystem Ali Ahmad Milad, Hjh Zaiton Muda, Zul Azri Bin Muhamad Noh and Mustafa Almahdi Algaet 2012 Comparative Study of Performance in Cryptography Algorithms, Problem statement: The main goal guiding the design of any encryption algorithm needs to be secured against unauthorized attacks. For all applied applications, performance and the cost of implementations are also important concerns. A data encryption algorithm would not be of much use if it is secure enough but slow in performance because it is a common repetition to embed encryption algorithms in other applications such as e-commerce, banking and online transaction processing applications. Inserting of encryption algorithms in other applications also prevents a hardware implementation and is thus a major cause of tainted overall performance of the system. Approach: In this study, the performance of the two of the popular secret key encryption algorithms (Blowfish and Skipjack) was compared. Results: Blowfish and Skipjack, had been implemented and their performance was compared by encrypting input files of varying contents and sizes. The algorithms had been implemented in a uniform language C#, using their standard specifications to allow a fair comparison of execution speeds. Conclusion: The performance results have been summarized and a conclusion has been presented. Based on the experiments, we can conclude that the Blowfish is the best performing algorithm for implementation. Key words: Cryptography algorithms, blowfish algorithm, skipjack algorithm, encryption, decryption, feistel network, S-boxes, private key algorithm, Data Encryption Standard (DES), public key. G. Ramesh and Dr. R. Umarani 2012 Performance Analysis of Most Common Symmetrical Encryption Algorithms, The encryption and decryption process consume a significant amount of computing resources such as CPU time, throughput, and battery power. A wireless device, usually with very limited resources, especially battery power, is subject to the problem of energy consumption due to encryption algorithms. Designing 21
energy efficient security protocols first requires an understanding of and data related to the energy consumption of common encryption schemes for wireless devices. This paper performs comparative analysis of five algorithm; DES, 3DES, AES, UMARAM and UR5 Algorithm, considering certain parameters such as throughput, encryption time and power consumption. A cryptographic tool is used for conducting experiments. The experimental results show the superiority of our UR5 encryption algorithm over other algorithms in terms of the power consumption, processing time, and throughput. Keywords: Cryptography, Encryption techniques, AES, DES, 3DES, UMARAM ,UR5,Computer security. Daniel Wichs 2012 Barriers in Cryptography with Weak, Correlated and Leaky Sources ,There has been much recent progress in constructing cryptosystems that maintain their security without requiring uniform randomness and perfect secrecy. These schemes are motivated by a diverse set of problems such as providing resilience to side-channel leakage, using weak physical sources of randomness as secret keys, and allowing deterministic encryption for high-entropy messages. The study of these problems has significantly deepened our understanding of how randomness is used in cryptographic constructions and proofs. Nevertheless, despite this progress, some basic and seemingly achievable security properties have eluded our reach. For example, we are unable to prove the security of basic tools for manipulating weak/leaky random sources, such as as pseudo-entropy generators and seed-dependent computational condensers. We also do not know how to prove leakage-resilient security of any cryptosystem with a uniquely determined secret key. In the context of deterministic encryption we do not have a standard- model constructions achieving the strongest notion of security proposed by Bellare, Boldyreva and O’Neill (CRYPTO ’07), that would allow us to encrypt arbitrarily correlated messages of sufficiently large individual entropy. In this work, we provide broad black-box separation results, showing that the security of such primitives cannot be proven under virtually any standard cryptographic hardness assumption via a reduction that treats the adversary as a black box. We do so by formalizing the intuition that ―the only way that a reduction can simulate the correctly distributed view for an attacker is to know all the secrets, in which case it does not learn anything useful from the attack‖. Such claims are often misleading and clever way of getting around them allows us to achieve a wealth of positive results with imperfect/leaky randomness. However, in this work we
22
show that this intuition can be formalized and that it indeed presents a real barrier for the examples given above. Johannes Blömer ,Peter Günther and Gennadij Liske 2012 Improved Side Channel Attacks on Pairing Based Cryptography ,Techniques from pairing based cryptography (PBC) are used in an increasing number of cryptographic schemes. With progress regarding efficient implementations, pairings also become interesting for applications on smart cards. With these applications the question of the vulnerability to side channel attacks (SCAs) arises. Several known invasive and non- invasive attacks against pairing algorithms only work if the second but not if the first argument of the pairing is the secret. In this paper we extend some of these attacks also to the case where the first argument is the secret. Hence we may conclude that positioning the secret as the first argument of the pairing does not improve the security against SCAs, as it sometimes has been suggested. Feng Bao Pierangela Samarati Jianying Zhou 2012 Applied Cryptography and Network Security, Openness is a key criterion of security algorithms and pro- tocols which enable them to be subjected to scrutiny by independent security experts. The alternative ―methodology‖ of secret proprietary algorithms and protocols has often ended in practical breaks, e.g. of the MIFARE Oyster cards for public transport or the KeeLoq remote control systems. Open evaluation is common for general applications of security, e.g. the NIST competitions for selection of the Advanced Encryption Standard (AES) and the Secure Hash Algorithm 3 (SHA-3). Nowadays an increasing number of embedded security applications apply the prin- ciple of open evaluation as well. A recent example is the specification of an open security protocol stack for car immobilizer applications by Atmel, which has been presented at ESCAR 2010. This stack is primarily intended to be used in conjunction with automotive transponder chips of this manufacturer, but could in principle be deployed on any suitable type of transponder chip. In this paper we analyze the security of this protocol stack. We were able to uncover a number of potential security vulnerabilities, for which we suggest fixes. Keywords: Security, car immobilizer, algorithms, protocols, openness, analysis. Pranay Meshram, Pratibha Bhaisare and S.J.Karale 2012 Comparative Study of Selective Encryption Algorithm For Wireless Adhoc Network, Information Security has become an important issue in data communication. Encryption has come up as a solution, and plays an important role in information security system. This security mechanism uses 23
some algorithms to scramble data into unreadable text which can be only being decoded or decrypted by party those possesses the associated key. These algorithms consume a significant amount of computing resources such as CPU time, memory and battery power and computation time. This paper performs comparative study of three algorithm; Full encryption algorithm, Toss-a-coin selective encryption algorithm and Probabilistic selective encryption algorithm considering certain parameters such as encryption time percentage time, encryption time, overall time and encryption proportion. Eventually, we carry out an extensive set of simulation experiments based on ns2 simulator, and our simulation indicates that the technique of selective algorithms can indeed improve the efficiency of message encryption. Keywords: Wireless Security, Data Confidentiality, Selective Cryptographic Algorithm, Symmetric Key Encryption, Wireless Ad hoc Networks. Shraddha Soni, Himani Agrawal, Dr. (Mrs.) Monisha Sharma 2012 Analysis and Comparison between AES and DES Cryptographic Algorithm, with the rapid development of various multimedia technologies, more and more multimedia data are generated and transmitted, also the internet allows wide distribution of digital media data. Now a days it is much easier to edit, modify and duplicate digital information .Besides that, digital documents are also easy to distribute, therefore it will be faced by many threats. Therefore, it becomes necessary to find appropriate protection as the data may include some sensitive information which should not be accessed by or can only be partially exposed to the general users. So in the recent world, security is a prime important issue, and encryption is one of the best alternative ways to ensure security. Moreover, many image encryption schemes have been proposed; each one of them has its own strength and weakness. This paper presents an analysis and comparison of various parameters of DES and AES encryption schemes.Keywords— Advance Encryption Standard, Data Encryption Standard, Mean Squared Error, Number of Changing Pixel Rate, Peak Signal to Noise Ratio, Unified Average Changed Intensity. Shashi Mehrotra Seth, Rajan Mishra 2011 Comparative Analysis Of Encryption Algorithms For Data Communication shows that, Information Security has become an important issue in data communication. Encryption has come up as a solution, and plays an important role in information security system. This security mechanism uses some algorithms to scramble data into unreadable text which can be only being decoded or decrypted by party those possesses the associated key. These algorithms consume a 24
significant amount of computing resources such as CPU time, memory and battery power and computation time. This paper performs comparative analysis of three algorithm; DES, AES and RSA considering certain parameters such as computation time, memory usages and output byte. A cryptographic tool is used for conducting experiments. Experiments results are given to analyses the effectiveness of each algorithmKeywords: Encryption, secret key encryption, public key encryption, RSA, DES, AES encryption. Diaa Salama, Hatem Abdual Kader and Mohiy Hadhoud 2011 Studying the Effects of Most Common Encryption Algorithms, Wireless networks play critical roles in present work, home, and public places, so the needs of protecting of such networks are increased. Encryption algorithms play vital roles in information systems security. Those algorithms consume a significant amount of computing resources such as CPU time, memory, and battery power. CPU and memory usability are increasing with a suitable rates, but battery technology is increasing at slower rate. The problem of the slower increasing battery technology forms ―battery gap‖. The design of efficient secure protocols for wireless devices from the view of battery consumption needs to understand how encryption techniques affect the consumption of battery power with and without data transmission. This paper studies the effects of six of the most common symmetric encryption algorithms on power consumption for wireless devices. at different settings for each algorithm. These setting include different sizes of data blocks, different data types (text, images, and audio file), battery power consumption, different key size, different cases of transmission of the data , effect of varying signal to noise ratio and finally encryption/decryption speed. The experimental results show the superiority of two encryption algorithm over other algorithms in terms of the power consumption, processing time, and throughput .These results can aid in new design of security protocol where energy efficiency is the main focus. Some suggestions for design of secure communications systems to handle the varying wireless environment have been provided to reduce the energy consumption of security protocols. Keywords: Encryption techniques, Computer security, wireless network, ad hoc wireless LANs, Basic Service Set (BSS) Nidhi Singhal and
J.P.S.Raina 2011
Comparative Analysis of AES and RC4
Algorithms for Better Utilization , In the today world, security is required to transmit confidential information over the network. Security is also demanding in wide range of 25
applications. Cryptographic algorithms play a vital role in providing the data security against malicious attacks. But on the other hand, they consume significant amount of computing resources like CPU time, memory, encryption time etc. Normally, symmetric key algorithms are used over asymmetric key algorithms as they are very fast in nature. Symmetric algorithms are classified as block cipher and stream ciphers algorithms. In this paper, we compare the AES algorithm with different modes of operation (block cipher) and RC4 algorithm (stream cipher) in terms of CPU time, encryption time, memory utilization and throughput at different settings like variable key size and variable data packet size. Keywords: Encryption, Decryption, Block and Stream Ciphers, AES, RC4 Simar Preet Singh, and Raman Maini 2011 present paper on Comparison of data encryption algorithm , This paper tries to present a fair comparison between the most
common and used algorithms in the data encryption field. The two main characteristics that identify and differentiate one encryption algorithm from another are its ability to secure the protected data against attacks and its speed and efficiency in doing so. This paper provides a performance comparison between four of the most common encryption algorithms: DES, 3DES, Blowfish and AES. The comparison has been conducted by running several encryption settings to process different sizes of data blocks to evaluate the algorithm’s encryption/decryption speed. Since our main concern here is the performance of these algorithms under different settings, the presented comparison takes into consideration the behavior and performance of the algorithm when different data loads are used. Simulation has been conducted using C# language. Keywords: Encryption Algorithms, Cryptography, AES, DES, Blowfish, TripleDES. Hamdan.O.Alanazi, B.B.Zaidan, A.A.Zaidan, Hamid A.Jalab, M.Shabbir and Y. AlNabhani 2010 New Comparative Study Between DES, 3DES and AES within Nine Factors, With the rapid development of various multimedia technologies, more and more multimedia data are generated and transmitted in the medical, also the internet allows for wide distribution of digital media data. It becomes much easier to edit, modify and duplicate digital information .Besides that, digital documents are also easy to copy and distribute, therefore it will be faced by many threats. It is a big security and privacy issue, it become necessary to find appropriate protection because of the significance, accuracy and sensitivity of the information. , which may include some sensitive information which 26
should not be accessed by or can only be partially exposed to the general users. Therefore, security and privacy has become an important. Another problem with digital document and video is that undetectable modifications can be made with very simple and widely available equipment, which put the digital material for evidential purposes under question. Cryptography considers one of the techniques which used to protect the important information. In this paper a three algorithm of multimedia encryption schemes have been proposed in the literature and description. The New Comparative Study between DES, 3DES and AES within Nine Factors achieving an efficiency, flexibility and security, which is a challenge of researchers. Index Terms: Data Encryption Standard, Triple Data Encryption Standard, Advance Encryption Standard. Hamdan.O.Alanazi, B.B.Zaidan, A.A.Zaidan, Hamid A.Jalab, M.Shabbir and Y. AlNabhani 2010 New Comparative Study Between DES, 3DES and AES within Nine Factors , With the rapid development of various multimedia technologies, more and more multimedia data are generated and transmitted in the medical, also the internet allows for wide distribution of digital media data. It becomes much easier to edit, modify and duplicate digital information .Besides that, digital documents are also easy to copy and distribute, therefore it will be faced by many threats. It is a big security and privacy issue, it become necessary to find appropriate protection because of the significance, accuracy and sensitivity of the information. , which may include some sensitive information which should not be accessed by or can only be partially exposed to the general users. Therefore, security and privacy has become an important. Another problem with digital document and video is that undetectable modifications can be made with very simple and widely available equipment, which put the digital material for evidential purposes under question. Cryptography considers one of the techniques which used to protect the important information. In this paper a three algorithm of multimedia encryption schemes have been proposed in the literature and description. The New Comparative Study between DES, 3DES and AES within Nine Factors achieving an efficiency, flexibility and security, which is a challenge of researchers. Index Term: Data Encryption Standard, Triple Data Encryption Standard, Advance Encryption Standard. Kimmo J¨arvinen 2008 had done his research on Studies on efficient implementation of cryptographic algorithms and show that, Cryptographic algorithms are ubiquitous in 27
modern communication systems where they have a central role in ensuring information security. This thesis studies efficient implementation of certain widely-used cryptographic algorithms. Cryptographic algorithms are computationally demanding and software-based implementations are often too slow or power consuming which yields a need for hardware implementation. Field Programmable Gate Arrays (FPGAs) are programmable logic devices which have proven to be highly feasible implementation platforms for cryptographic algorithms providing both speed and programmability. Hence, FPGAs have attained significant interest in the research community and are also the primary implementation platforms in this thesis. This thesis presents techniques allowing faster implementations than existing ones. Such techniques are necessary in order to use high-security cryptographic algorithms in applications requiring high data rates, for example in heavily loaded network servers. The focus is on Advanced Encryption Standard (AES), the most commonly used secret-key cryptographic
algorithm,
and
Elliptic
Curve
Cryptography
(ECC),
public-key
cryptographic algorithms which have gained popularity in the recent years and are replacing traditional public-key cryptosystems, such as RSA. Because these algorithms are well-defined and widely-used, the results of this thesis can be almost directly applied in practice. The contributions of this thesis include improvements to both algorithms and techniques for implementing them. Algorithms are modified in order to make them more suitable for hardware implementation, especially focusing on increasing parallelism. Several FPGA implementations exploiting these modifications are presented in the thesis including some of the fastest implementations available in the literature. The most important contributions of this thesis relate to ECC and, especially, to a family of elliptic curves providing faster computations called Koblitz curves. The results of this thesis can, in their part, enable increasing use of cryptographic algorithms in various practical applications where high computation speed is an issue. Er. Rajender Singh, Er.Rahul Misra, Er.Vikas Kumar Analysis The Impact of Symmetric Cryptographic Algorithms on Power Consumption For Various Data , With the emergence of communication techniques as the human beings become advanced day by day these communication techniques also get some advancement or development day by day. After the emergence of internet the communication of data from one place to another 28
is increasing day by day, because as we all know that internet is very fast mode of data transfer as compared to send your data through post with the help of post-office. As the data over the internet is increasing, it is very necessary that we must ensure to provide the best solution to offer the necessary protection against the data thefts & attacks. For that purpose we use many algorithms, and among these algorithms one of the best algorithms is Encryption algorithm, because it plays an important role in information security systems. But the main problems with such types of algorithms are that they consume a significant amount of computing resources such as CPU time, memory, and battery power. Power Consumption is not a big deal or big issue in case of wired environment but the computing resources in the wireless environment is limited and limited battery power available. As the technology advances it leads to a lot of changes in the processors and memory in the computers, by which they requires a lot of power, or in other words we can say that they needs power to boost up, but battery technology or battery backup technology is increasing at much slower rate, and this cause to forming a "battery gap". As it is like the heart of the electronic devices and as most of the equipment of electronics including computing devices and communication devices also requires a good battery backup. Today, as we all seen that Lap-tops, Palm-tops etc.are generally used instead of Desktop or PC and it is well known that all these are the wireless devices and for these devices the data communication also be wireless and on the contrary, the networking connection will also be wireless. From above as we seen, the increasing demand for services on wireless devices has pushed towards us into an important research which finding ways to overcome these limitation. The paper which I present of the behalf of thesis evaluate or analyze the six most common encryption algorithms namely AES (Rigndael), DES, 3DES, RC2, Blowfish and RC5. Now I’ll try my best to find out the method to analyze the trade-offs between energy and security. There are different approaches used to reduce the energy consumption of security protocols. A comparative study also I planned to be conducted for those encryption algorithms at different settings for each algorithm such as different sizes of data blocks, different data types, battery power consumption, different key size and finally encryption/decryption speed. Keywords: - 3DES, AES, Blowfish, Computer Security, DES, Encryption Techniques, RC2, RC5 Andreas Dandalis, Viktor K. Prasanna, and Jose D.P. Rolim A Comparative Study of Performance of AES Final Candidates Using FPGAs , In this paper we study and compare 29
the performance of FPGA-based implementations of the five final AES candidates (MARS, RC6, Rijndael, Serpent, and Twofish). Our goal is to evaluate the suit- ability of the aforementioned algorithms for FPGA-based implementa- tions. Among the various time-space implementation tradeoffs, we fo- cused primarily on time performance. The time performance metrics are throughput and key-setup latency. Throughput corresponds to the amount of data processed per time unit while the key-setup latency time is the minimum time required to commence encryption after providing the input key. Time performance and area requirement results are pro- vided for all the final AES candidates. To the best of our knowledge, we are not aware of any published results that include keysetup latency results. Our results suggest that Rijndael and Serpent favor FPGA implementations the most since their algorithmic characteristics match extremely well with the hardware characteristics of FPGAs. Saurabh Sharma and Pushpendra Kumar Pateriya A Study on Different Approaches of Selective Encryption Technique ,Omnipresence of security in every application in Internet application is a clear motivation to contribute in the field of Information Security. Security is one of the most challenging aspects in the internet and network applications. Encryption is a process which is used to secure the data and the Encryption algorithms play a crucial role in efficient information security systems. Full encryption techniques are slow. Selective encryption is a technique to save computational power, overhead, speed, time. This technique also provides quick security by only encrypting a selected portion of a bit stream. Selective encryption technique is one of the most promising solutions to increase the speed of encryption as compared to the full encryption. Selective encryption is helpful for the multimedia content like images, video content and audio content. So this document discussed about Selective encryption technique which is used to increase the speed of encryption as compared to the full encryption. Keywords: Selective encryption, Encryption, Decryption Amritpal Singh, Mohit Marwaha, Baljinder Singh, Sandeep Singh Comparative Study of DES, 3DES, AES and RSA, In today world importance of exchange of data over internet and other media type is eminent; the search for best data protection against security attacks and a method to timely deliver the data without much delay is the matter of discussion among security related communities. Cryptography is one such method that provides the security mechanism in timely driven fashion. Cryptography is usually 30
referred to as "the study of secret", which is most attached to the definition of encryption. The two main characteristics that identify and differentiate encryption algorithm from another are their capability to secure the protected data against attacks and their speed and effectiveness in securing the data. This paper provides a comparative study between four such widely used encryption algorithms DES, of DES, 3DES, AES and RSA on the basis of their ability to secure and protect data against attacks and speed of encryption and decryption. Keywords: Encryption Algorithm, Performance, AES, DES, 3DES, RSA, Cryptography. D. S. Abdul. Elminaam, H. M. Abdul Kader and M. M. Hadhoud Performance Evaluation of Symmetric Encryption Algorithms ,Internet and networks applications are growing very fast, so the needs to protect such applications are increased. Encryption algorithms play a main role in information security systems. On the other side, those algorithms consume a significant amount of computing resources such as CPU time, memory, and battery power. This paper provides evaluation of six of the most common encryption algorithms namely: AES (Rijndael), DES, 3DES, RC2, Blowfish, and
RC6.
A comparison has been conducted for those encryption algorithms at different settings for each algorithm such as different sizes of data blocks, different data types, battery power consumption, different key size and finally encryption/decryption speed. Simulation results are given to demonstrate the effectiveness of each algorithm. . 2.1 Different comparison graph according to above research work:
2.1.1 Graph 1 People using web based application: This graph is based on the research that how much people use web application in their daily routine. I found in research that 87% of people use web application in their daily life which is a huge percentage, and 13% people does not use web applications for their work.
Using web based application 13%
87%
No
Yes
yes No
Graph 2.1: Percentage of people using web based application 31
2.1.2
Graph 2 People who communicating data online: Further I found that 50% of people communicating their confidential data with each other by using web, which is a large amount and the probability of network attacks is increase as the percentage increase. That’s why we need security and cryptography.
Communicating Confidential Data Online 50% No Yes
50% Yes
No
Graph 2.2: Percentage of people communicating confidential data online 2.1.3 Graph 3 Password loss or unauthorized access: In further research for the network security one question was clicked in my mind that what is the probability of password loss or unauthorized access in web communication? Then by the research I found that in 55% cases people lose their password and any third member or we can say unauthorized person access their confidential data. In 45% cases it is not done.
Password loss or unauthorised access 55%
Yes No
45%
Graph 2.3: Percentage of password loss and unauthorized access 32
2.1.4: Graph 4 Aware of online threats: In this research I also found that how many people aware of online threats. I found that 85% people are aware of online threats and only 15% of people do not aware. This is a good sign for online communication that 85% people are having knowledge about online threats.
Aware of online threats 15%
Yes No
85%
Graph 2.4: Percentage of people aware of online threats 2.1.5: Graph 5 Aware of encryption algorithm: In further research I found a unbelievable fact that the percentage of people who aware of online threats is 85% but the percentage of people who aware of encryption algorithm by which we can remove online threats is very low only 17% and people do not aware of encryption algorithm is 83%.
Aware of Encryption Algorithm 17%
Yes No
83%
Graph 2.5: Percentage of people aware of encryption algorithm 33
2.1.6: Graph 6 Percentage of encryption algorithm as per use: In this research according to all above calculations I prepare a graph which shows the percentage of different encryption algorithm as people use them. According to research work 4% are serpent, 5% people use blowfish algorithm, 18% use 3DES algorithm, 23% use DES algorithm, 23% use RSA (Asymmetric) algorithm and the highest percent 27% of people use AES which is the conclusion of my research. AES is highly used because it is more secure than any other algorithm.
4%
5%
27%
18%
23%
23%
Serpent
Blowfish
3 DES
DES
RSA
Graph 2.6: Encryption Algorithm
34
AES
CHAPTER 3 RESEARCH METHODOLOGY 3.1 Purpose of Research: The main purpose of this research is to find out an effective cryptography algorithm which gives a secure and efficient system by comparing previous cryptography algorithms, Cryptography is the most effective method to save our systems from the attackers. Cryptography contains two major parts: encryption and decryption. The focus of this research is establish such an algorithm which converts our data in coded form which is difficult for the attackers to convert that coded data into decoded form or in original text. In today’s world online transaction is very common. All most all the organization in the whole world is use online transaction for their official or non-official data. In this situation the biggest question is- ―Security‖. People are becoming more concerned about their data or information which is very obvious, because the percentage of hackers and crackers are going to increased day by day. That’s why the issue of security is a major issue for all the users of internet or users of online techniques. By using cryptography technology we can reduce this problem of hacking or cracking. Cryptography technique is one of the best technology for secure our data. So in this research the main aim of mine is improve the security system to save important data from attackers. For this I am going to compare previous security algorithms and try to remove their drawbacks and improve security. Cryptography algorithms are very much secure and efficient. In all the big organization cryptography technique is used for security. 3.2 Meaning of Research: Research is a step by step process to collect knowledge about the topic. The process is used to collect data and information about our topic is called research. Research is the process of investigation. Using research we make our project more efficient and effective. If we use research methodology or research methods for our project then the probability of error and bugs are becomes less. The diagram given below shows the steps I have used in this research. Firstly I choose the topic and collect the information about the topic by previous research work. After that I compare theory and research problems given by other authors. After literature review I started my work with that problems and theory and find out the solution. 35
Introduction
Problem of previous
Theory of Previous Research work on algorithm
Research Work
Casual Comparison
Research Problem
Literature Review
Research Theory
Research
Quantitative Methodology
Qualitative Methodology
Result
Conclusion
Fig 3.1 Research Methodology Graph Qualitative and quantitative research methodology is major research methodology for this research. After using both methodologies I can give result and conclusion of my research. Result and conclusion is fully described in chapter 4.That is implementation chapter. 36
3.3 Data Collection Procedure: In the dissertation there are various ideas to collect knowledge about the topic. For this dissertation I have done various steps: i)
Find the latest interesting topic for research.
ii)
Find out the scope for the research.
iii)
Start reading published journals of our topic.
iv)
Find out the waste knowledge about our topic from internet or search engines.
v)
Read all the pervious published papers on that topic.
vi)
Search on various technical magazines like cnet, zdnet etc.
vii)
Qualitative and Quantitative study about the topic.
viii)
Empirical study.
ix)
Comparative knowledge of all the studies.
x)
After all these data we can combine that and complete or data collection.
Different Schools of Thought;
Different Research traditions
Epistemological , Philosophical
RESEARCH PROBLEM(S)
Methodological:
Quantitative Approach
Qualitative Approach
Or Technical:
Or
Quantitative Approach
Qualitative Approach Or
Data:
Or Quantitative Approach
Qualitative Approach
Fig 3.2 Data Collection 37
Questionnaires are the base of my data collection procedure. This is useful for me to find all the theoretical information about my topic. The base of my questionnaires is study of journals and previous published papers on that topic. I collect some more information about my topic from books and different search engine. More about data collection is explained later.
Paradigm
Methods (primarily)
Data collection tools (examples)
Positivist/ Postpositivist
Quantitative. "Although qualitative methods can be used within this paradigm, quantitative methods tend to be predominant . . ." (Mertens, 2005, p. 12)
Experiments Quasi-experiments Tests Scales
Interpretivist/ Constructivist
Qualitative methods predominate Interviews although quantitative methods may also Observations be utilised. Document reviews Visual data analysis
Transformative Qualitative methods with quantitative and mixed methods. Contextual and historical factors described, especially as they relate to oppression (Mertens, 2005, p. 9)
Diverse range of tools particular need to avoid discrimination. Eg: sexism, racism, and homophobia.
Pragmatic
May include tools from both positivist and interpretivist paradigms. Eg Interviews, observations and testing and experiments.
Qualitative and/or quantitative methods may be employed. Methods are matched to the specific questions and purpose of the research.
Table 3.1 Different Data Collection paradigm and their Description Article Search: I used various sources to find the information about my topic like Google , IEEE explorer, Different papers etc. and collect the enough data for my topic. Besides this I also use some text books written by different authors . I also consider available books in my college library. All the books and the articles are on the Cryptography , Security , Network Security etc. From the different writers theory I also helped out to understand the meaning of research. 38
1. Mertens define research in 2005 as Research is a systematic investigation or inquiry whereby data are collected, analysed and interpreted in some way in an effort to ―understand, describe, predict or control an educational or psychological phenomenon or to empower individuals in such contexts‖. 2. Bogdean & Biklen said in 1998 that research paradigm is the theoretical framework, as distinct from a theory, is sometimes referred to as the paradigm and influences the way knowledge is studied and interpreted. Positivist/ Postpositivist Experimental Quasiexperimental Correlational Reductionism Theory verification Causal comparative Determination Normative
Interpretivist/ Constructivist Naturalistic Phenomenological Hermeneutic Interpretivist Ethnographic Multiple participant meanings Social and historical construction Theory generation Symbolic interaction
Transformative
Pragmatic
Critical theory Neo-marxist Feminist Critical Race Theory Freirean Participatory Emancipatory Advocacy Grand Narrative Empowerment issue oriented Change-oriented Interventionist Queer theory Race specific Political
Consequences of actions Problem-centred Pluralistic Real-world practice oriented Mixed models
Adapted from Mertens (2005) Table 3.2 Types of Different Research Paradigm 3.4 Definition of research: 1.
Clarke and Clarke: Research is a careful, systematic and objective
investigation conducted to obtain valid facts, draw conclusions and established principles regarding an identifiable problem in some field of knowledge. 2. John .W. Best: Research is a systematic and objective analysis and recording of controlled observations that may lead to the development of generalizations, principles, theories and concepts, resulting in prediction for seeing and possibly ultimate control of events. 3. Clifford woody: Research is a careful enquiry or examination in seeking facts or principles, a diligent investigation to ascertain something. 39
4. Mouley: It is the process of arriving at dependable solution to the problems through the planned and systematic collection, analysis and interpretation of data. 3.5 Types of Research: There are two types of research which can be done to develop a thesis or dissertation: 1. Practical Research: The practical approach consists of the empirical study of the topic under research and chiefly consists of hands on approach. This involves first hand research in the form of questionnaires, surveys, interviews, observations and discussion groups. 2. Theoretical Research: A non-empirical approach to research, this usually involves perusal of mostly published works like researching through archives of public libraries, court rooms and published academic journals. 3.6 Types of Research Methodology: Research methodology is like a scheme by which we can easily complete the research with the help of different methodology steps. There are six types of Research methodology: 1. Descriptive/Qualitative This type of research methods involve describing in details specific situation using research tools like interviews, surveys, and Observations. It focuses on gathering of mainly verbal data rather than measurements. 2. Descriptive/Quantitative This type of research methods requires quantifiable data involving numerical and statistical explanations. Quantitative analysis hinges on researchers understanding the assumptions inherent within different statistical models. It generates numerical data or information that can be converted into numbers. The presentation of data is through tables containing data in the form of numbers and statistics. 3. Correlation/Regression Analysis This research methodology involves determining the strength of the relationship between two or more variables (e.g. are violent video games correlated with aggression in children). 40
Select Topic
Focus Question
Inform Others
Theory Interpret Data
Design Study
Analyze Data
Collect Data
Fig 3.3. Steps in Quantitative Research Approach
Acknowledge Social Seit Adopt Perspective
Inform Others
Theory Interpret Data
Design Study
Analyze Data
Collect Data
Fig 3.4 Steps in Qualitative Research Approach 41
4. Quasi-Experimental This research involves the comparison of two groups, one which is influenced by an external source and another which is not. 5. Experimental Involves the use of random assignment to place participants in two groups: an experimental group which receives intervention, another control group without any intervention. It is using a positive control for you to base it or compare it in your result. 6. Meta-Analysis This research method is useful for finding out the average impact of several different studies on a hypothesis.
3.7 Characteristics of Research: Quality of research is depending upon these eight characteristics. Whenever we want to done any research we have to concentrate on these characteristics. These are as follows:
1. Reliability is a subjective term which cannot be measured precisely but today there are instruments which can estimate the reliability of any research. Reliability is the repeatability of any research, research instrument, tool or procedure. If any research yields similar results each time it is undertaken with similar population and with similar procedures, it is called to be a reliable research. Suppose a research is conducted on the effects of separation between parents on class performance of the children. If the results conclude that separation causes low grades in class, these results should have to be reliable for another sample taken from similar population. More the results are similar; more reliability is present in the research. 2. Validity is the strength with which we can call a research conclusions, assumptions or propositions true or false. Validity determines the applicability of research. Validity of the research instrument can be defined as the suitability of the research instrument to the research problem or how accurately the instrument measures the problem. Some researchers say that validity and reliability are co-related but validity is much 42
more important than reliability. Without validity research goes in the wrong direction. To keep the research on-track defines your concepts in the best possible manner so that no error occurs during measurement. 3. Accuracy is also the degree to which each research process, instrument and tool is related to each other. Accuracy also measures whether research tools have been selected in best possible manner and research procedures suits the research problem or not. For example if a research has to be conducted on the trans-gender people, several data collection tools can be used depending on the research problems but if you find that population less cooperative the best way is to observe them rather than submitting questionnaire because in questionnaire either they will give biased responses or they will not return the questionnaires at all. So choosing the best data collection tool improves the accuracy of research. 4. Credibility comes with the use of best source of information and best procedures in research. If you are using second-hand information in your research due to any reason your research might complete in less time but its credibility will be at stake because secondary data has been manipulated by human beings and is therefore not very valid to use in research. A certain percentage of secondary data can be used if primary source is not available but basing a research completely on secondary data when primary data can be gathered is least credible. When researcher give accurate references in research the credibility of research increases but fake references also decrease the credibility of research. 5. Generalizability is the extent to which research findings can be applied to larger population. When a researcher conducts a study he/she chooses a target population and from this population he takes a small sample to conduct the research. This sample is representative of the whole population so the findings should also be. If research findings can be applied to any sample from the population, the results of the research are said to be generalizable. 6. Empirical nature of research means that the research has been conducted following rigorous scientific methods and procedures. Each step in the research has been tested for accuracy and is based on real life experiences. Quantitative research is easier to prove scientifically than qualitative research. In qualitative research biases and prejudice are easy to occur. 43
7. Systematic approach is the only approach for research. No research can be conducted haphazardly. Each step must follow other. There are set of procedures that have been tested over a period of time and are thus suitable to use in research. Each research therefore should follow a procedure. 8. Controlled-in real life experience there is many factors that affect an outcome. A single event is often resulting of several factors. When similar event is tested in research, due to the broader nature of factors that affect that event, some factors are taken as controlled factors while others are tested for possible effect. The controlled factors or variables should have to be controlled rigorously. In pure sciences it is very easy to control such elements because experiments are conducted in laboratory but in social sciences it becomes difficult to control these factors because of the nature of research. 3.8 Research Process: Research Process is a step by step systematic sequence which teaches us how to implement any type of research (dissertation).There are some research process steps given below, I used in my research. There are nine steps of research process: 1. Start with a discipline of the paradigm. 2. Find the area of investigation. 3. Identify approach. 4. Literature Review. 5. Determine Data Type. 6. Data Collection. 7. Analysis of Data. 8. Write up Findings and Conclusion. 9. Result All these steps are described below with a clean diagram. The diagram which is given below consist all the steps of research process with their full expansion. By the expansion I want to describe all the steps in brief but interactive. According to diagram all steps consist its own sub-steps which help us to understand each process step easily and we can easily categorize our information according to steps. 44
Positivist
Step 1. Start with the broad notion of the discipline and of the paradigm you see as sutting the research
Constructivist Pragmatic Transformative
Step 2. Determine area of investigation For Example: Historical, Descriptive, Feminist, Devlopmental, Case Study ,
Step 3. Identify approach Step 4. Literature Review
Research Problem
Define
Step 5.
Research Question Issue
Refined in light of Literature
Mixture of Both
Qualitative
Quantitative Or
Determine Data Types Survey
Document analysis
Interviews
Step 6.
Observation
Choose data collection method
Step 7.
Include
Identify where when data will come from
Step 8.
and
Focus
Experiments
Tests
Developing Timeline
Identify Data Collection Tool
Refining data collection
Determine who will collect data
Obtain Ethics Approval Step 9.
Determined Type
Trialing data collection
and
Where the data are come from
Data Collection Storage & mgmt Step 10. Analyze the data
Thematic Analysis
Step 11. Write findings & conclusions
Return
Fig 3.5 Steps of research process 45
Organizing & Sorting
Statistics
Coding & Displaying
CHAPTER 4 IMPLEMENTATION 4.1 Introduction: Now as we complete all the phases of data collection and research study of previous research about our topic, the next phase of our research is “Implementation”. For this phase first I collect all the information about the technology that I am going to be used. For this here I again study about my two main algorithms DES and AES. 4.2 Difference between DES and AES: The very basic difference between DES (Data Encryption Standard) and AES (Advanced Encryption Standard) cryptography algorithm is that AES is more securing then DES. S.
Factors
AES
DES
1.
Developed
2000
1977
2.
Key Size
128 , 192 , 256 bits
56 bits
3.
Block Size
128 bits
64 bits
4.
Ciphering and
Same
Same
No.
Deciphering key 5.
Algorithm
Symmetric
Symmetric
6.
Encryption
Faster
Moderate
7.
Decryption
Faster
Moderate
8.
Power Consumption
Low
Low
9.
Security
Excellent Secure
Not Secure Enough
10.
Deposit of Keys
Needed
Needed
11.
Inherent
Brute Force Attack
Brute Force, Linear, differential
Vulnerabilities
cryptanalysis attack 12.
Key Used
Same key for encryption
Same key for
and decryption
encryption and decryption
13.
Rounds
10/12/14 46
16
14.
Simulation Speed
Faster
Faster
15.
Trojan Horse
Not Proved
No
16.
Hardware and
Faster
Better in hardware than Software
Software Implementation 17.
Ciphering and Deciphering
Different
Different
Algorithm Table 4.1: Comparison table of AES and DES After all these differences now we compare these two algorithms on the bases of ―Cryptography Simulator‖. Here I use AES online encryptor for encrypt and decrypt the file. File size is given in ―Kb‖ . In this online encrytor I use two types of Block Cipher’s: (i)
ECB (Electronic Code Book)
(ii)
CBC (Cipher Block Chaining)
Before explaining online encryptor and its working, I would like to give brief introduction about ECB and CBC.
4.3 ECB (Electronic Code Book): Given a plaintext message m = m1,..., mn, the cipher text is obtained by ‖encrypting‖ each block separately, i.e., c = {Fk (m1),...,Fk (ml)}. M1
M2
M3
Fk
Fk
Fk
C1
C2
C3
Fig 4.1 : Block Diagram of Electronic Code Book
ECB is deterministic and therefore cannot be CPA-secure.
Worse, ECB-mode encryption does not even have indistinguishable encryptions in the presence of eavesdroppers. 47
Plain Text
Key
Plain Text
Block Cipher Encryption
Key
Cipher Text
Block Cipher Encryption
Cipher Text
Fig 4.2: ECB Mode Encryption
Key
Cipher Text
Cipher Text
Block Cipher Decryption
Block Cipher Decryption
Key
Plain Text
Plain Text Fig 4.3: ECB Mode Decryption
4.3.1 Advantages of ECB mode: (i)
En-/ Decryption of each block could be parallelized. 48
4.3.2 Disadvantages of ECB mode: (i)
Two blocks with identical Plain Text produces identical Cipher Text.
(ii)
Bit error in one block affect the whole block.
(iii)
Plain Text patterns are still visible after encryption.
4.3.3 Summary: (i)
Most naïve mode of operation.
(ii)
En-/ decryption of a block does not depend on the successor or predecessor.
(iii)
Not suitable for encryption of messages bigger than one block.
4.4 CBC Mode(Cipher Block Chaining): We choose a random initial vector (IV) of length n. The cipher text is obtained by applying the pseudorandom permutation to the XOR of the current plaintext block and the previous cipher text block. That is, we set c0 = IV and then, for i = 1 to, setci = Fk(ci−1 ⊕mi).
M1
M2
M3
IV
I
IV
Fk
Fk
Fk
C1
C2
C3
Fig 4.4: Block diagram of Cipher Block Chaining
Encryption in CBC is probabilistic and it has been proven that if F is a pseudorandom permutation then CBC-mode encryption is CPA-secure.
All is not rosie in cipherland however: Encryption must be carried out sequentially. If parallel processing is available CBC may not be the most efficient choice. 49
Plain Text
Plain Text
Initialization Vector (IV)
Block Cipher Encryption
Key
Block Cipher Encryption
Key
Cipher Text
Cipher Text
Fig 4.5: Cipher Block Chaining Mode Encryption Cipher Text
Cipher Text Initialization Vector (IV)
Key
Block Cipher Decryption
Key
Plain Text
Block Cipher Decryption
Plain Text
Fig 4.6: Cipher Block Chaining Mode Decryption 50
4.4.1 Advantages of CBC mode: (i)
Decryption could be parallelized.
(ii)
Different initialization vectors.
(iii)
Different cipher text.
(iv)
Plain text patterns are blurred.
4.4.2 Disadvantages of CBC mode: (i)
Encryption has to be done sequential.
(ii)
Bit error in one block effects two blocks.
4.4.3 Summary: (i)
CBC-Mode was invented to eliminate the disadvantages of the ECB-Mode .
(ii)
Equal messages produce different cipher text by using different initialization vectors.
(iii)
Encryption of a plaintext block depends on this block and its predecessor.
4.5 Attacks in network security: Why we need ―Cryptography‖? The answer is because of regular increment in network attacks. We usually done transaction of data or document or money whatever we want the probability of attacks is very high that time. So to prevent from some kinds of attacks we need cryptography or we can say we developed cryptography to prevent our network transaction. Here I am going to be give some brief introduction of network security attacks. 4.5.1
SECURITY ATTACKS :
There are four general categories of attack which are listed below. 4.5.1.1
Interruption:
An asset of the system is destroyed or becomes unavailable or unusable. This is an attack on availability e.g., destruction of piece of hardware, cutting of a communication line or disabling of file management system. 4.5.1.2 Interception: An unauthorized party gains access to an asset. This is an attack on confidentiality. Unauthorized party could be a person, a program
or
a computer e.g., wiretapping to capture data in the network, illicit
copying of files. 51
Sender
Receiver
Eavesdropper or forger Fig 4.7: Basic diagram to show Interception attack
4.5.1.3 Modification: An unauthorized party not only gains access to but tampers with an asset. This is an attack on integrity. e.g., changing values in data file, altering a program, modifying the contents of messages being transmitted in a network. Sender
Receiver
Eavesdropper or forger Fig 4.8: Basic diagram to show Modification attack 4.5.1.4
Fabrication:
An unauthorized party inserts counterfeit objects into the system. This is an attack on authenticity. E.g. insertion of spurious message in a network or addition of records to a file.
Sender
Receiver
Eavesdropper or forger
Fig 4.9: Basic diagram to show Fabrication attack 52
4.5.2 Cryptographic Attacks 4.5.2.1 Passive Attacks: Passive attacks are in the nature of eavesdropping on, or monitoring of, transmissions. The goal of the opponent is to obtain information that is being transmitted. Passive attacks are of two types: Release of message contents: A telephone conversation, an e-mail message and a transferred file may contain sensitive or confidential information. We would like to prevent the opponent from learning the contents of these transmissions. Traffic analysis: If we had encryption protection in place, an opponent might still be able to observe the pattern of the message. The opponent could determine the location and identity of communication hosts and could observe the frequency and length of messages being exchanged. This information might be useful in guessing the nature of communication that was taking place. Passive attacks are very difficult to detect because they do not involve any alteration of data. However, it is feasible to prevent the success of these attacks. 4.5.2.2 Active attacks: These attacks involve some modification of the data stream or the creation of a false stream. These attacks can be classified in to four categories: (i)
Masquerade – One entity pretends to be a different entity.
(ii)
Replay – involves passive capture of a data unit and its subsequent transmission to produce an unauthorized effect.
(iii)
Modification of messages – Some portion of message is altered or the messages are delayed or recorded, to produce an unauthorized effect.
(iv)
Denial of service – Prevents or inhibits the normal use or management of communication facilities. Another form of service denial is the disruption of an entire network, either by disabling the network or overloading it with messages so as to degrade performance. It is quite difficult to prevent active attacks absolutely, because to do so would require physical protection of all communication facilities and paths at all times. Instead, the goal is to detect them and to recover from any disruption or delays caused by them.
4.6 Implementation of DES and AES encryption with online encryption tool: 4.6.1 Introduction of online encryption tool:
53
The online encryption tool is basically provide us to encrypt or decrypt our file or text online. It is such a very efficient tool. Online encryption tool consist all the features which we need for encryption or decryption like: Input type: This option asks that what you want to encrypt or decrypt: a file or text. Browse option: To take whatever file we want to encrypt or decrypt. Algorithm selection: By which algorithm we want to do encryption or decryption. Example: AES, DES , 3DES etc. Mode selection: It consist all the types of block cipher like: ECB, CBC, OFB etc. Key selection: This tool provides facility to use user define key. Encryption button: By click on this button we can encrypt our file or text. Decryption button: By click on this button we can decrypt our file or text.
Fig 4.10: Snap shot of online Encryption Tool
4.7 Comparison of AES and DES by using online encryption tool: 4.7.1: Comparison Table according to encryption tool: 4.7.1.1 Table according to ECB mode: S. No.
File Size (kb)
DES Computation Time
AES Computation
(in sec)
Time (in sec)
1.
4.44
3.29
4.06
2.
13.6
3.90
4.57
3.
23.6
4.09
5.58
54
4.
39.5
5.16
6.52
5.
40.8
5.82
6.00
6.
46.9
5.48
6.20
7.
49.7
4.91
5.65
8.
51.9
6.05
6.85
9.
90.6
5.00
5.68
10.
93.6
6.27
7.86
Table 4.2: Comparison between AES and DES in ECB block cipher mode 4.7.1.2 Table according to CBC mode: S.
File Size (kb)
DES Computation Time
AES Computation
(in sec)
Time
No.
(in sec) 1.
4.44
2.31
3.17
2.
13.6
3.70
4.00
3.
23.6
3.23
4.82
4.
39.5
4.84
5.13
5.
40.8
5.04
5.59
6.
46.9
4.42
5.50
7.
49.7
3.63
4.82
8.
51.9
4.55
5.25
9.
90.6
6.11
6.71
10.
93.6
5.06
5.59
Table 4.3: Comparison between AES and DES in CBC block cipher mode
For both AES and DES I took same file size to compare their computation time of encryption in both of modes ECB and CBC.
Here I took readings for 10 file size , size is already given in both the table.
The computation time for both algorithm is different so I major computation time for both algorithms in sec.
55
By the computation time I can compare both algorithm that which one is better and which algorithm is more precise then other.
Computation time helps me to prepare comparison graph between AES and DES algorithm.
The computation time is varies with the size of file.
Computation time is directly proportional to the file size. Maximum the file size maximum the computation time.
In both the mode ECB and CBC the computation time for both algorithms is different.
In ECB mode the encryption is done in the electronic code book. In which every block of the file is encrypted individually. At the last we get output which is combination of all the cipher text .
In CBC mode the encryption is done in cipher block chaining pattern. In which plain text is Ex-or with initialization vector (IV) and then going for encryption.
For the next block the output of previous block is Ex-or with current plain text, and going for encryption.
4.8 Comparison Graph of AES and DES : These graphs are made according to the above readings.
4.8.1 Comparison graph between AES and DES in ECB mode: 9 DES 8 AES
7 6 5 4 3 2 1 0 4.44
13.6
23.6
39.5
40.8
46.9
49.7
51.9
90.6
93.6
Graph 4.1: Comparison graph between AES and DES in ECB mode 56
4.8.2 Comparison graph between AEs and DES in CBC mode: 8 DES 7 AES 6
5
4
3
2
1
0 4.44
13.6
23.6
39.5
40.8
46.9
49.7
51.9
90.6
93.6
Graph 4.2: Comparison graph between AES and DES in CBC mode.
According to these two graph I can say that the computation time of DES is less then AES.
Both graph is made according to above table.
But the accuracy of AES is greater than DES.
AES is more secure then the DES.
DES is older algorithm then AES,
Developed in 1977 and AES was
Developed in 2000, but accuracy and efficiency of AES is more than DES.
So for the better security I suggest to use AES than DES.
AES taken more time than DES but our priority is always better security with best accuracy. 57
4.9 Screen Shots: 4.9.1 Screen Shots of DES in ECB mode: (i)
File 1:
(ii)
File 2:
58
(iii)
File 3:
(iv)
File 4:
59
(v)
File 5:
4.9.2 Screen Shots of AES in ECB mode: (i)
File 1:
60
(ii)
File 2:
(iii)
File 3:
61
(iv)
File 4:
(v)
File 5:
62
4.9.3 Screen Shots of DES in CBC mode: (i)
File 1:
(ii)
File 2:
63
(iii)
File 3:
(iv)
File 4:
64
(v)
File 5:
4.9.4 Screen Shots for AES in CBC mode: (i)
File 1:
65
(ii)
File 2:
(iii)
File 3:
66
(iv)
File 4:
(v)
File 5:
67
4.10
Chapter Summary: In this chapter first I describe the encryption tool which I use for AES and DES encryption and decryption.
After that to find the better algorithm between AES and DES I compare both the algorithm on the basis of different factors.
This chapter also consist the introduction of attacks of network security to understand the need of cryptography.
I draw a comparison table of AES and DES on the basis of ECB and CBC block cipher mode.
For this table I took ten files of same size (kb) and encrypt them in CBC and ECB mode and note the readings.
The process of reading I show with the screen shots that how I draw that table.
According to this table later I draw a comparison graph of AES and DES in both the block cipher CBC as well as ECB mode.
According to all these points and study I come to know that AES is far better than DES.
AES is slower than DES but accuracy of AEs is more than DES.
68
CHAPTER 5 CONCLUSION AND FUTURE WORK In This research work I have found that the security of our transaction network is most important when we do any transaction with web or online. In now day’s use of online transaction of data and E-commerce is growing fast. So for that we need best security channel. The best idea to secure our transaction channel is “Cryptography”. There is two types of cryptography algorithm: (i)
Symmetric Key Cryptography
(ii)
Asymmetric Key Cryptography
In this research I use Symmetric key cryptography. In this research I have done the complete comparison of two symmetric key cryptography algorithm: (i)
DES
(ii)
AES
For this research I have been follow several steps of research methodology. According to that methodology I have done my work because whenever we are going to do any research we have to follow some steps or strategy. So here I explain my points of research: (i)
Introduction: In this phase I first collect knowledge about my topic. That what I am going to do with this information. The very first step of any research is to decide the topic of research.
(ii)
Theory of previous research: In this phase I collect information from previous research papers and study them deeply to find out the basic point of research and what already done by their authors.
(iii)
Research Problem: In this phase I come to know that what is the problem of previous research or we can say what point was missed by them. Here I am trying to overcome that drawback. 69
(iv)
Qualitative and Quantitative approach of research: Steps of Qualitative approach: (i)
Select topic.
(ii)
Focus question.
(iii)
Design study.
(iv)
Collect data.
(v)
Analyze data.
(vi)
Interpret data.
(vii)
Inform others.
Steps of Quantitative approach:
(v)
(i)
Acknowledge social seit.
(ii)
Adopt perspective.
(iii)
Design study.
(iv)
Collect data.
(v)
Analyze data.
(vi)
Interpret data.
(vii)
Inform others.
Result: This phase provide the result of the research. Basically after implementation we come to know the result of our research. In this research I use online encryption tool for implementation of both the cryptography algorithm. By the tool I fine out the difference between AES and DES according to the computation time. Graphically I denote the result with comparison table and comparison graph.
(vi)
Conclusion: The last phase of research is always conclusion that what we found at last. 5.1 Conclusion points:
Conclusion of this research is first of all we always need security and the best technique to secure our data is “Cryptography”.
According to this research I found that AES (symmetric key cryptography algorithm) is best to secure our transaction network.
On the basis of all the readings and research theory I can say that the computation time of AES is more than DES but we want best security which only provided by AES. 70
Key size of AES is also greater than DES (256>56).
Block size is also greater than DES (128>64).
In AES for encryption and decryption we have 10,12,14 rounds and in DES we have 16 rounds.
The implementation of hardware and software is faster in AES.
For the excellent secure network we use AES algorithm rather than DES.
Encryption algorithm play an important role in communication security where encryption time, Memory usages output byte and battery power are the major issue of concern. The selected encryption AES and DES algorithms are used for performance evaluation. Based on the text and files used and the experimental result it was concluded
that DES algorithm
consumes least encryption time and AES algorithm has least memory usage while encryption time difference is very minor in case of AES algorithm and DES algorithm.
Basically by this research I try to say the online communication problems and their solution. Cryptography is the best solution to remove the online threat problems. The basic concept of cryptography is that the sender change the plain text into cipher text by a key through encryption and the receiver again change the cipher text into plain text using same or different key through decryption. By this technique we can save our confidential or non-confidential data from online attacks 5.2 Future Work: My future work will include experiments on image and audio data. In this work I will try to reduce the computation time and increase the accuracy and efficiency of security. In today’s generation the communication using web has no limits. In today’s world people will not stopped only at the point where only data or files will exchanged. They want more like encrypted images or videos etc. the block cipher modes will play a very important role in this type of encryption.
71
REFERENCES 1.
K.Brindha, Ritika Sharma, Sapanna Saini “Use of Symmetric Algorithm for Image Encryption‖ 2014
2. Vishwa gupta, Gajendra Singh and Ravindra Gupta
―Advance cryptography
algorithm for improving data security ― 2014 3. Narender Tyagi and Anita Ganpati ―Comparative Analysis of Symmetric Key Encryption Algorithms‖ 2014 4. Ritu Tripathi and Sanjay Agrawal ―Comparative Study of Symmetric and Asymmetric Cryptography Techniques‖. 2014 5. Chinmoy Ghosh and SatyendraNath Mandal ― A Combined Method for Image Encryption‖ 2014 6. T.Gunasundari and Dr. K.Elangovan ―A Comparative Survey on Symmetric Key Encryption Algorithms‖ 2014 7. Dr. Jitendra Sheetlani and Harsh Gupta ―Comparative Study of a New Variable Length Key Block Cipher Technique with DES for Network Security ‖. 2014 8. Sheetal Charbathia and Sandeep Sharma ― A Comparative Study of Rivest Cipher Algorithms‖. 2014 9. Ms. Ankita Umale,, Ms. Priyanka Fulare ―Comparative Study of Symmetric Encryption techniques for Mobile Data Caching in WMN 1‖. 2014 10. Ali Makhmali, Hajar Mat Jani “Comparative Study On Encryption Algorithms And Proposing A Data Management Structure‖. 2013 11. Swati Paliwal , Ravindra Gupta
―A Review of Some Popular Encryption
Techniques‖. 2013 12. Ms.Pallavi H.Dixit, Dr.Uttam L. Bombale and Mr. Vinayak B. ―Comparative Implementation of Cryptographic Algorithms on ARM Platform ‖. 2013 13. Mansoor Ebrahim , Shujaat Khan and Umer Bin Khalid ―Symmetric Algorithm Survey: A Comparative Analysis ‖. 2013 14. Veerpal Kaur, Aman Singh
―Review of Various Algorithms Used in Hybrid
Cryptography ‖. 2013 15. Rajinder
Kaur
,
Er.
Kanwalpreet
Singh
“Comparative
Analysis
and
Implementation of Image Encryption Algorithms ‖. 2013 16. Apoorva, Yogesh Kumar ―Comparative Study of Different Symmetric Key Cryptography Algorithms‖. 2013 72
17. S. Govinda Rao ,D. Siva Prasad and M. Eswara Rao ― Universal Session Based Symmetric Cryptographic Technique to Strength the Security‖. 2013 18. Er. Satish Kumar, Amritsar Mr. Amit Puri ―Comparative analysis of various cryptographic algorithm‖. 2012 19. Alese, B. K., Philemon E. D., Falaki, ―Comparative Analysis of Public-Key Encryption Schemes ‖. 2012 20. Ali Ahmad Milad, Hjh Zaiton Muda, Zul Azri Bin Muhamad Noh and Mustafa Almahdi Algaet ― Comparative Study of Performance in Cryptography Algorithms‖. 2012 21. G. Ramesh and Dr. R. Umarani ― Performance Analysis of Most Common Symmetrical Encryption Algorithms ―.2012 22. Daniel Wichs ―Barriers in Cryptography with Weak, Correlated and Leaky Sources‖. 2012 23. Johannes Blömer ,Peter Günther and Gennadij Liske ― Improved Side Channel Attacks on Pairing Based Cryptography‖. 2012 24. Feng Bao Pierangela Samarati Jianying Zhou ―Applied Cryptography and Network Security‖. 2012 25. Pranay Meshram,
Pratibha Bhaisare and S.J.Karale ―Comparative Study of
Selective Encryption Algorithm For Wireless Adhoc Network‖. 2012 26. Shraddha Soni, Himani Agrawal, Dr. (Mrs.) Monisha Sharma ― Analysis and Comparison between AES and DES Cryptographic Algorithm‖. 2012 27. Shashi Mehrotra Seth, Rajan Mishra ― Comparative Analysis Of Encryption Algorithms For Data Communication‖. 2011 28. Diaa Salama, Hatem Abdual Kader and Mohiy Hadhoud ―Studying the Effects of Most Common Encryption Algorithms‖ 2011. 29. Nidhi Singhal and
J.P.S.Raina
―Comparative Analysis of AES and RC4
Algorithms for Better Utilization‖. 30. Simar Preet Singh, and Raman Maini ― Comparison of data encryption algorithm‖. 2011 31. Hamdan.O.Alanazi, B.B.Zaidan, A.A.Zaidan, Hamid A.Jalab, M.Shabbir and Y. Al-Nabhani ―New Comparative Study Between DES, 3DES and AES within Nine Factors‖. 2010 32. Kimmo J¨arvinen ―Studies on efficient implementation of cryptographic‖. 2008
73
