Improved RSA Encryption Algorithm for Increased

0 downloads 0 Views 170KB Size Report
A security algorithm became very necessary for producer-client transactions assurance and the financial applications safety (credit cards, etc.). The RSA1 ...
Improved RSA Encryption Algorithm for Increased Security of Wireless Networks Mircea Frunză1, Luminiţa Scripcariu1 "Gh. Asachi" Technical University of Iasi, Faculty of Electronics and Telecommunications, Romania E-mail: [email protected], [email protected] Abstract—The RSA algorithm proposed by Rivest, Shamir and Adleman as a public key cryptosystem is used in different communication networks in order to ensure data confidentiality [1]. Different weaknesses of this algorithm could be observed and many attacks against it are developed successfully. Improving this algorithm was performed in this paper in order to ensure a higher data security and an increased computing process speed [2]. We propose an optimized encryption method which may be associated with the RSA key generation mechanism. The proposed method is based on a detailed analysis of the algebraic finite fields (AFF). The improved algorithm can be implemented on new generation networks (second generation networks and so on) and applies to wireless networks with Bluetooth devices which need an increased security by enlargement of the utilization area. In the same time, we have used a maximum acceptable length encryption key and algorithm complexity, which increases the computing speed and security degree, but allows the processor to work properly.

I.

INTRODUCTION

Internet implementing in humans life imposes the safe communications necessity. Today, over 90 % of the ecommerce is developed on the Internet. A security algorithm became very necessary for producer-client transactions assurance and the financial applications safety (credit cards, etc.). The RSA1 algorithm applicability derives from algorithm properties like: confidentiality, safe authentication, data safety and integrity in wireless networks. Thus, this kind of networks can have a more easy utilization by practical accessing from short, medium, even long distance and from different public places (Internet Cafe, airports, banks, commercial centers, educational institutes, etc.) the immensity of resources offered by Internet. This RSA algorithm is well-known today and also very used, because of its very simple encryption and decryption strategy, which is similar with that used at symmetrical systems (the RSA algorithm uses computing modules analogous with symmetrical systems modules). The computational cryptography offers today more and more advantageous solutions for informational security and data traffic in computer networks. The wide area computer networks were developed today with open structures, very dynamic and with more and more complex architectures. Thus, the topological distribution and the more advanced architectures generate an area development and expansion, which determines an immense uncontrolled dimension of the network today, implying a variable uncontrolled number of users, which have 1

RSA algorithm = Rivest - Shamir - Adleman algorithm

direct access at network files. Following the same idea, the network strategy, the data bases and the routers are also to be developed and implemented safe. We can talk of great network vulnerability at the physics medium borders (between a physical cable network and a wireless network with Bluetooth devices) and generally the totally unprotected networks are extremely vulnerable at informational attacks. The RSA algorithm robustness is ensured by the complexity of large numbers factorization. Two prime numbers, p and q, are chosen and a public key component n is computed: n = p⋅q (1) These two prime numbers should have different lengths to make difficult the factorization of n. Their values should be different enough to avoid fast factorization of n. The encryption is made based on a public exponent e relative prime to the Euler indicator: Φ(n) = ( p − 1)(q − 1) (2) gcd[e, Φ(n)] = 1, 2 ≤ e < Φ(n) (3) The public key results as the couple (e, n). The RSA encryption algorithm has the following steps [2]: 1. Two great prime numbers p and q are selected. 2. The public key component n is computed. 3. The Euler indicator is deduced based on (2). 4. The second public key component e is chosen as a small integer relative prime to Euler indicator. 5. The message is converted into an integer M smaller than n. 6. The encrypted value results based on the decimal numeric value m of each fragment of the message, as it follows: (4) C = M e mod n The RSA decryption is made with the private exponent d which is the inverse element of e in the algebraic finite field (AFF) denoted by Fn. The RSA decryption algorithm works as it follows: 1. The private key d, also known as the inverse element of e modulo Φ(n), is computed: d ⋅ e mod Φ(n) = 1 (5) 2. The decrypted value is deduced as: (6) D = C d mod n II.

ALGEBRAIC FINITE FIELDS PROPERTIES

Some conditions could be imposed for the prime numbers selections based on some algebraic finite fields properties:

P1. If the prime number p reduced modulo-8 is equal to 1 or 7, then 2 is not a primitive element in Fp. P2. If the prime number p reduced modulo-8 is equal to 3 or 5, then 2 is a primitive element in Fp. P3. If the prime number p is a primitive element in the algebraic finite field Zq, with q a prime number, then the AFF Zpq-1 has a normalized base cyclic generated by p and a minimal polynomial which could be used to define the multiplication in this field: M ( x) = 1 + x + x 2 + ... + x q −1 (7) P4. If 2 is a primitive element in Z2q+1, then a normalized base exists in Z2q. P5. For a prime number p, any element of the finite field F2n is primitive. In many cases the public key component e could be the smallest prime number 2. In many other cases, 3 is chosen as the primitive element e. Based on property P5, any element of the field could be used as e and the field will be considered optimum. Anyway, these values (2 or 3) of the primitive element do not offer any valuable information regarding the algebraic field dimension for hackers or others attackers. III.

THEORETICAL SUPPORT OF THE IMPROVED ALGORITHM

A.

Encryption Algorithms - generalities The beginning of the modern cryptography can be placed in the '76 years when Whitfield Diffie and Martin Helleman from Stanford University, California have introduced for the first time an encryption way based on public keys and asymmetrical cryptosystems. This is a public encryption method and can be used by every user. Consequently, two different keys are used. The second key is used in the receiver, for transmitted message decryption. B. The Improved RSA Algorithm The electronic signature so often used today, is practically a cryptographic key, representing in fact a bits string which can be organized like a file, so the private key can be saved in a computer, on a portable disk, on any data store medium [3]. The encryption algorithms have became more and more complex and the mathematical operations which support these algorithms are very laborious, using like principle the very great integer numbers arithmetic and so the computational necessities are increased. The RSA algorithm developed by the three Americans from the Massachusetts Institute is a model which was readjusted in time and was improved, so that we in this paper are not trying to create a new algorithm, but to propose improvements and to advance new possibilities for this algorithm exploitation. The RSA algorithm is based on a much older model, discovered and introduced by Euclid and used since the antique times for determination of the greatest common divisor of two positive integers. After multiple improvements, we have succeeded today to make possible obtaining of good results with this RSA algorithm for encryption keys overlaying the limit sum which ensure the security of over 200 ciphers (indicated in

literature concerning the key length). We have obtained with this algorithm, working with prime numbers for p and q, values of 300 ciphers for each of them, respectively values for n of over 500 ciphers , where n = p ⋅ q (denoted like this). Using these values for p, q and n, we have the possibility to obtain an increase of the computational level, using the keys with length of over 1024 bits and even 2048 bits. The protocol used in such a kind of encrypted communication introduces also the condition to have the possibility to transmit more important information more safe and presenting an increased security degree. The transmitted information can be: identification data like the server crypto-system IP, the used compression method (ZIP, JAR, PKZIP, WINRAR, etc.) and also the writing, respectively reading method of the data store medium (string type, octet by octet or coded octet UTFP), the key length and the public key of the sender. One of the first problems which we have discovered at the RSA cryptographic system implementation was that the private key of the server, more precisely the n module must be greater than any other key of client application type. Thus, we have realized that it would be necessary to regularize a threshold value for the n module, something greater than 1099, so that it would be facile to obtain two pairs of public and private keys: one pair having the n module lower than 1099 and one pair having the n module greater than 1099. Encryption and decryption were done with exponential functions and the exponent represents the key, so that all this calculation was done in the modulo n rest classes ring. Practically, the RSA algorithm security depends on n factorization ability in p and q, where the prime p and q numbers are chosen to be as great as possible. The results obtained by us are at the computational power limit, which is the compromise for obtaining the security increase. Thus we had to increase the p and q values (and implicit the n module value) up to values which almost can not be physical factorized (hundred of decimal ciphers: 300, respectively 500 ciphers), the limitation being imposed by the real computational power of last computers generation. Attacks of the security systems are based on intervention in the vulnerable points of the great networks. The data store systems have more than one security sensible points and can be classified in two categories: • The stationary data (data-at-rest) - the data stored on servers, storing areas or NAS devices, bands libraries or other kinds of data store supports. • The traffic moving data (data-in-flight) - those which move through the storing network, by LAN and by WAN. Thus, the network vulnerability is given by the data store systems, by their position, but especially by the access permission modality for these mediums. Wireless networks which function today have hundreds, thousands, even millions of interconnections, so no more access control rules at the punctual interest areas can be applied, We can classify the security systems attacks in two categories:



The first category includes attacks of an intruder who tries to obtain unauthorized access at the system or tries to block other users' access at the storing network. • The second attacks category includes attacks for blocking the legitimate users or the other systems to exploit the network services. We are also interested in ensure information confidentiality for the intercepted data packets. This is the goal of cryptography and of the proposed improved RSA algorithm. IV.

RSA ALGORITHM WEEKNESSES

The RSA algorithm could be easily attacked in certain conditions depending on the prime numbers selection and the factorization speed. If p and q are closely enough the square root of n could be computed and only in a few steps the smallest number p or q is deduced: p = r −k q = r +k (8) n = r2 − k2

 

n ≅r The factorization of the public number n could be made starting with r, in the descending way. For k small enough the factorization is instantly made. From practical reasons the value of the public number e is usually 3, 5 or 7 in more than 95 % cases. Therefore the study of the algebraic finite fields (AFF) facilitates the secret number d knowledge. In many AFF only a few elements are primitive having the maximum order. This fact allows the fast decryption of many messages. Let us consider the following example: p = 7, q = 17, n = 119 Φ(n) = 96 e=5 d = 77 M = 18 C = 86 = 18 2 mod 119 18 3 mod 119 = 1 D = C 2 = 18 4 mod 119 = 18 = M The element 18 has the order 3 and the decryption is made in less than 3 trials. The weakness of the RSA algorithm depends on the transmitted message. In some cases the decryption is made erroneously by number truncation. If M is not a primitive element of the AFF and its order has a small value k, than the exponent e could be reduced modulo-k. For example, in Z128 some elements have small orders: M =7→k =6 M = 11 → k = 14 M = 13 → k = 21 M = 79 → k = 3

M = 101 → k = 42 A cryptanalyst could simply process the encrypted value by successive power rising of the transmitted number without knowing the decryption key. Based on this fact, we deduce that the RSA algorithm does not ensure the same security level for each message. The maximum computational capacity imposes the largest length of the key. Even if the RSA algorithm works with large encryption keys of 768, 1024 or 2048 bits, in many cases the decryption exponent is in fact equivalent to a very small value and it could be considered a week key.

V.

IMPROVED RSA ALGORITHM

In many cases the prime number generating process is limited by the memory size. An improved iterative algorithm for large prime numbers generating should be applied to exceed the computational limits. If the encryption algorithm is used on mobile terminal equipment with reduced computational skills and memory capacity, then the efficiency of the encryption algorithm is also reduced. The message is fragmented into blocks with an imposed length and the encryption algorithm is applied on each input block. To reduce the risk of deducing the decryption key based on the redundancy of the transmitted cipher, the encryption key should be automatically changed for each fragment of the message. We propose: A. To generate randomly the public key component e, less than half of the Euler indicator, to maintain the algorithm speed. B. To compute iteratively the encrypted message to avoid computational errors caused by large numbers: C e = M e mod n = (M ⋅ C e −1 ) mod n, e ≥ 2 (9) C. To often change the encryption key for each input block to increase the robustness of the algorithm. D. To use a predefined sets of strong encryptions keys. It will be necessary a large amount of memory to store them. The physical security of these data is critical. Maybe using secret cryptosystems is a better choice than the public keys. For example, p = 17, q = 29, n = 493 Φ(n) = 448 = 2 6 ⋅ 7 e1 = 3, e 2 = 5, e 3 = 11 ... e = 87, d = 103 M =2 C 1 = 2103 mod 493 = 0 D1 = 0 error C 2 = 298 D2 = 2 = M C 248 = 2 = M

E. To modify the encryption function as another way of improving the algorithm. VI.

OPTIMIZED ENCRYPTION METHOD

In order to ensure the same security level for each transmitted data block, we propose to use another encryption exponential function defined on an AFF: (10) c = e m mod n The decrypted value results as the discrete logarithm: (11) me = log e (c ) mod n For practical reasons, the discrete logarithm computation is hard to compute and even impossible. This fact increases the needed computational resources for cryptographic attacks. The public value e could be any primitive element of the AFF containing n integers. Obviously, for security reasons the AFF dimension must be very large, given by a prime number p or a power of a prime number pq-1. Let us choose p as the greatest factor p of the public key N: N=p*q (12) We may use a public key given by (b, N) and two private keys e and d. The cryptosystem results to be asymmetrical. Elsewhere only secret keys could be used, (b, p, e) for encryption and (b, p, d) for decryption. The integer value m associated to the transmitted fragment of the plaintext could be any value from Zn-1. For example, in Z17 we can choose 3 as a primitive element having the maximum order equal to 15. So the message fragment should be a 4-bit word. Using a normalized base of the field, defined with a primitive element b, any message will be uniquely associated to an element from this field:

m = bM

(13) If the message is associated with the exponential value M and the encryption is made based on M using relation (13), then the decryption could be made in an equivalent way using the private decryption exponent: (14) d = log e (b) The estimated message value will be: me = b M with M e = c d mod n (15) All the encryption and decryption keys are equally strong. e

VII. CONCLUSIONS The RSA algorithm is analyzed to eliminate its weaknesses. We have proposed some improvements for encryption key generation and algorithm implementation. Some numerical results are presented. A modified encryption function is proposed to be used on optimal algebraic finite fields. The key could be partially exchanged on a public communication channel based on the RSA principle. An asymmetrical secretkey cryptosystem also could use this method. A reduced dimension of the AFF could be chosen in order to use already known values of the discrete logarithm. REFERENCES [1]

[2] [3]

R. Rivest, A. Shamir, L. Adleman, “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems”, Communications of the ACM, vol. 21 (2), pp. 120-126, 1978. B. Schneier , Applied cryptography, second edition, NY: John Wiley & Sons, Inc., 1996. L. Scripcariu, M.D. Frunza, “A New Character Encryption Algorithm”, Proceedings of the Intern. Conference on Microelectronics and Computer Science, Chisinau, (Republica Moldova), ICMCS 2005, ISBN 9975-66040-1, pp. 83 – 86, Sept. 15-17, 2005.