Multi-party Supportive Symmetric Encryption

Document Sample
Multi-party Supportive Symmetric Encryption Powered By Docstoc
					                                                           (IJCSIS) International Journal of Computer Science and Information Security,
                                                           Vol. 9, No. 2, February 2011

        Multi-party Supportive Symmetric Encryption
V. Nandakumar                                                                Dr. E.R.Naganathan
Assistant Professor, Computer Centre, Alagappa University,                   Professor, Department of Computer Applications, Velammal
Karaikudi, Tamilnadu, INDIA, Email:                      College of Engineering, Chennai, Tamilnadu, INDIA,

                                                                             Dr. S.S. Dhenakaran
                                                                             Assistant Professor, Computer Centre, Alagappa University,
                                                                             Karaikudi, Tamilnadu, INDIA, Email: ssdarvind

Abstract—Business data is a valuable asset for many                           shared key never given to the parties, but be a part of the
Organizations. Organizations need security mechanisms that                    functionality.
provide confidentiality for outsourcing their data services.
Encrypting sensitive data is the normal approach in such a
situation. Applications typically use Symmetric keys for
                                                                                             II.    MULTIPLE ENCRYPTION
encryption, or Asymmetric keys for their transmissions. In case                   Multiple encryption is the process of encrypting an already
of Asymmetric encryptions they use the public keys of the signers             encrypted message one or more times, either using the same or
along with files sent. Since these identity strings are likely to be          a different algorithm. Multiple encryption algorithms allow
much shorter than generated public keys, the identity based key               users to pick their own logic and the benefit of this approach is
generation is an appealing option. A multi-signature scheme                   that if an algorithm turns out to be seriously broken, supporting
enables a group of signers to produce a compact, joint signature              multiple algorithms can make it easier for users to switch.
on a common document, and has many potential uses. Existing                   Multiple algorithms add more complexity to the application.
schemes with multi signers impose requirements that make them
impractical, such as requiring a dedicated, distributed key
generation protocol amongst potential users. These requirements                              III.   MULTI-SIGNATURE SCHEMES
limit the use of the schemes. Multi-Party or co-operative                         Multi-signature schemes [2] allows different signers with
authentication on information is a trusted source of security. In             public keys to collectively sign a message, yielding a multi-
this paper, we propose an encryption scheme where each                        signature. Multi-signature schemes greatly save on
authorized user’s information is used to encrypt and decrypt                  communication costs. In most applications these public keys
data. This paper, presents a multi-party yet supportive, secure
                                                                              will have to be transmitted along with the multi-signature. The
and identity-based scheme based on symmetric encryption,
Multi-party Supportive Symmetric Encryption (MSSE). This
                                                                              public keys of all cosigners are needed to verify the validity of
paper takes an effort to resolve the security issues and also report          such a multi-signature schemes. The inclusion of information
on the results of the implementation                                          that uniquely identifies the cosigners seems inevitable for
                                                                              verification For example, the signers’ user names or IP
   Keywords: Symmetric Encryption, Sub-key, Key Management,                   addresses could suffice for this purpose; this information may
Key generation, Multi-party                                                   even already be present in package headers:

                        I.   INTRODUCTION                                                    IV.    IDENTITY BASED SIGNATURES
    Information channels are generally vulnerable to                              In an identity-based signature scheme [3], the public key of
eavesdropping and attacks from outsiders. Strong cryptography                 a user is simply his identity, e.g. his name, email or IP address.
is needed to protect these channels. Traditional access controls              A trusted key distribution center provides each signer with the
that provided confidentiality were designed in-house and                      secret signing key corresponding to his identity. When all
depended on authorization policies. According to Forrester                    signers have their secret keys issued by the same key
Research, enterprise storage needs grow at 52 percent per year                distribution center, individual public keys become obsolete,
[1] and organizations chose to outsource their data storage to                removing the need for explicit certification and all associated
third parties. One of the biggest challenges raised by data                   costs. These features make the identity-based paradigm
storage outsourcing was security and trust. Cryptographic                     particularly appealing for use in conjunction with multi-
approach also provided data confidentiality. Encryption is a                  signatures, leading to the concept of identity-based multi-
method to securely share data over an insecure network or                     signature (IBMS) schemes. Application implementations of
storage site. Users who communicated needed to establish a                    IBMS schemes are rather limited. While pairings have turned
mutually held secret key k. In public key cryptography two                    out extremely useful in the design of cryptographic protocols,
parties communicated with a public and private key. The                       they were only recently brought to the attention of
functionality allowed the parties to establish a shared                       cryptographers [4], and hence did not yet enjoy the same
symmetric key and to encrypt and decrypt messages in an ideal                 exposure to cryptanalytic attacks by experts as other, older
way using this key. The key was meant to be a long-term                       problems from number theory such as discrete logarithms,

                                                                                                        ISSN 1947-5500
                                                          (IJCSIS) International Journal of Computer Science and Information Security,
                                                          Vol. 9, No. 2, February 2011

factoring and RSA. Our scheme is essentially a multi-party co-             and Multiple Linear Functions with          Variable of number of
operative Symmetric scheme with identity of the participating              rounds.
parties. The techniques are strengthened to provide security
against concurrent.                                                        Plain Text                                           Symmetric Key

                                                                                 B1,B2,B3…….                                      K1,K2,K3…….
                      V.    RELATED WORK
    Diffie and Hellman [5] have argued that the 56-bit key used
in the Federal Data Encryption Standard (DES) [6] is too small
and that current technology allows an exhaustive search of the
256 keys. Double encryption has been suggested to strengthen
the Federal Data Encryption Standard (DES). A recent proposal
suggests that using two 56-bit keys but enciphering 3 times                                      MSSE Key (K1B1,K2B2,………)
(encrypt with a first key, decrypt with a second key, then
encrypt with the first key again) increases security over simple
double encryption. At the 1978 National Computer Conference,
Tuchman [7] proposed a triple encryption method which uses
only two keys, K1 and K2. The plaintext is encrypted with K1,
decrypted with K2, then again encrypted with K 1. Schemes                           RAR            XOR              RAL             Complement
that encrypt data on the client-side, enable server-side searches
on encrypted data. [8] Introduced the first practical scheme for
searching on encrypted data. The scheme enables clients to
perform searches on encrypted text without disclosing any
information about the plaintext to untrusted servers. The
untrusted server cannot learn the plaintext from the encrypted                                    Cipher Text C1,C2…
search results. The basic idea is to generate a keyed hash for
the keywords and store this information inside the ciphertext.
The trusted server can search the keywords by recalculating
and matching the hash value. [9] proposed a scheme to execute
SQL queries over encrypted numeric data and is suitable for
exact matches and also range queries. Its strategy is to store the
encrypted numbers with some index information and to split                                         Fig. 2. MSSE Architecture
the query into a query on the encrypted data processed by the
untrusted server and a query on the returned result for post-
                                                                                             VII. KEY GENERATION
processing results on the client. [10] presented a scheme for
searches on encrypted data using a public key system that                  The key will be generated with both the sender, receiver and
allows mail gateways to handle email based on whether certain              servers name included. Since the key comprises of various
keywords exist in the encrypted message. The application                   components and is a combination of server and client related
scenario is similar to [8], but the scheme uses identity-based             information, it makes it hard for the attacker to guess the key.
encryption instead of symmetric ciphers. Using asymmetric                  The step by step procedure is as follows:
keys allows multiple users to encrypt data using the public key,
but only the user who has the secret key can search and decrypt
the data. [11, 12] enable searches on encrypted data by                    A. A KEY GENERATION ALGORITHM
constructing secure indexes. All the schemes above rely on                 Sender and Receiver agree on two numbers “p” and “g” ,
secret keys however, which implies single user access or                   where p is a large prime number and g the base generator.
sharing keys among a group of users                                        Sender then chooses his secret odd number called “a”.
                                                                           Similarly the Receiver’s secret odd number is “b”. Sender and
  VI.   MULTI-PARTY SUPPORTIVE SYMMETRIC ENCRYPTION                        Receiver exchange their numbers. The senders email id is
                       (MSSE )                                             known to the receiver and the receiver knows the senders
The basic characteristic of MSSE is sharing of information                 email id. Sender knows p, g, a, b, receivers emailID and the
between users in the generation of the key. Each user has his              Receiver knows p, g, b, a, senders emailID.
own information designed as a part of the key. This section
                                                                           B FUNCTION MAIN KEY
introduces the basic construction of the multi-party supportive
                                                                           INPUT: p,g,a,b and Senders Email Id, Receivers Email ID
symmetric encryption scheme built upon symmetric
                                                                           OUTPUT: 512 bit Secret Key
encryptions. The notions of security are also discussed and
                                                                           The First part of the key k1 is the senders email id converted
proofs provided in later sections. MSSE Scheme has its own
                                                                           into its ASCII value in 192 bits or 49 bytes. The sender
unique features. The Key features being Variable key length,
                                                                           Computes the Key for Encryption as k2 = g b mod p. The
Key dependent rotation, Lengthy key schedule algorithm
                                                                           Third part of the key k3 is the receivers email id converted
                                                                           into its ASCII value in 192 bits or 49 bytes. The final and

                                                                                                     ISSN 1947-5500
                                                             (IJCSIS) International Journal of Computer Science and Information Security,
                                                             Vol. 9, No. 2, February 2011

  fourth part of the encryption key is computed as k4 = g mod a
                                                                            D MSSE ENCRYPTION ALGORITHM
  p. The Secret key is generated as Key K = k1||k2||k3||k4. as              Step 1: Generate 512 bit Secret key using Main_Key function
  demonstrated in Fig. 1.
                                                                            Step 2: split the Secret key into 2 bit Sub-keys with Divide-
Email Id of the      64 bit key        Email Id of the   64 bit key         key Function
Sender in 192       of Receiver        Receiver in 192   of Sender
bits (49 Bytes)                        bits (49 Bytes)                      Step 3 : counters ky=0,j=0,kcnt=keylength in bits /2
                                                                                     For i=0 to msglength do step 512
                  Fig. 1. The 512 bit Encryption key
                                                                                        j= j+1
  For example,                                                                         C[i] = M[i] SHL //SHL Once

  p=11 and g = 10 and a=5 and b=8 Then                                                 C[i] = M[i] SHL // SHL Second Time
  K2 = 105 mod 11 would be 10 and K4= 108 mod 11 would be                              C[i] = M[i] XOR kj // XOR of two bit sub key
                                                                            padded with zeros to get 8 bits is done
  If the email id of the sender , this                                       If j > kcnt then
  would be translated into the following sequence 118 110 107
  117 97 114 54 50 64 121 97 104 111 111 46 99 111 109                                            J=0
                                                                                                 End if
  If the email id of the receiver is , this
  would be translated into the following sequence 115 115 100                        Next i
  97 114 118 105 115 100 64 121 97 104 111 111 46 99 111                    Step 4 Display C
  The Key K = k1||k2||k3||k4                                                INPUT: M=(m1….m512) plain text and K =(k1….k256) 256 bit
                                                                            Secret key split as 2 bit key
  00001010 01110110 01111000 01110101 01110101
  01100001 01110110 00110110 00110010     01000000                          OUTPUT: C=512 byte cipher text
  01111001 01100001 01101000   01101111   01101111
  00101010 01100011    01101111 01101101 011110111                          E MSSE DECRYPTION ALGORITHM
  011110111 01100100 00110110 01110110 01110110                             Step 1: Generate 512 bit Secret key using Main_Key function
  01101001 01111000 01100100 01101000 01101111
                                                                            Step 2: split the Secret key into 2 bit Sub-keys with Divide-
  01101111 00101010 01100011    01101111  01101101
  00001010.                                                                 key Function
                                                                            Step 3 : counters ky=0,j=0,kcnt=keylength in bits /2
  Here a 432 bit key is generated. It will be split into 216 Two
  bit keys. It will have a minimum of 40 rounds of sub-keys for                      For i=0 to msglength do step 512
  one round of the Secret key. Approximately 256 x 216 i.e 50k
                                                                                        j= j+1
  bytes of Plain text will be converted to Cipher text with one
  round of the key.                                                                    C[i] = M[i] XOR kj // XOR of two bit sub key
                                                                            padded with zeros to get 8 bits is done
  This function is called Divide-key function because it creates                       C[i] = M[i] SHR //SHR Once
  Two bit keys from the secret key. The function knows the
                                                                                       C[i] = M[i] SHR // SHR Second Time
  length of the secret key in advance and then correspondingly
  splits the secret key into equal 2 bit sub-keys as explained in                                If j > kcnt then
  equation (1) :
  K(1,2,3,4….l)=K(1to-2, K3to48, ……Kl-2 to l),………(1)                                             End if
                                                                                     Next i
  where 1,2,4….l are the no of sub keys and l is the variable
  length of the key based on the senders and receivers email id’s           Step 4 Display M
  and agreed numbers p,g, a,b.
                                                                            INPUT: C=(c1….c512) cipher text and K =(k1….k256) 256 bit
                                                                            Secret key split as 2 bit key
                                                                            OUTPUT: M=512 byte plain text.

                                                                                                          ISSN 1947-5500
                                                          (IJCSIS) International Journal of Computer Science and Information Security,
                                                          Vol. 9, No. 2, February 2011

                                                                                        IX     CONCLUSION AND FUTURE SCOPE
               VIII     SECURITY ANALYSIS
An attacker (or a software agent) that gains privileged access                  In this paper, we presented a new data encryption scheme that
to the data storage or a untrustworthy employee, can intercept                  does not require a trusted data server. Unlike previous
the communications between clients and the server. The                          searchable data encryption schemes that require a shared key
attacker is restricted to passive attacks, i.e. attacks are based               for multi-user access, each user in our system has a unique set
upon observed data. In most cases the attacker is isolated from                 of keys. The data encrypted by one user can be correctly
the users and initialized by the client. The goal of the attacker               decrypted by all the authorized users in the system. Moreover
is to gather direct or indirect information about the stored data.              the keys can be easily revoked without any overhead, i.e.
The following points ensure the unpredictability of the results                 without having to re-encrypt the stored data.
for the attacker

    •    The algorithm involves Rotating the bits, XORs,                                                    REFERENCES
         Complements and Rotating Lefts, ensuring no test                  1.,141792851289,00.html.
                                                                           2.  H. Krawczyk, \LFSR-based Hashing and Authentication", Proceedings of
         blocks of cipher text are the same..                                  CRYPTO '94, Lecture Notes in Computer Science, vol. 839, Y. Desmedt,
    •    Due to keys change for each block, it is very hard to                 ed., Springer-Verlag, 1994, pp. 129-139
         perform the cryptanalysis on the keys.                            3.  Shamir. Identity-based cryptosystems and signature schemes. In G. R.
                                                                               Blakley and D. Chaum, editors, CRYPTO’84, volume 196 of LNCS, pages
    •    Due to 512-bit key and 2-bit Sub-Key, the cipher
                                                                               47–53. Springer Verlag, 1985.
         becomes more secure. Because, a total 2256 + 2n                   4.  Joux. A one round protocol for tripartite Diffie-Hellman. In Algorithmic
         number of permutations are possible where 256 >=                      Number Theory Symposium – ANTS IV, volume 1838 of LNCS, pages
         n>=2. So, brute force attack is much time taking,                     385–394. Springer-Verlag, 2000.
                                                                           5.  Dime, W., and Hellman, M. Exhaustive cryptanalysis of the NBS data
         nearly 1.079x1028 year for a personal computer
                                                                               encryption standard. Computer (June 1977), 74-84.
         which permutes thousands of 128-bit numbers in 1                  6.  National Bureau of Standards. Federal Information Processing Standards
         second for n=7. If we increase the value of n then the                Publication No. 46, Jan 1977. Syst. Tech. J. 28 (Oct. 1949), 656-715.
         number of years required for brute force attack will              7.  Tuchman, W.L. Talk presented at the Nat. Computer Conf., Anaheim, CA.,
                                                                               June 1978.
         increase. The lesser the size of n, the number of key
                                                                           8.  D. X. Song, D. Wagner, and A. Perrig. Practical techniques for searches on
         generation is more. Hence, in both the cases, we are                  encrypted data. In IEEE Symposium on Security and Privacy, pages 44–55,
         optimizing security.                                                  2000.
    •    Since the Sub-key changes for every block, secure                 9.  H. Hacig¨um¨us, B. R. Iyer, C. Li, and S. Mehrotra. Executing sql over
                                                                               encrypted data in the database-service-provider model. In M. J. Franklin, B.
         key exchange becomes unnecessary, reducing the                        Moon, and A. Ailamaki, editors, SIGMOD Conference, pages 216–227.
         network traffic.                                                      ACM, 2002.
    •    If an attacker is so lucky and he does the best guess,            10. D. Boneh, G. D. Crescenzo, R. Ostrovsky, and G. Persiano. Public key
         the probability for guessing the key will be (1/2128) or              encryption with keyword search. In C. Cachin and J. Camenisch, editors,
                                                                               EUROCRYPT, volume 3027 of Lecture Notes in Computer Science, pages
         2.938*10-39, for Number of bits it will be (1/ 27) or                 506–522. Springer, 2004.
         7.812x10-3 when n=7 and the joint probability for                 11. R. Curtmola, J. A. Garay, S. Kamara, and R. Ostrovsky. Searchable
         both will be (1/2128)*(1/ 27) or 2.295*10-41, achieving               symmetric encryption: improved definitions and efficient constructions. In
         message confidentiality.                                              A. Juels, R. N. Wright, and S. D. C. di Vimercati, editors, ACM
                                                                               Conference on Computer and Communications Security, pages 79–88.
                                                                               ACM, 2006.
                                                                           12. E.-J. Goh. Secure indexes. Cryptology ePrint Archive, Report 2003/216,

                                                                                                            ISSN 1947-5500

Shared By: