LIBRARY OF COMPUTER SECURITY RELATED ALGORITHMS

Submitted By AISHVARIYA.R ESTHER NAGOMI. J HARITHA.P

INTRODUCTION

The project titled library of computer security related algorithms is mainly designed for providing security during transmission of data across the network. Encryption provides message confidentiality by transforming readable data (plain text) into an unreadable format (cipher text) that can be understood only by the intended receiver after a process called decryption.

ABSTRACT
The goal of cryptography is to make it possible for two communication entities to exchange a message in such a way that no third party can understands the message. In general, three types of cryptographic schemes are in practice to achieve the Cryptography goals: Symmetric Encryption This is the most common and straightforward type of encryption. Both the creator and the recipient of a message share a secret key that they use to encipher and decipher the message. Asymmetric Encryption With a symmetric cipher, both parties share a common key. Asymmetric encryption, on the other hand, requires two separate keys that are mathematically related. One of the keys is shared by both parties, and can be made public One-Way Hashing As the name implies, a one-way hash is non-reversible. Hashes are generally used for information validation.

OBJECTIVES

The main objective of this project is to develop a software solution to provide security under an Operating System like Windows which has very low level of security. Security is concerned with which makes sure that people cannot read or worse yet, secretly modify messages intended for other recipients. In this application, we are making it secured by implementing Symmetric Encryption Algorithms which makes unauthorized decryption to very complex and nearly impossible. Moreover, the key is also needed to be decrypted thus it makes it more robust to break the key which is of large in size. The advantages of Secure Data Transmission through Network are:

High level Security Cost effective transfer

EXISISTING SYSTEM

In the traditional architecture there existed only the server and the client. In most cases the server was only a data base server that can only offer data. Therefore majority of the business logic had to be placed on the clients system. This makes maintenance expensive. This also means that every client has to be trained as to how to use the application and even the security in the communication is also the factor to be considered. Since the actual processing of the data takes place on the remote client the data has to be transported over the network, which requires a secured format of the transfer method. Present day transactions are considered to be "un-trusted" in terms of security, i.e. they are relatively easy to be hacked. And also we have to consider the transfer the large amount of data through the network will give errors while transferring.

PROPOSED SYSTEM

The transactions should take place in a secured format between various clients in the network. It should also identify the user and provide the communication according to the prescribed level of security with transfer of the file requested and run the required process at the server if necessary. If certain estimated cost for the project is accepted then we say the system is economically feasible. The system will be developed and operated in the existing hardware and software infrastructure. The system developed and installed will be good benefit to the organization hence the proposed system is economically feasible. So there is no need of additional hardware and software for the system. Accuracy, ease with which the data can be handled, reliability, and security are the primary concerns and ensured as far as possible.

SYSTEM DESCRIPTION

Cryptography One of the classic techniques used for ensuring privacy of files and communication is Cryptography. The objective is achieved by encoding data so that it can only be decoded by specific individuals.

Overview of Cryptology

Symmetric Encryption This is the most common and straightforward type of encryption. Both the creator and the recipient of a message share a secret key that they use to encipher and decipher the message.

There are two types of ciphers: Block ciphers. Stream ciphers.

Block ciphers (DES, Triple-DES and AES) split the plaintext in blocks of size B and then encrypt plaintext one block at a time. For each block the size of the resulting cipher text block is equal to the size of the initial plaintext block. For DES and Triple-DES the block size is 64 bits (8 bytes). For AES the block size is 128 bits (16 bytes). If the length of the plaintext is not a multiple of the block size B, then additional bytes need to be added to the plaintext to make its length a multiple of B. This process is called padding. Stream ciphers (RC4) do not split the plaintext string in blocks. Instead, they read the plaintext one byte at a time, and each time output one byte of cipher text. DES and Triple-DES. DES (Data Encryption Standard) is a block cipher and has block size of 64 bits and key size of 56 bits. DES standard requires 64 bits to write DES key in the standard format. The first 56 bits is the actual key. The last 8 bits represent an Error Detection Code (EDC) or, in other words, a checksum, which is a simple function of the first 56 bits. If one byte of the key is corrupted, the checksum will not match, which can be used to detect key corruption.

Triple-DES refers to encrypting the same 64-bit block using DES three times in sequence, using three different DES keys K1, K2 and K3. Decryption is then performed in the opposite sequence, first decrypting with K3, then decrypting with K2, and then decrypting with K1. Since one has to know three keys to decrypt, the effective strength of Triple-DES is 56*3 = 168 bits. AES/ Rijndael In cryptography the Advanced Encryption Standard (AES) is a symmetric-key encryption standard adopted by the U.S. government. The standard comprises three block ciphers, AES128, AES-192 and AES-256, adopted from a larger collection originally published as Rijndael. Each of these ciphers has a 128-bit block size, with key sizes of 128, 192 and 256 bits, respectively. The AES ciphers have been analyzed extensively and are now used worldwide, as was the case with its predecessor, the Data Encryption Standard (DES). AES is the first publicly accessible and open cipher approved by the NSA for top secret information

RC2 In cryptography, RC2 is a block cipher designed by Ron Rivest in 1987. "RC" stands for "Ron's Code" or "Rivest Cipher"; other ciphers designed by Rivest include RC4, RC5 and RC6. RC2 is a 64-bit block cipher with a variable size key. Its 18 rounds are arranged as a source-heavy Feistel network with 16 rounds of one type (MIXING) punctuated by two rounds of another type (MASHING). A MIXING round consists of four applications of the MIX transformation. Asymmetric Encryption With a symmetric cipher, both parties share a common key. Asymmetric encryption, on the other hand, requires two separate keys that are mathematically related. One of the keys is shared by both parties, and can be made public. The other key is kept secret by one of the two parties, and is therefore called a private key. The combination of public and private key is described, amazingly enough, as a key pair. Sometimes, even encryption terminology makes sense.

Therefore, it is always preferable to have the creator of a message encipher it using the recipients public key, and have the recipient decipher using her private key. The two main asymmetric algorithms supported by .NET are RSA and DSA, of which RSA is by far the most commonly used.

The advantage of asymmetric encryption is that it does not require both parties to share a key. The disadvantage is that it incurs a significant performance overhead, and is therefore recommended for use only with short messages.

RSA encryption algorithm Rivest-Shamir-Adleman is the most commonly used public key encryption algorithm. It can be used both for encryption and for digital signatures. The security of RSA is generally considered equivalent to factoring, although this has not been proved. RSA computation occurs with integers modulo n = p * q, for two large secret primes p, q. To encrypt a message m, it is exponentiated with a small public exponent e. For decryption, the recipient of the ciphertext c = me (mod n) computes the multiplicative reverse d = e-1 (mod (p-1)*(q-1)) (we require that e is selected suitably for it to exist) and obtains cd = m e * d = m (mod n).

DSA The Digital Signature Standard, created by the NIST, specifies DSA as the algorithm for digital signatures and SHA-1 for hashing. DSA is for signatures only and is not an encryption algorithm, although Schneier describes encryption mechanisms (ElGamel encryption and RSA encryption) based on DSA. DSA is a public key algorithm; the secret key operates on the message hash generated by SHA-1; to verify a signature, one recomputed the hash of the message, uses the public key to decrypt the signature and then compare the results. The key size is variable from 512 to 1024 bits which is adequate for current computing capabilities as long as you use more than 768 bits.

One-Way Hashing As the name implies, a one-way hash is non-reversible. Hashes are generally used for information validation. For instance, imagine that we have a database populated with user passwords. We may not want to store them in plain text, but we still need a way of authenticating a user who enters her credentials into a login form. So, we store the password in hashed format. When the user enters her password in plain text, we can hash it and compare the value to the hashed password stored in a database.

There are two important types of message codes: checksum Secure hash. Checksum F (M) is a simple function of the message M which essentially has only one property: F (M) depends on all bytes of M. This means, that if any byte in M will change, the checksum will also likely change. Secure Hash F (M) is a message code, from which no information about the original message M can be deduced. SHA. SHA (Secure Hash Algorithm) is the only secure hash algorithm Approved by the US Government. The most widely used version of SHA is SHA-1, which is a 160-bit long message code. Other versions include SHA-256, which is 256-bit long, and SHA512, which is 512-bit long. SHA-1 is faster than Triple-DES or AES. On a typical PC one can get up 10Mbytes per second speed for calculating SHA-1 on long messages, e.g. calculating SHA-1 on a 100 MB message would take 10 seconds.

MD2 and MD5. MD2 (Message Digest 2) and MD5 (Message Digest 5) are secure hashes developed by Ron Rivest at MIT. They are not approved by the US government and have been broken, meaning, that methods were found to find collision pairs for these hashes. Since SHA-1 may be broken in the near future, US government is preparing to move from SHA-1 to SHA-256, which has a longer hash length of 256 bits as compared to 160 bits for SHA-1. Although MD5 has been broken, it is still used in a number of internet applications such as TLS, IPSec and SSH which will be discussed later.

Base64
Base64 is an encoding algorithm used to alter text and binary streams into printable and easy-to-process form to be consumed by various programs as well as transmitted over the network. Base64 encoding is generally achieved by splitting a stream or block of data into 6-bit fragments and interpreting each fragment as the position in the following series of characters. Therefore the

ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz0123456789+/ After the Base64 encoded block is obtained it is ready to be processed, or transmitted, for example for MIME content transfer encoding used in email transmission.

5.5 Random Number Generator: Random Number Generators (RNGs) used for cryptographic applications typically produce a sequence of zero and one bits that may be combined into sub-sequences or blocks of random numbers. There are two basic classes: deterministic and nondeterministic. A deterministic RNG consists of an algorithm that produces a sequence of bits from an initial value called a seed. A nondeterministic RNG produces output that is dependent on some unpredictable physical source that is outside human control. There are no FIPS Approved nondeterministic random number generators

CONCLUSION

The developed software is tested with sample data and outputs obtained in according to the requirements. The performance of the system is evaluated, and is found to be much more efficient than the existing system. It will meet the primary requirements of the concern. Even though we have tried our level best to make it a dream project, due to time constraints we could not add more facilities to it. So the project has to be improved by having modifications as and when the necessity arises in dual course.