Introduction Of Data Encryption Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Data encryption is a process which we use mathematical calculations and algorithmic schemes to transform or convert plaintext into cyphertext, a form that is non-readable to unauthorized parties.  Data Encryption can be accomplished in a wide variety of ways, and with varying degrees of success. Some of the best data encryption can be last for many years, while other types of decryption can be broken in minutes or even seconds by hackers who are skilled at such tasks. Each encryption algorithm creates specific strings of data that will use for encryption which the keys is consisting a longer strings of bits and binary numbers. The longer bits for the keys mean that the more combinations of binary numbers can be formed. Thus it will increase the difficulties for unauthorized users to break the codes. Then encryption algorithm will get the data by combining both the data bits and bits in the key. In symmetric encryption, same key will used for both encrypt and decrypt for the data but in asymmetric key encryption, 2 different keys will used which one is for encryption and another one for decryption purpose. (Encryptionanddecryption, 2010)

Nowadays human is more and more concern about the sensitive information either the one that stored in computer or transmitted through the Internet. Information security and safety are important and undeniable for all level of the users. The most common usage of encryption is on the email. When the users are sending the message that consists of sensitive information, documents and also files through the Internet as emails, all the emails are transmitted in an unsecured and unprotected form. So, the emails can be read by anyone include the ISP and other unauthorized users because the message can be open by any unauthorized users. Even when users is sending the emails through the SSL, although others can't read the emails when message transmitted between user and server but after the emails reaches the server, it can be seen by the email service provider. Thus server may sends user email to the other people in an unsecured method and the mails can be easily view by anyone. (Encryptionanddecryption, 2010)

Users may believe that the personal email doesn't consist of any private information but there is other user that has some information that keep secret from others. It could be the financial, sexual, political or professional secrets. Thus, the really only sure way that can keep the secret or protect the information is using the encryption. (Encryptionanddecryption, 2010)

Symmetric Encryption and Asymmetric Encryption

Symmetric Encryption

Symmetric Encryption can be defined as symmetric-key encryption, one-key encryption, single-key encryption and private key encryption. Symmetric Encryption is an encryption where a single secret key will used in both encryption and decryption process. This secret key can be a character, a number or a combination of letters. The usage of the secret key is to change the content for the information. By using symmetric encryption, both sender and receiver must know the secret key, so both can perform the encryption and decryption on the information. There are 2 types of symmetric algorithm inside the symmetric encryption which are Stream algorithms (Stream Ciphers) and Block algorithm (Block Ciphers). (Encryptionanddecryption, 2010)

Stream Ciphers only can encrypt the bits of data one at a time which also called as operate on one bit at a time or encrypt the data bit by bit. The advantages of using stream ciphers are it produce faster processes and also easier to implement compared with the block ciphers. However there is also some limitation for stream ciphers which when users consists of the same key stream, some types of attacks may lead the information to be revealed and security gap. (Encryptionanddecryption, 2010)

Block Ciphers is a method for encrypting data in blocks which information will be encrypts by breaking down into few blocks and the data encryption will be done in each block. A fixed sized blocks (64 bits) will normally been used by block cipher to encrypts the data or message. Triple DES and AES are among the popular encryption method that using Block Cipher. (Encryptionanddecryption, 2010)

Some examples of the symmetric encryption algorithms are AES, CAST5, Blowfish, DES, IDEA, RC2, RC4, RX6, Serpent, Triple DES and Twofish. (Encryptionanddecryption, 2010)

Asymmetric Encryption

Asymmetric Encryption uses different keys to perform data encryption and data decryption. Differ from symmetric encryption the decryption key is not easy to receive from encryption key. Type of the encryption key is not a private but is public so it is available for everyone using it to encrypt the message but the decryption key is private so only the receiver will able to decrypt the message. Nowadays users set up the key pairs within a network which each user will gain the public key and private key. Making of public key is to allow all users to sending the message, but the private key will only made available for the users that receive the message or data. (Encryptionanddecryption, 2010)

To implementing the asymmetric encryption, the recipient will create a couple of keys (private key and public key) which both key can be unlocked by using a same password. Public key allow all users to use it to encrypt the data and can freely distribute since it will only used for data encryption. Sender no needs to know the recipient's password or public key to encrypt the data. In the other side, recipient consist the private key which can be used to decrypting the message that sent by sender. Private Key cannot and should not be distributed since private key is the only key that can be used by recipient to decrypt or unscramble the data that received. (Encryptionanddecryption, 2010)

Below is a simple example to show how the asymmetric encryption works:

Anderson create public key M and private key M and Nani create public key X and private key X. Anderson and Nani will exchange their public keys. After that, Anderson will send an encrypted message to Nani by using Nani's public key X to encrypt the message. Nani will uses him private key X to decrypt the message that received. If Nani want to send an encrypted message to Anderson, he needs to use Anderson public key M to encrypt the message which Anderson can use his private key X to decrypted the data.

Some asymmetric algorithm will let the process to encrypt and decrypt in the opposite way of using the key which a message will be encrypted using the private key and public key will be using as the key to decrypt the message. If the user wants to decrypt the message with sender's public key, he/she must know who the sender for this message is because only the sender will know the private key. Example for this opposite way algorithm is the Digital Signature. (Encryptionanddecryption, 2010)

Some examples for the popular asymmetric encryption algorithms are RSA, DSA and PGP. (Encryptionanddecryption, 2010)

Chapter Summary

Data encryption is very important to prevent the data that send by the sender being stolen by the unauthorized user. Many data encryption methods can be applied by users with each of them consisting its own characteristic and specialty. Data encryption can be divided into symmetric and asymmetric type which symmetric encryption consist only 2 public keys for both sender and receiver while asymmetric encryption consist of 4 keys which receiver and sender will have different public keys and private keys. Besides that, stream cipher and block cipher also works differently from each other where stream cipher will performing faster than the block cipher.

Chapter 2 : Data Encryption Methods

2.1 Blowfish

Blowfish is a symmetric block cipher that designed to be used as a drop-in replacement for some encryption methods such as DES or IDEA. Blowfish is ideal for both domestic and exportable use because it provide 32-bits to 448-bits of variable-length key. Blowfish algorithm was created in 1993 by Bruce Schneier as a rapid and free alternative to replace for the aging DES. Besides that Schneier also intended to create one algorithm that free of the problems and constraints associated with other algorithms. Schneier stated that "Blowfish is unpatented, and will remain so in all countries. The algorithm is hereby placed in the public domain, and can be freely used by anyone." Since from then the Blowfish has been much of analyzed, and it is slowly become a strong encryption algorithm that accepted by many people. Besides that, Blowfish is unpatented and license-free, so it is available free for all uses. (Pachghare, 2009)

The characteristics for the Blowfish are shown below:

Consist of 64-bit block cipher

Key length is variable and can up to 448 bits

Encrypted data on 32-bit microprocessors at a speed of 18 clock cycles per byte, much more faster than DES and IDEA

Unpatented and royalty-free

Can run in less than 5k of memory

Simple structure and easy to implement

(Pachghare, 2009)

Many cryptographers have tried and examine the Blowfish algorithm and all of them are comes out with different comments and result. Below are some comments from the cryptographers:

Serge Vaudenay says that " There is a class of keys that can be detected--although not broken--in Blowfish variants of 14 rounds or less" (Bruce Schneier, 2010)

Vincent Rijmen's Ph.D.thesis mentioned that "Second-order differential attack on 4-round Blowfish that cannot be extended to more rounds." (Bruce Schneier, 2010)

2.1.1 Generating the Subkeys

The Blowfish requires a large amount of subkeys and these keys must be pre-defined before the encryption and decryption processing. The method for creating the subkeys is as follows:

Step 1 - Initialize the D-array and four S-boxes with all must be in the order with a fixed string which consists of the hexadecimal digits of di. For example:

D1 = 0 x 988sd9a9

D2 = 0 x 7673bh4g

D3 = 0 x 324j45ko

D4 = 0 x 39ds993j

Step 2 - Performing the XOR function for D1 with the first 32 bits of the key following by the D2, D3, D4 and so on (possibly up to D14). The cycle will continue looping until the entire D-array has performed the XOR function with key bits. At least one equivalent longer key will be generated for each short key. For example, if B is a 64-bit key, then BB, BBB and etc. will be consider as the equivalent keys.

Step 3 - Encrypt the all-zero string by using Blowfish algorithm. The process must be done by using the subkeys described in step 1 and step 2.

Step 4 - D1 and D2 will be replaced by using the output that generated in Step 3.

Step 5 - Encrypt the output from Step 3 using the Blowfish algorithm by using the modified subkeys.

Step 6 - D3 and D4 will be replaced by using the output that generated in Step 5.

Step 7 - After process of replacing all the entries for the D-array, the entries for another 4 s-Boxes also need to be replaced. All the process will be done by using the continuously changing Blowfish algorithm.

(Pachghare, 2009)

Total 521 iterations are needed to generate all the subkeys. Normally the application will store the subkeys rather than execute this extract process each times. So, Blowfish is not suitable for the applications that required the rapidly changing on the secret key and also not suitable for the applications that have limited memory. (Pachghare, 2009)

2.1.2 Blowfish Encryption

Blowfish apply F-function to the left side of the block and gain the XOR result to the right side of the block. In Figure 2.1, it shows that sixteen rounds is needed and each round will perform the XOR to the left half of the block with the subkey for that particular round. After that, F-function will be applied to XORed output of the left side of the block and the right side of the block will be XOR with the result. Finally, swap the both halves of the block. For each round of the process, only one subkey can be found which is the F-function will not having the subkeys but it will use S-boxes which are the key dependent. The right side block will contain subkey 17 and left side block will contain subkey 18 after the last round. (Pachghare, 2009)

Figure 2.1 Blowfish Encryption (Pachghare, 2009)

2.1.3 Blowfish Decryption

Decryption process for Blowfish can be easily extracted from the encryption. The same procedure will be followed same as adopted in the encryption. Figure 2.2 shows that the 64 bits ciphertext block will be divided into 2 halves which each of it consist of 32 bits. Subkeys are used in the reverse order as we used for encryption. In the first round, subkey D18 will be used and D1 will be used in the final round. Others functions and operations are just same with the encryption. (Pachghare, 2009)

Figure 2.2 Blowfish Decryption (Pachghare, 2009)

2.2 Triple DES

Triple DES is similar with the DES but it will apply the DES cipher algorithm 3 times to each data block. This method is created because the original DES cipher was becoming problematically shirt and the design of triple DES can provide a more simple method to increasing the key sizes of DES to protect the brute force attacks and the whole creation of this method will not wasting the time which no need to design a completely new block cipher algorithm. (Raymond, 1999)

2.2.1 Triple DES Encryption and Decryption

Each triple data encryption algorithm for encryption and decryption operation is a combination from the DES encryption and decryption operations. Let using an example to show the concept clearer. EK(I) and DK(I) will represent the DES encryption and decryption of I by using DES key K each. (Raymond, 1999)

Triple data encryption algorithm for the encryption process will transform block I(64 bit) into a block O(64bit). Below show that how it has been defined:

O = EK3(DK2(EK1(I)))

Triple data encryption algorithm for the decryption process will first transform block I(64 bit) into a block O(64 bit). Below show that how it has been defined:

O = DK1(EK2(DK3(I)))

There have a standard will lead the keying options for the bundle (K1, K2, K3). First keying option is K1, K2, K3 all work as independent keys. Second keying option is K1 and K2 work as independent key and K3 = K1. Another keying option is that K1 = K2 = K3. (Raymond, 1999)

Triple data encryption algorithm mode operation is backward. It is compatible with a single DES counterpart if the compatible keying options for the triple data encryption algorithm operation. DES mode of operation can be used to compute encrypted plaintext and can also decrypt by triple data encryption algorithm mode of operation. Besides that, an encrypted plaintext can also compute with a triple data encryption algorithm mode of operation and it also can be decrypt by using a single DES mode of operation. (Raymond, 1999)

The Figure 2.3 and Figure 2.4 show Triple Data Encryption Algorithm in encryption and Triple Data Encryption Algorithm in decryption. (Raymond, 1999)

Figure 2.3 Triple Data Encryption Algorithm in Encryption Figure 2.4 Triple Data Encryption Algorithm in Decryption

Chapter 3 : Advantages and Disadvantages of using Data Encryption

3.1 Advantages of Data Encryption


Data encryption permits the data to remain differently from the device security where it is stored. Security is included with the encryption which allows users to store and transfer data via network in the different format or through means that can compromise security. (Spamlaws, 2009) (Rodrigues, 2006)

No Data Breaches

Data encryption accommodates the potential difficulties that accompany data breaches which provide guarantee and highest protection of intellectual property and other parallelism data or information. (Spamlaws, 2009) (Rodrigues, 2006)

Encryption Is On the Data

Encryption is applied on the data that users want to transfer so the data is secure regardless of how it is transmitted. An exception to the rule can be transmission tools such as email sending process because some typical email account will not providing the advanced security for the email that we send out such as transferring the email just with the plaintext and not transfer it in more secure format. (Spamlaws, 2009) (Rodrigues, 2006)

Encryption Equals Confidentiality

Nowadays a lot of companies are required to follow the specific confidentiality rules and other strict associated regulations. So, encrypting the data means that the data that sanded out from the sender can only be read by the recipient who has the key to open and read the data. (Spamlaws, 2009) (Rodrigues, 2006)

3.2 Disadvantages of Data Encryption

Encryption Keys

Without a doubt, encrypting the data when transferring is a challenging task for all IT specialists. The more data encryption keys that created from the company the harder for the IT administrative tasks to maintaining all of the keys to make sure all of the data that have been encrypted consists of its own keys. If IT specialists lose the key to the encryption, company may lose the data which associated with the key. (Spamlaws, 2009) (Rodrigues, 2006)


To gain more security for the transferred data, users may need to use more complicated and powerful encryption methods. So it may quite costly because the systems that use to maintain the data encryption must have enough capacity and upgrades to perform those complicated tasks. Without a capable system, the reduction of systems operations can be significantly compromised. (Spamlaws, 2009) (Rodrigues, 2006)

Unrealistic Requirements

If an organization does not understand some of the limitations that enforced by data encryption technology, it is easy for the users to set an unrealistic and illogical standards and requirement which can compromise to the data encryption security. (Spamlaws, 2009) (Rodrigues, 2006)


Data encryption technology can be troublesome when users are combining the latest programs with existing programs and applications. The process can negatively impact routine operations within the system and compromise the data security as well. (Spamlaws, 2009) (Rodrigues, 2006)

Lost Password

The problem while using the encryption is difficulties in retrieving the lost password. To solve this problem, the only way is to search for a ways to crack the lost password. However, depending on the complexity of encryption, it may need to spend for many years before you can extract the data. In addition, some regions, including the United States, consider the very act of cracking a password illegal even though the data belongs to you. As an example security researcher Dmitry Sklyarov which work as a programmer for the Russian company Elcomsoft is arrested after FBI receive the order from Adobe Systems, which Sklyarov gave an academic presentation on password recovery. (Spamlaws, 2009) (Rodrigues, 2006)

Encryption Overhead

This issue can be applies to the wireless networking which the overhead or long CPU processing time that need to takes for encrypt and decrypt network data. This overhead can lead a serious impact on the functionality and productive of a network application. It also can have harmful results in time-critical situations. (Spamlaws, 2009) (Rodrigues, 2006)

Encryption with an overhead in the processing requirements of a networking system may lead to encryption delays on the transmission process and also unfavorable affect the network device processors ability to communicate with other critical or needed functions. (Spamlaws, 2009) (Rodrigues, 2006)

3.3 Chapter Summary

In the earlier explanation of this chapter show that data encryption will give users a lot of advantages such as it can provide a secure environment to the data and protect the privacy and confidentiality for both sender and receiver. But there also some issues or disadvantages for users if data encryption has been apply into the system. Some disadvantages that can occur such as encryption overhead, losing password, compatibility problem will causing problems to users. So, users must be very careful when choosing the data encryption for the system and make sure that the method that being using will only enhance the security of the system but not degraded the security level.

Chapter 4 : Critical Evaluation on Data Encryption Methods

4.1 Performance Comparison

The test have been tested on P4 2.1 GHZ CPU running Windows XP SP1 for a data of about 256 MB, following were the results.

D:\FYP\Journal\Performance Comparison.jpg

Figure 4.1 Performance comparison for DES, 3DES, AES and Blowfish (Stonecypher 2010)

The test has clearly shows that Blowfish algorithm provides the best performance among the entire algorithm that tested. AES algorithm also had a high performance rate if compare to DES algorithm and 3DES algorithm, and the throughput is almost 1/3rd of them. (Stonecypher 2010)

This section will discuss the environment of simulation and how the system components been used. This simulation will use the inside classes in .NET environment to experience the performance level of DES, 3DES and AES. Blowfish algorithm implementation used here is provided by Markus Hahn under the name of Blowfish.NET. This implementation is completely tested and is majorization to give the highest performance for the algorithm. (Tamimi, 2005)

Figure 4.2 shows those settings that will be used for the algorithm to be tested in the experiment:

Figure 4.2 Algorithm Settings for Experiment (Tamimi, 2005)

4.1.1 Performance Result with ECB

Figure 4.3 Performance Results with ECB Mode (Tamimi, 2005) 

Figure 4.3 show that Blowfish algorithm is the most superior in terms of the processing time. AES need to get more resources to process if the data block size is increasing. In between, 3DES also requires more time than DES because of the triple phase encryption algorithms. Besides that, DES and 3DES are well known to have a worm holes in the security mechanism but Blowfish and AES is freely from this problem. (Tamimi, 2005)

4.1.2 Performance Result with CBC

Figure 4.4 Performance Results with CBC Mode (Tamimi, 2005)

Figure 4.4 show that CBC need to be using more processing time then the ECB because of the key-chaining nature. CBC provides more powerful protection than ECB which it can be indicates in the Figure 4.4. It is because the extra time added is not so important for many applications. The differences between CBC and ECB are hard to be seeing because the differences between 2 modes are only 0.059869 second which is very small. (Tamimi, 2005)

4.2 Chapter Summary

The experiment result showed that Blowfish has provided better performance than other encryption algorithms such as AES, DES and 3DES. Nowadays Blowfish still not yet shown any security weak point which it can be considered as the first choice for user that wanted to apply the standard encryption algorithm into the system. AES show a poor performance compared with the other 3 algorithm since it needs to use a lot of processing power. CBC mode is also recommended rather than using the ECB. Although CBC need more processing time than ECB, but CBC can be very useful and important when the application requires for more secure encryption to a large data blocks. (Tamimi, 2005)

Chapter 5 : Case Study for Data Encryption

5.1 Rijndael Managed in Creating Data File

Rijndael, a block cipher whose design was strongly influenced by the block cipher Square, is currently the Advanced Encryption Standard (AES). Rijndael is a substitution-permutation network that is fast, requires little memory, and is relatively easy to implement. As a new encryption standard, Rijndael is being deployed on a very large scale.

For encryption, each round consists for four stages: Sub Bytes- a non-linear substitution where every byte is replaced with another according to the lookup table. Shift Rows is used where rows of the state is shifted periodicity every number of steps. Mix Columns- a mixing of operation on the columns of the state that combining the 4 bytes in every column using linear transformation; Add Round Key- each byte of the state is combined with the round key, where each round key is derived from the cipher key using a key schedule. The final round omits the Mix Columns stage.

For the example of encryption, a sequential text data file is read in, the data is encrypted, and then the encrypted data is written to a new data file. The method of encryption used is the RijndaelManaged object of the .NET System.Security.Cryptography class. Following is the data before encryption and after encryption.

Figure 5.1 Before Encryption Figure 5.2 After Encryption

The program has two classes: the form class and the encryption class that contains the encryption function where the actual encryption takes place. The function is called from the form class and supplied three arguments: (1) the text that will be encrypted (strPlain); (2) the encryption key (keyMain); (3) and the initial vector (4). The encrypted text (strText) is then returned to the form class.

The code for the function is shown below. The function creates an instance of the RijndaelManaged cryptography object (RMcrypto). A memory stream (outStream) is created, and an encrypted stream (CryptStream) is created to hold the encrypted data by using the encryption key and initial vector, which is wrapped around the memory stream.

An instance of the StreamWriter (SWriter) is created to hold the encrypted data, which is wrapped around the encrypted stream. Using the data argument (strPlain) the encryption takes place by writing to the instance of the StreamWriter (SWriter). The StreamWriter and memory stream are then flushed to ensure that complete encryption of the data takes place. The encrypted data is converted into a byte array (byteEncrypt) and converted to base64 (strCrypt). All of the streams are closed and the encrypted text (strCrypt) is returned to the calling code.

Below is the sample coding:

Encryption Class

Public Class Encrypt

Function EncryptString(ByVal strPlain As String, ByVal keyMain() As Byte, ByVal IV()

As Byte) As String

Dim RMcrypt As New System.Security.Cryptography.RijndaelManaged

//Create a memory stream to hold the encrypted data

Dim outStream As New System.IO.MemoryStream

//Create the crypto stream to encrypt and hold the encrypted data

Dim CryptStream As New


RMcrypt.CreateEncryptor(keyMain, IV),


//Create a StreamWriter to write the plain text data and do the encryption into the

outStream buffer

Dim SWriter As New System.IO.StreamWriter(CryptStream)

//Now call the write command to do the encryption




//Convert the outStream buffer back to a string

Dim byteEncrypt() As Byte = outStream.ToArray

//Convert to base64 and return it

Dim strCrypt As String = Convert.ToBase64String(byteEncrypt)




Return strCrypt

End Function

End Class

The code for the form class is abbreviated to show only the code that is relevant to the encryption process. An Import statement is required to reference the StreamReader and StreamWriter.

Imports System.IO

Class data variables are defined for the StreamReader, StreamWriter, a string variable for holding the record read from the input file, and a string variable for holding the encrypted record that will be written to the output file.

Private Input As StreamReader

Private Output As StreamWriter

Private strLine As String = " "

Private strEncrypt As String = " "

Following is the code for the subroutine that performs the data encryption. The input and output data files are opened. An instance of the encryption class that contains the encryption method is created (encryptInstance), and the encryption key and initial vector key are defined, where the values are arbitrarily assigned. Both of the keys are 16 bytes in length or 128 bits.

Next is the record cycle loop. A record is read from the plain text data file (strLine) into a string data variable. The record (strLine), along with the encryption key (keyMain), and initial vector key (4) is sent to the encryption function. The function returns an encrypted value (strEncrypt). The encrypted data is then written to the output data file.

At the conclusion of the record cycle a message is displayed in a label that the encryption was successful, and both data files are closed. If an error occurs during encryption an error message is displayed in the label.

Below is the sample coding:

Private Sub btnEncrypt_Click(. . . . .) Handles btnEncrypt.Click


Input = New StreamReader("testScores.txt")

Output = New StreamWriter("testScores.enc")

Dim encryptInstance As New Encrypt

Dim keyMain As Byte() = {&H92, &H3A, &HC1, &H89, &HB6, &H43,

&HCD, &H3F, &H5C, &H6C, &H92, &HE4, &H72, &H89, &HA8,


Dim IV As Byte() = {&H14, &H21, &H97, &H44, &HFC, &HC7, &H48,

&H8F, &HC4, &HE3, &H2D, &H45, &HC3, &H14, &H34, &H62}

Do Until Input.Peek = -1

strLine = Input.ReadLine()

strEncrypt = encryptInstance.EncryptString(strLine.Trim, keyMain, IV)



lblMessage.Text = "File encrypted successfully!"




lblMessage.Text = "Error on encryption!"

End Try

End Sub

5.2 HMAC Processor with Integrated SHA-1 and MD5 Algorithms

HMAC hardware design with the integrated SHA-1 and MD5 hash functions. The advantages of our design are as follows:

1) reduced hardware complexity- the number of multiplexers is reduced based on our shift-register approach, and the similarity between SHA-1 and MD5 algorithms makes hardware sharing possible

2) similar performance-our hardware sharing approach leads to a little performance penalty

3) HMAC realization-instead of the individual SHA-1 and MD5 algorithms, we realize the HMAC processor with SHA-1 and MD5 algorithms, which has automatic word padding and supports key scheduling for consecutive HMAC tasks using the same key (removing key computation time).

(Raymond, 1999)

The proposed HMAC processor is applicable for a wide selection of security systems, both for cost-oriented and performance-oriented applications.

A hash function converts plaintext into a message digest (MD) with fixed length. The HMAC performs keyed-hash operations using existing hash functions and the key input.

SHA-1 and MD5 have common features and basic operations such as:

1) word expansion

2) iterative processing steps

3) fixed, non-scalable data flow

4) arithmetic and logical operations

5) nonlinear subfunctions

6) the same block size (Raymond, 1999)

The architecture of the HMAC processor core consists of 3 major components which is the HMAC controller, SHA-1/MD5 core and the register file. The controller will manage the data flow which it wills select the date among message words, key words and hash data words in the register file from the blocks. After it, the controller will generate an adequate control signals to the other blocks. For the register file, it consist of the key register that keep the 512-bit key data and the hash register that stores 160/128-bit hashing data for SHA-1/MD5. SHA-1/MD5 core is the most important part which it will integrates 2 popular hash functions which will reduce the area cost. (Raymond, 1999)

Figure 5.3 Block Diagrams of the Integrated SHA-1/MD5 core (Raymond, 1999)

Figure 5.4 Design of the input shift resister (Raymond, 1999)

Figure 5.5 Integrated implementation for SHA-1/MD5 (Raymond, 1999)

Figure 5.3 shows the block diagram for the integrated SHA-1/MD5 core. In this design, the input data and the data length information will become an input for the shift register which depicted in Figure 5.4. The extra byte-exchange that done by the padding logic is mandatory for the MD5. Shift register will then send the message word to compute the temporary hash values (A, B, C, D, E) by the integrated SHA-1/MD5 block which show in the Figure 5.5. The SHA-1/MD5 block also requires the constant word and MD. Counter then will count the round number and determine the hash registers which contents will be added to the MD. (Raymond, 1999)

In Figure 5.5, the 16 input words (message block) are received from the data input first. Then for the SHA-1, the extra words are created by the XOR of 4 previous words followed by a 1-bit left rotation as show in the figure. For MD5, a multiplexer (on top of the figure) is needed. Each round, the data word in the shift register will be selected as the message word. (Raymond, 1999)

5.3 Uses DES for the ATM

Unix Passwords: In the UNIX password scheme there are 2 different modified DES algorithms all with slightly different S-boxes. The particular S-box used is determined by a random 12-bit integer called a "salt". The key consists of the first 8 characters (only) of the password entered.

Setting up a password: A random 12-bit is found and used as the `salt'. A system dependent constant is encrypted using your password as the key and the appropriate (to the salt) DES algorithm, giving a result which is again encrypted. In total it is encrypted 25 times recursively and the final result is the encrypted password. The login name, salt and encrypted password are then recorded in the password file.

Checking a password: After login name is given, the salt is looked up in the password file, then after password is entered it will used as the key, and encrypted as above, and the final result is compared with the encrypted password in the password file. If they match then the password is accepted, otherwise it is rejected.

ATM/EFTPOS: DES in the CBC mode is used for all encryption. The ATM keypad, or EFTPOS handset contains a built-in tamper-proof master key kM known only to the machine and the host computer. Each time the machine is started up, the host computer sends a new daily key kD encrypted using kM to the ATM and an initial transaction key kT also encrypted using kM. The initial kT is used for the first transaction. For later transactions a new kT is calculated from kT:=kTÅ last MAC sent by the ATM 

(MAC is explained below). This is called `chaining' the key kT; it is done to make it impossible to record messages from an ATM to its host machine and then play them back at a later time. At the later time the key kT will have altered since it is a function of kD and all transactions that have arise since the last initial kTwas loaded. A MAC (Message Authentication Code) used with an ATM is a 64-bit number that is calculated from an unencrypted message by running it through DES with key kD using CBC mode. The resulting 64-bit block is the MAC. All transmissions are checked using a MAC. In effect the transaction key kT is itself subject to CBC encryption.

Below is a example for each transaction for the ATM:

The account number and name are read from the card; the PIN (message) is entered.

From this "message" a corresponding MAC is calculated and then the "message" is encrypted using kT. Next the encrypted "message" and the MAC are sent to the host computer. 

The host decrypts the encrypted "message" using kT to retrieve the "message"; the host then uses the "message" to calculate a MAC, and checks that this is equal to the MAC sent with the encrypted "message". The host then checks the account details and PIN on its database, and if everything checks out correctly it then replies with a "go ahead" message encrypted with kT, and followed by its own MAC. 

You enter the data for the transaction, and another "message" is constructed by the ATM, including the date, time, ATM number, a sequence number, and details of the transaction. This is encrypted by the ATM using kT and sent (along with its MAC). 

After authenticating the MAC as before, and after checking the account balance etc., the host sends as "OK to pay" message including the new balance etc., again encrypted using kT and with its own MAC. You get paid.

In "off-line" mode your PIN is checked against a PIN stored in encrypted form on user's card. Details of the transaction are recorded and later transmitted to the host. As no confirmation from the host of your identity is available, the withdrawal limits are usually lower with this mode. EFTPOS is similar but includes some merchant information as well. In addition, a random number is included at the start of each message, before the MAC is calculated and before encryption is done. This is to further increase the security.

Chapter 6 : Linkage with the Final Year Project

The final year project is regarding about the adjuster system that provide a computerize solution for the adjuster reporter to manage their report and costing for customer's accidence vehicle in an efficient way. Data securities need to be concerned in between each data transaction because most of the data is private and confidential for company. So, data encryption needs to be implemented in the system.

Data encryption method will be implemented for each data transaction between the insurance company system, police station system and the adjuster system. The purpose of implementing the data encryption is to prevent the information stolen by the outsiders or unauthorized users when the data is being transfer from insurance company and police station to the system.

Blowfish encryption algorithm will be implemented into the adjuster system because the algorithm require a small processing power and provide rapidly encrypted process and decrypted process. Also the algorithm is easier to be implemented if compare with the algorithm that also providing the similar level of the security.

Chapter 7 : Conclusion

To get the suitable data encryption method for the application user must first understand the concept of the data encryption algorithm. After that, user also needs to know the performance for the encryption, the compatibility and whether it suit to the system requirement. In business aspect, cost and time to implementing need to be considered so that the developer can get the better solution in shortest time and in low costing.

Last but not least, this seminar consists of Chapter 1 explaning some basic knowledge about the data encryption which mentioned about the symmetric and asymmetric encryption, block cipher and stream cipher and etc. In the Chapter 2, two types of the encryption methods will be introduced which is Blowfish and Triple DES. In the chapter, it will also show the steps on how the algorithm works. Chapter 3 mainly discuss about the advantages and disadvantages of using the data encryption in the application. From Chapter 4, some comparison for the performance from each data encryption method will be shown in graph. It can help user to more understand which method will provide the highest security and also the maximum performance. In Chapter 5, some real case will be shown on how the real applications apply the data encryption on the application.

Although DES is an old style encryption method, but it is still provide a good security in many applications. So, in some situation, DES also can be implemented by the user. In other hand, AES provide the enhancement on the key size and higher security level compare to DES but it process is slower. Next is the Blowfish which consume less time and low power consumption in doing encrypt and decrypt process. Lastly, Blowfish encryption will be applied to final year project because it provides more data security, easy to implement, cost effective, and meet the application requirement for the final year project.