This project comprises two portions. The first portion required the students to choose three encryption methods and conduct thorough research on it. The second portion is the development of a simple encryption and decryption program that reads in text message over a network.
The three encryption methods chose was Data Encryption Standard (DES), Triple Data Encryption Standard (3DES), and Advance Encryption Standard (AES). In-depth investigation and study were done according to the histories, backgrounds, strategies and mechanisms, advantages and drawbacks, and applications of the three encryption methods. These three encryption methods are critically evaluated and AES is the superior encryption method among the three.
The developers chose Visual Basic.net as their programming language as it provides a user friendly GUI. The developers developed an Instant Messaging system which is workable in a LAN or a wireless Ad-Hoc environment. The users can encrypt and decrypt the desired message with the key defined manually by the user.
3.0 Three Algorithms of Encryption
3.1 Data Encryption Standard (DES)
Data Encryption Standard or known as DES is a United States government standard encryption algorithm for encrypting and decrypting unclassified data. DES is based on IBM's Lucifer cipher and describe by Federal Information Processing Standards (FIPS) 46 as the most recent revision in FIPS 46-3. DES is a block cipher that takes plaintext string input and creates a cipher-text string of the same length. IT uses a symmetric key i.e. using the algorithm to encrypt and decrypt. It had been used as a standard for encryption until 200. It was replaced by the AES algorithm in 2001. After 25 years of analysis, its short key length was identified as the only security problem with DES. Although it's wide spread use came to an end, its design is still used in most block ciphers.
Three main operations of DES are the XOR, permutation and substitution. DES encrypts and decrypts data in 64-bit blocks using 64-bit key. It takes a 64-bit block of plaintext as input and outputs a 64-bit block cipher text. Since it operates on blocks of the same size, it uses both permutations and substitutions in the algorithm. The main algorithm is repeated 16 times to produce the cipher text. Although the input key is 64 bit long, only 56 bits length is actually used by DES, the least significant (right-side) bit in each byte is a parity bit and should be set so that there are always odd numbers of 1s in every byte. As only significant bits of each byte are used and parity bits are ignored, it results in a key length of 56 bits. Authorized user of encrypted computer data must have the key that was used to encipher the data in order to decrypt it. Data can be recovered from cipher by using only the exact same key. Unauthorized recipients of the cipher who knows the algorithm but do not have the correct key cannot get the original data algorithmically. However it may be possible to determine the key by a brute force "exhaustion attack".
Figure 1 shows DES encryption mechanism
However, there are several weaknesses in DES. There have been several approaches to attack DES. The most popular approaches used are the linear cryptanalysis and differential cryptanalysis. These two approaches reduces the key space needed for search from 2^56, 2^43 and @^27 respectively. Other approaches used algebraic cryptanalysis, molecular computation, neural networks and optimization heuristics. A survey shows the time it takes for cryptanalyst to break cryptographic algorithms. In 1999, a distributed net project broke a DES key in 23 hours using exhaustive key search method. The work was shared over 100,000 computers and 250 billion keys were checked every second and a paper shows how to further reduce the exhaustive key search of the DES.
3.2 Triple Data Encryption Standard (3DES)
3DES is an improved version of DES symmetric encryption algorithm. It is used 3 times on the same data which how 3DES got its name. 3DES is a block cipher which uses 48 rounds in its computation which is transportations and substitutions and has a key length of 169 bits. The process o 3DES works in which firstly, data is encrypted using a 56-bit key. Then the data is decrypted using a different key. Finally, it is encrypted again using a completely new key. Only when the data had undergone these three stages, data is sent to its final destination. A number of modes of 3DES have been proposed
DES-EEE3 : 3DES encryption with three different keys
DES-EDE3: Three DES operations in sequence encrypt-decrypt-encrypt with three different keys.
DES-EEE2 and DES-EDE2: same as previous format except that the fist and third operations use the same key.
Figure 2 shows the 3DES encryption mechanism
3DES are used by the federal department and other government agencies for cryptographic protection of classified data. The encryption is used at the physical layer of the ISO Open Systems Interconnection (OSI) Reference Model in telecommunications systems. Cryptography can be used for authentication in which the receiver of the message can ascertain its origin. On top of that it provides integrity in the sense that the receiver can verify if the message was modified during the transmission. The sender also cannot deny that he or she sent the message. The functionality of 3DES is usually integrated within embedded systems. Some of the implementation of 3DES are in DVDs, cable TV, DBS systems, HDTV, digital cameras and so on. 3DES also are applied in networking applications. This is to provide network protection through data privacy, integrity, access control and authentication.
When using three keys, requires a 168-bit random key as compare to AES which uses 128-bit key. This may sound significantly stronger that AES but it fact, there are attacks on 3DES that reduced the strength of the 168-bit key to be closer to 112 bits. "If 3DES really worked at the full strength of its key, it would take 2^168 trials to decrypt the cipher-text. In fact, a more efficient attack only takes 2^112 trials. When using two keys, Triple DES requires a 112-bit random key. Clever attacks, however, can recover the cipher-text in 2^280 trials."(Jones & Bartlet Learning). Although 3DES have a clean record in which it had never been broken, it is considered less efficient because it performs DES three times in which cost a great deal in computing time.
3.3 Advanced Encryption Method (AES)
AES can also be referred as Rijindael is an encryption algorithm invented by two Belgian cryptographers; Joan Daemen and Vincent Rijimen (Rouse, 2011). AES is used and approved by the US government agencies to protect sensitive but unclassified information (Rouse, 2011). AES uses block cipher algorithm which supports block size of 128 bits and key sizes of 128, 192, and 256 bits (Hurst, n. d.). AES is a classified as high quality and reliable data encryption method to protect data integrity because the US Government officially announce the practice of AES in their organisation in 2003.
AES is a successor for DES (Data Encryption Standard) which was a widely used algorithm in 1976 such as commercial applications and financial transactions. The National Institute of Standards and Technology (NIST) decided to further develop a new encryption as the successor for DES due to the small key size and the increase of availability in computing power (Hurst, n. d.). Subsequently, AES was selected among all the 15 contenders and this decision was widely honoured in the cryptographic community.
3.3.2 AES Algorithm
AES is a block cipher and hence functions on static-length blocks of data, AES uses symmetric keys to encrypt and decrypt the data (Hurts, n. d.). For example the User A inputs a plaintext of 128 bytes and User B will receive the output of the encrypted plaintext in 128 bytes consequently. In order to decrypt the encrypted plaintext, User B will have to input the encryption keys defined by User A. According to Jim Hurts, the encryption proceeds via a number of rounds as shown below (Hurst, n. d.):
Number of Bit Keys
Table 1 shows the AES encryption rounds
As mentioned, AES encrypts via static-length block size of 128-bits and key size of 128-bits, 192-bits, or 256-bits. The 128-bits in a block are organised in a state of 4x4 bytes and each respective round of encryption comprises of four phases to produce a new state.
Add Round Key
A Sub-Key will be combined with the generated state. The Sub-Key is derived from the main key through a key agenda. The key agenda can generable infinite Sub-Keys through a defined set of algorithms. The Sub-Key size generated will be identical to the size of the generated state. The Sub-Key and the generated state will be merged with the logical exclusive OR (XOR) procedure. This step disguises the original state and generates a new encrypted state.
In Sub Bytes, each byte in the generated state will be switched using a Substitution Box (S-BOX). The S-BOX transforms each byte by finding the multiplicative inverse of the byte in Rijindael's finite field and proceeds to converting the result with the binary linear algebra. Again, this step transforms the encrypted state earlier to a new encrypted state.
In this process, the bytes in the rows (4x4) will be shifted within the respective row. The first row will be left unchanged, the second row will be shifted by left one byte, finally third and fourth rows will be shifted left two and three bytes correspondingly.
This phase can be viewed as a matrix multiplication process where an invertible linear transform will join all the four bytes of each column. The number of input bytes will be equivalent to the number of output (four input bytes will generate four output bytes). Mix Column offers diffusion where scattering the input of a single plaintext character across various plaintext characters. The repetition of Shift Rows ad Mix Columns steps will guarantee the change of a single character in the plaintext will change all the characters in the output of the cipher text or encrypted data.
Table 2 shows the AES encryption process referenced from https://www.giac.org/cissp-papers/67.pdf
3.3.3 Applications of AES
AES is widely adopted by vendors in both hardware and software by vendors because of its simple and yet efficient algorithm. Moreover, vendors prefer to deploy AES because it decreases system complexity, costs, and endorses interoperability. AES is deployed in various technologies and in commercial use (Hurst, n. d.). Today, AES is widely adopted in network security, for example high-end Virtual Private Network (VPN) software by vendors such as Cisco, Checkpoint, and Symantec has AES as part of the encryption to ensure data integrity (Hurst, n. d.). Moreover, Voice-Over-Protocol (VoIP) which is gaining popularity is using AES by vendors to secure telecommunication security. Furthermore, WinZip uses AES as their security measures in their file compression program (Hurst, n. d.).
3.4.1 AES vs DES
The first weakness address from DES is the short encryption key of 56 bits, which generates 2^56 combinations that can be easily crack by a brute force attack (Joan, 2011). Moreover, computer processing power has increased tremendously over the years which make cracking the 2^56 possible combinations easier. AES offers 128, 192, or 256 bit encryption key which is able to generate 2^128, 2^192, or 2^256 possible encryption keys dependent on the user's preference.
Second weakness of DES is the relatively small 64 bits block size while AES offers twice the amount which is 128 bits block size (Joan, 2011). Thus, DES is only able to allow the user to send a maximum of 32GB data in a single encryption key while the AES offers a maximum of 256 billion gigabytes in a single encryption key. The block size defines the amount of information that the user can send before having identical blocks which will disclose information.
3.4.2 AES vs 3DES
The first weakness found in 3DES is the same discovered in DES which is the short 56 bits encryption key but in 3DES the user can choose to have three encryption keys (three discrete or two identical 1 discrete or three identical) (Joan, 2010). 3DES offers encryption key lengths of 168, 112, or 56 bits encryption key lengths correspondingly. However, vulnerabilities still occurs when three identical encryption keys are applied which will lower the security level; 168 bits reduced to 112 bits and 112 bits reduced to 80 bits.
Another flaw in 3DES is the same block length of 64 bits compared to AES which offers 128 bits (Joan, 2010). This issue is identical to DES because the user of 3DES will have to switch encryption keys every 32GB of data transfer to ensure the transmission is secured by minimising the possibilities of leaks.
Third issue with 3DES is performance concern because 3DES repeats the encryption process thrice and therefore it takes longer time to process vice versa compared to AES (Joan, 2010). Theoretically AES is on the upper hand of 3DES but there are hardware and software that are specially designed and developed for 3DES which will work faster compared to AES (Butter, 2007). Although, 3DES may work better in some hardware and software nevertheless AES is still considered as the winner judging from the security invulnerabilities offered.
3.4.3 DES vs 3DES vs AES
Below is a comparison table for DES, 3DES, and AES.
(k1, k2, and k3) 168 bits
(k1 and k2) 11 bits
128, 192, or 256 bits
128, 192, or 256 bits
Vulnerable to differential and linear cryptanalysis; weak substitution tables
Vulnerable to differential, Brute Force attacker could be analyse plaintext using differential cryptanalysis
Strong against differential, truncated differential, linear, interpolation, and square attacks
One only weak which is Exit in DES
2^112 or 2^168
2^128, 2^192, or 2^256
Time Required to Check All Possible Keys at 50 billion keys per second
For 56-bit key: 400 Days
For 112-bit key: 800 Days
For 128-bit key: 5 x 10^21 years
Table 3 shows the comparison between DES, 3DES, and AES referenced from http://arxiv.org/ftp/arxiv/papers/1003/1003.4085.pdf
Based on the information above, AES is the greater encryption method among the three for the reason of security. First and for most important reason is security level offered by AES because the time required to crack all possible encryption key combinations is 5 x 10^21 years. Moreover, the cryptanalysis resistance has proven DES and 3DES are not secured as AES offers. The main reason for the insecurity of DES and 3DES is the low amount of possible encryption keys generated compared to AES. Therefore, AES is the better encryption method among the three.
The chosen programming language for this project is Visual Basic.net. The developers conducted in-depth research on the developments of the program. The developers watched tutorials on YouTube, browsed forums and step-by-step guide provided by bloggers in order to develop the program successfully.
Figure 3 shows the Server of the system
The user will have to activate the Server by listening to the port number preferred. The user can define any port numbers as long as the network is within a Local Area Network (LAN) or a wireless Ad-Hoc environment. The server will be able to view all chat messages between the clients including one-to-one chats.
Figure 4 shows the Client with the name "Wong" of the system
Firstly, the user will have to enter the IP Address of the Server in order to connect to the user. Then, the user is able to see the number of user(s) online on the top left of the system. As shown above, the user "Wong" encrypted the message "How are you?" with the encryption key of "123", the message is then encrypted.
Figure 5 shows Client with the name "Abu" of the system
The figure above shows that the user "Abu" is receiving an encrypted message from user "Wong". User "Abu" can decrypt the message by inserting the encrypted message to the Message Text Box provided and then key in the encryption key defined by user "Wong".
4.2 Ceaser Cipher Algorithm (Code Implementation)
Function EncryptDecrypt(ByVal text1 As String, ByVal key As String, ByVal isEncrypt As Boolean) As String
Dim char1 As String
Dim char2 As String
Dim cKey As Byte
Dim strLength As Integer
Dim Result As String = ""
Dim j As Integer = -1
If text1 <> "" And IsNumeric(key) Then
strLength = text1.Length
For i As Integer = 0 To strLength - 1
char1 = text1.Substring(i, 1)
If j < key.Length - 1 Then
j = j + 1
j = 0
cKey = Val(key.Substring(j, 1))
If isEncrypt Then
char2 = Chr(Asc(char1) + cKey)
char2 = Chr(Asc(char1) - cKey)
Result &= char2
MsgBox("Enter text or key!")
Figure 6 above shows the code for Caeser Encryption
The code above is the implementation of Caeser cipher in the program created by the developing team. In this program, "EncryptDecrypt" Function was created to perform substitution of text which in this case text is shifted into ASCII character based on the key that will be define by user. Variable "Char1" is declared as string which will be the text messaged keyed in by user. The length of the text message will then be calculated and the value will be stored in variable "strLength". A for loop will be used to arrange the character in array format ("char1 = text1.Substring(i, 1)"). An "If else" statement is used to define each array number of characters of "Char1". Then, the value of the key for encryption will be used ("cKey = Val(key.Substring(j, 1)") to substitute the message by character. For example if the key's value is 1, and the text message is "hello" all the text will be substitute by one in which "H" will be "I" , "E" will be "F", "L" will be "M" and "O" will be "P". The value will be determined by the key depending on the value and length of the key. Then, a condition is set using an "If Else" statement to substitute the message using the key. If button encrypt is clicked, then it will perform the substitution but if button decrypt is clicked then it will reserve the process which will be decrypted. If the condition of the main IF else is not met, i.e. message is blank and the key that is set for encryption is not met (key should be in numbers), a popup message will appear to enter the value.
Private Sub btCrypt_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btCrypt.Click
txtResult.Text = EncryptDecrypt(txtText.Text, txtKey.Text, True)
Private Sub btDecrypt_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btDecrypt.Click
txtResult.Text = EncryptDecrypt(txtText.Text, txtKey.Text, False)
Figure 7 shows the code for Caeser Encryption
Finally, the button of encrypt and decryption will be assigned to "txtResult.Text" textbox upon click these two button. As an example, when clicking encrypt, value of "txtText.Text" (message) and "txtKey.Text"(Key) will use the function created earlier and the result of the encryption will be displayed at "txtResult.Text". Decryption follows the same function only the difference is, the value of the encrypted text should be written in "txtText.Text".
Throughout the project, the developers found that no security measures can guarantee a solid unbreakable security system in the world of Information Technology. There are many causes and loopholes that might lead to the security leakage. The only method that can ensure the security level is at the highest is to keeping the security measures up-to-date with the latest procedures such as HP Tipping Point Intrusion Prevention System, Intrusion Detection System and many more.