8/8/2019 papier_186

1/6

TELECO2011 & 7me JFMMA

Mars 16-18, 2011Tanger MAROC

Security of information systems: Implementation of Encryption

1Mohammed ERRITALI ; 2 Mohamed Fakir ; 3 Belaid Bouikhalene

1Etudiant-Facult des sciences et techniques Beni Mellal

2Professeur la Facult des sciences et techniques de Beni Mellal3Professeur la Facult Poli-disciplinaire de Beni Mellal

mederritali@yahoo.fr

Abstract: In this work we provide a panorama on the use of cryptography and digital signature to secure aninformation system, we start with a state of the art about cryptographic algorithms, and digital signaturealgorithms and we finish by some applications.

Key words: Symmetric encryption, asymmetric encryption, digital signature, PKI, SSL.

I. INTRODUCTIONhe security of computer systems is generallylimited to guaranteeing rights of access to dataand system resources by implementing

authentication mechanisms and monitoring toensure that users of these resources have only thoserights that they were granted. The securitymechanisms in place can still cause discomfort tousers and guidelines and rules are becoming

increasingly complicated as they as the networkexpands. Thus, IT security must be studied in sucha way that does not prevent users to develop usesthat are necessary, and ensure that they can use theinformation s ystem with confidence.

Indeed the concept of cryptography is born fromthe moment we wanted to provide safe fromeavesdroppers. From Julius Caesar and his army, toRomeo and Juliet, through all the treasure maps, ittook encrypt certain information. The contemporaryperiod has not improved in this area. Instead, theconsumer society has created new cryptographicneeds. Of course these are military applications

remained s ecret commun ications , and banking.But we must also ensure the secrecy ofcommunications on networks remote computer, andprevent the modern-day pirates to infiltrate thesenetworks of computers. Cryptography is usedincreasingly in various fields.Until recently, the security of these systems wasbased on secret information that is shared by users,and allowed to commun icate confidentially. For thisreason, all of these systems is called secret keycryptography. As secret key systems, it usesalgorithms using the same key for encryption anddecryption and for this, are called symmetric

encryption algorithms. DES, AES, IDEA are themost famous examples. Although these algorithms

are still used for encrypting messages because ofvery high speed, they no longer meet the newneeds.The public key cryptography has been formalizedand helped meet these needs. These are all waysthat can provide solutions to new problems whichare identification, authentication and confidentialityof messages.The public key cryptography is involved in manyeveryday applications, the use of smart cards

through mobile phones, until a user logs in to acomputer. However, the security of theseapplications depends mainly on two issuesconsidered difficult number theory: the problem offactoring and discrete logarithm problem. Althoughthese two problems are still resisting thecryptographers, they are not immune from atheoretical breakthrough or even quantumcomputers that would endanger the difficulty ofsolving them.

II. SYMMETRIC SECRET KEYENCRYPTION

the time of Julius Caesar in the late 1970s, manycryptosystems have been invented (DES, A ES, ...)[2], consisting in subjecting a clear text processingmore or less complex to derive a text, saidencrypted. The transformation is based on twoelements: a mathematical function and a secret key.Only a person familiar with the function and thekey can perform the inverse transformation, whichtransforms the cipher text into plaintext. The samekey used for encryption and decryption, and for thisreason it must remain secret.

Figure 1 is an illustration of the process ofsymmetric encryption

T

8/8/2019 papier_186

2/6

TELECOM 2011 & 7me JFMMA

Figure 1:

Symmetric Encryption

A. Data Encryption Standard (DES)The first data encryption standard was

developed by German-born Americancryptographer Horst Feistel in 1934 [2]. Hisnationality and profession cryptographer earnedhim some difficulties with the National Security

Agency (NSA), wants above all to keep controlover the means of encryption and to pierce thecodes us ed by private individuals. Finally he put hisskills to IBM, for whom he developed in the early1970s the cryptosystem Lucifer basis for futureData Encryption Standard (DES).DES is based on the following principles: theplaintext is encoded in binary and cut into blocks of64 bits. Each block is cut in half blocks whose bitsundergo complex permutations, then the half-blocksare added together and subjected to othertransformations. The operation is repeated sixteentimes. The transformation function has variations

depending on the key, which is an arbitrary numberchosen by the user code. The number of possiblevalues for the key determines the number of waysin which a message can be encrypted. The sender ofthe message secret number according to the DESalgorithm using the key, the receiver applies theinverse function with the same key to decrypt it.The NSA has obtained the standardization of DESin 1976 [2] has a limit on the key size to 56 bits.Today value is notoriously weak, and it uses thetriple DES with a key length of 112 bits.Posterity current DES encryption provides can beregarded as robust, on condition that solved the

crucial problem of all systems that rely on a secretkey used for encryption as well as for thedecryption: the participants should exchange assecret key, wh ich is not simple.

B. Advanced Encryption Standard (AES)He comes from an international call for

applications launched in January 1997 and hasreceived 15 proposals. Of these 15 algorithms, fivewere selected for further evaluation in April 1999:MARS, RC6, Rijndael, Serpent, and Twofish. Afterthis assessment, it was finally the candidateRijndael, named after its two designers Joan

Daemen and Vincent Rijmen (both Belgiannationality) who has been chosen [9,10]. These two

experts in cryptography were already authors ofanother algorithm: Square. AES is a subset ofRijndael: it only works with blocks of 128 bits,whereas Rijndael offers block sizes and keys thatare multiples of 32 (between 128 and 256 bits).In so doing the AES replaces the DES (chosen as

standard in the 1970s) which today becameobsolete, because it used only 56-bit keys. The AEShas been adopted by NIST (National Institute ofStandards and Technology) in 2001 [9,10].Moreover, its use is very convenient because it useslittle memory and is not based on a Feistel scheme,its complexity is lower and it is easier toimplement.The algorithm takes as input a block of 128 bits (16bytes), the key is 128, 192 or 256 bits. The 16 inputbytes are swapped according to a predefined table.These bytes are then placed in a 4x4 matrixcomponents and lines are rotated to the right. The

increment for the rotation varies with the numberline. A linear transformation is then applied to thematrix, it consists of a b inary multip licat ion of eachelement of the matrix with polynomials from anauxiliary matrix, this increase is subject to specialrules as GF (28) (Galois group finite) [9,10]. Thelinear transformation ensures a better distribution(propagation of bits in the structure) on severallaps.Finally, an XOR between the matrix and anothermatrix provides an intermediate matrix. Thesedifferent operations are repeated several times andset a "tower". For a key of 128, 192 or 256, AES

requires respectively 10, 12 or 14 towers.Afficher en criture latine

C. Protocol Diffie and HellmanIf two network users Ayoub and Mohammed

wants to keep a secret correspondence, they mayagree to encrypt their messages with an algorithmsuch as Triple DES or AES, we have presented.This algorithm has all the guarantees of robustness,but it will take them to be agreeing on a secret key:for this they must meet, which may be impossible,or to communicate the key by mail. In both cases,the moment of exchange is that a spy can take

advantage to steal their secret and thus nullifyingthe security of their communications. This is theproblem of key exchange.

C. 1. The problem of key exchangeFor centuries the problem of key exchange

was seen as a natural disadvantage of encryption.With the use of computer and tele-transmiss ion, andthe dematerialization of information they allow theproblem is different. In 1970 an independentresearcher, Whitfield Diffie, reflected by two ofARPANET users to exchange encrypted emailswithout physically meet beforehand to agree on the

encryption key that they use it[2]. In 1974 he gave alecture on the research center Thomas J. Watson of

8/8/2019 papier_186

3/6

TELECOM 2011 & 7me JFMMA

IBM in Yorktown Heights (already at work of HorstFeistel), and there he learned that Martin Hellman,a professor at Stanford University in Palo Alto,gave a lecture on the same subject. He immediatelytook his car and crossed the continent to meetHellman [2].

Diffie and Hellman were looking for a way to agreeon a shared secret without being circulated amongthe participants, in other words, a mathematicalfunction such that participants can exchangeinformation alone could deduce the secret. Thedesired characteristics of such a function are therelative eas e of calculation in the forward d irection,and almost impossible to calculate the inversefunction. Thus, if s is the secret to clear theencryption function F, c secret encrypted, thedecryption function D, it is necessary that c = F (s)is easy to calculate, but if D = (c) impossible tocalculate for any o ther participants .

C.2. Implementation of Diffie-HellmanThe protocol for key exchange Diffie-Hellman isbased on a function of the form, first with P & W

8/8/2019 papier_186

4/6

TELECOM 2011 & 7me JFMMA

Figure 2: Asymmetric Encryption

IV. DIGITAL SIGNATUREA. IntroductionThe electronic signature is a very concrete

application of the asymmetrical cryptography whichwas invented in the middle of the Seventies.Indeed modern cryptography is no longer limited toensure confidentiality of information, but it can a lsoauthenticate them through the digital signature.The digital signature is a mechanism to authenticatea mess age, i.e. to prove that a message really co mesfrom a specific sender.According to ISO 7498-2 on the securityarchitecture for open systems, the definition ofdigital signature: data appended to a data unit,

or cryptographic transformations of a data uni t,enabling a recipient of prove the source and

integrity of the data unit and protects against

counterfeiting by the recipient [7].

The s ignature is made using the s igner's private key,so all partners can check the signature using thepublic key. In all operational protocols, it is actuallya hash, not the whole document is signed, forperformance reasons; asymmetric algorithms arevery resource-intensive.The technique used to calculate the hash is the hash.The technique produces a mess age digest which is asmall representation of the unique and complete

mess age. Figure 3 illust rates the steps of the digitalsignature. Hash algorithms are one-way encryptionalgorithms, so it is impossible to find the originalmessage from the digest. The main reason why itproduced a d igest of the mess age are:1. The integrity of the message sent is preserved,and any alteration of the message will beimmediately detected;2. The digital signature will be applied to condensewhose size is usually much smaller than themess age itself;3. Hash algorithms are much faster than anyencryption algorithm (either public key or

symmetric key).The message digest is very probably unique in the

sense that it is almost impossible to find twomeaningful messages that occur simultaneously onthe same digest. Therefore, the probability that amessage tampered produce the same digest as theoriginal is virtually zero.

Figure 3: Digital Signature

The digital signature requires the use of electroniccertificates. These are generated by CertificationAuthorities (CA), which can uniquely identify theperson (or entity) who holds the key public andprivate: they can be seen as the digital identity cardperson or entity. In addition to this role, thecertificates can be used to encrypt information.

B. Principle of the digital signature M = set of messages to sign,

S = set of signatures,

K = set of keys For a g iven key k K, a signature function: M S

and verificat ion function:M S (true, false) such that for every messagem M and each signature s S we have(m,s)= true (m)= s.

B.1 RSA Signature

M = S = , where n is the product of twoprimes p and q. K = ((n, e, d) | ed 1 (mod (n))) n and e are

public, d are secret.The s ignature function is calculated bys= (m) =

Verification by computing m' = (mod n) and(m,s)= true m= m'

B.2 El Gamal Signature

Signature processChoosing a prime nu mber p.Generator g of the multiplicative groupChoose an integer x between 0 and p-1It calculatesy= mod p The public key is (p, g, y)The private key is xTo s ign a mess age m:Choose k

8/8/2019 papier_186

5/6

8/8/2019 papier_186

6/6

TELECOM 2011 & 7me JFMMA

use the SSL functionality.

VII. CONCLUSIONCryptography is an area that attracts increasing

attention of research groups.Indeed, the public key cryptography is veryattractive and rich in perspectives, incorporatingboth encryption and digital signature. It is a realbreakthrough compared to symmetric keycryptosystems.Beyond the technical aspect, we must see the needto develop architecture or a PKI, wh ich inc ludes thetools needed to effectively manage and use keysand certificates. In this work, we first presentedsome ideas about cryptography and digitalsignatures and their uses to secure exchanges oninternet. I wish in conclusion to mention a few

related lines of work that I have unfortunately nothad time to dig in my work: cryptography withelliptic curves and cryptanalysis.For elliptic curves I think they are beginning to beknown to a wider audience. Perhaps in a worlddominated by the RSA public key c ryptography, thelatter eventually become a credib le alternative.Some ideas and prototype of the cryptosystempresented in this work remain to be completed. Butthe cryptographic concepts that we are developedpermit to see more clearly the importance ofencryption and digital signature in trade security ininformation s ystems.

Today, two types of encryption allow to securedigital exchange, however, is not to our knowledgeof systems that combine thes e two techniques.We conclude that both techniques arecomplementary and can be combined into a singlesystem if we wish to obtain an encryption systemnot only efficient, but also respond to the needs andexpectations of users.

VIII. REFERENCES[1] Ewelle Ewelle Richard ,TPE : Connectivit et

scurit des rseaux sans fils, Institut de lafrancophonie pour l'info rmatique, rapport final ,Hano, Juillet2009[2] Laurent Bloch et Christophe Wolfhugel,Scurit informatique Principes et mthode,ditions Eyrolles 2007.[3] Cdric Llorens , Laurent Levier et Denis Valois,Tableaux de bord de la scurit rseau, ditionsEyrolles ,2me d ition 2006.[4] CGI, tude technique : Cryptographie clpublique et signature numrique Principes defonctionnement, Septembre 2002 .[5] Mohammed C Kocher, Timing Attacks on

Implementations of Diffi

e-Hellman, RSA, DSS, andOther Systems, Advances in Cryptology -CRYPTO96,LectureNotes in Computer Sciences,

Springer, 1996.[6] David Brumley et Dan Boneh, Remote TimingAttacks Are Practical, 12th USENIX SecuritySymposium, 2003.[7] La Lettre d'ADELI n46 ,Signaturecryptographique : du numrique llectronique ,

Janvier 2002.[8]Sammy POPOTTE-Laboratoire SUPINFO destechnologies Microsoft ,Prsentation d'IPSEC dansun environnement Windows 2000,[9] National institute of standards and technology(NIST),Advanced Encryption standard (AES)Conference, (Rome, Italy), March 1999.[10] National institute of standards and technology(NIST),Advanced Encryption standard (AES),Federal Information Processing Standards (FIPS)publication197,2001.