Add to collection(s) Add to saved
  1. No category
Uploaded by package rep

ICSTC.2018.8528584

advertisement 
2018 4th International Conference on Science and Technology (ICST), Yogyakarta, Indonesia
Security System Analysis in Combination Method:
RSA Encryption and Digital Signature Algorithm
Farah Jihan Aufa
Departement of Electrical Engineering
Institut Teknologi Sepuluh Nopember
Surabaya, Indonesia
jihan16@mhs.ee.its.ac.id
Endroyono
Departement of Electrical Engineering
Institut Teknologi Sepuluh Nopember
Surabaya, Indonesia
endroyono@ee.its.ac.id
Abstract — Public key cryptography or asymmetric keys are
widely used in the implementation of data security on
information and communication systems. The RSA algorithm
(Rivest, Shamir, and Adleman) is one of the most popular and
widely used public key cryptography because of its less
complexity. RSA has two main functions namely the process of
encryption and decryption process. Digital Signature Algorithm
(DSA) is a digital signature algorithm that serves as the standard
of Digital Signature Standard (DSS). DSA is also included in the
public key cryptography system. DSA has two main functions of
creating digital signatures and checking the validity of digital
signatures. In this paper, the authors compare the computational
times of RSA and DSA with some bits and choose which bits are
better used. Then combine both RSA and DSA algorithms to
improve data security. From the simulation results, the authors
chose RSA 1024 for the encryption process and added digital
signatures using DSA 512, so the messages sent are not only
encrypted but also have digital signatures for the data
authentication process.
Keywords—security; encryption; RSA; DSA; Digital Signature
I. INTRODUCTION
Cryptography has two important processes: encryption and
decryption. Encryption is the process of encoding the original
message into a message that can not be interpreted as the
original while the decryption is to change the message that has
been encoded into the original message. There are two models
of encryption algorithms namely symmetric keys and
asymmetric keys. A symmetric key uses only one key to
encrypt and decrypt a message. The asymmetric key uses two
keys: public key and private key. An asymmetric key is a
public-key cryptography.
The Rivest-Shamir-Adleman (RSA) algorithm is most
widely used for public key encryption approaches. Digital
signature is an authentication mechanism that allows the sender
of message to attach the code as digital signature. Generally,
digital signature is formed by retrieving the hash of the
message and encrypting the message with the sender's private
key. This signature guarantees the source and integrity of the
message [1].
Researchers have conducted research on RSA and DSA
algorithms, including implementing encryption and decryption
with a single text using a combination of RSA algorithms with
Achmad Affandi
Departement of Electrical Engineering
Institut Teknologi Sepuluh Nopember
Surabaya, Indonesia
affandi@ee.its.ac.id
MD5 [2]. Other researchers have also analyzed the
performance of RSA algorithm by changing key length bits in
virtual banking applications [3]. RSA is also applied to e-health
security systems [4], e-learning applications [5], and one time
passwords on fund transfers [6]. Chong Fu and Zhi-liang Zhu
have been simulated RSA 1024 in C++ and it can be generated
within 2 minutes in PC platform[8].
This paper discusses the performance analysis of each
method, and combination of both RSA and DSA methods so it
can improve its security system with a relatively fast time. The
structure of the distribution in this paper is: Section II contains
the theory of RSA algorithm and DSA algorithm. Section III
describes the proposed system model. The performance
analysis of the combination of both RSA and DSA methods
will be explained in section IV and section V is the
conclusions.
II. DSA AND RSA ALGORITHM
A. Security Requirement
An international organization called the International
Telecommunication
Union
–
Telecommunication
Standardization Sector (ITU-T) defines several types of
services and mechanisms of network security. Network
security services are defined based on the needs that must be
provided to meet the demand for network security. In this
section we will first discuss the types of network security
services based on ITU-T recommendations in X.800
documents (ITU, 1991).
1) Authentication
When Alice communicates data with Bob through the data
network there are two issues that arise, namely how Alice can
be sure that she is communicating with Bob and how Alice can
be sure that the data she receives is from Bob. The
authentication service ensures both. The first service is called
entity authentication that is a network security service that
provides certainty to the identity of the entities involved in
data communications. While the second service is called
authentication data is a service that provides certainty to the
source of a data.
978-1-5386-5813-0/18/$31.00 ©2018 IEEE
2018 4th International Conference on Science and Technology (ICST), Yogyakarta, Indonesia
2) Access Control
Access control is a network security service that prevents
unauthorized use of resources. In network applications usually
the capability policy is determined by the type of user. For
example, an electronic medic record data can only be accessed
by patients and paramedics involved.
2) Encryption
The RSA encryption algorithm uses the exponential
function in modular n as in the equation below.
3) Data Confidentiality
Data confidentiality is a network security service that
protects transmitted data against unauthorized disclosure. For
example, Alice sends confidential data over the Internet to
Bob, at the same time Eve is able to read confidential data sent
through the router then the data confidentiality service ensures
that confidential data even though Eve can read is kept
confidential.
3) Decryption
The RSA decryption algorithm is an inverse of RSA
encryption. Just like the encryption algorithm, the RSA
decryption algorithm is a modular exponential function n by
using the private key as in the equation below.
4) Data Integrity
Data integrity is a network security service that ensures
that the data received by the recipient is exactly the same as
the data sent by the sender. For example, Alice wants to send
M messages to Bob then the data integrity service provides
knowledge to Bob when M changes.
5) Non-repudiation
Non-repudiation service is a network security service that
avoids the denial of receiving or transmitting data that has
been sent. For example, Alice sends M's message to Bob, then
Bob with this service can provide proof that the data was sent
by Alice and vice versa Alice with the same service can prove
that the message has been sent to Bob.
6) Availability
The availability service is a system service that keeps the
system resources accessible and usable when there is a request
from the appropriate authorities. Attacks on systems such as
denial of services make the system inaccessible to the
authorities [7].
B. RSA Algorithm
To secure the data, can be done encryption and decryption
process using RSA algorithm. The RSA algorithm has 3
important processes: key generation, encryption, and
decryption.
1) RSA Key Generation
In key generation process, firstly we generated a key pair
that is public key and private key. Here is an algorithm for
generating RSA keys:
1. Generate two prime number, p dan q.
2. Count n = p ⋅ q. Preferably p ≠ q, because if p = q
then n = p2 so p can be obtained by pulling the square
root of r.
3. Count φ(n) = (p – 1)(q – 1).
4. Choose public key, e, relatively prime to φ(n)
5. Generate secret key, d, d ⋅ e ≡ 1 (mod φ(n)).
So in the end, the RSA key generation algorithm assigns
(e, n) as public key and d as private key.
C = Pe mod n
P = Cd mod n
(1)
(2)
C. DSA Algorithm
In DSA algorithm, there are 3 important process, such as
key generation, signing, and verifying.
1) DSA Key Generation
Before generating the key, there are several parameters on
which to know, ie:
1. p, is prime number with L bit length, 512 ≤ L ≤ 1024
and L must be multiples 64. p parameter is public.
2. q, is prime number with 160 bit, is a factor of p – 1. In
other words, (p – 1) mod q = 0. q parameter is public.
3. g = h (p-1)/q mod p, which in this case h < p – 1 so h( p−1) /
q
mod p > 1. g parameter is public.
4. x, is an integer less than q. x parameter is private.
5. y = g x mod p , is public key.
6. m, is message to be signed
Here is key generation algorithm of Digital Signature:
1. Choose prime number p and q, which in this case (p-1)
mod q = 0
2. Count g = h(p – 1)/q mod p, which in this case 1 < h < p –
1 dan h(p – 1)/q mod p > 1
3. Specify the private key x, which in this case x < q
4. Count public key, y = gx mod p.
2) Signing
Signers and verifiers must first agree to choose the same
hash h function. To get its digital signature, the signer runs a
signing algorithm using the hash h function and inputs a
message m, private key, and public key
1. Generate number k randomly for each message,
where 0 < k < q.
2. Count r = (gk mod p) mod q
3. Count s = (k-1(SHA-1(m) + x*r)) mod q, where SHA1(m) is SHA hash function to m message.
4. The digital signature is (r, s)
3) Verifying
After verifiers receive message and digital signature
(m,r,s), then verifiers runs verifying algorithm to verify the
digital signature.
1. Count w = (s)-1 mod q
2. Count u1 = (SHA-1(m)*w) mod q
3. Count u2 = (r*w) mod q
2018 4th International Conference on Science and Technology (ICST), Yogyakarta, Indonesia
4.
5.
Count v = ((gu1*yu2) mod p) mod q
The digital signatue is valid if v = r
D. RSA and DSA Combination Algorithm
The combination algorithm of the proposed method is a
combination of RSA and DSA algorithms so that the messages
sent are not only encrypted but also digitally signed in order to
increase the security level of their messages.
III. SYSTEM MODEL
The proposed system model is to combine RSA algorithm
for encryption and decryption process, and DSA to create
digital signature.
The keys is generated by a third party or trusted party.
Each user will get a key pair that is public key and private key.
The keys will be used by the user to perform the next process
of encryption, signing, decryption, and verifying.
1) Combination Key Generation
Key generation is done to obtain the public key and private
key, which in this proposed method, there are two public keys
and two private keys.
1. Choose prime number p and q randomly with (p-1) mod
q = 0. p and q parameter is public.
2. Count g=h(p-1)/q mod p. Where 1<h<p-1 and g parameter
is public.
3. Generate first private key, x, where x<q
4. Generate first public key, y, where y=gx mod p
5. Count n=p.q
6. Count φ(n) = (p-1)(q-1)
7. Generate second public key, e, where e is relatively
prime with φ(n)
8. Generate second private key, d, where d=e1 mod φ(n)
Fig. 1 is a block diagram between the sender and receiver
of the proposed method. Once the user has a pair of keys, the
sender will send a message to be encrypted using the receiver's
public key and digitally signed using the sender's private key.
The receiver receive ciphertext and decrypt the message with
the sender's public key and verify the digital signature with the
sender's public key. If the digital signature is valid, then the
message is received.
Thus, after generating the key, two public keys and two
private keys are obtained. The first public key and first
private key is to create a digital signature. While the public
key and the second private key is for the process of
encryption and decryption.
Fig 1. System Flow of Purposed Scheme
2) Encryption and Signing
The next process is to convert the original message
(plaintext) into an encrypted message (ciphertext) and to give
a digital signature to the message. C, denotes ciphertext, P,
denotes plaintext, r and s denotes its digital signature.
1. To get ciphertext, C = Pe mod n
2. Choose k randomly, where 0<k<q
3. Count r=(gk mod p) mod q
4. Digital signature is S=(k-1.(SHA-1(m) + x.r) mod q
Where m is message. And those sent on the receiver are
ciphertext (c) and digital signatures (r, s).
3) Decryption and Verifying
The next process is to convert the ciphertext to plaintext
and verify the digital signature.
1. To get plaintext, P = Cd mod n
2. Count w=(S-1) mod q
3. Count u1=(SHA-1(m).w) mod q
4. Count u2=(r.w) mod q
5. Count v=((gu1.yu2) mod p) mod q
If v=r then the received digital signature is valid, and if v≠r
then the received digital signature is not valid.
IV. SIMULATION RESULTS
From the proposed system model, simulation has been
performed to find out the time comparison between RSA 512,
RSA 1024, RSA 2048 and also DSA 512, DSA 1024 in order
to select and adjust how many bits will be used in the system.
In this simulation, we used message with 300 characters. The
simulation is done with processor Intel(R) Core(TM) i73632QM CPU @ 2.20GHz, RAM 4 GB, dan 64-bit Operating
System.
Fig. 2 shows the comparison of generating key, encryption,
and decryption's computation time of RSA with various bits of
512 bits, 1024 bits, and 2048 bits.
Fig 2. Time Comparison of RSA 512, RSA 1024, and RSA 2048
Fig. 3 is time comparison of key generation, signing, and
verifying ratio between the DSA 512 and DSA 1024.
2018 4th International Conference on Science and Technology (ICST), Yogyakarta, Indonesia
Computation time of generating key is very different. While the
time on the signing and verifying process is almost the same.
Therefore, DSA 512 is chosen because the computation time of
key generation is faster than DSA 1024.
RSA 1024 and DSA 512. The total time required for RSA
1024 encryption process is 4 ms. The total time required for
DSA 512 for signing process is 4 ms. And the total time
required of RSA 1024 and DSA 512 combination methods for
encryption and signing is 5 ms.
Fig 3. Time Comparison of DSA 512 and DSA 1048
After comparing the computational time of RSA and DSA
with some bits, the next step is to compare the computational
time of various RSA combinations (512, 1024, and 2048) bits
and DSA (512 and 1024) bits as in Table 1 below.
TABLE I. TIME COMPARISON OF RSA AND DSA
RSA & DSA
(ms)
DSA 512
DSA 1024
KG
ES
DV
KG
ES
DV
RSA 512
3782
5
12
53854
5
14
RSA 1024
14425
5
26
238600
5
26
RSA 2048
39868
5
106
14830
5
103
From the results obtained in the simulations that have been
performed as in Fig 2, Fig 3, and Table 1, it was decided to use
RSA 1024 and DSA 512 bits. We chose RSA 1024 and DSA
512 because of the relatively fast computing time of other
combinations. Here is time comparison between key
generation, encryption and signing, decryption and verifying
between RSA 1024, DSA 512, and a combination of RSA 1024
and DSA 512.
Fig. 4 is the time comparison between RSA 1024, DSA
512, and a combination of RSA 1024 and DSA 512. The total
time required of RSA 1024 is 657 ms. Total time required
DSA 512 is 10151 ms. And the total time required of RSA
1024 and DSA 512 combination methods is 14425 ms.
Fig. 5. Time Comparison of Encrypt & Signing (ms)
Fig. 6 is the time comparison of decryption and verifying
between RSA 1024, DSA 512, and combination between RSA
1024 and DSA 512. The total time required of RSA 1024 for
the decryption process is 29 ms. The total time required for
DSA 512 for verifying process is 3 ms. And the total time
required of RSA 1024 and DSA 512 combination methods for
decryption and verifying process is 26 ms
Fig. 6. Time Comparison of Decrypt & Verifying (ms)
Fig. 7 is the time comparison of key generation, encryption
and signing, decryption and verifying. Total time required
RSA 1024 is 690 ms. The total time required DSA 512 is
10158 ms. And the total time required by the combination
method of RSA 1024 and DSA 512 is 14455 ms.
Fig. 4. Time Comparison of Key Generation
Fig. 5 is the time comparison of encryption and signing
between RSA 1024, DSA 512, and the combination between
Fig. 7. Total Time Comparison of The Methods
2018 4th International Conference on Science and Technology (ICST), Yogyakarta, Indonesia
From the simulation above, the combination method has
33.5% slower key generation time than RSA and DSA key
generation time separately. For encryption and signing
computation time, the combination method has 60% faster
computational time than the method separately, and for
decryption and verifying times it has a 23% faster than RSA
and DSA separately.
The next step is to analyze the security services of the
proposed method. From the types of network security services
based on ITU-T recommendations in X.800 documents (ITU,
1991), the proposed method meets several types of network
security services:
1) Message Authentication
This proposed method can realize message authentication
services. Example: When the sender sends a message m along
with its digital signature (r, s) created from the sender's private
key, the receiver can authenticate the message by verifying the
digital signature (r, s) with the sender's public key. The
message authenticated when the verification process is true.
Fig 8. Data Integrity
V. CONCLUTION
In this paper, a combination method of RSA 1024 and
DSA 512 has been performed since the computation time is
relatively fast. Obtained time for key generation is 33.5%
slower than RSA and DSA generation time separately. It has
60% faster computational time in encrypt and signing process.
And for decryption and verifying time, it has a 23% faster than
RSA and DSA separately. This combination method not only
can encrypt messages, but also provide digital signatures for
authentication process safely and fast.
REFERENCES
[1]
2) Data Integrity
Other than message authentication, this proposed method
can realize the data integrity services along with the sign and
verify process. The sender signs the message m and sends it to
the receiver by keeping the message intact. The sender can use
the hash function and get the digital signature (r, s) by calling
the sign algorithm by entering the digest m, (r, s) sign (h (m),
r, s, Skr). The sender sends (m, r, s) to the receiver. After the
receiver receives (m, r, s) then the receiver verifies the digest
m by returning true and the message is safe and received.
The plaintext is “Perancangan sistem keamanan pada OBU
adalah untuk membuat sebuah rancangan sistem yang akan
mengintegrasi sistem keamanan dengan OBU. Dimana metode
untuk enkripsi menggunakan enkripsi RSA dengan digital
signature menggunakan Digital Signature Algorithm.Metode
sistem keamanan ini akan diterapkan pada” with 300
characters. after that, the message will be encrypted and
become ciphertext and given a digital signature with the value
of r=1143967646540866233551540651509867893252565374
552 and s=41641828138206367094600637028087505589204
7301043. After the receiver receives ciphertext and digital
signature, then the receiver verifies the digest by returning true
and the data integrity is save and received as shown in Fig. 8.
[2]
[3]
[4]
[5]
[6]
[7]
[8]
W. Stalling, “Cryptography and Network Security: Principles and
Practice”, 5ft ed, Prentice Hall, 2011
Z Li Ping, S Qi Liang, and L Xiao Liang, “RSA Encryption and Digital
Signature”, in International Conference on Computational and
Information Sciences, 2011
R Soram, “On the Performance of RSA in Virtual Banking”, in
International Symposium on Advance Computing and Communication
(ISACC), 2015
Ali Sadikin, “Implementation of RSA 2048-bit and AES 256-bit with
Digital Signature for Secure Electronic Health record Application”, in
International Seminar on Intelligent Technology and Its Application,
2016
Ahmad Baihaqi, “Implementation of RSA 2048-bit and AES 128-bit for
Secure E-learning Web-based Application”, in 11th International
Conference on Telecommunication Systems Services and Applications
(TSSA), 2017
Gotimukul Venkatesh, “Application of Session Login and One Time
Password in Fund Transfer System Using RSA Algorithm”, in
International Conference on Electronics, Communications and
Aerospace Technology ICECA, 2017
Rifki sadikin, “Cryptography for Network Security”, Yogyakarta, 2011
Chong Fu, “An Eficient Implementation on RSA Digital Signature”, in
4th International Conference on Wireless Communication, Networking,
and Mobile Computing, 2008
Related documents
RSA AND RABIN FUNCTIONS:
RSA AND RABIN FUNCTIONS:
rsa
rsa
HW#4-1
HW#4-1
MATH 360 Mathematics of Information Security
MATH 360 Mathematics of Information Security
MATH 342—Homework problems on RSA June 9, 2006
MATH 342—Homework problems on RSA June 9, 2006
Name of RSA Area: Health Law and Policy
Name of RSA Area: Health Law and Policy
Download
advertisement