Final Term Project Report
advertisement
Network Security
Final Term Project Report
Implementing Secure IRC application with Elgamal
ICE615
Hyungki Choi
2001523
12-17-2001
1.0 Introduction
Internet Relay Chat (IRC) is a virtual meeting place where people from all over the world can
meet and talk. Therefore, you'll find the whole diversity of human interests, ideas, and issues here, and
you'll be able to participate in group discussions on one of the many thousands of IRC channels, or just
talk in private to family or friends, wherever they are in the world. The problems of participating in
discussions on IRC are generally due to being anonymous on the Internet. For example, some may use
foul language without any reason, introduce provocative materials to young ones who haven’t matured
enough to control themselves, and present annoying advertisements. There will be a lot more other
annoying reasons that some people doubt the usefulness of using IRC.
To protect from experiencing inconvenient and uneasy moments while using IRC, it will be a
good idea that if we can at least guarantee the people we are talking with. It will prevent some people who
take advantages of the fact that the anonymous status on Internet protects us from receiving annoying
electronic advertisement. To achieve the general goal of protecting from unknown person to joining on
the IRC discussion, we come up with implementing some security methods to make better discussion
environment.
In this Network Security term project, based on the knowledge of what I gathered from the
throughout the course, I have attempted to implementing some well know techniques (algorithms) to
protect unknown users to join our online discussion. To verify whether he/she is trustworthy, the wellknown method of authentication with Elgamal has been implemented. After we trust each other by
authentication, we then use public key system (Elgamal) to verify among the participants in the
discussions. Lastly, the addition of string encryption/decryption on the text exchanged during the IRC
discussion sessions will provide the protection of some private purpose discussions. In the following
report, the implementation of the IRC application will be described in more
2.0 Purpose
The purpose of this term project is the implement the secure Internet Relay Chat application
with Elgamal cryptographic algorithm. Although we haven’t deeply learned how Elgamal works, it will
be a good chance of having a nice experience to see how the algorithm can actually implemented. To
learn what we learn in the class, is achievable, and whether it really make better secure to the system. In
addition, to see whether implementing the security features will reduce the problems of doing chatting in
the real world. Therefore, we can prevent from harassing by some unknown people from other places.
3.0 Overall Design
The overall design of the application is that when we first start to use IRC application it asks to
a user whether he already has an id & password to have a right to use the application. If they have then
they can type their id & password to start using the application, if not, then they have to type desired id &
password to register their id, password, & their public key to store in the database server that takes care of
(more importantly public key related to the corresponding id).
Once they enter (pass) the login dialog box, they have to setting up the some information to
actually connect other application (people) to start chatting. When they try to establish connection
between two people (applications) – limitation of the current application is that only two people can
participate in the discussion -, the client encrypts the message with his private key, and send it with his id
to the server. After the server receives the ciphertext with corresponding id, the server decrypts the
ciphetext with the sender’s public key. The receiver can obtain the sender’s public key by the given id
from the sender.
After connection is established, whoever wants to send the message to other person, he/she has
to encrypt his/her message with the receiver’s public key, and he/she sends it to the receiver. Since the
only receiver knows the corresponding private key to decrypt message.
4.0 Elgamal
Key generation for Elgamal public-key encryption
Each entity creates a public key and a corresponding private key.
Each entity A should do the following
1.
Generate a large random prime p and a generator
of the multiplicative group
of the integers modulo p
2.
Select a random integer a, 1 <= a <= p – 2, and compute
3.
A’s public key is (p,
a mod p
, a ); A’s private key is
Elgamal public-key encryption
1.
Encryption. B should do following:
(a) Obtain A’s authentic public key (p,
, a ).
(b) Represent the message as an integer m in the range { 0, 1, … , p –1 }
(c) Select a random integer k, 1 <= k < = p –2
(d) Compute
k mod p
(e) Send the ciphertext c =
2.
and
( , )
m * ( a ) k mod p .
to A.
Decryption. To recover plaintext m from c, A should do the following:
(a) Use the private key a to compute
(b) Recover m by computing
p 1a
mod p
( a ) * mod p
p*
5.0 Login
Login occurs whenever the program executes which is mainly trying to establish with the trust
between a user and a database server that contains user ids, passwords (for accessing database server),
and public keys for the corresponding user. If you don’t have an id on the database server to access, you
can register through Login dialog box with typing the desired id, and Password. Then clicking New ID
buttons,
Maximum allowable character length is 50 for both id, and password. To protect from widespread
password all over the public, displayed characters of the password text field will be masked as shown on
the above figure. If you are already registered, you can type your id & password on the respective two
edit controls. The application will check whether the id & password you want to use are available or not.
“Cancel” button is used for terminating the application in case you don’t want to process any further.
Either id is not presented on the database server or password is not matched with what the database has
for the corresponding id, another small dialog box will appear to ask type id or password again, or
terminate the application.
6.0 Access Database
For simplicity of the term project, I used Microsoft Access as a database that contains id,
password, and public key. It can be used in this project purpose, but for the actual implementation more
complex and better database will be required. Microsoft Access has limitation of inserting data, and size
of column. The problem is that if we want to control a large group of people, and large sized public key,
then Access will not be able to perform what you are expecting from other commercial database software.
Therefore, in real world, more carefully planned table management, and definition have to be considered.
In the program, id, and password what user typed when they registered fills columns, and a pair
of the public key, and the Elgamal algorithm in the program will generate the private key corresponding
to the user. The public key is inserted into the database for other user to access to encryption or
decryption. On the other hand, the generated private key is stored in txt file, and is saved in the user’s
computer.
The following figure is the column definition of public key. As you can see, the field size is set to 255 that
are maximum size allowed in Microsoft Access. Some of you already assume that the storing the large
size public key in Microsoft Access database is very difficult. You may be able to store if you divided the
actual public key into pieces and stored over multiple columns, but the inconvenient use of the data will
not only time consuming, but also inefficient. Additional importance in the column definition is that the
all id, password, and public key columns are distinct columns. The meaning is that there will be no
duplicate values will be saved on the database. This will double-check the application integrity because
database also checks whether or not all public keys are unique.
During the application execution, public key field will be accessed whenever they need to
encryption or decryption (for authentication). In addition, the modification of public key column should
not be allowed to without modifying private key at the same time. Otherwise there will be problem when
we encrypt/decrypt with the modified public key. If you want to change your public key, you better delete
the row where you own, then regenerate the desired id, password, and a pair of public key and private key.
7.0 Authentication
According to Charlie Kauffman, Radia Perlman, and Mike Speciner, Authentication is the
process of reliably verifying the identity of someone (or Something). Although we used password-based
authentication, in here, we are talking about the authentication with public key encryption. During the
application execution, one becomes a server, and the other becomes a client. To achieve the authentication
between them, the client-side user sends encrypted ciphertext with his private key, and his id to the server.
Then, the server receives the encrypted ciphertext, and the client id. With the client id, the server accesses
the database server to get the client’s public key to decrypt the received message. Since the client sent his
id, the server knows where to look for the correct public key at the database server. If the decrypted
message is equal to the id of client sent (because when client encrypt message with his private key, the
plaintext was his id), then the authentication of the client is achieved. Since this is the IRC application
that the server only acts during the session (next session the server may become a client), the server might
not need to authenticate the client because if the client can’t trust, don’t connect to the server.
The below figure shows you the client side IRC application that the client just sent ciphertext
encrypted by his private key, and he also sent his id (‘kyusuk’ in this case).
Then the server side application listens to the network until it receives the socket client just sent. When
the server application receives the encrypted message (ciphertext) with the client’s id, the server
application will access the database server to retrieve the client’s public key. If the client didn’t sent who
he/she is with his id, the server needs to going over all the public key to try whether it produces
meaningful data, in this case, the decrypted message is on the list of id column data. It will take a lot of
time depending on the number of registered users. To get better performance, the client sends his/her id. If
you compare the below received the ciphertext and the above ciphertext sent are same as expected, and
auth_id, the client’s id, is correctly received.
8.0 String Encryption/Decryption
During the discussion after the authentication is established, all text are encrypted before it is
sent to the other side with Elgamal algorithm. Unlike the previous example, an encryption is done with
the receiver (who will get the message)’s public key. Since the people involved the discussion already
knows who participated in the discussion it is easy to encrypt the corresponding receiver’s public key.
Once the receiver gets the message, he/she decrypted with his/her private key (stored on the
corresponding users’ computer). These steps of encryption/decryption will continue on the same way until
the discussion session terminates.
The first part shows the encrypted message with his/her public key. The current user id is
‘Kyusuk’. The second chunk of the message that is the encrypted message with the ID that is on the
socket (display to check what kinds of messages being sent).
As you can see the above figure, the second part of ciphertext received is the encrypted message
just received from the user name ‘Kyusuk’. After decrypted message with the receiver’s private key it
gets the plaintext “Nickname: How are you?” The nickname is the sender’s nickname that the sender
hasn’t provided when the IRC session achieved. Therefore, it is used as a default.
9.0 Limitations
The limitations of the IRC application are due to the limitation of Microsoft Access Application
the practical key size has to be 256 at maximum although IRC application allows larger key size. Since
we can store the larger than 256-size key, in this project we have to settle for the 256 key sizes. The only
public key system (asymmetric) is used in the application the performance wise is not better than the
application that uses symmetric algorithm for the string encryption/decryption part. It will improve the
performance if we can implement the symmetric algorithm to encrypt/decrypt message. Since the key size
used in the application isn’t large, you can’t feel the slow performance due to use of public key system.
The current application only allows the session between two people. It will be better is we can implement
the actual server that can control the multiple discussion participants. To make a connection between two
people, the current application has to type the port number manually which is very inconvenient, we can
set the port number either dynamically or get rid of the port number to programmatically set (although it
may not be the good solution).
10.0 Conclusion
Although there were some difficulties to accomplish the project, I was able to make the project
work. Based on the knowledge of what I gathered from the throughout the course, I have attempted to
implementing some well know techniques (algorithms) to protect unknown users to join our online
discussion. To verify whether he/she is trustworthy, the well-known method of authentication with
Elgamal has been implemented. After we trust each other by authentication, we then use public key
system (Elgamal) to verify among the participants in the discussions. Lastly, the addition of string
encryption/decryption on the text exchanged during the IRC discussion sessions will provide the
protection of some private purpose discussions.
