Article - I
advertisement
6th International Science, SocialSciences, Engineering and Energy Conference 17-19 December, 2014, Prajaktra Design Hotel, Udon Thani, Thailand I-SEEC 2014 http//iseec2014.udru.ac.th The Increasing of Security in Log in System Kritsanapong Somsuka,e1, Karaphat Kounlaxayb, Chalida Sanemueangc,e2 a Department of Electronics Engineering, Faculty of Technology, Udon Thani Rajabhat University, Udon Thani, Thailand b Department of Computer Engineering, Faculty of Engineering, Souphanouvong University, Laos Language Center, Udon Thani Rajabhat University, Udon Thani, Thailand e1 kritsanapong@udru.ac.th, e2Chalida.sanemueang@gmail.com, Abstract Log in system is a system which is used for the authentication. The disadvantage of this system is that, if the attackers can trap information which is transported over the insecure channel, they can use the application of the user to access into the system. In 2010, the applying RSA with login system was proposed to increase the security by encryption and decryption. However, the attackers can recover the private key whenever the modulus is factored. In this paper, applying modified RSA, is called MMCS, with the login system is presented to increase more security when compared with the login system which is applied with RSA. The security of this system is based on the difficulty of integer factorization and discrete logarithms. The experimental results show that the security of the log in system which is applied with MMCS is more secured than the security of the log in system which is applied with RSA. However, the computation time of the proposed system is too long. Keywords: Log in System, RSA, Security, MMCS 1. Introduction Data Transmission on a network system is very popular nowadays. However, the network system is not a secure channel for data transmission. Therefore, the information security is an important issue. At present, there are many methods for the information security and one of the information securities that are very popular nowadays is the cryptography. The cryptography is an information security process for data transmission. In this process, a message or data must be encrypted first and sent to through a network system. Hence, if the attackers get the information on the network system, they cannot access into that formation because it is encrypted. Besides, if the attackers want to get the initial message, they have to decrypt the encrypted message through the decryption process which uses secret keys. It means that, the attackers must use secret keys to decryption. The cryptography is divided into two categories which are Symmetric Cryptosystem and Asymmetric Cryptosystem. The Symmetric Cryptosystem refers to encryption methods in which both the senders and receivers share the same key, is called “secret key” to encrypt and decrypt the message. The disadvantage of the Symmetric Cryptosystem is a problem with exchanging of secret key between the senders and receivers. The other system is Asymmetric Cryptosystem, also known as Public-key Cryptosystem. This system requires two separate keys, one of which is published, called “public key” and one of which is kept secret, called “private key”. The information or message which is encrypted by the public key must be decrypted by the private key only. On the other hand, the information or message that is encrypted by the private key, it must be decrypted by the public key. The advantage of the Asymmetric Cryptosystem is to be able to solve the problem with exchanging of the secret key because the private key is kept secret. At present, there are many methods that are developed for the Asymmetric Cryptosystem and one of the most popular methods that are used nowadays is the RSA algorithm. RSA algorithm is a method which computes the product of two prime numbers by this process is very easy. In contrast, to compute factors of the modulus by this process is very difficult. Thereby, the information security will depend on the difficulty of the factoring modulus. The login system is a system that uses to prove the identity of users. This system will prove the identity of users from the evidences and examine the accuracy in order to prove that this user is existent. However, to send the evidence or message from the channel to the server is not secure. Therefore, if the attackers can trap or get the signal or evidence, then the attackers will find the personal information of the users and can use them to access into the user’s account. In 2010, Li Ming-xin and Kang Feng [2] presented the way to increase the security for the login system. They used the RSA algorithm and applied it to the login system in order to make the security to be safer. Two years later, in year 2012, Rasmi and Varghese Paul [3] presented the MMCS algorithm, which is a way to increase the security in RSA process. Due to the security of RSA depends on the difficulty of factoring modulus only. If the value of the modulus can be factorized, then the RSA is no more secure. However, the modern RSA algorithm is harder to attack because it depends on the difficulty of the computation of Discrete Logarithm. This research aims to emphasize the developing of login system which is applied from the MMCS algorithm in order to increase the security of the login system. Due to the comparison of the difficulty of the computation of secret key between the login systems, applied from MMCS algorithm is more difficult than the system, applied from RSA algorithm. 2. Related Work 2.1 RSA RSA is public-key cryptography which uses two keys to encrypt and decrypt a message or data. One key will be published, is called “public key” and another key is called “private key” and the key generators will keep it secret. The RSA algorithm can be applied and used to encrypt the plaintext or to verify a digital signature for encryption. The RSA algorithm is divided into three procedures which are; key generation, encryption and decryption. 2.2 MMCS MMCS is a new algorithm which is developed from the RSA algorithm in order to increase the security to be more difficult to be attacked. The difficulty of the attacking the MMCS algorithm is that, the attackers must factorize the factors of the modulus and compute the value of the Discrete Logarithm. Then, they can compute the value of the private key. This algorithm is divided into three procedures as follows: The first procedure: Key generation The key generators compute the values of public key and private key to encrypt and decrypt the plaintext. 1. Randomly to compute the large prime numbers, which are identified as p and q and the size of p and q are equal. 2. Compute the value of the modulus n=p * q. 3. Compute the value of Euler φ(n) = (p-1)*(q-1). 4. Choose the public key as e, which e is coprime or relative prime numbers with φ and the e must be more than 1 and less than φ(n) in algorithm of the Extend Euclidean [4]. 5. Choose the private key as s, which s must be more than 1 and less than n. 6. Compute the value of t, which t n-1= ts mod n and t is the second public key. 7. Compute the r from r= ts mod n and r is the third public key. 8. Compute the private key of d, from e*d mod φ(n) =1. In conclusion, the MMCS algorithm can generate three public keys which are (e, r, t) and two private keys which are (d, s). After that, the key generators will publish the public key and identifies the value of n as public key and they will keep the private key secret. The second procedure: Encryption process When the senders want to send private data or secret data to the key generators (receivers), the senders will use the public key and the value of n from the receivers to encryption as follows: 1. Randomly to compute the integer of k in Zn*. 2. Compute ct = me mod n – rk mod n when m is an initial message. 3. Compute cs = tk mod n when cs and ct are cipher texts. The third procedure: Decryption process When the receivers get the ciphertext from the senders, they will decrypt the ciphertext by using the private key as follow: m = (ct+ css) mod n 3. Research Methodology The modified method of login system will be divided into two processes; the first process is on the part of the users. It consists of the value of public key, which is generated by the server and the encryption before sending the message to the server. The second process is on the part of the servers. It consists of the decryption of the message (password) and the examination of the accuracy in the database. 3.1 The users’ process The users’ process is a process to access into the system from servers Start Receive a public key from server Log in by usernames and passwords Encrypt the passwords by using MMCS Send usernames and encrypted passwords to the server Finish Figure 1 Process of the users Figure 1 shows a working process of new login system from the users. It can be described as follows. Access to the system that use login system by researchers, servers will send the public key and values of modulus to users. 1. Users fill in usernames and passwords before it sends to the servers. 2. After users send usernames and passwords to servers, the system will use only the password to encryption. In this process, it will use the public key from the process of MMCS algorithm. For encryption process, it can use the new process that shows in [6] to reduce the computation time. 3. Send usernames and passwords that have already been encrypted to the servers. 3.2 The servers’ process The servers’ process is a process to examine the users’ information in order to ask for permission and identify the terms of services for users. Start Receive usernames and encrypted passwords from clients Decrypt the passwords by MMCS algorithm Do the usernames and passwords appear on a database or not? Accept Reject Finish Figure 2 the servers’ process Figure 2 shows a working process of new login system from the servers. It can be described as follows. 1. Receive usernames and passwords that have already been encrypted from the users. 2. Use a private key to decrypt, only for a password in order to get the correct password. In this process, it will use the MMCS algorithm to decrypt. 3. Examine usernames and passwords that have already been decrypted from the users whether they are appeared on the database or not. In case that they are on the database, the servers will give permission and identify the terms of services for users. If not, the servers will decline the permission for the users. 4. Results This research has been experimented with the values of n which are small sizes. However, if the researchers want to use this system, they should increase the sizes of n to be not less than 1024 bits. Figure 3 and 4 show a page of webpage before and after logging into the system. It can be seen that the system has sent the public keys e=17, r=870 and t=401 and modulus n=8509 to the system to encryption the password, and the value of secret key d (d=5381) and s(s=11) will be kept secret in the database. Figure 3 A page of webpage before logging into the system Figure 4 A page of webpage after logging into the system Table 1: A comparison between the time that use to encryption by using RSA algorithm process and MMCS algorithm process when n=8509, e=17, r=870 and t=401 Initial Message (passwords) 9 13 124 800 1234 2345 4000 6165 7999 Time to encryption by using RSA algorithm (seconds) 0.00000405 0.00000406 0.00000574 0.00000829 0.00000314 0.00000263 0.00000362 0.00000405 0.00000364 Time to encryption by using MMCS algorithm (seconds) 0.00113 0.00103 0.00131 0.00144 0.00103 0.00177 0.00131 0.00107 0.00114 From the table 1, it shows that MMCS takes longer time than RSA to encryption in any situations. It causes of the computation of MMCS algorithm is more complex than RSA algorithm. Then, if the system uses the MMCS to log in the system, it could be taken with a large key (at least 1024 bits) and the system will use very long time to process data. However, by the process of MMCS algorithm, it is much more secure than RSA algorithm because factoring prime numbers in MMCS is more difficult. Besides, to attack the MMCS algorithm, it also depends on the difficulty of the computation of Discrete Logarithm. 5. Conclusion This research aims to present the new login system which is more secure than the last one. This new login system is applied from the MMCS algorithm because the MMCS algorithm is a public key encryption process and it is also applied from the RSA algorithm. From this research, the process that applied from MMCS is safer than the process that applied from RSA. Due to the security of MMCS depends on two factors which are; 1. the difficulty of factoring the modulus 2. the difficulty of the computation of Discrete Logarithm At the same time, the security of RSA depends on the difficulty of factoring the modulus only. If the attackers can factor the modulus, they can compute the value of private key which has only d. On the other hand, from the MMCS algorithm there are two private keys, which are d and s. However, the attackers can compute the value of private key d (from the factoring the modulus), they cannot decrypt the password because they do not have the private key s. To compute the value of private key s, they have to compute the value of Discrete Logarithm. From the result, it shows that the new system takes longer time to process data than the system that applied from the RSA and the other systems because of the complexity of the computation. However, the new system which is presented, is more secure because the attackers have to factor the modulus and compute the value of Discrete Logarithm, then they can compute the values of private keys. 6. References [1] R.L. Rivest, A. Shamir, L. Adleman. 1978. A method for obtain digital signatures and public key cryptosystems. Communications of ACM. 21(1978): 164 – 158 [2] L. M.-xin and K. Feng. 2010. An improved sign-in scheme based on RSA cryptosystem. International Conference on Computer Application and System Modeling (ICCASM). 6(2010): 35 – 37 [3] P.S. Rasmi and V. Paul. 2012. An Implement of a New public key System based on RSA which leads hackers solve multiple hard problems to break the cipher. International Conference on Intelligent Systems Design and Applications (ISDA). (2012): 656 – 661 [4] J.Zhou, J. Hu, P.Chen. 2010. Extended Euclid Algorithm and Its Application in RSA. International Conference on Information Science and Engineering. (2010): 2079 – 2081 [5] A. Chhabra and S. Mathur. 2011. Modified RSA Algorithm. International Conference on Computational Intelligence and Communication Networks (CICN). (2011): 545-548 [6] A.J. Elbirt. 2008. Understanding and Applying Cryptography and Data Security. The United States of America : Taylor& Francis Group.
