Private Meeting System Based On Cryptography
Ei Khaing Myint, Su Wai Phyo
Department of Information Technology
Mandalay Technological University
Abstract— As Internet and web technology are massively
developing, people around the world can instantly see every
changes and every events via the high speed communication
system. Facilities of online accessing is very powerful and
widely use for all regions. Therefore security is the most
challenging aspects in the internet and network applications.
To address the security concerns, various security protocols
that are of symmetric key and asymmetric key type have
been developed. Cryptography plays a central role for data
security. In order to get data security, this paper proposes
the data confidentiality by combining usage of symmetric
encryption algorithm and public- key encryption algorithm.
RSA (public key) algorithm is used for key generation and
AES symmetric key algorithm is used for message
encryption/decryption. The purpose of this private meeting
system is to share and exchange information securely among
the authorized person over the network at the same time.
The system is implemented by C# programming language.
Moreover, Hyper Text Markup Language (HTML), Active
Server Page (ASP.NET), Structured Query Language (SQL)
database server and Internet Information Server (IIS) are
also used to develop the web-based system.
Keywords— AES, Cryptography,
Private Meeting, RSA Algorithm
Online
Community,
I. INTRODUCTION
The computer network is being widely used to
communicate with each other. When more and more
sensitive information is stored on computers and
transmitted over the Internet, we need to ensure
information security and safety. Security means
protection the information against unauthorized users.
Cryptography provides the basis for authentication of
information as well as their security. Cryptography, or
cryptology, is a subject that is concerned with privacy or
confidentiality of communication over insecure channels,
in the presence of adversaries. Cryptography is the
process of converting data into a secret code for
transmission over a public network.
Cryptographic algorithms are either symmetric
algorithm, which used symmetric key (also called secret
key) or asymmetric algorithm, which is used asymmetric
keys. Generally, all cryptographic processes have four
basic parts: plaintext, ciphertext, cryptographic algorithm
and key. Cryptography is used to achieve the goals:
Confidentiality, Data integrity, Authentication, Nonrepudiation. The confidentiality can be achieved using
symmetric algorithms. As security tools, cryptographic
encryption algorithms are implemented in many
application areas. For high-speed consideration, the
symmetric key crypto system is more suitable to encrypt
a large amount of data. The advantages of symmetric key
cryptosystem are that the encryption and decryption
operations are very similar. In this system, symmetric key
cryptosystem of AES Algorithm is used for large amount
of information and RSA asymmetric encryption algorithm
are applied for key generation.
II. RELATED WORKS
Today is the era of Internet and network applications.
So the information security has been very important issue
in data communication. So, online communication
systems are developed to share and exchange the
important information in many research areas.
In the previous research work [1], Sye da Farha
Shazmeen and his fellows proposed a practical approach
for secure Internet Banking based on cryptography. This
work proposes challenge/response -based short-time
password authentication methods using Symmetric
cryptography in combination with Software Security
model. And then, Nitin K. Jharbade [2] presented
network based security model using symmetric key
cryptography (AES 256- Rijndael Algorithm) with public
key exchange protocol (Diffie-Hellman Key Exchange
Protocol) to strengthen secured communication over the
Network by enhancing the strength of the AES algorithm
with Diffie-Hellman key exchange Protocol.
With developing online communication systems,
security is the most challenging aspect in the online
community. In order to meet security requirements,
cryptographic algorithms [3] are widely used in many
research areas.
The paper [4] described secure information passing
system for online meeting. It was designed and developed
using symmetric algorithm “IDEA” for information
security.
According to the literature, it is seen that public key
algorithms provide the security requirements such as
confidentiality and authentication with the help of a key
pair. To obtain robust security system, this work proposes
AES secret key algorithm and RSA public key algorithm
based private meeting system for data security.
III. TYPES OF CRYPTOGRAPHY
Cryptography is the process of converting data into a
secret code for transmission over a public network. A
cryptosystem defines a pair of data transformations called
encryption and decryption. Encryption [5] is applied to
the plain text i.e. the data to be communicated to produce
cipher text (encrypted data) using encryption key.
Decryption [5] uses the decryption key to convert cipher
text to plain text (the original data). Cryptography, also
known as the science for keeping data secure, provides
the ability to store information or to communicate
between parties in such a way that prevents other noninvolved parties from understanding the stored
information or accessing and understanding the
communication.
There are two main categories of cryptography
depending on the type of security keys used to
encrypt/decrypt the data. These two categories are:
Asymmetric and Symmetric encryption techniques [6].
Symmetric Encryption: It is also called as single key
cryptography. It uses a single key. In this encryption
process the receiver and the sender has to agree upon a
single secret (shared) key. By using secret message
(called plaintext) and the key, encryption produces
unintelligible data, which is about the same length as the
plaintext was. Decryption is the reverse of encryption,
and uses the same key as encryption.
Asymmetric Encryption/ Public Key Encryption:
Symmetric cryptographic system can be easily broken if
the key used to encrypt or decrypt can be found. To
improve the protection mechanism Public Key
Cryptosystem was introduced in 1976 by Whitfield Diffe
and Martin Hellman of Stanford University [7]. It is also
called as public key cryptography. It uses two keys:
public key [8], which is known to the public, used for
encryption and private key, which is known only to the
user of that key, used for decryption. The public and the
private keys are related to each other by any
mathematical means. In other words, data encrypted by
one public key can be encrypted only by its
corresponding private key.
Figure 2: RSA encryption scheme
A. Key Generation
The first step of RSA algorithm is key generation.
Each user that wishes to communicate must generate
public-private key pair. The followings are the steps used
for key generation [9].
1.
2.
3.
4.
5.
6.
7.
Select two large prime numbers. Let call them
‘p’ and ‘q’ and p ≠ q
Compute n= p × q
Compute (n)=(p-1)(q-1)
Select a small , odd integer e that is relatively
prime with (n) and not 1 where 1<e<(n),
gcd(e,(n))=1
Compute d=e-1 mod ((n))
The ordered pair {e,n} is RSA public key
(Encryption Key). Publish this key.
The ordered pair {d,n} is RSA private key
(Decryption Key). Keep secret this key.
B. RSA Encryption
To encrypt the message M using RSA encryption
algorithm, the sender has to use the public key of
recipient KU= {e,n} , and encryption is as follow:
C= Me mod n
where 0<M<n
Thus, C is the encrypted message which is sent to the
recipient over public network. No one other person
except the original recipient can decrypt the encrypted
message C to get the original message M.
Figure 1: Symmetric and Asymmetric Encryption
C. RSA Decryption
When the recipient receives the encrypted message C,
he or she can decrypt the message by using RSA
decryption algorithm. Moreover, the recipient has to use
his or her private key KR= {d,n} to get the original
message M in the following way.
IV. RSA(RIVEST-SHAMIR-ADELMAN) ALGORITHM
The most commonly used public-key cryptosystem is
RSA, which is named after its three developers Ron
Rivest, Adi Shamir, and Leonard Adleman. RSA is a
cryptosystem or means of transporting information in a
secure and encrypted way. It is based on the principle of
public key cryptography i.e it uses two keys: public key
and private key. Everyone which involved in
communication generate two keys. One key (public key)
is sent to other parties involved in communication public
and the other key is kept secret. The example of RSA
public key encryption scheme is illustrated in Figure 2.
M= Cd mod n
where 0<M<n
V. ADVANCED ENCRYPTION STANDARD (AES)
The AES according to [10] has a constant block size
of 128 bits (16 bytes) with 3 different key sizes of 128
bits, 192 bits and 256 bits, where 10, 12 and 14
encryption rounds will be applied for each key size,
respectively. During the encryption and decryption
processes, the 16 bytes of data will form a changeable
(4*4) array called the state array. During the encryption
process, the state array consists initially of the input data,
this array will keep changing until reaching the final
enciphered data. In the decryption process the state array
will start by the enciphered data and will keep changing
until retrieving the original data.
Each encryption round has 4 main steps, Shift Rows,
Byte Substitution using the Substitution Box (S-BOX),
Mix Columns, and Add Round Key. The decryption
process consists of the inverse steps, where each
decryption round consists of: Inverse Shift Rows, Byte
Substitution using Inverse S-BOX, Add Round Key and
Inverse Mix Columns. The round keys will be generated
using a unit called the key expansion unit. Figure 3
Shows the AES encryption and decryption processes.
At the admin level, the administrator has to generate
key pairs with the help of RSA key generation and
encrypt AES secret key using RSA private key for
meeting room and send public key to authorized meeting
members via their email to enter the meeting room.
Moreover, he or she has to manage meeting schedules
and limit meeting time. This system is intended to
important information security during the private meeting.
The flow diagram of user level is shown in Figure 5.
Start
Home Page
No
New User?
Yes
Register
Data
base
Sign In
Meeting Schedule Page
Get public key by mail
Yes
Include in
meeting?
No
Type public key
Sender Side
Sender or
Receiver?
Receiver Side
· Receive message
· Decrypt
· Type message
· Encrypt
· Send message
Time out of meeting room
Figure 3: AES encryption and decryption processes
VI. PROPOSED SYSTEM DESIGN
This proposed system is private meeting application
that allows authorized members to exchange the secure
private information over the network at the same time. In
this work, the system will be developed an online private
meeting or a group chat application, which involves many
members. If the user wants to become a member of online
private meeting, they have to register with their staff-ID.
They must type their staff-ID correctly. If the typed staffID is not corrected, it cannot be registered. This system is
divided into two levels: user and administrator. The flow
diagram of admin level is depicted in Figure 4.
Start
Home Page
Sign In
Manage meeting schedule, meeting member lists and
meeting time
Generate key pairs using RSA key generation process
Encrypt AES secret key using RSA private key for
meeting room
Send RSA public key to meeting members
Sign Out
End
Figure 4: Flow diagram of admin level
Sign Out
End
Figure 5: Flow diagram of user level
At the user level, they can register to private meeting
and can see the meeting schedule. But only members who
are informed from the meeting schedule can enter the
meeting room. To enter the meeting room, only
authorized members can get public key from the
administrator via their email. They can use this public key
for only this meeting and it will be invalid next time.
Then all authorized members can exchange the important
information while an online private meeting is holding.
Exchanging information is automatically encrypted/
decrypted with the help of AES algorithm. When the
meeting has been finished, members can sign out from a
meeting room.
VII.
IMPLEMENTATION RESULTS
The implementation of the proposed system is
presented as a series of web pages.
1) Home Page
Home page of online private meeting system is
shown in Figure 6. In this page, the user can view the
information of online private meeting system.
4) Page For Administrator
In this page, the administrator can update the meeting
schedule, meeting members and limit the meeting time as
shown in Figure 9. The administrator can inform which
meeting members are authorized to attend the meeting to
all meeting members from the meeting schedule.
Figure 6: Home page of online private meeting system
2)
Register Page
When the user wants to become a member of private
meeting, it is needed to register and the required data is
filled as illustrated in Figure 7.
Figure 9: Page for meeting schedule
According to the meeting schedule, he or she has to
generate a key pairs and send public key to authorized
meeting members via their mails as shown in Figure 10.
Then, he or she has to encrypt AES secret key using
RSA’s private key and save for meeting room.
Figure 7: Register page of online private meeting system
3) Log In Page For Administrator
In the admin page, the administrator has to log in by
filling the information as shown in Figure 8.
Figure 10: Sending public key
5) Log In Page For Meeting Room
Figure 8: Log in page for administrator
The registered members can view the meeting
schedule and lists of meeting members who are
authorized to attend the meeting. It is needed to type the
registered user name, email and password correctly as
shown in Figure 11.
Figure 11: Log in page for meeting room
6) Meeting Room Page
Figure 12 illustrates the meeting schedule, meeting
topic and lists of meeting members.
8) Chat Room Page
If meeting members filled their names and clicked
start chat as shown in Figure 14, the system automatically
decrypt AES secret key with public key sending from
admin via mail.
Figure 14: Welcome to chat room
Therefore, meeting members can discuss and
exchange their information and their point of view about
meeting topic. While holding the meeting, AES is
automatically performed encryption and decryption
processes.
Figure 15: Meeting room (chat room) page
Figure 12: Meeting information page
7) Entering Meeting Room Page
The authorized meeting members can enter the
meeting room (chat room) page by filling user name
(registered name), password and public key (which is sent
from admin) as shown in Figure 13.
Figure 13: Enter meeting room page
According to this system, the authorized members
can exchange the secure private information over the
network at the same time. Unlike traditional meeting,
meeting members can join the meeting wherever they can
use internet. The main advantage of this system is time
and cost effective.
VIII. CONCLUSION
The purpose of this system is to be securely held
online private meeting. As the Internet moves to the
forefront as a trusted medium for data communication
and transmission environment, security has become an
integral part of modern information systems. Especially,
cryptography is usually needed in computer networks for
information security. The proposed system is intended to
provide the security requirements such as secrecy and
confidentiality for online meeting. Thus, in this paper,
RSA (Rivest-Shamir-Adelman) public key encryption
algorithm and AES (Advanced Encryption Standard) are
chosen to implement as a security mechanism, which
permits effective protection of transmitted and stored data
against unauthorized access by third parties. The
proposed system is reasonable just for working in real
time. The system allows all members to carry out
information exchange securely from anywhere without
needing face to face meeting. As further extensions, other
cryptographic algorithms or more than one cryptographic
algorithm can be used to meet the security requirements
such as confidentiality, authentication, data integrity and
non-repudiation.
REFERENCES
[1]
[2]
[3]
[4]
[5]
[6]
[7]
[8]
[9]
[10]
Sye da Farha Shazmeen: A Practical Approach for secure Internet
Banking Based on Cryptography.
Nitin K.Jharbade: Network Based Security model using
Symmetric Key Cryptography (AES 256-Rijndael Algorithm)
with Public Key Exchange Protocol (Diffie-Hellman Key
Exchange Protocol).
Fundamentals of Computer Security, Springer publications
“Basic Cryptography Algorithms”, an article available at
www.itsc.state.md.us/oldsie/info/InternetSecurity/Crypto/CryptoI
ntro.htm#Algorithms.
Nwe Nwe Mon: Implementation of Secure Information Passing
System for Online Private Meeting.
S.William, Cryptography and Network Security: Principles and
Practice, 2nd edition, Prentice-Hall, Inc.,1999 pp 23-50.
www.ijatae.com
W.Diffe, M.Hellman, “New direction in cryptography”, IEEE
Transactions on Information Theory, 1976, pp. 644-654.
R.L.Rivest, A.Shamir and L.M.Adleman, “A method for
obtaining digital signatures and public-key cryptosystem”.
Cryptography and Network Security Third Edition by William
Stallings.
Advanced Encryption Standard (AES) , FIPS PUB 197, Nov.26,
2001, Federal Information Processing Standards publication 197.
Federal Information Processing Standards Publication 197.