The Proposed Symmetric Encryption Algorithm Based On Diffie-Hellman Key Exchange Algorithm For Data Security
The Proposed Symmetric Encryption Algorithm Based On Diffie-Hellman Key Exchange Algorithm For Data Security
The Proposed Symmetric Encryption Algorithm Based On Diffie-Hellman Key Exchange Algorithm For Data Security
Abstract—Due to the rapid development of new technologies, some hybrid systems have complex structure and require
services and applications deeply rely on information sharing more computing resources for implementation. Moreover,
and data transmitting over internet. On this situation, data the shift from desktop computers to small devices brings a
encryption techniques become main solutions to guarantee the wide range of new security and privacy concerns. It is
security and privacy of data. Although symmetric encryption
challenging to apply conventional cryptographic standards
algorithms can be used for vast amount of message encryption,
they need secure channel for key exchange. In contrast, to small devices. In many conventional cryptographic
asymmetric encryption algorithms solve the problem of key standards, the trade-off between security, performance and
distribution but it is not feasible to use for bulk message resource requirements were optimized for desktop and server
encryption. Hence, in this paper, a new symmetric encryption environments, and this makes them difficult or impossible to
algorithm is proposed based on the Diffie-Hellman Key implement in resource-constrained devices [1].
Exchange (DHKE) algorithm as DHKE does not require the In this paper, a symmetric encryption algorithm is
expansive computation and additional assumptions for key designed to meet a balance between performance and
exchange due to the use of modular exponentiation. As a result, security requirement level of an application. As DHKE
the proposed system can support both key exchange and
does not take much key pair generation time and supports
encryption feature. Moreover, to evaluate the performance of
proposed encryption approach, its processing time is compared
the forward security, the proposed encryption approach is
with that of some existing symmetric encryption and attached to DHKE. This method is considered based on the
asymmetric encryption approaches and its security level is also difficulty of integer factorization and modular arithmetic
proved according to integer factorization. without increasing the time complexity. The algorithm
implementations and results of measuring speeds of
Keywords—Diffie-Hellman, Integer Factorization, Modular cryptographic algorithms are prepared on the open-source
Arithmetic, Multiplication Cipher, Symmetric cryptography software CrypTool 2.1. To evaluate the
Encryption Algorithms performance of proposed encryption approach, its execution
time is compared with some existing symmetric encryption
I. INTRODUCTION
algorithms such as RC4, Twofish, TEA, AES and asymmetric
The wide usage of internet and emergence of new encryption algorithms such as RSA and ElGamal as well as its
technologies like mobiles, wireless technologies and cloud safety is also verified in terms of integer factorization
storage, etc. increase the information security risks. Both calculation.
individual and organizations have been trying to cover the The rest of the paper is organized as follows: related
leakage of their information under regular attacks for work is described in Section 2. Design of the proposed
commercial or non-commercial gains. Over many centuries, system is illustrated in Section 3. Section 4 explains
cryptographic mechanisms have been created to deal with research methods. Section 5 describes the system
information security issues. The protection system affords implementation. The experimental results of this system are
to get the fundamental security objectives such as shown in Section 6. Security analysis for the proposed
confidentiality, integrity and availability for both data and symmetric encryption algorithm is described in Section 7.
information. One of the fundamental tools in cryptographic Finally, conclusion is presented in Section 8.
mechanisms is data encryption technique that the
information is sent in scramble form in order to prevent II. RELATED WORKS
unauthorized accesses from untrusted third parties like In 2013, Prashant R. and Yogita P. [3] implemented a
eavesdroppers. Encryption algorithms are designed around hybrid cryptographic system by combining digital signature
computational hardness assumptions by making such with Diffie-Hellman key exchange and AES encryption
algorithms hard to break in practice by any adversary. algorithm to enhance data security in cloud computing.
Modern cryptography consists of different algorithms: Their combination referred to as “Three way mechanism”
symmetric key, asymmetric key, hash function and key ensured all the three protection schemes: authentication,
exchange algorithms. Different cryptographic algorithms data security and verification at the same time. They were
provide different security requirements to some extent. likely to arrange for trusted computing platform using
However, the cryptographic techniques must be integrated encryption process in order to avoid data modification at
to provide a robust layer of security that ensures the safe the server end. In addition, the client was authenticated
and secure delivery of message to the intended recipient. with the help of digital signature.
For example, symmetric encryption algorithms need to use Then, Preetika J., Manju V. and Pushpendra R. V. [2]
a key exchange protocol for generating more secure session proposed a node to node authentication protocol with the
key between two parties. Although the hybrid concept of cryptography and cluster head that resolved the
cryptographic systems give the strong security weakness of Diffie-Hellman key exchange scheme. For
requirements, the performance of the system can be encryption of common numbers pre-assigned to each node
degraded due to increasing execution time. In addition, manually before deployment, Data Encryption Algorithm
1
(DEA) was used. Their research focused on to establish a exchange is performed by means of original DHKE and
secure communication link between node to node and node encryption approach is achieved by using proposed
to base station. By eliminating the man-in-middle attack, symmetric encryption algorithm.
they reduced the network attacks of eavesdropping or
captured nodes compromise. However, the computational A. Diffie-Hellman Key Exchange Algorithm
overhead is greater due to encryption and decryption Diffie-Hellman key exchange algorithm was proposed
processes. by Whitfield Diffie and Martin Hellman in 1976. This
In addition, Saima I. and Ram L. Y. [4] proposed the algorithm is a practical solution for sharing the common
system using concept of combination of random key, secret key over public communication between the two
validation key and transaction id with symmetric key parties. This fundamental key agreement technique is
encryption algorithm in 2018. The authors had attempted to implemented in many open and commercial cryptographic
transfer file securely using randomly generated keys with protocols like Secure Shell (SSH), Transport Layer
Blowfish symmetric algorithm for encryption process. Security (TLS), and Internet Protocol Security (IPSec) [5].
They applied the dynamic key concept to scramble each In addition, DHKE algorithm is widely used with the
message by alternate cryptographic key. The strength of the symmetric key encryption in commercial application such
keys used in their process was examined by using open as e-commerce, banking process and cloud storage, etc.
source cryptographic tool known as Cryptool 2.0. By using
transaction key, synchronization problem in the dynamic 1) Process of Diffie-Hellman Key Exchange Algorithm:
key concept was solved. As a result of using transaction The security of DHKE is based on the discrete logarithm
key and the validation key, their system gave more problem in a finite field F*p and prime number ‘p’. Instead
robustness layer to secure file transfer. of sharing the secret key in conventional cryptosystem, the
According to the literature and concepts of the session key is created using DHKE algorithm. The process
enhancements which are pointed out from the previous of DHKE algorithm is summarized in Fig. 2.
researches, the main aim of this work is to modify DHKE Alice Bob
algorithm to obtain key exchange and lightweight encryption 1 Agreement on public value p and g
feature in one algorithm with acceptable execution time.
Fig. 1 Design of the proposed system Fig. 3 Step-by-step procedures of DHKE algorithm
By using the proposed system, both sender and receiver Finally, the two users calculate the session key
do not need to concern the security of session key used in individually and these two results produce identical session
encryption and decryption processes. Moreover, the system key according to commutative law, i.e., K = (gb mod p)a
can be implemented easily and simply since modified mod p = (ga mod p)b mod p = gab mod p.
DHKE alone can support both key exchange and 2) Example of Diffie-Hellman Key Exchange Algorithm:
encryption properties. To understand the detail process of how DHKE works, it is
illustrated with example. In this example, it is assumed that
IV. RESEARCH METHODS Alice and Bob agree on the public numbers: p = 13 and g = 11
The proposed system includes two parts: key exchange before establishing a symmetric key. Then, a session key
approach and the proposed encryption approach. Key will be created for communication as shown in Fig. 4.
2
1) Agreement on p = 13 and g = 11. DHKE and its prime parameter ‘p’ are taken to use in both
2) Alice chooses a = 6 and Bob chooses b = 3. encryption and decryption processes of proposed
3) Alice calculates public key R1 = 116 mod 13 = 12. encryption algorithm.
Bob calculates public key R2 = 113 mod 13 = 5. In encryption process, as long key takes memory space
4) Alice sends the number 12 to Bob. and long execution time to make multiplication process,
Bob sends the number 5 to Alice. key size is reduced by using modular arithmetic as in
5) Alice calculates the symmetric key K = 56 mod 13 = 12. Equation 1.
Bob calculates the symmetric key K = 123 mod 13 = 12. K = p mod K, (1)
The value of K is the same for both Alice and Bob;
where, p = large prime of original DHKE,
gab mod p = 1118 mod 13 = 12.
K = Key generated by original DHKE,
Fig. 4 Example calculation of DHKE algorithm In addition, the size of the message is also reduced by
subtracting large prime ‘p’ from the integer value of
As DHKE is based on some concepts of a public key message to trick the attacker as in Equation 2.
crypto system, the overview of applications supported by C = M – p, (2)
public key cryptographic system are shown in Table 1. where, M = integer value of message,
TABLE I And then, reduced key K and masked message C are
APPLICATIONS OF PUBLIC-KEY CRYPTOSYSTEMS multiplied to produce the corresponding cipher-text C as in
Applications Equation 3.
Algorithms Encryption/ Digital Key
C = C * K (3)
Decryption Signature Exchange In decryption process, the key is recalculated as
RSA Yes Yes Yes encryption process to reduce its size. Then, the cipher-text
Elliptic Curve Yes Yes Yes
is decrypted by using division as in Equation 4.
Diffie- p (4)
No No Yes
Hellman
By replacing C with (CK),
DSS No Yes No
p
As described in Table 1, DHKE is not full public-key p
cryptosystem and only enables for key exchange that can By replacing C with (M – p),
be used for generating symmetric keys or other purposes −p+p
but does not support data encryption/ decryption or digital Next, the integer value of plaintext is recovered using key.
signature [7]. Moreover, data encryption completely M=M
depends on the session key so new keys must be generated After the integer value of original message has been
quickly if a new secret is required. DHKE provides the obtained, it is transformed into original text message again.
forward secrecy in which new key pair for each session is
generated speedily. 2) Example of Proposed Symmetric Encryption
Algorithm: To clarify the detail process of how modified
B. Proposed Symmetric Encryption Algorithm DHKE algorithm works with encryption feature, it is
The confidentiality requirement for both data and demonstrated with sample calculation. In this illustration, it
information is completed by using encryption techniques. is assumed that the session key K = 3, prime, p = 11 and
Symmetric encryptions, also called conventional encryption, the secret message is “Hello!”. After that, encryption and
are faster and more suitable for bulk messages than decryption processes of proposed encryption algorithm are
asymmetric. In Symmetric encryption, encryption and shown in Fig. 5 and Fig. 6.
decryption are performed using the same key. From this Reducing the Size of Key, K
concept, proposed encryption alogrithm uses the same key Generated Session Key,
K=3 K = p mod K = 11 mod 3
generated from the DHKE algorithm and large number p Prime, P = 11 =2
which is agreed between two communication parties before
communication. As a result, like asymmetric key Transforming Message to Integer Value
encryption algorithms, key distribution is not necessary.
Hello! M = 36762444129608
1) Encryption and Decryption Processes of Proposed
Symmetric Encryption Algorithm: This modification is
Message Encryption
founded on the mathematical concept in order to implement
C = M – P
easily and equalize between the security requirement and C = 36762444129608 – 11
restricted devices. The proposed encryption algorithm is = 36762444129597
considered based on the integer factorization and modular C = CK
arithmetic since the security of many cryptographic C = 36762444129597 * 2
= 73524888259194
techniques depends upon the difficulty of integer
factorization. The integer factorization problem means that
the time taken for calculating factors of a composite integer Generating Ciphertext
‘n’ depends on certain properties of the factors of ‘n’. In Ciphertext, C = 73524888259194
non-trivial factorization, if x and y are non-trivial factors of
Fig. 5 Encryption process
composite integer n = xy, x and y are not necessarily
primes. According to this concept, the proposed encryption As shown in Fig. 6, at the receiver site, the size of
algorithm is created to produce a multiplication cipher. In generated session key is also reduced. After decryption
key generation process, the key generated from original process, the original text message will be recovered.
3
V. SYSTEM IMPLEMENTATION
Reducing the Size of Key,K
Generated Session Key, K This system is implemented on the open-source
=3 K = p mod K
Prime, P = 11 = 11 mod 3 = 2 cryptographic software Cryptool 2.1 as illustrated in Fig.6.
In Fig.6, firstly, the original message is loaded as Text
Ciphertext input. After that, the users can choose the bit length of
Ciphertext, C = 73524888259194 prime parameter ‘p’ to generate the expected key length.
In this case, 35kB message size is to be encrypted by
using 1024 bit key length. The prime ‘p’ and based
Ciphertext Decryption
generator ‘g’ must be agreed between the sender and
M= +P receiver and the session key is generated in both sides. And
73524888259194 then, the input message is encrypted by using proposed
= + 11 encryption algorithm with the help of session key. After
2
= 36762444129597 + 11 encryption and decryption processes, the total execution
= 36762444129608
time of the system is also expressed to the user.
In this work, the performance of proposed symmetric
Transform Integer Value to Text Message encryption algorithm is compared with some of the existing
symmetric and asymmetric algorithms. Hence, in this paper,
M = 36762444129608 Hello! AES, RC4, Twofish, TEA, RSA and ElGamal are also
Fig. 6 Decryption process
implemented by using Cryptool software.
Fig. 7 Key exchange, encryption and decryption process of the proposed system
25
encryption algorithm is based on the difficulty of integer
20 factorization. The comparison results of execution time for
the proposed encryption algorithm and some existing
15
algorithms are also presented in this paper. According to
10 the comparison results, the proposed algorithm is more
efficient than most of the existing algorithms in terms of
5
execution time especially for larger message size. The
0 proposed algorithm can be used in many applications such
128 bit 512 bit 1024 bit 1536 bit 2048 bit as conventional desktop cryptographic application and
Key Length modern cryptographic applications.
As further extensions, the resistance of proposed
Fig. 9 Comparison results of total execution time for public key encryption algorithm can be tested using factoring attack
encryption algorithm based on Pollard’s Rho. In addition, the digital signature
algorithms can be added to proposed system for
According to the comparison results, it is found that the
authentication. The analysis of the effects of different
execution time including key generation, encryption and parameters on the accuracy and efficiency of DHKE
decryption time of proposed encryption algorithm is faster algorithm will be a good subject for a future study.
than that of RSA and ElGamal along with the larger message
size since the key generation time of DHKE is faster than REFERENCES
that of RSA and ElGamal. Although the execution time of [1] Rao U. H., Nayak U., An Introduction to Information Security, The
the proposed algorithm based on DHKE is not noticeable InfoSec Handbook, Edition one, Apress publisher, ISBN 978-1-
4302-6383-8, DOI 10.1007/978-1-4302-6383-8, 2014
under 1024 bit key size, it is obviously faster than others for [2] Preetika J., anju V. and Pushpendra R. V., “Secure
larger key size. Even for the larger key size, the total Authentication Approach Using Diffie-Hellman Key Exchange”,
execution time of proposed encryption algorithm is not International Conference on Control, Instrumentation, Communication
and Computational Technologies (ICCICCT), IEEE publisher, 2015.
considerably increased due to the reduction in key size and [3] Prashant R. and Yogita P., “Use of Digital Signature with Diffie
message size through simple arithmetic operations. Hellman Key Exchange and AES Encryption Algorithm to
Enhance Data Security in loud omputing”, International
VII. SECURITY ANALYSIS FOR PROPOSED SYMMETRIC Conference on Communication Systems and Network Technologies,
IEEE publisher, DOI 10.1109/CSNT.2013.97, 2013.
ENCRYPTION ALGORITHM [4] Saima I. and Ram L. Y., “A Secure File Transfer Using the
Integer factorization is commonly used mathematical Concept of Dynamic Random Key, Transaction Id and Validation
ey with Symmetric ey Encryption Algorithm”, Proceedings of
problem often used to secure public-key encryption systems. First International Conference on Smart System, Innovations and
In order to break the integer composite numbers, the intruders Computing, Smart Innovation, Systems and Technologies. Springer
would have to find the factors of those numbers. Factoring Nature Singapore Pte Ltd., pp.271-278, 2018.
[5] Paar C. and Pelzl J., Understanding Cryptography, A Textbook for
numbers is a computationally difficult problem and it is Students and Practitioners, Springer, e-ISBN 978-3-642-04101-3,
trial and error process. It is easy for smaller numbers but it DOI 10.1007/978-3-642-04101-3, 2010.
can take many computing resource and days, months and [6] Stallings W., Cryptography and Network Security, Principles and
Practice, Fifth Edition, ISBN 10: 978-0-13-609704-9, Prentice Hall,
years to solve large composite numbers. 2011.
In this section, the security of proposed algorithm is [7] Alvarez R., Caballero-Gil C., Santonja J. and Zamora A.,
analysed based on integer factorization and depending on the “Algorithms for Lightweight ey Exchange”, In Proceedings of the
10th International Conference on Ubiquitous Computing and
secret key which is derived from DHKE algorithm as shown Ambient Intelligence, UCAmI, Springer International Publishing,
in Fig. 10. pp. 536-543, 2016.