JOURNAL OF COMPUTER SCIENCE AND ENGINEERING, VOLUME 3, ISSUE 2, OCTOBER 2010 52

Implemented Cryptographic Symmetric Algorithm with Binary Addition/Subtraction Approach Sharad Patil and Ajay Kumar Abstract— With the rapid growth of interest in the Internet, network security has become a major concern to companies throughout the world. The fact that the information and tools needed to penetrate the security of corporate networks are widely available has increased that concern. In today’s network, security evaluation is a challenging task for most of the administrators. Evaluating the computer network security through the analysis of the system information is very important and could protect us from the network attack. When analyzing the security of an enterprise network, it is important to consider multi-stage, multi-host attacks. . The implemented algorithm is symmetric type and very useful for small amount of data. The goal of this article to show how this symmetric algorithm is more secure for small data. Index Terms—Cryptography, One-time pad, encryption, symmetric algorithm, network security, computer security.

——————————
——————————

1.

Introduction

In today's technologically advanced world, computers play a dominant role. No matter you are at work, in studies at college or school, or just enjoying a leisurely time in your home, it is certain that you may either switch on your computer or any other related state of the art devices. The importance of computer is further enhanced by increased usage of the internet. However, it is important to ensure that while you use the internet you also maintain the good health of the device that has been used for connecting to the web. It is estimated that when you connect your computer network to the internet, you are physically linking your computer to over 50,000 unfamiliar networks as well as their users. So network security is concerned with the security of information. Good security means that the system and users are protected from attacks originating from inside the network just as well as they from outside attacks. Security- guarding against interference by entities external to a system. The main aim is to protect the information, which are sent from one computer to another computer through network. The information security is defined as follows9. Information security = Confidentiality + integrity + availability + authentication. An ever-increasing number of Internet applications, such as content and software distribution, distance learning, multimedia streaming, teleconferencing, and collaborative workspaces, need efficient and secure multicast communication. However, efficiency and security are competing requirements and balancing them to meet the application needs is still an open issue. 1. 2.

Preserving data security is essential especially when sending information over a network. Clearly, it has many important aspects like authentication, encryption, firewalls, etc. However, the computer society has not yet agreed on a standard method to measure data security data security. Security: The National Computer Security Centre [NCSC], an agency of the government has published an official standard called “Trusted Computer System Evaluation Criteria” Universally Know as “Orange Book” . The orange Book defines a series of ratings a computer system can have based on its security features and the care that went into its design, documentation and testing. The official categories are D, C1, C2, B1, B2, B3 and A1, which range from least secure to most secure. In reality, of course, there is no place all the possible properties in a linear scale. Different threat are more or less important in different environments7. What we are doing to enhance the security? The following point keeps onto mind to enhance, maintain and making security easy. Making Security Easy8 - One way is to break security down to discrete objectives  Keep services running and information away from attackers.  Allow the right users access to the right information.  Defend every layer as if it were the last layer of defense  Keep a record of attempts to access information  Compartmentalize and isolate resources as much as possible  Don’t make the same mistakes that everyone else makes  Don’t let the aforementioned objectives cost too much

Sharad Patil , HOD, Computer Science GMC poly. Shahada,(MS) 425409 Research Student, Bharti Vidyapeeth, University, Pune- India. Dr. Ajay Kumar, Director, Jaywant Institute of Management, Pune, India © 2010 JCSE http://sites.google.com/site/jcseuk/

JOURNAL OF COMPUTER SCIENCE AND ENGINEERING, VOLUME 3, ISSUE 2, OCTOBER 2010 53

Perfect secrecy In this article we concentrate on unconditional security, like one time for more security benefit . One-time pads are "information-theoretically secure" in that the encrypted message (i.e., the ciphertext) provides no information about the original message to a cryptanalyst (except the length of the message). This is a very strong notion of security first developed during WWII by Claude Shannon and proved, mathematically, to be true of the one-time pad by Shannon about the same time. His result was published in the Bell Labs Technical Journal in 1949. Properly used one-time pads are secure in this sense even against adversaries with infinite computational power. Claude Shannon proved, using information theory considerations, that the one-time pad has a property he termed perfect secrecy; that is, the ciphertext C gives absolutely no additional information about the plaintext. Thus, the a priori probability of a plaintext message M is the same as the a posteriori probability of a plaintext message M given the corresponding ciphertext. Mathematically, this is expressed as H(M) = H(M | C), where H(M) is the entropy of the plaintext and H(M | C) is the conditional entropy of the plaintext given the ciphertext C. Perfect secrecy is a strong notion of cryptanalytic difficulty1 2. Background Conventional symmetric encryption algorithms use complex patterns of substitution and transpositions. For the best of these currently in use, it is not known whether there can be a cryptanalytic procedure which can reverse (or, usefully, partially reverse) these transformations without knowing the key used during encryption. Asymmetric encryption algorithms depend on mathematical problems that are thought to be difficult to solve, such as integer factorization and discrete logarithms. However there is no proof that these problems are hard and a mathematical breakthrough could make existing systems vulnerable to attack. While one-time pads provide perfect secrecy if generated and used properly, small mistakes can lead to successful cryptanalysis. In our article, we trying to develop scheme which is unbreakable one-time pad practically for widespread use. The one-time-pad is one of the most practical methods of encryption where one or both parties must do all work by hand, without the aid of a computer; this made it important in the pre-computer era, and it could conceivably still be useful in situations where possession of a computer is illegal or incriminating or where trustworthy computers are not available. Cryptography is concerned with the construction of schemes that withstand any abuse. Such schemes are constructed so as to maintain a desired functionality, even under malicious attempts aimed at making them deviate from their prescribed functionality. The design of cryptographic schemes is a very

difficult task. One cannot rely on intuitions regarding the typical state of the environment in which the system operates2. Cryptography is concerned with the conceptualization, definition, and construction of computing systems that address security concerns. A cryptographic algorithm, or cipher, is a mathematical function used in the encryption and decryption process3. “There are two kinds of cryptography in this world: cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your file4. Network security is the effort to create a secure computing platform, designed so that agents (users or programs) cannot perform actions that they are not allowed to perform, but can perform the actions that they are allowed to. The actions in question can be reduced to operations of access, modification and deletion. Network security can be seen as a subfield of security engineering, which looks at broader security issues in addition to network security. One Time Pad. Strong cryptography is very powerful when it is done right, but it is not a panacea. Focusing on the cryptographic algorithms while ignoring other aspects of security is like defending your house not by building a fence around it, but by putting an immense stake into the ground and hoping that the adversary runs right into it. Smart attackers will just go around the algorithms5. A cryptographic system can only be as strong as the encryption algorithms, digital signature algorithms, one-way hash functions, and message authentication codes it relies on. Break any of them, and you’ve broken the system. Why is cryptography important for my organization? It is easy to see why secret writing is important to governments or the military; outcomes of battles and wars often depend upon keeping your communications secret while penetrating those of your opponent. It may be less obvious why is it important to business organizations. Here are a few reasons6.  Importance of intellectual property versus “brick and mortar” assets  Threat of industrial espionage by competitors and even foreign governments  Need for secure access to bank accounts and electronic transfers of funds  Requirement for secure E-commerce  Desire to avoid legal liability.

There are two basic three types of cryptography: Symmetric Key and Asymmetric Key and Hash function. Symmetric key algorithms are the quickest and most commonly used type of encryption. Here, a single key is used for both encryption and decryption. There are few well-known symmetric key algorithms i.e. DES, Blowfish, AES, IDEA etc. This article describes cryptography, various symmetric key algorithms in detail and then proposes a new symmetric key algorithm. Algorithms for both encryption and decryption are

© 2010 JCSE http://sites.google.com/site/jcseuk/

JOURNAL OF COMPUTER SCIENCE AND ENGINEERING, VOLUME 3, ISSUE 2, OCTOBER 2010 54

provided below, and benefits of this new algorithm over the others are also explained.

Principle of Cryptography: There are basically five pillar of security as follows. 1] Confidentiality 2] Integrity 3] Authenticity 4] nonrepudiation 5] Availability . 3. Methodology In this new symmetric algorithm we add the cumulative concept of ASCII, Complement and Binary addition/subtraction. Used simulation methodology to check the encrypted text for alphabets. Here we first create the ASCII chart for small alphabet that shown in Table and then consider the plain text alphabet [ message] , convert ASCII equivalent number into 7 bit binary number, then make it reverse after that take 1’s complement . Consider the 7 bit random key [ plaint text bit length is equal to key bit length for secure message] . then add both binary 7 bit value, if carry generated then neglect carry. Then the resulted value act as cipher text. Send cipher text to the receiver. The receiver performs decryption process. Which is reverse process of encryption and recover the plain text. Table-1 Sample ASCII chart(Capital) Alphabet A B C D E F G H I J K L M

ASCII 65 66 67 68 69 70 71 72 73 74 75 76 77

Alphabet N O P Q R S T U V W X Y Z

ASCII 78 79 80 81 82 83 84 85 86 87 88 89 90

ASCII 97 98 99 100 101 102 103 104 105

Alphabet n o p q r s t u v

106 107 108 109

w x y z

119 120 121 122

4. Algorithm Here there are two process perform Encryption and decryption. Encryption :      

Take Plain text writes ASCII value from table. Convert ASCII into 7 bit binary. Make it reverse and Take 1’s complement. Generate Random Key [ 7 bit binary value]. Add both binary value, if carry generated neglect it. The resulted value act as cipher text.

Decryption :  Consider Cipher, converted into ASCII and into 7 bit binary value.  Make binary subtraction, if borrow generated neglect it.  Reverse the result and take the complement.  And recover the plain text. 5. Implementation and Result :

Table-2 Sample ASCII chart (Lowercase) Alphabet a b c d e f g h i

j k l m

ASCII 110 111 112 113 114 115 116 117 118

In this article , We consider the plain text as “ S”, ASCII equivalent of S is 83. Binary 7 bit of 83- 1100111 Reverse- 1110011 1’s complement- 0001100 Consider random key – 1100100 Add both Value 0001100 + 1100100 ---------------1110000 i.e 112 from table , which “p” “p’ as cipher text send to receiver. Then consider p and random key, and do binary subtraction. 1110000 - 1100100 ---------------0001100 Make it reverse 0011000 Take 1’st complement 1100111 (ie. 83) which S Which is a plain , what receiver want to recover plain text as s e c u re . 6. Conclusion: This algorithm is very simple in nature, similarly more flexible for handling, more secure because of reversible process. More robust due to binary and complement approach. And hence may be applicable for small messages (SMS). In

© 2010 JCSE http://sites.google.com/site/jcseuk/

JOURNAL OF COMPUTER SCIENCE AND ENGINEERING, VOLUME 3, ISSUE 2, OCTOBER 2010 55

future, we try to implement the approach by using modular arithmetic and permutation.

7. REFERENCES [1]

Shannon, Claude (1949). "Communication Theory of Secrecy Systems". Bell System Technical Journal 28 (4): 656–715.

[2] Oded Goldrich “Foundations of Cryptography: Basic Applications, Volume 2, Cambridge University Press [3] Network Associates, Inc. “An Introduction to Cryptography” [4]

Bruce Schneier, “Applied Cryptography: Protocols, Algorithms, and Source Code in C”

[5]

Bruce Schneier “Security Pitfalls In Cryptography”

[6] Sergai Boukhonine” Technology Briefing Cryptography: A Security Tool of the Information Age” [7] Orange Book “ Trusted Computer System Evaluation Criteria “ [8]

Kevin Lam, David LeBanc Prentice “ Assessing Network Security “ IBSN-81-203-2660-1

[9] Sharad Patil, Dr. Ajay Kumar: “Modified One Time Pad Data Security Scheme: Random Key Generation Approach “International Journal of Computer and Security Volume 3 issue 2 March/April 2009 Malaysia [10] Sharad Patil, Dr. Ajay Kumar: .“Effective Encryption Data Security Scheme One Time Pad:Complement Approach “ International Journal of Computer Science and Communication . Volume –I, NumberI of Jan2010 , Kurukshetra INDIA [11] Sharad Patil, Dr. Ajay Kumar: “Effective Implemented Encryption OneTime Scheme Using 9’s Complement “

Sharad Patil: Computer Science from Babasahed Ambedkar Marathwada University, Aurangabad in 1990 . Presently he is working as a Head of Dept. in computer in PSGVP‘S Mandal’s GMC Polytechnic Shahada (MS). He is doing Ph.D. in Computer Science from Bharati University, Pune-India. He has presented and Published 9 papers in national, international conferences and journals. His area of interest is Computer Networks and Security systems.

Dr. Ajay Kumar: He has completed B.E., M.Sc.Engg. in Computer Science and Ph.D. in Computer Science. He is having 20 years of teaching experience. Presently he is working as Director, Dr. D.Y. Patil Institute, Pune , he was Professor and Head of Dept of MCA in Modern College of Engineering Pune-India, Jaywant Institute of Management Pune. He has published 4 books in Information Technology. He has also published more than 23 papers in National / International Conferences and Journals. His area of interest is Software engineering and Computer Networks. © 2010 JCSE http://sites.google.com/site/jcseuk/