ABSTRACT
This work is based on performance Analysis of DES and RSA suitability for different system applications. The rationale behind the work was to find out how suitable DES (Data Encryption Standard) and RSA (Rivest, Shamir and Adlemen) are for different application systems under different systems requirements. In order to achieve these objectives, an application that implements DES and RSA was developed using object oriented analysis and design (OOAD) approach, and was implemented in java programming language. The application was used to encrypt and decrypt different file sizes for DES and RSA. The Encryption Execution Time (EET) and Decryption Execution Time (DET) were taken, and throughput was calculated. Also, other parameters like security strength and memory consumption of the two algorithms were gotten from the works reviewed. The work went further to make a comparison based on EET and DET of DES and RSA using generated data. Also, power consumption, memory usage, and security strength of the two algorithms were compared. The result of the analysis shows that DES is faster than RSA, consumes low power than RSA, takes less memory than RSA but weaker in security. While RSA is stronger in security than DES, slower compare to DES, and consumes more power and memory than DES. Therefore DES was judged suitable for applications where speed takes higher priority than security and other requirement while RSA is more suitable for applications where system security takes higher priority than other requirements.
CHAPTER ONE
INTRODUCTION
1.1 background of study
In our society today, we depend on Information Technology (IT) and this dependency is continuously growing. Further existence and successful development of society without computerized infrastructure is not feasible. On the other hand, due to the use of advanced information technologies, the society has become more and more vulnerable. The failure or misuse of information technology can negatively influence not only a single organization, but can afflict a large number of people too. Therefore, information security has emerged as one of the most important requirements or preconditions of the information age. When a message is sent across an insecure network, it is most likely to pass through a number of machines on the way [1]. Any of these machines is capable of reading and recording the message for further use, and this do not portray privacy [2]. In reality, people would prefer to have their message(s) concealed, so that they will be able to send a message that should be read only by the intended recipient.
The quest for privacy has motivated researchers and system developers to adopt the techniques of cryptography and intensive study of these two mostly used cryptographic algorithms: Data Encryption Standard (DES) and Rivest-Shamir-Adleman (RSA), nevertheless, these algorithms have their strength and weakness which them suitable or not to a particular information exchange.
For every system, there are basic priorities or requirements that the developer wants the system to satisfy; it might be speed of processing, security of the data, small memory consumption or others. And these priorities will affect the choice of the cryptographic algorithm. Exchange of information like real-time communication requires high speed of data transfer, the user of the encryption algorithm therefore need very good knowledge of the performance of DES and RSA under different circumstances of large volume of data, attacks, system resource, etc in order to achieve the objective of the system.
According to [3], cryptography is the art and science of protecting information from undesirable individuals by converting it into a form not understood by un-authorized persons while it is stored and transmitted. The main goal of cryptography is keeping data secure from unauthorized persons. This work examines the two most commonly used cryptographic techniques: Data Encryption Standard (DES) and Rivest-Shamir-Adleman (RSA), discusses their similarities, differences, advantages and disadvantages as well as evaluating the performance of each of the algorithm and also showing which one of the algorithm out-performs the other.
1.2 Statement of Problem
An attempt to answer the following questions and many others constitutes the problem statements for this study:
1. How can one determine which of the two security techniques: DES and RSA is better for a particular information exchange?
2. How can one differentiate between DES and RSA?
3. How can one develop a piece of software for implementing security technique?
4. How can one assess the performance of a security technique?
5. How can one compare the performances of DES and RSA based on EET and DET metrics?
1.3 Objectives of the Study
The main aim of the project work is comparative analysis of two cryptographic algorithms; DES and RSA. The specific objectives include to:
- Examine each of the most commonly used security techniques: DES and RSA;
- Develop software for encrypting and decrypting DES and RSA.
- Assess the performance of each based on some metrics.
- Compare their performances using Microsoft Excel.
1.4 Scope of the Study
The scope of this study covers implementation of DES and RSA in java programming language and majorly checking the speed at which DES and RSA encrypt and decrypt different file sizes.
1.5 Significance of the Study
Cryptographic algorithms and protocols are necessary to keep a system secured, particularly when communicating through an open network like the Internet. This has been of much concern to the society. The society at large needs security and those that are into e-business are not left out, for instance, the banking sector are involved in various transactions and their private files that contain these transactions ought to be secured in order to avoid unauthorized attackers invading other peoples’ accounts and hacking into the bank’s system. Also the telecommunication firms operating in Nigeria namely, MTN, Glo, Etisalat, etc. have need of high security in order to keep their networks safe. The society is not complete if the government is not mentioned, the government agencies require security to protect their confidential information/data from unauthorized attackers. This research shall aid the system analyst or the system developer to be able to make a decision on the cryptographic algorithm to use when designing a particular system and this decision will be base on the particular function the system will be performing.
1.6 Definition of Terms
Security: Security is a system of safeguards designed to protect something from deliberate or accidental damage or access by unauthorized persons [4].
Computer Security: According to [5], Computer Security is the process of preventing and detecting unauthorized use of your computer.
Computer Network: A network is a group of interconnected systems sharing services and interacting by means of a shared communications link [6].
Internet: Internet is a network of thousands of computer networks that allow computers to communicate with each other [7]. Internet is also known as the information superhighway. The information superhighway or the internet is one of the most important developments in the history of information systems [8].
Network Security: Internet security involves securing data transmissions as well as protecting the site from intrusions [9]. A system is secure if it adequately protects information that it processes against unauthorized disclosure, unauthorized modification, and authorized withholding (also called denial of service) [10].
System Security: System Security involves the security of the operating system of a computer.
Communication Security: Communication security involves the preserving of data/information as they are being sent across networks to guarantee privacy. How secure are the communications channels to transmit our data? Some form of encryption mechanism to keep the information private may be necessary.
Data Security: Having established a secure communication channel to transmit data, the next issue is how secure are the data on the other end on the network? The operating system should be able to provide protective mechanisms to secure the data, but for sensitive data, some form of encryption mechanisms may be necessary mostly when the data is stored on a disk.
Authentication and authorization: Authentication is a way of asking “who are you?” The use of passwords has become popular methods of authenticating users to computer systems. Authorization is a way of asking “what are you allowed to do?”
Threats: Threats are attacks that may occur as a result of communications over open insecure network. The client and application may be attacked. Possible attacks include: Content Alteration, Data Contamination, Substitution Attack, Authentication Attack, Eavesdropping, Theft and Fraud, Service Interruption, Cryptanalysis and Masquerading.
Cryptosystems: Cryptosystems is considered to be the collection of encryption and decryption systems, the key generator, as well as the protocols for key transmission [11]. The term cryptosystems is used to describe cryptographic algorithms and their characteristics.
Cryptographic Protocols: The term cryptographic protocols, is used to describe the composition and application of cryptographic algorithms with regards to securing of a communication’s channel or information in a database. A protocol is a series of steps taken to accomplish a task. In fact that is also the definition of an algorithm but we use algorithm to refer to the attainment of internal, mathematical results like encrypting a block, and protocol to refer to the attainment of user-visible results such as secret communication and digital signatures [12].
Key Management: The term key management is used to refer to the fundamental problems of creating, distributing, and storing keys.
Cipher: A cipher is a character-for-character or bit-for-bit manipulation irrespective of the language structure of the message/data. In other words, a cipher is an algorithm for executing encryption and decryption.
Encryption: Encryption or enciphering is the scrambling of data/messages in some way to make it unreadable.
Decryption: Decryption or deciphering is the unscrambling of data/messages in some way to make it readable. Decryption or deciphering is possible with keys that are related. A message read/sent across a network or communication channel is referred to as the plaintext whereas the encrypted message is the ciphertext.
Cryptographic Algorithms: A cryptographic algorithm is defined to be the mathematical description of the enciphering and deciphering processes together with the interrelation between their keys. Cryptographic algorithm is more software oriented [11].
Symmetric Cryptosystems: In a symmetric cryptosystem the message or plaintext is encrypted using a key. The resulting ciphertext is sent to the recipient, who decrypts the message using the same key. Note: that the same key must be known to both parties.
Asymmetric Cryptosystems: Asymmetric cryptosystems involves two keys – a private key and a public key that are mathematically related. A message encrypted with one key can be decrypted only with the other. It is extremely difficult to determine the value of one key by examining the other. In an asymmetric cryptosystem, the encryption key is different from the decryption key. The public key is often called the encryption key.
Privacy: Privacy is a secret message whose contents are known only by the sender and receiver. The recipient public key is used to encrypt the message and with the secret key in his possession, he can decrypt the message.
Authentication: Authentication arises when the receiver knows who sent the message and its genuineness and the sender knows that the message shall get to the intended recipient. The recipient has the ability to authenticate the sender of the message by simply verifying a digital signature.
Secret Communication: Secret communication is a situation whereby a message is made secret and only the sender and intended recipient knows the content of the message.
Digital Signatures: A digital signature scheme is a public key algorithm that allows one to authenticate a message by means of a piece of information called the signature. The generation of the signature requires the knowledge of the signer’s private key, while for the verification of the signature, only the knowledge of the corresponding public key is necessary. If the public key is publicly accessible, then everybody can verify the signature, while only the signer, who knows the private key, is able to sign.
