A New Secure Communications Solution for Network Application

Data privacy and integrity will be the crucial and significant factors in recent times for network applications. To deal with these security problems related to symmetric and asymmetric key types have been framed. In this paper, we suggest a new secure communications solution for a secure channel that combines the digital envelopes and digital signatures and implements with symmetric key algorithm of AES and the asymmetric key algorithm of ECC. The experiment result shows it’s a more perfect choice.


Introduction
Network applications, such as e-commerce and e-government have grown exponentially over the past years; the prime requirements for any electronic transactions are privacy, authentication, integrity maintenance and non-repudiation.All these are achieved through cryptographic techniques [1].It is important how to ensure data security, the traditional digital envelope and digital signature has some lacks to some extent, can not achieve Privacy, Integrity, and non-Repudiation at the same time.
Digital envelope is one such mechanism to achieve the same.Most of the digital envelope employs RSA algorithm to encrypt and decrypt the secret key.However, the RSA itself is vulnerable.Therefore, in this research work we emphasize ECC asymmetric key technique as an alternative for RSA in the digital envelope.Cryptographic techniques are broadly classified into symmetric key cryptographic techniques and asymmetric key cryptographic techniques.
This paper combines the two techniques and implements with AES (Advanced Encryption Standard) and ECC (Elliptic Curve Cryptosystems), to construct a more perfect and secure encryption solution.The reason behind for the adoption of ECC in this approach is that, for the minimal key length, ECC provides more security than RSA.
In Section 2, digital envelopes and digital signature and their advantages and disadvantages are proposed.Moreover, there are some brief introductions to symmetric cryptosystem and asymmetric cryptosystem.Section 3 gives the improved scheme and the major algorithms of the scheme: key generation, encryption and decryption algorithm.Results and analysis are in Section 4. Finally, Section 5 is a conclusion.

Digital Envelopes and Digital Signature
Digital Envelope.Digital Envelope [2] is a hybrid cryptography which combines the symmetric cryptography and the asymmetric cryptography.According to RSA Labs, "the digital envelope consists of a message encrypted using secret-key cryptography and an encrypted secret key.Digital envelopes usually use public-key cryptography to encrypt the secret key."A common choice is to use DES (Data Encryption Standard) and RSA.
Digital Envelope has both the flexibility of asymmetric cryptography and the efficiency of symmetric cryptography, and overcomes asymmetric cryptography's key distribution problem and the symmetric cryptography's long time requiring problem.Fig. 1 describes the encryption process of digital envelop.The plain data is encrypted by symmetric key at first, after that the symmetric key is encrypted by asymmetric key to get the digital envelope, that is the cipher data and the cipher key.Digital Signature.Digital signature [3] uses asymmetric cryptography to ensure data integrity and gives the receiver reason to believe the message was sent by the claimed sender.At the same time, the sender can't deny having sending the message.
There is a pair of key: the key to sign is private, the key to verify is public.The sender uses the private key to encrypt the data while the receiver uses the public key to decrypt the data.
The asymmetric cryptography is slow in calculating, to reduce the cost; a secure one-way hash function is often called to process the message before it is signed.Combination.While digital envelope ensures data confidentiality, the public-key cryptography it uses makes it possible for malicious user who can't decrypt the data to destroy the data, so it is hard to ensure data's integrity and non-repudiation.At the same time, digital signature just keeps these two features because of the private-key cryptography it uses.So, the combination of digital envelope and digital signature will makes a better solution.
Cryptosystem.At present, cryptosystem used in software encryption and decryption technology is divided into symmetric cryptosystem and asymmetric cryptosystem.Symmetric cryptosystem has a key to encrypt and decrypt, the algorithm is easy to understand and implement, and has a high speed in encrypt and decrypt.But the security depends entirely on the key, if the key is lost, the system will completely not work.Asymmetric cryptosystem is also known as public-key cryptosystem, it has an encrypt key and a decrypt key, and neither the encrypt key nor the decrypt key can be deduced from the other, thus enhancing the strength of data protection.Based on the key pair, it is easy to implement digital envelope and digital signature.Symmetric cryptosystem.DES has three parameters: key to encrypt and decrypt, data to be processed, mode to describe encrypt or decrypt.When it is encrypt mode, the data or plaintext is divided into blocks every 64-bit, the key is used for data encryption; when it is decrypt mode, the key is used for Advanced Engineering Forum Vols.6-7 data decryption.Brute-force method or exhaustive-key-search is often used to attack DES, which is to test a variety of keys until finally get one.With the development of computer system capabilities, DES is much weaker now.So a new encryption standard appears increasingly necessary.
The AES cipher is specified as a number of repetitions of transformation rounds that convert the input plaintext into the final output of ciphertext.Each round consists of several processing steps, including one that depends on the encryption key.A set of reverse rounds are applied to transform ciphertext back into the original plaintext using the same encryption key.AES has been analyzed and multi-used widely around the world and replaced DES as the most popular symmetric algorithms.Asymmetric cryptosystem.RSA [4] is based on the big integer factorization Problem and widely used in public key encryption standard and e-commerce.Its principle is simple thus easy to implement.But with the improvement of method to decompose the big integer and computer's computing speed, the key's length has to increase to ensure the algorithm's security.It is thought that the key has to be more than 1024 bit to ensure security.At the same time, long length key causes greatly reduce of encryption and decryption speed, more complicated implement in hardware as well, it is also a burden to e-commerce who has large transactions.
ECC [5] provides the highest encryption intensity for each bit of all the known public key cryptosystem.ECC uses shorter keys to achieve the same encryption intensity with RSA.In other words, to achieve the same encryption intensity, ECC key's size is much shorter than the RSA's.ECC can achieve the same level of security with smaller key sizes and higher computational efficiency.This can effectively solve the problem of having to increase the key size to ensure encryption intensity and the implement in practice.

The Improved Scheme
The algorithm we present here combines the advantages of both symmetric and asymmetric encryption techniques.The Improved Scheme.The data, or plaintext, is encrypted using the AES algorithm.The AES key which is used to encrypt the data is encrypted using ECC.To ensure the integrity of the data to be transmitted, the data is processed using SHA-1, a hashing algorithm, to get a message digest.Sign the digest using sender's private key, the signed digest is also encrypted using ECC. The

934
Information Technology for Manufacturing Systems III the message digest is decrypted using ECC technique to obtain the message digest sent by the sender.The two message digest are compared to test whether the values are equal.If both of them are equal, the message can be accepted, else rejected.Fig. 4 shows the whole process.
Algorithm for Key Generation.The algorithm takes a security parameter x as input and outputs the public key k a and private key k s .Its process is as bellow: 1) Generates two cyclic groups G c1 , G c2 of prime order d and an admissible bilinear pairing 2) Picks a random generator g of G c1 and two hash functions , where 4) Chooses randomly , and then outputs cipher C M = <U, V>.
Decryption.The algorithm takes the cipher C M and private key k s as input and outputs the plain text message M. The process is as bellow: 1) Checks whether U is belong to G c1 .If it is not then rejects the cipher C M .
2) Decrypts the cipher C M using the private key k s : M =

Experimental Results and Analysis
Experiments are conducted on a ThinkPad R400 PC with dual Intel(R) Core™2 Duo CPU @2.40GHz processor with 4GB RAM.Software components used are Windows XP operating system and Microsoft Visual 2005 compiler.The texts used in the experiments are selected randomly.
The scheme is tested with file data of sizes 1KB, 100KB, 1000KB respectively.The results of execution time are shown in Table 1 (The results of each group is the average of multiple samples).From the Table 1, it is clear that the performance of AES is better than DES, and ECC is superior to RSA.So the scheme combining AES and ECC is the better alternative security mechanism for the secure e-commerce channel to achieve privacy, authentication, integrity and non-repudiation.

Figure 1 .
Figure 1.Encryption process of digital envelope.

Fig. 2
Fig.1describes the encryption process of digital envelop.The plain data is encrypted by symmetric key at first, after that the symmetric key is encrypted by asymmetric key to get the digital envelope, that is the cipher data and the cipher key.Digital Signature.Digital signature[3] uses asymmetric cryptography to ensure data integrity and gives the receiver reason to believe the message was sent by the claimed sender.At the same time, the sender can't deny having sending the message.There is a pair of key: the key to sign is private, the key to verify is public.The sender uses the private key to encrypt the data while the receiver uses the public key to decrypt the data.The asymmetric cryptography is slow in calculating, to reduce the cost; a secure one-way hash function is often called to process the message before it is signed.Fig.2describes the formation of digital signature.Fig.3describes the verification of digital signature.

Figure 2 .
Figure 2. Formation of digital signature.Figure3.Verification of digital signature.

Figure 3 .
Figure 2. Formation of digital signature.Figure3.Verification of digital signature.
sender sends: a) Ciphertext of the message M; b) Ciphertext of the AES key, and c) Ciphertext of the digest message.

Figure 4 .
Figure 4.The improved scheme.The receiver receives a), b) and c), first decrypts the ciphertext of the AES key to obtain the AES key.The key is then used to decrypt the ciphertext of the message to obtain the data or plaintext.The plaintext is subjected to SHA-1 hash algorithm and this gets a new message digest.The ciphertext of encryption and decryption is holds, the reason is as bellow: e ˆ, H 1 , H 2 and g are open to the public.Encryption.The algorithm takes the plain text message M and public key k a as input and outputs the cipher C M corresponds to M. The process is as bellow:1) Chooses a generator P from G c1 .

Table 1 .
Execution time of the related algorithms.