ABSTRACT
This work is based on performance
Analysis of DES and RSA suitability for different system applications. The
rationale behind the work was to find out how suitable DES (Data Encryption
Standard) and RSA (Rivest, Shamir and Adlemen) are for different application
systems under different systems requirements. In order to achieve these
objectives, an application that implements DES and RSA was developed using object
oriented analysis and design (OOAD) approach, and was implemented in java programming language. The
application was used to encrypt and decrypt different file sizes for DES and
RSA. The Encryption Execution Time (EET) and Decryption Execution Time (DET)
were taken, and throughput was calculated. Also, other parameters like security
strength and memory consumption of the two algorithms were gotten from the
works reviewed. The work went further to make a comparison based on EET and DET
of DES and RSA using generated data. Also, power consumption, memory usage, and
security strength of the two algorithms were compared. The result of the
analysis shows that DES is faster than RSA, consumes low power than RSA, takes
less memory than RSA but weaker in security. While RSA is stronger in security
than DES, slower compare to DES, and consumes more power and memory than DES. Therefore
DES was judged suitable for applications where speed takes higher priority than
security and other requirement while RSA is more suitable for applications
where system security takes higher priority than other requirements.
CHAPTER ONE
INTRODUCTION
1.1 background of
study
In our society today, we depend on
Information Technology (IT) and this dependency is continuously growing. Further
existence and successful development of society without computerized
infrastructure is not feasible. On the other hand, due to the use of advanced
information technologies, the society has become more and more vulnerable. The
failure or misuse of information technology can negatively influence not only a
single organization, but can afflict a large number of people too. Therefore,
information security has emerged as one of the most important requirements or preconditions
of the information age. When a message is sent across an insecure network, it
is most likely to pass through a number of machines on the way [1]. Any of
these machines is capable of reading and recording the message for further use,
and this do not portray privacy [2]. In reality, people would prefer to have
their message(s) concealed, so that they will be able to send a message that
should be read only by the intended recipient.
The quest for
privacy has motivated researchers and system developers to adopt the techniques
of cryptography and intensive study of these two mostly used cryptographic
algorithms: Data Encryption Standard (DES) and Rivest-Shamir-Adleman (RSA),
nevertheless, these algorithms have their strength and weakness which them
suitable or not to a particular information exchange.
For every
system, there are basic priorities or requirements that the developer wants the
system to satisfy; it might be speed of processing, security of the data, small
memory consumption or others. And these priorities will affect the choice of
the cryptographic algorithm. Exchange of information like real-time
communication requires high speed of data transfer, the user of the encryption
algorithm therefore need very good knowledge of the performance of DES and RSA
under different circumstances of large volume of data, attacks, system
resource, etc in order to achieve the objective of the system.
According to [3], cryptography is
the art and science of protecting information from undesirable individuals by
converting it into a form not understood by un-authorized persons while it is
stored and transmitted. The main goal of cryptography is keeping data secure
from unauthorized persons. This work examines the two most commonly used
cryptographic techniques: Data Encryption Standard (DES) and
Rivest-Shamir-Adleman (RSA), discusses their similarities, differences,
advantages and disadvantages as well as
evaluating the performance of each of the algorithm and also showing which one
of the algorithm out-performs the other.
1.2 Statement of Problem
An
attempt to answer the following questions and many others constitutes the
problem statements for this study:
1. How can one determine which of the two
security techniques: DES and RSA is better for a particular information
exchange?
2. How can one differentiate between DES and
RSA?
3. How can one develop a piece of software for
implementing security technique?
4. How can one assess the performance of a
security technique?
5. How can one
compare the performances of DES and RSA based on EET and DET metrics?
1.3
Objectives of the Study
The main aim of
the project work is comparative analysis of two cryptographic algorithms; DES
and RSA. The specific objectives include to:
- Examine each of the most commonly used security
techniques: DES and RSA;
- Develop software for encrypting and decrypting DES and
RSA.
- Assess the performance of each based on some
metrics.
- Compare their performances using Microsoft
Excel.
1.4 Scope of the Study
The
scope of this study covers implementation of DES and RSA in java programming
language and majorly checking the speed at which DES and RSA encrypt and
decrypt different file sizes.
1.5
Significance of the Study
Cryptographic
algorithms and protocols are necessary to keep a system secured, particularly
when communicating through an open network like the Internet. This has been of
much concern to the society. The society at large needs security and those that
are into e-business are not left out, for instance, the banking sector are
involved in various transactions and their private files that contain these
transactions ought to be secured in order to avoid unauthorized attackers
invading other peoples’ accounts and hacking into the bank’s system. Also the
telecommunication firms operating in Nigeria namely, MTN, Glo, Etisalat, etc.
have need of high security in order to keep their networks safe. The society is
not complete if the government is not mentioned, the government agencies
require security to protect their confidential information/data from
unauthorized attackers. This research shall aid the system analyst or the
system developer to be able to make a decision on the cryptographic algorithm
to use when designing a particular system and this decision will be base on the
particular function the system will be performing.
1.6 Definition of Terms
Security: Security
is a system of safeguards designed to protect something from deliberate or
accidental damage or access by unauthorized persons [4].
Computer Security: According to [5],
Computer Security is the process of preventing and detecting unauthorized use
of your computer.
Computer Network: A network is a group of
interconnected systems sharing services and interacting by means of a shared
communications link [6].
Internet: Internet is a network of
thousands of computer networks that allow computers to communicate with each
other [7]. Internet is also known as the information superhighway. The
information superhighway or the internet is one of the most important
developments in the history of information systems [8].
Network Security: Internet security
involves securing data transmissions as well as protecting the site from
intrusions [9]. A system is secure if it adequately protects information that
it processes against unauthorized disclosure, unauthorized modification, and
authorized withholding (also called denial of service) [10].
System Security: System Security involves
the security of the operating system of a computer.
Communication Security: Communication
security involves the preserving of data/information as they are being sent
across networks to guarantee privacy. How secure are the communications
channels to transmit our data? Some form of encryption mechanism to keep the
information private may be necessary.
Data
Security: Having established a secure communication channel to transmit
data, the next issue is how secure are the data on the other end on the
network? The operating system should be able to provide protective mechanisms
to secure the data, but for sensitive data, some form of encryption mechanisms
may be necessary mostly when the data is stored on a disk.
Authentication and authorization: Authentication
is a way of asking “who are you?” The use of passwords has become popular
methods of authenticating users to computer systems. Authorization is a way of
asking “what are you allowed to do?”
Threats: Threats are attacks that may
occur as a result of communications over open insecure network. The client and
application may be attacked. Possible attacks include: Content Alteration, Data
Contamination, Substitution Attack, Authentication Attack, Eavesdropping, Theft
and Fraud, Service Interruption, Cryptanalysis and Masquerading.
Cryptosystems: Cryptosystems is
considered to be the collection of encryption and decryption systems, the key
generator, as well as the protocols for key transmission [11]. The term
cryptosystems is used to describe cryptographic algorithms and their
characteristics.
Cryptographic Protocols: The term
cryptographic protocols, is used to describe the composition and application of
cryptographic algorithms with regards to securing of a communication’s channel
or information in a database. A protocol is a series of steps taken to accomplish
a task. In fact that is also the definition of an algorithm but we use
algorithm to refer to the attainment of internal, mathematical results like
encrypting a block, and protocol to refer to the attainment of user-visible
results such as secret communication and digital signatures [12].
Key
Management: The term key management is used to refer to the fundamental
problems of creating, distributing, and storing keys.
Cipher: A cipher is a
character-for-character or bit-for-bit manipulation irrespective of the
language structure of the message/data. In other words, a cipher is an
algorithm for executing encryption and decryption.
Encryption: Encryption or enciphering
is the scrambling of data/messages in some way to make it unreadable.
Decryption: Decryption or deciphering is
the unscrambling of data/messages in some way to make it readable. Decryption
or deciphering is possible with keys that are related. A message read/sent across
a network or communication channel is referred to as the plaintext whereas the
encrypted message is the ciphertext.
Cryptographic Algorithms: A cryptographic
algorithm is defined to be the mathematical description of the enciphering and
deciphering processes together with the interrelation between their keys.
Cryptographic algorithm is more software oriented [11].
Symmetric Cryptosystems: In a symmetric
cryptosystem the message or plaintext is encrypted using a key. The resulting
ciphertext is sent to the recipient, who decrypts the message using the same
key. Note: that the same key must be known to both parties.
Asymmetric
Cryptosystems: Asymmetric cryptosystems involves two keys – a private key
and a public key that are mathematically related. A message encrypted with one
key can be decrypted only with the other. It is extremely difficult to
determine the value of one key by examining the other. In an asymmetric
cryptosystem, the encryption key is different from the decryption key. The
public key is often called the encryption key.
Privacy: Privacy is a secret message whose
contents are known only by the sender and receiver. The recipient public key is
used to encrypt the message and with the secret key in his possession, he can
decrypt the message.
Authentication: Authentication arises when
the receiver knows who sent the message and its genuineness and the sender
knows that the message shall get to the intended recipient. The recipient has
the ability to authenticate the sender of the message by simply verifying a
digital signature.
Secret Communication: Secret
communication is a situation whereby a message is made secret and only the
sender and intended recipient knows the content of the message.
Digital Signatures: A digital signature scheme is a public key algorithm that allows one to authenticate a message by means of a piece of information called the signature. The generation of the signature requires the knowledge of the signer’s private key, while for the verification of the signature, only the knowledge of the corresponding public key is necessary. If the public key is publicly accessible, then everybody can verify the signature, while only the signer, who knows the private key, is able to sign.