Combining message encryption and authentication

The first part of the paper explains the need for combining message encryption and authentication. We begin with the example to emphasize the fact that privacy‡ does not imply authenticity. Then we prove, one needs both privacy and authenticity, even if one's aim is just getting privacy. In the second part we present an overview of different methods for providing authenticated encryption (AE) i.e. generic compositions, single-pass modes and two-pass combined modes. We analyze what are the advantages and disadvantages of different AE constructions. In the third part of the paper we focus on nonce§ based authenticated encryption modes. Our motivation is the wish to know the methodology of designing authenticated encryption mode of operation. We take into consideration a few most important properties, e.g. parallelizability, memory requirements and pre-processing capability. We analyze possibilities of choice of underlying encryption and authentication components and their order in a message we also try to answer. What does single-key mode really mean? Finally we mention the importance of provable security theory in the security of authenticated encryption modes

A SECURED EMBEDDED SCHEME BASED ON MULTI-CRYPTOGRAPHIC PROTOCOLS

Transmission of information via unsecured channel requires confidentiality, authorization and authentication as part of major factors that must be put into consideration. This work proposes a scheme that can take care of these major factors at once. The method involves a multi-level approach that comprises of a key exchange protocol, a message authentication code, a key derivation function and a symmetric encryption known as polyalphabetic substitution that makes use of a 94x94 Vigenere table. The four cryptographic techniques are combined to form an encryption protocol, coined MLES for a message to be securely transmitted. In order to test the functionality of MLES scheme, it was implemented using Java 1.8.0 and tested on a text data. The result shows a feasible protocol that can secure a message in steganography

Enhancing Secure Sockets Layer Bulk Data Trnsfer Phase Performance With Parallel Cryptography Algorithm

With more than 2 billion people connected to the Internet, information security has become a top priority. Many applications such as electronic banking, medical database, and electronic commerce require the exchange of private information. Hashed Message Authentication Code (HMAC) is widely used to provide authenticity, while symmetric encryption algorithms provide confidentiality. Secure Socket Layer (SSL) is one of the most widely used security protocols on the Internet. In the current Bulk Data Transfer (BDT) phase in SSL, the server or the client firstly calculates the Message Authentication Code (MAC) of the data using HMAC operation, and then performs the symmetric encryption on the data together with the MAC. Despite steady improvements in SSL performance, BDT operation degrades CPU performance. This is due to the cryptography operations that include the HMAC and symmetric encryptions. The thesis proposes a new algorithm that provides a significant performance gain in bulk data transfer without compromising the security. The proposed algorithm performs the encryption of the data and the calculation of the MAC in parallel. The server calculates the MAC of the data the same time the encryption processes the data. Once the calculation of the MAC is completed, only then the MAC will be encrypted. The proposed algorithm was simulated using two processors with one performing the HMAC calculation and the other encrypting the data, simultaneously. Advanced Encryption Standard (AES) was chosen as encryption algorithm and HMAC Standard Hash Algorithm 1 (SHA1) was chosen as HMAC algorithm. The communication between the processors was done via Message Passing Interface (MPI). The existing sequential and the proposed parallel algorithms were simulated successfully while preserving security properties. Based on the performance simulations, the new parallel algorithm gained speedup of 1.74 with 85% efficiency over the current sequential algorithm. The parallel overheads that limit the maximum achievable speedup were also considered. Different block cipher modes were used in which the Cipher-Block Chaining (CBC) gives the best speedup among the feedback cipher modes. In addition, Triple Data Encryption Standard (3DES) was also simulated as the encryption algorithm to compare the speedup performance with AES encryption