PROJECT REPORT ON

A Symmetric Function Based Encryption Using Magic Squares

A Symmetric Function Based Encryption Using Magic SquaresSEMINAR REPORT SUBMITED IN THE PARTIAL FULFILLMENT OF THE REQUIREMENT FOR THE AWARD OF BACHELOR OF ENGINEERING IN COMPUTER ENGINEERINGBY:

Name

Roll No.

1. Akash Gupta

111A1033

2. Abhishek Kulkarni

111A1045

3. Ashish Titus

111A1089

DEPARTMENT OF COMPUTER ENGINEERINGS.I.E.S. GRADUATE SCHOOL OF TECHNOLOGY

NERUL, NAVI MUMBAI-400 706.

UNIVERSITY OF MUMBAI

2013-2014S.I.E.S. GRADUATE SCHOOL OF TECHNOLOGY

NERUL, NAVI MUMBAI-400 706.

DEPARTMENT OF COMPUTER ENGINEERINGCERTIFICATEThis is to certify that, this is a bonafide record of Seminar A Symmetric Function Based Encryption Using Magic Squares carried out by the following students of third year Computer Engineering.Sr. No.NameRoll No.Exam No.

1Akash Gupta111A1033

2Abhishek Kulkarni111A1045

3Ashish Titus111A1089

This Seminar is carried out for the partial fulfillment of requirement for the Degree of Bachelor of Engineering (B.E) in Computer Engineering from University of Mumbai, during the academic year 2013 14.

Guide

Head of Department

Principal

(Name of Guide)

(Computer Department) (S.I.E.S. Graduate school of Technology)

We have examined this report as per University requirements at SIES Graduate School of Technology, Nerul, Navi Mumbai on _________________

Name: _______________

Name: _______________

Sign: _________________

Sign: _________________

(Examiner 1)

(Examiner 2)Acknowledgement We have taken efforts in this seminar. However, it would not have been possible without the kind support and help of many individuals and organizations. I would like to extend my sincere thanks to all of them.

We are highly indebted to Prof. Monika Sharma for her guidance and constant supervision as well as for providing necessary information regarding the seminar & also for her support in completing the seminar. Her constant support and inspiration gave us the initial thrust required to excel further. We would also like to extend thanks to our respected HOD Prof. Aparna Banore for her valuable inputs and support.

We would also like to extend thanks to our respected principal Dr. Alka Mahajan for her support and encouragement.

Abstract

This Seminar proposes a new cryptography system based on a concept known as the Symmetric Function Encryption. The Symmetric Function Encryption itself is based on the fact that, instead of having a number of keys and systems to authorize those keys, encryption/decryption functions and methods to manage these keys, we may instead develop a single function that can perform both encryption and decryption within the same function definition, thus reducing the complexity of the operations both in time and space domain, and also , embed the keys within this code, by passing them as parameters to this function.

For implementing this function, we will be using an obscure concept in recreational mathematics known as the Magic Squares. These matrices of nxn degree, have certain properties, which provide us with an opportunity to develop a symmetric function for encrypting the data as per the proposed policy. For this implementation we will be making use of a particular kind of magic squares of odd degree known as the Siamese Magic Squares.

Along with this function developed in association with rules of a Siamese Magic Square, we will also be having a random number generator, based on IP address technique, which will not be fixed by the protocol to improve and maintain security of this system. But, it will be simple enough to avoid excess time complexity. The special headers for this encryption method will be encapsulated within the data field of IPv4 Datagram.

Essentially, with this proposed system, we hope to provide a new cryptographic system, which will enable fast and secure transmission of data using novel methods to encourage further research in the fields of Mathematics and Cryptography.

Index of ContentsSr. No.TopicPage No.

1Cover 1

2Certificate 2

3Acknowledgement 3

4Abstract 4

5Index of Contents 5

6Introduction 6

7Literature Survey 8

8Project Details 14

9Applications 18

10Future Scope 19

11Conclusion 20

12References 21

Introduction

Cryptography is the practice and study of techniques for secure communication in the presence of third parties (called adversaries). More generally, it is about constructing and analyzing protocols that overcome the influence of adversaries and which are related to various aspects in information security such as data confidentiality, data integrity, authentication, and non-repudiation. Modern cryptography intersects the disciplines of mathematics, computer science, and electrical engineering. Applications of cryptography include ATM cards, computer passwords, and electronic commerce.

There are different kinds of cryptography:-1. Classical Encryption Techniquesi. Transposition Cipher

In cryptography, a transposition cipher is a method of encryption by which the positions held by units of plaintext (which are commonly characters or groups of characters) are shifted according to a regular system, so that the ciphertext constitutes a permutation of the plaintext. That is, the order of the units is changed.ii. Substitution CipherIn cryptography, a substitution cipher is a method of encoding by which units of plaintext are replaced with ciphertext, according to a regular system; the "units" may be single letters (the most common), pairs of letters, triplets of letters, mixtures of the above, and so forth. The receiver deciphers the text by performing an inverse substitution.iii. SteganographyIt is the art or practice of concealing a message, image, or file within another message, image, or file. The word steganography means "covered writing" or "concealed writing". Generally, the hidden messages will appear to be (or be part of) something else: images, articles, shopping lists, or some other cover text. For example, the hidden message may be in invisible ink between the visible lines.

2. Modern Encryption Techniquesi. Symmetric Key EncryptionSymmetric key algorithms are a class of algorithms for both of encryption of plaintext and decryption of ciphertext. The keys may be identical or there may be a simple transformation to go between two keys. The keys, in practice, represent a shared secret between two or more parties that can be used to maintain a private information link. This requirement that both the parties may need to have a copy of secret key, is its true drawback.ii. Asymmetric Key Encryption

Public-key cryptography, also known as asymmetric cryptography, refers to a cryptographic algorithm which requires two separate keys, one of which is secret (or private) and one of which is public. Although different, the two parts of this key pair are mathematically linked. The public key is used to encrypt plaintext or to verify a digital signature; whereas the private key is used to decrypt ciphertext or to create a digital signature.

The distinguishing technique used in public-key cryptography is the use of asymmetric key algorithms. The public key is widely distributed, while the private key is known only to its proprietor. The keys are related mathematically, but the parameters are chosen so that calculating the private key from the public key is either impossible or prohibitively expensive.However, the asymmetric key encryption suffers from performance issues due to maintenance of multiple keys.

On the basis of the weakness identified from the above encryption techniques, we will try to develop a system that will harvest all the advantages of the above systems, while still keeping the resource hogging to a minimum.Literature SurveyBackground Information

We need to clear out a number of a concepts before introducing the matter of the proposed algorithm. The first among these, is the concept of Symmetric Function Encryption.

Symmetric Function Encryption TechniqueNow, we will discuss about a new technique to implement an encryption algorithm. This is the symmetric function algorithm. The symmetric function algorithm is a technique that exploits the facility of certain functions being able to represent different states of the data, or an application, when different parameters are used.It makes use of the symmetric key encryption technique, so to say, meaning the symmetric function does use separate parameters for both sides. However, the contexts as private key and public keys are not applicable, as we do not have fixed defined pair of states as encrypted or decrypted. Therefore, it is possible to choose a number of pair of parameters to be the keys.As mentioned earlier, it replaces the multiplicity of having a separate function at both server side (encrypting side or Sender site) and the client side (decrypting side or Receiver site).There are a number of parameters passed to the function that will determine the exact number of times an operation must be done within the function to recover the original data.This is analogous to having a rotation function. Example: - If the symmetric function would be the RRL instruction in 8086 microprocessor,Then, if we have the original data as 11011001 and we apply RRL twice, we get encrypted message as 01110110. In such a case, we might pass the parameter as either 2 ( i.e., the number of rotations that have been performed, in which case, the function will calculate the number of further rotations to decrypt it as 8-2 = 6 .) or 6 (i.e., the number of rotations to be performed to decrypt the information) . The implementation would depend upon the capability of client v/s server. If client has better performance OR if the server is busy, we would choose to agree upon the first parameter , else we could settle for the second protocol.Essentially , we can conclude that this policy of using a symmetric function algorithm improves upon the symmetric key algorithm, by providing security against plain-key attacks, which we can prevent by splitting up the parameters, as we will demonstrate in this specific application of symmetric function encryption.Multi-stage SecurityA critical point in the Symmetric Function Algorithm is the multi-stage Security aspect it may provide. This gives it a significant edge over the traditional protocols.It also improves upon the asymmetric key algorithm by avoiding unnecessary complexity of maintaining multiple functions. Additionally due to presence of multiple states, there is a possibility of having multi-level encryption at each hop.Example, in Onion routing protocol, there are multiple non-exit relay nodes, encryption may be applied. The onion routing implementation with Tor, allows the connection to be bounced from multiple PCs, a malicious user at one of these PCs, may try to hijack critical data in transit. Here, in the context of the subject of this seminar, we will be employing the magic squares (Siamese magic squares, to be precise) to implement the symmetric function encryption.

Sample Data Encrypted data

( Data Packet Format 1

( Data Packet Format 2

Diagram: Demonstration of possible parameters for RRL as SFC Another important concept needed to be covered here is the concept of Magic Squares themselves, especially Siamese Magic Squares.

Magic Squares

A magic square is an N x N grid, holding numbers from 1 to N*N. The numbers may be used once only. The peculiarity of a magic square lies in the fact that the sum of all numbers in any single row, or single column or either of the main diagonals is a constant given by Sum = n*(n^2 + 1)/2A magic square has the same number of rows as it has columns, and in conventional math notation, "n" stands for the number of rows (and columns) it has. Thus, a magic square always contains n2 numbers, and its size (the number of rows [and columns] it has) is described as being "of order n".[1] A magic square that contains the integers from 1 to n2 is called a normal magic square. (The term "magic square" is also sometimes used to refer to any of various types of word squares.)

It is possible to construct a normal magic square of any size except 2 2 (that is, where n = 2), although the solution to a magic square where n = 1 is trivial, since it consists simply of a single cell containing the number 1. The smallest nontrivial case, shown below, is a 3 3 grid (that is, a magic square of order 3).

4 9 2

3 5 7

8 1 6

Diagram: Order-3 Magic Square

We will be considering a very specific case of the magic squares- Odd degree magic squares formed by Siamese method. Siamese MethodThe Siamese method, or De la Loubre method, is a simple method to construct any size of n-odd magic squares (i.e. number squares in which the sums of all rows, columns and diagonals are identical). The method was brought to France in 1688 by the French mathematician and diplomat Simon de la Loubre, as he was returning from his 1687 embassy to the kingdom of Siam. The Siamese method makes the creation of magic squares straightforward. Diagram: Formation of Order 3 Magic Squares using Siamese Method

An Algorithm for Making Siamese Magic Squares

1. Starting from the central box of the first row with the number 1 (or the first number of any arithmetic progression), the fundamental movement for filling the boxes is diagonally up and right (), one step at a time. When a move would leave the square, it is wrapped around to the last row or first column, respectively.2. If a filled box is encountered, one moves vertically down one box () instead, then continuing as before.

Technology RequiredThe IPv4 technology is used to transfer the data over the Internet. The IPv4 protocol is explained below.IPv4 IPv4 is a connectionless protocol for use on packet-switched networks. It operates on a best effort delivery model, in that it does not guarantee delivery, nor does it assure proper sequencing or avoidance of duplicate delivery. These aspects, including data integrity, are addressed by an upper layer transport protocol, such as the Transmission Control Protocol (TCP). IPv4 uses 32-bit (four-byte) addresses, which limits the address space to 4294967296 (232) addresses. As addresses were assigned to users, the number of unassigned addresses decreased. IPv4 address exhaustion occurred on February 3, 2011, although it had been significantly delayed by address changes such as classful network design, Classless Inter-Domain Routing, and network address translation (NAT).

An IP packet consists of a header section and a data section.

An IP packet has no data checksum or any other footer after the data section. Typically the link layer encapsulates IP packets in frames with a CRC footer that detects most errors, and typically the end-to-end TCP layer checksum detects most other errors.

The IPv4 packet header consists of 14 fields, of which 13 are required. The 14th field is optional (red background in table) and aptly named: options. The fields in the header are packed with the most significant byte first (big endian), and for the diagram and discussion, the most significant bits are considered to come first (MSB 0 bit numbering). The most significant bit is numbered 0, so the version field is actually found in the four most significant bits of the first byte, for example.

Of these, the important fields for our proposed mechanism are: -

Total Length

This 16-bit field defines the entire packet (fragment) size, including header and data, in bytes. The minimum-length packet is 20 bytes (20-byte header + 0 bytes data) and the maximum is 65,535 bytes the maximum value of a 16-bit word.Source address

This field is the IPv4 address of the sender of the packet. Note that this address may be changed in transit by a network address translation device.

Destination address

This field is the IPv4 address of the receiver of the packet. As with the source address, this may be changed in transit by a network address translation device.

The total length (L) field is used for fragmentation of data and encryption header chunks, while the Source Address and the Destination Address fields are used instead for increasing the randomness in the data elements.

Explanation of Work

The Encryption Technique is based on the generation of parameters to be passed to the Symmetric Encryption function. The IPv4 Datagram allows us to pass a maximum of 65,536 bytes of data in a single packet. The data itself is split into 12 chunks of a minimum size of 1 byte (though, this is cryptographically speaking a trivial case, where no encryption can take place on this chunk of data, which is essentially a single byte) and a maximum size of 9801 bytes is enforced. The cause for having this upper bound will be explained later. Another Concept introduced in this method of Encryption is that of Encryption Header. In addition to the IPv4 header explained earlier. We also have an additional 48-byte field inside the datagram. The data packet itself in a modified manner as required by the proposed method is given below

Diagram: IPv4 Header Format (Modified)Encryption Header:The encryption header is a 48-byte field. This 48-byte field will consist of 12 quad-words. These quad-words are themselves split into 2, 2-byte fields viz., the magic square order and the number of rotations. The size of this field allows a maximum of two digit number to be stored for either fields. Thus, restricting the size of data chunks to a maximum of 9801 characters. Magic Square Rotation

Siamese Magic Squares provide a number of properties which may be exploited to develop a logic for generating an appropriate Symmetric Function Method for Encrypting data. The prime example of such a property is the use of the Magic Square Rotation. We have developed this property by observing what happens to the data if the Siamese method is applied to the result of the Siamese method upon an arithmetic progression given as 1,2,3,,n^2-1,n^2.

The observation of the results of such procedure, has revealed an interesting pattern.

Diagram: Observed Pattern by Repetitive Siamese-method Application

We have observed here, that once we apply the Siamese-method multiple times, we are able to re-obtain the ordering of the number we have initially entered into the matrix. The Siamese method, if used, in the use of data characters instead of the arithmetic progression of the numbers, can be used as an efficient Symmetric function. We can add the order of the magic square and the number of rotations as a parameter for the function using either of the formats mentioned earlier under the heading Symmetric Function Encryption. Steps for Execution of the Proposed Technique1. Generate the data chunks. 2. Generate the appropriate encryption header.

3. Generate the header chunks.

4. Apply chunk-wise encryption using data and encryption header.5. Randomly insert the chunks of encryption header at various locations.6. Send the packet over the Internet.7. The decryption side uses the application logic to re-assemble the encryption header chunks.

8. The encryption header chunks help to recover the data.

9. The chunks are re-assembled for the data elements.Now, we will brief out each of these steps.

Generation of Data Chunks

The generation of data chunks is done by the use of backtracking algorithms. The total length of the data is obtained from the IPv4 header packets total length field. The value of L, thus obtained, will help us to find out the size of data chunks, which must be an odd perfect square. If appropriate size is not found, we will backtrack and re-assign the values. These data chunks will have their own sizes passed to the function generator. Generation of Encryption Header

The function generator will define the parameters to be passed to the Symmetric function generator, which will generate the encryption magic square of size as root of the size of the data chunk. Then, the symmetric function will itself generate code for each matrix size as required and then, it will use these for later. Generation of Header Chunks

The header chunk is generated as per the data chunks themselves. It is of the same number and even the order is synchronized to avoid an additional system for maintaining the order of the chunks. Applying the Encryption method chunk-wise

Now that the chunks are ready. We will apply the encryption technique, for each of the chunks. This means we will use the matrix indicated by the encryption header to apply the function as many times as indicated by the encryption header. Randomization of the positions for header

The encryption header itself is split into four chunks. These chunks are randomly distributed across the data field, adding randomness to the parameter placement. This distribution is decided by an IP-address based function operating with two parameters obtained from IPv4 header.(i.e., source address and destination address ) . The actual way in which this function works may be controlled by the sender. That is to say, there are various modes of randomness generation. It can be as simple as operating any algebraic operation or a logical operation on these IP addresses and using the values of resultant quad-octet giving the positions to decide where the encryption header chunks will be thrown. (Simple Mode, provides speed equivalent to symmetric key algorithm). Or creating a Friedel ladder of operations on the IP addresses, thus, providing NP-Hard Completeness (Secure Mode, providing extremely high-level security). Reassembling the Header Chunks

Re-assembling the header chunks involves the recombination of the header chunks. These chunks are then involved in recombination by the use of application logic. Recovering the data from its chunks

The data chunks are then re-organized by removal of intermittent of the header chunks and with help of parameters, using either formats of Symmetric Function Header, the data is recovered. Re-assembling the Data chunks The data chunks thus decrypted, are re-assembled to form back the original data.Applications

1. An application of the proposed technique would be as an application layer security in the systems, where the client-side is a terminal which is connected to a local hub, a server or even an intelligent router, this hub connects to the Internet. The sender on the other side of the Internet tries to send a message, to the client-side terminal, will try to connect to this hub. This connection may be completely encrypted by the use of SSL technology. The SSL technology will not however serve the connections between the hub and the clients terminals. A malicious user on either the hub (a corrupt network admin) or on the terminal (a hacker), will be able to read all the messages passed between the hub and the terminal. However, by using the proposed algorithm, we will be able to beat this kind of data privacy intrusion. The encryption technique is used over at the servlet running on the senders side.

2. Also, secondly another application could be to have the data within the application code to be encrypted. This can also be managed by embedding the encrypted data within the application, while the function itself is maintained wherever integrity check must be made, such as, customer's site, developer's site. This will stop the malicious users from reverse engineering the application code to obtain sensitive data.Future Scope While, this method provides a way to reduce complexity immensely, there is further scope to improve insertion of data elements by using trees, heaps or even linked lists. These data structures have been proven to reduce the complexity down to O(n log n). If security is a concern, instead of using simple 2-d magic square, a complex 3-d structure like magic cube may be used.

Diagram: Magic Cube As per the requirement of the network, the encryption technique may also be used for other Protocols such as IPv6 , RSVP or any other protocol, since, all info is in data field.

Conclusion

The symmetric function cryptography will open up a number of avenues for further research with respect to functions that will provide security at a much lower time complexity. This is proved by the ability of the proposed algorithm to reduce complexity down to around O(n^2). It will provide the sender assurance of secure transfer of data even where other solutions may require complex applications. This is done in applications, where a central hub receiving data from the Internet may need to pass it to other computers connected to it. The traditional applications would require us to have a separate system to manage hierarchy of users. It will further provide scope for integrating various obscure concepts of Recreational Mathematics and Encryption techniques. References

1. Encryption

http://en.wikipedia.org/wiki/Cryptography2. Siamese Magic Squares http://en.wikipedia.org/wiki/Siamese_method3. Symmetric Key Encryption http://en.wikipedia.org/wiki/Symmetric_key4. Asymmetric Key Encryption http://en.wikipedia.org/wiki/Asymmetric_key5. IPv4 Description http://www.openwall.com/presentations/IPv66. Time Complexity Basics of Data Structures Thomas H. Cormen

7. OSI Layer Description Computer Networks A.S. TanenbaumRRL x 2

0 1 1 0 0 0 1 0

1 0 0 0 1 0 0 1

0 1 0

0 1 1 0 0 0 1 0

1 1 0

0 1 1 0 0 0 1 0

21S.I.E.S. GST, Dept. of Computer Engineering