Fast Software Encryption - Report Example

?Introduction Information system security is becoming a dominant and challenging factor for organizations, as it leverages many risks that are constantly changing. Every now and then, there are new security breaches resulting in massive losses in terms of customer confidence, as well as revenue. As information technology is now considered as the fundamental function, every organization acquires information systems for business automation. Moreover, electronic commerce has also introduced many businesses that are only virtually present. For instance, Amazon that is an online store for selling books generates revenue from the Internet. Customers pay via credit cards for the purchased books that are delivered to them. In this scenario, any sort of security breach may inject an SQL injection or cross site scripting attack on the website can affect the business as well as customer confidence. Therefore, securing the systems as well as data communication on the web is essential to protect. This also implies to personal or customer data that is maintained and managed by the organization. For instance, E- commerce based organizations stores information of their customer related to credit card numbers, passwords, telephone numbers, address, bank details etc. It is the responsibility of the organization to protect and secure data privacy. However, there is not a single law that states how to handle customer information. For this reason, organizations sell or trade customer information with business partners and even to third parties. Likewise, sometimes the sole purpose of this personal data exchange is funds. Although, every online organization has a privacy policy which states how they will handle and secure customer data but at the same time there is no verification criteria. In the following sections, we will discuss the protection of highly sensitive data by the best possible control i.e. encryption algorithms. Likewise, we will precisely discuss blowfish encryption algorithm and its integration with applications that are involved in handling customer highly sensitive data. Blowfish Encryption Algorithm As per computer desktop encyclopedia Blowfish encryption algorithm is defined as “A secret key cryptography method that uses a variable length key from 32 to 448 bits long. It uses the block cipher method, which breaks the text into 64-bit blocks before encrypting them. Written by Bruce Schneier, as a free replacement for DES or IDEA, it is considered very fast and secure” and as per network dictionary, it is defined as “Blow?sh is an encryption algorithm that can be used as a replacement for the DES or IDEA algorithms. It is a symmetric (that is, a secret or private key) block cipher that uses a variable-length key, from 32 bits to 448 bits, making it useful for both domestic and exportable use”. Blowfish is an encryption algorithm that was invented by Bruce Schneier in 1993 (Pachghare, n.d). It is constructed on a variable length key ranging from 32 buts to 448 bits that is considered to be perfect for both local and international use along with a solid encryption algorithm. After its recognition to be relatively solid encryption algorithm, it is gradually gaining acceptance. Some of the core features of blowfish algorithm include (Pachghare, n.d): Blowfish has a block cipher of block consisted of 64 bit The length of the key can be up to 448 bits On 32 bit microprocessor architecture, data encryption is supported at a rate of 18 clock cycles on every byte that is much quicker than DES and IDEA encryption. It is still free to use and is not patented Memory requirements for blowfish are less than 5 kilobytes of memory. The semantics are simplified and is relatively easy to deploy. The design requirements for a blowfish encryption algorithm incorporates robust, simple to code, compact, easily modifiable and flat key space features (Anderson. n.d ). Likewise, flat key space facilitates random strings to be considered as a possible key from a required length. Moreover, it deploys data in massive byte size blocks and incorporates 32 bits blocks where applicable (Anderson. n.d ). Key ranges, as mentioned earlier are from 32 to 448 bits and operations are common that are supported by microprocessors such as XOR, table lookup etc. furthermore, pre-computable sub keys are applicable with variable iterative numbers. These sub keys are massive and must be pre-calculated prior to encryption or decryption process carries out. In an example below, let’s assume that P is pre-calculated array consisting of 18, 32 bit sub keys from P1, P2… till P 18. In addition, there are S boxes (32 Bit) indicated by S with entries equal to 256 each (Hancock,PhD, CISM, John Rittinghouse, PhD, CISSP, CISM,William M. n.d). S1, 0, S1, 1…S1, 255; S2, 0, S2, 1….S2, 255; S3, 0, S3, 1…S3, 255; S4, 0, S4, 1….S4, 255; The sub key calculation process is calculated by deploying the following algorithm (Hancock,PhD, CISM, John Rittinghouse, PhD, CISSP, CISM,William M. n.d): Step1: Prepare the P array along with four S-boxes in order with a fixed string consisting of hexadecimal digits. Step 2: XOR P1 with the leading 32 bits from the key and XOR P2 with the next 32 bits of the key Step 3: By using the blow fish algorithm, encrypt all strings equal to zero by incorporating the sub keys mentioned in step 1 and step 2. Step 4: This step is associated with swapping P1 and P2 with the result of step 3. Step 5: In this step, the result of step 3 will be encrypted by utilizing the blow fish algorithm along with the modified sub keys. Step 6: Now P3 and P4 will be swapped with the result of step 5. Step 7: There is a requirement of making the process to continue for swapping all the entries in order from the P array along with the all four S-boxes. The result will be the blow fish algorithm that is changing on continuous basis. Step 8: Lastly, a total of 521 are essential and mandatory to develop all the sub keys that are required. Applications can save the sub keys instead of executing them on continuous basis along with the process of sub-key generation. Features that make blowfish unique incorporate no weak keys and the design is simple and understandable that supports analysis, algorithm integrity and repeatable block ciphers (Anderson. n.d). Likewise, block ciphers are 64 bits in length with variable length keys. S-boxes are dependent on large keys that are more resilient to cryptanalysis (Anderson. n.d). Moreover, permutations are key dependent with a support of diverse operations associated with mathematics that is integrated with XOR and addition (Anderson. n.d). Moreover, UNIX and other systems are by default set to MD5, however, in case of FreeBSD and Linux, there are options available for selecting anyone encryption algorithm from MD5, DES and Blowfish. As blowfish is more secure and strongest among the three encryption algorithms, as there are no reported weaknesses in the blowfish cipher. Moreover, operating system such as FreeBSD provides options to select the recommended password authentication mechanism from the default to blowfish in just few clicks. In terms of shell based execution in FreeBSD, there is a requirement of editing a file /etc/login.conf. The second step involves the construction of a database by a command cap_mkdb/ etc/login.conf. The third and the last step involves the modification of a file /etc/auth. After completing these three steps, there is a requirement of changing the passwords, as the new created passwords will now be stored by utilizing the blowfish cipher instead of MD5 encryption algorithm. If we compare blowfish encryption algorithm with other algorithms, MD 5 is also a widely accepted encryption algorithm that is utilized for systems authenticating passwords. Likewise, it became prominent for UNIX password hash algorithms in the 90’s. However, MD5 is not an efficient hash algorithm as it has a major weakness and since then blowfish was recommended. The weakness of MD5 hash algorithm is associated with collision weakness which can be defined as two dissimilar inputs can be constructed by anyone and both of these inputs will be similar in terms of hash outputs of the MD5 algorithm. Likewise, these similar hash outputs impose comprehensive security implications, for example, anyone can construct similar hash of cryptography. One of these two can be a legitimate one and the other hash can be a similar hash of the first one that can be used to attack anyone who is anticipating a legitimate message and uses the hash for authentication. If a user downloads an application from an application provider, the first inherent trust is associated with the application provider. User is unable to check the hash because of unavailability of inputs, as two versions of an application are neither generated nor available. Consequently, a malware can be transferred to the target. Conversely, the purpose of passwords in the authentication systems is to produce a hash and avoiding the security of these authentication systems do not need to falsify humans for making them believe that the second input to the hash is similar to the first hash, the security collision of the hash algorithm can be significant for the verification of the application. One more example is of an offline brute force attack that compromises the password authentication system and generates random passwords for matching them with the local copy of password hash. However, to minimize threats associated with password, blowfish encryption algorithm is recommended because it does not provide collision issues. Even SHA-1 that is also a widely accepted encryption algorithm was reported to have the same collision vulnerabilities. UNIX based operating systems facilitates the deployment of password authentication mechanisms associated with hashing functions. Likewise, the operating system design provides a choice for different algorithms for deployment along with options to extend capabilities of the authentication mechanism for supporting technological evolution. Operating systems supporting and providing options for enhancements of encryption algorithms is a significant advantage, as the network world add new threats on daily basis, old cryptographic algorithms may become obsolete on detecting even a single vulnerability that may led to the failure of using such encryption algorithms. If no support is provided for updating or extending features for encryption algorithms, the migration from old security architecture to the new one may become costly and time consuming. The reason for using an open source operating systems is to customize and select appropriate technology that was set to default. In this rapidly changing digital world of advanced hackers, new prevention techniques are invented for maximum prevention along with minimizing risks. One cannot predict that the blowfish encryption algorithm will also be replaced by the new and more secure algorithm known as Two fish that will also be replaced at some period of this information age. Security requires constant and periodic changes to pace up and counter the threats that are ever increasing. Similarly, cryptography also goes with the same approach of upgrading new state of the art encryption algorithms one after another and from safe to the safest, so that it cannot be cracked. Lastly, the future concerns for blow fish encryption algorithm are associated with minimizing the use of S boxes along with less iterative processes along with sub key calculation on the fly. Two fish that is considered to be the next state of the art encryption algorithm after blow fish will be considered as AES final with 128 bit block size and can handle more operations. Two fish incorporates a 16 round structure with additional options for inputs and outputs, as the plain text is converted in to 32 bit words. The inputs incorporates four key words followed by sixteen rounds and each round, two words on the left are utilized as inputs to the function donated by ‘g’ (Tavares, Meijer 1999). Bibliography PACHGHARE, V.K., Cryptography and Information Security Prentice-Hall of India Pvt.Ltd. Blowfish. 2011. Computer Desktop Encyclopedia, , pp. 1. Blowfish. 2007. Network Dictionary, , pp. 71-71. ANDERSON, R., n.d. Fast software encryption: Cambridge Security Workshop, Cambridge, U. K., December 9-11, 1993: proceedings Berlin ; Springer-Verlag, c1994. HANCOCK,PHD, CISM, JOHN RITTINGHOUSE, PHD, CISSP, CISM,WILLIAM M., n.d. Cybersecurity Operations Handbook Digital Press. TAVARES, S. and MEIJER, H., 1999. Selected Areas in Cryptography Berlin ; London: Springer. Read More