Due to the information revolution and communication technology advances,a massive amount of data and information is being transmitted over open communication networks every minute of the day. Some information and data must be kept private and unknown else to authorized parts taking part on the network. The privacy of information might be threatened by several attacks such: unauthorized access, modification, destruction, etc. This arises the need for security trusted and reliable security applications. Information security and its applications are involved in several approaches in our life, for example: E-commerce, E-Banking, E-government, Email, etc.
Information is one of the most important issues of our era. Timely and reliable information is necessary to process transactions and human communications. Information security is the process by which an organization protects and secures its systems, media, and facilities that process and maintains information vital to its operations.
The 21th century witnessed vast advances in information and communication technology, which makes it necessary to find efficient ways to protect and ensure the privacy of information transmitted via remote communication channels.
The privacy of information might be threatened by different attacks. These attacks have possible goals such as: reading private information, corrupting or altering the transmitted information, and masquerading as the sender of information and thus taking his part in the future communications with the receiver [1], [2], and [3].
The field of cryptography provides methods and techniques to assure the privacy and authenticity of information against unauthorized access. Encryption and decryption methods are the core of cryptography. They can be classified into two categories: symmetric key and asymmetric key (public key) [2], [3].The encryption and decryption keys are known for both parts in communication; sender and receiver in symmetric key algorithms. Furthermore, decryption key is either the same as encryption key or can be easily computed from it. On the other side, public key algorithms, use two different keys: encryption (public) key known for all parts in communication channel and decryption key known for intended receiver only. Moreover it is computationally infeasible to calculate the decryption key from the encryption key or without information known to receiver only. This Characteristic grants the preference for public key algorithms in the field of cryptography [6]. The concept of public key algorithm were introduced in 1976 by Diffie and Hellman, with the purpose of providing effective method to exchange confidential information without need for a secret agreement prior to exchanging information [2].
Since that time, many public key algorithms have been introduced. The security level of each algorithm is based on the difficulty of a specific mathematical problem. Among the most popular examples: RSA which is based on the factorization problem for large integers, and Elliptic Curve Cryptosystems (ECC), which were based on the well-known discrete logarithm problem [1]. ECC were proposed by Miller and Koblitz in 1980. A notable fact that ECC provides security levels equivalent to that offered by RSA using smaller key sizes. Since that time, many public key algorithms have been introduced which can allowconsiderable savings in hardware implementations [1], [3].
The security level of each algorithm is based on the difficulty of a specific mathematical problem. Among the most popular examples: RSA which is based on the factorization problem for large integers, and Elliptic Curve Cryptosystems (ECC), which were based on the well-known discrete logarithm problem. Other advantages for ECC are: High speed operations, low throughput consuming compared to other algorithms and compatibility with implementation on small hardware devices (smart cards, cellular phones)[1]. Because of these aspects of ECC and since there is no efficient general attack on the discrete logarithm problem for elliptic curve, ECC is regarded in top of the list of secured public key algorithms [2],[3]. In ECC, the plaintext is represented as a point on elliptic curve and then ECC performs elliptic curve operations on that point in order to yield a new point which represents the ciphertext.
Qasem Saleh Abu Al-Haija , ”Efficient Algorithms For Elliptic Curve Cryptography Using New Coordinates System”, Master Thesis, Computer Engineering Department, Jordan University of Science and Technology, discussed in 28/Dec/2009.
Qasem Abu Al-Haija and Lo’ai Tawalbeh, ” Efficient Algorithms & Architectures for Elliptic Curve Crypto-Processor Over GF (P) Using New Projective Coordinates Systems”, Accepted for publication at Journal of Information Assurance and Security (JIAS), By Dynamic Publishers Inc., USA, July 2010.
Qasem Abu Al-Haija and Mohammad Al-Khatib , “Parallel Hardware Algorithms & Designs for Elliptic Curves Cryptography to Improve Point Operations Computations" Accepted for publication at Journal of Information Assurance and Security (JIAS), By Dynamic Publishers Inc., USA, April 2010, Vol.4, No.1, Paper 6: (588-594).
- Qasem Abu Al-Haija “Toward Secure Non-Deterministic Distributed Wireless Sensor Network Using Probabilistic Key Management Approaches,” Accepted for publication at Journal of Information Assurance and Security (JIAS), By Dynamic Publishers Inc., USA, July 2010.
- Omar Banimelhem, Qasem Abu Al-Haija and Ahmad Al-Badawi " Performance Evaluation of Probabilistic Key Management Approaches for Wireless Sensor Networks" ,Proceedings of the first International Conference in Information and Communication Systems - ICICS2009, Paper495, Dec 2009.
Must work to find mathematical solutions to address the protection of information and algorithms of the public key
ردحذف"notable fact that ECC provides security levels equivalent to that offered by RSA using
ردحذفsmaller key sizes".. I think this is because ECC algorithm uses less data storage areas
than RSA, so that it's more compatible to be implemented on small hardware devices.
am i right?
I saw in the public key algorithm, it's a high-speed, and more effort.
ردحذفInformation is the most important issues our time, So it must work to maintain the security and protection.
ردحذفThe problem is as more as secured algorithims been created, there will be more methods created trying to collapse these algorithms and break the security wall.
ردحذفFor Sweet Sour: Yes you are right thats why i mentioned that the use of ECC will be very efficient due to its ability to replace several other PKCs
ردحذفI discovered from your blog that without cryptography life could be more difficult
ردحذفthnx a lot for these valuable information
For Googs, yes you are right but in more accurate language, you mean it it uses smaller key sizes with similar level of security compared to many other cryptosystems such as RSA, DH , ...etc
ردحذفأزال المؤلف هذا التعليق.
ردحذفthats why Kersho's said that the person who designed the cryptosystem should assume that there is no secure channel and everybody knows the algorithm used in the info. sec.
ردحذفcan we really protect our security information from bieng hacked at all? it's difficult most of the time
ردحذفYour blog is very important for people like cause I don’t really know that much but I have question How large a key should be used in the RSA cryptosystem?
ردحذفFor Golden: YOU are welcome and actually, Cryptography is considered the ART of Science in protecting your information, so that we have to thank GOD who help us in finding the Cryptography Science :)
ردحذفFor Sara: it depends in many factors such as the algorithm you used, the key-length and the complexity of the design (The design may be HW or SW).
ردحذفAs you see in my blog, i focused and advised to use the ECC Cryptosystem, which is well-known to be one of the most secure Public Key Protocols, i think it will be the new revolution of this era in the field of information technology.
dunno how true is my question, but can we use two symmetric key algorithms at the same time in encryption and decryption methods?
ردحذفFor ICE: regarding RSA, it uses different key lenghts such as 1024 bit(1K), 2048 bit(2K), or more. But the amazing part of ECC is that it will give you the same security level of RSA 1024 with 160 bit only.
ردحذفFor Tamara: yes you can, but there will not be any benefits from using them because as you know, the symmetric key is one key used for both parties (Sender who will encrypt and Receiver who will decrypt), and this key will be sent over the channel in the key agreement phase right, so if the attacker was there at this moment, so tell me what the benefits from using that!!!
ردحذفYou gave the reader a comprehensive idea about privacy and authentication and how its important and affect our lives, but i wonder is there a life cycle for a key and how long it could last?
ردحذفFor Angry: excellent question, thank you,
ردحذفActually you may think it as sending all messages using the same key, this may help the attacker who has an access for your encrypted messages (Ciphertext) in extracting some information about the key you used, so that it will be a trade-off between using the key and the age of this key, it also depends on the key lengh and many other factors, did i get u??
very well,thank you verrry much ,keep it up :)
ردحذفAs long as new mathematical algorithms created, there will be more new encryption and decryption methods.
ردحذفFor Tayem:yes of course, because of cryptography is heavily based on Mathematical Arithmetic
ردحذفHow the keys are being stored and used in the recepient's hard disk or hardware device?
ردحذفYes you are right! thank you for your valuable info.
ردحذفFor Tayem: actually, there is a lot to say but i think you have to read reference 2, it will demonstrate all about the keys and how we deal with them.
ردحذفIs RSA patented? And when was it issued? Where can I learn more about cryptography and is it hard?
ردحذفEng.Qasim: Thx for these new information, alot of ppl don't know that their exchangable data could be hacked any time! and that computer scientists are working on solving this problem. Thnx for their huge efforts really. They make our life easier with more safety
ردحذفFor Unknown Guy: RSA (which stands for Rivest, Shamir and Adleman who first publicly described it) is a patent, it was established in 1978,
ردحذفTo learn more bout cryptography (Which is not a complex task but it required high level of math knowledge more than any thing else) you can start by reading the book: "Introduction to Cryptography with Coding Theory," By Wade Trappe, And Lawrence C. Washington.
How fast is the RSA algorithm?
ردحذفFor Amira: actually it depends on the way you design it, may be HW or SW, and there several techniques when we design the crypt-processor
ردحذفGood Day Dr. Qasem
ردحذف