University Of Computer Studies ,Yangon

Securing File Sharing Using AES-CBC

Authenticated Encryption

Name : Chan Myae Thu

Roll No. : 6CS-85(CSF-33)
Batch : 25th batch
Supervisor : Dr. Amy Tun
Seminar : Third Seminar
Date :
Outline
 Abstract  Related Work

 Introduction  Conclusion

 Objectives  References

 Background Theory  Thesis Schedule

 Cryptography

 Encryption/Decryption

 AES Algorithm

 AES-CBC

 Initialization Vector
Abstract

 Today people are widely used internet, electronic records because of their ease of alteration and fast
transition.
 Data security while transferring data from one place to other is major issue in today’s world.
 Data security mainly refers to protection of data from unintended user.
 Cryptography plays a major role in data security.
 Data encryption is an easy means of securing personal or business data protection.
 Many secure transmission techniques require any encryption.
 In the proposed system, the encryption will be concurrently used AES-CBC in secure data sharing.
 For secure key sharing purpose, this system will also be used Elgamal encryption algorithm to encrypt the
AES-CBC’s symmetric key.
Introduction

 In today world most of the communication is done using electronic media.

 Data Security plays a vital role in such communication.

 Hence, there is a need to protect data from malicious attacks. Cryptography is the science of
secret codes, enabling the confidentiality of communication through an insecure channel.

 It protects against unauthorized parties by preventing unauthorized alteration of use.

 Cryptographic algorithms are very important in information security where data is encrypted at
the sender side and decrypted at the receiver side.

 Computer and communications systems use cryptography for three broad purposes—to protect
the confidentiality of information (i.e., encryption), to protect the integrity of information, and to
authenticate the originator or sender of information.
Introduction (Cont’d)

 The Advanced Encryption Standard (AES) algorithm is a symmetric block cipher adopted by the
NIST in 2001.

 The size of an AES block is 128 bits, whereas the size of the encryption key can be 128, 192 or
256 bits.

 Modes of operation may also provide application of the block cipher on a stream of plaintext and
make the algorithm more efficient.
Objectives
 To protect the confidentiality of digital data stored on computer system or transmitted via the internet or
other computer network

 To prevent third parties from recovering any of the original data or even any information about the data,
from encrypted data

 To show CBC mode of AES operation has parameters which require careful and correct selection and
implementation

 To explore the operation of CBC mode on AES for .doc and .xlsx file encryption
Background Theory
 Cryptography
Cryptography

 Cryptography is the science or study of techniques of secret writing and secure data
transferring.

 Cryptography is as broad as formal linguistics which obscure the meaning from those without
formal training.

 It is also as specific as modern encryption algorithms used to secure transactions made across
digital networks (LAN, WAN, Ethernet, Internet).

 Cryptography constitutes any method in which someone attempts to hide a message, or the
meaning thereof, in some medium.
Encryption/Decryption
 Encryption is one specific element of cryptography in which one hides data or information using
password by transforming it into an undecipherable code.

 Some encryption algorithms require the key to be the same length as the message to be encoded,
yet other encryption algorithms can operate on much smaller keys relative to the message.

 Decryption is often classified along with encryption as it's opposite.

 Decryption of encrypted data results in the original data.

 Encryption is used in everyday modern life. Encryption is most used among transactions over
insecure channels of communication, such as the internet.

 Encryption is also used to protect data being transferred between devices such as automatic
teller machines (ATMs), mobile telephones, and many more.
AES Algorithm

 The AES (Advanced Encryption Standard) algorithm is an algorithm for symmetric key
encryption.

 The AES algorithm uses 128-bit, 192-bit, and 256-bit keys of varying lengths. The AES algorithm
treats every 128 bits of blocks into a 16 byte segment. Every 16 byte segment gets settled as a 4
and 4 bytes matrix. The length of the key determines the number of rounds involved.

 If the length of the plaintext is larger than the block size, it must be divided into several blocks.
Typically, the last block of the plaintext must be padded to match the block size.
AES algorithm

Figure1: AES algorithm grouping and encryption diagram

 AES Algorithm

Encryption Process Decryption Process

1. Byte Substitution (SubBytes) 1. Add round key

2. Shiftrows 2. InvMixColumns

3. MixColumns 3. InvShiftrows

4. Addroundkey 4. Byte substitution( Inv-SubBytes)

Modes of AES Operation
 Block ciphers are deterministic, i.e. given a key and plaintext block as input, and that will always
generate the same output.
 So need to have a mode of operation to convert fewer or more bytes than the block into ciphertext and
back again. This mode needs to be non-deterministic.
 AES, or Advanced Encryption Standard, is a block cipher that encrypts blocks of data in 128 bits. To
encrypt anything larger than 128 bits, AES uses a block cipher mode. There are many different AES
block cipher modes that are part of the AES specification.

Modes of AES algorithm

CBC CFB OFB ECB CTR GCM

mode mode mode mode mode mode
Figure2: Modes of Operation in AES Algorithm
Cipher block chaining (CBC) Mode

 The CBC mode of operation provides the cryptographic security by using an initialization vector-IV.

 IV has the same size as the block that is encrypted. In general, the IV is usually a random number.

 In CBC mode, when same plaintext blocks are encrypted, a different ciphertext blocks are obtained.
Also using a different IV for each new encryption, an identical message will always be encrypted
differently.

 If a plaintext or ciphertext block is broken, it will affect all following block.

 CBC mode is used in many applications such as email or web data.

 In figure, first an XOR operation is applied to the plaintext block (P1) with the IV, and then an
encryption with the key (K) is performed. Then the results of the encryption performed on each block
(C1,C2 , …, CN-1 ) is used in a XOR operation of the next plaintext block P N which results in CN.
Cipher block chaining (CBC)

P1 P2 PN

IV + + CN-1 +

Key Encrypt Key Encrypt … Key Encrypt

C1 C2 CN

Figure3(a): Encryption in the CBC Mode

Cipher block chaining (CBC)

C1 C2
CN

Key Decrypt Key Decrypt … Key Decrypt

IV + + CN-1 +

P1 P2 PN

Figure3(b): Decryption in the CBC Mode

Initialization Vector (IV)
 In cryptography, an initialization vector (IV) or starting variable (SV) is an
input to a cryptographic primitive being used to provide the initial state.

 The IV is typically required to be random or pseudorandom, but sometimes an IV

only needs to be unpredictable or unique.

 Randomization is crucial for some encryption schemes to achieve semantic

security.

 This system will used the pseudorandom (Linear Congruential Generator ) as IV.
Linear Congruential Generator

 A polynomial-time computable function f (x) that expands a short random string x

into a long string f (x) that appears random.

 Based on the linear recurrence:

 x i = axi-1 + b mod m ………. ( i≥1 )

 Where x0 is the seed or start value; a is the multiplier; b is the increment; m is the
modulus.
 Output  pseudo-random sequence of bits
ELGamal Cryptosystem

 The EL-Gamal encryption system is an asymmetric key encryption algorithm for public key
cryptosystem.

 Key aspects:

Randomized encryption

 Application:

Establishing a secure channel for key sharing

Encrypting messages
ELGamal Cryptosystem (Cont’d)

 ELGamal encryption algorithm was described by Taher ELGamal.

 ELGamal encryption consists of three components: the key generator, the

encryption algorithm, and the decryption algorithm.
ELGamal Cryptosystem (Cont’d)

Figure 4: Operation of ELGamal Encryption System

 ELGamal Cryptosystem – Key Generation

Select a large prime p;

Select d to be a member of the group G = < ZP*, X > where 1<= d<= p-2

Select e1 to be a primitive root in the group G = < ZP*, X >

e2  e1 d mod p

Public_key  (e1, e2, p)

Private_key  d

return Public_key and Private_key

}
ELGamal Cryptosystem-Encryption Procedure

ElGamal_Encryption (e1,e2, p, P) // P is the plaintext

Select a random integer r in the group G = < ZP*, X >

C 1  e1r mod p

C 2  ( P x e2r ) mod p // C 1 and C 2 are ciphertexts

return C 1 and C 2

}
ELGamal Cryptosystem-Decryption Procedure

ElGamal_Decryption ( d, p, C 1, C 2 )

P  [C 2 (C 1d) -1 ] mod p

return P

}
Efficiency (Advantages)

 ELGamal encryption generates more than one public keys.

 ELGamal encryption gives different ciphertext for same plaintext each time.

 ELGamal encryption process requires two modular exponentiations, namely e 1r mod p and e2r
mod p.

 These exponentiations can be speed up by selecting random exponent r.

 It also prevents a chosen plaintext attack by using a randomized encryption exponent r.

Example Calculation for El-gamal

 Here is a trivial example. Bob chooses 11 as p. He then chooses e 1 = 2. Note that 2 is a primitive
root in Z11*. Bob then chooses d=3 and calculates e2= e1 d = 8. So the public keys are (2,8,11) and
the private key is 3. Alice chooses r=4 and calculates C1 and C2 for the plaintext 7.

Plaintext:7
C1 = e1 r mod 11= 16 mod 11= 5 mod 11
C2 =(P x e2 r ) mod 11= (7 x 4096) mod 11= 6 mod 11
Ciphertext: (5,6)

 Bob receives the ciphertexts (5,6) and calculates the plaintext.

Ciphertext:[C2 x (C1 d)-1] mod 11= 6 x (53)-1 mod 11=6 x 3 mod 11= 7 mod 11
Plaintext: 7
Example Calculation for El-gamal

Instead of using P=[C2 x (C1 d)-1] mod p for decryption, we can avoid the calculation of multiplicative
inverse and use P=[C2 x C1 p-1-d] mod p. We can calculate P=[6 x 511-1-3] mod 11= 7 mod 11.
The Proposed System
In this system:
 In this system:

 Before sending data ,authentication is done between sender and receiver.

 After the successful authentication, the user can carry out encryption process of data and send that
data to receiver.

 The sender can create or choose the attach .doc / .xlsx file to send to the receiver.

 In the encryption and decryption phase, this system will used AES-CBC mode.

 In the proposed system, 256 bit key size of AES algorithm is used to do the evaluation of the
operation mode of CBC.

 The AES-CBC key is encrypted by Elgamal for secure key sharing.

The Proposed System
In this system:
 System Flow.docx
Code Developments
 Creating Byte Array for plain text:

byte[] plaintextbytes = System.Text.ASCIIEncoding.ASCII.GetBytes(text);

 Creating AES Service provider object from Microsoft Visual Studio

AesCryptoServiceProvider aes = new AesCryptoServiceProvider();

 Defining AES Block Size on Created AES Object

aes.BlockSize = 128;
Code Developments

 Defining AES Key Size of Created AES Object

aes.KeySize = 256;
 Generating AES Key

aes.Key = System.Text.ASCIIEncoding.ASCII.GetBytes(Key);
 Generating Initialization vector (IV)

aes.IV = System.Text.ASCIIEncoding.ASCII.GetBytes(IV);
Code Developments

 Selecting AES CBC mode on Microsoft Visual Studio

aes.Mode = CipherMode.CBC;

 Encryption
ICryptoTransform crypto = aes.CreateEncryptor(aes.Key, aes.IV);

 Decryption

ICryptoTransform crypto = aes.CreateDecryptor(aes.Key, aes.IV);

Related Work
Author Title Contents

Sultan Almuhammadi “A comparative analysis of In this paper, compared the most common block cipher
and Ibraheem Al-Hejri, AES common modes of modes of operation on AES according to the
College of Computer operation” recommendations of the National Institute of Standards
Sciences and and Technology (NIST). The comparison - in terms of
Engineering, IEEE, encryption time, decryption time, and throughput with
2017. variable data packet sizes.

Dobre Blazhevski “ MODES OF OPERATION In this paper, described the most common block cipher
Adrijan Bozhinovski OF THE AES ALGORITHM” modes of operation on AES, their strengths and
Biljana Stojchevska weaknesses , as well as the demands for their parameters
Veno Pachovski, which are necessary to guarantee security.
University American
College Skopje, 2013
 Related Work ( Cont’d)
Author Title Contents

K. V. Pradeep, V. “An Efficient Framework for In this paper, prevent the exposure of the key as well as a
Vijayakumar,1 and V. Sharing a File in a Secure framework for sharing a file that will ensure security
Subramaniyaswamy, Manner Using Asymmetric (CIA) using asymmetric key RSA and distributing it within
School of Computing Key Distribution Management the cloud environment and the comparison- RSA with
Science & Engineering, in Cloud Environment” Elgamal and Paillier using a trusted third party.
VIT, Chennai, India,
2019
Conclusion

 In the proposed system, a detailed comparison of the most common block cipher modes of operation
on AES is presented in terms of encryption time, decryption time and throughput for .doc / .xlsx file
encryption.
 The mode of operation in the proposed system is CBC.
 Modes of operation may also provide application of the block cipher on a stream of plaintext and
make the algorithm more efficient.
 This system can provide a service for secure file sharing by using AES on CBC mode.
 For secure key sharing purpose, this system will also be used Elgamal encryption algorithm to
encrypt the AES-CBC’s symmetric key.
 The proposed system is intended to provide the secure data sending for file sharing system in
campus environment.
System Design
Main Page
Encryption By AES-CBC
Decryption Page
File List
System Evaluation By Timestamp
System Evaluation By Timestamp
 References
1. Sultan Almuhammadi and Ibraheem Al-Hejri, “A Comparative Analysis of AES Common Modes of
Operation”, 2017 IEEE 30th Canadian Conference on Electrical and Computer Engineering
(CCECE)

2. Razvi Doomun*, Jayramsingh Doma, “AES-CBC Software Execution Optimization”, Sundeep

Tengur Computer Science and Engineering, University of Mauritius, 2014.

3. Dobre Blazhevski Adrijan Bozhinovski Biljana Stojchevska Veno Pachovski, “ MODES OF

OPERATION OF THE AES ALGORITHM” , The 10th Conference for Informatics and Information
Technology (CIIT 2013)

4. K. V. Pradeep, V. Vijayakumar,1 and V. Subramaniyaswamy, “An Efficient Framework for Sharing

a File in a Secure Manner Using Asymmetric Key Distribution Management in Cloud
Environment”, Journal of Computer Networks and Communications Volume, 2019.
Suggestions from second seminar

1 Need to evaluate system performance.

Need to reconsider system flow.
2 How to measure or evaluate the strength of proposed encryption system.

What does mean < ZP*, X > . Author should describe and explain all symbols used
in algorithms or equations.

Suggests to consider the comments during the seminar.

Suggestions from second seminar
3
Please, clearly describe key encryption process and description process by
Elgamal with example in PPT.
In theory, public and private key generation is carried out by receiver in Elgamal.
In your proposed, how key generation is managed. Please describe.
In User Interface, AES encryption-decryption, Elgamal encryption-decryption and
so on… all processes should be clearly described.
The experimental result, system accuracy should be described in the third seminar
presentation.
Describe your encryption’ robustness with some attack if possible.
Describe the maximum acceptable file size in your proposed system .
In system design, please clearly define the authentication process.
4 The system flow diagram should be checked with proper symbol usage for input
or process and give explanation clearly in documentation.
Thesis Schedule Second
27
Seminar Third
Seminar Defense

1 Aug 31 Sep
11 July 30 Aug Aug Sep
2022 2022
2022 2022 2022 2022

Paper
First Submission
Seminar
Thesis Book
Preparation
Thank You