Elliptical curve cryptography has emerged as an
alternative to traditional public key cryptosystem. ECC along with scalar multiplication
gaining popularity for providing high level security with smaller key sizes.
ECC is very efficient in terms of key length, key processing speed but it
cannot avoid the doubling attack which can be counter by point multiplication
and sign authentication. Montgomery ladder algorithm is performed on ECC for
point multiplication that will overcome the doubling attacks. The proposed
system will enhance the security and it will reduce the work load of web server
by using ECC in SSL protocol during communication between client and server.
Scalar multiplication of ECC provide security from doubling attack.
Cryptography, Encryption, Decryption, Keys,
a day’s IT industries moving towards web based technology from software
applications. Secure communication is an
integral part of today’s world of on-line transactions. Users on the internet
exchanging financial, business or personal information, want to know whether
the information is secured or not and they wish to ensure that the information
is during transaction is not modified and disclosed. 11 We can say web
security is one of the crucial topic in both technology and everyday life. To
maintain secure communication on web, communication between client and server
must be secured by SSL (secure
socket layer). SSL protocol
provide security in network layer which consist of encryption algorithms. The SSL protocol can apply on any application that runs
over TCP can also run over SSL.
is the most widely used security protocol on the Internet today. It offers
encryption, source authentication and integrity protection for data and is
flexible enough to accommodate different cryptographic algorithms for key
agreement, encryption and hashing. However, the specification describes
particular combinations of these algorithms, called cipher suites, which have
well understood security properties. Today, SSL is trusted to secure
transactions for sensitive applications ranging from web banking, to stock
trading, to e-commerce. 11 Unfortunately, the use of SSL imposes a
significant performance penalty on web servers. secure web servers running 3.4
to 9 times slower compared to regular web servers on the same hardware
platform. SSL utilizes RSA encryption to transmit a randomly chosen secret that
is used to derive keys for data encryption and authentication. The RSA
decryption operation is the most compute intensive part of an SSL transaction
for a secure web server.
Fig 1.1 System
the level of security RSA gives with larger key size can be achieved by ECC
with much smaller key size that reduced the server load and accessing the data
become much faster. 8
II. REVIEW OF LITERATURE
and ECC is compared with their key size, key generation, bandwidth and
efficiency RSA key generation is significantly slower than ECC key generation.
ECC is 10 time than that of RSA computational speed. Encryption in ECC is much
footer than RSA.ECC generate smaller key size. The improved ECC algorithm based
on network information security the algorithm based on the original dot product
operation optimization and square residual determination optimization and
transformation to the private key update to improve original operation
efficiency and safety performance. ECC is used in OpenSSL security protocol for
increasing the security and speeding the access of information on web server.
SSL normally used RSA algorithm but enchaining OpenSSL by ECC will decrease the
load of web server due to its smaller key sizes. SSL protocol higher the work
load and response time of web server but it is important for security.so that
we have RSA in SSL with ECC. which gives lesser response time of HTTPS.
comparison has a been done between RSA and ECC using file HTTPS transaction on
different sizes of file the result concludes the ECC HTTPS request handing time
is less 11.
III. WORKING METHODOLOGY
Cryptographic algorithms is been used to ensure security in
communication channels and networks. The
combinations of cryptographic algorithm for encryption and decryption is called as cipher suites, which have well
understood security properties. Therefore, compromising security of these
algorithms implies compromising security of communication systems that are
ECC cryptographic algorithm has been considered in cipher
suite for encryption between client and server. There is combination of
algorithm is included in cipher suites for handshake between client and server.
The ECC-based cipher suite is been negotiated by the client and server. The
Elliptic Curve Diffie Hellman (ECDH) key exchange and the Elliptic Curve
Digital Signature Algorithm (ECDSA) are elliptic curve counterparts of the well
know Diffie-Hellman and DSA algorithms, that has replaced Diffie Hellman and
DSA in cipher suite. Entire security depends on cipher suite used in SSL. For
improving the security and preventing double attack scalar multiplication of
ECC is performed.
The Secure Sockets Layer (SSL) protocol uses a combination
of public-key and symmetric-key encryption. Symmetric-key encryption is much
faster than public-key encryption; but public-key encryption provides better
authentication and security. The Handshake protocol and the Record Layer protocol
are main component of SSL. The Handshake protocol is bee used by SSL client and
server to negotiate a common cipher suite, authenticate each other, and establish
a shared master secret using public-key. The Record Layer gets symmetric keys
from the master secret and uses them with faster symmetric-key algorithms for
bulk encryption and authentication of application data. Since public-key
operations are expensive in term of computation, the protocol’s designers
provided the ability for a client and server to reuse a previously established
master secret. This ability of session reuse is also known as “session
3.1 System Flow Diagram
The steps involved in
the SSL handshake are as follows
1. The client sends the
server the client’s SSL version number, cipher settings, session-specific data,
and other information that the server needs to communicate with the client
2. The server sends his
detail to the client which is been used for authentication. the detail consist
of server’s SSL version number, cipher settings, session-specific data, and
other information that the client needs to communicate with the server over
SSL. The server also sends its own certificate for authentication, and if the
client is requesting a server resource that requires client authentication, the
server requests the client’s certificate.
3. The client uses the
information sent by the server to authenticate the server. Suppose the server
cannot be authenticated, the user is warned of the problem and informed that an
encrypted and authenticated connection cannot be established. If the server can
be successfully authenticated, the client proceeds towards next steps.
4. Using all data generated
in the handshake thus far, the client creates the pre-master secret for the
session, encrypts it with the server’s public key (obtained from the server’s
certificate), and then sends the encrypted pre-master secret to the server.
5. The server uses its
private key to decrypt the pre-master secret, and then performs a series of
steps (which the client also performs, starting from the same pre-master
secret) to generate the master secret.
6. Both the client and the
server use the master secret to generate the session keys, which are symmetric
keys used to encrypt and decrypt information exchanged during the SSL session
and to verify its integrity.
7. Both then sends a
separate (encrypted) message indicating that the handshake is finished. The SSL
handshake is now complete and the session begins. The client and the server use
the session keys to encrypt and decrypt the data they send to each other and to
validate its integrity.
This is the normal operation condition
of the secure channel.
IV. RESULTS &CONCLUSIONS
multiplication is performed through a combination of point additions and
point-doublings using Montgomery ladder to improve the security level. ECC-160
provides the same security as RSA- 1024 and ECC-224 matches RSA-2048. ECC can
provide high level of security using smaller key that results in reducing the
workload of server during handshake.
above analysis suggests that the use of ECC cipher suites offers significant
performance benefits to SSL clients and servers especially as security needs
increase. As ECC provides equal security like other cryptographic system but
with less key size, it is very suitable for devices which have power, storage
and processing limitation. The use of ECC cipher suites offers significance
performance benefits to SSL clients and servers especially as security needs
increase. Key size for public-key cryptosystems used to establish AES keys will
correspondingly need to increase from current levels. This would favor the use
of ECC over RSA.