Research Article
Open Access
A Comparison of Cryptographic Algorithms:
DES, 3DES, AES, RSA and Blowfish for Guessing
Attacks Prevention
Mohammed Nazeh Abdul Wahid*, Abdulrahman Ali, Babak Esparham and Mohamed Marwan
Limkokwing University of Creative and Technology, Post Graduate Centre, Cyberjaya, Malaysia
*Corresponding author: Mohammed Nazeh Abdul Wahid, Senior Lecturer, Limkokwing university of creative technology, Post Graduate Centre,
Cyberjaya, Malaysia, Tel: +60104339985; E-mail:
@
Received: June 22, 2018; Accepted: July 12, 2018; Published: August 10, 2018
Citation: Nazeh Abdul Wahid MD, Ali A, Esparham B, Marwan MD (2018) A Comparison of Cryptographic Algorithms: DES, 3DES, AES, RSA and Blowfish for Guessing Attacks Prevention. J Comp Sci Appl Inform Technol. 3(2): 1-7. DOI: 10.15226/2474-9257/3/2/00132
Abstract
Encryption is the process of encoding information or data in
order to prevent unauthorized access. These days we need to secure
the information that is stored in our computer or is transmitted via
internet against attacks. There are different types of cryptographic
methods that can be used. Basically, the selecting cryptographic
method depends on the application demands such as the response
time, bandwidth, confidentiality and integrity. However, each of
cryptographic algorithms has its own weak and strong points. In this
paper, we will present the result of the implementation and analysis
that applied on several cryptographic algorithms such as DES, 3DES,
AES, RSA and blowfish. Also, we will show the comparisons between
the previous cryptographic techniques in terms of performances,
weaknesses and strengths.
Keywords: Network security; Data encryption; Secure communication; Attacks; Ciphertext;
Keywords: Network security; Data encryption; Secure communication; Attacks; Ciphertext;
Introduction
In recent years, many applications based on internet are
developed such as on-line shopping, internet banking and
electronic bill payment etc. Such transactions, over wire or
wireless public networks demand end-to-end secure connections,
should be private, to ensure data authentication, accountability
and privacy, integrity and availability, also known as CIA triad
[25].
For this reason, the proposed algorithm has utilized Feistel Cipher in safe wifi design (sWiFi). In addition, this system will use Hash-based Message Authentication Code (HMAC) technology for authentication purposes. Experimental tests have provided an evaluation of four encryption algorithms (AES, DES, 3DES, and Blowfish) compared to developed sWiFi systems [26].
Encryption is one of the principal means to guarantee security of sensitive information. Encryption algorithm performs various substitutions and transformations on the plaintext (original message before encryption) and transforms it into ciphertext (scrambled message after encryption). Many encryption algorithms are widely available and used in information security. Encryption algorithms are classified into two groups: Symmetrickey (also called secret-key) and Asymmetric-key (called publickey) encryption [2].
A secure Wi-Fi system for wireless networks: experimental evaluation is a network security system for an application using the proposed algorithm. As for some cryptographic system, it is commonly used to secure communication channels by using public key exchanges based on algorithms such as RSA, DES, AES, Triple DES and Blowfish. From the key exchange, it depends on the key used to encrypt data sent over an unsecured Internet channel. In addition, the existing cryptographic algorithm relies on a data separation model designed by IBM’s Horst Feistel [27].
A secure data transmission feature of (CC) cloud computing has plays a very important role in business perspective. For utilizing cloud computing, business trends have to play a lot of money to the cloud service provider. Cloud service provider also has guaranteed either the confidentiality or integrity of the data. This paper proposes an intensive study for the idea of sending already encrypted file through cloud in spite of the original file using RSA and DES algorithm of cryptography [4]. The aim is to provide evidence of which of the encryption methods has more powerful and effectiveness technique when encrypted file is transmitted, so original file is not available even at the network. So even if any intermediate user sees the data, he will not be able to understand the data. That’s why confidentiality and integrity is maintained by this. Hence, security of cloud data will be increased. This work can be enhanced using hybrid approach by integrating multiple cryptography algorithms [28].
For this reason, the proposed algorithm has utilized Feistel Cipher in safe wifi design (sWiFi). In addition, this system will use Hash-based Message Authentication Code (HMAC) technology for authentication purposes. Experimental tests have provided an evaluation of four encryption algorithms (AES, DES, 3DES, and Blowfish) compared to developed sWiFi systems [26].
Encryption is one of the principal means to guarantee security of sensitive information. Encryption algorithm performs various substitutions and transformations on the plaintext (original message before encryption) and transforms it into ciphertext (scrambled message after encryption). Many encryption algorithms are widely available and used in information security. Encryption algorithms are classified into two groups: Symmetrickey (also called secret-key) and Asymmetric-key (called publickey) encryption [2].
A secure Wi-Fi system for wireless networks: experimental evaluation is a network security system for an application using the proposed algorithm. As for some cryptographic system, it is commonly used to secure communication channels by using public key exchanges based on algorithms such as RSA, DES, AES, Triple DES and Blowfish. From the key exchange, it depends on the key used to encrypt data sent over an unsecured Internet channel. In addition, the existing cryptographic algorithm relies on a data separation model designed by IBM’s Horst Feistel [27].
A secure data transmission feature of (CC) cloud computing has plays a very important role in business perspective. For utilizing cloud computing, business trends have to play a lot of money to the cloud service provider. Cloud service provider also has guaranteed either the confidentiality or integrity of the data. This paper proposes an intensive study for the idea of sending already encrypted file through cloud in spite of the original file using RSA and DES algorithm of cryptography [4]. The aim is to provide evidence of which of the encryption methods has more powerful and effectiveness technique when encrypted file is transmitted, so original file is not available even at the network. So even if any intermediate user sees the data, he will not be able to understand the data. That’s why confidentiality and integrity is maintained by this. Hence, security of cloud data will be increased. This work can be enhanced using hybrid approach by integrating multiple cryptography algorithms [28].
Evaluation Metrics
In this paper, the analysis has been done based on the following
metrics: [1].
i- Encryption time: The time taken to convert plaintext to ciphertext is encryption time. Encryption time depends upon key size, plaintext block size and mode. In our experiment, we have measured encryption time in milliseconds. Encryption time affects performance of the system [3]. Encryption time must be less making the system fast and responsive.
ii- Decryption time: The time to recover plaintext from ciphertext is called decryption time. The decryption time is desired to be less similar to encryption time to make system responsive and fast. Decryption time affects performance of system. In our experiment, we have measured decryption time is milliseconds.
iii- Memory used: Different encryption techniques require different memory size for implementation. This memory requirement depends on the number of operations to be done by the algorithm, key size used, initialization vectors used and type of operations. The memory used impacts cost of the system. It is desirable that the memory required should be as small as possible.
iv- Avalanche effect: In cryptography, a property called diffusion reflects cryptographic strength of an algorithm. If there is a small change in an input, the output changes significantly. This is also called avalanche effect. We have measured Avalanche effect using hamming distance. Hamming distance in information theory is measure of dissimilarity. We find hamming distance as sum of bit-by-bit xor considering ASCII value, as it becomes easy to implement programmatically. A high degree of diffusion i.e. high avalanche effect is desired. Avalanche effect reflects performance of cryptographic algorithm.
v- Entropy: is the randomness collected by an application for use in cryptography that requires random data. A lack of entropy can have a negative impact on performance and security.
vi- Number of bits required for encoding optimally: the number of bits required to encode an encrypted character should be less. Since, the encrypted bit will be transmitted over a network after encoding; this metric tells us the bandwidth required for transmission. If an encrypted bit is encoded with fewer bits, it will consume lesser bandwidth and lesser storage as well. Hence, this impacts cost.
i- Encryption time: The time taken to convert plaintext to ciphertext is encryption time. Encryption time depends upon key size, plaintext block size and mode. In our experiment, we have measured encryption time in milliseconds. Encryption time affects performance of the system [3]. Encryption time must be less making the system fast and responsive.
ii- Decryption time: The time to recover plaintext from ciphertext is called decryption time. The decryption time is desired to be less similar to encryption time to make system responsive and fast. Decryption time affects performance of system. In our experiment, we have measured decryption time is milliseconds.
iii- Memory used: Different encryption techniques require different memory size for implementation. This memory requirement depends on the number of operations to be done by the algorithm, key size used, initialization vectors used and type of operations. The memory used impacts cost of the system. It is desirable that the memory required should be as small as possible.
iv- Avalanche effect: In cryptography, a property called diffusion reflects cryptographic strength of an algorithm. If there is a small change in an input, the output changes significantly. This is also called avalanche effect. We have measured Avalanche effect using hamming distance. Hamming distance in information theory is measure of dissimilarity. We find hamming distance as sum of bit-by-bit xor considering ASCII value, as it becomes easy to implement programmatically. A high degree of diffusion i.e. high avalanche effect is desired. Avalanche effect reflects performance of cryptographic algorithm.
v- Entropy: is the randomness collected by an application for use in cryptography that requires random data. A lack of entropy can have a negative impact on performance and security.
vi- Number of bits required for encoding optimally: the number of bits required to encode an encrypted character should be less. Since, the encrypted bit will be transmitted over a network after encoding; this metric tells us the bandwidth required for transmission. If an encrypted bit is encoded with fewer bits, it will consume lesser bandwidth and lesser storage as well. Hence, this impacts cost.
Methods
As we have mentioned that Encryption is the process of
encoding information or data in order to prevent unauthorized
access. There are different types of cryptographic methods that
can be used. Each one of them serving different topology and
all provide secure transmitted data through network links and
ensure authentication and confidentiality. All these end to end
encryption and decryption algorithms have to be applied in the
physical layer and security layer of the computer application.
At the same time a specific IP configurations are need to be
considered as well as the protocol that will be used to transmit
the traffics. The diagram below showing us the cipher security
classes which are subdivided into 2 models: classical and modern
class. The most common and used is the modern class due to the
dynamic and static cryptography techniques that this technique
was deployed with. It is known also by its types;
i. Secret Key (Symmetric Key) in a symmetric cryptosystem, the same key is used for encryption and decryption [5,11].
ii. Public Key (Asymmetric Key) in an asymmetric, the encryption and decryption keys are different but related. The encryption key is known as the public key and the decryption key is known as the private key. The public and private keys are known as a key pair [5].
So, our focus point in this paper is on these two types with their classes to show the significance for each one of them through our literature and to prove which one is the best with what environment. (Figure 1)
i. Secret Key (Symmetric Key) in a symmetric cryptosystem, the same key is used for encryption and decryption [5,11].
ii. Public Key (Asymmetric Key) in an asymmetric, the encryption and decryption keys are different but related. The encryption key is known as the public key and the decryption key is known as the private key. The public and private keys are known as a key pair [5].
So, our focus point in this paper is on these two types with their classes to show the significance for each one of them through our literature and to prove which one is the best with what environment. (Figure 1)
Figure 1: Classification of Encryption Methods
Advanced Encryption Standard (AES)
Advance Encryption Standard (AES) algorithm was developed in
1998 by Joan Daemen and Vincent Rijmen, which is a symmetric
key block cipher [7]. AES algorithm can support any combination
of data (128 bits) and key length of 128, 192, and 256 bits.
The algorithm is referred to as AES-128, AES-192, or AES-256,
depending on the key length. During encryption decryption
process, AES system goes through 10 rounds for I28-bit keys, 12
rounds for I92-bit keys, and 14 rounds for 256-bit keys in order
to deliver final cipher-text or to retrieve the original plain-text
AES allows a 128 bit data length that can be divided into four
basic operational blocks. These blocks are treated as array of
bytes and organized as a matrix of the order of 4×4 that is called
the state. For both encryption and decryption, the cipher begins
with adding Round Key stage [30]. However, before reaching the
final round, this output goes through nine main rounds, during
each of those rounds four transformations are performed; 1- Subbytes,
2- Shift rows, 3- Mix-columns, 4- Add round Key. In the
final (10th) round, there is no Mix-column transformation. Figure
shows the overall process. Decryption is the reverse process
of encryption and using inverse functions: Inverse Substitute
Bytes, Inverse Shift Rows and Inverse Mix Columns. Each round
of AES is governed by the following transformations [12]: 3.4.1
Substitute Byte transformation AES contains 128 bit data block,
which means each of the data blocks has 16 bytes. In sub-byte
transformation, each byte (8-bit) of a data block is transformed
into another block using an 8-bit substitution box, which is
known as Rijndael Sbox [13]. (Figure 2)
Figure 2: AES (Advanced Encryption Standard) process
Data Encryption Standard (DES)
DES is one of the most widely accepted, publicly available
cryptographic systems. It was developed by IBM in the 1970s
but was later adopted by the National Institute of Standards and
Technology (NIST). The algorithm submitted to the National
Bureau of Standards (NBS) to propose a candidate for the
protection of sensitive unclassified electronic government data. It
is now taken as unsecured cause of its small size and a brute force
attack is possible in it. The key length is 56 bits and block size is
64 bit length. It is vulnerable to key attack when a weak key is
used. It began with a 64 bit key and then the NSA put a restriction
to use of DES with a 56- bit key length, hence DES discards 8 bits
of the 64 bit key and then uses the compressed 56 bit key derived
from 64 bits key to encrypt data in block size of 64bits.DES can
operate in different modes - CBC, ECB, CFB and OFB, making it
flexible. It is vulnerable to key attack when a weak key is used.
In January 1999 distributed net and the Electronic Frontier
Foundation (EFF) collaborated to publicly break a DES key in 22
hours and 15 minutes. The algorithm is believed to be practically
secure in the form of Triple DES, although there are theoretical
attacks. In recent years, the cipher has been superseded by the
Advanced Encryption Standard (AES) [14-16].
Rivest-Shamir-Adleman (RSA)
RSA is founded in 1977 is a public key cryptosystem. RSA is
an asymmetric cryptographic algorithm named after its founders
Rivest, Shamir & Adelman [9,29]. It is one of the best-known
public key cryptosystems for key exchange or digital signatures or
encryption of blocks of data. RSA uses a variable size encryption
block and a variable size key. It is an asymmetric (public key)
cryptosystem based on number theory, which is a block cipher
system. It uses two prime numbers to generate the public and
private keys size is 1024 to 4096 bits. These two different keys
are used for encryption and decryption purpose. Sender encrypts
the message using Receiver public key and when the message
gets transmit to receiver, then receiver can decrypt it by using
his own private key [20,21]. RSA operations can be decomposed
in three broad steps; key generation, encryption and decryption.
RSA have many flaws in its design therefore not preferred for the
commercial use. When the small values of p & q are selected for
the designing of key then the encryption process becomes too
weak and one can be able to decrypt the data by using random
probability theory and side channel attacks. On the other hand, if
large p & q lengths are selected then it consumes more time and
the performance is degraded in comparison with DES. Further,
the algorithm also requires of similar lengths for p & q, practically
this is very tough conditions to satisfy. Padding techniques are
required in such cases increases the system’s overheads by taking
more processing time. Figure illustrates the sequence of events
followed by RSA algorithm for the encryption of multiple blocks.
Decrypt blocks of data consisting of 64 bits by using a 64-bit key
[22]. (Figure 3)
Figure 3: RSA processing of Multiple Blocks [23]
Blowfish
Blowfish was first published in 1993 [6]. It is a symmetric
key block cipher with key length variable from 32 to 448 bits
and block size of 64 bits. Its structure is fiestal network. Blowfish
is a symmetric block cipher that can be used as an informal
replacement for DES or IDEA. It takes a variable-length key,
from 32 bits to 448 bits, making it ideal for both domestic and
commercial use [8]. Blowfish was designed by Bruce Schneier as
a fast, free alternative to existing encryption algorithms. From
then, it has been analyzed considerably, and it is slowly gaining
popularity as a robust encryption algorithm. It suffers from
weak keys’ problem; no attack is known to be successful against.
Blowfish is not patented, has free license and is freely available
for all uses [24].
Results and Discussions
In this paper, the results are analyzed based on the
implementation that performed in [1,27].
i- Figure 4 shows that the blowfish algorithm records the fastest encryption time, and RSA algorithm records the slowest encryption time. Based on the encryption time we will select the blowfish technique for further evaluation.
i- Figure 4 shows that the blowfish algorithm records the fastest encryption time, and RSA algorithm records the slowest encryption time. Based on the encryption time we will select the blowfish technique for further evaluation.
Figure 4: Encryption time vs. File size for DES, 3DES, AES, Blowfish and RSA
ii- Figure 5 shows that the decryption time for all algorithms
is faster than the encryption time. Also, blowfish algorithm
records the fastest decryption time and RSA algorithm records
the slowest decryption time. Based on the decryption time
feature we will select the blowfish technique to be considered
at the next evaluation level.
Figure 5: Decryption time vs. File size for DES, 3DES, AES, Blowfish and
RSA
iii- Up next in the table 1 presents that memory used for unit
operations for all cryptographic techniques that we studied.
Blowfish consumed less memory storage than other types,
while RSA uses the highest memory.
Table 1: Comparison of memory used
Algorithm |
Memory used (KB) |
DES |
18.2 |
3DES |
20.7 |
AES |
14.7 |
Blowfish |
9.38 |
RSA |
31.5 |
iv- Figure 6 displays that AES manifests the highest avalanche
effect, whereas RSA manifests the least avalanche effect. This
has turned the attention back to AES for further analysis and
improvements.
v- As the entropy test and final experiment. Table 2 shows that blowfish records the highest average entropy per byte of encryption. That should highlight the blowfish algorithm achievements for consideration of a new security aspect.
v- As the entropy test and final experiment. Table 2 shows that blowfish records the highest average entropy per byte of encryption. That should highlight the blowfish algorithm achievements for consideration of a new security aspect.
Figure 6: Decryption time vs. File size for DES, 3DES, AES, Blowfish and
RSA
Table 2: Average entropy values
Algorithm |
Average entropy per byte of |
DES |
2.9477 |
3DES |
2.9477 |
AES |
3.84024 |
Blowfish |
3.93891 |
RSA |
3.0958 |
vi- Table 3 presents AES demands the highest number of bits
to be encoded optimally, whereas DES demands the lowest
number of bits to be encoded optimally.
Table 3: Optimal encoding length
Algorithm |
Average number of bits demanded to |
DES |
27 |
3DES |
40 |
AES |
256 |
Blowfish |
128 |
RSA |
44 |
Conclusion
Each of cryptographic algorithms has weakness points and
strength points. We select the cryptographic algorithm based
on the demands of the application that will be used. From the
experiment results and the comparison, the blowfish algorithm
is the perfect choice in case of time and memory according to
the criteria of guessing attacks and the required features, since it
records the shortest time among all algorithms. Also, it consumes
the minimum memory storage. If confidentiality and integrity are
major factors, AES algorithm can be selected. If the demand of the
application is the network bandwidth, the DES is the best option.
We can consider that blowfish and AES algorithms are used to
prevent the application from guessing attacks and it can be
applied on top of all the internet protocols that are based on IPv4
and IPv6 and the examinations recoded in this paper showing
that all the algorithms and the classes are functioned well with
different execution time and memory consumption.
ReferencesTop
- Priyadarshini P, Prashant N, Narayan DG, Meena SM. A Comprehensive Evaluation of Cryptographic Algorithms: DES, 3DES, AES, RSA and Blowfish. Procedia Computer Science. 2016;78:617-624.
- Yogesh K, Rajiv M, Harsh S. Comparison of symmetric and asymmetric cryptography with existing vulnerabilities and countermeasures. International Journal of Computer Science and Management Studies. 2011;11(3):60-63.
- Jeeva AL, Palanisamy V, Kanagaram K. Comparative analysis of performance efficiency and security measures of some encryption algorithms. International Journal of Engineering Research and Applications. 2012;2(3): 3033-3037.
- Alanazi HO, Zaidan BB, Zaidan AA, Jalab HA, Shabbir M, Al-Nabhani Y. New Comparative Study Between DES, 3DES and AES within Nine Factors. Journal of Computing. 2010;2(3):152-157.
- Ritu T, Sanjay A. Comparative Study of Symmetric and Asymmetric Cryptography Techniques. International Journal of Advance Foundation and Research in Computer. 2014;1(6):68-76.
- Mahindrakar MS. Evaluation of Blowfish Algorithm based on Avalanche Effect. International Journal of Innovations in Engineering and Technology. 2014;4(1):99-103.
- Ritu P, Vikas k. Efficient Implementation of AES. International Journal of Advanced Research in Computer Science and Software Engineering. 2013;3(7):290-295.
- Pratap CM. Superiority of blowfish Algorithm. International Journal of Advanced Research in Computer Science and Software Engineering. 2012;2(9):196-201.
- Preetha M, Nithya M. A study and performance analysis of RSA algorithm. International Journal of Computer Science and Mobile Computing. 2013;2(6):126-139.
- Karthik S, Muruganandam A. Data encryption and decryption by using triple DES and performance analysis of crypto system. International Journal of Scientific Engineering and Research. 2014;2(11):24-31.
- Elminaam DSA, Kader HMA, Hadhoud MM. Performance Evaluation of Symmetric Encryption Algorithms. International Journal of Computer Science and Network Security. 2008;8(12):280-286.
- Akash KM, Chandra P, Archana T. Performance Evaluation of Cryptographic Algorithms: DES and AES. IEEE Students’ Conference on Electrical, Electronics and Computer Science. 2012:1-5.
- Ritu P, Vikas k. Efficient Implementation of AES. International Journal of Advanced Research in Computer Science and Software Engineering. 2013;3(7):290-295.
- Karthik S, Muruganandam A. Data encryption and decryption by using triple DES and performance analysis of crypto system. International Journal of Scientific Engineering and Research. 2014;2(11):24-31.
- Stallings W. Cryptography and network Security: Principles and Practice. 5th Edition Pearson Education/Prentice Hall; 2011.
- DES. Available from: http://www.tropsoft.com/strongenc/des.htm
- 3DES. Available from: http://www.cryptosys.net/3des.html
- Preetha M, Nithya M. A study and performance analysis of RSA algorithm. International Journal of Computer Science and Mobile Computing. 2013;2(6):126-139.
- 3DES. Available from: http://en.wikipedia.org/wiki/Triple_DES
- Aman K, Sudesh J, Sunil M. Comparative Analysis between DES and RSA Algorithm’s. International Journal of Advanced Research in Computer Science and Software Engineering. 2012;2(7):386-391.
- Xin Z, Xiaofei T. Research and Implementation of RSA Algorithm for Encryption and Decryption. 6th International Forum on Strategic Technology. 2011:1118-1121.
- Preetha M, Nithya M. A study and performance analysis of RSA algorithm. International Journal of Computer Science and Mobile Computing. 2013;2(6):126-139.
- Stallings W. Cryptography and network Security: Principles and Practice. 5th Edition Pearson Education/Prentice Hall; 2011.
- Pratap CM. Superiority of blowfish Algorithm. International Journal of Advanced Research in Computer Science and Software Engineering. 2012;2(9):196-201.
- Bono SC, Green M, Stubblefield A, Juels A, Rubin AD, Szydlo M. Security analysis of a cryptographically- enabled RFID device. In: SSYM’05: Proceedings of the 14thconference on USENIX Security Symposium. 2005.
- Schneier B, Kelsey J. Unbalanced Feistel networks and block cipher design. In: Proceedings of the Third International Workshop on Fast 12 Software Encryption. 1996:121-144.
- Polimon J, Hernandez-Castro JC, Estevez-Tapiador JM, Ribagorda A. Automated design of a lightweight block cipher with genetic programming. Int J Know-Based Intell Eng Syst. 2008;12(1):3-14.
- Pooja B. Optimization of Cryptography Algorithms in Cloud Computing. International Journal of Computer Trends and Technology. 2017;46(2):67-72.
- Sonal S, Prashant S, Ravi Shankar D. RSA algorithm using modified subset sum cryptosystem. 2nd International Conference on Computer and Communication Technology. 2011:457-461.
- Shraddha D. Performance Analysis of AES and DES Cryptographic Algorithms on Windows & Ubuntu using Java. International Journal of Computer Trends and Technology. 2016;35(4):179-183.