A Comparative Analysis of Different Encryption Algorithms: 1 RSA, AES, DSS for Data Security

: With the emerging technology connected with the internet, there is one constant issue 8 related to that is data security. The only solution with which this issue can be resolved at a limit and 9 can be used to protect the data is various algorithms for encryption. Though different approaches 10 were used for the same, Cryptography seems to be efficiently protecting the data while transmit- 11 ting in network from sender to receiver. Firstly the data is encrypted before sending to receiver 12 using the most secure and reliable encryption algorithm. Secondly, at the receiver end it can be 13 decrypted using the same decryption algorithm. Only receiver will have the key with which the 14 data can be decrypted. In this paper, AES, DSS and RSA algorithms were implemented. These al- 15 gorithms are encryption algorithms which perform encoding and decoding of data, to be sent from 16 sender to receiver, using the keys. Each have different criteria for encryption and are then com- 17 pared based on different parameters viz. delay, throughput, PDR is an acronym for packet delivery 18 ratio, PLR represents packet loss ratio and RPC denotes Received Packet Count. The results in the 19 form of graphs are given to analyze the security provided by each algorithm. 20


Introduction 23
With the evolution of human intelligence, information security has become more 24 complex. There are different encryption techniques in which some are reliable based on 25 some factors and some on other factors. It has become difficult to decide the kind of 26 cryptographic algorithms to be used for information security [19]. 27 Cryptography is the study of different methods used for the security of information 28 communicated over network. In cryptography, encryption means encoding of infor-29 mation such that only authorized user can access it and read it. It is done at sender's end. 30 Decryption means decoding of that encoded information that has been encrypted in a 31 secret message. Only authorized user can access it by using a secret key through which 32 the information has been encrypted. 33 Different encryption methods and algorithms are present at hand which are further 34 used for protecting the information. There are two kinds of encryption (cipher) algo-35 rithms -Asymmetric (public) key and Symmetric (private) key encryption algorithms. 36

Symmetric Key Encryption 37
In both the processes of cryptography -encryption and decryption, a private key is 38 used at both the ends -sender and receiver [14]. The method of key exchange has to be 39 done before the data exchange starts [2]. Various examples of symmetric encryption al-40 gorithms are AES, DES [20]. AES uses different bit size keys whereas DES uses only one. 41

Asymmetric Key Encryption 42
This kind of algorithm solves the problem of key distribution among the users ac-43 cessing data as there was only one key in symmetric encryption algorithms. In this, two 44 keys are used-public and private. The former one is used for encrypting the data [1] 45 which is known to everyone and only receiver has access to the latter one and is used for 46 decryption of the encrypted data to obtain the original data . There are many examples of  47  asymmetric encryption algorithms like RSA, Digital Signatures [20].  48  As discussed above, two keys are used which requires more computational calcula-49  tions than symmetric encryption algorithms which only use one key. That's why asym-50 metric encryption algorithms are 1000 times slower than the symmetric ones. 51

Encryption Algorithms 52
Various types of cryptographic algorithms [4] are used for encryption and decryp-53 tion of information. Encryption is a method used to protect the sensitive data transmitted 54 over network. 55 The following encryption algorithms are implemented in this paper-56 1. Rivest-Shamir-Adleman (RSA) 57 2. Advanced Encryption Standard (AES) 58 3. Digital Signature Standard (DSS) 59 60 1. Rivest-Shamir-Adleman (RSA) 61 RSA is an asymmetric cryptographic algorithm [10]. As discussed above, it uses two 62 keys. Using public key, data is encrypted by the sender which is known to everyone but 63 can be decrypted with the private key available to receiver only. This algorithm consists 64 of three steps: key generation, encryption, and decryption. 65 66 Step 1: Key is generated using following steps: 67 a) Choose two prime numbers p and q 68 b) Compute the value of modulus (n) = p*q 69 c) Compute the value of totient, ∅(n)=(p-1)(q-1) 70 d) Compute 'e' (public key) such that e should be co-prime to ∅(n) and 1<e<∅(n) 71 e) Compute the value of d (private key) such that d=e -1 mod ∅(n) 72 73 Step 2: For encryption: 74 Message is encrypted using (e, n) as the public key using c=m e mod n, where m is the 75 plaintext message to be sent from sender to receiver and c is the ciphertext [13]. 76 77 Step 3: as AES-128, and so on the other bit Keys. AES will execute 9 processing rounds when 89 block and key are each of 128-bits, 11 processing rounds when they are 192-bits each and 90 it will execute 13 rounds of processing when they are 256-bits each. The process in re-91 maining last round in all three cases are different [15]. 92 The whole process is depicted by fig-1. AES is performed on a 4 x 4 array of bytes, 93 referred to as state array. 94 There are four steps in each processing rounds: 95 Step 1: Key Expansion-The set of new round keys are generated from the original secret 96 key as shown in fig-2. 97 Step 2: Initial round key addition-98 1. AddRoundKey: Byte of the round key is combined with each byte of state array using 99 bitwise XOR algorithm as shown in fig-3. 100 101 Step 3: For 9, 11, or 13 rounds of state modification-102 1. SubBytes: It is a substitution step where each byte of resultant data is replaced using a 103 substitution Step 4: Perform final round (10, 12, or 14) 111 1. SubBytes 112 2. ShiftRows 113 3. AddRoundKey 114 115 Step 5: After going through these rounds, the final output is the encrypted data or ci-116 phertext. 117 118 3. Digital Signature Standard (DSS) 119 One of the way for authenticating the genuine data coming from trusted individual 120 is signature. In order to authenticate a digital information coming from a trusted source, 121 digital signatures are used. 122 DSS which can also be called as Digital Signature Standard which includes spe-123 cific algorithms as per FIPS (Federal Information Processing Standard). These algorithms 124 use SHA (Secure Hash Algorithm) which further help in generating digital signatures 125 [18], used for the authentication of electronic documents. DSS does not use any encryp-126 tion or key exchanging algorithms. It only provides us with the digital signature function. 127 In general, first digital signature is generated at sender side and it is verified and 128 validated at receiver side. The whole process of DSS is shown in fig-7. 129 From sender side, 130 As discussed earlier, hash code is generated from the message and passed to the signa-131 ture function with other inputs, which are-132 I. Hash code, 133 II. Any random number 'k' generated for the signature, 134 III. Sender A's private key, say PR(a), and 135 IV. A global public key, say PU(g). 136 After the processing of these inputs through the function, we get the output sig-137 nature generated by the signatory including two elements -'s' and 'r'. Only signatory is 138 authorized to use the private key to generate signature. The private key must be kept 139 secret so that other entities couldn't claim public and private key and further use the 140 private key to generate fraud signatures. Finally, The original message combined with 141 the signature is sent to the receiver. 142 At receiver end, 143 Here, verification of the sender and authenticity of the signature received is done first by 144 the digital signature verifier. For that, hash code of the message sent is generated. Veri-145 fication function is used for this purpose which takes following inputs-146 I. The hash code generated by receiver, 147 II. Public key of the sender 148 III. Global public key, PU(g) 149 IV. Signature components 's' and 'r' generated at sender's side. 150 After processing these inputs in verification function, the output is then compared 151 with the signature element 'r'. Signature sent can be valid only if both the values match. It 152 is because only sender can generate a valid signature with the help of its private key. 153 The process of generation of signature by signatory and verification of signature 154 and sender done by verifier is shown in fig-8. 155 Example for this algorithm can be taken as, first from sender side, there is a certif-156 icate authority mostly referred to as CA. He is the one responsible for signing the all dif-157 ferent types of documents like identification papers, warrant, license, ID card, passport, 158 and proof of qualifications which contains an owner's public key and identity. The 159 owner's public key and identity are used to form a certificate after verifying the proof of 160 the owner's identity. Using the generated digital signatures, above said credentials are 161 certified and distributed thereafter. The systems which are used for this purpose are be-162 yond the scope of this standard. There are other methods also which are used for estab-163 lishing the proof of identity and those are allowed. For example-identity credentials at-164 tached with the public key can be provided directly to the potential verifier at the re-165 ceiver end. 166 This process is used to verify at receiver side but if it fails, nothing can be deduced 167 as to whether data received is correct or not. In order to validate the verified digital sig-168 nature, the verifier must have few assurances, which are-169 1. Signatory's claimed identity, 170 2. Validity of the public key, and 171 3. Assurance that the claimed signatory does actually have the private key that was pre-172 viously used to generate the digital signature at the time when it was generated. 173 The digital signature and signed data will be considered valid if the process at re-174 ceiver end, which is verification with these assurances, are successful. 175 On the opposite, signature and signed data will be considered invalid if this process 176 fails. For this, the organization, according to their standards and policy, will take action 177 on invalid digital signature. 178

Implementation 179
For the implementation, multiple nodes are connected through network and data is 180 send from sender to receiver through node to node. This work was utilized and imple-181 mented in network simulator used for network research and the version in which it was 182 implemented was ns-2.35. 183 Following are the cases for the implementation of three algorithms [16][2] i.e., AES 184 algorithm, DSS algorithm and RSA algorithm. 185

RSA algorithm 186
In this, firstly user has to enter two prime numbers and then going through the steps 187 of the algorithm, user has to enter the message to be transmitted to the destination node

AES algorithm 192
For the implementation of this algorithm, first user has to select which key size he 193 wants to use for encryption. If the user chooses 128-bit key, then Case 1 will be executed 194 and if he chooses 192-bit key, the Case 2 will be executed and if 256-bit key is chosen, then 195 Case 3 will be executed. 196 Case 1: 128-bit AES 197 Figure 9 shows implementation of 128-bit AES. In this, 128-bit key and 16-bit data is 198 taken as input which results in 16-bit encrypted data. In order to check, same 128-bit key 199 and 16-bit encrypted data is taken as input for decryption which results in the original 200 16-bit data. 201 Case 2: 192-bit AES 202 Figure 10 shows implementation of 192-bit AES. In this, 192-bit key and 16-bit data is 203 taken as input which results in 16-bit encrypted data. In order to check, same 192-bit 204 key and 16-bit encrypted data is taken as input for decryption which results in the 205 original 16-bit data. 206 Case 3: 256-bit AES 207 Figure 11 shows implementation of 256-bit AES. In this, 256-bit key and 16-bit data is 208 taken as input which results in 16-bit encrypted data. In order to check, same 256-bit key 209 and 16-bit encrypted data is taken as input for decryption which results in the original 210 16-bit data. 211

DSS algorithm 212
When data is transmitted from source to destination, source node generates a ses-213 sion key which is then validated by all the neighboring nodes. The digital signature is 214 first created at sender's side. If session key is validated by any adjacent node, then data is 215 transmitted to that node till it reaches to the destination node as shown in figure 12. 216  Figure 14 shows the graph for delay in AES algorithm. In this, for some values of 237

Comparison
x, y is constant and then it continuously increases after one point of x. After this point of 238 time, it varies irregularly towards x-direction. 239 Figure 15 shows the graph for delay in DSS algorithm. In this, the graph is linearly 240 increasing in between x and y-direction. 241 Figure 16 shows the graph for delay in RSA algorithm. In this, the graph is linearly 242 increasing in between x and y-direction. 243 244 4.2.2. Based on Throughput 245 Figure 17 shows the graph for throughput in AES algorithm. In this, throughput 246 increases invariantly. 247 Figure 18 shows the graph for throughput in DSS algorithm. In this, firstly 248 throughput increases but after sometime, it goes towards saturation. 249 Figure 19 shows the graph for throughput in RSA algorithm. In this, firstly 250 throughput increases but after sometime, it goes towards saturation. 251 252 4.2.3. Based on Packet Delivery Ratio (PDR) 253 Figure 20 shows the graph for PDR in AES algorithm. In this, packet delivery ratio 254 increases in the form of step function. 255 Figure 21 shows the graph for PDR in DSS algorithm. In this, packet delivery ratio 256 increases in the form of step function. 257 Figure 22 shows the graph for PDR in RSA algorithm. In this, packet delivery ratio 258 increases in the form of step function. 259 260 4.2.4. Based on Packet Loss Ratio (PLR) 261 Figure 23 shows the graph for PLR in AES algorithm. In this, the graph increases 262 towards x-direction constantly then it increases towards y-direction constantly and then 263 it will be constant for some time in x-direction and again it will increase towards 264 y-direction and then variably towards x and y-direction. 265 Figure 24 shows the graph for PLR in DSS algorithm. In this, the graph increases 266 towards x-direction constantly then it increases towards y-direction constantly and then 267 it will be constant for some time in x-direction and again it will increase towards 268 y-direction and then variably towards x and y-direction. 269 Figure 25 shows the graph for PLR in RSA algorithm. In this, the graph increases 270 towards x-direction constantly then it increases towards y-direction constantly and then 271 it will be constant for some time in x-direction and again it will increase towards 272 y-direction and then variably towards x and y-direction. 273 274 4.2.5. Based on Received Packet Count (RPC) 275 Figure 26 shows the graph for RPC in AES algorithm. In this, the graph firstly in-276 creases towards x-direction constantly then after some values of y, it increases gradually. 277 Then the same pattern is followed till graph increases towards x and y-direction. 278 Figure 27 shows the graph for RPC in DSS algorithm. In this, the graph firstly in-279 creases towards x-direction constantly then after some values of y, it increases gradually. 280 Then the same pattern is followed till graph increases towards x and y-direction. 281 Figure 28 shows the graph for RPC in RSA algorithm. In this, the graph firstly in-282 creases towards x-direction constantly then after some values of y, it increases gradually. 283 Then the same pattern is followed till graph increases towards x and y-direction. 284 After analyzing all the graphs taking them individually with each parameter, we 285 get the result that AES algorithm is best algorithm out of three because after integrating 286 all algorithms in one graph with one parameter each, we get mostly a straight line which 287 is overlapping of three algorithms. 288 AES encryption algorithm is an efficient and better algorithm as compared to RSA 289 and DSS algorithm. It is simply because it provides different key lengths which are 290 128-bit, 192-bit, and 256-bit for encryption and decryption. 291

Conclusion and Future Scope 292
In order to prevent the confidential information from hackers, cryptography is 293 used. Different cryptographic algorithms are implemented successfully and then com-294 pared to get what algorithm will provide better security. The algorithms compared and 295 analyzed are AES (Advanced Encryption Standard), RSA (Rivest-Shamir-Adleman), and 296 DSS (Digital Signature Standard) algorithms. 297 After analyzing and comparing all three, we get to know where the actual strength 298 of the algorithm lies. It depends upon the key length in case of AES specifically. Based on 299 that, it can be said that as the length of key increases, security of the data through algo-300 rithm also increases but vice-versa is the case with performance as the time taken by al-301 gorithm to encrypt the confidential information and then forward it to receiver side be-302 comes more. 303 After critically analyzing all three algorithms through their graphs based on dif-304 ferent parameters; it is found that there are some flaws in these algorithms. There can be 305 different attacks on the data, for example, man-in-the-middle attack or Denial of Service 306 (DoS) attack etc. and in order to know how to overcome these, firstly a full comparison is 307 done between these algorithms based on some parameters such as PDR (Packet Delivery  308 Ratio), Propagation delay, throughput, PLR (Packet Loss Ratio), and RPC (Received 309 Packet Count) and then we find out which one is best through the comparisons in graphs. 310 The best cryptographic algorithm found, among these three through the analysis, 311 still has many complexities and flaws in it which we can further try to remove or reduce 312 in the future. This work can be extended in the future to reducing the complexity.