Implementing Secure IRC App Implementing Secure IRC App with Elgamalwith Elgamal

By Hyungki ChoiID : 2001523

Date : 12-17-2001

2

ContentsContents 1. Introduction 2. Overall Design 3. Elgamal 4. Login 5. Access Database 6. Authentication 7. String Encryption/Decryption 8. Limitation 9. Conclusion

3

1. 1. IntroductionIntroduction

Internet Relay Chat (IRC) is a virtual meeting place where people from all over the world can meet and talk. Therefore,

you'll find the whole diversity of human interests, ideas, and issues here, and you'll be able to participate in group discussions on one of the many thousands of IRC channels, or just talk in private to family or friends, wherever they are in the world.

4

2. Overall Design2. Overall Design

5

3. Elgamal3. Elgamal Key generation for Elgamal public-key Key generation for Elgamal public-key

encryptionencryption

Each entity creates a public key and a corresponding private key. Each entity A should do the following

1. Generate a large random prime p and a generator of the multiplicative

group of the integers modulo p 2. Select a random integer a, 1 <= a <= p – 2, and compute

3. A’s public key is (p, , ); A’s private key is

p

pa mod a

6

4. Login4. Login

Trying to establish the trust between a user and a database server that contains user ids, passwords (for accessing database server), and public keys for the corresponding user.

7

5. Access Database5. Access Database

The public key is inserted into the database for other user to access to encryption or decryption.

Microsoft Access has limitation of inserting data, and size of column.

8

6. Authentication (Client) [1/2]6. Authentication (Client) [1/2]

The client-side of IRC application just sent ciphertext encrypted by his private key, and also sent his id (‘kyusuk’ in this case).

9

6. 6. Authentication (Server) [2/2]Authentication (Server) [2/2]

The server application receives the encrypted message (ciphertext) with the client’s id, the server application will access the database server to retrieve the client’s public key.

Decrypt the message, and compare the plaintext with the original message

10

7. 7. String Encryption/DecryptionString Encryption/Decryption

During the discussion, all the text are encrypted with Elgamal algorithm before it is sent to the other side. Unlike the previous example, an encryption is done with the receiver (who will get the message)’s public key.

11

8. Limitations8. Limitations Key size has to be 256 at maximum although IRC

application allows larger key size because of Microsoft Access.

The only public key system is used in the application. Therefore, in terms of the performance, no better than the application that uses symmetric algorithm for the string encryption/decryption part.

Only allows the session between two people.

12

9. 9. ConclusionConclusion Depending on the key size, the performance will

downgraded, but becomes more secure App. Therefore, we need to consider how we are going to decide the key size

Selection of database that will handle the keys is important

Know how you are going to mix the cryptography algorithms