Implementing Secure IRC App with Elgamal By Hyungki Choi ID : Date :
2 Contents 1. Introduction 2. Overall Design 3. Elgamal 4. Login 5. Access Database 6. Authentication 7. String Encryption/Decryption 8. Limitation 9. Conclusion
3 1. Introduction Internet Relay Chat (IRC) is a virtual meeting place where people from all over the world can meet and talk. Therefore, you'll find the whole diversity of human interests, ideas, and issues here, and you'll be able to participate in group discussions on one of the many thousands of IRC channels, or just talk in private to family or friends, wherever they are in the world.
4 2. Overall Design
5 3. Elgamal Key generation for Elgamal public-key encryption Key generation for Elgamal public-key encryption Each entity creates a public key and a corresponding private key. Each entity A should do the following 1. Generate a large random prime p and a generator of the multiplicative group of the integers modulo p 2. Select a random integer a, 1 <= a <= p – 2, and compute 3. A’s public key is (p,, ); A’s private key is
6 4. Login Trying to establish the trust between a user and a database server that contains user ids, passwords (for accessing database server), and public keys for the corresponding user.
7 5. Access Database The public key is inserted into the database for other user to access to encryption or decryption. Microsoft Access has limitation of inserting data, and size of column.
8 6. Authentication (Client) [1/2] The client-side of IRC application just sent ciphertext encrypted by his private key, and also sent his id (‘kyusuk’ in this case).
9 6. Authentication (Server) [2/2] The server application receives the encrypted message (ciphertext) with the client’s id, the server application will access the database server to retrieve the client’s public key. Decrypt the message, and compare the plaintext with the original message
10 7. String Encryption/Decryption During the discussion, all the text are encrypted with Elgamal algorithm before it is sent to the other side. Unlike the previous example, an encryption is done with the receiver (who will get the message)’s public key.
11 8. Limitations Key size has to be 256 at maximum although IRC application allows larger key size because of Microsoft Access. The only public key system is used in the application. Therefore, in terms of the performance, no better than the application that uses symmetric algorithm for the string encryption/decryption part. Only allows the session between two people.
12 9. Conclusion Depending on the key size, the performance will downgraded, but becomes more secure App. Therefore, we need to consider how we are going to decide the key size Selection of database that will handle the keys is important Know how you are going to mix the cryptography algorithms