This paper presents a comparative evaluation of possible encryption algorithms for use in a self-contained, ultra-secure router-to-router communication system, first proposed by El Rifai and Verma. The original proposal utilizes a discrete logarithm-based encryption solution, which will be compared in this paper to RSA, AES, and ECC encryption algorithms. RSA certificates are widely used within the industry but require a trusted key generation and distribution architecture. AES and ECC provide advantages in key length, processing requirements, and storage space, also maintaining an arbitrarily high level of security. This paper modifies each of the four algorithms for use within the self-contained router-to-router environment system and then compares them in terms of features offered, storage space and data transmission needed, encryption/decryption efficiency, and key generation requirements.

With the rise of globalization, microelectronics, and the information age, the need for rapid, long-distance transmission of unconditionally secure information has never been greater. Whether dealing with military intelligence, corporate secrets shared between two (or more) company offices, remote control of vital national infrastructure components such as power and traffic control systems, or mechanical instructions transmitted to off-site medical devices for telesurgery, device updates, and health reports, there are many situations where the rapid, accurate, and secure transmission of information between two parties is a basic necessity. In extreme cases, alteration or even decryption of this information by unauthorized parties may result in damages of billions of dollars and the lives of others.

Historically, only two encryption schemes have been proposed which offer unconditional security, both unsuitable for practical telecommunications. The first, the one-time pad, proposed by Gilbert Vernam in 1919 [

While unconditional security may be an unachievable goal, it may be realized to an arbitrarily high level via existing symmetric and asymmetric encryption systems. Currently, the most widely used form of global network communication between two distant parties relies on public key, asymmetric key cryptography such as RSA for transferring symmetric keys. Symmetric encryption systems then use these keys to encrypt the information being transferred. Noteworthy corporations offering SSL certificates with Elliptic Curve Cryptography (ECC), RSA, and DSA support include Symantec (formerly Verisign), GoDaddy, and Comodo.

Although presenting a viable and widely used solution to secure communication, allowing for message encryption and authentication, the security certificate system requires the presence of a trusted third party for the verification of the identity and legitimacy of certificate owners. The compromise of or loss of trust in such a third party, or the inability to contact the distribution network at need, may result in a large-scale breakdown of reliable and secure communications [

A novel proposal [

The encryption system initially proposed in [

Under the proposed encryption system, the sender, Alice, and the receiver, Bob, choose a large prime

Alice calculates

Bob, knowing the value of

Alice, who knows the value of

Bob, who knows the value of

As these 3 transmitted equations involve a total of 4 unknowns to any intercepting party (

Although initialization of the system requires shared public values of

If the key transfer protocol is not completed successfully, whether due to data loss or due to malicious interference, it may be necessary to reinitialize the system via use of another preshared secret

Storage requirements for this system involve a preshared secret of length

The most efficient attack currently used on the general case of the discrete logarithm problem is the number field sieve [

The RSA algorithm has the advantage of being one of the most widely used and studied encryption methods today and is extremely elegant, simple, and well-tested. As the default algorithm used by many SSL providers, as well as the basic public key encryption scheme most others are compared to, RSA is used here as a baseline for the comparison of other encryption methods, even though it is not as storage-efficient or processing-efficient as other algorithms studied and requires the use of longer key lengths for equivalent security. Current commonly used RSA key lengths include 1024 and 2048 bits.

The basic principle of RSA security rests on the theory that it is extremely difficult to factor the product of two large prime numbers into its constituent factors. Each individual in the RSA network must create 2 complimentary keys, commonly referred to as a public key and a private key, with each key able to decrypt messages enciphered using its compliment. To create this key pair, Alice and Bob must each do the following [

Choose two similar large prime numbers

An integer ^{16} + 1). The public key consists of

The modular multiplicative inverse of

Message encryption may then be expressed, using the one key, as

Typically, as the sending party must know the recipient’s public key, as well as their own private key, RSA is not used within a self-contained system. Key generation for large primes may also be time consuming and resource intensive. Instead, third-party organizations must exist and are trusted to verify that a given public key corresponds to the stated owner’s private key. Issued certificates linking a public key and verification of its owner’s identity are generally valid for a set length of time, after which a new key must be generated and a new certificate request verifying the key’s owner must be submitted to the central verification authority.

As our proposed router system must be self-contained after initial manufacture, this third-party verification method is not feasible, and we cannot rely on external communication for the identity verification of new public key data, requiring a slight modification of the standard RSA system. Instead, Alice’s router will need to be initialized with prestored values for Alice’s private key and Bob’s public key, and Bob’s will have Alice’s public key and his own private key. In this scenario, it is not necessary for either party to know their own public key, and all 4 keys are kept private within the network.

Encryption and decryption function as standard RSA operations, with Alice encrypting data with Bob’s public key and Bob decrypting data with his private key, and vice versa. After a data threshold is exceeded, Alice and Bob will both calculate new RSA key pairs and encrypt and send their new public keys using the old keys, with this encryption further acting as identity verification previously requiring a third party. For example, Alice’s new public key would be encrypted first with her old private key for authentication and identity verification and then with Bob’s old public key for security; then it will be sent to Bob. Bob would decrypt data using his own old private key and then Alice’s old public key. Once both parties have received the new keys, all data will be transmitted using these. This system would allow for the use of RSA indefinitely, with rapid key updates, without the necessity of a third party. In the event of a communication failure due to data loss or malicious action, it may be necessary to switch to a new preshared certificate pair and begin the process again.

Storage requirements for an

Although it is obvious that RSA offers several disadvantages when compared to other symmetric and asymmetric ciphers, it also offers at least one key advantage when compared to the other algorithms herein: message authentication. Unlike discrete logarithm, ECC, or AES encryption, since neither Alice nor Bob knows the other individual’s private key, it would be possible for a third-party external audit, given hardware access to both router keys and all traffic sent, to determine the sender of all encrypted data. Using the other encryption systems, given the encrypted data alone, it is possible to determine that either Alice or Bob sent a message, but not to authenticate which one encrypted the data.

AES, based upon the Rijndael cipher, was announced by the National Institute of Standards and Technology in 2001 and was shortly thereafter approved as an accepted encryption standard by the United States Federal Government. AES, similar to its predecessor, DES, is a symmetric block cipher, using a shared secret key to encrypt a data stream one block at a time. In AES, each 128-bit data block undergoes 10–14 rounds (depending on key length) of permutations, substitutions, and additions [

To modify AES for use in our closed system, Alice and Bob’s routers will both require a single preshared AES key and a reliable PRNG. Initial communication will be made using the preshared key. After a data threshold has been reached, similar to the discrete logarithm system, Alice and Bob will input the decrypted data into an algorithm (such as a cryptographic hash function) to generate a random value

As mentioned earlier, AES offers efficient processing time, and the storage requirements for this system are minimal, requiring a single preshared key to be saved on each of the two end routers, much shorter than a security-equivalent RSA key pair. No effective cryptanalytic attacks are currently known against AES, with the current best attacks only a few orders of magnitude above the worst-case brute force scenario and requiring infeasibly large amounts of storage space [

Elliptic Curve Cryptography (ECC) is an asymmetric cryptographic system, which uses a variant of the discrete logarithm problem as applied to points in an elliptic curve group as the core of its security. Many consumers have recently begun adopting ECC as an alternative to RSA, due to its efficiency in both key size and processing requirements. Careful choice of the ECC curve is necessary to avoid potential security hazards.

In Elliptic Curve Cryptography, first a curve is chosen, with variables and coefficients restricted over either the finite field GF(2^{m}) of the form

In the prime curve case, there are a limited number of nonnegative integer points between

These points are used to define a finite abelian group, with rules for addition defined specifically for the abelian group, similar to modular multiplication in conventional algorithms. Likewise, multiple additions are preformed similarly to modular exponentiation. Using abelian group rules, given two points

Generally, the curve parameter values of ^{m} (finite field curve) or a large prime number (prime curve). A base point

Alice and Bob both choose secret integers

Public keys are generated according to

A common secret key is generated my multiplying the known private key with the opposite public key, with

To encrypt or decrypt data, the data is first encoded as a point

Modifying this system to function in our self-contained router environment involves a process similar to that used for RSA. All curve parameters are assumed to be publicly known, and use of a known secure curve is assumed. Each router must be initialized with secret data corresponding to its own private key and the public key of the other router. Again, it is not strictly necessary for each party to know or retain its own public key, and, in any case, all 4 key values are kept secret within the network.

Encryption and decryption function as standard ECC operations, with Alice encrypting data with Bob’s public key and Bob decrypting data with his private key, and vice versa. After a data threshold is exceeded, Alice and Bob will both calculate new public and private ECC keys, choosing new secret integers, and encrypt and send each other their new public keys using their old private keys. Once both parties have received the new keys, all data will be transmitted using these. This system would allow for the use of ECC indefinitely, with rapid key updates, without the necessity of a third party. In the event of a communication failure due to data loss or malicious action, it may be necessary to switch to a new preshared certificate pair and begin the process again. Unlike in RSA, the use of a common secret key prevents message authentication via external audit.

Storage requirements for ECC involve two large integers of size

The RSA, ECC, AES, and discrete logarithm protocols may each provide an arbitrary level of security, determined by the length of the encryption keys used for each algorithm [

Key length versus security for AES, ECC, RSA, and discrete log. Data source: National Security Agency, Central Security Service [

Storage requirements for preshared secret data per router (ignoring overhead and indexing values), as outlined by the modified algorithms described earlier, are as follows:

Using these values, in combination with the key length requirements illustrated in Figure

Router preshared secret storage requirements.

As calculated in Figure

Encryption and decryption performance for the various algorithms are difficult to measure and are heavily influenced by system architecture and software/hardware optimizations. Generally, however, symmetric key ciphers such as AES will offer the fastest encryption and decryption times. ECC offers dramatically superior key pair generation performance compared to RSA, with the large primes generated for RSA requiring several orders of magnitude more time when compared to a much smaller ECC key, especially at RSA bit lengths of 2048 and above. In router systems with frequent key refreshes this could be a potential issue. Additionally, manufacturing hardware may struggle to fill even a modestly sized storage chip with unique preshared RSA keys (even a 1 GB sized chip may be able to hold hundreds of thousands of preshared RSA certificates!), while even millions of shared symmetric encryption keys would simply involve filling the same chip pair with identical random data. RSA encryption is generally slightly faster than ECC, while ECC decryption may be several times faster than RSA, although both are generally efficient enough not to provide a practical system bottleneck [

The primary limitation on this router-to-router encryption system is the necessity for each router to be factory-manufactured containing shared secret information, enabling secure communication only with its matched counterpart.

This limitation may be partially mitigated by offering routers containing several small storage chip expansion slots. These storage chips would be manufactured in pairs, with each pair stamped with a matching serial number and containing a number of matching shared secret keys. Although each chip should be clearly labeled with its identical match, the actual matching data therein should not be retained after generation by the manufacturer, preventing compromise of manufacturer records from affecting system security.

A single router could thus be configured to securely communicate with a number of endpoints, with each endpoint sharing a unique inserted security chip pair, easily installable and replaceable as needed. Given the low cost of solid-state storage, under any proposed encryption scheme, the number of shared initial secret keys on a single chip would well exceed the lifetime of the router itself, even in a scenario where high data loss over a connection prevents the easy determination of additional keys before another shared hardware key is needed.

Ultimately, algorithm choice will likely be determined by system needs and the availability of supporting hardware. Whatever algorithm is chosen, it will be necessary to provide preshared secret data to factory-paired communication devices, either built directly into each router pair or provided as paired insertable expansion chips with pregenerated shared encryption keys. Once the initial key is shared, a combination of PRNG values, prior secret data, and decrypted current communication may be used to generate new secure keys on demand, ensuring a regular refresh of the currently used key. While advances in modern solid-state storage make it unlikely that shared secret storage space is ever a practical limitation of the proposed router-to-router key exchange system, algorithm processing efficiency, data efficiency, and key generation time may have a much larger impact on system design.

While discrete logarithm, RSA, ECC, and AES may each be used to provide the necessary nonlinearity for the establishment of a self-contained secure communication channel between two paired hardware devices, RSA and AES offer the most features and most efficient functionality, respectively. If authentication is needed, RSA, the weakest algorithm in terms of key generation and processing efficiency, is the clear choice. The use of RSA will, however, require a great deal of additional key generation time on the router manufacturing end. If, however, authentication is not needed, then symmetric key systems such as the AES exchange proposed offer the most efficient alternative and the only choice which offers more resistance to quantum computing attacks. AES hardware optimization is both extremely efficient and widely available in many currently used commercial processors, resulting in superior encryption, decryption, and processing times. AES key pair data, consisting effectively of a random bitstream, may be much more rapidly generated and preloaded onto devices than RSA, ECC, or discrete logarithm key pairs and provide greater security than equivalent-length asymmetric ciphers. Alternatively, a hybrid of both systems may be used, offering on-demand authentication when needed and efficient nonauthenticated secure communication otherwise.

As a final consideration, as with any digital security, any encryption system is vulnerable to physical hardware compromise. If an attacker is able to gain access to the shared secret data stored on the router’s security hardware, even the most secure encryption framework will be compromised, and care must be taken during hardware manufacture and distribution to ensure that these keys are not copied or prematurely accessed.

The authors declare that they have no competing interests.