Dynamic key generation according to the starting time

The article analyses the problem of data persistence while transmitting the messages and looks into possible solutions. The central part of the article describes the algorithm of data encryption and digital signature algorithm according to the starting time of the session. In the algorithm the session key is symmetrically generated for each pair of subscribers; further the data are encrypted with this key. In its turn the session key is also encrypted with a public asymmetric key of a recipient and with an asymmetric encryption algorithm. Then the decrypted session key with the decrypted message are sent to the recipient. This client employs the same asymmetric encryption algorithm and his/her secret decryption key to decrypt the asymmetric session key. The decrypted session key is used for decryption of the received message. Thus, every time new symmetric keys are generated according to the starting time of a session, which enables high speed of encryption along with an open to public temporary encryption keys transmitting. Besides, the article contains examples of Diffie-Hellman protocol work and the hash-function algorithm MD5. They are used for encryption of generated temporary keys and for transmitting common private key to both clients. According to the suggested algorithm, the prototype of key and signature generation has been created and probated. The article illustrates the stages of Diffie-Hellman and MD5 protocol work. The prototype was tested with the help of a computer and two phones (2013 and 2015 production years).


Introduction
The necessity of serious approach to information security brings us to the basic concepts of cryptography: digital protection, digital signature and encryption.As you know, cryptography is engaged in the search for solutions to such important security issues as confidentiality, authentication, integrity and control of participants in the interaction.Encryption is the process of converting data into a form, which is not possible to read the keys.It uses the encryptiondecryption keys.The encryption process of the original message helps to ensure privacy by keeping information secret from someone it is not addressed.A set of conversion algorithms and keys used by these algorithms for encryption, key management system, as well as the original and the encrypted text form a cryptographic system.In turn, cryptosystems ensure the secrecy of transmitted messages as well as their authenticity and a user's authentication.The article offers new ideas for dynamic generation of keys and signatures depending on the starting time of the interaction between two subscribers.

Approaches to the construction of cryptosystems
There are two methods of cryptographic information processing with the keyssymmetric and asymmetric [1].A symmetric (private) method implies that the sender and receiver use the same key, which they agree before the interaction for both encryption and decryption.If the key has not been compromised, then decrypt database automatically authenticates the sender, since it is only the sender who has the key, which he/she can use to encrypt information, and it is only the recipient who has the key to decrypt the information.The symmetric encryption algorithms use keys that are not very long and can quickly encrypt large amounts of data.Symmetric encryption systems have a common drawbackthat is the complexity of the keys distribution.When an external party intercepts the key, the system of cryptographic protection will be compromised.When it is necessary to replace a key, it should be sent confidentially to the participants of the encryption.Obviously, this method is not suitable when one needs to establish a secure connection with a large number of Internet subscribers.The main problem of this method is how to generate and securely transmit keys to the participants of the interaction.How is it possible to establish a secure communication channel between the participants of interaction while sending keys through insecure communication channels?The lack of a secure key exchange method limits the expansion of symmetric methods of encryption in the Internet.This problem is resolved in an asymmetric (public) encryption method.In an asymmetric system, the document is encrypted with one key and decrypted with another one.Each participant of the information transfer generates two random numbers (private and public keys).The public key is transferred through public communication channels to another participant of the encryption, but the private key is kept in secret.The sender encrypts the message with the public key of the recipient, and it is only the private key owner who may decrypt the message.This method is suitable for a wide usage.If each Internet user is assigned to his/her own pair of keys and the public keys are published as the numbers in the phone book, almost all users can exchange encrypted messages with each other.
All asymmetric cryptosystems are the object of direct attacks through the direct key enumeration, and, therefore, they must use much longer keys than those used in symmetric cryptosystems to provide an equivalent level of protection.This immediately affects the calculation resources required for encryption.There is the necessity to verify that there is no distortion into the information in an e-document.Digital signature is used for this sake.Digital signature in a cryptosystem protects a document from changes or substitution and, thereby, guarantees its validity.It is a line, where the attributes of the document (for example, checksum of a file, etc.) and its contents are encoded, so that any change in the file even with the unchanged signature may be detected.When a document is protected by a digital signature, it verifies the document itself along with the private key of the sender, and the recipient's public key.The owner of a private key is the only one who can sign the document correctly.To verify the digital signature of the document, the recipient uses the sender's public key.No other key pair is suitable for verification.Thus, unlike an ordinary signature, digital signature depends on the document and the sender's public key.Therefore, it is several times safer than an ordinary signature and a seal.Despite the fact that digital signature certifies the authenticity of the document, it does not protect it from unauthorized reading.Both symmetric and asymmetric encryption systems have their advantages and disadvantages.The shortcomings of symmetric encryption are in the complexity of replacing a compromised key, and the disadvantages of asymmetric encryption are in a relatively low speed of work.These problems are addressed to the encryption systems that use the combined algorithm, which enables high-speed encryption and sending of the encryption keys through the public channels.In order to avoid low-speed of asymmetric encryption algorithms, a temporary symmetric key is generated for each message.The message is encrypted with a temporary symmetric session key.Then this session key is encrypted with a public asymmetric key of a recipient and an asymmetric encryption algorithm.Due to the fact that a session key is much shorter than a message itself, the time of encryption will be relatively short.After that this encrypted session key is transferred to the recipient along with the encrypted message.The recipient uses the same asymmetric encryption algorithm and his/her private key to decrypt the session key and the received session key is used to decrypt the message.The mentioned above makes it obvious that combined encryption algorithms currently have a promising line of development in modern cryptosystems.

Algorithm description
It is time to consider the operation principle of the suggested method to data encryption with the session symmetric key, generated at the moment of interaction between the two subscribers.The session key is encrypted with the exposed asymmetric key of the recipient and Diffie-Hellman's algorithm [2].The algorithm allows two sides to get common private key, using the channel that is unprotected from discreet listening, but protected from the channel substitution.The received key can be used for message exchange through symmetric encryption.Diffie-Hellman's algorithm uses one-sided function F(X) with two attributes:  there is a polynomial algorithm of values F(Х),  there is not a polynomial algorithm of inverted function F(X).To put simply, this function doesn't include decryption of the encrypted text.The function with a secret is the function Fk; it depends on k and has the following properties: there is a polynomial algorithm of calculation Fk(X) value for any k and X, and there is not a polynomial algorithm of the inverted Fk for unknown k; but there is a polynomial algorithm of inverted Fk for the known k parameter.and sends to Andrew.It is possible that the malicious user can get both values, but he will not modify them, as he is unable to interfere in broadcasting process.At the second stage Natasha calculates the value of K having number B and the received number A: That is the key for encryption.Then, Andrew calculates his key using number B received from Natasha and his calculated number You can see in examples ( 3) and ( 4) that Andrew gets the same number k, as Natasha.As a result, there is a root key that will be used in generating temporary key and message's signature in the future.
If the root key is used as a private key, a malefactor will be forced to meet with a practically undecidable (for a reasonable period of time) problem of calculating the number     having numbers  =     and  =    , intercepted in the public channel if p, a and b are large enough numbers.Now it is time to explain the process of temporary key generation.It follows the same HMAC (hash-based message authentication code) algorithm [3] and its standard RFC2104.According to them, information integrity is verified with private key.This standard allows to ensure that transmittable or stored at unreliable environment data were not change by unknown persons.
The HMAC algorithm contains the standard, describing the process of data exchange, the process of data integrity verification with the help of private key and hash-function.Depending on the hash-function, we can distinguish HMAC-MD5, HMDC-SH1 etc.
In the article, the hash-function is generated from the root key by the suggested algorithm, for example: md5 (rootKey + Time).The function md5 is a modification of hash-function MD5.At the generation of hash-function, the time, particularly its second value, will be rounded.As it is known, time is presented in the format HH:MM:SS and rounding happens in the last format's unit.If there are more than 30 sec. in the value of starting time SS, then they round upward, if there are less than 30 sec., then they round downward.The message will be encrypted exactly with this key, and also through this algorithm one can generate digital signature of message to verify the message.As a result, we get a resistant system of dynamic keys for messages encryption and signature, where participants do not need to exchange some data for generation and root key generally.
A generalized algorithm of messages encryption in cryptosystem with the key and signature generation is presented on fig. 2.

Working prototype
Web technologies and JavaScript language were chosen for prototype realization.Due to it, the program will become a cross-platform and can be loaded everywhere, when there is a support of JavaScript specification (EcmaScript 5) and HTML 4 support.The JavaScript language was not chosen by chance, as at this moment it is the only "native" language for browser and it is supported by all browsers on default.
Below we can consider fragments of prototype code as an example.Mass Math.random is used for generation of a large number p by Diffie-Hellman algorithm.This approach is justified by the fact that the JavaScript language cannot work with large numbers (BigInt), as the algorithm requires it.The logic of the encryption algorithm can be considered in five steps.After the data are received there is the process of preparing the data flow to the calculations.
Step 1. First, the flow line requires alignment for hashing.At the end of the stream one on-bit and the necessary number of off bits are registered.After the input data alignment, the length of the stream should be equal to 512  N + 448.
Step 2. At the end of the message, one should add 64-bit result for alignment.There are 4 low-order bits that are put first, then high-order bits follow.If the stream length exceeds 2 64 -1, only low-order bits are written down.After that, the stream length becomes 512-fold.The calculations are made with data flow presented as an array of 512-bit words.
Step 3. Then it is necessary to initialize 4 32-bit variables (A, B, C, D) and to set their initial values with hex numbers: "low-order byte comes first".For example, A = 01 23 45 67; // 6 7 4 52 3 0 1 h B = 89 AB CD EF; // EFCDAB89h C = FE DC BA 98; // 98BADCFEh D = 76 54 32 10. // 10325476h The results of intermediate calculations will be stored in these variables.Then it is time to initialize constants and functions required in further calculations.Four laps will require 4 functions with the logical operators XOR (), AND (), OR (), NOT (¬): The 64-element table of invariables is structured as follows: Each 512-bit block of the flow passes through 4 stages of calculation, 16 laps each.
For this the block is presented as an array X of 16 32-bit words.All the laps are of the same type, but they differ in the rotate shift by s bits of a 32-bit argument.The number s is defined for each lap.Step 5.The result of the hash-function calculation is formed in ABCD buffer.If the result starts with the low-order byte A, one gets MD-5 hash.Fig. 4 presents a screenshot of md5 hash function working prototype in the CRYP2CHAT app [4].It resorts to a modified MD5 hash function.

Evaluation of algorithm effectiveness
The cryptographic strength of the proposed algorithm for key and signatures generation depends on the encryption method that combines the algorithms of symmetric and asymmetric encryption.The cryptographic strength is a quantitative characteristic of encryption algorithms intrusion into a particular algorithm requires a certain number of resources.This is the amount of information and time required to perform the attack, as well as the memory required to store information used in the attack.An attacking encryption algorithm typically aims at solving the following tasks:  to get public text version from the encrypted one,  to calculate the encryption key.The second task is usually more challenging than the first one.However, having the encryption key the cryptanalyst can later decrypt all the data encrypted with a key.The algorithm is considered to be secure, if a successful attack at it requires from an attacker unattainable calculating resources in practice, or open intercepted and encrypted messages, or if decryption is so time-consuming that currently protected information would lose its relevance.In most cases, the cryptographic strength cannot be mathematically proven, you can only prove the vulnerability of the algorithm or to calculate the time required to find the key.For this sake, one should take into consideration the difficulty of a given mathematical problem that serves as the basis for the encryption algorithm.To estimate the time of the password configuration to gain an unauthorized access to the channel of two subscribers, we have the equation [5]: It estimates time in the worst case.Here t is the time required for the guaranteed password configuration, V is the number of combinations per second in brute search, N is the number of characters in the configurated password, L is the length of the password.In case with the md5 algorithm, the number of characters is 36.This number includes the 26 symbols-letters in the Latin alphabet (a...z) and 10 symbols of Arabic numerals (0..9).The number of symbols in the secure key for encryption or signing is 32.To calculate speed of the brute symbol search, we'll take an Intel i7 and a video card Radeon HD5850 1024 MB.Their power equals to 65 000 passwords per second, calculated empirically.As a result of substitution of values in (5) the estimated time will be:  = 36 0 + 36 1 + 36 2 + 36 32 6500 = 9.745х10 44 с.
Converting the seconds into a larger value, we get the result 3.09 × 10 37 years.Conclusion: this algorithm can be considered secure from attack and the encryption key calculation, as the time for the key search outweighs the actual time of work with data.
In sources [5,6] an algorythm of dynamic key generation is offered.It is presented as a self-authenticated method with timestamp.In the patent the author employs asymmetric encryption-decryption algorithm.In contrast in this article the described algorithm is symmetric.This helps exclude sending and receiving any key, which increases security of data transmission.Moreover, Google team uses slightly similar algorithm of key generation.However, its development group employs another hash function that is not connected with encryption.Additionally, password configuration is a part of the algorithm that we provide.

Conclusion
The algorithm for temporary keys and signatures generation can be used to teach students the basics of cryptography, and used in real projects.Coupled with a VPN or TOR networks it becomes more secure due to the new encryption level [7].

Fig. 1 .
Fig. 1.Block diagram of Diffie-Hellman algorithm.The algorithm operation is presented in the following example.Andrew defines variables g and p which are large numbers.And he also conceives his private number a and calculates the value A using the formula

Fig 2 .
Fig 2. Block diagram of encryption by the key and signature generation algorithm.

Fig 3 .
Fig 3. Histogram of algorithm performance time by different e-devices.

Step 4 .
Steps in loop calculations.Base n element into the block from an array of 512-bit blocks.The values A, B, C, D, remain after operations with the previous blocks (or their values in case the array goes first).ends, check if there are any blocks for calculations left.If there are some, go to the next array element (n+1) and the loop repeats.

Table 1 .
Time of algorithm application in different devices at different stages (msec).