A Proposed Optimum Hybrid Encryption System Abstract This study proposes an Optimum Hybrid Encryption System (HES) under

mutual committee of symmetric and asymmetric cryptosystems. Asymmetric (public key) Cryptosystems associates several performance issues like computational incompetence, memory wastages, energy consumptions and employment limitations on bulky data sets but they are quite secure and reliable in key exchange over insecure remote communication channels. Symmetric (private key) cryptosystems are 100 times out performed, having no such issues but they cannot fulfill non-repudiation, false modifications in secret key, fake modifications in cipher text and origin authentication of both parties while exchanging information. These contradictory issues can be omitted by utilizing hybrid encryption mechanisms (symmetric + asymmetric) to get optimal benefits of both schemes. Several hybrid mechanisms are available with different logics but our logic differs in infrastructural design, simplicity, computational efficiency and security as compared to prior hybrid encryption schemes. Some prior schemes are either diversified in performance aspects, customer satisfaction, memory utilization or energy consumptions and some are vulnerable against forgery and password guessing (session key recovery) attacks. Introduction Encryption mechanisms are the backbone of exchanging secure transactions over insecure remote channels. Encrypting of data mostly concerns with the robustness of encryption methods, achieving of security constraints and processing speed related issues. But the actual problem occurs at the time of exchanging encrypted data and key(s) via insecure remote communication channels. The exchange of key is said to be secure if it fulfills the all set of security goals like confidentiality, integrity (false modification, authenticity) and availability. Confidentiality concerns with secrecy and privacy which means message should be visible to whom person for which it has been sent. Integrity assures that message is free from fake modifications (false addition or deletion) and it can be further classified into two terms: Authenticity: Which means the identity of sender should be verified on delivering the message whether the information is coming from authentic sender to whom we are expecting. Non-repudiation: It means both sender and receiver cannot deny about the information that they have sent. Availability means information (message,

key, Certificate Verification) and medium (Certification Authority Server, online services) should be timely available when needed. Asymmetric schemes have applicability and feasibility related limitations in case of video, audio or any kind of bulky data because these schemes are 100 times slower rather to symmetric schemes. The other reasons of sluggish processing behind asymmetric schemes are their utilization of complex modular functions, nontrivial calculations and huge integers (512-2048) for key selections. Therefore, asymmetric schemes consume more memory, electric power and processing effort as compared to symmetric ones. As regard with symmetric schemes, the sharing of selected secret key with other party minimizes the life of a key in future due to security point of view. However, symmetric schemes are 100 times faster in processing, having no feasibility or applicability issues on bulky data. Moreover, symmetric schemes do not associate the share of any other public information but in case of asymmetric it is necessary to share public information associated with public key with other parties that may be misused under any unwanted circumstances. The ultimate objective of this study is to acquire hybrid encryption systems without having forgery and order to tackle these issues for getting of optimal performance and enhanced security while encrypting and exchanging the confidential information. Hybrid encryption approach is an optimal way to utilize the worth full features of both symmetric and password guessing attacks in addition to merge the benefits of both symmetric and asymmetric schemes. By following hybrid strategy of symmetric and asymmetric cryptosystems, all discussed issues can be escaped properly. Presented idea is timely significant in asymmetric cryptosystems. Prior Public Key Infrastructure (PKI) is a well - known and widely implemented infrastructure that provides all security objectives. But when PKI is used with Public Key Cryptography then its performance degraded in encryption phase because asymmetric cryptosystems are 100 times slower than symmetric algorithms in encryption and decryption phases.

Figure 1 - Prior PKI based basic encryption strategy (Asymmetric encryption)

DESIGN OF PROPOSED HYBRID ENCRYPTION SYSTEM (HES)

Figure 2 Proposed Design of Hybrid Encryption System

The following table describes all of working steps of the Hybrid Encryption System: Table 1 - Working steps of Hybrid Encryption System (HES)
Working steps of HES Step 1: Select a Secret Key (SK) and symmetric algorithm for enciphering procedure. We prefer AES for this step Security issues solved Computational efficiency Feasibility issues for large data sets Step 2: Select MD5 or Sha-1 or any hashing algorithm for computing To meet the following the hash values of SK and Cipher Text (C*). We prefer Sha-1. objectives later on other side. False modification Authenticity Confidentiality Step 3: Generate the cipher text by applying AES and SK. After that Cipher text will not be shared Transfer the cipher text (C*) directly to user B (Receiver). with third party

Step 4: Calculate the hash (digest) of SK and Cipher Text (C*). Hash of secret Key= h(SK) Hash of cipher text = h(C*) Step 5: Compute the digital signature of h(SK + C*) by applying User As Private Key through RSA. DhK = RSA {h(SK)}, DhC*= RSA {h(C*)} Step 6: Apply User Bs Public Key on SK, DhK and Dh C* to compute cipher text of signatures (CD). CD =.E{B-PbK(DhK&DhC*& SK)}

It minimizes the spy based hidden attacks It achieves customer satisfaction upon third party. Confidentiality

Authentication of Message origin User A can verify User Bs identity by analyzing his/her Public Key (B-PbK) information. Confidentiality Step (a) will assure origin authentication of User B towards user A with confidentiality. Step (b) will assure origin authentication and nonrepudiation of User A towards User B with confidentiality. The comparison of Step (a) and Step (c) will assure False modification of SK and C* to assure integrity in such a way if both values are same; it means no alteration otherwise alteration persists. Confidentiality

Step 7: How Non-repudiation, false modifications and origin authentications will be verified (a) Now user B has C, CD =.E{B-PbK(DhK&DhC*& SK)} User B will apply his/her B-PrK to decrypt the CD and will find digest values of DhC* , DhK and original SK (b) After that, DhC*and DhK will be deciphered by applying user As A-PbK to get h(SK) and h(C*). (c) The digest of SK and C* will be recomputed by user B in order to compare the results of step (a) and (b).

Step 8: User B will get original SK from step 7 to apply SK and AES on C* for getting of Plain Text.

Working methodology of HES: The proposed Hybrid Encryption System (HES) can utilize any symmetric cipher for producing cipher text in order to cover computational and applicability issues on large data sets and it can use asymmetric cipher for exchanging the secret key, hash of key and hash of cipher text etc. All this information will be exchanged through PKI strategy as described in Table 1. How confidentiality, non-repudiation, origin authentication, customer satisfaction upon third party and false modifications of keys and cipher text is achieved in our proposed scheme is discussed in Table 1 with logical justifications. Our proposed Hybrid Encryption System (HES) is generic that can be used with any combination of symmetric and asymmetric encryption algorithms according to the customers preferences. However, we preferably recommend to use HES with AES and

RSA for getting optimal outcomes. HES is effectively secured in fulfilling of all set of standardized security constraints (confidentiality, non-repudiation, origin authentication, false modification in secret key and cipher text) with hybrid encryption support as evidenced by Table 1. Our proposed HES negates the philosophy to utilize asymmetric algorithm in encryption phase and it recommends to use symmetric algorithm for encryption phase because symmetric algorithms are 100 times faster rather to asymmetric ones. The joint committee of symmetric and asymmetric algorithms is more effective in case of computational efficiency, feasibility issues to process large data sets and fulfilling of all standardized set of security constraints like Confidentiality, non-repudiation, False Modification in Secret Key, False Modification in Cipher Text, Origin Authentication in addition with customer satisfaction while exchanging information over insecure remote communication channels. To achieve these objectives it is worth full decision: if cipher of plaintext is generated with symmetric algorithm like AES and all other information (Keys, Digest (hash) values, etc.) are computed with RSA and Sha-1 algorithm before enchantment through PKI strategy.