Dependence on Encryption Technology

1.0 Introduction：

Information network has been estimated to be one of the greatest innovations in the new century. Plenty of people prefer to achieve fresh information from the Internet. As a consequence of rampant cybercrime, people are paying deeper attention to information security. It has been considered that encryption technology is the centerpiece of information security and plays a key role on the Internet for years. The core theory of encryption is to transform information from readable plain text to unreadable cipher text through a series of algorithms to prevent information from being stolen and modified during transmission. The recent development in the field of network security has led to a renewed interest in practical encryption and cryptography.

In these years, thanks to the rapid expansion of the information industry, an increasing number of Internet applications start to be protected by encryption technology, notably web applications that are distinguished. As an illustration, HTTPS (HTTP over TLS), the most universal application layer protocol contributes to a secure connection between server and client by encrypting all data (Rodriguez, 2018, p. 2). To compare with HTTP and HTTPS, the report in Figure 1 revealed that from 2015 to 2019 the usage of HTTPS is growing continuously to more than 50% in every platform. It is noticeable that encrypted web browsing has come to be the primary Internet activity.

Figure 1: Percentage of pages loaded over HTTPS in Chrome by platforms. (Google, 2019)

Encryption not only is valuable on the secure web but also takes a leading role on entirety Internet. , Before the end of 2018, encrypted traffic on the Internet keeps develop and has accounted for more than 50% (Sandvine, 2018). There is no doubt that encryption import safety into the Internet progressively. The purpose of this paper is to discuss that depend on the existing situation of encryption technology, encrypt all information on the Internet would solve network security in the future.

2.0 Discussion

2.1 Encryption Algorithm

The encryption algorithm is the core component of encryption technology. The Symmetric encryption algorithm and the Asymmetric encryption algorithm are known as two species of the encryption algorithm. Both of them are being adopted in encrypting. However, they are remarkably dissimilar in mathematical theory and application scenarios.

If network traffic is encrypted by the Symmetric encryption algorithm, there is a single secret key shared between the sender and the receiver. The sender uses the secret key to encrypt the digital information and deliver the message to the receptor via the Internet. After receiving the encrypted packet, the receptor decrypts the text with this secret key to obtain plain text data. DES, 3DES, AES, RC4, etc. are well-known in this area.

Unlike Symmetric encryption algorithms, Asymmetric encryption algorithms have two different styles of keys: public key and private key. All keys are demanded to create a secure link. Each node holds its private key also releases its public key to another node. If two nodes need to transmit encryption data, both of them encrypt the information with their partner’s public keys, dispatch the data in an IP packet and decrypt the packet with their private keys. There are some Asymmetric encryption algorithms are widely used on the Internet such as RSA, DH, ECC, etc. (Agrawal & Mishra, 2012, p. 3).

It is not difficult to spot that the Symmetric encryption algorithms are simpler, but how to pass the secret key to the receiver is a challenge. The Asymmetric encryption algorithm is further complex and key management of it is more rigorous. Since only each node holds its private key and private keys are not transmitted over the Internet, the attacker may not able to steal the private keys from the network.

Symmetric encryption algorithms are almost 1000 times faster than Asymmetric techniques, because of their less complexity (Kader & Hadhoud, 2009, p. 1). It is impossible to encrypt large-scale traffic through Asymmetric algorithms on the Internet. In practical applications such as HTTPS, two types of algorithms work together. If two nodes need to communicate with each other, originally they negotiate a secret key with DH (Diffie–Hellman key exchange) and then use the secret key to encrypt the real data with AES (Advanced Encryption Standard) (Kleppe, 2011, p. 2).

2.2 Delay of Encryption

2.2.1 Time Resource

AES is a renowned encryption algorithm most commonly be applied on the Internet to cooperate with TLS and IPSec to encrypt data before its transmission. AES is a block cipher which means before encryption, data will be cut into 128-bit data blocks. AES will encrypt data blocks one by one. There are 3 types of key sizes of AES: 128-bit, 192-bit, 256-bit. Different key sizes identify different security levels.

The complexity of the algorithm causes encryption involves additional CPU resources and time. In the report published by IEEE in 2018, the time required for AES algorithms with different key lengths to process different types of files is listed (Andriani, Wijayanti, & Wibowo, 2018, p. 3).

“TABLE 1. LIST OF FILES TESTED”

“TABLE 2. ENRYPTION FILE TEST TIME RESULT (IN SECOND)”

“TABLE 3. ENCRYPTED FILE TEST TIME RESULTS (IN SECOND)”

Analyze the information from the above tables, Encryption and decryption of each type of data take time which will introduce additional delay on the Internet.

2.2.2 Delay-sensitive Applications

During the last few years, with the improvement of transmission quality of the Internet, delay-sensitive applications are flourishing on the Internet. These kinds of applications such as online games, VOIP, multipoint video conferences require the point to point or the point to multipoint low-latency data transmission to ensure high-frequency interaction. So how to minimize network delay of these applications is critical.

When a packet is sent from one endpoint to another endpoint, network process delay is coming from different types: transmission delay, propagation delay, processing delay, queuing delay. Since in a selected end-to-end path, transmission delay, propagation delay, processing delay is constant(Ramaswamy, Ning, & Wolf, 2004, p. 2). The influence of encryption on delay-sensitive traffic is mainly reflected in queue delay and encryption delay.

Queuing delay is the delay because of network congestion. When network congestion is happening, router can’t forward buffered packets to full egress queue. All packets need to wait for being scheduled, the delay generated at this moment is the queuing delay. In QoS (Quality of Service), there are some queuing techniques to ensure that important packets could be transmitted preferentially such as Weighted Fair Queue (WQ), Low Latency Queue (LLQ) and Priority Queue (PQ), etc. (Mustafa & Talab, 2016, p. 3).

In various QoS queue models, delay-sensitive traffic all be classified into high-priority queues and forwarded preferentially. Encrypted traffic is classified into the default queue by the router because the information type cannot be recognized. Forwarding priority of default queue packet is the lowest (Szigeti & Hattingh, 2005, p. 285).

This statement shows that the latency of delay-sensitive traffic will increase after been encrypted because of queuing delay and encryption delay. This issue reduces the availability of related applications. So improving security through encryption is not a good solution for delay-sensitive data.

2.2 Encapsulation and Bandwidth Cost

2.2.1 ESP & TLS

Encryption information also requires special encapsulation to be transmitted through the network. The representative encapsulation protocols on the Internet include ESP (Encapsulating Security Payload) for IPSec and TLS Record Protocol for TLS (Transport Layer Security). The following sections discuss the impact of encryption encapsulation on the Internet.

IPSec has two operation modes when using ESP to encapsulate encrypted data: tunnel mode and transport mode. Tunnel mode encapsulates ESP header and new IP header outside the original IP header and encapsulates the ESP trailer and ESP auth information after the payload. Transport mode encapsulates ESP header between the original IP header and the TCP header, ESP trailer, and ESP auth encapsulation is the same as tunnel mode. Figure 2 shows the architecture of an ESP encapsulation.

                 Figure 2: Architecture of an ESP (Al-khatib & Hassan, 2018)

Compared with the original IP packet and the encrypted IP packet, the encrypted packet in the tunnel mode involves a new IP header, ESP header, ESP Trailer and ESP Auth. In transport mode, it involves ESP header, ESP Trailer and ESP Auth. The size of each part is IP header: 20 bytes, ESP overhead: 41 bytes (Hussein, Elhajj, Chehab, & Kayssi, 2016). According to this information, it can be calculated that the ESP encapsulation overhead is at least 41-61 bytes.

Record Protocol and Handshake Protocol are the two major components of TLS. Record Protocol is responsible for the encryption encapsulation of TLS. It is designed on the upper layer of the Transport Layer Protocol (such as TCP). The overhead of TLS Record Protocol is 40bytes (Hussein et al., 2016).

2.2.2 Encapsulation Overhead

To analyze the impact of cryptographic encapsulation on bandwidth, the size of the packets on the Internet is another crucial factor. In the research of in 2018, the researcher simulated Internet traffic collected data in Cisco routers. In this statement, the average packet size is approximately 870 bytes(Garsva, Paulauskas, & Grazulevicius, 2015).

Extra Bandwidth Rate= Extra Header Size / Average Packet Size

          Figure 3: formula for Extra Bandwidth Rate

In light of Figure 3, the extra bandwidth rate of ESP encapsulation is 4.7% – 7%, TLS encapsulation is 4.6%. It has been mentioned that 50% of the existing Internet data has been encrypted in the introduction chapter, so encrypting all data will only affect another 50%. Therefore encrypting all traffic will reduce the performance of the Internet by 2.3% – 3.5%. However, the Internet is a huge global network system, this level of performance decline is still needs to be worried.

2.3 Encryption in Cybercrime

2.3.1 Digital Forensics

Cybercrime is widely acknowledged as the biggest challenge for cybersecurity in the information age. Cybercrime activity is developing rapidly in the whole world, in some countries, the proportion of cybercrime has even higher than traditional crime. In 2015, There were 2.46 million cyber-enabled or cyber dependent crimes in the UK, accounting for 53% of all crimes throughout the year (Agency, 2016). Unlike traditional crime investigations, the detection of cybercrime is much more complicated, requires new methods and techniques.

Cybercrime investigation is related to discovering, collecting, analyzing a large number of information from various types of devices on the Internet to find evidence. Digital evidence is hidden in every corner of the Internet such as the history file of a web browser, log file of firewall, storage space of cloud server, even hard disk which has been formatted. In response to this such a hard situation, digital forensics emerged.

With the development of network technology, digital forensics has become more difficult than ever.

One of the major challenges facing digital forensic is encryption. The outcome of the Forensic Focus survey in 2015 displays that encryption (21%) is the 2^nd challenge of digital forensics. Since most encryption algorithms are designed to resist brute force cracking, encrypted data is almost impossible to analyze without secret key (Montasari & Hill, 2019). There is no doubt that encryption technology was invented to improve information security. However, it protects evidence of criminals at the same time.

2.3.2 Darknet

Darknet has been getting more attention from the public in the last few years. The criminal activities that have been found in the Darknet are drug and weapon trading, hacktivism, stolen, terrorism, murder and various other evil behaviors (Chertoff & Simon, 2015). Exploring the Darknet is completely anonymous, encrypted and untracked. Even if criminal behavior has been detected, the investigator still cannot locate the specific person in the real world. This makes the Darknet a shelter for criminals.

Tor (The Onion Router) is an anonymous communication system which is the key to access Darknet. There are 4 types of components of Tor: Directory Servers (DS), Client, Server, Onion Routers (OR) (Ahmad et al., 2018). The process of building a complete end-to-end Tor link is:

1. The Client accesses DS to gain a list of currently available Onion Routers and their public keys.
2. The Client selects one of the Onion Routers (OR1) to become its 1^st proxy server and establishes a TLS connection with its private key and OR1’s public key.
3. The Client selects another Onion Routers (OR2) to become its 2^nd proxy server. It sends the public key of OR2 to OR1 through the TLS connection Client-OR1. OR1 develops another TLS connection with OR2 with its private key and OR2’s public key.
4. The Client selects the 3^rd proxy (OR3) with the same method to develop a TLS connection from OR2 to OR3.
5. The Client will also use the same method to guide the OR3 to establish a TLS connection with the Server

                        Figure 3: Structure of the Tor system

In Figure 3, all links from client to server have been encrypted by TLS. The packet to Darknet has been encrypted at least four times, like:

[TLS Client-OR1 [TLS OR1-OR2 [TLS OR2-OR3 [TLS OR3-Server [data]]]]]

Therefore, encryption is the core technology of Darknet. This fact indicates that the impact of encryption technology on network security needs to be re-evaluated.

3.0 Conclusion

The main goal of the current study was to determine that encrypting all information on the network will or will not solve network security. The most obvious finding to emerge from this study is that encrypting all information without difference is not a good solution for today’s Internet.

The findings from this study make several contributions to our understanding of encryption technology. For some certain traffic, delay of encryption will reduce their availability that can cause massive impair of applications. Traffic encryption rises the burden of network bandwidth and restricts the performance of the Internet. Encryption data lead to a big challenge in the investigation of cybercrime.

This is exactly why information encryption needs to be treated with great care. Simply encrypting all information on the Internet is irresponsible for network security. More work will need to be done to determine what kind of information is appropriate for being encrypted, how to reduce impair of encrypted traffic on network performance and how to eliminate illegal encryption applications. Further research will bring us new answers.

4.0 References

• Agency, N. C. (2016). Cyber Crime Assessment 2016: NCA Strategic Cyber Industry Group London, UK.
• Agrawal, M., & Mishra, P. (2012). A comparative survey on symmetric key encryption techniques. International Journal on Computer Science and Engineering, 4(5), 877.
• Ahmad, I., Saddique, M., Pirzada, U., Zohaib, M., Ali, A., & Khan, M. (2018). A New Look at the TOR Anonymous Communication System. Journal of Digital Information Management, 16(5), 223.
• Al-khatib, A. A., & Hassan, R. (2018). Impact of IPSec Protocol on the Performance of Network Real-Time Applications: A Review. IJ Network Security, 20(5), 811-819.
• Andriani, R., Wijayanti, S. E., & Wibowo, F. W. (2018, 13-14 Nov. 2018). Comparision Of AES 128, 192 And 256 Bit Algorithm For Encryption And Description File Symposium conducted at the meeting of the 2018 3rd International Conference on Information Technology, Information System and Electrical Engineering (ICITISEE) Retrieved from https://ieeexplore.ieee.org/document/8720983/https://ieeexplore.ieee.org/ielx7/8717738/8720946/08720983.pdf?tp=&arnumber=8720983&isnumber=8720946&ref= https://doi.org/10.1109/ICITISEE.2018.8720983
• Chertoff, M., & Simon, T. (2015). The impact of the dark web on internet governance and cyber security.
• Garsva, E., Paulauskas, N., & Grazulevicius, G. (2015). Packet size distribution tendencies in computer network flowsIEEE. Symposium conducted at the meeting of the 2015 Open Conference of Electrical, Electronic and Information Sciences (eStream)
• Google. (2019). HTTPS encryption on the web. Retrieved Jul 27, 2019, from https://transparencyreport.google.com/https/overview?hl=en
• Hussein, A., Elhajj, I. H., Chehab, A., & Kayssi, A. (2016, 2-4 Nov. 2016). Securing Diameter: Comparing TLS, DTLS, and IPSec Symposium conducted at the meeting of the 2016 IEEE International Multidisciplinary Conference on Engineering Technology (IMCET) Retrieved from https://ieeexplore.ieee.org/ielx7/7764654/7777413/07777417.pdf?tp=&arnumber=7777417&isnumber=7777413&ref= https://doi.org/10.1109/IMCET.2016.7777417
• Kader, H., & Hadhoud, M. (2009). Performance evaluation of symmetric encryption algorithms. Performance Evaluation, 58-64.
• Kleppe, H. (2011). Performance impact of deploying HTTPS: Technical Report, Universiteit van Amsterdam.
• Montasari, R., & Hill, R. (2019, 16-18 Jan. 2019). Next-Generation Digital Forensics: Challenges and Future Paradigms Symposium conducted at the meeting of the 2019 IEEE 12th International Conference on Global Security, Safety and Sustainability (ICGS3) Retrieved from https://ieeexplore.ieee.org/ielx7/8672787/8688013/08688020.pdf?tp=&arnumber=8688020&isnumber=8688013&ref= https://doi.org/10.1109/ICGS3.2019.8688020
• Mustafa, M. E., & Talab, S. A. (2016). The effect of queuing mechanisms first in first out (FIFO), priority queuing (PQ) and weighted fair queuing (WFQ) on network’s routers and applications.
• Ramaswamy, R., Ning, W., & Wolf, T. (2004, 29 Nov.-3 Dec. 2004). Characterizing network processing delay Symposium conducted at the meeting of the IEEE Global Telecommunications Conference, 2004. GLOBECOM ’04. Retrieved from https://ieeexplore.ieee.org/ielx5/9481/30079/01378257.pdf?tp=&arnumber=1378257&isnumber=30079&ref= https://doi.org/10.1109/GLOCOM.2004.1378257
• Rodriguez, M. (2018). HTTPS Everywhere: Industry Trends and the Need for Encryption. Serials Review. https://doi.org/10.1080/00987913.2018.1472478
• Sandvine. (2018). The Global Internet Phenomena Report 2018. Retrieved from https://www.sandvine.com/hubfs/downloads/phenomena/2018-phenomena-report.pdf
• Szigeti, T., & Hattingh, C. (2005). End-to-End QoS network design: Cisco press.