Int’l Conf. on Computer & Communication Technology ___________________________________ 978-1-4244-9032-5/10/$26.00©2010 IEEE 532 Security Vs Cost: An Issue of Multi-objective Optimization for Choosing PGP Algorithms Divya Kumar 1 , Divya Kashyap 2 , K. K. Mishra 3 and A. K. Misra 4 Department of Computer Science and Engineering Motilal Nehru National Institute of Technology Allahabad, India {d2gupta13 1 , div.kashyap 2 , mishrakrishn 3 }@gmail.com, akm@mnnit.ac.in 4 Abstract— PGP(Pretty Good Privacy) is most widely used standard in the world for securing electronic mails. It promises for confidentiality, integrity and authentication to its users. These security services are provided at a cost of various cryptographic algorithms. Given a data, choosing particular algorithms for its security, according to the user requirements, is a non-trivial task. As various algorithms with different security levels and cost are available. In this paper we have proposed a meta-heuristic based on Evolutionary Multi- objective Optimization for selecting appropriate algorithms for PGP according to the user requirements of cost and security levels. Keywords- PGP; genetic algorithms; multi-objective optimization; confidentiality; integrity; authentication; pareto front; Strength Pareto Evolutionary Algorithm(SPEA) I. INTRODUCTION PGP, created by Phil Zimmermann in 1991 is a well known application. It is well crafted to provide authentication, integrity and confidentiality services that can be used for securing emails and file storage applications. Zimmermann has selected some of the better available cryptographic algorithms and integrated these algorithms into a general purpose application that is independent of platform [14]. Thus according to [15] PGP is a hybrid cryptosystem. The process of PGP message generation a serial combination of hashing, signing the hash, data compression, symmetric-key cryptography and finally, public-key cryptography, applied on the email, one after another [16]. At each step we use one of the various available and supported algorithms for e.g. RSA or DSA for public key cryptography, IDEA or CAST for symmetric encryption, ZIP or ZLIB for data compression and MD5 or SHA-1 for hashing. For more choices of algorithms and other details we redirect the author to [4]. Algorithms are chosen according to the user requirements of time, cost and required security level. Since email is a one-time activity the sender of the message needs to include the identifier of the algorithms used to prepare the final secure message as well as the values of the keys, in the message itself [5]. This is the beauty of PGP. How to choose appropriate algorithms, form the available pool, suiting the user requirements of time, cost and security, is a question of interest for this paper. For a solution we have tried to apply Evolutionary Algorithms (EAs) to search the solution of this problem. Since this problem is to satisfy various objectives related to time, cost and security, we have framed it as a multi-objective optimization problem. EAs are the class of algorithms that simulates natural evolutionary principles, like survival of the fittest, to constitute search and optimization procedure [6]. Professor John Holland put EAs forward in 1975 and since then these algorithms are in light. This approach mainly focuses on a set of candidate solutions called population, and this set is subsequently changed in an iterative manner, using three basic principles: selection, recombination and mutation. Selection imitates the competition among the members of the set for recombination. Recombination and mutation is to generate new population from the old ones which resemble their parent but have different fitness values. This approach is extensively used now days in engineering domains, mainly to solve multi-objective optimization problems. The remaining parts of this paper are organized as following: first we have described multi-objective optimization, secondly problem is described with a mathematical model and finally a solution method is described. II. MULTI-OBJECTIVE OPTIMIZATION A multi-objective optimization problem (MOOP), in engineering domain, is that problem which aims in satisfying a large number of objectives and constraints [7]. For these types of problems, objectives are generally conflicting which prevents simultaneous optimization of each objective [8]. The same is case with our problem i.e. if we use an algorithm which is more secure, the cost or time complexity of the algorithm would be increased. According to [8], a MOOP can be mathematically defined as: Given an n-dimensional vector of decision variables x={x 1 , x 2 ,…,x n } , in solution space X. We have to find a particular vector x p , that minimizes/maximizes a given set of K objective functions f(x p )={f 1 (x p ), f 2 (x p ),…,f K (x p )}. Solution space can also be guarded by a series of restrictions or constraints.