Vulnerabilities found in an implementation of Hybrid cryptography – AES and RSA

Abstract

Cryptography is a method used for the protection of information and communication, whereby it ensures a form of security that allows only the sender and recipient to view its content. In Cryptography, there are two different types of encryptions - Symmetric Key Encryption and Asymmetric Key Encryption. Though each of the encryption categories, it has its advantages of encrypting and decrypting sensitive information, it also has its disadvantages. Therefore, Hybrid Encryption is a cryptosystem that incorporates both symmetric and asymmetric encryption, which benefits from the strength of each encryption category. Despite having such a strong encryption algorithm that ensures robustness and integrity, nothing ensures a hundred percent security. Ironically, for us to understand how to implement strong hybrid cryptography, or to purchase it off the shelves of hybrid cryptography products, we need to understand how hybrid cryptography systems are commonly implemented weakly. In the project, we shall focus on the research, development, and implementation of RSA-AES Weak Hybrid Cryptography. The project aims to raise the awareness of the potential exploitation of systems that use Hybrid Cryptography, by providing information with regards to the detection of such exploitation and its recommendations to prevent users or consumers from being exploited. This report includes the introduction of the project, discussion of hybrid cryptography, the implementation of it, and discussion of common weak hybrid cryptography implementation. Under the Common Weak Hybrid Cryptography Implementation section, a set of common weak implementations developed by malicious or ignorant developers will be discussed. Following that, steps for detection and recommendations will be provided to help customers or consumers from being exploited by attackers.