See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/284206699

Email Encryption using RC4 Algorithm

Article  in  International Journal of Computer Applications · November 2015

DOI: 10.5120/ijca2015907185

CITATIONS READS

4 934

2 authors:

Meltem Kurt Pehlivanoğlu Nevcihan Duru

Kocaeli University Kocaeli University
23 PUBLICATIONS   50 CITATIONS    42 PUBLICATIONS   101 CITATIONS   

SEE PROFILE SEE PROFILE

All content following this page was uploaded by Meltem Kurt Pehlivanoğlu on 20 January 2016.

The user has requested enhancement of the downloaded file.

 International Journal of Computer Applications (0975 – 8887)
Volume 130 – No.14, November 2015

Email Encryption using RC4 Algorithm

Meltem Kurt Pehlivanoğlu Nevcihan Duru
Department of Computer Engineering Department of Computer Engineering
Kocaeli University Kocaeli University
Kocaeli, Turkey Kocaeli, Turkey

ABSTRACT this paper, RC4 based encryption algorithm used that is

In the communication age, in the daily life people constantly stream cipher was invented in 1987 by Ron Rivest. Thanks to
uses communication tools that are e-mail marketing, instant its efficiency and simplicity it was used many protocols and
messaging, social networking, search engines, bookmarking standards such as Secure Socket Layer (SSL) to protect
systems, affiliate systems, print media and direct mail. These internet traffic, Wired Equivalent Privacy (WEP) to secure
tools are used as an internet communication. However as a wireless communication, Wi-Fi Protected Access (WPA) to
result of widespread of internet usage, security problems have secure communication on data link layer instead of WEP, and
become more important year by year. Two main problems are Transport Layer Security (TLS) to secure communication on
related with internet is an open system and unsafe area. The transport layer.
encryption and decryption systems are designed to cope with There are various protocols, standards, systems provide secure
this security gap. In this paper RC4 based encryption Email system. In early Email system everyone should encrypt
algorithm is used to ensure secure Email communications. their Email [3]. Public Key Infrastructure (PKI) is a
framework that permits users of such networks to exchange
Keywords data through the use of a public and private key pair that is
Decryption, Electronic Mail Security, Encryption, POP3, obtained and shared through a trusted authority [4] was used
RC4, SMTP secure Email systems. However Email senders must also look
up a recipient’s public key before encrypting an Email in PKI
1. INTRODUCTION systems [4]. To solve this problem identity-based encryption
Cryptology word comes from ‘kryptos logos’ in Greek (IBE) [5] can be used. The text value of the name/domain
language. The aim of the cryptology is to ensure safety name or internet protocol (IP) address is used as key in IBE.
communication via secure channel between sender and
recipient sides who wants to secure communication (sent or In the literature there are some designs of secure email based
receive) in unsafe communication area. Fig. 1 shows that system. Lu and Geva [6] describe the implementation of a
thanks to encryption system 3th people (theft) doesn’t distributed search engine called SEGPX based on secure
meaning the cipher text even if gets it. email communication. It uses X.509 Public-key and attributes
certificate frameworks and utilizes email servers for
communications. Jain and Gosavi [3] encrypt with variable
3th person who want to get data key and compress with code book, compress message must
encrypted is needs of today’s E-mail security in their paper.
Sender Recipient With encryption they maintain secure Email and with
compression text is minimizing the overload of traffic over
Plain text Plain text
r communication channel. Chen and Ma [7] proposed a novel
Unsafe proxy-based secure Email system using IBE cryptography. Li
Encryption Communication Decryption et al [8] analyze both the AES algorithm and the ECC
Block Area Block algorithm. Combining with the characteristics of the AES and
Cipher text Cipher text ECC they designed a mixed Email encryption system. Madi et
al [9] have proposed a simple implementation of configuring a
secure Email server in Linux platform (Ubuntu OS) to use
Local-based Email Transfer Agent such as Postfix. Choukse
Pre-sharing
et al [10] explain inherent weakness in email infrastructure
Information
and methodologies to improve the security of the email
infrastructure and also will highlight good and weak practices
Fig 1: Communication channels over unsafe area in varying aspects of email infrastructure design paradigm in
their paper. Yeh et al [11] introduces an identity-based one-
There are basically two types of encryption algorithm which way group key agreement protocol and describes a point-to-
are called as symmetric in which encryption and decryption point email encryption scheme based on the protocol. Dacosta
keys are the same or asymmetric in which encryption and et al [12] present EmailCloak that an email alias service with
decryption keys are different from each other [1]. public key encryption capabilities, relaxes email encryption
In this paper symmetric encryption algorithm is used for requirements by relying on a privacy-respecting third-party.
secure Electronic Mail (Email) system. The security of this Ojamaa and Lind [13] proposed a solution based public key
symmetric cryptosystem, should not rely on the cryptography and OpenPGP to the costumers for more secure
confidentiality of the algorithm, it depends on the secret of email communication.
keys. There are two types of symmetric encryption RC4 algorithm is introduced in second section. The third
algorithms, these are; stream ciphers and block ciphers which section gives information about Simple Mail Transfer
provide bit-by-bit and block encryption respectively [2]. In Protocol (SMTP) and Post Office Protocol 3 (POP3) servers.

25
 International Journal of Computer Applications (0975 – 8887)
Volume 130 – No.14, November 2015

The fourth section examines the improved method. Finally

conclusion is given the fifth section.

2. RC4 ALGORITHM
There are two basic cryptographic algorithms; these are
symmetric algorithms and asymmetric algorithms.
Cryptographic protocols use cryptography, is sequences of
actions, which are concern two or more sides, designed to
fulfill a goal. A stream cipher is a symmetric algorithm that
has two types called as synchronous stream cipher and self-
synchronizing stream cipher.
The RC4 is a stream cipher, as mentioned before it used lots
of standards and protocols for example in the SSL/TLS
standards that have been defined for communication between
Web browsers and servers. It also used in WEP protocol and
WPA protocol.
It works in two phases, key setup and ciphering. Both phases
must be performed for every new key. During an l-bit key
setup (l is the key length) the encryption key is used to
generate an encrypting variable using two arrays, state and
key, and l-number of mixing operations [2].
The algorithm is based on the use of random permutation. The
key stream is completely independent of the plaintext used.
The algorithm uses a variable length key from 1 to 256 bytes
to initialize a 256-byte array. The array is used for subsequent
generation of pseudo-random bytes and then generates a
pseudorandom stream, which is XORed with the
plaintext/ciphertext to give the ciphertext/plaintext [14].
As S = {0, 1, 2 … N-1} is the initial permutation, two parts of
RC4 algorithm which are Key Scheduling Algorithm and
Pseudo Random Generation Algorithm, their pseudo codes are
given in Table 1.
Table 1. Pseudo Code for RC4 Algorithm
Key Scheduling Pseudo Random Generation
Algorithm (K) Algorithm
Initialization: Initialization:
for i= 0 to N-1 i= 0
S[i] = i j= 0
T[i]= K[i mod l ] Fig 2: Pseudo Code for MRC4 KSA [19]
Scrambling: Generation Loop:
j=0 while (true)
for i= 0 to N-1 i= (i + 1) mod l
j= (j + S[i] + T[i]) j= (j + S[i]) mod l
mod l swap (S[i], S[j])
swap (S[i], S[j]) output = S[S[i]+S[j] mod l]
end

However in the literature there are lots of cryptanalysis

researches about RC4 algorithm [15, 16, 17, 18]. Many
weakness have been revealed. Modified RC4 (MRC4)
encryption algorithm is recommended by Jindal and Singh
[19], in this paper this algorithm is used because it focuses on
WEP protocol security. MRC4 uses the same key scheduling
algorithm (KSA) with RC4 but with two different keys and
two S boxes (S1 and S2). Structure of MRC4 KSA is given
Fig. 2. In the pseudo random generator (PRG) part is given
Fig. 3.

Fig 3: Pseudo Code for MRC4 PRG Algorithm [19]

3. SMTP AND POP3

SMTP is a protocol that sent Email messages over the Internet
between sender and recipient side’s servers, only works for

26
 International Journal of Computer Applications (0975 – 8887)
Volume 130 – No.14, November 2015

outgoing messages. While sending Email, most of Email

software is designed to use SMTP. It breaks up different parts Start
of message into categories so that it provides meaningful
communication between two servers. The messages can then
be retrieved with an Email client using either POP or Internet Compose Email package
Message Access Protocol (IMAP). POP that is a protocol has
two versions POP2 and POP3. POP2 became a standard in the
mid- 80’s and requires SMTP to send messages. POP3 is
newer version that can be used with or without SMTP. IMAP Encrypt Email subject
is a protocol, latest version IMAP4, is similar to POP3. All of and content with MRC4
them deal with receiving of Email on the server.

In this work POP3 is used because of it is simple and well-

supported. In order to connect to the Internet, parties need an Compose SMTP client,
Internet Service Provider (ISP). enter user information
Fig. 4 shows Email protocols between sender and recipient.
First step sender compose his/her mail, Email client sends this
mail to the SMTP server. Then the SMTP server forwards the Sent Email package with
mail to the recipient’s mailbox. The POP3 server holds the SMTP client
message for delivery to the recipient. Finally the recipient
retrieves the message using the POP3 protocol.
Send Email

End

Fig 5: Flowchart of sending Email

Fig. 5 is a flowchart that shows steps of newmessage class.
Firstly Email package is composed, than Email subject and
Email content are encrypted with MRC4 algorithm. SMTP
client is composed, after that use information is entered to the
client. Using SMTP client Email package is sent.
In the MRC4 class, before encryption subject and content of
Fig 4: Email protocols between sender and recipient the mail with MRC4, according to our Email encryption
system sender and recipient use Elgamal encryption system
As mentioned before thanks to internet, people can initiate for key agreement to resolve the RC4 key management issues
real-time communication with everybody they want. It that was suggested in [20]. Structure of the key agreement is
provides lots of services like Email, video conferencing, chat given Fig. 6.
etc. Internet has lots of advantages nevertheless there are
some disadvantages. One of them and the most important is
security gap. In the insecure and unsafe area makes our
personal and secret information vulnerable to third persons
who want to steal this information. The other is spamming, it
refers to sending unwanted mails that make slower to access
our Email accounts. To cope with security problem, especially
safe messaging, suggested use of MRC4 encryption algorithm
while sending mail to the recipient. Thus mails can be
protected from thefts.

4. IMPROVED METHOD
Proposed method in this paper has four classes. These are Fig 6: The encryption process of each block with MRC4
newmessage, default, messages and MRC4. C++ algorithm
programming language is used.
This system allows to user the selection of between 64-128 bit
The newmessage class composes new Email packages and key while encryption with MRC4.
then Email subject and content is encrypted using encrypt
method in the MRC4 class. In the default class, POP3 and
SMTP servers' session information is registered. Then this
registration information is direct to the messages class. In the
messages class connects to the POP3 server, encrypted Email
is decrypted with decrypt method in MRC4 class.

27
 International Journal of Computer Applications (0975 – 8887)
Volume 130 – No.14, November 2015

Start

Enter POP3 server

information

Download Email package

and assign it to the variable

Decrypt Email subject

and content
Fig 10: Email sending screen.
The recipient control own Email account, it can be easily
shown that Email subject and content is encrypted. To decrypt
Read Email
this Email, recipient enter POP3 server information to the
login screen. Using decrypted Email screen that is given the
Fig. 11, recipient decrypt Email.
End

Fig 7: Flowchart of mailing list and reading Email.

In the Fig. 7 the steps of the messages class are given. In the
messages class firstly POP3 server information is entered,
than Email package is downloaded. Using decrypt method in
the MRC4 class, encrypted mail content and subject. Finally
decrypted Email or that can be called as plain text is obtained.
Thereby Email is securely transmitted to the recipient over the
unsafe area. The mail content and subject decryption process
is given in the Fig. 8. Fig 11: Decrypted Email Screen

5. CONCLUSION
Asymmetric and symmetric encryption algorithms provide
security, data integrity, and authentication. Symmetric
encryption algorithms use the same cryptographic keys for
encryption and decryption process. RC4 encryption algorithm
is so widely used for secure communication. In this paper
modified version MRC4 is used for secure messaging. Thanks
to this implementation people can control their Emails and
they can encrypt it while sending to the recipient.
Fig 8: The decryption process of each block with MRC4 In the future different encryption algorithms can be used and
algorithm their advantages and disadvantages are comparing.
Technological improvements have made mobile
communication mandatory. In the future this
implementation can be integrated on mobile phones for secure
messaging.

6. REFERENCES
[1] Koblitz, N.1994. A course in Number theory and
Cryptography.
[2] Schneier, B. 1996. Applied Cryptography - Protocols,
Algorithms and Source Code in C.
[3] Jain, Y. K. and Gosavi, P. B. 2008. Email Security using
Encryption and Compression. Computational Intelligence
Fig 9: Login screen for Modelling Control & Automation International
Conference.
In the Fig. 9 login screen is given, SMTP and POP3 server
names are entered to this screen. Using Email sending screen [4] Guo, Z. and Okuyama, T. Finley, M. R. 2005. A New
that is given in the Fig. 10, people can sent encrypted Email to Trust Model for PKI Interoperability. Autonomic and
the recipient side. Autonomous Systems and International Conference on
Networking and Services.

28
 International Journal of Computer Applications (0975 – 8887)
Volume 130 – No.14, November 2015

[5] Rivest, R., Shamir, A., and Adleman, L. 1978. A Method Improve Email Privacy. Ninth International Conference
for Obtaining Digital Signatures and Public Key on Availability, Reliability and Security (ARES).
Cryptosystems. Communications of the ACM.
[13] Ojamaa, A. and Lind, U. R. 2013. Securing Customer
[6] Lu, C. and Geva, S. 2005. Secure email-based peer to Email Communication in E-Commerce. Sixth
peer information retrieval. International Conference on International Conference on Developments in eSystems
Cyberworlds (CW’05). Engineering.
[7] Chen, T. Ma, S. 2008. A Secure Email Encryption Proxy [14] Kitsos, P., Kostopoulos, G., Sklavos, N., and
Based on Identity-based Cryptography. International Koufopavlou, O. 2004. Hardware İmplementation of
Conference on MultiMedia and Information Technology. The RC4 Stream Cipher. IEEE 1363.
[8] Li, C. J., Dinghu, Q., Haifeng, Y., Hao, Z., and Nie, M. [15] Klein, A. 2008. Attacks on the RC4 stream cipher,
2011. Email Encryption System Based On Hybrid Aes Designs, Codes and Cryptography. Springer- Verlag.
And Ecc. IET International Communication Conference
on Wireless Mobile and Computing (CCWMC). [16] Mantin, A. and Shamir. 2001. A Practical Attack on
Broadcast RC4, FSE. LectureNotes in Computer Science
[9] Madi, N. K. M., Salehian, S., Masoumiyan, F., and SpringerVerlag.
Abdullah, F. 2012. Implementation of Secure Email
Server in Cloud Environment. International Conference [17] Mantin, A. 2005. Practical Attack on the Fixed RC4 in
on Computer and Communication Engineering (ICCCE). the WEP Mod. 11th International Conference on the
Theory and Application of Cryptology and Information
[10] Choukse, D., Singh, U. K., Laddhani, L., and Security (ASIACRYPT).
Shahapurkar, R. 2012. Designing Secure Email
Infrastructure. Ninth International Conference on [18] Fiuhrer, S., Mantin, A. and Shamir. 2001. Weaknesses in
Wireless and Optical Communications Networks the key scheduling algorithm of RC4. 8th Annual
(WOCN). International Workshop (SAC).

[11] Yeh, J. H., Zeng, F., and Long, T. 2014. P2P email [19] Jindal, P. and Singh, B. 2014. Performance Analysis of
encryption by an identity-based one-way group key Modified RC4 Encryption Algorithm. IEEE International
agreement protocol. Parallel and Distributed Systems Conference on Recent Advances and Innovations in
(ICPADS). Engineering (ICRAIE).

[12] Dacosta, I., Put, A., and De Decker, B. 2014. [20] Yao, Y., Chong, J., and Xingwei, W. 2010. Enhancing
EmailCloak: A Practical and Flexible Approach to RC4 algorithm for WLAN WEP Protocol. 2010 Chinese
Control and Decision Conference

IJCATM : www.ijcaonline.org 29

View publication stats