The document discusses the RSA algorithm and its implementation in SSL-VPN architectures. It begins by introducing SSL-VPN and how it uses the RSA algorithm. It then provides a high-level overview of the mathematical concepts behind the RSA algorithm, including generating public and private key pairs using large prime numbers. It also describes how the RSA algorithm is used for encryption and decryption in SSL-VPN systems to securely transmit encrypted data between private networks over the internet.

1. RSA Algorithm Functionalities and Mathematical Implementation Of SSL-VPN Architecture for Multimedia Industry
Chanaka Lasantha Nanayakkara Wawage
Faculty of Science, Engineering and Computing
Master of Science Network and Information Security
Kingston University UK, Student ID: K1658833
chanaka.lasantha@gmail.com
Abstract—The SSL VPN is the major technology in the current
VPN market as a one of the best technologies in the opensource
world instead of compilated called OpenVPN. The Oldest IPSec
VPN technology too complex for correctly implement as well less
of security strength weakness and expensiveness are the major
negative drawback of the IPSec VPN Technology. IPSec has too
many required optional parameters configurations to become to
secured working condition and since it was implemented by some
non-expert professions regarding on IPSec domain. In
additionally IPSec preconfigured to operates over kernel
workspace by facilitating some of cybercriminal society to
mistakenly allowed attack by exposing over catastrophic failure.
OpenVPN is always avoiding the unwanted complexity compared
to IPSec VPN technology to taking SSL/TLS mechanism with
cryptographic libraries provides much better functionalities in
simplest lightweight package successfully. OpenVPN is the
pioneer as real SSL VPN enforcer to other SSL VPN products by
facilitation the same operational functionalities towards into the
IPSec sector. Therefore, the OpenVPN is based on the SSL/TSL
concept into the reality of implementation, it also based on RSA
Algorithm with Additional Technologies. Therefore, the key
concerned area is focused on the RSA Algorithm.
INDEX TERMS
Introduction, Technical and Mathematical Philosophy of RSA,
Key Distribution of SSL-VPN, RSA Algorithm Integrated in
SSL-VPN, RSA Encryption Algorithm Functionality,
Mathematical Evaluation of Encryption and Decryption,
Example of RSA Encryption and Decryption, The Extended
Euclidean Algorithm Definition, Practical Protection
Illustration and Secureness of RSA, Key Creation and
Exchange, Hashing Methodology with HMAC of SSL-VPN,
Conclusion.
I. INTRODUCTION
This report illustrated how to function the RSA Algorithm using
evaluating, the true pattern of encryption and decryption in SSL
based VPN mechanisms. The major risk is to delivering keys
amount sender and receiver sides by protecting cyber- attacks,
therefore the public key cryptography mechanism came into the
scene, the whatever data have been encrypted by the public key
can possible to decrypted only applying the receiver side private
key to obtain the real message [1]. There is the way to send the
session key using digital locker called envelope with special
techniques such as either Diffie-Hellman or Elliptic Curve
methodology. the public key technology takes place to generate
a shared key, which is only correspondents allowed to create
certain secret
value where can use used act as the session key. Mainly in Public
key cryptography support to overcome key distribution difficulties
and this methodology focused on two main cryptography critical
issues, authentication and nonrepudiation over the secured tunnel.
Data and Identity sections are protected [2]. with someone who
needs authentication over the electronic world, and at the other
hand nonrepudiation prevents on unknown peoples, Therefore the
digital signature came into the operation to mitigate issues of
above-mentioned circumstance.
Figure 1: SSL Operation Illustration.
SSL-VPN (Secure Socket Layer Virtual Private Network)
Systems are mainly used to interconnected between one or more
private endpoints by encrypting internet traffics towards into the
protected tunnel, also that very impossible to make
eavesdropping attacks theoretically [3]. none application based
tunneling grants to established a tunnel in between two or more
geographical sites, that allowed one LAN network to
intercommunicate with another LAN network over the wider
range of accessibility.
SSL-VPN is factorized on RSA Algorithm. The RSA algorithm
created on difficultness of factorizing with large prime numbers
by the nature, this system mainly works on private and public
key architecture system, also the public key is available for
everyone who readies to communicate with the certain person,
Using the RSA algorithm, the user can encrypt with public key
but it does not allow to decrypt the back again using the public
key [4]. because then there is only one person who can decrypt

2. with the private key called the owner, at the other hand, it is
very difficult to generate the key wanted for decryption from
the public key, that is why the RSA algorithm is very famous
among the other data encryption protocols as well.
Figure 2: SSL-VPN Authentication and Tunnel Flow.
The OpenVPN had have many security features that enhanced
credibility to mitigate most of the unknown vulnerabilities
which are the list up SSL OpenVPN Product rank on the top
of t he level of security, also OpenVPN has Community and
Commercial appliance versions for the customers based on SSL
Framework as well. The OpenVPN is built extremely massive
security basement using SSL/TSL concept with RSA algorithm
framework, mainly SSL/TLS has been propagated over the
world without notifying any big issues with unknown
vulnerabilities [5].
II. TECHNICAL AND MATHEMATICAL PHILOSOPHY
OF RSA
A. Key Distribution of SSL-VPN
The major problem has been rectified regarding initial keys
delivering among sender and the receiver with either encrypting
or decrypting data flow when exposed situation happened, the
initial key exchange process must be hidden with special
encrypted transport mechanism, In the OpenVPN, that they
have generated decryption key is safely distributed towards into
the receiver side using special mathematical concept to mitigate
risk instead of open distribution called Diffie Hellman
mechanism [6].
Figure 3: OpenVPN/SSL-VPN Authenticated User
Furthermore, it provides the additional security even the middle
of intercepted attacker person either exposed data or not, that
because they both are sender and receiver must be generating
the same key which was restricted for the middle person to
regenerate the key over the Diffie Hellman mechanism
successfully.
B. RSA Algorithm Integrated in SSL-VPN
At the beginning of RSA algorithm must generate two large
prime integer values called p and q, also n value cannot have
extracted from p and q values, in additionally, that the encryption
key definitely in co-prime condition to adhere with m = α(n).
therefore, when we generate such that decryption key d belongs
to the equation of de
-mod m = 1, finally we had archived both
private and public keys accurately [7-8].
C. RSA Encryption Algorithm Functionality
In the modern world, there is no possibility of old age
cryptosystem to mitigate required cybersecurity such as Caesar
cypher technology because Caesar cypher easily can decrypt
using the very simple opposite of the encryption pattern. The
Caesar cypher's behaviour falls into the symmetric cypher
category while both decryption and encryption process is in a
symmetrical manner.
Figure 4: Symmetric Encryption.
The second major method is the asymmetric cypher, also there
are two key pairs such that private and public key, the public key
had have used to encrypt cleartext message and at the other end
got the same message by decrypting his private key. As a result,
the encrypted transmitted message is available in public, also this
methodology has strong security as in public key encryption
category.

3. Figure 5: Asymmetric Encryption.
The RSA encryption methodology especially based on some
special properties of prime numbers. The Known sample prime
numbers are such as 2, 3, 5, 7,... .etc., are categorized into the
special prime numbers which are greater than 1 and further
expression also impossible as a natural smaller number, also a
prime integer number is a natural vale greater than one and
including only positive factors. In additionally every natural
integer which is greater than one can factorize into a product of
each prime numbers [9].
Furthermore, that there are infinitely most of the prime
numbers. Using a computer, it is relatively easy to find lots of
large prime numbers. At present, however, it is much difficult
to find the prime number factorization of a very large number.
This is what makes RSA encryption so hard to crack [10]. It is
much difficult to reevaluate factorization of a very large prime
either integer or number, also that special enhanced property
takes place the strength of anti-crack situation. Simply that
feature lifts up RSA encryption methodology which is very
difficult to crack by cyber-attack.
Figure 6: SSL Tunnel.
D. Mathematical Evaluation of Encryption and Decryption
The major component of RSA can be classified such as n, e and
d and recommended for choosing two very large primes. The
second step is to calculate ϕ, in additionally to choosing
exponents values one and d.
Formula for n is n = p * q
So, calculate ϕ using Euler Totient Function as follows,
Formula for ϕ is x ϕ mod =1
Therefore ϕ = (p-1) (q-1) must be evaluated [11].
Where ϕ must not shear a factor with Choosing component e
and d and it must be small e, greater than 2, let e =3. Therefore,
the value of d needs to evaluate (Inverse of e mode ϕ).
e * d mod ϕ = 1, so p = 5, q = 1, e = 7.
therefore n = p * q =>55 and ϕ = (p-1) (q-1) =>40.
When p = 5, q = 11, e = 7, n = 55, ϕ = 40 and d =?
Got the equation 7 * d mod 40 = 1
RSA Calculation Steps:
Step 1
φ = 0, e = 7
40 / 7 = 5
φ = 40, e = 1
40/1 = 40
Step 2
40
5 * 7 = 35
40
5 * 1 = 5
Step 3
40
7
(40-35) = 5
40
1
(40-5) = 35
Step 4
7
5
(7-5) = 2
1
35
(1-35) = -34
Step 5
7
5
2
1
35
-34 mod 40
Step 6
5 divides
2 is equal to 2
35
6
Step 7
5
2 * 2 = 4
35
6
Step 8
5
2
(5 – 4) = 1
35
6
(35 -12) = 23 = d
Table 1: RSA Calculations.
According to the answers evaluated from qauation has been
found the Pubic key and Private key So, p =5, q =11, e = 7,
n = 55, φ = 40, d = 23 and it said 7 * 23 mod 40 = 1
Therefore the composition of the Public key is e = 7,
n = 53 with the component of Private key d = 23.
E. Security Clarifications and Conditions of RSA Algorithm
The RSA Algorithm had used exponential mathematical
expressions on the whole concept, the plaintext is always
chunked into blocks including binary values as n. in
additionally the chunked block size must be either less than
or equal to the log2(n). The Encryption and Decryption forms
are included with plaintext block M with ciphertext block
called C as follows,
C = Me
mod n
M = Cd
mod n = (Me
)d
mod n = Med
mod n
Therefore, the both of sender and receiver (Bob and Alice) must
be known the value of n, also the sender already knows the
certain value of e, in additional receiver also known the value of
d to initialized the message flow [12]. As a result, the above
scenario called public key encryption having the private key d, n
and public key e, n.

4. F. The Extended Euclidean Algorithm Definition
The Euclidean algorithm is the major active methodology in
RSA algorithm, The RSA algorithm used integers a and b in
the extended Euclidean algorithm to calculate greatest common
divisor (GCD Values), by satisfying, that there are two
additional integers x and y into the equation [13].
ax + by = d
Therefore d = gcd (a, b)
G. Practical Protection Illustration and Secureness of RSA
Most peoples who specialized and realistic cryptanalyst asking
is that the RSA algorithm strongly enough in front of cyber-
attack. Actually, the specialized cryptanalyst can harmful
partially on RSA algorithm using supercomputer cluster but
not accurately possible to do that, brute-force attacker
sometimes gets a chance to crack the message, but it does not
mean that the entire encryption scheme possible to exposed.
Figure 7: Illustration of Avoid middle attacker attempts.
In addition, the other hand probabilistic approach scenario will
take a chance to obtain one key from out of million, mo s t of
the time it very differs to say that the RSA algorithm is
breakable without proven evidence. Therefore, the RSA
algorithm strongly protected from cyber-attacks. As a result,
The Hash integrity check has been implemented to verify the
integrity of the original sender's message content, also digital
signature also in an operation to verify total protection of the
encrypted tunnel. According to the above image, the middle
attacker was failing to obtain e vale and finally, it’s become
the false attack.
According to the above image, to prove how RSA algorithm
strongly enough when a cryptanalyst attacker obtaining the
decryption key from the public key where generated, and the
attacker is trying to the intruder in order to steal the certain
decryption key.
Therefore, to take care of attack from threat assets, that they
need strong physical security, that’s why some encryption
devices, must be separated from rest of the critical IT assets
which are related to RSA algorithm mechanism, also it must
generate decryption and encryption key pair and does not
printout decryption key, even when the owner requested.
Finally, administration IT security professional will delete the
decryption key when they sense abnormal attempts for intrusion
ifoccurred.
The cyber-attack is habitable when the user Bob had only one
public secret key over RSA key pair, also usability of the same
key pair for both sides regarding on encryption and digital
signature process. The above cryptosystem has a mutual
authentication request from Bob and he must be proved own
identity to Alice by signing necessary random number which was
provided by Alice, with his secret key as well. As a result, the
Alice process and verify where the signature coming from Bob
including his public key, due to this situation, the Alice also
possible to attack Bob if the Alice has been intercepted ciphertext
instead for the Bob.
H. Key Creation and Exchange
The HMAC is acting a major role for the SSL/TSL handshake
process and authentication at both ends, also it will create four
identical sperate keys including HMAC keys for both send and
received, encrypt and decrypt keys for sending section as well as
encrypt and decrypt as receive the key. The user must never apply
same keys for not more than one security fundamentals such as
asymmetric, symmetric, hash function and digital signature, at
the other hand the OpenVPN technology also adhere with the
same technology [14]. The OpenVPN running over the standard
method of RSA/DHE handshake using client authentication to
establish the same scenario.
I. Hashing Methodology with HMAC of SSL-VPN
The hashing function is the necessary requirement with RSA
algorithm to check the data integrity at both ends of sender and
receiver, also known as the one-way function which can send
using hashing method, it is creating fixed length string using
SHA1 of the cleartext message into ciphertext by representing
the message.
Figure 8: The Hash Function.
When we sent a message along with a certain text message after
hashing towards into the receiver side, then the receiver side also
making same hash function and test the integrity was matched
using the same one-way function and compared the result of both
of them. As a result, if the compared string is matched, then only
the receiver determined the, what he got is correct content from
the proper route path called checking data integrity of an RSA
based cryptosystem.

5. In Specifically, a cryptanalyst cyber attacker just removing hash
valve what the sender transmitted towards into the receiver as
the man in the middle attacker, also an attacker modifying the
content of the message with embodying new hash strings into
them. To mitigate this situation HMAC has been introduced,
therefore before injecting the certain message through the one-
way function, at the initially must be included secret key in front
of the content. The key is full hashes independently with
message section to mitigate hash valve modifying attack using
HMAC.
Figure 9: Hash Function with HMAC Illustration.
As a result, the transmitted message is received by the receiver
the destination end of the tunnel, the content of the message is
opened by the receiver. The attached HMAC key is in the in front
of the message, in additionally the same HMAC key must be
exchanged between the receiver and sender through Diffie-
Hellman methodology. But when the cryptanalyst cyber attacker
has changed the message content with new hashes, that because
both sender and receiver are well known their original HMAC
hash key [15]. Finally, they can have identified, the receiver
message was not coming from the original sender and reject it.
J. Proposed OpenVPN Solution and Characteristics
Figure 10: Proposed OpenVPN (SSL-VPN) Solution.
Enhanced Features of OpenVPN (SSL-VPN):
Key Feature Description
Easiness of
Solution
Compared to the other VPN architectures,
it is very extremely easy to configure
OpenVPN connectivity.
Portability
of
Application
OpenVPN Solution and client application
are cross-platform supported including all
of the kind major Operating systems such
as Linux, Unix, BSD, Windows, Mac OS,
Solaris, also supported the higher version
of Linux kernel.
Enhanced
Architecture
The OpenVPN built on client and server
architecture with manageable plugins
which are supporting such as Active
Directory, MySQL, Radius Server, in
additionally supported with embedded
scripting including Perl, Python and bash
shells.
Tunneling
Methods
This solution provides two different
modes to established SSL-VPN tunneling
under TCP and UDP, The Implementer
can use any port number instead of default
ports which can support many firewalls.
Security
Features
The OpenVPN enhanced security mode
by enabling public key infrastructure,
which was processing by OpenSSL to
authenticate peers before begins data
encryption functionaries, also support up
to multi-factor authentications.
Table 2: Enhanced Features
K. Effectiveness of Enhanced OpenVPN Frame Structure
The OpenSSL Behavior ability to differentiated into subsections,
Also, OpenVPN had had to use opensource OpenSSL to involved
on encryption mechanism and the authentication process.
Figure 11: OpenVPN(SSL-VPN) Frame Structure.
On the other hand, the cryptographic operations by OpenVPN
architecture have the wider range of algorithms including
Symmetric algorithms, x.509 based Certificates and HMAC based
Hash function [17].

6. III. CONCLUSION
RSA is a very strong encryption mechanism compared to other
algorithms, The RSA algorithm architecture with public key
cryptography system which allows secured tunnel
intercommunication including Digital signature and it was
protected due to the nature of very difficult factorizing with large
numbers, also most of the experts recently trying to break the
algorithm but it was failed attempts to break RSA, due to strong
factorization techniques, in additionally nobody has been
succeeded.
Therefore, the RSA algorithm bit slower compared with other
cryptographic systems. At the other hand RSA generally used to
securely transmitted, the required keys towards less secured
destination, but by the observation RSA is can categorized as
faster algorithm, but some issues are existing sometimes
potentially damage RSA security mechanism due to timing
attacks and few problems with initial keydistribution situations,
in additionally the Diffie-Hellman algorithm has an ability to
mitigate the mentions issue as well, also the only drawback is
such device implementing RSA had had much more software
and hardware-based devices that can counter either type of
cyber-attacks or eavesdropping attacks.
There is a very major threat to the RSA by the solution of
Riemann hypothesis, but since that Riemann hypothesis did not
prove the ability or not. The current development process of
Riemann hypothesis relatively stagnant concept. However, when
if the Riemann hypothesis were found, then the RSA algorithm
can be brake easily by exposing the prime number of the
algorithm architecture [16]. Since a few years back, some
experts’ mathematicians who recently inventing extended
versions theory and cryptanalysis of RSA algorithm instead of
existing RSA mechanism to face cyber threats will be coming in
future time.
REFERENCES
[1] W.K. Chen, SSL & TLS Essentials. Danvers, Canada: Jhon
Willy & Sons, 2000, pp. 39-40.
[2] S. Thomas. SSL & TLS Essentials. Danvers, Canada: Jhon
Willy & Sons, 2000, pp. 164-165.
[3] OpenVPN LTD, "Does OpenVPN support IPSec or
PPTP," openvpn.net, para. 1, AUG. 28, 2017. [Online].
Available: https://openvpn.net/index.php/open-source/339-
why-SSL-vpn.html. [Accessed: Nov. 10, 2017].
[4] S. Thomas. SSL & TLS Essentials. Danvers, Canada: Jhon
Willy & Sons, 2000, pp. 168-171.
[5] OpenVPN LTD, "Introduction to OpenVPN,"
openvpn.net, para. 8-25, AUG. 28, 2004. [Online]. Available:
https://openvpn.net/papers/openvpn-101.pdf. [Accessed:
Nov. 11, 2017].
[6] Cisco Systems Inc, "Sockets Layer (SSL) VPN Technology
Overview," cisco.com, para. 2-8, March. 31, 2008. [Online].
Available:
https://www.cisco.com/c/dam/en/us/products/collateral/securit
y/ios-sslvpn/IOS_SSL_VPN_TDM_v8-jz-an.pdf. [Accessed:
Nov. 11, 2017].
[7] OpenVPN LTD, "Introduction to OpenVPN," openvpn.net,
para. 1-10, AUG. 28, 2004. [Online]. Available:
https://openvpn.net/papers/openvpn-101.pdf. [Accessed: Nov.
11, 2017].
[8] S. Burnett, and S. Paine, RSA Security’s Official Guide to
Cryptography. Osborne, United States: McGraw-Hill
Companies, 2001, pp. 121-124.
[9] M. Evans, RSA Encryption. Melbourne, Australia: La Trobe
University, 2011, pp. 4-5.
[10] H. Delfs, and H. Knebl, Introduction to Cryptography
Principles and Applications. Nürnberg, Germany: Technische
Hochschule Nürnberg, 2015, pp. 58-60.
[11] S. Burnett, and S. Paine, RSA Security’s Official Guide to
Cryptography. Osborne, United States: McGraw-Hill
Companies, 2001, pp. 121-128.
[12] W. Stalling, Cryptography and Network Security
Principles and Practice. Upper Saddle River, USA: Pearson
Education, 2014, pp. 265.
[13] B. Preneel, Understanding Cryptography. Berlin,
Germany: Springer LTD, 2010, pp. 171-177.
[14] B. Preneel, Understanding Cryptography. Berlin,
Germany: Springer LTD, 2010, pp. 332-336.
[15] W. Stalling, Cryptography and Network Security
Principles and Practice. Upper Saddle River, USA: Pearson
Education, 2014, pp. 369-371.
[16] W. Stalling, Cryptography and Network Security
Principles and Practice. Upper Saddle River, USA: Pearson
Education, 2014, pp. 372.
[17] OSTIF Org, "OpenVPN 2.4.0 Security Assessment,"
ostif.org, para. 7-43, MAY. 10, 2017. [Online]. Available:
https://ostif.org/wp-
content/uploads/2017/05/OpenVPN1.2final.pdf. [Accessed:
Nov. 15, 2017].