An efficient Encryption scheme based on Block Cipher

Recent Advances In Telecommunications, Informatics And Educational Technologies
An efficient Encryption scheme based on Block Cipher Algorithms
FATMA SBIAA1,2, MEDIEN ZEGHID2,3, ADEL BAGANNE2, YOUSEF IBRAHIM DARADKEH3,
RACHED TOURKI2
1
Laboratory of Information Science and Technology, Communication and Knowledge (Lab-STICC),
University of South Brittany (Lorient-France)¶
2
Laboratory of Electronics and Microelectronics, Faculty of Sciences, University of Monastir
Monastir, 5019, Tunisia
3
College of Engineering -at Wadi Ad-Dawasir, university salman bin abdulaziz, Wadi Ad-Dawasir,
KSA
[email protected], [email protected]
Abstract: - Encryption algorithms play a main role in information security systems: It is the primary technique
for data and communication security. Many encryption methods have been put forward to satisfy various
applications. From the ancient times, the two fields of cryptology; cryptography and cryptanalysis are
developing side by side. Cryptography studies the design of algorithms for information and communication
security. In the other hand cryptanalysis is concerned with the study of different techniques to search weakness
in the cryptographic algorithms and try to break them. That’s why the developed designs or ciphers should be
secured against any possible attack in an ideal situation, but this is not possible in the practical world. Any
cryptographic primitive can only be tested for all the possible known attacks however it can’t predict the future
attacks that may be based on the weakness of the algorithm itself. Our main goal is to provide solutions for
existing encryption algorithms which necessarily has its advantages and drawbacks. We must satisfy performs
metrics of the application targets and performs metrics of the encryption algorithm. These performs include
security, implementation parameters and hardware performances. Two solutions can be proposed: designing a
new algorithms or adding update functions to existing algorithms. To specify the correct update function we
must know the power of each attack and predict its capacities on the algorithm. The designed algorithm should
keep all the advantages that present the main algorithm while adding solutions to the disadvantages essentially
the security issues.
Key-Words: - Symmetric cryptography, block cipher, AES, Chaos, Hardware performance analysis, Security
analysis, cryptanalysis, attacks, update function, operating modes, update functions.
attack is greater than or equal to exhaustive key
search.
DES was designed with an effective key length
of 56 bits. This standard presented some weaknesses
against differential and linear cryptanalysis. In
addition it is vulnerable to exhaustive search. The
weakest point in DES is the short key. Still, the
existence of new attacks which have less complexity
than the exhaustive key search is perceived as a lack
in security.
DES was considered as "not secure enough".
Still, the DES designers were really good. They did
not know about linear cryptanalysis, which was
discovered by Matsui in 1992, and linear
cryptanalysis is more effective on DES than
differential cryptanalysis, and yet is devilishly
difficult to apply in practice [1].
1 Introduction
The two main characteristics that identify and
differentiate one encryption algorithm from another
are its ability to secure the protected data against
attacks and its speed and efficiency in doing so.
Obviously, the aim is to achieve maximum safety
for a minimum execution time. The goal of modern
cryptography was finding sufficiently complex
algorithms so that the attacker can not decrypt the
ciphertext. However the used functions should not
compromise the hardware performences.
Cryptanalysis is the technique of deriving the
original message from the cipher text without any
prior knowledge of secret key or derivation of key
from the ciphertext. A symmetric key cipher is
assumed secure, if the computation alcapability
required for breaking the cipher by best-known
This work was supported in part by the Deanship of Scientific Research, Salman bin Abdulaziz
University, Saudi Arabia. Project number is 2014/1/863.
ISBN: 978-1-61804-262-0
133
Recent Advances In Telecommunications, Informatics And Educational Technologies
As we said before the structural weaknesses of
DES are its key size, and its short block size:
A variant on DES (3DES) was defined to solve
the key size issue: a 3DES key consists in 168 bits,
and exhaustive search on a 168-bit key is wholly out
of reach of human technology. Differential and
linear cryptanalysis are defeated by 3DES. Yet
3DES still suffers from the block size issues of
DES.
Thus, AES was defined to resist towards
differential and linear cryptanalysis. The design of
the AES benefited from 25 years of insights and
research on DES [2]. Since standardisation it has
been the subject of extensive cryptanalysis research
to improve its robustness [3][4].The strength of any
good encryption algorithm is not enhanced by
holding the design as secret. In fact, a public domain
encryption standard is subject to continuous,
vigilant, expert cryptanalysis [5]. In addition, what
makes a cryptographic primitive secure is the
amount of effort invested in its design. We can not
ignore these efforts and design a completely new
algorithm: Whatever an algorithm (A) is secure
against known attacks, it may have some flaws
against the future attempted attacks. It is much
better to rely on the strengths of this algorithm while
adding some changes that we can call “updates
functions” (B) that will be used to improve the
resistance of the algorithm against the new attacks.
So the new combination (A) will resist against any
new attacks while exploiting the strengths of the old
algorithm (A).
Section 2 presents our main hypothesis. In
section 3 we will study the AES security analysis
and we will present the different operating modes.
Section 4 provides proposition of appropriate
solution for each type of attacks. This section is
divided into 4 subsections. The first presents
solutions for differential power analysis. The second
gives solutions to improve the sensibility to the
initial key. The third subsection discusses how the
chaotic function could add the non linearity to the
generated keys. The fourth subsection presents our
proposition to improve the resistance of a block
cipher to the differential attacks. Finally, the paper
is concluded in section 5.
prevent the attacks of the same type, we can just
study the vulnerabilities that exploits the attacker
then correct them.
Our main goal is to study the advantages and
weakness of block cipher algorithms to provide
appropriate countermeasures. We must therefore
satisfy the compromise between hardware
performances, algorithmic specification and security
performances
for
each
implementation
characteristics. Our work is mainly based on the
following hypothesis:
Each cryptographic algorithm has its advantages
and disadvantages, in order to improve the
performances of the algorithms we can look on the
basic functions that have flaws either to replace
them or to accomplish them using other functions
less expensive but more robust.
Each algorithm can be implemented in different
ways so that the version implemented has its
performances. Therefore it is often possible to make
small modifications to an existing algorithm with a
strong assurance that the resulting encryption
technique is stronger than the original. In the
flowing we detailed this approach.
We define :
IP (Implementation parameters) = {operating
mode, block size, key size, ...}
HP (Hardware Performances) = {Area, speed,
power consumption, ...}
SP (Security Performances) ={ Statistical
analysis, differential analysis, key sensitivity
analysis, key space analysis, …}
For each algorithm A that belongs to a
cryptographic type (symmetric, asymmetric) there
are advantages (A) and limits (A) where advantages
(A) ∈{HP,SP} and limts(A) ∈{HP,SP}. They
depend not only on the algorithm itself but also on
the IP (Implementation Parameters).
2 Proposed approach for correcting
security level of cryptographic
algorithms
Fig.1 Basic constraints of modeling a block cipher
cryptographic algorithm.
The choice of function updates must not be
arbitrarily especially if the target platform and
implementation is fixed. For example, the ECB and
the AES algorithm dedicated user for certain
There are different attacks known for the block
ciphers. Each type of attacks uses the vulnerabilities
of a part or the entire algorithm. Thus in order to
ISBN: 978-1-61804-262-0
134
Recent Advances In Telecommunications, Informatics And Educational Technologies
applications: in effect, the ECB mode may be totally
parallelized because the encryption of a block cipher
is independent of the other. It can withstand
transmission errors. As against, the ECB mode has
no tamper detection. Therefore, it is vulnerable to
active attacks [2].
To correct the low security level, other mode of
operation can be used, but we will lose the
performance offered by the EBC mode. So, we
recommend some modifications to ensure the
compromise between performance mode and the
desired level of security.
for the last round where the MixColumns
tranformation is not included [2].
Five confidentiality modes of operation are
defined to be used with a symmetric key block
cipher algorithm: Electronic Codebook (ECB),
Cipher Block Chaining
(CBC), Cipher Feedback (CFB), Output
Feedback (OFB), and Counter (CTR). These modes
may be used in conjunction with any symmetric key
block cipher algorithm that is approved by a Federal
Information Processing Standard (FIPS). They can
provide data confidentiality but with different
proprieties (table 1).
Fig.2 using update functions (B) to get tradeoff
between HP and SP.
In order to make a tradeoff between HP and SP,
we propose extending the advantages of the ECB
mode and use new cryptographic functions to
enhance the security level and get an efficient
design of AES encryption system.
3 AES Security analysis
In Cryptography, a block cipher is a symmetric key
cipher which operates on fixed-length groups of bits
(termed blocks), with an unvarying transformation.
When encrypting, a block cipher might take n-bit
block of plaintext as input, and outputs the
corresponding n-bit block of cipher text. The exact
transformation is controlled using a second input:
the secret key.
Recently, several important block ciphers are
considered to be broken by the brute force-like
cryptanalysis, with a time complexity faster than
exhaustive key search by going over the entire key
space but performing less than a full encryption for
each possible key [6].
The Advanced Encryption Standard (AES) is the
most popular algorithm used in symmetric key
cryptography due to its performance, flexibility and
security level. AES encrypt data blocks of 128 bits
using symmetric keys 128, 192, or 256. AES
encrypt the data blocks of 128 bits in 10, 12 and 14
round depending on the key size [2].
The algorithm is based on iterations of four
transformations
(AddRoundKey,
SubBytes,
ShiftRows and MixColumns). The number of
iterations (also called rounds) depends on the
selected variant and so on the key length. Each
transformation is performed once by round except
ISBN: 978-1-61804-262-0
ECB
CBC
CFB
OFB
CTR
Security
Low
High
High
High medium
Parallelism
Yes
No
No
No
Yes
Decrypting
Yes
Yes
No
No
No
random access
Yes
No
No
No
Yes
Speed
Yes
No
No
No
Yes
Complexity
No
Yes
Yes
Yes
No
error
propagation
No
Yes
Yes
Yes
No
Implementation
cost
Low
high
High
High
Low
Table 1 Comparison of different operating modes.
The ECB and CTR modes of operation pose
encryption as a massively parallel problem with all
the plaintext blocks being available for simultaneous
encryption without any dependency. However, in
CBC, PCBC and CFB modes, due to the
dependency from the previous block, the encryption
must progress sequentially on a block by block
basis.
Consequently, almost all the results of GPU
based acceleration undertake block cipher
encryption or decryption in Electronic Codebook
(ECB) or Counter (CTR) mode for which the interdependency between data blocks does not exist and
a parallel encryption of blocks of plaintext data is
possible.
In addition the mode CBC requires more
processing time than ECB because of its keychaining nature. However the extra time added is
not significant for many applications, knowing that
CBC is much better than ECB in terms of
protection[7][8].
Since its announcement, AES has been subject to
different attacks. Most of these attacks target the
AES with 128-bit key.
135
Recent Advances In Telecommunications, Informatics And Educational Technologies
To study the security level of the AES algorithm
we implemented it in systemC. Then we realized
security analysis to extract its strengths and
weaknesses. We realized that the AES_128_ECB
presents a good resistance against statistical attacks.
be constant. In addition, we perform some circular
shifts on the S-boxes and the inv-S-Boxes. These
shifts are based on the initial key.
A good encryption scheme should be sensitive to
cipher keys in process of both enciphering and
deciphering.
To evaluate the sensitivity to cipher keys in
process of enciphering, two tests are proposed:
(i) Completely different cipher images should be
produced when slightly different keys are used to
encrypt the same plain image.
(ii) When an image is decrypted, tiny change of
keys can cause the failure of deciphering.
Experimental results and security analysis of the
proposed algorithm show a good resistance against
brute force attack, key sensitivity tests and statistical
crypt analysis [10].
encrypted images (512×512)
Lena Baboon Peppers Barbara
Horizontal
Correlation
Vertical
Correlation
Diagonal
Correlation
Entropy
PSNR
0.0425
0.0406 0.0394
0.0415
0.0392
0.0369 0.0397
0.0360
0.0394
0.0912 0.0348
0.0436
7.9993
9.2211
7.9993 7.9992
9.5386 8.4532
7.9993
9.1596
Table 2 Statistical analysis of AES_128_ECB.
4.3 Non-linearity of generated keys
However it has some weaknesses against some
other analysis. Thus, we proposed for each type of
attack an update function in order to correct the
vulnerability of the algorithm.
4 Proposed update
AES_128_ECB
functions
Chaotic encryption is a new research direction of
cryptography which is characterized by high initialvalue sensitivity and good randomness. It is an
efficient way to deal with the problem of simple
implementation, fast and highly secure encryption
[11].
Our proposed cryptosystem combine two
encryption techniques. Firstly, we present the
chaotic properties and we justify our choice of the
implemented function. The chaos generator is added
in order to generate keys for AES algorithm. The
design is optimized in terms of data throughput and
hardware utilization. Then, the cryptosystem will be
improved through hardware performance analysis
and security analysis.
for
In ECB encryption and decryption, the forward
cipher function is applied directly and independently
to each block of the plaintext and the ciphertext. In
ECB encryption and ECB decryption, multiple
forward cipher functions and inverse cipher
functions can be computed in parallel. However this
mode presents a low security level especially to
differential attacks.
Our proposed schemas are based on two different
ways: the first consists on making some
modification to the algorithm to improve its
properties. The second is combining the basic
algorithm to other cryptographic functions in order
to provide new properties to the new cryptosystem.
Fig. 3 Logistic generator of Key_init.
The schematic block of the implementation
model for the logistic generator is presented in
figure 4.
4.1 Differential power analysis
In order to protect the algorithm against first-order
DPA (differential power analysis) the update
function that can be suggested is to use a Boolean
masking scheme based on one random byte that is
different from one execution to another, also from
one S-box operation to another and from one round
to another [9].
4.2 Sensitivity to the initial key
In order to improve sensitivity to the initial key
some modification can be proposed. First, we can
use it to define the value of the RCON that will not
ISBN: 978-1-61804-262-0
Fig. 4 Schematic block of the logistic generator
(key= 128 bits).
136
Recent Advances In Telecommunications, Informatics And Educational Technologies
H L
The main advantage of the use of a chaotic
Di , j
∑∑
generator is the use of a new key for each data: The
1 si IC1 = IC 2
=i 1 =j 1
avec Di , j 
NPCR
=
=
use of the same key to encrypt the entire image may
H ×L
sin on
0
lead to the appearance of homogeneous (textured)
zones.
1 H L IC1 − IC2
=
UACI
∑∑
H × L=i 1 =j 1
i, j
i, j
28 − 1
×100 0 0
encrypted images
lena (512×512) NPCR % UACI %
0.0061
0.0019
Modified_AES_128_ECB: 99.99
33.13
AES_128_ECB:
Table 3: Values results of NPCR, UACI.
These results prove that our proposition could
improve the resistance of the algorithm to
differential attacks.
We have analyzed, also, the statistical analysis:
we observed the entropy values, the PSNR and the
correlation between Horizontal and vertical adjacent
pixels.
Fig.5 Homogeneous areas disappear by using a
chaotic generator
In addition the non-linearity property of the
chaotic function will add the non linearity to the
generated keys [11][12].
4.4 Differential analysis
To improve its resistance to the differential attacks,
we proposed other version of our cryptosystem: We
added cryptographic function to create dependence
between encrypted blocks.
PSNR
Entropy Corr H
corrV
AES_128_ECB:
9,2211
7,99926
0,0425
0,0392
Modified_AES_128_ECB:
9,2410
7,99928
0,0043
0,0039
Table 4 Values results on statistical analysis
In reality one of the most important property of
the mode ECB is the parallelism. However the
differential attacks are based on the dependence
between treated blocks [13][14]. In the other side
the full parallelism is not practical due to demanded
resources. Thus, we propose to define a compromise
parallelism/security.
Fig.6: Structure of the proposed
Modified_AES_128_ECB.
Generally, an adversary may make a slight change
of the original image and by observing the change
of encryption results he may be able to find out a
meaningful relationship between two ciphered
images and the original image.
To evaluate the resistance of the cryptographic
algorithm against differential attack two tests are
recommended: the NPCR and UACI.
NPCR (Number of Pixels Change Rate)
calculates the change rate of the number of pixels of
ciphered image when we change only one pixel of
plain-image.
UACI (Unified Average Changing Intensity)
measures the average intensity of the differences
between the plain image and ciphered image. In
particular, we have changed one pixel in the plain
test image, and we have used the proposed
cryptosystem to encrypt plain image before and
after changing, then we have computed NPCR and
UACI using Equations (1) and (2).
ISBN: 978-1-61804-262-0
encrypted images
lena (512×512)
3 Conclusion
Since cryptography has became not just limited to
prevent sensitive military information, but one of
the critical components of the security policy of any
organization and considered as an industry standard
for providing information trust, security, electronic
financial transactions and controlling access to
resources; research cannot be stopped to improves
the impact of cryptographic algorithms .
Cryptanalysis try their best to find weakness in the
most known and secure algorithm. That’s why the
most secure algorithms today will not be
confidential enough tomorrow.
Our study is based on the knowledge of different
type of attacks and its principal purpose. Each type
of attack exploits a weakness in the block cipher
algorithm. Therefore we should study the operating
137
Recent Advances In Telecommunications, Informatics And Educational Technologies
principle to propose the appropriate update function.
Us we said before the resistance of the algorithm
depends on the version and the implementation
parameters: Our countermeasures should be
different for each version (operating mode, block
size, round number, key size, etc).
Our final goal is the construction of three
additional libraries: the first contains all the basic
functions of block cipher algorithms; the second
ensures security analysis while the third includes
appropriate Update functions.
[10] Zhaopin Su, Guofu Zhang and Jianguo Jiang,
Multimedia Security: A Survey of Chaos-Based
Encryption Technology, School of Computer
and Information, Hefei University of
Technology China.
[11] S. Behnia, A. Akhshani, H. Mahmodi, A.
Akhavan, M.S. El Naschie, A novel algorithm
for image encryption based on mixture of
chaotic maps, Chaos, Solutions and Fractals
[Article in press], DOI:10.1016/j.chaos, May
2006.
[12] Biham, E. and A. Shamir, Differential
Cryptanalysis of DES-like Cryptosystems,
Advances in Cryptology — CRYPTO '90.
Springer-Verlag, pp.2–21.
[13] Yue Wu, Student Member, IEEE, NPCR and
UACI Randomness Tests for Image
Encryption, Journal of Selected Areas in
Telecommunications (JSAT), April Edition,
2011.
Acknowledgements
We Authors would like to thank Deanship of
Scientific, Salman Bin Abdul Aziz University,
Saudi Arabia for providing financial assistance to do
this research a successful manner.
References:
[1] National Institute of Standards and Technology,
Data Encryption Standard (DES), FIPS PUB 463, October 1999.
[1] National Institute of Standards and Technology
(NIST), Advanced Encryption Standard (AES),
FIPS PUB 197,2001.
[2] A. Biryukov, The Boomerang Attack on 5 and
6-Round Reduced AES, LNCS 3373, Springer,
2005, pp.11-15.
[3] G. Boracchi, L. Breveglieri, A Study on the
Efficiency of Differential Power Analysis on
AES S-Box, Technical Report, DEI Politecnico
di Milano, 2007.
[4] A. Kaminsky, M. Kurdziel, S. Radziszowski
,An Overview of Cryptanalysis Research for
the Advanced Encryption Standard, MILITARY
COMMUNICATIONS CONFERENCE, 2010,
pp. 1310 – 1316.
[5] Daemen, J, Cipher and hash function design
strategies based on linear and differential
cryptanalysis, PhD thesis, K.U.Leuven, 1995.
[6] M. Dworkin, Recommendation for block cipher
modes of operation: methods and techniques,
Gaithersburg: U.S.Doc/NIST,2001.
[7] Q. Li, C. Zhong, K. Zhao, X. Mei and X.-W.
Chu, Implementation and Analysis of AES
Encryption on GPU, The third International
Workshop on Frontier of GPU Computing,
Liverpool, UK, June 2012.
[8] Mazumdar, B, Design for Security of Block
Cipher S-Boxes to Resist Differential Power
Attacks, International Conference on VLSI
Design (VLSID), 2012,pp. 7-11.
[9] Alireza J., Abdolrasoul M, Image Encryption
Using Chaos and Block Cipher, Computer and
Information Science,
ISBN: 978-1-61804-262-0
138

Download Report