Innovative Method for Enhancing Key Generation and Management in the AES-Algorithm

Published Online March 2015 in MECS DOI: 10.5815/ijcnis.2015.04.02

With the development of electronic and optical fiber communication networks, the quantity of information exchanged and the reliance of organizations on these new communication channels has increased dynamically[1][2]. Concurrently, the risks are increased significantly, therefore, many technologies were developed to cope with these threats.

Information security is one of the essential issues in contemporary computer systems and the encryption process is the main issue. Encryption process appeared before the computer system for many years. Caesar and manoa-alphabitc ciphers are a famous example of traditional cipher [3][4]and [5].

As shown in Fig.1, highly progress in information security is linked to computer systems. Nowadays, modern secure communications generally rely on one of two basic cryptographic techniques to ensure the confidentiality and integrity of traffic carried across the network, symmetric and asymmetric mechanisms. In the symmetric cipher a single key for both processes

(encryption/decryption), whereas, two keys instead of one key are used for encryption/decryption process in asymmetric cipher [6, 7].

Fig. 1. Security progress maturity

Consequently, symmetric ciphers are divided into two broad categories stream ciphers and block cipher. In a stream cipher, an encryption /decryption process embraces on a symbol by symbol at a time. However, block cipher groups the plain text as a block (B>1) and encrypting together and recur at a decryption process [8, 9].

Generally, in the symmetric cipher the information is sent as cipher text using an unsecured channel, and a secure channel is used to send the key. However, the secure transfer of encryption keys remains one of the critical problems in modern cryptography [10][11].

This paper discuss one type of strong symmetric block ciphers, it is AES, because AES provides strong encryption (NIST selection), high speed algorithm, low memory costs, easy to implement and secure against many analysis attacks such brute-force, differential and linear attacks [9, 12].

AES algorithm utilizes same key for encryption/decryption process, key length is 128; 192; 256- bits embraces static input data block of 128-bits inception as 4*4 matrix, it’s known state [13], the length of the key determined the number of rounds (Nr) 10; 12;14. Finally, this paper presents a new version of AES by integration between an enhanced version of AES and QKD [for more details about AES see [9]].

The rest of the paper is organized as follows: Section 2 surveys the existing study for AES optimization, Section 3 presents the details of QKD mechanism. Our experimental setup, QAES architecture, and integration methodology are given in Section 4. Section 5 explains the inferences obtained from the results and analysis it. Section 6 presents the conclusion and future works.

• II.    Exising Study

Recently, there are few authors are focused on the enhancing and developing the AES algorithm, because most of AES attackers appeared lately.

For example, Sumalatha et al. [1] design of an Encryptor (128-bits) using AES (128bits) data encryption and 128 bits for a cipher key. Also, the analysis and synthesis processes provided based on VeriloG and Xilinx ISE 14.2 software. This Encryptor bolstered the high secure for ciphering system, however, the fixed S-Box transformation consumes the more memory allocations.

Shaaban et al. [3, 4] develop a powerful algorithm for cryptography, it’s based on AES to generate different sub keys from the original key and using each of one to encrypt single AES round. It is resistant against the analysis attacks such as a brute force attack and others. Moreover, the authors classified the secret keys as real key and PRNG, each one used with special cryptographic mode. However, this algorithm is slower than classical AES, therefore, it is apt to the timing attack.

Leonard W.[25] presents scalable system that combines high speed of modern encryption algorithm with the power of quantum key distribution (QKD) technology which annotated as Cerberis. Cerberis is a system that offers a radically new approach to network security based on a fundamental principle of quantum physic. In this study, the author doesn’t present the complete simulation environment for Cerberis system.

Kazys et al. [2, 16] present a new version of AES by generating random S-Boxes coinciding with every secret key generation. The authors set out in details how to generate random S-Box, key-independent and then computed the ratio of independency for the S-Box elements. The weakness of this study was not debating any type of cryptanalysis attacks.

Sekar et al. [5] propose a new innovative method to enhance the AES algorithm by increasing the key length to 512 bits and thereby the number of rounds is increased in order to provide a stronger encryption method for secure communication. Code optimization is performed, in order to improve the speed of encryption/decryption using the 512 bit AES. This method don’t modify the structure of AES but only increase the number of rounds and so the attacks which need the same key are still serious to this algorithm, at the same time this algorithm increase the processing time which will limit the use of AES in real applications.

Finally, we can conclude that the AES is an efficient modern encryption algorithm. However, it suffers from the key generation, distribution, and management. In order to address these problems, this article presents a new simulator environment which based on integration between QKD and AES-128 algorithm.

• III.    Why QKD?

QKD is a major practical application of quantum information, it is based on laws of physics rather than computation complexity of mathematical problems [18] [19]. Quantum information is stored as the state of atomic or sub-atomic particles usually called quantum bits (qubits). A qubit is an elementary unit of quantum information and many physical realizations of qubits such as an electron, photon, and quantum dot [20][21].

In networks environment, light is routinely used to exchange information in a form of light pulses, typically containing billions of particles of light, called photons. However, a single photon based in QKD. QKD is based on qubits, these qubits are single photon polarized into one of four states (vertical (V), horizontal (H), left(LD) and right diagonal(RD)) selected from one of two basis (rectilinear and diagonal).

Moreover, it uses the BB84 protocol to achieve the secret key generation and management over two basic channels, classical and quantum channel see Fig.2. Quantum channel is used for transmission of quantum key material by means of photons. The other, classical (public) channel carries all message traffic, including the cryptographic protocols, encrypted user traffic [for more details see [22] [23] [24].

Fig.2. QKD components

Finally, Quantum cryptography relies on the laws of quantum mechanics to provide a secure system, while traditional systems rely on the computational difficulty of the encryption methods used to provide a secure system [25]. However, quantum cryptography is not same QKD.

As shown in Fig. 3, Quantum cryptography is more general and comprehensive, because the QKD is responsible for the key generation and key deployment between two communication parties, while quantum cryptography is the process of encrypting files using one of the usual modern encryption algorithms by using the keys generated from QKD.

Fig.3. Quantum cryptography architecture

Fig. 4. QAES round

• IV.    Qaes Architecture

  This section illustrates the AES development steps, as shown in Fig. 5, the experimental environment consists of two machines (sender and receiver). The sender machine utilizes the Core i5 (4.8GHz) with 8GB of RAM with 500GB-HDD, while the receiver machine makes use of Core i3 (2.4GHz) with 2GB of RAM with 300 –HDD. The QKD and AES are programmed using Visual Studio Ultimate 2012 (VC#) based Windows Server 2012 Data Center as operating system.

• A.    QAES Single Round

The QAES developed system incorporates both the QKD and the AES algorithm in order to provide an unconditional security level [25] for any cipher system built on symmetric encryption algorithms. As shown in fig 4, the AES enhanced version exploits the generated key based QKD in the encryption /decryption process. Since the unconditional security depends on the Heisenberg uncertainty principle [19] [20], instead of the complex mathematical model in key generation, more attack resistance is assured and the cipher system is hard to be attacked.

The round key session enjoy the dynamic mechanism, in which the contents of each key session changes consequently in each round with the change of the key generation. Such dynamic mechanism aids in solving the mechanism problems like avoiding the off-line analysis attack, and resistance to the quantum attack.

• B.    Integration Methodology

This section explains the integration between the enhanced AES and the QKD, during the negotiation between the two parties (sender, receiver). The decryption/ encryption process is achieved coinciding with quantum key generation see Fig.5.

To achieve the encryption /decryption process in QAES-128 must be follow the following steps:

• The quantum secret key is generated over the quantum channel using BB84 protocol.

Fig. 5. Integration architecture

• •    The sender and the receiver parties check the online compatibility for the generated secret key.

• •    The sender and the receiver choose the appropriate key length (128; 192; 256 bits) through the classical channels in order to perform the encryption/decryption process.

• •    The two parts deploy the selected final secret key (qk) to the symmetric encryption algorithm (AES).

• •    Encrypt the first block input file ( P₁ -128bits) by the AES stages- using qk1which generate by QKD round1.

E (P 1 ф qk 1 ) = C 1

• •    Encrypt the final block input file by the AES stages-using qk n which generate by QKD round n , where n=Nr=10; 12; 14.

E (Pn ф qkn) =Cn

• •    The decryption process start with the end of the encryption process (inverse methodology).

D (C n ф qk n )=P n

Due to the key availability (KA) associated with QKDs[24], the integration is provided by a sequence of unrelated keys (qk1, qk2,…, qkn) in each round, see Fig. 6, these unrelated keys prevent the attackers from detecting the next key generation. Then, each QAES round, will consider the generated sequence of keys (qk1,qk2,…,qkn) as a sequence of sub keys, which in turn are used in the encryption/decryption process.

Fig. 6. QAES encryption mode

• A.    Analytical analysis of QAES

  In the following analysis, both the AES and QAES techniques have been implemented using several input files sizes: 500kb, 1000kb, 1500kb, 2000kb, and 3500kb.

• 1.    Traditional AES (128; 192; 256) efficiency

• 2.    QAES (128; 192; 256) efficiency

Fig.7 represent the running time of the traditional AES using the local machines described above, the running time is calculated in milliseconds and the input size is taken in kilobytes.

Fig. 7. Running time for classical AES

Based on above figure, there is an inverse proportion relation between the running time and the size of the input file. Such that, the increase of the input file size led to the decrease of the running time. Moreover, the AES is the fastest symmetric technique since it enjoys the scalability based on different hardware, as well as it can be implemented simply. After then, the symmetric techniques can be ordered as DES, 3-DES, RC4, and finally the Blowfish [for more details see [27]].

Fig. 8 represent the running time of the implemented QAES using the local machines described above, the running time is calculated in milliseconds and the Input size is taken in kilobytes.

■ QAES-128 ■ QAES-192 ■ QAES-256

Finally, this methodology can be used with any type of encryption modes such as cipher feedback (CFB) mode, output feedback (OFB) mode, and counter (CTR) mode[9].

V. Results and Analysis

In this section, the time of encryption process and NIST testing algorithms has been implemented, measured and analyzed based QAES and AES. The results indicate that the harder for the hacking process and provide a more secured connection.

Fig. 8. Running time for QAES without key generation time

Comparing the QAES with traditional AES encryption algorithms reflects a higher security level. However, as shown in Eq.1, and Fig 9, this algorithm takes time more than others due to the time required for quantum key generation (time for quantum negotiation and time required for the encryption / decryption process).

Tqenc =Tqkg+ T (Enc (P)) (1)

Where Tqenc = Total encryption based quantum, Tqkg = time for quantum key generation, T (Enc (P)) = time takes by selecting an encryption algorithm, and P=plain file.

Fig. 9. Secret key generation time with various configurations

As showed in Fig. 9, any change in the eavesdropper activity or noise level directly impact on the length of the secret key and the time of generation it. For example, in order to get 200 from 500 qubits are pumped under the impact of noise 0.05 GHz and there is no Eve influence, we need 0.23 milliseconds to generate it. Usually, this time simultaneously grows with the increasing of the noise or Eve influence. However, the practical environment is faster than the simulator environment, due to the light nature [25].

Generally, from the above analysis figures, we conclude that the QAES is a little bit slower than the AES. For example, if we take the sample file 3500 kb, the encryption time for AES is 0.1472 milliseconds, and for QAES is 0.1863 milliseconds (see eq. 1).

Finally, since the QAES follows the same architecture of the AES, the input file size has always changed during encryption process and the details of the processed file remain unchangeable.

• B.    NIST testing

In this subsection, NIST tests algorithms are implemented to evaluate the security rate of developed algorithm (QAES). NIST developed to test the randomness of a binary sequences produced by either h/w or software based cryptographic random or pseudorandom number generators [for more details see [28]].

Fig. 10 shows the main steps for testing the security of QAES algorithm rely on 12-NIST test algorithms. QKD generates qubits streams as a pseudo random number [28], each sires is (28000, 000- bits) and key stream (128-bits).

P-value >0 01 or <0.01 ?

Fig. 10. P-value computation

Now, we applied the QAES to get cipher text and execute NIST tests for each sequence in order to obtain the P-value. After then, compare P-value to 0.01, if p-value less than 0.01 then reject the sequence. The p-value represents the probability of observing the value of the test statistic which is more extreme in the direction of nonrandomness, usually, the results are produces in the isolated text file.

Fig. 11. NIST test for QAES cipher text (12-test)

Regarding to NIST testing algorithms and the P-values are illustrated in Fig 11. , we can conclude that the QAE is secure encryption algorithm.

• VI. Conclusion and Future Works

QAES combines strong high-speed encryption (AES-NIST selected) with quantum key distribution and makes it possible to achieve an unprecedented level of security. These techniques are particularly applicable for high value applications and long term secures data retention requirements.

This paper shows that the QAES development and design do not contradict the security of the AES algorithm, since all the mathematical criteria remain unchanged. The QAES symmetric encryption algorithm has been revealed depending on the integration between the AES and the QKD. The experimental results and the analysis show that the QAES produces more complicated un-breakable keys, hard to be predicted by attackers than the keys generated by the AES. However, the speed of encryption of the QAES is tiny slower (0.409 seconds) than using the AES due to quantum key generation.

The strength of the QAES lies in its ability of generating a high ratio of independence between key rounds. Moreover, depending on NIST tests algorithms, QAES achieves the diffusion- confusion principles, this aids in achieving a more secured environment against most types of cryptanalysis attacks.

In the future, firstly the QAES is going to be implemented and tested using cloud environment, secondly to assure the strength of the QAES, the algebraic and quantum attacks are going to be implemented, and the results are going to be analysed.

Acknowledgment

The authors would like to thank the anonymous reviewers for their valuable comments and suggestions that improved the presentation of this paper.