DES Based Educational System Chadi Riman, Hicham H. Hallal Fahad Bin Sultan University Tabuk, Saudi Arabia {criman, hhallal}@fbsu.edu.sa

Abstract and to compromise. This was achieved mainly due to We a simple encryption system that uses weaknesses in the cipher itself. DES was built based the main features of the on a of 56 bits. However, only 48 bits where (DES) to be used mainly for educational purposes. effectively used in the F module of each round. On The proposed Educational Data Encryption the other hand, the data block was set at 64 bits. This System (E-DES) is meant to facilitate the process resulted in relatively easier (when almost exponential of teaching and data encryption increases in computation power are factored in) techniques in classrooms. The proposed cipher, attacks on the cipher. which uses the same general Feistel structure, presents some improvements on the existing DES. Ultimately, DES was phased out and replaced by the It uses 1024 bit initial key and 128 bit data block Advanced Encryption Standard (AES) [5] as the size. In addition, the F function itself is modified n standard for data encryption. However, the interest in E-DES, where an AES like substitution is used to the DES itself did not vanish as it had already replace the DES substitution. Consequently, the become an integral part of the data security solutions proposed encryption system provides more security of many industrial organizations. Consequently, the to the plain data by adding more diffusion through focus shifted to reinforce the DES cipher and to the encryption process. In addition, the sizes of the improve its resilience against data block and the round keys ensure a high techniques and against attacks. In [5], Triple DES resilience to information leak (almost similar to was introduced, where the same DES algorithm is AES). applied repetitively on the data blocks to produce more resilient ciphered text. The cost for the Keywords: Cryptography, DES, AES, Data increased security was primarily factored in the Encryption, Decryption, Information Security. speed of execution while the man in the middle attack remained a threat. In [4] Enhanced–DES was 1. Introduction proposed as an improvement on DES, where the Data Security is increasingly occupying more interest difference was in randomizing the generation of the in the research work in both academia and the 56 bit round keys from the initial key. The rest of the industry. The concern to preserve the security cipher design remains intact. This can add to the pyramid; confidentiality, integrity, and diffusion of the ciphered data, but does not add to the authentication, is always present and pauses key security since the 56 bit keys are still generated continuous questions how to improve the existing from the same initial key and they are still somehow techniques for data protection against ongoing correlated. In [6], a hybrid cryptographic algorithm attempts to breach them, and how to develop novel that combines features from both Des and AES to ones that cannot be breached. For decades, produce a more resilient cipher. However, the main encryption has been one of the most reliable methods weakness that hampered DES remains in the used to protect data confidentiality and integrity even proposed hybrid cipher since it uses the same data since the old days of the Romans. Several encryption block and . Meanwhile, some work appeared techniques (ciphers) have been proposed over the recently, where the focus is on improving the AES years following the need to protect more data, to cipher. The work in [1] describes an improved AES reinforce existing techniques against successful that features a modified S-box that can be generated attacks, and to cope with the advances in technology dynamically from the cipher key. This makes the S- that make the development of a cipher that is immune box changing in each round, which adds to the against all types of attacks quite a tricky task. For confusion associated with the ciphered text. the past few decades, the Data Encryption Standard (DES) [5] has been treated as the cipher to breach In this work, we propose a modified version of the zeros, or distinguishable patterns of ones and zeros Data Encryption Standard (DES), which uses an [8]). enlarged initial key and a larger data block. We propose to use a 1024 bit initial key, from which 16 independent 64-bit round keys are derived. The size of the proposed key provides immunity against brute force attacks even with actual computational resources. The 64 bit key are used completely in the rounds (without any omissions), which adds to the resilience within each round. On the other hand, a data block of 128 bits, similar to AES, provides efficient resistance against information leak (256 billion GB of data can be encrypted using a single key while DES ensured 32GB). In addition, we propose to use separate AES like S-boxes for substitution in the F function, which means more independence and diffusion in the production of the ciphered data. Figure 1. Depiction of one round of DES [5]. The remainder of this paper is organized as follows. Section 2 presents an overview of the DES and AES This made it possible for techniques based on encryption techniques. Section 3 describes the differential and [5] to attack the proposed E-DES cipher and details the encryption DES. Moreover, using a brute force key search algorithm. Section 4 describes the decryption seems not so difficult with the computation power algorithm of E-DES. Section 5 presents a discussion levels in recent computer systems. Consequently, the on the efficiency of the E-DES cipher and its Triple DES (3-DES) was introduced to solve the key advantages. Finally, Section 6 concludes the paper problems of DES. In a typical implementation of the and presents potential extensions of this work. 3-DES cipher, the plaintext is encrypted with one key. The resulting cipher text is decrypted with 2. Overview of Encryption Standards another key, and, finally, the resulting text is Introduced in 1977, the Data Encryption Standard encrypted again with the initial key (first key used). (DES) is a symmetric that is based on This implementation of the 3-DES uses two different the Feistel structure with a block size of 64 bits and a keys. However, implementations with three different key size of 64 bits. Despite being compromised, DES keys are also possible. Compared to DES, 3-DES offers a key length of 112 bits. This is an is s till being used to provide data security by many 56 sectors including the American Bankers Association's improvement of 2 combinations over the 56 bit key. and in several security standards like the IP Security Although the problem of short key is solved with 3- Architecture (IPSec) standard [9]. DES uses 16 DES, the problem with of (relatively) non random rounds of a Feistel like encryption method to encrypt key generation remained in 3-DES but with a plain text. A is used to derive 16 keys reduced effect. In addition, 3-DES is almost one third for the successive rounds of encryption from the as fast as DES. original key. The block diagram of one round of DES is shown in Figure 1. The Advanced Encryption Standard (AES), also known as the Rijndael cipher, was introduced in 2000. It uses 128, 192, or 256 bit key for encryption. Although DES uses a 64-bit key; 8 of these bits are 72 136 200 only used for odd parity and do not count in the key This provides improvements of 2 , 2 , and 2 length. The effective key length of DES is 56 bits over the 56 bit DES key, respectively. With longer which means 256 possible different keys. A full 64-bit keys, it became much harder to break the AES. In key has 256 times as many key combinations. In addition, AES compensated another shortcoming of addition to the short key, the DES key schedule does the DES, the block size. AES encrypts blocks of 128 not guarantee random keys for the 16 encryption bits, which means it is more resilient against rounds (The generated keys can be all-ones, all- information leak (caused by repetitive blocks). Using DES, one can encrypt up to 32GB with a single key [7]. On the other hand, AES allows 256 billion 3. The Educational Data Encryption gigabytes to be processed with the same key before System any leak can occur. Moreover, while DES uses the We present E-DES, the Educational Data Encryption Feistel network, where the text block is divided into Standard as an enhancement of DES. The main two halves before going through the encryption steps, changes proposed to implement E-DES include a AES applies a series of substitution and permutation larger key and block size, an improved F function in steps to create the encrypted block. each round, an improved key schedule, and more

complex permutation functions. In addition, the Key proposed cipher uses one of the components from Plain Text AES, the substitution box; thus the name E-DES. In Key expansion this section, we describe E-DES and detail its components. Similar to DES, E-DES relies mainly on the Feistel Add Round Key Round Key 1 Network with 16 rounds, where the first operation is application of the initial permutation of the plaintext. Substitute Bytes Then, each round consists of the sequence: Shift rows 1. The permuted plaintext is split into two halves, Mix Columns left and right. Add round Key Round Key 2 2. Right half text moves to the left without any manipulation, and left half is XORed with the output of a function F that takes round key and right half as inputs. Substitute Bytes Shift rows Finally, after 16 rounds are completed, the inverse initial permutation is applied to the produced text Round Key 10 Add round Key yielding the ciphered text block. This structure is illustrated in Figure 3. Figure 2. Block diagram of the AES cipher.

128-bit plaintext 1024 -bit key The following table [8], shows a summary of the comparison between the DES and the AES ciphers. Initial Permutation 16 Block Shuffle

Table 1: DES vs. AES 128 DES AES K (64) Round 1 1

Key Length 56 bits 128, 192, or 256 128 bits K (64) Round 2 2 Cipher Type Symmetric Symmetric Block (bits) 64 128, 192, or 256 Developed 1977 2000 Security Proven Considered inadequate secure K16 (64) Possible Keys 256 2128, 2192, or 2256 Round 16 128 Time for brute 400 days 5 x 1021 years force key attack Inv. Initial Perm.

128-bit cipher text

Figure3. General Encryption Structure

As mentioned earlier, E-DES uses a larger plain text difference between the proposed S-boxes in E-DES block and initial key sizes. The plaintext block in E- from the use of the S-box in AES is the independence DES is 128 bits and the initial key size is 1024 bits. between the different S-boxes proposed here for each In detail, the initial plaintext is divided into two 64 8 bit blocks. bit blocks, and each block is encoded separately. The cipher consists of 16 rounds: the first round is Each substitution box, which takes 8 bits input and preceded with an initial permutation (IP) and last gives 8 bits output, consists of 16 rows and 16 round is followed by an inverse initial permutation column bytes. The left 4 bits of the input determine (IP-1). The 1024 bit key is divided into 16 separate one row, and the right 4 bits determine one column. sub-keys for the 16 rounds, yielding sub-keys is of The byte intersection of the selected row and column 64 bits each. The 16 keys, which are completely is the output of the substitution. independent, are shuffled using a key permutation function before being distributed to rounds, which adds to the randomness of the sub key generation, Ri-1 (64 bits) Ki (64 bits) thus making the recognition of round keys more difficult. P1 Then, each round i consists of: 1. Dividing text Pi into two halves right Ri and left Li 64 bits 2. Swapping right half input to left half output (Li+1 = Ri), 3. Performing XOR on the left half input with the 64 function F, and sending result to right half 8 Byte Shuffle

output (Ri+1 = Li  F(Ri, Ki)). 8 8 8 8 8 8 8 8

128 bits S1 S2 S3 S4 S5 S6 S7 S8

8 8 8 8 8 8 8 8 64 64 64 Li-1 Ri-1

P2

Ki (64)

F 64 bits

Figure 5: Structure of Function F.

4. Decryption of E-DES Li Ri As in the case of DES, decryption of E-DES is similar to encryption starting with cipher text. After Figure 4: One Round Encryption Structure. Initial Permutation (IP), last round of encryption is Figure 4 shows the general structure of each round in applied to cipher text with the last round key. E-DES. As to the function F, it takes two inputs: the Rounds are visited in reverse order until the first right half input of the text and the round key. F round. Finally, inverse initial permutation is applied, consists of a first permutation P1 on the text (right and plaintext is completely retrieved. This is depicted hand 64 bits of the text). The result is XORed with in Figure 6. the Round Key (also kept at 64 bits). The output is treated as 8 blocks of 1 byte each. The 8 blocks are Each round consists of dividing data into two halves then shuffled and passed through 8 different AES right and left, swapping left half input to right half like substitution boxes (S1 to S8). The results of the output (Ri-1 = Li), then performing XOR on right half 8 Substitution boxes are merged again to 64 bits, and input with a function F, and sending result to right then passed to a second permutation P2, which leads half output (Li-1 = Ri XOR F(Li, Ki)). Figure 7 shows to the final output of the F function. Figure 5 shows each round’s structure. the complete structure of function F. The main 5. Analysis From the security viewpoint, E-DES uses a data block size of 128 bit (16 bytes). This means it allows In this section, we discuss the main advantages of E- 64 DES and its enhancement compared to DES. The 256 billion gigabytes (2 x 16) to be processed with first strong aspect of E-DES is the text block size the same key before any leak can occur. In the case which is 128 bits (64 bits on DES). Second, the of DES, the limit is 32GB. initial key is 1024 bits (56 bits for DES), and the round keys are 64 bits (48 bits effective in DES). 128 bits Third, round keys are derived independently from the 64 64 original key, which is divided into 16 sub keys. The L R sub-keys are then permuted before being used for the i i respective rounds. K (64) i 128-bit cipher text 1024 -bit key F

Initial Permutation 16 Block Shuffle

128

Li-1 Ri-1 K16 (64) Round 16 128 Figure 7: One Round Decryption Structure.

K15 (64) Round 15 6. Conclusion We presented E-DES, the educational data encryption system, which is a modification of the known DES with some improvements. The main features of E-DES are 128 bit data block size, a K1 (64) Round 1 1024 bit initial key, and more random key 128 generation. In addition, E-DES uses an improved F Inv. Initial Perm. function which takes 64 bit data and key blocks and applies AES like substitution boxes.

128-bit plaintext The proposed cipher shows an improvement over Figure 6: Overall decryption structure. DES in two main areas: implementation is more straightforward and security is enforced with larger On the other hand, the function F itself features 8 key and data block sizes. independent one byte substitution boxes similar to AES compared to the 8, 6 to 4 bit, DES S-boxes. In Currently, a software implementation of the addition, 8 byte shuffle (permutation) is performed in encryption algorithm has been completed and will be F before entering into the S-boxes. made available after the implementation of the decryption part is finalized. In terms of implementation of E-DES, the algorithm via software is fairly simple, even simpler than DES, Next, we are planning to produce a hardware especially for the round key generation, which is implementation of the algorithm that can be useful to fairly direct and simple since all sub-keys are make it available in embedded and mobile systems. independent. As is the case in AES implementation, the byte substitution in the S-boxes is fairly simple References too. Finally the decryption algorithm is almost [1] R. Hosseinkhani and H. Haj Seyyed Javadi. identical to the encryption, thus it is of the same Using Cipher Key to Generate Dynamic S- complexity of the encryption algorithm. Box in AES Cipher System, International

Journal of Computer Science and Security (IJCSS), Volume 6 Issue 1, pp. 19-28, 2012. [2] P. Kenekayoro. The data encryption standard thirty four years later: An overview. African Journal of Mathematics and Computer Science Research. Vol. 3(10), pp. 267-269, October 2010. [3] K Ramesh Babu et al, International Journal of Computer Science & Communication Networks,Vol 2(2), 277-283 [4] R. Singh , A. Mishra and D.B. Ojha. An Instinctive Approach For Secure Communication – Enhanced Data Encryption Standard (EHDES), International Journal of Computer Science and Information Technologies, Volume 1 Issue 4, pp. 264-267, 2010. [5] W. Stallings, Cryptography and Network Security, 4th Edition, Pearson Prentice Hall, 2006. ISBN13: 978-0131873162. [6] M. Vishnu et al. Security enhancement of digital motion image transmission using hybrid AES-DES algorithm. 14th Asia-Pacific Conference on Communications, 2008. APCC 2008. PP.1-5. [7] http://www.differencebetween.net/technology/diff erence-between-des-and-aes/ [8] http://www.cisco.com/web/about/ac123/ac147/arc hived_issues/ipj_4-2/goodbye_des.html [9] W. Tuchman, A Brief History of the Data Encryption Standard, Internet besieged: countering cyberspace scofflaws. ACM Press/Addison-Wesley Publishing Co. New York, NY, USA, 1998, pp. 275–280. ISBN:0- 201-30820-7 [10] C. Kaufman, R. Perlman and M. Speciner. Network Security: Private Communication in a Public World, 2nd Edition, Prentice-Hall, 2002. ISBN:0-13-046019-2 [11] C. Connel. An Analysis of NEWDES: A Modified Version of DES. Journal of Cryptologia, Volume 14 issue 3, pp. 217-223, July 1990. [12] Zibideh, W.Y.; Matalgah, Mustafa M. "An optimized encryption framework based on the modified-DES algorithm: A trade-off between security and throughput in wireless channels", Radio and Wireless Symposium (RWS), 2012 IEEE, On page(s): 419 – 422. [13] E. Schaefer. A simplified data encryption algorithm. Cryptologia, 20(1):77–84, 1996.