Proceedings of the International MultiConference of Engineers and Computer Scientists 2018 Vol I IMECS 2018, March 14-16, 2018, Hong Kong An Enhanced Practical Difficulty of One-Time Pad Algorithm Resolving the Key Management and Distribution Problem Abiodun Esther Omolara 1, Aman Jantan 2, Oludare Isaac Abiodun3, Humaira Arshad4 adversaries. Cryptographic encryption schemes prevent a Abstract— Information theory and cryptography recognize third party from understanding the transmitted raw data over 'One-Time Pads' as 'Perfect Secrecy' in theory, however, until the unsecured channel during signal transmission. today, they have remained impractical to use because of its key In this paper, a new method to enhance OTP data encryption management and key distribution problems, particularly in by introducing diffusion into the system and a simple having to generate and send a new key each time you need to randomized form of steganography have been adopted. transmit a message. When a key is used more than once in the One-Time Pad encryption scheme, it becomes vulnerable to a This will completely mask any potential and statistical pattern analysis attack (known-Plaintext attack). For this relationship between the Plaintext and Ciphertext. reason, the same key must not be used more than once.This problem can be resolved by modifying the algorithm and II. PROBLEM DEFINITION enhancing the key so that any statistical relationship between In information theory and cryptography, a term called the plaintext and ciphertext will be completely concealed. The “One-time pad (OTP)” – is an encryption technique methodology employed was a combination of some whereby a key can only be used once as a secret for cryptographic primitives to introduce diffusion into the system message. In this and a simple randomized form of steganography to hide where scheme, a random key that is equal in length to the plaintext the encryption begins. The performance of the proposed message to be encrypted with no repetition is used. The scheme was evaluated against the One-Time Pad when the plaintext character is exclusive-or bitwise with the key, to pads were used more than once and a cryptanalysis was performed on both schemes. The result indicates that the produce Ciphertext output. Mathematically, the one-time enhanced OTP algorithm was suitable to allow the same key pad can be expressed as; for limitless use of encrypting different Plaintext without C = P⊕K, where P = Plaintext, ⊕ = Exclusive-Or, K = revealing any pattern. This will solve the key Key, and C = Ciphertext management/distribution problem of having to send a new key everytime a message is to be transmitted and this allows the The Exclusive-Or is denoted by XOR and represented with One-Time Pad scheme practical and allows the same key the symbol ⊕. Decryption simply involves the same bitwise generated during encryption to be reusable on other Plaintext Exclusive-or operation. The main risk of the scheme lies as many times as desired. with the pad/key used.Over the years this technique has remained impractical to use because of its key management Index Terms— Cryptography, Cipher, Confusion, Diffusion, One-Time Pad, Security, Crib-Dragging, Cryptanalysis and key distribution problems, especially having to generate and send a new key each time one needs to transmit a message. The feasible problem here is that of the new key I. INTRODUCTION that must be sent always alongside with the message because the key itself is long as the message. Also, the redundancy of English languages, along with ASCII HE need to secure messages to keep secrecy has been encoding lends itself to statistical tools that allow for the T realization of these messages (Belakang, 1991) [1]. growing rapidly over the past decades due to increasing This problem exists for a long time probably because the level of education and information among the people and concepts of cryptography often embraces novel concepts lack of trust from the third party who may happen to reveal and technologies that require a test of time in practice unless the content or make use of it for their own advantage. proven unsafe. With the emergence of standard ciphers like Breach of security and mismanagement of confidential data RSA, DES, Triple DES, AES many people decided not to intercepted by unauthorized parties are key problems which bother themselves about ciphers like One-Time Pad even information security tries to resolve. Cryptography is the though it was the only cipher proven to be computationally field of information science that has to do with disguising secured unlike the standard ciphers that are not proven to be message for secure communication in the presence of computationally secured but only believed to be hard to break based on their constructions of using hard Corresponding author: [email protected], [email protected], mathematical problems and based on failure of existing [email protected], [email protected] attempts to cryptanalyze them. Also, the dependency of the [email protected] Universiti Sains Malaysia1,2,3,4, Islamic University pad entropy of OTP is high which makes reusing of the pad of Bahawalpur Pakistan4. This research was partially supported by the Fundamental Research Grant Scheme (FRGS) for ‘‘content-based analysis to be unsafe. Furthermore, the One-Time Pad has framework for better email forensic and cyber investigation’’ bottlenecks in CPU, RAM, disk I/O and key material [203/PKOMP/6711426], SFRG Lab, School of Computer Sciences, USM. consumption. Penang, 11800, Malaysia. ISBN: 978-988-14047-8-7 IMECS 2018 ISSN: 2078-0958 (Print); ISSN: 2078-0966 (Online) Proceedings of the International MultiConference of Engineers and Computer Scientists 2018 Vol I IMECS 2018, March 14-16, 2018, Hong Kong The problem is that to get optimal and perfect secrecy, Key randomness in cryptographic computations generates only a must be truly random, that is a perfect random number. pseudo-random bit string. This combined with the issue of Random number generation is an important primitive in key distribution prevents unconditional or perfect secrecy many cryptographic mechanisms. For example, keys for (Upadhyay, G., & Nene, M. J. 2016) [4]. Key must be used encryption transformations need to be generated in a manner once, any two-time use of key will render ciphertext which is unpredictable to an adversary. Generating a completely unsecured. A known-Plaintext attack is the key random key typically involves the selection of random challenge faced when the key is used more than once. numbers or bit sequences. Random number generation Example: If the same key K is used to send two messages presents challenging issues (Stallings, W. 2011) [2]. C1 and C2; then plaintext P1 and P2 can be recovered by an Perfect secrecy is the notion that, given an encrypted eavesdropper. This is referred to as a known-Plaintext message (or ciphertext) from a perfectly secure encryption attack. This is illustrated as follow: system (or cipher), absolutely nothing will be revealed about the unencrypted message (or plaintext) by the C1 = P1 ⊕ K ciphertext. Perfect Secrecy: Claude Elwood Shannon C2 = P2 ⊕ K (Information- Theoretic, 1916) [3]. Security basic idea was C1 ⊕ C2 = (P1 ⊕ K) ⊕ (P2 ⊕ K) that Ciphertext should provide no “information” about C1 ⊕ C2 = P1 ⊕ P2 Plaintext but have several equivalent formulations: C1 ⊕ C2 = P1, P2 (i) Considered two random variables M and C as an where, independent. (ii) Then observing what values C takes does not C1 = Ciphertext 1, C2 = Ciphertext 2, P1 = Plaintext 1, P2 = Plaintext 2 and K = Key change what one believes the distribution M is (iii) Knowing what is the value of M does not change If the same keys are used to send this two messages via an the distribution of C. open channel and the eavesdropper was able to intercept C1 (iv) The encrypting two different messages m0 and m1 and C2, that is both Ciphertexts, the key K cancels out, then result in the same distribution. he can easily compute the XOR of C1 and C2 and arrive at Perfect security means that for an encryption algorithm if P1, P2. A good pattern analysis or crib dragging (which will there is ciphertext produced that uses it, no information be shown in this paper) will help the eavesdropper reach about the plaintext is provided without knowledge of either or both the Plaintexts. This is a major weak point of the key. If E is a perfectly secure encryption function, for OTP and this is because there is enough redundancy in any fixed message m, there must be, for each ciphertext c, at English and ASCII encoding. least one key k such that C = Ek(m). It has been proved that Cryptology continues to co-evolve with communication and any cipher with the perfect secrecy property must use keys computing technologies. Prior technological breakthroughs, with effectively the same requirements as one-time pad such as the electro-mechanical devices, telegraph, radio, and keys. personal computers compelled cryptography to replace Figure 1 presents a sample of encryption and decryption broken or weak ciphers. Every security expert worries about processes. security problems and tries to find out the secure solution. Because it is a challenging aspect of communications today which touches many spheres including memory space, processing speed, code development and maintenance issues (Miyano, T., & Cho, K. 2016) [5]. Nowadays, memory and processing power are inexpensive and abundant. Capable mathematicians and technologists are highly motivated in their attempts to break encryption; Lock Ciphertext Unlock they are succeeding. They have devised many attacks such as, man-in-the-middle, statistical, side channel attacks, and A many more (Belakang, a L. 1991) [6], for this reason, we Encryption Decryption B must continue to enhance our ciphers and create new ones that can defeat every form of attacks emerging with technology.