ISSN 2278-3091 Rashad J. Rasras et al., International Journal of AdvancedVolume Trends 8, No.6, in Computer November Science – and December Engineering, 2019 8(6), November - December 2019, 3228 - 3235 International Journal of Advanced Trends in Computer Science and Engineering Available Online at http://www.warse.org/IJATCSE/static/pdf/file/ijatcse90862019.pdf https://doi.org/10.30534/ijatcse/2019/ 90862019 Developing new Multilevel security algorithm for data encryption-decryption (MLS_ED) Rashad J. Rasras 1, Ziad Alqadi2, Mutaz Rasmi Abu Sara3, Belal Zahran4 1Department of Computer Engineering, Al-Balqa' Applied University, Jordan, [email protected] 2 Department of Computer Engineering, Al-Balqa' Applied University, Jordan, [email protected] 3Department of Computer Science, Taibah University, Al-Medina, Saudi Arabia, [email protected] 4 Department of Computer Engineering, Al-Balqa' Applied University, Amman, Jordan, [email protected] ABSTRACT Flexibility means the ability of the data encryption- decryption method to use various length of the private key, The desire of secrecy has led people to use data various length of plaintext block, using simple hash functions cryptography for effective and secure data transmission by for key generation [3], ability to change the hash functions. applying advanced methods of cryptography. At the same time Method strength means making the hacking process rival companies have invested a lot of resources to break into impossible or very difficult in order to trusted by any other these encryptions, steal secrets and gain an upper hand. This user, while method efficiency means minimizing the research paper will introduce MLS_ED method of data encryption, decryption times as much as possible. encryption-decryption; this method will be implemented and Encrypted data, also known as ciphertext, appears compared with other existing standard methods of data scrambled or unreadable to a third party person or entity cryptography. The aim of this research paper is to provide the users with flexible, efficient and secure method of data accessing without permission and without knowing the PK and encryption-decryption. the operations used for encryption (see figure 1). Data encryption is a very necessary process [3] for any type Key words: Cryptography, PK, round, secret number, of secret and confidential data such as plaintext [3], [4] digital encryption time, decryption time, speedup. image [5], [6], digital voices [7], [8] and any other type of data. 1. INTRODUCTION Data encryption standard (DES) is one of the simplest methods of data encryption-decryption. Here the data to be Data cryptography means encrypting and decrypting data encrypted is to be divided into 64 data blocks as shown in using a selected tool or method, encrypting the data means figure 2, encryption of a block of the message takes place in 16 destroying the data to make it impossible to be understood or states or rounds as shown in figure 3. From the input key, used by any other unauthorized party [1], [2]. sixteen 48 bit keys are generated, one for each round. In each Standard data encryption-decryption methods perform the round, eight so-called S-boxes are used. These S-boxes are cryptography process using secret private key (see figure 1) fixed in the specification of the standard [9], [10]. Using the S- and applying some mathematical and logical operations, and boxes, groups of six bits are mapped to groups of four bits. The here the availability of strong, trustworthily, efficient, flexible contents of these S-boxes have been determined by the U.S. method of data encryption-decryption is an important building National Security Agency (NSA). The S-boxes appear to be block of people and companies that are more than ever randomly filled, but this is not the case. Recently it has been depending on internet data transmission. discovered that these S-boxes, determined in the 1970s, are resistant against an attack called differential cryptanalysis which was first known in the 1990s. The block of the message is divided into two halves. The right half is expanded from 32 to 48 bits using another fixed table. The result is combined with the sub-key for that round using the XOR operation. Using the S-boxes the 48 resulting bits are then transformed again to 32 bits, which are subsequently permutated again using yet another fixed table. Figure 1: Data encryption-decryption process This by now thoroughly shuffled right half is now combined with the left half using the XOR operation. In the next round, this combination is used as the new left half. 3228 Rashad J. Rasras et al., International Journal of Advanced Trends in Computer Science and Engineering, 8(6), November - December 2019, 3228 - 3235 DES requires a small amount of time for encryption and AES comprises three block ciphers: AES-128, AES-192 decryption, but it is not secure and it can be easily hacked by a and AES-256. Each cipher encrypts and decrypts data in third party person, because the length of the used PK is small blocks of 128 bits using cryptographic keys of 128-, 192- and [11], [13]. 256-bits, respectively as shown in figure 5. Figure 2: DES encryption-decryption Figure 4: AES encryption-decryption Figure 3: DES structure To improve the security level of data encryption- decryption, advanced encryption standard (AES) was proposed and used [10], [11], [12]. AES is a symmetric block cipher chosen by the U.S. Figure 5: AES structure government to protect classified information and is implemented in software and hardware throughout the world The AES encryption algorithm defines a number of to encrypt sensitive data (see figure 4). transformations that are to be performed on data stored in an The National Institute of Standards and Technology array. The first step of the cipher is to put the data into an (NIST) started development of AES in 1997 when it array; after which the cipher transformations are repeated over announced the need for a successor algorithm for the DES, a number of encryption rounds. The number of rounds is which was starting to become vulnerable to brute-force attacks. determined by the key length, with 10 rounds for 128-bit keys, This new, advanced encryption algorithm would be 12 rounds for 192-bit keys and 14 rounds for 256-bit keys. unclassified and had to be "capable of protecting sensitive government information well into the next century," according to the NIST announcement of the process for development of an advanced encryption standard algorithm. It was intended to be easy to implement in hardware and software, as well as in restricted environments, and offer good defenses against Figure 6: LED structure various attack techniques. 3229 Rashad J. Rasras et al., International Journal of Advanced Trends in Computer Science and Engineering, 8(6), November - December 2019, 3228 - 3235 Light encryption device (LED ) is an SPN(Substitution The main features (advantages) of MLS_ED algorithm can Permutation Network) [14] type Light weight block cipher was be summarized in the following: first introduced by Guo et al. in 2011.The step function - The receiver and the sender must agree on the used performed 8 times for the 64 bit key and12 times for the 128- private key, this key has a variable length (64, 128, 256 bit keys. The keys used in LED block cipher may vary from 64 bits or bigger), this key is to be secret and to be used by bits to 128 bits [15]. The LED algorithm block diagram is both the sender and the receiver to generate a work keys shown in Figure 6. The steps during the encryption and (WK1, WK2, …, WK8) by mean of applying a selected decryption process depend on the keys and the S-boxes. hash function, for a 64 bits a plaintext block, we need 4 work keys in the initial transformation, and 4 work keys 2. ALGORITHM DESCRIPTION in the final transformation. The proposed method of data cryptography has the - The receiver and the sender must agree on the used diagram and structure as shown in figures 7 and 8. secret number, this number is used to generate sub-keys For data encryption-decryption MLS_ED method uses the (SK) (4 for each round) by mean of applying another following: selected hash function. - Variable size of plaintext blocks (64, or 128, or 256 - The receiver and the sender must agree on the number of bits). used rounds to encrypt-decrypt data, here each round - Variable size of PK (64, 128, 256, 512 bits). requires 4 SK. - Variable number of rounds (from zero to number - The data to be encrypted is to be divided into equal related to the secret number). blocks, and here the block size may be variable (64, 128, - Variable secret number used to generate sub-keys. 256 bits and may be bigger). - Simple and changeable hash functions. - Each data block must be divided into 8 bits partitions; the number of petitions is equal to the number of generated WK divided by 2. - The algorithm uses two Feisal functions F0 and F1 to implement each round operations, these functions are not fixed, and they are subjected to changes, but the receiver and the sender must use the same functions, such as shown in the equations 1: (1) Figure 7:MLS_ED diagram Encryption phase This phase can be implemented applying the following tasks: - Initialization: In this task the following operation must be performed: Dividing the data into equal blocks. Dividing each block into equal partitions. Selecting PK. Generating WKs from PK. Selecting the secret number. Generating SKs from the secret number. Selecting the number of rounds (from 1 to number of SKs divided by 4). - Initial transformation: From the partitions and work keys generate new partitions X as shown in equation 2: Figure 8: MLS_ED structure 3230 Rashad J.