DES Block Ciphering Based Genetic Biometric Keys

DES Block Ciphering Based Genetic Biometric Keys

Mofreh A. Hogo Electrical Engineering Technology Dept., Benha Higher Institute of Technology, Benha University, Egypt.

{Temporary Address: Information Sys. Dept., Faculty of Information Sys.& Computers Taif University, Taif, Saudi Arabia} Email: [email protected]

ABSTRACT E-business and sensitive Internet applications are growing very fast, so the needs to protect such applications are increased. Encryption algorithms play a main role in security. This work introduces a new key generation technique that can be used for enhancing the design of block cipher encryption algorithms, especially for DES to increase its key space; to be applicable in sensitive applications. This is based on the use of biometric key using the voice of speakers, extracting important features as formants and pitch of the speakers because it is unique for each one; in addition it applies crossover operations of genetic algorithm on biometric key to permute it. Finally it combines between stream ciphering and block ciphering algorithms (encryption of the crossover-biometric key using the RC4). The output Key-Stream bytes from the RC4 is then introduced to the DES algorithm to obtain the target ciphertext. The paper introduces also the idea of generating multi biometric keys by using different crossover operation types based on a specific time-slice. The paper introduces also the different steps for generating the Biometric-Crossover-Stream Key. Moreover the proposed DES provided added complexity due to the generation of new biometric key than normal DES; it is small, and can be neglected if one considers the trade-off between security and the complexity of the algorithm especially for the critical systems. The paper introduces a comparison between the proposed biometric keys and weak and semiweak keys; the biometric generated keys were neither semiweak nor weak keys so the generated keys are possibly acceptable. Key Words: Biometric Key, Genetic Algorithm, Key-Stream, Time-Slice, Formants, Pitch, RC4, DES, 3DES, and Key-Space.

1 INTRODUCTION

Many encryption algorithms are widely available and used in information security. They can be categorized into Symmetric (private or one key) and Asymmetric (public or two keys) encryption. In Symmetric keys encryption or secret key encryption, only one key is used to encrypt and decrypt data. The key should be distributed before transmission between entities. Keys play an important role in the cryptography. If weak key is used in algorithm then everyone may decrypt the data. Strength of Symmetric key encryption depends on the size of key used; algorithm using longer key is harder to break than using smaller key. There are many examples of strong and weak keys of cryptography algorithms like RC2, DES, 3DES, RC6, Blowfish, and AES. RC2 uses one 64-bit key. DES uses one 64-bits key, triple DES (3DES or EDE) uses three 64-bits keys while AES uses various (128,192,256) bits keys. Blowfish uses various (32-448); default

128-bit keys, while RC6 used various (128,192,256) bit keys [1-5]. Asymmetric key encryption or public key encryption is used to solve the problem of key distribution. In Asymmetric keys, two keys are used; private and public keys. Public key is used for encryption and private key is used for decryption (E.g. RSA and Digital Signatures). Because users tend to use two keys: public key, which is known to the public and private key which is known only to the user, there is no need for distributing them prior to transmission. However, public key encryption is based on mathematical functions, computationally intensive and is not very efficient for small mobile devices [1]. Asymmetric encryption techniques are almost 1000 times slower than Symmetric techniques, because they require more computational processing power [2]. DES: (Data Encryption Standard), was the first encryption standard to be recommended by NIST (National Institute of Standards and Technology). DES is (64 bits key size with 64 bits block size); based on Federal Register

Special Issue on Ubiquitous Computing Security Systems

UbiCC Journal – Volume 4 677

mailto:[email protected]

1973, the NBS issued a public request for proposals for a standard cryptographic algorithm with the following criteria: Algorithm must provide a high level of security, completely specified and easy to understand, security of the algorithm must reside in the key; the security should not depend on the secrecy of the algorithm, must be available to all users, adaptable for use in diverse applications, economically implementable in electronic devices, efficient to use, able to be validated, and exportable. Since that time, many attacks and methods recorded the weaknesses of DES, which made it an insecure block cipher [3-5]. The same DES algorithm and key are used for both encryption and decryption (except for minor differences in the key schedule). The key length is 56 bits. (The key is usually expressed as a 64-bit number, but every eighth bit is used for parity checking and is ignored. These parity bits are the least-significant bits of the key bytes.) The key can be any 56-bit number and can be changed at any time. Although it is showing signs of old age, it has held up remarkably well against years of cryptanalysis and is still secure against all but possibly the most powerful of adversaries. A handful of numbers are considered weak keys, but they can easily be avoided; where all security rests within the key. At its simplest level, the algorithm is nothing more than a combination of the two basic techniques of encryption: confusion and diffusion. The fundamental building block of DES is a single combination of these techniques (a substitution followed by a permutation) on the text, based on the key. This is known as a round. DES has 16 rounds; it applies the same combination of techniques on the plaintext block 16 times; the algorithm uses only standard arithmetic and logical operations on numbers of 64 bits at most, so it was easily implemented in late 1970s hardware technology. The repetitive nature of the algorithm makes it ideal for use on a special-purpose chip. Initial software implementations were clumsy, but current implementations are better. 3DES is an enhancement of DES; it is 64 bit block size with 192 bits key size. In this standard the encryption method is similar to the one in the original DES but applied 3 times to increase the encryption level and the average safe time. It is a known fact that 3DES is slower than other block cipher methods [3]. AES is a block cipher having variable key length of 128, 192, or 256 bits; default 256. It encrypts data blocks of 128 bits in 10, 12 and 14 rounds depending on the key size. AES encryption is fast and flexible; it can be implemented on various platforms especially in small devices [6]. AES has been carefully tested for many security applications [3], [7,8]. Performance evaluation of symmetric encryption algorithms is introduced in [9].

The goal of this work is to introduce a novel method for generating biometric keys that satisfy enough large key space and introduce better security performance. The paper introduces a hybridization method for generating the biometric key by the use of biometric voice keys, genetic algorithm operations, and combination between the RC4 and 3DES in order to increase the key space.

The rest of the paper is organized as follows: Section 2 reviews DES and RC4 encryption algorithms. Section 3 introduces the biometric and formants features extraction, selection and preprocessing. Section 4 introduces the Genetic algorithm and the different types of crossover; as well as the comparison with the weak and semiweak keys in DES. Section 5 introduces the design of genetic biometric keys. Section 6 introduces the encryption of the biometric-crossover key using RC4 and the results analysis. Finally section 7 is reserved for the conclusion and the future work. 2 THEORETICAL REVIEW OF THE DES

AND RC4 ALGORITHMS

DES operates on a 64-bit block of plaintext. After an initial permutation, the block is broken into a right half and a left half, each 32 bits long. Then there are 16 rounds of identical operations, called Function f, in which the data are combined with the key. After the sixteenth round, the right and left halves are joined, and a final permutation (the inverse of the initial permutation) finishes off the algorithm. In each round the key bits are shifted, and then 48 bits are selected from the 56 bits of the key, the right half of the data is expanded to 48 bits via an expansion permutation, combined with 48 bits of a shifted and permuted key via an XOR operation and sent through 8 S-boxes producing 32 new bits, and permuted again. These four operations make up Function f. The output of Function f is then combined with the left half via another XOR. The result of these operations becomes the new right half; the old right half becomes the new left half. These operations are repeated 16 times, making 16 rounds of DES. If Bi is the result of the ith iteration, Li and Ri are the left and right halves of Bi, Ki is the 48-bit key for round i, and f is the function that does all the substituting and permuting and XORing with the key, then a round looks like:

Li = Ri-1, and Ri = Li-1 f (Ri-1, Ki).

2.1. Decrypting DES After all the substitutions, permutations, XORs,

and shifting around, on the contrary, the various operations were chosen to produce a very useful property: The same algorithm works for both encryption and decryption. With DES it is possible to use the same function to encrypt or decrypt a block. The only difference is that the keys must be used in



the reverse order. That is, if the encryption keys for each round is K1 K2 K3... K16 then the decryption keys are K16 K15 K14, ..., K1. 2.2. Double Encryption

A simple way of improving the security of a block algorithm is to encrypt a block twice with two different keys. First encrypt a block with the first key, and then encrypt the resulting ciphertext with the second key. Decryption is the reverse process.

C = EK2(EK1(P)) then P=DK1(DK2(C));

the resultant doubly-encrypted ciphertext block should be much harder to break using an exhaustive search. Instead of 2n attempts (where n is the bit length of the key), it would require 22n attempts. If the algorithm is a 64-bit algorithm, the doubly-encrypted ciphertext would require 2128 attempts to find the key.

2.3. Triple Encryption Triple Encryption with Two Keys a better idea, proposed by Tuchman in [10], operates on a block three times with two keys: with the first key, then with the second key, and finally with the first key again. He suggested that the sender first encrypt with the first key, then decrypt with the second key, and finally encrypt with the first key. The receiver decrypts with the first key, then encrypts with the second key, and finally decrypts with the first key. C = EK1(DK2(EK1(P))); P = DK1(EK2(DK1(C))) This is sometimes called encrypt-decrypt-encrypt (EDE) mode [11]. Figure 1 shows the block diagram of the 3DES. If the block algorithm has an n-bit key, then this scheme has a 2n-bit key. The curious encrypt-decrypt-encrypt pattern was designed by IBM to preserve compatibility with conventional implementations of the algorithm: Setting the two keys equal to each other is identical to encrypting once with the key. There is no security inherent in the encrypt-decrypt-encrypt pattern, but this mode has been adopted to improve the DES algorithm in

the X9.17 and ISO 8732 standards [11,12]. K1 and K2 alternate to prevent the meet-in-the-middle attack previously described. If C = EK2(EK1 (EK1(P))), then a cryptanalyst could precompute EK1(EK1(P))) for every possible K1 and then proceed with the attack. It only requires 2n + 2 encryptions. Triple encryption with two keys is not susceptible to the same meet-in-the-middle attack described earlier. But Merkle and Hellman developed another time-memory trade-off that could break this technique in 2n - 1 steps using 2n blocks of memory [13]. For each possible K2, decrypt 0 and store the result in memory. Then, decrypt 0 with each possible K1 to get P. Triple-encrypt P to get C, and then decrypt C with K1. If that decryption is a decryption of 0 with a K2 (stored in memory), the K1 K2 pair is a possible candidate. The earliest standard that defines the algorithm (ANS X9.52, published in 1998) describes it as the "Triple Data Encryption Algorithm (TDEA)" i.e. three operations of the Data Encryption Algorithm specified in ANSI X3.92 and does not use the terms "Triple DES" or "DES" at all. FIPS PUB 46-3 (1999) defines the "Triple Data Encryption Algorithm (TDEA)", but also uses the terms "DES" and "Triple DES". The encryption algorithm is: Ciphertext = EK3(DK2(EK1(plaintext))); i.e., DES encrypt with K1, DES decrypt with K2, then DES encrypt with K3. Decryption is the reverse:

Plaintext = DK1(EK2(DK3(ciphertext)));

i.e., decrypt with K3, encrypt with K2, then decrypt with K1. Each triple encryption encrypts one block of 64 bits of data. In each case the middle operation is the reverse of the first and last. The standards define three keying options [14]: 1. Keying option 1: All three keys are independent

the strongest, with 3 x 56 = 168 independent key bits.

2. Keying option 2: K1 and K2 are independent, and K3 = K1; provides less security, with 2 x 56 = 112 key bits is stronger than simply DES encrypting twice, e.g. with K1 and K2, because it protects against meet-in-the-middle attacks.

3. Keying option 3: All three keys are identical, i.e. K1= K2= K. is no better than DES, with only 56 key bits.

This option provides backward compatibility with DES, because the first and second DES operations simply cancel out. It is no longer recommended by the National Institute of Science and Technology (NIST) and not supported by ISO/IEC 18033-3. In general Triple DES with three independent keys (keying option 1) has a key length of 168 bits (three 56-bit DES keys), but due to the meet-in-the-middle attack the effective security it provides is only 112 bits. Keying option 2, reduces the key size to 112 bits. However, this option is susceptible to certain chosen-plaintext or known-plaintext attacks[15][16]

DES DES-1 DES

Plaintext Ciphertext K1 K2 K1

Ciphertext

Ciphertext

Figure 1: Triple-des block diagram

DES-1 DES DES-1



and thus it is designated by NIST to have only 80 bits of security[17].

2.4. DES/3DES: Applications In general, cryptography is used to protect data

while it is being communicated between two points or while it is stored in a medium vulnerable to physical theft. Communication security provides protection to data by enciphering it at the transmitting point and deciphering it at the receiving point. File security provides protection to data by enciphering it when it is recorded on a storage medium and deciphering it when it is read back from the storage medium. In the first case, the key must be available at the transmitter and receiver simultaneously during communication. In the second case, the key must be maintained and accessible for the duration of the storage period. FIPS 171 provides approved methods for managing the keys used by the algorithms specified in this standard. Applications of 3DES can be found everywhere, where data has to be secured. Data storage and networking are centers of interest; DES/3DES is used for: 1. Virtual Private Networking (VPN): In Secure IP (IPsec)-based implementations, in SSH(secure shell)-based implementations, and in SSH2-based implementations 2. DES/3DES is used for secure extranet protocols, such as Citrix Extranet or European Network Exchange. 3. DES/3DES is used for secure Storage devices, such as Smartcards. A prominent example for the species is “SIM Application Toolkit”. 4. XML encryption to secure E-Government is dealing with DES/3DES. 5. E-commerce payment transactions.

2.5. RC4: Stream Ciphering Algorithm

RC4 encryption is the encryption used in most software applications today (to include HTTPS and SSL), which makes it arguably the most commonly used encryption method in the world. No wonder then, when the architects of wireless network security sat down to design their protocol in 1997, they incorporated RC4 into their design; in the form of WEP (Wired Equivalent Privacy). The RC4 consists mainly of two main steps; the Key-Scheduling Algorithm (KSA) and the Pseudo-Random Generation Algorithm (PRGA) [18]. The ultimate product of the KSA and PRGA is the keystream that is XORed with the plaintext data and CRC combination to produce the encrypted cyphertext ready for transmission. This process begins by creating an array of values (S[ ]) of a length (N) equal to that of the length of the plaintext/CRC combination. This array is initialized by setting the values of each element in the array to be equal to the corresponding index of the element (Ex: S[0]=0, S[1]=1, …, S[N]=N). In its scrambling

phase, for each value i from zero to (N-1), the KSA calculates a value for j by adding (modulo N) the previous value of j, the ith element of S and the ith element of K (the IV prepended to the secret key) modulo l, the length of K. Finally, the values of S[i] and S[j] are swapped. This is repeated for every element in the S array. The final product is an array, S, that is the same length as the plaintext/CRC combination and is scrambled using the secret key as an index offset for each swap. The scrambled S array is then fed into the PRGA and another succession of N swaps occur, however each time these swaps occur, an output value is calculated. These output values (z) are the ultimate keystream bytes that will be used to encrypt the plaintext data. Table 1 shows the c code paraphrasing the operation of the detailed RC4 algorithm.

3 FORMANTS & BIOMETRIC SECURITY

METRIC

A formant is a peak in an acoustic frequency spectrum which results from the resonant frequencies of any acoustic system. It is most commonly invoked in phonetics or acoustics involving the resonance frequencies of the vocal tract or musical instruments [19]. Formants are distinguishing or meaningful frequency components to human speech. A speech sound wave does not actually travel through the vocal tract and out into the air. Rather, the air in the vocal tract behaves like a spring that vibrates back and forth in standing wave. Resonant frequencies match the frequencies of the waves that will fit the tube. The general form for calculating nth formants Fn presented in [20] is:

Fn = (2*N-1) * C /4L;

where: N = resonance number, C = Speed of sound, and L = length of the vocal tract. By definition, the information that humans require to distinguish between vowels can be represented quantitatively by the frequency content of the vowel sounds. The formants with the lowest frequency F1, F2, F3,F4 are enough to disambiguate the vowel. The first two formants, F1, F2 are primarily determined by the position of the tongue F1 has a higher frequency when the tongue is lowered and F2 has higher

Table 1: RC4 algorithm KSA(K) PRGA(K) Initialization: For i = 0 ... N - 1 S[i] = i j = 0 Scrambling: For i = 0 ... N - 1 j = j + S[i] + K[i mod l] Swap(S[i], S[j])

Initialization: i = 0 j = 0 Generation Loop: i = i + 1 j = j + S[i] Swap(S[i], S[j]) Output z = S[S[i] + S[j]]



Figure 2: Wide banded formants of different sounds

F 2(H

Z)

F1(HZ)

frequency when the tongue is forward. Each formant corresponds to a resonance in the vocal tract. Vowels will almost repetitive sound is distinguished by virtue of a very low third formant (below 2000 Hz). have four or more distinguishable formants. Formants move about in a range of approximately 1000 Hz for a male adult. Nasals usually have an additional formant around 2500 Hz. The liquid usually has an extra formant at 1500 Hz, while the Plosives modify the placement of formants in the surrounding vowels. Bilabial sounds cause a lowering of the formants. Alveolar sounds cause less systematic changes in neighboring vowel formants, depending partially on exactly which vowel is present. The time-course of these changes in vowel formant frequencies are referred to as formant transitions [21,22]. Each vowel can be placed on a graph, where F1, F2 are represented on the Figure 2 shows the wide banded formants of different sounds, while Table 2 illustrates the formants frequencies for

typical vowel based ARPABET[23]. The work in [24] presented the use of formants and its arc tan for key generation. 3.1. Experiments For The Proposed Formants

Extraction and Normalization Experiments were done for formants extraction

using the praat software tool to extract the different formants features and analyze the biometric voice key. The steps for extracting the first four formants frequencies and F0 are as following: • Capture the speaker speech, the preprocessing step to extract the following features from the speaker voice : F1: First Formant, F2:Second Formant, F3:Third Formant, F4:Fourth Formant, and Pitch F0. Table 3 shows the results from using praat on different vowels. The results obtained are completely different from each other and distinguishable easily; there is no similarity between them and the differences between them are big enough to discriminate between them as shown in Figure 3. • Convert the selected formants from the decimal values to the corresponding ASCII code. Only 8 digits are selected including both of the integer and the fraction to constitute the 64-bit value (consider the integer digits and complete the 8 digit from the fraction); Tables 4,5 show the results of extracted formants after the conversion to ASCII representation as 64 bits. • The speakers are changed and swapped each time slice, as another security concept in Key generation step. The results from this step are represented by the different fromants frequencies from F1 to F4 and the pitch value F0, as shown in Figures 4,5; the results obtained are completely discriminated. 3.2.To make identification or matching for unknown speaker The following algorithm is implemented: 1. Read a sound file and store it into a vector. 2. Divide the signal in time domain into 10 equal

blocks. Select the block with maximum power content, normalize the selected block.

3. Determine the formants F1 to F4, and F0. 4. Calculate the Euclidean distance between this set

of formants frequencies obtained from the speaker. 5. Calculate the Euclidean distance between the set of

frequencies obtained from the User, and each of the set of frequencies corresponding to the five vowels.

6. The minimum distance criterion is used for decision making to determine the vowel. Figure 6(a) shows the structure of speaker’ identification system; while Figure 6(b) shows the way of matching process; where the minimum distance with database elements identify the speaker exactly.

Table 2: Formant frequencies for typical vowels ARPABET Symbol for

vowel

IPA Symbol

Typical Word F1 F2 F3

IY /i/ Beet 270 2290 3010 IH /I/ Bit 390 1990 2550 EH /ε/ Bet 530 1840 2480 AE /æ/ Bat 660 1720 2410 AH /Λ/ But 520 1190 2390 AA /a/ Hot 730 1090 2440 AO /c/ Bought 570 840 2410 UH /U/ Foot 440 1020 2240 UW /u/ Boot 300 870 2240 ER /з/ bird 490 1350 1690

Table 3: Comparison between two biometric Formants ‘e’ ‘a’ Time_s 0.929601 0.563084 F0_Hz 119.575946 104.500974 F1_Hz 1209.319034 1009.009646 F2_Hz 3161.302028 3448.814559 F3_Hz 5788.546047 4693.620730 F4_Hz 8143.632944 8369.372678



0 500 1000 1500 2000 2500 3000 3500 400010

-9

10-8

10-7

10-6

10-5

10-4

10-3

Resulting Signal

Frequency

3db

Pow

er

0 500 1000 1500 2000 2500 3000 3500 400010

-9

10-8

10-7

10-6

10-5

10-4

10-3

10-2

Resulting Signal

Frequency

3db

Pow

er

Figure 3: Power against the formants frequencies for the two letters 'a', and 'e'

Figure 5: Formant, power, pitch value and spectrum for 'e'

Figure 4: Formant, power, pitch value and spectrum for 'a'



4 GENERATION OF BIOMETRIC KEYS

USING GA (CROSSOVER)

A genetic algorithm (GA) is a search technique used in computing to find exact or approximate solutions to optimization and search problems [25][26]. Genetic algorithms are categorized as global search heuristics. Genetic algorithms are a particular class of evolutionary algorithms (also known as evolutionary computation) that use techniques inspired by evolutionary biology such as inheritance, mutation, selection, and crossover (also called recombination). GA steps are listed below: Choose Initial Population Evaluate Each Individual's Fitness Determine Population's Average Fitness Repeat Select Best-Ranking Individuals To Reproduce Mate Pairs At Random Apply Crossover Operator Apply Mutation Operator Evaluate Each Individual's Fitness Determine Population's Average Fitness Until Terminating Condition (E.G. Until At Least One Individual Has The Desired Fitness Or Enough Generations Have Passed). The complete steps of GA are not needed in this work; just we apply the crossover operations in its various forms. There are many crossover techniques exist for organisms; which use different data structures to store themselves.

• Single point crossover One crossover point is selected, binary string from beginning of chromosome to the crossover point is copied from one parent, and the rest is copied from the second parent. The following example illustrates how this type of crossover works:

11001011+11011111 = 11001111 • Two point crossover

two crossover point are selected, binary string from beginning of chromosome to the first crossover point is copied from one parent, the part from the first to the second crossover point is copied from the second parent and the rest is copied from the first parent.

11001011 + 11011111 = 11011111

• Uniform crossover

bits are randomly copied from the first or from the second parent.

11001011 + 11011101 = 1101111

• Arithmetic crossover some arithmetic operation is performed to make a new offspring.

11001011 + 11011111 = 11001001 (AND) 5 Design of Genetic Biometric Keys

The crossover operations are implemented using c++ to find the different types of crossover operations. The different combinations of F0 to F4 are the inputs and the output samples for each type as following in Tables 6 (a) to (e).

5.1 Crossover Biometric Keys Versus Weak And Semiweak Keys

In cryptography, a weak key is a key; which when used with a specific cipher, makes the cipher behave in some undesirable way. Weak keys usually represent a very small fraction of the overall key space, which usually means that A cipher with no weak keys is said to have a flat, or linear, key space. The block cipher DES has a few specific keys termed "weak keys" and "semi-weak keys". These are keys which cause the encryption mode of DES to act identically to the decryption mode of DES (albeit potentially that of a different key). In operation, the secret 56-bit key is broken up into 16 subkeys according to the DES key schedule; one subkey is used in each of the sixteen DES rounds[27][28].

The weak keys of DES are those which produce sixteen identical subkeys. To ensure that the extracted biometric keys are neither semiweak nor weak keys; and to complete the proposed system correctly; a comparison between Tables 16,17,and 18 is done by a simple matching software. The matching

Decision

Figure 6(a): Voice matching

Features extraction

classifier

Dbase

Figure 6(b): Matching of unknown speaker



between these tables was found to be zero

matches. It means that; the extracted biometric key and the crossover operation done on these keys provide possible or strong keys, thus avoiding the semiweak and weak keys in DES. 6 ENCRYPTION OF THE BIOMETRIC KEY

WITH RC4 AND RESULTS ANALYSIS This step introduces a new combination between two different symmetric cryptography algorithms; the stream cipher (RC4) and the block cipher (DES); to guarantee security and increase the key space. The idea of using RC4 aimed at increasing Key-Space. The approach of applying the RC4 stream cipher is

varying based on time slice; as for each category of the crossover generated key shown in Table 6; and for each Time-Slice Ti the inputs to the RC4 are the plaintext selected from a specific type of crossover operation from Table 6 (i.e., say from Table 6 (a)), and the Key used in RC4 will be selected from another type of crossover operation from Table 6 (i.e., say from Table 6(b)). In the next Time-Slice Ti+1 the inputs to the RC4 will be swapped; as the input will be from Table 6 (b), and the key will be selected from Table 6 (a). The following section introduces an illustrative example of the key-Generation of the crossover biometric formants key using the RC4 .

Table 4: First example of biometric formants

Formants for 'e' ASCII code formants 64-bit binary equivalent key

F0_Hz 119.575946 0011 0001 0011 0001 0011 1001 0011 0101 0011 0111 0011 0101 0011 1001 0011 0100

F1_Hz 1209.319034 0011 0001 0011 0010 0011 0000 0011 1001 0011 0011 0011 0001 0011 1001 0011 0000

F2_Hz 3161.302028 0011 0011 0011 0001 0011 0110 0011 0001 0011 0011 0011 0000 0011 0010 0011 0000

F3_Hz 5788.546047 0011 0101 0011 0111 0011 1000 0011 1000 0011 0101 0011 0100 0011 0110 0011 0000

F4_Hz 8143.632944 0011 1000 0011 1001 0011 1100 0011 0011 0011 0110 0011 0011 0011 0010 0011 1001

Table 5: Second example of biometric formants

Formants for 'a’ ASCII code formants 64-bits equivalent key

F0_Hz 104.500974 0011 0001 0011 0000 0011 0100 0011 0101 0011 0000 0011 0000 0011 1001 0011 0111

F1_Hz 1009.009646 0011 0001 0011 0000 0011 0000 0011 1001 0011 0000 0011 0001 0011 0000 0011 1001

F2_Hz 3448.814559 0011 0011 0011 0100 0011 0100 0011 1000 0011 1000 0011 0001 0011 0100 0011 1001

F3_Hz 4693.620730 0011 0100 0011 0110 0011 1001 0011 0011 0011 0110 0011 0010 0011 0000 0011 0111

F4_Hz 8369.372678 0011 1000 0011 0011 0011 0110 0011 1001 0011 0011 0011 0111 0011 0010 00110110

Table 6: The possible crossover of different keys for speaker 'e' Table 6(a): Single point crossover : 40-24

F0 0011 0001 0011 0001 0011 1001 0011 0101 0011 0111 0011 0101 0011 1001 0011 0100 F1 0011 0001 0011 0000 0011 0000 0011 1001 0011 0000 0011 0001 0011 0000 0011 1001

F0-F1: Key1 0011 0001 0011 0001 0011 1001 0011 0101 0011 0111 0011 0001 0011 0000 0011 1001 F0-F1: ASCII 1 1 9 5 7 1 0 9

F0 0011 0001 0011 0001 0011 1001 0011 0101 0011 0111 0011 0101 0011 1001 0011 0100 F2 0011 0011 0011 0100 0011 0100 0011 1000 0011 1000 0011 0001 0011 0100 0011 1001

F0-F2: Key2 0011 0001 0011 0001 0011 1001 0011 0101 0011 0111 0011 0001 0011 0100 0011 1001 F0-F2: ASCII 1 1 9 5 7 1 4 9

F0 0011 0001 0011 0001 0011 1001 0011 0101 0011 0111 0011 0101 0011 1001 0011 0100 F3 0011 0100 0011 0110 0011 1001 0011 0011 0011 0110 0011 0010 0011 0000 0011 0111

F0-F3: Key3 0011 0001 0011 0001 0011 1001 0011 0101 0011 0111 0011 0010 0011 0000 0011 0111 F0-F3: ASCII 1 1 9 5 7 2 0 7

F0 0011 0001 0011 0001 0011 1001 0011 0101 0011 0111 0011 0101 0011 1001 0011 0100 F4 0011 1000 0011 0011 0011 0110 0011 1001 0011 0011 0011 0111 0011 0010 0011 0110

F0-F4: Key4 0011 0001 0011 0001 0011 1001 0011 0101 0011 0111 0011 0111 0011 0010 0011 0110 F0-F4: ASCII 1 1 9 5 7 7 2 6



Table 6(b):Two point crossover: 16-32-16

F1 0011 0001 0011 0000 0011 0000 0011 1001 0011 0000 0011 0001 0011 0000 0011 1001 F0 0011 0001 0011 0001 0011 1001 0011 0101 0011 0111 0011 0101 0011 1001 0011 0100

F1-F0: Key5 0011 0001 0011 0000 0011 1001 0011 0101 0011 0111 0011 0101 0011 0000 0011 1001 F1-F0: ASCII 1 0 9 5 7 5 0 9

F1 0011 0001 0011 0000 0011 0000 0011 1001 0011 0000 0011 0001 0011 0000 0011 1001 F2 0011 0011 0011 0100 0011 0100 0011 1000 0011 1000 0011 0001 0011 0100 0011 1001

F1-F2: Key6 0011 0001 0011 0000 0011 0100 0011 1000 0011 1000 0011 0001 0011 0000 0011 1001 F1-F2: ASCII 1 0 4 8 8 1 0 9

F1 0011 0001 0011 0000 0011 0000 0011 1001 0011 0000 0011 0001 0011 0000 0011 1001 F3 0011 0100 0011 0110 0011 1001 0011 0011 0011 0110 0011 0010 0011 0000 0011 0111

F1-F3: Key7 0011 0001 0011 0000 0011 1001 0011 0011 0011 0110 0011 0010 0011 0000 0011 1001 F1-F3: ASCII 1 0 9 3 6 2 0 9

F1 0011 0001 0011 0000 0011 0000 0011 1001 0011 0000 0011 0001 0011 0000 0011 1001 F4 0011 1000 0011 0011 0011 0110 0011 1001 0011 0011 0011 0111 0011 0010 0011 0110

F1-F4: Key8 0011 0001 0011 0000 0011 0110 0011 1001 0011 0011 0011 0111 0011 0000 0011 1001 F1-F4: ASCII 1 0 6 9 3 7 0 9

Table 6(d): Uniform crossover: 8-8 F3 0011 0100 0011 0110 0011 1001 0011 0011 0011 0110 0011 0010 0011 0000 0011 0111 F0 0011 0001 0011 0001 0011 1001 0011 0101 0011 0111 0011 0101 0011 1001 0011 0100

F3-F0: Key13 00110001 0011 0110 0011 1001 00110101 0011 0110 0011 0101 0011 1001 00110111 F3-F0: ASCII 1 6 9 5 6 5 9 7

F3 0011 0100 0011 0110 0011 1001 0011 0011 0011 0110 0011 0010 0011 0000 0011 0111 F1 0011 0001 0011 0000 0011 0000 0011 1001 0011 0000 0011 0001 0011 0000 0011 1001

F3-F1: Key14 0011 0100 0011 0000 0011 1001 0011 1001 0011 0110 0011 0001 0011 0000 0011 1001 F3-F1: ASCII 4 0 9 9 6 1 0 9

F3 0011 0100 0011 0110 0011 1001 0011 0011 0011 0110 0011 0010 0011 0000 0011 0111 F2 0011 0011 0011 0100 0011 0100 0011 1000 0011 1000 0011 0001 0011 0100 0011 1001

F3-F2: Key15 0011 0100 0011 0100 0011 1001 0011 1000 0011 0110 0011 0001 0011 0000 0011 1001 F3-F2: ASCII 4 4 9 8 6 1 0 9

F3 0011 0100 0011 0110 0011 1001 0011 0011 0011 0110 0011 0010 0011 0000 0011 0111 F4 0011 1000 0011 0011 0011 0110 0011 1001 0011 0011 0011 0111 0011 0010 0011 0110

F3-F4: Key16 0011 0100 0011 0011 0011 1001 0011 1001 0011 0110 0011 0111 0011 0000 0011 0110 F3-F4: ASCII 4 3 9 9 6 7 0 6

Table 6(c): Uniform crossover: 4-4-8-8-4-4-8-8-4-4-4-4 F2 0011 0011 0011 0100 0011 0100 0011 1000 0011 1000 0011 0001 0011 0100 0011 1001 F0 0011 0001 0011 0001 0011 1001 0011 0101 0011 0111 0011 0101 0011 1001 0011 0100

F2-F0: Key9 00110001 0011 0100 0011 1001 00110101 0011 1000 0011 0101 00111001 00111001 F2-F0: ASCII 1 4 9 5 8 5 9 9

F2 0011 0011 0011 0100 0011 0100 00111000 0011 1000 0011 0001 0011 0100 0011 1001 F1 0011 0001 0011 0000 0011 0000 0011 1001 0011 0000 0011 0001 0011 0000 0011 1001

F2-F1: Key10 00110001 0011 0100 0011 0000 1001 0011 1000 0011 0001 0011 0000 00111001 F2-F1: ASCII 9 4 0 9 8 1 0 9

F2 0011 0011 0011 0100 0011 0100 0011 1000 0011 1000 0011 0001 0011 0100 0011 1001 F3 0011 0100 0011 0110 0011 1001 0011 0011 0011 0110 0011 0010 0011 0000 0011 0111

F2-F3: Key11 0011 0100 0011 0100 0011 1001 00110011 0011 1000 0011 0010 00110000 00111001 F2-F3: ASCII 4 4 9 3 8 2 0 9

F2 0011 0011 0011 0100 0011 0100 0011 1000 0011 1000 0011 0001 0011 0100 0011 1001 F4 0011 1000 0011 0011 0011 0110 0011 1001 0011 0011 0011 0111 0011 0010 0011 0110

F2-F4: Key12 00111000 0011 0100 0011 0110 00111001 0011 1000 0011 0111 00110010 00111001 F2-F4: ASCII 8 4 6 9 8 7 2 9



Table 6(e) :Uniform crossover: 8-8

F4 0011 1000 0011 0011 0011 0110 0011 1001 0011 0011 0011 0111 0011 0010 0011 0110

F0 0011 0001 0011 0001 0011 1001 0011 0101 0011 0111 0011 0101 0011 1001 0011 0100

F4-F0: Key17 0011 1000 0011 0001 0011 0110 0011 0101 0011 0011 0011 0101 0011 0010 0011 0100

F4-F0: ASCII 8 1 6 5 3 5 2 4

F4 0011 1000 0011 0011 0011 0110 0011 1001 0011 0011 0011 0111 0011 0010 0011 0110

F1 0011 0001 0011 0000 0011 0000 0011 1001 0011 0000 0011 0001 0011 0000 0011 1001

F4-F1: Key18 0011 1000 0011 0000 0011 0110 0011 1001 0011 0011 0011 0001 0011 0010 0011 1001

F4-F1: ASCII 8 0 6 9 3 1 2 9

F4-F2 0011 1000 0011 0011 0011 0110 0011 1001 0011 0011 0011 0111 0011 0010 0011 0110

F2 0011 0011 0011 0100 0011 0100 0011 1000 0011 1000 0011 0001 0011 0100 0011 1001

F4-F2: Key19 0011 1000 0011 0100 0011 0110 0011 1000 0011 0011 0011 0001 0011 0010 0011 1001

F4-F2: ASCII 8 4 6 8 3 1 2 9

F4 0011 1000 0011 0011 0011 0110 0011 1001 0011 0011 0011 0111 0011 0010 0011 0110

F3 0011 0100 0011 0110 0011 1001 0011 0011 0011 0110 0011 0010 0011 0000 0011 0111

F4-F3: Key20 0011 1000 0011 0110 0011 0110 0011 0011 0011 0011 0011 0010 0011 0010 0011 0111

F4-F3: ASCII 8 6 6 3 3 2 2 7

Table 7: Encryption of ASCII(crossover) biometric keys using RC4: Example of biometric crossover formants F0-F1 using the F1-F0,F1-F2,F1-F3,F1-F4 keys

Selected Key F1-F0: Key F1-F2: Key F1-F3: Key F1-F4: Key 10957509 10488109 10936209 10693709

F0-F: Key: 111957109 ’ÓIŸnµvQ Ê@_…ÁÕ"_ _ i_«GÚØ S_®__ÙÞ_

Figure 7: Overall structure of the proposed des using biometric keys and genetic algorithms

16-Key blocks

F (R,K)

16-IP & F(R,L)

Ciphertext

Decryption F (L,R)

64-Bit Digitizer Based ASCII Code Conversion

Formants Extraction F1,F2,F3,F4, …and F0

Formants, Selection ,and

Normalize

Formant Interchanging (Crossover Computation)

K1, K2,K3,…….

Time slices generator

Speaker Interchange

RC4 Encryption Algorithm



6.1. The proposed algorithm for generating the new proposed Key works as following:

1. The Inputs to the RC4 are: (a).The constructed crossover-biometric formants

frequencies. For example F0-F1 Table 6(a). (b). The key to encrypt it which is either selected

randomly or selected from other crossover-biometric formants. For example F1-Fo Table 6(b).

2. Apply the RC4 Encryption algorithm to the inputs selected in step 1to generate a keystream bytes. 3. Output from this step is the Key-Stream obtained from the RC4. 4. The Generated output from step 3 acts as input key to be introduced to the DES algorithm.

6.2. Changes in this combination are as following:

• Change the speakers to find other formants each different time slices.

• Change the time slice itself, (the time slice may be period of time or amount of data encrypted(100MB)).

• Change the crossover type operations to construct different Tables similar to Table 6 periodically.

• Change the input to RC4 to be a key and the key to be as input swapping between the inputs and the key introduced to RC4.

• Construct new biometric keys by finding different combinations between the different formants frequencies of speakers.

• Swap between the speakers formants frequencies. The step of encrypting the biometric formants key using the RC4 is shown in Table 7, and Figure 7. Table 7 illustrates the encryption of F0-F1 using different Keys as F1-F0, F1-F2, F1-F3, F1-F4, and the corresponding key-Stream generated. The complexity added to the normal DES will be the time needed to generate the formants frequencies for the speakers, and the crossover operation, and the time needed to encrypt the crossover-biometric formats keys using RC4. The added complexity was the less than n; where n is the number of bytes to be encrypted using DES. In other word the overall Big- O of the proposed DES system will increase slightly; and this increasing compared with the added Key-Space increased is negligible. The proposed decryption DES using the biometric formants will be as the reverse of the encryption in the proposed DES based biometric formants. The overall structure of the new proposed DES is shown in Figure 7. 6.3. The proposed 3DES The proposed 3DES is constructed as same as the proposed DES moreover it is needed to generates 3 biometric keys that can be selected from Table 7; as K1=(’ÓIŸnµvQ), K2= (Ê@_…ÁÕ"_), and K3=(_ i_«GÚØ).

6.4. Sequence Of 3DES encryption CIPHERTEXT = EK3(DK2(EK1(plaintext))); i.e., DES encrypt with K1, DES decrypt with K2, then DES encrypt with K3. 6.5. Decryption Steps Using the Proposed Genetic

Biometric Keys: The decryption is a reverse process of the encryption and can be done as follows: PLAINTEXT = DK1(EK2(DK3(ciphertext))); decrypt with K3, encrypt with K2, then decrypt with K1. 1. Submit the voice of the speaker. 2. Extract the formants frequencies. 3. Construct the equivalent genetic biometric

formants signature. 4. Encrypt the genetic biometric key using RC4. 5. Submit the key to the key generation unit in DES 6. Decrypt the cipher text using the DES. 7 CONCLUSION AND FUTURE WORK

DES is considered to be insecure due to the 56-bit key size being too small (DES keys have been broken in less than 24 hours). TDES are theoretically attacked, ADES is more robust to cryptanalysis.

This work presented a novel contribution in securing the DES algorithm using new techniques for generating biometric formants keys in combination with the genetic algorithm operations as Crossover, and the combination between the two encryption algorithms DES and the RC4 for encrypting the obtained biometric key from the crossover. The work in this paper introduced details for the new proposed DES system, starting from the speakers' voice capturing, formants extraction, and normalization.

The crossover operation done on the biometric keys in different forms ensures that the keys after the crossover were possibly strong keys and avoided the weak and semiweak keys in DES. Applying RC4 for encrypting the biometric key also increased the key-Space for the DES. The complexity of the proposed algorithm may be slightly increased than the traditional one; in the same time the key-space added is too high. The new proposed DES proves its capabilities to be applicable in sensitive information systems; requiring high security.

The proposed DES is claimed to be more secure and robust due to the uniqueness of formants of speaker; who sends the message. Attacking the proposed, requires overcoming multi-layers: speakers, utterances, formants, digitization technique, sequence of crossover and its variant types, the predefined time slices, and the encryption of the keys using RC4, in addition to the core algorithm of DES. The big O of the proposed algorithm is increased due to the added functions and operations; but this increase can be neglected if one considers the trade-off between security and the complexity of the algorithm especially for the critical



systems. Military applications, high category E-commerce, E-banking, and political issues can benefit very much by applying this algorithm.

The future extension of this work will be the implementation of a complete system using the new proposed DES software and hardware device using FPGA. Moreover the introducing of multimodal DES using biometric keys in different forms as formants, fingerprints, and iris as biological and unique keys. As well as the use of the Linear Feedback Shift Registers LFSR in combination with this proposed system for generating the biometric key based voice signature. 8 REFERENCES

[1] Ruangchaijatupon,P.,Krishnamurthy,”Encryptio

n and Power Consumption in Wireless LANs-N,’’ The Third IEEE Workshop on Wireless LANs – September 27-28, 2001- Newton, Massachusetts.

[2] Hardjono, ''Security In Wireless LANS And MANS,'' Artech House Publishers 2005.

[3] W.Stallings, ''Cryptography and Network Security 4th Ed,'' Prentice Hall , 2005,PP. 58-309.

[4] Coppersmith, D. "The Data Encryption Standard (DES) and Its Strength Against Attacks."I BM Journal of Research and Development, May 1994,pp. 243-250.

[5] Bruce Schneier. The Blowfish Encryption Algorithm Retrieved October 25, 2008, http://www.schneier.com/blowfish.html.

[6] K. Naik, D. S.L. Wei, Software Implementation Strategies for Power-Conscious Systems,” Mob-ile Networks and Applications- 6, 291-305, 2001.

[7] Daemen, J., and Rijmen, V. "Rijndael: The Advanced Encryption Standard."D r. Dobb's Journal, March 2001,PP. 137-139.

[8] N. El-Fishawy ,"Quality of Encryption Measurement of Bitmap Images with RC6, MRC6, and Rijndael Block Cipher Algorithms", International Journal of Network Security, , Nov. 2007, PP.241–251.

[9] D. S. Abdul. Elminaam, H. M. Abdul Kader, M. M. Hadhoud, "Performance Evaluation of Symmetric Encryption Algorithms", IJCSNS International Journal of Computer Science and Network Security, VOL.8 No.12, December 2008, pp. 58-64.

[10] K. Van Espen and J. Van Mieghem, “Evaluatie en Implementatie van Authentiserings algorit-men,” graduate thesis, ESAT Laboratorium, Katholieke Universiteit Leuven, 1989.

[11] ANSI X9.17 (Revised), “American National Standard for Financial Institution Key Management (Wholesale),” American Bankers Association, 1985.

[12] ISO DIS 8732, “Banking—Key Management (Wholesale),” Association for Payment Clearing Services, London, Dec 1987.

[13] R.C. Merkle and M. Hellman, “On the Security of Multiple Encryption,”Communications of the ACM, v. 24, n. 7, 1981, pp. 465–467.

[14] http://en.wikipedia.org/wiki/Triple_DES [15] Ralph Merkle, Martin Hellman: "On the Security

of Multiple Encryption", Communications of the ACM, Vol 24, No 7, pp 465–467, July 1981.

[16] Paul van Oorschot, Michael J. Wiener, "A known-plaintext attack on two-key triple encryption", EUROCRYPT'90, LNCS 473, 1990, pp 318–325.

[17] Elaine Barker, William Barker, William Burr, William Polk, and Miles Smid, "Recommendation for Key Management – Part 1: General(Revised), NIST Special Publication 800-57, May, 2006.

[18] D. Hulton, Practical Exploitation of RC4 Weaknesses in WEP Environments, Dachb0den Labs, February 2002.

[19] http://person.sol.lu.se/SidenyWood/prrate/whatform.html, Tutorial, Beginners guide to Praat ,March 2008

[20] Stanely.chen, Ellen Eide and Michaael A. Picheny, "Advanced Speech Recognition, Topics in signal Processing", September, 22, 2005., ELEN E6884.

[21] http://en.wikipedia.org/wiki/Formant, Formant- Wikipedia: the free encyclopedia, 2007.

[22] George Musser, "Forming Formants", Scientific American, National Geographic Channel, October 20, 2007.

[23] D. Coppersmith,"IBM journal of Research and Development; jan/Mar 2000; 44, 1/2 ABI/ C.

[24] Zaki. T. Fayed, "Proposed Biometric key for DES Scheme Applying Formant's Arc-tangents",

[25] Holland, John H (1975), Adaptation in Natural and Artificial Systems, University of Michigan Press, Ann Arbor.

[26] Koza, John (1992), Genetic Programming: On the Programming of Computers by Means of Natural Selection, MIT Press. ISBN 0-262-11170-5.

[27] William Stallings; "cryptography and Network Security; Principles and Practice"; Prentice Hall; 2003.

[28] Bruce Schneier, "Applied Cryptography", John Wiley &Sons, Inc, 2004, ISBN: 471128457.



http://www.schneier.com/blowfish.html

http://en.wikipedia.org/wiki/Triple_DES

http://person.sol.lu.se/SidenyWood/prrate/whatf

http://en.wikipedia.org/wiki/Formant

Documents

DES Block Ciphering Based Genetic Biometric Keys