Multi-shape symmetric encryption mechanism for nongeneric attacks mitigation

Abstract

Static cyphers use static transformations for encryption and decryption. Therefore, the attacker will have some knowledge that can be exploited to construct assaults since the transformations are static. The class of attacks which target a specific cypher design are called Non-Generic Attacks. Whereby, dynamic cyphers can be utilised to mitigate non-generic attacks. Dynamic cyphers aim at mitigating non-generic attacks by changing how the cyphers work according to the value of the encryption key. However, existing dynamic cyphers either degrade the performance or decrease the cypher’s actual security. Hence, this thesis introduces a Multi-Shape Symmetric Encryption Mechanism (MSSEM) which is capable of mitigating non-generic attacks by eliminating the opponents’ leverage of accessing the exact operation details. The base cyphers that have been applied in the proposed MSSEM are the Advanced Encryption Standard (AES) competition finalists, namely Rijndael, Serpent, MARS, Twofish, and RC6. These cyphers satisfy three essential criteria, such as security, performance, and expert input. Moreover, the modes of operation used by the MSSEM are the secure modes suggested by the National Institute of Standards and Technology, namely, Cipher Block Chaining (CBC), Cipher Feedback Mode (CFB), Output Feedback Mode (OFB), and Counter (CTR). For the proposed MSSEM implementation, the sender initially generates a random key using a pseudorandom number generator such as Blum Blum Shub (BBS) or a Linear Congruential Generator (LCG). Subsequently, the sender securely shares the key with the legitimate receiver. Besides that, the proposed MSSEM has an entity called the operation table that includes sixty different cypher suites. Each cypher suite has a specific cypher and mode of operation. During the run-time, one cypher suite is randomly selected from the operation table, and a new key is extracted from the master key with the assistance of SHA-256. The suite, as well as the new key, is allowed to encrypt one message. While each of the messages produces a new key and cypher suite. Thus, no one except communicating parties can access the encryption keys or the cypher suites. Furthermore, the security of MSSEM has been evaluated and mathematically proven to resist known and unknown attacks. As a result, the proposed MSSEM successfully mitigates unknown non-generic attacks by a factor of 2−6. In addition, the proposed MSSEM performance is better than MODEM since MODEM generates 4650 milliseconds to encrypt approximately 1000 bytes, whereas MSSEM needs only 0.14 milliseconds. Finally, a banking system simulation has been tested with the proposed MSSEM in order to secure inbound and outbound system traffic.