Slide 1

INVESTIGATION OF ERROR PROPAGATION EFFECT OF AES AND TO FIND TECHNIQUES AND SOLUTION OF THE PROBLEM

Dr. Bikramjit sarkar

Associate ProfessorDept. of Computer Science and EngineeringTechno India Salt LakeKolkata, India

Email: sarkar.Bikramjit@gmail.com

AbstractThe Rijndael algorithm (Advanced Encryption Standard) suffers from a major limitation owing to error propagation in the encryption process. The salient objective of our research is

To study different schemes for modified redundancy based AES scheme,

To analyze the proposed schemes in terms of speed of encryption /decryption and the level of security offered,

To finally design an error-free AES.

Advance Encryption StandardDue to the several reports of failure of security or key of DES (Data Encryption Standard), The NIST decided to launch in 1997 a new standardization process, known as Advanced Encryption Standard (AES).

The algorithm Rijndael was finally selected to become the AES through an open contest where anyone including even non-American citizen and companies was invited to submit a candidate algorithm and to send public comments on the other proposals.

The algorithm was named after its designers Daemen and Rijmen.

Advance Encryption Standard contd..The replacement has aimed to augment the level of security mainly with higher key size. Besides the higher level of security, AES has aimed to provide higher efficiency and better flexibility by means of encryption at different levels and with different block sizes.

The AES encryption is done at several rounds of iteration. Each round of iteration has different input data and different keys. The input data and the keys of different rounds are all generated from the original source data and the source key respectively. On the basis of this theory the input data and the keys at rounds follow a data path and key path respectively.

Advance Encryption Standard contd..

Error Propagation Effect of AESAES is designed for flexibility and for implementing in both Hardware and software. Due to its low memory requirement, AES suitable for implementation in devices like smart card etc. But the AES algorithm suffers from a major limitation Error Propagation Effect.

An error, if inflicted in any round, propagates through the rest of the rounds and finally results in a large number of errors in the cipher.

Error Propagation Effect of AES contd..The effect of the Error Propagation has been observed through an experiment carried out with the following plain text (128 bits) and the cipher key (128 bits):

Plain text Cipher key

Error Propagation Effect of AES contd..Now a one-bit error is forcibly injected in 8th bit position of the intermediate cipher generated after 1st round and then encrypt it through 9 more rounds of AES encryption. As a consequence, an erroneous cipher is generated at the output as follows:

Erroneous Cipher text Error free Cipher text

Error Propagation Effect of AES contd..In this way, the experiment has been conducted on deliberately injecting one-bit errors after different rounds and consequently a number of erroneous ciphers were generated. Upon decryption of these erroneous ciphers, corresponding plaintexts have been received, which, to a great extent, differ from the actual plain text.

The result found in the above experiment is shown in Table 1.

Error Propagation Effect of AES contd..One-bit Errors injected in 8th bit positions of the intermediate statesNumber of errors in the cipher text after injection of one bit error at intermediate statesNumber of corresponding errors in the plain text after decrypting the erroneous cipherAfter 1st round7167After 2nd round6755After 3rd round5669After 4th round5161After 5th round6973After 6th round6265After 7th round7057After 8th round5370After 9th round6261

Table 1

Available Techniques to fight the Error Propagation Effect of AESthe limitation of error propagation in AES leads to low speed of encryption, more processing overhead and higher complexity, because until and unless error free encryption be achieved the transmission of the cipher will be meaningless.

In order to tackle the error propagation of AES, two techniques have been studied in literatures:

Redundancy Based Technique

Byte Based Parity Technique

Redundancy Based TechniqueThe Redundancy Based Technique needs both the encryption module and decryption module for producing error-free cipher at the transmitter. The output cipher of the encryption module is decrypted by the decryption module. The decrypted output is compared with the plain text to check whether there is any error at all. If they match, the cipher is considered to be error-free. The dual process of encryption and decryption by the technique make the encryption process slow and costly as well. Although this technique is suitable for both software and hardware implementation.

Byte Based Parity TechniqueThe byte based parity technique makes use of parity checking at each byte of plain text to combat error. Yet it has the limitation of not being able to correct all type of error vectors. Also the byte based parity technique is not suitable for software implementation.

Selective AESThe performance of any cryptosystem is measured by two parameters: level of security it provides and speed of encryption and decryption. Selective AES is the process of AES encryption of a fraction of message keeping the remaining portions unencrypted, which increases in the speed of encryption / decryption.

Error Propagation in Selective AESThe Error Propagation Effect has been observed in Selective AES through an experiment conducted with the following 640-bit message and 128-bit key:

Message = ERROR PROPAGATION EFFECT OF AES HAS THROWN A GREAT RESEARCH CHALLENGE BEFORE US.Key = BIKRAMJIT SARKAR

Error Propagation in Selective AES contd.. First the entire message is divided into 5 blocks B1, B2, B3, B4 and B5, each of which is of 128 bits, where,

B1 = ERROR PROPAGATIO,

B2 = N EFFECT OF AES ,

B3 = HAS THROWN A GRE,

B4 = AT RESEARCH CHAL and

B5 = LENGE BEFORE US.

Error Propagation in Selective AES contd.. The AES Encryption process has 10 rounds. And after each round (1st to 9th) one intermediate state is found and after the 10 rounds the final cipher text is generated. So, each block, while being encrypted to generate the final cipher, generates 9 intermediate states.Now after first round, the eighth bit of each intermediate state generated from each block get forcibly infected. The same thing is repeated for each of the blocks after fifth and ninth rounds.

Error Propagation in Selective AES contd.. Now the erroneous ciphers are compared with the error free cipher and accordingly the total number of errors at the output ciphers for each of the cases is found. The average number of errors occurred in the output cipher when a single bit error has occurred in any of the intermediate states generated during the encryption process is also obtained and Table 2 is formed:

Block(s) EncryptedPercentage of SelectionAverage number of errors occurred at the output after the execution of the Encryption ModuleB12045.67B1 & B24088.67B1, B2 & B360133.67B1, B2, B3 & B480176.0B1, B2, B3, B4 & B5100221.33

Table 2

Error Propagation in Selective AES contd.. From Table 2 it is clear that lesser is the percentage of selection, lesser is the number of errors occurred at the output. But the processing speed is inversely proportional to the percentage of selection. So there must be a tread off between the security level and the processing speed since, the level of security is proportional to the percentage of selection.

Redundancy Based Technique redefinedIt is clear that the Redundancy Based Technique requires the comparison of 128 bits since the plain text taken is of 128 bits. Here the proposed algorithm SBM 1.1 proposes to modify the Redundancy Based Technique that will reduce the overhead of comparison to only 8 bits. The algorithm makes use of the Longitudinal Redundancy Check (LRC) code.

Redundancy Based Technique redefined contd..Proposed Algorithm: SBM 1.1Input the plain text P of 128 bitsGenerate an LRC code (8 bits), say L, out of PEncrypt P with AES Encryptor to find the cipher text, say CDecrypt C with AES Decryptor to find PGenerate an LRC code (8 bits), say L, out of PL and L are now compared. If L and L are found to be same, C is considered to be error-free and is transmitted through the channel.

Redundancy Based Technique redefined contd..Block Diagram: SBM 1.1

Redundancy Based Technique redefined contd..Experimental Results:Input Message P (128 bits):42 69 6b 72 61 6d 6a 69 74 20 53 61 72 6b 61 72

LRC code generated from P (Say, L): 0 1 0 1 0 0 0 1

P is encrypted with the following key:

2B 28 AB 09 7E AE F7 CF 15 D2 15 4F 16 A6 88 3C

Redundancy Based Technique redefined contd..Experimental Results:A one-bit error is injected in the 8th bit position of the intermediate cipher generated after 7th round and the encryption process continues through 3 more rounds of AES encryption. As a consequence, an erroneous cipher text is generated at the output as follows:8A 88 3E 2D DC 16 77 90 4D B3 05 3E CA 04 4D 0C

P generated from the above erroneous cipher:B2 C9 A7 34 CF 60 C6 24 75 F5 4B CD 9F 97 3C 62

LRC code generated from P (Say, L): 1 1 1 1 0 1 0 1

Redundancy Based Technique redefined contd..Experimental Results:L and L are finally compared and it is observed that they are not same. This indicates that some error has occurred and the cipher text generated and hence it is useless to transmit.

The proposed approach has minimized the overhead of comparison from 128 pairs of bits to 8 pairs of bits. Although an additional module of LRC generator that has been introduced in our approach causes an extra overhead of the new approach, yet the proposed technique is superior.

A probabilistic approach to tackle Error Propagation Effect of AESThe proposed scheme suggests that the plain text will be encrypted odd number of times, say n, with the same key to produce n number of cipher texts. It is assumed that the probability of occurrence of a single bit error amidst the rounds must not reach 0.5 so that out of n cipher texts at most (n 1)/2 number of cipher texts may be erroneous whereas the least number of error free cipher texts is (n + 1)/2. Majority Rule is then applied over the n number of ciphers and as a result the error free cipher text is achieved.

A probabilistic approach to tackle Error Propagation Effect of AES contd..Proposed Algorithm: SBM 1.2

Input the plain text P of 128 bitsEncrypt P n number of times with AES Encryptor to find ciphers {Ci, i = 1 to n}, n being oddMajority rule is applied over Ci to find the error-free cipher text C which is directly transmitted through the channel.

A probabilistic approach to tackle Error Propagation Effect of AES contd..Block diagram: SBM 1.2

A probabilistic approach to tackle Error Propagation Effect of AES contd..Experimental results:

Input Message P (128 bits):42 69 6b 72 61 6d 6a 69 74 20 53 61 72 6b 61 72

Key K (128 bits):2B 28 AB 09 7E AE F7 CF 15 D2 15 4F 16 A6 88 3C

Error-free Cipher:FC 41 16 48 BE C0 16 A7 FC 5C 3F 43 F4 13 F4 A0

A probabilistic approach to tackle Error Propagation Effect of AES contd..Experimental results:

The Plain text P has been encrypted by the key 5 numbers of time and as per the assumption at most 2 numbers of ciphers texts may be erroneous. The erroneous cipher texts are as follows:

Erroneous cipher text 1:D2 06 F1 26 BE 27 E9 EE FA CF AF 6B 55 25 D6 0D

Erroneous cipher text 2:24 E2 C9 55 1C 30 E0 58 5D D7 3C 64 EA 2F CA F7

A probabilistic approach to tackle Error Propagation Effect of AES contd..Experimental results:

As per the assumption, the rest of the cipher texts (3 numbers) are error free.

The Majority Rule is then applied over the 5 cipher texts and finally the error-free output cipher is generated as follows:FC 41 16 48 BE C0 16 A7 FC 5C 3F 43 F4 13 F4 A0

A probabilistic approach to tackle Error Propagation Effect of AES contd..Experimental results:

As per the assumption, the rest of the cipher texts (3 numbers) are error free.

The Majority Rule is then applied over the 5 cipher texts and finally the error-free output cipher is generated as follows:FC 41 16 48 BE C0 16 A7 FC 5C 3F 43 F4 13 F4 A0

A probabilistic approach to tackle Error Propagation Effect of AES contd..Although in the experiment the plain text has been encrypted 5 times, It can be realized that with the increase in the number (n) of cipher texts, the scheme guarantees reliable communication on its part, even with the occurrence of error with higher probability (0.5 * (1 1/n)); that means that if n increases the tolerance also increases.

A Hybrid Architecture to overcome the Error Propagation Effect of AESThe algorithm SBM 1.3 proposes a hybrid architecture to ward off the Error Propagation Effect of AES. The proposed scheme is the combination of the algorithms SBM 1.1 and SBM 1.2, that makes use of both the Longitudinal Redundancy Check code and the Majority Rule in parallel. The algorithm checks for the effect of error propagation in 2 different paths and finally the error-free cipher text is obtained ensuring a reliable communication.

A Hybrid Architecture to overcome the Error Propagation Effect of AES contd..Proposed algorithm: SBM 1.3

Input the plain text P of 128 bitsGenerate an LRC code (8 bits), say L1, out of PEncrypt P with AES Encryptor to find the cipher text, say CDecrypt C with AES Decryptor to find PGenerate an LRC code (8 bits), say L2, out of PL1 and L2 are now compared. If L1 and L2 are found to be same, C is fed to the comparator.

A Hybrid Architecture to overcome the Error Propagation Effect of AES contd..Proposed algorithm: SBM 1.3

Encrypt P n number of times with AES Encryptor to find ciphers {Ci, i = 1 to n}, n being oddMajority rule is applied over Ci to find the cipher text C which is also fed to the comparator.If C and C are found to be same, say C, it is considered to be error-free and is transmitted through the channel.

A Hybrid Architecture to overcome the Error Propagation Effect of AES contd..Block diagram: SBM 1.3

A Hybrid Architecture to overcome the Error Propagation Effect in Selective AESProposed algorithm: SBM 1.4

Input Key Words for the message of N words. Message is divided into K parts each of k blocks. Each block is of M words.Find the occurrence of any keyword in the blocks, starting with the first block in the first part. If it occurs, encrypt that block using the algorithm SBM 1.3 and all the blocks thereafter in the part.Repeat (1-2) for all parts, j=1 to K. When j=K, the proposed scheme of encryption is complete.

A Hybrid Architecture to overcome the Error Propagation Effect in Selective AESBlock diagram: SBM 1.4

Overall conclusionIn this thesis we have studied the effect in detail. The relative mathematical analysis has been cited in the thesis. Error propagation effect in case of selective AES and its comparison with normal AES has also been studied. In this thesis four algorithms, viz. SBM 1.1, SBM 1.2, SBM 1.3 and SBM 1.4, have been proposed for preventing Error Propagation Effect of AES. The corresponding experimental results have also been provided so as to prove the algorithms to be efficient to overcome the error propagation effect of the Rijndael used as Advanced Encryption Standard.

Future scopeIt is assumed that the probability of occurrence of a single bit error amidst the rounds is maximum 50%. Further research works may be extended to achieve certainty in preventing the Error Propagation Effect of AES algorithm under all circumstances.

When the number of rounds is increased in AES, the complexity of AES encryption and decryption also increases. So, the length of the key may increased to 512 bits in order to increase the number of rounds. Future research may include the above mentioned considerations.

Thank You