A Wrapping Encryption Based on Double Randomness Mechanism

1  Introduction

In recent years, owing to the fast advance of the 5th generation (5G) networks and Internet techniques and the popularity of mobile phones, a wide range of mobile applications were proposed to provide us with a colorful living environment and enrich our daily lives. Also, with the fast development of cloud computing, people frequently send data to a cloud for storage or processing. But data transmitted via wireless channels may be stolen by hackers, conducting severe security problems. This means we need a more secure data transmission environment before the delivered data can be safely protected.

In addition, in the age of big data, the sizes of files transferred between a cloud system and users are often huge, i.e., encryption/decryption speeds should be two of the key issues if we want to deliver them via a 5G network.

At present, Advanced Encryption Standard (AES) as a block cipher mechanism has been popularly employed to secure delivered data. The AES adopts the combinational logic encryption method [1], consequently attracting different kinds of brute-force attacks [2–4]. According to references [5,6], the AES will soon be insecure since it has been partially solved. Thus, a safer block ciphering method is required shortly. In 2016, Huang et al. [7] introduced a random method to encrypt/decrypt messages/files. However, it is not truly random, since Δh is derived from password (PW) only where Δh is the length of an additional character string utilized to hide the beginning point of the ciphertext. The weakness is that Δh may be solved by Brute-force attacks [7]. After that, the same PW will be employed to crack wrapped ciphertext files.

Thus, in this study, a more secure scheme, named “Wrapping Encryption Based on Double Randomness Mechanism (WEBDR for short) is proposed. The WEBDR enhances the security level of block ciphering by wrapping ciphertext with two dynamic data sequences of variable lengths to form a wrapped file, aiming to hide the ciphertext to protect it from being accessed by hackers. The WEBDR uses four types of keys to encrypt data. The first one is called the initial encryption key (IEK), which is generated by integrating a password key (or a channel key) and an initialization vector (IV). The second is a set of sub-keys (SK1~SK5), which is produced by using an accumulated shifting substitution (ASS) function and a Three-dimensional encryption method (3D Encryption). Following that, the WEBDR retrieves current time from its internal clock to produce a key, named the current time key (SKCT), as the third type of key. The fourth is a random encryption key (REK) generated randomly.

Owing to using these four types of keys, even encrypting the same plaintext with the same password, the WEBDR generates different corresponding ciphertext of different lengths and different wrapped ciphertext files. Therefore, it is not easy for hackers to access and then solve the ciphertext. Our previous research results can be seen in reference [7]. The main contributions of this study are listed below:

(1) We adopt the timing-random mechanism to randomly wrap ciphertext. This can effectively prevent hackers from solving the relationship between plaintext and ciphertext even when they have ever collected a huge number of (plaintext/ciphertext) pairs.

(2) Using the encryption method of sequential-logic style, due to adopting a feedback mechanism, the generated subsequent ciphertext blocks will vary according to the contents of previous plaintext blocks. This greatly increases the difficulty of illegal decryption.

(3) The WEBDR in its message encryption (decryption) stage only invokes three exclusive OR (XOR) operations, while the AES calls this operation a total of 176 times for each of its message encryption and decryption processes.

The rest of this article is structured as follows. In Section 2, we briefly describe the related studies of this paper. Section 3 introduces the WEBDR. In Section 4, we analyze the security level of the WEBDR. Simulations and performance of the WEBDR are demonstrated and evaluated in Section 5. Section 6 summarizes this study and overviews our future research.

2  Related Studies and Background

In this section, the AES is first described. Security challenges in cloud systems and their data delivery are also discussed.

2.1 The AES and Its Problems

AES as a standard block cipher technique may have different block/key sizes, i.e., 128, 192, or 256 bits [8]. The corresponding numbers of rounds on the data encryption are 10, 12, and 14, respectively, on a 4 × 4-byte matrix (also called state, denoted by M). The given plaintext block is the initial value.

Giving its 10-round AES encryption as an example. A round has four operations, including SubBytes, ShiftRows, MixColumns, and AddRoundKey. But in the 0th round, i.e., the initial round, only AddRoundKey is executed. The last round performs SubBytes, ShiftRows, and AddRoundKey, skipping the MixColumns. Each of the remaining 9 rounds (rounds 1–9) invokes the mentioned four operations. The SubBytes operation substitutes each byte of the state M with the help of the S-Box; the ShiftRows rotates the last three rows, i.e., rotating the ith row a total of i times, i = 2,3,4; the MixColumns multiplies the columns of M with a polynomial function c(x); the AddRoundKey exclusive ORs (XORs) M with the round sub-key [8].

In 2002, the government of the United States (U.S.) adopted the AES as the security standard since it is the most secure encryption method at that time. However, Diehl [9] analyzed a cache attack on the AES, and [10] presented that a biclique attack has been successfully applied to attack AES [8,11] introduced different types of AES attacks, meaning that the AES will be solved soon, or at least, it is not really secure.

2.2 Data Security and Encryption

Today, cloud and Internet of Things (IoTs) systems are two popular applications in the world. Their data securities are essential before these applications can be successfully applied to the world. Reference [12] defined cloud security as the policies, services, controls, and technologies that prevent cloud data, infrastructure, and applications from threats. 7 challenges are also proposed. Among them, Granular Privilege and Key Management are concerned with privilege and cryptography keys. In reference [13], cloud security refers to a broad set of techniques and control methods used to protect data, applications, and cloud computing infrastructures. Because data archived in a cloud system can be accessed by using multiple client devices, when uploading data to the cloud, for security reasons, we need to consider who may access the data (e.g., the staff of the cloud system), and what applications and what methods will be, respectively, requested and utilized to access the data.

Bordak [14] mentioned that before cloud storage, plain-text data can be encrypted to differentiate the ability to save data from the ability to retrieve it. So, it would be better if the encryption key is securely protected to ensure that only authorized users can decrypt data.

Musa et al. [15] enforced their symmetric key encryption to protect a file locally on the client side before uploading it to the cloud system and the file is decrypted after it is downloaded on the client side using the key produced during encryption. Keys are generated by different algorithms, thus offering better security levels and enhanced system performance for large files.

Reis et al. [16] said that cryptography for cloud applications relies on both client-side and server-side cryptographies. The AES-256 in Cipher Block Chain (CBC) mode is employed to encrypt their healthcare data. Client-side cryptography encrypts data at the user’s device before sending data to the cloud storage, aiming to ensure user-data privacy and security. Server-side encrypts data before storage, i.e., inside the cloud system, for the reason that encrypts data, saves data, and manages keys at the same location. Of course, before these activities, the ciphertext sent by users should be decrypted first.

Banuelos [17] mentioned that users often utilize integers as keys by invoking a pseudo-random number generator or random-number generator. Sometimes, strings comprising numbers and letters are adopted. Also, a longer key is required, because longer keys consume a longer time to crack. The author also presented that SkyFlow, a data privacy vault company, uses a granular method to encryption keys that conveys a master key named a Key Encryption Key (KEK) and Data Encryption Keys (DEKs). Users may use Amazon Web Services Key Management Service (AWS KMS), Skyflow Key Management, or a bring-your-own-key (BYOK) technique to administrate KEK. But their data stored in the company’s vault is still encrypted by using DEKs.

Reference [18] described that an IoT security solution is required for business. Without security, businesses can be vulnerable to hacks and data breaches, making private information exploited and the public which will threaten the reputation and well-being of these corporations/companies.

Schacht et al. [19] evaluated 5 million Open Pretty-Good-Privacy (OpenPGP) keys with the algorithms utilized and internal parameters selected when establishing connections to third-party software. The authors analyzed the properties of keys and the trends of OpenPGP usage in the passing two decades, providing an internal look at OpenPGP and the adoption of public key cryptography. Looking at the details of the keys over time can make us recommend key features that affect real-world use. The analyses of OpenPGP keys give users a way to determine the time duration for changing the default settings of software packets.

Roundy [20] presented that IoT security risks were rising and stated the challenges listed in Verizon Mobile Security Index 2021 for mirroring mobile to the IoT environment. The author proposed a 6-step procedure to better IoT security. The last step is encrypting user and application data, aiming to protect the data from malicious actors. Without cryptography, an organization may face sensitive data leakage, reputational damage, and penalties.

Yang et al. [21] proposed an algorithm by exploiting encrypted packets and modeling network traffic to uncover stepping-stone statements/intrusions. The software tool used is OpenSSH which comprises n paths between Host 0 and Host 1. Each path has its cryptography key under the assumption that Host 0 acts as an intruder, and Host 1 plays the role of a victim. When a path is built, an encryption key is given. Authors claimed that the algorithm demonstrates better performance when detecting intruders’ both-side chaff attacks. However, it is better if the keys can be created with a secure approach.

Nowaczewski et al. [22] predicted that Customer Edge Switching (CES) would be used in 5G networks. They described the CES and explained how it works with Domain Name System (DNS). The possible attack models were also discussed. Currently, DNSs lack encryption/authentication. Hackers can exploit the system through man-in-the-middle attacks. They also extend CES’s implementation to fix this gap by adding DNSCrypt and DNSSEC functionalities. Their experimental results show that most attacks can be effectively detected by the proposed countermeasures. However, it would be better if the details of cryptography can be presented.

2.3 Three Working Models of Data Encryption

For those systems requesting high-security levels for their data transmission, three data transmission modes can be considered. Mode 1 is encrypting files transmitted between a user and a base station (BS) or a cloud with a channel key established to ensure their point-to-point security [23,24]. With mode 2, data is saved in client devices before its delivery, i.e., data is encrypted before transmission [25]. Therefore, a password given by the user is processed to generate a password key with which to encrypt/decrypt data files. Mode 3 adopts Proxy-based encryption methods to secure archived data. For some existing software or applications with no encryption functions, data can be encrypted by proxy servers [26] before transmission. Our opinion is that the WEBDR can enhance the security and performance of modes 1 and 2, particularly for those medium and large-size files.

2.4 Other Related Studies

Chakravarthy et al. [27] proposed a system named digital signature algorithm (DSA) which works together with deep packet inspection (DPI), known as the DSA-DPI model, to detect and prevent Distributed Denial of Service (DDoS) attacks. DDoS is an attack that overloads Central Process Units (CPUs) of the firewall and other network components and/or consumes their network bandwidths. The proposed system also provides preventive warnings on infrastructure before the malware attack. However, this system does not discuss how to protect, e.g., encrypt/decrypt, data itself. Digital signatures are one kind of anomaly-based detection scheme. Often a signature-based approach is required. DPI is often a function of firewalls. However, packet filtering often consumes a longer checking time.

Chiu et al. [28] proposed a network autonomous security system, named Detection and Defense of Denial of Service (DoS)/DDoS on 5G (DDD5G) which analyzes 5G network traffics and determines whether a protected system is under DoS/DDoS attack or not by using Shannon entropy (SE) and/or a mixed model. The latter mixes Shannon entropy and Cumulative Sum Algorithm (CUSUM) to further enhance a system’s security level. Shannon entropy adopts entropy derived from normal traffic at specific time intervals as the threshold and compares it with the entropies of other time intervals, denoted by T, to detect whether there are intrusions and attacks in T or not, while the CUSUM collects traffic and checks to see whether it exceeds the predefined thresholds or not to determine if this system is under attack. Authors claimed that a mixed-mode approach can effectively detect DDoS. However, with the two-stage detection approach, the detection time may be long, i.e., unable to detect attacks in a real-time manner.

Tsai et al. [29] proposed a Two-stage High-efficiency Long Range Wide Area Network (LoRaWAN) encryption key Update Scheme (THUS for short) for changing LoRaWAN’s session keys and root keys in an efficient and secure approach. The THUS comprises two stages, i.e., the Root Key Update (RKU) and the Session Key Update (SKU), and with different update periods, the security levels of RKU and SKU are higher than those of normal LoRaWAN specifications. A modified AES cryptography process is also adopted in the THUS to improve the THUS’s security level. According to the authors’ security analyses, the THUS can effectively protect important parameters in its key update stages, and satisfies the requirements of integrity mutual authentication, and confidentiality. Moreover, The THUS can further resist replay and eavesdropping attacks. However, THUS procedures can only be applied to LoRaWAN since the mechanism is limited to LoRaWAN, i.e., join-server, end-device, and network server. Also, when a sender generates a new D-box, it needs to deliver it (of course, encrypting it) to his/her target site. Otherwise, the target site does not know how to solve the receiving message, thus increasing the processing costs.

Khan et al. [30] stated that traditional authentication protocols are vulnerable in the quantum computing era. Therefore, they presented an authentication protocol according to the lattice technique for public cloud environments to prevent quantum attacks and avoid all known typical attacks. This protocol provably secures the protected systems with the Real-Or-Random (ROR) model. Their simulation results showed that this protocol is lightweight compared with some existing lattice-based authentication protocols. Their comparative analyses also demonstrated that this protocol is quite appropriate to be implemented in quantum-based environments. However, this scheme is developed for authentication, instead of encrypting/decrypting transmitted data.

Khalaf et al. [31] presented that hackers may send malicious inputs to confuse a web application. The purpose is to access or disable the application’s back end. The authors claimed that Cross-site scripting (XSS) and Structured Query Language (SQL) Injection Attacks (SQLIAs) are frequently launched. They then developed an input validation mechanism to check and evaluate for program codes and also developed a script whitelisting interception layer that is a part of the browser’s JavaScript engine. The SQLIA can be detected and the XSS attack is resolved with the approach of input verification and script whitelisting by using pushdown automatons. However, this system only focuses on SQLIA, XSS, and buffer overflow.

Yang et al. [32,33] described that Age-of-information (AoI) as an indicator reflects the freshness of data during the communication stage and Unmanned Aerial Vehicles (UAVs) play very important roles in Mobile Edge Computing Networks (MECN). They tried to solve the Channel Access Attack (CAA) problem of AoI-oriented channel access from game-theory viewpoints. A system model with active probability is first built to acquire a MECN-based AoI indicator under CAA attacks. Next, they proposed the AoI-based channel access optimization problem by using Ordinary Potential Game (OPG). At last, a learning algorithm named Distributed Channel Access Strategy Determination (DCASD) is presented to choose the channel access strategies. The experiments given different parameters to enhance the performance of the algorithm are conducted as compared with some state-of-the-art systems. But the proposed scheme is not applied to encrypt/decrypt data. Further, readers may like to know how attackers access the available channels to intrude on sensor nodes. How to implement the proposed approach with Carrier Sense Multiple Access (CSMA) families? How to work with IEEE 802.11 ax/be? It would be better if authors can deeply describe these.

3  The WEBDR

The WEBDR dynamically hides ciphertext in a wrapped cipher file, aiming to hide the right position of ciphertext. Thus, it is not easy for hackers to collect a huge amount of effective (plaintext, ciphertext) pairs with which to break the system.

3.1 Parameters and Operators

All parameters and operators adopted by the WEBDR are listed and defined below:

A. Parameters

Parameters used are as follows:

1.    IV: initialization vector, which is inputted to a cryptographic primitive by users to provide the initial state of the WEBDR.

2.    PW: the password, comprising 8 to 32 characters, is prepared as one of the inputs by users.

3.    SKPW: the system password key derived from PW.

4.    dsc: dynamically shifting count when shifting data.

5.    SKCH: the system channel key, created for a user and the cloud sever before their communication starts.

6.    SK0: the system zeroth encryption key defined as SK0=SKPW or SK0=SKCH.

7.    IEK: the initial encryption key.

8.    SK1∼SK5: the system sub-keys produced in the system’s initial procedure.

9.    PRS1: pseudo-random sequence 1, as a random string placed at the beginning of a wrapped ciphertext file.

10.   PRS2: pseudo-random sequence 2, as a random string placed at the end of a wrapped ciphertext file.

11.   Δ1l: |PRS1| in bytes. Its usage will be described later.

12.   Δ2l: |PRS2| in bytes. Its usage will be described later.

13.   SKCT: the system time key, produced based on current CPU time, is 128 bits long comprising the following elements: nanosecond/date/hour/minute/second/nanosecond/hour/minute/second.

14.   SKRCT: the reverse key of SKCT, 128 bits long, consists of the following elements: second/minute/hour/nanosecond/second/minute/ hour/date/nanosecond.

15.   REK: Random Encryption Key, which is employed to generate ciphertexts and the length of PRS2.

16.   CREK: the Ciphertext key of REK.

17.   fb0∼fbn: a sequence of internal feedback code.

18.   Plaintext blocks: P1P2…Pj…Pn, where Pj is plaintext block j and |Pj| = 128 bits, 1 ≦ j ≦ n.

19.   Ciphertext blocks: C1C2…Cj…Cn, where Cj is ciphertext block j and |Cj| = 128 bits, 1 ≦ j ≦ n.

B. Operators

The operators employed and their functions are defined as follows:

1.   XOR, denoted by ⨁.

Encrypting plaintext p to ciphertext c with key k, i.e., c=p⨁k.

Decrypting c to p with k, i.e., p=c⨁k.

2.   Binary adder [7]: +2

Encrypting plaintext p to ciphertext c with key k, i.e., c=p+2k, in which we drop the carry generated by the addition of the most significant bit

Decrypting c to p with k, i.e.,

p=c−2k={c−k,if c≥kc+k¯+1,if c<k, in which. −2 is the reverse operation of +2.

3.   Rotate-Equivalence operator: ⊙R

Encrypting plaintext pi to ciphertext ci with key k, i.e.,

ci=pi⊙Rk = piR⊙k, where piR is the key acquired by rotating plaintext pi clockwise h bits where h=|k|/4, i.e., if |k|=128, pi will rotate 32 bits.

Decrypting ci to pi with k, i.e., pi=ci⊙IRk = counterclockwise rotating (ci⊙k) a total of |k|/4 bits.

4.   Three-dimensional operation: the operation encrypting a message by using encryption keys and three fundamental operators [1], i.e., ⨁, +2 and ⊙R.

5.   Modulus operator: mod.

c = p mod n, where n is a positive integer.

6.   Left(PW,n): a function that retrieves n leftmost characters from PW, where n≦|PW| in bytes.

7.   Right(PW,n): a function that accesses n rightmost characters from PW, where n≦|PW| in bytes.

8.   Trunc(RN,t): a function that truncates the rightmost t bytes from the random number key RN.

C. Accumulated shifting substitution

In the AES, the SubBytes is a mapping/substitution operation following the content of a given lookup table, i.e., a substitution box (S-Box). Basically, this mapping is a combinatorial-logic style encryption. The substring X in bytes appears at different locations in the plaintext will produce the same cipher substring S(X), consequently decreasing its security level since the mapping from X to S(X) is fixed, rather than a one-to-many mapping.

Next, the Accumulated Shifting Substitution algorithm (ASS), i.e., Algorithm 1, defined below is a sequential-logic style encryption mechanism which encrypts a plaintext into an irreversible ciphertext. The same substring Xs at different locations of the plaintext will be mapped to different cipher substrings. In other words, this is a one-to-many relationship, aiming to significantly enhance the security level of ciphertext.

3.2 Password Key (SKPW)

In the WEBDR, SKPW is the initial key. Its content significantly affects the security level of the WEBDR. To generate SKPW, we expand PW following three rules:

(1) The original content of PW is preserved;

(2) The code expanded is generated based on the original content of PW;

(3) When the same character repeatedly appears in PW, the expanded codes varies. The algorithm deriving SKPW from PW is shown in Algorithm 2.

3.3 Encryption/Decryption

In the WEBDR, before data encryption, there is an initial process used to generate system sub-keys SK1∼SK5 and Δ1l by using PW or a channel key SKCH, both of which have been enhanced by invoking Algorithm 2. The key length is 128 bits.

A. Initial process

The initial process of the WEBDR is shown below:

1.   A string I, inputted by user, may be PW or SKCH;

2.   If |I| ≠ 16 bytes,

      then {derive SK0 from I by invoking Algorithm 2;}

      else SK0 = I;

3.   Producing a random number RN and let IV= RN;

4.   IEK=SK0⊕IV;

5.   Deriving SK1 from IEK by employing ASS Algorithm, i.e., SK1=ASS(IEK,D−Box);

6.   

SK2=(SK0+2SK1)⊕(SK1⊙RIV);(1)

7.   Deriving SK3 from SK2 by invoking Algorithm 1, i.e., SK3 = ASS(SK2, D-Box);

8.   

SK4=(SK0+2SK3)⊕SK2;(2)

   SK5=(SK1⊙RSK4)+2(SK2⊕IV);(3)

9.   

Producing Δ1l, 3 ≤ Δ1l ≤ 1024 where Δ1l=((SK0+2SK5)⊕(SK1⊙RSK4)⊕

(SK2+2SK3))mod1022+3;(4)

B. Message encryption

Message encryption has four steps:

Step 1: Producing REK and CREK

1.    Producing the 0th random encryption key REK0;

2.    Fetching CPU time with which to produce current time key SKCT and SKRCT, i.e., the reverse key of SKCT;

3.    Yielding the random encryption key REK,

   REK=(REK0+2SKCT)⊕(REK0⊙RSKRCT);(5)

4.    Encrypting REK to generate CREK where

   CREK=((REK+2SK1)⊙RSK4)⊕((SK2⊕SK3)+2SK5);(6)

Step 2: Producing ciphertext and Δ2l

1.   Let P1P2P3…Pn be plaintext, and let C1C2C3…Cn be the corresponding ciphertext, where |Pj| = |Cj| is 128 bits long, 1≤j≤n;

2.   C0=SK3;

      fb0 = SK4;

3.   For plaintext block Pi, 1≤i≤n;

   fbi=(Pi⊙Rfbi−1)+2((Ci−1⊕SK5)+2fbi−1);(7)

      Cii=((Pi⊙Rfbi−1)+2(REK⊕fbi−1))⊕((Ci−1⊕SK5)+2fbi−1);(8)

4.   

Δ2l=((SK2+2REK)⊙RSK5+2(SK4⊕REK))mod1022+3;(9)

Step 3: Yielding PRS1 and PRS2

1.   Yielding a random encryption key REK1;

2.   Fetching CPU time with which to produce a system current time key SKCT1;

3.   RN(0)=REK1⊕SKCT1;

      t(0) = REK1;

      n1=⌈Δ1l/16⌉; /*ceiling function*/

      n2=⌈Δ2l/16⌉;

      Δ1=16n1−Δ11;

      Δ2=16n2−Δ2l;

4.   For i = 1 to n1+ n2

      {RN(i)=(RN(i−1)+2t(i−1))⊕(t(i−1)+2SKCT1);

      t(i)=RN(i−1)+2t(i−1);}

5.   R1=trunc(RN(n1),Δ1);

      R2=trunc(RN(n1+n2),Δ2);

      PRS1=RN(1)∥RN(2)∥RN(3)∥……∥RN(n1−1)∥R1;

      PRS2=RN(n1+1)∥RN(n1+2)∥RN(n11+3)∥…∥RN(n1+n2−1)∥R2;

Step 4: Concatenating IV, PRS1, CREK, Ciphertext and PRS2 sequentially to produce the wrapped ciphertext file, the layout of which is illustrated in Fig. 1.

Figure 1: The layout of a wrapped ciphertext file

C. Message decryption

The decryption process is shown below:

1.   Identifying the exact position of IV from the very beginning of the wrapped ciphertext file, and deleting it from the file;

2.   Invoking the initial process to generate SK1∼SK5 and Δ1l;

3.   Deleting PRS1 from the remaining file based on Δ1l;

4.   Identifying the exact position of CREK from the very beginning of the remaining portion of the file, and deleting it from the file;

5.   

Decrypting CREK to acquire REK,

REK=(CREK⊕((SK2⊕SK3)+2SK5))⊙IRSK4−2SK1;(10)

6.   Δ2l=((SK2+2REK)⊙RSK5+2(SK4⊕REK))mod1022+3;

7.   According to Δ2l to remove PRS2 from the end of the remaining part of the file to acquire the ciphertext;

      n = |Ciphertext|/16;

      fb0=SK4;

      C0=SK3;

8.   For i = 1 to n

   {Pi=(Ci⊕((Ci−1⊕SK5)+2fbi−1))−2(REK⊕fbi−1)⊙IRfbi−1;(11)

      fbi=(Pi⊙Rfbi−1)+2((Ci−1⊕SK5)+2fbi−1);(12)

9.   Output the plaintext P1P2…Pn.

4  Security Analyses

We analyze security of the WEBDR’s working environment on operation mode 1 and mode 2 stated above, containing the securities of system sub-keys SK1∼SK5, Δ1l, the dynamic random key REK, the wrapped ciphertext file, and the ciphertext, and then demonstrate how they resist against eavesdropping attacks.

4.1 Security on SK1∼SK5

In the WEBDR, the system sub-keys SK1∼SK5 are employed to encrypt/decrypt a given plaintext. Claimed 1 shows that SK1∼SK5 have achieved practical security.

Claimed 1:

When the WEBDR worked on operation mode 1 or mode 2, the generated system sub-keys SK1∼SK5 have achieved practical security.

Proof: In operation mode 1 or mode 2, SK0 is defined as SK0=SKCH (or SK0=SKPW), where SKCH (or SKPW) is inputted externally, meaning that it is not easy for hackers to guess the value of SK0. In the two modes, SK0 is used only once. Thus, the problems resulted from collecting massive data for solving SK0 can be prevented. Since SK0 and IV employed in a session are themselves unique from those used in other sessions. Hence, to crack SK1∼SK5, apart from blindly guessing their values, hackers can also utilize three approaches. The first is solving Eqs. (1) to (3). The second is breaking Eq. (4). The last is cracking Eqs. (6) to (9) and solving the wrapped ciphertext file construction (WCFC) by adopting brute-force attacks.

About the first approach, in Eq. (3), SK5=(SK1⊙RSK4)+2(SK2⊕IV), in which SK5 is derived from four parameters, including IV, SK1, SK2, and SK4 and the three-dimensional operation mentioned above. SK4=(SK0+2SK3)⊕SK2 in Eq. (2) is derived by utilizing SK0, SK2, and SK3, in which SK3 is produced by invoking the ASS Algorithm given D-Box and SK2. Further, SK1 in the equation SK2=(SK0+2SK1)⊕(SK1⊙RIV) (see Eq. (1)) is again acquired by calling the ASS Algorithm given D-Box and IEKwhere IEK=SK0⊕IV. Now we can conclude that without correct values of SK0 and IV, SK1~SK5 cannot be solved. However, the value of SK0 is unknown to hackers. In other words, SK1∼SK5 are difficult to break. Also, at different time points, the IV values are different, meaning that hackers have insufficient data to break our system.

For the second approach, Δ1l=((SK0+2SK5)⊕(SK1⊙RSK4)⊕(SK2+2SK3))mod1022+3 in Eq. (4) is directly derived from SK0 and SK1∼SK5. Even (SK0=SKPW) is reused, Δ1ls varies for different IVs and SK1s∼SK5s in different sessions. Thus, no matter whether with operation mode 1 or 2, security is effectively ensured since it is not easy for hackers to derive Δ1l from Eq. (4). Furthermore, even in the case that Δ1l is really accessed by hackers, because 3 ≦ Δ1l ≦ 1024, and 0 ≦ Kj ≦ (2128 −1), 0 ≦ j ≦ 5, it is hard for hackers to crack Kj from Δ1l. That is, without guessing the exact value of SK0, it is almost impossible to solve SK1∼SK5 by using Eq. (4). Then, we dare to say that SK1∼SK5 are difficult to break.

For the third approach, hackers may break Eqs. (6) to (9) and the wrapped ciphertext file construction by employing brute-force attacks. In mode 1 or mode 2, without knowing plaintext, hackers cannot launch chosen-plaintext attacks and known-plaintext attacks. They can only collect and analyze wrapped ciphertext files. Even though hackers have collected a huge amount of wrapped ciphertext files encrypted by SK0, each ciphertext file has its own IV which is a random number so that the generated keys, i.e., SK1∼SK5, are themselves different from those SK1s∼SK5s produced in other sessions, indicating that hackers cannot acquire the value of Δ1l, hence unable to retrieve CREK from the file and acquire the random encryption key, i.e., REK. Even though hackers have guessed the value of CREK, based on Eq. (6), i.e., CREK=((REK+2SK1)⊙RSK4)⊕((SK2⊕SK3)+2SK5), when REK is unknown, it is hard to solve REK and SK1~SK5 based on the CREK. Moreover, at different CPU time points, the REK varies, i.e., lacking enough data for hackers to break these parameters.

Furthermore, the WEBDR generates a random key REK for each plaintext P. Each time when the plaintext encryption process is executed, different SK1∼SK5, SKCT and REK values will be derived and given to produce different wrapped ciphertext files; thus, breaking those parameters from these collected wrapped ciphertext files is difficult. Also, Δ1l, Δ2l and the size of the plaintext file are unknown to hackers. Consequently, it is not easy for hackers to identify the place of the ciphertext in the wrapped ciphertext file to obtain the ciphertext, thus unable to break the WEBDR.

Next, even hackers correctly guesses the exact location of the ciphertext and obtain (Pi,Ci), 1 ≦ i ≦ n, pairs, without the value of fb0 (i.e., SK4), C0 (i.e., SK3), plaintext block Pi, the system sub-key SK5, the random key REK, and the internal feedback code fbi−1, hackers are unable to obtain SK3, SK4, Pi, fbi−1, SK5, and REK from the ciphertext block Ci based on Eqs. (7) and (8), due to the sequentially generated internal feedback code fbi−1, 1 ≦ i ≦ n, i.e., SK1∼SK5 are difficult to break.

From the analyses above, we dare to say that in operation mode 1 or mode 2, the generated system sub-keys SK1∼SK5 have achieved practical security (Q.E.D).

4.2 Security on Δ1l

The key point for solving the wrapped ciphertext files is acquiring Δ1l. But it is crucial for hackers to solve the WCFC and then access the corresponding CREK and ciphertext. That is, Δ1l needs a higher level of security. In operation mode 1 or 2, the probabilities of cracking Δ1l by using probable approaches are similar to that of a blind guess. So, we dare to declare that Δ1l has its practical security. We analyze this in Claimed 2.

Claimed 2:

In operation mode 1 or 2, Δ1l derived from the zeroth encryption key SK0 and system sub-keys SK1∼SK5 has achieved its practical security.

Proof: Besides a blind guess, there are only two approaches for hackers to solve the value of Δ1l, i.e., by solving Eq. (4) or breaking the wrapped ciphertext file format by using brute-force attacks.

With the first approach, in operation mode 1, data transmitted between a user and a base station (or the cloud) is encrypted, i.e., SK0=SKCH. In operation mode 2, the data file owned by the user is encrypted, i.e., SK0=SKPW. As mentioned above, both SKCH and SKPW are given by users, i.e., the two parameters are external to our system. Therefore, it is not easy for hackers to correctly guess the one given. Namely, SK0 is difficult to break.

According to Claimed 1, SK1∼SK5, sequentially derived from SK0 and IV, also have their own practical securities. Without knowing the values of SK0∼SK5, hackers cannot solve Eq. (4) to break Δ1l. The reason is that to calculate the value of Δ1l, SK0 and SK1∼SK5 ought to be solved beforehand. But, the key length is 128 bits. The possible values ranging from 0 and 2128 − 1 is far wider than the probable values of Δ1l which is between 3 and 1024. Without knowing the values of SK0∼SK5, the probability of solving Δ1l, produced by using SK1∼SK5 with a Three-dimensional operation and the modulus operation (mod 1022 + 3), is equal to that of a blind guess [1].

By using the second approach, hackers may try to analyze the wrapped ciphertext file format with brute-force attacks. But, in operation mode 1 or mode 2, they cannot solve the file by employing chosen-plaintext attacks or known-plaintext attacks because they are unable to solve Δ1l and Δ2l and thus do not comprehend the location of ciphertext in the file. Even though the collected wrapped ciphertext files are produced by giving the same SK0, the values of Δ1l s of all ciphertext files vary due to giving different IVs. The conclusion is that Δ1l is difficult to break.

In addition, the ciphertext is placed between PRS1 and PRS2 and CREK (see Fig. 1). PRS1 and PRS2 are all derived from random numbers or pseudo-random numbers. They cannot be solved from the wrapped ciphertext files collected. Also, the size of a wrapped ciphertext file is (16+Δ1l+16+16n+Δ2l) bytes, where the two 16 bytes are the sizes of IV and CREK, 16n bytes represent the length of the plaintext and Δ1l (Δ2l) is the size of PRS1(PRS2). Hackers do not know the values of Δ1l and (Δ2l), the probability with which to obtain Δ1l by cracking the entire wrapped ciphertext file structure is the same to that of a blind guess. Here, we can conclude that Δ1l has achieved its practical security (Q.E.D).

4.3 Security on Random Encryption Key REK

Since the dynamic random key REK is used to encrypt a plaintext file, it requires a relatively high level of security. In Eq. (5), i.e., REK=(REK0+2SKCT)⊕(REK0⊙RSKRCT),REK is generated by utilizing the Three-dimensional operation, and three parameters, including the zeroth random encryption key REK0 and the two current time keys SKCT and SKRCT, showing that REK is a highly dynamic random key. Theorem 1 will prove that REK’s security level is high.

Theorem 1:

In operation mode 1 or 2, if the dynamic random encryption key REK generated is n bits long, the probability with which to obtain REK from an intercepted wrapped ciphertext file is 12n.

Proof: To break REK, in addition to a blind guess, hackers could also adopt the following three methods. The first is cracking Eq. (6). The second is solving Eqs. (7) and (8). The third is breaking Eq. (9) and analyzing the wrapped ciphertext file format.

Firstly, in operation mode 1 or 2, from previous analyses, we know that Δ1l and SK1∼SK5 have their practical securities. Thus, when Δ1l is unknown, hackers cannot find the position of CREK in the wrapped ciphertext file. Thus, the probability with which to obtain REK is the same to that of a blind guess. Even though hackers may somehow accurately retrieve CREK, and try to obtain REK by solving Eq. (6), i.e., CREK=((REK+2SK1)⊙RSK4)⊕((SK2⊕SK3)+SK5), without knowing the values of SK1∼SK5, they are unable to obtain REK with only one value of CREK. Therefore, when the values of SK1∼SK5 are unknown, the probability with which to obtain REK by solving the information concerning CREK is the same to that of a blind guess, i.e., 12n [1].

Secondly, in operation mode 1 or mode 2, hackers are unable to successfully crack the WEBDR by submitting chosen-plaintext attacks and known-plaintext attacks. They can only crack the system by analyzing the wrapped ciphertext files collected. But without the values of Δ1l and Δ2l, no clues of the exact place of the ciphertext within the wrapped ciphertext file can be found, meaning that the attacker cannot successfully retrieve the ciphertext from the wrapped ciphertext file and crack it. In this case, Eqs. (7) and (8) are not helpful for hackers, i.e., the probability with which to recover REK by solving Eqs. (7) and (8) is the same to that of a blind guess.

On the other hand, hackers may somehow accurately guess where the ciphertext block Ci is (e.g., by brute-force approaches), 1≦i≦n, and attempt to solve Eqs. (7) and (8). But in Eq. (8), i.e., Ci=((Pi⊙Rfbi−1)+2(REK⊕fbi−1))⊕((Ci−1⊕SK5)+2fbi−1), the internal feedback key fbi-1, 1 ≦ i ≦ n, is generated by utilizing Eq. (7) (i.e., fbi=(Pi⊙Rfbi−1)+2((Ci−1⊕SK5)+2fbi−1)) and the four parameters, including fb0, C0, REK, and SK5, are unknown. Therefore, the value of fb1 cannot be uncovered. Likewise, since fb1, REK, and SK5 are unknown, the value of fb2 cannot be solved. Also, because fb2, REK, and SK5 are unknown, the value of fb3 cannot be obtained, and so on.

Therefore, the variables fb1, fb2, …,fbi, …, fbn, form a secure internal feedback-code sequence which is unattainable by hackers. By substituting Eq. (8) with the above results, even if the attacker knows Ci and Ci−1, under the condition that fbi−1, REK, and SK5 are unknown, they cannot reversely derive values of (Pi⊙Rfbi−1),(REK⊕fbi−1)and((Ci−1⊕SK5)+2fbi−1). Namely, the chance of obtaining values of (Pi⊙Rfbi−1),(REK⊕fbi−1)and((Ci−1⊕SK5)+2fbi−1) on the basis in which Ci is known is the same to that of a blind guess [1]. In other words, the dynamic random encryption key REK hidden in the term (REK⊕fbi−1) is secure, and the probability with which to solve REK is 12n, which is the same as that of a blind guess.

Thirdly, without knowing the values of SK2, SK4, SK5 and REK, hackers cannot obtain Δ2l by solving Eq. (9). Further, without the value of Δ1l, hackers cannot reversely derive the value of Δ2l from the total length of the wrapped ciphertext file, i.e., Δ2l is secure. Even though hackers correctly guess the value of Δ2l, and try to solve Eq. (9), i.e., Δ2l=((SK2+2REK)⊙RSK5+2(SK4⊕REK))mod1022+3, to crack REK, the reality is that generation of a Δ2l involves a dynamic encryption key REK. On each generation, the value of Δ2l varies. The value of Δ2l ranges between 3 and 1024, in which 1024 is far smaller than the upper bound of REK (0 ≦ REK ≦ 2128−1), plus the fact that hackers do not know the values of (SK2+2REK), SK5, and (SK4⊕REK). Thus, the probability with which to obtain REK based on mere value of Δ2l is 12n, which is the same to that of a blind guess (Q.E.D.).

4.4 Security on a Wrapped Ciphertext File

The ciphertext shown in Fig. 1 is wrapped by PRS1 of length Δ1l and PRS2 of length Δ2l. Since values of PRS1, CREK, and PRS2 are random in different sessions, no methods that can be used to identify each of them in this wrapped ciphertext file. In operation mode 1 or 2, hackers cannot realize the length of ciphertext portion. So, they need to know the values of Δ1l and Δ2l to identify the positions of PRS1, CREK, and PRS2 to acquire the ciphertext. But, as mentioned above, Δ1l and Δ2l are well protected. Hackers cannot identify the exact location of ciphertext, thus unable to access it. Here, we dare to conclude that the security level of a wrapped ciphertext file is high.

4.5 Security on Ciphertext

Assume that hackers, by some method, correctly retrieve the ciphertext from the wrapped ciphertext file. Theorem 2 proves that the plaintext is secure.

Theorem 2:

Let P1P2P3…Pm be the plaintext, and let C1C2C3…Cm be the generated ciphertext, where Pi is the ith plaintext block, Ci is its corresponding ciphertext block and both are n bits in length, 1≦i≦m. In operation mode 1 or 2, the probability with which to acquire plaintext P1P2P3…Pm based on illegally intercepted ciphertext C1C2C3…Cm is (12n)m.

Proof: Eq. (11), i.e., Pi=(Ci⊕((Ci−1⊕SK5)+2fbi−1))−2(REK⊕fbi−1)⊙IRfbi−1, indicates that Ci−1, SK5, fbi−1, and REK on the righthand side are required before Pi can be recovered from Ci. Then by Claimed 1 and Theorem 1, SK5 and REK have achieved their practical securities. The value of fbi-1 can be obtained with the help of Eq. (12), i.e., fbi=(Pi⊙Rfbi−1)+2((Ci−1⊕SK5)+2fbi−1), in which values of Pi−1, fbi−2, Ci−2 and SK5 are necessary. However, the plaintext block Pi−1 is hidden from hackers, and both fb0=SK4 and C0=SK3 are well protected. So fb1=(P1⊙Rfb0)+2((C0⊕SK5)+2fb0) is also safely protected. Similarly, if the hackers cannot solve P2, fb1 and SK5, the value of fb2=(P2⊙Rfb1)+2((C1⊕SK5)+2fb1) is still unknown, and so on, meaning that the internal feedback-code sequence (fbi−1, 1≦i≦n) is well protected. Substituting Eq. (11) with this result will show that P1=(C1⊕((C0⊕SK5)+2fb0))−2(REK⊕fb0)⊙IRfb0 is secure. Thus, when C0, SK5, fb0 and REK are unknown, the probability with which to break P1 is the same as that of a blind guess, i.e., 12n where P1 is protected by using the Two-dimension operation [1]. Likewise, P2=(C2⊕((C1⊕SK5)+2fb1))−2(REK⊕fb1)⊙IRfb1 is secure when SK5, fb1 and REK are unknown. The probability with which to break P2 protected by the Three-dimensional operation [1] is also 12n, and so on. Hence, a plaintext block Pi, 1 ≦ i ≦ m, is safely protected, and the probability with which to solve an individual plaintext block is 12n. According to Rule of Product, the probability with which to crack the plaintext P1P2P3…Pm is (12n)m (Q.E.D.).

4.6 Security on the WEBDR against Eavesdropping Attacks

In operation mode 1 or 2, active brute-force attacks, like the chosen-plaintext attack and known-plaintext attack, cannot successfully crack a system protected by the WEBDR. Therefore, passive eavesdropping attacks will be the main method used to break the WEBDR by hackers. Now we would like to prove that the WEBDR can effectively defend against eavesdropping attacks.

In operation mode 1, before data files are transmitted between UE and a base station (or a cloud system), both sides of the connection have already owned their channel key, i.e., SKCH, which is used to protect the data files. In fact, without the value of Δ1l, the length of the plaintext and the value of Δ2l, hackers cannot exactly identify the position of the ciphertext and then crack it. In addition, if hackers attempt to sniff data in a long term so as to collect a large amount of data for further analysis, it is still useless since for each communication session, the channel key SKCH varies and there is no association between two arbitrary SKCHs. Of course, there is no direct relationship among all wrapped ciphertext files. In other words, the WEBDR can effectively defend against eavesdropping attacks when operation mode 1 is in use.

In operation mode 2, even if a wrapped ciphertext file is stolen. As mentioned above, hackers cannot figure out the right position of the ciphertext, and then crack the wrapped ciphertext file. Nevertheless, even though many wrapped ciphertext files are encrypted by using the same SKPW, their IVs are different so that SK1∼SK5, Δ1land REK are all individually different in different sessions. It is hard for hackers to crack these wrapped ciphertext files without knowing SKPW, meaning that the WEBDR is able to effectively defend against eavesdropping attacks when operation mode 2 is in use.

5  Performance Analyses and Improvements

The performance of encrypting and decrypting data blocks mainly depends upon the number of operating instructions. Table 1 lists the number of operations required by the WEBDR and AES when they encrypt/decrypt data blocks that are 128 bits long.

Due to the natural-randomness property, it is difficult for most cryptographic algorithms to theoretically compare time complexity. To demonstrate the better performance of the WEBDR than the AES, we conduct several experiments with test scenarios that encrypt/decrypt data blocks of different sizes from 1 KBs to billion KBs. In each test case, we calculate the average time consumed by each step of pre-processing procedures and the encryption/decryption step by million times of executions.

The experimental results by employing devices of different specifications are shown in Table 2 which shows that the cost of encrypting (decrypting) a plaintext (ciphertext) block by the AES is 6–8 times higher than that of encrypting (decrypting) a plaintext (ciphertext) block by the WEBDR in average. Since before encryption, the AES needs to execute Key-Expansion, i.e., generating round-keys by manipulating its cipher-key. Similarly, before encryption, the WEBDR has to perform preprocessing, including initial process, Step 1 of the encryption process and the generation of Δ2l.

To produce a wrapped ciphertext file, the WEBDR should execute post-processing procedures, i.e., the generation of PRS1 and PRS2, in Step 3 of the encryption process. The costs of extra sub-operations required by the AES and WEBDR are also listed in Table 2. The costs for pre/post-processing in the decryption process of the WEBDR are lower than that in its encryption process since the decryption does not need to generate PRS1 and PRS2, only identifying their lengths. If a plaintext file has n plaintext blocks, each of which is 16 bytes long, the theoretical encryption/decryption costs of the WEBDR and AES can be derived from Table 2.

(1) The AES (for Device# = 5)

The encryption cost = (cost for generating sub-keys) + (cost for encrypting a plaintext block) * n

 =0.373+0.475∗n(µs)(13)

Thedecryptioncost=0.373+0.477∗n(µs)(14)

(2) The WEBDR (for Device# = 5)

The encryption cost = (cost of pre/post-processing) + (cost of encrypting a plaintext block) * n

 =3.012+0.063∗n(µs)(15)

Thedecryptioncost=3.012+0.072∗n(µs)(16)

Basically, most of the 5th-generation (5G) applications are data intensive and at least 100 kb of data size. As shown in Table 2, the performance of the WEBDR is around 6.7–7.09 times faster than that of the AES.

The cost of wrapping n-block ciphertext, denoted by CC, in a wrapped file is

CC=16+Δ1l+16+16n+Δ2l16n(17)

  =1+(2n+Δ1l+Δ2l16n)≤1+130n(18)

where 130 = (Δ1lmax+Δ2lmax)/16 + 2 = 1024 * 2/16 + 2 since Δ1lmax=Δ2lmax = 1024. When n is large, CC approaches 1.

6  Conclusions and Future Works

In this study, the WEBDR is developed by using a randomly wrapped feedback approach based on user passwords or channel keys, which together with IV construct high security wrapped ciphertext files with high performance. When receiving a plaintext at different time points, the dynamic random encryption approach, which adopts current time keys and random keys, will produce different wrapped ciphertext files of different cipher texts and lengths, consequently highly improving the security level of transmitted ciphertext. Our theoretical analyses demonstrate that the WEBDR has achieved practical security in transmitting wireless data and encrypting personal files.

Theorems 1 and 2 prove the security level that the proposed scheme can achieve, i.e., the probability with which to obtain REK from an intercepted wrapped ciphertext file is 12n and the probability with which to acquire plaintext P1P2P3…Pm based on illegally intercepted ciphertext C1C2C3…Cm is (12n)m. The performance of the WEBDR when encrypting/decrypting a file longer than 128kb is around 6-8 times faster than that of the AES (see Table 2). All operations required by AES and the WEBDR are listed in Table 1. The former consumes 176 XOR operations for both of its encryption and decryption, while the WEBDR costs only three XOR for each of its message decryption and decryption processes. Therefore, this proposed system is more suitable than AES for protecting data stored in a cloud or transmitted between the cloud and an end user. Of course, readers may say that less operations also easily conduct hackers to break the WEBDR. Yes, it is true. But the time consumed for encrypting/decrypting data for 5G/beyond 5G (B5G)/the 6th generation (6G) networks need to be short to avoid being the bottleneck of data transfer since users of current networks request short transmission time.

According to reference [34], the download speed of a 5G system is about 10 times that of a 4th generation (4G) network, and high-speed communication has been widely requested by users, high-performance transmission is always desired, while keeping the practical security.

In the future, we will continue developing a faster encryption and decryption approach and then apply it to image cryptography [35]. Also, users may forget their passwords. Then they have trouble decrypting their ciphertexts to plaintexts. Therefore, we need a forgotten-password-recovery mechanism following which users can recover their original passwords, and then decrypt the wrapped ciphertext files. These constitute our future studies.

Acknowledgement: We would like to thank reviewers who gave us many valuable comments and suggestions with which we can then significantly improve the quality of our manuscript.

Funding Statement: This work is financially supported in part by Ministry of Science and Technology (MOST), Taiwan under the Grant MOST 109-2221-E-029-017-MY2.

Author Contributions: Study concepts and system design: Yi-Li Huang and Fang-Yie Leu; Data collection and preparation: Ruey-Kai Sheu and Chi-Jan Huang; Draft manuscript preparation: Yi-Li Huang and Fang-Yie Leu; Analysis and interpretation of results: Ruey-Kai Sheu and Jung-Chun Liu; Theorem derivation and proofs: Yi-Li Huang and Jung-Chun Liu.

Availability of Data and Materials: A part of the data adopted in this study is articles randomly collected from the Internet. The remaining part is a company’s personnel data. For privacy consideration, the personnel data cannot be accessed without this company’s permission.

Conflicts of Interest: The authors declare that they have no conflicts of interest to report regarding the present study.

References

1. Y. L. Huang, C. R. Dai, F. Y. Leu and I. You, “A secure data encryption method employing a sequential-logic style mechanism for a cloud system,” International Journal of Web and Grid Services, vol. 11, no. 1, pp. 102–124, 2015. [Google Scholar]

2. Kasperski, “Brute force attack: Definition and examples,” 2023. [Online]. Available: https://www.kaspersky.com/resource-center/definitions/brute-force-attack [Google Scholar]

3. Fortinet, “What is a brute force attack?,” 2023. [Online]. Available: https://www.fortinet.com/resources/cyberglossary/brute-force-attack [Google Scholar]

4. M. Al-Mhiqani, R. Ahmad, Z. Z. Abidin, K. H. Abdulkareem, M. A. Mohammed et al., “A new intelligent multilayer framework for insider threat detection,” Computers & Electrical Engineering, vol. 97, no. 1, pp. 107597, 2022. [Google Scholar]

5. Wikipedia, “The EFF DES cracker,” 2023. [Online]. Available: http://en.wikipedia.org/wiki/EFF_DES_cracker [Google Scholar]

6. M. Kirschenbaum, “A practical guide for cracking AES-128 encrypted firmware updates,” Hypoxic Extreme Electronics, 2020. https://gethypoxic.com/blogs/technical/a-practical-guide-for-cracking-aes-128-encrypted-firmware-updates [Google Scholar]

7. Y. L. Huang, F. Y. Leu, I. You, H. C. Chen, C. S. Liaw et al., “Random cladding with feedback mechanism for encrypting mobile messages,” in Proc. INFOCOM WKSHPS, San Francisco, CA, USA, pp. 970–975, 2016. [Google Scholar]

8. Wikipedia, “Advanced encryption standard,” 2023. [Online]. Available: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard [Google Scholar]

9. W. Diehl, “Attack on AES implementation exploiting publicly-visible partial result,” Cryptology ePrint Archive, 2017. [Google Scholar]

10. Wikipedia, “Biclique attack,” 2023. [Online]. Available: https://en.wikipedia.org/wiki/Biclique_attack [Google Scholar]

11. Tutorialspoint, “What are the types of Cryptanalysis Attacks on AES in information security?,” 2023. [Online]. Available: https://www.tutorialspoint.com/what-are-the-types-of-cryptanalysis-attacks-on-aes-in-information-security [Google Scholar]

12. Checkpoint, “What is cloud security?,” 2022. [Online]. Available: https://www.checkpoint.com/cyber-hub/cloud-security/what-is-cloud-security/ [Google Scholar]

13. Wikipedia, “Cloud security,” 2023. [Online]. Available: http://en.wikipedia.org/wiki/Cloud_computing_security [Google Scholar]

14. L. Bordak, “Cloud computing security,” in Proc. of ICETA, Startfytf Smokovec, Slovakia, pp. 87–92, 2019. [Google Scholar]

15. A. Musa and A. Mahmood, “Client-side cryptography based security for cloud computing system,” in Proc. of ICAIS, Tamil Nadu, India, pp. 594–600, 2021. [Google Scholar]

16. L. H. A. Reis, M. T. de Oliveira, J. Bowden, D. Krefting, S. D. Olabarriaga et al., “Cryptography on untrustworthy cloud storage for healthcare applications: A performance analysis,” in Proc. of SBESC, Online, pp. 1–8, 2021. [Google Scholar]

17. O. Banuelos, “Encryption key management and its role in modern data privacy,” SkyFlow, 2022. [Online]. Available: https://www.skyflow.com/post/encryption-key-management-and-its-role-in-modern-data-privacy?utm_source=google&utm_medium=ppc&utm_campaign=blog&utm_term=encryption%20key&utm_campaign=All+Tiers:+%27How+To%27+Campaign&utm_source=adwords&utm_medium=ppc&hsa_acc=6575335991&hsa_cam=13968847646&hsa_grp=141732157609&hsa_ad=610758177074&hsa_src=s&hsa_tgt=kwd-297166611545&hsa_kw=encryption%20key&hsa_mt=b&hsa_net=adwords&hsa_ver=3&gclid=CjwKCAjwg5uZBhATEiwAhhRLHodD_Y57v3jHwkTHdCbasltaSHnAl5y5g_GVnzwmQYxp6uMUvrKUkxoCDJYQAvD_BwE [Google Scholar]

18. Software AG, “What is an IoT security solution?,” 2023. [Online]. Available: https://www.softwareag.com/en_corporate/resources/what-is/iot-security-solution.html [Google Scholar]

19. B. Schacht and P. Kieseberg, “An analysis of 5 million OpenPGP keys,” Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), vol. 11, no. 3, pp. 107–140, 2020. [Google Scholar]

20. J. Roundy, “IoT security: IoT device security challenges and solutions,” 2023. [Online]. Available: https://www.verizon.com/business/resources/articles/iot-device-security-challenges-and-solutions/ [Google Scholar]

21. J. Yang, L. Wang and S. Shakya, “Modelling network traffic and exploiting encrypted packets to detect stepping-stone intrusions,” Journal of Internet Services and Information Security (JISIS), vol. 12, no. 1, pp. 2–25, 2022. [Google Scholar]

22. S. Nowaczewski and W. Mazurczyk, “Searching future Internet and 5G using customer edge switching using DNSCrypt and DNSSec,” Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications (JoWUA), vol. 11, no. 3, pp. 87–106, 2020. [Google Scholar]

23. Cloud Security Alliance (CSA“Cloud security alliance, top threats to cloud computing,” 2023. [Online]. Available: http://www.cloudsecurityalliance.org [Google Scholar]

24. F. Chen, K. Wu, W. Chen and Q. Zhang, “The research and implementation of the VPN gateway based on SSL,” in Proc. of ICCIS, Shiyang, China, pp. 1376–1379, 2013. [Google Scholar]

25. D. Clinton, “How website encryption works,” ENCRYPTION, 2023. [Online]. Available: https://www.freecodecamp.org/news/understanding-website-encryption/ [Google Scholar]

26. Wikipedia, “Proxy server,” 2023. [Online]. Available: http://zh.wikipedia.org/wiki/%E4%BB%A3%E7%90%86%E6%9C%8D%E5%8A%A1%E5%99%A8 [Google Scholar]

27. V. D. Chakravarthy, K. L. N. C. Prakash, K. Ramana and T. R. Gadekallu, “A novel DDOS attack detection and prevention using DSA-DPI method,” in Proc. of ICICC, Delhi, India, pp. 733–744, 2022. [Google Scholar]

28. S. Daneshgadeh, T. Ahmed, T. Kemmerich and N. Baykal, “Detection of DDoS attacks and flash events using shannon entropy, KOAD and mahalanobis distance,” in Proc. of ICIB, Thessaloniki, Greece, pp. 222–229, 2019. [Google Scholar]

29. K. L. Tsai, L. W. Chen, F. Y. Leu and C. T. Wu, “Two-stage high-efficiency encryption key update scheme for LoRaWAN based IoT environment,” Computers, Materials & Continua, vol. 73, no. 1, pp. 547–562, 2022. [Google Scholar]

30. N. Khan, J. Zhang, U. Intikhab, S. M. S. Pathan and H. Lim, “Lattice-based authentication scheme to prevent quantum attack in public cloud environment,” Computers, Materials & Continua, vol. 75, no. 1, pp. 35–49, 2023. [Google Scholar]

31. O. I. Khalaf, M. Sokiyna, Y. Alotaibi, A. Alsufyani and S. Alghamdi, “Web attack detection using the input validation method: DPDA theory,” Computers, Materials & Continua, vol. 68, no. 3, pp. 3167–3184, 2021. [Google Scholar]

32. Y. Yang, W. Wang, R. Xu, G. Srivastava, M. Alazab et al., “AoI optimization for UAV-aided MEC networks under channel access attacks: A game theoretic viewpoint,” in Proc. of ICC, Seoul, South Korea, pp. 1–6, 2022. [Google Scholar]

33. W. Wang, G. Srivastava, J. C. W. Lin, Y. Yang, M. Alazab et al., “Data freshness optimization under CAA in the UAV-Aided MECN: A potential game perspective,” IEEE Transactions on Intelligent Transportation Systems, pp. 1–10, 2022. https://doi.org/10.1109/TITS.2022.3167485 [Google Scholar] [CrossRef]

34. M. V. Nichita, P. Ciotîrnae, R. L. Luca and V. N. Petrescu, “5G propagation: Current solutions and future proposals,” in Proc. of ISETC, Timisoara, Romania, pp. 47–50, 2016. [Google Scholar]

35. E. Bashier and T. Ben Jabeur, “An efficient secure image encryption algorithm based on total shuffling, integer chaotic maps and median filter,” Journal of Internet Services and Information Security (JISIS), vol. 11, no. 2, pp. 64–79, 2021. [Google Scholar]