Attack of Against Simplified Data Encryption Standard Cipher System Using Neural Networks

: Problem statement: The problem in cryptanalysis can be described as an unknown and the neural networks are ideal tools for black-box system identification. In this study, a mathematical black-box model is developed and system identification techniques are combined with adaptive system techniques, to construct the Neuro-Identifier. Approach: The Neuro-Identifier was discussed as a black-box model to attack the target cipher systems. Results: In this study this model is a new addition in cryptography that presented the methods of block (SDES) crypto systems discussed. The constructing of Neuro-Identifier mode achieved two objectives: The first one was to construct emulator of Neuro-model for the target cipher system, while the second was to (cryptanalysis) determine the key from given plaintext-ciphertext pair. Conclusion: Present the idea of the equivalent cipher system, which is identical 100% to the unknown system and that means that an unknown hardware, or software cipher system could be reconstructed without known the internal circuitry or algorithm of it.


INTRODUCTION
Block cipher systems belong to symmetric cryptographic systems, where the same key is used for encryption and decryption process. The major difference between block ciphers and other symmetric cryptographic systems are that; block ciphers are characterized by the fact that the decipherment of a bit of data depends not only on the key but also on some of the other bits of data. The principles behind the design of most block ciphers are the concepts of diffusion and confusion. The idea of confusion is to make the relation between a cryptogram and the corresponding key a complex one. This aims to make it difficult for the statistics to point out the key as having comes from any particular area of the key space. The concept of diffusion is to spread the statistics of message into statistical structure, which involves long combinations of the letters in the cryptogram and hence whitening all the statistical feature of the neutral language. In this study, a brief discussion of block ciphers background and techniques is presented. DES cipher is chosen as a case study of block cipher because, it was (and still) the challenge of most of the researchers over the last 25 years. Security of cryptographic systems is directly related to the difficulty associated with inverting encryption transformations of the system. The protection afforded by the encryption procedure can be evaluated by the uncertainty facing an opponent in determining the permissible keys (Bruce, 1996). The cryptanalysis problem can be described as an identification problem and the goal of the cryptography is to build a cryptographic system that is hard to identify (Pieprzyk and Jennifer, 1989;Alallayah et al., 2010). System identification is concerned with inferring models from observation and studying system behavior and properties. System identification deals with the problem of building mathematical models of dynamical systems based on observed data from the system (Alallayah et al., 2010;Lennart, 1987). Artificial Neural Networks (ANNs) are simplified models of the central nervous system. They are networks of highly interconnected neural computing elements that have the ability to respond to input stimuli. Among the capabilities of ANN, are their ability to learn adaptively from dynamic environments to establish a generalized solution through approximation of the underlying mapping between input and output (Simon, 1998;Patterson, 1998;Sarle, 2002). Neural networks can be regarded as a black-box that transforms an input vector of m-dimensional space to an output vector in ndimensional space. This makes them ideal tools for black-box system identification (Ball et al., 2002;Zbikowski and Dzielinski, 1995). In this study, you will implement a simplified version of the DES block cipher algorithm. Naturally enough, it is called SDES and it is designed to have the features of the DES algorithm but scaled down so it is more tractable to understand. A survey of previous cryptographic work especially for DES is presented. The proposed Emulation mode using Neuro-Identifier (NID) against SDES is described in detail with the results obtained during the study.
System identification: There are two approaches for system identification (Alallayah et al., 2010;Lennart, 1987), depending on the available information, which describe the behavior of the system. The first approach is the State-Space approach (internal description), which describes the internal state of the system and is used whenever the system dynamical equations are available. The second approach is the Black-Box approach (input-output description) which is used when no information is available about the system except its input and output (Saggar et al., 2007). Figure 1 shows an unknown system with x m input signals and y n output signals. The central concept in identification problems is identifiability (Lennart, 1987). The problem is whether the identification procedure will yield a unique value of the parameter (q) and/or whether the resulting Model (M) is equal to the true system, i.e., a model structure is globally identified at: Where: M = A model structure q = A parameter vector, ranging over a set of values D M (Zbikowski and Dzielinski, 1995) Input-output descriptions: The input-output description of a system gives a mathematical relationship between the input and output of the system. In developing this description, the knowledge of the internal structure of a system may be assumed to be unavailable; the only access to the system is by means of the input and output terminals (Tsong, 1999;Alallayah et al., 2010). Under this assumption, a system may be considered a Black-Box as shown in Fig. 1. Clearly what one can do to a black box, is to apply inputs and measure their corresponding outputs and then try to abstract key properties of the system from these input-output pairs. An input-output model assumes that the new system output can be predicted by the past inputs and outputs of the system (Saggar et al., 2007;Liu and Truong, 1995). A Black-Box model of system identification assumes no prior knowledge about the system except it's input and output, i.e., no matter what analysis is used, it always lead to the same input-output description.
Moreover, a Black-Box model allows finitedimensional identification techniques to be applied, which may require in nonlinear system identification. In developing the input-output description, before an input is applied, the system must be assumed to be relaxed or at rest and that the output is excited solely and uniquely by the input applied thereafter and the system is said to be causal if the output of the system at time k does not depend on the input applied after time k (Tsong, 1999). The system can be described as follows: where, H is some function that specifies uniquely the output y in terms of the input x of the system. Although the subject of system identification is well developed for linear systems, the same is not true for the nonlinear case. However, linearization of nonlinear systems can be obtained by several methods, among them is the approximate linearization technique for nonlinear systems (Cinar, 1996;Alallayah et al., 2010;Saggar et al., 2007). For Single-Input Single-Output (SISO), the inputoutput model identification problem is to devise a mathematical model which, when excited with the input sequence [x(k), k = 1,2,…, m], will produce an estimated output [y(k), k = 1,2,…, n ], such that: Where: [x(k), y(k)] = Representing the input-output pairs of the system at time k n and m = Positive integers representing the number of past outputs and the number of past inputs respectively f = A static nonlinear function which maps the past inputs and outputs to a new output. f is called describing function That means; for any discrete-time, unknown nonlinear system there would be suitable positive integers (m and n) and a multidimensional mapping f(.) in such a way that the system output at a given instant could be approximated by Eq. 3. If a system is linear f is a linear function and Eq. 3 can be rewritten as (Simon, 1998;Pieprzyk and Jennifer, 1989;Alallayah et al., 2010): where, a i (i = 1,2,…,n) and bi (i = 1,2,…,m) are real constants. Equation 4 can be rewritten in matrix notation: For Multi-Input Multi-Output (MIMO), y(k) and x(k) are of dimensions m and p respectively, equation (5) can be rewritten as (Alallayah et al., 2010): where, Ai and Bj an (m × m) and (m × p) matrices respectively.
Cryptographic system: An encryption algorithm is a single parameter family of invertible transformations (mappings) of the message space (M) into the cryptogram (ciphertext) space (C) using finite length key k from keyspace (K). See a reversible encryption algorithm (Schaefer, 1996;Bruce, 1996) in Eq. 2: An inverse decryption algorithm: The keys should uniquely define the enciphered message i.e.: According to the previous discussion of the properties of the system and the definition of a cryptographic system, it might be concluded that: A cryptographic system is, relaxed, causal, time invariant and nonlinear system.
Neuro-Identifier (NID): Identification of a system consists of finding a model relationship. Consider the system described in Eq. 3. Identification then consists of determining the system orders and approximation of the unknown function by neural network model using a set of input and output data (Blankenship and Ghanadan, 1996;Leaster and Sjoberg, 2000;Lester and Jonas, 1998). The procedure begins with the choice of neural model which is defined by its architecture and an associated learning algorithm. This choice can be made through trial and error. Once the neural model is chosen and system input-output data are available, learning can begin. Different structures are trained and compared using learning set and simulation set of data and a criterion (error goal) (Thomas, 2008;Jiang and Zhou, 2006). The optimal structure then, is the one having the fewest units (neurons) for which the criterion is met. Neuro-Identifiers (NIDs) are basically Multi-Layer Feed-Forward artificial neural networks (MLFF) with an input layer (buffer layer), a single or multiple nonlinear hidden layer with biases and a linear/or nonlinear output layer (Yu et al., 2000;Saggar et al., 2007). The results of research have shown that linear identifiers are not capable of identifying nonlinear systems. Hybrid identifiers can identify simple nonlinear systems but not complex ones (Bin and Babri, 1998;Yu et al., 2000;Tanomaru, 1994). Figure 2 shows the structure of the multi-layer feed-forward neural network identifier NID, with two nonlinear hidden layers, which is used in this research. The size of the neural network (number of neurons in the hidden layer) is crucial in designing the whole structure. There is no mathematical formulation to calculate the optimal size of such networks. However, with many free units the NID will learn faster, avoid local minima and exhibit a better generalization performance (Simon, 1998;Zbikowski and Dzielinski, 1995). The essential constraint on increasing the size of hidden layers is the limitation of the hardware architecture used in the experimental study.
Training algorithm: The Levenberg-Marquardt (LM) algorithm is (MLFF), the most ideally used optimization algorithm. It outperforms simple gradient descent and other conjugate gradient methods in a wide variety of problems. This document aims to provide an intuitive explanation for this algorithm. The LM algorithm is first shown to be a blend of vanilla gradient descent and Gauss-Newton iteration. Subsequently, another perspective on the algorithm is provided by considering it as a trust-region method (Alallayah et al., 2010;Leaster and Sjoberg, 2000). Using NID in cryptanalysis: Cryptographic systems are a 2-input, 1-output systems, it takes a plaintext character (or bit /block of bits) and a key character to produce a ciphertext character. Hence a 2-neurons input layer is used to present the training data to the identifier, while a single neuron output layer is used. The described neural network identifier was used to identify cryptographic systems in two approaches with the following objectives:

1-Initialize network (Weights and Biases
Emulation approach: Construct of a neuro-model for the target unknown cipher system (Alallayah et al., 2010): • Encryption cipher: • Input data: TP, TK. -Desired output data: TC • Decryption cipher: • Input data: TC, TK. -Desired output data: TP Cryptanalysis approach: Input data: TP, TC. Desired Output data: TK. The first objective is to construct a neuro-model which imitates the internal (transfer) function of the cryptographic system (hardware or software). After training and on convergence, the constructed model will resemble the target system completely. The construction of such a model will be useful in studying the behavior of the unknown system and it can be used as a real system in encryption and decryption in cases where the real system cannot be. The aim of the second objective, is to obtain clearly a pure cryptanalysis target (total break). This could be done by introducing plaintext-cipher text as input to the system, which yields the key as output. The training data is built using the target cipher system algorithm by applying selected input signals (characters or bits) and collecting the output response of the system. The resulting data are split into two groups; the first group is used to train the neural network, while the second group is used to test (simulate) the trained network.

Block ciphers (SDES):
IBM initiated a cryptographic research concentrating on nonlinear block ciphers in the late 1960's and has produced several important cryptographic systems. In January 1977, the National Bureau of Standard (NBS) adopted one of these as the national data encryption standard (DES). IBM systems have their roots in Shannon's brilliant 1949 paper connecting cryptography with information theory (Whitfield and Hellman, 1979). Shannon suggested using product ciphers to build a strong system out of simple, individually weak components. He suggested using products of the form B 1 Mb 2 M…,B n M, where M is a mixing transformation and Bi is simple cryptographic transformations. High-speed electronic circuitry allows the product system to be implemented almost as economically as single BM pairs. The data are encrypted in number of "rounds" (iterations) each consisting of a single pair B i M and each using the same hardware. The same key is used in encryption and decryption process. The fundamental building block of DES is a single combination of substitution followed by permutation (diffusion and confusion) on the text based on the key. This is known as a round. DES has 16 rounds; i.e., it applies the same combination of substitution and permutation 16 times (Thomas, 2008). The output of the ith round become the input to the (i+1) round. Block ciphers probably of the most important cryptographic primitives. Although they are used for many different purposes, their essential goal is to ensure confidentiality. This study is concerned by their quantitative security, that is, by measurable attributes that reflect their ability to guarantee this confidentiality. Well know results. Starting with Shannon's Theory of Secrecy, we move to practical implications for block ciphers, recall the main schemes on which nowadays block ciphers are based and introduce the Luby-Rackoff security model (Nalini and Rao, 2006). We describe distinguishing attacks and key-recovery attacks against block ciphers (Ball et al., 2002). The system uses a transformation of the bits within a block for the fixed mixing transformation T and substitution on four bits groups of the block for the simple cryptographic transformation Si. Any k-bit S-box can be implemented as 2 k word memory with k-bit words. The Neuro-Identifier (NID), as described above, has been used in this research in block cryptosystem identification, as a black-box model. The objective of the attack, is to determine the key from the given plaintext-ciphertext pair. Black-box attack has been applied to SDES. SDES encryption takes a 10 bit raw key (from which two 8 bit keys are generated as described in the handout) and encrypts an 8 bit plaintext to produce an 8 bit ciphertext. Implement the SDES algorithm in a class called SDES.

Simulation of SDES cipher:
The simulation phase includes execution of the trained neural identifier in both approaches (cryptanalysis and emulation) using the saved Weights (W) and Biases (B) and the simulation data set (SP, SK, SC). Simulation of SDES cipher in both approaches (cryptanalysis and emulation) gives 100% accuracy for any length of key.   The possible key of SDES cipher is any combination of lowercase alphabetic characters with maximum length of (1024 = 32*32) which is the size of the training set. Figure 5 shows actual and simulated key of length (300 characters) for SDES cipher.

CONCLUSION
• The Levenberg-Marquardt (LM) algorithm from neural network is used to train the Neuro-Identifier which gives good approximation capabilities, faster convergence, more stable performance surface. This study present the idea of the equivalent cipher system, which is identical 100% to the unknown system and that means that an unknown hardware, or software cipher system could be reconstructed without known the internal circuitry or algorithm of it. • Most of identification techniques can identify certain cipher systems, but not all of them, the presented method is a generalized method that could identify many cipher system and build the equivalent system from the input-output observations. • Emulation cryptography is a generalized method that could be used to all cryptographic systems. The only changeable parameter is the size of the hidden layers which should be made large enough to accommodate the key space of the target cipher system. The total number of neurons in the hidden layers is at most equal to the number of training samples, giving that the training samples are sufficient to describe the target system behavior. The feature of generalization is due to the characteristic of modeling.