Design and evaluation of a block encryption algorithm using dynamic-key mechanism

Future Generation Computer Systems 20 (2004) 327–338

Design and evaluation of a block encryption algorithm using dynamic-key mechanism Chang-Doo Lee, Bong-Jun Choi, Kyoo-Seok Park∗ Department of Computer Engineering, Kyungnam University, 449 Wolyoung dong, Masan, South Korea

Abstract The existing block encryption algorithms have been designed for the encryption key value to be unchanged and applied to the round functions of each block, and enciphered. Therefore, it has such a weak point that the plain text or encryption key could be easily exposed by differential cryptanalysis or linear cryptanalysis, both are the most powerful methods for decoding block encryption of a round-repeating structure. In order to cope with this weak point, an encryption algorithm using a more efficient key should be designed. In this paper, a block encryption algorithm which is designed for each encryption key value to be applied to each round block with a different value is proposed. This algorithm needs a short processing time in encryption and decryption, has a high intensity, can apply to electronic commerce and various applications of data protection. © 2003 Elsevier B.V. All rights reserved. Keywords: Block encryption algorithm; Dynamic-key mechanism; Cryptanalysis; Codebook encryptor; Decryptor algorithm; Round key generator algorithm

1. Introduction Due to the known weaknesses of information systems, information has been destroyed and individual information records have been released in illegal marketing which also includes similar harmful effects. Due to cases such as these, the protection of information has become an increasingly important issue. Security has become a significant issue in regards to the violation of individual information security. Encryption is supposed to make a secret document that is functionally different from the original document. Specific encryption issues include the original contents and other secret documents made through computer related files and mathematically related ∗

Corresponding author. E-mail address: [email protected] (K.-S. Park).

message characters [1].1 Typical encryption technology has been developed mostly doing research on the security of the data. As modern coding technology which has a background of confusion and diffusion theory is increasing in use by public networks like the Internet, various types of research are going on for authentication, data integrity, and non-repudiation [2]. Nowadays, encryption algorithms are designed for mixing advantages of both public encryption algorithm and symmetric encryption algorithm [3]. A plain text can be encrypted by a symmetric encryption algorithm that makes encryption fast, and then transferred to a destination. Encryption key, however, can be encrypted by a public-key encryption algorithm that provides a high level of security in terms of public safety, and this method is used a lot. This method 1

This research has been funded by the Kyungnam University, Masan, South Korea.

0167-739X/$ – see front matter © 2003 Elsevier B.V. All rights reserved. doi:10.1016/S0167-739X(03)00148-1

328

C.-D. Lee et al. / Future Generation Computer Systems 20 (2004) 327–338

is called Digital Envelope. The proposed encryption algorithm required keys on the basis of the S-Box design capable of enduring any differential and linear cryptanalysis [4], the F-function which is known to support a strong encryption, and pseudo-random numbers. The algorithm can notably be shown to efficiently operate keys by the aforementioned reasons so that the decryption of round keys and encryption keys is not easy along with the iteration of rounds. 2. Related study 2.1. Block encryption algorithm There are two kinds of encryption systems, private key system (symmetric cryptography) and public key system (asymmetric cryptography). The block cipher is a kind of private key system and encrypts information in blocks with a certain length. DES, AES, skipjack, and SEED are the typical block cipher systems.

rithm was designed using a 128 bit key with a typical fiestal structure that included encryption or decryption of the data as a 128 block unit. A distinctive structure of the algorithm had 16 function F and consisted of three function G in function F and two s-boxes in function G. SEED itself could divide from input-plain text block of 128 bit to two 64 bit block, and go through a process that uses 16 round key of 64 bit. After that, the trial outputs the results in a 128 bit cryptogram block. (4) AES. This algorithm was found to be a welladjusted SPN (substitution permutation network) structure that can be made up for the existing one. AES was a renowned system among the well-known different types of crypts, it was found to be fast and simple in various platforms and also simple in design. GF(28 ) is employed using methods of addition, multiplication and xor, and encrypted when using these various types of encryption [7,8]. 2.2. Differential analysis

(1) DES. This uses an encryption method which converts a 64 bit of plain text to a 64 bit cryptogram, and uses 64 bit encryption keys. These encryption keys include one single parity bit in every 8 bit which according to the continuing encryption process can only apply a 56 bit [5]. (2) Skipjack. A skipjack can calculate the number of rounds as unit function G, and is encoded 4 word (1 word = 16 bit) to two conversion rules (conversion rule A and conversion rule B). The function G of skipjack has a 4-round fiestal structure (normally, this kind of structure refers to DES encryption algorithm). Inside a function G uses a function F of total of 4 which produces 8 bit output/input (generally called an S-Box) [6]. The structure of the skipjack unlike the fiestal structure changes input-block so that it is a sign that is a good structure which increases the level of complexity. But somehow, in the decryption process, there are some disadvantages for the conversion of function F. (3) SEED. This algorithm was first seen in a Korean Telecommunications Association in September 1999, and it was at this time that the block encryption algorithm was established. This algo-

In order to decrypt selected plain text, the differential analysis uses the relation of two plain texts encrypted with a key. In this case, selecting plain text P1 and P2 are called input-xor, and xor operation of two corresponding ciphertext C1 and C2 is called output-xor. The key probabilities are calculated by analyzing those, and the highest probability is predicted as the key [9].

3. Proposed algorithm The encryption performed under the generally known modes, such as ECB, CBC, etc., may raise the probability of decryption because the pair of plain text and its corresponding ciphertext is increased as well. In this situation, a block encryption algorithm should be strongly required dealing with differential cryptanalysis and linear cryptanalysis. In order not to relate much between input-bit and output-bit, the proposed block encryption algorithm is designed such as, initial permutation-level, encryption-level as Fig. 1 shows, and makes it hard for someone to decode.

C.-D. Lee et al. / Future Generation Computer Systems 20 (2004) 327–338

Fig. 1. The structure of block encryption algorithm.

329

330

C.-D. Lee et al. / Future Generation Computer Systems 20 (2004) 327–338

3.1. Design of an encryption algorithm A design scheme of the proposed block encryption algorithm in this thesis is as follows: • To balance the speed of both encryption and decryption, design symmetrically. • Specification: ◦ The size of input/output: 256 bit. ◦ The size of encryption key: 128 bit. ◦ The number of round cycle: 8. ◦ S-Box: 8 S-Box of 8 bit. 3.1.1. Initial permutation In a preliminary encryption phase, plain text is xor-ed with a round key (RKey 0). Then, the resulting four 64 bit words are sent to the intermediate encryption phase. 3.1.2. Encryption The execution of encryption of eight rounds with function F operates using a dynamic round key generated from a sub-key generator and round key generator. The core in this level is used to generate an encryption key reducing the relationship of a block for input and output, the relationship of the blocks, and the relationship between round keys. This chapter describes the architecture involved in using a round key generator and sub-key generator and the creation of a dynamic round key. The specification of an S-Box structure being used in function F is a design of the function F structure, and the encryption step found in the encryption-level: 3.1.2.1. The design of the sub-key and round key generator. The step of creating both a sub-key and round key are needed to create round keys dynamically as shown in Fig. 2. First, the user encryption key and padding are initially substituted after using the first sub-key through a sub-key generator. Eight round keys are created and needed for round functions through the round key generator which is the result. It uses a second sub-key through the sub-key generator with the #8 round keys, and creates eight round keys needed for a second round function as the result. This step is executed from the second to N round and creates round keys dynamically.

(1) Initial permutation: When a user input key is used, a repeating key(ex. 1111, aaaaa, . . . , etc.) or an inputting key is placed in a certain order, then that key maybe exposed. In this case, the permutation constant is made through a pseudo-random generator. (2) Sub-key generator: The sub-key generator manages a job that is to raise the strength of the key which was initially replaced. The formula to generate the random number is as follows: R1 = ((input value × 175) + 11 220) mod 256, R2 = ((input value × 193) + 11 220) mod 256. Random numbers R1 and R2 make keys from 8 bits of 0–128 using method #1 (see Fig. 2). As seen in Fig. 2, the divided sixteen 8 bit streams are inputted to [Si, 1], [Si, 2], . . . , [Si, 16] in a sub-key generator. Sub-keys [Si + 1, 1], [Si + 1, 2], . . . , [Si + 1, 16] are finally generated from this process. The method to create the sub-key is as follows: Si1 1 = R1([Si, 2]) ⊕ [Si, 1] [Si + 1, 16] = Si1 1 ⊕ [Si + 1, 15] Si2 1 = Si1 1 ⊕ [Si, 2] Si2 2 = Si2 1 ⊕ Si16 1 Si2 3 = Si2 2 ⊕ R1(Si3 1) Si + 1, 1] = Si2 3 ⊕ Si1 1 Si1 3 = R2([Si, 4]) ⊕ [Si, 3] [Si + 1, 2] = Si3 1 ⊕ [Si + 1, 1] Si4 1 = Si3 1 ⊕ [Si, 4] Si4 2 = Si4 1 ⊕ Si2 1 Si4 3 = Si4 2 ⊕ R2(Si5 1) [Si + 1, 3] = Si4 3 ⊕ Si2 3 .. .

Si16 1 = Si15 1 ⊕ [Si, 16] Si16 2 = Si14 1 ⊕ Si14 1 Si16 3 = R1(Si1 1) ⊕ Si16 2 [Si + 1, 15] = Si16 3 ⊕ Si14 3

(3) Round key generator A round key generator outputs round keys [Rj + 1, 1], [Rj + 1, 2], . . . , [Rj + 1, 15], [Rj +

C.-D. Lee et al. / Future Generation Computer Systems 20 (2004) 327–338

331

Fig. 2. The step of round key generation using sub-key.

1, 16] using 8 bit input [Rj1], [Rj2], . . . , [Rj15], [Rj16], which are inputted from a sub-key generator, and pseudo random number R1 and R2. 3.1.2.2. A design of S-Box. The S-Box inside the F-function, as one of the critical elements which affects the encryption strength, uses eight boxes (S1, S2, . . . , S8) as shown in Table 1. It represents

2−6 of differential and linear probability under bijective function xn (0 ≤ n ≤ 255). The primitive polynomial a = x8 + x6 + x5 + 1 is used to generate the S-Box. Fig. 3 shows differential distribution for S-Box1. 3.1.2.3. A design of function F. To design the function F used in the encryption-level of the proposed encryption algorithm, we use a similar method to that of

Table 1 S-Box1

0×0 0×1 0×2 0×3 0×4 0×5 0×6 0×7 0×8 0×9 0×A 0×B 0×C 0×D 0×E 0×F

0×0

0×1

0×2

0×3

0×4

0×5

0×6

0×7

0×8

0×9

0×A

0×B

0×C

0×D

0×E

0×F

A9 85 D6 D3 54 1D AC 25 5D 43 18 1E 51 FC CA 63

28 44 20 9D E0 E2 C8 17 A5 8F 03 7B BB 13 D2 EE

70 8C 3F A8 32 DD F6 74 EC 95 0B 57 5C 58 BD 01

24 1C 73 98 10 CC F2 D9 2C E7 72 83 98 D1 86 C9

60 50 A3 EB 0D B6 9E 4F B7 5A C6 78 A6 12 AF D5

61 C3 B4 41 52 7D 8D 08 1F 99 00 19 04 53 F7 E1

FD 76 2F 27 B0 88 0E AB A2 6E 93 4D 69 7C 09 0A

BF EF F3 C5 87 14 FE 64 DE 2E 4B 1A 06 21 68 66

02 F5 92 8A 0C B3 7E D0 7A 47 96 E5 26 80 AD DF

A1 30 37 AE 36 15 22 38 F4 A7 45 4C 81 E9 84 97

35 CB CE 3C 71 11 C7 89 75 FB DA F8 94 59 82 C4

FF 49 39 67 C0 CF D7 B8 0F BE 42 23 91 6C DB A4

34 F1 48 C2 6F 3D 2D 40 BE 3E BC C1 AA BA 4E 55

38 DC 68 7F 9C D8 4A 56 77 A0 EB 46 B5 2B 65 FA

E3 B9 B1 9F 5E F9 E6 B2 31 EA 6D 5F E4 F0 CD 88

16 3A 58 D4 62 29 07 33 E8 1B 05 79 90 6A 2A 9A

332

C.-D. Lee et al. / Future Generation Computer Systems 20 (2004) 327–338

Fig. 3. S-Box1 differential distribution.

#3 in order to satisfy the max differential probability, it can be expressed as in Formula (1): F = DPmax

max

X =0, Y

DP F ( X → Y).

(1)

The max differential probability has an effect on the security of the function F. The method for function F is the following. K1–K16 are round key values by the sub-key and the round key generator and S1–S8 are the numbers of the S-Box. The next method is the design of the function F as in Fig. 4. P1 1 = S1(P2 ⊕ K1) ⊕ P1 P2 1 = S2(P1 1 ⊕ K15) ⊕ P2

P3 P4 P5 P6 P7 P8

1 = S3(P4 ⊕ K2) ⊕ P3 1 = S4(P3 1 ⊕ K6) ⊕ P4 1 = S5(P6 ⊕ K3) ⊕ P5 1 = S6(P5 1 ⊕ K7) ⊕ P6 1 = S7(P8 ⊕ K4) ⊕ P7 1 = S8(P7 1 ⊕ K8) ⊕ P8

P2 P4 P6 P8 P2 P4 P6 P8

2 = (P6 1 ⊕ P8 1) ⊕ P2 1 2 = P2 1 ⊕ P4 1 2 = P4 1 ⊕ P6 1 2 = P6 1 ⊕ P8 1 3 = S5(P3 1 ⊕ K9) ⊕ P2 2 3 = S5(P3 1 ⊕ K9) ⊕ P2 2 3 = S5(P3 1 ⊕ K9) ⊕ P2 2 3 = S5(P3 1 ⊕ K9) ⊕ P2 2

C1 = (P6 3 ⊕ P8 3) ⊕ P2 3 C2 = S6(C1 ⊕ K13) ⊕ P3 1 C3 = P2 3 ⊕ P4 3 C4 = S8(C3 ⊕ K14) ⊕ P5 1 C5 = P4 3 ⊕ P4 3 C6 = S2(C5 ⊕ K15) ⊕ P7 1 C7 = P6 3 ⊕ P8 3 C8 = S4(C7 ⊕ K16) ⊕ P1 1 In Fig. 4, Let P1 be 0 × FF (in hexadecimal notation), P2 be 0 × 55, and a round key K1 be 0 × AA. Then, encryption is performed as follows: P2 (0 × 55) is Or-ed with K1 (0 × AA). The value in the table S1

Fig. 4. The structure of function F.

C.-D. Lee et al. / Future Generation Computer Systems 20 (2004) 327–338

333

Fig. 5. The inverse function of the F-function.

is substituted by the result. Encryption process goes on in such a way the substituted value is Or-ed with P1 (0 × FF). 3.2. Design of a decryption algorithm Decryption process proceeds in the inverse order of encryption, from the encryption-level phase to the initial-level passing by the intermediate phase. First, the key used for encrypting plain text is inputted.

Second, a round key generated by the key scheduler (RKey [i]) is applied to the inverse function of the F-function for decrypting. Fig. 5 shows the inverse function of the F-function. The next method is the design of the inverse function F as in Fig. 5. C1 C2 C3 C4

1 = C7 1 ⊕ C1 1 = S6(C1 ⊕ K13) ⊕ C2 1 = C1 ⊕ C3 1 = S8(C3 ⊕ K14) ⊕ C4

Fig. 6. Encryption process of the F-function.

334

C.-D. Lee et al. / Future Generation Computer Systems 20 (2004) 327–338

C5 C6 C7 C8

1 = C3 1 ⊕ C5 1 = S2(C5 ⊕ K15) ⊕ C6 1 = C5 1 ⊕ C7 1 = S4(C7 ⊕ K16) ⊕ C8

C1 C3 C5 C7

2 = S5(C2 2 = S7(C4 2 = S1(C6 2 = S3(C8

C1 C3 C5 C7

3 = C1 3 = C1 3 = C3 3 = C5

When the F-function performs decryption, ciphertext C1, C2, . . . , C7, C8 are generated from 42, 9A, . . . , 6B, 9A. Before this transformation, plain text 54, A5, . . . , 2C, 79 are applied to P1, P2, . . . , P7, P8.

1 ⊕ K9) ⊕ C1 1 1 ⊕ K10) ⊕ C3 1 1 ⊕ K11) ⊕ C5 1 1 ⊕ K12) ⊕ C7 1

2 ⊕ C7 2 ⊕ C3 3 ⊕ C5 3 ⊕ C7

4. Performance evaluation In this thesis, we try to evaluate the performance in comparison to safety of differentiality, the speed of process by encryption/decryption and the intensity of encryption algorithm.

3 2 2 2

P2 = S2(C8 1 ⊕ K5) ⊕ C1 P1 = S1(P2 ⊕ K1) ⊕ C8 1 P4 = S4(C2 1 ⊕ K6) ⊕ C3 P3 = S3(P4 ⊕ K2) ⊕ C2 1 P6 = S6(C4 1 ⊕ K7) ⊕ C5 P5 = S5(P6 ⊕ K3) ⊕ C4 1 P8 = S8(C6 1 ⊕ K8) ⊕ C7 P7 = S7(P8 ⊕ K4) ⊕ C6 1

4.1. Stability evaluation

3 3 3 3

Fig. 6 shows the process of encrypting plain text P, and Fig. 7 shows the process of decrypting ciphertext. The plain text 54, A5, . . . , 2C, 79 are applied to P1, P2, . . . , P7, P8, and ciphertext C1, C2, . . . , C7, C8 are generated from 42, 9A, . . . , 6B, 9A.

There are mainly two methods in the comparison of differential characteristic probabilities of encryption algorithm; one is to compare the number of searches (the rate of probability in case of 2128 :2−128 ) of exhaustive key search, and the other is to compare with the value of differential characteristic probability of existing encryption algorithm. Differential cryptanalysis can vary in the method of analysis according to encryption algorithm. For the differential analysis of the algorithm, we search for whole differential characteristic by one function F.

Fig. 7. Decryption process of the F-function.

C.-D. Lee et al. / Future Generation Computer Systems 20 (2004) 327–338

335

Fig. 8. Diagram of differential cryptanalysis.

In Fig. 8, we analyze P4, which is most easy for a codebreaker to attack, to find out the differential characteristic of the function F. Only P4 is given a certain difference α = 0 and the rest are given a fixed differential characteristic (all 0 at Px). Let us suppose that, starting at P4, the probability S3 gets output differentiation β for input differentiation α is p1 and the S4 gets output differentiation α for input differentiation β is p2 . As S3 and S4 are bijective, we can understand that β = 0. The probability to be (0, β, 0, 0, 0, 0, 0, 0) like in Fig. 8 is p1 p2 . It becomes (γ, ε, γ, η, 0, 0, 0, 0) for certain γ, ε, γ while ε is a value of a certain 1 byte (8 bit) and γ, η becomes a value of 1 byte not a certain 0. If it is supposed that a pair of plain text P, P∗ , which have input and output differentiation, and a corresponding pair of cyphertext C, C∗ are acquired, we can select candidates of keys that are corresponding to K13 and K14. γ, ε, η are values that can be gotten from cyphertext. As we are aware of the input and output differentiation of S-Box accordingly, we seek all pairs of order that satisfies the output differentiation ε after examining all 28 input pairs of order that satisfies input differentiation γ of S-Box. If there are two pairs of order that satisfy it, it can be expressed as in Formula (2):

(x1 , x1 ⊕ γ) → (y1 , y1∗ ),

y1 ⊕ y1∗ = ε ⊕ β,

(x2 , x2 ⊕ γ) → (y2 , y2∗ ),

y2 ⊕ y2∗ = ε ⊕ β.

(2)

The two pairs of order that satisfy the above formula takes place when there exists the relation x2 = x1 ⊕ α. As the probability of the event is p1 p2 , if there are (p1 p2 )−1 pairs of plain text, it can be considered that there is one pair of order among them. Accordingly, such cryptography as the above can be possible if we use pairs of plain text of about two times as many as (p1 p2 )−1 . The data complexity here is 2(p1 p2 )−1 . The pairs of plain text that are satisfied in the differential distribution table of S-Box are called right pairs. The probability filtered pairs of order are passed while throwing away all the contrary wrong pairs is as in Formula (3): (28 − 1)−1 × 2−8 ≈ 2−16 .

(3)

In the above formula, the real value is 2−8 as it is presented as two pairs from the differential characteristic of S-Box. In addition to the results, the number of pairs of order to actually use in the decoding is like Formula (4) (p1 p2 )−1 × filltering weight = 2−12 × 2−8 = 2−20 . (4)

336

C.-D. Lee et al. / Future Generation Computer Systems 20 (2004) 327–338

We can get the value of differential characteristic 2−20 of the function F. In addition, the value that is calculated for the verification of whether 2−20 is possible by differential cryptanalysis is signal to noise and it is determined as in Formula (5): mp 2k p S 26 × 2−2 = = = 22 = 4, = k N αβ 1 × 2−8 mαβ/2

(5)

where m is the number of pairs of plain text used in the cryptanalysis, 2k the number of key candidates, α the certain pairs of plain text − the average number of key candidates that the pairs of ciphertext present, and β the rate of survived pairs of plain text after filtering. In Formula (5), the numerator of the first equation is the times the actual key are counted and the denominator is the average times certain key candidates are counted. The differential cryptanalysis here can be said to be successful as the S/N is 4. Accordingly, the differential characteristic of one of the function F here is 2−20 . The differential characteristic probability of proposed algorithm becomes 2−160 , so it is not as good as 2−300 of differential cryptanalysis in AES, but it is better than DES [8,9]. 4.2. The strength of encryption The strength of encryption is discerned in accordance with the required time to decode a key. The calculation of encryption strength of an encryption al-

Table 2 Comparison of encryption strength Index

Algorithm name

Key size

Needed time (year)

1 2 3 4

AES SEED DES Proposed algorithm

128 128 128 128

3.2E + 70 2.7E + 21 2.5E + 9 2.3E + 28

gorithm is as Formula (6), and the results of each algorithm are calculated as Table 2: differential characteristic/2 × computer speed . second (1 h) × 24 h × 365 days

(6)

The strength of the proposed algorithm is calculated as follows: 2160 /2 × 1/1012 = 2.3E + 28 (year). 3600 × 24 × 365 As shown in Table 2, the stability of the proposed algorithm is higher than SEED and DES. 4.3. Simulation In the encryption algorithm of symmetric key, a sender and a receiver shall share a secret key not publicized to a third person. The simulation was executed after assuming that the secret key was determined before the transmission of data or was shared in the encryption system of public key.

Fig. 9. Transmission of ciphertext.

C.-D. Lee et al. / Future Generation Computer Systems 20 (2004) 327–338

337

Fig. 10. Received ciphertext and decrypt text.

The system condition is as follows: (1) The data for the encryption • put 6 words in name; • 16 numbers of card-No; • four words of a valid year, month; • three words of CVC; • total 32 words include three blanks. Fig. 10 shows the received results in ID abcd00 about the contents which was data-coded and sent by the server. We can find out that the decrypted plain text is consistent with the transmitted contents in Fig. 9, and the efficiency of the proposed algorithm was demonstrated as the time of decryption was not more than 1 s. Therefore, the proposed algorithm in this thesis can be applied to the protection of information in various fields including e-commerce, because the processing time of encryption and decryption is short and has good stability (Fig. 10).

5. Conclusion The existing block encryption algorithms have been designed for the encryption key value to be unchanged and applied to the round functions in every single block. They have disadvantages in that the plain text or encryption key could be easily revealed by differential cryptanalysis or linear cryptanalysis. In order to safeguard from these, the function F which is employed to apply with different values has been proposed. The function F is supposed to

make an intensity of the block encryption algorithm better. In the results of simulation, the proposed algorithm takes a short processing time in encryption and decryption, also has a high intensity of encryption, and can apply to electronic commerce, multimedia watermarking, and various applications of data protection. In the future, more research will be required for a more efficient system than any other encryption algorithms which have been known so far. References [1] H. Feistel, W.A. Notz, J.L. Smith, Some cryptographic techniques for machine-to-machine data communications, Proc. IEEE 63 (11) (1975) 1545–1554. [2] D.R. Stinson, Cryptography: Theory and Practice, CRC Press, Boca Raton, FL, 1995. [3] J. Daemen, Cipher and Hash function design, Ph.D. Thesis, Katholieke Universiteit Leuven, March 1995. [4] C.M. Adams, On immunity against Biham and Shamir’s differential cryptanalysis, Inform. Process. Lett. 41 (1992) 77– 80. [5] Data Encryption Standard, Federal Information Processing Standards (FIPS) Publication No. 46, National Bureau of Standards, US Department of Commerce, Washington, DC, January 1977. [6] Skipjack and KEA Algorithm Specifications, Version 2.0, May 29, 1998. Available at the National Institute of Standards and Technology’s web page: http://csrc.nist.gov/encryption/ skipjack-kea.htm. [7] NIST, in: Proceedings of the Second AES Conference: AES Round2 Information, 1999. [8] J. Daemen, Vincent Rigmen, AES Proposal: Rigndael, 1997. [9] E. Biham, A. Shamir, Differential cryptanalysis of DES-like cryptosystems, in: Proceedings of the Crypto’90, Lecture Notes in Computer Science, vol. 537, Springer, Berlin, 1991, pp. 2–21.

338

C.-D. Lee et al. / Future Generation Computer Systems 20 (2004) 327–338 Chang-Doo Lee completed the course of PhD degree at Kyungnam University studying network security. His interests include security, multimedia and e-learning systems.

Bong-Jun Choi is a graduate student, currently toward the PhD degree at Kyungnam University studying Internet Computing. His interests include security, CRM and multimedia systems.

Kyoo-seok Park is a Professor of Computer Engineering at Kyungnam University, South Korea. He is the President of Korea Multimedia Society now. His research focuses on distributed systems, specifically applied to Internet computing, security systems and multimedia systems. He received his MS and PhD in computer science from the Chung-Ang University, South Korea.