Paper: DES96 – Improved DES Security

ABSTRACT

The Data Encryption Standard (DES) has shown noticeable signs of aging during the last two decades. In this paper we develop a system that is a DES-variant with more resistance towards the possible attacks against DES. The developed system has a sub-key generation algorithm that is completely different from the original DES.
The developed system uses 84-bit initial key instead of the 56-bit key originally used. It has substitution boxes inside the key generation algorithm and mod2 additions. The choice of arrangement of substitution boxes in the main algorithm for each round is sub-key dependent. The result of the design is a DES-variant cryptographic system that has higher resistance against brute-force attack, differential cryptanalysis, and linear cryptanalysis. The proposed system design also cancelled the weak-keys and complement keys properties of the DES.

Index Terms – data encryption standard, encryption, cryptanalysis.

Citation Information:

Mohammed M. Alani, DES96 – Improved DES Security,  Proceedings of the 7th IEEE International Multi-Conference on Systems, Signals and Devices (SSD’10) , Amman, Jordan. June 2010. (IEEEXplore).

Implementation of AES in Voice over Internet Protocol

ABSTRACT
The paper is aimed to provide an implementation and evaluation of Advanced Encryption Standard (AES) to a Voice over Internet Protocol (VoIP) system. The research in this paper also concentrates on evaluation of Quality of Service (QoS) parameters and the effect of implementing the AES to voice packets. Although, the security provided by encryption is of unique importance to voice signals, designs must take into concentration keeping the QoS parameters in acceptable values. The VoIP model used in this paper was H.323 model. And encryption was implemented between the End Point (EP) and GateKeeper (GK) and between GKs too. The two scenarios evaluated here were calls made between EPs lying on the same GK and on different GKs.
Three QoS parameters were evaluated in this paper; delay, jitter, and loss. These parameters are the most influential on the quality of the voice session.
The implementation carried out in this paper by using Asterisk software as the GK and JCPPhone as the EP. A software module was added to Asterisk and JCPPhone to implement AES.
This study has shown that the implementation of AES in the used call models has given good QoS parameters for long and short distance calls. This implies that the integration of AES in VoIP future applications is possible.

Keywords: AES, encryption, computer network, VoIP, IP-Telephony, H.323, and VoIP security.
 

Citation Information:

Siddeeq Y. Ameen, Fawzi Alnaima, Mohammed M. Alani, Implementation of AES in Voice over Internet Protocol, accepted for publishing in Gulf University Journal (ISSN:1985-9562).

Paper: Development of a VoIP Security System Based on H.323 Protocol

ABSTRACT
In this thesis a secure IP-Telephony framework is proposed. This framework relies on H.323 and covers two of the most important weaknesses that were in the original H.323 and were not covered in an efficient and easily implementable way. These two weaknesses are secrecy of voice data traveling from one EndPoint to another, and authentication between GateKeepers when calls made are Inter-GateKeeper calls. In the suggested framework, Advanced Encryption Standard and HMAC-SHA1-96 were used to overcome the weak points of the original H.323.
The suggested framework was implemented and tested and has proved strength over most popular IP-Telephony attacks and provided acceptable quality of service as compared to other solutions of the H.323 security loopholes. The implementation was tested for two different scenarios; calls placed on EndPoints laying in the same local area network, and calls made over the Internet with EndPoints laying in different zones.
For the local area network calls, the delay was 61 milliseconds, and the jitter was 8 millisecond, with an average loss of 0.93%. For the Internet-separated EndPoints, the delay was 265 milliseconds, and the jitter was 41 milliseconds, with an average loss of 1.22%. These values were calculated for 1000 calls.
The implementation environment included Asterisk software as the GateKeeper software, and JCPPhone as the EndPoints software. The Asterisk version used was AsteriskNOW beta5-x86. It was installed on Linux servers.
The proposed system has shown more resistance towards the most common three IP-Telephony attacks; toll fraud, eavesdropping, and denial of service. The features of the proposed system were compared with the original H.323 set, Session Initiation Protocol, and H.235 Annex D.

Citation Information:

Mohammed M. Alani,  “Development of a VoIP Security System Based on H.323 Protocol”, PhD Thesis, Computer Engineering Department, College of Engineering, Nahrain University, May, 2007.

 

Mohammed M. Alani,  “Development of a VoIP Security System Based on H.323 Protocol”, PhD Thesis, Computer Engineering Department, College of Engineering, Nahrain University, Baghdad, Iraq. May, 2007.

Paper: Design of H.323 Secure IP-Telephony Framework

ABSTRACT
The paper is aimed to provide a secure IP-Telephony system based on H.323 set of protocols. H.323 is a standard that specifies the components and procedures that provide multimedia communication services—real-time audio, video, and data communications—over packet networks, including Internet protocol (IP)–based networks. H.323 is part of a family of ITU—T recommendations called H.32x that provides multimedia communication services over a variety of networks. From the security aspect, H.323 provides a scheme for authentication between the End Point (EP) and the GateKeeper (GK). However, the authentication between EPs lying on different GKs needs to be considered. Thus, the paper shows a proposed model and implementation with the evaluation of such authentication process. It also provides secrecy for certain users that require such a service. These have been provided by providing authentication for EPs laying on different GKs, as well as providing encryption for the voice data traveling between EPs laying on same GK or different GKs.

Keywords: Computer network, VoIP, IP-Telephony, H.323, and VoIP security.

Citation Information:

Siddeeq Y. Ameen, Fawzi Alnaima, and Mohammed M. Alani, Design of H.323 Secure IP-Telephony Framework, published in The 6th International Philadelphia Engineering Conference On Computational Aspects and Their Applications in Electrical Engineering, Philadelphia University, Amman, Jordan, September, 2006.

Paper: DES80 – A DES Variant Cryptographic System

ABSTRACT

The Data Encryption Standard (DES) has shown noticeable weaknesses during the last decade. In this paper we develop a system that is a DES-variant but has more resistance towards the latest attacks against DES. The developed system has a sub-key generation algorithm that is totally different from the original DES one. The developed system uses a 70-bit initial key instead of the 56-bit key originally used. It has substitution boxes inside the key generation algorithm and mod2 addition. The choice of arrangement of substitution boxes in the main algorithm for each round is sub-key dependent. The result of our design is a DES-variant cryptographic system that has higher resistance towards brute-force attack, differential cryptanalysis, and linear cryptanalysis. Our design also canceled the weak-keys and complement-keys properties of the DES.
Citation Information:

Abdul-Karim A-R. Kadhim, Mohammed M. Alani, DES80: A DES-Variant Cryptographic System, published in the First Scientific Conference of the State Company of Internet Services, Baghdad, Oct. 22nd -23rd , 2002.

 Full Text (PDF)

Note: By the time we were working on this paper in the years 2000-2001, we had very limited Internet connectivity in Iraq. This lead to the fact that we did not know about the Canadian DES80 project at all. If we knew, we would have changed the name of the paper accordingly.