An Architecture Model for Active Cyber Attacks on

Intelligence Info-communication Systems:

Application Based on Advance System Encryption
(AES-512) Using Pre-Encrypted Search Table and
Pseudo-Random Functions(PRFs)
1st Professor Alexey .N. Nazarov
Department of Radio Engineering and Cybernetics
Moscow Institute of Physics and Technology State University(MIPT)
Moscow, Russia
a.nazarov06@bk.ru

2nd Alireza Nik Aein Koupaei

Department of Radio Engineering and Cybernetics
Moscow Institute of Physics and Technology State University(MIPT)
Moscow, Russia
anikaeinkoupaei@phystech.edu

Abstract—Recently, obtaining security in info-communication
systems becoming the most globally used method of data security
for communications through unprotected channels. Although
however, cyber-security is one of the most critical economic and
national security challenges. Life has become more subjected
on Internet-based tools, and there is a growing demand for a
cyber-security centre to gain safe structure, and cyber-space
development. Information is a principal element in the info-
communication system, where trusted service providers have a
security system in place to prevent, support and protect their data
against malicious attack or theft of information. To encrypt data
with the larger size, mostly symmetric key encryption is using like
advanced encryption standard (AES). This paper, is dealing first,
with the characteristics of data that can be addressed to the cyber
attacks. Secondly, a formal definition model is applied to improve
the performance of the application where session keys are used to
communicate using a pre-encrypted search table approach. The
approach is suitable for programs that communicate in session
mode and the key does not change frequently.
Index Terms—Cyber-security; Advanced Encryption Standard
(AES); Galois Field(GF); Data; Security Challenges; symmetric
key encryption; Info-communication.
I. I NTRODUCTION
Since the beginning of the 21 century, risks and threats
have increased. A University setup is aimed at hacking of the
protection system, its disclosure, modification, distortion, and
information communication resources are an urgent responsi-
bility[1]. Universities and other organizations have to ensure
their data and information. Hence, the applications which
have tools, services, and functions for data maintenance and
management packed into so-called databases (DBMS). Having
such features, and functions contain services plus privileges for
permission to keep legitimate users (authorized user) to access
the database. Database protection mechanism (potentially in-
cluding the data, the database system, servers, applications
or stored functions, and the associated network links) means
disallowing illegitimate users to access the database, and its
sensitive data whether accidental or intentional[2]. By hacking
the database system with the data breach, the database infras-
tructure is vulnerable to easily unauthorized access. It is not
rather making changes, on the data itself, but it may decrease
the integrity and secrecy of data. However, the relational
DBMS goals are to reduce the losses which are caused by
threats or expected events. The CIA (Confidentiality, Integrity,
and Availability) is the basis of the relational database security
concept. These elements must exist into application processes
to guarantee data to be secured[3].
The AES is a popular and important symmetric key algo-
rithm 512 bit. The AES is a well-known algorithm used for
symmetric encryption because of transparency and has since
absorbed the use of cryptographic accelerator architectures for
improving secrecy. A secure version of AES-512 bit is given,
with a conventional technique for data communication, where
data is exchanging in sessions and validity of the symmetric
key is of substantial duration, which uses a pre-encrypted
search table(PST). The proposed AES-512 bit performs two-
part encryption, in which part one of all plain-text from the
standard ASCII character set is encrypted and kept in the PST.
Round 2 is where existing plain-text encryption is achieved
by exchanging characters with their corresponding encryption
text.

Authorized licensed use limited to: University of Melbourne. Downloaded on July 30,2020 at 10:07:37 UTC from IEEE Xplore. Restrictions apply.
 II. BACKGROUND AND R ELATED W ORK TABLE I
S ECURITY F UNCTIONS
There are various techniques to classify and design coun-
termeasures that used to decrease vulnerabilities and prevent Designation of secu- Appointment of security functions
threats to system assets. The proposed method, by providing rity functions

access to UDB content with appropriate user discretion and X1 The main purpose,is well-organized the structures and
paradigm statistical prototypes in an,attempt to clarify
establishing rules for user interaction with information sources what is observed.
related to optimal criteria, under the requirements [1]. The [4] X2 The main purpose,is well-organized the structures and
proposed 128-bit AES which applies four 32-bit data blocks in paradigm statistical prototypes in an,attempt to clarify
what is observed.
parallel and able to override the previous 128-bit architecture
X3 Recommended,during latter steps of research tasks.
in terms of outcome and Effectiveness.
X4 All aspects,of the study are intelligently designed before
Encrypted weak data is extremely vulnerable to the active data is composed.
attacks that do not have access to the decryption key [5]. The X5 Researcher,uses instruments, such as equipment or ques-
purpose of the encryption and decryption is to protect the tionnaires to gather mathematical,data.
confidentiality of data and to maintain the integrity of user X6 Data is in,the form of facts and data.
information through database security services. The role of X7 Objective search,for detailed analysis of goal concepts
data encryption is to ensure the confidentiality of information. and measurement. (For instance,surveys, questionnaires
etc.)
The cloud technology solutions have also been proposed in the X8 Quantitative documents,is well-organized, able to check
framework of a logical-probabilistic approach [6,7], relying assumptions, but they can miss contextual point.
on the construction of a Hadoop technology-based monitoring X9 Quantitative documents,is well-organized, able to check
cluster [8], that has a common application. A reconfigurable assumptions, but they can miss contextual point.

architecture [9] obtained processing speed and throughput , X10 Researchers have,a tendency to remain quantitatively
separated from the subject material.
by using parallel connections. A secure hardware alternative
of AES-512 architecture recommended by [10] with a high-
throughput performance using a sustainable area increase key
Intrusion: an adversary acquiring unauthorized access to
search space of (2512 ), also more flexible to cryptanalysis.
sensitive information by getting over the systems access con-
It is difficult to identify malicious threats to the cloud
trol protections.
since you can access complexity levels and dynamic resources
Deception: this is a threat to system data or integrity that
using various types of authentication. It is a concern for
can have the following consequences:
the formation of security features which is given in Table 1
Masquerade: it is an aim by an unauthorized person to get
for the university. Table 1 illustrates the University database
access to a system by pretending as an authorized user (By
features by formalizing them into the subsequent protection
learning another users log-on ID and password). otherwise, a
functions[1].
destructive logic, like Trojan, to perform a useful function to
III. S ECURITY T HREATS AND M ETHODS TO L EAK get unauthorized access to system resources acquires.
U NIVERSITY I NFORMATION Falsification: this refers to manipulating valid data or in-
Table 2, shows the threats, and types of attacks that lead serting incorrect data into a file or database. For example, a
to the consequences. Publishing unauthorized messages are a
threat to confidentiality. In the following threat outcome: TABLE II
Exposure: It can be targeted, an insider intentionally trans- T HREAT C ONSEQUENCES , AND THE T YPES OF T HREAT ACTIONS
mits sensitive information to an unauthorized person. At the
same time, it can be the result of computer technology, or a Threat Consequence Threat Action (Attack)

human error that results in unauthorized access to sensitive Unauthorized

Disclosure • Exposure
data, for instance, universities accidentally posting student • Interception
• Inference
classified information on the web. Interception: arises in the • Intrusion
basement of communications over a shared LAN, or any
device connected to the LAN, can receive the same packets Deception
• Masquerade
intended for another device, a specific hacker can block traffic, • Falsification
access emails and more. All of these allow unauthorized access • Repudiation
to the data.
Disruption
Inference: It is also known as traffic analysis, where one • Incapacitation
party can gain insights from the traffic pattern in the in- • Corruption
• Obstruction
formation network. For example, the inference of database
information by a user who has only limited access. This can Usurpation
be accomplished by endless queries that enable the combined • Misappropriation
• Misuse
results of the inference.

Authorized licensed use limited to: University of Melbourne. Downloaded on July 30,2020 at 10:07:37 UTC from IEEE Xplore. Restrictions apply.
student can change their grades in the school database.
Disruption is a threat to system availability or integrity,
which can have the following consequences:
Incapacitation: this referred to an attack on the availability
of the system, as it results in physical damage to system
hardware, in particular, disabling systems or some essential
services.
Corruption: this type of attack targets the system integrity,
which malicious attackers could make system resources and
services operate erratically.
Obstruction: it is a way to block system performance using
disrupting communications by disabling links or manipulating
control information.
The usurpation is a threat to the integrity of the system,
which can have the following consequences:
Misappropriation: known as the scam service. It is a dis-
tributed DOS attack when malicious software is placed on a
numeral of target systems to be used as platforms to launch
traffic at a target host.
Misuse: this can be done by malicious logic or an attacker
who gained unauthorized access to the system. In any case,
security functions can be thwarted or disabled.
IV. M ETHODS AND M ECHANISM DATABASE P ROTECTION
Methods and tools are for protecting data include procedu-
ral, structural, hardware, and software organizations [11-15].
Unquestionably, the most valuable information resource for
any university and organization are databases, hence protected
by multiple layers of security, including general access control
systems, authentication mechanisms, database access control
systems, and firewalls. Besides, for exclusively sensitive data,
database encryption is acknowledged and often implemented.
Encryption has become the last line of defense in database
security. To eliminate the security threats every University and
organization must include a security policy which should be
implemented for certainty. The security policy authentication
plays an indispensable role because if authentication is proper,
then there are fewer chances of attacks and threats. Users have
different access rights in different database objects, which are
determined by the Access Control Mechanisms (ACMs). The
mechanism protects all data in the database and is maintained
by DBMS. Furthermore, it specifies the rules of interaction
between users and University assets via info-communication.
The symmetric key mechanism, which obtained by message
verification codes, is also known as MAC. In cryptography,
CBC-MAC is a block cipher based on MAC construction and
CBC mode operation. Also, it has proven that CBC-MAC
is secure for fixed-length messages or non-prefixed message
spaces. Nevertheless, fixed-length restraint, is not reserved in
practice. Using message length as the first block in CBC
calculations is a technique to circumvent, which requires the
previous information of the message length. Although, a stable
and simple strategy is to encrypt the CBC output with an
independent keyed permutation, known as E-MAC, which
proved to be secure without any constraints on the message.
Authorized licensed use limited to: University of Melbourne. Downloaded on July 30,2020 at 10:07:37 UTC from IEEE Xplore. Restrictions apply.
V. T HE M ODULAR S ECURITY F UNCTION M ECHANISM
AND ATTACKS
The solution mechanism requires states, and they both
( Sender / Receiver communication ) have to compute i
random numbers. As an alternative, we would like ”random
access” to the sequence. This is the principle behind the
PRFs: Sender gives Receiver some random i, and Receiver
returns Fκ (i), where Fκ (i) is indistinguishable from random
functions, that is, given any i1 , ..., ij , Fκ (i1 ), ..., Fκ (ij ),
no adversary can predict Fκ (ij + 1) for any ij + 1
Definition: A function f : {0, 1}n ×
{0, 1} π
→ {0, 1}κ
is a {α, β, γ}-PRF if:
• Given a key κ ∈ {0, 1}π and an input χ ∈ {0, 1}κ there
is an ”efficient” algorithm to compute Fκ (χ) = F (χ, κ).
• for any τ -time oracle algorithm Γ here we have:
|P rκ←{0 ,1 } π
[Γf κ] − P rf ∈z [Γf ]| < β
where z = {0, 1}n → {0, 1}κ and Γ makes at most γ
queries to the oracle. PRFs can also be used for symmetric
encryption: pick random Z, then output Eκ (M ) = hFκ (Z) ⊕
M, Zi (roughly speaking, if F is a PRF, then E is semantically
secure). They are also can be used as MACs: M ACκ (M ) =
Fκ (M ).
A. Fundamental Security Design Principles - Modular Secu-
rity
According to table 2, the disruption threats consequences
have been taken into our research consideration. The GCM
provides how valid encryption works with associated data.
The cost is minimal computation and is widely used in
practice, especially at higher data rates. Nevertheless, different
block cipher modes of operation can have noticeably different
performance and efficiency features, even when used with the
same block cipher mode. The GCM can take full advantage of
GCM implementation, and parallel processing can use either
instruction or hardware pipeline.
The cipher-text blocks are implemented as polynomial
multiplication, which is evaluated at a key-dependent point
H, using finite field arithmetic. It then encrypts the re-
sult and generates an authentication tag that is used to
verify data integrity. The encrypted text then combines IV
(Initialization Vector), authentication tag and cipher-text.
Theory: While CTR provides efficient encryption, it does not
provide message authentication. GCM resolves this combina-
tion by combining CTR encryption with message verification
code based on a global hash function. It is encrypted with κ
to generate an authentication tag τ [16].
Basic Model: The function F is a polynomial hash in a finite
field with two properties. The message is distributed into hash
blocks and treated as polynomial coefficients in the field of GF.
The polynomial in hash function key is evaluated, using the
Horner technique. The multiplication of two properties E, D ∈
GF (2υ ) is given as E
L
D. The function length(L) holds a
bit string L with a length between 0 and 2υ /2 − 1, inclusive, • ShiftRows, each row of the input matrix is displaced
and returns a υ−2 bit string including the non-negative integer cyclically with different degrees.
specifying the number of bits in its argument, with the least • MixColumns step, the input matrix is combined with
significant bit on the right. The block cipher width υ has to be multiplication and addition of the entries.
an even number. The additional authenticated data X is break The input plain-text proceeds through several rounds, each
up as X1 , X2 , ..., Xq −1 , Xq∗ , where the last bit string Xq∗ is a round includes the transformations mentioned above, because
partial block of length ω, and q and ω denote the distinctive a 512-bit different of AES. The high-level design of the AES-
pair of positive integers such that the total number of bits in 512 bits is shown in Figure 1. The plain-text and the key size
X is (q − 1)υ + ω and 1 ≤ ω ≤ υ , when length(X) > 0; are 512-bits each (organized in bytes). The AES-512 algorithm
otherwise q = ω = 0. The input(Y)s divied into ω− bit blocks design processes the data in 19th round.
Y1 , Y2 , ..., Yp− 1, Yp∗ has length ω. The universal hash function
is shown by H(U, X, Y ) = Zq +p+1 , where the variables Zi ∈
GH(2υ ) for i = 0, ..., p + q + 1 are defined recursively as:


 0, for i=0

(Zi−1 ⊕ Xi ).U , for i = 1, ..., q − 1




∗ νω

p−1 ⊕ (Xp k0 )).U , for i = q
(Z
Zi =


 (Zi−1 ⊕ Yq ).U , for i = q + 1, ...q + p − 1
∗ ν −ω
q +p−1 ⊕ (Yp k0 )).U,for i = q + p



 (Z

(Zq +p ⊕ (length(X)klength(Y ))).U,for i = q + p + 1


Here is the U value of the hash key. The expression 0s

indicates a string of s zero bits, and XkY represents the sum
of the two-bit strings X and Y. The GCM-verified encrypted
operation receives inputs as secret key K, an initial vector (IV),
plain-text ρ, and additional valid A data, and as its output a
cipher-text C and an authenticating tag T.
The GCM authenticated decryption function includes entries
K, IV, X, Y and τ . It generates a return value or a plain-text ρ
or ”FAIL” special symbol,which specifies its inputs are invalid.
GCM is secure, in the standard adaptive chosen plain-text
and chosen cipher-text model[16] of concrete security. If block
cipher cannot be distinguished from a random permutation,
an attacker cannot distinguish GCM ciphertexts from random
Fig. 1. The Architecture AES-512-bit
strings of the same length and will not be able to fake GCM
authentication tags τ . This is valid as long as the amount of
Transitions between network entities using the ASCII stan-
data processed is respected for a fixed key value[16].
dard character set is shown in the assumption of a 512-bit
VI. P RE -E NCRYPTED S EARCH TABLE - PST (AES AES module. This connection ensures that participants share
512- BIT ) B LOCK A RCHITECTURE P ROPOSED D ESIGN a session key for a limited time in any data that is sent
The proposed design of (PST) is developed the throughput or received, and is encrypted using this key whenever the
with a tolerated area, which required the 512-bit message exchange of information begins. For example, a given entry
block, and size of the key. Mathematically, for a specific key, will always be encrypted with the same encrypted text if the
any plain text will always address to a determined cipher- encryption key is not changed. The proposed structure takes
text. Hence, if the known-plain-text encrypted beforehand, benefit of this action, and all data received from the ASCII
and saved in PST together with their cipher-texts, then the standard set is encrypted and stored in PST with the same
encrypted message can be replaced with the pre-ciphered session key as in first place(step 1).
characters by substituting the plain characters with their cor- A simple input text message encrypts in step 2. The plain
responding cipher-texts. text is a set of characters, and each character is ciphered (in
The section has 4 main major byte-orientated transforma- Phase 1), now only one replacement action is needed, in which
tions as follows: each input character in their respective cipher-text replacement
message, using PST. While the replacement operation in round
• AddRoundKey, an identical byte of the subkey using
2 has a low-cost action, the encryption data is significantly
bitwise XOR operation is functioned between a 512-bit
faster and, as expected, achieves a significant result. Besides,
subkey using a 512-bit (state) input matrix.
the procedure is practicable until a key validation. A key
• Subbytes step, each byte in the state array is replaced
change means PST is outdated because plain-text is now
with sub-byte using an 8-bit (S-BOX).

Authorized licensed use limited to: University of Melbourne. Downloaded on July 30,2020 at 10:07:37 UTC from IEEE Xplore. Restrictions apply.
encrypted with different cipher-text because of the new key
and generates an incorrect results using the old PST, therefore
a new PST construction will be required. Switching may
take place between ordinary message encryption and switch-
based encryption related to session key authentication. If the
validation key is short, a shared encryption term should be
chosen, but for keys with significant credentials, PST-based
replacement encryption controls approachability.
”AES Encryption” is a functional block that executes ASCII
encryption (128 characters - 8 bits is sufficient to represent
them), using the AES 512 bit algorithm. The first entry is an
8-bit and 512-bit shared key input, between the communication
items. Both key and message blocks have to be 512-bits
size, practically the 8-bit padded with rest 504 bits of false
character to generate a 512-bit message block. After padding,
the key and message block attached to the algorithm, and
the encrypted character block efficient, with the main 8-bit
character, are then transferred to the encrypted table for all
128 ASCII characters.
The PST technique is used to store ASCII characters with
their corresponding encryption text, taking the character with
the encrypted text, by storing in 2 dimension array and
recorded using an 8-bit character. After encrypting all the
characters, it moves to step 2, which encrypts the existing
input message.
The original input message encryption performs in step 2.
At this point, an input takes a 512-bit message and replaces
each input message with its cipher-text using PST. The input
message is split into 8-bit characters using an 8-bit module.
The selected 8 bits are sent to the TPS, followed by a matching
character. At once the match is found, the corresponding
cipher-text is sent to the cipher block, and the 512-bit cipher
block received an generated at the output. A 512-bit message
consists of 64 pieces of 8-bit characters. The array counts these
64 bits while these bits are outdated, sending a new signal that
in turn adjusts its value to entertain a new 512-bit message.
VII. C ONCLUSION
Because of the growing demand for secure communications,
more secure encryption algorithms have been proposed, and
implemented recently. The AES-128 bit algorithm today in
many applications widely used. In this article, we recommend
a new modification of AES-512 bit input blocks because the
larger key size makes the algorithm safer, and the larger
input block increases algorithm efficiency. The introduced
method of AES-512 bit, which designed high encryption, takes
advantage of PST and produces faster processing speed with
stable surface improvement. Extra increments are tolerable
in the area and make the proposed algorithm ideal appli-
cations that require high levels of security and power such
as multimedia communications. Nevertheless, it proved that
GCM is secure using a strong block cipher since choosing a
unique initialization vector for each encryption produced with
the same key. This is not detectable using block cipher that
can be distinguished from a random permutation. Nonetheless,
security depends on selecting a unique IV for each encryption
Authorized licensed use limited to: University of Melbourne. Downloaded on July 30,2020 at 10:07:37 UTC from IEEE Xplore. Restrictions apply.
produced with the same key (stream encryption attack). The
proposed architecture is more secure and reliable for the
application which performs communication in the session like
HTTP-based application.
R EFERENCES
[1] A. N. Nazarov and A. Nik Aein Koupaei(2019), ”Models of Risk of At-
tack of university Infocommunication System”, 2019 Systems of Signals
Generating and Processing in the Field of on Board Communications,
Moscow, Russia, 2019, pp. 1-8, doi:10.1109/SOSG.2019.8706780.
[2] Kahate, A. (2013). ”Cryptography and network security”, Tata McGraw-
Hill Education.
[3] Nik Aein Koupaei, Alireza (2019), ”A hybrid method for improv-
ing quality of service in constraint-based availability in the cloud
for SMEs”. International Journal of Cloud Computing. 8. 103,
doi:10.1504/IJCC.2019.10021211.
[4] Chang CJ, Huang CW, Chang KH, Chen YC, Hsieh CC (2008),
High throughput 32-bit AES implementation in FPGA. InCircuits and
Systems, 2008. APCCAS 2008. IEEE Asia Pacific Conference on 2008
Nov 30 (pp. 1806-1809). IEEE.
[5] M. erban,(2012) Methods to Increase Search Performance for Encrypted
Databases, Procedia Economics and Finance, 3, pp. 1063-1068.
[6] A. Nazarov, (2007) Estimation of information safety level of modern
infocommunication networks on basis of logic-probability approach,
Automation and Remote Control, July 2007, Volume 68 Issue 7, pp.
1165-1176, USA, doi: 10.1134/S0005117907070053.
[7] A. Nazarov, K. Sychev, 2011 Models and methods for calculating the
indicators of quality of functioning of the equipment units and structural
parameters of the network the next generation networks, 2th ed., LLC
Policom, Russia, Krasnoyarsk.
[8] A. Nazarov, Nguyen Xuan Tien, Tran Minh Hai, 2016 Modeling of
information attacks, and security risk assessment facilities, T-Comm,
vol. 10, no. 8, pp. 69-78.
[9] V. O. Syrotyuk,2017 Models and Methods for Constructing Effective
Mechanisms for Protecting Structures of Patent Databases, in Control
Problems. no.5, pp. 43-51.
[10] Moh’d A, Jararweh Y, Tawalbeh LA (2002), AES-512: 512-bit Advanced
Encryption Standard algorithm design and evaluation. In Information
Assurance and Security (IAS), 2011 7th International Conference on
2011 Dec 5 (pp. 292-297), IEEE.
[11] Wolkerstorfer J, Oswald E, Lamberger M (2002), An ASIC implementa-
tion of the AES SBoxes. In Cryptographers Track at the RSA Conference
2002 Feb 18 (pp. 67-78). Springer Berlin Heidelberg.
[12] V. O. Syrotyuk, 2012 Methods and means of ensuring the information
security of patent offices, Patent information today, no.2, pp. 3-11.
[13] V. V. Kulba, N. P. Kurochka, 2015 Mathematical Model of Information
Security in Databases, Internet-magazine SCIENCE, vol. 7, no. 3,
http://naukovedenie.ru/PDF/108TVN315.pdf.
[14] M. Gregg, 2015 The Network Security Test Lab: A Step-by-Step Guide,
John Wiley And Sons, 488 p. ISBN 978-1-118-98705-6.
[15] McGrew D. (2011) Galois Counter Mode. In: van Tilborg H.C.A. Jajodia
S. (eds) Encyclopedia of Cryptography and Security. Springer, Boston,
MA.
[16] Biryukov A. (2011) Adaptive Chosen Plaintext and Chosen Ciphertext
Attack. In: van Tilborg H.C.A., Jajodia S. (eds) Encyclopedia of Cryp-
tography and Security. Springer, Boston, MA.