Journal of The Institution of Engineers (India): Series B

Credentials Protection using QKD scheme and the input data for login applications
--Manuscript Draft--

Manuscript Number: IEIB-D-23-00097R1

Full Title: Credentials Protection using QKD scheme and the input data for login applications

Article Type: Brief Communication

Section/Category: Computer Engineering

Keywords: authenticated user; Encryption; IoT applications; Security; randomness; Quantum

key distribution; secret data; attacks; Decryption

Corresponding Author: Narasimhan Renga Raajan, M.E., Ph.D.,

SASTRA University SEEE: Shanmugha Arts Science Technology and Research
Academy School of Electrical and Electronics Engineering
Thanjavur, Tamil Nadu INDIA

Corresponding Author Secondary

Information:

Corresponding Author's Institution: SASTRA University SEEE: Shanmugha Arts Science Technology and Research
Academy School of Electrical and Electronics Engineering

Corresponding Author's Secondary

Institution:

First Author: R Sumathi, M.E., Ph.D.,

First Author Secondary Information:

Order of Authors: R Sumathi, M.E., Ph.D.,

Narasimhan Renga Raaan, M.E., Ph.D.,

Rengarajan Amirtharajan, M.E., Ph.D.,

Order of Authors Secondary Information:

Funding Information:

Abstract: The heavy usage of the IoT applications demands security of the credentials used to
access the same. Connecting devices together using the Internet has made it possible
to execute applications that were once assumed to be practically impossible. IoT-
based applications in child monitoring, health monitoring [12], retail industry, fitness
industry, agriculture industry, and so on has come as a boon. It allows the the
legitimate user[13][7] to log into his account, to monitor things effectively and permits to
take actions appropriately[3][4][5]. It is essential to keep these credentials secured from
the reach of malicious users[8][9]. This paper suggests an uncomplicated, single
rounded, highly random scheme, nevertheless, successfully encrypts the password
using a hybrid key selected from a pool of keys using a random number generator. The
number of keys in the pool is equal to the average of the lengths of the key generated
using the QKD (Quantum key distribution) technique and the length of the input
data(password). The security offered to the data is strengthened by first encoding the
credentials using a look up table where the assigned symbols for every single
character could be changed at regular intervals, enabling the scheme to withstand
different types of attacks including the bruteforce attack as the keyspace is greater
than 2128.

Response to Reviewers: Respected Reviewer’s,

Greetings

I extend my sincere gratitude to the reviewers for dedicating their time to evaluating the
write-up and providing valuable feedback. Their comments have highlighted the areas
of improvement, ultimately leading to a stronger piece of writing. This experience has
also served as a learning opportunity, motivating me to enhance my writing skills

Powered by Editorial Manager® and ProduXion Manager® from Aries Systems Corporation
 further. Thank you once again for your valuable input.

Sincerely,

Authors

COMMENTS TO THE AUTHOR:

Reviewer #1: It is a good idea for protecting credentials. A few observations are the
following:

1. The QKD method must have been explored briefly.

A: An brief introduction to QKD and types of QKD protocols are discussed in point 1
under the heading ‘Significant statement’.

Quantum key distribution (QKD) is a method of generating a highly random key that the
transmitter and receiver agree upon. Traditionally, the key used to perform encryption
is transmitted securely between the transmitter and the receiver, with the risk of
interception by an intruder. However, QKD permits the transmitter and receiver to use
a shared secret key that is known only to them. Any attempt to intercept the shared key
will result in an error that can be detected by the transmitter and receiver. BB84, BB92,
E91, SARG04, DPS, and Six-State (SSP) are a few of the QKD protocols available for
key generation.

2. How the data encoded?

A: Data is encoded using the Cryptography Fernet module in python. It is discussed in
brief in point 3 under the heading ‘Significant statement’.

Symmetric encryption is carried out using the cryptography fernet module in Python. It
has functions to generate an alphanumeric key that is used to perform encryption and
decryption of the data. It uses the AES algorithm, which is one of the most secure
algorithms.

3. It is told how the number of keys in the pool is obtained but how those keys are
generated is not explained
A: Key generation is performed using the key generate function from the cryptography
Fernet module and is briefly discussed in point 3 under ‘Significant statement’.

Symmetric encryption is carried out using the cryptography fernet module in python. It
has functions to generate an alphanumeric key that is used to perform encryption and
decryption of the data. It uses AES algorithm which is one of the very secured
algorithms.

4. Encryption method is not explained

A: It is briefly discussed from point2 to point3 under ‘Significant statement’.

A lookup table with symbols assigned to each alphabet, special characters and
numbers is constructed. The input (credential) is encoded using the table and the
resultant length is computed. The length of the key generated using QKD is calculated
and both the lengths are highlighted in red in fig 2(a) and fig 2(b) and in orange in fig
2(c).

A pool of keys equal to the approximated average of the lengths is generated. Using a
random number generator, a random key is chosen to perform encryption of the input.
Symmetric encryption\cite{N15(39)} is carried out using the cryptography fernet module
in python. It has functions to generate an alphanumeric key that is used to perform
encryption and decryption of the data. It uses AES algorithm which is one of the very
secured algorithms.

Powered by Editorial Manager® and ProduXion Manager® from Aries Systems Corporation
 5. Security analysis could have been done with proper metrics for different types of
attacks
A: Metrics for security analysis include the resistance to different attacks, which are
discussed in point 3 under “Significant features of the scheme” heading.

The keys are a combination of alphabets (upper and lower case), numbers(0 to 9) and
two special characters (_) and (-) giving rise to a total key space of (26!+ 26! + 10! +2!)
equal to (1.1804051 E+60) which is greater than 2128 (3.4028237 E+38) making it
resistant to Brute force attack. Different cipher texts obtained for the same input with
every iteration as seen in figures 2 (a, b, c) makes it resistant to cipher text attack.
Usage of different keys to encrypt the same input with every iteration as seen in fig 2(a,
b, c) makes it resistant to Know Plain text attack.

6. Performance comparison is not done with proper reputed paper. Instead, it could
have been done against some paper with similar applications
A: The performance comparison (Security analysis carried out) is done in Table 2.

7. All references are not in the same format

A: The references are changed to the same format.

8. Instead of putting the article under brief communication, it could be a journal article
by incorporating detailed explanation and analysis.
A: We are focusing only on a small group audience, since Quantum cryptography is a
complex parameter and Strategic consideration aimed at maximizing the dissemination
and impact of research findings.

Reviewer #3:
1> The brief communication summarize the key strengths of the algorithm,
emphasizing its simplicity and effectiveness using examples, but nothing concrete has
been described regarding the ability of algorithm to resist attacks, sensitivity to
encryption keys, and integration of Quantum technology.

A: The ability of the algorithm to resist attacks, key sensitivity, are discussed in points 2
and 3 under “Significant features of the scheme” heading.

Key sensitivity:
A single character variation in the key do not perform decryption successfully, as
shown in fig 2 (c). In the considered case, number '8' in the key used for decryption is
replaced with number '6'.

Key space and attack resistant:

The keys are a combination of alphabets (upper and lower case), numbers(0 to 9) and
two special characters(_)and (-) giving rise to a total key space of (26!+ 26! + 10! +2!)
equal to (1.1804051 E+60) which is greater than 2128 (3.4028237 E+38) making it
resistant to Brute force attack. Different cipher texts obtained for the same input with
every iteration as seen in figures 2 (a,b,c) makes it resistant to cipher text attack.
Usage of different keys to encrypt the same input with every iteration as seen in fig
2(a,b,c) makes it {resistant to Know Plain text attack.

Integration of Quantum technology:

The suggested scheme takes in the length of the key generated by QKD as one of the
inputs in deciding the number of keys to be generated in the pool.

Its contribution to enhancing the randomness of the scheme is discussed in point 1

under “Significant features of the scheme” heading.
The number of keys generated in the pool is highly random, as it depends on QKD
generated key length and the credential length. QKD key length varies with the seed
values as seen in fig 2(a) and fig(b) and the credential length is user dependent.
Variation in the choice of the mathematical operation chosen results in varying number
of keys to be generated in the pool. Every iteration generates a distinct set of keys and
generates a unique random number whose corresponding key is used to perform

Powered by Editorial Manager® and ProduXion Manager® from Aries Systems Corporation
 encryption as seen in fig 2(a, b, c). Predicting the key chosen becomes difficult. These
factors add to the randomness of the scheme.

2> The report could benefit from a more detailed explanation of the QKD technique for
readers unfamiliar with quantum key distribution.
A: A brief introduction to QKD and its protocol types are discussed in point 1 under
“Significant statement” heading.

Quantum key distribution (QKD) is a method of generating a highly random key which
the transmitter and receiver agree upon. Traditionally, the key used to perform
encryption is transmitted securely between the transmitter and the receiver with the risk
of interception by an intruder. However, QKD permits transmitter and receiver to use a
shared secret key that is known only to them. Any attempt to intercept the shared key
will inform an error that can be detected by the transmitter and receiver. BB84, BB92,
E91, SARG04, DPS, Six-state(SSP) are few of the QKD protocols available for key
generation.

3> It is recommended to expand the conclusion by reiterating the key contributions and
potentially suggesting avenues for future research.

A: The conclusion is enclosed with the key contributions and the avenues for the future
research is also included after discussing the significant features of the scheme.

Powered by Editorial Manager® and ProduXion Manager® from Aries Systems Corporation
Author
Title details
Page
Manuscript (excluding authors' names and affiliations)

Credentials Protection using QKD scheme for

login applications
Abstract
The heavy usage of the IoT applications demands security of the credentials used
to access the same. Connecting devices together using the Internet has made it
possible to execute applications that were once assumed to be practically impos-
sible. IoT-based applications in child monitoring, health monitoring [12], retail
industry, fitness industry, agriculture industry, and so on has come as a boon.
It allows the the legitimate user[13][7] to log into his account,to monitor things
effectively and permits to take actions appropriately[3][4][5]. It is essential to
keep these credentials secured from the reach of malicious users[8][9]. This paper
suggests an uncomplicated, single rounded, highly random scheme, nevertheless,
successfully encrypts the password using a hybrid key selected from a pool of
keys using a random number generator. The number of keys in the pool is equal
to the average of the lengths of the key generated using the QKD (Quantum key
distribution) technique and the length of the input data(password). The security
offered to the data is strengthened by first encoding the credentials using a look
up table where the assigned symbols for every single character could be changed
at regular intervals, enabling the scheme to withstand different types of attacks
including the bruteforce attack as the keyspace is greater than 2128.

Keywords: authenticated user · encryption · IoT applications · security ·randomness ·

Quantum key distribution · secret data · attacks · decryption

Mathematics Subject Classification (2010) 97-11, 68M25 . 68P25

Significant statement
1. Quantum key distribution (QKD)[2] is a method of generating a highly random
key which the transmitter and receiver agree upon. Traditionally, the key used to
perform encryption is transmitted securely between transmitter and the receiver
with the risk of interception by an intruder. However, QKD permits transmitter
and receiver to use a shared secret key that is known only to them. Any attempt to
intercept the shared key will inform error that can be detected by the transmitter
and receiver. BB84, BB92, E91, SARG04, DPS, Six-state(SSP) are few of the QKD
protocols available for key generation.

1
2. A lookup table with symbols assigned to each alphabet, special characters and
numbers is constructed. The input (credential) is encoded using the table and
the resultant length is computed. The length of the key generated using QKD is
calculated and both the lengths are highlighted in red in fig 2(a) and fig 2(b) and
in orange in fig 2(c).
3. A pool of keys equal to the approximated average of the lengths is generated. Using
a random number generator[10][11][16], a random key is chosen to perform encryp-
tion of the input. Symmetric encryption[15] is carried out using the cryptography
fernet module in python. It has functions to generate an alphanumeric key that
is used to perform encryption and decryption of the data. It uses AES algorithm
which is one of the very secured algorithms.
4. The encoded data of the input, which is the data to be decrypted is obtained first,
as a part of the decryption scheme that is to be further decoded using the lookup
table to get the original data as mentioned in fig 2(a) and 2(b).
5. A single iteration of execution achieves successful encryption and decryption of the
data, outperforming the need for multilevel encryption technique[1].
The significant features of the suggested scheme include:
1. Randomness: The number of keys generated in the pool is highly random as it
depends on QKD generated key length and the credential length. QKD key length
varies with the seed values as seen in fig 2(a) and fig(b) and the credential length
is user dependent. Variation in the choice of the mathematical operation chosen
results in varying number of keys to be generated in the pool. Every iteration
generates distinct set of keys and generates a unique random number whose cor-
responding key is used to perform encryption as seen in fig 2(a,b,c).Predicting the
key chosen becomes difficult. These factors add to the randomness of the scheme.
2. Key sensitivity: A single character variation in the key do not perform decryption
successfully as shown in fig 2 (c).In the considered case, number ′8′ in the key is
replaced with number ′6′.
3. Key space and Attack resistant: The keys are a combination of alphabets(upper
and lower case), numbers(0 to 9) and two special characters( )and − ( ) giving rise
to a total key space of (26! + 26! + 10! + 2!) equal to (1.1804051 E+60) which is
greater than 2128 (3.4028237 E+38) making it resistant to Brute force attack.
Different cipher texts obtained for the same input with every iteration as seen in
figures 2 (a,b,c) makes it resistant to Cipher text attack. Usage of different
keys to encrypt the same input with every iteration as seen in fig 2(a,b,c) makes it
resistant to Know Plain text attack.
4. Time analysis: The time taken to perform the encryption and decryption for
varying lengths of the data is relatively less and is mentioned in table 1.
5. Security Analysis: The security analysis done is mentioned in table 2.
The scheme suggested is simple, involves single round of execution[14], takes in an
element from QKD and is designed to perform encryption and decryption of the
alphanumeric data of varied sizes effectively with no trade off on the security aspects.
The key sensitivity, key space and the attack resistant abilities of the scheme makes
it highly recommended for information access scenarios implementing authentication.

2
The scheme goes very well goes with passwords that are solely numeric, alphabetic,
specical character or alphanumeric types. The scheme could be try implemented on
images,videos with necessary modifications in the future.

References
[1] Sumathi, R., Raajan, N. R. (2020). A multilevel distributed image based
encryption for full integrity. Multimedia Tools and Applications, 79, 2161-2183.

[2] https://qiskit.org/textbook/ch-algorithms/quantum-key-distribution.html

[3] Swati, Gupta, R. P. (2021). Implementation and Performance Analysis of

ECC-Based Text Encryption on Raspberry Pi 3. In Artificial Intelligence and Sus-
tainable Computing: Proceedings of ICSISCET 2020 (pp. 201-214). Singapore:
Springer Singapore.

[4] Souror, S., El-Fishawy, N., Badawy, M. (2021, July). SCKHA: A New Stream
Cipher Algorithm Based on Key Hashing and Splitting Technique. In 2021
International Conference on Electronic Engineering (ICEEM) (pp. 1-7). IEEE.

[5] Das, A. K., Kar, N. (2021). A Novel Approach of Text Encryption Using Random
Numbers and Hash Table. In Advances in Cyber Security: Second International
Conference, ACeS 2020, Penang, Malaysia, December 8-9, 2020, Revised Selected
Papers 2 (pp. 235-247). Springer Singapore.

[6] Pattanayak, S., Dey, D. (2016). Text encryption and decryption with extended
Euclidean algorithm and combining the features of linear congruence genera-
tor. International Journal of Development Research, 6(7), 8753-8756.

[7] 7.Poh, G. S., Gope, P., Ning, J. (2019). PrivHome: Privacy-preserving authen-
ticated communication in smart home environment. IEEE Transactions on
Dependable and Secure Computing, 18(3), 1095-1107

[8] Kumar, R. L., Khan, F., Kadry, S., Rho, S. (2022). A survey on blockchain for
industrial internet of things. Alexandria Engineering Journal, 61(8), 6001-6022.

[9] Krishna Kagita, M., Thilakarathne, N., Reddy Gadekallu, T., Reddy Mad-
dikunta, P. K. (2020). A Review on Security and Privacy of Internet of Medical
Things. arXiv e-prints, arXiv-2009.

[10] Kumar, V., Rayappan, J. B. B., Amirtharajan, R., Praveenkumar, P. (2022).

Quantum true random number generation on IBM’s cloud platform. Journal of
King Saud University-Computer and Information Sciences, 34(8), 6453-6465.

[11] Pavithran, P., Mathew, S., Namasudra, S., Lorenz, P. (2021). A novel cryptosys-
tem based on DNA cryptography and randomly generated mealy machine. Com-
puters Security, 104, 102160.

3
[12] Shahid, J., Ahmad, R., Kiani, A. K., Ahmad, T., Saeed, S., Almuhaideb, A.
M. (2022). Data protection and privacy of the internet of healthcare things
(IoHTs). Applied Sciences, 12(4), 1927.

[13] Jung, C., Choi, J., Jang, R., Mohaisen, D., Nyang, D. (2021). A network-
independent tool-based usable authentication system for Internet of Things
devices. Computers Security, 108, 102338.

[14] Zhang, L., Ma, M., Qiu, Y. (2021). An enhanced handover authentication solution
for 6LoWPAN networks. Computers Security, 109, 102373.

[15] Wu, X., Yao, P., An, N. (2021). Extended XOR-based visual cryptography
schemes by integer linear program. Signal Processing, 186, 108122.

[16] Sheela, S. J., Suresh, K. V., Tandur, D. (2017, February). Secured text
communication using chaotic maps. In 2017 International Conference on Algo-
rithms, Methodology, Models and Applications in Emerging Technologies (ICAM-
MAET) (pp. 1-6). IEEE.

[17] Xu, X., Wang, Y., Zhang, X. D., Jiang, M. S. (2023). A Novel High-
Efficiency Password Authentication and Key Agreement Protocol for Mobile
Client-Server. Security and Communication Networks, 2023

[18] Cui, X., Li, C., Qin, Y., Ding, Y. (2020, December). A Password Strength
Evaluation Algorithm Based on Sensitive Personal Information. In 2020 IEEE
19th International Conference on Trust, Security and Privacy in Computing and
Communications (TrustCom) (pp. 1542-1545). IEEE.

[19] Tzemos, I., Fournaris, A. P., Sklavos, N. (2016, November). Security and effi-
ciency analysis of one time password techniques. In Proceedings of the 20th
Pan-Hellenic Conference on Informatics (pp. 1-5)

Statements and Declarations

Competing Interests
There is no funding for this research work.
Conflict of Interest
The authors do not have conflicts of interest associated with this publication.

Table 1 Time taken for encryption and decryption process

Time taken for Time taken for

Input data Scheme Used
Encryption Decryption
123Test!@#the Password 0.0229s 0.0029s Proposed Scheme
500 characters 0.1505s 0.0039s Proposed Scheme
135ms(Logistics map) 457ms [16]
125ms(Pinchers map) 510ms [16]
144 characters 105s(Sine-Circle map) 6127ms [16]
0.0802(80ms) 0.002(2ms) Proposed Scheme

4
 Table 2 Security Analysis Carried out

Parameter Our Scheme [18] [17] [19]

Key space Y N N N
Key sensitivity Y N N N
Brute force attack analysis Y N N N
Known plain text analysis Y N N N
Cipher text analysis Y N N N
Resistance to Password guessing attack N N Y N
Password strength evaluation based on N Y N N
sensitive personal information
Man in the middle attack N N N Y
Replay attack N N N Y

Fig. 1 Process flow for encryption and decryption process

5
 6

Fig. 2 Encryption carried out with different QKD lengths