Professional Documents
Culture Documents
Ieib D 23 00097 - R1
Ieib D 23 00097 - R1
Credentials Protection using QKD scheme and the input data for login applications
--Manuscript Draft--
Full Title: Credentials Protection using QKD scheme and the input data for login applications
Corresponding Author's Institution: SASTRA University SEEE: Shanmugha Arts Science Technology and Research
Academy School of Electrical and Electronics Engineering
Funding Information:
Abstract: The heavy usage of the IoT applications demands security of the credentials used to
access the same. Connecting devices together using the Internet has made it possible
to execute applications that were once assumed to be practically impossible. IoT-
based applications in child monitoring, health monitoring [12], retail industry, fitness
industry, agriculture industry, and so on has come as a boon. It allows the the
legitimate user[13][7] to log into his account, to monitor things effectively and permits to
take actions appropriately[3][4][5]. It is essential to keep these credentials secured from
the reach of malicious users[8][9]. This paper suggests an uncomplicated, single
rounded, highly random scheme, nevertheless, successfully encrypts the password
using a hybrid key selected from a pool of keys using a random number generator. The
number of keys in the pool is equal to the average of the lengths of the key generated
using the QKD (Quantum key distribution) technique and the length of the input
data(password). The security offered to the data is strengthened by first encoding the
credentials using a look up table where the assigned symbols for every single
character could be changed at regular intervals, enabling the scheme to withstand
different types of attacks including the bruteforce attack as the keyspace is greater
than 2128.
Greetings
I extend my sincere gratitude to the reviewers for dedicating their time to evaluating the
write-up and providing valuable feedback. Their comments have highlighted the areas
of improvement, ultimately leading to a stronger piece of writing. This experience has
also served as a learning opportunity, motivating me to enhance my writing skills
Powered by Editorial Manager® and ProduXion Manager® from Aries Systems Corporation
further. Thank you once again for your valuable input.
Sincerely,
Authors
Reviewer #1: It is a good idea for protecting credentials. A few observations are the
following:
Quantum key distribution (QKD) is a method of generating a highly random key that the
transmitter and receiver agree upon. Traditionally, the key used to perform encryption
is transmitted securely between the transmitter and the receiver, with the risk of
interception by an intruder. However, QKD permits the transmitter and receiver to use
a shared secret key that is known only to them. Any attempt to intercept the shared key
will result in an error that can be detected by the transmitter and receiver. BB84, BB92,
E91, SARG04, DPS, and Six-State (SSP) are a few of the QKD protocols available for
key generation.
Symmetric encryption is carried out using the cryptography fernet module in Python. It
has functions to generate an alphanumeric key that is used to perform encryption and
decryption of the data. It uses the AES algorithm, which is one of the most secure
algorithms.
3. It is told how the number of keys in the pool is obtained but how those keys are
generated is not explained
A: Key generation is performed using the key generate function from the cryptography
Fernet module and is briefly discussed in point 3 under ‘Significant statement’.
Symmetric encryption is carried out using the cryptography fernet module in python. It
has functions to generate an alphanumeric key that is used to perform encryption and
decryption of the data. It uses AES algorithm which is one of the very secured
algorithms.
A lookup table with symbols assigned to each alphabet, special characters and
numbers is constructed. The input (credential) is encoded using the table and the
resultant length is computed. The length of the key generated using QKD is calculated
and both the lengths are highlighted in red in fig 2(a) and fig 2(b) and in orange in fig
2(c).
A pool of keys equal to the approximated average of the lengths is generated. Using a
random number generator, a random key is chosen to perform encryption of the input.
Symmetric encryption\cite{N15(39)} is carried out using the cryptography fernet module
in python. It has functions to generate an alphanumeric key that is used to perform
encryption and decryption of the data. It uses AES algorithm which is one of the very
secured algorithms.
Powered by Editorial Manager® and ProduXion Manager® from Aries Systems Corporation
5. Security analysis could have been done with proper metrics for different types of
attacks
A: Metrics for security analysis include the resistance to different attacks, which are
discussed in point 3 under “Significant features of the scheme” heading.
The keys are a combination of alphabets (upper and lower case), numbers(0 to 9) and
two special characters (_) and (-) giving rise to a total key space of (26!+ 26! + 10! +2!)
equal to (1.1804051 E+60) which is greater than 2128 (3.4028237 E+38) making it
resistant to Brute force attack. Different cipher texts obtained for the same input with
every iteration as seen in figures 2 (a, b, c) makes it resistant to cipher text attack.
Usage of different keys to encrypt the same input with every iteration as seen in fig 2(a,
b, c) makes it resistant to Know Plain text attack.
6. Performance comparison is not done with proper reputed paper. Instead, it could
have been done against some paper with similar applications
A: The performance comparison (Security analysis carried out) is done in Table 2.
8. Instead of putting the article under brief communication, it could be a journal article
by incorporating detailed explanation and analysis.
A: We are focusing only on a small group audience, since Quantum cryptography is a
complex parameter and Strategic consideration aimed at maximizing the dissemination
and impact of research findings.
Reviewer #3:
1> The brief communication summarize the key strengths of the algorithm,
emphasizing its simplicity and effectiveness using examples, but nothing concrete has
been described regarding the ability of algorithm to resist attacks, sensitivity to
encryption keys, and integration of Quantum technology.
A: The ability of the algorithm to resist attacks, key sensitivity, are discussed in points 2
and 3 under “Significant features of the scheme” heading.
Key sensitivity:
A single character variation in the key do not perform decryption successfully, as
shown in fig 2 (c). In the considered case, number '8' in the key used for decryption is
replaced with number '6'.
Powered by Editorial Manager® and ProduXion Manager® from Aries Systems Corporation
encryption as seen in fig 2(a, b, c). Predicting the key chosen becomes difficult. These
factors add to the randomness of the scheme.
2> The report could benefit from a more detailed explanation of the QKD technique for
readers unfamiliar with quantum key distribution.
A: A brief introduction to QKD and its protocol types are discussed in point 1 under
“Significant statement” heading.
Quantum key distribution (QKD) is a method of generating a highly random key which
the transmitter and receiver agree upon. Traditionally, the key used to perform
encryption is transmitted securely between the transmitter and the receiver with the risk
of interception by an intruder. However, QKD permits transmitter and receiver to use a
shared secret key that is known only to them. Any attempt to intercept the shared key
will inform an error that can be detected by the transmitter and receiver. BB84, BB92,
E91, SARG04, DPS, Six-state(SSP) are few of the QKD protocols available for key
generation.
3> It is recommended to expand the conclusion by reiterating the key contributions and
potentially suggesting avenues for future research.
A: The conclusion is enclosed with the key contributions and the avenues for the future
research is also included after discussing the significant features of the scheme.
Powered by Editorial Manager® and ProduXion Manager® from Aries Systems Corporation
Author
Title details
Page
Manuscript (excluding authors' names and affiliations)
Significant statement
1. Quantum key distribution (QKD)[2] is a method of generating a highly random
key which the transmitter and receiver agree upon. Traditionally, the key used to
perform encryption is transmitted securely between transmitter and the receiver
with the risk of interception by an intruder. However, QKD permits transmitter
and receiver to use a shared secret key that is known only to them. Any attempt to
intercept the shared key will inform error that can be detected by the transmitter
and receiver. BB84, BB92, E91, SARG04, DPS, Six-state(SSP) are few of the QKD
protocols available for key generation.
1
2. A lookup table with symbols assigned to each alphabet, special characters and
numbers is constructed. The input (credential) is encoded using the table and
the resultant length is computed. The length of the key generated using QKD is
calculated and both the lengths are highlighted in red in fig 2(a) and fig 2(b) and
in orange in fig 2(c).
3. A pool of keys equal to the approximated average of the lengths is generated. Using
a random number generator[10][11][16], a random key is chosen to perform encryp-
tion of the input. Symmetric encryption[15] is carried out using the cryptography
fernet module in python. It has functions to generate an alphanumeric key that
is used to perform encryption and decryption of the data. It uses AES algorithm
which is one of the very secured algorithms.
4. The encoded data of the input, which is the data to be decrypted is obtained first,
as a part of the decryption scheme that is to be further decoded using the lookup
table to get the original data as mentioned in fig 2(a) and 2(b).
5. A single iteration of execution achieves successful encryption and decryption of the
data, outperforming the need for multilevel encryption technique[1].
The significant features of the suggested scheme include:
1. Randomness: The number of keys generated in the pool is highly random as it
depends on QKD generated key length and the credential length. QKD key length
varies with the seed values as seen in fig 2(a) and fig(b) and the credential length
is user dependent. Variation in the choice of the mathematical operation chosen
results in varying number of keys to be generated in the pool. Every iteration
generates distinct set of keys and generates a unique random number whose cor-
responding key is used to perform encryption as seen in fig 2(a,b,c).Predicting the
key chosen becomes difficult. These factors add to the randomness of the scheme.
2. Key sensitivity: A single character variation in the key do not perform decryption
successfully as shown in fig 2 (c).In the considered case, number ′8′ in the key is
replaced with number ′6′.
3. Key space and Attack resistant: The keys are a combination of alphabets(upper
and lower case), numbers(0 to 9) and two special characters( )and − ( ) giving rise
to a total key space of (26! + 26! + 10! + 2!) equal to (1.1804051 E+60) which is
greater than 2128 (3.4028237 E+38) making it resistant to Brute force attack.
Different cipher texts obtained for the same input with every iteration as seen in
figures 2 (a,b,c) makes it resistant to Cipher text attack. Usage of different
keys to encrypt the same input with every iteration as seen in fig 2(a,b,c) makes it
resistant to Know Plain text attack.
4. Time analysis: The time taken to perform the encryption and decryption for
varying lengths of the data is relatively less and is mentioned in table 1.
5. Security Analysis: The security analysis done is mentioned in table 2.
The scheme suggested is simple, involves single round of execution[14], takes in an
element from QKD and is designed to perform encryption and decryption of the
alphanumeric data of varied sizes effectively with no trade off on the security aspects.
The key sensitivity, key space and the attack resistant abilities of the scheme makes
it highly recommended for information access scenarios implementing authentication.
2
The scheme goes very well goes with passwords that are solely numeric, alphabetic,
specical character or alphanumeric types. The scheme could be try implemented on
images,videos with necessary modifications in the future.
References
[1] Sumathi, R., Raajan, N. R. (2020). A multilevel distributed image based
encryption for full integrity. Multimedia Tools and Applications, 79, 2161-2183.
[2] https://qiskit.org/textbook/ch-algorithms/quantum-key-distribution.html
[4] Souror, S., El-Fishawy, N., Badawy, M. (2021, July). SCKHA: A New Stream
Cipher Algorithm Based on Key Hashing and Splitting Technique. In 2021
International Conference on Electronic Engineering (ICEEM) (pp. 1-7). IEEE.
[5] Das, A. K., Kar, N. (2021). A Novel Approach of Text Encryption Using Random
Numbers and Hash Table. In Advances in Cyber Security: Second International
Conference, ACeS 2020, Penang, Malaysia, December 8-9, 2020, Revised Selected
Papers 2 (pp. 235-247). Springer Singapore.
[6] Pattanayak, S., Dey, D. (2016). Text encryption and decryption with extended
Euclidean algorithm and combining the features of linear congruence genera-
tor. International Journal of Development Research, 6(7), 8753-8756.
[7] 7.Poh, G. S., Gope, P., Ning, J. (2019). PrivHome: Privacy-preserving authen-
ticated communication in smart home environment. IEEE Transactions on
Dependable and Secure Computing, 18(3), 1095-1107
[8] Kumar, R. L., Khan, F., Kadry, S., Rho, S. (2022). A survey on blockchain for
industrial internet of things. Alexandria Engineering Journal, 61(8), 6001-6022.
[9] Krishna Kagita, M., Thilakarathne, N., Reddy Gadekallu, T., Reddy Mad-
dikunta, P. K. (2020). A Review on Security and Privacy of Internet of Medical
Things. arXiv e-prints, arXiv-2009.
[11] Pavithran, P., Mathew, S., Namasudra, S., Lorenz, P. (2021). A novel cryptosys-
tem based on DNA cryptography and randomly generated mealy machine. Com-
puters Security, 104, 102160.
3
[12] Shahid, J., Ahmad, R., Kiani, A. K., Ahmad, T., Saeed, S., Almuhaideb, A.
M. (2022). Data protection and privacy of the internet of healthcare things
(IoHTs). Applied Sciences, 12(4), 1927.
[13] Jung, C., Choi, J., Jang, R., Mohaisen, D., Nyang, D. (2021). A network-
independent tool-based usable authentication system for Internet of Things
devices. Computers Security, 108, 102338.
[14] Zhang, L., Ma, M., Qiu, Y. (2021). An enhanced handover authentication solution
for 6LoWPAN networks. Computers Security, 109, 102373.
[15] Wu, X., Yao, P., An, N. (2021). Extended XOR-based visual cryptography
schemes by integer linear program. Signal Processing, 186, 108122.
[16] Sheela, S. J., Suresh, K. V., Tandur, D. (2017, February). Secured text
communication using chaotic maps. In 2017 International Conference on Algo-
rithms, Methodology, Models and Applications in Emerging Technologies (ICAM-
MAET) (pp. 1-6). IEEE.
[17] Xu, X., Wang, Y., Zhang, X. D., Jiang, M. S. (2023). A Novel High-
Efficiency Password Authentication and Key Agreement Protocol for Mobile
Client-Server. Security and Communication Networks, 2023
[18] Cui, X., Li, C., Qin, Y., Ding, Y. (2020, December). A Password Strength
Evaluation Algorithm Based on Sensitive Personal Information. In 2020 IEEE
19th International Conference on Trust, Security and Privacy in Computing and
Communications (TrustCom) (pp. 1542-1545). IEEE.
[19] Tzemos, I., Fournaris, A. P., Sklavos, N. (2016, November). Security and effi-
ciency analysis of one time password techniques. In Proceedings of the 20th
Pan-Hellenic Conference on Informatics (pp. 1-5)
4
Table 2 Security Analysis Carried out
5
6