Designing a secured audio based key generator for cryptographic symmetric key algorithms

ABSTRACT


INTRODUCTION
The most secured cryptography technique considered today in use is the one-time pad (OTP) algorithm which is used to generate a random key every time encryption is performed.The random number key generator used for OTP is a pseudo random number key generator that follows logical instructions from a computer by utilizing a mathematical formula to produce a number that appears random and is used as a key to encrypt the data [1].The number generated appears to have some degree of randomness, but after some research and statistical analysis, it was found that these numbers are deterministic in nature and are computationally predetermined [2].Such algorithms utilize a seed value to generate keys using some defined mathematical formula.Under perfect cryptanalysis, if the start point of the random number generator sequence is known then that generator fails as one can predict the keys and can also predetermine the periodicity of the generator [3].Hence such generators are only successful and have shelf life till their starting point and mathematical function used are unknown, thus they are termed pseudo random number generator.
To resolve this flaw, the focus was moved to utilize true random number generators as a source for the key value.These True Random Number Generators (TRNG) utilize the data extracted from the physical environment such as entropy keys, atmospheric noise, wave noise.However, such a data extraction has a heavy  ISSN: 2722-3221 Comput.Sci.Inf.Technol., Vol. 2, No. 2, July 2021: 87 -94 88 hardware requirement (e.g.hypersensitive microphones, highly efficient entropy detectors, high capacity storage space.)which requires a massive financial investment.Therefore, the general consensus of industries in utilizing TRNG keys has received very little encouragement due to the heavy hardware financial investment just for capturing input data for a TRN key generator.
The primary goal of this research work is to design and develop a lightweight program that is capable of using the current laptops or PCs hardware to generate a true random number (TRNG) key using live audio recordings which is further randomized using system date and time.These TRNs can be used to replace the deterministic pseudo random number cryptographic keys that are presently used by industries for symmetric key encryption algorithms which devolves the algorithm to being conditionally secured (cipher text can be decrypted to plain text without key knowledge over a long duration of time, that can be more than the message's time to live).Using the audio based TRNG key would render the same encryption algorithm as unconditionally secured (cipher text doesn't contain sufficient data to uniquely determine the plain text without key knowledge).Audio Recordings in general are capable enough to produce truly random numbers.However, we have tried to consider a special use case where a user ends up with a live recording without actually speaking (may occur if the user uses a headset with a faulty mic), which would result in a static audio recording.To accommodate this scenario, the modulo integer value of the current system date and time is utilized to further randomize the program output.Upon execution, the lightweight Audio based TRN Key Generator program (proof of concept was created using JAVA 13) produces a randomized 64-bit binary key which can be directly used as a key input in any cryptographic symmetric key algorithm such as advanced encryption standard (AES-256), triple data encryption algorithm (TDES or 3DES), one-time-pad (OTP).Future enhancements are planned to variablize the final output key size so the program can produce keys of variable length such as 256 bits, 512 bits, 1024 bits.
Pseudo random number generators (PRNG) are used to generate symmetric or asymmetric keys to be used in encryption algorithms.There are many ways PRNGs can be compromised.One of the possible attacks to compromise the PRNGs is to attack the respective algorithm through which the random generator is working and making the keys predictable, thus making PRNG a deterministic machine.S. Indarjani, G. Supriyatno, A. Nugraha and I. M. M. Astawa [4] tested the Pseudo random number generators with Insertion Attack and effects of it on PRNG using national institute of standards and technology (NIST) randomness tool.previous researches concluded that inserting a single bit for attacking PRNG implemented AES had 17.7% failed tests for AES-128 and 24.44% for AES-192 [5].Researchers from Indonesia conducted tests on four algorithms of PRNGs, AES standard PRNG, ANSI X9.31 i.e.NIST recommended RNG, Dragon Stream Cipher and Rabbit Stream Cipher using concepts of NIST randomness test tool with a level of significance = 0.01 and concluded that the Dragon Stream Cipher algorithm to be the strongest among all four [6].AES was found to be severely compromised at the block level and concluded that insertion attack using bits can compromise the characteristic randomness of target sequences [7].Some PRNGs can be compromised using a known plain text attack.
Amro and El-Alfy [8] tried to improve the PRNG based text Encryption and analysed the PRNGs for the known plain text attack.They proposed to improve security using PRNG based on stream cipher.But the proposed model could not withstand attacks and failed to cipher text only attack that was using the brute force method to crack especially when the keys domain is very small.Chosen plain text attack is also possible and chosen cipher text attack can be successfully accomplished under certain circumstances [9].Thus, the proposed model does not have enough efficiency to serve its purpose.To overcome all these shortcomings, it is better to switch to True Random Number Generators which uses resources, either natural or hardware, like temperature, noise or keystrokes.E. M. M. Manucom, B. D. Gerardo and R. P. Medina [10] from the Philippines have suggested a way to improve the randomness to generate keys for One Time Pad and tested them for various frequency tests, mono bit tests, within a block test and run test.They studied and analyzed the work of Easttom, where the author has analyzed and stated the Lehmer algorithm, a linear congruential generator (LCG) which generates a pseudo random number and uses the following formula, X t+1 = ((c+X t *a) mod n), where n is a prime number.
Another well-known algorithm for generating PRNG that utilizes the middle square algorithm has some more limitations.Foremost, the seed value of this algorithm is zero, which reduces the succeeding key values to zero.Periodicity of some seed values is very small i.e. shorter cycles with frequent repetitions.Later, a true random generator using mouse movements has been proposed using the OR and AND operations to mouse coordinates to generate the respective keys.They used correlation analysis to measure the degree of relationship of keys, plain text and cipher text [11].Such True Random Number generators are considered difficult for practical implementation.Moreover, the key distribution process is considered to be very impractical and overhead [12].This research work tries to come up with a solution to the non-deterministic generating process and uncontrolled entropy by using a human voice as a cryptographic key to generate an unconditionally secure key generator.In one of the research articles published by Damir Omerasevic and his team, the randomness of various media file types such as FLV, MP3, WAV, JPEG, and so on was compared Comput.Sci.Inf.Technol.


Designing a secured audio based key generator for cryptographic … (Avinash Krishnan Raghunath) 89 so as to identify a viable candidate to be used for producing random keys which later be used in session key generation [13].The authors have performed a C program implementation for the analysis methodologies by using the first part of the random number sequence test program.And the additional test scripts were generated to process the tests at a faster pace.The main purpose was to identify the randomness of different media files so as to be utilized for the encryption keys [14].
There have been other proposals, utilizing the biometric properties such as retinal scan, face scan, fingerprints, and so on for random number generation [15].But one of the major concerns for using these techniques is its larger processing time that delays the encryption process.Therefore, the randomness for media files was investigated thoroughly so that it is used for the encryption.True Random Number Generators (TRNGs) uses an energy source and combine them with a processing function to generate random numbers.TRNG sources can vary from computer hardware parts that produce sound during processing, to the atmospheric or natural phenomenon like winds noise, traffic noise, and so on.And this results in producing desired outputs that cannot be determined using the mathematical functions and henceforth they are known as the non-deterministic processes.For implementing the TRNG for key generation, the media file types were tested to access their randomness using various tests such as Entropy test to measure randomness, Serial correlation test to check relations between variables over different intervals of time, Arithmetic mean test and Lempel-Ziv compression test [16].The respective test results indicated that the YouTube videos extracted in the form of FLV format generate the highest randomness which is closely followed by MP3 and JPEG file types [17].With respect to the research world carried out by various authors, it is observed that these file types are the best candidate to be considered for generating random numbers and can therefore be used for creating cryptographic encryption keys.
Pseudo Random Number Generators (PRNG) have their pros and cons just like True Random Number generators (TRNG).By comparing both of these random number generators, insights on their strengths are provided in the application perspective.Pseudo-RNG's execution does not proceed in an expected manner when randomized events such as roulette wheel, lottery number extraction or a simple dice roll are considered [18].The term "pseudo" in a PRNG can give a certain degree of visibility when we compare it with TRNG.Similar to the logical or binary instructions for a processor, PRNG's are recognized as algorithms that make use of various mathematical concepts and formulae to generate a series of numbers.The generated series of numbers provides the illusion of being completely randomized [19].Due to extensive years of research being invested in developing and improvising various PRNG algorithms, programs that deploy these algorithms can sometimes replicate the true random sequences [20].However, there is always room for improvement since these number sequences are never truly in random nature.
A detailed comparison of TRNG and PRNG algorithms provides a better insight with respect to its comparison and algorithm effectiveness.For example, when the outcome of PRNG algorithms provides the result of dice rolls in numbers, at first glance these results might appear random [21].However, the statistical analysis of those results provided enough evidence that these randomized number outcomes are pre-determined and not truly random.This proves the fact that the outcomes of these algorithms can easily be predicted, controlled, standardized and measured [22].TRNG on the other hand shows completely different behaviour due to the fact that its results are unpredictable and completely randomized.If one's expectation is that a personal computer should be able to generate a randomized number series then the computer has to rely on events that occur in physical nature or natural phenomenon [23].This might include the entropy of various radioactive isotopes, naturally occurring audio and video disturbances in the environment or the wave pattern of a water body such as oceanic waves [24].There is one minor issue with the cost efficiency of TRNG when compared with PRNG because the input devices are subjected to physical deterioration due to wear and tear which is not noticed in PRNGs [10], [25].Consequently, the research work that is carried out aims to prove that with current technological infrastructure available on a personal computer (PC), TRNG can be implemented in real life systems such as conferencing solutions, audio call, VOIP call and so on.

PROPOSED METHODOLOGY
By considering the existing work as a baseline, the live audio recording of the sender is utilized to generate the respective MP3 audio file, which is then converted into Base 64 format.Subsequently, the characters in the Base 64 text file are extracted and stored in an integer array which is mixed with the modulo integer value of the current system date and time to further randomize the output key.The final output is converted to a Binary String array of 64-bit length and returned to be printed on the console window.The basic walkthrough is to setup and synthesize a 3 seconds audio session whereby the message sender is asked to speak out a keyword to a microphone so that the sender's voice is captured and recorded into a mp3 file format.The respective recorded mp3 file in-turn is converted to base 64 format which provides the random set of UTF-16 characters.Here, even though the three second audio cost you in approximately 100 to 300 kilobytes of data  ISSN: 2722-3221 Comput.Sci.Inf.Technol., Vol. 2, No. 2, July 2021: 87 -94 90 storage, it is compressed and combined with the modulo integer value of system data and time to produce a 64-bit length cryptographic key.

RESEARCH METHOD 3.1. Architectural diagram
Figure 1 showcases the architectural diagram for the Audio Recorder Key Generator program.The program starts with the initialization of class and static variable then the audio recorder libraries are initialized.Post Audio line support verification, live audio recording is commenced and the audio packets are written and saved in wav format.After the recording is concluded, then the wav file is read into a byte array and subsequently encoded in Base 64 format which is stored in a text file locally.Finally, the characters in the Base 64 text file are extracted and stored in an integer array which is mixed with the modulo integer value of the current system date and time to further randomize the output key.The final output is converted to a Binary String array of 64-bit length and returned to be printed on the console window.Since the 64-bit key is stored in a variable, it can be used as a function/method return value to be utilized as an input key value in any cryptographic symmetric key algorithm such as AES-256, 3DES, OTP.Audio Recordings in general are capable enough to produce truly random numbers.However, we have tried to consider a special use case where a user ends up with a live recording without actually speaking (may occur if the user uses a headset with a faulty mic), which would result in a static audio recording.To accommodate this scenario, the modulo integer value of the current system date and time is utilized to further randomize the program output.

Implementation
This section provides details about the implementation of the Audio Recorder Key Generator using Java 13.0.2version.The output of the program generates a 64-bit binary key that is used for the management and transportation of key in symmetric key algorithms.Since the 64-bit key is created using the current system date and time, the recorded audio of the user and the captured environmental sounds, the output provides a 64-bit True Random Number as an encryption key.This key can be used in any symmetric key encryption Comput.Sci.Inf.Technol.


Designing a secured audio based key generator for cryptographic … (Avinash Krishnan Raghunath) 91 algorithm such as AES, DES, RC4, Blowfish.Furthermore, to fortify the randomness of the key, the current system date and time is included in the key.

Algorithm
The following algorithmic flow would provide a walkthrough of the Secured Audio Based Key Generator.

RESULTS AND DISCUSSION
Our lightweight program is capable of using the current laptops or PCs hardware to generate a True Random Number (TRNG) key using live audio recordings which is further randomized using system date and time.These TRNs can be used to replace the deterministic pseudo random number cryptographic keys that are presently used by industries for symmetric key encryption algorithms which devolves the algorithm to being conditionally secured (cipher text can be decrypted to plain text without key knowledge over a long duration of time, that can be more than the message's time to live).Using the audio based TRNG key would render the same encryption algorithm as unconditionally secured (cipher text doesn't contain sufficient data to uniquely determine the plain text without key knowledge).Audio Recordings in general are capable enough to produce truly random numbers.However, we have tried to consider a special use case where a user ends up with a live recording without actually speaking (may occur if the user uses a headset with a faulty mic), which would result in a static audio recording.To accommodate this scenario, the modulo integer value of the current system date and time is utilized to further randomize the program output.Upon execution, the lightweight Audio based TRN Key Generator program (proof of concept was created using JAVA 13) produces a randomized 64-bit binary key which can be directly used as a key input in any cryptographic symmetric key algorithms.The respective program was executed for 20 run cycles to showcase the randomness of the 64-bit key output.The main highlight of the implemented code is the incorporation of Audio Recording and the Current System Date that is responsible for generating a truly random number of bits.Table 1 displays the list of twenty 64-bit keys generated utilizing the developed code which throws some insight on the TRNG capabilities of the formulated secured audio recorder key generator.As showcased in Table 1, the program was executed 20 times to generate 20 different 64-bit keys as the program output.Due to the combination of the audio voice captured during runtime along with the current system date and time, the keys generated have an average difference of 30 plus bits giving a greater degree of random bits generated.For each test run cycle, the program captures the live audio of the user which is encoded in wav format and is stored locally.After the recording is concluded, the wav file is read into a byte array and subsequently encoded in Base 64 format which is stored in a text file that is later on extracted and stored in an integer array which is mixed with the modulo integer value of the current system date and time to further randomize the output key.The final output is converted to a Binary String array of 64-bit length that is stored in a variable and returned to be printed on the console window.Figure 3, in Appendix, highlights the evidence of few keys generated during test cycle 16-20.As displayed, the program is individually executed each time to produce a 64-bit key output.This results in the reuse of the wav file and base 64 text file by overwriting over it.Hence no overhead is involved with the space occupied by wav file and base 64 text file in space constrained devices during the program usage.

CONCLUSION
TRNG as the term suggests is a true random number generator that utilizes the entropy of physical entities for its randomness.Based on the same principle, the research work showcases that two audio records, recorded by the same person in the same physical posture never have a 100% match.In such scenarios, audio recording over a layered approach with current system date and time are perfect candidates for generating random numbers which in turn can be used as symmetric keys in the encryption algorithm.Due to the combination of audio record with system date and time, the degree of randomness of the key generated in each execution run is more than 30 bits at different bit positions for each key generated.Furthermore, the program can be executed in a resource constraint device with ease since the wav file (approx.120 KB file size) and the base 64 text file are reused each time the program is executed to generate the 64-bit key.Henceforth, this research work aims at proving this hypothesis by real time implementation of this scenario.

Figure 1 .
Figure 1.Architectural flow diagram The overall program is divided into the following functions, exhibited in Figure 2 − StartRecording -Responsible for capturing the user's audio packet for 3 seconds.− FinishRecording -Concludes the recording session after 3 seconds.− WavToBase64 -Responsible for converting wav file to Base 64 text file.− KeyGen -Responsible for generating the 64-bit key from Base 64 text file and the current system date and time.− Modulo255 -Responsible for returning the modulus 255 integer value which is also less than 255.

Figure 2 .
Figure 2. Class method snippet of audio recorder key generator program

APPENDIXFigure 3 .
Figure 3. Multiple execution of audio recorder key generator

Table 1 .
Test run cycles of secured audio recorder key generator