A Comparative Study of Applying Real-Time Encryption ... - IEEE Xplore

A Comparative Study of Applying Real-Time Encryption in Cloud Computing Environments Faraz Fatemi Moghaddam

Omidreza Karimi

Maen T. Alrashdan

Faculty of Computer Science Staffordshire University Kuala Lumpur, Malaysia [email protected]

Faculty of Computer Science Staffordshire University Kuala Lumpur, Malaysia [email protected]

Faculty of Research Coordinator Asia Pacific University (A.P.U.) Kuala Lumpur, Malaysia [email protected]

Abstract— The rapid growth of cloud computing as a newfound technology and many unclear security issues in it cause many challenges. These challenges are specified in service provider’s cloud servers and transmission processes. Accordingly, this paper presents a model based on separate data and key cloud servers and a client-based data encryption service for increasing the reliability in cloud computing environments. In the proposed model, the key generation process is done in a separate cloud application and public and private keys are stored in key cloud servers. Moreover, the encryption and decryption processes are done in client side by a service that named “data encryption service”. For applying this encryption system a comparative study was done by analyzing the strengths and weaknesses of six popular asymmetric key encryption algorithms (i.e. Original RSA, RSA Small-e, RSA Small-d, MREA, E-RSA, and EAMRSA) according to time, key size and security parameters. These algorithms were briefly described and redeveloped in the same situation for the simulation process to investigate the performance in client-based data encryption service. Furthermore, the security analysis was done by reviewing the performance of described algorithms against three popular attacks: Brute Force, Mathematical, and Timing Attack. According to the results E-RSA in the most appropriate algorithm for using in client-based data encryption service by achieving acceleration, accuracy, and security in this service based on compatibility issues in a client side service.

researches have been performed and many products have been manufactured for improving the security in cloud computing environments and this paper tries to review the positive points and weaknesses of presented encryption models to apply a realtime encryption process in cloud computing environments. According to a performed research by Mather et al. [4], security concerns in cloud computing environments are divided to seven major parts: privileged user access, data location, data segregation, regulatory compliance, investigative support, recovery, and long-term viability. These issues have endangered the security of data in cloud servers or transmission processes and due to these security risks; many models were presented to protect data in cloud computing environments. Applying cryptography algorithms is one of the most popular methods to ensure on the security of data in cloud storages and also in transmission processes. Most of performed researches in this area have tried to encrypt data in cloud storage by using symmetric or asymmetric encryption algorithms and use Secure Sockets Layer (SSL) for transmission processes [5]. However, storing cryptography keys in a same security level and same storage with encrypted data have increased security risks in cloud computing environments [6]. Based on these risks, separating keys from data seems to be essential for cloud communications be transparent and securely sharing.

Keywords—cloud computing; encryption; security; asymmetric keys; client-based service;

I.

INTRODUCTION

Cloud computing is a powerful emerging service that provides an optimized and efficient computing platform by using sharing and virtualization concepts and improving availability, scalability, collaboration and agility for users and enterprises [1]. Cloud computing has a rapid growth in IT industries due to the considerable benefits of sorting and maintaining resources in unlimited storages with the most cost efficient method, business continuity and scalability [2]. However, the only hurdle in wide adoption of this newfound technology is lack of security especially in data protection, authentication, and data transmission subject [3]. These security concerns involve all of the cloud computing layers (i.e. infrastructure, platform, and software) and decrease the reliability of these environments. According to the importance of security concerns in cloud computing environments, many

II.

This work was supported in part by the Asia Pacific University of Technology and Innovation (A.P.U.), Kuala Lumpur, Malaysia and Meta Soft Co. (Medica Tak Company), Seri Kembangan, Selangor, Malaysia.

c 978-1-4799-0568-3/13/$31.00 2013 IEEE

DATA ENCRYPTION SERVICE

Data encryption service is a client-based service that is proposed for increasing reliability in cloud computing communications by applying real-time encryption in client side. In this model, data and keys are stored in different cloud storage and cryptography processes (i.e. encryption and decryption) are done in client side by requesting keys from Key Cloud Server (KCS) and data from Data Cloud Server (DCS). Moreover, the key generation process is done in KCS Software-as-a-Service (SaaS) application. The architecture of data encryption service and it’s communication with KCS and DCS has been shown in Fig. 1. In this schema, the encryption and decryption processes are done in the client-side and the dependency of the cryptography process on the power of client-side hardware has been increased considerably due to this service. According to the nature of this research that is based on sharing concepts, asymmetric key algorithms are more appropriate for data encryption service by using public

185

and private keys. Symmetric key algorithms such as AES [7] are faster than asymmetric algorithm but have considerable problems in sharing processes. Due to this reason and the importance of applying the most efficient encryption performance in client-side, six of the most popular asymmetric encryption models were reviewed and re-developed in the same situation for investigating the strengths and weaknesses of each model to choose the most secure and efficient model due to the nature of the data encryption service. The chosen models are: Original RSA, RSA Small-e, RSA Small-d, MREA, Efficient RSA, and EAMRSA.

Efficient RSA are same which the original RSA except the way of calculating is߮ሺ݊ሻ. ߮ሺ݊ǡ ݄ሻ. In Efficient RSA algorithm is calculated as stated below: ߮ሺ݊ǡ ݄ሻ ൌ ሺ‫݌‬௛ െ ‫݌‬଴ ሻሺ‫݌‬௛ െ ‫݌‬ଵ ሻ ǥ ሺ‫݌‬௛ െ ‫݌‬௛ିଵ ሻ ൅ ሺ‫ݍ‬௛ െ ‫ݍ‬଴ ሻሺ‫ݍ‬௛ െ ‫ݍ‬ଵ ሻ ǥ ሺ‫ݍ‬௛ െ ‫ݍ‬௛ିଵ ሻ

F. Encrypt Assistant Multi-Prime RSA (EAMRSA) EAMRSA uses Multi-prime RSA and RSA-S2 system to improve the encryption and decryption processes in comparison of original RSA [13]. For more information about the performance and structure of EAMRSA see Liu et al. [13]. IV.

Fig. 1. Data Encryption Service Scheme

III.

GENERAL OVERVIEW OF CRYPTOGRAPHY MODELS

A. Original RSA The original RSA algorithm is an asymmetric key algorithm that was publicly described in 1977 by Rivest, Shamir, and Adleman [8]. The most important advantage of RSA is ensuring about the privacy of the private key because this key will not be transmitted or revealed to another user.

According to the aim of this research, all of the described models were redeveloped by Microsoft .net Framework 4.0 in C# programming language for analyzing in the same situation. The simulation were done by using Dropbox co. cloud service provider as data cloud server, and two 2.40 GHz Intel® Core ™ i5 CPU PCs with 4.00 GB RAM as keys cloud server and client for implementing data encryption service according to Fig.1. The analysis and evaluation process were done by defining four main parameters: key generation time, encryption time, decryption time, and total execution time. Moreover, two types of message were used during the analysis procedure with 1000, and 10000 characters. In addition, the comparison between described models was carried out according to the different size of exponents (512, 1024, 2048 and 3072 bits). Finally the security analysis of these algorithms was done by investigating the performances of those which are faced with Brute Force attack, Timing attack, and Mathematical attack. V.

B. RSA Small-e RSA Small-e is a RSA-based algorithm with a smaller public exponent in comparison of ߮ሺ݊ሻ [9]. By using this algorithm, it is expected with high probability that the private exponent is the same size with ߮ሺ݊ሻ [10]. C. RSA Small-d The private exponent in RSA Small-d is much smaller than ߮ሺ݊ሻ. The key generation process in RSA Small-e and RSA Small-d is same but the public and private exponents are exchanged. In this algorithm, it is expected with high probability that ݁ will be the same size as ɔሺ݊ሻ. D. Modified RSA Encryption Algorithm (MREA) MREA is an asymmetric key algorithm based on additive Homomorphic properties that every communicating party needs as a key pair in communicating with any number of other communicating parties [11]. For more information about the structure of MREA see Dhakar et al. [11]. E. Efficient RSA (E-RSA) Efficient RSA is an asymmetric and RSA-based algorithm uses the general linear group of order ݄ with values that was intentionally selected randomly from the ring of integer ݉‫݊݀݋‬ [12]. All of the key generation and encryption processes of

186

METHODOLOGY

TIME AND KEY SIZE ANALYSIS

A. Key Generation Time Key generation time need to be calculated according to the performance of a key generation SaaS application in the keys cloud server. In the simulation process, a Key Generation Application (KGA) was installed in a 2.40 GHz Intel® Core ™ i5 CPU PCs with 4.00 GB RAM and transferred keys to the data encryption service to a client by a wireless network. Key generation times have been shown in Table I according to different sizes in described algorithms. TABLE I: EFFECT OF CHANGING THE KEY SIZES FROM 512 (BITS) TO 3072 (BITS) ON KEY GENERATION TIME (MS) IN KGA ACCORDING TO RSA, RSA SMALL-E, RSA SMALL-D, MREA, EAMRSA, AND E-RSA ALGORITHMS Key Size (bits)

RSA

RSA Small-e

RSA Small-d

MREA

E-RSA

EAMRSA

512 1024 2048 3072

417 612 890 1943

199 316 714 1201

199 316 714 1201

641 916 1721 2612

501 694 997 2281

890 1438 2864 3314

According to the results, key generation at EAMRSA has taken more time than other algorithms. Computing ‫ݎ‬௜ and ɔሺ݊ሻ in EAMRSA key generation are the main reasons for this rising time. Moreover, key generation time in RSA Small-e and RSA Small-d are exactly same and less than other algorithms because of the usage of one small exponent during the generation time. Furthermore, in the present time, it portrays

2013 IEEE 2nd International Conference on Cloud Networking (CloudNet): Short Paper

that E-RSA is 10% more than the original RS SA, but with larger ߮ሺ݊ሻ because of using the general linear grooup of order ݄. In MREA algorithm, the key generation time iss about 45% more than original RSA although the number off main parameters used in MREA is two times more than Originnal RSA.

൫‫ݖ‬ଵǡଵ ǡ ǥǡ ‫ݖ‬ଵǡ௞ ǡ ǥǡ ‫ݖ‬௕ǡଵ ǡ ǥǡ ‫ݖ‬௕ǡ௞௞ ൯ needs to be computed by taking ܿ as input where ‫ݖ‬௜ǡ௝ ൌ ܿ ௘೔ǡೕ ݉‫݊݀݋‬for ͳ ൑ ݅ ൑ ܾ and ͳ ൑ ݆ ൑ ݇. Furthermore, usiing MREA algorithm in data encryption service makes the t system to compute ܿ ൌ ೐ ݃௠ ௠௢ௗ௡ Ǥ ‫ ݎ‬௧ . These compuutations have increased the encryption time considerably. In I addition, the encryption time in RSA Small-e was even lesss compared to the original RSA due to the size of e, but as was expected, the decryption time in RSA Small-e will be quite morre than original RSA because in RSA Small-e, the size of d is approximately a same as ɔሺ݊ሻ. In contrast of RSA Small-e, in RSA Small-d the encryption process was much more than original o RSA because of the size of private exponent. In E-RSA,, the encryption time is less than 10% than the original RSA beecause of same process in both algorithms. In overall, thee increase of encryption and decryption time in E-RSA and RSA Small-e seems to be more logical in comparison with othher algorithms according to the nature of data encryption servicce.

B. Encryption and Decryption Time The encryption process is done in data encryption service by requesting a key pair from keys cloud seerver and using the described algorithms before uploading data to t cloud server. In addition, the decryption time is done in the t same part by requesting encrypted data from data clouud server and the related key from keys cloud server. The perrformance of each algorithm in encryption and decryption proceess with 1000 char message has been shown in Table II and with 10000 char e time in message has been shown in Table III. The encryption MREA and EAMRSA were increased signifficantly due to the complexity of EAMRSA and MREA encryyption process. In data encryption service with EAMRS SA, vector ܼ ൌ

TABLE II: EFFECT OF CHANGING THE KEY SIZES FR ROM 512 (BITS) TO 3072 (BITS) ON ENCRYPTION AND DECRYPTION TIME (MS) IN KGA WITH 1000 (CHAR) MESSAGE ACCORDING TO RSA, RSA SMALL-E, RSA SMALL-D, MREA, EAMRSA, AND E-RSA ALGORITHMS RSA E-RSA EAMRSA RSA Small-e S RSA Small-d MREA Key Size (bits) Enc. Dec. Enc. Dec. Enc. Dec. Enc. Dec. Enc. Dec. Enc. Dec. 311 417 171 493 729 237 8368 1998 356 420 11116 9552 512 1508 1855 631 11270 7347 917 1549 18017 11238 892 1495 461 1024 1903 2213 930 15768 9786 14337 2073 24345 13788 1301 1867 693 2048 2609 2734 1267 19738 11274 23778 2876 29738 16783 1948 2573 843 3072 TABLE III: EFFECT OF CHANGING THE KEY SIZES FRO OM 512 (BITS) TO 3072 (BITS) ON ENCRYPTION AND DECRYPTION TIME I (MS) IN KGA WITH 10000 (CHAR) MESSAGE ACCORDING TO RSA, RSA SMALL-E, RSA SMALL-D, MREA, EAMRSA, AND E-RSA ALGORITHMS RSA E-RSA EAMRSA RSA Small-e S RSA Small-d MREA Key Size (bits) Enc. Dec. Enc. Dec. Enc. Dec. Enc. Dec. Enc. Dec. Enc. Dec. 673 699 299 1007 1037 438 12345 3783 768 783 19786 17867 512 2024 2347 1003 16378 12345 18667 2078 23787 19788 1579 1869 597 1024 2378 2573 1478 20427 15873 27886 2521 30786 23873 2037 2348 806 2048 3142 3084 1967 24783 17837 37448 3127 32786 26786 2468 2993 895 3072

140%

120%

120%

80%

80%

68%

60%

77%

25%

1024 bits

16% 2048 bits

27%

89%

80%

68%

60% 48% 40%

45%

62%

58% 30% 26%

20% 0% 512 bits

1024 bits

2048 bits

3072 bits

Fig. 5. Encryption and Decryption Time Increase by 10-fold Enhancement of Message Size in MREA

25%

30%

20%

20%

16%

6%

0%

3072 bits

Fig. 2. Encryption and Decryption Time Increase by 10-fold Enhancement of Message Size in Original RSA

100%

34%

40%

26%

0% 512 bits

75%

60% 57%

40% 20%

104%

100%

116%

100%

512 bits

1024 bits

2048 bits

85% 59%

59%

55%

42% 27% 16%

512 bits

3072 bits

Fig. 3. Encryption and Decryption Time Increase by 10-fold Enhancement of Message Size in RSA Small-e

140% 120% 100% 80% 60% 40% 20% 0%

90% 80% 70% 60% 50% 40% 30% 20% 10% 0%

1024 bits

2048 bits

13%

3072 bits

Fig. 4. Enncryption and Decryption Time Increase by 10-fold Enhhancement of Message Size in RSA Small-d

100% 116%

512 bits

1024 bits

73%

60%

22%

60%

40%

32%

20% 9%

2048 bits

76%

78%

94% 58%

34%

87%

80%

104%

86%

3072 bits

Fig. 6. Encryption and Decryption Time Increase by 10-fold Enhancement of Message Size in E-RSA

26% 10%

0% 512 bits

1024 bits

2048 bits

3072 bits

Fig. 7. Enncryption and Decryption Time Increase by 10-fold Ennhancement of Message Size in EAMRSA


187

Analyses of the results in both tables showed, by 10-fold enhancement of the message size, the encryption and decryption times were increased between 6 to 116%. The following figures show this increase in all algorithms. According to the results and by increasing the key size during the enhancement of message size, rate of increase in encryption and decryption time were reduced in all of the described algorithms. This means the performance of the data encryption service were more efficient in large size files. The sharpest reduction is in RSA Small-e and E-RSA and the most balanced reduction is in MREA algorithm. It shows that, RSA Small-e and E-RSA algorithms are more efficient in large size files. C. .Total Execution Time The total execution time in all algorithms has been shown in following table according to 1000 char message size. TABLE IV: EFFECT OF CHANGING THE KEY SIZES FROM 512 (BITS) TO 3072 (BITS) ON TOTAL EXECUTION TIME (MS) ACCORDING TO RSA, RSA SMALL-E, RSA SMALL-D, MREA, EAMRSA, AND E-RSA ALGORITHMS Key Size (bits)

RSA

RSA Small-e

RSA Small-d

MREA

E-RSA

EAMRSA

512 1024 2048 3072

1145 2999 4058 6464

863 2285 3310 4653

1165 2802 3857 5202

11007 19533 27275 33624

1277 3160 4507 7535

21558 30693 40997 49835

Analyzing the results shows that the total execution time Original RSA, RSA Small-d, RSA Small-e and Efficient RSA are in the same range approximately but in MREA and EAMRSA, the total execution time were about 10 to 50 times more the other algorithms. As was described, the complexity of encryption and decryption process in EAMRSA and MREA was the main reason for this difference. Total execution time in RSA Small-e is less than other algorithms according to the small size of public exponent. Moreover, the increase of total execution time E-RSA in comparison with original RSA is logical because of the generation process of ɔሺ݊ሻ. VI.

SECURITY ANALYSIS

The security analysis of all described algorithms has been investigated according to three attack approaches: the Brute Force, Mathematical, and Timing attacks. A. Brute Force Attack In Brute Force attack, attacker tries to guess the private key by all possible combinations. The complexity of EAMRSA protects the encrypted data by using only 1024 bits keys but in original RSA, the key size should be more than 2048 to decrease the possibility of success in this attack [15]. RSA Small-d is totally weak against this algorithm which uses the small private exponent. It has been proven that using the private exponent less than ݀ ൏ ݊଴Ǥଶଽଶ[16] is quite unsafe in brute force attack. According to the investigation, by using 1024 bits key size in MREA and E-RSA algorithms, the system can resist against the possible Brute Force attacks considerably. B. Mathematical Attack In this attack ‫݌‬ǡ ‫ ݍ‬or ߮ሺ݊ሻ were determined by the attacker to find the private key. In (an) original RSA and RSA Small-d,

188

this attack could be prevented by using keys with 2048 bits size, but due to the complexity of EAMRSA, large private exponent in RSA Small-e and E-RSA and two private exponents in MREA 1024 bits key size is quite enough for preventing this attack. C. Timing Attack In timing attack, the private exponent was determined by the attacker by calculating the time with exploiting the timing variation of the modular exponentiation [17]. Multiplying encrypted data by a random number or using a random delay are the most appropriate methods for preventing this attack in original RSA. These methods will also prevent the timing attack in EAMRSA, E-RSA, RSA Small-e, and RSA Small-d. However, with the usage of 2 private exponents, the attack process will take time 2-flod in comparison with other algorithms in MREA. VII.

FINAL DISCUSSION

The analysis of described algorithm was done based on time, key size, and security parameters. According to the nature of data encryption service, three factors were considered to choose the most appropriate data encryption method in client side: acceleration, accuracy, and security. The key generation process is done in keys cloud server and it is completely separated from the encryption and decryption process, but the cryptography processes are done in a client side with limited processors and memories, and various software. According to the results, EAMRSA and MREA have more complexity than other algorithms and need more power and memory. The total execution time in MREA and EAMRSA are respectively 4 to 7 times more the original RSA. By these needs and limitations, EAMRSA and MREA may not be compatible and appropriate for all devices (i.e. pcs, smart phones, tablets, etc.). Moreover, the security analysis shows that RSA Small-d is completely weak against possible attacks because of the small size of private exponent. In addition, original RSA needs large size of key of being secure against attacks and by increasing the key size in original RSA, the encryption and decryption time will increase considerably and it’s not based on factors. E-RSA and RSA Small-e are the most appropriate algorithms for data encryption service in client side. Total execution time in RSA Small-e is 25 to 32 % less than E-RSA but E-RSA is more secure against the possible attacks because of the usage of) a general linear group of order ݄. In contrast, RSA Small-e uses a small public exponent and large private exponent and by these exponents the encryption time is decreased significantly and the decryption process will be more secure against attacks. However, RSA Small-e needs at least 2048 bits key size to resist against all possible attacks while E-RSA needs only 1024 bits key size for this resistance. In overall, according to the nature of client-based data encryption service, E-RSA is suggested to be used in proposed model because it is more secure and has more acceleration, accuracy in comparison with other algorithms. Furthermore, the compatibility of E-RSA is more specified than other algorithms in limited power devices.


ACKNOWLEDGMENT We acknowledge the assistance and logistical support provided by Asia Pacific University of Technology and Innovation (A.P.U.), Meta Soft Co. (Medica Tak Sdn Bhd), Prof. Dr. Simon David Scott, Dr. Pardis Najafi, Ms. Fatemeh Afsahi, and the bright memory of Dr. Enayat Fatemi Moghaddam.

[8]

[9]

[10]

[11]

REFERENCES [1]

[2]

[3]

[4]

[5]

[6]

[7]

I. Bojanova, and A. Samba, “Analysis of Cloud Computing Delivery Architecture Models,” in Proc. IEEE International Conf. on Advanced Information Networking and Applications (WAINA), Biopolis, Singapore, 2011, pp. 453-458. M. Armbrust, R. Griffith, A. D. Joseph, R. Katz, A. Konwinski, G. Lee, D. Patterson, A. Rabkin, I. Stoica, and M. Zaharia, “A View of Cloud Computing,” ACM Trans. On Communications, vol. 53, no. 4, pp. 5058, April 2010. F.B. Shaikh, and S. Haider, “Security Threats in Cloud Computing,” in Proc. International Conf. for Internet Technology and Secured Transactions (ICITST), 2011, pp. 214-219. T. Mather, S. Kumaraswamy, S. Latif, “Data Security and Storage,” in Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance, M. Loukides, Sebastopol, CA, O’Reilly Media, 2009, ch.4, pp. 61-71. M. Ahmed, Y. Xiang, S. Ali, “Above the Trust and Security in Cloud Computing: A Notion towards Innovation,” in Proc. IEEE/IFIP 8th International Conf. on Embedded and Ubiquitous Computing (EUC), Hong Kong, 2010, pp. 723-730. S. Yu, C. Wang, K. Ren, and W. Lou, “Achieving Secure, Scalable, and Fine-grained Data Access Control in Cloud Computing,” in Proc. IEEE INFOCOM, San Diego, USA, 2010, pp. 1-9. J. Daemen, and V. Rijmen, “The block cipher Rijndael,” Smart Card Research and Applications Trans. in Cmoputer Science, SpringerVerlag, vol. 1820, pp. 277-284, Jan 2000

[12]

[13]

[14]

[15]

[16]

[17]

R. Rivest, A. Shamir, and L. Adleman, “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems,” ACM Trans. On Communications, vol. 21, no. 2, pp. 120-126, Feb 1978. H. M. Sun, M. E. Wu, W. C. Ting, and M. J. Hinek, “Dual RSA and Its Security Analysis,” IEEE Trans. on Information Theory, vol. 53, no. 8, pp. 2922-2933, Aug 2007. D. Coppersmith, M. Franklin, J. Patarin, and M. Reiter, “Low-exponent RSA with Related Message,” in Proc. 15th Annual International Conf. on Theory and Application of Cryptographic Techniques (EUROCRYPT'96), Berlin, Germany, 1996, pp. 1–9. R.S. Dhakar, A. K. Gupta, and P. Sharma, “Modified RSA Encryption Algorithm (MREA),” in Proc. Second International Conf. on Advanced Computing & Communication Technologies (ACCT), Haryana, India, 2012, pp. 426-429. S. J. Aboud, M. A. Alfayoumi, M. Alfayoumi, and H. Jabbar, “An Efficient RSA Public Key Encryption Scheme,” in Proc. 5th International Conf. Information Technology: New Generations (ITNG), Las Vegas, USA, 2008, pp. 127-130. Q. Liu, Y. Li, L. Hao, and H. Peng, “Two Efficient Variants of the RSA Cryptosystem,” in Proc. International Conf. on Computer Design and Applications (ICCDA), Qinhuangdao, China, 2010, vol. 5, pp. 550-553. S. A. Vanstone, “Next Generation Security for Wireless: Elliptic Curve Cryptography,” Elsevier Trans. on Computers & Security, vol. 22, no. 5, pp. 412-415, Jul 2003. A. Alhasib, A .M. Haque, “A Comparative Study of the Performance and Security Issues of AES and RSA Cryptography,” in Proc. 3rd International Conf. on Convergence and Hybrid Information Technology (ICCIT), Busan, South Korea, 2008, pp. 505-510. D. Boneh, G. Durfee, “Cryptanalysis of RSA with Private Key d Less than N0.292,” IEEE Trans. on Information Theory, vol. 46, no. 4, pp. 1339-1349, Jul 2000. P. C. Kocher, “Timing Attacks on Implementations of Diffie-Hellman, RSA, DES, and Other Systems,” in Proc. 16th Annual International Cryptology Conference on Advances in Cryptology (CRYPTO'96), London, UK, 1996, pp. 104-113.


189