A Network Coding and DES Based Dynamic

Encryption Scheme for Moving Target Defense

Abstract
Unlike prior efforts in cybersecurity research, a dynamic defense theory, called moving
target defense (MTD), increases the complexity and costs for attacks by effectively restricting
the vulnerability exposure and the attack opportunities through various continually-changing
evaluation, development mechanisms and strategy. Data Encryption Standard (DES) was the
classical scheme of the traditional symmetric-key encryption schemes. Now it has been gradually
replaced by the triple DES or AES so that the encoder has a larger key space. However, both the
triple DES and AES cannot meet the dynamic security requirements of dynamic defense due to
their static extension to the key space. In this paper, we propose a dynamic 3-layer encryption
scheme based on DES and network coding, with a low-complexity partial key update
mechanism. Based on the theoretical analysis, the new scheme is shown to have the benefit to
achieve a dynamic transition between efficiency and security, which increases its adaptability to
various cyber conditions. The simulation results also show that the running ratio of the new
scheme is relatively lower than or comparable to the triple DES.

Existing System
The basic goal of MTD is to achieve the active defense to the external attacks based on
unknown vulnerabilities and backdoors. To date, MTD has been studied in various contexts,
including cloud computing and web applications. The similar dynamic idea can also be adopted
in cryptography design. It is well known that Data Encryption Standard (DES) has been widely
used as a mainstream symmetrical encryption. Meanwhile, DES has laid a foundation for the
development and application of modern block cipher theory. At present, with the rapid
development of computing power, the classic iterated block cipher DES has become very fragile,
which causes the effective realization of DES crack by the exhaustive attack. So, it has gradually
been replaced by the triple-DES algorithm or Advanced Encryption Standard (AES) so that the
encoder has a large enough key space.
Proposed System
In this paper, we present an encryption scheme to improve DES under the concept of
MTD, by means of (linear) network coding (NC), which advocates linearly combining coding
along with data propagation. The following two reasons motivate us to choose NC. First, NC,
which has been used in for encryption scheme design, changes the static nature of network
information transmission, so it is a good match to achieve the dynamic, active and random
features of MTD as defined. Second, the use of NC as an encryption scheme has the potential to
resist the exhaustive attack, as anL-bit plaintext may correspond to possible ciphertexts.

Future work
The proposed scheme can achieve the MTD features by the following procedures. First, a
re-encryption process can be implemented on the outer NC layer of the scheme, so that the key
and ciphertexts can be dynamically changed. Second, the key length can be actively extended, so
that the scheme is adaptable to the rapid development of the computing power. Third, the
parameters in the scheme can be flexibly chosen, so that there is a transition between efficiency
and security.The security level of the proposed scheme will be tested in our future work.

Module implementation
1. Inner Layer Encryption Embedding NC
In this step, the plaintext x, which is a binary row vector, is converted to a binary
intermediate sequence z1 based on a high-dimensional binary invertible matrix Ka
generated by the concept of NC. The main purpose of this step is to extend the key space
of the algorithm, so as to resist the exhaustive attack.
2. Middle Layer DES Encryption
The middle layer encryption step adopts DES to encode intermediate sequence z1,
and get another intermediate sequence z2. The main purpose of this step is to exploit the
design of S-box in DES to bring non-linearity into the encryption scheme, and hence to
effectively defense the analysis attack.
3. Outer Layer Encryption Embedding NC
 In this outer layer encryption step, NC is adopted again to generate a low-
dimensional binary invertible matrix Kc to encode intermediate sequence z2, and the
ciphertext y is subsequently obtained. The purpose of this step is to take advantage of NC
to provide an interface for dynamic and efficient update, and to construct the triple
encryption model to resist the man-in-the-middle attack, which is a common and efficient
crack in double encryption schemes as mentioned before.

4. Dynamic Update of the Cipher text

The dynamic update procedure to the ciphertext can be regarded as a rerun of step
(c) based on a new binary encoding matrix. It is particularly designed to realize dynamic
security protection. The flexibility to choose the new binary encoding matrix endows a
tradeoff between efficiency and security, which enhances the adaptability to different
application scenarios. It is worthwhile to note that using invertible matrices in step (a)
and (c) for encryption is essentially a type of K-block cipher. The novel idea in this paper
is that we can find an efficient way to get the feasible and dynamically updatable
encryption matrix based on NC.

Architecture
Algorithm
1) Multiple DES: The most classical multiple DES algorithm is the triple DES which we

have discussed in Section Ⅴ. The complexity of multiple DES is several times larger

than single DES and therefore much larger than our encryption scheme. Besides, as we
said at the beginning, multiple DES cannot meet the dynamic security requirements of the
intelligent information network.
2) Mutable S-box DES: This algorithm can change the content order of S-box based on the
change of encryption key or directly change the content of S-box. Obviously, it can be
used to resist differential cryptanalysis (DC) but has no contribution to enlarge the key
space.
3) Sub key DES: This algorithm uses different sub key on every iteration during encryption
in DES. Due to 48-bit key required in every iteration process, after 16 iterations, the key
space of this improved DES is 768. This algorithm greatly increases the complexity of
key space and has a good behavior to resist the exhaustive attack. However, its
adaptability and extension with the rapid development of the computing power is even
less than the multiple DES algorithm for the reason that its key space is strictly static.
 System Requirements

H/W System Configuration:-

Processor : Intel (R) Pentium (R)

Speed : 1.1 Ghz

RAM : 2GB

Hard Disk : 57 GB

Key Board : Standard Windows Keyboard

Mouse : Two or Three Button Mouse

Monitor : SVGA

S/W System Configuration

 Operating System : Windows 8/7/95/98/2000/XP

 Application Server : Tomcat5.0/6.X/8.X

 Front End : HTML, Java, Jsp

 Scripts : JavaScript.

 Server side Script : Java Server Pages.

 Database Connectivity : Mysql.

 Java Version : jdk 1.8

Conclusion
In this paper, we proposed a novel encryption scheme which combines both the DES and
the network coding characteristic, which has good behavior to resist both exhaustive and analysis
attacks. The simulation results show that the running ratio of the proposed scheme is relatively
lower than or comparable to the triple DES. The NC nature of the proposed scheme makes it
endow the dynamic, active and random characteristics in the concept of Moving Target Defense
(MTD). The security level of the proposed scheme will be tested in our future work.