Securing Student Data Privacy using Modified Snake and Ladder Cryptographic Algorithm

Transformed by the advent of the Digital Revolution, the world deals with a gold mine of data every day. Along with improvement in processing methods for the data, data security is of utmost importance. Recently, there was a noticeable surge in online learning during the pandemic. Modifying their workflow strategies, the educational institutions provided courses for students designed to suit the need of the hour. This opened up the avenue for a greater number of students to take part in the online learning. With the increase in number of students registered, there exist a substantial repository of data to deal with. Hackers have been targeting student data and using it for illegal purposes. In this research paper, an attempt has been made by modifying the classic Snake and Ladder game to perform encryption on short text student data to ensure data privacy. The Novel algorithm maintains simplicity yet produces a strong cipher text. The algorithm stands strong against the brute-force attack, cipher-only attack, etc. Decryption also uses same key as used for encryption, the key being symmetric in nature. New variable keys are generated every time the algorithm is used. Keywords—Student data; privacy; encryption; decryption; snake and ladder; variable keys


I. INTRODUCTION
The 'Digital Revolution' is providing us abundant data which has to be dealt with caution. It was evidently noted that since there is lack of awareness of cybersecurity among the students, they tend to ignore the threat and turnout to be the most vulnerable target for the cyber-attacks. Though most of the students in the survey knew about the online risks and threats, but they lacked to understand basic knowledge about privacy [1]. In an empirical study among the students, it was explored that the students expressed concerns about their online data privacy and believed that the teachers or concerned authorities should put in efforts to safeguard it [2]. Hence, Cryptography will play a vital role in securing the data. This paper puts forth a novel algorithm for encryption and decryption for the short text. Board games as we know stimulate brain areas responsible for developing cognitive skills and memory. Here, the board games serve a different purpose altogether. The modified version of the board game will perform encryption and decryption activities for the desired short text placed on the board. The classic snake and ladder game is used with a twist to generate the cipher text.

A. Role of Technology in Education
Educational institutions with the help of technology have made great strides in improving the understanding and interaction of the students. Students are provided with different online opportunities in terms of courses, tutorials, workshops, seminars to enhance their academic growth. With rise in these opportunities provided, there is enormous rise in the collection of student related data through registrations, personalization preferences and feedbacks.

B. Student Data
The student data usually consist of their personal details, demographic details, student preferences, evaluation reports, faculty observations etc. This data is essential for parents, faculty and policymakers to enable them to streamline their plan of action according to the student requirements.
Most of the organization store the student data and provide it to firms which help them analyze this data using technology like data mining, where several unseen underlying patterns can be highlighted in text.
II. STUDENT DATA PRIVACY A crucial aspect that needs to be taken care of is to prevent the exploitation of these data-driven systems by the hackers. Hackers can get hold of this data through performing remote attacks on the system, by eavesdropping and can misuse the data, leading to identity theft, creation of fake accounts, modification of student details, etc. [3].
Though the student data has a very good potential and scope for bringing in improvements on various fronts, it is also a matter of concern. Digital learning captures real time information of students and along with their personal information the data captured may be used by hackers for noneducational purposes. It also discusses several legal provisions to safeguard the student data privacy [4].
In order to safeguard the sensitive student data while transferring online or stored on the administrative systems, it should be efficiently encrypted to withstand the possible attack [5].

A. Impact of Student Data Breach
Student data once hacked can open up not only their personal details to the hackers but also the details about their parents and their bank accounts which they use to pay the student fees. The exhaustive student information is sold by hackers through spam mails; a sample snapshot of the email is depicted in Fig. 1 (The snapshot was taken from authors' personal email). Students in their teens are vulnerable to the data breach activities as they are either unaware of the reality or fall prey to the attackers' malicious intents. Data like unique identification number, name, date of birth can be misused leading to identity theft. Identity theft can falsely implicate an innocent student and ruin their life in a big way. Students with weak financial background can be targeted by 'pretext calling' using this stolen data and in the need of the job or suddenly winning a lottery, the students give away more and more private and confidential information with respect to them and their family. 'Phishing' being the most common attack where the attacker posing as authorized person sends out emails to the student email address available from the hacked institution database and requests them for further information and talks about next course of action to take place from the student's side. Students, believing the sender provide the necessary information and are duped, documents are misused, photographs are inappropriately utilized for gaining profits. An instance where a student's photograph gets misused, can draw the student towards the dark world. Harassment, Stalking and human trafficking can take place at a bigger scale if the student data is not handled with utmost care [6] [7].
III. LITERATURE REVIEW The Snake and Ladder game is directly applied to perform Steganography, which hides the data in a media like images. The algorithm uses concepts on Image Processing like Pixel Value differencing are used along with the development of the snake and ladder game on the data [8].
This research paper consists of a survey of different scenarios from different research papers, for example, storing protected data for platform like Facebook, concerns when mobile systems are used for payments and their key generation. It also surveys a concept called as Software Defined Networking -a new approach in designing, building and managing networks [9]. This paper illustrates how a game of scrabble can be utilized to generate cipher text for big length data. Several permutations and combinations of words are possible making it difficult for the attacker to guess the actual words directly hence providing good security to the plain text [10].
Security to E-Learning System is provided by Elliptic curve. cryptography algorithm and content is filtered using Decision tree algorithm. Cryptography along with Data Mining techniques proves to be a good combination. Several Data Mining Classification Techniques are compared to figure out which yields good results [11].
Another technique to ensure data privacy is the use of Digital signature. They use a different sort of balance cryptography. It is generally used for monetary exchanges, configuring dispersion, and in various circumstances where it is necessary to identify bogus or changing. Other techniques like DES and RSA Algorithm are frequently used cryptographic techniques [12].

IV. CRYPTOLOGY
Heraclitus, one of the most influential thinkers in ancient Greek Philosophy expressed hid deep philosophical insights in aphoristic and cryptic form. His writings are full of riddles which are cryptic in nature. He liked this pungent oracular style as it required a penetration of thoughts which provoked human thinking and it helped him in maintain the confidentiality of his writings [13].
Cryptology as a tool of technology is a culmination of techniques for ensuring the secrecy and/or authenticity of information. Cryptology has two main branches in the form of 'cryptography' and 'cryptanalysis' [14].

A. Components of a Cryptosystem
• Plain Text -It is the message or information that sender intends to send. Example in our case will be the student's name, date of birth, etc.
• Cipher Text -It is the result of transformation on the plain text after encryption algorithm has been applied.
• Key -It is a piece of information that will scramble the plain text as required by the algorithm.
• Encryption algorithm -It consists of sequence of steps of how and when to apply the key to the plain text to produce the cipher text.
• Decryption algorithm -It consists of sequence of steps of how and when to apply the key to the cipher text to get back the plain text [15].  274 | P a g e www.ijacsa.thesai.org

B. Cryptography
The science and art of secret writing has its inscription since the beginning of human civilization. Ancient civilizations of India, Egypt, China, Japan testify the evidences of use of cryptography. The goal of cryptography is to provide secure communication over insecure channel [16].

C. Cryptanalysis
Working upon the weakness, improves the strength. This is the principal upon which cryptanalysis is based. Analyzing and understanding the cipher text, trying to decipher it without the knowledge of plain text to identify the weakness and work upon it.

D. Goals of Cryptography
• Confidentiality -A cryptosystem ensures that no one other than the sender and the receiver is able to read the input data.
• Integrity -During transmission of data, the cryptosystem should not allow any unauthorized person to modify, alter, change or delete the data.
• Authenticity -The sender and the receiver should be able to identify and validate each other [16].

A. Concept of the Proposed Algorithm
The proposed algorithm titled 'Snake and Ladder Encryption Algorithm (SLEA)' gets its name from the classic game of Snake and Ladder. 'SLEA' is a 'block cipher' with variable length, symmetric keys. In the block cipher category, the input plain text is divided into fixed size of blocks and then encrypted. Block ciphers are mainly characterized by the block size and its key. Here, though a fixed size block is used for encryption, still the cells only which contain the data are encrypted, the vacant cells on the board are not considered for the encryption. This speed up the process and key variable key length shorter [17]. Symmetric keys mean same keys are used for encryption and decryption. The algorithm provides three layers of encryption. One through character set mapping and the second layer through placement of the snakes and ladders on the board and third through the snake and ladder game moves. The sender and the receiver should have the same interface setup so that pre-decided objects can be shared before the encryption and decryption process begins through the secured channel.
Sample plain text considered for the purpose of illustration is "SMILE IS JOY". Length of the plain text including the blank space is 12 characters.
Character Set -The plain text will be first mapped to the characters set and an intermediate cipher text will be generated. There are 'n' number of character sets pre-decided between the sender and the receiver available to both when the algorithm interface is installed from the setup file.
Here for the illustration following character set is considered given in Table I. As for the alphabets, numbers can also be mapped to the character set.
Level 1 encryption-the given plain text 'SMILE IS JOY' will be mapped to intermediate cipher text as illustrated in Fig. 3.

B. Snake and Ladder Board
The game board is of the size 4x4, consisting of 16 cells. Fig. 4 shows the pattern for inserting the plain text data is always from left to right direction, whereas the traversal of data alternates in direction every time. A minimum of two snakes and two ladders adds sufficient complexity to the data. As the size of input data increases the board size also can be increased and so are the number of snakes and ladders on the board.

C. Snake and Ladder Encryption Algorithm
Step 1: Create a 4x4 board and select any one arrangement of the snakes and ladders from the predetermined set.
Step 2: Place the level 1 encrypted text onto the 4X4 board.
Step 3: Note the last data entry cell on the board. (This step ensures that the vacant cells are not traversed, hence less time taken for encryption process.).
Step 4: Point the 'marker' to the first cell on the board and roll the dice till all of the entries on the board are visited at least once. Simultaneously, frame the data from the visited cells into a sequence, which is our cipher text to be transmitted or stored.
Step 4.1: Travel the cells on the boards depending on the count on the dice.
Step 4.2: At the end of the traversal for that particular move, if a ladder is encountered-climb up and record the data in the cell in to the cipher text sequence. Similarly, if a snake is encountered-drop down and again record the data in the cell in to the cipher text sequence.
Step 4.3: At any point of time if looping takes place, i.e. dice and cell on the board remain same, do not record the data and roll the dice till the number on the face of dice is different. This resolves looping.
Step 5: If the current cell visited on the board is the last cell, check if there exist any unvisited cells on the board. (Unvisited entries may be due to sudden climbing using ladder or dropping down through the snake). Repeat the process till all cells on the board have been visited at least once. Fig. 5 shows the mapped text on the game board with snakes and ladders already placed on the game board. Table II provides stepwise execution of the encryption algorithm.

All entries are visited on the board
Final Cipher Text Generated is shown in Fig. 6, which consists of 17 characters.

E. Snake and Ladder Key Generation during Encryption
For the decryption of the cipher text at the receiver side, we need a Key that will help us get back the plain text. As the cipher text is generated, simultaneously the key is also generated. The key is the numbers on the face of dice plus the pattern number for the board arrangement for snake and ladder plus the character set pattern used.

VI. SECURITY ASPECT
In this section, we will analyze the strength of the snake and ladder algorithm against several types of attacks. Snake and Ladder Cryptographic algorithm provides three levels of security.
Level 1: First, in the form of character mapping set. The set consist of 68 characters mapped uniquely to each other. For every encryption, the character mapping will be changed. If any intruder tries to guess the mapping it will be difficult to select from 24800355424368305996009904185691715810473992013553 67672371710738018221445712183296000000000000000 options, that is 68! (68 factorial). This step considerably increases the security in a simple manner.
Level 2: Second, in terms of the placement of the snakes and ladders on the board. The board is selected of 4x4 as it can hold average length of information like student name, roll number, subject name, etc. Depending upon the data length per student, the size of the board can be increased to 5x5 or 6x6 accordingly. For every encryption, the number of snakes and ladders can be decided and a different arrangement of snakes and ladders can be selected from the predefined pattern.
For the current illustration, a board of 4x4 consists of 2 snakes and 2 ladders, sufficient for adding complexity to the encryption process. When the interface will be setup between the sender and the receiver, these predefined patterns and arrangements will be known to both. So, during encryption, along with the key the unique pattern identification number is to be attached before transfer of the cipher text.
Understanding the complexity provided by the placement of snakes and ladders -consider, the 4x4 board with two snakes and two ladders. Initially, total available cells on the board for the placement were 16. Placing the 1st snake -16 277 | P a g e www.ijacsa.thesai.org options available, placing 2nd snake -15 options available, placing 1st ladder 14 options available, placing 2nd ladder -13 options available. It is difficult to gauge the positions by simple guessing.
Level 3: Third, the algorithm itself. The manner in which the cipher text will be generated by rolling the dice will be different every time. And occurrences of the snakes and ladders in the route will change the course of cipher text generated. Now, we will slide through several types of attacks possible during encryption and how the algorithm provides resistance to them.
Ciphertext Only Attacks -In this kind of attack, the encrypted message is intercepted by the attacker. This attack will be successful only if the corresponding plain text is retrieved from the encrypted message.
The Snake and Ladder algorithm has a huge initial character base to transform the plain text into unmeaningful message. The cipher text characters are further jumbled by the movements in the game. So, it is impossible for the attacker to know the plain text within a finite time without the authentic keys.
Known Plaintext Attack − The attacker knows the partial plaintext for the generated ciphertext. So, the attacker's task is to study the remaining cipher text, derive the key if possible and get the plain text.
The Snake and Ladder algorithm holds an advantage with respect this attack. Since, the plain text is neither used as direct part of cipher text nor as part of key formation, and even if the attacker knows that it is the student data that the algorithm is dealing with, it cannot conclude anything directly only from the cipher text.
Man in Middle Attack -Mostly, this attack can target the public key cryptosystems. Here, key exchange has to take place before communication begins.
In the Snake and Ladder algorithm, since key is simultaneously generated with the cipher text and also transmitted with it, this attack does not affect the encryption algorithm.
Chosen Plaintext Attack -The attacker has the ability to encrypt plain text of his choice and generate corresponding cipher text in the given system. By performing this act, the attacker tries to study the relation between plain text to cipher text generation.
In the Snake and Ladder algorithm, at level one itself the attacker will have to go through and execute 68! possibilities.
Brute Force Attack -Try several combinations of keys, to decrypt the cipher text.
In the Snake and Ladder algorithm, though the dice has only 6 faces, we don't know how many times it will be rolled, because the dice rolling depends on the length of the text to be encrypted when it is placed on the board. This is the advantage of the variable nature of the key, which makes it difficult to guess what it is. And if one tries to do so, it might require exponential time [18] [19].
Running Time Analysis -the problem statement is -with how many minimum dice rolling can the text on board be traversed at least once. There are three important factors affecting this, one is the number of filled places on the board, second variable number of snakes and ladders do affect the traversal and the number appearing on the dice face.
For illustration, a 4X4 board was considered, means total number of blocks to be traversed 16. So, running time would be close to O (16 * C), where C is a constant and dice is assumed to have 6 faces. 16 because the block has to be visited at least once. C includes the time including waiting for the dice to roll again and repetitive traversal of the blocks, and climbing up and down the ladders and snakes, respectively. General running time is O (N * D * C) where N is the number of blocks on the board, D is the number of faces on the dice, if dice of a greater number of faces used and C remains the constant.

VII. ADVANTAGES AND DISADVANTAGES OF THE SNAKE AND LADDER ALGORITHM
A. Advantages • The nature of the game makes the moves during the encryption unpredictable, which strengthens the cipher text.
• Time required for execution is comparatively less as the encryption is not done on entire block but only the part of data present in it.
• Key generation is simultaneous to encryption process.
• Rolling the dice makes the key Variable in length and the Variable key makes it difficult for the attackers to predict the nature of the key.
• Though, there are large number of students, each student's data in a school / college repository is limited to certain details. Hence, encrypting this short length data with this flexible size algorithm avoids unnecessary space and time complexities.
• Considering the best or average time cases (number on the dice face from 6 to 4, every time it rolled) the algorithm can be considerably fast or average during encryption.

B. Disadvantages
• As the board size increases, the complexity for the algorithm's implementation increases.
• Considering the worst case (number on the dice face from 3 to 1, every time it rolled) the algorithm can be a bit slow during encryption.

VIII. CONCLUSION
The 'randomness' of the 'dice', 'movements' on the 'board' add the twist to the generation of the cipher text just as required. Since, student data can be categorized into distinct fields like their first name, last name, date of birth etc. this algorithm on the board of 4x4 is most suitable to encrypt the 278 | P a g e www.ijacsa.thesai.org data part by part and store it in the same manner. Though there exist several cryptographic algorithms that provide cipher text, the Snake and Ladder algorithm consumes minimum time and generates the cipher text in length close to the length of plain text and key length is maintained less than cipher text length, hence reducing overall processing time.
Future research could examine improving the key transmission from sender to the receiver. Also, improvements in hardware can considerably increase the efficiency of the algorithm.
As mentioned before, the student data breach can have devastating psychological effects on the students. The pillars of the nation have to be necessarily protected against these hidden cyber-attacks. Ensuring the confidentially of the student data while collecting, proper cryptographic techniques to be used while storing or transmitting, and enforcing strict laws modified according to the emerging cyber-attacks are some of the basic steps that need to be enforced by the concerned authorities.