Cryptography using Random Rc 4 Stream Cipher on SMS for Android-Based Smartphones

Messages sent using the default Short Message Service (SMS) application have to pass the SMS Center (SMSC) to record the communication between the sender and recipient. Therefore, the message security is not guaranteed because it may read by irresponsible people. This research proposes the RC4 stream cipher method for security in sending SMS. However, RC4 has any limitation in the Key Scheduling Algorithm (KSA) and Pseudo Random Generation Algorithm (PRGA) phases. Therefore, this research developed RC4 with a random initial state to increase the randomness level of the keystream. This SMS cryptography method applied the processes of encryption against the sent SMS followed by decryption against the received SMS. The performance of the proposed method is evaluated based on the time of encryption and decryption as well as the average correlation value. Based on the time, it shows that the length of the SMS characters sent affects the time of encryption and decryption. Meanwhile, the best correlation value achieved 0.00482. Keywords—Cryptography; SMS security; RC4 stream cipher; random initial state; correlation value


I. INTRODUCTION
Cryptography is a science to protect data or information from irresponsible people by turning it into a form where the attacker cannot recognize the data or information while in the processes of storing and transmitting [1].Moreover, it can be applied to communication services through wireless systems for the communication applications of cellular and wireless [2].It consists of two-phase, namely encryption and decryption.The encryption is implemented to make data unreadable, invisible or incomprehensible during transmission or storage.While the opposite of it is decryption to reverse the encryption data become an original text [3].Nowadays, there are various types of smartphones are widely used by the public, one of them is an Android-based smartphone.However, SMS service has not a security method on Android smartphones.SMS is a text messaging service that allows cellular customers to send the text to each other.Global System for Mobile Communication (GSM) uses as a tool for sending SMS messages.SMS message sent by the user, then it was stored by the SMSC to forward to the target mobile device.SMSC uses a store-and-forward technique to store messages to forward it to the target device.If the Home Location Register (HLR) of the target mobile device is active, then SMSC will transfer the SMS message to target mobile device.SMSC receives the verification message that confirms the delivery status of SMS message to the target mobile device [4].The maximum length of an SMS without the image/graphic is 160 characters using 7 bits or 70 characters using 16 bits of character encoding [5].
Cryptographic methods are divided based on key-based and keyless [6].Several conventional keyless cryptographic methods have implemented for improving data security such as Caesar ciphers [7], Vigenere ciphers [8], [9], Zigzag ciphers [10], and Playfair cipher [11].Those methods are more complex and consume a significant amount of power when applied in the resource-constrained devices for the provision of secure communication [12].Another method that has used is key-based with Symmetric Cryptography.The type of encryption that used is to provide end-to-end security to SMS messages.This method is appropriate for mobile devices because of limited resources, namely limited power/energy, insufficient memory, and less processing power [4].The examples of symmetric key cipher block cryptography are AES, DES, and 3DES [3].
Several methods have been performed on SMS services such as AES [13,14], Blowfish [5,15], One-Time Pad Cipher [16], MNTRU [17], Certificate-Less Public Key Cryptography (CL-PKC) to Authentication over a GSM System [18].Several previous works have developed RC4 for WEP [19], combined RC4 with a genetic algorithm [20] and compared RC4 with other methods.RC4 is one of the most popular stream ciphers in symmetric key cryptography since it uses in several security protocols.Moreover, it has the higher speed and the lower complexity than other stream ciphers.The data of statistics show that the RC4 algorithm is used to protect 50% of TLS traffic as the most widely used secure communication protocol on the internet nowadays [21].RC4 has a secret internal state and works by generating the pseudorandom stream of bits [22].The internal state of RC4 consists of an S-box array permutation of 256 bytes from the number 0...., N -1 and two indices i, j ∈ {0,. . ., N -1}.The index i is determined and known to the public, while j and Sbox permutations remain confidential [23,24].The RC4 algorithm consists of the Key Scheduling Algorithm (KSA) used for initializing S-box using variable length key and Pseudo-Random Generation Algorithm (PRGA) to generate keystream bytes.
In the previous researches, RC4 stream cipher compared to AES [25] shows that the performance of RC4 is better than AES which based on the throughput, CPU processing time, memory utilization, encryption time and decryption time.Subsequently, RC4 compared to Blowfish method [17] shows that RC4 has better encryption performance while Blowfish www.ijacsa.thesai.orghas better decryption performance for small message texts.However, RC4 has better performance in power consumption for communication.Furthermore, the comparison of RC4 with RSA [23] shows that the algorithm of RC4 better than RSA based on the presented experimental and analytical results of both algorithms evaluated.RC4 has more excellence in execution speed and throughput compared to several other cryptographic methods such as VMPC, HC-128, HC-256, Salsa20 and Grain [24].Nevertheless, RC4 has a limitation in the KSA and PRGA phases due to the initialization process which produces sequential numbers (0,1,2, ..., 255) that may provide the opportunities for hackers [26].The development of RC4 with a random initial state will increase the randomness level of the keystream produced by RC4 [23,24].
The development of cryptography in SMS service security is an important and challenging issue.It caused the hackers may steal the contents of the original message of the SMS sent.This research proposed a cryptography method using the RC4 stream cipher on SMS for Android-based smartphones to overcome this issue.The contribution of this research is the use of the initial random state to increase the randomness level of the keystream.This method is expected to increase the level SMS service security.

II. RESEARCH METHOD
This research aims to implement cryptography on SMS for Android-based Smartphones using the RC4 stream cipher method with a random initial state to increase the randomness level of the keystream.The proposed method consists of two main stages, namely encryption, and decryption.The illustration of the cryptography system on sending the message via SMS is shown in Fig. 1.Based on Fig. 1, the initial process of this system is the sender and receiver as the user must apply the process of login.Afterward, in the encryption process, the sender should send the message (plaintext) and the key simultaneously.The message is sent as ciphertext as the implementation result of the RC4 method.Subsequently, the information of the sender's identity, key, and keystream are saved in the server.Meanwhile, in the decryption process, the receiver who has successfully login receives the ciphertext, key, and keystream from the server according to the message.Messages can be decrypted into plaintext based on the key similarity during message encryption.There are several similar processes in the stage of encryption and decryption, namely, (1) convert the plaintext/ciphertext to byte, (2) S-Box initialization with a random initial state, (3) S-Box permutation, and (4) generate pseudorandom byte to obtains the keystream.The keystream is used to implement XOR operation between the plaintext and ciphertext in a byte.The difference in both stages is in the process of saving the random initial state results and the key in the encryption process.In the decryption process, the results of the random initial state and keys select from the database based on the message to carry out the subsequent process.The detail process of the proposed method is depicted in Fig. 2.

A. Encryption
In this work, encryption is applied to encode the messages sent with the aim only the authorized people whose can access the messages.KSA phase of this work, RC4 allow producing the similar state even though two different keys used and a similar keystream output generated.This case is known as a key collision or related key pairs [27].It is caused by the initialization process which produces the numbers of 0, 1, 2, .., 255, sequentially which opens opportunities for hackers.The proposed method of the RC4 stream cipher with a random initial state will increase the randomness level of the keystream.Development in KSA phase produces N values from 0 to N-1 without duplication by a pseudo-random number generator which distributes as an additional secret key.The steps of the encryption process in this work are as follows: www.ijacsa.thesai.org 1) Get the ASCII values from the messages sent as the plaintext then they are converted to bytes.
2) In KSA phase, the initialization of the S-Box array with a random initial state followed by saving the key and the S-Box permutation.This step is implemented to produce random values between 0 and 255 without duplication.
3) Initialize the keys array then save it.4) S-Box permutation is performed against the values in the S array by exchanging the contents of the S [i] with S [j].
The Pseudocode of this step is as follows: Input in KSA phase is Plaintext L, Keys k, and N where the message length of plaintext L is the initial key length in bytes, N is the size of the array S, and i and j are indexed pointers.The output of this phase is the array S.

5) In the PRGA phase, retrieving the values of S [i] and S
[j] aims to sum up those values in the form of modulo 256.This phase obtains a keystream.The Pseudocode of this step is as follows: Input in PRGA phase states S where N is the size of the array or state S, and i and j are indexed pointers.The output of this phase is array byte of Kseq using for XOR-ing with plaintext for obtaining ciphertext.
7) Send the SMS message as ciphertext.

B. Decryption
The input of this stage is ciphertext.Decryption aims to reproduce the plaintext, which performed by decoding the ciphertext.The steps of the decryption process are as follows: 1) Get the ASCII values from the received message as the ciphertext then they are converted to bytes.
2) The initialization of the S-Box array in KSA has applied the similar step as in encryption based on the saved key.
3) Get the key based on the message.4) The processes of S-Box permutation and generate Pseudorandom byte are performed similarly as in encryption.
6) Receive the decrypted message as plaintext.

III. RESULT AND ANALYSIS
This research used 225 message SMS with variations in character length as experimental data.Those data were sent using four smartphones with different specification.The specifications of the smartphone are summarized in Table 1.
The proposed method was evaluated based on the time of encryption and decryption as well as the correlation value between plaintext and ciphertext.The correlation value indicates the quality of encrypted data.This value lies between -1 and 1.The correlation value is defined as follows [28]: Where r is the correlation value, x is the ASCII code value of plaintext and y is the ASCII code value of ciphertext.The correlation value should be close to 0 for a good method.
The proposed method aims to encode the SMS message sent as plaintext to ciphertext using the key with the RC4 with a random initial state.Several examples of the encryption result in the form of ciphertext obtaining based on the plaintext and key is shown in Table 2.The evaluation of this proposed method divides into two ways based on the time of encryption and decryption, and the value of the correlation between plaintext and ciphertext.1.The performance of this proposed method based on the time evaluation against the SMS message and key with the various length of the character as shown in Table 2. Furthermore, the performance comparison of this proposed method based on the time of encryption and decryption in four types of smartphones is depicted in Fig. 3. Based on the experiment result as shown in Fig. 3, the time of encryption and decryption is influenced by the smartphone specification and the number of characters of the SMS message.Related to the smartphone specification, the time of encryption and decryption of Version 5.0 is faster than Version 6.0 due to the processor speed of Version 5.0 higher than Version 6.0 are 2.2 GHz and 1.8 GHz, respectively.In addition, the specification of RAM and the number of applications that are running on the smartphone may affect the time of encryption and decryption.Moreover, the increasing number of characters in an SMS message cause the time of the encryption and decryption to become longer.

B. Evaluation based on the Correlation Values
This research also evaluated the quality of encrypted data which obtains by the proposed method based on the correlation values.Low correlation value (close to 0) indicates that the encryption system is becoming more secure [26].The correlation values are computed based on the ASCII values of plaintext and ciphertext using Eq.(1).All correlation values which generated from 225 examples of experimental data are summarized in Fig. 4. Based on the result is presented in Fig. 4, the correlation values of the best, the worst and the average achieve of 0.00337, 0.53716 and 0.10188, respectively.These results indicate that the increasing number of characters in the SMS message and the key, the correlation value is getting closer to 0. In this research, the correlation value is getting closer to 0 if the number of keys and plaintext character more than 30 and 25, respectively.Otherwise, the correlation value tends to closer to 1.The resulting correlation value only influenced by the number of characters from the plaintext and the key used but not affected by the smartphone specification used.
Furthermore, this research also calculated correlation values based on the plaintext and ciphertext which produced by other methods, namely Vigenere and Playfair.A summary of the performance comparisons between those methods and the proposed method is presented in Table 3. Table 3 shows that the proposed method produces the lowest correlation value of 0.10188.It indicates that the quality of the encryption data of the proposed method yields the best result than the other methods.This paper developed the RC4 method with a random initial state.The random initial state is needed to increase the randomness of the keystream so that this method is safer than RC4 without a random initial state.The proposed method evaluated using 225 data.Based on the evaluation result, the time of encryption and decryption is influenced by the characters, number of the SMS message and the key as well as the smartphone specification.Meanwhile, the correlation value is only affected by the characters number of the SMS message and the key.The correlation value of the proposed method shows an improvement compared to the method of Vigenere and Playfair.For future works, other cryptographic methods are still possible to be developed to reduce correlation values.

Fig. 1 .
Fig. 1.The Illustration of the Cryptography System.

Fig. 2 .
Fig. 2. The Stage Diagram of the Proposed RSA Method.

Fig. 4 .
Fig. 4. The Evaluation Results of the Quality of Encrypted Data based on the Correlation Values of the Plaintext and Ciphertext.

TABLE I .
THE SPECIFICATION OF THE VARIOUS SMARTPHONES

TABLE II .
THE RESULT OF ENCRYPTION USING THE PROPOSED METHOD