A Hybrid Security Algorithm AES and Blowfish for Authentication in Mobile Applications

Nowadays, everything is within our grasp and with the mobile phones become easier. Its use is not limited to calls and SMS but has become a tool that can be used to serve business transactions, banking, academic of data through mobile applications. Tus, the security of authentication in the mobile application needs to be improved to avoid a hacker attack. This article presents an authentication in the mobile application to the server using a hybrid of cryptographic algorithm Advanced Encryption Standard (AES) and Blowfish. AES and Blowfish is a symmetric key algorithm is very fast and powerful. With the utilization of a large block size of AES and Blowfish to encrypt keys, AES security will be much more robust and complicated to attacked. So, it will be difficult for hackers to perform Man in the Middle (MitM) attacks.


INTRODUCTION
Something very surprising to us that cryptography introduced thousands of years ago by the Egyptians used symbols, is believed to be the first use of cryptography [1]. Cryptography has grown, not only paper, but it has become more involved by utilizing equipment and techniques are more complicated.
Cryptography is very desirable, and data security becomes incomplete without accompanying cryptographic methods. The cryptographic method consists of two methods; one is symmetric, and another is an asymmetric process. In the symmetric key cryptography, requires the same key to encrypt and decrypt a message [2].
In this paper, we will learn the basic algorithms of common AES and Blowfish. Both are encrypted using a symmetric key algorithm using a block cipher. AES and Blowfish are the most efficient and secure algorithms [3]. The server receives the username and password had encrypted using AES and Blowfish algorithm. Applications developed using the Java Programming Language, while the recipient's server using PHP Language to perform user description and password.

METHODS
Cryptographic algorithms have classified as the symmetric and asymmetric method. Symmetric Symmetric methods such as AES and Blowfish are using a same secret key for encryption and decryption. They have the strength and fast encryption or decryption [4]. Encryption and decryption process of the symmetric method shown in Figure 1.

Asymmetric
Asymmetric methods use the public key for encryption and decryption need private key [4]. Everyone may know the public key; the sender's public key obtained from the receiver and use it to encrypt text into ciphertext. The receiver uses a private key to decrypt ciphertext into plaintext [1]. Encryption and decryption process of the symmetric method shown in Figure 2. Blowfish encryption algorithm is the most efficient in processing time and power consumption compared with another symmetric algorithm [3], [9]. Blowfish algorithm was designed in 1993 by Bruce Schneier to achieve goals like 1) Speed, 2) compactness, 3) Simplicity and 4) Flexibility of key size [10]. Hardware applications can optimize Blowfish algorithm [11]. Figure 3 shows the Blowfish algorithm that consists of two parts, the key expansion and data encryption section. Extension key lock switches 448 bits into several subkey AES dan Blowfish. Aplikasi yang digunakan oleh user menggunakan Bahasa pemrograman Android, sedangkan server penerima menggunakan Bahasa PHP untuk melakukan deskripsi user dan password.

II.
Encryption Methodology Cryptographic algorithms are classified as symmetric and asymmetric method.
A. Symmetric Symmetric methods such as AES and Blowfish are use same secret key for encryption and decryption. They have strength and fast encryption/decryption [4].Encryption and decryption process of symmetric method shown in Figure 1. B. Asymmetric Asymmetric methods use public key for encryption and need private key to decryption [4]. Publik key boleh diketahui oleh semua orang, pengirim mendapatkan public key dari penerima dan menggunakannya untuk mengenkrip text yang akan dikirim. Penerima menggunakan private key untuk mendekrip Plaintext Encryption Ciphertext Decryption Plaintext key key chipertext menjadi plain text [1]. Encryption and decryption process of symmetric method shown in Figure 2.

Plaintext
Encryption Ciphertext

Decryption Plaintext
Public key Private key LGORITHMS erview for both common lowed analyze the security ption standard to be Institute of Standards and an IBM team around 1974 in 1997 [7]. shown in Fig.1  Against full 16-round DES, this attack can recover the key with an average of 243 known plaintexts. A software implementation of this attack recovered a DES key in 50 days using 12 HP9000/735 workstations which is the most effective attack so far [15]. Linear cryptanalysis is newer than differential cryptanalysis and it is efficient against reduced round DES variants.
From above analysis, DES can provide a certain security guarantee in some degree by optimizing the construction of S -boxes.
Bruce Schneier show differential cryptanalysis on Blowfish is possible either against a reduced number of rounds or with the piece of information which describes the F function. However, the boxes are well designed to resist to an attacks while they are randomly generated in Blowfish [16]. As we know, there is no successful cryptanalysis against Blowfish. The Advanced Encryption Standard (AES) is the United States Government's Federal Information Processing Standard for symmetric encryption, and original Rijndael algorithm to be substantially [5]. AES is a combination of robust algorithms and secure keys. This algorithm has a variable key length, such as 128, 192, and 256 resulting in a level of speed and various security [1].
Although the AES algorithm is secure, still needs to be improved using a hybrid with other algorithms, to avoid attacks the which occur due to the vulnerability of the Sbox in AES algorithm [3]. AES is a symmetric block cipher with 10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys [6]. Figure 4 shows the flowchart unoptimized encryption and decryption of AES with 11 rounds [7].
Every round has several processing steps, which are Byte Sub, Shift Row, Mix Column and Add Round Key [8].

RESULT AND DISCUSSION
Author developing authentication application for evaluating two symmetric encryption techniques which are AES and Blowfish. It has been developed using a Java Programming Language by Sun Microsystems. Almost all mobile phones include this programming platform. The authentication application was created using Android Studio. The official Android IDE from Google to build Android apps.
Users enter a username and password into the application then encrypted by authentication application uses the AES algorithm with a key that has been encrypted by Blowfish algorithm to produce ciphertext. The destination server receives ciphertext; then the server performs decryption using the AES algorithm with a key that is encrypted by Blowfish algorithm. Figure 5 shows the encryption process is carried out by the application and decryption are done by the recipient server.

CONCLUSION
A hybrid security algorithm AES and Blowfish for authentication implemented on Android and the receiver server. Build it in the software, and it works quickly and efficiently, even on small devices such as smartphones. With a big block size and longer keys using 128-bit blocks and with 128, 192, and 256-bit keys, AES will provide more security in the long term. A hybrid security algorithm AES and Blowfish for authentication can prevent hackers to perform Man in the Middle (MitM) attacks.