Securing Audio Using AES-based Authenticated Encryption with Python Securing of files utilizing symmetric

: The focus of this research is to analyze the results of encrypting audio using various authenticated encryption algorithms implemented in the Python cryptography library for ensuring authenticity and confidentiality of the original contents. The Advanced Encryption Standard (AES) is used as the underlying cryptographic primitive in conjunction with various modes including Galois Counter Mode (GCM), Counter with Cipher Block Chaining Message Authentication Code (CCM), and Cipher Block Chaining (CBC) with Keyed-Hashing for encrypting a relatively small audio file. The resulting encrypted audio shows similarity in the variance when encrypting using AES-GCM and AES-CCM. There is a noticeable reduction in variance of the performed encodings and an increase in the amount of time it takes to encrypt and decrypt the same audio file using AES-CBC with Keyed-Hashing. In addition, the corresponding encrypted using this mode audio spans a longer duration. As a result, AES should either have GCM or CCM for an efficient and reliable authenticated encryption integration within a workflow.


Introduction
Cryptography is used worldwide for adhering to the security CIA triad: confidentiality, integrity, and availability. In an environment where mobile devices have become ubiquitous, voice messages are more common than one may think. In 2018, it was reported that about 200 million voice messages are delivered over WhatsApp daily [1]. Being able to intercept and alter voice messages without the other party knowing can result in unintended altercations. Furthermore, IoT devices that rely on direct communication with humans can also have consequences if voice commands are modified by an adversary. Cryptographic implementations rooted in authentication can be used to help keep these communications genuine.
The framework of authenticated encryption schemes assures authenticity and confidentiality of information. These schemes can be constructed in many ways, which includes joining symmetric and block ciphers to meet modern security standards. The Advanced Encryption Standard (AES), originally coined as Rijndael in 1998, is a symmetric block cipher that is practically impossible to break by brute-force. AES has proven to be useful for maintaining confidentiality and integrity of message data in multimedia when combined with digital signatures [2]. It is worthwhile to further analyze how AES can be used with different modes to encrypt audio and provide perspective on which implementations prove to be more effective than the others.
Authors in [3] demonstrate the efficiency of using AES over DES for audio file encryption via simulations utilizing tools provided in MATLAB; however, this fails to capture the dimension of authenticity to ensure messages are not altered by the time they reach the other party involved. Furthermore, performing encryption on sensitive data is inherently safer when done using pre-built libraries as opposed to hands-on, Preprints (www.preprints.org) | NOT PEER-REVIEWED | Posted: 9 August 2021 doi:10.20944/preprints202108.0185.v1 reconstructed implementations. The Python cryptography library provides such a framework [4]. In this paper, built-in authenticated encryption primitives from this library are used for encrypting audio and the results are primarily analyzed for their variance, speed, and reliability.

Materials and Methods
The approach presented is intended to give an overview of various AES-based authenticated encryption algorithms as methods for encrypting audio. An original audio file is used as a reusable input for encryption by a handful of cryptographic primitives. In this section, a brief description of each algorithm used for investigation is provided in the context of the Python cryptography library. In addition, initial analysis of the original audio file as a baseline. Source code can be found on Zenodo [5].

AES Galois Counter Mode (AES-GCM)
The AES-GCM is an authenticated encryption scheme with the support of providing integrity for associated data as an extra layer of security. AES-GCM requires a key of either 128, 192, or 256 bits. Once generated using AESGCM.generate_key and passed into the AESGCM constructor, a random 12-byte one-time nonce, recommended length, needs to be created. Messages can then be encrypted using the nonce, data for encryption, and the unencrypted associated data.

AES Counter with Cipher Block Chaining Message Authentication Code (AES-CCM)
Like AES-GCM, AES-CCM is also an authenticated encryption scheme with the support of providing integrity for associated data as an extra layer of security. AES-CCM requires a key of either 128, 192, or 256 bits. In addition, an authentication tag of either 4, 6, 8, 10, 12, 14, or 16 bytes is required. For secure purposes, 16-bytes is the default length. Once the key generated using AESCCM.generate_key and the authentication tag length are set, these are passed into the AESCCM constructor. Afterwards, a random 7 to 13 byte one-time nonce needs to be created. Messages can then be encrypted using the nonce, data for encryption, and the unencrypted associated data.

Fernet: AES Cipher Block Chaining (AES-CBC)
Fernet is an algorithm that utilizes multiple cryptographic primitives; furthermore, Fernet is an implementation of AES-CBC using a 128-bit key for encryption with PKCS7 padding and HMAC using SHA-256 for authentication. For HMAC purposes, a password and salt are used as a part for generating the key for AES-CBC to use in the Fernet constructor. Afterwards, encrypting the message is as simple as passing it to the Fernet encrypt method.

Original Audio
The algorithms described are used to encrypt bytes of an audio file. The duration of the file, in seconds, the original wave plot, scatter plot, and number of distinct data points generated from the audio file are shown Figure 1(a-b) respectively.   From a listening standpoint, all encrypted audio files consist of white noise as wave plots show this in Figure 2(a), Figure 3(a), and Figure 4(a). This can also be heard when playing the encrypted audio in the respective cells in the encrypted-audio-analysis.ipynb file [5]; thus, using any of the investigated primitives will produce incoherent mp4 files for transfer.

Results
The number of distinct values is drastically smaller when using AES-CBC for encryption. This can be seen when comparing the wave scatterplots shown in Figure 2(b), Figure  3 Table 1 shows negligible differences between the AES-GCM and AES-CCM algorithms when referencing the various statistics collected after encrypting the original audio file. When these algorithms are used for encrypting and decrypting the audio file, it takes about the same amount of time to perform the respective cipher operations. When running the corresponding algorithms using AES-CBC, the scale factor for encryption is 5 and the scale factor for decryption is 6.
The encrypted file duration for AES-CBC is two seconds longer than the ones generated using AES-GCM and AES-CCM, as they both maintain the duration of the original audio. As for the distinct values and variance produced, AES-GCM and AES-CCM show similar outputs. Minimal differences can be attributed to the random nonce used when the primitives are generating keys. When using AES-CBC for encryption, the number of distinct values and variance is drastically smaller. This may be ideal as the mapping encrypted space is smaller; however, the duration it takes and resulting file size imply otherwise when intended for implementation.

Discussion
Based on the presented findings, any of these algorithms can be chosen for encrypting small audio files when it comes to the context of sending and receiving messages; however, encrypting with AES-CBC results in a larger file size, which may cause hassle when trying to communicate a longer voice message to one another. AES-GCM or AES-CCM are recommended for audio encryption, choosing one of these two algorithms should then be decided based on the underlying specifications desired for integrating within a communication workflow. Since authenticated encryption algorithms are used as the underlying framework, confidentiality and integrity are assumed; thus, meeting standards for guaranteed genuine communication between two parties and preventing audio tampering attacks.
Limitations of this brief study include only using cryptographic primitives from the Python cryptography library and the usage of only a single original audio file for analysis. Future directions include running multiple simulations with audio files of various sizes, using other metrics of analysis, and determining if there may be cases where an algorithm like AES-CBC should be used for encryption. Implementing these algorithms in a communication system for the purpose of practical usage and performing analyses from a consumer perspective to measure quality would determine the extent in which utilizing such algorithms are practical.
Selecting suitable cryptographic primitives for encrypting different types of media can be difficult. The results from this brief study give insight to how using different primitives from the same framework can affect the variance, speed, and distinctness of encrypted output using a relatively small audio file. When using the Python cryptography library, AES-GCM or AES-CCM should be used for encrypting audio communication to achieve larger variance and faster encryption and decryption times for successfully maintaining confidentiality and integrity.
Funding: This research received no external funding