A parallel block-based encryption schema for digital images using reversible cellular automata

AbstractWe propose a novel images encryption schema based on reversible one-dimensional cellular automata. Contrasting to the sequential operating mode of several existing approaches, the proposed one is fully parallelizable since the encryption/decryption tasks can be executed using multiple processes running independently for the same single image. The parallelization is made possible by defining a new RCA-based construction of an extended pseudorandom permutation that takes a nonce as a supplementary parameter. The defined PRP exploit the chaotic behavior and the high initial condition's sensitivity of the RCAs to ensure perfect cryptographic security properties. Results of various experiments and analysis show that high security and execution performances can be achieved using the approach, and furthermore, it provides the ability to perform a selective area decryption since any part of the ciphered-image can be deciphered independently from others, which is very useful for real time applications

Recent Advancements on Symmetric Cryptography Techniques -A Comprehensive Case Study

Now a day2019;s Cryptography is one of the broad areas for researchers; because of the conventional block cipher has lost its potency due to the sophistication of modern systems that can break it by brute force. Due to its importance, several cryptography techniques and algorithms are adopted by many authors to secure the data, but still there is a scope to improve the previous approaches. For this necessity, we provide the comprehensive survey which will help the researchers to provide better techniques

Neural network-based double encrption for JPEG2000 images

The JPEG2000 is the more efficient next generation coding standard than the current JPEG standard.It can code files witless visual loss, and the file format is less likely to be affected by system file or bit errors.On the encryption side, the current 128-bit image encryption schemes are reported to be vulnerable to brute force. So there is a need for stronger schemes that not only utilize the efficient coding structure of the JPEG2000, but also apply stronger encryption with better key management.This research investigated a two-layer 256-bit encryption technique proposed for the JPEG2000 compatible images.In the first step, the technique used a multilayer neural network with a 128-bit key to generate single layer encrypted sequences. The second step used a cellular neural network with a different 128-bit key to finally generate a two-layer encrypted image. The projected advantages were compatible with the JPEG2000, 256-bit long key, managing each 128-bit key at separate physical locations, and flexible to opt for a single or a two-layer encryption. In order to test the proposed encryption technique for robustness, randomness tests on random sequences, correlation and histogram tests on encrypted images were conducted.The results show that random sequences pass the NIST statistical tests and the 0/1 balancedness test; the bit sequences are decorrelated, and the histogram of the resulting encrypted images is fairly uniform with the statistical properties of those of the white noise

A reversible system based on hybrid toggle radius-4 cellular automata and its application as a block cipher

The dynamical system described herein uses a hybrid cellular automata (CA) mechanism to attain reversibility, and this approach is adapted to create a novel block cipher algorithm called HCA. CA are widely used for modeling complex systems and employ an inherently parallel model. Therefore, applications derived from CA have a tendency to fit very well in the current computational paradigm where scalability and multi-threading potential are quite desirable characteristics. HCA model has recently received a patent by the Brazilian agency INPI. Several evaluations and analyses performed on the model are presented here, such as theoretical discussions related to its reversibility and an analysis based on graph theory, which reduces HCA security to the well-known Hamiltonian cycle problem that belongs to the NP-complete class. Finally, the cryptographic robustness of HCA is empirically evaluated through several tests, including avalanche property compliance and the NIST randomness suite.Comment: 34 pages, 12 figure

Lightweight image encryption algorithms: design and evaluation

Doctor of PhilosophyDepartment of Computer ScienceArslan MunirIn an era dominated by increasing use of multimedia data such as images and videos, ensuring the security and confidentiality of images with real-time encryption is of greatest importance. Traditional encryption algorithms are secure, widely used, and recommended, yet they are not suitable nor computationally efficient for encrypting multimedia data due to the large size and high redundancy inherent in multimedia data. Thus, specialized algorithms for multimedia data encryption are needed. This dissertation explores lightweight image encryption algorithms, specifically designed to address time and resource constraints of realtime image encryption while maintaining the confidentiality and integrity of the multimedia data. The dissertation classifies image encryption based on the techniques used into seven different approaches and analyzes the strengths and weaknesses of each approach. It subsequently introduces and evaluates three novel algorithms designed to encrypt images with low complexity, high efficiency, and reliable security. These algorithms rely on a combination of permutation, substitution, and pseudorandom keystreams to ensure the security of the encrypted images. The first algorithm is based on chaotic systems. The algorithm is implemented using logistic map, permutations, AES S-box, and a plaintext related SHA-2 hash. The second algorithm is based on Trivium cipher. the algorithm is implemented to work on multi-rounds of encryption using pixel-based row and column permutations, and bit-level substitution. For the third algorithm, the Ascon algorithm selected by the National Institute of Standards and Technology (NIST) to standardize lightweight cryptography applications is evaluated for image encryption. To evaluate the proposed algorithms, a comprehensive set of security, quality, and efficiency valuation metrics is utilized to assess the proposed algorithms and compare them to contemporary image encryption algorithms

Designing substitution boxes based on chaotic map and globalized firefly algorithm

Cipher strength mainly depends on the robust structure and a well-designed interaction of the components in its framework. A significant component of a cipher system, which has a significant influence on the strength of the cipher system, is the substitution box or S-box. An S-box is a vital and most essential component of the cipher system due to its direct involvement in providing the system with resistance against certain known and potential cryptanalytic attacks. Hence, research in this area has increased since the late 1980s, but there are still several issues in the design and analysis of the S-boxes for cryptography purposes. Therefore, it is not surprising that the design of suitable S-boxes attracts a lot of attention in the cryptography community. Nonlinearity, bijectivity, strict avalanche criteria, bit independence criteria, differential probability, and linear probability are the major required cryptographic characteristics associated with a strong S-box. Different cryptographic systems requiring certain levels of these security properties. Being that S- boxes can exhibit a certain combination of cryptographic properties at differing rates, the design of a cryptographically strong S-box often requires the establishment of a trade-off between these properties when optimizing the property values. To date, many S-boxes designs have been proposed in the literature, researchers have advocated the adoption of metaheuristic based S-boxes design. Although helpful, no single metaheuristic claim dominance over their other countermeasure. For this reason, the research for a new metaheuristic based S-boxes generation is still a useful endeavour. This thesis aim to provide a new design for 8 × 8 S-boxes based on firefly algorithm (FA) optimization. The FA is a newly developed metaheuristic algorithm inspired by fireflies and their flash lighting process. In this context, the proposed algorithm utilizes a new design for retrieving strong S- boxes based on standard firefly algorithm (SFA). Three variations of FA have been proposed with an aim of improving the generated S-boxes based on the SFA. The first variation of FA is called chaotic firefly algorithm (CFA), which was initialized using discrete chaotic map to enhance the algorithm to start the search from good positions. The second variation is called globalized firefly algorithm (GFA), which employs random movement based on the best firefly using chaotic maps. If a firefly is brighter than its other counterparts, it will not conduct any search. The third variation is called globalized firefly algorithm with chaos (CGFA), which was designed as a combination of CFA initialization and GFA. The obtained result was compared with a previous S-boxes based on optimization algorithms. Overall, the experimental outcome and analysis of the generated S-boxes based on nonlinearity, bit independence criteria, strict avalanche criteria, and differential probability indicate that the proposed method has satisfied most of the required criteria for a robust S-box without compromising any of the required measure of a secure S-box

Securing clouds using cryptography and traffic classification

Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources that can be rapidly provisioned and released with minimal management effort or service provider interaction. Over the last decade, cloud computing has gained popularity and wide acceptance, especially within the health sector where it offers several advantages such as low costs, flexible processes, and access from anywhere. Although cloud computing is widely used in the health sector, numerous issues remain unresolved. Several studies have attempted to review the state of the art in eHealth cloud privacy and security however, some of these studies are outdated or do not cover certain vital features of cloud security and privacy such as access control, revocation and data recovery plans. This study targets some of these problems and proposes protocols, algorithms and approaches to enhance the security and privacy of cloud computing with particular reference to eHealth clouds. Chapter 2 presents an overview and evaluation of the state of the art in eHealth security and privacy. Chapter 3 introduces different research methods and describes the research design methodology and processes used to carry out the research objectives. Of particular importance are authenticated key exchange and block cipher modes. In Chapter 4, a three-party password-based authenticated key exchange (TPAKE) protocol is presented and its security analysed. The proposed TPAKE protocol shares no plaintext data; all data shared between the parties are either hashed or encrypted. Using the random oracle model (ROM), the security of the proposed TPAKE protocol is formally proven based on the computational Diffie-Hellman (CDH) assumption. Furthermore, the analysis included in this chapter shows that the proposed protocol can ensure perfect forward secrecy and resist many kinds of common attacks such as man-in-the-middle attacks, online and offline dictionary attacks, replay attacks and known key attacks. Chapter 5 proposes a parallel block cipher (PBC) mode in which blocks of cipher are processed in parallel. The results of speed performance tests for this PBC mode in various settings are presented and compared with the standard CBC mode. Compared to the CBC mode, the PBC mode is shown to give execution time savings of 60%. Furthermore, in addition to encryption based on AES 128, the hash value of the data file can be utilised to provide an integrity check. As a result, the PBC mode has a better speed performance while retaining the confidentiality and security provided by the CBC mode. Chapter 6 applies TPAKE and PBC to eHealth clouds. Related work on security, privacy preservation and disaster recovery are reviewed. Next, two approaches focusing on security preservation and privacy preservation, and a disaster recovery plan are proposed. The security preservation approach is a robust means of ensuring the security and integrity of electronic health records and is based on the PBC mode, while the privacy preservation approach is an efficient authentication method which protects the privacy of personal health records and is based on the TPAKE protocol. A discussion about how these integrated approaches and the disaster recovery plan can ensure the reliability and security of cloud projects follows. Distributed denial of service (DDoS) attacks are the second most common cybercrime attacks after information theft. The timely detection and prevention of such attacks in cloud projects are therefore vital, especially for eHealth clouds. Chapter 7 presents a new classification system for detecting and preventing DDoS TCP flood attacks (CS_DDoS) for public clouds, particularly in an eHealth cloud environment. The proposed CS_DDoS system offers a solution for securing stored records by classifying incoming packets and making a decision based on these classification results. During the detection phase, CS_DDOS identifies and determines whether a packet is normal or from an attacker. During the prevention phase, packets classified as malicious are denied access to the cloud service, and the source IP is blacklisted. The performance of the CS_DDoS system is compared using four different classifiers: a least-squares support vector machine (LS-SVM), naïve Bayes, K-nearest-neighbour, and multilayer perceptron. The results show that CS_DDoS yields the best performance when the LS-SVM classifier is used. This combination can detect DDoS TCP flood attacks with an accuracy of approximately 97% and a Kappa coefficient of 0.89 when under attack from a single source, and 94% accuracy and a Kappa coefficient of 0.9 when under attack from multiple attackers. These results are then discussed in terms of the accuracy and time complexity, and are validated using a k-fold cross-validation model. Finally, a method to mitigate DoS attacks in the cloud and reduce excessive energy consumption through managing and limiting certain flows of packets is proposed. Instead of a system shutdown, the proposed method ensures the availability of service. The proposed method manages the incoming packets more effectively by dropping packets from the most frequent requesting sources. This method can process 98.4% of the accepted packets during an attack. Practicality and effectiveness are essential requirements of methods for preserving the privacy and security of data in clouds. The proposed methods successfully secure cloud projects and ensure the availability of services in an efficient way