A novel Modified Chaotic Simplified Advanced Encryption System (MCS-AES): mixed reality for a secure surgical tele-presence

Mixed Reality (MR) surgery has not been effectively implemented in telemedicine due to strict requirements of security and delay minimization during real-time video transmission. Hence, this paper aims to propose a novel solution for Surgical Telepresence with highly secured and faster real-time video transmission. The proposed system consists of three components: Authentication (Pre-surgery), Data transmission (During-Surgery), and Storage (Post-Surgery). For Authentication, Pass-Matrix technique is used at both ends to provide graphical passwords. During the surgery, a hybrid system is used to provide highly secured and faster real-time video transmission. This system includes a Feistel Encryption System (FES), Modified Scaled Zhongtang Chaotic System (M-SCZS), and Modified Advanced Encryption System (M-AES) algorithm. After Surgery, the transmitted data are stored using the Information Accountability Framework (IAF) for future purposes. The results are obtained from the during-surgery stage for jaw, breast, and bowel surgery. Both solutions are simulated in MATLAB on a personal computer with average processing capability. The proposed solution improves the entropy from 7.733~7.782 to 7.798–7.996 and reduces the processing time from 8.642~9.911 s/frames to 5.071~6.563 s/frames. The proposed focus on reducing the total processing time for the encryption and decryption process with improving security during the surgery process. Finally, this solution provides a fast security system for surgical telepresence that helps both local and remote surgeons for secure real-time communication. The complexity for this work need to know the used chaotic method, the values of the chaotic parameters and for which this method was used, in addition to the complexity of state of the art.

     

RC4流密码算法的分析与改进

RC4流密码算法易受弱密钥攻击、区分攻击和错误引入攻击。针对上述攻击,提出了一种基于随机置换的改进算法,该算法采用动态的状态表进行非线性运算,扩展状态表中的元素的取值空间,密钥序列的输出由状态表的前一状态和后一状态共同决定,提高了算法的安全性。分析了改进算法的正确性、安全性以及抗攻击性。实验验证了改进算法的密钥流随机性和效率优于RC4算法。     

一种基于区块链的车联网安全认证协议

针对车联网环境下,车辆节点快速移动造成的中心服务器认证效率低、车辆隐私保护差等问题,提出了一种基于区块链的车联网安全认证协议。该协议利用Fabric联盟链存储车辆临时公钥与临时假名,通过调用智能合约,完成车辆身份认证,同时协商出会话密钥,保证通信过程中数据的完整性与机密性;利用假名机制有效避免了车辆在数据传输过程中身份隐私泄露的风险;使用RAFT共识算法高效达成数据共识。经安全性分析与实验结果表明,所提协议具有抵抗多种网络攻击的能力,且计算开销低、区块链存储性能好,能够满足车联网通信的实时要求。     

An Efficient Block Encryption Cipher Based on Chaotic Maps for Secure Multimedia Applications

ABSTRACT

This paper presents an efficient chaotic-based block encryption cipher (CBBEC), which is a symmetric encryption algorithm designed with the potential of increasing security and improving performance. It is a hybrid mixture from chaos theory and cryptography. Its salient features include the use of eight working registers providing capability to handle 256-bits plaintext/ciphertext block sizes, employing a chaotic logistic map in key scheduling to generate session key used in encryption/decryption, the essential heavy use of data-dependent rotations and the inclusion of integer multiplication as an additional primitive operation. The use of multiplication with eight working registers greatly increases the diffusion achieved per round, allowing for greater security, fewer rounds and increased throughput. Comparative performance evaluation of the proposed chaotic-based block encryption cipher CBBEC with Rijndael, RC6 and RC5 is addressed. Experimental results show that the proposed CBBEC is a fast block cipher, showing its great potential in real-time encryption applications.     

FPGA implementation of an enhanced chaotic-KASUMI block cipher

The radio link is a broadcast channel used to transmit data over mobile networks. Because of the sensitivity of this network part, a security mechanism is used to ensure users’ information. For example, the third generation of mobile network security is based on the KASUMI block cipher, which is standardized by the Third Generation Partnership Project (3GPP). This work proposes an optimized and enhanced implementation of the KASUMI block cipher based on a chaotic generator. The purpose is to develop an efficient ciphering algorithm with better performance and good security robustness while preserving the standardization. The proposed design was implemented on several Xilinx Virtex Field Programmable Gate Arrays (FPGA) technologies. The synthesis results and a comparison with previous works prove the performance improvement of the proposed cipher block in terms of throughput, used hardware logic resources, and resistance against most cryptanalysis attacks.     

A secure multi-stage one-round bit-plane permutation operation based chaotic image encryption

Currently, data security is a challenging task in any open source data transmission network. Basically, in most of the networks, images are used, hence security of images is a major challenging task. This paper proposes a combined hyper-chaos and chaos based encryption technique to secure images. In the method, one-round of diffusion and multi-stage bit-plane permutation operations are performed to obtain the better encryption results. The advantages of this scheme are that in one-round encryption operation, the proposed scheme can be realized easily and also confused largely. Apart from that the algorithm is simple as it uses simpler mathematical computations while attaining higher security such as higher key space, higher number of pixel changing rate, higher unified average changing intensity, and better correlation coefficient results. Moreover, hash based keys are used to resist the algorithm against chosen-plaintext and known-plaintext attacks. The security analysis and computer simulations show the good encryption results of the proposed scheme and strong resistivity to the widely used common attacks.

     

A new efficient medical image cipher based on hybrid chaotic map and DNA code

In this paper, we propose a novel medical image encryption algorithm based on a hybrid model of deoxyribonucleic acid (DNA) masking, a Secure Hash Algorithm SHA-2 and a new hybrid chaotic map. Our study uses DNA sequences and operations and the chaotic hybrid map to strengthen the cryptosystem. The significant advantages of this approach consist in improving the information entropy which is the most important feature of randomness, resisting against various typical attacks and getting good experimental results. The theoretical analysis and experimental results show that the algorithm improves the encoding efficiency, enhances the security of the ciphertext, has a large key space and a high key sensitivity, and is able to resist against the statistical and exhaustive attacks.

     

A symmetric image encryption scheme based on hybrid analog-digital chaotic system and parameter selection mechanism

In recent years, various chaos-based image encryption algorithms have been proposed to meet the growing demand for real-time secure image transmission. However, chaotic system that is the core component of chaos-based cryptosystem usually degrades under finite computing precision, causing many security issues. In this paper, a novel cryptosystem with analog-digital hybrid chaotic model is proposed. Firstly, the analog Chen chaotic system and the digital Logistic map are adopted to depict the capability of the hybrid model, in which analog system is used to perturb digital system. Dynamic analyses demonstrate that the hybrid method has better complexity, larger chaotic parameter range and good ability to counteract dynamical degradation. The chaos-based key streams generated by the perturbed Logistic map are more suitable for image encryption. Secondly, a parameter selection mechanism is introduced to increase security. The state variables of Chen chaotic system and cipher image are involved in parameter selection process to dynamically change the parameter of the perturbed Logistic map. The involvement of cipher image makes the key streams relevant to plain image and can resist known/chosen-plaintext attacks. Performance, security and comparison analyses indicate that this cryptosystem has high security, low time complexity, and ability to resist common attacks.

     

改进的广义Feistel结构轻量级分组密码算法

随着复杂环境信息物理系统的更加开放,数据的安全传输问题备受关注.轻量级分组密码算法是保证信息物理系统数据安全传输的重要方法之一,但其仍存在软件实现速率低、硬件实现复杂和灵活性缺乏等问题.针对上述问题,提出了一种基于四分支的广义Feistel结构的高性能轻量级分组密码算法.相较于传统的广义Feistel结构算法,该算法进行了以下优化:1)采用由模加、循环位移和异或3种操作组合成的ARX （modular addition, rotation and XOR）结构替换传统广义Feistel结构中的S盒（非线性替换层）和P盒（线性置换层）,简化了算法的轮函数结构; 2)增加非对称双子密钥以处理每轮加密的明文中间状态,使得中间状态不存在未处理的分支,提高了算法的安全性; 3)设计了可扩展的轮常数加模块,提高了算法的灵活性; 4)分支中增加混淆扩散结构f_x,加快了算法的混淆和扩散速度;5)灵活设计了6个版本的轻量级分组密码算法,以适应不同位数的CPU平台.实验和分析表明,该算法实现效率高,具有良好的混淆和扩散能力,以及较高的安全性.     

ORSCA-GPU: one round stream cipher algorithm for GPU implementation

Data confidentiality is one of the most critical security services. Many encryption algorithms are currently used to provide data confidentiality. That is why there are continuous research efforts on the design and implementation of efficient cipher schemes. For this purpose, different lightweight cipher algorithms have been presented and implemented on GPUs with different optimizations to reach high performance. Some examples of these ciphers are Speck, Simon which both require less latency compared to Advanced Encryption Standard (AES). However, these solutions require a higher number of rounds but with a more simple round function compared to AES. Therefore, in this paper, a new cipher scheme called “ORSCA” is defined which only requires one round with the dynamic key-dependent approach. The proposed cipher is designed according to the GPU characteristics. The proposed one-round stream cipher solution is suitable for the high data rate applications. According to the performance results, it can achieve high data throughput compared to existing ones, with throughput greater than 5 Terabits/s on a Tesla A100 GPU. Thus, this approach can be considered as a promising candidate for real-time applications. Finally, the security level is ensured by using the dynamic cryptographic primitives that can be changed for each new input message (or for a set of messages: sub-session key). Thus, the proposed solution is a promising candidate for high secure GPU cryptographic algorithms.

     

DBST: a lightweight block cipher based on dynamic S-box

IoT devices have been widely used with the advent of 5G. These devices contain a large amount of private data during transmission. It is primely important for ensuring their security. Therefore, we proposed a lightweight block cipher based on dynamic S-box named DBST. It is introduced for devices with limited hardware resources and high throughput requirements. DBST is a 128-bit block cipher supporting 64-bit key, which is based on a new generalized Feistel variant structure. It retains the consistency and significantly boosts the diffusion of the traditional Feistel structure. The SubColumns of round function is implemented by combining bit-slice technology with subkeys. The S-box is dynamically associated with the key. It has been demonstrated that DBST has a good avalanche effect, low hardware area, and high throughput. Our S-box has been proven to have fewer differential features than RECTANGLE S-box. The security analysis of DBST reveals that it can against impossible differential attack, differential attack, linear attack, and other types of attacks.     

一种针对分组密码S盒的组合侧信道攻击方法*

近年来随着半导体工艺的飞速发展和信息安全的重要性不断增强,越来越多的硬件嵌入了密码算法以保证数据安全性。针对嵌入了FPGA密码芯片的设备在运行算法时泄漏的侧信道信息进行了研究,提出一种改进分组密码S盒的组合侧信道攻击方案,该方案由差分功耗攻击、模板攻击、和毛刺攻击构成。通过传统的差分功耗攻击确定S盒运行的时间区间,然后针对目标S盒的输入输出利用一个时钟周期内逻辑门毛刺个数与部分功耗线性相关的方法,采用线性模型匹配算法恢复密钥并减少了基于多元高斯模型匹配的计算量,为今后提高侧信道攻击的效率提供依据。     

Joint block and stream cipher based on a modified skew tent map

Image encryption is very different from that of texts due to the bulk data capacity and the high redundancy of images. Thus, traditional methods are difficult to use for image encryption as their pseudo-random sequences have small space. Chaotic cryptography use chaos theory in specific systems working such as computing algorithms to accomplish dissimilar cryptographic tasks in a cryptosystem with a fast throughput. For higher security, encryption is the approach to guard information and prevent its leakage. In this paper, a hybrid encryption scheme that combines both stream and block ciphering algorithms is proposed in order to achieve the required level of security with the minimum encryption time. This scheme is based on an improved mathematical model to cover the defects in the previous discredited model proposed by Masuda. The proposed chaos-based cryptosystem uses the improved Skew Tent Map (STM) RQ-FSTM as a substitution layer. This map is based on a lookup table to overcome various problems, such as the fixed point, the key space restrictions, and the limitation of mapping between plain text and cipher text. It uses the same map as a generator to change the byte position to achieve the required confusion and diffusion effects. This modification improves the security level of the original STM. The robustness of the proposed cryptosystem is proven by the performance and the security analysis, as well as the high encryption speed. Depending on the results of the security analysis the proposed system has a better dynamic key space than previous ones using STM, a double encryption quality and a better security analysis than others in the literature with speed convenience to real-time applications.

     

A modified PKM environment for the security enhancement of IEEE 802.16e

IEEE 802.16 standard developed Privacy Key Management (PKM) security protocol for WiMAX. However, it still suffers from various attacks such as forgery attack, replay attack, Denial of Service (DoS) attack and eavesdropping attack. To mitigate these attacks, a modified PKM environment has been developed for the security enhancement of IEEE 802.16e. This system integrates multiple techniques like Random Number Generator (RNG), Rivest, Shamir and Adelman (RSA), Diffie–Hellman (DH) algorithm, Data Connection Core (DCC) and Salsa20 stream cipher to improve the end to end security of the WiMAX environment. The random numbers have been used as the inputs to the Diffie–Hellman Public Key Distribution System (DH–PKDS) to provide the public keys and common secret keys to it. The DCC contains RSA triple keys, which prevents the system from different attacks. Employment of RSA and DH algorithm in the proposed system leads to powerful data connection for authentication and enhanced key exchange flow respectively. The presence of TEK 3 way handshake in the TEK exchanges process prevents the system from different attacks. Stream cipher Salsa20 makes the system more secure and faster during data transmission process. The proposed system has been compared with standard WiMAX and existing work with respect to different security attributes. Moreover, the performance of the proposed system has been compared with Mutual Authentication with Dynamic Keys (MAWDK) in terms of key generation time, encryption and decryption time. Finally, the computational cost, total computational time and time complexity of the proposed system has been compared with existing systems.     

A novel image cipher based on mixed transformed logistic maps

In this paper, a novel secure cryptosystem is proposed for direct encryption of color images, based on transformed logistic maps. The proposed cipher provides good confusion and diffusion properties that ensures extremely high security due to the mixing of colors pixels. The encryption scheme makes use of six odd secret keys and chaotic keys for each operation. The operations include initial permutation of all pixels with six odd keys, nonlinear diffusion using first chaotic key, xoring the second chaotic key with resultant values and zig-zag diffusion with third chaotic key. The proposed scheme supports key sizes ranging from 192 to 400 bits. The security and performance of the proposed image encryption technique have been analysed thoroughly using statistical analysis, key sensitivity analysis, differential analysis, key space analysis, entropy analysis and performance analysis. Results of the various types of analyses are showing that the proposed image encryption technique is more secure and fast and hence suitable for the real-time applications.     

PQVPN:抗量子计算攻击的软件VPN设计

随着量子破译算法的不断优化和量子计算机硬件技术的快速发展,目前传统密码算法面临越来越大的安全风险,这使得抗量子计算成为研究热点,目前用传统密码体制构建的VPN,越来越受到量子计算攻击的威胁。为了解决传统VPN中在身份验证和密钥协商环节不能抵抗量子计算攻击的问题,本文基于Microsoft PQCrypto-VPN项目的框架,依赖于OpenSSL的OpenQuantum Safe项目分支,设计了一套抗量子计算攻击的软件VPN系统。对比进入NIST第三轮筛选的后量子数字签名和密钥协商算法,通过综合考量运算性能和安全性能,系统采用后量子签名算法Picnic和密钥协商算法CRYSTALS-KYBER,以实现VPN通信中数据的抗量子计算攻击安全保护。同时,本文对所使用的上述两种后量子算法进行了安全性分析,以阐述本系统的抗量子安全性能,并对系统进行了性能测试。在测试的带宽条件下,VPN连接后最高上传速度可达206 Kb/s,下载速度可达2495 Kb/s,与通过公网直接传输和通过传统OpenVPN传输两种情形下的传输速度相近;在通信延迟方面,相比目前提出的三种后量子VPN系统均有明显降低,在牺牲少量带宽的情况下实现了对数据通信的更高安全保障。     

基于3DES-RC4混合加密的即时通信系统

即时通信系统由于其实时性等特点已经成为一种重要的交流方式, 能够提高工作效率、降低沟通成本, 在企业、学校、政府等组织中扮演的角色越来越重要. 然而即时通信在带来便利的同时, 其固有的一些安全弱点阻碍了它的进一步发展. 为了保证即时通信系统的安全性, 一些先进的安全加密算法用于通信系统来防止攻击和信息泄露. 然而这些算法在加密强度或加密速度等方面都有各自的缺陷, 在理解了这些加密算法的局限性之后, 本文提出了一种旨在利用和组合两种加密算法最佳功能并提供比其中任何一种具有更好的安全性、实时性的替代算法, 即3DES-RC4混合加密算法, 是一种具有256个字节密钥空间的算法, 算法复杂度相较于3DES算法由O(2¹⁶⁸)提高到O(2⁵¹⁰⁰). 基于此算法设计了一款即时通信系统, 针对系统的加密解密功能进行了测试, 分析了提出的算法的性能和强度. 并和3DES算法进行了对比, 证明了本文提出的算法保留了3DES加密强度和RC4伪随机性的特征, 在加密强度和适应性等方面优于构成算法.     

基于增强型检索机制Baptista混沌的物联网加密技术研究*

研究了一种适用于物联网的基于增强型检索机制密码方案的Baptista混沌加密技术。针对物联网对无线射频识别及其数据传输高可靠性和高安全性的要求,在深入分析了基于检索机制的Baptista混沌密码方案的特点及其局限性基础上,建立了一种基于快速收敛、具有自适应调整安全优先级的Baptista混沌加密技术。该技术首先根据基于S盒的混沌掩码技术增强了Baptista混沌密码方案;然后设计了适用于物联网的实时加密系统,并能够根据应用需求预置数据传输安全级别。数学分析表明,该加密技术可以为物联网应用中的智能识别和数据传输提供有效的安全性和实时性。     

Physical-layer security analysis of PSK quantum-noise randomized cipher in optically amplified links

The quantitative security of quantum-noise randomized cipher (QNRC) in optically amplified links is analyzed from the perspective of physical-layer advantage. Establishing the wire-tap channel models for both key and data, we derive the general expressions of secrecy capacities for the key against ciphertext-only attack and known-plaintext attack, and that for the data, which serve as the basic performance metrics. Further, the maximal achievable secrecy rate of the system is proposed, under which secrecy of both the key and data is guaranteed. Based on the same framework, the secrecy capacities of various cases can be assessed and compared. The results indicate perfect secrecy is potentially achievable for data transmission, and an elementary principle of setting proper number of photons and bases is given to ensure the maximal data secrecy capacity. But the key security is asymptotically perfect, which tends to be the main constraint of systemic maximal secrecy rate. Moreover, by adopting cascaded optical amplification, QNRC can realize long-haul transmission with secure rate up to Gb/s, which is orders of magnitude higher than the perfect secrecy rates of other encryption systems.     

Integration of recurrent convolutional neural network and optimal encryption scheme for intrusion detection with secure data storage in the cloud

Data communication security is growing day after day with the proliferation of cloud computing. It is primarily because of the few security constraints and challenges occurring in the cloud environment during data transmission. Existing research has shown that the intrusion detection system (IDS) centered on the cloud is more complicated. In this article, we address the above issues by proposing an attention‐based recurrent convolutional neural network (RCNN). This proposed RCNN is used to detect whether the text data are intrusion or nonintrusion. The nonintrusion text information is then used for further processing and encrypted using a two‐way encryption scheme. We introduce the elliptical curve cryptography (ECC) approach to increase the security‐level performance of nonintrusion data. Moreover, the integration of ECC with the modified flower pollination algorithm (MFP‐ECC) creates the two‐way encryption scheme, and it is used to produce an optimal private key. The encrypted data are then stored in a cloud environment by steganography and the data with the sensitive information are replaced by some other text, thus providing security to the data at rest. The proposed MFP‐ECC approach shows maximum breaking time results and can also withstand different classical attacks when compared with other methods. As a result, the proposed intrusion detection and secure data storage mechanism is highly secured and it is never affected by any kinds of conspiracy attacks.