Secure image encryption scheme using 4D-Hyperchaotic systems based reconfigurable pseudo-random number generator and S-Box

This paper introduces the design of a hardware efficient reconfigurable pseudorandom number generator (PRNG) using two different feedback controllers based four-dimensional (4D) hyperchaotic systems i.e. Hyperchaotic-1 and -2 to provide confidentiality for digital images. The parameter's value of these two hyperchaotic systems is set to be a specific value to get the benefits i.e. all the multiplications (except a few multiplications) are performed using hardwired shifting operations rather than the binary multiplications, which doesn't utilize any hardware resource. The ordinary differential equations (ODEs) of these two systems have been exploited to build a generic architecture that fits in a single architecture. The proposed architecture provides an opportunity to switch between two different 4D hyperchaotic systems depending on the required behavior. To ensure the security strength, that can be also used in the encryption process in which encrypt the input data up to two times successively, each time using a different PRNG configuration. The proposed reconfigurable PRNG has been designed using Verilog HDL, synthesized on the Xilinx tool using the Virtex-5 (XC5VLX50T) and Zynq (XC7Z045) FPGA, its analysis has been done using Matlab tool. It has been found that the proposed architecture of PRNG has the best hardware performance and good statistical properties as it passes all fifteen NIST statistical benchmark tests while it can operate at 79.101-MHz or 1898.424-Mbps and utilize only 0.036 %, 0.23 %, and 1.77 % from the Zynq (XC7Z045) FPGA's slice registers, slice LUTs, and DSP blocks respectively. Utilizing these PRNGs, we design two 16 × 16 substitution boxes (S-boxes). The proposed S-boxes fulfill the following criteria: Bijective, Balanced, Non-linearity, Dynamic Distance, Strict Avalanche Criterion (SAC) and BIC non-linearity criterion. To demonstrate these PRNGs and S-boxes, a new three different scheme of image encryption algorithms have been developed: a) Encryption using S-box-1, b) Encryption using S-box-2 and, c) Two times encryption using S-box-1 and S-box-2. To demonstrate that the proposed cryptosystem is highly secure, we perform the security analysis (in terms of the correlation coefficient, key space, NPCR, UACI, information entropy and image encryption quantitatively in terms of (MSE, PSNR and SSIM)).     

Low area field-programmable gate array implementation of PRESENT image encryption with key rotation and substitution

Lightweight ciphers are increasingly employed in cryptography because of the high demand for secure data transmission in wireless sensor network, embedded devices, and Internet of Things. The PRESENT algorithm as an ultra-lightweight block cipher provides better solution for secure hardware cryptography with low power consumption and minimum resource. This study generates the key using key rotation and substitution method, which contains key rotation, key switching, and binary-coded decimal-based key generation used in image encryption. The key rotation and substitution-based PRESENT architecture is proposed to increase security level for data stream and randomness in cipher through providing high resistance to attacks. Lookup table is used to design the key scheduling module, thus reducing the area of architecture. Field-programmable gate array (FPGA) performances are evaluated for the proposed and conventional methods. In Virtex 6 device, the proposed key rotation and substitution PRESENT architecture occupied 72 lookup tables, 65 flip flops, and 35 slices which are comparably less to the existing architecture.     

一种标准模型下无证书签名方案的安全性分析与改进

无证书签名具有基于身份密码体制和传统公钥密码体制的优点，可解决复杂的公钥证书管理和密钥托管问题.Wu和Jing提出了一种强不可伪造的无证书签名方案，其安全性不依赖于理想的随机预言机.针对该方案的安全性，提出了两类伪造攻击.分析结果表明，该方案无法实现强不可伪造性，并在"malicious-but-passive"的密钥生成中心攻击下也是不安全的.为了提升该方案的安全性，设计了一个改进的无证书签名方案.在标准模型中证明了改进的方案对于适应性选择消息攻击是强不可伪造的，还能抵抗恶意的密钥生成中心攻击.此外，改进的方案具有较低的计算开销和较短的私钥长度，可应用于区块链、车联网、无线体域网等领域.     

一种二线制无极性数字称重传感器

现有的数字传感器至少由2根数据线和2根电源线共4根线组成,每根线均有明确的分工和极性,不能接错和短路,否则易损坏设备,需专业人员才能安装和维护;数据传输加密方式有限,易破解。利用本公司研发的"智能终端整机供电用二线制数据/电源共线传输装置及方法",将数字传感器的连线减至2根,且无极性、可短路,简化了系统的连接,提高系统的可靠性,使安装和维护变得极为简便。数据传输采用特殊的加密方式,极难破解。     

Non-chaotic and chaotic propagation of stationary and dynamic images through MVKS turbulence

Anisoplanatic electromagnetic (EM) propagation across a turbulent atmosphere has been recently examined for an unmodulated carrier propagating over an image-bearing transparency through optical lensing, and for the embedded information inside a carrier recovered using heterodyning and digital demodulation. Carrier modulation yielded better recovery than simple lens-based imaging. A possible mitigation strategy is proposed whereby the image information is encrypted on an RF chaotic carrier, thereafter secondarily embedded onto an optical carrier. Results based on the modified von Karman (MVKS) and the Hufnagel-Valley (H-V) models showed that the signal/image recovery under turbulence is improved compared with non-chaotic propagation. The case of time-varying/dynamic images is also taken up; it is demonstrated via cross-correlation products that turbulence is mitigated by the use of chaotic carrier encryption. Overall, transmission via chaos offers mitigation against distortions due to turbulence along with the security feature inherent via the chaos keys which prevent signal recovery without key-matching.     

A time-aware searchable encryption scheme for EHRs

Despite the benefits of EHRs (Electronic Health Records), there is a growing concern over the risks of privacy exposure associated with the technologies of EHR storing and transmission. To deal with this problem, a time-aware searchable encryption with designated server is proposed in this paper. It is based on Boneh's public key encryption with keyword search and Rivest's timed-release cryptology. Our construction has three features: the user cannot issue a keyword search query successfully unless the search falls into the specific time range; only the authorized user can generate a valid trapdoor; only the designated server can execute the search. Applying our scheme in a multi-user environment, the number of the keyword ciphertexts would not increase linearly with the number of the authorized users. The security and performance analysis shows that our proposed scheme is securer and more efficient than the existing similar schemes.     

Heterogeneous Memristive Models Design and Its Application in Information Security

Based on the three-dimensional classic Chua circuit, a nonlinear circuit containing two flux-control memristors is designed. Due to the difference in the design of the characteristic equation of the two magnetron memristors, their position form a symmetrical structure with respect to the capacitor. The existence of chaotic properties is proved by analyzing the stability of the system, including Lyapunov exponent, equilibrium point, eigenvalue, Poincare map, power spectrum, bifurcation diagram et al. Theoretical analysis and numerical calculation show that this heterogeneous memristive model is a hyperchaotic five-dimensional nonlinear dynamical system and has a strong chaotic behavior. Then, the memristive system is applied to digital image and speech signal processing. The analysis of the key space, sensitivity of key parameters, and statistical character of encrypted scheme imply that this model can applied widely in multimedia information security.     

结合公钥加密和关键字可搜索加密的加密方案

带关键字搜索的公钥加密(PEKS)是一种有用的加密原语，它允许用户将在加密数据上搜索的功能委托给不可信的第三方服务器，而不影响原始数据的安全性和隐私性。但是，由于缺乏对于数据的加密以及解密能力，PEKS方案不能单独进行使用，必须与标准的公钥加密方案(PKE)相结合。因此，Baek等人在2006年引入了一种新的加密原语，称为结合PKE和PEKS的加密方案(PKE+PEKS)，它同时提供了PKE和PEKS的功能。目前，已有文献提出了几种PKE+PEKS方案。然而，他们都没有考虑关键字猜测攻击的问题。本文提出一个新的高效且能够抵抗关键字猜测攻击的PKE+PEKS方案，与已有方案相比，该方案在性能上有很大的提升，并且在生成关键字和数据密文时，不需要使用双线性对，极大地降低了计算和存储成本。安全性分析表明，本文中所提出的方案能够满足密文隐私安全性、陷门不可区分性和抗关键字猜测攻击的安全性。效率分析表明，本分提出的方案更加高效。     

高效可撤销的身份基在线离线加密方案

身份基加密（IBE）需要提供一种有效的成员撤销机制，然而，现有可撤销成员的IBE方案存在密钥更新和加密运算量过大的问题，可能使执行该操作的设备成为系统的瓶颈。将完全子树方法和在线离线技术相结合，通过修改指数逆类型IBE的密钥生成和加密算法，提出了一种高效可撤销的身份基在线离线加密方案。方案利用完全子树方法生成更新钥，使得撤销用户无法获得更新钥，进而失去解密能力；利用在线离线技术，将大部分加密运算在离线阶段进行预处理，使得在线阶段仅执行少量简单计算即可生成密文。与相关知名方案相比，该方案不仅提高密钥生成中心的密钥更新的效率，而且极大减少了轻量级设备的在线加密工作量，适合于轻量级设备保护用户隐私信息。     

适用于无线体域网的动态口令认证协议

无线体域网中传输的是与生命高度相关的敏感数据，身份认证是信息安全保护的第一道防线。现有的基于人体生物信息的身份认证方案存在信息难提取、偶然性大和误差性大的问题，基于传统密码学的认证方案需较大计算资源和能量消耗，并不适用于无线体域网环境。为此，在动态口令和非对称加密机制基础上，提出一种适用于无线体域网的动态口令双向认证轻量协议，并对其进行形式化分析。通过理论证明、SVO逻辑推理及SPIN模型检测得出：该协议满足双向认证，且能够抵御重放攻击、伪装攻击、拒绝服务器攻击和口令离线攻击，具有较高安全性。