Security enhancement for AES encrypted speech in communications

This paper introduces a secure speech communication approach, which is based on encryption and authentication. This system is based on Advanced Encryption Standard (AES) for encryption and private image database for enhancement of encryption and for authentication. The idea of this cryptosystem is based on XOR of one image from image database with the clear speech before encryption and embedding the index number of this image in the database as a least significant bit watermark into speech. A comparison study is held between the AES block cipher algorithm and the proposed algorithm. This proposed cryptosystem used to enhance the security of AES algorithm and increase its immunity to brute force attacks. It used also to provide authentication and enhance security by addition of extra key which don’t need to be exchanged between parts depending on the embedded image. The extra proposed step remove residual intelligibility from clear speech and fill the silent periods within speech conversation and help in destroy format and pitch information. Security analyses are presented for the proposed cryptosystem from a strict cryptographic viewpoint. Experimental results verify and prove that the proposed cryptosystem is highly secure from the cryptographic viewpoint.     

Mathematical analysis and simulation of multiple keys and S-Boxes in a multinode network for secure transmission

The requirement of data security is an important parameter for all organizations for their survival in the world. Cryptography is the best method to avoid unauthorized access to data. It involves an encryption algorithm and the keys that are being used by the users. Multiple keys provide a more secure cryptographic model with a minimum number of overheads. There are various factors that affect the security pattern such as the number of keys and their length, encryption algorithm, latency, key shifting time, and users. In this paper, a new approach is proposed for generating keys from the available data. The analysis of various times, such as encryption, decryption, key setup, processing, and key shifting times, has been done. The model takes minimum time to replace the faulty keys with the fresh keys. In this paper, we consider all the above-mentioned factors and suggest an optimized way of using them.     

Speech encryption using hybrid-hyper chaotic system and binary masking technique

In this paper, a novel speech encryption algorithm based on hybrid-hyper chaotic system has presented. Instead of using normal chaotic system a hybrid-hyper chaotic system has used for improving the security level of speech communication models. Hyper-chaotic system is highly complex and dynamic system than normal chaotic system where it has more than one positive Lyapunov exponents. Hybrid chaotic system has designed by a disturbed discrete system by another one discrete system. In this algorithm, the input speech signal has compressed by Discrete Cosine Transform (DCT) to reduce the residual intelligibility. The compressed speech signal has permuted by hybrid chaotic system, which has designed using Zaslavsky and Zigzag maps. For substitution process, a reference speech signal has generated by Hidden Markov Model (HMM) speech synthesizer and permuted by using hyper-chaotic system. Masking of encryption signal has done by a masking sequence, which has obtained from the hyper-chaotic system. Our proposed work provides high security for the audio and speech signal over an insecure public network than other traditional speech encryption algorithms based on normal chaotic systems. The betterment of proposed algorithm is proven using the following metrics: key space analysis, key sensitivity analysis, information entropy measure, correlation coefficient analysis, Signal to Noise Ratio (SNR) analysis, subjective evaluation of speech quality, Perceptual Evaluation of Speech Quality (PESQ) analysis, NSCR (Number of Samples Changing Rate) and UACI (Unified Averaged Changed Intensity) analysis have carried out from cryptographic point of view and presented in this paper. The results proof that the proposed speech encryption algorithm ensures appreciable security system with robust encryption and decryption quality.

     

可重构加密处理器控制模块的设计方法

可重构加密处理器是采用可重构体系结构设计而成的,用于对数据进行加/解密处理的集成电路芯片,它能够灵活、快速地实现多种不同的密码算法。可重构加密处理器由控制模块和加密/解密处理模块两大部分组成,其中,控制模块用于控制加密/解密程序的装载、存储和执行,加密/解密处理模块用于在控制模块的驱动下对数据进行加密/解密处理。文章提出了可重构加密处理器的控制模块的设计方法。     

基于云计算模型的分数阶超混沌加密算法

针对大数据安全以及混沌加密安全性等问题,提出了一种基于云计算模型的分数阶超混沌系统的加密算法。首先选取了两个分数阶超混沌系统的初始值作为密钥参数,基于分数阶混沌生成用于加密的伪随机序列,进而提出了一个结合云计算MapReduce并行数据处理模型的加密算法。在MapReduce并行加密方面,依次进行分块、Map并行加密和Reduce数据归并等操作。为了抵御明文类的密码攻击,算法中采用与明文特征关联的混沌序列生成方法。最后,在云计算实验环境中的实验结果表明,该算法的密钥空间达到372 bit,能够有效抵御明文类的密码攻击,具有密钥高度敏感的特性。同时,实验结果验证了云计算MapReduce并行加密的有效性。     

基于SM9的公钥可搜索加密方案

云存储技术因其使用便捷、性价比高等优势得以迅速发展,越来越多用户将个人数据外包至第三方云服务器存储。虽然数据加密存储可有效保护数据安全和用户隐私,但传统的对称/非对称加密技术会影响数据检索和使用。可搜索加密是一种特殊的加密技术,一经提出便备受关注,在保障数据机密性的同时可提供数据检索功能。目前,国内外学者提出了大量可搜索加密方案,但现有方案都基于国外密码算法设计,尚未见基于国产商用密码算法的可搜索加密方案在国内外刊物上公开发表,不符合我国密码核心技术自主可控的要求。为了丰富国产商用密码算法在可搜索加密方面的研究,满足云存储领域的数据安全检索需求,本文以SM9标识加密算法为基础,构造了一种公钥可搜索加密方案(SM9-PEKS)。在q-ABDHE安全假设和随机谕言模型下,本文首先证明SM9标识加密算法的匿名性,进而证明SM9-PEKS方案的安全性。理论分析和编程实现结果表明,与常用经典的公钥可搜索加密方案相比,本文方案在增加64字节通信代价的情况下,可至少降低31.31%的计算开销。最后,提出了未来可能的研究方向。     

基于虚拟磁盘的文件加密方法

文件加密存储是保证机密数据不被窃取或篡改的有效方法。介绍了一种基于虚拟磁盘的文件加密方法,其思想是利用Windows WDM设备驱动程序技术,创建虚拟磁盘分区,在响应虚拟磁盘的I／O请求的过程中,进行实时的数据加／解密,并采用USB智能卡进行用户身份认证及密钥管理,从而保证存储在虚拟磁盘中的文件的安全性。实验证明,该方法是一种安全、高效、易用的文件加密存储解决方案。     

Hyper-chaotic Feeded GA (HFGA): a reversible optimization technique for robust and sensitive image encryption

In recent years, due to their straightforward structure and efficiency, the chaos-based cryptographic algorithms have become a good candidate for image encryption. However, they still suffer from many weaknesses, such as insensitivity to the plain image, weak key streams, small key space, non-resistance to some attacks and failure to meet some security criteria. For this purpose in this paper, a novel hybrid image encryption algorithm named Hyper-chaotic Feeded GA (HFGA) is proposed to fill the gaps in two stages; initial encryption by using a hyper-chaotic system, and then outputs reinforcement by employing a customized Genetic Algorithm (GA). By applying an innovative technique, called gene-labelling, the proposed algorithm not only optimizes the preliminary encrypted images in terms of security criteria but also allows the legal receiver to easily and securely decrypt the optimized cipher image. In fact, in the first stage, besides unpredictable random sequences generated by a hyper-chaotic system, a new sensitive diffusion function is proposed which makes the algorithm resistant to differential attacks. In the second stage, the generated cipher images, which are labeled in a special way, will be used as the initial population of a GA which enhances randomness of the cipher images. The results of several experiments and statistical analysis show that the proposed image encryption scheme provides an efficient and secure way for fast image encrypting as well as providing robustness against some well-known statistical attacks.     

Further improvement of an identity-based signcryption scheme in the standard model

Signcryption is a cryptographic primitive that fulfills both the functions of digital signature and public key encryption simultaneously, at a cost significantly lower than that required by the traditional signature-then-encryption approach. In 2009, Yu et al. proposed an identity-based signcryption scheme in the standard model. In 2010, Jin et al. pointed out that Yu et al.’s scheme cannot achieve the semantic security and proposed an improved identity-based signcryption scheme. They proved that the improved scheme is semantically secure in the standard model. Recently, Li et al. showed that the Jin-et al.’s scheme cannot achieve the semantic security and existential unforgeability. To remedy the weaknesses of the Jin-et al.’s scheme, we give a further improvement in this paper. Our scheme satisfies semantic security and existential unforgeability.     

Tokenization and Other Methods of Security for Cardholder Data

ABSTRACT

This paper compares the relative security strengths and practical use of tokenization with other cardholder data protection methods including truncation, masking, encryption, hash, and keyed hash. The usefulness of each method is described, and the subtle security weaknesses of combining methods are explored. Further, the inherent complexities of using cryptographic methods with sound key management practices are also presented.     

结合公钥加密和关键字可搜索加密的加密方案

带关键字搜索的公钥加密(PEKS)是一种有用的加密原语，它允许用户将在加密数据上搜索的功能委托给不可信的第三方服务器，而不影响原始数据的安全性和隐私性。但是，由于缺乏对于数据的加密以及解密能力，PEKS方案不能单独进行使用，必须与标准的公钥加密方案(PKE)相结合。因此，Baek等人在2006年引入了一种新的加密原语，称为结合PKE和PEKS的加密方案(PKE+PEKS)，它同时提供了PKE和PEKS的功能。目前，已有文献提出了几种PKE+PEKS方案。然而，他们都没有考虑关键字猜测攻击的问题。本文提出一个新的高效且能够抵抗关键字猜测攻击的PKE+PEKS方案，与已有方案相比，该方案在性能上有很大的提升，并且在生成关键字和数据密文时，不需要使用双线性对，极大地降低了计算和存储成本。安全性分析表明，本文中所提出的方案能够满足密文隐私安全性、陷门不可区分性和抗关键字猜测攻击的安全性。效率分析表明，本分提出的方案更加高效。     

Deciding the Security of Protocols with Commuting Public Key Encryption

Many cryptographic protocols and attacks on these protocols make use of the fact that the order in which encryption is performed does not affect the result of the encryption, i.e., encryption is commutative. However, most models for the automatic analysis of cryptographic protocols can not handle such encryption functions since in these models the message space is considered a free term algebra. In this paper, we present an NP decision procedure for the insecurity of protocols that employ RSA encryption, which is one of the most important instances of commuting public key encryption.     

Aleakage-resilient certificateless public key encryption scheme with CCA2 security

In recent years, much attention has been focused on designing provably secure cryptographic primitives in the presence of key leakage. Many constructions of leakage-resilient cryptographic primitives have been proposed. However, for any polynomial time adversary, most existing leakage-resilient cryptographic primitives cannot ensure that their outputs are random, and any polynomial time adversary can obtain a certain amount of leakage on the secret key from the corresponding output of a cryptographic primitive. In this study, to achieve better performance, a new construction of a chosen ciphertext attack 2 (CCA2) secure, leakage-resilient, and certificateless public-key encryption scheme is proposed, whose security is proved based on the hardness of the classic decisional Diffie-Hellman assumption. According to our analysis, our method can tolerate leakage attacks on the private key. This method also achieves better performance because polynomial time adversaries cannot achieve leakage on the private key from the corresponding ciphertext, and a key leakage ratio of 1/2 can be achieved. Because of these good features, our method may be significant in practical applications.     

可重构密码协处理器指令系统的设计方法

可重构密码协处理器是采用可重构体系结构的思想和方法设计而成的,用于对数据进行加/解密处理的集成电路芯片,它能够灵活、快速地实现多种不同的密码算法。文章提出了可重构密码协处理器的指令系统的设计方法,并评估了按照该方法所设计的指令系统的特性。     

混合加密型勒索软件密文还原方法研究

以混合加密型勒索软件为研究对象,将设置诱饵文件和文件操作监控方法相结合,获取勒索软件文件加密过程中采用的加密密钥、加密算法、密文起始字段和密文长度等相关信息,并提出了被加密文件的还原方法。针对8个流行的勒索软件家族进行密文还原测试,测试结果表明了提出的还原方法的有效性。该密文还原方法适用于混合加密勒索软件密文还原,是现行勒索软件防御策略的有效补充。     

基于RSA的多重签密方案

指出原有多重签密方案存在的缺陷,并提出一种新的基于RSA的多重签密方案。本方案以RSA密码体制为基础,借鉴了原有多重签密方案的结构特点。改善了原有多重签密方案的缺陷,在安全性上实现了消息保密性、不可伪造性、不可否认等特性,同时考虑了原始消息的安全发送问题。在同等安全下,本方案比传统的先签名再加密方式,在执行效率和执行灵活性方面具有更多优势。基于RSA密码体制的广泛应用,方案简洁且易于建立,适合在电子政务和电子商务环境下为消息的安全传递提供认证加密保护。     

Side-Channel Analysis for the Authentication Protocols of CDMA Cellular Networks

Time-division multiple access (TDMA) and code-division multiple access (CDMA) are two technologies used in digital cellular networks. The authentication protocols of TDMA networks have been proven to be vulnerable to side-channel analysis (SCA), giving rise to a series of powerful SCA-based attacks against unprotected subscriber identity module (SIM) cards. CDMA networks have two authentication protocols, cellular authentication and voice encryption (CAVE) based authentication protocol and authentication and key agreement (AKA) based authentication protocol, which are used in different phases of the networks. However, there has been no SCA attack for these two protocols so far. In this paper, in order to figure out if the authentication protocols of CDMA networks are sufficiently secure against SCA, we investigate the two existing protocols and their cryptographic algorithms. We find the side-channel weaknesses of the two protocols when they are implemented on embedded systems. Based on these weaknesses, we propose specific attack strategies to recover their authentication keys for the two protocols, respectively. We verify our strategies on an 8-bit microcontroller and a real-world SIM card, showing that the authentication keys can be fully recovered within a few minutes with a limited number of power measurements. The successful experiments demonstrate the correctness and the effectiveness of our proposed strategies and prove that the unprotected implementations of the authentication protocols of CDMA networks cannot resist SCA.     

Cryptanalysis and improvement of an image encryption algorithm based on hyper-chaotic system and dynamic S-box

Recently, an image encryption algorithm based on hyper-chaotic system and dynamic S-box has been proposed by Liu et al. The main idea of the encryption algorithm is utilizing key-streams generated by hyper-chaotic system to permute and substitute plain-image pixels. In this paper, we analyze the potential security problems of the encryption algorithm in detail and propose a chosen-plaintext attack to break the encryption algorithm. The proposed chosen-plaintext attack indicates that the encryption scheme is insecure and not suitable for image secure communication. Based on the result of cryptanalysis, an improved algorithm is proposed to eliminate the potential security problem in Liu’s algorithm. Experimental results show that improved algorithm not only inherits the merits of the original scheme, but also has better cryptographic performances in statistical characteristics, plaintext sensitivity and key sensitivity.     

Embedded image coding using laplace transform for Turkish letters

In this paper, a different cryptographic method is introduced by using a Power series transform. A new algorithm for cryptography is produced. The extended Laplace transform of the exponential function is used to encode an explicit text. The key is generated by applying the modular arithmetic rules to the coefficients obtained in the transformation. Here, ASCII codes used to hide the mathematically generated keys to strengthen the encryption. Text steganography is used to make it difficult to break the password. The made encryption is reinforced by image steganography. To hide the presence of the cipher text, it is embedded in another open text with a stenography method. Later, this text is buried in an image. For decryption, it is seen that the inverse of the Power series transform can be used for decryption easily. Experimental results are obtained by making a simulation of the proposed method. As a result, it is stated that the proposed method can be used in crypto machines.

     

混沌随机全排列置换加密算法及应用

提出了一种基于混沌的确定性随机全排列生成方法,利用该方法设计了一种高强度的通用置换加密算法。该加密算法可以作为一个通用模块加入到其他密码系统中,以提高密码系统的强度和安全性,并应用到图像和文本数据加密中。实验和测试显示,该算法的置乱效果显著,加解密速度快,是一种良好的通用置乱方法。