A novel selective encryption scheme for H.264/AVC video with improved visual security

As cloud storage becomes more popular, concerns about data leakage have been increasing. Encryption techniques can be used to protect privacy of videos stored in the cloud. However, the recently proposed sketch attack for encrypted H.264/AVC video, which is based on the macroblock bitstream size (MBS), can generate the outline images of both intra-frames and inter-frames from a video encrypted by most existing encryption schemes; thus, the protection of the original video may be considered a failure. In this paper, a novel selective encryption scheme for H.264/AVC video with improved visual security is presented. Two different scrambling strategies that do not destroy the format compatibility are proposed to change the relative positions between macroblocks in intra-frames and inter-frames respectively, which in turn substantially distort the sketched outline images so that they do not disclose meaningful information. Moreover, the sign bits of non-zero DCT coefficients are encrypted to contribute to the visual security of our scheme, and an adaptive encryption key related to the intra prediction mode and the DCT coefficient distribution of each frame is employed to provide further security. The experimental results show that our encryption scheme can achieve a better visual scrambling effect with a small adverse impact on the video file size. Furthermore, the security analysis demonstrates that our scheme can successfully resist the MBS sketch attack compared with other related schemes. The proposed method is also proven secure against some other known attacks.     

基于H.264帧内预测宏块融合置乱技术的安全通信研究

基于I、P、B帧中所有帧内预测宏块与整数离散余弦变换DCT(Discrete Cosine Transform)提出了一种融合加密方案。判断当前宏块的属性是帧内预测宏块,则将其DCT系数分层即宏块系数矩阵做转置变换,获得16个新的4×4子宏块,用混沌系统产生的密钥序列置乱子宏块后再加密子宏块中的系数符号。实验结果表明,这种融合加密方案不仅能有效防止块间相关性攻击和密钥攻击,同时也能满足视频的安全性和传输的实时性要求。     

面向云存储的基于属性加密的多授权中心访问控制方案

已有基于属性加密的访问控制研究多是基于单授权中心来实现,该种方案在授权方不可信或遭受恶意攻击的情况下可能会造成密钥泄露。提出一种基于属性加密的多授权中心访问控制模型PRM-CSAC。基于CP-ABE方法,设计多授权中心的属性加密方案以提高密钥安全性;设计最小化属性分组算法,使用户访问文件时,能够按需分配密钥,减少不必要的属性密钥分配,降低重加密属性数量,提高系统效率;增加读写属性加强加密方对文件的访问控制,使访问控制策略更加完善。安全性分析及仿真实验表明,相比已有方案,PRM-CSAC对用户访问请求的响应时间更短,开销较小,且能够提供很高的安全性。     

Confidentiality of a selectively encrypted H.264 coded video bit-stream

It is an assumption that selective encryption does not strongly protect confidentiality owing to the partial visibility of some video data. This is because, though encryption keys may be difficult to derive, an enhanced version of selectively encrypted video sequence might be found from knowledge of the unencrypted parts of the sequence. An efficient selective encryption method for syntax elements of H.264 encoded video was recently proposed at the entropy coding stage of an H.264 encoder. Using this recent scheme as an example, the purpose of this paper is a comprehensive cryptanalysis of selectively encrypted H.264 bit-streams to contradict the previous assumption that selective encryption is vulnerable. The novel cryptanalysis methods presented in this paper analyze the ability of an attacker to improve the quality of the encrypted video stream to make it watchable. The conclusion is drawn that if the syntax elements for selective encryption are chosen using statistical and structural characteristics of the video, then the selective encryption method is secure. The cryptanalysis is performed by taking into account the probability distribution of syntax elements within the video sequence, the relationship of syntax elements with linear regression analysis and the probability of successfully attacking them in order to enhance the visual quality. The results demonstrate the preservation of distorted video quality even after considering many possible attacks on: the whole video sequence; each video frame; and on small video segments known as slices.     

DWB-AES:基于AES的动态白盒实现方法

物联网设备因资源受限,需要兼具安全性、灵活性的轻量级密码模块保障安全,白盒密码能够满足物联网设备的安全需求.在常见的白盒密码实现方法中,往往密钥和查找表是绑定的,因此每次更换密钥都需要重新生成并更换查找表,这在实际应用中不够灵活.为了解决该问题,提出了一种基于AES的动态白盒实现方法,即DWB-AES.该方法通过改变轮...     

基于离散分数随机变换的双彩色图像加密算法

该文基于离散分数随机变换和线性同余理论,提出一种单通道双彩色图像加密算法。输入的两幅RGB图像转换成相应的索引图像格式,其中一幅2维索引图像被编码为振幅部分,另一幅则被编码为空域相位掩模。分数域相位掩模由线性同余发生器 (LCG) 生成,并将彩色映射矩阵嵌入其中。引入光学幅相调制技术,在不增加光学元件的基础上实现了双彩色图像加密。离散分数随机变换的分数阶和线性同余函数的4个参数作为密钥提高了算法的安全性,对应所有密钥计算了输入图像和解密图像的均方误差。针对唯密文攻击,噪声叠加和抗裁剪性能分别进行了数值模拟,验证了该算法的可行性和有效性。     

一种安全的数字视频水印算法

水印技术已成为国际上的研究热点,视频水印大量应用于版权保护、隐含标识、信息认证和隐蔽通信等。文中主要研究一种安全的数字视频水印系统,该系统基于一种视频帧的水印算法,使用二值图像作为水印信息,采用每帧索引的方法,能够很好地抵抗针对视频水印的攻击。此外,该系统使用NTRU加密,既能利用公钥来检测视频是否是正版产品,又能在遭受公钥攻击后,使用私钥进行版权认证。     

基于矢量分解和相位剪切的非对称光学图像加密

结合矢量分解和相位剪切提出一种新的非对称光学图像加密算法,明文经过4个密钥加密得到分布均匀的密文和3个解密密钥。解密密钥在加密过程中产生,不同于加密密钥,实现了非对称加密,增加了系统的安全性。在矢量分解过程中产生的解密密钥与明文关联强,比现有光学非对称加密算法中明文对密文和解密密钥更为敏感,抵御选择明文攻击能力更强,同时也提高了解密密钥的敏感性。相位剪切的引入扩大了密钥空间,增强算法安全性,产生实数密文更便于传输。实验分析表明:该算法密文分布均匀、相邻像素相关性低,解密密钥、明文对解密密钥和密文敏感性高,抵御各种攻击能力强,有更好光学图像加密效果。     

Privacy‐Preserving H.264 Video Encryption Scheme

As a growing number of individuals are exposed to surveillance cameras, the need to prevent captured videos from being used inappropriately has increased. Privacy‐related information can be protected through video encryption during transmission or storage, and several algorithms have been proposed for such purposes. However, the simple way of evaluating the security by counting the number of brute‐force trials is not proper for measuring the security of video encryption algorithms, considering that attackers can devise specially crafted attacks for specific purposes by exploiting the characteristics of the target video codec. In this paper, we introduce a new attack for recovering contour information from encrypted H.264 video. The attack can thus be used to extract face outlines for the purpose of personal identification. We analyze the security of previous video encryption schemes against the proposed attack and show that the security of these schemes is lower than expected in terms of privacy protection. To enhance security, an advanced block shuffling method is proposed, an analysis of which shows that it is more secure than the previous method and can be an improvement against the proposed attack.     

基于矢量分解和相位截取Gyrator变换的图像加密

为了提高光学图像加密系统的安全性,采用了矢量分解和相位截取Gyrator变换进行图像加密。原始图像和随机相位函数叠加后做Gyrator变换,矢量分解将Gyrator变换域信息分解为一个随机相位函数和一个复函数。随机相位函数和复函数分别做不同变换角度的Gyrator变换后截取相位得到一个公钥和加密图像,截取振幅得到两个非对称相位密钥。进行了理论分析和数值验证,同时,设计了解密光学装置。结果表示:两个非对称相位密钥做为私钥,三个Gyrator变换角度做为额外密钥,这对增强系统的安全性是有帮助的。     

基于雾气模型和选择加密的视频加雾隐藏算法

提出一种基于雾气模型和选择加密来对视频内容进行加雾隐藏的新算法。首先,将原始视频分帧并计算薄雾遮罩;当视频含明显涉密内容时,对涉密内容进行加密,并用浓雾遮罩对其实施隐藏,而对于无明显涉密内容的视频,此环节不作处理;然后,利用薄雾遮罩对视频画面实施隐藏,并针对雾气遮罩进行优化处理;最后,重组视频帧得到加雾视频。对加雾视频做逆运算可以恢复原始视频。实验结果表明,本算法能够对含密视频内容实施有效隐藏,并且能够降低数据量和抵抗去雾攻击。     

投影 C *-体制的缺陷

This paper presents an algebraic method to attack the projected C*^- cryptographic scheme. The attack applies the affine parts of the private keys and the weakness caused by the structures of the private keys to find a large number of linear equations. The attack can recover the private keys efficiently when the parameters are small enough. Meanwhile, the weak keys of the scheme are found and the private keys can be recovered efficiently once the weak keys are used.The paper also proposes a new modification of C*^- cryptographic scheme, which is not only as efficient as original projected C*? scheme, but also resistant to the differential attack and the attack proposed in this paper.     

适用于付费数字电视的视频加密方案

将广义骑士巡游与视频加密相结合,提出了一种新的视频加密方案.将原始视频每8帧划分为一个视频片断,把各个视频片断按照帧平面分解为三维空间的广义棋盘,并提出4种方案,通过骑士的跳动置乱加密视频片断,从而达到视频加密的目的.实验结果表明,该方案加密效果好,加密效率高.而且,加密视频视觉质量可控性强,满足安全性要求,在付费数字电视节目播放等方面上具有广阔的应用前景.     

A Chaotic System Based Image Encryption Scheme with Identical Encryption and Decryption Algorithm

A new symmetric key image encryption scheme based on hyper-chaotic Lorenz system is proposed.The encryption process and the decryption process are identical in the proposed scheme.They both include two diffusion operations,one plaintext-related scrambling operation and three matrix rotating 180 degrees operations.The hyper-chaotic Lorenz system is employed to generate the secret code streams to encrypt the plain image,and to implement the diffusion process with XOR operation.The plaintext-related scrambling is used in this scheme to make different plain images correspond to different secret code streams even when the secret keys are the same,so that the scheme can fight against the chosen/known plaintext attacks.Simulation results show that the proposed scheme has the merits of high encryption speed,large key space,strong key sensitivity,strong plaintext sensitivity,good statistical properties of cipher-text,and etc.,and can be used in practical communications.     

对一个基于身份的多重签密方案的分析和改进

Waters提出了一个标准模型下的基于身份的加密和签名方案,Paterson和Schuldt在此基础上提出了一个基于身份的签名方案.Zhang和Xu在上述两个方案的基础上,提出了一个基于身份的多重签密方案.本文指出Zhang-Xu的方案会受到私钥随机化攻击,并在标准模型下提出了一个改进的基于身份的多重签密方案,其中将解...     

Two-Key Triple Encryption

In this paper we consider multiple encryption schemes built from conventional cryptosystems such as DES. The existing schemes are either vulnerable to variants of meet-in-the-middle attacks, i.e., they do not provide security corresponding to the full key length used or there is no proof that the schemes are as secure as the underlying cipher. We propose a variant of two-key triple encryption with a new method of generating three keys from two. Our scheme is not vulnerable to the meet-in-the-middle attack and, under an appropriate assumption, we can show that our scheme is at least about as hard to break as the underlying block cipher. Received 22 June 1995 and revised 11 October 1996     

基于Logistic映射和超混沌的自适应图像加密算法

为了实现对图像信息的有效保护,提出了一种基于Logistic映射和超混沌系统的图像加密算法.该算法主要思想是利用Logistic映射产生的混沌序列对明文进行像素置乱并结合超混沌以及图像自身的像素分布特征,对不同的像素点进行不同方式的像素灰度变换.仿真实验和安全性分析表明,该算法具有较高的安全性,拥有较大的密钥空间且对密钥具有相对较高的敏感性,同时实现了＂一次一密＂的加密目标,可以有效地抵御穷举攻击、统计攻击以及选择明文攻击等.     

Privacy-preserving attribute-based encryption scheme on ideal lattices

Based on the small key size and high encryption efficiency on ideal lattices,a privacy-preserving attribute-based encryption scheme on ideal lattices was proposed,which could support flexible access policies and privacy protection for the users.In the scheme,a semi-hidden policy was introduced to protect the users’ privacy.Thus,the sensitive values of user’s attributes are hidden to prevent from revealing to any third parties.In addition,the extended Shamir secret-sharing schemes was used to construct the access tree structure which can support “and” “or” and “threshold” operations of attributes with a high flexibility.Besides,the scheme was proved to be secure against chosen plaintext attack under the standard mode.Compared to the existing related schemes,the scheme can yield significant performance benefits,especially the size of system public/secret keys,users’ secret key and ciphertext.It is more effective in the large scale distributed environment.     

对SDPA动态口令方案的攻击及其改进

对SDPA方案进行了详细、系统的分析,找出其弱点并进行了有效攻击.运用公钥加密体制、对称加密算法对原来的动态口令方案进行了改进.改进的方案使用户和服务器之间进行相互认证,建立了多个共享密钥,对改进方案的安全性进行了理论分析,证明其性能明显提高.     

An ID-based broadcast encryption scheme for key distribution

A broadcast encryption scheme enables a center to distribute keys and/or broadcast a message in a secure way over an insecure channel to an arbitrary subset of privileged recipients. In this paper, an ID-based broadcast encryption scheme is proposed, by which a center can distribute keys over a network, so that each member of a privileged subset of users can compute a specified key. Then a conventional private-key cryptosystem, such as DES, can be used to encrypt the subsequent broadcast with the distributed key. Because a key distribution can be done in an encrypted broadcast without any key pre-distribution, re-keying protocols for group membership operations can be simplified, a center can use the ID-based broadcast encryption scheme again to distribute a new and random session key. The ID-based broadcast encryption scheme from bilinear pairings is based on a variant of the Boneh-Franklin identity based encryption scheme.