00 mi piace00 non mi piace

1 visualizzazioni11 paginegf

Oct 15, 2017

© © All Rights Reserved

PDF, TXT o leggi online da Scribd

gf

© All Rights Reserved

1 visualizzazioni

00 mi piace00 non mi piace

gf

© All Rights Reserved

Sei sulla pagina 1di 11

org

Published in IET Image Processing

Received on 12th October 2012

Revised on 29th June 2013

Accepted on 14th July 2013

doi: 10.1049/iet-ipr.2012.0586

ISSN 1751-9659

generator for colour image encryption

Mohamed L. Barakat1, Abhinav S. Mansingka1, Ahmed G. Radwan2, Khaled N. Salama1

1

Department of Electrical Engineering Program, King Abdullah University of Science and Technology (KAUST), Thuwal,

Saudi Arabia

2

Department of Engineering Mathematics, Faculty of Engineering, Cairo University, Giza, Egypt

E-mail: ahmedgom@yahoo.com

Abstract: This study presents hardware realisation of chaos-based stream cipher utilised for image encryption applications. A

third-order chaotic system with signum non-linearity is implemented and a new post processing technique is proposed to

eliminate the bias from the original chaotic sequence. The proposed stream cipher utilises the processed chaotic output to

mask and diffuse input pixels through several stages of XORing and bit permutations. The performance of the cipher is tested

with several input images and compared with previously reported systems showing superior security and higher hardware

efciency. The system is experimentally veried on XilinxVirtex 4 eld programmable gate array (FPGA) achieving small

area utilisation and a throughput of 3.62 Gb/s.

1 Introduction key stream for image encryption. Amin et al. [21] used the

tent map to generate a chaotic key stream to encrypt image

Inherited randomness behaviour and sensitivity to initial bits though a non-linear transformation function. None of

conditions promote chaos-based random number generators the previously mentioned encryption systems have been

(CB-PRNGs) as efcient candidates for cryptographic realised on hardware as they occupy a larger area and

applications [13]. Many CB-PRNGs have been digitally operate on lower throughput rates losing the sole

realised using chaotic maps [4, 5] and recently using the advantages of stream encryption.

numerical solution of differential equations [6, 7]. Digital design To the best knowledge of the authors, this paper presents

provides area efciency, repeatability, portability and the rst hardware realisation of a lightweight chaotic stream

integrability with IC technology [8]. However, digital cipher utilised for coloured image encryption satisfying

CB-PRNGs suffer from serious dynamical degradations because three corner requirements: (i) high throughput, (ii) robust

of quantisation error and nite representation of system states, encryption and (iii) small hardware area. A third-order jerk

including loss of ergodicity and shorter pseudo orbits [9]. chaotic generator with signum non-linearity is utilised as a

Chaos-based image encryption using stream ciphers is a CB-PRNG. The size of the chaotic attractor is controlled

vivid, yet challenging, application of chaos because of the dynamically by the input image increasing the sensitivity of

high correlation between image pixels. Unlike block ciphers the output chaotic stream. This paper further introduces a

[10], stream ciphering [11] operates on smaller data units new post processing technique to overcome the defects in

and satises the high throughput requirement for data CB-PRNGs maintaining the same throughput and with a

transmission applications [12] such as wireless small hardware overhead. A thorough security analysis is

communications. Chaotic stream ciphers utilise CB-PRNGs provided for several images and the results are compared

to generate a key stream necessary for masking and with the previously reported software-based encryption

defusing image pixels. Nevertheless, aws in CB-PRNGs systems showing a superior performance. The hardware

result in weak encryption prone to various cryptanalysis utilisation and the maximum throughput of the proposed

attacks [13]; and therefore are solved by the hybridisation stream cipher is compared with known ciphers such as RC4

of two or more chaotic systems [1417]. The work done by [22], E0 [23], A5/1 [23], SNOW 3G [24] AES [25] and so

Huang [18] reports using Chebyshev function to generate on reecting a higher hardware efciency. The whole

the key stream to mask and permute image pixels in system is implemented on XilinxVirtex 4 FPGA.

addition to two-dimentional Chebyshev function to avoid

known-plaintext and chosen-plaintext attacks. Wang et al.

[19] also used three chaotic maps in his encryption that 2 Chaotic random number generator

alters between block and stream ciphering. Liu and Wanga

[20] utilised a true random number generator to provide the The following set of three rst-order ODEs describe a

seed for a piecewise linear chaotic map which generates a third-order non-autonomous double-scroll chaos generator

doi: 10.1049/iet-ipr.2012.0586 & The Institution of Engineering and Technology 2013

www.ietdl.org

[26, 27] with a single controllable time-varying parameter system as follows

1 F F

X 0 1 0 X 0 Dt = + 1 + 162 , F1 # {0, 1},

4 16 2

Y = 0 0 1 Y + ,0

F2 [ 0, 212 1 , F2 [ N (3a)

Z 1 1 1 Z Dt sgn(X )

1 X 0 Dt = {4 b0010, F1 , F2 , 7 b0} Dt [24 bits]

sgn(X ) = (1)

1 X ,0 = [0010F1 F2 0000000] (3b)

attractor in real-time and has no effect on the qualitative This guarantees that Dt [0.25, 0.375]) at any instance and

system dynamics [26]. The same system with different simultaneously ensures that the attractor stays within the

constants and without controllability was previously bounds of the xed point representation space [ 1, 1),

implemented [28] using the Euler approximation. veried through rigorous numerical simulation. Therefore

constant Dt has an easy representation in binary form to

realise the expression (3a) in terms of F1 (1-bit) and F2

(12-bits), given in (3b) where the rst number 4 in the

2.1 Digital realisation

expression 4b0010 represents the number of bits and b

A step size of h = 22 is used to maximise chaos enhancement implies a binary format followed by the logical bits [0010].

through the incorporation of additional truncation Thus, the expression 7b0 is translated into seven logical

non-linearities [2931] zeros. The LFSR used in F1 is 128-bit length with a

feedback polynomial described in [32].

Xt+h 1 h 0 Xt 0

Yt+h = 0 2.2 Post processing

1 h Yt + 0 (2)

Zt+h h h 1 h Zt hDt sgn(Xt ) Statistical defects in the output bits of chaotic oscillators

cause short-term predictability [33] and thus, reduce the

security in cryptographic applications. To overcome such

The circuit schematic of the numerical solution is shown in

defects, this work proposes a post processing technique in

Fig. 1. A xed point twos complement format is used with

which all the 72-bits of the output are put through delayed

24-bits representing each of {X, Y, Z}, 1-bit allocated to the

feedback after a rotation of 1-bit to the right and XORing

sign and integer part and the remaining 23-bits to the

operation, according to Fig. 2. Since 1 and 72 are relative

fractional part. The constant Dt is a 24-bit added or

primes, this guarantees that every output bit receives

subtracted from X based on whether X is positive or

contributions from every single input bit, thus equalising

negative, respectively, and stored in a temporary register T

the bias and completely suppressing short-term

to reduce the critical path at the Z-register. This implements

predictability. According to a general equation that

the signum non-linearity with the controllable input. From

the diagram in Fig. 1, the total component count for this

chaotic oscillator is three 24-bit adders, two 24-bit

subtractors, one 24-bit adder/subtractor and four 24-bit

registers. Since scalar multiplications reduce to arithmetic

shifts because they are powers of 2, they only rewire the

bits and do not require any hardware. The initial condition

(IC) of the state registers {X, Y, Z} is of width 72-bits and

is provided by the user. The constant that controls the

attractor size Dt is carefully designed to divide the

controllability between the user and the input image adding

extra randomness to the system. The expression of Dt is Fig. 2 Circuit diagram of the full CB-PRNG showing initial

specied in terms of a 1-bit input F1 derived from a linear condition and controllable-size inputs, the post processing circuit

feedback shift register (LFSR) with a seed provided by the and the resulting decomposition into three 24-bit outputs for use

user, and a 12-bit input F2 as a feedback from the cipher in the stream cipher

Fig. 1 Circuit diagram of the fully digital third-order ODE-based non-autonomous double-scroll chaos generator

& The Institution of Engineering and Technology 2013 doi: 10.1049/iet-ipr.2012.0586

www.ietdl.org

Table 1 Experimental results on XC4VSX35-10FF668 FPGA for demonstrates a good correspondence with the analogue

the generator before and after post processing attractor in [26]. A positive maximum Lyapunov exponent

Components Chaotic Chaotic generator with post (MLE) for the output time series indicates the presence of

utilised generator processing chaotic dynamics. Given an arbitrary change in initial

conditions, the MLE approximates the long-term divergence

slices 189 230 in the output by dS(t) elt S(dt), with a positive MLE

slice FF 219 291 conrming the existence of chaos. The software based on

four input LUTs 299 370 [35] enables the calculation of the MLE from a time series

Frequency, MHz 153.4 153.4

of discrete data, giving the result as 0.136. The seed value

of the resulting CB-PRNG is the initial condition of the {X,

Y, Z} registers. In addition, the nal post processed output

illustrates the expectation after XORing of two 34-bits [34] is split into three 24-bit outputs {U, V, W} for utilisation in

colour image encryption, given that a standard RGB image

1 1 1 1 pixel is composed of 24-bits. The phase plots of {U, V, W}

E(A B) 2 E(A) E(B) r (4)

2 2 2 2 are shown in Figs. 3df, in which it is clear that post

processing has suppressed the attractor shape, enabled full

where A and B are the correlated random variables with coverage of the entire available phase space and thus

r denoting correlation between A and B. If A is an ideal eliminated short-term predictability. The performance of the

random variable (E(A) = 0.5) and B is loaded with bias output under the NIST SP. 800-22 test suite is assessed in

(E(B) 0.5), the expression indicates that the XOR further sections after the description of the stream cipher.

operation gives a result with lower bias (E(A B) 0.5)

provided the correlation is low (r 0). Area results of the

chaotic generator before and after post processing are 3 Image encryption system

shown in Table 1. Hardware efciency motivates

implementing the rotation as simple rewiring without any 3.1 Encryption/decryption algorithm

hardware overhead. Synthesis results reect the low

hardware cost of post processing without affecting the Each input colour pixel undergoes several stages of diffusion

frequency of operation. using feedback, pixel confusion and bit permutations.

Assume a consecutive sequence of plain image pixels Pi

2.3 Chaotic response where i denotes the location index. Similarly, let Ci,j denote

a ciphered image pixel in the ith location at the jth

Oscilloscope traces of the attractors (X Y Z-phase plots) of encryption stage. Let Pj denote bit permutation in

the original oscillator are shown in Figs. 3ac which encryption where the bit locations are shufed and let P

j

a XY

b YZ

c XZ original attractors from the digital chaotic oscillator

In addition to

d UV

e UW

f VW phase portraits after post processing the output

Results are drawn on an oscilloscope from a Xilinx Virtex 4 FPGA

doi: 10.1049/iet-ipr.2012.0586 & The Institution of Engineering and Technology 2013

www.ietdl.org

denote the corresponding reverse permutation in decryption. applying cascaded three stages of the permutations results

The encryption algorithm is thus expressed as in a different location from the original colour component

which guarantees inter-colour confusion. The decryption

Pj (Ci, j1 Ui ), j=1 algorithm achieves a reverse operation as follows

Ci, j = Pj (Ci, j1 Vi ), j=2 (5a)

P (C

j i, j1 Wi ), j=3 Pj (Ci, 0 Wi ),

j=1

Ci, j = Pj (Ci, 0 Vi ), j=2 (7a)

Ci, 0 = Pi Ci1, 1 Ci2, 2 (5b)

Pj (Ci, 0 Ui ), j=3

The proposed algorithm consists of three identical stages of

encryption to prevent any information leakage based on the Pi = Ci, 3 Ci1, 1 Ci2, 2 (7b)

values of input pixels. This process is performed on two

levels: (i) masking each colour pixel values using the

0 0 1 0 0 0 0 0 0 1 0 0

processed chaotic outputs, (ii) shufing bits between the 0

colour RGB layers through bit permutations Pj . The stream 0 0 0 1 0

1

0 0 0 0 0

of ciphered pixels from the second stage Ci, 2 is taken as 0 1 0 0 0 0 0 0 1 0 0 0

P1j =

0

, P2j =

feedback to the generator to control attractor size Dt

0 0 0 0 1

0

1 0 0 0 0

dynamically creating a direct relationship between the input

image and the chaos generation. Another stage of 0 0 0 1 0 0 0 0 0 0 0 1

encryption is required to distribute the effect of correlation 1 0 0 0 0 0 0 0 0 0 1 0

between each two neighbouring pixels on the following

0 0 0 0 0 1 0 0 0 1 0 0

consecutive pixel. In addition, pixels constituting this stage 1

Ci1, 1, Ci2, 2 are chosen after applying bit permutations 0 0 0 0 0

0

0 0 0 1 0

P1 , and P2 , respectively. For any random input pixel if one 0 0 0 1 0 0 0 0 1 0 0 0

bit ips, the following pixels experience an avalanche effect Pj =

3

0

, Pj =

4

0 0 0 1 0

0

1 0 0 0 0

[36] with a ipping rate depending on the bit shufing.

Hardware efciency motivates implementation of the static 0 1 0 0 0 0 0 0 0 0 0 1

reversible bit permutations through a simple bit rewiring 0 0 1 0 0 0 1 0 0 0 0 0

which can be re-congured for different designs producing (7c)

completely different outputs. In addition, to reduce the

wiring complexity, permutations are performed on the

nibble level. Each colour component is divided into 4-bits

yielding a total of six parts per pixel and each encryption 3.2 Hardware realisation

stage alternates between four different nibble shufing Cipher and decipher hardware architectures are described in

schemes chaotically. Permutation matrices are described as very-large-scale-integration hardware descriptive language

follows (VHDL) and veried on Xilinx Virtex 4 FPGA. The digital

design consists of pipeline registers, two-input XOR gates,

R1 selection MUXs, in addition to permutation units, shown in

R2

Fig. 4. Each stage contains an MUX selected between four

G1 different permutation schemes randomly through a 2-bit

Ci, j = Pm , j = 1, 2, 3, and m = 1, 2, 3, 4 (6a)

j G2 chaotic signal coming from the chaotic outputs {U, V, W}.

B1 The systems key is 200-bits in width provided by the user

B2 and is divided into 72-bits as IC to the chaotic generator, in

addition to 128-bits as a seed to the LFSR. Table 2

0 0 0 0 0 1 0 1 0 0 0 0 summarises the area results of both architectures, without

0 0 1 0 0 0 0 0 0 1 0 0 accounting for the chaotic generator and the post

processing, achieving frequencies of up to 408 and 440

1 0 0 0 0 0 0 0 1 0 0 0

Pj = MHz for both the cipher and decipher systems, respectively.

, Pj = 1 0 0

1 2

obtained from the oscilloscope after applying an 8-bit

0 1 0 0 0 0 0 0 0 0 0 1

staircase signal in the RED component with zeros in the

0 0 0 1 0 0 0 0 0 0 1 0 remaining bits as an input test image. The input function

Sin(t) is described in the binary form [using the same

0 1 0 0 0 0 0 0 0 0 0 1

0 0 0 0 1 0 0 0 0 1 0 0

notation as in (3b)] as

0 0 0 0 0 1 0 0 1 0 0 0

P3j = 0 0 1 0 0 0 , P 4

=

1 0 0

{24 b0}, 0 t 50

j

0 0 0

{4 b0100, 20 b0}, 51 t 101

0 0 0 1 0 0 0 1 0 0 0 0 Sin (t) = {4 b1000, 20 b0}, 102 t 152 (8)

1 0 0 0 0 0 0 0 0 0 1 0

{4 b1100, 20 b0}, 153 t 203

(6b) {8 b1, 16 b0}, 204 t 255

where m denotes a permutation scheme. Each permutation where t is an 8-bit counter. Unlike the input signal, the FFT of

matrix has a cyclicity index bigger than three and is not the the ciphered signal is uniformly distributed over the whole

inverse of any of the others. Moreover, the net effect of spectrum with characterisitcs similar to white noise.

& The Institution of Engineering and Technology 2013 doi: 10.1049/iet-ipr.2012.0586

www.ietdl.org

a Encryption

b Decryption systems

Decryption implements a reverse functionality of the encryption

Table 2 Experimental results on XC4VSX35-10FF668 FPGA for sequence of permutations at each encryption stage and thus,

the cipher and decipher systems gives a completely different output.

Components utilised Encryption system Decryption system

The chaotic generator utilised has three state registers each

of 24-bit wide. On adding the 128-bit seed of the LFSR, the

slices 164 202 total key space in this system is 2200. Key sensitivity is

slice FF 218 244 visually inspected by examining the wrong decrypted image

four input LUTs 236 249 when altering the systems key as shown in Fig. 7c.

Frequency, MHz 408.5 440.3 Quantitatively, key sensitivity is measured through the

mean-square error (MSE) which assesses the distortion in

the wrong decrypted image compared with the original one

4 Security analysis when the input key to the decryption system is wrong. The

MSE test is described as

The analysis in this section is conducted on a 512 512

coloured Lena.bmp. Experiments are carried out and the

1 M N

2

data are analysed using MATLAB. MSE = P i, j D(i, j) (9)

M N i=1 j=1

where M and N are the width and height of the image,

The initial states of the generators registers (IC) in addition to respectively, P(i, j) is the original plain image pixel and D

the seed of the LFSR are considered the key of this proposed (i, j) is the corresponding deciphered image pixel. The

cipher. Brute-force attack is dened to systematically check higher MSE value reects the bigger difference between the

all possible keys until the correct one is found [37]. Secure two images indicating higher sensitivity to the systems

encryption requires: (i) large key space to make the key. Fig. 6 depicts the MSE values of the wrong deciphered

brute-force attack inefcient, and (ii) sensitivity to the input image with respect to the number of error bits in the

key in which small changes in the deciphers key lead to decryption key. The values shown in the gure imply that

completely wrong decryption. In the proposed stream the system is highly sensitive to even 1-bit error in the

cipher, both the key provided by the user and the input decryption key and remains at the same sensitivity level

image affects the chaotic output values from the generator with additional erroneous bits. It is also shown that the

as discussed earlier and consequently affects the MSE values of the colour components are ordered

permutation selection at each MUX. As a result, changing irrespective to the number of error bits; green MSE is the

the input key or the input image produces different lowest and blue MSE is the highest. This is a direct result

doi: 10.1049/iet-ipr.2012.0586 & The Institution of Engineering and Technology 2013

www.ietdl.org

a Input test image (RED component)

b Staircase input signal

c FFT of the input signal

d Output signal from the cipher

e FFT of the ciphered signal

f Output signal from the decipher

from the feedback F2 which creates a relationship between the 2 test is performed on the RGB histograms to analytically

input image and the chaotic generation as explained earlier. examine the quality of the uniform distribution. The test is

Thus, MSE values change with the input image producing a used to determine whether there is a signicant difference

prole for each colour component differing from one image between the expected number of intensity counts for colour

to another. levels and the observed counts in the ciphered image

assuming a uniform distribution [38] and is described as

4.2 Histogram analysis

L

(Oi Ei )2

Image histogram depicts statistical distribution of colour x2 = (10)

Ei

intensities. Secure ciphered images are characterised by at i=1

histograms for all colours in which the intensities are

evenly distributed over the whole colour scale. Visual where Ei is the expected occurrence of each colour level

inspection of the histograms in Fig. 7 conrms the uniform asserted by the null hypothesis, L is the colour level (256)

distribution of the RGB colour components. Furthermore, a and Oi is the observed count of each colour level [0255].

Fig. 6 MSE values with respect to the number of error bits in the decryption

& The Institution of Engineering and Technology 2013 doi: 10.1049/iet-ipr.2012.0586

www.ietdl.org

a Original image

b Ciphered image

c Wrong deciphered image (1-bit error in the key)

In addition to

df Histograms of the RGB components for the original image and similarly

gi For the ciphered image.

2

With a signicance level of 0.05, it is found that 1 N

1

N

x2test , x2 (255, 0.05) for the three histograms implying that D(x) = x x (11b)

the null hypothesis is not rejected and the histogram N i=1 i N j=1 j

distributions are uniform.

cov(x, y)

r = (11c)

D(x) D(y)

4.3 Pixel correlation analysis

Table 3 Correlation coefficients for the horizontal, vertical and

requires an efcient confusion and diffusion algorithm to diagonal orientations for both original and ciphered images

maintain the correlation as minimally as possible in the

ciphered image. The correlation coefcient between two Axis Original image Ciphered image

adjacent pixels xi and yi can be calculated as [37]

Red Green Blue Red Green Blue

1 N

1

N

1 N horiz. 0.9753 0.9748 0.9532 0.001 0.0005 0.0015

cov(x, y) = x x yi y (11a) vert. 0.9871 0.9872 0.9741 0.0016 0.0022 0.004

N i=1 i N j=1 j N j=1 j diag. 0.9634 0.9630 0.9334 0.004 0.0032 0.003

doi: 10.1049/iet-ipr.2012.0586 & The Institution of Engineering and Technology 2013

www.ietdl.org

ac Original image RGB colours, respectively, and similarly

df Ciphered image RGB

where cov (x, y) is the covariance between the two pixels and where P(Si) is the probability of the symbol Si. A source with

N is the total number of pixels selected from the image for the entropy equal to 8 is considered truly random. Table 4 depicts

calculation. Table 3 summarises the auto correlation the entropy values of the ciphered image compared with the

coefcients for horizontal, vertical and diagonal orientations original ones which imply the high randomness levels

of the original and ciphered image and Fig. 8 shows the achieved by the proposed stream cipher.

visual inspection of the horizontal correlation for RGB

components. Furthermore, to measure how different the

ciphered image is from the original, the cross-correlation 4.5 Differential analysis

coefcients are calculated using the same equations in To prevent revelation of any meaningful statistical

(11ac) by considering each pixel value xi from the original relationships between the input and the output, small

image and its corresponding pixel yi from the ciphered one. changes in the original image should result in signicant

Cross-correlation coefcients are found to be 0.0035, changes in the ciphered image. In general, this property is

0.001 and 0.0002 for the RGB colours, respectively. Low directly controlled by the quality of diffusion and confusion

coefcient values imply robust confusion and diffusion adopted in the system. Quantitatively, the sensitivity of the

algorithm implemented in the system to prevent any encryption algorithm to the input is evaluated through two

information leakage regarding pixel correlations. tests [37]. The rst test is the NPCR, which represents the

number of pixels change rate of the ciphered image while

one pixel of the original image has changed. Assume two

4.4 Entropy analysis ciphered images, C1 and C2, whose corresponding original

images have only one pixel difference, the NPCR value is

The entropy is a measure of the predictability of a random

source. The ciphered image data should appear as random

noise to avoid any information leakage. For a binary source Table 4 Entropy results for original and ciphered images for

S producing 28 symbols of equal probabilities each symbol all the colour components

is 8-bits wide and the entropy of this source is dened as [36]

Entropy Original image Ciphered mage

8

2

green 7.5899 7.9993

Entropy = P(Si ) log2 P(Si ) (12) blue 6.9854 7.9993

i=1

& The Institution of Engineering and Technology 2013 doi: 10.1049/iet-ipr.2012.0586

www.ietdl.org

SAC, %

Table 5 Differential analysis results for all the colour

49.995

49.989

49.987

49.991

49.984

49.989

49.999

49.987

49.969

49.977

49.999

49.993

49.976

49.994

49.978

49.993

49.978

49.971

components

UACI, %

33.417

33.465

33.457

33.479

33.497

33.571

33.573

33.459

33.519

33.401

33.497

33.506

33.488

33.457

33.426

33.438

33.359

33.379

red 99.743 99.4 99.59 33.839 32.837 33.367

green 99.742 99.425 99.592 33.972 32.936 33.406

blue 99.748 99.442 99.589 33.946 32.905 33.447

NPCR, %

99.594

99.596

99.597

99.594

99.592

99.593

99.594

99.592

99.593

99.599

99.594

99.593

99.595

99.589

99.592

99.589

99.591

99.59

expressed as

0, C1 (i, j) = C2 (i, j)

D(i, j) = (13a)

C1 (i, j) = C2 (i, j)

Ciphered

1,

7.9993

7.9993

7.9993

7.9993

7.9995

7.9994

7.9992

7.9992

7.9992

7.9993

7.9994

7.9993

7.9993

7.9993

7.9994

7.9993

7.9993

7.9993

1 M N

Entropy

NPCR = D(i, j) (13b)

M N i=1 j=1

Original

6.9481

6.8845

6.1265

7.7067

7.4744

7.7522

6.7178

6.7990

6.2138

7.3124

7.6429

7.2136

7.3388

7.4963

7.0583

The second test is the UACI which represents the unied

0

0

0

average changing intensity measuring the average intensity

difference of two ciphered images, whose corresponding

original image has only one pixel difference as follows

Table 7 Correlation, entropy and differential analysis results for coloured images obtained from USC-SIPI image database

Cross corr.

0.0034

0.0038

0.0027

0.0037

0.0005

0.0039

0.0001

0.0016

0.0017

N

0.0008

0.0045

0.0008

0.0011

0.0013

0.0018

1 M

C1 (i, j) C2 (i, j)

0

0

0

UACI = 100

M N i=1 j=1 255

(14)

0.0031

0.0005

0.0019

0.0019

0.0016

0.0013

0.0014

0.0039

0.0005

0.002

0.0038

0.0012

0.0002

0.0013

0.0003

0.0013

0.002

0.004

Diag.

Both tests are conducted 500 times with inputs having only

1-bit change randomly in only pixel with an arbitrary

Ciphered image corr.

UACI tests for all the colour components. The results

0.0013

0.0006

0.0021

0.0045

0.0008

0.0036

0.0022

0.0001

0.0004

0.002

reect the effect of using the chained confusion algorithm

0.0027

0.0003

0.0005

0.0008

0.0002

0.0008

0.0002

0.0047

Vert.

input affects the chaotic sequence from the generator

resulting in a completely different output.

0.0007

0.0001

0.0005

0.0032

0.0015

0.0011

0.0007

0.0012

0.0004

0.0007

0.0009

0.0007

0.0014

0.0002

0.0024

0.0015

0.0002

0.0003

Horiz.

The strict avalanche criterion (SAC), rst introduced in [36],

examines the bit level difference between the input and the

0.9894

0.9711

0.9649

0.8543

0.7348

0.8399

0.9343

0.9326

0.9146

0.9420

0.9530

0.9530

0.9564

0.9687

0.9478

Diag.

1

1

1

Table 6 NIST SP. 800-22 tests for the original and processed

Original image corr.

0.9951

0.9871

0.9789

0.8660

0.7650

0.8809

0.9568

0.9678

0.9353

0.9541

0.9663

0.9694

0.9663

0.9818

0.9664

Vert.

1

1

1

PV PP PV PP PV PP

0.9936

0.9812

0.9826

0.9231

0.8655

0.9073

0.9726

0.9578

0.9640

0.9558

0.9715

0.9710

0.9635

0.9811

0.9665

Horiz.

1

1

1

cumulative sums x 0.95 1.00 0.95

runs x 0.79 0.99 1.00

longest run x 0.76 0.99 1.00

green

green

green

green

green

green

blue

blue

blue

blue

blue

blue

red

red

red

red

red

red

N. O. template x 0.80 0.99 0.98

O. template x 0.78 1.00 1.00

universal x 0.83 0.99 1.00

Image (file name)

mandrill (4.2.03)

peppers (4.0.07)

airplane (4.0.04)

sailboat (4.2.06)

splash (4.2.01)

black image

serial x 0.68 0.99 0.95

linear complexity 1.00 0.98 1.00

final result fail pass pass

doi: 10.1049/iet-ipr.2012.0586 & The Institution of Engineering and Technology 2013

www.ietdl.org

Table 8 Comparison in the security analysis results between the six images. The results imply that the proposed stream

the proposed cipher and other reported software-based chaotic cipher maintains the same high security levels regardless of

systems

the input image.

Analysis Huang Wang Liu and Amin This

[18] et al. Wanga et al. work

[19] [20] [21] 5 Comparison with previous work

horiz. 0.097 0.014 0.0965 0.021 0.002 The security performance of the proposed stream cipher is

corr.

vert. 0.0484 0.009 0.031 0.014 0.0016 evaluated in Table 8 as compared with four recent

corr. chaos-based image encryption systems [1821]. This

diag. 0.07 0.005 0.0362 0.035 0.002 comparison is based on the mean values of the correlation

corr. coefcients, entropy and differential analysis.

entropy 7.9939 7.9845 7.9998 7.9993

NPCR, % 99.31 98.563 99.606 99.61 99.601

Unfortunately, the hardware comparison between the

UACI, % 33.46 33.081 33.393 33.41 33.462 proposed system and the previously reported systems is not

mentioned since they have not been implemented on

hardware. The results reect that the proposed system

outperforms all the others and imply the high level of

output data because of a 1-bit change in the input. Ciphers randomness and robust encryption achieved. In addition to

with good SAC property achieve theoretically 50% bit the security comparison, hardware area efciency and

difference between the input and the output images. The throughput results of the proposed stream cipher are

SAC value for the proposed stream cipher is calculated 500 compared in Table 9 with the standard stream and block

times with only a 1-bit change in the input image resulting cipher systems such as: RC4 used in 802.11 Wi-Fi security

in mean values of 49.995, 49.992 and 49.988% for the protocol, E0 used in Bluetooth protocol, A5/1 used in GSM

RGB colours, respectively. The results conrm the high communications, SNOW 3G used by the 3GPP group as a

sensitivity of the encryption algorithm originating from the mobile cellular standard, in addition to the advanced

dynamic control of the attractor size Dt and the permutation encryption standard (AES) adopted in many applications.

functions used. Since this paper exhibits an FPGA implementation, the gate

count is expressed as 8 (LUT + FF) to facilitate a basic

4.7 Statistical randomness analysis area/throughput comparison between systems. As shown in

Table 9, the proposed system yields the highest area/

The randomness of the CB-PRNG utilised in addition to the throughput ratio compared with all other systems and

ciphered image are assessed using NIST SP. 800-22 therefore achieved the best hardware efciency. Together

statistical test suite [39]. Table 6 shows the NIST results for with the high security accomplished, the proposed stream

the chaotic output before and after post processing as well cipher can be considered a new encryption standard.

as the ciphered image. The results are represented by the

proportion of the passing sequences and the validity of the

P-value (PV) distribution. The results imply that the post 6 Conclusion

processing effectively removed the bias in the original

chaotic stream producing uniformly distributed random bits. This paper presents the rst hardware realisation of the

In addition, the ciphered image is considered as a pseudo chaos-based stream cipher designed for image encryption

random noise source. applications. The encryption system utilises a third-order

jerk chaotic generator with signum non-linearity in addition

4.8 Application to other images and comparison to a dynamically controllable attractor size. To reduce the

bias in the output sequence, a simple post processing

The security of the proposed system is further examined for technique is proposed with a small hardware cost. The

ve standard coloured images obtained from the ciphering algorithm masks and permutes the original pixels

miscellaneous volume of the University of Southern creating a feedback loop between the ciphered image and

California-Signal and Image Processing Institute the chaotic generator to increase the output sensitivity to

(USC-SIPI) image database [40] in addition to a black small changes in the input. The security analysis is

image where the RGB components are all zeros. Table 7 conducted for several images and the results are compared

depicts the correlation and entropy in addition to the mean with previously reported systems which conrm the

values of the differential analysis, and SAC values for all superior performance of the proposed system. Finally, the

Table 9 Comparison in the hardware performance results between the proposed system and other reported non-chaos-based ciphers

System Area (Gc) T.put, Mb/s Efficiency T.put/area Implementation target

Trivium [25] 2580 327.9 0.127 ASIC

Moustique [41] 7264 369 0.05 FPGA

Salsa20 [42] 12 126 121 0.009 ASIC

RC4 [22] 10 653 135.52 0.013 FPGA

E0 [23] 1902 93.36 0.049 FPGA

A5/1 [23] 932 90.85 0.097 FPGA

SNOW 3G [24] 25 016 7968 0.318 ASIC

AES [43] 14 322 3709 0.259 FPGA

this work 8968 3682.87 0.411 FPGA

& The Institution of Engineering and Technology 2013 doi: 10.1049/iet-ipr.2012.0586

www.ietdl.org

proposed stream cipher system can be considered as a new 22 Hamalainen, P., Hannikainen, M., Hamalainen, T., Saarinen, J.:

symmetric encryption standard. Hardware implementation of the improved WEP and RC4 encryption

algorithms for wireless terminals. Eur. Signal Proc. Conf., 2000,

pp. 22892292

7 References 23 Batina, L., Lano, J., Mentens, N., rs, S.B., Verbauwhede, B., Preneel,

I.: Energy, performance, area versus security trade-offs for stream

1 Liu, F., Wu, C.-K.: Robust visual cryptography-based watermarking ciphers. State of the Art of Stream Ciphers, Workshop Record,

scheme for multiple cover images and multiple owners, IET Inf. ECRYPT, 2004

Secur., 2011, 5, (2), pp. 121128 24 Kitsos, P., Selimis, G., Koufopavlou, O.: High performance ASIC

2 Ding, Q., Wang, J.N.: Design of frequency-modulated correlation delay implementation of the SNOW 3G stream cipher. Int. Conf. Very

shift keying chaotic communication system, IET Commun., 2011, 5, Large Scale Integration, 2008

(7), pp. 901905 25 Good, T., Benaissa, M.: ASIC hardware performance, in Robshaw, M.,

3 Wagemakers, A., Escribano, F.J., Lpez, L., Sanjun, M.A.F.: Billet, O. (Eds.): New stream cipher designs (Springer, Berlin/

Competitive decoders for turbo-like chaos-based systems, IET Heidelberg, 2008) pp. 267293

Commun., 2012, 6, (10), pp. 12781283 26 Sprott, J.C.: A new class of chaotic circuit, Phys. Lett. A, 2000, 266,

4 Chen, S.-L., Hwang, T., Chang, S.-M., Lin, W.-W.: A fast digital (1), pp. 1923

chaotic generator for secure communication, Int. J. Bifurcation 27 Elwakil, A.S., Salama, K.N., Kennedy, M.P.: A system for chaos

Chaos, 2010, 20, (12), pp. 39693987 generation and its implementation in monolithic form. Int. Symp.

5 Li, C.-Y., Chen, Y.-H., Chang, T.-Y., Deng, L.-Y., To, K.: Period Circuits Syst. (ISCAS), 2000, pp. 217220

extension and randomness enhancement using high-throughput 28 Mansingka, A.S., Radwan, A.G., Zidan, M.A., Salama, K.N.: Analysis

reseeding-mixing PRNG, Trans. Very Large Scale Integr. (VLSI) of bus width and delay on a fully digital signum nonlinearity chaotic

Syst., 2012, 20, (2), pp. 385389 oscillator. Int. Midwest Symp. Circuits Syst. (MWSCAS), 2011,

6 Zidan, M.A., Radwan, A.G., Salama, K.N.: Controllable v-shape pp. 14

multiscroll buttery attractor: system and circuit implementation, 29 Sprott, J.C.: Chaos and time-series analysis (Oxford University Press,

Int. J. Bifurcation Chaos, 2012, 22, (6), pp. 12501431250156 2003)

7 Zidan, M.A., Radwan, A.G., Salama, K.N.: Random number generation 30 Zidan, M.A., Radwan, A.G., Salama, K.N.: The effect of numerical

based on digital differential chaos. Int. Midwest Symp. Circuits Syst. techniques on differential equation based chaotic generators. Int.

(MWSCAS), 2011, pp. 14 Conf. Microelectronics (ICM), 2011, pp. 14

8 Taylor, G., Cox, G.: Digital randomness, IEEE Spectr., 2011, 48, (9), 31 Mansingka, A.S., Radwan, A.G., Salama, K.N.: Design,

pp. 3258. implementation and analysis of fully digital 1-D controllable

9 Li, S., Chen, G., Mou, X.: On the dynamical degradation of piecewise multiscroll chaos. Int. Conf. Microelectronics (ICM), 2011, pp. 15

linear chaotic maps, Int. J. Bifurcation Chaos, 2005, 15, (10), 32 Alfke, P.: Efcient shift registers, LFSR counters, and long pseudo

pp. 31193152 random sequence generators. Xilinx Application Note, 1996

10 Barakat, M.L., Radwan, A.G., Salama, K.N.: Hardware realization of

33 Yalcin, M.E., Suykens, J.A.K., Vandewalle, J.: True random bit

chaos-based block cipher for image encryption. Int. Conf.

generation from a double-scroll attractor, Trans. Circuits Syst. I, Reg.

Microelectronics (ICM), 2011, pp. 15

Pap., 2004, 51, (7), pp. 13951404

11 Kircanski, A., Youssef, A.M.: On the sliding property of SNOW 3 G

34 Davies, R.B.: Exclusive OR (XOR) and Hardware Random Number

and SNOW 2.0, IET Info. Secur., 2011, 5, (4), pp. 199206

Generators. Available at: http://www.robertnz.net/pdf/xor2.pdf,

12 Millrioux, G., Guillot, P.: Self-synchronizing stream ciphers and

February 2002

dynamical systems: state of the art and open issues, Int. J. Bifurcation

35 Kodba, S., Perc, M., Marhl, M.: Detecting chaos from a time series,

Chaos, 2010, 20, (9), pp. 29792991

13 Alvarez, G., Amig, J.M., Arroyo, D., Li, S.: Lessons learnt from the Eur. J. Phys., 2005, 26, (1), pp. 205215

cryptanalysis of chaos-based ciphers, in Kocarev, L., Lian, S. (Eds.): 36 Webster, A., Tavares, S.: On the design of S-boxes, in Williams, H.

Chaos-Based Cryptography (Springer, Berlin/Heidelberg, 2011), (Ed.): Advances in cryptology (Springer, Berlin/Heidelberg, 1986),

vol. 354, pp. 257295 pp. 523534

14 Gao, T., Chen, Z.: Image encryption based on a new total shufing 37 Corrochano, E.B., Mao, Y., Chen, G.: Chaos-based image encryption,

algorithm, Chaos Solitons Fractals, 2008, 38, (1), pp. 213220 in Corrochano, E.B. (Ed.): Handbook of geometric computing

15 Giesl, J., Behal, L., Vlcek, K.: Improving chaos image encryption (Springer, Berlin Heidelberg, 2005), pp. 231265

speed, Int. J. Future Gener. Commun. Netw., 2009, 2, (3), pp. 2336 38 LEcuyer, P., Simard, R.: TestU01: A C library for empirical testing of

16 Ismail, I.A., Ismail, M., Diab, H.: A digital image encryption algorithm random number generators, ACM Trans. Math. Softw., 2007, 33, (4),

based a composition of two chaotic logistic maps, Int. J. Netw. Sec., pp. 2240

2010, 11, (1), pp. 19 39 Rukhin, A., Soto, J., Nechvatal, J., et al.: A statistical test suite for

17 Huang, C.K., Nienb, H.H.: Multi chaotic systems based pixel random and pseudorandom number generators for cryptographic

shufe for image encryption, Opt. Commun., 2009, 282, (11), applications, NIST Special Publication 800-22, 2001

pp. 21232127 40 Weber, A.G.: (1997) The USC-SIPI image database version 5.

18 Huang, X.: Image encryption algorithm using chaotic Chebyshev USC-SIPI Rep. no. 315. Available at: http://www.sipi.usc.edu/services/

generator, Nonlinear Dyn., 2012, 67, (4), pp. 24112417 database/Database.html

19 Wang, X., Wang, X., Zhao, J., Zhang, Z.: Chaotic encryption algorithm 41 Daemen, J., Kitsos, P.: The self-synchronizing stream cipher

based on alternant of stream cipher and block cipher, Nonlinear Dyn., Moustique, in Robshaw, M., Billet, O. (Eds.): New stream cipher

2011, 63, (4), pp. 587597 designs (Springer, Berlin/Heidelberg, 2008), pp. 210223

20 Liu, H., Wanga, X.: Color image encryption based on one-time keys 42 Good, T., Benaissa, M.: Hardware results for selected stream cipher

and robust chaotic maps, Comput. Math. Appl., 2010, 59, (10), candidates. Workshop Record of Stream Ciphers (SASC), 2007,

pp. 33203327 pp. 191204

21 Amin, M., Faragallah, O.S., Abd El-Latif, A.A.: A chaotic block cipher 43 Bouhraoua, A.: Design feasibility study for a 500 Gbits/s advanced

algorithm for image cryptosystems, Commun. Nonlinear Sci. Numer. encryption standard cipher/decipher engine, IET Comput. Digit.

Simul., 2010, 15, (11), pp. 34843497 Tech., 2010, 4, (4), pp. 334348

doi: 10.1049/iet-ipr.2012.0586 & The Institution of Engineering and Technology 2013

## Molto più che documenti.

Scopri tutto ciò che Scribd ha da offrire, inclusi libri e audiolibri dei maggiori editori.

Annulla in qualsiasi momento.