Medical image encryption using modified advanced ...

1 downloads 0 Views 15MB Size Report
Cryptography. ➢Cryptography is the practice and study of hiding information. ... Outline. ➢Existing work. ➢Proposed cryptographic primitives. ➢Key schedule.
BY

J. Mohamedmoideen Kader Mastan, PG Student, Dept. of ECE Sri Venkateswara College of Engg. Sriperumbudur

G.A. Sathishkumar, Associate Professor, Dept. of ECE Sri Venkateswara College of Engg. Sriperumbudur

Dr. K. Bhoopathy Bagan, Professor and Head, Instrumentation Madras Institute of Technology Chennai

Need for data security  Confidentiality  Authentication  Message integrity

 Applications:  Banking transactions  Government transactions  Medical transactions  Military transactions

Cryptography  Cryptography is the practice and study of hiding information.

 Types of techniques:  Symmetric key encryption  Asymmetric key encryption  Hash function  Digital signature  Convergence of these techniques.  Elements of cryptography:  Confusion  Diffusion  Avalanche effect  Completeness effect

Need for encrypting medical images  Preserving the confidentiality of medical images and

thus the privacy of patients  Curbing piracy in medical research  Curbing lethal tasks which could have been done by

anti-social agents using the medical information

Why IMAGE encryption? 000102030405060708090a0b0c0d0e0f0001020304050607 0060bffe46834bb8da5cf9a61ff220ae5cbbd8811851a91781d5d 358213579fe

Outline  Existing work  Proposed cryptographic primitives  Key schedule  Flow diagram

 Results  Parametric results  Sensitivity test results  Randomness test results  Efficiency test results  Technique’s potential  Conclusion and future scope

About the…  Existing work

Existing Work (few interesting ones) Work

Cryptographic primitives used

Disadvantages

[1]

Pixel permutation and random arrangement, baker map.

No diffusion.

[2]

N-dimensional Affine transformation. Poor avalanche and completeness effect. As weak as Hill cipher.

[4]

Hill Cipher, pixel addition, pixel shifting

Relatively very slow. No logic claimed.

[5]

Chaotic map – first chaos based encryption technique.

Susceptible to chosen ciphertext attack. Poor completeness effect. Tree of causality.

[6]

Chaotic map, substitution, diffusion Broken with single known/chosen plaintext – claimed to have high data rate of 10 attack. MB/s

[12]

JPEG2000, AES, pixel permutation.

Poor avalanche and completeness effect

On the…  Key schedule

Key Schedule Generation of key matrix Mat1

Swapping consecutive rows to generate Mat2

Swapping consecutive columns to generate Mat3

Swapping consecutive rows to generate Mat4

XOR values in each row to generate array Key1

XOR values in each row to generate array Key2

XOR values in each column to generate array Key3

XOR values in each row to generate array Key4

Defining the…  Proposed cryptographic primitives

1. Matrix Transformation  8 × 8 key matrix ‘Mat’ in Z256  Key space = 3.887×10153  Encryption  C = Mat × P mod 256 where P is plaintext and C is ciphertext  Decryption  P = Mat-1 × C mod 256  Different keys generated for each stage of Matrix

Transformation

2. Single Pixel Diffusion 1. a(1:8) ←a(1:8)⊕k1 2. i←1 3. a(i+1) ← a(i)⊕a(i+1)

4. i←i+1 5. Repeat Step 3 till i=1 6. a(i+1) ← (a(i)+a(i+1))mod n 7. i←i+1 8. Repeat Step 6 for r – 1 times where ‘r’ is number of

rows in the image.

3. Block Pixel Diffusion 1. a(1:8) ← a(1:8)⊕k1 2. i←1 3. a(i+8:i+15) ← a(i+8:i+15)⊕a(i:i+7) 4. i←i+7 5. Repeat Step 3 till i=1

4. Permutation Box R1 G1 B1

R2 G2 B2

R3 G3 B3

R4 G4 B4



G2 R2 G1

B1 B2 R1

B4 B3 R4

G3 R3 G4

Features:  Only stage where the ‘R’, ‘G’ and ‘B’ channels of the image become interdependent.  Independent of key and plain image.

Depicting the…

 Flow diagram

Encryption flow diagram Generation of key matrices

Pad if necessary

MT (Mat2)

MT (Mat1)

PB Plain image

Generation of key arrays

BPD-1 (Key1)

MT (Mat3)

– matrix transpose

Cipher image

PB

PB

SPD-1 (Key2)

MT (Mat4)

SPD (Key3)

BPD (Key4)

Decryption Process Generation of key matrices MT (Mat3 -1)

MT (Mat4-1) Cipher image

PB -1

BPD -1 (Key4)

Generation of key arrays

MT (Mat2-1)

Unpad if necessary

PB -1

PB -1

SPD-1 (Key3)

MT (Mat1 -1)

SPD (Key2)

– matrix transpose

BPD (Key1)

Plain image

Viewing the…

 Results

Typical natural image Mandrill.png

Encrypted Mandrill.png

Decrypted Mandrill.png

Histogram of the red, green and blue channels of the Mandrill.png (top) and those of the encrypted Mandrill.png (bottom)

Typical medical image Heart.jpg

Encrypted heart.jpg

Decrypted heart.jpg

Histogram of the red, green and blue channels of the heart.jpg (top) and those of the encrypted heart.jpg (bottom)

Measuring the…

 Parametric results

Entropy of original and encrypted test images Image

Expected Barbara Fabric

Original entropy New entropy

8

F16

Heart

Lena Mandrill Peppers

7.6919

7.5632 6.6639 4.9830 7.7502

7.7624

7.7112

7.9998

7.9998 7.9997 7.9995 7.9998

7.9998

7.9998

Quantitative results after encryption Dim

Mandrill.png

Heart.jpg

Lena.tif

512×512×3

360×360×3

512×512×3

Param

|CAB|

NPCR% UACI%

|CAB|

NPCR% UACI%

|CAB|

NPCR% UACI%

Expected

0

R vs R

1×10-3

R vs G

1×10-3 99.5975 30.0023 2×10-3 99.6173 41.1535 7×10-4 99.6223 33.0813

R vs B

1×10-3 99.6006 29.9843 3×10-3 99.5941 41.0656 1×10-3 99.6071 33.0256

G vs R

2×10-4 99.5705 28.5434 6×10-3 99.5049 43.2241 1×10-3 99.5953 30.5989

G vs G

6×10-4 99.6265 28.5987 1×10-3

G vs B

7×10-4 99.6178 28.5877 3×10-3 99.5957 43.1288 4×10-4 99.6201 30.6442

B vs R

2×10-5 99.6067 31.2287 5×10-3 99.6173

44.344

B vs G

3×10-5 99.6166 31.2768 8×10-4

99.635

44.3225 3×10-4 99.5998 27.6079

B vs B

1×10-3 99.6265 31.2747 2×10-3

99.6111

44.2663 8×10-4 99.5991

0 0 99.6094 33.4635 99.6094 33.4635 99.6094 33.4635 99.6056 29.9482 7×10-3 99.6134 41.2312 2×10-3 99.6159 32.9182

99.598

43.1686 4×10-4 99.6025

30.631

8×10-4 99.6067 27.5898 27.621

Intra-component correlation coefficients Image

Mandrill.png

Heart.jpg

512×512×3

360×360×3

Resolution Red

Green

Blue

Red

Green

Blue

Expected

0

0

0

0

0

0

Horizontal

-0.0027

-0.0031

0.00047

0.0113

0.00023

0.0007

Vertical

0.0062

0.0041

0.0023

0.0026

-0.0028

0.0091

Diagonal

-0.0043

-0.0046

0.0016

-0.0024

0.0029

0.00026

Measuring the…

 Sensitivity test results

Decryption key sensitivity Mandrill.png decrypted with wrong key changed by 1 bit

Consolidated histogram of wrongly decrypted Mandrill.png

Sensitivity test results with Mandrill.png Encryption key sensitivity

Expected

Plaintext sensitivity

Ciphertext sensitivity

|CAB|

NPCR% UACI%

|CAB|

NPCR% UACI%

|CAB|

NPCR% UACI%

0

99.6094 33.4635

0

99.6094 33.4635

0

99.6094 33.4635

R vs R 2×10-3 99.5979 33.4923 1×10-3 99.6067

33.482

1×10-3 99.6586 33.5538

R vs G 5×10-4 99.5995 33.4775 1×10-3 99.6033 33.4443 1×10-3 99.6147 33.4318 R vs B 1×10-3 99.6056 33.5062 4×10-4 99.6033 G vs R 7×10-4

99.614

33.514

33.49

1×10-3 99.6071 33.4821

1×10-3 99.6162 33.4938 7×10-4 99.6246 33.5148

G vs G 7×10-4 99.6212 33.4644 4×10-3 99.5293 33.5271 6×10-4 G vs B 1×10-3

99.612

99.704

33.5113

33.4844 3×10-4 99.5995 33.4658 6×10-4 99.6159 33.4595

B vs R 3×10-3 99.6086 33.4054 5×10-5 99.5922 33.4635 1×10-3 99.6063 33.5522 B vs G 2×10-3 99.6056 33.4375 3×10-4 99.6067 B vs B 1×10-3

99.601

33.458

2×10-3 99.6048 33.4317

33.4356 2×10-3 99.6124 33.5261 1×10-3 99.5689

33.505

Error/Ciphertext sensitivity Mandrill.png decrypted with 1 bit changed after transmission

Consolidated histogram of decrypted erroneous Mandrill.png

Measuring the…

 Randomness test results

FIPS PUB 140–2 randomness tests (for sensitive but unclassified data) Randomness test

Parametric result

Criterion for passing

Result

Frequency mono-bit test

P=0.2722

P>0.01

Pass

Runs test

P=0.5757

P>0.01

Pass

Longest runs of ones test

P=0.4230

P>0.01

Pass

Poker test

x=16.5824

2.16 < x < 46.17

Pass

Scrutinizing the…

 Efficiency test results

Efficiency test results Spatial Time taken for Time taken for resolution of the encryption (seconds) decryption (seconds) image

Average bit rate for encryption/ decryption

360×360×3

1.878208

1.832749

1.6Mbps

512×512×3

3.648261

3.652164

1.68Mbps

640×480×3

4.214025

4.241128

2.27Mbps

Pointing out the…

 Technique’s potential

Security features Low CAB and high h

 Resistive to statistical

cryptanalysis and entropy attack Decryption key sensitive  Resistive to partial decryption Encryption key sensitive  Resistive to related key attack Plaintext sensitive  Resistive to differential cryptanalysis Ciphertext sensitive  Doesn’t produce a visually perceivable erroneous image.

Comparison with AES Sl. No.

Property

AES (256 bit)

Proposed method

1.

Security

Block - wise secure

Image – wise secure

2.

Key space

2256

≈2512

3.

Stages

4

8

4.

Rounds

14

1

5.

Speed

3 Kbps in MATLAB implementation

1.68 Mbps in MATLAB implementation

6.

Cost

XOR, S – box, row shift, matrix multiplication

XOR, P – box, modular addition, matrix multiplication

7.

Power

More power efficient

Less power efficient due to modular addition

8.

Memory occupied

4 KB (optimized)

4 KB (optimized)

Comparison with Pareek et. al Sl. No.

Property

Work of Pareek et. Al

Proposed method

1.

Security

Broken with single plaintext attack

Computational complexity of 2512 – practically unbreakable

2.

Key space

2157

≈ 2512

3.

CAB

Avg. is 10-3

Avg. is 10-3

4.

NPCR

Satisfactory

Average is 99.60888% - Satisfactory

5.

UACI

Satisfactory

Average is 33.48185% - Satisfactory

6.

Key sensitivity

Satisfactory

Satisfactory

7.

Plaintext sensitivity

Negligible and predictable

Satisfactory

8.

Speed

80 Mbps

1.68 Mbps

9.

Cost

XOR

XOR, P – box, modular addition, matrix multiplication

10.

Ciphertext expansion

Nil

Significant if dimensions of image are not multiples of 8. Otherwise Nil.

Unique features First image encryption technique which is ciphertext

sensitive. First image encryption technique to produce satisfactory

sensitivity test results for color images.

Last but not the least…

 Conclusion and future scope

Conclusion and future work Hence an effective and efficient color image encryption

technique has been designed and compared with contemporary techniques. The technique can very well be used for both natural and medical images. Future work shall be pivoted about efficient cryptanalysis of the technique. If efficient cryptanalysis isn’t possible, hardware implementation shall be carried out.

References 1.

2.

3. 4.

Koredianto Usman, Hiroshi Juzoji, Isao Nakajimal, Soegijardjo Soegidjoko, and Mohamad Ramdhani, Toshihiro Hori, Seiji Igi, “Medical image encryption based on pixel arrangement and random permutation for transmission security,” 9th International Conference on e-Health Networking, Application and Services, 2007, pp. 244 - 247. Wang Fangchao, Bai Sen, Zhu Guibi, and Song Zhenghui, “An image encryption algorithm based on n-dimension affine transformation”, 2009 Eigth IEEE/ACIS International Conference on Computer and Information Science, 2009, pp.579-585. Lester S. Hill, “Cryptography in an Algebraic Alphabet,” The American Mathematical Monthly, Vol. 36, No. 6, pp. 306-312. (Jun. - Jul., 1929) Bibhudendra Acharya, Sambit Kumar Shukla, Saroj Kumar Panigrahy, Sarat Kumar Patra, and Ganapati Panda, “H-S-X Cryptosystem and Its Application to Image Encryption,” International Conference on Advances in Computing, Control, and Telecommunication Technologies, 2009, pp.720-724. Application to Image Encryption,” International Conference on Advances in Computing, Control, and Telecommunication Technologies, 2009, pp.720-724.

References 5. 6.

7.

8.

9.

Fridrich.J, “Symmetric ciphers based on two-dimensional chaotic maps,” Int. J. Bifurcation and Chaos, 1997, Vol. 8, pp-1259–1284. Vinod Patidar, N.K. Pareek, and K.K. Sud, “A new substitution–diffusion based image cipher using chaotic standard and logistic maps” Commun Nonlinear Sci Numer Simulat, Elsevier, 2009, Vol.14, pp-3056–3075. Ercan Solak, Cahit Cokal, Olcay Taner Yildiz, and Turker Biyiko Glu, “Cryptanalysis of fridrich’s chaotic image encryption”,International Journal of Bifurcation and Chaos, 2010, Vol. 20, No. 5 pp. 1-9. V. Patidar, N. Pareek, and K. Sud, Modified substitution-diffusion image cipher using chaotic standard and logistic maps, Communications in Nonlinear Science and Numerical Simulation, Elsevier, 2010, Vol. 15, No 10, pp 2755-2765. R. Rhouma, E. Solak, and S. Belghith, Cryptanalysis of a new substitution-diffusion based image cipher, Communications in Nonlinear Science and Numerical Simulation, 2010, Vol. 15, No. 7, pp 1887-1892.

References 10. Chengqing Li, Shujun Li, and Kwok-Tung Lo, “Breaking a modified

substitution-diffusion image cipher based on chaotic standard and logistic maps”, Communications in Nonlinear Science and Numerical Simulations, 2011, Vol. 16, No. 2, pp. 837-843. 11. Shujun Li, Xuanqin Mou, Yuanlong Cai, and Zhen Ji, “On the security of a chaotic encryption scheme: problems with computerized chaos in finite computing precision”, Computer Physics Communications, 2003, Vol. 153, No.1, pp.52- 58. 12. Zahia Brahimi, Hamid Bessalah, A. Tarabet, and M. K. Kholladi “A new selective encryption technique of JPEG2000 codestream for medical image transmission”, 5th International Multi-Conference on Systems, Signals and Devices, 2008, pp. 1 – 4. 13. Jeffrey Overbey, William Traves, and Jerzy Wojdylo, “On the keyspace of the hill cipher”, Cryptologia, 2005, Vol. 29, No. 1, pages 59 – 72.

References 14. Behrouz A. Forouzan, “Cryptography & Network Security”, Tata 15.

16.

17. 18.

McGraw-Hill, ISBN-13: 978-0-07-066046-5, 2009. Yicong Zhou, Karen Panetta, and Sos Agaian, “A Lossless Encryption Method for Medical Images Using Edge Maps”, 31st Annual International Conference of the IEEE EMBS Minneapolis, 2009, pp. 3707-3710. Guido Bertoni, Luca Breveglieri, Pasqualina Fragneto, Marco Macchetti and Stefano Marchesin, “Efficient software implementation of AES on 32bit platforms”, Cryptographic Hardware and Embedded Systems - CHES 2002 Lecture Notes in Computer Science, 2003, Volume 2523/2003, 129142. Shannon, C.E.: Communication theory of secrecy system. Bell Syst. Techn. J. 28, pp. 656-715, (1949). http://www.healthcareitnews.com/news/hhs-cracks-down-provider-pay100000-hipaa-penalties-over-lost-laptops.

References 18. J. Mohamedmoideen Kader Mastan, G.A. Sathishkumar, K. Bhoopathy

19.

20. 21. 22.

23.

Bagan,: Digital Image Security using Matrix and Non-Linear Pixel Transformation. International Conference on computer, Communication, and Electrical Technology, Vol.1, pp.69-77 (2011). Schneier, B.: Applied Cryptography: Protocols, Algorithms and Source Code in C, 2nd edition (Wiley, NY),(1995). J. J. Buchholz, "Matlab Implementation of the Advanced Encryption Standard," http://buchholz.hs-bremen.de/aes/aes.htm, 2001. National Institute of Standards and Technology (NIST). FIPS pub 140-2: Security requirements for cryptographic modules; May 2001. G.A. Sathish Kumar, K.Bhoopathy Bagan, V. Vivekanand,: A novel algorithm for image encryption by integrated pixel scrambling plus diffusion [IISPD] utilizing duo chaos mapping applicability in wireless systems. Procedia Computer Science, vol. 3 pp. 378-387 (2011). http://en.wikipedia.org/wiki/Brute-force_attack.

Thank you

Questions?

Effect of key space Key size in bits

Permutations

Brute force time for a device checking 256 permutations per second

56

256

1 second

64

264

4 minutes 16 seconds

128

2128

149,745,258,842,898 years ≈ ∞

256

2256

50,955,671,114,250,100,000,000,000,000,000,000,000,000,0 00,000,000,000 years ≈ ∞

512

2512

≈∞

Additionally, ‘Von-Neumann Landauer limit’ physically proves that (when electronic computers are used) the energy required to brute force a 128 bit key is more than that present on earth.

Cross-correlation between two images ‘A’ and ‘B’

NPCR between two images ‘A’ and ‘B’

UACI between two images ‘A’ and ‘B’

Randomness tests  Frequency mono bit test: The focus of the test is the proportion of zeroes and ones for the entire sequence.  Runs test: The focus of this test is the total number of runs in the sequence, where a run is an uninterrupted sequence of identical bits.  Test for the longest run of ones in a block: The focus of the test is the longest run of ones within M-bit blocks.  Poker’s test: It is the measure of the distribution of all possible entries using n-bits in a sequence of ‘m’ n bits.