Based on Chaos Theory. Rogelio Hasimoto-Beltrán and Edmar Mota-GarcÃa. Department of Computer Science, Center for Research in Mathematics (CIMAT),.
Real-Time Secure Multimedia Communication System Based on Chaos Theory Rogelio Hasimoto-Beltrán and Edmar Mota-García Department of Computer Science, Center for Research in Mathematics (CIMAT), Jalisco s/n, Col. Mineral de Valenciana, Guanajuato, Gto, México 36240 {hasimoto,edmar}@cimat.mx
Abstract. We propose a novel block-based symmetric encryption system based on an n-array of independently iterated chaotic logistic maps with global and local feedback as a diffusion process. Local feedback represents the temporal evolution of a single map, while global feedback represents the temporal evolution of the whole system (cross-map evolution). For security, the cryptosystem periodically modifies its internal configuration using a three-level random perturbation scheme, one at system-key (reset operation) and two at map array level (to increase the chaotic cycle length of the system). An analysis of the proposed scheme regarding its vulnerability to attacks, statistical properties and implementation performance is presented. To the best of our knowledge we provide a simple and secure scheme with the fastest software implementation reported in the literature. Keywords: Discrete chaotic encryption, Block ciphers, symmetric encryption.
1 Introduction Building secure multimedia communications demand new challenges difficult to handle by currently adopted encryption schemes (DES, RSA, AES, and IDEA) [1, 2]. Multimedia requires the processing of huge amounts of information at speeds going from Kilobits/sec (Kbs) to the order of Megabits/sec (Mbs), in particular those applications involving real-time audio and video transmission. Discrete chaotic dynamical systems (DCS) have been used since late 80’s, but few proposals have emerged for voice and video data encryption (with limited real-time capabilities) [36]. Considering this, we propose a novel symmetric encryption system based on an narray of independently iterated chaotic maps, along with a three-level periodic perturbation and a two-mode feedback (global and local feedback) for real-time multimedia communications. The perturbation scheme changes current system condition by modifying the system-key and the trajectory of the chaotic maps to increase system security against statistical and differential attacks. The system key is periodically modified using a random number generator, while every map trajectory is modified using the system’s output itself (ciphertext) rather than a predefined perturbation equation. Since chaotic maps are iterated independently, ciphertext interdependency is created by adding global and local feedback to current ciphertext value. H.H.S. Ip et al. (Eds.): PCM 2007, LNCS 4810, pp. 441–445, 2007. © Springer-Verlag Berlin Heidelberg 2007
442
R. Hasimoto-Beltrán and E. Mota-García
Global feedback represents the temporal evolution of the entire system, while local feedback represents the temporal evolution of a single map.
2 Proposed Chaotic Encryption Scheme Our scheme can be split into three main components: A) System-key Generation: An initial seed is first created and used for the generation of the system-key (K) using a random number generator (RNG). For security, K is constantly modified using both fixed and forced updates. Fixed key update is part of the three-level perturbation scheme in which K is replaced periodically using RNG after a random number of iterations. Forced updates on the other hand are used as a resynchronization process between cipher and decipher in the case of data errors during transmission (or when security is compromised). B) Encryption System: Once K of size B ≥ 128 bits is generated, it is divided into 2n equal parts, where each part is used to initialize a corresponding system variable and parameter of the n-array of logistic maps as follows: X
i ,0
= K ( 2 i − 1),
λ i = 3 . 73364
+
[ K ( 2 i ) / 2 B / 2 n + K ( 2 i ) / 10
h8
+ ( a ⊕ b ) / 2 B / 4 n ] / 10 ,
(2)
i ∈ {1, 2 , 3 ,..., n }
where Xi,0 and λi are the ith map variable initial condition and parameter respectively, h8 is the number of digits in the largest decimal number represented by B/8 bits ( K ( k ) / 10 8 = 0.( 2 ) ), a ⊕ b term is the exclusive-OR (XOR) of the most (a) and least (b) significant bits of K(2i) having both equal size bit representation of B/4n. Xi,0 and K are de-correlated by iterating Xi,0, 1 ≤ i ≤ n a random number of times RT over all maps: h
For
B/8
i ∈ {1, 2 , 3 ,..., n }
γ = X i,0 , repeat
(3)
RT
times
γ = γ .λ 1 .(1 − γ ), γ = γ .λ 2 .(1 − γ ), γ = γ .λ 3 .(1 − γ ), γ = γ .λ 4 .(1 − γ ) X i ,0 = γ
Even a one-bit change in K, will generate a completely different map orbits, which in turn generates different ciphertexts. Once Xi,j and λi values have been obtained, the narray of logistic maps can be written as:
X i , j = λi . X i , j −1 .[1 − X i , j −1 ],
i ∈ {1,2,3,...n}
(4)
where i and j represent the map and state indexes respectively. For a fixed state j, n map variables are obtained to encrypt their corresponding plaintext of size B/n using the following equation:
Real-Time Secure Multimedia Communication System Based on Chaos Theory
443
C i , k = ([Pk + X ' i ,k ] mod 2 B / n ) ⊕ X ' i , k ⊕([Ci −1, k + C i , k −1 ] mod 2 B / n ),
(5)
i ∈{1,2,3,..., n},
k = ( j + i − 1)
where k is the cipher iteration index (k = nj), X’ is the corresponding integer representation of X using B/n bits, Pk is the kth plaintext input, Ci-1,k is the previous cyphertext output (i-1) of the current iteration (kth), and Ci,k-1 is the previous cyphertext output of the same ith map, but from the (k-1) iteration. A total of B bits are encrypted per state iteration (B/n encrypted bits per map). Ci-1,k and Ci,k-1 represent the global and local feedback respectively. The security of the system is increased by sending out not Ci,k, but its perturbation:
C ip,k = C i ,k + X 'T , X T' = X 1', k ⊕ X 2' ,k ⊕ h ⊕ X n' ,k
(6)
Therefore, decipher cannot use C i p, k directly to find its corresponding plaintext, it needs to know X T' . For performance reasons we defined eq.5 as simple as possible, but it is possible to increase its complexity by adding more terms or combinations involving X i' , k . The corresponding decryption system is: Pk = [( C i p, k − X 'T ) ⊕ X 'i , k ⊕ ([ C i − 1, k + C i , j − 1 ] mod
2 B / n ) + 2 B / n − X i', k ] mod
i ∈ {1, 2 , 3 ,..., n },
2B / n,
(7)
k = ( j + i − 1)
C) Three-Level Perturbation Scheme: To increase the cycle length of logistic maps, a three-level periodic perturbation scheme is proposed. In the first perturbation level, the trajectory of every map is slightly modified to increase its cycle length [5, 20] as follows: X
p i, j
= X
i, j
+
1 .1 + C n , j (i ) 10
h16
,
i ∈ {1, 2 , 3 ,..., n }
(8)
where Cn,j(i) is the ith element of the global feedback Cn,j with size B/4n bits, at the current state j. We post-process
X ip, j so that its first digit after the decimal point stays p
the same as in X i , j ; therefore abs ( X i , j
− X i , j ) < 10 −1 .
The second level perturbation replaces each map system variable by the resultant state of cross-iterating its value using all maps (same process as in eq. 3). For the ith map in state j, its new system variable is obtained by: γ = X i, j ,
i ∈ {1, 2 ,3,..., n}
γ = γ .λ k .(1 − γ ), X i, j = γ
k ∈ {[ i mod n ] + 1, [( i + 1) mod n ] + 1, [( i + 2 ) mod n ] + 1}
(9)
New system variables are influenced by all maps, the output of the ith map is the input of the [(i+1) mod n]+1 map and so on and so forth. Third level perturbation replaces current system-key every random number of iterations. Every time the system-key is updated, the new key is sent to decipher to update system maps variables and
444
R. Hasimoto-Beltrán and E. Mota-García
parameters. The cycle of the perturbations represented by PTi, randomly selected.
1 ≤ i ≤ 3 , can be
3 Experimental Results and Conclusions Our proposed scheme is flexible regarding the system-key size and number of chaotic maps used for the encryption process, however there must be some congruency between their corresponding bit sizes. In general, B (size of K) can be a multiple of m bits (Bn) for m ∈ {8 ,16 , 32 } , and the number of chaotic maps can be at least Bn/m (one map per m bits of K) and at the most Bn /8. A recommendation is not to use more than 32 bits of K for the generation of Xi0 and λi (16 bits for each value). We applied the proposed scheme to multimedia data with different sizes and statistical properties with the following setting: B32 =128 bits, n=4 (four logistic maps), RT = 20, PT1 = 15 iterations, PT2 = n1 PT1, and PT3= n2PT2, for n1 = n2 = 3. Fig.1a shows the histograms of plaintext and corresponding ciperhtext using two randomly chosen keys to prove statistical independence of the scheme. In all cases, the ciphertext histogram is uniform and independently of the shape of the plaintext histogram and system-key. As an average over all data files, 99.6% of the total bytes and 50% of the total bits were changed during the encryption process. The response of the scheme to slight changes (flipping of the least significant bit) of the system-key is immediate (Fig.1b), diverging drastically from the original sequence. Same behavior is found when the perturbation scheme is applied. To additionally complicate things out under an opponent attack, the correspondent random variable XT (see eq. 6) is added to current ciphertext output; so in the case of an attack the opponent never has access to the real ciphertext values. If the opponent chooses brute force attack instead,
(a)
5
x
1 0
9
4
(b)
3
2
1
0 0
5
1 0
1 5
2 0
2 5
3 0
3 5
4 0
Fig. 1. (a) Histogram of plaintext (left column) and corresponding ciphertext for two different system-keys (middle and right columns). (b) Sensitivity to system key changes. Plaintext (circled continues line) encrypted with two different keys.
Real-Time Secure Multimedia Communication System Based on Chaos Theory
445
it will need to search for at least 2128 ≈ 3.4x1038 key possibilities in our current setting. Additionally, there are four more random numbers with 5-bit representation each, RT, P1, P2, and P3; so brute force attack will need to consider a total space analysis of (2128).(220). Finally, a C-language implementation of the cipher system on a 940Mhz Pentium®-III, with 190Mb of memory running Linux version 2.4.20-28.9, shows an average speed of 230Mbs (Megabits/sec); which is way faster than any other scheme reported in the literature. These reported speeds are fast enough for real-time multimedia communications.
References 1. Chen, G., Mao, Y., Chui, C.K.: A symmetric image encryption scheme based on 3D chaotic cat maps. Chaos Solit. & Fract. 21, 749–761 (2004) 2. Yang, M., Bourbakis, N., Li, S.: Data-image-video encryption. IEEE Potentials 23(3), 28– 32 (2004) 3. Lian, S., Sun, J., Wang, Z., Dai, Y.: A fast encryption scheme based on chaos. In: 8th Int. Conf. Control, Automation, Robotics and Vision, pp. 126–131 (2004) 4. Paraskeve, T., Klimis, N., Stefanos, K.: Security of human video objects by incorporating a chaos-based feedback crytpography scheme. In: Proceedings of the 12th annual ACM international conference on Multimedia, New York, USA, pp. 352–355 (2004) 5. Roskin, K.M., Casper, J.B.: From Chaos to cryptography (1999), Available online at http://xcrypt.theory.org/paper 6. Tang, K.W., Tang, W.: A chaos-based secure voice communication system. In: ICIT 2005. IEEE Inter. Conf. Industrial tech, pp. 571–576 (2005)
