Applications: Pay-TV, Confidential video conferencing,

1
(No Transcript)
2
Introduction

• Applications Pay-TV, Confidential video
  conferencing,
• secure VOD service via network, Medical
  imaging systems,
• etc.
• Problems 1) The well-developed modern ciphers
  cannot be
• directly used, because most of them run so
  slow (especially
• in software implementation). 2) Compression
  algorithms
• make it more difficult to incorporate the
  ciphers into the
• video system.
• State of the Art Many different video
  encryption
• scheme have been proposed, but some of them
  are not
• secure and most of them are dependent of
  specific video
• format (chiefly MPEG-1 and 2).

3
Our New Scheme - CVES

• CVES Chaotic Video Encryption Scheme.
• CVES is independent of any video compression
  algorithms
• CVES can provide high security for real-time
  digital video with
• fast encryption speed
• CVES can be simply realized both by hardware and
  software.
• CVES can be extended to support random retrieval
  of cipher-
• video with considerable maximal time-out
  (RRS-CVES Random
• Retrieval Supported CVES).
• Essentially speaking, CVES is a universal fast
  cipher .

4
CVES A General View
5
Chaotic Cryptography

• Chaos vs. Cryptography Many fundamental
  characteristics of chaos,
• such as the mixing property and the sensitivity
  to initial conditions, can
• be connected with confusion and diffusion
  property in good ciphers.
• Three facts about presented chaotic ciphers
• 1) Most chaotic block ciphers require to iterate
  the employed chaotic
• systems for many times to make the ciphertext
  independent of the
• plaintext, which will markedly reduce the
  encryption speed.
• 2) Most chaotic stream ciphers employ one single
  chaotic system to
• generate pseudo-random numbers to mask the
  plaintext, which may
• weaken the capability to resist potential
  attacks.
• 3) Generally, chaotic stream ciphers run much
  faster than chaotic block ciphers.

6
How to Realize Digital Chaotic Systems in Finite
Precision?

• Problems It has been found that the dynamical
  properties of
• digital chaotic systems are far different from
  the theoretical
• ones. The related problems include short cycle
  length, non-
• ideal distribution and correlation, etc.
• Remedies In CVES, we use the perturbation-based
  algorithm
• presented in 24 to avoid this flaw Use a
  simple pseudo-random
• number generator (PRNG) to make a small signal
  pt(i). The l
• lowest bits of the chaotic orbits are perturbed
  by pt(i) with
• fixed interval ?.

7
CVES - Components

• ECS Pool The kernel part of the whole CVES. 2n
  digital
• chaotic systems, which are called Encryption
  Chaotic
• Systems (ECS) ECS (1)ECS(2n). All 2n ECS-es
  are based
• on a same one-dimensional chaotic map Fe(xe,pe)
  defined on
• I0,1, with different control parameters
  pe(1)pe(2n). All
• ECS-es are realized in finite precision L (bits)
  with
• perturbation-based algorithm, and one maximal
  length LFSR
• (m-LFSR1, whose degree is L1) is used as the
  perturbing
• PRNG. The perturbing intervals are ?e(1) ?e(2n)
  
• respectively. The current states of the 2n
  ECS-es are
• denoted as xe(1)xe(2n).

8
CVES - Components

• CCS One digital chaotic systems (called Control
  Chaotic
• System) is used to control the 2n ECS-es. CCS is
  based on
• another chaotic map Fc(xc,pc) defined on
  I0,1. CCS is
• also realized in finite precision L with
  perturbation-based
• algorithm, and m-LFSR2 with degree L2 is used as
  the
• perturbing PRNG. The perturbing interval is ?c.
• CIT A Control Information Table (CIT) stores the
  
• required information of CVES.
• Stream Sub-Cipher A 2n1 MUX controlled by CCS
  is used to
• select an ECS to generate a L-bit chaotic key,
  which is used to
• XOR the plain-cluster L-bit block by L-bit
  block.
• Block Sub-Cipher A 2n2n L-bit sorter and 2n
  n-bit memory
• units compose a Pseudo-Random S-Box Generator
  (PRSBG).
• Then generate a pseudo-random nn S-Box, which is
  used to
• substitute the pre-masked plain-cluster n-bit
  block by n-bit
• block.

9
CVES Encryption/Decryption

• Secret key Kxc,pc.
• Initialization
• 1)Iterate CCS for 2n times to obtain 2n initial
  conditions
• xe0(1)xe0(2n) for all ECS-es.
• 2)Iterate CCS for 2n times to obtain 2n control
• parameters pe0(1)pe0(2n) for all ECS-es. Any
  two must not be same.
• 3) Sort xe0(1)xe0(2n) to generate a rank
  sequence
• l(1)l(2n). Then ?e(i)Pr(l(i)), where Pr(i)
  denotes ith prime
• number larger than 2. Iterate CCS for several
  times to
• obtain ?c, which should be a prime number
  smaller than 2n. 4) Iterate each ECS(i) for
  ?gt?(i) times, where ?(i) is its
• Lyaponov exponent.
• Encryption/Decryption Procedure See Slide 4.

10
RRS-CVES Modified CVES

• Initialization Three operations are added. 1)
  Run CCS for 22n
• times to generate two L-bit numbers p, x and
  2n m-bit numbers
• te(1)te(2n). Here, gcd(te(i),2)1 and
  te(i)tmin. 2) Sort pe0(1)pe0(2n)
• to generate a sequence re(1)re(2n). 3) Set the
  22n L-bit
• numbers to 0 C1(1)C1(2n), C2(1)C2(2n).
• Encryption Procedure Only the stream sub-cipher
  is modified.
• For jth L-bit plain-block, select ECS(re(j mod
  2n)) as the current
• ECS. ECS(i) runs once, C1(i). If C1(i) mod
  te(i)0, reset ECS(i) as
• follows C1(i)0, C2(i), xe(i)xe0(i)(xe0(i)
  x) mod 2L. If C2(i)
• mod te(i)0, reset ECS(i) C1(i)C2(i)0,
  pe(i)pe0(i)(pe0(i)p) mod
• 2L.
• Reconstruct Assume the total number of L-bit
  cipher-blocks
• Before the cipher-cluster is Il. We can
  reconstruct all 2n ECS-es
• within considerable maximal time-out.

11
CVES/RRS-CVES Configuration

• L Since the key space is 22L, L should be large
  enough to provide high security. L32 or 64 is
  suggested.
• n Apparently, the realization complexity has
  positive relation with n. So n can not be too
  large, and we suggest n8.
• The Cluster Size It can slightly adjust the
  speed.
• m and tmin We suggest mn and tmin2n/2 to
  reduce the maximal time-out of RRS-CVES.
• The Chaotic Maps We suggest using the PLCM in
  27,28.

12
CVES Performance Speed

• Assume all ECS-es and CCS are based on the
  PLCM in 27,
• 28, and the cluster size is fixed PmaxL
  bits.
• Hardware - Assume the basic clock frequency is fb
  MHz
• and the time consuming by the sorter is ts clock
  cycles, the
• speed of CVES will be fb/(11/nts/(PmaxL))
  Mbps, which is
• faster than most conventional ciphers. 2)
• Software - The speed under WindowsTM OS is
  tested with
• Visual C. The speed is about 1/10 of the CPU
  frequency
• (60Mbps on a 667MHz PentiumIII PC). Such a
  speed is
• rather high for a software cipher. 3) The
  initialization
• consumes not too much time, and the maximal
  time-out of
• RRS-CVES is not too large.

13
CVES Performance Security

• Essentially features to avoid potential attacks
• a) The independent 2n1 digital chaotic systems.
  
• b) The different pseudo-random S-Box for
  different
• cluster.
• c) The product of the stream cipher and the
  block cipher.
• Cryptographic properties
• a) Balance
• b) Avalanche property.
• Stream sub-cipher Huge cycle length
• Block sub-cipher Perfect pseudo-random S-Boxes
  with equiprobable and symmetric distribution.

14
CVES Performance Realization Complexity and
Experiments

• Realization Complexity One L-bit digital
  dividers, a 2n2n sorter, two
• perturbing m-LFSR-s, and some memory units (not
  too many).
• Experiments See the following figures.
• For a uncompressed digital video, we test the
  practical performance of
• CVES. In Fig. 2, we give the comparison of one
  plain-frame and the cipher-
• frame. We can see the plain-image is encrypted to
  a cipher-image with
• uniform histogram, which implies CVES is perfect.