Paper on Image Security

Embed Size (px)

Citation preview

  • 8/6/2019 Paper on Image Security

    1/8

    IMAGE SECURITY USING MODIFIED ADVANCED ENCRYPTION

    STANDARD ALGORITHM (MAES)

    Kishore.V N.Umamaheswara Rao

    Dept. of ECE, Professor, Dept. of ECE,

    Vardhaman College of Engineering Vardhaman College of [email protected] [email protected]

    Abstract

    Security in transmission storage of digital images has

    its importance in today's image communications and

    confidential video conferencing. Advanced

    Encryption Standard (AES) is a well known block

    cipher that has several advantages in data

    encryption. However, it is not suitable for real-time

    applications. In this paper, we present a modification

    to the Advanced Encryption Standard (MAES) to

    reflect a high level security and better image

    encryption. The modification is done by adjusting theShiftRow phase. Experimental results verify and

    prove that the proposed modification to image

    cryptosystem is highly secure from the cryptographic

    viewpoint. The results also prove that with a

    comparison to original AES encryption algorithm the

    modified algorithm (MAES) gives better encryption

    results in terms of security against statistical attacks.

    Keywords:

    AES, MAES, image encryption, security analysis

    I. INTRODUCTION

    Extensive research has been done in the areas of

    improving encryption standards, providing betterhardware as well as software architecture for

    implementing security and keeping the cost sensitivity,

    low disk space and the energy constraints in check. This

    can be implemented using hardware and software. The

    advantages of software implementation are portability

    and flexibility but it offers only limited physical security,

    especially with respect to key storage and speed. When

    data is integrated in the design, the hardwareimplementation is more physically secure and performs

    in a high speed but has a limited flexibility. The Data

    Encryption Standard (DES) which was used earlier for

    data encryption is being replaced with Advanced

    Encryption Standard (AES), because DES uses only a

    very small 56 bit key length. The longer the key length,

    the more secure is the key. Using larger key lengthmakes more possible keys to search, which makes the

    algorithm to be more secure. AES has larger key length

    and has been efficiently implemented both in hardware

    and software. The National Institute of Standards and

    Technology (NIST) on January 2, 1997 invited proposals

    for new algorithms for the AES, where both hardwareand software performance measures were also included

    in their efficiency testing. In October 2000, NIST had

    chosen Rijndael as the Advanced Encryption Algorithm

    which was designed by Joan Daemen and Vincent

    Rijmen. This project primarily focuses on AES

    encryption algorithm of key length 128 bit, briefs itsarchitecture, and evaluates the performance of the

    algorithm using software models with slightmodifications to improve the security level.

    II. AES ALGORITHM

    AES algorithm can be operated in four modes,Electronic Code Block mode (ECB), Cipher Block chain

    mode (CBC), Cipher feedback (CFB), Output Feedback

    (OFB). In ECB mode, data block is directly encrypted to

    form the cipher text and other three modes belong tofeedback. ECB mode can be achieved with high speed as

    it can simultaneously process multiple blocks. Based on

    this looping structure, the following architecture options

    were investigated so as to yield optimization of AESalgorithm as iterative looping.

    The Rijndael AES algorithm uses a symmetric key block

    cipher both in encryption and decryption. At the start of

    encryption, input is copied to the State array. State array

    is nothing but a 4 x 4 matrix of bytes. The encryption

    algorithm encrypts one block of data at a time to produce

    the encrypted data block with the use of a secret key.

    The decryption is simply the reverse of the encryption,and each operation is the inverse of the corresponding

    one in encryption. The data block length is fixed to 128

    bits, while the key length can be 128, 192, or 256 bits.

    Each data block is rearranged in a matrix form. AES

    algorithm is an iterative algorithm and each iteration is

    called a round. The number of bytes in a row of key

    length is given by equation

  • 8/6/2019 Paper on Image Security

    2/8

    8r

    LNB

    =

    where, N is the number of bytes, L is the block length inbits, and Br is the number of rows in a state array matrix.

    Each round is iterated 10 times for a 128-bit length key,

    12 times for a 192-bit key and 14 times for 256 bit key

    with 4,6 and 8 bytes in a row of key lengths respectively.Each round uses four transformations and inverses but

    finalround excludes MixColumn transformations.

    The flow of the AES encryption process is given with

    Figure 1 in which the there will be existence of

    variability in the round elements based on the round

    number Nr. The value of the number of rounds willdecide the required key length which in turn increases

    the security as well as the complexity.

    Figure1. Flowchart of AES Encryption

    A. AES structure:

    AES is an iterated block cipher where it repeats set of

    transformations called a round transformation :

    AES (State,CipherKey)

    {

    KeyExpansion(CipherKey,ExpandedKey);

    AddRoundKey(State,ExpandedKey[0]);

    For(i=1;i< ;i++)

    Round (State,ExpandedKey[i]);

    FinalRound (State,ExpandedKey[ ]);

    }

    The round transformation is consisting of four different

    transformations:i) The ShiftRow transformation: the rows of the State are

    cyclically shifted over different offsets.

    ii) The MixColumn transformation: the columns of the

    State are considered as polynomials over GF (28) and

    multiplied modulo x4 +1 with fixed polynomial c( x ).

    iii) The Round Key addition: a Round Key is applied to

    the State by a simple bitwise XOR.iv) The ByteSub transformation: is a non-linear byte

    substitution, operating on each of the State bytesindependently depending on substitution table (or S-box)

    which is invertible and is constructed by the composition

    of two transformations:

    a) First, taking the multiplicative inverse in GF(28).

    b) Then, applying an affine (over GF(2) ) transformation.

    A round can be represented as follows:Round(State , ExpandedKey[i])

    {

    SubBytes(State);

    ShiftRows(State);

    MixColumns(State);

    AddRoundKey(State,ExpandedKey[i]);

    }

    The final round of the cipher is slightly different asbelow which misses the MixColumns stage:

    Round(State,ExpandedKey[ ]){

    SubBytes(State);

    ShiftRows(State);

    AddRoundKey(State,ExpandedKey[ ]);

    }

    III.DATA UNIT AND BLOCKS SPECIFICATION

    The data to be encrypted is represented as matrix of bytes called State Matrix. The AES process will be

    initiated & each matrix value is byte valued. After the

    representation of the input data as a matrix the individual

    column elements form WORD which is of value 4 bytes.

    This word representation will be very helpful whilegoing for the key generation which is essential for

    symetric cryptography.

    A. AddRoundKey

  • 8/6/2019 Paper on Image Security

    3/8

    During each round of an AES process, a separate 128-bit

    round key is used. The round keys are derived from the

    cipherkey using a key expansion routine. The

    AddRoundKey operation is a simple bit-by-bit XOR

    operation between the state and the round key. An AES process requires a total of Nr+1 AddRoundKey

    operations, as an additional 'initial' AddRoundKeyoperation is performed prior to the round operations. For

    an AES encryption process this initial AddRoundKey

    operation XORs the plaintext with the cipherkey. There

    is a need for an additional AddRoundKey operation

    during an AES process, as there are Nr rounds and Nr+1

    subkeys.

    B. SubBytes and InvSubBytes

    The Substitution mechanism in AES is done for each

    byte & only one table is used for every byte, which

    means that if two bytes are same, their transformation is

    also same. The transformation is defined by either a tablelook-up process or mathematical calculation in theGF(28) field. The substitution box for SubBytes

    transformation is derived from GF(28) field by taking

    predefined irreducable polynomial ( polynomial which

    will have no factors). The contents of the state box are

    substituted with reference to the SubBytes

    transformation table as shown in Fig.2.

    Fig2. SubByte Transformation

    The irreducible polynomial to derive the elements of the

    substitution table by GF(28) field defined as X8 + X4 +X3

    + X +1 and as steps the process is discribed for

    SubByte process.

    Finding the Multiplicative Invers of the Byte

    value.

    Byte to Matrix conversion.

    Matrix multiplication with constant square

    matrix X

    Matrix Addition of above result with the

    column matrix y, which cosists the initial value for

    combination 00, the 1X1 element in subByte

    transformation table.

    Ex: 63, the 1X1 element

    Matrix to byte conversion.

    For the InvSubBytes process steps will be carries in

    reverse manner with inverse value of the

    constant matrix X. by modifying 1X1 elementor the constant matrix, the respective table byte

    value will changes. This gives more security ina simple manner for the entire AES process.

    C. ShiftRows and InvShiftRows

    The Shift Rows operation changes the order of bytes in

    each row of the state. The Row0 is not affected by this transformation. The second row i.e

    Row1 is shifted cyclically to left by one byte,

    the Row2 by two and the Row3 by three bytes

    as seen in Figure3. The inverse operationInvShiftRows is quite similar in style, with

    only the cyclic shifts made to the right.

    Fig. 3. Shift and inverse Shift row transformation

    D. MixColumns and InvMixColumns

    MixColumns is a 32-bit operation that transforms four

    bytes of each column in the state. The new bytes of the

    column Sr,c are obtained by the given constant matrix

    multiplication in GF(28). If the polynomial

    representation of binary numbers is used, themultiplication process is carried as shown in Fig.4.

    where Snc (n=0 to 3) represent the original byte column

  • 8/6/2019 Paper on Image Security

    4/8

    in the state matrix and Snc(n=0 to 3) represent

    corresponding modified state matrix column values.

    Fig.4. Mix Columns Representation

    E. Key Generation:

    The key expansion routine is used to generate the

    roundkeys from the cipherkey. The AES standard

    defines the key expansion operations on four byte wordscalled wi. A subkey is composed of four such words. The

    key expansion for AES-128 is relatively straightforward:

    1. The first subkey (w3, w2, w1, w0) corresponds to the

    cipher key itself.

    2. The following words wi are calculated recursively

    from this initial set of words using a simple XORfunction: for all values of i that are not multiples of 4 i.e.

    if (I mod 4) 0 then W i = W i-1 xor W i-4

    3. For the words with indices that are a multiple of 4

    (w4k), a special transformation is used. First, the byte

    ordering of w4k-1 is changed by cyclic left shift, and then

    the SubBytes function is applied to all four bytes. In theAES standard these operations are named RotWord and

    SubWord respectively. The result is XOR'ed with W i-4and a round constant Rconi/4 applied within a constantt.

    If (I mod 4) =0, W I = t xor W i-4 , Here t is a

    temporary word is a result of applying mentioned two

    routines, SubWord & RotWord on Wi-1 & XORing the

    result with a Round Constants Rcon. The final value of

    the temporary wordt is given to be:

    T=SubWord (RotWord (W i-1)) xor Rcon i/4

    For AES-128 version with 10 rounds there are total 44

    Words and as a schematic the key expansion can be

    shown in Fig.5. As in the figure the original key is of

    16bytes i.e. 128 bit in length from which round key are

    generated. Where ti temporary words for i=4 Nr, where

    Nr is Number of rounds, i is round value and is carried

    as shown in Fig6.

    Fig5. Key Expansion

    Fig.6. Temporary word generation

    F.Temporary word generation:

    The temporary word plays a vital role in the key

    expansion process and strong cryptographic nature isachieved by means of proper temporary word generation.

    Even though the generation seems new but includes the

    concepts of Sub Bytes and shifts. As a whole the process

    includes Round constants which in turn depend on

    Galois field used. The field GF(28) defines an irreducible

    polynomial in order to generate the S-Box elements

    which is going to be discussed in following sections.

    Basically the temporary word t generation involves

    three sub routines:

    RotWord: The RotWord (rotate word) routine is similar

    to Shift Rows transformation, but only applies to one

    row. It takes 4 byte word array at a time and shifts each

    byte to the left with wrapping.

    SubWord: The SubWord (substitution word) routine is

    similar to Sub Bytes transformation, but it is applied

    only for four bytes. The routine takes each byte in theword and substitutes another byte for it.

  • 8/6/2019 Paper on Image Security

    5/8

    Round Constants: Each Round Constant, RCon, is a 4-

    byte value in which right most three bytes are always

    zero.The generation of these Round Constant values can

    be understandable by means of GF (28) to calculate the

    leftmost byte dynamically as given in the followingexample. Consider case of generation of Round Constant

    for the round 9. For this we need to carry the modulodivision operation on x9-1 = x8 with the irreducible prime

    x8+x4+x3+x+1. i.e.

    IV. SUBSTITUTION BOX DESIGN

    The s-box design shows how much the algorithm is

    cryptographically strong and how the encryptions of data

    (which can be text or image) have level of security.Changing the initial value i.e. 1st row and 1st column

    corresponding element, changes entire elements in thestate box. In AES, the initial value is taken to be 63.

    A. State matrix representation:

    In this section let us see how a 16 character block can be

    shown as a 4X4 matrix. Assume that the text block is

    AES uses a matrix. We add two extra characters at the

    end to complete the 16 elements required to fill the state

    matrix. The result will be AESUSESMATRIXZZ.

    Now replace each character with an integer between 00and 25. Then we represent each byte as an integer with

    two hexadecimal digits. For example S is changed to

    18 and its corresponding hex equivalent is 1216. The state

    matrix is filled up column by column as shown in Fig.7

    Fig.7. Changing text to hexadecimal and to state matrix

    B. Transformation using GF (28) Field

    The byte substitution process either by SubBytes or a

    mathematical calculation in the GF(28) field is used at

    the encryption site. In SubBytes to substitute a byte, we

    interpret the byte as two hexadecimal digits as

    mentioned earlier. The left digit defines the row and

    right digit defines column of the substitution table.

    Although we can use substitution table to findsubstitution for each byte, AES also defines the

    transformation algebraically using the GF(28) field with

    irreducible polynomials x8+x4+x3+x+1.

    The SubBytes transformation repeats a routine called

    subbyte, sixteen times, in which multiplicative inverse ofthe byte is found in GF(28) with irreducible polynomial

    as the modulus. Note that if the byte is 00 16 its inverse is

    itself. The inverted byte is then interpreted as a column

    matrix with the least significant bit at the top and most

    significant bit at the bottom. this column matrix ismultiplied by a constant square matrix, X, and the result,

    which is a column matrix. This is added with a constant

    column matrix, y, to give a new byte. note that

    multiplication and addition are done in GF(2). The

    invsubbyte is doing the same thing in reverse order.

    In encryption, multiplication is first and addition is

    second; In the decryption, subtraction (addition by

    inverse) is first and division (multiplication by inverse)

    is second. Let us show how the byte 0C is transformed

    to FE by subbyte routine and transformed back to 0C bythe invsubbyte routine.

    subbyte:

    a. The multiplicative inverse of 0C in GF(28) fieldis B0 i.e. 10110000

    b. Multiplying matrix X by this matrix results incolumn matrix [c0 c1 c7]

    c. The result of XOR operation with initialelement 63 (0110 0011) arranging byte in sucha way that MSB on the top and LSB at bottom.

    The result is FE in hexadecimal.

    invsubbyte:

    a. The result of XOR operation will be columnmatrix

    4 3

    161 00011011 (1 ) x x x B= + + + = =

    8 8 8 4 3mod mod( 1) x prime x x x x x= + + + +

  • 8/6/2019 Paper on Image Security

    6/8

    b. The result will be multiplied with matrix X-1 andyields to value B0

    c. The multiplicative inverse of B0 is 0C

    C. Multiplicative Inverse

    Bytes which are to be transformed to new bytes by

    means of GF(28) use Extended Euclidian algorithm tofind the multiplicative inverse of the byte value. From

    the definition, two numbers a and b are the multiplicative

    inverse to each other if

    a x b 1(mod n)

    For example, if the modulus is 10, then the

    multiplicative inverse of 3 is 7. In other words, we have(3x7) mod 10 =1.

    In a set of least residue modulo n represented by Zn, we

    can prove that a has multiplicative inverse in Zn if and

    only if gcd(n,a)=1. In this case, a and n are said to be

    relatively primes.

    D. Extended Euclidian algorithm:

    Given two integers a and b, we often need to find othertwo integers, s and t, such that

    Extended Euclidian algorithm can calculate the gcd (a,b)and at the same time calculate the values of s and t. The

    algorithm flow can be depicted based upon pseudo code

    in which the algorithm uses three sets of variables, rs,

    ss and ts . In each step r1, r2 and r have the same

    values. The variables r1 and r2 are initialized to values a

    and b, respectively. The values of the variables s1 and s2

    are initialized to 1 and 0 respectively. The variables t1

    and t2 are initialized to 0 and 1 respectively. Thecalculations of r,s and t are similar with one warning.

    Although r is the remainder of dividing r1 by r2, there is

    no such relationship between the other two sets. There is

    only one quotient, q, which is calculated as r1/r2 and

    used for other two calculations.

    V. PRINCIPLES OF THE PROPOSED ALGORITHM

    In the process of image security using AES

    cryptographic method, there exist some challenging

    issues viz. statistical and brute force attacks, memory

    space requirements and execution speed. To improve the

    efficiency of the algorithm in the view of security as wellas not affecting the speed and the memory space

    requirements various modifications are carried. Themajor modifications are at the modules the substitution

    box (S-BOX) design which is required at Sub Bytes

    stage, choosing some other constant matrix at the stage

    of matrix multiplication and shift row processing stage.

    Among all these stage modifications in shift row

    transformation is effective in the sense of fast executionand complexity when compared to the modifications that

    are carried with other modules. Even though the

    modifications in other modules rather than shift rows

    give reasonable performance, they lag at the point of

    memory requirements and circuit complexity.

    A. Modified AES

    In regular AES algorithms shift row transformation

    stage, the bytes in the last three rows shifted over 1, 2 &

    3 respectively. In the case of MAES, the modified

    version of Advanced Encryption Standard, followingprocedure is followed for transformation.

    Step 1: Examine the value of the first Row & first

    Column, State [0][0] value is even or odd.

    Step 2: If it is odd, The Shift Rows step operates on the

    rows of the state matrix; it cyclically shifts the bytes in

    each row by a certain offset. For MAES, the first & third

    rows

    Fig8.a. Shift Rows Operation if S [0, 0] is ODD

    gcd( , ) s a t b a b + =

  • 8/6/2019 Paper on Image Security

    7/8

    i.e Row0 & Row 2 are unchanged & each byte of Row1

    is shifted one to left. Similarly, the Row3 is shifted three

    to the left respectively as shown in Fig8.a.

    Step 3: If it is even, the Shift rows step operates on the

    rows of the stage; it cyclically shifts the bytes in each

    row by a certain offset. The first & fourth i.e. Row0 &

    Row3 are unchanged and each byte of Row1 is shiftedthree to the right. Similarly, the Row2 is shifted by two

    respectively on to the right as shown in Fig8.b. With this

    modification in the algorithm required level of security

    can be achieved.

    Fig8.b. Shift Rows Operation if S [0, 0] is EVEN

    VI. EXPERIMENTAL RESULTS

    Results of some experiments are given to prove its

    efficiency of application to digital images. We use

    several images as the original images (plain images).

    The encrypted image of Micky image depicted in Figs.9a and 9b. The ciphered image in fig9 is because of the

    application of regular AES algorithm. As shown, the

    encrypted image (cipher image) region is totally visible

    which shows that the ciphered image is under bruteforce

    attack. The application of the Modified AES on the same

    image solves this problem and the encrypted as well as

    decrypted images are shown in Figs. 10a, 10b & 10c.

    The visual inspection of Fig10 shows the possibility ofapplying the proposed MAES successfully in both

    encryption and decryption. Also, it reveals itseffectiveness in hiding the information contained in

    them.

    a) Original image b) Encrypted image

    Fig. 9 Application of the AES algorithm to Mickey plain

    image

    a) Original image b) Encrypted c) Decrypted

    Fig.10 Application of the MAES algorithm to Mickey

    plain image/cipher image

    VII. CONCLUSION

    In this paper a modified version of AES, namely MAES,

    is proposed. The modification is done by adjustingShiftRow phase. The proposed cryptosystem does not

    require any additional operations rather than the original

    AES. We have shown that MAES gives better

    encryption results interms of security against statistical

    attacks. The secutiy level can be further increased byselecting a simple valid modification in the modules

    existing. As an example the dynamic S-Box selection for

    key genertion and Subbyte modulE operation.

  • 8/6/2019 Paper on Image Security

    8/8

    VIII. REFRENCES

    [1] J. Daemen and R.Rijmen, AES Proposal:Rijndael, version 2, 1999.http://www.esat.kuleuven.ac.be/~rijmen/rijnd

    ael.[2] Advanced Encryption Standard(AES),Federal Information Processing StandardsPublication 197, November 26, 2001.[3] A. J. Elbirt, W. Yip, B. Chetwynd, andC.Paar, An FPGA Implementation andPerformance Evaluation of the AES BlockCipher Candidate Algorithm Finalist,The Third AES Conference (AES3), New York,April 2000.http://csrc.nist.gov/encryption/aes/round2/conf3/aes3papers.html.[4]V. Rijmen, Efficient Implementation ofRijndael S-box, http://www.esat.kuleuven.ac.be/~rijmen/rijndael .[5] J. Daemen and R.Rijmen, Rijndael: TheAdvanced Encryption Standard, Dr. Dobbs

    Journal, pp. 137139, March 2001.[6] B. Schneier, Applied Cryptography: Protocols,

    Algorithms and Source Code in C. John Wiley and Sons,

    1996.[7] Federal Information Processing Standards

    Publication (FIPS 197), "Advanced Encryption Standard

    (AES) ", 26 Nov. 2001

    [8] J.J. Amador, R. W.Green Symmetric-Key Block

    Cipher for Image and Text Cryptography: International

    Journal of Imaging Systems and Technology, No. 3,

    2005, pp. 178-188.

    http://www.esat.kuleuven.ac.be/~rijmen/rijndael.http://www.esat.kuleuven.ac.be/~rijmen/rijndael.http://csrc.nist.gov/encryption/aes/round2/conf3/aes3papers.htmlhttp://csrc.nist.gov/encryption/aes/round2/conf3/aes3papers.htmlhttp://www.esat.kuleuven.ac.be/~rijmen/rijndaelhttp://www.esat.kuleuven.ac.be/~rijmen/rijndael.http://www.esat.kuleuven.ac.be/~rijmen/rijndael.http://csrc.nist.gov/encryption/aes/round2/conf3/aes3papers.htmlhttp://csrc.nist.gov/encryption/aes/round2/conf3/aes3papers.htmlhttp://www.esat.kuleuven.ac.be/~rijmen/rijndael