Upload
kishorevennela
View
218
Download
0
Embed Size (px)
Citation preview
8/6/2019 Paper on Image Security
1/8
IMAGE SECURITY USING MODIFIED ADVANCED ENCRYPTION
STANDARD ALGORITHM (MAES)
Kishore.V N.Umamaheswara Rao
Dept. of ECE, Professor, Dept. of ECE,
Vardhaman College of Engineering Vardhaman College of [email protected] [email protected]
Abstract
Security in transmission storage of digital images has
its importance in today's image communications and
confidential video conferencing. Advanced
Encryption Standard (AES) is a well known block
cipher that has several advantages in data
encryption. However, it is not suitable for real-time
applications. In this paper, we present a modification
to the Advanced Encryption Standard (MAES) to
reflect a high level security and better image
encryption. The modification is done by adjusting theShiftRow phase. Experimental results verify and
prove that the proposed modification to image
cryptosystem is highly secure from the cryptographic
viewpoint. The results also prove that with a
comparison to original AES encryption algorithm the
modified algorithm (MAES) gives better encryption
results in terms of security against statistical attacks.
Keywords:
AES, MAES, image encryption, security analysis
I. INTRODUCTION
Extensive research has been done in the areas of
improving encryption standards, providing betterhardware as well as software architecture for
implementing security and keeping the cost sensitivity,
low disk space and the energy constraints in check. This
can be implemented using hardware and software. The
advantages of software implementation are portability
and flexibility but it offers only limited physical security,
especially with respect to key storage and speed. When
data is integrated in the design, the hardwareimplementation is more physically secure and performs
in a high speed but has a limited flexibility. The Data
Encryption Standard (DES) which was used earlier for
data encryption is being replaced with Advanced
Encryption Standard (AES), because DES uses only a
very small 56 bit key length. The longer the key length,
the more secure is the key. Using larger key lengthmakes more possible keys to search, which makes the
algorithm to be more secure. AES has larger key length
and has been efficiently implemented both in hardware
and software. The National Institute of Standards and
Technology (NIST) on January 2, 1997 invited proposals
for new algorithms for the AES, where both hardwareand software performance measures were also included
in their efficiency testing. In October 2000, NIST had
chosen Rijndael as the Advanced Encryption Algorithm
which was designed by Joan Daemen and Vincent
Rijmen. This project primarily focuses on AES
encryption algorithm of key length 128 bit, briefs itsarchitecture, and evaluates the performance of the
algorithm using software models with slightmodifications to improve the security level.
II. AES ALGORITHM
AES algorithm can be operated in four modes,Electronic Code Block mode (ECB), Cipher Block chain
mode (CBC), Cipher feedback (CFB), Output Feedback
(OFB). In ECB mode, data block is directly encrypted to
form the cipher text and other three modes belong tofeedback. ECB mode can be achieved with high speed as
it can simultaneously process multiple blocks. Based on
this looping structure, the following architecture options
were investigated so as to yield optimization of AESalgorithm as iterative looping.
The Rijndael AES algorithm uses a symmetric key block
cipher both in encryption and decryption. At the start of
encryption, input is copied to the State array. State array
is nothing but a 4 x 4 matrix of bytes. The encryption
algorithm encrypts one block of data at a time to produce
the encrypted data block with the use of a secret key.
The decryption is simply the reverse of the encryption,and each operation is the inverse of the corresponding
one in encryption. The data block length is fixed to 128
bits, while the key length can be 128, 192, or 256 bits.
Each data block is rearranged in a matrix form. AES
algorithm is an iterative algorithm and each iteration is
called a round. The number of bytes in a row of key
length is given by equation
8/6/2019 Paper on Image Security
2/8
8r
LNB
=
where, N is the number of bytes, L is the block length inbits, and Br is the number of rows in a state array matrix.
Each round is iterated 10 times for a 128-bit length key,
12 times for a 192-bit key and 14 times for 256 bit key
with 4,6 and 8 bytes in a row of key lengths respectively.Each round uses four transformations and inverses but
finalround excludes MixColumn transformations.
The flow of the AES encryption process is given with
Figure 1 in which the there will be existence of
variability in the round elements based on the round
number Nr. The value of the number of rounds willdecide the required key length which in turn increases
the security as well as the complexity.
Figure1. Flowchart of AES Encryption
A. AES structure:
AES is an iterated block cipher where it repeats set of
transformations called a round transformation :
AES (State,CipherKey)
{
KeyExpansion(CipherKey,ExpandedKey);
AddRoundKey(State,ExpandedKey[0]);
For(i=1;i< ;i++)
Round (State,ExpandedKey[i]);
FinalRound (State,ExpandedKey[ ]);
}
The round transformation is consisting of four different
transformations:i) The ShiftRow transformation: the rows of the State are
cyclically shifted over different offsets.
ii) The MixColumn transformation: the columns of the
State are considered as polynomials over GF (28) and
multiplied modulo x4 +1 with fixed polynomial c( x ).
iii) The Round Key addition: a Round Key is applied to
the State by a simple bitwise XOR.iv) The ByteSub transformation: is a non-linear byte
substitution, operating on each of the State bytesindependently depending on substitution table (or S-box)
which is invertible and is constructed by the composition
of two transformations:
a) First, taking the multiplicative inverse in GF(28).
b) Then, applying an affine (over GF(2) ) transformation.
A round can be represented as follows:Round(State , ExpandedKey[i])
{
SubBytes(State);
ShiftRows(State);
MixColumns(State);
AddRoundKey(State,ExpandedKey[i]);
}
The final round of the cipher is slightly different asbelow which misses the MixColumns stage:
Round(State,ExpandedKey[ ]){
SubBytes(State);
ShiftRows(State);
AddRoundKey(State,ExpandedKey[ ]);
}
III.DATA UNIT AND BLOCKS SPECIFICATION
The data to be encrypted is represented as matrix of bytes called State Matrix. The AES process will be
initiated & each matrix value is byte valued. After the
representation of the input data as a matrix the individual
column elements form WORD which is of value 4 bytes.
This word representation will be very helpful whilegoing for the key generation which is essential for
symetric cryptography.
A. AddRoundKey
8/6/2019 Paper on Image Security
3/8
During each round of an AES process, a separate 128-bit
round key is used. The round keys are derived from the
cipherkey using a key expansion routine. The
AddRoundKey operation is a simple bit-by-bit XOR
operation between the state and the round key. An AES process requires a total of Nr+1 AddRoundKey
operations, as an additional 'initial' AddRoundKeyoperation is performed prior to the round operations. For
an AES encryption process this initial AddRoundKey
operation XORs the plaintext with the cipherkey. There
is a need for an additional AddRoundKey operation
during an AES process, as there are Nr rounds and Nr+1
subkeys.
B. SubBytes and InvSubBytes
The Substitution mechanism in AES is done for each
byte & only one table is used for every byte, which
means that if two bytes are same, their transformation is
also same. The transformation is defined by either a tablelook-up process or mathematical calculation in theGF(28) field. The substitution box for SubBytes
transformation is derived from GF(28) field by taking
predefined irreducable polynomial ( polynomial which
will have no factors). The contents of the state box are
substituted with reference to the SubBytes
transformation table as shown in Fig.2.
Fig2. SubByte Transformation
The irreducible polynomial to derive the elements of the
substitution table by GF(28) field defined as X8 + X4 +X3
+ X +1 and as steps the process is discribed for
SubByte process.
Finding the Multiplicative Invers of the Byte
value.
Byte to Matrix conversion.
Matrix multiplication with constant square
matrix X
Matrix Addition of above result with the
column matrix y, which cosists the initial value for
combination 00, the 1X1 element in subByte
transformation table.
Ex: 63, the 1X1 element
Matrix to byte conversion.
For the InvSubBytes process steps will be carries in
reverse manner with inverse value of the
constant matrix X. by modifying 1X1 elementor the constant matrix, the respective table byte
value will changes. This gives more security ina simple manner for the entire AES process.
C. ShiftRows and InvShiftRows
The Shift Rows operation changes the order of bytes in
each row of the state. The Row0 is not affected by this transformation. The second row i.e
Row1 is shifted cyclically to left by one byte,
the Row2 by two and the Row3 by three bytes
as seen in Figure3. The inverse operationInvShiftRows is quite similar in style, with
only the cyclic shifts made to the right.
Fig. 3. Shift and inverse Shift row transformation
D. MixColumns and InvMixColumns
MixColumns is a 32-bit operation that transforms four
bytes of each column in the state. The new bytes of the
column Sr,c are obtained by the given constant matrix
multiplication in GF(28). If the polynomial
representation of binary numbers is used, themultiplication process is carried as shown in Fig.4.
where Snc (n=0 to 3) represent the original byte column
8/6/2019 Paper on Image Security
4/8
in the state matrix and Snc(n=0 to 3) represent
corresponding modified state matrix column values.
Fig.4. Mix Columns Representation
E. Key Generation:
The key expansion routine is used to generate the
roundkeys from the cipherkey. The AES standard
defines the key expansion operations on four byte wordscalled wi. A subkey is composed of four such words. The
key expansion for AES-128 is relatively straightforward:
1. The first subkey (w3, w2, w1, w0) corresponds to the
cipher key itself.
2. The following words wi are calculated recursively
from this initial set of words using a simple XORfunction: for all values of i that are not multiples of 4 i.e.
if (I mod 4) 0 then W i = W i-1 xor W i-4
3. For the words with indices that are a multiple of 4
(w4k), a special transformation is used. First, the byte
ordering of w4k-1 is changed by cyclic left shift, and then
the SubBytes function is applied to all four bytes. In theAES standard these operations are named RotWord and
SubWord respectively. The result is XOR'ed with W i-4and a round constant Rconi/4 applied within a constantt.
If (I mod 4) =0, W I = t xor W i-4 , Here t is a
temporary word is a result of applying mentioned two
routines, SubWord & RotWord on Wi-1 & XORing the
result with a Round Constants Rcon. The final value of
the temporary wordt is given to be:
T=SubWord (RotWord (W i-1)) xor Rcon i/4
For AES-128 version with 10 rounds there are total 44
Words and as a schematic the key expansion can be
shown in Fig.5. As in the figure the original key is of
16bytes i.e. 128 bit in length from which round key are
generated. Where ti temporary words for i=4 Nr, where
Nr is Number of rounds, i is round value and is carried
as shown in Fig6.
Fig5. Key Expansion
Fig.6. Temporary word generation
F.Temporary word generation:
The temporary word plays a vital role in the key
expansion process and strong cryptographic nature isachieved by means of proper temporary word generation.
Even though the generation seems new but includes the
concepts of Sub Bytes and shifts. As a whole the process
includes Round constants which in turn depend on
Galois field used. The field GF(28) defines an irreducible
polynomial in order to generate the S-Box elements
which is going to be discussed in following sections.
Basically the temporary word t generation involves
three sub routines:
RotWord: The RotWord (rotate word) routine is similar
to Shift Rows transformation, but only applies to one
row. It takes 4 byte word array at a time and shifts each
byte to the left with wrapping.
SubWord: The SubWord (substitution word) routine is
similar to Sub Bytes transformation, but it is applied
only for four bytes. The routine takes each byte in theword and substitutes another byte for it.
8/6/2019 Paper on Image Security
5/8
Round Constants: Each Round Constant, RCon, is a 4-
byte value in which right most three bytes are always
zero.The generation of these Round Constant values can
be understandable by means of GF (28) to calculate the
leftmost byte dynamically as given in the followingexample. Consider case of generation of Round Constant
for the round 9. For this we need to carry the modulodivision operation on x9-1 = x8 with the irreducible prime
x8+x4+x3+x+1. i.e.
IV. SUBSTITUTION BOX DESIGN
The s-box design shows how much the algorithm is
cryptographically strong and how the encryptions of data
(which can be text or image) have level of security.Changing the initial value i.e. 1st row and 1st column
corresponding element, changes entire elements in thestate box. In AES, the initial value is taken to be 63.
A. State matrix representation:
In this section let us see how a 16 character block can be
shown as a 4X4 matrix. Assume that the text block is
AES uses a matrix. We add two extra characters at the
end to complete the 16 elements required to fill the state
matrix. The result will be AESUSESMATRIXZZ.
Now replace each character with an integer between 00and 25. Then we represent each byte as an integer with
two hexadecimal digits. For example S is changed to
18 and its corresponding hex equivalent is 1216. The state
matrix is filled up column by column as shown in Fig.7
Fig.7. Changing text to hexadecimal and to state matrix
B. Transformation using GF (28) Field
The byte substitution process either by SubBytes or a
mathematical calculation in the GF(28) field is used at
the encryption site. In SubBytes to substitute a byte, we
interpret the byte as two hexadecimal digits as
mentioned earlier. The left digit defines the row and
right digit defines column of the substitution table.
Although we can use substitution table to findsubstitution for each byte, AES also defines the
transformation algebraically using the GF(28) field with
irreducible polynomials x8+x4+x3+x+1.
The SubBytes transformation repeats a routine called
subbyte, sixteen times, in which multiplicative inverse ofthe byte is found in GF(28) with irreducible polynomial
as the modulus. Note that if the byte is 00 16 its inverse is
itself. The inverted byte is then interpreted as a column
matrix with the least significant bit at the top and most
significant bit at the bottom. this column matrix ismultiplied by a constant square matrix, X, and the result,
which is a column matrix. This is added with a constant
column matrix, y, to give a new byte. note that
multiplication and addition are done in GF(2). The
invsubbyte is doing the same thing in reverse order.
In encryption, multiplication is first and addition is
second; In the decryption, subtraction (addition by
inverse) is first and division (multiplication by inverse)
is second. Let us show how the byte 0C is transformed
to FE by subbyte routine and transformed back to 0C bythe invsubbyte routine.
subbyte:
a. The multiplicative inverse of 0C in GF(28) fieldis B0 i.e. 10110000
b. Multiplying matrix X by this matrix results incolumn matrix [c0 c1 c7]
c. The result of XOR operation with initialelement 63 (0110 0011) arranging byte in sucha way that MSB on the top and LSB at bottom.
The result is FE in hexadecimal.
invsubbyte:
a. The result of XOR operation will be columnmatrix
4 3
161 00011011 (1 ) x x x B= + + + = =
8 8 8 4 3mod mod( 1) x prime x x x x x= + + + +
8/6/2019 Paper on Image Security
6/8
b. The result will be multiplied with matrix X-1 andyields to value B0
c. The multiplicative inverse of B0 is 0C
C. Multiplicative Inverse
Bytes which are to be transformed to new bytes by
means of GF(28) use Extended Euclidian algorithm tofind the multiplicative inverse of the byte value. From
the definition, two numbers a and b are the multiplicative
inverse to each other if
a x b 1(mod n)
For example, if the modulus is 10, then the
multiplicative inverse of 3 is 7. In other words, we have(3x7) mod 10 =1.
In a set of least residue modulo n represented by Zn, we
can prove that a has multiplicative inverse in Zn if and
only if gcd(n,a)=1. In this case, a and n are said to be
relatively primes.
D. Extended Euclidian algorithm:
Given two integers a and b, we often need to find othertwo integers, s and t, such that
Extended Euclidian algorithm can calculate the gcd (a,b)and at the same time calculate the values of s and t. The
algorithm flow can be depicted based upon pseudo code
in which the algorithm uses three sets of variables, rs,
ss and ts . In each step r1, r2 and r have the same
values. The variables r1 and r2 are initialized to values a
and b, respectively. The values of the variables s1 and s2
are initialized to 1 and 0 respectively. The variables t1
and t2 are initialized to 0 and 1 respectively. Thecalculations of r,s and t are similar with one warning.
Although r is the remainder of dividing r1 by r2, there is
no such relationship between the other two sets. There is
only one quotient, q, which is calculated as r1/r2 and
used for other two calculations.
V. PRINCIPLES OF THE PROPOSED ALGORITHM
In the process of image security using AES
cryptographic method, there exist some challenging
issues viz. statistical and brute force attacks, memory
space requirements and execution speed. To improve the
efficiency of the algorithm in the view of security as wellas not affecting the speed and the memory space
requirements various modifications are carried. Themajor modifications are at the modules the substitution
box (S-BOX) design which is required at Sub Bytes
stage, choosing some other constant matrix at the stage
of matrix multiplication and shift row processing stage.
Among all these stage modifications in shift row
transformation is effective in the sense of fast executionand complexity when compared to the modifications that
are carried with other modules. Even though the
modifications in other modules rather than shift rows
give reasonable performance, they lag at the point of
memory requirements and circuit complexity.
A. Modified AES
In regular AES algorithms shift row transformation
stage, the bytes in the last three rows shifted over 1, 2 &
3 respectively. In the case of MAES, the modified
version of Advanced Encryption Standard, followingprocedure is followed for transformation.
Step 1: Examine the value of the first Row & first
Column, State [0][0] value is even or odd.
Step 2: If it is odd, The Shift Rows step operates on the
rows of the state matrix; it cyclically shifts the bytes in
each row by a certain offset. For MAES, the first & third
rows
Fig8.a. Shift Rows Operation if S [0, 0] is ODD
gcd( , ) s a t b a b + =
8/6/2019 Paper on Image Security
7/8
i.e Row0 & Row 2 are unchanged & each byte of Row1
is shifted one to left. Similarly, the Row3 is shifted three
to the left respectively as shown in Fig8.a.
Step 3: If it is even, the Shift rows step operates on the
rows of the stage; it cyclically shifts the bytes in each
row by a certain offset. The first & fourth i.e. Row0 &
Row3 are unchanged and each byte of Row1 is shiftedthree to the right. Similarly, the Row2 is shifted by two
respectively on to the right as shown in Fig8.b. With this
modification in the algorithm required level of security
can be achieved.
Fig8.b. Shift Rows Operation if S [0, 0] is EVEN
VI. EXPERIMENTAL RESULTS
Results of some experiments are given to prove its
efficiency of application to digital images. We use
several images as the original images (plain images).
The encrypted image of Micky image depicted in Figs.9a and 9b. The ciphered image in fig9 is because of the
application of regular AES algorithm. As shown, the
encrypted image (cipher image) region is totally visible
which shows that the ciphered image is under bruteforce
attack. The application of the Modified AES on the same
image solves this problem and the encrypted as well as
decrypted images are shown in Figs. 10a, 10b & 10c.
The visual inspection of Fig10 shows the possibility ofapplying the proposed MAES successfully in both
encryption and decryption. Also, it reveals itseffectiveness in hiding the information contained in
them.
a) Original image b) Encrypted image
Fig. 9 Application of the AES algorithm to Mickey plain
image
a) Original image b) Encrypted c) Decrypted
Fig.10 Application of the MAES algorithm to Mickey
plain image/cipher image
VII. CONCLUSION
In this paper a modified version of AES, namely MAES,
is proposed. The modification is done by adjustingShiftRow phase. The proposed cryptosystem does not
require any additional operations rather than the original
AES. We have shown that MAES gives better
encryption results interms of security against statistical
attacks. The secutiy level can be further increased byselecting a simple valid modification in the modules
existing. As an example the dynamic S-Box selection for
key genertion and Subbyte modulE operation.
8/6/2019 Paper on Image Security
8/8
VIII. REFRENCES
[1] J. Daemen and R.Rijmen, AES Proposal:Rijndael, version 2, 1999.http://www.esat.kuleuven.ac.be/~rijmen/rijnd
ael.[2] Advanced Encryption Standard(AES),Federal Information Processing StandardsPublication 197, November 26, 2001.[3] A. J. Elbirt, W. Yip, B. Chetwynd, andC.Paar, An FPGA Implementation andPerformance Evaluation of the AES BlockCipher Candidate Algorithm Finalist,The Third AES Conference (AES3), New York,April 2000.http://csrc.nist.gov/encryption/aes/round2/conf3/aes3papers.html.[4]V. Rijmen, Efficient Implementation ofRijndael S-box, http://www.esat.kuleuven.ac.be/~rijmen/rijndael .[5] J. Daemen and R.Rijmen, Rijndael: TheAdvanced Encryption Standard, Dr. Dobbs
Journal, pp. 137139, March 2001.[6] B. Schneier, Applied Cryptography: Protocols,
Algorithms and Source Code in C. John Wiley and Sons,
1996.[7] Federal Information Processing Standards
Publication (FIPS 197), "Advanced Encryption Standard
(AES) ", 26 Nov. 2001
[8] J.J. Amador, R. W.Green Symmetric-Key Block
Cipher for Image and Text Cryptography: International
Journal of Imaging Systems and Technology, No. 3,
2005, pp. 178-188.
http://www.esat.kuleuven.ac.be/~rijmen/rijndael.http://www.esat.kuleuven.ac.be/~rijmen/rijndael.http://csrc.nist.gov/encryption/aes/round2/conf3/aes3papers.htmlhttp://csrc.nist.gov/encryption/aes/round2/conf3/aes3papers.htmlhttp://www.esat.kuleuven.ac.be/~rijmen/rijndaelhttp://www.esat.kuleuven.ac.be/~rijmen/rijndael.http://www.esat.kuleuven.ac.be/~rijmen/rijndael.http://csrc.nist.gov/encryption/aes/round2/conf3/aes3papers.htmlhttp://csrc.nist.gov/encryption/aes/round2/conf3/aes3papers.htmlhttp://www.esat.kuleuven.ac.be/~rijmen/rijndael