Security analysis of an audio data encryption scheme based on key chaining and DNA encoding
📝 Abstract
Fairly recently, a new encryption scheme for audio data encryption has been proposed by Naskar, P.K., et al. The cryptosystem is based on substitution-permutation encryption structure using DNA encoding at the substitution stage, in which the key generation is based on a key chaining algorithm that generates new key block for every plain block using a logistic chaotic map. After some several statistical tests done by the authors of the scheme, they claimed that their cryptosystem is robust and can resist conventional cryptanalysis attacks. Negatively, in this paper we show the opposite: the scheme is extremely weak against chosen ciphertext and plaintext attacks thus only two chosen plaintexts of 32 byte size are sufficient to recover the equivalent key used for encryption. The cryptosystem’s shuffling process design is vulnerable which allow us recovering the unknown original plaintext by applying repeated encryptions. Our study proves that the scheme is extremely weak and should not be used for any information security or cryptographic concern. Lessons learned from this cryptanalytic paper are then outlined in order to be considered in further designs and proposals.
💡 Analysis
Fairly recently, a new encryption scheme for audio data encryption has been proposed by Naskar, P.K., et al. The cryptosystem is based on substitution-permutation encryption structure using DNA encoding at the substitution stage, in which the key generation is based on a key chaining algorithm that generates new key block for every plain block using a logistic chaotic map. After some several statistical tests done by the authors of the scheme, they claimed that their cryptosystem is robust and can resist conventional cryptanalysis attacks. Negatively, in this paper we show the opposite: the scheme is extremely weak against chosen ciphertext and plaintext attacks thus only two chosen plaintexts of 32 byte size are sufficient to recover the equivalent key used for encryption. The cryptosystem’s shuffling process design is vulnerable which allow us recovering the unknown original plaintext by applying repeated encryptions. Our study proves that the scheme is extremely weak and should not be used for any information security or cryptographic concern. Lessons learned from this cryptanalytic paper are then outlined in order to be considered in further designs and proposals.
📄 Content
1 | P a g e
Security analysis of an audio data encryption scheme
based on key chaining and DNA encoding
Imad El Hanouti1 · Hakim El Fadili1
Abstract Fairly recently, a new encryption scheme for audio data encryption has been proposed in [Naskar, P.K., et al. Multimed Tools Appl (2019) 78: 25019. https://doi.org/10.1007/s11042-019-7696-z]. The cryptosystem is based on substitution-permutation encryption structure using DNA encoding at the substitution stage, in which the key generation is based on a key chaining algorithm that generates new key block for every plain block using a logistic chaotic map. After some several statistical tests done by the authors of the scheme, they claimed that their cryptosystem is robust and can resist conventional cryptanalysis attacks. Negatively, in this paper we show the opposite: the scheme is extremely weak against chosen ciphertext and plaintext attacks thus only two chosen plaintexts of 32 byte size are sufficient to recover the equivalent key used for encryption. The cryptosystem’s shuffling process design is vulnerable which allow us recovering the unknown original plaintext by applying repeated encryptions. Our study proves that the scheme is extremely weak and should not be used for any information security or cryptographic concern. Lessons learned from this cryptanalytic paper are then outlined in order to be considered in further designs and proposals.
Keywords: Cryptanalysis, Audio data security, Chosen plaintext attack, Cycle attack, DNA encoding, Logistic map, Key chaining
Introduction Due to some intrinsic characteristics of multimedia data (videos, audios…) [1], including bulk data size, strong correlation between uncompressed neighbor data-units, high presence in real-time systems and the necessity for fast processing and transmission [2-3]. Multimedia data processing and transmission has become a challenging area of research in order to convoy modern applications requirements [4]. Information security and data privacy constitutes a crucial requirement in modern network applications and data transmission. Public networks are threatened by several cyber-attacks due to the high and random accessibility to computer networks. Multimedia data security as any data type security is one of the most important process to handle before establishing any information transfer over public networks. The necessity for fast multimedia processing applications that responds to real-time requirements makes multimedia application development a hot topic in recent research arena [5-9].
1 I. El Hanouti (⊠) · H. El Fadili Computer Science and Interdisciplinary Physics Laboratory (LIPI), National School of Applied Sciences, SMBA University, Fez, Morocco Email : imad.elhanouti@usmba.ac.ma 2 | P a g e
Cryptography and cryptographic protocols [10] make one basic layer for any data type security, cryptography is the art of designing highly secure systems that aims to convert original data from a readable state to an unrecognizable form except for entities that own the secret key. Conventional cryptosystems has been shown in some related works to be insufficient to respond to all mentioned requirements [11]. That’s why designing new cryptosystems with high security and fast processing time has become a primordial issue since the beginning of our current century [12-15]. Two of the most relevant requirements in modern cryptography are confusion and diffusion depicted by C. Shannon in his paper “Communication Theory of Secrecy Systems” in 1949 [16]. Confusion refers to making the relationship between the key and the ciphertext as complex as possible while diffusion refers to the property that the redundancy in the statistics of the plaintext is dissipated in the statistics of the ciphertext. It has been observed that chaos theory exhibits similar proprieties as confusion and diffusion in cryptology theory [17]. Chaos theory is a branch of mathematics studying the strange behaviors of dynamic systems and chaotic attractors that has two main characteristics [17]: the sensitivity to initial conditions (small changes in initial conditions leads to significantly great changes in the orbit of the strange attractor), and ergodicity. Chaos theory has been widely used in designing new cryptosystems [5-8,13-15]. Nevertheless, the security level claimed by authors of each proposal is still in doubt until carrying out a sound cryptanalytic study on their design [20]. Some of them have been already cryptanalyzed in subsequent works [18-19]. As a result, many recommendations and guidelines have been proposed to assess some basic level of security in new works [17,21]. From multimedia to big data, the need for huge and complex calculation capacity and storage space pushes researchers to look up for other computing capabilities [22] and environments that meet all requi
This content is AI-processed based on ArXiv data.