Survey on Efficient, Low- power, AES Image Encryption and Bio ...

6 downloads 1916 Views 552KB Size Report
The AES algorithm is very difficult to crack and is well suitable to security service applications. ... S-Box is based on the Galois Field (GF), GF(28), and is constructed by performing two .... by a method of resource sharing and using the hierarchical power management ... Whenever the AES processor is not in use, FSM.
Smart Computing Review, vol. 2, no. 6, December 2012

379

Smart Computing Review

Survey on Efficient, Lowpower, AES Image Encryption and Biocryptography Schemes S. Sridevi Sathya Priya1, P. KarthigaiKumar1, N.M. Siva Mangai1, and P.T. Vanathi2 1

Department of Electronics and Communication Engineering, Karunya University / Coimbatore, Tamilnadu, India / [email protected], [email protected] 2

Department of Electronics and Communication Engineering, PSG College of Technology / Coimbatore, Tamilnadu, India

*Corresponding authors: S. SridevisathyaPriya and P. Karthigaikumar Received September 8, 2012; Revised November 17, 2012; Accepted November 24, 2012; Published December 31, 2012

Abstract: Data protection from attackers has become essential now-a-days. This protection can be achieved using encryption. There are many encryption standards available. There are different techniques available to achieve high speed and low power, and to increase security. This paper focuses mainly on the different methods of encryption techniques that are available and presents a comparative survey of all the implementation techniques. It also provides information about the various methods for image encryption and bio-cryptography. Keywords: Low Power, AES, Bio-Cryptography, Image Encryption and Decryption

Introduction

E

ncryption is the process of encoding information so it cannot be read by hackers. The information is encrypted using algorithms and is converted into unreadable form, called cipher text. The authorized person will decode the information using decryption algorithms, which are basically divided into three types, namely symmetric cryptography (using 1 key for encryption/decryption), asymmetric cryptography (using 2 different keys for encryption/decryption), and cryptographic hash functions using no keys (the key is not a separate input but is mixed with the data). The CPU cycles needed for symmetric encryption are fewer than for asymmetric encryption. So symmetric algorithms are faster than asymmetric algorithms. Advanced Encryption Standard (AES), Data Encryption Standard (DES), TripleDES, Rivest Cipher (RC2), Rivest Cipher (RC6), and Blowfish are some of the symmetric algorithms. Remote DOI: 10.6029/smartcr.2012.06.001

Sridevi et al.: Survey on Efficient, Low-power, AES Image Encryption and Bio-cryptography Schemes

380

Secure Access is an asymmetric algorithm. Table 1 shows a comparison of various cryptography symmetric algorithms in terms of network, round of operation, block size, and key size. The AES algorithm is very difficult to crack and is well suitable to security service applications. It is designed in a way that has better resistance against existing attacks. AES has more elegant mathematical formulas behind it and requires only one pass to encrypt data [2]. It has very low memory requirements [3], so it is particularly well-suited to embedded applications such as smart cards. The AES algorithm consists of a 128-block length and supports key lengths of 128, 192, and 256 bits. The AES algorithm has three units: encryption, decryption, and key expansion. Table 1. Comparison of various symmetric algorithms Algorithm

Network

Round of operation

Block size

Key size

Created by

Year

AES

SubstitutionPermutation Network

10,12 or 14 round of operation

128 bits

128 bits, 192 bits, 256 bits

Joan Daemen & Vincent Rijmen

1998

Twofish

Feistel Network

16 rounds of operation

128 bits

Bruce Schneier

1993

Blowfish

Feistel Network

16 rounds of operation

128 bits.

Bruce Schneier

1993

RC4

Steam algorithm structure

16 Mixing 2 Mashing rounds

variable block size

variable key size

Ron Rivest

1987

64 bits

64 bits

Ron Rivest

1987

64 bits

112 bits or 168 bits

IBM

1978

RC2

Source-Heavy Feistel Network

Triple DES

Feistel Network

16 Mixing 2 Mashing rounds 48 round of operation

128 bits, 192 bits, 256 bits 128 bits, 192 bits or 256 bits

AES is a symmetric, byte-oriented, iterated (each iteration is called a round) block cipher that can process data blocks of 128 bits (4 words) using keys with lengths of 128, 192, and 256 bits. AES is capable of processing additional block sizes (160, 192, and 244 bits) and key lengths (160 and 244 bits). The AES encryption process is shown in Figure 1. AES has many rounds of operation, and basically all these rounds are divided into three types: initial round, Nr-1 normal rounds, and final round. This algorithm starts with an initial round of state matrix followed by normal rounds. A normal round has four different steps: SubByte, ShiftRow, MixColumn and AddRoundKey; the final round is the same as a normal round except for the MixColumn step. SubBytes transformation is implemented using S-Box. S-Box is based on the Galois Field (GF), GF(28), and is constructed by performing two transformations, first taking a multiplicative inverse in GF(2 8) and then applying a standard affine transformation over GF(2 8). This can be implemented as a lookup table. In ShiftRows, rows of the state matrix are shifted. The MixColumn round operates on a 4-byte column and corresponds to multiplications and additions in GF(2 8). This transformation is simply performed by XORing the state with the round key. This paper discusses various AES algorithm architectures, and a comparison is made.

Methods for efficient implementation of AES on FPGA Advanced Encryption Standard (AES) has received significant interest over the past decade due to its performance and security level. Many hardware implementations have been proposed to improve its performance. A high-throughput AES processor is useful in many internet and embedded applications. In this section, a few methodologies to increase the throughput are discussed as a survey. Table 2 shows a comparison of various methods to efficiently implement the AES algorithm. In this table, various methods are compared. From this, we can say that the high throughput is achieved at the expense of area. The area can be minimized using Block Random Access Memory(BRAM) structure. Research by Hodjat and Verbauwhede achieved maximum throughput of 21.54 Gbps [6] by using loop unrolling and inner round and outer round pipelining. In this implementation, ShiftRow, Mixcolumn, and key addition arithmetic are combined in one pipeline stage for each round. Pipeline registers are used in the byte substitution phase to reduce the delay. Zhang and Parhi presented a high-speed AES implementation [7] using combinational logic that eliminates the delay due to lookup tables, and subpipelining can be used to increase speed. Also the area can be decreased by using composite

Smart Computing Review, vol. 2, no. 6, December 2012

381

field arithmetic. Using the above modifications in the architecture, 21.56 Gbps of throughput can be achieved in nonfeedback modes.

Cipher Key

Plaintext (128 bits)

Round Key (0)

ShiftRows

MixColumn

Final Round

Round Key (i)

SubBytes

Key Expansion Unit

Round for i=0 to Nr-1

SubBytes

ShiftRows Round Key (Nr)

Ciphertext (128 bits)

Figure 1. AES encryption process block diagram. Good and Benaissa presented two designs in Pipelined AES on Field-Programmable Gate Array (FPGA) with support of feedback modes [8]. The design achieved throughput of 30 Gbps using a Xilinx Spartan-III, and supports either encipher or decipher. It uses two cascaded Look Up Tables (LUTs) between each pipeline cut and produces higher throughput at the expense of area. The second design achieves throughput of 28 Gbps using a Xilinx Virtex-II and supports both encipher or decipher. To achieve this, a pipelined key expander is developed with modifications in MixColumns and composite field implementation of the SubByte operations. High speed and area-efficient hardware implementation of the AES-128 encryption standard proposed by Brokalakis et al., [9] using combined data load and execution of the initial round of the encryption algorithm, reduces by one the number of rounds required. Usage of offline key expansion reduces the memory and power requirement. In addition, with inner round pipelining and through scheduling, high frequencies can be achieved. Huang et al. came up with a 32-bit data path implementation in a small Xilinx FPGA chip (Spartan-3 XC3S200) [10]. Using 148 slices, 11 BRAMs, a 647 Mbps implementation is obtained at a 287 MHz working frequency. S and M registers in the AES implementation are replaced by 4 BRAMs and S-Box invSbox that became a lookup table in two dual port BRAMs. Mixcolumn/InvMixcolumn are accomplished by three kinds of BRAM lookup tables. Key expansion is replaced by 4X32 BRAM. This usage of BRAMs reduces the slice to a very small number. Singh and Mehra researched an FPGA-based high-speed and area-efficient AES encryption for data security using a fully pipelined design. The operational frequency can be up to 347.6 MHz and the throughput can be up to 44.5 Gbits/s [11].

382

Sridevi et al.: Survey on Efficient, Low-power, AES Image Encryption and Bio-cryptography Schemes

Granado-Criado et al. implemented an AES algorithm using partial and dynamic reconfiguration. This technique combined the use of three hardware languages (Handel-C, Very High Speed Integrated Circuit Hardware Description Language (VHDL), and JBits with partial and dynamic reconfiguration, and a pipelined and parallel implementation. A very high throughput of 24.922 Gbps is achieved [12]. For achieving throughput, two different hardware description languages are employed. In order to join two different codes, the VHDL components are synthesized by means of the Xilinx Synthesis Technology (XST) tool Xilinx ISE 8.1i, and are referenced in Handel-C by means of interfaces. Pipelining and parallel processing are also used in the algorithm, and the same are executed in a pipelined way. Parallelism is used as much as possible. Partial and dynamic reconfiguration is used for calculating sub keys. Chodowiec and Gaj suggested an implementation of the AES algorithm using a compact FPGA architecture with a 128bit key. Encryption, decryption and key schedule are all implemented using few resources (only 222 slices and 3 block RAMs) [13]. This implementation can encrypt and decrypt data streams of 150 Mbps, which satisfies the needs of most embedded applications, including wireless communication. Specific features of Spartan II FPGAs enabling compact logic implementation are explored, and a new way of implementing MixColumn and InvMixcolumn transformations using shared logic resources is presented. Table 2. Comparison of various efficient implementation methods. FPGA device

slices

BRAMs

Technique used

ThroughPut (Gbps)

Clock Frequency (MHz)

Virtex II- Pro

5177

84

Fully pipelined

21.54

168.3

XCV800-6

9406

0

8.968

71.8

XCV812e-8

9406

0

11.685

93.5

XCV 1000-6

11014

0

15.65625

125.3

XCV1000e-8

11022

0

21.051

168.4

T. Good [8]

Xilinx SpartanIII

20720

-

30.11

240.9

T. Good [8]

Xilinx Virtex-II

31674

-

27.86

222.8

A. Brokalakis [9]

Xilinx Virtex-II

1122

8

1.9

159.2

Spartan-3 XC3S200

148

11

0.632

287

Xilinx Virtex 5

6352

48

44.5

347.6

24.92

68.2268

0.136

50

Author Alireza Hodjat [6] Xinmiao Zhang [7] Xinmiao Zhang [7] Xinmiao Zhang [7] Xinmiao Zhang [7]

Chi-Wu Huang [10] Gurmail Singh [11] Jose M. GranadoCriado [12]

XC2V6000-6

3576

80

Pawe Chodowiec [13]

Xilinx Spartan II XC2S30-5

222

3

Low Power AES Processor Design

Lookup and 3-stage sub pipelining Lookup and 3-stage sub pipelining Lookup and 7-stage subpipelining Lookup and 7-stage sub pipelining 2 LUTs per cut. Key change every 120 cycles 2 LUTs per cut. Pipelined used in key expander. Key change every cycle Combined data load and execution of initial round of the encryption algorithm. Offline key expansion and inner round pipelining and thorough scheduling Usage of BRAM and Lookup tables Fully pipelined Dynamic and partial reconfiguration, with pipeline, parallel processing Mixcolumn and InvMixcolumn transformations using shared logic resources

Smart Computing Review, vol. 2, no. 6, December 2012

383

In many embedded real-time applications, low-power circuits play a major role. So it is very important to focus on lowpower implementation. Table 3 shows the comparison of various low-power architectures in terms of technology used, power, throughput, and delay. Table 3. Comparison of various lowpower techniques. Author

Technique Used

Technolog y

Operating Voltage

Power Dissipation (mw)

ThroughPut (Gbps)

Delay (ns)

Frequency (MHz)

Xing JiPeng[14] Sumio Morioka[15] Sumio Morioka[15]

IDSE

0.25µm

1.8V

0.068

NA

2.92

10

PPRM

0.13µm

1.5V

0.029

NA

1.43

10

PPRM

0.18µm

1.8V

0.051

NA

1.86

10

Feng Ge[16]

ASRR

65nm

1.0V

22.7

5.78

NA

NA

Feng Ge[16]

LECE

65nm

1.0V

14.1

5.78

NA

NA

Feng Ge[16]

BSC

65nm

1.0V

24.6

5.78

NA

NA

Feng Ge[16]

ASRR+LECE+BSC

65nm

1.0V

14.4

5.78

NA

NA

Feng Ge[16]

LECE+BSC

65nm

1.0V

13.8

5.78

NA

NA

Li Zhen-rong [17] Liu Zhenglin[18]

Optimized AES coprocessor Low-power AES SBox

0.18µm

-

0.0691

0.0312

NA

125

0.25µm

-

0.14

NA

9.0

NA

Xing et al. presented an Ultra-Low Power S-Box Architecture for AES using a faster, more compact S-Box architecture of lower power [14]. This architecture is an improved, full-balance refined Decoder Switch Encoder (DSE) architecture denoted as Improved Decoder Switch Encoder (IDSE). It also achieves low power consumption. A four-stage encoder structure that has balanced signal paths to eliminate dynamic hazards and maximize the reusing ratio of the gates achieves low power. Power consumption is further reduced by decreasing the area of the gates. This low power is achieved by decreasing the internal power while maintaining the logic function of the decoder unit and three-stage full-balanced structure. To provide a low-power S-Box for a low-power AES architecture, Morioka and Satoh [15] used a multistage positive polarity Reed Muller form architecture over composite fields. In this architecture, the signal arrival times of the gates are as close as possible, if the depths of the gates‟ primary inputs are the same. The hazard transparent XOR gates, located after the other gates, may block hazards. In the complicated signal paths of the composite field, S-Boxes are simplified by converting some parts of the S-Box logic into two-level logic. This avoids creation and propagation of dynamic hazards. An ultra-low power and high-speed design and implementation of AES using three register transfer level (RTL) circuit techniques, Application Specific Register Reduction (ASRR), Locally Explicit Clock Enabling (LECE) and Bus Specific Clock (BSC) [16] was suggested by Ge et al. Using the ASRR concept number of registers, the key reverse buffer is reduced from 11 to 6 using multiplexers. LECE is used mainly in the key expansion unit and the key reverse buffer block of the decryption module of AES to find an optimal solution in terms of power. The BSC concept is used to find buses in the design that have low switching activity. Using the same concept, the clock signal is generated by detecting the changes to save power. They also compared all three concepts individually with combined techniques. From the result, we see that combining all three concepts will achieve considerably low power as well as low area without compromising throughput. A low-power and low-cost AES coprocessor for a Zigbee System-on-a-Chip (SoC) design using optimized architectures of SubBytes/ InvSubBytes and Mixcolumns/InvMixcolumns is discussed by Zhen-rong et al. [17]. The encryption and decryption procedures are integrated by a method of resource sharing and using the hierarchical power management strategy based on finite state machine (FSM) and clock gating (CG) technologies. In the implementation of SubBytes/InvSubBytes for realizing the S-Box, the composite field calculation method is used. In the implementation of Mixcolumn/InvMixcolumn, resource sharing is realized for both parallel and serial InvMixcolumns. To reduce power consumption due to clock signal, FSM is used to control the clock signal. Whenever the AES processor is not in use, FSM goes to an idle state so the clock signal can be turned off. Clock gating techniques are used to control the submodules, which use Enable signal. Enable signal is generated by the Power Management Unit.

384

Sridevi et al.: Survey on Efficient, Low-power, AES Image Encryption and Bio-cryptography Schemes

Zhenglin et al. researched a compact full-custom S-Box implementation with a low-power and DPA-resistant property [18]. The energy-efficient Pass Transmission Gate (PTG) and three-input exclusive-OR (XOR) gate based on a threetransistor XOR element were used to realize the functionality of the S-Box. The PTG-based latches are inserted, controlled by asynchronous latch controllers, in the data path to block propagation of dynamic hazards. Asynchronous design technology is used. And operation of the latches is controlled by an asynchronous controller adopting the four-phase singlerail handshake protocol.

Different methods for Image Encryption and Biocryptography Nowadays, most data are available in multimedia and image form, so it is necessary to protect those data. Image encryption is one of the methods to secure images. There are many methods for image encryption. An image will be provided as input and an encrypted image obtained as output. Even then, crackers will attempt different attacks, so it is necessary to increase security. Biometrics such as fingerprints, faces, irises, etc., are unique to individuals, so if they are used as keys, it will increase the security of the information. For this, biocryptography is used to increase security of the cryptosystem. Table 4 shows a comparison of various image encryption techniques in terms of cipher area, throughput, Peak Signal to Noise Ratio (PSNR), and entropy. In this section, image encryption and biocryptography techniques are discussed. Table 4. Comparison of various image encryption techniques. Title

Technique used A5/1 key stream generator W7

Zeghid [19]

AES+A5/1 AES+W7

FPGA Xilinx Virtex_II Xilinx Virtex_II Xilinx Virtex_II Xilinx Virtex_II

Cipher Area in %

Frequency (MHz)

Throughput (Gbps)

PSNR

Entropy

8,64

269.2

-

-

-

14.16

176.9

-

-

-

62.81

128.6

1.6074

6.83

7.96

59.75

128.6

1.6074

6.77

~8

AES

Xilinx Virtex_II

52.8

129

1.6123

6.88

7.91

Benabdellah [20]

FMT-AES

NA

NA

NA

NA

34.531

7.104

Karimian [21]

Pipeline technique, control unit based on logic gates, and optimal multiplier blocks in MixColumn phase

StratixII

NA

100

0.6025

NA

NA

To improve the encryption performance in AES-based image encryption, Zeghid et al advised adding a key stream generator (A5/1, W7) to AES [19]. Images are characterized by reduced entropy. Two forms of key stream generators are used, namely an A5/1 key stream generator and a W7 key stream generator. The A5/1 key stream generator is composed of three linear feedback shift registers (LFSRs): R1, R2, and R3 of length 19, 22, and 23 bits. Each LFSR is shifted, using clock cycles that are determined by the majority function. This unit uses 3 bits: C1, C2, and C3. If two or more bits are zero, then the majority is m = 0. Similarly if two or more are equal to 1, then the majority is m = 1. If Ck = m, then Rk is shifted, where k = 1, 2, 3. The feedback polynomials for R1, R2, R3 are: x19 + x5 + x2 + xs + 1, x22 + x + 1, and x23 + x15 +x2 + x + 1, respectively. At each cycle, after the initialization phase, the last bits of each LFSR are XORed to produce one output bit. The author also used the W7 algorithm, which is a symmetric key algorithm supporting key lengths of 128 bits. The W7 cipher has eight similar cells from C1 to C8. Each cell consists of three LFSRs and one majority function. The W7 architecture has a control unit and a function unit. The function unit is responsible for key stream generation. Each cipher cell has two inputs and one output. The one input is the key, and it is the same for all the cells. The other input consists of

Smart Computing Review, vol. 2, no. 6, December 2012

385

control signals. Finally, the output is 1 bit long. The output of each cell forms the key stream byte. It offers high security and can be realized easily in both hardware and software. A new hybrid approach for encryption compression of images, based on the AES encryption algorithm of the dominant coefficients in a mixed-scale representation using Faber-Schauder Multi-scale Transform (FMT) [20], was presented by Benabdellah et al. Comparing the FMT method with the other methods, such as Quadtree-AES and DCT-partial-encryption, an algorithm of transformation is used to get fast and exact results. A visualization method is used at mixed scales. A four-stage pipelining concept in key expansion, control unit–based logic gates, optimal design of the multiplier block in the MixColumn phase, and simultaneous production keys used in AES image encryption for achieving low power and high speed was suggested by Karimian et al. [21]. They also discuss resource sharing, pipelining, and signal gating concepts to reduce power consumption. Pipelining shortens depth of the combinatorial logic. Signal gating prevents switching activity. This technique will achieve fast image encryption. AES MixColumn round multiplication is based on Shift followed by XOR operations, modified by 2 and 3 and XOR operations. Precalculated multiplication is used to increase the speed of MixColumn transformation. In a paper titled “Simulation of Image Encryption using AES Algorithm” [22], Karthigaikumar et al. presented a design for a 128-bit encoder using an AES Rijndael algorithm for image encryption. Optimized and synthesizable VHDL code for 128-bit data encryption was developed. Timing simulation was performed to verify the functionality of the circuit. A new non-linear chaotic algorithm (NCA) was introduced for image encryption by Gao et al. which uses power function and tangent function instead of linear function, and an image encryption algorithm in a one-time-one-password system [23]. They say this has the advantages of a large key space and high-level security, while maintaining acceptable efficiency. It is more secure compared with other encryption algorithms. The NCA map is used to encrypt image data with different keys for different images, and to convert the chaotic sequence to another sequence that consists of integers, because the images will be in digital form. This encrypts only 256 x 256 grey scale images. Jin et al. used two-factor authentication, based on iterated inner products between tokenized pseudo-random number and a user-specific fingerprint feature generated from the integrated wavelet and Fourier–Mellin transform to produce a set of user-specific compact code that is known as BioHashing [24]. BioHashing is highly tolerant of data capture offsets, with the same user fingerprint data resulting in highly correlated bitstrings. Wavelet transform is used to preserve local edges and noise reduction in the low-frequency domain after image decomposition. They also mention that this will make fingerprint images less sensitive to shape distortion. Transformation is applied to the image to generate a Wavelet and Fourier–Mellin Transform (WFMT) feature. From the WFMT and pseudorandom number, the inner products are generated. The inner products are compared with predefined threshold values and the feature vectors are generated. Khan and Zhang presented a high-level categorization of various vulnerabilities of a biometric system and biometric template security, which is an important issue because, unlike passwords and tokens, this biometric template cannot be revoked and reissued [25]. Protecting a template is a challenging task. So biometric template protection schemes are presented with their advantages and disadvantages in terms of security, revocability, and impact on matching accuracy. But the drawback here is that decryption is difficult to decipher under attack. Tiegang et al. researched shuffling image rows and columns to disturb the high correlation among the pixels by iterating the logistic map, and a key stream is generated to mix with pixels of the shuffled image using hyper-chaos [26]. The characteristics of chaos, such as ergodicity, mixing and exactness properties, and sensitivity to initial conditions can be connected with confusion and diffusion properties in cryptography. This chaos enriches the design of new ciphers. If the key stream is used more than once, which weakens the defense against chosen cipher text and chosen plaintext attacks, this creates a drawback. The key stream generation should be dependent on plaintext or cipher text, like a one-time pad (which is not secure enough), and practical, and grey values of the image also change. Two new image encryption schemes are given by David et al., in which the encryption involves a permutation operation and an XOR-like transformation of shuffled pixels, which is controlled by three chaotic systems [27]. They also give some defects in the schemes and explain how to break them with a chosen plaintext attack. Image encryption is based on secret permutation and masking of grey-scale values and Lorenz and Chen‟s systems. Two chaotic systems used only for key generation do not produce security, which creates a drawback and is insensitive to changes of a plain image. Morkel and Eloff constructed a timeline of important encryption events that have occurred, and attention is given to quantum encryption techniques which use light particles called photons to communicate instead of bits [28]. These photons can have four orientations, horizontal, vertical, +45º diagonal, and -45º diagonal. This is represented as bits: – and / each represent 0, whereas | and \ each represent 1. Each bit in a message is randomly translated into one of the two orientations connected with that bit. The actual bits are then sent to the receiver via fiber optics. The receiver has two filters: a+ (rectilinear) and ax (diagonal) filters. If v and H photons move, it remains the same; if a diagonal photon moves, it will change. The filters are secretly chosen by the receiver. The filters are sent back to the sender to compare, and the photons are sent back to the receiver. The resulting bits are used as a key. The advantage in this technique is it is high in robustness, availability, flexibility, and in governmental support. This solves problems, as it is not reliant on users; but the drawback is, based on business, it will need new infrastructure and hardware for implementation. The images in the CASIA version 1.0 iris data set have been edited; that is, the pupil area is replaced by a circular region of uniform intensity [29]. But it is not used, so an iris recognition experiment is carried out here. The data set used is

386

Sridevi et al.: Survey on Efficient, Low-power, AES Image Encryption and Bio-cryptography Schemes

not the same as the CASIA version 1.0 data set. In this, each image is replaced with a circular region of constant intensity to mask out the secular reflections from the near infrared illuminations. The advantage here is, while transferring the pupil images, the constant intensity is obtained, which is prior to the distribution of data; the automatic detection of the pupil-iris boundary was made artificially simple. The image-taking for encryption is from the CASIA version 1.0 database which has the correct iris recognition image. Chang et al. researched stable cryptography key generation from biometric data that is unstable in nature [30]. The userdependent transforms are used to generate a compact and more stable cryptographic key. The user-dependent feature transform is derived from biometric key features. From this, stable data is generated, which is used to generate the cryptographic key. The advantage here is that the user may forget the randomly selected keys and user-determined keys, which are subject to dictionary attacks. Using biometrics data such as the face, voice, iris, and fingerprints, contributes specific characteristics of each individual; this can be considered a good alternative, or supplement, to PINs and passwords. This is achieved by biometrics-based authentication followed by key selection. A mathematical equation for the avalanche effect, confusion, diffusion, and entropy, which is used here for analysis of bio-chaotic algorithms, was proposed by Shannon [31]. Entropy is a measure of the uncertainty or randomness associated with a random variable. Confusion and diffusion are two properties of the operation of a secure cipher. The avalanche effect refers to a desirable property of a cryptographic algorithm. Daugman proposed a method for rapid visual recognition of personal identity, which is described based on failure of a statistical test of independence [32]. The most identifying feature in the human face is the texture of each eye‟s iris. The iris biometric has a further advantage over fingerprints and other biometrics for the purposes of automatic recognition. Yang and Verbauwhede proposed an adaptive alignment technique to reach the most reliable reference point, and a methodology to construct a set of rotation and shifting invariant features, acting as the lock set for the fuzzy vault [33]. The authentication system based on biometric information offers greater security and convenience than the traditional methods of personal recognition. Along with the rapid growth of this emerging technology, system performance, such as accuracy and speed, is continuously improving. The disadvantage of biometric recognition systems is that the biometric key cannot be easily recalled. Therefore storing the biometric template securely is becoming extremely important. Biham et al introduced the notion of impossible fault analysis, and presented an impossible fault analysis of RC4, whose complexity, 221, is smaller than the previously best known attack of Hoch and Shamir (2 26), along with an even faster fault analysis of RC4, based on different ideas, with complexity smaller than 216 [34]. Nowadays, RC4 is one of the most widely used stream ciphers in a wide range of applications. Another, more standard, fault analytic attack against RC4 is described, which requires less than 216 stream bytes with less than 1000 key setups, and where analysis time complexity is also lower than 216. Bio-chaotic stream cipher, which encrypts images over electronic media by using a biometric key and a bio-chaotic function, was proposed by Abdullah et al. It enhances the security of the images and should not be compromised [35]. A new kind of stream cipher called bio-chaotic stream cipher is used, and they describe how to generate a key from a biometric string and how to encrypt and decrypt the desired data by using the bio-chaotic function. Rahimov et al. researched the logistic chaotic equation, which improves the linear property of LFSR [36]. It is used to construct a sequence generator with a complex architecture. The result of the statistical testing on generated bit sequences, done by very strict tests of randomness, is presented in the National Institute of Standards and Technology (NIST) suite of tests to detect the specific characteristic expected of truly random sequences. The results of NIST‟s statistical tests shows the proposed method for generating random numbers has more efficient performance. The main use of an LFSR in encryption systems is generating a series of pseudo-random bits to be used as a key stream in a stream cipher. The idea is to generate a stream of bits with the minimum repetition possible, i.e. with a maximal period. For its study, the connections in an LFSR are usually represented as a polynomial, and the properties such a polynomial needs to meet to achieve maximal period are analyzed. The disadvantage is that LFSR is not directly used in cryptography but is generally used in one of these modes: nonlinear combination of LFSRs, clock-controlled generators, and nonlinear filter generators. The security of a recently proposed chaos-based cryptosystem was studied by Arroyo et al.; it was shown that the encryption architecture of this cryptosystem possesses some important problems related to its implementation and its robustness against noise [37]. Some security problems are also highlighted. For good performance, the selected chaotic system is expected to be robust, which means it remains chaotic in a continuous range of the parameter space. A new encryption algorithm was proposed by Liu et al. by analyzing the principle of the chaos encryption algorithm based on a logistic map [38]. Moreover, the security and performance was also estimated. The experimental results based on coupled chaotic maps approved the effectiveness of this method, and the coupled chaotic maps showed the advantages of large key space and high-level security. The cipher text generated by this method is the same size as the plaintext and is suitable for practical use in the secure transmission of confidential information over the Internet. Chaos seems to be a good candidate due to its ergodicity and complex dynamics. Uludag et al. present various methods that monolithically bind a cryptographic key with the biometric template of a user stored in the database in such a way that the key cannot be revealed without a successful biometric authentication [39]. The performance of one of these biometric key binding/generation algorithms using the fingerprint biometric is accessed. Biometrics are not secrets and are not revocable. While revocability and secrecy have been critical requirements of

Smart Computing Review, vol. 2, no. 6, December 2012

387

conventional cryptosystem design, one then wonders whether it is possible to design a secure authentication system from the system components which in themselves are neither secret nor revocable. Evaluation of six of the most common encryption algorithms, namely AES (Rijindael), DES, TripleDES, RC2, Blowfish, and RC6, was done by Salama et al. [40]. A method for analyzing trade-offs between energy and security was examined. A comparison was conducted for those encryption algorithms at different settings for each algorithm, such as different sizes of data blocks, different data types, battery power consumption, different key size, and encryption/decryption speed. From the comparison, it is mentioned that AES is a block cipher. It has variable key lengths of 128, 192, or 256 bits (default 256). It encrypts data blocks of 128 bits in 10, 12, and 14 rounds, depending on the key size. AES encryption is fast and flexible; it can be implemented on various platforms, especially in small devices. Also, AES has been carefully tested for many security applications [40]. The chaos-based cryptographic algorithms were suggested by Agrawal and Agrawal [41]. They have several advantages over traditional encryption algorithms, such as high security, speed, reasonable computational overhead, and computational power. A survey of some encryption methods based on chaos systems is also presented. The distinct properties of chaos, such as ergodicity, quasi-randomness, sensitivity dependence on initial conditions and system parameters, have established chaotic dynamics as a promising alternative for conventional cryptographic algorithms. It is also given that unlike the conventional cryptographic algorithms which are mainly based on discrete mathematics, chaos-based cryptography relies on the complex dynamics of nonlinear systems or maps, which are deterministic but simple. Therefore, it can provide a fast and secure means for data protection, which is crucial for multimedia data transmission over fast communication channels, such as broadband internet communication. Lucky presented an introduction to the AES algorithm, explaining its encryption and decryption processes and describing its various options [42]. Also discussed was how AES is implemented in CAST‟s IP cores. These RTL cores can be used to physically implement the AES algorithm for fast hardware encryption and decryption in Application-Specific Integrated Circuit (ASIC) or FPGA technologies. AES is a block cipher, meaning that it operates on an input block of data of a known size and outputs a block of data which is the same size. An input key is also required as input to the AES algorithm. A mode of operation is selected, which selects a specific implementation of the AES algorithm. The input block and output block data are each a fixed length of 128 bits. The unencrypted data is referred to as plaintext, and the encrypted data is referred to as cipher text. The input key can be 128, 192, or 256 bits. The same key is used for both encryption and decryption. In general, the longer the key, the higher the security level obtained with the encryption. The National Institute of Standards and Technology (NIST) has initiated a process to develop a Federal information Processing Standard (FIPS) for AES, specifying an advanced encryption algorithm to replace DES [43]. AES can be programmed in software or built with pure hardware. However FPGAs offer a quicker, more customizable solution. The AES algorithm is a symmetric block cipher that can encrypt (encipher) and decrypt (decipher) information. Encryption converts data to an unintelligible form called cipher text. Decryption of the cipher text converts the data back into its original form, which is called plaintext. The AES algorithm is capable of using cryptographic keys of 128, 192, and 256 bits to encrypt and decrypt data in blocks of 128 bits.

Conclusion In this paper, various cryptography schemes to achieve high throughput with low power are discussed. Different methods to perform image encryption and biocryptography are also given. Those methods and schemes are studied and analyzed. Each technique is unique and suitable for different applications. Usage of efficient algorithm implementation methods, lowpower techniques in image encryption, and biometric keys as key input will increase security with less power and high throughput.

References [1] [2] [3] [4] [5]

M. Mali, F. Novak, A. Biasizzo, “Hardware Implementation of AES Algorithm,” Journal of Electrical Engineering, vol. 56, no.9-10, pp. 265-269, 2005. http://www.networkworld.com. S. M. Seth, R. Mishra, “Comparative Analysis of Encryption Algorithms for Data Communication,” International Journal of Computer Science and Telecommunications, vol. 2, no. 2, pp. 292-294, June 2011. J. Daemen, V. Rijmen, “AES Proposal: Rijindael, The Rijindael Block Cipher,” AES Proposal, pp1-45, 1999. S.-S. Wang, W.-S. Ni, “An Efficient FPGA Implementation of Advanced Encryption Standard Algorithm,” in Proc. of the IEEE International Symposium on Circuits and Systems (ISCAS), pp. 597-600, May 2004. Article (CrossRef Link)

388

Sridevi et al.: Survey on Efficient, Low-power, AES Image Encryption and Bio-cryptography Schemes

[6]

A. Hodjat, I. Verbauwhede, “A 21.54 Gbits/s Fully Pipelined AES Processor on FPGA,” in Proc. of the 12th Annual IEEE Symposium on Field-Programmable Custom Computing Machines, pp. 308-309, Apr. 2004. Article (CrossRef Link) X. Zhang, K. K. Parhi, “High-Speed VLSI Architectures for the AES Algorithm,” IEEE Transactions on Very Large Scale Integration (VLSI) Systems, vol. 12, no. 9, Sep. 2004. Article (CrossRef Link) T. Good, M. Benaissa, “Pipelined AES on FPGA with support for feedback modes (in a multi-channel environment),” IET Information Security, vol. 1, pp. 1-10, 2007. Article (CrossRef Link) A. Brokalakis, H. Michail, A. Kakarountas, E. Fotopoulou, A. Milidonis, G. Theodoridis , C. Goutis, “A High-Speed and Area Efficient Hardware Implementation of AES-128 Encryption Standard,” in Proc. of the 5th WSEAS Int. Conf. on Multimedia, Internet and Video Technologies, pp125-129, Aug. 2005. C.-W. Huang, C.-J. Chang, M.-Y. Lin, H.-Y. Tai, “Compact FPGA Implementation of 32-bits AES Algorithm Using Block RAM,” in Proc. of the IEEE Conference on TENCON, 2007. Article (CrossRef Link) G. Singh, R. Mehra, “FPGA Based High Speed and Area Efficient AES Encryption For Data Security,” International Journal of Research and Innovation in Computer Engineering, vol. 1, no. 2, pp. 53-56, Feb. 2011. J. M. Granado-Criado, M. A. Vega-Rodr´ıguez, J. M. S_anchez-P _erez, J. A. Gomez-Pulido, “A new methodology to implement the AES algorithm using partial and dynamic reconfiguration,” The VLSI journal, vol. 43, pp72-80, 2010. Article (CrossRef Link) P. Chodowiec, K. Gaj, “Very Compact FPGA Implementation of the AES Algorithm,” in Proc. of CHES 2003, LNCS 2779, pp. 319-333, 2003. X. Ji-Peng, Z. Xue-Cheng, G. Xu “Ultra-Low Power S-Boxes Architecture for AES,” The Journal of China Universities of Posts and Telecommunications, vol. 15, no. 1, Mar. 2008. S. Morioka, A. Satoh, “An Optimized S-Box Circuit Architecture for Low Power AES Design,” IBM Research, Tokyo Research Laboratory, IBM Japan Ltd., pp. 172-186, 2003. F. Ge, P. Jain, K. Choi “Ultra-Low power and High Speed Design Implementation of AES and SHA1 Hardware cores in 65 Nanometer CMOS Technology,” in Proc. of IEEE International Conference on Electro/Information Technology, pp. 405-410, June 2009. Article (CrossRef Link) Z.-R. Li, Y.-Q. Zhuang, C. Zhang, G. Jin, “Low-power and Area-Optimized VLSI implementation of AES coprocessor for Zigbee system,” The Journal of China Universities of Posts and Telecommunications, vol. 16, no. 3, pp 89-94, June 2009. Article (CrossRef Link) Z. Liu, Y. Zeng, X. Zou, Y. Han, Y. Chen, “A High-security and Low-power AES S-Box Full-custom Design for Wireless Sensor Network,” in Proc. of International Conference on Wireless Communications, Networking and Mobile Computing, 2007. Article (CrossRef Link) M. Zeghid, M. Machhout, L. Khriji, A. Baganne, R. Tourki, “A Modified AES Based Algorithm for Image Encryption,” International Journal of Computer Science and Engineering, vol. 1, no. 1, Mar. 2007. M. Benabdellah, F. Regragui, E. H. Bouyakhf, “Hybrid Methods of Image Compression-Encryption,” Journal of Commun. & Comput., vol. 1, no. 1-2, 2011. G. H. Karimian, B. Rashidi, A. farmani, “A High Speed and Low Power Image Encryption with 128-Bit AES Algorithm” International Journal of Computer and Electrical Engineering, vol. 4, no. 3, June 2012. Article (CrossRef Link) P. Karthigaikumar, S. Rasheed, “Simulation of Image Encryption using AES Algorithm,” IJCA Special Issue on Computational Science - New Dimensions & Perspectives, 2011. H. Gao, Y. Zhang, S. Liang, D. Li, “A new Chaotic Algorithm for image Encryption,” Elsevier Science Direct, Aug. 2005. A. T. B. Jin, D. N. C. Ling, A. Goh, “Biohashing: Two Factor Authentication Featuring Fingerprint Data and Tokenized Random Number,” The Journal of The Pattern Recognition Society, Apr. 2004. M. K. Khan, J. Zhang, “Implementing Templates Security in Remote Biometric Authentication Systems,” in Proc. of IEEE Conference on CIS’06, pp. 1396-1400, 2006. T. Gao, Z. Chen, D. Arroyo, C. Li, S. Li, A. Alvarez, “A New Image Encryption Algorithm Based on Hyper-Chaos,” Elsevier Science Direct, Physics Letters A, vol. 372, no. 4, pp.394-400, 2007. Article (CrossRef Link) D. Arroyo, C. Li, S. Li, G. Alvarez, A. W. Halang, “Crypt Analysis Of An Image Encryption Scheme Based on A New Total Shuffling Algorithm,” Elsevier Science Direct, vol. 41, no. 5, pp. 2613-2616, Sep. 2009. T. Morkel, J. Eloff, “Encryption Techniques: A Timeline Approach,” Information and Computer Security Architecture (ICSA) Research Group Department of Computer Science University of Pretoria, 0002, Pretoria, South Africa. CASIA Iris Database, http://sinobiometrics.com Y.-J. Chang, W. Zhung, T. Chen “Biometrics-Based Cryptographic Key Generation,” in Proc. of IEEE International Conference on Multimedia and Expo (ICME), pp. 2203-2206, 2004. C. E. Shannon, “A Mathematical Theory of Communication,” Bell System Technical Journal, pp.623, July 1948. Article (CrossRef Link)

[7] [8] [9] [10] [11] [12] [13] [14] [15] [16] [17] [18] [19] [20] [21] [22] [23] [24] [25] [26] [27] [28] [29] [30] [31]

Smart Computing Review, vol. 2, no. 6, December 2012

389

[32] J. Daugman, “High Confidence visual recognition of persons by a test of statistical independence,” IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 15, pp. 1148-61, 1993. Article (CrossRef Link) [33] S. Yang, I. M. Verbauwhede, ”Secure Fuzzy Vault Based Fingerprint Verification System,” in Proc. of IEEE Conference on Signals, Systems and Computers, Nov. 2004. Article (CrossRef Link) [34] E. Biham, L. Granboulan, P. Q. Nguy, “Impossible Fault Analysis of RC4 and Differential Fault Analysis of RC4,” in Proc. of the 12th international conference on Fast Software Encryption, pp. 359-367, 2005. Article (CrossRef Link) [35] A. S. Abdullah, U. Hanif, M. Maqsood, K. K. Muhammad, “Bio-chaotic Stream Cipher-Based Iris Image Encryption,” in Proc. of International Conference on Computational Science and Engineering, vol. 2, pp.739-744, 2009. [36] H. Rahimov, M. Babaei, M. Farhadi, “Cryptographic PRNG Based on Combination of LFSR and Chaotic Logistic Map,” Applied Mathematics, vol 2, pp. 1531-1534, Dec. 2011. Article (CrossRef Link) [37] D. Arroyo, S. Lib, J. M. Amigoc, G. Alvareza, R. Rhouma, “Comments on „Image Encryption with Chaotically Coupled Chaotic Maps‟” Physica D, vol. 239, no. 12, pp.1002-006, 2010. Article (CrossRef Link) [38] S. Liu, J. Sun, Z. Xu, “An Improved Image Encryption Algorithm based on Chaotic System,” Journal of Computers, vol. 4, no. 11, Nov. 2009. Article (CrossRef Link) [39] U. Umut, P. Sharath, P. Salil, K. J. Anil, “Biometric Cryptosystems: Issues and Challenges,” Proceedings of the IEEE, vol. 92, no. 6, pp. 948-960, June 2004. Article (CrossRef Link) [40] D. Salama A. Minaam, H. M. Abdual-Kader, M. M. Hadhoud, “Evaluating The Effects of Symmetric Cryptography Algorithms on Power Consumption for Different Data Types,” International Journal of Network Security, vol. 11, no. 2, pp. 78-87, Sept. 2010. [41] B. Agrawal, H. Agrawal, “Survey report on chaos based cryptography,” IJREAS, vol. 2, no. 2, Feb. 2012. [42] M. Lucky, “AES Encryption and CAST‟s AES IP Cores,” VP Sales, CAST, Dec. 2008 [43] M. H. Rais, S. M. Qasim, “Efficient Hardware Realization of Advanced Encryption Standard Algorithm using Virtex5 FPGA,” International Journal of Computer Science and Network Security, vol. 9, no. 9, Sep. 2009.

S. Sridevi Sathya Priya received a BE degree in Electronics and Communication Engineering in the year 2001 from Madras University, and an ME degree from Karunya University in the year 2006. She is pursuing a PhD in the area of security algorithm. She is a Member of ISTE. Currently she is working in hardware implementation of security algorithm.

Dr. P. Karthigaikumar received his Bachelor of Engineering degree in Electrical and Electronics Engineering from Bharathiar University, India, in 1999, and his Master of Engineering degree (with Distinction) in Applied Electronics from Bharathiar University, India, in 2002. He completed his PhD in Information and Communication Engineering under Anna University, India, in 2011, focusing on FPGA and ASIC implementation of Media Security processors. He is a member of IEEE (MIEEE), a senior member of the Association of Computer Electronics and Electrical Engineers (ACEEE), a member of the International Association of Engineers (MIAENG) and a member of the International Association of Computer Sciences and Information Technology (MIACSIT). He joined Karunya University, Coimbatore, India, in 2000. He is now Associate Professor in Electronics and Communication Engineering. He has published 19 papers in international journals. He received the IETE K S Krishnan Award for the best system oriented research paper in the year 2010. His research interests include FPGA implementation of media security algorithms.

390

Sridevi et al.: Survey on Efficient, Low-power, AES Image Encryption and Bio-cryptography Schemes Dr. N.M. Sivamangai received her Bachelor of Engineering degree in Electronics and Communication Engineering (with Distinction) from the Madurai Kamaraj University, India, in 2000, and her Master of Engineering degree in VLSI Design from PSG College of Technology, Bharathiar University, India, in 2002. She completed her PhD in Information and Communication Engineering at Anna University, Chennai, India, in 2011, focusing on power optimization and failure detection techniques for memory. She is a member of the VLSI Society of India. She is currently working as Associate Professor in Electronics and Communication Engineering, Karunya University, Coimbatore, India.

Dr. P.T. Vanathi received her BE degree in Electronics and Communication Engineering in the year 1985 and her ME degree from PSG College of Technology, Coimbatore, in the 1985 and 1991, respectively. She completed her PhD in Speech Signal Processing in the year 2002 from Bharathiar University, Coimbatore. She has about 26 years of teaching and research experience. Her research interests include soft computing, speech signal processing, wireless sensor networks and VLSI design. Under her guidance, six Research Scholars have completed their PhDs. She is currently guiding eight Research Scholars in various fields of Electronics and Communication Engineering. She is currently working as an Associate Professor in the ECE department of PSG College of Technology. She was the Co-coordinator for the SSSImpact Project funded by the Swiss Development Cooperation and the Government of India. She was the Co-coordinator for the VLSI–SMDP II project funded by Ministry of Communication and Information Technology, New Delhi, during 2005-2009. She has published 80 papers in national and international journals and 93 papers in national and international conference publications.

Copyrights © 2012 KAIS