Damar görüntülerinin şifrelenmesi için kullanılan kaos tabanlı bir rastgele sayı üretecinin kriptanalizi

Bu çalışmada, damar görüntülerinin mikrobilgisayar ile şifrelenmesinde kullanılan kaos tabanlı rastgele sayı üretecinin(RSÜ) kriptanalizi sunulmuştur. Doğrusal olmayan bir sistem tabanlı bu rastgele sayı üreteci, kızılötesi kamera ile elde edilen el üstü damar görüntülerinin şifrelenme ve depolanmasını sağlayan bir kriptografik sistemde kullanılmıştır. Bu çalışmada, kaos tabanlı rassal sayı üretecinin zayıflıkları kullanılarak kriptografik sisteme atak metodu önerilmiştir. Kaotik sisteme ait bir durum değişkeninin izlenmesi ve rassal sayı üretecinin yapısının bilinmesi ile, hedef rassal sayı üretecinin çıkışı ana köle senkronizasyon yöntemi kullanılarak klon bir rassal sayı üreteci tarafından üretilebilmiştir. Atak metodunun uygulanabilirliği nümerik benzetim sonuçları ile gösterilmiştir. Bu atak yöntemi ile damar görüntülerinin şifrelenmesinde kullanılmış olan anahtar değerleri elde edilmiştir ve şifrelenmiş görüntülerin çözülmesinin mümkün olduğu gösterilmiştir. Bu çalışmada, uygulama olarak özel bir kaotik tabanlı rassal sayı üreteci ve ilgili kriptografik sistem hedef alınmıştır. Ancak, bu çalışmada önerilen kriptanaliz yöntemi, genel olarak hem sürekli zamanlı hem de ayrık zamanlı kaotik rassal sayı üreteçlerinin güvenlik analizinde kullanılabilir. Bu nedenle, bu çalışma kaotik tabanlı rassal sayı üreteçlerinin güvenlik açıklarına ışık tutmaktadır ve deterministik kaosun salt entropi kaynağı olarak değerlendirilmemesi gerektiğini vurgulamaktadır.

Anahtar Kelimeler:

Rastgele(rassal) sayı üreteçleri, kriptanaliz, kaotik sistemler, doğrusal olmayan sistemler, senkronizasyon

Cryptanalysis of a chaos based random number generator used for encryption of vein images

In this study, the cryptanalysis of a chaos based random number generator(RNG) which is used for encryption of vein images is presented. This RNG based on a nonlinear system is deployed in a cryptographic system which is used for encryption and secure storage of dorsal hand images taken by an infrared camera. In this study, an attack method which exploits the security weaknesses of the chaos based RNG is propose. Assuming that one of the chaotic state variables of the RNG is observable and the structure of the target RNG is known, identical output bit stream of the target RNG is generated by a clone RNG used in master–slave synchronization scheme. The performance of the attack method is demonstrated using numerical simulation results. Using the attack method described in this study, it is demonstrated that it is possible to obtain the key values used for encryption of the vain images and use these key values to decrypt the images. In this study, a specific continuous-time chaos-based RNG is subjected to a cryptanalysis study to reveal the security weaknesses. However, the cryptanalysis method explained in this study can be used in the cryptanalysis of any continuous-time or discrete-time chaos-based RNGs. Therefore, this study brings light to the security weaknesses associated with chaos based RNGs and underlines the fact that chaos should not be treated as the sole entropy source in a RNG application as chaos is a deterministic phenomenon.

Keywords:

Random number generators, cryptanalysis, chaotic systems, nonlinear systems, synchronization,

PDF

___

Shannon, C. E., Communication theory of secrecy systems, The Bell System Technical Journall, 28, 4, 656-715, (1949).
Kerckhoffs, A., La cryptographie mlitaire, Journal des sciences militaires, 5-83, (1883).
Schneier, B., Foundations-applied cryptography, 2, John Wiley & Sons Inc., (2015).
Menezes, A., van Oorschot, P., Vanstone, S.A., Handbook of applied cryptography, 1, CRC Press, (1996).
Petrie, C. S., Connely, J. A., A noise-based ic random number generator for applications in cryptography, IEEE Transactions on Circuits and Systems I: Fundamental Theory and Applications, 47,5,615-621, (2000).
Bucci, M., Germani, L., Luzzi, R., et al, A high-speed ic random-number source for smartcard microcontrollers, IEEE Transactions on Circuits and Systems I: Fundamental Theory and Applications, 50,11,1373-1380, (2003).
Callegari, S., Rovatti, R., Setti, G., Embeddable ADC-based true random number generator for cryptographic applications exploiting nonlinear signal processing and chaos, IEEE Transactions on Signal Processing,53,2,793-805, (2005).
Ergün, S., Özoğuz, S., Truly random number generators based on nonautonomous continuous time chaos, International Journal of Circuit Theory and Applications ,38,1,1-24, (2010).
Özoğuz, S., Elwakil, A.S., Ergün, S., Cross-coupled chaotic oscillators and application to random bit generation, IEE Proceedings-Circuits, Devices and Systems,153, 5, 506-510, (2006).
Ergün, S., A chaos-modulated dual oscillator-based truly random number generator, 2007 IEEE International Symposium on Circuits and Systems(ISCAS), 2482-2485, (2007).
Al-Vahed, A., Sahhavi, H., An overview of modern cryptography,World Applied Programming,1,1, 55-61, (2011).
Ergün, S., On the security of chaos based true random number generators, The IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 99,1,363-369,2016.
Ergün, S., Güler, Ü., Asada, K., IC truly random number generators based on regular & chaotic sampling of chaotic waveforms, IEICE Nonlinear Theory and Its Applications, 2, 2,246-261, (2011).
Ergün, S., Güler, Ü., Asada, K., A high speed ic truly random number generator based on chaotic sampling of regular waveform, The IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences, 94,1,180-190, (2011).
Akgül, S., Yıldız, M.Z., Boyraz, Ö. F., Güleryüz, E., Kaçar, S., Gürevin, B., Microcomputer-based encryption of vein images with a nonlinear novel system, Journal of the Faculty of Engineering and Architecture of Gazi University, 35,3,1369-1385, (2020).
Yıldız, M.Z., Boyraz, Ö. F.,Development of a low-cost microcomputer based vein imaging system, Infrared Physics & Technology, 98,27-35, (2019).
Sato, S., Sano, M., Swada, Y., Practical methods of measuring the generalized dimension and the largest lyapunov exponent in high dimensional chaotic systems, Progress of Theoretical Physics, 77,1, (1987).
Ergün, S., Revealing the unknown parameters of a microcomputer-based random number generator, 2019 IEEE Asia Pacific Conference on Circuits and Systems (APCCAS), Bangkok, 237-240, (2019).
Demir, K., Ergün, S., Cryptanalysis of a random number generator based on continuous-time chaos, IET Circuits, Devices & Systems, 14,5, 569-575, (2020).
Zhou, C., Lai,C.H., Extracting messages masked by chaotic signals of time-delay systems, Physical Review E, 60,1,320, (1999).
Alvarez, G., Montoya, F., Romera, M.,et al, Breaking two secure communication systems based on chaotic masking, IEEE Transactions on Circuits and Systems II: Express Briefs, 51,10,505-506,(2004).
Alvarez, G., Li, S., Montoya, F., et al, Breaking projective chaos synchronization secure communication using filtering and generalized synchronization, Chaos, Solitons & Fractals, 24, 3, 775-783, (2005).
Carrol, T.L., Pecora, L. M., Synchronizing chaotic circuits, IEEE Transactions on Circuits and Systems, 38,4,453-456, (1991).
Wolf, A., Swift, J.B., Swinney, H.L., et.al., Determining lyapunov exponents from a time series, Physica D:Nonlinear Phenomena,16, 3, 285-317,(1985).
Aguirre, L.A., Letellier, C., Controllability and synchronizability: are they related? Chaos, Solitons & Fractals, 83, 242-251, (2016).