Double random phase encoding schemes with perfect forward secrecy for robust image cryptography

Inkyu Moon; Youhyun Kim; Samaneh Gholami; Ongee Jeong

doi:10.1364/OSAC.426537

1. Introduction

With the rapid implementation of digital devices and new media, large-scale image datasets and other digital quantities have become available in various fields, such as forensic image analysis, criminal investigation, law enforcement, accident investigation, and medical image analysis. At the same time, the security of visual datasets, such as graphs, images, and videos, has become increasingly important. In particular, the security of biomedical images is critical during image transmission and data storage because donor or patient information should be kept secure for privacy. Biomedical images are very important in sample assays, for drug deliveries, and for healthcare diagnostics or procedures because they involve donor or patient features, such as cells, internal organs, and tissues. Therefore, protecting visual datasets from unauthorized access in these various fields is essential [1–4]. Among existing image encryption techniques, cryptography based on Fourier optics has been studied extensively since the double random-phase encoding (DRPE) scheme was proposed in 1995 [5–20]. In DRPE [5], visual datasets are encrypted by phase-encoding at the input and Fourier planes of the optical 4f system using two random phase-only masks (RPMs). Due to its advantages, such as parallel processing and a large key space, the DRPE method has garnered considerable interest from many image security researchers [6–11].

Although DRPE-based cryptosystems with private RPMs, which are long-term symmetric keys, might protect visual data for security purposes, it is vulnerable to a man-in-the-middle (MiM) attack where attackers record the encrypted image and later attack a user’s computer and find the shared symmetric key. Thus, attackers can then decrypt the recorded encrypted image [21].

The main objective of this paper is to present a new method to provide DRPE systems with perfect forward secrecy (PFS) [21–25] that allows the use of a separate (or different) session key to encrypt images within each connection between two parties over the network thereby overcoming the security damage that occurs due to a compromised session key by MiM attacks in DRPE systems.

Historically, since the PFS concept was first developed in 1989 [22] to prevent an MiM attack in cryptosystems, it has become widely adopted by internet information providers as a crucial security feature. PFS is an encryption scheme which provides temporary private key exchanges between two parties (clients and servers). Key exchange protocols with the PFS property are considered ephemeral because they use a temporary key for encryption. Whenever a user initiates an individual session, PFS generates a unique session key for data encryption between the client and the server that only lasts for the duration of the session. Therefore, even if one of these session keys is compromised, the information in any other session can be protected from future attacks. On the other hand, non-ephemeral key exchange methods utilize a long-term secret key, which is usually the same for the previous and current connections between two parties over the network. Accordingly, if the long-term secret key is compromised, all information from every communication session could be leaked.

In this paper, we propose a new method to model PFS in DRPE schemes using complex sinusoidal waveform versions of the Diffie–Hellman (DH) key exchange algorithm [26–31] for robust image cryptography. To the best of our knowledge, this is the first study that establishes PFS in DRPE-based image cryptosystems to enhance the security of DRPE-based encrypted intensity or phase images. Most DRPE-based encryption techniques deal with RPMs in the Fourier, Fresnel, or fractional Fourier domain as secret keys [5–7,11]. In this work, we demonstrate that this phase mask can be used as a session key or an ephemeral key with our proposed scheme. Recently, we presented random phase key exchange schemes by calculating complex sinusoidal waveforms [32] to secure efficient key sharing in DRPE-based image encryption systems. We extend this virtual optical version of the DH key exchange scheme to accomplish maximum protection in term of PFS in DRPE systems.

To establish PFS in DRPE-based encryption–decryption schemes, the proposed method utilizes ephemeral secret exponents that are interchangeable between two parties using the optical version of the DH scheme. These secret exponents are removed from memory as soon as the session terminates. This means that new session keys are constantly generated by the optical version of the DH scheme for encryption, with new secret exponents for each connection between users. Therefore, the compromise of a single session key will not affect encrypted images in another session because the latest secret exponents and its generated session key are never stored and reused, which satisfies requirements for PFS and limits vulnerabilities to attacks, such as chosen-plaintext or chosen-ciphertext attacks, since a different private key is generated for different images.

2. Theory

As mentioned previously, the most important point of this work is protecting the security of long-term random phase keys in DRPE cryptosystems based on the PFS concept. Figure 1 shows the basic DRPE scheme where plain-images can be encrypted with the ith temporary session key (K_S) between two parties in the ith session.

Fig. 1. DRPE scheme where plain-images are encrypted with temporary session keys between two parties to implement the PFS concept.

Download Full Size | PDF

If the client encrypts a plain-image with the shared secret key (K_CS) and sends the resulting cipher-image to the server, an attacker could record the cipher-image, attack the client’s computer, and find the shared key K_CS to decrypt the recorded cipher-image. Therefore, it is essential to establish PFS in DRPE-based cryptosystems to prevent this. To implement the PFS concept in DRPE systems, we need to use a temporary session key (K_S) for encryption rather than a long-term secret key K_CS between the client and the server. In addition, both parties should forget the temporary session key K_S after the session is complete. Therefore, if we can identify a procedure that allows two parties to agree on the session key K_S, using a long-term symmetric or asymmetric key, we can realize PFS in DRPE systems.

In this study, we propose new methods to achieve PFS with a complex sinusoidal waveform version of ephemeral DH key exchange schemes, as shown in Fig. 2. In the proposed scheme, a two-dimensional (2D) RPM, like a white noise image, is generated and is public. It can be expressed as e^jθ^(x,y) where x and y are coordinates of the RPM, and θ is an independent random phase distribution in the range of −π to π. Users A and B (client and server) choose 2D temporal secret exponents a(x,y) and b(x,y), respectively. The selected exponents are integers and should only be used one time for the session duration. They use the RPM and their secret exponents to generate their own complex sinusoidal waveforms, which are rewritten as follows according to De Moivre’s formula:

(1)$${P_A}({x,y} )= {[{{e^{j\theta ({x,y} )}}} ]^{a({x,y} )}} = {e^{ja({x,y} )\theta ({x,y} )}} = {e^{j[{2\pi {N_a}({x,y} )+ \,\alpha ({x,y} )} ]}} = {e^{j\alpha ({x,y} )}},$$

(2)$${P_B}({x,y} )= {[{{e^{j\theta ({x,y} )}}} ]^{b({x,y} )}} = {e^{jb({x,y} )\theta ({x,y} )}} = {e^{j[{2\pi {N_b}({x,y} )+ \,\beta ({x,y} )} ]}} = {e^{j\beta ({x,y} )}},$$

where N_a and N_b are integers, and α and β are remainders (in the range of −π to π) from calculating modulo 2π of the phases of the two waveforms. An unwrapped phase distribution (aθ or bθ) of the complex sinusoidal waveform is converted to a form of wrapped phase distribution (α or β) due to the numerical computation of the trigonometric function, which acts like a trapdoor, one-way function. In subsequent equations, coordinates (x, y) will be omitted.

Fig. 2. Schematics of complex sinusoidal waveform versions of ephemeral DH key exchange schemes to achieve PFS for image cryptography.

Download Full Size | PDF

The critical weakness of the DH key exchange algorithm is that it is vulnerable to an MiM attack [21]. To make the proposed methods robust against such an attack, as shown in Fig. 2(a), client A executes the Fresnel transform on P_A(x,y) in Eq. (1) with light wavelength λ and propagation distance d. The light wavelength and propagation distance should be confidential; therefore, they are encrypted with public key cryptosystems, such as the RSA algorithm [33]. The client then sends the data to server B, which decrypts it to finally obtain P_A(x,y) of client A. Server B then applies secret exponent b to the data to calculate its own secret key, which can be expressed as:

(3)$$S{K_B} = {({{P_A}} )^b} = {({{e^{ja\theta }}} )^b} = {({{e^{j\alpha }}} )^b} = {e^{jb\alpha }}.$$

Following the same procedure, client A can securely compute its own secret key, which is represented as:

(4)$$S{K_A} = {({{P_B}} )^a} = {({{e^{jb\theta }}} )^a} = {({{e^{j\beta }}} )^a} = {e^{ja\beta }}.$$

Equations (3) and (4) can be rewritten as:

(5)$$TS{K_{AB}} = {({{P_A}} )^b} = {({{P_B}} )^a} = {e^{jba\theta }} = {e^{jab\theta }} = {e^{jb\alpha }} = {e^{ja\beta }}.$$

As a result, Eqs. (3) and (4) must be equal because a and b are integers. Therefore, the last computed complex sinusoidal waveform, exp[jabθ] or exp[jbaθ], can be used as the shared temporal session key (TSK) of the two parties to encrypt large-scale datasets, such as images and videos.

An attacker may attempt to obtain TSK_AB in Eq. (5) from the public RPM. Nevertheless, finding TSK_AB or the secret exponents from the RPM is difficult due to the factoring problem and the phase periodicity:

(6)$${\big [}{{{({{e^{j\theta }}} )}^a}} {\big ]}{\big [}{{{({{e^{j\theta }}} )}^b}} {\big ]}\ne {{\big [}{{e^{j\theta }}} {\big ]}^{ab}}.$$

Once parties A and B have successfully generated TSK_AB, they can use it to send encrypted images (or data) to each other via an unsecured channel. In this study, grayscale 2D images are encrypted using the DRPE technique in which TSK_AB replaces the RPM used for phase modulation in the Fourier domain. Note that advanced DRPE techniques can also be utilized for image encryption.

As shown in Fig. 1, client A encodes the 2D image by applying TSK_AB to it, executes a Fourier transform, encrypts the image by applying TSK_AB in the Fourier plane, and then sends the encrypted image to server B through the channel. The encrypted image is expressed as:

(7)$$E({\xi ,\eta } )= {{\cal F}{\cal T}}\{{I({x,y} ){e^{j{\varphi_{TS{K_{AB}}}}({x,y} )}}} \}\,{e^{j{\varphi _{TS{K_{AB}}}}({\xi ,\eta } )}},$$

where ξ and η are coordinates of the encrypted image, x and y are coordinates of a pixel in the image, I(x, y) is the amplitude information of the (x, y)th pixel in the image, ${\varphi _{_{TS{K_{AB}}}}}$ is the phase distribution of TSK_AB, and ${\cal F}{\cal T}\textrm{{.}}$ indicates the Fourier transform.

The decrypted image can be obtained by reversing the encryption process. Server B applies the complex conjugate of TSK_AB to the encrypted image, executes the inverse Fourier transform, and then applies the complex conjugate of TSK_AB to restore the original image, which is represented by:

(8)$$D({x,y} )= {{\cal F}}{{{\cal T}}^{\, - 1}}\{{E({\xi ,\eta } ){{[{{e^{j{\varphi_{TS{K_{AB}}}}({\xi ,\eta } )}}} ]}^\ast }} \}{({{e^{j{\varphi_{TS{K_{AB}}}}({x,y} )}}} )^\ast },$$

${{\cal F}{\cal T}^{\, - 1}}\textrm{{.}}$ indicates the inverse Fourier transform, and * is the complex conjugate operator.

In addition, we propose a ring-type temporal key exchange system with n nodes, as shown in Fig. 3(a). Figure 3(b) shows how TSK_ABCD in a ring-type key exchange system with four nodes is generated. TSK_ABCD can be obtained by repeatedly performing the process for generating the TSK for two users. The complex sinusoidal waveform at node A is generated using secret exponent a of user A, which is expressed as [exp(jθ)]^a. As the complex sinusoidal wave signal passes through nodes B, C, and D, the user at node D finally obtains the shared secret key:

(9)$$S{K_D} = {\{{{{[{{{({{e^{ja\theta }}} )}^b}} ]}^c}} \}^d} = {e^{jdcba\theta }}\;,$$

where a, b, c, and d are the secret exponents of the four users. Similarly, users at other nodes can obtain their own secret keys. Note that the complex sinusoidal wave signal for each user can be encrypted by public key cryptosystems, such as the RSA algorithm, to prevent an MiM attack in a way similar to that of the proposed key exchange procedures between two users. The phase distributions for the secret keys of the four users are the same; thus, the secret keys for the session duration can be used as TSK_ABCD by the four users:

(10)$$TS{K_{ABCD}} = S{K_A} = S{K_B} = S{K_C} = S{K_D} \equiv {e^{jadcb\theta }} = {e^{jbadc\theta }} = {e^{jcbad\theta }} = {e^{jdcba\theta }}.$$

Fig. 3. Schematics of ring-type complex sinusoidal waveform versions of ephemeral DH key exchange schemes, which allow sharing a temporary session key among multiple users.

Download Full Size | PDF

3. Numerical simulations

The proposed schemes are verified by performing numerical simulations. The RPM (1024×1024 pixels) has random phase distributions in the range of −π to π. The illumination light wavelength is 632.8 nm, and the propagation distance is d = 20 cm. Figures 4(a) and 4(b) show the distributions of the 2D secret exponents, a and b for client A and server B, respectively. For simplicity, the secret exponents are assumed to be less than 10⁵. The RPM used in the numerical simulations is shown in Fig. 4(c), and the 2D phase distributions of the complex waveforms (P_A and P_B) of client A and server B are shown in Figs. 5(a) and 5(b), respectively. The phase distributions of the secret keys (SK_A and SK_B) of the two users are shown in Figs. 5(c) and 5(d), respectively. Here, the phase difference between the secret keys is less than 10⁻¹³ radians, as shown in Fig. 6(a). Therefore, these shared secret keys can be considered as TSK_AB for the two users.

Fig. 4. (a) Distribution of 2D secret exponent a, (b) distribution of 2D secret exponent b, (c) phase distribution of the RPM.

Download Full Size | PDF

Fig. 5. (a) Phase distribution of the complex waveform P_A of user A, (b) phase distribution of the complex waveform P_B of user B, (c) phase distribution of secret key SK_A, (d) phase distribution of secret key SK_B.

Download Full Size | PDF

Fig. 6. (a) Histogram of the phase difference between secret keys SK_A and SK_B, (b) histogram of phase difference between TSK_AB and multiplication of the complex waveforms of two users, P_A and P_B.

Download Full Size | PDF

We also confirmed that TSK_AB cannot be obtained from the complex waveforms due to the factoring problem and phase periodicity. As shown in Fig. 6(b), the phase difference between TSK_AB and multiplication of the complex waveforms of two users, i.e., the phase difference between both sides of Eq. (6), is distributed from −2π to 2π. This result implies that the attacker cannot easily obtain the secret exponents of the two users from multiplication of the two complex waveforms.

We calculated the correlation coefficient (CC) between the original image and the decrypted image to evaluate the correlation between both images objectively as follows:

(11)$$CC = \frac{{cov({I,\;D} )}}{{\sigma (I )\sigma (D )}},$$

where I and D are the original image and the decrypted image, respectively, cov(·) indicates the cross covariance between the two images, and σ(·) indicates the standard deviation.

Basically, circumference π is an infinite rational number; however, errors occur when calculating complex sinusoidal functions because the number of significant digits of floating point is limited by the finite bits of computer memory. An error will inevitably occur whenever a complex sinusoid of a phase multiplied by a secret exponent is computed. Thus, the extreme value of the secret exponent must be checked. Figure 7(a) shows the CC between the secret keys of both users according to the number of significant digits in secret exponent a when using TSK_AB with the number of significant digits of π set to eight decimal places. As shown at (1) in Fig. 7(a), when the maximum number of significant digits of the secret exponent is less than seven, the CC between the secret keys of both users is close to one. When the number of significant digits of the secret exponent is limited to eight, the CC between the secret keys of both users deteriorates to 0.75, as shown at (2) in Fig. 7(a). Figure 7(b) shows what happens to the limit of the secret exponent when using TSK_AB with the number of significant digits of π set to six decimal places. Figure 8 shows histograms of the phase differences between the secret keys of both users for cases (1) to (4) in Fig. 7(a). When the sum of the number of significant digits of π and the number of significant digits of the secret exponent is greater than 15, the phase difference between the two secret keys ranges from −2π to 2π, as shown in Fig. 8, which means that the secret keys cannot be used as TSK_AB. After both users successfully generate TSK_AB, the important images are encrypted and sent over an unsecured channel. The images are encrypted using the DRPE technique in which TSK_AB replaces two RPMs used for phase modulation, as shown in Fig. 1.

Fig. 7. CC between the secret keys of both users according to the number of significant digits of secret exponent a: (a) when setting the number of significant digits of π to eight decimal places, (b) when setting the number of significant digits of π to six decimal places.

Download Full Size | PDF

Fig. 8. Histograms of phase differences between the secret keys of both users for the four cases indicated by (1) to (4) in Fig. 7(a).

Download Full Size | PDF

User A encrypts a grayscale image (1024×1024 pixels), as shown in Fig. 9(a), using DRPE, in which the image is phase encoded by applying its own TSK_AB in the input and Fourier planes, respectively. The amplitude and phase distributions of the encrypted image are shown in Figs. 9(b) and 9(c), respectively. User A sends the encrypted image to user B. Then, user B can restore the image using its own TSK_AB, as shown in Fig. 9(d). Note that the CC value is one. When an attacker attempts to restore the image using the complex waveform of user A or user B, i.e., P_A and P_B in Figs. 5(a) and 5(b), the original image cannot be restored exactly, as shown in Figs. 9(e) and 9(f), where the CC values are 0.0007096 and 0.001519, respectively. Figures 9(g) and 9(h) show the images decrypted using RPM in Fig. 4(c) and the phase mask, exp[j(aθ + bθ)], i.e., the left side of Eq. (6), whose CC values are 0.001154 and 0.0009805, respectively.

Fig. 9. (a) Grayscale image, (b)-(c) amplitude and phase distributions of the encrypted image, respectively, (d) the image restored using the correct TSK_AB, (e) the image restored using the complex waveform P_A of user A, (f) the image restored using the complex waveform P_B of user B, (g) the image restored using the RPM, exp[j(θ)], (h) the image restored using the phase mask, exp[j(aθ + bθ)].

Download Full Size | PDF

In addition, we generated 30 secret exponent pairs [(a₁(x,y), b₁(x,y)), (a₂(x,y), b₂(x,y)), …, (a₃₀(x,y), b₃₀(x,y))] for two users corresponding to different session durations. Then, we calculated 30 different session keys [TSK¹_AB, TSK²_AB, …, TSK³⁰_AB] with the generated secret exponent pairs between the two users for each session. As shown in Figs. 10(a)–10(c), the phase difference between the two TSKs ranges from −2π to 2π, which is sufficient to show that the phase distribution differs significantly. As shown in Fig. 10(d), the absolute values of the CCs between two TSKs among the 30 TSKs are all less than 4 × 10⁻³, which means that TSKs used in different sessions also differ. Therefore, these TSKs can be used as the encryption and decryption keys for different sessions.

Fig. 10. (a)-(c) Histograms of the phase difference between two TSKs for the key exchange system with two users: (a) TSK³_AB and TSK¹¹_AB, (b) TSK⁸_AB and TSK¹⁵_AB, (c) TSK¹⁹_AB and TSK²⁹_AB. (d) Histogram of the CC between two TSKs for the key exchange system with two users.

Download Full Size | PDF

We performed numerical simulations on the validity of the ring-type key exchange system with four nodes (A, B, C, and D), which is shown in Fig. 3(b), to demonstrate that the proposed method allows multiple users to share a temporary session key securely. The secret exponents of the four users (a, b, c, and d) are arrays of randomly generated 1024×1024 integers less than 10⁵, similar to those shown in Figs. 4(a) and 4(b). As shown in Fig. 11, the phase difference between the secret keys is less than 10⁻¹³ radians. Thus, these secret keys can be used as TSK_ABCD for the four users.

Fig. 11. Histograms of the phase difference between two secret keys (SKs) from the proposed ring-type key exchange system with four nodes: (a) SK_A and SK_B, (b) SK_A and SK_C, (c) SK_A and SK_D, (d) SK_B and SK_C, (e) SK_B and SK_D, and (f) SK_C and SK_D.

Download Full Size | PDF

In addition, we generated 30 secret exponent sets [(a₁(x,y), b₁(x,y), c₁(x,y), d₁(x,y)), (a₂(x,y), b₂(x,y), c₂(x,y), d₂(x,y)), …, (a₃₀(x,y), b₃₀(x,y), c₃₀(x,y), d₃₀(x,y))] for four users corresponding to different sessions. Then, for each session, we calculated the 30 different session keys [TSK¹_ABCD, TSK²_ABCD, …, TSK³⁰_ABCD] with the generated secret exponent sets among the four users. Figures 12(a)–12(c) show histograms of the phase difference between the two TSKs, ranging from −2π to 2π, which indicates that the phase distribution between the two TSKs is quite different. As shown in Fig. 12(d), the CCs between the two TSKs are quite small, which confirms that TSKs used in different sessions differ significantly.

Fig. 12. (a)-(c) Histograms of the phase difference between two TSKs for the ring-type key exchange system with four nodes: (a) TSK¹_ABCD and TSK⁴_ABCD, (b) TSK⁹_ABCD and TSK²²_ABCD, (c) TSK¹³_ABCD and TSK³⁰_ABCD. (d) Histogram of the CC between two TSKs for the ring-type key exchange system with four nodes.

Download Full Size | PDF

To further demonstrate the performance of the proposed key exchange system, it is assumed that a phase image is encrypted using the DRPE scheme, in which the phase image is phase encoded by applying the first session key TSK¹_ABCD, as shown in Fig. 13(a), in the input and Fourier planes, respectively. The phase image is obtained by proportionally converting each pixel’s grayscale value of the grayscale image, for example, Fig. 9(a), to a phase in the range of −π to π. The amplitude and phase distributions of the encrypted image are shown in Fig. 13(b) and (c). Figure 13(d) shows the restored image using the second session key TSK²_ABCD, whose CC is −0.0011996. The average of absolute values of CCs between the original phase and the restored images using 29 different session keys to be used in 29 different sessions is 8.2560 × 10⁻⁴, and the standard deviation is 5.0441 × 10⁻⁴. This result means that it is not easy for an attacker to use the session key intercepted in a session to restore the image encrypted with the session key used only in another session.

Fig. 13. (a) The first session key TSK¹_ABCD used to encrypt the phase image using DRPE scheme, (b)-(c) amplitude and phase distributions of the encrypted image, respectively, (d) the restored image using the second session key TSK²_ABCD.

Download Full Size | PDF

Figure 14 shows the CCs between the restored images and the original phase image according to the ratio of pixels with the correct phase value in the TSK. Insets (a)-(e) in Fig. 14 show the CC values when the ratio of pixels with the correct phase value among pixels in the TSK is 0%, 25%, 50%, 75%, and 100%, respectively. Note that the pixels with the correct phase value in the TSK are from the central region of the TSK. When 50% of the phase values on the pixels in the TSK are correct, the CC between the restored image and original image is 0.1675, as shown in Fig. 14(c). Also, when 25% of the phase values on the pixels in the TSK are correct, the CC between the restored image and the original image is 0.03936. We see that it is not easy for the attacker to accurately find at least 25% of the phase values on the pixels in the TSK.

Fig. 14. The CCs between the original phase image and the restored images according to the ratio of pixels with the correct phase in the TSK: (a) 0%, (b) 25%, (c) 50%, (d) 75%, (e) 100%.

Download Full Size | PDF

Figure 15 shows the CC between the original image and the restored images using TSK with white noise, which shows the sensitivity of the proposed scheme against the attacker’s noise attack. Insets (a)-(e) in Fig. 15 show the CC values when the strength of the white noise in the TSK is 0%, 25%, 50%, 75%, and 100% of the normal white noise, respectively. As shown in Fig. 15, when the strength of the white noise in the TSK is about 37% of the normal white noise, the CC between the restored image and the original image is about 0.5. Even if the strength of the white noise is 50% of the normal white noise, the CC between the restored image and the original image is 0.2978. These results show that the proposed scheme is quite resistant to the attacker’s noise attack.

Fig. 15. The CCs between the original phase image and the restored images according to the strength of the white noise in the TSK: (a) 0%, (b) 25%, (c) 50%, (d) 75%, and (e) 100% of the normal white noise.

Download Full Size | PDF

Next, for the ring-type key exchange system with 10 nodes, we created 30 secret exponent sets for 10 users corresponding to different sessions. Then, for each session, we generated 30 different TSKs with generated secret exponent sets among 10 users. As an example, Fig. 16(a) shows the histogram of the CC between two SKs generated by 10 users in the seventeenth session. The CCs between the two SKs are all one, which means that the secret keys generated by 10 users can be used as the TSK for the seventeenth session. The histogram of the CC between the two TSKs for the ring-type key exchange systems with 10 nodes is shown in Fig. 16(b). The CCs between the two TSKs among 30 TSKs are quite small, which means that TSKs used in different sessions differ significantly. Similarly, 30 different TSKs were generated using 30 secret exponent sets to be used in different sessions for the ring-type key exchange system with 100 nodes. The histogram of the CC between two SKs generated by 100 users in the sixth session is shown in Fig. 16(c). Figure 16(d) shows the histogram of the CC between the two TSKs for the ring-type key exchange systems with 100 nodes.

Fig. 16. (a) Histogram of the CC between two SKs in the seventeenth session for the ring-type key exchange systems with 10 nodes, (b) histogram of the CC between two TSKs for the ring-type key exchange systems with 10 nodes, (c) histogram of the CC between two SKs in the sixth session for the ring-type key exchange systems with 100 nodes, (d) histogram of the CC between two TSKs for the ring-type key exchange systems with 100 nodes.

Download Full Size | PDF

It can be confirmed from several simulation results that each TSK generated in different sessions in ring-type key exchange systems with n nodes for n users can be used only in that session by n users. In order words, the TSK, which can be effectively utilized only in a session in which information is exchanged between users, is no longer valid when the session is over. That is, even if an attacker intercepts the TSK from users, it becomes useless in other sessions. In addition, the TSK can be used to securely encrypt images using DRPE technique only in that session. As a result, we mathematically derive conceptual algorithms that can implement PFS in optical cryptosystems such as DRPE, and based on this, the robustness of DRPE against attacks such as chosen-plaintext or chosen-ciphertext attacks is verified by numerical simulations using virtual optics, which contributes to establishing PFS in DRPE-based image cryptosystems.

In addition, numerical simulations for the proposed scheme was performed using Matlab R2020b on the computer with an Intel Core i7-7700 CPU @ 3.60GHz and 16 GB RAM. For the ring-type key exchange systems with 4 and 10 nodes, the computational times of session key generation are 0.7640 seconds and 4.3971 seconds per session key, respectively. If parallel computing is used, it can be possible to reduce the generation time of the session key.

Given that the TSK is derived from the proposed numerical operations, it will be too difficult for an attacker to apply brute force algorithms to the TSKs because the key space of the DRPE-based cryptosystems, which can be expressed as Q^N, is very large. Q denotes the phase quantization levels, and N is a totally independent pixel number in the random phase mask. In addition, an attacker cannot use the illegally obtained TSK to decode another image because a different TSK is used for each session between users. The illegally obtained TSK cannot be used because for encryption the session key generated by the proposed method is unique and only valid for the session duration. Moreover, our methods can be robust against chosen-plaintext or chosen-ciphertext attacks due to the use of a separate session key to encrypt images within each connection. Most importantly, the proposed methods offer the benefits of PFS using a temporal secret exponent mask (interchangeably), which is very suitable for DRPE systems.

In the proposed systems, the secret keys in DRPE systems automatically change every session, such that, if the latest TSK is compromised, only the latest encrypted information is exposed, and the other datasets stay safe. Therefore, even if an expired key is found, it cannot be used to attack encrypted images in the future, and images previously encrypted images cannot be decrypted using secret keys compromised in the future. This valuable characteristic of the proposed method comes from the principle that decrypting each image requires both the TSK and the secret exponents. Thus, neither leaked TSKs nor expired secret keys can help an attacker decode other datasets because each dataset has their own secret exponents to generate the TSK.

4. Conclusion

PFS is one of the most important considerations when designing cryptosystems to withstand different attacks. We propose secure ephemeral random phase key exchange schemes that provides the benefits of PFS for robust image cryptography. In the proposed schemes, a TSK between two or more users is generated using a 2D RPM with a random phase distribution in the range −π to π. Numerical simulations confirm that the phase difference in the secret keys of two users is less than 10⁻¹³ radians; thus, they can be used as the users’ session key. The proposed method makes it more difficult for an attacker to find a session key and the secret exponents of the two users by manipulating their complex sinusoidal waveforms due to the factoring problem and the phase periodicity (phase modulus 2π). In addition, these proposed concepts suggest an efficient image encryption–decryption scheme to significantly improve the security of DRPE-based cryptosystems. The results of the proposed method show that the complex sinusoidal waveform version of the ephemeral DH algorithm could be used to generate temporal phase masks for encryption in DRPE systems. The robustness of DRPE against chosen-plaintext or chosen-ciphertext attacks is verified by numerical simulations, which contributes to establishing PFS in DRPE-based image cryptosystems. We plan to implement our proposed schemes with optical configurations in the future.

Funding

National Research Foundation of Korea (NRF-2020R1A2C3006234).

Disclosures

The authors declare that there are no conflicts of interest related to this paper.

Data availability

Data underlying the results presented in this paper are not publicly available at this time but may be obtained from the authors upon reasonable request.

References

1. S. Halevi and H. Krawczyk, “Public-key cryptography and password protocols,” ACM Trans. Inf. Syst. Secur. 2(3), 230–268 (1999). [CrossRef]

2. H. Yang, Q. Zhou, M. Yao, R. Lu, H. Li, and X. Zhang, “A practical and compatible cryptographic solution to ADS-B security,” IEEE Internet Things J. 6(2), 3322–3334 (2019). [CrossRef]

3. A. Shehab, M. Elhoseny, K. Muhammad, A. K. Sangaiah, P. Yang, H. Huang, and G. Hou, “Secure and robust fragile watermarking scheme for medical images,” IEEE Access 6, 10269–10278 (2018). [CrossRef]

4. K. Boakye-Boateng, E. Kuada, E. Antwi-Boasiako, and E. Djaba, “Encryption protocol for resource-constrained devices in Fog-based IoT using one-time pads,” IEEE Internet Things J. 6(2), 3925–3933 (2019). [CrossRef]

5. P. Réfrégier and B. Javidi, “Optical image encryption based on input plane and Fourier plane random encoding,” Opt. Lett. 20(7), 767–769 (1995). [CrossRef]

6. G. Unnikrishnan, J. Joseph, and K. Singh, “Optical encryption by double-random phase encoding in the fractional Fourier domain,” Opt. Lett. 25(12), 887–889 (2000). [CrossRef]

7. G. Situ and J. Zhang, “Double random-phase encoding in the Fresnel domain,” Opt. Lett. 29(14), 1584–1586 (2004). [CrossRef]

8. T. Naughton, B. Hennelly, and T. Dowling, “Introducing secure modes of operation for optical encryption,” J. Opt. Soc. Amer. A 25(10), 2608–2617 (2008). [CrossRef]

9. O. Matoba, T. Nomura, E. Pérez-Cabré, M. S. Millan, and B. Javidi, “Optical techniques for information security,” Proc. IEEE 97(6), 1128–1148 (2009). [CrossRef]

10. W. Chen, B. Javidi, and X. Chen, “Advances in optical security systems,” Adv. Opt. Photon. 6(2), 120–155 (2014). [CrossRef]

11. I. Moon, F. Yi, Y. H. Lee, and B. Javidi, “Avalanche and bit independence characteristics of double random phase encoding in the Fourier and Fresnel domains,” J. Opt. Soc. Amer. A 31(5), 1104–1111 (2014). [CrossRef]

12. B. Javidi and T. Nomura, “Securing information by use of digital holography,” Opt. Lett. 25(1), 28–30 (2000). [CrossRef]

13. T. Nomura and B. Javidi, “Optical encryption using a joint transform correlator architecture,” Opt. Eng. 39(8), 2031–2035 (2000). [CrossRef]

14. G. Situ and J. Zhang, “Multiple-image encryption by wavelength multiplexing,” Opt. Lett. 30(11), 1306–1308 (2005). [CrossRef]

15. J. A. Rodrigo, T. Alieva, and M. L. Calvo, “Applications of gyrator transform for image processing,” Opt. Commun. 278(2), 279–284 (2007). [CrossRef]

16. Y. Zhang and B. Wang, “Optical image encryption based on interference,” Opt. Lett. 33(21), 2443–2445 (2008). [CrossRef]

17. W. Qin and X. Peng, “Asymmetric cryptosystem based on phase-truncated Fourier transforms,” Opt. Lett. 35(2), 118–120 (2010). [CrossRef]

18. X. Wang and D. Zhao, “Fully phase multiple-image encryption based on superposition principle and the digital holographic technique,” Opt. Commun. 285(21-22), 4280–4284 (2012). [CrossRef]

19. H. E. Hwang, H. T. Chang, and W. N. Lie, “Multiple-image encryption and multiplexing using a modified Gerchberg-Saxton algorithm and phase modulation in Fresnel-transform domain,” Opt. Lett. 34(24), 3917–3919 (2009). [CrossRef]

20. X. Li, X. Meng, Y. Wang, X. Yang, Y. Yin, X. Peng, W. He, G. Dong, and H. Chen, “Secret shared multiple-image encryption based on row scanning compressive ghost imaging and phase retrieval in the Fresnel domain,” Opt. Lasers Eng. 96, 7–16 (2017). [CrossRef]

21. M. Stamp, Information security: principles and practice, (John Wiley & Sons, Inc., 2006).

22. C. G. Günther, “An identity-based key-exchange protocol,” in Advances in Cryptology - EUROCRYPT’89, LNCS434, (1989), pp. 29–37.

23. H. Sun, B. Hsieh, and H. Hwang, “Secure e-mail protocols providing perfect forward secrecy,” IEEE Commun. Lett. 9(1), 58–60 (2005). [CrossRef]

24. H. Tilborg and S. Jajodia, Encyclopedia of cryptography and security, (Springer Science & Business Media, 2014).

25. H. Sun and H. Yeh, “Password-based authentication and key distribution protocols with perfect forward secrecy,” J. Comput. System Sci. 72(6), 1002–1011 (2006). [CrossRef]

26. W. Diffie and M. E. Hellman, “New Directions in Cryptography,” IEEE Trans. Inform. Theory 22(6), 644–654 (1976). [CrossRef]

27. S. Pohlig and M. E. Hellman, “An improved algorithm for computing logarithms over GF(p) and its cryptographic significance,” IEEE Trans. Inform. Theory 24(1), 106–110 (1978). [CrossRef]

28. T. Elgamal, “A public key cryptosystem and a signature scheme based on discrete logarithms,” IEEE Trans. Inform. Theory 31(4), 469–472 (1985). [CrossRef]

29. W. Diffie, P. C. Van Oorschot, and M. J. Wiener, “Authentication and authenticated key exchanges,” Designs Codes Cryptography 2(2), 107–125 (1992). [CrossRef]

30. N. Asokan and P. Ginzboorg, “Key agreement in ad hoc networks,” Comput. Commun. 23(17), 1627–1637 (2000). [CrossRef]

31. M. Qi and J. Chen, “An enhanced authentication with key agreement scheme for satellite communication systems,” Int. J. Satell. Commun. Netw. 36(3), 296–304 (2018). [CrossRef]

32. Y. Kim, M. Sim, I. Moon, and B. Javidi, “Secure random phase key exchange schemes for image cryptography,” IEEE Internet Things. J. 6(6), 10855–10861 (2019). [CrossRef]

33. R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public key cryptosystems,” Commun. ACM 21(2), 120–126 (1978). [CrossRef]

Double random phase encoding schemes with perfect forward secrecy for robust image cryptography

Abstract

1. Introduction

2. Theory

3. Numerical simulations

4. Conclusion

Funding

Disclosures

Data availability

References

Data availability

Cited By

Figures (16)

Equations (11)

OSA Continuum