201O 3rd InternationalConference on AdvancedComputer Theoryand Engineering(ICACTE)

A Secure Communication Platform Based on Gemstone

Yanjiao Chen, Jian Wang, and Ruming Yin Bo Liang Dept. of Electronic Engineering, Tsinghua University AQSIQ Information Center Beijing 100084, China Beijing 100088, China [email protected] [email protected]

Abstract-In this paper, we have implemented a secure FUBUKI based on a non-secure pseudo-random number communication platform based on a new stream cipher called generator (the mother generator) [9]. Gemstone which stems from coupled map lattices (CML), a Gemstone is also a candidate of eSTREAM, motivated nonlinear system of coupled chaotic maps. On the platform, we have realized duplex text, image and voice transmission. We by coupled map lattice (CML), a real-valued nonlinear have also analyzed the randomness of the keystream generated system of coupled chaotic maps [10]. While preserving good by the platform based on the statistical tests suggested by the confusion and diffusion property of CML, Gemstone National Institute of Standards and Technology (NIST). The properly discretizes the CML, improving the security as well test results are compared with other four stream ciphers'. as the performance. In addition, Gemstone is robust against Moreover, a series of experiments of duplex text, image and voice transmissions were made through university local IV setup attacks since there are no high probability network. Both the statistical test and the transmission difference propagations or high correlations over the IV experiments have shown that the platform is highly secure with setup scheme [10]. fast encryption speed, which confirms that the Gemstone In this paper, we have built a secure communication platform is promising for cryptographic applications. platform on which Gemstone is used for data encryption. We

Keywords-CML (coupled map lattices); stream cipher; also set the statistical tests on the platform including Gemstone; encryption; decryption; statistical test. Frequency test, Runs test and Spectral test (also known as DFT test) to evaluate the randomness of the keystream. I. INTRODUCTION The results are compared with other four stream ciphers: th 20 century saw a rapid expansion of wireless Rabbit, FUBUKI, Yamb and a primitive algorithm based on communication. As wireless platforms grow in popularity CML (We refer to this algorithm as Chaotic algorithm in this and store valuable information, security is becoming an paper), which verify that the keystream generated by the important area of research and development. Encryption is a platform has ideal random properties. The experiments of conventional way to protect the wireless link. Compared duplex text, image and voice transmissions via university with block ciphers, stream ciphers can be faster and have local network have further proved that the platform can limited error propagation [1]. Therefore, stream ciphers are ensure security and fast encryption speed. widely adopted in wireless communication. For instance, The rest of the paper is organized as follows. Section 2 GSM uses the A5/I and A5/2 stream ciphers for ensuring gives brief introduction to Gemstone. The implementation of over-the-air voice privacy [2]; The EO stream cipher is used the secure communication platform is described in Section 3. for encrypting packets in Bluetooth [3]; In IEEE 802.11 In Section 4, we present the statistical test results. Also, a standard, Wireless Equivalent Privacy (WEP) uses the particular description of duplex image transmission on the stream cipher RC4 for confidentiality [4]; so does Wi-Fi platform is given. Conclusions and discussions are in Section Protected Access (WPA), a further enhancement of WEP. In 5. 2000, New European Schemes for Signatures, Integrity and Encryption (NESSIE) was funded to identify secure II. A BRIEF INTRODUCTION OF GEMSTONE cryptographic primitives. Stimulated by NESSIE, eSTREAM Gemstone is a synchronous stream cipher, using a I28-bit project arises to further promote the study of "new stream key K and a 64-bit initialization vector IV. A long ciphers that might become suitable for widespread adoption" pseudorandom key stream is generated based on the state [5]. variables and counter variables, after which the bitwise XOR There is a great number of stream cipher algorithms of the key stream and the plaintext is computed to produce proffered both in academia and in industry. Rabbit is one of ciphertext [10]. the candidates of the eSTREAM, proposed by Martin The 256-bit internal state of the cipher is divided into Boesgaard [6]. In [6] [7], a comprehensive security analysis eight I6-bit state variables Xi,n and eight I6-bit counter has been made, confirming Rabbit's resistance to some variables Ci,n • Xi,n is the i-th I6-bit state variable at iteration n conventional attacks. Yamb, another candidate, is described and Ci,n is the corresponding I6-bit counter variable. in details in [8]. MAKOTO MATSUMOTO has proposed 1) The state-update fu nction:

978-1-4244-6542-2/$26.00 © 2010 IEEE V2-527 2010 3rd International Conference on AdvancedComputer Theoryand Engineering(1CACTE)

The state-update function is shown in Figure 1, in which S denotes iteration of discretized CML for times, i.e., (7) N 5 = EB Sl,n = x ,n EElx l,n ' so,n x4,n xo,n S(T) = VN (T +1)- 1, (1 ) In our previous work, we proved that there are no high where V represents discretized CML as (2). As for the parameters of S-box, A is usually set as 16409 probability difference propagations or high correlations over and N is 20. Addition modulo M=216 is chosen to modify the IV setup scheme. So Gemstone is resistant against the nearest neighbour coupling in CML. differential and linear cryptanalysis attacks [11 ]. We also Z showed the linear correlations between consecutive key {1 � l IS;;ZS;;A stream bits of Gemstone are below the safe bounds [10]. v(z)= (2) Thus, Gemstone should be very secure. l M<:-�Z)J + l, III. PLATFORM IMPLEMENTATION r------� 1------, The schematic figure of the secure communication I I g I I g C/." I I I platform is given in Figure 2. I I I I I I ...... Xi,,,+1 : I 1--T1--II-+lD2 S21--'- 1 �-++- I r"'"'''''''''''''''''''' �;:,;,"� �------... I y,... Ig"'l "i.. I /". L ______-' L ______I : :.i ______J i Kcyslrcarn Figure 1. State-Update function.

D denotes mixing transformation: lnSCClln: 11 00 ··· 1 channel 1110 ··· 0

D= 0111 ··· 0 (3) K�yslrcam Gemstone

1000 ··· 1 The counter variables are updated during each iteration Figure 2. Schematic figureof the secure communication platform based on according to a maximum-length LFSR as: Gemstone. lO] C(I5.. .! ] cI ,n+l =c l+l,n

V2-528 2010 3rd International Conference on AdvancedComputer Theoryand Engineering(1CACTE)

secure text, image and voice transmission through university local network based on the platform. As the space is limited, we only elaborate on the result of secure image transmission here. The statistical tests and experiments are performed with Intel Pentium 4 3.00GHz processor and 2.00GB RAM. A. Statistical test Randomness is a probabilistic property. There are 3 steps to conduct a statistical test: 1) SpecifY the null hypothesis. In this paper, the null hypothesis (HO) is "the sequence under test is random"; 2) Compute randomness statistic; 3) Compute the P-value. If P-value � a, we demonstrate that the sequence is random. Otherwise, the sequence is non-random. a is the probability of Type one error. Figure 3. The interface of the secure communication platform (text transmission). Frequency test provides the basis for all the other tests. It focuses on the proportion of zeros and ones in the sequence. A run is a successive sequence of an identical bit ("0" or "1 "). Runs test will calculate the total number of runs in a sequence of n bits and decide whether the number is as expected for a random sequence. The Frequency test and Runs test focus on the time domain features of the tested sequence while the DFT test evaluates periodic features of the sequence in frequency domain. We accomplish Frequency test, Runs test and Spectral test on the platform. The parameters of each test are listed in table I.

TABLEr. PARAMETERS SETIING Input size of Number of bit streams Significance each bit (the number of level stream repeated tests) Figure 4. The interface of the secure communication platform (voice Frequency Test 24576 100 0.01 transmission). Runs Test 24576 100 0.01

Figure 4 depicts the typical interface of duplex secure DFT Test 1024 100 0.01 voice transmission. The original voice is encrypted by Gemstone and then transmitted via insecure channel in Under the assumption of randomness, the derived confidence. In order to further study the differences before P-value of each test should be distributed uniformly in the and after encryption, the "FFT" button performs 51 2 points range [0, 1]. With 100 bit streams, if we rank the P-values of fast Fourier transformation. In this way, the users can from the smallest to the largest and then dot the result, the observe the waveforms of the original voice, the encrypted curve will approximate the diagonal line of the coordinate voice as well as the decrypted voice in both the time domain axis. and the frequency domain. The platform is developed using C# under the Windows B. Test Results and the transmission is based on TCP/IP network. 1) Frequency test The results of Frequency test are given in Figure 5. IV. STATISTICAL TESTS AND EXPERIMENTS ON THE If the P-value exceeds 0.01 , we consider the algorithm PLATFORM passes the test. The passing ratio is as follows: In order to examine the performance of the secure communication platform, we have conducted a series of tests TABLE II. PASSINGRA no FOR FREQUENCYTEST (%) and experiments. The statistical tests are based on the test Gemstone Rabbit FUBUKI Yamb Chaotic suite issued by NIST [12] which examines the random 94 91 89 90 91 property of the platform by comparing with other four mainstream stream ciphers. We have also realized duplex

V2-529 2010 3rd InternationalConference on AdvancedComputer Theoryand Engineering(ICACTE)

A small P-value means that there are too many ones or sequence. The curve deviates from the theoretical line more zeros in the sequence. The test results indicates that all the than in the previous tests due to short input size. The passing algorithms performs well in the Frequency test which means ratio is lower than that in Frequency test and Runs test. that they generate "O"s and "1 tIs with approximately the same Yamb performs the best and Chaotic the worst. probability. Gemstone slightly out-performs the other four An experiment of image transmission though university algorithms. C. local network -- ." According to the information theory, entropy measures .� the amount of information that is missing before reception. As is devised by Claude Shannon in 1948, the definition of entropy is expressed as [13]:

- H(X) = p(x;) p(x;) (8) - ,. -I 10gb i=1 in which p(xJ denotes the probability of a particular message. I The larger the entropy, the less information is contained, vice / .- versa. If each message is transmitted with equal probability, .I " it can be proved that the information carried is the least . ./ For an image that displays certain patterns, the pixels / I,. forming the image will not be uniformly distributed. Figure 5. The results of frequency test. Therefore, the byte array which represents the formation of pixels in the image will also demonstrate such biasness. The 2) Runs test pixel format of image studied by this paper is The passing ratio of Runs test is given in TABLE III. Format32bppP Argb, in which a pixel is denoted by a group If the P-value exceeds 0.01 , we consider the algorithm of four bytes. The four bytes represent Red, Green, Blue and passes the test. a (a is the degree of transparency) respectively, taking values from OxOO to OxFF. TABLE III. (%) PASSING RATIo FOR RUNSTEST The result of image encryption and decryption is shown Gemstone Rabbit FUBUKl Yamb Chaotic in Figure 6. Figure 7 displays the distributions of byte arrays

\00 99 98 98 57 before and after encryption. The original image usually has a predominant color. So there are peaks and valleys in the byte arrays which represent A small P-value indicates that the number of runs in the this color composition. Figure 7, it is clear that after sequence being either too large or too small. If there are too In encryption, the byte arrays distribute uniformly among all many runs in the sequence, the switch between ones and the values so the information in the original image is well zeros is all-too-frequent, e.x. 01010101 . If there are too few hidden. The color feature of the original image is effaced by runs in the sequence, the switch between ones and zeros is encryption. too scarce, e.x. 00... 001l . .l1 . Both case results in deviation The encryption speed of Gemstone is investigated using from a truly random sequence. The testing results show that the eSTREAM testing framework with the same processor as Gemstone, Rabbit, FUBUKI and Yamb perform rather the statistical tests and experiments. The encryption rate of perfectly while Chaotic falls far behind with only 57/1 00 ciphering long streams in chunks of about 4KB and the passing rate. IV Setup rate are tested. The results are depicted in Figure 8 and 3) Spectral test Figure 9. The results have showed that Gemstone is slightly The passing ratio of Spectral test is given in TABLE IV. slower than Rabbit when encrypting long streams. However, If the P-value exceeds 0.01 , we consider the algorithm the initialization speeds of Gemstone are higher than Rabbit, passes the test. Yamb and FUBUKI. Therefore, the platform may have some advantages in the applications where many very small TABLE IV. PASSING RATIO FOR SPECTRAL TEST (%) packets are encrypted.

Gemstone Rabbit FUBUKI Yamb Chaotic

83 88 86 91 76 A low P-value mdIcates that there are too many peaks exceeding the threshold. As the peaks represent strong periodic features, it is undesirable for a pseudo-random

V2-530 2010 3rd International Conforence on AdvancedComputer Theoryand Engineering(1CACTE)

byte array becomes uniform which maximizes the entropy and minimizes the information.

IVSetup Rate 140000 .,------H<>HhO-- � 120000 +------­ � 100000 +------� 80000 +--______� ruL'_"____ _ o 60000 +------� 40000 Z 20000 +------

Citomslone Rabbit Yamb FUBUKI Algorithm

Figure 9, The IV setup rate,

In conclusion, we have realized a secure communication Figure 6, The result of image transmission of oryx, platform using a new stream cipher named Gemstone. The

-- .... platform proves to be simple yet promising for cryptographic "'- - applications. With this work we hope to stimulate new investigations towards promoting stream cipher encryption into practical public service. As part of our ongoing work, we are targeting at applying the platform to wireless communications.

REFERENCES

[I] Hoonjae Lee, and Sangjae Moon, "Parallel stream cipher for secure high-speed communications," Signal Processing, vol. 82, Issue 2, pp. Figure 7. The distribution before and after encryption of the image oryx, 259-265, February 2002, [2] Quirke, Jeremy, "Security in the GSM system," AusMobile, May, 2004. Long Stream Encryption Rate [3] Bluetooth S.I.G" Specification of the Bluetooth System, Version 1.2., 160 ,------"TIT",-- available from http://www,bluetooth.orglspec, 2003. 140 +------[4] LANIMAN Committee of the IEEE Cmputer Society, "802,11-2007", j 120 +------­ Approved by IEEE-SA Standards Boards, 8 March 2007, b'oo+------[5] The eSTREAM Project. http://www.ecrypt.eu.orglstreamlindex.html. 80 5 +------­ [6] Boesgaard M, Vesterager M, Christensen T, et ai, "The stream cipher � 60 ------==--­ +-- Rabbit," Technical report, ECRYPT Stream Cipher Project Report, � 40 - +----===----- 2005, 5 20 Z [7] Boesgaard M, Vesterager M, Pedersen T, et aI., "Rabbit: A new Gemstone Rabbit Yamb FUBUKI high-performance stream cipher," Lecture Notes in Computer Science, Algorithm 2887:307-329, 2003. [8] Honjun Wu, and Bart Preneel, "Distinguishing attack on stream cipher Figure 8. The long stream encryption rate. Yamb," ECRYPT Stream Cipher Project Report, 2005, [9] MAKOTO MATSUMOTO, TAKUJI NISHIMURA, MARIKO HAGITA, and MUTSUO SAITO, "CryptMT stream cipher version 3," V. CONCLUSION ECRYPT Stream Cipher Project Report, 2005, Due to high speed and limited error propagation, stream [10] Ruming Yin, Jian Yuan, Qiuhua Yang, Xiuming Shan, and Xiqin Wang, "Gemstone: A new stream cipher using coupled map lattice," cipher is potential in future wireless cryptographic The 5th China International Conferences on Information Security and application. In this paper, we develop a secure Cryptology (lnscrypt09), Lecture Notes in Computer Science, communication platform based on Gemstone, a new stream Springer-Verlag, pp,82-97, Dec., 2009, [II] Ruming Yin, Jian Yuan, Qiuhua Yang, Xiuming Shan, Xiqin Wang, cipher. We have conducted statistical tests which verifY that "Linear cryptanalysis for a chaos-based stream cipher," in Proc, of the platform has satisfactory random properties both in time International Conference on Communications, Information and domain and frequency domain. The experiments of duplex Network Security (lCCINS 2009), vol. 60, pp,766-77I, 2009, [1 2] Andrew Rukhin, Juan Soto, James Nechvatal, Miles Simid, Elaine text, image and voice transmissions through university local Barker, Stefan Leigh, Mark Levenson, Mark Vanger, David Banks, network substantiate the demonstration that the platform can Alan Heckert, James Dray, San Vo, "A Statistical Test Suite for provide high security as well as fast encryption speed. We Random and Pseudorandom Number Generators for Cryptographic Applications," Special Publication 800-22 Revision I of NIST, August displayed the byte array distribution before and after 2008, encryption. The original byte array exhibits biasness toward [1 3] C. E. Shannon, "A Mathematical Theory of Communication," Bell certain values. But after encryption, the distribution of the System Technical Journal, vol. 27, pp, 379-423, 623-656, July, October, 1948.

V2-531