0 Bewertungen0% fanden dieses Dokument nützlich (0 Abstimmungen)

23 Ansichten22 Seitenmodelling side channel

Thirumalai-Viswanathan2019_Article_ModellingASideChannelResistant

© © All Rights Reserved

modelling side channel

© All Rights Reserved

0 Bewertungen0% fanden dieses Dokument nützlich (0 Abstimmungen)

23 Ansichten22 SeitenThirumalai-Viswanathan2019_Article_ModellingASideChannelResistant

modelling side channel

© All Rights Reserved

Sie sind auf Seite 1von 22

net/publication/333585604

security

DOI: 10.1007/s11042-019-7730-1

CITATIONS READS

0 160

2 authors:

VIT University VIT University

60 PUBLICATIONS 1,084 CITATIONS 35 PUBLICATIONS 422 CITATIONS

Some of the authors of this publication are also working on these related projects:

All content following this page was uploaded by Chandra Segar Thirumalai on 25 July 2020.

Multimedia Tools and Applications

https://doi.org/10.1007/s11042-019-7730-1

cryptomata for medical data security

1

Abstract

Currently, a multimedia revolution of medical data in health information becomes part of our

computing environment. However, the interchange of medical information is typically

outsourced by third parties, which may affect the disclosure of confidentiality. To address this

issue, we address high security and confidentiality through our proposed CHAN-PKC

cryptomata. The proposed scheme uses a Diophantine equation to have the three stage of

decryption for high security, but ESRKGS and RSA has one level of decryption. The results

show that the proposed cryptomata has efficient encryption and decryption time when

compared to the existing systems. At 10 K-bit moduli of key generation, CHAN-PKC

consumes only 0.65 times of RSA, but ESRKGS takes 1.83 times of RSA. The timing

similarity shows that both CHAN-PKC and RSA has a 100% correlation, but ESRKGS has

only 90%. Hence our CHAN scheme is robust against side channel and also has a large key

space than RSA. The security analysis confirms that our CHAN-PKC is very fast, secure

against brute force and side channel attacks; therefore, it is feasible for real-time applications.

1 Introduction

Patient’s health record system has attained a phenomenal growth in health information exchange. It

is used to keep track of the patient’s health status viewed by the doctor. Digital medical images use a

large number of applications for predicting patient disease. These use public channels to store and

transmit the medical images, which make them unprotected to security threats. In medical applica-

tions, the patient’s privacy and security should be a top priority. Based on the country regions, the

chandrasegar.t@vit.ac.in

P. Viswanathan

viswatry2003@gmail.com

1

School of Information Technology and Engineering, VIT University, Vellore, India

Multimedia Tools and Applications

standards and guidelines vary on healthcare information exchange. Application security has based

on the IT service layers and application specific; hence, the security services are applied accordingly.

With long-term efforts, several researchers proposed different medical encryption schemes

for secure transfer of medical information. Some of the recent works includes asymmetric

encryption [11, 37, 64], chaotic system [16, 40], orthogonal matrix [3], dual encryption [6],

pixel-based scrambling [24], and other schemes [4, 12, 28, 45, 54]. We propose in this paper

CHAN-PKC cryptomata for medical data security to resist against side channel attack. Our

technique applies Pell’s form of an equation for encryption and decryption process. Model

results are delivered to demonstrate the performance of the proposed scheme while preserving

a high level of security and confidentiality. We further show that the CHAN-PKC scheme is

strong against side channel and key space attacks.

Through wearable devices like a watch, blood pressure (bp) monitor, are becoming more

popular, patients can explore more on their health indication. After a regular interval of time,

patients can upload their records to the cloud [39]. The doctor or the physician or through the

learned threshold functions, the record are analyzed and then convey the appropriate signals

such as low bp, normal, high, very high to the patient accordingly. Based on the health record

status report, the doctor may advise the patient to take medicine. Moreover, a doctor or an

analyst can explore new findings from the patient’s personal health history such as the

medicine played an impact on a patient’s health or change the medicine based on sex or age.

Cloud Computing plays a vital role in distributing information from various locations among

cloud users in the best possible ways. Hybrid Cloud see, e.g. [38, 44, 57, 59, 62, 65], seems to have

efficient management in serving the cloud services, but it is limited in certain ways. For instance, it

affords off-premises cloud computing as just backup data centers for several years. Gartner proposes

[20] an alternative cloud computing model as bi-modal or Hybrid IT. Rivest [48] in the 1970s

developed the phenomenal RSA Public Key Cryptosystem (PKC) has claimed to be one of the well-

suited cryptology and adopted by millions of users across the world. The primary operations and

workflow of RSA are illustrated in section 2.1, to recognize our CHAN-PKC scheme. Several secure

systems have proposed, but the majority of widely used proposals depend on Public Key Infrastruc-

ture (PKI). Some of the challenging issues [19, 31, 48, 52, 53, 61] in a PKI are (1) Before using the

public key of the client or CSP, it is compulsory to check the validity of public key certificates, and

this makes the verifier pay extra overhead in computation. (2) Due to the complex certificate

management and large size of keys, the full protocol becomes inefficient. To address this key

management concern in cloud data, we propose a CHAN-PKC protocol for efficient and real-time

use. Our system has four core entities such as Networking devices, Trusted Authority (TA) with

security services, Cloud computing, and Application Service Provider’s (ASP) has shown in Fig. 1.

The security requirements [37, 42] and threat level issues [62] differs according to the cloud

service. Because of online businesses, cloud-dominant precedes three levels of computing service:

Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). In

IaaS, the network designer is endorsed to develop and deploy both physical and virtual objects such

as bandwidth, communication, environment, processing power, storage, and virtualization. So IaaS

is mainly used to install PaaS or SaaS. Few common threats of IaaS are disfiguring, traffic flow

analysis, session hijacking, and masquerade attack. In PaaS, the application developers are endorsed

to contact operating systems and server hardware to have high scalable applications. Hardly any

PaaS security measures include intrusion detection, access control, and data protection. Some of the

common threats of PaaS include interruption, programming flaws, and software modification.

At last, in SaaS, the end user is authorized to access the software applications. Its security

measures include privacy and protection, data access, authentication, authorization, and

Multimedia Tools and Applications

software security. The usual threats of SaaS are a masquerade, session hijacking, traffic flow

analysis, privacy breach, and data interruption. From this level of cloud computing services,

the SaaS model is well suitable to keep the sensitive medical data of a patient on a cloud. Here

the ultimate priority is to preserve the privacy of the user seeing information by deploying well

secure cryptography algorithm. More precisely, the primary security concerns of networking

devices and the shared cloud is data integrity and authentication [5, 15, 27, 29, 36, 43, 47, 51].

Security structures like key generation, encryption, and decryption of CHAN-PKC have

discussed in Section 3, and its proof has sketched in Section 4.

KGS (Key Generation System) is a phase with specific constraints to generate the

keys based on the cryptographic form. Here the generated keys are used to encrypt and

decrypt the medical data. For real-time applications, this KGS module must be extremely

robust and well protected with security applications. In the domain of digital

Multimedia Tools and Applications

the symmetric cryptosystem, a similar key called secret key has shared by either cipher

receivers or KGS and then by cipher sender. Whereas in asymmetric, cipher receiver uses

its private key (d, N) to decrypt the ciphertext into medical data. In the other end, the

sender who holds the medical data, applies the public key (e, N), to transform the

medical data into cipher form. Both public and private keys of PKC shares the common

N-bit moduli, and hence one can guess the private key from the N-bit moduli itself using

factorization attack. In 2009, Kleinjung et al. [32] effectively had decrypted at 768 N-bit

RSA modulus by using the Number Field Sieve (NFS) factoring method. For practical

applications, NIST - National Institute of Standards and Technology [7] recommends that

the N-bit RSA modulus lowest size should be 2048 or 2 K bits.

The RSA KGS begins with two random secret primes p and q whose bit length is in

the range of N/2. If the N-bit moduli size is small, then one may guess the primes and

find the private key. After this, RSA KGS uses Euler function ∅(N) processed by (p − 1)

∗ (q − 1). Next, the public key ‘e’ has chosen with the constraint: 1 < e < ∅ (N) and

gcd (e, ∅(N)) = = 1 by utilizing Euclid calculation. It has noticed that the selection of

public key ‘e’ should not be equivalent to any of prime cofactor of N-bit modulus;

otherwise, both public and private key gets similar (i.e., e = d). For instance, if the chosen

primes are p = 5, and q = 7 and the selected e = 5, then the private key becomes d = 5.

Hence the public key should be selected with e ≠ p ≠ q, and at last, the private key ′d′

processed by utilizing the Extended Euclid calculation. For this, ∅(N) and ′e′ are

ðN Þ

sufficient to locate the private key d ¼ 1þk*∅ e where ′k′ is a positive integer. Due to

this, the key parameters p, q, ∅ (N) and d are extremely kept secret by the KGS itself.

There are various breeds of RSA proposed in [8, 13, 14, 25, 58, 60, 64] to strengthen the

cryptosystem by trivially considering the security and key storage constraints [23].

RSA crypto strength has primarily based on the complex nature of the Integer Factorization

Problem (IFP). When the private key size is in a small range, then cryptanalyst can hack the

original message from the transmitted public key and encipher code by applying a suitable

attack. In 1990, Wiener [63] proved that RSA is insecure when d ≤ N0.25 by Continuous

Fraction Method. In 1998, Boneh and Durfee [9] initially extended the Wiener Attack by

using Lattice theory concept which is referred as Coppersmith’s method [17] to find small

solutions of the polynomial equation and proved with acceptable assumptions that the system

becomes insecure when d ≤ N0.292.

Furthermore, they conclude that the Wiener attack becomes inactive when e > N1.5. Also, it

has noticed that both Wiener and Boneh attacks confined in polynomial time. Later in 2006, by

applying lattice theory to Dual RSA, Sun et al. [56] measured that the system is unsafe when

d ≤ N0.333. In 2014, L. Peng et al. [46] extended the attack on Dual RSA with the bound d ≤

N0.368 by applying lattice-based free linearization technique [22].

The rest of the work is structured as follows: First, we present the necessary PKC

operations on Standard. RSA and ESRKGS (Enhanced and Secured RSA Key Genera-

tion Scheme) as discussed in Section 2. Next, the new key generation algorithm called a

CHAN PKC system has described in Section 3. Section 4 presents the mathematical

proof of our new system. In Section 5, the experimental results of Standard. RSA,

ESRKGS, and CHAN-PKC from 1K to 10K moduli bits. In Section 6, we represent

our scheme against timing attack and resistance. Finally, the final remarks and conclu-

sion are presented in Section 7.

Multimedia Tools and Applications

2 Literature works

In the standard RSA public key cryptosystem [40] contains three main phases, such as key

generation, encryption, and decryption. 1. In a key generation, asymmetric keys are produced,

such as public keys (e, N) and private key (d, N). Here the message M ϵ N − 1, where N is the

product of two primes p and q. 2. In the encryption phase, the message M is transformed as

ciphertext CT using the form Me mod N → CT. Here the public key e hold the constraints i. e >

1 and ii. (e, ∅(N)) Greatest common divisor should be one. Here ∅(N) is kept secret and the

only (e, N) is shared publicly. Hence the strength of RSA ultimately depends on factoring the

p and q from RSA modulus N. 3. In the decryption phase, the ciphertext CT is retransformed as

decipher text called original message M using the form CTd mod N → DT.

2.2 ESRKGS

Thangavel [58] developed an Enhanced, and Secured RSA Key Generation Scheme (ESRKGS)

uses four primes to increase the key size exponentially. So, both the encryption and decryption

costs are exponentially higher than standard RSA. In standard RSA, it is expected with a high

probability that the decryption cost is four times higher than the encryption cost. However, by

using Rebalanced RSA proposed by Wiener [63], it is desirable to accomplish the decryption

cost with encryption. The performance comparison of ESRKGS has depicted with KGS,

encryption, and decryption time is shown in Table 4. It has done by varying its input bit with

prime p and its partial public keys e1, e2 as |p| = ∣ e1 ∣ = ∣ e2∣. Erkam et al. [41] commented on

ESRKGS that this scheme is vulnerable to factorization attack. This scheme has initially

based on four primes p, q, r, s to generate large size keys (E, D, N). But their encryption

and decryption keys share the common moduli n which depend on only two primes p, q.

Hence by using any factorization attack on these public key of moduli N, one can reveal

back the private key d. Using these (d, N) as the private key, one can transform back the

message, M, i.e. CTd mod N → M. Due to this, the security level of ESRKGS and standard

RSA lies on the same page of factorization attack. Currently, the factorization attack will

work for only 750 bits, so when the size of |p| + |q| > 750 bit, then CHAN-PKC gets safe.

3 Proposed system

3.1 CHAN-PKC

The proposed CHAN-PKC scheme outflow from the traditional method of sharing the keys

and produces the public key as (α, Re , N) is resultant in algorithm 1. This scheme of KGS

takes (R, p, q) plus RSA public key as input and produces valid private key components (e,

2Yl, N) as output, and it reveals the same in Fig. 2. The performance measure of this scheme

assessed in standings of key generation, encryption and decryption by varying its input bits as

shown in Table 3. Here, the bit length of RSA public key e lies in half of its N-bit moduli size.

Our CHAN-PKC scheme works by solving the Pell’s essential form, α + Re2 + 2RYle ≡ 1

mod ∅ (N). The chief merit of our system is that it does not need Extended Euclid’s algorithm

as like RSA-PKC. This merit has shown in the below CHAN-PKC key generation scheme. For

Multimedia Tools and Applications

cipher decryption of RSA, they apply a private key ′d′ solving the form d ≡ e−1 mod ∅ (n)

using Extended Euclid algorithm to find the modular multiplicative inverse of e.

The proposed scheme applies two levels of encryption to create the ciphertexts CT1, and

CT2 using the public key (α, Re , N). Using the private key (e, 2Yl, N) three levels of

decryption is applied which produces a high level of security and confidentiality. The existing

cryptographic strength depends on the factorization complexity. The guessed private key ′d′

has made through the factors of common modulus ′N′ and public key ′e′. However, our

proposed scheme strength depends on the complexity of RSA (e, ∅(N)) parameters and Pell’s

coordinates bit length.

Our CHAN-PKC scheme is, at its core, very related to the original system. Since it practices

the similar mechanisms to exchange a public key and the ciphers, it inherits the security

structures from it. The proposed PKC also keeps or recovers on its security and confidentiality.

The primitives used in the proposed key interchange have differed from the original scheme.

This approach also makes the guessing attack much difficult than the existing system.

The quadratic Diophantine equation of the form is given as X2 − RY2 = a where a is an

integer denoted as a Pell-type equation. For cryptography application, this integer a is taken as

pﬃﬃﬃl

one, and its lth coordinate has generated from the radical solution as X l ¼ 0:5 X 0 þ Y 0 R

pﬃﬃﬃl pﬃﬃﬃl pﬃﬃﬃl

þ0:5 X 0 −Y 0 R and Y l ¼ 2p1 ﬃﬃRﬃ X 0 þ Y 0 R − 2p1 ﬃﬃRﬃ X 0 −Y 0 R . For instance, if the

non-square integer R has taken as 13, then its radical solution of (X0, Y0) as (12, 11) and its

generated solutions are (1717, 264), (58356, 22055), (3854137, 906576), and so on. Without

assumptions, the Pell’s equation best complexity [21] to find its integer solutions (X0, Y0) is

Multimedia Tools and Applications

O(R0.25 polylog R). The polylogarithm function has a power series in ′z ′ , and a Dirichlet series

in s. Here ′zk′ is a complex sequence and ′s′ is complex.

∞ zk z2 z3

Lis ðzÞ ¼ ∑ s ¼ z þ s þ s þ ::::

k¼1 k 2 3

Multimedia Tools and Applications

Consider a User A initially holds the original medical message and wants to share them

securely to User B. For this case User B generates the public key, (α, Re , N) and private key,

(e, 2Yl, N) using the CHAN-PKC key generation phase. Based on the User A message transfer

request, the end User B shares its public key (α, Re , N) with User A. Now at the User, A end

applies the encryption process to cipher the medical message. Moreover, then securely shares

its cipher text CT1, CT2 to User B. This encryption uses the form CT1 = Mα mod N; and CT2 =

MRe mod N. At last, User B applies its private key (e, 2Yl, N) along with the received cipher

texts for decryption to retrieve back the medical message. For this, the User B applies the

decryption form of CT 1 :CT 2 e mod∅ ðN Þ :CT 2 2Y l mod∅ ðN Þ mod N .

Key Generation:

Input: (R, p, q) : (19, 673, 937)

Output: Public Key, (α, Re , N) : (309048, 275881, 630601) & Private Key: (e, 2Yl, N).

At first, a secret non-square positive integer, R = 19, and randomly selected primes p = 673,

q = 937 have taken as inputs. Hence the base coordinates (X0, Y0) of the Diophantine equation

stands (170, 39). The RSA components have shown below:

b. The common modulus, N = p. q = 673 ∗ 937 = 630601

c. Select RSA public key e, satisfying ∅ð2N Þ <e < ∅ (N) and gcd (e, ∅(N)) = = 1

That is 314496 < e < 628992 and gcd (e, ∅(N)) = = 1. Hence, the public key of RSA ′e′ has

chosen as 444883.

For instance, Pell’s co-ordinate Yl has selected as 39. Now the Pell’s public key (α, Re) are

computed as below using the Eq. (3).

α ¼ ðX l þ ∅ðN ÞÞ2 −RðY l þ eÞ2 mod∅ðN Þ

¼ ðX l Þ2 −RðY l þ eÞ2 mod∅ðN Þ

lth KGS e & 2Yl

Case Pell ’s solution, when R = 19. Public Key : Re % ∅ (N) = 275881 & αl 2Yl % ∅ (N)

when e = 444883 & ∅ (N) = 628992

Xl Yl αl = 1 − Re2 − 2RYle % ∅ (N)

1 170 39 309048 78

2 57799 13260 512862 26520

3 19651490 4508361 124500 210834

4 6681448801 1532829480 594918 580944

5 2271672940850 521157514839 532440 435630

Multimedia Tools and Applications

lth case Cipher CT2 = MRe mod N = 331108 IDT2 = CT2e % N = 566827

Cipher CT1 = Mαi % N 8

IDT 3 ¼ CT 3 2Y l mod N

1 571376 256739 8

2 536707 291408 8

3 487983 594996 8

4 314638 1 8

5 571376 256739 8

¼ ð170Þ2 mod 628992− 19*ð39 þ 444883Þ2 mod 628992

The numerical instance of our proposed scheme is presented concerning to key generation, as

shown in Table 1, and its encryption and decryption, as shown in Table 2.

Encryption:

Input: Public Key, (α, Re , N) : (309048, 275881, 630601) & a message M = 8.

Output: Ciphertexts, (CT1, CT2) : (571376, 331108)

Now, the unique message M has ciphered into two altered forms such as {CT1, CT2}

Decryption:

Input: Private Key, (e, 2Yl, N) : (444883, 78, 630601) & the cipher texts (CT1, CT2) :

(571376, 331108).

Output: Decipher text, (DT) : 8

Now, the ciphertexts are transformed back into the message using the Eq. (9).

mod∅ðN Þ

Decipher Text ¼ IDT 1 IDT 2 IDT 3 ¼ CT 1 :CT 2 e :CT 2 2 Y l mod N

¼ 8 ðOriginal messageÞ

Multimedia Tools and Applications

4 Mathematical proof

The proposed CHAN-PKC algorithm is proved mathematically in the following way: At first

for public key generation a secret non-square positive integer, R is selected to obtain the (Xl, Yl)

co-ordinate of Diophantine form X2 − RY2 = 1 where l, R ∈ Z+. Now by taking the input R, the

secret lth co-ordinate of Diophantine and the standard RSA variables (∅(N), e), the CHAN’s

public key component ′α′ is generated as shown in Eq. (4). Here ′e′ RSA public key be an odd

integer that is relatively prime to Euler totient ∅(N) = (p − 1)(q − 1), and the common modulus

′N′ is the product of two big primes p, q. Through the CHAN’s public key (α, Re , N), the

message M is encrypted into three cipher forms such as CT1, CT2, using the modular

exponentiation function as shown in Eq. (7), Eq. (8). At last, for decryption, the private key

variables (e, 2Yl, N) are used based on the Eq. (4). Therefore CHAN-PKC scheme does not

require Extended Euclid’s algorithm for modular inverse operation, but standard RSA or

ESRKS applies modular inverse for its private key generation. Now the message M is

recovered from CT1,and CT2 by a modular root extraction with CHAN private keys as

M αþRe þ2RY l e mod N ¼ M 1 mod∅ðN Þ mod N :

2

¼ X l 2 þ ∅ðN Þ2 þ 2X l ∅ðN Þ −R Y l 2 þ e2 þ 2Y l e

α≡ X l 2 −RY l 2 þ ∅ðN Þ2 þ 2X l ∅ðN Þ−Re2 −2RY l e mod∅ðN Þ

α≡ 1−Re2 −2RY l e mod∅ðN Þ

multiplying d2 on both sides of Eq. (4) we get Eq. (5),

From Eq. (5) the following way computes pattern, the transformed private key of ′e′ as E is

computed by the following way,

Multimedia Tools and Applications

The cipher codes of individual message M has given in three different procedures are as

follows:

CT 1 ¼ M α mod N ð7Þ

CT 2 ¼ M Re mod N ð8Þ

The original message M can be retrieved back from the ciphertext CT by using the following

form,

E ≡ e2 mod ∅ (N) and D ≡ d2 mod ∅ (N)

ED≡e2 d 2 ≡1mod∅ðN Þ

Now substituting the cipher codes of Eq. (7), Eq. (8), into Eq. (9) we get the message M back,

2

¼ M αþRe þ2RY l e

2

mod N

¼ M mod N ¼ M

Hence our logic is formalized with key generation, encryption, and decryption phase for the

practice of CHAN-PKC scheme.

5 Experimental results

The CHAN-PKC method is implemented using NetBeans IDE 8.1, JDK 1.8 using

BigInteger Java and its library functions such as math and random for generating

N-bit moduli KGS Time (ms) Encryption Time (ms) Decryption Time (ms)

2048 693 2744 643 43 33 60 27 16 103

3072 2215 9172 2189 63 98 108 80 120 316

4096 8194 35,987 6065 114 64 214 184 98 720

5120 14,948 74,753 14,018 188 118 368 353 202 1385

6144 44,204 194,842 33,181 387 174 601 763 315 2324

7168 73,783 222,204 46,880 485 266 962 938 500 3747

8192 105,532 337,757 79,887 749 385 1401 1470 713 5511

9216 129,518 515,191 125,973 1055 45,792 2026 2094 739 7990

10,240 338,383 619,289 222,465 1489 86,767 2691 2897 2719 10,767

Multimedia Tools and Applications

Table 4. Comparative analysis of RSA, ESRKGS, and CHAN-PKC IN RATIO SCALE (ms)

Encryption 1.21 0.62 10.80 5.93 1.70 2.08

Decryption 1.74 0.29 0.67 0.20 3.59 6.30

probable prime which supports the operations like modInverse, mod and so on. The

performance comparisons have made with Standard. RSA and ESRKGS simulated on

64-bit Intel ® Core™ i5-4200U @ 2.30GHz processor with 8GB RAM and 64-bit OS.

The initialized key parameters of the security systems are i. For standard RSA scheme,

the length of a prime number is equal to its public key size that is |p| = ∣e∣, ii. For

ESRKGS scheme the length of a prime number is equal to its partial public key

parameters that are |p| = ∣ e1 ∣ = ∣ e2∣, and iii. For CHAN-PKC scheme the length of

a prime number is equal to RSA public key size that is |p| = |e|. CHAN PKC generates the

private keys based on the Diophantine equation which avoids the extended Euclid’s

algorithm. It drastically reduces the time for generating the private keys compared to the

RSA and ESRKGS as illustrated in Tables 3 and 4. It shows that CHAN-PKC scheme

consumes less time computation compared to ESRKGS and RSA.

The RSA and ESRKGS apply one level of encryption and decryption, whereas proposed

CHAN-PKC scheme generates three levels of encryption and decryption. The decryption

scheme uses both Diophantine and RSA parameters (e, 2Yl, N) at the server end. This scheme

improves the security level by avoiding the probability of timing attack illustrated in Table 5,

and the time computation comparative analysis elevated is illustrated in Table 4. Hence the

proposed scheme entirely strengthens the security level and gets rid of surviving

vulnerabilities.

The time computation of the proposed scheme compared to ESRKGS and Standard. RSA

has evaluated by varying the N-bit moduli from 1K to 10K bits size. For each K of N-bit

moduli around 1000 random samples are generated, and its average has taken on each phase

for performance measurement.

Standard. RSA, ESRKGS, and CHAN-PKC key generation performance have

assessed and represented in Fig. 3. Also, the encryption and decryption performance

of the three schemes are shown in Figs. 4 and 5 respectively. Finally, the overall

response time has assessed and presented in Fig. 6. This valuation of performance is

critical since by knowing its response of a detailed process in a general purpose system

Encryption 1.00 0.88 0.89

Decryption 1.00 0.90 0.9

Overall ‘r’ 1.00 0.92 0.90

Multimedia Tools and Applications

the designer is sufficient to recognize the cost of executing security. In this work, we

have evaluated the run-time performance of our proposed scheme with Standard. RSA

and ESRKGS. In regard to the routine analysis itself, CHAN-PKC scheme provided the

best performance while ESRKGS was the slowest. However, as mentioned before,

ESRKGS key generation at 10 K moduli acquired 1.83 times of Standard. RSA whereas

CHAN-PKC acquired only 0.65 times of Standard. RSA has shown in Table 3, and the

same has plotted in Fig. 3.

Likewise, for ESRKGS encryption at 10 K moduli impact the enormous response, that is

around 58.27 times of Standard. RSA whereas our scheme attained only 1.80 times of

Standard. RSA which has revealed in Table 3 and the same has plotted in Fig. 4. However,

our scheme produces two different ciphertexts CT1, CT2 using the public key (α, Re , N). From

the observation, it has noticed that beyond 8 K moduli, ESRKGS encryption attained the

significant impact due to its large size of public key size E.

Finally, for decryption analysis of 10 K moduli, ESRKGS picked up around 0.93 times

only, since the ESRKGS and Standard. RSA private key size has unchanged. Hence the

security strength of ESRKGS and Standard. RSA drives on the same track. Whereas, our

scheme acquired 3.71 times of Standard. RSA decryption time, since we apply three levels of

decryption using the private key (e, 2Yl, N) and the same is shown in Table 3 and plotted in Fig.

5. Hence our CHAN-PKC scheme achieves the high level of security and confidentiality for

sensitive information.

Multimedia Tools and Applications

6 Security analysis

Due to the unusual practice of sharing confidential medical data on interactive media, there is

the necessity of deploying efficient and trustable cryptography. On the other side, several

attacks such as low private key exponent attack, low public key exponent attack, lattice attack,

factorization attack, and timing attack are some possible attacks might play on these PKC

based cryptographies. These attacks primarily aim to break the code to extract or guess the

private key from the shared public keys. To address this need, CHAN-PKC is mainly designed

to deliver a significant level of security and trust-ability that address both the communicating

device and enterprise security infrastructure. Moreover, our model is a thorough suite of

industry-recognized NIST standard agreeable [7] cryptographic toolkit for the progress of

high-assurance data protection.

A new division of cryptography emphasis on the real-life cryptographic device and its scheme

attempts to abuse physical leakages such as electromagnetic emissions, power consumption,

and processing time to predict the private key disclosure. With this secret key, the attacker

might have a lead to take confidentiality loss, unauthenticated access or privacy issues. This

timing attack beside cryptographic algorithms was first witnessed by Kocher and his studies

the cryptographic device response time [33] and power consumption [34,26] to decide the

secret key. As the modern PKC based cryptography uses 2048 bit and above, it is very tough to

Multimedia Tools and Applications

break down the system. However, some researchers have cracked the 4096 bits PKC using this

side channel attack. During the usual transmission, if a crypto device discharges its internal

state through Radio Frequency (RF) emissions, then side channel might be escalated with a

high probability of existence [35]. Through the practice of keystroke timing, the confidential

data like passwords perceived over Secure Shell (SSH) network protocol [55]. Side channel

may practice physical cache miss enactment [30] to realize the secret key. Schindler [49] offers

an attack model against RSA with Chinese Remainder Theorem (CRT) applied to advance the

decryption speed, and then he also improved [50] the attack against RSA consuming the

statistical decision model. Crosby and Wallach [18] commend the Denial of service through

algorithmic complexity attacks. The Brumley and Boneh timing attack on RSA-CRT [10] were

enhanced by Aciicmez et al. [1] to have more precision on the projected secret difference, and

he examined the Micro-Architectural attack [2] thoughtful instructional cache analysis.

Several PKC based algorithms can take a flexible amount of completion time reliant on the

type of medical data being treated such as public or private key exponent size, message, cipher

size, key generation, encryption or decryption time. As of the attacker’s point of view, the

propagation and jitter delays are restrained based on the type of network castoff. Due to these

individual timing differences, an attacker can sometimes disclose private information through

the public network. We model the Round Trip Time (RTT) between a client node and server as,

responseTime = a · CPUTime + b + jitter

CPUTime ¼ ðresponseTime−b−jitterÞ=a

Multimedia Tools and Applications

With the following conventions: responseTime is the measured RTT on the network, and ′a′ is

the constant clock skew which is independent of each host. CPUTime is the constant time of a

remote server for all requests for the similar task, and ′b′ is the constant propagation delay of

either client node to server or server to remote hosts overall requests, for all tasks. It is

measured independently to each host. Jitter is the noise introduced in the network for all

requests and tasks. To avoid this scenario, our proposed CHAN-PKC revolutionize the

traditional RSA public exponent which makes the attacker tough to reconstruct a private key

by probing the SSL web server and timing the result. As of the performance results shown in

the below Fig. 3-6 it is evident that both CHAN-PKC and standard RSA gets close association

at key generation, encryption and decryption phases of the cryptosystem. Based on the Pearson

correlation method, the performance similarities among the various phases of cryptographic

algorithms specified in Table 5 below.

From this, the strength of relationship at CPU processing time among Standard. RSA and

CHAN-PKC are nearly parallel. Also, it has perceived that from the public key and cipher texts

of CHAN-PKC scheme, it is very tough for the attacker to guess the private key when the

strength of the association coordinated to Standard. RSA and ESRKGS.

From Eq. (4), the Pell’s Key form is represented as, α + Re2 + 2RYle ≡ 1 mod ∅ (N). This form

can be rewritten as, α + Re2 + 2RYle = 1 + k ∅ (N). Based on this, our proposed scheme

chooses the public key as (α, Re , N) and private key as (e, 2Yl, N). Consider the event where

Multimedia Tools and Applications

the hacker has provided with the public key (α, Re , N), ciphertexts CT1, CT2 and tries to guess

for the original message M. Since the decryption process is of the usage,

DT ¼ CT 1 :CT 2 e mod∅ðN Þ :CT 2 2Y l mod∅ðN Þ mod N , the attacker has to guess for the private

key (e, 2Yl, N). For this, the attacker has to guess for the Euler totient ∅(N), secret key e,

and 2RYl components.

First, the attacker initiates to solve for the CHAN–PKC private key ′e', with the key space

of 2k∅ðN Þ *22RY l . Whereas, in the case of RSA – PKC the private key ′d′ lies in the complexity

ðN Þ

of solving d ¼ 1þk∅e , and it lies in the key space of 2k ∅ (N). From Eq. (4), the Pell’s form is

given as, α + e(Re + 2RYl) = 1 + k ∅ (N). The alternate form is, e(Re + 2RYl) = 1 + k ∅ (N) − α

ðN Þ−α

and its respective solution is shown below, e ¼ 1þk∅ Reþ2RY l

Thus, the private key of CHAN-PKC ′e′ security strength depends upon by the guessing

factor of Euler totient ∅(N) and 2RYl.

Next to solve for the next private key ′2Yl', using the Eq. (4) we use the solution as,

0

Þ−Re e0 −α

2Y l ¼ 1þk∅ðNRe . Here the attacker has to guess for the key space of 2k∅ðN Þ *2e :

Therefore, the security complexity of CHAN-PKC depends on the key space of

0

j2k∅ðN Þ *22RY l j þ j2k∅ðN Þ *2e j. These are large enough to render key search attacks impractical.

Hence our proposed scheme is more secure than the standard RSA when considering the key

space.

7 Conclusion

In this paper, we propose a CHAN-PKC scheme based on improved RSA public key

cryptography with Diophantine equation to have the three stage of decryption for high

security. The proposed scheme aims to resolve the problem of guessing the private key

(e, 2Yl, N) from the public key (α, Re, N). The robustness of the CHAN-PKC depends on

key generation parameters bit-length. Moreover, key space analysis demonstrates the

huge key space to defeat brute force attack. The experimental results demonstrate that the

proposed KGS scheme provides proper time computation by utilizing around 0.24 times

of ESRKGS and 0.82 times of Standard. RSA only. For instance, at 10 K-bit moduli of key

generation, CHAN-PKC consumes only 0.65 times of RSA, but ESRKGS takes 1.83 times of

RSA. Whereas, the overall encryption and decryption time of CHAN-PKC has higher than

RSA and ESRKGS due to three stage decryption. The timing similarity shows that both CHAN-

PKC and RSA has the 100% correlation, but ESRKGS has only 90%. Thus, our scheme holds

good imperceptibility against side-channel timing attack. Therefore, the proposed scheme

renders a suitable solution for medical image transmission over public networks.

Acknowledgements The authors would like to thank the anonymous reviewers for their helpful comments and

suggestions.

This article does not contain any studies with human participants performed by any of the authors.

Conflict of interests Chandrasegar Thirumalai declares that he has no conflict of interest. Viswanathan P

declares that he has no conflict of interest.

Multimedia Tools and Applications

References

1. Aciicmez O, Schindler W, Cetin K Koc (2005) , BImproving brumley and boneh timing attack on

unprotected SSL implementations,^ in Proceedings of the 12th ACM Conference on Computer and

Communications Security (CCS’05). Alexandria, VA, pp. 139–146.

2. Aciicmez O, Seifert JP, Koc CK (2007) Micro-architectural cryptanalysis. IEEE Secur Priv 5(4):62–64

3. Ahmad J, Khan MA, Ahmed F, Khan JS (2017) A novel image encryption scheme based on orthogonal

matrix, skew tent map, and XOR operation. Neural Comput & Applic:1–11. https://doi.org/10.1007

/s00521-017-2970-3

4. An X. Xhafa F, Cai W, Ma J, Wei F (2016) BEfficient privacy preserving predicate encryption with fine-

grained searchable capability for Cloud storage^ in Elsevier Ltd, 1–13.

5. Atzori L, Iera A, Morabito G (2010) The internet of things: a survey. Comput Netw 54(15):2787–2805

6. Avudaiappan T, Balasubramanian R, Pandiyan SS, et al (2018) Medical Image Security Using Dual

Encryption with Oppositional Based Optimization Algorithm

7. E. Barker and Q. Dang (2015) BRecommendation for Key Management Part 3: Application-Specific Key

Management Guidance,^ National Institute of Standards and Technology, NIST Special Publication 800–57

Part 3 Revision 1, 102 pp.

8. Bellini E, Murru N (2016) An efficient and secure RSA–like cryptosystem exploiting R’edei rational

functions over conics. Finite Fields Appl 39:179–194

9. Boneh D, Durfee G (1999) BCryptanalysis of RSA with private key d less than N0.292,^ Advances in

Cryptology-EUROCRYPT’99 LNCS, Vol. 1592 of pp. 1–11, Springer, Berlin, Germany

10. Brumley D, Boneh D (2004) BRemote timing attacks are practical,^ in Proceedings of the 12th USENIX

Security Symposium (SECURITY’04), Washington, DC

11. Cai J, Shen X, Lei M (2017) Optical asymmetric cryptography based on amplitude reconstruction of

elliptically polarized light. Opt Commun 403:211–216. https://doi.org/10.1016/j.optcom.2017.07.049

12. Cao W, Zhou Y, Chen CLP, Xia L (2017) Medical image encryption using edge maps. Signal Process 132:

96–109. https://doi.org/10.1016/j.sigpro.2016.10.003

13. Chandra Segar T, Vijayaragavan R (2013) BPell’s RSA key generation and its security analysis,^

Computing, Communications and Networking Technologies (ICCCNT), Fourth International Conf. on,

IEEE, pp. 1–5

14. Chandramowliswaran N, Srinivasan S, Muralikrishna P (2015) Authenticated key distribution using given

set of primes for secret sharing. Sys Sci Control Eng 3(1):106–112

15. Chaum D (1982) BBlind signatures for untraceable payments,^ in CRYPTO, pp. 199–203

16. Chen J, Zhang Y, Qi L et al (2018) Exploiting chaos-based compressed sensing and cryptographic algorithm

for image encryption and compression. Opt Laser Technol 99:238–248. https://doi.org/10.1016/j.

optlastec.2017.09.008

17. Coppersmith D (1997) Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J

Cryptol 10(4):233–260

18. Crosby S, Wallach DS (2003) BDenial of service via algorithmic complexity attacks,^ in Proceedings of the

12th USENIX Security Symposium (SECURITY’03)

19. Dehkordi MH, Mashhadi S (2008) New efficient and practical verifiable multi-secret sharing schemes. Vol.

178:2262–2274

20. BGartner Says Hybrid IT is Transforming the Role of IT;^ Gartner; 3/5/2012; http://www.gartner.

com/newsroom/id/1940715

21. Hallgren S, Way I (2006) Polynomial-time quantum algorithms for Pell’s equation and the principal ideal

problem, vol 0049092, pp 1–21

22. Herrmann M, May A (2010) BMaximizing small root bounds by linearization and applications to small

secret exponent RSA,^ PKC LNCS Vol. 6056, pp. 53–69. Springer, Heidelberg

23. Hsu C, Zeng B, Zhang M (2014) A novel group key transfer for big data security. Appl Math Comput:436–

443

24. Hu J, Han F (2009) A pixel-based scrambling scheme for digital medical images protection. J Netw Comput

Appl 32:788–794. https://doi.org/10.1016/j.jnca.2009.02.009

25. Iovane G (2008) BThe distribution of prime numbers - The solution comes from dynamical processes and

genetic algorithms^, 37. 23–42

26. Joye M, Paillier P, Schoenmakers B (2005) On second-order differential power analysis. In: International

workshop on cryptographic hardware and embedded systems. Springer, Berlin Heidelberg

27. Ari Juels, Michael Luby, and Rafail Ostrovsky 1997 "Security of blind digital signatures," in Burton S. Jr.

Kaliski, editor, CRYPTO, volume 1294 of Lecture Notes in Computer Science, pages 150–164. Springer

Multimedia Tools and Applications

28. Kanso A, Ghebleh M (2015) An efficient and robust image encryption scheme for medical applications.

Commun Nonlinear Sci Numer Simul 24:98–116. https://doi.org/10.1016/j.cnsns.2014.12.005

29. Karygiannis T, Eydt B, Barber G, Bunn L, Phillips T (2007) Guidelines for securing radio frequency

identification (RFID) systems. NIST Spec Publ:800–898

30. Kelsey J, Schneier B, Wagner D, Hall C (2000) Side channel cryptanalysis of product ciphers. J Comput Sec

8(2–3):141–158

31. Khan MA (2016) Journal of network and computer applications a survey of security issues for cloud

computing. J Netw Comput Appl 71:11–29

32. Kleinjung T, Aoki K, Franke J, Lenstra A.K, Thomé E, Bos J.W, Gaudry P, Kruppa A, Montgomery P.L.,

Osvik D.A, Riele H.J.J, Timofeev A, Zimmermann P (2010) , BFactorization of a 768-bit RSA modulus,^

In: Rabin T. CRYPTO 2010. LNCS, vol. 6223, pp. 333–350. Springer, Heidelberg

33. Kocher P (1996) BTiming attacks on implementations of Diffie-Hellman,RSA, DSS, and other systems,^

Advances in Cryptology –CRYPTO’96, Santa Barbara, California (N. Koblitz, ed.), LNCS, vol. 1109,

Springer, pp. 104–113

34. Kocher P, Jaffe J, Jun B 1999 BDifferential power analysis,^ in Proceedings of the Annual International

Cryptology Conference (CRYPTO’99). M. Wiener, Ed. LNCS, vol. 1666. Springer-Verlag, Santa Barbara,

CA

35. Kuhn, MG, Anderson RJ, BSoft Tempest: Hidden data transmission using electromagnetic emanations,^ in

Proceedings of the 2nd Workshop on Information Hiding (IH’98), Portland, OR

36. Kumar R, Kohler E, Srivastava M (2007) "Harbor: software-based memory protection for sensor nodes," in

Proceedings of IPSN, Cambridge, MA, USA

37. Laiphrakpam DS, Khumanthem MS (2017) Medical image encryption based on improved ElGamal

encryption technique. Optik (Stuttg) 147:88–102. https://doi.org/10.1016/j.ijleo.2017.08.028

38. Li Y, Gai K, Qiu L, Qiu M, Zhao H Intelligent cryptography approach for secure distributed big data storage

in cloud computing. Inf Sci 2016:1–13

39. Liu J, Huang X, Liu JK (2014) Secure sharing of personal health records in cloud computing: Ciphertext-

policy attribute-based Signcryption. Futur Gener Comput Syst

40. Liu J, Ma Y, Li S et al (2018) A new simple chaotic system and its application in medical image encryption.

Multimed Tools Appl 77:22787–22808. https://doi.org/10.1007/s11042-017-5534-8

41. Luy E, Karatas ZY, Ergin H (2016) Comment on BAn enhanced and secured RSA key generation scheme

(ESRKGS)^. J Inform Sec Appl. https://doi.org/10.1016/j.jisa.2016.03.006

42. Martini B (2016) Cloud manufacturing: security , privacy , and forensic concerns. IEEE Cloud Comput:16–

22

43. Merkle RC, Helman ME (1984) Hiding information and signatures in trapdoor knapsack. IEEE Trans on Inf

Theory 24:525–530

44. Modic J, Trapero R, Taha A, Luna J (2016) Novel efficient techniques for real-time cloud. Comput Sec 62:

1–18

45. Sahadeo Padhye (2006) BA Public Key Cryptosystem Based on Pell Equation,^ IACR Cryptology. 191

46. Peng L, Hu L, Lu Y, Xu J, Huang Z (2016) Cryptanalysis of dual RSA. Design Codes Cryptography:1–21

47. Pointcheval D, Stern J (1997) , "New blind signatures equivalent to factorization," Proceedings of the 4th

ACM conference on Computer and communications security, ACM

48. Rivest RL, Shamir A, Adleman LA (1978) A method for obtaining digital signatures and public-key

cryptosystems. Commun ACM 21(2):120–126

49. Schindler W (2000) BA timing attack against RSA with the Chinese remainder theorem,^ in Proceedings of

Cryptographic Hardware and Embedded Systems Worcester. 109–124.

50. Schindler W (2002) Optimized timing attacks against public key cryptosystems. Stat Decisions 20:191–210

51. Schnorr C. P. Efficient Identification and Signatures for Smart Cards. in Crypto '89 (1990), LNCS 435,

Springer-Verlag, pp. 235–251.

52. Schoenmakers LAM (1995) BAn Efficient Electronic Payment System Withstanding Parallel Attacks,^

Tech. rep., CWI. CS-R9522.

53. Singh S, Jeong Y-s, Hyuk J (2016) A survey on cloud computing security : issues , threats , and solutions. J

Netw Comput Appl 75:200–222

54. Sinha A (2016) Nonlinear optical cryptosystem resistant to standard and hybrid attacks. Opt Lasers Eng 81:

79–86. https://doi.org/10.1016/j.optlaseng.2016.01.013

55. Song DX, Wagner D, Tian X (2001) Timing analysis of keystrokes and timing attacks on SSH. In:

Proceedings of the 10th USENIX SECURITY symposium (SECURITY’01), Washington DC

56. Sun H, Wu M, Ting W, Hinek MJ (2007) Dual RSA and its security analysis. IEEE Trans Inf Theory 53(8):

2922–2933

57. Sun L, Dong H, Khadeer F, Khadeer O, Chang E (2014) Cloud service selection: state-of-the-art and future

research directions. J Netw Comput Appl 45:134–150

Multimedia Tools and Applications

58. Thangavel M, Varalakshmi P, Murrali M, Nithya K (2015) An enhanced and secured RSA key generation

scheme (ESRKGS). J Inform Sec Appl 20:3–10. https://doi.org/10.1016/j.jisa.2014.10.004

59. Thirumalai C, Viswanathan P (2018) Hybrid IT architecture by gene-based cryptomata (HITAGC) for

lightweight security services. Serv Oriented Comput Appl. https://doi.org/10.1007/s11761-018-0237-1

60. Viswanathan P (2016) Randomized cryptographic spatial fusion Steganographic system. J ICT Res Appl

ITB 10(1):15–28

61. Wan W, Yang W, Chen J (2015) An optimized cross correlation power attack of message blinding

exponentiation algorithms. Chin Commun 12(6):22–32

62. Wan J, Tang S, Yan H (2016) Cloud robotics : current status and open issues. IEEE Access 4:2797–2807

63. Wiener MJ (1990) Cryptanalysis of short RSA secret exponents. IEEE Trans Inf Theory 36(3):553–558

64. Zhao T, Ran Q, Yuan L et al (2015) Key distribution and changing key cryptosystem based on phase

retrieval algorithm and RSA public-key algorithm. Math Probl Eng 2015. https://doi.org/10.1155/2015

/732609

65. Zhu, Robert W and Yang, Guomin and Wong, Duncan S (2007) BAn efficient identity-based key exchange

protocol with KGS forward secrecy for low-power devices^, 3828, pp. 500–509.

Publisher’s note Springer Nature remains neutral with regard to jurisdictional claims in published maps and

institutional affiliations.

Chandra Segar Thirumalai is working as an Assistant Professor Senior in School of Information Technology

and Engineering at VIT University, India. He is doing his Ph.D. in School of Information Technology and

Engineering at VIT University, India. He did his Master of Technology in Computer Science and Engineering at

Pondicherry Central University, India, in 2009. He received the Bachelor of Engineering in Computer Science

and Engineering from Dr. Paul’s Engineering College, Anna University affiliations, India, in 2005. His area of

specialization includes Public Key Cryptography, Security, and Networking. He received the GATE score

conducted by MHRD, India in 2009 and qualified in SET conducted by Tamil Nadu, India in 2016. He received

VIT Most Active Researcher Award from the year 2011 to 2016. He has published more than 55 papers taking

into account journals and conferences.

Multimedia Tools and Applications

Dr. P. Viswanathan is an Associate Professor in School of Information Technology and Engineering, VIT

University, India. He is a professional member of IEEE and published various journals and conferences. He

received Bachelor of Engineering in Computer Science Engineering from Madurai Kamaraj University, Madurai,

India, on 2002, then Master of Engineering in Computer Science Engineering from Annamalai University,

Chidambaram, India, on 2006 and, received Doctorate from Vellore Institute of Technology University, India, on

2014. His current research interests include digital image processing, network security, and cloud computing. He

received best poster award from Indian science congress in the year 2007 and received VIT Most Active

Researcher Award from the year 2010 to 2016.