A secure cloud framework is designed where the videos uploaded by the data owner or cloud user is securely stored in a block cipher feedback mode. The outsourced video data is first fragmented into several fragments and then each fragment is encrypted using the key pair generated at owner side using modified AES. The existing approach of fragment-then-encrypt provides security but there is an increased risk of data loss. The proposed framework of enhancing secured storage of videos in cloud is shown Fig. 1. The video data uploaded by the owner is fragmented horizontally / vertically and then encrypted using modified AES with 2D discrete hyperchaotic map based S-box. In CFB mode of AES operation, the current plaintext block is being XORed with the ciphertext of previous block to create a current ciphertext block. During the initial phase, plaintext is XORed with the initialization vector to generate the first ciphertext block of 128 bits.
Encryption of video files are performed as
Step 1) Data owner upload the video files for secured storage with protected access. This outsourced video file is fragmented into many fragments in frames in temporal and spatial frame space. The video file is passed to Fragmentation module with the parameters such as target_file_path, number_of_fragments, output_location performs motion based fragmentation which then produces sequential fragments with sequence ID.
Step 2) Semantic elements of the input video such as codewords of Inter/Intra Prediction Mode (IPM), Moving vector Difference (MVD), Signs of residual coefficients are extracted from these fragments using context adaptive binary arithmetic coding.
Step 3) 2-Dimensional hyperchaotic operation is performed on the binary strings involving permutation and diffusion functions.
Step 4) Chaotic mapping is performed to generate a adaptive encryption key generation and thus generates a chaotic sequence of S-Box.
Step 5) Cipher Feedback (CFB) mode of AES with the adaptive dynamic key is used to encrypt each slice and Galois Counter Mode (GCM) for authentication code is used to preserve the integrity.
Step 6) Objective video quality analysis is performed by measuring Peak Signal to Noise Ratio (PSNR), Structural Similarity Index (SSIM) and Information Entropy value.
AES algorithm in cipher feedback (CFB) mode of operation is performed to selectively encrypt the extracted syntax elements. As the S-box in AES is vulnerable to timing attack, a modified dynamic S-box is generated using 2D discrete hyperchaotic mapping. Chaos signals are dynamic which pose a good characteristic of pseudorandom sequence. This chaotic system is highly complex, unpredictable which produces good randomness and highly nonlinear. Figure 2 shows the modified AES encryption algorithm.
Substitute byte operation in AES involves chaos based S-box which process hyperchaotic behaviour. The proposed modified AES with 2D-dicrete hyperchaotic system has been simulated and tested with different parameters.
4.1 S-Box generation
The algorithm to create a dynamic nonlinear S-box involved in AES is outlined as follows:
Step 1: Initialize the parameters of the 2D discrete hyperchaotic map.
Step 2: Iterate the map and generate chaotic sequences \({x}_{i}\) and \({y}_{i}\) based on the defined mapping equation.
$${x}_{i}=r\left(\text{sin}\left(\pi {y}_{i-1}\right)+a\right){\bullet x}_{i-1}\left(1-{x}_{i-1}\right)$$
$${y}_{i}=r\left(\text{sin}\left(\pi {x}_{i}\right)+a\right)\bullet {y}_{i-1}(1-{y}_{i-1})$$
Where r is the control parameter which shows the hyperchaotic actions while its value remains in range of [0.904,1], a = 3, \({x}_{0}=0.11\) and \({y}_{0}=0.14\).
Step 3: Generate a random sequence between 0 to 255 (matching length of S-box) by converting xi.
$${P}_{i}={floor(x}_{i}\times {10}^{6}) mod 256$$
Step 4: Sort the sequence \({y}_{i}\) and make a note of its location as an index sequence Q.
Step 5: Select the value in P that corresponds to Q and make sure if it already appears in the S-box. If not, insert the P value to the S-box until its length (256) gets filled with unrepeated values. 1024 S-boxes are randomly generated.
Step 6: Scramble the generated S-box.
Hence S-box is generated based on above mentioned steps which have high efficiency and nonlinear. The strength of AES cryptographic algorithm depends on the strong S-box that resists against known attacks. The S-box is reversible and hence during the decryption process, inverse of S-box is applied with inverse diffusion and inverse scrambling. The S-Box strengths are analyzed which depends on algebraic structure nonlinearity, bijective, strict avalanche criterion (SAC), Bit Independence Criterion (BIC), linear probability and linear and differential cryptanalysis. There are 1024 boxes generated with 112 nonlinearity. Therefore, more randomness are produced from the nonlinear S box.
The integrity of the block transmitted are verified using Galois Counter mode (GCM) which is parallelizable providing high throughput with less latency and low cost. It allows arbitrary length of plaintext bits strings. It includes two functions namely, Ghash and CTR. GCM is mentioned for the purpose of authenticated encryption in a stream ciphering approach. As the proposed framework uses CFB block cipher mode of modified chaos based AES, the GCM uses only GHASH function to include authentication tag for the transmitted data. It outputs a 128 bit sized tag. At the receiver end, this received tag can be used to check whether the data received is tampered or not by comparing it with a new computed. GHASH takes input plaintext 128 bit string, \(pt\) and hash key and then performs multiplication in Galois Field.
Let \({pt}_{1}, {pt}_{2}, {pt}_{3}\dots {pt}_{m}\) denote the unique block sequences such that
$$pt={pt}_{1}\parallel {pt}_{2}\parallel {pt}_{3}\parallel \dots \parallel {pt}_{m}$$
Let \({t}_{0}\) be block of 128 zeros. For all values of i = 1 to m, compute the tag as
$${t}_{i}=({t}_{i-1}\oplus {pt}_{i})\cdot H$$
Where H is the hash key. This then returns the \({t}_{m}\) tag value which is appended to the cipher block.