425 Cryptanalysis of an Image Cipher using Multi-entropy Measures and the Countermeasures Ram Ratan * and Arvind Yadav # * DRDO-Scientifc Analysis Group, Delhi - 110 054, India # Hansraj College, University of Delhi, Delhi - 110 007, India * E-mail: ramratan_sag@hotmail.com AbstrACt The use of same keys or equivalent keys should not be occurred in cryptographic communications because a cipher system utilising such keys to secure messages can be attacked even it possesses excellent cryptographic characteristics for extracting intelligible information from encrypted messages. Identifcation of crypts formed with such keys is an important task of traffc analysis of cryptographic communications to check the applicability of two-messages-on-same-key (TMSK) attack. To avoid its applicability, adequate safeguards are required. In the paper, we cryptanalyze stream encryption based cipher system and propose an intelligent identifcation methodology using multi-entropy measures and soft decision criteria for identifcation of encrypted images of same or equivalent keys. Experimental test results show that the crypts formed with same keys can be identifed successfully with high precision. We also present the countermeasures against TMSK attack. Keywords: Countermeasures; Cryptography; Fuzzy classifcation; Multi-entropy measures; Stream cipher; TMSK attack; Traffc analysis Defence Science Journal, Vol. 70, No. 4, July 2020, pp. 425-439, DOI : 10.14429/dsj.70.15467 © 2020, DESIDOC 1. IntroduCtIon The advancement in information technology has increased the use of computer and mobile communication networks as well as multimedia data in text, audio, and visual form to exchange information. Such communication networks are open and an adversary may attack to extract vital information. Security of data is an important requirement to safeguard our vital information. The security of data can be achieved by the techniques of cryptography 1 to conceal the contents, steganography to conceal the existence 2,3 , secret sharing to decompose data into different parts 4 , and spread spectrum communication to spread data over available bandwidth 5,6 . Cryptography based cipher system consists of encryption algorithm which transforms plain-messages into encrypted messages using encryption keys and decryption algorithm decrypts encrypted messages using decryption keys to obtain plain messages. An encryption algorithm may be based on symmetric-key-cryptography or asymmetric-key- cryptography. Symmetric-key-cryptography uses encryption key and decryption key same and it is kept confdential. Asymmetric-key-cryptography uses encryption key and decryption key different where encryption key is kept open and decryption key is kept confdential. This paper concerns to symmetric-key-cryptography to analyse stream enciphering based cipher system for cryptographic communications. A stream cipher 7,8 consists a pseudo random number generator (PRNG) to generate random binary key sequences are used to encrypt plain messages. The cryptographic primitives and parameters of an encryption algorithm of a stream cipher should be strong enough and the keys sequences should be random to avoid the applicability of cryptanalytic attacks. A stream cipher with appropriate cryptographic parameters possesses excellent cryptographic characteristics and immune to cryptanalytic attacks is called a cryptographically strong cipher system. Many pseudo random number generators 9-14 are reported to design stream ciphers. Boolean functions 15,16 , hash functions 17,18 and chaotic functions 18-22 , have also been reported to design pseudo random number generators. In cryptographic communications, an adequate management of keys is necessary to avoid the repetition of keys and the applicability of attacks even an encryption algorithm is strong enough. The repetition of same keys may arrive due to weakness in key generation and inadequate use and handling of secret keys. Key management caters to prevent the leakage keys at any stage starting from its generation and fnally loading into the crypto system. Key management practices 23-26 should have an adequate and secure chain of actions including key generation, key loading into storage media, key transportation, transfer of specifc key into specifc device and loading into the crypto systems securely. It also includes to maintain the record of actions assuring change keys and erasing of used keys timely. A cipher system can be attacked for extracting message (even partial or distorted message), identifying key (even few consecutive or non-consecutive key bits) and reducing bruit force complexity of encryption algorithm. An attack can Received : 04 February 2020, Revised : 12 May 2020 Accepted : 19 June 2020, Online published : 13 July 2020