Paul Tobin

Chaos-based cryptography for cloud computing

Cloud computing and poor security issues have quadrupled over the last six years. The alleged presence of backdoors in common encryption ciphers and a system for addressing this problem, is discussed. In 2007, two Microsoft employees gave a presentation “On the Possibility of a backdoor in the NIST SP800-90 Dual Elliptic Curve Pseudo Random Number Generators” which was linked in 2013 by the New York Times with notes leaked by Edward Snowden. This confirmed backdoors were placed, allegedly, in a number of encryption systems by the National Security Agency. If true, it creates an urgent need for personalising the encryption process by generating locally, an unlimited number of the unbreakable one-time pad ciphers. Hybrid random binary sequences generated from chaotic oscillators initialised by natural noise, were exported to an online Javascript application. The online software uses a von Neumann deskewing algorithm to improve the cryptographic strength of the encryptor and also provides an initial statistical p-test for randomness. Encoding the Lenna image by XORing it with the new cipher provided another quick test to observe if any patterns are in the encoded image, otherwise the cipher is subjected to the NIST suite of statistical tests. All designs were simulated in Orcad PSpice© V16.5 prior to prototype construction.

Secrecy and Randomness: Encoding Cloud data Locally using a One-Time Pad

There is no secrecy without randomness, and we address poor cloud security using an analogue chaotic onetime pad encryption system to achieve perfect secrecy. Local encoding returns control to the client and makes stored cloud data unreadable to an adversary. Most cloud service providers encode client data using public encryption algorithms, but ultimately businesses and organisations are responsible for encoding data locally before uploading to the Cloud. As recommended by the Cloud Security Alliance, companies employing authentication and local encryption will reduce or eliminate, EU fines for late data breach discoveries when the EU implements the new general data protection regulations in 2018. Companies failing to detect data breaches within a 72-hour limit will be fined up to four percent of their global annual turnover and estimates of several hundred billion euros could be levied in fines based on the present 146 days average EU breach discovery. The proposed localised encryption system is additional to public encryption, and obeying the rules of one-time pad encryption will mean intercepted encrypted data will be meaningless to an adversary. Furthermore, the encoder has no key distribution problem because applications for it are of “one-to-cloud” type. Keywords—Secrecy; Local encryption; GDPR fines; one-time pad; one-to-cloud; key distribution problem; chaos.

Cryptography using artificial intelligence

This paper presents and discusses a method of generating encryption algorithms using neural networks and evolutionary computing. Based on the application of natural noise sources obtained from data that can include atmospheric noise (generated by radio emissions due to lightening, for example), radioactive decay, electronic noise and so on, we `teach a system to approximate the input noise with the aim of generating an output nonlinear function. This output is then treated as an iterator which is subjected to a range of tests to check for potential cryptographic strength in terms of metric such as a (relatively) large positive Lyapunov exponent, high information entropy, a high cycle length and key diffusion characteristics, for example. This approach provides the potential for generating an unlimited number of unique Pseudo Random Number Generator (PRNG) that can be used on a 1-to-1 basis. Typical applications include the encryption of data before it is uploaded onto the Cloud by a user that is provided with a personalized encryption algorithm rather than just a personal key using a `known algorithm that may be subject to a `known algorithm attack and/or is `open to the very authorities who are promoting its use.