Cryptanalysis of Internet of Health Things Encryption Scheme Based on Chaotic Maps

Many encryption algorithms are designed to decrease the probability of cyberattacks by assuring data security as well as system and participant authentication. However, in the development of computer resources cryptanalytical techniques have been developed and performed competitively in information security with good results. In this paper, we reported security flaws in the recently offered encryption technique based on a chaotic map for Internet of Health Things (IoHT) security. The scheme was based on a new chaotic map, modified Mandelbrot set, and conditional shift algorithm asserting the encryption algorithm is secure. We have performed some cryptographic attacks to retrieve the key from the understudy cryptosystem. The key was retrieved in little computation by using a chosen-plaintext attack and one known plaintext ciphertext pair. The minimum execution time of performed attacks indicates the vulnerability of the diffusion-based encryption algorithm. To enhance the security of the understudy cryptographic algorithm, we have also suggested certain improvements.


I. INTRODUCTION
With the speedy expansion of computer systems, the most prevalent and unavoidable challenge is providing security to sensitive digital information, although data leakage is common because of the spread of networked computers, storage, and large transmission data. As a result, most of the users on the network are conscious of privacy threats. In multimedia communication, secure transmission and storage of digital data are prime concerns. Cryptography, watermarking, and steganography are used to protect data from illegal and unauthorized access. Among these, cryptography performs a substantial role in extending the privacy of communication over an insecure channel. Cryptography aims to encrypt the data to convert it into unreadable form with the help of a private key. The cryptographic techniques are categorized into block ciphers and stream ciphers. Data is encrypted bit by bit with a secret key generated for encryption in stream ciphers. Linear The associate editor coordinating the review of this manuscript and approving it for publication was Chien-Ming Chen .
shift feedback registers (LFSR) are one of the examples of stream cipher and RC4 is the most commonly used stream ciphers. Block cipher involves the encryption of data by converting it into blocks of equal length. The most frequently used block ciphers are Blowfish [1], Data Encryption Standard (DES) [2], Triple Data Encryption Standard (TDES) [3], Advanced Encryption Standard (AES) [4], etc. Since image data requires strong real-time properties, thus these standard encryption structures are appropriate for image encryption. For real-time image encryption, the ciphers demand higher power, processing time, and computational resources. Hence, researchers have offered numerous efficient image encryption techniques [5]- [9] based on various concepts and purposes.
Chaos-based cryptography has been widely utilized for image encryption nowadays [10]- [12]. Chaos is considered a secure source of producing randomness in uniform data. Chaotic systems offer sensitivity to the initial condition, reproduction, ergodicity, non-periodicity, and pseudorandomness. Moreover, chaotic sequences can be generated accurately and quickly [13]. According to the utilization in the image encryption scheme, chaotic maps are partitioned into two groups: one-dimensional chaotic systems and higher dimensional chaotic systems. One-dimensional chaotic maps are easy to implement due to their uncomplicated structure but provide some vulnerabilities due to limited chaotic range. On the other hand, higher-dimensional chaotic maps have better chaotic behavior due to more complicated structures but are hard to implement and have high computational costs. Researchers have offered many secure encryption structures based on higher dimensional chaotic systems.
Chaotic maps offer highly random and secure keys but for a robust cryptosystem, the implementation of secret keys also matters. The robustness of the cryptosystem is assured by the randomness of output data and security against cryptographic attacks. A reliable encryption structure must comprise the phenomenon of diffusion and confusion as offered by Shannon in 1949 [14]. Many proposed encryption schemes ignore the combination of diffusion and confusion which result in a vulnerable encryption structure [15]- [17]. Cryptanalysis is the study of cipher vulnerabilities and methods for exploiting them to determine the plaintext and/or private cipher key. Exploitation is difficult, and several flaws work on the reduced versions of the ciphers. Unfortunately, all the offered cryptosystems claiming the robustness structure are not secure [18]- [21]. There exist many encryption phenomena exhibiting weak security with larger execution time [22]- [27]. The weakness in the encryption structure leads to cryptographic attacks [28]. In this work, we have performed cryptanalysis of a recently proposed encryption technique to secure the Internet of Health Care (IoHT) [30]. The contributions of this work are as follows: 1. We offer an effective strategy for cryptographic attacks that can exploit the diffusion-based cryptosystem with low computation and high security. This is valid particularly in a resource-controlled modern network environment for secure image communication. 2. Our cryptanalysis method is also effective for the other encryption techniques with a similar configuration of diffusion only. 3. By analyzing the security and complexity of the understudy cryptosystem, the corresponding improvements are also suggested, that provide robustness to encryption structure.
The rest of the manuscript is prescribed as subsequent: Section 2 presents some fundamental concepts; The originally offered encryption structure is depicted in section 3; weakness and cryptanalysis are performed in section 4; the next section offers some improvement suggestions and finally conclusion is offered in the last section.

II. SOME BASIC CONCEPTS
A. 2D TRIGONOMETRIC MAP Robert May proposed a 1D logistic map [23] in 1976 to produce chaotic behavior from a simple nonlinear equation.
In mathematical form, the equation of logistic map is defined as: where r is bifurcation parameter lies in the interval [0, 4]. The sine map in nonlinear dynamics is defined by using sinusoidal function as follows [24]: where r is bifurcation parameter lies in the interval [0, 1]. Bifurcation diagrams of the logistics map and sine map are depicted in Fig. 1. A new 2D trigonometric map using logistic and sine maps was offered in [22]. The proposed map can be mathematically elaborated as The offered map shows chaotic behavior for real numbers of parameters satisfying ω = 100π, r ∈ [0, 1000], and x 0 = 1.5, y 0 = 0.5.

B. HAMMING DISTANCE
Hamming distance between two vectors a, b ∈ F n , can be denoted by d( a, b) and is defined as the number of points where a and b are different. Therefore, the number of bits required to change one vector into another is known as Hamming distance. Moreover, the bitwise XOR of two vectors a and b also results in the Hamming distance of bits.

C. MODIFIED MANDELBROT SET
Mandelbrot set is specified as a collection of points in a complex plane. A point Q in the complex plane can be associated with a complex number q ∈ C/q = re jθ where θ is the argument of q and r is its magnitude. Mandelbrot set contains a point Q in the complex plane if: If a set of points in the complex plane corresponding to the Mandelbrot set are colored in a prism, we attain the shape of Fig. 2.

III. EQUIVALENT STRUCTURE OF THE SCHEME OFFERED IN [30]
The understudy technique can be explained in a distinct but corresponding way. Consider that P N , N = R, G, B and C N , N = R, G, B be red, green, and blue layers of the plain and encrypted image, respectively. The encryption structure offered in [22] comprises the diffusion of three secret keys based on a 2D trigonometric map, hamming distance, and modified Mandelbrot set.

A. KEY GENERATION
The cryptosystem was based on three private keys. The main attributes for confidentiality were new trigonometric chaotic maps, Mandelbrot set, and hamming distance. The steps leading to key generation are as follows: Step 1: The first key based on the 2D trigonometric map was determined by finding the solution trajectories of system (1) with some specific initial conditions and bifurcation parameters. The generated chaotic sequences are named as The key set K 1 concerning image channels can be characterized as: Step 2: The second key established on the hamming distance was attained by original image components and chaotic sequences. The mathematical strides pursued in the generation of the second encryption key can be specified as follows: where d denoted the hamming distance among plain image channels and chaotic sequences, ζ i is the chaotic sequences for 1 ≤ i ≤ 3, and P N , N = R, G, B represents red, green, and the blue channel of the plain image. The second private key set K 2 according to layers of the image can be defined as: Step 3: The third encryption key was acquired by using the conditional shift algorithm on the trajectories obtained from the Mandelbrot set ψ i , 1 ≤ i ≤ 3 and diffusion of original image layers with the key set K 1 as: The conditional shift was applied on ψ i , 1 ≤ i ≤ 3 and λ i , 1 ≤ i ≤ 3 by using the algorithm defined in Table 1. The final encryption key obtained after the conditional shift is represented by the set K 3 .
B. ENCRYPTION SCHEME The encryption scheme offered by authors in [22] can be depicted by the subsequent steps: Step 1: Insert color original image P N and separate it into the red, green, and blue layers equally N = R, G, B correspondingly as input of the encryption algorithm.
Step 2: The cipher obtained in step 2 is diffused with the key obtained from the Hamming distance in the following ways: where N = R, G, B and 1 ≤ i ≤ 3 respectively for each channel of the color image.
Step 3: The diffusion of ciphers obtained in step 2 along with the second hamming distance based secret key by the following procedure: Step 4: Last encryption key based on conditional is diffused with the ciphers obtained from the previous step by: The obtained resultant C N , N = R, G, B, are red, green, blue layers of the cipher image, respectively.
The encryption structure can be summarized into the equivalent system as where ζ i represents the key from chaotic sequences, i is the key generated from a hamming distance, α i shows the key constructed by conditional shift algorithm, and 1 ≤ i ≤ 3 for the red, green, and blue channel of the original and enciphered images respectively.

C. EQUIVALENT ENCRYPTION STRUCTURE
The encryption structure defined in Eq. (12) can be converted into a simpler form by looking at the detailed implementation phenomenon of the keys. The first key is utilized by the bitwise addition operation with the plaintext as: Now we come to the second key implementation as: By using (13) in (14) we get where i = d P N , ζ i is the hamming distance between original image layers and chaotic sequences. Now we check the working of hamming distance operation for two binary numbers to get a generalized result, for example: This result is satisfied by all the binary numbers. This indicates that hamming distance works as a bitwise addition operation. Therefore, the hamming distance of the original image and chaotic sequence is the bitwise addition of each element one by one. Hence after generalizing this result, we can write: Using (16) in (15) we get@comm This reflects that both λ i and η i cancel the effect of each other because both possess the same elements. Therefore, using the result of (17) in (11) we get.
where α i , 1 ≤ i ≤ 3 is the key obtained from the conditional shift. The ciphertext can be defined as: The understudy cryptosystem produces ciphers with the operation of conditional shift by using Mandelbrot sequences. The conditional shift algorithm permutes the data concerning the plaintext.
The structural diagram of the equivalent cryptosystem is displayed in Fig. 3.

IV. WEAKNESSES AND CRYPTANALYSIS OF UNDERSTUDY CRYPTOSYSTEM [30] A. WEAKNESS IN UNDERSTUDY CRYPTOSYSTEM
The cryptosystem based on the diffusion strategy offered in [30] aimed to provide security to data on the Internet of Healthcare Things (IoHT). The contribution of the suggested algorithm was the deployment of three secret keys to specify security in encryption. The drawback of the offered scheme was the process of diffusion only. The originally proposed scheme possesses the implementation of chaos, hamming distance, and conditional shift. But the operation of bitwise XOR and hamming distance reflects the same behavior, which terminates the effect of each other after diffusion as depicted in (16) and (17). According to Shannon's theory provided in 1949 [14], a secure cryptosystem must fabricate confusion and diffusion in cipher data. The understudy cryptosystem neglects the phenomenon of confusion and yields diffusion only with a complex encryption phenomenon and larger execution time. The outcomes in the simplified version of the encryption scheme just perform permutation using a conditional shift algorithm. Therefore, diffusion which reduces to permutation only in simpler version can be effortlessly broken by applying conventional assaults such as known-plaintext attack and chosen-plaintext attack. The offered attack aims to retrieve the plaintext from its respective ciphertext without knowing the security parameters of the cryptosystem. The offered attacks are performed in the following way:

B. KNOWN-PLAINTEXT ATTACK
Suppose that the assailant gets a pair of plaintext and ciphertext encrypted through the understudy cryptosystem. The description of the final cryptosystem is defined in (12). From the equivalent cryptosystem, we can notice that the encryption design was based on the diffusion of three private keys with plaintext, but diffusion and hamming distance dismiss each other effect and it reduces to (13). Understudy equivalent cryptosystem can also be generalized for the greyscale image. The working strides of known-plaintext attack are delineated as follows: Suppose we are aware of one pair of plaintext and ciphertext having size m × n produced from the originally proposed encryption structure, that is As we know that the ciphertext is generated by using the conditional shift algorithm as defined in (19) After checking the one-to-one correspondence between the elements of plain and cipher matrix the original sorting position of particles can be retrieved.

C. CHOSEN-PLAINTEXT ATTACK
The chosen-plaintext attack works on the phenomenon of insertion of the desired plaintext in the cryptosystem. Further, the plaintexts and respectively produced ciphers are assessed to retrieve the key. Suppose the assailant gets short-term entrance to the encryption mechanism. Hence, the assailant selected a plain image with all possible entries increasing one by one as input of the encryption algorithm.
where m×n is the size of the image to be retrieved. The equivalent description of the cryptosystem is defined in Eq. (12). From the equivalent cryptosystem, we can notice that the encryption design was based on the permutation using conditional shift key as depicted in Eq. (19). Understudy equivalent cryptosystem can also be generalized for the greyscale image. The working strides of known-plaintext attack are delineated as follows: Consider After inserting these values in Eq. (15) we ge where α is the conditional shift key. Therefore, we get the position of each pixel in the resultant cipher. After the comparison of both chosen-plaintext and respective cipher data, the shift of each element can be obtained. There exists a one-to-one correspondence of each plaintext element with its respective ciphertext due to elementwise addition operation. The correspondence between elements is defined by: Hence the plaintext is retrieved by using the correspondence between elements. The chosen image and recovered image are depicted in Fig. 4.

D. EXPERIMENTAL RESULTS
The working strides of the chosen-plaintext attack are described in this section with a numerical example. The plaintext is retrieved by two steps; the first is the detection of elements of ciphertext C ij and the second one is finding the position of the element in their respective plaintext. Hence, the plaintext of each ciphertext is extracted without knowing a specific key because the secret key is changed for the input.
We have considered a small example with a plaintext and ciphertext domain as Z 4 , or in other words algorithm is explored over 2-bits and data set in the form of 3 × 3 matrix. Therefore, the elements of plain and cipher data belong from the set Z 4 = {0, 1, 2, 3}, same is the case with the secret key.
The results in Table 2 depicts the different chosen-plaintext matrix and their respective ciphers. The outcomes of the table also support the argument in (16) and (17) that is the whole encryption process depends on the conditional shift key only because diffusion and hamming distance abandon each other effect. These four pairs of plaintexts and ciphertext help to retrieve the original image encrypted by the understudy cipher scheme in the following way: Suppose C be the ciphertext matrix encrypted by the understudy scheme.
As we can see that From the ciphers C 1 , C 2 , C 3 , C 4 the C 2 has C 2 11 = 2 and its respective original element is in P 3 that is P 3 11 = 2. Similarly, for C 12 = 3 the cipher C 4 12 = 3 and its respective original element is in P 4 that is P 4 12 = 3. For C 13 = 1 the cipher C 1 13 = 1 and its respective original element is in P 1 that is P 1 13 = 0. For C 21 = 1 the cipher C 2 21 = 1 and its respective original element is in P 2 that is P 2 21 = 1. For C 22 = 2 the cipher C 2 22 = 1 and its respective original element is in P 2 that is P 2 21 = 1. Similarly, checking the correspondence of all other elements of ciphertext with its respective chosen-plaintext the recovered plaintext matrix becomes, which is the retrieved plaintext without getting the key. Therefore, we can also recover any plaintext from the respective cipher value even if its secret key is changed concerning the plaintext.

E. EXECUTION TIME ANALYSIS
The execution time of attacks performed to retrieve the image of different sizes reveals the vulnerability in the encryption phenomenon. All the attacks were performed on a personal computer with an Intel(R) for the simulations. Core (TM) i7-7500U 2.90 GHz CPU and 12 GB memory capacity. MATLAB R2018b was utilized for the simulations. The execution time of the chosen-plaintext attack and known-plaintext attack in seconds for various sizes of images are presented in Table 3. The results in Table 2 reflect that image with the size 1024 × 1024 can be retrieved in less than 2 seconds by using the known-plaintext attack. The less execution time reveals weakness of the cryptosystem due to which it was breakable with low computation.

V. IMPROVEMENT SUGGESTIONS
The security of the originally proposed scheme can be increased by introducing the concept of confusion and diffusion according to Shannon's theory [14]. The originally offered encryption scheme uses the concept of diffusion only and ignores the confusion phenomenon. Some suggestions to improve the security of encryption structure are as follows: 1. The confusion can be generated by using some Substitution box constructed from a chaotic system. 2. The key form Mandelbrot set may produce diffusion in encryption structure by using the XOR operation. 3. The conditional shift algorithm must be applied directly to the original image instead of employing the key to the XOR operation. The above-stated improvement suggestions can be implemented to intensify the security of the encryption structure. The chosen-plaintext attack and known-plaintext attack are futile in breaking the combination confusion and diffusion strategy. Therefore, the suggested improvements resist all possible classical and statistical cryptographic attacks.

VI. CONCLUSION
In this work, we have reported some classical attacks on a recently proposed encryption technique. The originally proposed encryption structure comprises a chaotic system, modified Mandelbrot set, and conditional shift algorithm that possess some weaknesses in its designed structure. In information security, proposing a scheme based on individual XOR operations for encryption is considered a weak strategy. The offered attacks are performed with very little computation by using chosen plain image and known-plaintext and ciphertext pair. Consequently, the understudy encryption technique is vulnerable to compete with the Internet of Health Things (IoHT) security. The encryption scheme offered by authors in [22] is not recommended for secure encryption in its present form. Therefore, we have offered some improvement suggestions to intensify the security of IoHT. The cryptosystem constructed with the stated improvement suggestion can be utilized for secure communication. ABD AL KARIM HAJ ISMAIL is currently an Active Researcher in the field of high energy physics and data analysis. He started his scientific career in the detection of cosmic radiations and measure their energy spectrum. He currently expanded his research interest to be involved in a couple of research projects, such as cosmic rays, dark matter, solar radiation analysis, and data analysis.