A sophisticated file transfer system with intelligent key rotation based on image similarity analysis and post-quantum cryptography. DKM automatically rotates encryption keys when consecutive images show significant differences, ensuring enhanced security for sensitive data transmission.
DKM (Dynamic Key Management) is a secure client-server file transfer system that revolutionizes encryption key management. Instead of using static keys or time-based rotation, DKM analyzes the content similarity of consecutive images using Mean Squared Error (MSE) metrics and automatically rotates encryption keys when dissimilarity is detected.
Traditional encryption systems use:
- Static keys - vulnerable to long-term exposure
- Time-based rotation - arbitrary and potentially inefficient
- Manual rotation - error-prone and inconsistent
DKM uses content-aware rotation that:
- β Adapts to actual data patterns
- β Triggers rotation only when needed (similarity < 92%)
- β Uses quantum-resistant ML-KEM-1024 for new key generation
- β Ensures perfect forward secrecy with AES-256 encryption
- Intelligent Key Rotation - Automatic encryption key updates based on image similarity analysis
- Post-Quantum Cryptography - ML-KEM-1024 (NIST standardized) for quantum-safe key generation
- AES-256 Encryption - Military-grade encryption for all file transfers
- Image Similarity Detection - MSE-based comparison with configurable threshold (default: 0.92)
- DWT Processing - Discrete Wavelet Transform for image decomposition and analysis
- Robust Error Handling - Retry mechanisms with acknowledgment-based confirmation
- Real-time Logging - Comprehensive activity tracking for security auditing
- SHA-256 checksums for data integrity
- Socket-level encryption with key derivation
- Automatic key synchronization between client and server
- Secure key encapsulation using ML-KEM
| Component | Technology |
|---|---|
| Language | Python 3.8+ |
| Encryption | AES-256 (CBC mode) |
| Post-Quantum Crypto | ML-KEM-1024 (Kyber) |
| Image Processing | scikit-image, OpenCV, Pillow |
| Wavelet Transform | PyWavelets (Haar wavelet) |
| Networking | TCP Sockets |
| Serialization | Pickle |
- Python 3.8 or higher
- Network connectivity between client and server
- Images in JPG, PNG, BMP, TIFF, or GIF format
- Clone the repository
git clone https://github.com/AkshayKappala/dkm.git
cd dkm- Install dependencies
pip install -r requirements.txt- Configure network settings
Edit the server address in both client/client.py and server/server.py:
SERVER_ADDRESS = ('YOUR_SERVER_IP', 12345)Terminal 1 - Start the Server:
python -m server.serverTerminal 2 - Run the Client:
python -m client.clientPlace your images in the sent/ directory before running the client.
dkm/
βββ client/
β βββ client.py # Main client with key rotation
β βββ client1.py # Basic client (no rotation)
β βββ encryption/
β β βββ aes_encryption.py # AES-256 encryption logic
β β βββ dwt_processor.py # Discrete Wavelet Transform
β βββ utils/
β βββ file_utils.py # File I/O operations
βββ server/
β βββ server. py # Main server with key rotation
β βββ server1.py # Basic server (no rotation)
β βββ decryption/
β βββ aes_decryption.py # AES-256 decryption logic
β βββ dwt_reconstructor.py # Image reconstruction
βββ shared/
β βββ crypto_utils. py # Shared cryptographic utilities
β βββ key_rotation_manager.py # Image similarity & key rotation
βββ ID_MSE. py # Image similarity computation
βββ requirements.txt # Python dependencies
βββ README.md # This file
def compare_images(image1, image2):
# Convert images to float
image1 = img_as_float(image1)
image2 = img_as_float(image2)
# Resize to same dimensions
image2 = resize(image2, image1.shape)
# Compute MSE and similarity
mse = np.mean((image1 - image2) ** 2)
similarity = 1 - mse
return similarityThe system compares consecutive images:
- Similarity β₯ 0.92: Keep current key
- Similarity < 0.92: Generate new key using ML-KEM-1024
if similarity_score < self.similarity_threshold:
ek, dk = ML_KEM_1024.keygen() # Generate quantum-safe keypair
shared_key, ciphertext = ML_KEM_1024.encaps(ek)
new_password = shared_key.hex() # New encryption key
return True, similarity_score, "Low similarity detected", new_passwordClient β Server: [Flag: 0x01] [Key Length] [New Key]
Server β Client: ACK
Client β Server: [Flag: 0x02] [Filename Length] [Filename] [Data Length] [Encrypted Data]
Server β Client: ACK
Client β Server: [Flag: 0x03] (End of Transfer)
Server β Client: ACK
In shared/key_rotation_manager.py:
key_rotation_manager = KeyRotationManager(similarity_threshold=0.85) # More sensitiveIn both client/client.py and server/server.py:
password = "your_secure_password_here"SERVER_ADDRESS = ('192.168.1.100', 8080) # Custom IP and portIn client/client1.py:
client_socket.setsockopt(socket.SOL_SOCKET, socket.SO_SNDBUF, 131072) # 128KB
client_socket.setsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF, 131072) # 128KB- Use Environment Variables for Sensitive Data
import os
password = os.getenv('DKM_ENCRYPTION_KEY', 'default_secure_password')
SERVER_ADDRESS = (os.getenv('DKM_SERVER_IP', '0.0.0.0'), 12345)- Enable TLS/SSL for Socket Communication
import ssl
context = ssl.create_default_context(ssl.Purpose.CLIENT_AUTH)
context.load_cert_chain(certfile="server.crt", keyfile="server.key")
secure_socket = context.wrap_socket(server_socket, server_side=True)- Run as a Service (Linux)
# Create systemd service file
sudo nano /etc/systemd/system/dkm-server.service[Unit]
Description=DKM Server
After=network.target
[Service]
Type=simple
User=dkm
WorkingDirectory=/opt/dkm
ExecStart=/usr/bin/python3 -m server.server
Restart=always
[Install]
WantedBy=multi-user.targetsudo systemctl enable dkm-server
sudo systemctl start dkm-server- Docker Deployment
FROM python:3.9-slim
WORKDIR /app
COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt
COPY . .
EXPOSE 12345
CMD ["python", "-m", "server.server"]docker build -t dkm-server .
docker run -d -p 12345:12345 --name dkm-server dkm-server# Check if server is running
netstat -tulpn | grep 12345
# Verify firewall rules
sudo ufw allow 12345/tcp- Ensure client and server use the same initial password
- Check logs for key rotation acknowledgments
- Verify network stability during key transmission
- Confirm
sent/directory contains valid image files - Check server logs for specific error messages
- Increase socket timeout:
client_socket.settimeout(10)
# Reinstall dependencies
pip install --upgrade -r requirements.txt
# Install missing kyber-py
pip install kyber-py- Lower the threshold:
similarity_threshold=0.80 - Ensure images are significantly different
- Check that files are valid images (not corrupted)
| Operation | Average Time |
|---|---|
| Key Generation (ML-KEM-1024) | ~10ms |
| AES-256 Encryption (1MB file) | ~50ms |
| Image Similarity Calculation | ~100ms |
| File Transfer (1MB over LAN) | ~200ms |
# Place images in sent/ directory
sent/
βββ image1.jpg
βββ image2.jpg
βββ image3.png
# Run client
python -m client.clientOutput:
2025-12-16 10:30:00 - INFO - Connecting to server at 192.168.233.129:12345
2025-12-16 10:30:01 - INFO - Processing file: image1.jpg (Attempt 1)
2025-12-16 10:30:01 - INFO - Key rotation decision: False (Reason: First image received)
2025-12-16 10:30:01 - INFO - File image1.jpg encrypted successfully.
2025-12-16 10:30:02 - INFO - Processing file: image2.jpg (Attempt 1)
2025-12-16 10:30:02 - INFO - Key rotation decision: True (Reason: Low similarity 0.7843 < 0.92)
2025-12-16 10:30:02 - INFO - Rotating key for file: image2.jpg
Contributions are welcome! Areas for improvement:
- Support for non-image file types
- Web-based dashboard for monitoring
- Multi-client support with threading
- Additional similarity metrics (SSIM, perceptual hashing)
Developer: Akshay Kappala
GitHub: @AkshayKappala
Repository: github.com/AkshayKappala/dkm
This project is open source. Please add a LICENSE file to specify terms.
- NIST - For ML-KEM-1024 post-quantum cryptography standard
- scikit-image - Image processing capabilities
- PyCryptodome - Robust AES implementation
Built with π by Akshay Kappala
Securing the future with quantum-resistant cryptography