A novel image encryption scheme based on substitution-permutation network and chaos

A novel image encryption scheme based on substitution-permutation network and chaos

Author’s Accepted Manuscript A novel image encryption scheme based on substitution-permutation network and chaos Akram Belazi, Ahmed A. Abd El-Latif, ...

3MB Sizes 0 Downloads 120 Views

Author’s Accepted Manuscript A novel image encryption scheme based on substitution-permutation network and chaos Akram Belazi, Ahmed A. Abd El-Latif, Safya Belghith www.elsevier.com/locate/sigpro

PII: DOI: Reference:

S0165-1684(16)30014-7 http://dx.doi.org/10.1016/j.sigpro.2016.03.021 SIGPRO6099

To appear in: Signal Processing Received date: 29 July 2015 Revised date: 26 March 2016 Accepted date: 29 March 2016 Cite this article as: Akram Belazi, Ahmed A. Abd El-Latif and Safya Belghith, A novel image encryption scheme based on substitution-permutation network and chaos, Signal Processing, http://dx.doi.org/10.1016/j.sigpro.2016.03.021 This is a PDF file of an unedited manuscript that has been accepted for publication. As a service to our customers we are providing this early version of the manuscript. The manuscript will undergo copyediting, typesetting, and review of the resulting galley proof before it is published in its final citable form. Please note that during the production process errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain.

A novel image encryption scheme based on substitution-permutation network and chaos Akram Belazi a, Ahmed A. Abd El-Latif b, Safya Belghith a a

b

National Engineering School of Tunis, Tunisia

Mathematics Department, Computer Science Laboratory, Faculty of Science, Menoufia University, Shebin ElKoom, 32511, Egypt

Abstract: In this paper, a novel image encryption approach based on permutation-substitution (SP) network and chaotic systems is proposed. It consists of four cryptographic phases : diffusion, substitution, diffusion and permutation. Firstly, a diffusion phase is proposed based on new chaotic map. Then, a substitution phase based on strong S-boxes followed by a diffusion phase based on chaotic logistic map are presented which will, in turn, significantly increase the encryption performance. Finally, a block permutation phase is accomplished by a permutation function to enhance the statistical performance of the proposed encryption approach. Conducted experiments based on various types of differential and statistical analyses show that the proposed encryption approach has high security, sensitivity and speed compared to previous approaches

Key words: systems.

Image encryption, S-box, permutation-substitution (SP) network, Chaotic

1. Introduction 1.1 Background The close relationship between chaotic dynamical systems and cryptosystems has opened the door for several chaos-based cryptosystem schemes, especially image encryption. Indeed, chaotic system exhibits random behavior and has a lot of inherent features, such as unpredictability, ergodicity, and sensitivity to their parameter (s) and initial value (s), which make them a good candidate to design secure cryptosystems. The behavior of the system is predictable if the initial conditions are available to the observer, whereas, in the absence of this knowledge, the system appears to be random. The random behavior can be used to induce confusion and diffusion in the plain image, thus enabling the data owner to safely transmit over insecure communication channel.

1

1.2 Review of the previous chaos-based encryption schemes The literature is rich of chaos-based image encryption designs. In what follows, we review some of those relevant to the present work. Wang et al. proposed an image encryption for color images based on chaotic system [1]. Liu and Wang [2] proposed an encryption scheme for color images using spatial bit-level permutation and a high-dimension chaotic system. In [3] Liu et al. proposed an image encryption using Choquet fuzzy integral and hyper chaotic system for color images. Zhou et al. [4] proposed 1D chaotic map by coupling the tent and the sine maps, which is then adapted to encipher the plain image. In [5] Liu et al., proposed a chaos-based color image block encryption scheme using S-box. Ping et al. proposed an image encryption based on non-affine and balanced cellular automata [6]. Wang et al. [7] proposed a chaotic block image encryption algorithm based on dynamic random growth technique. An image encryption scheme based on 2D sine logistic modulation map was proposed by Hua et al [8]. Liu and Wang [9] proposed a stream cipher scheme for color images based on one-time keys and piecewise linear chaotic map. Murillo-Escobar et al. proposed an image encryption scheme for color images in RGB format based on total plain image characteristics and chaos [10]. Chen et al. [11] proposed an encryption scheme with dynamic diffusion key stream obtained from the permutation matrix. 1.3 Limitations of encryption schemes On the other hand, the cryptanalysts play a vital role in the cryptanalysis of encryption schemes and study the performance analysis [12-17]. Qualitatively speaking, the security of most designed chaos-based schemes is groundless and most of them are slow. This is due to the small key space, the considerable iteration steps to comply the encryption process (the tradeoff between security and the overall performance) and the inappropriate key streams generation for the internal structure of encryption/decryption, which helps the cryptanalysts to break the schemes. The need for new encryption schemes taking into account the performance analysis of previous approaches by the cryptanalysts is essential in image encryption applications. 1.4 Contribution and organization of this work In this paper, we propose a new image encryption approach for secure digital images. It is composed of four cryptographic phases and uses two chaotic systems to control the structure of the encryption scheme so that it achieves high encryption performance. Firstly, a diffusion phase based on bitwise XOR operation and a new chaotic map is proposed. Then, a substitution phase based on strong S-boxes, proposed in [18], followed by a diffusion phase based on chaotic logistic map are introduced to enhance the encryption performance. Finally, a block permutation phase is accomplished by a permutation function, MAP function, to reinforce the statistical performance of the proposed encryption approach. Conducted experiments based on differential and statistical analyses show that the proposed cryptosystem approach is efficient and has good cryptographic properties. The superior results 2

of numerical analysis demonstrate that the proposed encryption scheme outperforms current image encryption schemes in terms of encryption performance. The remainder of this paper is organized as follows: Section 2 gives, as a preliminary work, an overview of the chaotic maps used in the proposed cryptosystem scheme. In Section 3, we present the S-box used in this paper. Section 4 presents, as comprehensively as possible, the design of the cryptosystem approach. The experimental results and security analyses are reported in Section 5. The application of the proposed scheme for color images is presented in Section 6. Finally, Section 7 concludes the paper. 2. Chaotic maps 2.1.

The logistic map

The logistic map is a well-known 1D nonlinear chaotic map and is defined as: y n1   y n 1  yn 

(1)

Where   0,4 is the control parameter and y0  0,1 is the initial condition. The logistic map shows good behavior and is frequently used in many applications [19, 20]. The dynamics of the logistic map is validated using Hopf bifurcation diagrams (Fig.1) It is observed that the logistic map is chaotic for   3.57,4 and slight variations of the initial value produce major difference in the random generated values which are a non-periodic and non-converging sequence.

Figure 1: Bifurcation diagram of the logistic map. 2.2. The new chaotic map [21] The new chaotic map is defined as follows 3





xn1   xn4  xn2  1

(2)

Where   3,8 is the control parameter and x0  0,1 is the initial value. The hopf bifurcation diagram is shown in Fig. 2. The proof of chaos for the designed map can be found in [21].

Figure 2: Bifurcation diagram of the new chaotic map.

2.3. Comparison between logistic map and the new map In this section, we compare the dynamics analysis of the logistic map and the new chaotic map in terms of Lyapunov exponent and entropy. 2.3.1. Lyapunov exponent The Lyapunov exponent or Lyapunov characteristic exponent of a dynamical system is a quantity that characterizes the rate of divergence of nearby trajectories. It is used to prove the chaotic behavior of chaotic maps. The Lyapunov exponent is calculated by the following equation:

1   lim N  N

N

 log n 1

dxn1 dxn

(3)

The computation of Lyapunov exponent between the new map and the logistic map is shown in Tables 1 and 2. In addition, Fig. 3 shows the Lyapunov exponent of the logistic map and new chaotic map. Based on Tables 1 and 2, it is observed that the Lyapunov exponent of the new chaotic map is larger than famous logistic chaotic map. 4

(a) Lyapunov exponent of the logistic map

(b) Lyapunov exponent of the new chaotic map

Figure 3: Lyapunov exponent.

Table 1: Lyapunov exponent values for logistic map for different pairs of initial conditions (IC) and control parameters (CP). Pair (IC,PC)

Lyapunov exponent value

(0.3,4)

0.693141

(0.4,4)

0.693159

(0.6,4)

0.693159

(0.7,4)

0.69313

(0.3,3.99998)

0.690930

(0.7,3.99997)

0.690193

2.3.2. Approximate entropy analysis To quantify the complexity of the new map, we measured the approximate entropy. The calculation details of the approximate entropy are found in [21]. Table 3 shows the entropies of the new chaotic map and the logistic map, respectively. In addition, Fig. 4 shows the comparison of entropy between logistic map and new chaotic map. We can see that the new chaotic map outperforms the well-known chaotic logistic map.

5

Table 2: Lyapunov exponent values for new chaotic map for different pairs of initial conditions (IC) and control parameters (CP). Pair (IC,PC)

Lyapunov exponent value

(0.3,8)

1.38632

(0.4,7.6)

1.09744

(0.6,6.258)

0.996836

(0.5,6)

0.968348

(0.4,7.99)

1.35219

(0.6,7.999998)

1.38581

Table 3: Approximate entropy. Chaotic map

Logistic map

New chaotic map

Approximate entropy

1.09585

2.56042

(a) Entropy of the logistic map

(b) Entropy of the new chaotic map

Figure 4: Entropy analysis.

3.

Chaotic linear fractional transformation (LFT) S-boxes

In [18], Hussain et al. proposed an S-box method based on LFT in combination with chaotic logistic map and its derived maps. The chaotic maps are used to generate four random values which are assigned to the parameters a, b, c and d to be used by linear fractional transformation. This is applied to calculate the values of the elements of the S-boxes. 6

LFT-based S-boxes are constructed by the action of PGL(2, GF (28 )) on finite field of order 28 . The algebraic structure of LFT-based S-boxes depends on the linear fractional transformations f ( x)  ax  b where a, b, c , d  GF (28 ) and ad  bc  0 . With this cx  d method, one can construct millions of secure S-boxes, particularly those corresponding to affine transformation satisfying the security analysis with optimal value. The LFT S-boxes are constructed as follows : f : PGL(2, GF (28 ))  GF (28 )  GF (28 ), ax  b f ( x)  cx  d

(4)

The process starts with the action of Galois field on the projective general linear group. The function f (x) depends on the values of a, b, c and d  GF (28 ) , corresponding to every different combination of a, b, c and d from GF (28 ) one can construct a new 8×8 S-box. 4. The proposed encryption scheme Here, we propose a novel image encryption scheme based on the substitution-permutation structure and chaotic systems. 4.1. The MAP function The MAP function is denoted by MAP(n,p) where n is an integer number and p is a prime number. This function allows the generation of a chaotic sequence from 0,1,, n 2 range.





The MAP function is defined as follows: T=1:n×n; T1=reshape(T,n,n); for i=1: n for j=1: n TT(i,j)=mod((p×T1(i,j)),(n×n))+1; end end 4.2.

The PRIMES function

The PRIMES function is defined as: p=PRIMES(g) that returns a row vector containing all the prime numbers less than or equal to g. The data type of p is the same as that of g.

7

4.3.

Encryption process

The complete encryption process is given by the following steps (Fig. 5): Step 1: Input 8-bit gray image P(M , M ) , where M is the number of rows and also the number of columns in image P . Step 2: Generate a random sequence I 0 with length l  M  M using Eq. (2) and (  0 , x0 ) pair, where  0 is the control parameter and x0 is the initial condition. Map the obtained sequence into an integer sequence J 0  0.255 as follows:





J 0  u int 8 mod I 01017 , 256



(5)

Then, apply the mask J 0 on the plain image P according to the following equation:

Psc  bitxor ( P, J 0 )

(6)

Step 3: Generate 8 (8  8) S-boxes SBi , i  1,,8 according to the method described in Section 3. After that, divide the scrambled image Psc into 8 blocks Bi , i  1,,8 . Let

p , j  1,, n is the jth pixel in block B j

i

and n is total number of byte in Bi . Then substitute

each pixel p j of each block Bi as follows: s j  SBi ( p j ) , i  1,,8 and j  1,, n

Where s j is the substituted pixel of p j with the S-box SBi . Then obtain the substituted image Ps . Step 4: Iterate Eq. (1) for l  M  M times to generate a random sequence F with the initial condition y 0 and the control parameter  0 . Then transform the obtained sequence into an integer sequence G  0.255 as follows:



G  mod F  1014 ,256



(7)

Next, apply the mask G on substituted image Ps according to the following equation: Pc  bitxor ( Ps , G)

(8)

Step 5: Decompose the matrix Pc to blocks of size (m, m) . The number of blocks is

thus

M M M M  . Therefore, get the matrix Pd formed by these blocks with size  ,  . mm m m 8

Therefore, permute Pd by sequence S and obtain the permuted matrix Pp . The sequences S is generated by the function MAP(

M ,p), m

where p is a prime number generated as follows:

 2 Where L is the length of sequence Q which is obtained by iterating the function

pQ L

M M   Ps (i, j )  Psc (i, j ) i 1 j 1 PRIMES with parameter g    max Ps   

2

     

z  and z  are the lower and the upper integer parts of z . Step 6: Set cmpt  cmpt  1 and P  Pp . If cmpt  8 update the values of y0 ,  0 , x0 and

 0 according to the following equations: M

y 0  0.9  y 0 

M

mod( Pp (i, j ),1024) i 1 j 1

1024 M

 0  0.95   0 

i 1 j 1

512

 0  0.95   0 

 0.05

(10)

M

mod( Pp (i, j ),1024) i 1 j 1

1024 M

(9)

M

mod( Pp (i, j ) 2 ,512)

M

x0  0.9  x0 

 0.1

 0.1

(11)

 0.05

(12)

M

mod( Pp (i, j ) 2 ,512) i 1 j 1

512

Then, repeat steps (2) - (5) until cmpt  8 to get the encrypted image C . 4.4 Decryption process The complete decryption process is given by the steps illustrated in Fig. 6: Set cmpt  1 and use the last values of p, y0 ,  0 , x0 and  0 obtained from the encryption scheme.

9

Step 1: Decompose matrix C to blocks of size (m, m) and get the matrix C d formed by these

M M  blocks with size  ,  . Then permute C d by sequence S  and obtain matrix C c . The m m M sequence S  is generated by function MAPINV ( , p). m Here, MAPINV was the inverse function of MAP. Step 2: Iterate Eq. (1) for l  M  M times to generate a random sequence F  with the initial condition y 0 and the control parameter  0 . Then transform the obtained sequence into an integer sequence G  0.255 as follows:



G  mod F   1014 ,256



(13)

Therefore, we apply the mask G  on matrix C c according to the following equation Cs  bitxor (Cc , G)

(14)

Step 3: Divide the matrix C s into 8 blocks Bi , i  1,,8 . Let c j , j  1,, n is the jth pixel in block Bi and n is total number of byte in Bi . Then substitute each pixel c j of each block

Bi as follows:

w j  SBi1 (c j ) , i  1,,8 and j  1,, n . Where w j is the substituted pixel of c j with the inverse S-box SBi1 (Here, SBi1 was the inverse S-box of SBi ). Then obtain matrix C sc . Step 4: Generate a random sequence P0 with length l  M  M using Eq. (2) and (  0 , x0 ) pair, where  0 is the control parameter and x0 is the initial condition. Map the obtained sequence into an integer sequence Q0  0.255 as follows:





Q0  u int 8 mod P01017 , 256



(15)

Then obtain the matrix C p using the following equation:

C p  bitxor (Csc , Q0 )

(16)

Step 5: Set cmpt  cmpt  1 and update the values of x0 , y0 , 0 ,  0 and g according to the following equations: 10

M

x0 

x0  0.9

M

mod( C (i, j ),1024) i 1 j 1

1024

M

y0 

y0  0.9

0 0.95



i 1 j 1

1024

0

i 1 j 1

512

0.95



 0.1

(18)

M

mod( C (i, j ) 2 ,512)

M

0 

(17)

M

mod( C (i, j ),1024)

M

0 

 0.1

 0.05

(19)

M

mod( C (i, j ) 2 ,512) i 1 j 1

512

M M   Cs (i, j )  Csc (i, j ) i 1 j 1 g max  Cs    

2

 0.05

(20)

     

(21)

Then, set C  C p . Step 6: Repeat steps (1) - (5) in a loop until cmpt  8 to get the decrypted image D .

11

Figure 5: Block diagram of the proposed encryption scheme. 12

Figure 6: Block diagram of the proposed decryption process. 13

5. Security and performance analyses This section gives the simulation results of the proposed scheme. A number of experiments were performed based on several gray images (from USC-SIPI Image Database [22] and computer vision test images [23]), which were used as plain images having the sizes (128  128) , (256  256) , (512  512) and (1024  1024) . In the construction of S-boxes, the parameters used by the logistic maps were r0  3.9, f 0  0.1 , r1  3.8, f1  0.2 ,

r2  3.99, f 2  0.15

and r3  3.79, f 3  0.4 . In the proposed encryption approach, five

parameters were used as the keys, these parameters were g , y0 ,  0 , x0 and  0 ; g 0 was the parameter of function PRIMES. The keys  0 and y 0 were the control parameter and the initial condition of the logistic map, respectively. On the other hand, x 0 and  0 were the initial condition and the control parameter of the new chaotic map, respectively. The values were taken as  0  3.9999 , y0  0.1322 , x 0  0.1 and  0  7.7415 . The block size was fixed at (m  m)  (8  8) . All the simulations were implemented using MATLAB in a personal computer of Intel Core i3-3227U 1.9 CPU and 4 GB of RAM. 5.1. Key space analysis Key space size is the total number of different keys that can be used in the encryption process. For a robust encryption scheme, the key space must be large enough to make bruteforce attack infeasible. The key stream of the proposed cryptosystem was composed of two parts: 1-

In the S-boxes construction: The control parameters r0 , r1 , r2 , r3 and the initial conditions f 0 , f1 , f 2 , f 3 of the logistic maps [18] and also the four integer numbers a, b, c, and d used by the Mobius transformation (Eq.4).

2- In encryption scheme: the initial conditions and the control parameters of the chaotic maps; ( 0 , y0 ) for the logistic map (Eq.1) and (  0 , x0 ) for new chaotic map (Eq.2), respectively. Also, the block size (m  m) . Where f 0 , f1 , f 2 , f 3 , x0 and y 0  0,1 ; r0 , r1 , r2 , r3 and  0  3.57,4;  0  3,8 ; m was selected as follows: (M  N ) mod(m  m)  0 ; a, b, c, and d belong to GF( 2 8 ), with the condition that ad  bc  0 . According to the IEEE floating-point standard [24], the computational precision of the 64bit double-precision numbers is 2 52 , the total number of different values r0 which can be used

as

secret

keys

is

more

than 2 52 ,

so

are

the

number

of

r1 , r2 , r3 ,

f 0 , f1 , f 2 , f 3 ,  0 ,  0 , x0 , and y 0 . Assume that the possible numbers of a, b, c, and d are equal 14

to K , while those of m are equal to W . Therefore, the key space is larger than

 

K  W  252

12

 K  W  2 624 .

Such a large key space can guarantee enough security against brute-force attacks. Table 4: Key space of the proposed algorithm in comparison to algorithms used in [1,7]. Algorithm

New scheme

Ref.[1]

Ref.[7]

Key space

>2624

>2128

>2312

Table 4 shows the comparison of key space between the proposed algorithm and algorithms in [1,7]. It can be seen that the key space of the proposed algorithm is larger than those of other algorithms.

5.2. Key sensitivity analysis Key sensitivity is an essential feature for any secure algorithm which satisfies the requirement of resisting brute-force attack. The following key sensitivity tests were carried out:   0 was changed from 3.9999 to  0  140  y 0 was changed from 0.1322 to y0  140   0 was changed from 7.7415 to  0  140  The other keys were left unchanged Under the above conditions, we encrypted several gray images with different sizes (128  128) , (256  256) , (512  512) and (1024  1024) . The percentage of different pixels between the encrypted-images with initial keys and the cipher-images under the conditions mentioned above are listed in Table 5. Table 5: Percentage of different pixels between encrypted-images. Image Airplane

Size

Percentage difference

(128  128)

99.6972

(256  256)

99.7246

(512  512)

99.6560

(1024  1024)

99.6637 15

Airport

Barbara

Boat

Cameraman

Chemical Plant

Clock

Couple

Elaine

House

(128  128)

99.7826

(256  256)

99.5941

(512  512)

99.6693

(1024  1024)

99.6578

(128  128)

99.5812

(256  256)

99.6712

(512  512)

99.6831

(1024  1024)

99.6664

(128  128)

99.5873

(256  256)

99.7384

(512  512)

99.6575

(1024  1024)

99.6611

(128  128)

99.6972

(256  256)

99.7033

(512  512)

99.6594

(1024  1024)

99.6627

(128  128)

99.6239

(256  256)

99.7002

(512  512)

99.6800

(1024  1024)

99.6722

(128  128)

99.6544

(256  256)

99.6682

(512  512)

99.6693

(1024  1024)

99.6694

(128  128)

99.7155

(256  256)

99.6575

(512  512)

99.7014

(1024  1024)

99.6730

(128  128)

99.6483

(256  256)

99.6834

(512  512)

99.6846

(1024  1024)

99.6661

(128  128)

99.6728

(256  256)

99.7231 16

Lena

Man

Moon Surface

Peppers

Tank

Test-Pattern

(512  512)

99.6575

(1024  1024)

99.6700

(128  128)

99.6667

(256  256)

99.6453

(512  512)

99.6846

(1024  1024)

99.6577

(128  128)

99.5995

(256  256)

99.6911

(512  512)

99.6396

(1024  1024)

99.6700

(128  128)

99.7216

(256  256)

99.7048

(512  512)

99.6659

(1024  1024)

99.6619

(128  128)

99.6544

(256  256)

99.6728

(512  512)

99.6964

(1024  1024)

99.6657

(128  128)

99.6483

(256  256)

99.6758

(512  512)

99.6789

(1024  1024)

99.6665

(128  128)

99.7033

(256  256)

99.6560

(512  512)

99.6682

(1024  1024)

99.6804

From Table 5, we can see that a tiny difference in the key results in major changes in the corresponding cipher-images. Therefore, the proposed encryption scheme has a high key sensitivity. 5.3. Histogram analysis Histogram analysis is a very important feature which shows the frequency distribution of gray-level values in an image. A secure encryption scheme should generate an image with uniform histogram to improve resistance against statistical analysis. We analyzed the 17

histograms of several plain images and their encrypted images. Figure 7 gives the plain images of ‘Lena’, ‘Cameraman’, ‘Boat’, ‘Airport’, and their histograms, respectively. On the other hand, the encrypted images of ‘Lena’, ‘Cameraman’, ‘Boat’, ‘Airport’, and their histograms are illustrated in Fig. 8, respectively. It can be seen that the histograms of the encrypted images are nearly uniform and are completely distinct from the respective histograms of the plain images. As a result, the proposed algorithm can resist any statistical attack.

Figure 7: Plain images of ‘Lena’, ‘Cameraman’, Boat’, ‘Airport’, and their histograms, respectively (From left to right).

18

Figure 8: Encrypted images of ‘Lena’, ‘Cameraman’, Boat’, ‘Airport’, and their histograms, respectively (From left to right). 5.4. Correlation analysis An ordinary image contains pixels with high neighborhood correlations while in an encrypted image by a good encryption algorithm there is no correlation between any pixel and its adjacent pixels. Thus, a secure encryption scheme should transform a plain image into an encrypted image with low correlation among adjacent pixels. To compute and compare the correlations of neighborhood pixels in the plain and cipher images, we adopted the procedure given below. First, we randomly selected 2000 pairs of adjacent pixels in each direction from the plain image and its encrypted image. Then, the correlation coefficient between each pair was calculated as follows: 

M

  x 

i 1

rxy  M



  x i 1



i



i

 1 M

1 M

M

x j 1

M

x j 1

j

   

j

2

 1  yi   M  M



  y i 1



i



M

y j 1

1 M

j

   

M

y j 1

j

   

2

(22)

Where xi and y i form ith pair of horizontally/vertically/diagonally adjacent pixels, M is the total number of pairs of horizontally/vertically/diagonally adjacent pixels. The correlation coefficients in horizontal, vertical and diagonal directions of adjacent pixels for two pairs of the plain images mentioned above and their corresponding encrypted images are shown in Table 6. 19

Table 6: Correlation between pairs of plain and encrypted images. Image

Airplane

Airport

Barbara

Boat

Cameraman

Chemical Plant Clock

Couple

Elaine

House

Lena

Man

Direction

Plain image

Encrypted image Ref.[1]

Ref.[7]

Ref.[8]

Ref.[32]

Horizontal 0.9619

New scheme -0.0002

0.0011

-0.0164

0.0180

0.0045

Vertical

0.9797 image

-0.0090

-0.0035

-0.0181

0.0061

-0.0215

Diagonal 0.9640 Horizontal 0.8153

-0.0066 -0.0275

-0.0029 0.0040

0.0004 -0.0061

-0.0079 0.0094

-0.0015 -0.0142

Vertical

0.8722

-0.0154

-0.0174

-0.0079

-0.0107

-0.0141

Diagonal

0.7386

-0.0187

-0.0135

-0.0001

-0.0007

0.0002

Horizontal 0.9033

-0.0033

-0.0052

-0.0212

-0.0187

0.0037

Vertical

0.9719

-0.0269

-0.0067

-0.0161

-0.0016

-0.0202

Diagonal

0.8630

-0.0121

0.0068

-0.0110

0.0001

0.0046

Horizontal 0.9389

-0.0100

-0.0054

-0.0189

-0.0295

-0.0138

Vertical

0.9425

-0.0124

-0.0009

0.0003

-0.0150

-0.0199

Diagonal

0.9070

-0.0185

0.0026

-0.0204

-0.0224

-0.0057

Horizontal Vertical Diagonal Horizontal Vertical Diagonal Horizontal Vertical Diagonal Horizontal Vertical Diagonal Horizontal Vertical Diagonal Horizontal Vertical Diagonal Horizontal Vertical Diagonal Horizontal

0.9305 0.9619 0.9167 0.9404 0.8913 0.8502 0.9353 0.9621 0.9233 0.9306 0.8925 0.8494 0.9715 0.9789 0.9504 0.8669 0.7929 0.7321 0.9341 0.9726 0.9191 0.9415

-0.0095 -0.0170 -0.0119 -0.0134 -0.0005 -0.0033 0.0024 -0.0246 -0.0081 -0.0251 -0.0213 -0.0078 -0.0232 -0.0420 -0.0030 -0.0095 -0.0259 -0.0094 -0.0048 -0.0112 -0.0045 -0.0155

-0.0211 -0.0103 0.0054 -0.0073 -0.0073 -0.0115 -0.0140 -0.0139 -0.0175 -0.0178 -0.0025 0.0001 -0.0065 -0.0096 -0.0148 -0.0126 -0.0097 -0.0123 -0.0086 -0.0102 -0.0125 -0.0190

0.0063 -0.0142 0.0168 -0.0069 -0.0100 -0.0078 -0.0248 -0.0172 -0.0025 -0.0122 0.0262 -0.0257 -0.0191 -0.0130 -0.0096 0.0023 -0.0187 -0.0225 -0.0066 -0.0089 0.0424 -0.0083

-0.0047 -0.0195 0.0279 -0.0091 -0.0029 -0.0092 -0.0143 0.0097 0.0120 -0.0236 -0.0045 0.0016 -0.0066 -0.0019 0.0007 -0.0339 0.0186 -0.0001 0.0011 0.0098 -0.0227 0.0022

-0.0009 -0.0223 0.0025 0.0072 -0.0015 -0.0040 -0.0123 -0.0041 -0.0027 -0.0106 -0.0047 0.0262 -0.0062 -0.0197 -0.0169 0.0109 -0.0173 -0.0002 -0.0063 -0.0109 -0.0154 -0.0100

20

Moon Surface

Peppers

Tank

Test-Pattern

Average

Vertical Diagonal Horizontal Vertical Diagonal Horizontal Vertical Diagonal Horizontal Vertical Diagonal Horizontal Vertical Diagonal Horizontal Vertical Diagonal

0.9566 0.9072 0.9056 0.9604 0.9104 0.9756 0.9739 0.9575 0.9440 0.8958 0.8650 0.8853 0.9225 0.8354 -

-0.0276 -0.0157 -0.0062 -0.0075 -0.0044 -0.0056 -0.0162 -0.0113 -0.0202 -0.0200 -0.0013 -0.0087 0.0002 -0.0220 -0.0113 -0.0173 -0.0099

-0.0095 -0.0141 -0.0288 -0.0194 -0.0137 -0.0089 -0.0113 0.0045 0.0049 -0.0128 -0.0011 0.0079 0.0015 -0.0134 -0.0086 -0.0090 -0.0067

-0.0180 0.0250 -0.0065 0.0063 0.0135 0.0194 -0.0091 0.0123 -0.0185 -0.0119 -0.0249 -0.0075 0.0284 -0.0250 -0.0091 -0.0064 -0.0024

-0.0226 0.0060 -0.0212 -0.0166 0.0138 0.0071 -0.0065 -0.0165 -0.0383 -0.0362 0.0220 0.0039 0.0022 -0.0064 -0.0099 -0.0057 -0.0001

-0.0027 -0.0195 -0.0063 0.0142 -0.0091 0.0038 -0.0082 0.0078 -0.0159 -0.0114 0.0126 0.0060 -0.0010 0.0312 -0.0038 -0.0103 0.0006

In addition, Fig. 9 shows the correlation of two horizontally, vertically and diagonally adjacent pixels in the plain and encrypted images of ‘Lena’, respectively.

21

(a)

(b)

(d)

(e)

(c)

(f)

Figure 9: The distribution of two adjacent pixels in the plain and encrypted images of “Lena”: Frames (a) and (d) distributions of two horizontally adjacent pixels in the plain and encrypted images of “Lena”, respectively. Frames (b) and (e) distributions of two vertically adjacent pixels in the plain and encrypted images of “Lena”, respectively. Frames (c) and (f) distributions of two diagonally adjacent pixels in the plain and encrypted images of “Lena”, respectively. As can be seen from Table 6, the correlation coefficients of the plain images are close to 1 while those of encrypted images are approximately equal to 0. The average correlations in horizontal, vertical and diagonal directions for the proposed algorithm obtained for all tested images are smaller than those obtained with algorithms studied in [1,7,8,32]. Then, the proposed encryption scheme generates an image with de-correlated adjacent pixels. This indicates that the proposed scheme is secure against statistical attacks.

5.5. Information entropy analysis Information entropy is a statistical measure of disorder. In order to evaluate its randomness, the measure of information entropy of a cipher image is carried out using the following equation:

22

K

E ( X )   p( xi ) log 2  p( xi ) 

(23)

i 1

Where p( xi ) represents the probability of pixel xi and K is total number of pixels in an image. For a grayscale image there are 2 8 possible values (range of [0,255]), the theoretical entropy value is equal to 8 when the pixels appear with the same probability. Consequently, to confirm the efficiency of the proposed scheme the information entropy of the encrypted image must be close to 8. We computed the information entropy for many encrypted images. The results summarized in Table 7 demonstrate that the entropies of all encrypted images are close to 8. Therefore, it can be concluded that our scheme has an average entropy of 7.9977 which is comparable to that studied in [1] and better than those of the schemes in [7,8,32]. Hence, the proposed encryption scheme is robust against entropy attacks. Table 7: Entropies of encrypted images Image

Entropy New scheme Airport 7.9960 Airplane 7.9974 Barbara 7.9978 Boat 7.9980 Cameraman 7.9985 Chemical Plant 7.9964 Clock 7.9992 Couple 7.9976 Elaine 7.9985 House 7.9981 Lena 7.9963 Man 7.9975 Moon Surface 7.9987 Peppers 7.9985 Tank 7.9969 Test-Pattern 7.9986 Average 7.9977

Ref.[1] 7.9966 7.9965 7.9964 7.9979 7.9966 7.9986 7.9974 7.9987 7.9972 7.9989 7.9991 7.9974 7.9979 7.9973 7.9990 7.9988 7.9978

Ref.[7] 7.9966 7.9926 7.9937 7.9960 7.9955 7.9947 7.9984 7.9951 7.9939 7.9978 7.9951 7.9990 7.9951 7.9965 7.9976 7.9967 7.9959

Ref.[8] 7.9969 7.9954 7.9957 7.9959 7.9964 7.9990 7.9956 7.9980 7.9971 7.9952 7.9965 7.9965 7.9954 7.9958 7.9965 7.9984 7.9965

Ref.[32] 7.9957 7.9966 7.9964 7.9985 7.9990 7.9940 7.9977 7.9956 7.9951 7.9958 7.9964 7.9949 7.9969 7.9971 7.9997 7.9977 7.9967

5.6. Sensitivity analysis There are two measures used to test the influence of changing one pixel in the plain image on the encrypted image, which are Number of Pixel Change Rate (NPCR) and Unified Average Changing Intensity (UACI) [25]. The former is used to measure the number of different pixels between the two images, whereas the latter is used to measure the average intensity 23

difference. Let I1 (i, j ) and I 2 (i, j ) be the (i, j )th pixel of two images I1 and I2, respectively. The NPCR and UACI are defined by Eqs. (24) and (25), respectively.

NPCR 

 D(i, j) i; j

N

100%

(24)

Where N is the total number of pixels in the image and D(i, j ) is defined as

0 if I1 (i, j )  I 2 (i, j ) D(i, j )   1 if I1 (i, j )  I 2 (i, j )

UACI 

I1 (i, j )  I 2 (i, j )  1   100% N  i, j 2K  1 

(25)

Where K is the number of bits used to represent a gray scale pixel value. The expected values of NPCR and UACI for a strong encryption scheme are given by the following equations, respectively: 1   NPCR ( Expected )  1  L   100%  2 

(26)

 2 1    k (k  1)  1   UACI ( Expected )  2 L  k 1 L  100% 2  2  1     

(27)

L

Where, 2 L is the number of bits used to represent one pixel of an image. For an 8-bit grayscale image, the expected values of NPCR and UACI are 99.6094% and 33.4635%, respectively. We obtained NPCR and UACI for a large number of images by using our proposed algorithm and other algorithms, their testing results are shown in Tables 8 and 9, respectively. In addition, we compared the NPCR and UACI of the proposed scheme and the schemes in [1,7,8,32] in Table 10. We found NPCR to be over 99.6% for all the images, so the encryption scheme is very sensitive to small pixel changes in the plain-image. The UACI, in all the test cases, was better than 33% which indicates that the rate of influence related to single-pixel change in plain image is very high. As can be seen from Table 10, the proposed encryption scheme and the 24

one studied in 8] have better NPCR performance than other algorithms. Moreover, the UACI performance of the proposed algorithm is in agreement with those of algorithms in [1,8,32] and better than the one investigated in[7]. Results show that our algorithm is not vulnerable to the differential attacks. Table 8: The NPCR and UACI of encrypted images by changing their plain images one bit. Image Airport Airplane Barbara Boat Cameraman Chemical Plant Clock Couple Elaine House Lena Man Moon Surface Peppers Tank Test-Pattern Average

NPCR (%) 99.6150 99.6083 99.6092 99.6102 99.6205 99.6121 99.6102 99.6399 99.6143 99.6200 99.6228 99.6070 99.6139 99.6319 99.6290 99.6195 99.6177

UACI (%) 33.5625 33.5359 33.7431 33.5367 33.7786 33.6068 33.5820 33.8085 33.5160 33.4914 33.7041 33.7905 33.6898 33.6923 33.9213 33.7515 33.6694

Table 9: The NPCR and UACI of encrypted images for algorithms in [1,7,8,32]. Image

NPCR (%) Ref.[1] 99.6107 Airport 99.6077 Airplane 99.6162 Barbara 99.6281 Boat 99.6292 Cameraman Chemical Plant 99.6131 99.6218 Clock 99.6292 Couple 99.6107 Elaine 99.6257 House 99.6146 Lena

Ref.[7] 99.5662 99.5565 99.5227 99.5609 99.5749 99.5325 99.5910 99.5606 99.5431 99.5332 99.5511 25

Ref.[8] 99.6180 99.6231 99.6402 99.6209 99.6105 99.6258 99.6126 99.6312 99.6299 99.6182 99.6092

Ref.[32] 99.6201 99.5499 99.5178 99.5743 99.6216 99.6185 99.5728 99.5468 99.5529 99.6078 99.6231

99.6084 99.6168 99.6092 99.6131 99.6177 99.6170 UACI (%) Ref.[1] 33.6632 Airport 33.4143 Airplane 33.5776 Barbara 33.6145 Boat 33.7050 Cameraman Chemical Plant 33.8543 33.4836 Clock 33.6446 Couple 33.6163 Elaine 33.7022 House 33.5561 Lena 33.6744 Man Moon Surface 33.5333 33.6284 Peppers 33.7155 Tank 33.5046 Test-Pattern Man Moon Surface Peppers Tank Test-Pattern Average Image

99.5417 99.5684 99.5808 99.5794 99.5679 99.5582

99.6211 99.6172 99.6236 99.6687 99.6541 99.6265

99.5514 99.6033 99.5728 99.6078 99.6185 99.5850

Ref.[7] 33.3716 33.4063 33.3890 33.4176 33.3691 33.3872 33.4147 33.3723 33.3853 33.3912 33.3461 33.3684 33.3758 33.3540 33.4045 33.3975

Ref.[8] 33.6183 33.5817 33.6714 33.6018 33.6862 33.3825 33.5793 33.7252 33.6232 33.7240 33.6322 33.4720 33.6993 33.7386 33.5224 33.6340

Ref.[32] 33.5961 33.6640 33.5052 33.3975 33.7326 33.5831 33.9272 33.8911 33.7063 33.7656 33.8144 33.6949 33.8063 33.4723 33.7415 33.4487

Table 10: Comparison of NPCR and UACI with other algorithms. Algorithm Proposed algorithm Ref.[1] Ref.[7] Ref.[8] Ref.[32]

NPCR (%) (average) 99.6177 99.6170 99.5582 99.6265 99.5850

UACI (%) (average) 33.6694 33.6180 33.3844 33.6183 33.6717

5.7. Encryption Quality Visual inspection is one of the most important metrics to judge the effectiveness of an encryption algorithm. If an encryption algorithm conceals most of the features of a plaintext image, then the algorithm is considered to be strong. Although, one can examine the effectiveness of an algorithm using visual inspection, in some scenarios this may not give any 26

indication about the hidden loopholes. So various metrics have been proposed in the literature to measure the quality of encryption [26,27]. 5.7.1. Maximum Deviation The quality of an encryption algorithm can be judged by deviation in pixel values between plaintext image and ciphertext image [27,28,29]. If deviation (changes) of pixels is the maximum between original and encrypted images, then the encryption algorithm is the best in the terms of security [29]. Maximum deviation can be calculated as follows [29]: MD 

D0  DN 1 N 2   Di , 2 i 1

(28)

where N is the total number of gray values and Di , is the amplitude of difference histogram D (calculated through the difference of histogram between plaintext image and ciphertext image) at index i . Higher value of M D indicates that the ciphertext image is very deviated from the plaintext image. Table 11 shows the results of maximum deviation metric for the proposed algorithm and algorithms in [1,7,8,32]. Comparison of average values of maximum deviation shows that the proposed scheme and schemes in [1,8] have better performance than those of [7,32]. Based on these results, we can conclude that the values of maximum deviations of the suggested algorithm do not reveal any significant information about the quality of encryption. As a result, we can conclude that the maximum deviation metric cannot provide sufficient information about the security of an encryption algorithm. 5.7.2. Irregular Deviation Maximum deviation parameter alone cannot be used for checking the quality of encryption, because in some cases, it may give imprecise results [30]. Another parameter known as irregular deviation can also be used to check the quality of a ciphertext image. The irregular deviation measures how the statistical distribution of deviation between plaintext and ciphertext images is close to the uniform statistical distribution [30]. The irregular deviation can be defined as [30]: N 1

I D   H Di ,

(29)

i 0

Where, H Di  hi  AH , hi is the amplitude of histogram at index i , which can be computed after taking the absolute difference of plaintext and ciphertext images and AH is the average sum of histogram values. When the value of I D is low, it indicates that the pixels distribution is uniform and hence the quality of encrypted image is high. The values of irregular deviation for the proposed algorithm and other algorithms are shown in Table 12. It is clear from this table that the obtained results for the proposed algorithm are in an acceptable range and are comparable with those of other algorithms. Consequently, the lower irregular deviation values reflect the strength of the proposed algorithm. 5.7.3. Deviation from Uniform Histogram For an ideal encryption algorithm, the ciphertext image ( C i ) must have uniform histogram distribution. It means that the probability of each pixel in ciphertext image must be 27

completely uniform. Mathematically, an ideal histogram for a ciphertext image can be calculated as [31]: M  N , 0  Ci  255  (30) H Ci   256  elsewhere 0, Using the above concept, Elashry et al. proposed a new metric [31] (deviation from uniform histogram) for measuring the quality of encrypted images. The deviation from uniform histogram can be written as [31]: 255

DH 

| H

Ci  0

Ci

 HC |

M N

(31)

,

where H Ci is the ideal histogram value at index i , H C is the actual histogram of ciphertext image and M  N is the size of ciphertext image. A lower value of DH represents a better encryption quality. The results of deviation from uniform histogram are depicted in Table 13. As can be seen from this table, the proposed scheme and those studied in [1,8] have approximately lower values of deviation from uniform histogram than those of algorithms in [7,32]. Thus, it is clear that the results are in favor of the proposed technique as the values of DH are less deviated from the uniform histogram. Table 11: Maximum Deviation of the proposed scheme compared to previous schemes. Image

Maximum Deviation New scheme Ref.[1] 26232 28208 Airport 21148 21148 Airplane 18148 18155 Barbara 25442 25716 Boat 18007 17148 Cameraman 18535 Chemical Plant 18835 24823 23569 Clock 17674 17074 Couple 17428 17403 Elaine 17984 17142 House 21339 21786 Lena 21604 19755 Man 17015 Moon Surface 16747 22935 24254 Peppers 17586 17690 Tank 15805 14787 Test-Pattern 19962 Average 20109 28

Ref.[7] 25717 22052 19384 25193 16803 17711 23826 16880 17071 17571 19931 21396 16286 22966 16401 16312 19719

Ref.[8] 27206 21778 17944 25367 16674 17956 25642 17142 18286 17138 20811 20962 16909 22648 18212 16481 20072

Ref.[32] 28204 21279 19394 23445 17240 18583 23005 16966 17494 17707 20902 20690 16898 23173 17478 14877 19833

Table 12: Irregular Deviation of the proposed scheme in comparison to previous schemes. Image

Irregular Deviation New scheme Ref.[1] 17106 16780 Airport 40306 40434 Airplane 42708 42674 Barbara 36226 36098 Boat 39244 38900 Cameraman 45096 Chemical Plant 44762 27442 27210 Clock 50470 50406 Couple 45674 46126 Elaine 43016 42996 House 40480 40904 Lena 37158 36996 Man 54604 Moon Surface 54198 35088 35242 Peppers 57294 57284 Tank 40654 40270 Test-Pattern 40739 40751 Average

Ref.[7] 16586 40358 43014 36220 39414 45438 27230 50578 45854 42938 40768 36882 54696 34706 57482 40250 40776

Ref.[8] 17008 40294 42556 36124 39380 45258 27264 50294 45964 42714 40820 36956 54530 34824 57218 40270 40717

Ref.[32] 17700 41060 42840 36092 38604 45170 27728 50194 45590 43114 40634 37092 54434 34350 57044 40590 40765

Table 13: Deviation from Uniform Histogram of the proposed scheme in comparison to previous schemes. Image

Deviation from Uniform Histogram New scheme Ref.[1] Ref.[7] Ref.[8] 0.0927 0.0943 0.1071 0.0934 Airport 0.0983 0.0969 0.0995 0.0943 Airplane 0.0976 0.0967 0.1012 0.0928 Barbara 0.0958 0.0902 0.0995 0.0985 Boat 0.0942 0.0941 0.1065 0.0920 Cameraman 0.0948 0.1029 0.0943 Chemical Plant 0.0951 0.0949 0.0930 0.0995 0.0984 Clock 0.0996 0.0972 0.0992 0.0938 Couple 0.0941 0.0938 0.1066 0.0975 Elaine 0.0882 0.0951 0.1141 0.0994 House 0.0994 0.0974 0.1001 0.0934 Lena 0.0874 0.0944 0.0948 0.0974 Man 29

Ref.[32] 0.0958 0.0951 0.0975 0.0951 0.0955 0.0965 0.0966 0.0981 0.0988 0.0963 0.0962 0.0980

Moon Surface Peppers Tank Test-Pattern Average

0.0935 0.0917 0.0914 0.0905 0.0940

0.0956 0.0938 0.0912 0.0917 0.0944

0.1007 0.0979 0.0990 0.1027 0.1020

0.0984 0.0977 0.0922 0.0958 0.0956

0.0936 0.0946 0.0930 0.2699 0.1069

5.8. Contrast analysis The contrast of an image can be defined as the difference of brightness between light and dark parts in an image. Indeed, the contrast shows the light distribution in an image. Visually, the contrast is interpreted as the spreading of the image brightness histogram. In this sense, we analyzed the contrast for the proposed algorithm and those of related works. The contrast is given by Eq. (32):

C   i  j p(i, j ) 2

(32)

i, j

Where, p(i, j ) is the number of gray-level co-occurrence matrices. The experimental results for some encrypted images with the proposed scheme and those of other algorithms are reported in Table 14. Based on these results, we can conclude that all encrypted images under the proposed method have high contrast, which confirms the effectiveness of the proposed algorithm to produce high randomness in encrypted image. Moreover, the comparison with other algorithms shows that the proposed scheme has a slightly better performance of contrast, while schemes presented in [1,8] have nearly similar values of contrast. Table 14: Contrast of the proposed scheme compared to previous schemes. Image

Contrast New scheme 8.5696 Airport 8.5294 Airplane 8.5094 Barbara 8.6248 Boat 8.7474 Cameraman Chemical Plant 8.6470 8.5704 Clock 8.6674 Couple 8.6160 Elaine

Ref.[1] 8.6029 8.5493 8.5222 8.5646 8.6447 8.6067 8.6028 8.6619 8.5609 30

Ref.[7] 8.6077 8.6112 8.6063 8.5670 8.6053 8.6712 8.4440 8.5425 8.5974

Ref.[8] 8.6316 8.6728 8.5970 8.6824 8.6459 8.5726 8.6303 8.6126 8.5573

Ref.[32] 8.4450 8.5848 8.5867 8.6146 8.4327 8.6464 8.6432 8.5592 8.5934

House Lena Man Moon Surface Peppers Tank Test-Pattern Average

8.5118 8.6453 8.6937 8.5984 8.5998 8.7132 8.6769 8.6200

8.7217 8.5925 8.6831 8.6021 8.5833 8.6195 8.6131 8.6082

8.6264 8.6128 8.5883 8.5343 8.6597 8.5889 8.6577 8.5950

8.6147 8.6312 8.6527 8.6070 8.5512 8.6251 8.5729 8.6161

8.5489 8.6174 8.5654 8.5549 8.5710 8.6273 8.5266 8.5698

5.9. Execution time and computation complexity The execution time of an image encryption scheme depends on many factors as CPU structure, memory size, operating system, the programming language, compiler options, programming skill and code optimization. Thus, it is pointless and uncommon to make an explicit comparison for two or more encryption schemes without using the same environment. Notwithstanding, we have undertaken an analysis for the explicit comparison between the proposed encryption scheme and competitive schemes. We used the same environment (Computer of Core i3-3227U 1.9 CPU with 4 GB RAM running on Windows 7 and MATLAB 7.9) for measuring the speed of the image cipher for all the schemes. We implemented MATLAB codes for the proposed encryption scheme and other schemes in order to give approximate encryption speeds. For accuracy, each set of the timing tests was executed several times for a considerable number of times and then we reported the obtained average. Table 15 gives the speed performance of the proposed algorithm and other algorithms for different sizes of images. As can be seen in Table 15, the proposed scheme has an acceptable speed. Table 15: Comparison of encryption speeds (ms) for proposed algorithm and other algorithms. Scheme

Image size (128  128)

(256  256)

(512  512)

(1024  1024)

New scheme

52

95

497

2513

Ref.[1]

45

79

343

2021

Ref.[7]

76

122

543

2784

Ref.[8]

38

71

313

1947

Ref.[32]

71

109

526

2682

31

Moreover, we calculated the computation complexity of the proposed algorithm. In fact, it consist in measuring the size of an instance (the number of operations and steps required to accomplish the encryption/decryption process)- neglecting some details such as the operating system, the programming language, the hardware the algorithm runs on, and programming skill [33, 34]. The proposed scheme needs O(M  N ) (where M  N is the number of pixels) iterations to complete the whole encryption process, which is efficient for real time applications.

6. Application for color images We applied the proposed encryption scheme for color images. Some analyses were performed and a comparison with two related works was carried out. The 256 × 256 true color JPEG images of ‘Lena’ and ‘Peppers’ (Figs.10(a),(b)) were used as plain-images. During the encryption process, we adopted the same secret key used in Section 5. The plain images of ‘Lena’ and ‘Peppers’, and their encrypted images with the proposed algorithm are shown in Figs.10(a),(b) and Figs.10(c),(d), respectively. Figs.11(a)-(c) andFigs.12(a)-(c) show the histograms of plain image’s R, G, B channels and encrypted image’s R, G, B channels of ‘Lena’, respectively. It is seen from Figs.12(a)-(c) that the histogram of encrypted image has uniform behavior, which confirms that the proposed algorithm is strong against statistical attack. Moreover, Figs.13(a)-(f) contain the plots of the correlation distributions in horizontal, vertical and diagonal directions in the plain and encrypted images of ‘Lena’ for R component, respectively. The correlation coefficients for two adjacent pixels (in all directions) in R, G, B components of plain images and encrypted images are listed in Tables 16 and 17, respectively. It is clear that in plain images the correlation coefficients are high, whereas in the encrypted images the neighboring pixels satisfy zero correlation. Furthermore, comparison with schemes in [1,8] shows that the proposed encryption method has advantages in terms of correlation in horizontal and diagonal directions. As can see from Table 18, the entropies of R, G, B components of each encrypted image are very close to 8 and are slightly higher than those of other algorithms. NPCR and UACI performances of R, G, B components of each encrypted image are listed in Table 19. It can be deduced from this table that the proposed encryption algorithm and that in [8] have slightly better performances of NPCR and UACI as compared with that in [1]. Therefore, the proposed algorithm is suitable for color images and can be selected as a candidate for a good color image encryption.

32

(a)

(b)

(c)

(d)

Figure 10: Plain images and their encrypted images: Frames (a) and (b) Plain images of ‘Lena’ and ‘Peppers’, respectively. Frames (c) and (d) Encrypted images of ‘Lena’ and ‘Peppers’, respectively.

(a) Red

(b) Green

(c) Blue

Figure 11: Histograms of the original image of ‘Lena’ (a) Red, (b) Green and (c) Blue.

33

(a) Red

(b) Green

(c) Blue

Figure 12: Histograms of the encrypted image of ‘Lena’ (a) Red, (b) Green and (c) Blue.

(a)

(d)

(b)

(c)

(e)

(f)

Figure 13: The distribution of two adjacent pixels in the plain image of “Peppers” in the red component and its encrypted image: Frames (a) and (d) distributions of two horizontally adjacent pixels in the plain image of “Peppers” in the red component and its encrypted image, respectively. Frames (b) and (e) distributions of two vertically adjacent pixels in the plain 34

image of “Peppers” in the red component and its encrypted image, respectively. Frames (c) and (f) distributions of two diagonally adjacent pixels in the plain image of “Peppers” in the red component and its encrypted image, respectively. Table 16: Correlation coefficients of two adjacent pixels in plain-images. Image

Horizontal R

Lena

Vertical

G

B

R

Diagonal G

B

R

G

B

0.9278 0.9316 0.8867 0.9635 0.9648 0.9280 0.8993 0.9075 0.8449

Peppers 0.9929 0.9903 0.9916 0.9877 0.9889 0.9821 0.9789 0.9805 0.9711

Table 17: Correlation coefficients of two adjacent pixels in encrypted-images. Image

New scheme Horizontal R

G

Vertical B

R

Diagonal G

B

R

G

B

Lena

-0.0362 -0.0089 -0.0105 -0.0141 -0.0134 -0.0486 -0.0464 -0.0189 -0.0501

Peppers

-0.0413 -0.0107 -0.0142 -0.0043 -0.0022 -0.0092 -0.0002 -0.0082 -0.0164

Average -0.0388 -0.0098 -0.0124 -0.0092 -0.0078 -0.0289 -0.0233 -0.0136 -0.0333 Image

Ref.[1] Horizontal R

G

Vertical B

R

Diagonal G

B

R

G

Lena

-0.0153 -0.0276 -0.0242 -0.0082 -0.0167 -0.0109 -0.0016 0.0058

Peppers

-0.0099 0.0017

B -0.0179

-0.0089 -0.0018 -0.0101 -0.0141 -0.0008 -0.0383 -0.0015

Average -0.0126 -0.0130 -0.0165 -0.0050 -0.0134 -0.0125 -0.0012 -0.0163 -0.0097 Image

Ref.[8] Horizontal R

Lena

G

Vertical B

R

Diagonal G

B

R

G

B

-0.0112 -0.0042 -0.0085 -0.0045 -0.0230 -0.0355 -0.0084 -0.0280 -0.0009 35

Peppers

-0.0069 -0.0258 -0.0205 -0.0210 -0.0034 0.0022

-0.0009 -0.0047 -0.0078

Average -0.0090 -0.0150 -0.0145 -0.0128 -0.0132 -0.0166 -0.0046 -0.0164 -0.0043

Table 18: Entropy results for encrypted images. Image

Entropy New scheme R

Ref.[1]

G

B

R

Ref.[8] G

B

R

G

B

Lena

7.9988 7.9967 7.9990 7.9971 7.9966 7.9972 7.9968 7.9975 7.9983

Peppers

7.9980 7.9971 7.9985 7.9988 7.9968 7.9975 7.9972 7.9977 7.9987

Average 7.9984 7.9969 7.9987 7.9979 7.9967 7.9974 7.9970 7.9976 7.9985

Table 19: The NPCR and UACI of encrypted images by changing their plain images a single bit. Image

NPCR New scheme R

G

Ref.[1] B

Ref.[8]

R

G

B

R

G

B

Lena

99.6143 99.6216 99.6250 99.6162 99.6089 99.6162 99.6173 99.6233 99.6186

Peppers

99.6190 99.6182 99.6222 99.6177 99.6223 99.6192 99.6182 99.6177 99.6272

Average 99.6166 99.6199 99.6236 99.6170 99.6156 99.6177 99.6178 99.6205 99.6229

Image

UACI New scheme R

Lena

G

Ref.[1] B

Ref.[8]

R

G

B

R

G

B

33.6532 33.5700 33.7022 33.4966 33.5645 33.6164 33.7075 33.6728 33.5293

36

Peppers

33.6126 33.6480 33.6130 33.6129 33.5859 33.6387 33.6813 33.5364 33.6506

Average 33.6329 33.6090 33.6576 33.5547 33.5752 33.6275 33.6944 33.6046 33.5900

7.

Conclusion

This paper presented a new image encryption approach based on substitution-permutation (SP) network structure and chaotic systems. The proposed approach used two chaotic systems combined with strong S-boxes to achieve better confusion and diffusion. A variety of simulation tests and analyses were carried out to prove the security and the performance of the proposed encryption scheme including statistical, differential, quality, contrast and speed analyses. All the results show that the proposed encryption approach has superior performance than those used in the literature. Future work will deal with selective encryption schemes. Acknowledgments The authors would like to thank Dr. M. Cagnazzo and the anonymous reviewers for their constructive and valuable comments to improve the quality of this work. This work is supported by Ministry of Higher Education and Scientific Research (Egypt-Tunisia Cooperation Program: 4-13 A1).

References 1. X. Wang, L. Teng, X. Qin, A novel colour image encryption algorithm based on chaos, Signal Process. 92 (4) (2012) 1101-1108. 2. H. Liu, X. Wang, Color image encryption using spatial bit-level permutation and highdimension chaotic system, Opt. Commun. 284 (16-17) (2011) 3895–3903. 3. H. Liu,X. Wang, A. Kadir, Color image encryption using Choquet fuzzy integral and hyper chaotic system, Optik - International Journal for Light and Electron Optics. 124 (2013) 3527-3533. 4. Y. Zhou, L. Bao, C.L.Philip Chen, A new 1D chaotic system for image encryption, Signal Process. 97 (2014) 172–182.

37

5. H. Liu, A. Kadir, Y. Niu, Chaos-based color image block encryption scheme using Sbox, AEU - Int. J. Electron. Commun. 68 (7) (2014) 676-686. 6. P. Ping, F. Xu, Z.J. Wang, Image encryption based on non-affine and balanced cellular automata, Signal Process. 105 (2014) 419-429. 7. X. Wang, L. Liu, Y. Zhang, A novel chaotic block image encryption algorithm based on dynamic random growth technique, Opt. Lasers Eng. 66 (2015) 10-18. 8. Z. Hua, Y. Zhou, C.M. Pun, C.L. Philip Chen, 2D Sine Logistic modulation map for image encryption, Inf. Sci. 297 (2015) 80-94. 9. H. Liu, X. Wang, Color image encryption based on one-time keys and robust chaotic maps, Computers and Mathematics with Applications. 59 (10) (2010) 3320–3327. 10. M.A. Murillo-Escobar, C. Cruz-Hernández, F. Abundiz-Pérez, R.M. López-Gutiérrez, O.R. Acosta Del Campo, A RGB image encryption algorithm based on total plain image characteristics and chaos, Signal Process. 109 (2015) 119-131. 11. J.X. Chen, Z.L. Zhu, C. Fu, H. Yu, Y. Zhang, Reusing the permutation matrix dynamically for efficient image cryptographic algorithm, Signal Process. 111 (2015) 294-307. 12. C. Li, Y. Liu, L. Yu Zhang, K.W. Wong, Cryptanalyzing a class of image encryption schemes based on Chinese remainder theorem, Signal Processing: Image Communication. 29 (8) (2014) 914-920. 13. Y. Zhang, Comments on "Color image encryption using Choquet fuzzy integral and hyper chaotic system", Optik - International Journal for Light and Electron Optics. 12 (19) (2014) 5560-5565. 14. A. Jolfaei, X.W. Wu, V. Muthukkumarasamy, Comments on the security of “Diffusion–substitution based gray image encryption” scheme, Digital Signal Processing. 32 (2014) 34-36. 15. F. G. Jeng, W.L. Huang, T.H. Chen, Cryptanalysis and improvement of two hyperchaos-based image encryption schemes, Signal Processing: Image Communication. 34 (2015) 45-51. 16. A. Belazi, H. Hermassi, R. Rhouma, S. Belghith, Algebraic analysis of a RGB image encryption algorithm based on DNA encoding and chaotic map, Nonlinear Dyn. 76 (4) (2014) 1989-2004. 38

17. C. Li, Cracking a hierarchical chaotic image encryption algorithm based on permutation, Signal Process. 118 (2016) 203-210. 18. I. Hussain, T. Shah, M.A. Gondal,H. Mahmood, An efficient approach for the construction of LFT S-boxes using chaotic logistic map, Nonlinear Dyn. 71 (1) (2013) 133–140. 19. L. Acho, A discrete-time chaotic oscillator based on the logistic map: A secure communication scheme and a simple experiment using Arduino, Journal of the Franklin Institute. 352 (8) (2015) 3113–3121. 20. Y.Q. Zhang, X.Y. Wang, Spatiotemporal chaos in mixed linear–nonlinear coupled logistic map lattice, Physica A: Statistical Mechanics and its Applications. 402 (2014) 104 - 118. 21.

M. Zhang, X. Tong, A new chaotic map based image encryption schemes for several image formats, J. Syst. Softw. 98 (2014) 140–154.

22. http://sipi.usc.edu/database/ 23. http://www.cs.cmu.edu/~cil/v-images.html 24. IEEE Task P754, IEEE 754–2008, Standard for Floating-Point Arithmetic, 2008. 25. M. Amin, A. A. Abd El-Latif, Efficient Modified RC5 Based on Chaos Adapted to Image Encryption, Journal of Electronic Imaging. 19 (1) (2010). 26. N. El-Fishawy, O. M. Abu Zaid, Quality of encryption measurement of bitmap images with RC6, MRC6, and Rijndael block cipher algorithms, International journal of network security. 5 (2007) 241-251. 27. A.A. Abd El-Latif, L. Li, T. Zhang, N. Wang, X. Song, X. Niu, Digital Image Encryption Based on Multiple Chaotic Systems, Sensing and Imaging. An International Journal. 13 (2) (2012) 67-88. 28. S. Lian.: Multimedia content encryption: techniques and applications. Auerbach Publications, (2008). 29. M. Usamaa, M. Khurram Khana, K. Alghathbara, C. Lee, Chaos-based secure satellite imagery cryptosystem, Computers and Mathematics with Applications. 60 (2010) 326–337.

39

30. H. M. Elkamchouchi, M. A. Mskar.: Measuring encryption quality for bitmap images encrypted with Rijndael and KAMKAR block ciphers, Twenty second national radio science conference (NRSC), Cairo Egypt (2005). 31. I. F. Elashry, O. S. Faragallah, A. M. Abbas, S. El-Rabaie, F. E. Abd El-Samie, A new method for encrypting images with few details using Rijndael and RC6 block ciphers in the electronic code book mode, Information security journal: A global perspective. 21 (2012) 193–205. 32. X.Y. Wang, L. Yang, R. Liu, A. Kadir, A chaotic image encryption algorithm based on perceptron model, Nonlinear Dyn. 62 (3) (2010) 615–621. 33. Y.Q. Zhang, X.Y. Wang , A new image encryption algorithm based on non-adjacent coupled map lattices , Appl. Soft Comput. 26 (2015) 10 -20. 34. Y.Q. Zhang, X.Y. Wang , A symmetric image encryption algorithm based on mixed linear–nonlinear coupled map lattice, Inf. Sci. 273 (2014) 329–351.

Highlights

 We propose a new image encryption approach based on substitutionpermutation network and chaotic systems.  Qualitative and quantitative analysis verify the effectiveness of the proposed encryption scheme.  The encryption scheme shows superior performance than previous schemes.

40