- Email: [email protected]
A novel image encryption scheme based on substitution-permutation network and chaos
Author’s Accepted Manuscript A novel image encryption scheme based on substitution-permutation network and chaos Akram Belazi, Ahmed A. Abd El-Latif, Safya Belghith www.elsevier.com/locate/sigpro
PII: DOI: Reference:
S0165-1684(16)30014-7 http://dx.doi.org/10.1016/j.sigpro.2016.03.021 SIGPRO6099
To appear in: Signal Processing Received date: 29 July 2015 Revised date: 26 March 2016 Accepted date: 29 March 2016 Cite this article as: Akram Belazi, Ahmed A. Abd El-Latif and Safya Belghith, A novel image encryption scheme based on substitution-permutation network and chaos, Signal Processing, http://dx.doi.org/10.1016/j.sigpro.2016.03.021 This is a PDF file of an unedited manuscript that has been accepted for publication. As a service to our customers we are providing this early version of the manuscript. The manuscript will undergo copyediting, typesetting, and review of the resulting galley proof before it is published in its final citable form. Please note that during the production process errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain.
A novel image encryption scheme based on substitution-permutation network and chaos Akram Belazi a, Ahmed A. Abd El-Latif b, Safya Belghith a a
b
National Engineering School of Tunis, Tunisia
Mathematics Department, Computer Science Laboratory, Faculty of Science, Menoufia University, Shebin ElKoom, 32511, Egypt
Abstract: In this paper, a novel image encryption approach based on permutation-substitution (SP) network and chaotic systems is proposed. It consists of four cryptographic phases : diffusion, substitution, diffusion and permutation. Firstly, a diffusion phase is proposed based on new chaotic map. Then, a substitution phase based on strong S-boxes followed by a diffusion phase based on chaotic logistic map are presented which will, in turn, significantly increase the encryption performance. Finally, a block permutation phase is accomplished by a permutation function to enhance the statistical performance of the proposed encryption approach. Conducted experiments based on various types of differential and statistical analyses show that the proposed encryption approach has high security, sensitivity and speed compared to previous approaches
Key words: systems.
Image encryption, S-box, permutation-substitution (SP) network, Chaotic
1. Introduction 1.1 Background The close relationship between chaotic dynamical systems and cryptosystems has opened the door for several chaos-based cryptosystem schemes, especially image encryption. Indeed, chaotic system exhibits random behavior and has a lot of inherent features, such as unpredictability, ergodicity, and sensitivity to their parameter (s) and initial value (s), which make them a good candidate to design secure cryptosystems. The behavior of the system is predictable if the initial conditions are available to the observer, whereas, in the absence of this knowledge, the system appears to be random. The random behavior can be used to induce confusion and diffusion in the plain image, thus enabling the data owner to safely transmit over insecure communication channel.
1
1.2 Review of the previous chaos-based encryption schemes The literature is rich of chaos-based image encryption designs. In what follows, we review some of those relevant to the present work. Wang et al. proposed an image encryption for color images based on chaotic system [1]. Liu and Wang [2] proposed an encryption scheme for color images using spatial bit-level permutation and a high-dimension chaotic system. In [3] Liu et al. proposed an image encryption using Choquet fuzzy integral and hyper chaotic system for color images. Zhou et al. [4] proposed 1D chaotic map by coupling the tent and the sine maps, which is then adapted to encipher the plain image. In [5] Liu et al., proposed a chaos-based color image block encryption scheme using S-box. Ping et al. proposed an image encryption based on non-affine and balanced cellular automata [6]. Wang et al. [7] proposed a chaotic block image encryption algorithm based on dynamic random growth technique. An image encryption scheme based on 2D sine logistic modulation map was proposed by Hua et al [8]. Liu and Wang [9] proposed a stream cipher scheme for color images based on one-time keys and piecewise linear chaotic map. Murillo-Escobar et al. proposed an image encryption scheme for color images in RGB format based on total plain image characteristics and chaos [10]. Chen et al. [11] proposed an encryption scheme with dynamic diffusion key stream obtained from the permutation matrix. 1.3 Limitations of encryption schemes On the other hand, the cryptanalysts play a vital role in the cryptanalysis of encryption schemes and study the performance analysis [12-17]. Qualitatively speaking, the security of most designed chaos-based schemes is groundless and most of them are slow. This is due to the small key space, the considerable iteration steps to comply the encryption process (the tradeoff between security and the overall performance) and the inappropriate key streams generation for the internal structure of encryption/decryption, which helps the cryptanalysts to break the schemes. The need for new encryption schemes taking into account the performance analysis of previous approaches by the cryptanalysts is essential in image encryption applications. 1.4 Contribution and organization of this work In this paper, we propose a new image encryption approach for secure digital images. It is composed of four cryptographic phases and uses two chaotic systems to control the structure of the encryption scheme so that it achieves high encryption performance. Firstly, a diffusion phase based on bitwise XOR operation and a new chaotic map is proposed. Then, a substitution phase based on strong S-boxes, proposed in [18], followed by a diffusion phase based on chaotic logistic map are introduced to enhance the encryption performance. Finally, a block permutation phase is accomplished by a permutation function, MAP function, to reinforce the statistical performance of the proposed encryption approach. Conducted experiments based on differential and statistical analyses show that the proposed cryptosystem approach is efficient and has good cryptographic properties. The superior results 2
of numerical analysis demonstrate that the proposed encryption scheme outperforms current image encryption schemes in terms of encryption performance. The remainder of this paper is organized as follows: Section 2 gives, as a preliminary work, an overview of the chaotic maps used in the proposed cryptosystem scheme. In Section 3, we present the S-box used in this paper. Section 4 presents, as comprehensively as possible, the design of the cryptosystem approach. The experimental results and security analyses are reported in Section 5. The application of the proposed scheme for color images is presented in Section 6. Finally, Section 7 concludes the paper. 2. Chaotic maps 2.1.
The logistic map
The logistic map is a well-known 1D nonlinear chaotic map and is defined as: y n1 y n 1 yn
(1)
Where 0,4 is the control parameter and y0 0,1 is the initial condition. The logistic map shows good behavior and is frequently used in many applications [19, 20]. The dynamics of the logistic map is validated using Hopf bifurcation diagrams (Fig.1) It is observed that the logistic map is chaotic for 3.57,4 and slight variations of the initial value produce major difference in the random generated values which are a non-periodic and non-converging sequence.
Figure 1: Bifurcation diagram of the logistic map. 2.2. The new chaotic map [21] The new chaotic map is defined as follows 3
xn1 xn4 xn2 1
(2)
Where 3,8 is the control parameter and x0 0,1 is the initial value. The hopf bifurcation diagram is shown in Fig. 2. The proof of chaos for the designed map can be found in [21].
Figure 2: Bifurcation diagram of the new chaotic map.
2.3. Comparison between logistic map and the new map In this section, we compare the dynamics analysis of the logistic map and the new chaotic map in terms of Lyapunov exponent and entropy. 2.3.1. Lyapunov exponent The Lyapunov exponent or Lyapunov characteristic exponent of a dynamical system is a quantity that characterizes the rate of divergence of nearby trajectories. It is used to prove the chaotic behavior of chaotic maps. The Lyapunov exponent is calculated by the following equation:
1 lim N N
N
log n 1
dxn1 dxn
(3)
The computation of Lyapunov exponent between the new map and the logistic map is shown in Tables 1 and 2. In addition, Fig. 3 shows the Lyapunov exponent of the logistic map and new chaotic map. Based on Tables 1 and 2, it is observed that the Lyapunov exponent of the new chaotic map is larger than famous logistic chaotic map. 4
(a) Lyapunov exponent of the logistic map
(b) Lyapunov exponent of the new chaotic map
Figure 3: Lyapunov exponent.
Table 1: Lyapunov exponent values for logistic map for different pairs of initial conditions (IC) and control parameters (CP). Pair (IC,PC)
Lyapunov exponent value
(0.3,4)
0.693141
(0.4,4)
0.693159
(0.6,4)
0.693159
(0.7,4)
0.69313
(0.3,3.99998)
0.690930
(0.7,3.99997)
0.690193
2.3.2. Approximate entropy analysis To quantify the complexity of the new map, we measured the approximate entropy. The calculation details of the approximate entropy are found in [21]. Table 3 shows the entropies of the new chaotic map and the logistic map, respectively. In addition, Fig. 4 shows the comparison of entropy between logistic map and new chaotic map. We can see that the new chaotic map outperforms the well-known chaotic logistic map.
5
Table 2: Lyapunov exponent values for new chaotic map for different pairs of initial conditions (IC) and control parameters (CP). Pair (IC,PC)
Lyapunov exponent value
(0.3,8)
1.38632
(0.4,7.6)
1.09744
(0.6,6.258)
0.996836
(0.5,6)
0.968348
(0.4,7.99)
1.35219
(0.6,7.999998)
1.38581
Table 3: Approximate entropy. Chaotic map
Logistic map
New chaotic map
Approximate entropy
1.09585
2.56042
(a) Entropy of the logistic map
(b) Entropy of the new chaotic map
Figure 4: Entropy analysis.
3.
Chaotic linear fractional transformation (LFT) S-boxes
In [18], Hussain et al. proposed an S-box method based on LFT in combination with chaotic logistic map and its derived maps. The chaotic maps are used to generate four random values which are assigned to the parameters a, b, c and d to be used by linear fractional transformation. This is applied to calculate the values of the elements of the S-boxes. 6
LFT-based S-boxes are constructed by the action of PGL(2, GF (28 )) on finite field of order 28 . The algebraic structure of LFT-based S-boxes depends on the linear fractional transformations f ( x) ax b where a, b, c , d GF (28 ) and ad bc 0 . With this cx d method, one can construct millions of secure S-boxes, particularly those corresponding to affine transformation satisfying the security analysis with optimal value. The LFT S-boxes are constructed as follows : f : PGL(2, GF (28 )) GF (28 ) GF (28 ), ax b f ( x) cx d
(4)
The process starts with the action of Galois field on the projective general linear group. The function f (x) depends on the values of a, b, c and d GF (28 ) , corresponding to every different combination of a, b, c and d from GF (28 ) one can construct a new 8×8 S-box. 4. The proposed encryption scheme Here, we propose a novel image encryption scheme based on the substitution-permutation structure and chaotic systems. 4.1. The MAP function The MAP function is denoted by MAP(n,p) where n is an integer number and p is a prime number. This function allows the generation of a chaotic sequence from 0,1,, n 2 range.
The MAP function is defined as follows: T=1:n×n; T1=reshape(T,n,n); for i=1: n for j=1: n TT(i,j)=mod((p×T1(i,j)),(n×n))+1; end end 4.2.
The PRIMES function
The PRIMES function is defined as: p=PRIMES(g) that returns a row vector containing all the prime numbers less than or equal to g. The data type of p is the same as that of g.
7
4.3.
Encryption process
The complete encryption process is given by the following steps (Fig. 5): Step 1: Input 8-bit gray image P(M , M ) , where M is the number of rows and also the number of columns in image P . Step 2: Generate a random sequence I 0 with length l M M using Eq. (2) and ( 0 , x0 ) pair, where 0 is the control parameter and x0 is the initial condition. Map the obtained sequence into an integer sequence J 0 0.255 as follows:
J 0 u int 8 mod I 01017 , 256
(5)
Then, apply the mask J 0 on the plain image P according to the following equation:
Psc bitxor ( P, J 0 )
(6)
Step 3: Generate 8 (8 8) S-boxes SBi , i 1,,8 according to the method described in Section 3. After that, divide the scrambled image Psc into 8 blocks Bi , i 1,,8 . Let
p , j 1,, n is the jth pixel in block B j
i
and n is total number of byte in Bi . Then substitute
each pixel p j of each block Bi as follows: s j SBi ( p j ) , i 1,,8 and j 1,, n
Where s j is the substituted pixel of p j with the S-box SBi . Then obtain the substituted image Ps . Step 4: Iterate Eq. (1) for l M M times to generate a random sequence F with the initial condition y 0 and the control parameter 0 . Then transform the obtained sequence into an integer sequence G 0.255 as follows:
G mod F 1014 ,256
(7)
Next, apply the mask G on substituted image Ps according to the following equation: Pc bitxor ( Ps , G)
(8)
Step 5: Decompose the matrix Pc to blocks of size (m, m) . The number of blocks is
thus
M M M M . Therefore, get the matrix Pd formed by these blocks with size , . mm m m 8
Therefore, permute Pd by sequence S and obtain the permuted matrix Pp . The sequences S is generated by the function MAP(
M ,p), m
where p is a prime number generated as follows:
2 Where L is the length of sequence Q which is obtained by iterating the function
pQ L
M M Ps (i, j ) Psc (i, j ) i 1 j 1 PRIMES with parameter g max Ps
2
z and z are the lower and the upper integer parts of z . Step 6: Set cmpt cmpt 1 and P Pp . If cmpt 8 update the values of y0 , 0 , x0 and
0 according to the following equations: M
y 0 0.9 y 0
M
mod( Pp (i, j ),1024) i 1 j 1
1024 M
0 0.95 0
i 1 j 1
512
0 0.95 0
0.05
(10)
M
mod( Pp (i, j ),1024) i 1 j 1
1024 M
(9)
M
mod( Pp (i, j ) 2 ,512)
M
x0 0.9 x0
0.1
0.1
(11)
0.05
(12)
M
mod( Pp (i, j ) 2 ,512) i 1 j 1
512
Then, repeat steps (2) - (5) until cmpt 8 to get the encrypted image C . 4.4 Decryption process The complete decryption process is given by the steps illustrated in Fig. 6: Set cmpt 1 and use the last values of p, y0 , 0 , x0 and 0 obtained from the encryption scheme.
9
Step 1: Decompose matrix C to blocks of size (m, m) and get the matrix C d formed by these
M M blocks with size , . Then permute C d by sequence S and obtain matrix C c . The m m M sequence S is generated by function MAPINV ( , p). m Here, MAPINV was the inverse function of MAP. Step 2: Iterate Eq. (1) for l M M times to generate a random sequence F with the initial condition y 0 and the control parameter 0 . Then transform the obtained sequence into an integer sequence G 0.255 as follows:
G mod F 1014 ,256
(13)
Therefore, we apply the mask G on matrix C c according to the following equation Cs bitxor (Cc , G)
(14)
Step 3: Divide the matrix C s into 8 blocks Bi , i 1,,8 . Let c j , j 1,, n is the jth pixel in block Bi and n is total number of byte in Bi . Then substitute each pixel c j of each block
Bi as follows:
w j SBi1 (c j ) , i 1,,8 and j 1,, n . Where w j is the substituted pixel of c j with the inverse S-box SBi1 (Here, SBi1 was the inverse S-box of SBi ). Then obtain matrix C sc . Step 4: Generate a random sequence P0 with length l M M using Eq. (2) and ( 0 , x0 ) pair, where 0 is the control parameter and x0 is the initial condition. Map the obtained sequence into an integer sequence Q0 0.255 as follows:
Q0 u int 8 mod P01017 , 256
(15)
Then obtain the matrix C p using the following equation:
C p bitxor (Csc , Q0 )
(16)
Step 5: Set cmpt cmpt 1 and update the values of x0 , y0 , 0 , 0 and g according to the following equations: 10
M
x0
x0 0.9
M
mod( C (i, j ),1024) i 1 j 1
1024
M
y0
y0 0.9
0 0.95
i 1 j 1
1024
0
i 1 j 1
512
0.95
0.1
(18)
M
mod( C (i, j ) 2 ,512)
M
0
(17)
M
mod( C (i, j ),1024)
M
0
0.1
0.05
(19)
M
mod( C (i, j ) 2 ,512) i 1 j 1
512
M M Cs (i, j ) Csc (i, j ) i 1 j 1 g max Cs
2
0.05
(20)
(21)
Then, set C C p . Step 6: Repeat steps (1) - (5) in a loop until cmpt 8 to get the decrypted image D .
11
Figure 5: Block diagram of the proposed encryption scheme. 12
Figure 6: Block diagram of the proposed decryption process. 13
5. Security and performance analyses This section gives the simulation results of the proposed scheme. A number of experiments were performed based on several gray images (from USC-SIPI Image Database [22] and computer vision test images [23]), which were used as plain images having the sizes (128 128) , (256 256) , (512 512) and (1024 1024) . In the construction of S-boxes, the parameters used by the logistic maps were r0 3.9, f 0 0.1 , r1 3.8, f1 0.2 ,
r2 3.99, f 2 0.15
and r3 3.79, f 3 0.4 . In the proposed encryption approach, five
parameters were used as the keys, these parameters were g , y0 , 0 , x0 and 0 ; g 0 was the parameter of function PRIMES. The keys 0 and y 0 were the control parameter and the initial condition of the logistic map, respectively. On the other hand, x 0 and 0 were the initial condition and the control parameter of the new chaotic map, respectively. The values were taken as 0 3.9999 , y0 0.1322 , x 0 0.1 and 0 7.7415 . The block size was fixed at (m m) (8 8) . All the simulations were implemented using MATLAB in a personal computer of Intel Core i3-3227U 1.9 CPU and 4 GB of RAM. 5.1. Key space analysis Key space size is the total number of different keys that can be used in the encryption process. For a robust encryption scheme, the key space must be large enough to make bruteforce attack infeasible. The key stream of the proposed cryptosystem was composed of two parts: 1-
In the S-boxes construction: The control parameters r0 , r1 , r2 , r3 and the initial conditions f 0 , f1 , f 2 , f 3 of the logistic maps [18] and also the four integer numbers a, b, c, and d used by the Mobius transformation (Eq.4).
2- In encryption scheme: the initial conditions and the control parameters of the chaotic maps; ( 0 , y0 ) for the logistic map (Eq.1) and ( 0 , x0 ) for new chaotic map (Eq.2), respectively. Also, the block size (m m) . Where f 0 , f1 , f 2 , f 3 , x0 and y 0 0,1 ; r0 , r1 , r2 , r3 and 0 3.57,4; 0 3,8 ; m was selected as follows: (M N ) mod(m m) 0 ; a, b, c, and d belong to GF( 2 8 ), with the condition that ad bc 0 . According to the IEEE floating-point standard [24], the computational precision of the 64bit double-precision numbers is 2 52 , the total number of different values r0 which can be used
as
secret
keys
is
more
than 2 52 ,
so
are
the
number
of
r1 , r2 , r3 ,
f 0 , f1 , f 2 , f 3 , 0 , 0 , x0 , and y 0 . Assume that the possible numbers of a, b, c, and d are equal 14
to K , while those of m are equal to W . Therefore, the key space is larger than
K W 252
12
K W 2 624 .
Such a large key space can guarantee enough security against brute-force attacks. Table 4: Key space of the proposed algorithm in comparison to algorithms used in [1,7]. Algorithm
New scheme
Ref.[1]
Ref.[7]
Key space
>2624
>2128
>2312
Table 4 shows the comparison of key space between the proposed algorithm and algorithms in [1,7]. It can be seen that the key space of the proposed algorithm is larger than those of other algorithms.
5.2. Key sensitivity analysis Key sensitivity is an essential feature for any secure algorithm which satisfies the requirement of resisting brute-force attack. The following key sensitivity tests were carried out: 0 was changed from 3.9999 to 0 140 y 0 was changed from 0.1322 to y0 140 0 was changed from 7.7415 to 0 140 The other keys were left unchanged Under the above conditions, we encrypted several gray images with different sizes (128 128) , (256 256) , (512 512) and (1024 1024) . The percentage of different pixels between the encrypted-images with initial keys and the cipher-images under the conditions mentioned above are listed in Table 5. Table 5: Percentage of different pixels between encrypted-images. Image Airplane
Size
Percentage difference
(128 128)
99.6972
(256 256)
99.7246
(512 512)
99.6560
(1024 1024)
99.6637 15
Airport
Barbara
Boat
Cameraman
Chemical Plant
Clock
Couple
Elaine
House
(128 128)
99.7826
(256 256)
99.5941
(512 512)
99.6693
(1024 1024)
99.6578
(128 128)
99.5812
(256 256)
99.6712
(512 512)
99.6831
(1024 1024)
99.6664
(128 128)
99.5873
(256 256)
99.7384
(512 512)
99.6575
(1024 1024)
99.6611
(128 128)
99.6972
(256 256)
99.7033
(512 512)
99.6594
(1024 1024)
99.6627
(128 128)
99.6239
(256 256)
99.7002
(512 512)
99.6800
(1024 1024)
99.6722
(128 128)
99.6544
(256 256)
99.6682
(512 512)
99.6693
(1024 1024)
99.6694
(128 128)
99.7155
(256 256)
99.6575
(512 512)
99.7014
(1024 1024)
99.6730
(128 128)
99.6483
(256 256)
99.6834
(512 512)
99.6846
(1024 1024)
99.6661
(128 128)
99.6728
(256 256)
99.7231 16
Lena
Man
Moon Surface
Peppers
Tank
Test-Pattern
(512 512)
99.6575
(1024 1024)
99.6700
(128 128)
99.6667
(256 256)
99.6453
(512 512)
99.6846
(1024 1024)
99.6577
(128 128)
99.5995
(256 256)
99.6911
(512 512)
99.6396
(1024 1024)
99.6700
(128 128)
99.7216
(256 256)
99.7048
(512 512)
99.6659
(1024 1024)
99.6619
(128 128)
99.6544
(256 256)
99.6728
(512 512)
99.6964
(1024 1024)
99.6657
(128 128)
99.6483
(256 256)
99.6758
(512 512)
99.6789
(1024 1024)
99.6665
(128 128)
99.7033
(256 256)
99.6560
(512 512)
99.6682
(1024 1024)
99.6804
From Table 5, we can see that a tiny difference in the key results in major changes in the corresponding cipher-images. Therefore, the proposed encryption scheme has a high key sensitivity. 5.3. Histogram analysis Histogram analysis is a very important feature which shows the frequency distribution of gray-level values in an image. A secure encryption scheme should generate an image with uniform histogram to improve resistance against statistical analysis. We analyzed the 17
histograms of several plain images and their encrypted images. Figure 7 gives the plain images of ‘Lena’, ‘Cameraman’, ‘Boat’, ‘Airport’, and their histograms, respectively. On the other hand, the encrypted images of ‘Lena’, ‘Cameraman’, ‘Boat’, ‘Airport’, and their histograms are illustrated in Fig. 8, respectively. It can be seen that the histograms of the encrypted images are nearly uniform and are completely distinct from the respective histograms of the plain images. As a result, the proposed algorithm can resist any statistical attack.
Figure 7: Plain images of ‘Lena’, ‘Cameraman’, Boat’, ‘Airport’, and their histograms, respectively (From left to right).
18
Figure 8: Encrypted images of ‘Lena’, ‘Cameraman’, Boat’, ‘Airport’, and their histograms, respectively (From left to right). 5.4. Correlation analysis An ordinary image contains pixels with high neighborhood correlations while in an encrypted image by a good encryption algorithm there is no correlation between any pixel and its adjacent pixels. Thus, a secure encryption scheme should transform a plain image into an encrypted image with low correlation among adjacent pixels. To compute and compare the correlations of neighborhood pixels in the plain and cipher images, we adopted the procedure given below. First, we randomly selected 2000 pairs of adjacent pixels in each direction from the plain image and its encrypted image. Then, the correlation coefficient between each pair was calculated as follows:
M
x
i 1
rxy M
x i 1
i
i
1 M
1 M
M
x j 1
M
x j 1
j
j
2
1 yi M M
y i 1
i
M
y j 1
1 M
j
M
y j 1
j
2
(22)
Where xi and y i form ith pair of horizontally/vertically/diagonally adjacent pixels, M is the total number of pairs of horizontally/vertically/diagonally adjacent pixels. The correlation coefficients in horizontal, vertical and diagonal directions of adjacent pixels for two pairs of the plain images mentioned above and their corresponding encrypted images are shown in Table 6. 19
Table 6: Correlation between pairs of plain and encrypted images. Image
Airplane
Airport
Barbara
Boat
Cameraman
Chemical Plant Clock
Couple
Elaine
House
Lena
Man
Direction
Plain image
Encrypted image Ref.[1]
Ref.[7]
Ref.[8]
Ref.[32]
Horizontal 0.9619
New scheme -0.0002
0.0011
-0.0164
0.0180
0.0045
Vertical
0.9797 image
-0.0090
-0.0035
-0.0181
0.0061
-0.0215
Diagonal 0.9640 Horizontal 0.8153
-0.0066 -0.0275
-0.0029 0.0040
0.0004 -0.0061
-0.0079 0.0094
-0.0015 -0.0142
Vertical
0.8722
-0.0154
-0.0174
-0.0079
-0.0107
-0.0141
Diagonal
0.7386
-0.0187
-0.0135
-0.0001
-0.0007
0.0002
Horizontal 0.9033
-0.0033
-0.0052
-0.0212
-0.0187
0.0037
Vertical
0.9719
-0.0269
-0.0067
-0.0161
-0.0016
-0.0202
Diagonal
0.8630
-0.0121
0.0068
-0.0110
0.0001
0.0046
Horizontal 0.9389
-0.0100
-0.0054
-0.0189
-0.0295
-0.0138
Vertical
0.9425
-0.0124
-0.0009
0.0003
-0.0150
-0.0199
Diagonal
0.9070
-0.0185
0.0026
-0.0204
-0.0224
-0.0057
Horizontal Vertical Diagonal Horizontal Vertical Diagonal Horizontal Vertical Diagonal Horizontal Vertical Diagonal Horizontal Vertical Diagonal Horizontal Vertical Diagonal Horizontal Vertical Diagonal Horizontal
0.9305 0.9619 0.9167 0.9404 0.8913 0.8502 0.9353 0.9621 0.9233 0.9306 0.8925 0.8494 0.9715 0.9789 0.9504 0.8669 0.7929 0.7321 0.9341 0.9726 0.9191 0.9415
-0.0095 -0.0170 -0.0119 -0.0134 -0.0005 -0.0033 0.0024 -0.0246 -0.0081 -0.0251 -0.0213 -0.0078 -0.0232 -0.0420 -0.0030 -0.0095 -0.0259 -0.0094 -0.0048 -0.0112 -0.0045 -0.0155
-0.0211 -0.0103 0.0054 -0.0073 -0.0073 -0.0115 -0.0140 -0.0139 -0.0175 -0.0178 -0.0025 0.0001 -0.0065 -0.0096 -0.0148 -0.0126 -0.0097 -0.0123 -0.0086 -0.0102 -0.0125 -0.0190
0.0063 -0.0142 0.0168 -0.0069 -0.0100 -0.0078 -0.0248 -0.0172 -0.0025 -0.0122 0.0262 -0.0257 -0.0191 -0.0130 -0.0096 0.0023 -0.0187 -0.0225 -0.0066 -0.0089 0.0424 -0.0083
-0.0047 -0.0195 0.0279 -0.0091 -0.0029 -0.0092 -0.0143 0.0097 0.0120 -0.0236 -0.0045 0.0016 -0.0066 -0.0019 0.0007 -0.0339 0.0186 -0.0001 0.0011 0.0098 -0.0227 0.0022
-0.0009 -0.0223 0.0025 0.0072 -0.0015 -0.0040 -0.0123 -0.0041 -0.0027 -0.0106 -0.0047 0.0262 -0.0062 -0.0197 -0.0169 0.0109 -0.0173 -0.0002 -0.0063 -0.0109 -0.0154 -0.0100
20
Moon Surface
Peppers
Tank
Test-Pattern
Average
Vertical Diagonal Horizontal Vertical Diagonal Horizontal Vertical Diagonal Horizontal Vertical Diagonal Horizontal Vertical Diagonal Horizontal Vertical Diagonal
0.9566 0.9072 0.9056 0.9604 0.9104 0.9756 0.9739 0.9575 0.9440 0.8958 0.8650 0.8853 0.9225 0.8354 -
-0.0276 -0.0157 -0.0062 -0.0075 -0.0044 -0.0056 -0.0162 -0.0113 -0.0202 -0.0200 -0.0013 -0.0087 0.0002 -0.0220 -0.0113 -0.0173 -0.0099
-0.0095 -0.0141 -0.0288 -0.0194 -0.0137 -0.0089 -0.0113 0.0045 0.0049 -0.0128 -0.0011 0.0079 0.0015 -0.0134 -0.0086 -0.0090 -0.0067
-0.0180 0.0250 -0.0065 0.0063 0.0135 0.0194 -0.0091 0.0123 -0.0185 -0.0119 -0.0249 -0.0075 0.0284 -0.0250 -0.0091 -0.0064 -0.0024
-0.0226 0.0060 -0.0212 -0.0166 0.0138 0.0071 -0.0065 -0.0165 -0.0383 -0.0362 0.0220 0.0039 0.0022 -0.0064 -0.0099 -0.0057 -0.0001
-0.0027 -0.0195 -0.0063 0.0142 -0.0091 0.0038 -0.0082 0.0078 -0.0159 -0.0114 0.0126 0.0060 -0.0010 0.0312 -0.0038 -0.0103 0.0006
In addition, Fig. 9 shows the correlation of two horizontally, vertically and diagonally adjacent pixels in the plain and encrypted images of ‘Lena’, respectively.
21
(a)
(b)
(d)
(e)
(c)
(f)
Figure 9: The distribution of two adjacent pixels in the plain and encrypted images of “Lena”: Frames (a) and (d) distributions of two horizontally adjacent pixels in the plain and encrypted images of “Lena”, respectively. Frames (b) and (e) distributions of two vertically adjacent pixels in the plain and encrypted images of “Lena”, respectively. Frames (c) and (f) distributions of two diagonally adjacent pixels in the plain and encrypted images of “Lena”, respectively. As can be seen from Table 6, the correlation coefficients of the plain images are close to 1 while those of encrypted images are approximately equal to 0. The average correlations in horizontal, vertical and diagonal directions for the proposed algorithm obtained for all tested images are smaller than those obtained with algorithms studied in [1,7,8,32]. Then, the proposed encryption scheme generates an image with de-correlated adjacent pixels. This indicates that the proposed scheme is secure against statistical attacks.
5.5. Information entropy analysis Information entropy is a statistical measure of disorder. In order to evaluate its randomness, the measure of information entropy of a cipher image is carried out using the following equation:
22
K
E ( X ) p( xi ) log 2 p( xi )
(23)
i 1
Where p( xi ) represents the probability of pixel xi and K is total number of pixels in an image. For a grayscale image there are 2 8 possible values (range of [0,255]), the theoretical entropy value is equal to 8 when the pixels appear with the same probability. Consequently, to confirm the efficiency of the proposed scheme the information entropy of the encrypted image must be close to 8. We computed the information entropy for many encrypted images. The results summarized in Table 7 demonstrate that the entropies of all encrypted images are close to 8. Therefore, it can be concluded that our scheme has an average entropy of 7.9977 which is comparable to that studied in [1] and better than those of the schemes in [7,8,32]. Hence, the proposed encryption scheme is robust against entropy attacks. Table 7: Entropies of encrypted images Image
Entropy New scheme Airport 7.9960 Airplane 7.9974 Barbara 7.9978 Boat 7.9980 Cameraman 7.9985 Chemical Plant 7.9964 Clock 7.9992 Couple 7.9976 Elaine 7.9985 House 7.9981 Lena 7.9963 Man 7.9975 Moon Surface 7.9987 Peppers 7.9985 Tank 7.9969 Test-Pattern 7.9986 Average 7.9977
Ref.[1] 7.9966 7.9965 7.9964 7.9979 7.9966 7.9986 7.9974 7.9987 7.9972 7.9989 7.9991 7.9974 7.9979 7.9973 7.9990 7.9988 7.9978
Ref.[7] 7.9966 7.9926 7.9937 7.9960 7.9955 7.9947 7.9984 7.9951 7.9939 7.9978 7.9951 7.9990 7.9951 7.9965 7.9976 7.9967 7.9959
Ref.[8] 7.9969 7.9954 7.9957 7.9959 7.9964 7.9990 7.9956 7.9980 7.9971 7.9952 7.9965 7.9965 7.9954 7.9958 7.9965 7.9984 7.9965
Ref.[32] 7.9957 7.9966 7.9964 7.9985 7.9990 7.9940 7.9977 7.9956 7.9951 7.9958 7.9964 7.9949 7.9969 7.9971 7.9997 7.9977 7.9967
5.6. Sensitivity analysis There are two measures used to test the influence of changing one pixel in the plain image on the encrypted image, which are Number of Pixel Change Rate (NPCR) and Unified Average Changing Intensity (UACI) [25]. The former is used to measure the number of different pixels between the two images, whereas the latter is used to measure the average intensity 23
difference. Let I1 (i, j ) and I 2 (i, j ) be the (i, j )th pixel of two images I1 and I2, respectively. The NPCR and UACI are defined by Eqs. (24) and (25), respectively.
NPCR
D(i, j) i; j
N
100%
(24)
Where N is the total number of pixels in the image and D(i, j ) is defined as
0 if I1 (i, j ) I 2 (i, j ) D(i, j ) 1 if I1 (i, j ) I 2 (i, j )
UACI
I1 (i, j ) I 2 (i, j ) 1 100% N i, j 2K 1
(25)
Where K is the number of bits used to represent a gray scale pixel value. The expected values of NPCR and UACI for a strong encryption scheme are given by the following equations, respectively: 1 NPCR ( Expected ) 1 L 100% 2
(26)
2 1 k (k 1) 1 UACI ( Expected ) 2 L k 1 L 100% 2 2 1
(27)
L
Where, 2 L is the number of bits used to represent one pixel of an image. For an 8-bit grayscale image, the expected values of NPCR and UACI are 99.6094% and 33.4635%, respectively. We obtained NPCR and UACI for a large number of images by using our proposed algorithm and other algorithms, their testing results are shown in Tables 8 and 9, respectively. In addition, we compared the NPCR and UACI of the proposed scheme and the schemes in [1,7,8,32] in Table 10. We found NPCR to be over 99.6% for all the images, so the encryption scheme is very sensitive to small pixel changes in the plain-image. The UACI, in all the test cases, was better than 33% which indicates that the rate of influence related to single-pixel change in plain image is very high. As can be seen from Table 10, the proposed encryption scheme and the 24
one studied in 8] have better NPCR performance than other algorithms. Moreover, the UACI performance of the proposed algorithm is in agreement with those of algorithms in [1,8,32] and better than the one investigated in[7]. Results show that our algorithm is not vulnerable to the differential attacks. Table 8: The NPCR and UACI of encrypted images by changing their plain images one bit. Image Airport Airplane Barbara Boat Cameraman Chemical Plant Clock Couple Elaine House Lena Man Moon Surface Peppers Tank Test-Pattern Average
NPCR (%) 99.6150 99.6083 99.6092 99.6102 99.6205 99.6121 99.6102 99.6399 99.6143 99.6200 99.6228 99.6070 99.6139 99.6319 99.6290 99.6195 99.6177
UACI (%) 33.5625 33.5359 33.7431 33.5367 33.7786 33.6068 33.5820 33.8085 33.5160 33.4914 33.7041 33.7905 33.6898 33.6923 33.9213 33.7515 33.6694
Table 9: The NPCR and UACI of encrypted images for algorithms in [1,7,8,32]. Image
NPCR (%) Ref.[1] 99.6107 Airport 99.6077 Airplane 99.6162 Barbara 99.6281 Boat 99.6292 Cameraman Chemical Plant 99.6131 99.6218 Clock 99.6292 Couple 99.6107 Elaine 99.6257 House 99.6146 Lena
Ref.[7] 99.5662 99.5565 99.5227 99.5609 99.5749 99.5325 99.5910 99.5606 99.5431 99.5332 99.5511 25
Ref.[8] 99.6180 99.6231 99.6402 99.6209 99.6105 99.6258 99.6126 99.6312 99.6299 99.6182 99.6092
Ref.[32] 99.6201 99.5499 99.5178 99.5743 99.6216 99.6185 99.5728 99.5468 99.5529 99.6078 99.6231
99.6084 99.6168 99.6092 99.6131 99.6177 99.6170 UACI (%) Ref.[1] 33.6632 Airport 33.4143 Airplane 33.5776 Barbara 33.6145 Boat 33.7050 Cameraman Chemical Plant 33.8543 33.4836 Clock 33.6446 Couple 33.6163 Elaine 33.7022 House 33.5561 Lena 33.6744 Man Moon Surface 33.5333 33.6284 Peppers 33.7155 Tank 33.5046 Test-Pattern Man Moon Surface Peppers Tank Test-Pattern Average Image
99.5417 99.5684 99.5808 99.5794 99.5679 99.5582
99.6211 99.6172 99.6236 99.6687 99.6541 99.6265
99.5514 99.6033 99.5728 99.6078 99.6185 99.5850
Ref.[7] 33.3716 33.4063 33.3890 33.4176 33.3691 33.3872 33.4147 33.3723 33.3853 33.3912 33.3461 33.3684 33.3758 33.3540 33.4045 33.3975
Ref.[8] 33.6183 33.5817 33.6714 33.6018 33.6862 33.3825 33.5793 33.7252 33.6232 33.7240 33.6322 33.4720 33.6993 33.7386 33.5224 33.6340
Ref.[32] 33.5961 33.6640 33.5052 33.3975 33.7326 33.5831 33.9272 33.8911 33.7063 33.7656 33.8144 33.6949 33.8063 33.4723 33.7415 33.4487
Table 10: Comparison of NPCR and UACI with other algorithms. Algorithm Proposed algorithm Ref.[1] Ref.[7] Ref.[8] Ref.[32]
NPCR (%) (average) 99.6177 99.6170 99.5582 99.6265 99.5850
UACI (%) (average) 33.6694 33.6180 33.3844 33.6183 33.6717
5.7. Encryption Quality Visual inspection is one of the most important metrics to judge the effectiveness of an encryption algorithm. If an encryption algorithm conceals most of the features of a plaintext image, then the algorithm is considered to be strong. Although, one can examine the effectiveness of an algorithm using visual inspection, in some scenarios this may not give any 26
indication about the hidden loopholes. So various metrics have been proposed in the literature to measure the quality of encryption [26,27]. 5.7.1. Maximum Deviation The quality of an encryption algorithm can be judged by deviation in pixel values between plaintext image and ciphertext image [27,28,29]. If deviation (changes) of pixels is the maximum between original and encrypted images, then the encryption algorithm is the best in the terms of security [29]. Maximum deviation can be calculated as follows [29]: MD
D0 DN 1 N 2 Di , 2 i 1
(28)
where N is the total number of gray values and Di , is the amplitude of difference histogram D (calculated through the difference of histogram between plaintext image and ciphertext image) at index i . Higher value of M D indicates that the ciphertext image is very deviated from the plaintext image. Table 11 shows the results of maximum deviation metric for the proposed algorithm and algorithms in [1,7,8,32]. Comparison of average values of maximum deviation shows that the proposed scheme and schemes in [1,8] have better performance than those of [7,32]. Based on these results, we can conclude that the values of maximum deviations of the suggested algorithm do not reveal any significant information about the quality of encryption. As a result, we can conclude that the maximum deviation metric cannot provide sufficient information about the security of an encryption algorithm. 5.7.2. Irregular Deviation Maximum deviation parameter alone cannot be used for checking the quality of encryption, because in some cases, it may give imprecise results [30]. Another parameter known as irregular deviation can also be used to check the quality of a ciphertext image. The irregular deviation measures how the statistical distribution of deviation between plaintext and ciphertext images is close to the uniform statistical distribution [30]. The irregular deviation can be defined as [30]: N 1
I D H Di ,
(29)
i 0
Where, H Di hi AH , hi is the amplitude of histogram at index i , which can be computed after taking the absolute difference of plaintext and ciphertext images and AH is the average sum of histogram values. When the value of I D is low, it indicates that the pixels distribution is uniform and hence the quality of encrypted image is high. The values of irregular deviation for the proposed algorithm and other algorithms are shown in Table 12. It is clear from this table that the obtained results for the proposed algorithm are in an acceptable range and are comparable with those of other algorithms. Consequently, the lower irregular deviation values reflect the strength of the proposed algorithm. 5.7.3. Deviation from Uniform Histogram For an ideal encryption algorithm, the ciphertext image ( C i ) must have uniform histogram distribution. It means that the probability of each pixel in ciphertext image must be 27
completely uniform. Mathematically, an ideal histogram for a ciphertext image can be calculated as [31]: M N , 0 Ci 255 (30) H Ci 256 elsewhere 0, Using the above concept, Elashry et al. proposed a new metric [31] (deviation from uniform histogram) for measuring the quality of encrypted images. The deviation from uniform histogram can be written as [31]: 255
DH
| H
Ci 0
Ci
HC |
M N
(31)
,
where H Ci is the ideal histogram value at index i , H C is the actual histogram of ciphertext image and M N is the size of ciphertext image. A lower value of DH represents a better encryption quality. The results of deviation from uniform histogram are depicted in Table 13. As can be seen from this table, the proposed scheme and those studied in [1,8] have approximately lower values of deviation from uniform histogram than those of algorithms in [7,32]. Thus, it is clear that the results are in favor of the proposed technique as the values of DH are less deviated from the uniform histogram. Table 11: Maximum Deviation of the proposed scheme compared to previous schemes. Image
Maximum Deviation New scheme Ref.[1] 26232 28208 Airport 21148 21148 Airplane 18148 18155 Barbara 25442 25716 Boat 18007 17148 Cameraman 18535 Chemical Plant 18835 24823 23569 Clock 17674 17074 Couple 17428 17403 Elaine 17984 17142 House 21339 21786 Lena 21604 19755 Man 17015 Moon Surface 16747 22935 24254 Peppers 17586 17690 Tank 15805 14787 Test-Pattern 19962 Average 20109 28
Ref.[7] 25717 22052 19384 25193 16803 17711 23826 16880 17071 17571 19931 21396 16286 22966 16401 16312 19719
Ref.[8] 27206 21778 17944 25367 16674 17956 25642 17142 18286 17138 20811 20962 16909 22648 18212 16481 20072
Ref.[32] 28204 21279 19394 23445 17240 18583 23005 16966 17494 17707 20902 20690 16898 23173 17478 14877 19833
Table 12: Irregular Deviation of the proposed scheme in comparison to previous schemes. Image
Irregular Deviation New scheme Ref.[1] 17106 16780 Airport 40306 40434 Airplane 42708 42674 Barbara 36226 36098 Boat 39244 38900 Cameraman 45096 Chemical Plant 44762 27442 27210 Clock 50470 50406 Couple 45674 46126 Elaine 43016 42996 House 40480 40904 Lena 37158 36996 Man 54604 Moon Surface 54198 35088 35242 Peppers 57294 57284 Tank 40654 40270 Test-Pattern 40739 40751 Average
Ref.[7] 16586 40358 43014 36220 39414 45438 27230 50578 45854 42938 40768 36882 54696 34706 57482 40250 40776
Ref.[8] 17008 40294 42556 36124 39380 45258 27264 50294 45964 42714 40820 36956 54530 34824 57218 40270 40717
Ref.[32] 17700 41060 42840 36092 38604 45170 27728 50194 45590 43114 40634 37092 54434 34350 57044 40590 40765
Table 13: Deviation from Uniform Histogram of the proposed scheme in comparison to previous schemes. Image
Deviation from Uniform Histogram New scheme Ref.[1] Ref.[7] Ref.[8] 0.0927 0.0943 0.1071 0.0934 Airport 0.0983 0.0969 0.0995 0.0943 Airplane 0.0976 0.0967 0.1012 0.0928 Barbara 0.0958 0.0902 0.0995 0.0985 Boat 0.0942 0.0941 0.1065 0.0920 Cameraman 0.0948 0.1029 0.0943 Chemical Plant 0.0951 0.0949 0.0930 0.0995 0.0984 Clock 0.0996 0.0972 0.0992 0.0938 Couple 0.0941 0.0938 0.1066 0.0975 Elaine 0.0882 0.0951 0.1141 0.0994 House 0.0994 0.0974 0.1001 0.0934 Lena 0.0874 0.0944 0.0948 0.0974 Man 29
Ref.[32] 0.0958 0.0951 0.0975 0.0951 0.0955 0.0965 0.0966 0.0981 0.0988 0.0963 0.0962 0.0980
Moon Surface Peppers Tank Test-Pattern Average
0.0935 0.0917 0.0914 0.0905 0.0940
0.0956 0.0938 0.0912 0.0917 0.0944
0.1007 0.0979 0.0990 0.1027 0.1020
0.0984 0.0977 0.0922 0.0958 0.0956
0.0936 0.0946 0.0930 0.2699 0.1069
5.8. Contrast analysis The contrast of an image can be defined as the difference of brightness between light and dark parts in an image. Indeed, the contrast shows the light distribution in an image. Visually, the contrast is interpreted as the spreading of the image brightness histogram. In this sense, we analyzed the contrast for the proposed algorithm and those of related works. The contrast is given by Eq. (32):
C i j p(i, j ) 2
(32)
i, j
Where, p(i, j ) is the number of gray-level co-occurrence matrices. The experimental results for some encrypted images with the proposed scheme and those of other algorithms are reported in Table 14. Based on these results, we can conclude that all encrypted images under the proposed method have high contrast, which confirms the effectiveness of the proposed algorithm to produce high randomness in encrypted image. Moreover, the comparison with other algorithms shows that the proposed scheme has a slightly better performance of contrast, while schemes presented in [1,8] have nearly similar values of contrast. Table 14: Contrast of the proposed scheme compared to previous schemes. Image
Contrast New scheme 8.5696 Airport 8.5294 Airplane 8.5094 Barbara 8.6248 Boat 8.7474 Cameraman Chemical Plant 8.6470 8.5704 Clock 8.6674 Couple 8.6160 Elaine
Ref.[1] 8.6029 8.5493 8.5222 8.5646 8.6447 8.6067 8.6028 8.6619 8.5609 30
Ref.[7] 8.6077 8.6112 8.6063 8.5670 8.6053 8.6712 8.4440 8.5425 8.5974
Ref.[8] 8.6316 8.6728 8.5970 8.6824 8.6459 8.5726 8.6303 8.6126 8.5573
Ref.[32] 8.4450 8.5848 8.5867 8.6146 8.4327 8.6464 8.6432 8.5592 8.5934
House Lena Man Moon Surface Peppers Tank Test-Pattern Average
8.5118 8.6453 8.6937 8.5984 8.5998 8.7132 8.6769 8.6200
8.7217 8.5925 8.6831 8.6021 8.5833 8.6195 8.6131 8.6082
8.6264 8.6128 8.5883 8.5343 8.6597 8.5889 8.6577 8.5950
8.6147 8.6312 8.6527 8.6070 8.5512 8.6251 8.5729 8.6161
8.5489 8.6174 8.5654 8.5549 8.5710 8.6273 8.5266 8.5698
5.9. Execution time and computation complexity The execution time of an image encryption scheme depends on many factors as CPU structure, memory size, operating system, the programming language, compiler options, programming skill and code optimization. Thus, it is pointless and uncommon to make an explicit comparison for two or more encryption schemes without using the same environment. Notwithstanding, we have undertaken an analysis for the explicit comparison between the proposed encryption scheme and competitive schemes. We used the same environment (Computer of Core i3-3227U 1.9 CPU with 4 GB RAM running on Windows 7 and MATLAB 7.9) for measuring the speed of the image cipher for all the schemes. We implemented MATLAB codes for the proposed encryption scheme and other schemes in order to give approximate encryption speeds. For accuracy, each set of the timing tests was executed several times for a considerable number of times and then we reported the obtained average. Table 15 gives the speed performance of the proposed algorithm and other algorithms for different sizes of images. As can be seen in Table 15, the proposed scheme has an acceptable speed. Table 15: Comparison of encryption speeds (ms) for proposed algorithm and other algorithms. Scheme
Image size (128 128)
(256 256)
(512 512)
(1024 1024)
New scheme
52
95
497
2513
Ref.[1]
45
79
343
2021
Ref.[7]
76
122
543
2784
Ref.[8]
38
71
313
1947
Ref.[32]
71
109
526
2682
31
Moreover, we calculated the computation complexity of the proposed algorithm. In fact, it consist in measuring the size of an instance (the number of operations and steps required to accomplish the encryption/decryption process)- neglecting some details such as the operating system, the programming language, the hardware the algorithm runs on, and programming skill [33, 34]. The proposed scheme needs O(M N ) (where M N is the number of pixels) iterations to complete the whole encryption process, which is efficient for real time applications.
6. Application for color images We applied the proposed encryption scheme for color images. Some analyses were performed and a comparison with two related works was carried out. The 256 × 256 true color JPEG images of ‘Lena’ and ‘Peppers’ (Figs.10(a),(b)) were used as plain-images. During the encryption process, we adopted the same secret key used in Section 5. The plain images of ‘Lena’ and ‘Peppers’, and their encrypted images with the proposed algorithm are shown in Figs.10(a),(b) and Figs.10(c),(d), respectively. Figs.11(a)-(c) andFigs.12(a)-(c) show the histograms of plain image’s R, G, B channels and encrypted image’s R, G, B channels of ‘Lena’, respectively. It is seen from Figs.12(a)-(c) that the histogram of encrypted image has uniform behavior, which confirms that the proposed algorithm is strong against statistical attack. Moreover, Figs.13(a)-(f) contain the plots of the correlation distributions in horizontal, vertical and diagonal directions in the plain and encrypted images of ‘Lena’ for R component, respectively. The correlation coefficients for two adjacent pixels (in all directions) in R, G, B components of plain images and encrypted images are listed in Tables 16 and 17, respectively. It is clear that in plain images the correlation coefficients are high, whereas in the encrypted images the neighboring pixels satisfy zero correlation. Furthermore, comparison with schemes in [1,8] shows that the proposed encryption method has advantages in terms of correlation in horizontal and diagonal directions. As can see from Table 18, the entropies of R, G, B components of each encrypted image are very close to 8 and are slightly higher than those of other algorithms. NPCR and UACI performances of R, G, B components of each encrypted image are listed in Table 19. It can be deduced from this table that the proposed encryption algorithm and that in [8] have slightly better performances of NPCR and UACI as compared with that in [1]. Therefore, the proposed algorithm is suitable for color images and can be selected as a candidate for a good color image encryption.
32
(a)
(b)
(c)
(d)
Figure 10: Plain images and their encrypted images: Frames (a) and (b) Plain images of ‘Lena’ and ‘Peppers’, respectively. Frames (c) and (d) Encrypted images of ‘Lena’ and ‘Peppers’, respectively.
(a) Red
(b) Green
(c) Blue
Figure 11: Histograms of the original image of ‘Lena’ (a) Red, (b) Green and (c) Blue.
33
(a) Red
(b) Green
(c) Blue
Figure 12: Histograms of the encrypted image of ‘Lena’ (a) Red, (b) Green and (c) Blue.
(a)
(d)
(b)
(c)
(e)
(f)
Figure 13: The distribution of two adjacent pixels in the plain image of “Peppers” in the red component and its encrypted image: Frames (a) and (d) distributions of two horizontally adjacent pixels in the plain image of “Peppers” in the red component and its encrypted image, respectively. Frames (b) and (e) distributions of two vertically adjacent pixels in the plain 34
image of “Peppers” in the red component and its encrypted image, respectively. Frames (c) and (f) distributions of two diagonally adjacent pixels in the plain image of “Peppers” in the red component and its encrypted image, respectively. Table 16: Correlation coefficients of two adjacent pixels in plain-images. Image
Horizontal R
Lena
Vertical
G
B
R
Diagonal G
B
R
G
B
0.9278 0.9316 0.8867 0.9635 0.9648 0.9280 0.8993 0.9075 0.8449
Peppers 0.9929 0.9903 0.9916 0.9877 0.9889 0.9821 0.9789 0.9805 0.9711
Table 17: Correlation coefficients of two adjacent pixels in encrypted-images. Image
New scheme Horizontal R
G
Vertical B
R
Diagonal G
B
R
G
B
Lena
-0.0362 -0.0089 -0.0105 -0.0141 -0.0134 -0.0486 -0.0464 -0.0189 -0.0501
Peppers
-0.0413 -0.0107 -0.0142 -0.0043 -0.0022 -0.0092 -0.0002 -0.0082 -0.0164
Average -0.0388 -0.0098 -0.0124 -0.0092 -0.0078 -0.0289 -0.0233 -0.0136 -0.0333 Image
Ref.[1] Horizontal R
G
Vertical B
R
Diagonal G
B
R
G
Lena
-0.0153 -0.0276 -0.0242 -0.0082 -0.0167 -0.0109 -0.0016 0.0058
Peppers
-0.0099 0.0017
B -0.0179
-0.0089 -0.0018 -0.0101 -0.0141 -0.0008 -0.0383 -0.0015
Average -0.0126 -0.0130 -0.0165 -0.0050 -0.0134 -0.0125 -0.0012 -0.0163 -0.0097 Image
Ref.[8] Horizontal R
Lena
G
Vertical B
R
Diagonal G
B
R
G
B
-0.0112 -0.0042 -0.0085 -0.0045 -0.0230 -0.0355 -0.0084 -0.0280 -0.0009 35
Peppers
-0.0069 -0.0258 -0.0205 -0.0210 -0.0034 0.0022
-0.0009 -0.0047 -0.0078
Average -0.0090 -0.0150 -0.0145 -0.0128 -0.0132 -0.0166 -0.0046 -0.0164 -0.0043
Table 18: Entropy results for encrypted images. Image
Entropy New scheme R
Ref.[1]
G
B
R
Ref.[8] G
B
R
G
B
Lena
7.9988 7.9967 7.9990 7.9971 7.9966 7.9972 7.9968 7.9975 7.9983
Peppers
7.9980 7.9971 7.9985 7.9988 7.9968 7.9975 7.9972 7.9977 7.9987
Average 7.9984 7.9969 7.9987 7.9979 7.9967 7.9974 7.9970 7.9976 7.9985
Table 19: The NPCR and UACI of encrypted images by changing their plain images a single bit. Image
NPCR New scheme R
G
Ref.[1] B
Ref.[8]
R
G
B
R
G
B
Lena
99.6143 99.6216 99.6250 99.6162 99.6089 99.6162 99.6173 99.6233 99.6186
Peppers
99.6190 99.6182 99.6222 99.6177 99.6223 99.6192 99.6182 99.6177 99.6272
Average 99.6166 99.6199 99.6236 99.6170 99.6156 99.6177 99.6178 99.6205 99.6229
Image
UACI New scheme R
Lena
G
Ref.[1] B
Ref.[8]
R
G
B
R
G
B
33.6532 33.5700 33.7022 33.4966 33.5645 33.6164 33.7075 33.6728 33.5293
36
Peppers
33.6126 33.6480 33.6130 33.6129 33.5859 33.6387 33.6813 33.5364 33.6506
Average 33.6329 33.6090 33.6576 33.5547 33.5752 33.6275 33.6944 33.6046 33.5900
7.
Conclusion
This paper presented a new image encryption approach based on substitution-permutation (SP) network structure and chaotic systems. The proposed approach used two chaotic systems combined with strong S-boxes to achieve better confusion and diffusion. A variety of simulation tests and analyses were carried out to prove the security and the performance of the proposed encryption scheme including statistical, differential, quality, contrast and speed analyses. All the results show that the proposed encryption approach has superior performance than those used in the literature. Future work will deal with selective encryption schemes. Acknowledgments The authors would like to thank Dr. M. Cagnazzo and the anonymous reviewers for their constructive and valuable comments to improve the quality of this work. This work is supported by Ministry of Higher Education and Scientific Research (Egypt-Tunisia Cooperation Program: 4-13 A1).
References 1. X. Wang, L. Teng, X. Qin, A novel colour image encryption algorithm based on chaos, Signal Process. 92 (4) (2012) 1101-1108. 2. H. Liu, X. Wang, Color image encryption using spatial bit-level permutation and highdimension chaotic system, Opt. Commun. 284 (16-17) (2011) 3895–3903. 3. H. Liu,X. Wang, A. Kadir, Color image encryption using Choquet fuzzy integral and hyper chaotic system, Optik - International Journal for Light and Electron Optics. 124 (2013) 3527-3533. 4. Y. Zhou, L. Bao, C.L.Philip Chen, A new 1D chaotic system for image encryption, Signal Process. 97 (2014) 172–182.
37
5. H. Liu, A. Kadir, Y. Niu, Chaos-based color image block encryption scheme using Sbox, AEU - Int. J. Electron. Commun. 68 (7) (2014) 676-686. 6. P. Ping, F. Xu, Z.J. Wang, Image encryption based on non-affine and balanced cellular automata, Signal Process. 105 (2014) 419-429. 7. X. Wang, L. Liu, Y. Zhang, A novel chaotic block image encryption algorithm based on dynamic random growth technique, Opt. Lasers Eng. 66 (2015) 10-18. 8. Z. Hua, Y. Zhou, C.M. Pun, C.L. Philip Chen, 2D Sine Logistic modulation map for image encryption, Inf. Sci. 297 (2015) 80-94. 9. H. Liu, X. Wang, Color image encryption based on one-time keys and robust chaotic maps, Computers and Mathematics with Applications. 59 (10) (2010) 3320–3327. 10. M.A. Murillo-Escobar, C. Cruz-Hernández, F. Abundiz-Pérez, R.M. López-Gutiérrez, O.R. Acosta Del Campo, A RGB image encryption algorithm based on total plain image characteristics and chaos, Signal Process. 109 (2015) 119-131. 11. J.X. Chen, Z.L. Zhu, C. Fu, H. Yu, Y. Zhang, Reusing the permutation matrix dynamically for efficient image cryptographic algorithm, Signal Process. 111 (2015) 294-307. 12. C. Li, Y. Liu, L. Yu Zhang, K.W. Wong, Cryptanalyzing a class of image encryption schemes based on Chinese remainder theorem, Signal Processing: Image Communication. 29 (8) (2014) 914-920. 13. Y. Zhang, Comments on "Color image encryption using Choquet fuzzy integral and hyper chaotic system", Optik - International Journal for Light and Electron Optics. 12 (19) (2014) 5560-5565. 14. A. Jolfaei, X.W. Wu, V. Muthukkumarasamy, Comments on the security of “Diffusion–substitution based gray image encryption” scheme, Digital Signal Processing. 32 (2014) 34-36. 15. F. G. Jeng, W.L. Huang, T.H. Chen, Cryptanalysis and improvement of two hyperchaos-based image encryption schemes, Signal Processing: Image Communication. 34 (2015) 45-51. 16. A. Belazi, H. Hermassi, R. Rhouma, S. Belghith, Algebraic analysis of a RGB image encryption algorithm based on DNA encoding and chaotic map, Nonlinear Dyn. 76 (4) (2014) 1989-2004. 38
17. C. Li, Cracking a hierarchical chaotic image encryption algorithm based on permutation, Signal Process. 118 (2016) 203-210. 18. I. Hussain, T. Shah, M.A. Gondal,H. Mahmood, An efficient approach for the construction of LFT S-boxes using chaotic logistic map, Nonlinear Dyn. 71 (1) (2013) 133–140. 19. L. Acho, A discrete-time chaotic oscillator based on the logistic map: A secure communication scheme and a simple experiment using Arduino, Journal of the Franklin Institute. 352 (8) (2015) 3113–3121. 20. Y.Q. Zhang, X.Y. Wang, Spatiotemporal chaos in mixed linear–nonlinear coupled logistic map lattice, Physica A: Statistical Mechanics and its Applications. 402 (2014) 104 - 118. 21.
M. Zhang, X. Tong, A new chaotic map based image encryption schemes for several image formats, J. Syst. Softw. 98 (2014) 140–154.
22. http://sipi.usc.edu/database/ 23. http://www.cs.cmu.edu/~cil/v-images.html 24. IEEE Task P754, IEEE 754–2008, Standard for Floating-Point Arithmetic, 2008. 25. M. Amin, A. A. Abd El-Latif, Efficient Modified RC5 Based on Chaos Adapted to Image Encryption, Journal of Electronic Imaging. 19 (1) (2010). 26. N. El-Fishawy, O. M. Abu Zaid, Quality of encryption measurement of bitmap images with RC6, MRC6, and Rijndael block cipher algorithms, International journal of network security. 5 (2007) 241-251. 27. A.A. Abd El-Latif, L. Li, T. Zhang, N. Wang, X. Song, X. Niu, Digital Image Encryption Based on Multiple Chaotic Systems, Sensing and Imaging. An International Journal. 13 (2) (2012) 67-88. 28. S. Lian.: Multimedia content encryption: techniques and applications. Auerbach Publications, (2008). 29. M. Usamaa, M. Khurram Khana, K. Alghathbara, C. Lee, Chaos-based secure satellite imagery cryptosystem, Computers and Mathematics with Applications. 60 (2010) 326–337.
39
30. H. M. Elkamchouchi, M. A. Mskar.: Measuring encryption quality for bitmap images encrypted with Rijndael and KAMKAR block ciphers, Twenty second national radio science conference (NRSC), Cairo Egypt (2005). 31. I. F. Elashry, O. S. Faragallah, A. M. Abbas, S. El-Rabaie, F. E. Abd El-Samie, A new method for encrypting images with few details using Rijndael and RC6 block ciphers in the electronic code book mode, Information security journal: A global perspective. 21 (2012) 193–205. 32. X.Y. Wang, L. Yang, R. Liu, A. Kadir, A chaotic image encryption algorithm based on perceptron model, Nonlinear Dyn. 62 (3) (2010) 615–621. 33. Y.Q. Zhang, X.Y. Wang , A new image encryption algorithm based on non-adjacent coupled map lattices , Appl. Soft Comput. 26 (2015) 10 -20. 34. Y.Q. Zhang, X.Y. Wang , A symmetric image encryption algorithm based on mixed linear–nonlinear coupled map lattice, Inf. Sci. 273 (2014) 329–351.
Highlights
We propose a new image encryption approach based on substitutionpermutation network and chaotic systems. Qualitative and quantitative analysis verify the effectiveness of the proposed encryption scheme. The encryption scheme shows superior performance than previous schemes.
40
PII: DOI: Reference:
S0165-1684(16)30014-7 http://dx.doi.org/10.1016/j.sigpro.2016.03.021 SIGPRO6099
To appear in: Signal Processing Received date: 29 July 2015 Revised date: 26 March 2016 Accepted date: 29 March 2016 Cite this article as: Akram Belazi, Ahmed A. Abd El-Latif and Safya Belghith, A novel image encryption scheme based on substitution-permutation network and chaos, Signal Processing, http://dx.doi.org/10.1016/j.sigpro.2016.03.021 This is a PDF file of an unedited manuscript that has been accepted for publication. As a service to our customers we are providing this early version of the manuscript. The manuscript will undergo copyediting, typesetting, and review of the resulting galley proof before it is published in its final citable form. Please note that during the production process errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain.
A novel image encryption scheme based on substitution-permutation network and chaos Akram Belazi a, Ahmed A. Abd El-Latif b, Safya Belghith a a
b
National Engineering School of Tunis, Tunisia
Mathematics Department, Computer Science Laboratory, Faculty of Science, Menoufia University, Shebin ElKoom, 32511, Egypt
Abstract: In this paper, a novel image encryption approach based on permutation-substitution (SP) network and chaotic systems is proposed. It consists of four cryptographic phases : diffusion, substitution, diffusion and permutation. Firstly, a diffusion phase is proposed based on new chaotic map. Then, a substitution phase based on strong S-boxes followed by a diffusion phase based on chaotic logistic map are presented which will, in turn, significantly increase the encryption performance. Finally, a block permutation phase is accomplished by a permutation function to enhance the statistical performance of the proposed encryption approach. Conducted experiments based on various types of differential and statistical analyses show that the proposed encryption approach has high security, sensitivity and speed compared to previous approaches
Key words: systems.
Image encryption, S-box, permutation-substitution (SP) network, Chaotic
1. Introduction 1.1 Background The close relationship between chaotic dynamical systems and cryptosystems has opened the door for several chaos-based cryptosystem schemes, especially image encryption. Indeed, chaotic system exhibits random behavior and has a lot of inherent features, such as unpredictability, ergodicity, and sensitivity to their parameter (s) and initial value (s), which make them a good candidate to design secure cryptosystems. The behavior of the system is predictable if the initial conditions are available to the observer, whereas, in the absence of this knowledge, the system appears to be random. The random behavior can be used to induce confusion and diffusion in the plain image, thus enabling the data owner to safely transmit over insecure communication channel.
1
1.2 Review of the previous chaos-based encryption schemes The literature is rich of chaos-based image encryption designs. In what follows, we review some of those relevant to the present work. Wang et al. proposed an image encryption for color images based on chaotic system [1]. Liu and Wang [2] proposed an encryption scheme for color images using spatial bit-level permutation and a high-dimension chaotic system. In [3] Liu et al. proposed an image encryption using Choquet fuzzy integral and hyper chaotic system for color images. Zhou et al. [4] proposed 1D chaotic map by coupling the tent and the sine maps, which is then adapted to encipher the plain image. In [5] Liu et al., proposed a chaos-based color image block encryption scheme using S-box. Ping et al. proposed an image encryption based on non-affine and balanced cellular automata [6]. Wang et al. [7] proposed a chaotic block image encryption algorithm based on dynamic random growth technique. An image encryption scheme based on 2D sine logistic modulation map was proposed by Hua et al [8]. Liu and Wang [9] proposed a stream cipher scheme for color images based on one-time keys and piecewise linear chaotic map. Murillo-Escobar et al. proposed an image encryption scheme for color images in RGB format based on total plain image characteristics and chaos [10]. Chen et al. [11] proposed an encryption scheme with dynamic diffusion key stream obtained from the permutation matrix. 1.3 Limitations of encryption schemes On the other hand, the cryptanalysts play a vital role in the cryptanalysis of encryption schemes and study the performance analysis [12-17]. Qualitatively speaking, the security of most designed chaos-based schemes is groundless and most of them are slow. This is due to the small key space, the considerable iteration steps to comply the encryption process (the tradeoff between security and the overall performance) and the inappropriate key streams generation for the internal structure of encryption/decryption, which helps the cryptanalysts to break the schemes. The need for new encryption schemes taking into account the performance analysis of previous approaches by the cryptanalysts is essential in image encryption applications. 1.4 Contribution and organization of this work In this paper, we propose a new image encryption approach for secure digital images. It is composed of four cryptographic phases and uses two chaotic systems to control the structure of the encryption scheme so that it achieves high encryption performance. Firstly, a diffusion phase based on bitwise XOR operation and a new chaotic map is proposed. Then, a substitution phase based on strong S-boxes, proposed in [18], followed by a diffusion phase based on chaotic logistic map are introduced to enhance the encryption performance. Finally, a block permutation phase is accomplished by a permutation function, MAP function, to reinforce the statistical performance of the proposed encryption approach. Conducted experiments based on differential and statistical analyses show that the proposed cryptosystem approach is efficient and has good cryptographic properties. The superior results 2
of numerical analysis demonstrate that the proposed encryption scheme outperforms current image encryption schemes in terms of encryption performance. The remainder of this paper is organized as follows: Section 2 gives, as a preliminary work, an overview of the chaotic maps used in the proposed cryptosystem scheme. In Section 3, we present the S-box used in this paper. Section 4 presents, as comprehensively as possible, the design of the cryptosystem approach. The experimental results and security analyses are reported in Section 5. The application of the proposed scheme for color images is presented in Section 6. Finally, Section 7 concludes the paper. 2. Chaotic maps 2.1.
The logistic map
The logistic map is a well-known 1D nonlinear chaotic map and is defined as: y n1 y n 1 yn
(1)
Where 0,4 is the control parameter and y0 0,1 is the initial condition. The logistic map shows good behavior and is frequently used in many applications [19, 20]. The dynamics of the logistic map is validated using Hopf bifurcation diagrams (Fig.1) It is observed that the logistic map is chaotic for 3.57,4 and slight variations of the initial value produce major difference in the random generated values which are a non-periodic and non-converging sequence.
Figure 1: Bifurcation diagram of the logistic map. 2.2. The new chaotic map [21] The new chaotic map is defined as follows 3
xn1 xn4 xn2 1
(2)
Where 3,8 is the control parameter and x0 0,1 is the initial value. The hopf bifurcation diagram is shown in Fig. 2. The proof of chaos for the designed map can be found in [21].
Figure 2: Bifurcation diagram of the new chaotic map.
2.3. Comparison between logistic map and the new map In this section, we compare the dynamics analysis of the logistic map and the new chaotic map in terms of Lyapunov exponent and entropy. 2.3.1. Lyapunov exponent The Lyapunov exponent or Lyapunov characteristic exponent of a dynamical system is a quantity that characterizes the rate of divergence of nearby trajectories. It is used to prove the chaotic behavior of chaotic maps. The Lyapunov exponent is calculated by the following equation:
1 lim N N
N
log n 1
dxn1 dxn
(3)
The computation of Lyapunov exponent between the new map and the logistic map is shown in Tables 1 and 2. In addition, Fig. 3 shows the Lyapunov exponent of the logistic map and new chaotic map. Based on Tables 1 and 2, it is observed that the Lyapunov exponent of the new chaotic map is larger than famous logistic chaotic map. 4
(a) Lyapunov exponent of the logistic map
(b) Lyapunov exponent of the new chaotic map
Figure 3: Lyapunov exponent.
Table 1: Lyapunov exponent values for logistic map for different pairs of initial conditions (IC) and control parameters (CP). Pair (IC,PC)
Lyapunov exponent value
(0.3,4)
0.693141
(0.4,4)
0.693159
(0.6,4)
0.693159
(0.7,4)
0.69313
(0.3,3.99998)
0.690930
(0.7,3.99997)
0.690193
2.3.2. Approximate entropy analysis To quantify the complexity of the new map, we measured the approximate entropy. The calculation details of the approximate entropy are found in [21]. Table 3 shows the entropies of the new chaotic map and the logistic map, respectively. In addition, Fig. 4 shows the comparison of entropy between logistic map and new chaotic map. We can see that the new chaotic map outperforms the well-known chaotic logistic map.
5
Table 2: Lyapunov exponent values for new chaotic map for different pairs of initial conditions (IC) and control parameters (CP). Pair (IC,PC)
Lyapunov exponent value
(0.3,8)
1.38632
(0.4,7.6)
1.09744
(0.6,6.258)
0.996836
(0.5,6)
0.968348
(0.4,7.99)
1.35219
(0.6,7.999998)
1.38581
Table 3: Approximate entropy. Chaotic map
Logistic map
New chaotic map
Approximate entropy
1.09585
2.56042
(a) Entropy of the logistic map
(b) Entropy of the new chaotic map
Figure 4: Entropy analysis.
3.
Chaotic linear fractional transformation (LFT) S-boxes
In [18], Hussain et al. proposed an S-box method based on LFT in combination with chaotic logistic map and its derived maps. The chaotic maps are used to generate four random values which are assigned to the parameters a, b, c and d to be used by linear fractional transformation. This is applied to calculate the values of the elements of the S-boxes. 6
LFT-based S-boxes are constructed by the action of PGL(2, GF (28 )) on finite field of order 28 . The algebraic structure of LFT-based S-boxes depends on the linear fractional transformations f ( x) ax b where a, b, c , d GF (28 ) and ad bc 0 . With this cx d method, one can construct millions of secure S-boxes, particularly those corresponding to affine transformation satisfying the security analysis with optimal value. The LFT S-boxes are constructed as follows : f : PGL(2, GF (28 )) GF (28 ) GF (28 ), ax b f ( x) cx d
(4)
The process starts with the action of Galois field on the projective general linear group. The function f (x) depends on the values of a, b, c and d GF (28 ) , corresponding to every different combination of a, b, c and d from GF (28 ) one can construct a new 8×8 S-box. 4. The proposed encryption scheme Here, we propose a novel image encryption scheme based on the substitution-permutation structure and chaotic systems. 4.1. The MAP function The MAP function is denoted by MAP(n,p) where n is an integer number and p is a prime number. This function allows the generation of a chaotic sequence from 0,1,, n 2 range.
The MAP function is defined as follows: T=1:n×n; T1=reshape(T,n,n); for i=1: n for j=1: n TT(i,j)=mod((p×T1(i,j)),(n×n))+1; end end 4.2.
The PRIMES function
The PRIMES function is defined as: p=PRIMES(g) that returns a row vector containing all the prime numbers less than or equal to g. The data type of p is the same as that of g.
7
4.3.
Encryption process
The complete encryption process is given by the following steps (Fig. 5): Step 1: Input 8-bit gray image P(M , M ) , where M is the number of rows and also the number of columns in image P . Step 2: Generate a random sequence I 0 with length l M M using Eq. (2) and ( 0 , x0 ) pair, where 0 is the control parameter and x0 is the initial condition. Map the obtained sequence into an integer sequence J 0 0.255 as follows:
J 0 u int 8 mod I 01017 , 256
(5)
Then, apply the mask J 0 on the plain image P according to the following equation:
Psc bitxor ( P, J 0 )
(6)
Step 3: Generate 8 (8 8) S-boxes SBi , i 1,,8 according to the method described in Section 3. After that, divide the scrambled image Psc into 8 blocks Bi , i 1,,8 . Let
p , j 1,, n is the jth pixel in block B j
i
and n is total number of byte in Bi . Then substitute
each pixel p j of each block Bi as follows: s j SBi ( p j ) , i 1,,8 and j 1,, n
Where s j is the substituted pixel of p j with the S-box SBi . Then obtain the substituted image Ps . Step 4: Iterate Eq. (1) for l M M times to generate a random sequence F with the initial condition y 0 and the control parameter 0 . Then transform the obtained sequence into an integer sequence G 0.255 as follows:
G mod F 1014 ,256
(7)
Next, apply the mask G on substituted image Ps according to the following equation: Pc bitxor ( Ps , G)
(8)
Step 5: Decompose the matrix Pc to blocks of size (m, m) . The number of blocks is
thus
M M M M . Therefore, get the matrix Pd formed by these blocks with size , . mm m m 8
Therefore, permute Pd by sequence S and obtain the permuted matrix Pp . The sequences S is generated by the function MAP(
M ,p), m
where p is a prime number generated as follows:
2 Where L is the length of sequence Q which is obtained by iterating the function
pQ L
M M Ps (i, j ) Psc (i, j ) i 1 j 1 PRIMES with parameter g max Ps
2
z and z are the lower and the upper integer parts of z . Step 6: Set cmpt cmpt 1 and P Pp . If cmpt 8 update the values of y0 , 0 , x0 and
0 according to the following equations: M
y 0 0.9 y 0
M
mod( Pp (i, j ),1024) i 1 j 1
1024 M
0 0.95 0
i 1 j 1
512
0 0.95 0
0.05
(10)
M
mod( Pp (i, j ),1024) i 1 j 1
1024 M
(9)
M
mod( Pp (i, j ) 2 ,512)
M
x0 0.9 x0
0.1
0.1
(11)
0.05
(12)
M
mod( Pp (i, j ) 2 ,512) i 1 j 1
512
Then, repeat steps (2) - (5) until cmpt 8 to get the encrypted image C . 4.4 Decryption process The complete decryption process is given by the steps illustrated in Fig. 6: Set cmpt 1 and use the last values of p, y0 , 0 , x0 and 0 obtained from the encryption scheme.
9
Step 1: Decompose matrix C to blocks of size (m, m) and get the matrix C d formed by these
M M blocks with size , . Then permute C d by sequence S and obtain matrix C c . The m m M sequence S is generated by function MAPINV ( , p). m Here, MAPINV was the inverse function of MAP. Step 2: Iterate Eq. (1) for l M M times to generate a random sequence F with the initial condition y 0 and the control parameter 0 . Then transform the obtained sequence into an integer sequence G 0.255 as follows:
G mod F 1014 ,256
(13)
Therefore, we apply the mask G on matrix C c according to the following equation Cs bitxor (Cc , G)
(14)
Step 3: Divide the matrix C s into 8 blocks Bi , i 1,,8 . Let c j , j 1,, n is the jth pixel in block Bi and n is total number of byte in Bi . Then substitute each pixel c j of each block
Bi as follows:
w j SBi1 (c j ) , i 1,,8 and j 1,, n . Where w j is the substituted pixel of c j with the inverse S-box SBi1 (Here, SBi1 was the inverse S-box of SBi ). Then obtain matrix C sc . Step 4: Generate a random sequence P0 with length l M M using Eq. (2) and ( 0 , x0 ) pair, where 0 is the control parameter and x0 is the initial condition. Map the obtained sequence into an integer sequence Q0 0.255 as follows:
Q0 u int 8 mod P01017 , 256
(15)
Then obtain the matrix C p using the following equation:
C p bitxor (Csc , Q0 )
(16)
Step 5: Set cmpt cmpt 1 and update the values of x0 , y0 , 0 , 0 and g according to the following equations: 10
M
x0
x0 0.9
M
mod( C (i, j ),1024) i 1 j 1
1024
M
y0
y0 0.9
0 0.95
i 1 j 1
1024
0
i 1 j 1
512
0.95
0.1
(18)
M
mod( C (i, j ) 2 ,512)
M
0
(17)
M
mod( C (i, j ),1024)
M
0
0.1
0.05
(19)
M
mod( C (i, j ) 2 ,512) i 1 j 1
512
M M Cs (i, j ) Csc (i, j ) i 1 j 1 g max Cs
2
0.05
(20)
(21)
Then, set C C p . Step 6: Repeat steps (1) - (5) in a loop until cmpt 8 to get the decrypted image D .
11
Figure 5: Block diagram of the proposed encryption scheme. 12
Figure 6: Block diagram of the proposed decryption process. 13
5. Security and performance analyses This section gives the simulation results of the proposed scheme. A number of experiments were performed based on several gray images (from USC-SIPI Image Database [22] and computer vision test images [23]), which were used as plain images having the sizes (128 128) , (256 256) , (512 512) and (1024 1024) . In the construction of S-boxes, the parameters used by the logistic maps were r0 3.9, f 0 0.1 , r1 3.8, f1 0.2 ,
r2 3.99, f 2 0.15
and r3 3.79, f 3 0.4 . In the proposed encryption approach, five
parameters were used as the keys, these parameters were g , y0 , 0 , x0 and 0 ; g 0 was the parameter of function PRIMES. The keys 0 and y 0 were the control parameter and the initial condition of the logistic map, respectively. On the other hand, x 0 and 0 were the initial condition and the control parameter of the new chaotic map, respectively. The values were taken as 0 3.9999 , y0 0.1322 , x 0 0.1 and 0 7.7415 . The block size was fixed at (m m) (8 8) . All the simulations were implemented using MATLAB in a personal computer of Intel Core i3-3227U 1.9 CPU and 4 GB of RAM. 5.1. Key space analysis Key space size is the total number of different keys that can be used in the encryption process. For a robust encryption scheme, the key space must be large enough to make bruteforce attack infeasible. The key stream of the proposed cryptosystem was composed of two parts: 1-
In the S-boxes construction: The control parameters r0 , r1 , r2 , r3 and the initial conditions f 0 , f1 , f 2 , f 3 of the logistic maps [18] and also the four integer numbers a, b, c, and d used by the Mobius transformation (Eq.4).
2- In encryption scheme: the initial conditions and the control parameters of the chaotic maps; ( 0 , y0 ) for the logistic map (Eq.1) and ( 0 , x0 ) for new chaotic map (Eq.2), respectively. Also, the block size (m m) . Where f 0 , f1 , f 2 , f 3 , x0 and y 0 0,1 ; r0 , r1 , r2 , r3 and 0 3.57,4; 0 3,8 ; m was selected as follows: (M N ) mod(m m) 0 ; a, b, c, and d belong to GF( 2 8 ), with the condition that ad bc 0 . According to the IEEE floating-point standard [24], the computational precision of the 64bit double-precision numbers is 2 52 , the total number of different values r0 which can be used
as
secret
keys
is
more
than 2 52 ,
so
are
the
number
of
r1 , r2 , r3 ,
f 0 , f1 , f 2 , f 3 , 0 , 0 , x0 , and y 0 . Assume that the possible numbers of a, b, c, and d are equal 14
to K , while those of m are equal to W . Therefore, the key space is larger than
K W 252
12
K W 2 624 .
Such a large key space can guarantee enough security against brute-force attacks. Table 4: Key space of the proposed algorithm in comparison to algorithms used in [1,7]. Algorithm
New scheme
Ref.[1]
Ref.[7]
Key space
>2624
>2128
>2312
Table 4 shows the comparison of key space between the proposed algorithm and algorithms in [1,7]. It can be seen that the key space of the proposed algorithm is larger than those of other algorithms.
5.2. Key sensitivity analysis Key sensitivity is an essential feature for any secure algorithm which satisfies the requirement of resisting brute-force attack. The following key sensitivity tests were carried out: 0 was changed from 3.9999 to 0 140 y 0 was changed from 0.1322 to y0 140 0 was changed from 7.7415 to 0 140 The other keys were left unchanged Under the above conditions, we encrypted several gray images with different sizes (128 128) , (256 256) , (512 512) and (1024 1024) . The percentage of different pixels between the encrypted-images with initial keys and the cipher-images under the conditions mentioned above are listed in Table 5. Table 5: Percentage of different pixels between encrypted-images. Image Airplane
Size
Percentage difference
(128 128)
99.6972
(256 256)
99.7246
(512 512)
99.6560
(1024 1024)
99.6637 15
Airport
Barbara
Boat
Cameraman
Chemical Plant
Clock
Couple
Elaine
House
(128 128)
99.7826
(256 256)
99.5941
(512 512)
99.6693
(1024 1024)
99.6578
(128 128)
99.5812
(256 256)
99.6712
(512 512)
99.6831
(1024 1024)
99.6664
(128 128)
99.5873
(256 256)
99.7384
(512 512)
99.6575
(1024 1024)
99.6611
(128 128)
99.6972
(256 256)
99.7033
(512 512)
99.6594
(1024 1024)
99.6627
(128 128)
99.6239
(256 256)
99.7002
(512 512)
99.6800
(1024 1024)
99.6722
(128 128)
99.6544
(256 256)
99.6682
(512 512)
99.6693
(1024 1024)
99.6694
(128 128)
99.7155
(256 256)
99.6575
(512 512)
99.7014
(1024 1024)
99.6730
(128 128)
99.6483
(256 256)
99.6834
(512 512)
99.6846
(1024 1024)
99.6661
(128 128)
99.6728
(256 256)
99.7231 16
Lena
Man
Moon Surface
Peppers
Tank
Test-Pattern
(512 512)
99.6575
(1024 1024)
99.6700
(128 128)
99.6667
(256 256)
99.6453
(512 512)
99.6846
(1024 1024)
99.6577
(128 128)
99.5995
(256 256)
99.6911
(512 512)
99.6396
(1024 1024)
99.6700
(128 128)
99.7216
(256 256)
99.7048
(512 512)
99.6659
(1024 1024)
99.6619
(128 128)
99.6544
(256 256)
99.6728
(512 512)
99.6964
(1024 1024)
99.6657
(128 128)
99.6483
(256 256)
99.6758
(512 512)
99.6789
(1024 1024)
99.6665
(128 128)
99.7033
(256 256)
99.6560
(512 512)
99.6682
(1024 1024)
99.6804
From Table 5, we can see that a tiny difference in the key results in major changes in the corresponding cipher-images. Therefore, the proposed encryption scheme has a high key sensitivity. 5.3. Histogram analysis Histogram analysis is a very important feature which shows the frequency distribution of gray-level values in an image. A secure encryption scheme should generate an image with uniform histogram to improve resistance against statistical analysis. We analyzed the 17
histograms of several plain images and their encrypted images. Figure 7 gives the plain images of ‘Lena’, ‘Cameraman’, ‘Boat’, ‘Airport’, and their histograms, respectively. On the other hand, the encrypted images of ‘Lena’, ‘Cameraman’, ‘Boat’, ‘Airport’, and their histograms are illustrated in Fig. 8, respectively. It can be seen that the histograms of the encrypted images are nearly uniform and are completely distinct from the respective histograms of the plain images. As a result, the proposed algorithm can resist any statistical attack.
Figure 7: Plain images of ‘Lena’, ‘Cameraman’, Boat’, ‘Airport’, and their histograms, respectively (From left to right).
18
Figure 8: Encrypted images of ‘Lena’, ‘Cameraman’, Boat’, ‘Airport’, and their histograms, respectively (From left to right). 5.4. Correlation analysis An ordinary image contains pixels with high neighborhood correlations while in an encrypted image by a good encryption algorithm there is no correlation between any pixel and its adjacent pixels. Thus, a secure encryption scheme should transform a plain image into an encrypted image with low correlation among adjacent pixels. To compute and compare the correlations of neighborhood pixels in the plain and cipher images, we adopted the procedure given below. First, we randomly selected 2000 pairs of adjacent pixels in each direction from the plain image and its encrypted image. Then, the correlation coefficient between each pair was calculated as follows:
M
x
i 1
rxy M
x i 1
i
i
1 M
1 M
M
x j 1
M
x j 1
j
j
2
1 yi M M
y i 1
i
M
y j 1
1 M
j
M
y j 1
j
2
(22)
Where xi and y i form ith pair of horizontally/vertically/diagonally adjacent pixels, M is the total number of pairs of horizontally/vertically/diagonally adjacent pixels. The correlation coefficients in horizontal, vertical and diagonal directions of adjacent pixels for two pairs of the plain images mentioned above and their corresponding encrypted images are shown in Table 6. 19
Table 6: Correlation between pairs of plain and encrypted images. Image
Airplane
Airport
Barbara
Boat
Cameraman
Chemical Plant Clock
Couple
Elaine
House
Lena
Man
Direction
Plain image
Encrypted image Ref.[1]
Ref.[7]
Ref.[8]
Ref.[32]
Horizontal 0.9619
New scheme -0.0002
0.0011
-0.0164
0.0180
0.0045
Vertical
0.9797 image
-0.0090
-0.0035
-0.0181
0.0061
-0.0215
Diagonal 0.9640 Horizontal 0.8153
-0.0066 -0.0275
-0.0029 0.0040
0.0004 -0.0061
-0.0079 0.0094
-0.0015 -0.0142
Vertical
0.8722
-0.0154
-0.0174
-0.0079
-0.0107
-0.0141
Diagonal
0.7386
-0.0187
-0.0135
-0.0001
-0.0007
0.0002
Horizontal 0.9033
-0.0033
-0.0052
-0.0212
-0.0187
0.0037
Vertical
0.9719
-0.0269
-0.0067
-0.0161
-0.0016
-0.0202
Diagonal
0.8630
-0.0121
0.0068
-0.0110
0.0001
0.0046
Horizontal 0.9389
-0.0100
-0.0054
-0.0189
-0.0295
-0.0138
Vertical
0.9425
-0.0124
-0.0009
0.0003
-0.0150
-0.0199
Diagonal
0.9070
-0.0185
0.0026
-0.0204
-0.0224
-0.0057
Horizontal Vertical Diagonal Horizontal Vertical Diagonal Horizontal Vertical Diagonal Horizontal Vertical Diagonal Horizontal Vertical Diagonal Horizontal Vertical Diagonal Horizontal Vertical Diagonal Horizontal
0.9305 0.9619 0.9167 0.9404 0.8913 0.8502 0.9353 0.9621 0.9233 0.9306 0.8925 0.8494 0.9715 0.9789 0.9504 0.8669 0.7929 0.7321 0.9341 0.9726 0.9191 0.9415
-0.0095 -0.0170 -0.0119 -0.0134 -0.0005 -0.0033 0.0024 -0.0246 -0.0081 -0.0251 -0.0213 -0.0078 -0.0232 -0.0420 -0.0030 -0.0095 -0.0259 -0.0094 -0.0048 -0.0112 -0.0045 -0.0155
-0.0211 -0.0103 0.0054 -0.0073 -0.0073 -0.0115 -0.0140 -0.0139 -0.0175 -0.0178 -0.0025 0.0001 -0.0065 -0.0096 -0.0148 -0.0126 -0.0097 -0.0123 -0.0086 -0.0102 -0.0125 -0.0190
0.0063 -0.0142 0.0168 -0.0069 -0.0100 -0.0078 -0.0248 -0.0172 -0.0025 -0.0122 0.0262 -0.0257 -0.0191 -0.0130 -0.0096 0.0023 -0.0187 -0.0225 -0.0066 -0.0089 0.0424 -0.0083
-0.0047 -0.0195 0.0279 -0.0091 -0.0029 -0.0092 -0.0143 0.0097 0.0120 -0.0236 -0.0045 0.0016 -0.0066 -0.0019 0.0007 -0.0339 0.0186 -0.0001 0.0011 0.0098 -0.0227 0.0022
-0.0009 -0.0223 0.0025 0.0072 -0.0015 -0.0040 -0.0123 -0.0041 -0.0027 -0.0106 -0.0047 0.0262 -0.0062 -0.0197 -0.0169 0.0109 -0.0173 -0.0002 -0.0063 -0.0109 -0.0154 -0.0100
20
Moon Surface
Peppers
Tank
Test-Pattern
Average
Vertical Diagonal Horizontal Vertical Diagonal Horizontal Vertical Diagonal Horizontal Vertical Diagonal Horizontal Vertical Diagonal Horizontal Vertical Diagonal
0.9566 0.9072 0.9056 0.9604 0.9104 0.9756 0.9739 0.9575 0.9440 0.8958 0.8650 0.8853 0.9225 0.8354 -
-0.0276 -0.0157 -0.0062 -0.0075 -0.0044 -0.0056 -0.0162 -0.0113 -0.0202 -0.0200 -0.0013 -0.0087 0.0002 -0.0220 -0.0113 -0.0173 -0.0099
-0.0095 -0.0141 -0.0288 -0.0194 -0.0137 -0.0089 -0.0113 0.0045 0.0049 -0.0128 -0.0011 0.0079 0.0015 -0.0134 -0.0086 -0.0090 -0.0067
-0.0180 0.0250 -0.0065 0.0063 0.0135 0.0194 -0.0091 0.0123 -0.0185 -0.0119 -0.0249 -0.0075 0.0284 -0.0250 -0.0091 -0.0064 -0.0024
-0.0226 0.0060 -0.0212 -0.0166 0.0138 0.0071 -0.0065 -0.0165 -0.0383 -0.0362 0.0220 0.0039 0.0022 -0.0064 -0.0099 -0.0057 -0.0001
-0.0027 -0.0195 -0.0063 0.0142 -0.0091 0.0038 -0.0082 0.0078 -0.0159 -0.0114 0.0126 0.0060 -0.0010 0.0312 -0.0038 -0.0103 0.0006
In addition, Fig. 9 shows the correlation of two horizontally, vertically and diagonally adjacent pixels in the plain and encrypted images of ‘Lena’, respectively.
21
(a)
(b)
(d)
(e)
(c)
(f)
Figure 9: The distribution of two adjacent pixels in the plain and encrypted images of “Lena”: Frames (a) and (d) distributions of two horizontally adjacent pixels in the plain and encrypted images of “Lena”, respectively. Frames (b) and (e) distributions of two vertically adjacent pixels in the plain and encrypted images of “Lena”, respectively. Frames (c) and (f) distributions of two diagonally adjacent pixels in the plain and encrypted images of “Lena”, respectively. As can be seen from Table 6, the correlation coefficients of the plain images are close to 1 while those of encrypted images are approximately equal to 0. The average correlations in horizontal, vertical and diagonal directions for the proposed algorithm obtained for all tested images are smaller than those obtained with algorithms studied in [1,7,8,32]. Then, the proposed encryption scheme generates an image with de-correlated adjacent pixels. This indicates that the proposed scheme is secure against statistical attacks.
5.5. Information entropy analysis Information entropy is a statistical measure of disorder. In order to evaluate its randomness, the measure of information entropy of a cipher image is carried out using the following equation:
22
K
E ( X ) p( xi ) log 2 p( xi )
(23)
i 1
Where p( xi ) represents the probability of pixel xi and K is total number of pixels in an image. For a grayscale image there are 2 8 possible values (range of [0,255]), the theoretical entropy value is equal to 8 when the pixels appear with the same probability. Consequently, to confirm the efficiency of the proposed scheme the information entropy of the encrypted image must be close to 8. We computed the information entropy for many encrypted images. The results summarized in Table 7 demonstrate that the entropies of all encrypted images are close to 8. Therefore, it can be concluded that our scheme has an average entropy of 7.9977 which is comparable to that studied in [1] and better than those of the schemes in [7,8,32]. Hence, the proposed encryption scheme is robust against entropy attacks. Table 7: Entropies of encrypted images Image
Entropy New scheme Airport 7.9960 Airplane 7.9974 Barbara 7.9978 Boat 7.9980 Cameraman 7.9985 Chemical Plant 7.9964 Clock 7.9992 Couple 7.9976 Elaine 7.9985 House 7.9981 Lena 7.9963 Man 7.9975 Moon Surface 7.9987 Peppers 7.9985 Tank 7.9969 Test-Pattern 7.9986 Average 7.9977
Ref.[1] 7.9966 7.9965 7.9964 7.9979 7.9966 7.9986 7.9974 7.9987 7.9972 7.9989 7.9991 7.9974 7.9979 7.9973 7.9990 7.9988 7.9978
Ref.[7] 7.9966 7.9926 7.9937 7.9960 7.9955 7.9947 7.9984 7.9951 7.9939 7.9978 7.9951 7.9990 7.9951 7.9965 7.9976 7.9967 7.9959
Ref.[8] 7.9969 7.9954 7.9957 7.9959 7.9964 7.9990 7.9956 7.9980 7.9971 7.9952 7.9965 7.9965 7.9954 7.9958 7.9965 7.9984 7.9965
Ref.[32] 7.9957 7.9966 7.9964 7.9985 7.9990 7.9940 7.9977 7.9956 7.9951 7.9958 7.9964 7.9949 7.9969 7.9971 7.9997 7.9977 7.9967
5.6. Sensitivity analysis There are two measures used to test the influence of changing one pixel in the plain image on the encrypted image, which are Number of Pixel Change Rate (NPCR) and Unified Average Changing Intensity (UACI) [25]. The former is used to measure the number of different pixels between the two images, whereas the latter is used to measure the average intensity 23
difference. Let I1 (i, j ) and I 2 (i, j ) be the (i, j )th pixel of two images I1 and I2, respectively. The NPCR and UACI are defined by Eqs. (24) and (25), respectively.
NPCR
D(i, j) i; j
N
100%
(24)
Where N is the total number of pixels in the image and D(i, j ) is defined as
0 if I1 (i, j ) I 2 (i, j ) D(i, j ) 1 if I1 (i, j ) I 2 (i, j )
UACI
I1 (i, j ) I 2 (i, j ) 1 100% N i, j 2K 1
(25)
Where K is the number of bits used to represent a gray scale pixel value. The expected values of NPCR and UACI for a strong encryption scheme are given by the following equations, respectively: 1 NPCR ( Expected ) 1 L 100% 2
(26)
2 1 k (k 1) 1 UACI ( Expected ) 2 L k 1 L 100% 2 2 1
(27)
L
Where, 2 L is the number of bits used to represent one pixel of an image. For an 8-bit grayscale image, the expected values of NPCR and UACI are 99.6094% and 33.4635%, respectively. We obtained NPCR and UACI for a large number of images by using our proposed algorithm and other algorithms, their testing results are shown in Tables 8 and 9, respectively. In addition, we compared the NPCR and UACI of the proposed scheme and the schemes in [1,7,8,32] in Table 10. We found NPCR to be over 99.6% for all the images, so the encryption scheme is very sensitive to small pixel changes in the plain-image. The UACI, in all the test cases, was better than 33% which indicates that the rate of influence related to single-pixel change in plain image is very high. As can be seen from Table 10, the proposed encryption scheme and the 24
one studied in 8] have better NPCR performance than other algorithms. Moreover, the UACI performance of the proposed algorithm is in agreement with those of algorithms in [1,8,32] and better than the one investigated in[7]. Results show that our algorithm is not vulnerable to the differential attacks. Table 8: The NPCR and UACI of encrypted images by changing their plain images one bit. Image Airport Airplane Barbara Boat Cameraman Chemical Plant Clock Couple Elaine House Lena Man Moon Surface Peppers Tank Test-Pattern Average
NPCR (%) 99.6150 99.6083 99.6092 99.6102 99.6205 99.6121 99.6102 99.6399 99.6143 99.6200 99.6228 99.6070 99.6139 99.6319 99.6290 99.6195 99.6177
UACI (%) 33.5625 33.5359 33.7431 33.5367 33.7786 33.6068 33.5820 33.8085 33.5160 33.4914 33.7041 33.7905 33.6898 33.6923 33.9213 33.7515 33.6694
Table 9: The NPCR and UACI of encrypted images for algorithms in [1,7,8,32]. Image
NPCR (%) Ref.[1] 99.6107 Airport 99.6077 Airplane 99.6162 Barbara 99.6281 Boat 99.6292 Cameraman Chemical Plant 99.6131 99.6218 Clock 99.6292 Couple 99.6107 Elaine 99.6257 House 99.6146 Lena
Ref.[7] 99.5662 99.5565 99.5227 99.5609 99.5749 99.5325 99.5910 99.5606 99.5431 99.5332 99.5511 25
Ref.[8] 99.6180 99.6231 99.6402 99.6209 99.6105 99.6258 99.6126 99.6312 99.6299 99.6182 99.6092
Ref.[32] 99.6201 99.5499 99.5178 99.5743 99.6216 99.6185 99.5728 99.5468 99.5529 99.6078 99.6231
99.6084 99.6168 99.6092 99.6131 99.6177 99.6170 UACI (%) Ref.[1] 33.6632 Airport 33.4143 Airplane 33.5776 Barbara 33.6145 Boat 33.7050 Cameraman Chemical Plant 33.8543 33.4836 Clock 33.6446 Couple 33.6163 Elaine 33.7022 House 33.5561 Lena 33.6744 Man Moon Surface 33.5333 33.6284 Peppers 33.7155 Tank 33.5046 Test-Pattern Man Moon Surface Peppers Tank Test-Pattern Average Image
99.5417 99.5684 99.5808 99.5794 99.5679 99.5582
99.6211 99.6172 99.6236 99.6687 99.6541 99.6265
99.5514 99.6033 99.5728 99.6078 99.6185 99.5850
Ref.[7] 33.3716 33.4063 33.3890 33.4176 33.3691 33.3872 33.4147 33.3723 33.3853 33.3912 33.3461 33.3684 33.3758 33.3540 33.4045 33.3975
Ref.[8] 33.6183 33.5817 33.6714 33.6018 33.6862 33.3825 33.5793 33.7252 33.6232 33.7240 33.6322 33.4720 33.6993 33.7386 33.5224 33.6340
Ref.[32] 33.5961 33.6640 33.5052 33.3975 33.7326 33.5831 33.9272 33.8911 33.7063 33.7656 33.8144 33.6949 33.8063 33.4723 33.7415 33.4487
Table 10: Comparison of NPCR and UACI with other algorithms. Algorithm Proposed algorithm Ref.[1] Ref.[7] Ref.[8] Ref.[32]
NPCR (%) (average) 99.6177 99.6170 99.5582 99.6265 99.5850
UACI (%) (average) 33.6694 33.6180 33.3844 33.6183 33.6717
5.7. Encryption Quality Visual inspection is one of the most important metrics to judge the effectiveness of an encryption algorithm. If an encryption algorithm conceals most of the features of a plaintext image, then the algorithm is considered to be strong. Although, one can examine the effectiveness of an algorithm using visual inspection, in some scenarios this may not give any 26
indication about the hidden loopholes. So various metrics have been proposed in the literature to measure the quality of encryption [26,27]. 5.7.1. Maximum Deviation The quality of an encryption algorithm can be judged by deviation in pixel values between plaintext image and ciphertext image [27,28,29]. If deviation (changes) of pixels is the maximum between original and encrypted images, then the encryption algorithm is the best in the terms of security [29]. Maximum deviation can be calculated as follows [29]: MD
D0 DN 1 N 2 Di , 2 i 1
(28)
where N is the total number of gray values and Di , is the amplitude of difference histogram D (calculated through the difference of histogram between plaintext image and ciphertext image) at index i . Higher value of M D indicates that the ciphertext image is very deviated from the plaintext image. Table 11 shows the results of maximum deviation metric for the proposed algorithm and algorithms in [1,7,8,32]. Comparison of average values of maximum deviation shows that the proposed scheme and schemes in [1,8] have better performance than those of [7,32]. Based on these results, we can conclude that the values of maximum deviations of the suggested algorithm do not reveal any significant information about the quality of encryption. As a result, we can conclude that the maximum deviation metric cannot provide sufficient information about the security of an encryption algorithm. 5.7.2. Irregular Deviation Maximum deviation parameter alone cannot be used for checking the quality of encryption, because in some cases, it may give imprecise results [30]. Another parameter known as irregular deviation can also be used to check the quality of a ciphertext image. The irregular deviation measures how the statistical distribution of deviation between plaintext and ciphertext images is close to the uniform statistical distribution [30]. The irregular deviation can be defined as [30]: N 1
I D H Di ,
(29)
i 0
Where, H Di hi AH , hi is the amplitude of histogram at index i , which can be computed after taking the absolute difference of plaintext and ciphertext images and AH is the average sum of histogram values. When the value of I D is low, it indicates that the pixels distribution is uniform and hence the quality of encrypted image is high. The values of irregular deviation for the proposed algorithm and other algorithms are shown in Table 12. It is clear from this table that the obtained results for the proposed algorithm are in an acceptable range and are comparable with those of other algorithms. Consequently, the lower irregular deviation values reflect the strength of the proposed algorithm. 5.7.3. Deviation from Uniform Histogram For an ideal encryption algorithm, the ciphertext image ( C i ) must have uniform histogram distribution. It means that the probability of each pixel in ciphertext image must be 27
completely uniform. Mathematically, an ideal histogram for a ciphertext image can be calculated as [31]: M N , 0 Ci 255 (30) H Ci 256 elsewhere 0, Using the above concept, Elashry et al. proposed a new metric [31] (deviation from uniform histogram) for measuring the quality of encrypted images. The deviation from uniform histogram can be written as [31]: 255
DH
| H
Ci 0
Ci
HC |
M N
(31)
,
where H Ci is the ideal histogram value at index i , H C is the actual histogram of ciphertext image and M N is the size of ciphertext image. A lower value of DH represents a better encryption quality. The results of deviation from uniform histogram are depicted in Table 13. As can be seen from this table, the proposed scheme and those studied in [1,8] have approximately lower values of deviation from uniform histogram than those of algorithms in [7,32]. Thus, it is clear that the results are in favor of the proposed technique as the values of DH are less deviated from the uniform histogram. Table 11: Maximum Deviation of the proposed scheme compared to previous schemes. Image
Maximum Deviation New scheme Ref.[1] 26232 28208 Airport 21148 21148 Airplane 18148 18155 Barbara 25442 25716 Boat 18007 17148 Cameraman 18535 Chemical Plant 18835 24823 23569 Clock 17674 17074 Couple 17428 17403 Elaine 17984 17142 House 21339 21786 Lena 21604 19755 Man 17015 Moon Surface 16747 22935 24254 Peppers 17586 17690 Tank 15805 14787 Test-Pattern 19962 Average 20109 28
Ref.[7] 25717 22052 19384 25193 16803 17711 23826 16880 17071 17571 19931 21396 16286 22966 16401 16312 19719
Ref.[8] 27206 21778 17944 25367 16674 17956 25642 17142 18286 17138 20811 20962 16909 22648 18212 16481 20072
Ref.[32] 28204 21279 19394 23445 17240 18583 23005 16966 17494 17707 20902 20690 16898 23173 17478 14877 19833
Table 12: Irregular Deviation of the proposed scheme in comparison to previous schemes. Image
Irregular Deviation New scheme Ref.[1] 17106 16780 Airport 40306 40434 Airplane 42708 42674 Barbara 36226 36098 Boat 39244 38900 Cameraman 45096 Chemical Plant 44762 27442 27210 Clock 50470 50406 Couple 45674 46126 Elaine 43016 42996 House 40480 40904 Lena 37158 36996 Man 54604 Moon Surface 54198 35088 35242 Peppers 57294 57284 Tank 40654 40270 Test-Pattern 40739 40751 Average
Ref.[7] 16586 40358 43014 36220 39414 45438 27230 50578 45854 42938 40768 36882 54696 34706 57482 40250 40776
Ref.[8] 17008 40294 42556 36124 39380 45258 27264 50294 45964 42714 40820 36956 54530 34824 57218 40270 40717
Ref.[32] 17700 41060 42840 36092 38604 45170 27728 50194 45590 43114 40634 37092 54434 34350 57044 40590 40765
Table 13: Deviation from Uniform Histogram of the proposed scheme in comparison to previous schemes. Image
Deviation from Uniform Histogram New scheme Ref.[1] Ref.[7] Ref.[8] 0.0927 0.0943 0.1071 0.0934 Airport 0.0983 0.0969 0.0995 0.0943 Airplane 0.0976 0.0967 0.1012 0.0928 Barbara 0.0958 0.0902 0.0995 0.0985 Boat 0.0942 0.0941 0.1065 0.0920 Cameraman 0.0948 0.1029 0.0943 Chemical Plant 0.0951 0.0949 0.0930 0.0995 0.0984 Clock 0.0996 0.0972 0.0992 0.0938 Couple 0.0941 0.0938 0.1066 0.0975 Elaine 0.0882 0.0951 0.1141 0.0994 House 0.0994 0.0974 0.1001 0.0934 Lena 0.0874 0.0944 0.0948 0.0974 Man 29
Ref.[32] 0.0958 0.0951 0.0975 0.0951 0.0955 0.0965 0.0966 0.0981 0.0988 0.0963 0.0962 0.0980
Moon Surface Peppers Tank Test-Pattern Average
0.0935 0.0917 0.0914 0.0905 0.0940
0.0956 0.0938 0.0912 0.0917 0.0944
0.1007 0.0979 0.0990 0.1027 0.1020
0.0984 0.0977 0.0922 0.0958 0.0956
0.0936 0.0946 0.0930 0.2699 0.1069
5.8. Contrast analysis The contrast of an image can be defined as the difference of brightness between light and dark parts in an image. Indeed, the contrast shows the light distribution in an image. Visually, the contrast is interpreted as the spreading of the image brightness histogram. In this sense, we analyzed the contrast for the proposed algorithm and those of related works. The contrast is given by Eq. (32):
C i j p(i, j ) 2
(32)
i, j
Where, p(i, j ) is the number of gray-level co-occurrence matrices. The experimental results for some encrypted images with the proposed scheme and those of other algorithms are reported in Table 14. Based on these results, we can conclude that all encrypted images under the proposed method have high contrast, which confirms the effectiveness of the proposed algorithm to produce high randomness in encrypted image. Moreover, the comparison with other algorithms shows that the proposed scheme has a slightly better performance of contrast, while schemes presented in [1,8] have nearly similar values of contrast. Table 14: Contrast of the proposed scheme compared to previous schemes. Image
Contrast New scheme 8.5696 Airport 8.5294 Airplane 8.5094 Barbara 8.6248 Boat 8.7474 Cameraman Chemical Plant 8.6470 8.5704 Clock 8.6674 Couple 8.6160 Elaine
Ref.[1] 8.6029 8.5493 8.5222 8.5646 8.6447 8.6067 8.6028 8.6619 8.5609 30
Ref.[7] 8.6077 8.6112 8.6063 8.5670 8.6053 8.6712 8.4440 8.5425 8.5974
Ref.[8] 8.6316 8.6728 8.5970 8.6824 8.6459 8.5726 8.6303 8.6126 8.5573
Ref.[32] 8.4450 8.5848 8.5867 8.6146 8.4327 8.6464 8.6432 8.5592 8.5934
House Lena Man Moon Surface Peppers Tank Test-Pattern Average
8.5118 8.6453 8.6937 8.5984 8.5998 8.7132 8.6769 8.6200
8.7217 8.5925 8.6831 8.6021 8.5833 8.6195 8.6131 8.6082
8.6264 8.6128 8.5883 8.5343 8.6597 8.5889 8.6577 8.5950
8.6147 8.6312 8.6527 8.6070 8.5512 8.6251 8.5729 8.6161
8.5489 8.6174 8.5654 8.5549 8.5710 8.6273 8.5266 8.5698
5.9. Execution time and computation complexity The execution time of an image encryption scheme depends on many factors as CPU structure, memory size, operating system, the programming language, compiler options, programming skill and code optimization. Thus, it is pointless and uncommon to make an explicit comparison for two or more encryption schemes without using the same environment. Notwithstanding, we have undertaken an analysis for the explicit comparison between the proposed encryption scheme and competitive schemes. We used the same environment (Computer of Core i3-3227U 1.9 CPU with 4 GB RAM running on Windows 7 and MATLAB 7.9) for measuring the speed of the image cipher for all the schemes. We implemented MATLAB codes for the proposed encryption scheme and other schemes in order to give approximate encryption speeds. For accuracy, each set of the timing tests was executed several times for a considerable number of times and then we reported the obtained average. Table 15 gives the speed performance of the proposed algorithm and other algorithms for different sizes of images. As can be seen in Table 15, the proposed scheme has an acceptable speed. Table 15: Comparison of encryption speeds (ms) for proposed algorithm and other algorithms. Scheme
Image size (128 128)
(256 256)
(512 512)
(1024 1024)
New scheme
52
95
497
2513
Ref.[1]
45
79
343
2021
Ref.[7]
76
122
543
2784
Ref.[8]
38
71
313
1947
Ref.[32]
71
109
526
2682
31
Moreover, we calculated the computation complexity of the proposed algorithm. In fact, it consist in measuring the size of an instance (the number of operations and steps required to accomplish the encryption/decryption process)- neglecting some details such as the operating system, the programming language, the hardware the algorithm runs on, and programming skill [33, 34]. The proposed scheme needs O(M N ) (where M N is the number of pixels) iterations to complete the whole encryption process, which is efficient for real time applications.
6. Application for color images We applied the proposed encryption scheme for color images. Some analyses were performed and a comparison with two related works was carried out. The 256 × 256 true color JPEG images of ‘Lena’ and ‘Peppers’ (Figs.10(a),(b)) were used as plain-images. During the encryption process, we adopted the same secret key used in Section 5. The plain images of ‘Lena’ and ‘Peppers’, and their encrypted images with the proposed algorithm are shown in Figs.10(a),(b) and Figs.10(c),(d), respectively. Figs.11(a)-(c) andFigs.12(a)-(c) show the histograms of plain image’s R, G, B channels and encrypted image’s R, G, B channels of ‘Lena’, respectively. It is seen from Figs.12(a)-(c) that the histogram of encrypted image has uniform behavior, which confirms that the proposed algorithm is strong against statistical attack. Moreover, Figs.13(a)-(f) contain the plots of the correlation distributions in horizontal, vertical and diagonal directions in the plain and encrypted images of ‘Lena’ for R component, respectively. The correlation coefficients for two adjacent pixels (in all directions) in R, G, B components of plain images and encrypted images are listed in Tables 16 and 17, respectively. It is clear that in plain images the correlation coefficients are high, whereas in the encrypted images the neighboring pixels satisfy zero correlation. Furthermore, comparison with schemes in [1,8] shows that the proposed encryption method has advantages in terms of correlation in horizontal and diagonal directions. As can see from Table 18, the entropies of R, G, B components of each encrypted image are very close to 8 and are slightly higher than those of other algorithms. NPCR and UACI performances of R, G, B components of each encrypted image are listed in Table 19. It can be deduced from this table that the proposed encryption algorithm and that in [8] have slightly better performances of NPCR and UACI as compared with that in [1]. Therefore, the proposed algorithm is suitable for color images and can be selected as a candidate for a good color image encryption.
32
(a)
(b)
(c)
(d)
Figure 10: Plain images and their encrypted images: Frames (a) and (b) Plain images of ‘Lena’ and ‘Peppers’, respectively. Frames (c) and (d) Encrypted images of ‘Lena’ and ‘Peppers’, respectively.
(a) Red
(b) Green
(c) Blue
Figure 11: Histograms of the original image of ‘Lena’ (a) Red, (b) Green and (c) Blue.
33
(a) Red
(b) Green
(c) Blue
Figure 12: Histograms of the encrypted image of ‘Lena’ (a) Red, (b) Green and (c) Blue.
(a)
(d)
(b)
(c)
(e)
(f)
Figure 13: The distribution of two adjacent pixels in the plain image of “Peppers” in the red component and its encrypted image: Frames (a) and (d) distributions of two horizontally adjacent pixels in the plain image of “Peppers” in the red component and its encrypted image, respectively. Frames (b) and (e) distributions of two vertically adjacent pixels in the plain 34
image of “Peppers” in the red component and its encrypted image, respectively. Frames (c) and (f) distributions of two diagonally adjacent pixels in the plain image of “Peppers” in the red component and its encrypted image, respectively. Table 16: Correlation coefficients of two adjacent pixels in plain-images. Image
Horizontal R
Lena
Vertical
G
B
R
Diagonal G
B
R
G
B
0.9278 0.9316 0.8867 0.9635 0.9648 0.9280 0.8993 0.9075 0.8449
Peppers 0.9929 0.9903 0.9916 0.9877 0.9889 0.9821 0.9789 0.9805 0.9711
Table 17: Correlation coefficients of two adjacent pixels in encrypted-images. Image
New scheme Horizontal R
G
Vertical B
R
Diagonal G
B
R
G
B
Lena
-0.0362 -0.0089 -0.0105 -0.0141 -0.0134 -0.0486 -0.0464 -0.0189 -0.0501
Peppers
-0.0413 -0.0107 -0.0142 -0.0043 -0.0022 -0.0092 -0.0002 -0.0082 -0.0164
Average -0.0388 -0.0098 -0.0124 -0.0092 -0.0078 -0.0289 -0.0233 -0.0136 -0.0333 Image
Ref.[1] Horizontal R
G
Vertical B
R
Diagonal G
B
R
G
Lena
-0.0153 -0.0276 -0.0242 -0.0082 -0.0167 -0.0109 -0.0016 0.0058
Peppers
-0.0099 0.0017
B -0.0179
-0.0089 -0.0018 -0.0101 -0.0141 -0.0008 -0.0383 -0.0015
Average -0.0126 -0.0130 -0.0165 -0.0050 -0.0134 -0.0125 -0.0012 -0.0163 -0.0097 Image
Ref.[8] Horizontal R
Lena
G
Vertical B
R
Diagonal G
B
R
G
B
-0.0112 -0.0042 -0.0085 -0.0045 -0.0230 -0.0355 -0.0084 -0.0280 -0.0009 35
Peppers
-0.0069 -0.0258 -0.0205 -0.0210 -0.0034 0.0022
-0.0009 -0.0047 -0.0078
Average -0.0090 -0.0150 -0.0145 -0.0128 -0.0132 -0.0166 -0.0046 -0.0164 -0.0043
Table 18: Entropy results for encrypted images. Image
Entropy New scheme R
Ref.[1]
G
B
R
Ref.[8] G
B
R
G
B
Lena
7.9988 7.9967 7.9990 7.9971 7.9966 7.9972 7.9968 7.9975 7.9983
Peppers
7.9980 7.9971 7.9985 7.9988 7.9968 7.9975 7.9972 7.9977 7.9987
Average 7.9984 7.9969 7.9987 7.9979 7.9967 7.9974 7.9970 7.9976 7.9985
Table 19: The NPCR and UACI of encrypted images by changing their plain images a single bit. Image
NPCR New scheme R
G
Ref.[1] B
Ref.[8]
R
G
B
R
G
B
Lena
99.6143 99.6216 99.6250 99.6162 99.6089 99.6162 99.6173 99.6233 99.6186
Peppers
99.6190 99.6182 99.6222 99.6177 99.6223 99.6192 99.6182 99.6177 99.6272
Average 99.6166 99.6199 99.6236 99.6170 99.6156 99.6177 99.6178 99.6205 99.6229
Image
UACI New scheme R
Lena
G
Ref.[1] B
Ref.[8]
R
G
B
R
G
B
33.6532 33.5700 33.7022 33.4966 33.5645 33.6164 33.7075 33.6728 33.5293
36
Peppers
33.6126 33.6480 33.6130 33.6129 33.5859 33.6387 33.6813 33.5364 33.6506
Average 33.6329 33.6090 33.6576 33.5547 33.5752 33.6275 33.6944 33.6046 33.5900
7.
Conclusion
This paper presented a new image encryption approach based on substitution-permutation (SP) network structure and chaotic systems. The proposed approach used two chaotic systems combined with strong S-boxes to achieve better confusion and diffusion. A variety of simulation tests and analyses were carried out to prove the security and the performance of the proposed encryption scheme including statistical, differential, quality, contrast and speed analyses. All the results show that the proposed encryption approach has superior performance than those used in the literature. Future work will deal with selective encryption schemes. Acknowledgments The authors would like to thank Dr. M. Cagnazzo and the anonymous reviewers for their constructive and valuable comments to improve the quality of this work. This work is supported by Ministry of Higher Education and Scientific Research (Egypt-Tunisia Cooperation Program: 4-13 A1).
References 1. X. Wang, L. Teng, X. Qin, A novel colour image encryption algorithm based on chaos, Signal Process. 92 (4) (2012) 1101-1108. 2. H. Liu, X. Wang, Color image encryption using spatial bit-level permutation and highdimension chaotic system, Opt. Commun. 284 (16-17) (2011) 3895–3903. 3. H. Liu,X. Wang, A. Kadir, Color image encryption using Choquet fuzzy integral and hyper chaotic system, Optik - International Journal for Light and Electron Optics. 124 (2013) 3527-3533. 4. Y. Zhou, L. Bao, C.L.Philip Chen, A new 1D chaotic system for image encryption, Signal Process. 97 (2014) 172–182.
37
5. H. Liu, A. Kadir, Y. Niu, Chaos-based color image block encryption scheme using Sbox, AEU - Int. J. Electron. Commun. 68 (7) (2014) 676-686. 6. P. Ping, F. Xu, Z.J. Wang, Image encryption based on non-affine and balanced cellular automata, Signal Process. 105 (2014) 419-429. 7. X. Wang, L. Liu, Y. Zhang, A novel chaotic block image encryption algorithm based on dynamic random growth technique, Opt. Lasers Eng. 66 (2015) 10-18. 8. Z. Hua, Y. Zhou, C.M. Pun, C.L. Philip Chen, 2D Sine Logistic modulation map for image encryption, Inf. Sci. 297 (2015) 80-94. 9. H. Liu, X. Wang, Color image encryption based on one-time keys and robust chaotic maps, Computers and Mathematics with Applications. 59 (10) (2010) 3320–3327. 10. M.A. Murillo-Escobar, C. Cruz-Hernández, F. Abundiz-Pérez, R.M. López-Gutiérrez, O.R. Acosta Del Campo, A RGB image encryption algorithm based on total plain image characteristics and chaos, Signal Process. 109 (2015) 119-131. 11. J.X. Chen, Z.L. Zhu, C. Fu, H. Yu, Y. Zhang, Reusing the permutation matrix dynamically for efficient image cryptographic algorithm, Signal Process. 111 (2015) 294-307. 12. C. Li, Y. Liu, L. Yu Zhang, K.W. Wong, Cryptanalyzing a class of image encryption schemes based on Chinese remainder theorem, Signal Processing: Image Communication. 29 (8) (2014) 914-920. 13. Y. Zhang, Comments on "Color image encryption using Choquet fuzzy integral and hyper chaotic system", Optik - International Journal for Light and Electron Optics. 12 (19) (2014) 5560-5565. 14. A. Jolfaei, X.W. Wu, V. Muthukkumarasamy, Comments on the security of “Diffusion–substitution based gray image encryption” scheme, Digital Signal Processing. 32 (2014) 34-36. 15. F. G. Jeng, W.L. Huang, T.H. Chen, Cryptanalysis and improvement of two hyperchaos-based image encryption schemes, Signal Processing: Image Communication. 34 (2015) 45-51. 16. A. Belazi, H. Hermassi, R. Rhouma, S. Belghith, Algebraic analysis of a RGB image encryption algorithm based on DNA encoding and chaotic map, Nonlinear Dyn. 76 (4) (2014) 1989-2004. 38
17. C. Li, Cracking a hierarchical chaotic image encryption algorithm based on permutation, Signal Process. 118 (2016) 203-210. 18. I. Hussain, T. Shah, M.A. Gondal,H. Mahmood, An efficient approach for the construction of LFT S-boxes using chaotic logistic map, Nonlinear Dyn. 71 (1) (2013) 133–140. 19. L. Acho, A discrete-time chaotic oscillator based on the logistic map: A secure communication scheme and a simple experiment using Arduino, Journal of the Franklin Institute. 352 (8) (2015) 3113–3121. 20. Y.Q. Zhang, X.Y. Wang, Spatiotemporal chaos in mixed linear–nonlinear coupled logistic map lattice, Physica A: Statistical Mechanics and its Applications. 402 (2014) 104 - 118. 21.
M. Zhang, X. Tong, A new chaotic map based image encryption schemes for several image formats, J. Syst. Softw. 98 (2014) 140–154.
22. http://sipi.usc.edu/database/ 23. http://www.cs.cmu.edu/~cil/v-images.html 24. IEEE Task P754, IEEE 754–2008, Standard for Floating-Point Arithmetic, 2008. 25. M. Amin, A. A. Abd El-Latif, Efficient Modified RC5 Based on Chaos Adapted to Image Encryption, Journal of Electronic Imaging. 19 (1) (2010). 26. N. El-Fishawy, O. M. Abu Zaid, Quality of encryption measurement of bitmap images with RC6, MRC6, and Rijndael block cipher algorithms, International journal of network security. 5 (2007) 241-251. 27. A.A. Abd El-Latif, L. Li, T. Zhang, N. Wang, X. Song, X. Niu, Digital Image Encryption Based on Multiple Chaotic Systems, Sensing and Imaging. An International Journal. 13 (2) (2012) 67-88. 28. S. Lian.: Multimedia content encryption: techniques and applications. Auerbach Publications, (2008). 29. M. Usamaa, M. Khurram Khana, K. Alghathbara, C. Lee, Chaos-based secure satellite imagery cryptosystem, Computers and Mathematics with Applications. 60 (2010) 326–337.
39
30. H. M. Elkamchouchi, M. A. Mskar.: Measuring encryption quality for bitmap images encrypted with Rijndael and KAMKAR block ciphers, Twenty second national radio science conference (NRSC), Cairo Egypt (2005). 31. I. F. Elashry, O. S. Faragallah, A. M. Abbas, S. El-Rabaie, F. E. Abd El-Samie, A new method for encrypting images with few details using Rijndael and RC6 block ciphers in the electronic code book mode, Information security journal: A global perspective. 21 (2012) 193–205. 32. X.Y. Wang, L. Yang, R. Liu, A. Kadir, A chaotic image encryption algorithm based on perceptron model, Nonlinear Dyn. 62 (3) (2010) 615–621. 33. Y.Q. Zhang, X.Y. Wang , A new image encryption algorithm based on non-adjacent coupled map lattices , Appl. Soft Comput. 26 (2015) 10 -20. 34. Y.Q. Zhang, X.Y. Wang , A symmetric image encryption algorithm based on mixed linear–nonlinear coupled map lattice, Inf. Sci. 273 (2014) 329–351.
Highlights
We propose a new image encryption approach based on substitutionpermutation network and chaotic systems. Qualitative and quantitative analysis verify the effectiveness of the proposed encryption scheme. The encryption scheme shows superior performance than previous schemes.
40