- Email: [email protected]
An algorithm for encryption of secret images into meaningful images
Optics and Lasers in Engineering 90 (2017) 196–208
Contents lists available at ScienceDirect
Optics and Lasers in Engineering journal homepage: www.elsevier.com/locate/optlaseng
An algorithm for encryption of secret images into meaningful images ⁎
A. Kanso , M. Ghebleh
crossmark
Department of Mathematics, Faculty of Science, Kuwait University, P.O. Box 5969, Safat 13060, Kuwait
A R T I C L E I N F O
A BS T RAC T
Keywords: Image Encryption Steganography Chaos Cat Map Lifting Wavelet Transform
Image encryption algorithms typically transform a plain image into a noise-like cipher image, whose appearance is an indication of encrypted content. Bao and Zhou [Image encryption: Generating visually meaningful encrypted images, Information Sciences 324, 2015] propose encrypting the plain image into a visually meaningful cover image. This improves security by masking existence of encrypted content. Following their approach, we propose a lossless visually meaningful image encryption scheme which improves Bao and Zhou's algorithm by making the encrypted content, i.e. distortions to the cover image, more difficult to detect. Empirical results are presented to show high quality of the resulting images and high security of the proposed algorithm. Competence of the proposed scheme is further demonstrated by means of comparison with Bao and Zhou's scheme.
1. Introduction In recent years, cloud and internet-based services have become very popular across the world and many people use these services without even realizing it. This phenomenon emphasizes the importance of confidentiality of online data as a major concern of individuals and organizations, and data protection as a prominent area of research. There are a number of data protection approaches including encryption and steganography. While encryption aims at preventing unauthorized access by scrambling data, steganography's main aim is to hide data in a host/cover object so it is undetectable to an eavesdropper. There exist a number of traditional encryption schemes which are intended for text, such as Triple Data Encryption Standard (3DES), Advanced Encryption Standard (AES) and International Data Encryption Algorithm (IDEA) [1,2]. Existing steganographic schemes include [3– 7]. Digital images and other multimedia formats are essential in a myriad of sensitive applications such as military, business and health care. These applications often require storage and transmission of sensitive data. Numerous leaks of government, business and personal data in recent years highlights the growing need for improved security algorithms. Since traditional encryption algorithms including 3DES, AES and IDEA [1,2] are designed to protect textual data, they are inefficient in protecting digital multimedia content due to their large size. Digital images (and other multimedia content) enjoy intrinsic features such as bulk data capacity and strong correlation between adjacent pixels [8] which invite design of specialized encryption algorithms. Image encryption schemes typically map plain images into ⁎
Corresponding author. E-mail address: [email protected] (A. Kanso).
http://dx.doi.org/10.1016/j.optlaseng.2016.10.009 Received 21 June 2016; Received in revised form 2 October 2016; Accepted 6 October 2016 0143-8166/ © 2016 Elsevier Ltd. All rights reserved.
random-like images [8–10]. In the last two decades, researchers have proposed a number of image encryption schemes based on spatial domain [9,11,10,12–27] and frequency domain [28–31]. Spatial domain approaches act on the pixels of plain image directly. Most existing spatial domain schemes are made up of two phases: shuffling and masking, where the pixel intensity values of the plain image are permuted, masked by a pseudo-random sequence, and sometimes mixed with other pixels to produce a random-like cipher image. On the other hand, in frequency domain approaches, the plain image is mapped into a set of frequency coefficients, using tools such as Fast Fourier Transformation (FFT), Discrete Cosine Transform (DCT) and Discrete Wavelet Transform (DWT). In turn, these coefficients are scrambled and used to produce through the inverse transformation, a random-like cipher image. The aim of either approach is to produce a cipher image that does not reveal any useful information about the plain image. Since most existing encryption schemes generate randomlike cipher images, transmitting such images over public channels raises suspicion. This is due to the fact that cryptanalysts feel that random-like images arise from transformation of important information. Therefore, the interception of random-like images subjects them to possible cryptanalytic attacks. In recent years, a number of cryptanalytic attacks have been suggested and some of the aforementioned image encryption schemes have already been broken or shown to have security flaws [32–37]. To decrease the chance of cryptanalysis, one might be interested in an encryption scheme whose generated cipher images do not appear random. In 2015, Bao and Zhou [38] proposed an encryption scheme that generates meaningful cipher images by encrypting the plain image
Optics and Lasers in Engineering 90 (2017) 196–208
A. Kanso, M. Ghebleh
E = (P, R, Kt ).
with an existing encryption scheme and then embedding the resulting random-like cipher image into a meaningful host image whose transmission over public channels does not raise any suspicion. Following this approach, we propose a lossless Visually Meaningful Image Encryption Scheme (VMIES) which improves Bao and Zhou's scheme. The proposed scheme consists of two phases: (i) preprocessing and (ii) embedding. The preprocessing phase encrypts the input plain image using an existing scheme such as [17–27] to generate a randomlike image. The purpose of this phase is to increase the security level of the proposed scheme. Thus, if the secret image is not highly sensitive, one can omit this phase. The embedding phase, which is the main contribution of this work, is performed in the frequency domain. It decomposes the host image using 2D Lifting Wavelet Transform (LWT) [39] into four sub-bands, namely an approximation matrix and three detail matrices. It then embeds the (scrambled) image resulting from the preprocessing phase into the detail coefficients. Finally, the final stegoimage is generated via the inverse transform. Simulation results show that the proposed scheme generates high quality stegoimages, and that it is robust against a number of security threats. Furthermore, it has superior performance compared to Bao and Zhou's scheme. This paper is organized as follows: Section 2 presents Bao and Zhou's scheme. In Section 3, we provide a detailed description of the proposed scheme. Section 4 evaluates the proposed scheme via numerical simulations. In Section 5, we perform a comparison between the proposed scheme and existing work. Finally, we end the paper with some concluding remarks.
Fig. 1, presents the DWTCT stage of BZ scheme in more details [38]. According to this figure, the DWTCT stage divides each intensity value α in [0, 255] of P into two integers and stores them in CV and CD. That is, CV holds the tens of α while CD holds the units of α. So if α = 243, CV holds 24 and CD holds 3. An obvious drawback of BZ scheme is that it replaces all entries of CV and CD by the portions of intensity values of P. This has an immediate effect on the quality of the final image E. Furthermore, BZ scheme sequentially stores the portions of the intensity values in the two detail matrices. This can be a security issue. In this paper, we remedy these drawbacks by proposing a variant of BZ scheme. 3. Description of the proposed scheme In this section, we present a meaningful image encryption scheme based on a chaotic map. The scheme consists of (i) a preprocessing phase and (ii) an embedding phase that is controlled by a chaotic pseudo-random number generator. The next section provides a description of this generator. 3.1. The pseudo-random number generator The features of 3D chaotic cat maps include excellent randomness, mixing and high sensitive dependence on initial conditions and control parameters. Such features support the use of these maps in a number of chaotic cryptographic and steganographic applications such as [7,10,15,17]. A 3D chaotic cat map is defined by
2. Bao and zhou's scheme
⎛ xi +1⎞ ⎛ xi ⎞ Xi +1 = ⎜⎜ yi +1 ⎟⎟ = A ⎜⎜ yi ⎟⎟ ⎝ zi ⎠ ⎝ zi +1 ⎠
Bao and Zhou's scheme [38] which from now on we refer to as the BZ scheme, consists of two stages: (i) pre-encryption process and (ii) Discrete Wavelet Transform Based Content Transform (DWTCT). The pre-encryption stage encrypts the input image using an existing encryption scheme. We refer to the resulting image as ciphered image. The DWTCT stage embeds the resulting image from the pre-encryption stage into a host image to generate a Visually Meaningful Encrypted Image (VMEI) which cannot be distinguished from the cover image by the naked eye. The embedding process is performed in frequency domain. It uses an invertible integer to integer discrete wavelet transformation [40] to decompose the host image into approximation matrix CA and detail matrices CH, CV and CD. The matrices CA, CH, CV and CD are denoted by the LL, HL, LH and HH sub-bands, respectively, where L= Low-frequency and H=High-frequency. A simple layout of BZ scheme is as follows: Let O and R denote the original plain image and host image, respectively. Let and Q denote the image encryption scheme and its secret key, respectively. Thus, the ciphered image P obtained from the pre-encryption stage is given by
(mod 1), (1)
where
⎛ 1 + a x az b y az a y + a x az + a x a y az b y ⎞ ⎜ ⎟ ⎜ bz + ax by + ax az by bz az bz + 1 a y bz + ax a y az by bz + ax az bz ⎟ A=⎜ ⎟, + ax a y b y + ax ⎜ ⎟ ⎜ ⎟ ax bx by + by bx ax a y bx by + ax bx + a y by + 1⎠ ⎝ (2) and ax , a y , az , bx , by , bz are positive integers [10,15]. In this work, we let ax = a y = az = 1, bx=2 and by = bz = 3. Thus, the map of (1) becomes
⎛ xi +1⎞ ⎛ 4 1 5 ⎞ ⎛ xi ⎞ Xi +1 = ⎜⎜ yi +1 ⎟⎟ = ⎜⎜15 4 19 ⎟⎟ ⎜⎜ yi ⎟⎟ ⎝ zi +1 ⎠ ⎝ 9 2 12 ⎠ ⎝ zi ⎠
(mod 1). (3)
One can easily observe that |A| = 1, and the eigenvalues of A are λ1 = 19.27641509, λ2 = 0.0806929814 and λ3 = 0.6428919346 . Since λ1 > 1, the map of (3) possesses chaotic behavior, and hence preserves chaotic characteristics. Thus, this map can be used as a building block of a permutation algorithm. In this research, we use the map defined in (3), in conjunction with
P = (O, Q). The DWTCT stage, , takes the ciphered image P together with R and the parameter set Kt of DWTCT, which defines the wavelet filter for the DWT, as inputs to generate a final VMEI, E. Thus, E is defined by
Fig. 1. The DWTCT of BZ scheme [38].
197
Optics and Lasers in Engineering 90 (2017) 196–208
A. Kanso, M. Ghebleh
Fig. 2. The PRNG. 2000 2000 sample sequences {xi}i=1 and {yi}i=1 . The Statistical Test Suite (STS) proposed by the National Institute of Standards and Technology (NIST) [41] is among the most used random evaluation packages. To evaluate the randomness properties of sequences generated by the proposed PRNG we generate three sequences of bytes Sx, Sy and Sz as follows: let X ′, Y ′ and Z′ be the 32-bit integer conversion of the sequences X = {x1, x2, …, xr }, Y = {y1, y2, …, yr}, Z = {z1, z2, …, zr } generated by the PRNG, where xi,yi and zi ∈ [0, 1] for 1 ≤ i ≤ r . Here the 32-bit conversion of t ∈ [0, 1] is the number ⌊232t ⌋. Let Sx = {a1, a2, …, a4r }, Sy = {b1, b 2, …, b4r } and Sz = {c1, c2, …, c4r } be the sequences obtained by splitting each entry of X ′, Y ′ and Z′, respectively, to 4 bytes. We subject three sequences Sx,Sy and Sz, of length 108 bits each, to the STS, where each sequence is processed as one hundred 106-bit sequences. As a result, the pass rate for each test turns out to exceed 96%, which is the minimum pass rate [41]. Furthermore, Table 1 presents the P–value of all p–values for each test. Since each P–value >0.0001, the p–values are uniformly distributed in (0, 1) [41]. Thus, the results are very satisfactory. On the basis of these results, we conclude that sequences generated by the PRNG are random-like sequences. Hence, they make a good candidate for shuffling purposes.
z
1
0.5
0 1 1 0.5
0.5 0
y
0
x
Fig. 3. The attractor of the PRNG, for r=10000.
3.2. The proposed scheme VMIES As mentioned earlier, the proposed scheme is composed of a preprocessing phase and an embedding phase. The preprocessing phase provides an extra level of security as its goal is to encrypt the secret image using an existing image encryption scheme such as any of the schemes presented in [17–27]. The embedding phase is performed in frequency domain. It decomposes the host image into an approximation coefficients matrix and three detail coefficients matrices using a 2D LWT with wavelet ‘db1’. A simple layout of the proposed scheme is as follows: Let O and R denote the original secret and host images, respectively. Let and Q denote the image encryption algorithm and its secret key, respectively. Let P be the ciphered image resulting the
1
1
0.9
0.9
0.8
0.8
0.8
0.7
0.7
0.7
0.6
0.6
0.6
0.5
0.5
0.5
z
1 0.9
y
x
some irregularity based on the output of this map, to generate pseudorandom numbers. The algorithm of generating such numbers, which we refer to as PRNG, is described in Fig. 2. Fig. 3 depicts the attractor of the PRNG. Whereas Fig. 4 shows 150 150 times series plots of three sequences {xi}150 i=1, {yi}i=1 and {zi}i=1 generated by the PRNG. From this figure, one can easily observe the irregularity of the aforementioned sequences. The autocorrelation and cross-correlation tests are two important randomness tests. A large number of sequences X , Y and Z have been subjected to these tests. The resulting values are within the acceptable range and do not differ from those obtained when subjecting random sequences into these tests. Thus, we conclude that the sequences generated by the PRNG pass these tests. Fig. 5 depicts the autocorrela2000 tion of a sample sequence {xi}i=1 and the cross-correlation between two
0.4
0.4
0.4
0.3
0.3
0.3
0.2
0.2
0.2
0.1
0.1
0.1
0
0
1
50
i
100
150
1
50
i
100
150
0
1
150 150 Fig. 4. Times series plots of {xi}150 i=1 (left), {yi}i=1 (middle) and {zi}i=1 (right) versus time.
198
50
i
100
150
Optics and Lasers in Engineering 90 (2017) 196–208
1.2
0.08
1
0.06 Sample cross−correlation
Sample autocorrelation
A. Kanso, M. Ghebleh
0.8 0.6 0.4 0.2 0 −500
0.04 0.02 0 −0.02 −0.04 −0.06
−300
−100
100
300
500
−500
−300
−100
Lag
100
300
500
Lag
2000 2000 2000 Fig. 5. The autocorrelation of a sample sequence {xi}i=1 (left) and the cross-correlation between two sample sequences {xi}i=1 and {yi}i=1 .
4. Simulation results
Table 1 STS results for three sequence Sx,Sy and Sz. The entries in the table are the P–values of all p–values of the corresponding tests performed. For each test, the pass rate exceeds 96%, which the minimum pass rate. Statistical test
Sx
Sy
Sz
Frequency Block-Frequency Cumulative-Sums (Forward) Cumulative-Sums (Reverse) Runs Longest-Runs Rank FFT Non-Overlapping-Templates Overlapping-Templates Universal Approximate Entropy Random-Excursions Random-Excursions Variant Serial 1 Serial 2 Linear-Complexity
0.236810 0.153763 0.983453 0.005358 0.249284 0.090936 0.334538 0.401199 0.108791 0.554420 0.816537 0.401199 0.819544 0.788728 0.145326 0.924076 0.383827
0.366918 0.090936 0.455937 0.719747 0.616305 0.883171 0.534146 0.275709 0.202268 0.319084 0.554420 0.129620 0.162606 0.468595 0.964295 0.924076 0.678686
0.554420 0.023545 0.122325 0.798139 0.897763 0.275709 0.816537 0.834308 0.474986 0.319084 0.115387 0.366918 0.779188 0.851383 0.236810 0.657933 0.066882
This section is devoted to show the efficiency and robustness of the proposed scheme. Throughout the paper we use the standard 256×256 Cameraman image as our secret image O. This image is one of the most used images in image processing analysis. In conjunction, with Cameraman, we use a number of images of different sizes as host images. Fig. 7 presents the secret image and the host images. In the simulations, we subject Cameraman to the proposed VMIES and analyze the characteristics of the resulting VMEI. We encrypt the secret image O by the scheme proposed in [18] or [24] to generate a random-like ciphered image P. We then embed P in a host image R to produce a VMEI E. Fig. 8 depicts an illustration of the proposed scheme, where P is generated using the scheme proposed in [18]. We refer to an image E generated by the VMIES in conjunction with the scheme proposed in [18] by VMEI-1. Whereas VMEI-2 refers to an image E generated by the VMIES in conjunction with the scheme proposed in [24]. Fig. 9 depicts a number of VMEIs with different image encryption schemes. It also presents VMEIs without subjecting the secret image to the preprocessing phase of VMIES. Such images are referred to as EVMEIs. Furthermore, to demonstrate the uniform distribution of the modified intensity values within the host image, Fig. 9 presents the absolute difference between each host image and its corresponding EVMEI. The absolute difference between each VMEI and its corresponding host image shows similar behavior as the one presented in Fig. 9 (d), thus we omit them. Furthermore, since the scheme is lossless, the extracted secret images are identical to the original Cameraman, hence we omit them.
preprocessing phase. Thus, P is defined by
P = (O, Q). Let denote the embedding phase of the proposed scheme. takes the ciphered image P together with the host image R and a secret key K as inputs to generate a VMEI, E. Thus, E is given by
E = (P, R, K ). 4.1. Histogram analysis
As the embedding phase consists of (i) decomposing the host image using 2D LWT into an approximation coefficients matrix and detail coefficients matrices, and (ii) embedding the image P into the detail coefficients matrices. Then, one should expect a number of coefficients causing the range of values in the stegoimage to be out of the acceptable range [0, 255]. To remedy this issue, we adjust the intensity levels of image R. In the simulations presented we adjust the range of the image R to [10, 245]. We refer to the resulting image as the host image R′. A detailed description of the transformation is described in Fig. 6. The extracting scheme is straight forward. We shuffle the 1D arrays representing the approximation and three detail coefficients matrices according to the permutations π1, π2 and π3 generated by the PRNG. Then, we extract the embedded bits from the first s coefficients of each array to recover the intensity values of the pre-encrypted image. Having done so, we decrypt the resulting image using the decryption scheme, corresponding to the encryption scheme, to get the secret image. Since LWT is an integer to integer transformation, the extraction scheme is lossless under appropriate adjustment of R.
An image histogram shows the frequency of pixel intensity values within the image. It is well-known that uniform histograms do not provide any useful information. Thus, it is desired to generate ciphered images P with uniform histograms. The schemes proposed in [18,24] generate ciphered images possessing this property. That is, the histograms of the ciphered images P are almost flat. In [42], Zhang and Wang proposed a quantity analysis on the secret key of existing image encryption schemes. They used variances of histograms corresponding to ciphered images to evaluate the uniformity of such images. Following their approach, we generate two ciphered images P1 and P2 of Cameraman using the scheme proposed in [18] with keys Q1 and Q2, respectively, where Q2 is obtained from Q1 by changing one of its entries by 10−14. We then calculate the variances of histograms of P1 and P2. Table 2 reports the results. In this table, we also report the variances of histograms of two ciphered images P3 and P4 of Cameraman generated by the scheme proposed in [24] with keys Q3 and Q4, where Q4 is obtained from Q3 by slightly changing one of its 199
Optics and Lasers in Engineering 90 (2017) 196–208
A. Kanso, M. Ghebleh
Fig. 6. The embedding phase of the proposed scheme.
the preprocessing phase and the embedding phase. Since the key space of the preprocessing phase is simply the key space of the used image encryption scheme we here emphasize on the key space of the embedding phase. This phase has a key consisting of three doubles in (0, 1) namely the initial condition (x 0 , y0 , z 0 ) of the 3D cat map. With the assumption that 64-bit doubles with a computational precision of about 10−14 are used, the key space of the embedding scheme is of size (1014)3 = 10 42 > 2139 . We can also make the control parameters of the 3D cat map as part of the secret key. This results in six more integers. In such case the key of the embedding scheme consists of six positive integers and three doubles in (0, 1). Under the additional assumption that 32-bit integers are used, the key space has size larger that 2235. Both of these key spaces are large enough to render brute-force attacks impractical. The preprocessing phase highly increases the level of security of the scheme. This level depends on the security of the used image encryption scheme. Therefore, if the application is not very sensitive, one can use the proposed scheme without its preprocessing phase.
entries. One can observe that the variances corresponding to the ciphered images are low. Hence, they indicate high uniformity of ciphered images. Furthermore, the close variances of P1 and P2 (P3 and P4) indicate their high uniformity when the keys are varying [42]. Table 2 also presents the variances of histograms of images VMEI-1 and VMEI-2 corresponding to the host images Lena and Mars. It should be noted that the variances of histograms of secret image Cameraman, and the plain images Lena and Mars are 110,973.30, 456,936.96 and 6,847,995.82, respectively. Since the proposed VMIES generates meaningful images, we aim to show that the histograms of the host image R and the stegoimage E (containing the ciphered image P) are similar. Fig. 10 presents the histograms of the (adjusted) host images Lena and Mars with their corresponding VMEI-1 and EVMEI. Furthermore, Fig. 11 depicts two sub-figures, where each sub-figure presents the histograms of each host image and its corresponding VMEI and EVMEI. From these figures, one can easily observe that the histograms of the host images and their corresponding VMEI and EVMEI differ slightly, whereas the histograms of the VMEI and EVMEI are almost identical. In the case of Lena, the change in the histograms is more significant than that of Mars which is due to the fact that the modification affects all entries of the detail coefficients matrices, and hence all the intensity values of Lena. Histograms of VMEI-2 show similar behavior as those presented in Fig. 10 (middle), thus we omit them.
4.3. Computational complexity analysis The execution time for generating VMEIs using the proposed scheme depends on the execution times of preprocessing and embedding phases. Since the preprocessing phase merely depends on the used image encryption scheme, we evaluate the speed of the proposed scheme by computing the execution time of its embedding phase. The running time of the embedding phase depends on the size of the host image and the size of the secret image. It can be observed from Fig. 6
4.2. Key space The key space of the proposed scheme depends on the key spaces of
Fig. 7. The secret image Cameraman followed by standard test images.
200
Optics and Lasers in Engineering 90 (2017) 196–208
A. Kanso, M. Ghebleh
Fig. 8. An illustration of the proposed VMIES.
sizes. The running times reported in Fig. 12 are obtained using MATLAB R2010a on a desktop machine with an Intel ® Core™i72600 processor and 4 GB of memory, running Widows 7 Home Premium.
that all steps except Step 5 are linear in the size 4r of the host image or the size s of the input image. The complexity of sorting the sequences X, Y, Z in Step 5 depends on the sorting algorithm chosen and can be as low as O (r log r ). Hence, the complexity of the entire embedding phase of the proposed algorithm is O (s + r log r ). Fig. 12 (left) presents execution times for embedding in the same host image, ciphered images of various sizes, plotted against size of the ciphered image. Whereas Fig. 12 (right) presents the execution times for embedding a fixed size ciphered image into host images of various
4.4. Classical types of attacks The proposed scheme can be regarded as a mixer of an encryption scheme and a steganographic scheme. There are some important
Fig. 9. (a) VMEIs-1, (b) VMEIs-2, (c) EVMEIs and (d) the difference between each original host image and its corresponding EVMEI.
201
Optics and Lasers in Engineering 90 (2017) 196–208
A. Kanso, M. Ghebleh
As discussed earlier, the preprocessing phase is only intended to add an extra level of security, which depends on the robustness of the utilized image encryption scheme. On the basis of the testing results presented in Fig. 11 and Table 3, it is obvious that the preprocessing phase does not affect the quality of the stegoimage with respect to the host image. A test bank of 100 images of different sizes and different structures has been used to evaluate the quality of stegoimages VMEI and EVMEI generated by the proposed scheme. Each host image of this bank is subjected to VMIES in conjunction with the secret image Camera. Fig. 13 presents the PSNR and SSIM measures between each EVMEI and its corresponding original image. The high quality of these images, reflected from the high PSNR and SSIM measures, with respect to original images can be easily observed. Plots of the PSNR and SSIM measures between VMEI-1/VMEI-2 and their corresponding host images cannot be distinguished from those presented in Fig. 13, thus we omit them.
Table 2 Variances of histograms of ciphered images and stegoimages. Encryption used in preprocessing
Secret key
Variance of ciphered image
Variance of stegoimage Lena
Variance of stegoimage Mars
Scheme of [18]
Q1 Q2
237.56 295.72
441,443.73 441,476.52
6,793,326.58 6,792,333.44
Scheme of [24]
Q3 Q4
236.68 260.18
441,477.85 441,317.91
6,791,102.13 6,791,278.44
cryptanalysis scenarios on encryption schemes such as ciphertext-only scenario, known-plaintext scenario, chosen-plaintext scenario, and chosen-ciphertext scenario [43]. The image encryption scheme used in the preprocessing phase should be robust against these types of attacks. As for the embedding scheme, because of the high sensitivity of the 3D cat map to its secret key as well as the one-way property possessed by this map, which is caused by floating point errors, the inverse computations are impractical. Thus, the proposed scheme is robust against these attacks.
4.6. Data loss In this section, we subject stegoimages EVMEIs and VMEIs-2 to some attacks such as noise and cropping attacks. We then visually observe the quality of the reconstructed secret images with respect to the original secret image. We begin by applying salt and pepper noise with density α to the stegoimages EVMEIs presented in Fig. 9. Fig. 14 depicts the resulting images and the reconstructed secret images after subjecting them to median filter. It can be observed that with high density the reconstructed secret is still readable. However, Fig. 15 shows that for α ≥ 0.2 the quality of reconstructed secret images become very low. Fig. 16 shows the reconstructed secret images resulting from subjecting VMEIs-2 to noise salt and pepper attacks. Due to sensitivity of the decryption scheme [24], a noise density greater than 0.01 leads to very low quality recovered secret images. As for stegoimages VMEIs-
4.5. Quality measures The quality of the stegoimages VMEIs and EVMEIs with respect to the host images Lena and Mars is measured using the two common similarity measures: the peak signal to noise ratio (PSNR) and the structural similarity index (SSIM). Table 3 presents the PSNR and SSIM measures of each stegoimage and its corresponding original image. These measures show the high quality of each stegoimage with respect to its corresponding image, even for Lena where the modification affects every single entry of the three detail coefficients matrices. Furthermore, as one would expect, the larger the size of the host image is, compared to the secret image, the higher the PSNR and SSIM measures are. 3000
3000
2500
2500
2000
2000
1500
1500
1500
1000
1000
1000
500
500
500
3000 2500
2000
0
0
0
0
50
100
150
200
250
0
50
100
150
200
250
0
12000
12000
10000
10000
10000
8000
8000
8000
6000
6000
6000
4000
4000
4000
2000
2000
2000
0
0
0
12000
0
50
100
150
200
250
0
50
100
150
200
250
0
50
100
150
200
250
50
100
150
200
250
Fig. 10. Histograms of host image Lena (top left), its corresponding VMEI-1 (top middle) and EVMEI (top right), and host image Mars (bottom left), its corresponding VMEI-1 (bottom middle) and EVMEI (bottom right).
202
Optics and Lasers in Engineering 90 (2017) 196–208
A. Kanso, M. Ghebleh
3000
12000
2500
10000
2000
8000
1500
6000
1000
4000
500
2000
0
0 0
50
100
150
200
0
250
50
100
150
200
250
Fig. 11. Histograms of all three images, Lena and its corresponding VMEI-1 and EVMEI (left), and Mars and its corresponding VMEI-1 and EVMEI (right). 2
5
4
1.8
Execution times in seconds
Execution times in seconds
1.9
1.7 1.6 1.5 1.4
3
2
1
1.3 1
2
3
4
5
L
6
7
8
9
0
10
1
2
3
4
5
M
6
7
8
9
10
Fig. 12. The execution times in seconds for embedding: ciphered images of size 128L × 128L , for various values of L = 1, 2, …10 , into a host image of size 2560×2560 (left), and a ciphered image of size 256×256 into host images of size 512 M × 512 M , for various values of M = 1, 2, …10 (right).
stegoimage will result in a random-like image. In the rest of this section, we subject stegoimages EVMEIs and VMEIs-2 corresponding to host images Lena and Mars to cropping attacks and then visually observe the quality of the reconstructed secret images. Figs. 17 and 18 present cropped EVMEIs and VMEIs-2, and the reconstructed filtered secret images corresponding to these images. One can easily observe that by cropping a reasonably large region of EVMEIs such as 1/4 of the stegoimages, the quality of the reconstructed secret images is still acceptable. On the other hand, VMEIs-2 are more sensitive to this attack. Simulations demonstrate that cropping 1/16 or more of VMEIs-2 leads to an unrecognizable recovered secret image. This follows from the sensitivity of the decryption phase of the scheme proposed in [24].
Table 3 PSNR and SSIM measures between the stegoimages and host images. Test image
Stegoimage
PSNR
SSIM
Lena
VMEI−1 VMEI−2 EVMEI
40.588854488561 40.573749287487 41.210689537286
0.998747079873 0.998745595739 0.998739349613
VMEI−1 VMEI−2 EVMEI
46.608885476024 46.599350293004 47.117755605000
0.999720788963 0.999720819392 0.999745185506
Mars
1, the encryption and decryption phases of the scheme proposed in [18] are highly sensitive to the input image. Thus, any tiny changes in the 51
1
50 0.9995
SSIM measures
PSNR measures
49
48
47
0.999
0.9985
46 0.998 45
44
0
20
40
60
80
0.9975
100
Images
0
20
40
60
80
Images
Fig. 13. PSNR (left) and SSIM (right) measures between 100 stegoimages EVMEIs and their corresponding original images.
203
100
Optics and Lasers in Engineering 90 (2017) 196–208
A. Kanso, M. Ghebleh
Fig. 14. EVMEIs with added salt and peppers noise of density α (columns 1 and 3) and the secret images extracted from them, respectively (columns 2 and 4).
Fig. 15. EVMEIs with added salt and peppers noise of density α = 0.2 (columns 1 and 3) and the secret images extracted from them, respectively (column 2 and 4).
Fig. 16. VMEIs-2 with added salt and peppers noise of density α (columns 1 and 3) and the secret images extracted from them, respectively (columns 2 and 4).
204
Optics and Lasers in Engineering 90 (2017) 196–208
A. Kanso, M. Ghebleh
Fig. 17. EVMEIs cropped by n × n (columns 1 and 3) and the secret images extracted from them, respectively (columns 2 and 4).
Fig. 18. VMEIs-2 cropped by n × n (columns 1 and 3) and the secret images extracted from them, respectively (columns 2 and 4).
size larger than 2139 (if the secret key consists only of the initial conditions of the 3D cat map). However, if the control parameters are part of the key, the key space is of size >2235. The preprocessing phase increases the level of security of the scheme. This level depends on the security of the used image encryption scheme. (iii) On the basis of the PSNR and SSIM measures and Fig. 9, we conclude that the stegoimages EVMEIs and VMEIs generated by the proposed scheme are of high quality. (iv) The proposed scheme is robust against some attacks such as salt and pepper noise and cropping attacks.
4.7. Summary In this section, we summarize some advantages of the proposed scheme. (i) The proposed scheme permutes the three detail coefficients matrices and then embeds data sequentially into the resulting matrices. As it can be observed from Fig. 9 this leads to spreading the secret image within the host image in a random-like manner. (ii) Without the preprocessing phase, the key space of the scheme is of
205
Optics and Lasers in Engineering 90 (2017) 196–208
A. Kanso, M. Ghebleh
Fig. 19. VMEI-BZ Lena (first), VMEI-BZ Mars (second) the reconstructed image (third) and the difference between the host image Lena and VMEI-BZ Lena (forth).
Fig. 20. PSNR and SSIM measures between one hundred 512×512 stegoimages and their corresponding original images.
Fig. 21. PSNR and SSIM measures between one hundred stegoimages of different sizes and their corresponding original images.
Fig. 22. Filtered secret images obtained from VMEI-BZ with salt and pepper noise with density α. (a), (c) correspond to Lena, and (b), (d) correspond to Mars.
206
Optics and Lasers in Engineering 90 (2017) 196–208
A. Kanso, M. Ghebleh
Fig. 23. Filtered secret images reconstructed from VMEI-BZ cropped Lena (top) and Mars (bottom) by n × n as shown in Fig. 18. Note that the bottom right is obtained by cropping the bottom left of the stegoimage Mars.
sensitivity of the decryption scheme [24], with noise density greater than 0.01 VMEI-BZ stegoimages lead to very low quality recovered secret images. Whereas cropping a region of size 256×256 anywhere of VMEI-BZ Lena results in unrecognizable recovered secret images. However, since Mars is of size 1024×1024 and the secret image Cameraman is of size 256×256, the position of the cropped region highly affects the quality of the reconstructed secret image. This follows from the structure of the embedding stage of BZ scheme. That is, if we crop from the top left quarter region of the stegoimage Mars by 256×256 we get a very low quality image. On the other hand, if we crop a region of any size, say 512×512 outside that the top left quarter, we obtain a high quality reconstructed secret image as it can be seen from Fig. 23 bottom right. Hence, in such case no fair comparison can be made. On the basis of the performed analysis, beside the higher security level of the proposed scheme, we conclude that the aforementioned scheme generates stegoimages of better quality than that of BZ scheme. As for noise and cropping attacks, simulations show that under these attacks, BZ scheme has superiority over the proposed scheme. However, the proposed scheme without the preprocessing phase has superior performance over BZ scheme. This can be observed by comparing Figs. 14 and 22 and 17 and 23.
5. Comparison with existing work In Section 3, it is stated that BZ scheme embeds data sequentially in two detail coefficients matrices namely CV and CD without any sort of permutation. This fact indicates that the scheme is insecure without the pre-encryption stage. In the simulations presented here we use the image encryption scheme proposed in [24] in the pre-encryption stages of the two schemes. Moreover, in their embedding phases we apply a 2D LWT with wavelet ‘db1′, which is one of the most suitable wavelets for both schemes. In this section, we refer to stegoimages of BZ scheme and the proposed scheme by VMEIs-BZ and VMEIs-2, respectively. Fig. 19 depicts the VMEIs-BZ, the recovered secret Cameraman and the absolute difference between the host image Lena and VMEI-BZ Lena. From Fig. 19 one can easily observe the low quality of VMEI-BZ which arises from wiping out the two detail coefficients matrices and replacing their entries by the low values that lie in [0, 9] for CD and in [0, 25] for CV. This also requires further adjusting the original host image as the range [10, 245] does not lead to full recovery of the secret image. In what follows, we investigate the quality of stegoimages of BZ scheme and VMIES. Figs. 20 and 21 depict the PSNR and SSIM measures between two sets of 100 stegoimages each and their corresponding host images. From these figures the high quality of VMEIs-2 over VMEIs-BZ, in terms of the PSNR measures, can be easily observed. As for the SSIM measures, BZ scheme has higher measures for host images of size 512×512. However, for larger images the proposed scheme has superiority over BZ scheme. In the rest of this section, we subject the schemes under comparison to noise and cropping attacks. Fig. 22 depicts the secret images obtained after applying salt and pepper noise to VMEI-BZ Lena and Mars. Whereas Fig. 23 presents the secret images resulting from cropped VMEI-BZ Lena and Mars. As in the case of VMIES, due to
6. Concluding remarks This paper proposes a visually meaningful image encryption scheme based on a single chaotic map. The proposed scheme can be used in conjunction with any image encryption scheme, thus inheriting the security of that scheme. Simulations show that the proposed scheme possesses excellent security properties: it generates high quality stegoimages that show little or no sign of disruption, it offers complete recovery of the embedded secret image, and it is robust 207
Optics and Lasers in Engineering 90 (2017) 196–208
A. Kanso, M. Ghebleh
[17] Ghebleh M, Kanso A, Noura H. An image encryption scheme based on irregularly decimated chaotic maps. Signal Process: Image Commun 2014;29(5):618–27. [18] Kanso A, Ghebleh M. An efficient and robust image encryption scheme for medical applications. Commun Nonlinear Sci Numer Simul 2015;24(1):98–116. [19] Wang X-Y, Yang L, Liu R, Kadir A. A chaotic image encryption algorithm based on perceptron model. Nonlinear Dyn 2010;62(3):615–21. [20] Liu H, Wang X. Color image encryption based on one-time keys and robust chaotic maps. Comput Math Appl 2010;59(10):3320–7. [21] Liu H, Wang X. Color image encryption using spatial bit-level permutation and high-dimension chaotic system. Opt Commun 2011;284(16):3895–903. [22] Liu H, Wang X, et al. Image encryption using DNA complementary rule and chaotic maps. Appl Softw Comput 2012;12(5):1457–66. [23] Liu W, Sun K, Zhu C. A fast image encryption algorithm based on chaotic map. Opt Lasers Eng 2016;84:26–36. [24] Hua Z, Zhou Y, Pun C-M, Chen CP. 2D sine logistic modulation map for image encryption. Inf Sci 2015;297:80–94. [25] Chen J-x, Zhu Z-l, Fu C, Yu H, Zhang L-b. An efficient image encryption scheme using Gray code based permutation approach. Opt Lasers Eng 2015;67:191–204. [26] Wang X, Liu L, Zhang Y. A novel chaotic block image encryption algorithm based on dynamic random growth technique. Opt Lasers Eng 2015;66:10–8. [27] Zhang Y-Q, Wang X-Y. A new image encryption algorithm based on non-adjacent coupled map lattices. Appl Softw Comput 2015;26:10–20. [28] Hassan MAS, Abuhaiba ISI. Image encryption using differential evolution approach in frequency domain arXiv preprint arXiv:1103.5783; 2011. [29] Luo Y, Du M, Liu J. A symmetrical image encryption scheme in wavelet and time domain. Commun Nonlinear Sci Numer Simul 2015;20(2):447–60. [30] Liu Z, Xu L, Liu T, Chen H, Li P, Lin C, et al. Color image encryption by using Arnold transform and color-blend operation in discrete cosine transform domains. Opt Commun 2011;284(1):123–8. [31] Ahmad M, Farooq O. Secure satellite images transmission scheme based on chaos and discrete wavelet transform, in high performance architecture and grid computing. Springer; 2011. p. 257–64. [32] Solak E, Çokal C, Yildiz OT, Biyikoğlu T. Cryptanalysis of Fridrich's chaotic image encryption. Int J Bifurc Chaos 2010;20(05):1405–13. [33] Li C, Chen G. On the security of a class of image encryption schemes. In: Circuits and Systems, 2008. ISCAS 2008. IEEE International Symposium on, pp. 3290– 3293, IEEE, 2008. [34] Wang K, Zou L, Song A, He Z, et al. On the security of 3D cat map based symmetric image encryption scheme. Phys Lett A 2005;343(6):432–9. [35] Çokal C, Solak E. Cryptanalysis of a chaos-based image encryption algorithm. Phys Lett A 2009;373(15):1357–60. [36] Li C, Li S, Asim M, Nunez J, Alvarez G, Chen G. On the security defects of an image encryption scheme. Image Vis Comput 2009;27(9):1371–81. [37] Zhang Y-Q, Wang X-Y. Analysis and improvement of a chaos-based symmetric image encryption scheme using a bit-level permutation. Nonlinear Dyn 2014;77(3):687–98. [38] Bao L, Zhou Y. Image encryption: generating visually meaningful encrypted images. Inf Sci 2015;324:197–207. [39] Sweldens W. The lifting scheme: a construction of second generation wavelets. SIAM J Math Anal 1998;29(2):511–46. [40] Calderbank A, Daubechies I, Sweldens W, Yeo B-L. Wavelet transforms that map integers to integers. Appl Comput Harmon Anal 1998;5(3):332–69. [41] Rukhin A, Soto J, Nechvatal J, Smid M, Barker E, Leigh S, et al. A statistical test suite for random and pseudorandom number generators for cryptographic applications. NIST Special Publication 800-22 Revision 1a, 2010. [42] Zhang Y-Q, Wang X-Y. A symmetric image encryption algorithm based on mixed linear-nonlinear coupled map lattice. Inf Sci 2014;273:329–51. [43] Wang X, Teng L, Qin X. A novel colour image encryption algorithm based on chaos. Signal Process 2012;92(4):1101–8.
against noise and cropping of the stegoimage. Due to the simple nature of the lifting wavelet transform and the 3D cat map, the proposed scheme adds little computational overhead to the encryption process in order to disguise the encrypted data in a cover image. Since bytes of scrambled data are embedded in the host independently, the proposed scheme accommodates parallel processing of the data for increased speed. The proposed scheme may find application in any setting where encrypted data is to be transmitted via a public channel without raising any flags. Although presented as a digital image application in this paper, the proposed scheme can be used on any data type, provided the cover image has enough capacity. Possible directions for future work include further improvement of embedding quality and parallel implementation for handling large media. Acknowledgment The authors are grateful to the anonymous referees whose remarks helped improve the presentation of this work. References [1] Menezes AJ, Van Oorschot PC, Vanstone SA. Handbook of applied cryptography. CRC press, 1996. [2] Daemen J, Rijmen V. The design of Rijndael: AES-The advanced encryption standard. Springer Science & Business Media; 2013. [3] Fridrich J, Goljan M. Digital image steganography using stochastic modulation. In: Electronic Imaging 2003, p. 191–202, International Society for Optics and Photonics, 2003. [4] Chan C-K, Cheng L-M. Hiding data in images by simple LSB substitution. Pattern Recognit 2004;37(3):469–74. [5] Chen P-Y, Lin H-J, et al. A DWT based approach for image steganography. Int J Appl Sci Eng 2006;4(3):275–90. [6] Kanso A. Steganographic algorithm based on a chaotic map. Commun Nonlinear Sci Numer Simul 2012;17(8):3287–302. [7] Ghebleh M, Kanso A. A robust chaotic algorithm for digital image steganography. Commun Nonlinear Sci Numer Simul 2014;19(6):1898–907. [8] Furht B, Kirovski D. Multimedia security handbook. CRC press, 2004. [9] Fridrich J. Symmetric ciphers based on two-dimensional chaotic maps. Int J Bifurc chaos 1998;8(06):1259–84. [10] Chen G, Mao Y, Chui CK. A symmetric image encryption scheme based on 3D chaotic cat maps. Chaos, Solitons Fractals 2004;21(3):749–61. [11] Mao Y, Chen G, Lian S. A novel fast image encryption scheme based on 3D chaotic Baker maps. Int J Bifurc Chaos 2004;14(10):3613–24. [12] Guan Z-H, Huang F, Guan W. Chaos-based image encryption algorithm. Phys Lett A 2005;346(1):153–7. [13] Pareek NK, Patidar V, Sud KK. Image encryption using chaotic logistic map. Image Vis Comput 2006;24(9):926–34. [14] Zhu Z-l, Zhang W, Wong K-w, Yu H. A chaos-based symmetric image encryption scheme using a bit-level permutation. Inf Sci 2011;181(6):1171–86. [15] Kanso A, Ghebleh M. A novel image encryption algorithm based on a 3D chaotic map. Commun Nonlinear Sci Numer Simul 2012;17(7):2943–59. [16] Gu G, Ling J. A fast image encryption method by using chaotic 3D cat maps. OptInt J Light Electron Opt 2014;125(17):4700–5.
208
Contents lists available at ScienceDirect
Optics and Lasers in Engineering journal homepage: www.elsevier.com/locate/optlaseng
An algorithm for encryption of secret images into meaningful images ⁎
A. Kanso , M. Ghebleh
crossmark
Department of Mathematics, Faculty of Science, Kuwait University, P.O. Box 5969, Safat 13060, Kuwait
A R T I C L E I N F O
A BS T RAC T
Keywords: Image Encryption Steganography Chaos Cat Map Lifting Wavelet Transform
Image encryption algorithms typically transform a plain image into a noise-like cipher image, whose appearance is an indication of encrypted content. Bao and Zhou [Image encryption: Generating visually meaningful encrypted images, Information Sciences 324, 2015] propose encrypting the plain image into a visually meaningful cover image. This improves security by masking existence of encrypted content. Following their approach, we propose a lossless visually meaningful image encryption scheme which improves Bao and Zhou's algorithm by making the encrypted content, i.e. distortions to the cover image, more difficult to detect. Empirical results are presented to show high quality of the resulting images and high security of the proposed algorithm. Competence of the proposed scheme is further demonstrated by means of comparison with Bao and Zhou's scheme.
1. Introduction In recent years, cloud and internet-based services have become very popular across the world and many people use these services without even realizing it. This phenomenon emphasizes the importance of confidentiality of online data as a major concern of individuals and organizations, and data protection as a prominent area of research. There are a number of data protection approaches including encryption and steganography. While encryption aims at preventing unauthorized access by scrambling data, steganography's main aim is to hide data in a host/cover object so it is undetectable to an eavesdropper. There exist a number of traditional encryption schemes which are intended for text, such as Triple Data Encryption Standard (3DES), Advanced Encryption Standard (AES) and International Data Encryption Algorithm (IDEA) [1,2]. Existing steganographic schemes include [3– 7]. Digital images and other multimedia formats are essential in a myriad of sensitive applications such as military, business and health care. These applications often require storage and transmission of sensitive data. Numerous leaks of government, business and personal data in recent years highlights the growing need for improved security algorithms. Since traditional encryption algorithms including 3DES, AES and IDEA [1,2] are designed to protect textual data, they are inefficient in protecting digital multimedia content due to their large size. Digital images (and other multimedia content) enjoy intrinsic features such as bulk data capacity and strong correlation between adjacent pixels [8] which invite design of specialized encryption algorithms. Image encryption schemes typically map plain images into ⁎
Corresponding author. E-mail address: [email protected] (A. Kanso).
http://dx.doi.org/10.1016/j.optlaseng.2016.10.009 Received 21 June 2016; Received in revised form 2 October 2016; Accepted 6 October 2016 0143-8166/ © 2016 Elsevier Ltd. All rights reserved.
random-like images [8–10]. In the last two decades, researchers have proposed a number of image encryption schemes based on spatial domain [9,11,10,12–27] and frequency domain [28–31]. Spatial domain approaches act on the pixels of plain image directly. Most existing spatial domain schemes are made up of two phases: shuffling and masking, where the pixel intensity values of the plain image are permuted, masked by a pseudo-random sequence, and sometimes mixed with other pixels to produce a random-like cipher image. On the other hand, in frequency domain approaches, the plain image is mapped into a set of frequency coefficients, using tools such as Fast Fourier Transformation (FFT), Discrete Cosine Transform (DCT) and Discrete Wavelet Transform (DWT). In turn, these coefficients are scrambled and used to produce through the inverse transformation, a random-like cipher image. The aim of either approach is to produce a cipher image that does not reveal any useful information about the plain image. Since most existing encryption schemes generate randomlike cipher images, transmitting such images over public channels raises suspicion. This is due to the fact that cryptanalysts feel that random-like images arise from transformation of important information. Therefore, the interception of random-like images subjects them to possible cryptanalytic attacks. In recent years, a number of cryptanalytic attacks have been suggested and some of the aforementioned image encryption schemes have already been broken or shown to have security flaws [32–37]. To decrease the chance of cryptanalysis, one might be interested in an encryption scheme whose generated cipher images do not appear random. In 2015, Bao and Zhou [38] proposed an encryption scheme that generates meaningful cipher images by encrypting the plain image
Optics and Lasers in Engineering 90 (2017) 196–208
A. Kanso, M. Ghebleh
E = (P, R, Kt ).
with an existing encryption scheme and then embedding the resulting random-like cipher image into a meaningful host image whose transmission over public channels does not raise any suspicion. Following this approach, we propose a lossless Visually Meaningful Image Encryption Scheme (VMIES) which improves Bao and Zhou's scheme. The proposed scheme consists of two phases: (i) preprocessing and (ii) embedding. The preprocessing phase encrypts the input plain image using an existing scheme such as [17–27] to generate a randomlike image. The purpose of this phase is to increase the security level of the proposed scheme. Thus, if the secret image is not highly sensitive, one can omit this phase. The embedding phase, which is the main contribution of this work, is performed in the frequency domain. It decomposes the host image using 2D Lifting Wavelet Transform (LWT) [39] into four sub-bands, namely an approximation matrix and three detail matrices. It then embeds the (scrambled) image resulting from the preprocessing phase into the detail coefficients. Finally, the final stegoimage is generated via the inverse transform. Simulation results show that the proposed scheme generates high quality stegoimages, and that it is robust against a number of security threats. Furthermore, it has superior performance compared to Bao and Zhou's scheme. This paper is organized as follows: Section 2 presents Bao and Zhou's scheme. In Section 3, we provide a detailed description of the proposed scheme. Section 4 evaluates the proposed scheme via numerical simulations. In Section 5, we perform a comparison between the proposed scheme and existing work. Finally, we end the paper with some concluding remarks.
Fig. 1, presents the DWTCT stage of BZ scheme in more details [38]. According to this figure, the DWTCT stage divides each intensity value α in [0, 255] of P into two integers and stores them in CV and CD. That is, CV holds the tens of α while CD holds the units of α. So if α = 243, CV holds 24 and CD holds 3. An obvious drawback of BZ scheme is that it replaces all entries of CV and CD by the portions of intensity values of P. This has an immediate effect on the quality of the final image E. Furthermore, BZ scheme sequentially stores the portions of the intensity values in the two detail matrices. This can be a security issue. In this paper, we remedy these drawbacks by proposing a variant of BZ scheme. 3. Description of the proposed scheme In this section, we present a meaningful image encryption scheme based on a chaotic map. The scheme consists of (i) a preprocessing phase and (ii) an embedding phase that is controlled by a chaotic pseudo-random number generator. The next section provides a description of this generator. 3.1. The pseudo-random number generator The features of 3D chaotic cat maps include excellent randomness, mixing and high sensitive dependence on initial conditions and control parameters. Such features support the use of these maps in a number of chaotic cryptographic and steganographic applications such as [7,10,15,17]. A 3D chaotic cat map is defined by
2. Bao and zhou's scheme
⎛ xi +1⎞ ⎛ xi ⎞ Xi +1 = ⎜⎜ yi +1 ⎟⎟ = A ⎜⎜ yi ⎟⎟ ⎝ zi ⎠ ⎝ zi +1 ⎠
Bao and Zhou's scheme [38] which from now on we refer to as the BZ scheme, consists of two stages: (i) pre-encryption process and (ii) Discrete Wavelet Transform Based Content Transform (DWTCT). The pre-encryption stage encrypts the input image using an existing encryption scheme. We refer to the resulting image as ciphered image. The DWTCT stage embeds the resulting image from the pre-encryption stage into a host image to generate a Visually Meaningful Encrypted Image (VMEI) which cannot be distinguished from the cover image by the naked eye. The embedding process is performed in frequency domain. It uses an invertible integer to integer discrete wavelet transformation [40] to decompose the host image into approximation matrix CA and detail matrices CH, CV and CD. The matrices CA, CH, CV and CD are denoted by the LL, HL, LH and HH sub-bands, respectively, where L= Low-frequency and H=High-frequency. A simple layout of BZ scheme is as follows: Let O and R denote the original plain image and host image, respectively. Let and Q denote the image encryption scheme and its secret key, respectively. Thus, the ciphered image P obtained from the pre-encryption stage is given by
(mod 1), (1)
where
⎛ 1 + a x az b y az a y + a x az + a x a y az b y ⎞ ⎜ ⎟ ⎜ bz + ax by + ax az by bz az bz + 1 a y bz + ax a y az by bz + ax az bz ⎟ A=⎜ ⎟, + ax a y b y + ax ⎜ ⎟ ⎜ ⎟ ax bx by + by bx ax a y bx by + ax bx + a y by + 1⎠ ⎝ (2) and ax , a y , az , bx , by , bz are positive integers [10,15]. In this work, we let ax = a y = az = 1, bx=2 and by = bz = 3. Thus, the map of (1) becomes
⎛ xi +1⎞ ⎛ 4 1 5 ⎞ ⎛ xi ⎞ Xi +1 = ⎜⎜ yi +1 ⎟⎟ = ⎜⎜15 4 19 ⎟⎟ ⎜⎜ yi ⎟⎟ ⎝ zi +1 ⎠ ⎝ 9 2 12 ⎠ ⎝ zi ⎠
(mod 1). (3)
One can easily observe that |A| = 1, and the eigenvalues of A are λ1 = 19.27641509, λ2 = 0.0806929814 and λ3 = 0.6428919346 . Since λ1 > 1, the map of (3) possesses chaotic behavior, and hence preserves chaotic characteristics. Thus, this map can be used as a building block of a permutation algorithm. In this research, we use the map defined in (3), in conjunction with
P = (O, Q). The DWTCT stage, , takes the ciphered image P together with R and the parameter set Kt of DWTCT, which defines the wavelet filter for the DWT, as inputs to generate a final VMEI, E. Thus, E is defined by
Fig. 1. The DWTCT of BZ scheme [38].
197
Optics and Lasers in Engineering 90 (2017) 196–208
A. Kanso, M. Ghebleh
Fig. 2. The PRNG. 2000 2000 sample sequences {xi}i=1 and {yi}i=1 . The Statistical Test Suite (STS) proposed by the National Institute of Standards and Technology (NIST) [41] is among the most used random evaluation packages. To evaluate the randomness properties of sequences generated by the proposed PRNG we generate three sequences of bytes Sx, Sy and Sz as follows: let X ′, Y ′ and Z′ be the 32-bit integer conversion of the sequences X = {x1, x2, …, xr }, Y = {y1, y2, …, yr}, Z = {z1, z2, …, zr } generated by the PRNG, where xi,yi and zi ∈ [0, 1] for 1 ≤ i ≤ r . Here the 32-bit conversion of t ∈ [0, 1] is the number ⌊232t ⌋. Let Sx = {a1, a2, …, a4r }, Sy = {b1, b 2, …, b4r } and Sz = {c1, c2, …, c4r } be the sequences obtained by splitting each entry of X ′, Y ′ and Z′, respectively, to 4 bytes. We subject three sequences Sx,Sy and Sz, of length 108 bits each, to the STS, where each sequence is processed as one hundred 106-bit sequences. As a result, the pass rate for each test turns out to exceed 96%, which is the minimum pass rate [41]. Furthermore, Table 1 presents the P–value of all p–values for each test. Since each P–value >0.0001, the p–values are uniformly distributed in (0, 1) [41]. Thus, the results are very satisfactory. On the basis of these results, we conclude that sequences generated by the PRNG are random-like sequences. Hence, they make a good candidate for shuffling purposes.
z
1
0.5
0 1 1 0.5
0.5 0
y
0
x
Fig. 3. The attractor of the PRNG, for r=10000.
3.2. The proposed scheme VMIES As mentioned earlier, the proposed scheme is composed of a preprocessing phase and an embedding phase. The preprocessing phase provides an extra level of security as its goal is to encrypt the secret image using an existing image encryption scheme such as any of the schemes presented in [17–27]. The embedding phase is performed in frequency domain. It decomposes the host image into an approximation coefficients matrix and three detail coefficients matrices using a 2D LWT with wavelet ‘db1’. A simple layout of the proposed scheme is as follows: Let O and R denote the original secret and host images, respectively. Let and Q denote the image encryption algorithm and its secret key, respectively. Let P be the ciphered image resulting the
1
1
0.9
0.9
0.8
0.8
0.8
0.7
0.7
0.7
0.6
0.6
0.6
0.5
0.5
0.5
z
1 0.9
y
x
some irregularity based on the output of this map, to generate pseudorandom numbers. The algorithm of generating such numbers, which we refer to as PRNG, is described in Fig. 2. Fig. 3 depicts the attractor of the PRNG. Whereas Fig. 4 shows 150 150 times series plots of three sequences {xi}150 i=1, {yi}i=1 and {zi}i=1 generated by the PRNG. From this figure, one can easily observe the irregularity of the aforementioned sequences. The autocorrelation and cross-correlation tests are two important randomness tests. A large number of sequences X , Y and Z have been subjected to these tests. The resulting values are within the acceptable range and do not differ from those obtained when subjecting random sequences into these tests. Thus, we conclude that the sequences generated by the PRNG pass these tests. Fig. 5 depicts the autocorrela2000 tion of a sample sequence {xi}i=1 and the cross-correlation between two
0.4
0.4
0.4
0.3
0.3
0.3
0.2
0.2
0.2
0.1
0.1
0.1
0
0
1
50
i
100
150
1
50
i
100
150
0
1
150 150 Fig. 4. Times series plots of {xi}150 i=1 (left), {yi}i=1 (middle) and {zi}i=1 (right) versus time.
198
50
i
100
150
Optics and Lasers in Engineering 90 (2017) 196–208
1.2
0.08
1
0.06 Sample cross−correlation
Sample autocorrelation
A. Kanso, M. Ghebleh
0.8 0.6 0.4 0.2 0 −500
0.04 0.02 0 −0.02 −0.04 −0.06
−300
−100
100
300
500
−500
−300
−100
Lag
100
300
500
Lag
2000 2000 2000 Fig. 5. The autocorrelation of a sample sequence {xi}i=1 (left) and the cross-correlation between two sample sequences {xi}i=1 and {yi}i=1 .
4. Simulation results
Table 1 STS results for three sequence Sx,Sy and Sz. The entries in the table are the P–values of all p–values of the corresponding tests performed. For each test, the pass rate exceeds 96%, which the minimum pass rate. Statistical test
Sx
Sy
Sz
Frequency Block-Frequency Cumulative-Sums (Forward) Cumulative-Sums (Reverse) Runs Longest-Runs Rank FFT Non-Overlapping-Templates Overlapping-Templates Universal Approximate Entropy Random-Excursions Random-Excursions Variant Serial 1 Serial 2 Linear-Complexity
0.236810 0.153763 0.983453 0.005358 0.249284 0.090936 0.334538 0.401199 0.108791 0.554420 0.816537 0.401199 0.819544 0.788728 0.145326 0.924076 0.383827
0.366918 0.090936 0.455937 0.719747 0.616305 0.883171 0.534146 0.275709 0.202268 0.319084 0.554420 0.129620 0.162606 0.468595 0.964295 0.924076 0.678686
0.554420 0.023545 0.122325 0.798139 0.897763 0.275709 0.816537 0.834308 0.474986 0.319084 0.115387 0.366918 0.779188 0.851383 0.236810 0.657933 0.066882
This section is devoted to show the efficiency and robustness of the proposed scheme. Throughout the paper we use the standard 256×256 Cameraman image as our secret image O. This image is one of the most used images in image processing analysis. In conjunction, with Cameraman, we use a number of images of different sizes as host images. Fig. 7 presents the secret image and the host images. In the simulations, we subject Cameraman to the proposed VMIES and analyze the characteristics of the resulting VMEI. We encrypt the secret image O by the scheme proposed in [18] or [24] to generate a random-like ciphered image P. We then embed P in a host image R to produce a VMEI E. Fig. 8 depicts an illustration of the proposed scheme, where P is generated using the scheme proposed in [18]. We refer to an image E generated by the VMIES in conjunction with the scheme proposed in [18] by VMEI-1. Whereas VMEI-2 refers to an image E generated by the VMIES in conjunction with the scheme proposed in [24]. Fig. 9 depicts a number of VMEIs with different image encryption schemes. It also presents VMEIs without subjecting the secret image to the preprocessing phase of VMIES. Such images are referred to as EVMEIs. Furthermore, to demonstrate the uniform distribution of the modified intensity values within the host image, Fig. 9 presents the absolute difference between each host image and its corresponding EVMEI. The absolute difference between each VMEI and its corresponding host image shows similar behavior as the one presented in Fig. 9 (d), thus we omit them. Furthermore, since the scheme is lossless, the extracted secret images are identical to the original Cameraman, hence we omit them.
preprocessing phase. Thus, P is defined by
P = (O, Q). Let denote the embedding phase of the proposed scheme. takes the ciphered image P together with the host image R and a secret key K as inputs to generate a VMEI, E. Thus, E is given by
E = (P, R, K ). 4.1. Histogram analysis
As the embedding phase consists of (i) decomposing the host image using 2D LWT into an approximation coefficients matrix and detail coefficients matrices, and (ii) embedding the image P into the detail coefficients matrices. Then, one should expect a number of coefficients causing the range of values in the stegoimage to be out of the acceptable range [0, 255]. To remedy this issue, we adjust the intensity levels of image R. In the simulations presented we adjust the range of the image R to [10, 245]. We refer to the resulting image as the host image R′. A detailed description of the transformation is described in Fig. 6. The extracting scheme is straight forward. We shuffle the 1D arrays representing the approximation and three detail coefficients matrices according to the permutations π1, π2 and π3 generated by the PRNG. Then, we extract the embedded bits from the first s coefficients of each array to recover the intensity values of the pre-encrypted image. Having done so, we decrypt the resulting image using the decryption scheme, corresponding to the encryption scheme, to get the secret image. Since LWT is an integer to integer transformation, the extraction scheme is lossless under appropriate adjustment of R.
An image histogram shows the frequency of pixel intensity values within the image. It is well-known that uniform histograms do not provide any useful information. Thus, it is desired to generate ciphered images P with uniform histograms. The schemes proposed in [18,24] generate ciphered images possessing this property. That is, the histograms of the ciphered images P are almost flat. In [42], Zhang and Wang proposed a quantity analysis on the secret key of existing image encryption schemes. They used variances of histograms corresponding to ciphered images to evaluate the uniformity of such images. Following their approach, we generate two ciphered images P1 and P2 of Cameraman using the scheme proposed in [18] with keys Q1 and Q2, respectively, where Q2 is obtained from Q1 by changing one of its entries by 10−14. We then calculate the variances of histograms of P1 and P2. Table 2 reports the results. In this table, we also report the variances of histograms of two ciphered images P3 and P4 of Cameraman generated by the scheme proposed in [24] with keys Q3 and Q4, where Q4 is obtained from Q3 by slightly changing one of its 199
Optics and Lasers in Engineering 90 (2017) 196–208
A. Kanso, M. Ghebleh
Fig. 6. The embedding phase of the proposed scheme.
the preprocessing phase and the embedding phase. Since the key space of the preprocessing phase is simply the key space of the used image encryption scheme we here emphasize on the key space of the embedding phase. This phase has a key consisting of three doubles in (0, 1) namely the initial condition (x 0 , y0 , z 0 ) of the 3D cat map. With the assumption that 64-bit doubles with a computational precision of about 10−14 are used, the key space of the embedding scheme is of size (1014)3 = 10 42 > 2139 . We can also make the control parameters of the 3D cat map as part of the secret key. This results in six more integers. In such case the key of the embedding scheme consists of six positive integers and three doubles in (0, 1). Under the additional assumption that 32-bit integers are used, the key space has size larger that 2235. Both of these key spaces are large enough to render brute-force attacks impractical. The preprocessing phase highly increases the level of security of the scheme. This level depends on the security of the used image encryption scheme. Therefore, if the application is not very sensitive, one can use the proposed scheme without its preprocessing phase.
entries. One can observe that the variances corresponding to the ciphered images are low. Hence, they indicate high uniformity of ciphered images. Furthermore, the close variances of P1 and P2 (P3 and P4) indicate their high uniformity when the keys are varying [42]. Table 2 also presents the variances of histograms of images VMEI-1 and VMEI-2 corresponding to the host images Lena and Mars. It should be noted that the variances of histograms of secret image Cameraman, and the plain images Lena and Mars are 110,973.30, 456,936.96 and 6,847,995.82, respectively. Since the proposed VMIES generates meaningful images, we aim to show that the histograms of the host image R and the stegoimage E (containing the ciphered image P) are similar. Fig. 10 presents the histograms of the (adjusted) host images Lena and Mars with their corresponding VMEI-1 and EVMEI. Furthermore, Fig. 11 depicts two sub-figures, where each sub-figure presents the histograms of each host image and its corresponding VMEI and EVMEI. From these figures, one can easily observe that the histograms of the host images and their corresponding VMEI and EVMEI differ slightly, whereas the histograms of the VMEI and EVMEI are almost identical. In the case of Lena, the change in the histograms is more significant than that of Mars which is due to the fact that the modification affects all entries of the detail coefficients matrices, and hence all the intensity values of Lena. Histograms of VMEI-2 show similar behavior as those presented in Fig. 10 (middle), thus we omit them.
4.3. Computational complexity analysis The execution time for generating VMEIs using the proposed scheme depends on the execution times of preprocessing and embedding phases. Since the preprocessing phase merely depends on the used image encryption scheme, we evaluate the speed of the proposed scheme by computing the execution time of its embedding phase. The running time of the embedding phase depends on the size of the host image and the size of the secret image. It can be observed from Fig. 6
4.2. Key space The key space of the proposed scheme depends on the key spaces of
Fig. 7. The secret image Cameraman followed by standard test images.
200
Optics and Lasers in Engineering 90 (2017) 196–208
A. Kanso, M. Ghebleh
Fig. 8. An illustration of the proposed VMIES.
sizes. The running times reported in Fig. 12 are obtained using MATLAB R2010a on a desktop machine with an Intel ® Core™i72600 processor and 4 GB of memory, running Widows 7 Home Premium.
that all steps except Step 5 are linear in the size 4r of the host image or the size s of the input image. The complexity of sorting the sequences X, Y, Z in Step 5 depends on the sorting algorithm chosen and can be as low as O (r log r ). Hence, the complexity of the entire embedding phase of the proposed algorithm is O (s + r log r ). Fig. 12 (left) presents execution times for embedding in the same host image, ciphered images of various sizes, plotted against size of the ciphered image. Whereas Fig. 12 (right) presents the execution times for embedding a fixed size ciphered image into host images of various
4.4. Classical types of attacks The proposed scheme can be regarded as a mixer of an encryption scheme and a steganographic scheme. There are some important
Fig. 9. (a) VMEIs-1, (b) VMEIs-2, (c) EVMEIs and (d) the difference between each original host image and its corresponding EVMEI.
201
Optics and Lasers in Engineering 90 (2017) 196–208
A. Kanso, M. Ghebleh
As discussed earlier, the preprocessing phase is only intended to add an extra level of security, which depends on the robustness of the utilized image encryption scheme. On the basis of the testing results presented in Fig. 11 and Table 3, it is obvious that the preprocessing phase does not affect the quality of the stegoimage with respect to the host image. A test bank of 100 images of different sizes and different structures has been used to evaluate the quality of stegoimages VMEI and EVMEI generated by the proposed scheme. Each host image of this bank is subjected to VMIES in conjunction with the secret image Camera. Fig. 13 presents the PSNR and SSIM measures between each EVMEI and its corresponding original image. The high quality of these images, reflected from the high PSNR and SSIM measures, with respect to original images can be easily observed. Plots of the PSNR and SSIM measures between VMEI-1/VMEI-2 and their corresponding host images cannot be distinguished from those presented in Fig. 13, thus we omit them.
Table 2 Variances of histograms of ciphered images and stegoimages. Encryption used in preprocessing
Secret key
Variance of ciphered image
Variance of stegoimage Lena
Variance of stegoimage Mars
Scheme of [18]
Q1 Q2
237.56 295.72
441,443.73 441,476.52
6,793,326.58 6,792,333.44
Scheme of [24]
Q3 Q4
236.68 260.18
441,477.85 441,317.91
6,791,102.13 6,791,278.44
cryptanalysis scenarios on encryption schemes such as ciphertext-only scenario, known-plaintext scenario, chosen-plaintext scenario, and chosen-ciphertext scenario [43]. The image encryption scheme used in the preprocessing phase should be robust against these types of attacks. As for the embedding scheme, because of the high sensitivity of the 3D cat map to its secret key as well as the one-way property possessed by this map, which is caused by floating point errors, the inverse computations are impractical. Thus, the proposed scheme is robust against these attacks.
4.6. Data loss In this section, we subject stegoimages EVMEIs and VMEIs-2 to some attacks such as noise and cropping attacks. We then visually observe the quality of the reconstructed secret images with respect to the original secret image. We begin by applying salt and pepper noise with density α to the stegoimages EVMEIs presented in Fig. 9. Fig. 14 depicts the resulting images and the reconstructed secret images after subjecting them to median filter. It can be observed that with high density the reconstructed secret is still readable. However, Fig. 15 shows that for α ≥ 0.2 the quality of reconstructed secret images become very low. Fig. 16 shows the reconstructed secret images resulting from subjecting VMEIs-2 to noise salt and pepper attacks. Due to sensitivity of the decryption scheme [24], a noise density greater than 0.01 leads to very low quality recovered secret images. As for stegoimages VMEIs-
4.5. Quality measures The quality of the stegoimages VMEIs and EVMEIs with respect to the host images Lena and Mars is measured using the two common similarity measures: the peak signal to noise ratio (PSNR) and the structural similarity index (SSIM). Table 3 presents the PSNR and SSIM measures of each stegoimage and its corresponding original image. These measures show the high quality of each stegoimage with respect to its corresponding image, even for Lena where the modification affects every single entry of the three detail coefficients matrices. Furthermore, as one would expect, the larger the size of the host image is, compared to the secret image, the higher the PSNR and SSIM measures are. 3000
3000
2500
2500
2000
2000
1500
1500
1500
1000
1000
1000
500
500
500
3000 2500
2000
0
0
0
0
50
100
150
200
250
0
50
100
150
200
250
0
12000
12000
10000
10000
10000
8000
8000
8000
6000
6000
6000
4000
4000
4000
2000
2000
2000
0
0
0
12000
0
50
100
150
200
250
0
50
100
150
200
250
0
50
100
150
200
250
50
100
150
200
250
Fig. 10. Histograms of host image Lena (top left), its corresponding VMEI-1 (top middle) and EVMEI (top right), and host image Mars (bottom left), its corresponding VMEI-1 (bottom middle) and EVMEI (bottom right).
202
Optics and Lasers in Engineering 90 (2017) 196–208
A. Kanso, M. Ghebleh
3000
12000
2500
10000
2000
8000
1500
6000
1000
4000
500
2000
0
0 0
50
100
150
200
0
250
50
100
150
200
250
Fig. 11. Histograms of all three images, Lena and its corresponding VMEI-1 and EVMEI (left), and Mars and its corresponding VMEI-1 and EVMEI (right). 2
5
4
1.8
Execution times in seconds
Execution times in seconds
1.9
1.7 1.6 1.5 1.4
3
2
1
1.3 1
2
3
4
5
L
6
7
8
9
0
10
1
2
3
4
5
M
6
7
8
9
10
Fig. 12. The execution times in seconds for embedding: ciphered images of size 128L × 128L , for various values of L = 1, 2, …10 , into a host image of size 2560×2560 (left), and a ciphered image of size 256×256 into host images of size 512 M × 512 M , for various values of M = 1, 2, …10 (right).
stegoimage will result in a random-like image. In the rest of this section, we subject stegoimages EVMEIs and VMEIs-2 corresponding to host images Lena and Mars to cropping attacks and then visually observe the quality of the reconstructed secret images. Figs. 17 and 18 present cropped EVMEIs and VMEIs-2, and the reconstructed filtered secret images corresponding to these images. One can easily observe that by cropping a reasonably large region of EVMEIs such as 1/4 of the stegoimages, the quality of the reconstructed secret images is still acceptable. On the other hand, VMEIs-2 are more sensitive to this attack. Simulations demonstrate that cropping 1/16 or more of VMEIs-2 leads to an unrecognizable recovered secret image. This follows from the sensitivity of the decryption phase of the scheme proposed in [24].
Table 3 PSNR and SSIM measures between the stegoimages and host images. Test image
Stegoimage
PSNR
SSIM
Lena
VMEI−1 VMEI−2 EVMEI
40.588854488561 40.573749287487 41.210689537286
0.998747079873 0.998745595739 0.998739349613
VMEI−1 VMEI−2 EVMEI
46.608885476024 46.599350293004 47.117755605000
0.999720788963 0.999720819392 0.999745185506
Mars
1, the encryption and decryption phases of the scheme proposed in [18] are highly sensitive to the input image. Thus, any tiny changes in the 51
1
50 0.9995
SSIM measures
PSNR measures
49
48
47
0.999
0.9985
46 0.998 45
44
0
20
40
60
80
0.9975
100
Images
0
20
40
60
80
Images
Fig. 13. PSNR (left) and SSIM (right) measures between 100 stegoimages EVMEIs and their corresponding original images.
203
100
Optics and Lasers in Engineering 90 (2017) 196–208
A. Kanso, M. Ghebleh
Fig. 14. EVMEIs with added salt and peppers noise of density α (columns 1 and 3) and the secret images extracted from them, respectively (columns 2 and 4).
Fig. 15. EVMEIs with added salt and peppers noise of density α = 0.2 (columns 1 and 3) and the secret images extracted from them, respectively (column 2 and 4).
Fig. 16. VMEIs-2 with added salt and peppers noise of density α (columns 1 and 3) and the secret images extracted from them, respectively (columns 2 and 4).
204
Optics and Lasers in Engineering 90 (2017) 196–208
A. Kanso, M. Ghebleh
Fig. 17. EVMEIs cropped by n × n (columns 1 and 3) and the secret images extracted from them, respectively (columns 2 and 4).
Fig. 18. VMEIs-2 cropped by n × n (columns 1 and 3) and the secret images extracted from them, respectively (columns 2 and 4).
size larger than 2139 (if the secret key consists only of the initial conditions of the 3D cat map). However, if the control parameters are part of the key, the key space is of size >2235. The preprocessing phase increases the level of security of the scheme. This level depends on the security of the used image encryption scheme. (iii) On the basis of the PSNR and SSIM measures and Fig. 9, we conclude that the stegoimages EVMEIs and VMEIs generated by the proposed scheme are of high quality. (iv) The proposed scheme is robust against some attacks such as salt and pepper noise and cropping attacks.
4.7. Summary In this section, we summarize some advantages of the proposed scheme. (i) The proposed scheme permutes the three detail coefficients matrices and then embeds data sequentially into the resulting matrices. As it can be observed from Fig. 9 this leads to spreading the secret image within the host image in a random-like manner. (ii) Without the preprocessing phase, the key space of the scheme is of
205
Optics and Lasers in Engineering 90 (2017) 196–208
A. Kanso, M. Ghebleh
Fig. 19. VMEI-BZ Lena (first), VMEI-BZ Mars (second) the reconstructed image (third) and the difference between the host image Lena and VMEI-BZ Lena (forth).
Fig. 20. PSNR and SSIM measures between one hundred 512×512 stegoimages and their corresponding original images.
Fig. 21. PSNR and SSIM measures between one hundred stegoimages of different sizes and their corresponding original images.
Fig. 22. Filtered secret images obtained from VMEI-BZ with salt and pepper noise with density α. (a), (c) correspond to Lena, and (b), (d) correspond to Mars.
206
Optics and Lasers in Engineering 90 (2017) 196–208
A. Kanso, M. Ghebleh
Fig. 23. Filtered secret images reconstructed from VMEI-BZ cropped Lena (top) and Mars (bottom) by n × n as shown in Fig. 18. Note that the bottom right is obtained by cropping the bottom left of the stegoimage Mars.
sensitivity of the decryption scheme [24], with noise density greater than 0.01 VMEI-BZ stegoimages lead to very low quality recovered secret images. Whereas cropping a region of size 256×256 anywhere of VMEI-BZ Lena results in unrecognizable recovered secret images. However, since Mars is of size 1024×1024 and the secret image Cameraman is of size 256×256, the position of the cropped region highly affects the quality of the reconstructed secret image. This follows from the structure of the embedding stage of BZ scheme. That is, if we crop from the top left quarter region of the stegoimage Mars by 256×256 we get a very low quality image. On the other hand, if we crop a region of any size, say 512×512 outside that the top left quarter, we obtain a high quality reconstructed secret image as it can be seen from Fig. 23 bottom right. Hence, in such case no fair comparison can be made. On the basis of the performed analysis, beside the higher security level of the proposed scheme, we conclude that the aforementioned scheme generates stegoimages of better quality than that of BZ scheme. As for noise and cropping attacks, simulations show that under these attacks, BZ scheme has superiority over the proposed scheme. However, the proposed scheme without the preprocessing phase has superior performance over BZ scheme. This can be observed by comparing Figs. 14 and 22 and 17 and 23.
5. Comparison with existing work In Section 3, it is stated that BZ scheme embeds data sequentially in two detail coefficients matrices namely CV and CD without any sort of permutation. This fact indicates that the scheme is insecure without the pre-encryption stage. In the simulations presented here we use the image encryption scheme proposed in [24] in the pre-encryption stages of the two schemes. Moreover, in their embedding phases we apply a 2D LWT with wavelet ‘db1′, which is one of the most suitable wavelets for both schemes. In this section, we refer to stegoimages of BZ scheme and the proposed scheme by VMEIs-BZ and VMEIs-2, respectively. Fig. 19 depicts the VMEIs-BZ, the recovered secret Cameraman and the absolute difference between the host image Lena and VMEI-BZ Lena. From Fig. 19 one can easily observe the low quality of VMEI-BZ which arises from wiping out the two detail coefficients matrices and replacing their entries by the low values that lie in [0, 9] for CD and in [0, 25] for CV. This also requires further adjusting the original host image as the range [10, 245] does not lead to full recovery of the secret image. In what follows, we investigate the quality of stegoimages of BZ scheme and VMIES. Figs. 20 and 21 depict the PSNR and SSIM measures between two sets of 100 stegoimages each and their corresponding host images. From these figures the high quality of VMEIs-2 over VMEIs-BZ, in terms of the PSNR measures, can be easily observed. As for the SSIM measures, BZ scheme has higher measures for host images of size 512×512. However, for larger images the proposed scheme has superiority over BZ scheme. In the rest of this section, we subject the schemes under comparison to noise and cropping attacks. Fig. 22 depicts the secret images obtained after applying salt and pepper noise to VMEI-BZ Lena and Mars. Whereas Fig. 23 presents the secret images resulting from cropped VMEI-BZ Lena and Mars. As in the case of VMIES, due to
6. Concluding remarks This paper proposes a visually meaningful image encryption scheme based on a single chaotic map. The proposed scheme can be used in conjunction with any image encryption scheme, thus inheriting the security of that scheme. Simulations show that the proposed scheme possesses excellent security properties: it generates high quality stegoimages that show little or no sign of disruption, it offers complete recovery of the embedded secret image, and it is robust 207
Optics and Lasers in Engineering 90 (2017) 196–208
A. Kanso, M. Ghebleh
[17] Ghebleh M, Kanso A, Noura H. An image encryption scheme based on irregularly decimated chaotic maps. Signal Process: Image Commun 2014;29(5):618–27. [18] Kanso A, Ghebleh M. An efficient and robust image encryption scheme for medical applications. Commun Nonlinear Sci Numer Simul 2015;24(1):98–116. [19] Wang X-Y, Yang L, Liu R, Kadir A. A chaotic image encryption algorithm based on perceptron model. Nonlinear Dyn 2010;62(3):615–21. [20] Liu H, Wang X. Color image encryption based on one-time keys and robust chaotic maps. Comput Math Appl 2010;59(10):3320–7. [21] Liu H, Wang X. Color image encryption using spatial bit-level permutation and high-dimension chaotic system. Opt Commun 2011;284(16):3895–903. [22] Liu H, Wang X, et al. Image encryption using DNA complementary rule and chaotic maps. Appl Softw Comput 2012;12(5):1457–66. [23] Liu W, Sun K, Zhu C. A fast image encryption algorithm based on chaotic map. Opt Lasers Eng 2016;84:26–36. [24] Hua Z, Zhou Y, Pun C-M, Chen CP. 2D sine logistic modulation map for image encryption. Inf Sci 2015;297:80–94. [25] Chen J-x, Zhu Z-l, Fu C, Yu H, Zhang L-b. An efficient image encryption scheme using Gray code based permutation approach. Opt Lasers Eng 2015;67:191–204. [26] Wang X, Liu L, Zhang Y. A novel chaotic block image encryption algorithm based on dynamic random growth technique. Opt Lasers Eng 2015;66:10–8. [27] Zhang Y-Q, Wang X-Y. A new image encryption algorithm based on non-adjacent coupled map lattices. Appl Softw Comput 2015;26:10–20. [28] Hassan MAS, Abuhaiba ISI. Image encryption using differential evolution approach in frequency domain arXiv preprint arXiv:1103.5783; 2011. [29] Luo Y, Du M, Liu J. A symmetrical image encryption scheme in wavelet and time domain. Commun Nonlinear Sci Numer Simul 2015;20(2):447–60. [30] Liu Z, Xu L, Liu T, Chen H, Li P, Lin C, et al. Color image encryption by using Arnold transform and color-blend operation in discrete cosine transform domains. Opt Commun 2011;284(1):123–8. [31] Ahmad M, Farooq O. Secure satellite images transmission scheme based on chaos and discrete wavelet transform, in high performance architecture and grid computing. Springer; 2011. p. 257–64. [32] Solak E, Çokal C, Yildiz OT, Biyikoğlu T. Cryptanalysis of Fridrich's chaotic image encryption. Int J Bifurc Chaos 2010;20(05):1405–13. [33] Li C, Chen G. On the security of a class of image encryption schemes. In: Circuits and Systems, 2008. ISCAS 2008. IEEE International Symposium on, pp. 3290– 3293, IEEE, 2008. [34] Wang K, Zou L, Song A, He Z, et al. On the security of 3D cat map based symmetric image encryption scheme. Phys Lett A 2005;343(6):432–9. [35] Çokal C, Solak E. Cryptanalysis of a chaos-based image encryption algorithm. Phys Lett A 2009;373(15):1357–60. [36] Li C, Li S, Asim M, Nunez J, Alvarez G, Chen G. On the security defects of an image encryption scheme. Image Vis Comput 2009;27(9):1371–81. [37] Zhang Y-Q, Wang X-Y. Analysis and improvement of a chaos-based symmetric image encryption scheme using a bit-level permutation. Nonlinear Dyn 2014;77(3):687–98. [38] Bao L, Zhou Y. Image encryption: generating visually meaningful encrypted images. Inf Sci 2015;324:197–207. [39] Sweldens W. The lifting scheme: a construction of second generation wavelets. SIAM J Math Anal 1998;29(2):511–46. [40] Calderbank A, Daubechies I, Sweldens W, Yeo B-L. Wavelet transforms that map integers to integers. Appl Comput Harmon Anal 1998;5(3):332–69. [41] Rukhin A, Soto J, Nechvatal J, Smid M, Barker E, Leigh S, et al. A statistical test suite for random and pseudorandom number generators for cryptographic applications. NIST Special Publication 800-22 Revision 1a, 2010. [42] Zhang Y-Q, Wang X-Y. A symmetric image encryption algorithm based on mixed linear-nonlinear coupled map lattice. Inf Sci 2014;273:329–51. [43] Wang X, Teng L, Qin X. A novel colour image encryption algorithm based on chaos. Signal Process 2012;92(4):1101–8.
against noise and cropping of the stegoimage. Due to the simple nature of the lifting wavelet transform and the 3D cat map, the proposed scheme adds little computational overhead to the encryption process in order to disguise the encrypted data in a cover image. Since bytes of scrambled data are embedded in the host independently, the proposed scheme accommodates parallel processing of the data for increased speed. The proposed scheme may find application in any setting where encrypted data is to be transmitted via a public channel without raising any flags. Although presented as a digital image application in this paper, the proposed scheme can be used on any data type, provided the cover image has enough capacity. Possible directions for future work include further improvement of embedding quality and parallel implementation for handling large media. Acknowledgment The authors are grateful to the anonymous referees whose remarks helped improve the presentation of this work. References [1] Menezes AJ, Van Oorschot PC, Vanstone SA. Handbook of applied cryptography. CRC press, 1996. [2] Daemen J, Rijmen V. The design of Rijndael: AES-The advanced encryption standard. Springer Science & Business Media; 2013. [3] Fridrich J, Goljan M. Digital image steganography using stochastic modulation. In: Electronic Imaging 2003, p. 191–202, International Society for Optics and Photonics, 2003. [4] Chan C-K, Cheng L-M. Hiding data in images by simple LSB substitution. Pattern Recognit 2004;37(3):469–74. [5] Chen P-Y, Lin H-J, et al. A DWT based approach for image steganography. Int J Appl Sci Eng 2006;4(3):275–90. [6] Kanso A. Steganographic algorithm based on a chaotic map. Commun Nonlinear Sci Numer Simul 2012;17(8):3287–302. [7] Ghebleh M, Kanso A. A robust chaotic algorithm for digital image steganography. Commun Nonlinear Sci Numer Simul 2014;19(6):1898–907. [8] Furht B, Kirovski D. Multimedia security handbook. CRC press, 2004. [9] Fridrich J. Symmetric ciphers based on two-dimensional chaotic maps. Int J Bifurc chaos 1998;8(06):1259–84. [10] Chen G, Mao Y, Chui CK. A symmetric image encryption scheme based on 3D chaotic cat maps. Chaos, Solitons Fractals 2004;21(3):749–61. [11] Mao Y, Chen G, Lian S. A novel fast image encryption scheme based on 3D chaotic Baker maps. Int J Bifurc Chaos 2004;14(10):3613–24. [12] Guan Z-H, Huang F, Guan W. Chaos-based image encryption algorithm. Phys Lett A 2005;346(1):153–7. [13] Pareek NK, Patidar V, Sud KK. Image encryption using chaotic logistic map. Image Vis Comput 2006;24(9):926–34. [14] Zhu Z-l, Zhang W, Wong K-w, Yu H. A chaos-based symmetric image encryption scheme using a bit-level permutation. Inf Sci 2011;181(6):1171–86. [15] Kanso A, Ghebleh M. A novel image encryption algorithm based on a 3D chaotic map. Commun Nonlinear Sci Numer Simul 2012;17(7):2943–59. [16] Gu G, Ling J. A fast image encryption method by using chaotic 3D cat maps. OptInt J Light Electron Opt 2014;125(17):4700–5.
208