An asymmetric image cryptosystem based on the adaptive synchronization of an uncertain unified chaotic system and a cellular neural network

An asymmetric image cryptosystem based on the adaptive synchronization of an uncertain unified chaotic system and a cellular neural network

Commun Nonlinear Sci Numer Simulat 18 (2013) 2825–2837 Contents lists available at SciVerse ScienceDirect Commun Nonlinear Sci Numer Simulat journal...
Download PDF
2MB Sizes 1 Downloads 50 Views
Report

Commun Nonlinear Sci Numer Simulat 18 (2013) 2825–2837

Contents lists available at SciVerse ScienceDirect

Commun Nonlinear Sci Numer Simulat journal homepage: www.elsevier.com/locate/cnsns

An asymmetric image cryptosystem based on the adaptive synchronization of an uncertain unified chaotic system and a cellular neural network Chao-Jung Cheng a,⇑, Chi-Bin Cheng b a b

Department of Information Engineering, Kun Shan University, Tainan 710, Taiwan, ROC Department of Information Management, Tamkang University, New Taipei City, Taiwan, ROC

a r t i c l e

i n f o

Article history: Received 8 February 2012 Accepted 15 February 2013 Available online 28 February 2013 Keywords: Asymmetric image cryptosystem Adaptive synchronization Chaotic systems Unified chaotic system Cellular neural networks

a b s t r a c t Chaotic dynamics provide a fast and simple means to create an excellent image cryptosystem, because it is extremely sensitive to initial conditions and system parameters, pseudorandomness, and non-periodicity. However, most chaos-based image encryption schemes are symmetric cryptographic techniques, which have been proven to be more vulnerable, compared to an asymmetric cryptosystem. This paper develops an asymmetric image cryptosystem, based on the adaptive synchronization of two different chaotic systems, namely a unified chaotic system and a cellular neural network. An adaptive controller with parameter update laws is formulated, using the Lyapunov stability theory, to asymptotically synchronize the two chaotic systems. The synchronization controller is embedded in the image cryptosystem and generates a pair of asymmetric keys, for image encryption and decryption. Using numerical simulations, three sets of experiments are conducted to evaluate the feasibility and reliability of the proposed chaos-based image cryptosystem. Ó 2013 Elsevier B.V. All rights reserved.

1. Introduction The prevalence of the Internet and wireless networks enables the interconnection of almost all devices and information systems and thus increases the vulnerability of computer systems and the data transmitted between them. Accordingly, information security has become increasingly important and is a critical issue. In recent years, the rapid growth of broadband communication has increased multimedia transmission over the Internet. In particular, digital images are now used in various applications for personal identification, digital signatures, access control, etc. To ensure security and privacy for digital images on the Internet, image cryptography is essential to thwart malicious attacks from unauthorized parties. Cryptography is the study of the design of secure and fast encryption algorithms and is defined as the process of encrypting information (plain text or plain image) into an unintelligible form (cipher text or cipher image), so that it may be sent over insecure channels or stored in insecure files. An encryption scheme is called a cryptosystem or a cipher. Image encryption schemes have been increasingly studied to address the problems associated with the provision of fast and highly secure image cryptography for the Internet and their transmission through wireless networks [1]. Basically, the requirements for a good encryption algorithm include low correlation between pixels in the cipher image, extremely sensitive encryption keys and a key space that is large enough to protect against brute-force attacks [1–5]. Although a wide variety of traditional data cryptosystems, such as DES, AES and RSA have been proposed, they are not suitable for the encryption of digital images [2,3] because they require intensive computing resources. The performance of these traditional encryption techniques can ⇑ Corresponding author. Tel.: +886 6 2727175x65101; fax: +886 6 2051770. E-mail address: [email protected] (C.-J. Cheng). 1007-5704/$ - see front matter Ó 2013 Elsevier B.V. All rights reserved. http://dx.doi.org/10.1016/j.cnsns.2013.02.011

2826

C.-J. Cheng, C.-B. Cheng / Commun Nonlinear Sci Numer Simulat 18 (2013) 2825–2837

decrease when the image is large. In this regard, chaos-based encryption techniques are considered to be more practicable, because they are faster, more secure, more unpredictable, have lower computational cost, and require less computational power. Moreover, the concept of a chaotic hardware key can be easily implemented with microprocessors or personal computers, which enables the production of fast and cost-effective chaotic cryptosystems more easily than with many traditional ciphers. Since the first chaos-based encryption was proposed by Matthews [4] in 1989, many chaos-based encryption algorithms have been proposed for the spatial domain, e.g., [5–8], or for the frequency domain, e.g., [9,10]. All of these works used chaotic properties, namely the sensitive dependence on initial conditions and system parameters, pseudorandom properties, and non-periodicity. These properties make the chaos-based encryption algorithm an excellent and robust cryptosystem for repelling any statistical attacks. It is difficult to predict or synchronize the unknown chaotic system by analytical methods, without knowing the secret key. A typical chaos-based image cryptosystem consists of a pixel permutation process and a diffusion process. In the permutation process, the position of image pixels is rearranged, while in the diffusion process, the pixel values are sequentially changed, via XOR-like substitution operations, to mask plain images. However, the shuffling phase of the permutation process is time-consuming and not secure if a low dimensional chaotic map is used. For example, the two-dimensional Arnold Cat map may degrade the security of the encryption because of its short periodicity [11–13]. A common characteristic of these chaos-based algorithms is that the keystream in the diffusion process depends on the secret key, which is determined by the initial conditions and the control parameters of a chaotic map. For those cryptosystems that use low dimensional chaotic maps, there is a potential risk that the keystream may be reconstructed via return map methods or neural network methods. Another risk associated with chaos-based image cryptosystems with a permutation-diffusion structure is that the system may be broken if the key is divulged [14,15]. The keystream used to encrypt different plain images is always the same, when the secret key is not changed. The interceptors may take advantage of such a leak and obtain the secret key via a known-plaintext attack or chosen-plaintext attack techniques [16,17]. Depending on the type of key used in the encryption algorithms, cryptosystems are either symmetric or asymmetric. Symmetric encryption, in which the decryption key is identical to the encryption key, is the oldest method in cryptology and is still used today. With respect to the structure of the symmetric cryptosystems, symmetric key ciphers are implemented as either block ciphers or stream ciphers [5–10]. A block cipher is an encryption scheme in which the plain text is broken into blocks of fixed length and is encrypted one block at a time. The block cipher scheme is useful when the amount of data is known in advance (e.g., files, data authentication, or request/response protocols). Block ciphers are memory-intensive, because they must work on massive chunks of data and deal with feedback from previous blocks. The stream cipher encrypts the plain text/image one bit or byte at a time by generating a cryptographic keystream, so it is more suitable when the amount of data is unknown. Stream ciphers are generally faster than block ciphers and have simpler hardware architecture. The main weakness of stream ciphers is that they are susceptible to key security problems. Anyone who knows the secret key can transform the cipher text to plain text [2], so the same key must never be used twice. By contrast, asymmetric cryptosystems, which use different keys for decryption and encryption, are less vulnerable to attacks. However, asymmetric cryptosystems are not without disadvantages. Taking the popular RSA-based algorithm [3] in the asymmetric category for example, when the data amount is enormous, it is extremely difficult to factorize a very large number to obtain a key that is long enough. Furthermore, the throughput of the RSA algorithm is very low when modular exponentiation is computed on thousands of bits (i.e., 1024 bits or higher). With these weaknesses, the RSA algorithm is not suitable for the encryption of an image, which typically contains a great amount of data. The concept of the synchronization of two different chaotic systems is similar to the asymmetric key mechanism. However, traditional methods of synchronization in chaotic systems mainly focus on the synchronization of two identical systems, since Pecora and Carroll [18] first proposed the drive-response synchronization concept. Their idea was to use the output of a given chaotic system (i.e., the drive system) to control a replica of the drive system (i.e., the response system), so that they oscillate in a synchronized manner. A variety of methods for the synchronization of two identical chaotic systems have been developed, e.g., the linear and nonlinear feedback synchronization [19,20], impulsive control [21], adaptive synchronization [22], projective method [23], etc. Commonly used chaotic systems in the above-mentioned approaches include Chua systems, Lorenz systems, Cellular neural networks (CNNs) [24] and uncertain unified chaotic systems [25]. In a previous work [26], the authors proposed the synchronization of a couple of non-identical chaotic systems for secure communication. Computational results demonstrated that the synchronization controller developed was not only resistant to the channel noise, but could also incorporate the noise as part of the encryption key and thus improve the key’s security. Nevertheless, there was a difficulty in choosing an ideal scaling factor for the original message to guarantee that the message was successfully masked by the chaotic signal. This study develops an adaptive synchronization scheme for two non-identical chaotic systems that are used to construct a cryptosystem with a pair of asymmetric keys, in which the XOR operation, instead of the masking process used in the previous method [26], is used in the image encryption process, so the selection of message scaling factor is unnecessary. The keystream for the proposed asymmetric cryptosystem is generated dynamically, using the adaptive synchronization scheme and the time-consuming shuffling phase in the permutation process is abbreviated. The remainder of the paper is organized as follows. Section 2 briefly introduces the two chaotic systems to be synchronized in this study, namely the unified chaotic system and the CNNs. Section 3 presents the adaptive synchronization scheme and its parameter update laws, based on the Lyapunov stability theory. A new asymmetric image cryptosystem, based on the

C.-J. Cheng, C.-B. Cheng / Commun Nonlinear Sci Numer Simulat 18 (2013) 2825–2837

2827

adaptive synchronization of two chaotic systems, is proposed in Section 4. The effectiveness of the proposed cryptosystem is verified by numerical simulations, in Section 5. The cryptanalysis of the proposed scheme is also conducted using security analysis, such as key space analysis, a sensitivity test and statistical analysis. Finally, concluding remarks are given in Section 6.

2. System descriptions A chaotic system is a particular case of nonlinear dynamics that displays complex and unpredictable behavior and possesses certain special features. The synchronization of two different chaotic systems in the presence of uncertain parameters is useful for the construction of an image cryptosystem. Using different chaotic systems as the drive and the response systems in the chaos-based cryptosystem produces a pair of asymmetric keys and reduces the risk from possible attacks. This study proposes an adaptive synchronization scheme for an uncertain unified chaotic system and a cellular neural network; the synchronization controller is embedded in the proposed cryptosystem. The two chaotic systems, the unified chaotic system and the cellular neural network, are introduced in the rest of this section.

2.1. Uncertain unified chaotic systems The unified chaotic system of Lü et al. [25] is a generalization of three chaotic systems, namely the Lorenz [22], the Lü [25] and the Chen [22] chaotic systems. The unified chaotic system is described as follows:

x_ 1 ¼ ð25a þ 10Þðx2  x1 Þ; x_ 2 ¼ ð28  35aÞx1  x1 x3 þ ð29a  1Þx2 ; 8þa x_ 3 ¼ x1 x2  x3 ; 3

ð1Þ

where x(t) = [x1 x2 x3]T are state variables at time t, and a is a system parameter. System (1) is always chaotic for the whole interval, a 2 [0,1] [26]. In particular, System (1) is called the general Lorenz system, when a 2 [0,0.8), and is called the general Chen system, when a 2 [0,8.1). Lorenz and Chen chaotic systems are similar, but not topologically equivalent. The Lü chaotic system is a special case of System (1), with a = 0.8, which bridges the gap between the Lorenz system and the Chen system [25]. It is readily seen that the system parameter a plays an important role in determining the dynamic behavior of the unified chaotic system. The system parameter a is inevitably perturbed by external factors, in practical applications. This could be an advantage when the chaotic system is used as a cryptosystem, because an infinitesimally small change in a will lead to totally different chaotic phenomena and such a property makes the unified chaotic system an ideal candidate for chaosbased image encryption.

2.2. Cellular neural networks Cellular neural networks (CNNs) were first introduced by Chua and Yang [27] in 1988 and have been used to simulate many nonlinear phenomena, such as solitons, spiral waves, DNA chip patterns, etc. The architecture of CNNs composes many interconnected neurons, in which any neuron in the CNN is connected only to its neighbor neurons. The connection weights between neurons are performed by resistance and capacitance elements and implemented by very large-scale integrated (VLSI) electronic circuits. Nevertheless, the finite switching speed of amplifiers and the communication time inevitably induces time delays in the interaction between neurons. Mathematically, CNNs can be described by the following delayed differential equation:

x_ i ðtÞ ¼ ci xi ðtÞ þ

n n X X aij fj ðxj ðtÞÞ þ bij fj ðxj ðt  sj ÞÞ; j¼1

i ¼ 1; . . . ; n;

ð2Þ

j¼1

where n P 2 is the number of neurons in the network, xi denotes the state variable associated with the i-th neuron and cixi(t) is an appropriately behaving function, such that the solution of the model given in (2) remains bounded. In addition, the activation function, fi(x) = (jx + 1j  jx  1j)/2, is smooth and monotone in nature. It describes the manner in which the neurons respond to each other. The feedback matrix, A = (aij)nn, determines the weights of the neuron interconnections within the network, while the delayed feedback matrix, B = (bij)nn, determines the weights of the neuron interconnections within the network with time delay, sj. The delay parameter, sj, or system parameters in A, B (also called CNN templates) enable CNNs to generate various kinds of dynamic behaviors, including chaos. This feature makes CNNs an ideal candidate for a chaos-based cryptosystem.

2828

C.-J. Cheng, C.-B. Cheng / Commun Nonlinear Sci Numer Simulat 18 (2013) 2825–2837

3. Adaptive synchronization of uncertain, unified chaotic systems and CNNs The system parameter, a, of the unified chaotic system and the template of a CNN are both determinants of their system dynamics. Their structural differences and parametric mismatch make the synchronization of the two systems challenging. This section presents an adaptive scheme that synchronizes an uncertain unified chaotic system and a CNN. Let System (1) and System (2), with n = 3, be the drive system and the response system, respectively. The initial condition of the drive system is different from that of the response system. The response system is formulated as follows:

z_ i ðtÞ ¼ ci zi ðtÞ þ

3 3 X X aij fj ðzj ðtÞÞ þ bij fj ðzj ðt  sj ÞÞ þ ui ; j¼1

i ¼ 1; 2; 3;

ð3Þ

j¼1

where zi(t), i = 1, . . . , 3, are state variables at time, t, and ui denotes the external control inputs that are appropriately chosen to synchronize the two systems. Let [c1 c2 c3] = [10 1 8/3] and define ei = zi  xi, i = 1, . . . , 3, as the error state that measures the difference between the drive and the response systems. Assuming that the parameter, a, is exactly known, the error dynamics between Systems (1) and (3) are obtained as follows:

e_ 1 ¼ 10e1  10x2  25aðx2  x1 Þ þ g 1 þ u1 ; e_ 2 ¼ e2  ð28  35aÞx1  29ax2 þ x1 x3 þ g 2 þ u2 ; 8 a e_ 3 ¼  e3 þ x3  x1 x2 þ g 3 þ u3 ; 3 3 where g i ¼

P3

j¼1 aij fj ðzj ðtÞÞ

þ

P3

j¼1 bij fj ðzj ðt

ð4Þ

 sj ÞÞ and ui can be derived from the active control method [28] as:

u1 ¼ 10x2 þ 25aðx2  x1 Þ  g 1 ; u2 ¼ ð28  35aÞx1 þ 29ax2  x1 x3  g 2 ;

a

ð5Þ

u3 ¼  x3 þ x1 x2  g 3 : 3 By substituting (5) into (4), it is possible to determine the eigenvalues of (4) as 10, 1 and 8/3, which implies that the error states, e = [e1 e2 e3]T, will converge to zero as time tends to infinity. The synchronization of the two chaotic systems is thus achieved. Due to the physical limitations of most real-world systems, the parameter, a, is usually unknown and uncertain. This fact implies that the controller (5) may not work well, since its derivation is based on the assumption of a known a. Alternatively, the controller (5) can be modified with an estimate of the parameter, a, to alleviate such a difficulty:

^ ðx2  x1 Þ  g 1 ; u1 ¼ 10x2 þ 25a ^ Þx1 þ 29a ^ x2  x1 x3  g 2 ; u2 ¼ ð28  35a

a^

ð6Þ

u3 ¼  x3 þ x1 x2  g 3 : 3 As a result, the error dynamics become:

^  aÞðx2  x1 Þ; e_ 1 ¼ 10e1 þ 25ða ^  aÞx1 þ 29ða ^  aÞx2 ; e_ 2 ¼ e1  35ða ^a 8 a x3 ; e_ 3 ¼  e3  3 3

ð7Þ

^ is the estimate of a. where a Theorem 1 presents the adaptive synchronization scheme for the uncertain unified chaotic system and the CNN. Theorem 1. For a drive-response architecture consisting of a unified chaotic system with an uncertain system parameter, a, in (1) ^ as: and the CNN in (2), given the control inputs, u(t) = [u1 u2 u3]T by (6) and an update law of a

1 3

a^_ ¼ 25e1 ðx1  x2 Þ þ e2 ð35x1  29x2 Þ þ e3 x3 ;

ð8Þ

the trajectory of the error dynamics in System (7) converges to zero, asymptotically. Proof. Consider a Lyapunov function of the form:



1 T 1 2 ~ ; e eþ a 2 2

ð9Þ

~ ¼aa ^ . Computing the derivative of V along the solutions of System (7), using the controller (6) with the parameter where a update law (8), gives

C.-J. Cheng, C.-B. Cheng / Commun Nonlinear Sci Numer Simulat 18 (2013) 2825–2837

8 ^_ Þ ¼ eT e_ þ ða  a ^ Þða ^_ Þ ¼ 10e21  e22  e23 6 0: ~ ða V_ ¼ eT e_ þ a 3

2829

ð10Þ

_ According to the Lyapunov stability theory, the inequality, VðtÞ < 0, indicates that V(t) converges to zero and is bounded for ^ ðtÞ 2 L1 . Inequality (10) also implies all time, i.e., V 2 L1. From the definition of V(t) in (9), it is implied that e(t) 2 L1 and a that the square of e(t) can be integrated, i.e., e(t) 2 L2. Furthermore, since e(t) 2 L1 \ L2 and e˙(t) 2 L1, it is readily seen that e(t) ? 0 as t ? 1, by Babalat’s lemma [29]. Consequently, Systems (1) and (2) are globally asymptotically synchronized. This completes the proof. h

4. Asymmetric image cryptosystem The encryption of an image using the traditional chaos-based image cryptosystem generally consists of two phases, as shown in Fig. 1. In the first phase, the pixel positions of the original image are permuted by the chaotic system and, in the second phase, the grey scale values of the permuted image are encrypted by XOR or mod operators in the diffusion process. The disadvantages of this type of cryptosystem are that the shuffling phase of the permutation process is time-consuming and that the cryptosystem may be deciphered, because of low dimensional chaos, with short periodicity. Besides, the symmetric key used in the diffusion process is vulnerable to attack, since the generation of a keystream is closely related to the secret key. In order to improve the efficiency and security of image encryption, this study proposes an adaptive chaotic image cryptosystem with a pair of asymmetric keys, as depicted in Fig. 2. In this cryptosystem, the synchronization of the uncertain unified chaotic system and the CNN, with initial states [x1(0) x2(0) x3(0)]T and, [z1(0) z2(0) z3(0)]T, respectively, is achieved by the adaptive controller (6), using the parameter update law (8) at time, ts. The steps for the encryption algorithm in the proposed cryptosystem are described as follows Step 1. Image pixels sequence The pixels of the original image with a size of M  N are arranged in a sequence, from left to right and top to bottom, to form a decimal set, S = {S1,S2, . . . , SMN}. Step 2. Initialization The synchronization begins with the initial states, [x1(0) x2(0) x3(0)]T and [z1(0) z2(0) z3(0)]T, for the uncertain unified chaotic system and the CNN respectively, and is achieved at time, ts. ~e ¼ fx ð0Þ; x ð0Þ; x ð0Þ; a; tc g as the encryption key, where is the system parameter in System (1) Step 3. Use the tuple k 1

2

3

and tc P ts. Step 4. Keystream generation After tc, iteratively execute System (1) for another M  N/3 times to obtain the encryption keystream, ke: Step 4.1 For k = 1 to M  N/3 For i = 1 to 3 T3(k1)+i = abs(xik)  floor(abs(xik)) Next i Next k Step 4.2 T = {T1,T2, . . . , T3(k1)+i, . . . , TMN}, k = 1,2, . . . , M  N/3, i = 1,2,3, and K = round (mod (T  1012,256)) Step 4.3 Obtain the encryption keystream by ke = de2bi(K) Step 5. Encryption C3(k1)+i = de2bi(S3(k1)+i)  ke, k = 1,2, . . . , M  N/3, i = 1,2,3, where the operator  conducts the XOR operation, bit by bit, and obtain the cipher set C = {C1,C2, . . . , C3(k1)+i, . . . , CMN} Step 6. Transform the cipher set, C, into its decimal expression, D = {D1,D2, . . . , D3(k1)+i, . . . , DMN}, where D3(k1)+i = bi2de(C3(k1)+i), in which bi2de( ) is a binary to decimal conversion function. Step 7. Ciphered image formation The decimal set, D, is re-arranged from left to right and top to bottom to obtain a two-dimensional ciphered image of a size of M  N. In Step 4 of the encryption algorithm, a keystream with a length equal to the number of pixels of the image is generated. The keystream is generated according to the three state variables at each iteration, for Steps 4.1–4.3. In Step 4.1, the state variables are transformed, where xik is the value of the state variable, xi, of System (1) at the k-th iteration and the two operators, abs(p) is the absolute value of p and floor(p) rounds p to the nearest integer less than or equal to p. Since there are three state variables in the system, System (1) must be repeated for only M  N/3 times to obtain the required keystream length. Step 4.2 further transforms the results from Step 4.1, where the two operators, mod (p, q), return the remainder of the division, p/q, and round (p) rounds p to the nearest integer. Finally, in Step 4.3, the transformed value, K, is converted to its equivalent binary value by the function, de2bi( ). The above cipher can be used to encrypt both color and grey-scale images. For a color image, it can be decomposed into RG-B components and then each component is encrypted separately, using the above encryption algorithm. The three encrypted components are then concatenated together to form the ciphered color image.

2830

C.-J. Cheng, C.-B. Cheng / Commun Nonlinear Sci Numer Simulat 18 (2013) 2825–2837

Fig. 1. A general chaos-based cryptosystem with a symmetric key.

Fig. 2. The proposed adaptive chaotic image cryptosystem with asymmetric keys.

Table 1 Parameter settings for all experiments. Drive system (cipher system)

Response system (decrypted system)

State variables Initial state values System parameters

[x1 x2 x3]T [1 1 2]T a = 0.8

Initial estimate Delay parameter Time to collect keystream Encryption key

a^ ð0Þ ¼ 0

[z1 z2 z3]T [  1 2 1]T 2 1:25 3:2 A ¼ 4 3:2 1:1 3:2 4:4 – s=0 At tc = 12 sec –

Decryption key

– ~ ¼ f1; 1; 2; 0:8; 12g k e –

3 3:2 4:4 5; B ¼ 0 1

~ ¼ f1; 2; 1; w ; 0; 1; 2g, where k d

w⁄ = 1.25,  3.2,  3.2,  3.2,1.1,  4.4,  3.2,4.4,1 Incorrect keys

Initial values

~ ¼ f1; 2; 1; wi 0; 12g, where wi = 1,  3.2,  3.2,  3.2,1,  4.4,  3.2,4.4,1.1 k d

tc

~e ¼ f1; 1; 2; 0; 12g k –

~ ¼ f1; 2; 1; w ; 0; 13g k d

Initial values



~ ¼ f1 þ e; 2 þ e; 1 þ e; w ; 0; 12g, where e = 1010 k d

CNNs template



~ ¼ f1; 2; 1; w ; 0; 12g; where ws = w⁄ + 1010 k d

s



tc



~ ¼ f1; 2; 1; w ; 0:01; 12g k d ~ ¼ f1; 2; 1; w ; 0; 12:001g k d

a Key sensitivity test



~e ¼ f0:5; 0:5; 0:5; 0:8; 12g k –

CNNs template



2831

C.-J. Cheng, C.-B. Cheng / Commun Nonlinear Sci Numer Simulat 18 (2013) 2825–2837

The decryption algorithm is the reverse of the encryption algorithm, except that the recovered image is obtained by S0 3(k1)+i = bi2de(C3(k1)+i  kd), in which the decryption keystream, kd, is obtained from the state variables of the response system, i.e., System (3). The steps for the decryption algorithm are as follows. ~ ¼ fz ð0Þ; z ð0Þ; z ð0Þ; w; s; tc g, as the decryption key Step 1. Use the tuple, k 1 2 3 d Step 2. Keystream generation After tc, iteratively execute System (3) for another M  N/3 times to obtain the encryption keystream, kd: Step 2.1 For k = 1 to M  N/3 For i = 1 to 3 T3(k1)+i = abs(zik)  floor(abs(zik)) Next i Next k Step 2.2 T = {T1,T2, . . . , T3(k1)+i, . . . , TMN}, k = 1,2, . . . , M  N/3, i = 1,2,3, and K = round (mod (T  1012,256)) Step 2.3 obtain the encryption keystream by kd = de2bi(K) Step 3. Decryption b ; ¼ bi2deðC  k Þ; k ¼ 1; 2; . . . ; M  N=3; i ¼ 1; 2; 3; S 3ðk1Þþi

3ðk1Þþi

d

where the operator  conducts the XOR operation, bit by bit, obtain the decrypted set, b S2; . . . ; b S 3ðk1Þþi ; . . . ; b S MN g. S ¼ fb S1 ; b Step 4. Image recovery The decrypted set b S is re-arranged from left to right and top to bottom, to obtain the plain image.

Synchronization errors 1.5

(a)

(c)

e1 e2 e3

1

0.5

0

-0.5

-1

-1.5

-2

0

1

2

3

4

5

6

7

8

9

10

time(sec) Estimated system parameter 1.6

(b)

the estimated value of

(d)

1.4 1.2 1 0.8 0.6 0.4 0.2 0

0

1

2

3

4

5

6

7

8

9

10

time(sec) Fig. 3. Adaptive synchronization of two different chaotic systems: (a) the unified chaotic system, (b) CNN, (c) synchronization errors, (d) estimation of system parameter, a.

2832

C.-J. Cheng, C.-B. Cheng / Commun Nonlinear Sci Numer Simulat 18 (2013) 2825–2837

~ ¼ fz1 ð0Þ; z2 ð0Þ; z3 ð0Þ; w; s; t c g, is sent to the receiver via a seIn Step 1 of the decryption algorithm, the decryption key, k d cret channel or the RSA algorithm and in the key, w, is a CNN template and s is a delay parameter. The procedure for decryption keystream generation in Step 2 is the same as the encryption keystream generation in the encryption algorithm, except that the state variable, zik (i.e., the value of the state variable, zi, at the k-th iteration), of System (3) is used instead. 5. Numerical simulations Three sets of experiments, using numerical simulations, are conducted in this section to demonstrate the proposed adaptive synchronization scheme and to evaluate the performance of the proposed asymmetric image cryptosystem. They are: (i) demonstration of the effectiveness of the proposed adaptive synchronization scheme, (ii) the performance evaluation of the proposed asymmetric image cryptosystem and (iii) the cryptanalysis of the proposed scheme, such as key space analysis, sensitivity test and statistical analysis. Table 1 lists the parameter settings for all of the simulations. The unified chaotic system with uncertainty, i.e., System (1), is the drive system. The response system is designed as follows:

32 2 3 02 3 2 3 31 x1 ðtÞ 1:25 3:2 3:2 10 0 0 x_ 1 f1 ðx1 ðtÞÞ 76 6 7 B6 7 6 6_ 7 7C 0 5  @4 x2 ðtÞ 5  4 3:2 1:1 4:4 54 f2 ðx2 ðtÞÞ 5A: 4 x2 5 ¼ 4 0 1 3:2 4:4 1 0 0 8=3 x3 ðtÞ f3 ðx3 ðtÞÞ x_ 3 2

ð11Þ

The initial states of the drive and response systems are [1 1 2]T and, [1 2 1]T respectively. Suppose a = 0.8 in System (1) is ^ ð0Þ ¼ 0. the true value of the unknown system parameter and the initial estimate of the system parameter is set as zero, i.e., a All the simulations were performed using MATLAB software and the fourth-order Runge–Kutta numerical analytical method, with a fixed step size of 0.001, to solve the differential equations of Systems (1) and (3). 5.1. Experiment 1 This experiment demonstrates that a cryptosystem with a pair of asymmetric keys can be created via the adaptive synchronization of an uncertain unified chaotic system and a CNN. The drive-response architecture with the uncertain system parameter, a, in System (1) and the adaptive controller (6) with the parameter update law (8) are simulated by MATLAB. The

Fig. 4. Results for the proposed image cryptosystem: (a) plain image of Lena, (b) cipher image, (c) decrypted image.

2833

C.-J. Cheng, C.-B. Cheng / Commun Nonlinear Sci Numer Simulat 18 (2013) 2825–2837

two chaotic systems are considered to be synchronized when the trajectory of the error dynamics in System (7) converges to zero asymptotically. The results of the simulation are shown in Fig. 3, where Fig. 3(a) and (b) depict System (1) with a = 0.8 and System (3) with s = 0, respectively. Fig. 3(c) shows that the synchronization errors (e1, e2 and e3) of the three state variables converge to zero, using the adaptive controller (6) with the parameter update law (8). Fig. 3(d) illustrates the convergence of the esti^ . These results indicate the convergence of the proposed synchronization scheme, and its robustmated system parameter, a ness in the face of system uncertainties. 5.2. Experiment 2 This experiment evaluates the performance of the proposed asymmetric cryptosystem by conducting the encryption and the decryption operations on a plain image of Lena (256 grey-scale and size of 255  255). The reliability of the cryptosystem is also tested with simulated attacks. The synchronization of the uncertain unified chaotic system and the CNN performed in Experiment 1 is employed for this encryption/decryption experiment. The synchronization is achieved at time, ts, and the cryptosystem starts to generate the encryption keystream, ke, and the decryption keystream, kd, from the state variables, after time tc = 12 s (tc P ts), as described in the encryption and the decryption algorithm in Section 4. Following the steps of the encryption algorithm and the decryption algorithm, the image is encrypted and then decrypted and the results are shown in Figs. 4–6. Fig. 4(a) is the original plain image of Lena and the cipher and the decrypted images using the cryptosystem are shown in Fig. 4(b) and (c), respectively. The histograms of the grey-scale distributions of the plain, the cipher and the decrypted images are presented in Fig. 5(a), (b) and (c), respectively. From these, it can be seen that the distribution of the histograms for the cipher image is quite different from that of the plain image and is nearly uniformly distributed with a random property. This result indicates that the plain image is well encrypted. In the traditional chaos-based image cryptosystem, the shuffling phase required for the pixel permutation process is time-consuming. Gao and Chen [12] pointed out that the bigger the image is, the greater the time complexity of the image-shuffling algorithm, as shown in Table 2 [12]. The shuffling process is not required by this cryptosystem, since the

Histogram

Histogram 350

(a)

700

(b)

300

600 250

Distribution

400 300

200 150

200

100

100

50

0

0

Grey values

0

50

100

Grey values

150

200

250

0

50

100

150

Histogram

(c)

700 600 500

Distribution

Distribution

500

400 300 200 100 0

Grey values

0

50

100

150

200

250

Fig. 5. Histograms of the grey scale distribution: (a) plain image, (b) cipher image, (c) decrypted image.

200

250

C.-J. Cheng, C.-B. Cheng / Commun Nonlinear Sci Numer Simulat 18 (2013) 2825–2837

Histogram

(a)

(c)

Distribution

350

Histogram 350

300

300

250

250

Distribution

2834

200

150

200

150

100

100

50

50

0

0

Grey values 0

(b)

100

Grey values

200

0

300

250

250

Distribution

Distribution

350

300

200

150

200

Histogram

(d)

Histogram 350

100

200

150

100

100

50

50

0

0

Grey values

Grey values 0

100

0

200

100

200

Fig. 6. Decryption attempts using incorrect keys: (a) incorrect initial values, (b) incorrect CNN template, (c) incorrect system parameter, a, (d) incorrect tc.

Table 2 Time complexity of the image-shuffling algorithm [12]. Size of the image

The average number of iterations needed to accomplish a row transformation

32  32 64  64 128  128 256  256

80 300 520 1600

~e , and the decryption key, k ~ , are obtained from system state variables and their keystreams are dynamically encryption key, k d generated based on the values of state variables at different times. This experiment also evaluates the reliability of the cryptosystem under attack. Incorrect decryption keys were used which only slightly deviated (i.e., 1010) from the correct one to make decryption attempts. Fig. 6(a)–(d) show the decryption attempts using different incorrect keys. Fig. 6(a) is the key with incorrect initial values, Fig. 6(b) has an incorrect CNNs template, Fig. 6(c) has an incorrect system parameter, a, and Fig. 6(d) has an incorrect tc. It is seen from Fig. 6 that all of these decryption attempts failed. This result demonstrates the feasibility and effectiveness of the proposed cryptosystem. 5.3. Experiment 3 The encryption scheme of a good cryptosystem must be sensitive to the secret decryption key only and its key space must be large enough to resist any brute-force attack. NPCR (number of pixels change rate) and UACI (unified average changing

C.-J. Cheng, C.-B. Cheng / Commun Nonlinear Sci Numer Simulat 18 (2013) 2825–2837

2835

intensity) [5,16,30] are two commonly used measures for such a sensitivity analysis. NPCR measures the sensitivity of an encryption by computing the pixels change rate for the cipher image, when one pixel of the plain-image is changed. Consider two cipher images, R1 and R2, with the same size, M  N, and let the grey-scale values of the pixels at the same positions (i,j) of R1 and R2 be denoted as R1(i,j) and R2(i,j), respectively. The NPCR of these two images is defined as follows:

P NPCR ¼

i;j dði; jÞ

MN

 100%;

ð12Þ

where d(i,j) = 1 if R1(i,j) – R2(i,j), otherwise d(i,j) = 0. UACI measures the average intensity of the differences between two cipher images:

UACI ¼

1 X jR1 ði; jÞ  R2 ði; jÞ  100%: M  N i;j 255

ð13Þ

Sensitivity tests of the proposed encryption scheme were performed by sequentially changing the values of the elements in ~ ¼ fz1 ð0Þ; z2 ð0Þ; z3 ð0Þ; w; s; tc g. These changes were infinitesimal, i.e., 1010. The image of Lena (256 the decryption key, k d grey-scale and size of 255  255) was again used as the test subject for this experiment. The resulting NPCR and UACI from these changes are illustrated in Fig. 7, where Fig. 7(a) shows the change in the initial condition, z1(0), z2(0), and z3(0), Fig. 7(b) shows the CNN template, Fig. 7(c) shows the delay parameter, s, and Fig. 7(d) shows tc. It is seen that even with an infinitesimally small change in the decryption key, the grey-scale of more than 99.50% of pixels in the decrypted images are changed, which implies that a slightly incorrect decryption key produces a totally different decrypted image. As for the UACI measure, all of the resulting values are greater than 33.39%, which is about the same as the best results (around 33.33%) reported in literature, e.g., [5,16,30]. This result indicates that an infinitesimal change in the decryption key can change the average intensity of the differences between two decrypted images a great deal. The high sensitivity of the proposed cryptosystem also renders a vast key space. Key space is the total number of different keys that can be used in the cryptosystem. For this cryptosystem, with a precision of 1010 in the decryption key, the key space can be as large as 10120 by varying the values of the three initial variables and the nine parameters in the CNN template. The key space can be expanded even more when the delay parameter, s, and the time, tc, are also considered. Such an immense key space provides a sufficient capability to resist brute-force attacks. It is desirable that the data in the encrypted image is of a totally random and uncorrelated nature so that attackers are unable to obtain the keystream by known-plaintext attacks and chosen-plaintext attacks [16,17]. To measure the randomness of the data in the encrypted image, a correlation coefficient, which indicates the relationship between the grey-scale values of two adjacent pixels, x and y, in the image, is computed using Eq. (14) [1,5,30]:

covðx; yÞ rxy ¼ pffiffiffiffiffiffiffiffiffiffipffiffiffiffiffiffiffiffiffiffi ; v ðxÞ v ðyÞ

ð14Þ

where rxy is the correlation coefficient of two adjacent pixels, x and y. 4096 pairs of two adjacent pixels in the vertical, horizontal and diagonal directions were randomly selected from the plain and the cipher images respectively, and their corre-

(a) NPCR=99.61%;UACI=33.55% (b)

(c)

NPCR=99.54% UACI=33.42%

NPCR=99.62% UACI=33.40%

(d) NPCR=99.59% UACI=33.39%

Fig. 7. Decryption key sensitivity tests: (a) initial values, (b) CNN template, (c) delay parameter, s, (d) tc.

2836

C.-J. Cheng, C.-B. Cheng / Commun Nonlinear Sci Numer Simulat 18 (2013) 2825–2837

lation coefficients were computed. The results are presented in Table 3 and Fig. 8, which demonstrate that the correlations between adjacent pixels of the cipher image are apparently much lower than that of the plain image. The randomness of the data in the encrypted image can also be measured by its entropy [1,30]:

HðmÞ ¼

Q 1 X pðmi Þlog2 i¼0

1 ; pðmi Þ

ð15Þ

where Q is the total number of symbols, mi and p(mi) denotes the probability of symbols, mi. For a true random source emitting Q = 2q symbols, its entropy equals q. Taking a 256 grey-scale image as an example, each pixel has 28 possible values, so the entropy of a truly random image ought to be 8. In this experiment, the entropy of the cipher image of the Lena plain image (256 grey-scale of size 255  255) is 7.9765, which is very close to the perfect value (i.e., 8). This result implies that the cipher image using the proposed cryptosystem is close to a random source and that the probability of information leakage in the encryption process is negligible. In other words, the proposed cryptosystem is secure against entropy attacks.

Table 3 Correlation coefficients of two adjacent pixels for the plain image and the cipher image.

Horizontal Vertical Diagonal

(a)

Plain image

Cipher image

0.9520 0.9536 0.9254

0.0079 0.0098 0.0092

Correlation of pixels in the plain image

Grey values on location (x,y+1)

250

200

150

100

50

0 0

50

100

150

200

250

Grey values on location (x,y)

(b)

Correlation of pixels in the ciphered image

Grey values on location (x,y+1)

250

200

150

100

50

0 0

50

100

150

200

250

Grey values on location (x,y) Fig. 8. Correlation of two horizontally adjacent pixels: (a) plain image, (b) cipher image.

C.-J. Cheng, C.-B. Cheng / Commun Nonlinear Sci Numer Simulat 18 (2013) 2825–2837

2837

6. Concluding remarks The chaos-based encryption is based on chaotic properties, such as deterministic dynamics, unpredictable behavior and non-linear transformation. These properties make chaotic systems an excellent tool for constructing a cryptosystem. However, many previous chaos-based image encryption schemes were symmetric cryptographic techniques and are proven to be more vulnerable than an asymmetric cryptosystem. In this paper, an image cryptosystem with a pair of asymmetric keys was developed using the adaptive synchronization of two different chaotic systems. Based on the Lyapunov stability theory, the adaptive controller with its parameter update law was formulated to synchronize an uncertain unified chaotic system and a CNN. The synchronization controller was then embedded in the proposed cryptosystem, in which the cipher image is decrypted by an asymmetric decryption key. Three sets of experiments were conducted, using numerical simulation, to evaluate the performance of the proposed cryptosystem. Performance assessments included the effectiveness of the proposed adaptive synchronization scheme, the performance of the proposed asymmetric image cryptosystem and cryptanalysis, including key space analysis, a sensitivity test and statistical analysis. The theoretical and numerical results demonstrated the feasibility and superiority of the proposed chaos-based asymmetric image cryptosystem over the typical symmetric image cryptosystems. Acknowledgment This research was supported by the National Science Council, Republic of China, under Grants No. NSC 98-2221-E-168038 and NSC 100-2221-E-168-012 References [1] Sathyanarayana S, Kumar M, Bhat K. Symmetric key image encryption scheme with key sequences derived from random sequence of cyclic elliptic curve points. Int J Network Security 2011;12(3):137–50. [2] Zeghid M, Machhout M, Khriji L, Baganne A, Tourki R. A modified AES based algorithm for image encryption. Proc World Acad Sci Eng Technol 2007;21:206–11. [3] Rivest R, Shamir A, Adleman L. A method for obtaining digital signature and public-key cryptosystems. Commun ACM 1978;21:120–6. [4] Matthews R. On the derivation of a chaotic encryption algorithm. Cryptologia 1989;XIII(1):29–42. [5] Chen G, Mao Y, Chui C. A symmetric image encryption scheme based on 3D chaotic cat maps. Chaos Solitons & Fractals 2004;21(3):749–61. [6] Masuda N, Jakimoski G, Aihara K, Kocarev L. Chaotic block ciphers: from theory to practical algorithms. IEEE Trans Circ Syst I: Fundam Theory Appl 2006;53(6):1341–52. [7] Pisarchik A, Zanin M. Image encryption with chaotically coupled chaotic maps. Physica D 2008;237(20):2638–48. [8] Akhshani A, Behnia S, Akhavan A, Abu Hassan H, Hassan Z. A novel scheme for image encryption based on 2D piecewise chaotic maps. Optics Commun 2010;283:3259–66. [9] Cheng H, Li X. Partial encryption of compressed images and video. IEEE Trans Sig Process 2000;48(8):2439–51. [10] Krikor L, Baba S, Arif T, Shaaban Z. Image encryption using DCT and stream cipher. Eur J Scient Res 2009;32(1):47–57. [11] Xiao D, Liao X, Wei P. Analysis and improvement of a chaos-based image encryption algorithm. Chaos Solitons & Fractals 2009;40:2191–9. [12] Gao T, Chen Z. A new image encryption algorithm based on hyper-chaos. Phys Lett A 2008;372:394–400. [13] Li S, Zheng X. Cryptanalysis of a chaotic image encryption method. In: Proceedings of IEEE international symposium on circuits and systems II, 2002. p. 708–711. [14] Guan ZH, Huang F, Guan W. Chaos-based image encryption algorithm. Phys Lett A 2005;346(1-3):153–7. [15] Li C, Li S, Chen G, Halang WA. Cryptanalysis of an image encryption scheme based on a compound chaotic sequence. Image Vision Comput 2009;27(8):1035–9. [16] Wang Y, Wong KW, Liao X, Chen G. A new chaos-based fast image encryption algorithm. Appl Soft Comput 2011;11(1):514–22. [17] Rhouma R, Solak E, Belghith S. Cryptanalysis of a new substitution-diffusion based image cipher. Commun Nonlinear Sci Numer Simul 2010;15(7):1887–92. [18] Pecora L, Carroll T. Synchronization in chaotic systems. Phys Rev Lett 1990;64:821–4. [19] Chen M, Han Z. Controlling and synchronizing chaotic Genesio system via nonlinear feedback control. Chaos Solitons & Fractals 2003;17(4):709–16. [20] Liu F, Ren Y, Shan X, Qiu Z. A linear feedback synchronization theorem for a class of chaotic systems. Chaos Solitons & Fractals 2002;13(4):723–30. [21] Hu M, Yang Y, Xu Z. Impulsive control of projective synchronization on chaotic systems. Phys Lett A 2008;372:3228–33. [22] Lu J, Wu X, Han X, Lü J. Adaptive feedback synchronization of a unified chaotic system. Phys Lett A 2004;329(4-5):327–33. [23] Mainieri R, Rehacek J. Projective synchronization in three-dimensional chaotic systems. Phys Rev Lett 1999;82:3042–5. [24] Cheng CJ, Liao TL, Hwang CC. Exponential synchronization of a class chaotic neural networks. Chaos Solitons & Fractals 2005;24(1):197–206. [25] Lü J, Chen G, Cheng D, Celikovsky S. Bridge the gap between the Lorenz system and the Chen system. Int J Bifurcat Chaos 2002;12:2917–26. [26] Cheng CJ. Robust synchronization of uncertain unified chaotic systems subject to noise and its application to secure communication. Appl Math Comput 2012;219(5):2698–712. [27] Chua L, Yang L. Cellular neural networks: theory. IEEE Trans Circ Syst I 1999;35(10):1257–72. [28] Yassen MT. Chaos synchronization between two different chaotic systems using active control. Chaos Solitons & Fractals 2005;23(1):131–40. [29] Khalil H. Nonlinear Systems. New York: Macmillan Publishing Company; 1992. [30] Zhang G, Liu Q. A novel image encryption method based on total shuffling scheme. Opt Commun 2011;284(12):2775–80.