#### Abstract

This paper suggests a new chaos-based color image cipher with an efficient substitution keystream generation strategy. The hyperchaotic Lü system and logistic map are employed to generate the permutation and substitution keystream sequences for image data scrambling and mixing. In the permutation stage, the positions of colored subpixels in the input image are scrambled using a pixel-swapping mechanism, which avoids two main problems encountered when using the discretized version of area-preserving chaotic maps. In the substitution stage, we introduce an efficient keystream generation method that can extract three keystream elements from the current state of the iterative logistic map. Compared with conventional method, the total number of iterations is reduced by 3 times. To ensure the robustness of the proposed scheme against chosen-plaintext attack, the current state of the logistic map is perturbed during each iteration and the disturbance value is determined by plain-pixel values. The mechanism of associating the keystream sequence with plain-image also helps accelerate the diffusion process and increase the degree of randomness of the keystream sequence. Experimental results demonstrate that the proposed scheme has a satisfactory level of security and outperforms the conventional schemes in terms of computational efficiency.

#### 1. Introduction

Nowadays, digital image information has been widely communicated over the Internet and wireless networks owing to the rapid advancements in the multimedia and communication technology. Meanwhile, the protection of digital image information against illegal usage has become an important issue. A direct and obvious way to protect image data from unauthorized eavesdropping is to employ an encryption algorithm. Unfortunately, the renowned block ciphers, such as Triple-DES, AES, and IDEA, are not suitable for practical image encryption. This is because the security of these algorithms is mainly ensured by their high computational cost, making them hard to meet the demand for online communications when dealing with digital images characterized by bulk data capacity. To meet this challenge, many different encryption technologies have been proposed. Among them, the chaos-based algorithms provide an optimal trade-off between security and efficiency. The first chaos-based image encryption scheme was suggested by Fridrich in 1998 [1]. The permutation-substitution network, introduced by Claude Shannon in his classic 1949 paper, Communication Theory of Secrecy Systems, and now a guiding principle for the design of a secure cipher, is adopted in her approach. In each round of the cipher, the pixel positions are firstly scrambled in a secret way, which leads to a great reduction in the correlation among neighboring pixels. Then, the pixel values are altered sequentially and the influence of each pixel is diffused to all its succeeding ones during the modification process. With such a structure, a minor change in one pixel of the plain-image may result in a totally different cipher-image with several overall rounds of encryption.

Conventionally, three area-preserving invertible chaotic maps, that is, the cat map, the baker map, and the standard map, are widely used for image scrambling. Unfortunately, this kind of permutation strategy suffers from two main disadvantages, that is, the periodicity of discretized version of chaotic maps and applicability to only square images [2–4]. To address these two drawbacks, Fu et al. [5] suggested an image scrambling scheme using a chaotic sequence sorting mechanism. Unfortunately, this method takes a whole row/column of an image as the scrambling unit and results in weaker confusion effect compared with many of the existing schemes working on individual pixels. In [6], inspired by the natural ripple-like phenomenon that distorts a reflection on a water surface, Wu et al. suggested a novel scrambling algorithm that shuffle images in an dimensional ( D) space using wave perturbations. In [7], the original pixel level matrix is considered as a natural 3D bit matrix, and a new 3D bit-level permutation algorithm is proposed. During the permutation stage, the original and target bit locations are both randomly selected to further enhance the permutation effect.

In the substitution stage, various discrete chaotic maps and continuous chaotic systems can be employed to generate keystream sequences with desired statistical properties, including the most commonly used ones like the logistic map [2], the Lorenz system [8], the Chen system [9], and varieties of high dimensional chaotic systems [10]. Obviously, low dimensional chaotic maps, especially the logistic map, have the advantages of simplicity and high efficiency but suffer from small key space; in contrast, high dimensional chaotic systems, especially the hyperchaotic systems, provide sufficiently large key space but at the expense of computations. Recently, it has been reported that many existing image encryption schemes have been successfully broken by using known/chosen-plaintext attacks [11–14]. This is due to the fact that the substitution keystream sequences used in these schemes are solely determined by the secret key. That is, the same keystream sequence is used to encrypt different plain-images unless a different secret key is used. Consequently, the keystream sequence may be determined by encrypting some specially created images (e.g., an image with all pixels having the same value) and then comparing them with their corresponding outputs. Obviously, if a keystream sequence depends on both the secret key and the plaintext, then such analysis may become impractical. For instance, in [15], the keystream elements are extracted from multiple-time iteration of the logistic map, and the iteration times are determined by plain-pixel values. Unfortunately, the redundant iteration operations downgrade the efficiency of the cryptosystem to some extent. In [16], the value of each keystream element is dynamically altered according to the plain-pixel values during the substitution process.

To better meet the challenge of online secure image communications, much research has been done on improving the efficiency of chaos-based image ciphers. For instance, in [17], Xiang et al. investigated the feasibility of selective image encryption on a bit-plane. It is concluded that only selectively encrypting the higher four bit-planes of an image can achieve an acceptable level of security. As only 50% of the whole image data are encrypted, the execution time is reduced. In [18], Wong et al. proposed a more efficient diffusion mechanism using simple table lookup and swapping techniques as a light-weight replacement of the 1D chaotic map iteration. Following this work, Chen et al. [19] presented an efficient image encryption scheme with confusion and diffusion operations being both performed based on a lookup table. The other advantage of their approach is that it can effectively tolerate the channel errors, which may lead to the corruption of cipher data. It has been demonstrated that images recovered from the damaged cipher data have satisfactory visual perception. In [20], Fu et al. introduced a novel bidirectional diffusion strategy to minimize the number of encryption rounds needed to spread the influence of each individual pixel over the entire cipher-image. Experimental results have demonstrated that their scheme takes one round of permutation and two rounds of substitution to obtain a satisfactory diffusion effect. In [16, 21–23], chaos-based image ciphers using a bit-level permutation were suggested. Owing to the substitution effect introduced in the permutation stage, the number of iteration rounds required by the time-consuming substitution procedure is reduced, and hence a shorter encryption time is needed. In [8], Fu et al. suggested a fast chaos-based image cipher with the permutation key determined by the hash value of the original image. Owing to the avalanche property of hash function, completely different shuffled images will be produced even if there is a tiny difference between the original ones, thereby accelerating the diffusion process. In [24], Chen et al. presented a novel image encryption scheme using a Gray-code-based permutation. Taking full advantage of (, , )-Gray-code achievements, the new permutation strategy provides superior computational efficiency. In [25], Hua et al. introduced an image encryption algorithm based on a new two-dimensional sine logistic modulation map (2D-SLMM). Compared with corresponding seed maps, the new map has wider chaotic range, more parameters, and complex chaotic properties while remaining of relatively low implementation cost. Accordingly, the algorithm provides a good trade-off between security and efficiency.

Conventionally, in the substitution stage, one keystream element is obtained from the current value of a state variable of an iterative chaotic system. That is, to generate a keystream sequence of length* m*, a -dimensional chaotic system should be iterated (*m/n*) times. In the present paper, we introduce an efficient logistic map-based keystream generation strategy that can simultaneously extract three keystream elements from the current state of the map. As a result, the total number of iterations is reduced by 3 times and the encryption time is shortened. In the permutation stage, the positions of subpixel in each color channel of the plain-image are scrambled across the entire color space using a pixel-swapping strategy under the control of a keystream sequence generated from the hyperchaotic Lü system. To ensure the robustness of the proposed scheme against chosen-plaintext attack, the current state of the logistic map is perturbed during each iteration and the disturbance value is determined by plain-pixel values. The mechanism of associating the keystream sequence with plain-image also helps accelerate the diffusion process and increase the degree of randomness of the keystream sequence. Experimental results demonstrate that the proposed scheme has a satisfactory level of security and outperforms the conventional schemes in terms of computational efficiency.

The rest of this paper is organized as follows. The proposed permutation and substitution algorithms are thoroughly described in Sections 2 and 3, respectively. In Section 4, the degree of randomness of the substitution keystream sequences generated using our proposed method is evaluated by using NIST test suite. In Section 5, the confusion and diffusion performance of the proposed cryptosystem are analyzed. The security and efficiency of the cryptosystem are analyzed in Sections 6 and 7, respectively. Finally, Section 8 concludes the paper.

#### 2. Color Image Permutation Using a Pixel-Swapping Strategy

The hyperchaotic Lü system [26], which is employed in our scheme to generate the permutation keystream sequence, is described bywhere , , are the constants of Lü system [27] and is a control parameter. When , , , and , the system exhibits a hyperchaotic behavior, and the projections of its phase portrait are shown in Figure 1. Evidently, the initial conditions of the system are the immediate candidate for the secret key for permutation, as they uniquely determine a chaotic trajectory from which the permutation keystream is extracted.

**(a)**

**(b)**

**(c)**

**(d)**

**(e)**

**(f)**

Without loss of generality, a 24-bit RGB color image of size* H*×*W* is used as an input. The detailed permutation process is described as follows.

*Step 1. *Arrange the colored subpixels in the input image to a one-dimensional byte array in the order from left to right, top to bottom.

*Step 2. *Generate a chaotic sequence of length by iterating system (1), where returns the length of sequence .

*Step 2.1. *Preiterate system (1) for times to avoid the harmful effect of transitional procedure, where is a constant. The system can be numerically solved by using fourth-order Runge-Kutta method, as given bywhereand the step is chosen as 0.005.

*Step 2.2. *Continue the iteration for times, where returns the least integer greater than or equal to . For each iteration, the current values of the four state variables , and are in turn stored into an array . Obviously, the last element(s) produced at the final iteration step is redundant and should be discarded.

*Step 3. *Extract a permutation keystream sequence from permSeq according towhere returns the position of in permKstr, that is, , returns the absolute value of , returns the* α* most significant decimal digits in

*x*, and divides by and returns the remainder of the division. An value of 15 is recommended as all the state variables in our scheme are declared as double-precision type. From (4) it can be seen that is in the range between and . That is, the swapping target for each colored subpixel (except the last one) in will be pseudorandomly chosen from all its succeeding ones.

*Step 4. *Scramble by swapping each subpixel with another subpixel located at .

As can be seen from the above description, the proposed permutation scheme well addresses the two problems encountered when using the discretized version of area-preserving chaotic maps. First, the proposed scheme can be applied to images of arbitrary size, whereas the area-preserving chaotic maps can be only applied to square images. Secondly, though the aperiodicity nature of a chaotic system will be deteriorated in computer realization with finite computation precision, the period length of pseudorandom keystream sequence generated by a chaotic system is by far longer than that of its discretized version. A keystream sequence with a very long period can be considered practically aperiodic when applied to images of reasonable size. That is, image scrambled by the proposed method will not return to its original state even after a huge number of iterations.

#### 3. Color Image Substitution Using a Fast Plaintext-Dependent Keystream Generation Strategy

In the substitution stage, the logistic map [28], which is the most studied example of discrete nonlinear dynamical systems that exhibit chaotic behavior, is employed to generate the keystream sequence for mixing the subpixel values. Mathematically, the map is described bywhere is the state variable and is the parameter. The logistic map behaves chaotically, interrupted by small periodic windows for values of between about 3.57 and 4. In our scheme, is set to 4 to avoid those nonchaotic regions. Similarly, the initial condition of the map is used as the secret key for substitution.

The detailed substitution process is described as follows.

*Step 1. *Preiterate the logistic map for times for the same purpose mentioned above. It should be noticed that the values of 0.5 and 0.75 are two “bad” points, trapping the iterations to the fixed points 0 and 0.75, respectively. If this case is encountered, a slight perturbation should apply.

*Step 2. *The logistic map is iterated continuously. For each iteration, a 24-bit (3 byte) integer can be obtained from the current state of the map according towhere and “≪*s*” denotes a left shift by bit. For instance, returns bitwise representation of 1 shifted to the left by 24 bits, which is equivalent to 2^{24}.

*Step 3. *Extract three keystream elements from pseRandInt according towhere “≫*s*” denotes a right shift by bit and & denotes a bitwise AND operation. It can be seen from (7) that the upper, middle, and lower 8 bits of pseRandInt are assigned to , respectively.

*Step 4. *Convert the plain-pixel to its cipher form according to where (*p*_{3n},* p*_{3n+1},* p*_{3n+2}) and (*c*_{3n},* c*_{3n+1},* c*_{3n+2}) are the three colored subpixels of the currently operated pixel and its output cipher-pixel, respectively, performs bitwise exclusive OR operation, and is the number of gray levels in the input image (for a 24-bit RGB color image, ).

As can be seen from (8), the modification made to a subpixel depends not only on the keystream element but also on its previous ciphered subpixel, and thereby the influence of each subpixel can be spread over all its succeeding ones. For the first subpixel* p*_{0}, the initial value can be set as a constant.

*Step 5. *Make the keystream elements depend on the plain-pixel by perturbing the state variable of logistic map according to whereis the disturbance value determined by the original values of the three colored subpixels of the currently operated pixel. It is clear that falls within the range between 0 and 0.1, keeping the logistic map operating in chaotic region.

*Step 6. *Return to Step 2 until all the subpixels in imgData are encrypted.

*Step 7. *Perform several rounds of the overall permutation-substitution operations so as to spread the influence of each individual subpixel over the entire cipher-image.

*Step 8. *Produce the final output by adding a file header identical to that of the input image to imgData.

The decryption procedure is similar to that of the encryption process except that some steps are followed in a reversed order. Particularly, the inverse of (8) is given byIn addition, as can be seen from the above description of the substitution algorithm, the perturbing of the state of the logistic map is performed after a pixel is enciphered and the disturbance value is calculated from the original values of the ciphered pixel. Accordingly, in the decryption procedure, the same disturbance value can be calculated out after a cipher-pixel is decrypted.

#### 4. Analysis of the Randomness of the Substitution Keystream

The randomness of the keystream sequence is crucial to the security of a chaotic cipher. A cryptographically secure keystream generator should generate the keystream sequence without repetition or predictability, thus preventing different parts of a messages encrypted with the repeated parts of the keystream sequence from being intercepted or generated by an attacker. The degree of randomness of a keystream sequence may be determined by statistical tests, and the most authoritative one is the test suite designed by the National Institute of Standards & Technology (NIST). The test suite is a statistical package consisting totally of 16 tests, which are carried out as follows: For each statistical test, a set of values (corresponding to the set of sequences) is produced. A sequence passes a statistical test whenever the value ≥* α* and fails otherwise, where is the significance level. For each statistical test, compute the proportion of sequences that pass. The range of acceptable proportions is determined using the confidence interval defined aswhere is the number of standard deviations and is the sample size. In our experiments, 200 keystream sequences , each with a length, in bits, as long as that of a 24-bit RGB color image of size , are generated with randomly selected substitution keys. Together with the chosen standard parameters, and , we have . If the proportion falls outside of this interval, then there is evidence that the data is nonrandom. Table 1 lists the test results for the keystream sequences generated using the proposed and conventional methods. As can be seen from this table, the proposed method has a higher pass rate in 13 of the 16 test items, and hence it generates keystream sequences with a higher degree of randomness over the conventional method.

#### 5. Analysis of the Confusion and Diffusion Performance of the Proposed Scheme

##### 5.1. Analysis of Confusion Performance

In order to evaluate the confusion performance of the proposed permutation method, we apply it to the standard “peppers” test image ( pixels, 24-bit RGB color) and the result is compared with that of three most widely used methods based on area-preserving invertible chaotic maps, as demonstrated in Figure 2. Figure 2(a) shows the test image and Figure 2(b) is the resulting image after applying the proposed permutation method once. The permutation key, that is, the initial conditions of the hyperchaotic Lü system, is randomly chosen to be . Figures 2(c)–2(e), 2(f)–2(h), and 2(i)–2(k) show the resulting images after applying the cat map, the baker map, and the standard map once, twice, and three times, respectively. The permutation keys, that is, the control parameters of the three maps, are chosen to be , , and , respectively. As can be seen from Figure 2, the proposed method takes only one round to achieve a satisfactory scrambling effect, whereas more (≥2) is needed by the three conventional ones. Moreover, the colors in the scrambled image produced by the proposed permutation method are much more uniformly distributed than that produced by the three conventional methods. This is because the proposed scheme scrambles the subpixels across all the three color channels, whereas the schemes using area-preserving chaotic maps have to scramble each color channel separately, making the dominant colors of the resulting scrambled image similar to those of its original version.

##### 5.2. Analysis of Diffusion Performance

As is known, the diffusion property is essential to ensure the security of a cryptographic algorithm against chosen-plaintext attack. The differential analysis is the most common way to implement the chosen-plaintext attack. To do this, an opponent may firstly create two plain-images with only one-bit difference and then encrypt the two images using the same secret key. By observing the differences between the two resulting cipher-images, some meaningful relationship between plain-image and cipher-image could be found out, and it further facilitates determining the keystream. Obviously, this kind of cryptanalysis may become impractical if a cryptosystem is highly sensitive to plaintext; that is, changing one bit of the plaintext affects every bit in the ciphertext.

To measure the diffusion property of an image cryptosystem, two criteria, that is, NPCR (the number of pixel change rate) and UACI (the unified average changing intensity), are commonly used. The NPCR is used to measure the percentage of different pixel numbers between two images. Let and be the th pixel in th color channel ( denotes the red, green, and blue color channels, resp.) of two images and , where ,; the NPCR can be defined aswhere is defined asThe second criterion, UACI, is used to measure the average intensity of differences between the two images. It is defined as

Clearly, no matter how similar the two input images are, a good image cryptosystem should produce outputs with NPCR and UACI values ideally being equal to those of two random images, which are given byFor instance, the NPCR and UACI values for two random color images in 24-bit RGB format are 99.609% and 33.464%, respectively.

The NPCR and UACI of the proposed cryptosystem are evaluated using five standard 24-bit color test images of size taken from the USC-SIPI image database. The differential images are created by randomly changing 1 bit in the original ones, as listed in Table 2. The two images in each test pair are encrypted using the same secret key, and their NPCR and UACI values under different number of cipher rounds are given in Table 3. It can be concluded from Table 3 that the diffusion efficiency of the proposed scheme is competitive with that of existing optimal substitution strategies, which take a minimum of two encryption rounds to achieve desired NPCR and UACI values.

#### 6. Security Analysis

In this section, thorough security analysis has been carried out, including the most important ones like brute-force analysis, statistical analysis, and key sensitivity analysis, to demonstrate the high security of the proposed scheme.

##### 6.1. Brute-Force Analysis

In cryptography, a brute-force attack is a cryptanalytic attack that attempts to break a cipher by systematically checking all possible keys until the correct one is found. Obviously, a cipher with a key length of bits can be broken in a worst-case time proportional to and an average time of half that. A key should therefore be long enough that this line of attack is impractical, that is, would take too long to execute. As mentioned above, the initial conditions of the hyperchaotic Lü system and the logistic map, which consist of four and one state variables, are used as the permutation key and substitution keys, respectively. The two keys are independent of each other and a 64-bit double-precision type gives 53 bits of precision, and therefore the key length of the proposed scheme is bits. Generally, cryptographic algorithms using keys with a length greater than 100 bits are considered to be “computational security” as the number of operations required to try all possible 2^{100} keys is widely considered out of reach for conventional digital computing techniques for the foreseeable future. Therefore, the proposed scheme is secure against brute-force attack.

##### 6.2. Statistical Analysis

###### 6.2.1. Frequency Distribution of Pixel Values

A good image cryptosystem should sufficiently mask the distribution of pixel values in the plain-images so as to make frequency analysis infeasible. That is, the redundancy of plain-image or the relationship between plain-image and cipher-image should not be observed from the cipher-image as such information has the potential to be exploited in a statistical attack. The frequency distribution of pixel values in an image can be easily determined by using histogram analysis. An image histogram is a graph showing the number of pixels in an image at each different intensity value found in that image. The histograms of the RGB color channels of the “peppers” test image and its output cipher-image produced by the proposed scheme are shown in Figure 3. It is clear from Figures 3(l)–3(n) that the pixel values in all the three color channels of the output cipher-image are fairly evenly distributed over the whole intensity range, and therefore no information about the plain-image can be gathered through histogram analysis.

The distribution of pixel values can be further quantitatively determined by calculating the information entropy of the image. Information entropy, introduced by Shannon in his classic paper “A Mathematical Theory of Communication” [29], is a key measure of the randomness or unpredictability of information content. The information entropy is usually expressed by the average number of bits needed to store or communicate one symbol in a message, as described bywhere is a random variable with outcomes and is the probability mass function of outcome . It is obvious from (17) that the entropy for a random source emitting symbols is . For instance, for a ciphered image with 256 color levels per channel, the entropy should ideally be 8; otherwise, there exists certain degree of predictability which threatens its security.

The information entropies of the five test images and their output cipher-images are calculated, and the results are listed in Table 4. As can be seen from Table 4, the entropy of all the output cipher-images are very close to the theoretical value of 8. This means the proposed scheme produces outputs with perfect randomness and hence is robust against frequency analysis.

###### 6.2.2. Correlation between Neighboring Pixels

Pixels in an ordinary image are usually highly correlated with their neighbors either in horizontal, vertical, or diagonal direction. However, an effective image cryptosystem should procedure cipher-images with sufficiently low correlation between neighboring pixels. Scatter diagram is commonly used to qualitatively explore the possible relationship between two data sets. To plot a scatter diagram for image data, the following procedures are carried out. First, randomly select pairs of neighboring pixels in each direction from a color channel of the image. Then, the selected pairs is displayed as a collection of points, each having the value of one pixel determining the position on the horizontal axis and the value of the other pixel determining the position on the vertical axis.

Figures 4(a)–4(c) and 4(d)–4(f) show the scatter diagrams for horizontally neighboring pixels in the three color channels of the “peppers” test image and its output cipher-image with , respectively. Similar results can be obtained for the other two directions. As can be seen from this figure, most points in (a)–(c) are clustered around the main diagonal, whereas those in (d)–(f) are fairly evenly distributed. The results indicate that the proposed scheme can effectively eliminate the correlation between neighboring pixels in an original image.

**(a)**

**(b)**

**(c)**

**(d)**

**(e)**

**(f)**

To further quantitatively measure the correlation between neighboring pixels in an image, the correlation coefficients for the sampled pairs are calculated according to the following three formulas:where and form the th pair of neighboring pixels.

Table 5 lists the calculated correlation coefficients for neighboring pixels in the three color channels of the five test images and their output cipher-images. As can be seen from this table, the correlation coefficients for neighboring pixels in all the three color channels of the output cipher-images are practically zero. The results further support the conclusion drawn from Figure 4.

##### 6.3. Key Sensitivity Analysis

Key sensitivity, another basic design principle of cryptographic algorithms, ensures that no information about the plaintext can be revealed even if there is only a slight difference between the decryption and encryption keys. To evaluate the key sensitivity property of the proposed scheme, the “peppers” test image is firstly encrypted with a randomly generated secret key: hyperchaotic Lü system with initial conditions and logistic map with initial condition , and the resulting cipher-image is shown in Figure 5(a). Then the ciphered image is tried to be decrypted using six decryption keys, one of which is exactly the same as the encryption key and the other five have only one-bit difference from it, as listed in Table 6. The resulting deciphered images are shown in Figures 5(b)–5(g), respectively, from which we can see that even an almost perfect guess of the key does not reveal any information about the original image. It can, therefore, be concluded that the proposed scheme fully satisfies the key sensitivity requirement.

**(a)**

**(b)**

**(c)**

**(d)**

**(e)**

**(f)**

**(g)**

#### 7. Speed Performance

As can be seen from the above description of the substitution keystream generation method, three keystream elements can be simultaneously extracted from the current state of the logistic map, whereas only one can be obtained using the conventional method. As a result, the total number of iterations is reduced by 3 times and the encryption time is shortened. We use three 24-bit RGB test images of different sizes to evaluate the computational efficiency of the proposed scheme and compare it with that of an identical copy of the proposed scheme except using a conventional keystream generation method. Each test image is ciphered 10 times with two rounds of permutation-substitution operations, and the average execution times are listed in Table 7. Both schemes have been implemented using C programming language on Windows 7 64-bit platform, and the tests have been done on a personal computer with an Intel Xeon E3-1230 v3 3.3 GHz processor and 8 GB RAM. As can be seen from Table 7, the proposed scheme significantly outperforms the one using a conventional keystream generation method in terms of computational efficiency, and therefore it provides a good candidate for online secure image transmission over public networks.

#### 8. Conclusions

This paper has proposed a new permutation-substitution type color image cipher to better meet the increasing demand for real-time secure image communications. To confuse the relationship between the ciphertext and the secret key, the positions of colored subpixels in the input image are scrambled using a pixel-swapping mechanism, which avoids two main problems encountered when using the discretized version of area-preserving chaotic maps. To improve the computational efficiency of the substitution process, we introduced an efficient keystream generation method that can simultaneously extract three keystream elements from the current state of the iterative logistic map. Compared with the conventional method, the total number of iterations is reduced by 3 times. The computational efficiency comparison results have shown the superior performance of the proposed encryption scheme. To ensure the robustness of the proposed scheme against chosen-plaintext attack, the current state of the logistic map is perturbed during each iteration and the disturbance value is determined by plain-pixel values. The mechanism of associating the keystream sequence with plain-image also helps accelerate the diffusion process and increase the degree of randomness of the keystream sequence. The results of NPCR and UACI tests indicate that the proposed scheme takes only two encryption rounds to achieve a satisfactory diffusion effect. The results of NIST statistical test indicated that the substitution keystream sequences generated using the proposed method have a higher degree of randomness than that generated by conventional method. We have carried out an extensive security analysis, which demonstrates the satisfactory security level of the new scheme. It can therefore be concluded that the proposed scheme provides a good candidate for online secure image communication applications.

#### Conflicts of Interest

The authors declare that there are no conflicts of interest regarding the publication of this paper.

#### Acknowledgments

This work was supported by the Fundamental Research Funds for the Central Universities (no. N150402004) and the Online Education Research Fund of MOE Research Center for Online Education (Qtone Education) (no. 2016YB123).