Scientific Programming

Scientific Programming / 2020 / Article

Research Article | Open Access

Volume 2020 |Article ID 6612390 | https://doi.org/10.1155/2020/6612390

Mohamed Gafsi, Nessrine Abbassi, Mohamed Ali Hajjaji, Jihene Malek, Abdellatif Mtibaa, "Improved Chaos-Based Cryptosystem for Medical Image Encryption and Decryption", Scientific Programming, vol. 2020, Article ID 6612390, 22 pages, 2020. https://doi.org/10.1155/2020/6612390

Improved Chaos-Based Cryptosystem for Medical Image Encryption and Decryption

Academic Editor: Zhaoqing Pan
Received03 Oct 2020
Revised09 Nov 2020
Accepted26 Nov 2020
Published18 Dec 2020

Abstract

In the medical sector, the digital image is multimedia data that contain secret information. However, designing an efficient secure cryptosystem to protect the confidential images in sharing is a challenge. In this work, we propose an improved chaos-based cryptosystem to encrypt and decrypt rapidly secret medical images. A complex chaos-based PRNG is suggested to generate a high-quality key that presents high randomness behaviour, high entropy, and high complexity. An improved architecture is proposed to encrypt the secret image that is based on permutation, substitution, and diffusion properties. In the first step, the image’s pixels are randomly permuted through a matrix generated using the PRNG. Next, pixel’s bits are permuted using an internal condition. After that, the pixels are substituted using two different S-boxes with an internal condition. In the final step, the image is diffused by XORing pixels with the key stream generated by the PRNG in order to acquire an encrypted image. R rounds of encryption can be performed in a loop to increase the complexity. The cryptosystem is evaluated in depth by his application on several medical images with different types, contents, and sizes. The obtained simulation results demonstrate that the system enables high-level security and performance. The information entropy of the encrypted image has achieved an average of 7.9998 which is the most important feature of randomness. The algorithm can take full advantage of parallelism and pipeline execution in hardware implementation to meet real-time requirements. The PRNG was tested by NIST 800-22 test suit, which indicates that it is suitable for secure image encryption. It provides a large key space of 2192 which resists the brute-force attack. However, the cryptosystem is appropriate for medical image securing.

1. Introduction

In the medical sector, the digital image is multimedia data that contain secret information. However, designing an effective cryptosystem to protect medical image content is a challenge. Using public or shared digital networks, images are vulnerable to potentially more destructive attacks such as replay or human-based attacks, brute-force, and statistical attack. The need for effective cryptographic solutions for medical image requires the development of an improved algorithm and implementation. To protect the image against new generations of attacks, encryption solutions should guarantee the confidentiality of the image. Confidentiality is achieved by encryption to make data unintelligible and unusable even if the data is lost or hacked. Among encryption schemes, symmetric encryption is the best cryptographic solution that permits the confidentiality of large volume data. In this innovative idea, chaos is an effective axis of modern cryptography challenging existing traditional symmetric encryption systems like the Advanced Encryption System (AES) [1]. Chaos systems have many significant advantages such as highly sensitive to initial conditions, deterministic random numbers, ergodicity, structure complexity, large key space, flexibility, and large periodicity. Unlike asymmetric encryption, symmetric encryption has several modes of operation. Since 2001, five modes have been recommended by NIST which are ECB, CBC, OFB, CTS, and CTR. Among these, the CTR mode of encryption is commonly used in high-speed networks thanks to its high performance. The CTR architecture can take full advantage of parallel and pipelining execution and can achieve a high-level performance using reasonable hardware resources.

After this innovative idea was investigated, many researchers turned to design chaos-based symmetric cryptosystem algorithms for ordinary and medical image encryption. This is using different types of chaotic models such as the Lorenz and Chen system, skew tent map, and logistic map [2, 3]. Jeevitha [4] presented a cryptosystem algorithm for medical image encryption. In the first step, the medical image was decomposed into some planes using discrete wavelet transform. Edge maps were generated with the same or different thresholds from the original image and the binary images of equal size considered as with the original planes. Then, the XOR diffusion between the edge maps and the planes was carried out. Next, the positions of the obtained plane at the last step were scrambled. Finally, planes were combined to form the encrypted image. Jizhao [5] put forward a simple cryptosystem algorithm for medical image protection. A PRNG based on a four-dimensional chaotic system was proposed to generate the key. The original medical image was encrypted using a diffusion-confusion as architecture. The confusion property was done by a simple substitution S-box. However, the diffusion property was obtained by XORing the image pixel with a key stream. Tsafack et al. [6] presented an image encryption system based on a simple chaotic system. To generate the encryption key, an electronic circuit based on a dynamical four-dimensional chaotic system is designed. This implementation mainly increases the execution time. For image encryption, a simple confusion and diffusion architecture was designed. Firstly, the substitution S-box and a key stream were produced by utilizing the PRNG. Then, the image’s pixels were substituted using the S-box. Finally, the result pixels were XORed by the key stream in order to obtain the encrypted image. Their proposed cryptosystem was tested on some medical images. Xingyuan [7] proposed a chaos-based cryptosystem for colour image encryption. Firstly, the image was divided into four blocks. Then, the blocks were scrambled by employing Arnold's chaotic map. Next, the image’s blocks were diffused by a combination method between the Boolean network and semitensor products. Finally, the blocks were combined to form the encrypted image. Yasir et al. [8] suggested an image cryptosystem based on confusion and compression. Firstly, the simple lossless Lempel–Ziv–Welch (LZW) data compression algorithm was used to compress the original image. Then, the Chebyshev chaotic map was used to select an S-box from a collection of 40,320 available S-boxes. Finally, the compressed image was encrypted by substituting the pixels with the selected S-box. Using only a confusion process to encrypt the secret image is not secure against attacks. Huijuan [9] proposed a simple cryptosystem algorithm for image encryption. A PRNG based on the two-dimensional logistic-adjusted sine map was designed for encryption key generation. Two mechanisms were used for orbit perturbation and dynamic state variable selection. Their proposed image encryption algorithm includes a permutation and a XOR diffusion procedure. Hongjun [10] put forward an image cryptosystem based on DNA sequence and two chaotic maps. The scheme is symmetric and they adopt a confusion-diffusion as encryption architecture. The initial parameters of chaos maps are generated using the MD5 hash. The image was confused using PWLCM map and confused using DNA and Chebyshev map. Zhou [11] suggested an image cryptosystem based on a combination between the 3D orthogonal Latin squares (3D-OLSs) and a matching matrix. Firstly, the 3D sine map was used to generate three chaotic sequences. Next, a 3D orthogonal Latin square and a matching matrix were produced by using the chaotic sequences. Then, the 3D-OLSs and the matching matrix were jointly used to permute the original image. After that, all planes of the permuted matrix were divided into sixteen blocks of the same size. The chaotic sequence was sorted and a position matrix was generated. According to the position matrix, the blocks of each plane were linked and shifted by using a cyclic shift operation, and then, a new matrix was generated. Finally, the encrypted image was generated by executing a diffusion operation for the new matrix. Zhang [12] proposed a simple cryptosystem algorithm for image encryption. In designing, he has used transformation, permutation, and XOR diffusion as encryption architecture. The transformation was obtained by employing the discrete wavelet transform of the image. The permutation was carried out by substitution S-box. However, the diffusion property was obtained by scrambling the image’s pixels with a key stream that was generated by a simple PRNG based on the PWLCM chaotic map. In the substitution step, Yong adopts the S-box of the AES standard, which was not a secure substitution method because the S-box of AES was not dynamic.

The challenge is that traditionally, key generation, encryption, authentication, and integrity have been complex and computationally costly to execute while keeping in mind the issue related to the security level. All mentioned image cryptosystems have many weaknesses. It is sequential, too long in design and calculation, which greatly increases the execution time. In this work, we propose an improved chaos-based symmetric cryptosystem for fast image encryption and decryption. The goal is to achieve high-level security and high performance with low computational complexity and reasonable resources. Our contribution is as follows:(i)Design of improved chaos-based PRNG with the goal to enlarge the key space, increase the entropy, randomness, and complexity, and avoid the key’s sequence relationship and determinism. This permits the generating of high-quality key streams with high randomness behaviour, unpredictability, and complexity.(ii)Design of fast and secure encryption and decryption architecture based on permutation, substitution, and diffusion properties. This permits enhancing the randomness and decreasing the correlation. The goal is to achieve a high-level performance with low computational cost and with reasonable resources.(iii)Undertake in-depth experimental measurements for medical images with different type, content, and size to evaluate the strength of the proposed cryptosystem against the new generation of attacks.(iv)Undertake an evaluation study of the performance of the execution and compare the result with other recent works.

This paper is planned in four parts as follows: in Section 2, the proposed image cryptosystem algorithm is described. The simulation, analysis, evaluation, and validation of the proposed algorithm are given in Section 3. Section 4 concludes the work.

2. Proposed Cryptosystem Algorithm

The symmetric cryptographic scheme is the best solution to encrypt and decrypt large volume data. The proposed cryptosystem algorithm is a symmetric scheme based on confusion and diffusion properties. To generate a high-quality key, a complex chaos-based PRNG is suggested. The general view of the proposed cryptosystem is depicted in Figure 1.

2.1. Pseudorandom Number Generator

PRNGs are used to generate key useful for encryption. The proposed PRNG is a chaos-based key generator. A complex PRNG architecture is designed with the goal to increase the key complexity, entropy, randomness, sensitivity, and key space and to avoid determinism, correlation, and key dependence.

The proposed PRNG is illustrated in Figure 2. It includes three data processing blocks: a dynamical state generator (DSG), a complex chaotic design (CCD), and a convertor block. Three different chaotic systems are employed in designing to enhance the complexity of the key. The chaotic systems are maintained in parallel. This permits generating many key streams at a time that enlarge the key length and the key space. The PRNG requires a 256-bit external secret key to initialize the underlying system (equation (1)). This secret key is used to generate the initial state of the PRNG. However, the use of the same initial key permits always obtaining the same random number sequence. To avoid transient effects, key sequence relationship, dependence, and determinism, a random state generator is attached to the complex chaotic design to perturb the underlying system dynamically. However, the PRNG exhibits complex chaotic behaviour. It depends not only on the initial key but also on intermediate random states. This permits to increase the complexity of the key against attacks.

After random values generation by the chaotic design, the convertor block is used that permits modulating the generated values into 32-bit numbers (equation (2)). As a result, a sequence of independent numbers PRNS is obtained and its properties are statistically independent, uniformly distributed, and unpredictable. In addition, the proposed PRNG depends not only on the initial secret key but also on internal random states generated dynamically:

The used chaotic systems are the Henon map, 2D logistic map in a complex set, and the Baker map. Their mathematical models are described in equations (3)–(5), respectively:

The Henon map has a state of two variables (x, y), and a and b are the system parameters. It exhibits chaotic behaviour for certain parameter values and initial conditions. When a = 1.4 and b = 0.3, the system has chaotic behaviour [13]. The initial state (x0, y0) of the Henon map is derived from the initial key ki:

The 2D logistic map in a complex set has a state of two variables (x, y) and one parameter λ. For λϵ [0, 4], the system has chaotic behaviour [14]. The initial state (x0, y0) of the 2D logistic map is derived from the initial key ki:

The Baker map has a state of two variables (x, y) and one parameter p. For p = 0.5, the system has chaotic behaviour [15]. The initial state (x0, y0) of the Baker map is derived from the initial key ki.

2.2. Encryption Phase

A symmetric scheme is adopted for image encryption. The cryptosystem uses the Secure Hash Algorithm (SHA-256) to generate a unique 256-bit hash value fully related to the secret image I as follows:

The image’s hash value is considered as the initial secret key of the cryptosystem that is named ki. This key is used to initialize the PRNG. An improved PRNG-based symmetric scheme is designed to encrypt the secret image. The general architecture is depicted in Figure 3. Both confusion and diffusion properties are employed in encryption architecture. The confusion property is obtained by pixel permutation and substitution. However, the diffusion property is obtained by XORing the image's pixels with a key stream. Data encryption steps are as follows:(i)Step 1: read a medical image I with any size S = N × M × O. N and M are the image’s dimensions and O is the number of layers. For colour image O = 3, the image is decomposed firstly into red, blue, and green components, and then, each component is encrypted separately using the encryption system.(ii)Step 2: bits permutation of pixels. The image’s pixels are permuted by cycling right shift or cycling left shift according to the pixel’s position parity. Figure 4 illustrates the process.(1)If the position of the pixel is pair, then the pixel’s bits are permuted by cycling right shift of 2 bits:

(iii)Step 3: random permutation of the pixel’s position. Here, a permutation matrix (PM) of size M × N is generated using the PRNG. The matrix contains random indices that to be followed to permute the position of the image’s pixels. The principle to generate the matrix PM is illustrated in Figure 5. Firstly, the PRNG is iterated to produce a sequence of M × N random numbers. Then, the numbers are sorted in ascending order, while keeping the index of each random number. Next, reshape the sequence of indices into M × N cases to obtain the MP matrix. Finally, the image’s pixels are permuted according to the indices in the PM. This process is detailed for 4 × 4 pixels in Figure 6.(2)If the position of the pixel is impair, then the pixel’s bits are permuted by cycling left shift of 2 bits:(iv)Step 4: image’s pixels substitution using two different S-boxes. Here, two S-boxes are generated using the PRNG. The same idea used for PM generation is used again for the generation of S-boxes. However, the PRNG is iterated 256 + 256 times in order to generate two streams of 256 pseudorandom 8-bit numbers N1 and N2, respectively. The pseudorandom numbers are used to create two different S-boxes. Figure 7 illustrates the process.(v)Afterward, an internal condition is used for block’s pixel permutation that permits utilizing the S-box1 or the S-box2 according to the permuted pixel obtained at the last step:(3)If the position of the permuted pixel is pair, then the pixel is substituted by the state of the S-box1:(4)If the position of the permuted pixel is impair, then the pixel is substituted by the state of the S-box2:(vi)The S-box is a 256-case substitution table. Let I be an 8-bit coded image per pixel, X and Y are binary numbers obtained from the pixel of the image as follows:(vii)Each pixel of the image block is substituted by the state of the table which corresponds to the intersection of X with Y. Table 1 shows an example of S-box. Let us take an example: Iij = (134)10 = (10000110)2, so X = 0110 and Y = 1000; the value of the image pixel is substituted by the value of the state S.


(viii)Step 5: pixels XOR diffusion with a key stream. Thus, The PRNG is iterated again for N × M times in order to generate a key stream PRNS. N and M are the image’s dimensions. Then, the obtained image in the last step is diffused by XORing the pixels with the PRNS. Following this process, an intermediate encrypted image (IEI) is obtained as follows:(ix)Step 6: repeat all last steps R rounds in order to produce the final encrypted image.
2.3. Decryption Phase

After the encryption step, the encrypted image can be stored or transmitted to a well-defined destination using an insecure network (diffusion step). At the reception, the image must be processed by the decryption system to find the plain image. The decryption system is an inverse algorithm of the encryption algorithm. In the substitution step, inverse S-boxes are used. Table 2 shows the inverse S-box of the S-box presented in Table 1.



3. Experimental Results and Interpretation

In this section, a thorough assessment of the proposed cryptosystem is detailed. Several indicators are used, which are the most used in the image cryptography community. Using the proposed cryptosystem, we can perform R rounds of encryption to improve the complexity of the encrypted image against hackers. However, we evaluate the cryptosystem with only one round of encryption. Several ordinary and medical images with different types, contents, and sizes are used for the test. For ordinary colour images, we use the standard Lena, peppers, and baboon images of size 512 × 512 × 3 (Figure 8). For medical images, height different types of images are selected that are illustrated in Figure 9: medical image obtained by magnetic resonance device (MRI), 3D scanner, X-ray, radiography, endoscopy, computerized tomography (CT) scan, and ultrasound device. Simulation results and performance analysis for the selected images are given in this section. This part includes qualitative analysis of encrypted images, statistical analysis, noise and data loss analysis, key analysis, and algorithm performance analysis.

3.1. Analysis of the Encrypted Image Quality

Here, we make objective measurements of the encrypted image quality where the original image is the reference. Peak signal-to-noise ratio (PSNR) and structural similarity index measure (SSIM) are used for that [1618]. Table 3 introduces the simulation results found for each encrypted image.


ImagePSNRSSIM

Lena7.60510.0059
Peppers6.12440.0080
Baboon7.07250.0061
3D ultrasound7.59740.0064
1D ultrasound7.14650.0072
3D scanner6.19430.0040
3D radiography foot6.47120.0063
3D X-ray6.98390.0065
3D CT-scan7.44830.0072
1D RMI6.74210.0054
1D endoscopy7.38050.0075

From Table 3, the PSNR value of encrypted images is lower than 8 dB, and the SSIM value is close to 0. This indicates that the encrypted image produced by the proposed cryptosystem has a very poor quality. As a result, it is very difficult to predict the plain image from the encrypted one.

3.2. Statistical Analysis

The statistical analysis of the plain and encrypted image includes the analysis of histogram, entropy, two-dimensional normalized correlation (NC), and the correlation coefficient (ρ) [1921].

3.2.1. Histogram Analysis

The image histogram is a two-dimensional statistical curve showing the distribution of gray scales according to their values. Figure 10 shows the original images and their corresponding encrypted images, and histograms of the original images and their corresponding encrypted images.

As seen in Figure 10.4, Figure 10.8, Figure 10.12, Figure 10.16, Figure 10.20, Figure 10.24, Figure 10.28, Figure 10.32, Figure 10.36, Figure 10.40, and Figure 10.44, we note that the histogram of the resultant encrypted image is uniformly distributed and dissimilar compared to the histogram of the original image in Figure 10.2, Figure 10.6, Figure 10.10, Figure 10.14, Figure 10.18, Figure 10.22, Figure 10.26, Figure 10.30, Figure 10.34, Figure 10.38, and Figure 10.42 which contains large spikes. Therefore, the original image’s pixels and the encrypted image’s pixels are completely different.

3.2.2. NC Analysis

The 2D NC is a measure of the degree of reliability between two images. After encrypting the original images, the NC is computed between the original image and its corresponding encrypted image. From Table 4, the NC value between the original image and its corresponding encrypted image produced by the proposed system is highly close to zeros. This indicates that the original image and the encrypted one are dissimilar and have not a relationship. As a consequence, the proposed system is safe against statistical attacks.


ImageNC
RedBlueGreen

Lena−0.0041−0.0024−0.00065
Peppers−0.0025−0.00018−0.00079
Baboon−0.0027−0.0028−0.00063
3D ultrasound0.00003−0.00021−0.00029
3D ankle−0.000090.00003−0.00024
3D X-ray−0.00041−0.00042−0.0015
3D radiography−0.0039−0.00367−0.0043
3D CT-scan−0.0028−0.00056−0.00073
1D ultrasound−0.0047
MRI−0.0036
Endoscopy−0.00042

3.2.3. Global and Local Shannon Entropy Analysis

Shannon entropy is a measure of the degree of randomness associated with an image. It is defined as follows:

The global Shannon entropy is measured by applying equation (16) to the whole image. This way fails to measure the real degree of randomness of an image. It has many weaknesses such as unfair random comparisons between images of different sizes, the inability to discern the randomness of images before and after image encrypting, and possible inaccurate scores for the synthesized images. However, it cannot be used for universal measures of randomness. To overcome this problem, local Shannon should be applied. The local entropy is measured by computing the mean of global Shannon entropies over all the nonoverlapping blocks of size 1936 pixels in the image [3]. Table 5 introduces the simulation results of global and local Shannon entropy found for each image.


ImageLocal Shannon entropyGlobal Shannon entropy
RedBlueGreenRedBlueGreen

Lena7.95487.95467.95427.99987.99987.9997
Peppers7.95467.95497.95447.99987.99977.9997
Baboon7.95547.95577.95537.99987.99987.9998
3D ultrasound7.95577.95527.95488.00008.00008.0000
3D ankle7.95637.95597.95598.00008.00008.0000
3D X-ray7.95687.95637.95648.00008.00008.0000
3D radiography7.95627.95637.95608.00008.00008.0000
3D CT-scan7.95677.95677.95658.00008.00008.0000
1D ultrasound7.95568.0000
MRI7.95537.99998
Endoscopy7.95497.99998

Analysing the results, the encrypted image’s global entropy value is highly close to the ideal value 8 and the mean of local entropy is very important. This indicates that the pixels of the encrypted image are random. As a consequence, the proposed system is safe against entropy and statistical attacks. Table 6 introduces a comparative study of image entropy with several other recent works. The proposed system gives the best result.


ImageOrdinary imageMedical image
EntropyGlobalLocalGlobalLocal

Reference [3]7.999507.90300
Reference [5]7.99930
Reference [6]7.99954
Reference [7]7.99930
Reference [8]7.98910
Reference [9]7.99932
Reference [10]7.98830
Reference [11]7.99930
Reference [12]7.99720
Reference [22]7.99740
Proposed algorithm7.999857.954867.999987.95627

3.2.4. Correlation Coefficient Analysis

The ρ tool computes the correlation coefficient in the horizontal, vertical, and diagonal directions of an image. Let x and y two grayscale values of two adjacent pixels in the image, and the correlation of the adjacent pixels is computed using equation (14):where E(x) is the expectation of x, D(x) is the estimation of the variance in x, and cov(x, y) is the estimation of the covariance between x and y.

Table 7 shows that the correlation coefficient of the original images is close to 1, while the encrypted images are close to zeros. This indicates that the original image’s pixels are correlated, unlike the encrypted image’s pixels are not correlated. Figure 11 shows the distributions of 3000 pairs of randomly selected adjacent pixels of the original image Lena in the horizontal, vertical, and diagonal directions, respectively. Also, Figure 12 presents the distribution of pixels of the original medical image ankle. Figure 13 shows the distributions of 2000 pairs of randomly selected adjacent pixels of the encrypted Lena image in the horizontal, vertical, and diagonal directions, respectively. Also, Figure 14 presents the distribution of pixels of the encrypted medical image ankle. We note that the distribution of the pixels of the plain image is consistent, unlike the encrypted image is inconsistent. This indicates that the encrypted image’s pixels are not correlated. As a result, we cannot predict any information using a statistical correlation between the encrypted image pixels that permits recovering of the original image.


ImageDirectionOriginal imageEncrypted image
RedBlueGreenRedBlueGreen

Lena
(512 × 512 × 3)
H0.95880.93580.9160−0.0196−0.0145−0.0546
V0.98180.96650.9522−0.0162−0.0184−0.0082
D0.99000.98100.9737−0.0078−0.0012−0.0049

Peppers
(512 × 512 × 3)
H0.96170.96580.9443−0.0136−0.0070−0.0014
V0.98140.97890.9671−0.0288−0.00540.0046
D0.96660.96550.9455−0.0310−0.02940.0084

Baboon
(512 × 512 × 3)
H0.86560.92910.83990.00530.0063−0.0040
V0.78970.88480.76290.00200.00760.0098
D0.88550.93090.86190.00770.0049−0.0075

3D ultrasound baby
(2844 × 4044 × 3)
H0.89890.90080.8360−0.0022−0.0024−0.0020
V0.97200.97230.9559−0.0056−0.0090−0.0013
D0.97890.98150.9662−0.0019−0.0082−0.0002

3D scanner ankle
(1080 × 1920 × 3)
H0.99810.99830.9963−0.0073−0.0187−0.0100
V0.99750.99840.9956−0.0319−0.0259−0.0061
D0.99930.99920.9984−0.0024−0.0051−0.0179

3D radiography
(2400 × 2956 × 3)
H0.99930.99940.9994−0.0022−0.0018−0.0007
V0.99890.99160.9945−0.0029−0.0036−0.0032
D0.99460.99440.9901−0.0015−0.0019−0.0002

3D X-ray
(3816 × 2832 × 3)
H0.99810.99710.9955−0.0241−0.0051−0.0164
V0.99950.99900.9986−0.0071−0.0034−0.0180
D0.99950.99900.9987−0.0043−0.0108−0.0336

3D CT-scan
(800 × 600 × 3)
H0.99460.99440.9901−0.0018−0.0066−0.0011
V0.99460.99440.9891−0.0012−0.0033−0.0039
D0.99440.99410.9897−0.0046−0.0018−0.0026

1D ultrasound
(1200 × 700 × 1)
H0.9865−0.00012
V0.9843−0.00084
D0.9839−0.00069

MRI
(456 × 456 × 1)
H0.9144−0.0022
V0.9346−0.0041
D0.99422−0.0019

Endoscopy
(634 × 549 × 1)
H0.9882−0.0260
V0.9869−0.0022
D0.9847−0.0047

3.3. Noise and Data Loss Analysis

Using digital networks for transmission, image is vulnerable to several types of noise and loss. However, having any noise or loss in the encrypted image can result in difficulty to recover the clear image using the decryption algorithm. Noise and loss refer to random errors in pixels values of the image acquired during image transmission. A good cryptosystem algorithm should recover the plain image when the encrypted image was affected by any treatment. In this part, we evaluate the robustness of the proposed cryptosystem against Gaussian white noise and “salt and pepper” data loss. Firstly, we produce an encrypted image using the encryption system. Then, we attack it with an attack which results in a modified encrypted image. Afterward, we try decrypting the modified encrypted image by the decryption system. Finally, we evaluate the decrypted image using the NC, PSNR, and SSIM tools where the original image is the reference [2327]. The selected attacks are the most common and have been used with different intensities to properly test the robustness of the algorithm.

Salt and pepper noise is added to an image by the addition of both random on and off pixels, i.e., random bright with a pixel value of 255 and random dark with 0 pixel value, all over the image. Table 8 introduces the simulation results of the PSNR, SSIM, and NC where the encrypted image was affected by “salt and pepper” data loss. Figures 15(a)–15(d) show the encrypted images attacked with “salt and pepper” loss intensities 0.01, 0.05, 0.01, and 0.5, respectively. Figures 15(e)–15(h) show the corresponding decrypted images, respectively. An intensity of 0.5, i.e., 50% of the encrypted image pixels, has been lost.


ImageData lossSalt and pepper
Intensity0.0090.010.050.090.10.5

Lena
512 × 512 × 3
PSNR39.5137.9635.6832.6629.8928.6726.61
SSIM0.9820.9690.9670.8560.7650.7480.479
NC0.9880.9800.9790.8990.8280.8140.557

Peppers
512 × 512 × 3
PSNR39.0837.5835.0231.1129.5428.0526.09
SSIM0.9830.9690.9670.8570.7710.7510.489
NC0.9900.9820.9800.9060.8400.8260.564

Baboon
512 × 512 × 3
PSNR39.8138.2036.9332.8130.2728.8326.82
SSIM0.9770.9590.9570.8210.7220.7010.458
NC0.9920.9870.9860.9310.8780.8670.521

3D ultrasound baby
2844 × 4044 × 3
PSNR40.9238.4037.9835.9031.3429.8926.92
SSIM0.9360.9020.8940.7130.6230.6040.420
NC0.9940.9910.9900.9490.9070.8970.496

3D scanner ankle
1080 × 1920 x 3
PSNR40.2637.6936.2135.1731.6529.2125.20
SSIM0.9860.9370.9170.8560.7820.5710.437
NC0.9940.9900.9890.9450.9040.8940.501

3D radiography
2400 × 2956 × 3
PSNR41.2138.8537.3235.7932.6329.8525.81
SSIM0.9810.9160.8960.8050.6630.5490.425
NC0.9940.9900.9890.9460.9050.8930.487

3D X-ray
3816 × 2832 × 3
PSNR40.2638.4736.9634.9831.7528.7225.34
SSIM0.9850.9790.9680.8710.7820.7660.421
NC0.9760.9630.9450.8830.7690.7470.453

3D CT-scan
800 × 600 × 3
PSNR40.6438.3536.4534.6630.7427.7625.17
SSIM0.9790.9730.8410.7950.6320.4730.437
NC0.9790.9680.9460.8910.7870.7610.507

1D ultrasound
1200 × 700
PSNR39.5437.2636.0832.1728.9527.2125.14
SSIM0.9870.9420.9090.8670.8310.7820.587
NC0.9930.9890.9530.8510.7040.6940.501

MRI
456 × 456 × 1
PSNR39.7537.8135.5231.6229.9827.8324.92
SSIM0.9910.9750.8600.7130.6890.6260.516
NC0.9950.9830.9740.8980.8260.7110.501

Endoscopy
634 × 549
PSNR39.6738.1437.3235.2331.0729.1725.72
SSIM0.9840.9240.8870.8120.6740.5890.477
NC0.9950.9870.9820.9430.9100.8790.513

Table 9 introduces the result of PSNR, SSIM, and NC where the encrypted image is noisy with the Gaussian white noise. Figures 16(a)–16(d) are the encrypted images noisy with the variances 0.01, 0.05, 0.1, and 0.5, respectively. Figures 16(e)–16(h) show the corresponding decrypted image, respectively.


ImageNoiseGaussian white
Variance0.0050.0090.010.050.090.10.5

Lena
512 × 512 × 3
PSNR38.9037.8135.6133.1929.1128.2323.61
SSIM0.9060.8370.8240.7250.6580.5480.409
NC0.9470.8930.7810.7190.6950.6630.465

Peppers
512 × 512 × 3
PSNR38.7512.7212.5410.219.569.458.17
SSIM0.9320.8820.8320.7540.6220.5410.415
NC0.9540.8890.8470.7830.6370.5150.457

Baboon
512 × 512 × 3
PSNR39.1938.1536.0733.8329.7528.5423.77
SSIM0.9220.8760.7630.6040.5710.5300.405
NC0.9830.8910.8000.7510.5400.5080.443

3D ultrasound baby
2844 × 4044 × 3
PSNR39.4338.5336.1033.7129.0228.9023.82
SSIM0.9710.8770.8490.7320.6500.6350.412
NC0.9820.9250.8720.7470.6360.6220.397

3D scanner ankle
1080 × 1920 x 3
PSNR39.7238.1337.8132.7629.1527.4223.85
SSIM0.9810.8930.8670.7590.6730.6480.415
NC0.9960.9530.8910.7560.6470.6310.421

3D chest radiography
2400 × 2956 × 3
PSNR39.8638.5736.2233.7229.3328.9424.03
SSIM0.9810.8950.8620.7430.6590.6430.425
NC0.9930.9360.8950.7860.6710.6550.443

3D X-ray
3816 × 2832 × 3
PSNR39.5938.4236.8633.6129.2228.4723.69
SSIM0.9820.8790.8500.7370.6560.6410.419
NC0.9890.9810.8640.7910.6770.6690.453

3D CT-scan
800 × 600 × 3
PSNR38.7838.0535.9133.1129.2328.1523.39
SSIM0.9750.8530.8240.7180.6290.6310.402
NC0.9820.9680.8370.7450.6530.6460.420

1D ultrasound
1200 × 700
PSNR39.1438.4235.9833.4728.8727.9723.52
SSIM0.9720.8460.8150.6980.6090.5220.389
NC0.9800.9590.8280.7190.6270.5690.390

MRI
456 × 456 × 1
PSNR38.7237.8535.2132.7128.1827.4623.31
SSIM0.9730.8510.8090.6920.5890.5190.382
NC0.9860.9650.8290.7140.6310.5730.387

Endoscopy
634 × 549
PSNR38.6837.8735.2532.6828.1227.3723.22
SSIM0.9750.8460.8110.6970.5850.51160.379
NC0.9840.9600.8260.7050.6290.5690.386

Following the obtained results, the proposed algorithm proves its performance to a certain extent. This is due to the main feature that our algorithm does not allow any propagation error.

3.4. Known-Plaintext and Chosen-Plaintext Attack Analysis

In the proposed algorithm, the diffusion process is performed by the XOR operation. Thus, it is very essential to evaluate its robustness against the chosen-plaintext attack. This type of attack uses the encrypted image with arbitrary plaintext data to crack the cryptosystem algorithm. According to reference [28], if equation (15) is determined, the algorithm will be vulnerable to chosen-plaintext attacks. Otherwise, the algorithm resists chosen-plaintext attacks:

P1 and P2 are the plain Lena and pepper images, while C1 and C2 are their corresponding encrypted images, respectively. Figure 17 shows that the XOR of encrypted image and clear image is not equal, i.e., the proposed cryptosystem algorithm resists chosen-plaintext attack.

In general, an attacker uses whole black or whole white images to find out the possible patterns in the cryptosystem algorithm. However, the whole white and whole black images of 512 × 512 × 3 size are encrypted by the proposed algorithm. Figure 18 presents the encrypted images and no pattern can be perceptible. The entropy value of images is selfsame as other encrypted images and correlation coefficients are highly close to zeros. Table 10 shows the result simulation of global and local image entropy and correlation coefficient.


ToolEntropyCorrelation coefficient
GlobalLocalHVD

Plain black image00
Encrypted black image7.99987.9574−0.0023−0.0042−0.00354
Plain white image00
Encrypted white image7.99987.9574−0.0035−0.0029−0.00173

3.5. Key Analysis

The analysis of the key includes the key space, key sensitivity, and randomness analysis test to evaluate the strength of the cryptosystem against brute-force and differential hackers.

3.5.1. Key Space

The key space of a safety encryption scheme should be very large to resist the brute-force attack. The designed PRNG has six outputs each with 32-bit length. Thus, there is a 23×64 = 2192 possible key. Following reference [29], the key brute-force attacks are computationally infeasible. Table 11 gives a comparative study of the key space with other recent encryption algorithms.


WorkKey space

Reference [4]2150
Reference [8]1042
Reference [10]3.4 × 1038
Proposed algorithm2192

3.5.2. Key Sensitivity

The PRNG should be sensitive to a small change in the initial key ki. Exactly, a change of 1 bit in ki will cause a considerably significant change in the encrypted image. The sensitivity test is applied at the encryption phase, as much as at the decryption phase. The sensitivity test can be achieved using the NPCR and UACI tests to assess the robustness of the encrypted image against differential hackers [30]. NPCR and UACI are described as follows:where S is the size of the image and D(i, j) is a logical value affected by the following cases:

d is the difference between two pixels on the image with the same coordinates:

Encryption Phase: in this phase, a change of one bit in ki must provide a considerable change in the encrypted image. For the test, let us consider two initial secret keys ki1 and ki2, where ki2 is different by one bit from ki1: (i)ki1 = 5C2D5DA1B3B91F884A20FC7E18C644C2ED4EA2F05D2DEBD98A14E20906E4C1CD(ii)ki2 = 6C2D5DA1B3B91F884A20FC7E18C644C2ED4EA2F05D2DEBD98A14E20906E4C1CD

Therefore, we encrypt the same Lena image using the ki1 and the ki2, respectively. Figures 19(a) and 19(b) show the result images of each key, respectively. Figure 19(c) shows the difference between image Figures 19(a) and 19(b). Table 12 gives the simulation results of the NPCR and UACI values found between the two encrypted images.


ImageNPCR (%)UACI (%)
RedBlueGreenRedBlueGreen

Lena99.6810999.6917299.6845233.8300234.0320433.69463
Peppers99.7564299.7053199.6934733.6872633.5982033.65629
Baboon99.7492699.6964299.7056234.0320433.6432233.58726
3D ultrasound99.8721599.8143699.7544333.6562933.7092933.66517
3D scanner99.8942799.8396099.8944134.0712534.0831134.19787
3D radiography99.8985399.8879999.8971134.0961434.0955634.08134
3D X-ray99.8773299.8949399.8946734.0984734.0959734.09613
3D CT-scan99.7936999.6595099.7631833.8059433.8982633.89117
1D ultrasound99.8462033.82922
1D brain99.7547133.79463
1D endoscopy99.7955633.89125

Like the aforementioned results, NPCR and UACI percentages are important. In addition, the NC coefficient is very weak; i.e., the images are dissimilar. We conclude that the proposed cryptosystem is highly sensitive to a one-bit change in the given initial key.

Decryption Phase: at the decryption step, a change of one bit in ki must provide a considerable change in the decrypted image. For the test, ki1 is used to decrypt the image in Figure 15(b); i.e., we try to decrypt an encrypted image by a wrong key which is different by one bit from the right key. Figure 20 shows the result decrypted image.

The NC value between the original and the image in Figure 20 is close to zero, NC = −0.0037. This indicates that the recovered image and the original image are completely different and have not a relationship. As a consequence, it is impossible to recover the original image using the wrong key which is different by one bit from the right key.

3.5.3. NIST 800-22 Test

The analysis of the randomness of a key stream can be achieved using the NIST 800-22 test. The test is useful to test random and pseudorandom number generators to determine whether or not a PRNG is appropriate for data encryption [31]. The analysis contains 15 tests that assess key streams to meet important necessities. It focuses on different nonrandom aspects that can be found in a key sequence.

The test results of a sequence of 262400 bytes generated by the proposed PRNG-CTR are shown in Table 13. The sequence passes successfully all parts of the test. This demonstrates that the generated pseudorandom numbers have good statistical properties: unpredictable, random, independent, and uniformly distributed.


Statistical valueStatus

Status frequency0.4372742Pass
Block frequency (m = 128)0.4372742Pass
Forward CUSUM0.4372742Pass
Reverse CUSUM0.4372742Pass
Runs0.4372742Pass
Long runs of ones0.4372742Pass
Binary matrix rank0.4372742Pass
Spectral DFT0. 8755390Pass
Nonoverlapping template (m = 9)0.7070707Pass
Overlapping template (m = 9)0.5449921Pass
Universal0.0713232Pass
Approximate entropy (m = 10)0.0125474Pass
Random excursions (x = +1)0.9030558Pass
Random excursions variant (x = −1)0.3974291Pass
Linear complexity (M = 500)0.1922722Pass

3.6. Cryptosystem Performance and Discussion

In real-time image processing, the execution time is a major constraint. In a software implementation, the speed of execution mainly depends on CPU performance. The proposed algorithm is implemented using the Matlab R2017a software running on a personal computer with CPU Intel Core i7-3770 3.4 GHz frequency. We can use the approximate equations (19) and (20) to compute the speed (S) and the number of cycles per byte (CpB) taken by an encryption algorithm running on a specific processor [32]:where DS is the data size, T is the time taken to execute the algorithm on a CPU, and CpS is the CPU frequency.

The proposed cryptosystem executes four processes in each encryption round: pixel’s bit permutation, random permutation of pixel's position, S-box substitution of pixels, and XOR diffusion. However, it uses two permutation processes, one substitution process, and one diffusion process. Each process takes a time that to be executed. In Table 14, we have introduced the time taken by each process to encrypt the colour Lena image of size 512 × 512 × 3 that presents 786432 megabytes of volume. Analysing the results, we note that the permutation process takes more time than substitution, while the XOR diffusion takes less time. The XOR process is a simple operation that can be done in parallel and pipeline processing. We suggest comparing our work to the works presented in reference [57, 10, 11]. To properly compare the systems, we introduce the comparison Table 15 that remembers the time taken by an encryption algorithm according to the number of processes. From reference [7, 10], the designers employ only the XOR diffusion process. However, it is logical that their cryptosystems take less execution time than other more complex architecture, but their algorithms cannot permit secure encryption according to the Shannon theory [33]. From reference [5, 11], the designers employ a permutation and a XOR diffusion process. According to the architecture complexity of the permutation, the proposed permutation process takes less time than their algorithms. Completing with reference [6], the designer employs two processes: a substitution and XOR diffusion. The proposed substitution algorithm takes less time than this algorithm.


ProcessKey generationRandom permutationS-box substitutionXOR diffusion

Time (s)0.01920.24260.18800.0378
Total time (s)0.4876
Speed (Mb/s)12.9


WorkPermutationSubstitutionDiffusionS (Mb/s)

Reference [2]0.2
Reference [3]9.6
Reference [4]3.4
Reference [7]13.52
Reference [8]2.4
Proposed algorithm12.9

In the proposed algorithm, the permutation, substitution, and diffusion are not complex that can be done with reasonable resources and low computational cost. In addition, they are independent that can be performed in parallel execution. This reduces significantly the execution time. The proposed scheme provides high-level security with high performance and reasonable resources.

4. Conclusion

In this work, we have proposed an improved chaos-based symmetric cryptosystem for medical image encryption and decryption. The SHA-256 is used to generate a 256-bit key of the cryptosystem. A complex chaos-based PRNG is designed to generate a high-quality encryption key. The generated key presents high randomness behaviour, high entropy, and high complexity. Improved architecture based on confusion and diffusion property is proposed for image encryption. The image undergoes a processing cycle of four operations in order to produce the encrypted image: random permutation of the position of pixels, position permutation of pixel’s bits, S-box pixels substitution, and XOR diffusion. R rounds of encryption can be performed in a loop to enjoy a high-level performance. In-depth measurements are taken with several medical images to assess the strength of the proposed cryptosystem against the most known attacks. The results demonstrate that the algorithm offers high performance and enhanced security with low computational complexity. The obtained image entropy is equal to 8 which is an important measure of randomness. The NIST test indicates that the proposed PRNG is appropriate for secure image encryption. In addition, the architecture is easily parallelizable to speed up execution and meet real-time application requirements. The comparative study with recent work indicates that the proposed algorithm provides the best performance. However, it is extremely adapted to protect and authenticate images, which can be used in several domains.

Data Availability

The data used to support the findings of this study are included within the article.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

References

  1. S. Ajili, “Joint watermarking\encryption image for safe transmission: application on medical imaging,” in Proceedings of the International Conference: Global Summit on Computer and Information Technology, London, UK, 2014. View at: Google Scholar
  2. M. Ali Hajjaji, “A medical image crypto−compression algorithm based on neural network and PWLCM,” Journal of Multimedia Tools and Applications, vol. 78, no. 11, pp. 14379–14396, 2019. View at: Google Scholar
  3. D. Manel, “An enhancement crypto−compression scheme for image based on chaotic system,” International Journal of Applied Engineering Research, vol. 11, no. 7, pp. 4718–4725, 2016. View at: Google Scholar
  4. D. Jeevitha, “Novel medical image encryption using DWT block−based scrambling and edge maps,” Journal of Ambient Intelligence and Humanized Computing, vol. 11, 2020. View at: Google Scholar
  5. J Liu, “A novel fourth order chaotic system and its algorithm for medical image encryption,” Journal of Multidimensional Systems and Signal Processing, vol. 1, pp. 1637–1657, 2019. View at: Google Scholar
  6. N. Tsafack, J. Kengne, B. Abd−El−Atty, A. M. Iliyasu, K. Hirota, and A. A. Abd EL−Latif, “Design and implementation of a simple dynamical 4−D chaotic circuit with applications in image encryption,” Information Sciences, vol. 515, pp. 191–217, 2020. View at: Publisher Site | Google Scholar
  7. X. Gao, “Image encryption algorithm based on the matrix semi−tensor product with a compound secret key produced by a Boolean network,” Information Sciences, vol. 539, pp. 195–214, 2020. View at: Publisher Site | Google Scholar
  8. Y. Naseer, T. Shah, F. Attaullah, and A. Javeed, “Advance image encryption technique utilizing compression, dynamical system and S−boxes,” Mathematics and Computers in Simulation, vol. 178, pp. 207–217, 2020. View at: Publisher Site | Google Scholar
  9. H. Li, “Chaos−based image encryption algorithm with orbit perturbation and dynamic state variable selection mechanisms,” Journal of Optics and Lasers in Engineering, vol. 115, pp. 197–207, 2019. View at: Publisher Site | Google Scholar
  10. L. Hongjun, “Chaos−based fast colour image encryption scheme with true random number keys from environmental noise,” Journal of Image Processing, IET, vol. 11, no. 5, pp. 324–332, 2017. View at: Google Scholar
  11. J. Zhou, “Fast color image encryption scheme based on 3D orthogonal Latin squares and matching matrix,” Journal of Optics and Laser Technology, vol. 131, 2020. View at: Google Scholar
  12. Y. Zhang, “The fast image encryption algorithm based on lifting scheme and chaos,” Information Sciences, vol. 520, 2020. View at: Publisher Site | Google Scholar
  13. P. F. Ping, Y. Mao, and Z. Wang, “Designing permutation−substitution image encryption networks with Henon map,” Neurocomputing, vol. 283, pp. 53–63, 2018. View at: Publisher Site | Google Scholar
  14. V. Xu, “A 2D logistic map and Lorenz−Rossler chaotic system based RGB image encryption approach,” Journal of Multimedia Tools and Applications, vol. 12, 2020. View at: Google Scholar
  15. L. Liu, “An image encryption algorithm based on Baker map with varying parameter,” Journal of Multimedia Tools and Applications, vol. 76, pp. 16511–16527, 2020. View at: Google Scholar
  16. M. Gafsi, “High securing cryptography system for digital image transmission,” Smart Innovation: Systems and Technologies, vol. 146, pp. 311–322, 2020. View at: Google Scholar
  17. M. Ali Hajjaji, “FPGA Implementation of digital images watermarking system based on discrete haar wavelet transform,” Journal of Security and Communication Networks, Hindawi, vol. 2019, Article ID 1294267, 2019. View at: Google Scholar
  18. A. Horé and D. Ziou, “Image quality metrics: PSNR vs. SSIM,” 2010. View at: Google Scholar
  19. G. Ramzi, “A novel chaos−based image encryption using DNA sequence operation and Secure Hash Algorithm SHA−2,” Nonlinear Dynamics, vol. 83, no. 3, pp. 1123–1136, 2016. View at: Google Scholar
  20. M. Dridi, “Cryptography of medical images based on a combination between chaotic and neural network,” Journal of Image Processing, IET, vol. 11, no. 5, pp. 324–332, 2016. View at: Google Scholar
  21. Y. Xian, “Image encryption based on chaotic Sub−Block scrambling and chaotic digit selection diffusion,” Journal of Optics and Lasers in Engineering, vol. 134, 2020. View at: Google Scholar
  22. S. Kumar, “Medical image encryption using fractional discrete cosine transform with chaotic function,” Journal of Medical & Biological Engineering & Computing, vol. 57, pp. 2517–2533, 2019. View at: Google Scholar
  23. M. Gafsi, “Efficient encryption system for numerical image safe transmission,” Journal of Electrical and Computer Engineering, Hindawi, vol. 12, 2020. View at: Google Scholar
  24. M. Gafsi, “XSG for hardware implementation of a robust watermarking system,” 2016. View at: Google Scholar
  25. M. Ali Hajjaji, “Discrete cosine transform space for hiding patient information in the medical images,” in Proceedings of the IEEE International Conference on Design & Test of Integrated Micro & nano−Systems (DTS'19), Gammarth, Tunisia, 2019. View at: Google Scholar
  26. M. Ali Hajjaji, “Combining DWT/KLT for secure transfer of color images,” in Proceedings of the IEEE International Conference on Design & Test of Integrated Micro & nano−Systems (DTS'19), Gammarth, Tunisia, 2019. View at: Google Scholar
  27. M. Ali Hajjaji, “Real time implementation of numerical watermarking system using xilinx system generator,” in Proceedings of the 16th International Conference on Sciences and Techniques of Automatic Control & Computer Engineering-STA'2015, Monastir, Tunisia, 2015. View at: Google Scholar
  28. S. Aashiq Banu, “Tri−level scrambling and enhanced diffusion for DICOM image cipher−DNA and chaotic fused approach,” Journal of Multimedia Tools and Applications, vol. 79, pp. 28807–28824, 2020. View at: Google Scholar
  29. G. Alvarez and S. Li, “Some basic cryptographic requirements for chaos−based cryptosystems,” International Journal of Bifurcation and Chaos, vol. 16, no. 8, pp. 2129–2151, 2006. View at: Publisher Site | Google Scholar
  30. W. Yue, “NPCR and UACI randomness tests for image encryption, cyber journals: multidisciplinary journals in science and technology,” Journal of Selected Areas in Telecommunications (JSAT), vol. 79, 2011. View at: Google Scholar
  31. A. Rukhin, “A statistical test suite for random and pseudorandom number generators for cryptographic applications, special publication 800−22 revision 1a,” National Institute of Standards and Technology (NIST), vol. 79, 2010. View at: Google Scholar
  32. A. Safwan El, “A new chaos−based image encryption system,” Journal of Signal Processing: Image Communication, vol. 41, pp. 144–157, 2016. View at: Google Scholar
  33. C. E. Shannon, “Communication theory of secrecy systems,” Bell System Technical Journal, vol. 28, no. 4, pp. 656–715, 1949. View at: Publisher Site | Google Scholar

Copyright © 2020 Mohamed Gafsi et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.


More related articles

 PDF Download Citation Citation
 Download other formatsMore
 Order printed copiesOrder
Views267
Downloads216
Citations

Related articles