A Robust Chaos-Based Image Cryptosystem with an Improved Key Generator and Plain Image Sensitivity Mechanism ()
1. Introduction
With the rapid development of information technology and widely use of computer networks, multimedia applications have become much more prevalent than the past. This situation creates security problems of transferring information in communication network and thus, confidentiality of the information is becoming a serious issue nowadays. Among the multimedia information, digital image plays an important role in people’s daily life so the protection of visual information has become a major task. Encryption is an ordinary solution for the protection of information. Most of the available encryption methods such as DES (Data Encryption Standard), AES (Advanced Encryption Standard) and IDEA (International Data Encryption Algorithm) are typically used for text- structure data [1] [2] [3] . However, compared to text, digital images have some intrinsic features such as bulk data capacity, high redundancy and strong correlation among adjacent pixels [4] [5] . Hence, these algorithms are not suitable for image encryption [1] [6] due to the requirement of much more processing power, bandwidth and longer time which causes low-level efficiency during encryption and decryption processes [7] .
Chaotic systems have important properties of sensitivity to initial conditions and control parameters, pseudo-randomness and ergodicity [2] [8] [9] , which meet Shannon’s requirements of confusion and diffusion in cryptography [10] . These characteristics make the chaotic systems a good candidate for data encryption and create the phenomena of chaos-based cryptography. Many chaos- based image cryptosystems are proposed in this field recently [1] - [11] . However, some of them are successfully broken [12] - [17] due to their small key spaces and weakly secure encryption mechanisms. Among these weaknesses, the most serious one is that the key element used in cryptosystem completely depends on the secret key which means that the same key is used to encrypt different plain images. This property allows the attacker to launch known-plaintext attack or chosen-plaintext attack for cryptanalysis.
Discrete time chaotic systems have high efficiency comparing with the continuous time chaotic systems [18] and their implementations are very easy in software and hardware platforms. However, these systems have serious disadvantages of limited or discontinuous range of chaotic behaviors and generally show non-uniform data distribution of output [11] . Using such systems in a cryptosystem creates crucial drawbacks such as small key space, weak security and poor efficiency which threat the security of the whole cryptosystem. As a result, a new improved Logistic map has been designed to overcome these weaknesses. A good pseudo-random key generator should be a stochastic and supposed to generate uniform key that should be random, non-periodic and equally distributed as possible for an effective encryption [19] . Improved map is expected to provide these properties and demonstrates better performance than the standard one.
The proposed cryptosystem utilizes Arnold Cat map (ACM) method that is used to transform all pixel positions of original image to their corresponding positions without changing their values. This part breaks the strong correlation of adjacent pixels and creates a confused image. In diffusion part, all pixels values are modified sequentially through a diffusion function as one pixel change can influences other pixels, which keeps high plain-text and cipher-text sensitivity. The rest of the paper is organized as follows: Section 2 gives brief overview of the standard Logistic map (SLM) with its dynamic defect. Section 3 introduces an improved Logistic map (ILM) with statistical analysis. In Section 4, the proposed cryptosystem is described in detail. Security and performance of the proposed algorithm are analyzed in Section 5. Finally, the conclusions will be discussed in Section 6.
2. Research Question
Standard Logistic Map (SLM)
Standard map is one of the simplest discrete systems that exhibit chaos and defined by
(1)
where
is called control parameter and
. When
, then the map is in chaos state, which means that
is aperiodic, non-conver- gent and very sensitive to initial value
. However, some isolated values [20] , such as
appear to show non-chaotic behavior that results neither uniform nor random output distribution. Additionally, SLM demonstrates perfect chaotic properties in the case of
only. In cryptographic manner, this situation reduces the key space if the control parameter is used as a key parameter. As a key generator, what should be done on SLM to overcome that issue? An improved Logistic map with larger key space will be designed and its all parameters should keep the system fully chaotic.
3. Methodology
3.1. Improved Logistic Map (ILM)
We modify SLM by adding a new parameter to the map equation as the following
(2)
where
values are restricted to the interval of
and
. In Equation (2), maximum point occurs at
and its value is
, while the minimum occurs at
and its value is
. Thus,
(3)
by solving the above equations, we get
and
. Substituting these into Equation (2), then we get,
(4)
where the range of
is limited by 1. To make larger key space, the interval of the
must be increased. Hence, the following transformation is applied to the map which divides
in the first term and spreads its range in the system.
(5)
Finally, we obtain the equation of ILM as
(6)
where
. Now,
values are restricted to
. Here,
parameter must be always bigger than
, otherwise
values appear out of the range (0, 1). If
, then the improved map will become standard one again. Additionally, the closer
to
value, the bigger range of
occurs at output. We specify the relationship between
and
by the following equation.
(7)
Here,
and
are used as key parameters for the proposed cryptosystem and they are not limited to a finite value for ILM to be in chaos state, whereas in standard map the control parameter is limited to 4.
3.2. Lyapunov and Bifurcation Analyses
Lyapunov exponent states a checkable criterion for sensitivity to initial conditions of a nonlinear dynamical system [20] and it is defined for discrete time systems by the following equation.
(8)
A positive Lyapunov exponent indicates that the dynamical system is chaotic [21] . The behavior of a dynamical system from a fixed point to a chaos with respect to its control parameter is given by a bifurcation diagram. Figure 1 shows
(a) (b)(c) (d)
Figure 1. (a) Bifurcation diagram of the SLM; (b) Bifurcation diagram of the ILM; (c) Lyapunov spectrum of SLM; (d) Lyapunov spectrum of ILM.
the Lyapunov spectrums and bifurcation diagrams of the SLM and ILM. Lyapunov coefficients for ILM are always greater than or equal to the values of SLM which shows that ILM has better mixing property. Figure 1(a) and Figure 1(b) show the bifurcation diagrams of the SLM and ILM, respectively. In Figure 1(b), there are no free white spaces and the entire area is almost covered. More importantly, all values of s can be used to build the key space.
3.3. Randomness Analysis
Randomness means the lack of predictability in a sequence of symbols [19] . We use NIST (National Institute of Standards and Technology) standard to evaluate the degree of randomness of the ILM outputs. NIST consists of fifteen tests [22] and each test produces a p-value which is a real number in [0, 1]. If p-value is greater than a predefined threshold, called significance level
, then the statistical test is passed successfully and the generator is considered as random with 99% confidence. In order to get sequential bit streams, the following transformation is applied to the output of the ILM.
(9)
A threshold level of 0.5 is used to generate a bit value “1” or “0” for each
. We randomly choose the system parameters as
and
in order to obtain 1,000,000 bits to carry on NIST. The results are given in Table 1.
According to the NIST result, it can be concluded that ILM is quite stochastic and generates chaotic sequences which has sufficient randomness.
4. Proposed Cryptosystem
Chaos-based image encryption systems are generally composed of two stages: replacement of pixels called confusion and modification of pixel values called diffusion [3] [5] [6] . The flowchart of the proposed cryptosystem is shown in Figure 2.
4.1. Confusion Stage
In an ordinary image, adjacent pixels have strong correlation. This strong correlation need to be broken before encryption. Arnold Cat Map is an invertible discrete system that will be used to rearrange the pixel positions of the plain image in a way that the adjacent pixels are far enough from each other. It is represented by
(10)
where (x, y) are the pixel position of the plain image with a size of
and (x´, y´) is the corresponding pixel position. Control parameters of the map are p and q, which are positive integers and will be used as confusion key parameters. The inverse of ACM is determined by the following equation.
(11)
ACM effectively changes all pixel positions as only linear transformation with simple mod function need to be performed. Furthermore, it has a characteristic of area-preserving which means that if it is iterated enough times, original image reappears. Shortly, ACM can be considered as a permutation method that focuses on the pixel position not the pixel value of the plain image. Hence, the cryptosystem requires a diffusion process to enhance the security.
Figure 2. The flowchart of the proposed cryptosystem (a) Encryption scheme (b) Decryption scheme.
4.2. Diffusion Stage
In a gray image, each pixel is represented by 8-bit in decimal range [0, 255]. Key must be same format with the pixel in the image to operate diffusion. However, the output of the ILM is a floating-point value. Thus, the following equation is used to obtain encryption key.
(12)
The proposed cryptosystem uses a sk parameter which is strongly depends on the pixel values and size of the plain image. It provides different keys even with the same parameters of the cryptosystem and defined by
(13)
where normalized image has a size of
pixels. This parameter is not a secret key but will be used to generate different keys by modifying the initial value of the ILM as in Equation (14).
(14)
Diffusion is a process in which the pixel values of confused image are modified sequentially by mixing the encryption key. Diffusion operation used in the cryptosystem is given by
(15)
where
,
,
and
represent the current plain pixel, output cipher pixel, encryption key and the previous cipher pixel, respectively. Such a diffusion function is very efficient because simple modular arithmetic and logical operations can be performed in high speed. The current diffused pixel is depend on the previous one, so a small change in the plain image will affect more than one pixel in the cipher image and reflects the diffusion to whole cipher image. Here, we encode the first cipher pixel as
(16)
and its value depends on
,
and
parameters of the cryptosystem. In every iteration, a new sk is determined from the current cipher image, so ILM runs with similar parameter of s, but different initial value of
which allows to produce different key for the next iteration of encryption. The proposed image encryption is a symmetric algorithm which means that identical key is used for decryption process. The decryption algorithm is the reverse diffusion and defined by
(17)
The confusion and diffusion processes complete the proposed image encryption structure. For instance, Lena image is encrypted by the proposed cryptosystem with a key of
,
,
,
and
. The result is shown in Figure 3.
5. Security and Performance Analysis
5.1. Key Space Analysis
Key space size is the total number of different keys that can be used in a cryptosystem. For an ideal encryption algorithm, it should be larger than
to make brute-force attack infeasible [6] . In the cryptosystem, the secret key parameters are
and
. According to the IEEE (Institute of Electrical and Electronics Engineers) floating-point standard [2] , the computational precision of the 64-bit double precision number is about
. Number of iteration and each confusion parameter are 8-bit key. Hence, the total number of possible key is approximately,
(18)
which is sufficient to resist brute-force attack.
5.2. Key Sensitivity Analysis
Key sensitivity analysis can be observed in two aspects: (i) if slightly different keys are applied to encrypt the same images, then completely different cipher images should be produced; (ii) if a tiny difference exists in decryption key, then the cipher image could not be decrypted correctly. For the first key sensitivity analysis, a test plain of cameraman image is encrypted with a randomly chosen key of
,
. Then a slight change
is applied to the one of the parameters with the other remains same, and repeats the encryption. The corresponding cipher images and the differential images are shown in Figure 4. The correlation coefficients between the cipher images are calculated and given in Table 2.
(a) (b) (c)(d) (e) (f)
Figure 3. The result of the proposed cryptosystem (a) Original Lena image; (b) Encrypted Lena image; (c) Decrypted image; (d) Histogram of (a); (e) Histogram of (b); (f) Histogram of (c).
(a) (b) (c)(d) (e) (f)
Figure 4. Key sensitivity in the first case: (a) Plain image; (b) Cipher image with
,
; (c) Cipher image with
,
; (d) Differential image between (b) and (c); (e) Cipher image with
,
; (f) Differential image between (b) and (e).
Table 2. Correlation coefficients between cipher images produced by slightly different keys.
In Table 2, the negative correlation means that for two cipher images, an increase in one of them is associated with a decrease in the other. In order to observe the effect of sk in the cryptosystem, we use two Lena images that one of them has a central pixel difference and then proceed the encryption with same key parameters for both images. Graphical and numerical results are shown in Figure 5 and Table 3.
The proposed cryptosystem should also be sensitive to p, q and n. Cipher images produced by slightly different keys are shown in Figure 6 and the correlation coefficients for corresponding cipher images are given in Table 4.
These results show that despite being a very small difference at all encryption keys, corresponding cipher images are completely different. For the second case, when a slightly different key is used in decryption, then the cipher image could not be decrypted correctly. Cipher Lena image in Figure 3(b) is used for second key sensitivity analysis and the result is shown in Figure 7.
We conclude that the proposed cryptosystem is quite sensitive to all keys and can effectively resist differential attacks.
(a) (b)(c) (d)
Figure 5. (a) Original Lena image; (b) Lena image with central pixel difference; (c) Cipher Lena image; (d) Cipher Lena image with central pixel difference.
(a) (b) (c)
Figure 6. Key sensitivity in the first case: (a) Cipher image with
,
,
; (b) Cipher image with
,
,
; (c) Cipher image with
,
,
.
(a) (b) (c)
Figure 7. Key sensitivity in the second case: (a) Wrong decrypted image with
,
; (b)Wrong decrypted image with
,
; (c) Correct decrypted image with
,
.
Table 3. Correlation coefficients between cipher images produced by slightly different keys.
Table 4. Correlation coefficients between cipher Lena images produced by slightly different keys.
5.3. Histogram Analysis
In image processing, histogram is used to represent the distribution of the pixel values in an image. Equal probability of each pixel value creates a uniform histogram which is more robust against statistical attacks in terms of security [4] . Hence, the ideal histogram of a ciphered image should be fairly uniform and quite different from that of the plain image. The histograms of different plain images and corresponding cipher images produced by the proposed cryptosystem are shown in Figure 8 and Figure 9, respectively.
It is clear that the histograms of the cipher images are significantly different than the originals and uniformly distributed even the plain image is purely black.
5.4. Information Entropy Analysis
Information entropy is a measure of uncertainty associated with a random message [2] [19] . The entropy of an information source with a length of N is determined by
(19)
where
and
represent the information entropy in bits and the probability of symbol
, respectively. Let us suppose a truly random source emitting
symbols as
with equal probability, then the entropy will be calculated to 8 which is an ideal result. For a practical information source, its entropy value is smaller than the ideal one. Generally, the more uncertain or random source is, the more information entropy it will contain [4] .
(a) (b) (c)(d) (e) (f)
Figure 8. Histogram of different plain images: (a) Einstein; (b) Peppers; (c) Black; (d) Histogram of (a); (e) Histogram of (b); (f) Histogram of (c).
(a) (b) (c)(d) (e) (f)
Figure 9. Histogram of corresponding cipher images: (a) Cipher Einstein; (b) Cipher Peppers; (c) Cipher Black; (d) Histogram of (a); (e) Histogram of (b); (f) Histogram of (c).
Maximum entropy is achieved in the case of a uniform probability distribution. We randomly chose eight test images (Lena, Baboon, Frog, Goldhill, Cat, Landscape, Truck and Clown) which are available on Internet, to be used for entropy analysis. Then these images are encrypted using the proposed cryptosystem. The entropy results for the test images and corresponding cipher images are listed in Table 5. The reported average entropy result (Lena, Baboon, Frog, Goldhill, Truck, Clown) in [9] is 7.999327. In our scheme, using the same plain images in [9] , the average entropy is calculated to 7.999461.
Table 5. Entropy results for the plain and corresponding cipher images.
It is obvious that the entropies of the cipher images are very close to the ideal value, which means that the proposed algorithm is secure against entropy attacks.
5.5. Correlation Analysis
A meaningful image has a property of strong correlation between adjacent pixels since its pixel values are close to each other. A cipher image with sufficiently low pixel correlation should be produced after the encryption. To evaluate the correlation coefficients for all the pairs of the adjacent pixels in diagonal direction, the following formula is used
(20)
where
and
. N defines the total number of pairs of
diagonally adjacent pixels. The results of the correlation coefficients using four test images and their corresponding cipher images are given in Table 6.
Figure 10(a) shows the diagonal correlation of the plain Lena image having a linear distribution, where the value of its adjacent pixel has a high correlation. On the contrary, correlation distribution of the cipher Lena is random where the value of a pixel and the value of its adjacent pixel have low correlation. They are scattered over the entire plain as shown in Figure 10(b).
5.6. Differential Attack Analysis
Generally, if only one pixel change in the plain image causes a significant change in the cipher image, then the image cryptosystem will resist the differential attack efficiently. Two common approaches, namely, NPCR (Number of Pixels Change Rate) and UACI (Unified Average Changing Intensity) are used to test the influence of only one pixel change in the plain image over the whole cipher image. They are defined [11] as in Equations (21)-(23).
(a) (b)
Figure 10. Correlation distribution of adjacent pixels: (a) Plain Lena image (b) Cipher Lena image.
Table 6. Correlation coefficients diagonally.
(21)
where
is defined as
(22)
(23)
With W and H are the width and height of the cipher image.
,
are the two cipher images corresponding to two plain images with only one pixel difference. NPCR measures how many pixels are different between two cipher images by using same encryption key. UACI is used to measure the average intensity of differences between
and
. NPCR and UACI values [3] for two random images, which are an expected estimates for an ideal image cryptosystem should be
and
respectively. Lena test image is used to measure NPCR and UACI. Firstly, Lena is encrypted to
. Then, we have changed the gray value 96 of the pixel at
by 97 and the image with small change is encrypted to
. We present a comparison of a reference [9] and our result in Table 7. From the Table 7, the simulation results show that the NPCR and UACI performance of the proposed scheme can reach 99.62% and 33.45% in the first iteration of encryption, respectively. On the other hand, other algorithm in [9] gets the close ideal value after 5 iterations.
It is obvious that our proposed scheme is stable under NPCR and UACI analysis and highly sensitive at plain image even in the first iteration.
Table 7. Differential analysis of the proposed scheme.
5.7. Data Loss and Noise Attack Analysis
A powerful image cryptosystem should resist data loss during transmission. Figure 11 shows a simulation result of the data loss attack. A test image of Liberty statue is first encrypted using the proposed algorithm. Then, generated cipher image is applied with a data cut size of
and decryption is performed to the cipher image. According to the result, the decrypted image contains most of the original information although there are limited data losses in cipher image. This result also demonstrates another important property of the pixels replacement in encryption.
For noise attack analysis, Lena image is encrypted and then “Salt & Pepper” with 1% noise is added to create noisy encrypted image. The result of the noise attack is shown in Figure 12. As it is shown below, recovered image is highly similar to the original one.
5.8. Encryption Speed Analysis
In order to evaluate the running speed of the proposed cryptosystem, enough number of test images are encrypted. Then, we have analyzed the average encryption/decryption rate of the proposed algorithm on Intel Core i7 3.4 GHz CPU with 4 GB RAM running on Windows 7 by using MATLAB 7.9 software. The average execution time for the results can be found in Table 8.
5.9. Performance Comparison
In this section, we will compare the performance of the SLM and ILM in the proposed cryptosystem with the same key parameters. The effects of these two maps on the cipher images will be evaluated under the same conditions. Histogram, entropy and correlation coefficient analysis are performed for the corresponding cipher images. Lena image is used for both encryption processes. Cryptosystem-1 uses the SLM as a key generator with the parameters of
,
,
,
and
. Cryptosystem-2 uses the ILM as a key generator with the parameters of
,
,
,
and
. After the encryption, obtained histograms of the corresponding cipher images are shown in Figure 13.
From the histogram results, it is obvious that the output of the Cryptosystem- 1 is not as uniform as the Cryptosystem-2 and vulnerable to statistical attacks.
(a) (b) (c)
Figure 11. Data loss analysis: (a) Original Libert statue image; (b) Cipher image with
data cut; (c) Decrypted image of (b).
(a) (b) (c)
Figure 12. Noise attack analysis: (a) Original Lena image; (b) Cipher image added with
“salt & pepper” noise; (c) Decrypted image of (b).
(a) (b)(c) (d)
Figure 13. Performance comparison: (a) Cipher Lena image from Cryptosystem-1; (b) Cipher Lena image from Cryptosystem-2 (c) Histogram of the cipher Lena image from Cryptosystem-1; (d) Histogram of the cipher Lena image from Cryptosystem-2.
Entropy values and correlation coefficients between plain and cipher images are listed in Table 9.
Visual and numerical results show that the positive contribution and validity of the ILM in the proposed cryptosystem.
Table 8. Differential analysis of the proposed scheme.
Table 9. Entropy and correlation coefficients analysis.
6. Conclusion
An efficient gray image cryptosystem based on chaos is proposed in this paper. The entire range of the control parameter of the improved map can be used to build the key space due to the having unlimited value of control parameter. A small change in the plain image or any parameters of the cryptosystem will provide totally different keys even with the same encryption key is used. Both confusion and diffusion processes are iterated with different keys in order to get higher encryption strength of the cryptosystem. Security and performance analysis is performed numerically and visually. Both theoretical and simulation results are satisfactory and show that the proposed cryptosystem is highly secure thanks to its large key space, high sensitivity to the encryption keys and plain images. The implementation of the proposed cryptosystem using a digital hardware is possible direction for our future work.