text new page (beta)
English (pdf)
Article in xml format
Article references
Automatic translation
Send this article by e-mail
Cited by SciELO 
Similars in
SciELO 
Permalink
1 Introduction
Nowadays, many of our information is in digital formats and it is sent through networks or is stored in different devices. And, with technologies as Internet of things our personal data could be more and more exposed, therefore we need to learn about internet and its risks [14] and develop new security techniques. For this reason, it exists a great interest in the protection and manipulation of the data.
Due to the great advances in technology, each time is required to have better and more efficient algorithms for confidential and secure data handling. This information may vary depending on the application area and in many cases is necessary processing it in real time.
For example, pictures, medical images, diagrams, surveillance video, video conference, etc. could contain confidential information, and if these data are transmitted and are not encrypted the confidentiality of information is exposed in the links allowing access to third parties without being detected. To overcome the eavesdropping problem several encryption systems have been proposed, such as AES (Advanced Encryption Standard), IDEA (International Data Encryption Algorithm), RSA (Rivest, Shamir y Adleman) among others.
These systems are generally used in text and binary data, but they are not suitable for the encryption of multimedia content as digital images and audio files, due to their massive volumes, high adjacent correlation and sometimes the multimedia data require real-time interactions (displaying, bit rate conversion, etc.) [3]. That is why the image encryption is a particular studying area. The image encryption algorithms should provide two kinds of security: cryptographic security and perceptual security.
This means that the data can not be recovered without the correct key and also the information must be transformed in an unintelligible form. For example Fig. 1 shows an image encrypted with a scheme that not provide perceptual security. It is easy to guess what is the original image, even when we do not know the secret key.
Hence, many encryption systems with different approaches have been developed for image encryption area [19,17,12]. In some cases, the algorithms provide perceptual security but are vulnerable to cryptanalysis attacks [16,18,10]. For this reason, it is crucial to validate the proposed algorithms.
On the other hand, it exists different techniques to try reduce computational cost due to cryptographic algorithms. There are proposes as compression-encryption algorithms [9], techniques to optimize calculations [6], partial encryption algorithms [1], among others. Partial encryption algorithms encrypt only a part of the information and the rest is not modified. This means that data blocks are partitioned, one part is encoded and the other keep unchanged and later are combined together.
The main aim of these algorithms is to increase the efficiency by reducing the data rate to encrypt. There are different classifications of these algorithms according to type of data, relation between encryption and compression, encryption operation and others. In this work, we focus on a partial image encryption for raw data. The encryption system considered in this implementation is based on the synchronization of the cellular automaton rule 90 [13].
This cryptosystem is named ESCA (for short) and it has been validated and implemented for image encryption in Ref. [7,8]. The ESCA system can be considered secure for images encryption but latency time is too high to incorporate it in real-time applications. In this work we developed and validated a partial encryption version. The results show that this scheme could be an efficient solution to protect information with a low latency. The structure of this paper is organized as follows. In section 2 are defined one dimension cellular automata, later in section 3 are described ESCA system and its partial version, the results of the security analysis and comparison of latency are discussed in section 4. Finally, the conclusions are drawn in section 5.
2 Cellular Automata
The concept of cellular automata (CA) was introduced in the 1940's by the mathematicians John von Neumann and Stanislaw Ulam [15]. CA are used to model complex behavior of natural systems, where local interactions are involved. In fact, CA represent a class of dynamical systems that enable to describe the evolution of complex systems with simple rules, without using differential equations. Besides, they can be easily implemented in hardware. Cellular automata consist in an organized lattice of cells, where each cell has a finite number of states. The CA form a two-dimensional lattice whose cells evolve in discrete steps, according to a local update rule applied uniformly over all the cells. At the beginning, a state is assigned to the cells at time t = 0, where the new states of a cell will depend on its own previous state and states of its neighborhood, as is shown in Fig. 2.
A local rule is the algorithm to compute the next state of a cell, using its neighborhood. Generally, a neighborhood is enunciated by its radius, this is the range of cells on each side affecting the cell in time t. In Ref. [11], the local rule 90 is described by the formula ci(t + 1) = ci-1(t) + ci+1(t) mod 2, this means that could be obtained by XOR-ing the extreme cells of the radius-1 neighborhood, and the cells have only two states 0 and 1. The name of the rule is obtained from the decimal equivalent of the binary resulting expressions of the 8 possible combinations in the neighborhood.
3 Partial Image Encryption
3.1 ESCA Encryption System
In this work is considered the encryption scheme used in [5], where the synchronization phenomenon of cellular automata has been applied to design two families of permutations * and $ for the encryption and decryption processes, and an asymptotically perfect pseudo-random number generator. This cryptosystem is flexible and reconfigurable for different bit-lengths. Fig. 3 illustrates a general block diagram of the encryption system ESCA.
Fig. 3 The encryption scheme ESCA with its main components: the indexed families of permutations and the pseudorandom generator keys
The ESCA system comprises the sets M, C and K of binary words, M and C correspond to the plaintexts and ciphertexts respectively, the length of these words is J = 2j, for j = 1,2,3.... Also it is possible to concatenate several blocks of these lengths.
The set K corresponds to the enciphering keys of length N = 2n -1 for n = 1,2,3..., for a complete encryption n > j such that N must be larger than J. The two indexed families of permutations Ψ = {ψk: k ∈ K} and Φ = {ϕk: k ∈ K} are called encryption and decryption functions respectively. Basically, the cryptosystem transforms a plaintext sequence m into a ciphertext sequence c, i.e. for every k ∈ K one has c = ψk(m), whereas to disclose from the sequence of cipher-blocks, one uses the decryption function m = ϕk(ψk(m)). Since the complete encryption scheme is a symmetric algorithm, the encryption and decryption processes use the same enciphering key k.
To calculate the enciphering keys k is necessary a pseudo-random number
generator, in Ref. [4] the authors present an ergodic and mixing
transformation of binary sequences in terms of a cellular automaton, which is
the main element of a pseudo-random number generator (PRNG). The PRNG in its
basic form, follows the algorithm shown in Fig.
4. At first, the key generator requires two seeds,
The seeds are x =
{x1,x2,x3,...,xN}
and y =
{y1,y2,y3,...,
yN+1}, and the first number generated of
N bits is the sequence output of function
h,
In Ref. [7], was added a pre-processing to make this
scheme resistant to Chosen/Known-plaintext attacks. This function works like a
dynamic substitution, the process is similar to PRNG, where the function
Fig. 5 shows a block diagram of this
process, the inputs are a block m of J bits and a
seed z of J +1 bits. At the output, a block
Also in Fig. 5 is shown the feedback, this
is different from the key generation, the next z is obtained from
the joint of
The encryption of an image with the ESCA system proceeds as follows:
Load the plain-image I of size V×U.
By scanning the image I row by row, arrange its respective pixels as a sequence or a vector, and convert each pixel value to their corresponding binary value.
Establish the length of the encryption key, it must be larger than plaintext bit-length.
Compute the modified plaintext sequence
Encrypt each modified block
By reshaping the set of ciphered sequences of the previous step into an V×U image, obtain the ciphered image.
Fig. 6 illustrates preprocessed and encrypted images, using the ESCA system.
3.2 Partial Encryption Version
For the ESCA system we developed a partial encryption version for images, due to high latency that it presents in the complete encryption version. This version focus on two aspects: first, the pre-processing function makes the ESCA system resistant to Chosen-plain Image Attack, but the initial condition is too short against brute force attacks. And second, the process with the highest latency is the PRNG, hence, a way to reduce processing time could be encrypt only certain bit-plains, therefore, the secret keys use only a few bits and could be reused several times, giving a rotation to its bits.
The perceptual security is not endangered because the pre-processing function
output is a mixed image with an uniform histogram (as we will see in section 3).
Therefore, in this investigation we encrypt 8-bit grayscale images using secret
keys of 31 bits. Each pixel coefficient conforms a block m, that is
a boolean vector of 8 bits, m = {m1,
m2, m3,...,
m8}. From each block m a block , is calculated
using the preprocessing function
where ci,
Looking this aspect, the bits of secret key are rotated one position and the LSB become the MSB, and it is used again when another block of plaintext is encrypted, the enciphering equations use eight different bits of the same secret key. This process is repeated 14 times for each key. Fig. 7 shows how we rotate the bits of the secret key.
Finally, with this version the encryption system calculate only one secret key
for 14
4 Results
4.1 Security Analysis
To measure the quality and the robustness of the partial encryption ESCA system, it has been evaluated with some common statistical tests and attacks. This is done by testing the distribution of pixels of the ciphered-images, studying the correlation between the plain and ciphered images, the chosen-plain image attack, and bit-replacement attack.
4.1.1 Histogram Analysis
An image histogram shows how pixels in an image are distributed by plotting the number of pixels at each color intensity level. If the histogram of an encrypted image (or ciphered-image) has an uniform distribution, then the cipher is able to hide the redundancy of original image. We calculate the histograms for three different 256 gray-level images, the Lena, peppers and mandrill images. All of them have dimensions of 512 × 512 pixels, and we consider these images because they are widely used as standard test images in the field of image processing. The histograms for the grayscale Lena test image (plain-image) and its encrypted version are shown in Fig. 8, one can see that the histogram of the ciphered images is uniformly distributed and significantly different from the respective histograms of the plain-images.
4.1.2 Correlation
To show that the ciphered-image is independent from the plain-image, we calculate the correlation coefficient between both images. If the coefficient is close to 0, it suggests that there is no linear correlation or a weak linear correlation. The correlation coefficients for the three grayscale test images are showing in the Table 1, as we can see there is no correlation between the original image and encrypted image.
4.1.3 Chosen-Plain Image Attack
Although the ESCA system seems to be secure against the previous statistical attacks, we analyse it with the Chosen-plain Image Attack (CPIA). As is pointed out in Ref. [2], if the cryptosystem is secure against the chosen-plain image attack, it is also secure against other cryptanalytic attacks such as cipher image only attack or known-plain image attack. In this case, the attacker is able to choose the plain images and obtain the corresponding encrypted images, but does not know the decryption key. We perform this attack as follows: (a) We look for a mask image IM, which is obtained by applying the bitwise XOR operation to the chosen plain-image with its corresponding ciphered image pixel by pixel.
A "good" mask can be obtained if the pixels of the chosen plain-image m are all fixed to be the same gray value, e.g. m = (0,0, ...,0,0). (b) Once the mask image IM is obtained, we choose another image IO and get the corresponding ciphered image IC. (c) Next, we try to recover the plain-image IO by XOR-ing the mask image IM and the cipher image IC pixel by pixel. In case that the obtained image in step (c) conveys significant information of the image IO, thus the encryption system is insecure, otherwise the proposed encryption scheme resist the attack. In Fig. 9 is shown an example of this attack.
Fig. 9 Top row: (a) The plain-image. (b) The partial encrypted image of (a). (c) The second chosen image. Bottom row: (d) The mask image of (c). (e) The recovered image
The grayscale Lena is the plain-image IO (Fig. 9(a)), and its respective ciphered version is shown in Fig. 9(b). The chosen-image used was an image with pixels of value zero, m = (0, 0, ... , 0, 0), see Fig. 9(c), and the mask image IM is illustrated in Fig. 9(d). The recovered plain-image is shown in Fig. 9(e), and a visual inspection reveals the effectiveness of our proposed encryption scheme. Similar results were obtained for the test images considered in this work. Also we calculated the correlation coefficient between the recovered image and the original image, to ensure that they are independent of each other. The results are in Table 2.
4.1.4 Bit-Replacement
This attack is for partial encryption algorithms, it tries to recover the original image replacing the encrypted bits by a constant, usually zero. The luminance is compensated adding constants depending the number of bits and their position. Fig. 10 shows the results of this attack replacing the three encrypted bits, and the Table 3 shows their corresponding correlation coefficient for the three images under this attack.
4.2 Comparative Analysis
Once that the security of this scheme was guaranteed, we calculated the execution time of the complete and partial versions to make a comparative. The Table 4 shows the results of encrypt an image of 128 × 128 pixels.
Table 4 Correlation coefficient between plain-images and their corresponding recovered images
| Algorithm | Execution time (ms) |
|---|---|
| Complete encryption | 31 |
| Partial encryption | 15 |
As the images have the same resolution the result is the same for the three test images. The computer used in this test has a quad-core processor and 8 GB of RAM.
As we can see, the latency is reduced more than half. And this time is adequate to real-time video, with 30 frames per second.
5 Conclusion and Future Work
In this work we can confirm that this partial version could be a secure option to encrypt images. The latency time was reduced, and in a low resolution could be an option to real-time applications.
In future work, we will try to combine this partial encryption system with a compression scheme to get better results and applications. The compression procedure that is considered is based on an energy criterion of the Haar wavelet coefficients, because it has a low degradation and a simple implementation. Currently, the patent of ESCA system is pending, this variation also could be patented as an improvement.
