Professor Subhas Chandra Mukhopadhyay
Exeley Inc. (New York)
Subject: Computational Science & Engineering, Engineering, Electrical & Electronic
eISSN: 1178-5608
SEARCH WITHIN CONTENT
Emy Setyaningsih ^{*} / Retantyo Wardoyo ^{*} / Anny Kartika Sari ^{*}
Citation Information : International Journal on Smart Sensing and Intelligent Systems. Volume 11, Issue 1, Pages 1-19, DOI: https://doi.org/10.21307/ijssis-2018-004
License : (CC BY-NC-ND 4.0)
Published Online: 28-March-2018
This research proposes New Compression–Encryption Algorithm Using Chaos-Based Dynamic Session Key (CEA-CBDSK) to encrypt image data. CEA-CBDSK consists of an algorithm to generate initial symmetric keys and an algorithm to encrypt image data using four dynamic session keys derived from the initial keys. The key generation uses Discrete Wavelet Transform, Arnold Cat Map, and Cipher Block Chaining, while the image encryption is performed using the session keys produced by the chaotic logistic map method. From the evaluation, it is proven that CEA-CBDSK is able to protect transmitted image data against ciphertext-only attack, statistical attack, and differential attack.
The development of information and communication technology and storage causes the change in the form of secret documents, from paper-based documents into digital documents.
One of the problems that arise with the application of document-based information transactions in digital form, especially image data, is the larger data size due to the need for high image quality. The transmission of digital documents through communication channels also poses a risk when sensitive and valuable information is accessed by unauthorized persons. Consequently, it takes more time to transmit the large data through the communication line. The transmission becomes slow and unsafe because it is vulnerable to eavesdropper (Hamdi et al., 2017).
An efficient way to cope with large data sizes is to compress the data before it is transmitted or stored (Santoso et al., 2011; Santhosh et al., 2013; Sharadha and Bhanuprakash, 2013; Karthikeyan et al., 2014; Kumar and Vaish, 2016; Setyaningsih and Harjoko, 2017), while the problem of information security can be overcome using cryptography. Theoretically, compression and cryptography are two different things. Cryptography ensures transmitted data has reliability and integrity by converting legible data into illegible data through an encryption process, while compression reduces the amount of data to be transferred or stored by searching for multiple data sections or data patterns that can be removed in order to reduce the data size (Morales-Sandoval and Feregrino-Uribe, 2005). Therefore, cryptographic methods can be combined with compression methods to improve the effectiveness and security of data transmission processes in computer networks.
Cryptography does not guarantee full security because the key confidentiality and the encryption algorithm to be used also determine the level of security. If one cryptographic algorithm is resolved, new more reliable algorithms are needed to maintain data security. This causes cryptography, including symmetric cryptography, will never stop growing. For image security, symmetric cryptography is usually preferred than asymmetric cryptography because of its speed (Patrick, 2011; Sharma, 2012; Ayele and Screenivasarao, 2013; Somani and Mangal, 2014). Symmetric cryptography is faster than asymmetric cryptography because it does not require the high computation due to complex mathematical calculation (Mahaveerakannan and Dhas, 2016). Moreover, the authentication of the sender can be verified directly by the receiver because the sender and the receiver use the same key. However, symmetric cryptography has a weakness in key management (Wang and Zhao, 2010; Koops, 1999; Alleaume et al., 2014). The key management issues of symmetric cryptography include key security and the symmetric key generation. The key must be generated in such a way that it is impossible for cryptanalysts to predict it.
To produce unbreakable ciphers, random keys with the same length as the data to be encoded, as in the One-Time Pad (OTP) algorithm, are needed. This concept creates problems with the storage and distribution of keys. The problem can be solved using a relatively short secret key to be easily remembered by the sender and the receiver. The secret key is then referred to a symmetric key, which is then used to generate random keystream with the same length as the data to be encoded (Alleaume et al., 2014). Therefore, symmetric keys should not be used more than once in order to avoid the use of identical keystream to encode the data. One of the methods to generate keystream is by utilizing the concept of chaos. Current research focuses on improving the security of image data by developing the concept of chaos to generate random keys (Al-Maadeed et al., 2012; Tong et al., 2013; Fira, 2015; Murillo-Escobar et al., 2015; Deng et al., 2017; Hamdi et al., 2017; Kumar and Vaish, 2017; Zhang et al., 2017), randomizing pixel positions (Chen et al., 2011; Gupta and Silakari, 2012; Boriga et al., 2014; ; Chen et al., 2014; Goel et al., 2014; Xiang et al., 2014; Zhou et al., 2014; Li and Lo, 2015; Chen et al., 2016; Kumar and Vaish, 2017; Vaish et al., 2017; Xiaoyong et al., 2017) or both (Abd El-Latif and Niu, 2013; Rahmawati et al., 2013; Huang et al., 2014; Ahmad et al., 2017; Belazi et al., 2017; Tong et al., 2017). However, if the sender and the receiver do not establish the new key, the symmetric key to generate the keystream will be the same. In fact, a good cryptographic system must have the ability to change symmetric keys every time the encoding process is performed. Changes to the symmetric key will generate different keystreams for every data to being encoded. Thus, the transmitted image data are safe against ciphertext-only attack because the relationship between plaintext and ciphertext is hidden.
The proposed New Compression–Encryption Algorithm Using Chaos-Based Dynamic Session Key (CEA-CBDSK) method consists of two algorithms. The first algorithm is symmetric key generation algorithm, which utilizes the characteristics of the image data to be encoded so that each plain image will be encrypted using a different symmetric key. The second one is an algorithm to improve the security of the image data being transmitted by compressing the image to reduce data redundancy and encrypting the compressed image using 4 (four) session keys.
The paper is organized as follows: Section “Related Work” presents related work. Section “Propsed Key Generation Alogrithm” explains the algorithm to generate initial symmetric keys and session keys. Section “New Compression–Encryption Alogorithm Using Chaos Based Dynamic Session Key” describes the image encoding and decoding algorithms using the proposed dynamic session key. Evaluation and analysis of the proposed algorithms are discussed in section “Evaluation and Analysis”. Finally, section “Conclusion” presents the conclusions of this paper along with future work.
There are several ways to classify image encryption algorithms. With respect to the approach to constructing the encryption scheme, the image data security algorithm can be divided into two groups: the chaos-based methods and the nonchaos-based methods (Al-Maadeed et al., 2012; Setyaningsih and Wardoyo, 2017). Nonchaos-based encryption algorithms use fixed keys to encrypt data, hence, it is less secure because the key space is not large. On the other hand, chaos-based encryption uses dynamic keys to encrypt data because it has unpredictable and large key space, high sensitivity, and ergodicity. These make chaos-based encryption is a good candidate for fast and safe image encryption scheme.
In terms of the amount of data being encrypted, image encryptions are classified into two, namely a full encryption scheme and partial (selective) encryption schemes. Full encryption is mainly used for applications that have requirements for high security, such as privacy protection, information security, and military applications. On the other hand, partial encryption can save the encryption time to meet the requirement of real-time applications as it can reduce enormous computing time for image or video data encryption (Belazi et al., 2017).
Based on the involvement of compression method, the encryption scheme can be grouped into two as well, i.e. encryption with compression methods and encryption without compression methods (Al-Maadeed et al., 2012). An encryption scheme that uses merging with compression methods in addition to securing image data also aims to reduce the size of the data to make the transmission process faster and safer, while the encryption without compression scheme is more focused on how to secure the transmitted data. To improve the security of image data, and at the same time, increase the speed of data transmission, we can select the appropriate group of algorithms for each classification described above. The use of chaos-based encryption, which is combined with compression and selective encryption, can be considered as the best combination for improving data security and increasing data transmission.
Discrete Wavelet Transform (DWT) is one of the methods used in digital image processing. DWT divides the image into four sub-bands denoted LL, HL, LH, HH. The LL sub-band looks like the original image and smoother as it contains the lower frequency components of the original image. Sub-bands LH, HL, and HH will look like a rough version of the original image because they contain high-frequency components of the original image. Existing research develops a compression–encryption scheme using a selective concept of encryption of data on LL sub-band, while and LH, HL, and HH sub-bands are transformed using different algorithms (Al-Maadeed et al., 2012; Xiang et al., 2014; Wang et al., 2015; Hamdi et al., 2017; Kumar and Vaish, 2017; Vaish et al., 2017). Selective compression–encryption models are proposed in (Kumar and Vaish, 2017; Vaish et al., 2017; Wang et al., 2015) by encrypting each sub-image and then compressing each using a different algorithm. In Wang et al. (2015), before DWT transformation, Schema Lifting (LS) is performed, which is followed by the quantization method and arithmetic coding. On the other hand, in Kumar and Vaish (2017), LS is not used, and after the encryption process which uses permutation coefficients on LH, HL, and HH sub-bands, the compression process is performed using Singular Value Truncation and Huffman methods. Then, the encryption process is applied to LL sub-band using the pseudorandom method, which is followed by compression. Another selective method is performed by combining the LW sub-band of DWT results and the error measurements, while the LH, HL, and HH sub-bands are combined using the maximum method. The information of LL sub-band is compressed using error measurement, encrypted using a coefficient permutation, and finally encoded. The LH, HL, and HH sub-bands are compressed using quantization parameters, encrypted using permutation coefficients and encoded using the Huffman method (Vaish et al., 2017).
The selective compression–encryption method proposed by Al-Maadeed et al. (2012) performs the encryption process to the LL sub-band of DWT transformation using a chaos-based encryption algorithm. Compression for LH, HL, and HH sub-bands is conducted using quantization method and bitstream coding. The basic idea of the method is to show the effect of using multiple keys to improve security by increasing the number of external keys in the encryption process on the LL sub-band, which is divided into one, two, or three partitions. Compression–encryption model that uses more than one key is also performed in Hamdi et al. (2017). The proposed method adopts a confusion and diffusion technique that are integrated or connected into a compression chain using three keys. Three keys to the encryption process are formed using the Chirikov Standard Map algorithm. Then, the bit encryption to the LW sub-band of DWT transformation is performed using the first key, while the encryption to the LH, HL, and HH sub-bands is performed using the LIP list and the second key. The third stage is a permutation after SPHIT coding. This stage is used to improve the diffusion of the encrypted images.
The compression–encryption methods using S-Box are proposed in Belazi et al. (2017) and Hassan and Younis (2013). In Hassan and Younis (2013), a partial method is used, in which part of the compressed data is encrypted using Advanced Encryption Standard (AES). Meanwhile, Belazi et al. (2017) proposes a new chaos-based base scheme using S-box construction with chaos and linear fractional transform (LFT).
The CEA-CBDSK method proposed in this paper will be implemented on image data to be transmitted over an unsafe channel. Therefore, the proposed algorithms are based on some of the concepts in the existing research, with some modifications. The main differences between our method and the existing work are related to the symmetric keys to be used to generate the session keys, and the details of the compression and encryption algorithms. In the existing work, symmetric keys to encode data are based on the agreement between the sender and the recipient, while in our method, they are derived from the characteristics of the image data to be encoded. The symmetric keys are generated and then transmitted to the receiver via a secure path as illustrated in Figure 1. Furthermore, in the process of selective encryption, the session keys consist of four dynamic keys. The session keys, which are generated from symmetric keys, consist of two keystream-shaped keys to encode the LL sub-band as well as the LH, HL and HH subgroups produced by DWT 2D transformation, and two S-box shaped keys to scramble the pixel position.
The proposed key generation algorithm consists of two parts: algorithms to generate symmetric keys and algorithms to form session keys which are used to encrypt image data. Both algorithms are explained in detail in this section.
The step to obtain the symmetric keys that will be used to generate session keys can be seen in Figure 2.
Step 1: Transform the image data using two-dimensional Discrete Wavelet Transform (DWT 2D). The goal is to filter the data into a low pass that represents an important part of data in low resolution. DWT 2D transformation is performed to rows (horizontal), and to columns (vertical). This is done by passing the signal on high pass and low pass filters, and then half of each output is taken using subsampling operation. This process is called a one-level decomposition process. The output of the low pass filter is referred to as the LL sub-band value which is then used as the input of the next level decomposition process as illustrated in Figure 3.
At this stage, if the plain image size is n × n pixels, the decomposition process is repeated until level L, that is, until the size of the produced LL sub-band is n _{LL} × n _{LL}, with 32<n _{LL}≤64pixel. For example, if the plain image size is 256 × 256 pixels, the DWT 2D transformation will be performed until the 2nd level, because the LL sub-band size on the 2nd level has reached 64 × 64 pixels. If the plain image size is m × n pixels, the decomposition of DWT 2D transformation is performed until the sub-band LL size of $\lfloor \mathrm{min}\left(\frac{m}{{2}^{L}},\frac{n}{{2}^{L}}\right)\rfloor $ is greater than 32 and less than or equals with 64, where L is the level of wavelet decomposition. For example, if the plain image size is 383 × 510 pixels then the DWT 2D transform is performed until the 3rd level because at the 3rd level one of the rows or column sizes of the LL sub-band is $\lfloor \left(\frac{383}{{2}^{3}},\frac{510}{{2}^{3}}\right)\rfloor =48\phantom{\rule{.5em}{0ex}}\mathrm{pixel}$ .
Step 2: Scramble the position of LL sub-band data element produced by the L-level decomposition. The positioning of m _{LL} × n _{LL} sized data is conducted using Arnold Cat Map (ACM). The goal is that the value of neighboring matrix elements is significantly different. The definition of Arnold’s Cat Map is presented by (Zhu et al., 2011; Wang et al., 2015);
The determinant value of the matrix is:
Parameters b and c are positive integers. In this study, the parameters b and c are generated randomly until we find the values of b and c that satisfy Eq. (2). Value [x _{ i }, y _{ i }] and [x _{ i+1}, y _{ i+1}] is a nonnegative integer i.e. {0,1, 2, N−1} with N is min (m _{LL}, n _{LL}). [x _{ i }, y _{ i }] is the position of the original image element and [x _{ i+1}, y _{ i+1}] is the position of the image element after the permutation is done using ACM.
Step 3: Form a 4 × 4 pixels B matrix based on the result of step 2. The matrix is filled in row by row, as illustrated in Figure 4.
The next step is to form column vector A using Eq. (3) as the initial value in the Cipher Block Chaining (CBC) process.
The value of i is 1 to 4, and B is the permutation matrix produced using ACM, as specified in Step 3.
Step 4: Convert the element of vector A = [A1, A2, A3, A4] to binary form, such that each element has a maximum data length of 32-bits. After that, each element of vector A is encrypted using the CBC algorithm, in which the value of C _{0} is a 32-bit key that is randomly generated. The CBC algorithm is chosen because it produces a different symmetric key even though the same vector A is used as the input. Therefore, this algorithm is suitable to generate symmetric keys in which each key component is expected to have a different value. Then, the result is returned to decimal format to obtain symmetric keys consisting of K _{1}, K _{2}, K _{3}, and K _{4 ,} as illustrated in Figure 5. These symmetric keys are 32 bits long each, so the total symmetric key length is 128 bits. These symmetric keys are then sent via a secure channel.
This step is performed to obtain KG_{1}, KG_{2}, KG_{3}, and KG_{4} session keys used to encrypt each compressed sub-band and to randomize the pixel position.
The KG1 row-shaped session key is randomly generated using chaos logistic map method using Eq. (4).
where x _{ i } is the chaos value of the requirement that 0≤x _{1}≤1. Parameter r is also called the growth rate with 1≤r≤4. The advantage of this scheme is that each image data will have different parameter pair of x _{0} and r because they are determined based on the symmetric key value of K _{1}. The ideal value of the parameter r in Eq. (4) is 3.57≤r≤4 (Goel et al., 2014; Zhou et al., 2014; Ahmad et al., 2017; Belazi et al., 2017; Deng et al., 2017). Therefore, the parameter value of r for chaos generator used in our method is 3.57≤r≤4 , which is obtained from the normalization of values K _{1} using min–max normalization method. Normalization min–max maps a value of v to v′ into the range [min range, max range] based on Eq. (5):v is symmetric key K _{1}, v′ is the result of normalization data that becomes parameter value r, min_{v} is the minimal value of the initial symmetric key (min(K _{1}, K _{2}, K _{3}, K _{4})) and max_{v} is the maximum value data of symmetric key (max(K _{1}, K _{2}, K _{3}, K _{4})). The value of x _{0} for Eq. (4) in our method is determined from the value of symmetric key K _{1}, which is normalized to a value ranging between 0 and 255 using Eq. (6):
size is the desired length of the number, while the value of count starts from 1 and is increased by 1 until x*10^{count}>10^{size−1}. Only the integer part of the produced decimal is used (Munir, 2012). Next, value x _{1} up to x _{ n } are obtained using Eqs. (4) and (6) according to the length of the sub-band LL compression vector. The produced vector value [x _{0} x _{1} x _{2}… x _{ n }] is then referred to as session key KG_{1}.
Key KG_{2} is in the form of a block, in which each block is a row vector with the length of 256. The number of blocks is adjusted according to the number of blocks of the compressed LH, HL, and HH sub-bands. The first block of session key KG_{2} is generated in the same way as the generation of KG_{1}, but the length of the session key vector is 256, which is referred to as B _{1}. The nth block (B _{ n }) is obtained by randomizing the data position B_{ n-1} using the concept of permutation employed in RC4. The produced key KG_{2} is the combination of vector blocks [B _{1} B _{2}… B _{ n }].
The S-Box shaped key KG_{3} is used in the process of scrambling the block cipher. The size of the subblock is 16 × 16 pixels which refer to the sub-block size used in JPEG2000 compression. To get session key KG_{3} first a matrix of b × k size, which is adjusted to the size of the block cipher being processed, is determined. The value of the first element of the session key KG_{3} is derived from symmetric key K_{3} using the Chaos Logistics Map method, similar to the generation of session key KG_{1}, with the requirement that 1 < session key value KG_{3}≤b×k. For example, if the size of the block cipher is 5×5 the session key value of KG_{3} ranges between 1 and 25. The next session key elements of KG_{3} are generated randomly using the Chaos Logistics Map method, with the requirement that there is no repeated value. Figure 6 shows an example of the KG_{3} formation.
Key KG_{4} is also an S-Box with the size of 16×16. Each element of the matrix is generated using the Chaos Logistics Map method, similar to the generation of session key KG_{3}. The values of each element should be unique and ranges from 0 to 255. Figure 7 shows an example of session key matrix KG4, which is generated from symmetric key K4 and then normalized to the range of [0,255] using Eq. (6) to obtain KG_{4} (1,1)=95. The key elements KG_{4}(1,2) to KG_{4}(16,16) are generated using Eqs. (4) and (6).
The proposed CEA-CBDSK method consists of two parts, the image compression–encryption algorithm at the sender side and the decryption–reconstruction algorithm at the receiving end. Both will be described in detail in this section.
The CEA-CBDSK method for securing image data on the sender side is divided into three stages: symmetric key generation, compression, and encryption. Figure 8 illustrates the details of the image data security model on the sender side.
Symmetric key generation: This part performs the symmetric generation process that has been discussed in Section “Proposed Key Generation Algorithm”.
Compression: This part conducts selective compression process using DWT 2D transformation, uniform quantization, and coding process as shown in Figure 8. The DWT 2D transformation will produce four sub-bands: LL sub-band representing the approximate coefficient, and LH, HL, and HH sub-bands, each of which representing image detail coefficients. Uniform quantization is then applied to each sub-band value representing the approximate and detail coefficients. This quantization has the same gray level clustering interval (e.g., intensity value of 1 is given to LL sub-band value of 1 to 10, intensity value 2 is given to LL sub-band value of 11 to 20, and so on). The range of the interval is defined by
The coding process is then applied to the quantization result. It is started by converting the quantization result of each sub-band to binary form. The results are combined to form 8 bit sized blocks. To illustrate, suppose that 4 7 11 3 1 is the produced quantization-10 data. Conversion of the data to binary form will produce five 4-bit blocks as shown in Figure 9.
Encryption: This part will encrypt the compressed data. As shown in Figure 8, the proposed encryption algorithm consists of six process stages to encode compressed image data using four-session keys. The encryption process is as follows:
Encrypt the LL sub-band data that has been compressed with key KG_{1} using Eq. (8):
Encrypt the LH, HL, HH sub-band data that has been compressed with key KG_{2} using Eq. (9)
Incorporates the LL, LH, HL, and HH sub-bands encryption results and change the form from row vectors into an m × n -sized matrix. The value of n will be equal to the number of columns in the original image, whereas the value of m will be adjusted to the number of merged data, as shown in Figure 11, using the following rules:
a. Rows 1 through row m −1 are used to place the result of LL sub-band encryption, followed by the LH, HL, HH sub-bands encryption.
b. The mth row contains the end of HH sub-band encryption data, padding bits, and 6 last pixels which are used to provide the information about the number of rows, the number of padding data and the number of LL sub-band data. Each of the information is stored in 2 pixels; this is because each pixel element has a maximum value of 255, while the stored information may be very large. To store very large data, each information is divided into 2 pixels where the first pixel (col n−5, col n−3, col n−1) contains the integer part of the data division with 256, while the second pixel contains the fraction part (col n−4, col n−2, col n). Hence, the maximum value to store the information is 255×255+255=65,535.
Divide the matrix produced in Step 4 into b×k blocks to do the process of block permutation cipher using session key KG_{3}. The goal is to randomize the element positions of the matrix so that the additional information stored on the last line is not known by cryptanalysis.
Encrypt the result of a block cipher in Step 4 using block substitution method with session key KG_{4} This step uses the modification of the Playfair cipher method (Dhenakaran and Ilayaraja, 2012) to permutate the pixel value so that the hidden information that is still in one block position of the fourth step results can be scrambled. To do this, the matrix is divided into blocks, each of which contains 2-pixel elements of the matrix, referred to as c1 and c2. Any pair of pixels containing c1 and c2 needs to perform block permutation using rules on the Playfair cipher method (Dhenakaran and Ilayaraja, 2012) with session key KG_{4}.
Do substitution on cipher image produced in Step 5 using key KG_{4} of size 16 × 16 pixels, which is expanded using a keystream generator into m × n size. If the length of the cipher image is greater than 16 × 16 pixels, do key padding to KG_{4} using keystream generator (Dhenakaran and Ilayaraja, 2012). Before doing key padding, KG4 is converted into line vector form. Do the padding process to key KG_{4} o that its length equals the length of the cipher image (m × n). After padding process is done, the produced key, which is called KG_{4new}, is reshaped into a m × n matrix. The substitution process is done using Eq. (10):
The model of image data security on the receiving side is divided into two algorithms, namely: decryption algorithm, and reconstruction algorithm as illustrated in Figure 12.
Step 1: Reconstruct symmetric keys KG_{1}, KG_{2}, KG_{3}, and KG_{4} using the same symmetric key generation algorithm as in the encryption process.
Step 2: Decrypt the cipher image using substitution method with session key KG_{4 new} using modulo 256 operations. Do permutation to the block using the Playfair cipher decryption process.
Step 3: Descrambling the pixels to put the data block to their original positions using session key KG_{3}.
Step 4: Convert m×n matrix produced in Step 3 into a vector to separate the LL sub-band from LH, HL, HH sub-band. The separation is performed using the following algorithm:
Find the number of image rows (y1), the number of padding data (y2) and the number of LL sub-band (y3) data, using Eqs. (11) to (13).
Obtain the LL sub-band value form the row vector, taken from the elements in position (1,1) to position (1, y3)
Obtain the value of LH, HL, and HH sub-bands form the row vector, taken from elements in position (1, y3+1) to position (1, y1×m−y2−6).
Step 5: Decrypt the LL sub-band value produced from the fourth step using modulo 256 operations with session key KG_{1}. Then, decrypt the LH, HL, HH sub-bands using modulo 256 operations with session key KG_{2}.
Step 6: Reconstruct LL sub-band vector and LH, HL, and HH sub-bands vector using the decoding process, and do dequantization on each vector. After that, combine the two vectors to produce the same image size as the original message. Finally, perform the inverse of DWT 2D transformation to the image.
The proposed method is implemented using Matlab R2013a application which runs on a computer with CPU specifications using Intel Core i3-4005U 1.7 GHz and 2 GB of RAM. The performance of the proposed method will be evaluated by implementing the method to four grayscale images with different sizes and characteristics. The image to be used are
Artichare (400×594 pixels), representing bright images, the Pool (383×510 pixels), representing a dark image, Lena (512×512 pixels), representing a moderate image, and the Boat (512×512 pixels), representing high contrast image, wich are characterized by the uniform histogram with a range of image intensity values [0,255]. Other grayscale image standards are also used to compare the performance of proposed methods to other research.
For the symmetric generator algorithm, the run-test analysis is used to measure the randomness of the keys generated by the algorithm. Visual analysis, i.e. displaying the encrypted image and histogram image form, is applied to the compression–encryption algorithm. In addition, the evaluation also uses statistical analysis, which includes entropy values, key sensitivity, and image compression ratios aimed at analyzing the performance of image data and image data sizes. Testing on the decryption–reconstruction algorithm uses peak signal noise ratio (PSNR) method that aims to measure the quality of the reconstructed images.
Figure 13 shows the values of symmetric keys obtained from Lena grayscale image of 512 × 512 sizes, with intensity value lowered to 40 and raised up to 40. In Figure 13(A), when the proposed algorithm is not used, if the intensity value is increased, the symmetric key value will rise linearly. However, when the symmetric key is generated using the proposed algorithm, the generated produces symmetric keys are random as shown in Figure 13(B).
Figure 14 shows four images with different characteristics and the graphics of the generated symmetric key values in 30 experiments. The results show that the symmetric key generated using the same image will always be different. This is also proven using the run-test that with a=5% P-value > 0.05 as seen in Table 1.
Based on Figure 13(B), Figure 14, and Table 1, it is proven that the proposed algorithm is capable of generating random symmetric keys. Thus, the session key is dynamic. As a result, the image data are safe from ciphertext-only attack because there is no connection between plain image and cipher image.
The encryption–encryption algorithm is considered safe against cryptanalyst attacks if the results of the analysis visually, as well as statistical analysis (entropy, key sensitivity, compression quality, and compression ratio), meet the requirements set by each measuring instrument used. This study will test the use of wavelet filters and quantization values to obtain the best combination of parameters. The tested filter is Haar filter, representing an orthogonal filter, as well as a Bior3.5 and Bior4.4 filter, representing a biorthogonal filter. The Haar filter is selected because it is a simple filter and it can be used to quickly analyze local features used in signal and image compression. Bior3.5 and Bior4.4 filters are selected because these filters are used by JPEG2000, which is the standard method of image compression today. The uniform quantization values to be tested are 15, 20, 25, 30, and 35 because in that range each quantized element will be compressed into 4 bit, 5 bit, and 6-bit data. Thus, it is expected to reduce image data redundancies by about 30% while the image quality is still quite high. The level of decomposition to be used are level 2 or level 3 to obtain the decomposed sub-band LL of size 32 to 64 pixels, which is the standard block size used in JPEG2000.
Both visual and statistical test use the same set of symmetric key: K _{1} = 2394732439996, K_{2} = 3619928903909, K_{3}= 2694188048471, and K_{4}= 5332757722018. They are produced using the proposed symmetric key generation algorithm. In addition, to evaluate the influence of image characteristics to the performance of the proposed algorithm, the proposed method will be tested to four images with different characteristics. Analysis of each image on its security performance is performed using 30 different symmetric keys generated randomly using the proposed algorithm.
The visual analysis of four images at level 3 of decomposition using Haar, Bior3.5, and Bior4.4 filters and the quantization value 30 with the same symmetric keys can be seen in Figure 15.
The four images look random, this shows that visually the information on the image cannot be seen. Thus, it can be concluded that the image to be delivered is safe from manual inspection. Furthermore, the cipher image histogram looks flat, indicating that there is no prominent pixel intensity in the cipher image. Hence, cryptanalyst is not able to use the histogram for doing statistical attack. The use of different wavelet filters does not affect the security of the encrypted data, which can be seen from visual tests and histograms that look the same.
The Differential attack is an attack that traces the difference and tries to find the relationship between plain image and cipher image (Hua and Zhou, 2017). There are two parameters used to measure the ability to withstand differential attacks. The first parameter is the Number of Pixel Change Rate (NPCR), which is used to measure the number of pixel changes in each image pixel of the plain image. The second parameter is the Unified Average Changing Intensity (UACI), which is used to measure the average intensity of the differences between the plain image and the cipher image. The calculations of NPCR and UACI use Eqs. (13) and (14), respectively:
The ideal value of NPCR is greater than 99%, while the ideal value of UACI is greater than 33%, which indicates that the algorithm is very sensitive to small changes in image data (Hamdi et al., 2017; Teng et al., 2017).
Figure 16 shows the average values of NPCR and UACI of the images using different wavelet filters and quantizations. It can be seen that the average value of NPCR and UACI is the best when Haar filter is used on quantization of 30. The average value of NPCR is 99.7666%, while the average value of UACI = 40.0053%. It also shows that the proposed algorithm is secure against differential attacks.
An entropy calculation is performed to assess the quality of the encrypted and decrypted images. Higher entropy means that the encryption system is more secure (Younes and Jantan, 2008). If a grayscale image is encrypted and, hence, in random condition, the ideal value of entropy is ≈8. It can be said that the corresponding encryption system is safe from entropy attacks. In contrast, entropy value much smaller than eight indicates that the encryption system is still predictable (Jolfaei and Mirghadri, 2011).
Figure 17 shows the average of entropy value using different filters and quantizations. It can be seen that if the quantization value is greater, the average entropy value is also greater using either Haar, Bior3.5, or Bior4.4 filter. The average entropy values for all scenarios is above 7.9989, which means the proposed algorithm is safe against the entropy attack. The best entropy value is 7.9991, which is obtained when the Bior4.4 filter is used with a quantitative value of 35.
The quality of an image is subjective and relative, depending on the observation of the person judging it. The measurement of image compression quality can be measured quantitatively by using the amount of PSNR. The compression technique is said to be good if the value of PSNR is high, which means the error of the compression technique is very small and the reconstruction image of the original image has a high similarity with the original one. The image quality produced from lossy compression is said to be good if the value of PSNR between 30 and 50 dB. If the PSNR value is above 40 dB, the quality of the image is considered very good. Conversely, if the PSNR value is below 20 dB, it is usually unacceptable (Bull, 2014). To measure the ratio of image data compression (C _{R} ), the size of original image size (C _{1}) is divided by the size of the compressed image (C _{2}) (Wang and Gao, 2015).
Figure 18 shows the value of PSNR and compression ratios of the four images. It can be seen that the greater the quantization value, the better the image reconstruction quality. In contrast to the image ratio, the average image compression ratio starts to decline when the quantization value is 35. This is because the quantization process using the value 35 will result in compression from 8 bits to 6 bits, which means that the size drops only 2 bits per data element, whereas, for another quantization value, the compression is from 8 bits to 5 bits per data element. The best image compression ratio is 37.2338, which is obtained when haar filter is used with a quantization of 30. This means that the proposed algorithm can reduce data redundancy by more than 37%. The best average PSNR is 35.5645 dB, which is obtained when haar filter is used on quantization 35. However, this produced rather low average compression rate. When haar filter is used with the quantization value of 30, the PSNR value is still quite good at 34.9380 dB, while the compression ratio is around 37. Hence, it can be concluded that to get high ratio performance with good quality image data, Haar wavelet filter can be used with a quantization value of 30.
Table 2 shows the average values of NPCR, UACI, entropy, CR, PSNR as well as the time of encryption and decryption process of four testing images, in which each image is encrypted using 30 different symmetric keys. The results show that the use of different symmetric keys does not affect the value of the compression ratio and the quality of the reconstructed image data, which is indicated by the similar CR and PSNR values. However, for the data security measure, the use of different keys affect the security level of image data.
From the table, we can conclude that all security requirement is met by our proposed model. It shows that the CEA-CBDSK algorithm is able to guarantee the security of the data, reduce data redundancy, while at the same time maintain the image quality at about 34 dB. Nevertheless, CEA-CBDSK does not work best when applied to images with dark characteristics, as the average value of UACI image is still below 33%. The processing time of both encryption and decryption algorithms can be considered reasonable because it takes less than 15 sec to encrypt and less than 20 sec to decrypt an image size around 512 × 512 pixels. Fastest processing time is obtained for encryption and decryption of dark images, while it takes more time to encrypt and decrypt images with medium or high contrast characteristics. This is because the image size also influences processing time.
The best performance of the proposed algorithm is obtained when haar filter with a quantization value of 30 is used. Using these parameters, we conduct comparison evaluation between our proposed method with four other methods proposed in Belazi et al. (2017), Hamdi et al. (2017), Kumar and Vaish (2017) and Zhang and Tong (2017).
Table 3 shows the comparison between our method and another method in terms of NPCR and UACI values. The average NPCR value for the 512 × 512 images using CEA-CBDSK is about 0.16% better than (Zhang and Tong, 2017), while the average UACI score is about 1.52% better. When compared to Hamdi et al. (2017), the average NPCR value of our proposed method is almost the same; however, the average UACI value is still 1.38% better. The value of NPCR and UACI of the 256 × 256 images using the CEA-CBDSK method is also better than Hamdi et al. (2017) and Belazi et al. (2017), in which the NPCR average is about 0.2% better, while the UACI value is about 13.64% better. This suggests that the proposed algorithm works better because it generates high randomness and is sensitive to the characteristics of the encoded image data.
Table 4 shows the comparison between our model with Belazi et al. (2017) and Zhang and Tong (2017) in terms of entropy value. It can be that the CEA-CBDSK method is slightly better than Belazi et al. (2017) and Zhang and Tong (2017). This means that the proposed method is more resistant to entropy attack than the other two algorithms.
Table 5 shows the comparison between the CEA-CBDSK method with Kumar and Vaish (2017) in terms of PSNR and CR values. The results indicate that the CEA-CBDSK method produced images with PSNR value 15.15%, higher than Kumar and Vaish (2017), while the average compression ratio is about 17.78% higher. This shows that the proposed method is better in terms of the produced quality image as well as compression value compared to Kumar and Vaish (2017). However, compared to Hamdi et al. (2017), the average PSNR score of images using CEA-CBDSK is 4.74% less. This means that Hamdi et al. (2017) produces a better quality of the reconstructed image.
This research has produced a model for securing image data using compression–encryption methods using dynamic session keys that are able to improve image data security. The proposed symmetric generator algorithm is able to generate session keys that are sensitive to the characteristics of the image to be encoded so that the same plain image will not produce the same cipher image. Therefore, the transmitted data are safe against ciphertext-only attacks, statistical attack, and differential attack. This is evident from the runs test, the visual and histogram analysis, differential analysis, and entropy analysis. In addition, the proposed method succeeded in reducing data redundancy up to 37% while maintaining the image quality up to 34 dB. The running time of the algorithm is also low, less than 15 sec for encryption and less than 20 sec for decryption process.
The proposed model was tested on grayscale image data; therefore, further research is conducted to implement it to color images. Furthermore, since the symmetric key is used, the key distribution still becomes the problem in this method. For future work, an algorithm to solve the key distribution problem needs to be integrated with the proposed model.