E�cient JPEG Encoding Using Bernoulli Shift Map for Secure Communication

Digital data must be compressed and encrypted to maintain confidentiality and efficient bandwidth usage. These two parameters are essential for information processing in most communication systems. Image compression and encryption may result in reduced restoration quality and degraded performance. This study attempts to provide a compression and encryption scheme for digital data named as Secure-JPEG. This scheme is built on the JPEG compression format, the most widely used lossy compression scheme. It extends the standard JPEG compression algorithm to encrypt data during compression. Secure-JPEG scheme provides encryption along with the process of compression, and it could be altered easily to provide lossless compression. On the other hand, the lossless compression provides less compression ratio and is suitable only in specific scenarios. The paper address the problem of security lacks due to the use of a simple random number generator which can not be cryptographically secure. The improved security characteristics are provided through Generalized Bernoulli Shift Map, which has a chaotic system with demonstrated security. The algorithm's security is tested by several cryptographic tests and the chaotic system’s behavior is also analyzed.


Introduction
Inexpensive image and video acquisition devices has resulted in significant increase in image and video applications.The development of technology has made images and videos and integral part of our daily life.Compression of digital images and videos is always required due to large storage requirement.Images and videos have large redundancies especially in natural scene imagery which could be compressed to overcome bandwidth and storage limitations.Compression is therefore a vital part of generalpurpose acquisition devices.Wireless communication systems is a particular case where compression is essential for low data rate to ensure power and bandwidth efficiency [1].Encryption on the other hand is required to ensure data security and confidentiality.Wireless and public networks are at an increased demand for image encryption to protect the data from illicit use.In conventional systems, compression is performed to achieve bandwidth and storage efficiency whereas encryption is performed where data security is required.The proliferation of information technology has facilitated us, but it has resulted in larger number of attacks on personal information and resulting in breach of security.Encryption is normally required when data is exchanged over a public network to ensure data security.When encryption and compression are done separately, decryption and decompression must be done separately, resulting in slower processing and, in some cases, lower image quality.Encryption and decryption are time consuming process and so, it is a major bottleneck in real-time image transmission and communication systems.Similarly, image compression and decompression are a bottleneck.Many functional real-time systems are infeasible due to the computing expense of executing these steps independently [2].Data confidentiality is becoming a major a concern due to rapid technological advancements.A lot of algorithms are available for encryption but most of them are useful for textual data.Image data encryption, on the other hand, differs from alphanumeric data encryption as it has a high level of redundancy and spatial correlation.As a result, traditional encryption systems like RSA [3] and AES [4] are unsuitable for image or multimedia encryption.Encryption of digital images can be achieved by degrading visual detail with absolute randomness.So, there are few application based encryption algorithms aimed at producing encrypted digital data [5][6][7].Due to high-redundancy and bulk-capacity, there is a need of an algorithm which can process both encryption and compression.The idea of performing simultaneous encryption and compression was acquired from [8].They have presented a shared key encryption approach for JPEG.The DCT quantized coefficients of JPEG are separated into random looking shares which provide encryption.The basic scheme has some limitations which are covered in some variations of the basic scheme provided in the same paper.In [9], an encryption scheme based on DCT and orthonormal vectors was presented which was JPEG compressible.The scheme achieved reasonable security but contained horizontal correlation which depended on orthonormal vectors.In [10], standard JPEG algorithm is modified by incorporating encryption step on DCT quantized block of 8 × 8 pixels.The security of [9] and [10] depend completely on random number generator which is cryptographically insecure algorithm [11].Chaotic systems are believed to be perfect candidates for encryption system.A chaotic system must have three properties: (I) it must be sensitive to initial conditions, (II) it must have dense periodic orbits and (III) it must be topologically mixing.A good random number generator helps in image data encryption and so, a chaotic system serves as a perfect random number generator.In [12], the authors have used a Generalized Bernoulli Shift Map (GBSM) to perform permutation and diffusion to achieve encryption.The scheme is fast and provide cryptographically secure system but lacks the ability to be compressed with a lossy compression scheme.In our approach (Secure-JPEG), we have extended work on our conference paper [10] to make it cryptographically secure by introducing GBSM.The resulting image is visually similar to [9] and [10] and provide a cryptographically secure base.The algorithm modifies the DCT coefficients of JPEG compression scheme based on orthonormal vectors generated using GBSM.Secure-JPEG has two benefits: (I) it provides encryption and compression in a single pass and (II) the quality of decoded image is superior to original scheme [9].

Related Work
Various research studies [13][14][15][16] have focused primarily on the compression of digital images, dismissing security issues.Due to their intrinsic sensitivity, pseudo-randomness, and ergodicity to initial conditions, the algorithm of chaotic image encryption is becoming more common [3-7, 13, 17].They have good confusion and diffusion properties that satisfies the cryptographic requirements.On the other hand, these systems cover only image security without taking compression into account.Compression is required in most of the image and video storage and communication scenarios due to high redundancy and volume.This means that digital images need to be both encrypted and compressed.This approach was followed by many researchers in their research, with particular attention paid to data reduction and confidentiality [18][19][20][21][22][23].When it comes to achieving encryption and compression of digital files, researchers consider two methods.Encryption and compression were performed in two steps in the first approach [9,[24][25][26][27].Both two stages are entirely independent of one another and manipulating the image in two stages will take longer at times.In this case, the intruder must focus exclusively on cryptoanalysis to compromise the security of the algorithm while ignoring the compression scheme.On contrary, second method involves digital image compression and encryption performed in one stage [20,[28][29][30].Since the intruder must consider both compression and encryption algorithm when performing the encryption analysis, so, cumulative encryption and compression results in reduced computational time and increased data security.In [8], authors have designed a "shared-key JPEG color image encryption algorithm".During quantization process, the algorithm works on DCT coefficients.The method is based on two random 8 × 8 block which are shared on optical encryption.Each 8 × 8 block is encrypted and shares randomly generated data that is processed through JPEG for additional computation.The generated shares hold similar characteristics such as identical in size to the original block.The compression does not introduce any error, moreover encryption through share generation is also lossless.To perform decryption of data, DCT coefficients [8] is calculated and then original image was reconstructed.Three extended approaches are also discussed in their work, one for the random distribution of pixels, one to generate asymmetrical shares, and another is to provide more than two shares.These modifications possess varying strengths and limitations when compared to proposed method.Another scheme which is orthogonal-based color-image encryption has been presented in [9].The cryptographic arrangement occurs in two steps: the first is partitioning of the 8 × 8 blocks which are then scrambled using Mersenne Twister [31].The scrambled 8 × 8 blocks are then transformed to a frequency domain via DCT function.In the second step, Mersenne Twister produces a random number matrix of the size of the image.This algorithm shows its strength of securely encrypting the data but also introduces spatial correlation.The horizontal spatial correlation was explained through orthogonal matrix.In addition, because of manifold grayscale stretching, the proposed scheme introduces an intensity shift in resultant image.Although the scheme is compression friendly which presents high compression ratio.It also introduced a redundancy into system as DCT is used during encryption as well as during JPEG compression.In addition, encryption and compression generate more quantification errors in contrast to both process in a single process.Simultaneous encryption and compression may also be effective at introducing fewer errors.In [10], a simultaneous compression and encryption scheme has been designed which is based on standard JPEG algorithm.The standard JPEG is modified by inserting permutation and diffusion steps just before quantization.The algorithm has shown good compression performance along with demonstrated security characteristics except the Pseudo-Random Number Generator (PRNG).This method uses Mersenne Twister algorithm to generate random number sequences to permute the image pixels blocks and perform diffusion through orthogonal matrices.Mersenne Twister is a PRNG with large period, but it lacks cryptographic security and hence compromise the security of complete encryption scheme.The results of their algorithm is compared with standard JPEG compression algorithm and applying JPEG compression on cipher image obtained through [9].In [12], the author used Generalized Bernoulli Shift Maps (BSM) method to produce chaotic orbits which were used to encrypt digital images.They used generalized BSM method at two stages.In first stage they scrambled image pixels based upon a chaotic orbit sequence generated by BSM.And in the second stage they generated two chaotic orbits to induce diffusion within image pixel bits.Their method is resistant to resistance to brute-force attack and has strong statistical properties that make differential attacks difficult to implement.

Secure-JPEG Based on Bernoulli Shift Map Method
Secure-JPEG is designed to perform both compression and encryption simultaneously on digital images.In this scheme we introduce encryption steps during steps of standard JPEG compression algorithm.More specifically we apply encryption steps before DCT quantization step, and the rest of JPEG algorithm remains the same.Some properties of the algorithms are such that lossy compression (quantization) and entropy coding can provide reasonable compression ratio with very little distortion.The basic algorithmic implementation is presented in [10] which is an extension of [9] by using Mersenne Twister algorithm as a Pseudo-Random Number Generator (PRNG).The Mersenne Twister has a large period so its output seems completely random but it is not cryptographically secure as demonstrated in [11,31].As the encryption is used to secure data from cryptographic attacks so a simple PRNG with high period cannot be used in some real time applications.In this proposed scheme, we use PRNG in two steps; one is during image-blocks scrambling which performs permutation and the other is orthogonal matrix multiplication which performs diffusion.Security of both steps is based on this PRNG algorithm so it must be replaced with a cryptographically secure algorithm.Chaos-based systems are happened to be very sensitive to initial conditions and have high ergodicity, therefore they demonstrate excellent properties of cryptographic security and randomness.Some chaos-based systems provide high randomness and non-predictability, but they have small key space which lend them prone to brute-force attacks.In our proposed scheme, we are using a chaos-based orbits to generate random numbers namely generalized Bernoulli shift map which has large key space along with properties of randomness.The Bernoulli shift map B0: [0,1]  [0,1] is given by.
The Bernoulli shift map provides a case for fundamentally nonlinear mechanism because it typically produces deterministic chaos.This basic mechanism may appear in more realistic dynamical systems.In this study, we are employing its generalized version as shown below: Where  ,  +1 ∈ [0,1] are the states of the map, and  ∈ (0,1) is the control parameter.As  = 0.5,  becomes the regular Bernoulli shift map.A typical orbit of  0 obtained from the dynamical system is {  =   ( 0 ),  = 0,1, … } which is presented in Fig. 5 (a) for  = 1.75,  0 = 0.5.Its waveform is quite unusual and shows that the system is chaotic.The control parameter  and the initial condition  0 can be considered as cipher keys as the map is employed to produce digital data encryption schemes.
The basic working mechanism of Secure-JPEG is demonstrated in Fig. 1.The system is presented with a plaintext image as an input.The encoder module attempts to perform encryption and compression simultaneously based on some secret key.The encoded image can be stored or transmitted through some insecure communication channels.An intruder having access to encoded image can try some attacks to acquire information which is protected through encryption.On the decoder end, the image is received, and process of simultaneous decryption and decompression is performed, and a reconstructed image is obtained as an output.Diffie-Hellman key exchange or some other appropriate algorithm may be used to share the encryption key.In reverse order, the encoding algorithm of the system is used in the same way.However, two decoding scenarios have been presented below.
 Scenario-I: The encoded image data will be treated as a JPEG compressed image and the JPEG algorithm is used for the decoding.Huffman decoding is used for data compression and may decode the variable length code.This data is then converted to their true sequence through inverse run-length coding.Then sequenced data is converted from a vector to an 8×8 block.Dequantization regenerates the matrix values with a lossy compression factor error before quantizing.After backward DCT transformation, the image is created, and 8 blocks are combined.In this case, the decoded image data shows a cipher image that the intruder does not have because he does not have the secret key information and encryption algorithm. Scenario-II: It is based on using Secure-JPEG to decode the encrypted image data.In this case user has authorized access to encryption algorithm and so, decode the encoded or encrypted image.The compressed image data is employed to Huffman encoding and its output is a variable length coded data.The resultant data will be converted to the original data sequence by inverse run-length coding.In next step, it is transformed into 8 × 8 block using inverse Zigzag scanning.Due to lossy compression, an error is produced in data but through dequantization, data is recovered along error.In contrast, 8 × 8 random matrices {γ 1 , γ 2 , … γ  } are created by the same PRNG using the secret key information.These matrices are further decomposed to   ,   &  through singular value decomposition.Then inverse of this matrix is calculated through transpose function as the left singular matrix is an orthogonal matrix, and its transposition is equivalent to inverse of its orthogonal matrix.Next step is to multiply both transpose of left singular vector (   ) and dequantized matrices to obtain the decrypted matrices as (€ 1 , € 2 , ⋯ €  ) = (ψ 1 ×  1  , ψ 2 ×  2  , … ψ  ×    ).Then the backward transformation is implemented using a DCT that produces a spatial image.Conversely, the permutation sequence is also formed during encryption, which is used to obtain an inverse permutation sequence.The inverse permutation sequence is then used to do inverse block scrambling.These produced blocks are combined to create a decrypted image using the original image size.Fig. 4 shows the block diagram for this scenario-II.

Results and Discussions
The proposed scheme is an extension of our conference paper [10] which has provided compression and encryption simultaneously.The compression performance is demonstrated in the paper however the encryption is done using PRNG (Mersenee Twister) which is default PRNG of MATLAB.It has large period so can be used in many scenarios, but it lacks the cryptographic security which is necessary for an encryption scheme.To overcome this problem, the proposed modification uses a Generalized Bernoulli Shift Map to generate chaotic orbits which are subsequently used for permutation and diffusion.Chaos based systems has demonstrated cryptographic characteristics and the used scheme has demonstrated its results in [12].The chaotic nature of system is demonstrated by Fig. 5 and Fig. 6 which guarantees the cryptographic security of the proposed scheme.Compression performance of the proposed scheme is almost same as the SecureJPEG.At the time of encoding, when compression ratio is chosen as 100%, the decoded image is exact replica of the input image and so only lossless compression is employed.On the other hand, when quality of compression chosen below the 100%, some quantization error is induced (i.e., hence the name lossy compression) but the quality of the decoded image is reasonable for visual inspection as shown in Fig. 7 and Fig. 8 and demonstrated in section 4.6.
(a) (b) (c) Fig. 9 show the test images that are used to demonstrate the encryption performance and quality assessment performance.Altough, graphical results are not reported for all of these images to avoid repetations but the numerical scores are reported and discussion is made based on testing on these six images.

Correlation Coefficient Analysis
Correlation coefficient analysis is used to determine randomness of pixel values in an image.Natural images have strong correlation in their adjacent pixel values.The security of an image cryptosystem is regarded as high when it produces a highly uncorrelated image.Adjacent pixels correlation is measured in vertical, horizontal, and diagonally adjacent pixels.Below formulas are used to calculate correlation coefficient of two image pixels [11].
Here, x and y are pixel values, C.C. is correlation coefficient and Cov is covariance of pixel values, VAR(x) is variance, δx is standard deviation, E is expected value and N is total number of image pixels.Table 1 provides the score of correlation calculated with above formulas in three pixels' orientations.
The same is calculated and shown graphically for 10,000 adjacent pixels in Fig. 10 and Fig. 11.It is evident that correlation is much low in vertical and diagonal directions, but it is higher in horizontal direction.The higher correlation in horizontal direction is visually apparent in cipher image as well and it is due to orthonormal matrices used for diffusion.This correlation is desirable property and used to achieve good compression ratio.

Information Entropy Analysis
Information entropy is a statistical measure which determines the uncertainty and randomness in an information system.The entropy of a system can be calculated by the below formula [11]: Here, S is the source, (  ) is the probability of occurrence and N is the total number of bits.For an 8-bit grayscale image, the entropy value of an ideally random system should be 8.In practical systems the entropy value is always less the ideal value.However, the encrypted image should have entropy value as close to ideal as possible.Table 2 shows the values of information entropy for encrypted images.It is evident from the values in the table that the cryptosystem provides good randomness in the encrypted images.

Histogram Analysis
Histogram of image provides the distribution of image pixel values.This distribution can be used to disclose image characteristics and they have been used to decrypt permutation only images.It is therefore taken as an important measure to check the cryptographic security of an image encryption scheme.Histogram plot can be to visually inspect the statistical characteristics of an encrypted image.Fig. 12 shows the histogram plots for plain and cipher versions of Archer image.The histogram of cipher image is independent of plain image.The test on several images reveled the same results and the histogram remains bell shaped which is due to the property of Central Limit Theorem occurring due to matrix multiplication of DCT transformed image and orthonormal matrix.Maximum deviation and irregular deviation are numerical measure to ensure statistical randomness [11].

Maximum Deviation
The maximum deviation is a parameter used to verify the statistical randomness of an encryption scheme.It measures the pixel difference in the original and encrypted image.Higher maximum deviation value means more security.The maximum deviation value is calculated using the following formula [11]: Here, d0 and d255 are difference values of histogram at index 0 and 255 and di is the difference of histograms of original and cipher images.

Irregular Deviation
Maximum deviation sometimes does not appear to be enough as the encryption algorithm should change the value of each pixel randomly to ensure security.a cryptosystem which produces large change in some image pixels and minor change in other image pixels is not statistically secure.Irregular deviation on the other hand, calculate the change in all pixels, the formula to calculate irregular deviation are given below [11]: Here, ℎ  is the difference of histogram values of original and cipher images, Mh is the mean value of ℎ  and ID is the irregular deviation.4 indicates that the cryptosystem has produced highly random image which is not related to original image in any way.More than 99% of pixels of cipher image are different then the plain image.UACI on the other hand measure the average change in pixel intensities which should be nearly 30%.

Keyspace Analysis
Keyspace analysis is used to verify the robustness of the cryptosystem towards brute-force attacks.The cryptosystem must have a large key space to make exhaustive key search infeasible.It must also be very sensitive to secret key and a minor change in secret key should produce an entirely random and different cipher.

Exhaustive Key Search
Exhaustive keyspace refers to the possible combination of secret keys (initial conditions) which could be provided to produce a randomly generated cipher image.The key space should be sufficiently large to make brute-force attacks infeasible.It is usually defined in term of number of iterations required to check all the combinations of secret key.If it is feasible to try half the number of secret keys in reasonable time the cryptosystem is regarded as insecure.The cryptosystem uses six variables which we provide with initial conditions to produce different combinations output.A single variable with floating point precision is 252 and for six variables it becomes (2 52 ) 6 = 2 312 , which is a large enough key space to make all brute-force attacks infeasible.

Key Sensitive Test
Key sensitivity defines the complete dependence of cryptosystem on exact key.It indicates the dependence of cryptosystem on secret key and demonstrate that a minor change in secret key result in inaccurate decryption.The image in Fig. 13

Quality of Reproduced Image
The quality of reproduced image is important as compression adds artifacts while employing lossy compression.Moreover, as the encryption is performed in the DCT domain and the inverse DCT result in image values which requires requantatization, the reproduced image will not be exact replica of the input image.Ahmed et al. [32] has discussed the quality of decrypted image which is assessed by different measures such as Peak Signal to Noise Ratio (PSNR), Mean Squared Error (MSE), normalized correlation which are objective methods and tries to measure the change in quality of reproduced image in relation to the original image.It has been demonstrated by [33] that structural distortions are more accurate measure of perceived quality.Their proposed image quality assessment algorithm SSIM [33] and its improvement is considered better alternative to these conventional approaches.
Moreover, no-reference image quality assessment algorithms such as [34][35][36] are another approach to quality assessment of reproduced image.These methods measure the quality of the image without information of the original image and provide an objective measure of perceptual quality of digital images.We have used SSIM [33] and PIQI [34] as quality assessment measure to assess the quality of the reproduced image.In Table 5, SSIM for six images indicates that quality of reproduced image is highly similar to the original image.In case of PIQI, the quality assessment is reported for original as well as reproduced image for comparision as the quality assessment is not relative to original image.

Conclusion
This paper intends to improve the security of our conference paper which provides efficient permutation and diffusion in image pixels.The algorithm was focused to perform simultaneous encryption and compression.However, we have used Mersenee Twister (default random number generator of MATLAB) to generate random matrix and permutation sequences.This is not a cryptographically protected random number generator that cannot guarantee the security of the cryptosystem.We replaced it with a chaos-based generator with strong security characteristics and resilience to initial conditions.General-ized Bernoulli Shift Maps are used to produce a permutation sequence and random matrices that are used for subsequent analysis.The findings of the cryptosystem are illustrated by several experiments, such as correlation coefficient analysis, information entropy analysis, keyspace analysis, mathematical and differential analysis.The current scheme is cryptographically secured and provides good compression.The principal application of this scheme includes areas where compression is a necessary feature otherwise the same scheme can be used in lossless compression format as well.
The proposed strategy can be extended for encryption of video, audio, or other multimedia data where lossy compression is often employed.Wavelet domain processing to integrate it with JPEG2000 is still our future consideration and may be explored for better compression and security characteristics. Secure-JPEG Encryption scheme according to Secure-JPEG.
Scenario-I; Decoder Layout using standard JPEG.
Random behavior of chaotic orbits and sensitivity to initial conditions Auto-and Cross-correlation characteristics of Generalized Bernoulli Shift Map

Supplementary Files
This is a list of supplementary les associated with this preprint.Click to download. Biography.docx

Fig. 5 (
a) shows a standard orbit of Generalized Bernoulli Shift Map with initial conditions (x0=1.75, a=0.5 and b=0.25).It could be seen that the values are completely random and chaotic.Fig. 5 (b) provide demonstration of sensitivity to initial conditions.The two orbits (i.e., red, and green) differ each other's by 10 −12 and their values after few iterations are completely independent and chaotic.Fig. 6 (a) on the other hand shows auto-correlation characteristics and Fig. 6 (b) demonstrates the cross-correlation characters which are required parameters for an ideal chaotic system.(a) Typical Orbit of Generalized Bernoulli (b) Difference of two orbits of Generalized Shift Maps with randomized values Bernoulli Shift Maps with difference of 10 −12 in the initial values.

Fig. 5 Fig. 6
Fig. 5 Random behavior of chaotic orbits and sensitivity to initial conditions

Figure 9
Figure 9 Six test images used for encryption performance and quality assessment

Fig. 12
Fig. 12 Histogram Analysis of Archer Image (a) Original image (b) Encrypted image.

Figure 13 Key
Figure 13

Table 1
Performance measure of Correlation Coefficient of adjacent pixels in vertical, horizontal, and diagonal directions

Table 2
performance measure of Information Entropy for encrypted images.

Table 3
provides the scores of maximum deviation and irregular deviations calculated for each plain image and cipher image pair.Higher values of these measures indicate better security towards statistical attacks.

Table 3
Scores of maximum deviation and irregular deviationThe differential analysis calculates the change in the pixel value of the cipher image in contrast to the plain image.This property tests the diffusion characteristics of the cryptosystem picture.The output image can adjust in an unexpected way to complicate the relationship between a plain image and a cipher image.The number of Pixels Change Rate (NPCR) and Universal Average Change Intensity (UACI) are measurements of the differential characteristics of the cryptosystem image.Table 4 sets out the NPCR and UACI values for the various test images.

Table 4
NPCR and UACI scores for test images

Table 5
Quality assesment of reproduced image