Selective Image Encryption Based On Chaotic Maps And Elliptic Curve Cryptography

The rapid evolution of imaging and communication technologies has transformed images into a widespread data type. Different types of data, such as medical information, official correspondence or governmental and military documents saved and transmitted in the form of images over public networks. Cryptography is a solution to protect confidential images by encrypting before transmission over unsecure channels. Most of the current image encryption methods based on symmetric cryptosystems, which the encryption and the decryption keys are the same and will be shared. However, asymmetric cryptosystems are more useful and secure because of the decryption key kept secret. This paper will focus on asymmetric image encryption algorithms to improve and enhance the security of transmission. Elliptic Curve Cryptography (ECC) is a new public key cryptosystem and provides equivalent security with shorter key length, low mathematical complexity and more computationally efficient rather than RSA. Selective encryption is a solution to decrease the consumed time for asymmetric cryptosystems, which reduce the encryption regions as small as possible. Hence, a hybrid cryptosystem is proposed based on the combination of ECC and chaotic maps that detects the face(s) in an image and encrypt the selected regions. This scheme will encrypt around five percent of the whole image and only confidential regions rather than whole image. The results of security analysis demonstrate the strength of the proposed cryptosystem against statistical, brute force and differential attacks. The evaluated running time for both encryption and decryption processes guarantee that the cryptosystem can work effectively in real-time applications.


INTRODUCTION
Images have become a common data type due to the rapid expansion of imaging and communication technology.
Wide variety of media, such as personal medical information, official communication, or governmental and military documents, are stored and sent as images across public networks. Cryptography is a method of protecting secret photos by encrypting an image before transmission over unsecure networks. Many image encryption methods are proposed based on private pre-shared key for ciphering, which use the same key for encryption and the decryption. However, asymmetric cryptosystems are more useful and secure because of the decryption key kept secret. In some applications a secure channel could not be established to transmit the private key or prefer to keep the decryption key secret, hence public key cryptography is applied. This paper will focus on asymmetric image encryption algorithms to improve and enhance the security of transmission. Elliptic Curve Cryptography (ECC) is a new public key cryptosystem and provides equivalent security with shorter key length, low mathematical complexity and more computationally efficient rather than RSA. This paper will focus on asymmetric image encryption algorithms to improve and enhance the security of transmission. Selective encryption is a solution to decrease the consumed time for asymmetric cryptosystems, which reduce the encryption regions as small as possible. Hence, a hybrid cryptosystem is proposed based on the combination of ECC and chaotic maps that detects the face(s) in an image and encrypt the selected regions. This scheme will encrypt around five percent of the whole image and only confidential regions rather than whole image. The results of security analysis demonstrate the strength of the proposed cryptosystem against statistical, brute force and differential attacks. The evaluated running time for both encryption and decryption processes guarantee that the cryptosystem can work effectively in real-time applications.
Digital Images are pervasive due to the advanced of imaging technology. High-resolution cameras take pictures in a range of megapixels in personal, medical and official applications. Image encryption is a solution for securing images that transmitted over public and unsecure channels. In some applications, particularly in military and medical images, applying encryption is necessary. However, encrypting whole image is not needed.
For instance, an image that contains picture of criminals or intelligence services staff may only need to encrypt the faces parts. This object-based approach will minimize the secret part as much as possible to reduce the required time for encryption and decryption process. Another approach is in partial encryption which applied on entire image but in case of frequency and spatial domain. In spatial domain selective encryption, only a few bits of every pixel in an image encrypted. In frequency domain, an image is transferred into frequency space and only high frequencies that contain more information about the image are encrypted. The selective encryption that is proposed in this paper focused on the spatial domain category. A face detection algorithm scans the input image to find and locate the human face(s). The proposed hybrid encryption algorithm in this paper is a combination of binary grouping approach and a chaotic scheme. ECC is deployed for more security as a public key cryptosystem and chaotic scheme results in more diffusion and confusion. This technique is applied to three different images containing some human faces. Finally, each encrypted face is analyzed particularly for statistical attacks.
Partial or selective encryption which also known as perceptual ciphering is a method for not encrypting the full image. The true objective is to minimize computation times for real-time applications. The main purpose is to divide the image content into two parts: public and protected. Minimizing the protected region in an image is the main feature in selective encryption.
Digital Images are massive due to advanced imaging technology. High-resolution cameras take pictures in range of megapixels in personal, medical and official applications. Image encryption is a solution for securing images transmitted over public and unsecure channels. In some applications, particularly in military and medical images, applying encryption is mandatory, but encrypting the whole image is not compulsory. For instance, an image that contains picture of criminals or intelligent staff only the face parts of the image may need to be encrypted. This object-based approach will minimize the secret part as much as possible to reduce the required time for encryption and decryption process. Another approach in partial encryption is applied on an entire image but in case of frequency and spatial domain. In spatial domain selective encryption, only a few bits of every pixel in an image are encrypted. In frequency domain, an image is transferred to frequency space and only high frequency that contains more information about the image encrypted.
According to table 1, selective encryption usually comes with compression. In frequency domain, low frequency coefficients carry most information of the image and high frequency coefficients carry the details1. In lossy compression techniques, such as JPEG standard, an image is transformed into a frequency domain by DCT, and then zeros multiply some high frequency coefficients and the new compressed image is reconstructed. Hence only some low frequency coefficients are encrypted rather than all in frequency domain which also has many advantages2: (1) It is easier to identify the critical parts to be encrypted and (2) It is easier to identify what parts of the data are not compressible.
One of the first studies on selective multimedia encryption3 was done by proposing Aegis mechanism based on MPEG video transmission and DES cryptosystem to secure MPEG video sequences from unauthorized access. By employing proposed video compression technique, this approach reduces the quantity of data that must be encrypted and decrypted. This is due to reducing the size of transmitted video images by encrypting intra I-frames of an MPEG stream. However, Agi & Gong4 found that this and some other methods are not suitable for sensitive applications and may not be sufficiently secure for some types of video and one can see pattern of movements. Therefore, they tried to improve the security by increasing the I-frame frequency but it results in the increase of bandwidth consumption and higher computational complexity. An alternative way is to encrypt I-blocks in all frames rather that I-frames which enhance confidentiality.
Droogenbroeck & Benedett5 also proposed two techniques for selective encryption of both compressed and uncompressed images. Considering randomness pattern of 4 or 5 least significant bits of pixels value, it is more difficult to attack on plaintext. Another partial ciphering method declared in this paper is based on Another different approach in partial image encryption is to extract some special and secret features in an image and encrypt these features rather than encrypting the whole image. An idea in this scope is to detect faces of input image and encrypt them, for some applications such as transmission of images with criminals or members of security organizations and military applications.
A high-speed chaotic image encryption scheme for all types of images such a color, gray-scale and binary8. The plain image is splitting into blocks and after computing the correlation coefficient value of the blocks, the proposed technique is determining whether a block should be encrypted or not. SKWE tent map is performed to generating random values and XORing with the pixel values. TD-ERCS map is applied to generating random vectors to achieve confusion regarding row and column shuffling respectively. The proposed scheme is resilient against different types of attacks while the encryption time is less than9 and10.
A partial encryption method proposed using the face region as a feature because a face has semantic information and is the most important part in an image or video11. They used Multi-Layer Perceptron to detect face region and for higher precision, Gaussian skin-color was applied to discriminate between skin regions and non-skin regions. Both DES and AES encryption algorithms were compared and results show that encryption time is less for DES. According to experiments, for video content encryption, full encryption methods provide two or three frames per second whereas their proposed method encrypts 25 to 30 frames per seconds.   Figure 1 shows the encryption process architecture. This scheme is a combination of region and bit based on selective encryption. The purpose is to utilize elliptic curve cryptography, and, to propose a novel asymmetric image encryption scheme. Due to complexity and computational characteristics of the public key cryptography, encryption parts are minimized as small as possible to achieve an efficient encrypting time with considered security. In this paper, a hybrid selective image encryption is proposed based on ECC and chaotic maps.

ENCRYPTION SCHEME
In this scheme, the input image, which consists of human face(s) is preprocessed to detect the face(s).
Pixels of all selected region(s) are then integrated to create a uniform matrix. After changing these pixel values to binary format, four bits in high significant position are encrypted with elliptic curve cryptography and other bits kept unchanged. Finally, all bits are permuted r rounds to achieve more diffusion and confusion in the encrypted parts.

B. INTEGRATING SELECTED REGIONS
After detecting faces in the previous phase, selected regions should be integrated to have an array of all selected pixels before encryption. All pixels in i th region is scanned column by column as shown in figure 2 and stored in an array. This process is done for all regions and pixels arranged in the form of (2). The total number of selected  (3) where n is the number of detected faces. Subsequent step in this phase is converting the array of integrated pixels into binary format. Each pixel has an 8-bit value between 0 and 255 in the form of (4) where b (8) is the most and b(1) is the least significant bit. Number of rows of created array (5) is equal to the total number of selected pixels and 8 columns with elements of 0 and 1.
A bit in a pixel's value carries amount of information according to its position. Based on the Shannon theory, the information ratio of bit b(i) in a pixel is calculated by (6). These values for all b(i) positions are given in table 2 in percentage31. As shown in the table, the bits in positions 5 to 8 carry 94.125 percent of information. Therefore, encrypting these four bits rather than whole 8-bits will reduce the encryption time.

C. ELLIPTIC CURVE CRYPTOGRAPHY
In ECC-Based cryptosystems, mapping plain message to the points on the curve is a challenge. Different  Hex 07192b95ffc8da78631011ed6b24cdd573f977a11e794811 In this scheme, ECC is applied on four higher significant bits ( (8) (7) (6) (5)) of selected regions rather than whole bits of pixels. This is because of the amount of information they carry. Such as explained in table 1, these four bits carry 94.125% of overall information of a pixel that is the meaningful information about the image. The four remain bits have pseudo-random distribution and discarded in encryption.
Selecting bits is depended on the chosen standard curve for encrypting an image. For instance, if curve P-192 is selected for cryptography, all bits classified are in groups of 191 bits or encryption. In addition, 191 is considered as m in equation (7) to find the appropriate x that satisfies (8) and compute y. In this case, the result is a point which x and y are 192-bit. Hence, the encrypted part is larger than the original in size. The number of extra bits is equal to the number of groups and has an inverse relation with the key length.
In this scheme, the encrypted file size is larger than original image. This is because selected bits classified in 191-bits but the encrypted points are 192-bits. Hence, the extra bits are equal to the number of groups.

D. BIT PERMUTATION
According to the previous phase, ECC is performed only on the 4-bits of pixels [b(8)b(7)b(6)b(5)] that carry 94.125% of information and the 4-bits with less information kept unchanged. These bits have a random distribution. As calculated for different image, the entropy of the bits is very near to 4. But for more diffusion and confusion, all bits are shuffled after performing ECC.
Here, a novel approach is proposed for bit permutation. Unlike similar works that proposed bit permutation, which is applicable only on square images with equivalent height and width, the proposed scheme is working on any size of images. Since in partial encryption, the selected regions may not be square in form, hence such a bit permutation scheme is needed. In this scheme, all selected pixels are arranged in an array in one column and converted to its binary format. Therefore, an array of zeroes and ones with total_pix (from equation 3) rows and 8 columns is created. Figure 3 shows the sliding window model. Permutation is then performed on the 8×8-bits windows based on Arnold cat map. After permuting the first window, it slides down one row and permuting in new position. This process is continued to meet the last row and total number of permutation is equal to total_pix-7 because at this row, it is not possible to move down the sliding any more.
Henon map34 is the simplified form of Lorenz model35, a two-dimensional discrete dynamic system, and defined by (10). The generated x i and y i by equation (10) are utilized as parameters for p and q to be use in Arnold map, respectively. Since, Henon iterations generate real coordinates, equations (11) and (12) are applying modular, multiply, absolute and floor functions to convert x i and y i to integers. : E. DECRYPTION SCHEME Figure 4 shows the decryption architecture process. This scheme performs the reverse steps of encryption process to decrypt the ciphered regions in the received image. A matrix of all encrypted pixels is created at first step to integrate all encrypted regions. The last step was the bit permutation in the encryption process. The created matrix of encrypted pixels converted to binary values in order to perform inverse bit permutation. For inverse bit permutation process, the reverse ACM is performed on the binary matrix and 88 sliding window is moving from bottom to top one by one. After permuting the last eight rows, it is moving up one row. This process is continued to meet the first row and total number of permutation is equal to total_pix-7. The decryption process of the encrypted points on the elliptic curve is the next step, which applies the equation to decrypt the encrypted points.
According to Koblitz method33, after decryption, the decrypted points should be converted into image pixels. The parameter k in equation (15) is used to transform each point to its corresponding pixels value.
While m is the combination of selected bits of pixels in binary mode, they should be split and reconstructed in four-bit groups and replaced with four higher significant bits of pixels.  Table 4. Initial values for chaos maps

iii. Image Entropy
Entropy is measured to determine the randomness of encrypted image. According to Shannon theory36, entropy for a secure image encryption algorithm should have the value of very close to 8. Calculated entropy by (16) for selected faces before and after encryption is shown in table 5. The entropy value for each face is not ideal because it is not close to eight. This is because of the pixels' number, which according to table 5 is few for each face.
However, for total selected pixels, it is almost eight. In fact, the calculated results in table 6 proved that the entropy for cipher faces increased. It results to increase the randomness in distribution of the pixel values.

iv. Key Space
In the brute-force attack, an intruder may attempt to find decryption key by trying all combinations of secret values to find the private key. A sufficiently large key space will make the try-an-error method too long and impossible.
In the proposed cryptosystem, initial point (x 0 , y 0 ) of the Henon map and control parameters are δ, ϑ, p, q and r should be kept secret and be used as secret keys. In addition, with these values, x and k are private keys of the sender in elliptic curve cryptography. The combination of these numerous values will provide a large key space of approximately 2 560 that is sufficient to make the brute-force attack infeasible37. Table 7 is the maximum length for each variable. Another image containing faces for analyzing cryptosystem is shown in figure 10. It contains four faces, which has higher resolution than figure 5. This image is 600×450 pixel in height and width. Selected area for faces and encrypted faces is shown in figure 11 and 12, respectively.   Figure 13 illustrates the histogram of selected integrated pixels before and after encryption. The nonuniform distribution histogram of plain faces has changed to a uniform histogram. Calculated entropy values for integrated pixels, each plain face, and its corresponding cipher face individually are shown in table 9.
(a) (b) Figure 13. Histogram of integrated selected pixels (a) before and (b) after encryption.  figure 14 and 15, respectively.   Table 11 is the estimated elapsed time for encryption and decryption functions. Total encryption and decryption time are computed by equations (16) and (17), respectively. In these equations, the variable r is the number of iteration rounds and P is the elliptic curve key length in bit. The calculated encryption and decryption time for figure 5 are based on equations (17) and (18)   In the proposed image encryption scheme by Li et al. 33, the whole image (256×256) is encrypted by elliptic curve in 6.232 seconds. Whereas proposed selective encryption in this scheme reduces the confidential area to less than 5 percent of the whole image, the encryption time will also reduce to almost 1 second, which is a proper time for real time applications. Homomorphic cryptography is not secure against chosen-plaintext and chosen-ciphertext attacks. The proposed encryption scheme in this paper is a solution to overcome the weakness of Li et al. 33 scheme which is a homomorphic scheme. Applying r rounds iteration of bit permutation will increase diffusion and confusion.

CONCLUSION
In this paper, a novel public key selective image encryption scheme is proposed based on the elliptic curve and chaotic maps. Unlike similar works that the permutation process is applied on square images with equal height and width, the proposed scheme in this paper is a new approach and independent from the image size. Using the elliptic curve for encrypting a whole image is not efficient for real-time applications. Selective encryption is an efficient approach that encrypts only the confidential parts of an image. In some applications such as sharing the picture of suspects or criminals, the identity of the people in an image is secret. Hence, in such images, only the face of the people should be encrypted, not the whole image. This approach is called as selective or partial encryption. In comparison with another similar work based on ECC, this scheme is much more efficient in security and running time. It reduces the time and less computation is needed and practically encrypts less than 5 percent of an ordinary image. These characteristics turn this cryptosystem as an acceptable choice for highly secure and real time applications. In this paper, an approach is implemented to reduce the running time for public key encryption. It is appropriate for images that contain human face(s). This approach omits approximately 95 percent of an image in encryption process and only 5 percent of the image is encrypted. This method is finalized by combining chaotic map and elliptic curve. Chaotic map is applied to shuffle pixels for confusion and diffusion.
Shuffling the pixels will reduce the chance of successful know-plaintext and chosen-plaintext attacks.
Subsequently, pixels are encrypted using elliptic curve based on the binary grouping approach and Koblitz