AN EFFICIENT CONFUSION-DIFFUSION STRUCTURE FOR IMAGE ENCRYPTION USING PLAIN IMAGE RELATED HENON MAP

Chaos-based image encryption has great significance as a branch of image security. So, a series of chaos-based cryptosystems protecting digital images are proposed in recent years. But, most of them have been broken as a result of poor encryption structure. This research paper suggests an effective image encryption structure to resist possible attacks. The proposed method employs plain image related Henon map (PIHM) for shuffling and diffusion processes in a connected way which is different from conventional chaotic based image encryption systems, since the initial conditions of diffusion process are established based on the initial conditions of shuffling process. The principle of confusion is achieved by shuffling the pixels over all the rows and columns. And the diffusion is ensured by using XOR operation of current shuffled pixel value with the previous value, and random pixel produced from PIHM map. The results of simulation and security analysis indicate that the proposed scheme has desirable encryption effects and is robust against different common attacks.


INTRODUCTION
In the present age of the fast development of information transmission and multimedia technology, the privacy protection of the digital data in cyberspace must be emphasized. The traditional cryptography approaches like Data Encryption Standard (DES) [1], Advanced Encryption Standard (AES) [2], Rivest-Shamir-Adleman (RSA) [3], etc. are playing a significant role in textual data security, but they are unacceptable for image encryption, image data security due to some inherent properties of digital multimedia such as high degree of redundancy, bulk content capacity, pixels correlation, and execution time constraints. In order to address these issues and problems, various modifications have been suggested to make the traditional encryption algorithms more suitable for image security [4]- [6].
Due to the features of dynamic instability, unpredictability, and ergodicity that can be applied in the cryptography applications, the chaotic system has been used in a wide variety of image cryptosystems. In 1998, the American researcher Fridrich proposed chaos-based image encryption method for the first time [7]. Fridrich's Symmetric algorithm includes two stages: permutation process (i.e., shuffling the location of pixels) and diffusion process (i.e., changing the value of pixels). Despite the success of cryptanalyzing in 2010 [8], many cryptographers design their image encryption algorithms based on Fridrich's structure [9]- [12].
The basic shortcomings of Fridrich's structure are summarized as follows [8,9]: a) The pixels shuffling and diffusion are simple to cryptanalysis. b) The shuffling and diffusion processes are independent of each other. c) The encryption algorithm is not associated with the plaintext image.
To date, many image cryptosystems have been proposed to obtain a higher level of security by different chaotic map like one-dimensional logistic map [14], tent map [15], delayed coupled map [16], two-dimensional adjusted logistic map [17], three-dimensional cat map [18], 4D logistic map [19] and 6D hyperchaotic system [20], etc. Generally, onedimensional maps provide simple mathematical function, short key size, and insecure cryptosystem [14]. Hence, they are exposed to attack more than high dimensional chaotic maps [21]. In contrast, the high dimensional maps can withstand attack more than one-dimensional maps, but they require highexecution time in hardware and software implementation. Besides, the close connection between the encryption and decryption processes makes the algorithm strong against the attack of known-chosen plaintext [22].
Motivated by the above introduction and to address this shortcoming, a new image cryptosystem under an efficient connected structure of confusiondiffusion is suggested in this article. The proposed cryptosystem does not utilize a complex high dimensional chaotic system or hash algorithm, but it utilizes statistical property that is extracted from a plain image to enhance the chaotic behavior of modified two-dimensional Henon map [23] and immunity of the encryption algorithm against known-chosen plaintext cryptanalysis.
The remainder of this research paper is organized as follows: Section 2 presents the related works. In Section 3, the two-dimensional Henon map is explained. Section 4 shows the proposed image cryptosystem. Then, the performance of the proposed cryptosystem is evaluated and compared with existing systems in Section 5. Finally, Section 6 concludes this work and proposes future work.

RELATED WORKS
To take advantage of chaotic systems in a digital computer and improve the security of image cryptosystems, various methods have been proposed. Selecting a map type is not enough. Thus, some researchers try to avoid any possible attacks such as chosen and known-plaintext attacks, e.g., the authors in [24] presented a fast image cryptosystem based on a dimensional logistic map with optimized distribution and total original image characteristics to secure the color images. Despite the increase in the time of implementation when using hash algorithms, Change Dong [25] introduced a color image encryption scheme by using the hash value of the input image to generate the initial values of the coupled chaotic system for each encryption process. Xiangjun Wu et al. [26] combined the output hash function with a secret key and original image to update the system parameters and initial values of NCA map based CML, which is used with DNA coding for color image encryption. Also, a hash algorithm has been used by Ahmad Jawad et al. [27], in that research work, an enhanced image cryptosystem was introduced based on skew tent map and XOR operation. In [28], the authors used the hash value of the plain image to generate the cipher key. The cryptosystem utilizes PWLCM systems in three levels of permutation process and diffusion processes. Both pixel level and bit-level permutation are applied by Xiong et al. [29], who used a nine palace map for pixel permutation process and Cyclic Redundancy Check (CRC) technique to permute the binary vectors of R, G, B pixels. The output pixels are XORed to diffuse them. The authors in [30] proposed plain image sensitive cipher by applying the particle swarm optimization algorithm (PSO) to choose a lower correlated encrypted image as an output of the cryptosystem.
Moreover, modified classical cryptosystems and chaotic maps in the image encryption field were used in [31,32], pseudorandom sequences were generated in [31] based on improved Chebyshev map, logistic map, and sine map to avoid the problems of low dimensional maps through increasing the keyspace. Then, the variant Hill cipher was used to encrypt the image data pixel-bypixel instead of the pairs of pixels which followed in the classical Hill cipher. The authors of [32] proposed a block image cryptosystem with 16 ×16 blocks, this scheme utilizes a chaotic cross-map to achieve diffusion property and to improve Playfair cipher in the confusion process.
Mondal et al. [33] introduced a faster pseudorandom generator based on skew tent map and cellular automata to secure the digital images, where the output of pseudorandom generator was used in the shuffling process and diffusion process. Hanchinamani and Kulakarni [34] adopted a twodimensional Zaslavskii map for the shuffling process, combined with pseudo Hadmard transform, to provide avalanche effect. Then, forward and backward diffusion processes are achieved by multiple addition operations and XOR operation. Krishnamoorthi and Murali [35,36] came up with and applied a selective image cryptosystems based on chaotic maps and orthogonal polynomials transform. They divided the image data into important and unimportant sections. the important section has been secured more than an unimportant section to decrease the complexity of the proposed cryptosystem. Also, the authors in [37] attempted to decrease the time complexity by applying one round diffusion operation. The suggested scheme used a large key space-based on the hyper-chaotic system. Butt et al. [38] introduced a low complex image cryptosystem via a combination of the shuffling process and diffusion process for the bit-planes of an input image. This method uses a hash function to generate a 128-bit keystream and performs modular addition operation to diffuse image blocks.

TWO-DIMENSIONAL HENON MAP (2DHM)
Henon map is a two-dimensional discrete-time dynamical system, which is described as follows: where X t and Y t represent the iterated space variables and lie in the range[0,1], α and β are the parameters of the system. This system yields a complete chaotic attractor at α = 1.4 and β = 0.3 as shown in Fig. 1.

THE PROPOSED IMAGE CRYPTOSYSTEM
The proposed algorithm is composed of two associated parts: shuffling-diffusion structures both of them are dependent on the plain image related Henon map (PIHM) to obtain a satisfactory image cryptosystem. Fig. 2 presents a block diagram that illustrates the processes of the proposed image cryptosystem.

PLAIN IMAGE RELATED HENON MAP (PIHM)
In this process, we extract statistical property (A) from the original image as the following mathematical model: where PI(i, j) is the gray value of the plaintext image and r is a random parameter. The value of r must be large than 0 to withstand a special image attack. The statistical property A will be multiplied with Henon map as presented in Equation (3) to enhance the immunity of the proposed scheme against knownchosen plaintext cryptanalysis, and to improve Henon map since the multiplication design and modular operator are used to enhance the chaotic dynamic of the Henon map without affecting the keyspace [23]. (3) The PIHM will be used in the shuffling process with initial conditions (X 01 ,Y 01 ) and control parameters (α 0 , β 0 ). On the other hand, the initial conditions of the diffusion process are (X 02 , Y 02 ) and the control parameters are (α 1 , β 1 ).

SHUFFLING STAGE
In order to provide confusion property, the shuffling process permutes the positions of the pixels over all the rows and columns by using the produced sequence from PIHM map (X t , Y t ).
The phase of row shuffling is responsible for performing permutation operation on each row of the plain image PI(i, j) as shown in the following formula: where M represents the width of the original image PI(i, j) = M × N and K 1 is obtained using the following equation: Here, Floor (.) is a mathematical function used for rounding of numerical data to the nearest integer number; X t represents the generated sequence of PIHM map and z is a random number.
In contrast, the column shuffling phase uses X t sequence to permute the columns pixels as follows: where N denotes the height of the plain image and K 2 is calculated using the following equation: The security of the output image of the shuffling stage also depends on the iteration number. Thus, the proposed cryptosystem considered itr shuffling as a secret key.

DIFFUSION STAGE
The rows-columns pixels shuffling process in the previous subsection makes the cryptosystem pass most security tests except the histogram test which can be achieved through the diffusion process.
The attack on the shuffling-diffusion structure is possible as the shuffling process is independent of the diffusion process and the plain image [22]. Therefore, the proposed scheme combines the shuffling process with the diffusion process as well as provides the connection between the original image and Henon map. The combination of shuffling-diffusion processes involves utilizing the values of the initial conditions of the shuffling stageX 01 and Y 01 to establish the initial conditions of the diffusion stageX 02 and Y 02 as follows: where f and g are random prime numbers. Then, the proposed scheme iterates Equation (3) with a new version of initial conditions X 02 and Y 02 for M × N times to generate the random image RI(i, j). After that, the current pixel and previous pixel of the shuffled image and corresponding pixel of a random image are mixed by utilizing XOR operation as the following mathematical model: Finally, the mixed image EI(i, j) is considered as an encrypted image and it is ready to be submitted to the recipient with the same secret keys. When a recipient receives the encrypted image, he will reverse the operations of the proposed image cryptosystem to decrypt the cipher image.
In order to verify the efficiency of the proposed image encryption scheme, we have evaluated it against different security criteria that involve the space of the secret key, sensitivity analysis, pixel distribution test, correlation analysis, information entropy, and the measure of encryption quality. Finally, the speed performance of the proposed cryptosystem is tested to determine the time taken by the encryption and decryption processes.

SECRET KEY SPACE ANALYSIS
The cryptosystem resistance against the brute force attack depends on the secret key size. Typically, the key size should be more than 2 128 to thwart the brute force attack [25]. The proposed cryptosystem provides key size up to 2 504 , where the initial values and system parameters of the enhanced Henon map provides 2 222 for each map as described in Ref [23]. Besides, considering the moderate size for itr shuffling itr diffusion , r, z, f, and g is 2 60 . As demonstrated in Table 1, the proposed cryptosystem is able to withstand against brute force attacks.

PLAIN IMAGE SENSITIVITY
Many cryptanalyzes try to modify the pixel value of the original image and compare the original and modified image with their corresponding encrypted images to find the relationship between them. This attack is called differential cryptanalysis, and it is evaluated by utilizing the number of pixel changing rate (NPCR) and unified average change intensity (UACI). They are calculated by using equations (10), (11), and (12).
where EI 1 (i, j) and EI 2 (i, j) are the cipher images that occurred before and after one-pixel modification; M and N are the width and height of the tested image, respectively. The optimal value of NPCR is about 99.61%, while UACI is about 33.46. Compared to the previous works, the suggested cryptosystem introduces high resistance against differential cryptanalysis as obtained in Table 2.

KEY SENSITIVITY
Similar to the plaintext image sensitivity, the key sensitivity criteria mean no plain data is retrieved from the encrypted image even if only a little dissimilarity is between the key of the encryption process and the decryption process. To achieve the secret key sensitivity characteristic, the image encryption scheme must meet the following conditions: d) A tiny modification in the secret key leads to a completely different cipher image. e) The cipher algorithm must be unable to discover any data from the cipher image even for the tiny difference in the decryption key. Fig. 4 clearly shows the simulation outputs of key sensitivity measure in the proposed cryptosystem by altering secret key X 01 to X 01 + 10 −15 , and keep others unaltered. Utilize X 01 to encrypt Mandrill plain image in Fig. 4(a) and produce the output image EI 1 in Fig. 4(b). After that, encrypt the same Mandrill plain image PI in Fig. 4(a) by using X 01 + 10 −15 to obtain a new output image EI 2 as shown in Fig. 4(c), and Fig. 4(d) illustrates the pixel-to-pixel difference image DiffI between EI 1 and EI 2 . In a similar way, the sensitivity measure can be performed in the decryption process to obtain the decrypted image DI as shown in Fig. 4(e), Fig. 4(f), Fig. 4(g), and Fig. 4(h). Thus, the proposed image encryption method is extremely sensible to its secret key.

PIXELS DISTRIBUTION ANALYSIS
The distribution of pixels refers to the plot number of image pixels at each different intensity value for each of the images. The encrypted image of good cryptography must have sufficiently even distribution for image pixels to resist the histogram analysis. As illustrated in Fig. 5, the plot of pixels distribution of the cipher image is more even than the plain image for R, G, and B channels. Thus, the proposed image cryptosystem can make pixels distribution analysis difficult.

CORRELATION COEFFICIENT TEST
Due to the high relationship between the neighbor pixels of several plaintext images, the correlation coefficient test is utilized in the image encryption algorithms to evaluate the degree of pixel shuffling. We apply Equation (13), (14) and (15) for 1,500 pairs of neighboring pixels from the input and output images of the proposed cryptosystem and measure the correlation coefficient CC XY at horizontal, vertical, and diagonal directions [39].
) ( ) ( )) ( ))( ( ( where x i and y i are two adjacent pixels, and N is the sequence length. The optimal value for CC XY is close to zero. From the experimental results in Table 3, the ciphertext correlation value of the proposed work is close to zero in all directions, and it is lower than in other works. Also, scatter plots of correlation coefficients of Mandrill image in all directions are illustrated in Fig. 6. From the results of correlation analysis, the proposed image cryptosystem is very suitable for securing a highly correlated image.

GRAY DIFFERENCE DEGREE ANALYSIS
A gray difference degree (GDD) test is performed to examine the scrambling efficiency of the image encryption algorithm. To evaluate the GDD for M×N image, first, we have to calculate the gray difference (GD) for all pixels except the pixels of the edges with the following expression: where I(x, y) represents the gray value of image pixel, and I(x ̅, y ̅) is a gray value of four neighborhood pixels at (x + 1, y), (x − 1, y), (x, y + 1) and (x, y − 1) positions. After that, the result of a gray difference degree can be computed by using equations (17) and (18).
where O and O ̅ refer to the average neighborhood gray difference of the plaintext images and the ciphertext images, respectively. A gray difference degree, which is close to one, means that it is very difficult for the cryptosystem to reveal information.
As obtained from the comparison results in Table 4, the gray difference degree of the proposed algorithm is close to one which means that there is a negligible relationship among original and encrypted images.

INFORMATION ENTROPY
Entropy measure can be utilized to describe the randomness of pixels in the entire image. The uniformity of gray pixels distribution is reflected positively with image entropy getting increased as well. Mathematically, image entropy can be described as follows: where Pro (w i ) refers to the probability of symbol w i and M is the total number of w i . For a good image encryption algorithm, the information entropy (E) value of the ciphertext image should be approximate to eight [40]. Table 5 shows the calculation of plaintext and ciphertext images. As it can be seen from the results, the image entropy of the proposed cryptosystem is very close to eight. Consequently, the proposed method is robust against the statistical attack.

ENCRYPTION QUALITY
This measure gives the result of an average number of alterations for each gray level between the plaintext image and ciphertext image. It can be defined through the following equation [41]: where Hg(PI) and Hg(EI) represent the number of occurrences for each gray level g in the original and cipher images, respectively. An image cryptosystem is ideal for work when the encryption quality is large. The present encryption qualities results are tabulated in Table 6 along with those reported in previous works. The encryption qualities results of the proposed cryptosystem are found to be perfect in comparison to the ones described in the previous works.

ABILITY TO RESIST CHOSEN AND KNOWN PLAINTEXT ATTACKS
The chosen and known-plaintext attacks are other widespread attacks in cryptanalysis science. To make the cryptosystem able to resist such attacks, there are two points to consider. Firstly, the cipher algorithm must be related to a plain image. The shuffling stage and diffusion stage should be closely related [22].
In the proposed cryptosystem, the encryption process depends on Plain image related Henon map (PIHM). Moreover, the relationship between the shuffling and diffusion stages is achieved by establishing the initial conditions of diffusion operation based on the initial conditions of shuffling operation, and also by mixing the pixels of the shuffled image before XORing them with the random pixels as described in equation (9). Thus, the proposed algorithm has an efficient confusiondiffusion structure. Besides, the cipher algorithm also has a connection with the input image. Some cryptanalysts utilize special images for encryption, such as a black image with zero pixels to analyze the cryptosystem. To show the resistance of the proposed method against such a situation, the black image in Fig. 7(a) is encrypted by using the proposed cryptosystem, and the result is illustrated in Fig. 7(b). Then, the cipher black image may be used as a possible cipher key to implementing a known-plaintext attack on the cipher Mandrill image but it does not decrypt it as shown in Fig. 7(c) and Fig. 7(d). From equation (2), the statistical value of the black image is A = √r, and Mandrill image was encrypted with A = √∑ PI(i, j) 2 + r. Consequently, the proposed cryptosystem can produce entirely different output images even with the same keys, proving that the proposed method can resist the chosen and known-plaintext cryptanalysis.

COMPUTATIONAL TIME ANALYSIS
An important issue in multimedia security is the processing time. To evaluate the computational timing, the practical application of the proposed scheme is applied in C#.net 2013 programming language on Microsoft Windows 7with Intel Core i3-2328M CPU @ 2.20 GHz, 4.0 GB RAM and the images size of 512×512. The comparison of processing time in the second unit is reported in Table 7. That is to say, the proposed work is more rapid than most of the other cryptosystems and suitable for real-time applications.

CONCLUSIONS
In this research paper, an efficient image cryptosystem using plain image-based Henon map (PIHM) is presented. The proposed scheme combines confusion and diffusion processes to ensure higher protection and excellent resistance capability. The PIHM is applied to permute plain image using row-column pixel shuffling. Then, the pixels of the permuted image are mixed before mixing them with random pixels using XOR operation. From the results of performance analysis, it is found that the suggested cryptosystem has a perfect encryption quality, is highly sensible to the secret key and original image, and has even pixel distribution, big secret key space, and low autocorrelation.
Moreover, the proposed cryptosystem is fast running and can effectively resist usual attacks such as the differential, known, and chosen-plaintext attacks. Due to the computing efficiency of the proposed cryptosystem, we intend to apply it for wireless communication systems in future work as well as consider a quality evaluation of the deciphered image at the recipient.