|Intelligent Automation & Soft Computing |
Efficient Medical Image Encryption Framework against Occlusion Attack
1Department of Computer Engineering, College of Computers and Information Technology, Taif University, P.O. Box 11099, Taif 21944, Saudi Arabia
2Department of Electrical Engineering, College of Engineering, Taif University, P.O. Box 11099, Taif 21944, Saudi Arabia
*Corresponding Author: May A. Al-Otaibi. Email: email@example.com
Received: 16 December 2021; Accepted: 05 February 2022
Abstract: Image encryption has attracted a lot of interest as an important security application for protecting confidential image data against unauthorized access. An adversary with the power to manipulate cipher image data can crop part of the image out to prevent decryption or render the decrypted image useless. This is known as the occlusion attack. In this paper, we address a vulnerability to the occlusion attack identified in the medical image encryption framework recently proposed in . We propose adding a pixel scrambling phase to the framework and show through simulation that the extended framework effectively mitigates the occlusion attack while maintaining the other attractive security features. The scrambling is performed using a separate chaotic map which is securely initialized using a secret key and a random nonce to deter chosen-plaintext attacks. Moreover, we show through simulation that the choice of chaotic map used for scrambling is irrelevant to the effectiveness of the scrambling algorithm against the occlusion attack.
Keywords: Medical image encryption; occlusion attack; scrambling
Image encryption continues to attract attention of researchers developing new techniques for protecting the confidentiality of image data during both storage and transmission . Image encryption departs from regular text encryption due to the low entropy, high spatial correlation, and large data size . Many cryptographic techniques for realizing the confusion and diffusion goals have been proposed in the literature. In the literature, chaotic maps have been used in cryptography to achieve both goals due to their deterministic behavior that is but highly sensitivity to initial conditions . The uses of chaotic maps in image encryption include histogram equalization , pixel scrambling , pseudorandom number generation , and construction of substitution boxes (S-boxes) .
The medical image encryption framework recently proposed in  provides a generic framework with demonstrable security features that can be implemented using a wide variety of cryptographic primitives. The framework uses a generic chaotic map component for whitening the histogram of input images and breaking their naturally high spatial correlation. The dynamic S-box component is used for adding an extra layer of confusion and increase the key space beyond the limits of brute force attacks. This framework has several advantages which set it apart from other schemes found in the literature. First, the generic chaotic map is initialized with a seed derived securely from the shared key and a random nonce. This technique deters chosen-plaintext attacks as well as pseudorandom number generator (PRNG) reset attacks. Furthermore, an image-dependent dynamic S-box is applied to both the plain image and the cipher image pixels to protect the chaotic map against cryptanalysis using chosen-plaintext or chosen-ciphertext attacks. The S-box itself is securely controlled by a secret key and a nonce to fend off cryptanalysis attacks through the S-box construction algorithm. In addition to its particular security features, the framework is computationally very efficient. It achieves encryption speeds fit for real-time operation because of the simplicity of its pixel processing pipeline, which employs just an XOR and S-box substitution operations. Although the framework achieves confidentiality, the lack of scrambling operations makes it susceptible to message tampering threats. An adversary may attempt to obstruct the delivery of a portion of the image in transit over a communication channel. This is known as the occlusion attack, which aims to prevent authorized receivers from successful decryption or to render the decrypted image useless .
The contribution of this work can be summarized in the following points.
• We extend the framework proposed in  to include a final scrambling block and visually demonstrate the effectiveness of the extended framework in mitigating the occlusion attack.
• We design the scrambling process to be image-dependent to deter chosen-plaintext attacks from descrambling cipher images.
• We propose a new metric for measuring robustness against the occlusion attack and use it to evaluate the improvement due to scrambling in the proposed extended framework.
• We simulate the extended framework with various chaotic maps and demonstrate its effectiveness irrespective of the chose chaotic map.
The rest of the paper is organized as follows. Section 2 presents some background and reviews relevant literature. The proposed extended medical image encryption framework is described in Section 3. Section 4 evaluates the performance of the proposed framework. Finally, the conclusion and future work are presented in Section 5.
2 Background and Related Work
Unlike text data, image data has a large size and high spatial correlation. Since their early use  and demonstration of their security features , chaotic maps have been employed in many image encryption algorithms [10–13]. Chaotic maps are non-linear and deterministic systems which possess features that are suitable for image encryption. Namely, a chaotic system is sensitive to initial conditions and shows pseudorandom behavior . This means that a slight change in the parameters leads to different output in the chaotic maps . Diverse image encryption techniques have been presented in the literature based on dynamic S-boxes [15,16]. Dynamic S-boxes represent an efficient secret key dependent substitution which increases confusion and serves as nonlinear components that deter linear and differential cryptanalysis .
Transmitted or stored images could be subject to different security issues, e.g., modification, eavesdropping, duplication, and noise. In this work, we focus on a type of attack known as the cropping attack or the occlusion attack. In this attack, the adversary attempts to obstruct selected cipher image pixels to stop or invalidate the decryption process. A common defense mechanism against the occlusion attack is pixel scrambling. By randomly and securely shuffling pixel locations, the effect of the occlusion attack can be transformed into speckle noise that affect the decrypted image at random pixel locations. The scrambling process must be reversible to facilitate the recovery of the original pixels during decryption .
There are several scrambling techniques in literature. The scrambling techniques varies in methods of scrambling an image under processing [19,20]. The authors in  introduced a new image scramble technique. They used a hash value to initiate the value of the piece-wise linear chaotic map (PWLCM) as a key for the global scramble. Then, a local scramble is performed by the Hilbert curve and H-fractal. Finally, they used ciphertext as feedback for enhancing the characteristics of confusion and diffusion. The technique presented in  for image scrambling is based on hash table structure and deoxyribonucleic acid (DNA) substitution. It used a closed hash in the structure table with the value of pseudo-random sequence to generate two different sequence keys. The two keys are used in pixel-scrambling of the plain image.
As a traditional method for scrambling some researchers used chaotic maps to scramble a plain image such as [21,22]. In , the authors introduced an implementation of a chaotic image encryption system in a transform domain that used Baker map. The scrambling process using The Baker map is performed by splitting the plain image into squares. Then, each square is divided into N rectangles and stretched horizontally to change the positions of the pixels. Also, in  the authors presented chaotic image encryption that used Baker map to scramble the plain image. The disadvantage of this method is the same histogram of the plain and scrambled images. Recently, the researchers used other methods for image scrambling such as in . The authors of  used the Josephus problem to scramble the pixels of a plain image to new positions to perform the needed confusion for encryption. In , the authors designed a 2-dimensional logistic modulated sine coupling logistic chaotic map (LSMCL) to scramble the plain image. The scrambling process is achieved by performing two rounds of permutation. Another image encryption system in  utilized a cosine transform-based chaotic system (CTBCS) to produce chaotic maps with highly dynamical behavior to perform efficient scrambling.
In  introduced a method for scrambling by chaotic sub-block scrambling (CSBS) based on spiral transformation. The process starts by scanning pixels for a disorder, which is a change in the position of all pixels. In the scanning methods of scrambling process, it is difficult to evade pixels that do not change their positions. To overcome this problem, they used spiral transformations with sub-block scrambling. The authors of  designed an encrypt image technique which scrambles a plain image by chaotic coupled sine map (CCSM). The main purpose of using the CCSM is to a degree of freedom to the secure key space. The scrambling process is based on a chaotic sequence which resists the chosen and known-plaintext attacks. The scrambling process was used at the beginning of the encryption system. Their technique showed good performance against the occlusion or data loss attacks.
3 Proposed Framework
The proposed framework extends the framework in  to include a pixel scrambling phase. In this section, we describe the extended framework and describe the details of the newly added scrambling algorithm.
3.1 Encryption Process
The block diagram of the encryption process of the extended framework is shown in Fig. 1. The encryption process starts by using the PRNG to generate two random nonces and . The nonce, , is used with the secret S-box key, , to construct a dynamic S-box, . The other nonce, , is encrypted using the secret chaotic map key, , to generate the chaotic map initialization vector ( ). Two chaotic maps are initialized using , namely the masking map and the scrambling map. After setting the initial state of the chaotic maps using , the chaotic maps are operated to generate a sequence of points of length equal to the number of pixels in the plain image. The two chaotic sequences, which are denoted and , are used for performing the XOR mask and the scrambling, respectively. The plain image is then processed pixel by pixel through an encryption pipeline that consists of a substitution using the dynamic S-box , an XOR with the corresponding element of the chaotic mask and another substitution using . The resulting cipher pixel is then fed back to be XORed with the next plain pixel in cipher block chaining fashion as signified by the operation. The resulting cipher image is finally scrambled using the chaotic sequence as will be shown in the following subsection. To enable decryption, the two random nonces, and are included in the cipher message and transmitted to the receiver.
3.2 Decryption Process
To decrypt a cipher message, the receiver uses the shared keys and to decrypt the cipher message as follows. As shown in Fig. 2, the receiver first extracts both nonces, and , from the cipher message. The receiver constructs the same S-box using and then inverts it. The receiver simultaneously calculates the initialization vector from and and uses it to initialize the two chaotic maps. The chaotic maps are then used to generate two chaotic sequences, and , of length equal to the number of cipher image pixels. Equipped with the inverse S-box, , the chaotic mask, , and the scrambling sequence, , the receiver is ready to decrypt the cipher image pixels. First, is used to descramble the image, as will be shown in detail in the next subsection. Then each descrambled cipher pixel is substituted using , XORed with the corresponding mask element, again substituted using , and then XORed with the previous cipher pixel to obtain the corresponding decrypted pixel.
3.3 Scrambling Algorithm
The pixel scrambling process is the major security improvement proposed to extend the medical image encryption framework. The purpose of scrambling pixel locations is to distribute the effect of occlusion attack on diverse locations of the plain image, thus preserving a portion of the information in each locality of the image that is sufficient for keeping the decrypted image useful. The proposed scrambling and descrambling processes used for encryption and decryption are illustrated in Figs. 3 and 4, respectively.
The chaotic sequence, , generated by the encryption scheme is paired with image pixels. The chaotic value-pixel pairs are subsequently sorted according to the chaotic value, resulting in the pixels being reordered in a pseudorandom order. In Fig. 3, for instance, an example matrix of 3 × 3 pixels is converted to a column in lexicographic order and each pixel is paired with a chaotic value. When the chaotic values are sorted in ascending order, the position of each pixel follows the position of the corresponding chaotic value. Finally, the pixels are stored in the new order and reshaped back to a 3 × 3 matrix to form the cipher image.
The descrambling algorithm works in a similar fashion. After obtaining the scrambling mapping, it is inverted to obtain the descrambling mapping.
4 Performance Evaluation
The proposed framework is generic in the sense that any chaotic map can be invoked to generate the chaotic sequences and . However, to illustrate the usability of the framework, we implement it using two specific chaotic maps. For generating the chaotic mask, , we use Arnold's cat map defined by Eqs. (1) and (2).
where is the initial state and is the state at the th iteration.
Similar to , the initial state of Arnold's cat map is derived from the initialization vector, , using Eq. (3). The chaotic map is first iterated times to cancel the transient effect of the initial state thus increasing it key sensitivity.
where is the th bit of the initialization vector, .
As in , the mask bytes are extracted from the chaotic sequence , where is the number of image pixels, using Eq. (4)
For generating the scrambling sequence, , we use Baker map defined by Eqs. (5) and (6).
where is the initial state, is the state at the th iteration, and is a parameter.
The initial state of Baker map is derived from the initialization vector, , using the same Eq. (3) and the parameter is set to 0.6111.
In this following subsection, the proposed scrambling technique is examined under the application of occlusion attack. Then we study the remaining security metrics of the proposed framework.
4.1 Occlusion Attack Analysis
To analyze the robustness of the proposed framework against occlusion attacks, we perform the following test. A cipher image is occluded with a black block occupying and of the size of the image. Then the occluded cipher image is decrypted using the usual decryption process. The top row of Fig. 5a shows three cipher images corresponding to a magnetic resonance image (MRI) plain image with 1/2, 1/4, and 1/8 of the image zeroed out. The second row or images shows the direct result of decrypting each of the occluded images using the proposed framework with scrambling. The bottom row shows the result of denoising each of the decrypted images using 3×3 median filter. In contrast, Fig. 5b shows the effect of the occlusion attack on the decryption of cipher images encrypted with the system in , which lacks the scrambling phase. The results indicate that the proposed technique can effectively recover a recognizable version of the image even at 50% occlusion. The decrypted images obtained from the proposed framework with scrambling have a visually satisfactory quality with respect to the percentage of occlusion. The proposed technique successfully resists this type of attack because the scrambling process distributes the pixels of the occluded area through the whole image. Figs. 5c and 5d repeats the same test for a sample computerized tomography scan (CT scan) image, which again confirm the effectiveness of scrambling in mitigating the occlusion attack.
To numerically evaluate the robustness of an encryption scheme against the occlusion attack, previous works traditionally used peak signal-to-noise ratio (PSNR) as a metric. The PSNR is defined as follows .
where is the number of bits per pixel, is the size of the image, is the original image, and is the decrypted image. However, we observed that the PSNR metric is inaccurate and can sometimes be misleading. So, we propose a new robustness metric denoted Median Filter Correlation (MFC). MFC is based on the correlation between the original image and the decrypted image denoised using median filter as expressed by the following formula.
where denotes the output of a 3 × 3 median filter applied to the decrypted image , and denotes the correlation between the original image, , and the denoised decrypted image, . Tab. 1 shows the results of PSNR and MFC for the proposed technique in comparison to the framework in , for varying occlusion ratios. It can be observed that the PSNR metric doesn't accurately reflect the achieved mitigation of the occlusion attack visually detectable from Fig. 5. On the other hand, the proposed MFC metric indicates a significant mitigation of the occlusion attack.
Tab. 2 presents a comparison between the robustness of the proposed framework and the relevant medical image encryption scheme in . As evident from the results in Tab. 1, the values of the PSNR metric for the same encryption scheme depend on the choice of plain image. For the comparison to be fair, we must use the same test image used by , which is shown in Fig. 6. The result of the comparison demonstrates that the proposed framework is on par with related medical image encryption scheme .
4.2 Choice of Chaotic Maps
The results in the previous section were obtained using two specific chaotic maps for generating the whitening mask and performing the pseudorandom permutation of pixels, namely Arnold's cat map and baker's map, respectively. In this section, we demonstrate that the choice of chaotic maps doesn't affect the immunity of the framework to occlusion attacks by performing two experiments. In the first experiment, we fix the whitening chaotic map and change the chaotic map that drives the scrambling algorithm. The maps used for scrambling in this experiment are Arnold's cat map, baker map, Henon map, standard map, sine logistic map , 2D sine-chaotified Henon map (SCHenon) , 2D sine chaotified sine logistic map (SCSL) , and logistic-modulated-sine-coupling-logistic chaotic map (LSMCL) . With each scrambling chaotic map, we perform the PSNR analysis at different ratios of occlusion. The results shown in Fig. 7 and Tab. 3 shows that at 1/2 occlusion, the PSNR is approximately 10.24 ± 0.02 regardless of the chaotic map used for whitening. Similarly, at 1/4, 1/8, and 1/16 occlusion, the PSNR are approximately 13.25 ± 0.02, 16.25 ± 0.02, and 19.25 ± 0.02, respectively.
In the second experiment, we fix the scrambling chaotic map and vary the chaotic map used for masking. The occlusion attack PSNR results are shown in Fig. 8 and Tab. 4. Like with the first experiment, the results do not show any significant variance with respect to the whitening chaotic map.
4.3 Security Analysis
In this section, we summarize the results of common statistical analysis, plain image sensitivity analysis, and key sensitivity analysis for the proposed results and compare them to relevant medical image encryption scheme. The statistical analysis results in Tab. 5 show that the proposed framework is highly resistant to statistical ciphertext-only attacks. It can be observed that the spatial correlation of cipher images produced by the proposed framework is significantly better than that of , because of the effect of the additional scrambling phase. Differential analysis test results shown in Tab. 6 indicate that the proposed framework is highly sensitive to changes in plain images and cipher images, thus resisting differential cryptanalysis. The key sensitivity analysis results summarized in Tab. 7 indicate that the proposed framework is highly sensitive to and thus can resist related key attacks.
5 Conclusion and Future Work
By adding a scrambling phase to the framework in , the proposed framework could successfully mitigate occlusion attacks. This improvement makes the proposed framework applicable to environments where such a threat exists. One potential situation for applying the proposed scheme is when encrypted data is stored in a distributed storage system over multiple servers to reduce the damage caused by a compromised server. A scrambled cipher image generated by the proposed framework can be split into pieces, each of which is stored in a different server. If one of the servers is compromised and the adversary attempts to destroy the image data stored in the system by deleting the portion of the data stored in the compromised server, the proposed framework will successfully mitigate the data loss and partially restore the image data. The level of data loss caused by a compromised server can be limited by increasing the number of servers onto which pieces of the cipher image are stored. The results of this framework show that if a medical cipher image is split into four parts and distributed over four servers, the plain image can be successfully decrypted with correlation 99.8% after applying a median filter. An interesting future research is to study the efficiency of different scrambling techniques within the proposed framework and to compare their respective robustness against the occlusion attack.
Funding Statement: This research was funded by Taif University Researchers Supporting through Taif University, Taif, Saudi Arabis (Project Number TURSP-2020/216).
Conflicts of Interest: The authors declare that they have no conflicts of interest to report regarding the present study.
|This work is licensed under a Creative Commons Attribution 4.0 International License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.|