An improved bit shuffling pixels-based image scrambling method

OPTOELECTRONICS LETTERS Vol.7 No.1, 1 January 2011

An improved bit shuffling pixels-based image scrambling method ZHAO Hong䍉⋾ **, WANG Hong-xia⥟ᅣ䳲 , and WANG Jin⥟䫺 Laboratory of Information Security and National Computing Grid, Southwest Jiaotong University, Chengdu 610031, China (Received 25 September 2010) C Tianjin University of Technology and Springer-Verlag Berlin Heidelberg 2011 ƻ Compared with the Arnold transform, the image scrambling method based on bit shuffling pixels is much more secure, and has higher efficiency and speed. However, the key space of this bit shuffling pixels based method is too small to resist exhaustive search attack. Therefore, an improved method based on chaos is proposed in this paper. The security of the improved scheme is enhanced by increasing the number of the keys. Theoretical analysis and experimental results show that the proposed method is effective and has higher security. Document code: A Article ID: 1673-1905(2011)01-0074-3 DOI 10.1007/s11801-011-9001-x

With the development of information technique, the security of image data has been very important in recent years. The image scrambling can be used to encrypt images, and it is an effective method to protect image data. Generally, the image scrambling method can be classified into two categories. One is in the spatial domain, and the other is in the frequency domain. In the spatial domain, it usually exchanges the positions of pixels or changes the color values directly[1]. Based on the method in Ref.[2], Xu et al[3] proposed an improved magic cube transform based image scrambling method. However, it was time-consuming. In the frequency domain, Zeng et al[4] proposed an image scrambling method by scrambling the DCT coefficients. This method was time-saving, but it might increase the bandwidth. Ville et al[5] proposed an improved scheme without bandwidth expansion, but the recovered image might be not consistent with the original one. The Arnold transform[6] is widely used to scramble images due to its simplicity. However, it is insecure for its characteristics of publicity, and the method needs iteration, which will reduce the efficiency. Tang et al[7] proposed an image scrambling scheme based on bit shuffling pixels. This method did not need iterative computation, and it was much more fast and secure than the Arnold transform. A major disadvantage is that the key space is too small to resist exhaustive search attack. Aiming at this problem, the chaos will be introduced in our improved method to expand the key space. Theoretical analysis and experimental results demonstrate that our improved method is effective and much more secure. *

In Ref.[7], the 8-bit gray image is denoted as X(m, n) with the size of M h N, where m=0, ĂM-1, and n=0, Ă , N-1. It s supposed that S = {s7 s6 Ăs0} represents a pixel value, and it is divided into two groups, denoted as the odd group Sodd = {s6 s4 s2 s0} and the even group Seven = {s7 s5 s3 s1}, where s7 is the most significant bit, and s0 is the least significant bit. We first select two pixels X(m, n) and X(i, j) , and then exchange their odd groups. The selected pixels should satisfy the following equation: ­i (m  G m ) mod M , ® ¯ j (n  G n ) mod N

(1)

where Gm and Gn satisfy this condition

G m2  G n2 ! d ,

(2)

, where d is a constant, 1 d Gm d M, and 1 d G n d N . It s sup' ' and S even are two groups of the modified posed that S odd pixel, and then we exchange each bit in Sodd and Seven , where c S odd

c {s 0 s 2 s 4 s 6 } and S even

{s1 s3 s5 s7 } , and the final

scrambled pixel is S c {s1 s 0 s3 s 2 s5 s 4 s 7 s 6 } . The security of the Tang’s scheme[7] is determined by Gm and Gn which can be used as secret keys. And the key space is approximately equal to M u N  (2d  1) 2 , which is larger than that of the Arnold transform. However, this method[7]

This work has been supported by the National Natural Science Foundation of China (No.60702025), the Research Fund for the Doctoral Program of Higher Education (No.20070613024), and the Sichuan Youth Science & Technology Foundation of China (No.07ZQ026-004). ** E-mail: [email protected]

ZHAO et al.

Optoelectron. Lett. Vol.7 No.1 gg

can not resist exhaustive search attack. Because the bit shuffling of the even group is without the help of Gm and Gn , any adversary can recover the even group without knowing Gm and Gn . Moreover, the odd group can be recovered correctly with the probability of 1/16 . Hence, in this way, the method[7] is not secure enough. In order to enhance the security of the bit shuffling pixels-based method, we introduce chaos to expand the key space. Details of our improved method are shown as follows: Step 1: Using the Logistic chaotic map to generate a sequence S

{s1 s 2  s M u N } with length of M h N (MN for

short), the initial value k0 can be used as a secret key. xn 1

and exhaustive search attack.

Pxn (1  xn ) ,

Fig.1(a) The original image and (b) the scrambled image

(3)

where xn ę(0,1), andP ę(3.5699,4]. Step 2: Sorting the sequence S according to the ascending order, the obtained sequence is denoted as S c {s1cs c2  s cMN } . A {a1a 2  a MN } represents the index sequence, where ai (i 1, 2,  , MN ) denotes the position of si ' in the original sequence S. Step 3: Convert the original image into a 1D array Y according to the Z scanning method, and then divide A into nonadjacent MN/2 pairs, denoted as ( a j , a MN  j 1 ) , where j 1,2,, MN / 2 . Step 4: Select pixels Y(aj) and Y(aMN j+1) , and convert them into bit streams as follows.

Theoretically, the initial value of the Logistic chaotic map may be any real number belonging to (0,1). However, due to the finite precision effect of a computer, if the difference between two initial values is less than a constant H , the generated chaotic sequences will be identical. From Ref.[8], it is concluded that the number of significant initial values is approximately equal to num , denoted as follows: num

1 1 . 2H

Supposing that the normalized difference between two scrambled images is denoted as Diff, it is defined as: M

°­Y (a j ) (b7 b6 b5 b4 b3b2 b1b0 ) 2 . ® °¯Y (a MN  j 1 ) (c7 c6 c5 c4 c3 c2 c1c0 ) 2

(4)

According to the method in Ref.[7] , the odd groups of Y(aj) and Y(aMN j+1) are exchanged, and then the bit shuffling operation is performed on each modified bit stream. The final scrambled pixels can be expressed as:

°­Y ' (a j ) (b0 c1b5 c4 b3c 2 b6 c7 ) 2 . ® °¯Y ' (a MN  j 1 ) (c0 b1c5 b4 c3b2 c6 b7 ) 2

Diff

N

¦ ¦ | X k (i , j )  X k  ' ( i , j ) | i 1 j 1

M uN

,

(7)

where k and k+' are two secret keys. X k(i, j) and Xk+'(i, j) are the corresponding scrambled images. If ' İ H, Diff =0. Otherwise Diff >0. Fig.2 gives the test results. From Fig.2, we can conclude that the constant H is approximately equal to 109. So the key space of our improved method can be described as:

(5)

Step 5: Repeat Step 4 on other (MN/2)1 pixel pairs, and then convert the scrambled 1D array Y c into a 2D image according to the Z scanning method, which is the final scrambled image. The recovery process is almost the reverse one of the scrambling process. When k0=0.5 and P= 3.9, Fig.1 shows the original image (with 256 h 256 pixels as its size) and the scrambled image. From Fig.1, it is easily known that the scrambled image is similar to the random noise. Without the knowledge of the secret key, any adversary can hardly know which pixel pair is selected. And the possible attacks may include guessing the secret key (initial value)

(6)

num

1 1 2H

1  1 | 5 u 108 . 2 u 10  9

(8)

If we adopt the following chaotic system [8], the key space will be up to 1043. Obviously, the security of the improved scheme against guessing key attack is high enough.

sn 1

(1  0.3( sn 1  1.08)  379s n2  1001u z n2 ) mod 3 , (9)

where zn is the Logistic chaotic system. The other attack is the exhaustive search attack. Given a scrambled image with M h N as its size, if the adversary randomly guesses the pixel pairs, the total number of situations is denoted as:

gg Optoelectron. Lett. Vol.7 No.1 2 2 2 2 Num' C MN C MN  2 C MN  4 ˜ ˜ ˜ C 2

MN ( MN  1) ( MN  2)(MN  3) u u 2 2 ( MN  4)( MN  5) u ˜ ˜ ˜ ˜ u 3 u 2 u1 , 2 2

2 if MN / 2 !! C 256 ,

Num | Num'u

(10)

2 2C 256 ( MN  1)! | MN . ( 16 ) MN 2 2

(13)

from which we can obtain Num'

( MN  2 ) / 2

( MN  2i)(MN  2i  1) 2 i 0 MN! MN! . –

2

MN  2 1 2

2

MN 2

(11) Fig.3 An example of attack

From the above analysis, it is easy to know that the key space is still quite large enough to resist exhaustive search attack. In this paper, we adopt the chaotic sequence to improve the security of the bit shuffling pixels based-image scrambling method. The utilization of chaotic sequence expands the key space effectively. Theoretical analysis and experimental results show that our proposed method is effective and much more secure. Although the improved method may be time-consuming due to the sorting operation, it is valuable for enhancing the security. Fig.2 Relation curve between ' and Diff

References [1]

Zou J, Ward R K and Qi D, IEEE International Symposium on Cicuits and Systems 3, 965 (2004).

[2]

Zhang L., J. Shi M and Xie Y, Lecture Notes in Computer Science 3802, 9772982 (2005).

[3]

Zhao L. L, Fang Z. L and Gu Z. C, Journal of OptoelectronicsgLaser 19, 131 (2008). (in Chinese)

[4] [5]

Zeng W and Lei S, IEEE Trans. on Multimedia 5, 118 (2003). Ville D V D, Philips W and Walle R V, IEEE Trans. Circuits

[6]

Syst. Video Technol. 14, 892 (2004). Ding W., Yan W. Q. and Qi D. X, Journal of Computer-Aided

,

[7]

Design & Computer Graphics 13, 339 (2001). (in Chinese) Tang Z. J., Lu X., Wei W. M. and Wang S. Z., Journal of

MN ! ; MN 2 2

[8]

OptoelectronicsgLaser 18, 1486 (2007). (in Chinese) He H. J. and Chen Fan, Acta Electronica Sinica 35, 557

For each pixel value belongs to [0,255] , in fact, there are 2 C256 different pairs at most. That is, there exist many identical pairs between scrambling process and recovery process. Fig.3 shows an example, where the bidirectional arrows denote that the two pixels are selected as a pixel pair. The adversary can recover the scrambled pixels without the knowledge of the correct pixel pair (different positions). So the number of significant situations is less than Num˃as described in Eq.(11). Hence, according to the relationship be2 tween MN/2 and C256 , we have if MN / 2 d C Num | Num'

2 256

(12)

(2007). (in Chinese)