Selective image encryption in fractional wavelet domain

7
Int. J. Electron. Commun. (AEÜ) 65 (2011) 338–344 Contents lists available at ScienceDirect International Journal of Electronics and Communications (AEÜ) journal homepage: www.elsevier.de/aeue Selective image encryption in fractional wavelet domain Nidhi Taneja a,, Balasubramanian Raman b , Indra Gupta a a Department of Electrical Engineering, Indian Institute of Technology, Roorkee, India b Department of Mathematics, Indian Institute of Technology, Roorkee, India article info Article history: Received 23 September 2009 Accepted 5 April 2010 Keywords: Arnold cat map Fractional wavelet transform Normalized information energy Selective encryption abstract Fractional wavelet domain inherits the virtues of wavelet and fractional domain, to provide improved security. Non-consideration of data significance and emphasising on fractional order for the entire secu- rity consumes high computational resources without any proportional effect on the security. This article proposes an efficient selective encryption in fractional wavelet domain that encrypts only significant subbands using a chaotic stream cipher. Relationship between normalized information energy and per- ceptual information of a subband is utilized to select the significant subbands. Thorough performance and security analysis reflects better perceptual and cryptographic security with less computational time. © 2010 Elsevier GmbH. All rights reserved. 1. Introduction Advancement in communication and networking has led to numerous image applications in day-to-day life. With an increase in transmission and distribution of digital image data through open- natured wired or wireless IP networks, piracy operations have also increased. To restrain these activities, security of digital data is required at different stages of data archival, transmission and dis- tribution. Encryption is considered as the first line of defence in digital rights management security solutions. This provides data confiden- tiality and consequently prevents illegal copying and distribution of valuable data. Application specific total or selective encryption techniques have been developed in different domains, with a major thrust on selective encryption that trade security for computational efficiency by encrypting only the most important part of multime- dia data [1]. As data significance can easily be determined in transforma- tion domain, it is a preferable domain for selective encryption of digital images. Several discrete cosine transform (DCT) domain and wavelet transform (WT) domain based encryption techniques have been proposed that permutes or encrypts selected coefficients [2–4]. In addition to these well established domains, recent years have also witnessed fractional Fourier transform (FRFT) domain as a potential transformation domain for encryption [5–7]. Efforts have been made to integrate FRFT domain with wavelet or wavelet packet domain [8,9]. This fractional combined domain inherits the virtues of wavelet and fractional domain to provide Corresponding author. E-mail address: [email protected] (N. Taneja). improved security. This offers the fractional order as an extra key, in addition to the keys offered by any wavelet domain based encryp- tion technique. Chen and Zhao [10] proposed image encryption in fractional wavelet transform (FRWT) domain, where fractional order of FRFT and scaling factor of WT are used as the potential keys. However, considering the fractional order as the only encryp- tion key does not provide cryptographic security. This yields a small key space, (0 2), due to the periodic property of frac- tional order, F 0 [f (t )] = F 2 [f (t )] = f (t ). Due to this limited key space, an approximate image can be obtained if the assumed frac- tional order is in proximity of the correct fractional order. This makes the encryption technique vulnerable to various cryptana- lytic attacks. The attained security level is improved upon by encryption of randomly selected subbands [11]. This consumes more compu- tational resources without any proportional improvement in the security level achieved by the encryption technique. This is due to the fact that random selection of subbands may not always lead to significant subband selection. Despite the superiority of fractional combined domain, initial attempts of image encryption in this domain had issues relating to security keys, key space, perceptual degradation, etc. [11]. This necessitates the development of an efficient and improved selective encryption technique, that would overcome the limitations of the existing techniques. This article develops a simple, yet efficient selective encryption technique that considers fractional order as a part of the key struc- ture and not the entire security key. Chaos based Arnold cat map is utilized to achieve data confidentiality, and at the same time, to increase the effective key space. The subband selection has also been done on the basis of data significance, as opposed to ran- 1434-8411/$ – see front matter © 2010 Elsevier GmbH. All rights reserved. doi:10.1016/j.aeue.2010.04.011

Transcript of Selective image encryption in fractional wavelet domain

S

Na

b

a

ARA

KAFNS

1

ntnirt

rtotted

tdah[ha

oi

1d

Int. J. Electron. Commun. (AEÜ) 65 (2011) 338–344

Contents lists available at ScienceDirect

International Journal of Electronics andCommunications (AEÜ)

journa l homepage: www.e lsev ier .de /aeue

elective image encryption in fractional wavelet domain

idhi Tanejaa,∗, Balasubramanian Ramanb, Indra Guptaa

Department of Electrical Engineering, Indian Institute of Technology, Roorkee, IndiaDepartment of Mathematics, Indian Institute of Technology, Roorkee, India

r t i c l e i n f o

rticle history:eceived 23 September 2009

a b s t r a c t

Fractional wavelet domain inherits the virtues of wavelet and fractional domain, to provide improved

ccepted 5 April 2010

eywords:rnold cat mapractional wavelet transform

security. Non-consideration of data significance and emphasising on fractional order for the entire secu-rity consumes high computational resources without any proportional effect on the security. This articleproposes an efficient selective encryption in fractional wavelet domain that encrypts only significantsubbands using a chaotic stream cipher. Relationship between normalized information energy and per-ceptual information of a subband is utilized to select the significant subbands. Thorough performanceand security analysis reflects better perceptual and cryptographic security with less computational time.

ormalized information energyelective encryption

. Introduction

Advancement in communication and networking has led toumerous image applications in day-to-day life. With an increase inransmission and distribution of digital image data through open-atured wired or wireless IP networks, piracy operations have also

ncreased. To restrain these activities, security of digital data isequired at different stages of data archival, transmission and dis-ribution.

Encryption is considered as the first line of defence in digitalights management security solutions. This provides data confiden-iality and consequently prevents illegal copying and distributionf valuable data. Application specific total or selective encryptionechniques have been developed in different domains, with a majorhrust on selective encryption that trade security for computationalfficiency by encrypting only the most important part of multime-ia data [1].

As data significance can easily be determined in transforma-ion domain, it is a preferable domain for selective encryption ofigital images. Several discrete cosine transform (DCT) domainnd wavelet transform (WT) domain based encryption techniquesave been proposed that permutes or encrypts selected coefficients2–4]. In addition to these well established domains, recent yearsave also witnessed fractional Fourier transform (FRFT) domain as

potential transformation domain for encryption [5–7].

Efforts have been made to integrate FRFT domain with waveletr wavelet packet domain [8,9]. This fractional combined domainnherits the virtues of wavelet and fractional domain to provide

∗ Corresponding author.E-mail address: [email protected] (N. Taneja).

434-8411/$ – see front matter © 2010 Elsevier GmbH. All rights reserved.oi:10.1016/j.aeue.2010.04.011

© 2010 Elsevier GmbH. All rights reserved.

improved security. This offers the fractional order as an extra key, inaddition to the keys offered by any wavelet domain based encryp-tion technique.

Chen and Zhao [10] proposed image encryption in fractionalwavelet transform (FRWT) domain, where fractional order ofFRFT and scaling factor of WT are used as the potential keys.However, considering the fractional order as the only encryp-tion key does not provide cryptographic security. This yields asmall key space, (0 − 2�), due to the periodic property of frac-tional order, F0[f (t)] = F2�[f (t)] = f (t). Due to this limited keyspace, an approximate image can be obtained if the assumed frac-tional order is in proximity of the correct fractional order. Thismakes the encryption technique vulnerable to various cryptana-lytic attacks.

The attained security level is improved upon by encryption ofrandomly selected subbands [11]. This consumes more compu-tational resources without any proportional improvement in thesecurity level achieved by the encryption technique. This is due tothe fact that random selection of subbands may not always lead tosignificant subband selection.

Despite the superiority of fractional combined domain, initialattempts of image encryption in this domain had issues relatingto security keys, key space, perceptual degradation, etc. [11]. Thisnecessitates the development of an efficient and improved selectiveencryption technique, that would overcome the limitations of theexisting techniques.

This article develops a simple, yet efficient selective encryption

technique that considers fractional order as a part of the key struc-ture and not the entire security key. Chaos based Arnold cat mapis utilized to achieve data confidentiality, and at the same time, toincrease the effective key space. The subband selection has alsobeen done on the basis of data significance, as opposed to ran-

Comm

da

2

tfp

2

[ttttpm

dg

W

wetc

2

a

E

w1{d

aist

2

sMe[

w

a

t

((

size of B is same as that of the scrambled subband.(c) XOR the sign bits of the coefficients in the scrambled sub-

band with the matrix B. This only modifies the sign bit of thecoefficients and does not disturb their magnitude. This is math-

N. Taneja et al. / Int. J. Electron.

om selection. Extensive experimental and comparative analysisscertains the efficacy of the proposed technique.

. Preliminaries for proposed technique

The proposed technique encrypts only few subbands selected onhe basis of their normalized information energy. The preliminariesor the selection and encryption of subbands in fractional waveletacket domain is discussed hence.

.1. Fractional wavelet analysis

FRWT is a realization of the wavelet transform in FRFT domain12,13]. FRFT has a unique property of describing the informa-ion of spatial and frequency domain, due to the rotation ofime–frequency plane over an arbitrary angle. In contrast, waveletransform has a multiresolution property. A combination of thesewo domains result into FRWT, that exhibits multiresolutionroperty, describing the spatial as well as frequency domain infor-ation.The mathematical representation for the FRWT of a one-

imensional function f (t), having a fractional order 0< ˛ < 2, isiven as follows:

˛(u, s, �) =∞∫

−∞

F˛[f (t)](x)e−jux s,�(x)dx (1)

here s, �, and denote the dilation parameter, translation param-ter, and the mother wavelet function, respectively. As comparedo wavelet domain, FRWT domain provides better encryption effi-iency [11].

.2. Normalized information energy

Normalized information energy (NIE), for different subbands, intransformed image is expressed as follows:

�l = 1

M1 ×M2

M1∑i=1

M2∑j=1

x2i,j (2)

here xi,j is the value of transform coefficient at position (i, j),≤ l ≤ n, l denotes the decomposition level, � corresponds toA,H,V,D} and M1 ×M2 is the size of the subband. Hence, E�

l

enotes the energy of the chosen subband f �l

.NIE is directly proportional to the visual information present in

subband [14]. Thus, NIE can be employed to determine the signif-cance of various subbands. Encryption of the selected significantubbands would provide better security with less computationalime.

.3. Arnold cat map

Arnold cat map [15] is a two dimensional map, that employshearing and wrapping operation to completely scramble a matrix.athematically, Arnold cat map for a matrix of size N × N is

xpressed as follows:

x′

y′

]= A

[xy

]mod(N) (3)

[ ]

hereA = 1 p

q pq+ 1, p and q are positive integers, (x, y) ∈ [1,N],

nd det(A) = 1.(x′, y′) is the new position of original pixel position (x, y), when

he Arnold cat map is performed once. As determinant of the trans-

un. (AEÜ) 65 (2011) 338–344 339

formation matrix A is 1, the map is area preserving by nature.Iterated actions of A on a pixel form a dynamic system:

rn+1 = Anr0(modN)orrn+1 = Arn(modN) (4)

With each iteration of the Arnold cat map, the pixel value shiftsto a new position. This results into a completely distorted matrixafter a few iterations. Thus, making Arnold cat map, a preferablechoice for image scrambling.

3. Proposed encryption technique

The present section proposes a FRWT domain based encryptiontechnique. The schematic diagram of the proposed technique isillustrated in Fig. 1, and the step-by-step procedure is explainedhereafter.

1. Perform ˛-order, l-level FRWT decomposition of the inputimage. Denote the various subbands as f �

l, where, 1< l ≤ n,

� ∈ {A,H,V,D}.2. Calculate NIE of each subband and the entire transformed image

using Eq. (2). Denote these energies as E�l

and Etotal , respectively.E�l

denotes the energy of the subband f �l

, and Etotal denotes thetotal energy of the image.

3. To identify the significant subbands, set the threshold energy asEth = Q × Etotal , whereQ is the user-defined threshold factor and0 ≤ Q ≤ 1.

4. Identify the significant subbands by comparing the subbandenergy with the threshold energy.

5. For a particular subband, if E�l< Eth, mark it as insignificant, and

leave it unencrypted.6. For a significant subband, i.e. E�

l≥ Eth, encrypt it as follows:

a) Scramble the subband using n-iterations of the Arnold cat map.b) Generate a random binary matrix B using a seed value b. The

Fig. 1. Schematic diagram for proposed encryption technique.

3 Commun. (AEÜ) 65 (2011) 338–344

7

ircetv

sNot

ttntp

4

acibsahei

4

teiad[

TP

40 N. Taneja et al. / Int. J. Electron.

ematically represented as follows:

M(i, j) = A(i, j) ⊕ B(i, j) (5)

where A(i, j) denotes the sign bit of Arnold scrambled coeffi-cient, B(i, j) denotes the bit from random binary matrix, andM(i, j) denotes the modified sign bit.

. Map the modified subbands to their original position, and takethe inverse FRWT to retrieve the encrypted image.

The reverse process is applied at the receiver to decrypt themage. To perform decryption, the encrypted image and the secu-ity keys are required at the receiver end. As it is a symmetric keyryptosystem, the encryption and decryption keys are same, andxpressed as (key: Q,˛, n, b), where these four parameters denotehe threshold factor, fractional order, Arnold iterations and the seedalue, respectively.

The encrypted image is first transformed into FRWT domain andubbands for the decryption process are selected using the sameIE criterion. Sign bit decryption followed by arnold descramblingf selected subbands is performed. Inverse FRWT is then performedo retrieve the original image.

If correct keys are employed at the time of decryption, thenhe decrypted image would be a replica of the original image. Inhe case of an incorrect decryption key, the output may vary. Theext section analyzes the effect of key-sensitivity of the proposedechnique. It also evaluates the performance and security of theroposed technique for different attack scenarios.

. Results and discussion

To assess the performance of the proposed technique, extensivenalysis is performed on various grayscale images, using differentombinations of the security key. The values so obtained are anndicative measure of the performance and security level attainedy the proposed technique. For experimental purposes, the keytructure (Q,˛, n, b) is fixed at (0.65, 1, 15, 6345921). Discussionnd conclusion are based on the analysis of numerous test images,owever visual results for only two images are shown here. In thentire analysis, the original image and its corresponding encryptedmage are referred to as an ‘image-pair’.

.1. Perceptual security and peak signal to noise ratio

Subjective evaluation of the encrypted images is performedo assess the amount of information leakage. Fig. 2 shows the

ncrypted output for the two test images, ‘Huts’ and ‘Mandril’. Its observed that the obtained images are completely unintelligible,nd do not reveal any information about the original image. Theegradation introduced is also objectively evaluated using PSNR16].

able 1SNR obtained for proposed technique.

Fr. order Crowd Barbara Lena Mandri

0.1 9.923 7.564 7.322 7.3770.2 10.058 7.512 7.232 7.3090.3 10.117 7.621 7.245 7.3040.4 10.09 7.601 7.326 7.36450.5 9.408 6.975 6.686 6.6130.6 10.051 7.569 7.358 7.3160.7 10.050 7.453 7.282 7.3090.8 10.015 7.467 7.253 7.3210.9 9.8671 7.563 7.168 7.3501 7.028 4.464 4.267 3.940

Fig. 2. Encrypted output for test images.

To evaluate the PSNR values, all parameters of the security key,except the fractional order, are kept constant. This is performed toobserve the effect of fractional order on the encrypted output. Theobtained PSNR values are indicated in Table 1. As PSNR of 28 dB isthe minimum threshold for perceptual similarity between any twoimages, the obtained PSNR values are compared with this value. It isobserved that the PSNR obtained for the test images, at all fractionalorders, is less than 11 dB. This is well within the satisfactory limit.High perceptual degradation and low PSNR values obtained for theproposed technique reflects the satisfaction of the objective andsubjective evaluation metrics.

4.2. Statistical attack analysis

This attack is launched by exploiting the predictable relation-ship between data segments of the original and the encryptedimage [16]. Histogram of an image reflects the distribution of pix-els at different gray levels. Hence, this is analyzed to investigate theexistence of any relationship between the image-pair.

Histogram for the original and the encrypted image is indicatedin Fig. 3. A significant change in the gray level distribution of pixelsillustrates non-existent correlation between the two images. Thisdoes not leave enough scope to launch a statistical attack on theproposed technique.

4.3. Key sensitivity analysis

A highly key sensitive encryption algorithm protects theencrypted data against various cryptanalytic attacks. While devel-oping a cryptosystem, it is assumed that an intruder knows theencryption structure and a-priori probability of the used key k ∈ K .As per the Kerckhoff’s principle, only secrecy of the used key isrequired. Even a strong or well designed cryptosystem can be bro-ken easily if the key is poorly chosen or the key space is too small.This makes the encryption or decryption key as the most importantpart of any cryptosystem. Thus, a good cryptosystem should satisfythe following two conditions to verify the key sensitivity and keyspace:

• The key space should be discretized in such a way that two cipher-texts encrypted by two slightly different keys k1, k2 ∈ K shouldbe completely different.

l Pillars Butterfly Alonehut Peppers

8.884 8.004 10.880 7.3418.896 8.130 10.849 7.2908.893 8.023 10.836 7.4158.878 8.097 10.892 7.3638.222 7.475 10.214 6.8108.873 8.048 10.842 7.4138.831 8.127 10.776 7.4218.998 8.043 10.859 7.4818.819 7.948 10.737 7.2295.581 4.679 7.639 4.166

N. Taneja et al. / Int. J. Electron. Commun. (AEÜ) 65 (2011) 338–344 341

citfeewat

kpani

k1afdFai

kTKCfaeKttf

Fig. 4. Key sensitivity analysis for encryption process.

Fig. 3. Histogram for original and encrypted image.

The ciphertext should not be able to correctly decrypt, even ifthere is a slight difference in the encryption and decryption key.i.e. ciphertext should be sensitive to the keys defined/chosen.

Two tests are performed to verify the fulfilment of these basiconditions of key sensitivity [17]. The first test encrypts the orig-nal image with a slightly different encryption key, and evaluateshe difference between the obtained encrypted images. The dif-erence images are evaluated to verify the condition that, “imagencrypted with slightly different keys should be completely differ-nt”. The second test performs decryption of the encrypted imageith slightly incorrect keys. This aims to subjectively assess the

mount of information leakage from the images decrypted withhe wrong decryption key.

To perform these tests, slightly different keys are generated byeeping the threshold factor constant, and modifying the otherarameters of the original encryption key. In the modified keys,ll parameters, excluding one are kept same as that of the origi-al key. These are generated by introducing a variation of ‘1’ in the

nteger values and ‘0.1’ in the fractional values.For the original key K1: (0.65, 1, 15, 6345921), the modified

eys are expressed as K2: (0.65, 0.9, 15, 6345921), K3: (0.65, 1,4, 6345921) and K4: (0.65, 1, 15, 6345922). It is to be noted thats compared to K1, K2 has a different fractional order, K3 has dif-erent Arnold iterations, while K4 has a different seed value. Aifferent K4 yields a distinct random mask for sign bit encryption.or convenience, the encrypted image is denoted as Cn, which iscipher image obtained using key Kn. Similarly, Dn denotes the

mage, decrypted with key Kn.In the first test, the original image is initially encrypted with

ey K1. The encrypted image C1 for this case is shown in Fig. 4(a).he original image is then encrypted with slightly modified keys2 − K4. Fig. 4(b)–(d) indicates the corresponding encrypted images2 − C4. It is observed that images encrypted with slightly dif-erent keys are completely incomprehensible. Difference imagesre then generated to measure the deviation between the image

ncrypted with the original key K1, and the slightly different keys2 − K4. Fig. 4(e)–(g) illustrates these difference images. Though allhe encrypted images look alike, sufficient deviation exist betweenhem. This verifies that, “ciphertexts generated using slightly dif-erent keys are completely different from each other”.

Fig. 5. Key sensitivity analysis for decryption process.

To verify the second condition of key sensitivity, cipher image

C1 is decrypted with key K2 − K4, instead of the actual key K1. Thedecrypted images obtained with these keys are indicated in Fig. 5(1st three columns). Fig. 5 (last column) illustrates the retrievedimage using correct decryption key. The images decrypted with

342 N. Taneja et al. / Int. J. Electron. Commun. (AEÜ) 65 (2011) 338–344

iauhtwo

fe

4

ntsi

abal2tc

biotrdeo

ndstniFftt

Fig. 6. Decrypted output for lossy communication channel.

ncorrect keys are completely incomprehensible, and do not leakny information about the original image. In contrast, decryptionsing actual key retrieves the image correctly. This depicts theigh key sensitivity of the proposed cryptosystem, and also verifieshe second condition of Kerckhoff’s principle, “decryption using arong decryption key should not reveal any information about the

riginal image”.The performed test reflects that the proposed cryptosystem

ulfills the two conditions of Kerckhoff’s key sensitivity, that aressential to ascertain the security of any cryptosystem.

.4. Performance in lossy and noisy communication channels

This section analyzes performance of the proposed technique inoisy and lossy communication channels. It aims to find the exis-ence of avalanche effect in the cipher image, i.e. it evaluates theensitivity of the encrypted output towards channel error or noisen two different test scenarios.

In the first test scenario, the communication channel is assumeds lossy in nature. This causes some part of the encrypted data toe lost during transmission. Reconstruction is then performed byssigning a value of ‘0’ or ‘255’ to the lost data. Four different dataoss cases are considered. These cases assume a data block of 2 × 2,0 × 20 and 50%, as the lost data blocks. To observe the impact ofhe location of lost data on the decrypted output, these blocks areonsidered at different locations.

Fig. 6(a)–(d) indicates the encrypted image with the lost datalocks, while Fig. 6(e)–(h) illustrates the decrypted output for these

mages. In the case of small data loss, some information about theriginal image can be retrieved from the decrypted output, while inhe case of large data loss, no details of the image are visible. Thiseflects the robustness of the proposed technique against eaves-ropping. Even if an intruder has the correct keys and the entirencrypted data except some data part, then also, details of theriginal image cannot be retrieved.

In the second test scenario, performance of the proposed tech-ique is evaluated for a noisy channel. To perform this test, twoifferent cases of noise addition are considered. In the first case,mall amount of random noise is added to the encrypted image. Inhe second case, Speckle noise, Gaussian noise, or salt and pepperoise is added to the encrypted image. The noise effected encrypted

mages are then decrypted, output for which is shown in Fig. 7.ig. 7(a) and (b) shows the decrypted ‘Huts’ and ‘Mandril’ image,or a small noise effected encrypted image. Fig. 7(c) and (d) showshe decrypted image, when speckle noise of variation 0.02 is addedo the encrypted image. Though decryption is performed with the

Fig. 7. Decrypted output for noise attacked images.

correct key, it is observed that no details about the original imagecould be retrieved from the decrypted output. This illustrates thesensitivity of the proposed technique towards channel noise.

Analysis reveals that images retrieved in noisy or lossy chan-nel condition are not even recognizable or of acceptable quality.Thus, the knowledge of encrypted data and correct decryption keyswould not be of any use to an intruder, even if certain bits arenot correctly received. This ascertains the strength of the proposedtechnique in noisy or lossy communication channel.

4.5. Approximation attack analysis

In an approximation attack, the intruder attempts to reconstructthe original data by replacing certain parts of the encrypted datawith an arbitrarily assumed value [18]. Similar kind of strategy isfollowed in the case of lossy communication channel, where thelost data is replaced by either ‘0’ or ‘255’. Thus, the performanceof the proposed technique in a lossy communication channel istreated as analogous to its performance for approximation attacks.The approximated data in these cases is the bulk data or the ran-domly distributed data. The retrieved approximate copy is shownin Fig. 6(e)–(h). It is observed that the obtained images do not giveany clue about the original image content and preserve data confi-dentiality. This demonstrates the ability of the proposed techniqueto withstand an approximation attack.

4.6. Computational time

Different tests are performed to ascertain the benefit of NIEbased subband selection, on the security offered or the com-putational performance. In these tests, the selection criterion ismodified such that encryption is performed on random or all thesubbands.

In the first test, instead of NIE based selection, random selectionof subbands is performed. These randomly selected subbands arethen encrypted with the proposed technique. For encryption, thenumber of randomly selected subbands is kept same as the num-ber of significant subbands selected using NIE based criterion. Theencrypted output for different combinations of randomly selectedsubbands is illustrated in Fig. 8 (1st 3 columns). It is observed thatthe encrypted output does not provide data confidentiality. Detailsof the original image are clearly visible from the encrypted out-put. Fig. 8 (4th column) indicates the encrypted output, when NIEbased criterion is used to select the subbands for encryption. Thisreflects an incomprehensible image. Despite the same amount ofdata encrypted for the two cases, data confidentiality is not attainedwith a random selection of subbands (Fig. 8). This is owing to thefact that random selection of subbands may not necessarily selectsignificant subbands in every encryption round.

To further verify the results, computational time and PSNRvalues are measured for the encryption of randomly selected sub-bands. The obtained values are compared with the correspondingvalues for encryption of NIE based selected subbands. A comparisonis illustrated in Fig. 9. It is observed that there is no significant dif-

N. Taneja et al. / Int. J. Electron. Comm

Fig. 8. Encryption with different selection criterion.

FN

fPttditd

iTrpcccwaf

Fp

ig. 9. PSNR and computational time comparison for encryption of randomly andIE based selected subbands.

erence in the computational time for the two cases. However, theSNR values with the random selection of subbands is observedo be higher, than with the proposed methodology. This reflectshat encryption of randomly selected subbands do not maintainata confidentiality. This verifies the subjective results illustrated

n Fig. 8. Collectively, this indicates that with the same computa-ional time, the proposed technique performs better in terms ofata confidentiality and PSNR values.

In the second test, the subband selection is eliminated, i.e.nstead of only significant subbands, all the subbands are encrypted.otal encryption is performed instead of partial encryption. Theesults are then compared with the results obtained using theroposed partial encryption technique. For the two techniques, aomparative graph for PSNR values and time consumption is indi-

ated in Fig. 10. Similar PSNR values are observed for the twoases. However, computational time consumption shows note-orthy changes. It is observed that total encryption consumes

pproximately thrice the computational time, that is consumedor partial encryption using the proposed technique. This is due

ig. 10. PSNR and computational time comparison for total encryption and pro-osed partial encryption.

un. (AEÜ) 65 (2011) 338–344 343

to small quantum of data being encrypted in the proposed par-tial encryption technique. It is observed that approximately 25%data is significant, as per the proposed methodology. As soon asthe amount of encrypted data increases from 25% to 100%, it isobvious that computational time and resource requirements wouldincrease.

Further, it is to be noted that though 25% of the data issignificant, the actual data encrypted is far less. In the pro-posed technique, only sign bits are encrypted. This consumesonly one bit per coefficient. For a 256 × 256 image, encoded at8 bpp, the amount of data encrypted using the proposed tech-nique would be (256 × 256 × 1 × 0.25) = 16,384 bits, as comparedto (256 × 256 × 1) = 65,536 bits, if total sign bit encryption is per-formed and (256 × 256 × 8) = 524,288 bits, if all the pixel values areencrypted. This indicates that the proposed technique encryptsonly (16,384/524,288), i.e. 3.125% of the entire image data.

On the basis of the above discussion, it is clear that despite theencryption of only 3.125% of the entire image data, the proposedtechnique ensures perceptually secure image in every encryptionround. This relatively consumes low computational resources forthe security level offered. This also illustrates that the proposedtechnique is advantageous over total encryption, as well as theencryption of randomly selected subbands [11].

4.7. Edge distortion

To prove the attained perceptual security, edge ratio (ER) andedge deviation ratio (EDR) [14,19] are evaluated. Correct interpre-tation of these parametric values offers an objective assessment,analogous to the subjective results of an image-pair. Correspond-ing to the original image, ER reflects the remaining edges in theencrypted output, whereas EDR expresses the deviation in theedges. These are mathematically represented as follows:

ER =

N−1∑i,j=0

B̂(i, j)

N−1∑i,j=0

B(i, j)

(6)

EDR =

N−1∑i,j=0

|B(i, j) − B̂(i, j)|

N−1∑i,j=0

(B(i, j) + B̂(i, j))

(7)

where B(i, j) and B̂(i, j) denote the bit value in the edge detectedbinary matrix for the original and the encrypted image, respec-tively.

The values obtained for ER and EDR evaluation of the proposed

technique is indicated in Table 2. For all the test images, ER (> 0.6)indicates the remaining edges in an encrypted image. It is observedthat all the test image-pairs yield a high value of EDR (> 0.86). Thisreflects that irrespective of the left-out edges, more than 86% ofthese edges are displaced from their original location. This further

Table 2Edge ratio and edge deviation ratio for test images encrypted with key 1.

Image ER EDR Image ER EDR

Crowd 0.904 0.864 Pillars 0.689 0.957Barbara 0.803 0.943 Butterfly 0.782 0.951Lena 1.048 0.957 Alonehut 1.006 0.939Mandril 0.767 0.949 Peppers 1.039 0.956

3 Comm

at

5

tnoTieAoocni

rdsssenEs

sdptaTe

6

cerieoportaca

A

M

R

[

[

[

[

[

[

[

[

[

[

Department of Electrical Engineering, Indian Institute

44 N. Taneja et al. / Int. J. Electron.

scertains and validates the high perceptual security attained byhe proposed technique.

. Comparative analysis

This section presents a comparative analysis of the proposedechnique with other FRWT and FRWPT based encryption tech-iques. Chen and Zhao [10] have suggested the use of fractionalrder and scaling factor, as the keys to provide complete security.his offers less security and small key space, due to the periodic-ty property of fractional order. The limited key space makes thencryption technique vulnerable to various cryptanalytic attacks.s compared to this, the proposed technique employs fractionalrder, Arnold iterations and seed value, as the different componentsf the security key. This yields a large key space. The large key space,ombined with the high key sensitivity, makes the proposed tech-ique resistant against various cryptanalytic attacks (demonstrated

n Section 4).In another technique introduced by Chen and Zhao [11],

andomly selected subbands are encrypted to achieve data confi-entiality. However, it is demonstrated in Section 4.6, that randomelection of subbands is not an appropriate approach. The randomlyelected subbands may not always lead to selection of significantubbands. Hence, this does not ensure perceptual security in allncryption rounds (Fig. 8: 1st–3rd columns). The proposed tech-ique, however, selects subbands on the basis of their NIE content.ncryption of selected significant subbands yields perceptuallyecure output in every encryption cycle (Fig. 8: 4th column).

Further, the technique introduced in [11] exhibits low keyensitivity. Details of the original image are visible, even whenecryption is performed using an incorrect key [11]. However, theroposed technique overcomes this weakness, and demonstrateshat decryption with a slightly different security key does not revealny information of the original image (Fig. 5: 1st–3rd columns).his proves an improvement by the proposed technique, over thexisting fractional combined domain based encryption techniques.

. Conclusion

This article presents a FRWT domain based technique. Thisonsiders the inherent properties of image data and selectivelyncrypts only the significant part. To identify the significant data,elationship between NIE and perceptual information of a subbands derived. An increased effective key space is obtained by chaoticncryption of the selected subbands. This makes the fractionalrder, just a part of the key, but not the most important key com-onent. With the proposed technique, encryption of only 3.125%f the entire image data leads to an acceptable perceptual secu-ity. The proposed technique provides high cryptographic security,hat is ascertained by considering the statistical and key-relatedttacks. Performance analysis in lossy and noisy communicationhannels demonstrate its robustness against eavesdropping andpproximation attacks.

cknowledgement

The first author acknowledge the financial support provided byinistry of Human Resource Development, Government of India.

eferences

[1] Van Droogenbroeck M. Partial encryption of images for real-time applications.In: Proc. of the 4th benelux signal process. symp., Hilvarenbeek, The Nether-lands. 2004. p. 11–5.

un. (AEÜ) 65 (2011) 338–344

[2] Tang L. Methods for encrypting and decrypting MPEG video data efficiently. In:Proc. of the int. multimedia conf., Boston, MA, November. 1996. p. 219–30.

[3] Torrubia A, Mora F. Perceptual cryptography on MPEG layer III bit-streams. IEEETrans Consumer Electron 2002;48(4):1046–50.

[4] Lian S, Sun J, Wang Z. A novel image encryption scheme based on JPEG encoding.In: Proc. of the 8th IEEE int. conf. inform. visualisation, London, UK, July. 2004.p. 217–20.

[5] Xin Y, Tao R, Wang Y. Image encryption on a novel reality-preserving fractionalFourier transform. Proc. of the int. conf. innovation computing, inform. andcontrol, Beijing, September. 2006. p. 22–5.

[6] Liu Z, Da J, Sun X, Liu S. Triple image encryption scheme in fractional Fouriertransform domains. Opt Commun 2009;282(4):518–22.

[7] Joshi M, Shakher C, Singh K. Logarithms-based RGB image encryptionin the fractional Fourier domain: a non-linear approach. Opt Lasers Eng2009;47(6):721–7.

[8] Mendlovic D, Zalevsky Z, Mas D, Garcya J, Ferreira C. Fractional wavelet trans-form. Appl Opt 1997;36(20):4801–6.

[9] Huang Y, Suter B. The fractional wave packet transform. Multidimensional SystSignal Process 1998;9(4):399–402.

10] Chen L, Zhao D. Optical image encryption based on fractional wavelet trans-form. Opt Commun 2005;254:361–7.

11] Chen L, Zhao D. Image encryption with fractional wavelet packet method. OptInt J Light Electron Opt 2008;119(6):286–91.

12] Wickerhauser M. Adapted wavelet analysis from theory to software. A.K. PetersWellesley; 1994.

13] Tao R, Qi L, Wang Y. Theory and applications of the fractional Fourier transform.Beijing: THU Press; 2004.

14] Taneja N, Raman B, Gupta I. Security solutions for still visual data. Ph.D. Thesis.Indian Institute of Technology Roorkee, India.

15] G. Peterson, Arnold’s cat map, 1997. Available from:http:online.redwoods.cc.ca.us/instruct/darnold/maw/catmap3.htm.

16] Marion A. An introduction to image processing. London: Chapman and Hall;1991.

17] Schneier B. Applied cryptography, second edition: protocols, algorithms andsource code in C. New York: Wiley Publications; 1996.

18] Mao Y, Wu M. A joint signal processing and cryptographic approach to multi-media encryption. IEEE Trans Image Process 2006;15(7):2061–75.

19] Taneja N, Raman B, Gupta I. Chaos based partial encryption of SPIHT compressedimages. Int J Wavelets, Multiresolution and Information Processing; in press.

Nidhi Taneja received her B.E. degree in Electronics &Communication and M.Tech degree in Digital Communi-cation in 2001 and 2006, respectively. At present, she ispursuing her Ph.D. in Department of Electrical Engineeringat Indian Institute of Technology Roorkee, India. Her areaof interest includes Wireless Communication, Multime-dia Transmission over Packet Networks, Image Encryptionand Visual Cryptography.

Balasubramanian Raman received his Ph.D. in Math-ematics (2001) from Indian Institute of Technology,Madras, India. At Present, he is an Assistant Professorand Head of the Computer Vision, Graphics and ImageProcessing Laboratory in the Department of Mathemat-ics at Indian Institute of Technology Roorkee, India. Heworked as a Post Doctoral Associate in ECE Department,and member of the Visualization Research Laboratory (VIZLab), at Rutgers, The New State University. He was also aPost Doctoral fellow of Computer Engineering and Com-puter Science (CECS), and member of the ComputationalIntelligence Research Laboratory (CIRL), at the Universityof Missouri-Columbia (MU), Missouri, USA. He has also

worked as Visiting Professor in Department of Electrical and Computer Engineeringat University of Windsor, Canada under Boyscast Fellowship. His areas of researchincludes Computer Vision, Graphics, Satellite Image Analysis, Scientific Visualiza-tion, Imaging Geometry, Reconstruction Problems, Image Encryption and DigitalWatermarking.

Indra Gupta received her B.Tech degree in ElectricalEngineering from HBTI, Kanpur, in 1984. She com-pleted her M.E. and Ph.D. from University of Roorkee,India. She is Currently an Associate Professor in the

of Technology Roorkee, India. Her areas of interestincludes Advanced Microprocessor Applications, Infor-mation Security, Multimedia Processing, Process ControlApplications, Biomedical Imaging, Content based ImageRetrieval and Online Computer Applications.