Image Encryption Using a Lightweight Stream Encryption Algorithm

Security of the multimedia data including image and video is one of the basic requirements for the telecommunications and computer networks. In this paper, we consider a simple and lightweight stream encryption algorithm for image encryption, and a series of tests are performed to confirm suitability of the described encryption algorithm. These tests include visual test, histogram analysis, information entropy, encryption quality, correlation analysis, differential analysis, and performance analysis. Based on this analysis, it can be concluded that the present algorithm in comparison to A5/1 and W7 stream ciphers has the same security level, is better in terms of the speed of performance, and is used for real-time applications.


Introduction
Nowadays, multimedia data such as image and video is expanding in communications and computer networks [1]. Due to widespread use of multimedia data and despite widespread threats and attacks in communication systems, security of this data is necessary [2,3]. Multimedia encryption challenges originate from two realities. Firstly, multimedia data have great volumes. Secondly, they need real-time uses [4]. So using encryption for security results in additional computations for information processing. As a result, a balance between security and synchronization requirement is necessary [5]. To reach this aim, we use lightweight and high-speed encryption algorithms. One of the methods to ensure security is considering all data as binary strings and encrypt them using block encryption algorithms such as DES. These algorithms are very complex and involve large amounts of computations, and their software implement is not fast enough for high-volume multimedia data [6].
Commonly stream encryption algorithms are used for image encryption [5,[7][8][9]. Stream ciphers are built using a pseudorandom key sequence, and then this sequence is combined with the original text through exclusive-or operator.
Generally, stream encryption systems have suitable performance when speed and error probability of data transmission are high. In this paper, the simple and lightweight stream encryption algorithm is used for multimedia applications such as image, and also various statistical tests are performed in order to assure the security of the algorithm and compared to A5/1 and W7 stream cipher. The notable point in this algorithm is producing the key sequence by AES block cipher in order to enhance the security.
A5/1 and W7 stream cipher algorithms are used for the key production from the linear feedback shift registers. A5/1 algorithm has 64-bit private key, and W7 algorithm has 128-bit private key. Also, both algorithms have adequate security and proper performance speed for image encrypting as compared to block cipher algorithms such as DES, AES, and RC5. Reference [7] provides more details about these two algorithms and their applications in multimedia security. This paper is classified as follows. In Section 2, one of the stream encryption algorithms is introduced step by step for multimedia use. Section 3 represents a series of security discussion and statistical tests that include visual test, histogram analysis, information entropy, encryption quality, correlation analysis, differential analysis, and performance 2 Advances in Multimedia analysis introduced and compared to A5/1 and W7 stream cipher. Section 4 concludes the work results.

The Stream Encryption Algorithm
As mentioned in the previous section, stream encryption algorithms are used in attention for real-time applications. In this algorithm, stream ciphers are used in order to accelerate implementation of the algorithm. In order to enhance the security, the key product is the same as the key product of AES block cipher.
In this algorithm, the main text is divided in different sections and each section is encrypted by the stream encryption algorithm. In any section, the encryption algorithm uses a separation secret key. The secret key of our encryption schemes is protected by the block cipher (such as AES). BE(m, K) denotes a block cipher encryption algorithm on message m using key K, and SE(P, key i ) denotes a stream cipher encryption algorithm on message P using key key i . At the beginning of this algorithm, the key of different sections is generated as key i = BE(m, K), then if the plain text is as P 1 , P 2 , . . . , P t , the encrypted text would be as C 1 , C 2 , . . . , C t , and any section of the encrypted text is as C i = SE(key i , M i ).
Let F be a function defined as where Key i is the 128-bit key and Key i = k 1 k 2 k 3 k 4 for 32-bits k i , x is a 32-bit string, ⊕ is the bit-wise exclusive-or, + and × are mod 2 32 addition and multiplication. To encrypt every 32 bits of the original text, this algorithm has the following steps.
Step 1. A 128-bit key sequence is generated by the block algorithm AES and is considered to be Key i = k 1 k 2 k 3 k 4 for 32-bit k i . It should be noted that this 128-bit key is updated by the AES algorithm to encrypt every 32-bit of the original text.
Step 2. By the function proposed in (1), A i value is obtained as follows: where X value in (1) is replaced by C i−1 ⊕ P i−1 . P i−1 and C i−1 are equal to 32 bits of the previous plain text and cipher text, respectively. In addition, as it was stated above, ⊕ is the bitwise exclusive-or.
Step 3. Again, by the function expressed in (1), B i value is obtained as In this step, X value in (1) is replaced by A i ⊕ P i−2 . P i−2 is equal to 32 bits of the original text in the two previous cases, and also A i was obtained in Step 2 by (2).
Step 4. For the third time, (1) is given as In this equation, X value in (1) is equal to B i ⊕ C i−2 . C i−2 is equal to 32 bits of the encrypted text in the two previous cases, and B i was obtained in Step 3 by (3).
Step 5. In this stage, according to the following equation, 32 bits of the cipher text are obtained: where P i value is equal to 32 bits of the plain text and so D i value was obtained in Step 4.
All the Steps 2-5 can be summarized by the following equation: In all the Steps 2-4, C 0 , C −1 , p 0 , and p −1 can be considered equal to k 1 , k 2 , k 3 , and k 4 . The decryption procedure is similar to the encryption one, just with the difference, the locations of P i and C i in (5) are exchanged as follows: It should be mentioned that D i value in the decryption procedure is obtained in accordance with the encryption procedure as well as using the previous original and encrypted texts.

Security and Performance Analysis
The main parameter on design of any encryption algorithm is amount of algorithm robustness against cryptographic attacks including brute force, statistical attack, known plain text attack, and chosen plain text attack. Thus, a cipher of high key and plain text sensitivity is desirable. Besides, computational speed and quality of encrypted images are other important issues. In this section, we performed security discussion of the scheme and a series of tests to compare the efficiency of the described algorithm. Images used to implement the tests are some pictures of USC-SIPI image database (freely available at http://sipi.usc.edu/database/).

Security Discussion of the Scheme
Security of the Key. The key of the encryption/decryption is Key i that is produced by the BE block cipher. Therefore, achieving the key is difficult.

Meet in the Middle Attack (the Attack to the Section Key).
This type of attack is a brute force attack. By meeting one or more bits in the middle, it searches exhaustively the key bits through the middle bits [5]. Since this algorithm has three rounds of F, the meet in the middle attack does not work.
Since at least one way to the middle goes through two rounds of F, therefore, the number of key bits that affects a single bit is large. Chosen Cipher Text Attack (the Attack to the Section Key). All the stream ciphers that have cipher text feedback are weak to the chosen cipher text. For example, if stream cipher was defined as the cipher would be weak to chose cipher text attack. By being different at only one bit, the attacker can ask for the decryption of C i , C i and apply the differential attack [5]. But the stream cipher is defined as where it has both cipher text and plain text feedback. Consequently, achieving the plain text without adequate information from the original text and the encrypted text is impossible.

Visual Test.
Observation is an important factor in cipher image test. A good encryption algorithm should mix image so that features are not visually detectable. Also, no information should be observed in the encrypted image by comparing the encrypted and original images [10,11].
Result of the described algorithm encryption is shown in Figure 1. Figure 1 shows that the encrypted image is quite distinct from the original image.

Histogram Analysis.
To prevent the information leakage and aggressive attacks, it must be ensured that the original and encrypted images do not have any statistical similarity. Histogram analysis expresses the way of the distribution of pixels in the image using the drawing number of observations for each amount of pixels brightness [12][13][14][15][16]. Figure 2 shows the histogram analysis on the test image using the described algorithm. The histogram of original image has a sharp rise with a sharp decline as shown in Figure 2(a), and histogram of the encrypted image as shown in Figure 2 has a uniform distribution that is completely different from histogram of the original image and has no statistical similarity. Therefore, the attacker with the histogram analysis of the encrypted image cannot acquire information from the original image.

Information Entropy.
Shannon introduced information entropy as the measure of source information in 1949.
The H(s) entropy of a message source s is defined as In this equation, P(s i ) represents the probability of symbol s i and the entropy is expressed in bits [17]. If we suppose that the source emits 2 8 symbols with equal probability and s = {s 1 , s 2 , . . . , s 2 8 }, random source entropy is equal to 8. If an encryption algorithm creates symbols with entropy less than 8, there is likelihood to predict original image from encrypted image, which is a threat to the system security. As it is observed in Table 1, entropy of studied algorithms is very close to the ideal value of 8. This means that information leakage in the encryption process is negligible and studied algorithms are secure upon the entropy attack. Also, we conclude that the entropies of A5/1 and the proposed algorithms are closer to the ideal value compared with entropy of W7.

Encryption Quality.
The image encryption creates large changes in the amount of pixels. These pixels are completely different from the original image. These changes are irregular. More changes in values of the pixels show more effectiveness of encryption algorithm and thus better quality. Let C(x, y) and P(x, y) be the gray level of the pixels at the xth row and yth column of a W × S encrypted and original images, respectively. Encryption quality shows the average of changes in each amount of gray L, and, according to [18], it can be expressed as where H L (P) and H L (C) are the number of repetition from each gray value in the original image and the encrypted image, respectively. Encryption quality for A5/1, W7, and the described algorithm is available for different images in Table 2. From the obtained values, we conclude which the qualities of A5/1 and the proposed algorithm are better than W7.

Correlation Analysis.
Any pixel correlates highly with adjacent pixels in the original image. Equations (5), (6), and (7) are used to study the correlation between adjacent pixels in horizontal, vertical, and diagonal orientations [4,7,15,16]: In these equations, r xy is correlation coefficient, x and y are intensity values of two adjacent pixels in the image, and N is the number of pair pixels of the selected adjacency in the image to calculate the correlation. 1000 pairs of two adjacent pixels are selected randomly from the image. Ideally, correlation coefficient of the original image is equal to one, and the correlation coefficient of the encrypted image is equal to zero. Also, the correlation diagram is used. Initially, the neighborhood of horizontal, vertical, and diagonal of N pixels is identified in this diagram. Then, diagram is plotted based on the value of each pixel and its neighbors.
As it is specified in Figure 3, correlation between pixels of the original image is too much, while there is a little correlation between neighboring pixels in the encrypted image. In Table 3, correlation coefficients of different encrypted images by studied encryption algorithms have been given for neighborhoods of horizontal, vertical, and diagonal. The table shows that the values of correlation coefficients of the three algorithms are very close to zero for each neighborhood. Therefore, these algorithms are secure against correlation attacks.

Differential
Analysis. An encryption algorithm should be designed so that it is sensitive to the small changes in the original image. Attacker tries to view the changes result in the encrypted image making minor changes in the original image. Thus, it reveals a significant relationship between the original image and the encrypted image. Also, this action facilitates finding the algorithm key. If a small change in the original image can cause a large change in the encrypted image, then the differential attack is not possible.
Three common measures were used for differential analysis: MAE, NPCR, and UACI [7,17]. MAE is mean absolute error. NPCR is the number of pixels change rate of encrypted image, while one pixel of original image is changed.
UACI is the unified average changing intensity, which measures the average intensity of the differences between the original image and the encrypted image.
If C(x, y) and P(x, y) are the gray level of the pixels at the xth row and yth column of a W × S encrypted and original image, respectively, then MAE is defined as The MAE test results for the three encryption algorithms have been recorded in Table 4. Information recorded in the table shows that the calculated MAE values of encryption algorithms have little difference.
Consider two encrypted images C k and − Ck that, corresponding to original images, are only different in a pixel. The NPCR is defined as and UACI is defined as It is clear that large amounts of NPCR and UACI indicate a high sensitivity of the encryption algorithm to the original image. The NPCR and UACI test results have been recorded in Table 5. The results indicate that the NPCR and UACI are less than 0.01% for the studied algorithms. Unfortunately, this means that these algorithms have low sensitivity to changes in the original image.

Performance
Analysis. In addition to security issues, the speed of encryption algorithm is important for real-time processing. Efficiency of the proposed encryption algorithm is dependent on the comparison between the speed of encryption algorithms. Efficiency of algorithms has been     achieved with a unoptimized MATLAB code on a machine with Intel core 2 Duo 2.10 processor and 2 Gbytes of RAM memory for Windows 7 operating system. The results in Table 6 show that the described algorithm in terms of execution speed is better than algorithms A5/1 and W7 and so is better for real-time applications.

Conclusion
In this investigation, one stream encryption algorithm was proposed for multimedia systems, and many statistical tests were performed to prove suitability of the algorithm, and so this algorithm was compared to A5/1 and W7 stream ciphers. Based on the visual test, there is not any kind of information from the original image in the encrypted image. The histogram shows that distribution of brightness in pixels of the encrypted image is completely uniform, and there is not any statistical similarity with the histogram of the original image. The results of information entropy test show that this value is very close to the ideal value in the encrypted images for all three algorithms. Consequently, these algorithms are secure against entropy attacks. Also, comparison between the entropy of the three algorithms shows that entropies of A5/1 and the proposed algorithms are closer to the ideal value compared with entropy of W7. Based on the results of the encryption quality, the described and A5/1 algorithms have a better quality in the diffusion and confusion of pixels than W7 algorithm. Diagram and coefficients of correlation show that correlation between pixels of the encrypted image has declined severely, and these algorithms are secure against correlation attacks. In order to measure the sensitivity of the algorithm to minor changes in the original image, two measures were considered: NPCR and UACI. The results showed that the proposed algorithm and A5/1 and W7 algorithms have a little sensitivity to minor changes in the original image, ultimately. Performance speed of the described algorithm and two algorithms of A5/1 and W7 were compared. The results showed that performance speed of the described algorithm is faster than two algorithms of A5/1 and W7. According to last discussions, it seems that the described algorithm in software applications has more advantages compared to both algorithms of A5/1 and W7.