A Hybrid Chaotic and Number Theoretic Approach for Securing DICOM Images

The advancements in telecommunication and networking technologies have led to the increased popularity and widespread usage of telemedicine. Telemedicine involves storage and exchange of large volume of medical records for remote diagnosis and improved health care services. Images in medical records are characterized by huge volume, high redundancy, and strong correlation among adjacent pixels. This research work proposes a novel idea of integrating number theoretic approach with Henon map for secure and efficient encryption. Modular exponentiation of the primitive roots of the chosen prime in the range of its residual set is employed in the generation of two-dimensional array of keys.The keymatrix is permuted and chaotically controlled byHenonmap to decide the encryption keys for every pixel of DICOM image. The proposed system is highly secure because of the randomness introduced due to the application of modular exponentiation key generation and application of Henon maps for permutation of keys. Experiments have been conducted to analyze key space, key sensitivity, avalanche effect, correlation distribution, entropy, and histograms. The corresponding results confirm the strength of the proposed design towards statistical and differential crypt analysis.The computational requirements for encryption/decryption have been reduced significantly owing to the reduced number of computations in the process of encryption/decryption.


Introduction
Telemedicine is essentially the remote diagnosis and treatment of patients by means of telecommunications technology.The increasing adoption and usage of internet, smart phones, mobile health care devices, and wearable health technology have significantly impacted the growth of telemedicine over the years.Telemedicine involves large volume of storage and exchange of electronic health records among physicians, patients and health care professionals for better health services.Health records involve extensive usage of multimedia especially images, which are generated from various imaging technologies like conventional X-rays, ultrasound imaging, digital mammography, Computed Axial Tomography (CT), Positron Emission Tomography (PET), and Magnetic Resonance Imaging (MRI).These medical images are highly sensitive and are to be operated in a resource constrained environment characterized by lower band width, limited processing power, and limited memory.The strong privacy requirements of medical images with the operating constraints demand secure encryption algorithms with optimal processing requirements.
Text based algorithms like Advanced Encryption Standard, Elliptic Curve Cryptography, and RC4 are not preferred for encryption of medical images because of the complicated internal structure, memory requirements, and time delay incurred in the process of key generation and encryption/decryption.Few researches in the literature focus on the customization of the text based algorithms for encrypting medical images [1][2][3][4].However reduction in computational time is not up to the desired level.
Substantial amount of research work in the literature have focused on application of chaotic maps for cryptography due to the high sensitivity to initial conditions, nonlinearity, and random and ergodic nature of chaotic maps.Fridrich [5] proposed the initial framework for chaos based image encryption, which consists of two stages, namely, permutation/confusion and substitution/diffusion.A 2D chaotic map was used to control the parameters in both the stages.Following Fridrich, many researchers [6][7][8][9][10][11] have contributed significant enhancements for improving security in the field of chaos based image encryption.
Owing to the wide spread usage of telemedicine, many research works have been attempted to test the feasibility of chaotic maps for medical image encryption.Hu and Han [12] presented a pixel-based scrambling scheme based on simple XOR operation.The scrambling key is a true random number (TRN) sequence derived from the multiscroll chaotic attractors.Fu et al. [13] attempted to improve the efficiency of chaos based image cipher by introducing substitution in the permutation process itself.Arnold cat map and logistic map are chosen for permutation and substitution, respectively.Since pixel value mixing is contributed by both permutation and substitution stage, desired level of security could be achieved in fewer rounds.Liu et al. [14] used hash value of the pathological image and random number to generate the initial conditions of chaotic maps.Chebyshev maps are used to confuse the pixels.Since each block of the image is encrypted using the hash value of the previous block and random number, different cipher images are generated for different recipients.Praveenkumar et al. [15] proposed a trilayer cryptic system, which is a blend of Latin square image cipher, discrete Gould transform, and Rubik's encryption for encryption of DICOM images.Confusion, diffusion, tamper proofing, permutation, randomness, and ergodicity have been fused together to enhance security.Ravichandran et al. [16] employed bioinspired crossover and mutation unit to provide confusion and diffusion of pixels in a DICOM image.Logistic, tent, and sine maps are used for the second stage of encryption.Combined logistic tent maps and combined logistic sine maps are used to generate enlarged and elevated chaotic sequences, which are further enhanced by crossover and mutation strategies.To diffuse the effect of slight change in single pixel intensity of plain image over many pixels in cipher image, logical operations such as XOR and circular rotation are proposed by Yavuz et al. [17].
Though chaotic cryptosystems provide the required confusion and diffusion properties, they do have the limitations of low cycle lengths and are computationally less efficient because of floating point arithmetic.DICOM images are highly sensitive because even a small amount of visual degradation can lead to false diagnosis.Lima et al. [18] proposed a model for medical image encryption using Cosine Number Transform (CNT) to avoid round off errors.Their model provides zero tolerance effect since it involves only integer arithmetic.Dzwonkowski et al. [19] adopted Feistel network for encryption of DICOM images, wherein special properties of quaternions are used to perform rotations in 3D space for each of the cipher rounds.
The proposed work is an attempt to improve the computational efficiency of chaotic crypto systems by generating keys based on number theory.As the system design involves modular exponentiation for key generation, it completely eliminates round off errors in decryption and provides zero tolerance effect.To further enhance the level of security, a permutation stage is included, wherein the keys generated are chaotically permuted and controlled by Henon map.Permutation of key arrays based on Henon maps generates independent key arrays for encryption of every subimage which enhances the randomness of the keys.The security of the proposed algorithm is confirmed through statistical and differential crypt analysis.While the proposed algorithm ensures a high degree of security on par with the existing algorithms reported in the literature, the computational time and resources have been reduced significantly, because of simple structure in encryption/decryption.This makes the proposed algorithm suitable for real time applications.

Discrete Logarithm.
If "" is an arbitrary integer in   = {1, 2, 3, . . .,  − 1} and  is a primitive root of "" then there exists exactly one number  such that  ≡   (mod) . ( The number "" is then called the discrete logarithm [24] of "" with respect to the base " modulo " and is denoted as Discrete logarithm principle has been extensively used in the design of asymmetric algorithms like ElGamal Crypto systems and Diffie Hellman Key exchange.Elliptic curve version of discrete logarithm problem forms the foundation of Elliptic Curve Cryptography.Few researchers have extended discrete logarithms for symmetric text and image encryption [25,26].The strength of discrete logarithm is because of the fact that the forward process of calculation of exponentials modulo prime is easier even for very larger primes using fast modular exponentiation.However, the reverse process of calculation of discrete logarithms is considered infeasible for larger primes [23].

Henon Maps.
The Henon map is a two-dimensional discrete dynamical system introduced by Michael Henon [27].Henon map takes a point (  ,   ) in the plane and maps it to a new point ( +1 ,  +1 ) as defined by the equations The desired statistical properties can be obtained from the generated values if the input values are as follows: "" can be in the range of 1.16 to 1.41."" can be in the range of 0.2 to 0.3.
" 0 " can be in the range of −1 to 1.
" 0 " can be in the range of −0.35 to 0.35.
Skip value can be in the range of 80 to 1000.
Henon map is found to exhibit good chaotic behavior for values  = 1.4 and  = 0.3.A minute variation in the initial parameters even in ten-millionth place value of the Henon maps could yield widely divergent results.This extreme sensitiveness to initial conditions of the Henon map is exploited in various image encryption algorithms.Henon map has been tried for various applications in cryptography such as pseudo number generation [28], encryption of satellite imagery [29], and design of substitution boxes [30].

Proposed Methodology
The proposed methodology consists of three stages, namely, (A) generation of two-dimensional key array based on modular exponentiation, (B) permutation of key array based on Henon maps, (C) encryption/decryption of DICOM images based on bitwise XOR of subimages with permuted key arrays.

(A) Generation of Two-Dimensional Key Array Based on Modular Exponentiation
(A1) Select a prime number "" and generate all possible primitive roots of the prime.A primitive root of a prime "" is an integer "" such that " mod " has multiplicative order " − 1".
(A2) If  1 ,  2 ,  3 , . . .,   are the primitive roots of the prime "" then a two-dimensional array "" of order " × " is generated as follows: where "" refers to the number of rows = number of primitive roots for the prime "".
"" refers to the number of columns =  − 1.

(B) Permutation of Key Matrix Based on Henon Maps
(B1) Exchange the parameters  1 ,  2 ,  3 ,  4 , and  5 using the public keys of the receiver for generation of permutation keys for rearranging the elements in the key pool.
(i)  1 : the parameters of the Henon map ,  and seed values  0 ,  0 .(ii)  2 : the number for decimal places of the mantissa that are to be supported by the calculating machines.(iii)  3 : the number of iterations after which the first value is to be picked for generating keys.(iv)  4 : the skip value to be maintained for picking successive values thereafter.(v)  5 : increment value of seed for generating different permutation keys.
(B2) Iterate the two-dimensional equations of the Henon map with initial parameter settings as defined in  1 for a predefined number of times.The number of iterations (  ) is given by  3 + ( − 1) 4 , where  = max(, ).
(B3) Process the result in two one-dimensional arrays "X" and "Y" of length "".
(B4) Encode the values generated by the Henon map to integer representation for locating row and column indices.
where   and   correspond to the encoded version of  and . min ,  max ,  min , and  max are the minimum and maximum values of the two-dimensional Henon map equations generated in various iterations.
row min , row max , col min , and col max are the minimum and maximum values of row and column indices respectively in the key matrix.
(B5) Permute the two-dimensional key array using the encoded arrays (  ,   ) as the permutation key.
(B6) Repeat steps (B2) to (B5) with updated seed value   0 =   +  5 for generating different permutation keys as required.The number of permutation keys is decided by the count of subimages.
The process is illustrated by a simple example as depicted in Figure 1.Supposing the size of the two-dimensional key array is 2 × 2 and the size of the image is 4×4, the image is split into four subimages of size 2 × 2.
Case 2. If   and   are not exact multiples of  and , the image is split into possible subimages of order  × .The pixels in the left out rows and columns form independent two-dimensional arrays whose size is less than  × .Supposing the size of the two-dimensional key array is 2 × 2 and size of the image is 5 × 5, the image is split up into four subimages of size 2 × 2, two arrays of order 2 × 1, two arrays of order 1 × 2, and an array with size 1 × 1.The process of splitting is depicted in Figure 2.
The pixels present in (, ) location of the subimage array are XORed with the elements present at the location (, ) of the key array, respectively.
(C3) Encrypt every subimage by bitwise XOR operation of the pixel with the corresponding element located in the same index in permuted key array.Integrate the subblocks to construct the ciphered image.
(C4) For decryption, divide the cipher image again into subimages as described in (C2).Decrypt every individual pixel of the cipher subimage by performing bitwise XOR with keys generated independently at the receiver.Recover the plain subimages independently and integrate to construct the original image.The block diagram of complete encryption of the image is represented in Figure 3.

Experimental Results
The proposed medical image encryption algorithm is implemented in MATLAB R2012a in Windows platform.The system configuration includes Intel core i3 Processor operating at 2.53 GHz and 3 GB RAM.DICOM samples downloaded from http://www.barre.nom.fr/medical/samples/ are used for validation and performance analysis.Description of the medical image samples are provided in Table 1.
Figure 4 represents the sample DICOM images and Figure 5 represents the corresponding encrypted DICOM images.

Histogram Analysis. The histogram of an image is a plot
showing the frequency of intensities of pixels.The statistical relationship between the plain and cipher image is exploited to launch statistical attacks on an image crypto system.Since the histograms of plain and encrypted DICOM images in Figures 6, 7(a), and 7(b) are completely different from each other, it can be concluded that the proposed image crypto system provides complete resistance towards statistical crypt analysis.decreases with the increase in randomness.The entropy of plain and cipher medical image samples () are calculated using

Correlation Distribution. A good image crypto system should completely destroy the relationship between adjacent
where (  ) refers to the probability of occurrence of particular intensity.The results are tabulated in Table 3.The entropy of encrypted images is close to the theoretical value of 8, thereby ensuring that no information is made available for launching cryptographic attacks.
where  and  are the width and height of the medical image, and 1 and 2 are two encrypted images with slightly different keys.(, ) is a bipolar array with the same size as that of 1 and 2.If 1(, ) and 2(, ) are identical, then (, ) is set to 0; else set to 1. Sample DICOM images were encrypted with keysets which differ by a very small magnitude in the initial conditions of Henon map.NPCR and UACI were measured for the corresponding cipher images and are presented in Table 4.The NPCR measures the percentage of different pixel numbers between the two encrypted images.The UACI measures the average intensity of differences between the two encrypted images.On an average, the NPCR and UACI values are 99.60001% and 33.4738%, respectively, which are close to the theoretical values specified by Wu et al. [31].Higher magnitude of NPCR and UACI ensures that the proposed system offers sufficiently large resistance towards differential attack.

Key Space Analysis.
Decrypting the cipher image with all possible keys to recover the original image is known as the brute force attack.The key space of the cryptosystem must be sufficiently large to withstand brute force attack.In the proposed cryptosystem, the size of the key pool generated increases with the increase in magnitude of the prime "".
The key pool is once again permuted for every encryption of every subimage by Henon map, which is extremely sensitive to initial conditions.The permutation keys generated are totally different even for ten millionth differences in decimal places of the initial conditions of the Henon map.The choice for the key values (,  1 ,  3 ,  4 ,  5 ) are as follows.
(i) Prime (): by experimentation it has been observed that, for an image with 8-bit pixel depth, the algorithm produces satisfactory (iii) The number of iterations after which the first value is to be picked for generating keys ( 3 ): " 3 " can be any integer value greater than 300.(iv) The skip value to be maintained for picking successive values ( 4 ): " 4 " can be any integer value between 80 to 1000.
(v) Increment value of seed for generating different permutation key arrays ( 5 ).
Even small variations from one tenth to one millionth value of seed values of Henon map as specified in " 5 " generate diverging keys.
Decryption of the cipher image is possible only if the exact values of all the parameters of the keys are known.The probability of finding the accurate values of all the parameters is close to zero since the combined key space of all the parameters is extremely large.Hence it could be confirmed that launching brute force attack is computationally infeasible on the proposed image encryption algorithm.

Key Sensitivity Analysis.
Any efficient cryptosystem should be highly sensitive to keys; that is, cipher images generated on encryption with slightly varying keys should be completely different from each other.The proposed methodology has been examined for key sensitivity with encryption of image sample (D 3) with three slightly different encryption keys as follows:  deviation between the encrypted images which is measured by computing of pixel differences between the cipher images.
It can be inferred that the proposed system exhibits good avalanche effect as even a minor change in inputs has produced significantly differing cipher images.
The cipher images must be highly sensitive to the keys.The cipher images should not be correctly decrypted, even if there is a slight difference in the key.The results of an attempt to decrypt a cipher image with slightly different keys are illustrated in Figure 11 which confirms that the proposed idea is highly sensitive to keys thereby ensuring its security.It could also be inferred that decryption with the correct key has produced no visual degradation because of integer arithmetic involved in modular exponentiation during key generation.

Peak Signal to Noise Ratio.
Peak signal to noise ratio can be used to quantify the depth of degradation introduced upon encryption.The higher the amount of degradation, the more strong the crypto system.The PSNR computed for various DICOM image samples are as shown in Table 5.It could be inferred that the PSNR values of original and encrypted samples are well within the satisfactory limit of 11 dB.[13,15,16,20,21] in the literature and is reported in Table 6.It could be inferred that the security level of the proposed algorithm is on par with the works reported in the literature but with significant reduction in computational requirements.The computational time taken for encryption is significantly reduced as the design has reduced number of rounds and iterations in encryption/decryption.In order to speed up the process of encryption/decryption for real time applications, the key generation and key permutation can be carried out as a preprocessing step.The time taken for key generation and encryption for different sized image samples is presented in Table 7.

Conclusion and Future Work
This research work employs the concept of modular exponentiation and Henon maps for securing DICOM images.The use of modular exponentiation of primitive roots of prime over its residual elements generates session keys which involves only integer arithmetic and is free from round off errors.Henon maps are used for permuting the keys to be used in encryption of subimages.Permutation of keys introduces an additional level of randomness and thus enhances the security of the system.Experimental results confirm the strength and resistivity of the algorithm again, statistical and differential crypt analysis, brute force attack, and key sensitivity analysis.Reduced number of rounds and operations of encryption/decryption results in significant reduction in time in comparison with text based crypto systems.Future work includes the performance analysis of the proposed system in mobile and cloud environments.The feasibility of enabling parallel encryption in the proposed design using MapReduce framework in Hadoop environment can also be tested.

Figure 7 :
Figure 7: (a) Histograms of red, green and blue planes of plain DICOM image sample: D 6.(b) Histograms of red, green, and blue planes of encrypted DICOM image sample: ED 6.

1 )Figure 8 :
Figure 8: Correlation distributions of plain and encrypted DICOM image sample: D 3 and ED 3.

Figure 9 :Figure 10 :
Figure 9: Encrypted DICOM image of sample D 3 with slightly differing keys.

Table 1 :
Description of image samples.
Figure 1: Splitting of plain images to subimages: Case 1. (C) Encryption/Decryption of DICOM Images Based on Bitwise XOR of Subimages with Permuted Key Arrays (C1) Read the input DICOM image of size   ×   .The number of rows () in the two-dimensional key array is equal to the number of primitive roots of the prime ().The number of columns () is given by ( − 1).(C2) If   is greater than  and   is greater than , divide the image into nonoverlapping subimages as follows.Case 1.If   and   are exact multiples of  and  (i.e.,   =  and   =  where  and  are integers), the image is split into subimages of order  × .The number of subimages ( SI ) is given by

Table 2 :
Correlation coefficient of original and encrypted image samples.

Table 3 :
Entropy of plain and cipher DICOM samples.

Table 4 :
NPCR and UACI of encrypted image samples with slightly different keys.

Table 5 :
PSNR of DICOM and its encrypted samples.

Table 7 :
Computational time analysis.Comparison with Existing Work.The performance of the proposed algorithm has been compared with the existing works