A New Chaos-Based Color Image Encryption Scheme with an Efficient Substitution Keystream Generation Strategy

This paper suggests a new chaos-based color image cipher with an efficient substitution keystream generation strategy. The hyperchaotic Lü system and logistic map are employed to generate the permutation and substitution keystream sequences for image data scrambling and mixing. In the permutation stage, the positions of colored subpixels in the input image are scrambled using a pixel-swapping mechanism, which avoids two main problems encountered when using the discretized version of areapreserving chaotic maps. In the substitution stage, we introduce an efficient keystream generation method that can extract three keystream elements from the current state of the iterative logistic map. Compared with conventional method, the total number of iterations is reduced by 3 times. To ensure the robustness of the proposed scheme against chosen-plaintext attack, the current state of the logistic map is perturbed during each iteration and the disturbance value is determined by plain-pixel values. The mechanism of associating the keystream sequence with plain-image also helps accelerate the diffusion process and increase the degree of randomness of the keystream sequence. Experimental results demonstrate that the proposed scheme has a satisfactory level of security and outperforms the conventional schemes in terms of computational efficiency.


Introduction
Nowadays, digital image information has been widely communicated over the Internet and wireless networks owing to the rapid advancements in the multimedia and communication technology.Meanwhile, the protection of digital image information against illegal usage has become an important issue.A direct and obvious way to protect image data from unauthorized eavesdropping is to employ an encryption algorithm.Unfortunately, the renowned block ciphers, such as Triple-DES, AES, and IDEA, are not suitable for practical image encryption.This is because the security of these algorithms is mainly ensured by their high computational cost, making them hard to meet the demand for online communications when dealing with digital images characterized by bulk data capacity.To meet this challenge, many different encryption technologies have been proposed.Among them, the chaos-based algorithms provide an optimal trade-off between security and efficiency.The first chaosbased image encryption scheme was suggested by Fridrich in 1998 [1].The permutation-substitution network, introduced by Claude Shannon in his classic 1949 paper, Communication Theory of Secrecy Systems, and now a guiding principle for the design of a secure cipher, is adopted in her approach.In each round of the cipher, the pixel positions are firstly scrambled in a secret way, which leads to a great reduction in the correlation among neighboring pixels.Then, the pixel values are altered sequentially and the influence of each pixel is diffused to all its succeeding ones during the modification process.With such a structure, a minor change in one pixel of the plain-image may result in a totally different cipher-image with several overall rounds of encryption.
Conventionally, three area-preserving invertible chaotic maps, that is, the cat map, the baker map, and the standard map, are widely used for image scrambling.Unfortunately, this kind of permutation strategy suffers from two main disadvantages, that is, the periodicity of discretized version of chaotic maps and applicability to only square images [2][3][4].To address these two drawbacks, Fu et al. [5] suggested an image scrambling scheme using a chaotic sequence sorting mechanism.Unfortunately, this method takes a whole row/column of an image as the scrambling unit and results in weaker confusion effect compared with many of the existing schemes working on individual pixels.In [6], inspired by the natural ripple-like phenomenon that distorts a reflection on a water surface, Wu et al. suggested a novel scrambling algorithm that shuffle images in an  dimensional ( D) space using wave perturbations.In [7], the original pixel level matrix is considered as a natural 3D bit matrix, and a new 3D bit-level permutation algorithm is proposed.During the permutation stage, the original and target bit locations are both randomly selected to further enhance the permutation effect.
In the substitution stage, various discrete chaotic maps and continuous chaotic systems can be employed to generate keystream sequences with desired statistical properties, including the most commonly used ones like the logistic map [2], the Lorenz system [8], the Chen system [9], and varieties of high dimensional chaotic systems [10].Obviously, low dimensional chaotic maps, especially the logistic map, have the advantages of simplicity and high efficiency but suffer from small key space; in contrast, high dimensional chaotic systems, especially the hyperchaotic systems, provide sufficiently large key space but at the expense of computations.Recently, it has been reported that many existing image encryption schemes have been successfully broken by using known/chosen-plaintext attacks [11][12][13][14].This is due to the fact that the substitution keystream sequences used in these schemes are solely determined by the secret key.That is, the same keystream sequence is used to encrypt different plain-images unless a different secret key is used.Consequently, the keystream sequence may be determined by encrypting some specially created images (e.g., an image with all pixels having the same value) and then comparing them with their corresponding outputs.Obviously, if a keystream sequence depends on both the secret key and the plaintext, then such analysis may become impractical.For instance, in [15], the keystream elements are extracted from multipletime iteration of the logistic map, and the iteration times are determined by plain-pixel values.Unfortunately, the redundant iteration operations downgrade the efficiency of the cryptosystem to some extent.In [16], the value of each keystream element is dynamically altered according to the plain-pixel values during the substitution process.
To better meet the challenge of online secure image communications, much research has been done on improving the efficiency of chaos-based image ciphers.For instance, in [17], Xiang et al. investigated the feasibility of selective image encryption on a bit-plane.It is concluded that only selectively encrypting the higher four bit-planes of an image can achieve an acceptable level of security.As only 50% of the whole image data are encrypted, the execution time is reduced.In [18], Wong et al. proposed a more efficient diffusion mechanism using simple table lookup and swapping techniques as a light-weight replacement of the 1D chaotic map iteration.Following this work, Chen et al. [19] presented an efficient image encryption scheme with confusion and diffusion operations being both performed based on a lookup table.The other advantage of their approach is that it can effectively tolerate the channel errors, which may lead to the corruption of cipher data.It has been demonstrated that images recovered from the damaged cipher data have satisfactory visual perception.In [20], Fu et al. introduced a novel bidirectional diffusion strategy to minimize the number of encryption rounds needed to spread the influence of each individual pixel over the entire cipherimage.Experimental results have demonstrated that their scheme takes one round of permutation and two rounds of substitution to obtain a satisfactory diffusion effect.In [16,[21][22][23], chaos-based image ciphers using a bit-level permutation were suggested.Owing to the substitution effect introduced in the permutation stage, the number of iteration rounds required by the time-consuming substitution procedure is reduced, and hence a shorter encryption time is needed.In [8], Fu et al. suggested a fast chaos-based image cipher with the permutation key determined by the hash value of the original image.Owing to the avalanche property of hash function, completely different shuffled images will be produced even if there is a tiny difference between the original ones, thereby accelerating the diffusion process.In [24], Chen et al. presented a novel image encryption scheme using a Gray-code-based permutation.Taking full advantage of (, , )-Gray-code achievements, the new permutation strategy provides superior computational efficiency.In [25], Hua et al. introduced an image encryption algorithm based on a new two-dimensional sine logistic modulation map (2D-SLMM).Compared with corresponding seed maps, the new map has wider chaotic range, more parameters, and complex chaotic properties while remaining of relatively low implementation cost.Accordingly, the algorithm provides a good trade-off between security and efficiency.
Conventionally, in the substitution stage, one keystream element is obtained from the current value of a state variable of an iterative chaotic system.That is, to generate a keystream sequence of length m, a -dimensional chaotic system should be iterated  = round (m/n) times.In the present paper, we introduce an efficient logistic map-based keystream generation strategy that can simultaneously extract three keystream elements from the current state of the map.As a result, the total number of iterations is reduced by 3 times and the encryption time is shortened.In the permutation stage, the positions of subpixel in each color channel of the plain-image are scrambled across the entire color space using a pixelswapping strategy under the control of a keystream sequence generated from the hyperchaotic Lü system.To ensure the robustness of the proposed scheme against chosen-plaintext attack, the current state of the logistic map is perturbed during each iteration and the disturbance value is determined by plain-pixel values.The mechanism of associating the keystream sequence with plain-image also helps accelerate the diffusion process and increase the degree of randomness of the keystream sequence.Experimental results demonstrate that the proposed scheme has a satisfactory level of security and outperforms the conventional schemes in terms of computational efficiency.
The rest of this paper is organized as follows.The proposed permutation and substitution algorithms are thoroughly described in Sections 2 and 3, respectively.In Section 4, the degree of randomness of the substitution keystream sequences generated using our proposed method is evaluated by using NIST test suite.In Section 5, the confusion and diffusion performance of the proposed cryptosystem are analyzed.The security and efficiency of the cryptosystem are analyzed in Sections 6 and 7, respectively.Finally, Section 8 concludes the paper.

Color Image Permutation Using a Pixel-Swapping Strategy
The hyperchaotic Lü system [26], which is employed in our scheme to generate the permutation keystream sequence, is described by where , ,  are the constants of Lü system [27] and  is a control parameter.When  = 36,  = 3,  = 20, and −0.35 <  ≤ 1.30, the system exhibits a hyperchaotic behavior, and the projections of its phase portrait are shown in Figure 1.Evidently, the initial conditions ( 0 ,  0 ,  0 ,  0 ) of the system are the immediate candidate for the secret key for permutation, as they uniquely determine a chaotic trajectory from which the permutation keystream is extracted.
Without loss of generality, a 24-bit RGB color image of size H×W is used as an input.The detailed permutation process is described as follows.
Step 1. Arrange the colored subpixels in the input image to a one-dimensional byte array imgData = { 0 ,  1 , . . .,  3××−1 } in the order from left to right, top to bottom.
Step 2.1.Preiterate system (1) for  0 times to avoid the harmful effect of transitional procedure, where  0 is a constant.The system can be numerically solved by using fourth-order Runge-Kutta method, as given by where (with  = 2, 3) , and the step ℎ is chosen as 0.005.
Step 3. Extract a permutation keystream sequence permKstr = { 0 ,  1 , . . .,  3××−2 } from permSeq according to where pos (  ) returns the position of   in permKstr, that is, , abs() returns the absolute value of , sig (, ) returns the  most significant decimal digits in x, and mod(, ) divides  by  and returns the remainder of the division.An  value of 15 is recommended as all the state variables in our scheme are declared as double-precision type.From (4) it can be seen that   is in the range between (pos (  ) + 1) and (len(imgData) − 1).That is, the swapping target for each colored subpixel (except the last one) in imgData will be pseudorandomly chosen from all its succeeding ones.
As can be seen from the above description, the proposed permutation scheme well addresses the two problems encountered when using the discretized version of areapreserving chaotic maps.First, the proposed scheme can be applied to images of arbitrary size, whereas the areapreserving chaotic maps can be only applied to square images.Secondly, though the aperiodicity nature of a chaotic system will be deteriorated in computer realization with finite computation precision, the period length of pseudorandom keystream sequence generated by a chaotic system is by far longer than that of its discretized version.A keystream sequence with a very long period can be considered practically aperiodic when applied to images of reasonable size.That is, image scrambled by the proposed method will not return to its original state even after a huge number of iterations.

Color Image Substitution Using a Fast Plaintext-Dependent Keystream Generation Strategy
In the substitution stage, the logistic map [28], which is the most studied example of discrete nonlinear dynamical systems that exhibit chaotic behavior, is employed to generate the keystream sequence for mixing the subpixel values.Mathematically, the map is described by where  is the state variable and  is the parameter.The logistic map behaves chaotically, interrupted by small periodic windows for values of  between about 3.57 and 4. In our scheme,  is set to 4 to avoid those nonchaotic regions.Similarly, the initial condition  0 of the map is used as the secret key for substitution.
The detailed substitution process is described as follows.
Step 1. Preiterate the logistic map for  0 times for the same purpose mentioned above.It should be noticed that the values of 0.5 and 0.75 are two "bad" points, trapping the iterations to the fixed points 0 and 0.75, respectively.If this case is encountered, a slight perturbation should apply.
Step 2. The logistic map is iterated continuously.For each iteration, a 24-bit (3 byte) integer can be obtained from the current state of the map according to where  = 0, 1, . . .,  ×  − 1 and "≪s" denotes a left shift by  bit.For instance, (1 ≪ 24) returns bitwise representation of 1 shifted to the left by 24 bits, which is equivalent to 2 24 .
Step 3. Extract three keystream elements from pseRandInt according to where "≫s" denotes a right shift by  bit and & denotes a bitwise AND operation.It can be seen from ( 7) that the upper, middle, and lower 8 bits of pseRandInt are assigned to kstrEle (red) , kstrEle (green) , kstrEle (blue) , respectively.
Step 4. Convert the plain-pixel to its cipher form according to where (p 3n , p 3n+1 , p 3n+2 ) and (c 3n , c 3n+1 , c 3n+2 ) are the three colored subpixels of the currently operated pixel and its output cipher-pixel, respectively, ⊕ performs bitwise exclusive OR operation, and   is the number of gray levels in the input image (for a 24-bit RGB color image,   = 256).
As can be seen from ( 8), the modification made to a subpixel depends not only on the keystream element but also on its previous ciphered subpixel, and thereby the influence of each subpixel can be spread over all its succeeding ones.For the first subpixel p 0 , the initial value  −1 can be set as a constant.
Step 5. Make the keystream elements depend on the plainpixel by perturbing the state variable of logistic map according to where is the disturbance value determined by the original values of the three colored subpixels of the currently operated pixel.It is clear that  falls within the range between 0 and 0.1, keeping the logistic map operating in chaotic region.
Step 6.Return to Step 2 until all the subpixels in imgData are encrypted.
Step 7. Perform several rounds of the overall permutationsubstitution operations so as to spread the influence of each individual subpixel over the entire cipher-image.
Step 8. Produce the final output by adding a file header identical to that of the input image to imgData.The decryption procedure is similar to that of the encryption process except that some steps are followed in a reversed order.Particularly, the inverse of ( 8) is given by In addition, as can be seen from the above description of the substitution algorithm, the perturbing of the state of the logistic map is performed after a pixel is enciphered and the disturbance value is calculated from the original values of the ciphered pixel.Accordingly, in the decryption procedure, the same disturbance value can be calculated out after a cipherpixel is decrypted.

Analysis of the Randomness of the Substitution Keystream
The randomness of the keystream sequence is crucial to the security of a chaotic cipher.A cryptographically secure keystream generator should generate the keystream sequence without repetition or predictability, thus preventing different parts of a messages encrypted with the repeated parts of the keystream sequence from being intercepted or generated by an attacker.The degree of randomness of a keystream A sequence passes a statistical test whenever the  value ≥  and fails otherwise, where  ∈ (0.001, 0.01] is the significance level.For each statistical test, compute the proportion of sequences that pass.The range of acceptable proportions is determined using the confidence interval defined as where  is the number of standard deviations and  is the sample size.In our experiments, 200 keystream sequences ( = 200), each with a length, in bits, as long as that of a 24-bit RGB color image of size 512 × 512, are generated with randomly selected substitution keys.Together with the chosen standard parameters,  = 0.01 and  = 3, we have 0.968893 ≤   ≤ 1.0.If the proportion falls outside of this interval, then there is evidence that the data is nonrandom.Table 1 lists the test results for the keystream sequences generated using the proposed and conventional methods.As can be seen from this table, the proposed method has a higher pass rate in 13 of the 16 test items, and hence it generates keystream sequences with a higher degree of randomness over the conventional method.

Analysis of the Confusion and Diffusion
Performance of the Proposed Scheme

Analysis of Confusion Performance.
In order to evaluate the confusion performance of the proposed permutation method, we apply it to the standard "peppers" test image (512×512 pixels, 24-bit RGB color) and the result is compared with that of three most widely used methods based on area-preserving invertible chaotic maps, as demonstrated in Figure 2.  (c)-2(e), 2(f)-2(h), and 2(i)-2(k) show the resulting images after applying the cat map, the baker map, and the standard map once, twice, and three times, respectively.The permutation keys, that is, the control parameters of the three maps, are chosen to be { = 40,  = 8},   = {32, 16, 32, 64, 16, 32, 64, 16, 32, 32, 64, 16, 64, 32}, and  = 1024, respectively.As can be seen from Figure 2, the proposed method takes only one round to achieve a satisfactory scrambling effect, whereas more (≥2) is needed by the three conventional ones.Moreover, the colors in the scrambled image produced by the proposed permutation method are much more uniformly distributed than that produced by the three conventional methods.This is because the proposed scheme scrambles the subpixels across all the three color channels, whereas the schemes using area-preserving chaotic maps have to scramble each color channel separately, making the dominant colors of the resulting scrambled image similar to those of its original version.

Analysis of Diffusion Performance.
As is known, the diffusion property is essential to ensure the security of a cryptographic algorithm against chosen-plaintext attack.The differential analysis is the most common way to implement the chosen-plaintext attack.To do this, an opponent may firstly create two plain-images with only one-bit difference and then encrypt the two images using the same secret key.By observing the differences between the two resulting cipher-images, some meaningful relationship between plainimage and cipher-image could be found out, and it further facilitates determining the keystream.Obviously, this kind of cryptanalysis may become impractical if a cryptosystem is highly sensitive to plaintext; that is, changing one bit of the plaintext affects every bit in the ciphertext.
To measure the diffusion property of an image cryptosystem, two criteria, that is, NPCR (the number of pixel change rate) and UACI (the unified average changing intensity), are commonly used.The NPCR is used to measure the percentage of different pixel numbers between two images.Let  1 (, , ) and  2 (, , ) be the (, )th pixel in th color channel ( = 1, 2, 3 denotes the red, green, and blue color channels, resp.) of two images  1 and  2 , where 0 ≤  ≤ , 0 ≤  ≤ ; the NPCR can be defined as where (, , ) is defined as The second criterion, UACI, is used to measure the average intensity of differences between the two images.It is defined as Clearly, no matter how similar the two input images are, a good image cryptosystem should produce outputs with NPCR and UACI values ideally being equal to those of two random images, which are given by For instance, the NPCR and UACI values for two random color images in 24-bit RGB format (  = 256) are 99.609% and 33.464%, respectively.The NPCR and UACI of the proposed cryptosystem are evaluated using five standard 24-bit color test images of size 512 × 512 taken from the USC-SIPI image database.The differential images are created by randomly changing 1 bit in the original ones, as listed in Table 2.The two images in each test pair are encrypted using the same secret key, and their NPCR and UACI values under different number of cipher rounds are given in Table 3.It can be concluded from Table 3 that the diffusion efficiency of the proposed scheme is competitive with that of existing optimal substitution strategies, which take a minimum of two encryption rounds to achieve desired NPCR and UACI values.

Security Analysis
In this section, thorough security analysis has been carried out, including the most important ones like brute-force analysis, statistical analysis, and key sensitivity analysis, to demonstrate the high security of the proposed scheme.

Brute-Force Analysis.
In cryptography, a brute-force attack is a cryptanalytic attack that attempts to break a cipher by systematically checking all possible keys until the correct one is found.Obviously, a cipher with a key length of  bits can be broken in a worst-case time proportional to 2  and an average time of half that.A key should therefore be long enough that this line of attack is impractical, that is, would take too long to execute.As mentioned above, the initial conditions of the hyperchaotic Lü system and the logistic map, which consist of four and one state variables, are used as the permutation key and substitution keys, respectively.The two keys are independent of each other and a 64-bit doubleprecision type gives 53 bits of precision, and therefore the key length of the proposed scheme is 5 × 53 = 265 bits.Generally, cryptographic algorithms using keys with a length greater than 100 bits are considered to be "computational security" as the number of operations required to try all possible 2 100 keys is widely considered out of reach for conventional digital computing techniques for the foreseeable future.Therefore, the proposed scheme is secure against brute-force attack.

Frequency Distribution of Pixel Values.
A good image cryptosystem should sufficiently mask the distribution of pixel values in the plain-images so as to make frequency analysis infeasible.That is, the redundancy of plain-image or the relationship between plain-image and cipher-image should not be observed from the cipher-image as such information has the potential to be exploited in a statistical attack.The frequency distribution of pixel values in an image can be easily determined by using histogram analysis.An image histogram is a graph showing the number of pixels in an image at each different intensity value found in that image.The histograms of the RGB color channels of the "peppers" test image and its output cipher-image produced by the proposed scheme are shown in Figure 3.It is clear from Figures 3(l)-3(n) that the pixel values in all the three color channels of the output cipher-image are fairly evenly distributed over the whole intensity range, and therefore no information about the plain-image can be gathered through histogram analysis.
The distribution of pixel values can be further quantitatively determined by calculating the information entropy of the image.Information entropy, introduced by Shannon in his classic paper "A Mathematical Theory of Communication" [29], is a key measure of the randomness or unpredictability of information content.The information entropy is usually expressed by the average number of bits needed to store or communicate one symbol in a message, as described by   where  is a random variable with  outcomes {1, . . .,   } and (  ) is the probability mass function of outcome   .It is obvious from (17) that the entropy for a random source emitting  symbols is log 2 .For instance, for a ciphered image with 256 color levels per channel, the entropy should ideally be 8; otherwise, there exists certain degree of predictability which threatens its security.
The information entropies of the five test images and their output cipher-images are calculated, and the results are listed in Table 4.As can be seen from Table 4, the entropy of all the output cipher-images are very close to the theoretical value of 8.This means the proposed scheme produces outputs with perfect randomness and hence is robust against frequency analysis.

Correlation between Neighboring Pixels.
Pixels in an ordinary image are usually highly correlated with their neighbors either in horizontal, vertical, or diagonal direction.However, an effective image cryptosystem should procedure cipher-images with sufficiently low correlation between neighboring pixels.Scatter diagram is commonly used to qualitatively explore the possible relationship between two data sets.To plot a scatter diagram for image data, the following procedures are carried out.First, randomly select   pairs of neighboring pixels in each direction from a color channel of the image.Then, the selected pairs is displayed as a collection of points, each having the value of one pixel determining the position on the horizontal axis and the value of the other pixel determining the position on the vertical axis.To further quantitatively measure the correlation between neighboring pixels in an image, the correlation coefficients   for the sampled pairs are calculated according to the following three formulas: where   and   form the th pair of neighboring pixels.Table 5 lists the calculated correlation coefficients for neighboring pixels in the three color channels of the five test  images and their output cipher-images.As can be seen from this table, the correlation coefficients for neighboring pixels in all the three color channels of the output cipher-images are practically zero.The results further support the conclusion drawn from Figure 4.

Key Sensitivity Analysis
. Key sensitivity, another basic design principle of cryptographic algorithms, ensures that no information about the plaintext can be revealed even if there is only a slight difference between the decryption and encryption keys.To evaluate the key sensitivity property of the proposed scheme, the "peppers" test image is firstly encrypted with a randomly generated secret key: hyperchaotic Lü system with initial conditions ( 0 = 9.05791937075619,  0 = 2.53973632587012,  0 = 25.2943698490164, 0 = −28.5802537020945)and logistic map with initial condition  0 = 0.278498218867048, and the resulting cipher-image is shown in Figure 5(a).Then the ciphered image is tried to be decrypted using six decryption keys, one of which is exactly the same as the encryption key and the other five have only one-bit difference from it, as listed in Table 6.The resulting deciphered images are shown in Figures 5(b)-5(g), respectively, from which we can see that even an almost perfect guess of the key does not reveal any   information about the original image.It can, therefore, be concluded that the proposed scheme fully satisfies the key sensitivity requirement.

Speed Performance
As can be seen from the above description of the substitution keystream generation method, three keystream elements can be simultaneously extracted from the current state of the logistic map, whereas only one can be obtained using the conventional method.As a result, the total number of iterations is reduced by 3 times and the encryption time is shortened.We use three 24-bit RGB test images of different sizes to evaluate the computational efficiency of the proposed scheme and compare it with that of an identical copy of the proposed scheme except using a conventional keystream generation method.Each test image is ciphered 10 times with two rounds of permutation-substitution operations, and the average execution times are listed in Table 7.Both schemes have been implemented using C programming language on Windows 7 64-bit platform, and the tests have been done on a personal computer with an Intel Xeon E3-1230 v3 3.3 GHz processor and 8 GB RAM.As can be seen from Table 7, the proposed scheme significantly outperforms the one using a conventional keystream generation method in terms of computational efficiency, and therefore it provides a good candidate for online secure image transmission over public networks.

Conclusions
This paper has proposed a new permutation-substitution type color image cipher to better meet the increasing demand for real-time secure image communications.To confuse the relationship between the ciphertext and the secret key, the positions of colored subpixels in the input image are scrambled using a pixel-swapping mechanism, which avoids two main problems encountered when using the discretized version of area-preserving chaotic maps.To improve the computational efficiency of the substitution process, we introduced an efficient keystream generation method that can simultaneously extract three keystream elements from the current state of the iterative logistic map.Compared with the conventional method, the total number of iterations is reduced by 3 times.The computational efficiency comparison results have shown the superior performance of the proposed encryption scheme.To ensure the robustness of the proposed scheme against chosen-plaintext attack, the current state of the logistic map is perturbed during each iteration and the disturbance value is determined by plain-pixel values.The mechanism of associating the keystream sequence with plainimage also helps accelerate the diffusion process and increase the degree of randomness of the keystream sequence.The results of NPCR and UACI tests indicate that the proposed scheme takes only two encryption rounds to achieve a satisfactory diffusion effect.The results of NIST statistical test indicated that the substitution keystream sequences generated using the proposed method have a higher degree of randomness than that generated by conventional method.We have carried out an extensive security analysis, which demonstrates the satisfactory security level of the new scheme.It can therefore be concluded that the proposed scheme provides a good candidate for online secure image communication applications.

Figure 2 (
a) shows the test image and Figure 2(b) is the resulting image after applying the proposed permutation method once.The permutation key, that is, the initial conditions of the hyperchaotic Lü system, is randomly chosen to be { 0 = 8.14723686393179,  0 = −3.13375856139019, 0 = 15.0794726517402, 0 = −47.8753417717149}.Figures 2

Figure 2 :
Figure 2: The applications of the proposed and three conventional chaos-based permutation methods.(a) The test image; (b) the test image after applying the proposed permutation method once; (c)-(e), (f)-(h), and (i)-(k) are the test images after applying the cat map, the baker map, and the standard map once, twice, and three times, respectively.

Figure 4 :
Figure 4: Graphical analysis for correlation of neighboring pixels.(a)-(c) and (d)-(f) are scatter diagrams for horizontally neighboring pixels in the three color channels of the "peppers" test image and its output cipher-image, respectively.

Figures 4 (
Figures 4(a)-4(c) and 4(d)-4(f) show the scatter diagrams for horizontally neighboring pixels in the three color channels of the "peppers" test image and its output cipherimage with   = 5000, respectively.Similar results can be obtained for the other two directions.As can be seen from this figure, most points in (a)-(c) are clustered around the main diagonal, whereas those in (d)-(f) are fairly evenly distributed.The results indicate that the proposed scheme can effectively eliminate the correlation between neighboring pixels in an original image.To further quantitatively measure the correlation between neighboring pixels in an image, the correlation coefficients   for the sampled pairs are calculated according to the following three formulas:

Figure 5 :
Figure 5: Results of key sensitivity test.

Table 1 :
Results of NIST statistical test.

Table 2 :
Differential images used in NPCR and UACI tests.

Table 3 :
Results of NPCR and UACI tests.

Table 4 :
Information entropies of the test images and their output cipher-images.

Table 5 :
Correlation coefficients for neighboring pixels in the test images and their output cipher-images.

Table 6 :
Decryption keys used for key sensitivity test.

Table 7 :
Performance comparison of two schemes using different keystream generation methods.