Chaotic Cryptosystem for Selective Encryption of Faces in Photographs

In this article


Introduction
Facial recognition is very important today due to its application in security, surveillance systems, forensic analyses, etc. erefore, it is important to conduct investigation in this area, as well as in research in which a system is developed to detect the drowsiness of a conductor, considering its positions, the form around the eye, and whether the head is inclined [1]. ese authors also carried out a balance between image similarities and differences in order to detect human faces even when they had noise or facial expressions and different poses [2]. However, facial recognition can also be utilized to generate damage; thus, it is necessary permit the protection of identity by means of encryption systems, which can be employed to code photographs completely, although it is most recommendable to perform selective encryption, whether on the borders or using facial detection because this considerably reduces the system's time and resources [3,4]. Shakir et al. detected faces in the images, considering a database that contains information of different parts of the skin [5]. Rachmawati et al. elaborated a cryptosystem for Android that employs cryptography [6]. Vela Medina et al. carried out an embedded system that utilizes an intelligent camera, in addition to algorithms to detect and recognize faces in a video surveillance system that performs the capture and storage of the images and subsequently, it sends a message to inform the user [7]. Rodrigues et al. coded the human face in a video sequence using AES and VLC (variable length coding); these authors detected the skin, but the method does not render the faces totally unrecognizable [3]. Khashan et al. implemented border and facial detection methods utilizing OpenCV and employing the Blowfish algorithm for encryption [4]. Also, in the work developed by Hong and Jung, the authors implemented a partial encryption method that only codes the facial region in images and videos; they used a Gaussian skin-color model for detection and, in addition, DES (data encryption standard) and AES (advanced encryption standard) for encryption [8]. Gerhardt et al. selectively encrypted faces in videos using Sophisticated High-speed Object Recognition Engine (SHORE) for the detection and use of AES-256 [9]. In another research, these authors encrypted facial regions by applying multilayer encoding on images in the frequency domain, but they do not divide the human region and it may also encrypt clothing [10]. Also, they encrypted important objects in the image that are detected with the machine learning technique through the OpenCV Library and employed an algorithm called RNS to encrypt these, increasing the encryption speed but losing the context of the original image [11]. ey extract all of the faces that appear in the videos using high-speed support functions with the OpenCV Library, implementing NewHope, public, private, and SHA-3 keys on order to encrypt; faces are encoded in parallel using GPU [12]. Sardar et al. use the tree-structured part model (TSPM) to extract the region of the face; for training, they employ sparse representation coding (SRC), coordinate descent (CD) and block coordinate descent (BCD), and the SVM classifier. ey also implement a variant of BioHashing to generate face code from the characteristic vector.
en, to provide greater security, they adapt the RSA algorithm [13]. Asgari-Chenaghlu et al. use YoloV3 to automatically detect objects or the human body of the ROI delimiter and utilize a cryptosystem based on the chaotic sine map and logistic map systems. ey only detect objects of interest and encode them [14]. Additionally, investigations have also been developed in which the properties of the chaotic systems are taken advantage of, such as the high sensitivity of the initial conditions as well as of the parameters. is is due to that the latter are excellent candidates for the development of cryptographic systems, such as those in which they detect the face in order to later extract regions of the body and encrypt them [15]. Wen et al. selectively encrypt objectives in infrared images employing logistic chaotic maps and sine [16]. ese authors also developed a selective facial encryption system in gray tones utilizing the tent chaotic map [17]. Prabhavathi et al. selectively encrypt regions of interest in medical images utilizing multiple chaotic systems [18]. In addition to the latter, discrete chaotic systems have also been taken advantage of to encrypt images [19][20][21][22]. Ayoup et al. divide the image into blocks and, according to the entropy involved, determine which of these to code using pseudorandomized numbers (PRNs), Arnold's cat map, and AES [23]. e proposed   communication system performs selective facial detection,  identification, and encryption, encoding only the object of  interest and leaving the environment visible, unlike general  encryption, which hides everything. us, encryption time  and resources are reduced compared to the encryption of a  full image and increases the security of people who do not  want their faces to be visible when others post their photographs. It is also useful for protecting identity in the news when someone is presented who is under criminal proceedings. It allows protecting the identity of minors when adults wish to publish photographs, and it can also be used in closed-circuit video surveillance networks or in photographs published through social media and communication. Our system, in contrast to those described in the current research, can selectively encode only faces indicated in a database or manually when the face cannot be identified. In addition, there is an encryption algorithm that implements novel confusion and diffusion techniques; these allow the system to be robust on confronting different attacks, and especially that of the avalanche effect, which not all cryptosystems approve. e remainder of this article is organized as follows: in Section 2, the mathematical models are explained that are implemented during encryption. Section 3 details the functioning and the stages carried out by the communications system, while the results and the tests conducted on the cryptogram are presented in Section 4. Finally, Section 5 presents the conclusions of this investigation.

Rössler Oscillator.
is comprises a simultaneous system of 3 differential equations: where x, y, and z are the dependent variables of time, while a, b, and c are the parameters. In the system, the third equation makes this possess nonlinear chaotic behavior [24].

Communication System
is comprises a server and can have one or more portable devices through which recognition can be performed with the Open Computer Vision (OpenCV) Library or, in a particular case, code selected faces in photographs as well as in videos; this is due to that the latter are composed of a series of photograms, in which it is possible to detect the faces and to code them later. Figure 1 shows the general procedure that the communication system carries out, which includes the following stages:  Figure 2.
(1) Register the data: the information is stored in a database performed in SQLite3 on the persons involved, such as the following: ID, name, and, in addition, it is indicated whether it is necessary to code the face once it is detected in the photographs. is information can be stored in three ways: (i) In a base of local data (limited), stored in the portable device. (ii) Base of complete data, located in a remote server. (iii) Conduct the capture of the data of both databases, that is, local and remote.
(2) Training: this is carried out with the OpenCV Library. In this process, different photographs are taken of the person, whether from the SBC or with another camera, and the process continues with the generation of the vector characteristic of each face, which is stored in the registry of its ID in the database.

Face Detection.
First, the photograph is captured or stored in the single-board computer (SBC). Subsequently, the OpenCV Library is utilized to locate the faces, which are identified and marked with a square, as can be observed in Figure 3.

Selective Encryption.
e system permits manual selection through an interface, in which the face is selected and encrypted, as can be observed in Figure 4.
Also, encryption can be automatic, by means of a communications schema, which performs recognition, taking information locally, remotely, or considering both databases, as demonstrated in Figure 5.
(i) Local: the faces extracted from the photograph are compared with the information that was stored in the database of the local device (SBC) during the training phase, in order to identify them and to determine whether it is necessary to code them. (ii) Remote: it is verified whether there exists information on the face in the local database of the device. In the case of there not being information, optimized encryption is conducted with the purpose of this being more agile, but safe for transmission via Internet; that is, the diffusion technique of the algorithm is employed only for encryption. Later, this is sent to the remote server to carry out the search in its database; in the case of finding it, a signal is returned to the source, indicating that faces should be encrypted.

Generation of the Cryptogram.
Once a certain face is detected that should be coded according to the information stored in the database, the cryptogram should be generated utilizing the following procedure.

Algorithm to Encrypt.
e encryption algorithm can work with any chaotic mathematical model one wishes to employ, as long as the required number of orbits is generated.
e Rössler oscillator is implemented because it generates three complex chaotic sequences, is highly sensitive to initial conditions and system parameters, and uses six keys each time it is resolved, generating a very wide key space.

Security and Communication Networks
Keys (i) Diffusion x1 0 , y1 0 , z1 0 , a1, b1, c1: values corresponding to the initial conditions and parameters used to apply Diffusion I, when the chaotic system of the Rössler oscillator is resolved (equation (1)). x3 0 , y3 0 , z3 0 , a3, b3, c3: keys utilized to apply Diffusion II. startdif 1, stardif 2: the keys necessary in the two diffusion processes, which are utilized as initial position and that can be taken between 1 and L; where L � width image * height image * 3.
(ii) Confusion x2 0 , y2 0 , z2 0 , a2, b2, c2: these initial conditions and parameters are also utilized to resolve the Rössler oscillator (equation (1)). keyconf: initial position between 0 and 5. keyconf 2: value between 0 and 16777215, which is employed to select a position. Apply Diffusion I Each face is broken down into the pixels comprising it, and later into their 3 subpixels (red, green, blue (RGB)), which have a value between 0 and 255.   Step 1: store in a vector of length L, called image, the subpixels of the face: image � R 1 , G 1 , B 1 , . . . , R n , G n , B n .
Step 2: create a vector called dif 1 of size L.
Step 3: resolve R times the system of equation (1), implementing the encryption keys of x1 0 , y1 0 , z1 0 , a1, b1, c1; where R � width image * height image. e values generated of x1 R , y1 R , z1 R are stored in a vector called chaos of length L � 3 * R: Step 4: assign, to the variable Loc, the value of the key startdif 1.
Step 5: take a value of image and assign it to location Loc of vector dif 1, as can be observed in Figure 6:   (4) Step 6: take the absolute value of an element of the vector chaos [j], later adding to it dif 1[Loc]; finally, the result is rounded off and is assigned to the variable inc: Step 7: verify if chaos[j] ≥ 0, then Step 8: else, if chaos[j] < 0, then Step 9: verify if dif 1[Loc] is empty, assigning to it an element of image; else, go to Step 10 (see Figure 7).
Step 10: verify if dif 1[Loc] is not empty and seq � 0, Loc is decreasing, until finding a formerly empty location; contrariwise, if seq � 1, Loc increases. On localizing an empty position, assign to it the element of image. is procedure is presented in Figure 8.
Step 11: repeat Steps 6 through 10, until arranging all of the subpixels of the vector image in dif 1.
Diffusion I algorithm is shown in Algorithm 1. Confusion Step 1: convert, to their value in pixel [0, 16777215], the elements of dif 1 and store them in a pix image vector of R length: Step 2: resolve R times the system of equation (1) using encryption keys x2 0 , y2 0 , z2 0 , a2, b2, c2, yielding as a result three orbits: Step 3: generate integer values between 0 and 16777215, dividing an element of orb x between the absolute value of the highest number of the vector, subsequently multiplying this by 16777215. e result is rounded off and the value of orb Step 4: convert, to a 6-digit hexadecimal, each element of pix image, as shown in Figure 9.
Confusion algorithm is shown in Algorithm 2. Step 5: store, in rotation, the first 6 decimals of an element of the vector orb y, which will be utilized to indicate the number of times that each hexadecimal digit moves among the elements stored in the vector pix image. [6,4,4,5,6,8] Step 6: apply the algorithm of diffusion I to an element of pix image, taking into account the key keyconf and the positions indicated in rotation; later this is converted into a decimal, as can be observed in Figure 10.
Step 7: repeat Steps 5 and 6 until applying the diffusion I algorithm to all elements of pix image.
Step 8: store in the variable before an element of pix image, later applying XOR between pix image[i] and keyconf 2. Repeat this procedure to encrypt all elements of pix image. However, from the second iteration, the value stored in before is used to apply XOR with the pix image elements instead of keyconf 2. e results will be stored in vector cipher. In this step, each pixel value is taken into account in order to apply confusion; thus, a modification in one of these will generate cascade changes in the cryptogram. is process is exhibited graphically in Figure 11.
Step 9: apply XOR between vectors cipher and orb x, with the result stored in vector conf. e procedure is shown in Figure 12.
Diffusion II. Take vector conf and apply the procedure indicated in Diffusion I, but with keys x3 0 , y3 0 , z3 0 , a3, b3, c3 and stardif 2; in the end, the cryptogram is generated.

Algorithm for Decryption
Eliminate Diffusion II Step 1: store the cryptogram's subpixel vector image, which has a length of L � R n + G n + B n .
Step 2: create a vector called conf of size L.

Security and Communication Networks
Step 4: assign, to the variable Loc, the value of key startdif 2.
Step 5: take, from location Loc in vector image, the value and place it in conf. is procedure is shown in Figure 13.
Step 6: take the absolute value of an element of the vector chaos[j], later adding it to a value of conf[i], rounded off the result and assigning it to inc: Step 7: verify if chaos[j] ≥ 0, then Step 8: contrariwise, if chaos[j] < 0, then Step 9: verify if Image[Loc] has a value, assigning it to the next position in conf; contrariwise, proceed to Step 10 (see Figure 14).
Step 10: in the case of Image[Loc] being empty and seq � 0, Loc will decrease; contrariwise, if seq � 1, Loc increases. is procedure is carried out until finding a value and assigning it to conf (see Figure 15).
Step 11: repeat Steps 6-10 until arranging all Image elements in conf.
Eliminate diffusion II algorithm is shown in Algorithm 3.
Eliminate Confusion Step 1: convert the elements of vector conf from subpixels into pixels: Step 2: create orb x, orb y, orb z(Step 2, confusion).
Step 3: again, generate whole values between 0 and 16777215 (Step 3, confusion): Step 4: apply XOR between conf and orb x, with the result stored in cipher, as can be observed in Figure 16. Step 5: assign, to variable before and to vector pix image, the result of applying XOR between the first element of cipher and keyconf 2. Repeat this procedure to decrypt the entire vector cipher. But, from the second iteration, the value stored in before is utilized to apply XOR with the elements after cipher, instead of keyconf 2, as can be observed in Figure 17.
Step 6: regenerate rotation, taking the 6 first decimals of an element of vector orb y. Step 7: implement the algorithm to eliminate diffusion II, taking an element of pix image, the key keyconf and the positions indicated in rotation; later, convert this into a decimal, as can be observed in Figure 18.
Step 8: repeat Steps 6 and 7 until rearranging each element of vector pix image.
Step 9: convert pix image from a hexadecimal into a decimal.
Eliminate confusion algorithm is shown in Algorithm 4. Eliminate Diffusion I. Take vector pix_image and apply the procedure indicated in Eliminate Diffusion II, but with keys x1 0 , y1 0 , z1 0 , a1, b1, c1, and stardif 1; finally, the original image is recovered. Security and Communication Networks that is, only with the diffusion I technique, and Figure 19(h) shows the decrypted image. It can be clearly observed that, individually, both the diffusion technique (Figure 19(b)) and the confusion technique (Figure 19(c)) render the image unrecognizable. at is, on observing the histograms corresponding to the cryptogram, it can be clearly seen that there is greater homogeneity in contrast with the originals; therefore, it is difficult for an attacker to find a relation between the original image and the cryptogram.

Correlation.
ese permit the detection of the linear relation between two variables or images; this analysis yields an R correlation coefficient, which is found within the range of [− 1 to 1]: the more it nears 1 and − 1, the more both images are similar or alike if they yield these exact values. On the other hand, the nearer they are to 0, the greater the number of differences, or they are completely different if R � 0. Figure 21 presents the correlation diagram of the original image with respect to the cryptogram, and it can be observed that coefficient R � 0.00000267625 is very close to 0; thus, it is more difficult for an attacker to attempt to find a relation between both of these.
In Table 2, the results are shown of the correlation analysis. In the first column, the coefficient correlation is presented as generated on comparing the original image vs. the cryptogram; later, the original image was compared vs. the decrypted, with the results presented in column 2. As can be observed, our cryptosystem presents excellent results in comparison with those of other state-of-the-art cryptosystems.
e correlation coefficient was calculated of 1,000 pairs of pixels taken at random, that is, the original image as well as the cryptogram horizontally, vertically, and diagonally, according to components R, G, and B.  Table 4 presents a comparison of the horizontal, vertical, and diagonal distribution of channels R, G, and B, but now taking into account 5,000 pairs of adjacent pixels.
In the results of Tables 3 and 4, it can be clearly observed that our system generates a correlation in the cryptograms that is much closer to 0, nearly null. erefore, the proposed encryption technique renders the loss of the relation among adjacent pixels in the three directions.

4.1.3.
Entropy. Entropy allows verification of the level of randomness or of how unpredictable the pixel values are in an image, which is the determination of the level of disorder of a cryptogram: the more the latter nears 8 or is equal to it, the better the processes of diffusion and confusion of the cryptogram and is more robust to an entropy attack, due to the degree of randomness of the       percentage of changes in the location of the pixels of two images. NPCR should yield a value near 100%, indicating that both images are very different.

UACI (Unified Average Changed Intensity).
e average is calculated of the differences in the intensity of the pixels of the two images. is should yield a result greater than 33%.
NPCR and UACI were calculated with two cryptograms generated with nearly all of the same keys, with the exception of one carried out with a small change in the least significant decimal digit. NPCR results were obtained of above 99% and those of UACI were above 33%. erefore, the proposed system takes as input a plane image and with a small change, generating a very different cryptogram. Table 6 presents the results of this analysis.
In Table 7, the result is presented of the analysis of the NPCR and UACI of the two cryptograms that were generated from the two images that were only differentiated because in one of these, the least significant bit of a red subpixel was changed; it also yielded NPCR> 99% and UACI> 33 as a result. erefore, the proposed system is very sensitive to the plane image and would provide robustness when encountering a differential attack.

Avalanche Effect.
is analysis reflects the sensitivity of the encryption algorithms to a small change in the parameters (in the key or in the plane text) of the entry Input: vector cryptogram, stardif 2, x3 0 , y3 0 , z3 0 , a3, b3, c3. Output: vector conf (1) image � convert cryptogram to its values in subpixels.
Chaos[j] � Solve Equation (1) with RungeKutta − 4 and keys x3 0 , y3 0 , z3 0 , a3, b3, c3. (11) inc � round(|chaos[j]| + conf[i]) (12) if chaos[j] ≥ 0 then (13) Loc � Loc + inc (14) seq � 1 (15) end (16) else if chaos[j] < 0 then (17) Loc � Loc − inc (18) seq � 0 (19) end (20) if (image [Loc] is not NULL) then (21) conf is NULL) and (seq � 0))then (24) while (28) end (29) else if ((image[Loc] is NULL) and (seq � 1))then (30) while ( information, which should cause a great change in the cryptogram [35]. is test was utilized to verify the differences between the two Lena images, in which, in one of these the least significant bit was modified in channel R in one of the initial pixels, and later compared with another without any change. Figure 25(a) depicts the remainder between the two pixels and difference was able to be appreciated clearly. Figure 25(b) presents the remainder of the two pixels of the 2 cryptograms generated on encrypting the 2 Lena images, and it can be clearly seen that these are different. e proposed algorithm passes this test due to that the diffusion technique is applied on two occasions and, in addition, the pixels were taken into account on coding during confusion.

Sensitivity of the Key.
To verify whether the image can be recovered with different keys, Figure 19(a) was encrypted with the keys of Table 8, generating the cryptogram of Figure 27(a), which was recovered correctly utilizing the same keys with which it was encrypted (Figure 27(b)). Recovery was also attempted by the alteration of x3 0 of 0.75749573951 to 0.75749573952, yielding as a result Figure 27(c). With the latter, it was proven that, on performing a small change in one of the keys, the image was unable to be recovered correctly.

Speed
Tests. Algorithm speed was tested in an Omen 17 An101la laptop, with an Intel Core i7-8750 H 2.20 GHz processor, a Wester Digital Black 512 GB SSD hard drive, 16 GB RAM DDR4-2666 MHz, and the encryption algorithm was performed with Java language programming. Table 9 presents a comparison of the encryption speed of the proposed system with other investigations.

Encryption Quality Analysis.
To verify the quality of the encryption, we calculated the maximum deviation: to evaluate the deviation between the intensity of pixels of the original image and the cryptogram. If the value is high, the quality of the encryption is good. Irregular deviation allows to statistically evaluate the quality of the intensity of the pixels in the cryptogram. If it is high, the pixels are uniformly distributed. Deviation from ideality: this detects the probability of distribution of the pixels in the cryptogram. e closer to zero it is, the better the quality of the cryptogram [39]. (Table 11)

Conclusions
In this article, a communication system is proposed that utilizes portable SBC devices and a server that performs detection, identification, and selective facial encryption, and the system implements diffusion and confusion techniques that, when applied individually, render cryptograms unrecognizable. However, to strengthen security, the techniques can be applied in layers, that is, the order in which diffusion or confusion is implemented and the number of times they are applied depends on the user. In fact, each time one of these techniques is used, the number of keys increases; thus, it is more difficult for an attacker to retrieve the original image. Based on the tests, it is recommended to apply the algorithm in the following order: diffusion I-confusion-diffusion II, for optimal encryption in matters of time and security. Furthermore, the algorithm considers the order and value of the pixels to encrypt; therefore, a small change in these or in the keys generates different cryptograms resistant to an avalanche attack, which not many cryptographic systems resist. Encryption time is longer than in other systems because it is preferred to provide more security when implementing a much larger key space, but if speed is preferred over security, only diffusion or confusion can be implemented.
To verify the system's robustness, a statistical analysis was carried out, in which it can be observed that the histograms generated from the cryptogram present excellent homogeneity in pixel distribution. In addition, by means of the diagrams of correlation and entropy, it was determined    that the algorithm provides relevant disorder. Additionally, through NPCR and UACI, the differences were verified between the location and the intensity of the pixels, generating results of NPCR>99 and UACI>33; therefore, the system is robust on confronting differential attacks. Additionally, the cryptosystem does not obligate the implementation of a unique mathematical model; it is possible to utilize any model that generates chaotic orbits, which renders it highly sensitive to the encryption keys. For correct facial detection and identification, it is necessary to conduct the training using photographs of the persons to be identified and encrypted. e greater the number of photographs employed during this stage, the more accurate the recognition will be. In addition, the faces should not be superimposed or incomplete, and it is recommended that the photographs be controlled or semicontrolled in order to avoid that, at the time of detection and recognition, the position of the camera, the angle of the faces, the facial expressions, luminosity, and distance can affect. Also, when performing the recognition, this can affect whether persons have different makeup, hair tone, and natural aging. erefore, it is recommended to train the system with different changes. During the tests carried out with the OpenCV Library, there have been cases in which persons are very similar and are confused with others. e library can also sometimes recognize some objects as faces. To correct this problem, the proposed system allows for manually selecting those one wants to encode. Another problem that can be generated is that the cryptograms overlap when the faces are close together.
On utilizing the SBC, the use is reduced of hardware resources and it provides greater portability in that only when necessary is a superior database consulted in a remote server; also, the algorithm can be utilized in mobile devices.
e communications system can be employed in police departments and military units to carry out searches for persons, for video surveillance, to safeguard the identity of persons in companies, for journalistic uses, and for uses in the social and communications media.
Data Availability e images, algorithms, and study data are included in this article.

Conflicts of Interest
e authors report that they have no conflicts of interest about the publication of this article.