Robust Image Encryption Based on Balanced Cellular Automaton and Pixel Separation

. The purpose of image encryption is to protect content from unauthorized access. Image encryption is usually done by pixel scrambling and confusion, so process is possible to reverse only by knowing secret information. In this paper we introduce a new method for digital image encryption, based on a 2D cellular automaton and pixel separation. Novelty in the proposed method lies in the application of the balanced 2D cellular automata with extended Moore neighborhood separately on each level of pseudorandom key-image. This process extends key space several times when compared to the previous methods. Furthermore, pixel separation is introduced to define operation for each pixel of the source image. Thanks to pixel separation, decryption process is more difficult to conduct without knowing secret information. Moreover, encryption is robust against different statistical attacks and analysis, does not affect image quality and can cope with loss of encrypted image content.


Introduction
Nowadays images are widely used in various applications, such as communication, multimedia systems, medical imaging, telemedicine, monitoring, and military communication, so their security is becoming increasingly important.Generally, encryption is used to effectively protect images transmitted through public channels, because it makes images unrecognizable, unless decrypted by a secret key.There are several conventional encryption methods, but these algorithms have limitation in encrypting images such as low efficiency, bulky data, and high correlation among pixels [1].
Image encryption algorithm is considered reliable if: the scheme is secure against different statistical and plaintext attacks; there is no visual degradation of decrypted image; corruption of encrypted image part does not propagate on the whole decrypted image; key space is large enough to make it impossible to guess correct secret information; encrypted images show random properties.
Good candidates for image encryption are cellular automata (CA), thanks to their properties like parallelism, homogeneity and unpredictability [2][3][4].Cellular automata are distributed systems with a large number of rules that can simulate complicated and pseudorandom behaviors [5].In recent years, CA has been used for image cryptography in following areas: watermarking [6], [7], secret image sharing [8][9][10][11], and image encryption [12][13][14][15][16][17][18].The first image encryption system based on cellular automata was designed with one-dimensional elementary CA [16].This approach uses only two neighbors to define CA rules so its key space is quite small.Later, 2D cellular automata are introduced for image encryption.Most of approaches use Von Neumann neighborhood [12], [13], [19], [20], or incomplete Moore neighborhood [14], which also influences the capacity of key space.Later, image encryption method based on Moore and extended Moore neighborhoods is introduced [21], but it reduces possible key space volume due to Moore neighborhood size.Chaos theory is applied in [22], however it is quite complex to be used for image encryption and it results in a very small key space volume.
In this paper we introduce a new method for digital image encryption, based on a 2D cellular automaton and pixel separation.First, sender and receiver exchange secret information: seed and separation values.Then 2D cellular automaton with extended Moore neighborhood is used to generate pseudorandom key-image based on selected seed.Encryption is then performed by combining source image with key-image.In this process pixel separation is applied to define operation for each pixel based on secret separation values.Operation for each pixel is selected among ten possible operations making it more difficult to decrypt the encrypted image without secret information.
The rest of the paper is organized as follows.In Sec. 2 the proposed method is presented.Section 3 brings simulation results, and Section 4 contains comparison to state of the art methods.Conclusion is given in Sec. 5.

Proposed Method
The proposed method is based on the idea of combining a source image (the image that should be encrypted) with a key-image.Pseudorandom key-image is generated using balanced cellular automaton rules, which are applied on binary levels.Also, rules are formed on extended Moore neighborhood which extends key space.In encryption process, pixel separation is introduced to make decryption more robust and complicated for unauthorized party.

Cellular Automata
Cellular automaton (CA) [24] is a discrete system that contains a regular grid of cells, each in one finite state.A CA can be presented by a quadruple [24]: where: CA rules that contain equal number of zeros and ones, meaning that half of neighborhood combinations result in zero and other half in one, are called balanced rules.It can be proved that the image generated by the balanced CA rules has higher entropy than the image generated by the unbalanced CA rules [5].

Encryption
Encryption of image is done in three steps.First, secret information is generated: seed S is chosen as a random number in the range [0, 2 32 ], and separation values S v are generated as an arbitrary sequence of numbers from 0 to 9 (corresponding to the number of used operations).Secret information {S, S v } is transmitted using secured channel.Then pseudorandom key-image is created using cellular automata and secret seed S (see Sec. 2.2.1).Finally, encryption is done by combining the key-image with the source image using pixel separation algorithm and separation values S v (see Sec. 2.2.2).

Pseudorandom Key-Image Generation
The pseudorandom key-image is generated by applying CA rules on pseudorandom binary levels and combining it in a new image.Generation of the pseudorandom key-image is done using the following steps:  Generation of binary levels: Each number K i is first used to generate M × N pseudo random binary matrix B i (M × N correspond to the size of the source image).
 Selection of CA rules: Number K i is used to choose CA rule R i for binary level i. CA rule R i is chosen as the balanced rule nearest to the number K i , and defined as: where nn represents the nearest neighbors function.
In chosen CA configuration with 25 neighbors, there are 16777216 balanced rules.
where de2bi represents decimal to binary function.
 Key-image forming: binary images B ic , i = {1, 2, …, 8} are formed into a pseudorandom key-image K by using matrix B ic as the i-th binary level of keyimage K.

Pixel Separation
After generation of pseudorandom key-image K, encryption of image is done using pixel separation:  Separation values S v are used to make a new order of operations for combining source image and keyimage.This is done by changing index of each operation according to secret separation values S v . (0) ( Note that last 2 operations involve changing of the most significant bit of pixel I(x, y).We introduce 10 different operations because smaller sets do not introduce enough confusion in pixel values.
 Pseudorandom key-image K is used to determine operation type index (T) for each pixel in the source image using the last digit at each location.
In this step, pixels are separated in ten different groups according to operation type, and we call this process pixel separation.
 Each pixel in source image I(x, y) is then encrypted by applying operation O T(x, y) on image I(x, y) and keyimage K(x, y).The result of encryption is encrypted image E.
Advantage of this process lies in the fact that encrypted image is more difficult to decrypt, because decryption requires correct guessing of the used operation for each pixel in the source image.The result of decryption is the decrypted image, which is identical to the source image.

Key Space Analysis
Secret information used for encryption of a source image is noted as a key.The first part of the key is seed S, selected randomly in range [0, 2 32 ].Note that upper limit is set according to Matlab limit for pseudo number generator input.Therefore, probability to select the right seed is equal to: Having in mind that we use 25 CA neighbors, there are 2 25 = 33554432 possible binary combinations of binary values 0 and 1, and 2 33554432 possible rules.Probability to select the right CA rule for one binary level is: The second part of the key contains separation values.There are 10! = 3628800 possible combinations to use.Possibility of using the right combination is: The volume of the proposed secret key is very large due to the fact that different CA rule is selected for each binary level of the key, and can be defined as:

Key Sensitivity Test
least significant bit of the seed is changed, so that the original seed becomes S 2 = 72635291, and used to encrypt the same image.Finally, the two encrypted images, encrypted by the two slightly different seeds, are compared.Results are presented in Fig. 1.The difference between two images encrypted with seeds that differ in only 1 bit is quite large.This illustrates that the proposed method generates uncorrelated key-images that cannot be predicted.
We also calculated the number of pixels change rate (NPCR) between encrypted images E 1 and E 2 as: where N and M is the width and height of E 1 and E 2 .
For two independent random images, the expected value of NPCR is: E(NPCR) = (1 -2 ) • 100, where L is the number of bits used to represent one pixel of the image [21].For 8-bit per pixel gray-scale random images, E(NPCR) = (1 − 2 8 ) • 100 = 99.6094%.Value of NPCR in our example is equal to 99.38%, which proves that the method generates unpredictable key-images.
To measure the average intensity of the differences between the two encrypted images, the unified average changing intensity (UACI) is defined as:  where N and M is the width and height of E 1 and E 2 .For two 8-bit per pixel random gray-scale images, the expected value of UACI is E(UACI) = 33.4635%.

Image Histogram
To demonstrate robustness of the proposed method, we calculated histogram and probability density function (pdf) of two original and encrypted images.In general, more uniformed histogram results in less statistical attacks.Figure 2 shows pdfs of Lena and Cameraman and their encrypted versions.Encrypted images have almost uniform pdfs regardless of the original images, so statistical attacks are very difficult to conduct.
Correlation between pixels is also a good indicator of security.The smaller correlation means the better encryption effect.To demonstrate encryption effect, we calculated the correlation coefficient as: where  for five images and their encrypted version are presented in Tab. 2. The proposed algorithm effectively reduces the correlation between adjacent pixels for all tested examples.Note that correlation is especially reduced in the case of plain image.

Information Entropy
Entropy of message m is one of the important features for randomness, defined using probability of symbol p(m i ):  For images with random pixels which are encoded by 8 bit, entropy should be equal to 8.However, entropy is usually smaller than 8, but a value closer to eight means that the possibility of predictability is less and the security level is higher.

Image
Figure 3 shows examples of image entropy for two encrypted and decrypted images.Decrypted images are identical to source images, which means that the proposed method does not influence image quality.Also entropy of encrypted images is very close to 8, which indicates their randomness.
Table 3 shows entropy of source images and their encrypted versions (seed S = 75129 for all examples).Encrypted images have entropy close to 8, which proves that the predictability is very low.Note that entropy is close to 8 even in the case when plain image is used as a source image.

Confusion Analysis
Confusion refers to making the relationship between the encrypted image and the private information as complex and uncorrelated as possible.We previously demon-strated the difference between two encrypted images using seeds that differ in only 1 bit (Fig. 1).An excellent encryption algorithm should be sensitive to small changes in seed.In other words, a slight change in the key should cause very different results.Figure 4 demonstrates results of decryption of encrypted Circle image with different seeds.Furthermore, we simulated encryption of plain image using seed S = 298375.Then, encrypted image is decrypted using seed that differs in only one bit (S = 298374).Results are shown in Fig. 5, where it is possible to notice that the proposed method does not generate relationship between plain image and encrypted plain image.Also, since there is only 1 bit difference between the two seeds, the results show the high key sensitivity of the proposed CA encryption scheme.Moreover, we tested decryption in the case when correct seed S is used, but incorrect separation values S v are applied.Results are presented in Fig. 6, showing that small difference in separation values' order leads to inability to decrypt image even if correct seed S is used.Analysis also showed that equal percentage of operation type is applied to image pixels and that operations are distributed randomly on image.

Survival Properties
The proposed method is also robust to loss or corruption of encrypted image parts in a way that only the corresponding fraction is affected and the error does not propagate to other parts of the decrypted image.Good survival properties assure that a large area of the image survives so the method is reliable in transmissions with high error rate.Figure 7 demonstrates that loss of image's part did not affect other parts of the decrypted image.
Figure 8 shows the influence of noise on the decrypted image in the case when Gaussian noise and salt and pepper noise is applied on the encrypted image.Again, corruption of some pixels did not corrupt the whole image.

Time of Calculation
Time of calculation is an important factor for application of any method in the real time systems.

Comparison to Other Methods
The volume of the security key is much larger than the volume of the key introduced in [14], which is equal to 256.It is also much larger than 10 9536 , 10 2194 × i , and 10 14775 which are the lower bounds of the volume of the security keys introduced in [12], [19], and [20], respectively.Moreover, it is several times larger than the security key introduced in [21], which is defined as H!e × 10 10101039 , where H is the height of the image.Key space is also much larger than chaos based key space proposed in [22], which is equal to 2 280 .Table 5 contains comparison of key space.
By comparing the entropy with other methods, it is possible to notice that the proposed method assures higher entropy than [19], where entropy is 7.9971 and 7.9974 for Lena image and two different key-images.The value of entropy for Lena image is also higher than 7.9886 as accomplished with the method proposed in [21].Table 6 contains comparison of image entropy values for Lena image.

NPCR UACI
Von Neumann [20] 99.47 % 31.82 % Extended Moore [21] 99.77 % 33.49 % Chaos theory [22] 99 Values of NPCR and UACI are given in Tab. 7. The proposed method accomplished a bit lower value of NPCR, but it is still above the limit defined by (12).The value of UACI for the proposed method is higher than for other methods.

Conclusion
Robust and reliable image encryption is a key for effective protection in transmission through public channels.The main idea is to make images unrecognizable and assure that decryption is possible only using a secret key.The proposed method combines cellular automata and pixel separation to provide robust image encryption.It relies on secret information in the form of seed and separation values.Encryption of source image is accomplished using pseudorandom key-image, created by 2D cellular automaton.Cellular automata are good candidates for generation of pseudorandom numbers thanks to their properties like parallelism, homogeneity and unpredictability.Different CA rule is chosen for each binary level of pseudorandom key-image based on selected seed.Selection is limited to balanced rules, which results in higher entropy of keyimage.CA rules are applied on extended Moore neighborhood, which results in larger key space.Finally, encryption is performed by combining source image and key-image.Pixel separation is applied to select right operation for each pixel based on secret separation values.Ten operations are defined to make decryption of an image without secret information more difficult.Key space analysis shows that the proposed method has very large key space, which is important to avoid guessing of secret information.Key-images generated by the proposed method have good randomness property as demonstrated through sensitivity test.Randomness is proven also by calculating the entropy of encrypted images, which was very close to 8. Furthermore, image histograms are used to show almost uniform pdfs of encrypted images making statistical attacks very difficult to conduct.By calculating correlation coefficient, it is demonstrated that the algorithm effectively reduces the correlation between adjacent pixels.Survival properties in the case of data loss and noise, as well as computational time, are satisfactory for real time systems.
Comparison to the state of the art methods shows that the proposed method accomplished the largest key space volume while keeping very good randomness.

Fig. 1 .
Fig. 1.Examples of encryption of Lena using two very similar seeds.
(5) key-image K, as described in Sec.2.2.2.Note that the same operation set is applied in decryption process, but encrypted image E is used instead of source image I in(5).
 Receiver uses seed S to generate pseudorandom keyimage. Receiver uses separation values S v to make a new order of operations for combining encrypted image E

Table 1 presents
NPCR and UACI values for all tested images with different pair of seeds (S 1 , S 2 ).Values of NPCR and UACI indicate that encrypted images have good randomness.

Table 4
Comparison of NPCR and UACI for different methods.