AN IMAGE ENCRYPTION SCHEME UTILIZING HARPER’S MAP

This paper deals with an image encryption scheme, which could be used for improving security of steganographic algorithms. Higher level of security is reached by masking information contained in secret data by their encryption. Therefore in the worst case, the attacks would yield encrypted version of secret data in the worst case. After brief description of reasons for usage and drawbacks of already used solutions, the paper presents one of chaotic maps as possible tool for encryption algorithms construction. Properties of this map and proposed algorithms are discussed in detail. The effects caused by application of described encryption scheme are illustrated by performed experiments.


INTRODUCTION
Despite easier means of steganalysis, algorithms of substitution steganography are still widely used.One of their biggest advantages is their simplicity.For ensuring that the secret message, which is being transmitted would be safe from possible attacks, it could be encrypted prior to its embedding [1].However, many conventional ciphers (such as Advanced Encryption Standard -AES) were designed for input data in form of text strings.The properties of images, which are used in the majority of steganographic techniques are quite different.This fact can result in not sufficient performance of ciphers applied on an image.
Effects displayed on Fig. 1 are caused by the design of AES and used mode of operation.Used original image had resolution of 256x256 pixels and it was grayscale.Because AES is a block cipher, images have to be split into set of blocks.Block size of 128 bits means 16 bytes are encrypted at the same time, which can be represented as a block of 4x4 pixels.Used mode of operation determines how will be the values in blocks treated during the encryption.The simplest mode is called Electronic CodeBook (ECB).ECB uses only one value from processed image block for producing one encrypted value.This approach results in mapping of the input values set into set of encrypted values, which makes frequency analysis possible [2].On the other hand, stream ciphers suffer mainly from redundancy of image pixels.Similar intensities of adjacent pixels cause small differences between produced encryp-ted values.Hence, the rearrangement of image pixels before usage of a stream cipher can be considered as practical.
First attempts at creating ciphers based on chaos can be traced to the late 1980s [3].In these cases, the algorithms use one of chaotic maps with behavior that is not easily predictable.Some of the chaotic maps use a parameter, which could be then used as a key in designed cipher.
Well-known architecture of chaotic ciphers was proposed by Fridrich in late 1990s [4].In mentioned approach, encryption consists of two stages, confusion and diffusion.Confusion step is used for rearrangement of image pixels, while diffusion changes their intensities and makes attacks such as statistical and differential attack ineffective.
The rest of the paper is organized as follows: chapter II provides a brief review of related work and Harper's map, which is used for purposes of confusion and diffusion.Third chapter describes proposed algorithms.After that, performance of proposed solution, commonly used attacks and countermeasures taken by proposed solution are discussed in chapter IV.The paper ends with conclusion.

RELATED WORK
First encryption algorithms based on chaos utilized chaotic maps with one variable which changed its values in following iterations of the map.Later, the increasing performance of computers allowed usage of chaotic maps with more dimensions.As the digital images could be represented as matrices with two dimensions, many researchers tried to apply two dimensional chaotic maps for purpose of image encryption.However, majority of these maps have some disadvantages.
The bakers' map utilized by Fridrich in [4] requires a division of image into a set of regions.Then the pixels in these regions are shuffled.Because key is entered as set of region sizes, it is quite unpractical to remember for human user.Also the key values need to be chosen in a way that utilizes all image pixels in division to regions, so the key elements could not be arbitrary numbers from some range.
One of other frequently used two dimensional chaotic maps is Arnold's cat map.Because the equations of this map are quite simple, this map has numerous applications in image encryption.However, drawback of the simplicity is well studied bevavior of the map [5].This behavior includes relatively small periods of the map which could be used for extraction of data from encrypted image.
The periodicity issue is not as serious for standard map described by Chirikov in [6].This map has one parameter which is usually set by portion of key entered by users.One of the first applications of standard map was described by Lian, Sun and Wang in [7].Their encryption scheme uses the map for block processing during two stages of algorithm.This approach was further improved by Wong, Kwok and Law in [8], where the number of pixel shuffling rounds was reduced, but the results were still comparable.Another solution was provided by Fu et al. in [9], where the second stage uses two directions of spreading instead of one.However, the results of this proposal could not be compared with the others, as it uses different map -Chebyshev map for the changing of pixel intesities.

Harper's Map
Harper's chaotic map was firstly introduced as a model of electron movement in two-dimensional space under influence of magnetic field [10].Harper's map can be used for design of chaotic cipher in same way like Arnold's cat map, standard or baker's map [4,11].
The equations for Harper's map could be discretized for sets of integer pixel coordinates x i , y i ∈ {1, 2, ..., n}, where i is sequential number of iteration, n is the height and also the width of input image as (1): where round denotes operation of rounding to nearest integer, K and L are parameters of the map, K, L ∈ {1, 2, ..., n}.
Effects of several iterations of Harper's map are displayed on Fig. 2. Used image has relatively small resolution (16x16 pixels), which is useful for highlighting the properties of Harper's map.Due to the fact that Harper's map was originally proposed for unit squares, the discretized version uses only images with square resolution (of nxn pixels).This can be considered as a drawback, however non-square images could be split to set of overlapping square blocks [12].
Discretized versions of chaotic maps tend to be periodic because of finite amount of possible pixel locations.The period can be calculated by construction of orbits, in case of Harper's map it depends on resolution of used image n and values of parameters K and L. The concept of orbits is further described in several sources, e. g. in [13].
Results in Table 1 show that Harper's map has relatively long period even for small values of resolution n.This fact is desirable for creating ciphers with large key space.Original image can be achieved by computing set of equations, which are inverse to (1).This set is given as (2): (2)

PROPOSED SOLUTION
Algorithms used for encryption and decryption are similar, but steps of second mentioned operation are in reverse order [14].Both operations are done in two stages.Encryption algorithm is described in detail in following chapters.

Confusion
Confusion is responsible for reduction of correlation between adjacent image pixels.This is done simply by calculation of new pixel coordinates with usage of Harper's map.Number of computed iterations n Ic and values of parameters K c and L c are parts of key chosen by user.

Diffusion
Diffusion algorithm modifies intensity of rearranged pixels.The set of pixels should produce balanced histogram, so the amount of information which could be used for analysis would be minimal.Newly computed values should also be sensitive to changes made in original image which helps preventing differential attacks.This could be achieved by chaining, which uses previously computed values in calculations done with actual pixel intensities [15].
Steps of direct diffusion are given as Algorithm 1.All operations with bits use big-endian ordering scheme.5. Two coordinates x and y are computed from the bits using (3): (3) 6.At this point, each pixel intensity has two coordinates x, y in matrix with 16 rows and 16 columns.8. New value v after diffusion is calculated from obtained bits by applying (4): 9. After calculating value of v for every pixel in img, the diffusion algorithm iterates for second time.In the second iteration first value v uses last value of v from first iteration for chaining.The values of v after second iteration are stored in matrix di f .

Key Space and Key Sensitivity
Encryption algorithms should provide sufficiently large key space for preventing brute-force attack.The key used in proposed algorithm consists of six values -n Ic , n Id , K c , L c , K d and L d .Range of first two values is given by period p n which depends on image resolution n.Range of other four values is affected directly by image resolution n.Therefore the size of key space num k can be computed as (5): where p n is period for chosen value of n, K c , L c , K d and L d .For original image from Fig. 3 (with n = 128), the size of key space num k is approx.5.984 • 10 106 which could be considered as sufficient against brute-force attacks.
The dependence on used keys is illustrated on Fig. 3.

Statistical Attack
These attacks try to get some information about image from its encrypted version.Robustness against these attacks is evaluated by shape of histograms of original and encrypted image or by scatter plots of adjacent pixel correlation.
Histograms of pair of corresponding images are shown on Fig. 4. Encryption should suppress major peaks visible in histogram of original image.This example used key k 1 .Fig. 5 contains scatter plots for correlation of 1000 randomly chosen pairs of horizontally adjacent pixels.The distribution of points in plot for encrypted image should be near uniform for achieving sufficient level of diffusion.

Differential Attack
This kind of attack tries to determine operations done during the encryption by comparing encrypted versions of two input images with only small changes.In an ideal scenario, even one small change between two input images should create unpredictable differences between their encrypted versions.For this reason, the diffusion algorithm uses chaining.Second iteration of the algorithm is necessary for distribution of every change made in pixel intensities through all values, which are going to be calculated.
Robustness against differential attacks can be computed via two metrics [16].These metrics use pair of images consisting of original image O and corresponding encrypted image E. First of the metrics, Number of Pixels Changing Rate (NPCR) simply computes the percentage of pixels with different intensities.Level of intensity change is taken into account in calculations of Unified Average Changing Intensity (UACI).Equations for NPCR and UACI are denoted as ( 6) and (7): where l and k denote indices of rows and columns, h and w are height and width of image (in our case L is the color depth of image (8 bits for grayscale images).
The calculations of NPCR and UACI were repeated in 100 iterations for original image from Fig. 3 and its version encrypted with key k 1 .Arithmetic means for NPCR and UACI were 99.0906 % and 33.5346 %.

COMPARISON WITH OTHER APPROACHES
Performance of our algorithm could be compared with results achieved by proposals that utilize standard map which is closely related to Harper's map.However some different properties of the algorithms do not allow 'direct' comparison.For instance, the size of key space for our solution depends on resolution of used image.Still, the key space produced for image with resolution of 128x128 pixels (approx.5.984 • 10 106 or 2 354.71 ) is much bigger than key spaces with sizes of 2 256 in [7,8] or 2 167 in [9].
Values of NPCR and UACI were evaluated on image lena which was grayscale with resolution of 512x512 pixels.True color version of this image can be found in USC-SIPI image database [17].In order to establish similar testing conditions for all proposals, our algorithm was used for the same amount of iterations as solutions given in [7,8] -it was used in six consecutive iterations of encryption with the same key (K c = K d = L c = L d = 256).The resulting values are shown in Table 2.
Table 2 Computed values of NPCR and UACI approach ref. [7] ref. [8] proposed The results show that our solution reaches the best value of NPCR, while the value of UACI is between those yielded by [7] and [8].However, the difference between values after smaller number of iterations is not so big in case of our algorithm (compare last paragraph of chapter 4.3 and Table 2 from [8] for more details).

CONCLUSION
This paper dealt with design of chaotic cipher based on Harper's map.The cipher uses conventional approach consisting of two steps, confusion and diffusion.Main difference of proposed technique is in the way how it treats pixel intensities in the diffusion stage.However, proposed solution has also some drawbacks, e. g. some keys from the key space could be considered as 'weak'.The algorithm for selection of suitable keys could be a topic for future work.
Properties of our algorithm were compared with those achieved by other solutions based on standard map which is closely related to Harper's map.As it was shown, the second mentioned map also shows sufficient chaotic behavior which could be used in various applications, such as in those requiring higher security of processed, stored or transmitted data [18,19].

Fig. 1
Fig. 1 Image encrypted in ECB mode with key thisisasecretkey

Fig. 2
Fig. 2 Effects of Harper's map applied on image

Algorithm 1 :
Diffusion algorithm Input : grayscale image img, number of computed iterations n Id , parameters K d and L d Output: grayscale image after diffusion di f 1.A value v from matrix img is obtained.2. Chaining is performed by adding previously computed value to v. First value of v does not use chaining.The resulting values v c are taken as moduli of 256. 3. Value v c is decomposed to 8 bits b 1 , b 2 , ..., b 8 .4. Bits b 2 , b 3 , b 5 and b 8 are negated.This helps to achieve some diffusion also for values like 0, or 255.

7 .
Harper's map(1) with parameters n Id , K d , L d is used for mapping the set of coordinates into a new set.Coordinates from new set x and y are decomposed to two sets of 4 bits x 1 , x 2 , x 3 , x 4 and y 1 , y 2 , y 3 , y 4 .

Fig. 3
Fig. 3 Key sensitivity of proposed algorithm