A New Algorithm for Medical Color Images Encryption Using Chaotic Systems

In this paper, we present a new algorithm based on chaotic systems to protect medical images against attacks. The proposed algorithm has two main parts: A high-speed permutation process and adaptive diffusion. After the implementation of the algorithm in the MATLAB software, it is observed that the algorithm is effective and appropriate. Also, to quantitatively evaluate the uniformity of the histogram, the chi-square test is done. Key sensitivity analysis demonstrates that images cannot be decrypted whenever a small change happens in the key, which indicates that the algorithm is suitable. Clearly, part of special images is selected to test the selected plain-text, like an all-white image and an all-black image. Entropy results obtained from the implementation of the algorithm on this type of images show that the proposed method is suitable for this particular type of images. In addition, the obtained results from noise and occlusion attacks analysis show that the proposed algorithm can withstand against these types of attacks. Moreover, it can be seen that the images after encryption and decryption are of good quality; the measures such as the correlation coefficients, the entropy, the number of pixel change rate (NPCR), and the uniform average change intensity (UACI) have suitable values; and the method is better than previous methods.


Introduction
The confidentiality of patient information is one of the vital security aspects of electronic health services. For example, the confidentiality of patients' medical records is necessary. In addition, the methods of protection should be improved due to the rapid advancement of technologies for accessing the personal information of individuals. The security and privacy of medical image transferring is one of the acute subjects that should be seriously considered in telecare medical information systems (TMIS). In the past years, medical images were grayscale, but today, color images have entered the medical arena, and they can show more accurate information about body conditions. Color images that are acquired by new scanners using the Medipix3RX chip technology are very important in the medical arena. Image-data transferring from a position to another via an unsafe network are usually determined in qualifications of privacy, validity, totality, and confidentiality. Therefore, more significance should be given to the security of the sensitive data that are included in medical images by DICOM (digital imaging communication in medicine). In this textuality, many problems using various cryptographic techniques have been proposed in the literature to overcome this problem [1][2][3][4]. In their paper, Abdel-Nabi and Al-Haj proposed a hybrid encryption algorithm using watermarking that offers high embedding capabilities for medical images. The proposed algorithm is a combination of reversible data-caching techniques with standard encryption techniques for ensuring the security requirements for transferred and stored medical images [5]. In their paper, Abdmouleh et al. presented a partial cryptographic approach that was based on the digital wavelet transform (DWT) and was in [10][11][12] are only suitable with respect to their correlation coefficients, but there are no improvements with respect other criteria. The results that are obtained in [13,14] are only suitable with respect to entropy. The methods in [27,28] perform well in color images encrypting and can be used to encrypt medical images. Nevertheless, our method is better in terms of the correlation coefficients, the entropy, the NPCR, and the UACI.
Our aim in this paper is to provide an algorithm that protects medical color images based on chaotic systems and SHA-256 systems. The algorithm is composed of two parts: A high-speed permutation process and adaptive diffusion. For this reason, in Section 2, we will present the basic concepts of chaotic systems and SHA-256 systems. In Section 3, we will describe the proposed algorithm's equations, and in Section 4, the empirical results from the implementation of the proposed algorithm that is simulated in the MATLAB software will be given. In Section 5, we compare the results of the proposed method with previous methods, and in Section 6, we will explain the quality and appropriateness of this method.

Chaotic Systems
Chaos theory is a chapter of mathematics centralization on the action of dynamical systems that are highly sensitive to initial situation. "Chaos" is a notion denoting that within the obvious accidentalness of chaotic systems, there are basically models, stable feedback rings, iteration, selflikeness, fractals, self-formation, and dependence on programming at the initial part, which is known to have sensitive to depend on initial situation.
Little differences in initial situation, like those owing to rounding errors in numerical calculations, output widely in different outcomes for dynamical systems, thus, generally interpretation of the long-term oracle of their action impossible. This action is known as certain chaos, or simply chaos. The theory was tabloid by Edward Lorenz as follows: Chaos: When the design specifies the future, but the proximate present does not proximately specify the future.
In 1963, Lorenz studied chaotic systems using a nonlinear differential equation, which is one of the first examples of algebraic chaotic systems in dissipative systems. Chaotic systems are very abundant in nature and they are used in many branches of science, such as the physics of dynamics and photonics, medical sciences, chemistry, and demography. In recent years, much research has been done on chaotic systems by scientists and more practical systems have been introduced, such as Chen's system, Lu's system, and Qi's 3D four-wing chaotic system [15][16][17]. The chaotic system that is used in this algorithm is the Chen-based hyper-chaotic system. The Chen-based hyper-chaotic system in [18] is described as follows: where s, t, u, and v are the fixed variables and a, b, c, d, and w are the controlling parameters of the system. The dynamical cycle will be hyper-chaotic when a = 36, b = 3, c = 28, d = −16, and −0.7 < w < 0.7.

SHA-256 (Secure Hash Algorithm 256)
A cryptographic hash (sometimes called a "digest") is a type of 'signature' for a text or data file. The SHA-256 products an almost-unique 256-bit (32-byte) signature for a text. The SHA-256 is a type of the deputy hash functions to the SHA-1 (referential to as SHA-2) and is one of the existing powerfulness hash functions. The SHA-256 is not much more complicated to code than the SHA-1 and has not yet been agreement in any path. The 256-bit key makes it a good common-function for the The NIST also prepared a number of test vectors to investigate the validity of its execution [19][20][21].
To the SHA-256, the message is decomposed to n blocks with 512 bits, and at the end of its the final block, bit '1' is added to be followed by k zero bits, where k is the least nonnegative the answer path of the equation l + 1 + k = 448mod512. Next, a 64-bit binary block that is equivalent to l is added. Clearly, a "1" followed by k "0" s that is followed by 64 bits are added at the end of M to generate a crooked message of length 512 * n bits. For instance, the 8-bit ASCII message "abc" has a length of l = 8 × 3 = 24. Therefore, the message is padded with a one bit, then 448 − (24 + 1) = 423 zero, and then the 64 bits of the length of message (11000) 2 = (24) 10 . Then, one message plan carries out on the blocks of M, generating the W t amount, any of which is to the corresponding t-th repetition of the transmutation. The transmutation takes W t , a fixed value, K t and the primary amounts H (0) (in the repetition one) or the values generated in the past repetition; carries out the transmutation procedure; and produces a series of hash values via a number of repetitions. The last produced hash value is considered as the message digest, h [19]. The SHA-256 needs 64 repetition to generate its message digest. The round contains additives and rational functions that are set to generate the round's output values. The included NLFs are shown in Equation (2): where ⊕, •, and¯denote the XOR, AND, and NOT bitwise rational functions, respectively, and x, y, and z are 32-bit words. ROTR X Shows x right round bit spin. According to the 64 W t values that are necessary, the first 16 are organized by the 512-bit input block whereas the remaining 48 W t amounts are calculated using Equation (3). The functions σ 0 and σ 1 are computed using Equation (4).
Here, SHR x stands for the right bit shift. The SHA-256 base transformation rounds are shown in Figure 1.

Proposed Algorithm
The proposed algorithm has two parts: A high-speed permutation process and adaptive diffusion.

High-Speed Permutation Process
Step 1. First, the plain image P of size × × is used as the input; it has the initial state values of 0, 0, 0, and 0; and uses the SHA-256 function, which is constructed according to the plain image. We consider = × and = ( ℎ 256)/(64 × 256), which reshape matrix P into the 2D matrix P1. Then, the new values of the chaos system a0, b0, c0, and d0 are generated using Equation (4) as follows: Step 2. Then, the initial values and parameters are used to iterate the chaotic systems to obtain the vectors a1, a2, a3, and a4 and quantize to generate four different vectors PR1, PC1, PR2, and PC2, which are as follows: Here, we have to use the ℎ (shift array circularly) rule and its definition is as follows: If A and B are matrixes, = ℎ ( , ℎ ) circularly shifts the values in the array A using the shift size elements. [22].

SHA-256 Architectures
The performance of the SHA-256 construction's transformation round is shown in Figure 1. It takes, as inputs, eight 32-bit characters, (a t−1 − h t−1 ), the value W t−1 , and the stable value K t−1 , performs the calculations shown in Figure 1, and generates the values (a t − h t ) after 64 repetitions [19].

Proposed Algorithm
The proposed algorithm has two parts: A high-speed permutation process and adaptive diffusion.

High-Speed Permutation Process
Step 1. First, the plain image P of size M × N × D is used as the input; it has the initial state values of a0, b0, c0, and d0; and uses the SHA-256 function, which is constructed according to the plain image. We consider DM = D × M and s = sum(sha256)/(64 × 256), which reshape matrix P into the 2D matrix P1. Then, the new values of the chaos system a0, b0, c0, and d0 are generated using Equation (4) as follows: Step 2. Then, the initial values and parameters are used to iterate the chaotic systems to obtain the vectors a1, a2, a3, and a4 and quantize to generate four different vectors PR1, PC1, PR2, and PC2, which are as follows: Here, we have to use the circshi f t (shift array circularly) rule and its definition is as follows: If A and B are matrixes, B = circshi f t(A, shi f tsize) circularly shifts the values in the array A using the shift size elements [22]. Step 3. We consider PR, PC ∈ N DM×N and for i = 1 to DM, if i is odd, then we get the following: and else PR(:, i) = circshi f t P1(i, :)by step − PR2(i) . (7) Step 4. For j = 1 to N, if j is odd, then we get the following: PC(:, j) = circshi f t IR(:, j) by step IC1( j) and else PC(:, j) = circshi f t IR(:, j)by step − IC2( j) .
Now, P2 = PC is the permutated image. This Process explained in Algorithm 1 with the title: High-speed Permutation Process.
Use the initial value and parameters to iterate the chaotic system to get the vectors: a1, a2, a3, a4, and quantize to generate four different vectors: PR1, PC1, PR2, PC2.
for i = 1 to DM do 6.
if i is odd then 7.
end if 11. end for 12.
for j = 1 to N do 13.
if j is odd then 14.
end if 18. end for 19.
Let PC be the permutated imagere 20.
turn Permutated Image

Adaptive Diffusion
Step 1. First, the other initial values and parameters are used to iterate the chaotic systems to obtain the vectors a110, b110, c110, and d110, and they are quantized to generate four different vectors a11, b11, c11, and d11.
Entropy 2019, 21, 577 7 of 24 Step 2. Set A, B ∈ N DM×N and i = 1 to DM. If i ≥ 1 and i ≤ DM/2, then we get the following: Otherwise, Step 3. Here, we have to apply bitcircshift rule, which is an action that is done on all of the bits of a binary amount, in which they are transformed by a determined number of locations to the left or right. Bitcircshift is used when the operand is being used as a series of bits relatively than generally. In other words, the operand behaves as single bits that show something and are not values [22].
Let P2 = PC, and P3 ∈ N DM×N . If i = 1 to DM and j = 1 to N, then we get the following: Step 4.
Remark 1. The proposed algorithm is suitable for all color images (RGB). Because medical images are very important in today's technological world, we decided to use the proposed algorithm for medical images. Use other initial values and parameters to iterate the chaotic system again to get the vectors: a110, b110, c110, d110, and quantize them to generate four different vectors: a11, b11, c11, d11.

2:
Set A, B ∈N DM × N 3: for i = 1 to DM do 4: if i ≥ 1 and i ≤ DM/2 then 5: The decryption process is inverse encryption process. Input: Input data from permutation procession Output: Encrypted Image Our proposed algorithm is a symmetric algorithm. The decryption procedure is the opposite of the encryption method and decryption is done using the encryption method's formulas. This is shown in Figure 2.
Remark 1: The proposed algorithm is suitable for all color images (RGB). Because medical images are very important in today's technological world, we decided to use the proposed algorithm for medical images.

Experiment Result and Security Analysis
In this section, we implemented the proposed algorithm on two medical color images using the MATLAB 2017a software environment (in personal computer with core i7, 3.4GHz, RAM 16GB). As we stated in the introduction, the medical color images are obtained using the Medipix3RX chip technology that is used in today's imaging devices [1][2][3][4].
For example, four color images 256 × 256 in size have been selected as the plain images. In Figure  3, images b, e, h, and k are images that are encrypted by the proposed algorithm for the plain images a, d, g, and j, respectively; and images c, f, i, and l are the decrypted images.

Experiment Result and Security Analysis
In this section, we implemented the proposed algorithm on two medical color images using the MATLAB 2017a software environment (in personal computer with core i7, 3.4GHz, RAM 16GB). As we stated in the introduction, the medical color images are obtained using the Medipix3RX chip technology that is used in today's imaging devices [1][2][3][4].
For example, four color images 256 × 256 in size have been selected as the plain images. In Figure 3, images b, e, h, and k are images that are encrypted by the proposed algorithm for the plain images a, d, g, and j, respectively; and images c, f, i, and l are the decrypted images. Entropy 2019, 21, x FOR PEER REVIEW 10 of 23

Security Analysis
As seen, it is not possible to visually compare the plain images with images that were obtained from the decryption process, and the measures such as the correlation coefficients of two adjacent

Security Analysis
As seen, it is not possible to visually compare the plain images with images that were obtained from the decryption process, and the measures such as the correlation coefficients of two adjacent pixels in the plain image and the cipher image, the entropy, the NPCR (number of pixel change rate), and the UACI (uniform average change intensity) should be mathematically examined. We consider an example of a baby's image.

Histogram Analysis
Color images include three main color channels (red, green, and blue), and these images are called RGB images. Figure 4 shows the histograms of these three channels that are observed for the baby's image. pixels in the plain image and the cipher image, the entropy, the NPCR (number of pixel change rate), and the UACI (uniform average change intensity) should be mathematically examined. We consider an example of a baby's image.

Histogram Analysis
Color images include three main color channels (red, green, and blue), and these images are called RGB images. Figure 4 shows the histograms of these three channels that are observed for the baby's image. In Figure 5, we can see the baby's decrypted image from the three-channel color histograms.  In Figure 5, we can see the baby's decrypted image from the three-channel color histograms. pixels in the plain image and the cipher image, the entropy, the NPCR (number of pixel change rate), and the UACI (uniform average change intensity) should be mathematically examined. We consider an example of a baby's image.

Histogram Analysis
Color images include three main color channels (red, green, and blue), and these images are called RGB images. Figure 4 shows the histograms of these three channels that are observed for the baby's image. In Figure 5, we can see the baby's decrypted image from the three-channel color histograms.  Chi-square Analysis Statistical analysis is a type of the commonplace cryptology procedures. The monotony of the histogram of cipher demonstrates the strength of the encryption path to statistical analysis. The ocular effect of the histogram is not sufficient to verify the accident of a cipher image's pixel values [26]. To quantitatively measure the monotony of the histogram, we use the chi-square test as a metric. The description of the chi-square is as follows: where Q = 256 in our method, o i is the observed incidence frequency of each rate on the histogram of the ciphered image, e i is the envisage incidence frequency of the uniform distribution, and M × N is the length of an image trail. For an ideal image encryption system, the empirical chi-square value should be less than the theoretic amount. With the importance level of 0.05, the theoretic chi-square value is 293 [26]. The chi-square test conclusions and transition rates are listed in Tables 1 and 2. All the test images transition the test, which shows that our plan has a satisfying encryption effect.

Correlation Analysis
The correlation coefficient of two adjacent pixels in the plain image and the cipher image is one of the important factors in determining the quality of image encryption algorithms [23]. In Figure 6, we can see the correlation histograms for the plain image and cipher image, and the correlation histograms are shown in three directions: Horizontal, vertical, and diagonal. In Table 3, the numerical values of the correlation for the plain image and the cipher image are given, and the values in the table are calculated for three directions: Horizontal, vertical, and diagonal. We can specifically see that the correlation coefficients of the plain image are near to 1, however the correlation coefficients of the cipher-image are about equal 0, which may explain why the designed encrypted algorithm has a powerful resistance to possible statistical attacks. The table specifies that the proposed algorithm has the required quality. The correlation coefficient of two adjacent pixels in the plain image and the cipher image is obtained as follows:   In Table 3, the numerical values of the correlation for the plain image and the cipher image are given, and the values in the table are calculated for three directions: Horizontal, vertical, and diagonal. We can specifically see that the correlation coefficients of the plain image are near to 1, however the correlation coefficients of the cipher-image are about equal 0, which may explain why the designed encrypted algorithm has a powerful resistance to possible statistical attacks. The table specifies that the proposed algorithm has the required quality. The correlation coefficient of two adjacent pixels in the plain image and the cipher image is obtained as follows: where x i is the expected value, N is the number of image pixels, and D(x) = 1 N N i=1 (x i − E(x)) 2 is the variance. x and y are the gray values of two adjacent pixels, and N is the total number of pixels that are chosen from the image.

Entropy Analysis
The entropy randomly measures the data sequence and is defined as follows [24]: (18) where N is the number of grayscale levels in an image, and P(s i ) is the incidence possibility of grayscale "I" in the image. The entropy amount will be 8 for images that are wholly accidentally generated. The nearer the entropy of an encryption method is to 8, the less foreseeable it is, and thus, the more secure the plan. The entropies for the designed encryption method have been measured for a sample image and the conclusions are shown in Table 4.

NPCR (Number of Pixel Change Rate) and UACI (Uniform Average Change Intensity)
In a differential attack, a little variation is built to the plain image, and the designed algorithm is employed to encrypt the plain image before and after this variation. These two encrypted images have been evaluated to detect any possible connection between the plain image and the cipher image. The (UACI) and the (NPCR) are two indicator that are regularly used by researchers to test the differential attack resistor of any image encryption method [12].
Suppose that C 1 and C 2 are two cipher images that are encrypted from two plain images with only one-bit difference. The NPCR and UACI are defined as follows: and where M shows the total number of pixels in any cipher-image, S illustrates the number of allowed pixels, and H(i, j) demonstrates the difference between C 1 and C 2 , which is specified as follows.
The larger the NPCR and UACI are, the better the quality of the algorithm. For four randomly selected points, the NPCRs and UACIs are listed in Table 5.

Key Space
The key space for encryption algorithms should be large enough to withstand potential attacks. The minimum key space should be 2 100 . The input values of (x 0 , y 0 , z 0 , h 0 , SHA256) act as a secret key, and, based on this, the secret key space is 10 14 × 10 14 × 10 14 × 10 14 × 2 128 = 10 56 × 2 128 . This indicates that the designed method has good key space.

Key Sensibility Analysis
A safe encryption system must be sensitive to the key; for example, the little change of encryption keys can lead to very different cipher image, and a small change of the decryption keys cannot decrypt the image. Several key sensitivity tests are performed. Figure 7 shows the encrypted images of the baby (plain image b). Figure 3a shows the encrypted image using user keys with a 1-bit difference. The plain encrypted image is indicated in Figure 3b. When the keys of the initial state x 0 , y 0 , z 0 , h 0 , and SHA256 are changed by one bit (i.e., 10 −14 for x 0 , y 0 , z 0 , and h 0 and 2 −128 for SHA256), the five new encrypted images are obtained and shown in Figure 7a-e. We compare them with the image in Figure 7e, and the five differential images are shown in Figure 7f-j. This shows that there are very big differences between the images in Figure 7e,f-j.
In addition, to experience the capability of the designed method to resist the cipher text attack, the keys x 0 , y 0 , z 0 , and h 0 will be modified by 10 −14 and SHA256 will be changed by 2 −128 to decrypt the plain encrypted image. The decrypted images are indicated in Figure 7, which are wholly different from the plain image. Therefore, it can be seen that the cipher text cannot be suitably decrypted without the correct keys, which shows that the proposed method can effectively hamper the cipher text merely attack.
cannot decrypt the image. Several key sensitivity tests are performed. Figure 7 shows the encrypted images of the baby (plain image b). Figure 3a shows the encrypted image using user keys with a 1bit difference. The plain encrypted image is indicated in Figure 3b. When the keys of the initial state , , , , are changed by one bit (i.e., − for , , , and − for SHA256), the five new encrypted images are obtained and shown in Figure 7a-e. We compare them with the image in Figure 7e, and the five differential images are shown in Figure 7f-j. This shows that there are

Known-Plain Image and Chosen-Plain Image Analysis
Clearly, some specific images are selected to test the selected plain-text attack, like a full-white image in Figure 8a and a full-black image in Figure 8d. The results are shown in Figure 8, which indicate that the cryptology is appropriate for these specific images and can resist the chosen-plain-text attack. In Table 6, we can see the entropy values for all-white and all-black images. It can be seen that all the values that are obtained are close to 8, indicating the suitability of the proposed algorithm.

Known-Plain Image and Chosen-Plain Image Analysis
Clearly, some specific images are selected to test the selected plain-text attack, like a full-white image in Figure 8a and a full-black image in Figure 8d. The results are shown in Figure 8, which indicate that the cryptology is appropriate for these specific images and can resist the chosen-plaintext attack. In Table 6, we can see the entropy values for all-white and all-black images. It can be seen that all the

Noise Attack and Occlusion Attack
In the digital world, the images will unexpectedly experience noise and occlude attacks in the transition process, and an effective cryptology must be strong against them. The baby image is used as the test image. Figure 9 shows the noisy cipher images that are contaminated by Gaussian noise (GN), salt and pepper noise (SPN), and speckle noise (SN) with different noise compression and their decrypted images. As seen from Figure 10, the most information of the plain image can be intuitively identified from the decrypted image's presentation of the cipher images with different occlusion effects and their corresponding retrieved images. Specifically, the decrypted images still include most date of the baby image. The PSNR (peak signal-to-noise-ratio) is employed to compute the condition of the decrypted image after a possible attack. For a gray image, the PSNR and MSE can be computed as follows:

Noise Attack and Occlusion Attack
In the digital world, the images will unexpectedly experience noise and occlude attacks in the transition process, and an effective cryptology must be strong against them. The baby image is used as the test image. Figure 9 shows the noisy cipher images that are contaminated by Gaussian noise (GN), salt and pepper noise (SPN), and speckle noise (SN) with different noise compression and their decrypted images. As seen from Figure 10, the most information of the plain image can be intuitively identified from the decrypted image's presentation of the cipher images with different occlusion effects and their corresponding retrieved images. Specifically, the decrypted images still include most date of the baby image. The PSNR (peak signal-to-noise-ratio) is employed to compute the condition of the decrypted image after a possible attack. For a gray image, the PSNR and MSE can be computed as follows: where MSE shows the mean square error between the cipher image I 1 (i, j) and the plain image I 2 (i, j), and m and n are the width and height, respectively [25]. The results are explained in Tables 7 and 8.  (23) where MSE shows the mean square error between the cipher image 1 ( , ) and the plain image 2 ( , ), and m and n are the width and height, respectively [27]. The results are explained in Tables 7  and 8.
(e) (f) Figure 9. Noise attack test results.    (23) where MSE shows the mean square error between the cipher image 1 ( , ) and the plain image 2 ( , ), and m and n are the width and height, respectively [25]. The results are explained in Tables 7  and 8.

Comparison
In this section, we will compare the results that were obtained from the proposed algorithm with previous algorithms. The results that were obtained from the designed method are measured with the methods in References [10] and [24] with respect to their correlation, entropy, NPCR, and UACI, and the key space was compared with references [9], [12], and [24]. The results of the comparison are shown in Tables 9-14.

Comparison
In this section, we will compare the results that were obtained from the proposed algorithm with previous algorithms. The results that were obtained from the designed method are measured with the methods in References [10,24] with respect to their correlation, entropy, NPCR, and UACI, and the key space was compared with references [9,12,24]. The results of the comparison are shown in Tables 9-14.

Conclusions
In this paper, we present a new algorithm based on chaotic systems to protect these images against attacks. The proposed algorithm has two main parts: A high-speed permutation process and adaptive diffusion, which lead to a very efficient and reliable approach in this regard. By examining the results that were obtained from the implementation of the proposed algorithm in the MATLAB software environment and comparing these results with existing methods, it is observed that the designed method is better than those algorithms with respect to the important factors that are mentioned. Such that, to quantitatively evaluate the uniformity of the histogram, the chi-square test is done and the obtained results are desirable. Also, key sensitivity analysis shows that the image is not decrypted with a small change in the key, which indicates that the algorithm is suitable. Clearly, particular images are selected to experiment the selected plain-text, such as a full-white image and a full-black image. Entropy results obtained from the implementation of the algorithm on this type of images show that the proposed method is suitable for this particular type of images. In the real world, the images will inevitably experience noise and occlude attacks while shifting, and an effective cryptosystem must be powerful versus them. The obtained results from noise and occlusion attacks analyses show that the proposed algorithm can withstand against these types of attacks. It is also observed that the values that are obtained with respect to the entropy, NPCR, and UACI are better than those from the methods in existing papers. As we have already mentioned, the key space should be large enough (at least 2ˆ100).
Compared to the old methods, we observe that the key space of our method is very large and more resistant than other methods in dealing with attacks.