IMAGE SECURITY SYSTEM USING RECURSIVE CELLULAR
AUTOMATA SUBSTITUTION AND ITS PARALLELIZATION
Ebrahim Zarei Zefreh
Department Computer Science
Tarbiat Modares University
Tehran, Iran
[email protected]
Sara Rajaee
Department Computer Science
Tarbiat Modares University
Tehran, Iran
[email protected]
Meysam Farivary
Department Computer Science
Tarbiat Modares University
Tehran, Iran
[email protected]
Abstract— This paper presents a novel image security
system based on the replacement of the pixel values
using recursive Cellular automata (CA) substitution.
The advantages of our proposed method are that it is
computationally efficient and it is reasonably passing
sensibility analysis tests. The proposed method is
carried out by using one half of image data to encrypt
the other half of the image mutually. Our algorithm can
encrypt image in parallel and be also applied to color
image encryption. In this proposed method, size of key
is dynamic and by changing a bit of security key the
image cannot retrieve because our method is key
sensitive. Simulation results obtained using color, whiteblack and gray-level images demonstrate the good
performance of the proposed image security system.
Keywords- Cellular Automata; parallel encryption;
Image encryption; Image processing
I.
INTRODUCTION
Security is an important issue in communication
and storage of images, and encryption is one of the
ways to ensure security. Image encryption has many
applications in internet communication, multimedia
systems, medical imaging, telemedicine, military
communication and etc [1]. There are several image
encryption methods such as SCAN-based methods
[2][3], tree structure-based methods [4], chaos-based
methods [5] and Cellular Automata methods [1].
Note that the proposed encryption methods are
symmetric private key encryptions, meaning that the
same key is needed for both encryption and
decryption and must be known to both sender and
receiver before the communication of image.
One of the methods for encryption is recursive
cellular automata (CA) substitution that without
secure keys, decryption is impossible. CA has
dynamic keys and also they can be used for changing
plain-image. CA has the following advantages:
1) CA has been applied successfully to several
physical systems, processes and scientific problems
that involve local interactions, as in image
processing [6][7] and data encryption [8][9].
2) The number of CA evolution rules is very
large. Hence, many techniques are available for
producing a sequence of CA data for image
encryption and decryption.
3) Recursive CA substitution only requires
integer arithmetic and/or logic operations,
simplifying the computation [1].
The proposed method is based on 2-D CA that
tried to create CA key with dynamic size and using
these CA key for changing plain-image as these
changing are recursive. In this method the cipherimage size is equal to plain-image size and there isn’t
any additive information. That is, both sender and
receiver must know all keys.
We introduce Cellular Automata and proposed
image encryption/decryption method in section II and
III respectively. Finally we discussed in section IV
and V about parallel scheme of image
encryption/decryption
and
simulation
and
experimental results. Section VI is conclusions.
II.
CELLULAR AUTOMATA
Cellular Automata (CA) is a dynamic system in
which space and time are discrete. The cells, as
arranged in a regular lattice structure, have a finite
number of states. These states are updated
synchronously according to a specified local rule of
neighborhood interaction. The neighborhood of a cell
refers to the cell and some or all of its adjacent cells.
In 2-D CA space, the specified cell P with its North,
South, West and East cells form the von Neumann
neighborhood (see Fig. 1(a)).
The state of the given cell at time step (t+1) will
be determined from the states of cells within its
neighborhood at time step t. Using a specified rule,
the states are updated synchronously in time steps for
all cells. For a k-state CA, each cell can take any of
the integer values between 0 and (k−1) then for
2-state CA the value of each cell is 0 or 1.
Let at(i, j) represents the state of (i, j)th cell at
time t, that von Neumann neighborhoods are in the
states: at(i-1, j), at(i, j-1) , at(i+1, j) and at(i, j+1) .
For a 2-D von Neumann two-state CA, each cell has
possible CA evolutions, which can be expressed as
at+1(i, j)= (at+1(i-1, j), at+1(i+1, j), at+1(i, j), at(i, j-1),
at(i,j+1))
(1)
where (.) is a boolean function that defines the rule
[12].
The hardware implementation of (1) for 1-bit 2-D
von Neumann CA is shown in Fig. 1(b). Such a
structure is referred to as a programmable additive
CA (PACA) and it is due to the use of XOR gates.
Using the 1-bit 2-D von Neumann PACA structure,
one can build the desired hybrid N×N-bit cellular
automata [13].
Equation (1) states that the evolution of the
(i, j)th cell of a 2-D von Neumann two-state CA can
be represented as a boolean function of the present
states of the (i−1, j)th, (i, j−1)th, (i, j)th, (i, j+1)th,
and (i +1, j)th cells. Therefore, (1) can be expressed
as
at+1(i,j)=C0⊕(C1 at(i+1,j)⊕C2 at(i,j−1)⊕C3at(i,j)⊕C4
at(i,j+1)⊕C5 at(i−1,j))
(2)
Ci’s are rules number and we need 6-bits rule for von
Neumann neighbor. For a N×N 2-D von Neumann
two-state CA, each cell has 232N² possible CA
evolutions at the next time , 4N cells for boundary
condition and N2 cells for initial configuration, so all
possible evolutions can be 232N²+ N²+4N.
II.
OUR PROPOSED METHOD
We propose an encryption algorithm based on
recursive cellular automata (CA) substitution. During
encryption, an image is divided into two parts
equally, and then we encrypt the upper part by using
the lower part and CA. Thereafter, we encrypt the
lower part in similar fashion. We explain the steps of
this method as follow (see Fig. 2).
A. CA generating
The CA keys consist of N2 cells for initial
configuration, 4N cells for boundary condition data, 6
bits for rule control data and log R bits for CA
iteration.
For filling N2 bits of CA initial
configuration we take key from input that can be
from 1 bit to N2 bits, so there exists possible values
for initial CA. An N×N null matrix is created and
concatenated initial CA together until its length
increases to N2. Then with first cell, we start to fill all
N2 bits of CA initial configuration with arbitrary
scheme (see Fig. 3). For updating CA, we use (2) for
R times.
B. Image encryption/decryption scheme
The process of the encryption scheme is given in
the following steps (see Fig. 4):
1) The plain-image is divided into two parts
equally.
2) The upper and lower parts of plain-image are
divided to N×N partitions.
3) For any N×N partitions of upper part of plainimage and any corresponding N×N partitions of
lower part of plain-image, let (a) Fu(i), 0≤i ≤N−1 be
a sequence of N-bit data of upper part of plainimage, (b) Fl(i), 0≤i≤N-1 be a sequence of N-bit data
of lower part of plain-image, (c) CA(i), 0≤i≤N-1 be a
sequence of N-bit CA data, (d) Eu(i), 0≤i≤N-1 be a
sequence of N-bit encrypted data of upper part of
cipher-image and (e) El(i), 0≤i≤N-1 be a sequence of
N-bit encrypted data of lower part of cipher-image.
Then, the recursive CA-encrypted substitution is
defined as
For upper part of plain-image
E(0)u= g(Fu (0), Fl(0), CA(0))
(3)
E(i)u= [Fu(i)+Fl(i)+ GCAT(Eu(i-1),CAp(i))] 2mod 2N,
0≤i≤N
(4)
For lower part of plain-image
E(0)l= g(Eu(0), Fl(0), CAp(0))
(5)
E(i)l= [Eu(i) +Fl(i)+ GCAT(El(i-1),CAp(i))] 2mod 2N,
0≤i≤N
(6)
Where g is a boolean function that take three
sequences of N-bit data and return sequence of N-bit
data and GCAT is boolean function that take two
sequences of N-bit data and calculate OR/XOR them
and giveback sequence of N-bit data so
If GCAT input=0 then GCAT(E(i-1),CAp(i))
=OR(E(i-1),CAp(i))=E(i-1)⊕CAp(i)
(7)
Else GCAT input=1 Then GCAT(E(i-1), CAp(i))
=XOR(E(i-1),CAp(i))= E(i-1)⊕CAp(i)
(8)
The process of the decryption scheme is given in
the following steps (see Fig. 5):
1) The cipher-image is divided into two parts
equally.
2) The upper and lower parts of cipher-image
must be divided to N×N partitions.
3) For any N×N partitions of lower part of
cipher-image and any corresponding N×N partitions
of upper part of cipher-image, (f) Du(i), 0≤i≤N-1 be a
sequence of N-bit decrypted data of upper part of
cipher-image and (g) Dl(i), 0≤i≤N-1 be a sequence of
N-bit decrypted data of lower part of cipher-image.
Then, the recursive CA-decrypted substitution is
defined as
For lower part of plain-image
D(0)l=g(Eu(0), El(0), CAp(0))
(9)
D(i) l=[Eu(i)+El(i)+GCAT(Du (i-1),CA(i))]2mod2N,
0≤i≤N
(10)
For upper part of plain-image
D(0)u=g(Eu(0),Dl(0),CA(0))
(11)
D(i)u=[Eu(i)+Dl(i)+GCAT(Dl (i-1),CA(i))]2mod2N,
0≤i≤N
(12)
III.
PARALLEL SCHEME
A. Parallel scheme and its requirements
In parallel computing scheme, each PE is
responsible for a subset of the image data and
possesses its own memory. During the
encryption/decryption, there may be some
communication between PEs (see Fig. 6).
Requirements
for
parallel
image
encryption/decryption scheme [10][7]:
1) Computation load balance
The total time of a parallel image encryption
scheme is determined by the slowest PE, since other
PEs have to wait until such PE finishes its work.
Therefore a good parallel computation scheme can
balance the task distributed to each PE.
2) Communication load balance
There usually exists lots of communication
between PEs. For the same reason as of computation
load, the communication load should be carefully
balanced.
3) Critical area management
When computing in a parallel scheme, many PEs
may read or write the same area of memory (i.e.
critical area) simultaneously, which often causes
unexpected execution of the program. It is thus
necessary to use some parallel techniques to manage
the critical area.
B. A parallel image encryption/decryption scheme
In serial scheme, first the sender determines the
key, rule and GCAT then serial algorithm matrix
encrypts the plain-image with produces a number of
CA sequentially finally send the cipher-image to the
receiver. In other side, first the receiver takes the
cipher-image and decrypts the cipher-image with
determines the key, rule and GCAT.
In parallel scheme, we suppose that we have
(n+1) processors (n=1, 2, 3 …). The main processor
is coordinator and dispatcher so that divide plain-
picture to n parts equally then send ith part to ith
processor (i=1, 2, …, n). Here the communication
between processors is global communication that is
all processors access to CAKey, rule and GCAT.
Now
all
processors
with
using
image
encryption/decryption scheme (section III.B)
parallelly perform encryption/decryption operation
(see Fig .7).
C. Applying the algorithm to color image
A color image comprises three components, i.e.,
R, G and B, which can be seen as three parts, then the
process of encrypting gray-level image can be
applied to the color image similarly: First, arrange the
three components in a certain order. Then according
to the order, use the first one to encrypt the second
one, the second one for the third one, the third one for
the first one, repeatedly until the cipher-image
satisfies our performance requirement.
IV.
SIMULATION AND EXPERIMENTAL RESULTS
Many simulations were conducted to illustrate
various characteristics of the proposed CA-based
image encryption/ decryption system including pixel
rearrangement. In the serial experiment, a gray level
image ‘Lena’ of size 128×128 pixels (see Fig. 8(a)
and Fig. 9(a)) is chosen as the plain-image and the
data for encryption and decryption are 8-bit, and that
2-D 8×8-cell von Neumann CA is adopted. When the
encryption process is completed, the cipher-image is
obtained and is shown in Fig. 8(b) and Fig. 9(b).
A. Histogram
The histogram of a digital image gray levels in the
range [0, L-1] is a discrete function h(rk)=nk, where rk
is the kth gray level and nk is the number of pixels in
the image having gray level rk.
Histogram of the plain and cipher image of gray
level of picture ‘Lena’ are shown in Fig. 8(c) and
Fig. 8(d). These two figures show that the cipherimage possesses the characteristic of uniform
distribution in contrast to that of the plain-image. In
the parallel experiment, the number of PEs is chosen
as 4. The results for gray level of ‘Lena’ are shown in
Fig. 9.
B. Correlation coefficient analysis
The correlation analysis is performed by
randomly selecting 2000 pairs of two adjacent pixels
in vertical, horizontal, and diagonal direction from
the plain-image and the ciphered image. This process
is implemented and is computed using “(13)” and the
results is shown in table I. Fig. 10 shows correlation
coefficient of two vertically, horizontally and
diagonally adjacent pixels of both plain and cipher
images in gray levels of picture ‘Lena’.
rxy can be between -1 and 1 so 0 < |rxy| < 1. If |rxy|
be near 1, we will conclude that x and y are correlated
and if |rxy| be near 0, we will conclude that there is a
trivial correlation between x and y.
where x and y are the gray-scale values of two
adjacent pixels in the image and N is total number of
pixels selected from the image for the calculation.
The correlation coefficients between the two
adjacent pixels in the plain image are near 1 and it
shows that the two adjacent pixels in the plain image
are highly correlated, but there is negligible
correlation between the two adjacent pixels in the
encrypted image.
C. Sensibility analysis
 NPCR analysis
In this analysis, first, a 128×128 image ‘Lena’ is
chosen and encrypted by using the key1 and then the
least significant bit of the key1 is changed, so that the
original key becomes key2, which is used to encrypt
the same image.
Let two ciphered images be denoted by C1 and C2.
Label the grey-scale values of the pixels at grid (i,j)
in C1 and C2 by C1(i,j) and C2(i,j) respectively.
Define a bipolar array, D, with the same size as
images C1 and C2. D(i,j) is determined by C1(i,j) and
C2(i,j), namely, if C1(i,j)=C2(i,j) then D(i,j)=0 ;
otherwise, D(i,j) = 1.
The Number of Pixels Change Rate (NPCR) is
defined as:
where W and H are the width and height of C1 or C2.
TABLE I.
Correlation coefficient of two adjacent pixels in plainimage and cipher-image of gray level of ‘Lena’
Adjacent pixels
Vertical
Horizontal
Diagonal
Image
Plain image
Cipher image
0.9841
-0.0373
0.8926
-0.00061
0.8374
-0.00067
 UACI analysis
The Unified Average Changing Intensity (UACI)
is defined as:
where W and H are the width and height of C1 or C2.
The UACI measures the average intensity of
differences between the two cipher images.
In our example, we set CA key1 as (11100011)2
and encrypt the plain-image ‘Lena’ with this key.
Then, the least significant bit of the key is changed,
so that the key1 becomes key2 (11100010)2, which is
used to encrypt the same image, and its
corresponding encrypted image is referred an
encrypted image. Finally, the above encrypted image
using the two slightly different keys are compared.
We have measured NPCR and UACI of two cipher
images with only one bit difference in keys at
different rounds and results are given in tables II and
III.
Suppose the value of NPCR and UACI are taken
to be 100% and 0% respectively. Base on these
findings we can conclude our proposed system has
high security.
As you see in tables II and III, the NPCR and
UACI of two systems is about 99.8% and 0.55%
respectively and we conclude that our method is safe
and our system is secure.
 Key sensibility
If a trivially modified key to decrypt the ciphered
image is used, then the decryption should not
succeed. In that, Fig. 11 is confirming our findings.
In it, Frame (a) is the plain image, with its encrypted
TABLE II.
Comparison of NPCR and UACI in serial system at
different rounds
Cipher rounds(r)
1
2
3
4
8
16
TABLE III.
NPCR
99.8888%
99.8883%
99.8869%
99.8979%
99.8943%
99.8877%
UACI
0.5249%
0.4944%
0.5066%
0.5124%
0.5737%
0.5615%
Comparison of NPCR and UACI in parallel system
at different rounds
Cipher rounds(r)
1
2
3
4
8
16
NPCR
99.8999%
99.8876%
99.887%
99.8888%
99.8895%
99.3774%
UACI
0.4465%
0.5005%
0.4211%
0.5981%
0.4944%
0.6226%
image Frame (b) by key1 (11100011)2. Frame (c),
(d) respectively, show the decrypted images by the
key1 (11100011)2, key2 (11100010)2 to decrypt
encrypted image Frame (b). It is clear that the image
encrypted by the key1 was not be correctly decrypted
by using the key2. Here, there is only one bit
difference between the two keys explained before.
Those results clearly show high key-sensitivity of the
proposed CA encryption.
VI.
[3]
[4]
[5]
CONCLUSION
In this paper we presented a novel image security
system based on 2-D von Neumann CA. The
encryption method is based on the replacement of the
pixel values using a recursive CA substitution. To
having a system with high security, we created the
Dynamic keys to change original image. We execute
this system on both gray and color levels of ‘Lena’
then we analyze them with Matlab7.8 and get ideal
results. Our system gets 8-bit secret key, a rule
number and GCAT selector as inputs and encrypts
the original image. These data sets should be known
in receiver site. Otherwise, they cannot get the
original image because our system is key sensitive.
We parallelize our system by using n processors and
improve the implementation. The advantages of our
proposed method are that it is computationally
efficient and it is reasonably passing sensibility
analysis tests.
REFERENCES
[1]
[2]
[6]
[7]
[8]
[9]
[10]
[11]
[12]
[13]
S. S. Maniccama and N. G. Bourbakis, “Image and video
encryption using SCAN patterns,”Pattern Recognition, vol.
37 , pp. 725–737, 2004.
R. Brause and J. W. Goethe, “Implementing the SCAN
Language by Neural Networks,” Intelligence and Systems ,
pp. 242251, November 1996.
K. L. Chung, L.C. Chang, “Large encrypting binary images
with higher security,” Pattern Recognition Letters, vol. 19,
pp. 461–468, April 1998.
S. Liu, J. Sun, Z. Xu and J. Liu, “Analysis on an Image
Encryption Algorithm,” International Workshop on
Education Technology and Training & International
Workshop on Geoscience and Remote Sensing, vol. 1, pp.
803806, June 2009.
S. S. Maniccam and N. G. Bourbakis, “Lossless image
compression and encryption using SCAN,”
Pattern
Recognition, vol. 34, pp. 12291245, June 2001.
Q. Zhou, K. Wong, X. Liao, T. Xiang and Y. Hu, “Parallel
image encryption algorithm based on discretized chaotic
map,” Chaos, Solitons and Fractals,” vol. 38, pp. 1081–1092,
January 2007.
S. Nandi, B. K. Kar and P. P. Chaudhuri, “Theory and
applications of cellular automata in cryptography’, IEEE
computer society, vol. 43, pp. 1346 1357, December 1994.
O. Lafe, “Data compression and encryption using cellular
automata transform,” Eng. Appl. Artif. Intell. 1998.
X. Liao, S. Lai and Q. Zhou, “A novel image encryption
algorithm based on self-adaptive wave transmission,” Signal
Processing, vol. 90 pp. 2714–2722, March 2010.
F. Bao, “Cryptanalysis of a Partially Known Cellular
Automata Cryptosystem,” IEEE computer society, vol. 5, pp.
14931497, November 2004.
S. Wolfram, “Statistical mechanics of cellular automata,”
Reviews of Modern Physics, vol. 55 pp. 601–644, July 1983.
R. J. Chen and J.L. Lai, “Novel Stream Cipher Using 2-D
Hybrid CA and Variable Ordered Recursive CA
Substitutions,” 2008 IFIP International Conference on
Network and Parallel Computing,pp. 7481, October 2008.
R. J. Chen and J. L Lai, “Image security system using
recursive
cellular
automata
substitution,”
Pattern
Recognition, vol. 40, pp. 1621–1631, November 2006.
Figure 1.
2-D von Neumann CA: (a) 2-D von Neumann CA space, (b) the structure of 1-bit PAVA.
Figure 2.
Figure 3.
The demonstration of proposed image encryption method
10 schemes for fill 42 bits of CA initial configuration.
Figure 4.
The plain and cipher images: (a) gray image of Lena, (b) The plain-image is divided into two parts equally
and either divided to N×N partitions, (c) encrypt the upper part by using lower part and CA, (d) encrypt
the lower part by using upper part and CA, (e) cipher-image.
Figure 5.
The cipher and plain images: (a) cipher-image, (b) The cipher-image is divided into two parts equally
and either divided to N×N partitions, (c) decrypt the lower part by using upper part and CA, (d) decrypt
the upper part by using lower part and CA, (e) plain-image.
Figure 6.
Figure 7.
Figure 8.
Parallel scheme for image encryption/decryption
A parallel image encryption/decryption scheme for gray image.
Serial process: (a) plain-image, (b) cipher-image, (c) histogram of plain-image,
(d) histogram of cipher-image.
Figure 9.
Parallel process: (a) plain-image, (b) cipher-image, (c) histogram of plain-image,
(d) histogram of cipher-image
Figure 10.
(a) gray level of plain image, (b) Correlation of two vertically adjacent pixels of (a), (c) Correlation of two
horizontally adjacent pixels of (a), (d) Correlation of two diagonally adjacent pixels of (a), (e) Encrypted
image of (a), (f) Correlation of two vertically adjacent pixel of (e), (g) Correlation of two horizontally
adjacent pixels of (e), (h) Correlation of two diagonally adjacent pixels of (e) Note that in the plots xcoordinate and y-coordinate is the gray level of two neighbor pixels, respectively.
Figure 11.
Key sensitivity test: (a) Plain image, (b) Encrypted image with key1, (c) Decrypted image with key1,
(d) Decrypted image with key2