Remote-Sensing Image Encryption Algorithm Using the Advanced Encryption Standard

: With the increasing use of multimedia in communications, the content security of remote-sensing images attracts much attention in both the academia and industry. The Advanced Encryption Standard (AES) is a famous symmetric cryptosystem. A symmetric remote-sensing image encryption algorithm using AES is presented. Firstly, to reduce the encryption times, the sender groups 16 pixel values together, and converts them into big integers; secondly, the sender encrypts big integers with AES and the chaotic system; ﬁnally, the encrypted image is obtained from encrypted big integers. Simulation data show that our algorithm exhibits both the high security and efﬁciency.


Introduction
Remote sensing is a non-contact and long-distance measuring technology, which acquires the information of an object or phenomenon. This technology plays a highly significant role in many fields, such as resource survey, environment protection, weather forecast and disaster evaluation. Most of remote-sensing images involve business secrets and even national security. Internet development and multimedia easy distribution make the content security of remote-sensing images become an important issue for scientists and engineers.
The chaotic system is a commonly applied means to encrypt images for its extreme sensitivity to initial values and parameters, ergodicity, etc. [1]. The experts of information security have designed lots of image encryption schemes with the chaotic systems recently [2][3][4][5][6][7]. Nevertheless, the security of the low-dimensional chaotic system is a little weak for its disadvantage of short code period. Researchers pay more attention to more complex chaotic systems, such as the high-dimensional chaotic systems and compound chaotic systems [8][9][10][11][12][13].
Advanced Encryption Standard (AES) is an excellent symmetric cryptosystem, which has the advantages of strong ability to resist attacks, so it is widely used in data encryption. At present, several experts of image encryption viewed that AES is fairly safe, but it isn't suitable for encrypting image. The reason is that the image data is huge and has more redundancy than the text data [14]. However, Zhang et al. designed an image encryption algorithm with AES [15]. Authors group the pixel values of the plain image into data blocks with the size of 128 bits. They permute the first data block with the initial vector. After that, AES encrypts other data blocks with the cipher block chaining mode. Although authors stated that their algorithm can achieve high encryption speed, the efficiency can be further improved. Therefore, to protect the content of remote-sensing images, this paper presents a symmetric remote-sensing image encryption algorithm with AES and chaos. Experimental results and algorithm comparative analyses display that the proposed algorithm is desirable in terms of the security and efficiency.

Chaotic System
The Piece-Wise Linear Chaotic Map (PWLCM) is defined by: where x i ∈ [0, 1) and q is the control parameter [17]. When q ∈ (0, 0.5), this chaotic system can provide an excellent and random chaotic sequence, which is suitable for image encryption.

Secure Hash Algorithm
Secure Hash Algorithms (SHA) are a kind of hash functions, which is released by NIST. SHA is mainly applied to the integrity security services [18]. SHA-256 is a popular SHA, which outputs the message digest with the length of 256 bits.
The proposed algorithm uses SHA-256 to generate the initial value x 0 and variable q of PWLCM. For the plain image, the proposed algorithm adopts SHA-256 to generate hash value K, which can be segmented into 8-bit parts, i.e.,: The variables x 0 and q of PWLCM are computed by: where denotes the exclusive OR (XOR) operation in the binary system. q = k 17 k 18 · · · k i · · · k 32 510 , i = 19, 20, · · · , 31 (4)

Proposed Image Encryption Algorithm
For easy description, the sender and recipient are Alice and Bob, respectively. The following subsections describe the core technology of the proposed image encryption algorithm. Figure 1 is the image encryption flowchart of the proposed algorithm. Alice performs the following steps to encrypt the plain image.

Proposed Image Encryption Algorithm
For easy description, the sender and recipient are Alice and Bob, respectively. The following subsections describe the core technology of the proposed image encryption algorithm. Figure 1 is the image encryption flowchart of the proposed algorithm. Alice performs the following steps to encrypt the plain image.

Sender's Encryption Process
Step 1: Chaotic Sequence Generation Let the plain image be . The variables and of PWLCM can be generated with the method described in Section 2.3. Alice iterates Equation (1) times with and , and she obtains a chaotic sequence X . Step 2: Chaotic Image Generation If 16 digits exists after the decimal point for all the ∈ , Alice computes: where , and mod • is the modulo operation. After that the sender can convert the vector into a matrix , named as the chaotic image.
Step 3: Group Pixels The pixel value in binary form is an 8-bit number. Here, Alice uses AES-256 to encrypt the 128bit data blocks. Therefore, Alice groups 16 pixel values together to form a big integer number with the 128-bit length. The first big integer is: Step 4: AES Encryption Step 1: Chaotic Sequence Generation Let the plain image be I m×n . The variables x 0 and q of PWLCM can be generated with the method described in Section 2.3. Alice iterates Equation (1) m × n times with x 0 and q, and she obtains a chaotic sequence X = {x i } m×n .
Step 2: Chaotic Image Generation If 16 digits exists after the decimal point for all the x i ∈ X mn , Alice computes: where Y = {y i } m×n , and mod(·) is the modulo operation. After that the sender can convert the vector Y into a matrix C m×n , named as the chaotic image.
Step 3: Group Pixels The pixel value in binary form is an 8-bit number. Here, Alice uses AES-256 to encrypt the 128-bit data blocks. Therefore, Alice groups 16 pixel values together to form a big integer number with the 128-bit length. The first big integer is: where I b 1,1 I b 1,2 · · · I b 1,i · · · I b 1,16 denote the pixels of I in binary form. Alice can obtain (m × n)/16 plain big integers b 1 , b 2 , · · · , b (m×n)/16 for I in total. Similarly, Alice can also obtain (m × n)/16 chaotic big integers r 1 , r 2 , · · · , r (m×n)/16 for C.

Step 4: AES Encryption
Alice calculates: where {c i } are encrypted big integers, AES e (·) is the encryption function of AES, whose input parameters are the key K 1 and b 1 .

Recipient's Decryption Process
Bob iterates Equation (1) times with the variables and of PWLCM, and obtains a chaotic sequence .
Step 2: Chaotic Image Generation Bob can get the with Equation (5), and convert it into a matrix .

Recipient's Decryption Process
where are encrypted big integers, AES • is the encryption function of AES, whose input parameters are the key and .
Step  Step 1: Chaotic Sequence Generation Bob iterates Equation (1) times with the variables and of PWLCM, and obtains a chaotic sequence .

Recipient's Decryption Process
Step 2: Chaotic Image Generation Bob can get the with Equation (5), and convert it into a matrix .
Step 3: Group Pixels Step 1: Chaotic Sequence Generation Bob iterates Equation (1) m × n times with the variables x 0 and q of PWLCM, and obtains a chaotic sequence X = {x i } m×n .
Step 2: Chaotic Image Generation Bob can get the Y = {y i } m×n with Equation (5), and convert it into a matrix C m×n .
Step 3: Group Pixels Bob groups 16 pixel values together to form a big integer number with the 128-bit length. For the encrypted image E, Bob can obtain (m × n)/16 encrypted big integers {c i }. For the chaotic image C, Alice can also obtain (m × n)/16 chaotic big integers {r i }.
Step 4: AES Decryption Bob computes: where {d i } are decrypted big integers, and AES d (·) is the decryption function of AES, whose input parameters are the key K 1 and c 1 r 1 .
Step 5: Recovering Pixels Bob divides d i , i = 1, 2, · · · , (m × n)/16 into 16 parts, and converts them into pixel values. According to the pixel positions, he rebuilds these pixel values into a decrypted image D with the size m × n.

Zhang's Algorithm
Zhang et al. designed an image encryption scheme with AES (short for Zhang's algorithm) [15]. Alice performs the following steps to encrypt the plain image I m×n .
Step 1: divide I m×n into t pixel blocks with the size 4 × 4 to form 128 bits; Step 2: Tent map is used to generate the initial vector IV of AES; Step 3: for the first block I 1 of I m×n , encrypt it by: where K is the secret key, and C 1 is the first encrypted block; Step 4: for the ith block I i of I m×n , encrypt it by: where C i is the ith encrypted block.

Kalubandi's Algorithm
Kalubandi et al. designed an image encryption scheme using AES and visual cryptography (short for Kalubandi's algorithm) [19]. Alice performs the following steps to encrypt the plain image I m×n .
Step 1: encode I m×n with the Base64 standard; Step 2: initiate the AES 256-bit key; Step 3: encrypt the Base64 encoded text with AES; Step 4: convert the cipher text of AES into the encryption image.

Hraoui's Algorithm
Hraoui et al. designed an image encryption scheme with AES (short for Hraoui's algorithm) [20]. Alice performs the following steps to encrypt the plain image.
Step 1: segment I m×n into 4 × 4 pixel blocks; Step 2: convert these blocks into 128-bit sequences; Step 3: encrypt these 128-bit sequences with AES; Step 4: convert the cipher text of AES into 4 × 4 encrypted pixel blocks; Step 5: combine these encrypted pixel blocks into the encrypted image.

Experiments
The experimental purpose is to encrypt the plain image with the proposed algorithm and three similar algorithms, i.e., Zhang's algorithm, Kalubandi's algorithm and Hraoui's algorithm. The plain image is Airfield as shown in Figure 4a, whose size is 512 × 512. The computer configuration used in the experiments is shown as follows: Yoga 2 notebook PC of Lenovo Group, Beijing, China, Intel M-5Y71@1.20 GHz Processor, 8 GB RAM, Window 8 operating system and Matlab R2016a. K is the SHA-256 value of Airfield. Therefore, the variables x 0 and q of PWLCM can be calculated with the method described in Section 2.3. For the proposed algorithm, Zhang's algorithm, Kalubandi's algorithm and Hraoui's algorithm, the AES keys are K 1 , K 2 , K 3 , K 4 respectively. The above variable values are given in Table 2.

Variables
Values For the proposed algorithm, Figure 4b is its encrypted image. Bob can decrypt the encrypted image with the key to obtain the plain image. The decrypted image is the same with Figure 4a. For three similar algorithms, the encrypted images are shown in Figure 4c-e, respectively. These encrypted images are very chaotic. Therefore, all these four algorithms have excellent encryption effect.

Experiments
The experimental purpose is to encrypt the plain image with the proposed algorithm and three similar algorithms, i.e., Zhang's algorithm, Kalubandi's algorithm and Hraoui's algorithm. The plain image is Airfield as shown in Figure 4a, whose size is 512 512. The computer configuration used in the experiments is shown as follows: Yoga 2 notebook PC of Lenovo Group, Beijing, China, Intel M-5Y71@1.20 GHz Processor, 8 GB RAM, Window 8 operating system and Matlab R2016a.
is the SHA-256 value of Airfield. Therefore, the variables and of PWLCM can be calculated with the method described in Section 2.3. For the proposed algorithm, Zhang's algorithm, Kalubandi's algorithm and Hraoui's algorithm, the AES keys are , , , respectively. The above variable values are given in Table 2.

Variables
Values For the proposed algorithm, Figure 4b is its encrypted image. Bob can decrypt the encrypted image with the key to obtain the plain image. The decrypted image is the same with Figure 4a. For three similar algorithms, the encrypted images are shown in Figure 4c-e, respectively. These encrypted images are very chaotic. Therefore, all these four algorithms have excellent encryption effect.

Algorithm Analyses
For an excellent image encryption algorithm, it can resist several commonly used attacks, such as the brute-force attack and differential attack. This paper analyzes the performance of the proposed algorithm in terms of the key space, histogram, correlation, differential attack, information entropy, and encryption efficiency.

Key Space Analysis
For a desirable encryption algorithm, its key space should be large enough to resist the bruteforce attack. (1) For Zhang's algorithm, the AES key is also the key of Zhang's algorithm. This algorithm security main depends on the used key length, i.e., 128, 192, or 256 bits. Therefore, the size of key space is also the AES key, the variables and of PWLCM. In our experiment, we used AES-256 to encrypt the plain image. If 16 digits exists after the decimal point for the key, then the key space is 10 2 1.16 10 . Therefore, the proposed algorithm has the largest key space to withstand the brute-force attack.

Histogram Analysis
The histogram can reflect the statistical feature of pixel value distribution. For a desirable encryption scheme, the histogram of the encryption image is always uniform [21]. Figure 5a

Algorithm Analyses
For an excellent image encryption algorithm, it can resist several commonly used attacks, such as the brute-force attack and differential attack. This paper analyzes the performance of the proposed algorithm in terms of the key space, histogram, correlation, differential attack, information entropy, and encryption efficiency.

Key Space Analysis
For a desirable encryption algorithm, its key space should be large enough to resist the brute-force attack. (1) For Zhang's algorithm, the AES key is also the key of Zhang's algorithm. This algorithm security main depends on the used key length, i.e., 128, 192, or 256 bits. Therefore, the size of key space is also 2 128 ≈ 3.4 × 10 38 , 2 192 ≈ 6.3 × 10 57 , or 2 256 ≈ 1.16 × 10 77 ; (2) For Kalubandi's algorithm, authors adopt AES-256 during the process of image encryption. Therefore, the key space is 2 256 ≈ 1.16 × 10 77 ; (3) For Hraoui's algorithm, authors adopt AES-128 during the process of image encryption. Therefore, the key space is 2 128 ≈ 3.4 × 10 38 ; (4) for the proposed algorithm, the keys are the AES key, the variables x 0 and q of PWLCM. In our experiment, we used AES-256 to encrypt the plain image. If 16 digits exists after the decimal point for the key, then the key space is 10 32 × 2 256 ≈ 1.16 × 10 109 . Therefore, the proposed algorithm has the largest key space to withstand the brute-force attack.

Histogram Analysis
The histogram can reflect the statistical feature of pixel value distribution. For a desirable encryption scheme, the histogram of the encryption image is always uniform [21]. Figure 5a

Correlation Analysis
To evaluate the performance of pixel correlation, we carry out some simulations. The correlation coefficient of each pair is calculated by:

Correlation Analysis
To evaluate the performance of pixel correlation, we carry out some simulations. The correlation coefficient of each pair is calculated by: where E(·) is the expectation function and D(·) is the variance function. For the proposed algorithm, 5000 pairs of adjacent pixels are randomly chosen from Figure 4a-e. For Figure 4a,b, Figure 6 reflects their relevance for adjacent pixels in the horizontal, vertical, and diagonal directions, respectively.
where • is the expectation function and • is the variance function.
For the proposed algorithm, 5000 pairs of adjacent pixels are randomly chosen from Figure 4ae. For Figure 4a,b, Figure 6 reflects their relevance for adjacent pixels in the horizontal, vertical, and diagonal directions, respectively.
For the proposed algorithm, Zhang's algorithm, Kalubandi's algorithm, and Hraoui's algorithm have their correlation coefficients of Figure 4a-e given in Table 3. Experimental data display that the  Table 3. Experimental data display that the values of the plain image are close to 1, but the values of all the encrypted images are close to 0. Therefore, all these four algorithms can destroy the pixel relevance completely.

Differential Attack Analysis
The differential attack is used to check the plaintext sensitivity for an image encryption algorithm [22]. Therefore, if we make a slight change to the plain image, a desirable encryption algorithm can spread this influence over the whole encryption process. To evaluate the ability to resist the differential attack, the Number of Pixels Change Rate (NPCR) and Unified Average Changing Intensity (UACI) are defined by: where I (i, j) is the encryption image of the plain image, I (i, j) is the encryption image of the modified plain image, and f (i, j) is defined by: To evaluate the performance of the plaintext sensitivity, the simulation changes the pixel value I(1, 1) of the plain image into 200. For the proposed algorithm, Zhang's algorithm, Kalubandi's algorithm, and Hraoui's algorithm, have their NPCR and UACI results of Figure 4a listed in Table 4. For the proposed algorithm and Zhang's algorithm, NPCR and UACI results are very large. Therefore, their plaintext sensitivity is very strong. However, for Kalubandi's algorithm and Hraoui's algorithm, NPCR and UACI results are 0. The reason is that both the proposed algorithm and Zhang's algorithm use the mode of cipher block chaining to encrypt Figure 4a. Meanwhile, for the proposed algorithm, the variable x 0 and q of PWLCM are generated by the SHA-256 value of Figure 4a. Even if two images are very similar, but only one bit is different. Their hash values of SHA-256 are completely different [21]. The results imply that both the proposed algorithm and Zhang's algorithm are strong to withstand the differential attack.

Information Entropy Analysis
Information entropy can reflect the indeterminacy of image information. For an ideal encryption image, its information entropy is close to 8 [23]. For the gray image I, we describe the information entropy as: where m i is the ith gray level, and P(m i ) is the emergence probability of m i . For the plain image, its entropy value is 7.1206. For the encrypted images of the proposed algorithm, Zhang's algorithm, Kalubandi's algorithm and Hraoui's algorithm, their entropy values are given in Table 5. Simulation data display that all these four algorithms have the ability to resist the statistical attack.

Encryption Efficiency Analysis
The encryption efficiency is the significant performance for an encryption algorithm. The core encryption times can directly affect the encryption speed. For the proposed algorithm, Zhang's algorithm, Kalubandi's algorithm, and Hraoui's algorithm have their core operation is AES encryption times. The AES encryption times for these algorithms are given in Table 6. The unit is times. A 128-bit data block is encrypted with the encryption function of AES, i.e., AES e (·), viewed as once AES encryption times. The data in Table 6 view that the proposed algorithm can obviously reduce AES encryption times. We analyze the AES encryption times of these algorithms in detail as follows. (2) In Kalubandi's algorithm, authors encode the plain image with the Base64 standard. And then they encrypt the Base64 encoded text with AES. For the plain image with the size 512 × 512, it has 262,144 pixel values. Each Base64 code represents with 6 bits of the pixel value, so three 8-bit pixel values can be represented by four 6-bit Base64 codes. If there are only two pixel values, they can be represented by three Base64 codes. If there is only one pixel value, it can be represented by two Base64 codes [24]. Therefore, for the plain image, 262,144 pixel values can be encoded with 349,526 (i.e., (62,143/3 × 4) + 2) Base64 codes, where 262,143 is multiples of 3,262,143 pixel values can be encoded with 349,524 Base64 codes, and the last pixel value can be encoded with 2 Base64 codes. The plain image can be encoded with 349,526 Base64 codes in total. These Base64 codes can be converted into 21,846 (i.e., (349,520/16) + 1) 128-bit data blocks, where 349,520 is multiples of 16. The 349,520 Base64 codes can be converted with 21,845 128-bit data blocks, and the last 6 Base64 codes can be converted with one 128-bit data block. Therefore, to protect the plain image, this algorithm should encrypt 21,846 128-bit data blocks with AES e (·), i.e., 21,846 AES encryption times; (3) In Hraoui's algorithm, authors divide the image into 4 × 4 pixel blocks, and then encrypt them with AES directly. The plain image with the size 512 × 512 can be divided into 16,384 (i.e., (512 × 512)/16) pixel blocks. Therefore, to protect the plain image, this algorithm should encrypt 16,384 pixel blocks with AES e (·), i.e., 16,384 AES encryption times; (4) In the proposed algorithm, Alice groups 16 pixel values together to form a big integer number with the 128-bit length. We consider that the AES operation is more complex than the XOR operation. The proposed algorithm only encrypts the first big integer with Equation (7), i.e., only once AES encryption times, and encrypt other big integers with the previous encrypted big integer and chaotic big integers, i.e., Equation (8).

Conclusions
To protect the remote-sensing image, this paper presents an image encryption algorithm with AES and chaos. Simulation data display that the proposed algorithm is very strong to resist several commonly used attacks. Comparing with three similar algorithms, the superiority of the proposed algorithm is obvious in terms of the security and encryption speed.