New Step in Lightweight Medical Image Encryption and Authenticity

Abstract

Data security is critical, particularly in medical imaging, yet remains challenging. Many research efforts have focused on enhancing medical image security, particularly during network transmission. Ensuring confidentiality and authenticity is a key priority for researchers. However, traditional encryption methods are unsuitable for IoT environments due to data size limitations. Lightweight encryption algorithms that preserve confidentiality, integrity, and authenticity can address these limitations. This paper proposes an efficient, lightweight method to encrypt and authenticate medical images in healthcare systems. The approach splits images into diagonal and non-diagonal blocks, and then processes them in two phases: (1) non-diagonal blocks are permuted using inter-block differences and XORed with diagonal blocks for substitution; (2) diagonal blocks are encrypted via AES and enhanced CBC mode with a tag mechanism for integrity. Security tests (histograms, correlation, entropy, NPCR, UACI) verify the scheme’s robustness. The results show that the model outperforms existing techniques in efficacy and attack resistance, making it viable for medical IoT and smart surveillance.

1. Introduction

The security of personal information, particularly medical images, is crucial when it comes to data sharing. Various encryption and cryptographic frameworks have been developed to provide confidentiality to patient information on computer systems, as well as to secure transfer channels over the network [1,2]. In other words, digital images form sensitive data that need to be stored and transmitted carefully. When operating in an IoT environment, the transfer and storage of digital images require the implementation of secure algorithms and efficient methods that minimize both memory usage and computational overhead [3,4,5].

Image encryption depends on two approaches to construct cipher images and decrease the correlation between adjacent pixels: confusion and diffusion [6]. Confusion is often achieved by substituting each pixel in a digital image using a secret key-controlled substitution map to hide the values of the plaintext image [7]. Diffusion implies that if a single pixel is modified in the image, then about half of the pixels in the cipher image should change; diffusion supports a decrease in the correlation among adjacent pixels in the image.

The quality of image encryption relies on a set of parameters and metrics to evaluate the security and efficiency of the encryption algorithm. Some of them used to evaluate the diffusion characteristics include the Number of Pixel Change Rate (NPCR), mean square error (MSE) and peak signal-to-noise ratio (PSNR) [8]. Furthermore, computational time is an additional factor to consider, which implies the need for a lightweight encryption approach [1,3,9,10].

Much of existing research [1,2,3,6,9,10,11,12,13] has utilized lightweight encryption specifically designed for medical images because it (1) allows fast access to emergency diagnosis while maintaining security, (2) preserves the integrity of DICOM (Digital Imaging and Communications in Medicine) metadata, (3) meets strict healthcare privacy requirements and laws (HIPAA/GDPR), and (4) optimizes performance for high-resolution medical scans in hospital systems [5,14]. However, expected results do not cover the three CIA principles (confidentiality, integrity, authenticity) alongside encryption speed in their strategy [15]. To meet this requirement, this work proposes a lightweight image encryption algorithm that considers the three CIA principles in addition to the speed of encryption. The lightweight image encryption algorithm employs interblock encryption, which divides the image into blocks and encrypts the non-diagonal blocks with the diagonal blocks using interlocking encryption proposed in [16], while diagonal blocks are secured using an enhanced AES-CBC scheme to effectively uphold the CIA principles [17].

Our research aims to answer the following research questions:

• Is there an efficient algorithm that provides fast and secure encryption for medical images in IoT? We propose a novel combination of two algorithms—one optimized for lightweight performance and another designed to preserve image integrity and authenticity—to address this challenge.
• Can interblock encryption techniques reduce computational overhead and encryption time while maintaining robust security metrics? We evaluated this through comprehensive testing scenarios that compared different block-based encryption approaches.
• Does our enhanced encryption approach preserve image authenticity better than existing methods? We analyze this through rigorous security metric evaluations.
• Does our method of combining interconnected block encryption with optimized AES-CBC operations significantly reduce processing time compared to whole-image encryption? We demonstrate this through comparative-time measurements that focus on diagonal block processing.

The significant contributions of this work are summarized as follows:

• A multi-phase cryptographic method was designed for medical images (encryption and authentication). This multiphase method combines two algorithms: the first is used for fast image encryption, and the second concerns image authentication.
• This combination of algorithms encrypts only part of the image (diagonal blocks) using AES instead of encrypting the whole image while preserving the security of the other block with an enhanced AES-CBC that preserves data authentication.
• Our method minimizes the limitations of the two previous approaches by adding an authentication tag while reducing the time required by the enhanced AES-CBC.
• The performance of the proposed method was analyzed in terms of histogram consistency analysis, information entropy (IE), (NPCR), (UACI), (MSE), (PSNR), and time complexity (TC).

The remainder of this paper is organized as follows. In Section 1, related works are reviewed, and in Section 3, the proposed methodology is presented. Then, Section 4 presents the performance analysis and evaluation of the proposed methodology, and the comparison of the results obtained with the existing methods is discussed in Section 5. Finally, Section 6 concludes the findings and results of our research.

2. Related Works

Extensive research has been conducted on lightweight encryption and how it affects the privacy of images in transit between nodes in IoT. The following literature review examines a range of image encryption methodologies, specifically lightweight mechanisms that are designed to enhance security without imposing excessive computational overhead.

An improved AES algorithm was developed to meet the lightweight and dynamic requirements of IoT devices, enhancing efficiency while maintaining security, as detailed in [5]. This improved algorithm delivers enhanced security and lightweight computation for encrypting images and text. Key generation appears in two steps: first, using a sensitive chaotic procedure, and second, using a three-dimensional Lorenzo function [5]. Additionally, ref. [14] integrated a Henon map, with the AES algorithm encrypting plain images. The Henon map generated a random key for the encryption phase, improving security and resisting more attacks. The results indicated that their method performs well when encrypting images.

Based on the first attempt adopted, ref. [18] proposed a chaotic system-based image encryption scheme. Researchers such as [19,20] presented an efficient image encryption algorithm that integrates the logistic map, the AES S-box, and permutation techniques [19] using SHA-2, using plaintext images (initialization vector and pre-shared key) to generate the initial parameters of the logistic map. Then, a logistic map is chaotically used to create random numbers, which is the core of permutation and substitution. The authors evaluated their method using 18 metrics: correlation coefficient, entropy, mean square error, peak signal-to-noise ratio, maximum deviation, irregular deviation, unified average changing intensity, keyspace and key sensitivity analysis. The experimental results demonstrated that their proposed algorithm is $15.33$ times faster than other encryption methods. In contrast, a two-dimensional parametric polynomial chaotic system (2D-PPCS) was proposed to solve weaknesses in existing chaotic systems for engineering applications [21].

Similarly, some approaches designed an Image Encryption Approach Based on a 4D Hyperchaotic Map (4DHCM) and DNA Encoding Methods [22,23]. Another study [4] presented a lightweight cryptosystem to encrypt medical images. This approach is based on Henon’s chaotic map, Chen’s chaotic system, and Brownian motion. In [7], they studied the chaotic-based lightweight imaging technique. Based on two chaotic maps, Arnold and Logistic, for lightweight image encryption, they investigated various sets of images, such as medical, underwater, and texture images. Investigations have produced the most significant entropy of $7.9920$ for medical images (chest radiographs), and the average encryption and decryption times have been $3.9771 \mathrm{s}$ and $3.1447 \mathrm{s}$.

In [24], an image encryption method that uses compressive sensing and a modified seven-dimensional hyperchaotic map (MSD) were introduced to produce more secure and complex secret keys. Ultimately, creating encrypted images involves performing diffusion and permutation on compressed images in row and column formats, utilizing the secret keys generated from the MSD. The authors Feng et al. [25] proposed MIEA-PRHM, an innovative image encryption algorithm that integrates pixel reorganization with dual hyperchaotic maps to improve both security and computational efficiency. The scheme demonstrates high encryption throughput and strong robustness, making it suitable for real-time image protection applications. A robust image encryption scheme was proposed using a novel 2D hyperchaotic map (2D-SQPM) integrated with a pixel fusion technique, significantly enhancing the complexity and security of the encryption process. This method [26] proves to be highly effective in protecting sensitive image data in high-security environments.

The work in [10] presents an efficient and lightweight encryption technique designed to protect secure images in the healthcare sector. The method utilizes two permutation processes and assumes a 256-bit encryption framework, dividing the binary representation of the image into 16 sub-blocks of 16 bits each for processing.

The study [27] introduces a two-dimensional memristor-enhanced polynomial hyperchaotic map (2D-MPHM) integrated into a multichannel image encryption algorithm (MIEA-MPHM). This combination achieves high security and efficiency, with an average encryption rate of 87.2798 Mbps, making it suitable for real-time applications. Another study using the stream cipher in [9] proposed an image encryption scheme that uses a non-linear feedback shift register (NLFSR) with DNA calculations. The process begins with the permutation of the image, which is achieved using a pseudorandom sequence generated by an NLFSR-based keystream generator. This is followed by substituting the values of the pixels through DNA calculations in CBC mode. Ref. [12] proposed a secure transmission method that utilizes the idea of compressed sensing (CS) for IoT environments. They used compressed sensing and reconstruction tools for efficient image encryption. The suggested approach delivers low computational cost.

Most of these studies focus on reducing encryption time while neglecting many of the NIST security metrics for differential attacks. Our study aims to reduce the time required for encryption and authentication without compromising key NIST metrics.

3. Background and Proposed Methodology

This section presents the fundamental background concerning the well-known Advanced Encryption Standard (AES) and explains our proposed methodology.

3.1. Background to AES and CBC

AES is a symmetric key encryption algorithm established by the US National Institute of Standards and Technology (NIST) as the standard to secure digital data [28]. AES is available in three variants, AES-128, AES-192, and AES-256, distinguished by their respective key lengths, which determine the number of encryption rounds applied during the process.

AES encryption involves four core operations: AddRoundKey, SubBytes, ShiftRows, and MixColumns. In the 128-bit version, the encryption process consists of ten transformation rounds [29]. The first nine rounds apply all four operations, while the final round omits MixColumns. Decryption follows the inverse sequence of these operations to recover the original plaintext.

The security of AES is further enhanced when implemented in CBC mode, which introduces randomness and interdependence between data blocks. In CBC mode, each plaintext block is XORed with the previous ciphertext block prior to encryption, ensuring that identical plaintext blocks result in different ciphertexts [30]. To protect the first block from producing predictable patterns, an initialization vector (IV) is used to introduce randomness into the encryption process.

3.2. Proposed Model

The proposed model is divided into two main sections. First, the image is divided into sub-blocks. The diagonal sub-blocks remain unchanged. The differences between blocks of pixels are calculated and represented in a 9-bit binary for each row. Finally, diagonal sub-blocks in each row are XORed with their corresponding row sub-blocks. The resulting values are termed new blocks. In the second section, the diagonal sub-blocks are then encrypted using an enhanced AES-CBC technique.

3.3. Proposed Model—Diagonal Block Encryption

The framework for the proposed lightweight medical image processing is illustrated in the first phase, as shown in Figure 1 in [16]. Several crucial pre-processing steps are necessary to minimize the size of the encryption and authentication process described in the second subsequent phase. Initially, the medical image is divided into sub-blocks using varying window sizes tailored to the image’s dimensions. For simplicity, we consider an image with a size of $64\times 64$ and use a window size of $4\times 4$, resulting in 16 sub-blocks. This configuration yields 16 sub-blocks $(S{B}_1,S{B}_2,\dots ,S{B}_{16})$. We leave the diagonal sub-blocks $(S{B}_1,S{B}_6,S{B}_{11},S{B}_{16})$ unchanged for our demonstration. In the first row, we calculate the difference in pixel density between blocks between SB1 and the other sub-blocks, producing the results represented as $(D_1,D_2,D_3)$. The same process is then applied to the remaining three rows. Each block pixel is represented using 9 bits, where the first bit indicates the sign, and the remaining bits represent the binary value corresponding to the pixel. After converting all sub-blocks into a $9$-bit binary format, the diagonal sub-blocks in each row are XORed with their respective row sub-blocks. The resulting values are termed new blocks (NBs). Figure 2 shows an example of the encryption of Lena’s image with size $256\times 256$ using sub-block size $16\times 16$. Finally, all diagonal sub-blocks $(S{B}_1,S{B}_6,S{B}_{11},S{B}_{16})$ are encrypted using an enhanced AES-CBC technique referenced in [17]. Blocks encrypted by enhanced AES-CBC are illustrated in Figure 3.

3.4. Proposed Model-Enhanced CBC AES Integration

The second phase involves encrypting diagonal image blocks using the enhanced AES method proposed in [17]. This approach not only ensures data confidentiality, but also introduces mechanisms for data authentication. The remaining diagonal blocks will undergo the following steps for processing: Diagonal sub-blocks $(S{B}_1,S{B}_6,S{B}_{11},S{B}_{16})$ are processed exclusively using the enhanced CBC mode with AES, using the key $K_1$. Each encrypted sub-block is then input into a hash function along with a different key, employing the original CBC mode before proceeding to the subsequent AES round. The output of each hash function for the respective blocks is XORed with the hashes of the remaining blocks, producing a composite hash tag using Formula (1).

$$C_i=E_{k_1}(\mathrm{Hash}(C_{i-1},k_2)\oplus P_i).$$

(1)

The final output of the encryption process consists of $(C_1,C_2,C_3,C_4,Tag).$ The C values represent the encrypted blocks that ensure the confidentiality of the diagonal sections, while the tag maintains the integrity and authenticity of the image. By integrating inter-block encryption with enhanced AES-CBC, we can reduce the encryption time required compared to the enhanced AES-CBC. This approach provides additional confidentiality using two keys, $K_1$ and $K_2$, along with the hashing of the tag value. Although enhanced AES-CBC introduces some overhead and requires additional time for encryption, focusing the encryption process solely on diagonal blocks is expected to optimize the encryption speed while adequately addressing privacy concerns. Figure 4 illustrates the encryption effects on a 512 × 512 colored Lena image using the proposed approach. Meanwhile, Figure 5, Figure 6, Figure 7 and Figure 8 demonstrate the application on grayscale images.

The security comparison in

Table 1. Comparative analysis of encryption schemes.

Feature	Proposed Model	Existing Techniques [16]
Key Configuration	Dual 256-bit keys ($K_1$, $K_2$) with HKDF derivation	Single 128-bit key, no key derivation
Authentication	Authenticated encryption with HMAC-SHA256 tag: $\tau ={⨁}_{i=1}^{4}H(C_i\left|\right|K_2)$	No built-in authentication
Integrity Protection	128-bit tag with $Pr\left[\mathrm{Col}\right]\le 2^{-128}$	No integrity or weak checksums
Plaintext Sensitivity	$Pr[C_i=C_j|P_i\ne P_j]\le \mathrm{negl}\left(\lambda \right)$	Visible patterns when $P_i=P_j$
CPA Security	IND-CPA secure: $\left|Pr[{\mathcal{A}}^{\mathrm{Enc}}=1]-{\displaystyle \frac{1}{2}}\right|\le \mathrm{negl}\left(\lambda \right)$	Distinguishable outputs
Medical Imaging	Secure for all pixel values ($\Delta S{B}_i\perp \perp P_i$)	Vulnerable to uniform regions

demonstrates the cryptographic advantages of our proposed model. The notation uses $\mathrm{negl}\left(\lambda \right)$ for a negligible function in security parameter $\lambda$, $K_1$ and $K_2$ for encryption and authentication keys, $\tau$ for the integrity tag, H for a cryptographic hash function, $Pr\left[\mathrm{Col}\right]$ for collision probability, $P_i$ and $C_i$ for plaintext and ciphertext blocks, respectively, and $\perp \perp$ for statistical independence. Our scheme provides provable security guarantees including IND-CPA security and integrity protection, addressing vulnerabilities present in conventional approaches while maintaining computational efficiency for medical imaging applications.

4. Experimental Results and Analysis

This section outlines the experimental environment and evaluates how varying block sizes affect encryption performance. The analysis aims to identify an optimal balance between encryption speed and image quality.

4.1. Experimental Setup

We conducted the test using Google Colab, a cloud-based Jupyter Notebook v4.0, single-core CPU (12.7 GB RAM) and intermittent NVIDIA GPUs (T4/K80), with 78 GB temporary storage. Environment that gives free access to computational resources such as GPUs along with pre-installed libraries. The implementation was completed in Python 3.9/3.10.

Window Block Size

The size of the window plays an essential role in our experiment and the evaluation of the method. An experiment was carried out to select the best window block size for a preliminary setup by choosing a 512 × 515 image size and the block size of the variant $(4,8,16,32,64)$.

Table 2. Summary of image quality metrics for images $512\times 512$.

Image Type	Block Size	Encryption Time (ms) *	UACI	NPCR	PSNR (dB)	MSE	Entropy	Correlation
Lena	4	18,877	28.8983	99.8203	9.0844	8028	7.7066	0.0020
	8	3325	28.9005	99.8199	9.0809	8035	7.7095	−0.0019
	16	307	28.8623	99.8280	9.0971	8005	7.7264	−0.0004
	32	96	28.9453	99.8074	9.0851	8027	7.7348	−0.0003
	64	26	29.0000	99.8325	9.0835	8030	7.7771	−0.0006
Chest X-ray	4	17,959	30.8225	99.7913	8.4745	9239	7.6810	−0.0001
	8	3794	30.7640	99.7990	8.4983	9188	7.6691	−0.0033
	16	344	30.8242	99.7925	8.4800	9227	7.6771	0.0043
	32	72	31.1255	99.7925	8.4002	9398	7.6704	−0.0103
	64	25	30.6485	99.8436	8.5866	9003	7.5541	0.0063
Brain X-ray	4	17,488	32.0671	99.7498	8.0461	10196	7.5588	0.0150
	8	2017	31.2405	99.7253	8.2597	9707	7.5936	0.0349
	16	314	30.1336	99.7410	8.5252	9131	7.5168	0.0888
	32	74	29.5874	99.8138	8.6297	8914	7.5093	0.0890
	64	28	28.0979	99.6494	8.8058	9068	6.9846	0.1486

* Encryption time in milliseconds.

presents different experiments, and the encryption results reveal that increasing the block size significantly reduces the encryption time, with values dropping from more than 18,000 ms for a block size of 4 to just 26 ms for a block size of 64 in the Lena image. Despite the efficiency gained, the quality metrics show a trade-off; while UACI and NPCR remain high across all block sizes, indicating robust security, the PSNR values are relatively low (ranging from $8.0461$ to $9.0844$), suggesting considerable distortion in the encrypted images. This is further supported by the MSE values, which indicate higher error levels for images such as the chest and brain compared to Lena. Entropy values hover around $7.5$ to 8, reflecting good randomness in the encrypted output, while correlation values remain low, demonstrating effective pixel scrambling.

Larger block sizes (32–64) are advisable for applications where speed is critical, whereas smaller block sizes (4–16) may be better suited for scenarios prioritizing image quality, such as medical imaging. A balanced approach, perhaps using a block size of 16, could provide a compromise between encryption speed and acceptable image encryption quality.

4.2. Visual-Histogram Analysis

We initially anticipated that some of the visualized results would validate our experimental findings. The proposed scheme was first tested using Lena’s image to demonstrate all the steps involved in the encryption and decryption phases. Various grayscale medical images were then used, including those of the chest, brain, and MRI, to further validate our results. The repeated numerical values in the pixels can be represented by the image’s histogram; for the encrypted images, we expect the histogram to exhibit a uniform distribution due to the high level of encryption and security provided by the algorithm, which promotes uniformity. In the first phase of the proposed scheme, we present the outputs of Lena’s image, showcasing the encryption of the diagonal blocks using Enhanced-AES as well as the full encryption implementation, as illustrated in Figure 5, Figure 6, Figure 7 and Figure 8. The results of the encryption histogram for medical images and various images are depicted in subsequent Figure 9, Figure 10, Figure 11 and Figure 12.

4.3. Correlation Analysis

The correlation between the plain image and the encrypted one was measured between the pixels in the vertical, horizontal, and diagonal directions. Highly secure image encryption algorithms hold zero or small correlations between adjacent pixels [11].

Table 3. Correlation coefficients for original images and encrypted images.

Image Type	Image Name	Size	Horizontal	Vertical	Diagonal	Anti-Diagonal
Miscellaneous	Lena	128 × 128	−0.0128	−0.0092	−0.0067	−0.0068
		256 × 256	−0.0052	−0.0039	0.0071	0.0057
		512 × 512	−0.0067	−0.0011	−0.0003	−0.0077
	Baboon	128 × 128	−0.0132	−0.0127	−0.0160	−0.0176
		256 × 256	−0.0140	−0.0128	−0.0083	−0.0169
		512 × 512	−0.0129	−0.0042	0.0069	0.0015
	Pepper	128 × 128	−0.0110	−0.0039	0.0031	−0.0339
		256 × 256	0.0001	−0.0004	−0.0013	0.0048
		512 × 512	−0.0015	−0.0023	0.0002	−0.0061
Medical Images	Chest X-ray	128 × 128	−0.0071	−0.0046	0.0080	−0.0030
		256 × 256	−0.0021	0.0016	0.0123	0.0074
		512 × 512	−0.0122	−0.0103	0.0068	−0.0097
	Brain X-ray	128 × 128	0.0493	0.0718	0.0733	0.0586
		256 × 256	0.0342	0.0247	0.0159	0.0221
		512 × 512	0.0420	0.0349	0.0032	0.0462
	MRI	128 × 128	0.0693	0.1066	0.1256	0.0972
		256 × 256	0.0942	0.1574	0.1176	0.1504
		512 × 512	0.1471	0.2091	0.1956	0.1963

records the results of the correlation of plain and encrypted images in three directions, i.e., vertical, horizontal, and diagonal. It is obvious that correlation values are extremely low for encrypted images. Our method exploits a result comparable to that in previous work.

4.4. Differential Attack Analysis

Another test from NIST is to make the algorithm robust to differential attacks. The first two tests can provide excellent insight into (1) NPCR and (2) UACI. Different tests will be discussed in detail below.

4.4.1. Number of Pixel Change Rate

The changing of pixel values between the encrypted images and the original image can be computed via the NPCR test when the mathematical formula of NPCR is

$$\mathrm{NPCR}={\displaystyle \frac{{\sum }_{i,j}D(i,j)}{M\times N}}\times 100\%$$

(2)

where

• $D(i,j)$ is 1 if the pixel values of the two images at position $(i,j)$ are different, and 0 if they are the same.
• M is the number of rows in the image.
• N is the number of columns in the image.

Suppose that the two images have the same value. Then, $D(i,j)=0,$ while $D(i,j)=1$ in the opposite case. The upper boundary of the NCPR is $100\%$, while for a reasonable cryptosystem, the NCPR value should be $99.5\%$ or higher.

4.4.2. Unifed Average Changing Intensity

The UACI calculates the intensity changes between the encrypted image and the original image, explicitly reflecting the result of a single-pixel discrepancy in the corresponding original image. This computation involves comparing the pixel values of the original and encrypted images to assess the degree to which the encryption method has altered the pixel intensities. Equation (3) below shows the calculation part. An acceptable UACI value is approximately $33\%,$ suggesting that about one-third of pixel intensities change significantly with a single-pixel modification in the original image. The UACI values for the proposed method are recorded and presented in

Table 4. Summary of image quality metrics for selected images.

Image Type	Image Name	Size	NPCR	UACI	PSNR	MSE	Entropy
Miscellaneous	Lena	128 × 128	99.8047	28.9107	9.1020	7996	7.7000
		256 × 256	99.8062	28.8822	9.0873	8023	7.7298
		512 × 512	99.8074	28.9453	9.0851	8027	7.7348
	Baboon	128 × 128	99.8962	27.0366	9.7914	6822	7.7285
		256 × 256	99.8810	27.4147	9.6572	7036	7.7472
		512 × 512	99.8722	27.6637	9.5497	7213	7.7573
	Pepper	128 × 128	99.7803	30.2863	8.6511	8871	7.6659
		256 × 256	99.7879	30.4230	8.6052	8965	7.7263
		512 × 512	99.7986	30.4434	8.5888	8999	7.7306
Medical Images	Chest X-ray	128 × 128	99.8169	30.7014	8.5136	9156	7.6752
		256 × 256	99.7772	30.8207	8.4704	9248	7.7069
		512 × 512	99.7925	31.1255	8.4002	9399	7.6704
	Brain X-ray	128 × 128	99.6887	30.3083	8.4930	9200	7.5404
		256 × 256	99.7406	28.9268	8.8088	8555	7.4166
		512 × 512	99.7253	31.2405	8.2597	9708	7.5936
	MRI	128 × 128	99.7681	30.5029	8.5361	9109	7.7213
		256 × 256	99.7665	29.5381	8.8278	8517	7.7087
		512 × 512	99.7284	28.2058	9.2200	7782	7.6752

.

$$UACI={\displaystyle \frac{1}{MN}}\sum _{i=0}^{M-1}\sum _{j=0}^{N-1}{\displaystyle \frac{|C_1(i,j)-C_2(i,j)|}{255}}\times 100$$

(3)

4.5. Pixel’s Inconsistency Analysis

4.5.1. Mean Square Error

The MSE is a quantitative metric for evaluating the average squared variations between the corresponding pixel values in two images. It is a helpful tool for assessing the results of encryption methods, especially in the Avalanche effect. The idea is that a modification in plaintext creates unpredictable and robust cipher images, and MSE evaluates the quantitative response to the encryption method against any possible side-channel attack.

$$\mathrm{MSE}={\displaystyle \frac{1}{N}}\sum _{i=1}^N{(I_1\left(i\right)-I_2\left(i\right))}^2$$

(4)

where

• $I_1$ is the original image;
• $I_2$ is the encrypted image;
• N is the total number of pixels.

4.5.2. Peak Signal-to-Noise Ratio

The PSNR is another metric used to evaluate the efficiency of the image encryption method. A high PSNR value states that important information between the input and the decrypted image is not lost. A lower PSNR value between the original image and the respective encrypted image states that the encryption algorithm is efficient, which is desirable for an encryption algorithm. The table shows minimal PSNR between the input and its respective encrypted images. The general formula for the PSNR is

$$\mathrm{PSNR}=-10·{log}_{10}\left({\displaystyle \frac{R^2}{\mathrm{MSE}}}\right)$$

(5)

where R is the maximum possible pixel value of the image (e.g., 255 for an eight-bit image).

4.5.3. Entropy Analysis

Entropy, as presented by Claude E. Shannon in [31], is a critical criterion of unpredictability and randomness in information theory. Shannon’s idea of information entropy quantifies the uncertainty present in communication systems. The mathematical formulation for calculating the information entropy is articulated as follows:

$$H\left(m\right)=-\sum _{i=0}^{N-1}p\left(m_i\right){log}_{2}p\left(m_i\right).$$

(6)

where $p\left(m_i\right)$ is the probability of the symbol $m_i$, and N is the number of bits representing $m_i$. For a random source that generates symbols $2^K$, the entropy value is K. In grayscale images with 256 levels (that is, $2^8$), the ideal entropy is 8, but practical values are usually less.

4.6. Key Space and Sensitivity Analyses

The key space is the collection of all feasible keys that any cryptosystem could use. To provide adequate protection against brute-force attacks, the key space for an encryption system must be greater than $2^{100}$[32]. The proposed algorithm relies on two 256-bit keys: an AES-256 encryption key ($K_1$) and an HMAC-SHA256 authentication tag key ($K_2$) to encrypt diagonal blocks, each with a keyspace of possible values $2^{256}\approx 1.16\times {10}^{77}$. The combined keyspace of $2^{512}\approx 1.34\times {10}^{154}$ provides theoretical security against brute-force attacks, even considering quantum adversaries.

A secure encryption scheme must demonstrate high sensitivity to minor key modifications [33]. To evaluate this property, we encrypted a grayscale image $512\times 512$ using key $K_1$ and attempted decryption with $K_2$ (differing by one bit). The proposed scheme successfully prevented image recovery with the incorrect key, demonstrating strong key sensitivity.

Quantitative analysis yielded NPCR and UACI values of $99.59\%$ and $33.84\%$, respectively, between images decrypted with $K_1$ and $K_2$. These results closely approach ideal values, which confirms that Figure 13 illustrates the key sensitivity test for the suggested method. The results indicate that the technique produces completely different decrypted images when decrypting the same image with keys that differ only by one bit:

• Minimal key changes produce completely different ciphertexts;
• The scheme effectively prevents decryption with similar keys.

4.7. Computational Complexity Analysis

The computational complexity plays an essential role in our method, as it uses interblock encryption in addition to the encryption of diagonal blocks. Typically, in our approach, as the image size increases, both the encryption and decryption times also rise. Another important factor in our method is the block size. To maintain consistency, we fixed the image sizes and block window sizes as follows: for a 128 × 128 image, the block window size is 8; for a 256 × 256 image, the block size is 16; and for a 512 × 512 image, the block window size is 32. Performance related to time complexity is presented in

Table 5. Analysis of obtained computational complexity in terms of time.

Type	Title	Size	Encryption	Decryption	Metric
Miscellaneous	Lena	128 × 128	46	43	ms
		256 × 256	52	54	ms
		512 × 512	81	83	ms
	Baboon	128 × 128	42	47	ms
		256 × 256	52	56	ms
		512 × 512	82	88	ms
	Pepper	128 × 128	46	48	ms
		256 × 256	53	52	ms
		512 × 512	85	86	ms
Medical Images	Chest X-ray	128 × 128	47	47	ms
		256 × 256	54	57	ms
		512 × 512	79	83	ms
	Brain X-ray	128 × 128	41	43	ms
		256 × 256	53	56	ms
		512 × 512	86	88	ms
	MRI	128 × 128	45	47	ms
		256 × 256	55	60	ms
		512 × 512	75	80	ms

. From this table, we observe that there is a slight difference between the encryption and decryption times, with encryption generally requiring more time than decryption.

5. Discussion

This section evaluates the proposed encryption algorithm in comparison to existing methods, focusing on key performance indicators. Metrics such as PSNR, NPCR, UACI, entropy, and time complexity are analyzed to highlight improvements in both security and efficiency. The following

Table 6. Comparison of the proposed method with those in previous work.

Algorithm	Image Size	PSNR	NPCR	UACI	Entropy	Avg. Enc/Dec Time
[4]	512 × 512	7.74	99.62	33.65	7.9995	1.53 s
[16]	256 × 256	-	-	31.455	7.8	41 ms
[7]	512 × 512	9.808	99.54	26.51	7.9762	9.51 s
[24]	256 × 256	8.4021	99.69	33.42	7.9997	-
[10]	512 × 512	-	-	33	7.98	3 s
[17]	512 × 512	-	-	-	-	0.52 s
[11]	512 × 512	-	99.62	33	7.8	22 s
[9]	256 × 256	-	99.64	30.752	7.9967	0.05 s
P-16 1	512 × 512	9.0851	99.807	31.1255	7.7298	81 ms
P-32 1	256 × 256	9.0873	99.806	31.1236	7.7348	41 ms
P-64 1	512 × 512	9.0835	99.833	29.011	7.7771	26 ms

¹ P: proposed model (P-16, P-32, and P-64 denote block sizes of 16 × 16, 32 × 32, and 64 × 64.

presents the comparison of the evaluation with previos work.

Comparison of various algorithms reveals notable differences in performance metrics, including PSNR, NPCR, UACI, entropy, and time complexity. Most existing algorithms, such as those of [4,7], demonstrate varying degrees of effectiveness, with PSNR values ranging from 7.74 to 9.808 for image sizes of 512 × 512. In contrast, the proposed model presents a more comprehensive view of implementation in various block sizes. In particular, with a block size of 32, the suggested method obtains a PSNR of 9.0851 and an excellent NPCR of 99.8074, which presents high protection against differential attacks. Furthermore, the entropy measure E = 7.7298 also suggests satisfactorily distributed outputs, which would mean that the randomness of the resultant encrypted images is increased.

It is further understood that the time complexity of the proposed model is reasonable since it took 81 ms to encrypt a 512 × 512 image and 41 ms for a 256 × 256 image with a block size of 16. These performance metrics put into perspective the potential weaknesses that the technique has in terms of high-quality encryption and low computational costs. Overall, the proposed model demonstrates considerable performance metrics, making it suitable for implementation in lightweight image encryption schemes without the problems posed by existing algorithms. Furthermore, our approach, with some additional tuning and optimization, could enhance its PSNR, UACI, and entropy performance, further boosting its competitiveness.

6. Conclusions and Future Works

This research highlights the importance of lightweight and secure encryption techniques that uphold the core principles of confidentiality, integrity, and availability (CIA) for safeguarding medical images. A novel two-phase cryptographic system was proposed, where the first phase encrypts non-diagonal blocks using XOR operations with diagonal blocks to achieve fast and efficient encryption. The second phase applies an enhanced AES in Cipher Block Chaining (AES-CBC) mode to the diagonal blocks, ensuring robust data authentication and enhancing overall security. This combination provides a balanced approach that reduces computational overhead while maintaining a high level of protection.

The proposed method significantly advances state-of-the-art image encryption by introducing a selective encryption scheme that targets only parts of the image, thereby reducing processing time without compromising security. This hybrid approach minimizes the limitations of traditional full-image encryption methods by incorporating authentication tags and optimizing the usage of AES-CBC. The system was rigorously evaluated through various performance metrics, including histogram consistency, adjacent pixel correlation analysis, information entropy NPCR, UACI, MSE, PSNR, and time complexity. The results demonstrate that the proposed approach outperforms existing solutions in terms of reliability, efficiency, and suitability for medical applications based on IoT. Future work may explore extending this methodology using stream cipher alternatives or lightweight algorithms such as PRESENT to further improve performance and adaptability in constrained environments.