Figure 6.1: Principle diagram of sequence cipher system.

Figure 6.2: Principle diagram of block cipher system.

Figure 6.3: Relationship between chaos theory and traditional cryptography.

and decryption process is

where K is the key stream generated by chaotic system. X is plaintext, and Y is ciphertext, and ⊕ is XOR operation.

It is a good encryption method by taking the chaotic sequence as key stream and using a one-time pad cryptosystem, but due to computer finite precision effect, chaotic sequence will eventually be periodic. How to produce a longer cycle, better random chaotic sequence is the key for an encryption algorithm, therefore, researchers have proposed a variety of schemes [131–133].

Figure 6.4: Block diagram of chaos sequence encryption/decryption.

where xn ∈ V and n = 0, 1, 2, 3, . . . , xn is the system state. T: V → V is a map. If the initial value is x0, then we can get a sequence {xn, n = 0, 1, 2, 3, . . .} by iteration operation.

In this section, Logistic map is employed to design an encryption algorithm, and its equation is

where μ ∈ (0, 4], xn ∈ (0, 1). The Lyapunov exponent of the system with the parameter varying is shown in Figure 3.2. When, μ ∈ (3.5699 . . . , 4], it is chaotic.

For an encryption communication, both the initial value sensitivity and randomness of the signal are important. The stronger sensitivity and better randomness can lead to higher security. These characteristics can be described by probability statistics, mean value, autocorrelation, and cross-correlation, as shown in Section 3.1.1.

For Logistic map, when μ = 4, the mean value of the chaotic sequence is constant, and the autocorrelation is delta function and the cross-correlation is zero. Its probability statistics property is similar to that of the white noise with zero mean (as shown in Figure 6.5). So the Logistic map is suitable for information encryption. In addition, Logistic map basically satisfies the definition of the secure chaotic system. Therefore, Logistic map can be applied in digital communication and multimedia security.

6.2.3Chaotic Encryption Model and Algorithm

To encrypt digital signal, we need to turn the real number sequence {xk} to pseudorandom sequence [134], which is taken as a key sequence. The simplest way is to obtain a new integer by selecting a few digits after the decimal point of the xk. The encryption/decryption model based on Logistic map is shown in Figure 6.6.

Based on the model above, an encryption algorithm is designed, and the flow chart is shown in Figure 6.7. Taking into account the randomness and encryption speed, we chose the interval of pseudo-random sequence number N = 5. yi is 4th,5th, 6th, bit following the decimal point of xi, which can improve the ability to resist plaintext attack. In order to decrease the influence of the transition process, it is appropriate to discard the previous 2,000 iterations. In addition, it is difficult for users to remember the password with two floating-point values, so the first step includes a process of mapping the strings remembered by the user to x0 and μ. The encryption algorithm is presented as follows:

Figure 6.5: Probability density distribution of Logistic map.

Figure 6.6: Chaotic encryption/decryption model.

Figure 6.7: Flow chart of chaotic encryption/decryption algorithm.

Figure 6.8: Relationship diagram of encryption software modules.

Figure 6.9: State transition diagram of the main control module.

It is a quadratic equation with one unknown. If the interval number is N, then the relationship between xn and xn+1 becomes one-dimensional equation of N degrees.

6.2.5.2Statistics Distribution of Ciphertext

Whether the statistics distribution of encrypted data is uniform is an important index to evaluate the encryption algorithm.

Theorem 6.1: If the chaotic sequence is completely random, the encrypted data is subject to the uniform distribution.

Proof. The plaintext and chaotic (key) sequence is considered as a byte of data stream, and we take a byte of plaintext m and key k randomly from them. Supposing that the value of m is different, that is, the probability is unequal for one bit to be “0” or “1,” then the appearance of “0” or “1” is independent. If the probability of “1” is p, then the probability of “0” is 1–p. The chaotic (key) sequence satisfies the performance of white noise for the ideal state; that is, “0” or “1” appearing at each bit has the same probability of 0.5, and then the probability of appearing “1” in the ith bit of ciphertext c is

The probability of appearing “0” in the ith bit of ciphertext c is

Obviously, the probability distribution of the ciphertext is uniform. ∎

6.2.5.3Experiment Results

The chaotic encryption software is designed by employing modular design method and multithread technology. If both communication sides have the same key and the encryption software, they can realize the encryption transmission of the information.

The software can encrypt not only the text file, but also the bitmap file. Figure 6.10 is the result of a bitmap encryption. Figure 6.10(a) is the plaintext image. Figure 6.10(b) is the encrypted image. Figure 6.10(c) is the decrypted image. Compared with Figure 6.10(a), Figure 6.10(c) is clear and accurate without distortion. Figure 6.10(d) is the decryption image with small deviation of key, and obviously it cannot be decrypted correctly.

Data encryption standard (DES) is a relatively good symmetric encryption algorithm. Rivest-Shamir-Adleman (RSA) proposed by Rivest, Shamir, and Ademanis is an outstanding representative of the public key algorithm. Now, the chaotic encryption algorithm is compared with the DES and RSA encryption algorithm by encrypting/decrypting Lena image, and the results are shown in Table 6.1. Obviously, chaotic encryption has advantages in encryption speed and security.

It should be pointed out that the software is mainly suitable for static data encryption. In order to realize the real-time data stream encryption, we must solve the problems, such as fault tolerance, synchronization, delay, and so on, which will be researched in the seventh chapter.

6.3Binary Watermark Image Encryption Algorithm Based on Chaos

Chaotic sequence is a kind of pseudo-random sequence. It has a simple form and is very sensitive to initial conditions and has statistical properties of white noise. These characteristics can meet the requirements of the security of digital watermarking technology. Therefore, chaos-based digital watermarking is becoming a hot topic.

Figure 6.10: Image encryption results: (a) original image; (b) encrypted image; (c) correct decryption image; and (d) decryption image with key change for 10–14.

6.3.1Improvement of Chaotic Pseudo-Random Sequence Generator

Aiming at the defects of various chaotic sequence generators, many researchers have put forward the improvement schemes, which mainly include the following two methods.

6.3.1.1Improvement of Traditional Chaotic Sequence Generator

This method focuses on improving the traditional chaotic sequence implementation algorithm, and it includes two types. One is to improve the single traditional chaotic sequence, such as piecewise linear chaotic sequence, Chebyshev chaotic sequence, and so on. In order to enhance security, we can consider using multiple chaotic systems. For example, the output of the two chaotic systems can be combined to generate pseudo-random bit stream, such as the combination of logistic map and tent map. In addition, the new algorithm for generating uniform pseudo-random number is studied [135], and spatiotemporal chaotic system is tried to generate pseudo-random numbers [136].

6.3.1.2New Secure Chaotic System

At present, along with the emergence of the improved algorithm of the traditional chaotic sequences, some new chaotic sequence generators have been put forward. Among them, the TD-ERCS chaotic system has good cryptographic properties due to its discreteness, global chaos, global zero correlation, huge parameter and initial value space, and strong anti-degradation ability [137, 138]. So TD-ERCS chaotic system is a chaotic system with great potential application.

6.3.2Binary Watermark Image Encryption Algorithm Based on TD-ERCS Map

Binary image processing algorithm is simple and easy to understand and realize, and has fast calculation speed and other features. A lot of digital watermarking system uses binary image as the watermark information, so the watermark is more intuitive. Here, TD-ERCS chaotic map is used to encrypt the watermark image.

6.3.2.1TD-ERCS Map

TD-ERCS map is a new global two-dimensional discrete chaotic system. It is an ideal model for information encryption with zero correlation, stable probability distribution, and good randomness of the sequence. Set the system parameter μ(0 < μ < 1), initial values x0(–1 ≤ x0 ≤ 1) and α(0 < α < π), tangent delay m(m = 2, 3, 4, 5, 6, . . .). TD-ERCS map is described in Section 3.1.4. The system can generate two independent sequences xn (|xn| < 1) and kn (|kn| < 1).

6.3.2.2 Design of Encryption Algorithm

Double-precision floating-point number is used in TD-ERCS iteration, and the data format is shown in Figure 6.11. The data occupies 8 bytes of storage space, and it is composed of the following three parts:

If W is a binary watermark image, and the pixel size is M×N, the encryption algorithm is as follows:

where ⊕ is XOR operation. At the receiving end, input the same key, and by repeating the encryption algorithm, the image can be decrypted correctly.

6.3.3Performance Analysis of Encryption Algorithm

The security of encryption algorithm mainly depends on the key, while the key has a great relationship with the key space, the key sensitivity, and the complexity of the algorithm. Here we discuss the security of the algorithms.

6.3.3.1Key Sensitivity Analysis

To confirm the effectiveness of the algorithm, a watermark image with the size of 64 × 64 is selected. The key is set as μ = 0.7123, x0 = 0.7654, α = 1, 000, and m = 9. The encryption effect is shown in Figure 6.12. Figure 6.12(a) is the original image. Figure 6.12(b) is the encrypted image, and Figure 6.12(c) is the decrypted image with correct key. Figure 6.13 shows the sensitivity to the key. For decryption, the original watermark images are unable to be decrypted with small deviation of the key.

Figure 6.11: IEEE 754 double-precision binary floating-point format.

Figure 6.12: Image encryption and decryption: (a) original image; (b) encrypted image; and (c) decrypted image with correct key.

Figure 6.13: Decrypted image with wrong keys: (a) μ deviation with 10–16; (b) x0 deviation with 10–16; (c) α = 1, 001; and (d) m = 10.

where G(x, y) is the gray value of is the gray value of (x, y) at the four positions: up and down, and left and right.

If the size of the image is M × N, the average adjacent pixel difference of the image is described as

and adjacent pixel scrambling degree is defined by

where E and E ′ are the average adjacent pixel difference before and after scrambling, respectively. The range of GDD is (–1, 1). The larger the range is, the better the image scrambling is.

Figure 6.14 presents three binary images, and the sizes of them are 64 × 64. The evaluation of adjacent pixel scrambling is listed in Table 6.2.

E (GD(x, y)) is the average adjacent pixel difference of original image I. The value of E(GD(x, y)) is about 0.1, which shows that the original image has large pixel values in close smooth area, and the average gray difference of adjacent pixels is small. E′(GD(x, y)) is the average adjacent pixel difference of encrypted image I′. In Table 6.2, E′ (GD(x, y)) is greatly different from E (GD(x, y)), which indicates each pixel tends to have random distribution, and the average adjacent pixel difference varies greatly. GDD (I, I′) is larger than 0.5, which illustrates that the adjacent pixel scrambling degree is bigger, and the encryption effect is very well.

Figure 6.14: Binary images: (a) image a; (b) image b; and (c) image c.

6.3.3.3 Analysis of Anti-Brute-Force Attack

The user password is binary sequence K = kμkx0kαkm. kμ, kx0, and kα have the same data length. They are used to generate floating-point numbers μ, x0, and α. km is used to generate integer m. Let the length of km be 12 bits, and then m is generated by

If the computer word is 32 bits, and the precision (floating-point number) is 10–9, then the key space is about 1027 × 212 ≈ 1030, which is large enough to resist brute-force attacks.

The results of experiments and performance analysis show that the binary image watermarking encryption algorithm based on the TD-ERCS map is good with large key space, high key sensitivity, and high security. Therefore, if the encryption algorithm is applied to the watermarking algorithm, it can ensure the security of the watermark.

6.4Color Image Watermarking Algorithm Based on Chaotic Map and Wavelet Transform

As a new technology of copyright protection and content authentication, digital watermarking has become a hot topic. The application of chaos in digital watermarking technology mainly includes two aspects. One is the pretreatment of watermark information, such as the following: (1) digital watermark information is embedded into the image directly, (2) the watermark information is encrypted by chaotic sequence, and (3) binary image watermarking is encrypted or scrambled. The other is the watermark embedding process encryption, such as the choice of the position, intensity, etc.

In this section, a novel color image watermark algorithm based on discrete chaotic map and 2-D discrete wavelet transform is proposed. The proposed algorithm uses a meaningful binary image as the watermark, which increases the watermark provability. TD-ERCS discrete chaotic system and the commonly generalized Arnold map are used to encrypt the watermark image and determine the embedding position, which improves the security of the watermark image. The watermark is embedded by wavelet transform. Simulation experiments and performance analysis show that the proposed algorithm not only can resist some common image processing and noise interference, but also can resist the image shear, small rotation, histogram modification, and joint attack with good invisibility, robustness, and security.

6.4.1Wavelet Transformation Algorithm and Its Application

Wavelet transform is an ideal mathematical tool for local analysis, which has been widely used in signal analysis, speech synthesis, image recognition, computer vision, data compression, seismic exploration, and atmosphere and ocean analysis.

6.4.1.1Continuous Wavelet Transform

If ψ(x) is a real-valued function, and its spectrum (w) satisfies the condition

then ψ(x) is called a basic wavelet. ψ(x) is similar to impulse response of a band-pass filter. Assuming that a and b denote expansion and translation operation of ψ(x), respectively, then by the translation and expansion of the basic wavelet, the wavelet basis functions can be generated as

where a ∈ R, b ∈ R, a > 0.

If f(x) is a square integrable function, and f(x) ∈ L2(R), then the continuous wavelet transform of f(x) is defined as

It indicates the decomposition of f(x) on function Wf (a, b), and it also can be considered as f(x), which is filtered by using a band-pass filter. The wavelet inverse transform definition is

It should be noted that ψa,b(x) is not orthogonal, and it has very large redundancy. In addition, the basic wavelet is not unique.

6.4.1.2Two-Dimensional Discrete Wavelet Transform of Image

Digital image is a discrete two-dimensional signal. The common method for two-dimensional discrete wavelet transform is to let the two-dimensional scaling function be separated; that is,

where ϕ(x) is one-dimensional scaling function. If ψ(x) is the corresponding wavelet, then three two-dimensional basic wavelets are

The scaling function ϕ(x) can be treated as a low-pass filter, while the wavelet function ψ(x) is the high-pass filter of the same layer, and the function set is

It is the standard orthogonal on the basis of L2(R2), and j, l, m, and n are integers.

f0(x, y) is an image with the size N × N, and N is the power of 2. j is resolution parameter, and the scale is 2j. When j = 0, the scale of the original image is 1, and it is a resolution signal for zeroth layer. The resolution reduces by halve with the value j increasing by 1.

The two-dimensional discrete wavelet transform of an image is carried out as follows. In each layer of the transformation, the image is decomposed into four small images with same size. Each of them is obtained by the inner product of original image with a basic wavelet and 2 times interval sampling in x and y directions. The first layer (j = 1) wavelet transform is

For the transformation of subsequent levels (j > 1), four same interval samplings and filter operation are performed at each layer. is decomposed into four smaller images on the scale of 2j+1 in the same way. The inner product in the form of convolution is

Because the scaling function and the wavelet function are separable, each convolution can be decomposed into one-dimensional convolution on the row and column of as shown in Figure 6.15. h0 is the low-pass filter, and h1 is the high-pass filter. ↓2 is two times sampling, and is the low-frequency components after wavelet decomposition. and are the high-frequency detail components of horizontal, vertical, and diagonal directions, respectively.

Figure 6.15: Diagram of wavelet decomposition.

Figure 6.16: Diagram of inverse wavelet transform.

Figure 6.17: Three-level wavelet decomposition of image; (a) original image; (b) three-level wavelet decomposition; and (c) three-level wavelet decomposition structure.

Figure 6.18: Block diagram of watermark embedding and extraction.

According to eq. (6.22), the watermark is embedded into the blue component of the color image.

After the blue component of the color image is decomposed by three-levelwavelet, a low-frequency band and nine high-frequency bands are obtained. The watermark can be embedded into the low-frequency part or the high-frequency part of the wavelet domain [139]. Here, the encrypted watermark is randomly embedded into the four sub-bands of three-level wavelet decomposition in the blue component. The watermark is spread to the deepest frequency and high-frequency coefficients of the three level-wavelet decomposition.

6.4.2.3Selection of Wavelet Base Function

In the design of digital watermarking algorithm based on wavelet transform, the first question is how to choose proper wavelet base function to ensure the robustness and invisibility of the watermarking system. The wavelet base function determines the efficiency and effect of wavelet transform. Different wavelet has different properties, which will lead to the different distribution characteristics and the energy convergence characteristics of wavelet coefficients, and the robustness of the watermark is also different.

At present, biorthogonal wavelet is widely used in the image processing due to the characteristics of regularity, compactness, and symmetry. The research shows that the Harr wavelet has good performance, and it is a good choice in the digital watermarking algorithm. The Harr wavelet is defined as

Compared to other orthogonal wavelet bases, the Harr wavelet has some advantages as follows:

1. The support length is the shortest.
2. The computation complexity of decomposition and reconstruction is lower than that of other wavelets, and it results in the rapid implementation.
3. When the Mallat algorithm is used, the boundary extension is not required. There is no edge effect due to the limited length of the image signal.
4. When the image is divided into several mutual disjoint image blocks with the same size, each image block has a corresponding independent wavelet block, and these wavelet blocks do not intersect each other.

Based on the discussion above, we select Haar wavelet as the wavelet basis function.

6.4.2.4General Arnold Map

Arnold map is described as

where x mod 1 means only the decimal part of x is obtained. The phase space of (xn, yn) is limited in [0, 1] × [0, 1]. The matrix form of eq. (6.24) is

where C is a matrix, and |C| = 1. So Arnold map is a guaranteed area map. At the same time, the Arnold map is the one-to-one map. That is, each point in the unit matrix uniquely transforms to the other point within the unit matrix.

Now, we generalize the phase space of the Arnold map to be {0, 1, 2, . . . ,M – 1} × {0, 1, 2, . . . ,M – 1} and generalize the equation to be two-dimensional reversible area preserving equation, which is described as

where a, b, c, and d are positive integers, and the area preserving requires |C| = ad– bc = 1. Based on the condition, only three parameters of a, b, c, and d are independent.

The generalized Arnold map is still chaotic. We use the generalized Arnold map to generate the embedding position of the watermark. Taking the pixel coordinates (x, y) of the watermark image as initial values, and taking the three independent parameters and iteration number k of the coefficient matrix C as the key, the generated iterative results (x′, y′) are used as the embedding position of the watermark in (x, y). When iteration number is large enough, the corresponding embedding position will be greatly separated for any two adjacent watermark pixels.

6.4.2.5Watermark Embedding and Extracting Algorithm

H is the original host image with the size N × N, and W is binary watermark image with the size M × M. The watermark embedding algorithm is described as follows.

1. Blue component is extracted from the original color image. Wavelet decomposition coefficient is obtained by the three-level wavelet decomposition of the blue component. For l is wavelet decomposition level (l = 1, 2, 3), and θ = 0, 1, 2, 3 represent the wavelet coefficients of the low-frequency, horizontal, vertical, and diagonal directions, respectively. A new matrix with size (N/4)×(N/4) is got by merging the third-level coefficient matrix of the low-frequency, horizontal, vertical, and diagonal directions, and it is marked as F = {f(x, y), 1 ≤ x ≤ N/4, 1 ≤ y ≤ N/4}.
2. The watermark image W is encrypted by encryption algorithm based on TD-ERCS map. The encrypted watermark image is denoted by W′ = w′(i, j), 1 ≤ i ≤ M, 1 ≤ j ≤ M{.
3. Set the three independent parameters of generalized Arnold map and iteration numbers k.
4. For the watermark pixel w′(i, j), let x0 = i, y0 = j. The embedding position (p, q) in the matrix F is obtained by iteration k times of eq. (6.26).
5. Embed watermark. The watermark pixels are embedded into the selected wavelet coefficients according to

where f(p, q) is the original wavelet coefficient. f ′(p, q) is the wavelet coefficient after embedding watermark. θ = 0, 1, 2, 3 represent wavelet coefficients of low-frequency, horizontal, vertical, and diagonal directions, respectively. α and β indicate the intensity of embedding watermark, which is determined by the specific watermark and the original image, and it needs trade-off between invisibility and robustness of the watermark.

6.Repeat steps (4) and (5) until all the watermark pixels are embedded. After the three-level wavelet inverse transform is carried out by employing all the wavelet coefficients, the blue component image with embedded watermark is obtained. Finally the color image embedded with watermark is obtained.

The watermark extraction algorithm is described as follows.

H∗ is the image waiting for detecting. First, we extract blue component of H ∗, and then the blue component is decomposed by three-level wavelet. A new matrix marked as F ∗ = {f(x, y)} (where 1 ≤ x ≤ N /4, 1 ≤ y ≤ N /4) is obtained by merging the coefficient matrix of the low-frequency, horizontal, vertical, and diagonal directions in the third level. Refer to steps (3)–(5) of the watermark embedding algorithm; the embedding position of the watermark is obtained by using the same key. The formula for extracting watermark is

where is the mth extraction watermark pixel. f(p, q) is the wavelet coefficients of the original image. θ = 0, 1, 2, 3 represent wavelet coefficients of low-frequency, horizontal, vertical, and diagonal directions, respectively. α, β indicate the intensity of embedding watermark. After extracting the watermark information, it is decrypted by the TD-ERCS map and the correct watermark is recovered.

6.4.3Simulation and Performance Analysis

Based on Matlab platform, the watermark embedding and extraction is carried out on 24 bits true color Lena image with the size 512×512. The watermark image is the binary image with the size 64 × 64. The embedding strength is α = 41 and β = 59.

The performances of the algorithm are analyzed, including invisibility, robustness, and security. To evaluate the concealment of the algorithm, we employ the peak signal-noise ratio (PSNR). The PSNR of the color images is defined as

where

where X′(i, j) is the image with embedded watermark, and X (i, j) is the original image, 0 < i, j ≤ N. The bigger the PSNR is, the better the invisibility is.

The robustness evaluation is between the original watermark W and the extracted watermark W′. Here, the methods of visibility and normalized correlation coefficient (NC) are employed.

Visibility is evaluated by observing the difference between the original watermark and the extracted watermark. Normalized correlation coefficient is defined as

where W′(i, j) is the extracted watermark, and W(i, j) is the original image. Obviously, 0 ≤ NC ≤ 1. The greater the NC is, the better the similarity between the original watermark and the extracted watermark is.

6.4.3.1Invisibility

First, we test the invisibility of the watermark. Figure 6.19(a) is the original image, and Figure 6.19(c) is the embedded watermark image. Obviously, human eyes cannot distinguish the difference between them. The embedded watermark image has good subjective quality. The PSNR of the embedded watermark image is 38.8074 dB with good objective quality. Figure 6.19(b) is the original watermark, and Figure 6.19(d) is the extracted watermark. The normalized correlation coefficient NC = 1, which illustrates that the two watermarks are identical.

6.4.3.2Robustness

The robustness of watermarking algorithm is to test the anti-attack ability. The sharpening, distortion, histogram equalization, contrast enhancement, and mosaic effect are completed by Photoshop CS3 Adobe.

(1) Anti-JPEG compression attack

JPEG lossy compression is applied to Figure 6.19(c). The test results of anti-JPEG compression attack capability are shown in Table 6.3. Q is the quality factor, and its range is 0 ∼ 100. The larger the Q is, the less compression distortion the image is. NC is the normalized correlation coefficient. The watermark images with Q = 70, 50, and 30 are extracted as shown in Figure 6.20. It can be seen that when Q varies from 100 to 50, NC is bigger than 0.8, which means the watermark image and the original watermark image are basically the same. The extracted watermark is still clearly distinguished when Q = 30. So the algorithm has strong ability of resisting JPEG compression.

Figure 6.19: Watermark invisibility experiment: (a) original image; (b) original watermark; (c) embedded watermark image; and (d) extracted watermark.

(2) Antinoise attack

Figure 6.21 shows the noise attack test results. Figure 6.21(a) illustrates the watermark image and the extracted watermark from the 2% Gauss noise attack. The watermark image and the extracted watermark from the 4% salt-and-pepper noise attack are shown in Figure 6.21(b). The quality of the image has been seriously degraded, but we can still extract a clear watermark image. So the algorithm has a strong ability to resist noise attack.

Figure 6.20: Watermark image extracted from JPEG compression: (a) Q = 70; (b) Q = 50; and (c) Q = 30.

Figure 6.21: Experiments of antinoise attack: (a) watermark image and the extracted watermark from the 2% Gauss noise attack and (b) watermark image and the extracted watermark from the 4% salt-and-pepper noise attack.

Figure 6.22: Anti-filtering attack experiment: (a) extracted watermark after low-pass filtering experiment; (b) extracted watermark after median filtering experiment; and (c) extracted watermark after high-pass filtering experiment.

(3) Anti-filtering attack

The result of an anti-filtering attack is shown in Figure 6.22. When low-pass filtering, median filtering, and high-pass filtering are finished, the NC values are 1, 0.9976, and 0.9951, respectively.

(4) Anti-cutting attack

This algorithm is strongly robust to cutting. Figure 6.23 is the watermark image and the extracted watermark after cutting 1/4 or central 15% cutting. The NCs of Figure 6.23(a) and Figure 6.23(b) are 0.7956 and 0.8637, respectively.

(5) Anti-rotation attack

Rotation attack is the most representative geometric attack. As long as attacker makes a small geometric transform on the original image, such as the rotation of 0.1 degree, the pixel position almost changed completely. The owners cannot extract the watermark in the image, while people cannot see the difference between the attacked image and the original image. When the rotation angle is greater than 1, the human eyes can recognize the difference between the attacked image and the original image. At this situation, we can identify that the image has been tampered. The anti-rotation attack experiment results are shown in Figure 6.24. This algorithm can resist rotation attack with 0 to 0.6 degrees.

Besides the JPEG compression, noise attack, filtering attack, shear attack, rotation attack, and other common noise processing and attack, this algorithm can also resist histogram equalization, contrast enhancement, USM sharpening, distortion, mosaic effect, and some joint attacks. The experiment results are shown in Table 6.4.

6.4.3.3Security Analysis

The proposed watermarking algorithm has double security. On one hand, the attackers do not know the 3 independent parameters (a, b, and c) and iteration number k of the generalized Cat map. On the other hand, even though the correct watermark information is extracted, the original watermark image cannot be recovered without the TD-ERCS parameters (μ, x0, α, and m). The key is composed of (a, b, and c) and (μ, x0, α, and m), so the key space is large enough to resist the brute-force attack, and the algorithm has high security.

Figure 6.23: Anti-cutting attack experiment: (a) watermark image and the extracted watermark with 1/4 cutting of upper left corner and (b) watermark image and the extracted watermark with central 15% cutting.

Figure 6.24: Anti-rotation attack experiments: (a) watermark extracted from rotation with 0.2 degree; (b) watermark extracted from rotation with 0.4 degree; and (c) watermark extracted from rotation with 0.6 degree.

6.5Chaotic Image Encryption Algorithm

From the view of the data-processing methods, the image encryption technology can be divided into three categories: position replacement, value transformation, and its combination. From the view of signal processing, image encryption algorithm can be divided into spatial domain algorithm and frequency domain algorithm. Image encryption based on chaos is a kind of transformation of image data by employing chaotic sequence, which makes the visual difference between the transformed image and the original image. The visual difference here refers to the qualitative or quantitative differences in color, brightness, or outline. In this section, we focus on the chaos-based image encryption technique.

6.5.1Chaos-Based Image Encryption Technology

6.5.1.1Image Scrambling Based on Chaotic Map

Digital image scrambling transformation includes one-dimensional, two-dimensional, three-dimensional, and high-dimensional transformations. Objectively they should be one-to-one map, which means they are reversible transformations. The encryption can be achieved through the transformation, and the decryption can be achieved through the inverse transform. In order to provide a larger key space and a more efficient way to change the correlation between pixels, the encryption method based on high-dimensional chaotic systems has become a new research hotspot inrecent years. For designing a chaotic scrambling scheme, we should choose a suitable chaotic map. We think the following factors should be considered:

When choosing the encryption parameters, the structure and characteristics of the chaotic system need to be fully investigated. For example, the weak key should be removed, and the parameters range should be determined, and the key space should be as large as possible. The chaotic maps usually applied in image encryption include Kolmogorov flow, two-dimensional Cat map, and two-dimensional Baker map. Some scholars extend the two-dimensional map to the three-dimensional map. When the three-dimensional map is used to scramble pixel, the scrambling speed becomes faster.

In the chaotic scrambling, the sensitivity to initial conditions corresponds to chaotic plaintext sensitivity. The larger the location of the plaintext varies, the smaller the correlation between the two adjacent pixels is. So it is more difficult to attack by analyzing the correlation of pixels. Besides chaos-based pixel scrambling or spatial scrambling, we can also use chaotic sequences to scramble rows and columns of the image. Most image scrambling is carried out in the space domains. Scrambling damages the relationship between pixels in the image encryption, but it increases the encoding difficulty and reduces the compression rate. So there is a problem: How to combine image scrambling encryption with image compression effectively at present?

6.5.1.2Image Diffusion Based on Chaotic Sequences

Pixel position transformation does not change the pixel values. The statistics of the encryption image is poor, so it is not suitable to be used individually. Traditional encryption theory proposed a scheme of changing the image statistics by diffusion operation and combining the diffusion operation with the pixel scrambling. The diffusion operation can increase the ability of resisting differential attack and the chosen plaintext attack.

Diffusion is to transform change of a pixel to the other pixels, and it leads to the high sensitivity of the encryption system. There are two common methods about diffusion. One is the diffusion of 4 adjacent gray values in the image. The diffusion range increases by the power exponent of 4 with the increase of scrambling cycles. The other is the raster scanning. The diffusion speed is fast. It is realized by “mod and add” operation. The “mod operation” is designed to control the results in the range of pixel values, while the “add operation” is to achieve the transmission function by taking the former change to the next operation. The diffusion process can be expressed as

where Pi is the pixel value before diffusion. Ci is the pixel value after diffusion. L is the pixel gray value. To enhance the randomness of bit distribution, the XOR operation and chaotic sequence are generally introduced in diffusion algorithm, and then eq. (6.32) is rewritten as

where li(i = 1,2, . . .) is the processed chaotic sequence, which limits the range of pixel gray values. In recent years, the encryption scheme based on chaotic sequence is also developed rapidly. One-dimensional chaotic system is used widely, such as logistic map and PLCM map. But research results show that the security of the encryption based on low-dimensional chaotic systems is not high enough [140, 141]. Researchers have begun to focus on the high-dimensional chaotic systems.

Decryption is the symmetric inverse transform of encryption. The random distribution of the diffused image makes statistics attacks difficult. Plaintext sensitivity corresponds to the diffusion rate, and key sensitivity corresponds to the initial value sensitivity of the diffusion function.

6.5.1.3Comprehensive Selection of Chaotic System in Image Encryption

When we design a chaotic image encryption system, the selected chaotic system should be better than other chaotic systems in the following aspects:

After constructing a chaotic cipher system, it is necessary to carry out the cipher analysis and use cipher attacks to test the security of the system. Even passing all the known cipher attacks, the cipher system is not completely secure.

6.5.2A New Chaotic Image Encryption Scheme

In this section, a new image encryption scheme based on one-way coupled map lattice (OCML) and TD-ERCS chaotic system is studied. It combines pixel position scrambling with gray value substitution.

6.5.2.1Spatiotemporal Chaotic System

One-way coupled map lattice is a spatiotemporal chaos system, and it can be described as

where n is discrete time coordinate, n = 1, 2, 3, . . . , T (T is the length of time series). i is discrete space coordinate, i = 1, 2, 3, . . . , L (L is OCML lattice number). f is local chaotic map. εi is the coupling coefficient, 0 < εi < 1. In this section, we choose logistic map as the local chaotic map, and it is expressed as

where 0 ≤ λ ≤ 1, the initial value is a random number at (0, 1). If the entire OCML system satisfies the periodic boundary conditions xn(0) = xn(L), the space sequences and time sequences of the whole system are chaotic.

6.5.2.2Scrambling Image by Spatiotemporal Chaotic Sequences

Ref. [142]. proposed a chaotic image scrambling algorithm based on rank transform. The replacement address code is generated by the chaotic analog sequence without quantification of the chaotic sequence. It provides a new way for chaotic scrambling.

If the pixel is the basic unit, the scrambling is carried out by the mapping relationship between the pixel and x(i, n). The replacement address code requires to traverse all the addresses, so row-and-column scrambling method is applied to scramble the image. Suppose an image with size M×N, and let L = M, T = N, then a spatiotemporal matrix x with size M × N is obtained. Steps of row scrambling image matrix by x are as follows:

Figure 6.25: Image scrambling experiments: (a) original image; (b) scrambled image; (c) original image; and (d) scrambled image.

If L1(i) ⊕ L2(i) is an odd number, the encryption process is

where I (i) is pixel gray value of the image. C(i – 1) is the former encrypted ciphertext pixel value, and C(i) the later encrypted ciphertext pixel value.

If L1(i) ⊕ L2(i)is an even number, the decryption process is

If L1(i) ⊕ L2(i) is an odd number, the decryption process is

6.5.2.5Image Encryption Scheme

The image encryption scheme is shown in Figure 6.26.

Step 1Input seed parameters and two normalized sequences are generated by M iterations of the TD-ERCS system (pre iteration 100 times).

Figure 6.26: Block diagram of image encryption.

where p and q are gray values of the two adjacent pixels in the image, and cov (p, q) = E(p–E(p)(q–E(q)) is the covariance, where D(p) and D(q) are the variances. The correlations are calculated by randomly selecting 1,000 pair adjacent pixels from horizontal, vertical, and diagonal directions of the image, respectively. Table 6.5 lists the correlation coefficients of the original image and its encrypted image. The correlation coefficients of the encrypted images are very small, which indicates that no detectable correlations exist between the original image and its corresponding cipher image. The diffusion of the algorithm is good.

Figure 6.27: (a) Original image; (b) histogram of the original image; (c) encrypted image; and (d) Histogram of the encrypted image.

Figure 6.28: Key sensitivity analysis results: (a) encrypted image with μ = 0.73120000001 and (b) histogram of the decrypted image.