A Shuffle Image Encryption Algorithm Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

This chapter focuses about a literature review of the recent application designed by the previous researches. A discussion covers previous similar system developed. Besides that, studied have been carried out on encryption and decryption, hashing process and many more related that associates with this project.

This paper has presented a novel biometric key binding method, enhanced BioHash. Meng Ao and Stan Z. Li introduced the BioHash method and describe the NIR face based encryption algorithm. The method, when incorporated with NIR face biometric, enables face biometric based template protection, file encrypting and many other applications. The gain in security is proved by existing theory, with a little drop in recognition accuracy. In this paper, it develops an enhanced BioHash algorithm by imposing an NXOR mask onto the input to the subsequent error correcting code (ECC). Second, it present the NIR face based key binding for improving the security level of NIR faces recognition system. The BioHash is combined with ECC and NIR face features to enables reliable binding of face biometric features and the biometric key. Three BioHash algorithms or methods that used in this experiment are to convert a feature vector to a binary string. The first algorithm is by repeatedly converting a feature vector to a binary string by comparing it with a random vector with same length. Second algorithm is by calculating the dot product of the feature vector and several random vectors, and then comparing the dot product results with a threshold and Converting a feature vector to a binary string by calculating the range of arguments of the complex, which is generated by adding a random imaginary to the feature vector is the last algorithm that used in this experiment. The three BioHash algorithms that implement also known as a Biohash 1, BioHash 2 and BioHash 3 respectively. Between the three BioHash algorithms, BioHash 1 is advantageous in that a binary string that generates much longer than the others and it easy to calculate. With a longer binary string, it can bind into longer key, which increases the security of system. For the NIR face based key binding, it needs a face encryption system. Error correcting code (ECC) is usually needed to solve the problem incurred by variation in biometric features. The ECC based method requires that the biometric module be able to achieve a minimum performance that is associated with the ability ranger of ECC. The stability of NIR face features can satisfy this requirement of ECC. When the key binding method is introduced into a face recognition system, the enrollment and recognition processes are both changed. The experiments are done to compare the performance of the original NIR face features algorithm and the enhanced BioHash binary strings with face key binding incorporated. The purpose is to evaluate how much sacrifice in recognition accuracy the system has to pay for the gained security. The gain in security is proved by existing theory, with a little drop in recognition accuracy. [5]

A Shuffle Image-Encryption Algorithm written by Abdelfatah A. Yahya and Ayman M. Abdalla (2008) [6]

A new encryption algorithm was presented by Abdelfatah A. Yahya and Ayman M. Abdalla. The algorithm, Shuffle Encryption Algorithm, SEA uses the s-box non-linear byte substitution used by other cipher algorithms, such as Advanced Encryption Standard, AES. Then, it applies a linear byte-shuffling operation. Statistical analysis using histograms, correlation and covariance showed SEA is not vulnerable to statistical attacks. In addition, the huge number of possible keys makes a brute-force attack on SEA impossible. The AES uses byte substitution using a table called s-box. More s-box construction methods were developed later. AES may also be implemented efficiently on smart cards. Some studies were made on image encryption using AES and using matrix transformation. The security of AES was demonstrated by its resistance to attacks when it was applied with ten or more rounds using a key of at least 128 bits. This algorithm takes an image and a key that consist of k numbers as an input. The first step is an s-box substitution table constructed to perform two transformation where are multiplicative inverse and affine transformation. Then, a shuffle vector is constructed by listing the numbers of bytes with the value of bit number fixBit equal to zero, followed by the numbers of bytes with the value of bit number fixBit equal to one. This vector gives a mapping that specifies the new location of each byte in the image. Finally, a different byte substitution is performed using the s-box table. Each round, after the first, uses a different fixBit and applies the same steps to the image that resulted from the preceding round. Note that the value of fixBit can be represented by three bits, which makes the length of the key 3k bits.The decryption algorithm is similar to the encryption algorithm, but with replacing the shuffle operation with its inverse and using the inverse s-box substitution at the beginning of the iteration. This decryption restores the original image without loss of quality. The security of SEA comes from the shuffle operation and the nonlinear s-box byte substitution. If one or more bits in the key are changed, a different shuffle bit is chosen and the substitution is changed. When the same key was used for encrypting different images using SEA, it generated different shuffle vectors based on the values of selected bits in the new image, which resulted in producing different encrypted images. When different keys were used with the same image, they produced different encrypted images. In addition, analysis using histograms, covariance and correlation show properties of SEA that strongly resist statistical attacks. The security properties demonstrated by the above analysis imply the algorithm's security in general. The SEA algorithm may be combined with an algorithm that changes the contents of the cache by not allowing any data items to remain in the cache for too long. Such algorithms succeeded in preventing cache timing attacks on AES and other algorithms, and therefore they can help SEA. [6]

BioHashing for securing fingerprint minutiae templates written by Rima Belguechi, Christophe Rosenberger, and Samy Ait Aoudia [7]

The novelty of the proposed method by Belguechi. R, Rosenberger. C and Ait-Aoudia. S is to protect minutiae templates with BioHashing. The use of minutiae is much conforms to existing databases. BioHashing is a strongly cancelable and it is mathematically proven to be non-invertible. In worst case, when the token is stolen, it is enhanced results compared to some published methods but still believe that this is insufficient. The main criteria that considered in this paper when dealing with a protection scheme are performance, non-invertibility and cancelability or diversity. In order to overcome the dependence on reference point and to increase the robustness of recognition, the idea is to represent each minutia by its FingerCode and to protect each FingerCode by the BioHashing process. The steps of the proposal system that used are feature computation and feature mathing where in feature computation, it included the extract minutiae template from the raw image, compute for each minutia its FingerCode and process BioHashing to each MinuCode. Minutiae template protection by BioHashing only BioCodes will be stored for matching. For feature matching step, it followed the correct rotation deformation, process BioHashing to the set of fresh MinuCodes and it perform the local matching algorithm between the two template maps. To evaluate the performance of the system, a public-domain fingerprint database is used, namely the FVC2002-DB2. This database consists of 800 images of 100 fingers with 8 impressions per finger obtained using an optical sensor. 2 out of 8 impressions for each finger in FVC2002 have an exaggerate displacement in core point, these two impressions were excluded, and hence, there are only 6 impressions per finger yielding 600 images in total. For experimental analysis of cancelability or diversity it lost a token on database, the template should be able to cancel and assuring diversity which means , that the difficulties in guessing one of secure template given by the another secure template. Another analysis in this experiment is about security of the template. The proof of the non-invertibility property of BioHash has been done in the past experiment. So here, it just considers a brute force attack when the impostor does not have any knowledge of genuine BioCode or token. The complexity to guess the BioCode is at minimum equal and this is sufficiently hard to compute. [7]

2.4 Weihai Li; Yuan Yuan; "Improving security of an image encryption algorithm based on chaotic circular shift," Systems, Man and Cybernetics, 2009 [10]

This paper analyses the security of a recently proposed image encryption algorithm, called CCSE algorithm. This algorithm proposed by Weihai Li and Yuan Yuan based on chaotic circular bit shift. Although the algorithm is sensitive to key, and generated key streams have good statistical distribution, it cannot resist chosen-plaintext attack or difference attack. Also the key space is not stable. Some attack examples are introduced. An improved CCSE algorithm is also proposed in this paper. This algorithm has flexible-controlled variable key space, and very good avalanche effect. By implementing diffusion and confusion principles, the improved algorithm is secure against chosen-plaintext attack, chosen-ciphertext attack, and difference attack. The computation cost for each pixel is only two circular bit shifts and one permutation. CCSE algorithm is divided into four major processes where encryption, decryption, secret key and statistics of ciphertext image are. For encryption process, it have two stages to encrypt the image where are permutation and substitution. For permutation stage, row permutated and column permutated are adopted according to two streams which generated from Logistic chaotic systems. In the substitution stage, value of each pixel is circular bit shifted according to two streams which are generated from Logistic chaotic systems. Decryption process is similarly with the encryption process, but the permutation stage is replaced by inverse permutation and directions of circular bit shift are reversed. Weihai Li and Yuan Yuan proposed some improvement to enhance security of CCSE algorithm. To improve this algorithm, key stream generator, encryption, decryption and security needs to analyze in this experiment. In encryption, there are two procedures to improved enhance security where permutation and substitution. This algorithm has flexible-controlled variable key space, and very good avalanche effect. By implementing diffusion and confusion principles, the improved algorithm is secure against chosen-plaintext attack, chosen ciphertext attack, and difference attack. The computation cost for each pixel is only two circular bit shifts and one permutation. [10]

2.5 Encryption and Decryption of Image [2]

In cryptography, encryption is the process of transforming information and also known as plaintext that using an algorithm to make it unreadable to anyone except those possessing special knowledge that usually referred as a key. The result of the process is encrypted information referred to ciphertext in cryptography. In many contexts, the word encryption also implicitly refers to the reverse process, decryption where it makes the encrypted information readable [2]. Encryption refers to algorithmic schemes that encode plain text into non-readable form or cyphertext to provide privacy. The receiver of the encrypted text uses a "key" to decrypt the message, returning it to its original plain text form. The key is the trigger mechanism to the encryption algorithm. Encryption was rarely used by the public, but was largely a military tool until the advent of the Internet. Today, with online marketing, banking, healthcare and other services, even the average householder is aware of encryption [13].

Nowadays, encryption used to protect data such as files on computers and storage devices. In recent years, there have been numerous reports of confidential data such as customers' personal records being exposed through loss or theft of laptops or backup drives. Encryption is also used to protect data in transit, for example data being transferred via networks such as the Internet and e-commerce, mobile telephones, wireless microphones, wireless intercom systems, Bluetooth devices and bank automatic teller machines. There have been numerous reports of data in transit being intercepted in recent years. Encrypting data in transit also helps to secure it as it is often difficult to physically secure all access to networks. [10].

One of the earliest public key encryption applications was called Pretty Good Privacy (PGP). It was written in 1991 by Phil Zimmermann and was purchased by Network Associates and now known as PGP Corporation in 1997. There are a number of reasons why an encryption product may not be suitable in all cases. First, e-mail must be digitally signed at the point it was created to provide non-repudiation for some legal purposes, otherwise the sender could argue that it was tampered with after it left their computer but before it was encrypted at a gateway. An encryption product may also not be practical when mobile users need to send e-mail from outside the corporate network. [10]

Encryption schemes are categorized as symmetric or asymmetric. Symmetric key algorithms work with a single prearranged key that is shared between sender and receiver such as Blowfish, AES and DES [13]. This key belongs to both encrypts and decrypts text. In asymmetric encryption schemes, such as RSA and Diffie-Hellman, the scheme created a "key pair" for the user. The types of "key pair" are a public key and a private key. The public key can be published online for senders to use to encrypt text that will be sent to the owner of the public key. Once it encrypted, the cyphertext cannot be decrypted except by the one who holds the private key of that key pair. This algorithm is based around the two keys working in conjunction with each other. Asymmetric encryption is considered one step more secure than symmetric encryption, because the decryption key can be kept private. [13]

2.5.1 Encryption Solution

Public key encryption also known as asymmetric encryption that uses two keys, one for encryption and the other one for decryption of data. It is made more secure. If someone encrypts files more than occasionally, it might consider keeping all sensitive files in a single folder and encrypting the folder instead. Encryption options typically include the choice to automatically wipe the original file after the encryption process has completed. [14]

2.5.2 What Are The Different Types Of Encryption Methods?

There are three basic of encryption methods which are hashing, symmetric cryptography, and asymmetric cryptography. Each type of these encryption methods has their own usage, advantages, and disadvantages. All three of these encryption methods use cryptography or the science of scrambling data. Cryptography is used to change readable text, called plaintext, into an unreadable secret format that called ciphertext using a process called encryption. Encrypting data provides additional benefits besides that to protect the confidentiality of data. The other benefits are including ensuring that messages have not been altered during transit and verifying the identity of the message sender. All these benefits can be realized by using basic encryption methods. [18]

The first encryption method is called hashing. Hashing method is created a unique fixed length signature of a group of data. Hashes are created with an algorithm, or hash function that used to compare sets of data. Since a hash is unique to a specific message, any changes to the message would result in a different hash, thereby alerting a user to potential tampering. The difference between hashing method and the others two encryption methods is once the hash data is encrypted, the process cannot be reversed or deciphered. This means that, even if a potential attacker were able to obtain a hash, it would not be able to use a decryption method to discover the contents of the original message. Some common hashing algorithms are Message Digest 5 (MD5) and Secure Hashing Algorithm (SHA). [18]

Symmetric cryptography which also known as private-key cryptography, is the second encryption method. The term "private key" comes from the fact that the key used to encrypt and decrypt data must remain secure because when someone accesses the data with the right key, it can read the coded messages. This encryption method can be categorized as either a stream cipher or a block cipher, depending upon the amount of data being encrypted or decrypted at a time. A stream cipher encrypts data with one character at a time while a block cipher processes fixed chunks of data. Common symmetric encryption algorithms include Data Encryption Standard (DES), Advanced Encryption Standard (AES), International Data Encryption Algorithm (IDEA), and Blowfish. [18]

Asymmetric or public key cryptography is the last encryption method. This type of cryptography uses two keys, a private key and a public key. By using this two key, it can perform encryption and decryption process. The use of two keys overcomes a major weakness in symmetric key cryptography in that a single key does not need to be securely managed among multiple users. In asymmetric cryptography, a public key is freely available to everyone while the private key remains with receiver of ciphertext to decrypt messages. The algorithms that used public key cryptography include RSA and Diffie-Hellman. [18]

2.6 Hashing

Hashing represents the original string that transforms from a string of characters into a shorter fixed-length value or key. This method usually used to index and retrieve items in database because it works very fast to find the item using the shorter hashed key than the original value. Encryption algorithms normally used this method to protect the items. [9]

Hashing is a method that produced hash values for accessed data or for security. A hash value is a number that generated from a string of a text. The hashing is substantially smaller than the text itself, and it's generated by a formula in such a way that extremely unlikely that some other text will produce the same hash value. Hashing play a role in security systems where used to ensure that transmitted messages have not been tampered with. The sender generated a hash of the message, encrypts it, and sends it with the message itself. The recipient then decrypts both the message and the hash. After that, it's produced another hash from the received message, and compared the two hashes. If the two hashes are same, there is a very high probability that the message was transmitted are very strong. [12]

2.6.1 What is a Hashing Algorithm? [20]

Hashing algorithm has been used for a decade by computer programmers. These algorithms are typically used in the areas of security, data access, or data validation. Hashing algorithm is a mathematical function that converts a variable-length string of characters into a fixed numerical value. There are multiple types of algorithms that available today and each type is designed for a specific purpose. A hash algorithm, commonly known as a hash function, is a mathematical procedure that used in computer programming to turn a large section of data into a smaller symbol [21]. This smaller symbol knew as a hash key. Hash algorithms occur in large databases of information. Each data are assigned in a hash key, which is a short symbol or code that represents it. [20]

The first technique of hashing was created as a method to improve performance in computer systems. Hashing value represents the numerical characters of data. Numerical data has faster processing characteristics when searching through files of data. Within the database management system (DBMS), many commercial databases used hash files as a method of indexing data. Sensitive computer data used the process of hashing as a method to protect itself. Hashed data required an encryption program that can convert the hash data back into a format that can be understood by human interpretation. It is impossible to describe an encrypted data file without knowing the original hashing algorithm. Hashing algorithm required special keys that are used to encode and decode the data. These special keys are the secret ingredient for making encryption become more complex. The encryption key can be in range from 64 bits to 256 bits. As the size of the bits increases, the complexity of the hashing algorithm becomes more difficult to break. [20]

2.6.2 Hash Function

This function is a mathematical function that creates a hash value from a set of character strings. It is important to safeguard against hash collisions when creating a hash function. Unfortunately, a hashing algorithm may create the same hash value with a different set of character data. This will cause a collision because two sets of data will have the same hash key. Data encryption is one of the primary safeguards against intruders and malicious activities. The science of data encryption is known as cryptography. A hashing algorithm can convert's the standard data into an encrypted format. There are many security types of hashing algorithms available today. Each function has a different complexity level for purposes of security. [20] Hash algorithm is implemented for sensitive applications. [17]

2.6.3 What are Hash Files? [16]

Computer security is an important aspect for the most businesses and institutions. Many of organizations have used this process of hashing data into hash files to encrypt the important data. Hash files are a file that has been converted into a numerical variable-length string of characters into a fixed numerical value by a mathematical algorithm. Hash data is a numerical of characters that represent the data and is not easy for a human to interpret the data. This data can only understood after it has unencrypted with a hash key. The process of hashing is the mathematically conversion of a string characters into a smaller value that typically called as a hash key. The small value represents the original character string after it has been encrypted. Hashing is often used in databases as a method of creating an index because hashed values are smaller than strings. Therefore, the database can performs reading and writing functions faster. [16]

Hash files are commonly used as a method to verify the file size. This method is called check-sum verification. When a file is sent over the network, it must be broken into small pieces and reassembled after it reaches its destination. In this situation, the hash number represents the size of the data in a file. Then, the hash method can be used as a tool for validating the entire file that was successfully transmitted over the network. The first hash procedure was created in the 1950s as a method of speeding up the computer access. To create a hash files, it's required a hash function, which is a mathematical algorithm. There are many types of hash algorithms that available today in computer engineering. These algorithms vary in complexity, but all seek to manipulate strings of text and convert them into numbers. Most law enforcement agencies used hash files to store important fingerprint information. The fingerprint technology available today used hash files and functions to capture the images of each fingerprint. These fingerprint images are converted into a numerical format and stored in law enforcement databases. The United States Department of Justice (DOJ) maintains one of the largest fingerprint databases in the United States. These fingerprints include all known criminals within the United States and are stored by using hash technology. [16]

Hash technology is used as a security device in between computers on the Internet. Computer certificates are the encrypted keys that exchanged between computers and software over the computer network. These keys identify a computer as a trusted recipient of a software program. The hash function is used for inspecting and verifying that the correct key is owned by the specific computer. This key technology has been available for many years ago as a technique to verify computers before the information is sent over the Internet. [16]

2.6.4 Hash Encryption [19]

In order to make searching faster and more efficient in databases, hashes are used frequently. To ensure that passwords are not compromised and to authenticate digital signatures, the computer programmers also used in encryption among the uses. It can save time when searching through a large database by using short keys. Enter the user key code and a hash function to find the corresponding hash values in a database. Besides that, it used in some encryption and decryption functions. [19]


MATLAB stands for Matrix Laboratory and it is a "technical computing environment" according to the Mathworks [22]. MATLAB allows matrix manipulations, plotting of functions and data, implementation of algorithms, creation of user interfaces, and interfacing with programs written in other languages, including C, C++, and Fortran [11].

In 2004, MATLAB had around one million users across industry and academic. MATLAB users come from various backgrounds of engineering, science, and economics. MATLAB is widely used in academic and research institutions as well as industrial enterprises. The MATLAB application is built around the MATLAB language. The simplest way to execute MATLAB code is to type it in the Command Window, which is one of the elements of the MATLAB Desktop. When code is entered in the Command Window, MATLAB can be used as an interactive mathematical shell. Sequences of commands can be saved in a text file, typically using the MATLAB Editor, as a script or encapsulated into a function, extending the commands available. [11]

MATLAB supports elements of lambda-calculus by introducing function handles, or function references, which are implemented either in .m files or anonymous/nested functions. MATLAB also carries secondary programming which incorporates the MATLAB standard code into a more user friendly way to represent a function or system. MATLAB supports classes. However, the syntax and calling conventions are significantly different than in other languages, because MATLAB does not have reference data types. For example, a call to a method cannot normally alter any variables of object variable. To create an impression that the method alters the state of variable, MATLAB toolboxes use evalin() command, which has its own restrictions. MATLAB's also support for object-oriented programming includes classes, inheritance, virtual dispatch, packages, pass-by-value semantics, and pass-by-reference semantics. [11]

Figure 2.1: MATLAB® screenshot.