Chaotic Progressive Access Control for JPEG2000 Images Repositories

June 5, 2017 | Autor: Noureddine Boudriga | Categoria: Quantum Computing, Artificial Intelligence, Environmental Education, Machine Learning, Data Mining, Network Security, Access Control, Wireless Sensor Networks, Cryptography, Chaotic cryptography, Cloud Computing, Digital Image Processing, Java, Smart spaces, Indigenous knowledge systems, Cyber Physical Systems, Complex Event Processing, Wavelet Transform, Wavelet Transforms, Cyber Security, Semantic Computing, Chaotic Map, Unimodal Maps, JPEG, Authorisation, Permutation Only Ciphers, Substitution Permutation Networks, Image Compression Location Based Approach, CBNRM, Education for Sustainable Development, Encryption Algorithms, Arnold Map, Secure Image Transmission, Access Control Schemes, Decryption Process, Gray Levels, Image Codestreams, Digital Image Storage, VoIP/SIP/IMS, Distributed Information Systems, RFID and Sensor Networks, Open Source Technologies, Wild/Indigenous & Traditional Food Plants, Traditional Agrobiodiversity Conservation, Food Sovereignty & Food Security, Discrete Fractional Fourier Transform, Wavelet Transform and Filter Banks, Digital Signal Processing and Its Applications, Sensor Array Signal Processing, Two Dimensional Digital Filters, Topological Entropy, Packet Analysis, Server Operating Systems, NET Software Development, Network Security, Access Control, Wireless Sensor Networks, Cryptography, Chaotic cryptography, Cloud Computing, Digital Image Processing, Java, Smart spaces, Indigenous knowledge systems, Cyber Physical Systems, Complex Event Processing, Wavelet Transform, Wavelet Transforms, Cyber Security, Semantic Computing, Chaotic Map, Unimodal Maps, JPEG, Authorisation, Permutation Only Ciphers, Substitution Permutation Networks, Image Compression Location Based Approach, CBNRM, Education for Sustainable Development, Encryption Algorithms, Arnold Map, Secure Image Transmission, Access Control Schemes, Decryption Process, Gray Levels, Image Codestreams, Digital Image Storage, VoIP/SIP/IMS, Distributed Information Systems, RFID and Sensor Networks, Open Source Technologies, Wild/Indigenous & Traditional Food Plants, Traditional Agrobiodiversity Conservation, Food Sovereignty & Food Security, Discrete Fractional Fourier Transform, Wavelet Transform and Filter Banks, Digital Signal Processing and Its Applications, Sensor Array Signal Processing, Two Dimensional Digital Filters, Topological Entropy, Packet Analysis, Server Operating Systems, NET Software Development
Share Embed


Descrição do Produto

Chaotic Progressive Access Control for JPEG2000 Images Repositories Mohamed Hamdi and Noureddine Boudriga Communication Networks and Security Research Lab. University of 7th of November at Carthage, Tunisia Abstract—The paper proposes a progressive access control scheme for JPEG2000 image codestreams based on chaotic maps. The access control scheme provides the possibility to access partially decrypted images from a single encrypted JPEG 2000 stream. The underlying encryption algorithm is based on chaotic permutations of pixel gray levels, positions, and wavelet filter coefficients. Depending on the key provided to the user, the decryption process will stop at a given resolution. The two major characteristics of the access control scheme is that it provides a unifying encryption-compression approach and is fully compliant with the JPEG 2000 encoding process.

Keywords Access control, chaotic ciphers, secure image transmission, wavelet transform, Arnold map. I. I NTRODUCTION JPEG2000 [1], which has been established by the Joint Photographic Expert group, is the most used standard for image compression. One of its major features is progressive decryption, meaning that the encoded image can be extracted at different resolutions. This allows adapting the quality of the decompressed image to the transmission bit rate. Recently, several approaches exploiting the hierarchical structure of JPEG2000 codestreams to implement securityrelated functionalities have been proposed in the literature. A new standard, called JPEG2000 Secured (JPSEC) [2] has been developed. One security service emphasized by JPSEC is conditional access control, which is used for access control by resolution. This concept basically relies on progressive encryption algorithms, which encrypt every resolution of the JPEG2000 codestream with a different sub-key. Several access control mechanisms based on JPSEC have been proposed in the literature [7], [8]. The major disadvantage of such approaches is that they do not fully integrate compression int he progressive encryption process. In other terms, they are applied a posteriori with respect to the hierarchical transform (more details are given in Section II). In this paper, we develop a novel access control approach for JPEG2000 based on chaotic progressive coding. The major feature of our approach is that it relies on a progressive encryption system developed by the authors in [3], called CHAOSLET, which implements a unifying encryptioncompression process by involving the wavelet filters in the ciphering algorithm. The access control approach also uses a novel progressive encryption algorithm introduced by the authors in [4] for image transmission over broadband satellite links. At every stage of the hierarchical decomposition, a different wavelet filter is used. Moreover, the codestream

corresponding to every resolution is encrypted through the use of pixel position and gray level permutations. This clearly enhances the robustness of the existing approaches because an intermediate non-trusted node should not only decrypt the wavelet coefficients but also recover the wavelet filters used to implement the hierarchical transform. To develop our cryptosystem, we introduce a novel theory of multi-dimensional chaotic maps. These chaotic functions should be at least 4D so that: (a) the two first dimensions serve to build random permutations on pixel positions; (b) the third dimension is used to permute gray levels; and (c) the remaining dimensions are used to build the chaotic wavelet transform. The organization of this paper is as follows. Section II reviews the most important aspects of JPSEC-based access control. Section III describes the hierarchical chaotic transform used to implement our access control approach and shows how an extended use of the JPSEC markers can be used to enforce multi-level access control on image repositories. A security analysis is carried out in Section IV to show the practical efficiency of the proposed framework. Finally, Section V concludes the paper. II. S TATE - OF - THE - ART OF JPSEC- RELATED ACCESS CONTROL MECHANISMS

JPSEC defines an open and flexible framework for secure imaging. Through the use of protector applications, it enables the implementation of security tools supporting a number of security services including confidentiality, integrity, source authentication, conditional access, secure scalable streaming, and registered content identification. In order to secure an image, it applies one or more JPSEC protection tools (e.g. encryption, digital signature,). The resulting JPSEC codestream is generated by inserting in the stream the corresponding JPSEC syntax, signaling the JPSEC tools which have been used and how they have been applied to the image. As illustrated by Figure II.1, the JPSEC tools fall into two categories. The first category encompasses well-known cryptographic methods such as AES, DES, 3DES, RC4, RSA, MD5, SHA-1, etc In this case, a number of templates are defined in order to specify method specific parameters. The tools in this category are therefore referred to as template protection tools. The syntax contains all the required information relative to the protection tool and how it has been applied. It is therefore sufficient to enable a JPSEC application to unprotect the image data. The second category consists of

978-1-4244-2324-8/08/$25.00 © 2008 IEEE. This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the IEEE "GLOBECOM" 2008 proceedings.

III. A NOVEL CHAOTIC HIERARCHICAL TRANSFORM FOR IMAGE ENCRYPTION AND COMPRESSION

The increasing use of sophisticated sensing technology has consistently enhanced the quality of the available images at the cost of increasing their size. Hence, the secure transmission of such images is a challenging issue even in high-speed modern networks. In this section, we first review the concept of second generation wavelets, which have been used for image compression as part of the JPEG 2000 standard. Then, we develop a hierarchical wavelet transform which unifies the chaotic encryption algorithm and the progressive compression scheme proposed by the authors in [3] and [4]; respectively. Fig. II.1.

The JPSEC framework [5].

proprietary tools. These tools have to be registered with the JPSEC Registration Authority (RA), they are then referred to as registration authority protection tools. For the sake of parsimony, we do not discuss the JPSEC syntax in this section. The interested reader would refer to [6] more details about this issue. Several access control mechanisms exploiting the progressive encryption features of JPSEC have been recently proposed in the literature. Wu et al. developed an authentication and access control framework based on the incremental application of hash functions to JPEG 2000 packets. The RSA algorithm is also used to perform signature operations. This approach uses the Embedded Block Coding with Optimal Truncation (EBCOT) mechanism to discard JPEG 2000 packets in a manner to fit the bandwidth requirements of the network. To access truncated codestreams, the user should interact with an on-line key server to obtain the appropriate key. In [8], two access control mechanisms are introduced: packet-based access control and resolution-based access control. These techniques basically rely on the selection of the Granularity Level (GL) field of the SEC marker defined in JPEG 2000. Both of the aforementioned approaches exhibit severe limitations which are listed in the following: • All of the proposed access control mechanisms do not effectively merge the encryption and compression processes. The image is first encoded using the traditional JPEG 2000 algorithms. JPSEC is then applied on the resulting codestream. In other terms, the use of JPSEC is limited to the indication of the encryption tools, the zone of interest, and the granularity level in the JPEG 2000 packet header. • The performance of the proposed approaches has not been assessed using accurate metrics. Even the comparative study of wavelet-based encryption methods conducted in [9] has been restricted to the evaluation of the key space size, which is not sufficient for a rigorous evaluation. • The cryptographic algorithms used to encipher JPEG 2000 packets (e.g., hash functions, RSA) are not specifically developed for image data. It has been indicated in [10] that these algorithms are not suitable for multimedia encryption.

A. Second generation wavelets for JPEG 2000 compression The second generation wavelet transform [11], also known as the lifting scheme, introduces new insights related to lossless compression. Generally, a compression process basically includes a decorrelating transform and entropy coder. The wavelet transform is used in the first phase in order to minimize the spatial correlation between pixels. The lifting scheme, which is a special construction of the wavelet transform, is performed in three steps. At a scale j, given a discrete signal xj = (xj (n)n∈N ), the basic idea consists in splitting it into polyphase components (i.e., corresponding to odd and even indices), and in predicting odd components by using even components. This basically allows to minimize the intrinsic redundancy caused by the homogeneity of the captured scene. Finally, an update step is conducted in order to preserve the properties of the original image. These steps are formally explained in the following steps. 1) Split: The set of initial coefficients xj = (xj (n)n∈N ) = is divided into two different subsets xoj (xj (2n + 1)n∈N ) and xej = (xj (2n)n∈N ). 2) Predict: The set xoj is updated by subtracting some predicted values derived from the set xej ; in other terms, xoj+1 (n) = xoj (n) − P(xej )(n). 3) Update: The same filtering operation is applied to xej with another predictor P 0 . In other terms xej+1 (n) = xej (n) − P 0 (xoj )(n). The extension of this transform to 2-D signals is straightforward: the lifting steps are iteratively applied to the rows and the columns of the image. In our work, we propose to modify the traditional compression process in order to support advanced encryption functionalities. Supposing that S is the number of wavelet steps, we propose to use different parameters for the prediction filter at each step s ∈ {1, .., S}. These parameters can be selected based on a chaotic strategy as it will be described in the following subsection. B. Encryption process The unifying compression-encryption scheme should be implemented according to Figure III.1. This process scrambles not only pixel positions and gray levels (as for the existing image encryption approaches), but also the predictors used

978-1-4244-2324-8/08/$25.00 © 2008 IEEE. This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the IEEE "GLOBECOM" 2008 proceedings.

encryption key and will be discussed in the following section). If (x0 , y0 ) represents the pixel position and z0 is the corresponding gray level, β1 satisfies: (x0 , y0 , z0 , β1 ) := f ◦ ... ◦ f (x0 , y0 , z0 , 1) . | {z }

(III.4)

p times

W This iteration generates four H 2 × 2 sub-images LL1 , HL1 , LH1 , and HH1 . 2) ith iteration: The process described above is repeated by computing βj such that

(xj , yj , zj , β1 ) := f ◦ ... ◦ f (xj , yj , zj , βj−1 ) . (III.5) | {z } p times

Fig. III.1.

Unifying compression-encryption process.

to perform the second generation wavelet transform. To this purpose, a m-dimensional chaotic function should be used. Effectively, the choice of the dimension m depends on the wavelet transform used to encrypt the image data. Supposing that o denotes the order of the filter P(.) mentioned in the foregoing subsection, the dimension m of the chaotic map used in the encryption process should equal o + 3. In fact: • Two dimensions should be used for chaotic pixel position permutation (one dimension for rows, the other for columns), • The third dimension is used to scramble the gray level of the image, • The remaining o dimensions are used to select different coefficients for the filter P(.) at each iteration of the wavelet decomposition process. To highlight the difference between chaotic encryption and traditional JPEG 2000 encoding, we discuss a simple example. Supposing that the order of P(.) is 2, the wavelet decomposition, as defined in the JPEG 2000 standard, would be: xej (n) + xej (n + 1) . (III.1) P(xej )(n) = 2 In our case, we use difference predictor Pj (.) at each resolution j. To this end, we define a parameter βj such that: P(xej )(n) = βj xej (n) + (1 − βj )xej (n + 1),

(III.2)

where βj ∈ [0, 1]. The variation of βj according to the resolution j is controlled with the last coefficient of the chaotic map (that should be four-dimensional in this case). Denoting by f(., ., ., .) this chaotic function (an example of 4-D chaotic function has been defined by the authors in [3]), the encryption process is better explained by the three following steps. 1) First iteration: The first iteration consists in applying the wavelet transform to the original image I(., .) with a prediction filter P1 given by: P1 (xej )(n)

=

β1 xej (n)

+ (1 −

β1 )xej (n + 1),

(III.3)

where β1 ∈ [0, 1] is obtained by iterating t times the chaotic map f(., ., ., .) (t is a parameter included in the

The resulting image is denoted Ii (., .) where the approximation image LLi is of size 21i × 21i . 3) S th iteration: Having obtained the image IS (., .) where the approximation image is of size 21S × 21S , the traditional 3-D Arnold map is performed to mix the pixel positions as well as the image gray levels. C. Chaotic progressive access control The encryption process described in the previous section defines an access control framework that has two principal features: 1) The user can access a specific resolution of the image depending on the decryption key, 2) Different encryption levels can be applied to specific zones of the image. The second feature is particularly helpful in target tracking applications where the user needs refined information about the sub-zone where the object of interest is present. Coarse information about the other zones can therefore be provided by the server that broadcasts the JPEG 2000 stream. This reasoning extends the multi-resolution compression algorithm developed by the authors in [4] for detecting mobile targets in military applications. To fulfill these needs, we use the marker segments introduced by the JPSEC standards, which are SEC and INSEC. The SEC marker segment supports the specification of multiple security tools sa well as the zone of influence ZOI which describes the data associated with each protection tool. The INSEC marker present in the bitstream itself can be used to give additional or alternative parameter for one of the security tools. The Processing Domain (PD) is used to indicate at which domain the approach is used. The granularity level (GL) is used to indicate the unit of protection for each protection method. The Processing Order (PO) defines the order in which the protection tools are applied to the codestream. The server contains the JPEG codestream such that a resolution j encrypted using a key Kj expressed as follows: Kj = H S−j (K),

(III.6)

where H(.) is a hash function, S is the maximum resolution of the wavelet decomposition, and K is a randomly generated 128-bit key.

978-1-4244-2324-8/08/$25.00 © 2008 IEEE. This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the IEEE "GLOBECOM" 2008 proceedings.

Based on this codestream, S security levels can be defined. A user having the security level l ∈ {1, .., S} receives the key Kl . It is important to notice that the delimiting markers PD, GL, and GO should not be encrypted for a sound decryption. In fact, this allows the user to reconstruct progressively the resolution l of the image by an iterative computation of the keys Kl+1 , .., KS using the hash function H which is supposed to be implemented in all hosts. To illustrate the proposed access control mechanism, we show in Figure III-C the different resolutions of an image encrypted using eight passes (i.e., S = 8). The reader can notice that the quality of center of the image is enhanced more rapidly than in the other regions. The full resolution in this region is approximately reached at the fourth pass. This is performed using the ZOI marker of the JPSEC standard. The progressive reconstruction of the whole image is achieved through the use of the remaining field (especially the GL field).

(a)

Fig. IV.1.

(b)

(c)

Key sensitivity analysis.

A. Sensitivity analysis Assume that a 16-character ciphering key is used. This means that the key consists of 128 bits. A typical key sensitivity test has been performed, according to the following steps: 1) First, a 512 × 512 image is encrypted by using a given key, say ’1234567890123456’. 2) Then, the least significant bit of the key is changed, so that the original key becomes, say ’1234567890123457’ in this example, which is used to encrypt the same image. 3) Finally, the above two ciphered images, encrypted by the two slightly different keys, are compared. Having applied these steps to the first frame of the ’Vivid’ image, we found that the rate of different pixels in two images encrypted by two keys K1 and K2 which differ in only one bit has 99.78 % of average. Moreover, when the image is encrypted using K1 and decrypted using K2 , Figure IV.1 shows that no visual information can be got about the original image. B. Statistical robustness

Fig. III.2. Image sequence resulting from the application of the progressive access control mechanism.

IV. S ECURITY ANALYSIS Four test images (’Adams1’, ’Adams2’, ’Zurich’, and ’Vivid’) have been used to simulate the image encryption techniques that have been proposed in this paper. A description of these images can be found in [3].

Statistical analysis has been performed on the proposed image encryption algorithm, demonstrating its superior confusion and diffusion properties which strongly resist statistical attacks. This is shown by a test on the histograms of the enciphered images and on the correlations of adjacent pixels in the ciphered image. 1) Histograms of encrypted images. Select several 256 grey-scale images of size 512 × 512 that have different contents, and calculate their histograms. One typical example among them is shown in Figure IV.2. From the figure, one can see that the histogram of the ciphered image is fairly uniform and is significantly different from that of the original image.

978-1-4244-2324-8/08/$25.00 © 2008 IEEE. This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the IEEE "GLOBECOM" 2008 proceedings.

Original image

Histogram of the original image 5000 4000 3000 2000 1000 0 0

50

Encrypted image

100

150

200

250

200

250

Histogram of the original image 2500 2000 1500 1000 500 0 0

Fig. IV.2.

50

100

150

Histograms of the plain-image and the cipher-image.

2) Correlation of two adjacent pixels. To test the correlation between two vertically adjacent pixels, two horizontally adjacent pixels, and two diagonally adjacent pixels; respectively, in a ciphered image, the following procedure was carried out. First, randomly select 1000 pairs of two adjacent pixels from an image. Then, calculate the correlation coefficient of each pair by using Equations IV.1 and IV.2.

and

cov(x, y) = E ((x − E(x)) (x − E(x))) , cov(x, y) p , rx,y = p D(x) D(y)

(IV.1)

(IV.2)

where x and y are grey-scale values of two adjacent pixels in the image, E(.) denotes the mean operator, 1 PG (x and D(x) = G i − E(x)). i=1 Figure IV.3 shows the correlation distribution of two horizontally adjacent pixels in the plain-image and that in the cipherimage: the correlation coefficients are 0.91765 and 0.01183, respectively, which are far apart. V. C ONCLUSION Throughout this paper, we have presented a chaotic progressive access control mechanism for JPEG 2000 encoded images. Our approach enriches the JPSEC standard by fully integrating the encryption functionalities into the compression process. We use multi-dimensional chaotic maps to perform non-linear selection of the wavelet coefficients at every stage of the wavelet decomposition. We also develop an appropriate key scheming to support resolution-based access control. A security analysis has been carried out in order to assess the security performances of the proposed technique. In the future, we plan to extend chaotic encryption functions to video transmission applications which are of utmost importance in modern networks. R EFERENCES [1] Information technology JPEG 2000 image coding system, ISO/IEC international standard 15444-1, ITU recommendation T.800, 200. [2] JPSEC Final Draft of Intrnational Standard, ISO/IEC/JTC1/S29/WG1/N3853, February 2006.

Fig. IV.3. Correlations of two horizontally adjacent pixels in the plain-image and in the cipher-image.

[3] M. Hamdi, N. Boudriga, ”Four Dimensional Chaotic Ciphers for Secure Image Transmission,” IEEE International Conference on Multimedia and Expo, Hannover, Germany, 2008. [4] M. Hamdi, N. Boudriga, M. S. Obaidat, ”Bandwidth-Effective Design of a Satellite-Based Hybrid Wireless Sensor Network for Mobile Target Detection and Tracking,” IEEE Systems Journal, Special Issue on Recent Advances in Global Navigation and Communication Satellite Systems (GNCSS), March 2008. [5] F. Dufaux, S. Wee, J. Apostolopoulos, and T. Ebrahimi, ”JPSEC for Secure Imaging in JPEG 2000,” Proceedings of SPIE – Volume 5558 Applications of Digital Image Processing XXVII, Andrew G. Tescher, Editor, November 2004. [6] Q. Sun, Z. Zhang, ”JPSEC: Security Part of JPEG 2000 standard,” published by the Information Technology Standards Committee, Singapore, 2007. [7] Y. Wu, D. Ma, and R. H. Deng, ”Progressive Protection of JPEG2000 Codestreams,” International Conference on Image Processing, Vol. 5, pp. 3447-3450, 2004. [8] A. Haggag, M. Ghoneim, J. Lu, T. Yahagi, ”Progressive Encryption and Controlled Access Scheme for JPEG 2000 Encoded Images,” IEEE International Symposium on Intelligent Signal Processing and Communication Systems, Tottori, Japan. [9] S. Lian, Z. Wang, ”Comparison of Several Wavelet Coefficient Confusion Methods Applied in Multimedia Encryption,” IEEE ICCNMC, 2003. [10] Y. Mao, G. Chen, ”Chaos-based image encryption,” In Eduardo BayroCorrochano, editor, Handbook of Computational Geometry for Pattern Recognition, Computer Vision, Neural Computing and Robotics. Springer-Verlag, Heidelberg, April 2004. [11] W. Sweldens, ”The lifting scheme:a construction of second generation wavelets,” SIAM J. Math. Anal., Vol. 29, No. 2, pp 511–546, 1997.

978-1-4244-2324-8/08/$25.00 © 2008 IEEE. This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the IEEE "GLOBECOM" 2008 proceedings.

Lihat lebih banyak...

Comentários

Copyright © 2017 DADOSPDF Inc.