Novel substitution-box generation using group theory for secure medical image encryption in E-healthcare

1.   Introduction

Telemedicine is a rapidly expanding discipline that provides health services remotely, wherein the patient and the physician do not live in the same geographical region. The patient's personal data, especially medical images, is communicated via online or cellphone-networked routes. This contemporary healthcare system requires an infrastructure that has the ability to preserve medical images in such a manner that they are visible only to permitted users, regardless of their geographic location. This infrastructure could be provided through cloud storage networks. However, such systems are susceptible to cyber-attacks if they are not built according to proper safety standards. The primary focus of many researchers in the information security field has been the development of computing-based tactics aimed at enhancing patient care. However, there is a notable gap in the methodologies employed to achieve the desired level of privacy for sensitive data within communication channels and storage systems. In these circumstances, one option for safeguarding medical images is to utilize encryption algorithms. These algorithms encrypt the images in a manner that renders them indecipherable to users who do not possess the encryption key. References ^{[1,2,3,4,5,6,7]} highlight several security measures for telemedicine applications.

The substitution-box (S-Box) is a crucial part of the encryption process and one of the most significant components in cryptography ^[8]. An s×s S-box is a special kind of Boolean function that can be defined as;

where ${Z}_{2}$ is a finite field of order 2. The substitution-box is used to create perplexity and uncertainty in actual data, and the robustness of the cryptosystem depends upon the ability of the S-box to scramble the information into an unreadable format. The use of the S-box aids in achieving Shannon's confusion characteristics. These characteristics strengthen block ciphers against differential and linear attacks ^[9,10]. After the successful implementation of AES, which uses $8\times 8$ S-boxes, experts in this field have been interested in the construction of cryptographically robust $8\times 8$ S-boxes ^{[11,12,13,14,15,16,17,18]}.

In recent years, there have been numerous advancements in the field of image encryption systems, resulting in the emergence of various schemes that can be categorized based on their underlying encryption methods. These methods include DNA encryption, chaotic system approach, wavelet transform encryption, compressive sensing encryption, and the S-box approach. Ibrahim et al. ^[19] employed dynamic S-boxes and chaotic maps in their study to effectively encrypt medical images. The proposed system was designed to offer protection against reset attacks, as well as selected plaintext and ciphertext attacks. A comprehensive analysis of multiple image encryption schemes incorporating DNA coding and nonlinear dynamics was presented in ^[20], uncovering inherent vulnerabilities within these schemes. The authors demonstrated the application of S-boxes in executing chosen-plaintext attacks against the aforementioned schemes. In ^[21], a novel n-dimensional conservative chaos is generated for the purpose of image encryption utilizing the Generalized Hamiltonian System. Nematzadeh et al. ^[22] presented a hybrid model that combines an updated genetic scheme and coupled map lattices (CMLs) to enhance the encryption security and computational efficiency of medical images. Reference ^[23] elucidated the development of high-speed and low-area architectures specifically designed to accommodate the secure IoT encryption algorithm within resource-constrained IoT environments. The paper also introduced a dynamic block selection technique aimed at enhancing the efficiency of image encryption. Liu et al. proposed image encryption for color images in ^[24] by utilizing self-adapting permutation and DNA dynamic encoding. Hashim et al. ^[25] proposed a hybrid encryption technique that combines a quadratic map preprocessing step with AES for secure medical image transmission, thereby addressing the challenge of protecting patient privacy and data confidentiality. Based on the DNA-chaos cryptosystem, ^[26] revealed an innovative approach to encrypt medical images aimed at keeping telemedicine and other medical applications protected. Experimental results indicated the effectiveness of the proposed approach, which demonstrated its efficient processing time and robust encryption capabilities. Khan et al. ^[27] designed S-boxes with good cryptographic strength by utilizing true random values derived from medical imaging noise. In ^[28], a novel hybrid encryption technique based on S-box and Henon mappings for enhancing the security of multidimensional 3D medical images was presented. Hayat et al. ^[29] introduced an innovative approach to construct S-boxes by leveraging elliptic curves within finite order rings. Upon comparative assessment with contemporary methodologies, it becomes apparent that their proposed technique is better tailored for cryptographic applications. Notably, a resilient S-box exhibiting a substantial non-linearity of 109.75 is delineated in ^[30], employing the Q-learning naked mole rat method. Furthermore, the authors adeptly applied the suggested S-box for image encryption. In ^[31], the sine-cosine optimization procedure is employed to generate a bijective S-box, with the authors conducting rigorous testing against other S-boxes to establish its efficacy. Razaq et al. ^[32] introduced a novel approach that utilized group theory to generate an extensive number of S-boxes possessing algebraic properties similar to those of AES. S-boxes constructed by Ibrahim et al. ^[33] utilize permutated elliptic curves, exhibiting experimental efficiency an order of magnitude higher than comparable methods. Reference ^[34] introduces an efficient chaotic S-box, employed in the design of a streamlined cryptosystem demonstrating favorable encryption outcomes and security robustness. Alhadawi et al. ^[35] incorporated discrete chaotic maps and the cuckoo search algorithm in their S-box generation method, concluding that the resultant S-boxes exhibit robust cryptographic properties resistant to cryptanalysis. In ^[36], Khan et al. utilized a chaotic partial differential equation to design an S-box, implementing it to construct a secure communication-oriented cryptosystem. Khan et al. ^[37] proposed a novel S-box construction through the application of a fractional Rossler chaotic model, substantiating its efficacy in ensuring secure communication. Reference ^[38] introduces an effective S-box generated through the artificial bee colony method and discrete chaotic map. By employing a range of benchmark standard analyses, the authors validate the robustness of the S-box. Soto et al. ^[39] suggested a novel S-box generation method using a human behavior-based optimization system. Several investigations show that the offered method may efficiently create resilient S-boxes for encryption systems. In ^[40], Yan et al. employed a Nonlinear-Transform of 1D Chaotic Maps to create the S-box. The authors perform many security evaluations to show the resilience of the constructed S-box. Zhou et al. ^[41] proposed a chaos-based random S-box design algorithm that generated a large number of S-boxes by utilizing the spatial chaotic nature of spatiotemporal chaos. An innovative algorithm for generating S-boxes based on hyperchaotic systems is presented in reference ^[42]. The generated S-box is also incorporated into the design of an image encryption algorithm. In ^[43], a novel technique for deriving random bijective S-boxes using discrete chaotic maps is introduced. The performance test shows that the S-box has good cryptographic characteristics. In ^[44], a methodology is suggested to generate S-boxes using an efficient method based on the 3-D four-wing autonomous chaotic system. Comparing the proposed S-box to current ones demonstrates higher cryptographical performance. Furthermore, recent advancements in image encryption methods can be found in references ^{[45,46,47,48,49,50]}.

The present study contributes significantly in the following ways:

i. A novel approach is formulated for the generation of substitution-boxes by combining a permutation group and a multiplicative cyclic group of order 256.

ii. To assess the performance of the suggested S-box, many standard algebraic parameters are applied. The findings obtained from various assessment methods confirm the reliability of the proposed S-box in preventing numerous assaults.

iii. A robust image encryption algorithm that integrates the generated substitution-box with bit-plane slicing, circular shifting, and XOR operations is developed.

iv. The security of the encryption algorithm is assessed using benchmark evaluations designed for image encryption techniques. The outcomes show that the proposed encryption approach can encrypt medical images effectively.

2.   Mathematical concepts

In this section, we discuss some mathematical concepts utilized to our S-box design scheme.

2.1.   Group

A set ${\Psi }$ is said to constitute a group under the binary operation "$\text{*"}$if the following conditions hold.

i. Closure Law

For all $\mu, \nu \in {\Psi },$we have $\mu *\nu \in {\Psi }$.

ii. Associative Law

For all $\mu, \nu, \sigma \in {\Psi },$ we have $\mu *\left(\nu *\sigma \right)$ = $\left(, \mu *\nu \right)*\sigma$

iii. Existence of Identity

For each $\mu \in {\Psi }$, there is an element $e\in {\Psi }\;\mathrm{s}\mathrm{u}\mathrm{c}\mathrm{h}\;\mathrm{t}\mathrm{h}\mathrm{a}\mathrm{t}\;e*\mu = \mu *e = \mu$.

$e$ is called the identity element in ${\Psi }$, it has no effect on each element of ${\Psi }$ under "$\text{*}\text{"}$.

iv. Existence of Inverse

For each $\mu \in {\Psi }, \;\mathrm{t}\mathrm{h}\mathrm{e}\mathrm{r}\mathrm{e}\;\mathrm{i}\mathrm{s}\;\mathrm{a}\mathrm{n}\;\mathrm{e}\mathrm{l}\mathrm{e}\mathrm{m}\mathrm{e}\mathrm{n}\mathrm{t}\;{\mu }^{-1}\in {\Psi }\;\mathrm{s}\mathrm{u}\mathrm{c}\mathrm{h}\;\mathrm{t}\mathrm{h}\mathrm{a}\mathrm{t}\;{\mu }^{-1}*\mu = \mu *{\mu }^{-1} = e$.

$\mu$ and ${\mu }^{-1}$ are called inverses of each other.

2.2.   Cyclic group

Let ${\Psi }$ be a group under some binary operation "*". Then, ${\Psi }$ is called a cyclic group if it has at least one element $\mathrm{a}$ that can generate the entire group ${\Psi }$. In other words, for all $\mathrm{b}\in {\Psi }$, there exists at least one element $\mathrm{a}$ in ${\Psi }$ such that $b = \left\{\begin{array}{c}na:n\in \mathbb{Z}, \text{ if }\Psi \text{ is group under addition}\\ {a}^{n}:\in \mathbb{Z}, \text{ if }\Psi \text{ is group under multiplication}\end{array}\right.$.

If such is the case, we say that $\mathrm{a}$ is the generator of the cyclic group ${\Psi }$. It is important to note that, in a cyclic group ${\Psi }$, $\mathrm{a}$ is not a unique element that generates ${\Psi }$ rather ${\Psi }$ has many elements other than $\mathrm{a},$ acting as generator of ${\Psi }$.

The following theorem enables us to identify all generators of any finite cyclic group ${\Psi }$.

Theorem 1. Let ${\Psi }$ be a cyclic group with $\mathrm{n}$ elements and $\mathrm{a}$ be its one of the generators. Then ${\mathrm{a}}^{\mathrm{m}}$ also generates ${\Psi }$ if and only if $\mathrm{m}$ and $\mathrm{n}$ are relatively prime.

Thus, to find all generators of ${\Psi }$, we must first manually compute its one generator, say $\mathrm{a}$. Next, we find all the positive integers that are relatively prime to $\mathrm{n}$. Finally, we get the set $\left\{{\mathrm{a}}^{\mathrm{m}}:\left(\mathrm{m}, \mathrm{n}\right) = 1\right\}$ of all generators of ${\Psi }$.

2.3.   The cyclic pattern of the cyclic group and S-box

Let ${\Psi }$ be a cyclic group with $n$ elements and $a$ be one of the generators. Then, $a$ generates all the elements of ${\Psi }$ randomly in the following way;

We call $a, {a}^{2}, {a}^{3}, \dots, {a}^{n} = 1$, a cycle of ${\Psi }$ obtained by $a$. Such cyclic patterns create randomness in the elements of ${\Psi }$. For example, the cyclic patterns of $\left({\mathbb{Z}}_{11}-\left\{0\right\}, .\right)$ designed by its all four generators 2, 8, 7, and 6 are

and

respectively.

An 8-bit S-box has 256 number of distinct elements presented randomly in a square matrix of order 16. In this work, we have used the cycle of multiplicative cyclic group $\left({\mathbb{Z}}_{257}-\left\{0\right\}, .\right)$ of order 256 to design our S-box. It is easy to verify that $\left({\mathbb{Z}}_{257}-\left\{0\right\}, .\right)$ is generated by 2. Also, the positive integers that are relatively prime to 256 are all odd positive integers. Thus,

is the set of all generators of $\left({\mathbb{Z}}_{257}-\left\{0\right\}, .\right)$. Each of these 128 generators produce randomness in $\left({\mathbb{Z}}_{257}-\left\{0\right\}, .\right)$, which further evolves an S-box.

3.   The proposed scheme of S-box generation

The proposed technique for the generation of S-boxes considers the ideas of cyclic and permutation groups. Here, we detail the steps required to use them effectively and complete the task.

Step 1.

In this step, the trivial sequence $\mathrm{0, 1}, 2, ..., 255$ is randomised to generate the initial S-box. It is achieved using a cyclic pattern of $\left({\mathbb{Z}}_{257}-\left\{0\right\}, .\right)$ designed by one of its generators in association with the translation and mod (256) operation.

Step 1.1.

Generate $\left({\mathbb{Z}}_{257}-\left\{0\right\}, .\right)$ with the help of one of the generators $74$. Consequently, a cycle shown in Figure 1 is formed.

In Step 1.1, we acquire 256 random data points ranging from 1 to 256. The initial S-box (see Table 1) is formed by adding 84 to each data input and then applying mod-$256$. That is, for each data input $n$, the corresponding entry of the S-box is $n+84\;\mathrm{m}\mathrm{o}\mathrm{d}\left(256\right).$ The non-linearity of our initial S-box is 106.25, which demonstrates the effectiveness of using cyclic groups in the S-box construction.

Step 2.

The Step 2 of the proposed S-box generation method is based on a permutation group $G$ generated by three elements $a, b$ and $c$, where

a = (1,111, 86, 50,227,104,210,144,172,255, 68,200, 91,157, 88, 24,216, 72,115,247,112,188, 39, 41,184, 51,177,170, 7,147, 54,254,162,196, 94,128,201,213,214, 99,175,166,224, 65,130,117,181,161, 15,212,141,233, 22,129, 61,113,118,136,252, 28,235, 89, 44,204, 37,223, 14, 30,164,131, 85, 35, 21,241, 82,234,122,108,193, 9, 90,217, 67,109,195, 62,146, 63,137, 92, 42,101,150,189, 93, 5, 47,246,107, 10,244, 34, 98,148,145,218, 56, 76,182,190, 43, 53, 73, 38, 48, 18)

b = (2, 29,225,125, 71,106,156, 52,124,202,165, 46,251, 33, 12, 3, 81,197,250,126, 11,138,160,120,199,143, 4,215,194, 13, 57,248, 96,176,154,230, 69, 23, 26,103, 31,198, 45, 8, 49,142, 97,209,158, 20,192,231, 66,116,169,127,149, 75, 84,114,207,239, 16, 55,132,155, 58,153,206,232, 32,237, 87,139,178,102,105,121,140,134, 40, 59, 25,123,220,159,219,203,245, 80,226,173,249, 70,236, 79, 78,151,163,191, 6,208,185,187,242,100,222, 95,228,186,168,211,221, 60,135, 27, 77,171, 19)

c = (17,167,183,110, 83,205,243,229,253,256,180,133,240,119,174, 74,238,152,179).

Using GAP, we note that the finite presentation of $G$ is

Furthermore, the order of $G$ is 262276. Each element of $G$ acting on the original S-box generates a new S-box. We apply all elements of $G$ and determine that ${a}^{15}{b}^{76}{c}^{7}$ is the most effective element in $G$ as it converts the initial S-box into the most resilient S-box in terms of non-linearity score. This S-box is referred to as our generated S-box (see Table 2).

4.   Algebraic performance of the generated S-box

The generated S-box has been evaluated using certain well-known performance metrics. These include non-linearity, differential and linear approximation probabilities, bit independence criterion, and strict avalanche criterion. The findings of these security analyses in relation to the suggested S-box are briefly summarized in this subsection.

An S-Box is needed to create a particular level of disorder in the data to secure it from different security assaults by unauthorized individuals. The capacity of an S-Box to cause confusion is tested using the non-linearity analysis ^[51]. In general, the greater the nonlinearity score of an S-box, the more reliable it is. The average non-linearity of the suggested S-box is 111, which is sufficient to assert that the created S-box can protect the transmitted data against linear assaults.

Biham and Shamir ^[52] proposed differential uniformity (DU) as an essential criterion for S-box assessment. To compute the DU score, the mapping between input and output bits is analyzed. This analysis is designed to ensure differential homogeneity. The differential $\delta h$ at the input must be uniquely connected to differential $\delta k$ at the output. The newly constructed S-box has a DU score of 6, confirming its immense resistance to differential attacks.

Linear approximation probability (LP) is an analysis for determining the efficiency of an S-box against linear cryptanalysis ^[53]. This test examines an event's imbalance and calculates its maximum score. The maximum LP score of the constructed S-box is 0.078, reflecting its resistance to various linear assaults.

Large avalanche effects are required to construct a robust cryptographic system. Strict avalanche criteria (SAC) were first proposed by Websters and Tavares ^[54]. According to this criterion, if a single binary bit in the input is reversed, the output will also have a 50% chance of bit reversal. The optimal SAC value is 0.5. The mean SAC score of our S-box is 0.5017 indicating that the designed S-box fulfils the SAC standards.

The bit independence criterion (BIC), developed in ^[54], is another significant criterion for determining the quality of S-boxes. BIC requires that the Boolean mappings of the two output bits satisfy the NL and SAC requirements. The Boolean mapping of the two output bits in the proposed S-box satisfies the condition of nonlinearity, with an average BIC-NL value of 111.43. The average BIC-SAC score of our S-box is 0.5018, which indicates that the constructed S-box satisfies the SAC criteria.

Table 3 provides a comprehensive comparison of the outcomes of the aforementioned analyses obtained from the proposed S-box with those obtained from recently constructed S-boxes.

5.   Development of image encryption algorithm using proposed S-box

Medical imaging plays a crucial role in diagnosing and treating various medical conditions. However, the sensitive nature of medical images necessitates their protection against unauthorized access and tampering during transmission and storage. Encryption is a fundamental technique used to secure such images. This section introduces a new encryption scheme for medical images that addresses their exclusive security needs.

An image $P$ is turned into a one-dimensional series and then into hexadecimal form. The SHA-512 method generates a 512-bit hash, which is then split into two components and placed back together in a $16\times 16$ matrix. Further modification requires dividing the hash into 64 8-bit pieces. New S-boxes and images undergo bit-plane slicing. The hash components and S-box planes are combined via bitwise XOR. Modulus operations with pre-set values $p1$ to $p6$ choose bitplanes for circular shifting. Block-wise exclusive OR operations occur between image bitplanes and the modified S-box. Integrating the processed bitplanes creates an 8-bit encoded image, $C$, with planes rearranged. $C$ undergoes substitution procedures based on $T$ values and S-box elements. Finally, the encrypted image $E$ is reshaped into a $2D$ matrix. The simulation settings include predefined values for $p1$ to $p6$ and an initial value $C0$ within the range $[\mathrm{0,255}$]. The encryption procedure aims to enhance the security of the image data through a combination of hash functions, bit-plane manipulations, and substitution operations.

In this study, a set of six grayscale medical images, along with three additional grayscale images (Lena, Barabara, and Tree), all with dimensions of 256×256, were subjected to encryption. The purpose was to determine whether significant statistical differences exist between the encrypted images and their corresponding original versions. The experimental findings presented in this paper substantiate the robustness and high level of security exhibited by the proposed algorithm. All experimental simulations were carried out using the MATLAB software. The collection of nine plaintext images utilized in this research was obtained from reputable sources such as (https://medpix.nlm.nih.gov/home) and (https://sipi.usc.edu/database/). Figure 2 displays both the original and encrypted images, illustrating their distinctiveness and indicating the efficacy of the encryption algorithm in successfully encrypting the tested images.

5.1.   Decryption process

A series of operations and functions are utilized during the decryption procedure in order to restore the encrypted image E to its original state P. To commence the decryption process, the 2D encrypted Image 1s converted into a 1D array denoted as C. Subsequently, a series of substitution operations are performed, which consist of bitwise XOR operations employing a pre-established substitution box (S), bitwise calculations, and intricate bit-level manipulations. The encrypted Image 1s then reshaped back into its original $2\mathrm{D}$ matrix form. Reverse circular shifting operations are performed on the bitplanes of the image, driven by modular calculations derived from predetermined values. The original bitplanes are reconstructed through a reverse block-wise XOR operation that utilizes specific bitplanes and their relevant elements from the encryption hash (H). Decrypted Image variable P is ultimately produced by combining the reconstructed bitplanes. The intricate decryption process highlights the complexity and resilience of the proposed encryption scheme.

6.   Experimental analyses

In this section, we have conducted many standard analyses to evaluate the reliability of the suggested encryption technique.

6.1.   Majority logic criterion

The Majority Logic Criterion (MLC) ^[55] is a comprehensive framework consisting of contrast, energy, correlation, and homogeneity analyses. Its primary objective is the meticulous examination of the statistical properties inherent in image encryption algorithms.

6.1.1.   Contrast

The degree of contrast within an image plays a crucial role During the image processing procedure, alterations are made to ensure optimum contrast and luminance viewing conditions. Contrast refers to the difference in luminance between objects within an image. The encryption procedure incorporates a non-linear S-box replacement, which establishes a connection between visual contrast and randomness. A standard unaltered image has very little contrast. The calculation of image contrast is determined by utilizing this formula:

In this equation, $p\left(j, k\right)$ represents the location of pixels in gray level co-occurrence matrices. Table 4 presents the contrast values for all nine images. The encrypted images show significantly greater contrast ratings than the original ones. This significant difference demonstrates that the proposed encryption technique effectively minimizes disclosure of data.

6.1.2.   Energy

In energy analysis, the sum of squared gray level co-occurrence components is determined. The gray level co-occurrence matrix reveals that in a plain image, pixels with high values tend to cluster in specific regions, resulting in a higher energy value. The energy of the encoded Image 1s lower compared to the original image due to the distribution of energy values in the encoded image. The subsequent equation can be employed to compute it.

6.1.3.   Correlation

The correlation test is a widely utilized methodology for quantifying the resemblance between a plain image and its encrypted counterpart. It entails the examination of pixel values in the original image and their comparison with the corresponding values in the encrypted image. It serves as a metric for assessing the degree of association between neighboring pixel values in the two images. A lesser correlation value of the encrypted image confirms that it has been distorted more during encryption.

6.1.4.   Homogeneity

Homogeneity is utilized as a quantitative measure to evaluate the proximity between the distributions of elements in the gray level co-occurrence matrix's diagonal and the gray level co-occurrence itself. This assessment involves the application of a mathematical procedure. The range of homogeneity lies in $\left[\mathrm{0, 1}\right]$, with the diagonal components of the gray level co-occurrence matrix determining its magnitude. Small homogeneity scores in encryption signify a stronger algorithm. The following equation is utilized to calculate homogeneity:

The results of the MCL are shown in Table 4. The results demonstrate unequivocally that the proposed image encryption scheme is secure.

6.2.   Information entropy analysis

By means of entropy assessment, the degree of randomness of an encrypted Image 1s quantified. The mathematical formulation of entropy is as follows:

where $Q\left({X}_{j}\right)$ represents the likelihood that the given symbol $\left({X}_{j}\right)$ will be present. The gray value distribution of pixels is more uniform with more entropy. Predictability could compromise image security if encrypted image entropy is much less than 8.

6.3.   Differential analysis

Two most common criteria, number of pixel change rate (NPCR) and unified average changing intensity (UACI), are used to quantitatively measure the influence of one pixel change on the encrypted image. Between the two encrypted images, the percentage of different pixel numbers is measured by NPCR and the average intensity of differences is measured by UACI. Let the difference in pixel of two original images is only one and their corresponding encrypted images are denoted by ${C}_{1}\left(i, j\right)$ and ${C}_{2}\left(i, j\right)$. The values of NPCR and UACI are calculated using the following formulas:

where $D\left(i, j\right)$ is zero if ${C}_{1}\left(i, j\right)$ and ${C}_{2}\left(i, j\right)$ are the same otherwise it is equal to one. Furthermore, $M$ and $N$ represent the image width and image height, respectively. Table 6 presents a comprehensive analysis of the UACI and NPCR metrics indicating the effectiveness and quality of the proposed image encryption scheme.

6.4.   Histogram analysis

Histograms are representations of the distribution of pixel gray level intensities in an image. A cryptanalyst may utilize the information provided to perform histogram attacks if the distribution has a non-uniform nature. However, the approach has been designed to be resistant to histogram attacks, and information is unidentified if the histogram is uniform and flattened. By analyzing the histograms of both the encrypted and original images, we can observe the differences in color intensities between them. We conducted tests on the histograms of the original and encrypted images and found that the histogram distribution of the encrypted image, generated using the proposed S-box, significantly deviates from that of the original image. In Figure 3, histograms of the original and encrypted images of all nine images, chosen for encryption, are shown. The histogram of the encrypted image appears to be quite uniform, confirming the efficiency of the proposed mechanism. The correlation plots for vertical, horizontal and diagonal neighboring pixels in original and encrypted images are shown in Figure 4. This result indicates that it is exceedingly challenging to exploit the statistical characteristics of the encrypted image to reconstruct the original image.

6.5.   Measures of encrypted image quality

In this section, the effectiveness of the presented encryption algorithm is evaluated experimentally. The nine original multiple images, as well as each of their encrypted counterparts, are analyzed here. These ciphered images were produced following the proposed encryption algorithm. The purpose is to evaluate the robustness and dependability of the proposed encryption technique.

6.5.1.   Mean squared error

The MSE is used to determine the cumulative squared difference between plain image and cipher image ^[60]. The statistical formula used to calculate MSE is given below:

where $\alpha \left(i, j\right)$ is the original image and $\beta \left(i, j\right)$ is the encrypted image. Moreover, $M$ and $N$ represent the image width and image height, respectively.

6.5.2.   Root mean squared error

This criterion ^[61] provides the discrepancy between the original and encoded images. In order to determine its value, the following relation is applied:

6.5.3.   Peak signal to noise ratio

The peak signal-to-noise ratio, abbreviated PSNR ^[62], is the metric used to determine the fidelity of the encrypted image. The formulas listed below define PSNR:

where ${Y}_{max}$ is the highest possible pixel value in the image.

6.5.4.   Maximum and average difference (MD & AD)

Researchers utilized the MD and AD test ^[62] to calculate the maximum and mean variations between the original $\mathtt{α}\left(\mathrm{i}, \mathrm{j}\right)$ and concealed $\mathtt{β}\left(\mathrm{i}, \mathrm{j}\right)$ images. Formulas for calculating MD and AD scores are as follows:

6.5.5.   Mutual information (MI)

According to ^[63], MI quantifies the quantity of original image data that can be reconstructed from the encrypted version. Applying the following formula, the value of MI can be calculated:

Here $\rho \left(i, j\right)$ represents joint probability function of $\alpha$ and $\beta$.

6.5.6.   Universal quality index (UQI)

According to reference ^[63], the UQI technique breaks down assessments of picture distortion into three distinct categories: Brightness, structural similarity, and contrast. In order to determine the value of the UQI, the following statistical equation is used.

The symbols ${\rho }_{\alpha }$ and ${\rho }_{\beta }$ represent the mean scores of the actual and altered images, respectively. In a similar way, ${\partial }_{\alpha }$ and ${\partial }_{\beta }$ represent the standard deviation of the source and altered images, respectively.

6.5.7.   Structural similarity (SSIM)

SSIM ^[63] is a refined variant of the UQI that is used to determine how similar the two images are to one another. For this purpose, SSIM assumes that the other Image 1s error-free before evaluating the precision of the first image. The SSIM score is calculated by applying the following equation to an image's $(\mathrm{R}, \mathrm{S})$window pairs:

where ${\mathtt{π}}_{\mathrm{R}}$ and ${\mathtt{π}}_{\mathrm{S}}$ are the standard deviations of R and S, whereas ${\mathtt{θ}}_{\mathrm{R}}$ and ${\mathtt{θ}}_{\mathrm{S}}$ are the means of $\mathrm{R}$ and $\mathrm{S}$. The possible value range of the SSIM index is [-1, 1]. When the two images are alike, the $\mathrm{S}\mathrm{S}\mathrm{I}\mathrm{M} = 1$.

6.5.8.   Normalized cross correlation (NCC)

According to ^[64], the resemblance between both images is derived through the use of the correlation function. NCC finds the relationship between the initial and ciphered images. NCC is determined by the following equation:

6.5.9.   Normalized absolute error (NAE)

The NAE ^[60] is utilized to evaluate the effectiveness of an image encryption procedure by assessing each of the pixels in the initial image and those in the scrambled image. To determine the NAE between both images (unencrypted and encrypted), the following formula is used:

6.5.10.   Structural content (SC)

The connection between both images (plain and ciphered) is analyzed using SC, which is a correlation-based metric. The score of SC ^[64] is calculated using the following formula:

Table 7 presents a comprehensive analysis of the aforementioned image quality metrics.

6.6.   NIST test

The NIST STS800 test suite is applicable for the first six images shown in Figure 2. The reason being that all six images have number bits higher than ${10}^{6}$, and the NIST tool has the prerequisite, is that the candidate sequence under examination for the randomness test should have at least ${10}^{6}$ bits, whereas the size of the other 3 benchmark images is $256\times 256$, the total bits are less than ${10}^{6}$. The outcomes of these analysis are given in Table 8.

7.   Conclusions

This research presents a significant contribution to the field of medical image encryption by introducing a novel algorithm that addresses the security requirements of e-Healthcare systems. A novel methodology is developed to generate substitution-boxes through the combination of a multiplicative cyclic group and a permutation group. To assess the efficacy of the suggested S-box, several benchmark algebraic parameters are performed. The outcomes obtained from these assessment mechanisms provide evidence for the reliability and robustness of the proposed S-box in mitigating numerous attacks. An algorithm for robust medical image encryption is devised that is based on the generated substitution box. In order to evaluate the quality of the encryption scheme, benchmark assessments that are specifically tailored for image encryption techniques are employed. The outcomes demonstrate that the proposed encryption method can successfully encrypt medical images. In the future, we plan on using these resilient S-boxes, created by the suggested approach, in multimedia security applications beyond only image encryption. This includes video and audio steganography as well as watermarking.

Use of AI tools declaration

The authors declare that they have not used Artificial Intelligence (AI) tools in the creation of this article.

Conflict of interest

The authors declare no conflicts of interest.