1 Introduction

Because of special characteristics [12, 27] such as ergodicity, sensitive dependence on initial conditions, random-like behavior, and mixing effect, chaotic system has been found very useful in the field of image encryption. As early as year 1989, Matthews [19] proposed a new image encryption based on chaotic system using logistic map. Since then, the application of chaos in image has attracted more and more researchers’ attention. In [18], the authors used a coupled chaotic system called CCS-PRBG to generate bitstream. This system has perfect cryptographic properties, and can be employed to construct stream cipher with high security. A new cryptosystem based on hyper chaos, P-Box, and S-Box was suggested by Hermassi et al. [9]. They made an improvement for classical algorithm, and then showed a better performance of confusion and key sensitivity. Normally, image encryption algorithm includes two stages [3], i.e., permutation and diffusion. This kind of cryptosystems have been adopted in most image encryption algorithms [46, 10, 23, 25, 26]. In particular, the appearance of high-dimensional chaotic systems, for example, standard map [13], have solved partially the low security problem existed in low-dimensional systems such as Logistic map.

However, some image encryption algorithms have been found in low security level. For example, Li et al. [15] re-evaluated the security to [2] and found that the scheme is not sensitive enough to the changes of plaintext. Gao et al. [8] proposed an image encryption algorithm in which the cipher-image is obtained just by doing XOR operation between the plain-image and the chaotic sequence after pixel permutation. It was broken successfully by [16] due to key-dependency. Arroyo et al. [1] performed cryptanalysis on a family of self-synchronizing chaotic image encryption algorithms. Unfortunately, the cryptosystem studied in [14] can be analyzed successfully.

By studying the weakness existed in image encryption algorithms, two common drawbacks are summarized as: (1) keystream is used to do modular operation or XOR function with the plain-image directly, (2) permutation and diffusion functions are implemented separately. In this paper, we analyze the property of remote sensing image, and propose a novel block encryption scheme. Double diffusions in forward and backward directions [28] are performed in the first and the last blocks. Compared with pixel-by-pixel encryption method, our scheme can save much time by blocking. Some control parameters are also added in proposed algorithm to enlarge the key space given by Lorenz chaotic system.

The rest of this paper is organized as follows. In Section 2, remote sensing image, Lorenz system, and blocking method are introduced in the first place. Then, the circular function and diffusion process are also described. We also give the encryption steps with help of block diagram in this section. Simulation results are reported in Section 3 to show the efficiency of our proposed method. Section 4 evaluates the security level including the key space, sensitivity on initial conditions and plain-image, statistical analysis, and information entropy analysis. Finally, Section 5 is a conclusion of the whole manuscript.

2 Encryption scheme for remote sensing image

2.1 Remote sensing image

Remote sensing can be seen as a technology to collect information about an object or phenomenon at certain height by satellite. It does not make physical contact directly with the object but only observation in a distance. More important, the develop of remote sensing makes it possible to collect data in dangerous environment or inaccessible areas such as crater. Commonly, remote sensing consists of land remote sensing, ocean remote sensing, and atmosphere. However, because of long distance of monitoring and precise requirement, the data collected by remote sensing will be very huge. As a result, more time cost should be spent to deal with remote sensing data. Considering the security communication of remote sensing image between satellite in the air and receiver on the ground, a block chaotic encryption scheme is suggested in this manuscript to supply a protection. There are many applications of remote sensing image such as inland water [22], and ocean colour [24].

2.2 Lorenz system and blocking method

The chaotic Lorenz system [11, 17] can be described as (1).

$$ \left\{\begin{array}{lll} dx/dt&=&a(y-x) \\ dy/dt&=&cx-y-xz \\ dz/dt&=&xy-bz \end{array}\right. $$
(1)

Here, if a=10, b=8/3, c=28 are set, Lorenz system will exhibit chaotic behavior as plotted in Fig. 1. To solve Lorenz system, classical Runge-Kutta method is usually taken.

Fig. 1
figure 1

Chaotic phenomenon of Lorenz system: a x-y-z, b y-z-x, c z-x-y

Full size image

Without loss of generality, suppose that the plain-image of remote sensing is denoted as A, which has size of M×N and is decomposed into p×q sub-blocks. Each block is in size m×n, i.e., p×m=M, q×n=N. In general, M should be divisible by p while N should be divisible by q. If this is not satisfied, we can change again the values p and q. Here, p and q can be open and are considered as control parameters. Before using the chaotic sequence generated from Lorenz system, some former iterated values should be thrown away for high randomness. Assume \(\phantom {\dot {i}\!}\{x_{0},y_{0},z_{0},x_{1},y_{1},z_{1},\cdots \}\) be the chaotic sequence. With new control parameters \(\phantom {\dot {i}\!}r_{2}\), \(\phantom {\dot {i}\!}r_{3}\) and \(\phantom {\dot {i}\!}r_{4}\), we can get set \(\phantom {\dot {i}\!}S=\{s_{1},s_{2},s_{3},\cdots \}=\{x_{r_{2}+1},y_{r_{3}+1},z_{r_{4}+1},x_{r_{2}+2},y_{r_{3}+2},z_{r_{4}+2},\cdots \}\).

To make keystream be dependent on the plain-image, we design three control parameters \(\phantom {\dot {i}\!}w_{1}\), \(\phantom {\dot {i}\!}w_{2}\), and w 3, i.e., \(\phantom {\dot {i}\!}w_{1}={\Sigma } A\), \(\phantom {\dot {i}\!}w_{2}=\overleftarrow {w_{1}}\), \(\phantom {\dot {i}\!}w_{3}=(w_{1}+w_{2})/2\). Here,\(\overleftarrow {a}\) denotes inverse order of a, for example, w=3241 while \(\overleftarrow {w}=1423\). Then, initial conditions of Lorenz system are updated as: \(\phantom {\dot {i}\!}x_{0}=x_{0}+w_{1}\times 10^{-14}\), y 0=y 0+w 2×10−14, \(\phantom {\dot {i}\!}z_{0}=z_{0}+w_{3}\times 10^{-14}\). As a result, the proposed encryption algorithm can resist the known-plaintext and chosen-plaintext attacks.

2.3 Block circular permutation

To save much time spent on position relocation and sorting function for chaotic sequence, a fast permutation operation by circular function is suggested. Before applying it, we pre-process chaotic sequence using following (2) and (3) to let values fall into [0,p] (for column circulation) and [0,q] (for row circulation) respectively.

$$ \alpha_{i}=[s_{i}\times10^{14}]~mod~p,~i=1,2,\cdots,p. $$
(2)
$$ \beta_{j}=[s_{j+p}\times10^{14}]~mod~q,~j=1,2,\cdots,q. $$
(3)

Here, [x] rounds x to the nearest integer towards minus infinity, mod means the remainder after division. \(\phantom {\dot {i}\!}s_{i}=S_{r_{1}+i}\) is the chaotic value extracted from S with control parameter r 1. Then we use \(\phantom {\dot {i}\!}\{\alpha _{i}\}_{i=1}^{p}\) and \(\phantom {\dot {i}\!}\{\beta _{j}\}_{j=1}^{q}\) to do column circular and row circular accordingly.

For row cyclic shift in blocks, we cycle sub-blocks to the right by α 1 blocks in first row, the second row by α 2 blocks to the right until the last row. The same is to column case, we move the j-th column down by β j blocks to the bottom( j=1,2,⋯ ,q). As a result, we can finish permutation operation in blocks in a fast way thanks to smaller numbers of blocks compared with pixel numbers.

2.4 Block diffusion operation

Many permutation-only image encryption methods have been cryptanalyzed [15, 16] successfully. To enhance the security level, it is necessary to continue the diffusion operation. Suppose the permuted image above is denoted in block as P i,j ( i=1,2,⋯ ,p,j=1,2,⋯ ,q). In the first step, we pick out the first block P 1,1 for diffusion by arranging it into vector u1 with size 1×m n. From set S obtained by above updated initial keys, a sequence with length 1×M N can be got and is arranged into a diffusion matrix F of M×N. Then we do a processing for it by (4).

$$ F(i,j)=[F(i,j)\times10^{14}]~mod~256,~i=1,2,\cdots,M,~j=1,2,\cdots,N. $$
(4)

Similarly, matrix F is divided into blocks like the same way for the plain-image. Then we pick out first block F 1,1 and convert it into vector v1 in size of 1×m n. To achieve the goal that any change to one pixel in the plain-image can cause a big difference in the cipher-image, the following double diffusions (5) and (6) are performed to the first block.

$$ \left\{\begin{array}{lll} c_{i}&=&c_{i-1}\dot{+}u1_{i}\dot{+}v1_{i},~ i=1,2,3,\cdots,mn.\\ c_{0}&=&constant \end{array}\right. $$
(5)
$$ \left\{\begin{array}{lll} p^{\prime}_{j}&=&p^{\prime}_{j+1}\dot{+}c_{j}\dot{+} v1_{j},~ j=mn-1,\cdots,2,1.\\ p^{\prime}_{mn}&=&c_{mn} \end{array}\right. $$
(6)

Here, \(\dot {+}\) denotes the modular operation under gray level 256.

Then, we obtain pixel \(p^{\prime }_{j}\) and update all pixels for block P 1,1. Next, we do the forward diffusion for all blocks P i,j using (7). For simplicity of expression, we mark down the former updated block P into rectangular matrix Q m×p q n using program fragment 1 before applying diffusion (7).

Program fragment 1

Q=z e r o s(m,p q n);

f o r i=1:p

Q(:,(i−1)n+1:i n)=P((i−1)m+1:i m,:);

end

$$ \left\{\begin{array}{l} Q1_{i}=Q1_{i-1}+Q_{i}+ F_{i}, ~i=1,2,3,\cdots,pq.\\ Q1_{0}=constant \end{array}\right. $$
(7)

Where, Q i (i=1,2,⋯ ,p q) of size m×n is the i-th block in Q, F i is the i-th block diffusion matrix from F just as the same way to get Q i . Then arrange the last block of Q1 into vector q2, and perform double diffusions using (8) and (9).

$$ \left\{\begin{array}{lll} \overline{c}_{i}&=&\overline{c}_{i-1}+q2_{i}+ v2_{i}, ~i=1,2,3,\cdots,mn.\\ \overline{c}_{0}&=&constant \end{array}\right. $$
(8)
$$ \left\{\begin{array}{lll} \overline{p}^{\prime}_{j}&=&\overline{p}^{\prime}_{j+1}+\overline{c}_{j}+ v2_{j}, ~j=mn-1,\cdots,2,1.\\ \overline{p}^{\prime}_{mn}&=&\overline{c}_{mn} \end{array}\right. $$
(9)

Where vector v2 is the chaotic sequence from last block F p×q just the same as v1, \(\overline {c}_{i}\) and \(\overline {p}^{\prime }_{i}\) is the i-th pixel of the cipher-image. Then, update the last block of Q1 with \(\overline {p}^{\prime }_{j}\), and obtain image matrix \(\overline {P}^{\prime }\).

Using (10), we perform backward diffusion by blocks, and obtain the cipher-image E Q M×N from Q2 using program fragment 2.

$$ \left\{\begin{array}{lll} Q2_{j}&=&Q2_{j+1}+\overline{P}^{\prime}_{j}+ F_{j},~ j=pq-1,\cdots,2,1.\\ Q2_{pq}&=&\overline{P}^{\prime}_{pq} \end{array}\right. $$
(10)

Program fragment 2

E Q=z e r o s(M,N);

f o r i=1:p

E Q((i−1)m+1:i m,:)=Q2(:,(i−1)n+1:i n);

end

2.5 Encryption steps

The encryption process is illustrated in the block diagram as shown in Fig. 2. Details are listed in the following algorithm: Encryption process.

Fig. 2
figure 2

Block diagram of the proposed method

Full size image
figure c

2.6 Decryption process

Because of symmetry, decryption process can be carried out reversely if we have the correct keys x 0, y 0, z 0 and the control parameters r i (i=1,2,3,4). The reversion of function (10) is shown in (11).

$$ \left\{\begin{array}{lll} \overline{P}^{\prime}_{j}&=&Q2_{j}-Q2_{j+1}-F_{j},~ j=pq-1,\cdots,2,1.\\ \overline{P}^{\prime}_{pq}&=&Q2_{pq} \end{array}\right. $$
(11)

Equations (12) and (13) are the inverse processes of operations (9) and (8) respectively.

$$ \left\{\begin{array}{lll} \overline{c}_{j}&=&\overline{p}^{\prime}_{j}-\overline{p}^{\prime}_{j+1}-v2_{j}, ~j=mn-1,\cdots,2,1.\\ \overline{c}_{mn}&=&\overline{p}^{\prime}_{mn} \end{array}\right. $$
(12)
$$ \left\{\begin{array}{lll} q2_{i}&=\overline{c}_{i}-\overline{c}_{i-1}-v2_{i}, ~i=1,2,3,\cdots,mn.\\ \overline{c}_{0}&=constant& \end{array}\right. $$
(13)

The same can be done to (7), (6), (5) and obtain (14), (15), (16), respectively. Finally, we can recover the plain-image from the cipher-image.

$$ \left\{\begin{array}{lll} Q_{i}&=&Q1_{i}-Q1_{i-1}-F_{i}, ~i=1,2,3,\cdots,pq.\\ Q1_{0}&=&constant \end{array}\right. $$
(14)
$$ \left\{\begin{array}{lll} c_{j}&=&p^{\prime}_{j}-p^{\prime}_{j+1}- v1_{j}, ~j=mn-1,\cdots,2,1.\\ c_{mn}&=&p^{\prime}_{mn} \end{array}\right. $$
(15)
$$ \left\{\begin{array}{lll} u1_{i}&=&c_{i}-c_{i-1}-v1_{i}, ~i=1,2,3,\cdots,mn.\\ c_{0}&=&constant \end{array}\right. $$
(16)

3 Simulation

In this section, simulation is implemented to the proposed encryption scheme using gray plain-image Coastal city of size 512×512 (see Fig. 3a) from google image database. All experiments are test by Matlab r2011b on a Lenovo Win7 PC with an Intel(R) Core(TM) i3-2350M, 2.30 GHz CPU. Figure 3b shows the cipher-image with two rounds of iteration. Here,initial conditions are set to be a=10,b=8/3,c=28, x 0=2.155,y 0=3.022,z 0=−9.811 in system (1) with random control parameters r 1=10, r 2=40, r 3=38, r 4=45. According to the size of the plain-image and integer factorization, 8×16 blocks are divided. From Fig. 3b, we can not found any information related to the plain-image because there is no connection between them.

Fig. 3
figure 3

Coastal city: a plain-image, b cipher-image, c cipher-image using y 0+10−14, d difference between (b) and (c), e decrypted image using x 0+10−14, f decrypted image using y 0+10−14, g decrypted image using z 0+10−14, h correct decrypted image

Full size image

4 Security analyses

In the proposed cryptosystem, the block permutation approach is suggested together with double diffusions. The security analyses of our method are evaluated as below.

4.1 Key space analysis

The number of possible combinations of keys is an important index to evaluate whether the proposed algorithm can resist the brute-force attack. The key of our approach is composed of initial conditions x 0, y 0, z 0 in the Lorenz system, and control parameters r 1, r 2, r 3, and r 4. Thus, the key space is large enough to resist brute-force attack.

4.2 Sensitivity analysis

On the one hand, the cipher-image should be sensitive to the initial conditions. Figure 3c shows the cipher-image just with 10−14 difference in key y 0. The difference between Fig. 3b and c is plotted in Fig. 3d. We cannot recover the plain-image even if there is any change for example 10−14 in keys as shown in Fig. 3e, f, and g. Of course the plain-image can be obtained with correct keys as shown in Fig. 3h. Therefore, the proposed method is very sensitive to every key.

On the other hand, a good image encryption algorithm should also satisfy the requirement that any tiny change in the plain-image even just one-bit can lead to a totally different cipher-image. The number of pixels change rate (i.e., NPCR) and the unified average changing intensity (i.e., UACI) defined in (17) and (18) [26] are commonly used to test the sensitivity. Table 1 lists the results for different images. Furthermore, Table 2 gives the corresponding values by changing different pixel positions in Lena image of size 256×256. These values justify that our algorithm can resist differential attacks including chosen-plaintext and known-plaintext attacks.

$$ NPCR=\frac{{\sum}_{ij}D(i,j)}{M\times N}\times100~\% $$
(17)
$$ UACI=\frac{1}{M\times N}\left[\sum\limits_{i,j}\frac{|C_{1}(i,j)-C_{2}(i,j)|}{255}\right]\times100~\% $$
(18)

where D(i,j)=0 if C 1(i,j)=C 2(i,j); otherwise, D(i,j)=1.

Table 1 UACI and NPCR values for different images
Full size table
Table 2 UACI and NPCR values at different positions
Full size table

4.3 Statistical analysis

(1) Correlation coefficients

For a meaningful plain-image, the correlation coefficients between two adjacent pixels are usually high. Any ideal image encryption scheme should have the ability to reduce them to near zeros [20]. In our test, 2500 pairs of adjacent pixels are randomly selected along the vertical, horizontal and diagonal directions in Lena image and its cipher-image. Using (19), the results are given in Table 3. So, we can see that the correlation coefficients of adjacent pixels in the cipher-image are greatly reduced by using the proposed method. Meanwhile, Fig. 4 plots the correlation coefficients for Barb image.

$$ r_{xy}=\frac{cov(x,y)}{\sqrt{D(x)D(y)}} $$
(19)

where \(cov(x,y)=\frac {1}{N}{\sum }_{i=1}^{N}(x_{i}-E(x))(y_{i}-E(y))\), \(D(x)=\frac {1}{N}{\sum }_{i=1}^{N}(x_{i}-E(x))^{2}\), \(E(x)=\frac {1}{N}{\sum }_{i=1}^{N}x_{i}\), x i and y i represent the gray values of two adjacent pixels in the image.

Fig. 4
figure 4

Correlation coefficients in the plain-image: a diagonal direction, c vertical direction, e horizontal direction; Cipher-image: b diagonal direction, d vertical direction, f horizontal direction

Full size image
Table 3 Correlation coefficients for Lena image
Full size table

(2) Histogram

If the histogram of the cipher-image is relatively uniformed, i.e., the gray values are distributed evenly, statistical attacks will be more difficult. Figure 5a and b show the histograms of the plain-images Barb and Boat while Fig. 5c and d are the histograms of the corresponding cipher-images respectively. Because the histograms of the cipher-image are uniformed compared with those of the plain-image, we can conclude that the proposed chaotic encryption algorithm possesses high security against statistical attacks.

Fig. 5
figure 5

Histogram test:a plain-image Barb, b plain-image Boat, c cipher-image of (a), d cipher-image of (b)

Full size image

4.4 Information entropy analysis

Equation (20) is commonly employed to calculate the information entropy for message or image.

$$ H(s)=\sum\limits_{i=0}^{2^{n}-1}p(s_{i})log_{2}\frac{1}{p(s_{i})} $$
(20)

Here, s is the information source, p(s i ) represents the probability of occurrence of symbol s i . The theoretical value of an image with random pixel values is 8 [21]. Table 4 lists the values of information entropy for different cipher-images. As a result, our method can show high degree of randomness.

Table 4 Entropy information for different images
Full size table

4.5 Speed analysis

Block permutation plus block diffusion approach is suggested in this paper, of which can be implemented in a fast way. Table 5 shows the comparisons with three existed methods [5, 10] and [7]. Therefore, we can see the high efficiency of the proposed method.

Table 5 Speed performance
Full size table

4.6 Applications to other remote sensing images

In this section, four other colour remote sensing images from google image database are randomly selected to do the experiments. Figure 6e, f, g, and h show the cipher results for plain-images of size 512×512 in Fig. 6a, b, c, and d respectively. Therefore, the proposed algorithm can be applied to any other remote sensing images.

Fig. 6
figure 6

Other remote sensing tests: plain-images: a test one, b test two, c test three, d test four; cipher-images: e test one, f test two, g test three, h test four

Full size image

5 Conclusion

A novel block-based image encryption algorithm has been proposed for remote sensing image in this paper. To overcome the drawbacks such as small key space and weak security in one-dimensional chaotic maps, chaotic Lorenz system is employed to enhance the security. Furthermore, the keystream is generated dependent on the plain-image. The values of UACI and NPCR show that any tiny change in the plain-image will lead to a significantly difference in the cipher-image. As a result, the proposed method can resist known-plaintext and chosen-plaintext attacks. Additionally, due to the block method adopted in the proposed cryptosystem, it is specially suitable to big size remote sensing image, and can achieve high security for image encryption. Speed tests also explain that our method is efficient than some existed encryption algorithms.