1 Introduction

In recent days, the advancements in Information Technology (IT) and processing are incredible. Cloud computing is one such kind which is being adopted by various enterprise for hosting their applications and storage. The digitalized data sharing via modern gadgets set the new stage for the distribution of information around the world irrespective of applications. Being shared information through the public, there is a question on the intensity of privacy and security for the personnel and sensitive information [1]. Increased rate of information sharing among various organizations, including medical imaging system users, leads to the adoption of new storage techniques like a cloud [2], edge [3], etc. Most of the online services like e-commerce, telemedicine, online money access, and social network are deployed in the cloud [4].

Cloud has reached its peak in recent days; Storage as a Service (SaS) is the full demanded service by most of the Internet of Things (IoT) applications [5]. Cloud storage data security is a shared responsibility of customer and service provider, so mainly the issues related to medical data privacy need to be well tackled through the proper crypto standards. It is crucial to offer data security for a medical image stored in an open and shared environment like a cloud. From the discussion over the cloud data security, cloud service providers concentrate on security measures about infrastructure, host, and data. However, user data are exposed as a plain text up to a certain level. To address this issue, encryption schemes are suggested to store the data in an encrypted format [6]. Qin et al. proposed a fully homomorphic encryption (FHE) approach to encrypting the image in cloud storage to offer image security where the complexity has been increased even for small scale images [7].

Numerous encryption schemes exist; they can encrypt text, image, and audio. Still, security measure employed for the text transmission presents poor performance for the image, because of the intrinsic features of the images such as bulk data capacity, high redundancy, and high correlation among the pixel data; thus, independent security scheme is required for each type of multimedia data security [8]. Because of the difficulty in handling images when compared to the textual data, image security gains more importance. Besides, most of the sensitive applications, such as telemedicine, education, and biometric authentication, share their context in terms of images. Chaos-based image encryption schemes [9,10,11,12,13] are gained attention due to its enhanced key strength through key sensitivity. The significance of the chaos is that the key has a real value.

As per the chaos theory, chaotic nature purely depends on the initial seed. However, cryptanalysts are reported that chaos-based encryption schemes are not withstood against the chosen-plaintext attack. However, most of the modern cryptographic techniques are subjected to cryptanalysis where the attackers compromise the cryptosystem through known-plaintext and chosen-plaintext attacking schemes.

Reversible exclusive-OR operation has been incorporated in image encryption due to its merits such as reversibility, and it offers bitwise confusion. Also, it feasible to create a stream cipher. However, it allows cryptanalysis through a chosen-plaintext attack [14,15,16,17,18,19,20]. The homomorphic encryption scheme is addressed as a leading encryption technique, especially for cloud data security. Yet, the homomorphic encryption scheme has cryptanalysis by Baocang Wang, in which security keys are retrieved with lesser than 8 s [21].

From the above survey, most of the existing schemes are compromised by the chosen-plaintext attack due to their common utility of simple XOR-based diffusion and constant rounds of operation. The rounds of operations may increase the complexity but unnecessary change in execution time which results in poor throughput. To prevent the cryptanalysis and especially the chosen-plaintext attack, the encryption scheme must be complex, reversible, self-adaptive, and parameter sensitive. Neural-based encryption schemes are the desired solution to satisfy the requirements, as mentioned earlier. An artificial neural network (ANN) is a distributed network that can execute the parallel task and the primitive elements called neuron [22]. Integration of ANN with conventional schemes provides accurate results due to its self-learning and adaptive nature. Also, ANN has the calibre to learn the environment through real-time data and training data. Thus, the neural networks are integrated with various applications such as data security, big data analytics, medical data classification, and neural can be utilized in the civil structure analysis [23, 24], in which this paper focuses the data security.

As per the fundamental rule, artificial neurons should resemble biological neurons. Accordingly, it has chaotic behaviour. This chaotic behaviour of neurons gets the attention of the cryptography applications [25].

From the literature, it has been noticed that ANN can be extended to model the reversible complex encoders. Besides, ANN can apply to a non-traditional image encryption scheme. ANN can be modelled as a nonlinear encoder that can be extended to replace the traditional diffusion [26,27,28,29,30,31]. In addition to the diffusion, random indexes are needed to achieve confusion. To obtain the random indexes, the neural network also needs recurrent behaviour, which is inevitable in the generation of the pseudo-random sequence for image encryption. Thus, this paper proposes recurrent Hopfield neural network (HNN) as a primary component to implement the neural blended adaptive image encryption. A variant type of neural model is called the Hopfield neural network (HNN), which is a recurrent network, and it is derived from the human brain dynamics [32,33,34,35,36,37]. It exhibits temporal behaviour. It is different from other neural architectures. Because other neural networks consist of independent hidden units to process the inputs, hence the networks are appropriate for classification and clustering applications. Conversely, recurrent HNN has interconnected hidden units, one of the hidden units activates at the time to attain temporal or sequential behaviour. It is useful in the applications based on the sequence of successive events such as pseudo-random sequence generation.

Significances of the proposed algorithm as follows:

  • Multilayered architecture and nonlinear transfer function-assisted weight matrix of BPN reduces the probability of prediction of the key.

  • Distinctive features of the image are taken as the input for the BPN, thus generated keys are more adaptive to the input plain image.

  • Keys can be dynamic due to their self-learning capability of BPN.

  • Unique key for every image, thus unauthorized persons cannot hack the image and key using chosen-plaintext attack.

  • Confusion and diffusion are implemented using a Hopfield neural network, so this scheme enhances the complexity of the prediction of the algorithm.

  • Weight matrix of the HNN can be updated for every image; thus, it produces the image-specific pseudo-sequence generation.

  • Image-specific pseudo-sequence generation in turn to attain adaptive confusion and diffusion.

  • Due to the recurrent and chaotic behaviour, HNN requires key seeds similar to the chaos which is better than linear neural architectures such as BAM, BPN as the initial key seed larger in size (size is greater than plain image), which increases transmission overhead.

  • Establishing connectivity between the authenticated user and the public cloud environment.

  • Augmented privacy for medical image repository in the cloud.

The rest of this paper is organized as follows. Section 2 presents pre-requisites such as four-nodes Hopfield neural network (HNN) and its chaotic behaviour analysis. Section 3 presents the proposed scheme with five phases, in which, Phase I presents adaptive key generation using back propagation network, Phase II presents the random sequence generation using HNN and image-specific key, Phase III employs adaptive confusion using random sequence generation. Phase IV includes adaptive diffusion using random sequence generation, and Phase V explains the connectivity establishment between the cloud and the proposed cryptosystem. Section 4 presents the results and discussion. Finally, Sect. 5 presents the conclusions and future work directions.

2 Pre-requisites

2.1 Hyperchaotic HNN

Hyperchaotic HNN has metastable states using external input and chosen previous state [30, 32,33,34]. HNN is designed with minimum node, selected node connection along with an appropriate asymmetric weighted path, provide the chaotic behaviour.

The proposed work is employed for the four-nodes HNN. In a four-nodes HNN architecture, every node might be connected with every other node, along with external input. Besides, it has self-connection. The output of every node depends on the previous state of the input nodes along with external input. Every node is connected to other nodes with the weighted path. Recurrent HNN is reconfigured as chaotic architecture with four nodes which is illustrated in Fig. 1. In chaotic architecture, each node is considered as an input/output node, which results in a faster generation of the pseudo-random sequence. Thus, it is considered as a kind of hyperchaotic architecture. The speciality of this architecture is that every node is not connected to every other node, and weights are updated using the Hebb rule along with hyperbolic activation function. Besides, HNN has designed with a selected number of nodes, along with the appropriate asymmetric weighted path, to provide the desire chaotic behaviour.

Fig. 1
figure 1

Architecture of hyperchaotic HNN with four nodes

Full size image

Chosen Hopfield neural network has four nodes, so the weight matrix dimension is 4 × 4, namely W11W44 as in Eq. (1).

$$ W_{ij} = \left[ {\begin{array}{*{20}c} {w_{11} } & {w_{12} } & {w_{13} } & {w_{14} } \\ {w_{21} } & {w_{22} } & {w_{23} } & {w_{24} } \\ {w_{31} } & {w_{32} } & {w_{33} } & {w_{34} } \\ {w_{41} } & {w_{42} } & {w_{43} } & {w_{44} } \\ \end{array} } \right] $$
(1)

Weight values in Eq. (1) resemble the strength of the neural network through training, which decides the accuracy of the result (percentage of closeness between expected and obtained output). Weight values are either integer or floating decimal which depends on the activation function (identity or hyperbolic activation function). Each node is sequentially updated with the following Eqs. (2) and (3). From Eq. (2), each node receives the weighted signal from other nodes along with external input (ei) and input from other nodes (Xi). Subsequently, the sigmoid transfer function is calculated using updated Xi as in Eq. (3).

$$ {\text{Net}}\left( {x_{i} } \right) \, = N(x_{i + 1} ) = e_{i} + \sum\limits_{i = 1}^{4} {\sum\limits_{j = 1}^{4} {x_{i} w_{ij} } } $$
(2)

where Net(xi) represents some of the weighted inputs.

$$ X_{i + 1} = \tanh \left( {{\text{Net}}(x_{i} )} \right) = \frac{1}{{1 + {\text{e}}^{{ - {\text{Net}}(X_{i} )}} }} $$
(3)

The architecture, shown in Fig. 1, develops the cyclic random sequences using the following Eqs. (4) and (5), which are derived from Eqs. (2) and (3)

$$ x_{i + 1} = - c_{i} x_{i} + \sum\limits_{j = 1}^{4} {w_{ij} v_{j} } $$
(4)
$$ v_{i} = \tanh \;(x_{i} ) $$
(5)

where ci is constant and c1 = c2 = c3 = 1; c4 = 100; xi is the previous state, and wij is the weight matrix, respectively.

2.2 Chaotic behaviour analysis of HNN

To attain the chaotic behaviour, node connections should not have symmetrical weights. The chosen weights of the hyperchaotic HNN are given as follows.

$$ w_{ij} = \left[ {\begin{array}{*{20}c} 1 & {0.5} & { - 3} & { - 1} \\ 0 & {2 + p} & 3 & 0 \\ 3 & { - 3} & 1 & 0 \\ {100} & 0 & 0 & {170} \\ \end{array} } \right], $$

where p is the control parameter.

The chaotic behaviour of the HNN (with control parameter p = 0.3) is visually confirmed in Fig. 2. Figure 2a–c expresses the unstable state generation from X1 to other states, and Fig. 2d–f expresses the unstable state generation from X2 to other states. This is the evidence for the chaotic behaviour of the muted HNN which exhibits periodic and chaotic points. This chaotic behaviour depends on the initial seed xi, weight values, and the control parameter p.

Fig. 2
figure 2

Chaotic behaviour of HNN with p = 0.3

Full size image

3 Proposed scheme

This paper proposes Hopfield governed image-dependent encryption scheme for medical image cloud storage which is shown in Fig. 3. This framework consists of five phases in which Phase I describes the adaptive key generation using the BPN network;

Fig. 3
figure 3

Discrete Hopfield attractor image-dependent encryption scheme for medical image cloud storage

Full size image

Phase II presents image-specific random sequence generation using HNN,

Phase III and IV deal with the confusion and diffusion process, respectively,

Phase V illustrates connectivity establishment between the cloud and the proposed cryptosystem.

In this proposed work, the initial seed and the control parameter are generated from the input image to design the adaptive encryption scheme.

3.1 Phase I: adaptive key generation using back propagation network

Once the key has been deduced, the security of the cryptosystem will be compromised. This research work develops a method to prevent chosen-plaintext attacks using neural networks. It generates a session key that is unique for every image, as shown in Fig. 4. During training, the set of image features in the dataset is a map to the key using a feed-forward neural network. The network is trained using multilayer BPN with the image features as inputs and session keys as the target. The trained network generates a unique key such a way that if at least one of the image feature changes, the output key must change. As the key generated is adaptive to the image, it can be called an adaptive key generation. Tables 1 and 2 present the training dataset for BPN.

Fig. 4
figure 4

Adaptive key generation

Full size image
Table 1 Extracted feature from the images as a training dataset
Full size table
Table 2 Target creation
Full size table

Normalized significant features of the image are extracted and considered as the training inputs for the neural network as shown in Table 1. For the training, the desired unique key of every image is assigned as the target as shown in Table 2. These input and target pairs are used to train the BPN network. It is to be noted that these values are unique to the image, and hence the output will be changed even with the slight variation of image features.

Figure 5 shows the training performance of the developed multilayer BPN network. Figure 5a illustrates the fitting architecture of multilayer BPN network for the proposed adaptive key generation process in the encryption algorithm. Figure 5b depicts MSE versus the number of epochs. It can be noticed that as the epoch number increases, the MSE decreases. This is since the Net converges to the optimum value at every succeeding epoch. Hence, it can be inferred that the Net finally converges to a global minimum and therefore is with stable weights. The weight matrix finally produced can then be used as an image-specific key generator.

Fig. 5
figure 5

Training performance of the developed multilayer BPN network; a BPN fitting architecture with 55 input features, b respective training performance graph

Full size image

3.2 Phase II: random sequence generation using HNN and image-specific key

The scheme proposed here is to generate the chaos sequences through HNN rather than using nonlinear equations that exhibit the chaotic nature. Image-specific key is considered as a control parameter, and the random sequences are generated using the pseudo-code given as follows.

figure a

3.3 Phase III: adaptive confusion using random sequence generation

Two different sets of nonlinear random sequences are generated for the processes substitution and permutation. The detailed flow is given in Fig. 3, which integrates the adaptive and image-specific key generation, confusion, and diffusion. The following section presents part of a detailed encryption algorithm which includes confusion.

figure b

3.4 Phase IV: adaptive diffusion using random sequence generation

Second random sequences are considered for the diffusion process, and the detailed algorithm is given as follows

figure c

3.5 Phase V: connectivity establishment between cloud and cryptosystem proposed

The ciphered medical images of the user are stored into S3 bucket of AWS with sole login credentials. If the user credentials are invalid, then the system denied the access, and it will be handled as a user-defined exception else image access is allowed. The procedural flow is explained as follows:

Step 1 Register with AWS to get AWS_Username and AWS_Password

Step 2 Create AWS secret key pairs for file storage in S3 of AWS

For every cloud access, follow the given steps

Step 3 Match the AWS user credentials with the currently received credentials

Step 4 If step 3 results with “NO”, then return with the message ‘Access Denied’

Step 5 If step 3 results with “YES”, then, match the AWS secret key pairs

Step 6 If step 5 results with “NO”, then return with the message ‘Invalid Credentials’

Step 7 If step 5 results with “YES”, then put the ciphered images into S3 of AWS

4 Results and discussion

The ciphered medical image has been stored in public cloud storage, and authenticated users only can access the cloud to get a ciphered image. The retrieval of the plain image is only through the associated private key(s) employed. Figure 6 illustrates the block diagram for pushing encrypted medical images into S3 bucket of AWS. As evidence, the view of the uploaded medical image in AWS S3 bucket is shown in Fig. 7.

Fig. 6
figure 6

Block diagram for pushing encrypted medical image into S3 bucket of AWS

Full size image
Fig. 7
figure 7

Available uploaded medical images in AWS S3 bucket

Full size image

To ensure the resistivity of this developed work, various attack analyses like statistical, differential, encryption quality, bit plane correlation and entropy, keyspace, key sensitivity, computational and time complexity, and chosen-plaintext attack are carried out. The ability of the proposed algorithm is verified with medical images of size 256 × 256. The images before encryption after encryption and after decryption are shown in Fig. 8a–f.

Fig. 8
figure 8

Medical: a plain (M1); b encrypted (E1 = E(M1)); c decrypted (M1 = D(E1)); medical: d plain (M2); e encrypted (E2 = E(M2)); f decrypted (M2 = D(E2))

Full size image

4.1 Statistical analysis

To verify the statistical resistivity of the developed work, correlation analysis, entropy analysis, and histogram analysis are carried out.

4.1.1 Correlation analysis

Correlation analysis is carried out and results are entered in Table 3. Figure 9 depicts the closeness of intensities between the co-located pixels of the medical images before and after encryption.

Table 3 Correlation analysis
Full size table
Fig. 9
figure 9

Adjacent pixels correlation in all the directions of the image (M1) (ac); adjacent pixels correlation in all the directions of the image (E1 = E(M1)) (df)

Full size image

The adoption of the Hopfield neural network and the key generation using an intrinsic property of the image results in the more adaptive confusion process. As evidence, the average correlation arrived is nearly 10−3 in all the direction of the encrypted image as shown in Table 3.

4.1.2 Information entropy analysis

The statistical features like frequency of occurrence and randomness of pixels are the hint to know the image. Any encryption algorithm is capable of attaining the standard entropy values globally as well in local. The global entropy value for an ideal case is expected as 8, and the local entropy also has optimal value for various significance levels such as 5%, 1%, and 0.1%. Table 4 reveals the proposed approach offers the better conversion of a plain image into random noise and also arrived entropies are in the acceptable range. The proposed Hopfield neural attractor updates the weight matrix for every single medical image, which results in arriving exclusive encrypted images for every single medical image. Due to the adaptive encoding feature of the proposed work, the average entropy of 7.99 has arrived irrespective of original medical images.

Table 4 Randomness analysis
Full size table

4.1.3 Histogram analysis

The uniform pixel intensity distribution over the image plane offers image unpredictability. Figure 10a–c shows the distribution of pixel intensities in the plain medical images M1, M2, and M3, which are not uniformly distributed. Histograms for the encrypted medical images M1, M2, and M3 are represented using Fig. 10d–f where the intensities of the pixels are uniformly distributed.

Fig. 10
figure 10

Histogram analysis for the plain and encrypted image of medical images M1, M2, and M3, respectively (af)

Full size image

From the histogram analysis, it is proven that the redundancy of plain medical image pixels is entirely obscured. As a result, the actual pixel intensities are stretched and shifted out from the original and arrived with a flat histogram. The proposed scheme also achieves one of the features to resist a statistical attack.

4.2 Encryption quality analysis

The quantitative analysis for the histogram is also supported to ensure encryption quality. Maximum deviation (MD) and deviation from uniform histogram (DH) are the metrics to do the process as mentioned earlier. Compared to the confusion stage, the diffusion stage needs to be tested for encryption quality. For a different set of sample test images, MD and DH are computed and tabulated in Table 5.

Table 5 Image encryption quality analysis
Full size table

The proposed algorithm carries out the diffusion process in an adaptive manner, so the distribution of pixel intensities is uniform by having the redundancy of pixels with the expected count. From Table 5, the higher value of MD reveals that the encrypted image has deviated from the original.

From Table 5, the DH value for the test images after encryption is very low which indicates that the histogram of encrypted images is close to the ideal one. Due to the complex, nonlinear, and dynamic encoding process as diffusion strategy in the proposed algorithm, occurrence of pixels values is utmost equal.

4.3 Keyspace analysis

According to the cryptographic law, strength for any encryption proposal resides in the key. For a smaller keyspace with smaller exhaustive search, itself algorithm can be broken. The proposed algorithm has a larger keyspace to keep up the potency of the algorithm. Here, the proposal has eight different keys in a set {k1,…, k8} each with the precision of 1014, so the total keyspace is 10112. Besides, the session keys are also obtained from the inherent features of plain medical images that are used in encryption. Session keys, together with the key set, are adequate to resist the brute force attack.

4.4 Key sensitivity analysis

Keys perform a vital role in the encryption schemes, and key sensitivity analysis is an important metric to evaluate the robustness of the encryption schemes. Most of the encryption schemes utilize the same key for every image transmission. But the proposed scheme offers an independent and adaptive key for each image using image features. When the key is in the double data type, it can reflect the minor change in the image features. NPCR is measured between the images after a slight change in image content. The test is carried out using the identical image with pixel change, and the pixels are selected from various locations. Tabulated NPCR values in Table 6 are evident to confirm that the proposed scheme generates the independent key after a slight change in image content, and this scheme can resist the exhaustive search.

Table 6 Key sensitivity analysis
Full size table

4.5 Chosen-plaintext attack analysis

XOR-based substitution methods are tested with this traditional analysis to ensure the potential to resist the chosen-plaintext analysis. While examining the resiliency of the proposed scheme against the chosen-plaintext attack, it should satisfy Eq. (6)

$$ M_{1} \oplus M_{2} \ne CM_{1} \oplus CM_{2} $$
(6)

where M1, M2, CM1, and CM2 are plain medical image 1, plain medical image 2, cipher medical image 1, and cipher medical image 2, respectively. Figure 11a indicates the XOR between medical image 1, medical image 2, and Fig. 11b shows the XOR between the corresponding cipher images, accordingly both the images are not the same which is a visual proof for the ability of the proposed scheme against chosen-plaintext attack. From this analysis, it is clear that the hacker cannot obtain the key by applying the chosen-plaintext attack.

Fig. 11
figure 11

Chosen-plaintext attack analysis: a M1 \( \oplus \) M2, b CM1 \( \oplus \) CM2

Full size image

4.6 Computational effectiveness/efficiency

The computational effectiveness/efficiency of the proposed method depends on the pseudo-random sequence generation, permutation, and substitution process. The number of operations that are employed to develop the pseudo-random sequence through HNN is about O {n (M × N)}. Consequently, the number of permutation operations is about O {2 × M × N}, and the total number of substitution operations are performed about O {2 × M × N}. The proposed scheme is tested with a grey image with a size of 256 × 256, and it takes 0.451 s for the encryption process. Also, the elapsed time for the adaptive key generation is about 0.018845 s for each plain image. The time taken for uploading a file through a WiFi network of speed 130 Mbps into the AWS S3 bucket is 0.546 s. The propagation delay is inversely proportional to network speed.

4.7 Performance comparison analysis

The proposed scheme is compared with the recent methods using entropy, correlation, NPCR, and UACI. The comparison analysis is shown in Table 7. The proposed scheme is compared with three different modes of techniques such as Refs. [9, 11, 13] are chaos-based encryption, Ref. [10] is inter- and intra-plane shuffling-based encryption, Ref. [12], and Refs. [34, 37] are genetic and neural-based encryption, respectively. Chaos-based works are framed in such a way to resilient against statistical, dictionary attack, but sometimes Chaos-based works fail in entropy when the modality of image changes. Plane- and pixel-wise rotation algorithms offer desire entropy but fail in the keyspace. However, most of the works are cryptanalysis by chosen-plaintext analysis [14,15,16,17,18,19,20]. Based on the obtained metric values, the proposed scheme can withstand statistical, differential, and brute force attacks. Besides, the adaptive key generation using the BPN algorithm formulates a strong and image-specific encryption scheme.

Table 7 Comparison analysis
Full size table

Cloud data storage is chosen for data sharing between groups of intended users to avoid multiple transmissions. In such a scenario, every single image storage and transmission demands security. When the cloud is approached for storage, the encryption module should encrypt any type of medical image, and it should result in the desire and uniform metrics. This demand is fulfilled by the proposed scheme using adaptive key generation. In the proposed scheme, the adaptive key from BPN is inserted in the weight matrix of the Hopfield neural network as control parameters, which decide the chaotic behaviour of the HNN. Hence HNN starts self-learning with every plain image, which results in an image-specific random sequence. The image-specific random sequence employs the self-adaptive confusion and diffusion. Due to the self-adaptive property of the proposed Hopfield neural network and unique key for every image transmission, the proposed scheme resists the chosen-plaintext attack. Besides, tabulated metrics prove that the proposed scheme is not compromised with any other metrics, so it can make resilient against statistical, differential, and encryption quality attacks.

5 Conclusion

Cloud storage environments are vulnerable to many security breaches because of open and multi-tendency. When the cloud is approached for the creation of a medical image repository, it’s vital to ensure the security solutions are impenetrable. This proposed solution offers security for the data stored in the cloud storage and for a different state like underuse, at rest, and in transit. The motivation of this work is to build a secure medical image repository in the cloud. Hopfield attractor is a major component of the security system for the medical images to be stored in the cloud, and fitness is also validated using the standard metrics. The proposed work employed Hopfield attractor for the confusion of pixels followed by diffusion has confirmed the resiliency against the various attacks. The proposed work has keyspace 10112. Also, adaptive keys are generated by BPN; thus, hackers cannot predict the key using the chosen-plaintext attack strategy. The integration of supervised and associative neural networks increases the complexity of key and algorithm predictions. In the future, the neural-assisted security solutions will be developed for multimedia data such as colour medical image, audio, and video storage in the cloud.