1 Introduction

Remote healthcare delivery, facilitated by state-of-the-art technologies such as telemedicine, teleradiology and telesurgery has witnessed concerns raised about the security of medical data, not excepting medical images. Particularly teleradiology has been very successful and popular, and incorporates diverse imaging modalities of ultrasonography, computed tomography, X-ray radiology, magnetic resonance imaging, etc [23]. Medical images form critical components of medical diagnostic procedures as they among other things, offer non-invasive methods of examining anatomical cross sections of internal organs and other features of patients. These images are transmitted over public digital communication networks [19] and are stored in networked storage facilities, sometimes powered by cloud computing services to be used for clinical interpretation and diagnosis. However, services such as cloud storage pose critical security challenges to data [38,39,40]. Medical imaging security schemes are expected to achieve high degrees of resistance against diverse forms of attacks without compromising the diagnostic quality of the images because alterations made to the images during processing might result in irreversible wrong diagnostic consequences. Conventional encryption protocols such as Data Encryption Standard (DES), Advanced Encryption Standard (AES) and Rivest–Shamir–Adleman (RSA) have been used in encrypting medical images; however, these algorithms are not very efficient for images due to certain intrinsic features of images including high redundancy, bulk data capacity and high correlation among adjacent pixels [1, 27]. Consequently, chaos based encryption schemes have been extensively proposed recently [4, 12].

Chaotic systems demonstrate random behaviour and have inherent characteristics such as unpredictability, ergodicity and sensitivity to initial conditions. They are dynamical systems that are unpredictable and resemble noise [29]. These characteristics provide a close relationship between chaotic dynamical systems and cryptosystems. The sensitivity to initial conditions property of chaos systems is used for keys in cryptosystems while the topological transitivity property which ensures the ergodicity of chaos maps, is related to the diffusion property of cryptosystems [20]. The behaviour of a chaos system is predictable if the initial condition and the control parameter are known to attackers. As long as attackers are ignorant about these, the system appears to be random. This random behaviour is employed to provide confusion and diffusion within the cipher image, thereby enabling secure transmissions over unprotected communication channels. Encryption algorithms based solely on chaos, however do not always provide sufficient robustness [22], due to weak diffusion functions, weakness against chosen and known plaintext attacks and poor statistical characteristics of some chaos maps [7, 14, 24]. The security of most chaos-based cryptosystems is not justified [4]; most of them are slow in nature, some have small key spaces, some require considerable iteration steps and others have inappropriate key stream generation defects [4]. This has led to mergers between chaos and other theories such as deoxyribonucleic acid (DNA) computing for designing cryptosystems [26, 28]. Nevertheless, some of these mergers have also been found insecure particularly against chosen-plaintext attacks [16, 18]. Some have been found to be insensitive to changes in plain image or secret key, while others have fixed encoding and decoding rules [15, 17, 37].

The efficiency of both low and high dimensional nonlinear systems play an important role in hardware implementations of encryption algorithms [21]. Despite some associated disadvantages when used in encryption, the low-dimensional nonlinear systems are the more attractive ones that have been widely used in generating pseudorandom key streams in image cryptosystems because the high-dimensional ones require more computational power, time and resources. Their discreteness, simple structure, less arithmetic operations, high output processing and relatively easier implementations in digital systems make the low-dimensional systems more attractive for particularly image cryptosystems. Consequently, approaches that enhance the efficiency of the low-dimensional systems when used in encryption is beneficial.

We examine the bifurcation diagrams of the Bernoulli shift map and the Zigzag map as pseudo-random number generators and deploy them in combination with DNA coding in a novel image encryption scheme that meets state-of-the-art standards. The chaotic systems are used to generate two separate key matrices. The key matrices and the plain image matrix are encoded into DNA sequences using logistic map based selected DNA rules. The DNA XOR algebraic operation is performed between the DNA key sequences and the DNA image sequence in an alternating pattern to achieve a high level of diffusion. The diffused image is then decoded to produce the cipher image. Our system specifically aims at using one round of the diffusion process to achieve robust encryption that meets modern imaging security standards. The rest of the paper is organized as follows: In Sect. 2, we give overviews of the chaos maps and DNA computing. We introduce our proposed scheme in Sect. 3, discuss experimentation and results in Sect. 4 and finally conclude in Sect. 5.

2 Preliminaries

Brief overviews of the chaos maps (Bernoulli shift map, zigzag map, logistic map) and DNA coding are presented in this section. We adopt the analysis reported in [13] for the Bernoulli shift map and the zigzag map.

2.1 Bernoulli Shift Map

A dyadic transformation \(dt:\left[ {0,1} \right) \rightarrow {\left[ {0,1} \right) ^\infty }\)   \(v \mapsto \left( {{v_0},{v_2},\ldots } \right)\) which is produced by \({v_0} = v\)    \(\forall i \ge 0, \quad {v_{i + 1}} = \left( {2{v_i}} \right) \bmod 1.\) gives an example of how simple 1-dimensional maps could result in chaotic behaviours.

The Bernoulli shift map is defined by two linear functions as:

$$\begin{aligned} {v_{i + 1}} = \left\{ {\begin{array}{*{20}{l}} {\mu {v_i} - r, \quad if \quad {v_i} \ge 0} \\ {\mu {v_i} + r, \quad if \quad {v_i} < 0} \end{array}} \right. \end{aligned}$$
(1)

Equation (1) could be rewritten as

$$\begin{aligned} {v_{i + 1}} = \mu {v_i} - r \quad sign({v_i}) \end{aligned}$$
(2)

where \({v_0}\) is the initial condition, \(\mu\) is the control parameter of the stochastic properties of the chaotic system and \(r\) is a scale factor which increases or decreases the product \(\mu {v_i}\) and limits the output values within the range \(\left[ { - r,r} \right]\).

Figure 1 is the bifurcation diagram for the bernoulli shift map for \(r=1\). It can be seen from the diagram that when \(\mu \in \left[ {0,1} \right)\) there is an oscillation between two fixed points. When \(\mu = 1\) it is unstable and when \(\mu \in \left( {1,1.4} \right]\), there is a nonuniform distribution in the output values of the system. The distribution improves when \(\mu\) approaches \(1.4\) and eventually when \(\mu \in \left[ {1.4,2} \right)\), the greatest dispersion in the output values is produced. It is clear from the figure that for \(\mu \in \left[ {1.4,2} \right)\), the output values cover the entire range of \(\left[ { - 1,1} \right]\). For \(\mu \ge 2\), the system is unstable and its output tends to infinity for large \(i\) values [13].

Obviously, when we take \({v_0}\) values within \(\left[ {0.5,1} \right)\) and \(\mu\) values within \(\left( {1.5,2} \right)\) we get a significant chaotic distribution for our encryption scheme.

Fig. 1
figure 1

Bifurcation diagram of the Bernoulli shift map

Full size image

2.2 Zigzag Map

The zigzag map is mathematically expressed as:

$$\begin{aligned} {x_i} = \left\{ {\begin{array}{ll} { - \omega \left( {{x_i} + \frac{2}{{\left| \omega \right| }}} \right) , \quad for \quad {x_i} \in \left( { - 1, - \frac{1}{{\left| \omega \right| }}} \right] ,} \\ {\omega {x_i}, \,\,\;\qquad \quad \quad for\quad {x_i} \in \left( { - \frac{1}{{\left| \omega \right| }},\frac{1}{{\left| \omega \right| }}} \right] ,} \\ { - \omega \left( {{x_i} - \frac{2}{{\left| \omega \right| }}} \right) , \quad for \quad {x_i} \in \left( {\frac{1}{{\left| \omega \right| }},1} \right] } \end{array}} \right. \end{aligned}$$
(3)

where \({x_0}\) is the initial condition and \(\omega\) is the control parameter. Figure 2 is the bifurcation diagram for the zigzag map. As shown in the diagram, when \({{\left| \omega \right| }}< 1\), the system’s behaviour is not chaotic but when \(\omega \in \left( {2,1} \right) ,\left( {1,2} \right) ,\left[ {3,2} \right)\) and \(\left( {2,3} \right]\) the system’s behaviour is chaotic.

In our proposed system, we take \(\omega \in \left( {2,3} \right]\).

Fig. 2
figure 2

Bifurcation diagram of the Zigzag map

Full size image

2.3 Logistic Map

The logistic map is a polynomial mapping of degree 2. Often, it is cited as a typical example of how very simple non-linear dynamical systems can result in complex chaotic behaviours [6]. It is one of the simple systems that exhibit order to chaos transition and have many features required of a pseudorandom number generator (PRNG) [25]. For the largest value of its control parameter, the logistic map has the ability to generate an infinite chaotic sequence of numbers. When compared to the usual congruential random generators which are periodic, the logistic random number generator is infinite, aperiodic and not correlated [3].

It is mathematically given as:

$$\begin{aligned} {y_{i + 1}} = \tau {y_i}\left( {1 - {y_i}} \right) \end{aligned}$$
(4)

where the control parameter \(\tau \in \left( {0,4} \right)\), the initial condition \({y_0} \in \left( {0,1} \right)\) and \(i\) is the iteration. The logistic map is in a chaotic condition when the control parameter is [3.57, 4.0]. In our scheme, we use the logistic map to select the DNA encoding and decoding rules due to its high speed. The bifurcation diagram of the logistic map is shown in Fig. 3

Fig. 3
figure 3

Bifurcation diagram of the logistic map

Full size image

2.4 DNA Computing

In recent years, DNA sequence has become extremely useful for basic biological research, and in diverse applied fields such as diagnostic, forensics, biological systematics [10] and information security. The properties of DNA such as huge storage, massive parallelism, big information density and low power consumption [36] have made them attractive candidates for encryption schemes. DNA sequence is made up of four bases: Adenine (A), Thymine (T), Guanine (G) and Cytosine (C). Among these bases, A and T are complementary to each other while G and C are complementary to each other [26]. That is, the purine Adenine always pairs with the pyrimidine Thymine and the purine Guanine always pairs with the pyrimidine Cytosine, according to the rules of base pairing by Watson and Crick [34] as shown in Table 1.

Table 1 Watson crick’s complementary rule
Full size table

In the binary system, 0 and 1 are complementary, 00 and 11 are complementary while 01 and 10 are also complementary. Mapping the two-bit binary system to the DNA bases, 24 rule sets can be obtained [26]. Among these 24 rules, only 8 satisfy the Watson-Crick base pairing rules. A can only bond with T and C can only bond with G. Based on this, DNA-based computing uses only 8 sets of encoding and decoding rules [28] as shown in Table 2.

Table 2 DNA encoding and decoding rules
Full size table

Addition, subtraction and XOR algebraic operations can be performed on DNA sequences. These DNA algebraic operations are employed to enhance the diffusion phase in encryption. Table 3 shows the XOR operation which is used in our proposed system.

Table 3 DNA XOR operation
Full size table

Using the DNA coding, each 8-bit pixel of a gray scale image can be expressed as a DNA sequence of length 4. Taking a pixel of gray level 25 for instance, its 8-bit binary sequence is (00011001). Using DNA encoding rule 6 from Table 2, (GTAT) is obtained. Decoding (GTAT) with the same rule 6 gives (00011001). Any other rule used to decode (GTAT) will give a different binary value. For instance using rule 8 to decode (GTAT) gives us (01001100) which is 76 in decimal. This obviously changes pixel values to bring about obscurity in the cipher image. Taking two DNA sequences (ATTC) and (GAGT), performing the XOR operation on them results in (GTCG), performing the same XOR operation on (GTCG) and (GAGT) gives back (ATTC) and the same operation on (GTCG)and (ATTC) gives back (GAGT). These reversible operations make it possible to reverse the diffusion operation in encryption.

3 Proposed Scheme

Our proposed scheme uses two chaos maps to generate two different key matrices and DNA algebraic XOR operation for diffusion. The user inputs the plain medical image, a 16-character ASCII string and the initial condition and control parameter of the logistic map. An MD5 hash value of 128 bits is obtained from the plain image matrix and used to generate the initial condition and control parameter of the zigzag map, which is used to produce one of the key matrices. The last two characters of the hash value are used to replace the first two and last two characters of the ASCII string to obtain a new string. This is done to ensure that, slight changes in pixels of the plain image will result in significant changes in the cipher image. The new string is used to generate the initial condition and control parameter of the Bernoulli shift map, which is used to produce the other key matrix.

Following the approach proposed in [32], to select DNA encoding and decoding rules for both plain and key images, the logistic map (Eq. 4) is iterated a number of times corresponding to the number of rows in the image matrix. At every iteration, one DNA coding rule (out of the 8 as in Table 2) which corresponds to the \(y\) value at that iteration level is selected. The selected rule is then used to encode all pixels on that row. This continues until all rows in the image are covered. After both key matrices and the plain image matrix are encoded into DNA sequences a diffusion operation using the DNA XOR operation is carried out. The diffusion is done by an alternating application of the two keys on row basis. The diffused image is then decoded (also randomly on row basis just as in the encoding phase ) to produce the cipher image. The reverse of the encryption process decrypts the image into its plain form. The block diagram of the proposed scheme is shown in Fig. 4.

Fig. 4
figure 4

Block diagram of proposed scheme

Full size image

3.1 Encryption

3.1.1 Key One Generation

Step 1 :

Get the matrix of the plain image \(I\) and its dimensions \(M\) and \(N\)

Step 2 :

Get the number of rows \(L\) for the key image

$$\begin{aligned} L = \frac{1}{2} \times M \end{aligned}$$
(5)
Step 3 :

Perform a message digest algorithm 5 function on \(I\) to obtain a 128 bit hash value (32 character hexadecimal string)

$$\begin{aligned} H = {h_1},{h_2},{h_3},\ldots ,{h_{32}} \end{aligned}$$
(6)
Step 4 :

Convert the hexadecimal characters \(H\) into their binary digit representations to obtain the 128-bit stream

$$\begin{aligned} {B} = {b_1},{b_2},{b_3},\ldots ,{b_{128}} \end{aligned}$$
(7)
Step 5 :

Take the first 96 bits of \(B\) and put them into 4 blocks \({q_1},{q_2},{q_3},{q_4}\) of 24 bits each and perform the following operations:

$$\begin{aligned} {q_n} = \sum \limits _{i = 1}^{24} {\left( {{b_i} \times {2^i}} \right) } \end{aligned}$$
(8)

where \(n = \left\{ {1,2,3,4} \right\}\)

$$\begin{aligned} {q_5} = \left( {\left( {({q _1} \oplus {q _2}) \oplus {q _3}} \right) \oplus {q _4}} \right) \end{aligned}$$
(9)
Step 6 :

Using \({q_5}\) derive the initial value \({x_0}\) of the zigzag map as

$$\begin{aligned} {x_0} = 0.50001 + \bmod \left( {\left( {{{{q_5}} {\big / } {{2^{32}}}}} \right) ,1} \right) \end{aligned}$$
(10)
Step 7 :

Use the last 32 bits of \(B\) (i.e. \({b_{97}},\ldots ,{b_{128}}\)) to obtain the control parameter \(\omega\) of the zigzag map as

$$\begin{aligned} {q_6}= & {} \sum \limits _{i = 1}^{32} {\left( {{b_i} \times {2^i}} \right) } \end{aligned}$$
(11)
$$\begin{aligned} \omega= & {} 2.009 + \left( {\bmod \left( {{q_6},2} \right) } \right) \end{aligned}$$
(12)
Step 8 :

Iterate Eq. (3) \(LN\) times using \({x_0}\) and \(\omega\) to generate the chaos sequence \(X\) where \(L\) is half the height (i.e. number of rows) and \(N\) the width (i.e. number of columns) of the plain image.

Step 9 :

Convert the chaotic sequence

$$\begin{aligned} X = \left\{ {{x_1},{x_2},{x_3},\ldots ,{x_{LN}}} \right\} \end{aligned}$$

into integer sequence to produce the key image

$$\begin{aligned} K = \left\{ {{k_1},{k_2},{k_3},\ldots ,{k_{LN}}} \right\} \end{aligned}$$

as

$$\begin{aligned} {k_i} = \bmod \left( {floor\left( {{x_i} \times {{10}^{14}}} \right) ,256} \right) \end{aligned}$$
(13)

where \({k_i}\) is a pixel and \({k_i}\in K\)

3.1.2 Key Two Generation

Step 1 :

Input 16 character ASCII string

$$\begin{aligned} A = {a_1},{a_2},{a_3},\ldots ,{a_{16}} \end{aligned}$$
(14)
Step 2 :

Take the last two hexadecimal characters in \(H\) as in Sect. 3.1.1 (i.e. \({h_{31}},{h_{32}} \in H\)) and use it to substitute the first and last two characters of \(A\)

$$\begin{aligned} {A'} = {h_{31}},{h_{32}},{a_3},\ldots ,{a_{14},{h_{31}},{h_{32}}} \end{aligned}$$
(15)

For the purposes of convenience, we rewrite \({A'}\) as

$$\begin{aligned} G = {g_1},{g_2},{g_3},\ldots ,{g_{16}} \end{aligned}$$
(16)
Step 3 :

Convert the first 4 characters (i.e. \({g_1},\ldots ,{g_4}\)) of \(G\) into their hexadecimal form

$$\begin{aligned} Z = {z_1},{z_2},\ldots ,{z_8} \end{aligned}$$
(17)
Step 4 :

Add the hexadecimal values as

$$\begin{aligned} {\alpha _1} = {{\left( {\sum \limits _{i = 1}^8 {{{\left( {{z_i}} \right) }_{10}}} } \right) } {\Bigg / } {128}} \end{aligned}$$
(18)
Step 5 :

Convert the 5th to 8th characters (i.e. \({g_3},\ldots ,{g_8}\)) of \(G\) into their 8-bit binary values to obtain \({\beta _1}\)

$$\begin{aligned} {\beta _1} = {d_1},{d_2},\ldots ,{d_{32}} \end{aligned}$$
(19)
Step 6 :

Add the elements in \({\beta _1}\) as

$$\begin{aligned} {\alpha _2} = {{\left( {\sum \limits _{i = 1}^{32} {\left( {{d_i} \times {2^i}} \right) } } \right) } {\Bigg / } {{2^{32}}}} \end{aligned}$$
(20)
Step 7 :

Calculate the initial condition of the Bernoulli shift map as

$$\begin{aligned} {v_0} = \bmod \left( {\left( {{\alpha _1} + {\alpha _2}} \right) ,1} \right) \end{aligned}$$
(21)
Step 8 :

Convert the last 8 characters (i.e. \({g_9},\ldots ,{g_{16}}\)) of \(G\) into their binary values to obtain

$$\begin{aligned} {\beta _2} = {e_1},{e_2},\ldots ,{e_{64}} \end{aligned}$$
(22)
Step 9 :

Put \({\beta _2}\) into two blocks of 32 bits each and obtain \({\alpha _3}\) and \({\alpha _4}\) as follows:

$$\begin{aligned} {\alpha _n} = {{\left( {\sum \limits _{i = 1}^{32} {\left( {{e_i} \times {2^i}} \right) } } \right) } {\Bigg / } {{2^{32}}}} + 1 \end{aligned}$$
(23)

where \(n = \left\{ {3,4} \right\}\)

Step 10 :

Obtain the control parameter of the Bernoulli shift map as

$$\begin{aligned} \mu = 1.5 + \bmod \left( {{\alpha _3} + {\alpha _4},1} \right) \times 0.01 \end{aligned}$$
(24)
Step 11 :

Iterate Eq. (1) \(LN\) times using \({v_0}\) and \(\mu\) to generate the chaos sequence \(S\)

Step 12 :

Convert sequence \(S = \left\{ {{s_1},{s_2},{s_3},\ldots ,{s_{LN}}} \right\}\) into integer sequence to produce the key image

$$\begin{aligned} P = \left\{ {{p_1},{p_2},{p_3},\ldots ,{p_{LN}}} \right\} \end{aligned}$$

as

$$\begin{aligned} {p_i} = \bmod \left( {floor\left( {{s_i} \times {{10}^{14}}} \right) ,256} \right) \end{aligned}$$
(25)

where \({p_i}\) is a pixel and \({p_i}\in P\)

3.1.3 Diffusion

Step 1 :

Read in the plain image \(I\)

Step 2 :

Get the dimensions \(M\) and \(N\) of \(I\) and generate the key matrices \(K\) and \(P\) as in Sects. 3.1.1 and 3.1.2

Step 3 :

Using the initial condition \({y_0}\) and parameter \(\tau\) iterate Eq. (4) \(M\) times where \(M\) is the number of rows of the image

Step 4 :

For each iteration, preprocess \(y\) as

$$\begin{aligned} y = floor\left( {y \times 7} \right) + 1 \end{aligned}$$
(26)
Step 5 :

Choose the DNA encoding rule based on the new value of \(y\) and encode the pixels on the row with the selected rule to obtain the DNA sequence of the pixels on the row

Step 6 :

Repeat step 5 for each member of \(M\) (i.e. each row) to get the DNA sequence \({{I_\delta }}'\) of \(I\)

Step 7 :

Repeat steps 3 to 6 \(L\) times each for \(K\) (i.e. key matrix one) and \(P\) (i.e. key matrix two) to get the DNA sequence \({K_{\delta }}\) of \(K\) and \({P_{\delta }}\) of \(P\) respectively

Step 8 :

Perform the DNA algebraic XOR operation between the rows in \({{I_\delta }}'\) and their corresponding rows in \({K_{\delta }}\) and \({P_{\delta }}\) in an alternating manner as illustrated in the block diagram (i.e. Fig. 4) to get \({Q_{\delta }}\) as

$$\begin{aligned} {Q_\delta } = {I_\delta } \oplus \left\{ {{K_\delta } \cup {P_\delta }} \right\} \end{aligned}$$
(27)
Step 9 :

Repeat steps 4 to 6 to select DNA decoding rules and decode \({Q_{\delta }}\) to get the cipher image \(Q\).

3.2 Decryption

The reverse operation of the encryption process decrypts the cipher image to its exact original form. With the decryption process, the cipher image, the 16-bit ASCII string, the MD5 hash value of 128 bits represented by 32-hexadecimal string, the initial condition and control parameter of the logistic map are taken as inputs. The two key matrices are generated following the steps in 3.1.1 and 3.1.2. The reverse of steps used during the diffusion process as in 3.1.3 are followed to reverse the diffusion to obtain the deciphered image.

4 Experimentation and Results

4.1 Experimental Setting

We experiment our proposed scheme on a personal computer with intel core i5, 2.6GHz CPU, 4GB memory, windows 10 and MATLAB 2016b. We use a number of gray scale images (of bit depth 8) of different imaging modalities and sizes in the experiment. Images with dimensions (\(256 \times 256\)) and (\(512 \times 512\)) are presented in this paper. An external ASCII string \(K=\,'zz8dEg5fHYJZYD9Q'\) is used for all the test images and initial condition \(y_0 = 0.667\) and control parameter \(\tau = 3.999\) are used to control the logistic map. Statistical, differential and key analyses are carried out to assess the security strength of the proposed scheme.

4.2 Statistical Analysis

We carry out statistical analyses to verify the robustness of the proposed scheme. This is done by histogram analysis, correlation analysis and entropy analysis of both plain and cipher images. Shannon [30] indicated the possibility of security breaches on many kinds of encryption schemes through statistical analysis on the correlation of adjacent pixels and their histograms.

4.2.1 Histogram Analysis

An efficient image encryption should produce a uniform histogram distribution of the cipher image in order to make it impossible for attackers to extract any meaningful information from it. This is because the image histogram reveals the pixel value distribution within the image. Results of four of our test images are shown in Fig. 5. It is evident from the figure that the proposed scheme distributes pixels in the cipher image uniformly and as such, is robust against statistical attacks.

Fig. 5
figure 5

Histograms of plain and cipher medical images; CT and MRI (256 \(\times\) 256), ultrasound and X-ray (512 \(\times\) 512)

Full size image

4.2.2 Correlation Analysis

The correlation coefficients of adjacent pixels of an image give information about the content of the image. In images, the horizontal, vertical and diagonal correlations between adjacent pixels are very high. To resist statistical attacks, cipher images must reduce or totally break these relationships among the adjacent pixels. The correlation coefficients among adjacent pixels is calculated with Eqs. (28), (29), (30) and (31) [9].

$$\begin{aligned} E\left( x \right)= & {} \frac{1}{N}\sum \limits _{i = 1}^N {{x_i}} \end{aligned}$$
(28)
$$\begin{aligned} D\left( x \right)= & {} \frac{1}{N}{\sum \limits _{i = 1}^N {\left( {{x_i} - E\left( x \right) } \right) } ^2} \end{aligned}$$
(29)
$$\begin{aligned} {\mathrm{cov}} \left( {x,y} \right)= & {} \frac{1}{N}\sum \limits _{i = 1}^N {\left( {{x_i} - E\left( x \right) } \right) \left( {{y_i} - E\left( y \right) } \right) } \end{aligned}$$
(30)
$$\begin{aligned} {r_{xy}}= & {} \frac{{{\mathrm{cov}} \left( {x,y} \right) }}{{\sqrt{D\left( x \right) \times \sqrt{D\left( y \right) } } }} \end{aligned}$$
(31)

where \(x\) and \(y\) are the gray scale values of two adjacent pixels of the image, \(D\left( x \right)\) is the variance, \({\mathrm{cov}} \left( {x,y} \right)\) is the covariance and \(E\left( x \right)\) is the mean. We randomly selected \(2000\) pairs of adjacent pixels from both original and encrypted images and calculated their horizontal, vertical and diagonal correlation coefficients. Figure 6 shows the correlation coefficient distributions of plain and cipher CT scan and ultrasound images. It is evident from the figure that the proposed scheme sufficiently breaks the correlation among adjacent pixels; hence can resist statistical attacks. Table 4 gives the values of the correlation analysis.

Fig. 6
figure 6

Correlation analysis of: a CT scan (256 \(\times\) 256) and b ultrasound (512 \(\times\) 512) images

Full size image
Table 4 Correlation analysis results
Full size table

4.2.3 Information Entropy

Information entropy is a mathematical property that reflects the randomness and the unpredictability of information [30]. It is given as

$$\begin{aligned} H\left( m \right) = \sum \limits _{i = 0}^{{2^N} - 1} {p\left( {{m_i}} \right) } \log \frac{1}{{p\left( {{m_i}} \right) }} \end{aligned}$$
(32)

where \(N\) is the total number of symbols \({m_i} \in m\); \(p\left( {{m_i}} \right)\) denotes the probability of occurrence of symbol \({m_i}\) and \(log\) represents the base \(2\) logarithm. It measures the randomness of the encryption. If there are 256 possible outcomes of the 8-bit message \(m\) with equal probability, the message origin is said to be random in which case \(H\left( {m} \right)\) is equal to 8, the ideal condition. In Table 5, we show the entropy values of plain and cipher images using our scheme. It is clear from the table that our results are very close to the ideal condition. This is evident that there is negligible information leakage during encryption; hence our scheme has strong resistance against entropy attacks.

Table 5 Information entropy and contrast analysis
Full size table

4.3 Contrast Analysis

The difference of brightness between light and dark parts in an image is referred to as the contrast of the image. It is interpreted visually as the spread of the brightness histogram of the image. The contrast is given as [33]

$$\begin{aligned} C = \sum \limits _{i,j} {{{\left| {i - j} \right| }^2}g\left( {i,j} \right) } \end{aligned}$$
(33)

where \(g\left( {i,j} \right)\) is the number of gray-level co-occurrence matrices. In Table 5, we show the results of our contrast analysis on the test images.

4.4 Differential Analysis

Sensitivity of cipher images to slight changes in plain images is one way to measure the resistance of image encryption algorithms to differential cryptanalysis. The two metrics used are the Number of Pixel Change Rate (NPCR) and Unified Average Changing Intensity (UACI) which are defined as

$$\begin{aligned} NPCR = \frac{1}{{W \times H}}\left( {\sum \limits _{i,j} {D\left( {i,j} \right) } } \right) \times 100\% \end{aligned}$$
(34)

and

$$\begin{aligned} UACI = \frac{1}{{W \times H}}\left( {\sum \limits _{i,j} {\left| {\frac{{{C_1}\left( {i,j} \right) - {C_2}\left( {i,j} \right) }}{{255}}} \right| } } \right) \times 100\% \end{aligned}$$
(35)

where \(C_1\) and \(C_2\) are two encrypted images which have one pixel difference in their corresponding plain images. \({C_2}\left( {i,j} \right)\) are their pixel values and \(W\) and \(H\) represent their widths and heights. An attacker would inverse a pixel in the plain image and observe the corresponding change in the cipher image. If the changes in the plain image do not lead to non-uniform changes in the cipher image, the differential attack fails [10,11,12]. In Table 6, we show the NPCR and UACI values of our experiment. It is clear from the table that the proposed scheme is robust against differential attacks.

Table 6 NPCR and UACI values
Full size table

4.5 Key Analysis

Key space and key sensitivity analyses are used to evaluate the key strengths of encryption algorithms.

4.5.1 Key Space

Our scheme uses an input key of 16 character ASCII string, which is made up of 128 bits and an MD5 hash value of 32 character hexadecimal string made up of 128 bits to generate the initial conditions and control parameters of the Bernoulli shift map and the zigzag map. In addition, the system takes in as input, user specified initial condition and control parameter for the logistic map. These make up the set for the key space of our scheme. The computational precision of the 64-bit double precision number is about \({10^{ - 15}}\), according to the IEEE floating-point standard [35]. For an effective encryption scheme, the key space size should not be smaller than \({2^{100}}\) in order to resist brute-force attacks [2]. If a precision of \({10^{ - 16}}\) is assumed, the secret key space for our scheme is more than \({2^{256}}\) which is adequate to resist brute-force attacks.

4.5.2 Key Sensitivity

Key sensitivity ensures that partial guesses of the key aimed at decrypting the cipher image is unsuccessful. With the incorrect keys, the guessed key should not provide any pattern of information in the wrongly decrypted image. In other words, if two different keys are used to encrypt the same plain image, the resulting cipher images must be different. Based on this, we made slight changes in the seed key from \(K=zz8dEg5fHYJZYD9Q\) to \(K=zz8FEg5fHYJZYA9Q\) and in the hash value for decrypting the same cipher image to see the effect. In Fig. 7 we show the resulting images. It is evident from the figure that if the wrong key is applied to decrypt the image, the resulting image still shows no pattern in the original image.

Fig. 7
figure 7

Key sensitivity test using CT scan: a plain image, b cipher image, c decrypted image with wrong key, d decrypted image with correct key

Full size image

4.6 Computation and Complexity Analysis

In our proposed encryption scheme, the computational cost depends on the diffusion operations needed for encryption. Our scheme uses one round of diffusion to encrypt an image. The time consuming part includes the number of floating-point operations \(\varTheta \left( {2 \times M \times {N {\big /} 2}} \right)\) used to generate the chaotic sequences in the Bernoulli shift and zigzag maps, and the DNA encoding and decoding operations. With an \(M \times N\) image size for gray scale images, the complexity for DNA coding is \(\varTheta \left( {M \times N} \right)\). Furthermore, the XOR operations between encoded image and key matrices on row basis has a complexity of \(\varTheta \left( {2 \times M \times N} \right)\).

4.7 Comparative Analysis

The performance of encryption algorithms is largely dependent on various factors including memory size, CPU structure, operating system, programming language , programming skills, e.t.c. As such, comparing algorithms using different experimentation environments might not be very accurate. Notwithstanding, we compare our scheme with some algorithms using CT scan image of size \(256 \times 256\). Table 7 gives a summary of our comparison. It is clear from the table that our algorithm meets state-of-the-art standards. This is further evident when compared to results reported in other works including [5, 12, 15]. Besides, the architecture of our scheme makes it possible to implement it using a parallel approach so as to improve performance; which is not possible with most existing methods.

Table 7 Comparative analysis
Full size table

4.8 Application to Colour Medical Images

We apply our proposed scheme to encrypt true colour medical images. With the colour images, the red, green and blue (RGB) channels are extracted and encrypted separately as gray images using the same ASCII string (as used for gray scale images) and the MD5 hash value of the colour image (full image) as initial seeds for each channel. The encrypted channels are then recomposed into the encrypted colour image. We herein summarize our experimental results using an image of dimensions \(256 \times 256\).

4.8.1 Histogram Analysis

We analyse the histograms of the full image and the three colour channels. From the graphs in Figs. 8 and 9 it is clear that, our scheme evenly distributes pixels in a true colour image, hence is robust against statistical attacks.

Fig. 8
figure 8

Histograms of plain, cipher and deciphered true colour images

Full size image
Fig. 9
figure 9

Histograms of plain and cipher RGB channels

Full size image

4.8.2 Correlation Analysis

To resist statistical attacks, cipher images must reduce or totally eliminate correlations between the adjacent pixels of the various channels of the true colour image. This eventually results in similar reduction or elimination of correlations in the true colour image. The correlation analysis results are given in Table 8. It is clear from the table that, our scheme breaks the correlation between adjacent pixels in colour images as well, thus it can resist statistical attacks.

Table 8 Correlation values of true colour image
Full size table

4.8.3 Differential Analysis

To measure the resistance of our scheme to differential cryptanalysis when applied to colour images, we made a slight change in the plain colour medical image before extracting the different channels for encryption. We then measured the NPCR and UACI of the RGB channels. The results, as given in Table 9 show that the scheme provides resistance to differential attacks when applied to colour images.

Table 9 Information entropy, NPCR and UACI
Full size table

4.8.4 Information Entropy

We test for the randomness and the unpredictability of information of cipher colour images by testing the different colour channels. As seen from Table 9, the entropies of all channels are close to \(8\), the ideal value. Hence our scheme is resistant to entropy attacks when used for colour images.

5 Conclusion

We have proposed a medical image encryption scheme based on hybrid chaotic DNA diffusion in this paper. The scheme combines multiple chaotic systems, MD5 hash function and DNA XOR algebraic operation. Two chaotic systems are first used to produce two encryption key matrices driven by an external key and a hash value of the plain image. This makes the key sequences partly dependent on the plain image, thus resulting in significant changes in cipher images when there are small changes in the plain image. The key matrices and the image matrix are encoded into DNA sequences followed by a row-by-row DNA diffusion operation in an alternating pattern of key application. The DNA encoding and decoding rules are randomly determined by a chaotic system. Experimental results have demonstrated our scheme’s robustness against various forms of attack and is comparable to state-of-the-art medical imaging security standards. Based on the architecture of our scheme, we explore its applicability in a parallel approach in the future to enhance performance.