See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/354647326

A Lightweight Image Encryption Algorithm for Secure Communications in

Multimedia Internet of Things

Article in Wireless Personal Communications · March 2022

DOI: 10.1007/s11277-021-09173-w

CITATIONS READS
10 549

2 authors, including:

Seyedakbar Mostafavi
Yazd University
47 PUBLICATIONS 359 CITATIONS

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

SDN, RYU Controller, DDoS Detection View project

Internet of Things View project

All content following this page was uploaded by Seyedakbar Mostafavi on 17 September 2021.

The user has requested enhancement of the downloaded file.

 A Lightweight Image Encryption Algorithm for
Secure Communications in Multimedia Internet of
Things

Razieh Hedayati and Seyedakbar Mostafavi*1

Department of Computer Engineering, Yazd University, Yazd, Iran
[email protected], [email protected]

Abstract - Devices in the Internet of Things (IoT) have resource constraints in terms of
energy, computing power, and memory that make them vulnerable to some security attacks. Due
to the increasing volume of multimedia content, lightweight encryption algorithms have been
developed to allow IoT nodes to communicate securely with the least computational complexity
and bandwidth usage. To adapt the low data rate of IoT devices, a lightweight data compression
algorithm for image encryption is proposed in this paper which utilizes scan-based block
compression and selective pixel encryption approach to encrypt the image data in only one round,
resulting in low computational complexity and reduced data volume. The results of the
implementing the proposed approach in IoT testbed show that, on average, the power consumption
of the devices and packet rate is decreased by 15% and 26%, respectively, compared to the existing
algorithms.

Keywords - Multimedia Internet of Things, Image Compression, Lightweight Cryptography

1- Introduction
With the increasing number of social media networks, the demand for multimedia data sharing
has significantly increased and has created a new field in the Internet of Things called Multimedia
Internet of Things. In order to provide security in this area, lightweight encryption methods have
been introduced with the aim of providing end-to-end secure communication with the least power
consumption in resource-limited devices[1],[2] Generally, multimedia encryption algorithms can
be accomplished in both full encryption and selective encryption. In complete encryption, all
information is encrypted. This method is more sophisticated, yet it provides a high level of
security[3] that has been demonstrated in studies [4],[5], [6], [7], [8], [9],[10]. Although some of
these algorithms use data loss and compression, the number of encryption rounds to achieve an
optimal level of security has increased the computational complexity of these algorithms. In the
selective encryption method, only the important parts of information are encrypted and the
encryption is designed with regard to the compression algorithms[11] that are accomplished in
the researches [12], [13], [14], [15], [16]. This encryption is accomplished by selecting n bits from

1
Corresponding author
each pixel according to various factors such as signal strength, error propagation rate, and the
degree of block importance based on the number of pixels forming the edge. In some of the above
mentioned methods, though the amount of encrypted data is reduced, only partially encrypted data
decreases the security.
In this paper, in order to reduce the complexity of the encryption algorithm, improve the
performance and increase the level of security, an idea based on the selective encryption and the
methods in [17], [18],[19] is presented. The less data is encrypted, the overall complexity of the
algorithm will be decreased. Thus, the critical image data is encrypted using the method in [17]
and the other data is encrypted using in[18],[19]. As regards, most of the introduced cryptography
algorithms have static substitution and permutation that require repeated rounds to ensure the
desired level of security, which unfortunately increases the cost of computational complexity,
in[17] an idea has been put forward to remedy these disadvantages and reduce the weight of the
algorithm. To keep the security level within an acceptable level, Scan-based permutation in
[18],[19] is used.
It is worth noting that as multimedia data requires high bandwidth, reducing the amount of
sent data will significantly improve the quality of service and increase the remaining energy of the
nodes. Hence, compression techniques can, along with encryption, improve the energy
consumption of the nodes significantly [20]. Regarding the resource constrains and in order to
improve the service quality, reduce the node power consumption, decrease the number of sent
packets and also the encryption execution time, the idea of blocking the image and considering the
correlation between the pixels in each block has been raised in this paper. The proposed solution
is implemented and evaluated by a network simulator in the wireless network context. By applying
the proposed algorithm, the results show that the energy consumption of the nodes in the network
is reduced by 15% on average and the number of sent packets is also decreased 26% compared to
the base algorithm. The proposed method not only improves the network status in terms of energy
consumption and service quality, but also reduces the time of the execution of encryption and
decryption on the node side.
The remaining sections of the paper are organized as follows. In section 2, a review of the
prior art on the image encryption techniques in IoT is presented. In section 3, the structure of
single-round lightweight encryption algorithm is explained and the proposed data reduction
mechanism is presented. In the section 4, the proposed method is implemented on a variety of
scenarios to analyze its performance in terms of execution time, number of packets transmission,
node residual energy, uniformity analysis and key sensitivity. Finally, the paper is concluded with
some insights for future work.

2- Related Work
Cryptographic algorithms are used to maintain the confidentiality and integrity of
information. Concerning the increasing use of IoT devices with limited resources, the issues of the
data management security, performance and cost in such devices are crucial. The traditional
symmetric encryptions such as AES[21] ,RC4[22], [23], Blowfish[24], or asymmetric encryptions
such as DSA[25], RSA[26] cannot be implemented on these devices because resource constraint
devices have limited processing power, energy supply, and memory size. Lightweight
cryptographic algorithms were developed to balance the requirements of low resources,
performance and robustness of cryptography.
2-1 Lightweight cryptographic algorithms
Lightweight encryption algorithms can be divided into two types of block and stream ciphers.
The block ciphers are DESL[27], HIGHT[28], TEA[29], TWINE[30], LEA[31] and
PRESENT[31]. The stream ciphers are Trivium[32] and Grain[33]. Hummingbird2 does have the
properties of both[32]. In these algorithms, there are various alternative rounds of substitution and
transposition satisfying Shannon’s confusion and diffusion properties which ensure that the cipher
text is changed in a pseudo random way. The required execution time of these ciphers is 𝑟 times
the round function execution time and the required resources are also multiplied by 𝑟. The authors
in [17] present a new methodology to reduce 𝑟 to 1 to form a dynamic key-dependent lightweight
round function which efficiently satisfy the security requirements.
2-2 Data rate reduction techniques in IoT
Since the bandwidth for IoT-based systems is usually low because of the small packet size, it
is impossible to use this bandwidth for multimedia data with the large increase in the generation
of digital image data. Therefore, with increasing demand for this type of data, there has been a
correspondingly large increase in research activity in the field of image compression. The purpose
of the image compression is to decrease the redundancy and irrelevance of the image data in an
effective form [36]. Compression techniques aim to reduce image file size, retain quality in
retrieval of compressed images and hence decreases the time of traffic transmission through the
network and increases the transmission rate [37].
Three types of information are carried in each image: redundant, irrelevant, and useful.
Redundant information is the deterministic part of the information which can be reproduced
without loss from other information contained in the image. Irrelevant information is the part of
information that has enormous details which are beyond the limit of perceptual significance (i.e.,
psych visual redundancy). Useful information, on the other hand, is the part of information which
is neither redundant nor irrelevant. What makes image compression different is that these
techniques exploit the unique nature of the image and the observer. Therefore, their fidelities are
subject to the capabilities and limitations of the human visual system [37]. A typical method for
the vast majority of the images is that the neighboring pixels are correspondents and thusly contain
excess data which is considered in this paper [38]. Compression techniques are categorized into
two methods: lossless and lossy. In lossy compression, some information that is not visually or
audibly important will lose, while in lossless compression all information remains the same as the
original format [20].
To improve the quality of service, reduce the power consumption of the node and the number
of sent packets, as well as reduce the time of encryption, the idea of lossless compression as
blocking the image and considering the correlation of pixels in each block and also selective
encryption is presented in this paper. The proposed solution is implemented and evaluated by a
network simulator in the wireless network context. By applying the proposed algorithm, the service
quality parameters at the network level are significantly improved.
 3- The proposed lightweight encryption algorithm
The design goals of our proposed encryption algorithm are (1) to reduce the encryption
complexity by focusing on significant image pixels, and (2) to improve the performance of data
communication by reducing the data needed to be exchanged between the nodes while keeping the
media security in an acceptable level. The main contributions of this paper are as follows: (1) A
combined lightweight image encryption algorithm is proposed that encrypts the significant and
insignificant pixels of an image with different algorithms to reduce the computational complexity.
(2) A method is designed to extract the significant parts of an image and reduce the transmitted
data by the correlation of the insignificant data with the significant ones. (3) Extensive
performance evaluation is conducted by simulating several scenarios in NS2 and analyzing
performance metrics such as time complexity, consumed energy, error propagation rate, encrypted
image uniformity, and key sensitivity.
The proposed method is an extension to work [17] which is used to design the first phase of
encryption algorithm. In the following section, we will first provide a sketch of the proposed image
encryption method. Then, the details of the proposed approach are presented in the following
subsections. An overview of the image encryption process is shown in Figure 1 which is performed
in the transmitter and receiver nodes after key sharing.

Figure 1- The image encryption workflow

The symbols and notations used throughout the paper are shown in Table 1.
Table 1- Notations
 Notation Description
SK Secret key – 64 bytes
No Nonce
DK Dynamic key – 64 bytes
KS1 , KS2 Dynamic substitution sub-key used to construct random
matrix – 16 bytes
KRM Matrix dynamic sub-key used to create RM1 and RM2
KP Permutation sub-key used to create π – 16 bytes
S1,S2 Substitution table
S1-1 , S2-1 Inverse Substitution table
π Dynamic permutation table
RM , RM1 , RM2 Dynamic random matrix
c,r,p Column number, row number and plane number
Blocks Block No. in image
bsize Block size
B[i] ith block
th
P[i][j] j pixel in B[i]
C[i] Selected pixel in B[i]
α The number of sub-matrices
h×h Size of each sub-matrices
xi Original plain sub-matrix at the ith index
yi The corresponding permuted sub-matrix of xi
cxi The corresponding encrypted sub-matrix of xi
cyi The corresponding encrypted sub-matrix of yi
X[i] ith sub-matrices
BR[i] Bit range of B[i] block
D[i][j] Substraction of pixels P[i][j] and selected pixels C[i]

In the key generation step, a dynamic secret key, consisting of 4 segments, is initially provided
for different parts of the algorithm to produce two substitution tables including a permutation table
and random matrices as well as to delete specific patterns and randomize the encrypted data. The
image is then block-sorted and a minimum pixel is selected from each block and encrypted using
the proposed algorithm for significant block encryption. The other pixels in each block are then
permutated using random shapers, then compressed and merged with the random matrices created
in the key generation section. Finally, the encrypted image is ready to transmit. The decryption
process on the receiving node is the reverse of this process.
3-1 Key generation
In order to encrypt the images in the proposed method, the encryption keys are generated in a
similar way described in [17]. For this purpose, a common secret key called 𝑆𝐾 and 4 sub-keys
are generated which are used for different parts of the cryptography. The method for producing
sub-keys is shown in Figure 2. The 𝑆𝐾 is a secret key that is shared between the parties after
authentication and is changed over a period of time to increase security.
To generate the desired 4 sub-keys, the 𝑆𝐾 key is first XORed with a random value called
Nonce. The result of XOR produces a hash and dynamic DK key. In this method, the SHA-5121

1
- Secure Hash Algorithm 512
hash algorithm has been used for the sake of its collision resistance and randomness feature. The
𝐷𝐾 key length is 64 bytes, divided into four 16-byte sub-keys, each used for one part of the
encryption. The two sub-keys 𝐾𝑆1 and 𝐾𝑆2 which are used to build the substitution tables are
composed of the first and second 16 bytes of the 𝐷𝐾 key. The third 16 bytes as 𝐾𝑅𝑀 (matrix key)
and the last 16 bytes as 𝐾𝑝 sub-key are used respectively to generate the permutation table[17].

Figure 2. Generating sub-keys using a common secret key [16]

.
3-2 Creating substitution and permutation tables
Substitution operations are used to ensure the confusion. The two substitution tables 𝑆1 and
𝑆2 are created using 𝐾𝑆1 and 𝐾𝑆2 keys, respectively, using the KSA1 algorithm which is described
in Algorithm 1.

Algorithm 1 Construct substitutions table S1 and S2

1: procedure RC4_KSA(KS1 , KS2)
2: for 𝑖 ← 0 to 255 do
3: 𝑆1 ← 𝑖
4: 𝑆2 ← 𝑖
5: 𝑗←0
6: 𝑗′ ← 0
7: for 𝑖 ← 0 to 255 do
8: 𝑗 ← (𝑗 + 𝑆1 [𝑗] + 𝐾𝑆1 [𝑗 𝑚𝑜𝑑 16]) 𝑚𝑜𝑑 256
9: swap(𝑆1 [𝑖] , 𝑆1 [𝑗])
10: 𝑗 ← (𝑗 ′ + 𝑆2 [𝑗 ′ ] + 𝐾𝑆1 [𝑗 ′ 𝑚𝑜𝑑 16]) 𝑚𝑜𝑑 256
′

11: swap(𝑆2 [𝑖] , 𝑆2 [𝑗 ′ ])

12: return 𝑆1 , 𝑆2
13: end procedure

In paper [10], the permutation table π is generated using 𝐾𝑃 key to randomize the sequential
order of the encryption and the decryption of the existing sub-matrices. The method of generating

1
- Key Scheduling Algorithm
π tables is the same as the method used to generate substitution tables. However, in order to reduce
the complexity of hardware implementation, a small altering is applied, which is presented in
Algorithm 2.
Algorithm 2 construct π table
1: procedure generate_Pbox(KP)
2: for 𝑖 ← 0 to α do
3: 𝜋[𝑖] ← 𝑖
4: 𝑗←0
5: for 𝑖 ← 0 to α do
6: 𝑗 ← (𝑗 + 𝜋[𝑗] + 𝐾𝑃 [𝑗 𝑚𝑜𝑑 16]) 𝑚𝑜𝑑 256)
7: swap(𝜋[𝑖] , 𝜋[𝑗])
8: return 𝜋
9: end procedure

3-3 Generation of random matrices

Random and dynamic matrices called 𝑅𝑀1 and 𝑅𝑀2 are used to eliminate specific patterns
and to randomize the encrypted data. Using the KSA and PRGA1 algorithms, a 2ℎ2 byte length is
generated called RM, and its primary ℎ2 bytes are considered as RM1 and the next ℎ2 bytes are
considered as RM2. The method of producing these two matrices is described in Algorithm 3 [17].
Algorithm 3 construct RM1 , RM2
1: procedure generate_RM(h,KRM)
2: for 𝑖 ← 0 to 256 do
3: 𝑅𝑀′ [𝑖] ← 𝑖
4: 𝑗←0
5: for 𝑖 ← 0 to 256 do
6: 𝑗 ← (𝑗 + 𝑅𝑀′ [𝑗] + 𝐾𝑅𝑀 [𝑗 𝑚𝑜𝑑 16]) 𝑚𝑜𝑑 256)
7: swap(𝑅𝑀′ [𝑖] , 𝑅𝑀′ [𝑗])
8: 𝑖←0
9: 𝑗←0
10: for 𝑎 ← 0 to 2×h do
11: 𝑖 ← (𝑖 + 1) 𝑚𝑜𝑑 256)
12: 𝑗 ← (𝑗 + 𝑅𝑀′ [𝑖] ) 𝑚𝑜𝑑 256
13: Swap(𝑅𝑀′ [𝑖]. 𝑅𝑀′ [𝑗])
14: 𝑅𝑀[𝑎] ← (𝑅𝑀′ [(𝑅𝑀′ [i] + 𝑅𝑀′ [j])]𝑚𝑜𝑑 256]
15: 𝑅𝑀1 ← RM[0: h]
16: 𝑅𝑀2 ← RM[h: 2h]
17: return 𝑅𝑀1 , 𝑅𝑀2
18: end procedure

3-4 Images blocking

1
- Pseudo-Random Generation Algorithm
 For the purpose of encryption, each image is subdivided into a number of blocks over which
the proposed method is applied. Each image is divided into the same-sized blocks. In the proposed
method, only a certain pixel of each block is encrypted using significant block encryption
algorithm. These selected pixels have the minimum value among the other pixels of a block. The
selected pixels can be used to produce a smaller size, lower quality image. Therefore, even without
sending other pixels, the receiver will obtain an overall schema of the image after receiving this
data. Figure 3 shows a sample image subdivided into 4 × 4 blocks and selected pixels.

Figure 3- Determining the selected pixel and differences in the sample image

3-5 Significant pixel encryption algorithm

In this paper, we will propose that the most significant pixels of each block should be
encrypted using a highly-efficient algorithm. This is a symmetric encryption algorithm with only
one round in which the selected pixels are subdivided into sub-matrices that are in turn encrypted
or decrypted. In the following section, the details of the encryption algorithm and how to produce
sub-matrices, as well as how to encrypt and decrypt blocks are described.
3-5-1 Sub-matrices Production
The selected pixels are subdivided into 𝛼 submatrices, each of which are ℎ2 .The value of ℎ
can be one of the values 4, 8, 16 or 32 that is considered in the proposed method to be 16, although
this value will not affect the operation process. If the number of colored channels is shown by
channels (in this case, the value of channels is 3), the value of α is calculated by equation (1).

𝑏𝑙𝑜𝑐𝑘𝑠 × 𝑐ℎ𝑎𝑛𝑛𝑒𝑙𝑠 (1)

𝛼=
ℎ ×ℎ
If the selected number of pixels is not a multiple of h, the layering operation will be performed
to set the last submatrix (X [α]) correctly. In Algorithm 4, X[i][j] is the jth byte of the ith submatrix
Algorithm 4 Construct sub-matrices
1: procedure generate_submatrices(blocks,α,h,C)
2: 𝑐𝑜𝑢𝑛𝑡𝑒𝑟 ← 0
3: for 𝑖 ← 0 to α do
4: for 𝑗 ← 0 to h do
5: If counter > blocks then
6: 𝑋[𝑖][𝑗] ← 0
7: else
8: 𝑋[𝑖][𝑗] ← 𝐶[𝑐𝑜𝑢𝑛𝑡𝑒𝑟]
9: 𝑐𝑜𝑢𝑛𝑡𝑒𝑟 ← 𝑐𝑜𝑢𝑛𝑡𝑒𝑟 + 1
10: return X
11: end procedure
3-5-2 Encryption process
The significant block encryption algorithm schema is shown in Figure 4. For the encryption
of matrix 𝑋[𝑖], another matrix 𝑋[𝑗] is selected to be used in the significant block encryption
process. The permutation table 𝜋 is used to select this sub-matrix and the value 𝑗 is set to 𝜋[𝑖].
Next, the two functions 𝑓 and 𝑔, which are created according to the following pattern, are executed
simultaneously. The sub-matrices 𝑋[𝑖] and 𝑋[𝑗] represent the output of the two functions 𝑓 and
𝑔[16]. The whole encryption process is described in Algorithm 5.
𝑓(𝑥. 𝑦) = 𝑆2 [𝑆1 [𝑥]⨁𝑅𝑀1 ⨁𝑦] (2)
𝑔(𝑦) = 𝑆1 [𝑆2 [𝑦]⨁𝑅𝑀1 ⨁𝑅𝑀2 ] (3)

Figure 4- Significant image encryption algorithm[17]

 Algorithm 5 Base encrytion algorithm
1: procedure main_encryption(α,X,S1,S2,RM1,RM2)
2: for 𝑖 ← 0 to α do
3: 𝑥 ← 𝑋[𝑖]
4: 𝑦 ← 𝑋[𝜋[𝑖]]
5: 𝑐𝑥 ← 𝑆2 [𝑆1 [𝑥]⨁𝑅𝑀1 ⨁𝑦] → 𝑓 𝑓𝑢𝑛𝑐𝑡𝑖𝑜𝑛
6: 𝑐𝑦 ← 𝑆1 [𝑆2 [𝑦]⨁𝑅𝑀1 ⨁𝑅𝑀2 ] → 𝑔 𝑓𝑢𝑛𝑐𝑡𝑖𝑜𝑛
7: 𝑋[𝑖] ← 𝑐𝑥
8: 𝑋[𝜋[𝑖]] ← 𝑐𝑦
9: end procedure

3-6 Scan-based encryption algorithm

In this method, after blocking, the minimum pixel value of each block is selected as the
significant pixel and the remaining pixels, after calculating the difference, are considered as the
insignificant pixels. In fact, significant pixel selection is not based on changes in an image intensity
and edge detection algorithms or similarities-based methods. Although insignificant pixels are
encrypted by lower-level algorithms, it will be difficult to decrypt the information due to the
differences in pixel values.
To encrypt the insignificant image pixels, a scan-based encryption algorithm is proposed.
Since the core of the image can be retrieved by selected pixels, the main compression technique is
focused on this part and a complementary scan-based encryption algorithm with less complexity
is utilized for the remaining image blocks. The steps of this algorithm include internal block
permutation, compression, integration with the RM matrix which is described in 3-3 section, and
data transmission, which are explained in the following subsections.

3-6-1 Scan-based permutation of blocks

In each block, some selected pixels are considered as the representative of each block and the
difference of the other pixels in each block with this pixel is calculated and transmitted. Due to the
correlation between the adjacent pixels in a block, the values of the difference between these values
is small which can be represented by fewer bits. Therefore, transmission of these values results in
less volume of data than the original values of pixels. Figure 3 illustrates this idea in a sample
image.
In order to prevent the attackers from recognizing the location of the existing pixels, it is
proposed to use the internal permutation methods similar to those described in [10], [11]. Figure 5
shows sample permutations of pixels of a 2 × 2 block, which are divided into three shape
categories including 𝐵 shape, 𝑍 shape, and 𝑋 shape. To determine the type of permutations in each
block, it is proposed to utilize a random RM matrix. For this purpose, two bits are used to specify
the permutation type (𝐵 shape, 𝑍 shape, and 𝑋 shape) and next three bits to specify the selected
state. Therefore, five bits are needed to represent the 24 states in Figure 5 and permutations of all
image blocks requires 5 ×blocks number bits. After internal permutation, the pixel difference data
should be compressed so as the result is smaller than the original data. For this reason, a
compression algorithm is proposed in which the number of bits to represent variable-length data
is optimally chosen. The scan-based permutation of blocks is described in Algorithm 6.

Figure 5- Permutation types in a 2 × 2 block [17],[18]

Algorithm 6 Scan-based permutation of blocks

1: procedure block_Permutation(blocks,RM)
2: 𝑖𝑛𝑑𝑒𝑥 ← 0
3: for 𝑖 ← 0 to blocks do
4: If index+5 > size(RM) then
5: 𝑖𝑛𝑑𝑒𝑥 ← 0
6: 𝑚𝑜𝑑𝑒𝑙 ← 𝑅𝑀[𝑖𝑛𝑑𝑒𝑥: 𝑖𝑛𝑑𝑒𝑥 + 5]
7: 𝒊𝒇 𝑚𝑜𝑑𝑒𝑙[0 ∶ 2] = 01 then
8: zigzag_Permutation(model[2 : 6])
7: 𝒊𝒇 𝑚𝑜𝑑𝑒𝑙[0 ∶ 2] = 10 then
8: cross_Permutation(model[2 : 6])
7: else
8: square_Permutation(model[2 : 6])
9: 𝑖𝑛𝑑𝑒𝑥 ← 𝑖𝑛𝑑𝑒𝑥 + 5
10: end procedure
In Algorithm 6, a property is defined for each block that is called the bit range in order to
determine the difference between each pixel and the selected pixel. In fact, the bit range of each
block is the number of bits used to represent the largest difference in that block. Since the pixel
values in the image vary from 0 to 255, the bit range of each block without compression will be 8.
The description of bit range is provided in Algorithm 7.
Algorithm 7 Bit range definition
1: procedure bit_ranges(blocks,P)
2: for 𝑖 ← 0 to blocks do
3: 𝑚𝑎𝑥 ← 𝑚𝑎𝑥𝑖𝑚𝑢𝑚(𝑃[𝑖])
4: 𝐶[𝑖] ← 𝑚𝑖𝑛𝑖𝑚𝑢𝑚(𝑃[𝑖])
5: 𝑑 ← max − 𝐶[𝑖]
6: if d = 0 then
7: 𝐵𝑅[𝑖] ← 1
 8: else
7: 𝐵𝑅[𝑖] ← 𝑐𝑒𝑖𝑙𝑖𝑛𝑔(𝑙𝑜𝑔2 (𝑑))
8: return BR
9: end procedure
3-6-2 Integration with RM
To prevent brute-force attack, more complexity must be added to the scan-based encryption
algorithm to make it more difficult for the attacker to predict possible scenarios. To this end, the
data that has been generated so far (i.e., the difference of pixels with the selected pixels) are
represented as a string and XORed with a random RM matrix bit by bit and row by row.

3-7 Data transmission

When the transmitter completes the encryption process, the data is transmitted securely to the
receiver so that the image is retrieved correctly. The image file specifications should be transmitted
along with the encrypted data stream as follows:
1. The number of packets needed for a cryptographic image so that the end of image string is
detected in the receiver side
2. The size of the block used for encryption
3. Initial Image width
4. Initial Image height
5. The value of α
6. Bit range of blocks.
Since the sequence of bits which are sent to the receiver encrypted and the exact number of
bits for each image is hidden, the attacker is unable to find out the end of data for each image
sequence. Moreover, there are many situations to change the data length that is exchanged between
the nodes. For example, two images with the same width and height can have different ciphertext
size according to the similarity of their pixels. The correlation between the pixels is a feature that
can affect the number of ciphertext bits.
When the receiving side receives the image string, it extracts the image properties in a
sequence, generates blank image blocks and places the pixel difference values in the appropriate
block after completing the decryption process. Then, it performs the significant block encryption
algorithm to retrieve the selected pixels of each block and adds the pixel values in the block to the
selected pixel value to reconstruct the original image.

Figure 6 - Interpretation of the transmitted string in the receiver side

 4- Experimental Results
In this section, the performance of the proposed method is evaluated through simulation
experiments implemented in NS2 simulator and the specifications of environment and nodes are
as below:
Table 2 – Simulation environment in NS2
network interface type Phy/WirelessPhy
channel type Channel/WirelessChannel
propagation model Propagation/TwoRayGround
antenna model Antenna/OmniAntenna
MAC type Mac/802_11
routing protocol AODV
queue type Queue/DropTail/PriQueue
maximum queue length 60
average mobile nodes 100
network size 100 × 100 m2
transmission power 0.33 w
receiving power 0.1 w
sleeping power 0.03 w
initial energy 5j

The performance of the proposed method is evaluated based on two factors: the algorithm
lightness and the encryption security level. In order to investigate the first factor, three criteria
including time complexity, number of transmitted packets, and residual energy of the nodes are
considered. The second factor is analyzed based on two criteria including key sensitivity and
uniformity. In the simulation experiments for the proposed method, blocks of different sizes have
been studied which their values range from 2 to 16. Block of size 1 is used for the purpose of
comparison with the research in [17], where its size is different from other blocks and it is not
compressed.
4-1 Time complexity
The time it takes for a cryptographic algorithm to encrypt or decrypt an image is defined as
time complexity of algorithm which indicates a measure of the complexity and resource
consumption of the algorithm. As it is seen in Figure 8, the increase in the block size does not
necessarily lead to a reduction in execution time and therefore, blocks of size 4 and 8 shows better
performance than blocks of size 2 and 16.
 0.25

time (second) 0.2

Encryption
0.15
0.1 Decryption
0.05
0
1 2 4 8 16
Block Size

Figure 7- Time complexity with different block size for Lena image

1000

800 Block 1
Packet No.

600 Block 2

400 Block 4

200 Block 8

Block 16
0
Drop Airplane Lena Peppers House Sailboat Baboon

Block Size

Figure 8- The number of packets needed for different images with different block sizes

4-2 Residual energy of nodes

A lightweight algorithm should conserve the remaining energy in the nodes at the highest
possible levels, so that the IoT nodes do not lose much energy in encrypting, sending, receiving
and decrypting the images. In the simulation scenarios, the initial energy of IoT nodes is assumed
to be 5 joules. The residual energy of the transmitter nodes is shown in Figure 9. It is observed that
the block of size 4 shows much better performance in terms of saving energy than the competitive
approach in [17] with block of size 1. This result is due to the high compression of insignificant
pixels in each block through scan-based encryption algorithm.
Although it is expected that by the increases of block size, less data will be sent, however
since in a large block, pixel differences are high, the number of bits that must be considered for
the differences will be grown. As a result, it increases the size of the data and the number of sent
packets, and consequently more energy is consumed. Accordingly, the size of the block should be
considered acceptable.
 2.9 Block 1
residual enrgy (Joule) 2.8
2.7 Block 2
2.6
2.5 Block 4
2.4
2.3 Block 8
2.2
Drop Airplane Lena Peppers House Sailboat Baboon Block 16

Block Size

Figure 9- The residual energy of the transmitter nodes

4-3 Error propagation
If the error created in several bits of the image results in the propagation of the error
throughout the image, the image retrieval operation in the noisy channels will be virtually
impossible. A proper encryption algorithm should perform the encryption process in such a way
that it has low error propagation and a limited amount of error cannot cause much change in the
decrypted image. According to the proposed method, the error may occur in three different parts:
1) image properties such as the number of rows and columns or the bit range of the blocks, 2) the
value differences of the pixels, and 3) the sub-matrices. Errors occurred in the image specification
section must be corrected through operations like retransmission or inserting parity bits, since the
image specification must be accurately transmitted from the sender to the receiver. However, the
errors in the other two parts can be compensated.
Figure 10 shows the decrypted images of the pepper in a channel with different error rates.
This error may occur both in the difference bits and in the sub-matrices. The encryption of these
images was done using Block of size 4.

(a) 1% (b) 5% (c) 10% (d) 15% (e) 20%

Figure 10 - Error propagating in pepper image with block size 4

As seen in Fig. 10, the presence of an error in a limited number of data bits cannot destroy the
overall structure of the decrypted image, and therefore the error propagation will not be significant.
The error propagation percentage for different blocks is shown in Figure 11.
 60

% of error after decryption

50 Block 1
40 Block 2
30 Block 4

20 Block 8

10 Block 16

0
1 5 10 15 20 25 30 35 40 45 50
% of error in channel

Figure 11 - Error propagation rate in the network for different blocks

Referring to Figure 11, the error propagation in the blocking mode is approximately the same
as in block 1. Since our proposed method and the method in [17] works in the same way, the
proposed compression method does not cause additional error propagation.
The PSNR1 parameter is often used to evaluate the effect of error propagation. The PSNR
comparison shows how different the two images are; so as the smaller the PSNR difference, the
two images are less different. The PSNR value is calculated based on the MSE2 which calculates
the difference between the original image and the noisy image as follows [39].
∑𝑚.𝑛[𝐼1 (𝑚. 𝑛) − 𝐼2 (𝑚. 𝑛)]2 (4)
𝑀𝑆𝐸 =
𝑀 ×𝑁
In this equation, 𝑀 and 𝑁 are the number of rows and columns in the image, and the 𝐼1 (𝑚. 𝑛) and
𝐼2 (𝑚. 𝑛) are the pixels in row 𝑚 and column 𝑛 of the compared images. After calculating MSE, the
value of PSNR for color images can be calculated as follows [38]:
2552 (5)
𝑃𝑆𝑁𝑅 = 10𝑙𝑜𝑔10 ( )
𝑀𝑆𝐸
The value of PSNR for the pepper image with the blocks of different sizes is shown in Fig. 12. As
seen in the figure, the value of PSNR in different block sizes is close to the one in block 1 which
can be concluded that the proposed algorithm is resistant to noisy channels.

1
- Peak Signal-to-Noise Ratio
2
- Mean Square Error
 30

25
Block 1
20
Block 2
PSNR 15
Block 4
10

5 Block 8

0 Block 16
1 5 10 15 20 25 30 35 40 45 50
% of error in channel

Figure 12- PSNR value in different simulations

If there is an error in the decrypted image, it can be partially resolved by applying the median
filter. This filter divides the image into zones and helps eliminating the error by averaging the
pixels in that range. In the proposed method, if this range is the size of a block, it will not have the
effect of reducing the error, because if an error occurs in one block, the other pixels in that block
are also correlated and their difference will be calculated with the same error. Therefore, the areas
larger than one block should be considered for image recovery. In Fig. 13, the median filter is
applied to the pepper image transmitted with block of size 4 in a 5% noisy channel. As can be seen
in this figure, a median filter with a 4 × 4 range has no effect on the error reduction, as it is about
the size of a block. It is observed that with the increase of the filter range, the error is partially
covered.

(a) Received image (b) Median 4 pixel (c) Median 6 pixel (d) Median 7 pixel
Figure 13- Applying the median filter on the pepper image with block size 4 in a channel with 5% noise

4-4 Uniformity analysis

Uniformity is a measure of how well the encrypted data is resistant to the common attacks.
The closer the probability of different symbols appearing in the encrypted data, the more robust
encrypted algorithm will be. The image uniformity can be calculated using the probability density
function. If the encrypted image has approximately equal probability for each pixel from 0 to 255
(approximately 1/256 or 0.0039), the image uniformity will be high and the attacker will not be
able to use the image information obtained from the abundance of pixels[17]. As shown in Figure
14, the probability of each pixel in the encrypted image is approximately equal to the other pixels
and varies in a small range. This indicates that the encrypted image through the proposed method
is uniform and the attacker cannot detect the frequency of the different pixels.
 Probability of emergence

Probability of emergence
Pixel Value Pixel Value

Main Image Uniformity analysis Encryption 1 × 1 Uniformity analysis

Probability of emergence
Probability of emergence

Pixel Value Pixel Value

Encryption 2 × 2 Uniformity analysis Encryption 4 × 4 Uniformity analysis

Probability of emergence

Probability of emergence

Pixel Value Pixel Value

Encryption 8 × 8 Uniformity analysis Encryption 16 × 16 Uniformity analysis

Figure 14- Probability density function for encrypted image

4-5 Key sensitivity analysis

Key sensitivity analysis shows how much the encrypted image is affected by the encryption
key. If some small changes to the key results in small changes to the encrypted image, the
algorithm will not be safe, as the attacker can guess similar parts of the image by eavesdropping
the network and possessing several encrypted images and accordingly obtain some parts of the key
specification. As a result, it will make brute force attack less sophisticated. The higher the key
sensitivity, the more difficult it will be to retrieve the original image using other keys.
To check the sensitivity of the key, an encrypted image is decrypted using the master key and
another key that differs only one bit from the master key (SK1, SK2). The greater the difference
between the two decrypted images is, the higher the key sensitivity is and thus the greater the
security of the encryption algorithm will be. The operation is performed for Baboon and drop
images with the highest and lowest pixel scattering, respectively, as shown in Figures 16 and 17.
The Hamming distance is used to calculate the difference between two images (C1, C2). This
distance specifies that how many pixels of two images of the same size differ from each other and
how many permutations are needed to convert the first image to the second image. Two plain-
images are encrypted separately and then the Hamming distance (in bits) between the two cipher-
images is calculated as follows and should be close to 50% that means the majority of values is
close to the optimal value:
∑𝑇𝑘=1 𝐶1 ⨁𝐶2 (6)
𝐾𝑆 = × 100%
𝑇
∑𝑇𝑘=1(𝐸𝑆𝐾1 (𝑃))⨁(𝐸𝑆𝐾2 (𝑃))
= × 100%
𝑇
The T variable is length in bits of the plain and cipher data.

(a) real key (b) 50.21% (c) 50.22% (d) 49.97% (e) 50.32% (f) 50.20
Figure 15- Hamming distance and key sensitivity analysis for blocks 2 to 16 in Baboon image

(a) Real key (b) 56.97% (c) 57.11% (d) 57.03% (e) 56.85% (f) 57.04%
Fig. 16 - Hamming distance and key sensitivity analysis for blocks 2 to 16 in the drop image

As can be seen in Figures 15 and 16, the Hamming distance between the images is close to
50% and there is a large difference between the images. In other words, the small changes in the
key led to the large changes in the decrypted images. This illustrates the resistance of the proposed
algorithm to the key changes and secret key-related attacks.

5- Conclusion
Due to the limited resources of IoT nodes, the secure transmission of high-volume multimedia
content requires both efficient compression and effective encryption. In this paper, a lightweight
encryption algorithm for multimedia IoT was proposed which utilized a scan-based block
compression and selective pixel encryption approach. Since the proposed method uses constant
blocking, it was observed in the experiments that the blocks of size 4 and 8 show better
performance in terms of number of packet transmission and algorithm execution time. The
experiments also showed that applying the proposed method resulted in 15% decrease in energy
consumption of IoT nodes and 26% decrease in the number of packet transmission compared to
the competitive algorithms. By examining the error propagation on the image, it was found that
the result of the proposed approach is the same as the compared algorithms. By implementing the
key sensitivity analysis on the proposed method, it was shown that the Hamming distance was
approximately 50% indicating that the proposed method provides a desirable level of security.

Declaration

Conflict of Interest
The authors declare that they have no conflict of interest.
Funding
There is no funding for this publication.
Ethical Approval
This article does not contain any studies with human participants or animals performed by any of
the authors.

References
[1] A. Aslam and E. Curry, “Towards a Generalized Approach for Deep Neural Network
Based Event Processing for the Internet of Multimedia Things,” IEEE Access, vol. 6, no. c, pp.
25573–25587, 2018.
[2] Javadpour, Amir, and Alireza Mohammadi. "Improving brain magnetic resonance image
(MRI) segmentation via a novel algorithm based on genetic and regional growth." Journal of
biomedical physics & engineering 6, no. 2 (2016): 95.
[3] O. A. Khashan, A. M. Zin, and E. A. Sundararajan, “Performance study of selective
encryption in comparison to full encryption for still visual images,” J. Zhejiang Univ. Sci. C, vol.
15, no. 6, pp. 435–444, 2014.
[4] B. Mondal, P. Kumar, and S. Singh, “A chaotic permutation and diffusion based image
encryption algorithm for secure communications,” Multimedia Tools and Applications, vol. 77,
no. 23. pp. 31177–31198, 2018.
[5] Y. Luo, R. Zhou, J. Liu, S. Qiu, and Y. Cao, “An efficient and self-adapting colour-image
encryption algorithm based on chaos and interactions among multiple layers,” Multimed. Tools
Appl., vol. 77, no. 20, pp. 26191–26217, 2018.
[6] C. L. Li, H. M. Li, F. D. Li, D. Q. Wei, X. B. Yang, and J. Zhang, “Multiple-image
encryption by using robust chaotic map in wavelet transform domain,” Optik, vol. 171. pp. 277–
286, 2018.
[7] X. Chai, “An image encryption algorithm based on bit level Brownian motion and new
chaotic systems,” Multimedia Tools and Applications, vol. 76, no. 1. pp. 1159–1175, 2017.
[8] G. Ye, K. Jiao, C. Pan, and X. Huang, “An effective framework for chaotic image
encryption based on 3D logistic map,” Secur. Commun. Networks, vol. 2018, 2018.
[9] W. Xingyuan, Z. Junjian, and C. Guanghui, “An image encryption algorithm based on
ZigZag transform and LL compound chaotic system,” Optics and Laser Technology, vol. 119.
2019.
[10] X. Wang and H. Sun, “A chaotic image encryption algorithm based on zigzag-like
transform and DNA-like coding,” Multimedia Tools and Applications. 2019.
[11] G. A. Spanos and T. B. Maples, “Performance study of a selective encryption scheme for
the security of networked, real-time video,” Proc. Int. Conf. Comput. Commun. Networks, ICCCN,
pp. 2–10, 1995.
[12] O. Benrhouma, H. Hermassi, and S. Belghith, “Security analysis and improvement of a
partial encryption scheme,” Multimedia Tools and Applications, vol. 74, no. 11. pp. 3617–3634,
2015.
[13] Z. Fawaz, H. Noura, and A. Mostefaoui, “Securing JPEG-2000 images in constrained
environments: a dynamic approach,” Multimedia Systems, vol. 24, no. 6. pp. 669–694, 2018.
[14] Y. Zhang, D. Xiao, W. Wen, and Y. Tian, “Edge-based lightweight image encryption using
chaos-based reversible hidden transform and multiple-order discrete fractional cosine transform,”
Optics and Laser Technology, vol. 54. pp. 1–6, 2013.
[15] W. Zhang, H. Yu, and Z. L. Zhu, “Color image encryption based on paired interpermuting
planes,” Optics Communications, vol. 338. pp. 199–208, 2015.
[16] A. Kaur and G. Singh, “A Random Selective Block Encryption Technique for Secure
Image Cryptography Using Blowfish Algorithm,” Proceedings of the International Conference on
Inventive Communication and Computational Technologies, ICICCT 2018. pp. 1290–1293, 2018.
[17] H. Noura, A. Chehab, L. Sleem, M. Noura, R. Couturier, and M. M. Mansour, “One round
cipher algorithm for multimedia IoT devices,” Multimed. Tools Appl., vol. 77, no. 14, pp. 18383–
18413, 2018.
[18] S. S. Maniccam and N. G. Bourbakis, “Image and video encryption using SCAN patterns,”
Pattern Recognition, vol. 37, no. 4. pp. 725–737, 2004.
[19] K. Arava and L. Sumalatha, “An enhanced RGB scan image encryption using key-based
partitioning technique in cloud,” Smart Innovation, Systems and Technologies, vol. 105. pp. 155–
163, 2019.
[20] S. M. S. Hilles and M. S. Shafii, “Image Compression and Encryption Technique : Review
Paper,” Int. J. Data Sci. Res., vol. 1, no. 2, pp. 0–6, 2019.
[21] P. N. Penchalaiah, “Effective Comparison and Evaluation of DES and Rijndael Algorithm
( AES ),” International journal of computer science and engineering, vol. 02, no. 05, pp. 1641–
1645, 2010.
[22] A. Mousa and A. Hamad, “Evaluation of the RC4 Algorithm for Data Encryption,” Int. J.
Comput. Sci. Appl., vol. 3, no. 1, pp. 44–56, 2006.
[23] P. Jindal and B. Singh, “RC4 encryption - A literature survey,” Procedia Comput. Sci., vol.
46, no. Icict 2014, pp. 697–705, 2015.
[24] T. Nie and T. Zhang, “A study of DES and blowfish encryption algorithm,” IEEE Reg. 10
Annu. Int. Conf. Proceedings/TENCON, pp. 1–4, 2009.
[25] D. Coppersmith, “Data Encryption Standard (DES) and its strength against attacks,” IBM
J. Res. Dev., vol. 38, no. 3, pp. 243–250, 1994.
[26] H. C. Williams, “A Modification of the RSA Public-Key Encryption Procedure,” IEEE
Trans. Inf. Theory, vol. 26, no. 6, pp. 726–729, 1980.
 [27] G. Leander, C. Paar, A. Poschmann, and K. Schramm, “New lightweight des variants,”
Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics),
vol. 4593 LNCS, pp. 196–210, 2007.
[28] D. Hong et al., “HIGHT: A new block cipher suitable for low-resource device,” Lecture
Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and
Lecture Notes in Bioinformatics), vol. 4249 LNCS. pp. 46–59, 2006.
[29] D. J. Wheeler and R. M. Needham, “TEA, a tiny encryption algorithm BT - Fast Software
Encryption,” Lect. Notes Comput. Sci., pp. 363–366, 1995.
[30] T. Suzaki, K. Minematsu, S. Morioka, and E. Kobayashi, “A lightweight block cipher for
multiple platforms,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect.
Notes Bioinformatics), vol. 7707 LNCS, pp. 339–354, 2013.
[31] D. Hong, J. K. Lee, D. C. Kim, D. Kwon, K. H. Ryu, and D. G. Lee, “LEA: A 128-bit
block cipher for fast encryption on common processors,” Lecture Notes in Computer Science
(including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics),
vol. 8267 LNCS. pp. 3–27, 2014.
[32] A. Bogdanov, L. R. Knudsen, G. Leander, C. Paar, and A. Poschmann, “PRESENT : An
Ultra-Lightweight Block Cipher,” International Workshop on Cryptographic Hardware and
Embedded Systems, pp. 450–466, 2007.
[33] C. De Canni, B.Preneel, “Trivium,” New Stream Cipher Designs, pp. 244–245, 2008.
[34] M. Hell, T. Johansson, A. Maximov, and W. Meier, “A stream cipher proposal: Grain-
128,” IEEE Int. Symp. Inf. Theory - Proc., pp. 1614–1618, 2006.
[35] Daniel Engels, Markku-Juhani O. Saarinen, E. Smith, “The Hummingbird-2 lightweight
authenticated encryption algori,” International Workshop on Radio Frequency Identification:
Security and Privacy Issues, pp. 19-31, 2011.
[36] M. Singh, S. Kumar, S. Singh, and M. Shrivastava, “Various Image Compression
Techniques: Lossy and Lossless,” Int. J. Comput. Appl., vol. 142, no. 6, pp. 23–26, 2016.
[37] A. J. Hussain, A. Al-Fayadh, and N. Radi, “Image compression techniques: A survey in
lossless and lossy algorithms, ” Neurocomputing vol. 300. Elsevier B.V., 2018.
[38] C. Raghavendra, S. Sivasubramanian, and A. Kumaravel, “Improved image compression
using effective lossless compression technique,” Cluster Comput., vol. 22, pp. 3911–3916, 2019.
[39] A. Horé and D. Ziou, “Image quality metrics: PSNR vs. SSIM,” Proc. - Int. Conf. Pattern
Recognit., pp. 2366–2369, 2010.

View publication stats