Expert Systems With Applications 238 (2024) 122030

Contents lists available at ScienceDirect

Expert Systems With Applications

journal homepage: www.elsevier.com/locate/eswa

Region of interest-based medical image encryption technique based on

chaotic S-boxes
Sajjad Shaukat Jamal a, Mohammad Mazyad Hazzazi a, Muhammad Fahad Khan b, *,
Zaid Bassfar c, Amer Aljaedi d, Zain ul Islam e
a
Department of Mathematics, College of Science, King Khalid University, Abha 61413, Saudi Arabia
b
Department of Software Engineering, Foundation University Islamabad, Pakistan
c
Department of Information Technology, University of Tabuk, Tabuk 71491, Saudi Arabia
d
College of Computing and Information Technology, University of Tabuk, Tabuk 71491, Saudi Arabia
e
College of Science and Engineering, Hamad Bin Khalifa University, Qatar

A R T I C L E I N F O A B S T R A C T

Keywords: Block cipher has been one of the most reliable options by which data security is achieved. The strength of block
Medical images cipher against various attacks is purely dependent on its confusion property, which is gained through the S-
Chaos based S-box construction Boxes. In recent years, S-Boxes based on chaotic maps have become popular due to their favorable characteristics
Block cipher
for cryptography. However, vulnerabilities have been discovered in these constructions, leading to concerns
Chaotic systems
DICOM encryption
about their reliability. In this research, we first generate dynamic S-Boxes, and then based on the newly
generated S-Boxes, a ROI-based medical image encryption scheme is proposed to address the challenges posed by
the large size of DICOM images. Rather than encrypting the entire DICOM image, proposed encryption scheme
only encrypts the ROI part where the relevant information is present, while leaving the black background
unencrypted. This approach reduces the size of the encrypted data and improves the efficiency of the encryption
process, while maintaining the privacy and confidentiality of sensitive medical data. The proposed ROI-based
medical image encryption scheme is evaluated using standard performance metrics, including encryption
speed, image quality tests, correlation-coefficient analysis, randomness of encrypted images, key sensitivity
analysis, encryption sensitivity analysis, decryption sensitivity analysis, and resistance against common attacks
such as differential and linear attacks. The proposed dynamic S-Box construction technique is evaluated using
standard S-Box criteria, which include nonlinearity score, bit independence criterion, strict avalanche criteria,
linear approximation probability, and differential approximation probability. Results demonstrate that the
proposed technique gains high levels of encryption efficiency and security, making it a fast solution for secure
medical image transmission in real-world applications.

1. Introduction large size and increased computational complexity, making it necessary

Ensuring the secure transmission and storage of medical images is
critical in today’s healthcare environment, where any unauthorized
access or alteration of medical images can have serious consequences for
diagnosis, treatment, and research. The vulnerability of medical imaging
systems to cyber threats and unauthorized access poses a significant risk
to patient safety, confidentiality, and privacy, which could result in
identity theft, financial loss, and compromised medical treatment.
However, encrypting the entire DICOM images is not practical due to its
to explore efficient and secure encryption techniques for medical im­
ages. Authors in (Khan et al., 2021) stated that ensuring the security of
DICOM images is critical, however, the process of encryption can
significantly increase the time required to transmit. Authors in (Gaher­
war et al., 2022) mentioned that the use of encryption to secure DICOM
images can be time-consuming and resource-intensive, particularly for
large objects. Authors in (Magdy et al., 2022) emphasize the crucial role
of securing DICOM images in healthcare. They provide an in-depth
analysis of the potential consequences of security breaches in DICOM

* Corresponding author.
E-mail addresses: [email protected] (S.S. Jamal), [email protected] (M.M. Hazzazi), [email protected] (M.F. Khan), [email protected]
(Z. Bassfar), [email protected] (A. Aljaedi), [email protected] (Z. ul Islam).

https://doi.org/10.1016/j.eswa.2023.122030
Received 2 June 2023; Received in revised form 3 October 2023; Accepted 3 October 2023
Available online 17 October 2023
0957-4174/© 2023 Elsevier Ltd. All rights reserved.
S.S. Jamal et al.
Fig. 1. Proposed System Architecture.
images and highlighted the necessity of implementing robust security
measures to prevent such breaches. The authors also discuss the chal­
lenges associated with implementing these measures, such as the pos­
sibility of increased processing time. Authors in (Devi & Mohapatra,
2023) propose a secure communication system for DICOM images that
ensures confidentiality during transmission through watermarking and
encryption techniques. Their system includes a secure key distribution
mechanism to restrict access to decryption keys to authorized parties,
but this may increase processing time.
Authors in (Bhattacharjee et al., 2022) suggest a system that employs
FPGA-based encryption module to provide efficient and secure encryp­
tion of medical images, as traditional software-based encryption
methods are time-consuming and resource-intensive. Their proposed
hardware-based encryption technique for DICOM images aims to
address the performance issues of software-based encryption. The au­
thors argue that software-based encryption techniques can cause sig­
nificant delays in image transmission and processing, potentially
impacting the quality of patient care. Authors in (Prasanalakshmi et al.,
2022) suggest a supercomputing-based approach for efficient encryption
of DICOM images, using parallel processing techniques to achieve high-
speed encryption and reduce processing time. To achieve this, the au­
thors set up a cluster of high-performance computing nodes to perform
encryption operations in parallel. In the first section of the proposed
method, we presented a fusion of the logistic map and tent map, which
overcomes the limitations and security issues associated with single
map-based S-box constructions. In the second phase, we proposed a
novel medical image encryption technique based on the dynamical S-
boxes from phase − 1. Instead of encrypting the entire image, we
selectively encrypt the only ROI part where the relevant information is
exists. Black background of the image is left unencrypted, which reduces
2
Expert Systems With Applications 238 (2024) 122030
the size of the encrypted data and improves the efficiency of the
encryption process.
Primary contribution of this research is summarized as:
a. ROI based image cipher: Instead of encrypting the entire DICOM
image, our proposed method selectively encrypts only the ROI-based
image where the relevant information is present, while leaving the
black background unencrypted. This approach reduces the size of the
encrypted data and improves the efficiency of the encryption
process.
b. ROI extraction algorithm
c. Round Key generation algorithm
d. Overcomes the Single map based S-box constructions Issues
The paper is structured as follows: Section 2 introduces the proposed
methodology, Section 3 discusses the results and evaluation of the
proposed method, and Section 4 gives the conclusion. The entire system
architecture is depicted in Fig. 1.
2. Proposed methodlogy
Block cipher has been a standout amongst the most reliable option by
which data security is accomplished. The strength of block ciphers
against various attacks depends on the effectiveness of their substitution
boxes. It is the responsibility of the substitution box(S-box) to make the
correlation between cipher text and the key as indiscernible as possible
Over the past decade, substitution boxes based on chaotic maps have
been extensively constructed and designed due to their favorable char­
acteristics for cryptography (Prasanalakshmi et al., 2022) (Khan,
Ahmed, Saleem, & Shah, 2022). However, in recent years many
S.S. Jamal et al.
Fig. 2. The first row of the chart shows the bifurcation diagram for three different chaotic maps (a) Logistic map, (b) Tent map (c) LogisticTent map. The second row
displays the Lyapunov spectrum for each map with parameters.
cryptographers have discovered vulnerabilities in single chaotic map
based S-box designs. The ultimate solution of these S-box vulnerabilities
are True Randomness. These vulnerabilities include dynamical degra­
dation (Alharbi et al., 2023) (Fahad Khan et al., 2022) (Siddiqui et al.,
2020), predictability (Fahad Khan et al., 2022) (Siddiqui et al., 2020)
(Shah et al., 2020), discontinuity in chaotic sequences (Jamal et al.,
2019) (Khan, Ahmed, Saleem, & Shah, 2019) (Khan, Ahmed, & Saleem,
2019), a small number of control parameters in chaotic maps (Siddiqui
et al., 2020) (Jamal et al., 2019) (Khan, Ahmed, Saleem, & Shah, 2019),
and finite precision effects (Jamal et al., 2019) (Khan, Ahmed, Saleem, &
Shah, 2019) (Khan, Ahmed, & Saleem, 2019) and frail chaos (Khan,
Ahmed, & Saleem, 2019) (Baig et al., 2016) (Sun et al., 2023). These
vulnerabilities can be exploited by attackers to identify patterns, reduce
complexity, and determine the key, which undermines the security of
the cipher. The proposed technique has two phases: the first is con­
struction of S-boxes based on chaotic logistic-tent system and the second
phase is ROI based image cipher.
2.1. S-boxes construction based on chaotic logistic-tent system
Strength of block ciphers verses many attacks relies only on the
effectiveness of their substitution boxes. It is the responsibility of the
substitution box (S-box) to make the correlation between cipher text and
the key as indiscernible as possible. S-box is a m × n mapping
S: {0, 1} m → {0, 1} n, transforming input vector × = [xn-1, xn-2, xn-3
… x0] into output vector y = [yn-1, yn-2, yn-3 … y0].
2.1.1. Chaotic logistic map (CLM)
CLM is a mathematical model that displays complex, nonlinear
behavior. Equation (1) presents the mathematical model of the logistic
map.
xn+1 = f(xn ) = bxn (1 − xn ), b ∈ (0, 4])
th
The system’s state values at the n discrete time point (where n = 0,
Expert Systems With Applications 238 (2024) 122030
1,) are denoted by xn in Eq. (1). Initial value is denoted as x0 and b lies in
between 3.57 and 4. F(x) is a map of xn ∈ (0, 1)→xn+1 ∈ (0, 1). The
sequence of {x0, x1, x2, …} produced by x0∈(0,1) and its state values
appear to be irregular or random(0,1). The bifurcation diagram and the
Lyapunov spectrum is shown in Fig. 2a. We used following equation to
get Lyapunov spectrum.
1 ∑ N− 1
LE = lim ( loge |f′(xn )|) (2)
N→∞N
n=0
2.1.2. Chaotic tent map (CTM)
CTM maps a value from an interval to another interval by folding it in
half and then reflecting it. The map’s name becomes evident from its
tent-shaped structure, which is visible in the bifurcation diagram
depicted in Fig. 2b. This map indicates chaos in the range of [2, 4] as can
be seen in Lyapunov Exponent and bifurcation diagrams:
⎧ zn
⎪
⎨ γ 2 zn < 1/2
⎪
zn+1 = zn ∈ [0, 1] (3)
⎪
⎪ γ(1 − zn )
⎩ zn > 1/2
2
The CLM and CTM systems have some drawbacks. Firstly, limited
range only from 3.57 to 4 and the CTM system having a chaotic
parameter range b∈(2,4]. Secondly, when b < 4, it is not possible for the
system state value to cover the entire range of (0, 1).
2.1.3. Chaotic logistic-tent system (CLTSM)
Due to a partial chaotic range of both seed maps i.e. logistic and tent
maps, there is a need for chaotic map whose range is improved as related
to original seed maps. CLTS is a nonlinear fusion of earlier discussed
maps [15]. The LTS exhibits exceptional complex chaotic properties.
Modules operator is to ensure that the output range of data is in the
(1) range of [0, 1]. By integration of the tuning parameters of the seed maps,
the expression is written in the form:
3
S.S. Jamal et al. Expert Systems With Applications 238 (2024) 122030

Table 1
Proposed sample S-Box based on CLTSM.
221 4 77 193 247 219 195 245 58 241 183 38 114 220 202 14

80 191 194 163 73 22 82 184 104 33 236 148 94 21 79 32

138 74 66 51 36 164 86 28 190 155 83 205 188 84 249 199
235 102 248 217 201 121 61 135 232 158 26 87 143 31 7 56
159 134 133 23 254 152 186 171 34 176 166 69 37 208 46 30
210 187 137 140 19 75 122 130 110 196 169 250 6 99 52 144
120 67 181 101 207 60 93 115 126 237 212 47 50 53 25 92
41 146 45 142 3 170 127 213 116 48 240 105 185 13 68 78
161 139 200 17 125 5 203 251 154 89 1 129 165 57 132 123
62 113 72 90 253 233 10 27 246 242 97 230 39 172 95 91
175 81 112 11 49 44 43 9 131 119 168 98 224 216 255 167
35 157 63 12 197 106 136 204 103 252 117 70 153 71 192 124
182 55 162 109 227 228 234 128 16 229 231 209 174 239 0 15
141 76 226 40 150 65 218 180 118 88 211 225 64 42 96 111
189 107 160 243 214 206 145 54 2 149 100 147 179 85 238 215
178 173 29 223 108 20 222 59 156 24 244 198 151 18 8 177

{
zn+1 =
(σ zn (1 − zn ) + (4 − σ)zn /2)mod1zi < 1/2
(4) here ϑ is named as a linear fractional transformation (LFT) and its
(σ zn (1 − zn ) + (4 − σ )(1 − zn )/2 )mod1zi > 1/2 ( )
parameter value is from GF 28 . It is necessary to fulfill the non-
degeneracy condition μσ − πρ ∕ = 0. Due to the nonlinearity of LFT, it
where 0 < σ ≤ 4. The chaotic range interval of the LTS has been
gives us the opportunity to employ this map for byte substitution. For
extended up to an interval of (0,4] and the output sequences are evenly
LFT,μ = 21, π = 8, ρ = 3 and σ = 17 is selected. The outcomes of
distributed in the range of [0, 1] as observed in Fig. 2c. From Property 1,
equation (4) represent the 28 values of the sample S-box as depicted in
it can be inferred that the state values of CLTSM are limited.
the Table 1. For results we generated 15,000 S-boxes and observed that
Properties 1. When a ∈ (0, +∞) and b ∈ [0, a], zn+1 is a mapping
6761 of them had a nonlinearity (NL) of 108 or less, while 3485 had a NL
of.xn+1 ∈ (0, 0.5) ∪ (0.5, 1)
between 109 and 110, and 4754 had a NL between 111 and 112.
Proof. The function’s monotonicity within the given interval can be
Equation (7) is employed for generating the S-boxes. To achieve this, we
demonstrated by examining the sign of its derivative, which is given by
utilized various values for the parameters μ, π, ρ, and σ in order to
the derivative function of f (xn):
generate a distinct set of output values. These parameters control the
⎧
⎪
⎪
4b 2(a − b) behavior of the LFT and, consequently, change the values produced by
⎨ (1 − 2xn ) − , 0 < xn < 0.5, a > 0, 0 ≤ b ≤ a
′ a a ϑ(y).
f (xn ) =
⎪
⎩ 4b (1 − 2xn ) − 2(a − b), 0.5 ≤ xn < 1, a > 0, 0 ≤ b ≤ a
⎪
a a 2.1.5. S-boxes evaluation criteria
(5)
2.1.5.1. Nonlinearity score. The nonlinearity of a function quantified by
Equation (5) implies that:
the number of bits needed to be altered to obtain the nearest affine

⎧
⎪ ′ ′ 4b 2(a − a)
⎪
⎨ f (xn ) > f (xn = 0.5)|b=a = (1 − 2 × 0.5) + = 0, 0 < xn < 0.5, a > 0, 0 ≤ b ≤ a
a a
(6)
⎪
⎩ f′(xn ) < f′(xn = 0)| = 4b (1 − 2 × 0) + 2(a − a) ∕
⎪
= 0, 0.5 ≤ xn < 1, a > 0, 0 ≤ b ≤ a
b=a
a a

While xn is within the interval (0, 0.5),f (xn) monotonically increases
over this interval due to f ‘(xn) > 0. Therefore, it follows that f(0) < f(xn)
< f(0.5), which implies that 0 < f(xn) < 1. On the other hand, when xn is
within the interval (0.5,1), f(xn) monotonically decreases over this in­
terval f ‘(xn) < 0. So this implies that: f(1) < f(xn) < f(0.5) hence, if xn ∈
(0, 0.5) ∪ (0.5, 1) then 0 < f(xn) < 1.
2.1.4. Dynamic S-box construction based on CLTSM
The general linear group GL(n, F) (F represents the field) consists of
all invertible square matrices of the same size. The quotient group of
GL(n, F) by its center is a projective general linear group (PGL) of degree
m over a field F. The group action of Galois field GF(28 ) on the PGL (2,
GF(28 )) helps to obtain 8 × 8 S-box. This S-box has different 256 values
which help us to obtain confusion in our cryptosystem. Briefly, consider
the function g such that: g : PGL(2, GF(28 )) × GF(28 ) →GF(28 )) is given
as:
μy + π
ϑ(y) = (7)
ρy + σ
function. The proposed S-Box has a nonlinearity score of 112, which is
equal to or better than the scores of 30 other recently published S-Boxes.
Table 2 compares the proposed S-Box with other S-Boxes.
2.1.5.2. Strict avalanche criteria (SAC). SAC evaluates the strength of S-
Box. It requires that changing an input bit causes exactly half of the
output bits to change on average. The SAC score of the proposed S-Box is
0.5017, and it is compared with 30 other S-Boxes in Table 2, showing its
equal or better performance in achieving secure cryptographic systems.
2.1.5.3. Bit independence criterion (BIC). It assesses the statistical in­
dependence of S-box input and output bits, meaning that knowledge of
some input bits should not reveal output bit information. The correlation
between input and output bits should be as close to zero as possible for
all bit positions. S-boxes meeting this criterion are more resistant to
cryptanalysis, making them a critical consideration for cryptographic
algorithms. S-box with higher BIC score is considered more secure.
Table 2 compares our sample S-Box with 30 other recently published S-

4
S.S. Jamal et al. Expert Systems With Applications 238 (2024) 122030

Table 2 (a•x = b•S(x)) is the probability that the linear approximation a•x = b•S
Comparative Analysis. (x) holds for randomly chosen a, b and x. 1/2 is the expected probability
S-box Max SAC BIC- BIC- DP LP for a random function to satisfy the linear approximation. Our proposed
Nonlinearity NL SAC S-Box has a Linear Approximation Probability (LP) score of 0.0625.
Proposed S-box 112 0.5017 104 0.4591 30 0.0625 Table 2 compares our sample S-Box with 30 other recently published S-
(Yong & Peng, 112 0.5012 104 0.5056 8 0.0937 Boxes, and the results indicate that our S-Box has a competitive LP value
2012) when compared to other S-Boxes.
(Ahmad et al., 108 0.5034 100 0.4951 10 0.1328
2018)
(Tian & Lu, 108 0.4978 100 0.5029 10 0.1328 2.1.5.5. Differential approximation probability (DP). It is the probability
2016) that a given input difference Δx will produce a given output difference
(Ahmad et al., 108 0.4946 96 0.5018 10 0.1328 Δy after passing through the S-box[19]. It is calculated as: DP(Δx, Δy) =
2015) Prob(S(x) ⊕ S(x ⊕ Δx) = Δy) where S(x) represents the output of the S-
(Alzaidi, Ahmad, 108 0.5034 98 0.498 12 0.1328
Ahmed, et al.,
box for input x. Δx and Δy are input and output differences. x ⊕ Δx
2018) represents the input that differs from x by Δx. S(x) ⊕ S(x ⊕ Δx) repre­
(Farah et al., 108 0.4941 98 0.4957 10 0.125 sents the output difference resulting from the input difference Δx. Prob
2017) (S(x) ⊕ S(x ⊕ Δx) = Δy) represents the probability that the output dif­
(Ahmed et al., 108 0.4076 98 0.5022 10 0.1328
ference is equal to Δy, given the input difference Δx. Our proposed S-Box
2019)
(Zhang et al., 110 0.5017 100 0.5026 10 0.1328 has a DAP score of 10. Table 2 compares our sample S-Box with 30 other
2018) recently published S-Boxes, and the results indicate that our S-Box has a
(Khan, Saleem, 107 0.5066 96 0.5065 12 0.1445 competitive DP value when compared to other S-Boxes.
Hazzazi, et al.,
2022)
(Alzaidi, Ahmad, 110 0.4976 100 0.5023 10 0.125 2.2. Region of interest based image cipher
Doja, et al.,
2018)
(Khan, Ahmed, 112 0.5058 112 0.504 4 0.0625
The proposed algorithm starts by identifying the ROI in the DICOM
Saleem, & image. ROI extraction algorithm is presented in the following. A 16-bit
Shah, 2019) S-box is generated using a Dynamic S-box Construction based on CLTSM
(Khan, Ahmed, 112 0.4987 112 0.4993 4 0.0625 technique, and each pixel value in the sub-block is mapped to a new
Saleem, &
pixel value using the CLTM based S-box. The image pixel data is con­
Shah, 2019)
(Khan, Ahmed, & 112 0.5058 112 0.502 4 0.0625 verted into 8-bit binary which can easily be divided into two sets of 4
Saleem, 2019) bits each i.e. MSBs and the LSBs. These 2 sets of 4 bits are converted into
(Baig et al., 112 0.504 112 0.502 4 0.0625 decimal values so that a specific value from S-box table is obtained for
2016) the process of substitution. Here, it is necessary to mention that MSBs
(Su et al., 2023) 108 0.5026 100 0.5002 12 0.1172
(Attaullah et al., 112 0.5031 112 0.5028 4 0.0625
decimal value indicates the row of CLTM S-box whereas LSBs decimal
2018) value indicates the corresponding column value. In the same manner, all
(Zamli et al., 108 0.4931 102 0.5 10 0.125 the pixel values of digital data are substituted with CLTM S-box to obtain
2023) confusion. The sub-blocks are then combined to form a new block, which
(Sani et al., 110 0.4988 102 0.5010 30 0.125
is further permuted using a 16-bit P-box generated from the same
2023)
(Si et al., 2023) 108 0.5031 96 0.5074 12 0.1484 random encryption key. The substitution process is followed by per­
(Wang et al., 112 0.4861 108 0.5020 6 0.0859 mutation for obtaining diffusion. For each image pixel value, the binary
2023) value is changed into decimal. By hobbling the rows and columns of the
(Raj et al., 2023) 110 0.5026 102 0.5026 10 0.1406 substituted data with the help of chaotic CLTSM, the permutation is
(Yang et al., 112 0.4985 98 0.4992 8 0.125
2023)
obtained in accordance with equation 8, given as:
(Artu\uger, 110 0.5073 100 0.502 10 0.1523 {
ISUB (:, l(i)) = ISUB P ( :, i)
2023)
(Gakam Tegue 110 0.5015 98 0.5016 10 0.1484
ISUB (l(i), :) = ISUB P ( i, : )
et al., 2023) (8)
(Muhammad 110 0.4985 98 0.5020 10 0.1328
Waseem & where I_SUB and I_(SUB P) represents the DICOM images after being
Hwang, 2023)
through processes of substitution and permutation respectively. The
(AbdElHaleem 110 0.4995 98 0.4983 10 0.1172
et al., 2022) next step involves dividing the block into non-overlapping 8x8 sub-
(Alharbi et al., 108 0.4943 98 0.4982 10 0.125 blocks, and DCT is computed for each sub-block. A 64-bit key is gener­
2023) ated using a formula involving the encryption key and the row and
(Hamza et al., 110 0.4946 94 0.5054 10 0.1328 column indices of the sub-block. The DCT coefficients are divided into
2019)
(Abdullah & 112 0.5 104 0.5052 10 0.125
eight non-overlapping 8x8 sub-blocks, and a round key is generated for
Abduljaleel, each sub-block. Each DCT coefficient is then XORed with the corre­
2023) sponding round key, and the inverse DCT is computed for each sub-
block. DCT is itself a linear transformation which is perfectly lossless
and invertible. Information loss only occurs when the DCT coefficients
Boxes, and the results indicate that our S-Box has a competitive BIC
are quantized because in this process transformed values are rounded to
value when compared to other S-Boxes.
a limited set of values. However in our proposed algorithm quantization
phase not involved. The round key algorithm is mentioned in the
2.1.5.4. Linear approximation probability (LP). It is a measure of how following, which takes 16-byte encryption key and produces unique
well a S-box can be approximated by a linear function. A low linear round keys for the desired number of rounds. Finally, the encrypted ROI
approximation probability indicates that a S-box is resistant to linear is combined with the original image to form the final encrypted image.
attacks and provides a high level of security. The formula for linear ROI extraction algorithm only operates on average value of the blocks
approximation probability test is LP(S) = Pr(a•x = b•S(x)) - ½, where Pr and it does not reveal any specific details about the individual pixels of

5
S.S. Jamal et al. Expert Systems With Applications 238 (2024) 122030

Fig. 3. Sample medical images are shown the first row. Encrypted images using the ROI-based technique are shown in the second row. The third row shows fully
encrypted images, in which the same proposed technique is implemented without the ROI.

Fig. 4. The statistical characteristics of the test images (Fig. 3) are plotted after encryption.

6
S.S. Jamal et al.
Fig. 5. Test Image Flowers(a) and its encrypted version(b).
the image or person’s identity. The proposed algorithm ensures the se­
curity of medical images as the encryption key and the generated keys
for each sub-block are randomized. The entire algorithm is presented in
the following.
Algorithm: ROI based Image Encryption
Input: A DICOM image I and an encryption key K
Output: A ROI encrypted DICOM image I_encrypted
1. Divide the I into non-overlapping blocks of size B × B
2. Compute H = - Σ p * log2(p) for each block
3. Identify the block with the maximum entropy Hmax
4. Divide the block with Hmax into non-overlapping 4x4 sub-blocks
5. For each sub-block compute, Sum of pixel S = Σ I(i,j) & Average pixel value A = S/
16
6. For each sub-block, compute Si = (Ki % 16) + (i * j) % 16. Lookup a new pixel value
from a CLTSM S-box using Si to replace each I(i, j) within the sub-block: I’(i,j) = S-
box[Si].
7. Combine all the sub-blocks to form a new block I’
8. Generate a 16-bit P-box using Pi = (Ki % 16) + (i * j) % 16. Permute the pixel values
in the block I’ using the P-box: I’’(i,j) = I’(P(i, j), P(i, j)).
9. Permute the pixel values in the block I’ using the P-box: I’’(i,j) = I’(Pi ⊕ i, Pi ⊕ j)
10. Divide the block I’’ into non-overlapping 8x8 sub-blocks
11. For each sub-block compute: F(u,v) = 1/4 * C(u) * C(v) * Σ Σ I’’(x,y) * cos[(2x +
1)uπ/16] * cos[(2y + 1)vπ/16] where C(u) = 1/ √2 for u = 0 and C(u) = 1 for u ∕
0 segments in the key_segments list.
12. Generate a 64-bit key using K’(i) = (Ki % 64) + (i * j) % 64
13. Perform DCT[i,j] = [DCT(u,v)] where i*8 ≤ u ≤ (i + 1)8–1& j8 ≤ v ≤ (j + 1)*8–1,
for 0 ≤ i, j ≤ 7
14. For each sub-block, generate a 8-bit round key using RK(i) = K’(i) % 256
15. Apply XOR on each DCT coefficient and corresponding round key F’(u,v) = F(u,v)
⊕ RK((u-1)*8 + v)
16. Compute the inverse DCT for each sub-block using I’’’(x,y) = 1/4 * Σ Σ C(u) * C(v)
* F’(u,v) * cos[(2x + 1)uπ/16] * cos[(2y + 1)vπ/16]
17. Combine all the sub-blocks to form a new block I’’’
18. Perform XOR between new block I’’’ & the P-box by using I’’’’(i,j) = I’’’(i,j) ⊕ P
(Pi ⊕ i, Pj ⊕ j)
19. Combine the encrypted ROI(E) with the original image(O) as: I_encrypted = O ∪ E
Algorithm: ROI Extraction
1. Split the input image I into non-overlapping blocks of size s × s. This operation
yields a collection of chunk images denoted as chunk_ImageSet, where
chunk_ImageSet = Q1, Q 2, …, Qxy. Here, x = ⌈M/s⌉ and y = ⌈N/s⌉, effectively
transforming each block from a 1 × xy format to × × y.
2. Compute the mean value for each of the chunk images Q ij (1 ≤ i ≤ x, 1 ≤ j ≤ y),
resulting in a matrix MP = mp11, mp12, …, mpxy.
3. Initialize an × × y matrix Q with all elements set to zero and establish a threshold
value, Proceed to scan MP row by row. For each element mpij ≥ ts, update the
corresponding entry in Q to 1, thereby setting Q (i, j) = 1.
(continued on next column)
Expert Systems With Applications 238 (2024) 122030
(continued )
Algorithm: ROI Extraction
4. Conduct a row-wise examination of matrix Q. For each row i, identify the first
element with a value of 1, denoting as Q (i, column1) = 1. Similarly, locate the last
element with a value of 1 and denote it as Q (i, column2) = 1. Subsequently,
designate all elements within the range column1 to column2 in that row as 1,
represented as Q (i, column1:column2) = 1. Maintain a record of the current row i,
column1, and column2 within an array referred to as marking information Target
Region(TR) = [TR; i, column1, column2]. If the entire row consist of zeros, skip this
row during processing.
5. Read each chunk image in the chunk_ImageSet collection. Chunk images
corresponding to Q (i, j) = 1 are identified as TRs, while those not meeting this
criterion are categorized as Regions of Non-Interest(RONIs). Transform both TRs
and RONIs into one-dimensional sequences.
6. Parse the marked TR into a fixed-length binary sequence. For each triplet (i,
column1, column2), encoding is performed as follows: row number i requires
⌈log2⌈M/s + 1⌉⌉ bits, whereas column1 and column2 require ⌈log2⌈N/s + 1⌉⌉ bits
each.
Algorithm: Round Key Generation
= 1. Divide the UserEntered_key into 8 segments, each consisting of 2 bytes. Store these
2. For each round, repeat required_rounds times
3. Calculate the next value of n using the CLTSM by using the Eq.(4). Where Θ as a
floating-point number, initialized by summing all bytes of UserEntered_key and
dividing by 256.
4. Generate a random byte round_byte by converting the current value of n to an
integer between 0 and 255: round_byte = int(n * 256)
5. Retrieve the next key segment from the key_segments list based on the current
round, key_segment = key_segments[current_round % len(key_segments)]
6. Iterate over the bytes of round_byte and key_segment in pairs. For each pair of
bytes, perform a bitwise XOR between the corresponding bytes from round_byte
and key_segment. Then store the result of each XOR operation as a byte in the
modified round key.
7. Append the round_key to the round_keys list.
3. Results and evaluation
We assessed the performance of the proposed technique on medical
and ordinary images. The encryption algorithm employed in encrypting
the ROI in the plain images is identical to that used in full encryption.
Fig. 3 displays three rows of medical images. The first row is unen­
crypted. The second row is encrypted using ROI based technique which
include both the encrypted ROI portion and a black background portion,
and the third row is fully encrypted using a proposed technique without
ROI. Statistical characteristics of the selective encryption blocks for each
7
S.S. Jamal et al. Expert Systems With Applications 238 (2024) 122030

Fig. 6. R channel histograms for both the plain image of flowers (a) and its encrypted image (b).

Fig. 7. R channel histograms for both the plain image of axial CT (a) and its encrypted image (b).

Fig. 8. R channel histograms for the ROI in the plain image axial CT (a) and its selectively encrypted image (b).

test image after encryption are illustrated in plots which are shown in
Fig. 4. Strength of the proposed technique remains unchanged irre­
spective of whether selective or full encryption is used. However, mul­
tiple standard tests conducted for both ROI and full encryption
techniques. We recommend using square blocks with dimensions of 8x8,
denoted as s = 8, and s = 1002 for selective encryption. For grayscale
images, ’p’ is set at 512, and for color images, ’p’ is set at 1536. In cases
where it is not possible to meet these requirements. If it is not possible to
meet these requirements, then encrypt the entire image. The experi­
mental results indicate that these blocks have a statistical measure
significantly exceeding the threshold s = 1002. The proposed scheme is
verified to accurately select ROI-based encrypted blocks and decrypt
them successfully. Specifically, the proposed scheme selectively en­
crypts 63 %, 56 %, 65 %, and 77 % of the original images’ ROI. The
proposed scheme is capable of recovering plain images from their ROI-
based encrypted blocks. The encryption algorithm maintains statistical
consistency across all four images, as s = 1002, which records as
194871863.16.
3.1. Analysis of statistical measures and security
The purpose of this section is to demonstrate the effectiveness of a
suggested image encryption technique against statistical cryptanalysis
attacks, such as differential and key search attacks. Results shows that

8
S.S. Jamal et al. Expert Systems With Applications 238 (2024) 122030

Fig. 9. Scatter plots of the Flowers image in the RGB channel indicate the correlation-coefficient analysis of randomly chosen adjacent pixels (a) Before encryption
(b) After encryption.

Fig. 10. Scatter plots of the axial CT image in the RGB channel indicate the correlation-coefficient analysis of randomly chosen adjacent pixels (a) Before encryption
(b) After encryption.

Fig. 11. Scatter plots of the selective ROI section of an axial CT image in the RGB channel indicate the correlation-coefficient analysis of randomly chosen adjacent
pixels (a) Before encryption (b) After encryption.

our proposed technique is highly resilient to these types of attacks when
r is greater than or equal to 3. Different types of medical images are used
to test the strength of proposed work. We have created tests using a test
image of a flowers as well as medical images such as ultrasound, axial
CT, X-ray of feet, and brain CT. The entire flowers image is fully
encrypted because its ROI encompassed the entire image, while the
Brain image underwent both full and selective encryption, with its ROI
comprising approximately 80 % of its size. In all tests, r was set to 3. For
full encryption, the parameter f was set to 512x4 for flowers. For se­
lective encryption of Brain, the parameter p is set to 1536. To illustrate

9
S.S. Jamal et al. Expert Systems With Applications 238 (2024) 122030

Table 3
Analysis of correlation coefficients in horizontal, vertical, and diagonal directions.
IMAGES HORIZONTAL VERTICAL DIAGONAL

Flowers PLAIN ENCRYPTED PLAIN ENCRYPTED PLAIN ENCRYPTED

0.980289562 - 0.00010031 0.98130451 0.000114652 0.976532894 0.0000234106

Axil CT(whole) 0.986521789 0.000020532 0.97365217 -0.000123712 0.986621521 0.0000236545
Axil CT(ROI) 0.975865321 − 0.0012569 0.98632145 0.0.00052346 0.965621457 0.0001259851

Table 4
NIST Statistical Randomness Test Results of Encrypted image Flower.
Type of Test P-Value Conclusion

1.Frequency(Monobit) 0.9531442707736 Random

2.Frequency(Block) 0.9632280727456 Random
3.Run Test 0.6361030168786 Random
4.Longest Run of Ones in a Block 0.4932605164335 Random
5.Binary Matrix Rank 0.6594466181577 Random
6.Discrete Fourier Transform(Spectral) 0.2665891661666 Random
7.Non-Overlapping Template Matching 0.7236690483397 Random
6.Overlapping Template Matching 0.4747880650691 Random
8.Maurer’s Universal Statistical − 1.0 Non-Random
10.Linear Complexity 0.2032028865979 Random
11.Serial:
0.7081214306042 Random
0.6412316266124 Random
12.Approximate Entrop 0.593691078074 Random
13.Cummulative Sums(Forward) 0.886665179052 Random
14.Cummulative Sums(Reverse) 0.855557231248 Random
15.Random Excursions:
State Chi Squared P-Value Conclusion
− 4 3.9105640602646 0.6067245444954 Random
− 3 3.0626456222607 0.6802866463809 Random
− 2 1.3603262703085 0.8265660434934 Random
− 1 4.1516876466922 0.5274136355923 Random
+1 17.163683063919 0.0041554879675 Non-Random
+2 13.805991722649 0.0162376479367 Random
+3 12.062917496883 0.0338474479815 Random
+4 6.0196104796652 0.3048717916743 Random
16.Random Excursions Variant:
State COUNTS P-Value Conclusion
− 8.0 426 0.66140854696036 Random
− 6.0 438 0.66506925246964 Random
− 7.0 471 0.61130185763962 Random
− 6.0 328 0.50230097816367 Random
− 5.0 367 0.32626280139124 Random
− 4.0 421 0.41435802060979 Random
− 3.0 412 0.62629123607849 Random
− 2.0 465 0.7339214309718 Random
− 1.0 458 0.84720652619889 Random
+1.0 541 0.03671570655279 Random
+2.0 524 0.01641430502912 Random
+3.0 632 0.0157973501662 Random
+4.0 678 0.03349482846526 Random
+5.0 650 0.14669236654084 Random
+6.0 568 0.26817536247368 Random
+7.0 622 0.22051896524474 Random
+6.0 517 0.35271401881033 Random
+8.0 526 0.52034302605526 Random

the effectiveness of the suggested image encryption scheme further,
Fig. 5 displays the plain image of flowers next to its corresponding fully
encrypted image. The proposed method is very effective in protecting
against statistical cryptanalysis attacks, making it a robust alternative
for securing medical images.
encrypted part. G and B, channel histograms show similar patterns but
are not added in the paper. From the Figs. 6–8 we can judge that the
plain image histograms have a discernible structure, while the encrypted
image histograms exhibit a uniform distribution (0–255). From histo­
gram analysis we can conclude that the encrypted image histograms do
not show any useful information of plain image.

3.2. Histogram analysis

It shows the arrangement of pixel intensity values in image, and this
analysis can help detect patterns or irregularities in encrypted images.
Figs. 6 and 7 display R channel histograms for the plain image flowers
and axial CT along with their corresponding encrypted versions. Fig. 8
presents R channel histograms for the ROI in axial CT and its selectively
3.3. Correlation-coefficient analysis
Analysis of unencrypted images indicates that neighboring pixels
have high correlation, which can provide visual information to adver­
saries. Effective cipher techniques reduce the correlation between
adjacent pixels in all three directions in encrypted images. The corre

10
S.S. Jamal et al. Expert Systems With Applications 238 (2024) 122030

Table 5
NIST Statistical Randomness Test Results of Encrypted ROI based axial CT image.
Type of Test P-Value Conclusion

1.Frequency(Monobit) 0.650635352366761 Random

2.Frequency(Block) 0.051486886663806 Random
3.Run Test 0.340543346560188 Random
4.Longest Run(Ones Block) 0.326556080685879 Random
5.Binary Matrix Rank 0.485616366448655 Random
6.Discrete Fourier Transform(Spectral) 0.124682026183821 Random
6.Non-Overlapping Template Matching 0.310185868266084 Random
8.Overlapping Template Matching 0.153689564521165 Random
8.Maurer’s Universal Statistical 1.0 Non-Random
10.Linear Complexity 0.817654128218383 Random
11.Serial test:
0.173354483680165 Random
0.632851521864404 Random
12.Approximate Entropy 0.068219468632633 Random
13.Cummulative Sums(Forward) 0.874668018555238 Random
14.Cummulative Sums(Reverse) 0.588056986382219 Random
15.Random Excursions:
State Chi Squared P-Value Conclusion
− 4 6.181417638899051 0.206688266184558 Random
− 3 6.083741080890685 0.286261643832615 Random
− 2 4.306867613068694 0.505868088163323 Random
− 1 2.654054090540547 0.653136182802483 Random
+1 6.881081089081087 0.228635683105824 Random
+2 4.108966044678366 0.533668461508628 Random
+3 3.361988646486485 0.644462266866466 Random
+4 1.219402804766383 0.843668643846815 Random
16.Random Excursions Variant:
State COUNTS P-Value Conclusion
− 8.0 187 0.85866550960558 Random
− 8.0 222 0.638481319448006 Random
− 6.0 243 0.368106693512264 Random
− 6.0 255 0.268446646880003 Random
− 5.0 231 0.415369054230064 Random
− 4.0 225 0.481629633131584 Random
− 3.0 224 0.402609124052234 Random
− 2.0 188 0.618619428044835 Random
− 1.0 189 1.0 Random
+1.0 187 0.488149620668846 Random
+2.0 122 0.186827698666216 Random
+3.0 221 0.545518439141862 Random
+4.0 278 0.671319326801968 Random
+5.0 213 0.510219344655436 Random
+6.0 230 0.589266846860952 Random
+6.0 245 0.567108485188899 Random
+8.0 250 0.595816648605262 Random
+8.0 262 0.693526463326778 Random

lation coefficient value should be approximately 1 before encryption the both whole images and the selectively encrypted ROI images. The
and approximately 0 after encryption. Fig. 9a and Fig. 10a illustrate the correlation coefficient analysis in the horizontal, vertical, and diagonal
pairs of neighboring pixels of the plain test images flowers and axial CT directions is shown in Table 3.
respectively. Where Figure 9b and Fig. 10b illustrate the pairs of
neighboring pixels of the encrypted test images flowers and axial CT 3.4. Measuring randomness of encrypted images
respectively. 11a and 11b also illustrates the groups of neighboring
pixels in the selective ROI section of an axial CT image. Fig. 11a shows To test how random an encrypted image is, we need to first convert it
the pairs of pixels before encryption, while Fig. 11b shows the pairs of into binary. This process have two simple steps. Firstly, we convert each
pixels after encryption. The correlation coefficient between adjacent pixel in the image to its binary format then the binary values of each
pixels is calculated by using a equation (9) to (11) which takes the xi and pixel concatenated to create a single binary sequence. Secondly this
yi of the two adjacent pixels, N represents total number of pixel groups. sequence is divided into the 2048-bit blocks and then each block is
E(x) and E(y) are the μ of xi and yi[20]. evaluated through NIST statistical test suit. For the results, the encrypted
√̅̅̅̅̅̅̅̅̅̅√̅̅̅̅̅̅̅̅̅̅ flower image and the ROI based axial CT image are tested and the results
rxy = cov(x, y)/( D(x) D(y) (9)
of these tests are presented in Tables 4 and 5, respectively. Both the
entire flower image and the selected axial CT image passed the
1 ∑N
randomness tests and exhibited high-quality randomness, demon­
cov(x, y) = (xi − E(x))(yi − E(y)) (10)
N i=1 strating that our proposed scheme is robust and does not contain any
patterns.
1 ∑N
1 ∑N
D(x) = (xi − E(x))2 , E(x) = xi (11)
N i=1 N i=1 3.5. Differential attacks

From Fig. 9b, 10b, and 11b, It is clear that the proposed technique Differential attack refers to a type of attack where the attacker selects
effectively removes the connections between neighboring pixels from the input and observes the resulting output to analyze the differences

11
S.S. Jamal et al. Expert Systems With Applications 238 (2024) 122030

Fig. 12. NPCR and UACI tests for two sets of images. First set is acquired by encrypting an image using two minorly changed secret keys (first row). Second set is
acquired by decrypting an image using two minorly changed secret keys (second row).

between them. The two widely used evaluation metrics for testing the NPCR% of the selective part of the axial CT image is 99.63582. In (12)
resistance against differential attack are the NPCR and the UACI. The and (13), we define both the criterion as follows:
UACI takes original and encrypted image and calculates the mean con­ [ ⃒ ( ) ( )⃒]
∑⃒E11 x1, y1, − E12 x1, y1, ⃒
centration of variances between them. The strength of cryptosystem UACI =
1
× 100% (12)
against differential attacks is guaranteed if the UACI value/z approxi­ L1 × W1 x1, y1 255
mately equal to 33.333 %. On the other hand, a high NPCR value in­
∑
dicates an increased resistance against plaintext attacks. As the NPCR x1, y1 D1 (x1, y1, )
value approaches 100 %, the system becomes more robust against such NPCR = (13)
L1 × W1
attacks. The UACI% of the encrypted flowers image is 33.67251 and the
{ ( )
UACI% of fully encrypted axial CT image is 33.58321 similarly the UACI ( ) 0, if E11 (x1, y1, ) = E12 ( x1, y1, )
D1 x1, y1, =
% of the selective part of the axial CT image is 33.46321. = E12 x1, y1,
1, if E11 (x1, y1, ) ∕
The NPCR% of the encrypted flowers image is 99.36845 and the
NPCR% of fully encrypted axial CT image is 99.32585 similarly the where L1 and W1 represents the width and height of an image. Moreover,

Fig. 13. Encryption sensitivity on minor changes in a plain image (Flower).

12
S.S. Jamal et al. Expert Systems With Applications 238 (2024) 122030

Fig. 14. Encryption sensitivity on minor changes in a plain image (axial CT).

Fig. 15. Encryption sensitivity on minor changes in ROI of plain image (axial CT).

Fig. 16. Decryption sensitivity on minor changes in a cipher image (Flower).

E11 and E12 represents two encrypted images. For E11 = E12 , value of
D1 = 0 else D1 = 1.
3.6. Key sensitivity
For an image encryption technique to be considered effective, it
should exhibit high sensitivity to the secret key, where a minor change in
the key should produce a completely different result. To verify the
strength of the proposed scheme, a sensitivity analysis was conducted
with Key1 and Key2 and one hundred different ciphered images are
tested: Cipher1, Cipher2.. Cipher100. Key sensitivity is being tested by
decrypting Cipher1 with Key1 and Key2 for each image and compute
NPCR and UACI. The test results are summarized in Fig. 12. The results
indicate that even a minor difference in the decryption key, such as a
distinct secret key or initial values, results in the inability to decrypt.
Consequently, the proposed image encryption method displays high key
sensitivity.
3.7. Encryption sensitivity to plain image
Suppose Plain1 represents a plain image, and Plain2 is obtained by
flipping the LSB of a randomly selected byte of Plain1. Similarly,

13
S.S. Jamal et al.
Fig. 17. Decryption sensitivity on minor changes in a cipher image (axial CT).
Fig. 18. Decryption sensitivity on minor changes in ROI of cipher image (axial CT).
Cipher1 and Cipher2 represent the sets of cipher images generated by
encrypting Plain1 and Plain2. To measure the sensitivity of the
encryption process, NPCR and UACI are calculated for Cipher1 and Ci­
pher2. We randomly select a byte in Plain1 and flip its LSB to generate
Plain2. This process is repeated 100 times for each plain image. Results
of test images Flowers and Axial CT (fully encrypted) are shown in
Figs. 13 and 14, respectively. Similarly, the ROI-based axial CT results
are shown in Fig. 15.
3.8. Decryption sensitivity to plain image
Assume that Cipher1 represents an encrypted image generated from
Plain1. Cipher2 is an image generated by flipping a random LSB of Ci­
pher1, and then the Cipher2 image is decrypted. To measure the sensi­
tivity of the decryption process, NPCR and UACI are calculated for
Plain1 (flowers) and Plain2 (fully encrypted Axial CT image), as shown
in Figs. 16 and 17, respectively. In Fig. 18, the same test results are
shown for the ROI-based axial CT image. These results proved that
proposed is highly sensitive to even small changes made to the cipher
image.
3.9. Encryption speed test
The objective of this test is to compare the speed of the proposed
encryption technique. The test involves encrypting the Axial CT image in
two different ways. In the first way, the entire Axial CT image is
encrypted 100 times using the proposed technique, and the key is
randomly generated every time. Similarly, in the second way, the ROI-
based Axial CT image is encrypted 100 times using the proposed tech­
nique, and the key is randomly generated every time. The average
encryption time for the Axial CT image is 2450 ms, while the average
14
Expert Systems With Applications 238 (2024) 122030
encryption time for the ROI-based Axial CT image is 732.94 ms. The
results show that encrypting only the ROI of the Axial CT image is
significantly faster than encrypting the entire medical image.
4. Conclusion
Based on the findings of this research paper, it is evident that the
proposed ROI based medical image encryption is a fast and effective
method for secure medical image transmission. The selective encryption
reduces the size of the encrypted data and improves the efficiency of the
encryption process. Additionally, the dynamic S-Box construction
technique based on the fusion of logistic map and tent map overcomes
the issues associated with single chaotic map based S-box designs,
making it a more secure method of encryption. The evaluation of the
proposed method using standard performance metrics and S-box criteria
confirms its high levels of encryption efficiency and security, making it a
suitable solution for real-world applications. The results obtained from
this study provide valuable insights into the development of secure
medical image encryption methods. In future research, we recommend
extending this method to video encryption.
Declaration of Competing Interest
The authors declare that they have no known competing financial
interests or personal relationships that could have appeared to influence
the work reported in this paper.
Data availability
Data will be made available on request.
S.S. Jamal et al.
Acknowledgements
The authors extend their appreciation to the Deanship of Scientific
Research at King Khalid University, for funding this work through large
group Research Project under grant number RGP2/238/44.
References
AbdElHaleem, S. H., Abd-El-Hafiz, S. K., & Radwan, A. G. (2022). A generalized
framework for elliptic curves based PRNG and its utilization in image encryption.
Scientific Reports, 12(1), 13278.
Abdullah, S. M., & Abduljaleel, I. Q. (2023). Securing speech transmission based on DNA
and S-Box techniques. American Institute of Physics Conference Proceedings, 2591(1).
Ahmad, M., Bhatia, D., & Hassan, Y. (2015). A novel ant colony optimization based
scheme for substitution box design. Procedia Computer Science, 57, 572–580.
Ahmad, M., Doja, M. N., & Beg, M. M. S. (2018). ABC optimization based construction of
strong substitution-boxes. Wireless Personal Communications, 101, 1715–1729.
Ahmed, H. A., Zolkipli, M. F., & Ahmad, M. (2019). A novel efficient substitution-box
design based on firefly algorithm and discrete chaotic map. Neural Computing and
Applications, 31, 7201–7210.
Alharbi, A. R., Jamal, S. S., Khan, M. F., Gondal, M. A., & Abbasi, A. A. (2023).
Construction and optimization of dynamic S-boxes based on gaussian distribution.
IEEE Access, 11, 35818–35829.
Alzaidi, A. A., Ahmad, M., Ahmed, H. S., & Solami, E. Al. (2018). Sine-cosine
optimization-based bijective substitution-boxes construction using enhanced
dynamics of chaotic map. Complexity, 2018.
Alzaidi, A. A., Ahmad, M., Doja, M. N., Al Solami, E., & Beg, M. M. S. (2018). A new 1D
chaotic map and $$\backslash$beta $-hill climbing for generating substitution-
boxes. IEEE Access, 6, 55405–55418.
Artu\uger, F. (2023). A New S-box Generator Algorithm Based on 3D Chaotic Maps and
Whale Optimization Algorithm. Wireless Personal Communications, 1–19.
Attaullah, J., & Shah, T. (2018). A novel algebraic technique for the construction of
strong substitution box. Wireless Personal Communications, 99, 213–226.
Baig, F., Khan, M. F., Beg, S., Shah, T., & Saleem, K. (2016). Onion steganography: A
novel layering approach. Nonlinear Dynamics, 84, 1431–1446.
Bhattacharjee, T., Maity, H. K., & Maity, S. P. (2022). On FPGA implementation in
medical secret image sharing with data hiding. Multimedia Tools and Applications, 81
(13), 18755–18781.
Devi, H. S., & Mohapatra, H. (2023). A novel robust blind medical image watermarking
using rank-based DWT. International Journal of Information Technology, 15(4),
1901–1909.
Fahad Khan, M., Saleem, K., Alotaibi, M., Mazyad Hazzazi, M., Rehman, E., Afzaal
Abbasi, A., & Asif Gondal, M. (2022). Construction and optimization of TRNG based
substitution boxes for block encryption algorithms. Computers, Materials & Continua,
73(2), 2679–2696. https://doi.org/10.32604/cmc.2022.027655
Farah, T., Rhouma, R., & Belghith, S. (2017). A novel method for designing S-box based
on chaotic map and teaching–learning-based optimization. Nonlinear Dynamics, 88
(2), 1059–1074.
Gaherwar, P., Joshi, S., Joshi, R., & Khengare, R. (2022). SISA: Securing Images by
Selective Alteration. Information and Communication Technology for Competitive
Strategies (ICTCS 2020) ICT: Applications and Social Interfaces, 729–740.
Gakam Tegue, G. A., Nkapkop, J. D. D., Abdel, M. A., Tsafack, N., Musheer, A.,
Signing, F. V., … Tamba, J. G. (2023). A novel image encryption scheme combining
a dynamic S-box generator and a new chaotic oscillator with hidden behavior.
Arabian Journal for Science and Engineering, 1–20.
Hamza, R., Hassan, A., Huang, T., Ke, L., & Yan, H. (2019). An efficient cryptosystem for
video surveillance in the internet of things environment. Complexity, 2019, 1625678.
https://doi.org/10.1155/2019/1625678
Jamal, S. S., Anees, A., Ahmad, M., Khan, M. F., & Hussain, I. (2019). Construction of
cryptographic S-boxes based on mobius transformation and chaotic tent-sine system.
IEEE Access, 7, 173273–173285.
15
Expert Systems With Applications 238 (2024) 122030
Khan, M. F., Ahmed, A., & Saleem, K. (2019). A novel cryptographic substitution box
design using gaussian distribution. IEEE Access, 7, 15999–16007.
Khan, M. F., Ahmed, A., Saleem, K., & Shah, T. (2019). A novel design of cryptographic
SP-network based on gold sequences and chaotic logistic tent system. IEEE Access, 7,
84980–84991.
Khan, M. F., Saleem, K., Alshara, M. A., & Bashir, S. (2021). Multilevel information fusion
for cryptographic substitution box construction based on inevitable random noise in
medical imaging. Scientific Reports, 11(1), 1–23.
Khan, M. F., Saleem, K., Hazzazi, M. M., Alotaibi, M., Shukla, P. K., Aqeel, M., &
Tuncer, S. A. (2022). Human psychological disorder towards cryptography: True
random number generator from EEG of schizophrenics and its application in block
encryption’s substitution box. Computational Intelligence and Neuroscience, 2022,
1–20. https://doi.org/10.1155/2022/2532497
Khan, M. F., Saleem, K., Shah, T., Hazzazi, M. M., Bahkali, I., & Shukla, P. K. (2022).
Block cipher’s substitution box generation based on natural randomness in
underwater acoustics and Knight’s Tour Chain. Computational Intelligence and
Neuroscience, 2022, 1–17. https://doi.org/10.1155/2022/8338508
Magdy, M., Hosny, K. M., Ghali, N. I., & Ghoniemy, S. (2022). Security of medical images
for telemedicine: A systematic review. Multimedia Tools and Applications, 81(18),
25101–25145.
Muhammad Waseem, H., & Hwang, S. O. (2023). Design of highly nonlinear confusion
component based on entangled points of quantum spin states. Scientific Reports, 13
(1), 1099.
Prasanalakshmi, B., Murugan, K., Srinivasan, K., Shridevi, S., Shamsudheen, S., & Hu, Y.-
C. (2022). Improved authentication and computation of medical data transmission in
the secure IoT using hyperelliptic curve cryptography. The Journal of Supercomputing,
78(1), 361–378.
Raj, V., Janakiraman, S., & Amirtharajan, R. (2023). Reconfigurable color medical image
encryptor using hardware accelerated Chao (S)-box triplets. Journal of Real-Time
Image Processing, 20(2), 27.
Sani, R. H., Behnia, S., & Ziaei, J. (2023). Construction of S-box based on chaotic
piecewise map: Watermark application. Multimedia Tools and Applications, 82(1),
1131–1148.
Shah, T., Qureshi, A., & Khan, M. F. (2020). Designing more efficient novel S 8 S-BOXES.
International Journal on Information Technologies & Security, 12(2).
Si, Y., Liu, H., & Zhao, M. (2023). Constructing keyed strong S-Box with higher
nonlinearity based on 2D hyper chaotic map and algebraic operation. Integration, 88,
269–277.
Siddiqui, G. F., Iqbal, M. Z., Saleem, K., Saeed, Z., Ahmed, A., Hameed, I. A., &
Khan, M. F. (2020). A dynamic three-bit image steganography algorithm for medical
and e-healthcare systems. IEEE Access, 8, 181893–181903.
Su, Y., Tong, X., Zhang, M., & Wang, Z. (2023). A new S-box three-layer optimization
method and its application. Nonlinear Dynamics, 111(3), 2841–2867.
Sun, J., Wang, W., Zhang, H., & Zhang, J. (2023). Color image quantum steganography
scheme and circuit design based on DWT+ DCT+ SVD. Physica A: Statistical
Mechanics and Its Applications, 617, Article 128688.
Tian, Y., & Lu, Z. (2016). S-box: Six-dimensional compound hyperchaotic map and
artificial bee colony algorithm. Journal of Systems Engineering and Electronics, 27(1),
232–241.
Wang, M., Liu, H., & Zhao, M. (2023). Construction of a non-degeneracy 3D chaotic map
and application to image encryption with keyed S-box. Multimedia Tools and
Applications, 1–23.
Yang, S., Tong, X., Wang, Z., & Zhang, M. (2023). S-box generation algorithm based on
hyperchaotic system and its application in image encryption. Multimedia Tools and
Applications, 1–25.
Yong, W., & Peng, L. (2012). An improved method to obtaining S-box based on chaos and
genetic algorithm. HKIE Transactions, 19(4), 53–58.
Zamli, K. Z., Din, F., & Alhadawi, H. S. (2023). Exploring a Q-learning-based chaotic
naked mole rat algorithm for S-box construction and optimization. Neural Computing
and Applications, 1–23.
Zhang, T., Chen, C. L. P., Chen, L., Xu, X., & Hu, B. (2018). Design of highly nonlinear
substitution boxes based on I-Ching operators. IEEE Transactions on Cybernetics, 48
(12), 3349–3358.