Robust Image Encryption With Scanning Technology, the El-Gamal Algorithm and Chaos Theory

Digital images are the most frequently used signals to convey information in the internet era. The security of these images is the primary concern in rapidly changing networked environments. In this research, we present a novel approach to secure images by integrating a scanning technique, the El-Gamal public key cryptosystem and chaotic systems. In brief, zigzag and spiral scanning are used first to construct a permuted image. Then, the El-Gamal encryption algorithm is exploited to encrypt the permuted image. Finally, Lorenz and Rössler chaotic sequences are utilized to scramble the pixel locations in the confusion and diffusion stages. This last step that mixes two stages can fortify the entire security performance and enlarge the key size. Exhaustive analysis has been carried out on the SIPI (signal and image processing institute) dataset to assess the efficiency and security of the proposed method. Numerical and visual results indicate the capability of the proposed image cryptosystem to protect images against several known attacks. In addition, the comparative analysis results indicate that the proposed approach outperforms the compared approaches in terms of the visual quality and security criteria.


I. INTRODUCTION
Digital images are widely utilized in a wide spectrum of applicable services. The images are transmitted through public communication channels and the internet [1]. However, exchanging images in this way increases the possibility of threats by unauthorized persons changing or stealing these images [2]. The most effective tool to prevent such adversary threats to digital images is cryptographic encryption/decryption algorithms [3], [4]. These tools are used to scramble images during storage, transmission and processing. Symmetric and asymmetric cryptosystems are the two basic types of these algorithms. Symmetric encryption schemes are also called shared key cryptosystems, since they need only a single key to do encryption and decryption operations. The symmetric algorithms are classified as stream and block ciphers. The RC4 algorithm is an example of a stream cipher, whilst the Data Encryption Standard (DES) and Advanced Encryption Standard (AES) algorithms are examples of block ciphers [5], [6]. On the other hand, The associate editor coordinating the review of this manuscript and approving it for publication was Md. Asikuzzaman . asymmetric cryptosystems have two different keys that are applied in the encryption and decryption phases. The first key is the encryption key (or public key), which is utilized by the sender to encrypt plain images, while the decryption key (or private key) is utilized by the recipient to decrypt scrambled images. Examples of asymmetric cryptography are the El-Gamal and RSA algorithms. Adopting earlier encryption algorithms has a large impact on the computation time and power because these algorithms need complex processing operations to perform permutation, substitution and key scheduling. Hence, it is necessary to develop hybrid security algorithms that combine encryption algorithms and biometrics to obtain more secure and efficient algorithms [7], [8].
Recently, chaotic systems have been used heavily to develop robust cryptographic algorithms [9]. These systems have proved their ability to create very strong defences against different kinds of attacks. In addition, the systems provide a good balance of the efficiency, security and speed, which makes them the best candidate to secure digital images. Chaotic systems possess several interesting characteristics, including erratic behaviour, boundedness, deterministic nature, high sensibility to system parameters/initial values, non-periodicity, transitivity, simplicity and pseudo randomness. All these nonlinear properties make chaotic systems effective methods to protect digital images in various kinds of environments. However, applying chaotic systems in the cryptographic domain faces some difficulties. For example, some cryptosystems employ low dimensional chaotic maps in their security algorithms. These maps are characterized by their simple construction and high velocity of producing chaotic series. On the other hand, low dimensionality maps possess short periodicity, which degrades their dynamic chaotic characteristics within the finite precision execution of a computer. Consequently, the opponent can easily obtain the secret keys of the chaotic system. Furthermore, chaotic systems with low dimensionality possess small key sizes, which results in weakened security. Hence, adopting chaotic systems with high dimensionality significantly improves the security by increasing the nonlinearity. Hence, this kind of chaotic system has been widely utilized in image security [10]- [12].
Different cryptosystems have been proposed for image security. The researchers in [13] utilized a phase retrieval technology, the fractional Mellin algorithm, to protect digital images. The strength of this approach is using spatial filters in the Fourier transform domain, namely, radial Hilbert and toroidal plate masks. In addition, the author in [14] presented a colour image security scheme based on chaotic systems. High randomness in the data and a large key space for this scheme are obtained by applying chaotic systems with multiple parameters. In addition, other researchers [15] partitioned digital images into four sections by adopting the quaternary principle in order to encode every section individually. Then, the DNA process and chaotic Chen system are sequentially applied to drastically modify the input image information. In [16], the authors proposed a secure scheme that relies upon chaotic sequence and comprehensive sensing technology. A greyscale image is shuffled via zigzag coding after converting it using the wavelet transform. Then, the image is compressed and encrypted via a skew tent map and embedded inside the transported image. In [17], they compressed and encrypted an input colour image by executing an enhanced cat map. After that step, the image was encrypted using the El-Gamal cryptography algorithm and diffused by the 3D Lorenz system. Another hybrid approach [18] is proposed by executing the rules and operations of the DNA algorithm and the Henon-Sine chaotic map to secure digital images that were sent throughout the internet. Furthermore, other authors [19] introduced a new three-dimensional chaotic map by merging a logistic map with a piecewise map. Then, this new chaotic map is utilized to encrypt colour images. Additionally, the researchers in [20] merged compression and cryptographic techniques by utilizing chaotic maps, the Kd-tree and hierarchical wavelet trees. Moreover, there is an interesting approach in [21] that adopted the zigzag scan methodology and cellular automata to confuse the coefficients of a greyscale image. Then, a chaotic system is applied to perceive and compress the shuffled image to obtain a final secure image. In another direction [22], the hash value of an image is used as the seed value for Rossler and piece-wise linear chaos systems. Then, chaotic systems are employed to shuffle and diffuse the pixels of an image. [23] Introduced a novel approach to encrypt and shuffle a colour image by applying a new 1D chaotic map called the coupled sine map. Furthermore, [24] suggested an encryption approach that utilized scrambling and diffusion operations. The scrambling process is achieved by integrating Tent and staged Logistic maps combined with a composite map while the diffusion process is achieved by applying a Hopfield neural network. A fast image encryption mechanism is presented in [25] that is based on a new chaotic lattice model. The new chaotic map in this scheme is exploited to generate a secret key to scramble and diffuse the image pixels. The final image cipher has a good ability to resist various kinds of attacks. In another paper, a colour image is divided into (4 × 4) parts, and then each part is further divided into (16 × 16) blocks [26]. Secret keys are generated in this technique by employing a new 3D chaotic map, and then these keys are permutated with the blocks to obtain the encrypted image. In [27], a fivedimensional hyper chaotic system is implemented to produce pseudo random sequences. The initial values of the algorithm are generated via secret keys and a hash function. Image pixels are swapped to perform the permutation process whereas the diffusion process is performed by adopting cyclic shift technology. In addition, the researchers in [28] proposed an approach to join the spiral scan, the random partition of the overlapped blocks of an image and (Henon and Lü) chaotic systems to secure an image and then spiral scanning was adopted for pixel scrambling after splitting the image into overlapped blocks. After that step, an XOR process between the scrambled image elements and a private matrix generated from a Lü map is calculated to create the encrypted image. Moreover, there are other approaches that use the device hardware capabilities to design an efficient chaotic systems. For instance, the authors in [29] proposed a novel chaotic sequences generator based on large precision arithmetic. This approach is to encrypt digital images by using chaos cryptosystems leads to improve the system security and also increases the key space size dramatically. Another research by the same authors in the similar direction [30] is used to enhance the randomness of 5D chaotic system by utilizing PIC microcontroller. The generated chaotic map is the main tool to encrypt grayscale digital images sent through wireless telecommunication channels Also, there is an attractive approach in [31] that integrates a DNA encoding scheme, hyper chaotic maps and dynamic filtering to protect digital images. The objective of all earlier mentioned approaches is to produce unrecognizable images. However, the efficiency and security of these approaches need to be carefully considered. Relying on this assumption, a new image security scheme to encrypt grey and colour images is proposed. This scheme is based on using scanning technology, the El-Gamal public key cryptosystem and chaos theory. The major contributions of this work are summarized as follows: (1) utilizing scan technique, El-Gamal algorithm and chaotic systems to build a powerful color image encryption mechanism (2) the usage of image scanning technique into two different directions has improved significantly the scrambling process of input image pixels. (3) Precise usage of high dimensional chaotic maps to increase the key space size and to enhance image security method. (4) confusion and diffusion stages are merged into one stage to resist several known attacks.
The remainder of this paper is organized as follows. The background is described in Section II, the proposed methodology is explained in Section III, the image security simulation results are analysed in Section IV, the image security analysis is illustrated in Section V, and the comparative analysis results are presented in Section VI. Finally, Section VII is devoted to the conclusion.

II. BACKGROUND
In this section, we elaborate the main components of our approach that consist of scanning technology, the El-Gamal public key cryptosystem and chaos theory as follows.

A. SCANNING ARRANGMENTS
In general, all naturalistic images are characterized by possessing the robust relationships among their adjacent pixels such that the prediction of any pixel value may be reasonably easy from its neighbouring pixel values. To improve the entropy value and reduce the tight relations among image pixels, scan methodology is adopted to shuffle the pixel positions in the input image. A scan word refers to various scanning methods for two dimensional images. For an (n × n) image, the number of generated scan pathways is (n × n)! when utilizing the scanning technique. The scan pathway for an ordinary image merely represents an order such that every pixel in the image is visited exactly once. The encryption process also determines the proper scanning pathways. The set of scan pathways in the encryption operation should be kept confidential because they form the cryptographic key. The achieved security level is high, and it is difficult to extract the secret key by employing existing calculation techniques. Scan technology is used in various applications such as data hiding, compression and encryption [32].
Zigzag and spiral scanning are the most popular methods to convert a two-dimensional matrix-like (m, n) image into a (1, m × n) one dimensional vector. By utilizing these two technologies, the relationships among adjacent pixels in the input image are demolished. The adjacent pixels in the twodimensional image are very dispersed and detached into the one-dimensional vector [32], [33]. Zigzag and spiral pathways are employed in this approach to scramble the locations of the pixels in the plain image. Using this method, the powerful relationships among image pixels can be disturbed, which results in a stronger cryptographic algorithm. For the zigzag pathway, the starting point is the pixel at the position of (1, 1), which means that the navigation begins from the first pixel and proceeds in the same direction until it finishes at the last pixel in the lower right. For a spiral pathway, the starting point is the pixel at the position of (2, 2), which indicates that the traversal starts from that pixel and moves in the same direction until it ends at the last pixel in the lower left. An example of a 4 × 4 matrix is shown in Fig. 1 (c) and the generated vectors by employing zigzag and spiral pathways ( Fig. 1 (a) and Fig. 1 (b), respectively) are clarified in Fig. 1 (d) and Fig. 1 (e), respectively. Different starting points in the matrix can give different permutation impacts. Therefore, applying zigzag and spiral scans with these two different starting points can ameliorate the degree of scrambling degree, which consequently increases the algorithm's security.

B. El-GAMAL CRYPTOGRAPHIC ALGORITHM
El-Gamal is an asymmetric key cryptosystem invented in 1985 by Taher El-Gamal. This algorithm represents an alternate method for the RSA public key cipher [34]. The major difference between the El-Gamal and RSA algorithms is that RSA security relies upon the difficulty of factorizing large prime numbers whereas El-Gamal security relies on the difficulty of calculating the discrete logarithm modulus of large prime numbers. The discrete logarithm issue is a notably difficult problem in mathematics because it depends mainly on conjuncture to obtain all the potential solutions for it. Thus, breaking this cryptographic system is almost unattainable or it requires an extremely long time. The main advantage of the El-Gamal technique is that the same plaintext message results in a different ciphertext message every time it is encrypted.
Key production, encryption and decryption are the three phases of the El-Gamal algorithm that are briefly described as follows.

C. KEY PRODUCTION
The key production procedure in the El-Gamal algorithm is described below [34].
1. An integer number g and a prime number p are chosen randomly such that g is a root of p − 1. 2. Another random number x is selected randomly from the interval [1, . . . , p−2], where x represents the secret key. 3. y is calculated as follows: y = g x mod p, where y denotes to the public key. The confidential key of the El-Gamal cryptosystem is represented by x while the public key involves the triple (p, g and y).

D. ENCRYPTION PHASE
The encryption procedure in the El-Gamal algorithm is described below [34].
1. The public key (p, g and y) is obtained from the transmitter.

A random integer number
is computed as follows: c 1 = g k mod p, c 2 = m × y k mod p, where m symbolizes that the secret message needs to be encrypted. Then, (c 1 , c 2 ) is transferred to the receiver.

E. DECRYPTION PHASE
The encrypted message (c 1 , c 2 ) along with the secret key x and the prime number p are utilized to retrieve the plain message m by computing the following: m = c 2 (c 1 ) x mod p [34].

F. CHAOTIC SYSTEMS
Chaos phenomenon is a clear reality that appears in dynamical nonlinear systems. Chaotic systems are characterized by possessing complicated structures and are highly sensitive to the initial and control parameters. Therefore, it is natural to upgrade image security technology via chaotic ciphers. Within the construction of the presented security approach, the Lorenz system and Rössler system are employed to secure digital images. The description of these systems is given below.

G. LORENZ SYSTEM
This system is one of the most famous chaotic systems that was established by the scientist Lorenz in 1963. The Lorenz system is described via three-dimensional independent equations:ẋ where a, b and c denote the control parameters and x 0 , y 0 and z 0 represent the initial states. To be in a chaotic state, the typical values of the system parameters should be 10, 8/3, and 28, respectively, for a, b and c [35].

H. RÖSSLER SYSTEM
A Rössler system is a three-dimensional chaotic generator that was designed by Rössler in 1970. The simple state equations of Rössler are given as follows: In the above equations, x 0 , y 0 and z 0 are the initial seeds; and a, b and c are the system constants. Rössler is considered a nonlinear ergodic system when the values of a, b and c are set as 0.2, 0.2 and 5.7, respectively [36].

III. PROPOSED METHODOLOGY
We elaborate our proposed methodology to secure digital images in this section. It is composed of scan technologies, the El-Gamal public key algorithm and chaotic systems.
There are three phases in this approach, which are image partitioning, image scanning (or scrambling) and image encryption/decryption. In the first phase, the image is vertically partitioned into two equal blocks. Next, in the second phase, the pixels in the left image block are scrambled by adopting the zigzag pathway ( Fig. 1 (a)) whereas the pixels in the right image block are scrambled by adopting the spiral pathway ( Fig. 1 (b)). After that step, the resultant vectors from these two pathways are merged into one matrix to construct a newly modified image (the details of this matrix will be explained later). Finally, the El-Gamal algorithm is applied to the modified image in order to produce a secure digital image. To improve the system security and increase the entropy (by minimizing the correlation among image pixels), chaotic systems are exploited to execute primordial cryptographic processes (i.e., confusion and diffusion). A three dimensional Lorenz chaotic system is applied on the encrypted image obtained from the third phase to achieve the confusion operation by randomly varying the pixel locations. After that step, a three-dimensional Rössler system is employed to conduct the diffusion operation by changing the image pixel values to eventually obtain the ciphered image. In addition, we have to mention that the secret keys consist of information about constant parameters, the initial states of the chaotic systems and the secret keys of the El-Gamal cryptosystem. The block diagram of the proposed approach is illustrated in Fig. 2.

A. ENCRYPTION PROCEDURE FOR GRAYSCALE IMAGE
The details of the greyscale image encryption operation are detailed below as follows.
Step1: The original image A (m, m) is vertically separated into two equal blocks to get A 1 m, m 2 and A 2 m, m 2 . Step2: The pixel arrangement within the left image block A 1 m, m 2 is shuffled using zigzag scanning ( Fig. 1 (a)) to get the resultant vector Step3: The pixel arrangement within the right image block A 2 m, m 2 is shuffled using spiral scanning ( Fig. 1 are reshaped to the same size to acquire C 1 m, m 2 and C 2 m, m 2 , respectively. Step5: To increase the permutation degree, C 1 m, m 2 and C 2 m, m 2 are integrated into one matrix as follows. Suppose that C 1 and C 2 are the matrices shown in Fig. 3 (a) and Fig. 3 (b) respectively, each with a size of (8 × 4). To form matrix D in Fig. 3 (c), the first column of C 1 represents the first column of D, the first column of C 2 represents the second column of D and so on. In other words, the columns of C 1 represent the odd columns in D(1, 3, 5, . . .) and the columns of C 2 represent the even columns in D (2, 4, 6, . . .). After that, matrix D is flipped from bottom to top to get the matrix D 1 (8,8). This matrix (D 1 ) corresponds to the newly modified matrix D 1 (m, m) . Step6: The El-Gamal algorithm is applied to the image matrix D 1 after setting the parameters p, g, y, and k to get the encrypted pair (E 1 , E 2 ) as follows: Step7: Three chaotic sequences x, y and z are created via a Lorenz system according to (1) by utilizing its initial and system parameters values, where each sequence has a size of (1, m × m) . Step8: Reshape x, y and z with the same size of E 2 to acquire x 1 , y 1 and z 1 , respectively. Then, x 1 is used to scramble E 2 's pixels as follows: The random numbers produced by x 1 are sorted in ascending order using (5). d x symbolizes the new sequence generated after sorting x 1 in ascending order while l x denotes to index value of d x . Based on the index l x , the pixels in E 2 are permutated in rows (i) and columns (j) according to (6) to get the confused image F (m, m) . Step9: Three chaotic sequences x , y and z are created via the Rössler system according to (2) by utilizing its initial and system parameters values, and each sequence has a size of (1, m × m) . Step10: Reshape x , y and z to the same size of F to acquire x 1 , y 1 and z 1 , respectively. Then, x 1 is used to diffuse the confused matrix F's pixels by applying the bitwise XOR process as follows: where G represents the diffused image or the eventual encrypted image.

B. ENCRYPTION PROCEDURE FOR COLOUR IMAGE
The details of the colour image encryption operation are given below as follows. block R 1 m, m 2 is shuffled using zigzag scanning ( Fig. 1 (a)) to get the resultant vector Step 6: The pixel arrangement within the right image block R 2 m, m 2 is shuffled using spiral scanning ( Fig. 1  Step13: The El-Gamal algorithm is applied to matrices D 1 , D 2 and D 3 , respectively, after setting the parameters p, g, y, and k to get the encrypted pairs (Q 1 , Q 2 ), (Q 1 , Q 3 ) and (Q 1 , Q 4 ), respectively, as follows: Step14: Three chaotic sequences X , Y and Z are created via the Lorenz system according to (1) by utilizing the initial and system parameter values, and each sequence has a size of (1, m × m) . Step15: Reshape X , Y and Z to the same size of Q 2 to acquire X 1 , Y 1 and Z 1 , respectively. Then, X 1 is used to scramble the pixels in Q 2 , Q 3 and Q 4 as follows: The pixels in Q 2 , Q 3 and Q 4 are permutated in rows (i) and columns (j) according to (13), (14) and (15), respectively, to get the confused images Step16: Three chaotic sequences X , Y and Z are created via the Rössler system according to (2) by utilizing its initial and system parameters values, and each sequence has a size of (1, m × m) . Step17: Reshape X , Y and Z to the same size of F 1 to acquire X 1 , Y 1 and Z 1 , respectively. Then, X 1 is used to diffuse the confused matrices F 1 , F 2 and F 3 pixels by applying matrices F 1 , F 2 and F 3 pixels by applying the bitwise XOR process as follows: where W 1 , W 2 and W 3 represent the diffused images. Step18: Concatenate the three matrices W 1 , W 2 and W 3 to get the final encrypted image W with a size of (m, m * 3).

C. IMAGE DECRYPTION PROCEDURE
The image decryption procedure is the opposite operation of the encryption procedure. The above encryption steps (in sections A and B) can be applied in inverse order to recover a plain image. The decryption procedure begins from the encrypted images G or W (in sections A and B) and finishes up with the input images A or P. Note that without knowing the secret keys of the Lorenz, Rössler, and El-Gamal systems or the secret pathways of the scan techniques, it is very difficult to recover the original image.

IV. IMAGE SECURITY SIMULATION RESULTS
Many experiments have been conducted to validate the robustness, efficiency, and security of the proposed approach. To produce valid results, standard images are used in these experiments. The SIPI image database contains this set of digital images. This database includes four groups of images: Textures (64 images), Aerials (38 images), Miscellaneous (39 images) and Sequences (69 images). Our experiments were performed on these groups of images as follows: all the images in the first group, the first 20 images in the second group, 24 images for the third group, and finally the first 34 images in the fourth group. The results of these experiments will be shown separately later as curves due to space limitations. A sample of these images (grey and colour) that are sized 512 × 512 from the SIPI database is shown in Fig. 4. The MATLAB 2013a simulation software is employed in this research to implement image cryptosystem under Windows 7 operating system environment. In addition, a personal computer (laptop) with an Intel (R) Core (TM) i3 2.4 GHz CPU and 4 GB of installed memory (RAM), is used to execute the scientific experiments. The secret parameters utilized in our experiments are set as follows.
For the El-Gamal algorithm, p = 17, g = 6, x = 5, y = 7, and k = 10.   Fig. 5 that the grey and colour information within the input images is effectively concealed. In addition, the images that were reconstructed in Fig. 6 by employing the right secret keys are identical to the original input images. This implies that the suggested image security approach can effectively encrypt different types of grey and colour images and safeguard their confidential data. Furthermore, the original images can be readily recovered when the encrypted images are transferred to their authorized recipients.

V. IMAGE SECURITY ANALYSIS
This section is devoted to measuring and analysing the security of the image encryption/decryption approach. Statistical, differential and key exhaustive search analyses are used to investigate the viability and effectiveness of our proposed approach as follows.

A. HISTOGRAM ANALYSIS
An image histogram is a significant statistical analysis tool. It is a schematic method that exhibits the distribution of image pixels at every grey level intensity. A good cipher should provide a flat and uniform histogram to prevent statistical attacks [37], [38]. Fig. 7 is shows the histograms of the unencrypted and encrypted Cameraman and Lena colour images (RGB channels). We can notice from Figs. 7 (a) and (c)-(e) that the histograms of the unencrypted images contain many peaks whereas the histograms of the encrypted images in Figs. 7 (b) and (f)-(h) contain pixel values at the extremist points of the histogram. It can be noticed that information leakage via a statistical attack is difficult on encrypted image. Hence, the proposed method can successfully prevent this type of attack. Chi-square analysis can also be used to measure the histogram uniformity. The chi-square definition is described as follows [27], [38]: where o i and e i denote the observed and expected frequencies, respectively. The ideal theoretical value for X 2 is 293.25 for 255 degrees of freedom and a significance level of 0.05. The results of the chi-square analysis for the sample images (Fig. 4) are given in Table 1. All outcomes produced by the presented scheme for the encrypted images in this table are smaller than the ideal value, which indicates the uniformity of the histogram. Hence, our proposed method passed the X 2 test.

B. IMAGE ENTROPY ANALYSIS
It is an important measure to test image randomness which can be calculated as follows [39], [40]: where X points to a random variable, which is defined as X = {x 0 , x 1 , x 2 , . . . , x n }; P represents the probability of the symbol x i and n denotes the image size. The theoretical ideal entropy value should be equal to 8. Larger entropy values imply a high secured cryptographic method. The outcomes of the computed entropies for the sample images and their encrypted versions obtained via our method are reported in Table 1. The entropies of all the encrypted images are close to 8, which shows that the suggested approach generates perfectly random output images; thereby, it possesses strong immunity to entropy analysis. However, the global entropy (Eq.(20)) has some weaknesses such as low efficiency, inaccuracy and inconsistency. Local entropy analysis is used to overcome these weaknesses and to measure the encrypted image randomness over local non-overlapping blocks. The local image entropy is calculated as follows: where S 1 , S 2 , . . . , S k refer to the non-overlapping blocks, which are randomly selected from the encrypted image with T B pixels and H (S i ) is the global entropy of S i . When k and T B are equal to 30 and 1936, respectively, the local entropy should be in the interval [7.901901305, 7.903037329] to meet the security requirements [9], [20], [22], [25]. Table 1 lists the test outcomes of the local entropy produced by our scheme for the sample images. The local entropy scores in this table for all encrypted images are greater than the optimal interval; hence, the proposed cryptosystem has high randomness to tolerate the local Shannon entropy test.

C. CORRELATION ANALYSIS
Correlation analysis is used to quantify the degree of association among the image pixel values. Typically, adjacent pixels in a normal image are characterized by possessing strong relationships. Effective cryptographic methods should lessen this relation in the encrypted image to prevent any pixel relation analysis attack [41], [42]. In general, a smaller correlation  between neighbouring pixels in the encrypted image means a stronger cryptographic algorithm. The correlation coefficient (r xy ) can be calculated in any specific direction (vertical, horizontal or diagonal) by randomly choosing several pairs of adjoining pixels. r xy is defined as in the following formulas: where x i and y i form the pair of adjacent pixels in the image; and D, E, and cov symbolize the variance, mean, and covariance, respectively. Five thousand (5000) neighbouring pixel pairs are randomly chosen in the experiments from the same position of the output and input images to compute the correlation coefficients along the horizontal, vertical and diagonal directions to verify the algorithm's performance.
The calculated correlation coefficients for unencrypted and encrypted images are shown in Table 2. It can be found from the numerical results in Table 2 Table 2 and Figs. (8)(9)(10) imply that the relation among adjacent pixel pairs in the plain image can be effectively broken in the encrypted image by the proposed image encryption approach.

D. PEAK SIGNAL TO NOISE RATIO (PSNR)
The peak signal to noise ratio is a common metric used to quantify the quality of an image in terms of the mean squared error (MSE). This metric measures the amount of  error difference between plain and encrypted images as follows [43], [44]: where X and Y denote the encrypted and unencrypted images, respectively; and N × N indicates the image size. A high MSE and a low PSNR mean a greater difference between the output and input images. Table 1 illustrates the PSNRs and MSEs of the images tested by our proposed approach. It is clear from Table 1 that the MSEs are notably large, whereas the PSNRs are notably small, for each tested image. These results prove the high distortion in the encrypted image, which means that the proposed technique possesses good performance in terms of image diffusion and confusion.

E. STRUCTURAL SIMILARITY INDEX MEASURE (SSIM)
SSIM is a popular measure used for computing the visual difference between the plain and encrypted images. The SSIM value between two images I 1 and I 2 is computed as follows [19], [26], [40]:   where µ I 1 and µ I 2 refer to the averages of I 1 and I 2 , respectively; σ I 1 I 2 is the covariance between I 1 and I 2 ; α and β represent the constants; and σ 2 I 1 and σ 2 I 2 are the variances of I 1 and I 2 , respectively. The lower the SSIM is, the better the encryption algorithm is. The outcomes of the SSIM for the test images are illustrated in Table 1. It is evident from the reported scores in Table 1 that the introduced mechanism can destroy the similarity between the original test images and their corresponding encrypted images.

F. DIFFERENTIAL ANALYSIS
The best known method to weaken a cryptographic algorithm is the chosen-plaintext attack using differential analysis. Generally, the attacker initially produces two plain images that differ by one bit only. Next, an encryption scheme is implemented on both images by employing the same keys. After that, a comparison is made in order to monitor the differences between the two generated encrypted images. The relation between the original and encrypted images may be a helpful way to determine the secret keys. A differential attack may be impractical and not robust if a one-bit variation of the original image impacts each bit in the corresponding encrypted image. Two common indices called the Unified Average Changing Intensity (UACI) and the Number of Pixels Change Rate (NPCR) are often utilized in practice by researchers to quantify a system's ability to resist a differential analysis. The UACI and NPCR are calculated as follows: where C 1 symbolizes the first encrypted image while C 2 symbolizes the second encrypted image after modifying one pixel in the unencrypted input image [45]- [48].
The critical values of the NPCR index are shown in Table3. The values of this anaylsis are calculated for different kinds of tested images such that each image size is (512×512) with the significance levels of 0.05 (99.5893%), 0.01 (99.5810%) and 0.001 (99.5717%) respectively [49]. It is evident from the experimental results in Table 3 that the the values of NPCR for all cases are larger than critical values which implies that the presented proposed chaotic cryptosystem passed all required NPCR analysis tests successfully. The critical values of the UACI index are shown in the Table 4. The values of this anaylsis are calculated for different kinds of tested images such that each image size is (512×512) with    the significance levels 0.05 (33.3730%, 33.5541%),0.01 (33.3445%, 33.5826%) and 0.001 (33.3115%, 33.6156%) respectively [49]. It is obvious from the UACI values in this table that index values within the range of critical values except for Goldhill, Lake, Elaine and Airplane images. Hence, this observation indicates that the presented approach possesses a powerful diffusion mechanism and it is also has high sensitivity to the tiny changes in the plaintext such that can prevent differential analysis attacks.
The encryption results of the four image groups in the SIPI database (section IV) in terms of the chi-square analysis, global entropy, and correlation analysis in three directions; the MSE; the PSNR; the SSIM; the UACI and the NPCR are clarified in Figs. (11-14).
The chi-square test results are shown in the Figs. 11 (a), 12 (a), 13 (a) and 14 (a) respectively. We have noticed form these experimental results that the test scores are smaller than their ideal value (293.25). Such obseravtion implies that the proposed approach passed the X 2 test for the four image groups in SIPI image dataset. Next, the global entropy test results are shown in the Figs. 11 (b), 12 (b), 13 (b) and 14 (b) respectively. The scores are generally less than 8, while these scores are very close to 8 in the encrypted images as shown in the Figs. 11 (c), 12 (c), 13 (c) and 14 (c) respectively. This means that the presented scheme produces encrypted image with excellent randomness and passed global entropy test for the four SIPI image groups. Next, for the correlation analysis in horizontal, vertical and diagonal directions in Figs. 11 (d, e, f), 12 (d, e, f), 13 (d, e, f) and 14 (d, e, f) respectively, the correlation value is close to 1 due to the strong relationship between pixels in the input image along the three directions. However, these values fluctuate between positive and negative values (or in other word close to 0) in the output image along three directions as illustrated in Figs. 11 (g, h, i), 12 (g, h, i), 13 (g, h, i) and 14 (g, h, i) respectively. Such observation means that the suggested algorithm can lessen the correlation between the image pixels and also it pass the correlation coefficient test for the all images in the SIPI dataset. For the MSE test in Figs. 11 (j), 12 (j), 13 (j) and 14 (j) respectively, the outcome values are very large. In contrary to the PSNR outcomes in Figs. 11 (k), 12 (k), 13 (k) and 14 (k) respectively, are very low. Such opposite behavior between MSE and PSNR demonstrates that the difference between input and output image is extremely high. It is also proves that proposed approach produces encrypted images with high distortion for the different kinds of images in the SIPI dataset to defeat differential attack and increase dissimilarity between plain and encrypted images.

G. KEY SPACE ANALYSIS
Key space analysis represents the group of all possible keys that can be utilized in an image security system. A good encryption method should possess considerable key space in order to possess enough security to resist an exhaustive attack. Broadly, the key space size should be greater than 2 100 [21], [50], [51]. The secret key in the presented work basically contains the confidential key x of the El-Gamal mechanism; the initial parameter values of the Lorenz system that are utilized in the permutation phase of x 0 , y 0 , z 0 , a, b, and c; and the initial parameters values of the Rössler system that are utilized in the diffusion phase of x 0 , y 0 , z 0 , a, b, and c. Then, the total number of these keys is 13 and their size is 10 13 . If every key has a calculation accuracy of 10 −15 in a computer, then the key space will reach 10 13 × 10 15 = 10 195 ≈ 2 648 bits. Moreover, if the zigzag and spiral scanning pathway technologies are considered as secret keys, then the inclusive key space of the introduced method is much greater than 2 100 , which is big enough to prevent an exhaustive attack.

H. KEY SENSITIVITY ANALYSIS
Key sensitivity analysis guarantees that no information can be uncovered about a plain image if there is a tenuous modification in the secret keys. This implies that a minor variation in the encryption and/or decryption keys should VOLUME 8, 2020 yield a large deformity in the encrypted and unencrypted images [40], [52]. The key sensibility affects the cryptographic operation by employing slightly modified keys to encrypt the same input image. The Grey Lena image (Fig. 4  (b)) is utilized as the input image and its encrypted version obtained via the right secret keys is illustrated in Fig. 5 (b). Now, one of these keys (for instance, x of the El-Gamal algorithm) is modulated with a variation ( = [(10)]^(−14)) whilst maintaining the other parameters constant. Next, this modulated key with the original keys is used to encrypt the input image to get the encrypted image, as presented in Fig. 15 (a), whereas Figs. 15 (c), 15 (e), 15 (g), 15 (i) and 15 (k) clarify the subsequent images obtained by applying other wrong secret keys. To visually observe the variation in the resultant encrypted images, the differences between the right encrypted image (Fig. 5 (b)) and those consequent encrypted images are explained in Figs. 15 (b), 15 (d), 15 (f), 15 (h), 15 (j) and 15 (l). It can be concluded from the results in Fig. 15 that the encrypted images have a large variation, even if a trivial change occurs to one of the secret keys. We can prove the immunity of our proposed approach to the attacks on the key by observing the difference between the original and encrypted images in terms of the UACI, NPCR, MSE, PSNR and SSIM, as shown below.
From the values in Tables 1, 3 and 4, it is obvious that a small changing key leads to more than 99% of the pixels being altered in the encrypted image. Moreover, the correlation between the original encrypted image and the wrong encrypted images are tabulated in Table 5. The correlation scores in each case of Table 5 are near to zero, which demonstrates that the encrypted images are extremely different from each other. Fig. 15 and Table 5 prove the high sensitivity of the cryptosystem to the ciphering keys. The key sensibility has an impact on the decryption operation, and it is verified by decrypting the encrypted image using one altered key and keeping the others constant. The same modified secret keys in the encryption operation are employed to decrypt the encrypted Grey image Baboon (as in Fig. 5(c)) and the restored images are shown in Fig. 16. Clearly, the decryption outcomes in this figure with incorrect keys yield noisy images and no beneficial information about the input image can be revealed from them. Table 6 shows the UACI, NPCR, MSE, PSNR, SSIM and correlation values between the plain and decrypted images. The encryption/decryption keys are acquired from slightly altered in the original keys. Table 6 shows that the MSEs are high while the PSNR, SSIM and correlation values are so low. Additionally, the UACIs and NPCRs are extremely large and near their ideal or critical values, which indicates that the difference between plain and decrypted images is more than 99%. Fig. 16 and Table 6 confirm the high sensibility of the proposed approach to the decryption keys.
Based on the above discussion, we can say that our approach is very sensible to any change in the confidential keys, which makes it able to withstand an exhaustive attack.

I. TIME AND COMPLEXITY ANALYSIS
Time is an important feature for real-time applications to assess the efficiency of an encryption algorithm [38]. The computer configuration that is used to implement this algorithm was mentioned in section IV. First, the encryption process consists of four stages: the scanning (zigzag and spiral), El-Gamal cryptosystem, confusion and diffusion processes. Second, the time is recorded for each stage and the overall encryption time is also computed for all the tested images (shown in Fig. 4). Figs. 17 (a) and 17 (b) present the overall encryption times of the grey and colour images with different sizes (from 128 × 128 to 1024 × 1024) in Figs. 4 (a-f) and Figs. 4 (g-l). It can be noticed from these figures that if the image size is increased, the encryption time is also increased for all tested images. For instance, the encryption time for the 128 × 128 Cameraman image increases from 0.0794s to 6.4376s if image size increased to 1024×1024. Furthermore, we found that the scanning stage took the longest time in comparison with the El-Gamal algorithm encryption stage with the least processing time. For example, the execution time for the scanning operation is 0.041959s while the execution time for the El-Gamal operation is 0.000897s for 128 × 128 Cameraman image. Fig. 17 (c) shows the total encryption time for different sized Cameraman image. According to this figure, the execution time for each stage of the encryption process increases gradually with the image size such that the execution time of these operations increase from 0.018734s (for an image size of 128 × 128) to 1.231179s (for an image size of 1024 × 1024). In addition, the colour image takes much longer time than the grey image because it consists of three channels: Red, Green and Blue. Fig. 17 (d) clarifies the differences between the total encryption time for the grey and colour Lena images with different sizes. It is clear from the visual comparison between the two curves in Fig. 17 (d) that the grey image takes less time than the colour image. For the 256 × 256 grey Lena, the total encryption time is 0.2378s, whereas for the 256 × 256 colour Lena, the total encryption time is 0.7858s. Based on the time analysis in Fig. 17, it can be concluded that the total encryption time of our proposed approach for the sample tested images is small. Hence, this approach is a promising candidate to encrypt images with different sizes.

J. RANDOMNESS ANALYSIS
The random numbers produced by a chaotic system should be analysed with several tests to check their randomness before usage. There are common standard tests used to achieve this purpose such as the TestU01, Diehard and NIST tests.
The NIST test package consists of fifteen tests in total recommended via NIST US. All these statistical tests are executed by utilizing 100 series with the stream of length (i=1000000bits) for each chaotic system used in this work. The NIST tests are based on P-value. If the obtained P-value ≥ α in each test, where α refers to the significance level (or the decision rule) and α = 0.01, then the generated binary sequence is random and it passes the test with a confidence of ninety-nine percent. Otherwise, if P-value < α, then the produced sequence is not random and it fails the test with a confidence of ninety-nine percent [25], [31], [41]. In addition, if the success proportion is larger than 96%, then the produced sequence passes the 15 NIST tests. Table 7 is used to present the outcomes of the NIST tests for the binary sequences used in our approach. These sequences are produced by the two chaotic systems mentioned earlier in the presented method. This table reveals that the produced sequences via this cryptosystem are random and pass the NIST tests.
TestU01 is also performed in order to test the randomness level of the chaotic systems employed in the proposed VOLUME 8, 2020  method. TestU01 contains six tests. The first three tests are utilized for sequences of random numbers in U (0, 1), these tests are Small crush, Crush, and Big crush. The other three tests are used for bit or binary sequences, these tests are Rabbit, Alphabit, and Block alphabit. Crush employs 96 statistical tests, Big crush employs 106 tests, while Rabbit and Alphabit use 38 and 17 various tests respectively. 1000000 bits are utilized in the presented work for each generated sequence in each test whilst the other parameters are selected automatically in each test as a function of the available number of generated bits. Block alphabit test utilizes the tests of Alphabit repeatedly in a binary file, the bits in this file are reordered then stored in blocks with various sizes, for example, the block size can be 2 or 4 or 8 or 16 bits [53]. The results obtained by implementing TestU01 on the binary sequences generated by the chaotic systems used in this approach are reported in Table 8. It is clear from the TestU01 scores in this table that the success proportions for all the six tests are larger than 96% which demonstrates that the generated sequences obtained via Lorenz and Rössler systems are totally random and pass the statistical TestU01. We conclude from Tables 7 and 8 that the produced numbers for each sequence of the chaotic system used in this algorithm are random and can pass each test in the NIST and TestU01 successfully.

K. IMMUNITY TO ATTACKS ANALYSIS
This subsection is devoted to explaining the immunity of the proposed approach to specific kinds of important attacks. Occlusion is the first attack on the images, which greatly affects the decrypted image at the receptor [27], [28], [44]. Different sized blocks are removed from the Peppers encrypted image (Fig. 5 (i)) in order to create several attacked encrypted images, as exemplified in Figs. 18 (a-e). Then, these attacked images are decrypted to obtain images as represented in Figs. 18 (f-j). Additionally, we have calculated the MSEs, PSNRs, SSIMs and correlation coefficients between the unencrypted and encrypted images, as  shown in Table 9. Fig. 18 and Table 9 exhibit that the relation between the occlusion size and the quality of decrypted image is monotonically decreasing. It means that if the size of the occlusion increased, then the quality of the decrypted image decreased.
For example, when the percentage of occlusion is 1/8, then the MSE, PSNR, SSIM and r xy values are 1265.2, Chosen plaintext and known plaintext image attacks are serious attacks in cryptography. Usually, the opponent in these attacks chooses a special plain image, for instance, a white image or black image, to attack the image security schemes by eliminating confusion and diffusion functions to obtain the secret keys [9], [24], [54]. Those two attacks are applied on black and white input images as shown in Fig. 19 (a) and Fig. 19 (d), respectively. Additionally, the corresponding encrypted versions with their histograms are illustrated in Figs. 19 (b), (e), (c) and (f), respectively. In addition, Table 10 is used to present the entropy, MSE, PSNR, SSIM, UACI, NPCR, and correlation coefficient scores for the encrypted black and white images. We can notice from Fig. 19 and Table 10 that the obtained encrypted images are noisy and the distributions of their histograms are reasonably uniform. All the metric values in Table 10 prove that the proposed approach can successfully resist these two kinds of attacks. Noise is the most influential attack on encrypted images. Examples of theses noises are Poisson, salt and pepper, and Gaussian, which have serious effects on the security of digital images [22]. If the information of an encrypted image is distorted by noise, then retrieving the decrypted image is notably difficult. To sum up, we can say that our proposed approach have good immunity against  several known attacks to the information security community and industry professionals.
In our experiments, Gaussian and salt and pepper noises are added to the encrypted image with various densities in order to analyse the capability of the proposed

VI. COMPARATIVE ANALYSIS
In this subsection, we present a comparison between our approach and the state of art approaches in terms of the key space size, entropy, UACI, NPCR, correlation coefficient, MSE, PSNR, SSIM, and total encryption time. The comparative results are shown in the Tables (12-16) respectively. Table 12 shows the MSE and PSNR metric scores. The results indicates that the presented method achieves larger MSE scores and smaller PSNR scores in comparsion with Refs. [19] and [55] for colour Lena image. However, the results of those two metrics in the [23] and [26] are very close for all compared images. Also, the earlier mentioned approaches achieved lower SSIM values than our proposed approach. The key space size is straight proportional to the number of initial conditions and control parameters of the chaotic system utilized in the algorithm. Or in another word, the cryptosystem security relies on the secret key security [31]. Therefore, using Lorenz and Rössler systems in the proposed scheme yields in increasing the key size space as shown from the results of the key space comparison in Table 13. This table reveals that the proposed approach possesses the largest key space size among the compared approaches except for [29]. Table 14 show the global entropy, UACI, NPCR and correlations in three directions. The results in the Table 14 reveals that the entropy scores of our approach are nearly close to those obtained by other approaches except for [18]. Besides, this approach records better values for UACI and correlations than other references and higher results in terms of NPCR except for [31], [42], [44] and [48] for gray Lena image. For gray Baboon image in Table 14, this technique achieves same results as the other methods except for [9] in the means of global entropy and better scores in terms of UACI and correlation coefficients. Also, it achieves higher or equal to those results obtained via other methods except for [9], [35] and [44] in terms of NPCR test. For Goldhill image in Table 14, this scheme has larger values in terms of global entropy except for [42] and it got better scores values in the means of NPCR and correlations along three directions. For Lake image in Table 14, the proposed algorithm attains better results than [20] in terms of entropy, UACI, NPCR and correlation coefficients. For color Lena image in Table 14, the gained outcomes are better in terms of global entropy except for [29]. Further, it attains higher scores in terms of UACI and correlations, but the techniques in [1], [19], [26] and [35] achieve better outcomes in terms of NPCR. For color Baboon image in Table 14, this image cryptosystem gets better entropy and correlation values than the current references, but the obtained NPCR values in [23], [26] and [35] are better. For Peppers image in Table 14, the entropy, UACI and correlation scores acquired via this method are larger whilst Refs. 26 and 35 attain larger NPCR scores. Finally, For Airplane, Splash, and Barbara images in Table 14, this mechanism has higher entropy, UACI, and correlation values except for the NPCR results. The presented scheme possesses the shortest encryption time than compared methods as illustrated in Table 15. The comparison of the PSNRs and SSIMs under a Gaussian noise attack of different densities is exhibited in Table 16. The larger SSIMs and PSNRs in this table manifest that the introduced cryptosystem can restore the decrypted image under a noise attack with better quality. Finally, Tables (12)(13)(14)(15)(16) provide us with sufficient evidence that the proposed approach for image security is an efficient and fast image encryption method.
As a future work, we suggest to combine other information security technologies with the proposed chaos based cryptography approach. Such technologies may be biometrics, multifactor authentication techniques, deep learning algorithms etc. Such merged technologies provide reliable solutions in very vulernable environments for different kinds of threats and attacks.

VII. CONCLUSION
This research introduces a novel image security approach to protect digital images by utilizing a scan mechanism, the El-Gamal asymmetric key cryptosystem and chaotic systems. The scrambling phase yields a higher shuffling level to improve the image security in terms of the confusion and diffusion phases. The Lorenz chaotic system is adopted for the resulting permutated images to confuse the relation between the grey image pixels by changing their locations, whereas the Rössler chaotic system is applied to the obtained confused images to diffuse the image pixels through varying their values to gain a second layer of encryption. The visual and numerical results prove that the proposed approach can effectively resist statistical, differential, and exhaustive attacks and it has potent immunity to most widespread attacks. In future work, we will use other kinds of chaotic systems, cryptographic algorithms and biometrics to make stronger cryptosystems that can resist most attacks.