Multimedia Encryption

DR. KHALED W. MAHMOUD

Kulkarni, Multimedia Encryption: A Brief Overview 1

Remember
Permutation based techniques can be broken easily. weak against known
plaintext and chosen ciphertext attacks.
 Chosen-ciphertext attack: an adversary has a chance to enter one or more known
ciphertexts into the system and obtain the resulting plaintexts. From these pieces of
information the adversary can attempt to recover the hidden secret key used for decryption
 Chosen-plaintext attack: the attacker has the capability to choose arbitrary plaintexts to be
encrypted and obtain the corresponding ciphertexts.
 Ciphertext-only attack: the attacker is assumed to have access only to a set of ciphertexts.
 Known-plaintext attack: the attacker has samples of both the plaintext and its encrypted
version (ciphertext)

2
Conventional Cryptography
 Naive encryption: The simplest way to encrypt multidimensional Pixel data of an image
multimedia data is, to consider it as a 1-D data stream and encrypt comprises intensity values
with any available cipher like DES, AES [0, 255]. When using
 Unfortunately, most conventional cryptographic schemes such as conventional algorithms
AES, DES, TDES, RSA are typically designed to protect textual data to encrypt images, the
more efficiently. encrypted value for a pixel
is set as per the
 These techniques are not suitable for real-time image encryption,
encryption key used, and
due to the inherent properties of images which are different from
as the pixel value repeats
textual data.
in an image multiple times
1. Large size data,
(data redundancy), that
2. High redundancy of data, value could easily be
3. Strong correlation among adjacent pixels. guessed by the adversary.

3
What's Making Multimedia Encryption
Different?
 Complexity:
◦ Multimedia encryption and decryption techniques require a lot of computational
resources, time, and power due to processing of big data.
◦ Hence, the complexity of encryption and decryption process becomes an important
consideration while designing a practical cryptosystem.

An encryption alg. which is considered best is one which takes less computational time
without compromising the security.

4
…
 Perceptibility:
◦ Perceptual Encryption: Means encryption of multimedia data in a way to make
encrypted content partially perceptible without access to the decryption key i.e.
some content is allowed to leak out even after encryption.
◦ The main purpose of multimedia encryption is to provide content (visual)
degradation rather than complete secrecy.
◦ whereas military or financial applications require highest protection level with zero
perceptibility.
◦ Different level of secrecy requires different multimedia encryption scheme with varied
complexity and cost.
• Multimedia encryption should be designed to meet, the desired perceptibility level with
minimal complexity.

5
…
 Multi-level Encryption:
◦ A single encrypted code stream should support multiple accesses.
◦ Multi access encryption allows different users to obtain different version of
multimedia data from a single encrypted code stream.
◦ A user can access only those types and levels that he or she is authorized to.
◦ Multi level encryption is an elegant enabling technology to support the business
model of ”what you see is what you pay” with a single encrypted code stream.

6
…
 Error Resilience:
◦ Encryption scheme propagates a single bit error in cipher text to almost entire
decrypted plaintext, especially, if the cipher employed is block cipher.
◦ It is highly undesirable that the encrypted stream cannot be decoded when bit errors
are introduced, which frequently occur in multimedia applications over wireless
networks due to network imperfections
◦ So a well designed multimedia cryptosystem should minimize the effect of error
propagation on visual degradation

7
Note that
◦ In text-based encryption, the decrypted text should always be identical to the original
text, i.e., in order to decrypt the original message each bit must be recovered very
precisely.
◦ However, there is no such requirement for digital multimedia applications, since a
minute change in the attribute of the pixel of an image does not drastically degrade
the quality of the image

8
…
 Format compliant:
◦ Encryption is the multimedia encryption method that keeps the format information
unchanged. In this method, the encrypted media data can be decoded or browsed by
a general decoder or player
◦ Any standard decoder should be able to decode the encrypted bit stream without
decryption.

9
Multimedia Encryption Techniques
 Multimedia encryption techniques can be applied either in
◦ Spatial domain
◦ cannot withstand various attacks present in the communication channel.
◦ important parts cannot be identified in spatial domain which are required to
achieve advanced functionalities
◦ Transform domain.
◦ Due to the limitations of spatial domain, encryption in transform domain is widely
implemented

10
…
 Multimedia encryption techniques can be classified into two categories:
◦ Total encryption: encrypt the whole data in the media
◦ Selective encryption: encrypt only a part of data

 Multimedia encryption techniques can be executed:

◦ Before compression
◦ During compression
◦ After compression

More details in next slides

11
Encryption after/before Compression?
 Encryption and compression algorithms share one big commonality. Both produce high
entropy output.
◦ Compression aims for reducing content size by removal of redundancies leading
naturally to high entropy output.
◦ Encryption tries to hide content by transforming data into high-entropy data streams.
 Encryption can be combined with compression at any of the three stages:
1. Before compression (A),
2. During compression (B, C, D)
3. After compression (E).

12
…
 One method is to compress the media first and then
encrypt.
◦ Compression removes the redundancy of data and so it
squeezes out information that might be useful to a
cryptanalyst.
◦ Leads to a little overhead due to additional headers in
compressed code stream, which is acceptable for most
practical cryptosystems.

Compression algorithms add headers to the compressed

stream to be used during decompression.

13
…
 An alternative would be to encrypt before compression:
◦ but it would not be as efficient in terms of bandwidth because encrypted information
looks random and is therefore hard to compress
◦ Encryption before compression disturbs the structural and statistical properties of
multimedia data, leading to much reduced compressibility

In most cases, performing encryption prior to

compression causes bandwidth expansion

14
…
 Joint Compression and Encryption  During compression (B, C, D)

15
…
Note1: Even though lossy Note2: The approach of encrypting only
compression schemes are generally data field and keeping header field
acceptable for most applications. But unencrypted is not completely secure.
for some applications like medical Unencrypted headers can be exploited by
imaging any form of loss is not an adversary to extract basic information of
acceptable. In these cases the images the protected content.
and video are generally stored in
lossless or uncompressed format.

16
Total (complete, hard) Encryption:
 Entire multimedia stream is encrypted without looking at the importance of
various parts of multimedia data.
◦ (+) Simple and straightforward
◦ (-) Time consuming process
◦ (-) it would be impossible to search through a general database of fully encrypted
images

17
Selective Encryption
 Some recent works explored a new way of securing the content, named, partial
encryption or selective encryption, soft encryption, light weight encryption,
perceptual encryption, by applying encryption to a subset of a bit-stream.
 The main goal of selective encryption is to reduce the amount of data to encrypt
while achieving a required level of security.
◦ (+) consumes less computational resources.
 The general approach is to separate the content into two parts.
◦ The first part is the public part, it is left unencrypted and made accessible to all users.
◦ The second part is the protected part; it is encrypted. Only authorized users have access
to protected part. One important feature in selective encryption is to make the
protected part as small as possible.

18
 The peak signal-to-noise ratio (PSNR) is the
common criterion used to evaluate visual
degradation.
…
 Perceptual encryption: In some applications (video on demand, database search, etc.),
it could be desirable to encourage customers to buy the content. For this purpose, only
a soft visual degradation is achieved, so that an attacker would still understand the
content but prefer to pay to access the full-quality unencrypted content.
◦ The main purpose of perceptual encryption is to produce a cipher code-stream that is
degraded, yet recognizable or playable version of the original multimedia content
without decryption.

In Database search, selectively encrypted content can be used as low-quality previews

that are made public. This preview will be used as a catalog to select content and pay to
be able to decrypt and view it.

19
…
 Hard visual degradation: However, for sensitive data (e.g., military images /
videos, etc.), hard visual degradation could be desirable to completely disguise
the visual content  make the entire multimedia content incomprehensible.

20
Selective Encryption In Spatial Domain
1. Region based encryption(zone of encryption):
◦ The Region of Interest (ROI) i.e. the sensitive area which have to be encrypted
is selected and only these selected coordinates are encrypted.

21
…
 [Yekkala et al.] proposed lightweight encryption of images in spatial domain by
encrypting only those blocks that contain edges. In the proposed scheme:
◦ Image is divided into non-overlapping fixed size blocks
◦ Standard edge techniques like sobel-edge detector can be applied on these blocks.
◦ The blocks having number of bits greater than the predefined threshold are
encrypted.
◦ The perceptual degradation can be controlled by adjusting the threshold value.

22
…
2. Bit plane encryption:
◦ Image is divided into number of bit planes. Among all the bit planes only some of the
bit planes are being encrypted. Now combination of all encrypted and non-encrypted
8-bit planes will give the encrypted image.
◦ The number of MSB planes to be encrypted will depend upon the level of security
required
◦ Most of the information within an image is present in its most significant bit planes,
and hence encrypting the most significant bit-planes is sufficient for purpose of
confidentiality.

23
…
 [Podesser]: a selective bitplane encryption (using AES) is proposed, several
experiments were conducted on 8-bit grayscale images, and the main results retained
are the following:
◦ (1) encrypting only the MSB is not secure.
◦ (2) encrypting the first two MSBs gives hard visual degradation,
◦ (3) encrypting three bitplanes gives very hard visual degradation.

24
Selective Encryption Techniques In DCT Domain
 Exploit the importance of DC and AC coefficients to obtain varying levels of
security.
◦ [Tang] proposes many algorithms:
1. DES encryption of DC coefficients and replacing the zigzag scan of the AC coefficients by a
random permutation.  The visual degradation achieved is very high
2. permutation of all AC coefficients while keeping DC coefficient unencrypted.  perceptual
degradation
3. random permutation of DC coefficients  makes the image incomprehensible.

25
…
◦ [Kunkelmann]: encrypting the bit stream of leading n DCT coefficients in each DCT
block.  contours remain visible
◦ [Droogenbroeck] : encrypt all DCT coefficients except the DC coefficient.
◦ [A. Massoudi]: Randomly change the signs of all DCT coefficients high-visual
degradation

26
Algorithms in Python

27
AES in Python
Main Steps • Create an object from AES class and pass
• Import AES related packages the key, iv and block mode
• (pip install pycryptodome) • Call encrypt or decrypt function. The output
is Bytes object
• Construct a key of 16 bytes : 128 bit
• Truncate the bytes array to the original size.
• Construct an iv vector of 16 bytes : 128 bit Note: truncating to the original size may
• Load the image into 1-dim numPy object results in a wrong decryption for the last
• Increase the length of the 1-d array to be a pixels
multiple of 16 (block size) • Convert the bytes array to unit8 array
• Convert numPy to bytes using toBytes() • Reshape the 1-d into 2-dim (or 3 dim)
function • Save and display

28
… AESBasics.py
imgEncAES.py

from Crypto.Cipher import AES temp=temp.tobytes()

key = b'Sixteen byte key' cipher = AES.new(key,
iv = b'0000000000000000' AES.MODE_CBC, iv)
img = Image.open(r"139.jpg") Bytes = cipher.encrypt(temp)
img.load() Bytes = Bytes[0:len(arr)]
arr = np.asarray(img, dtype="uint8") encI = np.frombuffer(Bytes,
H, W, D = arr.shape dtype="uint8")
arr = arr.flatten() arr = encI.reshape((H, W, D))
temp = img = Image.fromarray(arr)
np.zeros(math.ceil(len(arr)/16)*16,
dtype="uint8") img.show()
temp[0:len(arr)] = arr img.save(r"..\images\enc.png")

29
Remember: CBC mode

30
How To Extract Specific Bit?
Method1: Shift operator:
n = 200 n = 120
bstr = np.binary_repr(n, width=8) 11001000 print(np.binary_repr(n, width=8)) 01111000
print(bstr[7])  0 (bit at plane 0) m = n >> 1
print(m)  60
Method2:
print(np.binary_repr(m, width=8)) 00111100
n = 200  11001000
print(n & (1 << 3))  8
m = n << 1
print((n & (1 << 3)) >> 3)  1
print(m)  240
print(n & (1 << 6))  64
print(np.binary_repr(m, width=8))  11110000
print((n & (1 << 6)) >> 6)  1
print(n & (1 << 2))  0
print((n & (1 << 2)) >> 2)  0

np.binary_repr: return a string contains a binary representation of a given integer

31
 How to extract a specific plane? How to merge set of planes?
def extractPlaneNo(arr, i): # merge planes from p1 to p2
plane = 255 * ((arr & (1 << i)) >> i) def mergePlanes(planes, p1, p2):
plt.imshow(plane, cmap='gray', vmin=0, vmax=255) s = np.zeros(planes[0].shape)
plt.axis('off'), plt.title(f"P#{i}") for i in range(p1, p2+1):
plt.show() s = s + ((planes[i]/255).astype(np.uint8) << i)
return plane return s
Why we divide by 255?

How to extract a all planes?

def extractPlanes(arr): Be sure to merge the planes according to the
return np.array([extractPlaneNo(arr, i) for i in range(8)]) way you extract them.
# shape = (8, H, W)

32
Bit Plane Encryption bitPlaneSlicing(1).py

33
 bitPlaneSlicingScramble.py
def scramblePlanes(planes, PNumbers, key):
R, C = planes[0].shape

Scramble only
rng = np.random.default_rng(seed=key)
idx = np.arange(0, R*C)
rng.shuffle(idx)
for i in PNumbers:
planes[i] = planes[i].flatten()[idx].reshape(R, C)
return planes

34
Un-Scramble only

def unscramblePlanes(planes, PNumbers, key):

R, C = planes[0].shape
rng = np.random.default_rng(seed=key)
idx = np.arange(0, R*C)
rng.shuffle(idx)
for i in PNumbers:
arr2 = np.zeros(R*C)
arr1 = planes[i].flatten()
for j in range(len(arr1)):
arr2[idx[j]] = arr1[j]
planes[i] = arr2.reshape(R, C)
return planes

35
 Bit Plane Encryption: AES
 Since the encrypted plane consists of [0 3. Now, you are ready to encrypt the result of
… 255] values, this plane can not be previous step. You my need to extend the
merged again in its correct place. length to be a multiple of 16
 Here is how to bypass this problem: 4. Truncate the encrypted sequence to its
original size (i.e. before multiple of 16)
1. Extract the needed plane and reshape it to
1-dim array which is a multiple of 8 in 5. Use np.unpackbits to convert each decimal
length. You may need to extend the length number to a binary number
to be a multiple of 8 6. Truncate the unpacked bits to its original
2. Use np.packbits to convert each row to a size (i.e. before multiple of 8)
decimal value 7. Reshape the output to the original size of
the plane and merge it in the correct place

Note: you can extend the length to be multiple of 16 from the first step and this will work for the remaining
steps

36
 … bitPlaneSlicingEncAES.py

def EncryptPlanes(planes, PNumbers, cipher): Bytes = cipher.encrypt(temp2.tobytes())

H, W = planes[0].shape Bytes = Bytes[0:len(temp1)]
for i in PNumbers: BytesNP = np.frombuffer(Bytes, dtype="uint8")
arr = planes[i].flatten()//255 temp3 = np.unpackbits(BytesNP)
temp = np.zeros(math.ceil(len(arr)/8)*8, “uint8") temp3 = temp3[0:len(arr)]
temp[0:len(arr)] = arr temp4 = temp3.reshape(H, W)*255
temp1 = np.packbits(temp.reshape(-1, 8)) planes[i] = temp4
temp2 = np.zeros(math.ceil(len(temp1)/16)*16, "uint8") return planes
temp2[0:len(temp1)] = temp1

37
Note
 packbits: Packs the elements of a binary-valued array into bits in a uint8 array. The result is
padded to full bytes by inserting zero bits at the end.
 unpackbits: Unpacks elements of a uint8 array into a binary-valued output array
 a = np.array([[2], [7], [23]], dtype=np.uint8)
 b = np.unpackbits(a, axis=1)  [[0, 0, 0, 0, 0, 0, 1, 0],

[0, 0, 0, 0, 0, 1, 1, 1],
[0, 0, 0, 1, 0, 1, 1, 1]],
dtype=uint8)
 c = np.packbits(b, axis=1)  [ [ 2], [ 7], [23]]
DCT in Python TestDCT.py

import numpy as np x = np.array([1, 2, 3, 4, 5, 6, 7, 8])

from scipy.fft import dctn, idctn, dct, x1 = dct(x)
idct x2 = idct(c)
print(np.allclose(x2, x))
rng = np.random.default_rng()
a = rng.standard_normal((16, 16))
b = dctn(a, norm='ortho')
b = dctn(a) # norm=ortho is equal to MATLAB dct(x)
a1 = idctn(b)
print(np.allclose(a1, a))

np.allclose: Returns True if two arrays are element-wise equal within a tolerance

39
Block-based DCT in Python
 Steps: def BlockDCT(arr):
H, W = arr.shape
1.Read the image and convert it
H1 = math.ceil(H/8)*8
to numPy object W1 = math.ceil(W/8)*8
2.Expand the image so that it can arrExp = np.zeros([H1, W1])
be divided into 8x8 blocks arrExp[0:H, 0:W] = arr
arrDCT = np.zeros([H1, W1])
3.Transform each block into its
for i in np.arange(0, H1-7, 8):
DCT domain
for j in np.arange(0, W1-7, 8):
4.Return the concatenation of all block = arrExp[i: i + 8, j: j + 8]
blocks blockDCT = dctn(block, norm="ortho")
arrDCT[i: i + 8, j: j + 8] = blockDCT
return arrDCT
# arrExp = np.pad(arr, ((0, H1), (0, W1)), 'edge')

40
Block-based IDCT in Python blockDCTDomain.py

 Steps: def BlockIDCT(arrDCT, H, W):

1.Transform each block into its H1, W1 = arrDCT.shape
IDCT domain arr1 = np.zeros([H1, W1], "uint8")
2.Return the concatenation of all for i in np.arange(0, H1-7, 8):
blocks after deleting the for j in np.arange(0, W1-7, 8):
padding
blockDCT = arrDCT[i: i + 8, j: j + 8]
block = idctn(blockDCT, norm="ortho")
arr1[i: i + 8, j: j + 8] = np.round(block)
arr1 = arr1[0:H, 0:W]
return arr1

41