A survey of image encryption for healthcare applications.

Recently, medical image encryption has attracted many researchers because of security issues in the communication process. The recent COVID-19 has highlighted the fact that medical images are consistently created and disseminated online, leading to a need for protection from unauthorised utilisation. This paper intends to review the various medical image encryption approaches along with their merits and limitations. It includes a survey, a brief introduction, and the most utilised interesting applications of image encryption. Then, the contributions of reviewed approaches are summarised and compared regarding different technical perspectives. Lastly, we highlight the recent challenges along with several directions of potential research that could fill the gaps in these domains for researchers and developers.

Introduction

With the popularisation of smart and intelligent devices, the digital form of health records and more generally, electronic health records, are consistently generated and circulated online for information acquisition with accurate results [1, 2]. Electronic health records are normally composed of patient-related information, medical history, symptoms and more information, which are maintained by the involved services in healthcare. Moreover, in recent years, a lot of medical images and records have been consistently created and disseminated online among medical specialists and healthcare workers due to the appearance of COVID-19 [3, 4]. Furthermore, in [5], the high court of Bombay refused to give bail to a man who was out on temporary bail for about 10 months on the basis of forged medical documents in 2021, while in another case in 2019, IBM reported that the health industry had recorded maximum cases of data breaches and that data can be misused in several ways [6]. Moreover, in 2015, millions of people were affected by health data breaches in the US [7].

Therefore, due to the value of electronic health records from various perspectives, it is a great challenge for various research communities to study the situation of their illegal utilisation. Although health insurance portability and accountability act (HIPAA) provided the privacy regulation for the digital health records, it is still a challenge to address the security of these records [8].

Encryption is one of the highly recommended security solutions for medical images in healthcare [9]. In this scheme; we convert our original image in some cipher image form so that no one other than a legitimate user can access its information [10]. Given a plain image M, its ciphered image, denoted by N, is computed as follows:where E() and D () denotes the encryption and decryption function, respectively. In addition, K and K' denotes the encryption and decryption key, respectively. Correspondingly, Fig. 1 shows the Basic encryption/decryption procedure of medical image.

Fig. 1

Basic medical image encryption and decryption procedure

Generally, encryption techniques are broadly divided into two classes: symmetric and asymmetric techniques. Symmetric encryption requires a single key to protect the image, whereas asymmetric techniques employ two distinct keys (i.e. public and private keys for image protection) [10]. Compared to symmetric encryption, asymmetric encryption has the advantage in better security, but it takes longer in its execution time. Over the past decades, researchers have been using conventional encryption to ensure the certainty of digital images. However, these techniques are no longer applicable in practice due to the inherent nature of digital images [11].

In need of more security for images, the concept of hashing was introduced. It is a one-way function of cryptography that converts any form of data into a unique string of text known as the message digest. The hashing process is an irreversible process if the algorithm is designed properly. Its main contribution is to verify the integrity of an image to prevent any type of modification or corruption to the features of an image. Image hashing has a remarkable role in many applications such as image authentication, digital watermarking, image quality assessment, image retrieval and indexing [12]. Researchers developed the efficient encryption scheme to resolve the security issue of medical images (see Sect. 5).

Therefore, the main contribution of this article is to provide a brief introduction along with background information and evaluation metrics of image encryption. We then provide a comprehensive survey of various medical image encryption schemes along with their merits and limitations. Also, the contribution of the surveyed scheme is summarized and compared in the context of the estimation of design objectives, goals, approaches, evaluation metric and weaknesses. Lastly, we highlight the recent challenges along with several directions of potential research that could fill in the gaps of these domains for researchers and developers.

Requirements of image encryption

Security of images has become a complex problem due to peculiar features of images [13].In the following section, various essentials of image encryption for image security are summarized (Fig. 2).

Fig. 2

Basic requirements of image encryption

Security: Security is the key requirement for encryption procedure. The usage of an individual encryption process should ensure the reliability of an image feature. Generally, it incorporates perceptual security, key sensitivity and capability against probable attacks.

Perceptual security: Any encryption process is secure in perception when the outcome of an encryption process produces an encrypted image in such a manner that it cannot be perceptually recognised.

Key space: The possible unique encryption keys, present for the encoding process, known as the key space for a cryptosystem. A large value of key space indicates more security against exhaustive search attacks.

Key sensitivity: It is the amount of resultant impact in cipher images while making only one bit change in the encryption key. Every encryption procedure should be sensitive to secret encryption keys.

Potential attacks: Every image encryption method should be invulnerable to several possible attacks to an image encryption cryptosystem such as ciphertext-only attacks, known-plaintext attacks, differential attacks, etc.

Computational complexity: An image has more data capacity in comparison to text. If the complete image data is encrypted with a cryptographic model, the computational complexity of the entire image is very high, so the important data bits of an image can be encrypted to ensure image protection.

Invariance of compression ratio: To ensure storage size, transmission bandwidth and quality of recovered compressed image invariance in its compression ratio need to be preserved by encryption technique.

Real-time demand: Video conferencing and image surveillance are examples of real-time performance. It is a basic need to maintain reasonable delay during encryption and decryption.

Multiple levels of security: To maintain scalability, different iterations and variable key sizes can be used, which are also useful for maintaining a higher level of security.

Transmission error tolerance: Due to noisy media for image transmission, real-time data transmission also occurs in noisy media. So, a perfect encryption model should be required.

Evaluation assessment of image encryption

Different performance metrics and factors are used to measure the performance of encryption techniques [14, 15]. Some of the standard metrics are discussed below (Table 1).

Table 1

standard metrics for image encryption

Type of assessment	Description	Metric
Security	Any encryption process invulnerable to all possible attacks	Perception security, huge key space,key sensitivity, defence against possible attacks
Computational time	The required time to execute a set of instructions	-Depends on the permutation and diffusion operations -Significantly low complexity and minimum time value of image encryption and decryption
Compression ratio	To reduce storage space or bandwidth required for an image transmission lossless compression of an image required	Compression ratio = (uncompressed size image)/(compressed size image)
Robustness	Resistance against statistical and differential attack	Histogram analysis, correlation coefficient, NPCR, UACI
Quality	It is a quality assessment between the decrypted and plain images	PSNR, SSIM
Entropy [16]	It is used to estimate the randomness of information of cipher images	HS=-∑_s(PSi×logP(Si))

Visual Assessment: Binary, grey and colour images are examined visually to discover features of an image by looking at the encrypted images.

Statistical Analysis: The analysis of the relationship between pixels of any encoded image is known as statistical analysis. The histogram and correlation coefficient are used for this analysis.

Differential Analysis: This study is used to discover the modifications in the cipher image of the same plain image after performing a single bit change in secret key or plain image pixel.

Security Analysis: For security analysis of any method, we analyse the following factors:

Key Sensitivity Analysis: It determines the impact on the encoded image after a single bit change in the key used for the encryption process. The evaluation is done by comparing two encrypted images pixel by pixel.

Key Space Analysis: For the feasibility against brute-force attacks of any encryption technique, this analysis plays an important role.

Time Complexity Analysis: This is the time required for a group of commands to be executed. It includes the time consumed for the encryption and decryption process of an image. Its value varies based on several factors like the system configuration and the type of image used.

Further, some standard objective measures considered for the evaluating the encryption techniques are summarized in Table 2.

Table 2

Evaluation method for image encryption

Metric	Description	Formula	Highlights
Number of Changing Pixel Rate (NPCR), Unified Averaged Changed Intensity (UACI)	Assessment of the encryption technique implemented Range of NPCR: 0 to + 1 Ideal value of NPCR: + 1 Ideal value of UACI for image of size 512 × 512 ≈ 34	Di,j=0,ifC^1i,j=C^2(i,j)1,ifC^1i,j≠C^2(i,j) NPCR=∑_i,jDi,jTot UACI=∑_i,j|C^1i,j-C^2i,j|L.Tot where, C1 and C2 are encrypted images before and after one pixel change, L is the maximum pixel value supported and Tot is the total number of pixels	Any encryption algorithm should have a NPCR ≥ 0.9, and UACI≈ 0.33
Correlation Coefficient (CC)	It defines the relationship between correlated pixels of a plain and encoded image It is calculated in three directions: horizontal, diagonal, vertical Range of CC: -1 to + 1	CC(x,y)=C(x,y)D(x)D(y) Here, C(x,y)=∑i=1K(x_i-Ex)(y_i-Ey)p D(x)=1p∑p=0n(x_i-Ex)^2 D(y)=1p∑i=1p(y_i-Ey)^2 where E(x), E(y) and D(x), D(y) indicate mean and standard deviation of x and y, respectively. C(x,y) represent the covariance between coordinates x and y and p is the number of pixel pairs (xi,yi)	For an encoded image CC should be ≈ 0
Mean Squared Error (MSE)	Evaluation, of error values, that define distinction between plain image from decrypted image Range of MSE: 0 to ∞	MSE = ∑i=0m-1∑j=0n-1Xi.j-Yi,j^2m×n where X and Y denoted as original and decrypted image. i and j are the coordinate of pixel of image size m×n	For high quality of images, MSE should be near to zero
Peak Signal to Noise Ratio (PSNR)[17]	It is a quality assessment between the decrypted and plain images It is measured in decibel (dB) Range of PSNR: 0 to ∞	PSNR=10log10(2n-1)2MSE where n is the number of bits per pixel	PSNR value should be high between original image and decrypted images
Structural Similarity Index (SSIM)	Used to compute the homogeneity between plain and associated decrypted images It is quality measure parameter of decrypted image Range of SSIM: -1 to + 1	SSIM=(2μ_xμ_y+c_1)(2σ_xy+c_2)μ_x^2+μ_y^2+c_1(σ_x^2+σ_y^2+c_2) Where (µx, µy) indicate the average and (σx2, σy2) indicate variance of an input x and decrypted y images, respectively. σxyrepresent covariance of x and y. c1 and c2 are regularization constant	For an identical images it should be ≈ 1
Information Entropy (IE)	It computed as the average information per bit in an image Each pixel has different value Range of IE: 0 to + 8	HS=-∑_s(PSi×logP(Si)) Where P(Si) represents the probability of occurrence of Si in message source (S)	Value of IE should be close to 8 for 8-bit image
Execution Time (ET)	It defines the time needed to execute an image encryption process It is aggregation of compiletime and run time It is measured in:ms, seconds, minutes	–	The value of ET should be less for any encryption technique

Common attacks in images

Here we introduce some frequents attacks in image processing [14, 18]:

Ciphertext-only: In this attack, only some sets of cipher texts are known to cryptanalysts, they try to decrypt ciphertext to have access to the secret key or plain text.

Known-plaintext: This is an attack in which an attacker tries to find out the secret key of encryption while the attacker knows some of the plaintext and associated ciphertext.

Chosen-plaintext: This is an attack where the attacker selects their own random plain images and inserts them into the encryption process, providing a helpful way to analyse the corresponding cipher image.

Brute-force: All possible combinations of keys are attempted to crack the secret key used for encryption until it is attained.

Differential attack: It is used to analyze the sensitivity of encryption method toward small changes in original image. The attacker makes a small modification in the plain image and then the same encryption method is used to encode the image before and after modification to find the relationship between the new plain image and the cipher image.

Noise: In this, attacker tries to insert noise into an encrypted image to destroy the usable information of plain image. By this it become an unsuccessful attempt for the intended user to recover the original image after the decryption procedure.

Occlusion: This attack is applied to examine the capacity of retrieving original images from encoded images that have lost some data because of malicious activity or clogging in the network.

Entropy: In this type of attack, an intruder forges unoriginal packets (i.e. already-known packets by the system) that are trivial linear combinations of the ‘stale’ packets that are collected or intercepted at an earlier time. These packets with no new coding information will significantly reduce the information entropy of the system.

The state-of-the art encryption approaches

Several medical image encryption approaches have been introduced using spatial, transform, optical and compressing sensing domain schemes. In the following subsection, we elaborate on different spatial-domain-based image encryption approaches, including comparisons between discussed techniques in the tabular form.

Encryption based on chaotic map

Chaotic maps have numerous features like ergodicity, structural complexity and shuffling properties, which all create a table to produce unknown nonlinear deterministic pseudorandom sequences that are highly sensitive to initial conditions. The maps are categorised as discrete maps and continuous maps for secure communication applications. Chaotic maps are extensively utilised, providing high computational speed along with better security [9, 15]. Author develops a high-speed encryption method using bulbun chaotic map [15]. This map is used to randomly generate several rows and columns to overcome the slower process of pixel-wise shuffling and the substitution process. They conduct row-wise shuffling and substitution of pixels, and then the same process is conducted column-wise. To prevent any leaks of information, the methods shuffle the position of the pixels by applying a circular shift. Further, to mask the pixel value, modular operations along with bitwise XOR operations are performed. The highest security trial result illustrates that the scheme is immensely secure against differential attacks and features a fast computational speed of approximately 80 FPS, making this method suitable for real-time applications. However, making this method compatible for real-time application on high-resolution images is the main challenge.

In [19], Author develops an image encryption scheme aimed at achieving higher security via pixel permutation using a chaotic map. The method uses pixel permutation to obtain a normalised image. Next, a key is obtained from the normalised image, and a new matrix of the same size as original is created and initialised by a key. Finally, the encrypted version of the image is found via the combination of the normalised and the newly created image. Simulation results suggest that the scheme is secure for plaintext attacks. Although the method outperformed the Arnold’s scheme, security analysis of the scheme needs to be investigated for other attacks. Complexity analysis of any encryption scheme is also a significant measure for any real-time applications, which need to be investigated for the suggested method. Taking on a similar scheme, Ying, and Zhang [20] apply modified Josephus traversing to scramble the image (row-wise and column-wise) and they consider the pixel permutation and diffusion to encrypt the image. Specifically, SHA-3 is employed on the original image to obtain the binary sequence. Subsequently, the chaotic system along with the diffusion process, are used to encrypt the image. The simulation observations show that the algorithm is secureagainst plaintext and differential attacks. However, the major drawback to the scheme is high computational complexity. In [21], a highly sensitive and secure beta chaotic map function-based image encryption scheme is suggested. Two beta maps of different initial values are randomly selected for random sequence generation and key construction. With these random sequences, the methods shuffle rows and columns of plain images to create chaos in the correlation between plain and cipher images. These results remarkably increase the invulnerability to attacks. In the stage of diffusion, as per the image type, different sizes of image blocks are used in every round; these image blocks can be modified if any changes lead to the plain image. Further, the approach offers a better value of entropy and correlation coefficient than other schemes [22, 23]. On that account, the scheme is resistant to several known cryptographic attacks. However, it is necessary to further discuss its computational complexity for real-time application. A firm image encryption algorithm based on double chaotic S-boxes, which are generated by a sine tent map, is suggested [24]. In this scheme, S-boxes are able to perform confusion and substitution of image pixels simultaneously. Confusion and diffusion operations in two forward and backward rounds with double S-boxes create resistance against differential attacks. The simulation outcome verifies the better capability of suggesting schemes in real-time encryption applications. Further, the suggested scheme indicates the foremost randomness value of the encrypted image compared with other methods [25-27].

A bit-level infallible and firm image encryption scheme was developed by Li Xu et al. [28]. This technique uses a piecewise linear chaotic map, which has exceptional encryption performance only in a single round of encryption. In this method, the original image is converted into two same-size binary sequences that diffuse mutually. After this, swapping of binary elements of one bit plane to another bit plane has been done by permutation operation under the control of chaotic map. Due to multiple operations like the construction of chaotic sequence and swapping operations, this method is slower than other algorithms. Further experimental results are compared with other techniques [29-31]. In order to accomplish this, Chai and Zhang [32] have introduced a novel image encryption structure that uses Latin square along with a memristive chaotic map. This method has made a huge impact in medical field applications. The scheme mixes up the pixels of the rows and columns of the original image with the use of plain image and Latin square, which reduces the amount of correlation between neighbour pixels. The hash value of the original image is computed by SHA-256, which makes this system strong against known attacks. From the experimental results, it is shown that the algorithm accomplishes the highest speed compared to other encryption schemes [33, 34].To prevail over the weaknesses of the available image encryption algorithms, a novel image encryption algorithm has been evolved [35]. This scheme uses multiple chaotic maps in different steps. Logistic sign maps are used in the first step to scramble the original image, after which 2 × 2 sub blocks are created by splitting the scrambled image. In the next step, a hyper-chaotic map is used to encrypt the sub blocks until the encryption of all the boxes is finalised. The performance result indicates that the limitation of the deficiency of diffusion in sole direction encryption is overcome by this suggested scheme, which also provides better security along with robustness.

The authors presented a framework based on chaotic maps, combined with dynamic S-boxes for efficient medical image encryption [36]. In this scheme, S-boxes were arranged before and after chaotic substitution, that make the suggested method more robust against chosen plaintext as well as chosen ciphertext attacks. Further trial outcomes indicated that the suggested framework successfully cleared each of the security evaluations, regardless of any chaotic map being used for execution. For fast, efficient processing, researchers endorse the use of the Hénon map or the Classical Baker map, which help to attain encryptions throughput at about 90 mbps without any hardware modifications. The simulation outcomes show that, compared to other schemes, the suggested framework has a great value of NPCR and UACI [37].

Yang et al. [38], perform encryption on lossless compressed image data. The image is compressed using a neural network, following which the zigzag confusion permutes the compressed image. Finally, an XOR logical operation is performed between the confused image and the sequence generated by the chaotic map. This scheme encrypts and compresses the image, offering high levels of security and reduces costs for network bandwidth.

Further, the comparison of above discussed techniques is presented in Table 3.

Table 3

Summary of various encryption methods based on chaotic maps

Ref	Objective	Used approaches	Evaluation metric used							Database information	Attack considered
			NPCR and UACI	PSNR	Key space	Complexity (time or space)	Entropy	CC	Histogram
[15]	To developed a systematic image encryption scheme with high processing speed	Bülban chaotic map, Circular Shift, XOR	Y	–	2360	Time	Y	Y	Y	USC-SIPI Image Database	Differential attacks
[19]	To produces an image encryption method that eluding the attacker	Logistic Map, Confusion, Diffusion	Y	–	–	–	Y	Y	–	USC-SIPI Image Database	–
[20]	To developed an secure and improve image encryption systems that can resist plaintext attacks and differential attacks	Scrambling associates Josephus traversing,Chaotic system	Y	Y	–	Time	Y	Y	Y	Lena images of size 256 × 256	Statistical attacks, Selective-plaintext attacks, Exhaustive attacks
[21]	To introduce an image encryption schemes that increase the protection of an image	Beta Chaotic Map,Confusion,Diffusion	Y	Y	2512	–	Y	Y	Y	USC-SIPI Image Database	Brute force attacks, differential attacks
[24]	To developed an improve image encryption systems that provide more security and efficiency	Double Chaotic S -Box, Confusion,Diffusion	Y	–	2258	Time	Y	Y	Y	USC-SIPI Image Database	Various notable attacks
[28]	To develop a bit-level secure and reliable image encryption method	Cyclic shift, linear chaotic maps	Y	–	2210	Time	Y	Y	Y	Greyscale 8-bit images. (256 × 256)	Brute-force attack, statistical, differential attack attacks
[32]	To provide a reliable encryption technique to secure medical image	Permutation based image, adaptive diffusion	Y	Y	3.402 × 1094	Time	Y	Y	Y	Various image of different sizes	Known-plaintext, Chosen-plaintext attacks, statistical attacks
[35]	To design an adaptive medical image encryption algorithm that overcomes the defects of the pre present chaotic encryption schemes	Logistic-sine chaos mapping, hyper-chaotic system	Y	–	2512	–	Y	Y	–	Lena (256 × 256)	Differential attacks
[36]	To develop an algorithm that achieve high encryption throughput	Dynamic S-boxes, Baker map or Henon map	Y	–	128-bit	Speed	Y	Y	y	CT image (750 × 870), MRI image (512 × 512), X-ray image (1338 × 1094)	Chosen plaintext and ciphertext, Reset attacks

Encryption based on elliptic curve cryptography (ECC)

In 1985, Neal Koblitz and Victor S. Miller developed a novel public key cryptography based on ECC, which delivers more reliability than other cryptosystems with the same key size. ECC can be used to prevent images from unauthorised modification and preserve the integrity of this digitised medical image. The specialty of ECC encryption is that in each execution cycle the encryption process with the same key creates a totally distinct cipher image [39, 40]. In the following, we briefly introduce the chaos-based image encryption. Authors developed an image encryption method using ECC along with digital sign cipher for more authenticity and integrity [39]. Coordinate values of the elliptic curve were used to execute all functions of ECC. For secure communication, all parties agreed on the equation and generator of the elliptic curve. In this structure, a few pixel groups were used to reduce the number of executions. The procedure of image encryption with ECC coordinate values of elliptic curves were mapped with the pixel value of an image. Suggested procedure helps to avoid the utilisation of reference tables for encoding/decoding process [40, 41].

MAES-ECC based, an upgraded image encryption scheme for embedded systems, was developed [42]. This method uses modified AES for eliminating the mix column transformation step, which is replaced by a permutation-based shift of columns that results in a reduction in time complexity along with keeping the Shannon principle of diffusion and confusion intact. Due to its security, along with its time efficiency in sizable medical images, the proposed algorithm is very useful, with impressive, enhanced entropy compared to other existing methods [43-46]. Although, the method has computational complexity, it needs to be reduced without affecting the security provided, which is the main issue.

In Reference [47], a robust easy key transmission and management for encryption of an image, a novel method that combined ECC with chaotic system, was developed. In this method, both parties agree upon the coordinate of the elliptic curve, which is based on the Diffie–Hellman public key sharing method. In the next step, the image is encrypted with that coordinate and chaotic system. The outcomes suggest that the method is secure from many known cryptographic attacks. Experimental demonstrations have been compared with several existing techniques [48-50]. However, the major drawback in the scheme is high computational complexity, which needs to be reduced. In [51], the authors developed a robust encryption scheme that is most suitable for applications that require a secure communication channel for image transmission that is also able to resist chosen plaintext attacks. To overcome the problem related with key management and security, the method used EC-ElGamal combined with chaotic theory. For generating the initial value of chaotic maps, SHA-512 was used. After this, crossover permutation was performed to scramble the plain image. The experimental results have compared with different existing techniques [52-54]. Simulation results suggest that the drawbacks are time consumption, which must be reduced and encryption speed, which needs to be increased using parallel processing.

In [55], author designed a robust encryption algorithm of images that integrates the elliptic curve cryptosystem with hill cipher. Conversion of a symmetric encryption technique into an asymmetric encryption technique by Hill Cipher makes this method more firm, efficient and invulnerable to attackers. In this method, secret keys for encryption and decryption purpose a self-invertible key matrix that is used that remove the overhead to find and share the inverse key for decryption process. The key matrix based on ECC used in this method makes it difficult for intruders to solve. Simulation results have reflected that the approach is time efficient and defends against different attacks. An image encryption process that incorporates ECC along with the classical Hill cipher, Arnold’s Cat map (ACM) and linear congruence generator (LCG) that mainly utilises the medical field is proposed [56]. In this method, the encoding process of the broadcasted image based on the classical Hill cipher method has been done by dynamic key, which is produced by Diffie-Hellman protocol. Next, in the confusion phase of method, Arnold’s cat map is used for separating value of image pixels into blocks, size of (4 × 4). Then, the self-invertible secret key matrix is multiplied by each block (4 × 4) modulo 216 for each block, and values are taken. In the next phase of diffusion, XOR is performed with the output of the LCG. Finally, the simulation results have been compared with other similar techniques [57-60]. An ordered-elliptic-curve-based hybrid binary image encryption method that utilises dynamic S-boxes for pseudorandom numbers has been introduced by Hyatt et al. [61]. Firstly, the method defuses the plain image by masking the plane image with the proposed PRN. In the consecutive step, the diffused image is confused by the dynamic S-boxes to enhancing the security of the image. By using the group law masking, the masking process of the proposed method consumes less time as compared to other EC-based techniques. The main highlight of the algorithm is that it provides a lossless security system. The experimental result has been compared with several existing techniques [62-64].An ECC-based novel encryption scheme which collaborates with genetic algorithm-based optimization techniques for private key generation has been used for encryption purposes [65]. In this scheme, separate blocks (4 × 4 size) of pixel value matrices were formed for each red green blue (RGB) component of the colour image. Later, these blocks were encrypted by a public key which was generated by the ECC method. For the decryption process, an optimisation-technique-generated key was used. All execution findings are to be compared with the method introduced by Shankar et. al. [66].Vulnerability analysis and complexity analysis of any encryption process are very essential for real-time applications, which need to be investigated for the suggested method.

In order to accomplish this, Ibrahim and Alharbi [67] have develop an ECC-based image encryption method that utilises the collaboration of the hash algorithm with the Hénon chaotic map. For the enhancement of the reliability dynamic, S-boxes are used to create confusion. In this method, the researchers firstly proposed a process to construct novel dynamic S-boxes by the chaotic Hénon map. In the next phase, the plain image was encrypted with the encryption key, which was generated by ECC. Dynamic S boxes were used to create more chaos in the output image of the second phase. Finally, the hash algorithm was used to identify the malformed cipher image to defend against chosen ciphertext attack. The main feature of the proposed algorithm was high computational efficiency which achieved a speed of 150 mbps. Experimental demonstration was compared with several existing techniques [68, 69]. This method was designed only to encrypt grayscale uncompressed images, which is the main drawback of the method for colour image application. Laiphakpam presented an image encryption method drive from the elliptic curve over a finite field along with the chaotic system [70]. In the first step of the method, both parties of communication agreed upon some random coordinates of the elliptic curve by the concept of Diffie–Hellman public key sharing method. Next, this coordinate was used for the generation of chaotic sequences by logistic maps. Then, these sequences were converted into the integer value known as the byte value. Finally, Arnold’s transform scrambled the plain image pixel value and later these pixel values are XOR with the byte values, which were generated in the previous step to produce a cipher image. The simulation results showed that the proposed method had a good avalanche effect along with resistance to many known cryptographic attacks. The efficiency of the proposed method against real time application, compared with other existing schemes [71-73], reflect the robustness of proposed method.

Further, the comparison of above algorithms is presented in Table 4

Table 4

Summary of ECC based encryption

Ref	Objective	Used approaches	Evaluation metric used							Database information	Attack considered
			NPCR and UACI	PSNR	Key space	Complexity (time or space)	Entropy	CC	Histogram
[39]	To develop a method that digitally signs the cipher image to provide authenticity and integrity	12 bit Standard Elliptic curve	–	–	2512	Time	Y	Y	Y	Lena (1024 × 1040) Pepper (512 × 520) Mandrill (256 × 260	Known Plaintext attack
[42]	To introduce a method that encodes largesize images with high security in efficient time	ECC (Elliptic curve),MAES (Modified AES)	Y	–	2128	Time	Y	Y	Y	Lena (512 × 512 × 3) Peppers (512 × 512 × 3) Baboon (512 × 512 × 3) 3D scanner ankle (1080 × 1920 × 3)	Statistical attacks, Noise attack, Differential attacks, Brute force attack
[47]	To develop a secure key transmission and management method	ECC, Chaotic System	Y	–	2512	Time	Y	Y	Y	Airfield (512 × 512)	Various notable attacks
[51]	To develop a robust encryption method with time efficiency	Elliptic curve ElGamal, chaotic theory, SHA-512 hash	Y	Y	2100	Time	Y	Y	Y	Lena (512 × 512) Barbara (512 × 512) Peppers (512 × 512) Baboon (512 × 512) Car (512 × 512)	Various notable attacks
[55]	To develop a method that resists various attacks and exhibits better security features	ECC, Hyper chaotic Lorenz generator (HCLG), Arnold cat map, Hill cipher	Y	Y	–	Time	Y	Y	Y	Lena (512 × 512)	Exhaustive search attack, data losses attacks, noise attacks, Differential-statistical attacks, occlusion attacks
[56]	To propose a scheme that is applicable for secure image communication	ECC, Hill cipher, Arnold, Linear congruence generator	Y	Y	–	Time	Y	Y	Y	Lena ( 512 × 512) DICOM (512 × 512)	Differential, Statistical attacks
[61]	To develop a method that is resistant against cryptographic attacks without losing information	ECC, Dynamic S-boxes, pseudo random numbers (PRN)	Y		2128		Y	Y	Y	Circuit (450 × 600) Boat (256 × 256) Lena (256 × 256) Pepper (512 × 512)	Various notable attacks
[65]	To introduce a n efficient method which provides secure transmission, without losing confidentiality of image	ECC, Genetic Algorithm (GA)	–	Y	–	–	–	Y	–	USC-SIPI Image Database	Breach of confidentiality
[67]	To develop firm and structured image encryption procedure	ECC, Henon Chaotic map,Dynamic S-Boxes	Y		1062	Time	Y	Y	Y	USC-SIPI Image Database	Chosen-plaintext, Chosen-ciphertext attacks, Brute-force attacks
[70]	To develop a secure and fast encryption process that utilize for real-time image operations	ECC, Chaotic system, Arnold’s transform, Diffie-Hellman public key		Y	2512	Time	Y	Y	Y	Lena (512 × 512) Plane (512 × 512) Baboon (512 × 512)	Chosen-plaintext attack, Brute force attack, Occlusion attack

Encryption based on DNA methods

A peculiar method called the DNA technique has been developed in cryptanalysis. The DNA technique is used as an information bearer in image encryption which supports high delineation and huge data consistency. The structure of DNA decides the complexity of security. Henceforth, the computation of DNA over image is very difficult [74]. Using DNA and anarchic logistic maps, a robust scheme has been developed [75]. The method first combines a DNA-encoded input image and a 1D chaotic map mask by using DNA addition. After the first step, to receive the cipher image, the resultant matrix is permuted using a 2D-chaotic map pursued by DNA decoding. The suggested method provides a completely invertible method which can resist known attacks (i.e. statistical, plaintext and differential attacks). A robust logistic map-DNA method for colour image encryption was initiated by Suri et al. [76]. The suggested research was a combination of intertwining logistic map (ILM) that works as a location map along with other approaches for generating initial value. ILM-generated 3D chaotic sequences were used to permute the pixels of the original image; meanwhile, the SHA-256 function was deployed to produce the initial values for chaotic sequences creation. Hereafter, DNA XOR operation was executed to diffuse the permuted pixels of the previous step. The calculated output reflected a remarkable enhancement in the entropy value and high defence against various differential and statistical attacks. The simulation resulted in an improvement in encryption efficiency compared to other techniques [77, 78].

In [79], a “permutation–diffusion–scrambling” structure based on an image encryption method was developed. This SHA-3 algorithm was used to compute the hash value of a plain image that utilised the seed of the hyperchaotic system, along with the chaos-generated sequence as the initial value, to produce the Hill cipher matrix that changed pixel positions in the image. In this chronology, image encryption was done on the grounds of Feistel network and dynamic DNA encoding. To minimise the number of rounds of encryptions, DNA sequence was used. The reliability analysis of suggested methods indicated that the use of Feistel transformation, along with scrambling and DNA encoding/decoding technology, made the method completely resistant to several known attacks in comparison to other schemes [80, 81]. Computational complexity needs to be discussed for any image encryption method. In this progression, “DNA-complementary” rules-based colour image encryption process along with pair-coupled chaotic maps was proposed [82]. As per the process, the image was split into RGB components, which were converted into three distinct DNA matrices with the help of DNA encoding rules. After the DNA addition of RGB components was implemented via the pair-coupled chaotic maps, pixels were permuted. Experimental demonstration was compared with several existing techniques [83, 84]. However, processing speed was the fundamental issue related to the suggested scheme. A robust image encryption process in which image pixels are dispersed by the DNA approach and permuted by a two-dimensional Hénon-Sine map is recommended to save image content when an image is transmitted over the internet [85]. Initially, 2D-HSM is created in such a manner that it acquires better ergodicity and pseudo randomness. Thereafter, a DNA encoding and a DNA- XOR operation applied over image encryption improves the efficiency of image permutation and diffusion. Further, the preliminary analysis against various attacks and performance metrics are compared with several methods [86, 87]. After all, the fundamental drawback of the recommended scheme is designed basically for grey image. The multimedia data or the coloured images must be converted into the same pattern of grey images and thereafter will be encrypted with the scheme, which will increase the computational complexity of the method.

Further, the comparison of above discussed techniques is presented in Table 5.

Table 5

Summary of DNA based encryption

Ref	Objective	Used approaches	Evaluation metric used							Database information	Attack considered
			NPCR and UACI	PSNR	Key space	Complexity (time or space)	Entropy	CC	Histogram
[75]	To develop a robust image encryption algorithm which provides a totally invertible method that can resist various attacks	DNA,1D & 2D Chaotic maps	Y	Y	1096	Time	Y	Y	Y	USC-SIPI	Known plaintext attack, Statistical attacks, Differential attacks
[76]	To suggest a method that ensures a secure transmission of image information	DNA,ILM,SHA-256	Y	–	2256	–	Y	Y	Y	Lena (256 × 256) Bungee (256 × 256) Baboon (256 × 256)	Differential attack, Statistical attack, Brute-force attack
[79]	To introduce a reliable image encryption method based on the Feistel network	Feistel network, dynamic DNA encoding, Hill matrix, chaotic sequence	Y	–	10100	–	Y	Y	Y	Lena (256 × 256) gray scale	Exhaustive attack, Plaintext attack, Differential attack, Statistical attack,
[82]	To develop a high-speed image encryption and decryption method	DNA encoding, Pair coupled Chaotic map	–	–	10450	–	Y	Y	Y	Lena (256 × 256)Color image	Statistical attack, Differential attack, Exhaustive attack
[85]	To introduce a secure encryption method for robust transmission	DNA sequence, 2D Henon- Sine map	Y		10112	Space	Y	Y	Y	Lena (256 × 256) (512 × 512) cameramen (256 × 256)(512 × 512) Baboon (256 × 256)(512 × 512)	Exhaustive attack, Robustness against noise, Anti noise attacks, statistical attack, differential attack

Encryption based on miscellaneous schemes

A mathematical model which works on discrete input/output is known as cellular automata. This is used to indicate the sequential behaviour of interconnected cells organised in a regular manner, all of which have a finite set of possible values [88].

A spatial domain secure and robust image encryption scheme that uses eliminatory cellular automata (ECA) combined with the chaotic tent map was developed [89]. In this method, the plain image is divided into blocks. Later, these individual blocks are encrypted with a distinct key stream by using ECA with a chaotic tent map. In the next phase of the method, the shuffling process of bytes of encrypted blocks is done to generate more diffusion. The main uniqueness of the proposed method is using variable sizes of blocks and keys for all operations like encryption and shuffling. Further, the preliminary analysis against various attacks and performance metrics are compared with several methods [90-92].However, the method is not feasible for real-time application. Reference [93] developed an encryption process that is helpful for encrypting images of all dimensions. In the method, the correlation between the neighbor pixels was removed by permuting the pixels of the plane image with PRNS, which is generated by CA. After this, with the use of a single random number that is generated by skew tent map, encryption of permuted images was performed. Experimental demonstration was compared with several existing techniques [94-96].The method has the key benefit of large key space and better encryption effects, along with drawback of a limit on the amount of data to be handled.

Focusing on reliability of digital image, a novel structure for image encryption based on DNA and recursive cellular automata was developed [97]. In this scheme, a logistic map was employed at the permutation phase for circular shift in the image rows and columns, and then DNA and RCA at the diffusion phase were used to modify the grey level of the pixel to new values. The use of RCA and DNA increased the security of cryptography systems and made it more resistant to all kinds of attacks. Computational complexity analysis should be discussed by any encryption algorithm, which needs to be investigated for the suggested method. In [98], a non-uniform cellular automata (CA) structure was proposed that used chaotic maps for performing confusion in the plane image by randomly changing the position of pixels in the image. This permutation was done in a row/column-wise manner for the colour component of the image. To create rules for CA, logistic maps were used, which have a unique characteristic in that a tiny change in a CA parameter results in a new and different CA. These rules were employed on the sales of CA that generate key images. In the next step, with the use of a hyper chaotic map, the method selects a random key image for encryption. Experimental outputs indicate that the suggested scheme has great resistance against noise attacks and has a large key space that makes the suggested method more robust compared to other schemes [99-101].

To overcome the issues related to the secret key generation, a new image encryption method which uses CA along with memristive hyperchaotic system was proposed by Chai et al. [102]. In the diffusion phase, the scheme used two different DNA rules for encoding the plain image into blocks. In the next step, these diffuse image blocks were combined with two-dimensional CA for encryption. There are so many discrete numbers of DNA-encoding regulations available for unique original images. This structure can be useful in many real-time applications like video communication and secure image transmission. To check the effectiveness of the scheme, it has been compared with the existing method [103-105].

A secured lightweight keyed transposition structure is drafted to derange the correlation of pixels of plain image [106].This method execute lookup table operations to decrease computational complexity, power consumption and resource requirement. The proposed scheme uses Hénon chaotic map along with ECA, which has dynamic properties for extracting and analysing the lookup table for each pixel of an image. For the encryption process, bitwise XOR operations are performed on plain image pixels. This scheme is useful for both colour and grayscale images. Simulation results indicate that the reliability and robustness of the method are also embraced in the IoT and sensor networks [93, 107, 108]. However, the method has the disadvantage of small rule space and low diffusion. In order to this, Ping and Wu [109] developed a low computational cost encryption algorithm which uses cellular automata with 2D logistic-adjusted-sine chaotic map (2D-LASM). In the phase of confusion, the positions of image pixels were permuted or shuffled by 2D LASM with chaotic attributes. After the permutation phase, the diffusion phase substitution of pixels was accomplished by a rule of reversible life-like CA. Simulation results were compared with the existing method [110, 111], which showed the superiority of the proposed method. However, the security analysis of the scheme needs to be investigated for other attacks. A new approach to upgrade the cryptographic features of S-boxes used as a basis of the Choquet Fuzzy Integral (CFI) and the DNA method has been proposed [112]. First of all, suggested methods construct a strong structure of four S-boxes using CFI, which are also encoded using the DNA method. These encoded S-boxes are known as DNAFZ S-boxes. After this, the plain image is shuffled by M sequences and sampled into four sub images for the encryption process. After this the pixel value of all sub images are replaced with one of four DNA FZ S-boxes, which are diffused with unique DNA encoded chaotic sequences from Chen's hyper chaotic map. In the final step the four DNAFZ Sub images are combined to construct the final cipher image. The suggested method has excellent statistical characteristics and better encryption efficiency compared to many other methods based on Arnold transform, Hénon map and hybrid chaotic map. A robust image encryption system based on B-spline function along with CFI to perform confusion and diffusion of pixels in plain image has been suggested [113]. The method uses a 3D hybrid chaos system to produce pseudorandom numbers. Further CFI with B-spline function is used to initialise the key to iterate the chaos system for every round. The use of a special type of shifting operation of CFI makes the suggested method more defensive against several types of cryptographic attacks like data loss attack and noise attack compared to other methods [114, 115]. In [116], researchers proposed a new procedure to generate a random key stream for image encryption purposes that utilises the CFI characteristics. The method first splits the colour image pixels into three grey-level components. After this, bits of these grey-level components are randomly shifted with these pseudorandom generators CFI. Finally, the output component of colour image (i.e. colour pixels) and the generated key stream are combined to encode the permuted components. CFI has very high randomness of sequence generated, which is very effectively regarding the security, reliability and sensitivity of the suggested method. For the protection of image data, which is distributed over the internet, the suggested method performs very effectively [117-119]. The execution speed analysis of the encryption/decryption process need to be investigated for the suggested method. Further, the comparison of above discussed techniques is presented in Table 6.

Table 6

Summary of various encryption methods based on miscellaneous schemes

Ref	Objective	Used approaches	Evaluation metric used							Database information	Attack considered
			NPCR and UACI	PSNR	Key space	Complexity (time or space)	Entropy	CC	Histogram
[89]	To evolve a robust unique image encoding scheme	Cellular automata,Chaotic tent map	Y	–	2576	Time	Y	Y	Y	Eight different-sized images Lena ( 256 × 256)	Various popular attacks
[93]	To develop a novel image encryption that can resist most known attacks	A skew tent, CA	Y	Y	2256	Time	Y	Y	Y	Lena, Checkbox, Airplane, Baboon, Barbara, Ship, Pepper, Nike logo	Various popular attacks
[97]	To propose a scheme that uses RCA and DNA increases the security	Deoxyribonucleic Acid (DNA), Recursive Cellular Automata (RCA)	Y		–	Time	Y	Y	Y	Lena, Baboon, Cameraman, House, Jet Plane, Lake,(512 × 512) (256 × 256)	Brute-force attacks
[98]	To design a method that protects the content of image with high efficiency	Hyper chaotic functions, non-uniform CA	Y		2128		Y	Y	Y	Lena, Peppers, Baboon images (256 × 256 × 3)	Statistical attacks, data loss attack, Noise attack, Brute-force attacks, differential attack
[102]	To propose a secure and robust image encryption scheme	Cellular automata, Memristive hyper chaotic system, DNA sequence operations	Y		2128		Y	Y	Y	Lena (256 × 256)	Various popular attacks
[106]	To develop a lightweight scheme that is secure from statistical attacks	Elementary cellular automata with novel permutation box	Y	Y	2 64 × 64 × 8		Y	Y	Y	Lena, Baboon, Airplane,Peppers Barbara (256 × 256)	Statistical attacks
[109]	To design secure and a high sensitivity system	Choquet fuzzy integral (CFI)	Y		2128	Time	Y	Y	Y	CVG-UGR, PSU	Statistical analysis attack, entropy attack, brute-force attack, plaintext attack
[112]	To design an encryption method that resists various attacks	CA combined with chaotic map, 2D-LASM	Y		2512	time	Y	Y	Y	CVG-UGR image database	Chosen-plaintext, known-plaintext attacks, brute-force attack, statistical attack
[113]	To introduce an encryption scheme that overcomes security shortcomings	Choquet Fuzzy Integral, DNA	Y	Y		time	Y	Y	Y	Lena (256 × 256)	Chosen plaintext attack, Differential attacks
[116]	To develop an algorithm of encryption that provides high key sensitivity and least information loss	3D hybrid chaos map, Choquet Fuzzy Integral, B-spline functions	Y				Y	Y	Y	Lena (256 × 256 × 3), Sailboat, Panda	Various attacks

Potential challenges

A lot of efficient encryption techniques have been developed in medical-domain. After doing the complete literature survey for the encryption of medical images, we highlight some of potential challenges to medical image encryption:

Our aim should be to preserve the accuracy of the encoded medical images, so for this it is very much needed to maintain the quality of the medical images without modifications.

Most of the encryption schemes have focused on one or two performance measures and have not addressed the issue of how to achieve a good trade-off between competing parameters such as security and complexity.

Ordinary encryption may seriously damage the availability of data, as the original data is only available to the user encrypting it.

In E-Healthcare application, any types of tempering in medical images are not acceptable. Only the best qualities of images are required. So the procedure of medical image encryption requires being resistant to any type of attacks on images over the network.

In ECC, the compulsion of the sender and receiver systems to have the same processor and precision value restrict the use of algorithms.

Cellular automata have small rule space and low diffusion power that limits the diversity in encryption/decryption algorithms.

The structure complexity of DNA decides the security which also causes the computation of DNA over image is very difficult.

To find an effective way to merge compression and encryption of animage for effective bandwidth utilisation is an interesting subject for future research.

Conclusion

Medical image encryption has great potential to provide valuable solutions to a variety of issues for E-health applications. The issues include E-health data storage, management, sharing of private data, identity theft and data security. This paper presents an extensive survey of several different image encryption schemes of spatial domain for e-health applications. Further, we have elaborated security components, different attacks, novel applications, security methods and different kinds of encryption systems. Finally, we have summarised the notable encryption techniques in tabular form. With the help of our survey, researchers may propose a suitable encryption technique to address the variety of issues for e-health applications.