Robustly correlated key-medical image for DNA-chaos based encryption

Medical images include conﬁdential and sensitive information about patients. Hence, ensuring the security of these images is a crucial requirement. This paper proposes an efﬁ-cient and secure medical image encryption-decryption scheme based on deoxyribonucleic acid (DNA), one-dimensional chaotic maps (tent and logistic maps), and hash functions (SHA-256 and MD5). The ﬁrst part of the proposed scheme is the key generation based on the hash functions of the image and its metadata. The key then is highly related and intensely sensitive to the original image. The second part is the rotation and permutation of the ﬁrst two MSB bit-plans of the medical image to reduce its black background that produces redundant DNA encoded sequences. The third part is the DNA encoding-decoding using dynamically chosen DNA rules for every 2-bit pixel value through the logistic map. Meanwhile, the confusion-diffusion is performed using the tent map and XOR operation. Simulation results and security analysis prove the good encryption effects of the proposed scheme compared to the state-of-art methods with a correlation of 6.66617e-7 and a very large key space of 2 624 . Furthermore, the proposed system has a strong ability to resist various common attacks such as chosen/known-plaintext attacks and cropping/noise attacks.


INTRODUCTION
Due to the fast development in technology and communications network, the number of transmitted medical images over the public network increases, considering their important role in telemedicine. Medical images serve to analyze the human body; they are used for various purposes such as telediagnosis and telesurgery [1]. These images hold confidential and private information of patients, so their security is a real challenging problem [2]. Therefore, encryption is introduced as a solution to guarantee the security of medical images. Since the image has a large size, a particular storage format, and a high correlation among adjacent pixels, conventional encryption techniques such as RSA, DES, AES, and IDEA are not convenient for bulky image encryption [3]. Researchers have proposed numerous medical image encryption algorithms such as algorithms based on chaos [4][5][6][7][8][9], Elliptic Curve Cryptography (ECC) [10][11][12], and combined DNA-chaos [13][14][15][16][17][18][19][20][21][22]. process, DNA technology encoded the permuted image, and DNA addition operation diffused the selected parts of the encoded image. In [36], Zhang et al. presented a hyperchaotic image encryption scheme using DNA coding and substitutionpermutation. The hyperchaotic system generated the random sequence key used as DNA complementary decider and as a key image. Next, the authors used the DNA encoding to substitute the image and the hyperchaotic system for the permutation. In another work, Wang et al. performed an encryption algorithm including PWLCM, logistic map, and DNA [26]. PWLCM generated the key image. Then the rows of the plain image and the key image were encoded into DNA sequences. An intermediate image was obtained through the DNA addition operation of the DNA sequences. Lastly, the cipher image was produced by performing the same procedures again using the intermediate image as a new input image. Jarin et al. presented an efficient encryption technique using self-adaptive permutation and DNA encoding [19]. The key of this technique is generated through the Linear Feedback Shift Register (LFSR) and 1D chaotic map. The original image is encoded into a DNA sequence and added to the key. Belazi et al. found a two-encryption rounds design based on DNA encoding, logistic-Chebyshev map, and a sine-Chebyshev map is a robust and secure scheme for medical image cryptography [42]. This method was achieved through a key generation step based on the SHA-256 hash function followed by block-based permutation and pixel-based substitution. In recent work, Aashiq et al. introduced an encryption technique in the frequency domain based on the integer wavelet transform (IWT), DNA encoding, and chaotic keys [44]. IWT decomposition was applied as a first encryption level, and the logistic map was used for permutation, followed by a substitution step using the Lorenz attractors. To enhance the level of security, a BITXNOR was carried out to get the encrypted image. Guesmi et al. developed a cipher method through a new proposed hybrid chaotic system, Secure Hash Algorithm, and DNA operations [45]. The generated SHA-256 sequence served as a key image and as initial values for the chaotic hybrid function. DNA XOR operation and S-Box performed the confusion step, and the chaotic hybrid sequences executed the pixels permutation.
In 2021, Yan et al. proposed an image encryption algorithm based on arithmetic sequence, logistic map, and DNA operation [48]. The initial value and control parameters of the chaotic system were computed using the SHA-512 function of the original image. Thus, the encryption key was given by the chaotic system. This scheme is based on the arithmetic sequence scrambling model and DNA pixel diffusion. Recently, authors in [47] and [49] proposed new hyperchaotic systems for image encryption. Yang et al. used a new four-dimensional memristive hyperchaotic system combined with the hash function and DNA encoding [47]. The higher four-bit-plan of the cover image was selected for chaotic scrambling. Before that, the image was encoded and decoded through DNA rules. The obtained DNA sequence was substituted with complementary pairing DNA rules. Lastly, the encrypted image was obtained by performing dual pixel-level diffusion. Hui et al. used the SHA-512 function for calculating the initial values of the new proposed hyperchaotic system [49]. The hyperchaotic sequence was used as a key stream to encrypt the cover image through pixel confusiondiffusion.
In this context, an efficient and secure medical image cryptosystem is introduced based on hash functions, chaotic maps, and DNA cryptography. Unlike previous works, we generate the initial cryptographic key using a combination of two hash functions (MD5 and SHA-256) from the original image and its extracted metadata. Therefore, the proposed encryption scheme is highly dependent and sensitive to the original image. Further, the proposed scheme is required by a large key space composed of the cryptographic key and external data. The generated key makes our scheme powerfully robust toward various attacks (chosen-plaintext attack, known-plaintext attack, brute-force attacks). We also preprocessed the plain image by performing rotation and permutation processes on its two MSB bit-plans to reduce the black background of medical images, which produces redundant DNA series. These processes enhance the encrypted image entropy and decrease the correlation among adjacent pixels in the cipher image. As the 1D chaotic systems have lower computational complexity than the multi-dimensional hyperchaotic system, the 1D chaotic tent map generates the key image and shuffles the DNA sequences. Besides, the 1D logistic map dynamically chooses the DNA encoding-decoding rules for every two bits of a pixel value. Thus, our algorithm is secure, fast, and useful for real-time applications with low complexity for hardware implementation.
In the following sections, we present the DNA cryptography, the chaotic maps, and the cryptographic hash functions. Next, we explain the proposed cryptosystem. Then, we illustrate the simulation results, and we analyze the security performance of the proposed algorithm compared to recent works. Finally, we conclude.

BACKGROUND
Regarding the interesting encryption properties of DNA, chaos, and hash functions, these encryption methods represent proper tools to design a robust cryptosystem that can resist various common attacks and achieve better encryption performances. The basic notions of DNA cryptography, chaotic systems, and hash functions are introduced in this section.

DNA encoding-decoding
Deoxyribonucleic Acid (DNA) is a promising area in cryptography, and it is also used as an information carrier. The main function of DNA cryptography is to set up a unique DNA sequence for each image [50]. The DNA is a molecule composed of four types of nucleotides: Adenine (A), Thymine (T), Cytosine (C), and Guanine (G). Among these bases, A and G are complementary to T and C, respectively [35]. In binary numbers, 0 is the complement of 1. Likewise, elements pair of (00, 11) and (01, 10) are complementary [44]. According to the 8 DNA encodingdecoding rules (see Table 1), the image pixels are represented by a series of four nucleotides. These rules satisfy the opposite pairing base encoding-decoding rules as listed in Table 1. We can use different kinds of DNA operations to diffuse the DNA sequences. Therefore, there exist eight varieties of DNA rules for each operation.

Chaotic maps
The chaotic system is a robust and secure encryption tool because of its beneficial properties and randomness. It is random, imperceptible, and depends on its initial conditions and parameters. Chaotic systems can be produced from various chaotic maps, such as the logistic and tent maps. These maps are the most popular and simplest 1D chaotic maps. One-dimensional chaotic maps are less time-consuming and more suitable for hardware implementation compared to hyperchaotic maps.

Logistic map
A one-dimensional logistic map is one of the simplest chaotic maps used in several works to generate the key sequence [19,29,30]. It is described as follows: where is the parameter of logistic map 0 ≤ ≤ 4 and x(0) is the seed value. When 3.5699456 ≤ ≤ 4, the map behaves chaotically. The produced logistic sequences are sensitive to their initial conditions, in the sense that two logistic series generated from distinct initial conditions are statistically uncorrelated [50]. The output values of the logistic map are in the range of [0, 1]. The logistic sequence is used in our work to select DNA encoding-decoding rules randomly for every 2 bits of a pixel value.

Tent map
The tent map is a piecewise function that generates chaotic sequences in [0 1]. Mathematically, its generalized form [51] can be defined as: where is in the range [0,2]. The tent map exhibits chaotic behaviour for every value of the control parameter ∈ [1,2]. It is a proper tool for image scrambling [52]. In our work, the tent map is used as a key image and as a shuffling tool.

Hash functions
The hash function is essentially used to provide security, integrity, and authentification [14]. Because of its irreversibility, it can resist attacks such as known-plaintext, chosen-plaintext, and chosen-ciphertext attack. The hash function serves to map any input data with arbitrary size to fixed-size output values. Among those hash functions, one can cite the Secure Hash Algorithm-256 (SHA-256) [52] and Message-Digest Algorithm (MD5), which generate 256 bits and 128 bits hash values, respectively. SHA-256 and MD5 are used in the proposed scheme to generate the key. The following two totally different SHA-256 sequences of two MRI images with only a one-bit difference are presented: • SHA-256 sequence 1: a16865e2d3fde696f1c09eeb91993c14195d011ceea04210afba 872c6de34baa. • SHA-256 sequence 2 with one-bit change: 4eac6b484ad7cc39095196e5f4cc399dccbfeff3dea5680647 d34de3ab45bdbb.
One can notice the high sensibility of the hash function to input data. Hence hash function generates a unique sequence for each input data even if the data are very close.

PROPOSED METHOD
The proposed chaotic medical image cryptosystem is divided into three main phases: key space generation, encryption, and decryption.

Key space generation
The key space is a crucial and important part of a cryptosystem. In our scheme, the key space consists of the generated key K and the external data ( 1 , 2 , N 1 , N 2 ) (see Figure 1). The main advantage of this key is its strong correlation with the plain image. It is related to image pixels and extracted metadata. The extracted image metadata comprises all medical image information such as filename, file mode date, format, modality, patient name, patient ID, and implementation version name. It also depends on the machine where the scheme was executed. Therefore, even one has access to the original image, it is difficult to access its metadata and, in turn, the key. In this scheme, a combination of SHA-256 and MD5 hash functions produces the key K , which computes the initial values of the chaotic maps.
The key K is generated following the steps below (see Figure 1): Step 1: Read the cover medical image and extract its metadata.
Step 2: Compute the MD5 hash functions of both the metadata and cover image, then concatenate the two obtained Hexadecimal sequences.
Step 3: Compute the SHA-256 hash function of the concatenated sequence to get the key K .
Step 4: Convert K sequence from Hexadecimal to binary format, and divide it into 8-bit blocks.
Step 5: Present K into 32 hash key as follows: K = k 1 , k 2 , … , k 32 Step 6: Compute the initial values of the logistic and tent maps, respectively (x 0 and y 0 ), following the equations below: where x 0 and y 0 are in range [0,1]. Figure 2 illustrates the encryption scheme that includes three main parts: the key generation part based on MD5/SHA-256, the MSB bit-plan rotation and permutation part (plain image preprocessing), and the confusion-diffusion part produced by the tent map and XOR operation (DNA encoding-decoding).

The encryption algorithm
The following steps describe the encryption algorithm: Step 1: Read the input medical image of size M × N and extract its metadata.
Step 2: Generate the key K and compute the initial values of the chaotic maps (see section 3.1).

FIGURE 2 The encryption scheme
Step 3: Rotate the two MSB bit-plan of the original image with 90 • and -90 • respectively, and permute their positions. Our goal is to reduce zero value pixels, which produce redundant DNA sequences. Then, we convert the obtained image to a vector.
Step 4: -Create pseudo-random number sequences L and T through logistic and tent maps, respectively.
-Iterate the logistic and tent maps by N 1 + M × N × 4 and N 2 + M × N × 4, respectively; N 1 and N 2 are abandoned iterations to avoid the transient effect and make the logistic and the tent maps, respectively fully chaotic.
-Perform sorting on the pseudo-random sequence T as follows: where I n represents the index and Y i represents the sorted sequence. T is quantized using (6) to be used as a key image (KI ).
Step 5: Perform DNA encoding on the intermediate image vector and the pseudo-random tent sequence. The DNA encoding rule is selected randomly by the logistic sequence using the following equation: where X i is the logistic sequence.
Step 6: Scramble the DNA vector using the index of the tent map as follows: Permuted _encoded _vector (h) = Encoded _vector (I n (h)); Step 7: Perform the diffusion process by applying the XOR operation between the encoded scrambled image sequence and the encoded tent sequence.
Step 8: Decode the diffused DNA sequence using the same encoding rules. One pixel is represented with four nucleotides; decoding this pixel gives eight bits binary sequence. For example, decoding the DNA pixel sequence ATTC according to the following decoding rules X i = {1, 4, 5, 6} results in a 00100100 binary sequence, which is equivalent to 36.
Step 9: Reshape the decoded sequence to get the cipher image.

The decryption algorithm
The proposed scheme is reversible. Therefore, the decryption process is performed to recover the original image. Figure 3 illustrates this processes in eight steps: Step 1: Read the encrypted medical image and convert it to a vector.
Step 2: Compute the secret key K through the two MD5 sequences. K calculates the initial values x 0 and y 0 (see ( (3) and (4)).
Step 3: Create the pseudo-random sequences L and T , respectively, through logistic and tent maps. The key image is created from quantized values of T .
Step 4: Encode the encrypted image vector and the key image vector into DNA sequences.
Step 5: Carry out XOR operation to perform the inverse process of the diffusion algorithm.
Step 6: Perform the inverse scrambling algorithm to get the plain DNA sequence according to the logistic map.
Step 7: Decode the DNA sequence according to dynamically chosen DNA rules given by the logistic sequence. Next, reshape the decoded sequence to get the preprocessed cover image.

FIGURE 3 The decryption scheme
Step 8: Slice the preprocessed image into bit plans and rotate the two MSB plans by -90 • and 90 • , respectively. Then permute their positions to get the plain image.

RESULTS AND DISCUSSIONS
This section shows the simulation results of the proposed scheme. We implemented the proposed algorithm in MAT-LAB R2018b platform on a 64-bit machine with a Core-i5 processor and 8 GB RAM. To evaluate the performance of the cryptosystem, we used various modalities of DICOM medical images: Magnetic Resonance Imaging (MRI), Ultrasound (US), X-radiation (X-ray) of size 512 × 512. Figure 4 shows the test cover images. From the middle sub-figures, one can see that the cipher images are similar to noise, and one cannot get any meaningful information about the original images from them. The proposed scheme is reversible; the decrypted images are similar to the original ones. A secure cipher scheme should resist various common attacks such as statistical attacks, differential attacks, and brute-force attacks. Therefore cipher algorithm design must pass some standard security tests to prove its strength.

Statistical attacks analysis
Histograms, information entropy, and correlation analysis of adjacent pixels in cipher images measure the security of the proposed algorithm against statistical attacks. The cryptosystem quality can be ensured through quantitative histogram analysis (histogram variance, maximum deviation, and irregular deviation) and visual strength analysis (contrast, energy, and homogeneity).

Histogram analysis
The histogram is the number of pixels on each gray level. It is used to verify the similarity between images and to evaluate the encryption scheme performance. A good cipher algorithm yields a cipher image with a flat and uniform histogram to resist statistic attacks [7]. Figure 5 shows the histograms of the plain, cipher, and decrypted images. The cipher histograms are completely different from the histograms of their corresponding original and decrypted images. As the proposed scheme is reversible, we can see that the histograms of the cover and decrypted images are similar. The cipher image histograms are uniformly distributed, meaning the cipher images cannot provide any useful statistical information about the original images.
On the contrary, the histogram distributions of the plain images are not uniform. Therefore, the proposed scheme withstands the attack of statistical analysis. We verify the visual uniformity by calculating the histogram variance [7] given by: Z represents the histogram values, and (z i , z j ) are the numbers of pixels whose gray values are equal to i and j . In an efficient cryptosystem, the enciphered image variance should be as low as possible regarding the cover image variance. The higher is the uniformity of an encrypted image, the lower is its histogram variance. Table 3 illustrates the histogram variances of the original and cipher images. It shows that the variances of the cipher images are considerably inferior to those of the cover images.
The variance values are passed from millions to hundreds; there is a significant decrease indicating that the histograms of cipher images are uniformly distributed. Thus, our algorithm has a strong ability to resist histogram analysis.

Maximum deviation
The maximum deviation (MD) reflects the difference between histograms of the cover and plain images. Hence, the better quality encryption scheme presents a higher value of deviation [53]. The maximum deviation is given by: where D denotes the absolute difference between the cipher and cover image histograms. It is clear from Table 3 that the proposed scheme exhibits huge MD values (25,8415,192,304,183,312), meaning that the encrypted image is wholly changed compared to its cover image. Hence, the proposed scheme output does not exhibit any meaningful information regarding the nature of the encryption algorithm.

Irregular deviation
Irregular deviation (ID) determines the variation of image deviation histogram compared to the uniform distribution [21]. An excellent encryption scheme exhibits minimum irregular deviation values. Equation 10 describes the ID: where HD represents the histogram of the absolute values of the difference between cover and ciphers. MH is the average of HD. Table 3 displays the irregular deviation values of the test images with size 512 × 512, which are in an acceptable range comparing with state-of-art algorithms. These values are small due to irregularity and less divergence of the histogram from the uniform histogram, reflecting the good encryption effects of the proposed scheme.

Correlation coefficient analysis
In the original image, two adjacent pixels are strongly correlated [21]. A good encryption algorithm should break the correlation among neighboring pixels [44]. Figure 6 presents the correlation distributions of the original and encrypted images in horizontal, vertical, and diagonal directions, respectively. The second,  fourth, and sixth columns of Figure 6 show that the correlation coefficients of the cipher images are uniformly distributed and scattered in horizontal, vertical, and diagonal directions. Therefore, the proposed encryption scheme reduces the correlation among pixels in the cipher image. The achieved near-zero correlation values given in Table 3 validate the visual interpretations. These results confirm the robustness of our method against statistical attacks.

Information entropy analysis
Entropy represents the most crucial feature in a cryptosystem. It gives information about the randomness in a cryptosystem, and it measures the disorder and the distribution of the gray values in the image [17]. The flatter the distribution of gray pixel values is, the higher the information entropy. It is calculated by the following where p(x i ) represents the probability of the information source x, for an 8-bit depth gray image, the maximum value of entropy is 8. So, the closer it gets to 8, the greater and random the cryptosystem is. Table 3 shows that the entropy values are all very close to the ideal value up to 7.9995, so the cipher images achieved high randomness. Thus, our scheme hardly leaks any information. It is robust against statistical attacks.

Peak signal to noise ratio
The Peak Signal to Noise Ratio (PSNR) indicates the variations in pixel values between the cover and cipher images. It reflects a good encryption scheme when given a low PSNR value of less than 10 dB [21]. PSNR is measured in decibels, and it is given by: where MSE represents Mean Square Error, it is calculated as follows: X (i, j ) represents the original image, Y (i, j ) represents the encrypted image, and (i, j ) are the positions of the pixels in the M × N image. MSE is equal to zero when X (i, j ) = Y (i, j ). PSNR values given by the proposed scheme are displayed in Table 3. The scheme presents minimal PSNR values down to 6 dB, proving its high security and effectiveness.

Visual strength analysis
The Gray Level Co-occurrence Matrix (GLCM) of an image represents the distribution of co-occurring pixel values at a given offset. It is used to analyze image texture and to evaluate the encryption performance. We used the co-occurrence matrices statistics (contrast, energy, and homogeneity) to evaluate encryption performance of our proposed scheme.

Contrast
Contrast represents the difference in the brightness (dark and light) of an image. Considering that image contrast is proportional to its randomness, it is used to evaluate the cryptosystem performance [54]. The following equation calculates contrast: where P (i, j ) denotes the (i, j )th-element in GLCM.

Energy
Energy measures how regular image grey level values are distributed within a given search area [54]. High energy value represents high values of pixels in a given area. Therefore, the energy of an enciphered image should be small, considering the uniform distribution. Otherwise, the cover image energy is more significant. The energy is calculated as follows: where G represents the gray-level co-occurrence matrix.

Homogeneity
The homogeneity measures how close the distribution of elements is to the GLCM-diagonal direction values in the graylevel co-occurrence matrix [53]. It is inversely proportional to the contrast; the encrypted image homogeneity should be small and less than the cover image homogeneity in an efficient encryption scheme. The following equation computes the homogeneity: where G is the GLCM. Table 3 displays the visual quality analysis. We note that the contrast values of cipher images increase compared to cover images ones, passing from values less than zero up to 10.5988. As we can see that the encrypted images energy values (0.015629, 0.015627, 0.015626) are smaller than the cover images energy values (0.2000, 0.1861, 01582), showing a nonhomogeneous texture and randomness of the cipher image that ensures high security. Besides, the homogeneity values are smaller for the cipher images with minimum values of 0.3875 and 0.3879. These small values indicate the disorders, the uniformity of the distribution of the pixels in the encrypted image, and so the high quality of the encryption scheme. The numerical visual strength results confirm the security of our proposed scheme and ensure its good encryption properties and robustness against statistical attacks.

Differential attacks analysis
The differential attack evaluates the algorithm sensitivity of original images; it examines how a slight difference in the original image could influence the cipher image. It is analyzed through the Number of Pixels Change Rates (NPCR) and the Uniform Average Change Intensity (UACI). These two metrics are widely used for security analysis in the image encryption community [8,31,44,55]. The calculation equations of NPCR and UACI are as follows: where D(i, j ) is a bipolar image defined in (18), C 1 and C 2 denote the cipher images before and after a one-pixel change of the plain image, respectively. The NPCR focuses on the absolute number of pixels that change values during differential attacks, while the UACI focuses on the averaged difference between two paired cipher images [56]. The values of NPCR and UACI must be close to the optimal values (NPCR > 99% and UACI ≈ 33%) [18]; they must also pass the critical values as given in [56]. The obtained NPCR and UACI values are listed in Tables 4 and 5, which confirm that the proposed algorithm passes all tests. Consequently, the proposed scheme resists differential attacks.

Chosen/known-plaintext attacks analysis
There are four classical types of attacks: Ciphertext-Only Attack (COA), Known-Plaintext Attack (KPA), Chosen-Plaintext Attack (CPA), and Chosen-Ciphertext Attack (CCA). Among them, the CPA and KPA are the most powerful attacks, and if a cryptosystem can resist them, it can withstand all other attacks [28,42,55].
The Chosen-plaintext attack (CPA) is a cryptoanalysis tool that chooses a random cover image to be encrypted and get the cipher image. The main goal of CPA is to deduce the secret key and get useful information about the cryptosystem by analyzing the plain images and their corresponding cipher images. The known-plaintext attack (KPA) is a cryptanalyst method where the attacker can access the plaintext and its related ciphertext, trying to determine a correlation between them. We consider a strongly correlated key-medical image to prevent these kinds of attacks; the key space is altered for each cover image (unique key for each image), maintaining high security against KPA [8]. Furthermore, the high sensitivity of the key (due to the chaotic maps and the hash functions) provides a sufficiently high level of security against these attacks. To ensure robustness against CPA, we test our scheme using XOR-based substitution methods [57]. The scheme is considered secure when satisfying the following equation: where I 1 and I 2 are the plain images, and CI 1 and CI 2 are their corresponding ciphered images. From (20), one can understand that the attack model relies on using the same key for encrypting different images. Figure 7 shows both the output of the XOR operation of the plain images and the cipher images, respectively. The output images are entirely distinct; then, one cannot get any meaningful information related to the key. The proposed scheme can effectively resist CPA and KPA. Consequently, it can resist Ciphertext-Only Attack and Chosen-Ciphertext Attack.

Key analysis
The secret key is a crucial feature in an encryption scheme. It should be evaluated against the exhaustive attacks involving two kinds of analysis: the key space and the key sensitivity [22].  Encryption systems have to be provided with a large key space (greater than 2 100 ) [29] to resist brute-force attacks. In the proposed scheme, the secret key includes two 128-bit hash values, 256-bit hash values, and four external parameters of the chaotic maps 1 , 2 , N 1 , N 2 . The key space is equal to 2 128 * 2 × 2 256 × 2 53 * 2 × 2 3 * 2 = 2 624 ; it is extremely higher than 2 100 . Therefore, brute-force attacks on the key are computationally difficult.

Key sensitivity analysis
A robust encryption algorithm has to be sensitive to its secret key. A little change in the key will manifest a significant modification in the output. We test the key sensitivity by changing only the 14th digit before its decimal point. The decryption is performed on the cipher image with the wrong key x wrong = 0.278431372549020 instead of the correct key x correct = 0.278431372549021, the output is shown in Figure 8a. We see that the decrypted image is different from the original one. Thus, only the correct secret key can correctly recover the

Robustness analysis
During the transmission of medical images through the internet, images are exposed to data loss or noise. An efficient encryption method can correctly reproduce cipher images when exposed to data loss or noise.

Occlusion attacks evaluation
The occlusion attack evaluates the ability of the encryption method to withstand data loss. Therefore, we used a change of gray pixels values part of the cipher image to zero. Then we perform the decryption scheme to see the effects on the original image, as shown in Figure 9. We used the PSNR to evaluate the difference between the decrypted and the plain images. Figure 9 shows the recovered images from the cipher  images with various data losses. Table 6 illustrates Figure 9 with meaningful values of PSNR for 1∕64, 1∕32, 1∕8, and 1∕4 image data losses. We note that increasing the data loss size decreases the decrypted image quality. The decrypted image is still recognized even though 25% loss with PSNR values in the range [13.8305 dB, 25.7358 dB]. Therefore, our scheme is intensely capable of resisting the occlusion attacks. Furthermore, Table 6 demonstrates the better capacity of the proposed scheme to resist data loss attacks compared to other encryption schemes.

Noise attacks evaluation
To test the ability of our scheme to resist noise attacks, Salt & Pepper noises (SPN) with various densities are added to the encrypted image. Robustness under noise evaluation is given by the PSNR values measured between the original and decrypted images after adding noise. The higher value of PSNR reflects the higher similarity between the original and deciphered images. Figure 8 shows the decrypted X-ray image after adding different noise variances of SPN. We notice that the decrypted images are still recognized by the human visual system, yet with 0.1 noise variance. PSNR comparative analysis is presented in

Computational complexity analysis
In computational complexity, we consider how many times each statement executes. The proposed algorithm performs five significant operations to encrypt grayscale medical images: chaotic key sequences generation, DNA encoding, XOR operation, DNA sequence scrambling, and DNA decoding.  N )). Following the notation as in [76], the computational complexity of the proposed scheme is [2 × C + 3 × D + S + X ] × M × N ; it is linear, so the time consumes by the proposed scheme grows with the size of the plain image. Compared with the algorithm [77] that uses DNA cryptography with time complexity of [5 × C + 3 × D + S + X ] × M × N for single image encryption [76], we found that the proposed scheme exhibits less computational complexity.

Execution time analysis
Execution time is a crucial foundation for algorithmic efficiency, notably for real-time applications and the field of telemedicine. Table 8 shows the execution time of the proposed scheme compared to related works using the X-ray DICOM image with various sizes. We notice that the execution time increases with the image size. The proposed encryption algorithm ranks first compared to the other mentioned algorithms [10,26,29,59].
The simulation results indicate that the proposed encryption is sufficiently fast for practical and real-time applications. Otherwise, some new works achieve a slightly reduced execution time [60] than our scheme, but the proposed scheme presents better encryption performance than those works. Nevertheless, the execution time of the proposed scheme stills suitable for realtime applications when considering the good encryption effects.

Comparative analysis
In this section, we compare the performance of the proposed scheme to various recent state-of-art image encryption schemes using standard test images "Lena" of sizes (512 × 512) and (256 × 256) and "Cameraman" of size (256 × 256).
Histogram variance values comparison is shown in Table. All the encrypted images exhibit small variance values compared to the original ones. Our scheme produces the smallest histogram variances compared to related works [61][62][63][64][65], presenting a high histogram uniformity and security. Besides, the proposed scheme exhibits the most significant value of MD and the minimal value of ID, as shown in Table 10. Moreover, we provide a comparative analysis of the proposed scheme in terms of PSNR, as displayed in Table 11. The proposed algorithm presents the smallest and the best PSNR value with 9.1603 dB, which indicates the huge difference between the cover and encrypted images ensuring the security of the encryption scheme.
Next, the visual quality analysis (contrast, energy, homogeneity) comparison is presented in Table 12. Cameraman, black, and white images are used to test and compare the visual quality of the proposed scheme. A higher value of contrast, small values of energy, and homogeneity reflect a higher degree of disorder and security of the encrypted image. It is the case of the proposed cryptosystem, which exhibits the most important contrast values compared to [68,72,73]. Also, we see that the  proposed method presents small values of energy and homogeneity. It has the best results in many cases when compared to other algorithms. The texture of the encrypted image is noiselike and non-homogeneous. Therefore, the encryption scheme is strongly robust and secure against statistical attacks. Lastly, the comparison analysis of entropy, correlation coefficient, NPCR, UACI, and key space are presented in Tables 13  and 14. We observe that the information entropy values of the schemes are all very close to 8, as we also notice that our proposed scheme has the highest entropy values for both sizes of Lena images (256 × 256) and (512 × 512) with 7.9978 and 7.9995, respectively. For the correlation analysis in the horizontal, vertical, and diagonal direction, we use the following equation: The given correlation values are too close to 0, displaying the uniform distributions of the cipher images, with a minimum correlation value of 6.6617e-07 produced by the proposed scheme. The suggested algorithm NPCR and UACI values scores among the highest values compared to the state-of-art algorithms with values of (99.6552, 99.6210) and (33.5871, 33.5019), respectively. Thus the proposed scheme is very sensitive and effective; the minor changes in the plain images significantly change the cipher image. It is strongly robust to differential attacks compared to previous works.
Finally, the proposed scheme exhibits a considerably large key space (2 624 ) compared to various state-of-art algorithms making the scheme strongly unbreakable and more robust against bruteforce attacks.

CONCLUSION
In this work, we propose a secure chaotic encryption-decryption scheme based on correlated key-medical image, DNA coding, and hash functions (SHA-256 and MD5). The key is strongly related to the medical image; it is derived from both hash functions of the cover image and its extracted metadata. A preprocessing step is performed using the first two MSB bit-plans rotation and permutation to reduce the medical image black background. Then, the image is encoded into a DNA sequence using the logistic map to randomly get the encoding-decoding rules for every two bits of a pixel value in this stage. Then we shuffle the DNA sequence using the tent map. The diffusion is done using the XOR operation between the DNA key image and the DNA permuted image. Lastly, we get the cipher image by applying the DNA decoding process. The first main advantage of the proposed method is the high key-medical image correlation. Thus, the scheme is highly dependent and sensitive to its input data. Besides, our scheme is provided by a very large key space making the cryptosystem powerfully robust toward various attacks such as statistical attack, chosen/knownplaintext, and brute-force attacks. The second advantage is the two-level of confusion-diffusion that makes the cryptosystem highly secure against statistical attacks. The first level is the plain image preprocessing, and the second level is the permutation and substitution of the DNA encoded plain image and key image. The third advantage is using 1D chaotic maps, which have lower computational complexity and less execution time than multi-dimensional hyperchaotic systems. Therefore, the overall encryption system performance (histogram variance, entropy, correlation, NPCR, UACI, execution time, and key space) is improved compared to new works. The proposed algorithm is strongly secure and robust, useful for real-time applications and hardware implementation. Indeed, some new works achieve a slightly reduced execution time regarding our scheme. Indeed, some new works achieve a slightly reduced execution time regarding our scheme. However, the proposed scheme presents better security performance, and its slightly raised execution time can be ignored. We propose a hardware implementation to speed up the proposed cryptosystem for an efficient embedded real-time telemedicine application that secures the medical image transmission.