IEEE Access (Jan 2024)

A Comparison Between EtC and SPN Systems: The Security Cost of Compatibility in JPEG Images

  • Manuel Alejandro Cardona-Lopez,
  • Rolando Flores-Carapia,
  • Victor Manuel Silva-Garcia,
  • Eduardo Vega-Alvarado,
  • Marlon David Gonzalez-Ramirez

DOI
https://doi.org/10.1109/ACCESS.2024.3412681
Journal volume & issue
Vol. 12
pp. 81506 – 81517

Abstract

Read online

In this work, a proposal to quantify the security gap between Encryption-then-Compression (EtC) systems and the Substitution-Permutation Network (SPN) is presented. A new image transmission system for JPEG files, EtC with Quantization before Transformation (EtCQT) was developed to test the proposed comparison. SPN is a well-known model used for security comparisons but is incompatible with the lossy compression required for saving storage while transmitting images. EtC systems have been designed considering compression performance rather than security, and in most developments in this field, only compression parameters are evaluated. The proposed evaluation was carried out with the metrics used for SPN, and the results showed the weaknesses of the EtC systems by quantifying them. This could help to improve security while keeping compatibility in future designs. EtCQT is based on the EtC scheme combined with block scrambling, with a quantization step instead of a permutation in the color transformation stage. The impact of this modification is an important reduction of the original pixel values in the color distribution that increases the information security, preserving only $16.\overline {6}\%$ of the initial values compared to 50% in other EtC systems.

Keywords