Available online at https://journal.
com/index.
php/ijqrm/index International Journal of Quantitative Research and Modeling e-ISSN 2721-477X p-ISSN 2722-5046 Vol.
No.
3, pp.
364-376, 2025
Digital Image Security with AES and Blowfish Double Encryption Iqbal Dwi Nulhakim1*.
Asep Id Hadiana2.
Melina3
1,2,3
Department of Informatics.
Faculty of Science and Informatics.
Universitas Jenderal Achmad Yani.
Jl.
Terusan Jend.
Sudirman.
Cimahi.
West Java, 40525.
Indonesia *Corresponding author email: iqbaldwin21@if.
Abstract Protection of digital images is becoming increasingly important with the growing use of images as a medium of information in various fields, particularly in the healthcare sector.
Medical images such as Magnetic Resonance Imaging (MRI) contain sensit ive information that requires extra security against unauthorized access and data manipulation.
This study aims to design and build a digital image security system using a dual encryption approach and authenticity verification based on watermarking.
The security process is carried out in two main stages.
First, images with text-based watermarks are encrypted using the Advanced Encryption Standard (AES) algorithm to protect their visual content.
Second, the AES key is re-encrypted using the Blowfish algorithm to prevent the key from being stored in plaintext, thereby creating an additional layer of protection.
The watermark is embedded into the image using the Singular Value Decomposition (SVD) method and is first converted into a hash value using the SHA-256 algorithm, which serves to verify the integrity of the image after decryption.
The testing was conducted using the public dataset AiBrain Tumor Image Dataset (Semantic Segmentatio.
An from Kaggle, which consists of brain MRI images in .
jpg and .
The system evaluation encompassed functionality, data security, and process efficiency through system function testing, measurement of encrypted data randomness .
ntropy tes.
, file penetration using OpenSSL, and performance analysis in terms of processing time and file size.
The research results show that the system successfully implemented double encryption with a high entropy level .
and resistance to penetration attacks.
In terms of efficiency, the system achieved an average encryption time of 81.
35 ms and decryption time of 13.
68 ms with minimal file size increase.
Integrity testing confirmed that the SVD-SHA256-based watermark remained intact after the encryption-decryption process, enabling verification of image The developed system efficiently maintains the confidentiality and authenticity of digital images and can be applied in electronic medical record systems or sensitive digital archives.
Keywords: Digital images, double encryption.
AES.
Blowfish.
SVD Introduction In the digital era, the protection of sensitive data has become a crucial issue, particularly for digital images that are widely used as a medium of information in fields such as healthcare, military, and finance.
In the medical sector, images such as Magnetic Resonance Imaging (MRI) and Computed Tomography (CT-sca.
play a vital role in electronic medical record (EMR) systems, supporting diagnostic processes and clinical decision-making.
Consequently, ensuring the security of medical images is essential to prevent unauthorized access that could threaten both the privacy and integrity of the data (Nagamunthala & Manjula, 2.
In addition to healthcare, the creative industryAiincluding printing and image editingAialso faces challenges in protecting visual data.
Manipulation or leakage of digital images may harm intellectual property rights and damage the reputation of individuals or organizations (AiEnhancing Video Encryption: AES and Blowfish Algorithms with Random Password Generation,An 2.
Previous studies have shown that companies without adequate digital protection systems remain vulnerable to manipulation and image theft, highlighting the urgency of robust image security solutions (Malvi, n.
Cryptography has been recognized as one of the most effective solutions for preventing unauthorized access to digital data (Dzikri Azhari Ali & Id Hadiana, 2.
Algorithms such as Triple DES (TDES) and Blowfish have been widely applied to strengthen system security, while advanced methods like the Advanced Encryption Standard (AES) are preferred for their high performance and reliability (Nagamunthala & Manjula, 2.
Nevertheless, most existing approaches focus solely on confidentiality, often neglecting mechanisms that ensure data authenticity after decryption.
In this context, digital watermarking emerges as a complementary technique, enabling authentication and integrity verification without compromising the quality of diagnostic data (Haddad, n.
Zermi et al.
, 2.
Nulhakim et al.
/ International Journal of Quantitative Research and Modeling.
Vol.
No.
3, pp.
364-376, 2025
Several previous studies have attempted to combine encryption with steganography or watermarking to enhance image protection.
For instance, research integrating AES with steganography demonstrated resilience against thirdparty applications, yet lacked mechanisms to validate image integrity after extraction (Fajriati Romli et al.
, n.
Other works applied combinations of AES with hashing methods to secure text documents but failed to address the unique challenges of visual data protection (Rahayu et al.
, 2.
Meanwhile, watermarking methods such as Singular Value Decomposition (SVD) have proven effective for embedding ownership information, but they often lack integrated encryption or key protection mechanisms (Solikhudin et al.
, n.
Building on these findings, this study proposes the development of a dual-encryption system that applies AES to secure image content and Blowfish to protect the AES key, while incorporating watermarking based on SVD that is reinforced with SHA-256 hashing.
This approach is designed not only to preserve the confidentiality of digital images but also to guarantee their authenticity and efficiency in terms of processing time and storage requirements.
addressing the limitations of earlier approaches, the research aims to provide a more comprehensive solution for securing digital images, with potential applications in medical imaging systems and other sensitive digital archives.
Literature Review Cryptography Cryptography is a fundamental technique for securing digital data by transforming readable information into an encrypted form that can only be accessed using a valid decryption key.
The primary goals of cryptography are confidentiality, integrity, authentication, and non-repudiation, which are critical for protecting sensitive information both during storage and transmission (Melina et al.
, 2.
Modern cryptography is generally divided into two categories: symmetric encryption and asymmetric encryption.
Symmetric algorithms such as AES.
DES, and Blowfish rely on a single key for both encryption and decryption, while asymmetric algorithms like RSA use a publicprivate key pair.
Furthermore, cryptographic hash functions such as SHA-256 provide integrity checks and digital signatures that are irreversible and collision-resistant (Nagamunthala & Manjula, 2.
In the context of digital images, cryptography ensures that medical images, confidential documents, or multimedia data remain secure even if intercepted by unauthorized parties.
However, encryption alone does not guarantee proof of authenticity.
For this reason, cryptography is often combined with watermarking techniques to strengthen authenticity and ownership verification (Wayan Angga Wijaya Kusuma et al.
, 2.
This integration is particularly important in the medical field, where patient confidentiality and trustworthiness of diagnostic images must be preserved (Jamaluddin et al.
, 2.
Watermarking Watermarking refers to embedding hidden information into digital content, particularly images, with the goal of authentication, copyright protection, or tamper detection.
A watermark can be either visible or invisible, depending on the application, and should remain robust against common image processing operations such as compression, resizing, filtering, or even malicious tampering.
In medical imaging, watermarking plays a vital role in ensuring that data remains authentic even after being encrypted, transmitted, and decrypted (Zermi et al.
, 2.
Several approaches to watermarking exist, including spatial-domain techniques .
irect pixel manipulatio.
and transform-domain techniques, such as Discrete Cosine Transform (DCT).
Discrete Wavelet Transform (DWT), and Singular Value Decomposition (SVD).
Among these.
SVD-based watermarking has demonstrated superior robustness against attacks because it modifies singular values of the image matrix, which represent intrinsic properties less affected by distortion.
Recent advancements also explore deep learningAebased watermarking methods, but SVD remains one of the most efficient techniques when the priority is maintaining high visual quality and resilience (Taj et , 2.
Advanced Encryption Standard (AES) The Advanced Encryption Standard (AES) is one of the most widely used symmetric block ciphers, adopted as a global encryption standard by NIST in 2001 (Monica et al.
, 2.
AES operates on fixed-size blocks of 128 bits and supports key lengths of 128, 192, or 256 bits.
Its encryption process involves multiple rounds of transformations, including SubBytes.
ShiftRows.
MixColumns, and AddRoundKey, which are designed to provide both confusion and diffusion, thereby protecting against cryptanalysis attacks.
Due to its parallel structure and lightweight operations.
AES achieves high performance in both hardware and software implementations, making it particularly suitable for real-time applications (Jamaluddin et al.
, 2.
In the context of medical image security.
AES has been extensively applied because of its balance between computational efficiency and cryptographic strength.
The algorithmAos deterministic block structure ensures that even a single-bit modification in the input produces a completely different ciphertext output, thereby protecting sensitive data from statistical analysis.
Figure 1 illustrates the basic flow of AES encryption and decryption, emphasizing its transformation rounds.
AES operates as a block cipher with a fixed block size of 128 bits .
In AES-128, the Nulhakim et al.
/ International Journal of Quantitative Research and Modeling.
Vol.
No.
3, pp.
364-376, 2025
key length is also 128 bits, and the encryption process consists of 10 rounds of transformations, while AES-192 and AES-256 employ 12 and 14 rounds, respectively.
Each round consists of four major transformations (And & Expert, .
SubBytes: a nonlinear byte substitution using an S-Box to provide nonlinearity and diffusion.
ShiftRows: cyclic shifting of rows in the state matrix to spread data across columns.
MixColumns: a linear mixing operation based on matrix multiplication that combines bytes within each .
AddRoundKey: a bitwise XOR between the state and a round key derived from the main secret key.
Through these iterative rounds.
AES ensures strong resistance against linear and differential cryptanalysis.
Both encryption and decryption are performed on 128-bit data blocks, with key sizes of 128, 192, or 256 bits determining the number of rounds required.
The structured yet efficient process makes AES a robust standard for securing digital images, where confidentiality and rapid processing are equally essential.
The detailed encryption flow of AES is presented in Figure 1, showing the transformation steps in each round (And & Expert, 2022.
Figure 1: Tahapan Proses Enkripsi dan Dekripsi Algoritma AES Blowfish Blowfish is a symmetric block cipher algorithm with a fixed block size of 64 bits .
It supports a variable key length ranging from 32 bits .
to 448 bits .
, with a default size of 128 bits .
Due to its flexibility in key size and relatively lightweight computation.
Blowfish is widely adopted in applications that require secure but efficient encryption (And & Expert, 2022.
The algorithm consists of two main components: key expansion and the encryptionAedecryption process.
Key expansion must be performed first to generate the required subkeys, while the encryption and decryption operations are carried out using a Feistel network with 16 rounds.
The encryption procedure of Blowfish can be described as follows (Fahriani & Rosyid, 2.
Initialization of P-array with 18 subkeys (P1.
P2.
, each containing a 32-bit value.
Initialization of S-boxes, which are four substitution boxes (S1.
S2.
S3.
, each consisting of 256 entries with 32-bit values.
A 64-bit plaintext block is taken as input.
If the input does not meet the required size, padding is applied to fit the block length.
The 64-bit plaintext block is divided into two 32-bit halves, denoted as XL .
eft par.
and XR .
ight par.
For each encryption round, the following operations are performed:
C XL = XL XOR Pi C XR = XR XOR F(XL) where F is a nonlinear function that uses the initialized S-boxes.
C Swap the values of XL and XR.
C Repeat the process for a total of 16 rounds.
After completing the 16 rounds, a final step is performed:
C XR = XR XOR P17
C XL = XL XOR P18
The two halves (XL and XR) are concatenated to form the 64-bit ciphertext.
For the decryption process, the same sequence of steps is applied, but the P-array is used in reverse order.
This property is an advantage of the Feistel structure, where the encryption and decryption operations are essentially identical, differing only in the key scheduling order.
Figure 2 illustrates the overall process of Blowfish encryption and decryption, showing the repeated Feistel rounds and the way subkeys are applied.
Nulhakim et al.
/ International Journal of Quantitative Research and Modeling.
Vol.
No.
3, pp.
364-376, 2025
Figure 2: Tahapan Proses Enkripsi dan Dekripsi Algoritma Blowfish Combination of AES and Blowfish The integration of AES and Blowfish offers a layered security model that leverages the strengths of both AES provides strong encryption for the actual image data, while Blowfish secures the AES key with its flexible key structure and Feistel-based transformations.
This combination reduces the risk of single-point failure because even if the AES ciphertext is exposed, it cannot be decrypted without also recovering the Blowfish-protected key (Fahriani & Rosyid, 2019.
Jamaluddin et al.
, 2.
Previous studies have demonstrated that hybrid encryption approaches increase resistance against brute-force and differential attacks, while maintaining processing efficiency.
Thus, combining AES and Blowfish provides an optimal balance of performance, scalability, and robustness for multimedia security, particularly in contexts where both data confidentiality and key protection are paramount (Jamaluddin et al.
, 2.
Algoritma Hash SHA-256 SHA-256 is one of the most prominent members of the SHA-2 (Secure Hash Algorithm .
family, designed by the National Security Agency (NSA) and standardized by NIST.
The algorithm produces a fixed 256-bit hash value regardless of the size of the input, ensuring consistency in output length while providing strong collision resistance.
Unlike encryption, hashing is a one-way operation, meaning the original input cannot be reconstructed from the hash One of the key features of SHA-256 is its avalanche effect, where even a single-bit change in the input results in a completely different hash output.
This sensitivity makes it highly reliable for integrity verification, ensuring that no alterationAiwhether accidental or maliciousAihas occurred in the data (Ariska, 2.
In the context of digital image security.
SHA-256 is widely used to generate digital signatures, to verify the integrity of medical images, and to convert watermark text into a secure hash value before embedding it into an By embedding the hash rather than the original watermark text, the system strengthens both security and robustness, since the hash is computationally infeasible to reverse-engineer (Ariska, 2.
Entropy Test Entropy is a fundamental statistical measure used to evaluate the randomness and unpredictability of encrypted In cryptographic systems, an ideally encrypted image should resemble pure random noise, making it infeasible for attackers to deduce any patterns from the ciphertext.
The entropy value is calculated using ShannonAos information theory, defined as (Dirjen et al.
, 2.
represents the possible intensity levels of a pixel .
Ae255 for an 8-bit grayscale imag.
, ) is the probability of occurrence of the pixel value mim_imi.
Nulhakim et al.
/ International Journal of Quantitative Research and Modeling.
Vol.
No.
3, pp.
364-376, 2025
For an 8-bit image, the maximum possible entropy value is 8, indicating that all pixel values occur with equal A value close to 8 suggests that the encrypted image has high randomness and does not preserve any statistical characteristics of the original image.
On the other hand, values significantly lower than 8 indicate potential weaknesses in the encryption process, as residual patterns may remain detectable.
In image encryption research, entropy analysis is considered a benchmark test to validate the robustness of cryptographic algorithms against statistical and differential attacks.
In this study, entropy analysis is applied to the encrypted (.
files to ensure the ciphertext does not reveal any exploitable structure of the original image.
Penetration Test While entropy measures the statistical randomness of ciphertext, penetration testing evaluates the practical resilience of an encryption system against unauthorized access.
It simulates real-world attack scenarios where an adversary attempts to decrypt encrypted data without the correct key.
One of the commonly used tools for such testing is OpenSSL, which provides cryptographic command-line utilities to attempt decryption with incorrect keys or bruteforce attacks.
A secure system must return failure messages (Aibad decryptA.
when an invalid key is provided, ensuring that no partial or corrupted data can be reconstructed (Fajriati Romli et al.
, n.
In digital image security, penetration testing serves as an essential complement to entropy analysis, because high statistical randomness alone does not guarantee resistance against practical attacks.
By combining both methods, researchers can confirm that the encryption system is not only theoretically secure but also practically robust against adversaries with computational resources (Fajriati Romli et al.
, n.
Materials and Methods Research Approach This research applied a quantitative experimental approach in developing and evaluating a secure system for digital medical images.
The experimental method was chosen to objectively measure the performance and effectiveness of the proposed double encryption and watermarking scheme in realistic scenarios.
The system integrates two symmetric cryptographic algorithms: AES-128 is used to encrypt watermarked images, while Blowfish secures the AES key This layered mechanism strengthens confidentiality, ensuring that unauthorized users cannot access image data even if the main encryption key is compromised.
Additionally, the system embeds ownership verification through a watermarking process based on Singular Value Decomposition (SVD).
The watermark text is first hashed using SHA256, then embedded into the image matrix, allowing later verification of integrity and authenticity.
Research Flow The research process was structured in several stages, starting from theoretical review to experimental evaluation.
The first stage involved a literature review, focusing on cryptographic algorithms, watermarking techniques, and methods for evaluating system security such as entropy analysis and penetration testing.
The second stage was the requirement analysis and system design, which defined functional needs such as image upload, encryption, decryption, watermark embedding, and verification, as well as non-functional needs such as processing speed and storage efficiency.
Based on these requirements, a system architecture was designed to include input, processing, and output layers.
The third stage was dataset collection and preprocessing, which ensured the selected MRI brain images were suitable for the system in terms of size and format.
The fourth stage was system implementation, which used Python and Flask to develop a web-based platform that allows users to upload images, insert watermarks, provide encryption keys, and process encryption/decryption automatically.
The fifth stage was system testing and evaluation, which included functional testing to confirm correct operations, security testing with entropy and penetration analysis, and performance testing by measuring time efficiency and file size changes.
Finally, the sixth stage was the reporting of results, where findings were documented and compared with existing approaches to highlight strengths and The complete research workflow is summarized in Figure 2, which shows each stage from literature review to final This diagram emphasizes the step-by-step process, ensuring that the experiment is reproducible and systematically structured.
Nulhakim et al.
/ International Journal of Quantitative Research and Modeling.
Vol.
No.
3, pp.
364-376, 2025
Figure 3: Research Flow Dataset The dataset used in this study was the Brain Tumor Image Dataset (Semantic Segmentatio.
, publicly available on Kaggle.
It consists of anonymized brain MRI images in .
jpg and .
png formats with file sizes ranging from 20 KB to 70 KB.
These sizes are representative of typical medical images stored in electronic health records, making the dataset relevant for evaluating both encryption efficiency and security.
Six representative images with varying file sizes were selected for testing to cover different storage and processing scenarios.
No additional labeling or classification was required, since the focus of this research was not on medical diagnosis but rather on the security and integrity of the Before testing, a preprocessing step was conducted to verify file formats, consistency, and size distribution.
This ensured compatibility with the system and allowed encryption and decryption processes to be applied directly without further modifications.
Using real MRI images rather than synthetic data strengthens the reliability of the evaluation, as the results reflect potential real-world deployment in healthcare environments.
Figure 3 provides examples of the selected MRI images, highlighting the range of file sizes and formats used for experimental testing.
Figure 4: Dataset System Design The system was designed as a web-based application that integrates watermark embedding, dual-layer encryption, and verification features into a unified workflow.
The design follows a three-layer structure.
In the input layer, users are required to upload an MRI image, enter a textual watermark, and provide encryption keys: a 16-character AES key and a Blowfish key between 4 and 56 characters.
In the processing layer, the system first hashes the watermark text using SHA-256, then embeds the hash into the image matrix using Singular Value Decomposition (SVD).
Afterward, the watermarked image is encrypted with AES-128, while the AES key is encrypted separately using Blowfish.
Both the encrypted image (.
and the encrypted key .
n Base64 forma.
are generated.
In the output layer, users can download the encrypted data, perform decryption by re-entering the correct keys, and verify the extracted watermark hash against the original to ensure authenticity.
The system was implemented using Python with the Flask framework, enabling interactive web-based access.
Cryptographic operations were performed using the PyCryptodome library, while image manipulation used OpenCV.
Nulhakim et al.
/ International Journal of Quantitative Research and Modeling.
Vol.
No.
3, pp.
364-376, 2025
Hashing was handled by PythonAos hashlib library.
The design also included additional testing tools: entropy analysis to assess randomness of ciphertext, and penetration testing using OpenSSL to simulate brute-force or invalid key This multi-feature design ensures that the system not only secures images but also validates their authenticity and resists potential security attacks, making it suitable for deployment in environments such as cloudbased medical archives or electronic health record systems.
Figure 5: System Design Results and Discussion The developed system was implemented successfully as a web-based application on Windows 11 using Python and Flask, with AES for image encryption.
Blowfish for key encryption.
SHA-256 for watermark verification, and SVD for watermark embedding.
The following subsections present the functional testing, security evaluation, and performance analysis of the system.
Functional Testing Functional testing was carried out to verify that each feature operated as expected.
Encryption consistently produced ciphertext files, decryption with valid keys restored the original images, and invalid keys failed to decrypt.
Watermark embedding and verification also functioned correctly, with the extracted watermark matching the original hash value.
Table 1: Functional Testing Results Expected Response System successfully performs encryption by uploading an image and receiving watermark.
AES key, and Blowfish key inputs.
System successfully generates .
bin file and AES key encrypted with Blowfish.
System successfully performs decryption bin file, encrypted AES key, and Blowfish key.
System successfully restores the original AES key and accurately verifies the hash.
System displays the entropy value of the encrypted file.
Actual Result Match Status Pass Match Pass Match Pass Match Pass Match Pass As shown in Figure 1, the encryption page provides the interface where users can upload MRI images, insert watermark text, and input AES and Blowfish keys.
The encryption result page (Figure .
displays the generated Nulhakim et al.
/ International Journal of Quantitative Research and Modeling.
Vol.
No.
3, pp.
364-376, 2025
encrypted image file in .
bin format along with the encrypted AES key in Base64, both of which can be downloaded by the user.
Meanwhile, the decryption page (Figure .
allows users to upload encrypted files and provide the required keys, and the decryption result page (Figure .
presents the recovered image together with the extracted watermark and SHA-256 hash verification.
These interfaces demonstrate that the system has successfully integrated encryption, decryption, and watermark verification in a user-friendly manner.
In addition, the entropy test page (Figure .
enables users to evaluate the randomness of encrypted files.
The calculated entropy values approached 00, indicating that the encrypted images were highly randomized and resistant to statistical attacks.
Figure 6: System interface for image encryption and watermark embedding Figure 7: Interface of encryption result page Figure 8: Interface of decryption page Nulhakim et al.
/ International Journal of Quantitative Research and Modeling.
Vol.
No.
3, pp.
364-376, 2025
Figure 9: Interface of decryption result page Security Testing Security evaluation was carried out through entropy analysis and penetration testing to validate the robustness of the proposed system against unauthorized access and statistical attacks.
1 Entropy Analysis Entropy was used to measure the randomness of the encrypted MRI images.
Table 2 summarizes the results of entropy measurement for six encrypted files.
The entropy values ranged from 7.
91 to 8.
00, very close to the theoretical maximum of 8.
00, which indicates that the encrypted data had high randomness and showed no exploitable This demonstrates that the combined use of AES and Blowfish encryption successfully concealed the original image structure and produced ciphertext resistant to frequency-based cryptanalysis.
Table 2: Entropy Analysis Image File Watermark File Size (KB) image_01.
image_02.
image_03.
image_04.
image_05.
image_06.
Encrypted Size (KB) Entropy Value Interpretation High randomness Near maximum randomness Near maximum randomness Near maximum randomness Near maximum randomness Near maximum randomness Figure 5 shows the entropy comparison between original and encrypted files, confirming that the encryption process increased entropy significantly.
Nulhakim et al.
/ International Journal of Quantitative Research and Modeling.
Vol.
No.
3, pp.
364-376, 2025
Figure 10: Entropy Analysis .
ncrypted MRI image.
2 Penetration Testing To further evaluate security, penetration testing was performed using OpenSSL by attempting to decrypt encrypted files with both valid and invalid keys.
As shown in Table 3, decryption with correct keys consistently restored valid raw images, while attempts with incorrect keys failed and produced the error message Aibad decryptAn.
This confirms that the system enforces strict key validation and does not leak any information to unauthorized users.
Table 3: Penetration Testing Nama File Nama Output enc_image_01.
bin dec_image_01.
enc_image_01.
bin dec_image_01.
enc_image_02.
bin dec_image_02.
enc_image_02.
bin dec_image_02.
enc_image_03.
bin dec_image_03.
enc_image_03.
bin dec_image_03.
enc_image_04.
bin dec_image_04.
enc_image_04.
bin dec_image_04.
enc_image_05.
bin dec_image_05.
enc_image_05.
bin dec_image_05.
enc_image_06.
bin dec_image_06.
enc_image_06.
bin dec_image_06.
Kunci ASCII abcdefgh12345678 .
unci abcd1234abcd1234 .
unci sandisangatsusah .
unci susahsandisangat .
unci B7e!x2@Y#pLm94Qw .
unci bena.
Qw94mLp#Y@2x!e7B .
unci sala.
zT*6R$1mVb8q@XoL .
unci bena.
XoL@q8bVm1$R6*Tz .
unci sala.
M9^yAz!o2#Ks7tPx .
unci Px7tKs#2o!zAy^9M .
unci qL#3rB@5nF8x!ZwV .
unci bena.
VwZ!x8Fn5@Br3#Lq .
unci sala.
Kunci Hexadecimal Figure 6 shows an example of a successful decryption using the correct key, while Figure 7 illustrates the failure message obtained when using an invalid key.
Nulhakim et al.
/ International Journal of Quantitative Research and Modeling.
Vol.
No.
3, pp.
364-376, 2025
Figure 11: Succesful Decryption (Correct Ke.
Figure 12: Failed Decryption (Invalid Ke.
Performance Testing Performance testing was conducted to evaluate how the proposed system performs in terms of speed and storage Since medical image applications demand not only high security but also responsiveness and resource efficiency, the evaluation focused on two aspects: the time required for encryption and decryption operations, and the changes in file size at different processing stages.
Both factors are essential to determine whether the dual-encryption and watermarking approach can be deployed in real-world scenarios without introducing excessive computational or storage overhead.
1 Processing Time Processing time was measured to assess how long the system takes to execute encryption and decryption on medical images of varying sizes.
Six MRI images ranging from 28 KB to 78 KB were processed through the complete pipeline, starting with watermark embedding, followed by AES-128 encryption of the watermarked image.
Blowfish encryption of the AES key, and finally the decryption stage to restore the watermarked file.
The duration of each operation was recorded using PythonAos time.
time() function, providing millisecond precision.
The results, as presented in Table 4, indicate that encryption times ranged between 66.
88 ms and 97.
44 ms, while decryption was consistently faster, taking between 9.
37 ms and 22.
51 ms.
On average, the system achieved an encryption speed of 82.
02 ms and a decryption speed of 13.
68 ms.
These results demonstrate that the proposed design maintains high efficiency, even when dealing with images that nearly double in size after watermark embedding.
Table 4: Processing Time Nama Gambar image_01.
image_02.
image_03.
image_04.
image_05.
image_06.
Ukuran Asli
87 KB
96 KB
96 KB
62 KB
49 KB
55 KB
Watermarked 09 KB
35 KB
71 KB
70 KB
51 KB
13 KB
Average Encrypted (.
Decrypted Encrypt Time Decrypt Time
11 KB
09 KB
28 ms
98 ms
36 KB
35 KB
96 ms
51 ms
72 KB
71 KB
33 ms
46 ms
72 KB
70 KB
21 ms
37 ms
52 KB
51 KB
44 ms
28 ms
14 KB
13 KB
88 ms 52 ms 02 ms 13,68 ms Nulhakim et al.
/ International Journal of Quantitative Research and Modeling.
Vol.
No.
3, pp.
364-376, 2025
From these findings, it can be observed that the AESAeBlowfish dual-encryption scheme introduces minimal computational overhead.
The additional Blowfish encryption of the AES key did not significantly impact the overall time, confirming the systemAos scalability.
Moreover, the decryption process was consistently faster than encryption, which is advantageous for real-world applications where retrieval of medical images is expected to be quick and Even at its peak, the encryption process completed in less than 100 ms, a threshold that is acceptable for cloud-based health record systems and telemedicine services where near real-time access is crucial.
2 Storage Efficiency In addition to speed, storage efficiency was analyzed by observing the file size changes at each processing stage.
The images were evaluated in four conditions: the original file, the watermarked image after SVD embedding, the encrypted binary file, and the decrypted result.
These measurements are summarized in Table 5.
Table 5: Storage Efficiency Nama Gambar image_01.
image_02.
image_03.
image_04.
image_05.
image_06.
Ukuran Asli
87 KB
96 KB
96 KB
62 KB
49 KB
55 KB
Watermarked 09 KB
35 KB
71 KB
70 KB
51 KB
13 KB
Average Encrypted (.
Decrypted Encrypt Time Decrypt Time
11 KB
09 KB
28 ms
98 ms
36 KB
35 KB
96 ms
51 ms
72 KB
71 KB
33 ms
46 ms
72 KB
70 KB
21 ms
37 ms
52 KB
51 KB
44 ms
28 ms
14 KB
13 KB
88 ms 52 ms 02 ms 13,68 ms The results show that watermark embedding caused the most significant increase in file size, often nearly doubling the original.
For instance, image_01 grew from 28.
87 KB to 57.
09 KB after watermark insertion, while image_06 expanded from 78.
55 KB to 150.
13 KB.
This is expected since the SVD embedding modifies the singular value matrix and introduces additional hash data derived from the watermark.
While this increase might be considered substantial in general image compression contexts, it remains acceptable within medical data storage environments, where preserving authenticity and integrity outweighs the demand for minimal storage size.
In contrast, the AES encryption stage introduced only a negligible increase of about 0.
01Ae0.
02 KB, which results from block padding to fit the AES encryption standard.
Importantly, once decrypted, the images returned exactly to their watermarked sizes without any loss or corruption.
This confirms that the encryptionAedecryption cycle preserves both the fidelity and the integrity of the data.
Taken together, the storage efficiency analysis demonstrates that while watermarking introduces some overhead, the encryption itself remains lightweight in terms of storage consumption.
This makes the proposed scheme feasible for large-scale applications, such as cloud-based medical archives or hospital imaging systems, where hundreds or thousands of images may be processed daily.
Compared to conventional single-encryption approaches, this system adds robustness and authenticity features without imposing significant storage costs, thereby achieving an effective balance between security and efficiency.
Conclussion Based on the experiments and analysis that have been conducted, this research successfully developed and evaluated a secure system for protecting digital medical images through a combination of double encryption and The functional tests confirmed that the system consistently performed all processes as intended, including watermark embedding.
AES-128 encryption of the image.
Blowfish encryption of the AES key, and accurate decryption to restore the original image and watermark hash.
Security evaluations further validated the robustness of the design: entropy analysis showed values ranging from 7.
99 to 8.
00, indicating that the ciphertexts exhibit strong randomness and resistance to statistical attacks, while penetration testing using incorrect keys consistently failed with Aibad decryptAn errors, proving that the system cannot be bypassed without valid credentials.
From a performance perspective, the system demonstrated high efficiency with an average encryption time of approximately 81 ms and a decryption time of about 13 ms, making it suitable even for real-time scenarios.
File size analysis revealed that the most significant increase occurred during the watermark embedding stage, which nearly doubled the original size.
however, the encryption itself introduced only negligible overhead of about 0.
01Ae0.
02 KB.
Importantly, the decryption process preserved both image quality and watermark integrity, ensuring that the extracted SHA-256 hash matched the original watermark.
Overall, the proposed system successfully meets the objectives of ensuring confidentiality, authenticity, and efficiency in digital medical image protection.
By integrating layered encryption with AES and Blowfish, watermarking through SVD, and integrity verification via SHA-256, the system offers a comprehensive and reliable Nulhakim et al.
/ International Journal of Quantitative Research and Modeling.
Vol.
No.
3, pp.
364-376, 2025
Compared to existing approaches that often focus solely on encryption or watermarking, this research provides a balanced method that addresses security, performance, and integrity simultaneously.
The results suggest that the proposed approach is not only effective but also practical for implementation in healthcare environments where the protection of sensitive visual data is paramount.
References