Medical image security and EPR hiding using Shamir's secret sharing scheme
Introduction
Processing and handling medical information by computers and sharing them over high-speed network infrastructure has become a common practice since wide deployment of low cost computing and networking hardware. Currently, medical text files and images are stored on disks of medical database systems for fast and reliable storage and retrieval. Besides, previously acquired images on films and written text are also digitized and archived for compatibility. Another motivation is to have complete medical information of patients available in one consistent application rather than on several information systems. Medical applications, such as telediagnosis, and teleconsultation require information exchange over an unsecure network. Protection of the integrity and confidentiality of medical images is an issue in the management of patients’ medical records. Confidentiality states that unauthorized parties should not be granted to access medical images during transmission. Integrity, on the other hand, implies that images should not be modified in any way during transmission.
Researchers proposed watermarking techniques and reported findings in the literature to satisfy both integrity and confidentially requirements (Shih and Ta Wu, 2005, Woo et al., 2005, Zhou et al., 2001, Chao et al., 2002, Luo et al., 2003, Giakoumaki et al., 2003, Cheng et al., 2005, Acharya et al., 2004, Nayak et al., 2004, Srinivasan et al., 2004, Anand and Niranjan, 1998, Coatrieux et al., 2006, Coatrieux et al., 2008, Osman et al., 2008, Acharya et al., 2003, Kallel et al., 2009, Memon et al., 2009) while hiding EPR in medical image to make it more usable. Both fragile and robust watermarking techniques are used for integrity control and EPR hiding.
Shih and Ta Wu (2005) proposed a robust technique embedding the watermark or textual data around the Region of Interest (ROI) of a medical image based on genetic algorithms in 2005. They embed the signature image and the fragile watermark into the frequency domain of non-ROI part of a medical image. Woo et al. (2005) used a multiple watermarking method that consists of an annotation part and a fragile part. Encrypted EPR can be embedded in an annotation watermark and tampering can be detected using a fragile watermark. Their method also adopted hash-block-chaining watermarking approach in the fragile watermarking to improve security. Zhou et al. (2001) presented a method that attaches digital signature and EPR into the medical image. Their method uses LSB replacing technique to embed the signature. Chao et al. (2002) proposed a secure data hiding technique based on the bipolar multiple-base conversion to allow a variety of EPR data to be hidden within the same mark image. The mark image could be the mark of a hospital used to identify the origin of an EPR. Their technique allows separation and restoration of hidden data by authorized users.
Luo et al. (2003) presented a lossless scheme for medical image processing. Their method provides relatively high data embedding rate and original image can be recovered distortion free. Giakoumaki et al. (2003) presented a wavelet based multiple watermarking approach. Their method addresses confidentiality protection and both origin and data authentication problems by using three separate watermarks: a robust watermark containing the doctor's digital signature for authentication, a caption watermark with patient's personal data, and a fragile watermark for the purpose of data integrity control.
Cheng et al. (2005) proposed a method for both record indexing and integrity protection of medical images. Hash result of the ROI is generated by Message Digest 5 (MD5) and embedded along with EPR into non-ROI parts of the medical image. Furthermore, their method is robust to some image processing attacks, cropping, sharpening, compression, and their combinations. Acharya et al. (2004) adapted watermarking for interleaving EPR with medical images during JPEG compression to reduce storage. Text files are encrypted using logarithmic technique and then interleaved in the frequency domain.
Nayak et al.’s method is based on the use of Error Correcting Codes (ECC) for reliable and robust transmission and storage of medical images with concealed patient information. EPR is coded with ECC to make it more robust to noise introduced during transmission. Their method shows that, ECC will correct the errors introduced in EPR but there is a limit for error correction. Srinivasan et al. (2004) used Bit-Plane Complexity Segmentation (BPCS) Steganography to hide medical records in color cervical images. Anand and Niranjan (1998) used LSB technique in spatial domain. Text file is encrypted using a log function. Their technique is very simple and runs very fast which makes it suitable when immediate diagnosis is required.
Coatrieux et al. (2006) focused on the complementary role of watermarking with respect to medical information security. Their work emphasized that watermarking enables a security layer at the information level providing authentication and traceability at the interface with security services in and between medical information systems. Coatrieux et al. (2008) emphasized that the ability to verify that the information belongs to the correct patient and is issued from the right source are major concerns. Their work combines an anonymized pivot number identifier with national patient identifiers to guarantee privacy and interoperability. Osman et al. (2008) proposed a novel approach to blind reversible data hiding based on integer wavelet transform in 2008. Encryption of EPR is done to provide additional security in their method. Acharya et al. (2003) adapted watermarking for interleaving patient information with medical images to reduce storage. The graphical signals are interleaved with the image. Their technique used error-correcting codes to enhance reliability of transmission and storage of medical images interleaved with patient information. Kallel et al. (2009) presented a project, which allows practitioners to use telecommunication technologies to provide early diagnosis. They proposed a reversible watermarking method used for integrity verification. They also evaluate medical image visual quality after watermark embedding.
Memon et al. (2009) proposed a method to embed the watermark information in non-ROI. Encryption of the embedded data is also done to provide additional security using of Bose–Chaudhuri–Hocquengham (BCH) in their method. Hu et al. (2010) proposed a new e-health security architecture that is contract oriented instead of session oriented which exists in most of the literature. Proposed HPKI (Hybrid Public Key Infrastructure) can be constructed from existing cryptographic technologies where various relevant security standards, tools and products are available.
In recent years, researchers used Steganography to hide EPR into medical image and used Cryptography to protect the confidentiality of the medical image (Srinivasan et al., 2004, Ho et al., 2004, Nayak et al., 2009, Li et al., 2005, Lou et al., 2009, Hu and Han, 2009). Lou et al. (2009) proposed a multiple-layer data hiding technique in spatial domain in 2009. Their work utilizes a reduced difference expansion method to embed the bit-stream in the least significant bits (LSBs) of the expanded differences. The original image can be restored after extracting the hidden data from the stego image. Another method proposed by Hu and Han (2009) makes use of a pixel based scrambling scheme to distribute the digital medical image in a secure way in 2009. Their scheme uses scrambling key derived from chaotic attractors to provide a good cryptographic strength. Their work aimed to transform the medical image into noise like image to protect the confidentiality of the image.
Secure storage and transmission is crucial in medical image security. However, recipient may copy and distribute patient's data to others not eligible to access patient's medical records. Disclosing information about a political leader's or high ranking military officer's health may cause undesirable effects and should be avoided at all costs as a government policy. Li et al. (2005) emphasized this issue in their work. Their work uses Image Adaptive Watermarking. The holder creates a broadcast image not suitable for diagnosis. Before the image can be used to diagnose an illness, a clinician must decode this image using his/her own watermark key. In their scheme, a trusted third party is in charge of the watermark key generation, distribution and update. Broadcast image looks like a medical image and has a low PSNR value. Their scheme distributes watermark keys to people in a multicast environment. In other words, one can sniff multicast messages, capture keys and view medical images. Their scheme does not consider hiding EPR in medical images.
Techniques mentioned above are designed for different requirements. Lou et al. (2009) used Steganography to hide the EPR in the medical image. Integrity and confidentiality of the medical image is not evaluated by their work. Hu and Han (2009) used Cryptography to transform medical images into noise like form to protect them. However, noisy images may attract malicious user's attention and EPR hiding is not considered. Li et al. (2005) provided a method to protect medical images against unauthorized release. However, broadcast images exhibit clues that they are medical images. EPR hiding is not taken into account in their scheme. In 2005, Ho et al. (2004) used fragile watermarking technique to authenticate the biomedical image. However, watermarked medical image has low PSNR values and EPR hiding is not considered. Nayak et al. (2009) proposed a method using reversible Steganography to hide EPR in medical images. Their method is not capable to prove the confidentiality and authenticity of the medical image. Besides, embedding capacity of their method is related to the number of pixels at the peak point of the medical image histogram.
Each method outlined above satisfies a set of different security requirements (confidentiality, authenticity, EPR hiding) for medical image sharing. A method will be proposed to ensure the secrecy of a medical image, which satisfies the following requirements.
- (i)
Electronic patient records should be hidden in medical images to reduce storage requirements and network bandwidth.
- (ii)
Shared medical image should look like a natural image and should not attract eavesdroppers’ attention (confidentiality).
- (iii)
A single person should not be allowed to diagnose political leaders or high-ranking military officers since it is not adequate to trust only one.
- (iv)
Recipient could authenticate received images to make sure that they are not modified in any way during transmission (authenticity).
The proposed secret medical image sharing method meets all four requirements listed above by using Shamir's secret sharing scheme (Shamir, 1979). Shamir proposed a method to partition a secret among a number of participants in 1979. His scheme is called (k, n) secret sharing scheme in the literature. A secret is divided among n participants. Each participant gets a piece of secret called share. If any k or more shares gather, the secret is revealed. Any number of shares less than k cannot be used to reveal the secret. Shamir's secret sharing scheme uses a polynomial approach. The secret is assumed to be the constant term of the polynomial. Evaluation of the polynomial for unique values of x yields share values. In 2002, Thien and Lin (2002) adapted Shamir's scheme in secret image sharing area. After this pioneer research, Lin and Tsai (2004) used Steganography to make shares look like natural images in 2004.
Medical images are shared among n participants in this work. Holder selects n natural cover images. After selection, Shamir's approach is used for partitioning the medical image into n noise like shares. EPR of the patient is also hidden in the shares at this step. Then Steganography is used to hide these shares into n natural cover images since noise like shares may draw eavesdroppers’ attention. Generated stego images look like cover images and do not attract attention since cover images are selected from natural images. Thus, images distributed to clinicians are not supposed do draw attention. If any k or more participants gather, the medical image can be revealed. In other words, at least k of the n clinicians must gather to evaluate the image and diagnose. It is assumed that at least k clinician is an adequate security measure to view the medical image to diagnose.
Thus, a novel biomedical image sharing mechanism is proposed to satisfy all security requirements mentioned above. The method generates shares with EPR hidden and saves an extra access to the patients’ database. Shares look like natural images and do not draw attention which keeps them confidential. At least a group of k people should gather to reveal a patient's medical image whose medical condition should be kept secret enforced by the government policy. In other words, participants do not have access to medical information unless they gather which reduces the probability of disclosure to unauthorized parties about patient's medical condition. Moreover, the revealing algorithm has a mechanism to check shares and indicates if they are modified by a participant or corrupted during transmission and is not authentic.
The outline of the paper is as follows. Some background information on Shamir's secret sharing scheme is given in Section 2. Section 3 describes the details of the proposed scheme used for sharing medical images. Section 4 shows the experimental results of the proposed method. The conclusions are given in Section 5.
Section snippets
Review of shamir's secret sharing scheme
Shamir proposed (k, n) threshold mechanism also called secret sharing scheme based on polynomial interpolation in 1979 (Shamir, 1979). Dealer constructs n shares denoted by (S1, S2, ⋯ , Sn), from a secret S. The dealer selects a large prime number p and a (k − 1) degree polynomial is constructed as in (1) to compute shares using the secret:
Coefficients of the polynomial (a1, a2, ⋯ , ak−1) are randomly selected from integers within the range [0, p). The dealer then
The proposed sharing scheme
Details of the proposed sharing scheme are given in this section. There are two sub procedures: partitioning and retrieving. Partitioning procedure consists of four phases. Initialization is the first phase and is used to determine unique x values for each participant. Thus, it eliminates the need to select unique x values and then distribute them over insecure networks. Medical image and EPR are partitioned into shares by sharing algorithm in the second phase. The length of the EPR that can be
Discussion and experimental results
Results of the tests performed to demonstrate the feasibility of the proposed scheme are reported in this section. The method outlined in this paper is tested by coding the algorithm in MATLAB 7.0 running on Windows XP Professional. Experiments performed on a Intel T5500 dual core processor with 2 GB of dual channel DDR2 memory equipped notebook computer.
A 12-bit depth gray level MR (magnetic resonance) image of size 256 × 256 shown in Fig. 4(a) is used as a test image and corresponding EPR of the
Conclusion
This paper presents a method that provides medical image sharing among clinicians based on Shamir's secret sharing scheme. The method prevents unintentional disclosure of medical information to those who are not allowed to access it. N clinicians share medical image and corresponding EPR information. Each clinician gets a natural looking stego image. Medical image and EPR can be recovered if any k of n gather, Thus before consultation, none of them has information about the patient whose
Acknowledgements
This research was supported by the Research Fund of Karadeniz Technical University (Project No. 2008.112.009. 1). The authors would like to thank the reviewers for their valuable comments.
Guzin Ulutas got her BSc and MSc in Computer Engineering at Karadeniz Technical University in 2002 and 2004 respectively. She worked as a research assistant in the Department of Computer Engineering at Ondokuz Mayis University from 2005 to 2009. She is pursuing a PhD degree in Computer Engineering Department at Karadeniz Technical University under the supervision of Dr. Vasif Nabiyev since 2007 where she became a lecturer in 2009. Her main research interests are steganography and secret image
References (35)
- et al.
Hiding data in images by simple LSB substitution
Pattern Recognition
(2004) - et al.
A pixel based scrambling scheme for digital medical images protection
Journal of Network and Computer Applications
(2009) - et al.
A hybrid public key infrastructure solution for HIPAA privacy/security regulations
Computer Standards & Interfaces
(2010) - et al.
Protecting patient privacy against unauthorized release of medical images in a group communication environment
Computerized Medical Imaging and Graphics
(2005) - et al.
Secret image sharing with steganography and authentication
Journal of Systems and Software
(2004) - et al.
Distortion-free secret image sharing mechanism using modulus operator
Pattern Recognition
(2009) - et al.
Multiple layer data hiding scheme for medical images
Computer Standards and Interfaces
(2009) - et al.
Robust watermarking and compression for medical images based on genetic algorithms
Journal of Information Sciences
(2005) - et al.
Secret image sharing
Computers and Graphics
(2002) - et al.
A new secret image sharing scheme to identify cheaters
Computer Standards & Interfaces
(2009)
Transmission and storage of medical images with patient information
Computers in Biology and Medicine
Simultaneous storage of patient information with medical images in the frequency domain
Computer Methods and Programs in Biomedicine
Watermarking medical images with patient information
Image Databases
A data-hiding technique with authentication, integration, and confidentiality for electronic patient records
IEEE Transactions on Information Technology in Biomedicine
Non-ubiquitous digital watermarking for record indexing and integrity protection of medical images
Cited by (92)
PHISS: Progressive and hierarchical image segmentation-sharing scheme
2022, Digital Signal Processing: A Review JournalA reversible extended secret image sharing scheme based on Chinese remainder theorem
2021, Signal Processing: Image CommunicationThree (t,n)-secret image sharing schemes based on homogeneous linear recursion
2021, Information SciencesHomomorphic transform-based dual image watermarking using IWT-SVD for secure e-healthcare applications
2020, Intelligent Data Security Solutions for e-Health ApplicationsA prediction error based histogram association and mapping technique for data embedment
2019, Journal of Information Security and ApplicationsCitation Excerpt :Cover information is not accessible in that distorted image. Such methods are useful when the cover contents are also secret [2,25]. The intentionally image distorting schemes destroy the information in the cover image while implanting data.
Natural share-based lightweight (n, n) single secret image sharing scheme using LSB stuffing for medical images
2023, Journal of Supercomputing
Guzin Ulutas got her BSc and MSc in Computer Engineering at Karadeniz Technical University in 2002 and 2004 respectively. She worked as a research assistant in the Department of Computer Engineering at Ondokuz Mayis University from 2005 to 2009. She is pursuing a PhD degree in Computer Engineering Department at Karadeniz Technical University under the supervision of Dr. Vasif Nabiyev since 2007 where she became a lecturer in 2009. Her main research interests are steganography and secret image sharing.
Mustafa Ulutas got her BSc in EE at Karadeniz Technical University in 1985. He earned both his MSc and PhD degrees in EE at Texas Tech University in 1991 and 1994 respectively. He joined the Department of Computer Engineering at Karadeniz Technical University as an assistant professor from 1994 to 2002. He then joined Ondokuz Mayis University where served as the chairman of the Computer Engineering Department until he moved back to the Department of Computer Engineering at Karadeniz Technical University in 2009. He is interested in computer hardware as well as information security.
Vasif V. Nabiyev received BSc. and MSc. degrees in the Faculty of Computing Technologies and Informatics from St. Petersburg Electrotechnical University in 1985, and a Ph.D. degree in the Department of Computer Science from Moscow Technical University in 1990. Then, in 2005, he received Professor degree in Computer Science Department from Karadeniz Technical University, Turkey, where he still lectures. He is currently the chairman of Department of Computer Engineering in Karadeniz Technical University. His research interests are in artificial intelligence, biometry, security, humancomputer interaction, image processing, natural language processing, operational research, discrete and applied mathematics, combinatorial algorithms, game theory, logic programming. He has published over 70 research papers, and authored three textbooks titled “Artificial Intelligence: Problems, Methods and Algorithms” (1st ed. 2003, 2nd ed. 2005, 3th ed. 2010), “Introduction of Algorithms” (2007) and, “Combinatorial Algorithms” (2007).