Upload
others
View
9
Download
0
Embed Size (px)
Citation preview
1
CHAPTER 1
INTRODUCTION
1.1 INTRODUCTION TO INFORMATION SECURITY
Due to the advancement of technology, each and every individual
and organizations can reach any individual or organizations worldwide, at any
given point or time in the world through internet without any geographic
boundaries or time of day. In healthcare there is a need for fast and quick
diagnosis of patient condition and discussion between physicians through
internet to make best decision about patient care. The recent advances in
information and communication technologies, which provide new means to
access, handle and move medical information, leads to compromise their
security due to their ease of manipulation and replication.
Medical information record of a patient comprises of clinical
examinations, diagnosis annotations, prescriptions, histological and other
findings and images. In the digital format they are centered in the Electronic
Patient Record (EPR) through which information is gathered over years by a
number of health professionals and used for various purposes. All patients
records, electronic or not, linked to the medical secrecy, must be confidential.
The digital handling of EPR on network requires a systematic content
validation which is aimed at quality control: actuality (precise interest of the
information at a given instant) and reliability (authentication of the origin and
integrity). Security of medical information, derived from strict ethics and
2
legislatives rules, gives rights to the patient and duties to the health
professionals which impose three mandatory characteristics (Ping et al. 2007):
Confidentiality means that only the entitled users, in the
normally scheduled conditions, have access to the
information.
Reliability which has two aspects; i) Integrity: the information
has not been modified by non-authorized people and ii)
Authentication: a proof that the information belongs indeed to
the correct patient and is issued from the correct source.
Availability is the ability of an information system to be used
by the entitled users in the normal scheduled conditions of
access and exercise.
1.2 DIGITAL WATERMARKING
Watermarking is the process in which meaningful information or
message is inserted into an image such a way that it is imperceptible to human
observer but easily detected by computer algorithm.
In general, the watermarking system discussed here consists of an
embedder and a detector, as shown in Figure1.1. The embedder takes two
inputs. One is the message that is to be encoded as a watermark and the other
is the cover image in which the watermark is to be embedded. The output of
the watermark embedder is typically transmitted or recorded.
3
Figure 1.1 A generic watermarking system
Cox et al. (2008) have proposed Watermarking is closely related to
the fields of information hiding and steganography. These three fields have a
great deal of overlap sharing many technical approaches.
Information hiding (or data hiding), refers to either making the
information imperceptible (as in watermarking) or keeping the existence of
the information as secret.
Cox et al. (2008) have proposed steganography is a term derived
from the Greek words steganos, which means “covered” and graphia, which
means “writing” It is the art of concealed communication and the very
existence of a message as secret.
The sudden increase in watermarking interest is most likely due to
the increase in concern over copyright protection of content. The internet is an
excellent distribution system for digital media because it is inexpensive,
eliminates warehousing and stock and delivery is almost instantaneous.
However, content owners also see a high risk of piracy.
Li & Memon (2007) have proposed digital watermarking consists
of three major components: watermark generator, embedder and detector as
shown in Figure 1.2.
Cover Image
WatermarkEmbedder
Watermark
WatermarkDetector
Detected WatermarkMessage
4
(a) Watermark generation
(b) Watermark embedding
(c) Watermark detection
Figure 1.2 Fundamental components of digital watermarking
A watermark generator generates desired watermark(s) for a
particular application, which are optionally dependent on some keys.
Watermarks are embedded into the object by a watermark embedder,
sometimes based on an embedding key. Whereas, a watermark detector is
WatermarkDetection
WatermarkedImage-data
Watermark
OriginalImage-data
EstimatedImage-data
WatermarkEmbedding
Watermark
OriginalImage-data
WatermarkedImage
EstimatedMessage
WatermarkGeneration
Message and/other image-data
OriginalImage-data
Watermark
5
responsible for detecting the existence of some predefined watermark in the
object. It is sometimes desirable to extract a message as well.
Cox et al. (2008) have proposed the first technology content that
attracts owners is cryptography. Cryptography is probably the most common
method of protecting digital content. It is certainly one of the best developed
as a science. The content is encrypted prior to delivery and a decryption key is
provided only to those who have purchased legitimate copies of the content.
The encrypted file can then be made available through internet but would be
useless to a pirate without an appropriate key. Unfortunately, encryption
cannot help the seller monitor, how a legitimate customer handles the content
after decryption. A pirate can actually purchase the product, use the
decryption key to obtain an unprotected copy of the content and then proceed
to distribute illegal copies. In other words, cryptography can protect content
in transit, but once decrypted, the content has no further protection. Thus,
there is a strong need for an alternative or complement to cryptography; a
technology that can protect content even after it is decrypted. Watermarking
has the potential to fulfill this need because it places information within the
content where it is never removed during normal usage. Watermarking has
been considered useful for copy prevention and copyright protection
applications.
1.2.1 Classification of Digital Watermarking
Watermarks can be classified according to their various
characteristics (Sadicoff 2004).
Perceptibility
A watermark can be automatically inserted in an image as noise and
utilize the perception masking capabilities of the human eye to make this
6
watermark just barely visible. It does not interfere with the image and can
only be perceived if the user concentrates on the watermark. This watermark
can be inserted in the image as a whole or on a non-intrusive corner, by some
modification. The most interesting advantage of this method is that it can be
automatically inserted. It blends with the image by raising or reducing the
brightness of a few pixels hence it is not easily removed by automatic
methods.
Fidelity
Most of the watermark applications intend to insert external
information on images without disturbing the original image perception.
Fidelity of a watermark is the characteristic that defines how close the
watermarked file is from the original data. It can be determined by
statistically averaging, throughout many images, the percentage of data that
remains the same when a watermark is inserted using the same method and
parameters.
Robustness
Image might be subject to many forms of distortions or alterations
before they reach the final user, especially if an attacker decides to try to
remove a watermark by performing a variety of transformations. In a typical
operation, an image might suffer contrast or brightness variations to enhance a
specific area, which itself is not illegal most of the times but might erase a
watermark whose insertion and deletion depends on color or brightness
coefficients.
The most robust solution for a watermark is to encode it in a
perceptually significant area. If this is perpetrated, any significant change in
the watermark that would affect either its detection or integrity which can
7
affect the integrity of the image, effectively reducing the image quality and in
most cases its usability. The watermark’s robustness becomes then directly
related to the document’s perception quality.
1.2.2 Watermarking Techniques
Miller et al. (1999) have proposed the watermarking techniques are
divided into two basic categories.
Spatial domain watermarking, in which the Least Significant
Bit (LSB) of the image pixels is replaced with that of the
watermark (authentication text). This method of spatial
domain watermarking is very susceptible to noise. A more
robust watermark can be embedded in the same way that a
watermark is added to paper. In this method, a watermark
symbol may be superimposed over an area of the picture and
then some fixed intensity value for the watermark is added to
the varied pixel values of the image. The resulting watermark
may be visible or invisible depending on the value of the
watermark intensity. The main disadvantage of spatial domain
watermarks is that the picture cropping can be used to
eliminate the watermark.
Frequency domain watermarking, in which the image is first
transformed to the frequency domain and then the low
frequency components are modified to obtain the
authentication text. Watermarking can be applied in the
frequency domain by applying transforms like Fast Fourier
Transform (FFT), Discrete Fourier Transform (DFT), Discrete
Wavelet Transform (DWT) and Discrete Cosine Transform
(DCT). Similar to spatial domain watermarking, in this
8
method the values of the chosen frequencies are altered from
the original to contain the watermark (authentication text).
Since high frequencies will be lost by compression or scaling,
the watermark signal is applied to the lower frequencies or
applied adaptively to frequencies that contain important
information of the original picture. Also, watermarks applied
to the frequency domain will be dispersed over the entirety of
the spatial image upon inverse transformation, hence this
method is not susceptible to defeat by cropping as the spatial
technique.
Watermarking in spatial and transform domains have different
advantages and disadvantages, which are shown in Table 1.1
Table 1.1 Advantages and disadvantages of watermarking in spatial
and transform domains
Types of processing Advantages Disadvantages
Spatial domain Comparatively simpleand faster operation
Vulnerable to compression,
geometric distortion, and
filtering
Transform domain Compression compatible,and robust against manygeometric distortions(e.g., rotation, scaling,translation, cropping) andfiltering
Comparatively higher
computational time and
complexity
The authentication of digital watermark-based approaches can be
classified as either fragile watermarking or semi-fragile watermarking. A
fragile watermarking can detect any possible modification of the pixel values.
9
On the other hand, semi-fragile watermarking can distinguish content-
preserving operations from malicious manipulations, e.g., addition or removal
of a significant element of the image.
1.2.3 Digital Watermarking versus other Security Measures/Tools
Nyeem et al. (2012) have proposed digital watermarking has some
unique advantages, although few existing security measures/tools may serve
its other objectives together. For example, encryptions, cryptographic hash
functions (e.g., Message Authentication Code (MAC), Digital Signature (DS)
etc.), perceptual hashing, etc. An extensive comparison among them based on
various key properties and requirements of medical image applications is
made and presented in Table 1.2.
1.2.4 Applications of Digital Watermarking
Digital watermarks have been broadly and successfully deployed in
billions of media objects across a wide range of applications (cox et al. 2008).
Document and image security
Content protection for audio and video content
Communication of ownership and copyrights
Broadcast monitoring
Locating content online
Content identification and management
Authentication of contents and objects
Rich media enhancement for mobile phones
Source tracking
10
11
12
13
1.3 SECURITY AND PRIVACY REQUIREMENTS IN
MEDICAL IMAGE
Medical image security is important when digital images and their
pertinent patient information are transmitted across public networks. One can
tamper the content of image evidence unscrupulously with Adobe Photoshop
as shown in Figure 1.3. For instance, it is possible to change an original
image with cancer to a new modified image. The original image is shown in
Figure 1.3 (a) and modified image is shown in Figure 1.3 (b).
Figure 1.3 (a) Original image (b) Modified image using Adobe
Photoshop 7.0
At present, Virtual Private Network (VPN) is used to protect the
integrity of patient records as a security measure. Mandates for ensuring
health data security have been issued by the federal government such as
Health Insurance Portability and Accountability Act (HIPAA), where
healthcare institutions are obliged to take appropriate measures to ensure that
patient information are provided it to the people who have a professional
need. Digital Imaging Communication in Medicine (DICOM) standards that
deal with security issues continues to be published by organizing bodies in
healthcare.
14
1.3.1 Medical Information Security Requirements
Medical information security requirements are generally defined by
the strict ethics and legislative rules of the security policy/profile and
concerned entities must adhere to them. There are many widely used
guidelines and standards for protecting personal health information.
Development and implementation of the security and privacy protection
services derived from the standards depends upon the model and its
concerned entities. Nyeem et al. (2012) have proposed the most common
model used in medical image transfer consists of three individual domains,
namely: i) host organization/hospital’s Picture Archiving and Communication
System (PACS) (domain A), ii) communication network (domain B) and ii)
consultant (domain C) as depicted in Figure 1.4. Therefore in medical images,
security concerns arise only from the domain A (e.g., from acquisition of
medical images to storing them in PACS of the same hospital). In an off-line
model the security domains are isolated and communication is made via
interfaces; whereas, in on-line communication with a remote consultant
allowing access to the local PACS services of the legacy system.
Figure 1.4 Model for medical image transmission
15
1.4 ADVANTAGES OF DIGITAL WATERMARKING FOR
MEDICAL IMAGE APPLICATIONS
Watermarking has received much attention recently for medical
image applications because of its various attractive attributes, which are listed
below (Ping et al. 2007):
Security and privacy: The fundamental and most attractive property of
watermarking is data hiding capability. The utmost confidentiality can be
maintained by hiding the private data into the images. Keeping necessary
medical information (e.g., EPR including demographic data, diagnostic
results, treatment procedures, region of interest etc.) hidden in medical
images may provide a better security against malicious tampering. Even that
is tampered intentionally or in an unintended manner, can be detected and
possibly recovered by using an appropriate watermarking scheme. Data
hiding, integrity control and authenticity can provide the required security of
medical images. For example, data-hiding objective of watermarking allows
inserting meta-data and other information so that the image is more useful or
easier to use. Integrity control objective of watermarking ascertains that the
image has not been modified in an unauthorized manner. Digital
watermarking allows permanent association of image content with proofs of
its reliability by modifying some image pixel values, independently of the
image file format. It can also operate in a stand-alone environment and has a
versatile message set. In addition, authenticity traces the origin of an image.
Avoiding detachment: The data hiding property of watermarking mentioned
above further facilitates annotation of necessary information to avoid
detachment. Millions of medical images are being produced in radiology
departments around the world, which have immense value to practicing
medical professionals, medical researchers, and students. Researches in this
field are being accomplished to embed patient data to medical images. If the
16
EPR and the images are separate, the chance of detachment of patient data
from the image becomes higher. Misplacing a data will be very crucial in the
case of medical image. In order to avoid this misplacing or detachment,
watermarking offers necessary data embedding within the image itself.
Indexing: Another benefit stems from data hiding capability of watermarking
is indexing, where relevant keywords or indices can be embedded into the
images and used for effective archiving and retrieval of the images from
databases .
Non repudiation: In tele-radiology, distribution of the watermarked images
between Hospital Information System (HIS) may cause non repudiation
problem, where both the involved parties (e.g., hospital personnel and
clinician) may repudiate that they did not send the data. Along with other
advantages, watermarking is also promising to support non repudiation in
various multimedia applications. Hence, use of a key based watermarking
system may facilitate non repudiation in tele-radiology such that both parties
could be in safer side; where key used by the hospital could be their logos or
digital signatures.
Controlling access: Provision for using keys in watermarking schemes
further provides an alternative to access control mechanism, where
confidential meta-data can be accessed with the proper authoritative rights
given in terms of keys.
Memory and bandwidth saving: Storage space and bandwidth requirements
are important decisive factor for small hospitals financial economy. The
memory for storage can be saved to a certain extent in HIS by embedding the
EPR in the image. On the other hand, huge amount of bandwidth is required
for the transmission of the image data. The additional requirement of
bandwidth for the transmission of the metadata can be avoided if the data is
17
hidden in the image itself. Since the EPR and the image can be integrated into
one, bandwidth for the transmission can be reduced.
1.5 OBJECTIVES AND APPLICATIONS OF
WATERMARKING FOR MEDICAL IMAGES
Popularity of internet has become a boon to patients and low capital
hospitals to utilize the facility to communicate with the clinicians for clinical
diagnosis purposes, where the security of medical images can presumably be
addressed to a considerable extent by inserting a properly selected additional
data into medical images through digital watermarking. A digital medical
image application is therefore one of the prospective target areas of using
digital watermarking. Studies show (Nyeem et al. 2012) that various
watermarking schemes can be used in medical images for i) origin
authentication ii) EPR annotation and iii) tamper detection and recovery of
medical images. Some important aspects of medical image watermarking
schemes for their different objectives are summarized below.
Origin authentication: Watermarking has received much interest in the
research for origin authentication of the medical images. The important
details can be stored in images imperceptibly, causing no harm to the ROI of
the images. This kind of brief descriptions can be hidden in images
immediately after the production of the images in the radiology departments.
This can be done by incorporating the watermarking in the different modality
machines namely, CT or MRI scanners. The database systems use the
mechanisms of granting and revoking privileges and of authorization control
to ensure the security of data with the permanent association of the
watermark. Observation suggests the following requirements for this type of
watermarking in tele-radiology (Nyeem et al. 2012):
i) The watermark should be invisible, blind and robust.
18
ii) Watermark should incorporate the minimum information
required for the origin authentication.
iii) Embedding process must consider the ROI and proper
validation of a watermarking scheme such that the permanent
association of the watermark is reliable and safe for diagnosis.
Tamper detection and recovery (integrity control): Medical images in
different radiological modalities such as x-rays, ultrasounds and Magnetic
Resonance Imaging (MRI) contain vital medical information and can be
tampered with existing image processing tools that are easily available. Thus,
their protection and authentication seems of great importance and this need
will rise along with the future standardization of exchange of data between
hospitals, or between patients and doctors. Integrity of a medical image can
be achieved in three levels
i) Tamper detection
ii) Tamper localization
iii) Possible recovery by approximating the tampered region.
In order to achieve this along with the requirements of medical
image needs a watermark to be
i) Fragile and blind
ii) Reversible or RONI embedding based.
Hence, fragile watermarking help locate the tampered region with
its fundamental property that a watermark becomes invalid for any malicious
or un-intentional modifications in the watermarked image.
19
If the origin authentication of a medical image is achieved by the
robust watermarking, fragile reversible watermarking (in the form of multiple
watermarking) can further locate and possibly recover any tampered region of
the watermarked image. This will allow the system to control the integrity as
well as authentication.
1.6 OBJECTIVES OF THE THESIS
The objectives of this research work are:
i) To develop a watermarking technique with hidden ROI that
maintains data integrity with secure transmission of images
from examination site to expert center.
ii) To improve the developed watermarking technique with
modified sub band in cat map and logistic map.
iii) To test the robustness and image quality of the developed
watermarking technique against various types of attacks.
1.7 ORGANISATION OF THE THESIS
The work reported in the thesis is organized into five chapters:
Chapter 1 gives an overview of watermarking, as well as on its
requirements, classification, applications and a categorization of attacks on
watermarking techniques.
Chapter 2 discusses literature review on Digital Imaging
Communication in Medicine image, watermarking and their application in
medical images, cryptography, reference watermarking scheme and image
tiling.
20
In Chapter 3 describes a new watermarking scheme hiding the DS
which include patient data embedded randomly into the LSB border of the
image. The DWT of ROI - Most Significant Bit (MSB) embedded into the
LSB middle of the image. The Result shows the ability to hide and retrieve
DS in RONI, while ROI, the most important area for diagnosis, is retrieved
exactly at the receiver side.
A novel method is proposed for hiding ROI and patient details into
tiled RONI of encrypted medical image using stream cipher. Experimental
results demonstrate that the proposed scheme can embed a large amount of
data while keeping high visual quality of test images.
A new method by decomposing cover image using WPT and then a
reference image is created by shuffling the positions of pixels using cat map.
For embedding, modify the singular values of reference image with singular
values of ROI bit plane. Finally, a reliable ROI is extracted from the
transmitted image. The feasibility of this method depends on number of
iteration in cat map and number of wavelet packet decomposition.
Another framework to hide ROI is proposed using WPT. The
original cover image is transformed into wavelet packet domain and the
robust sub band of wavelet packet domain singular values is modified with
singular values of ROI. The modified sub band is applied with cat map and
logistic map to increase the security of the algorithm. The watermark image is
obtained by reconstructing the wavelet packet transform with modified sub
band. Experimental result shows the robustness of this algorithm with various
types of attacks.
A novel robust and secure method for hiding ROI is proposed in
frequency domain using singular value decomposition and chaotic maps. The
region of interest is then transformed into frequency domain and a reference
21
image is formed by using cat map. The original image is divided into tiles.
The centre tile is chosen for watermark embedding. Embedding in the centre
tile enhances robustness than the other tiles. Watermark is then embedded
into the original image by modifying singular value of reference image using
the singular value of the centre tile of the original image. The security of the
scheme depends on transmission of reference image. The security of
reference image is enhanced using logistic map. The feasibility of this method
and its robustness against different kind of attacks are verified by computer
simulations and experiments.
Chapter 4 focuses on the results and discussion, finally conclusion
from analysis are presented with future perspective in Chapter 5.