security.The DE, including the digital signature of the image as well as .... The Advanced Encryption Standard (AES)[10] specifies a FIPS (Federal Information.
DICOM Image Authentication and Encryption Based on RSA and AES Algorithms A. Kannammal and S. Subha Rani Department of Electronics and Communication Engineering, PSG College of Technology, Coimbatore, Tamilnadu, India {aks,ssr}@ece.psgtech.ac.in
Abstract. Significant advancements in information and communication technologies have made remarkable developments in many fields including healthcare delivery and medical data management. Digital watermarking and encryption techniques have been used to increase medical image security, confidentiality and integrity in addition to conventional network security protection.The work mainly focuses on the DICOM images, DICOM has been an Universal Standard for secured communication of Medical Images over networks. The Digital Envelope method is used to assure data integrity and security.The DE, including the digital signature of the image as well as encrypted patient information from the DICOM image header, can be embedded in the background area of the image as an invisible permanent watermark The watermarked image is then encrypted using AES and RSA algorithms.The encrypted images are then tested with common attacks and the quality measures such as PSNR, correlation coefficient and TAF are calculated to evaluate the behaviour of the algorithms. Keywords: DICOM, Digital Envelope, Encryption, correlation co efficient.
1
Introduction
Significant advancements in information and communication technologies have made remarkable developments in many fields including healthcare delivery and medical data management. Complementary solutions are needed to meet the new challenges regarding security of the widely distributed sensitive medical information. Digital watermarking and encryption techniques have been used to increase medical image security, confidentiality and integrity in addition to conventional network security protection. The work mainly focuses on the DICOM images, since DICOM has been an Universal Standard for secured communication of Medical Images over public networks. The Digital Envelope (DE) method is used to assure data integrity [1] and security.The DE, including the digital signature (DS) of the image as well as encrypted patient information from the DICOM image header, can be embedded in the background area of the image as an invisible permanent watermark. The Digital Signature is generated by encrypting the hash value of the image. The watermarked image is then encrypted[2] using AES and RSA algorithms to enhance the security S.G. Ponnambalam et al. (Eds.): IRAM 2012, CCIS 330, pp. 349–360, 2012. © Springer-Verlag Berlin Heidelberg 2012
350
A. Kannammal and S. Subha Rani
during transmission.The encrypted images are then tested with common attacks and the quality measures such as PSNR and TAF are calculated to evaluate the behaviour of the algorithms.. The performance of AES and RSA algorithms are analysed based on the histograms, correlation coefficients and key strength. On comparison AES proves to be the best. At the receiver side, the encrypted image is decrypted and the Digital Envelope is extracted from the decrypted image. From DE, Digital Signature and the patient information are retrieved. The comparison of the original signature with the extracted signature and the patient information with image header verifies the authenticity of the image. The proposed algorithm offers solution for certain issues associated with medical data management and distribution [3]. The experimental results on different encryption techniques demonstrate the efficiency and transparency of algorithms.
2
Proposed Methodology
2.1
Watermark Embedding
The concept of DE is that someone can ‘seal’ a message (DS plus patient information) in such a way that no one other than the intended recipient can ‘open’ the sealed message. The DE method can be revamped as a general method to assure data security for communication of medical images over public networks. This part includes five major steps as follows in Fig 1.
Input Image
Image Segmentati on
Image Digest and signature
Embedding Digital Envelope
Encryption RSA/AES
Fig. 1. Black Diagram of Proposed Methodology
2.1.1 Image Segmentation Image pre-processing consists of background removal and segmentation. The image is first segmented with background removed or cropped by finding the minimum rectangle that covers the image object. In this step, the idea is to segment only the content within the image required for Digital Signature. This is also done in order to speed up the image digest process and to allow a region outside of the image object for data embedding. In background removal, foreign objects that do not belong to the images will be automatically removed. 2.1.2 Image Digest and Signature Digital signature identifies the signer and ensures the integrity of the signed data. It is a bit stream, generated by a mathematical algorithm and is a unique representation of
DICOM Image Authentication and Encryption Based on RSA and AES Algorithms
351
the data. If one were to change just one bit in the data stream, the corresponding signature would be different. To create a DS for the image, the sender first computes a condensed representation of the image known as an image hash value (or image digest). The digest is then encrypted using the sender’s private key to create the DS. It should be noted that only the digest instead of the image itself is encrypted. This makes sense because the actual image can be very large and public key operations can be extremely slow. Steps to generate image digest, Step 1: Resize the segmented image to 8X8 block. Step 2: Find the mean value of all 64 pixels. Step 3: Each pixel is converted to a bit on comparison with mean value. i.e. if pixel value is less than mean value, replace it by a bit 0 else by bit 1. Step 4: Convert these 64 bits to an equivalent hexadecimal value. Step 5: This hexadecimal value consisting of 16 bytes represents the image digest.
2.1.3 Digital Envelope Digital Envelope is the wrapped (sealed) bulk data. This DE method is used to assure data integrity and security. The DE, including the digital signature (DS) [4, 5] of the image as well as encrypted patient information from the DICOM image header, can be embedded in the background area of the image as an invisible permanent watermark. The DE generated in this way ensures not only the privacy of data, but also the image authenticity and the integrity that are the features passed on from the image signature wrapped with it The DE with the image signature and patient data wrapped with it provides an effective tool to ensure image security in a PACS environment. 2.1.4 Data Embedding Data embedding is a form of steganography that conceal the DE [5] in the image so that the visual quality of the image is not perceptually affected. The obtained DE is converted to a bit data stream. Then the data bit stream is embedded in the background outside the minimum rectangle that encloses the image. In this work, the rows with odd numbers contain the DE values from corresponding odd numbered positions. Similarly, the rows with even numbers contain the DE values from corresponding even numbered positions. This embedded DE acts as a permanent invisible watermark [6, 7]. This provides the image integrity since the watermark does not affect the original part which contains the required information. 2.2
Encryption
The embedded image is encrypted [8] before sending via the public networks to enhance the security. The encryption techniques used here are RSA and AES
352
A. Kannammal and S. Subha Rani
algorithms, out of which the former belongs to the asymmetric cryptography and the latter to the symmetric cryptography. In RSA algorithm, the image is encrypted using the receiver’s public key and then sent to the network. In AES algorithm, the image is divided into blocks and each block is passed through certain number of rounds (depends on the key size) after which the encrypted values of block are obtained. The performance comparison between the two algorithms is done based on various issues. 2.2.1 RSA Algorithm RSA algorithm involves 1.Key generation 2.Encryption 3.Decryption Key generation : In a nutshell key generation is given as, Select random prime numbers p and q, and check that p != q Compute modulus n = pq Compute Φ(n)= (p - 1)(q - 1) Select public exponent e, 1 < e < Φ(n) such that gcd (e, Φ(n)) = 1 Compute private exponent d = phi*k+1 mod e Public key is {n, e}, private key is d.
Decryption
Segmentation
Signature Extraction
Integrity check
Fig. 2. Integrity check
Encryption RSA [9] Encryption is done always with public key. The message to be encrypted is represented as number m, 0 < m < n - 1. If the message is longer it needs to be spitted into smaller blocks. Then compute c, c=
mod n
Where e and n are the public key, m is the message block, message.
(1) c is the encrypted
Decryption The private key d is used to decrypt messages. Compute m=
mod n
Where n is the modulus (from public key) and d is the private key.
(2)
DICOM Image Authentication and Encryption Based on RSA and AES Algorithms
353
2.2.2 AES Algorithm The Advanced Encryption Standard (AES)[10] specifies a FIPS (Federal Information Processing Standard) approved cryptographic algorithm that can be used to protect electronic data. AES algorithm is a symmetric block cipher that can encrypt (encipher) and decrypt (decipher) information. Encryption converts data to an unintelligible form called cipher text, decrypting the cipher text converts the data back into its original form, called plaintext. This algorithm is capable of using cryptographic keys of 128, 192, and 256 bits to encrypt and decrypt data in blocks of 128 bits 2.3
Image Decryption and Authentication
During reception, the image received is needed to be verified for integrity and authenticity since the diagnosis entirely depends on the received image. This is done by the following procedures are shown in Fig 2. 2.3.1 Decryption Decryption involves the reverse process of encryption. In case of RSA algorithm, the image is decrypted using receiver’s private key. This key is secret and only the person with this key can unwrap it. In case of AES, the received image is divided into 4X4 blocks and passed through certain number of rounds as in the case of encryption. The resultant value forms the decrypted image 2.3.2 Segmentation The decrypted image is then segmented into two parts, the background of the image which contains scrambled DE and the image object which contains the exact original information. The minimum rectangle containing the original image is formed to do this segmentation process 2.3.3 Signature Extraction From the background, (i.e outside the rectangle) the scrambled DE is obtained. The Digital Envelope is then used to extract the digital signature and patient information. The signature is then decrypted using sender’s public key to obtain the hash value computed by the sender. Also the hash value for the received image inside the rectangle is computed with the same algorithm. 2.3.4 Integrity Check The two hash values thus obtained are compared to verify the integrity. This is due to the fact that the mechanism of obtaining the hash is designed in such a way that even a single data bit change in the input string would cause the hash value to change drastically. If the two hash values are the same, the receiver (or any other party) has the confidence that the image had been signed off by the owner of the private key and that the image had not been altered after it was signed off. Thus, it assures the image integrity. Also the patient information extracted[11] from DE can be compared with image header to verify authenticity.
354
2.4
A. Kannammal and S. Subha Rani
Quality Measure of Proposed Algorithm
Any algorithm should be evaluated on basis of certain quality measures. In this method two quality measures are used for DE embedded image ,they are Peak Signal to Noise Ratio (PSNR) and Tamper Assessment Factor (TAF).Another two messages were used for encryption algorithms, they are histogram analysis and correlation coefficient 2.4.1 Peak Signal to Noise Ratio (PSNR) PSNR is the ratio between the maximum possible power of a signal and the power of corrupting noise that affects the fidelity of its representation. It is most easily defined via the mean squared error (MSE) for which two M×N images f and z where one of the images is considered a noisy approximation of the other is defined as
MSE =
1 M×N
M −1 N −1
( f (x, y ) − z (x, y ))
2
(3)
x =0 y =0
The PSNR is defined as:
PSNR = 10 × log 10
MaxBits 2 dB MSE
(4)
Here, MaxBits is the maximum possible pixel value of the image. When samples are represented using B bits per sample, MaxBits is 2B-1. 2.4.2 Tamper Assessment Factor(TAF) It gives the difference between the actual embedded watermark and the reconstructed watermark. It is given by the expression
~) = TAF (w , w
1 M ×N
M −1 N −1
w (x , y ) ⊕ w~ (x , y )
(5)
x =0 y =0
~ - reconstructed where M , N - dimensions of the image, w - embedded watermark, w watermark The value of TAF ranges between zero and one. 2.4.3 Histogram Analysis A histogram is a function that counts the number of observations that fall into each of the disjoint categories. In performance analysis, the histogram of original image and encrypted image are taken and compared. The one with the most variation in histogram proves to be the best. 2.4.4 Correlation Coefficient Correlation between two images refers to the similarity in them. The similarity aspect is often expressed mathematically in terms of correlation coefficient. In this work the
DICOM Image Authentication and Encryption Based on RSA and AES Algorithms
355
similarity between original image and encrypted image is measured and the one with less correlation coefficient proves to be the best since the chance of resemblance is less
(Xi
r =
(Xi
)(Yi − Ym )
− Xm
i
) (Yi − Ym ) 2
− Xm
i
(6)
2
i
Where Xi is the intensity of a pixel in an image 1, Yi is the intensity of a pixel in an image 2Xm is the mean intensity of image 1,Ym is the mean intensity of image 2. 2.5
Testing for Various Attacks
The water marking procedure was done for two radiological images with different anatomy. The effect of various commonly occurring attacks like Modification, Rotation and cropping, Brightness and Contrast adjustment, noises, was observed. The various attacks for which the authentication effects were observed are listed below. Table 1.
Hash values segmented image Key
values
used
for
used
for
Image I 3 12 7 14 7 15 7 14 7 14 7 12 0 0 0 0 Sender’s private key: 7
Image 2 0 0 3 14 7 14 7 14 7 14 3 12 0 0 0 0 Sender’s private key: 7
Sender’s public key: 23 130 177 182 108 182 108 182 108 182 108 130 177 0 0 0 0
Sender’s public key: 23 0 0 130 108 182 108 182 108 182 108 182 108 130 177 0 0
generating DS:
Digital Signature obtained by encrypting hash value using sender’s private key: Patient Id from header: Digital Envelope:
Key values used for RSA Algorithm
Cipher key used for AES algorithm
1
2
3
5
6
5
1
130 177 182 108 182 93 182 108 182 108 182 177 0 0 0 0 1 2 3 5 6 5 Receiver’s private key: 3,Receiver’s public key: 587,n=943 p=23 q=41 60 3D EB 10 15 71 BE 2B 73 AE 85 7D 77 81 1F 35 07 3B 61 08 D7 98 10 A3 09 14 DF
CA F0 2C 2D F4
2
3
8
6
7
0 0 130 108 182 108 182 108 182 108 182 108 130 177 0 0 1 2 3 5 6 5 Receiver’s private key: 3Receiver’s public key: 587n=943 p=23 q=41 60 CA AE 1F 08 09
3D EB 10 71 BE 2B F0 85 7D 77 35 2C 07 3B D7 2D 98 10 14 DF F4
15 73 81 61 A3
356
A. Kannammal and S. Subha Rani
3
Results and Discussion
The Digital envelope are generated from the images and encrypted and embedded in the images and then they encrypted by RSA or AES algorithms .he values which are used for this algorithms are tabulated in table 1The results were obtained for two image and they are tabulated in Table 2.Fig3.shows the Histogram of the original image, RSA encrypted image, AES encrypted image Using this histogram plot and correlation coefficient values the two encryption algorithms were compared and tabulated in Table.3. Table 2. Output Images Sl. no
Image 1 1 Original Image
2 Cropped Image
3 DE embedded Image
Image 2
DICOM Image Authentication and Encryption Based on RSA and AES Algorithms Table 2. (Continued) 4 RSA encrypted image
5 AES encrypted Image
6 Decrypted image
(a)
(b)
(c) Fig. 3. Histogram of the (a) original Image, (b) RSA encrypted and (c) AES encrypted
357
358
A. Kannammal and S. Subha Rani Table 3. Comparison of RSA and AES Algorithms
Parameter
RSA Algorithm
AES Algorithm
Nature of encryption
Asymmetric
Symmetric . Key exchange problem occurs.
Key
Fragile
Strong
Security
Less secure. Brute force attack is possible.
More secure.
0.2246
0.1590 Highly uncorrelated.
Correlation coefficient
From the correlation coefficient, it is clear that AES encrypted image differs a lot from the original image compared to RSA encrypted image since the value is less for AES. From the histogram, it is understood that AES encrypted image histogram shows large variations from the original histogram compared to RSA. Though AES undergoes key exchange problem, this algorithm proves to be the best. But the safe transmission of cipher key is required. Then the encrypted images were analyzed with different attacks. After decrypted image shows the different attacks which is made on the encrypted image and then their PSNR and TAF values are calculated and tabulated in table.4. Table 4. Different attacks and its PSNR and TAF values Type Attack/Modificat ion
IMAGE 1
Horizontal
PSNR (decibel) 18.2459
Vertical
17.5648
Flipping
Average Filtering
22.9454
Gaussian Filtering
28.0362
Salt and pepper noise
Density= 10%
44.7370
Density=25%
36.2580
Density=50%
30.4454
IMAGE 2 TAF
2.5406 e006 2.4429 e006 2.0736 e006 5.4135 e-006 7.5856 e007 1.9250 e006 3.7858 e006
PSNR (decibel) 19.5924
TAF 2.3418e-006
16.8924
2.4545e-006
23.6168
2.2149e-006
29.0594
5.5928e-006
44.9570
7.5786e-007
36.9509
1.8964e-006
31.0193
3.8124e-006
DICOM Image Authentication and Encryption Based on RSA and AES Algorithms
359
Table 4. (continued) Rotation for whole image
Rotation Contrast adjustment
4
Angle=45°
26.2196
Angle=90°
4.1840
Angle=180°
42.5587
Angle=270°
46.3432
Part of image
77.5498
Top left
48.2854
3.3269 e006 4.4974 e006 4.8894 e007 4.4974 e006 9.3132 e010 6.1467e-008
28.0539
3.4003e-006
36.9331
4.4364e-006
58.0401
3.7672e-007
37.4214
4.4364e006
90.3707
9.3132e-010
47.2693
1.2293e-007
Top right
46.2341
5.9614e-008
48.2934
1.2852e-007
Bottom left
45.3743
5.9139e-008
44.7324
6.6357e-008
Bottom right
49.8594
6.2674e-008
54.6143
6.8685e-008
Conculsion
The scheme proposed here is encryption and authentication of dicom images based on RSA and AES algorithms. The image based Digital Envelope concept provided image security. Encryption after watermarking enhanced the security before transmission. It is very difficult for hackers to retrieve patient information from the encrypted image while transmitting over public networks. The patient information is retrieved from the image during reception. The image cannot be decrypted if it is subjected to attacks such as average filtering, Gaussian filtering and rotation about 45 degrees and can be decrypted for other attacks. The PSNR and TAF values are calculated for all attacks. These quality measures evaluate the security of algorithms. The digital signature verification helps out in finding the tampered image since the signature obtained during reception is not same as the originally generated signature if tampered. The histogram analysis of the both the RSA and AES encrypted dicom image with the original dicom image shows that the image encrypted using AES algorithm is highly uncorrelated with the original image. The Key used in AES algorithm is stronger than the key used in RSA algorithm. Conclusions were drawn from the above analysis that AES algorithm provides more security than RSA algorithm but AES requires safe transmission of cipher key.
References 1. Kobayashi, L.O.M., Furuie, S.S., Barreto, P.S.M.: Providing Integrity and Authenticity in DICOM Images: A Novel Approach. IEEE Transactions on Information Technology in Biomedicine 13(4) (July 2009)
360
A. Kannammal and S. Subha Rani
2. Sreerama Murty, M., Veeraiah, D., Srinivas Rao, A.: Digital Signature and Watermark Methods For Image Authentication using Cryptography Analysis. Signal & Image Processing: An International Journal (SIPIJ) 2(2) (June 2011) 3. Puech, W., Rodrigue, J.M.: A New Crypto-Watermarking Method For Medical Images Safe Transfer. International Journal of Medical Informatics 64, 429–438 (2001) 4. Piao, C.-R., Woo, D.-M., Park, D.-C., Han, S.-S.: Medical Image Authentication Using Hash Function and Integer Wavelet Transform. In: 2008 Congress on Image and Signal Processing (2008) 5. AI-Gindy, A.: A Fragile Invertible Watermarking Technique for the Authentication of Medical Images, pp. 191–195. IEEE (2011) 6. Giakoumaki, Pavlopoulos, S., Koutsouris, D.: Secure efficient health data management through multiple watermarking on medical images. Med. Biol. Eng. Comput. 44, 619–631 (2006) 7. Coatrieux, G., Montagner, J., Huang, H., Roux, C.: Mixed reversible and RONI watermarking for medical image reliability protection. In: IEEE Int. Conf. Eng. Med. Biol. Soc (EMBS), pp. 5653–5656 (2007) 8. Cao, F., Huang, H.K., Zhou, X.Q.: Medical image security in HIPAA mandated PACS environment. Computerized Medical Imaging and Graphics 27, 185–196 (2003) 9. Zhou, X.: Research and Implementation of RSA algorithm for encryption and decryption. In: 2011 6th International Forum Strategic Technology (IFOST), August 22 (2011) 10. Karthigai Kumar, P., Rasheed, S.: Simulation of Image Encryption using AES encryption. In: IJCA Special Issue on Computational Science-New Dimensions and Perspectives NCCSE (2011) 11. Acharya, U.R., Bhat, P.S., Kumar, S., Min, L.C.: Transmission and storage of medical images with patient information. Compt. Biol. Med. 33, 303–310 (2003)