special topics in security and privacy of medical...
TRANSCRIPT
1
Special Topics in Security andPrivacy of Medical Information
Sujata Garera
Previous lecture DICOM
What is this ? Securing DICOM using cryptography
How does one achieve integrity andauthenticity ?
Hospital setting Producer and referring physician
External diagnostician
Intra-users
Extra-users
2
Hospital setting Broad Goals
Transfer file between external diagnosticianand referring physician through a trustworthychannel
Protect against malevolent header or imagemanipulations by unauthorized actors
Hospital Setting Guarantee link between name, date and
referring physician and image content Image has trusted header
Guarantee that the image content is notmodified
Guarantee that visualized images are trueimages
How should this beaccomplished ? Assume you have several cryptographic
primitives available to use
3
Hospital Setting
Hospital Setting Authenticate link between header and
image content H is header I is image file Send (H, I) , SHA(H,I)
Is that good enough ?
Hospital Setting Cryptography and PKI can be deployed to
secure communications to external entities Is that enough ? What about image data security before or after
the communication
4
Images could be modified
Image Security System Cao et al. Based on the concept of a digital envelope Assure integrity, authenticity,
confidentiality in a PACS environment
Digital Envelope Prior work has shown how to embed a
digital envelope in a mammogram A digital envelope includes a digital
signature of the image as well as decodedpatient information from the DICOMimage header Seal a message in a way that only intended
recipient can open it
5
Digital Envelope
Digital Envelope:Sending End
Digital Envelope:Recipient End
6
Data Embedding What are advantages of embedding DE in
the image over placing DE in DICOMheader ?
PACS system using DE
Shortcomings of thecryptographic method External communications
PKI needs to be establish Key management problems Compression settings may change
Would require reconstruction of link between the image andits header
Performance issues could arise Internal PACS image security system
DE is a CPU intensive process 40seconds to 2-3 mins depending on size of image
7
Watermarking Process of possibly irreversibly embedding
information into a digital signal Audio, video signal
Watermarking Steganography also has a similar objective
Watermarking, however requires that theinserted text remains hidden to anyunauthorized user and be resistant to anyattempt to suppress it
Properties Robustness
Fragile, semi-fragile and robust
Perceptibility
Capacity Zero bit, multiple bit
8
Requirements for medical imagewatermarking Reversible watermarking
It must be possible to recover the originalimage from the watermarked version
Limits the number of ways you can insert awatermark
Leads to defining regions of interest which areregions of the image that must be left intact
Alterations in regions of non-interest may betolerated
Requirements for medical imagewatermarking Integrity Control
Need to prove that images on which insuranceclaims are based have preserved their integrity
A start point of the integrity must be defined asa point of reference
Requirements for medical imagewatermarking Authentication
Authenticate different parts of the patient recordsparticularly the images
Images often identified by the information found in theheader file
Keeping a separate header file could lead to forgeries Embed the header information into the image Embed a digest of the header information into the image
9
Watermarking Spatial domain watermarking
Frequency domain watermarking
Watermarking Spatial domain
Embed the watermark into the least significant bits ofthe cover object
Sometimes the watermark may be embedded multiple timesdue to high capacity of channel
Drawbacks Additional noise or lossy compression is likely to defeat the
watermark Attack the LSB bits of each pixel thereby preserving the cover
object Watermark not robust
Watermarking Spatial domain
Iw(x,y) = I(x,y)+k*W(x,y) k is the gain factor Increase in k increases robustness at the
expense of quality
10
Watermarking Frequency domain
Discrete Cosine Transform Break the image into different frequency bands Watermark usually inserted in middle frequency
bands Insertion in middle frequency bands avoids interference
with important parts of image (low frequency) and resistsremoval through compression and noise attacks (highfrequency)
Watermarking Frequency domain
Discrete Cosine transform
Watermarking Zain et al. technique: embed watermark in
region of non interest
11
Watermarking Zain et al.
Compute a hash value of image Embed the hash value in the region of non
interest Embedding can be done by any pseudo random
function Note that RONI for ultrasound images is initially all
black I.e. pixel value is 0
Watermarking Zain et al.
Extract watermark bits Flip the watermark bits to 0 (original state) Compute hash value over image Compare to extracted watermark to
authenticate image
Watermarking Zain et al.
12
Watermark
Critiques of watermarking It actually does alter the integrity of the
image in inserting a watermark Defining an ROI can be difficult and hence
insertion may result in loss of clinicalinformation
Not yet accepted by the DICOM standard
This lecture Medical image security in a HIPAA
mandated PACS environment Reversible Region of Non Interest
Watermarking for Authentication ofDICOM images