1

Special Topics in Security andPrivacy of Medical Information

Sujata Garera

Previous lecture DICOM

What is this ? Securing DICOM using cryptography

How does one achieve integrity andauthenticity ?

Hospital setting Producer and referring physician

External diagnostician

Intra-users

Extra-users

2

Hospital setting Broad Goals

Transfer file between external diagnosticianand referring physician through a trustworthychannel

Protect against malevolent header or imagemanipulations by unauthorized actors

Hospital Setting Guarantee link between name, date and

referring physician and image content Image has trusted header

Guarantee that the image content is notmodified

Guarantee that visualized images are trueimages

How should this beaccomplished ? Assume you have several cryptographic

primitives available to use

3

Hospital Setting

Hospital Setting Authenticate link between header and

image content H is header I is image file Send (H, I) , SHA(H,I)

Is that good enough ?

Hospital Setting Cryptography and PKI can be deployed to

secure communications to external entities Is that enough ? What about image data security before or after

the communication

4

Images could be modified

Image Security System Cao et al. Based on the concept of a digital envelope Assure integrity, authenticity,

confidentiality in a PACS environment

Digital Envelope Prior work has shown how to embed a

digital envelope in a mammogram A digital envelope includes a digital

signature of the image as well as decodedpatient information from the DICOMimage header Seal a message in a way that only intended

recipient can open it

5

Digital Envelope

Digital Envelope:Sending End

Digital Envelope:Recipient End

6

Data Embedding What are advantages of embedding DE in

the image over placing DE in DICOMheader ?

PACS system using DE

Shortcomings of thecryptographic method External communications

PKI needs to be establish Key management problems Compression settings may change

Would require reconstruction of link between the image andits header

Performance issues could arise Internal PACS image security system

DE is a CPU intensive process 40seconds to 2-3 mins depending on size of image

7

Watermarking Process of possibly irreversibly embedding

information into a digital signal Audio, video signal

Watermarking Steganography also has a similar objective

Watermarking, however requires that theinserted text remains hidden to anyunauthorized user and be resistant to anyattempt to suppress it

Properties Robustness

Fragile, semi-fragile and robust

Perceptibility

Capacity Zero bit, multiple bit

8

Requirements for medical imagewatermarking Reversible watermarking

It must be possible to recover the originalimage from the watermarked version

Limits the number of ways you can insert awatermark

Leads to defining regions of interest which areregions of the image that must be left intact

Alterations in regions of non-interest may betolerated

Requirements for medical imagewatermarking Integrity Control

Need to prove that images on which insuranceclaims are based have preserved their integrity

A start point of the integrity must be defined asa point of reference

Requirements for medical imagewatermarking Authentication

Authenticate different parts of the patient recordsparticularly the images

Images often identified by the information found in theheader file

Keeping a separate header file could lead to forgeries Embed the header information into the image Embed a digest of the header information into the image

9

Watermarking Spatial domain watermarking

Frequency domain watermarking

Watermarking Spatial domain

Embed the watermark into the least significant bits ofthe cover object

Sometimes the watermark may be embedded multiple timesdue to high capacity of channel

Drawbacks Additional noise or lossy compression is likely to defeat the

watermark Attack the LSB bits of each pixel thereby preserving the cover

object Watermark not robust

Watermarking Spatial domain

Iw(x,y) = I(x,y)+k*W(x,y) k is the gain factor Increase in k increases robustness at the

expense of quality

10

Watermarking Frequency domain

Discrete Cosine Transform Break the image into different frequency bands Watermark usually inserted in middle frequency

bands Insertion in middle frequency bands avoids interference

with important parts of image (low frequency) and resistsremoval through compression and noise attacks (highfrequency)

Watermarking Frequency domain

Discrete Cosine transform

Watermarking Zain et al. technique: embed watermark in

region of non interest

11

Watermarking Zain et al.

Compute a hash value of image Embed the hash value in the region of non

interest Embedding can be done by any pseudo random

function Note that RONI for ultrasound images is initially all

black I.e. pixel value is 0

Watermarking Zain et al.

Extract watermark bits Flip the watermark bits to 0 (original state) Compute hash value over image Compare to extracted watermark to

authenticate image

Watermarking Zain et al.

12

Watermark

Critiques of watermarking It actually does alter the integrity of the

image in inserting a watermark Defining an ROI can be difficult and hence

insertion may result in loss of clinicalinformation

Not yet accepted by the DICOM standard

This lecture Medical image security in a HIPAA

mandated PACS environment Reversible Region of Non Interest

Watermarking for Authentication ofDICOM images