|Views: 278|Likes: 1

Published by Editor IJACSA

Digital Imaging and Communications in Medicine (DICOM) is a standard for handling, storing, printing, and transmitting information in medical images. The DICOM file contains the image data and a number of attributes such as identified patient data (name, age, insurance ID card,…), and non-identified patient data (doctor’s interpretation, image type,…). Medical images serve not only for examination, but can also be used for research and education purposes. For research they are used to prevent illegal use of information; before authorizing researchers to use these images, the medical staff deletes all the data which would reveal the patient identity to prevent patient privacy. This manipulation is called anonymization. In this paper, we propose a reversible anonymization of DICOM images. Identifying patient data with image digest, computed by the well-known SHA-256 hash function, are encrypted using the proposed probabilistic public key crypto-system. After compressing the Least Significant Bit (LSB) bitplan of the image using Hofmann coding algorithm, the encrypted data is inserted into a liberated zone of the LSB bitplan of the image. The proposed method allows researchers to use anonymous DICOM images and keep to authorized staff -if necessary- the possibility to return to the original image with all related patient data.

Digital Imaging and Communications in Medicine (DICOM) is a standard for handling, storing, printing, and transmitting information in medical images. The DICOM file contains the image data and a number of attributes such as identified patient data (name, age, insurance ID card,…), and non-identified patient data (doctor’s interpretation, image type,…). Medical images serve not only for examination, but can also be used for research and education purposes. For research they are used to prevent illegal use of information; before authorizing researchers to use these images, the medical staff deletes all the data which would reveal the patient identity to prevent patient privacy. This manipulation is called anonymization. In this paper, we propose a reversible anonymization of DICOM images. Identifying patient data with image digest, computed by the well-known SHA-256 hash function, are encrypted using the proposed probabilistic public key crypto-system. After compressing the Least Significant Bit (LSB) bitplan of the image using Hofmann coding algorithm, the encrypted data is inserted into a liberated zone of the LSB bitplan of the image. The proposed method allows researchers to use anonymous DICOM images and keep to authorized staff -if necessary- the possibility to return to the original image with all related patient data.

See More

See less

(IJACSA) International Journal of Advanced Computer Science and Applications,Vol. 3, No.4, 2012

76 |Page www.ijacsa.thesai.org

Reversible Anonymization of DICOM Images usingCryptography and Digital Watermarking

Youssef ZAZ*

Department of Computer SciencesFaculty of Sciences, Abdelmalek Essaadi UniversityTetuan, Morocco

Lhoussain ELFADIL

FPOIbn Zohr UniversityOuarzazate, Morocco

Abstract

—

Digital Imaging and Communications in Medicine(DICOM) is a standard for handling, storing, printing, andtransmitting information in medical images. The DICOM filecontains the image data and a number of attributes such as

identified patient data (name, age, insurance ID card,…), and

non-

identified patient data (doctor’s interpretation, imagetype,…). Medical images serve not only for examination, but can

also be used for research and education purposes. For researchthey are used to prevent illegal use of information; beforeauthorizing researchers to use these images, the medical staff deletes all the data which would reveal the patient identity toprevent patient privacy. This manipulation is calledanonymization. In this paper, we propose a reversibleanonymization of DICOM images. Identifying patient data withimage digest, computed by the well-known SHA-256 hashfunction, are encrypted using the proposed probabilistic publickey crypto-system. After compressing the Least Significant Bit(LSB) bitplan of the image using Hofmann coding algorithm, theencrypted data is inserted into a liberated zone of the LSBbitplan of the image. The proposed method allows researchers touse anonymous DICOM images and keep to authorized staff -if necessary- the possibility to return to the original image with allrelated patient data.

Keywords-DICOM images; watermaking; Hofmann coding; reversible anonymization, public key cryptosystem.

I.

I

NTRODUCTION

DICOM images contain different kind of information,intermixing identifying patient data (I-Data) and non-identifying patient data (M-data) in a single file. To use theseimages by scientific researchers or for teaching purposes,hospitals proceed to the image anonymization by deleting all I-Data to ensure the patient privacy. Several software and webbased applications were proposed to ensure this anonymization,as proposed by [5], [4] and [6].For research purposes, sometimes the return to some I-Datain order to explain typical phenomenon is inescapable, but, theimages are already anonymized and there is no way to usethose information. To deal with this problem, [2] proposed tosubstitute I-Data by a unique anonymous token. In case thatlater an authenticated user needs full access to an image, thetoken can be used for re-linking separated I-Data and M-Data.[7] proposes to extract and save identifying data in anotherdatabase and non-identifying data is stored in the archive.When data is requested, the proposed system resolves thecorrelating and gathers the person-identifying information fromthe separate database. Another web-based separation isproposed in [8]. All above methods circumvent the mainobjective of DICOM images, which is to keep the image andthe related data in the same file. To ensure the anonymizationwith keeping I-Data in the same file, the watermarkingtechniques are unavoidable. [3] proposed embedding the digestcomputed by SHA-256, in the Region of Non-Interest (RONI)of the image LSB bitplan. This method presents somedifficulties to determine the RONI.In this paper, we propose a reversible anonymization of DICOM images based on cryptography and watermarking.After liberating a space in LSB bitplan of the host image bycompressing the original LSB bitplan using the Hoffmanncoding, the I-Data and the image digest computed by SHAdigital signature algorithm, are encrypted using the proposedpublic key crypto-system and inserted in liberated zone.This paper is organized as follows: Section 2 gives a brief review of DICOM standard. Section 3 explains the securityrequirement for medical data storage. Section 4 exposes theproposed public key crypto-system. Section 5 exposes theglobal algorithm of reversible anonymization, and the lastsection concludes the paper.II.

DICOM

I

MAGES

Introduced in 1993, DICOM (Digital Imaging andCommunications in Medicine) a technology standard that isused virtually in Hospitals, clinics, imaging centers andspecialists. Its structure is designed to ensure theinteroperability of systems used to produce, store, display,

send, …, and retrieve medical images and derived structured

documents as well as to manage related workflow.DICOM is required by all Electronic

Health

Records

System

s

that include imaging information as an integral part of the patient record.DICOM is used in radiology, cardiology, radiotherapy,oncology, ophthalmology, dentistry, and so on.For more description about DICOM, see the official website [13].

(IJACSA) International Journal of Advanced Computer Science and Applications,Vol. 3, No.4, 2012

77 |Page www.ijacsa.thesai.orgIII.

S

ECURITY

R

EQUIREMENTS FOR

M

EDICAL

D

ATA

S

TORAGE

To preserve patient privacy, all medical data are consideredas sensitive. To read the content of an image, a user should beauthorized. To prevent data infiltration, the anonymizationprevents the exposure of identified patient data to unauthorizedusers. Many techniques are available to ensure the storage of medical data:

A.

File access control

Under operating systems, the administrator defines accessrestrictions (read, write and execute) to file owner, the stuff members, and public users.

B.

Data access control

Medical databases are stored in local servers and can beconsulted remotely for tele-diagnostic for example. Access ordenial to medical data should be adequately granted.

C.

File encryption and signature

To reduce considerably the risk of disclosure, the use of crypto-system is a great solution. Encrypt medical data beforetransmission upon open networks, like Internet, ensures theconfidentiality of patient identity. Adding digital signatureensure the data integrity also.

D.

File anonymization

The identified patient data or de-identified patient data -information that does not identify the individual and for whichthere is no reasonable basis to believe the individual can beidentified from it - must be kept confidential. Several softwareand web based applications can ensure the DICOManonymization by deleting certain attributes like (Name,Address, Social card

ID,…) .

IV.

P

ROPOSED

P

UBLIC

K

EY

C

RYPTOSYSTEM

A.

Overview

Formally,

PKE

= three efficient (probabilistic) algorithms:KeyGen( ):Outputs: public key

pk

and secret key

sk

Enc(

pk

,

m

):Outputs: a ciphertext

c

Dec(

sk

,

c

):Outputs: a message

m

And always, we assume that the communication isexchanged in insecure channel, and then always, we assumethat there are pirates (adversaries).The scheme is called semantically secure if the probability

21)"("

wins A y probabilit

is negligible for every efficientadversary

""

A

.Our proposed scheme is based on third order linearsequences.In [10], P. Smith and M. J. J. Lennon proposed using Lucassequences cryptosystems, and they proved that the computationcost by using Lucas sequences is half reduced instead of usingexponentiation in the standard RSA. Moreover, from [12], thesecurity of Lucas sequences is polynomial-time equivalent tothe generalized discrete logarithm problem. In [11], Gong andL. Harn introduced cryptosystems based on third order linearsequences, and they show that the computation cost of theproposed scheme is reduced by

32

instead of usingexponentiation in the standard RSA. All these given variantshave a weak point on semantic security. In this paper, aprobabilistic variant is given, together with the securityanalysis. Moreover, as the crucial property of Lucas sequencesis that cryptosystem are not formulated in terms of exponentiation, this would make them unsusceptible to variouswell known attacks that threaten the security of moretraditional exponentiation based cryptosystems like RSA.

B.

Mathematical foundation

Remind that for two integers

a

,

b

and a polynomial

1)(

23

bX aX X X f

, a third order linear characteristicsequence generated by

),(

ba

is denoted by

),(

bas

and definedby the following recurrence:

),(),(),(),(

123

basbabsbaasbas

k k k k

),(

ba

is called the generator of

),(

bas

and

k

is itsexponent.It is well known that if

21

,

and

3

are the complexroots of

)(

X f

. Then there exist three rational numbers

321

,,

aaa

such that for every integer

k

.

k k k k

aaas

332211

b)a, (

Note that the tuple

321

,,

aaa

depends only on the choiceof

),(

0

bas

,

),(

1

bas

,

),(

1

bas

and conversely. If

),(),,(

10

basbas

and

),(

1

bas

are integers, then

321

,,

aaa

are integers too.Through the paper, let

p

is an odd prime integer,

),(

bas

is a third order linear sequence such that

),(),,(

10

basbas

,

),(

1

bas

are integers and

)(mod1

321

paaa

.Then

)(mod),(

1

pbbas

,

)(mod3),(

0

pbas

,

)(mod),(

1

pabas

and for every

k

,

),(

bas

k

is an integer.Since

)(

X f

is irreducible in

X F

p

, then

)(

X f

is irreduciblein

X Q

too. In that case, let

1

QK

,

K

Z

its ring of integers,

QK

N

and

QK

T

the norm and trace of

K

. Then forevery integer

k

,

pT bas

k QK k

mod),(

1

. Since

)(mod

1

p

p

and

M

(IJACSA) International Journal of Advanced Computer Science and Applications,Vol. 3, No.4, 2012

78 |Page www.ijacsa.thesai.org

)(mod

2

1

p

p

are the conjugate of

)(mod

1

p

, we have:

)(mod1

111

2

p N

p pQK

.Thus,

1

2

p pT

is a period of

),(

bas

modulo

p

.The following cryptographic properties are well knownmodulo

p

(see [GH 99]). We give theme modulo

2

p

withoutproof.To simplify, for every integer

k

, let us denote

))(mod,(:

2

pbass

k k

.If

)(mod3),(

20

pbas

,

)(mod),(

21

pabas

and

)(mod),(

21

pbbas

. Then for every integer

k

,if

)(mod1

223

p X s X s X X f

k k k

,then

)(mod)(

2321

p X X X X f

k k k k

.In particular, for every integers

k

and

e

,

).)(mod,(),(),,(

2

pssbasbass

ek ek k k e

(3)

C.

Infrastructure

The algorithms of the proposed public key schemes arebased on the result given in Proposition.1, given in thisparagraph.Let

pqn

be an RSA,

),(

ba

two integers such that

1)(

23

bX aX X X f

is irreducible modulo

p

(resp.modulo

q

),

),(

bas

the third order linear sequence modulo

2

n

generated by

),(

ba

such that

)(mod),(

21

nbbas

,

)(mod3),(

20

nbas

,

)(mod),(

21

nabas

.Let

)1,1(

22

qq p p LCM T

)4(

be the least common multiple of

1

2

p p

and

1

2

qq

.Let

})(mod3),(,),({:

2

n y xs Z y x

T

and

nZ Z L

2

:

defined by

)(mod3),(
),(L

nn y xs y x

T

Since for every

),(

y x

,

)(mod3),(

n y xs

T

,

L

is welldefined and we have the following proposition:Proposition.1

If

),(

ba L

is invertible modulo

n

, then for every

integer

k

,

)(mod),()),(),,((

nk ba Lbasbas L

k k

Proof.For every ,let

}])[(mod1],[{:

iii

Z n x Z x

and

][][:

iiii

nZ Z L

defined by

)(mod1)(L

i

nn x x

.Then for every

2

),(

i

y x

,

)(mod1)1(1)1(1
)(L

i

nn xn y xn x y xn xy xy

.Since

i

x

, we have

)(mod1)1(
)(L

i

nn xn y xy

and then

)(L)(L)(L

iii

y x xy

.Let

)1(T

2p

p pk

. Since for every ,

)(mod1))(()(

1

2

p N

qq

k iQK k p piT i

(resp.

)(mod1

q

T i

), it follows that

)(mod1

n

T i

. Thus forevery ,

iT i

and for every integer

k

,. So,

))(mod1()1()1(3),(

321

nbas

kT kT kT kT

andFinally, , and if is invertible,then .The solely problem that remains to establish our proposedscheme, is to describe a method How to choose a couple

),(

ba

such that is invertible: if

))(mod,(

nba L

is notinvertible, we describe a method which allows us to choose acouple

),(

ba

of integers that

))(mod,(

nba L

is invertible.If

)(mod3),(

nnbas

T

, then we will keep, and. Else, i.e., if

p

or

q

divides

nbas

T

3),(

,then let

p}q,{n,:

E

and

E xn y

the largest element of

E

dividing

nbas

T

3),(

. (If

1

x

, then

x

does not divide

nbas

T

3),(

). Let

nxa A

:

, and consider

),(

b As

the characteristicsequence generated by

),(

b A

modulo

2

n

:

3,2,1:

i

3,2,1:

i

3,2,1:

i

))(mod()(

ii

nkLk L

T iT i

))(mod(13),(s
)),(s),,((s

3131k k -k

n Lk nnbababa L

T iiiikT i

))(mod,()),(s),,(L(s

k -k

nbakLbaba

))(mod,(

nba L

)(mod),()),(s),,(L(s

k -k

nk ba Lbaba

))(mod,(

nba L

)(mod),(

21

nbbas

)(mod3),(

20

nbas

)(mod),(

21

nabas