2017 8th International Conference on Information Technology (ICIT)

Medical Imaging Security Using Partial

Encryption and Histogram Shifting Watermarking

Hiba Abdel-Nabi and Ali Al-Haj

Department of Computer Engineering
Princess Sumaya University for Technology
Amman, Jordan
hiba@psut.edu.jo, ali@psut.edu.jo

Abstract—Rapid advancements in information and
communication technologies facilitated sharing of digital medical
images in telemedicine applications. However, due to the
sensitivity of medical images, their security has become a
challenging requirement that must be addressed. In this paper, a
simple and efficient joint reversible data hiding and encryption
algorithm is proposed for watermarking medical images while
providing high embedding capacity. The proposed algorithm
combines reversible data hiding techniques with standard
encryption techniques in order to provide the needed security of
transmitted and stored medical images. The algorithm utilizes
substitution-based encryption and transposition-based
encryption to achieve high degree of entropy in the encrypted
watermarked images. The operation of the algorithm is based on
dividing the original medical image randomly into two halves,
each of which is assigned a different watermark. One of the
watermarks is embedded before encryption and the other
watermark is embedded after encryption. Aside from providing
high entropy, the proposed algorithm provides relatively high
embedding capacity because of the existence of two watermarks,
while keeping low computational complexity.
Keywords— medical images; watermarking; cryptography;
partial encryption; histogram shifting; reversible data hiding.
I. INTRODUCTION
To provide safe transmission of medical images, there
exists some security requirements that must be met. These
requirements are confidentiality, authenticity, and integrity.
Confidentiality states that only authorized users have access to
the exchanged image, authenticity allows verification of the
origin and owner of the exchanged image, and integrity ensures
that the exchanged image has not been modified or tampered
with. Cryptographic techniques can be used to provide the
stated security requirements by scrambling the medical image
to achieve confidentiality, and by using digital signatures to
provide authenticity and integrity [1, 2]. However, with
encryption only it is impossible to monitor how a legitimate
user handles the content after decryption, thus making it
possible to illegally redistribute or manipulate the content. An
alternative technology that seems to complement the
cryptographic techniques to fulfill the security needs of
medical image security is data hiding.
Data hiding, or watermarking, is a valuable technique that
has gained wide spread attention and significance, especially
with the rapid evolution of multimedia and communication
technologies [3, 4, 5]. A large number of schemes have been
proposed in the literature to provide different applications with
security services such as copyright protection and
authentication, broadcast monitoring, covert communication,
medical diagnosis, and law enforcement. The security
performance of each application is a tradeoff between three
watermarking performance requirements: imperceptibility,
embedding capacity, and robustness against any external
attacks. In this paper, our interest has been in reversible data
hiding (RDH) which allows complete watermark extraction
and exact cover image restoration, thus ensuring image
authenticity and integrity of the original cover images [6 - 11].
Since medical images are sensitive to any modification or
tampering, reversible data hiding has been chosen over
irreversible data hiding to guarantee exact recovery of the
original image after watermark extraction.
In this paper, an algorithm based on reversible data hiding
and cryptography is proposed. The algorithm merges
watermarking and encryption techniques by dividing the image
into two halves with equal sizes. Each half is assigned a
different watermark: one is embedded before encryption and
the other is embedded after encryption. Different encryption
standards have been used to embed the watermarks in the two
halves. The proposed algorithm embeds two different

978-1-5090-6332-1/17/$31.00 ©2017 IEEE

802
2017 8th International Conference on Information Technology (ICIT)
watermarks simultaneously; one in the spatial domain and one
in the encrypted domain. This insures the integrity and
authenticity of the image e before and after decryption. This
also allows the receiver to take certain extraction actions based
on specific privileges given by the sender. The algorithm uses
histogram shifting as an effective reversible data hiding scheme
[12]. Extensive experimentations have been conducted to
evaluate the performance of the proposed algorithm. The
performance results demonstrate that the proposed algorithm
can be applied effectively to medical images since it provides
security to the images during transmission or storage, while
assuring their exact recovery at the receiver’s side. Section two
gives a detailed description of the proposed algorithm. The
performance results of the algorithm are presented in section
three. Finally, concluding remarks are outlined in section four.
II. THE ALGORITHM
The proposed algorithm achieves separable data hiding in
the spatial and encrypted domains by first dividing the cover
image randomly into two halves, i.e., two equal-sized parts.
Then, each half is assigned a different watermark. One of the
watermarks is embedded before encryption in the spatial
domain, and the other watermark is embedded in the
encryption domain after encryption. A detailed description of
the algorithm is given in the following sub-sections.
A. Watermarks Embedding Phase
First, the cover image is divided into two equal halves. The
division is done by taking the image rows with half the column
numbers for each half, or randomly by using random number
generator. Then, each half is divided into two areas:
embeddable and non-embeddable areas. The embeddable area
is used for embedding the watermark image after converting
the watermark to a row vector concatenated with the LSBs of
the pixels in the non-embeddable area. The non-embeddable
area is used to record the side information. The two image
halves go through different encryption and watermarking
operations, however the overall resultant image will be fully
encrypted to ensure no original content is revealed. The
operational steps of the data embedding phase are described
below and depicted in the diagram shown in Fig.1.
Step 1: Divide the image I into two equal halves. The
selection of the pixels of each half is done randomly by the use
of a key fed to a random number generator. This key should be
available at the encoder/sender and the decoder/receiver sides
in order to embed and extract the watermarks.
Step 2: Take the first half and embed a watermark into it
using the histogram shifting method. This watermark is
considered the spatial domain watermark Ws.
Step 3: Encrypt this first watermarked half by either using a
standard block cipher algorithm, like AES, or using a stream
cipher algorithm, like RC4, or using permutation.
Step 4: Encrypt the second half using pixel permutation.
This method will keep the values of the pixels the same, as it
shuffles their locations according to a key to produce a
meaningless data. Accordingly, the histogram of this encrypted
part will remain unchanged.
Step 5: Embed another watermark in the second encrypted
half using histogram shifting. This watermark is considered the
encrypted domain watermark We.
Step 6: Combine the two halves together and reorder the
pixels in their correct order to obtain a watermarked encrypted
image I’’.
The spatial domain watermark refers to the watermark that
is available after decrypting the image; therefore it is embedded
in the first half. The resultant watermarked half is then
encrypted by a standard substitution-based encryption method
to increase entropy of the combined image. On the other hand,
the encrypted domain watermark refers to the watermark that
will authenticate the image while the image is still encrypted.
B. Watermark Extraction Phase
The extraction phase is the exact reversal of the embedding
phase. That is, the watermarked encrypted image is first
divided into two halves using the same key used in the
embedding procedure. Then, each half is divided further into
embeddable and non-embeddable areas. As for watermark
extraction, we have two options; either we extract the
watermark first and then decrypt the second half, or decrypt the
first half and then extract the watermark. The two options are
shown in the block diagram of Fig.2, and described below.
Step 1: Divide the watermarked encrypted image I’’ using
the same key used for selecting the pixels in the embedding
procedure to get the original two halves. The first half is a
watermarked encrypted half while the second is encrypted
watermarked half.
Step 2: In order to get the encrypted domain watermark, we
simply extract We, from encrypted watermarked half.
Step 3: Then we can decrypt that half if we want image
restoration as well.
Step 4: The spatial domain watermark Ws can be extracted
by first decrypting the watermarked encrypted half then
extracting the watermark.
Step 5: The exact full image can be obtained by
recombining the two halves together.
III. ALGORITHM PERFORMANCE
A large set of 8-bit gray scale medical images of different
modalities have been used to evaluate the performance of the
proposed watermarking algorithm. The images were of
different resolutions varying from 512×512 to 2048×2048. The
image that is chosen to present the simulation in this section is
a CT image with size 512×512 and is shown in Fig. 3(a) while
the corresponding encrypted watermarked image is shown in
Fig. 3(b). The spatial domain watermark has a size of 300×300
and it is shown in Fig. 3(c). The encrypted domain watermark
has a size of 305×98, and it is shown in Fig. 3(d). An example
803
2017 8th International Conference on Information Technology (ICIT)
of the original and shifted histograms of the CT image is
shown Fig. 4.

Cover Image

Preprocessing:
Division and random
selection

Extraction of
the first 34 First Half Second Half
LSB

Second Half Permutation

Peak Encryption
Scan this half to Encryption
Point Key
find peakpt and
zeropt Zero Extraction of
Point
Encrypted Second Half the first 34
LSB

Shift the
Total histogram to the Spatial Peak Scan this half to
payload left or right by 1 Domain Point find peakpt and
to embed the Hiding Key Zero zeropt
data Point

Shift the Total

Encrypted
Spatial LSB Domain histogram to left payload
Domain Substitution Hiding Key or right by 1 to
Watermark embed the data

First Half Encrypted

Encryption Encryption Domain
Width Height Key LSB Watermark
Substitution

Width Height

Combine
Processed Image

Watermarked
Encrypted Image

Fig. 1. Block diagram of the embedding phase of the proposed algorithm.

804
2017 8th International Conference on Information Technology (ICIT)

Watermarked Encrypted Image

Preprocessing:
Division and random selection

First Half Second Half

First Half Extract first 34

Decryption LSB
Encryption
Encrypted
Key
Domain
Encrypted Watermark
Extract first 34 Domain Reconstruct peakpt,
Spatial LSB Hiding zeropt, height and

Reshape
domain Key width of wm
watermark

Reconstruct peakpt, Wm = payload

Reshape

Spatial (1: height ×

zeropt, height and Domain Scan the half to
width)
width of watermark Hiding Key reconstruct the
Wm = payload embedded payload
(1: height ×
width)
Original LSB
Scan the half to
= payload
reconstruct the Shift the histogram to (height ×
embedded payload the left or right by 1 width+1:end)
Original LSB
= payload
(height ×
width+1:end) Shift the histogram to
the left or right by 1 LSB Substitution

Second Half
LSB Decryption
Encryption
Substitution Key

Combine
processed image

Original Recovered
Image

Fig. 2. Block diagram of the extraction phase of the proposed algorithm.

805
2017 8th International Conference on Information Technology (ICIT)
decrypting the image while leaving the spatial domain
watermark embedded in the decrypted image. Finally, at the
third stage where the image is completely recovered. The
comparison of the quality degradation of these three stages
versus the original image are listed in Table 2, along with the
actual embedded payload size in each domain represented by
bpp values. As can be noticed that the PSNR values of the
directly decrypted image are lower than the PSNR values of the
partial decrypted watermarked image in which the encrypted
domain watermark is extracted. The infinite value of the
(a). (b). restored image PSNR indicates that the cover image is
completely restored. Note that the embedding capacity in the
tables below, denoted by bpp value, is not the maximum
available capacity, instead they are the actual embedded
payload that achieved that PSNR value.

TABLE 2. The PSNR values at the three different stages for the CT 512
(c). (d). image.
Fig. 3. (a) CT medical image; (b). Encrypted watermarked CT image; (c). Decrypted Image
Spatial domain watermark; (d). Encrypted domain watermark. Directly Decrypted Watermarked Restored
With Partial
Image Image
Watermark
Spatial Encrypted Spatial
PSNR PSNR PSNR
Embedded Embedded Embedded
(db) (db) (db)
bpp bpp bpp
56.5958 0.2811 0.1140 58.8066 0.2811 ’

Fig. 5 shows the quality vs. embedding rate of the

(a). (b).
Fig. 4. (a). Original histogram. (b). Shifted histogram.
A. Embedding Capacity
The maximum data embedding capacity in each domain is
measured using bits per pixel (bpp). This value depends on the
maximum number of embeddable bits which is determined by
the histogram shifting method and the size of the portion of the
image that is used for embedding the required watermark
payload. Table 1 the lists maximum embedding capacities
provided by the proposed algorithm for the CT512 test image.
algorithm for the CT 512 test image. The quality of the directly
decrypted image without any watermark extraction is measured
using PSNR value, whereas the number of embedded bits in
the image is measured using bpp value. Fig. 5 compares
algorithm's achieved PSNR values at varying embedding
capacities. As seen in the figure, the embedding payloads
decrease as the achieved PSNRs values increase, and vice
versa. This is expected since embedded watermarks have an
adverse effect on the imperceptibility of the cover image.
60
59
PSNR (db)

58
TABLE 1. Maximum Embedding capacity of the CT512 image provided by
the proposed algorithm.
57
Max # of Max
Operating Peak Zero
embeddable bits capacity
56
Domain point point
(bits) (bpp)
0.6040
55
Spatial Domain 0 254 79,162
0.05 0.1 0.2 0.3 0.4 0.5 0.6
Encrypted Domain 0 254 79,322 0.6050
Embedding Capacity (bpp)

B. Image Visual Quality vs. Embedding Capacity

Because of the separable property of the proposed
algorithms, and due to the different keys used in the algorithm,
there are many stages that the extraction phase of the proposed
algorithm can produce depending on the owned keys. The first
stage is when the image is directly decrypted without any
watermark extraction in either of the two domains. The second
stage is the extraction of the encrypted domain watermark then
Fig. III. Performance of the proposed algorithm: PSNR vs. embedding
capacity for the CT 512 image.
C. Separability Analysis
The proposed algorithm fulfills the requirement of
separability for watermarked encrypted images. This algorithm
makes use of four different keys, with each key playing a

806
2017 8th International Conference on Information Technology (ICIT)
different and essential role in the watermarking and extraction
process. The keys and the different actions made possible by
each key are described as follows:
a. The Spatial domain hiding key: this key is used to
extract the watermark embedded in the spatial domain of the
first half (before encryption).
b. The Encrypted domain hiding key: this key is used to
extract the watermark embedded in the encrypted half.
c. The first half encryption key: this key is used in
encrypting and decrypting the first half. It can be the key of a
standard encryption standard, such as AES or RC4, or the key
of a permutation-based encryption method.
d. The second half encryption key: this key is used in
encrypting and decrypting the second half, and in the proposed
algorithm this key is assigned to the permutation encryption
method.
The four different keys produce sixteen distinct cases. This
will lead to different actions in the extraction phase. For
example, if the user is a database administrator, then his only
concern would be to ensure image authenticity and integrity
without the need to reveal the content of the image. Similarly,
if the content owner does not trust the service provider, then we
can give the user the encrypted domain hiding key only. This
will enable the user to manipulate the encrypted data while
keeping the plain content unrevealed. In this case, the
administrator will be able to extract the encrypted domain
watermark and the image will still be encrypted. The user will
authenticate the image without having any knowledge about
the original image.
IV. CONCLUSIONS
In this paper, we presented a simple and an efficient joint
reversible data hiding and encryption system for medical
images with high embedding capacity. The algorithm is based
on combining the reversible data hiding techniques with
standard encryption standard to provide image security at
different stages, and to guarantee the blindness of extraction at
the same time. The algorithm employs two types of
encryptions: substitution-based encryption and transposition-
based encryption. This provides full encryption of the cover
image while maintaining high degree of entropy in the
encrypted image. Performance of the algorithm was tested
using medical images of different modalities. The achieved
results demonstrate the effectiveness of combining data hiding
techniques and cryptography to provide different security
services to medical images exchanged between healthcare
entities.
REFERENCES
[1] Stallings, W., Cryptography and Network Security—Principles and
Practice. Englewood Cliffs, NJ: Prentice-Hall, 2016.
[2] Ali Al-Haj, Gheith Abandah, and Noor Hussein, “Crypto-based
algorithms for secured medical image transmission”, IET Information
Security, 9(6), pp. 365-373, Nov. 2015.
[3] I. Cox, M. Miller, J. Bloom, J. Fridrich, and T. Kalker, Digital
Watermarking and Steganography, 2nd ed. San Francisco, CA: Morgan
Kaufmann, 2007.
[4] Ali Al-Haj (Editor) Advanced Techniques in Multimedia Watermarking:
Image, Video and Audio Applications, IGI Global, USA, April 2010.
[5] Ali Al-Haj, et al. “A Unified Approach Towards Multimedia
Watermarking”, Book Chapter in Advanced Techniques in Multimedia
Watermarking: Image, Video and Audio Applications, (Ed.) Ali M. Al-
Haj, IGI Global, USA, pp. 228-253, 2010.
[6] J. Tian, “Reversible data embedding using a difference expansion,”
IEEE Trans. Circuits Syst. Video Technol., vol. 13, no. 8, pp. 890–896,
Aug. 2003.
[7] W. Hong, T.-S. Chen, Y.-P. Chang, and C.-W. Shiu, “A high capacity
reversible data hiding scheme using orthogonal projection and prediction
error modification,” Signal Processing, vol. 90, pp. 2911–2922, 2010.
[8] C.-C. Chang, C.-C. Lin, and Y.-H. Chen, “Reversible data-embedding
scheme using differences between original and predicted pixel values,”
IET Inform. Security, vol. 2, no. 2, pp. 35–46, 2008.
[9] L. Luo et al., “Reversible image watermarking using interpolation
technique,” IEEE Trans. Inf. Forensics Security, vol. 5, no. 1, pp. 187–
193, Mar. 2010.
[10] X. Zhang, “Reversible data hiding in encrypted images,” IEEE Signal
Process. Lett., vol. 18, no. 4, pp. 255–258, Apr. 2011.
[11] Z. Zhao,H. Luo, Z.-M. Lu, and J.-S. Pan, “Reversible data hiding based
on multilevel histogram modification and sequential recovery,” AEU-
International Journal of Electronics and Communications, vol. 65, no.
10, pp. 814–826, 2011.
[12] Z. Ni, Y. Shi, N. Ansari, and S. Wei, “Reversible data hiding,” IEEE
Trans. Circuits Syst. Video Technol., vol. 16, no. 3, pp. 354–362,
Mar.2006..
807