Block-Wise Authentication and Recovery Scheme for Medical Images Focusing on Content Complexity

Abstract

Digital images are used to transfer most critical data in areas like medical, research, business, military, etc. The images transfer takes place over an unsecured Internet network. Therefore, there is a need for reliable security and protection for these sensitive images. Medical images play an important role in the field of Telemedicine and Tele surgery. Thus, before making any diagnostic decisions and treatments, the authenticity and the integrity of the received medical images need to be verified to avoid misdiagnosis. This paper proposes a block-wise and blind fragile watermarking mechanism for medical image authentication and recovery. By eliminating embedded insignificant data and considering different content complexity for each block during feature extraction and recovery, the capacity of data embedding without loss of quality is increased. This new embedding watermark method can embed a copy of the compressed image inside itself as a watermark to increase the recovered image quality. In our proposed hybrid scheme, the block features are utilized to improve the efficiency of data concealing for authentication and reduce tampering. Therefore, the scheme can achieve better results in terms of the recovered image quality and greater tampering protection, compared with the current schemes.

1 Introduction

Today, Patients who live in remote areas are able to be diagnosed by experts with the help of telemedicine. However, this advancement of technology has led to some serious security concerns. Medical imagery transmission between experts and patients is an important task in this regard. During the data transfer, this data may be altered by some attacks intentionally or unintentionally. Thus, the authentication and content verification of this kind of important digital data is essential. Furthermore, recent studies show that, due to the rise of software capabilities for editing and modifying digital images, manipulation of radiography data is a serious issue; For example, modified images could be used in illegal claim for medical insurance of a patient or in publishing fraudulent results. The present security frameworks are either using encryption or steganography, or the combination of both to protect against unauthorized access. While these image encryptions are useful for protection against unauthorized access, they are unable to safeguard the authenticity and integrity of the transmitted image when the key is revealed. Furthermore, these methods are not able to reconstruct the original image when it is attacked. It is obvious that integrity and confidentiality are the main issues, because damaging of the medical image during transmission leads to serious problems in medical treatments, like the damage of decisive information, misdiagnosis by physicians and potentially calling into question the reliability of the health care center [1, 2].

Due to the high sensitivity to the modification in some images such as medical imagery, fragile watermarking schemes can be used where authentication is required. Fragile watermarking could be considered as two main groups: pixel-based and block-based schemes. In the pixel-based fragile watermarking approaches, the data pertaining to the watermark is produced utilising the host pixel values. These are then embedded into the host pixels as well. In case of the block-based fragile watermarking approaches, the host image is first segmented into multiple blocks. Each block contains individual data for the watermark, which can be used for authentication through detection and verification of the watermark data. If detection of the watermark data is unsuccessful, it indicates that the image may have been changed. Subsequently the block is then marked as tampered or invalid. From the embedding point of view, watermarking can be categorized into frequency or spatial based. The frequency-based approaches apply various transfer functions such as the Fast Fourier Transformation (FFT), Discrete Cosine Transformation (DCT), and Discrete Wavelet Transformation (DWT) to change pixel values from spatial domain to the coefficients of the frequency domain. Then the watermark data is hidden into those. But the spatial domain uses the pixel values to embed the watermark data directly. Spatial domain usually embed hidden data in the Least Significant Bits (LSBs) of pixels’ value in order to avoid damaging the image [3,4,5,6,7,8,9,10].

1.1 Related Work

Self-embedding fragile watermarking can be useful in order to identify and then recover after any tampering. In this method the watermark data can be a copy of the compressed image or features of original image itself. The basic features of an image which are chosen as watermark data should include enough information to recover the original image, with higher recovery in the tamper region. A dual watermarking method has been proposed by Lee and Lin to detect tampering within an image and then to recover the original image [5]. In their method tampered area can be recovered by extracting watermarked data from the other intact blocks. This method is appropriate for minor tampering cases only.

Some of watermarking methods suffer from false image production after recovery by using a reference table, because of the block autonomous aspect of image watermarking. Those kinds of watermarking that have not involved any block dependency may be damaged with some special attacks like Vector Quantization (VQ) attack [6]. To overcome VQ attack, some block-wise watermarking methods are introduced, such as a fragile watermarking method for verifying and recovering medical images [6]. An image needs to be segmented into same size blocks in order to compute authentication and recovery codes by their method. Singular value decomposition is applied to attain a block authentication code for every 4 × 4 block. The recovery code is the mean value of every 2 × 2 block. Arnold transform is applied to distinguish where these codes should be embedded but embedding both codes in the same block can cause an increase in the rate of false detection. A blind image watermarking method utilising the DWT and the Singular Value Decomposition (SVD) has been developed by Thakkar and Srivastava [7]. They used DWT on selecting the region of interest in medical images and produced separate frequency sub-bands for decomposition of these areas. Then the results are combined by the applying SVD on the LL sub-band. Their method is robust and has produced good results in terms of watermarked image quality and in extracting watermarked data successfully, but it is not capable of recovering the medical images when it is altered.

Qin et al. [8] developed a new scheme of compressing the image, named as Optimal Iterative Block Truncation coding (OIBTC), which achieved better quality than the traditional Block Truncation Coding (BTC). They applied OIBTC to achieve recovery. They have used 4 × 4 block size and 8 × 8 block size. In higher tampering rates, the quality of a recovered image by bigger block size is higher because of more redundancy of the recovery code but in lower tampering rate the block size of 4 × 4 has higher performance, since the recovery code has not been so compressed. In most of the block-wise methods, an image is segmented into the same sized blocks and all blocks are treated equally. It is obvious that the volume of data that can be concealed in a block is limited by the size of the block. A big block size can convey more data, leading to more recovery data. But the ability of detecting and locating of the exact area is less.

Therefore, the size of block can be an important option to have efficient authentication and recovery since there is a trade-off between the size of the block and effective authentication and recovery. In addition, the features of a block can be exploited to enhance the efficiency of data concealing and authentication. It may be better to encode recovery data related to the blocks with small changes and fewer bits. Instead recovery data of the blocks with big changes could be encoded by more bits to boost the quality of the recovered image. This could mean a bigger capacity to hide the recovery data of the smooth blocks is pointless. This capacity can be reserved for hiding the recovery data of more complex blocks. In the proposed method, the complexity of the block has been used to understand the types of the blocks to design different plans of embedding and extracting data to increase the efficiency of authentication and recovery. In the other word, some blocks do not need much capacity for embedding their features, and their dedicated capacities can then be used for other purposes.

2 Proposed Method

The first step for self-embedding watermarking is obtaining the basic features from the image, then embedding this data into the image itself. Thus, an image can be recovered after tampering by extracting and using the watermarked data from intact areas of the image. On one hand, since the data is embedded into the image as watermarked data, the amount of this data should be as minimum as possible so to minimize the decrease in the watermarked image quality. On the contrary, if the amount of data entrenched into the image is larger, the recovered image will be of better quality. Therefore, there is a trade-off between the watermarked and recovered images in terms of their quality. To address this problem and have high quality for both the watermarked and the recovered images, the following steps should be considered: firstly, the selected data as watermarked data should be as efficient as possible, so that watermarked data is able to recover the tampered image with higher quality. Secondly, watermarked data should be as compressed as possible so that embedding them as watermark data into the image decreases the original image quality as little as possible.

To achieve this aim, a new hybrid method for compressing and obtaining the efficient features of an image will be introduced. This method discovers and pinpoints modifications in an image and recovers the altered areas. The information hidden in the image or the watermark data are divided into authentication code and recovery code, leading to greater accuracy. The authentication code is used to identify and trace the regions of tampered areas, and the recovery code can be used in case of tampering to recover the original image. In some cases, not only some areas of the image are destroyed but also their recovery codes may have been lost as well as a result of tampering. Therefore, these regions cannot be salvaged, and the quality of the recovered image will decrease. For this reason, as well as obtaining a better quality of a recovered image, two different copies of a compressed image will be embedded into the original image as the watermark data.

Three kinds of the watermark data should be provided for every block of size 8 × 8. The first kind of watermark data is named as the authentication code (16 bits) which can be used to identify the tampered blocks, the second and third kinds of watermark data are recovery codes, which are applied for recovery of the damaged content of the tampered image. The authentication code is entrenched inside the block itself and the recovery codes are entrenched into the mapped block of the image in order to have block dependency and being able to deal with the VQ attack. Due to the fact that replacing only two LSBs of pixels in image may not decrease the quality of the image noticeably, these two LSBs in all blocks are reserved for embedding data. Recovery codes can be achieved with the help of OIBTC and average pixels values of the block.

The Block Truncation Coding (BTC) is an effective image compressing algorithm. In this algorithm an original image with size n × n should be divided into m × m non-overlapping blocks. The average value (\( \mu \)) and the standard deviation (\( \sigma \)) will be calculated for every block using (1, 2):

$$ \mu = \frac{1}{m}\sum\nolimits_{i = 1}^{m} {x_{i} } $$

(1)

$$ \sigma = \sqrt {\frac{1}{m}} \sum\nolimits_{i = 1}^{m} {(xi - \mu )^{2} } $$

(2)

All pixels in the block are categorized into two sets, in a way that when the intensity of a pixel is more than the mean value of the block, it is considered as the first set. Otherwise, it belongs to the other set. There is a bit map for every block as well. The corresponding bit for the pixels of the first set are zeros and for the second set pixels are ones. Any block in the image can be compressed by following above steps. Then an image block will be decompressed by substituting the ones with high reconstruction level \( (M_{1} ) \) and the zeros by low reconstruction level \( (M_{0} ) \) using the following Eqs. (3, 4) [11,12,13,14,15,16].

$$ M_{0} = \mu - \sigma \sqrt {\frac{{m^{ + } }}{{m^{ - } }}} $$

(3)

$$ M_{1} = \mu + \sigma \sqrt {\frac{{m^{ - } }}{{m^{ + } }}} $$

(4)

Where m+ is the number of pixels for which their values are greater than \( \mu \) and m− is the number of pixels that are less than. To improve the visual quality of BTC-decompressed image, [8] has proposed a new OIBTC algorithm for compressing an image. In OIBTC new low and high reconstruction levels have been introduced as \( M_{l} \) and \( M_{h} \), which can be calculated by minimizing the distortion for each block through following steps:

1. 1.

   Every block is arranged in ascending order of its pixels’ values, i.e.,

   $$ \text{S} = \left\{ {p_{1} ,p_{2} , \ldots ,p_{m} } \right\} $$

   In which \( p_{i} \) are the pixels in the block and \( p_{1} < p_{2} < \ldots < p_{m} \)

2. 2.

   Each block should be divided into two segments, and for each segment the mean value should be calculated as

   $$ S_{l}^{k} = \left\{ {p_{1} ,p_{2} , \ldots ,p_{k} } \right\},S_{h}^{k} = \left\{ {p_{k + 1} ,p_{k + 2} , \ldots ,p_{m} } \right\} $$

   In which \( S_{l}^{k} \) and \( S_{h}^{k} \) are these two segments.

3. 3.

   In each block, the mean values of the two above sets \( \left( {M_{l}^{k} \; and \;M_{h}^{k} } \right) \) are considered as low and high reconstruction levels and the distortion should be computed for the block by (5):

   $$ d^{k} = d_{l}^{k} + d_{h}^{k} = \sum\nolimits_{i = 1}^{k} {(p_{i} - M_{l}^{k} )^{2} } + \sum\nolimits_{i = k + 1}^{i = m} {(p_{i} - M_{h}^{k} )^{2} } $$

   (5)

   The distortion for the whole block is \( d^{k} \) while \( d_{l}^{k} \; and\; d_{h}^{k} \) are distortion for each segment and \( p_{i} \) are the real amount of pixels in the block.

4. 4.

   Steps 2 and 3 should be repeated to obtain minimum distortion. Where the distortion is minimum, \( M_{l}^{k} \;and \;M_{h}^{k} \) can be used as the low and high reconstruction levels \( (M_{l} \;and\; M_{h} ) \) of the block.

After generating the recovery codes (it will be introduced in Sect. 2.1 and 2.2), these codes should be embedded in other blocks. Arnold transformation can be applied as a mapping function to find the suitable block for embedding the recovery codes. Using this function helps with distributing the recovery data into different blocks. A digital image is partitioned into blocks and each block has the address of (x, y). Arnold transform maps one block to another block using (6).

$$ \left[ {\begin{array}{*{20}c} {x^{ '} } \\ {y^{ '} } \\ \end{array} } \right] = \left[ {\begin{array}{*{20}c} 1 & {K_{1} } \\ {K_{2} } & {K_{1} K_{2} + 1} \\ \end{array} } \right]\left[ {\begin{array}{*{20}c} x \\ y \\ \end{array} } \right] mod N $$

(6)

Where “N” is the number of all blocks in the image. \( K_{1} \) and \( K_{2} \) are used as keys. The embedding locations of two recovery codes of each block are different and are calculated by two keys.

2.1 Producing Authentication and Recovery Data

The first and the second LSBs of all pixels should be replaced with zero during the process of authentication code calculation, since LSBs will be substituted with water-marked data and must not be assessed. The authentication code for each block is 16 bits and can be generated through a Hash function. All 64 pixels which are inside the 8 × 8 block and the ordering numbers of them should be included in the hash function. The authentication code is then included in the block itself.

To obtain the recovery code, a distortion criteria D has been used to select which option of compression is more suitable for each block (unlike as presented in [8]). Each block has been treated differently regarding its complexity in our work. Some blocks do not need as much capacity to embed their features. These blocks are considered as smooth blocks. But some other blocks need more capacity to embed their features as they are more complex or textured. Since every smooth block can be recovered by less information, their dedicated locations can be reserved for embedding another copy related to the other blocks. For every 8 × 8 block these following four compression methods are available to choose in order (methods are arranged in order of descending compression rates):

1. 1.

   An average pixels values of the 8 × 8 block

2. 2.

   Four average pixels values related to four 4 × 4 blocks inside the 8 × 8 block

3. 3.

   An 8 × 8 OIBTC compression

4. 4.

   Four 4 × 4 OIBTC compression related to four 4 × 4 blocks inside the 8 × 8 block

In order to efficiently exploit the available capacity and to embed more data, as well as having a high-quality watermarked image, a threshold for distortion should be set. Each block should have its own limitation to extract its basic features depending on its content complexity. Hence any of the four compression methods above whose distortion is less than the distortion threshold level and having greater compression rate, should be applied for selecting the first recovery data. Thus, the option that presents the highest compression rate is the priority if its calculated distortion is less than the threshold. These kinds of blocks are very smooth and the first copy in this case is just the mean value of the 8 × 8 block. Otherwise, the distortion should be calculated for the second option in a way that the block should be divided into four 4 × 4 blocks. The average mean value for each 4 × 4 block and their distortion should be calculated and if their total distortion is not less than threshold as well, the next option is our next priority using a similar procedure. The last priority is four 4 × 4 OIBTC which may be selected when the block is quite complex.

The value of threshold can be selected according to the complexity of the image and predicted tampering rate. If the threshold is selected at a lower level the distortion for the first copy will be low. Consequently the quality of the recovered block by the first copy will be high. But it should be considered that in the higher tampering rate because of high probability of losing the first copy, we have to use the backup recovery data therefore reasonable quality for the second copy is also important. Hence enough room should be created for better backup recovery as well. In this work, in order to find the suitable threshold, a copy of the compressed image by 8 × 8 OIBTC should be calculated then average value of distortion for all 8 × 8 blocks in the image can be set as a threshold. Two bits are also allocated as indicators to demonstrate which compression method has been used. The distortion is calculated by (7) for each 8 × 8 block.

$$ \text{D}\, = \,\sum\nolimits_{i = 1}^{i = 8} {\sum\nolimits_{j = 1}^{j = 8} {(p_{i,j} - c_{i,j} )^{2} } } $$

(7)

Where D denotes the distortion for each 8 × 8 block, \( p_{i,j} \), and \( c_{i,j} \) are the original pixel value and the value of pixel after compression.

2.2 Reducing the Number of Bits for Embedding

Reducing the number of bits which are needed to embed as watermark data is possible by exploiting the differences between nearby values. Since any of \( M_{l} \) and \( M_{h} \) (low and high reconstruction levels in OIBTC compression) can be displayed by 6 bits separately and both belong to the same image block, 10 bits should be sufficient for both. Here 6 bits are required for the mean values of \( M_{l} \) and \( M_{h} \) and 4 bits for the absolute difference between their mean values and any value of \( M_{l} \) or \( M_{h} \). Instead of real values of \( M_{l} \) and \( M_{h} \) the mean value and the absolute difference value can be embedded. Then in the receiver side, the real values for \( M_{l} \) and \( M_{h} \) can be calculated conveniently by subtracting and adding the difference value with the mean value separately. Hence, it is not required to embed all 12 bits for every block and more capacity will be remaining to embed more useful data (unlike [8]).

2.3 Watermark Embedding Process

Every 8 × 8 block has 64 pixels which watermarked data is embedded in 2 LSBs of these pixels. The 16 bits of the LSBs are earmarked for authentication purposes. Two bits of the LSBs are dedicated for distinguishing which compression method has been done. The rest of the LSBs (which are 110 bits) are reserved for recovery purposes including the first and backup recovery codes. After embedding the first copy with the help of reduced bit numbers, and considering texture of every block, there are still spaces for embedding the other copy for each block. It should be mentioned that, the type of the other copy is dependent on the first copy and how much capacity is still available for embedding more data. The total capacity in each block for embedding data is restricted to 128 bits to be able to have high quality watermarked image. The vacant capacity to embed the second copy can be calculated by considering the occupied capacity that has been used by the first copy. In this way one of the embedded copies will have better quality and the other one is more compressed in every block. Thus to efficiently use the remaining capacity of the block, there are four options as follows:

• First copy is 8 × 8 OIBTC compression, second copy should be four average pixels value of four 4 × 4 blocks.

• First copy is four 4 × 4 OIBTC compression, second copy should be an average pixels value of 8 × 8 block.

• First copy is an average pixels value of 8 × 8 block, second copy should be four 4 × 4 OIBTC compression.

• First copy is four average pixels value of four 4 × 4 blocks, second copy should be 8 × 8 OIBTC compression.

2.4 Detecting and Localizing Tampered Area

For detection of tampering and trace the location of tampered area, the image is divided into 8 × 8 blocks and the 2 LSBs of all pixels are replaced with zeros. For each of the blocks the information associated with the current block should be supplied into the hash function. Clearly all the 64 pixels which are inside the 8 × 8 block and the ordering numbers of them should be included in the hash function. The obtained authentication code from each block is compared with the amount of Hash function related to that block to recognize if the block is tampered. If this information is not identical it shows that the block has been tampered with. Since hash function is sensitive to even a one bit change of input, any modification will be detected for every block. If tampering is detected, extraction of the recovery code from destination blocks is required.

2.5 Recovery of Tampered Image

If a block is detected as tampered by comparing its authentication code with the content, it can be recovered by extracting the recovery information from the intact areas of the image. Recovery data include first and backup recovery data. As the probability of losing first recovery data related to a tampered block, there is a second opportunity to recover the tampered block with the assistance of the backup recovery data. In case of tampering, the addresses of destinations for the first recovery data and the backup recovery data can be calculated by the reverse of Arnold transformation with previous keys. Then the other authentication checks should be done to ensure that the blocks that contained the first and backup data are still intact. If both are intact in regard to the indicator bits, the copy which is more detailed will be chosen for obtaining better results. Otherwise any of the copies which is available and intact can be used. If both copies had been tampered with, the recovery of the block is done with the help of mean values of their obtainable undamaged neighbouring blocks. Through the above steps and decompression of the relevant tampered blocks pixels could be recovered. Then by combining the intact blocks and the recovered blocks the recovered image can be reconstructed.

3 Experimental Results

Performance evaluation of our proposed scheme has been conducted on the watermarked image quality and recovered image quality. The experiment has been conducted on some standard 512 × 512 images when tampering rates (t) were below 50% and the results are shown in Table 1. The watermarked image quality is more than 43 dB for all images. The quality of recovered images has been compared with the watermarked image quality with two standard quality measurements (The Structural SIMilarity (SSIM) and Peak Signal-to-Noise Ratio (PSNR)). Figures 1 2, 3 and 4 show the results of encoding. In these figures, three encoded images are presented to demonstrate that in the proposed hybrid method some useless data has been eliminated during preparation of data for the first copy in order to make room for embedding one more but different copy as backup recovery data. As it can clearly be seen in the figures, more textured blocks have more data to embed, but the dedicated capacity for a smooth block has been used by embedding one more complete backup copy related to another block. Smooth blocks in hybrid method encoded figures are shown white.

Table 1. Comparison the results of Proposed Hybrid Scheme with 4 × 4 OIBTC [8] and 8 × 8 OIBTC [8] in terms of SSIM and PSNR for different standard images when tampering rates are different (the minimum values are shown for all SSIMs and PSNRs)

Fig. 1.

(a) Pepper image, (b) OIBTC (4 × 4) encoded, (c) OIBTC (8 × 8) encoded, (d) Proposed Hybrid Scheme encoded for the first copy

Fig. 2.

(a) Lake Image, (b) OIBTC (4 × 4) encoded, (c) OIBTC (8 × 8) encoded, (d) Proposed Hybrid Scheme encoded for the first copy

Fig. 3.

(a) Lena image, (b) OIBTC (4 × 4) encoded, (c) OIBTC (8 × 8) encoded, (d) Proposed Hybrid Scheme encoded for the first copy

Fig. 4.

(a) Plane image, (b) OIBTC (4 × 4) encoded, (c) OIBTC (8 × 8) encoded, (d) Proposed Hybrid Scheme encoded for the first copy

Figures 5 and 6 show the results of tampering detection, localization and recovery by the proposed hybrid method. The 512 × 512 standard medical images are included in our figure results also since the proposed method can work on medical images as well. Figure 7 shows the results of watermarking on the original medical image and the results of recovery after tampering using the proposed method.

Fig. 5.

(a) Original image (b) Tampered image (tampering rate = 19%), (c) Detected tampering (d) Recovered image

Fig. 6.

(a) Original image (b) Tampered image (tampering rate = 25%), (c) Detected tampering (d) Recovered image

Fig. 7.

(a) Original image (b) Watermarked image (c) Tampered image (d) Recovered image

In the proposed hybrid method, two different copies of each block are available as the watermark data. While in 8 × 8 OIBTC method, according the amount of capacity of 2 LSBs and redundancy of data, at most one half of the blocks can have a second opportunity of another copy. In 4 × 4 OIBTC method, there is no second chance of having another copy. For this reason the method presented here could be more suitable for higher tampering rates since the probability of losing the first copy is higher. Furthermore, it can be more suitable for less textured images as presented in Table 1. Images which are more textured, e.g. Barbara and Mandril, the quality of recovered image is lower especially when tampering rate is low compared with using just OIBTC. It is demonstrated that for most images with different tampering rates the proposed hybrid method has better performance.

4 Conclusion

In this work, an image security scheme which can be applicable for sensitive medical images has been developed. This method not only provides excellent authentication detection, but also is able to recover the original image well, when it is necessary. To achieve this aim, an image is divided into set of pixel blocks, then watermarked data including authentication code and recovery codes is computed for each block. Authentication code for each block is 16 bits and is produced by a Hash function and should be hidden into the block itself. In order to authenticate an image, authentication code can be extracted and compared with the result of the hash function on the contents of the block. The OIBTC compression and the mean value are exploited for each block to generate recovery information. Another recovery code is available since there is a probability of losing one of the recovery codes as a result of tampering. Recovery codes are scrambled inside the image blocks to have better reconstruction of the image in case of tampering. The proposed method can embed two compressed copies of the image inside the image itself with high quality by applying two new ways; extracting different features depending on the types of blocks then reducing the number of needed bits for embedding as well. Experimental results demonstrate conclusively that this scheme can achieve superior performance for tampering detection, localization and recovery, especially when tampering rate is high. The proposed hybrid method uses block size of 8 × 8 for authentication code and block size of 4 × 4 or 8 × 8 for recovery code depending on the texture of the block. Although our proposed method showed good performance in recovery of image after high level of tampering, the accuracy of tamper localization could be improved further by considering adaptive block size for authentication code as well.