Medical image security and EPR hiding using Shamir's secret sharing scheme

The Journal of Systems and Software 84 (2011) 341–353

Contents lists available at ScienceDirect

The Journal of Systems and Software journal homepage: www.elsevier.com/locate/jss

Medical image security and EPR hiding using Shamir’s secret sharing scheme Mustafa Ulutas, Güzin Ulutas ∗ , Vasif V. Nabiyev Dept. of Computer Engineering, Karadeniz Technical University, 61080 Trabzon, Turkey

a r t i c l e

i n f o

Article history: Received 15 March 2010 Received in revised form 18 October 2010 Accepted 30 November 2010 Available online 8 December 2010 Keywords: Secret sharing Watermarking Steganography EPR

a b s t r a c t Medical applications such as telediagnosis require information exchange over insecure networks. Therefore, protection of the integrity and confidentiality of the medical images is an important issue. Another issue is to store electronic patient record (EPR) in the medical image by steganographic or watermarking techniques. Studies reported in the literature deal with some of these issues but not all of them are satisfied in a single method. A medical image is distributed among a number of clinicians in telediagnosis and each one of them has all the information about the patient’s medical condition. However, disclosing all the information about an important patient’s medical condition to each of the clinicians is a security issue. This paper proposes a (k, n) secret sharing scheme which shares medical images among a health team of n clinicians such that at least k of them must gather to reveal the medical image to diagnose. Shamir’s secret sharing scheme is used to address all of these security issues in one method. The proposed method can store longer EPR strings along with better authenticity and confidentiality properties while satisfying all the requirements as shown in the results. © 2010 Elsevier Inc. All rights reserved.

1. Introduction Processing and handling medical information by computers and sharing them over high-speed network infrastructure has become a common practice since wide deployment of low cost computing and networking hardware. Currently, medical text files and images are stored on disks of medical database systems for fast and reliable storage and retrieval. Besides, previously acquired images on films and written text are also digitized and archived for compatibility. Another motivation is to have complete medical information of patients available in one consistent application rather than on several information systems. Medical applications, such as telediagnosis, and teleconsultation require information exchange over an unsecure network. Protection of the integrity and confidentiality of medical images is an issue in the management of patients’ medical records. Confidentiality states that unauthorized parties should not be granted to access medical images during transmission. Integrity, on the other hand, implies that images should not be modified in any way during transmission. Researchers proposed watermarking techniques and reported findings in the literature to satisfy both integrity and confidentially requirements (Shih and Ta Wu, 2005; Woo et al., 2005; Zhou et al., 2001; Chao et al., 2002; Luo et al., 2003; Giakoumaki et al., 2003; Cheng et al., 2005; Acharya et al., 2004; Nayak et al., 2004;

∗ Corresponding author. Tel.: +90 533 2277990. E-mail addresses: [email protected] (M. Ulutas), [email protected] (G. Ulutas), [email protected] (V.V. Nabiyev). 0164-1212/$ – see front matter © 2010 Elsevier Inc. All rights reserved. doi:10.1016/j.jss.2010.11.928

Srinivasan et al., 2004; Anand and Niranjan, 1998; Coatrieux et al., 2006; Coatrieux et al., 2008; Osman et al., 2008; Acharya et al., 2003; Kallel et al., 2009; Memon et al., 2009) while hiding EPR in medical image to make it more usable. Both fragile and robust watermarking techniques are used for integrity control and EPR hiding. Shih and Ta Wu (2005) proposed a robust technique embedding the watermark or textual data around the Region of Interest (ROI) of a medical image based on genetic algorithms in 2005. They embed the signature image and the fragile watermark into the frequency domain of non-ROI part of a medical image. Woo et al. (2005) used a multiple watermarking method that consists of an annotation part and a fragile part. Encrypted EPR can be embedded in an annotation watermark and tampering can be detected using a fragile watermark. Their method also adopted hash-block-chaining watermarking approach in the fragile watermarking to improve security. Zhou et al. (2001) presented a method that attaches digital signature and EPR into the medical image. Their method uses LSB replacing technique to embed the signature. Chao et al. (2002) proposed a secure data hiding technique based on the bipolar multiple-base conversion to allow a variety of EPR data to be hidden within the same mark image. The mark image could be the mark of a hospital used to identify the origin of an EPR. Their technique allows separation and restoration of hidden data by authorized users. Luo et al. (2003) presented a lossless scheme for medical image processing. Their method provides relatively high data embedding rate and original image can be recovered distortion free. Giakoumaki et al. (2003) presented a wavelet based multiple watermarking approach. Their method addresses confidentiality protection and both origin and data authentication problems by

342

M. Ulutas et al. / The Journal of Systems and Software 84 (2011) 341–353

using three separate watermarks: a robust watermark containing the doctor’s digital signature for authentication, a caption watermark with patient’s personal data, and a fragile watermark for the purpose of data integrity control. Cheng et al. (2005) proposed a method for both record indexing and integrity protection of medical images. Hash result of the ROI is generated by Message Digest 5 (MD5) and embedded along with EPR into non-ROI parts of the medical image. Furthermore, their method is robust to some image processing attacks, cropping, sharpening, compression, and their combinations. Acharya et al. (2004) adapted watermarking for interleaving EPR with medical images during JPEG compression to reduce storage. Text files are encrypted using logarithmic technique and then interleaved in the frequency domain. Nayak et al.’s method is based on the use of Error Correcting Codes (ECC) for reliable and robust transmission and storage of medical images with concealed patient information. EPR is coded with ECC to make it more robust to noise introduced during transmission. Their method shows that, ECC will correct the errors introduced in EPR but there is a limit for error correction. Srinivasan et al. (2004) used Bit-Plane Complexity Segmentation (BPCS) Steganography to hide medical records in color cervical images. Anand and Niranjan (1998) used LSB technique in spatial domain. Text file is encrypted using a log function. Their technique is very simple and runs very fast which makes it suitable when immediate diagnosis is required. Coatrieux et al. (2006) focused on the complementary role of watermarking with respect to medical information security. Their work emphasized that watermarking enables a security layer at the information level providing authentication and traceability at the interface with security services in and between medical information systems. Coatrieux et al. (2008) emphasized that the ability to verify that the information belongs to the correct patient and is issued from the right source are major concerns. Their work combines an anonymized pivot number identifier with national patient identifiers to guarantee privacy and interoperability. Osman et al. (2008) proposed a novel approach to blind reversible data hiding based on integer wavelet transform in 2008. Encryption of EPR is done to provide additional security in their method. Acharya et al. (2003) adapted watermarking for interleaving patient information with medical images to reduce storage. The graphical signals are interleaved with the image. Their technique used error-correcting codes to enhance reliability of transmission and storage of medical images interleaved with patient information. Kallel et al. (2009) presented a project, which allows practitioners to use telecommunication technologies to provide early diagnosis. They proposed a reversible watermarking method used for integrity verification. They also evaluate medical image visual quality after watermark embedding. Memon et al. (2009) proposed a method to embed the watermark information in non-ROI. Encryption of the embedded data is also done to provide additional security using of Bose–Chaudhuri–Hocquengham (BCH) in their method. Hu et al. (2010) proposed a new e-health security architecture that is contract oriented instead of session oriented which exists in most of the literature. Proposed HPKI (Hybrid Public Key Infrastructure) can be constructed from existing cryptographic technologies where various relevant security standards, tools and products are available. In recent years, researchers used Steganography to hide EPR into medical image and used Cryptography to protect the confidentiality of the medical image (Srinivasan et al., 2004; Ho et al., 2004; Nayak et al., 2009; Li et al., 2005; Lou et al., 2009; Hu and Han, 2009). Lou et al. (2009) proposed a multiple-layer data hiding technique in spatial domain in 2009. Their work utilizes a reduced difference expansion method to embed the bit-stream in the least significant bits (LSBs) of the expanded differences. The original image

can be restored after extracting the hidden data from the stego image. Another method proposed by Hu and Han (2009) makes use of a pixel based scrambling scheme to distribute the digital medical image in a secure way in 2009. Their scheme uses scrambling key derived from chaotic attractors to provide a good cryptographic strength. Their work aimed to transform the medical image into noise like image to protect the confidentiality of the image. Secure storage and transmission is crucial in medical image security. However, recipient may copy and distribute patient’s data to others not eligible to access patient’s medical records. Disclosing information about a political leader’s or high ranking military officer’s health may cause undesirable effects and should be avoided at all costs as a government policy. Li et al. (2005) emphasized this issue in their work. Their work uses Image Adaptive Watermarking. The holder creates a broadcast image not suitable for diagnosis. Before the image can be used to diagnose an illness, a clinician must decode this image using his/her own watermark key. In their scheme, a trusted third party is in charge of the watermark key generation, distribution and update. Broadcast image looks like a medical image and has a low PSNR value. Their scheme distributes watermark keys to people in a multicast environment. In other words, one can sniff multicast messages, capture keys and view medical images. Their scheme does not consider hiding EPR in medical images. Techniques mentioned above are designed for different requirements. Lou et al. (2009) used Steganography to hide the EPR in the medical image. Integrity and confidentiality of the medical image is not evaluated by their work. Hu and Han (2009) used Cryptography to transform medical images into noise like form to protect them. However, noisy images may attract malicious user’s attention and EPR hiding is not considered. Li et al. (2005) provided a method to protect medical images against unauthorized release. However, broadcast images exhibit clues that they are medical images. EPR hiding is not taken into account in their scheme. In 2005, Ho et al. (2004) used fragile watermarking technique to authenticate the biomedical image. However, watermarked medical image has low PSNR values and EPR hiding is not considered. Nayak et al. (2009) proposed a method using reversible Steganography to hide EPR in medical images. Their method is not capable to prove the confidentiality and authenticity of the medical image. Besides, embedding capacity of their method is related to the number of pixels at the peak point of the medical image histogram. Each method outlined above satisfies a set of different security requirements (confidentiality, authenticity, EPR hiding) for medical image sharing. A method will be proposed to ensure the secrecy of a medical image, which satisfies the following requirements. (i) Electronic patient records should be hidden in medical images to reduce storage requirements and network bandwidth. (ii) Shared medical image should look like a natural image and should not attract eavesdroppers’ attention (confidentiality). (iii) A single person should not be allowed to diagnose political leaders or high-ranking military officers since it is not adequate to trust only one. (iv) Recipient could authenticate received images to make sure that they are not modified in any way during transmission (authenticity). The proposed secret medical image sharing method meets all four requirements listed above by using Shamir’s secret sharing scheme (Shamir, 1979). Shamir proposed a method to partition a secret among a number of participants in 1979. His scheme is called (k, n) secret sharing scheme in the literature. A secret is divided among n participants. Each participant gets a piece of secret called share. If any k or more shares gather, the secret is revealed. Any number of shares less than k cannot be used to reveal the secret.

M. Ulutas et al. / The Journal of Systems and Software 84 (2011) 341–353

Shamir’s secret sharing scheme uses a polynomial approach. The secret is assumed to be the constant term of the polynomial. Evaluation of the polynomial for unique values of x yields share values. In 2002, Thien and Lin (2002) adapted Shamir’s scheme in secret image sharing area. After this pioneer research, Lin and Tsai (2004) used Steganography to make shares look like natural images in 2004. Medical images are shared among n participants in this work. Holder selects n natural cover images. After selection, Shamir’s approach is used for partitioning the medical image into n noise like shares. EPR of the patient is also hidden in the shares at this step. Then Steganography is used to hide these shares into n natural cover images since noise like shares may draw eavesdroppers’ attention. Generated stego images look like cover images and do not attract attention since cover images are selected from natural images. Thus, images distributed to clinicians are not supposed do draw attention. If any k or more participants gather, the medical image can be revealed. In other words, at least k of the n clinicians must gather to evaluate the image and diagnose. It is assumed that at least k clinician is an adequate security measure to view the medical image to diagnose. Thus, a novel biomedical image sharing mechanism is proposed to satisfy all security requirements mentioned above. The method generates shares with EPR hidden and saves an extra access to the patients’ database. Shares look like natural images and do not draw attention which keeps them confidential. At least a group of k people should gather to reveal a patient’s medical image whose medical condition should be kept secret enforced by the government policy. In other words, participants do not have access to medical information unless they gather which reduces the probability of disclosure to unauthorized parties about patient’s medical condition. Moreover, the revealing algorithm has a mechanism to check shares and indicates if they are modified by a participant or corrupted during transmission and is not authentic. The outline of the paper is as follows. Some background information on Shamir’s secret sharing scheme is given in Section 2. Section 3 describes the details of the proposed scheme used for sharing medical images. Section 4 shows the experimental results of the proposed method. The conclusions are given in Section 5. 2. Review of shamir’s secret sharing scheme Shamir proposed (k, n) threshold mechanism also called secret sharing scheme based on polynomial interpolation in 1979 (Shamir, 1979). Dealer constructs n shares denoted by (S1 , S2 , · · · , Sn ), from a secret S. The dealer selects a large prime number p and a (k − 1) degree polynomial is constructed as in (1) to compute shares using the secret: F(x) = (S + a1 x + a2 x2 + · · · + ak−1 xk−1 )mod p

(1)

Coefficients of the polynomial (a1 , a2 , · · · , ak−1 ) are randomly selected from integers within the range [0, p). The dealer then computes shares as in (2): y1 = (1, F(1)), y2 = (2, F(2)), · · ·, yn = (1, F(n))

(2)

Each share is a pair of two integers satisfying xi = / 0. If any k of the n pairs gathers, involved participants can reconstruct polynomial F(x) using Lagrange’s interpolation technique. Therefore, all the coefficients of the polynomial are recovered. The constant term of the polynomial is the secret S. Any number of participants less than k cannot recover the secret at all. Therefore, Shamir’s secret sharing scheme is a perfect secret sharing scheme. A special case where k = 3 is given in Fig. 1. Three shares are required to reconstruct the secret in this case. The polynomial is a 2nd degree and the secret is the point where the line intersects with the y-axis. Namely, this point is (0, F(0)).

343

7; 22

25 20

1; 16

4; 16

8; 15

15 10

2; 5

5; 7

3; 5

6; 9

5 0

0

2

4

6

8

10

Fig. 1. An example of (3, 8) secret sharing scheme.

Each share is a point on the polynomial. Any three or more points determine the polynomial and hence the secret. Prime number p and secret S are selected as 31, 7 respectively in this example. Other coefficients of the polynomial (19, 21) are selected randomly in the range of [0,31) as in (3): f (x) = (7 + 19x + 21x2 )mod 31

(3)

The proposed method use Shamir’s method to share a medical image and corresponding EPR among n clinicians. In this way, none has all the information about the patient. Medical image will not be revealed rendering diagnosis impossible unless at least k or more clinicians gather. 3. The proposed sharing scheme Details of the proposed sharing scheme are given in this section. There are two sub procedures: partitioning and retrieving. Partitioning procedure consists of four phases. Initialization is the first phase and is used to determine unique x values for each participant. Thus, it eliminates the need to select unique x values and then distribute them over insecure networks. Medical image and EPR are partitioned into shares by sharing algorithm in the second phase. The length of the EPR that can be embedded into the cover images is dependent on the size and bit depth of the medical image. Since Shamir’s secret sharing method is employed, shares look like noisy images and may attract attention. The third phase makes use of Steganography with OPAP (Optimal Pixel Adjustment Process) to embed noise like share images into natural cover images selected by the dealer. Therefore, natural looking stego images do not draw attention during storage and transmission. The fourth phase of the partitioning procedure is the protecting phase and generates certificates for each participant. At least k or more out of n clinicians can reconstruct the medical image by using the retrieving procedure. Retrieving procedure consists of two sub phases called verification and reconstruction. Verification phase authenticates the integrity of the share images. After the verification phase, Lagrange’s interpolation technique is used by the reconstruction phase to recover the secret medical image. The details of the partitioning and retrieving procedures are given below. 3.1. Partitioning procedure Partitioning procedure consists of four sub phases; initialization, sharing, embedding and protecting phases. Each phase is explained with details in this section. 3.1.1. Initialization phase Shamir’s framework used in second phase necessitates some intercommunication between the dealer and participants as emphasized in Zhao et al. (2009). Dealer must choose a unique

344

M. Ulutas et al. / The Journal of Systems and Software 84 (2011) 341–353

x value for each participant before the sharing procedure. Thus, the method needs a secure channel between the holder and participants during the transmission of x values. Zhao et al. (2009) proposed a method for insecure channel between the dealer and participants in 2009. Participants choose their own secrets called secret shadows. Each participant only knows own secret shadow and do not gain any information about other participants’ secret shadow. Secret shadows are used indirectly by the dealer to generate x values. Thus, if the system provides the confidentiality of the secret shadows, it also ensures the confidentiality of the x values. Even if a malicious user gathers at least k share images, he must also have corresponding x values to reconstruct the secret image. Otherwise, Lagrange’s interpolation fails and the secret image cannot be revealed. Lagrange’s interpolation technique requires x values to interpolate the polynomial correctly but share images accommodate only F(x) values. Zhao’s method also ensures that, x values of each participant are unique and only known by the owner and the dealer. Unique x values during the sharing phase results in unique shares for each participant. Proposed method uses Zhao’s method for two reasons. The first reason is the ability to provide unique shares to participants. Secondly, random numbers selected by participants are transmitted to dealer but actual x values are not transmitted over the channel since both the dealer and participants can calculate them. In other words, one cannot recover the secret image by just accessing at least k share images. Lagrange’s interpolation would fail even if one accesses k shares but do not have x values corresponding to share images. Details of the initialization phase are given in the steps below. 1. The dealer D chooses two large prime numbers p and q and then computes N = pq where p≡ 3 mod4 and q ≡ 3 mod 4. 2. D chooses an integer g ∈ N 1/2 , N such that g is relatively prime to p and q and publishes {g, N}. 3. Each participant randomly chooses a si ∈ [2, N] as her/his own secret shadow and computes Ri = gsi mod N. 4. Each participant provides their own Ri to D. Dealer must ensure that Ri = / Rj for all participants. Once Ri = Rj , dealer should demand these participants to choose new secret shadows. 5. Dealer randomly chooses an integer s0 ∈ [2, N] such that s0 is relatively prime to (p − 1) and (q − 1). D computes R0 = gs0 mod N and publishes R0 . 6. D computes xi = Ris0 mod N, i = 1, 2, · · ·, N values for each participant. All participants choose a secret shadow, si and compute Ri value using own secret shadows as in step 3. The dealer assigns x values to each participant using Ri values in step 6. A participant can calculate x value assigned by the dealer, using own secret shadow and publicly known value R0 , xi = R0si mod N during the reconstruction procedure. Therefore, the algorithm may use insecure channels between the dealer and participants since x values are calculated separately by both parties and never transmitted over the channel. Dealer also guarantees to generate unique shares by using unique secret shadows for all participants as in step 4. Therefore, the initialization phase ensures • unique shares by using unique x values, • x values are calculated independently by both the dealer and participants before the sharing procedure. Thus an insecure channel between the dealer and participants is sufficient, • even if one gathers any k shares from the network, one can not recover the secret image unless corresponding x values for those shares are known.

3.1.2. Sharing phase Medical image and EPR of the patient are shared among participants in this phase. Natural looking shares assure the confidentiality of both medical image and EPR. The method has also built-in authentication ability since the medical image and EPR cannot be revealed even if any one of k shares is modified. Previous research reported in the literature deal with any one of these desired capabilities: confidentiality, integrity or EPR hiding whereas the proposed method satisfies all of these requirements using a secret sharing scheme. Medical image M of size W × H pixel and depth bbit 2b shades of gray  is assumed, M =  to represent  mi mi ∈ 0 − (2b − 1) , i = 1, 2, · · ·, W × H . All pixel values are transformed into base 251 notation since modulus p in the polynomial is set to 251. Medical image is processed one pixel at a time by the sharing algorithm. Let the value of current pixel in a medical image M be m i and EPR of the patient be E = ei ei ∈ [0, 251) , i = 1, 2, · · ·, L . It is assumed that EPR is a string of text (or bytes) of length L. Each element in EPR is an ASCII character. Each pixel of the medical image corresponds to one pixel in share images which results in same share size with the medical image. The (k − 1) degree polynomial in (4) is used to compute shared pixel values for medical image pixels mi . Each  pixel of the medical image

is converted into base 251 notation.

mi1 , mi2 , · · ·, m 

i log251 2b



denote a pixel mi of the medical image with b-bit depth. Two or more coefficients of the Shamir’s polynomial represent medical image pixel mi according to bit depth of the medical image. At least two coefficients of the polynomial are sufficient to represent either an 8-bit, 10-bit or 12-bit depth medical pixel. The number of coefficients required to represent a medical image of b-bit  depth is log251 2b . In other words, medical image’s pixel depth also determines threshold value k of the proposed method since k > log251 2b . Shamir’s polynomial is constructed as in (4) by the proposed method for a 12-bit depth medical image: F(x) = (mi1 + mi2 x + ei x2 + ei+1 x3 + · · · + ei+k−3 xk−1 ) mod 251

(4)

A pixel from the medical image and EPR are used as the coefficients (mi1 , mi2 , ei , ei+1 , · · · , ei+k−3 ) of the polynomial. Since a 12-bit depth medical image is assumed, first two coefficients of the polynomial are sufficient to code current medical pixel value. The algorithm evaluates the polynomial to generate n pairs of (xi , F(xi )) where F(xi ) is the brightness value of corresponding pixel at ith share and xi ’s are unique integers for participants determined in the initialization phase of the partitioning procedure. Each participant also calculates his own xi during the retrieving procedure. Thus, proposed method does not necessitate any secure transmission between the dealer and participants. All pixels of secret medical image as well as EPR byte stream are utilized to create the shares. In other words, shares carry both medical image and EPR. Share images look like random noise and thus draw attention of the malicious users. Confidentiality of the shares is realized by Steganography, which is used to embed shares into meaningful cover images as explained below.

3.1.3. Embedding phase Steganography is used to hide shares into natural looking cover images. The dealer should select n natural looking cover images of size 2W × 2H to hide a W × H secret image for a (k, n) secret sharing scheme. Share images are processed pixel by pixel during embedding. Let n share images be (SH1 , SH2 , · · · , SHn ). Pixel values for ith share

M. Ulutas et al. / The Journal of Systems and Software 84 (2011) 341–353

253

91

91

89

91

125

123

a

101

101

160

165

117

115

b

c 63

91

91

107

107

64

63

91

91

101

101

e

responding characters in EPR, “d”, “i”. Assume that xi s for each participant are determined in the initialization phase as in (10): X = {xi = i|i = 1, 2, · · ·, n}

d

63

f

g

Fig. 2. (a) Secret pixel (b)–(g) corresponding cover blocks exist in six cover images respectively.

image are defined as SH i =





shij j = 1, 2, · · ·, W × H, shij ∈ [0, 251)



345

(5)

Let the cover image used to hide ith share image be Ci . Share image pixel values are embedded into corresponding 2 × 2 pixel groups called cover blocks in cover image. Therefore, two LSBs of each pixel in the corresponding cover block is used to hide the shared pixel with eight bits. The proposed method makes use of OPAP to diminish the distortion of the cover images (Chan and Cheng, 2004). Let corresponding cover block for jth pixel in ith cover image, be Cji . Let four pixels of the corresponding cover block be (a, b, c, d) respectively. Proposed method hides shij into pixels (a, b, c, d) respectively by using OPAP (Chan and Cheng, 2004). The method first splits shij into two-bit streams and then embeds each stream in corresponding pixels to generate modified cover pixels as (a ,    embedding error for pixels in a cover block b , c , d ). Therefore, ıa , ıb , ıc , ıd , is determined by (6):

(10)

Sharing procedure evaluates F(xi ) as 208, 241, 228, 46, 74 and 189 for the first cover block of six shares respectively. Embedding procedure is then used to hide these values into corresponding cover blocks in natural looking cover images using OPAP. Even though embedding procedure is explained in detail for only the first cover block, other xi , values are processed in the same manner. Shared pixel value in the first share is 208 and binary representation of it is (11010000)2 . Two LSBs of the four pixels in the first cover block are changed to hide these eight bit values. After embedding procedure, new pixel values of the cover block (a , b , c , d ), become (91, 89, errors for these pixels in this cover  100, 100). Embedding block ıa , ıb , ıc , ıd , are determined as (0, −2, −1, −1). When the rules of OPAP given in (8) are used, new values of the cover block will be (91, 89, 100, 100). Thus, shared pixels containing information about secret pixel and EPR are embedded into four pixels in the cover block by decreasing the difference between the cover and stego image, which also enhances the visual quality of the shares. Remaining 5 characters of EPR ( ’ s ’ , ’ e ’ , ’ a ’ , ’ s ’ , ’ e ’ ), are encoded into three consecutive cover blocks of cover image.

OPAP modifies a to form the stego pixel a based on the three intervals as in (8):

3.1.4. Protecting phase The last phase of the partitioning procedure is used to provide share authentication. Dealer constructs certificates for all participants as in Lin et al. (2009) in order to identify modified share images. MD5, a well-known hash function with 128-bit output, is employed to determine the alterations on the share images. Share images combined with corresponding x values are input to the hash function. Protecting phase uses quadratic residues (QR) approach as in Lin et al. (2009). Selected prime value N in the initialization phase is also used in this phase. The mathematical background of QR is given in this section. A number a is a QR modulo n, if it is congruent to a perfect square. If there is an integer x such that x2 ≡ a (mod n) then a is a QR modulo n, otherwise a is a non-quadratic residue (NQR) modulo n. Extending from the above definition, there are four cases for a since N is the product of two primes p and q.

(22−1 < ıa < 22 ) ∧ (a ≥ 22 ) ⇒ a = a − 22 (22−1 < ıa < 22 ) ∧ ∼(a ≥ 22 ) ⇒ a = a (−22−1 ≤ ıa ≤ 22−1 ) ⇒ a = a (−22 < ıa < −22−1 ) ∧ (a < 256 − 22 ) ⇒ a = a + 22 (−22 < ıa < −22−1 ) ∧ ∼(a < 256 − 22 ) ⇒ a = a

Case 1. Case 2. Case 3. Case 4.

ıa = a − a, ıb = b − b, ıc = c  − c, ıd = d − d

(6)

Embedding error for pixel a can be further segmented into three intervals, such that 22−1 < ıa < 22 −22−1 ≤ ıa ≤ 22−1 −22 < ıa < −22−1

(7)

(8)

The new value of a will be a by using OPAP. Other pixels in the cover block are also modified as in the above procedure. Each pixel in the ith share image is embedded into the corresponding cover block at the ith cover image resulting natural looking stego images. Participating clinicians get stego images that contain embedded share information. Shared medical image is recovered for further processing or teleconsultation if any k or more clinicians gather their stego images. Example. Assume that (k, n) = (4, 6). Fig. 2(a) and (b)–(g) illustrates the pixel values of the secret medical image with 8-bit depth and six cover images respectively. One secret pixel and corresponding six cover blocks are given for illustration purposes. Let the small section given form the EPR be “disease”. We can construct the polynomial for the secret pixel value 253 as given in (9): F(x) = (1 + 2x + 100x2 + 105x3 ) mod 251

(9)

First two coefficients of the polynomial represent the secret pixel value, 253. The other two coefficients represent the cor-

a is a QR to both p and q. a is a QR to p, but a is an NQR to q. a is an NQR to p, but a is a QR to q. a is an NQR to both p and q.

Assume that QRp and NQRp denote a set of integers that are quadratic residues and non quadratic residues modulo p respectively. Four parameters (˛, ˇ, , ı) are used to make a number QR both p and q can be defined as the following (11): ˛ ∈ QRp ∩ QRq  ∈ NQRp ∩ QRq

ˇ ∈ QRp ∩ NQRq ı ∈ NQRp ∩ NQRq

(11)

A number a must be a QR to both p and q by multiplying corresponding parameter (˛, ˇ, , ı). If a is QR to both p and q, it is also QR to N. Steps of the protecting phase can be given as the following. (1) Dealer generatesfour modifiers (˛, ˇ, , ı), as in (11). Then, dealer publishes ˛−1 , ˇ−1 ,  −1 , ı−1 , N .





(2) Dealer computes hk = H ST k xk where k = 1, 2, · · · , n and H( · ) is MD5 hash function with 128-bit output.

346

M. Ulutas et al. / The Journal of Systems and Software 84 (2011) 341–353

(3) Dealer computes hk as in (12):

hk

⎧ ⎪ ⎨ hk × ˛, idk = 1 ∀hk ∈ QRp ∩ QRq

hk × ˇ, idk = 2 = ⎪ ⎩ hk × , idk = 3 hk × ı, idk = 4

(4)  Dealer

  1/2 hk

∀hk ∈ QRp ∩ NQRq ∀hk ∈ NQRp ∩ QRq ∀hk ∈ NQRp ∩ NQRq

constructs 

certificate,

(12)

a1i a2i L a7i a8i

b1i b2i Lb7i b8i

c1i c2i Lc7i c8i

d1i d 2i L d 7i d8i

Fig. 3. A stego block in ith share that consists of four pixel values.

Cert =

k

 mod N idk b where b denotes the bit depth of

the medical image. Certificate for each participant contain summary information about his share image and corresponding x value. Thus, participants can detect any alteration performed on share image by using his certificate during the retrieving procedure. Our method uses protection mechanism proposed by Lin et al. (2009). Other methods in secret image sharing use block based authentication mechanism. Each block on the share images contains authentication bits and must be authenticated during the retrieving procedure. Such an authentication mechanism raises time complexity problem for medical images with higher resolution. The proposed method realizes authentication overall image using certificates. 3.2. Retrieving procedure Retrieving procedure consists of two sub phases: verification and reconstruction. First phase is used to authenticate the share images. Certificates gathered by participants are used to test the integrity of the shares. The retrieving procedure is canceled if a modification on a share image is detected by the verification phase. Otherwise, reconstruction phase reveals the medical image and EPR. The details of these phases are explained below.

interpolate the polynomial. Coefficients of the polynomial determine secret medical image pixel value and EPR. The details of the algorithm are explained below. Participants should compute their xi value once at the beginning of the algorithm before dividing the stego images into stego blocks. Parameters determined in the initialization phase by both participants and the dealer are used to compute xi value of each participant. R0 that is broadcasted by the dealer and randomly chosen si by the participants during the initialization phase are used to compute xi values. Each participant computes his/her own xi as in (13): xi = R0si mod N

(13)

Value of xi will be used in the Lagrange’s interpolation to recover the secret medical image pixel values. After this step, each stego image is divided into sets of four pixel blocks called stego blocks to be used to retrieve hidden shared pixels, F(x1 ), F(x2 ), . . ., F(xk ). Assume that k stego image denoted by (ST1 , ST2 , · · · , STk ) are used to reconstruct the medical image. Corresponding stego blocks from k stego images are used to retrieve the relative secret pixel in the reconstructed secret medical image. A stego block in ith stego image is shown in Fig. 3. Let four pixel values in in ith stego block denoted by (ai , bi , ci , di ). Pixel values are used to determine F(xi ) value that has been embedded in this stego block during the embedding procedure using OPAP by the dealer. (14) is used to extract the F(xi ) value from the current stego block: F(xi ) = (ai mod 4) · 64 + (bi mod 4) · 16 + (c i mod 4) · 4 + (di mod 4)

3.2.1. Verification phase Participants can verify stego images for integrity using their own certificates. Certificate contains summary information about the secret image and corresponding x value. Reconstruction phase starts upon verification of all k stego images. Verification phase applied by the retrieving procedure is given below: (1) Extract idk and b from certificate. (2) Determine k from (˛−1 , ˇ−1 ,  −1 , ı−1 ) according to idk . 1/2

2

(3) Compute hk = ((hk ) mod N) . (4) Compute hˆ k = hk × k mod N.



ST k



xk and compare with hˆ k . Stego image is

(5) Compute H authenticated if they are the same and assumed modified otherwise. Verification phase performs share authentication using certificates before the reconstruction phase. Reconstructed secret image would have some erroneous pixels if such an authentication mechanism were not used in the proposed method. Even though erroneous pixels on the reconstructed secret image cannot be perceived by the human visual system, it may interfere the diagnosis. Using a formal method for share authentication overcomes such problems. 3.2.2. Reconstruction phase Participating clinicians gather their stego images in the reconstruction phase to reconstruct the medical image. Any k of them will be sufficient to reconstruct the medical image. Since x, F(x) pairs are embedded into 4 pixel blocks in stego images, corresponding stego blocks from k stego images denote ((x1 , F(x1 )), (x2 , F(x2 )), . . ., (xk , F(xk ))) pairs. These pairs are used by Lagrange’s technique to

(14) Other stego blocks from the remaining stego images are also used in the same manner to extract corresponding F(x1 ), F(x2 ), . . ., F(xk ) values. Values of corresponding xi s have also been computed from (13). Then, Lagrange’s interpolation formula is used to interpolate coefficients of the polynomial from ((x1 , F(x1 )), (x2 , F(x2 )), . . ., (xk , F(xk ))) pairs  obtained from stego blocks. Let first y = log251 2b terms of the interpolated polynomial be s1 , . . ., sy . Corresponding secret pixel value, mi , is calculated as in (15) using the coefficients of the polynomial: mi = (s1 · 251y−1 + s2 · 251y−2 . . . + sy )

(15)

Participants extract the value of b from the certificate during verification phase. The rest of the coefficients of the polynomial are utilized to encode consecutive EPR characters. Each coefficient of the interpolated polynomial corresponds to an ASCII character code. The revealing procedure is repeated until all stego blocks from k stego images are processed. Steps mentioned above are applied to all corresponding cover blocks from k stego images. Both medical image and related EPR is recovered from k stego images of participating clinicians at the end of the reconstruction phase. Lagrange’s interpolation cannot be used to interpolate correct coefficients of the polynomial unless all stego blocks of the k shares are authentic and not modified in any way during transmission on the Internet or storage. Thus, it is easy for clinicians to perceive any alteration performed on the stego images. 4. Discussion and experimental results Results of the tests performed to demonstrate the feasibility of the proposed scheme are reported in this section. The method out-

M. Ulutas et al. / The Journal of Systems and Software 84 (2011) 341–353

347

Fig. 4. (a) Secret medical image; (b) electronic patient record about the patient.

lined in this paper is tested by coding the algorithm in MATLAB 7.0 running on Windows XP Professional. Experiments performed on a Intel T5500 dual core processor with 2 GB of dual channel DDR2 memory equipped notebook computer. A 12-bit depth gray level MR (magnetic resonance) image of size 256 × 256 shown in Fig. 4(a) is used as a test image and corresponding EPR of the patient is given in Fig. 4(b). A (3, 4) threshold secret image sharing scheme is used to generate natural looking shares to be distributed to four clinicians. They can retrieve the medical image if any three (or more) of the four clinicians gather for consultation. Any number of clinicians less than three cannot recover the medical image or EPR of the patient which renders the required secrecy in case of a patient whose medical condition has an importance on government policy. Shamir’s scheme ensures that, at least three clinicians must gather to reconstruct patient’s shared medical records. Four natural looking cover images are selected in order not to attract eavesdroppers’ attention during transmission. Thus, it is not possible for anybody who gains access to shares to suspect that hidden information is embedded. Hu et al.’s scheme proposed in 2009 generates a noisy image from medical images by means of a scrambling algorithm. High entropy, noise like images is an indication of encryption and draw attention of the malicious users. The proposed method uses Steganography to hide noise like shares into meaningful, natural looking cover images that do not draw attention. Thus the risk factor that exists in Hu et al.’ method is eliminated in the proposed method. The sharing and embedding algorithm as explained in the previous section generates four share images. Shares contain both the secret medical image and EPR of the patient. Both medical image and share’s size are the same. Shares generated by the sharing algorithm are given in Fig. 5. Embedding procedure hides the share images into cover images. OPAP is used to limit the modification of the cover images (Chan and Cheng, 2004). Each pixel of a share is embedded into a block of size 2 × 2 in the corresponding cover image. Therefore, cover images must be 2N × 2 M for medical image of size N × M. Eight bit gray level, 512 × 512 ‘window’, ‘house’, ‘lighthouse’ and ‘parrots’ are selected as natural looking cover images as given in Fig. 6. Stego images are created by hiding the share images into cover images. The criterion for the visual quality of the stego images is the peak-to-signal-noise-ratio (PSNR) and is defined as 2

PSNR = 10 log10

(2b − 1) dB MSE

(16)

where MSE is the mean squared error between cover and stego image. MSE is defined as 1  (cij − sij )2 4MN 2M 2N

MSE =

(17)

i=1 j=1

where cij and sij denote the cover and stego pixel values, respectively. Fig. 7 shows the stego images with their PSNR values. Computed average PSNR for stego images is 46.3 dB approximately. Since, last two bits are used during the embedding procedure; each pixel of stego images holds two bits of shared information. Average PSNR of stego images drops to 44.1 dB approximately, if traditional LSB coding scheme is used which proves the effectiveness of OPAP in increasing the PSNR value. Stego images generated by the proposed method to distribute among four clinicians are given in Fig. 7. Even though each has a share, none of the clinicians has all the information about the patient. Hu et al.’s method uses scrambling function to hide the medical image from the malicious eyes. Scrambling function generates noisy images. Transmission of noise like images may attract the attention of the malicious users. Proposed method uses Steganography to hide noise like shares into cover images and neither medical image nor EPR can be reconstructed even if any one of the stego images are slightly modified during transmission. On the other hand, even if n–k shares become corrupt unintentionally, it is still possible to reconstruct the secret image and EPR. Hu et al.’s method does not consider EPR at all. During the revealing procedure, proposed method uses Lagrange’s interpolation technique to recover both the medical image and EPR. Medical image and EPR of the patient are recovered if at least three of the n clinicians gather. Upon recovery, specialists examine medical information for consultation. Any three of the stego images given in Fig. 7 can be used to reconstruct both EPR and medical image without distortion. Fig. 8(a) and (b) shows reconstructed medical image and EPR respectively after revealing procedure. Number of EPR characters that can be embedded successfully by a secret sharing scheme is a function of three factors. The first factor is the threshold value k. The size of the secret medical image is the second factor. The last factor is the bit depth of the medical image. Number of characters (NOC) an EPR can have is determined by these factors. NOC for a medical image of size N × M is NOC =

 (NM)  k − log251 2b k

(18)

Since the experiment is performed for a (3, 4) scheme and a 12bit depth 256 × 256 MR image is considered, the proposed method

348

M. Ulutas et al. / The Journal of Systems and Software 84 (2011) 341–353

Fig. 5. (a)–(d) Four share image that look like noise images obtained from sharing procedure.

codes each 12-bit pixel of the image into first two coefficients of the Shamir’s polynomial. Other coefficient is used to code a single character of EPR since a second degree polynomial is used. In this regard NOC is computed to be 21,845 for a 12-bit medical image of size 256 × 256. Nayak et al.’s work proposed in 2009 suggests the reversible Steganography to embed the EPR into medical image. However, their scheme uses reversible Steganography to embed the EPR information into cover image (Nayak et al., 2009). The number of bits that can be embedded into medical image is equal to the number of pixels, which is associated with the peak point. Number of pixels that can be used to embed the EPR is 116,081. In other words, Nayak et al.’s method can hide a maximum 14,510 bytes into the same size medical image. The proposed method can hide longer EPR strings compared to Nayak et al.’s method. Lou et al.’s method uses multiple layer data hiding to embed the EPR with Steganography. Their embedding capacity for the first layer is approximately 14,863 bytes (Lou et al., 2009). Proposed method has higher embedding capacity compared with other methods as depicted. Wide varieties of formats concerning modality are used to represent medical images. A two-dimensional (2D) medical image has a size of M × N × b bits consists of M pixels in the height and N pixels in the width (Castelli and Bergman, 2002). It can be used to display 2b shades of gray. Table 1 lists the average image size in megabytes per examination generated by medical imaging technologies (Wong and Huang, 1997; Castelli and Bergman, 2002). A 12-bit image is represented by 2 bytes in memory. Modality of the medical image determines the size of an image and the number of consecutive images taken in one patient examination. One exam-

ination (about 40 image slices) of X-ray CT with uniform image slice size of 512 × 512 × 12 bits is around 20 MB whereas a digital mammography image usually generates 32 MB of data. Another important property of medical images is the higher dimensionality, such as 3D or 4D (Rahman et al., 2004). In a typical examination, image acquisition device (CT or MRI machine) generates about 20–200 images corresponding to a series of cross-sectional slices through the patient’s body. Higher dimensional medical images are often reorganized as collections of these 2D slices, where the added dimensions may be thickness of slices, time line or the same body part imaged with different modalities (Robb, 1999). Effect of the bit depth and resolution on the run time is analyzed respectively below. Bit depth of the medical image does not affect run time of the retrieving procedure. Bit depth determines the lower  bound of the threshold value k the dealer can choose as k > log251 2b . However, bit depth affects the total number of characters that can be embedded into stego images as can be seen in (18). Medical images of 8, 10 and 12-bit depth require two coefficients of Shamir’s polynomial. The remaining k − 2 coefficients of the polynomial are used to code EPR characters. Likewise, 16-bit depth medical images require three coefficients of the polynomial and threshold value of k must be greater than 3. Higher bit depth necessitates increased number of coefficients in Shamir’s polynomial to code the secret pixel value (2 coefficients for 8, 10, or 12 and 3 for 16-bit images). As a result, fewer coefficients can be used to accommodate EPR as bit depth of the medical  image is increased. A new  metric, embed ding capacity per pixel ecpp = NOC/NM = 1 − log251 2b /k , is derived from (18) to show the effect of the bit depth. For constant

M. Ulutas et al. / The Journal of Systems and Software 84 (2011) 341–353

349

Fig. 6. Used cover images with the size of 512 × 512 during the experiments.

k, embedding capacity per pixel decreases as the bit depth of image is increased. For example, ecpp is 1 − (2/k) for 8, 10 or 12 bit medical images whereas it is reduced to 1 − (3/k) for 16 bit medical images. The effect of image resolution on the run time are also tested on different medical imaging modalities; a 12-bit 256 × 256 MR image, a 12-bit 512 × 512 Computerized Tomography (CT) image, a 12 bit 1024 × 1024 Fluoroscopy image, a 12-bit 2048 × 2048 Computerized Radiography (CR) and a 12-bit 4096 × 4096 Mammography image. Test images are downloaded from the Internet and represent a good collection of different modalities as can be seen in Fig. 9 (Barre, 1999; Heath et al., 2001). The run time of all resolutions is plotted for distinct k values (k = {2, 3, 4}) as in Fig. 10 and a linear proportional characteristic is visible from the graph. Experiments indicate that run time of the retrieving procedure is approximately

proportional to image resolution. 12 bit high dynamic range medical images are used (in Fig. 9) since bit depth has no effect on the run time as explained above. Increased run time is observed for larger values of k for the same image since the number of coefficients to be solved by the Lagrange’s interpolation formula is dependent on k. For example, the retrieving procedure run for about 45.6 s for 12 bit 2048 × 2048 pixel CR image and a threshold value k = 3 and about 36.8 s for k = 2 for the same image as illustrated in Fig. 10. Testing the authentication capability of the proposed method is the last experiment in this section. Watermarking medical images is generally preferred in the literature to guarantee the remote handling security. It allows permanent association of image content with proofs of its reliability by modifying the image pixel

Table 1 Medical image dimensions and bit depth for various image modalities. Modality

Image dimension (pixels)

Gray level (bits)

Avg. size/exam (Mbytes)

Nuclear medicine (PET, SPECT) Magnetic resonance imaging Ultrasound Computed Tomography Spiral or helical CT Digitized electronic microscopy Digitized color microscopy Digital subtraction angiography (per run) Digitized X-rays Computed radiography Digitized mammography

128 × 128 256 × 256 512 × 512 512 × 512 512 × 512 512 × 512 512 × 512 512 × 512 or 1024 × 1024 2048 × 2048 2048 × 2048 4096 × 4096

12 12 8 12 12 8 24 8 12 12 12

1–2 8–20 5–10 20–40 80–160 Varies Varies 100–500 8 8 128 (4 images)

350

M. Ulutas et al. / The Journal of Systems and Software 84 (2011) 341–353

Fig. 7. Obtained stego images from embedding proecedure with PSNR values.

values. Ho et al. (2004) used fragile watermarks for authentication purposes in 2005. Fragile watermarking ensures content authentication of medical images. However, their method generates medical image whose PSNR value is approximately 40 dB with watermark information. That is to say, distortion on the medical

image after revealing the watermark is consistent. Besides, their work does not consider EPR. The transmission of medical images over the Internet after embedding procedure risks the confidentiality of the medical image. The proposed method ensures the authentication of the biomedical images with two factors. Nature

Fig. 8. (a) Reconstructed secret image with no distortion. (b) Extracted EPR information.

M. Ulutas et al. / The Journal of Systems and Software 84 (2011) 341–353

351

Fig. 9. Medical images with different modalities (a) 256 × 256 MR image with 12 bit; (b) 512 × 512 CT image with 12 bit; (c) 1024 × 1024 Fluoroscopy image with 12 bit; (d) 2048 × 2048 CR image with 12 bit; (e) 4096 × 4096 Mammography image with 12 bit.

352

M. Ulutas et al. / The Journal of Systems and Software 84 (2011) 341–353

Fig. 10. Running time versus image resolutions.

Fig. 11. (a) Modified share image; (b) reconstructed secret medical image with corrupted region.

of the Shamir’s approach (Shamir, 1979) and certificates that contains summary information about the stego images are the factors that provide authentication ability to the proposed method. First factor ensures that Lagrange’s interpolation formula yields incorrect coefficients and causes the participants to perceive the distortion if any share is modified. This property can be used to authenticate the shares. Fig. 11(a) and (b) shows a partially modified share and corresponding reconstructed image where modified areas are easy to identify. Noisy regions of the reconstructed image designate areas modified (or corrupted) during its transmission over the Internet. Proposed method does not need to embed a fragile watermark into medical images to ensure the authentication ability. Second factor is the use of certificates to ensure the stego image’s integrity. In the verification phase, each participant computes a hash value with own stego image and xk . Dealer has also calculated summary information about this stego image with related xk using same hash function and embedded it into corresponding certificate during the protecting phase. Therefore, stego images are assumed authentic if the hash value computed by the participant is equal to the value extracted from the certificate. The dealer uses xk values with corresponding stego images during the protecting phase. Value of xk is known only by the dealer and related partici-

pant. One cannot construct a fake stego block with a fake certificate since he/she does not know related xk value. 5. Conclusion This paper presents a method that provides medical image sharing among clinicians based on Shamir’s secret sharing scheme. The method prevents unintentional disclosure of medical information to those who are not allowed to access it. N clinicians share medical image and corresponding EPR information. Each clinician gets a natural looking stego image. Medical image and EPR can be recovered if any k of n gather, Thus before consultation, none of them has information about the patient whose medical condition might be important on the government policy. Besides, the proposed method provides EPR hiding, confidentiality and authenticity together. Research reported by others in the literature generally deal with one of them. Polynomial coefficients used in Shamir’s secret sharing scheme provide us to hide the EPR information and medical image together. Embedding capacity for EPR record is higher than other methods in the literature. On the other hand, reconstructed medical image has no distortion. Share images transmitted over the Internet looks like natural image by using Steganography. Furthermore, it employs OPAP to improve

M. Ulutas et al. / The Journal of Systems and Software 84 (2011) 341–353

the PSNR of shares. Reconstructed image contains removed regions that correspond to modified regions if any of the shares is corrupted during the transmission. Therefore, our method ensures the authenticity of the medical image. A medical image sharing scheme to provide privacy, confidentially and authenticity, overlooked by many, is proposed in this paper. The proposed method emphasizes and provides three desired capabilities together: confidentiality, authenticity and EPR hiding. Acknowledgements This research was supported by the Research Fund of Karadeniz Technical University (Project No. 2008.112.009. 1). The authors would like to thank the reviewers for their valuable comments. References Acharya, R.U., Bhat, P.S., Kumar, S., Min, L.C., 2003. Transmission and storage of medical images with patient information. Computers in Biology and Medicine 33, 303–310. Acharya, R., Niranjan, U.C., Iyengar, S.S., Kannathal, N., Min, L.C., 2004. Simultaneous storage of patient information with medical images in the frequency domain. Computer Methods and Programs in Biomedicine 76, 13–19. Anand, D., Niranjan, U.C., 1998. Watermarking medical images with patient information. In: Proceedings of Int. Conf. IEEE-EMBS , pp. 703–706. Barre, S., 1999. Available at: http://www.barre.nom.fr/medical/samples/. Castelli, V., Bergman, L.D., 2002. Image Databases. John Wiley and Sons, p. 84. Chan, C.-K., Cheng, L.M., 2004. Hiding data in images by simple LSB substitution. Pattern Recognition 37, 469–474. Chao, H-.M., Hsu, C-.M., Miaou, S-.G., 2002. A data-hiding technique with authentication, integration, and confidentiality for electronic patient records. IEEE Transactions on Information Technology in Biomedicine 6 (1), 46–53. Cheng, S., Wu, Q., Castleman, K.R., 2005. Non-ubiquitous digital watermarking for record indexing and integrity protection of medical images. In: Proceedings of ICIP, vol. 2 , pp. 1062–1065. Coatrieux, C.G., Lecornu, L., Roux, Ch., Sankur, B., 2006. A review of image watermarking applications in healthcare. In: Proceedings of IEEE Int. Conference on Engineering in Medicine and Biology, vol. 1 , pp. 4691–4694. Coatrieux, G., Quantin, C., Montagner, J., Fassa, M., Allaert, F.-A., Roux, C., 2008. Watermarking medical images with anonymous patient identification to verify authenticity. Studies in Health Technology and Informatics 136, 667– 672. Giakoumaki, A., Pavlopoulos, S., Koutsouris, D., 2003. A medical image watermarking scheme based on wavelet transform. In: Proceedings of 25th Annual Int. Conf. of the IEEE EMBS, vol. 1 , pp. 856–859. Heath, M., Bowyer, K., Kopans, D., Moore, R., Kegelmeyer, W.P., 2001. In: Yaffe, M.J. (Ed.), Proceedings of the Fifth International Workshop on Digital Mammography. Medical Physics Publishing, pp. 212–218. Ho, A.T.S., Zhu, X., Shen, J., 2004. Authentication of biomedical images based on zero location watermarking. In: Proceedings of Control, Automation, Robotics and Vision Conference, vol. 2 , pp. 973–976. Hu, J., Han, F., 2009. A pixel based scrambling scheme for digital medical images protection. Journal of Network and Computer Applications 32, 788–794. Hu, J., Chen, H.-H., Hou, T.-W., 2010. A hybrid public key infrastructure solution for HIPAA privacy/security regulations. Computer Standards & Interfaces 32, 274–280. Kallel, I.F., Bouhlel, M.S., Lapayre, J.-C., Garcia, E., 2009. Control of dermatology image integrity using reversible watermarking. International Journal of Imaging Systems and Technology 19 (1), 5–9. Li, M., Poovendran, R., Narayanan, S., 2005. Protecting patient privacy against unauthorized release of medical images in a group communication environment. Computerized Medical Imaging and Graphics 29, 367–383. Lin, C.-C., Tsai, W.-H., 2004. Secret image sharing with steganography and authentication. Journal of Systems and Software 73 (3), 405–414. Lin, P.-Y., Lee, J.-S., Chang, C.-C., 2009. Distortion-free secret image sharing mechanism using modulus operator. Pattern Recognition 42, 886–895.

353

Lou, D.-C., Hu, M.-C., Liu, J.-L., 2009. Multiple layer data hiding scheme for medical images. Computer Standards and Interfaces 31, 329–335. Luo, X, Cheng, Q., Tan, J., 2003. A lossless data embedding scheme for medical images in application of e-diagnosis. In: Proceedings of 25th Annual Int. Conf. of the IEEE EMBS, vol. 1 , pp. 852–855. Memon, N.A., Gilani, S.A.M., Ali, A., 2009. Watermarking of chest ct scan medical images for content authentication. In: Proceedings of International Conference on Information and Communication Technologies , pp. 175–180. Nayak, J., Bhat, P.S., Kumar, M.S., Acharya, R., 2004. Reliable transmission and storage of medical images with patient information using error control codes. In: Proceedings of IEEE INDICON , pp. 147–150. Nayak, J., Bhat, P.S., Rajendra Acharya, U., Sathish Kumar, M., 2009. Efficient storage and transmission of digital fundus images with patient information using reversible watermarking technique and error control codes. Journal of Medical Systems 33, 163–171. Osman, N.A.A., Ibrahim, F., Abas, W.A.B.W., Rahman, H.S.A., Ting, H.-N., 2008. A novel technique for EPR hiding in medical images for telemedicine. In: Proceedings of International Conference on Biomedical Engineering, vol. 21 , pp. 703–706. Rahman, M., Wang, T., Desai, B.C., 2004. Medical image retrieval and registration: towards computer assisted diagnostic approach. In: Proceedings of IDEAS Workshop on Medical Information Systems , pp. 78–89. Robb, R.A., December 1999. Biomedical Imaging, Visualization, and Analysis. WileyLiss. Shamir, A., 1979. How to share a secret. Communications of ACM 22 (11), 612–613. Shih, F.Y., Ta Wu, Y-., 2005. Robust watermarking and compression for medical images based on genetic algorithms. Journal of Information Sciences 175 (3), 200–216. Srinivasan, Y., Nutter, B., Mitra, S., Phillips, B., Ferris, D., 2004. Secure transmission of medical records using high capacity steganography. In: Proceedings of 17th IEEE Symposium on Computer Based Medical Systems , pp. 122–212. Thien, C.-C., Lin, J.-C., 2002. Secret image sharing. Computers and Graphics 26, 765–770. Wong, S.T.C., Huang, H.K., 1997. Networked multimedia for medical imaging. IEEE Multimedia 4 (2), 24–35. Woo, C.-S., Du, J., Pham, B., 2005. Multiple watermark method for privacy control and tamper detection in medical images. In: Proceedings of APRS Workshop on Digital Image Computing , Australia, pp. 59–64. Zhao, R., Zhao, J.-J., Dai, F., Zhao, F.-q., 2009. A new secret image sharing scheme to identify cheaters. Computer Standards & Interfaces 31, 252–257. Zhou, X.Q., Huang, H.K., Lou, S.L., 2001. Authenticity and integrity of digital mammography images. IEEE Transaction on Medical Imaging 20 (8), 784–791. Guzin Ulutas got her BSc and MSc in Computer Engineering at Karadeniz Technical University in 2002 and 2004 respectively. She worked as a research assistant in the Department of Computer Engineering at Ondokuz Mayis University from 2005 to 2009. She is pursuing a PhD degree in Computer Engineering Department at Karadeniz Technical University under the supervision of Dr. Vasif Nabiyev since 2007 where she became a lecturer in 2009. Her main research interests are steganography and secret image sharing. Mustafa Ulutas got her BSc in EE at Karadeniz Technical University in 1985. He earned both his MSc and PhD degrees in EE at Texas Tech University in 1991 and 1994 respectively. He joined the Department of Computer Engineering at Karadeniz Technical University as an assistant professor from 1994 to 2002. He then joined Ondokuz Mayis University where served as the chairman of the Computer Engineering Department until he moved back to the Department of Computer Engineering at Karadeniz Technical University in 2009. He is interested in computer hardware as well as information security. Vasif V. Nabiyev received BSc. and MSc. degrees in the Faculty of Computing Technologies and Informatics from St. Petersburg Electrotechnical University in 1985, and a Ph.D. degree in the Department of Computer Science from Moscow Technical University in 1990. Then, in 2005, he received Professor degree in Computer Science Department from Karadeniz Technical University, Turkey, where he still lectures. He is currently the chairman of Department of Computer Engineering in Karadeniz Technical University. His research interests are in artificial intelligence, biometry, security, humancomputer interaction, image processing, natural language processing, operational research, discrete and applied mathematics, combinatorial algorithms, game theory, logic programming. He has published over 70 research papers, and authored three textbooks titled “Artificial Intelligence: Problems, Methods and Algorithms” (1st ed. 2003, 2nd ed. 2005, 3th ed. 2010), “Introduction of Algorithms” (2007) and, “Combinatorial Algorithms” (2007).