1. Introduction
With the emergence of technology in all scopes and sectors, high-tech machines are widely used in medical centers to generate digital medical images. X-rays, MRIs, and CT scans are examples of different types of medical images. Physicians need such images for diagnosing many types of illnesses. These images are stored and need to be shared through several means, one of them being via the Internet. When sharing images over the Internet their privacy will be under threat of malicious attacks. Thus, encryption of medical images has become a vital scope for research and application.
Researchers have been highly motivated by the importance of the preservation of privacy for medical images, in addition to the massive generation of such images in most medical centers. In addition to the physical medical centers, medical applications and solutions have been widely used to connect patients and doctors with different specialties, in order to require and gain a fast diagnosis. Patients cannot use such applications without being comfortable that their information privacy has been preserved [
1].
According to research databases, encryption algorithms have been proposed since the middle of the twentieth century. Image encryption on the other hand has started to evolve and tackle in the nineteens of it. Starting from 1998, research started to tackle the problem of how to secure medical images and preserve their privacy [
2,
3,
4]. A considerable encryption scheme has to provide a secured data sharing method for patients’ records, ensuring both confidentiality and integrity. It also should avoid changing medical images and stand robust against cybersecurity attacks [
5] and the darkNets [
6].
In this paper, we propose an efficient approach to address the privacy-preserving and ensure the security requirements of the medical images communicated between medical laboratories and doctors’ accounts. We call this approach MID-Crypt. Specifically, the main contributions of this work can be summarized as follows:
We propose a new hybrid cryptographic algorithm, MID-Crypt, that makes use of the ECDH for image masking and the updatable AES for image encryption.
We present an inclusive crypto-architecture for MID-Crypt comprising modules for: key management module, medical image encryption module, Data Integrity module, Digital Signature module, and medical image decryption module.
We provide a performance evaluation and benchmarking comparison results using standard key performance indicators: PSNR, entropy, and computational overhead. We also show the superiority of MID-Crypt over other state-of-art approaches.
The rest of this paper is organized as follows:
Section 2 surveys some of the up-to-date solutions reported in the literature.
Section 3 describes the proposed crypto-algorithm architecture along with each subsystem (module).
Section 4 provides the performance evaluation environment, results, discussion, and comparison. Finally,
Section 5 concludes the paper.
2. Related Work
In the last decade, the medical image encryption issue has been addressed and researched extensively in the preceding state-of-the-art research work. Several approaches have been applied to encrypt medical images and provide privacy-preserving for patients’ records. In this section, we survey a number of recent related works in the field of medical image encryption. For instance, researchers of [
7] presented two crypto-based algorithms for encrypting DICOM images. Robust cryptographic functions have been used, including hash codes and symmetric keys. The whirlpool hash function is employed with the Advanced Encryption Standard-Galois counter mode to give confidentiality and authenticity. Nevertheless, their algorithms are time-consuming since both algorithms’ encryption processes took nearly 811 and 484 s, respectively. Also, Chen and Hu [
8] have proposed an adaptive encryption algorithm for medical images based on the enhanced chaotic mapping. They have used Logistic sine chaos mapping to scramble the original image. Then the resulting image is divided into sub-blocks and then each of these sub-blocks is encrypted using the hyper-chaotic system. Later in 2018, Ismail et al. [
9] have also worked on logistic mapping, by proposing a double-humbled logistic map that is used to generate a pseudorandom number key. They have claimed that this approach should enhance the control of the chaotic range of the map. Similarly, a simple chaotic system has been proposed by Liu et al. in the same year [
10]. In their system, they used hyperbolic sine to provide nonlinearity. The performance of the system has been enhanced by the usage of decorrelation operation. It has been proved that the medical images that were encrypted using this system needed only one round to be encrypted effectively. Also, in 2019, Kumar et al. [
11] have also used the chaotic maps. Their proposed scheme was to apply the coefficients of the fractional discrete cosine transform on the medical image, then apply the chaotic maps on these coefficients.
Apart from using chaotic mapping, Laiphrakpam and Khumanthem [
12] have proposed an encryption algorithm for medical images based on the state-of-the-art algorithm ElGamal. They have removed the part of encoding the image into Elliptic curve coordinates and found that their technique has resulted in a strong cipher image in a considerably less executable time. As for Cao et al. [
13] they have proposed an encryption algorithm based on deriving the edge maps from the plain image. Starting with the decomposition of the bit-plane, then generating of random sequence, and finally applying permutation. They have argued that their cryptosystem has provided flexibility in the image type, the bit-plane decomposition approach, and the usage of several permutation methods. The system keys are generated using the plain image, edge detector, and the arguments of the scrambling algorithm. This made their system secure against bruit-force attacks. In the same context, Hua et al. [
14], proposed an encryption scheme based on scrambling the pixels of the plain medical image. They have started their approach by adding random noise around the image, then scrambling the image pixels twice to provide diffusion. This scrambling step should shuffle the neighboring pixels and distribute the added noise around the image. For diffusion purposes, two main operations were performed, XOR and modulo arithmetic, which enhanced the security level and speed of encryption.
On the other hand, a hybrid encryption scheme has been proposed by Nematzadeh et al. [
15], using Genetic Algorithms and coupled map lattices. Their approach starts with generating a population of secured cipher images and then using the genetic algorithm to select the best ciphers according to a fitness function that combines both minimal loss and minimal computational time. It has been argued that because of using such a hybrid system the cipher images should be secure from traditional attacks. Likewise, Fofanah and Gao [
16] have proposed another type of encryption algorithm for medical images. They have proposed two watermarking schemes. The first scheme is based on the combination of two transforms discrete cosine and discrete wavelet. The second scheme is based on genetic programming. Both schemes have achieved better performance than the state-of-the-art watermarking techniques.
In 2021, encryption of medical images has continued to be a common topic in research. Starting with Deb and Bhuyan [
17] who have proposed an encryption system based on the linear feedback shift register (LFSR). They have created a nonlinear filter based on linear feedback shift register (LFSR) and used it as a Pseudo-Random Number Generator (PRNG) [
18]. Their approach starts with randomizing the medical image and then scrambling it, using a Logistic-Tent map and Arnold transformation approach, respectively. The resulting images are then XORed with a sequence generated by PRNG to achieve the encryption. This operation should provide a high level of randomness in the cipher image. Adithya et al. [
19] have also used LFSR to control the scrambling of pixels in medical images, along with Modified Logistic Maps (MLM). While LFSR has been found efficient in medical encryption by [
17,
19]. Nevertheless, the non-linear feedback shift register (NLFSR) is more resistant to several types of attacks. Trivium [
20] is considered an NLFSR and is used in the proposed model to provide more resistance to such attacks.
Also, Masood et al. [
21] have proposed a cryptosystem to preserve the privacy of medical images that consists of several steps. They have used images of size 512 × 512 and divided each image into 4096 blocks of size 8 × 8. They have used the Henon chaotic map (HCM) to apply confusion by shuffling pixels in each block. Then Brownian motion has been applied to generate particles in three directions. One of them is selected and multiplied with the result of HCM and then XORed with Chen’s chaotic system result. By evaluating the performance of their system using several evaluation measures, such as NIST, Entropy, MSE, PSNR, and time complexity were used and proved the efficiency of the proposed systems in both security and time-wise. Their results have been compared with the results of the proposed encryption scheme. Guesmi and Farah [
22] have proposed a hybrid cryptosystem of medical images that consists of using SHA-2 as a hash algorithm, to generate the encryption key. Then confusion is applied using DNA operations and diffusion is achieved by chaotic maps generated using the keys resulting from the hash algorithm. An XOR operation is applied in the final step to apply the final encryption and produce the cipher image. They have argued that their work increases the security of the encrypted medical images against statistical attacks and the encryption efficiency is enhanced.
Moreover, Barik and Changder [
23] have proposed a complex cryptosystem with two phases of encryption. In the first phase, they apply an extension of DNA code, namely the Amino acid codon. The resulting image is then split into a certain number of blocks. Logistic maps are used to create chaotic confusion. Then a random number is generated from a random ASCII character seed, which is encrypted using the RSA algorithm. Then a circular shifting is applied on each block and XORed using a sequence of tent maps, as the second phase. Extra security is added by encrypting all resulting keys in both phases using the AES algorithm. They have tested their approach using several analysis techniques, such as correlation analysis, resistance to noise and bruit-force attacks, and others, and proved that their approach performance has outperformed previously proposed methods. Comparably, Mishra et al. [
24] also proposed a cryptosystem of medical images that uses DNA cryptography. They increase the randomness of the image by a masking phase that proceeds with the actual encryption. For confusion, the proposed algorithm uses Arnold’s Cat Map. As for diffusion, it uses 2D-logistic sine coupling map values along with DNA code and XOR operation. They argued that their algorithm is secured against statistical and brute force attacks. Key rotation is a recommended practice in encryption algorithms to enhance security. Also, several researchers have used this technique within images encryption algorithms, such as [
25] who applied key rotation in the key generation phase and resulted in a more secured cryptosystem. Thus, this technique has been used in the proposed work. In addition, the authors of [
26] have used a new technique for splitting images (color and gry-scale) into blocks. After performing some transformations to these blocks, a chaotic logistic map has been used to generate a key to defuse the image. Their results showed the effectiveness of their proposed algorithm using PSNR, histogram, entropy, and other evaluation metrics. However, all their test images were the size of 256 × 256, which is considered to be small for medical images.
Furthermore, several other research contributions were presented to improve the mutual information (MI) measures such as in [
27] who proposed an MI measure for input variable selection (IVS) and incorporated it into optimized support vector regression (SVR) for the displacement prediction of seepage-driven landslides. Finally, our work makes use of several security modules (such as ECDH, AES, DSA, Merkle tree, and others) to provide high-security standards and ensure the privacy of patients’ information against undesired access. Our system aims at providing a robust medical image cryptosystem with computational overhead. To sum up,
Table 1 presents a summary of surveyed papers throughout this study.
4. Performance and Comparison Analysis
The experiments were conducted using the Google Co-Lab platform based on Python-3. Google Co-Lab offers 12 GB RAM and 128 GB Disk.
Performance analysis for the Proposed algorithm was conducted on many levels. Confidentiality was ensured by measuring the level of dissimilarity between original and encrypted images, entropy analysis, histogram analysis, and time analysis. Performance measurements are presented using three images that are listed in
Table 2.
The first measurement considered is the dissimilarity analysis. Encryption algorithms designed to work on medical images are demanded to produce a highly distorted image compared to the original image. Visual measurement is considered important, while we need to prove and measure dissimilarity between original and ciphered images mathematically. In this study, we use Peak signal-to-noise ratio (PSNR) measurements and correlation measurements to measure the dissimilarities degree between original and encrypted images. PSNR can be described as the ratio between the maximum possible power of an image and the power of the noise being applied to the image. In our study, the higher the PSNR value, the more the distortion is, which indicates good performance.
Figure 10 below shows an example of an original and encrypted image presented with the PSNR value related. A PSNR value of 7.8006 can be considered relatively high. Correlation analysis measures how adjacent pixels in original and encrypted images are alike—The less the correlation factor, the better the results. In
Table 3 we present the PSNR and correlation analysis for the three images listed in
Table 1.
The second measurement is entropy analysis. Entropy analysis is another way to measure the algorithm’s performance in hiding the details of the original image, and it is measured in bits per pixel. A high entropy value means more randomness in the image and high confidentiality measures for the algorithm. The maximum possible value for entropy is eight. We have measured image 1 used in this study; the other two encrypted images gave excellent entropy values indicating that the original image cannot be visually extracted from the encrypted image.
Table 4 presents the results of entropy analysis.
The third measurement is Histogram Analysis. An image histogram is a visual representation of gray levels distribution in the image. Every gray level is represented by the total number of pixels with that grey level. A histogram plot can directly reflect the tonal distribution of the image by just looking at it. For example,
Figure 11a represents the original image. At the same time,
Figure 11b illustrates the image histogram.
Figure 11a shows that the image colors are biased towards dark grey levels;
Figure 11b shows that dark gray levels with values closer to zero appeared more frequently in the image.
Figure 11c shows the histogram for the XORed image with the Trivium, while
Figure 11d shows the histogram for the encrypted image. The difference between the plain image and the encrypted image histograms indicates a low correlation between the two images. While the almost even distribution for ciphered image histogram means that not much information can be concluded from the image.
The fourth Measurement is Time Analysis. The time execution is detailed for image 1 in
Table 1, with 4288 × 2816 pixels.
Figure 12 illustrates the time execution for each step in the proposed model. The execution time for XORing the image with Trivium was 2.702 s, whereas the time execution for encrypting the resultant XORed image was 3.337 s. The decryption process took only 1.419 s. It can be noticed the reversed xor and reconstructing the image took the longest time, which is 4.152 s. The overall process took 11.61 s. The encryption time required to encrypt the images mentioned in
Table 1 is listed in
Table 5. According to the information listed in
Table 1, the proposed algorithm can be considered a lightweight and practical algorithm that can be used with large high-resolution images without worrying about time.
Finally, we compare this work with other studies. The proposed algorithm can be considered simple and easy to mimic compared to other studies. While for the results we have generated, the comparison is listed in
Table 6. The PSNR values we have generated are within the same range as other studies and are considered satisfying. The entropy values for encrypted images reflect highly visually distorted images. Encryption time is another comparison aspect that can distinguish practical algorithms. Obviously, the proposed algorithm requires less than one second to encrypt image 2 and image 3, while for image 1 it too around 6 s for encryption; we should take into consideration the size of image 1, mentioned in
Table 1.
5. Security Discussion
The proposed model is a hybrid cryptosystem composed of symmetric key encryption using (AES) and asymmetric key encryption using Elliptic Curves (EC). Both components are prone to side-channel attacks [
31]. However, masking the data with trivium cipher before implementing AES ought to increase the security level. This increase is done by preventing side-channel attacks such as differential power analysis (DPA). Such masking algorithms are discussed in [
32,
33,
34,
35] and used to protect AES against DPA.
SCA for EC private exponent multiplication is a serious concern according to [
36,
37]. In our proposed cryptosystem, Key exchange is resistant to DPA because we use The Montgomery powering ladder [
38].
Moreover, In MID-crypt we overcome one of the most weaknesses of a public-key system which is a Man-in-the-Middle attack (MITM). Generally, this attack scenario can be described as replacing the value of SSV with SSV’. The difficulty of generating MSK is knowing the PIN value, which is only used by the patient for encryption and decryption. Furthermore, PPM will provide identification of crypto principles.
Additionally, MID-Crypt KRM-module will reduce the number of encrypted data with an encryption key. Hence, the amount of data leaked by one key compromise has become less. This means that most popular attacks which need a large amount of data, such as known “plain text” and “algebraic” would fail with MID-Crypt.
Nowadays, the blockchain concept has spread to many fields and is implemented in many applications. Generally, enhancing security and privacy issues can be addressed on blockchain, anonymizing personal data and storing all authorized transactions. In MID-Crypto we do not use this mechanism utterly, but from Equation (
1), we use key chaining, to connect all transmitted images of one patient together. Therefore, the proposed methodology can be applied to other fields requiring an extra flavor of security provided by cryptography.
Table 7 shows that the proposed MIT-Crypto can stand against four famous possible attacks. Compared to other studies MIT-Crypto has shown distinguishable security measures since it is the only system covering SCA and MITM attacks.
The limitation we recognized on the MID-Crypto protocol is that the MID-Crypto stores MI inside the user profile, this limits the medical consulting between doctors. KMM and ENC need many calculations, therefore MID-Crypto cannot consider lightweight or used with most IoT applications. Handling privacy in MID-Crypto requires us to distribute MI with owners only, which causes distributed data set of having many MIs in one place.