ieee transactions on information technology in …ooibc/yyjauthentication.pdf · abstract—it is...

IEEE TRANSACTIONS ON INFORMATION TECHNOLOGY IN BIOMEDICINE 1

Tailored Reversible Watermarking Schemes forAuthentication of Electronic Clinical Atlas

1Feng Bao,2Robert H. Deng,3Beng Chin Ooi,2,3Yanjiang Yang1Institute for Infocomm Research, 21 Heng Mui Keng Terrace, Singapore 119613

2School of Information Systems, Singapore Management University, Singapore 2597563School of Computing, National University of Singapore, Singapore 117543

Abstract— It is accepted that digital watermarking is quiterelevant in medical imaging. However, due to the special natureof clinical practice, it is often required that watermarking donot introduce irreversible distortions to medical images. Elec-tronic clinical atlas has such a need of “lossless” watermarking.We present two tailored reversible watermarking schemes forclinical atlas by exploiting its inherent characteristics. We haveimplemented the schemes and our experimental results look verypromising.

Index Terms— Electronic Clinical Atlas, Authentication, Re-versible Watermarking, Security.

I. I NTRODUCTION

EFFICIENT maintenance of medical data in electronicformat is crucial in enhancing the quality and efficacy

of healthcare provision through efficient information sharing.However, along with the benefits is the growing concernabout the security of digital medical information. In a broadsense, security issues pertaining to digital medical data arecategorized into the following aspects [1], [2]:

1) Confidentiality: individual privacy of patients as well asphysicians implies that medical data must be protectedfrom inappropriate disclosure. Only authorized userswith appropriate rights are offered access to the data.

2) Authentication: authentication (reliability in [1], [2]) ofmedical data can be further classified into (1) integrity:medical information must be assured of its intactness;(2) authenticity: credibility must be given to the usersthat the underlying data are up to what they are claimedto be.

3) Availability: medical data must be guaranteed to bereadily available to the authorized uses.

Medical imaging constitutes an important part of digitalmedical data. Clearly, the attacks that threaten digital medicalinformation as a whole (see e.g., [3], [4]) would also apply tomedical images. In this paper, we are interested in exploringthe authentication aspect of medical images.

Multimedia authentication inherits many characteristics ofgeneric data authentication using cryptographic primitives,such as integrity verification, authenticity verification andnonrepudiation [5]. However, multimedia authentication hasits own unique features that make the techniques for genericdata authentication not suffice and sometimes undesirable.

Part of the work has been published in IEEE. International Conference onAcoustics, Speech, and Signal Processing, 2003.

For example, an image changing from one format to anotherwithout losing visual content should be deemed authentic inmultimedia authentication, whereas this turns out to be hard toachieve by applying generic data authentication that uses Mes-sage Authentication Code (MAC) or digital signature [5]. Asa result, multimedia authentication is normally accomplishedby digital watermarking [6], [7]. Digital watermarking canbe classified intocopyright watermarkingand authenticationwatermarking, based on the purposes it is intended for. Wenote watermarking can also be used to establish a channelfor carrying, e.g., meta-data (e.g., [8], [9], [10]). In a strictsense, this application of watermarking belongs to the areaof steganography since the objective is to hide medical datain a host image for data secrecy purposes. In copyrightwatermarking, the inserted mark, upon extraction, asserts own-ership of the underlying data. To achieve this end, copyrightwatermarking must be robust so that the inserted mark cannotbe easily removed. In contrast, authentication watermarkingis designed to prove the integrity and authenticity of theunderlying data. Authentication watermarking can be furtherclassified into hard authenticationand soft authentication[11]. Hard authentication detects and rejects any modificationto the multimedia content except for lossless compressionand format conversion with equivalent visual content, whilesoft authentication allows foradmissiblecontent modificationswhile rejectsmalicious manipulations. The lack of a cleardistinction between admissible and malicious operations is oneof the main challenges for soft authentication.

Clearly, authentication watermarking represents a viablesolution to authentication of medical images in our context.We note that medical practice is very strict with the manage-ment of medical data for the clinical, ethical and legislativereasons [1], [12]. Thus in many cases it is often desirablethat watermarking itself does not introduce any distortionto the medical images for the purpose of data authentica-tion. For example, images used for court proof or for dataarchiving are strictly forbidden to be altered. However, itis well known that normally, watermarking including hardauthentication watermarking introduces perpetual distortionsto the original data. This suggests that most of the existingauthentication watermarking techniques are not satisfactoryfor medical imaging. To authenticate medical images, a wa-termarking scheme must possessreversibility - the ability torecover the exact original content from a watermarked image.Watermarking working in such a reversible way is referred to


as reversible (lossless, invertible, distortion-free, erasible, etc.)watermarking [13], [14], [15], [16], [17], [18] in the literature.Reversible watermarking is regarded as a special form ofhard authentication [11]. In this paper, we develop reversiblewatermarking schemes that are tailored for authentication ofelectronic clinical atlas [19], [20], [21], a particular type ofmedical images in palette format. Our motivations of studyingreversible watermarking for electronic clinical atlas are (1) thisis in conformance with the strict medical practice in general;(2) The atlas, in combination with other medical imagingmodalities, has a wide spectrum of applications in functionalneurosurgery, brain mapping, neuroeducation, and so on (seee.g., [20], [21], [22]). Usability of these applications, many ofwhich run in an online interactive mode, is determined largelyby the accuracy of the underlying atlas and the brain data.This highlights the need for the authentication of the atlasby reversible watermarking; (3) as we shall discuss shortly,the atlas has some unique features, which make the existingreversible watermarking schemes inadequate.

The remainder of this paper is organized as follows. InSection II, we provide a brief background on multimediaauthentication, and review related work on reversible water-marking and authentication of medical images, respectively. InSection III, we propose two tailored reversible watermarkingschemes for authentication of electronic clinical atlas, byexploiting the very nature of the atlas. We present experimentalresults in Section IV and Section V concludes the paper.

II. BACKGROUND AND RELATED WORK

A. Background

Authentication of generic data has been well studied incryptography [5], where either a Message Authentication Code(MAC) or a digital signature is computed on and appendedto a message [5]. The MAC or the signature is treated asaccessory data, semantically distinguishable from the messageitself. Though the generic approach does not in any way affectthe fidelity of the data to be authenticated, it has some intrinsiclimitations when applied for authentication of multimediacontent: (1) a malicious intruder can easily separate andruin the ancillary authentication payload, thereby disablingthe authentication functionality; (2) the tagged payload issusceptible to normal file format conversion, so much so thateven a simple re-save operation will render it useless; and (3)the generic data authentication technique lacks the property oflocalization, i. e., the ability to determine the locations wheremodifications were made.

These limitations can be overcome using authenticationwatermarking which embeds a watermark payload into mul-timedia data, so that the payload is semantically combinedwith the data. The ability to localize tampering or determinethe severity of tampering is another highly desirable featureof authentication watermarking [11], [13], [23]. Moreover, de-pending on the integrity criteria, authentication watermarkingauthenticates multimedia content in such a flexible way thathard authentication rejects every alteration while soft authenti-cation passes admissible operations. A stronger requirement insome scenarios e.g., in military or healthcare, is the recovery of

the exact original content from the watermarked data. Regularwatermarking does not possess such an ability. This callsfor a special type of authentication watermarking, reversiblewatermarking, which allows for the recovery of the originaldata from the watermarked data. The fundamental principle ofreversible watermarking is demonstrated in Figure 1. Note thatthe “recovery” process is where reversible watermarking dif-fers from regular authentication watermarking. By “recovery”,reversible watermarking can completely remove the introduceddistortion and reconstruct the exact content of the original data,provided that the watermarked image is authentic.

Fig. 1. Flow chart for reversible watermarking.

B. Reversible Watermarking

Reversibility of digital watermarking has been explored forquite some time [24], [25], and progress within recent yearsproved its viability for authentication multimedia. The firstknown reversible watermarking scheme was due to [14], andthe method in [13] that followed employed the same idea ofmodulo addition to extend the classic patchwork algorithm.However, the embedding capacity of these methods is limitedand annoying artifacts may be caused in the underlyingimages. For these reasons, they are not very satisfactory forpractical use. To overcome these limitations, Fridrichet al.[15], [16], [17] developed an elegant method for achievingreversible watermarking which works as following: a bit planethat can be randomized without causing noticeable artifacts islosslessly compressed, so that the original bit streamB isshortened toB′ and the newly created space of|B|−|B′| bitsis used to accommodate the authentication payloadh. Thenthe original bit plane is replaced byB′||h for the purposeof watermarking, where|| denotes concatenation. During theauthentication verification,B′ is decompressed to obtainB,which is in turn used to recover the original bit plane forthe reconstruction of the original image. Practical schemesfor virtually any commonly used file format including raw,uncompressed formats (BMP), lossy or transform formats(JPEG), and palette formats (GIF, PNG) were presented in[17]. As we will see later however, the methods for paletteformat used by Fridrichet al. cannot be used to reversiblywatermark electronic clinical atlas due to the unique featuresof atlas. Fridrichet al.’s method is a general approach, whereasit is not always optimal in certain aspects such as embeddingcapacity and image quality preservation.

Reversible watermarking proposed in [18], [26], [27] oftenprovide higher embedding capacity. In particular, the methodin [18] creates extra space for the authentication payload by


virtue of Difference Expansion, in conjunction with General-ized Least Significant Bit Embedding. In contrast, the schemein [26] adopts a totally different method to achieve reversibil-ity, that is, circular interpretation of bijective transformations.Compression on the original data is avoided in [18], [26].An added feature of [26] is that the watermarked content canendure certain lossy processing, and virtually none of the othermethods has this property.

Localization is quite useful in some circumstances. Themethod in [28] is the only known reversible watermarkingscheme that provides localization.

C. Authentication of Medical Images

The demand for authentication of medical images is enor-mous, due to the increasing needs of data exchange withinmedical community and with external parties such as researchinstitutes. The work in [29] highlighted the perspective ofapplying generic data authentication techniques such as one-way hash function and digital signature for the authenticationof medical images, while [12] demonstrated the applicabilityof digital signature in medical imaging.

The relevance of authentication watermarking in medicalimaging for reversible watermarking and integrity control hasbeen extensively discussed [1]. The work of [30] was basedon the fact that a medical image is normally allowed to beseparated into Regions of Interest (ROIs) and Regions of Non-Interest (RONIs); the ROIs must be strictly preserved while theRONIs can be allowed for some modifications; consequently,the authentication payload of ROIs is inserted into the RONIs.A possible weakness of this method is that if an adversary canidentify the RONIS, then the embedded authentication payloadcan be totally erased, thereby disabling the authenticationfunctionality. The work in [31] made improvements over [30]by repeatedly inserting the payload closely around the ROIs.Moreover, the payload can be used to repair the ROIs in thecase of minor alterations to the ROIs. A watermarking schemefor DICOM format images was proposed in [32] to guaranteethe genuine link between a delivered image with the root partof its header. Specifically, the authentication payload on theinformation of the referring physician is inserted in the imagecontent by a watermarking scheme.

III. TAILORED REVERSIBLE WATERMARKING SCHEMES

FOR ELECTRONIC CLINICAL ATLAS

In this section, we first give a brief introduction to electronicclinical atlas, discussing its uniqueness and explaining whythe existing reversible watermarking schemes are not effectivein watermarking the atlases. We then propose two tailoredschemes to solve the problem.

A. An Introduction to Electronic Clinical Atlas

Electronic clinical atlas in palette format [19], [20], [21] isa special type of medical images: each structure contained inan atlas is filled completely with a single color. Figure 8 (left)shows a typical atlas with dimension of 705×820.

The image file of an atlas semantically includes two parts:one is thepalette(file header) that lists color indices and their

corresponding RGB components, e.g., Figure 2(a); the otherpart is theimage data(file body) that represent each pixel by acolor index, e.g., Figure 2(b). In Figure 2, the atlas containinga palette as shown in 2(a) and the image data as in 2(b) actuallyrepresents pixel values as shown in 2(c). It is clear that some

Fig. 2. Semantic content of an atlas file. (a) The palette. (b) The image data.(c) The pixel values.

regular embedding operations such as LSB modification ofthe image data is not appropriate for watermarking electronicclinical atlas, because the image data of an atlas are colorindices rather than RGB values, so indices of similar valuesmay refer to quite different colors.

We next summarize in the following the uniqueness ofelectronic clinical atlas.

• U1. Most of the atlases are not “natural” images asopposed to the “natural” images that are commonly seenin daily life. A “natural” image normally presents smoothscene. In contrast, every structure in an atlas is of purecolor (e.g., structures in the atlas in Figure 8 (left) arehomochromous), so that (1) the boundary along twoadjoining structures is clear-cut; (2) any alteration withina structure by a different color would appear definitelynoticeable.

• U2. An atlas normally does not use up 256 colors, whichis the upper bound that most palette images assume. Onaverage, 30-100 colors are used to label the structures inan atlas.

• U3. While the content of an atlas should be strictlyprotected, the palette of it can be permuted providedthat the content (piexels) of the atlas is not affected. Forexample, the following scenario should be allowed: inFigure 2(a), the entries of (0, 255, 0) and (0, 0, 255) arepermuted in the palette, and 1’s in the image data (Figure2(b)) are changed to 2’s and 2’s are changed to 1’s. Thisdoes not change the actual pixels.

In principle, we can exploit the existing reversible water-marking schemes that were designed for palette images tofulfil the task of reversibly watermarking electronic clinicalatlas. Unfortunately, the only known such schemes that wereproposed by Fridrichet al. in [17] actually turn out to beunable to meet the needs due to the very nature of the atlasesas listed earlier. To see this, we check respectively the twocases distinguished in [17] with electronic clinical atlas asfollows.Case 1.Palette with fewer than 256 distinct colors: The basicidea is to make at least two entries in the palette for colorc , a most frequently occurring color in the image to bewatermarked. Ifc already has two or more entries, nothing


needs to be done. Otherwise, simply allocating an empty entryfor c in the palette. This is feasible as the palette is not usedup. We then suppose the indices of two entries ofc in thepalette arei and j, respectively. Then 0 is associated withiand 1 is associated withj. In embedding, the image is scannedin a defined pattern, e.g., row by row. When a pixel with colorc is encountered, its color index is changed toi if a bit 0 is tobe embedded and changed toj otherwise. In extraction, theimage is scanned in the same pattern, and the embedded binarystream is obtained depending on the indicesi, j of color c.Embedding in this way does not alter the pixels at all, so nofurther reconstruction is needed.

Due to U2, theoretically it seems this scheme can be usedfor electronic atlas. However, in practice it is not the case be-cause this method requires adding an entry for a most frequentcolor c. This is not allowed since further processing of theatlases, e.g., automatic extraction of the structure boundaries inan atlas [22] would be interfered: in this processing, structuresrepresented by different color indices would be recognizedas different. While the palette of an atlas can tolerate somemanipulations as suggested inU3, we should avoid causinginterference to other uses of the atlas and we are interestedin the watermarking schemes that are compatible with theexisting processing algorithms.Case 2.Full palette with 256 distinct colors: In case the paletteis exhausted by 256 distinct colors, two colorsci (index is i)and cj (index is j) are chosen, such that|ci − cj | is small.Then 0 is associated withi and 1 is associated withj. Inembedding, the image is scanned in a defined manner. If apixel with ci or cj is encountered, its color index is changedto i if 0 is to be embedded and changed toj otherwise. Inextraction, the image is scanned in the same pattern and theembedded binary stream is obtained depending on the indicesi, j of color ci and cj . It is easy to see that this scheme isalso applicable to the first case, provided that an appropriatepair of similar colors is found.

Clearly, this method is a good tool for watermarking “natu-ral” palette images. However, as suggested inU1 electronicclinical atlas cannot be assumed “natural”, so a color pairwith minor difference does not always exist. Furthermore, evensuch a desired color pair is found, color flipping within ahomochromous structure would be readily detectable.

We have shown the reasons why the reversible water-marking schemes for palette images in [17] cannot be usedfor watermarking electronic clinical atlas. In the next twosubsections, we shall propose two reversible watermarkingschemes that are tailored for electronic clinical atlas, and theproposed schemes circumvent all these limitations. The firstscheme is designed exclusively for the atlases that comprisehomochromous structures, and the second scheme can beapplied to any atlas, be it “natural” or not.

B. Our First Reversible Watermarking Scheme

Intuitively, the main reason for Fridrichet al’s method incase 2 fails in our scenario lies in the fact that the structurescontained in an atlas are homochromous. We thus tailor ourfirst scheme exclusively for the atlases with homochromousstructures, and this scheme is an extended version of [33].

For the purpose of watermarking, we are faced to find theright embedding channel and the way to insert the authenti-cation payload in an atlas, while without causing perceptibleartifacts. We observe that when a boundary point of a ho-mochromous structure revises its color to its neighboring color,the effect caused is visually unnoticeable. On the contrary, ifa point within a homochromous structure changes its colorto even a similar color, the difference would be quite clear.Motivated by this, we shall exploit the boundary points of thehomochromous structures for embedding. Meanwhile, to avoidgenerating accumulative artifacts, the points to be revised forwatermarking should be uniformly diffused over the whole setof boundary points across an atlas. Moreover, we shall followFridrich et al’s general methodology for achieving reversibility(see Section II). We next elaborate our ideas on these issues,and they are building blocks of the actual scheme.

1) Basic ideas:For ease of understanding, we take Figure3 as an example, which represents virtually all possible casesof how structures bordering one another along a row. Inparticular, along rowi, (1) structureA stands alone withoutneighbors; (2) two structuresB1 andB2 border each other; (3)more than two structures in turn border each other (three struc-tureC1, C2 andC3 are used in the figure, and generalization tothe scenario of more than three structures is straightforward).

Fig. 3. Illustration of embedding

Embedding channelAlong a row (rowi in Figure 3), we in turn pick upp1 in

A, p2 in B1, p3 in C1 andp4 in C3 aschannelling pointsforembedding, and the corresponding structuresA, B1, C1 andC3 asembedding structures. Note thatevery otherstructures ineach group of neighboring structures are chosen as embeddingstructures. In our example,A, B1, C1 and C3 are chosenas embedding structures, whileB2, C2 are not embeddingstructures. As we shall see shortly, this is crucial in preventinginterference in encoding between two neighboring structures ifotherwise every structure is chosen as embedding structures.The embedding channel for embedding then comprises thechannelling points collected by scanning all rows across anentire atlas.Encoding primitive

For an embedding structure, we associate 0 to the evennumber of points the structure has along a row, and 1 to theodd number of points. For example, along rowi in Figure 3,structureA has 6 points,B1 has 4 points,C1 has 5 points andC3 has 4 points, so the pathp1 → p2 → p3 → p4 is encoded


as 0010.Embedding method

The insertion of a bit-stream into the embedding channel isequivalent to encoding it along the channel. Rules on how toembed a bit at a channelling pointp are specified in Table I.

Bit to beembedded

Number of points Action taken

0 Odd Change colorEven No action

1 Odd No actionEven Change color

TABLE I

RULES FOR EMBEDDING.

In Table I, let the channelling point bep and the embeddingstructure thatp lies in beStruct, “Number of points” denotesthe number of pointsStruct has along the row that traversesp. By “No action”, we do nothing top; by “Change color”, werevise the color ofp to its left neighboring color. We includethe case that the left neighboring color is the background coloras long asStruct has no neighboring structure along the row.

To make it clearer, let us see an example of inserting a bit-stream by executing the above rule. Suppose 1001 is to beembedded along the path determined byp1 → p2 → p3 → p4

in Figure 3, the embedding is shown in Table II.

Channellingpoint

Bit to beembedded

Number ofpoints

Action

p1 1 6 (Even) Change colorp2 0 4 (Even) No actionp3 0 5 (Odd) Change colorp4 1 4 (Even) Change color

TABLE II

AN EXAMPLE OF EMBEDDING.

According to Table II,p1 is changed to be the backgroundcolor;p2 keeps unchanged;p3 is changed to be the backgroundcolor; p4 revises its color to be the color ofC2.

The reason for choosing every other structures in a groupof neighboring structures is now clear: otherwise, adjoiningstructures might mutually spoil each other’s embedding.Recovering method

We are faced with recovering the original channelling pointsby given the original coded stream. The original coded streamcan be obtained because we assume Fridrichet al’s methodol-ogy for reversibility in our scheme. It must be noted that theset of channelling points gathered from an watermarked atlasmight be different from the original one due to watermarking.This can be easily seen from the above example of embedding1001 along rowi. In particular, the channelling points ofA,C1, C3 will change to be the respective right neighboringpoint of p1, p3, p4, and we denote them asp′1, p′3, p′4,respectively. This is however in no way preventing us fromreconstructing the original structures. Let us continue withthe above example: for structureA, we know the currentchannelling pointp′1 is actually the right neighboring point of

the original pointp1. From the watermarked atlas, we knowthe current code ofp′1 along row i is 1. Once we are giventhe original code 0, since0 6= 1, we change the color of theleft neighboring point ofp′1 to be the color ofp′1 in order torecover the structureA. Likewise, other embedding structuresare recovered to their original content following the samerationale. Note that if the current code = the original code,the current channelling point is the original one, e.g.,p2 inour example.

With these ideas, we are ready to give our reversiblewatermarking scheme.

2) The scheme:Similar to a common authentication wa-termarking scheme, ours consists of two parts: embeddingalgorithm and authentication algorithm.

The basic steps of the embedding algorithm are demon-strated in Figure 4.

��

��

��

��

��

��

��

��

Fig. 4. Flow chart for embedding algorithm.

In particular, the embedding algorithm works as follows:Embedding algorithm

[a] Scan the atlas M row by row in a fixed pattern, e.g., fromtop to bottom. Along each row, pick up the channelling p-oints pi by the method described in embedding channel.An ordered set is eventually formed by these poi-nts S = {p1, p2, · · · pN}, where N is the total number ofthe channelling points that are picked up.

[b] Reorder S with a secret key k1 by the following program.j = Nfrom i := 1 to Nbegin

idx = H(i, k1) mod jS[i] = S[idx]S = S − {S[idx]} and shift left each ofthe items after idx in Sj = j − 1

endS = S

i, j, idx and S are temporary variables in the program.Note that the reordering of S serves to evenly diffuse thepositions that embedding is to occur. Otherwise, accumu-lative effect is possible if we embed row by row. In additi-on, this randomization reduces the likelihood that an att-acker can figure out the exact embedding path, therebyincreasing security.

[c] Compute the authentication payload as h = H(M, k2),where we let M denote the pixels (RGB values ) of theatlas, H(.) is a cryptographic one-way hash function, e.g.,MD5 or SHA1 [5] and k2 is another secret authenticationkey. Note that different keys are used to rule out possiblecorrelation.


[d] In a gradual way, encode the path along the ordered poin-ts in S into a bitstream B by the encoding primitive. Inthe meantime, run an adaptive lossless arithmetic compre-ssion algorithm C(.) to compress B as B = C(B). Checkthe difference between B and B. Once there is enough sp-ace to accommodate the authenticating payload, stop thecompression algorithm. In particular, let Sj = {p1, p2, · · ·, pj} be the path of j steps along S and Bj correspond tothe bit-stream by encoding the path of Sj , the followingprogram achieves the above process:

while (|Bi| − |C(Bi)|) < |h|i = i + 1

i is a fixed value when the above program halts.[e] Embed h||C(Bi) into the path of Si by the embedding

method, where || denotes concatenation.

The basic steps of the authentication algorithm are shownin Figure 5.

��

��

��

��

��

��

��

��

��

��

Fig. 5. Flow chart for authentication algorithm.

In particular, the authentication algorithm works as follows:

Authentication algorithm

[a] Scan the watermarked atlas M′ row by row in the samefixed pattern as in the embedding algorithm, and generatean ordered set S = {p′1, p′2, · · · p′N} of channelling pointsas in the embedding algorithm.

[b] Reorder S with the secret key k1 as in the embedding al-gorithm.

[c] In a gradual way, encode the path along S into a bit stre-am B, and decompress B to be B by running the losslessarithmetic decompression algorithm D(.) that correspondsto C(.). Stop the algorithm D(.) once |B −B| ≥ |h|,where |h| is the bit length of H(.). Let Sj , Bj be definedas in the embedding algorithm, the following program achi-eves the above process:

while (|D(Bi)| − |Bi|) < |h|i = i + 1

i is a fixed value when the program halts.[d] Sequentially get |h| bits from the position i afterwards

along S as the authentication payload h′. Next, use thebit-stream Bi = D(Bi) to reconstruct the original atlasby the recovering method.

[e] Compare h′ with H(M, k2), where M is the pixels of therecovered atlas. If h′ = H(M, k2), then the recovered atl-as is authentic, otherwise it has been tampered with.

3) Discussions:In this scheme, we try to recover the orig-inal image without first considering whether the watermarkedatlas had ever been tampered with. We can actually make some

enhancements over this aspect. The basic idea is to insert anextra piece of authentication data of some areas in an atlasthat are not affected by watermarking. We can determine suchareas before watermarking occurs, because the length of theauthentication data suffices help us decide the channellingpoints that will be affected by watermarking (see step [d]of the embedding algorithm). With such an extra piece ofauthentication data inserted, in step [d] of the authenticationalgorithm, we first extract this authentication data togetherwith h′, then use this authentication data to determine whetherthe not-to-be-affected areas has been tampered with. If notamper is found, we proceed to recover the original image,otherwise, we simply reject. This improvement is of particularimportance when data tamper indeed occurred, since in suchcases there is no need and in fact, it is not possible toreconstruct the original content.

It is clear that the embedding capacity of this scheme isdetermined by the total number of channelling points as wellas the effectiveness of the lossless arithmetic compressionalgorithm. Once the total number of channelling points isfixed, more compression effectiveness of the compressionalgorithm means larger embedding capacity.

We now examine security of this scheme. Specifically,without knowing the secret authentication keyk1 and k2,an adversary is faced with forging an arbitrary atlasM′′

(with respect to a watermarkedM′) in an attempt to passthe authentication. It is equivalent to the case that given afixed hash valueh, the value ofH(M′′, k2) happens to beh. Evidently, the probability for this is1/2|h| = 2−128 when|h| = |H(.)| = 128, according to thecollision freeproperty ofthe cryptographic one-way hash function. As a final note, wepoint out the compression algorithm does not affect securityof the watermarking scheme.

C. Our Second Reversible Watermarking Scheme

Our second scheme is applicable to any atlas in paletteformat, including those with homochromous structures. Wedevelop this scheme by extending the zero-distortion methodproposed in [34] to attain increased computational efficiencywhile without compromising its actual security. This secondscheme does embedding by merely manipulating the paletteof an atlas, thereby causing no distortion to the image pixels.The main difference between our scheme with Fridrichet al’smethod in case 1 is that our scheme only involves permutationof the entries in the palette, whereas Fridrichet al’s schemeinvolves adding a new entry in the palette. Consequently, ourscheme can be used for any palette image, whereas Fridrichetal’s scheme can only be applied to images with palette havingfewer than 256 distinct colors.

1) The scheme:The basic idea of our scheme is to arrangethe palette according to the authentication payload of theatlas, such that a correlation between the palette and theimage content is established. In authentication, the imageis authentic if the correlation still holds. In particular, thescheme works as follows.

Embedding algorithm


[a] Suppose there are N colors in the palette of the atlas Mto be watermarked, and each color has the form (R, G, B).Sort these colors into a virtual list V list according to thevalues of R.2562 + G.256 + B.

[b] Compute the authentication payload for M as h = H(M,k), where we let M denote the pixels (RGB values) of theatlas. Partition h into l segments of equal length as h = h0

h1...hl−1, where each hi satisfies 0 ≤ hi ≤ N . Note thatthe length of hi should be determined as |hi| = m for somem that satisfies 2m ≤ N < 2m+1. The intuition for this isthat we want m (i.e., the length of each hi) is as large aspossible while the value of each hi is less than N .

[c] Rearrange the palette of M by the following steps. (1) Mo-ve the hth

0 color in V list to the 0th entry in the palette. (2)Move the hth

i (1 ≤ i < l) by the following program.j = 1from i := 1 to l − 1begin

if hi /∈ {h0, ..., hi−1} /* hi has not ever occurred */begin

move the hthi color in V list to the jth position

in the palettej = j + 1

endend

i, j are temporary variables in the program. (3) Sequentiallymove the rest colors in V list to the remaining entries afterthe first j entries in the palette (j is a fixed value whenstep (2) halts).Note that step (2) is the tricky part of the rearrangementprocess. The basic idea is that we simply ignore hi if hi isequal to any proceding hn, where 0 ≤ n < i. See the exa-mple in Figure 6, supposing h is partitioned into 6 segme-nts. Since h0 and h4 refer to the same color in V list (h0

= h4), so h4 is ignored and the entry that corresponds toh4 in the palette is occupied by the color referred to byh5 (the hth

5 color in V list).[d] Change the image data according to the new palette. For

example, when a color in the ith entry in the original pal-ette is moved to the jth entry in the new palette, all i inthe image data need to be modified to be j.

Fig. 6. Rearrangement of the firstl colors

Authentication algorithm

[a] Suppose there are N ′ colors in the palette of the watermar-ked atlas M′. Sort these colors into a virtual list V List asin the embedding algorithm.

[b] Compute the authentication payload for the atlas as h′ =H(M′, k), where we let M′ denote the pixels of the atlas.Partition h′ into l segments of equal length as h′ = h′0h

′1...

h′l−1 as in the embedding algorithm[c] Sequentially authenticate h′i, 0 ≤ i ≤ l − 1, by the followi-

ng program. Suppose PCi is the color in the ith entry in t-he palette and Ci is the color in V list referred to by h′i:

if PC0 6= C0

return INVALIDj = 1from i := 1 to l − 1begin

if h′i /∈ {h′0, ..., h′i−1} /* h′i has not ever occurred */begin

if PCj 6= Ci

return INVALIDj = j + 1

endendreturn AUTHENTIC

i, j are temporary variables. Note that in this program, M′

is deemed authentic only when all h′i, i ∈ [0, l) pass the tes-ting. In this authentication procedure, h′i will be ignored ifit is equal to any preceding h′n, where n ∈ [0, i)

2) Discussions:Our extension to the method in [34] (Wu’smethod for short) lies mainly in the following: thel segmentsof the authentication payloadh in Wu’s method must bedistinct to one another. As a result, Wu’s method may needto repeatedly feed a distinct random seed to the one-wayhash function in computing the authentication payload untila suitablehash value is found. By contrast, thel segments ofh in our scheme are not necessarily distinct, so we achievehigher computational efficiency. In addition, we do not needto remember the seed during data authentication.

In the sequel, we assume2m ≤ N < 2m+1, where Nis the number of colors in the palette of an atlas. Clearly,m ≤ 8. Applicability of this scheme to electronic clinical atlasis discussed as follows. As each segmenthi is used as a colorindex in our scheme, to guarantees thathi ≤ N andhi is aslarge as possible,|hi| should be equal tom. As a result, thetotal number of segments that the hash valueh is partitionedis l = |h|/m. Moreover, clearlyl should be less than or equalto N , that is,l ≤ N ⇒ |h|/m ≤ N ⇒ |h|/m ≤ 2m. Assume|h| = 128, thenm ≥ 5. This suggests that for an atlas to bewatermarkable, it has to have at least 32 colors in the palette.

Next, we shall examine the actual security of our schemescheme. In particular, we aim to determine the upper bound forthe probability of successful forgeries by an adversary withoutknowing the secret authentication keyk. That is, we want toanswer the following question:given an watermarked atlasM′, in what probability can an arbitrarily forgedM′′ (M′′ 6=M′) by the adversary pass the authentication process?As we


just discussed, it should hold that5 ≤ m ≤ 8 and2m ≤ N <2m+1, whereN is the number of colors in the palette of anatlas. Therefore, an 128-bit hash value would be accordinglypartitioned intol segments, where16 ≤ l ≤ 26.

We start with a simple example by assumingl = 4.Consequently,h = H(M′, k) would be partitioned intoh =h0h1h2h3, whereM′ denote the pixels of a watermarked atlasM′ and k is the secret authentication key. Without loss ofgenerality, supposeh0 = h2, so upon watermarking the first4 entries (0th, 1th, 2nd, 3rd) in the palette ofM′ would bethe colors referred to byh0, h1, h3, h3, respectively, whereh3

refers to the random color that occupies the3rd entry. Thiscan be shown in Figure 7a. According to the authenticationalgorithm, a forgedM′′ would be deemed authentic as longash′ = H(M ′′, k) satisfies any of the 4 cases shown in Figure7b: (1) each of segmenth′1, h′2 and h′3 of h′ is the same ash0; (2) each of segmenth′2 and h′3 is the same as eitherh0

or h1; (3) segmenth′3 is the same as either ofh0, h1 andh3; (4) h′ = h0h1h3h3. In total, there would be 9 possiblevalues forh′ that could pass the authentication. Specifically,(1) h′ = h0h0h0h0; (2) h′ = h0h1h0h0, h′ = h0h1h0h1,h′ = h0h1h1h0, h′ = h0h1h1h1; (3) h′ = h0h1h3h0,h′ = h0h1h3h1, h′ = h0h1h3h3; (4) h′ = h0h1h3h3.

(1)

(2 )

(3 )

(4 )

'

'

'

'

Fig. 7. All possible cases of forgery

We proceed to generalize the above simple example to thegeneral case of any value ofl. That is, given the firstl entriesof the palette that correspond toh = h0h1 · · ·hl−1, we discusswhat valuesh′ can take so as to pass the authentication. Gener-alizing the cases in Figure 7b, we know thath′ taking value ash′ = h0h1 · · ·hi−1h

′i · · ·h′l−1 for a particulari could succeed

in the authentication, where eachh′j ∈ {h0, h1, · · · , hi−1}.The number of possible values ofh′ in such a case can becomputed asil−i. Considering all cases ofi (1 ≤ i ≤ l − 1),we then get the total number of values thath′ can take asNum =

∑l−1i=1 i(l−i) + 1 =

∑li=1 i(l−i). The probabilityPr

of an adversary forging an arbitrary atlasM′′ that could bedeemed authentic is thusPr = Num

2|h| .Apparently,Pr increases withNum as |h| fixes. We are

now going to determine the upper bound ofPr in the caseof watermarking electronic clinical atlas. Clearly whenl = 26(16 ≤ l ≤ 26), Num takes the biggest value asNum =∑26

i=1 i(26−i) < 256. HencePr = Num2|h| < 256/2128 = 2−72.

We then have the following claim to answer the questionraised earlier:in the absence of the secret authentication key,

the probability that an arbitrary bogus atlas by an adversarymakes the authentication algorithm return AUTHENTIC can-not exceed2−72.

IV. EXPERIMENTAL RESULTS

We implemented and conducted extensive experiments onour proposed two schemes. Experiments were done on a PCwith 2G CPU and 512M RAM. Source codes were written inMicrosoft C++. The hash functionH(.) in our schemes wasinstantiated by MD5 [5] which offers 128-bit hash values.

A. Experiments with the First Scheme

In the experiments with the first scheme, we used truncatedhash values of 64 bits. From the earlier security discussions,we know this achieves a confidence factor of2−64, whichis a sufficiently small probability for forgery. For losslesscompression, we used the LZW compression algorithm [35],which works well when the streams to be compressed haverepeated patterns. In addition, in the experiments we authen-ticate the set of boundary points of structures contained in anatlas. The reasons are (1) in our current applications [22], weutilized the boundary points rather than the entire content ofan atlas itself; (2) the set of boundary points is a compactrepresentation of the corresponding atlas, and the integrity ofthe boundary points of an atlas is equivalent to the integrity ofthe atlas, since every change of the atlas pixels will be reflectedin the set of boundary points gathered by the algorithms in[22]; (3) this is expected to accelerate the computation ofauthentication payload, because less data are feed to the hashfunction, although this acceleration is theoretically minor. Weleverage on the algorithms proposed in [22] to extract theboundary points of atlases. Figure 8 shows an atlas and theset of boundary points within it.

Fig. 8. An atlas (left) and the boundaries of all structures (right)

From the experiments, it is estimated that on average, 3000-4000 channelling points could be found in an atlas, andmost of the atlases are watermarkable by our first scheme.Figure 9 shows an example of our experimental results: 9a isthe original atlas, 9b shows the positions where embeddingoccurs and 9c shows the corresponding watermarked atlas. Itcan be seen from 9b that the revised points had been welldiffused, which is due to the output randomness of the hashfunction used in the reordering of the channelling points. Sinceembedding occurs upon the boundary points of structures, sono apparent distinction is seen between 9a and 9c.


Fig. 9. Experiment results. (a) The original atlas. (b) Positions wherewatermarking occurs in the first scheme. (c) The watermarked atlas by thefirst scheme. (d) The watermarked atlas by the second scheme.

B. Experiments with the Second Scheme

Experiments with the second scheme focused on the pro-gram implementation and testing applicability of the scheme.Other factors such as image quality degradation is not aconcern, since the scheme only involves permutation of thepalette and the visual appearance of the atlases is not affectedat all. Figure??d shows a watermarked atlas by our secondscheme that corresponds to??a. As we have discussed earlier,an atlas is watermarkable if it has 32 or more colors in thepalette. In fact, all the atlases we experimented have morecolors than 32.

V. CONCLUSION

In this paper, we developed two tailored reversible wa-termarking schemes for authentication of electronic clinicalatlas. The first scheme was designed exclusively for atlaseswith homochromous structures, and followed Fridrichet al’sgeneral methodology for achieving reversibility; the secondscheme can be applied to any atlas in palette format, andincurres zero-distortion to the watermarked atlas by simplymanipulating the palette. A weakness of the second schemeis that while it attains the authentication functionality bydetecting every tampering to the image content, it can generatefalse positives: an adversary can permute the entries in thepalette, and modify the image data accordingly while withoutchanging the image content. In such cases, the authenticationalgorithm will report tamperings. This weakness is actuallythe price must be paid by zero-distortion. We implementedthe proposed schemes and obtained promising experimentalresults.

ACKNOWLEDGMENT

The fourth author is grateful to Prof. W. L. Nowinski,who supervised the fourth author’s master thesis on modellingtumor growth with Electronic Clinical Atlas. The authors alsowould like to thank Dr. Yudong Wu for extensive discussionson the security of the proposed schemes.

REFERENCES

[1] G. Coatrieux, H. Maitre, B. Sankur, Y. Rolland, R. Collorec, “Relevanceof Watermarking in Medical Imaging”, inProc. IEEE EMBS Conf. OnInformation Technology Applications in Biomedicine, 2000, pp. 250-255.

[2] R. J. Anderson, “Security in Clinical Information Systems”, BritishMedical Association, 1996

[3] H. Lehrer, “Potential Legal Problems with Digitalized Images”,Radiol-ogy, pp. 190-902, 1994

[4] R. M. Frieddenberg, “Potential Problems Associated with PACS”,Radi-ology, Vol. 189, pp. 55-57, 1993

[5] B. Schneier,Applied Cryptography, 2nd Edi, John Wiley & Sons, 1996.[6] I. Cox, J. Boom, and M. Miller,Digital Watermarking, Morgan Kauf-

mann, 2001.[7] N. F. Johnson, Z. Duric, and S. Jajodia,Information Hidding: Steganogra-

phy and Watermarking - Attacks and Countermeasures, Kluwer AcademicPublishers, 2000.

[8] H. M. Chao, C. M. Hsu, S. G. Miaou, “A Data-Hidding Technique WithAuthentication, Integration, and Confidentiality for Electronic PatientRecords”,IEEE Trans. on Information Technology in Biomedicine, Vol.6, No. 1, pp. 46-53, 2002.

[9] D. Anand, U. Niranjan, “Watermarking Medical Images with PatientInformation”, in Proc. of IEEE/EMBS Conference, 1998, pp. 703-7-6.

[10] S. Miaou, C. Hsu, Y. Tsai, H. Chao, “A Secure Data Hidding Techniquewith Heterogeneous Data-Combining Capacity for Electronic PatientRecords”, inProc. World Congree on Medical Physicas and BiomedicalEngineering, Electronic Healthcare Records, IEEE-EMB, 2000.

[11] B. B. Zhu, M. D. Swanson, A. H. Tewfik, “When Seeing Isn’t Believ-ing”, IEEE Signal Processing Magzine, Vol. 21, No. 2, pp. 40-49, 2004.

[12] J. P. Smith, “Authentication of Digital Medical Images with DigitalSignature Technology”,Radiology, Vol.194, No.3, pp. 771-774, 1995.

[13] B. Macq, “Lossless Multiresolution Transform for Image AuthenticatingWatermarking”, inProc. of EUSIPCO, 2000.

[14] C. W. Honsinger, P. Jones, M. Rabbani, and J. C. Stoffel, “Losslessrecovery of an original image containing embedded data”, US Patentapplication, Docket No: 77102/E-D, 1999.

[15] J. Fridrich, M. Goljan and R. Du, “Invertible Authentication”, inProc. SPIE Photonics West, vol. 3971, Security and Watermarking ofMultimedia Contents III, 2001, pp. 197-208.

[16] J. Fridrich, M. Goljan and R. Du, “Lossless Data Embedding - NewParadigm in Digital Watermarking”,Special Issue on Emerging Applica-tions of Multimedia Data Hiding, Vol. 2002, No.2, PDF Journal Editorial,pp. 185-196, 2002.

[17] J. Fridrich, M. Goljan and R. Du, “Lossless Data Embedding for AllImage Formats”, inProc. SPIE Photonics West, Vol. 4675, ElectronicImaging 2002, Security and Watermarking of Multimedia Contents, pp.572-583.

[18] J. Tian, “High Capacity Resersible Data Embedding and Content Au-thentication”, in Proc. International Conference on Acoustics, Speech,and Signal Processing, 2003.

[19] W. L. Nowinski, T. T. Yeo, A. Thirunavuukarasuu, “Microelectrode-Guided Functinal Neurosurgery Assisted by Electronic Clinical BrainAtlas CD-ROM”, Computer Aided Surgery, pp.115-122, 1998.

[20] W. L. Nowinski, A. Thirunavuukarasuu, “Electronic Atlases Show Valuein Brain Studies”,Diagnostic Imaging Asia Pacific, Vol. 8(2), pp.35-39,2001.

[21] Available: http://www.cerefy.com/[22] Y. J. Yang, “Fast Deformation of A Human Brain Atlas Against Tumor”,

Master Thesis submitted to National University of Singapore, 2001.[23] M. Celik, G., harma, E. Saber, “A Hierarchical Image Authentication

Watermark With Improved Localization And Security”, inProc. ICIP2001(CD-ROM version), paper ID 3532, 2001.

[24] S. Carver, N. D. Memon, B. L. Yeo, M. M. Yeung, “On the Invertibilityof Invisible Watermarking Techniques”, inProc. ICIP 97, 1997, pp. 540-543.

[25] I. J. Cox, J. Kilian, T. Leighton and T. Shamoon, “Secure SpreadSpectrum Watermarking for Multimedia”, Technique Report 95-10, NECResearch Institute, 1995.

[26] C. D. Vleeschouwer, J. F. Delaigle, B. Macq, “Circular Interpretationof Bijective Transformations in Lossless Watermarking for Media AssetManagement”,IEEE Trans. Multimedia, Vol. 5, No. 1, pp. 97-105, 2003.

[27] T. Kalker, F. M. Willems, “Capacity Bounds and Code Constructionsfor Reversible Data-Hiding”, inProc. Security and Watermarking ofMultimedia Contents, SPIE, Vol. 5020, 2003, pp. 604-611.

[28] M. Celik, G. Sharma, A. M. Tekalp, E. Saber, “Localized LosslessAuthencation Watermark”, inProc. Security and Watermarking of Mul-timedia Contents, SPIE, Vol. 5020, 2003, pp. 689-698.

[29] H. A. Wang, Y. Z. Wang, and S. Wang, “Digital Signature Technologyfor Health Care Applications”,Southern Medical Journal, pp. 281-286,2001.

[30] G. Coatrieux, H. Maitre, B. Sankur, “Strict Integrity Control of Biomed-ical Images”, inProc. Security and Watermarking of Multimedia ContentsIII, SPIE Vol. 4314, 2001, pp. 229-240.

[31] A. Wakatani, “Digital Watermarking for ROI Medical Images by UsingCompressed Signature Image”, inProc. of Annual Hawaii InternationConference on System Sciences, 2002.


[32] B. Macq, F. Dewey, “Trusted Headers for Medical Images”, inProc.DFG VIII-DII Watermarking Workshop, 1999.

[33] Y. J. Yang, F. Bao, “An Invertible Watermarking Scheme for Authentica-tion of Electronic Clinical Atlas”, inProc. IEEE International Conferenceon Acoustic, Speech, and Signal Processing, 2003, pp.533-536.

[34] Y. D. Wu, “Zero-Distortion Authentication Watermarking”, inProc.International Conference on Information Security, LNCS 2851, 2003, pp.325-337.

[35] K. Sayood, Introduction to Data Compression, Morgan KaufmannPublishers, 1996.

Feng BaoFeng Bao received his BS in mathematics,MS in computer science from Peking University andhis PhD in computer science from Gunma Universityin 1984, 1986 and 1996 respectively. He was anassistant/associate professor of the Institute of Soft-ware, Chinese Academy of Sciences from 1987 to1993 and a visiting scholar of Hamberg University,Germany from 1990 to 1991. Since 1996 he hasbeen with the Institute for Infocomm Research,Singapore. Currently he is a Lead Scientist and thehead of Infocomm Security Department and Cryp-

tography Lab of the institute. His research areas include algorithm, automatatheory, complexity, cryptography, distributed computing, fault tolerance andinformation security. He has over 100 publications and 16 patents.

Robert H. DengRobert H. Deng received his B.Engfrom National University of Defense Technology,China, in 1978, and his M.Sc and PhD from IllinoisInstitute of Technology, USA, in 1983 and 1985,respectively. He is Professor, school of InformationSystems, Singapore Management University. He hasmore than 140 publications in the areas of error-control coding, digital communications, computernetworks and information security. He served onmany advisory and program committees of inter-national conferences. He served as Program Chair

of the 2002 International Conference on Information and CommunicationsSecurity and the General Chair of the 2004 International Workshop on Practiceand Theory in Public Key Cryptography.

Beng Chin Ooi Beng Chin is Professor of Com-puter Science and Vice Dean (Academic Affairs andGraduate Studies) at School of Computing, NationalUniversity of Singapore, and a fellow of Singapore-MIT Alliance Programme.

Beng Chin obtained his BSc (1st Class Honors)and PhD from Monash University, Australia, in 1985and 1989 respectively. His research interests includedatabase performance issues, indexing techniques,XML, P2P/grid/parallel systems and advanced ap-plications. He has served as a PC member for inter-

national conferences including SIGMOD, VLDB, ICDE, EDBT, DASFAA,CIKM and Vice PC Chair for ICDE’00,04,06 and PC Chair for SSD’93and DASFAA’05. He is an editor of GeoInformatica, Journal of GIS, VLDBJournal and IEEE Transactions on Knowledge and Data Engineering. He is aco-founder and director of Thothe Technologies (formerly known as GeoFoto),a company providing imaging and digital asset management solutions.

Yanjiang Yang Mr. Yanjiang Yang received hisBS and MS in computer science and engineeringfrom Nanjing University of Aeronautics and As-tronautics in 1995 and 1998, MS in BiomedicalImaging from National University of Singapore in2001, respectively. He is now a PhD candidate inSchool of Computing, National University of Singa-pore, attached to Institute for Infocomm Research,A*STAR, Singapore. His research areas include In-formation Security, Biomedical Imaging.

ieee transactions on information technology in …ooibc/yyjauthentication.pdf · abstract—it is...

Documents