• No results found

The idiom seeing is believing can no longer hold true. Digital images are loss- lessly reproduced and undetectably manipulated (or tampered). Consider the images shown in Fig. 1.1, which look very real, though in fact they are not, be- cause it is obvious that a bird cannot have a head of a dog, nor a kangaroo can have a head of a lion. However, in situations, where the reality is unknown, it cannot be said, for sure, that an image has been modied or not.

The situation is even more critical for medical images, where clinical use of the manipulated images can be life-threatening. Consider the case of medical image manipulation in Fig. 1.2. A CT (computed tomography) scan presents liver dis- ease of a patient, which is manipulated with changing the location of an infected region of the liver. There can be many other instances of such manipulation of the original images, but the question is how they can be detected? In fact, by merely seeing the images, detecting such plausible manipulations that contain to- tally fabricated abnormalities would be impossible. Concerns grow tremendously,

Figure 1.1: Example of manipulated image (Courtesy: www.worth1000.com)

when some relevant occurrences are seen to actually happen, see for example, re- cent medical insurance fraud casess [810]. Although those incidents were not directly related to medical images, who would guarantee that similar problems would not happen with medical images tomorrow? Who will make sure that for insurance or other fraudulent activities, a medical image will not be tampered with? Or, even if a patient is wrongly diagnosed from a tampered image, who will take the responsibility?

Reinforcing the trustworthiness of digital images is therefore an open challenge today, where conventional security tools are found insucient (see Section2.2.3). Studies have shown that the Digital watermarkingan evolving information hid- ing technologyis promising to complement other security protection of image data depicting natural scenes or medical phenomena. [1120]. Digital watermark- ing is a process that principally permits the adding of information as a watermark

into an object (i.e., digital media like image, audio, etc.) such that the watermark can be detected afterwards. The construction of a watermarking scheme signif- icantly varies with its objectives (e.g., content authentication, tamper detection and recovery, annotation) and application scenarios (e.g., image, audio, video). The research presented in this thesis aimed to investigate digital watermarking to provide a systematic way for designing, analysing, and applying it, with a particular focus on medical image security.

Digital medical imagesas the outcome of advanced imaging technology have created new practices for the professions and patients in the modern health care sector. Digital imaging has acquired sucient reliability and cost- eectiveness that the lm-based imaging technology has been shifted to lm-less technology for producing digital images. Thus the capacity for acquiring, stor- ing, and dealing with medical images in digital archives increased signicantly. Use of digital medical images, on the other hand, has enabled remote access to, and electronic transmission and interpretation of medical information across multiple users and display stations. Thereby, in modern health care, hospital information systems comprising radiology information system (RIS) and picture archiving and communication systems (PACS), oer various distant medical ser- vices (e.g., teleradiology, telemedicine) with the potential to improve healthcare access, delivery, and standards.

Dealing with digital medical imagesdespite its great usefulness in modern health careis raising many new security problems with legal and ethical com- plexities for local archiving and distant medical services. These mainly include image retention and fraud, distrust and invasion of privacy, and malpractice in credentials and contracts. Medical images and other radiology information (e.g., electronic personal health information) are sensitive and easily identiable, and thus their use (e.g., for archiving or in any medical services) in an insecure en- vironment and over public networks is dangerous. Such images and information need not only to be managed properly for their uses, but also to be protected with integrity and high condentiality within a security framework.

A framework for digital medical image security generally requires: (i) a stan- dard set of security proles/policies and (ii) a set of measures by which the security principles in the prole are fullled. There are various international stan- dards and national legislative rules and directives (e.g., ISO27799Security Man- agement in Health Using ISO/IEC/17799) that dene the security and privacy

requirements for medical information. These requirements are being achieved by dierent conventional security measures (e.g., rewall, VPNvirtual private network, le-header, encryption), which have been reported to be incapable of individually providing the required security of medical images in the PACS/RIS based hospital information systems [2123]. These standards and conventional se- curity measures will be reviewed with more details, and thereby the applicability of digital watermarking to medical images will be revisited in Chapter 2.

However, despite its great promise, digital watermarking has not been widely adopted in all potential applications like medical imaging. Existing watermarking schemes often suer from technical and security aws. Validation of the suitabil- ity of those schemes for an application becomes more challenging. One main reason for these problems is that no standard approach is undertaken for the watermarking application. Particularly:

(i) There is also no known construction of a complete or formal generic water- marking model that helps identify the state-of-the-art watermarking scheme for the digital image (or other multimedia) application(s). In other words, there is a lack of a watermarking model that gives a big picture of water- marking and identies all of its possible components, inputs, outputs, and their properties.

(ii) There is a lack of proper denitions of watermarking properties and their suitable evaluation metrics. This is an obvious consequence of the previous gap (i.e., the lack of a watermarking model) in the literature. Therefore, some watermarking properties (e.g., robustness, security) are naturally mis- interpreted in practice. Such a practice not only hinders the choice and use of a suitable watermarking scheme for an application, but also leads to debate about the state-of-the-art watermarking schemes for dierent appli- cations.

(iii) Security levels of existing watermarking schemes are mostly unknown. Par- ticularly, the set of adversary actions in dierent application scenarios has not been studied yet. This also means that a complete security analysis of a scheme is required before applying the scheme to medical image (or other multimedia) application(s).

(iv) Medical image requirements for digital watermarking are not well dened and are considered with various implicit assumptions. For example, type of embeddinghow are the pixels to be modied: using a non-invertible or invertible transformation?; region of embeddingare all pixels modiable?; and level of modicationhow much modication is allowed in modiable pixels?. Consequently, justifying the choice of a watermarking scheme for medical image applications remains a dicult task.

(v) There is no watermark embedding scheme available which is equally suit- able for dierent modalities of medical images. For example, as will be discussed in Section 5.2, reversible schemes can be computationally inef- cient for multi-modal medical images (with a relatively high embedding capacity requirement), and can raise legal and ethical concerns about alter- ing all pixels (despite their reversible embedding property). Other schemes usually suer from the fallible and modality1 dependent RONI (Region Of

Non-Interest, to the medical professionals) selection techniques. Since dif- ferent modality images have varying ROI (Region Of Interest, counterpart of RONI) properties (e.g., shape, location, pixel intensity, etc.), generally the performance of a RONI (or ROI) selection technique signicantly vary with the image modality.

All these gaps in the literature can have many serious consequences. An immediate concern is the improper realizations to application scenarios that may render a watermarking scheme unsuitable for its intended use. In other words, a scheme without a formal model eventually can have technical aws and security vulnerabilities for an application. For example, a watermarking scheme proposed for a content authentication (and tampering detection and recovery) purpose can be easily broken soon after it is proposed (i.e., the scheme can be shown to be not capable of detecting some unauthorized modications).

Another concern is the rampant re-invention of watermarking schemes for dif- ferent applications. Such an ad-hoc development of watermarking schemes may not only cast doubt on their potential, but also make their justication to suit- ability more challenging, for an application. For example, someone may choose

1There are many modalities of medical images [24]. In this thesis, we consider the

commonly used modalities: Computed Tomography (CT), Magnetic Resonance (MR), X-ray, Digital Subtraction Angiography (DSA), Radio Fluoroscopy (RF), Ultrasound (US), and Mammography (MG).

to use a reversible watermarking scheme for medical image application, since the original image can be restored back and thus there may not have any legal or ethical impact. However, others may argue that reversible schemes discontinue the security protection once the watermark is removed, thus irreversible RONI- based schemes could be better. Similarly, there are many other requirements (e.g., computational complexity, security attacks), which may be left unattended for the watermarking schemes.

Therefore it is necessary and makes sense to investigate the systematic de- velopment and evaluation of digital watermarking schemes in general for digital image applications and then their application to medical images, addressing the identied research gaps.