Bin Pan,Yu Tian,Tian-shu Zhou,Feng Wang,Jing-song Li

DOI: https://doi.org/10.1109/itme.2015.98

2015-01-01

Abstract:Image data communication is playing a more and more important role in the process of clinical data exchange during which the data can be intercepted and revealed. Hence lots of methods have been proposed to protect the images from unauthorized access and alteration. Yet, they all have various limitations. This work proposes an encryption framework with RSA, AES and MurmurHash to ameliorate these issues. In which, pixels and the remaining are encrypted with AES and RSA separately, and MurmurHash is embedded to ensure image integrity, thereby improving the overall security and process performance. The images can be restored without any loss of information using the correct key. The whole experiment has been done in c#.

Shengyuan Pang,Yanjiao Chen,Jiangyi Deng,Jialin Wu,Yijie Bai,Wenyuan Xu

DOI: https://doi.org/10.1109/metacom62920.2024.00040

2024-01-01

Abstract:Machine learning models dazzle us with their incredible performance but may irritate us with data privacy issues. Various attacks have been proposed to peep into the sensitive training data of machine learning models, the mainstream ones being membership inference attacks and model inversion attacks. As a countermeasure, defense strategies have been devised. Nonetheless, a unified theoretical framework and evaluation testbed for training data privacy analysis is lacking. In this paper, we taxonomize representative attack methods regarding the attack objective, attack knowledge, and attack capability. As for the defense, we focus on the novel idea of turning adversarial attacks into privacy protection tools, hence the title adversarial for good. To provide an open-sourced integrated platform to evaluate different attacks and defenses. Our experiment results show that adopting adversarial example attacks and adversarial training for data privacy protection is compelling, which may motivate more efforts in transforming adversarial to good in the future.

Praveen Fernando,Jin Wei-Kocsis

DOI: https://doi.org/10.48550/arXiv.2109.06634

2021-09-14

Abstract:Due to the advances of sensing and storage technologies, a tremendous amount of data becomes available and, it supports the phenomenal growth of artificial intelligence (AI) techniques especially, deep learning (DL), in various application domains. While the data sources become valuable assets for enabling the success of autonomous decision-making, they also lead to critical vulnerabilities in privacy and security. For example, data leakage can be exploited via querying and eavesdropping in the exploratory phase for black-box attacks against DL-based autonomous decision-making systems. To address this issue, in this work, we propose a novel data encryption method, called AdvEncryption, by exploiting the principle of adversarial attacks. Different from existing encryption technologies, the AdvEncryption method is not developed to prevent attackers from exploiting the dataset. Instead, our proposed method aims to trap the attackers in a misleading feature distillation of the data. To achieve this goal, our AdvEncryption method consists of two essential components: 1) an adversarial attack-inspired encryption mechanism to encrypt the data with stealthy adversarial perturbation, and 2) a decryption mechanism that minimizes the impact of the perturbations on the effectiveness of autonomous decision making. In the performance evaluation section, we evaluate the performance of our proposed AdvEncryption method through case studies considering different scenarios.

Cryptography and Security

Qingsong Yao,Zecheng He,Yuexiang Li,Yi Lin,Kai Ma,Yefeng Zheng,S. Kevin Zhou

2023-12-04

Abstract:Deep learning based methods for medical images can be easily compromised by adversarial examples (AEs), posing a great security flaw in clinical decision-making. It has been discovered that conventional adversarial attacks like PGD which optimize the classification logits, are easy to distinguish in the feature space, resulting in accurate reactive defenses. To better understand this phenomenon and reassess the reliability of the reactive defenses for medical AEs, we thoroughly investigate the characteristic of conventional medical AEs. Specifically, we first theoretically prove that conventional adversarial attacks change the outputs by continuously optimizing vulnerable features in a fixed direction, thereby leading to outlier representations in the feature space. Then, a stress test is conducted to reveal the vulnerability of medical images, by comparing with natural images. Interestingly, this vulnerability is a double-edged sword, which can be exploited to hide AEs. We then propose a simple-yet-effective hierarchical feature constraint (HFC), a novel add-on to conventional white-box attacks, which assists to hide the adversarial feature in the target feature distribution. The proposed method is evaluated on three medical datasets, both 2D and 3D, with different modalities. The experimental results demonstrate the superiority of HFC, \emph{i.e.,} it bypasses an array of state-of-the-art adversarial medical AE detectors more efficiently than competing adaptive attacks, which reveals the deficiencies of medical reactive defense and allows to develop more robust defenses in future.

Image and Video Processing,Computer Vision and Pattern Recognition,Machine Learning

Lilai Zhang,Shaohua Wan,S. Berretti,Yiru Wu

DOI: https://doi.org/10.1109/TII.2022.3194590

IF: 12.3

2023-02-01

IEEE Transactions on Industrial Informatics

Abstract:There exists a rising concern on security of healthcare data and service. Even small lost, stolen, displaced, hacked, or communicated in personal health data could bring huge damage to patients. Therefore, we propose a novel content-aware deoxyribonucleic acid (DNA) computing system to encrypt medical images, thus guaranteeing privacy and promoting secure healthcare environment. The proposed system consists of sender and receiver to perform tasks of encryption and decryption, respectively, where both contain the same structure design, but perform opposite operations. In either sender or receiver, we design a randomly DNA encoding and a content-aware permutation and diffusion module. Considering introducing random mechanism to increase difficulty of cracking, the former module builds a random encryption rule selector in DNA encoding process by randomly mapping quantity of medical image pixels to outputs. Meanwhile, the latter module constructs a permutation sequence, which not only encodes information of pixel values, but also involves redundant correlation between adjacent pixels located in a patch. Such design brings awareness property of medical image content to greatly increase complexity in cracking by embedding semantical information for encryption. We demonstrate that the proposed system successfully improve cybersecurity of medical images against various attacks in robustness and effectiveness when transmitting data in wireless broadcasting scenarios.

Medicine,Computer Science

Xiuli Chai,Gongyao Cao,Zhifeng Fu,Zhihua Gan,Binjie Wang,Yushu Zhang

DOI: https://doi.org/10.1016/j.bspc.2024.106424

IF: 5.1

2024-01-01

Biomedical Signal Processing and Control

Abstract:With the rapid development of telemedicine technology, electronic medical records (EMR) are facing security issues such as illegal access, leakage and malicious tampering during the transmission of electronic patient information (EPI). In view of this, a high-capacity RDHEI based on adaptive pixel modulation and high bit-plane based redundancy matrix coding (HBP-RMC) is proposed to effectively achieve patient privacy protection by embedding private data such as electronic medical records and authentication information into encrypted medical images. Specifically, the carrier image is encrypted using designed block-level disruption and adaptive pixel-modulation to preserve pixel-correlation. This method provides the basis for high embedding rates while ensuring the overall security of the image. Next, an accurate block-level pixel prediction is proposed to make full use of the high correlation to generate considerable redundancy and in balance with high prediction accuracy. Then the proposed HBP-RMC is used to maximally convert the redundant information into the embeddable space and effectively limit the size of the auxiliary information. At the decoding end, users can realize separable image restoration and information extraction according to their own keys. The maximum ERs of our scheme on the BOWS-2 and BOSSbase datasets can reach 2.9332 bpp and 3.0249 bpp, respectively. Extensive experiments prove that our algorithm outperforms some existing state-of-the-art schemes.

Xiuli Chai,Zongwei Tang,Zhihua Gan,Yang Lu,Binjie Wang,Yushu Zhang

DOI: https://doi.org/10.1016/j.bspc.2023.105877

IF: 5.1

2024-01-01

Biomedical Signal Processing and Control

Abstract:The development of the Internet of Medical Things heavily relies on big data, and data security based on medical images has become a growing concern in society. Digital watermarking serves as a crucial technique for protecting and tracing medical image data copyright, as well as enabling forensic analysis. However, existing deep watermarking methods often neglect the protection of watermarks after extraction, leading to potential copyright disputes. To address this issue, this paper proposes SE-NDEND, a novel symmetric watermarking framework with neural network-based chaotic encryption for the Internet of Medical Things that significantly enhances the effectiveness and security of watermarking while maintaining robustness. Specifically, the SE-NDEND leverages neural networks to simulate chaotic systems and generate chaotic sequences, mitigating the complexity and high cost of implementing chaotic systems using hardware circuits. Moreover, we introduce a new noise layer with Moire ' distortion that interacts with the decoder, forming a symmetric network structure that bolsters the robustness of watermarking. Parameters are jointly trained and shared during the training process to counteract potential interference from the noise layer. Experimental results validate the effectiveness of SE-NDEND in enhancing copyright protection, traceability, and forensic capabilities, surpassing existing deep learning methods in terms of visual quality (with PSNR of 45.8492 dB and SSIM of 0.9874), security, and robustness. The proposed framework can find application in protecting medical image data in the Internet of Medical Things.

BoFeng Long,Zhong Chen,Tongzhe Liu,Ximei Wu,Chenchen He,Lujie Wang,Bofeng Long

DOI: https://doi.org/10.1109/access.2024.3371888

IF: 3.9

2024-03-19

IEEE Access

Abstract:Medical image encryption is essential to protect the privacy and confidentiality of patients' medical records. Deep learning-based encryption, which leverages the nonlinear characteristics of neural networks, has emerged as a promising new method for protecting medical images. In this paper, we present insights into deep learning-based medical image encryption and propose a novel end-to-end medical image encryption scheme based on these insights that leverages feature encoding and decoding for encrypting and decrypting images. Firstly, we explore a method that combines keys generated by the Logistic Map with encoded plaintext image features to improve network diffusion performance. Secondly, we employ a reversible neural network to enhance plaintext image reconstruction while maintaining encryption effectiveness. Finally, we propose a series of novel loss functions to measure the cost with the ideal cryptographic algorithm and continuously optimize our network. Experimental results demonstrate that our scheme improves the performance of image encryption and decryption and resists brute force attacks, statistical attacks, noise and cropping attacks.

computer science, information systems,telecommunications,engineering, electrical & electronic

Yang,Xingxing Xiao,Xue Cai,Weiming Zhang

DOI: https://doi.org/10.1109/access.2019.2929298

IF: 3.9

2019-01-01

IEEE Access

Abstract:Medical data security is facing great challenges in medical applications due to the open internet and the semi-trusted cloud. For the sake of privacy protection and the security of medical images, this paper proposes a secure and high visual-quality framework for medical images. In this framework, a novel reversible data hiding (RDH) based on lesion extraction embeds privacy data into medical images for privacy protection and image quality improvement, homomorphic encryption based on chaotic map encrypts images for medical image security. The experiments have shown that the proposed framework increases the security of medical data and improves the visual quality of medical images significantly. The proposed RDH in this framework outperforms the other RDH methods with contrast enhancement and the proposed encryption scheme increases image security well.

Jian Li,Zelin Zhang,Shengyu Li,Ryan Benton,Yulong Huang,Mohan Vamsi Kasukurthi,Dongqi Li,Jingwei Lin,Glen M. Borchert,Shaobo Tan,Gang Li,Bin Ma,Meihong Yang,Jingshan Huang

DOI: https://doi.org/10.1186/s12911-020-01328-2

IF: 3.298

2020-12-01

BMC Medical Informatics and Decision Making

Abstract:Abstract Background Medical image data, like most patient information, have a strong requirement for privacy and confidentiality. This makes transmitting medical image data, within an open network, problematic, due to the aforementioned issues, along with the dangers of data/information leakage. Possible solutions in the past have included the utilization of information-hiding and image-encryption technologies; however, these methods can cause difficulties when attempting to recover the original images. Methods In this work, we developed an algorithm for protecting medical image key regions. Coefficient of variation is first employed to identify key regions, a.k.a. image lesion areas; then additional areas are processed as blocks and texture complexity is analyzed. Next, our novel reversible data-hiding algorithm embeds lesion area contents into a high-texture area, after which an Arnold transformation is utilized to protect the original lesion information. After this, we use image basic information ciphertext and decryption parameters to generate a quick response (QR) code used in place of original key regions. Results The approach presented here allows for the storage (and sending) of medical image data within open network environments, while ensuring only authorized personnel are able to recover sensitive patient information (both image and meta-data) without information loss. Discussion Peak signal to noise ratio and the Structural Similarity Index measures show that the algorithm presented in this work can encrypt and restore original images without information loss. Moreover, by adjusting the threshold and the Mean Squared Error, we can control the overall quality of the image: the higher the threshold, the better the quality and vice versa. This allows the encryptor to control the amount of degradation as, at appropriate amounts, degradation aids in the protection of the image. Conclusions As shown in the experimental results, the proposed method allows for (a) the safe transmission and storage of medical image data, (b) the full recovery (no information loss) of sensitive regions within the medical image following encryption, and (c) meta-data about the patient and image to be stored within and recovered from the public image.

medical informatics

Kaiyan Chang,Wei Jiang,Jinyu Zhan,Zicheng Gong,Weijia Pan

DOI: https://doi.org/10.1016/j.sysarc.2020.101912

IF: 5.836

2021-03-01

Journal of Systems Architecture

Abstract:<p>Integrating idle embedded devices into cloud computing is a promising approach to support Distributed Machine Learning (DML). In this paper, we approach to address the data hiding problem in such DML systems. For the purpose of the data encryption in DML systems, we introduce the tripartite asymmetric encryption theorem to provide theoretical support. Based on the theorem, we design a general image encryption scheme (called ArchNet), which can encrypt original images via the encoder to resist against illegal users. ArchNet encrypts the data set by a specific neural network, which is especially trained for encryption. The encrypted data can be easily recognized by deep learning model. However, the encrypted data can not be recognized by human, which makes the illegal attacker difficult to steal the encrypted data. We use MNIST, Fashion-MNIST and Cifar-10 datasets to evaluate efficiency of our design. We deploy certain base models on the encrypted datasets and compare them with the RC4 algorithm and differential privacy policy. Our design can improve the accuracy on MNIST up to 97.26% compared with RC4. The accuracies on these three datasets encrypted by ArchNet are similar to the base model. ArchNet can be deployed on DML systems with embedded devices.</p>

computer science, software engineering, hardware & architecture

Yi Ding,Zi Wang,Zhen Qin,Erqiang Zhou,Guobin Zhu,Zhiguang Qin,Kim-Kwang Raymond Choo

DOI: https://doi.org/10.1109/tifs.2023.3322315

IF: 7.231

2023-11-22

IEEE Transactions on Information Forensics and Security

Abstract:Medical images often contain sensitive information, and one typical security measure is to encrypt medical images prior to storage and analysis. A number of solutions, such as those utilizing deep learning, have been proposed for medical image encryption and decryption. However, our research shows that deep learning-based encryption models can potentially be vulnerable to backdoor attacks. In this paper, a backdoor attack paradigm for encryption and decryption network is proposed and corresponding attacks are respectively designed for encryption and decryption scenarios. For attacking the encryption model, a backdoor discriminator is adopted, which is randomly trained with the normal discriminator to confuse the encryption process. In the decryption scenario, a number of subnetwork parameters are replaced and the subnetwork can be activated when detecting the trigger embedded into the input (encrypted image) to degrade the decryption performance. Considering the model performance degradation due to parameter replacement, the model pruning is also adopted to further strengthen the attacking performance. Furthermore, the image steganography is adopted to generate invisible triggers for each image; subsequently, improving the stealthiness of backdoor attacks. Our research on designing backdoor attacks for encryption and decryption network can serve as an attacking mode for such networks, and provides another research direction for improving the security of such models. This research is also one of the earliest works to realize the backdoor attack on the deep learning based medical encryption and decryption network to evaluate the security performance of these networks. Extensive experimental results show that the proposed method can effectively threaten the security performance both for the encryption and decryption network.

computer science, theory & methods,engineering, electrical & electronic

Anamaria Vizitiu,Cosmin Ioan Niƫă,Andrei Puiu,Constantin Suciu,Lucian Mihai Itu

DOI: https://doi.org/10.1155/2020/3910250

2020-04-09

Abstract:In recent years, powered by state-of-the-art achievements in a broad range of areas, machine learning has received considerable attention from the healthcare sector. Despite their ability to provide solutions within personalized medicine, strict regulations on the confidentiality of patient health information have in many cases hindered the adoption of deep learning-based solutions in clinical workflows. To allow for the processing of sensitive health information without disclosing the underlying data, we propose a solution based on fully homomorphic encryption (FHE). The considered encryption scheme, MORE (Matrix Operation for Randomization or Encryption), enables the computations within a neural network model to be directly performed on floating point data with a relatively small computational overhead. We consider the well-known MNIST digit recognition problem to evaluate the feasibility of the proposed method and show that performance does not decrease when deep learning is applied on MORE homomorphic data. To further evaluate the suitability of the method for healthcare applications, we first train a model on encrypted data to estimate the outputs of a whole-body circulation (WBC) hemodynamic model and then provide a solution for classifying encrypted X-ray coronary angiography medical images. The findings highlight the potential of the proposed privacy-preserving deep learning methods to outperform existing approaches by providing, within a reasonable amount of time, results equivalent to those achieved by unencrypted models. Lastly, we discuss the security implications of the encryption scheme and show that while the considered cryptosystem promotes efficiency and utility at a lower security level, it is still applicable in certain practical use cases.

Yang Yang,Xingxing Xiao,Xue Cai,Weiming Zhang

DOI: https://doi.org/10.1109/LSP.2020.2965826

2020-01-01

IEEE Signal Processing Letters

Abstract:Protection of medical data has become a prerequisite in medical imaging clouds due to the semi-trusted cloud. Aiming at preserving patients' privacy and increasing the security of medical images in the cloud, this letter proposes a secure and privacy-preserving technique which provides a new security mechanism for medical data. In this technique, a novel reversible data hiding (RDH) based on adaptive texture classification is proposed to embed privacy data into medical images for preserving patients' privacy and improving image quality, and plaintext encryption is proposed to encrypt the marked medical image into the similar image of target image for increasing image security. Extensive experiments have shown that the proposed RDH is better than other RDH methods. Plaintext encryption can reduce the attacker's attention and increase the security of medical images well.

Qingsong Yao,Zecheng He,Yi Lin,Kai Ma,Yefeng Zheng,S. Kevin Zhou

DOI: https://doi.org/10.48550/arXiv.2012.09501

2021-05-28

Abstract:Deep neural networks (DNNs) for medical images are extremely vulnerable to adversarial examples (AEs), which poses security concerns on clinical decision making. Luckily, medical AEs are also easy to detect in hierarchical feature space per our study herein. To better understand this phenomenon, we thoroughly investigate the intrinsic characteristic of medical AEs in feature space, providing both empirical evidence and theoretical explanations for the question: why are medical adversarial attacks easy to detect? We first perform a stress test to reveal the vulnerability of deep representations of medical images, in contrast to natural images. We then theoretically prove that typical adversarial attacks to binary disease diagnosis network manipulate the prediction by continuously optimizing the vulnerable representations in a fixed direction, resulting in outlier features that make medical AEs easy to detect. However, this vulnerability can also be exploited to hide the AEs in the feature space. We propose a novel hierarchical feature constraint (HFC) as an add-on to existing adversarial attacks, which encourages the hiding of the adversarial representation within the normal feature distribution. We evaluate the proposed method on two public medical image datasets, namely {Fundoscopy} and {Chest X-Ray}. Experimental results demonstrate the superiority of our adversarial attack method as it bypasses an array of state-of-the-art adversarial detectors more easily than competing attack methods, supporting that the great vulnerability of medical features allows an attacker more room to manipulate the adversarial representations.

Computer Vision and Pattern Recognition

Erfan Darzi,Florian Dubost,N.M. Sijtsema,P.M.A van Ooijen

2023-10-10

Abstract:Federated learning offers a privacy-preserving framework for medical image analysis but exposes the system to adversarial attacks. This paper aims to evaluate the vulnerabilities of federated learning networks in medical image analysis against such attacks. Employing domain-specific MRI tumor and pathology imaging datasets, we assess the effectiveness of known threat scenarios in a federated learning environment. Our tests reveal that domain-specific configurations can increase the attacker's success rate significantly. The findings emphasize the urgent need for effective defense mechanisms and suggest a critical re-evaluation of current security protocols in federated medical image analysis systems.

Cryptography and Security,Machine Learning,Image and Video Processing

Adam Yala,Homa Esfahanizadeh,Rafael G. L. D' Oliveira,Ken R. Duffy,Manya Ghobadi,Tommi S. Jaakkola,Vinod Vaikuntanathan,Regina Barzilay,Muriel Medard

DOI: https://doi.org/10.48550/arXiv.2106.02484

2021-06-04

Abstract:Balancing the needs of data privacy and predictive utility is a central challenge for machine learning in healthcare. In particular, privacy concerns have led to a dearth of public datasets, complicated the construction of multi-hospital cohorts and limited the utilization of external machine learning resources. To remedy this, new methods are required to enable data owners, such as hospitals, to share their datasets publicly, while preserving both patient privacy and modeling utility. We propose NeuraCrypt, a private encoding scheme based on random deep neural networks. NeuraCrypt encodes raw patient data using a randomly constructed neural network known only to the data-owner, and publishes both the encoded data and associated labels publicly. From a theoretical perspective, we demonstrate that sampling from a sufficiently rich family of encoding functions offers a well-defined and meaningful notion of privacy against a computationally unbounded adversary with full knowledge of the underlying data-distribution. We propose to approximate this family of encoding functions through random deep neural networks. Empirically, we demonstrate the robustness of our encoding to a suite of adversarial attacks and show that NeuraCrypt achieves competitive accuracy to non-private baselines on a variety of x-ray tasks. Moreover, we demonstrate that multiple hospitals, using independent private encoders, can collaborate to train improved x-ray models. Finally, we release a challenge dataset to encourage the development of new attacks on NeuraCrypt.

Cryptography and Security,Artificial Intelligence

Yang Li,Shaoying Liu

DOI: https://doi.org/10.3390/bioengineering10080973

IF: 5.046

2023-08-17

Bioengineering

Abstract:Deep-learning-assisted medical diagnosis has brought revolutionary innovations to medicine. Breast cancer is a great threat to women’s health, and deep-learning-assisted diagnosis of breast cancer pathology images can save manpower and improve diagnostic accuracy. However, researchers have found that deep learning systems based on natural images are vulnerable to attacks that can lead to errors in recognition and classification, raising security concerns about deep systems based on medical images. We used the adversarial attack algorithm FGSM to reveal that breast cancer deep learning systems are vulnerable to attacks and thus misclassify breast cancer pathology images. To address this problem, we built a deep learning system for breast cancer pathology image recognition with better defense performance. Accurate diagnosis of medical images is related to the health status of patients. Therefore, it is very important and meaningful to improve the security and reliability of medical deep learning systems before they are actually deployed.

Qi-Xian Huang,Wai Leong Yap,Min-Yi Chiu,Hung-Min Sun

DOI: https://doi.org/10.1109/ACCESS.2022.3185206

IF: 3.9

2022-01-01

IEEE Access

Abstract:The need for cloud servers for training deep neural network (DNN) models is increasing as more complex architecture designs of DNN models are developed. Nevertheless, cloud servers are considered semi-honest. With great attention to the privacy issues of medical diagnoses using a DNN, previous studies have proposed the idea of learnable image encryption. Though some methods have been presented to partially attack previous encryption schemes, there is still some space for improvement. We proposed a learnable image encryption scheme that is an enhanced version of previous methods and can be used to train a great DNN model and simultaneously keep the privacy of training images. We conducted an experiment on medical datasets from open sources and the result demonstrates the effectiveness of our proposed method in performance and privacy-preserving.

Erfan Darzi,Nanna M. Sijtsema,P.M.A van Ooijen

2023-10-13

Abstract:This paper explores the security aspects of federated learning applications in medical image analysis. Current robustness-oriented methods like adversarial training, secure aggregation, and homomorphic encryption often risk privacy compromises. The central aim is to defend the network against potential privacy breaches while maintaining model robustness against adversarial manipulations. We show that incorporating distributed noise, grounded in the privacy guarantees in federated settings, enables the development of a adversarially robust model that also meets federated privacy standards. We conducted comprehensive evaluations across diverse attack scenarios, parameters, and use cases in cancer imaging, concentrating on pathology, meningioma, and glioma. The results reveal that the incorporation of distributed noise allows for the attainment of security levels comparable to those of conventional adversarial training while requiring fewer retraining samples to establish a robust model.

Computer Vision and Pattern Recognition