1 Introduction

E-healthcare systems are currently being integrated with conventional health care systems to acquire benefits of current-day technological advancements. The current E-healthcare system is doing telediagnosis of a patient, for this purpose, it requires medical reports of the patient including all image and text-based reports to share among its remote centers. Though E-healthcare systems bring the best medical facilities at your doorsteps, but during the implementation process experiences some challenges also. One of the fundamental concerns to be addressed for the implementation of E-healthcare system is security, authentication and copyright protection of the patient data respectively. Data hiding is the most robust tool that can address the above-mentioned issues. Various data hiding techniques are applied to protect data integrity and through these techniques, one can ensure data reliability. Sometimes, during the data hiding process, receiver is not able to reconstructed cover image successfully while in few applications, for example, medical, military, and law crime scene investigation, loss of cover image is not permitted. In these cases, an extraordinary sort of data hiding strategy called reversible or lossless data hiding is utilized. Reversible data hiding is meant to embed the secret message in cover image in such a way that at receiver end, secret message as well as original cover image is recovered successfully. Encryption is the most promising solution to maintain confidentiality and privacy of data. The integration of encryption and reversible data hiding technologies plays an important role in privacy protection. As a result, reversible data hiding (RDH) in encrypted image (RDH-EI) has attracted great attention from the research community. A detailed review of the stated work ([14, 17,18,19,20]) reveals that for medical images, reporting methods have low embedding capacity and they do not even support content authentication for patient data also. Keeping this in view, an enhanced reversible data hiding algorithm in encrypted domain to embed electronic patient information in cover image has been presented in this paper. In addition to embedding EPI, it also adds a fragile watermark for authentication of EPI at receiver end. Any type of attack during transmission process results in non-recovery of embedded watermark at receiver end that conveys that the EPI has been transformed during transmission process. The key features of the proposed algorithm are summarized as follows:

  • Paillier cryptosystem is used for encryption instead of conventional ones to avoid underflow and overflow problems during data embedding in cover image.

  • Binary EPI is embedded at every pixel of cover image to improve the embedding capacity.

  • A fragile watermark is used for content authentication at the receiver end.

The layout of paper is given as follows. Section 2 shows a compact written work outline about reversible data hiding methods. Section 3 described proposed algorithm in detail. Further, discussions are conducted in Section 4 for comparison of embedding performance and reversibility nature of proposed algorithm with the compared algorithms. Finally, paper is concluded in Section Section 5.

2 Literature Review

There is a lot of research done in reversible data hiding domain; some are illustrated as follows- Firstly, the idea of hiding information from attackers was presented by Shi [1]. Afterward, difference expansion based reversible data hiding technique was proposed by Tian[2], where a single bit was embedded between two close-by pixels through difference computation. Ni et al. [3] had given a scheme where a secret message is embedded at the histogram’s peak point of cover image. Afterward, Bo et al.[4] had given a method where cover image is segmented into equal-sized blocks and each block’s histogram embedded secret message in it. M. Celik et al.[5] depicted a steganographic methodology for compressed cover image pixels. Qian et al.[6] exhibited a separable reversible data hiding algorithm where cover image is encrypted through block cipher algorithm.

Zhang[7], firstly segmented cover image into equal-sized blocks, and after that, each block is further subdivided into two sub-blocks where one bit of secret message is embedded in it. The secret message is extracted through the computation of fluctuation function corresponding to each block. But during the computation of fluctuation function, boundary pixels are to be excluded which results in high bit error rate value. Wu and Sun[8] exhibited a method where blocks are further segmented into two sub-blocks. Embeddable pixel’s neighbors are not selected for data embedding which results in high peak-signal-to-noise-ratio(PSNR) value and low bit error rate respectively. Hong et al.[9] included boundary pixels during computation of fluctuation function which results in the same PSNR value and low bit error rate value as compare to Zhang[7]. Young et al.[10] segmented cover image into equal-sized blocks and after that, each block is further subdivided into two sub-blocks where one bit of secret message is embedded in it using the concept of lattice. Embeddable pixel’s four-connectivity neighbors are not selected for data embedding which results in high PSNR value and low bit error rate value. Ma et al.[11] proposed a reversible data hiding method before encryption of cover image. Liao and Changwen[12] improved computation of fluctuation function through calculating mean difference of neighboring pixels. Paillier cryptosystem[13] is utilized for encryption of cover image in Chen et al.[14] where one bit of secret message is embedded per pixel pair. Wu et al.[15] presented a reversible data hiding algorithm for signals which are encrypted through Paillier cryptosystem[13] and embedded one bit of binary secret message at a single pixel successfully. Bhardwaj and Aggarwal[16] introduced a reversible data hiding algorithm in encrypted domain where n secret bits are embedded per block by segmenting them into n sub-blocks. The drawback of this method is that for small block size, secret message is not extracted correctly which result in a high bit error rate.

Lu et al.[17] had given a method where dual stego images are generated by folded secret message centrally. Yao et al.[18] described a dual-image method based on pixel co-ordinate system which results in minimum distortion of pixel’s coordinate value. Lee and Huang[19] presented a method where dual stego images are generated through orientation combination of pixel coordinates. Here, binary secret message by changed over it into \(base_{5}\) numeral framework is embedded which results in improved embedding rate. Chi et al.[20] presented a dynamic encoding scheme where frequent occurrence of secret digits is encoded as the minimum absolute digit. The favored stance denotes that for the same embedding rate, the proposed method gave a higher PSNR than existing methods. Lu et al.[21] proposed a frequency encoding method to eliminate the disadvantage of Lu et al.[17] strategy.

Shiu et al.[22] employed a reversible scheme for preservation of patient information in ECG signals through error correcting-coding method where \((n-m)\) bits of secret message are embedded into n number of signals with the help of (nm) hamming code successfully. Parah et al.[23] presented a reversible data hiding scheme for embedding patient information in medical images where cover image is interpolated through Pixel to Block (PTB) conversion method to guarantee reversibility of medical images. A high capacity reversible data hiding method which is capable of tamper detection of patient information at receiver end has been presented in this paper [24]. Bhalero et al.[25] embedded patient data in ECG signals using a prediction error expansion scheme where prediction of the sample values is performed through deep neural network respectively. Mansour et al.[26] proposed a highly robust reversible data hiding method in encrypted domain where patient data is hidden in medical images with the help of Discrete Ripplet Transformation technique successfully. The most significant commitment of proposed work is to employ adaptive genetic algorithm for optimal pixel adjustment process that enhances embedding capacity as well as imperceptibility features also.

Table 1 Study of some state-of-art methods in terms of imperceptibility and payload
Full size table

3 Proposed Algorithm

The current E-healthcare system is doing telediagnosis of a patient, for this purpose, it requires medical reports of the patient including all image and text-based reports to share among its remote centers. Though E-healthcare systems bring the best medical facilities at your doorsteps, but during implementation process experiences some challenges also. Primary concern to be addressed for the implementation of E-healthcare system is security, authentication and copyright protection of the patient data respectively. Encryption is the most promising solution to maintain confidentiality and privacy of data. The integration of encryption and reversible data hiding technologies plays an important role in privacy protection. Keeping this in view, an enhanced reversible data hiding algorithm in the encrypted domain to embed electronic patient information(EPI) in cover image has been represented in this paper. In proposed method (Fig.1), Paillier cryptosystem is used for encryption instead of conventional ones to avoid underflow and overflow problems during data embedding in cover image.

Fig. 1
figure 1

Workflow of proposed algorithm

Full size image

Pailler cryptosystem[13] is discussed briefly in subsection 3.1 respectively.Data embedding algorithm is discussed in detail in subsection 3.2 while as data extraction and image recovery algorithm is discussed briefly in subsection 3.3.

3.1 Paillier Cryptosystem

This is public key cryptosystem based on the composite residuosity class problem. It comprised three procedures: key generation, data encryption and data decryption as described as follows-

  • Let p and q be two large prime numbers that are independent of each other.

  • Compute \(N=pq\) and \(\lambda =LCM(p-1,q-1)\)

  • Select generator g such that \(g \;\in \; Z_{N^2}^{*}\) and \(gcd(S(g^{\lambda } mod \; N^{2}),N)=1\) where

    $$ S(x)=\frac{x-1}{N} $$
    (1)

  • Consider a message \(m \in Z_N^*\) and randomly chosen \(r\in Z_N^*\). Compute the cipher text of m as

    $$ c={g}^m{r}^N\mathit{\operatorname{mod}}\ {N}^2 $$
    (2)

  • Public key is composed of (Ng) and private key is composed of \((p,q,\lambda )\).

  • Decryption of ciphertext c is given by

    $$ m=\frac{S\left({c}^{\lambda}\mathit{\operatorname{mod}}\ {N}^2\right)}{S\left({g}^{\lambda}\mathit{\operatorname{mod}}\ {N}^2\right)}\mathit{\operatorname{mod}}\ N $$
    (3)

  • Given two plaintexts \(m_1\) and \( m_2 \), corresponding ciphertexts are given by \(Enc [m_1]\) and \(Encr[m_2]\). The additive homomorphic property, \(Encr[m_1]\times Encr[m_2] =Encr[m_1+m_2]\) holds because of

$$ {\displaystyle \begin{array}{r} Encr\left[{m}_1\right]\times Encr\left[{m}_2\right]=\left({g}^{m_1}{r}_1^N\mathit{\operatorname{mod}}\ {N}^2\right)\left({g}^{m_2}{r}_2^N\mathit{\operatorname{mod}}\ {N}^2\right)=\\ {}\left({g}^{m_1+{m}_2}{\left({r}_1{r}_2\right)}^N\mathit{\operatorname{mod}}\ {N}^2\right)= Encr\left[{m}_1+{m}_2\right]\end{array}} $$
(4)

The multiplicative homomorphic property,

$$ {\displaystyle \begin{array}{r} Encr{\left[{m}_1\right]}^x={\left({g}^{m_1}{r}_1^N\mathit{\operatorname{mod}}\ {N}^2\right)}^x={\left({g}^{m_1}{r}_1^N\right)}^x\mathit{\operatorname{mod}}\ {N}^2=\\ {}\left({g}^{x{m}_1}\right)\left({r}_1^{x^N}\right)\mathit{\operatorname{mod}}{N}^2= Encr\left[x{m}_1\right]\end{array}} $$
(5)

3.2 Data Embedding Phase

$$\begin{aligned} {\left\{ \begin{array}{ll} P_{u,v} = x_{u,v}+y_{u,v}+z_{u,v}\\ where\quad x_{u,v},\;y_{u,v}=\lfloor \frac{P_{u,v}}{2}\rfloor ,\quad \\ z_{u,v} =mod\;(P_{u,v},2)\\ \end{array}\right. } \end{aligned}$$
(6)
figure afigure a
$$\begin{aligned}{}[P_{u,v}]=[x_{u,v}]+[y_{u,v}]+[z_{u,v}] \end{aligned}$$
(7)

3.3 Data extraction and image recovery phase

In our method, firstly stego image is decrypted through Paillier cryptosystem[13] at receiver end, then it is conceivable to extract the secret message and recuperate original cover image with no error.

figure bfigure b
$$\begin{aligned} {\left\{ \begin{array}{ll} W =\sum _{u=0}^{M-1}\sum _{v=0}^{N-1}w_{u,v} \\ CI=\sum _{u=0}^{M-1}\sum _{v=0}^{N-1}P_{u,v} \\ \end{array}\right. } \end{aligned}$$
(8)

Example: Working of proposed algorithm on sample pixel values 0, 64, 127 and 255 is shown in Table2.

Table 2 Example
Full size table

4 Experimental Study

The experimental study has been carried out using MATLAB R2017a platform for different \({512 \times 512}\) test images obtained from database of The Cancer Imaging Archive (TCIA) as shown in Fig.2 respectively. The exhibition of the proposed method has been assessed as far as metrics like Peak Signal to Noise Ratio (PSNR), Mean Square Error (MSE), Structural Similarity Index Matrix (SSIM), Normalized Cross-correlation (NCC), Bit Error Rate (BER) and Embedding Rate (bpp) respectively. PSNR, SSIM, NCC are used to evaluate the quality of stego images while BER is used to evaluate the error between embedded and extracted watermark. Let f(xy) denote the value of pixel (xy) in the cover image of size \(M \times N\) and sm and \(sm^{'}\) is embedded and extracted watermark,where \(A \times B\) is the size of the watermark. These metrics are defined as follows -

$$ PSNR=10\ {\mathit{\log}}_{10}\frac{255^2}{MSE} $$
(9)

where

$$ {\displaystyle \begin{array}{l} MSE=\frac{1}{M\times N}\sum \limits_{x=1}^M\sum \limits_{y=1}^N{\left(f\left(x,y\right)-\overset{\sim }{f}\left(x,y\right)\right)}^2\\ {} SSIM\left(x,y\right)=\frac{\left(2{\mu}_x{\mu}_y+{c}_1\right)\left(2{\sigma}_{xy}+{c}_1\right)}{\left({\mu}_x^2+{\mu}_y^2{c}_1\right)\left({\sigma}_x^2+{\sigma}_y^2c2\right)}\end{array}} $$
(10)

where \(\mu _x\) is average of x, \(\mu _y\) is average of y, \(\sigma _x^2\) is variance of x, \(\sigma _y^2\) is variance of y, \(\sigma _{xy}\) is covariance of x and y, \(c_1=(k_1L)^2, c_2=(k2L)^2, L=(2^8-1), k_1=0.01\) and \(k_2=0.03\) respectively.

$$ NAE=\frac{\sum_{x=1}^M{\sum}_{y=1}^M\left|f\left(x,y\right)-\hat{f}\left(x,y\right)\right|}{\sum_{x=1}^M{\sum}_{y=1}^Mf\left(x,y\right)} $$
(11)
$$ NCC=\frac{\sum_{x=1}^M{\sum}_{y=1}^Nf\left(x,y\right)\overset{\sim }{f}\left(x,y\right)}{\sqrt{\sum_{x=1}^M{\sum}_{y=1}^Nf{\left(x,y\right)}^2{\sum}_{x=1}^{2M}{\sum}_{y=1}^{2N}\overset{\sim }{f}{\left(x,y\right)}^2}} $$
(12)
$$ R=\frac{Payload}{M\times N} $$
(13)
$$ BER=\frac{\sum_{i=1}^A{\sum}_{j=1}^B\left(\ sm\left(i,j\right)\oplus s{m}^{\prime}\left(i,j\right)\ \right)\times 100}{Count\_ of\_ embedded\_ bits} $$
(14)
Fig. 2
figure 2

Test images

Full size image

4.1 Result Analysis

Here, we examined the performance of the proposed method and compared it with the existing state-of-the-art algorithms of Lu et al.\((k=2)\)[17], Yao et al.\((k=1,k=2)\)[18], Lee & Huang[19] and Chi et al.\((k=2)\)[20] respectively. Table 3 demonstrates the examination of the proposed method with all other compared methods with reference to embedding rate and the PSNR value attained on test images as shown in Fig.2 respectively. From Table 3, it can be observed that the proposed method achieved maximum embedding rate for all test images (approx.) and similarity of cover and stego image with one another in a degree to yield an average PSNR value of 48.13 dB. The same can also be observed from Fig.3 which graphically represents the comparison of the different payloads achieved by the proposed and compared methods. The embedding rate of proposed scheme is most prominent than other compared methods with an average visual quality of the stego images. Indeed, even as far as bits per pixel value, in most of the cases, embedding rate produced by the proposed method is at par with all the compared methods (Fig.4). After data embedding phase, proposed method successfully recovered original pixel values from stego image to facilitate reversibility. The unrivaled performance of the proposed method on all test images is attributed to its ability to manage the low-intensity pixels, which can cause the underflow issue during the procedure of data embedding. In the compared methods, they fundamentally neglect these low-intensity pixels, or by the day’s end mark them as non-embeddable cases. Since, in medical images, the count of such type of pixels is high as compared to natural images. The comparable can be seen from the outcomes introduced in Fig.4 too. The explanation behind this immense improvement in the embedding performance of the proposed method lies in its ability to hide information properly without any occurrence of underflow problem respectively. In this manner, all the compared methods were capable to give great embedding rate on natural images in contrast with medical images. Table 4 demonstrates the examination of the proposed algorithm with state-of-the-art algorithms with reference to image quality metrics like SSIM, NAE, NCC and Embedding Rate attained on medical images respectively. It is obvious from the obtained average values of quality metrics, high SSIM value coupled with NCC value of approximate unity specify that proposed algorithm is capable of providing high-quality images for a payload of one bpp respectively. It is also examined from Table 4 that the proposed algorithm gives a high embedding rate in encrypted domain with content authentication at receiver end while all other compared methods did not. In this manner it very well may be inferred that proposed method altogether beated all the compared methods in its ability to embed secret information and precisely recover it with maintaining the visual nature of stego images too. The purpose behind this enormous improvement in the embedding performance of the proposed methods lies in its capacity to embed data properly at low intensity pixels without any occurrence of underflow problem. Since, larger part of the pixels are black in medical images, so the proposed method performed extraordinarily well as compared to other methods for medical images.

4.2 Authentication Analysis

To evaluate performance of proposed scheme for its hidden message security at receiver end, we embedded a watermark inside the cover image. At the receiver end, extracted watermark is compared with the original one, if both watermarks are not matched with each other, it is accepted that the stego image and the hidden message is not legitimate. To assess performance of proposed scheme for its embedded message authentication, we subject stego image to well known image processing attacks on \({Med_4}(512 \times 512)\) cover image with embedding of watermark (cameraman) of size \((256 \times 256)\) Fig 5 respectively. From the outcomes for different attacks which are referenced in Fig 5, it is obvious that our strategy is profoundly fragile to every one of the attacks completed on different stego images and is approved by the way that the recovered watermark in the majority of the cases is not recognizable, thus demonstrative that the stego image has been attacked during transmission. High bit error rate value of the order of about (18-60)% for test images, approve the way that the proposed scheme is profoundly fragile, irrespective of the type of cover image.

Table 3 Comparative study of proposed method
Full size table
Fig. 3
figure 3

PSNR value comparison against different payload on test images

Full size image
Fig. 4
figure 4

Maximum Embedding rate comparison on test images

Full size image
Table 4 Comparative study of proposed method in terms of imperceptibility, payload and authenticity
Full size table
Fig. 5
figure 5

Image quality under different type of attacks

Full size image

4.3 Reversibility Analysis

At the receiver end, after extraction of the secret message, cover image is also reconstructed through stego image successfully. Theorem 1:-The proposed method is reversible in nature so that after extraction of the secret message, it reconstructs the original cover image at the receiver end successfully. Proof:-Consider any pixel value \((P_{u,v}= 2^{k}, k\le 7)\) in cover image(CI) which is divided into three units \(x_{u,v}\), \(y_{u,v}\) and \(z_{u,v}\) as follows-

$$ \left\{\begin{array}{l}{P}_{u,v}={x}_{u,v}+{y}_{u,v}+{z}_{u,v}\\ {} where\kern1em {x}_{u,v},{y}_{u,v}=\left\lfloor \frac{P_{u,v}}{2}\right\rfloor ={2}^{\left(k-1\right)}\\ {}{z}_{u,v}=\mathit{\operatorname{mod}}\ \left({2}^k,2\right)=0\end{array}\right. $$
(15)

Assumed secret message (\(w_{u,v}>0\)), after embedding \([w_{u,v}]\) into \([x_{u,v}]\), \([y_{u,v}]\) and \([z_{u,v}]\), they will be changed into \([x^{*}_{u,v}]\), \([y^{*}_{u,v}]\) and \( [z^{*}_{u,v}]\) as follows-

$$ \left\{\begin{array}{l}\left[{x}_{u,v}^{\ast}\right]=\left[{2}^{\left(k-1\right)}+{w}_{u,v}\right]\\ {}\left[{y}_{u,v}^{\ast}\right]=\left[{2}^{\left(k-1\right)}-{w}_{u,v}+1\right]\\ {}\left[{z}_{u,v}^{\ast}\right]=\left[0\right]\end{array}\right. $$
(16)

At receiver end, firstly \([x_{u,v}^{*}],[y_{u,v}^{*}],[z_{u,v}^{*}]\) are decrypted through Paillier cryptosystem[13] and extract the secret message \(w_{u,v}\) and reconstruct cover image(CI) as follows:-

$$ \left\{\begin{array}{l}{x}_{u,v}^{\ast }>{y}_{u,v}^{\ast },{w}_{u,v}=1\\ {}{m}_{u,v}^{\ast }={x}_{u,v}^{\ast }+{y}_{u,v}^{\ast }={2}^{\left(k-1\right)}+{2}^{\left(k-1\right)}={2}^k\\ {}\mathit{\operatorname{mod}}\ \left(\left({m}_{u,v}^{\ast },2\right)\ne 1\right)\\ {}{P}_{u,v}={x}_{u,v}^{\ast }+{y}_{u,v}^{\ast }+{z}_{u,v}^{\ast }={2}^{k-1}+{2}^{k-1}+0={2}^k={P}_{u,v}\end{array}\right. $$
(17)

Similarly, all pixel values of the cover image are retrieved and finally, the extraction of secret message and reconstruction of the original cover image is done successfully at the receiver end. So, it is to be concluded that proposed method is reversible in nature.

5 Conclusion

Data hiding applications in the E-healthcare framework have an extreme indulgence with reversibility, high payload and content authentication. To recover the original medical image at the receiver end for diagnosis and transfer of high payload, an enhanced reversible data hiding technique in an encrypted domain has been proposed in this paper. The proposed algorithm gives higher embedding rate by embedding a single bit of patient data in \(base_2\) numeral framework at every pixel of the cover image without any occurrence of underflow and overflow problem. As the proposed method does not incur underflow and overflow problem now it has been commissioned to embed and recover patient information precisely from low-intensity pixels too. This superlative quality makes the proposed method appropriate for utilization on medical images. An evaluation of the proposed algorithm with some state-of-the-art algorithms shows that the proposed method has higher embedding capacity and as such as far suitable for content authentication of EPI in a typical E-healthcare system. The proposed algorithm has been tested out in the spatial domain so that the embedded EPI is not robust to various types of noise attacks. In the future, we need to improve the robustness of the proposed method.