Secure Electronic Medical Records Transmission using NTRU Cryptosystem and LSB in Audio Steganography Adamu Abdulkadir, Shafi’i Muhammad Abdulhamid, Oluwafem Osho, Ismaila Idris and John K Alhassan Department of Cyber Security Science, Federal University of Technology, Minna, Nigeria. Email: abdulcybersec2015@gmail.com, shafii.abdulhamid@futminna.edu.ng, femi.osho@futminna.edu.ng, ismi_idris@yahoo.co.uk, jkalhassan@futminna.edu.ng Abstract - Electronic medical records (EMR) are vital Unfortunately, the current architecture of the internet does information, extremely sensitive private data in healthcare, not support security [1]. Attackers exploit this inherent and need to be frequently shared via the internet among peers. weakness to perpetrate different attacks which target EMR One of the major benefits derived from the internet is the ease data. Hence, the need for security of EMR data online of sending information from one system to another, cannot be over-emphasized. One method of protecting EMR irrespective of the location or distance between the nodes. This, and many other related important functionality, over the data online is data hiding. years, has attracted attackers who dedicate themselves to breaching the integrity, availability and confidentiality of EMR EMR data hiding simply involves embedding EMR data in information. Existing literature have proposed cryptographic different media. EMR data, such as text, images, videos, or techniques that are not quantum-safe. In this paper, an audio- audio can be concealed in a media, for security purpose. based system for hiding EMR information using a quantum- Techniques used for hiding EMR data are watermarking, safe cryptographic technique, Nth degree Truncated steganography, and cryptography [2]. Watermarking is Polynomial Ring Units (NTRU) cryptosystem, and the Least essentially used to indicate ownership of an object [3, 4]. Significant Bit (LSB) steganographic technique is proposed. Steganography is used to secure EMR data transmission. A The system was evaluated based on embedding capacity (EC), peak signal to noise ratio (PSNR), mean square error (MSE), message is usually hidden in another message to make it and histogram plots. Results showed our proposed system is imperceptible to unauthorized entities [5, 6]. able to securely hide the medical records without causing significant distortions in the original audio. One shortcoming, however, with strictly relying on steganograsphy is its vulnerability to steganalysis [7]. With Keywords - Electronic medical records (EMR), Information steganalysis hidden messages can be detected [8, 9]. One hiding, Security, Cryptography, Steganography, LSB, NTRU solution is to encrypt the message before embedding it in a media. Cryptography scrambles messages to render them unintelligible to unauthorized entities. This ensures that I. INTRODUCTION even if the attacker discovers the hidden message the actual Electronic medical records (EMR) are very delicate private content of the message is not decoded. records for diagnosis and treatment in healthcare, which need to be regularly shared among medical personnel in In this study, we propose a security enhancing EMR data both rural and urban settings such as healthcare providers, hiding system that leverages cryptography and insurance companies, pharmacies, researchers, patient’s steganography, specifically, the Nth degree TRUncated families, among others. This poses a major challenge on Polynomial Ring Units (NTRU) and Least Significant Bit keeping a patient’s medical history up-to-date and most at (LSB) respectively. times private. Transmissions of EMR information are mostly done using the cyber space or wide area networks The rest of the paper is organized as follows: in section II, which are prone to attacks. we review some related studies. The methodology used in the study is discussed in the next section. Section IV Since the advent of the internet, its capacity and presents the implementation of the system and results of the sophistication have continued to advance. From a platform evaluation. The study is concluded in section V. used primarily for displaying static web pages, it has become a tool for dynamic exchange of EMR data and II. RELATED WORKS information. Today, the internet not only serves as a Different cryptographic and steganographic techniques have repository of EMR information, but also, among other been proposed by authors. In the choice of steganographic purposes, provides functionality for exchange of techniques, few authors considered the use of transform information among different medical personnel. domain techniques. These include Discrete Wavelet Transform (DWT) [10], and Discrete Cosine Transform (DCT) [11]. However, most studies employed spatial Copyright Β© 2019 for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0) IREHI 2018 : 2nd IEEE International Rural and Elderly Health Informatics Conference domain techniques, with LSB as the most common. In the quantum-safe. This is the major contribution of this study by [12], a Hash Least Siginificant Bit (H-LSB) was research. proposed. This entails the use of hash function to determine the position of insertion in the LSB. [13], in their own work, Table 1. Review of related literatures combined the use of Pixel value differencing (PVD) and Steganography Cryptograph LSB to embed messages in truecolor RGB images. PVD No. Authors (Year) Tech y helps to determine the size of the secret message Type nique Technique embeddable in a pixel, using the difference between two 1. Abdullah & Aziz Image H- Affine Cipher consecutive pixels [14]. With this method, the stego-image (2016) LSB can hide much larger information, whilst still maintaining 2. Garg & Kaur Image LSB AES good visual quality [15, 16]. (2016) 3. Reddy & Kumar Image LSB AES To encrypt the messages before they are embedded into the (2016) various media, most studies seem to favor the use of 4. Sethi & Kapoor Image LSB AES symmetric techniques. Some of the techniques proposed are (2016) AES [17-22], DES [23], Blowfish [24], and Affine Cipher 5. Deshpande, Fusate, Audio LSB RSA [25]. Saraireh [26] proposed the use of the filter bank cipher Malviya, & over Galois field (GF (28)), to improve the resistivity of the Dhyavartiwar ( cipher against cryptanalysis attacks, specifically, differential 2015) and linear attacks. Usha, Kumar and Boopathybagan [27] 6. Hayfaa et al. Image LSB Substitution proposed an information hiding systems that implements (2014) cipher double layer of EMR data encryption. The message is first 7. Saraireh (2013). Image DWT Filter bank encrypted using the Playfair cipher. The ciphertext is then cipher encrypted using AES. Hayfaa, Ahmad and Noor [28], in 8. Singh & Malik Image LSB Blowfish their study, designed a simple substitution cipher which (2013) represents each character by five bit. It is essentially based 9. Abikoye, Adewole, Audio LSB DES on substituting characters in the English language with a & Oladipupo code number. (2012) 10. Gupta et al. (2012) Image LSB RSA and One of the few studies that involved the use of asymmetric DHA cryptographic scheme is [29]. The study explored the effects 11. Phad et al. (2012) Image PVD AES of two encryption schemes, RSA and DHA, on time and complexity. Their results showed that while the use of RSA LSB increased the time complexity in steganalysis, the Diffie 12. Usha et al. (2011) Image LSB Playfair Hellman Algorithm did not. Table 1 presents a summary of cipher and some related studies. AES 13. Sarmah & Bajpai Image DCT AES The objective of combining steganography with (2010) cryptography is to enhance the security of the hidden message, to the effect that even if the hidden message is discovered its true contents remain unreadable to the III. METHODOLOGY attacker. The level of security will therefore be dependent EMR data hiding system that leverages on cryptography and on the strength of the cryptographic scheme employed. Most steganography to secure message is presented. The message existing studies proposed modern cryptographic techniques. is first encrypted using NTRU. The encrypted message is However, these techniques are vulnerable to many attacks then embedded into a digital audio media using LSB including brute-force, known plaintext, chosen ciphertext technique before it is transmitted by the sender. The attacks [30]. encryption/decryption process by NTRU and embedding algorithm of the LSB technique are presented in the One other issue borders the fact that most asymmetric succeeding sections respectively. Figure 1 presents the cryptographic schemes are based essentially on either embedding process. For extraction of the hidden message by integer factorization or discrete logarithms. These classes of the receiver, the process is essentially reversed. problems, unfortunately, can be solved quickly by quantum computers that employ quantum algorithms. The implication is that, the capacity of the techniques to secure encrypted information cannot be guaranteed [31]. There is therefore need for cryptographic techniques that are picks a polynomial πœ™ πœ– β„’ , and then uses the public key of Bob to compute: π‘š ≑ π‘πœ™ ⨂ β„Ž + π‘š(π‘šπ‘œπ‘‘ π‘ž) (4) π‘š is the encrypted version of the message Alice finally sends to Bob. Decryption: For Bob to decrypt the encrypted message π‘š from Alice, he computes: π‘Ž ≑ 𝑓 ⨂ π‘š (π‘šπ‘œπ‘‘ π‘ž) (5) The coefficients of π‘Ž are chosen from the interval βˆ’ π‘žβ„2 to Figure 1. The message embedding process π‘žβ„2. He recovers the message via: 𝐹 ⨂ π‘Ž (π‘šπ‘œπ‘‘ 𝑝) A. NTRU B. LSB NTRU is a ring-based public key cryptosystem proposed by This method is used to hide sequence of binary message in Hoffstein, Pipher and Silverman [32]. It is an efficient and the least significant bit of a digital audio file. This technique computationally inexpensive cryptosystem, known for its capitalizes on the nature of the Human Auditory System low memory requirement, high speed, moderately, and (HAS) which does not have the ability to detect slight easily created keys [33]. The technique is secure against differences in the audio frequencies, especially when it is brute-force, meet-in-the-middle, multiple transmission, and more concentrated at the audible spectrum. LSB has the lattice-based attacks. And it is a quantum-safe cryptosystem. advantage that it allows large amount of information to be hidden without reducing the quality of the audio file. For an NTRU cryptosystem, we define three integer Consequently, it is easy to carry out. parameter: (𝑁, 𝑝, π‘ž), and four sets of polynomials of degree 𝑁 βˆ’ 1: β„’ , β„’ , β„’ , β„’ . We assume that 𝑔𝑐𝑑(𝑝, π‘ž) = 1, and An illustration of how the message β€˜FUT’ is embedded into an audio file using the concept of LSB is presented in π‘ž > 𝑝 . The notation for the ring is given as: 𝑅 = Figure 2. Both message and audio file are first converted to β„€[𝑋] / (𝑋 – 1) bit stream. To convert β€˜FUT’ to binary, we convert the ASCII value equivalent of the different characters in the message to binary. This is presented in Table 2. The least We write an element 𝐹 πœ– 𝑅 as: significant (right-most) bit of the audio stream is then replaced with the bit stream of the message. 𝐹=βˆ‘ 𝐹π‘₯ (1) Table 2 Conversion of message β€˜FUT’ to binary We write a star multiplication, denoted by ⨂ , which is Binary Character ASCII Value explicitly a cyclic convolution product. Representation F 70 1000110 Key Creation: Bob randomly select polynomials 𝑓, 𝑔 πœ– β„’ . U 85 1010101 We denote two inverses, 𝐹 and 𝐹 , of polynomial 𝑓 by: T 84 1010100 𝐹 ⨂ 𝑓 ≑ 1(π‘šπ‘œπ‘‘ 𝑝) and 𝐹 ⨂ 𝑓 ≑ 1(π‘šπ‘œπ‘‘ π‘ž) (2) Bob then computes: β„Ž ≑ 𝐹 ⨂ 𝑔(π‘šπ‘œπ‘‘ π‘ž) (3) Therefore, the public key of Bob is the polynomial β„Ž, while his private key is 𝑓. Encryption: To send a message to Bob, Alice simply selects a message π‘š from the set of plaintexts β„’ , randomly 𝑃𝑆𝑁𝑅 = 10 log (8) Where R is the slightest variation of the stego-audio, which is usually 255 in integer EMR data type. Histogram Plot: This provides a graphical representation of the different amplitude values of the audio signal. IV. EXPERIMENTAL RESULTS The proposed NTRU + LSB technique was developed using a PC with the following properties: Pentium (R) CPU T4500 @ 2.30GHz, 4GB RAM, Windows 8.1 pro operating system, and Java programming language (using NetBeans 8.1 platform). Appendices A to D depict some screenshots of system testing. To evaluate the performance of the proposed technique, five .wav digital audio samples were used. Five messages of Figure 2. Using LBS technique to hide EMR data in an audio file different sizes were generated, with each embedded into one audio sample. The corresponding stego-audio files were analyzed on MATLAB 2013a. Details including the audio C. Performance evaluation metrics name, size, and message size, and results of the EC, MSE, The performance of our proposed system is evaluated by the and PNSR are presented in Table 3. embedding capacity (EC), mean squared error (MSE), peak signal to noise ratio (PSNR), and histogram plots. Table 3. Performance evaluation of proposed EMR data hiding technique Embedding Capacity (EC): This is the maximum quantity Audio Message Embedding Audio MSE PNSR of EMR data that can be embedded into a cover audio Name Size Size Capacity (decibel) (decibel) without significantly altering the value of the original audio (KB) (KB) (%) hotstuff 48 3.1 6.5 5.3347e- 120.8597 file. It is the fraction of the secret message by the cover 08 audio object. Sample 16 3.7 23.1 3.1388e- 133.1631 Audio 09 mail 20 2.3 11.5 3.6123e- 112.5530 𝐸𝐢 = (6) 07 cello 648 3.9 0.60 2.7825e- 133.6864 09 Mean Squared Error (MSE): Denotes the cumulative skippy 24 2.8 11.6 5.3586e- 120.8403 square error between the cover audio signal and the stego- 08 audio. When the value of the MSE is low it is better, and therefore the little the error rate between the illustrations Results showed that the different messages were which shows little alteration was added. MSE is computed successfully embedded in the .wav audio covers. The low using the formula: MSE in each case shows that little alteration was added. Equally, the high PNSR values, which are consequences of βˆ‘ , [ ( , ) ( , )] 𝑀𝑆𝐸 = (7) the low MSE, confirm high resemblance between the βˆ— original audio samples and the corresponding stego-audio M and N stand for the rows and columns of the audio files. This implies that our proposed system is good, causing samples. I1 is the stego audio while I2 is the cover audio no significant distortions in the audios. To further explore the effect of embedding messages in the selected audio files. Peak Signal to Noise Ratio (PSNR): It is used to estimate Figures 3 to 7 present the histogram plots. The results show the amount of resemblance that exists between the original little or no differences in the audios after steganography. audio and the stego-audio. This parameter depends on MSE. It is also referred to as the quality measurement between two or files involved. It is measured in decibels. When the comparison of PSNR is high it means the system is good and this shows that the distortion is low. performance showed little or no distortion to the sample audios after message embedment. Our system could promote secure communication in healthcare systems, ensuring confidentiality, integrity, and availability. Our major contribution lies in proposing a secure crypto- steganographic technique. Future studies could consider other quantum-safe cryptographic schemes. This includes techniques based on lattice theory, coding theory, and multivariate quadratic polynomials. Our proposed system implemented the commonly used spatial domain technique, LSB. Frequency domain techniques have been reported to Figure 3. Audio plot (histogram) of Figure 4. Audio plot (histogram) of be stronger than those in the spatial domain [34]. hotstuff.wav before and after Sample audio.wav before and after Combining highly secure cryptographic and steganographic steganography steganography techniques would no doubt increase the level of security an EMR information hiding system can provide. VI. REFERENCES [1] Abdullah, A.M. & Aziz, R.H.H., 2016. New Approaches to Encrypt and Decrypt Data in Image using Cryptography and Steganography Algorithm. International Journal of Computer Applications, 143(4), pp.11–17. [2] Abikoye, O.C., Adewole, K.S. & Oladipupo, A.J., 2012. Efficient Data Hiding System using Cryptography and Steganography. International Journal of Applied Information Systems, 4(11), pp.6– 11. [3] Campagna, M. et al., 2015. Quantum Safe Cryptography and Security: An Introduction, Benefits, Enablers and Challenges, Available at: http://www.etsi.org/images/files/ETSIWhitePapers/QuantumSafeW hitepaper.pdf. [4] Das, J., 2014. A Study on Modern Cryptography and their Security Figure 5. Audio plot (histogram) of Figure 6. Audio plot (histogram) of Issues. International Journal of Emerging Technology and mail.wav before and after cello.wav before and after Advanced Engineering, 4(10), pp.320–324. steganography steganography [5] Deshpande, N. et al., 2015. Implementation of Audio Steganography Using RSA Algorithm. International Journal of Technology Enhancements and Emerging Engineering Research, 3(4), pp.81– 84. [6] Djebbar, F. et al., 2012. Comparative study of digital audio steganography techniques. EURASIP Journal on Audio, Speech, and Music Processing, 25, pp.1–16. [7] Garg, N. & Kaur, K., 2016. Hybrid information security model for cloud storage systems using hybrid data security scheme. International Research Journal of Engineering and Technology, 3(4), pp.2194–2196. [8] Gupta, S., Ankur, G. & Bhushan, B., 2012. Information Hiding Using Least Significant Bit Steganography and Cryptography. International Journal of Modern Education and Computer Science, 6, pp.27–34. [9] Hayfaa, A., Ahmad, R. & Noor, N.M., 2014. Combining Cryptography and Steganography for Data Hiding in Images. conference of Applied Computer and Applied Computational Science (ACACOS), Figure 7. Audio plot (histogram) of skippy.wav pp.128–134. before and after steganography [10] Latiff, M.S.A., Chiroma, H., Osho, O., Abdul-Salaam, G., Abubakar, A.I. and Herawan, T., 2017. A review on mobile SMS spam V. CONCLUSION filtering techniques. IEEE Access, 5, pp.15650-15666. In this study, we proposed and implemented an enhanced [11] Hussain, M. et al., 2015. Pixel value differencing steganography techniques: Analysis and open challenge. In 2015 IEEE EMR information hiding system to protect medical records International Conference on Consumer Electronics - Taiwan, from unauthorized access in healthcare environment. The ICCE-TW 2015. pp. 21–22. system combined NTRU cryptographic algorithm and LSB [12] Jefferson, D. et al., 2004. A security analysis of the Secure Electronic audio steganography to offer a more robust method for Registration and Voting Experiment (SERVE), Available at: http://requiem.googlecode.com/files/paper.pdf. hiding the EMR secrete data from unauthorized access. The [13] Jefferson, D., Rubin, A. & Simons, B., A comment on the May 2007 performance of the crypto-steganographic system was DoD report on Voting Technologies for UOCAVA Citizens, evaluated using Matlab environment. Evaluation of the Available at: https://www.verifiedvoting.org/wpcontent/uploads/2014/10/serve_d Ahmad, S., Forensic Acquisition of Data from a Crypt 12 Encrypted od_comment_2007.pdf. Database of Whatsapp. [14] Kaur, A. & Singh, N., 2015. SMS Encryption using NTRU [26] Saraireh, S., 2013. A Secure Data Communication System Using Algorithm. International Journal of Advanced Research in Cryptography and Steganography. International Journal of Computer Science & Technology, 3(2), pp.96–100. Computer Networks & Communications, 5(3), pp.125–137. [15] Kaur, M. & Kaur, G., 2014. Review of Various Steganalysis [27] Zachariah, B., Yabuwat, P.N. & Bernard, E., 2016. Application of Techniques. International Journal of Computer Science and Steganography and Cryptography for Secured Data Communication Information Technologies, 5(2), pp.1744–1747. – A Review. International Journal of Engineering Research & [16] Phad, V.S., Bhosale, R.S. & Panhalkar, A.R., 2012. A Novel Security Technology, 5(4), pp.186–190. Scheme for Secret Data using Cryptography and Steganography. [28] Usha, S., Kumar, G.A.S. & Boopathybagan, K., 2011. A secure triple International Journal of Computer Network and Information level encryption method using cryptography and steganography. Security, 2, pp.36–42. Proceedings of 2011 International Conference on Computer [17] Qian, T. & Manoharan, S., 2016. A comparative review of Science and Network Technology, ICCSNT 2011, 2, pp.1017–1020. steganalysis techniques. In 2015 IEEE 2nd International [29] Waziri, V.O., Isah, A., Ochoche, A. and Abulhamid, S.I.M., 2012. Conference on Information Science and Security, ICISS 2015. pp. Steganography and its applications in information dessimilation on 1–4. the web using images as securityembeddment: a wavelet approach. [18] Rasmi, A. & Mohanapriya, M., 2016. An Extensive Survey of Data Int J Comput Inf Technol, 1(02), pp.194-202. Hiding Techniques. Indian Journal of Science and Technology, [30] Latiff, M.S.A., 2017. A checkpointed league championship algorithm- 9(28), pp.1–7. Available at: based cloud scheduling scheme with secure fault tolerance http://www.indjst.org/index.php/indjst/article/view/90457. responsiveness. Applied Soft Computing, 61, pp.670-680. [19] Reddy, M.I.S. & Kumar, A.P.S., 2016. Secured Data Transmission [31] Hoffstein, J., Pipher, J. & Silverman, J., 1998. NTRU: A ring-based Using Wavelet Based Steganography and Cryptography by Using public key cryptosystem. Algorithmic number theory; Lecture Notes AES Algorithm. Procedia Computer Science, 85, pp.62–69. in Computer Science (LNCS), pp.267–288. Available at: Available at: http://dx.doi.org/10.1016/j.procs.2016.05.177. http://link.springer.com/chapter/10.1007/BFb0054868. [20] Wu, H.-C. et al., 2005. Image steganographic scheme based on pixel- [32] Singla, S. and Bala, A., 2018, April. A Review: Cryptography and value differencing and LSB replacement methods. IEE Proc.-Vis. Steganography Algorithm for Cloud Computing. In 2018 Second Image Signal Processing, 152(5), pp.611–615. Available at: International Conference on Inventive Communication and http://kar.kent.ac.uk/12311/. Computational Technologies (ICICCT) (pp. 953-957). IEEE. [33] Mustafa, G., Ashraf, R., Mirza, M.A. and Jamil, A., 2018, June. A [21] Sarmah, D.K. & Bajpai, N., 2010. Proposed System for data hiding review of data security and cryptographic techniques in IoT based using Cryptography and Steganography. International Journal of devices. In Proceedings of the 2nd International Conference on Computer Applications, 8(9), pp.1–8. Available at: Future Networks and Distributed Systems (p. 47). ACM. http://arxiv.org/abs/1009.2826. [34] Mohsin, A.H., Zaidan, A.A., Zaidan, B.B., bin Ariffin, S.A., Albahri, [22] Sethi, P. & Kapoor, V., 2016. A Proposed Novel Architecture for O.S., Albahri, A.S., Alsalem, M.A., Mohammed, K.I. and Hashim, Information Hiding in Image Steganography by Using Genetic M., 2018. Real-Time Medical Systems Based on Human Biometric Algorithm and Cryptography. Procedia Computer Science, 87, Steganography: a Systematic Review. Journal of medical systems, pp.61–66. 42(12), p.245. [23] Singh, A. & Malik, S., 2013. Securing Data by Using Cryptography with Steganography. International Journal of Advanced Research in Computer Science and Software Engineering, 3(5), pp.404–409. [24] Tsai, Y.Y., Chen, J.T. & Chan, C.S., 2014. Exploring LSB substitution and pixel-value differencing for block-based adaptive data hiding. International Journal of Network Security, 16(5), pp.363–368. [25] Alhassan, J.K., Abubakar, B., Olalere, M., Abdulhamid, S.I.M. and