Chaotic Reversible Watermarking Method Based on IWT with Tamper Detection for Transferring Electronic Health Record

Health IoTdeals with sensitive medical information of patients, therefore security concerns need to be addressed. Confidentiality of Electronic Health Record (EHR) and privacy are two important security requirements for IoT based healthcare systems. Recently, watermarking algorithms as an efficient response to these requirements is in the spotlight. Further, as smart city-based applications have to react to real-time situations, efficient computation is a demand for them. In this paper, a secure, lightweight, reversible, and high capacity watermarking algorithm with tamper detection capability is proposed for IoT based healthcare systems.'e scheme has applied IntegerWavelet Transform (IWT) and chaotic map for efficiency and increasing security. EHR is encrypted and then embedded into the Least Significant Bits (LSB) of wavelet coefficients of medical images.'e proposedmethod has been extensively tested for various color and grayscale commonly used medical and general images. Investigations on experimental results and criterions such as Peak Signal to Noise Ratio (PSNR) and Bit Error Ratio (BER) above 45.41 dB and 0.04, respectively, for payload of 432,538 bits indicate that the proposed method, besides providing security, being reversible, tamper detection capability, and high embedding capacity, has high imperceptibility and adequate resistance against different types of attacks.


Introduction
Nowadays, exchanging sensitive data through insecure Internet channels is inevitable. Moreover, the Internet of ings (IoT) is a revolutionary technology that prepares a reliable infrastructure for actuators and sensors to collaborate and exchange data with each other. By using IoT opportunities, the healthcare system will be revolutionized. IoT based healthcare systems with the capability of collecting patient's real-time health data have attracted many researchers' attention [1].
Patient healthcare data which was collected by equipment and sensors of IoT based healthcare system is used to create Electronic Health Record (EHR) for each patient. EHR, including medical images, Electronic Patient Record (EPR), etc., plays an important role in the diagnosis process of a patient. us, any manipulation and tampering in such reports may cause fatal diagnosis to the patient. EHR are exchanged among hospitals, doctors, and insurance companies; therefore preserving the confidentiality of EHR and privacy of patients are the most important security requirements. On the other side, an IoT driven healthcare system must be capable of handling the real-time situation. erefore, data transferring and computational overhead in such a system have to be efficient. In this scope, researchers are looking for alternative solutions that are proper for resource-constrained IoT devices. e information hiding techniques are an adequate solution to address these challenges. Information hiding is classified mainly into steganography and watermarking. In both of them, secret data is embedded in the cover data such as text, voice, and pictures with different goals. In the steganography, data hiding in digital media should be done in such a way that the existence of secret data in the host media is unnoticeable. In these algorithms, the cover could be unrelated to the secret data, and only transferring the hidden secret data and imperceptibility are important. But in watermarking algorithms, the secret data is dependent on the cover to preserve its security through manipulations. In some watermarking applications, information on cover media is hidden inside of cover media for copyright protection or content authentication purposes.
ere are two spatial and transform domains for applying steganography and watermarking algorithms. In the spatial domain, the secret message is embedded directly into the cover image by manipulating pixel values. Spatial domain-based algorithms have less computational overhead and less resistance to different types of attacks. In the transform domain, at first, the cover image is transformed by using various transform operations such as Discrete Cosine Transform (DCT), Discrete Fourier Transform (DFT), and Discrete Wavelet Transform (DWT), and then a secret message is embedded into coefficients [2]. Transform domain-based algorithms have more computational overhead and more resistance against different types of attacks. For designing a practical scheme for smart city applications, a trade-off between computational complexity and security must be considered. e main requirements for all watermarking and steganography algorithms are imperceptibility, robustness, and payload capacity. Imperceptibility refers to the amount of deterioration that has been made to the cover media and robustness indicates how much a watermark can resist against different attacks. Corresponding to the application, a different level of robustness is required. Payload capacity also refers to the amount of data embedded inside of a cover media. For some watermarking applications, reversibility is a requirement which means that, after the extraction of the secret messages, host media have to be recoverable [3][4][5]. In irreversible techniques host media do not need to be restored after extraction of secret message. Considering applications, reversibility is not a requirement for all steganography techniques which could bring more payload capacity [6][7][8]. Reversible information hiding finds applications in e-healthcare, military communication, and smart cities, etc., where host media need to be recovered after the extraction phase [9].
As already mentioned, low computational complexity while keeping a high amount of payload is highly desirable feature for real-time situations like IoT based electronic healthcare systems and smart city applications. Many high capacity information hiding schemes have been suggested for image [9][10][11][12][13][14]. Most of them have used the interpolation concept to generate a resized version of the original image before embedding. ese techniques estimate pixels values of the resized image by using several algebraic equations which increase computational complexity.
In this paper, we have tried to address these challenges. To provide confidentiality, EHR is encrypted by using a chaotic sequence that is unpredictable for an adversary. To tamper detection, an Integrity Check Code (ICC) is calculated. Moreover, computational complexity is reduced while keeping high capacity. e encrypted EHR and ICC are embedded in two Least Significant Bits (LSB) of cover image's Integer Wavelet Transform (IWT), being a fast and lossless transform. erefore, the confidentiality of EHR and patient privacy are preserved during transmission. e important contributions of the proposed method are as follows: (1) Designing an efficient reversible watermarking algorithm with high capacity and tamper detection, providing EHR confidentiality, and preserving patient privacy for IoT based healthcare system for both grayscale and color images. (2) Providing a high level of security by using the chaotic sequence as an efficient tool intelligently in host coefficients selection, encryption process, and structure of the symmetric key. e rest of the paper is organized as follows. In Section 2, a literature review is presented. Preliminaries are discussed in Section 3. Section 4 also describes the proposed method in detail, and Section 5 provides detailed experimental results and discussion. e conclusion of the paper is in Section 6.

Literature Review
In recent years, because of prominent advancements and expansion of IoT and prepared infrastructure for deploying IoT in real life, researchers have tried to take advantage of IoT potentials in real-life scenarios. One of the most attractive topics in this area is using IoT potentials to present smarter healthcare services. Healthcare systems always look for reducing costs and providing better quality in healthcare services. erefore, many approaches have been introduced in this area. An extensive survey for applications of IoT for healthcare systems, IoT based technologies for healthcare, IoT security including security requirements and attacks classification, and taxonomy have been reported in [1,15,16]. Constraints of IoT sensors are also discussed in [17].
Various schemes have been proposed for home healthcare monitoring and telemonitoring. ese schemes are based on Wireless Sensor Networks (WSN), Near Field Communication (NFC), and Radio Frequency Identification (RFID). Using IoT components based on these technologies, techniques for fall detection and seizure detection were introduced in [18][19][20][21]. In [20], a system was proposed which detects the risk of bedsores by using sensors. Furthermore, applications of IoT based wearable devices for monitoring Parkinson's gait disturbance and cardiac and neurological disorders are reported in [21]. ese systems make it possible for caregivers to prevent dangerous situations by taking immediate action and providing better treatment.
Although the above schemes have proposed architectures for mHealth/eHealth, a seamless method for securing patient's EHR has not been reported [9]. Since EHR contains patient's vital health data, designing a method that provides confidentiality for EHR, preserves patient's privacy, and applies to resource-constrained IoT devices for real-time scenarios in the smart city is highly desirable. Considering requirements and challenges, information hiding techniques seem to be an adequate option to design and develop such a system. Unlike conventional cryptography, information hiding techniques hide information inside of a cover medium intelligently, instead of encrypting information by using costly algorithms. A survey of applications of information hiding techniques in medical and healthcare systems has been presented in [22]. In order to increase capacity for hiding more amount of data, various information hiding techniques based on interpolation have been introduced. Neighbor Mean Interpolation has been introduced by [23]. e average PSNR of this scheme is 35 dB for a payload of 1.622 BPP. Chin Feng Lee and Yu-Lin Huang [24] proposed Interpolation by Neighboring Pixels (INP) to improve the performance of the data hiding scheme proposed by [23]. e payload of this method is up to 2.28 BPP. In [9], a reversible information hiding method based on interpolation has been proposed. is method at first resizes the original image with a size of M × N into M/2 × N/2. en using an algorithm called Pixel Repetition Method (PRM) creates a cover image from the resized image by repeating pixels from the original image. en EHR is embedded into the cover image. However, the interpolation-based method can increase embedding capacity but the calculating number of algebraic equations and operations such as upscaling and downscaling for creating the cover image from the original image increases computational complexity and decreases the original image quality.
A watermarking scheme for the security of medical and nonmedical images based on 2-level Singular Value Decomposition (2-D SVD) has been proposed by [25]. A digital signature is embedded into the cover image for tamper detection purposes; however, watermark is needed for this test. A blind watermarking approach for medical image protection was proposed by [26]. is method uses combination of DWT and SVD for embedding data into the cover image. SVD increases computational complexity significantly and is not a suitable choice for resource-constrained IoT devices and real-time scenarios. Table 1 summarizes the articles that have been mentioned in literature review section in chronological order of year.

Integer Wavelet Transform (IWT).
Wavelets are basis functions used to represent signals. Integer Wavelet Transforms (IWT) are the wavelet transforms that map integers to integers [27]. e procedure of calculating IWT using lifting technique is illustrated in Figure 1 and described as follows.
e image matrix is separated odd and even columns. Frequency subbands, HF (high-frequency components), and LF (low-frequency components) are calculated using the following equations: (1) Step 2. LF even and LF odd show the even and odd rows of LF. HF even and HF odd are also even and odd rows of HF. First level decomposition of the image is calculated as follows: HH � HF odd − HF even , (2)

Logistic-Sine Map.
Chaotic map is a mathematical concept which is equal to evolution function. ese functions are extremely sensitive to their initial conditions and exhibit chaotic behavior that means a small change in input parameter leads to an unpredictable change in output. Logistic-Sine map (LS) is introduced in [28] as an intensive chaotic map defined as follows: e analyses of bifurcation diagram and Lyapunov exponent prove that the chaotic behaviors of the LS map exist in the whole range of parameter settings and its chaotic sequences have a uniform distribution within [0, 1] [28]. ese properties of LS make it impossible for an adversary to predict the chaotic sequence. In other words, regenerating chaotic sequence without having the key (concatenation of r and x n parameters) is not possible which makes LS a proper option to increase the security of the proposed method significantly.

Proposed Method
e proposed method can be divided into two main phases, embedding and extraction phase, which take place, respectively, on the sender and receiver side. An overview of the proposed method has been shown in Figure 2. At the sender side, the patient's medical image and EHR are obtained as inputs from which the Integrity Check Code (ICC) is calculated.
en EHR and ICC are encrypted using a chaotic sequence generated by LS map. IWT is applied to the medical image as a cover image, and then four frequency subbands are produced and picked to embed encrypted ICC Security and Communication Networks and EHR into the LSB of coefficients. e data embedding procedure is described in Section 4.1 in detail. At the receiver side, the watermarked image is obtained and inverse IWT is applied to it. e four frequency subbands are picked to extract encrypted EHR and ICC from pixels LSB. e receiver regenerates chaotic sequence by using an agreed key

Article Description
Year [23] Data hiding method based on interpolation 2009 [24] Data hiding method based on interpolation 2012 [20] Health status monitoring (monitoring the risk of bedsores) 2015 [18] Health status monitoring (fall detection) 2017 [19] Health status monitoring (home care systems) 2017 [21] Health status monitoring (applications of wearable technologies) 2017 [9] Reversible data hiding method based on interpolation 2018 [25] Watermarking scheme with digital signature based on SVD 2019 [26] Watermarking scheme with embedded hash based on SVD 2021 4 Security and Communication Networks and then decrypts EHR and ICC which gives EHR ′ and ICC ′ . Receiver recalculates ICC from EHR ′ , names it ICC ″ , and compares it to the ICC ′ which was extracted and decrypted from the watermarked image. If ICC ″ � ICC ′ then the watermarked image is verified. e extraction procedure is described in Section 4.2 in detail.

Data Embedding
Procedure. Data embedding procedure contains five subsections: cover image preparation, chaotic sequence generation, ICC calculation, EHR and ICC encryption, and data embedding, which are described in detail. Overview of data embedding is illustrated in Figures 3 and 4 .

Cover Image Preparation.
To prepare the cover image, IWT is applied to the patient's medical image which produces 4 frequency subbands: LL, HL, LH, and HH. e following steps are taken to prepare the cover image: (1) IWT is applied to the original image which produces LL, HL, LH, and HH frequency subbands (2) HL, LH, and HH subbands are picked for EHR embedding (3) LL subband is picked for ICC embedding

Chaotic Sequence (CS) Generation.
To generate a chaotic sequence (CS), a key is needed. Concatenation of LS map parameters, x 0 and r, creates the key. Using this key, a chaotic sequence is generated, and the initial value effect can be faded by generating a sequence with a length three times bigger than that needed and picking the last segment. is sequence is used for encrypting EHR and ICC. e order of choosing subbands and pixels of each subband as host positions is based on the chaotic sequence. is leads to high confusion and diffusion which are the result of chaotic sequence features that make them appropriate for security aspects. e following steps are taken to generate CS: (1) Choosing values for x 0 and r as the key (2) Using the key as initial values of LS map to generate chaotic sequence (CS) with the size of 3 n, where n � size (EHR||ICC) is the length of the needed sequence

ICC Calculation.
To detect tampering on a watermarked image, an Integrity Check Code (ICC) is calculated and embedded into the cover image. e ASCII form of EHR is considered as sequence W � p 1 , p 2 , p 3 , p 4 , p 5 , . . . , p n where each p n is an ASCII code of a letter. We divide this code into segments with length of five letters.
e i th segment of W is denoted by w i , where 1 ≤ i ≤ (n/5). It should be noticed that if n is not the multiple of five, we add some padding. Corresponding to each segment w i � p 1 p 2 p 3 p 4 p 5 which contains 40 bits, a four-bit code is produced by comparing each element of w i with the central element p 3 as follows: All b i come together to create B which is a compressed Integrity Check Code (ICC).

EHR and ICC Encryption.
e CS that has been generated in step 4.1.2 is divided into two parts, CS 1 and CS 2 , with the binary size of EHR and ICC, respectively. en these parts are used to encrypt EHR and ICC to improve security. e encryption process consists of two stages: (1) Scrambling: the order of the bits of EHR and ICC is changed based on new indices obtained from the sorted subsequences CS 1 and CS 2 .
(2) Applying XOR operation: the binary forms of EHR and ICC are XOR with binary form of CS 1 and CS 2 , respectively.
e following equations define encrypted EHR and ICC denoted by EHR e and ICC e , respectively.

Data
Embedding. e cover image was prepared in 4.1.1 subsection and ready to use for embedding. EHR e is embedded into LSBs of coefficients in HL, LH, and HH. Moreover, LSBs of coefficients in LL band are hosts of bits in ICC e . e order of choosing frequency subbands and coefficients for embedding EHR e and ICC e is based on chaotic sequence (CS). is technique makes it impossible for an attacker to recognize the host positions without having CS. At the end of this subsection, EHR e is embedded into the cover image, and the cover image is watermarked with ICC e . en inverse IWT is applied to the watermarked image and the result will be sent. In summary for data embedding the following steps are taken: (1) EHR e bits are embedded into two LSBs of HL, LH, and HH coefficients of the cover image (2) ICC e bits are embedded into two LSBs of LL coefficients of cover image which produces the watermarked image (3) Inverse IWT is applied to the watermarked image 4.2. Data Extraction Procedure. On the receiver side, at first, EHR is extracted from the watermarked image and then the integrity checking is done to ensure whether the watermarked image has been tampered or not. e data extraction process has been shown in Figures 5 and 6 . EHR and ICC extraction and integrity checking subsections are going to be described.

EHR and ICC Extraction.
e receiver regenerates CS using the agreed key between the sender and the receiver which is the concatenation of x 0 and r. IWT applies to the

Integrity Checking.
e ASCII code of EHR ∼ is put in W and the receiver recalculates the ICC by using the same algorithm as described in 4.1.3 subsection. e integrity checking process has been demonstrated in Figure 6. e receiver compares recalculated ICC to ICC ∼ ; if ICC � ICC ∼ this means the watermarked image is valid, and otherwise, it is rejected. After checking the validity of the received watermarked image, inverse IWT is applied to the cover image to recover the patient's medical image. At this point, the receiver has both EHR and the medical image of the patient. Integrity checking is done by taking the following steps: (1) ICC is calculated  (4) Inverse IWT is applied to the received watermarked image to recover the patient's medical image

Results and Discussion
In this section, a comprehensive investigation has been made on the proposed method in terms of performance and security analysis. e experiments have been carried out using

Metrics Explanation.
A brief explanation and mathematical definition for each criterion is given in the following.

Peak Signal to Noise Ratio (PSNR).
PSNR is a measure of the ratio of signal to noise power. is criterion is used to evaluate the imperceptibility of a watermarked image. PSNR is defined by the following equation [30]: PSNR � 10 log 10 255 2 MSE .

Structural Similarity Index Matrix (SSIM)
. SSIM is a measure for evaluating the similarity of two images related to perceptual quality in terms of the human visual system. SSIM is defined by the following equation: where μ X and μ Y are averages of pixels values of X and Y, respectively. Moreover, σ 2 X and σ 2 Y are variances of X and Y and σ XY is the covariance of X and Y. C 1 � (K 1 L) 2 and C 2 � (K 2 L) 2 are two variables to stabilize the division with a weak denominator. Variable L is the dynamic range of pixel values and variables K 1 and K 2 are 0.01 and 0.03 by default [31].

Normalized Cross-Correlation (NCC)
. NCC measures the degree of similarity between the cover image and the watermarked image [32]. e range of NCC is [1, −1]. When two images are completely the same, NCC is equal to 1, and NCC will be −1 if they are completely opposite. If NCC is equal to 0, this means two images are uncorrelated. Assume X(i, j) and Y(i, j) represent a cover image and a watermarked image, respectively. NCC is defined by the following equation: where μ X and μ Y are averages of matrices X and Y, respectively.

Mean Absolute Error (MAE).
is criterion measures the average absolute errors between the cover image and the watermarked image. Assuming X and Y are cover image and watermarked image, respectively, for a grayscale image, MAE is defined by the following equation [33]:

Bit Error Ratio (BER)
. When data is transmitting over a communication channel, during transmission data could get damaged or altered intentionally by an attacker or unintentionally by noise. e number of damaged bits is divided by the total number of transmitted bits to calculate the ratio of bit error. BER is defined by the following equation [34]: where n e is the number of damaged bits and n s is the total number of transmitted bits.

Imperceptibility
Analysis. e changes that are made to cover image must be imperceptible for the human visual system (HVS). A watermark is completely imperceptible if humans cannot distinguish the original image from the watermarked image when they are laid side by side [35].
e proposed method has been tested on various color and grayscale medical and commonly used images with a size of 512 × 512 pixels. All testing images and corresponding watermarked images are shown in Figure 7. e proposed method has been simulated for two modes, such that two and three LSBs of each coefficient of the cover image are  EHR e and 176,952 bits for ICC e ). Similar to first mode, full capacity of LL subband is not occupied; thus, it could be used for other purposes. e proposed method has been compared to several state-of-the-art techniques and results are reported in Tables 6 and 7 to show that the proposed method outperforms other schemes under comparison. Although the capacity of the proposed method is higher compared to other techniques, the results are showing significantly better performance of the proposed scheme in terms of PSNR, MAE, NCC, and SSIM. is is because of taking advantage of IWT which is a lossless transform and does not deteriorate cover image at all. In Figure 8, PSNR metric for different test images is compared to the other state-of-the-art methods and BPP is abbreviation of Bits Per Pixel.

Reversibility.
As already mentioned, reversibility is a requirement for IoT based healthcare system. erefore, we proposed a reversible technique in this paper. Usually, the capacity of irreversible techniques is more in comparison to the reversible techniques. On the other side, increasing capacity decreases imperceptibility. us, we tried to establish a trade-off between capacity and imperceptibility while providing reversibility in the proposed scheme. e procedure of extracting secret data from the cover image and    recovering the patient's medical image has been described in Section 4.2 step by step. Test cover images and their corresponding watermarked images in Figure 7 are almost identical, and results of criterions such as SSIM, NCC, and MAE for these images prove their similarity. Because of close similarity, the watermarked image is reusable on the receiver side completely. Since LSBs of the cover image are used for embedding into, high quality of the patient's medical image is preserved.

Computational Complexity Analysis.
As already mentioned, computational complexity is an important factor for IoT based healthcare system. One of the most important features of the proposed method is a low computational overhead which leads to less time and energy consumption. e cover image generation and data embedding stages of the proposed method are compared to cover image generation and data embedding of other state-of-the-art techniques in Figures 9 and 10, respectively. Cover image preparation is considerably faster in the proposed method comparing to other schemes, because of taking advantage of IWT instead of calculating several equations in other stateof-the-art techniques. Using various algebraic equations for generating a cover image from the original image is more time consuming and complex than IWT. e data embedding stage of the proposed method is done by embedding secret data directly into LSBs of cover image pixels which does not require any calculation; therefore it is faster in comparison to other state-of-the-art schemes.

Security Analysis.
One of the main goals of this paper is to address security challenges. For this purpose, several security levels are designed and included in the proposed method. In summary, the following steps are taken to ensure the proposed method meets security requirements: (1) Choosing the order of pixels for embedding is based on a chaotic sequence (CS) which is impossible to regenerate without knowing the agreed key between the sender and the receiver. (2) Secret data (EHR) is first encrypted and then embedded into the cover image. (3) A fragile watermark is calculated and encrypted and then embedded into the cover image in order to detect any tampering or altering. (4) Both encrypted EHR and the watermark are embedded into the transformed layer of the original image using IWT which brings noticeably more resistance against different attacks.
e proposed scheme has been tested against various signal processing and geometric attacks and BER (%) results are presented in Table 8 for payload of 432,538 bits and 1,297,613 bits for grayscale and color images, respectively. Moreover, obtained security analysis results are compared to [10] in Figure 11. It is evident from Figure 11 that the proposed    method, because of taking advantage of IWT, has impressive resistance against various attacks. Tamper detection analysis is also included in Table 8 to demonstrate the functionality of the fragile watermark. e results prove that the fragile watermark can detect any kind of tampering and altering. All security tests have been done for both grayscale and color images. In Table 9, the proposed method is compared to other state-of-the-art schemes in terms of the main features.

Histogram Analysis.
Histogram analysis is performed on watermarked images by adversaries with the intension to find a clue about what has been embedded. Histogram analysis is done by comparing the histograms of the cover image and watermarked image with each other. To withstand this attack, histograms of the cover image and watermarked image must be similar to each other closely. In Figure 12 histograms of various cover images (12(a), 12(c),    12(e), and 12(g)) and corresponding watermarked images (12(b), 12(d), 12(f ), and 12(h)) are presented for a payload of 432,538 bits. It is evident from Figure 12 that the proposed method can resist this attack since the histograms are nearly the same.

Conclusion
In this paper, considering security and IoT requirements, a secure, reversible, lightweight watermarking method with the capability of tamper detection has been introduced for IoT based healthcare systems. Usually, the capacity of reversible techniques is less than irreversible ones. us, we tried to establish a trade-off between capacity and preserving image quality to introduce a high capacity reversible scheme.
In the proposed method for preparing a cover image, IWT was employed which is a fast and lossless transform with low computational complexity. EHR firstly is encrypted by a chaotic sequence and then embedded into LSBs of IWT subbands coefficients. A fragile watermark is calculated and embedded for tamper detection capability. Comprehensive investigations and analyses that have been made to the experimental results demonstrate high performance in terms of imperceptibility and image quality. e proposed method reduces the computational complexity significantly in comparison to the other state-of-the-art techniques by taking advantage of IWT. Security analyses in Section 5.5 prove that the proposed method is noticeably resistant against various signal processing attacks and the tamper detection feature is working properly.

Data Availability
All of the image samples and underlying data that support the results of our study are given in the paper.

Conflicts of Interest
e authors declare that they have no conflicts of interest.