摘要:Privacy-preserving of medical information (such as medical records and images) is an essential right for patients to ensure security against undesired access parties. This right is typically protected by law through firm regulations set by healthcare authorities. However, sensitive-private data usually requires the application of further security and privacy mechanisms such as encipherment (encryption) techniques. ’Medical images’ is one such example of highly demanding security and privacy standards. This is due to the quality and nature of the information carried among these images, which are usually sensitive-private information with few features and tonal variety. Hence, several state-of-the-art encryption mechanisms for medical images have been proposed and developed; however, only a few were efficient and promising. This paper presents a hybrid crypto-algorithm, MID-Crypt, to secure the medical image communicated between medical laboratories and doctors’ accounts. MID-Crypt is designed to efficiently hide medical image features and provide high-security standards. Specifically, MID-Crypt uses a mix of Elliptic-curve Diffie–Hellman (ECDH) for image masking and Advanced Encryption Standard (AES) with updatable keys for image encryption. Besides, a key management module is used to organize the public and private keys, the patient’s digital signature provides authenticity, and integrity is guaranteed by using the Merkle tree. Also, we evaluated our proposed algorithm in terms of several performance indicators including, peak signal-to-noise ratio (PSNR) analysis, correlation analysis, entropy analysis, histogram analysis, and timing analysis. Consequently, our empirical results revealed the superiority of MID-Crypt scoring the best performance values for PSNR, correlation, entropy, and encryption overhead. Finally, we compared the security measures for the MID-Crypt algorithm with other studies, the comparison revealed the distinguishable security against several common attacks such as side-channel attacks (SCA), differential attacks, man-in-the-middle attacks (MITM), and algebraic attacks.
