POSEDION allowed the development and experimentation of new protection tools for data externalized into the cloud. Among them stand watermarking techniques for medical images and databases with as objective data traceability [1-3]. The objective of the WATSUP project is a technology transfer of a database watermarking solution to WaToo, a startup specialized in watermarking based solutions for fighting against sensitive information leaks and forgeries, in partnership with LaTIM Inserm UMR1101, specialized in medical data watermarking, and MEDECOM, a company that designs innovative medical imaging software solutions.
Context
Nowadays, cyber-criminality impacts all economic actors on a large scale with visible financial and brand image effects. Even though external threats are more and more taken into account, the ones from the inside are largely underestimated. In healthcare for instance, only 44% of health data breaches are due to hackers others are coming from the inside (e.g. insider snooping, unsecured business associate connected to the hospital – Protenus 2019 Breach barometer).
In this context and the one of the Labex CominLabs POSEDION / third research track, we developed several watermarking based solutions adapted to medical databases [2-3]. The main interest of the watermarking technology is that it leaves users accessing data while maintaining these ones protected by means of a message embedded or hidden into themselves. Depending on the message content, watermarking can ensure various data security services. In general, it is well suited so as to identify an authorized user who has rerouted or disclosed sensitive data or in order to verify that data have not been maliciously modified. It can also serve other purposes such as copyright protection, usage control and so on. The aim of WATSUP was to go beyond POSEDION works; works that have shown the viability and maturity of the proposed watermarking solutions; and to make a technological transfer with WaToo, a spin-off of LaTIM Inserm UMR 1101.
Starting from database watermarking solutions developed during POSEIDON, the objective of WATSUP stands in a prototype closed to the market. To reach this goal, LaTIM and WaToo worked in partnership with MEDECOM, a company that designs innovative medical imaging software solutions.
Results
The key result of the Labex CominLabs project WATSUP is a watermarking module integrated as a security component of a radiology web portal developed by MEDECOM and the purpose of which is to protect database integrity and to trace medical reports. Based on a reversible watermarking strategy, it acts as a proxy and intercepts users’ queries so as to watermark and un-watermark data when needed.
To respond to health professional needs in terms of medical imaging data sharing, MEDECOM develops CLIPPER, a medical imaging web portal. As depicted in figure 1, CLIPPER allows the exchange of electronic patient records (images and reports) in between practitioners remotely or internally. Based on users’ requests, CLIPPER retrieves pieces of information from different modalities and make them available to users in a web browser.
Fig. 1 – Clipper – A medical imaging web portal for medical records sharing (images and reports)
After having conducted a security risk analysis centered onto data, we retained two security services watermarking can be used for: i) the protection in terms of integrity of the centralized database; ii) the traceability of medical reports made available to users at their request.
Regarding the integrity protection of the database, because data are very sensitive, we proposed a reversible watermarking scheme. The reversibility property ensures that it is possible to remove the watermark (or equivalently the data distortion) and to exactly recover the original data (i.e. data before the watermarking operation). In order not having to watermark or un-watermark the whole database at each request(data access or update requests), we make use of a on the fly reversible watermarking technique [4]. As depicted in figure 2, this watermarking approach was integrated into a security component which acts as a proxy in between the archive system (i.e. the Medecom MedArchive system) and the CLIPPER HTTP Server. Our solution takes advantage of the fact watermarking protects the information without adding any ancillary pieces of data. The protection is inside the data themselves. These ones just have to be intercepted to get access to the watermarking based security services. As a consequence, the deployment of this technology does not require the intrinsic modification of the database management system or, more generally, of the information system functionalities. We give in figure 3 some details about our WaTbase module. Because watermarking modifies data, users’ requests are firstly re-expressed in the watermarking space in order to access to the correct information. Once done, data are first unwatermarked then transmitted to the users. In the same way, in order to trace medical reports, we develop a solution compliant with pdf files. Medical reports being constructed on the aggregation of pieces of information issued from the MedArchive database, i.e. a DICOM structured report, we develop an appropriate watermarking modulation so as to be able to trace the pdf file.
As part of the results of the WATSUP project, WaToo recruited one engineer and received a BPI funding to pursue the development of this technology.
Fig. 2 – WaTbase – a watermarking based proxy for protecting data and documents.
Fig. 3 – WaTbase – some details on the developed watermarking proxy module.
Partners
WATSUP is based on the partnership of LaTIM Inserm UMR1101 with:
- WaToo – is a Startup from IMT-Atlantique /LaTIM created mid 2018 and specialized in the fight against sensitive data leaks and forgeries by authorized users, i.e. user that are allowed accessing data. WaToo protects not only databases but also documents (e.g. pdf, excels files) based on the watermarking technology. Watoo actually develops its activity in the energy, defense and medical fields. https://watoo.tech
- Medecom – Created in 1999 and localized in Plougastel-Daoulas, MEDECOM is a medical imaging software company. Its products are intended for digital radiography and are distributed internationally. To respond to new usages related to telemedicine and medical data sharing in between health professionals, Medecom proposes information systems dedicated to the archiving and distribution of radiology images and reportsvia Internet, satisfying at the same time standards’ interoperability constraints. http://medecom.fr
Références
[1] W. Pan, , G. Coatrieux, D. Bouslimi, N. Prigent: Secure Public Cloud Platform for Medical Images Sharing Studies in health technology and informatics, 2015, vol. 210 : 2015.
[2] J. Franco-Contreras, G. Coatrieux, F. Cuppens, N. Cuppens-Boulahia, C. Roux: Robust Lossless Watermarking of Relational Databases Based on Circular Histogram Modulation. Information Forensics and Security, IEEE Transactions on ; Volume:9 , Issue: 3 : 2014
[3] J. Franco-Contreras, G. Coatrieux: Robust Watermarking of Relational Databases With Ontology-Guided Distortion Control. IEEE Trans. Information Forensics and Security 10(9): 1939-1952 (2015)
[4] US Patent App. 16/463,353 – Method for extracting data from a database of data are watermarked according to a reversible watermarking mechanism, G Coatrieux, JF Contreras, 2019.
