Structural Obfuscation and Crypto-Steganography-Based Secured JPEG Compression Hardware for Medical Imaging Systems

In modern healthcare technology involving diagnosis through medical imaging systems, compression and data transmission play a pivotal role. Medical imaging systems play an indispensable role in several medical applications where camera/scanners generate compressed images about a patient’s internal organ and may further transmit it over the internet for remote diagnosis. However, tampered or corrupted compressed medical images may result in wrong diagnosis of diseases leading to fatal consequences. This paper aims to secure the underlying JPEG compression processor used in medical imaging systems that generates the compressed medical images for diagnosis. The proposed work targets to secure the JPEG compression processor against well-acknowledged threats such as counterfeiting/cloning and Trojan insertion using double line of defense through integration of robust structural obfuscation and hardware steganography. The second line of defense incorporates stego-key based hardware steganography that augments the following: non-linear bit manipulation using S-box (confusion property), diffusion property, alphabetic encryption, alphabet substitution, byte concatenation mode, bit-encoding (converting into stego-constraints) and embedding constraints. The results of the proposed approach achieve robust security in terms of significant strength of obfuscation, strong stego-key size (775 bits for JPEG compression processor and 610 bits for JPEG DCT core) and probability of coincidence of 9.89e-8, at nominal design cost.


I. INTRODUCTION
In the current era of healthcare technology, the roles of hardware chips and internet are very crucial. The electronic integrated circuits (ICs) and internet technology have eased and fastened the diagnosis and treatment of critical diseases. More explicitly, in the medical applications such as computed tomography (CT) scan, magnetic resonance imaging (MRI) scan etc., the healthcare professionals acquire the medical images of the patient's internal organs for diagnosis. The imaging modalities (medical instruments) such as CT scanner and MRI scanner generate large size of digital image data [1]. These digital medical images are stored/processed locally and subsequently transmitted to healthcare professionals through The associate editor coordinating the review of this manuscript and approving it for publication was Chunsheng Zhu .
internet. However, the amount of space/bandwidth required to store/transmit the images can be prohibitively large. For example, the size of each slice of CT abdomen images is 512 × 512 pixels, where each pixel is of 16 bits. In addition, the entire data set of CT abdomen images contains 200 to 400 images resulting into ∼150 MB of data [2], [3]. Therefore, the images are required to be stored/ transmitted in the compressed form. Additionally, it also improves the efficiency of medical data transmission over internet for teleradiology and tele-pathology [1].
Lossy compression of medical images can be used within acceptable range of compression ratio which differs for different modalities and body parts [1], [4]- [6]. Alternatively, hybrid compression technique may also be used. Diagnostically important regions i.e. Region of Interest (ROI) may require high image quality. In such cases, high compression VOLUME 8, 2020 This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see http://creativecommons.org/licenses/by/4.0/ with good quality in diagnostically important regions may be used along with lossy compression in other regions [2], [3].

A. TARGET THREAT MODEL
Due to emerging threats at the hardware level, corruption of compressed medical images generated from camera, scanners are significantly surging. For example, corruption of compressed medical images through attacks in the compression processor in the imaging systems can manifest in one or more of the following forms: alteration (tampering) of acceptable compression ratio, affecting the diagnostically important regions of interest by damaging the image quality etc. This is because the underlying processor responsible for medical image compression may be compromised due to hardware threats such as reverse engineering (RE) causing Trojan insertion [7], piracy and counterfeiting etc.

B. MOTIVATION OF THE PROPOSED APPROACH
To generate the compressed medical images/data through medical imaging systems (such as camera, scanners etc.) in its authentic form, the underlying JPEG compressordecompressor (CODEC) processor [1] needs to be reliably secured against hardware threats. This is because an unsecured JPEG processor may contain malicious logic (such as Trojans) and may be counterfeited/cloned. The Trojan infected/counterfeited /cloned hardware is not trustworthy, hence may generate tampered/corrupted/altered compressed medical data. The generated corrupted medical image data results into wrong diagnosis of diseases. Therefore, the security of the underlying processor of the camera/micro-camera used in medical instruments needs to be ensured against aforementioned threats. Robust security can be ensured by taking both preventive and detective measures against such potential threats. Therefore, the security (prevention and detection) of this JPEG CODEC processor of camera/scanner against hardware threats such as Trojan insertion, counterfeiting/cloning is mandatory to produce genuine medical data.

II. RELATED WORK
There exists some approaches [11], [13], [20] in the literature that secures hardware against RE/Trojan insertion using structural obfuscation. In related prior work [11], [20], structural obfuscation has been applied on discrete cosine transform (DCT) core which is used underneath JPEG compression processor. However, [11], [20] do not perform structural obfuscation on entire JPEG CODEC processor and do not provide detective control against counterfeiting/cloning. Further in [13], structural obfuscation based security has been performed on JPEG CODEC hardware. Reference [13] performed the structural obfuscation based on tree height transformation (THT), however does not incorporate hardware steganography. Hence, this approach provides countermeasure against RE, however fails to detect in case of pirated JPEG processors. Moreover, there also remains a possibility that the obfuscated JPEG design can be de-obfuscated by a potential attacker. Once de-obfuscated, the JPEG design can be tampered. As a solution to this problem, the proposed approach embeds the hardware steganography as 2 nd line of defense into the obfuscated JPEG processor to facilitate the detection of counterfeiting/cloning. Additionally, [21] employed entropy based single phase hardware steganography and [16], [17], [22], [23] employed watermarking technique to secure the designs against counterfeiting/cloning. However, [16], [17], [21]- [23] provided only detective control against counterfeiting /cloning and did not ensure the preventive security against RE (causing Trojan insertion attack). Proposed approach is the first work in the literature that secures JPEG CODEC processor by employing structural obfuscation followed by proposed crypto-based dual phase hardware steganography (double line of defense) against aforementioned threats. Here, it is worth noting that the proposed approach embeds digital evidence in JPEG compression hardware as 2 nd line of defense. Hence, the focus of proposed approach is not on embedding/hiding data in JPEG images. Therefore, data hiding schemes have not been discussed in the paper as it does not apply to the context of the problem. Novel contributions of the proposed work are as follows: • The proposed work aims to secure the underlying JPEG compression processor used in medical imaging systems that generates the compressed medical images for diagnosis.
• The paper proposes double line of defense by integrating structural obfuscation and hardware steganography together to secure JPEG CODEC processor against Trojan insertion, counterfeiting/cloning.
• The paper proposes a novel crypto-based dual phase steganography that acts as a second line of defense (detective control against cloning/counterfeiting). This enables separation of counterfeited/cloned JPEG CODEC ICs from being used in the design/manufacturing process of the medical imaging systems.

III. PROPOSED METHODOLOGY A. OVERVIEW
Structural obfuscation and hardware steganography can be integrated together to provide double line of defense to secure JPEG CODEC processor against Trojan insertion, counterfeiting/cloning. Structural obfuscation provides preventive control by obscuring the architecture (or structural topology of the circuit) of the design in order to make it unobvious for an attacker in understanding, thus making it harder to reverse engineer or identify the functionality of the design [11]- [13]. This prevents an attacker from secretly inserting malicious logic into the underlying design as well as secures against cloning/counterfeiting. Further, hardware steganography acts as the second line of defense by providing detective control, in case a potential attacker is able to crack the structural obfuscation using advanced algorithms to realize his/her malicious intents. Therefore, there is need of a double line of defense that is capable to both prevent and detect a tampered hardware. Hardware steganography as the second line of defense provides detection and isolation of the counterfeited and cloned IPs from genuine ones during authentication process. Fig. 1 shows the thematic representation of typical attack scenario on JPEG CODEC processor used in medical imaging. Further, Fig. 2 depicts the targeted hardware threats and protection scenario against them using proposed approach. as shown two classes of hardware threats viz. RE (resulting into Trojan insertion) and piracy (counterfeiting/cloning) for JPEG processor have been countered through proposed algorithm using structural obfuscation and crypto-hardware steganography. The countermeasure summaries are also enunciated. The scope of proposed approach does not cover the data hiding schemes. The proposed approach aims to secure the underlying JPEG CODEC processor responsible for image compression in medical imaging systems. The use of authorized and secured JPEG CODEC processor ensures that the medical images are stored in the genuine form and thus leads to accurate diagnosis by healthcare professionals. The proposed approach provides enhanced security by embedding crypto-based dual phase steganography information into an obfuscated JPEG compression processor as a 2 nd line of defenses. The 2 nd line of defense enables the detection of piracy, counterfeiting and cloning and thus filters out the unauthorized ICs.
The proposed methodology secures the JPEG CODEC processor using double-line of defense. The inputs to the proposed methodology are as follows: (a) JPEG CODEC algorithm in the form of C-code/mathematical function or its equivalent data flow graph (DFG) [13] (b) resource constraints (c) module library (d) stego-keys. The overview of the proposed approach is shown in Fig. 3. The upper half of the figure shows the process of securing JPEG CODEC using double line of defense. As shown in the figure, the DFG representing JPEG compression algorithm is structurally obfuscated based on tree height transformation (THT) based obfuscation. Here, structural obfuscation acts as 1 st line of defense against malicious logic insertion (such as Trojan), counterfeiting/cloning by obscuring the architecture (or structural topology) of the design in order to make it harder for an attacker to reverse engineer or identify the functionality of the design. Further, the 2 nd line of defense is deployed by embedding hardware steganography into the structurally obfuscated JPEG compression processor design. The proposed crypto-based dual-phase steganography encoder generates stego-constraints and embeds them into the obfuscated JPEG design in the form of secret information. The steganography information is embedded covertly into the two distinct phases of high level synthesis (HLS) [14], [15] viz. register allocation phase and hardware allocation phase [16]. The process of generating secret stegoinformation cooperatively leverages the following: (a) nonlinear bit manipulation (Shannon's confusion property) (b) row and column diffusion (Shannon's diffusion property) (c) TRIFID cipher (achieves both confusion and diffusion). Thus the proposed approach is referred as crypto-based dualphase hardware steganography. The output of the proposed methodology is a steganography embedded obfuscated JPEG compression Processor.
Besides, the lower half of the Fig. 3 shows the steganography decoder system which helps in detecting piracy, counterfeiting and cloning. As shown in figure, stego-constraints (concealed stego-information) are extracted from the design under test. This extracted stego-information is matched with the stego-constraints generated using the designers provided secret design data (embedded design data) and stego-keys. If all stego-constraints match then the JPEG compression processor is authentic and suitable for using in medical imaging systems. However, if either the stego-constraints do not match or a different brand carries the same stego-information, then the design is considered to be counterfeited/cloned, hence discarded.
It is worth noting that the proposed approach does not apply for protecting image contents. Instead, the proposed approach protects the JPEG processor responsible for generating compressed image data against tampering attacks (such as inserting malicious logic which is safeguarded using obfuscation. Counterfeited/cloned hardware could be tampered hardware which is safeguarded by steganography based detective control).

B. DETAILS OF PROPOSED APPROACH
As shown in the Fig. 3, the process of securing JPEG compression processor is accomplished by deploying 1 st line of defense followed by 2 nd line of defense.
1 st Line of Defense: The 1 st line of defense is deployed by performing tree height transformation (THT) based structural obfuscation on DFG of JPEG compression processor. In THT based structural obfuscation [11], [13], some sequentially executing operations are forced to execute as parallel sub-computations, thus incorporating the structural changes by altering the data dependency of operations. This would result into structural obfuscation in the form of changes in functional units such as adders, multipliers etc., storage elements (register count, latches etc.) and interconnectivity of resources, multiplexer and de-multiplexer inputs/outputs, without affecting the func-tionality. Thus would affect the datapath architecture and controller logic of the design without changing functionality. The resultant effect would be significant change in gate-level netlist with no change in functional behavior. The structurally obfuscated design becomes unobvious for an attacker to identify the functionality. Thus, the structure of the design remains concealed for the attacker and he/she fails to insert malicious logic (Trojan) and counterfeit/clone the hardware. Thereby, structural obfuscation acts as 1 st line of defense.
2 nd Line of Defense: The scheduled and allocated design based on resource constraints and module library is obtained from the obfuscated DFG of JPEG compression algorithm earlier. This is used as input for embedding hardware steganography, as 2 nd line of defense. The process of embedding steganography information in the form of stegoconstraints is accomplished through crypto-based dual phase steganography encoder system. The process is explained in the following sub-sections:

1) INPUTS/OUTPUT OF THE PROPOSED HARDWARE STEGANOGRAPHY ENCODER: 2 ND LINE OF DEFENSE
The encoder system uses following three primary inputs to generate steganography embedded obfuscated JPEG compression processor: a: COVER DESIGN DATA For the proposed steganography approach, following two forms of the JPEG design are exploited as cover data: (a) scheduled and hardware allocated obfuscated DFG of JPEG compression processor (b) colored interval graph (CIG) [16] of the design, where nodes represent storage variables of the design, colors indicate different registers and edges between the nodes represent overlapping life-time of respective nodes. A CIG is a graphical representation used to show the assignment of all storage variables (Vj) in the JPEG design to the minimum possible registers/colors [10], [16].
To obtain the cover design data, the obfuscated DFG of the JPEG compression is scheduled and hardware allocated based on designer selected resource constraints and module library. Further, a CIG or register allocation is obtained using the scheduled DFG. Thus obtained CIG/register allocation is used to embed phase-1 of steganography (the stegoconstraints are embedded into the CIG during register allocation phase [16] of HLS). The forced execution of some storage variables through different registers (instead of their default registers) shows the embedded stego-constraints post phase-1 steganography. Further, another form of the cover design (scheduled and hardware allocated DFG of JPEG compression) is used to embed stego-constraints during hardware allocation phase [10] of HLS (phase-2 of steganography). The reallocation of functional units (FU) hardware shows the embedded stego-constraints in phase-2 steganography.

b: EMBEDDED DESIGN DATA
This is the secret design data used to generate stegoconstraints to be embedded. This secret design data is extracted from the corresponding CIG/ register allocation of JPEG compression.

c: Stego-Keys
Stego-key is very important part of the steganography process, because it controls the amount of steganography to be embedded into the JPEG processor design. In the proposed approach, total five stego-keys are used at different stages of stego-constraints generation process.
The output of the steganography encoder system is a steganography embedded obfuscated JPEG compression processor/intellectual property (IP) core.

2) DETAILS OF STEGANOGRAPHY ENCODER SYSTEM
Based on the stego-keys value and embedded design data (secret design data), the steganography encoder system generates stego-constraints and embeds them into the cover design data. Fig. 4 shows the detailed process of generating and embedding stego-constraints to obtain a steganography embedded obfuscated JPEG compression Processor. Following are the steps: 1. Embedded (Secret) Design Data: A secret design data is extracted from the CIG/register allocation. The secret design data is represented by a set 'S' comprising of elements indicating 'indices value (i, k) of storage variable pair (Vi, Vk) assigned to same register/color in the CIG. Thus, each element of the set is a pair of two digits. In order to represent each digit in the set in the hexadecimal form, '15' is subtracted from those digits whose value is greater than 15. The set 'S' in the current form is used as embedded (secret) design data for stego-constraints generation.
2. Stego-Constraints Generation: Based on the secret design data and stego-keys, stego-constraints are generated for embedding in the cover design data. The types of stegokey used and its corresponding modes are shown in Fig  (a) State-matrix formation: Based on stego-key1, some elements of set 'S' (representing secret design data) are chosen to form a state matrix, containing four elements in each row. The role of stego-key1 in choosing the elements from set 'S' is shown in Fig. 5. As shown in the figure, the size of stego-key1 is 3 bits. Thus combination of three bits decides the mode of choosing the elements from set 'S'. Total six modes for choosing elements are shown in Fig. 5. The selection of appropriate mode depends on the JPEG compression processor designer.
(b) Bit-manipulation: The nonlinear bit-manipulation (byte substitution) is performed on each element of the matrix using forward S-box. The bit-manipulation is performed to obscure the relationship between the key and the final stegoconstraints generated later (based on Shannon's property of confusion).
(c) Row diffusion: Post bit-manipulation, row diffusion is performed in the matrix to obscure the relationship between input secret design data and stego-constraints generated later (based on Shannon's property of diffusion). The diffusion is performed based on stego-key2. The stego-key2 decides the number of elements by which circular right shift in each row will be performed. The size of stego-key2 depends on the number of rows in the state matrix. If there are 'R' number of rows in the matrix, then the size of stego-key2 is 2 * R bits. This is because, for each row (containing 4 elements), combination of two bits decide the mode of row diffusion.  (iii) substitution. These properties achieve certain amount of confusion and diffusion which help in obscuring the relationship of the generated stego-constraints with the input secret design data and stego-keys. Multi-layered Trifid cipher is performed on each unique alphabet of state matrix based on stego-key3. The stego-key3 decides the key of encryption for each unique alphabet of the state matrix. For each unique alphabet, the encryption key is 27 characters long. Since, there are 27! permutations of 27 characters, therefore + (log 2 (27!) + bits are required to represent the key for an alphabet. Thus, total size of key to encipher all unique alphabets is = (# of unique alphabets) * (log 2 (27!) . This is because, a distinct key is chosen for each unique alphabet. The process of performing Trifid cipher is illustrated using an example in the next sub-section.
(e) Alphabet substitution: For each encrypted alphabet, equivalent digit is computed based on stego-key4. The size of the stego-key4 = (# of unique alphabets) * (log 2 (# modes for computing digit equivalent of unique alphabet) . The role of stego-key4 and the definition of each mode for computing digit equivalent of unique alphabets are shown in Fig. 5. Further, the alphabets of state matrix are substituted with the corresponding equivalent digit obtained.
(f) Matrix transposition: The updated state matrix is transposed.
(g) Mix-column diffusion: It is performed on each column of the transposed matrix to introduce Shannon's property of diffusion. For each column of the transposed matrix, the mix column diffusion is performed by using a circulant MDS (Maximum Distance Separable) matrix as used in advanced encryption standard (AES). The process of performing mixcolumn diffusion is illustrated using an example in the next sub-section. (i) Bit-stream truncation: The bit-stream obtained in the previous step is truncated to a designer's selected size/strength.
(j) Bit-encoding: Once the designer selected size of bitstream is obtained, bit '0' and bit '1' are encoded to convert into respective stego-constraints. Encoding of bit '0' and bit '1' representing the stego-constraints for embedding is shown in Table 1.
3. Stego-Constraints Implantation: Bit '0's are implanted into the design during register allocation phase and bit '1's are implanted during hardware allocation/scheduling phase of HLS. Embedding bit '0' and bit '1' as stego-constraints into the design generates steganography embedded JPEG compression processor.
Total key size of the proposed hardware steganography = key size of stego-key1 + key size of stego-key2 + key size of stego-key3 + key size of stego-key4 +key size of stego-key5 = 3bits + 2 * R +(#of unique alphabets) * (log 2 (27!) +(#of unique alphabets) * (log 2 (# modes for ×computing digit equivalent of unique alphabet) Pseudo code of the proposed double line of defense is shown in Fig. 6.

C. DEMONSTRATION OF EMBEDDING HARDWARE STEGANOGRAPHY ON DCT CORE USED IN JPEG COMPRESSION
The JPEG compression uses discrete cosine transform (DCT) underneath which is responsible for transforming the image information into frequency domain [3]. A demonstration of securing DCT core by embedding proposed hardware steganography is shown using the following steps (this subsection only illustrates the process of embedding proposed steganography): • 8-point DCT is scheduled and hardware allocated based on say, resource constraints (1+,4 * ), maximum two instances of vendor type-1 and one instance of vendor type-2 for each functional unit type (e.g. in a control step, maximum two multipliers/adders of vendor type-1 and one multiplier/adder of vendor type-2 are allocated). The scheduled and hardware allocated DFG is shown in Fig. 7.
• A CIG is constructed form scheduled DFG as shown in Fig. 8. The corresponding register allocation (before implanting steganography) is shown in Table 2. The scheduled DFG and CIG/register allocation act as cover design data for embedding proposed hardware steganography.
• Further, digit '15' is subtracted from those digits of the set whose value is greater than 15. This is done to get each digit in the rage of 0 • Based on stego-key1, a state-matrix is constructed using set 'S'. Suppose, the stego-key1 is ''001''. Therefore, mode-2 (choose 4 elements and skip 4 elements) is selected (shown earlier in Fig. 5). Based on the selected mode, the state-matrix containing four elements in each row is shown in Fig. 9(a). Note: Since last set of chosen   • The modified state-matrix after performing bitmanipulation using forward S-box is shown in Fig. 9(b).
• Based on stego-key2, row diffusion is performed in the state-matrix. For the chosen key, mode of diffusion for each row has been shown in Fig. 5. The number of rows in the matrix is R = 5, therefore the size of stego-key2 is 2 * R = 10 bits. Let's assume the stego-key2 is ''01 00 10 00 11''. Here, groups of two bits from left to right represent the key-bits for row-1 to row-5 respectively. Since, the key bits for first row is ''01'', therefore circular right shift by two elements is performed for this row. Similarly, diffusion is performed for each row based on the corresponding key bits (referring Fig. 5).
Post row diffusion, the modified state-matrix is shown in Fig. 9(c).
• In this step, TRIFID cipher is performed on each unique alphabet of the state-matrix. The unique alphabets in the matrix are: A, B, C, D, E and F. Since, the key for each alphabet is 27 characters long, therefore the 27 characters are divided in three square matrices of size 3 × 3. The output of TRIFID cipher for each alphabet is represented by a state ''xyz'', where 'x', 'y' and 'z' denote the row number, column number and square matrix number respectively for the corresponding alphabet. The process of obtaining the state ''xyz'' for each unique alphabet is as follows: • Equivalent digit corresponding to each unique alphabet is computed based on stego-key4. Let's assume the stego-key4 is ''001 000 010 101 001 010''. Here, groups of three bits from left to right represent the keybits for alphabets 'A' to' F' respectively. The group of 3 bits decides the mode (shown in Fig. 5) for computing equivalent digit for an alphabet. Here for each alphabet, the combination of 3 key-bits is chosen such that the computation of the corresponding state ''xyz'' should not exceed 15 in decimal. The computation of equivalent digit for each unique alphabet is performed based on the modes shown in Fig.5. Table 3 shows the corresponding key bits for all unique alphabets of the matrix and their computed equivalent digits.
• The state matrix is updated based on the output of the previous step. The updated matrix is shown in Fig. 10(a). Further, the updated matrix is transposed as shown in Fig. 10(b).
• For each column of transposed matrix, the mix column diffusion is performed by using a circulant MDS (Maximum Distance Separable) matrix (as used in AES).
Similarly, mix-column operations for other columns of transposed matrix are also performed. Post mix-column operation, the modified matrix is shown in Fig. 10(c).
• Let's assume the designer selected bit-stream length is 48. Hence, the truncated bit-stream is as follows (the bit-stream has total 24 number of 0s and 24 number of 1s): ''00100000101000010011110111110101110 1110100001110'' • Based on the encoding meaning (shown in table 1) of '0' and '1' bits of the bit-stream, the potential stego-constraints to be implanted in to the design are obtained. The stego-constraints corresponding to 24 number of 0s in the selected size of bit-stream are as follows:  Further, out of total 24 number of 1s in the truncated bitstream, embedding of only 15 number of 1s is possible. This is because, according to the encoding rule of bit '1' (shown in table 1), operations are allocated to the functional unit of specific vendor type to embed stegoconstraints corresponding to bit '1'. In this case, total operations are 15, therefore embedding of maximum 15 umber of 1's is possible.
• Stego-constraints corresponding to bit '0' are implanted in the register allocation phase of HLS and stegoconstraints corresponding to bit '1' are implanted in the hardware (functional unit) allocation phase of HLS. Post embedding phase-1 steganography (stegoconstraints corresponding to '0'), the CIG and register allocation table are shown in Fig. 11 and Table 4 respectively (highlighted register columns indicate change due to implanted steganography). Once, phase-1 steganography is embedded, phase-2 steganography is performed by embedding stego-constraints corresponding to bit '1'. Out of 24 number of 1s, embedding of only 15 number of 1s is possible, as explained earlier. However, out of 15 number of 1s, only 12 times 1s are effectively embedded. This is because, stego-constraints corresponding to three 1s do not satisfy (FU reallocation is not possible for operation 10, 12 and 14 because these operations should be assigned to FU of even vendor type (according to the  encoding rule of bit '1'), however this assignment is not possible as there is only 1 adder of odd vendor type. Post embedding dual phase steganography, the final scheduled DFG of DCT core is shown in Fig. 12. The observation of embedding dual phase steganography for stego-constraint size of 48 bits is shown in Table 5.
• Total size of stego-key for JPEG DCT core is computed to be ''610 bits'' from (1).

IV. DESIGNING JPEG CODEC WITH EMBEDDED HARDWARE STEGANOGRAPHY A. DEMONSTRATION OF EMBEDDING HARDWARE STEGANOGRAPHY ON DCT CORE USED IN JPEG COMPRESSION
In JPEG CODEC process, an image to be compressed is first converted into an N × N matrix, where each entry in the matrix represents the pixel intensity at corresponding location in the image. The pixel intensity ranges from 0 to 255. Since,  the DCT core underneath JPEG CODEC processor processes an 8 × 8 matrix at a time, therefore the NxN matrix representing input image is divided in to a number of non-overlapping 8 × 8 blocks of pixels. Further, since DCT can process the pixel value within the range of −128 to +127, therefore each pixel value in all 8 × 8 blocks of pixels is leveled off by subtracting 128. Block diagram of the hardware of JPEG compression process is shown in Fig. 13. As shown in the figure, DCT transformation is performed on each 8×8 blocks of pixels using a 2D-DCT coefficient matrix. The generic 2D-DCT coefficient matrix is shown in Fig. 14. Post-DCT transformation of each 8 × 8 blocks of pixels, quantization (at Q90 for higher quality) is performed for compression. By choosing specific quantization matrix, different ratio of compression and quality can be obtained. The quality level ranges from 1 to 100, where 1 indicates highest compression but poorest quality and 100 indicates lowest compression with best quality. In the proposed approach, the quantization matrix Q90 (quality level 90) is used to compress the CT scan medical images within the acceptable compression ratio. Once a DCT transformed matrix is quantized using quantization matrix, zigzag scanning is performed to obtain the data into one-dimensional array. Thereafter, the compressed data is converted into a bit stream by applying run-length encoding for storing and transmitting. In the process of decompression/ reconstruction of original image, the stored image data (in compressed form) is processed through run-length decoding followed by inverse zigzag scanning. This results into a quantized version of image data in the form of matrix. Next, inverse quantization is performed using corresponding quantization matrix which gives de-quantized data of pixels intensities. Thereafter, inverse DCT is performed on dequantized data which gives the final pixel intensity values of reconstructed image. The DCT transformation of each 8 × 8 block of pixels is performed by following matrix multiplication.
where T represents the 2D-DCT coefficient matrix (shown in Fig. 12), M represents the 8 × 8 block of pixels of input image and T' represents the transpose of T. The first pixel value 'X11' of the DCT transformed matrix X is given as follows: where, eight times c4 value in the equation represents the first column of matrix T' and d11, d12, . . . d18 represent the elements of first row of the matrix T * M. The first element d11 is calculated as follows: (4) where, eight times c4 value in the equation represents the first row of matrix T and m11, m21, . . . m81 represent the elements of first column of the input matrix M. Similarly, other elements of T * M matrix are calculated. Thus obtained T * M matrix is used to evaluate the matrix 'X' using (2). Computing hardware of matrix T * M is represented as micro IP which is further used in macro IP representing computing hardware of matrix X. Figure 15 shows the DFG of JPEG image compression as macro IP which uses micro IPs underneath. As shown in Fig.15, the first pixel value after DCT transformation is generated after operation 135. The first pixel of compressed JPEG image is generated by operation 136 which quantizes the DCT transformed value (output of operation 135) using corresponding element q1 of quantization matrix Q90 (as shown in Fig. 15). Note: Decompression is just the inverse of compression process. Therefore, a similar hardware design with different inputs can be used. For the sake of brevity, details of decompression process have not been included. VOLUME 8, 2020

B. STRUCTURAL OBFUSCATION ON JPEG CODEC-1 ST LINE OF DEFENSE
As shown in Fig. 15, the un-obfuscated DFG of JPEG image compression has been presented as a macro IP which comprises of 8 micro IPs underneath [13]. Here structural obfuscation is performed at two levels i.e. both micro IP and macro IP are structurally obfuscated. After performing tree height transformation (THT) based structural obfuscation, the obfuscated JPEG compression DFG is shown in Fig. 16. In THT based structural obfuscation, some sequentially executing operations are forced to execute as parallel sub-computations, thus incorporating the structural obfuscation by altering the data dependency of operations. For example, data dependencies of six operations (opn 10, 11, 12, 13, 14 and 15) in micro IP1 get altered owing to THT based structural obfuscation as shown in Fig. 16. Similarly, data dependencies of six operations in each other micro IPs also get altered. When THT based structural obfuscation is performed on macro IP, data dependencies of operations 130, 131, 132, 133, 134 and 135 get altered. This would result into structural obfuscation in the form of change in interconnectivity of resources, multiplexer and de-multiplexer inputs/outputs in datapath [13]. Thus, datapath architecture and controller logic of the design would be obscured without change in functionality. The structurally obfuscated design becomes unobvious for an attacker to interpret. Thus, the structure of the design remains concealed for the attacker and he/she fails to insert malicious logic (Trojan) and counterfeit/clone the hardware. Thereby, structural obfuscation acts as 1 st line of defense.

C. INTEGRATING HARDWARE STEGANOGRAPHY WITH STRUCTURAL OBFUSCATION FOR JPEG COMPRESSION PROCESSOR-2 ND LINE OF DEFENSE
The proposed crypto-based dual-phase steganography is integrated to the structurally obfuscated JPEG CODEC as 2 nd line of defense. This enhances the security of JPEG compression processor against aforementioned hardware threats. The process of embedding crypto-based dual-phase steganography for JPEG compression is as follows: 1. The constraints based list scheduling and hardware allocation are performed on structurally obfuscated DFG of JPEG compression. Scheduling is performed based on resource constraints (3+, 3 * ), where maximum two instances of a functional unit is of vendor type-1 and one instance is of vendor type-2.
2. Register allocation/CIG is obtained from scheduled obfuscated DFG. Both register allocation table and scheduled obfuscated DFG act as cover design data for embedding proposed steganography.
3. The secret design data for steganography is obtained from the register allocation of the obfuscated JPEG design (process of obtaining the secret design data is same as explained for DCT core in section 3.3 earlier).
to bit '0' are embedded into the register allocation phase. Post embedding bit '0', the modified register allocation of JPEG compression is shown in Fig. 17. Further, stego-constraints corresponding to bit '1' are embedded into the hardware (functional unit) allocation phase. According to the encoding rule of bit '1' (shown in table 1), the odd operations are allocated to functional unit of odd vendor type and even operations are allocated to functional unit of even vendor types. This reallocation of functional unit reflects the embedded stego-constraints corresponding to bit '1'. However, out of 203, some of bit '1' may not be embedded. For example, there are total 136 operations in case of JPEG design (as shown in Fig. 16), therefore embedding of maximum 136 number of 1s is possible. Further, out of 136, only 111 times 1s are effectively embedded. This is because, stego-constraints corresponding to some number of 1s do not satisfy (FU reallocation is not possible for some operations as these cannot be assigned to FU of vendor type according to encoding rule of bit '1'). Therefore only 111 number of 1s are effective embedded. Post embedding 1s into the hardware allocation phase, scheduling and FU allocation of steganography embedded obfuscated JPEG compression is shown in Table 6. Note: For the sake of brevity, the pre-steganography JPEG compression design has not been included. Post embedding constraints into two distinct phases of HLS, the steganography embedded obfuscated JPEG processor is generated which is highly secured using double line of defense.  Fig. 18 shows the generic block diagram of end to end secured JPEG CODEC process that ensures the security of medical images. As shown in the figure, the proposed steganography embedded obfuscated JPEG compression processor generates secured compressed image data quantized at quality level of Q90. To reconstruct the image, the compressed/quantized image data is decompressed/de-quantized using proposed steganography embedded obfuscated JPEG de-compression processor. Thereby the proposed JPEG CODEC processor secures the medical images from being corrupted/altered by external hardware threats and ensures the reconstruction of medical images in their genuine form. The compression and de-compression on six medical images of CT scan dataset [19] are performed for demonstration. The original, quantized (at quality level of Q90) and reconstructed CT scan images are shown in Fig. 19. Table 7 shows the Mean Square Error (MSE) and Peak Signal to Noise Ratio (PSNR) of compressed images for quantization level of Q90 to ensure acceptable quality.

V. EXPERIMENTAL RESULTS
The proposed approach has been implemented in C++ and run on processor with 4 GB, DDR3 memory at 1.9 GHz. This  section analyses the security proposed approach obtained from structural obfuscation (1 st line of defense) and hardware steganography (2 nd line of defense). The security due to structural obfuscation is analyzed in terms of strength of obfuscation. Further, the security due to steganography is analyzed using probability of coincidence metric for different design solutions (resource constraints) and key-size of JPEG compression. In addition, for each design solution, the security is evaluated for varying size of designer selected stego-constraints. The proposed approach achieves higher  security of JPEG processor on very low design cost. The design cost is also assessed for different design solutions and varying size of stego-constraints.

A. SECURITY ANALYSIS OF THE PROPOSED SECURE JPEG COMPRESSION PROCESSOR 1) STRENGTH OF STRUCTURAL OBFUSCATION
The structural obfuscation results into changes in functional units such as adders, multipliers etc., storage elements (register count, latches etc.) and interconnectivity of resources, multiplexer and de-multiplexer inputs/outputs, without affecting the functionality. This obscures the datapath architecture and controller logic of the design without change in functionality from an attacker's perspective. Thus, structurally obfuscated JPEG design becomes unobvious for an attacker to interpret. For example, for JPEG DCT core, the un-obfuscated and obfuscated versions are shown in Fig. 20 and Fig. 21 respectively. Un-obfuscated version indicates JPEG processor design which does not have any security algorithm employed. In other words, it is an unsecured version that does not have capability to counter RE (resulting into Trojan insertion). Hence, such a JPEG processor is not tamper resistant and trustworthy for usage in medical imaging systems. On the other hand, obfuscated version is tamper resistive to RE (resulting into Trojan insertion), hence trustworthy for usage in medical imaging systems. It is evident from Fig. 20 and Fig. 21 that the structural obfuscation introduces significant changes in the structure of the design, thus making it harder to reverse engineer. As explained earlier, the obfuscated JPEG DCT core achieves significant structural obfuscation through proposed technique resulting into changes in functional units such as adders, multipliers etc., storage elements (register count, latches etc.) and interconnectivity of resources, multiplexer and demultiplexer inputs/outputs. As the structure of the design remains concealed for the attacker, therefore he/she fails to insert malicious logic (Trojan) and counterfeit/clone the hardware. Table 8 compares the JPEG CODEC design pre and post structural obfuscation for resource constraints (3+, 3 * ). As shown in the table, respective gates affected at gate-level design is 10064 without changing the functionality.

2) STRONGER DIGITAL EVIDENCE HIDDEN IN STEGO-IMPLANTED JPEG COMPRESSION PROCESSOR
It signifies the strength of the implanted steganography information in the obfuscated JPEG compression processor. More steganography information distributed uniformly across the design in a covert manner implies that the design carries stronger digital evidence for authentication purpose. Stronger digital evidence (more steganography) hidden inside the design secures an authentic JPEG processor against possible removal and tampering. Thus, stronger steganography enhances the possibility of detecting counterfeited/cloned/tampered JPEG compression ICs. The proposed approach embeds crypto-based steganography at two distinct phases of HLS, therefore generates strong hidden digital evidence for JPEG compression.

3) LOWER PROBABILITY OF COINCIDENCE (PC) IN STEGO-IMPLANTED JPEG COMPRESSION PROCESSOR
The security due to embedding proposed hardware steganography into the obfuscated JPEG compression processor is assessed using probability of coincidence (Pc) metric [16], [17]. The Pc metric indicates the probability of obtaining the proposed steganography information in a non-steganography design. Since in the proposed approach, the obtained Pc value will be extremely low, thus this indicates that the chance  of carrying the proposed steganography information in a cloned/counterfeited design coincidentally is almost negligible. Thus, cloned/counterfeited JPEG design can be easily detected as these versions would not carry the authentic stegoinformation of the proposed approach.
The impact on security of JPEG compression due to both phase-1 and phase-2 steganography has been analyzed using Pc metric. Post phase-1 steganography, the probability of coincidence metric is evaluated as follows [16], [17]: where, Pc 1 represents the probability of coincidence post phase-1 steganography, c denotes the number of colors/registers in the JPEG compression design before embedding steganography and f1 denotes the number of effective stego-constraints (effective number of 0s) embedded in the CIG/register allocation phase. After performing phase-1and phase-2 of steganography, the Pc metric is evaluated as follows: where, Pc 2 represents the probability of coincidence post phase-1 and phase-2 steganography, f2 denotes the number of effective stego-constraints (effective number of 1s) embedded in the hardware (FU) allocation phase of HLS. Further, n indicates the total types of FU (e.g. two in proposed approach), N indicates the number of functional units of type Ri. In the proposed work, N(R1) indicates the number of adders and N(R2) indicates the number of multipliers. For proposed dual phase (phase-1 and phase-2) steganography, the Pc metric is evaluated for different size of stegoconstraints. The effective constraints embedded increase with the increasing size of stego-constraints for both phases of steganography. For each design solution, Table 9 shows the increments in both effective number of 0s (stego-constraints for phase-1) and effective number of 1s (stego-constraints for phase-2) with increasing size of total stego-constraints (designer selected bit-stream) from 100 to 400. Further, Table 10 presents the comparison of Pc 1 and Pc 2 for different design solutions of JPEG compression processor. For each design solution, the Pc 1 and Pc 2 metrics are compared for varying size of stego-constraints (total number of 0s and 1s). As shown in the table, the value of Pc 1 and Pc 2 reduces with the increasing size of stego-constraints. This is because, as the size of stego-constraints increases, the effective number of 0s (f1) and the effective number of 1s (f2) increases, therefore the value of Pc 1 and Pc 2 reduces according to (5) and (6). Thus, by choosing the large size of stego-constraints, lower value of probability of coincidence can be achieved which in turn signifies the higher strength of steganography. Additionally, the chosen design solution (resource constraints) also impacts the Pc metric as shown in Table 10. This is because in a specific size of stego-constraints, the number of 0s and 1s vary according to chosen design solution (this can be observed in the Table 9). Therefore, the selection of appropriate design solution is very crucial to obtain higher strength of steganography. As shown in Table 10, the design solution (3+, 3 * ) gives the lower Pc (higher strength of steganography) than other solutions.

B. LOW COST ROBUST SECURITY OF JPEG CODEC PROCESSOR: RESULTS
The proposed approach achieves security of JPEG compression processor at very low design cost. The design cost of pre and post steganography embedded obfuscated JPEG compression processor is evaluated based on following cost function [10]: where, C d (X i ) is the cost with resource configuration X i , A T and L T denote the JPEG compression design area and delay, Am and Lm denote the maximum area and delay of the design, w 1 and w 2 are the user defined weights for latency and area respectively. Both weights w 1 and Post phase-1 and phase-2 of steganography, the design cost is evaluated for different design solutions. Additionally, for each design solution, the cost is evaluated for varying size of stego-constraints. Table 12 presents the design cost post  TABLE 10. Security analysis (in terms of probability of coincidence) of proposed approach on varying size of stego-constraints for different design solutions. embedding phase-1 and phase-2 steganography and compares with the pre-steganography design cost. As shown in the table, the design cost post phase-1 steganography remains same as pre-steganography cost. This is because, embedding stego-constraints (0s) during phase-1 steganography does not require any extra register. However, post embedding phase-2 steganography, the design cost either slightly increases or remains unchanged with increasing size of stego-constraints. This is because, the embedded stegoconstraints (1s) during phase-2 steganography may require more FU (adders and multipliers) allocation of vendor type-2 than that of type-1. Since, the area and latency of FUs of chosen vendor type-2 is slightly higher with respect to vendor type-1, therefore the design cost may marginally increase post phase-2 steganography. Furthermore, the chosen design solution (resource constraints) also impacts the design cost as shown in Table 11. The design cost reduces as resource constraints are increased from (3+, 3 * ) to (5+, 5 * ). This is because, increasing resource constraints upto (5+, 5 * ) reduces the design latency significantly with marginal increase in the design area. This results into reduction in overall design cost. However, further increase in resource constraints from (5+, 5 * ) to (11+, 11 * ) does not cause significant reduction in the design latency. This is because, the utilized number of resources (adders/multipliers) in a control step (during scheduling) are lesser than the given resource constraints. Therefore, significant reduction in design latency with respect to increase in the design area does not take place. Hence, design cost starts increasing from (5+, 5 * ) onwards as shown in Table 11.
Furthermore, Table 12 shows the comparison of security and design cost of JPEG DCT core using proposed approach and related work [21]. As shown in the table, the proposed approach offers higher security in terms of key size (610 bits) at zero cost overhead. Larger key size in proposed approach enhances the difficulty level for an attacker in determining the embedded stego-constraints.
Graphical user interface (GUI) of the implementation of the proposed approach is shown in Fig. 22 which portrays the inputs and results obtained for 2 nd line of defense (proposed steganography). Obfuscated JPEG compression processor, the input to proposed steganography, is encircled in Fig. 22(a). Further, the constraint size, steganography constraints (number of 0s and 1s) and corresponding Pc values (same as reported in Table 10) for design solution ''3 * , 3+'' are encircled in Fig. 22(b). Similarly, results in terms of design cost can be shown.

VI. CONCLUSION
The JPEG CODEC processor used for compression and reconstruction in medical imaging systems is vulnerable to hardware threats such as malicious logic insertion, counterfeiting/cloning etc. To ensure the correctness of the medical image data, security of the JPEG CODEC processor is very crucial. In this paper, double line of defense is proposed to secure the JPEG processor. To do so, THT based structural obfuscation is used as 1 st line of defense and hardware steganography is embedded into the design as 2 nd line of defense. The embedding of proposed dual phase steganography on the top of the obfuscated JPEG design enables robust security of the JPEG processor design against aforementioned hardware threats for medical imaging systems. The proposed approach provides higher security at negligible design cost as shown in the results.
ANIRBAN SENGUPTA (Senior Member, IEEE) is currently an Associate Professor in computer science and engineering with IIT Indore, where he directs the research lab on ''CAD for Consumer Electronics Hardware Device Security and Reliability.'' He has more than 214 publications, including three Books and 11 Patents. He is the author of three Books from the IET and Springer on Hardware Security, IP core protection, and VLSI Design. His patents have been used and cited in industry patents/products of IBM