Efficient Electronic Patient Information Hiding Scheme With Tamper Detection Function for Medical Images

With the rapid development of the electronic medical information systems and Internet technology, the frequency of electronic medical records (EMRs) and electronic patient information (EPIs) transmitted over the Internet and shared among authorized medical parties is gradually increased. Reversible data hiding in medical images is an efficient technique to embed an EPI or EMR into a medical image, such as X-ray, MRI etc. In this paper, a reversible data hiding scheme by using enhanced neighbor mean interpolation (ENMI) technology is proposed to expand each <inline-formula> <tex-math notation="LaTeX">$2 \times 2$ </tex-math></inline-formula> block in the original image to a <inline-formula> <tex-math notation="LaTeX">$3\times 3$ </tex-math></inline-formula> block. The four original pixels remaining at the four corners in each expanded block. Five derived pixels by using the ENMI interpolation algorithm are used to carry 4-bits secret data and a 1-bit authentication code with our proposed efficient data hiding strategy. Experimental results confirm that the detection performance and the robustness of the hidden data with our proposed scheme are significantly higher than that of the Geeth & Geeth scheme and other six representative schemes.


I. INTRODUCTION
In the last two decades, data hiding techniques have drawn more research attention because security is increasingly important as transmitted data grows exponentially. Moreover, data hiding techniques do not have several of the limitations found in cryptography. Modern cryptography is heavily based on mathematical theory and computer science practice. Among cryptographic algorithms [1], no matter whether they are symmetric cryptographic algorithms or asymmetric cryptographic algorithms, a plain message is always transmitted in a meaningless form, which may leave an adversary a clue. In contrast, data hiding techniques successfully use meaningful cover media, such as an image, audio, video and text, to carry the secret message [2]- [28]. This unique feature of data hiding techniques makes it hard for attackers to visually distinguish images carrying secrets from images The associate editor coordinating the review of this manuscript and approving it for publication was Claudio Zunino. that do not carry a secret, and thus the security of the hidden data is increased. Therefore, data hiding techniques have been explored with various approaches, and its application has finally expanded to the medical domain.
For data hiding schemes belonging to the RDH branch, the applications cover military or medical domains, because cover images are not allowed to have any slight distortion in either military or medical applications. Representative RDH schemes include Tain's DE method [5], Nei's histogram shifting method [6], and many other RDH schemes based on various compression techniques, such as JPEG [24], VQ [7], BTC [21].
From the hidden data aspect, there are three purposes that can be achieved with data hiding schemes: 1) establishment of a confidential channel via the cover image so that a secret message can be sent to the recipient; 2) carrying a message with a transmitted image so that the hidden message can be extracted by a recipient to verify the integrity of the transmitted image; and 3) carrying a message with an image so that the image owner can use the carried message to claim ownership of an image. The first purpose can be implemented with conventional RDH. The second purpose can be done with image authentication, which is also called fragile watermarking. As for the third purpose, it can be done by robust watermarking. Once watermarking schemes have reversibility features; if the recovery information is embedded into the cover image along with the authentication code or ownership code, no matter whether the approach is fragile watermarking or robust watermarking, it will automatically inherit the recovery function. This means the tampered area can be restored with the assistance of hidden recovery information.
The first electronic medical record system was developed by the Regenstrief Institute in 1972. The idea of sharing electronic medical records (EMRs) was not widely adopted until 2000 when computers became more affordable and the Internet was becoming more accessible. Hospitals then started to develop electronic medical information systems to provide patients with better, safer and more efficient healthcare services. Because of this, the frequency of EMRs transmitted over the Internet and shared among authorized medical parties is gradually increased. As EMRs contains EPIs and patient medical records, such as X-rays and lab reports, it is crucial for EMRs to being efficiently and securely transmitted to authorized metical parties and without leaking EPIs and damaging patient privacy. As data hiding techniques can achieve the three objectives mentioned previously, researcher have explored whether data hiding in medical images is a feasible approach to protect EMRs and EPIs by providing confidentiality, integrity, authentication and even ownership functionalities.
In 2011, Chang et al. designed an RDH scheme with repetitive pixels for medical images [11]. In their scheme, they adopted Run Length Encoding (RLE), an efficient lossless compression algorithm, to losslessly embed information, such as EPI, into the LSBs of repetitive pixels of a medical image without using the binary location map. In 2013, Kumar et al. first designed an optimal hierarchical block division scheme based on four ways of block division [12]. Subsequently, a modified histogram shifting algorithm based on their optimal hierarchical block division scheme was proposed for medical images to achieve a high hiding capacity. Experimental results demonstrated that the average PSNR was more than 51 dB for 256×256-sized medical images by carrying secret data around 6,059 bits. In 2020, Gull et al. applied a dual data hiding strategy to increase hiding capacity while maintaining high image quality for medical images [22]. In their scheme, the secret message is preprocessed by using the Huffman encoding method. After Huffman coding is completed, a codebook is generated and can be used to generate the encoding indices for the embedding message, such as EPIs. The value of each generated index is then divided into two parts that can finally embedded into two meaningful images with an improved center folding strategy. Gull et al.'s scheme provides an average embedding rate of around 2.69 bpp while maintaining average image quality at 50 dB, but the average BER is only around 0.5. In the same year, Geeth & Geeth applied an interpolation technique to enlarge a medical image. Then the original pixels located at a 2 × 2 block of the original image is then left at four corners of the enlarged 3 × 3 block of the expanded image [10]. Finally, the pixel values generated by an interpolation algorithm are used to carry the secret message and authentication code. With the proposed scheme, they successfully decreased BER to 0.048 when the stego image is subjected to a salt and peppers noise attack for 0.1 while retaining a similar BER as before for the remaining attacks.
Although many RDH schemes with a tamper detection function have been proposed for medical images, it is crucial to further decrease the distortion under different attacks while maintaining high image quality. In this paper, a novel efficient electronic patient information hiding scheme is proposed to achieve the above objectives thru an interpolation-based data hiding strategy with tamper detection function.
The rest of this paper is organized as follows. Section 2 briefly reviews the enhanced neighbor mean interpolation (ENMI) which will be used in the proposed scheme. Section 3 explains our proposed interpolationbased reversible data hiding scheme. Section 4 demonstrates the experimental results, comparisons among our proposed scheme and other six existing schemes under different attacks. Finally, brief conclusions are given in Section 5.

II. RELATED WORK
Based on the experimental results demonstrated in [11], we found the estimated pixel values derived from the enhanced neighbor mean interpolation (ENMI) can provide a relatively high image quality in stego images. This section introduces the ENMI algorithm in Subsection 2.1. Next, some presentative data hiding schemes based on image interpolation are described in Subsection 2.2. VOLUME 10, 2022

B. RESENTATIVE DATA HIDING SCHEMES BASED ON IMAGE INTERPOLATION
In additional to the scheme [11] introduced in Section 1, there are many data hiding methods based on image interpolation algorithms [10], [15], [16], [18], [30], [32]. In 2009, Jung and Yoo first applied the image interpolation technique to hide secret data to a cover image [10]. To achieve their objective, Jung and Yoo designed a new image interpolation (NMI) algorithm, in which neighboring pixel values are used to calculate the mean, and then the calculated mean value is inserted into a pixel that has not been allocated yet. In Jung and Yoo's scheme, a cover image sized as H×W pixels is first downsized into a (H/2 + 1)×(W/2 + 1) sized image. Then, the downsized image is divided into non-overlapping 2 × 2 blocks. Note that the first pixel in each 2 × 2 block remains the same, while the remaining three pixels are derived by using NMI and the difference between each derived value and the first pixel is calculated to carry secret data. The payload for each derived value is related to its difference to the first pixel.
The same research team also combined another image interpolation algorithm called interpolation by neighboring pixels (INP) and LSB substitution to design a semi-reversible data hiding scheme in 2015 [15]. In 2017, Yang et al. adopted the same image interpolation algorithm as [15] did to generate the cover image, but applied least significant (LSB) substitution and optimal pixel adjustment process (OPAP) instead of simple addition to further increase the visual quality of the stego image [16]. In 2019, Mohammad et al. designed a new image interpolation algorithm to calculate the interpolated pixels based on remaining four unchanged corner pixels with different weights. For example, both I(0,0) and I (0,1) contribute a one third impact and both I(0,1) and I (1,1) only contribute a one and sixth impact to calculate the expanded pixel I (0, 1) as I (0, 1) = [(I (0, 0) + I (0, 1))/3 + (I (0, 1) + I (1, 1))/6] [18].

III. PROPOSED SCHEME
To create enough embedding space for medical images to carry EPIs and to ensure that the original medical images can be completely restored, our proposal is inspired by previous work introduced in Section 2 and also refers to various interpolation algorithms demonstrated in [13]. Finally, the ENMI algorithm proposed by Chang et al. [13] was selected to expand the original medical image I sized as H × W pixels into ((H /2) + 1) × ((W /2) + 1) × (3 × 3)-sized expanded image I because ENMI successfully enhances 2dB than that of Nearest neighbor interpolation (NMI) based on the experimental results reported in [13].
To effectively detect the tamper regions, and embed EPIs into a medical image, the hidden data is divided into two categories: one is the authentication code (AC) and the other is the secret message (M ), such as EPIs. It is noted the AC = {ac 1 , ac 2 , . . . , ac l } and M = {m 1 , m 2 , . . . , m l }, where l = ((H /2) + 1) × ((W /2) + 1). The overall flowchart of our proposed scheme is depicted in Figure 2. Figure 2 shows how the secret message M will be embedded to a medical image with our proposed scheme and how the extracted authentication code will be used to judge whether or not the current block has been tampered. If it is un-tampered, the extracted message M will be recorded. After the verifying operation is completed, the restoration function is conducted. Finally, when all regions are judged as un-tampered, the original medical image I can be reconstructed and the secret message M can be obtained.

A. DATA EMBEDDING PHASE
Assume that a H × W medical image I is divided into ((H /2) + 1) × ((W /2) + 1) non-overlapping blocks and each block is sized as 2 × 2 pixels. Once ENMI interpolation is completed, each block size is expanded as 3 × 3 pixels, and each expanded block is denoted as I'_B l . As we mentioned in previous paragraph, the hidden data is divided into two categories: one is the authentication code (AC) and the other is the secret message (M ), such as EPIs. It is noted the AC = {ac 1 , ac 2 , . . . , ac l } is pre-generated by using the secret key SK and a pre-determined random number generator, and The ENMI interpolation operation has been introduced in Subsection 2.1, thus, we skip the related descriptions here and focus on how to embed the authentication code and secret message into each non-overlapping block. The authentication code can be a binary stream and generated by a secret key SK with a pre-determined random number generator in advance. The detail embedding algorithm is as follow: Input: Expanded image I , authentication code AC = {ac 1 , ac 2 , . . . , ac l } and secret message M = {m 1 , m 2 , . . . , Step 1: Determine threshold k, read a block I'_B l , where l = H 2 + 1 × W 2 + 1 , and calculate difference for pixels in the expanded block.
where I'(i,j) denotes the pixel value located at (i,j) for the currently processing block and D(i,j) indicates the difference derived from the current pixel I'(i,j).
Step 2: For I (i, j − 1), I (i − 1, j), I (i + 1, j) and I (i − 1, j − 1) located at the currently processing block I _B l as shown in Figure 3, modify the current pixel value based on the computed D(i, j) according to the three modification rules, which are also demonstrated in Table 1, and hidden message m l , where m l = {0, 1} and l = ((H /2) + 1) × ((W /2) + 1). If D (i, j) = m i , find a new pixel value newI (i, j) which meet the following rule: The reference table shown in Table 1 presents a simple but important idea, that is, if the derived difference D(i, j) is the same as that of hidden message m l or authentication code ac l ,  it means the current pixel is located at the same secret-bit range as a hidden m l or ac l . Here, D(i, j) is computed by Equation (2), m l indicates the secret bit embedded into a given pixel and m l = {0, 1}, and ac l indicates the authentication bit embedded into a given pixel and ac l = {0, 1}. The status of I (i, j) indicates whether the current I (i, j) should be changed or not according to three modification rules, which are as follows: where ''C means the current I (i, j) must be changed. In contrast, ''UC'' means the current I (i, j) can remain as it is: Rule 1: The new pixel newI'(i,j) must make sure its derived D is the same as either hidden message m l or hidden authentication bit ac l . VOLUME 10, 2022 Rule 2: The difference between the new pixel newI'(i,j) and the original pixel I'(i,j) must be minimized.

Rule 3:
The new pixel newI'(i,j) should not be located at the boundary area of its corresponding secret-bit rangee.
Here, we also define if ac l = 0 or m l = 0 then the secret-bit rangee is defined as ''0,'' if ac l = 1 or m l =1 then the secretbit range is defined as ''1.'' If the derived difference D (i, j) located at secret-bit range ''0'' and D (i, j) equals to ''0'' or ''3,'' the current pixel I'(i,j) is located at the boundary area of secret-bit range ''0''. Following the same concept, if the derived difference D (i, j) is located at secret-bit range ''1'' and D (i, j) equals to ''4'' or ''7'', the current pixel I'(i,j) is also located at the boundary area of secret-bit range ''1''. If a pixel meets the first two rules, but it is located at the boundary area, then, a new pixel value should be found for the current pixel in order to comply with the three modification rules. This is because the hidden data is easily modified when the pixels are located in the boundary area once an attack occurs. Take pixel = 112 for example, if it is changed to 111, the derived D will be changed to ''7'' instead of ''0,'' as the corresponding secret-bit range is changed and the hidden data is also changed. Only when the third rule is met, the robustness of the hidden data can be guaranteed.
Step 3: For pixel value I'(i,j) of expanded block I _B l as shown in Fig. 3, modify the current pixel value based on its derived D according to above three modification rules (Table 1), and hidden authentication code ac l , where ac l = {0, 1} and l = ((H /2) + 1) × ((W /2) + 1).
Step 4: Output the proceeded stego block and then read the next block.
Step 5: Repeat Steps 2 to 4 until all blocks have been proceeded. Finally, a stego-image SI is generated and sent to the receiver.
To give a clear picture for our data embedding strategy, an example is demonstrated in this paragraph. Take k = 3, I (i, j) = 106, hidden message m i = 0 for example. Based on Equation (2), the corresponding D(i, j) = 2 = 106 mod2 3 = 106 mod8. The derived D = 2 located at secret-bit range ''0'' is the same as the hidden message m l = 0. Therefore, I (i, j) = 106 remains the same. As another example, for I'(i,j)=114, the hidden message m l = 1. Based on Equation (1), the corresponding D(i, j) = 2 = 114 mod2 3 = 114 mod8. The derived D = 2 located at secret-bit range ''0'' is different from secret-bit range ''1'' of hidden message m l = 1. Therefore, pixel I'(i,j) must be further changed based on the modification rules listed above. The possible candidates for the current I (i, j) = 114 are listed in Table 2.
From Table 2, we can see the new pixel value for the current I'(i,j) is selected as 117 because its secret-bit range ''1'' is the same as hidden data m l , the caused distortion is minimized and the new pixel value is not located at the boundary of secret-bit range ''1''. Once the data embedding is completed, the stego-image contains secret message and authentication code is then sent to the receiver.

B. DATA EXTRACTION AND VERIFICATION PHASE
Upon receipt, the receivers of the stego-image can extract the hidden authentication code to determine which blocks have been tampered. If a block has not been tampered, its extracted secret message will be outputted. If the integrity of the stego-image is verified, the extracted hidden data is contacted as the original message M . Details of data extraction and verification algorithms are shown below: Input: Stego-image SI, secret key SK, random number generator and threshold k Output: Secret message M = {m 1 , m 2 , . . . , m l } and restored original image I Step 1: Generate AC = {ac 1 , ac 2 , . . . , ac l }, where l = ((H /2) + 1) × ((W /2) + 1), by using secret key SK and the pre-determined random number generator.
If they are equal, it means the current block has not been tampered. Otherwise, mark the block as ''tampered,'' and go to Step 5.
Step 5. Output error message as ''E'' to indicate that the current block has been tampered.
Step 6. Repeat Steps 2 to 5 until all blocks of stego-image SI have been proceeded.
Step 7. Contact all outputted messages. If the stego-image has not been tampered, all the extracted hidden message m i will be contacted as secret message M . Otherwise, the combination of the extracted secret data and error message will be presented to the receiver.
With our data extraction and verification phase, the integrity of the stego-image is verified, and the hidden message can be successfully extracted to generate secret message M . Follow the example demonstrated in data embedding phase, when receiver detects the pixel value as 117 in the stego image, s/he can conclude D(i, j) = 5 = 117mod2 3 and judges the hidden data is 1 based on judgement rules demonstrated in Table 2.

C. RESTORATION PHASE
Note that the restoration phase is triggered when stego-image SI is determined as an un-tampered image. In other words, the integrity of stego-image SI has been confirmed. A detailed description of our restoration algorithm is presented as below: Input: Stego-image SI Output: Original image I Step 1: Read a block.
If the stego-image has not been tampered during data transmission, the original image I can be completely restored after the hidden data is extracted with our proposed restoration algorithm. Even the stego-image has been tampered, the original image I still can be restored as long as the four corner pixels in stego-blocks have not been tampered.

IV. EXPERIMENTAL RESULTS
To evaluate the performance of our proposed scheme on the image quality of a stego image, hiding capacity, and to observe the robustness under various attacks, we implemented our scheme with Matlab. Experiments were conducted on a personal computer of an Intel i7-4790 CPU, 8GB memory and Windows 10 Home basic 64-bits operating system. Six 512 × 512-sized medical gray-scale images were served as test images: (a) Palm X-ray image, (b) Ultra scan foetus image, (c) Brain MRI scan image, (d) Thorax X-ray image, (e) Brain CT scan image and (f) Cephalogram dental image as shown in Figure 4.

A. PERFORMANCE OF OUR PROPOSED SCHEME
The criteria used to evaluate the performance of the proposed scheme on image quality are the peak signal-tonoise ratio (PSNR) and the structural similarity index (SSIM index). PSNR is defined as follows to evaluate the quality of the stego images.
where mean square error (MSE) is as follows: where W stands for width and H stands for height of the images I and SI, respectively. I(i,j) and SI(i,j) are the pixel values of the original image and the stego image, respectively. As shown in Equation (3), the smaller the MSE, the larger the PSNR, and vice versa. In general, when a stego-image's PSNR is larger than 30 dB, the human vision system has difficulty in distinguishing the stego-image from the original image.
The SSIM index, which is an index to evaluate the similarity between the original image and the stego image, is shown in Equation (5) SSIM where, µ x and µ y denotes the average pixel values of images x and y, respectively; and σ x , σ y, σ xy denoted the standard deviation and cross-correlation for the images x and y, r espectively. As for c 1 and c 2 , they are constants set internally by the SSIM function of Matlab. In addition to the image quality of stego image, there are three other different kinds of criteria used. One is hiding capacity, and the general unit used to present the hiding capacity of a data hiding scheme is bit or bit per pixel (BPP). Another is the robustness of the hiding strategy under different attacks, such as bit error rate (BER) and normalized cross correlation (NCC). The other is security of the hidden data, such as information entropy H (I ), the number of pixels change rate (NPCR) and the unified average changing intensity (UACI). In general, there is always a trade-off between image quality and hiding capacity. Moreover, once the size of the hidden data becomes larger, the challenge of protecting the hidden data is also higher.
The definitions of BER, NCC, information entropy, NPCR and UACI are listed as follows:
where W stands for width and H stands for height of the images I and SI, respectively. I(i,j) and SI(i,j) are the pixel values of the original image and the stego image, respectively. From Table 3, we can see when threshold k is set as 3, the average image quality of six test images is up to 46.94 dB and the SSIM index between the original image and stego image is around 0.984. Comparing the results listed in Tables 3 and 4, we can also find the original image and stego image are relatively similar to each other when k = 3 is compared with k = 4.
Since PSNRs and SSIMs with k = 3 are higher than those with k = 4, Fig. 5 demonstrates the results of our proposed scheme with k = 3. From a visual quality perspective, comparing the original images shown in Fig. 5-1(a) to 5-6(a) and stego images shown in Fig. 5-1(b) to 5-6(6), we can find the difference between the original image and stego image is barely recognizable. This confirms that our proposed scheme not only maintains a similar structure between the stego image and original image, but that the visual quality offered by our proposed scheme is quite high.
To further demonstrate the performance of our proposed scheme on hiding capacity, image quality and security of the hidden data, results are presented in Tables 5 and 6 with two different test image sets. The former is a test set with  six medical images as shown in Fig. 2 and the latter is the other test set contains five general test images, such as ''Airplane,'' ''Baboon,'' ''Boat,'' ''Lena,'' and ''Peppers.'' Since each block is sized as 2 × 2 pixels in the original image, and it has been expanded to a 3 × 3-sized block in the expanded image. Four pixels in each expanded block are used to carry 4-bits secret data and the pixel located at the central part in the 3 × 3-sized block is used to conceal a 1-bit authentication code. Therefore, a stego-image hides 327,680 bits in total. The hiding capacity of our proposed scheme is fixed (0.55 bpp) and is not affected by different thresholds ks. For the medical image set, the average PSNR is around 46.94 dB. As for the general image set, the average PSNR is around 45.458 dB.
According to the information entropy defined in Equation (7), if the information entropy is closer to 8, it means the current image has higher randomness. We can observe from Tables 5 and 6 that the information entropy of the stego images ranged from 5 to 7. As for NPCR and UACI, the former is used to determine the rate at which the pixels changed for a stego image caused by payload embedding, and it has a maximum theoretical value of 1. The latter is used to indicate the average intensity of the change of pixel values, and it has a theoretical value of 0.3346. In general, the smaller the NPCR and UACI are, the more minor the changes caused on the pixel during data embedding. The results of NPCRs and UACIs presented in Tables 5 and 6 confirm that our proposed data hiding strategy provides acceptable protection for the hidden data. Moreover, the more secure the hidden data is with our proposed scheme, the more diverse the pixel distribution of the cover image is. VOLUME 10, 2022

B. EXPERIMENTAL ANALYSIS IN MEDICAL IMAGES FOR VARIOUS ATTACKS
The proposed scheme can detect tampered blocks. If the integrity of the received stego image is verified, and the stego image is determined as un-tampered, the hidden secrets can be extracted. Moreover, the original image can be completely restored. Since a stego image may be attacked during data transmission, how many tampered blocks can be identified and the robustness of the hidden data under different attacks are two crucial criteria for a data hiding scheme. In this section, several attacks such as salt and peppers noise, filtering, JPEG compression, sharpening, etc., will be used to evaluate the performance of our proposed scheme on standing attacks. The results demonstrated in Subsection 4.1 show the image quality of the stego image with k = 3 is slightly higher than those with k = 4. Therefore, in the following experiments we only present test results with k = 3. Table 7 presents the NCCs and BERs when a stego image is exposed to salt and peppers noise with a noise density 0.1, and Fig. 6 shows stego images attacked by salt and peppers noise and detection results with our proposed scheme. Table 7 shows an average of 15,856 blocks as tampered, BER as 19.44% and NCC as 0.8055 for the extracted hidden data when k = 3. Accordingly, more than 80% of the hidden EPIs can be extracted even under the salt and peppers noise attack.

2) ADDITIVE WHITE GAUSSIAN NOISE (AWGN)
Here, an AWGN attack is simulated as mean = 0 and variance = 0.02. When stego images are under an AWGN attack. The detection performance and robustness of the hidden data provided by our proposed scheme with threshold k = 3 are demonstrated in Table 8 and Fig. 7. An average of 34,596 blocks are identified as tampered, the BER of the hidden EPIs is 40.64%, and NCC is 0.5935, which means around 60%  of hidden EPIs can be correctly extracted even when 52.8% blocks have been tampered.

3) JPEG COMPRESSION
JPEG compression is quite frequently adopted to reduce bandwidth requirements during data transmission. From Table 9 and Fig. 8, we can see that an average of 41,765 blocks are identified as tampered, the BER of the hidden EPIs is 33.77%, and NCC is 0.6622, which means even more than around 64% of the blocks have been identified as tampered, there are still 33.77% of hidden EPIs can be correctly extracted.

4) FILTERING ATTACKS
In general, filtering is used to remove noise that exists in the images and increase the image quality of the image.   However, filtering also can be treated as an attack just like a JPEG attack. A kernel window sized as 3 × 3 is used in our simulation. Fig. 10 and Table 9 demonstrate the detection performance and robustness of the hidden data provided by our proposed scheme with a threshold k = 3 when the stego image are under a filtering attack. An average of 34,406 blocks are identified as tampered, and the BER of the hidden EPIs is 30.64%, and NCC is 0.6935.

5) MEDIAN FILTERING
Among various filterings, median filtering is a kind of nonlinear filtering. The kernel window of 3 × 3 is the same as the filtering attack mentioned in the previous subsection, where   the detection performance and robustness of the hidden data provided by our proposed scheme with a threshold k = 3 are demonstrated in Table 11 and Fig. 10. An average of 34,596 blocks are identified as tampered, the BER of the hidden EPIs is 30.64%, and NCC is 0.6935, which means around 70% of hidden EPIs can be correctly extracted when 52.8% of blocks have been tampered.

6) WEINER'S FILTERING
Weiner's filtering is mainly used to remove blur in an image processing application. It can also be treated as an attack. When stego images are under Weiner's filtering attack, the detection performance and robustness of the hidden data provided by our proposed scheme with threshold k = 3 are demonstrated in Table 12 and Fig. 11. An average of 35,516 blocks are identified as tampered, the BER of the hidden EPIs is 36.83%, and NCC is 0.6316, which means there are around 63% of hidden EPIs that still can be correctly extracted when more than half of a stego image has been tampered.

7) SHARPENING ATTACK
When stego images are under a sharpening attack, the detection performance and robustness of the hidden data provided by our proposed scheme with a threshold k = 3 are demonstrated in Table 12 and Fig. 11. An average of 35,516 blocks are identified as tampered, the BER of the hidden EPIs is 36.83%, and NCC is 0.6316, which means there are around 63% of hidden EPIs still can be correctly extracted when more than half of a stego image has been tampered.

C. COMPARISONS WITH OTHER SCHEMES
To further demonstrate the performance of our proposed scheme on image quality, hiding capacity, detection performance and robustness of the hidden data. We selected six representative data hiding schemes [5], [23], [25]- [28] for medical images to compare with our proposed scheme. Comparisons are listed in Table 14. Table 14 Comparisons among seven representative data hiding schemes and our proposed scheme Table 14 shows that our proposed scheme can conceal 327,680 bits into a stego image sized 768 × 768 pixels expanded by ENMI. Since a 2 × 2 block in the original image is expanded into a 3×3 block in a stego image, four secret bits and 1-bit authentication code are embedded into a 3×3 block. Therefore, our proposed scheme offers 0.5(= 5/9) bpp on average while the hiding capacity is up to 327,680 bits into the stego image in total. The hiding capacity offered by our proposed scheme is around 49 dB on average, which is lower than the Geeth & Geeth scheme [23] but significantly higher than the remaining five schemes. When k = 3, the SSIM of our proposed scheme remains 0.98.
Since the Geeth & Geeth scheme [23] outperforms our proposed scheme in terms of hiding capacity, we first select two medical images: ''Thorax X-ray'' and ''Brain MRI scan'' to further examine the detection performance and robustness of the hidden data. Tables 15 and 16 show in ''salt and peppers attack,'' the fragile level of our proposed scheme is higher than the Geeth & Geeth scheme. Additionally, for the rest attacks, our proposed scheme always provides fewer BERs of the hidden data than those offered by the Geeth & Geeth scheme. For various filtering attacks, such as median filtering and so on, our average BER is around 11% higher than that of the Geeth & Geeth scheme when k = 3.
Geeth & Geeth scheme and ours is 21.93% and 52.80%, respectively. The detection performance of our proposed scheme is about two times that of the Geeth & Geeth scheme.
Moreover, when half of the blocks have been tampered, the BER of the extracted EPIs is 29.87%, 39.36% for our proposed scheme with k = 3 and the Geeth & Geeth scheme, respectively. Thus, our proposed scheme provides the hidden data with higher protection and strong robustness, such that the BER offered by our scheme is significantly lower than the Geeth & Geeth scheme. The lower the BER is, the higher the similarity between the extracted secret data and the original secret data. In other words, both the detection performance and protection mechanism of our proposed scheme based on range-based instead of specific value for hidden authentication code or secret message are confirmed.

V. CONCLUSION
In this proposed scheme, we first expanded each block sized 2×2 pixels to a 3×3-sized block, with the four original pixels remaining at the four corners in each expanded block. For five pixels derived by the ENMI interpolation algorithm, a simple data hiding strategy is designed with pixel concentration in each secret-bit range. In other words, pixels are mapped to one of mutually exclusive secret-bit ranges and all pixels carrying secret data are concentrated in each secret-bit range, so that the possibility of pixels changing to the other secret-bit range is significantly reduced even when an attack occurs.
Our proposed scheme provides data hiding strategy with the low computation complexity, and the experimental results show the average BERs of our proposed scheme as k = 3 and 4, which is 31.5% and 29.8%, respectively. These values are lower than that of the Geeth & Geeth scheme (39.3%). The number of tampered blocks accumulated by our proposed scheme with k = 3 and 4, are 34217 and 34223, respectively, which are higher than that of the Geeth & Geeth scheme (14374). In other words, the experimental results confirm that the detection performance and the robustness of the hidden data with our proposed scheme is significantly higher than that of the Geeth & Geeth scheme. With our proposed scheme, doctors can receive sufficient information (ex. medical images and EPIs) for medical treatment at the same time when receiving required medical image(s) in a single time. Moreover, they can judgement whether the received medical image(s) have been tampered or not. This will be quite helpful for telemedicine. In the future, we will further explore methods to improve on our proposed scheme in terms of a salt and pepper attack and then increase the robustness of the hidden data while increasing the hiding capacity.
CHIA-CHEN LIN received the Ph.D. degree in information management from the National Chiao Tung University, in 1998. Since 2018, she has been the School Counselor with Providence University. She is currently a Professor with the Department of Computer Science and Information Management, Providence University. Her research interests include image and signal processing, information hiding, mobile agent, and electronic commerce. Since 2018, she has been a fellow of IET. From 2009 to 2012, she served as the Vice Chairman for the Tainan Chapter IEEE Signal Processing Society. She also serves as an Associate Editor and an Editor for several representative EI and SCIE journals. JUI-FENG CHANG received the master's degree in information engineering and computer science from Feng Chia University, in 2022. His research interests include image and signal processing and information hiding. VOLUME 10, 2022