Bahir Dar University

Bahir Dar Institute of Technology

School of Research and Postgraduate Studies

Faculty of Electrical and Computer Engineering

MSc in Computer Engineering

Design and Implementation of Authentication Algorithm for Medical

Internet of Things using a Combination of Cryptography and

Steganography

By: Wubie Engdew Hailu

Bahir Dar, Ethiopia

January, 2020
MSc Thesis Faculty of Electrical and Computer Engineering
Design and Implementation of Authentication Algorithm for Medical

Internet of Things using a Combination of Cryptography and

Steganography

By: Wubie Engdew Hailu

A thesis submitted to the school of Research and Postgraduate Studies of Bahir Dar

Institute of Technology, BDU in partial fulfillment of the requirements for the degree

of

Master of Science in the Computer Engineering in the Faculty of Electrical and

Computer Engineering

Advisor: Dr. Henock Mulugeta

Co- Advisor: Mr. Eneyachew Tamir

Bahir Dar, Ethiopia

January, 2020

January 10, 2020 1

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering

Declaration
I, the undersigned, declare that the thesis comprises my own work performed under
the supervision of Dr. Henock Mulugeta and Mr. Eneyachew Tamir. In compliance
with internationally accepted practices, I have acknowledged and refereed all
materials used in this work. I understand that non-adherence to the principles of
academic honesty and integrity, misrepresentation/ fabrication of any
idea/data/fact/source will constitute sufficient ground for disciplinary action by the
University and can also evoke penal action from the sources which have not been
properly cited or acknowledged.

Name of the student_______________________________ Signature _____________

Date of submission: ________________
Place: Bahir Dar

This thesis has been submitted for examination with my approval as a university
Advisor and Co-Advisor.

Advisor Name: _______________________________________

Advisor’s Signature: ___________________________________

Co-Advisor Name: ____________________________________

Co-Advisor’s Signature: _______________________________

January 10, 2020 2

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering

© 2020

Wubie Engdew Hailu

ALL RIGHTS RESERVED

January 10, 2020 3

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
Bahir Dar University

Bahir Dar Institute of Technology-

School of Research and Graduate Studies

Electrical and Computer Engineering Faculty

THESIS APPROVAL SHEET

Student:
________________________________________________________________________
Name Signature Date
The following graduate faculty members certify that this student has successfully presented
the necessary written final thesis and oral presentation in partial fulfillment of the thesis
requirements for the Degree of Master of Science in Computer Engineering
Approved By:
Advisor:
________________________________________________________________________
Name Signature Date

External Examiner:
________________________________________________________________________
Name Signature Date

Internal Examiner:
________________________________________________________________________
Name Signature Date

Chair Holder:
________________________________________________________________________
Name Signature Date

Faculty Dean:
________________________________________________________________________
Name Signature Date

January 10, 2020 4

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering

Dedicated

To
My father Ato Engdew Hailu and My Mother W/ro Kassa Ayele

January 10, 2020 5

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
Acknowledgement
First of all, I would like to thank the Almighty God (Alpha and Omega), his holy mother
(Woladite Amlak Mariam) and beloved family for giving me the strength through all
challenging thesis work journeys.

I would like to express my gratitude to my principal advisor Dr. Henock Mulugeta and my
co-advisor Mr. Eneyachew Tamir, who has continually expressed their belief in my
abilities. I thankful for being given the opportunity to carry out my thesis proposal under
their supervision. Over the course of this journey, they have inspired and guided me in the
right direction and made this thesis proposal what it is today. I am grateful for their time,
ideas and enthusiasm that helped me a lot since I started my research activity and
contributed to the achievements of the thesis.

I grateful to my friends for their support and entertaining fun throughout this journey. I
also wish to extend my thanks to the Faculty of Electrical and Computer Engineering and
all the members of this Faculty for their cheering direction and for providing a good quality
education which has enabled me to grow and develop professionally.

Specially, I would like to thank Bahir Dar University, Bahir Dar Institute of Technology
for giving me the scholarship to study my postgraduate study.

Finally, my Brother Tiruneh, we really miss you. We suddenly lost you. We will never
forget you. May his soul Rest in peace.

January 10, 2020 6

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
Abstract
Internet of Things (IoT) and cloud computing aims at enabling a variety of next generation
technologies, such as intelligent wireless sensor element networks (WSNs), smart cities,
smart homes, and smart health care system. Due to this tremendous rise of the cloud
computing and the IoT paradigms, the chance of remote monitoring of the patients in real
time by a distant medical skilled professional has become possible and patients will get
pleasure from health care services at home. To achieve this, the patient’s medical
information got to behold on the Cloud server. However, patient medical information
stored on server is highly sensitive and, hence, the Cloud-its network becomes open to
many attacks. For that reason, it must ensure that patients’ medical information does not
get exposed to malicious users. This makes strong authentication is a requirement for the
productive international deployment of centralized smart healthcare systems. Moreover,
the medical devices used in the IoT enabled healthcare system are resource constrained
device. To implement protection mechanisms for such applications we need to use
Cryptography and steganography. They are the two standard ways offered to produce
greater security. Crypto-steganography combination overcomes each other’s weakness and
make difficult for intruders to attack or steal sensitive information. This paper presents a
proposed algorithm to enhance the authentication of Medical data access using Diffie and
Hellman algorithm whereas, encryption and decryption is carried out using Deoxyribo
Nucleic Acid (DNA) cryptography and Least Significant Bit (LSB) steganography hiding
principle using MATLAB 2018a tools. The implemented algorithm is more secure and
efficient than the existing algorithms according the performance analysis that have been
done for the developed cryptography algorithm.

Keywords: - Authentication, Cryptography, Least Significance Beat (LSB), DNA

Cryptography, Medical Internet of things, Steganography, One Time Pad

January 10, 2020 7

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
Table of Contents
Declaration ..................................................................................................................................... 2
Acknowledgement .......................................................................................................................... 6
Abstract........................................................................................................................................... 7
Table of Contents ........................................................................................................................... 8
List of Acronyms .......................................................................................................................... 11
List of Figures............................................................................................................................... 12
List of Tables ................................................................................................................................ 13
Chapter One ................................................................................................................................. 14
1. Introduction .................................................................................................................. 14
1.1. Background ..................................................................................................................... 14
1.2. Problem of the Statement .............................................................................................. 18
1.3. Objective of the study .................................................................................................... 19
1.3.1. General Objective .......................................................................................... 19

1.3.2. Specific Objective .......................................................................................... 19

1.4. Scope of the study .......................................................................................................... 20

1.5. Significance of the study ................................................................................................. 20
Chapter Two ................................................................................................................................. 22
2. Literature Review ......................................................................................................... 22
2.1. Cloud Computing ............................................................................................................ 22
2.2. Internet of Things ........................................................................................................... 27
2.3. Medical Internet of Things.............................................................................................. 32
2.4. Cryptography .................................................................................................................. 34
2.4.1. Symmetric Key Cryptography ....................................................................... 35

2.4.2. Public Key Cryptography (PKC) ................................................................... 36

2.4.3. Hash Cryptography Algorithms ..................................................................... 37

2.4.4. DNA Cryptography ........................................................................................ 37

2.5. Steganography ................................................................................................................ 39

January 10, 2020 8

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
2.6. Statistical Tests ............................................................................................................... 43
2.7. Related Literature Survey ............................................................................................... 44
Chapter Three .............................................................................................................................. 46
3. Proposed system Design .......................................................................................................... 46
3.1. Background ......................................................................................................................... 46
3.2. One-Time Pad Secret Key .................................................................................................... 47
3.3. Steganography Module ...................................................................................................... 48
3.3.1. Least Significant Bit (LSB) substitution ............................................................. 48

3.5. Deciphering Module........................................................................................................... 50

3.5.1. Extraction Process ............................................................................................... 50

3.5.2. Deciphering Process............................................................................................ 51

3.6. Key Management and Distribution .................................................................................... 52

Chapter Four ................................................................................................................................ 54
4. Test and Analysis of the New Algorithm ............................................................................... 54
4.1. Overview ............................................................................................................................. 54
4.2. Functionality Test ............................................................................................................... 54
4.3. Repeated Tests ................................................................................................................... 56
Chapter Five ................................................................................................................................. 59
5. Performance analysis of new algorithm ................................................................................. 59
5.1. Overview ............................................................................................................................ 59
5.2. Encryption Performance Metrics ....................................................................................... 59
5.2.1. Encryption time ................................................................................................... 59

5.2.2. Encryption Throughput ....................................................................................... 63

5.2.3. Energy Consumption .......................................................................................... 64

5.3. Steganography Performance Metrics ................................................................................ 66

5.3.1. Encryption Time ................................................................................................. 66

5.3.2. Throughput.......................................................................................................... 67

January 10, 2020 9

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
5.3.3. Utilization Factor ................................................................................................ 68

5.3.4. Mean Square Error (MSE): ................................................................................. 68

5.3.5. PSNR (Peak Signal to Noise Ratio) value ........................................................... 69

Chapter Six ................................................................................................................................... 71

6. Conclusions and Recommendations ...................................................................................... 71
6.1. Conclusion ........................................................................................................................... 71
6.2. Recommendation ............................................................................................................... 72
6.3. Future Work ........................................................................................................................ 72
References ..................................................................................................................................... 73
Appendices .................................................................................................................................... 77

January 10, 2020 10

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
List of Acronyms
AES- Advanced Encryption Standard
AVISPA- Automated Validation of Internet Security Protocols and Applications
CSP- Cloud Service Provider
DNA- Deoxyribose Nucleic Acid
DTLS- Datagram Transport Layer Security
HIPAA- Health Insurance Portability and Accountability Act
IOT- Internet of Things
IP- Internet Protocol
MJEA- Modified Jamal Encryption Algorithm
MSE- Mean Square Error
MSN- Mobile Adhoc Sensor Network
LWC- Lightweight Cryptography
PHI- Patients’ Health Information
RSA- Rivesh Shamir Aldermen
SEA- Secure and Efficient Authentication and Authorization
VSL- Virtual Stenographic Laboratory
WSN- Wireless Sensor Network

January 10, 2020 11

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
List of Figures
Fig 2. 1 IoT health care services and applications ....................................................... 29
Fig 2. 2. The Architecture of Internet of Things for Healthcare ................................ 30
Fig 2. 3. Conceptual illustration of IoT -based pervasive healthcare solution .......... 33
Fig 2. 4. A Simplified Model of Symmetric Encryption Algorithm ........................... 36
Fig 2. 5. Asymmetric / Public Key Cryptography ........................................................ 37
Fig 2. 6. Structure of DNA and Binary Equivalent Value ........................................... 38
Fig 2. 7. Block diagram of steganography process....................................................... 40

Fig 3. 1. Block Diagram of New algorithm ................................................................... 47

Fig 3. 2. Ciphering and Embedding Process of proposed Algorithm......................... 50

Fig 5. 1. New algorithm Encrypting and Hiding Process ............................................ 60

Fig 5. 2. Time elapsed for encryption and Data Size Indicator .................................. 60
Fig 5. 3. AES- LSB encryption and hiding process ...................................................... 61
Fig 5. 4. AES-LSB Time, Round Number, And Data Size Indicator ......................... 61
Fig 5. 5. Encryption Time Vs. Size of Encrypted Data ................................................ 62
Fig 5. 6. Throughput Vs. Data Size ............................................................................... 64
Fig 5. 7. Energy Consumption Vs. Data Size ................................................................ 65
Fig 5. 8. Hidden Data Size Vs. Encryption Time ......................................................... 67
Fig 5. 9. Throughput Vs. Hidden Data Size .................................................................. 68
Fig 5. 10. PSNR value Vs. Embedded Data Size .......................................................... 70

January 10, 2020 12

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
List of Tables
Table 5. 1. Encryption Time Vs. Data Size ................................................................... 62
Table 5. 2. Encryption Throughput Vs. Data Size ....................................................... 63
Table 5. 3. Energy Consumption Vs. Data Size ............................................................ 65
Table 5. 4. Data Size Vs. Embedding Time................................................................... 66
Table 5. 5. Throughput vs hidden data size .................................................................. 67
Table 5. 6. PSNR value of an Image for Varying Data Size ........................................ 69

January 10, 2020 13

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
Chapter One
1. Introduction
1.1. Background
Cloud Computing is defined as a technology that uses the internet and central remote
servers to maintain knowledge and different applications. This technology permits for
efficient computing by cloud server information storage, processing and information
measure. From the user point of view, storing data remotely to the cloud during a versatile
on-demand manner brings appealing advantages like relief of the burden just in case of
universal data access with location independence, storage management, and avoidance of
cost on hardware, components elements and personnel maintenance, etc. the development
of the Internet of Things (IOT) and cloud computing is improving patient safety, employees
satisfaction, and operational efficiency within the medical industry. The combination of
cloud computing into IOT primarily based healthcare technologies should give facilities
via access to share resources, delivering services over the internet and permitting users to
perform normal tasks. Although cloud computing has several advantages, there are several
risks in it. the key risk is providing security to cloud resources and data from unauthorized
access. (Basu, et al., 2018; Rathi, M, M, & T, 2015)

Today, the utilization of technology to enhance the quality of life is becoming a standard
attribute of modern society. When the technology is oriented to improve the Quality of Life
(QoL), it is referred to as the IoT. It allows individuals and objects in the physical world as
well as information and virtual environments to act with one another, therefore realizing
sensible environments such as smart transport systems, smart cities, smart healthcare, and
smart energy as a part of a prosperous digital society (Jayavardhana Gubbi, 2013; Noha,
Nahla, Abdelmageid, & Fatma, 2018).

It is also a new paradigm that provides a collection of the latest services for the next wave
of technological innovations. IoT applications are nearly limitless whereas enabling a
seamless integration of the cyber-world with the physical world. However, despite the large

January 10, 2020 14

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
efforts of standardization bodies, alliances, industries, researchers’ et al, there are still
various issues to deal with so as to reach the complete potential of IoT. These issues should
be considered from numerous aspects like enabling technologies, applications, and
business models, social and environmental impacts and based on integrations of various
processes such as identifying, sensing, networking, and computation. Some other
challenges related to the development of IoT include device identification, addressing,
interoperability, mobility, massive scaling, management, energy efficiency, security,
privacy, etc. Also, future deployments of IoT have to be compelled to fulfill a sustainable
sensible world with the main target on green IoT enabling technologies that is another
major issue (Kiran & Mina, 2018).

Healthcare is one of the most important application areas of IoT. It provides opportunities
for many medical applications like mobile and remote health monitoring. The rising price
of healthcare and the prevalence of chronic diseases around the world urgently demand the
transformation of healthcare from a hospital centered system to a person-centered
environment, with a spotlight on citizens’ illness management also as their well-being. The
IoT revolution is redesigning the latest healthcare with promising technological, economic,
and social prospects. Healthcare is one of the most important application areas of IoT
(Čolaković & Hadžialić, 2018).

Medical care and healthcare represent one among the foremost attractive application areas
for the IoT (Moosavi, et al., 2015). The IoT has the potential to offer rise to several medical
applications like remote health monitoring, fitness programs, chronic diseases, and elderly
care. Compliance with treatment and medication at home and by health care suppliers is
another necessary potential application. Therefore, various medical devices, sensors, and
diagnostic and imaging devices are often viewed as smart devices or objects constituting a
core part of the IoT. IoT-based health care services are expected to reduce costs, increase
the standard of life, and enrich the user’s expertise.

January 10, 2020 15

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
IoT is growing rapidly. In the next several years, the medical sector is predicted to witness
the widespread adoption of the IoT and flourish through new eHealth IoT devices and
applications. Health care devices and applications are expected to deal with vital private
information such as personal healthcare data. In addition, such smart devices may be
connected to international data networks for his or her access anytime, anywhere.
Therefore, the IoT healthcare domain could also be a target of attackers. To facilitate the
full adoption of the IoT in the healthcare domain, it is critical to spot and analyze distinct
features of IoT security and privacy, together with security necessities, vulnerabilities,
threat models, and countermeasures, from the health care perspective (Kiran & Mina,
2018).

Sensitive information like financial transactions, medical and private records is transmitted
through public communication facilities. the safety of the sensitive information poses an
excellent threat by an unintended recipient. Cryptographic and Steganographic techniques
help in ensuring the security of such sensitive information.

Cryptography or cryptology combines Greek words kryptós, meaning "hidden, secret"; and
graphein, means "writing", or -Logia, "study", respectively is the practice and study of
techniques for secure communication in the presence of third parties called adversaries
(Shery Elizabeth Thomas, 2012). A cryptographic system applies encryption on the data
and produces an encrypted output which can be meaningless to an unintended user who
has no knowledge of the key. Knowledge of the key is essential for decryption.
Encryption is a well-known procedure for secured data transmission as it achieves certain
security effects, but makes the secret messages unreadable and unnatural or meaningless.
These unnatural messages usually attract unintended observers’ attention. This is the
reason why a new security approach called steganography comes up (Grasha & Murugan,
2013).

Steganography is the art of hiding the existence of data in another transmission medium
such as image, audio, and video files to achieve secret communication (Phad Vitthal S. B.

January 10, 2020 16

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
R., 2012). The word steganography comes from Greek words such as “stegos” which
means “cover” and “grafia” means “writing” defining it as “covered writing”.
Steganography does not replace cryptography, but rather improves the security using its
obscurity features; a steganographic system, thus embeds hidden information in ordinary
cover media so as not to arouse hacker’s suspicion (Ghada, Mohammed, Safaa, &
Mohamed, 2016).

Cryptography and steganography are not capable of protecting the data alone. To improve
information security and to keep up the secrecy and privacy of information, steganography,
and cryptography alone are not sufficient. Cryptography can be used where steganography
is inefficient and steganography can be used where cryptography is inefficient. Thus, a new
approach of combining both techniques has been proposed by many researchers for secure
storage and transmission of data. The target of cryptography is data protection and the
purpose of steganography is secret communication. Cryptography converts the data into
ciphertext that can be in an unreadable format to the normal user where steganography
hides the existence of message by embedding data into some other digital media (Shristi
Mishra, 2015).

DNA cryptography is a process of securely hiding data in DNA sequences, it is explaining

the use of DNA as an information carrier also explain the use of modern biotechnology as
a measure to convert plaintext to ciphertext. Properties of DNA are appointed for several
sciences and cryptographic purposes. Biological complexity and computing difficulties
provide twofold security safeguards and make it difficult to penetrate (El-Moursy,
Mohammed, & Ahmad, 2018; Sally & Mohmood, 2018).

January 10, 2020 17

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
1.2. Problem of the Statement
Due to the worldwide and open nature of the internet, some confidential data might be
stolen, copied, modified, or destroyed by an unintended observer. Protection from attacks
of the human life-critical, sensitive data being transferred over the unsecured environment
in applications such as remote health monitoring systems is important since disclosure of
such information in an unprotected condition can lead to misuse by malicious entities or
attackers for intentional alteration of health data of specific patients, leading to wrong
diagnosis and treatment. Attackers can also deliberately generate false alarms or suppress
real alarms raised by the system in case of emergencies. Moreover, due to the disclosure
of health-related sensitive information, economic and social discrimination against patients
can happen. In addition to the loss of privacy and abuse of information, attackers can
restrict a user's access to his/her files or encrypt the files demanding payment to restore the
access (G. Thamilarasu, 2016). Therefore, security problems become an essential issue.

Nowadays many medical images and patient information are transferred between different
parties to be reviewed and evaluated by physicians who are geographically apart. Any
illegal modification during this information during transmission may result in wrong
assumptions and wrong diagnosis. Therefore, the security of medical data and patient
information has always been a major concern (Salameh, 2018).

In order to prevent the private medical data in the internet of things (IoT) field, the search
for the optimal encryption algorithm is a must. Electronic sensors are used to collect
medical information from the patient's body getting its transmission to the healthcare
system securely. it's essential to make sure trust and data secrecy from the starting point-
sensors throughout the medical treatment to prevent any unauthorized access or unneeded
interruption. Thus, data encryption from the beginning sensors is necessary but facing all
limitations in computing complexity, power consumption and communication bandwidth
(Norah, Basem, & Adnan, 2017). In addition to that, the biggest problem facing most
security measures is that the encryption algorithm consumes lots of time, this may result in

January 10, 2020 18

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
dangerous delay putting the patient health potentially at risk or it may lead, in the worst
case, to lose the patient life.

The patient’s information is first encrypted using Advanced Encryption Standard

Algorithm (AES) and then the encrypted data is hided in a medical image using image
steganography by Least Significant Bit Algorithm (LSB). This hided data in the cover
image is sent to the intended receiver (Nayana Banjan, 2018). The use of AES is complex
to implement in end healthcare sensors because it requires much amount of time for
computation, requires much memory.

In this thesis, we developed a security system that combines DNA cryptography and LSB
steganography techniques to provide a secure distribution and authentication for patient
information to the other party over the un-secure channel to protect it against attackers.
Here the secret medical data is first converted to their ascii value representation then
encoded to DNA bases. Steganography hides the existence of medical information by
hiding it in image so it can maintain the integrity of the information.

1.3. Objective of the study

1.3.1. General Objective
The general objective of this thesis is secure medical information using a combination of
DNA cryptography and LSB steganography

1.3.2. Specific Objective

➢ Authenticate Sender and Receiver using Diffie and Hellman algorithm

➢ Encrypt plaint text using One-Time Pad key

➢ Hiding Cipher Text by using LSB Steganography make stego Object

➢ Steganalysis the stego object to obtain cipher text

➢ Decrypt cipher text using the same One-Time Pad key used at encryption before

➢ implement the proposed security mechanism

January 10, 2020 19

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
➢ Evaluate the proposed system using test parameters.

1.4. Scope of the study

The scope of the study, based on the objective of this thesis, is to design and implement
data hiding algorithm using cryptography and steganography techniques and undergo
performance analysis. It can be generalized by:
➢ The sender and receiver authenticate each other to share one-time pad key before
data can be encrypted
➢ Secret medical data is first converted to their ascii value representation then
encoded to DNA bases where the data is written using English letters, symbol,
Arabic number.
➢ Hiding and extraction algorithm will be developed using the LSB steganography
technique and the image extension .JPEG (Joint Photographic Experts group)
because it has low risk of attack
➢ The operations of the developed algorithms will be tested using known standards
➢ DNA encryption and decryption algorithms will be developed using its one-time
pad secret key
➢ The performance of the developed security mechanism is measured using some
performance measuring matrices.
➢ The performance of the developed algorithm is measured using PSNR, MSE

1.5. Significance of the study

The researcher reviews the main security issues and existing solutions in Medical IOT,
particularly in which medical device sensors secure their data is not addressed. In this
thesis the target is to reduce risk of medical information theft, because of the patient data
collected and stored via connected healthcare devices is extremely sensitive and valuable
to hackers and they can use the stolen data for blackmail or medical identity theft. As the
number of cyber-attacks and data breaches continue to rise in healthcare, organizations and
their Protected Health Information (PHI) are increasingly targeted.

January 10, 2020 20

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
Security of the healthcare and patient records has continually been necessary, but now,
more than ever, healthcare organizations need to put cybersecurity strategies in place in
order to combat against these ever-evolving threats.

The medical sensors are considered as an easy target to exploit where its affect is very
catastrophic reaching murderous life death problems. The inaccessibility to patient record
at the ideal time can prompt death toll and also well degrade the level of health care services
rendered by the medicinal professionals. Among other sectors such as academic, banking
and finance, medical sector is not an exception in experiencing cyber-attack as patient
health data are also stored and shared electronically through the internet. The intrusion and
stealing of patient data automatically affect the service offered at the health care centers
and thus, poses threat to life of the patient.

January 10, 2020 21

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering

Chapter Two
2. Literature Review
2.1. Cloud Computing
Cloud computing is defined by the National Institute of Standards and Technology
(NIST) as : “Cloud computing is a model for enabling convenient, on-demand network
access to a shared pool of configurable computing resources (e.g., networks, servers,
storage applications and services) that can be rapidly provisioned and released with
minimal management effort or service provider interaction” (Wid Akeel Awadh, 2019).
It is a set of Information Technology (IT) services that are provided to a customer over a
network on a leased basis and with the ability to scale up or down their service requirements.
Usually cloud computing services are delivered by a third-party provider who owns the
infrastructure. Its advantages to mention but a few include scalability, resilience, flexibility,
efficiency and outsourcing non-core activities (Shade, Awudele, & F, 2014).

Cloud computing is a rapidly maturing technology that has given rise to a lot of recent
innovations. As a delivery model for IT services, its capacity to stimulate growth by
providing ready-made environments for various forms of development is unparalleled. Its
very nature, however makes it open to a variety of security issues that can affect both the
providers and consumers of these cloud services. Cloud computing, also known as on-
demand computing, is a form of internet-based computing that allows end users to share
information and resources (Worlanyo, A Survey of Cloud Computing Security: Issues,
Challenges and Solutions, 2015).

Cloud computing can be quickly provisioned and released with negligible management
exertion or service provider interaction. Even though organizations get many benefits of
cloud computing services, many organizations are slow in accepting cloud computing
service model because of security concerns and challenges associated with the management
of this technology. Security, being the major issues, which hinder the growth of cloud

January 10, 2020 22

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
computing service model due to the provision of handling confidential data by the third
party is risky such that the consumers need to be more attentive in understanding the risks
of data breaches in this new Environment (Aithal & S., 2017).

Cloud Computing (CC) is fast becoming well known in the computing world as the latest
technology. CC enables users to use resources as and when they are required. Mobile
Cloud Computing (MCC) is an integration of the concept of cloud computing within a
mobile environment, which removes barriers linked to the mobile devices’ performance.
Nevertheless, these new benefits are not problem-free entirely. Several common problems
encountered by MCC are privacy, personal data management, identity authentication, and
potential attacks. The security issues are a major hindrance in the mobile cloud
computing’s adaptability (Mojtaba Alizadeh, 2014).

Cloud Computing is defined as a technology which uses the internet and central remote
servers to maintain data and other applications. This technology allows for efficient
computing by centralized data storage, processing and bandwidth (Rathi, M, M, & T, 2015).
The present “cloud-based internet of things (IoT) frameworks” are facing the challenges
because of digital improvement from the “Artificial Intelligence, Tactile Internet, IoT,
Virtual Reality, and 5G provisions”. These require “low latency access” that is normally
attained by moving computation towards the edge of the network. The IoT sensors used to
generate the data management is the main issue faced when deploying an IoT framework.
These services might be poised to take benefit of the complimentary profits in both
structures. In the current smart world, smart deployment, interrelated gadgets will be
assessed to reach 50 billion units by 2020. Information from “cars, hospitals, newly-
connected factories, homes, communities, and more” is probable to develop from “1.1
Zetta bytes per year from 2016 to 2.3 Zetta bytes per year by 2020”. There is a developing
advancement in IoT methodology with new applications and opportunities evolving in
industries like “smart home, manufacturing, healthcare, and agriculture (Raghavendran,
2018 ).

January 10, 2020 23

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
Now-a-days Healthcare Sectors to create a cloud computing environment to obtain a
patient's complete medical record. This environment reduces time consuming efforts and
other costly operations and uniformly integrates collection of medical data to deliver it to
the health care specialists. Electronic Health Records have been usually implemented to
enable healthcare providers and patients to create, manage and access healthcare
information from at any time and any place. Cloud environment provides the essential
infrastructure at lower cost and improved quality. The Healthcare sector reduces the cost
of storing, processing and updating with improved efficiency and quality by using Cloud
computing. But today the security of data in cloud environment is not adequate. The
electronic health record consists of images of the patient’s record which is very confidential.
The Electronic Health Records in the healthcare sector include the scan images, X-rays,
DNA reports etc., Which are considered as the patient’s private data. It requires a very high
degree of privacy and authentication. So, providing security for a large volume of data with
high efficiency is required in a cloud environment. Now a days a healthcare environment
needs an infrastructure which reduces time consuming efforts and costly operations to
obtain a patient’s complete medical record and uniformly integrates a collection of medical
data to deliver it to the healthcare professionals. Electronic health records to enable
healthcare providers, insurance companies and patients to create, manage and access
healthcare information in any situations. All the healthcare industries need to handle more
requests with the available resources. The main objective of all the healthcare organization
is to increase the number of people getting access to health care services (R. Josephius
Arunkumar, 2017) .

The Cloud Computing model has three main deployment models which are (Shade,
Awudele, & F, 2014):
Private cloud
A private cloud is a new term that some vendors have recently used to describe offerings
that emulate cloud computing on private networks. Only the organization and designated
stakeholders may have access to operate on a specific Private cloud.

January 10, 2020 24

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
Public cloud
Public cloud describes cloud computing in the traditional mainstream sense, whereby
resources are dynamically provisioned on a fine-grained, self-service basis over the
Internet, via web applications or web services, from an off-site third-party provider who
shares resources and bills on a fine-grained utility computing basis.
Hybrid cloud
Hybrid cloud is a private cloud linked to one or more external cloud services, centrally
managed, provisioned as a single unit, and circumscribed by a secure network. It provides
virtual IT solutions through a mix of both public and private clouds. Hybrid Cloud provides
more secure control of the data and applications and allows various parties to access
information over the Internet. It also has an open architecture that allows interfacing with
other management systems.
Cloud Service Models
Different services give rise to different security concerns, and may even lead to different
parties being responsible for handling said concerns.
Infrastructure as a Service (IaaS)
In this model, the vendor provides physical computer hardware, including data storage,
Central Processing Unit (CPU) processing and network connectivity. The vendor may
share their hardware among multiple Cloud Service Customers (CSC) by using
virtualization software. IaaS allows customers to run, control and maintain operating
systems and software applications of their choice, but the vendor typically controls and
maintains the physical computer hardware. This leads to the customer being more
responsible for handling their own data security with the vendor being more responsible
for physical security
Platform as a Service (PaaS)
In this model, the vendor provides not only Infrastructure as a Service, but also the
operating systems and server applications that their customers use. PaaS lets customers use
the vendor's cloud infrastructure to deploy user made web application software. Typically,
the vendor controls and maintains the physical computer hardware, operating systems and

January 10, 2020 25

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
server applications while the customer only controls and maintains their developed
software applications. Customers would therefore be mainly responsible for any security
exploits that could target their applications, while the vendor is not only responsible for
physical security, but also for any security exploits that could target network connections,
data storage and data access.
Software as a Service (SaaS)
In this model, the vendor provides customers with software applications using their cloud
infrastructure and cloud platforms. These end user applications are typically accessed by
users via a web browser, as such there is no need to install or maintain additional software.
The vendor typically controls and maintains the physical computer hardware, operating
systems and software applications while the customer only controls and maintains certain
application configuration settings specific to them (Worlanyo, 2015).

There are a number of areas that are at risk of being compromised and hence must be
secured when it comes to cloud computing. Each area represents a potential attack vector
or source of failure. By risk analysis, five key such areas have been identified (Čolaković
& Hadžialić, 2018), (Wencheng Sun, 2018):

Organizational Security Risks

Organizational risks are categorized are categorized as the risks that may impact the
structure of the organization or the business as an entity. If a Cloud Service Provider (CSP)
goes out of business or gets acquired by another entity, this may negatively affect their
CSCs since any Service Level Agreements (SLA) they had may have changed and they
would then have to migrate to another CSP that more closely aligns with their needs. In
addition to this, there could be the threat of malicious insiders in the organization who
could do harm using the data provided by their CSCs.

Physical Security Risks

The physical location of the cloud data center must be secured by the CSP in order to
prevent unauthorized on-site access of CSC data. The Even firewalls and encryption cannot

January 10, 2020 26

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
protect against the physical theft of data. Since the CSP is in charge of the physical
infrastructure, they should implement and operate appropriate infrastructure controls,
including staff training, physical location security, network firewalls. It is also important
to note that the CSP is not only responsible for storing and processing data in specific
jurisdictions, but is also responsible for obeying the privacy regulations of those
jurisdictions.

Technological Security Risks

These risks are the failures associated with the hardware, technologies and services
provided by the CSP. In the public cloud, with its multi tenancy features, these include
resource sharing, isolation problems, and risks related to changing CSPs, i.e. Portability.
Regular maintenance and audit of infrastructure by CSP is recommended.

Compliance and Audit Risks

These are risks related to the law. That is, risks related to lack of jurisdiction information,
changes in jurisdiction, illegal clauses in the contract and ongoing legal disputes. For
example, depending on location, some CSPs may be mandated by law to turn over sensitive
information if demanded by government.
Data Security Risks
There are a variety of data security risks that we need to take into account.
2.2. Internet of Things
Internet of Things (IoT) refers to a recent paradigm that has rapidly gained ground in the
area of modern wireless telecommunications. IoT is then a new technological trend gaining
new computing and communications paradigms. IoT enables people and objects in the
physical world as well as data and virtual environments to interact with each other, hence
realizing smart environments such as smart transport systems, smart cities, smart
healthcare, and smart energy as part of a prosperous digital society. Intelligence algorithms
analyze the m-health data in real-time to identify certain patterns and raise different alert
levels, such as normal, cautious, emergency, etc. Depending upon the condition of the

January 10, 2020 27

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
observed patients. In IoT-based healthcare applications, security and privacy are among
the major areas of concern as most devices and their communications are wireless in nature.
Due to the direct involvement of humans in IoT-based healthcare applications, providing
robust and secure data communication among healthcare sensors, actuators, patients, and
caregivers are crucial. Misuse or privacy concerns may restrict people to utilize IoT-based
healthcare applications. Conventional security and protection mechanisms, including
existing cryptographic solutions, secure protocols, and privacy assurance cannot be re-used
due to resource constraints, security level requirements, and system architecture of IoT-
based health care systems. To mitigate the aforementioned risks, strong network security
infrastructures for short or long-range communication are needed (Kiran & Mina, 2018).

Health care is one of the most important application areas of IoT. It provides opportunities
for several medical applications such as mobile and remote health monitoring. IoT is then
a new technological trend gaining new computing and communications paradigms. Within
this new trend, there are intelligent devices that have a digital entity and are ubiquitously
interconnected on a network and to the global Internet. Everyday objects may integrate
intelligence and the ability to sense, interpret and react to their environment, combining the
Internet with emerging technologies such as Radio frequency Identification (RFID), real-
time location and embedded sensors (Kiran & Mina, 2018).

The Internet of Things (IoT) makes smart objects the ultimate building blocks in the
development of cyber-physical smart pervasive frameworks. The IoT has a variety of
application domains, including health care. The IoT revolution is redesigning modern
health care with promising technological, economic, and social prospect. Therefore,
introducing automation is conceivable in nearly every field. The IoT provides appropriate
solutions for a wide range of applications such as smart cities, traffic congestion, waste
management, structural health, security, emergency services, logistics, retails, industrial
control, and health care. IoT-based health care services are expected to reduce costs,
increase the quality of life, and enrich the user’s experience. From the perspective of
healthcare providers, the IoT has the potential to reduce device downtime through remote

January 10, 2020 28

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
provision. In addition, the IoT can correctly identify optimum times for replenishing
supplies for various devices for their smooth and continuous operation (S. M. Riazul Islam,
2015).

Fig 2. 1 IoT health care services and applications

IoT has been shown as a big potential for qualifying and improving healthcare services;
such as monitoring at anytime and anyplace. These services acquire various bio-signals
using different sensors, including electroencephalogram (EEG), electrocardiogram (ECG),
electrical signal of the heart, electromyogram (EMG), electrical signal of muscles,
Respiratory Rate (RR), and body motion. The collected information from these sensors can
be processed, stored, or broadcast to a remote device (e.g. Cloud server). Healthcare uses
IoT for real-time tracking of patients and medical devices (Noha, Nahla, Abdelmageid, &

January 10, 2020 29

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
Fatma, 2018). Here is data transfer from sensor to remote server is vulnerable to many
security attacks.

IoT-based health care systems involve a number of technologies that allow IoT devices to
obtain data from the physical world and broadcast to cloud server; such as wireless medical
sensors, Radio Frequency Identification (RFID), Cloud Computing, Near Field
Communication (NFC), Big data, Integrated IPv6 core network, Wi-Fi, ZigBee, Bluetooth,
two-dimensional code equipment.

Fig 2. 2. The Architecture of Internet of Things for Healthcare

Perception Layer: In this layer, devices and medical sensors are connected together for
patients. It is responsible for converting patient’s data into signals that can be transmitted
in networks and read by medical applications. This layer needs Standardized plug and-play
mechanisms to configure heterogeneous devices. Moreover, it needs secure channels to
digitize and transfer data between other layers.

January 10, 2020 30

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
Networking Layer: This layer is responsible for transferring the gathered patient’s data
from medical sensors and devices to the cloud or any data processing system through
various technologies such as RFID, LTE, LTE-A, GSM, UMTS, Wi-Fi, Bluetooth,
infrared, ZigBee, etc.

Management layer: This layer enables the IoT healthcare applications to work with
heterogeneous devices without consideration to a specific hardware platform. In addition,
this layer processes the data which received from the Application layer, manages the
overall IoT health care system, makes decisions, and delivers the required services over the
network wire protocols.

Security Layer: There are vast amounts of sensitive patient’s data crossing the IoT
healthcare network every minute. Monitoring and controlling these data and the underlying
layers are achieved at this layer of IoT network. This layer is extremely important for IoT,
it's responsible for data handling, data administration, service subscriptions, data transfer,
data access control, and identity protection. Moreover, this layer should achieve the IoT
high-level security requirements which are: (1) Data Confidentiality: It ensures that the
exchanged messages can be understood only by the intended entities. (2) Data Integrity: It
ensures that the exchanged messages were not altered/tampered with by a third party. (3)
Authentication: It ensures that the entities involved in any operation are who they claim to
be. A masquerade attack or an impersonation attack usually targets this requirement where
an entity claims to be another entity. (4) Availability: It ensures that the service is not
interrupted. Denial-of-service attacks target this requirement as they cause service
disruption. (5) Authorization: It ensures that entities have the required control permissions
to perform the operation they request to perform. (6) Freshness: It ensures that the data is
fresh. Replay attacks target this requirement where an old message is replayed in order to
return an entity into an old state. (7) Non-Repudiation: It ensures that an entity can’t deny
an action that it has performed. (8) Forward and Backward Secrecy: Forward secrecy
ensures that when an entity leaves the network, it will not understand the communications
that are exchanged after its departure. Backward secrecy ensures that any new entity that

January 10, 2020 31

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
joins the network will not be able to understand the communications that were exchanged
prior to joining the network

Application Layer: Healthcare providers and patients can interact with devices and query
for interesting data and different services via this layer by using healthcare application. It
also provides an interface to the management Layer where high-level analysis and reports
can be produced. This layer performs complex and enormous computational needs so it is
hosted on powerful devices. In other words, this layer provides a common set of services
that enables a healthcare application to interface with potentially any device without
understanding a priori the specifics and internals of that device. Moreover, patients’ data
must be secured during transfer, accessing, and storing (Noha, Nahla, Abdelmageid, &
Fatma, 2018).

2.3. Medical Internet of Things

Medical Internet of Things, also well known as MIoT, is playing a more and more
important role in improving the health, safety, and care of billions of people after its
showing up. Instead of going to the hospital for help, patients’ health-related parameters
can be monitored remotely, continuously, and in real time, then processed, and transferred
to the medical data center, such as cloud storage, which greatly increases the efficiency,
convenience, and cost performance of healthcare. The amount of data handled by MIoT
devices grows exponentially, which means higher exposure of sensitive data. The security
and privacy of the data collected from MIoT devices, either during their transmission to a
cloud or while stored in a cloud, are major unsolved concerns (Wencheng Sun, 2018).

The IoT network for healthcare (IoThNet) is an important component of the Healthcare
IoT. It provides strength to the IoT, aids in the communication of health information, and
permits personalized communication in healthcare. These IoT-based healthcare
applications and devices are predicted to be packed with important information, including
personal health care information. Furthermore, these kinds of devices can be connected to
the global information network—access will be available anywhere and anytime. However,

January 10, 2020 32

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
this makes IoT-based healthcare a target for hackers. It is both essential and extremely
valuable to analyze and recognize the different features of IoT privacy and security,
vulnerabilities, countermeasures, and the security requirements from the healthcare point
of view to enable the IoT to adapt to these challenges (Syed Tauhid Ullah Shah, 2019).

Computational Limitations: Normally, IoT-based healthcare devices contain low speed

processing units. The core of these devices (the central processing unit [CPU]) is not very
influential in terms of performance and speed and does not perform the expensive
computational operations. Memory Limitations: The majority of devices are equipped
with a lower amount of built-in memory and can be activated with an embedded operating
system (OS). Energy and Mobility Limitations: IoT-based healthcare devices are
dynamic and equipped with small health devices and batteries. As various networks have
different configurations and settings, a mobility–complement security algorithm is
required.

Fig 2. 3. Conceptual illustration of IoT -based pervasive healthcare solution

January 10, 2020 33

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
2.4. Cryptography
Cryptography is one of the traditional methods used to guarantee the privacy of
communication between parties. This method is the art of secret writing, which is used to
encrypt the plaintext with a key into ciphertext to be transferred between parties on an
insecure channel. Using a valid key, the ciphertext can be decrypted to the original
plaintext. Without the knowledge of the key, nobody can retrieve the plaintext.
Cryptography plays an essential role in many factors required for secure communication
across an insecure channel, like: confidentiality, privacy, non-repudiation, key exchange,
and authentication (Ahmed AL-Shaaby, 2017).

There are many applications and aspects of security. One essential aspect for secure
communications is that of cryptography. Cryptography scrambles the secret message to
protect it from attacks and is related to aspects of information security such as
confidentiality, data integrity, entity authentication, and data origin authentication
(Stallings, 2006), (Phad Vitthal S. B. R., 2012).

Cryptography is about constructing and analyzing protocols that prevent third parties or
the public from reading private messages; aspects of information security such as data
confidentiality, data integrity, authentication, and non -repudiation are central to modern
cryptography. Modern cryptography exists at the intersection of the disciplines of
mathematics, computer science, electrical engineering, communication science, and
physics. Applications of cryptography include electronic commerce, chip-based payment
cards, digital currencies, computer passwords, and military communications (Nayana
Banjan, 2018).

Cryptography protects information by transforming it into an unreadable format. Only

those who possess a secret key can decipher the cipher text into plain text. Frequently used
encryption methods include AES, RSA, and DES (Hamdan. O. Alanazi, 2016). Among
them, AES is one of the most powerful technique which uses symmetric key cryptography.

January 10, 2020 34

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
The three commonly used encryption algorithms are (Stallings, 2006), (Phad Vitthal S. B.
R., 2012)

1. Symmetric Algorithm or Private Key: Uses a single key for both encryption and
decryption.
2. Asymmetric or public key Algorithm: Uses one key for encryption and another
for decryption example RSA
3. Hash Functions: Uses a mathematical transformation to irreversibly encrypt
information.

Private Key cryptography algorithms, such as DES, 3DES, and AES use the same key of
the sender and receiver to encrypt the plaintext and decrypt the cipher text. Private Key
cryptography is more suitable for the encryption of a large amount of data. Public key
cryptography, such as the RSA or Elliptic Curve algorithms, uses different keys for
encryption and decryption.

2.4.1. Symmetric Key Cryptography

Symmetric encryption commonly known as conventional encryption is a form of
cryptosystem in which encryption and decryption are performed using the same key,
Symmetric encryption transforms plain text into cipher text using one secret key and an
encryption algorithm. Using the same key and a decryption (reversed encryption)
algorithm, the plaintext is recovered from the cipher text (Stallings, 2006), (Ahmed AL-
Shaaby, 2017).

A symmetric encryption algorithm consists of five major components:

➢ Plaintext: the original message to be encrypted with the algorithm.
➢ Encryption algorithm: which performs various substitutions and transformations
on the plaintext.
➢ Secret key: input to the encryption algorithm to control the conversion of plain
text to cipher text and it is independent of the algorithm and plain text.

January 10, 2020 35

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
➢ Cipher Text: This is the scrambled message produced as output. It depends on
the plaintext and the secret key.
➢ Decryption algorithm: the reverse of encryption algorithm to produce the original
plaintext from the cipher text using the secret key

Fig 2. 4. A Simplified Model of Symmetric Encryption Algorithm

2.4.2. Public Key Cryptography (PKC)

Public key cryptography is an asymmetric scheme that uses a pair of keys, uses a public
key for encryption process of secretes data, and a corresponding private, or secret key for
decryption process. In this practice pair of keys required for the process. It is
computationally infeasible to deduce the private key from the public key. Anyone who has
a public key can encrypt information, but cannot decrypt it. Only the person who has the
corresponding private key can decrypt the information (Mehndiratta, 2017), (Ahmed AL-
Shaaby, 2017).

January 10, 2020 36

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering

Fig 2. 5. Asymmetric / Public Key Cryptography

2.4.3. Hash Cryptography Algorithms

A cryptographic hash algorithm is a one-way function that is impossible to invert used
normally for integrity purposes. It takes data with various lengths as input, then extracts
the output with fixed length. Different hash functions are used to find whether a message
have been changed by the attacker or not. The most common cryptographic hash functions
used are Message Digest (MD) and Secure Hash Algorithm (SHA) (Norah Alassaf,
2017).

2.4.4. DNA Cryptography

DNA stands for Deoxyribo Nucleic Acid which, represents the genetic blueprint of living
creatures. Every cell in the human body has a complete set of DNAs. DNA is a double
helical structure with two strands running anti parallel, each is made of building blocks
called nucleotides. Three components make up a nucleotide: Four Bases, a deoxyribose
sugar and a phosphate group. Each nucleotide contains a single base and there are four
kinds of bases, which are adenine (A) and thymine (T) or cytosine (C) and guanine (G),

January 10, 2020 37

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
the pairs as (A, T) as well as (C, G) are complement each other corresponding to four kinds
of nucleotides. It stores all the information about the body features of any organism.
Deoxyribo Nucleic Acid (DNA) is the hereditary material of almost entire living organisms
ranging from very small viruses to complex human beings It is unique for each individual.
These bases and bonding play an important role in DNA processes like DNA computing
and DNA cryptography (Fazal Noorbasha, 2019) (Beenish Anam, Hossain, & Dahal,
2010).

Fig 2. 6. Structure of DNA and Binary Equivalent Value

DNA cryptography is the latest cryptographic methods where the natural process of DNA
formation has been used to encrypt information and then retrieve them by decrypting it.
The biological structure of DNA is such that once information has been coded into the
basic forms of the four nitrogen bases, the process of protein formation. The DNA
Cryptography can be used as the strong algorithm for data security as its cracking time and
key generation are so designed that it seems the time taken to decrypt the ciphered data is
quite impossible for a life time.

(Grasha & Murugan, 2013), introduced the first trial of DNA based Cryptography in which
a substitution method using libraries of distinct one-time pads, each of which defines a

January 10, 2020 38

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
specific randomly generated, pair-wise mapping and an XOR scheme utilizing molecular
computation and indexed, random key strings are used for encryption

DNA cryptography is a new born cryptography, in which DNA is used as information

carrier and the modern biological technology is used as implementation tool, and the vast
parallelism, exceptional energy efficiency and extraordinary information density inherent
in DNA molecules are explored for cryptographic purposes such as encryption,
authentication, signature, and so on. DNA cryptography involves enciphering the plaintext
using DNA computational techniques. Most of the cryptographic algorithms involve a
large memory and computations like, One Time Pad in which there are non-repeating very
large text pads, this technique will be very useful. A gram of DNA contains 1021 DNA
bases and can store 108 terabytes of memory (Terec, Mircea, Alboaie, & Chiorean, 2011)

DNA cryptography is a new and promising field in information security. It combines

classical solutions in cryptography with the strength of the genetic material. Nowadays,
DNA has started to be used as a new data carrier as an effective and reliable data storage.
The bio-molecular computational abilities of DNA are exploited by means of cryptography
and stenography in order to develop high capacity secured algorithms with low cracking
probability. Security of sensitive information at the time of transmission over public
channels is one of the critical issues in digital society. The DNA-based cryptography
technique is a new paradigm in the cryptography field that is used to protect data during
transmission (Hassan Al-Mahdi, 2019). In this thesis work the DNA cryptography is used
as for encryption and decryption.

2.5. Steganography
Steganography is the practice of concealing a file, message, image, or video within another
file, message, image, or video. The word steganography combines the Greek words
Steganos, meaning "covered, concealed, or protected", and graphein meaning "writing". It
is a technique which is used to hide the existence of the message. Possible carriers, which
are mostly used are images, audio-visual, manuscript (Nagpal, 2018).

January 10, 2020 39

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
Steganography is becoming a standard practice for both cloud users and cloud service
providers as a mechanism against unauthorized surveillance. Steganography refers to
writing hidden messages in a way that only the sender and receiver have the ability to safely
know and transfer the hidden information in the means of communications (Wid Akeel
Awadh, 2019).

Fig 2. 7. Block diagram of steganography process

Steganography hides the existence of the communication, whereas cryptography scrambles

a message to make the information difficult to understand so that it does not make sense to
anyone except the creator and the recipient. Cryptography assures privacy whereas
Steganography assures secrecy. Steganographic systems can be measured by three basic
criteria: capacity, security, and robustness (Hemachandran, 2012) (PriaBharti, 2012).

Capacity: It is defined as the maximum length of a secret message. It can be specified in

absolute terms (bits) for a given cover, or as relative to the number of bits required to store
the resulting stego-object. The capacity depends on the embedding function, and may also

January 10, 2020 40

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
depend on the properties of the cover. The more data an image can carry, the better it is;
however, large embedded data may degrade image quality significantly.

Steganographic Security: The purpose of steganographic communication is to hide the

mere existence of a secret message. Therefore, unlike cryptography, the security of a
steganographic system is judged by the impossibility of detecting rather than by the
difficulty of reading the message content. However, steganography builds on cryptographic
principles for removing a recognizable structure from message content, and to control
information flows by the distribution of keys.

Robustness: The term robustness stands for the difficulty of removing hidden information
from a stego-object. While removal of secret data might not be a problem as serious as its
detection, robustness is a desirable property when the communication channel is distorted
by random errors (channel noise) or by systematic interference with the aim to prevent the
use of steganography. The amount of distortion can be further specified by specific (e.g.,
parameters of the noise source) or generic (e.g., peak signal-to-noise ratio, PSNR)
distortion measures.

The most common types of Steganography techniques include:

Video steganography: In this type of steganography used Video format to hide secret
information. Where Video files consist of a collection of images and audio. The use of
video steganography is preferable to the other multimedia files because it is more effective
and efficient in hiding information within information. In general, most of the proposed
techniques on audio and images can be implemented to video files as well. Many types of
video files can be used such as H.264, Mp4, MPEG, AVI or other video formats (Wid
Akeel Awadh, 2019).

Text steganography: Embedding secret information in a text file is known as text

steganography. This method is used to store text file only therefore the required memory
is less. In text steganography, a number of white spaces, tabs and capital letters are used to

January 10, 2020 41

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
perform message hiding. This type of steganography is not commonly used because text
files containing a large amount of redundant data (Awadh, 2016)

Protocol steganography: In this technique, the secret information is embedded within

network protocols such as TCP, UDP, ICMP and IP, where protocol is used as a carrier. A
network packet consists of packet headers, user data and packet trailers. Thus,
steganography can be used in some layers of the network model. This term is known as
protocol steganography (Dimitrova, 2017).

Image steganography: Digital images are popular over the Internet because they are
mostly used as the cover object for steganography. In this type, a secret message is hidden
in a digital image using an algorithm through a secret key to create a stego image.
Generally, pixel intensities are used to hide secret information (N. Sandeep, 2018)

Most techniques used in image steganography: -

Least Significant Bits (LSB): Simple method in which the least significant bits of the
bytes in an image is replaced by bits of secret message. A large amount of data can be
embedded by LSB without observable changes. Very effective, easy to implement, takes
very less space but it has low imperceptibility.

Spatial-Domain Steganalytic System (SDSS) and Frequency-Domain Steganalytic

System (FDSS): In SDSS spatial domain statistic features are used for checking the
lossless compressed
images whereas in FDSS Discrete Cosine Transformation (DCT) is analyzed for detecting
JPEG segos images.
Transform Domain Techniques: It is more robust against various attacks. It uses the
significant region of the cover image to hide the secret information. There are number of
transform domain techniques such as DCT, Discrete Wavelet Transform (DWT), and
Discrete Kekre Transform (DKT) etc. DCT is the most widely used. The formats of image
used in this LSB substitution are lossless compression so that the data can be directly
manipulated and recovered. Lossless data compression makes use of data compression

January 10, 2020 42

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
algorithms that allows the exact original data to be reconstructed from the compressed data.
One of the most important features of lossless compression is to maximize the embedding
capacity. Thus, employing the LSB technique for data hiding achieves both invisibility
and reasonably high storage payload. In addition, the advantages of LSB based data hiding
method is that it is the most common type of substitution technique and simple to embed
the bits of the message directly into the LSB plane of image The LSB modification
does not result in image distortion and thus the resulting stego-image will look
identical to the cover image.

The purpose of the Diffie-Hellman protocol is used to enable two users to exchange a
secret key securely that can then be used for subsequent encryption of messages. It is a
cryptographic protocol that allows two parties that have no prior knowledge of each other
to establish together a shared secret key over an insecure communications channel. the
Diffie-Hellman algorithm has two attractive features: The first Secret keys are created only
when needed. There is no need to store secret keys for a long period of time, exposing them
to increased vulnerability. The second one is to exchange requires no preexisting
infrastructure other than an agreement on the global parameters (Li, 2010).

2.6. Statistical Tests

Various statistical tests are often applied to a sequence to aim to compare and evaluate the
sequence to a really random sequence. Randomness may be a probabilistic property; that's,
the properties of a random sequence can be characterized and described in terms of
probability. The likely outcome of statistical tests, when applied to a very random
sequence, is known a priori and can be described in probabilistic terms (III, Revised: April
2010).

The NIST Test Suite is a statistical package consisting of 15 tests that were developed to
test the randomness of (arbitrarily long) binary sequences produced by either hardware or
software based cryptographic random or pseudorandom number generators. These tests

January 10, 2020 43

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
focus on a variety of different types of non-randomness that could exist in a sequence.
Some tests are decomposable into a variety of subtests. The 15 tests are:

1. The Frequency (Monobit) Test,

2. Frequency Test within a Block,
3. The Runs Test,
4. Tests for the Longest-Run-of-Ones in a Block,
5. The Binary Matrix Rank Test,
6. The Discrete Fourier Transform (Spectral) Test,
7. The Non-overlapping Template Matching Test,
8. The Overlapping Template Matching Test,
9. Maurer's "Universal Statistical" Test,
10. The Linear Complexity Test,
11. The Serial Test,
12. The Approximate Entropy Test,
13. The Cumulative Sums (Cusums) Test,
14. The Random Excursions Test, and
15. The Random Excursions Variant Test.

2.7. Related Literature Survey

The authors Varsha and R. Singh Chhillar (Varsha & Rajender, 2015) argued that RSA
algorithm is used to encrypt the secret message and LSB technique for image
steganography is used to hide the encrypted message. Initially, the message is encrypted
and divided in two parts. The first part of the encrypted message is xored with odd position
and second part with even position of LSB+1. Finally, the xored encrypted message is
being hidden on LSB position.

Researchers Sajisha K S and Dr. Sheena Mathew (Sajisha & Sheena, 2017) observed that
DNA is explored as a new carrier for data security since it achieves maximum protection
and powerful security with high capacity and low modification rate.

January 10, 2020 44

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
The authors Nayana Banjan and Prajkta Dalv (Nayana Banjan, 2018) proposed medical
data security where patient’s data is first encrypted using Advanced Encryption
Standard Algorithm and then the encrypted data is hided in a medical image using
image steganography by Least Significant Bit Algorithm.

The authors Norah Alassa, Basem Alkazemi and Adnan Gutub (Norah Alassaf, 2017)
proved that in order to protect the private medical information in the IoT field, the search
for the optimal encryption algorithm is a must. Electronic sensors are used to collect
medical data from the patient's body getting its transmission to the healthcare system
securely. It is essential to ensure trust and data secrecy from the initial point-sensors
throughout the medical treatment to prevent any unauthorized access or unneeded
interruption. Thus, data encryption from the beginning sensors is necessary but facing all
limitations in computing complexity, power consumption and communication bandwidth.

The high need of energy, memory and computation requirements of the traditional
algorithms like RSA and AES, emphasized the need to adapt DNA Cryptography to secure
medical information that are stored in remote server where it is used for medical therapy,
testing and further analysis. Medical sensors are small devices that collect information from
the patient and send to the central server. They are resource constrained like low memory,
low computation and low energy used. To secure information from these sensors and
remote server a combination of DNA cryptography algorithm and steganography Least
Significance Bit (LSB) authentication algorithm is proposed in this research.

January 10, 2020 45

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
Chapter Three
3. Proposed system Design
3.1. Background
The main objective of this research is to develop security algorithm by combining
cryptography and steganography while incurring minimal perceptual degradation and to
solve the problem of unauthorized data access for medical information.

In this system design, first sender and receiver share one-time pad key using Diffie and
Hellman algorithm, the message will be encrypted using DNA Cryptographic algorithm
and then the encrypted message (not the plain data) is embedded inside a cover image using
LSB steganography. One-time pad key is used for encrypting and decrypting the plain text.
The combination of these two methods will enhance the security of the data embedded.
The resulting stego-image can be transmitted without revealing that secret information is
being exchanged. Furthermore, even if an attacker were to defeat the steganographic
technique to detect the message from the stego-object, he or she would still require the
cryptographic decoding method to decipher the encrypted message.

The Graphical User Interface (GUI) is developed using Matlab 2018a for sharing key, data
encryption and then embedding the cipher text in a cover image. The developed application
will show to input two prime numbers in order to generate public key and secret key, they
are used later for creating secret channel to share one-time pad key. Then plain text and
one-time pad key coded into DNA bases, namely A, C, G and T. Cipher text produced from
DNA cryptography embedded into image using LSB Steganography. Finally, a stego-
image will be produced and send to receiver over unsecure environment. The proposed
architecture mainly consists of the following modules:
➢ Key Sharing/Distribution
➢ Secret Key Generation
➢ Encryption Module
➢ Steganography Module

January 10, 2020 46

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
➢ Decryption Module

Fig 3. 1. Block Diagram of New algorithm

3.2. One-Time Pad Secret Key

One Time Pad cryptography has been used because it is perfectly random scheme.
According to Otto Kugler, the CEO of MILS electronics, “One Time Pad encryption is that
the only proven unbreakable encryption method”. The input has been taken within the sorts
of alphabets, numeric or the other special character. The OTP keys can also be any of those
forms. one-time Pad encryption could be a very simple, yet completely unbreakable cipher
method. it's been used for many years in mils electronic cipher systems for encrypting our
customers’ sensitive data. Over the years, we've perfected the implementation of one Time
Pad encryption into our products. Today, our high level of automation, high capacity
storage media, continuous key protection and large one-time Pads offer our customers
outstanding message security without sacrificing convenience. The One Time Pad
encryption method is a binary additive stream cipher, where a stream of truly random keys

January 10, 2020 47

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
is generated and then combined with the plain text for encryption or with the ciphertext for
decryption by an ‘exclusive OR’ (XOR) addition. One Time Pad keys are used in pairs.
One copy of the key is kept by each user and the keys are distributed securely prior to
encryption. One-time pad cipher is a type of Vignere cipher which includes the following
features.

➢ It is an unbreakable cipher.
➢ The key is exactly same as the length of message which is encrypted.
➢ The key is made up of random symbols.
➢ key is used one time only and never used again for any other message to be
encrypted.
➢ To encrypt plain text data, the sender uses a key string equal in length to the plain
text. The key is used by mixing (XOR-ing) bit by bit, always a bit of the key with
a bit of the plain text to create a bit of cipher text.
➢ This cipher text is then sent to the recipient.
➢ At the recipient’s end, the encoded message is mixed (XOR-ed) with the duplicate
copy of the One Time Key and the plain text is restored

3.3. Steganography Module

3.3.1. Least Significant Bit (LSB) substitution

In today’s world, almost in every page on the internet, digital images can be found due to
the easiest distribution. Therefore, image files are the most commonly used environments
for steganography applications, although they vary according to the formats used. The
human eye cannot detect the small changes in color or patterns and due to this weakness,
text or graphic files can be inserted into the carrier image without being detected. Digital
color images use 24-bit for each pixel and use the RGB color model, also known as true
color. Different methods can be used to hide information in images. These methods can
be categorized under two headings, considering the data they used during embedding.

January 10, 2020 48

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
1. Spatial / Image Domain Technique
2. Frequency / Transform Domain Technique
In Spatial Domain or Image Domain, the pixels of the image file are directly changed for
embedding secret data in it. An example of this technique is the Least Significant Bit
Insertion (LSB) method, which is commonly used (Ali, Sohrawordi, & Uddin, 2019).

Least significant bit (LSB) is the most commonly used type of insertion scheme used
currently in digital steganography. This method is probably the easiest way of hiding
information in an image and yet it is surprisingly effective (Shamim & Kattamanchi, 2016).
This embedding method is based on the fact that the least significant bits in an image can
be thought of as random noise, and consequently they become not responsive to any change
on the image. Lossless compression techniques are employed in this thesis work in order
to maintain the original image data exactly. The encrypted message to be hidden in the true
color image is already in integer forms and subsequently converted into streams of 8-bit
binary digit. Then each pixel is converted into 8-bit binary value. As image comprises of
pixel contribution from Red, Green and Blue components and each pixel has numbers from
the color components (for 24-bit image each of red, green and blue pixel has 8 bit). At 8
bits of the color number, if we change least significant bits, our visual system cannot detect
changes in pixel and thus it is possible to replace message bits with image pixel bit.

The LSB of the Red color are used to determine whether each cipher bits will substitute
the LSB of the Blue or Green color. The algorithm to hide the cipher text in the cover image
will be:

➢ Convert the cipher text to streams of binary bits

➢ Convert each RGB colors of a pixel to binary bits
➢ XOR each expanded key bit with LSB of Red color
➢ If result is 1
o substitute the LSB of Green color with the first bit of the cipher text and
o LSB of Blue color with the second bit of cipher text

January 10, 2020 49

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
➢ Else
o substitute the LSB of Blue color with the first bit of the cipher text and
o LSB of Green color with the second bit of cipher text
➢ Similarly substitute the next bits of the cipher bits

Fig 3. 2. Ciphering and Embedding Process of proposed Algorithm

3.5. Deciphering Module

3.5.1. Extraction Process

During extraction process the same key used during embedding process is used to extract
the cipher text from the stego-image. Key expansion and cipher text extraction from stego-
image is exactly in the same way as the embedding process.

The cipher text is extracted from the Stego-image which is previously created during
embedding process using the same secret key 2. The user inputs the stego-image to the
extraction algorithm in the developed GUI and secret key in order to extract the cipher text.

January 10, 2020 50

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
The method of retrieval of message from the stego-image is called steganalysis [9]. The
data extraction algorithm is the inverse of the embedding algorithm. In extracting encrypted
message, the process opens the stego-image file and read the RGB color of each pixel.
According to the developed algorithm, the LSBs of Green and Blue of stego-image are
extracted until the terminator characters are encountered. The extracted LSB are placed in
the array and converted into decimal value that is actually ASCII value of encrypted
message. Each 8 bit from the array is converted into character and displayed in text editor.
Thus, the message that is retrieved from the image is actually encrypted form of the original
message. The message retrieved is then sent to decryption.

3.5.2. Deciphering Process

The deciphering process employs the same technique as ciphering technique but in
opposite direction. The same key used during enciphering process is used to decipher the
original plain text. This key will be expanded in the same fashion as the encryption process.
But the last expanded block of keys will be used in the first round.

Fig 3. 3. Extractions and Deciphering Process of the New Algorithm

January 10, 2020 51

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
3.6. Key Management and Distribution
Key distribution is the function that delivers an encryption and decryption key to two
parties who wish to exchange secure encrypted data. Some sort of mechanism or protocol
is needed to provide for the secure sharing of keys. Key distribution mainly involves the
use of master keys, which are infrequently used and are long lasting, and session keys,
which are generated and distributed for temporary use between two parties. Public-key
encryption schemes are secure only if the authentication of the public key is assured. A
public-key certificate scheme provides the basic security. The topics of cryptographic key
management and cryptographic key distribution are complex, involving cryptographic,
protocol, and management considerations during key distribution. One of the most
important uses of a public-key cryptosystem is to encrypt secret keys for distribution. For
symmetric encryption to share key, the two parties to an exchange must share the same
key, and that key must be protected from access by others. Furthermore, frequent key
changes are usually desirable to limit the amount of data compromised if an attacker learns
the key.

The first public key scheme was invented by Diffie and Hellman. Though it could not be
used to send messages, it could establish secret keys for use in secret key cryptosystems. a
public-key distribution scheme that cannot be used to exchange an arbitrary message rather
it can establish a common key known only to the two participants where value of key
depends on the participants (and their private and public key information) based on
exponentiation in a finite field (modulo a prime or a polynomial) (Stallings, 2006).
➢ The pair of numbers (q, α) is public.
➢ This pair of numbers may be used for several runs of the protocol.
➢ These two numbers may even stay the same for a large number of users for a long
period of time.
➢ Subsequently, A and B use the algorithm described below to calculate their public
keys that are then made available by each party to the other:
We will denote A’s and B’s private keys by XA and XB.

January 10, 2020 52

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
And their public keys by YA and YB.
In other words, X stands for private and Y for public.
➢ A selects a random number XA from the set {1, 2, . . . , q − 2} to serve as his/her
private key.
➢ A then calculates a public-key integer YA that is guaranteed to exist:
YA = αXA mod q
➢ A makes the public key YA available to B.
Similarly, B selects a random number XB from the set
{1, 2, . . ., q − 2} to serve as his/her private key.
➢ B then calculates an integer YB that serves his/her public key:
YB = αXB mod q
➢ B makes the public-key YB available to A.
➢ A now calculates the secret key K from his/her private key XA and B’s public key
YB:
K = (YB)XA mod q
➢ B carries out a similar calculation for locally generating the shared secret key K
from his/her private key XB and A’s public key YA:
K = (YA)XB mod q
➢ shared session key for users A & B is KAB:
KAB = αXA.XB mod q
= YAXB mod q (which B can compute)
= YBXA mod q (which A can compute)
➢ KAB is used as session key in private-key encryption scheme between sender and
receiver.

January 10, 2020 53

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering

Fig 3. 4. Key sharing using Diffie and Hellman mechanism

Chapter Four
4. Test and Analysis of the New Algorithm
4.1. Overview
It is necessary to perform various tests after the completion of the design and
implementation of the algorithm to validate its operation. The Functionality test and
repeated tests will be performed on the new algorithm to validate its operation.

4.2. Functionality Test

Functional testing is performed on the designed new algorithm to verify whether it can
function as required. The new algorithm is implemented using a Matlab code and a GUI
are developed to encrypt a sample of plain text using the one-time pad and then it will be
embedded in a true color JPG image file. Using the same key cipher text will be extracted
from the Stego-Image and then it will be deciphered to retrieve the original plain text. The
figure below shows the ciphering and deciphering process.

January 10, 2020 54

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering

Fig 4. 1. Encryption Functional Test of the Developed Algorithm

January 10, 2020 55

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering

Fig 4. 2. Decryption Functional Test of the Developed Algorithm

It depends mainly on the plain text size. It verifies that the decrypted text is identical to
the original plain text.

4.3. Repeated Tests

Repeated test is performed on the designed new algorithm to verify whether it performs as
required for different plain texts and one-time pad keys. The functionality test was
performed repeatedly for 20 different plain texts with the same one-time pad keys and
different keys for each plain text. The encrypted plain text will be hidden in to the cover
image. Finally, the extracted cipher text from stego-image will be deciphered using the
same key and cross checked with the original plain text. The following figure shows the

January 10, 2020 56

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
first encryption and decryption processes snapshot. In addition, it shows the time taken to
encrypt the plain text, and the number of encrypted decrypted characters.

January 10, 2020 57

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering

Fig 4. 3. Repeated Functional Test

January 10, 2020 58

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
Chapter Five
5. Performance analysis of new algorithm
5.1. Overview
Performance analysis is performed on the new algorithm to determine how properly the
algorithm processes the encryption, decryption and steganography operations based on
some predefine analysis metrics. Using these metrics, the cryptographic algorithm will be
compared with the existing DNA cryptography algorithm, which is currently accepted as a
strong encryption algorithm. The steganography algorithm will be measured using the most
common image quality measuring standard PSNR. The performance metrics used to
measure and compare the performance of the new algorithm are divided in to Encryption
Performance Analysis and Steganography Performance Analysis.

5.2. Encryption Performance Metrics

5.2.1. Encryption time

Encryption time is the time taken by the algorithm to convert the plain text to cipher text.
It is used to calculate the encryption throughput of the algorithm. In most encryption
algorithms encryption time depends on the complexity of the algorithm, secret key, and
size of plain text. In this thesis a number of encryption times of the encryption algorithm
were collected for different plain text size using the same secret key and then the
relationship between size of plain text and encryption time will be analyzed. It will be
compared with the strong currently used AES algorithm. The following figure shows the
snapshot of the encryption process of the new algorithm and AES with LSB algorithm.
AES with LSB algorithm is implemented using Matlab 2016a GUI.

January 10, 2020 59

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering

Fig 5. 1. New algorithm Encrypting and Hiding Process

Fig 5. 2. Time elapsed for encryption and Data Size Indicator

January 10, 2020 60

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering

Fig 5. 3. AES- LSB encryption and hiding process

Fig 5. 4. AES-LSB Time, Round Number, And Data Size Indicator

The following table shows different encryption times and their respective plain text size of
the new developed algorithm and AES LSB algorithm.

January 10, 2020 61

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
Table 5. 1. Encryption Time Vs. Data Size

Size in byte 1248 2512 3760 5008 6256 7504 10000

Time in New Algorithm 0.029 0.031 0.032 0.034 0.103 0.166 0.198
Seconds
AES- LSB 4.5 7.2 10.1 11.5 14.2 16.2 20.5

Fig 5. 5. Encryption Time Vs. Size of Encrypted Data

The encryption time of the new algorithm is varying at all data size not in uniformity due
to the computing or processing variation of the computer where the encryption time of new
algorithm is better than that of AES LSB algorithm.

January 10, 2020 62

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
5.2.2. Encryption Throughput
Encryption throughput is a measure of the total number of bytes of the plain text converted
to cipher text successfully during the encryption time. It indicates the speed of the
encryption process. Mathematically, it is calculated by dividing the total number of bytes
of the plain text converted to cipher text by encryption time. a typical way of measuring
throughput is to send data from the input (source) to the output (destination). Using the
timer, check the start time and then the finish time to compute the difference between them.
Then,
Encryption throughput = number of bytes completed
encryption time
Table below shows the effect of the change of plain text size on encryption throughput.
Table 5. 2. Encryption Throughput Vs. Data Size

Size in byte 1248 2512 3760 5008 6256 7504 10000

Through New Algorithm 1402.5 8103.2 11750.2 14729.3 6073.7 4520.4 11235.9
put
AES- LSB 277.33 348.89 372.28 435.48 440.56 463.21 487.80

January 10, 2020 63

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering

Fig 5. 6. Throughput Vs. Data Size

The above figure 5.6 shows throughput of AES LSB and the new algorithm for varying
data size. Throughput of the New developed algorithm is greater than that of AES LSB
because of the new algorithm encryption time is less as shown in the above.

5.2.3. Energy Consumption

Energy consumption is the energy consumed by computing devices to execute the New
developed algorithm to successfully convert the plain text to cipher text. Because of the
battery power limitations of the computing devices, it is necessary to analyze the power
consumption of the algorithm. The amount of energy consumed by the processor to
successfully encrypt the plain text by the new algorithm is given by (Alem, 2011).

E (joules) = V*I*T

Where V is the average voltage consumed by the processor, I is the average current
consumed by the processor, and T the encryption time.

January 10, 2020 64

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
Table 5. 3. Energy Consumption Vs. Data Size

Size in byte 1248 2512 3760 5008 6256 7504 10000

Energy New Algorithm 142.5 463.2 575.2 729.3 973.7 1020.4 1135.9

in Joule AES- LSB 238.95 382.32 536.31 610.65 754.02 860.22 1088.55

Fig 5. 7. Energy Consumption Vs. Data Size

January 10, 2020 65

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
5.3. Steganography Performance Metrics
A set of techniques or metrics are utilized to measure the steganography performance. They
are related to the time rate required to complete the operation, resources utilized and size
of the secret message and cover image. These metrics indicate how well a developed
algorithm performs.

The stego-image is analyzed by studying the distortion and/or similarity between the cover
and stego-image statistically. Distortion between two different images is measured by
considering the most commonly used performance measurement metrics PSNR and MSE
(Ansari, 2019). If a distortion occurs after the stego-analysis is implemented on the stego-
image then it is perceived that the image may contain the hidden data otherwise not. The
PSNR is used to measure invisibility of the hidden message and to analyze the quality of
the embedded texture image, with respect to the original or cover image. Some other
performance metrics considered in data hiding are (Shristi Mishra, 2015): Encryption
Time, Throughput, and Utilization factor.

5.3.1. Encryption Time

It is the time required by the developed steganography algorithm to successfully hide the
secret message to stego-image. The time depends on the complexity of the algorithm the
size of the secret key and the size of the secret message. Various encryption times were
collected for varying embedded encrypted text size in the cover image in the table below.
It is used to measure throughput of the steganography algorithm. The dimension of the
image used as a cover image is 800 x 600 pixels. It can hide data with a maximum size of
800*600/4=120 Kbyte.
Table 5. 4. Data Size Vs. Embedding Time

Size in byte 1936 1248 2512 3760 5008 6256 7504 10000

Time in Sec 0.925 1.549 3.678 6.867 10.103 13.281 18.776 18.962

January 10, 2020 66

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering

Fig 5. 8. Hidden Data Size Vs. Encryption Time

5.3.2. Throughput

It measures the total number of bytes of the secret message successfully hidden to stego-
image within a given period of time. It is given by the following formula.
Throughput =𝑛u𝑚𝑏er of bytes hidden in the cover images
Embedding time

Table 5. 5. Throughput vs hidden data size

Size in byte 1936 1248 2512 3760 5008 6256 7504 10000

Time in Sec 2092.97 805.68 682.98 547.55 495.69 471.05 399.65 527.37

January 10, 2020 67

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering

Fig 5. 9. Throughput Vs. Hidden Data Size

5.3.3. Utilization Factor

The utilization factor denotes the amount of cover image that has been utilized to embed
the secret message into it. And it is given by
Utilization factor = secret message size (bits)/ cover medium size (bits)*100

5.3.4. Mean Square Error (MSE):

It is the measure used to quantify the difference between the initial and the distorted or
noisy image. Generally speaking, when the secret message increases, the MSE will
increase, and this will affect the PSNR inversely. So, from trade-off it was found that MSE
decrease causes PSNR increase and vice-versa. PSNR values falling below 30 dB indicate
a fairly low quality, i.e., distortion caused by embedding can be obvious; however, a high
quality stego-image should be 40 dB and above (Mehndiratta, 2017) (Salameh, 2018).

January 10, 2020 68

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
It is a figure of merit which indicates the degree of similarity or differences between two
images. Lesser the MSE value of an image better is the quality and less distortion from
the original.

Where,
M-Total number of rows
N-Total number of columns
(i, j)- (rows, columns)
x- cover Image
y- stego Image

5.3.5. PSNR (Peak Signal to Noise Ratio) value

Usually, the invisibility of the hidden data in stego-images is measured in terms of the
PSNR and it is the most common type metrics to measure the quality of an image (Shamim
& Kattamanchi, 2016). PSNR is the ratio between the maximum possible power of a signal
and the power of corrupting noise that affects the reliability of its representation. PSNR is
usually expressed in terms of a logarithmic decibel scale (Ali, Sohrawordi, & Uddin, 2019).

Table 5. 6. PSNR value of an Image for Varying Data Size

Size in byte 1936 1248 2512 3760 5008 6256 7504 10000

PSNR Value 68.32 66.93 65.35 62.18 60.40 57.92 56.25 53.67

January 10, 2020 69

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering

Fig 5. 10. PSNR value Vs. Embedded Data Size

A higher PSNR value indicates that the reconstruction is of higher quality. The signal in
this case is the original data, and the noise is the error due to hiding.

January 10, 2020 70

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
Chapter Six
6. Conclusions and Recommendations
6.1. Conclusion
This developed algorithm is implemented the concept of cryptography and steganography
for the security of medical data. DNA cryptography is a promising and rapid emerging
field in data security. The conventional binary data uses two digits ‘0’ and ‘1’ to code
information. But for DNA molecules, which is the natural transporter of information, data
is encoded by four bases viz. ‘A’, ‘T’, ‘G’ and ‘C’. A few grams of DNA molecules have
the capacity to restrain all the data stored in the world. In order to achieve better security
for medical data one-time pad key is used with DNA cryptography.

The functional test and repeated tests show that the developed encryption algorithm and
steganography algorithm can properly encrypt the plain text and hide the cipher text in
cover image. It was tested for different plain texts and different one-time pad keys. The
cipher text was embedded in different cover images. Finally, the cipher text was extracted
from the stego-image using the developed extraction algorithm and the cipher text is
decrypted using the DNA cryptography decryption algorithm. For all cases, the decrypted
plain text is exactly the same as that of the original plain text.

Now a day a lot of images are transmitted through internet and shared among different
peoples through the social network. So, it is possible to transfer valuable information
through the internet without giving any clues by imbedding the information in images with
very small (acceptable) distortion as shown by the PSNR test. Even if the attackers can be
able to extract the information from the image it is encrypted using strong encryption
algorithm. The performance of the new encryption algorithm measured by: encryption
time, throughput, and energy consumption are almost better than AES LSB algorithm.

January 10, 2020 71

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
6.2. Recommendation
The cryptographic and steganographic tests were performed on the new developed
algorithm and performed as required. This thesis work used LSB JPG image format for the
steganographic part, the rest image format DWT and others with different image extension.

6.3. Future Work

For the future deploy the new algorithm in real time Medical sensors using FPGA
technology.

January 10, 2020 72

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
References
Ahmed AL-Shaaby, T. A. (2017). Cryptography and Steganography: New Approach.
Transactions on Networks and communication, 25-38.

Aithal, V. P., & S., D. P. (2017). Cloud Computing Security Issues- Challenges and
Opportunities. International Journal of Management, Technology and Social Sciences,
34-42.

Alem, H. F. (2011). PERFORMANCE ANALYSIS OF CHAOTIC ENCRYPTION USING A

SHARED IMAGE AS A KEY. Journal of EEA.

Awadh, W. A. (2016). A Novel Approach for Hiding Information in Text Steganography.

International Journal of Scientific & Engineering Research, 12-19.

Basu, S., Bardhan, A., Gupta, K., Saha, P., Pal, M., Bose, M., . . . Sarkar, P. (2018). Cloud
Computing Security Challenges & Solutions-A survey. IEEE 8th Annual Computing and
Communication Workshop and Conference, 347-356.

Beenish Anam, K. S., Hossain, A., & Dahal, K. (2010). Review on the Advancements of DNA
Cryptography. Innovation, Networking and Knowledge exchange.

Čolaković, A., & Hadžialić, M. (2018). Internet of Things (IoT): A Review of Enabling.
Computer Networks, 27-39.

Dimitrova, B. &. (2017). Steganography of Hypertext Transfer Protocol Version 2 (HTTP/2).

Journal of Computer and Communications, 98-111.

Divyanjali, A. a. (2014). An Overview of Cryptographically Secure Pseudorandom Number

Generators and BBS . International Conference on Advances in Computer Engineering &
Applications.

EBassham, L. (2010). Statistical Test Suite for Random and Pseudorandom Number Generators
for Cryptographic Applications. NIST Special Publication 800-22 Revision 1a-A.

Fazal Noorbasha, S. M. (2019). FPGA Based DNA Cryptography System for Medical Image
Data Analysis Process. International Journal of Innovative Technology and Exploring
Engineering (IJITEE), 128-131.

G. Thamilarasu, A. O. (2016). Securing Wireless Body Area Networks: Challenges , Review and
Recommendations. IEEE International Conference on Computational Intelligence and
Computing Research (ICCIC), 1-7.

Grasha Jacob, A. M. (2013). DNA based Cryptography: An Overview and Analysis.

International Journal of Emerging Sciences , 36-42.

January 10, 2020 73

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
Hamdan. O. Alanazi, B. B. (2016). ew Comparative Study Between DES, 3DES and AES within
Nine Factors. in JOURNAL OF COMPUTING, 152-157.

Hassan Al-Mahdi, M. A. (2019). Design and Analysis of DNA Encryption and Decryption
Techniques Based on Asymmetric Cryptographic System. International Journal of
Advanced Computer Science and Applications, 499-506.

Hemachandran, S. A. (2012). High Capacity data hiding using LSB Steganography and
Encryption . in International Journal of Database Management System , 57-68.

Jayavardhana Gubbi, R. B. (2013). Internet of Things (IoT): A Vision, Architectural Elements,

and Future Directions. Future Generation Computer Systems, 1646-1659.

Kiran Dewangan, M. M. (2018). A Review: Security of IOT Based Healthcare System. CCET
JOURNAL OF SCIENCE AND ENGINEERING EDUCATION, 25-28.

Mehndiratta, A. (2017). Data Hiding System Using Cryptography & Steganography: A

Comprehensive Modern Investigation . International Research Journal of Engineering
and Technology (IRJET), 397-403.

Mohapatra, R. V. (2017). A Secure Three-Party Authentication Protocol for Wireless Body Area
Networks. IEEE 3rd International Conference on Sensing, Signal Processing and Sec
urity (ICSSS), 99-103.

Mojtaba Alizadeh, W. H. (2014). Challenges and Opportunities of Mobile Cloud Computing .

IEEE, 660-666.

Moosavi, S. R., Gia, T. N., Rahmani, A.-M., Nigussie, E., Virtanen, S., Isoaho, J., & Tenhunen,
H. (2015). SEA: A Secure and Efficient Authentication and Authorization
Architecturefor IoT-Based Healthcare Using Smart Gateways. 6th International
Conferenceon Ambient Systems, Networks and Technologies, 452 – 459.

N. Sandeep, S. H. (2018). An Improved Method of Steganography Combined with Cryptography.

International Journal of Advance Engineering and Research and Development, 539-545.

Nagpal, S. (2018). Collaboration of Cryptography and Steganography for Enhanced Security: A

Review . International Journal of Engineering Science Invention(IJESI), 72-78.

Nayana Banjan, P. D. (2018). Medical Data Security using combination of Cryptography and
Steganography with AES-LSB algorithm. International Journal of Advanced Research in
Electronics and Communication Engineering (IJARECE), 673-677.

January 10, 2020 74

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
Noha MM. AbdElnapi, e. a. (2018). A Survey of Internet of Things Technologies and Projects for
Healthcare services. International Conference on Innovative Trends in Computer
Engineering, 48-55.

Norah Alassaf, B. A. (2017). Applicable Light-Weight Cryptography to Secure Medical Data in

IoT Systems. Journal of Research in Engineering and Applied Sciences, 50-58.

Phad Vitthal S., B. R. (2012). A Novel Security Scheme for Secret Data using Cryptography and
Steganography . I.J. Computer Network and Information Security, 36-42.

Phad Vitthal S., B. R. (2012). A Novel Security Scheme for Secret Data using Cryptography and
Steganography . I.J. Computer Network and Information Security, 36-42.

PriaBharti, R. (2012). A New Hybrid Approach Crypsteg of Data Hiding in Images Using
Cryptography and Steganography . International Journal of Engineering and Innovative
Technology (IJEIT) , 88-93.

R. Josephius Arunkumar, R. A. (2017 ). Enhancement of Cloud Computing Security In Health

Care Sector . International Journal of Computer Science and Mobile Computing , 23-31.

Raghavendran, C. V. (2018 ). Challenges and Opportunities in Extending Cloud with Fog

Computing . International Journal of Engineering & Technology, 142-146.

Rathi, G., M, A., M, D., & T, K. (2015). Healthcare Data Security in Cloud Computing.
International Journal of Innovative Research in Computer and communication
Enginneering, 1807-1815.

S. M. Riazul Islam, D. K.-S. (2015). The Internet of Things for Health Care: A Comprehensive
Survey. Institute for Information and communications, 678-708.

Salameh, J. N. (2018). A Secure Transmission Approach for Medical Images and Patient’s
Information by Using Cryptography and Steganography. International Journal of
Computer Science and Network, 289-303.

Shade, O. K., Awudele, O., & F, I. (2014). Cloud Computing Security Issues and Challenges.
International Journal of Computer Networks, 247-255.

Shery Elizabeth Thomas, S. T. (2012). Advanced Cryptographic Steganography Using

Multimedia Files. International Conference on Electrical Engineering and Computer
Science (ICEECS-2012), 50-76.

Shristi Mishra, P. P. (2015). A Review on Steganography Techniques Using cryptography.

International Journal of Advance Research In Science And Engineering, 1040-1046.

January 10, 2020 75

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
Stallings, W. (2006). CRYPTOGRAPHY AND NETWORK SECURITY PRINCIPLES AND
PRACTICE FIFTH EDITION. Pearson Education, Inc. Prentice : Prentice hall.

Syed Tauhid Ullah Shah, H. Y. (2019). Internet of Things-Based Healthcare: Recent Advances
and Challenges. Applications of Intelligent Technologies in Healthcare, EAI/Springer
Innovations in Communication and Computing, 153-162.

Terec, R. V., Mircea, F., Alboaie, L., & Chiorean, L. (2011). DNA Security using Symmetric and
Asymmetric Cryptography. IJNCAA, 34-51.

Wencheng Sun, e. a. (2018). Security and Privacy in the Medical Internet of Things: A Review.
Security and Communication Networks, 1-9.

Wid Akeel Awadh, A. S. (2019). A Review of Various Steganography Techniques in Cloud

Computing. Journal Of Science, 113-119.

Worlanyo, E. (2015 ). A Survey of Cloud Computing Security: Issues, Challenges and Solutions .
Recent Advances in Networking , 2-12.

Worlanyo, E. (2015). A Survey of Cloud Computing Security: Issues, Challenges and Solutions.
Recent Advances in Networking, 2-12.

January 10, 2020 76

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering

Appendices
Appendix A

Key sharing of Sender and Receiver

function varargout = file1(varargin)
gui_Singleton = 1;
gui_State = struct('gui_Name', mfilename, ...
'gui_Singleton', gui_Singleton, ...
'gui_OpeningFcn', @file1_OpeningFcn, ...
'gui_OutputFcn', @file1_OutputFcn, ...
'gui_LayoutFcn', [] , ...
'gui_Callback', []);
if nargin && ischar(varargin{1})
gui_State.gui_Callback = str2func(varargin{1});
end

if nargout
[varargout{1:nargout}] = gui_mainfcn(gui_State, varargin{:});
else
gui_mainfcn(gui_State, varargin{:});
end

% --- Executes just before file1 is made visible.

function file1_OpeningFcn(hObject, eventdata, handles, varargin)

% Choose default command line output for file1

handles.output = hObject;
guidata(hObject, handles);

function varargout = file1_OutputFcn(hObject, eventdata, handles)

varargout{1} = handles.output;

function R1_tag_edit_Callback(hObject, eventdata, handles)

function R1_tag_edit_CreateFcn(hObject, eventdata, handles)
if ispc && isequal(get(hObject,'BackgroundColor'), get(0,'defaultUicontrolBackgroundColor'))
set(hObject,'BackgroundColor','white');
end

% --- Executes on button press in pushbutton3.

function pushbutton3_Callback(hObject, eventdata, handles)

function edit5_Callback(hObject, eventdata, handles)

function edit5_CreateFcn(hObject, eventdata, handles)

January 10, 2020 77

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
if ispc && isequal(get(hObject,'BackgroundColor'), get(0,'defaultUicontrolBackgroundColor'))
set(hObject,'BackgroundColor','white');
end
function public_sender_edit_Callback(hObject, eventdata, handles)
function public_sender_edit_CreateFcn(hObject, eventdata, handles)
if ispc && isequal(get(hObject,'BackgroundColor'), get(0,'defaultUicontrolBackgroundColor'))
set(hObject,'BackgroundColor','white');
end

% --- Executes on button press in pushbutton4.

function pushbutton4_Callback(hObject, eventdata, handles)

function q_edit_Callback(hObject, eventdata, handles)

function q_edit_CreateFcn(hObject, eventdata, handles)

if ispc && isequal(get(hObject,'BackgroundColor'), get(0,'defaultUicontrolBackgroundColor'))
set(hObject,'BackgroundColor','white');

end

function a_edit_Callback(hObject, eventdata, handles)

function a_edit_CreateFcn(hObject, eventdata, handles)
if ispc && isequal(get(hObject,'BackgroundColor'), get(0,'defaultUicontrolBackgroundColor'))
set(hObject,'BackgroundColor','white');
end

function ka_kb_match_edit_Callback(hObject, eventdata, handles)

% --- Executes during object creation, after setting all properties.
function ka_kb_match_edit_CreateFcn(hObject, eventdata, handles)
if ispc && isequal(get(hObject,'BackgroundColor'), get(0,'defaultUicontrolBackgroundColor'))
set(hObject,'BackgroundColor','white');
end

% --- Executes on button press in secret_key_gen_radio.

function secret_key_gen_radio_Callback(hObject, eventdata, handles)
h=getappdata(0,'Values_of_q'); % h represents value of q
j=getappdata(0,'Values_of_xa'); % j represents data from xa
k=getappdata(0,'Values_of_xb'); % k represents data from xb
d=getappdata(0,'Values_of_ya'); % d represents data from ya
e=getappdata(0,'Values_of_yb'); % e represents data from yb

ha = power(e,j);
ha = mod(ha,h);
hb = power(d,k);
hb = mod(hb,h);

set(handles.ka_edit_tag,'string',num2str(ha));

January 10, 2020 78

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
set(handles.kb_edit,'string',num2str(hb));

% --- Executes on button press in key_match_radio.

function key_match_radio_Callback(hObject, eventdata, handles)

msgbox('ka==kb');
set(handles.ka_kb_match_edit,'string','Sender and Receiver Authenticated Each Other' );
file2

function R2_edit_Callback(hObject, eventdata, handles)

function R2_edit_CreateFcn(hObject, eventdata, handles)
if ispc && isequal(get(hObject,'BackgroundColor'), get(0,'defaultUicontrolBackgroundColor'))
set(hObject,'BackgroundColor','white');
end

function sender_public_edit_Callback(hObject, eventdata, handles)

function sender_public_edit_CreateFcn(hObject, eventdata, handles)
if ispc && isequal(get(hObject,'BackgroundColor'), get(0,'defaultUicontrolBackgroundColor'))
set(hObject,'BackgroundColor','white');
end
function kb_edit_Callback(hObject, eventdata, handles)
kb_secret=getappdata(0,'secret_key_gen_radio');

% --- Executes during object creation, after setting all properties.

function kb_edit_CreateFcn(hObject, eventdata, handles)
if ispc && isequal(get(hObject,'BackgroundColor'), get(0,'defaultUicontrolBackgroundColor'))
set(hObject,'BackgroundColor','white');
end

function ka_edit_tag_Callback(hObject, eventdata, handles)

ka_secret=getappdata(0,'secret_key_gen_radio');

% --- Executes during object creation, after setting all properties.

function ka_edit_tag_CreateFcn(hObject, eventdata, handles)
% hObject handle to ka_edit_tag (see GCBO)
% eventdata reserved - to be defined in a future version of MATLAB
if ispc && isequal(get(hObject,'BackgroundColor'), get(0,'defaultUicontrolBackgroundColor'))
set(hObject,'BackgroundColor','white');
end

% --- Executes on button press in pub_key_gene.

function pub_key_gene_Callback(hObject, eventdata, handles)
a=str2num(get(handles.a_edit,'String'));
q=str2num(get(handles.q_edit,'String'));

January 10, 2020 79

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
prime = 0;
while prime == 0
aq = isprime(a);
qq = isprime(q);
if aq == 0

msgbox('a is not prime');

else

msgbox('a is prime');
end
if qq == 0

msgbox('q is not prime');

else
msgbox('q is prime');
end
prime = aq & qq;
end

% to evaluate
xa = randi([1 q-1]); %take random value of Xa sender
xb = randi([1 q-1]); %take random value of Xb Reciever

setappdata(0,'Values_of_q',q);
setappdata(0,'Values_of_xa',xa);
setappdata(0,'Values_of_xb',xb);

ya = power(a,xa);
ya = mod(ya,q);
set(handles.public_sender_edit,'string',num2str(ya));
yb = power(a,xb);
yb = mod(yb,q);
set(handles.sender_public_edit,'string',num2str(yb));

setappdata(0,'Values_of_ya',ya);
setappdata(0,'Values_of_yb',yb);

January 10, 2020 80

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
Appendix B

Sender Side: Encryption and Hiding of data

% --- Executes on button press in encrypt_pushbutton.
function encrypt_pushbutton_Callback(hObject, eventdata, handles)
input = double(get(handles.plain_text_edit,'String'));
binput = de2bi(input,8,'left-msb');
key = double(get(handles.one_time_pad_edit,'String'));
bkey=de2bi(key,8,'left-msb');
output=xor(binput,bkey);
boutput=double(output);
num = double(numel(boutput));
boutput=boutput'
boutput;
for n=1:2:num-1
if(boutput(n)==0&&boutput(n+1)==0)
outputdnabases((n+1)/2)='A';
else if(boutput(n)==0&&boutput(n+1)==1)
outputdnabases((n+1)/2)='T';
else if(boutput(n)==1&&boutput(n+1)==0)
outputdnabases((n+1)/2)='C';
else
outputdnabases((n+1)/2)='G';
end
end
end
end
outputdnabases;
set(handles.DNA_cipher_text_edit,'String',outputdnabases)
setappdata(0,'Values_of_outputdnabases',outputdnabases);

function edit11_Callback(hObject, eventdata, handles)

function edit11_CreateFcn(hObject, eventdata, handles)
if ispc && isequal(get(hObject,'BackgroundColor'), get(0,'defaultUicontrolBackgroundColor'))
set(hObject,'BackgroundColor','white');
end

function DNA_cipher_text_edit_Callback(hObject, eventdata, handles)

function DNA_cipher_text_edit_CreateFcn(hObject, eventdata, handles)

January 10, 2020 81

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
if ispc && isequal(get(hObject,'BackgroundColor'), get(0,'defaultUicontrolBackgroundColor'))
set(hObject,'BackgroundColor','white');
end

function one_time_pad_edit_Callback(hObject, eventdata, handles)

function one_time_pad_edit_CreateFcn(hObject, eventdata, handles)
% hObject handle to one_time_pad_edit (see GCBO)
% eventdata reserved - to be defined in a future version of MATLAB
if ispc && isequal(get(hObject,'BackgroundColor'), get(0,'defaultUicontrolBackgroundColor'))
set(hObject,'BackgroundColor','white');
end

% Load of cover image

function cover_image_radiobutton_Callback(hObject, eventdata, handles)
[Filename,Pathname]=uigetfile('.jpg','file Selector');
cover_image=strcat(Pathname,Filename);
a=imread(cover_image);
axes(handles.axes1);
imshow(a);
setappdata(handles.cover_image_radiobutton,'values_of_Cover_image',cover_image)

%Steganography part
%Embedding of cover image and DNA Cipher text
function embedding_radiobutton_Callback(hObject, eventdata, handles)
global cover_image
global cipher_text
global stegoimage
text=cipher_text; %Integer Value of cipher text
cipher_text=getappdata(0,'Values_of_outputdnabases');
cover_image=getappdata(handles.cover_image_radiobutton,'values_of_Cover_image');

L=length(text);
tic
textb= dec2bin(text,8);
for i=1:L
textbst(8*i-7:8*i)=textb(i,1:8);%convert the cipher text in to stream of bits
end
imgrgb=cover_image;
[row,col,p]=size(imgrgb);

%Convert Each Pixel to Binary Bits

January 10, 2020 82

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
imgr=imgrgb(:,:,1);
imgg=imgrgb(:,:,1);
imgb=imgrgb(:,:,1);
imgrb=hexToBinaryVector(dec2hex(imgr(:,1:ceil(4*L/row))),8);
imggb=hexToBinaryVector(dec2hex(imgg(:,1:ceil(4*L/row))),8);
imgbb=hexToBinaryVector(dec2hex(imgb(:,1:ceil(4*L/row))),8);

% Imbed Each Bit Of Cipher Text In G And B Pixels

for i=1:4*L
imggb(i,8)=textbst(2*i-1);
imgbb(i,8)=textbst(2*i);
end

%Convert Each Pixel to Decimal Values

imggbrev=binaryVectorToDecimal(imggb);
imgbbrev=binaryVectorToDecimal(imgbb);
imggrevT=reshape(imggbrev,row,[]);
imgbrevT=reshape(imgbbrev,row,[]);
imgrrev=imgr;
imggrev=[imggrevT(:,:),imgg(:,ceil(4*L/row)+1:col)];
imgbrev=[imgbrevT(:,:),imgb(:,ceil(4*L/row)+1:col)];

% Merge or concatenate the Pixels

stegoimage=cat(3,imgrrev,imggrev,imgbrev);
time=toc;
axes(handles.stegoimagedisplay);
imagesc(stegoimage);
set(handles.stegoimagedisplay);
msgbox({['Time Elapsed for Hidding the Cipher Text in Cover guider Image is ',num2str(time),'
Seconds']},'Hidding Cipher Text in Image');
set(handles.stegoimagedisplay,'Visible','off');

% --- Executes during object deletion, before destroying properties.

function encryption_panel_DeleteFcn(hObject, eventdata, handles)
function encryption_panel_CreateFcn(hObject, eventdata, handles)

% --- Executes on button press in steganography_cont_radiobutton.

function steganography_cont_radiobutton_Callback(hObject, eventdata, handles)
file3
% --- Executes on button press in pushbutton3.
function pushbutton3_Callback(hObject, eventdata, handles)

January 10, 2020 83

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
Appendix C
Receiver side: Steganalysis and Decryption of cipher data

function pushbutton1_Callback(hObject, eventdata, handles)

function edit2_Callback(hObject, eventdata, handles)
function edit2_CreateFcn(hObject, eventdata, handles)
if ispc && isequal(get(hObject,'BackgroundColor'), get(0,'defaultUicontrolBackgroundColor'))
set(hObject,'BackgroundColor','white');
end
function pushbutton2_Callback(hObject, eventdata, handles)
function edit3_Callback(hObject, eventdata, handles)

function edit3_CreateFcn(hObject, eventdata, handles)

if ispc && isequal(get(hObject,'BackgroundColor'), get(0,'defaultUicontrolBackgroundColor'))
set(hObject,'BackgroundColor','white');
end

% --- Executes on button press in Extraction_radiobutton.

function Extraction_radiobutton_Callback(hObject, eventdata, handles)
global cipherint;

stego_image=getappdata(handles.embedding_radiobutton,'values_of_stego_image');
imgrgb=stego_image;
[row,col]=size(imgrgb);
imagesc(imgrgb);

%Extract Each Pixel

imgr=imgrgb(:,:,1);
imgg=imgrgb(:,:,2);
imgb=imgrgb(:,:,3);

%Convert Each Pixel to Binary Bits

if row-r<8
imgrb=hexToBinaryVector(dec2hex([imgr(r+1:row,c);imgr(1:8-row+r,c+1)]),8);
imggb=hexToBinaryVector(dec2hex([imgg(r+1:row,c);imgg(1:8-row+r,c+1)]),8);
imgbb=hexToBinaryVector(dec2hex([imgb(r+1:row,c);imgb(1:8-row+r,c+1)]),8);
else
imgrb=hexToBinaryVector(dec2hex(imgr(r+1:r+8,c)),8);

January 10, 2020 84

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
imggb=hexToBinaryVector(dec2hex(imgg(r+1:r+8,c)),8);
imgbb=hexToBinaryVector(dec2hex(imgb(r+1:r+8,c)),8);
end
ii=ii+8;
imgrbtemp=imgrb ;

%Extract Bits from LSB of G and B Pixel

for i=1:8
if xor(imgrbtemp(i,8),keyexptemp(i))==0
textbst(2*i-1)=imggb(i,8);
textbst(2*i)=imgbb(i,8);
else
textbst(2*i)=imggb(i,8);
textbst(2*i-1)=imgbb(i,8);
end
end

ciptemp=(binaryVectorToDecimal(reshape(textbst,8,2)')');
cip=[cip1,ciptemp];
cip1=ciptemp;
cipherint1(2*e-1:2*e)=ciptemp;
e=e+1;
time=toc;
cipherint=cipherint1;
ciphertxt=char(cipherint);
msgbox({['Time Elapsed for Extracting Cipher Text is
',num2str(time),'Seconds']},'NewDeciphering');
set(handles.ciphertext,'String',ciphertxt);

% --- Executes on button press in Embedding_radiobutton.

function Embedding_radiobutton_Callback(hObject, eventdata, handles)
function radiobutton3_Callback(hObject, eventdata, handles)
function stego_image_edit_Callback(hObject, eventdata, handles)
function stego_image_edit_CreateFcn(hObject, eventdata, handles)
if ispc && isequal(get(hObject,'BackgroundColor'), get(0,'defaultUicontrolBackgroundColor'))
set(hObject,'BackgroundColor','white');
end

January 10, 2020 85

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
function Cover_image_edit_Callback(hObject, eventdata, handles)
function Cover_image_edit_CreateFcn(hObject, eventdata, handles)
if ispc && isequal(get(hObject,'BackgroundColor'), get(0,'defaultUicontrolBackgroundColor'))
set(hObject,'BackgroundColor','white');
end

function edit6_Callback(hObject, eventdata, handles)

function edit6_CreateFcn(hObject, eventdata, handles)
if ispc && isequal(get(hObject,'BackgroundColor'), get(0,'defaultUicontrolBackgroundColor'))
set(hObject,'BackgroundColor','white');
end

% --- Executes on button press in Decrypt_pushbutton.

function Decrypt_pushbutton_Callback(hObject, eventdata, handles)

inputdnabases=char();
key=getappdata(0,'Values_of_boutput');
key = double(get(handles.onetime_pad_edit,'String'));
inputdnabases=getappdata(0,'Values_of_outputdnabases');
inputdnabases = double(get(handles.DNA_cipher_text_edit,'String'));
num = length(inputdnabases);
row=size(key,1);
for n=1:1:num
if(inputdnabases(n)==65)
bxor(n+n-1)=0;
bxor(n+n)=0;
else if (inputdnabases(n)==84)
bxor(n+n-1)=0;
bxor(n+n)=1;
else if (inputdnabases(n)==67)
bxor(n+n-1)=1;
bxor(n+n)=0;
else
bxor(n+n-1)=1;
bxor(n+n)=1;
end
end
end
end

January 10, 2020 86

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering
bkey=de2bi(key,8,'left-msb')
bxor
bxor1 = vec2mat(bxor,8)
dxor=bi2de(bxor1,8);
bmsg=xor(bxor1,bkey) ;
%ma = vec2mat(m,8)
dmsg = bi2de(bmsg,'left-msb')
msg=char(dmsg)
set(handles.plaintext_edit,'String',msg')
clear all;

function onetime_pad_edit_Callback(hObject, eventdata, handles)

function onetime_pad_edit_CreateFcn(hObject, eventdata, handles)
if ispc && isequal(get(hObject,'BackgroundColor'), get(0,'defaultUicontrolBackgroundColor'))
set(hObject,'BackgroundColor','white');
end

function pushbutton4_Callback(hObject, eventdata, handles)

function plaintext_edit_Callback(hObject, eventdata, handles)

function plaintext_edit_CreateFcn(hObject, eventdata, handles)
if ispc && isequal(get(hObject,'BackgroundColor'), get(0,'defaultUicontrolBackgroundColor'))
set(hObject,'BackgroundColor','white');
end

function stegnalysis_DNA_cipher_edit_Callback(hObject, eventdata, handles)

function stegnalysis_DNA_cipher_edit_CreateFcn(hObject, eventdata, handles)
if ispc && isequal(get(hObject,'BackgroundColor'), get(0,'defaultUicontrolBackgroundColor'))
set(hObject,'BackgroundColor','white');
end

function DNA_cipher_text_edit_Callback(hObject, eventdata, handles)

function DNA_cipher_text_edit_CreateFcn(hObject, eventdata, handles)
if ispc && isequal(get(hObject,'BackgroundColor'), get(0,'defaultUicontrolBackgroundColor'))
set(hObject,'BackgroundColor','white');
end

function edit11_Callback(hObject, eventdata, handles)

if ispc && isequal(get(hObject,'BackgroundColor'), get(0,'defaultUicontrolBackgroundColor'))
set(hObject,'BackgroundColor','white');
end

January 10, 2020 87

Medical IoT Security using Combination of Cryptography and Steganography
MSc Thesis Faculty of Electrical and Computer Engineering

January 10, 2020 88

Medical IoT Security using Combination of Cryptography and Steganography