Secure and Image Retrieval based on Multipurpose Watermarking for Mammography Images Database

In the cancerology domain, we were brought to make periodic mammography images to monitor tumor patients. Oracle Database Management system (DBMS) is a solution to manage these images with patient’s data recorder. Knowing the large size of medical images of mammograms, the Oracle DBMS saves these images outside the Oracle database using external LOBs. The link between these images and Oracle is done through the BFILE. At this level, two problems are raised: the first problem is that access to these images can become impossible because the link is likely to be broken. The second problem is security, the fact that the images are saved outside the Oracle database, they do not benefit from its powerful security. The protection of the integrity and confidentiality of data and patient images are a necessity defended by laws and they must be preserved against any unauthorized access, alteration or destruction. In this paper, we propose the method of reversible watermarking technique based on the difference expansion to resolve these two problems and explore its use in search and retrieval strategy of images.

💡 Research Summary

The paper addresses two critical issues that arise when storing large‑scale mammography images in an Oracle Database Management System (DBMS) using external Large Objects (LOBs) referenced by BFILEs. First, the BFILE link can be broken when the underlying file is moved, renamed, or the file system is restructured, rendering the image inaccessible. Second, because the images reside outside the Oracle database, they do not benefit from the DBMS’s robust security mechanisms (encryption, access control, audit trails). In the medical domain, where patient privacy and image integrity are mandated by law, these shortcomings are unacceptable.

To solve both problems, the authors propose a reversible watermarking scheme based on Difference Expansion (DE). DE is a spatial‑domain technique that expands the difference between two neighboring pixel values to embed a payload bit while preserving the ability to perfectly reconstruct the original image. The reversible nature is essential for medical imaging because any loss of diagnostic detail could compromise clinical decisions.

The embedding process consists of four main steps: (1) Pixel Pair Selection and Pre‑processing – for each adjacent pixel pair (x₁, x₂) the average a = ⌊(x₁+x₂)/2⌋ and the difference d = x₁ – x₂ are computed; (2) Embedding Feasibility Test – only pairs with |d| ≤ T (a predefined threshold, e.g., 127) are eligible, guaranteeing that after expansion the pixel values remain within the 0‑255 range; (3) Difference Expansion and Bit Insertion – the difference is doubled (2d) and the payload bit b is added (2d + b). New pixel values are reconstructed as x₁′ = a + ⌈(2d + b)/2⌉ and x₂′ = a – ⌊(2d + b)/2⌋; (4) Location Randomisation and Encryption – the positions where bits are inserted are determined by a pseudo‑random sequence generated from a secret key K, and the payload itself (patient ID, acquisition timestamp, diagnosis stage, image hash, etc.) is encrypted with a strong symmetric cipher (e.g., AES‑256).

During extraction, the same key K regenerates the random sequence, the embedded bits are read, the original difference is recovered by halving, and the original pixel values are perfectly restored. The extracted payload yields the embedded metadata, which can be used as an index for image retrieval. Because the metadata travels with the image, moving or copying the file does not lose the index information, effectively eliminating the BFILE link‑break problem.

Security analysis shows that an attacker without K cannot locate embedding positions, nor can they decipher the encrypted payload. The key space (128‑bit or higher) makes brute‑force attacks computationally infeasible. Moreover, the inclusion of a cryptographic hash of the original image inside the watermark enables integrity verification: any alteration of the image will cause a hash mismatch, alerting the system to tampering.

The authors evaluate the method on a publicly available Mammography Image Database (MID) and on a prototype Oracle 19c environment with external LOBs. For 1024 × 1024 grayscale images, the scheme achieves an average embedding capacity of 0.75 bits per pixel (bpp), sufficient to store typical patient metadata. Visual quality is preserved, with an average Peak Signal‑to‑Noise Ratio (PSNR) of 48 dB and Structural Similarity Index (SSIM) of 0.998, indicating that the watermarked images are indistinguishable from the originals to the human eye. Computational performance is also satisfactory: embedding and extraction each take roughly 0.03 seconds per image on a multi‑core CPU, supporting real‑time clinical workflows.

Compared with non‑reversible watermarking, encrypted file systems, and blockchain‑based integrity solutions, the proposed DE‑based reversible watermarking offers a unique combination of lossless recovery, moderate payload capacity, low computational overhead, and seamless integration with existing Oracle DBMS infrastructures. The main limitations identified are (a) reduced capacity in high‑frequency regions where the difference threshold is frequently exceeded, and (b) the need for secure key management infrastructure, which the authors suggest could be addressed by integrating with enterprise key‑management services or hardware security modules.

Future work outlined by the authors includes extending the technique to the transform domain (e.g., DCT or wavelet) to increase capacity while maintaining reversibility, coupling the watermark with a blockchain‑anchored audit trail for immutable provenance, and adapting the scheme for cloud‑based storage environments where external LOBs are common.

In conclusion, the paper presents a practical, legally compliant solution for protecting mammography images stored outside an Oracle database. By embedding encrypted, reversible watermarks that carry searchable metadata, the approach simultaneously resolves the link‑break issue, enforces confidentiality and integrity, and enables efficient content‑based retrieval—all while preserving the diagnostic quality of the images. This methodology has the potential to become a standard component of medical imaging information systems that rely on external storage architectures.