Hybrid Security Model for Medical Image Protection in Cloud

ABSTRACT


Introduction
Cloud computing is a model for delivering information technology services in which resources are retrieved from the internet through web-based tools and applications rather than a direct connection to a server [1].
Cloud technology has become ubiquitous in modern architectures, software design approaches, and various services that utilize other technologies [2]. The adoption of cloud computing has led to the development of three main service models: Platform as a Service (PaaS), Software as a Service (SaaS), and Infrastructure as a Service (IaaS) [3] [4]. In addition, cloud solutions can be classified into controls, and performing regular audits and assessments of security protocols [8].
Cloud computing standards provide practical guidelines for utilizing computational resources to deliver exceptional performance in various domains such as computing applications, telecommunication services, social networking, and web services [9]. One of the significant advantages of cloud computing is the availability of remote cloud storage, which allows users to access their data from anywhere at any time without any additional burden. However, the primary concern associated with cloud storage is security [10]. Data centres must have robust security mechanisms to ensure the integrity and confidentiality of data stored in the cloud. These mechanisms must be capable of protecting against unauthorized access, data breaches, and other potential security threats. Implementing security measures that can verify data storage perfection and data integrity for cloud storage is crucial. Despite the security challenges associated with cloud storage, the benefits of cloud computing are vast, and it remains an attractive option for organizations looking to optimize their IT infrastructure. Nonetheless, it is essential to implement stringent security protocols to ensure that the advantages of cloud computing are not offset by the risks that come with it. By doing so, organizations can leverage the full potential of cloud computing while minimizing the risks associated with cloud storage [11].
Cryptographic techniques are widely utilized to enhance data security in the cloud. These techniques involve encryption and decryption methods, which rely on distinct keys to protect data from unauthorized access. Two main types of cryptographic techniques are commonly used for data encryption: First, asymmetric key encryption utilizes specific public and private keys to encrypt and decrypt data. The public key is used for encryption, while the private key is used for decryption, ensuring that the data is secure from unauthorized access. Second, symmetric key encryption utilizes a single key for data encryption and decryption. This key is kept secret, and it must be shared with authorized parties to allow them to access the encrypted data [12]. By utilizing these cryptographic techniques, cloud providers can ensure the confidentiality and integrity of data, making it harder for attackers to gain access to sensitive information [13].
This research proposes a hybrid model of Advanced Encryption Standard (AES) and Elliptic Curve Cryptography (ECC) to ensure the security of data stored on the cloud without involving a third party. The proposed AES-ECC hybrid model is designed to provide efficient protection of the cloud storage system. The key advantage of this hybrid approach is the ability to reduce the key size of the data while maintaining the system's security in less time. While there are several existing authentication methods for cloud storage, many of them are computationally expensive and timeconsuming. The proposed AES-ECC hybrid model offers a more efficient alternative that can improve the security of the cloud storage system. By combining the strengths of AES and ECC, the proposed model provides a robust security solution that can protect against various security threats. Overall, the proposed hybrid model offers a practical and effective solution for securing data in the cloud without needing a third party.
The remaining sections of this paper are organized as follows. Section 2 provides the related studies, and Section 3 illustrates the security algorithms methodology. The proposed hybrid AES-ECC model is presented in Section 4, and Section 5 is about experimental results and discussions. In Section 6, the conclusion of the work is delivered.

Related works
Cloud storage is becoming increasingly popular because all users share resources simultaneously. Data owners choose it over other providers Because cloud storage is always accessible. For this reason, data integrity and preservation should be verified to boost system security.
The researchers in 2021 [14] proposed a method with AES and Data Encryption Standard (DES) algorithms that have been used to maintain user data individually and prevent conflict with other users to quickly and easily access their data while maintaining a high level of security.
In reference [15], Ressssceive Side Scaling (RSS) and ECC security algorithms were used in 2020 as a hybrid encryption system to protect data in the Software as Service (SaaS) model in the cloud.
An advanced cloud storage privacy paradigm was proposed in [4]. In this study, the blockchain technique and AES are combined to protect data with different data files in the cloud. The result shows a higher level of security than the already existing algorithms, more flexibility, less uploading and downloading time, and encryption and decryption time.
The researchers in 2023 demonstrated that the encryption of medical images and records and protecting the patient's privacy are legal responsibilities that the existing algorithms may not achieve optimally [16].
For this reason, in 2023, a modified AES algorithm was utilized [17]. The results show that modified AES is more secure than the standard AES for small file sizes. Such systems achieve excellent quality for transitioning from Paper Health Records (PHR) to Electronic Health Records (EHR).
In the study [15], hybrid methods for RSS and ECC are used. After the data have been compressed, some elements that require a signature are given to the elliptical curve authorities for message digestion and signing. ECC occasionally uses encrypted data for this function. The procedure of encryption decryption is carried out in the same way. Based on their superiority, hybrid RSS and ECC analysis algorithms are created.
Medical image encryption has become mandatory with the enhancement of cloud services and the Internet of Medical Things (IoMT) in 2022 [18]. For this reason, the authors suggested a 3D chaotic map system to protect the medical images and accomplish the best results. After a comparative study with the traditional security systems, the proposed method was trustworthy, offered high robustness, and recommended security levels for healthcare utilization. Finally, a two-level cryptographic approach and a strategy for enhancing information security in cloud processing were introduced in papers [19] [20]. The model makes use of both symmetric and uneven encryption calculation (AES and ECC) to enhance information security against intruders, preventing illegal access to natural resources, improving privacy and time taken to perform cryptographic tasks, and further developing the trust level of the client in the cloud and accelerating the use of more modest keys of ECC in the cryptographic interaction. Table 1 represents the comparative analysis of related work in detail papers [14][15][16][17][18][19][20]  Approach [14] Researchers proposed a method that utilizes AES and DES algorithms to ensure secure access and storage of individual user data in a cloud environment. [15] A hybrid encryption system was employed to secure data in the cloud's Software as a Service (SaaS) model, utilizing Receive Side Scaling (RSS) and ECC security algorithms. [16] The paper examines various security issues and cutting-edge methods to secure medical images for use with telemedicine systems. [17] A modified AES algorithm has been developed and found to be more secure than the standard AES algorithm for small files. [18] The authors proposed a 3D chaotic map system to protect medical images and achieve optimal results. The proposed method was reliable, offering high robustness and recommended security levels suitable for use in healthcare. [19] A new modulo function-based Lightweight Digital Signature Algorithm is proposed to ensure data integrity. This security framework provides high data security, accessibility and integrity for the user data. [20] Proposed data security in cloud computing using AES under Heroku cloud. The performance evaluation shows that AES cryptography is robust.

Security algorithms methodology 3.1 Defining AES (Advanced Encryption Standard)
AES is a symmetric key encryption algorithm that uses a fixed block size of 128 bits and key sizes of 128, 192, or 256 bits [21]. The algorithm works by repeatedly applying a set of mathematical operations, known as rounds, to the input data (the plaintext) and the encryption key. The number of rounds used in the encryption process depends on the key size [22].
The AES algorithm has several key features that make it crucial to be used to encrypt medical images in cloud storage.  [28]. AES is a widely used and accepted standard for symmetric key encryption and is considered very secure. It is used in various applications, including online transactions, secure communications, and data storage. However, AES encryption is vulnerable to certain types of attacks, such as side-channel attacks, and it should be used in conjunction with other security measures to provide complete security.
AES-256 is a specific variant of the AES encryption algorithm that uses a 256-bit key. The encryption process of AES-256 is similar to that of other AES variants but with a few key differences.
The following are the main steps for the AES encryption algorithm [29][30]. Due to the larger key size, AES-256 is considered to be even more secure than AES-128 or AES-192. However, it is also slower and more resource-intensive to implement. It is essential to use AES-256 and other security measures to provide complete security.
AES-256 can be effectively used to secure medical images. It provides a high level of security, making it difficult for an attacker to decrypt the data without the correct key. Medical images are often sensitive, and personal information needs to be protected from unauthorized access; AES-256 can encrypt the images before they are transmitted or stored [31].
Additionally, AES-256 encryption can be used to ensure compliance with regulations such as Health Insurance Portability and Accountability Act (HIPAA), which requires that medical images be secured to protect patient privacy [32].
However, encryption is just one aspect of securing medical images, and other security measures such as access control, secure storage, and regular backups should also be implemented.

Defining ECC (Elliptic Curve Cryptography)
ECC is a public-key cryptography based on the mathematics of elliptic curves [33]. It is a relatively new technique that is becoming increasingly popular due to its ability to provide the same level of security as Rivest-Shamir-Adleman (RSA), a widely used public-key algorithm with much smaller key sizes making ECC more efficient and less prone to attack.
Here is a general overview of the ECC cryptographic algorithm [34].
1. Select a specific elliptic curve (e.g., National Institute of Standards and Technology (NIST) P-256). 2. Generate a private key, typically a random number, which will be used to derive the public key. 3. Derive the corresponding public key by performing a mathematical operation on the private key and a fixed point (generator) on the curve. 4. To encrypt a message, the sender will use the recipient's public key to encrypt the message. 5. To decrypt the message, the recipient will use their private key to decrypt the message. 6. To sign a message, the sender will use their private key to generate a signature for the message.
7. To verify the signature, the recipient will use the sender's public key to check the signature. ECC is considered more secure than RSA, as it is more challenging to factorize large integers, which is the basis of RSA security [35] [36]. ECC is also more efficient and requires smaller key sizes to provide the same level of protection, which makes ECC particularly well-suited for use in applications such as cloud services and the Internet of Things (IoT), where computational resources are limited [37].

Hybrid proposed model
AES-ECC hybrid model can be considered an advanced, effective and popular encryption technique to secure sensitive images in cloud storage. AES is a symmetric key encryption algorithm widely used for encrypting data. It uses the same key for encryption and decryption, making it fast and efficient. By encrypting the medical images using AES, hybrid algorithms ensure that the images are protected from unauthorized access during storage and transmission. On the other hand, ECC is an asymmetric key encryption algorithm that uses a pair of keys: a public key for encryption and a private key for decryption. ECC is known for its security and efficiency for key sizes much smaller and faster than RSA and DSA, popular algorithms for key generation. Additionally, while RSA is a popular algorithm for key generation, ECC is better suited for generating AES keys for image encryption and decryption in cloud storage due to its superior security, efficiency, key exchange capabilities, and scalability. ECC's smaller key size makes it more secure than RSA while also requiring fewer computational resources for faster processing of large image files.
By generating the AES key with 256 bits using ECC, the hybrid algorithms ensure that only authorized users, who hold the corresponding ECC private key, can decrypt the images, preventing unauthorized access to the images, even if an attacker could access the encrypted images in the cloud.
The pseudocode for the hybrid AES-ECC model is shown below.
Step 1: Generate an elliptic curve key pair (private key and public key) private key = ECC.generate_private_key () public key = ECC.generate_public_key(private_key) Encryption process Step 2: Generate a shared secret using the recipient's public key shared_secret = ECC.generate_shared_secret(recipient_public _key, private_key) Step 3: Use the shared secret to generate an AES key aes_key = AES.generate_key(shared_secret) Step 4: Use the AES key to encrypt the image encrypted_image = AES.encrypt(image, aes_key) Step 5: Store the encrypted image in cloud storage cloud_storage.store(encrypted_image) Decryption process Step 6: Retrieve the encrypted image from cloud storage encrypted_image = cloud_storage.retrieve() Step 7: Use the shared secret to regenerate the AES key aes_key = AES.generate_key(shared_secret) Step 8: Use the AES key to decrypt the image decrypted_image =AES.decrypt(encrypted_image, aes_ke y) The contribution of this work, as shown in Figure 1, is the development of a secure and efficient medical image encryption and decryption model by combining the strengths of AES and ECC encryption algorithms. This hybrid model is designed to prevent unauthorized access to sensitive images in the cloud by using a shared secret generated by ECC, which is used to generate an AES key that encrypts the image. The use of ECC provides an additional layer of security as the image can only be decrypted by authorized users who hold the corresponding ECC private key that prevents unauthorized access to sensitive images, even if an attacker gains access to the encrypted images in the cloud. The proposed hybrid AES-ECC model can be applied in various applications that require secure image encryption and decryption, such as medical imaging, military and defence, and financial institutions.
The hybrid model was used to test Medical Segmentation Decathlon (MSD) dataset images with different resolutions. This model has been tested in a Python environment and hosted on Hostinger, one of the high availabilities, scalability, affordable pricing, and easy-to-use cloud hosting with the following specifications.

Results and discussion
This section compares the hybrid AES-ECC model system with traditional AES and other hybrid systems.
This study aims to determine each technique's encryption and decryption speeds under consideration for various image sizes. The throughput and the average encryption and decryption times for the hybrid AES-ECC model and the traditional AES and AES-RSA model were measured.
AES-ECC implemented faster encryption and decryption in the cloud storage, as clear in Tables 2 and 3. The standard AES took 27623, 30034, and 35998 ms to encrypt the three different file sizes (559 kb, 636 kb and 910 kb), which were selected randomly from the dataset mentioned in section 4 and tested in the experiment. Comparatively, the Hybrid AES-ECC Model's encryption times for the same file sizes were 23335, 26231, and 32997ms, respectively. In addition, the standard AES decryption took 28901, 30921, and 41830 ms for the various provided file sizes, respectively. On the other hand, the Hybrid AES-ECC Model took 24735, 27132, and 34692 ms to decrypt the selected image file.  The results obtained from the experiments reveal that the proposed hybrid model algorithm offers significantly better performance than the traditional Advanced Encryption Standard (AES) algorithm in terms of encoding and decoding time for medical images of varying sizes. Tables 2 and 3 provide detailed insights into the encoding and decoding time for different file sizes. As evident from the results, the proposed hybrid model significantly improves both encoding and decoding time compared to the traditional AES algorithm.
Specifically, the proposed hybrid model algorithm shows an average encoding time of 3697.33ms, which is lower than the traditional AES algorithm. Similarly, the proposed algorithm demonstrates an average decoding time of 5031ms, which is also lower than the traditional AES algorithm. These results highlight the efficiency and effectiveness of the proposed hybrid model algorithm in securing medical images with minimal processing time.
The present study also compared the proposed AES-ECC model and another hybrid model, AES-RSA. The findings revealed that the AES-ECC model outperformed the AES-RSA model in terms of computational efficiency and encryption and decryption times. Specifically, the AES-ECC model recorded an average time used in encoding for all file sizes that was considerably lower than that of the AES-RSA model, as evidenced by the results presented in Table 4. Similarly, Table 5 demonstrated that the average time used in decoding for all file sizes was significantly lower for the AES-ECC model than the AES-RSA model.
Moreover, the comparison revealed that the AES-ECC model used smaller key sizes than AES-RSA to achieve the same level of security, indicating the superiority of ECC over RSA in terms of security. The results also showed that the AES-ECC model was more suitable for cloud storage due to its scalability in handling large amounts of data. Overall, the present findings suggest that the proposed AES-ECC model can provide improved security, efficiency, and speed for the encryption and decryption of medical images in cloud storage compared to the AES-RSA hybrid model.  Considering the data in Tables 2-5, the throughput for hybrid AES-ECC for the selected image sizes are 0.025495682 and 0.024318673, while 0.022476109 and 0.020707905 are recorded for standard AES, respectively. However, AES-RSA throughputs were 0.02368202 and 0.022022975.
The results indicate that the hybrid AES-ECC has a greater throughput than others. The present study was subjected to comparison with the previously conducted studies [38] and [39]. The outcome of the comparative analysis revealed that this study exhibited superior performance compared to the existing investigations.

Conclusions
IT-related services such as cloud computing provide efficient services regardless of the user's knowledge about technology. Cloud services offered by third-party providers via the internet allow for easy storage, management, improvement, and data access via a cloud interface, regardless of user location. The drawback of cloud services in sensitive states is the low data security which may be overcome through special strategies. An improved image encryption scheme based on MAE-ECC as the hybrid system is suggested in this paper because protecting medical image information is a legal requirement. AES resolves the hard calculation issue, and ECC is used for symmetric key sharing. In summary, the results of hosting the proposed AES-ECC system demonstrated its superior performance in terms of encryption and decryption time compared to the standard AES and another hybrid system. Finally, the proposed algorithm can offer a highly efficient and effective solution for encrypting large medical images with enhanced security measures, which could have significant implications for medical data storage and sharing in the cloud.