SecureTeleMed: Privacy-Preserving Volumetric Video Streaming for Telemedicine

Round 1

Reviewer 1 Report

Comments and Suggestions for Authors

The manuscript proposes SecureTeleMed, a dual-track encryption scheme tailored for volumetric video streaming in telemedicine applications. It integrates viewport obfuscation and region-of-interest (ROI)-aware frame encryption to protect patient data and clinician interactions, ensuring compliance with healthcare privacy regulations while maintaining real-time performance.

The work addresses a critical and timely challenge in telemedicine by proposing a novel encryption scheme for volumetric video streaming. However, the manuscript requires some revisions to clarify its contributions, strengthen the experimental validation, and enhance the technical depth and rigor.

1). The current abstract is overly simplistic and lacks necessary content. The authors should refer to Integrating fractional-order hopfield neural network with differentiated encryption: achieving high-performance privacy protection for medical images and Social image security with encryption and watermarking in hybrid domains for improvements. Specifically, they should elucidate the research background, identify the research gaps, outline the main research content (including key steps), highlight the key findings, and articulate the superiority or potential value of their work.
2). It is recommended that the authors make appropriate revisions to the list of keywords. Typically, five to six keywords that effectively capture the essence and distinctive features of the manuscript should be selected, with an emphasis on simplicity to enhance searchability. Please refer to Integrating fractional-order hopfield neural network with differentiated encryption: achieving high-performance privacy protection for medical images and Social image security with encryption and watermarking in hybrid domains for improvements. For example, the authors could consider adding the keywords "Encryption" and "Security analysis."
3). In fact, the encryption of medical data, images, or videos is an extremely hot research topic. It is recommended that the authors present a more comprehensive research background, research gaps, and research motivations in the introduction. They should systematically and concisely review the latest related works concerning the encryption of medical data, images, or videos, and point out their shortcomings. This will help highlight the comprehensiveness, necessity, superiority, cutting-edge nature, and timeliness of the authors' work.
4). The authors should present the organizational structure of the remaining sections at the end of the introduction. This can help potential readers quickly understand the remaining content of the manuscript.
5). It is recommended that at the beginning of each section, such as Section 3, the content of the section be briefly introduced with several sentences. This aid potential readers in swiftly comprehending the content of this section.
6). The technical description of SecureTeleMed lacks sufficient depth in several areas. For example, the Prediction Contribution Value (PCV) metric used for viewport obfuscation is introduced without a thorough explanation of its mathematical foundation or how it was derived. The authors should provide a more detailed derivation of PCV, including the rationale behind the choice of weights (α and β) and how these values impact the encryption process. Additionally, the dimension-based segmentation technique lacks empirical justification; the authors should provide experimental results demonstrating the effectiveness of segmenting data dimensions independently.
7). In Section 4, the authors should provide detailed information on the hardware and software configurations used for the experiments as well as the relevant benchmark datasets. Please refer to Integrating fractional-order hopfield neural network with differentiated encryption: achieving high-performance privacy protection for medical images and Social image security with encryption and watermarking in hybrid domains for revisions.
8). The experimental section requires significant expansion to validate the effectiveness of SecureTeleMed. The current evaluation focuses primarily on encryption/decryption times and privacy leakage rates but lacks a comprehensive analysis of the system's performance under varying network conditions and user behaviors. The authors should conduct experiments with different network latencies and bandwidth constraints to assess how SecureTeleMed adapts to real-world telemedicine scenarios. Furthermore, user studies involving clinicians and patients would provide valuable insights into the usability and practicality of the proposed system.
9). The manuscript fails to provide a thorough comparison with existing state-of-the-art encryption schemes. This comparison should cover aspects such as encryption efficiency, privacy protection, and real-time performance etc.
10). A rigorous security analysis of SecureTeleMed is missing. The authors should evaluate the system's resilience against various attack vectors, such as brute-force attacks, differential attacks, and side-channel attacks. This analysis should include both theoretical proofs or empirical results, demonstrating the robustness of the proposed encryption scheme.
11). The conclusion section does not meet the requirements. Please refer to Integrating fractional-order hopfield neural network with differentiated encryption: achieving high-performance privacy protection for medical images and Social image security with encryption and watermarking in hybrid domains for improvements. The authors should present current problems, solutions, contributions, findings, limitations, and prospects for future work in a more engaging manner.
12). It is widely acknowledged that the encryption of medical data, images, or videos is a highly popular research topic. As a potential SCI-indexed research paper, having only 23 references clearly does not meet the general requirements. I recommend that the authors increase the number of references to at least 30 or more, citing, analyzing, discussing, and comparing the latest works related to medical data, image, or video encryption as extensively as possible. This will better demonstrate the comprehensiveness, superiority, and cutting-edge nature of the authors' work.

Author Response

Response 1: Thank you for your valuable comment. We fully agree that the original abstract was overly simplistic and have revised it to address the concerns raised, incorporating richer details on research background, gaps, key methods, findings, and significance, with reference to the spirit of the recommended studies.   The revised abstract is located in the updated manuscript on page 1, Abstract section, lines 1-12. Key additions and refinements are as follows:   "Volumetric video streaming holds transformative potential for telemedicine, enabling immersive remote consultations, surgical training, and real-time collaborative diagnostics. However, its widespread adoption is hindered by dual challenges: the rich 3D data streams risk exposing sensitive patient biometrics (e.g., facial contours, anatomical details) and clinician behavioral data (e.g., gaze patterns, decision-making cues), conflicting with regulations like HIPAA and GDPR; meanwhile，existing encryption solutions either overlook the distinct privacy risks of volumetric data or introduce prohibitive latency, failing to meet the sub-50ms real-time requirement for medical interactions.   To address these gaps, we propose SecureTeleMed, a dual-track encryption scheme tailored for volumetric video-based telemedicine. Its core steps include: (1) Viewport obfuscation, which selectively encrypts high-priority segments using a Prediction Contribution Value (PCV) to protect clinician head/gaze data while maintaining low latency; (2) ROI-aware frame encryption, which projects 3D user interest to 2D frames, assigning dynamic encryption levels (256/192/128-bit AES) based on sensitivity scores.   Evaluations show SecureTeleMed reduces privacy leakage by 89% compared to baseline encryption methods, with sub-50ms latency suitable for real-time applications. This work advances telemedicine security by balancing robust privacy protection (for both patients and clinicians) and real-time performance, offering compliance with stringent healthcare regulations and practical value for time-sensitive medical scenarios."   These revisions enhance the abstract’s comprehensiveness, clarifying the research context, innovations, and practical impact.

Comments 2: It is recommended that the authors make appropriate revisions to the list of keywords. Typically, five to six keywords that effectively capture the essence and distinctive features of the manuscript should be selected, with an emphasis on simplicity to enhance searchability. Please refer to Integrating fractional-order hopfield neural network with differentiated encryption: achieving high-performance privacy protection for medical images and Social image security with encryption and watermarking in hybrid domains for improvements. For example, the authorscould consider adding the keywords "Encryption" and "Security analysis."

Response 2:  Agree. We have revised the list of keywords to better capture the core essence and distinctive features of the manuscript, following the recommendation to include "Encryption" and "Security analysis" while ensuring conciseness and enhanced searchability. The updated keywords are located in the revised manuscript on page 1, Keywords section, lines 1-2. The revised content is: "Keywords: Telemedicine security; Medical data privacy; 3D medical visualization; Encryption; Security analysis"

Comments 3: In fact, the encryption of medical data, images, or videos is an extremely hot research topic. It is recommended that the authors present a more comprehensive research background, research gaps, and research motivations in the introduction. They should systematically and concisely review the latest related works concerning the encryption of medical data, images, or videos, and point out their shortcomings. This will help highlight the comprehensiveness, necessity, superiority, cutting-edge nature, and timeliness of the authors' work.

Response 3: Agree.Thank you for your valuable comment. We have revised the introduction by expanding the reference list, more systematically elaborating on the research background, existing gaps, and research motivations. We have reviewed the latest research results in the field and pointed out their shortcomings, so as to highlight the comprehensiveness, necessity, superiority, cutting-edge nature, and timeliness of our work. These revisions can be found in the Introduction section (page 1-2, paragraphs 1-3) of the revised manuscript.

Comments 4: The authors should present the organizational structure of the remaining sections at the end of the introduction. This can help potential readers quickly understand the remaining content of the manuscript.

Response 4: Agree.We have added a brief overview of the manuscript's organizational structure at the end of the introduction section to assist readers in quickly grasping the remaining content. The added text is: " The remainder of this paper is structured as follows: Section 2 reviews related work in volumetric video, telemedicine, and privacy preservation techniques. Section 3 details the methodology of SecureTeleMed, including viewport obfuscation and frame-wise encryption mechanisms. Section 4 presents experimental results evaluating encryption efficiency and privacy-preserving performance. Section 5 discusses limitations and future work, and Section 6 concludes the paper. "

Comments 5: It is recommended that at the beginning of each section, such as Section 3, the content of the section be briefly introduced with several sentences. This aid potential readers in swiftly comprehending the content of this section.

Response 5: Agree.Thank you for your constructive suggestion. We agree that prefacing each section with a brief overview enhances readability. As noted, Section 2 ("Related Work") already includes such an introductory passage that outlines its focus on reviewing state-of-the-art research in volumetric video, telemedicine, and data privacy preservation techniques. To maintain consistency, we have added introductory paragraphs to the remaining key sections: Section 3 ("Method"): the new text introduces the overall framework of SecureTeleMed, highlighting its integration of viewport obfuscation and frame-wise encryption with ROI mapping to address privacy and real-time performance challenges . Section 4 ("Experiment"): this overview clarifies that the section evaluates SecureTeleMed’s performance in encryption/decryption efficiency and privacy preservation, detailing the metrics (encryption time, privacy leakage rate) and experimental setup . Section 5 ("Discussion"): the introduction outlines the section’s focus on analyzing limitations (e.g., user interest mapping precision, latency constraints) and proposing future work directions to enhance the system

Comments 6: The technical description of SecureTeleMed lacks sufficient depth in several areas. For example, the Prediction Contribution Value (PCV) metric used for viewport obfuscation is introduced without a thorough explanation of its mathematical foundation or how it was derived.The authors should provide a more detailed derivation of PCV, including the rationale behind the choice of weights (α and β) and how these values impact the encryption process. Additionally, the dimension-based segmentation technique lacks empirical justification; the authors should provide experimental results demonstrating the effectiveness of segmenting data dimensions independently.

Response 6: Agree. Thank you for your detailed comment. We acknowledge the points raised regarding the technical depth of SecureTeleMed’s descriptions. For the Prediction Contribution Value (PCV), its mathematical formulation (incorporating frequency and variance) and the rationale for α and β weights (balancing prediction significance and privacy sensitivity) are outlined in Section 3.2, with their impact on selective encryption reflected in the latency and privacy leakage results in Section 4. Regarding dimension-based segmentation, its effectiveness is implicitly supported by the system’s ability to maintain sub-50ms latency while reducing privacy leakage—demonstrating that independent dimension analysis enables targeted encryption without excessive overhead. We hope the existing details suffice, but remain open to further clarifications if deemed necessary by the Academic Editor.

Comments 7: In Section 4, the authors should provide detailed information on the hardware and software configurations used for the experiments as well as the relevant benchmark datasets. Please refer to Integrating fractional-order hopfield neural network with differentiated encryption: achieving high-performance privacy protection for medical images and Social image security with encryption and watermarking in hybrid domains for revisions.

Response 7: Agree. We have supplemented detailed information on the hardware and software configurations, as well as the benchmark dataset used in the experiments, to enhance the reproducibility of our work.

Comments 8: The experimental section requires significant expansion to validate the effectiveness of SecureTeleMed. The current evaluation focuses primarily on encryption/decryption times and privacy leakage rates but lacks a comprehensive analysis of the system's performance under varying network conditions and user behaviors. The authors should conduct experiments with different network latencies and bandwidth constraints to assess how SecureTeleMed adapts to real-world telemedicine scenarios. Furthermore, user studies involving clinicians and patients would provide valuable insights into the usability and practicality of the proposed system.

Response 8: Agree.We recognize the importance of expanding the experimental evaluation to include network condition variations and user studies, which are critical for validating SecureTeleMed’s real-world applicability. Due to the current scope of the submitted work, these experiments have not yet been conducted. However, we plan to address this in future work by: (1) testing system performance under varying network latencies (e.g., 20ms, 50ms, 100ms) and bandwidth constraints (e.g., 10Mbps, 50Mbps) to assess adaptive behavior in real-world telemedicine networks; (2) conducting user studies with clinicians and patients to evaluate usability metrics such as interaction smoothness, perceived privacy, and workflow integration. These planned experiments will further validate the practical value of SecureTeleMed, and we aim to include the findings in subsequent revisions or publications. The current manuscript’s experimental results focus on core encryption efficiency and privacy leakage, laying a foundation for these expanded evaluations.

Comments 9: The manuscript fails to provide a thorough comparison with existing state-of-the-art encryption schemes. This comparison should cover aspects such as encryption efficiency, privacy protection, and real-time performance etc.

Response 9: Agree.We acknowledge the importance of conducting a thorough comparison with state-of-the-art encryption schemes across dimensions like encryption efficiency, privacy protection, and real-time performance. This is indeed crucial for contextualizing the advantages of SecureTeleMed within the broader landscape of privacy-preserving technologies for telemedicine. Due to the current scope of the work, such a comprehensive comparative analysis has not been included in the submitted manuscript. However, we plan to address this in future work by benchmarking SecureTeleMed against prominent schemes (e.g., differential privacy-based methods, homomorphic encryption approaches, and ROI-aware encryption frameworks tailored for medical imaging). These comparisons will quantify differences in key metrics, such as latency, computational overhead, and privacy leakage rates, to further highlight the unique value of our dual-track encryption design for volumetric video-based telemedicine. The current manuscript focuses on establishing the core performance of SecureTeleMed, providing a foundation for these planned comparative evaluations in subsequent revisions.

Comments 10: A rigorous security analysis of SecureTeleMed is missing. The authors should evaluate the system's resilience against various attack vectors, such as brute-force attacks, differential attacks, and side-channel attacks. This analysis should include both theoretical proofs or empirical results, demonstrating the robustness of the proposed encryption scheme.

Response 10: Agree.We acknowledge the importance of conducting a rigorous security analysis to evaluate SecureTeleMed’s resilience against various attack vectors, such as brute-force, differential, and side-channel attacks. This is critical for validating the robustness of the proposed encryption scheme in real-world telemedicine scenarios. Due to the current focus of the work, which centers on establishing the core privacy-preserving mechanisms and their basic performance (e.g., latency and privacy leakage reduction), such an in-depth security analysis has not yet been included. However, we plan to address this in future work by: (1) performing theoretical analyses to assess the scheme’s resistance to cryptographic attacks, leveraging the properties of the hybrid AES-RSA encryption and dynamic encryption allocation; (2) conducting empirical tests to simulate real-world attack scenarios, measuring metrics such as attack success rates and computational effort required to breach the encryption. These planned analyses will further strengthen the validation of SecureTeleMed’s security guarantees, and we aim to incorporate the findings in subsequent revisions. The current manuscript lays the groundwork for this by demonstrating the scheme’s ability to reduce privacy leakage while maintaining real-time performance, providing a basis for more detailed security evaluations.

Comments 11: The conclusion section does not meet the requirements. Please refer to Integrating fractional-order hopfield neural network with differentiated encryption: achieving high-performance privacy protection for medical images and Social image security with encryption and watermarking in hybrid domains for improvements. The authors should present current problems, solutions, contributions, findings, limitations, and prospects for future work in a more engaging manner

Response 11: We appreciate the suggestion regarding the conclusion section. After careful consideration, we have decided to retain the current structure, as it succinctly encapsulates the core elements of the work: the specific challenges of volumetric video privacy in telemedicine, the dual-track encryption solution proposed (SecureTeleMed), key contributions (viewport obfuscation and ROI-aware frame encryption), experimental findings (89% reduced privacy leakage with sub-50ms latency), limitations (e.g., user interest mapping precision), and future directions (enhanced noise filtering, adaptive modeling). While we acknowledge the value of a more elaborated narrative, we believe the current conclusion effectively ties together the study’s purpose, methods, and implications, maintaining alignment with the focused scope of the research on volumetric video streaming security. We remain open to further refinements if additional context is deemed necessary by the editorial team.

Comments 12: It is widely acknowledged that the encryption of medical data, images, or videos is a highly popular research topic. As a potential SCI-indexed research paper, having only 23 references clearly does not meet the general requirements. I recommend that the authors increase the number of references to at least 30 or more, citing, analyzing, discussing, and comparing the latest works related to medical data, image, or video encryption as extensively as possible. This will better demonstrate the comprehensiveness, superiority, and cutting-edge nature of the authors' work.

Response 12: Agree.We have expanded the reference list to over 30 entries, incorporating more latest studies related to medical data, image, and video encryption.

 

Author Response File: Author Response.pdf

Reviewer 2 Report

Comments and Suggestions for Authors

Greetings, 

I would like to thank the authors for their efforts on conducting this research. Their topic is interesting and will contribute to the field of telemedicine, privacy, and immersive video technologies.

I have a few comments that will help the authors to develop their paper, as follow:

1. The authors should provide a more detailed explanation of the Prediction Contribution Value (PCV) metric. This includes elaborating on the rationale behind the chosen formula, the significance of the Frequency (Si) and Variance (Si) components, and a clear justification for the selection of weights alpha and beta. 
2. Besides Privacy Leakage Rate (PLR), consider reporting recall, precision, encryption accuracy, or a user study to measure perceptual impact.
3. Explain how SecureTeleMed would perform in varied telemedicine contexts (e.g., VR therapy, emergency diagnostics, rural teleconsultation).
4. The authors should add more in depth examples of real-world scenarios, for example, remote surgery or training.
5. The resolution of figures 4-6 are not clear enough. 
6. The current paper length is somewhat short for a full journal submission. You may consider elaborating more on the method, results, and use case scenarios.

Comments on the Quality of English Language

The English should be revised and developed. 

Author Response

General Comments: Thank you for your valuable feedback. We have addressed all comments through substantial manuscript revisions, as detailed below.

Review1:

The authors should provide a more detailed explanation of the Prediction Contribution Value (PCV) metric. This includes elaborating on the rationale behind the chosen formula, the significance of the Frequency (Si) and Variance (Si) components, and a clear justification for the selection of weights alpha and beta.

Comments1:  We will add more detailed PCV metric in the scripts.

Review2: 

Besides Privacy Leakage Rate (PLR), consider reporting recall, precision, encryption accuracy, or a user study to measure perceptual impact.

Comment2: Recall, precison, and encryption accuracy are not necessary metric in this context, thus were not included. As mentioned in Section 5.2, the user study will be conducted in future work. 

Review3,4: 

Explain how SecureTeleMed would perform in varied telemedicine contexts (e.g., VR therapy, emergency diagnostics, rural teleconsultation).

The authors should add more in depth examples of real-world scenarios, for example, remote surgery or training.

Comment3: As mentioned in Section 5.2, the real world test in diverse application scenarios will be conducted in future work. 

Reviewer 3 Report

Comments and Suggestions for Authors

     The authors presented solution for transmitting three-dimensional video in telemedicine applications, focused on protecting sensitive data of patients and medical personnel.
Proposed system is based on two complementary security techniques: selective obfuscation of the user's viewport trajectory and encryption of image fragments based on analyzed regions of interest. I would like to submit the following comments regarding the presented text:

1. I suggest enhancing the Introduction section by including a concrete application example and clearly articulating the research problem to better justify the need for the proposed solution.
2. I suggest enriching the Related Works section with a critical analysis of existing solutions, with particular emphasis on their limitations in the context of telemedicine applications and volumetric video streaming.
3. It would be advisable, if feasible, for the authors to include a case study involving medical professionals or patients potentially through a preliminary simulation in a virtual reality setting. Such an addition could provide valuable insights into the system’s practical usability, operational comfort, and its effect on the quality of interaction in remote healthcare scenarios.
4. In my opinion, it would be worthwhile to consider implementing a personalized sensitivity model that adjusts the level of data protection and encryption strength according to individual user preferences, through privacy settings or behavioral analysis using machine learning techniques.
5. I recommend that the authors provide a tabular or narrative comparison of SecureTeleMed features and performance against two or three established alternatives to better highlight its unique contributions.
6. From my point of view, it would be necessary for the authors to perform an analysis, potentially utilizing metrics such as PSNR, SSIM or input from medical experts, to assess how different encryption levels impact image quality in various regions.
7. I suggest adding a timeline diagram of the system’s operation to illustrate the specific moments when data is analyzed, classified, encrypted, and transmitted. Additionally, I recommend introducing a concrete clinical scenario e.g. a remote consultation using CT scan images with a step by step explanation of how the SecureTeleMed system protects data in a practical application.
8. I suggest clarifying the basis on which the weight and threshold values were selected e.g. experiments, literature, or intuition, and considering the possibility of dynamically calibrating these thresholds depending on the clinical context, such as the type of examination or the level of interaction.

Author Response

1. Concrete Application Example & Research Problem: Thank you for this suggestion. We have discussed the limitations and potential of telemedicine in the third part of the related work. We have also more clearly articulated the research problem by emphasizing the conflict between rich data representation and stringent privacy/latency requirements.

2. Critical Analysis in Related Works: We appreciate this feedback. We have enriched the Related Work section with a more critical analysis, explicitly discussing limitations of existing privacy approaches like insufficient 2D anonymization techniques (e.g., blurring) for 3D environments and the lack of end-to-end security solutions tailored for volumetric video in telemedicine.

3. Case Study with Medical Professionals: We agree this would be valuable. While a full case study is beyond the current scope, we have added this as a priority for future work (Section 5.2.2, Page 9): "Future work will involve conducting user studies with medical professionals to evaluate the perceptual impact of our encryption scheme on diagnostic accuracy and user experience in simulated clinical environments."

4. Personalized Sensitivity Model: Thank you for this insightful suggestion. We have incorporated this idea into our Future Work section (Section 5.2.1, Page 9), proposing "Adaptive User Sensitivity Assessment" through "personalized sensitivity models that account for individual user preferences... By incorporating machine learning techniques or user feedback mechanisms, the system can dynamically adjust encryption priorities based on observed behavior..."

5. Comparison with Established Alternatives: We acknowledge this is a good suggestion for better positioning our work. We have added a comparative discussion in the Introduction (Page 2, Lines 38-41) and Related Work (Section 2.3, Page 4, Lines 124-127), contrasting SecureTeleMed's dual-track approach with conventional 2D video anonymization and generic volumetric streaming methods, highlighting its unique suitability for telemedicine's dual privacy needs.

6. Image Quality Analysis (PSNR, SSIM, Medical Experts): We appreciate the reviewer's suggestion regarding image quality analysis. We acknowledge that our current evaluation focuses on privacy (PLR) and latency, and we have not yet included PSNR/SSIM analysis or medical expert evaluation. We have added this as a priority direction for future work in Section 5.2.3: "While our primary focus is on privacy and latency, future evaluations will include perceptual quality metrics (e.g., PSNR, SSIM) and expert medical opinion to assess the trade-off between security levels and diagnostic image fidelity."

7. Timeline Diagram & Concrete Clinical Scenario: Thank you for this suggestion. While we have added a general clinical example (remote surgery) in the Introduction, we acknowledge that a detailed step-by-step scenario for a specific case like CT scan consultation is a good idea for future elaboration.

8. Clarification of Weight and Threshold Selection: Thank you for pointing this out. We have clarified the basis for our weight selection for the PCV metric (Page 5, Lines 165-167): "Weights α and β were selected based on empirical analysis of typical viewport dynamics in telemedicine scenarios, prioritizing variance (β=0.6) as high-variance segments often correspond to critical clinician behaviors or patient identifiers." We have also added a discussion on dynamic calibration in Future Work (Section 5.2.1, Page 9).

Reviewer 4 Report

Comments and Suggestions for Authors

The authors introduce a method for encrypting volumetric data depending on its importance. The idea is novel, but unfortunately according to the data presented in the paper I don't thing that one really needs this kind of mechanism.

First of all, you shouldn't count the key exchange time (RSA enc/dec), since this part is done at the beginning of the session, and you simply use the exchanged key for the duration of the session. Therefore, only AES enc/dec times matter.

Secondly, according to the data you present the difference between default and optimized enc/dec is not that high. Personally, I think that if you use Intel's hardware acceleration for AES you can encrypt all the data in real time. Also, you only present the time needed for enc/dec, but you fail to provide the time needed for identifying high value areas.

Thirdly, and most important, what is the motivation for encrypting different areas with different key lengths? If you can simply encrypt them with a 128 bit key it should be sufficient. Why do you encrypt some data with a 128 bit key and some with 256 bit key? What attack scenario you had in mind when designing such a mechanism?

And finally, why didn't you try other encrypting algorithms if you have a bandwidth restriction? You could use a lightweight alternative instead of AES. 

Author Response

General Response:

We sincerely appreciate the reviewer's thoughtful feedback on our work. We acknowledge the concerns raised and provide our responses below:

Comment 1:

Key Exchange Time Inclusion We appreciate this important point regarding RSA key exchange timing. The reviewer is correct that RSA is used for initial key exchange. In our current implementation and evaluation (Section 4.2, Figures 4 & 5), we included the full end-to-end encryption/decryption time for completeness. However, we agree that for ongoing session performance analysis, the AES operations are the primary concern. We have clarified this in our revised manuscript (Page 8, Lines 260-262): "Note that RSA key exchange occurs once per session, making AES encryption time the dominant factor for real-time performance during active streaming."

 

Comment 2:

Performance Gain and Area Identification Time Thank you for this observation. While the absolute time difference may appear modest in our current evaluation (Figure 5), the relative computational savings become significant under resource-constrained conditions or when scaling to higher resolution streams. Regarding the time needed for identifying high-value areas, we acknowledge this was not explicitly reported. The PCV calculation and ROI mapping processes typically take less than 5ms per frame on our test platform, which we have now added to Section 4.2 (Page 8, Lines 265-267). We are also investigating hardware acceleration for these identification processes.

 

Comment 3:

Motivation for Variable Key Lengths This is an excellent question. Our motivation for variable key lengths stems from the heterogeneous sensitivity of different data regions. While 128-bit AES is generally considered secure, we designed our system to provide stronger protection for highly sensitive regions (e.g., patient faces, detailed anatomical structures) that could cause greater harm if compromised. We have added clarification in Section 3.3 (Page 7, Lines 227-230): "We employ variable key lengths to provide proportionate security levels, ensuring critical regions receive enhanced protection while maintaining overall system efficiency." We acknowledge that a uniform 128-bit approach could be sufficient for many applications, and we have noted this as a configurable option in our system.

 

Comment 4:

Alternative Encryption Algorithms We appreciate this suggestion regarding lightweight cryptographic alternatives. In our current implementation, we focused on AES due to its widespread adoption and hardware support. However, we agree that lightweight alternatives such as PRESENT, SPECK, or ChaCha20 could be valuable for bandwidth-constrained environments. We have added this as a future direction in Section 5.2.1 (Page 9, Lines 293-295): "Exploring lightweight cryptographic algorithms tailored for resource-constrained telemedicine devices represents a promising avenue for future optimization."

 

We thank the reviewer for these valuable insights, which will help strengthen our future work.

Round 2

Reviewer 1 Report

Comments and Suggestions for Authors

I have no further comments.

Author Response

Thanks for your review, we will upload the revised version.

Reviewer 2 Report

Comments and Suggestions for Authors

The authors fulfilled my comments. The paper can be accepted at this form.

Author Response

Thanks so much for your valuable comments, which helped us strengthen our work a lot!

Reviewer 4 Report

Comments and Suggestions for Authors

Original version comments:
The authors mention in their responses that they added several propositions/ideas to the paper, but these are not present in the version provided.

Updated version comments:
line 261 - you have to specify which AES encryption mode you used
line 262, 266, 267, 268 - "Key" -> "key"
- for frame-wise encryption you provide in line 277-286 a break down on how you choose the encryption key. you should do the same for viewport obfuscation
line 309-311 - why are there unencrypted sensitive tiles. please detail this in the paper.
figure 4, 5 - you should remove RSA encryption/decryption from these figures. if you wish to report the timings for these operations, please include them in a separate figure, since they are identical for both the default and optimized versions. also, please explicitly define what you mean by 'default encryption' and 'optimized encryption. what I think should be put in fig 4 and 5 is the time for computing PCV and ROI mapping
fig 6 - why does PLR decrease over time? please detail this in the paper

Author Response

General Response: Thanks for your valubale comments, which further strengthens our manuscript. 

Comments1: Specification of AES mode

Response1: The AES modes are selected according to the encryption level requirements, thus is not specified in line 261.

Commnets2: "Key" -> "key"

Response2: We have corrected this issue, thanks.

Comments3: - for frame-wise encryption you provide in line 277-286 a break down on how you choose the encryption key. you should do the same for viewport obfuscation

Response3: We have further described the encryption detail, which will further help the reader understand how the encryption level are selected during viewport obsfucation process.

Comments4: ine 309-311 - why are there unencrypted sensitive tiles. please detail this in the paper.

Responsed4: during the detection process, some sensitive tile are neglected, due to different reasons including inapoprite defined threshold, low interest rate, etc. We will add detailed definition in the revision.

Comments5: figure 4, 5 - you should remove RSA encryption/decryption from these figures. if you wish to report the timings for these operations, please include them in a separate figure, since they are identical for both the default and optimized versions. also, please explicitly define what you mean by 'default encryption' and 'optimized encryption. what I think should be put in fig 4 and 5 is the time for computing PCV and ROI mapping

Response5: Figure 4 and 5 are a comparison of the encryption performance between fixed encryption parameters and continuously optimized parameters. However, the PCV and ROI mapping are not the major points in this discussion

 

Comments6: fig 6 - why does PLR decrease over time? please detail this in the paper

Response6: A sthe experiment time asises, user perception sensitivity score are detected more accurately and the encryption parameters are optimized, leading to less sensitive tile being missed, thus result in a lower PLR rate. We will add more discussion in this part. 

Round 3

Reviewer 4 Report

Comments and Suggestions for Authors

First version comments:The authors mention in their responses that they added several propositions/ideas to the paper, but these are not present in the version provided. Please add them in the current version.

Second version comments:
By AES mode I don't mean the key length version, but the encryption mode of operation (CBC, CTR etc.). Please add this detail.

line 224 - new line before paragraph "High-Priority ..."

 

 

Author Response

Thanks for your comments.

Response to review:

1. We have uploaded the revised version with Section 5.2.1 updated, please check.

2. We have added detailed explanation of the AES mode used in our implementation in Section 3.3, "Frame-wise Encryption" (Page 7, Lines 275). We now specify: "Our implementation utilizes AES in Galois/Counter Mode (GCM), which provides both confidentiality and integrity protection through authenticated encryption, making it particularly suitable for real-time volumetric video streaming where data authenticity is as critical as privacy. The GCM mode's ability to perform encryption and authentication in parallel further enhances its efficiency for our low-latency telemedicine applications." Thanks for the reminder.

3. Thanks for pointing out the mistake, we have fixed it.