For ease to understand the proposed method, the values of x1 through x6 used in Step 5(c) of Algorithm 1 and Step 2(3) of Algorithm 2 are taken to be constants. But for the purpose of preventing the embedded data from being forged, we also allow x1
through x6 for each block to be selected randomly within the allowed integer range of 0 xi < p (= 11) [56] by using a secret key. Accordingly, the probability of correctly guessing the selected values of x1 through x6 for a block is 1/[(11×10×9×8×7×6)] 3.006×106. Therefore, in an m×n cover image with a total of [m×n/(2×3)] = m×n/6 blocks, the aforementioned probability is 1/[(11×10×9×8×7×6)]mn/6 1/(3.006×106)mn/6, which is very small for common image sizes of mn. The detail of using a key K to choose random values for x1 through x6 is described as follows.
Step 1. Use K as the seed for a random number generator to get a number sequence R = r1, r2, ….
Step 2. For each image block, perform the following steps.
(1) Take an element rj from R in order.
(2) For each xi with i = 1 through 6, compute xi by xi = (rj)mod 11, and if the computed xi is equal to any of x1, x2, …, and xi, discard xi and go to Step 2(1) to re-compute another value.
In the process of later authentication, the same values of x1 through x6 for each block used in Algorithm 1 can be obtained in the same way.
Furthermore, resistance to possible attacks to the proposed authentication method is also considered. For this, the cut-and-paste attack proposed by Hollimon and Memon [60] is analyzed. The attack defeats certain block-based oblivious watermarking schemes by counterfeiting an existing watermark in an unwatermarked image without knowledge of the watermark insertion key. Specifically, given a watermarked image with n blocks, X = {X1, X2, …, Xn}, containing a watermark W, the attack proposed by Hollimon and Memon [60] is to allow an adversary to construct a counterfeit image also with n blocks, Y= {Y1, Y2, …, Yn}, such that the same watermark data can be extracted both from all Xi and Yi by using the same key where 1≦i≦n. Here the counterfeit image Y is an approximation of a target image Y.
It is mentioned that two image blocks Z1 and Z2 are said in [60] to be K-equivalent if DK(Z1) = DK(Z2) = W where DK denotes a watermark extraction function with a key K.
Accordingly, Xi and Yi' are K-equivalent here. A conclusion made in [60] says that embedding information into a host image in a block-wise independent fashion is vulnerable to the counterfeit attack.
However, the method proposed in this study is immune to such a type of counterfeit attack because the block dependence is established by distributing four partial shares q3 through q4 of each block to other randomly-chosen blocks in the alpha channel (See Step 8 of Algorithm 1). More specifically, as illustrated in Fig. 4.2 below, given a watermarked block B, even though an adversary may replace the content of B with that of another block C from which the same authentication data as those embedded in B can be extracted by the first two shares q1 and q2' (See Step 2 of Algorithm 2), yet after collecting four randomly-located partial shares q3 through q6' from other counterfeit blocks, block C will be checked to be counterfeit because the authentication signal extracted from any two partial shares out of q3 through q6' and that extracted from q1 and q2' will not match.
Fig. 4.2 Illustration of immunity of proposed method against cut-and-paste counterfeit attack.
Accordingly, those randomly-distributed partial shares, i.e., q3 through q6 of each block, are essential to the security consideration in the proposed method. The probability of correctly guessing the positions of all distributed partial shares is then analyzed as follows. As described in Algorithm 1, the first two pixels in the raster-scan order in each block in the alpha channel are reserved for keeping the first two of the six partial shares of this block, leaving the other four pixels of the block to keep four partial shares of other blocks located at random positions. That is, in an m×n cover image with a total of [(m×n)/(2×3)] = m×n/6 blocks, each block provides four pixel positions to keep partial shares from other blocks, yielding a total of k = (m×n/6)×4 candidate pixel positions to be randomly chosen by a secret key. As a result, for an adversary without the key to guess correctly the positions of all the randomly-distributed partial shares in a stego-image, the probability is 1/[k×(k
1)×…×1] = 1/k! This very small probability for the common image size of m×n means that it is infeasible to collect blindly the randomly-distributed partial shares to pass the check of authentication-signal consistency mentioned above. This also means that an adversary cannot simply select certain individual blocks, which are K-equivalent to corresponding blocks in the original image, to construct an effective counterfeit image [60].
Finally, it is mentioned that the authentication data may possibly be erased by discarding or modifying the content of the alpha channel without producing any alteration to the content of the intensity channel. How does the proposed method work for this case? First, the major concern of image authentication is to avoid a counterfeit image to pass the authentication process. This concern is different from that of
maintaining robustness in the application of copyright protection keeping a watermark such as a logo in a stego-image to survive attacks. Therefore, at an authentication side, if a stego-image is checked to include no alpha channel, it means the integrity of the stego-image is seriously lost. In other words, the alpha channel is regarded as a necessary part of the stego-image and discarding or modifying it without touching the intensity channel to deceive the authentication processes will fail.
Besides, in designing an image authentication method, it is expected that the method is not only capable of detecting noticeable alterations such as the aforementioned attack (removing the authentication data by eliminating the entire alpha channel) but also able to deal with sophisticated attacks which seem flawless, such as imperceptible content modifications made by painting, superimposing, cut-and-paste attacks, etc. The proposed method has taken theses cases into considerations.
4.6 Experimental Results
A. Experimental Results Using a Binary Comic Image
In Fig. 4.3(a), a PNG binary comic image with size 3.71 KB is taken to be the input image in the experiment. The corresponding stego-image with size 6.52 KB generated by the proposed method is shown in Fig. 4.3(b), which is visually identical to the cover image although authentication data have been embedded into the alpha channel of the stego-image. It is noted that the increase of the stego-image size is caused by the appended alpha channel. However, this state of a stego-image represented in such a PNG image may be regarded as a temporary transition, because the original 1-bit binary image can be obtained by removing the alpha channel and rescaling the sample depth of the stego-image after the authentication process is finished. In addition, Fig. 4.3(c) is given to show the opaque effect resulting from skipping Step 6 of Algorithm 1 which maps partial share values into the alpha channel value range of 244 through 254.
(a) (b) (c)
Fig. 4.3 Result of a binary comic image processed by proposed method. (a) PNG cover binary image of 216×324. (b) A stego-image with embedded data. (c) Another stego-image created without conducting partial share value mapping.
Two common image editing operations superimposing and painting were used to simulate tampering with the stego-image. Some tampered images yielded by the superimposing operation are presented in Fig. 4.4. It was found that the superimposing operation, like that provided by the image editing software Adobe Photoshop or Corel PhotoImpact destroys the content of the alpha channel values by replacing all the original alpha channel values at the attacked part with the new values of 255. Since the largest alpha channel values created by the proposed method is 254 (see Step 6 of Algorithm 1), all pixels with the unique values of 255 in the alpha channel plane may be easily detected as tampered by a modified version of Step 4 of Algorithm 2, which we describe as follows:
Step 4′ (Check of superimposing attacks and extraction of the hidden authentication data) Check if both q1′ and q2′ are 255; if so, then (1) regard the corresponding block B in I′ as tampered by superimposing, (2) mark B, B′, and all the partial shares embedded in L as tampered, and (3) go to Step 6; otherwise, perform the original operations of Step 4 of Algorithm 2.
Figs. 4.4(b) shows the result of superimposing a fake face on the person at the right side of the stego-image Fig. 4.4(a). Fig. 4.4(c) shows the authentication result yielded by Algorithm 2, with the gray blocks indicating the detected tampered image parts. As can be seen, the superimposing part has been detected successfully. For each of the detected tampered blocks, if at least two untampered shares of it can be
collected, its original content can be recovered, yielding the result shown in Fig.
4.4(d); otherwise, the tampered block is left unrecovered, as shown by the red dots in Fig. 4.4(e). As a comparison, we show the result of data recovery accomplished with a wrong key in Fig. 4.4(f). An erroneous image recovery result was obtained as expected.
We have also conducted experiments of enlarging the tampered image parts during the attacks to test the performance of the proposed method. The corresponding statistics of the performance is shown in Table 4.2 in which five parameters:
tampering ratio, detection ratio, recovery ratio, false acceptance ratio, and false rejection ratio, are as defined in the following:
(1) tampering ratio = (the number of tampered blocks)/(the total number of blocks);
(2) detection ratio = (the number of detected blocks)/(the number of tampered blocks);
(3) recovery ratio = (the number of recovered blocks)/(the number of detected blocks);
(4) false acceptance ratio = (the number of tampered blocks marked as untampered)/(the total number of tampered blocks);
(5) false rejection ratio = (the number of untampered blocks marked as tampered)/(the total number of untampered blocks).
It can be observed that the recovery ratio becomes worse when the tampering ratio grows. This is reasonable because when the tampered area becomes larger, fewer partial shares for image recovery will survive. We illustrate the relationship between the tampering ratio and the recovery ratio in Fig. 4.5. Note that the detection ratios presented in Table 4.2 are all 100% due to the ease in the detection of the alpha channel values of 255 (using Step 4′ described above) at the image parts attacked by superimposing, as mentioned previously. Likewise, the alpha channel value corresponding to an intact block will not be 255 and can be easily checked to be so, yielding a false rejection rate of 0%. On the contrary, the alpha channel value corresponding to a tampered block is 255 which is easy to check as well, yielding a false acceptance rate of 0%.
(a) (b) (c)
(d) (e) (f)
Fig. 4.4 Another authentication result of a stego-image of comic attacked by the superimposing operation. (a) A stego-image. (b) Tampered image yielded by superimposing a fake face on the person at the right side in Fig. 4.4(a). (c) Result with tampered blocks detected and marked as gray. (d) Result of image recovery. (e) Result of image recovery with red dots indicating unrecovered tampered blocks. (f) Erroneous image recovery result obtained with a wrong key.
Two other examples of tampered images yielded by the common operation of painting provided by well-known image editing software are presented in Figs. 4.6 and 4.7. Again, painting using Adobe Photoshop will replace the alpha channel values by 255, just like the superimposing operation mentioned previously. However, it was found that the painting operation provided by Corel PhotoImpact does not change the alpha channel values. In Fig. 4.6(a), the word iPHONE in the conversation and the brand label of the laptop appearing in Fig. 4.3(b) are modified by the painting
operation. Fig. 4.6(b) shows the authentication result in which gray blocks were used again to indicate image parts where mismatching authentication data were detected.
And the result of image recovery is shown in Fig. 4.6(c) from which we can see that the original content of the altered region reappears without loss.
Table 4.2 Statistics of experimental results of attacks using superimposing operations.
Experimental result
Fig. 4.5 Relationship between tampering ratios and recovery ratios of Table 4.2 for the comic image.
Fig. 4.7 shows the results of removing the image content of conversations and painting a counterfeit cabinet. The untouched content of the alpha channel values still
yields image recovery results with the original contents reappearing very clearly.
Table 4.3 shows the statistics corresponding to these experimental results of modification by painting. Since the stego-image was tampered with by painting which kept the content of the alpha channel plane intact as mentioned previously, the hidden data for authentication and recovery are not destructed. Therefore, the computed authentication data from the alpha channel values are always true, leading to the false rejection rate of 0%. Since a few tampered blocks are coincidentally identical to that of its untampered version, such a type of tampered block will reasonably be regarded as untampered and left unmarked, as indicated by several black blocks appearing in the detected region in gray shown in Fig. 4.7(b).
(a) (b) (c)
Fig. 4.6 Authentication result of a stego-image of comic attacked by painting. (a) A tampered image. (b) Result of authentication with tampered blocks detected and marked as gray. (c) Result of image recovery.
On the other hand, since the authentication data of each block are composed of d and c1 both with values coming from the set of {0, 1, 2, …, 7} (see Steps 3 and 4 in Algorithm 2), there exists a probability of 1/8 for a coincidental match between the extracted d' and the computed d to occur. Likewise, the probability for a coincidental match between the extracted c1' and the computed c1 to occur is also 1/8.
Consequently, there is a total probability of 1/8×1/8 = 1/64 for an erroneous block
authentication to occur, yielding a false acceptance ratio of (1/64)% = 1.56% in theory.
The corresponding statistics of the false acceptances are given in Table 4.3.
(a) (b) (c)
Fig. 4.7 Authentication results of a stego-image of comic attacked by painting. (a) A tampered image. (b) Result of authentication with tampered blocks detected and marked as gray. (c) Result of image recovery.
Table 4.3 Statistics of experimental results of attacks using painting operations.
Experimental result
It should be mentioned that almost all image processing operations which can be applied to a stego-image have been tried in this study, and it is found that, in addition to “superimposing,” the operation of “erasing” will also change the alpha values, but to be 0 instead of 255. To deal with this case, we do not have to regard the alpha value 0 as a distinguishing one for image authentication, but can just use Algorithm 2 proposed in this study to perform authentication normally. The reason is that the authentication signals extracted from the alpha channel with such alpha values will be incorrect, and mismatches of authentication signals will occur after these incorrect
signals are compared with those computed from the current block contents in the intensity channel.
Actually, even though there might be other image processing operations which will change the alpha values to be other than 255, the general version of the proposed method described in Algorithms 1 and 2 still works because the proposed method detects attacks by matching authentication signals computed from the intensity channel and those extracted from the alpha channel (See Step 4 of Algorithm 2).
B. Experimental Results Using a Document Image
Experimental results yielded by the use of a document image are shown in Figs.
4.8 through 4.11 where Figs. 4.8(a) and 4.8(b) are respectively the cover document image in the PNG format with size 1.57 KB and the stego-image generated by the proposed method with size 2.63 KB. Again, the increase of the stego-image size results from the appended alpha channel.
(a) (b)
Fig. 4.8 Result of a binary document image processed by proposed method. (a) PNG cover image of 195×196. (b) A stego-image with embedded data.
Fig. 4.9(b) shows the result of text content tampering by superimposing some counterfeit text parts on Fig. 4.9(a). The result of tampering detection by the proposed authentication algorithm is shown in Fig. 4.9(c) in which the modified part of
“backgrou” and the added part “Sincerely” were successfully marked. Since the
tampering ratio is not large, the destruction occurring in the alpha channel content is not much, yielding a good image recovery result without any unrecovered blocks as shown by Figs. 4.9(d) and 4.9(e). In addition, we also enlarged the tampered regions in the document stego-image to test the performance of the proposed method. The corresponding statistics are given in Table 4.4. Fig. 4.10 is an illustration of the relationship between the tampering ratio and the recovery ratio for the stego-image of the document.
(a) (b) (c)
(d) (e)
Fig. 4.9 Authentication result of a stego-image of document attacked by superimposing operations. (a) A stego-image. (b) Tampered image yielded by superimposing counterfeit text parts on Fig. 4.9(a). (c) Result with tampered blocks detected and marked as gray. (d) Result of image recovery. (e) Unrecovered blocks shown in red (none for this example).
Table 4.4 Statistics of experimental results of attacks using superimposing operations.
Experimental result
(image size = No. of
No. of tampered
No. of detected
No. of recovered
false acceptance
false rejection
195×196) blocks blocks
Fig. 4.10 Relationship between tampering ratio and recovery ratio for the document image.
Fig. 4.11 shows the experimental results of removing the entire image content by the painting operation provided by Corel PhotoImpact. As mentioned previously, since the content of the alpha channel values are untouched, the tampered blocks were all detected and the recovery result for those blocks meets the performance expectation as shown in Figs 4.11(c) and 4.11(d), respectively. The statistics of this experiment is shown in Table 4.5.
(a) (b)
(c) (d)
Fig. 4.11 Authentication result of a stego-image of document attacked by painting operations. (a) A stego-image. (b) Tampered image yielded by painting white color on entire content of Fig. 4.11(a). (c) Result with tampered blocks detected and marked as gray. (d) Result of image recovery.
Table 4.5 Statistics of experimental results of attacks using painting operations.
Experimental result
4.3(a) and 4.8(a), and the corresponding resulting stego-images shown in Figs. 4.3(b) and 4.8(b), is given in Table 4.6. The proposed method makes use of the additional alpha channel to accommodate authentication data while the other existing methods utilize only the intensity channel; therefore, the proposed method yields stego-images with larger sizes comparatively, which are disadvantageous to image transmission and
keeping, requiring longer time and larger storage space. The larger image size generated by the proposed method may be regarded as a price for gaining the image recovery capability as well as the finer authentication precision.
Table 4.6 Size comparison between cover images and resulting stego-images.
Fig. 4.3 Fig. 4.8 Size of cover image in PNG format (without the alpha channel) 3.71 KB 1.57 KB Size of stego- image in PNG format (with data embedded in the alpha channel) 6.52 KB 2.63 KB
C. Comparison of Performances with Existing Methods
For the purpose of presenting the contributions made by the proposed method, a comparison in terms of important capabilities between the proposed method and five existing binary image authentication methods is given in Table 4.7.
Contrastive with the methods in [1-3, 7] which flip qualified pixels to embed data and the method in [5] which changes pixel values for embedding authentication codes, the proposed method is the only one which causes no destruction to the content of an input binary image. It is also noted that the destruction caused by data embedding in the methods of [1-3, 5, 7] is irreversible, while the proposed method has the reversibility that enables an untampered image to transform back reappear with no loss to the original cover image.
Methods [1-2, 7] check the image content integrity by inspecting the patterns of the extracted signatures or watermarks; however, these methods lack the capability to precisely localize the tampering region. In view of this, methods [3, 5] provide the tampering localization capabilities; however, the method in [3] needs larger macro-blocks, composed of many finer blocks, to seek enough amounts of flippable pixels for embedding authentication data, leading to a coarser authentication precision.
As to the method of [5], it tends to yield a stego-image which includes noise pixels in the blank area due to authentication code embedding. And so, the use of a large block
As to the method of [5], it tends to yield a stego-image which includes noise pixels in the blank area due to authentication code embedding. And so, the use of a large block