Thesis Organization

The remainder of this thesis is organized as follows, In Chapter 2, an overview of the proposed techniques and the ideas associated with image authentication, covert communication, and reversible data hiding is given. In Chapter 3, the proposed method for authentication of grayscale document images with a data repairing capability is described. In Chapter 4, the proposed new approach to binary Image authentication is described. The proposed color image authentication method based on a new data hiding technique is presented in Chapter 5. In Chapter 6, the proposed pixel-level self-repairing authentication method for grayscale images is described. In Chapter 7, the proposed covert communication method based on information sharing is described. In Chapter 8, the proposed blind reversible data hiding method is described. Finally, in the last chapter, conclusions of this study and some suggestions for future research are included.

Chapter 2

Overview of Proposed Techniques and Ideas

In this chapter, we describe the main ideas and techniques of the proposed methods for image authentication, steganography and reversible data hiding.

2.1 Repairable Authentication Method for Grayscale Document Images

A method for authentication of document images with an additional self-repair capability for fixing tampered image data is proposed. The input cover image is assumed to be a binary-like grayscale image with two major gray values. After the proposed method is applied, the cover image is transformed into a stego-image in the PNG format with an additional alpha channel for transmission on networks or archiving in databases. The stego-image, when received or retrieved, may be verified by the proposed method for its authenticity. Integrity modifications of the stego-image can be detected by the method at the block level and repaired at the pixel level. In case that the alpha channel is totally removed from the stego-image, the entire resulting image is regarded as inauthentic, meaning that the fidelity check of the image fails. The proposed method is based on the so-called (k, n)-threshold secret sharing scheme proposed by Shamir [56] in which a secret message is transformed into n shares for keeping by n participants; and when k of the n shares, not necessarily all of them, are collected, the secret message can be recovered losslessly. Such a secret sharing scheme is useful for reducing the risk of incidental partial data loss.

To the best of our knowledge, this is the first secret-sharing-based authentication method for binary-like grayscale document images. It is also the first authentication method for such document images through the use of the PNG image. Note that this method is not a secret-sharing technique, but a document image authentication method.

2.2 Recoverable Authentication Method for Binary Images

A new method for binary image authentication with an additional self-recovery capability for repairing tampered image data is proposed. The method is based on the (k, n)-threshold scheme proposed by Shamir [56] for secret sharing and is developed via the use of PNG images with alpha channels. The secret sharing scheme is used in the proposed method to enhance the capability of self-recovery of lost data as well as to generate share data which carry information for image authentication and data recovery.

More specifically, the alpha channel in a cover PNG image is used in this study as a carrier for embedding secret shares, though it is defined originally for creating desired image transparencies. Since all channels in a PNG image should have the same sample depth according to the PNG standard [57], a PNG encoder will scale all the channels’ samples up to the same depth. Therefore, a binary image used in this study whose sample depth is 1 will automatically be scaled up to have a depth of 8 but with only two pixel values 0 and 255, when an alpha channel with sample depth 8 is appended to the original binary image. Fig. 2.1 shows how samples of depth 1 are mapped to depth 8 in the scaling process.

Fig. 2.1 Illustration of scaling sample depth of a binary image from 1 to 8 by a PNG encoder.

However, it is found that embedding data into the alpha channel will yield random transparency in the resulting stego-image, producing an undesired opaque effect with a lot of white noise. A solution to this phenomenon, as proposed in this study, is to map the resulting alpha channel values into a small range near their extreme value of 255, yielding instead uniformly distributed and nearly imperceptible noise in the alpha channel. This idea of creating the effect of imperceptibility by

alpha-channel value mapping is proved feasible by the experiments conducted in this study.

Finally, to recover losslessly the original content of a tampered block, the technique adopted in the proposed method is to distribute the generated multiple shares randomly into the alpha channel. The resulting location randomness of the shares together with their multiplicity allows the share data to have more chances to survive attacks without being totally destroyed, thus promoting the capability of image recovery of the proposed method.

2.3 Color Image Authentication Based on an

Information-sharing-based Data Hiding Method

In the information-sharing-based data hiding method proposed in this study, a PNG image is used as the cover image in which the alpha-channel value of each pixel is set to be 255 initially. That is, the cover image is a totally transparent color one at the beginning of the proposed data hiding process. A data string to be hidden is transformed into shares by the Shamir’s secret sharing method, which is then embedded into the alpha-channel plane of the cover PNG image. Coefficient parameters involved in the Shamir method are used as carriers of the data to be hidden in the proposed method. A prime number used in the method, which is found to dominate the resulting visual quality and data hiding capacity of the stego-image, is properly selected. Also, a mapping function is designed for adjusting the alpha-channel values to create uniform transparency in the alpha-channel plane, resulting in an imperceptible effect in the stego-image. The original R, G, and B channels are untouched so that the original image appearance revealed by the color information of these three channels is kept.

The proposed data hiding method is suitable for applications of image authentication and metadata hiding. In particular, the application of the proposed method to color image authentication is investigated and relevant algorithms are proposed in the subsequent chapter.

2.4 Self-repairing Authentication Method for Grayscale Images

A method for pixel-level grayscale image authentication using fragile authentication signals with an additional capability for repairing attacked image parts automatically is proposed. The method is based on the concept of compressing a number of the most significant bits (MSBs) of a pixel’s gray value into a shorter “bin code” for use both as an authentication signal for the pixel and as an index for generating the data for repairing the pixel when it is authenticated to have been tampered with. The bin code is generated from a bin-mapping scheme which transforms each pixel’s gray value into one of eight “bins,” coded by three bits. It is proved that the choice of using three bits out of eight ones in a pixel as the bin code is optimal under a minimax criterion of reducing the total maximum pixel-level gray-value distortion resulting both from authentication signal embedding and from tampered pixel repairing.

2.5 Covert Communication Method via Spreadsheets with an Authentication Capability

We propose a new covert communication method which applies Shamir’s (k, n)-threshold secret sharing scheme with n = k + 1 to a given secret item to yield k+1 shares, and the generated k + 1 shares are embedded into the number items in a spreadsheet as if they are part of the spreadsheet content. The purpose of transforming the secret data into secret shares by the (k, k+1)-threshold secret sharing scheme is not to enforce robustness, but to yield a blind self-authentication capability for the embedded secret. Conventionally, the concept of (k, n)-threshold secret sharing is applied to provide destruction-tolerant capabilities. That is, any k shares collected from n ones may be processed to reveal the shared secret even though up to (n  k) shares are destroyed. But in the proposed method, the scheme of (k, k + 1)-threshold secret sharing is developed for the first time to provide instead a self-authentication capability by checking the value-consistency of k + 1 results coming from all k + 1 combinations to determine whether the extracted secret is intact or not. That is, only when the results computed from any k shares collected from k + 1 shares are all identical in value can the extracted secret be decided to be intact. Moreover, to

conceal the presence of hidden data, secret shares are spread throughout the cover spreadsheet in a sparsely fashion. And a spreadsheet containing numeral items with a high scatter level is more suitable to be used as a cover spreadsheet for better concealment.

2.6 Reversible Data Hiding Method

An iterative reversible data hiding method which is composed of two phases and yields high data embedding rates is proposed. The method utilizes the spatial similarity of neighboring pixels to create a difference histogram. In the first phase of histogram shifting, the peak point of the difference histogram is used to accommodate some message data, and in the second phase the value of the peak point, combined with the remaining message data, is embedded into the difference histogram again using another histogram-shifting scheme.

Chapter 3

A Secret-Sharing-Based Method for

Authentication of Grayscale Document Images via the Use of the PNG Image with a Data

Repairing Capability

3.1 Introduction

Document images, which include texts, tables, line arts, etc. as main contents, are often digitized into grayscale images with two major gray values. One of the two values represents the background (including mainly blank spaces) and the other represents the foreground (including mainly texts). It is noted that such images, though gray-valued in nature, look like binary. For example, the two major gray values in the document image shown in Fig. 3.1 are 174 and 236, respectively. It seems that such binary-like grayscale document images may be thresholded into binary ones for later processing, but such a thresholding operation often destructs the smoothness of the boundaries of text characters, resulting in visually unpleasant stroke appearances with zigzag contours. Therefore, in practical applications text documents are often digitized and kept as grayscale images for later visual inspection.

In general, the image authentication problem is difficult for a binary document image because of its simple binary nature. This nature leads to creation of perceptible changes after authentication signals are embedded in the image pixels. Such changes will arouse possible suspicions from attackers. A good solution to such binary image authentication thus should take into account not only the security issue of preventing image tampering, but also the necessity of keeping the visual quality of the resulting image. In this study, we propose an authentication method which deals with binary-like grayscale document images instead of pure binary ones, and solves simultaneously the problems of image tampering detection and visual quality keeping.

Fig. 3.1 A binary-like grayscale document image with two major gray values.

In this study, a method for authentication of document images with an additional self-repair capability for fixing tampered image data is proposed. The input cover image is assumed to be a binary-like grayscale image with two major gray values like the one shown in Fig. 3.1. After the proposed method is applied, the cover image is transformed into a stego-image in the PNG format with an additional alpha channel for transmission on networks or archiving in databases. The stego-image, when received or retrieved, may be verified by the proposed method for its authenticity.

Integrity modifications of the stego-image can be detected by the method at the block level and repaired at the pixel level. In case that the alpha channel is totally removed from the stego-image, the entire resulting image is regarded as inauthentic, meaning that the fidelity check of the image fails. The proposed method is based on the so-called (k, n)-threshold secret sharing scheme proposed by Shamir [56] in which a secret message is transformed into n shares for keeping by n participants; and when k of the n shares, not necessarily all of them, are collected, the secret message can be recovered losslessly. Such a secret sharing scheme is useful for reducing the risk of incidental partial data loss.

Conventionally, the concepts of “secret sharing” and “data hiding for image authentication” are two irrelevant issues in the domain of information security. But in the proposed method, we combine them together to develop a new image authentication technique. The secret sharing scheme is used in the developed

technique not only to carry authentication signals and image content data, but also to help repair tampered data through the use of shares.

An issue in self-repairing of tampered data at attacked image parts is that after the original data of the cover image are embedded into the image itself for use in later data repairing, the cover image is destructed in the first place and the original data are no longer available for data repairing, resulting in a contradiction. A solution to this problem is to embed the original image data somewhere else without altering the cover image itself. The way proposed in this study to implement this solution is to utilize the extra alpha channel in a PNG image to embed the original image data.

However, the alpha channel of the PNG image is used originally for creating a desired degree of transparency for the image. Embedding of data into the alpha channel will so create random transparency in the resulting PNG image and produce an undesirable opaque effect. One way out, as proposed in this study, is to map the resulting alpha channel values into a small range near their extreme value of 255, yielding a nearly imperceptible transparency effect on the alpha channel plane.

Another problem encountered in self-repairing of the original image data is that the data to be embedded in the carrier are often large-sized. For our case here with the alpha channel as the carrier, this is not a problem because we may just transform the binary-like cover image into a binary version and embed the small-sized result into the carrier. Furthermore, through a careful design of authentication signals, a proper choice of the basic authentication unit (i.e., the unit of 2×3 image block), and a good adjustment of the parameters in Shamir’s scheme, we can reduce the data volume of the generated shares effectively so that more shares can be embedded into the alpha channel plane. It is noted that by the proposed method, the larger the number of shares is, the higher the resulting data repair capability becomes, as can be seen in the subsequent sections. Finally, we distribute the multiple shares randomly into the alpha channel to allow the share data to have large chances to survive attacks and so to promote the data repair capability. To the best of our knowledge, this is the first secret-sharing-based authentication method for binary-like grayscale document images. It is also the first authentication method for such document images through the use of the PNG image. Note that this method is not a secret-sharing technique, but a document image authentication method.

3.2 Review of Shamir’s Method for Secret Sharing

In the (k, n)-threshold secret sharing method proposed by Shamir [56], a secret d in the form of an integer is transformed into shares which then are distributed to n participants to keep; and as long as k of the n shares are collected, the original secret can be recovered accordingly, where k  n. The detail of the method is reviewed in the following.

Algorithm 1: (k, n)-threshold secret sharing.

Input: a secret d in the form of an integer, the number n of participants, and a threshold k  n.

Output: n shares in the form of integers for the n participants to keep.

Steps.

Step 1. Choose randomly a prime number p which is larger than d.

Step 2. Select k  1 integer values c₁, c₂, …, c_k1 within the range of 0 through p  1.

Step 3. Select n distinct real values x₁, x₂, …, x_n.

Step 4. Use the following (k  1)-degree polynomial to compute n function values F(x_i), called partial shares for i = 1, 2, …, n:

F(xi) = (d + c1xi + c2xi2

+ … + ck1xik1

)mod p. (1)

Step 5. Deliver the 2-tuple (xi, F(xi)) as a share to the ith participant where i = 1, 2, …, n.

Since there are k coefficients, namely, d and c₁ through c_k1 in (1) above, it is necessary to collect at least k shares from the n participants to form k equations of the form of Eqs. (1) to solve these k coefficients in order to recover the secret d. This explains the term, threshold, for k and the name, (k, n)-threshold, for the Shamir method [56]. Below is a description of the just-mentioned equation-solving process for secret recovery.

Algorithm 2: secret recovery.

Input: k shares collected from the n participants and the prime number p with both k and p being those used in Algorithm 1.

Output: the secret d hidden in the shares and the coefficients ci used in Eqs. (1) in Algorithm 1, where i = 1, 2, …, k  1.

Steps.

Step 1. Use the k shares (x1, F(x1)), (x2, F(x2)), …, (xk, F(xk)) to set up the following equations:

F(x_j) = (d + c₁x_j + c₂x_j² + … + c_k1x_j ^k1)_{mod p}, (2) where j = 1, 2, ..., k.

Step 2. Solve the k equations above by Lagrange’s interpolation to obtain d as follows [58]:

Step 3. Compute c₁ through c_k1 by expanding the following equality and comparing the result with (2) in Step 1 while regarding the variable x in the equality applications, if only the secret value d need be recovered, this step may be eliminated.

3.3 Merits of Proposed Method

In addition to being capable of data repairing and being blind in nature (requiring no overhead other than the stego-image), the proposed method has several other merits, which are described in the following.

(1) Providing pixel-level repairs of tampered image parts  As long as two untampered partial shares can be collected, a tampered block can be repaired at the pixel level by the proposed method. This yields a better repair effect for texts in images because text characters or letters are smaller in size with many curved strokes and need finer pixel-level repairs when tampered with.

(2) Having higher possibility to survive image content attacks  By combining skillfully the Shamir scheme, authentication signal generation, and random embedding of multiple shares, the proposed method can survive malicious attacks

of common content modifications, such as superimposition, painting, etc., as will be demonstrated by experimental results described subsequently.

(3) Making use of a new type of image channel for data hiding  Different from common types of images, a PNG image has the extra alpha channel plane which normally is used to produce transparency to the image. It is utilized differently by the proposed method for the first time as a carrier with a large space for hiding share data. As a comparison, many other methods use LSBs as carriers of hidden data.

(4) Causing no distortion to the input image  Conventional image authentication methods which usually embed authentication signals into the cover image itself will unavoidably cause destruction to the image content to a certain extent.

Different from such methods, the proposed method utilizes the pixels’ values of the alpha channel for the purpose of image authentication and data repairing, leaving the original image (i.e., the grayscale channel) untouched and so causing no distortion to it. The alpha channel plane may be removed after the authentication process to get the original image. Fig. 3.2 shows the framework of the proposed method in this aspect; and Fig. 3.3, shown for comparison, illustrates a conventional image authentication method.

Fig. 3.2 Framework of proposed document image authentication method.

Fig. 3.3 Framework of a conventional image authentication method.

(5) Enhancing data security by secret sharing  Instead of hiding data directly into document image pixels, the proposed method embeds data in the form of shares

(5) Enhancing data security by secret sharing  Instead of hiding data directly into document image pixels, the proposed method embeds data in the form of shares