Thesis Organization - 藉由分享而得的影像還原技術

Chapter 1 Introduction

1.4 Thesis Organization

Fig. 1.3 illustrates the framework of this thesis. polynomial secret sharing is the main tool of our whole thesis. In Chapter 2, we will present the scheme of image recovery, which is based on the polynomial sharing approach. The method of cross recovery of multiple images is specified in Chapter 3. Chapter 4 proposes a novel secret sharing method, which can decode the secret image either by a computer or by stacking the transparencies.

Secret Sharing Image Recovery

Polynomial Secret Sharing Visual

Cryptography

Ch4: Two Layer Image Sharing

Ch2: Image Tampered Detection and Recovery Ch3: Cross Recovery of

Multiple Images.

Fig. 1.3. The framework of this thesis.

Chapter 2 Detection and Recovery of Tampered Images

This chapter presents an image recovery technology. We use polynomial sharing to share the critical information of the original image into many shadows, and the size of each shadow is very small. Then use data hiding technology to embed those shadows in each block of the original image. Finally, the checksum is also embedded in the block. If the image is tampered, the checksum of each block can determine whether the blocks are altered. If the block is integrity, then the embedded information can be extracted and be used to reconstruct the original image; otherwise, we mark the block as an error block and will be recover by the other integrity blocks.

2.1 Introduction

With the popularity of Internet, we can get multimedia data conveniently.

However, attackers can modify those multimedia data easily, via Internet. Therefore, how to protect the integrity of multimedia data is an important issue. Image recovery technology [23-27] is one of the methods to protect important web images. In this chapter, an image recovery method is proposed.

2.2 The Proposed Method

2.2.1 The Main Algorithm

In this section, the host image is a 512-by-512, gray-level image, the range of the gray value is 0~255. Fig. 2.1 shows the embedding procedure of our method.

Replace block i with block i’

Get Share i

(For each 8x8 block)

Binary stream Host

image

n shadows

(t, n) sharing

Block i

Share i

Block i’

Embed

Embed checksum

Fig. 2.1. The flow chart of the embedding procedure Compress

The process of our embedding procedure consists of four stages. The first stage is called “image compression stage”; in this stage, we compress the host image by

using JPEG method (actually, we can use any image compression method). The output is a bit stream, and the resulting size is smaller than the original image file. The second stage is called the “sharing stage”. In this stage, we use polynomial sharing technology to share the binary stream, which was got from the first stage. The final stage is called the “embedding stage”. For each 8-by-8 block, we embed a share and the checksum in it. The details of our method is described in the following algorithm.

Embedding Algorithm:

Input: A grey-value host image S of size Width ×Height, a decimal value d, 0＜d＜1,

which indicates the minimal percentage of the integrity blocks needed in order to recover the image if the stego image is tampered later.

Output: a stego image.

Steps:

1. Produce a grey-value image J by compressing the host image S using JPEG compression technology. Hereinafter, the data file representing the compressed image J will be treated as a bit-stream data-file.

2. Then, the bit stream of J is shared using an (t, n) sharing algorithm. Where n is equal to the number of 8-by-8 blocks in the host image; that is to say, n= Width/8 ×Height/8. The threshold value t means the percentage of integrity shares could be recovered, so t = d×n. Here the value of n may be

very large; for example, if the image size is 512-by-512, then n=(512/8)×(512/8)=4096, this is a large number. In order to get those

shadows, the sharing algorithm must works on or modulo 4099(this a minimal prime number which larger than 4096).

) 4096 ( GF ) 2 ( GF ¹² =

3. Partition the host image S into non-overlapping 8-by-8 blocks, then set i=0 initially. For each 8-by-8 block i, doing following steps.

4. Embed the share i was produced at step 2 and a checksum in the block i.

The embedding algorithm is described in Embedding-Sub Algorithm. Let the output is a block i’.

5. Replace the block i by the block i’, then increment the value of i by 1.

Finally, go to Step 4 unless all of the blocks are replaced.

6. The image S is our desired output.

Embedding-Sub Algorithm:

Purpose: To embed a share data and checksum in an 8-by-8 block.

Input: An 8-by-8 block B, and a share data D.

Output: An 8-by-8 block B’.

Steps:

1. Discard all of the least significant bits in the block B. Let T the output block.

We use a pseudo-code to represent it, For all of pixels in T,

T[x, y] ← B[x, y]/2;

Where B[x, y] (resp. T[x, y]) denotes the pixel value at position (x, y) of the block B (resp. block T).

2. Get the block T’ by using module-based data hiding method (see section 1.2) to hide the share data D in block T.

3. Get the checksum C by evaluating the CRC64 of the block T’ (each pixel of the block T’ is consist of 7 bits).

4. Append the checksum C to the block T’. Our desired block B’ consists of block T’ and checksum C. We can use the following pseudo-code to get block B’.

For all of pixels in B’,

B’[x, y] ← T[x, y]+C[x×8+y];

Where C[X] denotes the X-th bit value of the checksum C (C contains 64 bits). Fig. 2.2 shows the bit plane of the block B’.

Bit 1 2 3 4 5 6 7 8

Pixel 1 T[0, 0] C[0]

2 T[0, 1] C[1]

. :

64 T[7, 7] C[63]

Fig. 2.2. The bit plane of the block B’.

2.2.2 The Verification and Recovery Algorithm

The verification method is based on CRC64. For each 8-by-8 block, we use CRC64 algorithm to check whether the block is integrity or not. If the block is integrity, then we color the corresponding location of the verified image V white;

otherwise, color black. The details are described at below.

Verification Algorithm:

Input: A query image Q.

Output: A verified image V. If a verified block is a black block, it means the block had been altered. The color is white, if the block is not altered.

Steps:

1. Divide the query image Q into 8-by-8, non-overlapping blocks.

2. For each block B in the image Q, extracting all of LSBs in the block B.

Combine those bits, we can get a value called CRCChecksum.

3. Evaluating CRC64 of the block B (eliminate all of LSBs in the block B). If the value is equal to CRCChecksum, than we can say this block B is an integral block. Otherwise, the block B is an altered block.

4. If the block B is an altered block, we color the block of verified image V black at the corresponding location. Otherwise, color white.

5. If there are some blocks un-processed, go to step 2.Otherwise, terminate this procedure, then output the verified image V.

Fig.2.3 illustrates the verification algorithm. With this algorithm, we can know which blocks are tampered. With the verified image, we can even correct those blocks by using recovery algorithm.

No Yes

Evaluate CRC64 Get the first 7 bits for each pixel in block B

Get all of LSBs in block B (For each 8x8 block)

Query image

CRCChecksum

Fig. 2.3 The flow chart of the verification procedure A

CRC64 Equal?

Color the verified block black Color the verified

block white.

After the image verification procedure, we know which blocks were tampered. In order to recover the tampered blocks, the JPEG version of the original image will be extracted to restore those tampered blocks. The Recovery Algorithm below describes the details of this method.

Recovery Algorithm:

Input: A query image Q and the verified image V.

had been restored.

Divide the image Q into 8-by-8, non-overlapping blocks.

are data which be

3. o get the secret data from those extracted share

4. by-8 block of the verified image V, if the block color is black

Fig. I overy Algorithm.

Output: a recovered image R, whose altered blocks

Steps:

2. For each block B, if it is a integral block, extracting the sh embedded in the block B.

Use revealing algorithm t

files. (The secret data is a JPEG-format file of the original image). From the secret data, we can know a JPEG version of the original image, denote the image is J.

For each

8-(this means the block had been tampered), we use a corresponding block of the image J to replace the block of the image Q.

The image Q is our desired output.

2.4. llustrates the three passes of the Rec

Image decoder

Retrieve the secret data

Extract Yes

Query Image Q

Verified Image V

Is it a correct block?

shadow Pass 1:

Pass 2:

Shadow set

Compressed version of the original image

Compressed data of the original image

Do nothing No

Query Image Q

Fig. 2.4. The flow chart of the recovery procedure.

Verified Image V Pass 3:

JPEG version of the original image

White block Black block

2 x 1 MUX

Recovered Image R

2.3 Experimental Results

In order to evaluate the ability of our method, in this section, we design some experiments, and the results are show below.

Fig. 2.5. shows our first experiment; Lena is the host image, as shown in Fig.

2.5(a). The decimal value d of embedding algorithm is set 0.5. Fig. 2.5(b) shows the embedded image, which the PSNR is 40.61 d.b.. Fig. 2.5(c) shows that some straight lines had been added on the embedded image. Fig. 2.5(d) and Fig. 2.5(e) show the verification result and the recovered result. The PSNR of Fig. 2.5(e) is 38.71 d.b.

(This result is compared with the original image, the following two experiments are also the same).

Fig. 2.6. shows our second experiment; Fruit is the host image, as shown in Fig.

2.6(a). The decimal value d of embedding algorithm is 0.25. Fig. 2.6(b) shows the embedded image, which the PSNR is 37.14 d.b.. Fig. 2.6(c) shows some handwriting had been added on the embedded image. Fig. 2.6(d) and Fig. 2.6(e) show the verification result and the recovered result. The PSNR of Fig. 2.6(e) is 34.72 d.b..

Fig. 2.7. shows our third experiment; Jet is the host image, as shown in Fig.

2.7(a). The decimal value d of embedding algorithm is 0.25. Fig. 2.7(b) shows the embedded image, which the PSNR is 37.15 d.b.. Fig. 2.7(c) shows a picture “Car” had been added on the embedded image. Fig. 2.7(d) and Fig. 2.7(e) show the verification result and the recovered result. The PSNR of Fig. 2.7(e) is 34.33 d.b..

(a) (b)

(e)

Fig. 2.5. (a) the host image, (b) the stego image (PSNR=40.61 d.b.), (c) a tampered version, (d) the verification image, (e) the recovered image (PSNR=38.71 d.b.)

(a) (b)

(e)

Fig. 2.6. (a) the host image, (b) the stego image (PSNR=37.14 d.b.), (c) a tampered version, (d) the verification image, (e) the recovered image (PSNR=34.72 d.b.).

(a) (b)

(e)

Fig. 2.7. (a) the host image, (b) the stego image (PSNR=37.15 d.b.), (c) a tampered version, (d) the verification image, (e) the recovered image (PSNR=34.33 d.b.).

2.4 Discussion

In this chapter, our recovery method is based on polynomial sharing technology.

A secret worry is that, if any a mis-judgment occurs in the verification phase, some portions of the image will be lost. Because if any one of the shadows had been altered (or the shadow is a fake), then we cannot get any information at revealing phase!

Therefore, the verification phase is very important, we cannot allow any one mis-judgment, and a strict verification algorithm is much needed.

Review the verification algorithm of our method, the probability of the correct

judgment for a block is . In our experiment, there are 4096 blocks in a 512-by-512 image. So, the probability of the correct judgment upon all of those

blocks is , this number is very close to 1, so,

we can believe that, the case almost doesn’t happen.

2 64

1− ⁻

52 64

4096

64) 1 4096 2 1 2

2 1

( − ⁻ ≈ − × ⁻ = − ⁻

Lin, Hsieh and Huang [23] present an image recovery method. They use a watermarking technology to embed some recover data in the host image. Table 2.1 shows the relation between restoration performance and the number of un-tampered blocks. From this table, we can know the restoration performance very depend on the ratio of integral blocks to whole blocks. Compare with our method, if the correct blocks is only exceed the threshold, then we can reconstruct the image completely.

(a)

(b)

Table. 2.1. The performance of restoration ratio by Lin’s method. (a) The number of un-recovered blocks for single-tampered-chunk. (b) The number of un-recovered blocks for spread-tampered blocks.

2.5 Remark

In our experiment, the number of blocks and the threshold is very large (Actually, in general case, the two numbers should very large). How to increase the speed of encoding/decoding time is a very important issue. Rabin [20] provides a method to design the sharing matrix. For (t, n)-threshold sharing, the time complexity of the revealing phase is , where L is the size of the sharing file. However, Rabin’s method requires designing a sharing matrix. This section we introduce a method to compute the inverse matrix, and the time complexity is equal to Rabin’s method. Our method is based on Lagrange’s interpolation.

) (t² +tL θ

Firstly, the sharing/revealing algorithm will be introduced. We use matrix operator to represent the sharing algorithm.

In (t, n) sharing, , where are the secret

message, and are the n shadows. If we get any t of the n shadows, then we also get the secret message by evaluating the matrix operation below.

⎥⎥

, where are the t received shadows.

Let L be the size of the secret file, then the time complexity is , where the

term is the time complexity of computing the inverse matrix. If the threshold t is a large number (In section 2.3, the threshold is 1024 or 2048), the time cost is very much. In order to reduce the time complexity of the revealing algorithm, we proposed a time complexity of evaluating the inverse matrix method. This method is based on Lagrange’s interpolation.

)

Firstly, we rewrite the Lagrange’s interpolation below:

∑ ∑

The secret message is the coefficient of the variable , so if we use a matrix operation to represent the secret message, then

inverse matrix. Therefore, we can get the inverse matrix by evaluating the polynomial, and the method is described below.

bi_,

Computing the inverse matrix method:

Input: t numbers, i.e.

{

^k_i ^|¹^≤ⁱ^≤^t

}

Output: a t-by-t matrix of .

(j+1)th row of the output matrix.

5. If value l is t-1, then the matrix B is our desired output; otherwise, go to step 3.

The time complexity of this method isθ(t² +t(t+t))=θ(t²).

Chapter 3 Cross Recovery of Multiple Images

This chapter presents a novel cross recovery system of multiple images. We use polynomial-sharing and module-based data-hiding techniques to hide the recovery message. If any (n-t) of the n stego images are lost, then the system can recover these stego images by using other t stego images.

3.1 Introduction

In a (distributed) storage system of n images, if some images were lost, a trivial way to recover them is by the back-up copies (identical to the lost images but stored elsewhere). Recently, there are some non-trivial approaches [23-27] that recover a tampered image gorgeously. In this chapter, instead of dealing with a single image, we try to consider several images simultaneously (so that the recovery of any member images in this group can be done through the mutual support of the remaining member images). More specifically, we present a novel cross-recovery method that modify the n input images and obtain n stego images in which the cross-recovery information is hidden; later, up to (n-t) of the stego images are allowed to get lost, for we can still recover the lost stego images using t of the non-lost stego images. Here,

t≧n/2 is a threshold value pre-specified by the reader.

3.2 The Proposed Method

Sec. 3.2.1 presents a novel polynomial sharing method. On basis of this sharing method, our main algorithm is described in Sec. 3.2.2.

3.2.1 The Tool to Share n Pixels

The sharing phase and the revealing phase are described below. Fig. 3.1 shows the flowchart of the sharing/revealing phase. By using the sharing method, the first t shadows is equal to the input message.

The sharing phase:

Input: the t pixels

{

^p_i ^|¹^≤ⁱ^≤^t

}

where ⁰^≤ ^p_i ^≤²⁵⁵^.

Output: n numbers

{

{h[1],h[2],K,h[t]};h[n+1],K,h[n]

}

, where for each i, and

255 ] [ 0≤ ih ≤

t h p h

h[1]= ₁, [2]= ₂,K, [ ]= .

Steps:

1. Use Lagrange’s interpolation (see Ref. [3], the finite Galois Field used here is GF(256)) to get an n-points interpolation polynomial satisfying f(1)= , f(2)= , …, f(t)= .

) (x f

p1 p₂ p_t

2. Compute f(t+1), f(t+2), …, f(n) ; then the u numbers are { {h[1]=f(1)= ,

6. Use Lagrange’s interpolation to get the t-points interpolation polynomial satisfying f( )=h[ ], f( )=h[ ], …, f( )=h[ ].

) (x

f k₁ k₁ k₂ k₂ k_t k_t

7. The t pixels are{p₁=f(1),p₂=f(2), …,p_t=f(t) }.

Fig. 3.1. The flowchart of the sharing/revealing phase.

The revealing phase The sharing phase, (t,n) sharing

3.2.2 The Main Algorithm

The Main Algorithm:

Input: n gray-level images

{

^M_i^|¹^≤ⁱ^≤ⁿ

}

(each is, say, 512-by-512); and a specified integer t≧n/2.

Output: n stego images.

Goal: Later, if any (n-t) of the n stego images are lost, we may recover the lost stego

images by using other t stego images.

Steps:

1. Let the initial value of j be 1.

2. Let denote the pixel value of the image . Then use the sharing tool in Sec. 2.2 to share the n pixel values

] [ j

M_i j^th i^th M_i

[ ] {

p_i|1≤i≤n;p_i=M_i j

}

and thus generate u = 2n−t shadow-numbers

{

h[1],h[2],K,h[n],K,h[2n−t]

}

3. Among the 2n-t shadow numbers, the final (n-t) shadow-numbers {h[n+1], h[n+2], …, h[2n-k]} are the auxiliary data. In order to hide the auxiliary data

in n images, we need to split the data into n units. Therefore, before hiding, treat these (n-t) numbers (each is in the range 0-255) as a value of (n-t) digits in the base-256 system; then, transform this value from base-256 to a

n-digits value d1d2Kd_n in the base-b system (where b=

⎥⎥

⎢ ⎤

⎢

⎡ ⁻

n k n

256 =ceiling(256^(n-t)/n) is the smallest integer not less than 256^(n-t)/n).

4. For i=1,2,..,n, respectively, hide in M_i[j+1] the i^th digit of the base-b auxiliary data

(

d1d2Kd_n

)

}

by the module-based data-hiding algorithm mentioned in Section 1.2.2.

5. Let j← j+1. Then go to step 2 if j < 512×512=262144 (the image size).

6. The images

{

^M_i^|¹^≤ⁱ^≤ⁿ are now the desired output. Also store in a safe place (or attach to each stego image) the n numbers

{

^M_i^[²⁶²¹⁴⁴^]^|¹^≤ⁱ^≤ⁿ

}

where 262144=512×512 is the final pixel-position. Use these n numbers as a recovery seed later.

Get the j^th pixel

Module-based data hiding M1

Yes Get the j^th pixel

Mn-1

…… ……

Sharing

…… (n-t) shadows Are the ^thj

pixels the final pixels?

Store

Base transform

…… n digits

Fig. 3.2. The main algorithm.

The Recovery Algorithm:

Input: t gray level stego images{M_k_i |1≤i≤t}.

Output: n recovered images.

Goal: Recover the other (n-t) tampered images by using the input t images.

Steps:

1. Let the value j be S, where S is one of the size of the input images (each image size is the same value).

2. Set the t shadow values are{h[1]=M_k₁[j],h[2]=M_k₂[j],...,h[t]=M_k_t[j]}. Then set be the store values generated at the main algorithm step 6 (must revealing the base).

]}

3. Recover the jth deleted pixels by revealing the n shadows described in Sec. 3.2.2. Then Decrease the value j by 1. If remain any pixel not to recover (In other words, j>0), then go to step 4, else go to step 5.

Write the value into jth position Write the value into jth position Extracting the

hiding data from (j-1)th pixels.

Get the jth pixels Get the jth pixels Mk1

……

Mkt

…… ……

……

Base transform

Revealing Extracting the

hiding data from (j-1)th pixels.

Fig. 3.3. The recovery algorithm.

3.3 Experimental Results

Fig. 3.4 shows an experiment using (t, n)=(3, 4). If 4-3=1 of the four 512-by-512 stego images in Fig. 3.4 is lost, we can still recover it by using the other three stego images. Without the loss of generality, assume that stego image M₁ is the one

disappears. So, we only have M₂ , M₃ , M₄ , and the 4-numbers seed

{

^M_i^[²⁶²¹⁴⁴^]^|¹^{≤ i}^≤⁴

}

mentioned in Step 6. We first use Sec 2.3 to extract the n=4

hidden digits (d1d2…d4)b from the seed, where b=ceiling(256^(n-t)/n)=4, then covert (d1d2…d4)b to a value h[5]. Together with h[2]=M2[262143], h[3]=M3[262143], h[4]=M4[262143], we have four h[ti], enough to do inverse sharing to recover the value M1[262143] (see Sec. 2.2). Then, in next iteration, extract analogously the next n=4 hidden digits (d1d2…d4)b from {Mi [262143]｜1≦i 4}, and convert (≦ d1d2…d4)b to a new value of h[5]. Together with h[2]=M2[262142], h[3]=M3[262142], h[4]=M4[262142], we can do inverse sharing to recover M1[262142]. The process repeats to find all values of M1. The recovered image is exactly the once-lost Fig.

3.4(a). The embedding (to achieve cross-recovery goal) did not give the images big impact; for all four stego images shown in Fig. 3.4 have PSNR about 46.3 db.

Fig. 3.5 shows another experiment using (t, n) = (4, 6). If 6-4=2 of the six 512-by-512 stego images in Fig. 3.5 is lost, we can still recover it by using the other four stego images. The six stego images have PSNR around 42 db.

(a) (b)

Fig. 3.4. (3, 4) sharing scheme by our method. (a) PSNR = 46.34 db (b) PSNR=46.36 db (c) PSNR=46.37 db (d) PSNR=46.37 db.

(a) (b)

(e) (f)

Fig. 3.5. (4, 6) sharing scheme by our method. (a) PSNR = 42.03 db. (b) PSNR = 42.11 db. (c) PSNR = 42.10 db. (d) PSNR = 42.10 db. (e) PSNR = 42.12 db. (f) PSNR = 42.09 db.

3.4 Discussion

In this chapter, we have presented a cross recovery system for multiple images.

Since we required in the introduction that t≧n/2, i.e. at least one half of the images are not lost, the value of b=ceiling(256^(n-t)/n) is at most 16. The p and p′ =d + b×rounding[(p-d) / b] in Sec. 2.2.2 has difference at most 16/2=8 (see Ref. [4]). So the

PSNRs of the stego images are at least 10×log(255×255/(8×8))=30.07 db. (Indeed, our experimental values are about 34 db, when (t, n)=(2, 4) and the four original images utilized to produce Fig. 3.4 are used again as input. ) On the other hand, if t≧3n/4 (the case in Fig. 3.4), then b≧4 and the difference between the input pixel

value p and stego pixel value p′ is at most 4/2=2. The PSNRs of the stego images are therefore at least 10×log(255×255/(4×4))=42.11 db (indeed, the experiment in Fig. 3.4 has PSNRs around 46.3 db).

3.5 Extra Topic - a Lossless Version

The yielded images by the method that be presented in this chapter are loss version images. In this section, we present a loss-less version of image recovery method. However, the dealer must consume extra memory space to store the shadows.

Each shadows append to each image, the size of each shadow is depend the original images size and the threshold coefficient.

The Encoding Algorithm:

Input: n gray-value images

{

^M_i^|¹^≤ⁱ^≤ⁿ

}

, and those images are all the same size; and a specified integer t.

Output: n shares, each share consists of a visible image (identical with the input

image) and a shadow.

Goal: Later, if any (n-t) of the n image are lost, we may recover the lost images by

在文檔中藉由分享而得的影像還原技術 (頁 21-0)