We can conclude that the ability of verifying tampered coefficients is strongly related to the user-defined threshold Te. The verifying ability in smooth areas can be promoted by determining a greater Te.
4.4 Experimental Results
Our experiments were designed to show that the proposed scheme is able to blindly localize tampered areas, robust to JPEG compression, and sensitive to malicious manipulations, including the counterfeiting attack.
Images of 512 × 512 pixels were partitioned into non-overlapping blocks of 8 × 8 pixels. The two quantization levels LS and LT were set to 30 and 71, respectively.
All elements with quantization level LT were multiplied by a scaling factor of 3 (α)
to form quantization level LMAX. The MD5 one-way hashing function [Riv92] was used to generate the message digests for each block, and the front 4 (β) bits of the message digests were used as the prototype of watermarks for a block. Te was set to 3 (β–1) as the cut-off for authenticating DCT coefficients. Tc was set to 0.5 so as to enhance the authentication ability in smooth areas.
In the first experiment, a jet airplane (Fig. 4.8(a)) was used to show that our algorithm can accurately detect small tampered areas. The watermarked image is shown in Fig. 4.8(b) with a power signal-to-noise ratio (PSNR) of 38.54 dB. In Fig.
4.8(c), the letters “U.S.” on the airplane is replaced with “S.A.”, and a second airplane is added to the image. Without information fusion function, as shown in Fig. 4.8(d), some tampered blocks were not detected due to insufficient watermarks in the blocks.
When the information fusion function is used, all the tampered areas were correctly identified and localized, irrespective of their size, as shown in Fig. 4.8(e)–(h) for 1–4 iterations, respectively.
In the second experiment, a small image set was used to show that our algorithm is robust to incident manipulation, JPEG compression, and sensitive to malicious manipulations. The nine images in Fig. 4.9(a)–(i) contain watermarks embedded by the proposed watermarking scheme. The PSNR of each watermarked image and the detection results for various qualities of JPEG compression are listed in Table 4.2.
This table indicates that no detection error occurs when the watermarked images underwent JPEG compression up to a certain compression level (71). Our proposed scheme treats those manipulations with a compression level above the predefined acceptance level as incident manipulations. The robustness to JPEG compression of the dual-domain watermarking technique [Zha04] is shown in Table 4.3. As the table shows, the performance of robustness to JPEG compression cannot be guaranteed. The image set was also used to show that our algorithm is sensitive to
malicious manipulations. The detection results are listed in Table 4.4, which shows that the proposed scheme is sensitive to malicious manipulations, such as smoothing and histogram equalization. The proposed scheme is effective because the categorized results of the proposed scheme are robust to JPEG compression but sensitive to image enhancement and restoration operations.
In the third experiment, the Lena image in Fig. 4.10(a) was used to demonstrate that our algorithm can correctly localize tampered areas even when JPEG compression is applied. In this experiment, we simulated the behavior of a malicious attacker. The watermarked image is shown in Fig. 4.10(b) with a PSNR of 39.18 dB, and was processed by JPEG compression with a quantization level of 70.
We assumed that someone added a logo to this image and then compressed it at the same compression level (70). The tampered image is shown in Fig. 4.10(c). Fig.
4.10(d) indicates that our algorithm can still detect the tampered areas.
The fourth experiment demonstrates that our algorithm is sensitive to a counterfeiting attack. The jet airplane image in Fig. 4.11(a) was counterfeited as shown in Fig. 4.11(b) by embedding 69 watermarked images from a database using our proposed algorithm with the same parameters. The PSNR of the counterfeit image is 28.4 dB. When the counterfeiting attack occurs, the relationship between blocks cannot be counterfeited. The detection result is shown in Fig. 4.11 (c): 95%
of the tampered blocks were identified, which indicates that the image is worst likely being counterfeiting attacked.
The fifth experiment shows the comparison of authentication ability between traditional quantization-based approach [Lin00] and the proposed scheme. The amount of watermarks for each 8×8 block is 4. In this experiment, the watermarks are embedded into image by traditional quantization-based approach and the proposed scheme, respectively. Then the watermarked images are compressed by JPEG
compression with specific compression level, and a small airplane is placed. The Fig. 12(a) shows that the watermarked image is obtained by traditional quantization-based approach with preselected quantization level (LI=45). The visual artifacts caused by watermarking can be seen in smooth areas. Then the watermarked image is compressed with compression level (L=10) and a small airplane is placed. The Fig. 12(b) shows that the watermarked image obtained by the proposed scheme (LT=71and LS=30) is compressed with JPEG compression (L=10) and then a small airplane is added. Figs. 12(c)–(i) show the detection results of traditional quantization-based approach with various compression levels (L=10–70), respectively. It should be apparent from the Figs. 12(c)–(i) that the authentication ability failed when compression levels of JPEG compression are greater than the preselected quantization level LI. Figs. 12(j)–(p) show the detection results of the proposed scheme with various compression levels (L=10–70), respectively. As the figures show, the tampered areas are detected correctly even watermarked image are subjected to JPEG compression. The experiments indicate that the proposed scheme can achieve better performances in properties of the watermarking transparency and the robustness to JPEG compression.
4.5 Summary
This chapter describes a blindly semi-fragile watermarking scheme that includes the generation of content-based watermarks, hybrid watermarking, and calibration functions. The proposed watermarking scheme offers the characteristics of adaptive transparency, blind detection of watermarks, robustness to JPEG compression, and fragility to unauthorized manipulations.
This chapter also provides a semi-fragile classification method for categorizing
DCT coefficients, which enables the watermarks to be adaptively embedded according to the characteristics of images. No extra space is required for storing the image characteristics and quantization indices of blocks.
(a) (b) (c)
(d) (e) (f)
(g) (h)
Fig. 4.8. The experiment results are used to show the effectiveness that the proposed semi-fragile watermarking scheme can localized tampered areas accurately. The size of test image is 512 × 512 (LS=30, LT=71, α=3, and β=4 ) (a) The original image (b)The watermarked image whose PSNR is 38.54db. (c) The tampered image where an airplane is placed and the letters on the airframe are tampered. (d) The detection result without amending function. (e)–(h) are the tampered detection results derived from 1 to 4 iterations.
(a) (b) (c)
(d) (e) (f)
(g) (h) (i)
Fig. 4.9. An image set showing that the proposed semi-fragile watermarking scheme is robust to JPEG compression and sensitive to malicious tampered attacks (results data are listed in Table 4.2 and Table 4.4).
Image Operation
Image Number Signal to Noise Ratio(dB)
The block error ratio of the Detection Result(%)
(a) (b) (c) (d) (e) (f) (g) (h) (i) 35.41 37.07 35.84 37.19 35.34 30.95 36.69 35.52 43.77
JPEG(L=10) 15% 9% 7% 4% 6% 5% 7% 9% 4%
Table 4.3. The authentication results of the dual-domain watermarking technique [Zha04] that the watermarked images are subjected to JPEG compression within various quantization levels.
Image Operation
Image Number Signal to Noise Ratio(dB)
The block error ratio of the Detection Result(%)
(a) (b) (c) (d) (e) (f) (g) (h) (i) 39.75 38.54 37.85 38.24 36.82 39.79 39.18 38.17 40.64
JPEG(L=10) 0% 0% 0% 0% 0% 0% 0% 0% 0%
JPEG(L=80) 6.25% 4.34% 3.58% 5.22% 16.84% 1.73% 2.29% 4.78% 1.51%
JPEG(L=90) 6.42% 13.91% 10.32% 18.31% 49.97% 6.51% 7.08% 17.38% 6.44%
Table 4.2. The detection results demonstrate that our proposed algorithm is robust to JPEG compression(LS=30, LT=71, α=3, and β=4 ). The detection results that the watermarked images are undergoing JPEG compression within various quantization level.
Image Operation
Image Number Signal to Noise Ratio(dB)
The block error ratio of the Detection Result(%)
(a) (b) (c) (d) (e) (f) (g) (h) (i) 39.75 38.54 37.85 38.24 36.82 39.79 39.18 38.17 40.64 S(3×3) 12.76% 23.65% 24.68% 31.12% 62.30% 7.47% 18.55% 32.88% 8.42%
S(5×5) 24.41% 32.69% 28.22% 32.20% 83.74% 16.62% 26.80% 27.83% 9.66%
H. E. 99.70% 97.72% 78.78% 46.04% 67.65% 25.24% 31.93% 45.36% 99.36%
Table 4.4. The detection results demonstrate that the proposed algorithm is sensitive to malicious manipulations(LS=30, LT=71, α=3, and β=4 ). The detection results are calculated after the watermarked images are undergoing smoothing, or histogram equalization.
(a) (b)
(c) (d)
Fig. 4.10. The experiment results are used to show the effectiveness that the proposed semi-fragile watermarking scheme can localized tampered areas accurately and robust to JPEG compression. The size of test image is 512 × 512 and the quantization level is seventy (LS =30, LT=71, α=3, and β=4 ) (a) The original image (b)The watermarked image whose PSNR is 39.18db. (c)The watermarked image is compressed with quantization level L=70 and a logo is placed nearby the hat. (d) The detection result of Fig. (c) where the tampered areas are detected correctly
(a) (b) (c)
Fig. 4.11. Experimental results of a counterfeit attack in which 69 images from a database were embedded with identical parameters by our algorithm. (a) Nonwatermarked image. (b) Counterfeited image (PSNR=28.4 dB). (c) Most (95%) of the tampered blocks are detected.
The gray values of the localized tampered areas were subtracted by a constant amount in order to show the localized areas more clearly.
(a) (b)
(c) (d) (e) (f) (g) (h) (i)
(j) (k) (l) (m) (n) (o) (p)
Fig. 4.12. Comparison of authentication ability between the conventional quantization-based approach and the proposed scheme: (a) The tampered image (LT=71 and LS=30). (b) The tampered image (LI=45). (c)–(i) the detection results of traditional quantization-based approach with various compression levels (L=10–70), respectively. (j)–(p) the detection results of the proposed scheme with various compression levels (L=10–70), respectively.