In this section, we show some experimental results of applying the proposed image authentication algorithms (Algorithms 5 and 6) to authenticate stego-images attacked by two common image editing operations, i.e., superimposing and painting.
It was found that if the superimposing operation is used in the attack, the alpha channel values will be replaced with the new value 255 at the attacked part. Since the largest alpha channel value generated by the proposed method is 254 (see Step 3 in
Algorithm 5), attacked pixels can be easily detected and marked by checking the existence of the specific value 255 in the alpha channel. As an example, Fig. 10(a) shows a cover image “Tiffany” and Fig. 10(b) is the stego-image of Tiffany. In Fig.
10(c), the stego-image was attacked by superimposing a fake mouth on the face. Fig.
10(d) shows the authentication result in which all altered pixels were detected and marked in black. Table VI includes the statistics of the performance of the proposed method shown by the above experimental results in terms of the three parameters:
detection ratio, false acceptance ratio, and false rejection ratio, which are defined in the following:
(1) detection ratio = (the number of detected pixels)/(the number of tampered pixels);
(2) false acceptance ratio = (the number of tampered pixels marked as untampered)/(the total number of tampered pixels);
(3) false rejection ratio = (the number of untampered pixels marked as tampered)/(the total number of untampered pixels).
As can be observed from Table VI, both the false acceptance ratio and false rejection ratio are 0% for the reason that, as mentioned previously, alpha channel values 255 only occur at attacked pixels.
Another example of a tampered image attacked by superimposing a rose to the hair part of Tiffany is shown in Fig. 11(b). The authentication result is shown in Fig.
11(c) in which all pixels consisting of the added rose were successfully detected and marked in black. The corresponding statistics is also given in Table VI.
Table V Comparison of performance of proposed method with the method of [27]
Lena Baboon Airplane Boat
Methods
[27] 71674 48.82 22696 48.36 84050 48.94 38734 48.50
Proposed
(t= 1) 262144 262144 262144 262144
Table VI. Statistics of experimental results.
Experimental result (image size =
512×512)
No. of tampered
pixels No. of detected pixels
(detection ratio) false acceptance
ratio false rejection ratio Fig. 10. Authentication result of an attacked stego-image of Tiffany with a pasted fake mouth.
(a) Cover image. (b) Stego-image with authentication signals. (c) Modified stego-image. (d) Result with altered pixels detected and marked in black.
(a) (b) (c) Fig. 11. Authentication result of an attacked stego-image of Tiffany with an added rose. (a)
Stego-image with authentication signals. (b) Modified stego-image. (c) Result with altered pixels detected and marked in black.
Some experimental results of using painting operations to attack stego-images are shown in Fig. 12. Specifically, Figs. 12(a) and 12(b) are respectively an input cover image “jet” and a generated stego-image. In Fig. 12(c), a logo and words printed on the body of the plane were smeared by painting color similar to the plane body. The authentication result generated from Algorithm 6 is shown in Fig. 12(d) in which tampered regions were successfully detected and marked in black. However, as can be seen, some tampered pixels were not detected and appeared as noise in the marked region. This phenomenon results from the case that the authentication signals extracted from the alpha channel incidentally match the authentication signals computed from the tampered pixels. This is also the reason why the false acceptance ratio exists. It is noted that the alpha channel content keeps intact after the painting operation and so the extracted authentication signals are always true, yielding the false rejection ratio is 0%. Related statistics of the experiment is given in Table VII.
Since the authentication signal of each pixel is composed of three bits, there is a probability of 1/8 for an erroneous authentication, leading to a false acceptance ratio of around 12.5%. As an example, Fig. 13(b) shows that the stego-image of jet was
tampered with by smearing the entire plane out of the image content. The authentication result is shown in Fig. 13(c) in which 85.02% of tampered pixels were detected and marked in black. In other words, 14.98% of tampered pixels incidentally passed the authentication process, which meets the probabilistic expectation of around 12.5% authentication misses. The corresponding statistics is also given in Table VII.
(a) (b)
(c) (d) Fig. 12. Authentication result of an attacked stego-image of jet with the smeared logo and
words. (a) Stego-image with authentication signals. (b) Modified stego-image. (c) Result with altered pixels detected and marked in black.
Table VII. Statistics of experimental results.
Experimental result (image size =
512×512)
No. of tampered
pixels No. of detected pixels
(detection ratio) false acceptance
ratio false rejection ratio Exp. 3 shown in
Fig. 12 5886 5379
(91.39%) 8.61% 0%
Exp. 4 shown in
Fig. 13 57037 48491
(85.02%) 14.98% 0%
(a) (b) (c) Fig. 13. Authentication result of an attacked stego-image in which the jet has been smeared.
(a) Stego-image with authentication signals. (b) Modified stego-image. (c) Result with altered pixels detected and marked in black.
In addition, it is noted that though we use the previously-mentioned alpha value 255 as a distinguishing one to detect tampering caused by superimposing for the reason of efficiency, we may actually just use Algorithm 6 proposed in this study to deal with such cases normally. The reason is that the proposed method detects attacks by matching authentication signals computed from the color channels and those extracted from the alpha channel. If there exists any mismatched pair, then the corresponding pixel will be marked as being tampered with.