Summary

A new image data hiding method has been proposed, which not only can be used for secure keeping of secret images but also can be adopted as a new option to solve the difficulty of hiding images with huge data volumes into cover images. By the use of proper pixel color transformations as well as a skillful scheme for handling overflows and underflows in the converted values of the pixels’ colors, secret-fragment-visible mosaic images with very high visual similarities to arbitrarily-selected target images can be created with no need of a target image database; and the original secret images can be recovered nearly losslessly from the created mosaic images. Good experimental results have shown the feasibility of the proposed method. Future studies may be directed to applying the proposed method to images of color models other than the RGB.

Chapter 3

A New Data Hiding Technique via Encrypted Images by Image Encryptions and Spatial Correlation Comparisons

3.1 Introduction

Nowadays, images from various sources are frequently utilized and transmitted through the Internet for various applications, such as online personal photograph albums, confidential enterprise archives, document storage systems, medical imaging systems, military image databases, etc. These images usually contain private or confidential information so that they should be protected from leakages during transmissions. Therefore, some methods jointing data hiding and encryption techniques have been proposed [52]-[54], in which a part of the cover media is encrypted and the other part is used for data embedding. Such methods, however, reveal undesirably the content of the second part of the cover media. To provide higher security, Zhang [55] proposed a method that can prevent people, including the data hider, from realizing the cover media content before or after the data embedding process is performed. Specifically, the cover image is encrypted entirely, instead of partially, by the content owner using a key, and the result is then delivered to the data hider for data embedding. Also, the original cover image can be recovered after the embedded data are extracted. Hong et al. [56] improved Zhang’s method [55] by using a side-match scheme based on uses of spatial correlations of adjacent blocks.

Either [55] or [56] embeds a message into an encrypted image by flipping the three least significant bits (LSBs) of a portion of the pixels of each image block to embed a message bit. Data extraction and image recovery are achieved by using spatial correlations. However, such a message embedding scheme suffers from a problem which occurs when the cover image is a flat image, i.e., when the cover image has lots of smooth regions with the characteristic that the most significant bits (MSBs) of the pixels in each of such regions are all the same.

In this study, the LSBs of each block pixel in an encrypted image are encrypted further, rather than flipped, to embed a message bit, thereby solving the

aforementioned problem encountered in [55] and [56] which is caused by flat cover images. Also, the spatial similarity of the original LSBs of the pixels in each block is broken by the encryption function. Moreover, for each pixel of a block in the encrypted image, four LSBs, instead of three, are utilized for message embedding, and a side-match scheme that utilizes the spatial correlations of both recovered and unrecovered blocks are proposed to decrease the bit-extraction error rate, in contrast with [56] which utilizes the spatial correlations of recovered blocks only.

3.2 Review of Existing Methods

The reversible data hiding scheme proposed in Zhang [55] for grayscale images includes three phases: 1) image encryption, 2) message embedding, and 3) message extraction and image recovery. In the first phase, a cover image I is encrypted by performing the exclusive-OR (XOR) operation  on all bits and their corresponding random bits generated by the use of an encryption key Ke and a random number generator PRe. Specifically, by denoting the value of each pixel Pi,j in I by pi,j, each bit of Pi,j by bi,j,k, and the generated random bit corresponding to bi,j,k by ri,j,k, the encryption of I is conducted by replacing bi,j,k by bi,j,k' = bi,j,kri,j,k for all i, j, and k, resulting in an encrypted image I' with pixels pi,j' and bits bi,j,k'.

In the message embedding phase, I′ is divided into blocks Bm,n of size ss, with each block used to carry a bit. Specifically, firstly each pixel Pi,j′ in Bm,n is assigned into two random sets S0 and S1 using a data-hiding key Kh and another random number generator PRh. Then, if the bit to be embedded into Bm,n is 0, the three LSBs bi,j,k′ of each pixel Pi,j′ in S0 are flipped to be their complements b_{i j k, ,} , resulting in a new pixel Pi,j′′ with value pi,j''; else, the three LSBs of each pixel Pi,j′ in the other random set S1 are flipped. The resulting image is denoted by I′′.

In the last phase  message extraction and image recovery, firstly I′′ is decrypted to obtain a decrypted image I′′′ by performing an XOR operation  on every bit bi,j,k′′ in I'' and the corresponding random bit ri,j,k re-generated by the encryption key Ke. By denoting the resulting decrypted pixels and decrypted bits as Pi,j′′′ and bi,j,k′′′, respectively, it can be seen that the five MSBs of Pi,j′′′ in I′′′ are identical to the corresponding ones of the original pixel Pi, j in I but the three LSBs are not. Next, by using the data-hiding key Kh, the random sets S0 and S1 may be re-generated for each decrypted block Bm,n′ of I′′′. Then, the three LSBs of the pixels

in S0 and those in S1 are both flipped to form blocks Hm,n,0 and Hm,n,1, respectively. It can be figured out that one of Hm,n,0 and Hm,n,1 is identical to the original block Bm,n in I, and the other is an interfered version of Bm,n since all the three LSBs of the latter have been flipped. Because of the spatial correlations of pixels in natural images, the original block is usually smoother than the interfered version. So the embedded bit can be extracted, as done in [55], by using a block smoothness measure f as follows:

1 1

where pu,v denotes the value of a pixel Pu,v in the block. Specifically, by denoting the smoothness values calculated of Hm,n,0 and Hm,n,1 as fm,n,0 and fm,n,1, respectively, bit extraction is conducted by the rule: if fm,n,0 < fm,n,1, a bit 0 is extracted and Hm,n,0 is taken as the original block; else, a bit 1 is extracted and Hm,n,1 is taken as the original block.

Moreover, a side-match scheme is adopted, using additionally the spatial correlations of adjacent recovered blocks to reduce the error rate of bit extraction.

A problem with [55] occurs when the five MSBs of the pixels in a block are all identical  a case encountered when the cover image is flat. The problem is: the smoothness measures fm,n,0 and fm,n,1 computed of Hm,n,0 and Hm,n,1, respectively, become the same in such a case, as proved below, and the resulting bit extraction will so be no better than random guesses, i.e., the probability to extract a correct bit is about 1/2.

Let the five MSBs of each pixel Pi,j in the original block Bm,n be denoted identically as b8~b4 under the assumption of image flatness. Also, let the pixels in Hm,n,0 and Hm,n,1 be denoted as Pu,v,0 andPu,v,1 with values pu,v,0 andpu,v,1, respectively.

Without loss of the generality, let Hm,n,0 be the one identical to the original block Bm,n

and Hm,n,1 the interfered one. Thus, pu,v,0 in Hm,n,0 are all identical to the corresponding pixel values pu,v of Bm,n, and the three LSBs of pu,v,1 in Hm,n,1 are the flipped versions

of pu,v in Bm,n. That is, the five MSBs of each pixel in Hm,n,0 and Hm,n,1 are identically

The above-mentioned problem is also found in [56], i.e., the block smoothness values fm,n,0′ and fm,n,1′ computed according to (9) are equal when the five MSBs of the pixels in the original block Bm,n are all identical. The proof, also based on the equality bu,v,k + b_{u v k, ,} = 1, is similar to (10) and so omitted.

Figure 3.1(a) shows a flat image with 88 blocks where the pixel values of each block are reassigned artificially to be all the same. Figure 3.1(b) shows the incorrectly-recovered blocks (marked in white) yielded by [55] with an error rate of 50.81%, and Figure 3.1(c) shows those yielded by [56] with an error rate of 44.53%.

In contrast, the proposed method (described in the next section) yields a result as shown in Figure 3.1(d) with an error rate of 0%, showing the effectiveness of the proposed method. Instead of using artificially-created images, Figures 3.1(e) through 3.1(h) shows the recovery results using an original X-ray image, Figure 3.1(e), as input, where Figure 3.1(f) shows the result yielded by [55] with an error rate of 16.53%, Figure 3.1(g) shows that yielded by [56] with an error rate of 14.99%, and

Figure 3.1(h) shows that yielded by the proposed method with an error rate of 0%

again.

(a) (b) (c)

(d) (e) (f)

(g) (h)

Figure 3.1. Recovery results showing problems of [55] and [56] with block size 88, incorrectly-recovered blocks marked as white, and error rate denoted by err. (a) Input flat X-ray image. (b) Result with err = 50.81% yielded by [55]. (c) Result with err = 44.53% yielded by [56]. (d) Result with err = 0% yielded by proposed method. (e) Input original image of (a). (f) Result with err = 16.53% yielded by [55]. (g) Result with err = 14.99% yielded by [56]. (h) Result with err = 0% yielded by proposed method.

3.3 Proposed Method

3.3.1 Message embedding

In the proposed method, the cover image I is encrypted using an encryption key Ke as done in [55], and each block Bm,n of the resulting encrypted image I′ is used to carry a message bit as well. However, unlike [55] and [56] which flip the three LSBs of each involved pixel in Bm,n, four LSBs are randomized to increase the probability for distinguishing original blocks from altered (interfered) ones using spatial correlations while the visual appearance of the decrypted image is still kept good enough. Next, four random bits ri,j,k′ corresponding to the four LSBs bi,j,k' of each pixel Pi,j′ in Bm,n are generated using the data-hiding key Kh; and if a bit to be embedded in Bm,n is 0, then the four LSBs bi,j,k' of each pixel Pi,j' in Bm,n are replaced by bi,j,k'' = bi,j,k'ri,j,k', resulting in the new pixel value pi,j′′; else, pi,j'' is taken to be the old value pi,j′ of Pi,j. Let the resulting encrypted image be denoted as I′′. The overall effect is: if the embedded bit in a block is 0, then the four LSBs of each block pixel are encrypted twice by the keys Ke and Kh; else, once by the key Ke only. So, the embedded bit in each block may be extracted by decrypting the block content with keys Ke and Kh and measuring the spatial correlations of the block to decide if the block has been encrypted once or twice as described next.

3.3.2 Message extraction and image recovery

To extract the message embedded in the encrypted image I′′, firstly the key Ke is used to decrypt image I′′ to obtain another, denoted by I′′′, whose pixels’ four MSBs are all the same as those of the pixels of the original cover image I. Next, the four

scrambled version Hm,n,1; and if the embedded bit is 1, then since the original cover block is encrypted only once by the key Ke, the decrypted block Hm,n,1 using the same key Ke will become the original block, which is usually smoother than the scramble version Hm,n,0 as well. Moreover, to compute the block smoothness, we adopt the measure used in [56] described by (9), but, unlike the side-match scheme used in [56]

which utilizes only the recovered block to compute the smoothness, a new side-match scheme using both unrecovered and recovered blocks is proposed.

In more detail, for each block Bx,y′ of the four blocks adjacent to each block Bm,n' in I''', if Bx,y′ is unrecovered yet, then the values of fm,n,0′ and fm,n,1′ computed according to (9) are augmented in the following way:

set f_{m n, ,0}  f_{m n, ,0} min(H_{m n, ,0} H_{x y, ,0}, H_{m n, ,0} H_{x y, ,1}); and fm,n,1′ are augmented in the following way:

set f_{m n, ,0}  f_{m n, ,0}  H_{m n, ,0} H_{x y r, ,}  ; blocks, where currently-processed adjacent block of Bm,n′ is Bm+1,n′.

Since blocks adjacent to Bm,n′ are all used to compute the smoothness no matter whether they are recovered or not, the resulting bit-extraction error rate will be smaller than other schemes not doing so. Figure 3.3 includes some results showing this effect for 88 blocks with a comparison with that yielded by [56].

(a) (b)

(c) (d)

Figure 3.3. Recovery results showing effects of using both recovered and unrecovered blocks for measuring smoothness of 88 blocks, with incorrectly-recovered blocks marked as white, and error rate denoted by err. (a) Result with err = 2.66% yielded by [56]. (b) Result with err = 0.46% yielded by proposed method without using side-match. (c) Result with err = 0.27% yielded by proposed method using only recovered blocks in side-match scheme. (d) Result with err = 0.22% yielded by proposed method using both recovered and unrecovered blocks in side-match scheme.

3.4 Experimental Results

Four 512512 test images, Figures 3.4(a) through 3.4(d), were used in the experiments, and the results of the proposed method are compared with those yielded by [55] and [56], as illustrated in Figure 3.5 which includes plots of the trends of bit-extraction error rates vesus different block sizes ss. It is seen from Figures 3.5(a) through 3.5(d) that the error rates yielded by the proposed method are much smaller than those yielded by [55] and [56]. For example, for the cover image Figure 3.4(a) with block size 88, Figure 3.5(a) shows that the bit-extraction error rates using [55]

and [56] are 12.87% and 10.21%, respectively; and that yielded by the proposed method is 0.07%. Moreover, Figure 3.5(a) shows that the error rate yielded by the proposed method is zero when s is larger than 12, but those yielded by both [55] and [56] are still larger than zero when s = 32.

(a) (b)

(c) (d)

Figure 3.4. Four test images of size 512512.

Additionally, we compare the execution time of the proposed method with that of [55] and [56] in message embedding. As mentioned previously in Sections 3.2 and 3.3.1, to embed a message bit, three LSBs of a portion of the pixels of each image

block are flipped in [55] and [56] and four LSBs of each block pixel are encrypted further, respectively. Therefore, the execution time of the proposed method and those of [55] and [56] for message embedding are all very short since the operations involve only encryptions and flippings, respectively. For example, for the cover image of Figure 3.4(a), Figure 3.6 shows a comparison of the execution time for message embedding required by the proposed method with those required by [55] and [56]

versus different block sizes, where the execution times of them are all very fast (about 0.1 ~ 0.15s).

(a)

(b)

(c)

Figure 3.5. Comparisons of bit-extraction error rates yielded by proposed method with those yielded by [55] and [56] versus different block sizes. (a) Error rates with cover image Figure 3.4(a). (b) Error rates with cover image Fig. Figure 3.4(b). (c) Error rates with cover image Figure 3.4(c). (d) Error rates with cover image Figure 3.4(d).

(d)

Figure 3.5. Comparisons of bit-extraction error rates yielded by proposed method with those yielded by [55] and [56] versus different block sizes. (a) Error rates with cover image Figure 3.4(a). (b) Error rates with cover image Fig.

Figure 3.4(b). (c) Error rates with cover image Figure 3.4(c). (d) Error rates with cover image Figure 3.4(d) (continued).

Figure 3.6. Comparison of execution time for message embedding required by proposed method with those required by [55] and [56] versus different block sizes.

Also, experiments for comparisons of the effects of using three or four LSBs for data embedding have also been conducted. Results for 88 blocks are shown in Figure 3.7, where the number of used LSBs is denoted by NL. Specifically, the methods [55]

and [56] do not perform better when NL = 4 for image Figure 3.4(a) as can be seen from Figures 3.6(e) through 3.6(h). The same conclusions can be drawn for other images. Contrarily, Figures 3.6(c) and 3.6(d) show that the proposed method performs better as NL is enlarged from 3 to be 4.

(a) (b) (c)

(d) (e) (f)

(g) (h)

Figure 3.7. Recovery results showing effects of using different numbers NL of LSBs for 88 blocks with incorrectly-recovered blocks marked as white and error rate denoted by r. (a) Cover image. (b) Decrypted image with message embedded. (c) Result with r = 0.90% yielded by proposed method for NL = 3. (d) Result with r = 0.07% yielded by proposed method for NL = 4. (e) Result with r = 12.87% yielded by [55] for NL = 3. (f) Result with r

= 29.27% yielded by [55] for NL = 4. (g) Result with r = 10.21% yielded by [56] for NL = 3. (h) Result with r = 27.76% yielded by [56] for NL = 4.

Furthermore, the average distortion of the decrypted image with respect to the original image by using the proposed method can be computed, which is described as follows. Firstly, a decrypted pixel in the decrypted image has two possibilities: (1)

correct decryption  the same as the original pixel; or (2) incorrect decryption  a where i respresents the difference between the decrypted gray value and the original one. The value of the PSNR of the decrypted image with respect to the original image is approximately image by using the proposed method is about 32.25 dB, which is not so good as those of [55] and [56] with the average PSNR value of 37.9 dB. However, the proposed method significantly reduces the bit-extraction error rate and solves the flat image problem without keeping the spatial similarity of the LSBs of the pixels in each block as mentioned previously.

3.5 Summary

A new data hiding method via encrypted images based on double image encryptions and refined spatial correlation comparison has been proposed, which does not have the weakness of two existing methods [55] and [56] in handling flat cover images. The weakness comes from the way of flipping the three LSBs of each pixel in part of each block in an encrypted image to embed a message bit. The proposed method improves this by encrypting the four LSBs of each pixel of every block instead of flipping three of them to embed a bit. Also, a refined side-match scheme utilizing the spatial correlations of both recovered and unrecovered blocks has been proposed to decrease the bit-extraction error rate, in contrast with Hong et al. [56]

which utilizes only those of recovered blocks. Experimental results show the feasibility of the proposed method. Future studies may be directed to applying the proposed method for various information hiding purposes.

Chapter 4

A New Data Hiding Technique via Revision History Records on Collaborative Writing Platforms

4.1 Introduction

Recently, more and more collaborative writing platforms are available, such as Google Drive, Office Web Apps, Wikipedia, etc. On these platforms, a huge number of revisions generated during the collaborative writing process are recorded.

Furthermore, many people work collaboratively on these platforms. Thus, these platforms are very suitable for data hiding applications, such as covert communication, secret data keeping, etc. It is desired to propose a new method which is useful for covert communication or secure keeping of secret messages on collaborative writing platforms However, the above-mentioned data hiding methods via text [29]-[38] in Section 1.3.3 can only be applied to documents with single authors and single revision versions, meaning that they are not suitable for hiding data on collaborative writing platforms. Therefore, the goal of this study is to propose a new data hiding method which can hide data into documents created on collaborative writing platforms. In more detail, a new data hiding method is proposed, which simulates a collaborative writing process to generate a fake document, consisting of an article and its revision history, as a camouflage for message bit embedding. As shown in Figure 4.1, with the input of an article and a secret message, the proposed method utilizes multiple virtual authors to collaboratively revise the article, generating artificially a history of earlier revisions of the article according to the secret message. An ordinary reader will consider the resulting stego-document as a normal collaborative writing output, and cannot realize the existence of the secret message hidden in the document.

Cover document Simulate the real collaborative

Moreover, the previously-mentioned linguistic methods [35]-[38] in Section 1.3.3 use written natural languages to generate stego-documents and can produce more innocuous stego-texts than other data hiding methods, but an issue common to them is how to find a nature way for simulating the writing process and how to obtain large-volume written data automatically. Hence, another goal of this study is to find a nature way to generate the revision history and to obtain large-volume collaborative writing data automatically. In recent years, some researches have been conducted to analyze the revision history data of Wikipedia articles for various natural language processing applications [57]-[63], such as spelling corrections, reformulations, text summarization, user edits classification, multilingual content synchronization, etc. In addition to being useful for these applications, the collaboratively written data in Wikipedia are also very suitable, as found in this study, for simulating the collaborative writing process for the purpose of data hiding since it is the largest collaborative writing platform nowadays.

In [64], Liu and Tsai proposed a data hiding method via Microsoft Word documents by the use of the change tracking function, which embeds a secret message by mimicking a pre-draft document written by an author with an inferior writing skill

In [64], Liu and Tsai proposed a data hiding method via Microsoft Word documents by the use of the change tracking function, which embeds a secret message by mimicking a pre-draft document written by an author with an inferior writing skill