Authentication of Digital Images via Tree-Structured Digital Signature

全文

(1)AUTHENTICATION OF DIGITAL IMAGES VIA TREE-STRUCTURED DIGITAL SIGNATURE Chun-Shien Lu and Hong-Yuan Mark Liao. Institute of Information Science, Academia Sinica, Taipei, Taiwan, R.O.C. E-mail: flcs, [email protected]. Abstract The existing digital data veri

(2) cation methods are able to detect tampered regions, but are too fragile to resist incidental manipulations. This paper proposes a new digital signature scheme which makes use of an image's contents to construct a tree-structured digital signature (TSDS ) for image authentication. The characteristic of TSDS is that it can tolerate content-preserving modi

(3) cations while detecting content-changing modi

(4) cations. Many incidental manipulations, which were detected as malicious modi

(5) cations in the previous digital signature or fragile watermarking schemes, can be bypassed in the proposed scheme. Performance analysis and experimental results have shown the superiority of the proposed scheme.. 1. INTRODUCTION Owing to the popularity of data digitization, it is easy to tamper with digitized data without leaving any clue. However, this will raise an emergent need of data integrity veri

(6) cation in order to judge which is authentic or fake. Conventionally, content veri

(7) cation can be classi

(8) ed into two categories: digital signature-based [2, 3, 5, 7, 8, 10] and watermark-based [4, 6, 9, 12, 13, 14, 15, 16]. A digital signature represents a speci

(9) c characteristic of a media data and is stored as a

(10) le, which is used later for authentication. Watermarking, on the other hand, is used to embed hidden information into a media data and the hidden information is later extracted to verify data. Both types are expected to be sensitive to modi

(11) cation so that changes of data can be re ected on the digital signature or the watermark. According to the underlying technology used, some of the above methods can be roughly classi

(12) ed as hash function-based [5], quantization-based [6, 9], featurebased [2, 3], and relation-based [7, 8]. For quantizationbased methods, Kundur and Hatzinakos [6] designed. a quantization technique to encode a watermark such that the hidden watermark will be more/less sensitive to modi

(13) cations at high/low frequency in the wavelet domain. However, the main disadvantage of [6] is that the tampering detection results are very unstable. Perturbation of a wavelet coecient may make the extracted mark di erent from or the same as the embedded one. That is, the extracted result is totally unpredictable. Once the perturbation exceeds one quantization interval, the extracted watermark value will be either the same as or di erent from the embedded one. Another drawback is that their method cannot resist incidental modi

(14) cations. For feature-based authentication systems, Bhattacharjee and Kutter [2] proposed to generate a digital signature by encrypting the feature points' positions of an image. Authentication is then accomplished by comparing the positions of the feature points extracted from a questionable image with those decrypted from the previously encrypted digital signature. Again, it is wondered that whether this approach can resist JPEG compression with middle-to-high ratios because the feature points are liable to be shifted. Recently, Dittmann et al. [3] presented a content-based digital signature approach for image/video authentication using edge characteristics. Their content features are similar to [2], but di erent extraction techniques are used. On the other hand, in order to make the designed image authentication system survive JPEG compression, Lin and Chang [7, 8] were dedicated to exploring the operation in the JPEG system. They proposed to preserve the invariant relationships between any two DCT coecients, which are at the same positions of di erent 88 blocks, to form a digital signature. This is because they found that these invariance properties can be always preserved before and after JPEG quantization. However, it was not clear how their method could survive other incidental manipulations. Although the.

(15) authors [7, 8] used the invariance property to authenticate images, this relationship is random because the invariance property of any two random DCT blocks are stored as the digital signature. The merit of image structure is actually ignored. In this paper, we shall develop a new image authentication scheme, which is totally di erent from the existing methods in that we don't care the positions of feature points or the relationship of any two random coecients. On the contrary, we consider the \tree-structure " of an image's content as the digital signature. The tree-structure of an image's contents is composed of the parent-child pairs in a wavelet domain. We investigate how this tree-structured digital signature can be robust under image content-preserving manipulations and can be fragile under image contentchanging manipulations. Performance analysis of this structured digital signature-based image authentication scheme has been conducted to prove its powerfulness, and as does our experimental results. This paper is an extension of its preliminary version [10]. The remainder of this paper is organized as follows. In Sec. 2, we will present the proposed content-based digital signature image authentication scheme. This will include the construction and veri

(16) cation of a treestructured digital signature. In addition, the operations of non-oblivious and oblivious watermark detection techniques are, respectively, discussed. An analysis on the performance of our proposed scheme will be conducted in Sec. 3. We will discuss the false positive and false negative problems when incidental distortions and/or malicious tampering are encountered. In addition, we will analyze the e ect caused when the size of a tree-structured digital signature is changing. Based on the analysis a systematic way can be derived to determine the best size for use. In Sec. 4, a series of experiments will be conducted and their results will be reported. Concluding remarks will be given in Sec. 5.. 2. TREE-STRUCTURED DIGITAL SIGNATURE (TSDS ) Our digital signature scheme is based on the wavelet transform due to its excellent multiscale and precise localization properties. Basically, the multiscale representation of an image is by nature highly suitable for designing a tree-structured digital signature.. 2.1. De

(17) ning TSDS based on Interscale Relationship of Wavelet Coecients Let ws;o (x; y) represent a wavelet coecient (at scale s, orientation o, and position (x; y)) in the orthogonally. downsampled wavelet transform of an image I. Suppose a J -scale wavelet transform is performed, then 0 s < J . The interscale relationships of wavelet coecients can then be converted into the relationships between the parent node ws+1;o (x; y) and its four child nodes ws;o (2x + i; 2y + j ) with jjws+1;o (x; y)j ; jws;o (2x + i; 2y + j )jj 0: (1) The new signature, tree-structured digital signature (TSDS ), can be constructed from the interscale relationships of wavelet coecients of an image. The basic concept relies on (i) the interscale relationship should be dicult to be destroyed after content-preserving manipulations; and (ii) this interscale relationship should be dicult to be preserved after content-changing manipulations. Because these interscale relationships are resulted from the tree-structure of an image (say I) in the wavelet domain, we de

(18) ne them as the treestructured digital signature of I || TSDS (I). The tree-structured digital signature of an image consists of a set of parent-child pairs, which satisfy jjws+1;o (x; y)j;jws;o (2x + i; 2y + j )jj ( > 0): (2) The above constraint is stricter than the original interscale relationship of wavelet coecients shown in Eq. (1). The size of will determine the number of parentchild pairs recorded in a TSDS (I). The smaller the is, the larger the amount of elements in a TSDS is. We do not intend to keep all the parent-child pairs as the elements of a TSDS because some of the elements may not be signi

(19) cant enough. The signi

(20) cance of a parent-child pair is completely dependent on their magnitude di erence. The larger the di erence, the more signi

(21) cant the parent-child pair is. From a parentchild pair whose magnitude di erence is small is equivalent to having a \small" quantization interval in the quantization-based approach [6, 9]. Therefore, it will be very sensitive to modi

(22) cations including some minor incidental ones. In order to design a robust image authentication scheme, we only keep those parent-child pairs whose magnitude di erences are large as the elements of a tree-structured digital signature. In order to appropriately detect a malicious tampering while tolerating an incidental modi

(23) cation, we use the size of a tree-structured digital signature to control the tradeo between fragility and robustness. In general, the construction of a tree-structured digital signature is very easy because there is no feature selection involved [2, 3] is not required. Once the parent-child pairs are selected by the constraint de

(24) ned in Eq. (2), each pair is assigned a symbol, which represents what kind of relationship this pair carries. These symbols will be formally de

(25) ned in Sec..

(26) 2.2. The above mentioned symbols and their locations in the wavelet domain will be encrypted by a public key algorithm, RSA [11]. Finally, the encrypted information will be stored and used for image authentication later.. 2.2. Labeling a TSDS According to the interscale relationship among wavelet coecients, there are four possible relationship types of a TSDS . Assume the magnitude of a parent node p is larger than that of its child node c (i.e., jpj > jcj), then the four possible relationships of the pair, < p; c >, are: (i) p 0; c 0; (ii) p 0; c 0; (iii) p 0; c 0; (iv) p 0; c 0. Considering the case when jpj > jcj and c is small. In order to make < p; c > still credible when incidental modi

(27) cations are encountered, the value of c is not important. Therefore, the relations (i) and (ii) can be merged to form a signature symbol I , under the condition that p 0 and c don't care. On the other hand, the relations (iii) and (iv) can be merged to form another signature symbol II , under the condition that p 0 and c don't care. In other words, we intend to keep the sign of the larger element unchanged while disregarding the smaller one under the constraint that their original interscale relationship is still preserved. Similarly, the signature symbol III (under the condition that c 0 and p don't care) and IV (under the condition that c 0 and p don't care) can be de

(28) ned under the constraint jpj < jcj. For those pairs that are not recorded in a TSDS are all labeled by the

(29) fth signature symbol V . Hence, we represent the signature symbol of a parent-child pair as sym(< p; c >), which can be one of the above de

(30) ned symbol types.. 2.3. Veri

(31) cation. If one would like to verify an unknown image (~I), it is

(32) rst wavelet transformed and then its tree-structured digital signature TSDS (~I) should be constructed. On the other hand, the encrypted tree-structured digital signature of the original image I is retrieved and then decrypted to obtain its corresponding TSDS (I). One can say the interscale relationship of a pair < p; c > in I is still unchanged in ~I if their signature symbols are the same. That is, the relation. sym(< p; c >) = sym(< p~; c~ >). (3). holds, where the pair < p~; c~ > in ~I is the corresponding pair of < p; c > in I. Finally, we calculate the completeness of the TSDS (CoTSDS ) in ~I, which is de

(33) ned as the similarity degree, Sim, between TSDS (I). and TSDS (~I): + ; N; CoTSDS (~I) = Sim(TSDS (I); TSDS (~I)) = jNTSDS (I)j ;. (4) where N + represents the number of pairs satisfying Eq. (3) and N ; represents the number of pairs violating Eq. (3). jTSDS (I)j is used to denote the number of parent-child pairs in TSDS (I). A larger CoTSDS means the suspect image ~I is reliable; otherwise it means ~I has been maliciously tampered. In addition, the locations of tampering can be easily detected from those parent-child pairs whose signature symbols have been updated. Let the magnitudes of the di erence of parent-child pairs in a tree-structured digital signature be arranged in a decreasing order. It is known that the elements with larger magnitudes (preceding elements) are not vulnerable to attacks while those with smaller magnitudes (posterior elements) tend to be easily attacked. Therefore, one can use the preceding elements to indicate the robustness and use the posterior elements to re ect the fragility. Under these circumstances, when the size of a tree-structured digital signature becomes large, the preceding elements become to be easily changed such that the robustness property is more or less affected. On the other hand, the modi

(34) cation of the posterior elements will re ect accurately the degree of fragility. When jTSDS j becomes large, the robustness property will be more or less a ected since the posterior elements tend to be changed. On the other hand, due to the posterior elements are easily changed, they are used to re ect fragility. So, if jTSDS j is small enough, then the fragility property may disappear because all elements are selected to be larger enough. Therefore, a suitable TSDS 's size needs to be determined in order to achieve a compromise between robustness and fragility. In Sec. 3, we will give a systematic way to determine (which also determines the jTSDS j) by statistical analysis of the distributions of a TSDS and an attack's behaviors.. 2.4. Length of A Tree-Structured Digital Signature. Let the number of parent-child pairs in a TSDS be n. The

(35) rst part of a TSDS we should store is the child locations of the n parent-child pairs. The reason why the child locations instead of the parent locations are examined is that they are easy to be backtracked. For example, if a child node's location is (x; y), then it's parent's location is (x=2; y=2). On the contrary, if a parent node's location is (x; y), there are four possible locations for a child. They are (2x + i; 2y + j ) where.

(36) 0 i; j 1. For n parent-child pairs, 2 n bytes are required to store their locations because each location needs two bytes. In addition, each parent-child pair has four possible interscale relationships. Since each interscale relationship needs two bits to express it, there are in total n4 bytes required to store all the interscale relationships. In fact, the storage can be further saved if the locations of child nodes are stored based on their prede

(37) ned ordering. Under the circumstances, the number of occurrence of every signature symbol is counted. For the

(38) rst four types of symbols, we store the number of parent-child pairs and then the locations of these pairs. In this way, the memory used for storing the signature symbols will be reduced from n4 bytes to 4 bytes. That is, there are in total (2n + 4) bytes required to store a tree-structured digital signature before encryption.. forms: positive di erence (d 0) and negative di erence (d < 0). The positive di erence portion and the negative di erence portion both form a Gaussian distribution, G S , without zero mean. Their standard deviations are denoted as S , which is usually very large (scale of hundreds) because the variance of d is large in the wavelet domain and is in magnitude larger than I . The possible relations between G A and G S are depicted in Fig. 1. In Fig. 1, the Gaussian distributions shown in the middle part are G A , whereas the right/left one is G S corresponding to positive/negative d. is de

(39) ned as the intersection point of G A and G S . The shaded areas, which represent the parent-child pairs with smaller di erence jdj in the tails of G S , will be updated based on the value of kak in the tails of G A . Next, we will analyze the e ect of I and M on , respectively. First, let an incoming attack be an incidental one such as JPEG=SPIHT compression, rescaling, and so on. The probability that the relation of parent-child 3. PERFORMANCE ANALYSIS pairs may be destroyed (i.e., d's sign is changed) is denoted as pI (the shaded areas in Fig. 1) and can be Usually, a watermarking or digital signature-based method calculated by must be justi

(40) ed through the false positive (probability of false alarm) and false negative (probability of pI = 2 (P f0 < d < ; g + P f < a < 1g) miss detection) probability analyses such as those have = 2 (P f0 < d < ; g + (1 ; P f0 < a g)) been done in [6, 7]. For image authentication purpose, a false positive probability is de

(41) ned as that an im= 2 (erf ( 2; ) + [1 ; erf ( 2 )]); (5) S I age is detected to be maliciously tampered but in fact the image has not been tampered with. On the other where erf () represents the error function [1] which is hand, a false negative probability means that an image de

(42) ned as: is actually modi

(43) ed by a malicious tampering but some Z " 2 tampered areas are not detected. A practical signature erf (") = p e;u2 du: system should ensure that both the false positive and 0 false negative probabilities are reasonably small. Due In Eq. (5), the constant 2 appears due to the two to space limit, please refer to the preliminary version symmetric G S 's belonging, respectively, to the positive [10] for these analyses. In this paper, we shall consider and negative d. Because the attack under consideration another two problems, as discussed in the following. is incidental, ; is usually small. Since the standard deviation of G is of the scale of hundreds, 2;S 3.1. The Relation between and the Strength is thus verySsmall.S Under the circumstances, the

(44) rst of Attacks term in Eq. (5), erf ( 2;S ), approximates zero. On the other hand, satis

(45) es > and is chosen to Attacks can be roughly classi

(46) ed into two categories: be large (Eq. (2)), so is also large enough. For an incidental manipulations and malicious distortions. To incidental attack, we know the value of I is usually simplify the analysis, we assume the strength of an atsmall. Therefore, 2I is large. As a consequence the A tack, a, is a Gaussian distribution, G , with zero mean. second term, [1 ; erf ( 2I ))], should be a very small According to Gaussian modeling of attacks [6, 9], we one. In sum, the above discussion explains why the can have the following analysis. Usually, an incidenprobability P I can be suciently small if the incoming tal manipulation tends to have a small standard deviattack is incidental with small I . That is, ation I while a malicious tampering tend to have a large standard deviation M , i.e., I < M . Based on pI 2 [1 ; erf ( 2 )] 0: (6) our scheme, a tree-structured digital signature is conI structed by selecting those parent-child pairs whose differences in magnitudes (sign does not matter) are larger The near-optimal can be derived based on the conthan . The di erence in magnitude, d, may have two dition that the incoming attack is incidental and the.

(47) value of pI is smaller than a pre-determined threshold (e.g., = 0:1). Under the circumstances, the nearoptimal can be derived by. pI 2 [1 ; erf ( 2 )] < :. Thus, we have. I. 1 ; 2 < erf ( 2 ):. (7). I. Using a predetermined together with I and checking the tables of error function [1], we should be able to obtain the lower bound of . From this , the lower bound of the near-optimal can be approximately determined because is close to based on the Gaussian models shown in Fig. 1. On the other hand, let the incoming attack be malicious such as object placement, cloning, and so on. The probability that the relations of parent-child pairs in a tree-structured digital signature may be destroyed is de

(48) ned as. pM = 2 (P f0 < d < ; g + P f < a < 1g) = 2 (P f0 < d < ; g + (1 ; P f0 < a g) = 2 (erf ( 2; ) + [1 ; erf ( 2 )]): (8) S. M. In Eq. (8), ; is known to be small and, thus, 2;S is very small. As a consequence, the

(49) rst term in Eq. (8), erf ( 2;S ), has a value close to zero because it corresponds to an incidental modi

(50) cation. On the other hand, it is known that M is usually large which leads to a small 2M . As a consequence, the second term of Eq. (8), [1 ; erf ( 2M ))], has a value which is far away from zero. In general, the detection rate of maliciously tampered regions is determined mainly based on the second term. Once again, given P M suciently large, the estimated standard deviation M of malicious manipulations, and checking the error function tables [1], we shall obtain the upper bound of . From this derived , the upper bound of near-optimal will also be approximately obtained as in the case of incidental modi

(51) cations. In sum, the interval which the near-optimal should fall into can be mathematically derived from the above analysis.. 3.2. Tampering at the Locations Where TSDS is not Recorded. If the locations of the elements in a TSDS are correctly guessed, the attacker may try to tamper with those positions which are not recorded in the corresponding TSDS (I) and thus disable our method. Fortunately,. the attackers cannot succeed in this case because if the parent-child pairs are not recorded in a TSDS (I) that means their interscale relationships do not satisfy the condition in Eq. (2). In other words, we can verify easily by checking the signature symbols of those parent-child pairs that are not recorded in TSDS (I) and TSDS (~I). Let < ws;o (x; y); ws+1;o (2x + i; 2y + j ) > be a parent-child pair which is not in a TSDS (I) and assume its corresponding pair < w~s;o (x; y); w~s+1;o (2x + i; 2y + j ) > is not in a TSDS (~I), where 0 i; j 1. We can determine whether the < ws;o (x; y); ws+1;o (2x + i; 2y + j ) > pair is tampered or not by checking sym < w~s;o (x; y); w~s+1;o (2x + i; 2y + j ) >. If sym < w~s;o (x; y); w~s+1;o (2x + i; 2y + j ) > is equal to V , then it is tampered. It is known that the condition for sym < w~s;o (x; y); w~s+1;o (2x + i; 2y + j ) > to belong to V is jjw~s;o (x; y)j; jw~s+1;o (2x + i; 2y + j )jj < .. 4. EXPERIMENTAL RESULTS Our tree-structured digital signature-based image authentication scheme was

(52) rst tested against a Beach image with 256 256 size. A large \umbrella" was placed on the Beach image and formed a tampered image, which is very similar to Fig. 2(a) without compression e ect. The parent-child pairs whose di erence d satisfying jdj > = 256= = 128 were, respectively, chosen to construct a TSDS . As we expected from the detection results, the TSDS with a smaller size will lose some tampered pixels. However, the integration of multiscale results was suciently to re ect the tampered area. The above experiments provided a good example showing the compromise between robustness and fragility under two tree-structured digital signatures with di erent sizes. Other results can also be found in [10]. In the second part of our experiments, we applied several incidental distortions on the Beach image to test the robustness of our scheme. Three tree-structured digital signatures with di erent number of parent-child pairs were constructed. It can imagine that the TSDS with a smaller/larger jTSDS j (corresponding to a larger /smaller ) would result in few/more elements. In our results, perfect completeness of TSDS can be obtained under di erent SPIHT compression ratios using three di erent . For JPEG compression, perfect preservations of TSDS (except for the results obtained from = 64) were also obtained for quality factors ranging from 60% (7 : 1) to 10% (21:7 : 1). In addition, Table 1 summarized the veri

(53) cation results obtained under other incidental distortions including rescaling, histogram equalization, blurring, median

(54) ltering, sharpening, and Gaussian noise adding. These.

(55) manipulations are sometimes unavoidable in image processing and thus cannot be considered as malicious modi

(56) cations. From the above results, we can

(57) nd that the completeness of tree-structured digital signature was consistently very high for incidental manipulations when > 64 except for the case of median

(58) ltering. This indicates that our method can really tolerate common incidental modi

(59) cations very well for large enough. Practically, a reasonable can be determined mathematically based in the analysis described in Sec. 3. In the third part of our experiments, we shall use our scheme to authenticate those images which were modi

(60) ed by an incidental manipulation and a malicious distortion simultaneously. Fig. 2(a) shows a beach image which was

(61) rst JPEG compressed with quality factor 10% and then an \umbrella" object was placed. The veri

(62) cation results obtained at 22 ; 24 scales using = 128 were shown in Figs. 2(b)(d), respectively. As we can see from these results the area where the umbrella was placed could be approximately detected and the JPEG compressed does not a ect the veri

(63) cation results. Another set of experiments is shown in Fig. 3. The beach image was

(64) rst scaled down to 128 128 from 256 256 and then the umbrella object was placed on it. Finally, the image was rescaled to the original size 256 256, as shown in Fig. 3(a). When was set to be 128, Figs. 3(b)(d) showed the placed umbrella was detected at 22 ; 24 scales. However, some small fragments which were not the targets were mistaken detected. This is because the changes of wavelet coecients resulted from rescaling are liable to destroy the tree-structured digital signature than the JPEG does. Finally, we conducted an experiment to demonstrate if a malicious tampering was operated on the areas which were not recorded in a TSDS , then they could also be detected as we have analyzed in Sec. 3.2. In Fig. 4(a), a helicopter was placed on the sky portion of the beach image. In fact, the wavelet coecients in the sky area do not belong to the tree-structured digital signature. Using the proposed scheme, the tampered area could be detected at 22 ; 24 scales and shown, respectively, in Figs. 4(b) (d) when = 128. It can be observed that the helicopter can be approximately detected at multiple scales. The blocky e ect shown in Fig. 4(b) (d) was the natural results inherited from the multiresolution representation of the wavelet transform. From the above experiments, we could make a conclusion about the selection of . The value of can be mathematically determined from the analysis described in Sec. 3. However, the assumptions used in Sec. 3 may. not always hold, so we can empirically choose to be 128 which has been con

(65) rmed by several experimental results.. 5. CONCLUSION For image authentication, it is desired that the veri

(66) cation method is able to resist content-preserving modi

(67) cations while being sensitive to content-changing modi

(68) cations. In this paper, a new tree-structured digital signature scheme has been proposed for image authentication. We make use of the structure of a wavelettransformed image itself to construct the digital signature. The only way to destroy the structure of our digital signature is to signi

(69) cantly change the image's content, however, malicious modi

(70) cations would be detected. In addition, some unavoidable image processing techniques will preserve a great many of TSDS which would be detected to be incidental. Performance analysis and experimental results have been given to show that our scheme is really robust to content-preserving manipulations and fragile to content-changing distortions. Our future work will consider the geometric distortions such as rotation, which cannot be tolerated in this paper because the tree-structured digital signature is variant to rotation.. 6. REFERENCES [1] M. Abramowitz and I. A. Stegun, \Handbook of Mathematical Functions with Formulas, Graphs, and Mathematical Tables", Dover Publications , Inc., New York, 1965. [2] S. Bhattacharjee and M. Kutter, \Compression Tolerant Image Authentication", IEEE Inter. Conf. on Image Processing , USA, pp. 435-439, 1998. [3] J. Dittmann, A. Steinmetz, and R. Steinmetz, \Content-based Digital Signature for Motion Pictures Authentication and Content-Fragile Watermarking", IEEE Inter. Conf. Multimedia Computing and Systems , Vol. II, Italy, pp. 209-213, 1999. [4] J. Fridrich, \Methods for Detecting Changes in Digital Images", Proc. IEEE Int. Workshop on Intell. Signal Processing and Communication Systems , 1998. [5] G. L. Friedman, \The Trustworthy Digital Camera: Restoring Credibility to the Photographic Image", IEEE Trans. Consumer Electronics , Vol. 39, pp. 905-910, 1993..

(71) [6] D. Kundur and D. Hatzinakos, \Digital Watermarking for TellTale Tamper Proo

(72) ng and Authentication", Procceedings of the IEEE , Vol. 87, pp. 1167-1180, 1999. [7] C.-Y. Lin and S.-F. Chang, \A Robust Image Authentication Method Surviving JPEG Lossy Compression", SPIE Storage and Retrieval of Image/Video Database , Vol. 3312, San Jose, 1998. [8] C.-Y. Lin and S.-F. Chang, \Generating Robust Digital Signature for Image/Video Authentication", Multimedia and Security Workshop at ACM Multimedia , UK, 1998. [9] C. S. Lu, H. Y. Mark Liao and C. J. Sze, \Combined Watermarking for Image Authentication and Protection", Proc. 1st IEEE Int. Conf. on Multimedia and Expo , USA, 2000. [10] C. S. Lu and H. Y. Mark Liao, \Structural Digital Signature for Image Authentication: An Incidental Distortion Resistant Scheme", Proc. Multimedia and Security Workshop at 8-th ACM Int. Conf. on Multimedia , LosAngeles, California, USA, Nov. 4, 2000. [11] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, \Handbook of Applied Cryptography", CRC Press , 1997. [12] S. Walton, \Image Authentication for A Slippery New Age", Dr. Dobb's Journal , Vol. 20, pp. 18-26, 1995. [13] R. B. Wolfgang and E. J. Delp, \Fragile Watermarking Using the VW2D Watermark", Proc. SPIE/IS&T Inter. Conf. Security and Watermarking of multimedia Contents , Vol. 3657, pp. 40-51, 1999. [14] M. Wu and B. Liu, \Watermarking for Image Authentication", Proc. IEEE ICIP , 1998. [15] M. M. Yeung and F. Mintzer, \An Invisible Watermarking Technique for Image Veri

(73) cation", IEEE Conf. Image Processing , Vol. 2, pp. 680-683, 1997. [16] B. Zhu, M. D. Swanson, and A. H. Tew

(74) k, \Transparent Robust Authentication and Distortion Measurement Technique for Images", IEEE Digital Signal Processing Workshop , pp. 45-48, 1996.. Figure 1: The possible relationship between the attack's distribution G A (with standard deviation I or M ) and the TSDS 's distribution G S (with standard deviation S ).. Table 1: CoTSDS of the Beach image under other. incidental distortions (IDs): R (rescaling), H (histogram equalization), B (blurring, 7 7), M (median

(75) ltering, 5 5), S (sharpening), and G (Gaussian noise). Among them, sharpening and Gaussian noise adding with amount 16 were run using Photoshop. IDs. R H B M S G. I 26:8 27:3 22:9 23:0 23:4 15:9. Completeness of TSDS = 256 = 128 = 64 0:993 0:918 0:808 0:983 0:961 0:946 0:988 0:915 0:807 0:943 0:830 0:682 1:000 0:990 0:954 1:000 1:000 1:000.

(76) (a). (b). (c). (d). Figure 2: Combined attacks with incidental and malicious manipulations: (a) beach image after JPEG+\umbrella" placement; (b)(d) detected results of (a) at 22 24 scales when = 128.. (a). (b). (c). (d). Figure 3: Combined attacks with incidental and malicious manipulations: (a) beach image after rescaling(scaling+\umbrella" placement); (b)(d) detected results of (a) at 22 24 scales when = 128.. (a). (b). (c). (d). Figure 4: Malicious manipulations on non-TSDS areas: (a) maliciously tampered image with a \helicopter" on the sky; (b)(d) detected results of (a) at 22 24 scales when = 128..

(77)