• 沒有找到結果。

Secret image sharing with steganography and authentication

N/A
N/A
Protected

Academic year: 2021

Share "Secret image sharing with steganography and authentication"

Copied!
10
0
0

加載中.... (立即查看全文)

全文

(1)

Secret image sharing with steganography and authentication

Chang-Chou Lin, Wen-Hsiang Tsai

*

Department of Computer and Information Science, National Chiao Tung University, Hsinchu 300, Taiwan, ROC Received 24 October 2002; received in revised form 30 May 2003; accepted 20 July 2003

Available online 5 December 2003

Abstract

A novel approach to secret image sharing based on aðk; nÞ-threshold scheme with the additional capabilities of steganography and authentication is proposed. A secret image is first processed into n shares which are then hidden in n user-selected camouflage images. It is suggested to select these camouflage images to contain well-known contents, like famous character images, well-known scene pictures, etc., to increase the steganographic effect for the security protection purpose. Furthermore, an image watermarking technique is employed to embed fragile watermark signals into the camouflage images by the use of parity-bit checking, thus providing the capability of authenticating the fidelity of each processed camouflage image, called a stego-image. During the secret image recovery process, each stego-image brought by a participant is first verified for its fidelity by checking the consistency of the parity conditions found in the image pixels. This helps to prevent the participant from incidental or intentional provision of a false or tampered stego-image. The recovery process is stopped if any abnormal stego-image is found. Otherwise, the secret image is recovered from k or more authenticated stego-images. Some effective techniques for handling large images as well as for enhancing security protection are employed, including pixelwise processing of the secret image in secret sharing, use of parts of camouflage images as share components, adoption of prime-number modular arithmetic, truncation of large image pixel values, randomization of parity check policies, etc. Consequently, the proposed scheme as a whole offers a high secure and effective mechanism for secret image sharing that is not found in existing secret image sharing methods. Good experimental results proving the feasibility of the proposed approach are also included.

 2003 Elsevier Inc. All rights reserved.

Keywords: Secret image sharing; Steganography; Authentication; Camouflage image; Data hiding; Stego-image; Fragile watermarking; Least significant bit replacement

1. Introduction

Due to fast growth of Internet applications, digitized data becomes more and more popular. Because of the ease of digital duplication and tampering, data security becomes an important issue nowadays. In certain appli-cation cases, it is a risk if a set of secret data is held by only one person without extra copies because the secret data set may be lost incidentally or modified intention-ally. In some other cases, it might be necessary for a group of persons to share a certain set of secret data. Shamir (1979) proposed first the concept of ðk; nÞ-threshold secret sharing to solve this problem. The

scheme is designed to encode a secret data set into n shares and distribute them to n participants, where any k or more of the shares can be collected to recover the secret data, but any k 1 or fewer of them will gain no infor-mation about it. After the scheme was proposed, many related topics have been studied (Sun and Shieh, 1994; Chang and Lee, 1993). However, the resulting methods are suitable for only a few types of digital data, such as text files, passwords, encryption/decryption keys, etc.

Because of the drastic expansion of network band-widths, data flow on networks nowadays include extensively all types of multimedia, including image, audio, video, etc. In particular, how to share a secret image has attracted wide attention in recent years be-cause of the popular uses of images in network appli-cations. Naor and Shamir (1995) proposed first the idea of visual cryptography. The scheme provides an easy and fast decryption process that consists of xeroxing the

*

Corresponding author. Tel.: +886-3-5728368; fax:

+886-3-5734935.

E-mail addresses:whtsai@cis.nctu.edu.tw,gis85529@cis.nctu.edu. tw (W.-H. Tsai).

0164-1212/$ - see front matter 2003 Elsevier Inc. All rights reserved. doi:10.1016/S0164-1212(03)00239-5

(2)

shares onto transparencies and then stacking them to reveal the shared image for visual inspection. The scheme, which differs from traditional secret sharing, does not need complicated cryptographic mechanisms and computations. Instead, it can be decoded directly by the human visual system. However, the scheme is suit-able for binary images only and the generated noisy share may be suspicious to invaders. Although an ex-tended scheme for gray-level and color images (Verheul and van Tilborg, 1997; Blundo et al., 2000; Lin and Tsai, 2003) was proposed later, the problem of arousing sus-picion still exists.

Steganography is a kind of data hiding technique that provides another way of security protection for digital image data. Unlike utilizing a particular cipher algo-rithm to protect secret data from illicit access, the purpose of steganography is to embed secret data in pre-selected meaningful images, called camouflage images, without creating visually perceptible changes to keep an invader unaware of the existence of the secret. Numer-ous schemes have been developed to achieve the goal of data hiding (Bender et al., 1996; Hsu and Wu, 1999; Wu and Tsai, 1998, 1999; Kundur and Hatzinakos, 1999; Adelson, 1990). Differing from previously-mentioned visual cryptography schemes, which generate noisy images as shares that might be suspicious to invaders, the idea of generating shares with meaningful contents is proposed in this study. This enhances the security pro-tection effect. It requires the use of data hiding tech-niques in the secret sharing process.

On the other hand, it will be advantageous to check in advance the fidelity of all shares before they are used to reconstruct the secret image. This prevents a secret sharing participant from incidental or intentional pro-vision of false share data, causing unsuccessful secret recovery. One way to include such an authentication capacity in the secret sharing scheme is to use fragile watermarks. A fragile watermark (Lin and Delp, 1999) is a kind of signal, which is designed to be embedded in an image and can be easily destroyed if the watermarked image is manipulated in the slightest manner. By inspecting the existence of the embedded signal in an inspected image, the aim of authentication can be achieved. In this study, a technique of fragile image watermarking is adopted for image authentication dur-ing the secret shardur-ing process.

The remainder of this paper is organized as follows. In Section 2, use of the Shamir method for secret sharing is first described. In Section 3, the principle of the pro-posed approach to secret image sharing with the capa-bilities of steganography and authentication is described. In Section 4, a detailed algorithm to imple-ment the proposed approach is given. In Section 5, an algorithm for secret recovery is described. Some exper-imental results are shown in Section 6. Finally, some conclusions and discussions are given in the last section.

2. Use of the Shamir method for secret sharing

The proposed approach to secret image sharing is based on theðk; nÞ-threshold secret sharing method pro-posed by Shamir (1979). In this section we describe how to use the Shamir method for conventional secret sharing before describing our approach in the next section.

By the Shamir method, to generate n shares for a group of n secret sharing participants from a secret integer value y for the threshold k, we can use the fol-lowingðk  1Þ-degree polynomial

FðxÞ ¼ y þ m1 x þ m2 x2þ    þ mk1 xk1 ð1Þ

in the following way.

1. Select the number k is to be no larger than n. 2. Choose the k 1 integer values m1; m2; . . . ; mk1

ran-domly.

3. Choose freely for the ith secret sharing participant a value of x (denoted as xi), but all xi must be distinct

from one another.

4. For each chosen xi, compute a corresponding value of

FðxiÞ by Eq. (1).

5. Take each pair ofðxi; FðxiÞÞ as a secret share and

de-liver it to a participant.

In the above secret sharing process, the k 1 chosen values of mi need not be kept after all secret shares are

generated; they can be recovered, together with the se-cret value y, from the n sese-cret shares in the sese-cret recovery process as described in the following.

1. Collect at least k secret shares from the n ones to form a system of equations as follows:

Fðx1Þ ¼ y þ m1 x1þ m2 x21þ    þ mk1 xk11 ; Fðx2Þ ¼ y þ m1 x2þ m2 x22þ    þ mk1 xk12 ; .. . FðxkÞ ¼ y þ m1 xkþ m2 x2kþ    þ mk1 xk1k : ð2Þ Note that the xiand FðxiÞ in (2) above with 1 6 i 6 k

are 2k known values collected from the k secret shares. 2. Use a polynomial interpolation technique like the Lagrange method to solve the k unknowns, m1; m2; . . . ; mk1, and y, in the k equations in (2)

and reconstruct the ðk  1Þ-degree polynomial F ðxÞ described by Eq. (1) to be:

FðxÞ ¼ F ðx1Þ ðx  x2Þðx  x3Þ    ðx  xkÞ ðx1 x2Þðx1 x3Þ    ðx1 xkÞ þ F ðx2Þ ðx  x1Þðx  x3Þ    ðx  xkÞ ðx2 x1Þðx2 x3Þ    ðx2 xkÞ þ    þ F ðxkÞ ðx  x1Þðx  x2Þ    ðx  xk1Þ ðxk x1Þðxk x2Þ    ðxk xk1Þ : ð3Þ

(3)

3. Compute the solution for the secret value y as Fð0Þ which may be derived from (3) above to be

y¼ ð1Þk1 Fðx1Þ x2x3   xk ðx1 x2Þðx1 x3Þ    ðx1 xkÞ  þ F ðx2Þ x1x3   xk ðx2 x1Þðx2 x3Þ    ðx2 xkÞ þ    þ F ðxkÞ x1x2   xk1 ðxk x1Þðxk x2Þ    ðxk xk1Þ  : ð4Þ

Note that according to Shamir (1979), if fewer than k secret shares are collected, the k unknowns cannot be solved and the desired y value cannot be reconstructed.

3. Principle of proposed approach

The proposed approach provides, in addition to se-cret image sharing, the capabilities of steganography and authentication, the former being useful for the purpose of hiding the shares and the latter for verifying their fidelity before secret reconstruction. In this section, we sketch the principle of the proposed approach by a simple algorithm, followed by detailed discussions on some proposed techniques for adapting the Shamir method for secret image sharing.

3.1. Proposed adaptation of the Shamir method for secret image sharing

The above Shamir method is useful for sharing secret integer data. To apply the Shamir method to share a secret image, one way is to consider the entire image data as an integer created by concatenating the data bytes of all the image pixels. However, this is impractical because the resulting integer might become too large to be handled in the equations described by (1)–(4). For example, even a small gray-scale image with a very small size of 16· 16 will result in an integer possibly of the enormous value of 28 16 16! In this study, the entire secret image is not taken as a single secret value; instead, each individual pixel is handled as a separate secret integer value, thus avoiding the above-mentioned problem of enormity of the secret data value.

The basic idea of the proposed approach is to com-pute secret shares from each pixel value in a given secret image, and hide them together with certain watermark signals behind a set of corresponding blocks in the camouflage images. As a simple illustration, let S b e a single image pixel taken as the secret image, and B1; B2; . . . ; Bn be n distinct gray-scale camouflage image

blocks, each of the size of 2· 2 or 4 pixels. The pixel S or anyone in Bi has a single byte of data to specify its gray

intensity value. Let the value of S be denoted as s, which is just the secret data to be shared by n participants.

Also, let the four pixels in each Bi be denoted as Xi, Wi,

Vi and Ui, and their values as xi, wi, vi, and ui,

respec-tively. Furthermore, let the eight data bits of Xi be

denoted as xi1; xi2; . . . ; xi8 and those of Wi as wi1;

wi2; . . . ; wi8and so on. Finally, let b1; b2; . . . ; bnbe n data

bits to be used as watermark signals, with bi to be

embedded in Bi, respectively. An illustration of the

locations and the data of the pixels Xi, Wi, Vi, and Ui in

each Bi is shown in Fig. 1. The following is a basic

algorithm that reveals the principle of the proposed approach to secret image sharing. It is just a sketch of a more detailed algorithm which will be described later in this section.

Algorithm 1. Basic process for secret image sharing with a single image pixel as the secret.

Input : (1) a secret image pixel S with value s; (2) n dis-tinct 2· 2 camouflage image blocks B1; B2; . . . ; Bn; and (3) n watermark signal bits

b1; b2; . . . ; bn.

Output : n manipulated camouflage image blocks B01; B02; . . . ; B0n, with n secret shares and water-mark signal bits embedded in the blocks.

Steps.

Step 1. Take the value xi of the top-leftmost pixel Xi of

each camouflage image block Bi as the value x

specified in Eq. (1).

Step 2. Take the value s of the secret image pixel S as the value y specified in Eq. (1).

Step 3. Choose arbitrarily a set of k 1 integer values for use as the miin Eq. (1) where k 6 n.

Step 4. For each xi, compute the corresponding value of

FðxiÞ by Eq. (1) to form a secret share ðxi; FðxiÞÞ

for each participant in the secret sharing group. Step 5. Hide the eight data bits of FðxiÞ in the data bits

of the three pixels Wi, Ui, and Vi of the

corre-sponding camouflage image block Bi.

Step 6. Embed the watermark signal bit bi also in the

data bits of one of the three pixels mentioned in the last step.

Xi xi = xi1xi2…xi8 Wi wi = wi1wi2…wi8 Vi vi = vi1vi2…vi8 Ui ui = ui1ui2…ui8

Fig. 1. An illustration of the locations of the pixels in image block Bi and their values.

(4)

Each manipulated camouflage image block B0

i will be

called a stego-image block in the sequel, with the meaning that it is expected to have secret hiding or steganographic effect.

3.2. Merit of proposed secret image sharing approach

The above algorithm illustrates the basic idea of the proposed approach, from which several merits can be identified, as described in the following.

1. Utilization of the advantage of conventional ðk; nÞ-threshold secret sharing––It is seen from Steps 1 through 4 of the above algorithm that the secret sharing scheme proposed by Shamir (1979) can be applied properly to image secret sharing, and the advantage of the ðk; nÞ-threshold function of the scheme can be obtained. The previously-mentioned problem of creating an enormous secret data value caused by direct use of the Shamir method is solved.

2. Providing steganographic effect––Step 1 takes the top-leftmost pixel value xi of each camouflage image

block as the x value used in Eq. (1) for computing the corresponding value of FðxiÞ in Step 4. The secret share

ðxi; FðxiÞÞ can then be kept by a participant as in a

conventional approach. However, it is desired further in this study that this share be hidden to reduce the pos-sibility of being stolen or tampered with. It is observed from Step 1 that the data value xi belongs to the

top-leftmost pixel that is just part of a camouflage image. The camouflage image contains a visible content that can be selected arbitrarily by a secret sharing partici-pant, and this gives an effect of disguise to reduce pos-sible suspicion coming from illicit invaders. Furthermore, in Step 5, we also propose to hide, using any data hiding technique, the data of the corresponding value of FðxiÞ behind the other three pixels of the

camouflage image Bi. This as well creates a

stegano-graphic effect because what an invader sees is still the camouflage image itself. This is perhaps one of the most desirable merits in security applications. Note that the visual cryptography schemes proposed so far in litera-ture are mostly lossy and with low quality in nalitera-ture. We will describe the method we employ for data hiding without creating obvious image changes later in this paper.

3. Offering authentication capability––In Step 6, we propose to insert a watermark signal (a bit) in the data of one of the three pixels Wi, Vi, and Ui. The details will

be described later. This offers a capability of checking the fidelity of each stego-image before it is utilized in a secret recovery process. This is desirable because sometimes a secret sharing participant might inciden-tally bring an erroneous stego-image to the secret recovery session, or might even intentionally provide a false image to prevent successful secret recovery. In such cases, an additional authentication process for

checking the fidelity of all participants’ image data be-fore secret recovery starts is very helpful. Otherwise, it will get no way to find out which participant is inter-fering the secret recovery process if such a case does occur.

4. Extensibility of the proposed approach to handle color images––The above basic algorithm is designed for sharing gray-scale images. However, it is not difficult to see that it can be extended to handle color images: simply choose each camouflage image to be a color one, and apply the above algorithm respectively to each of the color channels of the image (e.g., in each of the R, G, and B channels if an RGB image is used), followed by the step of composing the three resulting stego-images, one for each channel, into a color image for a partici-pant to keep. This should be contrasted with certain existing visual secret sharing methods (Verheul and van Tilborg, 1997; Blundo et al., 2000; Lin and Tsai, 2003) which so far can only deal with black-and-white or gray-scale images, or with color images with only a very few number of colors. Our experimental results show that the hidden data are imperceptible.

5. Providing more security control––The above algo-rithm provides at least three levels of security protection, namely, the ðk; nÞ-threshold secret sharing, the stega-nographic effect, and the authentication capability, which will prevent attacks or illicit access more effec-tively. The proposed scheme will thus be useful for many high-security applications.

3.3. Elaboration of Algorithm 1 for the proposed approach

Algorithm 1 is just a sketch of a more detailed one that implements the proposed approach. In the follow-ing, we describe its details and the ideas behind them in order to reveal the merits of the proposed approach mentioned above. The detailed algorithm will be given in the next section.

1. Fulfillment of the requirement of the distinction among the values of xi––One of the requirements for the

applicability of Eqs. (1)–(4) as shown in Shamir (1979) is that all the values of xi must be distinct from one

an-other. However, the values of xi of two or more

cam-ouflage image blocks might be the same. In such cases, we have to modify the values of xito differentiate them.

For this, the way we adopt is to compare the values of all xi one after another, and if any xi is found to be

identical to a former one, just decrement or increment the current value of xiby one in an alternative way (i.e.,

perform an increment for an identicalness case followed by a decrement for the next case, and then by an increment, and so on). We call this process an adjust-ment for differentiating xi. This will change the

camou-flage image appearance to a nearly invisible degree because the change (+1 or )1) is just a very small por-tion of the full gray scale of 256.

(5)

2. Restriction of the magnitude of F (xi)––If the

mag-nitude of the value FðxiÞ computed in Algorithm 1 is not

restricted in a range, the data hiding capacity of the three pixels Wi, Vi, and Uimight not be sufficient to embed the

data bits of FðxiÞ. That is, F ðxiÞ might include too many

bits to be embedded in the three pixels. One way out is to perform a ‘‘modulo q’’ operation on the computed value of FðxiÞ where q is an integer of a reasonable

magnitude. This will cause the result½F ðxiÞmod qto fall in

the range of ½0; q  1. In our application for image sharing here, q¼ 256 is a proper choice because the secret value y in Eq. (1) comes from the image pixel value and is in the range of [0, 255].

3. Restriction on the property of q for the modular operation––It may be shown from Shamir (1979) that when the ‘‘modulo q’’ operation is applied in comput-ing the value of FðxiÞ, unless the integer q is a prime

number, ambiguity in the secret recovery result will arise. That is, the secret value y recovered from solving the equations in (2) might not be unique, and this means that unsuccessful secret recovery might occur. To solve this problem, the best choice of q for our case here is q¼ 251 which is the prime number closest to 256.

4. Truncation of the gray-scale values and restriction on the values of mi and y––To meet the modular

arith-metic mentioned previously using the prime number q¼ 251, all the values of xi, that of y, and the

corre-sponding ones of mimust also be restricted in the range

of [0, 250]. Therefore, we must slightly change the gray-scale values of the pixels in each camouflage image block Biwhich include those values of xi in Eq. (1), as well as

that of the secret image pixel S which is the value of y in Eq. (1). The way we adopt is to truncate all gray-scale values larger than 250 (i.e., those values of 251 through 255) down to the value of 250. This hopefully will not cause too great image quality changes, because our vi-sual inspection of many images reveals that gray-scale values of 250 through 255 are all ‘‘bright’’ enough so that the human vision capability cannot tell differences among them. On the other hand, for specific applica-tions where discrimination among these gray-scale val-ues is necessary, a solution we propose is to map the original 256-level gray scale into a smaller 251-level one for data sharing, and then to transform the latter back to the former for image restoration and inspection. Additionally, the requirement that all the xi be distinct

still need be obeyed after the truncation operations; that is, the previously-mentioned adjustment process for differentiating ximust be performed if necessary. Based

on the above discussions, we now modify Eq. (1) to meet the modular arithmetic as follows for use later in this paper:

FðxÞ ¼ y þ m1 x þ m2 x2þ    þ mk1 xk1



mod q

ð10Þ

where q¼ 251, all mi are selected restrictively to be in

the range of [0 250], and y and all xi are truncated to

be 250 if they are larger than 250. In a similar way, we modify Eqs. (2)–(4) by adding the ‘‘modulo q’’ oper-ation to the right-hand side of each of Eqs. (2)–(4). The resulting equations (20) through (40) are omitted

here.

5. Hiding the values of F (xi) by the least significant bit

replacement technique––By the above-mentioned mea-sures, we have restricted the computed values of FðxiÞ in

the range of [0, 250], and accordingly each FðxiÞ can

now be represented by a byte, i.e., eight bits. The way we adopt to hide the value of FðxiÞ in the camouflage

image block Biis to split the eight bits of FðxiÞ, denoted

by Fi1; Fi2; . . . ; Fi8, into three parts consisting of 2, 3, and

3 bits in sequence, and embed them into the values wi,

vi, and ui, of the three pixels Wi, Vi, and Ui, respectively,

by the least significant bit replacement technique often used in data hiding applications (Lin and Tsai, 2003; Bender et al., 1996; Hsu and Wu, 1999; Wu and Tsai, 1998). More specifically, we hide the first two bits, Fi1

and Fi2 of FðxiÞ into Wi by replacing the two least

sig-nificant bits wi7 and wi8 of Wi with Fi1 and Fi2,

respec-tively, so that the new value of Wi becomes w0i¼

wi1wi2. . . wi6Fi1Fi2. Similarly, the new value of Vi

be-comes v0

i¼ vi1vi2. . . vi5Fi3Fi4Fi5 after the three least

sig-nificant bits of Vi are replaced with the three bits Fi3, Fi4,

and Fi5of the second part of FðxiÞ. Finally, in a similar

way the new value of Ui becomes u0i¼ ui1ui2. . . ui5Fi6

Fi7Fi8.

6. Embedding the watermark signal for the authen-tication purpose by the even or odd parity check tech-nique––To achieve the authentication capability mentioned previously for verifying the fidelity of each stego-image block B0i before secret recovery, recall that

in Step 6 of Algorithm 1 we propose to embed as a watermark signal (a bit) bi into a pixel of the three

pixels Wi, Vi, and Ui of each camouflage image block

Bi. Actually, what we do is to take bias an even or odd

parity check bit and embed it into the new data byte w0 i

of the second pixel Wi of Bi by replacing the sixth bit

wi6 of w0i with bi so that the resulting data byte of w0i

becomes w00

i ¼ wiwi1wi2. . . wi5biFi1Fi2. Whether bi is

chosen to be 0 or 1 depends on the adopted parity check policy (even or odd) as well as on the number of 1’s in w0i. For example, if w0i¼ 01001100 and if the even parity check policy is adopted, then the check bit bi, which replaces the bit wi6, is taken to be 0 to make

the number of 1’s in w00i to become even. The parity

check policy might even be applied more randomly instead of being fixed, as will be explained later in this paper.

A summary of the above discussions may be illus-trated by Fig. 2, which the result of applying Algo-rithm 1 (including the details described above) to Fig. 1.

(6)

4. Proposed process of secret image sharing

Based on Algorithm 1 and the details described in the previous discussions, we can now describe a complete algorithm to implement the proposed secret image sharing approach. Assume that the given secret image is an m m gray-scale image. Also, assume that there is a database of camouflage images, each with the size of 2m m. It is suggested to select these camouflage images to be commonly seen pictures, like famous people pho-tographs, beautiful landscape pictures, etc. Such choices of camouflage images will increase the effect of stega-nography.

Algorithm 2. Detailed process for secret image sharing.

Input : (1) a secret image S with size m m to be shared by n participants; (2) a database of more than n camouflage images all with size 2m m; and (3) a secret key K (an integer) for watermark signal generation.

Output : n stego-images in which the secret image and m2 parity check bits are distributively hidden

for sharing and authentication.

Steps:

Step 1. Select n distinct images I1; I2; . . . ; In from the

camouflage image database, each for a secret sharing participant.

Step 2. Use the secret key K as a seed for a pre-selected binary random number generating function f to generate a sequence of m2 binary numbers

P1; P2; . . . ; Pm2. Regard each binary number P

ð‘ ¼ 1; 2; . . . ; m2Þ to represent a parity check

policy, with P‘¼ 0 for the even policy and

P‘¼ 1 for the odd one.

Step 3. Divide the secret image S into m2individual

pix-els S1; S2; . . . ; Sm2, with each as a secret image

pixel.

Step 4. Divide each camouflage image Ijðj ¼ 1; 2

; . . . ; nÞ into m2 blocks B

j1; Bj2; . . . ; Bjm2, each

of the size of 2· 2, and denote the four pixels in each block Bjias Xji, Wji, Vji, and Uji.

Step 5. For each secret image pixel Si and the

corre-sponding parity check policy Pi, generate a

parity check bit bji (0 or 1) for each

j¼ 1; 2; . . . ; n by taking into consideration of the content of the data byte of Wjiin Bjias well

as the parity check policy Pi. This results in a

se-quence of parity bits b1i; b2i; . . . ; bni, with each

bji for use in the ith block Bji in camouflage

image Ij.

Step 6. For each secret image pixel Si, take as input to

Algorithm 1 the following data: (1) Si; (2)

B1i; B2i; . . . ; Bni; and (3) b1i; b2i; . . . ; bni. The

out-put of the algorithm is a sequence of n 2· 2 ste-go-image blocks B01i; B02i; . . . ; B0ni, each in a camouflage image.

Step 7. Regard all 2· 2 stego-image blocks B0j1; B0j2; . . . ; B0jm2to compose a 2m 2m stego-image

Ij0as output, and deliver it to the jth participant in the secret sharing group.

In short, the above algorithm may be regarded as an application of Algorithm 1 to each pixel in the given secret image S and collect the resulting 2· 2 stego-image blocks to form larger 2m 2m stego-images. And this is one of the essences of our approach to applying the Shamir method to secret image sharing.

5. Proposed process of secret image recovery

In this section, the proposed secret recovery scheme will be described. Recall that after performing the secret sharing process by Algorithm 2 for a group of n par-ticipants, each participant obtains a 2m 2m stego-image I0

j, j¼ 1; 2; . . . ; n. The proposed secret recovery

process is summarized as an algorithm in the following.

Algorithm 3. Process for secret image recovery with stego-image authentication.

Input : (1) a set of at least k stego-images Ij0, say t ones,

with k 6 t 6 n; and (2) the secret key K used in Algo-rithm 2 for generating the parity check policies. Output : a report of failure of secret recovery, or the

ori-ginal secret image S if all the stego-images are authenticated to be genuine.

Steps:

Step 1. Use the secret key K and the binary random number generating function f to generate a se-quence of m2 binary numbers P

1; P2; . . . ; Pm2

which was also generated and used in Algo-rithm 1 to represent the parity check policies.

Xi xi = xi1xi2…xi8 Wi wi” = wiwi1wi2…wi5biFi1Fi2 Vi vi’ = vi1vi2…vi5Fi3Fi4Fi5 Ui ui’ = ui1ui2…ui5Fi6Fi7Fi8

Fig. 2. The result of applying Algorithm 1 to Fig. 1, whereðxi; FðxiÞÞ is the secret share with FðxiÞ ¼ Fi1Fi2. . . Fi8and biis the watermark signal bit. The bits framed with rectangles are those changed after applying the algorithm.

(7)

Step 2. Divide each stego-image Ij0 ðj ¼ 1; 2; . . . ; tÞ into m2 blocks B0

j1; B0j2; . . . ; B0jm2, each of the size of

2· 2, and denote the four pixels in each block B0jias Xji0, Wji0, Vji0, and Uji0.

Step 3. For each stego-image Ij0brought by participant j

ðj ¼ 1; 2; . . . ; tÞ, perform the following steps for stego-image authentication.

3.1 For each i¼ 1; 2; . . . ; m2, check all the data bits

in the value w0

ji of the pixel W 0

ji of the

stego-im-age block B0

jito see if the number of 1’s in them

is even or odd. Let P0

jidenote the resulting check

with P0

jiset to be 0 for the even case and to be 1

for the odd case.

3.2 If for i¼ 1; 2; . . . ; m2, the m2values of P0 ji are all

identical to Pi, then regard the stego-image to

pass the authentication and continue; otherwise, decide that the stego-image I0

j has been

tam-pered or is false, stop the algorithm, and report failure of secret recovery.

Step 4. If there are more than k stego-images that have passed the authentication in the last step, then continue; otherwise, stop the algorithm and re-port failure of secret recovery.

Step 5. For each i¼ 1; 2; . . . ; m2, perform the following

steps to recover the secret image pixel Si.

5.1 For each j¼ 1; 2; . . . ; k, take the value xji of the

top-leftmost pixel Xji of the 2· 2 stego-image

block B0

ji as a value of xj appearing in Eq. (40);

extract the data bits of FðxjiÞ from those of

the three pixels Wji, Uji, and Vji of B0ji; and take

FðxjiÞ as a value of F ðxjÞ appearing in Eq. (40).

5.2 Compute, by the use of Eq. (40), the

correspond-ing value of y as the value sifor the secret image

pixel Siin terms of the values of all xjand FðxjÞ.

Fig. 3. (a) The secret image. (b) through (d) The camouflage images for participants 1 through 3, respectively (the size of each is four times that of (a)). (e) through (g) The resulting stego-images for participants 1 through 3.

(8)

Step 6. Compose all the secret image pixels S1 through

Sm2 to form the desired m m secret image S

as output and stop the algorithm.

6. Experimental results

In this section, some experimental results are shown to prove the feasibility of the proposed scheme. For ease of demonstration, we first use gray-level images to evaluate our scheme. We will show as an example the effect of our scheme for the (2, 3)-threshold case here. At the end of this section, we will give an example of applying our scheme to full color images.

Following the secret sharing process described by Algorithm 2, we first take an image as shown in Fig. 3(a) as the secret image. We then choose three camouflage images arbitrarily and they are shown in Fig. 3(b) through (d). The image size of Fig. 3(a) is 1/4 of those of Fig. 3(b) through (d). After applying Algorithm 2 to the images of Fig. 3(a) through (d), the resulting three stego-images corresponding to Fig. 3(b) through (d) are shown in Fig. 3(e) through (g), respectively. The PSNR values of Fig. 3(e) through (g) are 39.21, 39.16, and 39.16, respec-tively. The results are satisfactory from the viewpoint of secret hiding effectiveness and stego-image quality.

In the phase of secret recovery, we performed Algo-rithm 3 to extract the shares first from the stego-images, and then recovered the secret data by using two of the three shares. After getting the secret data, we recon-structed the original secret image pixel by pixel. All the operations were conducted successfully and the original secret image was recovered to be the one shown in Fig. 3(a), as expected.

We have also evaluated the effect of the authentica-tion capability of the proposed scheme. A stego-image in which fragile watermarks were embedded by the scheme is shown in Fig. 4(a). Then we added some modifications to it to simulate image tampering, resulting an image shown in Fig. 4(b). The corresponding result of

authentication with the detected tampered image blocks marked in black is shown in Fig. 4(c). It can be observed that all modified regions have been detected correctly.

Finally, we show our experiment results using full color camouflage images. An example of the results is shown in Fig. 5(a) through (g), each of which corre-sponds to an image in Fig. 3(a) through (g), respectively. And the PSNR values of Fig. 5(e) through 5(g) are 39.07, 39.08, and 39.08, respectively. The stego-images in Fig. 5 (e) through (g) can be inspected to be acceptable visually, as indicated by the reasonable PSNR values.

7. Conclusions

A new scheme for secret image sharing based on the Shamir method (1979) with the additional capabilities of steganography and authentication has been proposed. The proposed scheme has three levels of security pro-tection. First, the ðk; nÞ-threshold function is adopted for a group of n participants to share the secret. Only k or more out of the n shares are collected can the original image data be recovered. Then, the concept of data hiding is employed to embed the shares into camouflage images before delivering the shares to the participants. Finally, the proposed scheme is equipped with the capability of authentication, which can detect false participants’ shares before the recovery process is exe-cuted. Furthermore, the proposed scheme can also handle full color images, and the quality of the recovery result is nearly lossless. This system is thus suitable for the applications where high security and efficiency is required.

The expansion of the camouflage image size to four times that of the secret image is a weakness of the method. But this is not unique to our method; instead, it is a general problem of most steganographic meth-ods used for hiding data in camouflage images (Bender et al., 1996; Hsu and Wu, 1999; Wu and Tsai, 1998, 1999; Kundur and Hatzinakos, 1999; Adelson, 1990).

Fig. 4. (a) The stego-image in which fragile watermark signals are embedded. (b) The image with modifications added to (a). (c) The result of authentication.

(9)

Furthermore, even the conventional visual cryptography methods (Naor and Shamir, 1995; Verheul and van Tilborg, 1997; Blundo et al., 2000; Lin and Tsai, 2003) for secret sharing also have similar share data expansion problems. Nevertheless, the proposed method is still applicable to many situations where the original image is small with the resulting stego-image size still endurable, or where keeping or transmission of the expanded image is not a practical problem.

Acknowledgement

This work was supported partially by the MOE Program for Promoting Academic Excellency of Uni-versities under the grant number 89-1-FA04-1-4.

References

Adelson, E., 1990. Digital signal encoding and decoding apparatus, US Patent no. 4,939,515, 1990.

Bender, W., Gruhl, D., Morimoto, N., Lu, A., 1996. Techniques for data hiding. IBM Systems Journal 35 (3 & 4), 313–336.

Blundo, C., De Santis, A., Naor, M., 2000. Visual cryptography for gray level images. Information Processing Letters 75, 255–259. Chang, C.C., Lee, H.C., 1993. A new generalized group-oriented

cryptoscheme without trusted centers. IEEE Journal on Selected Areas in Communications 11 (5), 725–729.

Hsu, C.T., Wu, J.L., 1999. Hidden digital watermarks in images. IEEE Transactions of Image Processing 8, 58–68.

Kundur, D., Hatzinakos, D., 1999. Digital watermarking for telltale tamper proofing and authentication. Proceedings of the IEEE 87, 1167–1180.

Lin, E.T., Delp, E.J., 1999. A review of fragile image watermarks. Multimedia and Security Workshop in ACM Multimedia ’99, Orlando, FL, USA, 1999.

Fig. 5. (a) The secret image. (b) through (d) The camouflage images for participants 1 through 3 (the size of each is four times the size of image of (a)). (e) through (g) The resulting stego-images for participants 1 through 3.

(10)

Lin, C.C., Tsai, W.H., 2003. Visual cryptography for gray-level images by dithering techniques. Pattern Recognition Letters 24 (1–3), pp. 349–358.

Naor, M., Shamir, A., 1995. Visual cryptography. In: Advances in Cryptology––EUROCRYPT’94, vol. 950 of Lecture Notes in Computer Science, pp. 1–12.

Shamir, A., 1979. How to share a secret. Communications of the Association for Computing Machinery 22 (11), 612–613. Sun, H.M., Shieh, S.P., 1994. Construction of dynamic threshold

schemes. Electronics Letters 30 (24), 2023–2024.

Verheul, E.R., van Tilborg, H.C.A., 1997. Construction and properties of k out of n visual secret sharing schemes. Designs, Codes, and Cryptography 11, 179–196.

Wu, D.C., Tsai, W.H., 1998. Data hiding in images via multiple-based number conversion and lossy compression. IEEE Transactions on Consumer Electronics 44 (4), 1406–1412.

Wu, D.C., Tsai, W.H., 1999. Embedding of any type of data in images based on a human visual model and multiple-based number conversion. Pattern Recognition Letters 20, 1511–1517.

Chang-Chou Lin was born in Taipei, Taiwan, R.O.C., in 1974. He received the B.S. degree in the Department of Computer Science at National Tsing Hua University in 1996. He works in the Computer Vision Laboratory of the Department of Computer and Information Science at National Chiao Tung University as a research assistant from August 1996, and is currently working toward his Ph.D. degree there. His recent research interests include visual secret sharing, pattern recognition, watermarking, and image hiding.

Wen-Hsiang Tsai was born in Tainan, Taiwan, Republic of China (R. O.C.) in May 10, 1951. He received the B.S. degree in Electrical Engineering from National Taiwan University, Taipei, Taiwan, Republic of China in 1973, the M.S. degree in Electrical Engineering (with major in Computer Science) from Brown University, Providence, Rhode Island, USA in 1977, and the Ph.D. degree in Electrical Engi-neering (with major in Computer EngiEngi-neering) from Purdue university, West Lafayette, Indiana, USA in 1979.

Dr. Tsai joined the faculty of National Chiao Tung University, Hsinchu, Taiwan in November 1979, and stays there until now. He is currently a Professor in the Department of Computer and Information Science and the Vice President of the University. Professor Tsai has been an Associate Professor of the Department of Computer

Engi-neering (now called Department of Computer Science and Information Engineering) and the Acting Director of the Institute of Computer Engineering. In 1984, he joined the Department of Computer and Information Science and acted as the Department Head from 1984 through 1988. He has also been the Associate Director of the Micro-electronics and Information System Research Center from 1984 through 1987, the Dean of General Affairs from 1995 to 1996, and the Dean of Academic Affairs of the University from 1999 to 2001. He has served as the Chairman of the Chinese Image Processing and Pattern Recognition Society at Taiwan from 1999 to 2000.

Outside the campus, Professor Tsai has served as a Consultant to several major research institutions in Taiwan. He has acted as the Coordinator of Computer Science in National Science Council, and a member of the Counselor Committee of the Institute of Information Science of Academia Sinica in Taipei. He has been the Editor of several academic journals, including Computer Quarterly (now Journal of Computers), Proceedings of the National Science Council, Journal of the Chinese Engineers, International Journal of Pattern Recognition and Artificial Intelligence, Journal of Information Science and Engineering, and Pattern Recognition. He was the Editor-in-Chief of Journal of Information Science and Engineering from 1998 through 2000.

Professor Tsai’s major research interests include image processing, pattern recognition, computer vision, virtual reality, and information copyright and security protection. So far he has published 257 aca-demic papers, including 107 journal papers and 150 conference papers. He is also granted 6 R.O.C. or USA patents. Dr. Tsai has supervised the thesis studies of 26 Ph.D. students and 101 master students.

Professor Tsai has received many awards, including one Distin-guished Research Award, four Outstanding Research Awards, and two Special Research Project Awards, all of the National Science Council in 1987 through 2001. He was the recipient of the 13th Annual Best Paper Award of the Pattern Recognition Society of the USA. He was elected as an Outstanding Talent of Information Sci-ence and Technology of the R.O.C. in 1986, received the Best Tea-cher Award of the Ministry of Education in 1989, and was the recipient of the Distinguished Official Award of the Ministry of Education in 1994. He was the recipient of many Academic Paper Awards made by several academic societies, including two by the Computer Society of the Republic of China in 1989, and thirteen by the Chinese Image Processing and Pattern Recognition Society. He has also received in the past 20 years ten Ph.D. and Master’s Thesis Supervision Awards from the Acer Long-Term Foundation, the Xerox Taiwan Company, the Federation of Image Product Compa-nies, the Electrical Engineers Society at Taiwan, and the Information Science Society at Taiwan.

Dr. Tsai is a senior member of the IEEE of the USA, and a member of the Chinese Image Processing and Pattern Recognition Society, the Medical Engineering Society of the Republic of China, and the International Chinese Computer Society.

數據

Fig. 1. An illustration of the locations of the pixels in image block B i and their values.
Fig. 2. The result of applying Algorithm 1 to Fig. 1, where ðx i ; F ðx i ÞÞ is the secret share with Fðx i Þ ¼ F i1 F i2
Fig. 3. (a) The secret image. (b) through (d) The camouflage images for participants 1 through 3, respectively (the size of each is four times that of (a))
Fig. 4. (a) The stego-image in which fragile watermark signals are embedded. (b) The image with modifications added to (a)
+2

參考文獻

相關文件

• The scene with depth variations and the camera has movement... Planar scene (or a

• Richard Szeliski, Image Alignment and Stitching: A Tutorial, Foundations and Trends in Computer Graphics and Computer Vision, 2(1):1-104, December 2006. Szeliski

• Richard Szeliski, Image Alignment and Stitching: A Tutorial, Foundations and Trends in Computer Graphics and Computer Vision, 2(1):1-104, December 2006. Szeliski

• The scene with depth variations and the camera has movement... Planar scene (or a

 image processing, visualization and interaction modules can be combined to complex image processing networks using a graphical

It is required to do radial distortion correction for better stitching results. correction for better

It is required to do radial distortion correction for better stitching results. correction for better

Creating full view panoramic image mosaics and texture-mapped models, SIGGRAPH 1997, pp251-258. Lowe, Recognising Panoramas,