Authentication and recovery for wavelet-based semifragile watermarking

Authentication and recovery for wavelet-based

semifragile watermarking

Min-Jen Tsai Chih-Cheng Chien

National Chiao Tung University Institute of Information Management 1001 Ta-Hsueh Road

Hsin-Chu 300, Taiwan

E-mail: mjtsai@cc.nctu.edu.tw

Abstract. We propose a novel image authentication and recovery scheme based on discrete wavelet transform共DWT兲. By using the prop-erty of a DWT multiresolution structure, we generate a semifragile wa-termark from low-frequency bands and embed the recovery information into the high-frequency bands based on the human visual system共HVS兲 approach. The image authentication system is able to locate precisely any malicious alteration made to the image and restore the altered or destroyed regions based on the recovery mechanism. Therefore, the requirements of ownership protection and tampering detection of digital right management共DRM兲 are met, and the legal usage of digital content is available. In addition, robustness to mild modifications like JPEG com-pression and channel additive white Gaussian noise 共AWGN兲 is also achieved with high recovery image quality. © 2008 Society of Photo-Optical Instrumentation Engineers. 关DOI: 10.1117/1.2947580兴

Subject terms: authentication; digital right management; human vision system; semifragile watermarking; tamper detection; tamper recovery.

Paper 080002R received Jan. 7, 2008; revised manuscript received Apr. 7, 2008; accepted for publication Apr. 8, 2008; published online Jun. 25, 2008.

1 Introduction

Digital watermarking has been extensively studied and re-garded as a potentially effective means for protecting copy-right of digital copy-right management共DRM兲 systems. Digital watermarking describes methods and technologies that al-low hiding information, for example, a sequence of num-bers or recognizable patterns, in digital media, such as im-ages, video, and audio. A lot of digital watermarking techniques have been proposed by many researchers and can be divided into various categories and in various ways.1 For content authentication and integrity verification, fragile 共or semifragile兲watermarks are used because they become fragile with certain alterations and modifications of the authenticated multimedia. Some fragile watermarking techniques2–5 were usually based on the concept of check-sum produced by secure hash functions 共e.g., MD5, SHA160兲 to verify the completeness of an image. They can detect and localize tamper correctly, but they treat admis-sible manipulations such as JPEG compression and channel additive white Gaussian noise 共AWGN兲 as malicious at-tacks. Therefore, semifragile watermarking techniques6–8 are more practically applied than fragile watermarking, since they are robust to some mild modifications such as JPEG compression and channel AWGN caused during the process of exchange and storage, but fragile to malicious attacks like image cropping, which crops objects from a source and pastes them onto a target. According to the con-veyance of authentication data, fragile共or semifragile兲 wa-termarks can be classified into two main categories: labeling-based authentication schemes and watermarking-based authentication schemes. The watermarking-watermarking-based au-thentication schemes embed the data into the original

multimedia content, and labeling-based authentication stores the authentication data in a separate file. Conse-quently, the authentication data becomes the integral part of the original multimedia and can be transmitted more effi-ciently and securely. In this work, we focus on the semi-fragile watermarking-based authentication scheme. Some necessary requirements like the sensitivity of manipula-tions, tolerance of information loss, localization of altered region, blind extraction 共no need for the original source兲, visibillty, robustness, and security must be preserved.9 In addition, this research not only achieves the tamper authen-tication but also the content recovery for reconstruction of the altered regions.

The goal of this work is to propose a novel scheme for image tampering authentication and recovery for wavelet-based semifragile watermarking. The rest of this work is organized as follows. Related works about image authenti-cation and image tamper recovery are introduced briefly in Sec. 2. The details of the proposed algorithm are explained in Sec. 3. Section 4 demonstrates the experimental results and discussion, and the conclusion is in Sec. 5, respec-tively.

2 Related Works

2.1 Image Authentication and Tamper Detection

Semifragile watermarks can be embedded in the spatial do-main or the transformed dodo-main. The schemes operating in the spatial domain are simpler than the ones using trans-form modulation by utilizing the least significant bit共LSB兲 of data. However, the schemes that embed watermarks in the transformed domain offer a higher degree of robustness.10 Recently, many semifragile methods are based on the wavelet transform domain, since it applies image processing operations to obtain the highest degree of

robustness, and allows the method to have spatial and fre-quency localization of digital data by the nature of multi-resolution discrete wavelet decomposition.

Kundur and Hatzinakos11 proposed one of the first ap-proaches to semifragile watermarking called telltale tamper proofing. They embed a watermark in the discrete wavelet domain of the image by quantizing the corresponding co-efficients. They claim their tamper detection, determined both in localized spatial and frequency regions, is unlike previously proposed techniques embedding a watermark in the spatial domain, which only provides information on the spatial location of the changes and fails to give a more general characterization of the type of distortion applied to the signal. They also use a statistics-based tamper assess-ment function as measureassess-ment for tamper proofing and au-thentication. Alexandre and Rabab12proposed a novel tech-nique for content authentication of digital images by quantizing wavelet packet coefficients and adopting charac-teristics of the human visual system to maximize the em-bedding weights for improved good imperceptibility of wa-termarked images. According to experimental results, their method is able to detect and localize malicious image modifications while offering a certain degree of robustness to image compression. A similar concept was also proposed in Ref. 13, where they proposed a discrete wavelet transform-based image semifragile watermarking scheme base on fusion of multiresolution. The Watson’s quantiza-tion matrix14 and the features of the human visual system 共HVS兲 are clearly adopted in the quantization process to achieve good quality of the watermarked image. Liu et al.15 presented a semifragile image watermarking technique based on index constrained vector quantization共VQ兲. How-ever, the peak signal-to-noise ratio共PSNR兲 of their water-marked image is low and their scheme would waste storage and not be flexible for the codebook of vector quantization that should be known in both watermark embedding and extraction processes. Yuan and Zhang16 proposed a novel semifragile watermarking method based on image model-ing usmodel-ing the Gaussian mixture model共GMM兲 in the wave-let domain. They modify selected wavewave-let coefficients ac-cording to the GMM parameters obtained through an EM algorithm. In experimental results, their scheme achieves minimum watermarking distortion and identifies mild modification from malicious attacks, but it treats AWGN as a malicious attack.

Ding et al.17 propose a wavelet-based chaotic semifrag-ile watermarking scheme based on chaotic map and odd-even quantization. Their scheme can detect and localize malicious attacks with high peak signal-to-noise ratio 共PSNR兲, while allowing mild JPEG compression and chan-nel AWGN tolerance. However, they did not disclose what chaotic map applied in their simulation data. In Chu et al.,18 the authors presented a semifragile watermarking scheme for authenticating the region of interest共ROI兲 of an image. First, the reference mask is obtained by Poisson matting. Then, they embed watermark according to the reference mask, representing the region of interest of the image. 2.2 Image Tamper Recovery

Currently, there is a great need for tamper recovery tech-niques, since there are not many references in this area. The recovery information can be embedded in either the

trans-form domain or spatial domain. For example, Lin and Chang19proposed a semifragile algorithm that is conceived to tolerate, in particular, JPEG-style compression of the wa-termarked image. It is based on two properties of the dis-crete cosine transform 共DCT兲 coefficient quantization, namely, the order invariance, where the order relation of the DCT coefficient pairs remains unaltered after JPEG compression, if not set equal; and the coefficient invari-ance, where if a coefficient is quantized to an integer mul-tiple of the step size, its value is not changed after JPEG compression with a smaller step size. The first one is used to generate the authentication bits, and the other is used to embed the signature. The authors have proposed some im-provement such as recovery bits. The advantage of these overhead bits is two-fold: they allow an approximation of the original block to be reconstructed, and they help to locate precisely the zones of the images that were really faded. The recovery bits are generated from a down-sampled and compressed version of the original image. They are then embedded into four blocks. The embedding process of recovery bits is similar to that of authentication bits.8

Lin, Hsieh, and Huang20proposed a hierarchical digital watermarking method for image tamper detection and re-covery in the spatial domain. It uses simple operations such as parity checks and comparison between average intensi-ties. For example, with a 4⫻4 block named A, the intensity feature will be embedded into another 4⫻4 block named

B, while the one-to-one block mapping relationship for the

whole image can be uniquely decided. For each block A of 4⫻4 pixels, they further divide it into four subblocks of 2⫻2 pixels. The watermark in each subblock is a tuple 共u,p,r兲, where both u and p are 1-bit authentication water-mark, and r is a six-bit recovery watermark for the corre-sponding subblock within block A mapped to sub-block within block B. The 8-bit watermarks共u,p,r兲 are embed-ded onto the two LSBs of each pixel within the subblock of

B. This scheme provides us with the capability of tamper

recovery by trading off the quality of the watermarked im-ages by about 5 dB.

Lin and Chang’s19 algorithm performs very well in the presence of JPEG compression, but otherwise it is very fragile against signal-processing attacks. The image tamper recovery scheme in Ref. 20 is only suitable for fragile-watermark schemes. If we perform any compression or at-tack, the recovery information is lost.

Since little research is on topics about an image tamper-ing recovery mechanism based on semifragile watermarks, it is also our motivation to propose a novel image authen-tication and tampering recovery algorithm that is robust against JPEG compression and channel additive white Gaussian noise for wavelet-based semifragile watermarks. The detailed description is in the next section.

3 Proposed Algorithm

Since the goal of this work is to develop a complete archi-tecture to effectively verify the integrity of an authorized grayscale image, detect the tampered region, and restore the content, the proposed algorithm can be categorized into four subalgorithms and is explained next.

• Semifragile watermark generation and embedding al-gorithm

• image recovery information embedding algorithm • semifragile watermark authentication and tamper

de-tection algorithm

• image tamper recovery algorithm.

3.1 Semifragile Watermark Generation and Embedding Algorithm

The host image first performs 2-D wavelet decomposition, and the flow chart is shown in Fig.1. The semifragile wa-termark generation and embedding procedure is as follows. 1. Calculate the two-level wavelet coefficients of the

host image; r⫻c is the size of subband LL2. 2. Select parameters: keys k1and k2are the private keys

of the embedding scheme. q1 and q2 are the quanti-zation parameters.

3. To get higher security, we refer to total automorphisms21共total transform兲 as the chaotic sys-tem for random scrambling, and the modified formula is shown in Eq.共1兲. Using S共i, j兲=
LL2共i, j兲/q1 and

k1as controlling parameters for Eqs.共1兲 and共2兲, we obtain the binary watermark W共i, j兲苸兵0,1其, 1艋i 艋r, 1艋 j艋c. Note:
· denotes the floor function.

Ar共i, j,k1兲:

再

i⬘=共i + j兲 mod r

j⬘=兵关S共i, j兲 + k1兴 · i + 关S共i, j兲 + k1+ 1兴 · j其 mod c

冎

, 共1兲

W共i, j兲 = 共i

⬘

+ j

⬘

兲mod 2, 共2兲

where共i, j兲 and 共i

⬘

, j

⬘

兲 are the pixel location before and after the total transform.

4. For the watermark embedding location corresponding to subbands兵HL2, HH2, LH2其, key k2 is applied as a random seed to create a pseudorandom array

location共i, j兲苸兵1,2,3其,1艋i艋r,1艋 j艋c. The

pseudocodes of the operation are location共i, j兲 =关rand共k2兲%3兴+1, where location共i, j兲=1 means the subband HL2, location共i, j兲=2 means the subband HH2, and location共i, j兲=3 means the subband LH2. Rand共seed k兲 is a function that uses the seed k to return a pseudorandom integral number.

5. The binary watermark is embedded into the image by parity-check quantization, which is modified from the odd-even quantization,19and the operation is demon-strated in Fig.2. Parity-check quantization is essen-tially a scalar quantization used in Ref.21, where the uniform quantizer is used in this study. We define parity-check quantization function f in Eq. 共3兲 and the detailed procedures in Eqs.共4兲–共6兲. The function performs quantization on decomposed wavelet coef-ficients x共i, j兲 into odd-even regions according to the binary watermark W共i, j兲, 共i, j兲 indicates the spatial location, and x苸兵LH2, HL2, HH2其. The inputs of function f are either LH2共i, j兲, HL2共i, j兲, or HH2共i, j兲, with W共i, j兲 and q2. The output of function f is the result after the process of Eqs.共4兲–共6兲.

y共i, j兲 = f关x共i, j兲,W共i, j兲,q2兴, x共i, j兲 苸 R,

W苸 兵0,1其, q2苸 Z+, 共3兲

I共i, j兲 =

再

0,
x共i, j兲/q2 is even

1,
x共i, j兲/q2 is odd

冎

, 共4兲

y共i, j兲 =

再

x共i, j兲/q2 ⫻ q2+ q2/2, if I = W共i, j兲 y

⬘

共i, j兲, if I⫽ W共i, j兲

冎

.

共5兲

y

⬘

共i, j兲 is obtained as follows:

y

⬘

共i, j兲 =

再

x共i, j兲/q2− 1 ⫻ q2+ q2/2 if
x共i, j兲/q2 ⫻ q2艋 x ⬍
x共i, j兲/q2 ⫻ q2+ q2/2

x共i, j兲/q2+ 1 ⫻ q2+ q2/2 if
x共i, j兲/q2 ⫻ q2+ q2/2 艋 x ⬍
x共i, j兲/q2 ⫻ q2+ q2

冎

. 共6兲 DWT Parity-check quantization Toral Transform k1 W (i, j) LH2, HL2, HH2 LL2, LH1, HL1, HH1 LL2 Host image Random Number Generator k2 Location(i, j) LH'2, HL'2, HH'2 q1, q2

Fig. 1 Flow diagram of the watermark generation and embedding

scheme.

6. Perform the parity-check quantization function f on the selected wavelet coefficients according to the lo-cation array for subband HL2, LH2, and HH2. For i = 1 to r

for j = 1 to c

process each location共i, j兲

case 1: HL₂

⬘

共i, j兲= f关HL2共i, j兲,W共i, j兲,q2兴 case 2: HH₂

⬘

共i, j兲= f关HH2共i, j兲,W共i, j兲,q2兴 case 3: LH₂

⬘

共i, j兲= f关LH2共i, j兲,W共i, j兲,q2兴.

3.2 Image Recovery Information Embedding Algorithm

To recover the content of the tampered region if the modi-fication is performed, low-frequency components represent-ing important visual information are extracted and embed-ded into high-frequency coefficients as the recovery data. The recovery value of LL2共i, j兲 is obtained after the floor function LL2共i, j兲 divided by the quantization value of function pow共2,␭兲 first. If the value after the floor function can be represented as a binary format as共b4, b₃, b₂, b₁, b0兲2, the decimal value will be equivalent to 共b4· 24_{+ b}

3· 23 + b2· 22+ b1· 21+ b0兲⫻2␭ for the recovery, which will pro-vide a wide range of reconstruction capability. Therefore, each recovery value of LL2共i, j兲 will need at least 5 bits to record the共b4, b₃, b₂, b₁, b0兲 value and each b4, b₃, b₂, b₁,

b0 is either 1 or 0, which is similar to the watermark of semifragile watermarking designed in Sec. 3.1. After inten-sive study using the commonly available images from the USC image database,22 the wavelet LL2 band coefficients using the biorthogonal filters23usually fall within the range 0 to 31 after scaling共␭=5兲. Under such circumstances the parity-check quantization mentioned in Sec. 3.1 can be used again for embedding each共b4, b3, b2, b1, b0兲 value for DWT recovery coefficients. Even the proposed design deals only with the positive wavelet LL₂band coefficients. How-ever, it could be easily modified to include the sign bit from 共b4, b₃, b₂, b₁, b0兲 to a 共sign bit, b3, b₂, b₁, b0兲 format if negative wavelet coefficients are important.

The location of embedding recovery information for LL2共i, j兲 is decided by a mapping function 关Eqs. 共7兲 and

共8兲兴 demonstrated in Fig.3, where location␣共␣= i · c + j兲 is mapped to location␤共the detailed mapping procedures are explained in the algorithm section兲. Due to the security concern, the recovery value for each location␤ is embed-ded in either the␤₁group共HL2and HH1兲,␤₂group共HH2 and HH1兲, or␤3group共LH2and LH1兲 components accord-ing to the computed result from control parameter key k1.

Since there exists the parent-children relationship between the wavelet subbands, as shown in Fig.3, the␤1,␤2, or␤3 group each has five units, with one unit in level 2 and four units in level 1. Using this characteristic, the recovery value can be represented in the binary format with 5 bits, and bit

b4will be embedded in either the HL2, HH2, or LH2band, and b3, b2, b1, b0will be embedded in either the HL1, HH1, or LH1band according to whether the␤1,␤2, or␤3group is selected. If the coefficients of subband HL2, HH2, or LH2 have already embed the authentication bit during Sec. 3.1, there will be a location switch mechanism to bypass the selected band for other bands if the outcome from the ran-dom generator picks the same band for the recovery infor-mation embedding. After the embedded location for bit b4 is decided, the embedded location for bit b3, b2, b1, b0will also be determined by the parent-children relationship.

To efficiently embed the recovery information, the parity-check quantization in Sec. 3.1 is applied again here. The associated quantization parameter value q2 for each embedded bit location at different subbands is different ac-cording to the study of subband noise visibility.14 For

ex-Table 1 The quantization table共Q table兲 of recovery bits.

q2values for k = 1 , 2 , 3 Q4k Q3k Q2k Q1k Q0k q2of␤1group, k = 1 16 24 24 16 8 q2of␤2group, k = 2 16 48 48 32 16 q₂of␤₃group, k = 3 16 24 24 16 8

HH

1 LH1 HH1 HL1 HH2 LH2 HL2 LL2 Mapping

Embed the recovery information pixel

2( , ) LL i j α 24 24 16 8 24 24 16 8 48 48 32 16 16 16 16 β β1 β2 β3 3 4 Q 3 3 Q Q3₂ 3 1 Q Q₀3

Fig. 3 Demonstration of embedding the recovery information. The

recovery location␣of LL2共i,j兲 is mapped to either␤1,␤2, or␤3. The

parent-children relationship is subsequently illustrated for bands HL2

and HL1, HH2and HH1, LH2and LH1. The odd-even quantization

parameter q₂values for each bit b₄, b₃, b₂, b₁, b₀are listed in the blocks for the associated bands.

ample, the q2 value for the bit b4 of the ␤3 group in band LH2will be 16, and the q2values for bit b3, b2, b1, b0of the ␤3 group in band LH1 will be 24, 24, 16, and 8, respec-tively, shown in Fig.3. An empirical study for the quanti-zation step size called the Q table is shown in Table1 for the band of HL2, HH2, LH2, HL1, HH1, and LH1which is used for the ␤1, ␤2, or ␤3 groups. Qi

k

represents each q2 value of the parity-check quantization for the␤1,␤2, or␤3 groups, and i = 1 , 2 , 3 , 4 , 5 and k = 1 , 2 , 3. An example of q2 values, including Q₄3, Q₃3, Q₂3, Q₁3, Q₀3 for ␤3 groups, are shown in Fig.3.

The flow chart of recovery information embedding is shown in Fig.4, and the detailed algorithm is as follows.

1. Input or use the prestored private keys k1 and k2. Input the quantization parameters q1and Q table for

q2.

2. k2is applied as a random seed to create the 2-D psue-dorandom array location共i, j兲苸兵1,2,3其,1艋i艋r,1 艋 j艋c that will designate the subband for authenti-cation pixel embedding.

3. For security concerns, the location of the recovery value of LL2共i, j兲 will be mapped into different loca-tions. A mapping function20 of Eq. 共8兲 will map the location from␣to␥.

g共␣兲 =␥=共␬⫻␣兲mod N, 共7兲

␤= switch关␥,location共i, j兲兴, 共8兲

where 1艋i艋r,1艋 j艋c,␬is the key k₁, and N is the total number of coefficients of subband LL2 of the image. If the band to embed the authentication bit and the recovery information is the same, the location switch mechanism will be applied to make them em-bedded in different bands. The pseudocode of the switch function is as follows:

s =关rand共k2兲 % 3兴 + 1

if关s ⫽ location共i, j兲兴␤=␤s=␥

else

s =共s + 1兲 % 3 + 1, ␤=␤s=␥.

If location␣is mapped to location ␤ after the loca-tion switch, each localoca-tion␤will be embedded in ei-ther the␤1group共HL2and HL1兲, the␤2group共HH2 and HH₁兲, or the ␤₃ group 共LH₂ and LH₁兲 compo-nents. Therefore, a location list location

⬘

共i, j兲

苸兵1,2,3其,1艋i艋r,1艋 j艋c will be obtained for subbands兵HH2, LH2, HL2其.

4. Adjust the control variable ␭ so the value of floor 关LL2共i, j兲/2␭_{兴 will be mapped within the region of 共0,} 31兲. Therefore, 5-bit binary representation will be used for parity-check quantization to embed the re-covery information.

The function performs quantization on x共i, j兲 into odd-even regions according to the bit value of

R

⬘

共i, j兲; 共i, j兲 indicates the spatial location and x

苸兵LH2, HL2, HH2, LH1, HL1, HH1其. The values of quantization parameter q2 in different subbands are listed in the Q table of Table1.

y共i, j兲 = f关x共i, j兲,R

⬘

共i, j兲,q₂兴, 共9兲

R共i, j兲 =
LL2共i, j兲/2␭, 共10兲 R

⬘

共i, j兲 =

冦

0 if R共i, j兲 ⬍ 0 2␭− 1 if R共i, j兲 艌 2␭ R共i, j兲 else

冧

. 共11兲

5. Perform parity-check quantization on wavelet coeffi-cients as follows.

For i = 1 to r for j = 1 to c

Process each location

⬘

共i, j兲

case 1: HL

⬙

₂共i, j兲= f关HL

⬘

₂共i, j兲,b4, Q₄1兴 HL

⬙

₁共i, j兲= f关HL

⬘

₁共2i,2j兲,b3, Q₃1兴 HL

⬙

₁共i, j兲= f关HL

⬘

₁共2i,2j+1兲,b2, Q₂1兴 HL

⬙

₁共i, j兲= f关HL

⬘

₁共2i+1,2j兲,b1, Q₁1兴 HL

⬙

₁共i, j兲= f关HL

⬘

₁共2i+1,2j+1兲,b0, Q₀1兴 case 2: HH

⬙

₂共i, j兲= f关HH

⬘

₂共i, j兲,b4, Q₄2兴 Fig. 4 Diagram of the image recovery information embedding

scheme. " 2 LL " 2 " 2 " 2 HL HH LH Total Transform

Fig. 5 Diagram of the image authentication and tamper detection

HH

⬙

₁共i, j兲= f关HH

⬘

₁共2i,2j兲,b₃, Q₃2兴 HH

⬙

₁共i, j兲= f关HH

⬘

₁共2i,2j+1兲,b₂, Q₂2兴 HH

⬙

₁共i, j兲= f关HH

⬘

₁共2i+1,2j兲,b₁, Q₁2兴 HH

⬙

₁共i, j兲= f关HH

⬘

₁共2i+1,2j+1兲,b0, Q₀2兴 case 3: LH

⬙

₂共i, j兲= f关LH

⬘

₂共i, j兲,b4, Q₄3兴

LH

⬙

₁共i, j兲= f关LH

⬘

₁共2i,2j兲,b3, Q₃3兴 LH

⬙

₁共i, j兲= f关LH

⬘

₁共2i,2j+1兲,b2, Q₂3兴 LH

⬙

₁共i, j兲= f关LH

⬘

₁共2i+1,2j兲,b1, Q₁3兴 LH

⬙

₁共i, j兲= f关LH

⬘

₁共2i+1,2j+1兲,b0, Q₀3兴

6. The watermarked image is obtained after the inverse wavelet transform.

3.3 Semifragile Watermark Authentication and Tamper Detection Algorithm

Figure5shows the flow chart of watermark authentication and tamper detection scheme, which is similar to part of semifragile watermark embedding. The procedures are as follows:

1. Input keys k1, k2, q1, and q2as the private keys of the scheme. The values of k₁, k₂, q₁, and q₂should be the same in embedding and extraction processes. 2. Compute the two-level 2-D wavelet coefficients of

the watermarked image; r⫻c is the size of LL

⬙

2. 3. Use k₁and k₂to create the 2-D pseudorandom arrays;

W

⬘

共i, j兲苸兵0,1其, 1艋i艋r, 1艋 j艋c, and

location共i, j兲苸兵1,2,3其,1艋i艋r 1艋 j艋c.

4. According to location共i, j兲, the extracted watermark will be calculated by Eq. 共12兲, where the subband coefficient value is defined as u共i, j兲.

W

⬙

共i, j兲 = 兵
关u共i, j兲/q2兴其mod 2. 共12兲

5. After obtaining two watermarks W

⬘

and W

⬙

, we de-fine the tamper detection matrix as Eq. 共13兲. If W

⬘

= W

⬙

, then T = 0. It means the image was not tam-pered. Otherwise, the “1” element in the tamper de-tection matrix indicates pixels that were tampered.

T =兩W

⬘

− W

⬙

兩. 共13兲

6. Since the algorithm is designed to be a semifragile watermarking scheme, which would want to be ro-bust to mild modifications in all cases, it is inevitable that we cannot detect all malicious attacks pixel-wise. However, for practical cases such as watermark re-moval using neighbor pixels and image cropping that crops objects from a source and pastes them onto a target, the malicious attacks are always applied in a certain region in the watermarked image. That is to say, we assume tamper pixels are always continuous. Therefore, for a certain tamper detection matrix ele-ment T共i, j兲, if the number of tampered neighboring elements for T共i, j兲 is greater than a given threshold, we can regard T共i, j兲 as a tampered one. The sum-mary of such postprocessing operations of the tamper detection matrix is shown as Eq.共14兲 and the dem-onstration is in Fig.6: T

⬘

=

冦

1,

兺

k=−␶ ␶

兺

l=−␶ ␶ T共i + k, j + l兲 ⬎␦ 0,

兺

k=−␶ ␶

兺

l=−␶ ␶ T共i + k, j + l兲 艋␦

冧

. 共14兲

Note that␶is the width of window, and␦ is thresh-old.

7. Rescale the tamper detection matrix to have the same size of the watermarked image and obtain the tamper detection image.

T(i, j)

Fig. 6 The authentication pixel and its eight neighboring pixels.

T共i,j兲=1 if␶= 1,␦= 4.

Fig. 7 Diagram of the image recovery scheme.

(b) (a)

(c) (d)

Fig. 8 Robust authentication and recovery of the tampered Lena

image. 共a兲 watermarked Lena image. 共b兲 Tampered image. 共c兲 Tamper detection.共d兲 Recovered image.

3.4 Image Tamper Recovery Algorithm

After the image authentication stage, all the wavelet coef-ficients of subband LL

⬙

are marked either valid or errone-ous by tamper detection matrix T. We only need to recover the erroneous wavelet coefficients and leave the other co-efficients unchanged. If the location of erroneous coeffi-cient is ␣, the mapped location embedding the recovery coefficient will be at either the␤₁,␤₂, or␤₃group, which is the same mapping relationship as shown in Fig.3 by Eqs.

共7兲 and共8兲. The associated Q table values of parity-check quantization parameter q₂ for each bit b₄, b₃, b₂, b₁, b₀ at different bands-are the same as shown in Table1 and are adopted here for the recovery. The image tampering recov-ery procedures 共Fig. 7兲 for each erroneous coefficient is

described as follows:

1. After the image authentication scheme, we can get a tamper detection matrix T that tells where there has been tampering.

2. For each wavelet coefficient in subband LL

⬙

₂, 1艋i 艋r, 1艋 j艋c, if T共i, j兲=1, which means it is tam-pered, the coefficients related with location 共i, j兲 based on the parent-children relationship across sub-bands are also tampered. Therefore, they need to be set to zero first, since the tampered values are not useful for recovery. Then perform the recovery scheme by steps 3, 4, and 5. Else if T共i, j兲=0, go to step 6.

3. Use the same mapping function from Eqs.共7兲and共8兲 during the embedding procedure to get the mapping relationship between location ␤ and location ␣, where the location switch function is also considered. If T共␤兲=1, skip the recovery operation for this coef-ficient since the recovery info is also tampered. 4. Use the watermark extraction scheme by parity-check

quantization to get the 5-bit recovery information 兵b4

⬘

共i, j兲,b3

⬘

共i, j兲,b2

⬘

共i, j兲,b1

⬘

共i, j兲,b0

⬘

共i, j兲其.

For each location

⬘

共i, j兲

case 1: b₄

⬘

共i, j兲=共
共HL₂

⬙

共i, j兲/Q₄1兲兲mod2

b₃

⬘

共i, j兲=共
共HL₁

⬙

共2i,2j兲/Q₃1兲兲mod2 b₂

⬘

共i, j兲=共
共HL₁

⬙

共2i,2j+1兲/Q₂1兲兲mod2 b₁

⬘

共i, j兲=共
共HL₁

⬙

共2i+1,2j兲/Q₁1兲兲mod2 b₀

⬘

共i, j兲=共
共HL₁

⬙

共2i+1,2j+1兲/Q₀1兲兲mod2

case 2: b₄

⬘

共i, j兲=共
共HH₂

⬙

共i, j兲/Q₄2兲兲mod2

b₃

⬘

共i, j兲=共
共HH₁

⬙

共2i,2j兲/Q₃2兲兲mod2 b₂

⬘

共i, j兲=共
共HH₁

⬙

共2i,2j+1兲/Q₂2兲兲mod2 b₁

⬘

共i, j兲=共
共HH₁

⬙

共2i+1,2j兲/Q₁2兲兲mod2 b₀

⬘

共i, j兲=共
共HH₁

⬙

共2i+1,2j+1兲/Q₀2兲兲mod2

case 3: b₄

⬘

共i, j兲=共
共LH₂

⬙

共i, j兲/Q₄3兲兲mod2

b₃

⬘

共i, j兲=共
共LH₁

⬙

共2i,2j兲/Q₃3兲兲mod2 b₂

⬘

共i, j兲=共
共LH₁

⬙

共2i,2j+1兲/Q₂3兲兲mod2 b₁

⬘

共i, j兲=共
共LH₁

⬙

共2i+1,2j兲/Q₁3兲兲mod2 b₀

⬘

共i, j兲=共
共LH₁

⬙

共2i+1,2j+1兲/Q₀3兲兲mod2.

5. According to the extracted recovery bits, the recov-ered value R

⬙

共␣兲 of the LL2 wavelet coefficient at location␣will be calculated by Eq. 共15兲:

R

⬙

共␣兲 = 关b₄

⬘

共i, j兲 · 24+ b₃

⬘

共i, j兲 · 23+ b₂

⬘

共i, j兲 · 22

+ b₁

⬘

共i, j兲 · 21+ b₀

⬘

共i, j兲 · 20兴 ⫻ 2␭. 共15兲 Use the recovered info R

⬙

共␣兲 as the value of the LL₂

⬙

共i, j兲 wavelet subband coefficient.

6. After all LL₂

⬙

coefficients are all recovered, perform the inverse 2-D wavelet transform to obtain the re-constructed image.

4 Experiments and Discussion

The proposed robust authentication and recovery semifrag-ile watermarking algorithm has been implemented and in-tensively tested by using the commonly available image database. For illustration purposes, four widely available images of 512⫻512 Lena, Barbara, Peppers, and F16 are tampered in Figs. 8–11, and are recovered based on the approach of the proposed algorithm. During the simulation, the parameters of robust authentication are q1= 30, q2= 16, and ␭=5, which result in the watermarked images being above 39 dB compared to the original images. Table2lists the PSNR values of Figs. 8–11 and we can tell that the images including recovery information will be degraded about 9 dB as the payload. In addition, PSNR values of the

(b) (a)

(c) (d)

Fig. 9 Robust authentication and recovery of the tampered Barbara

image._{共a兲 Watermarked Barbara image. 共b兲 Tampered image. 共c兲} Tamper detection.共d兲 Recovered image.

(b) (a)

(c) (d)

Fig. 10 Robust authentication and recovery of the tampered

Pep-pers image.共a兲 Watermarked Peppers image. 共b兲 Tampered image. 共c兲 Tamper detection. 共d兲 Recovered image.

tampered and recovery images with watermarked and origi-nal images for Figs.8–11are tabulated in Table3. Accord-ing to our design, the robust authentication can correctly indicate the location of the tampered areas in Figs. 8共c兲,

9共c兲,10共c兲, and11共c兲, and the recovery mechanism can also successfully reconstruct the images in Figs. 8共d兲, 9共d兲,

10共d兲, and11共d兲, respectively. From Fig.8, the eye portion of Lena is reconstructed with no visible difference. The reconstructed Barbara image in Fig.9is also very similar to the original one. While the tampered area increases, the PSNR values are decreasing in Table 3, and the rough re-covery image will disclose the discrepancy, which can be seen in Fig.11共d兲.

Since the extracted watermark in this study is the binary sequence, the correlation value should be evaluated with the original watermark to judge the robustness. Therefore, the normalized cross-correlation 共NC兲 function is adopted here as the criteria for comparison. The equation is as fol-lows: NC =兺i=1 r _兺 j=1 c W共i, j兲W

⬘

共i, j兲 兺i=1 r _兺 j=1 c _{兩W共i, j兲兩}2 . 共16兲

To compare with the other semifragile approach, Table 4

tabulated the NC values of the tampered watermarked Pep-pers image, set at the same PSNR as tested in Ref.17. In our approach, 10⫺18 biorthogonal wavelet filters23 are used for our experiments, even though there are no limita-tions for the selection of wavelet filters for the proposed design. Although there is no information about the wavelet filters and chaotic map used in Ref. 17, we believe the authors tried for the best results. From Table4, we can see

the NC values for the proposed algorithm are higher than the data from Ref.17. In addition, the recovery scheme of the proposed algorithm can recover the tampered area, which is a novel approach among existing techniques. Fig-ure12demonstrates the images when Peppers is under both the JPEG compression at QF= 80 and the tampered attack. Figure 13 shows the images when Peppers is under both AWGN noise ␴2_{= 12 and the tampered attack. Based on} Figs.12共d兲and13共d兲, our scheme has been able to recover most of the distorted information with high image quality. Therefore, we can conclude that our robust authentication and recovery semifragile watermarking can resist mild at-tacks like JPEG and AWGN.

To compare with other recovery schemes in the trans-form domain, Lin and Chang’s19 method is essentially a good fit for analysis. In Fig. 14, the watermarked Lena images by Lin and Chang19and the proposed algorithm are illustrated for comparison. They are both set at the same PSNR value= 32 dB. The pin of Lena’s hat is removed for both watermarked images. Since Lin and Chang’s19method is a DCT-based approach, the outcome of the tamper detec-tion is also block oriented for recovery. However, the pro-posed algorithm is a wavelet-based technique, which has the property of multiresolution characteristics. Therefore, the recovery information is embedded in multiresolution subbands that offer better recovery image quality than the block-based approach. From Figs.14共g兲and14共h兲, we can

Table 2 PSNR values共dB兲 of the watermarked images versus the

original images for Figs.8–11.

Image Lena Barbara Peppers F16

With recovery 30.7 30.5 30.6 30.8

No recovery 39.5 39.4 39.4 39.4

Table 3 PSNR values共dB兲 for Figs.8–11. T means tempered, W

means watermarked, R means recovery, and O means original image.

Image Lena Barbara Peppers F16

PSNR共T,W兲 35.9 35.0 22.7 23.8 PSNR共R,W兲 39.3 44.0 39.8 33.8 PSNR共T,O兲 29.6 29.3 22.1 23.0 PSNR_共R,O兲 30.2 30.4 30.4 29.3 (b) (a) (c) (d)

Fig. 11 Robust authentication and recovery of the tampered F16

image. 共a兲Watermarked F16 image. 共b兲 Tampered image. 共c兲 Tamper detection.共d兲 Recovered image.

(b) (a)

(c) (d)

Fig. 12 Tamper detection and recovery of the Peppers image under

both JPEG compression QF= 80 共compression ratio=4.3:1兲 and tampering attack.共a兲 Watermarked Peppers image. 共b兲 JPEG com-pression and tampering. 共c兲 Tamper detection. 共d兲 Recovered image.

easily distinguish the image content and verify that the im-age quality of the pin in Fig.14共h兲is superior to that of Fig.

14共g兲. It is another advantage of the wavelet-based scheme. Further research could try to perform more levels of wavelet transforms. It would reduce the number of embed-ded watermarks, so as to reduce the quantization extent of images to enhance the watermarked image quality. But the size of the detection unit would be enlarged according to more levels of wavelet transform. Because some of the subtle distortion of the tampered image could not be de-tected, it is still an issue for detection efficiency and recov-ery capability.

After intensive performance comparison, the results of different attacks of tamper detection, JPEG and AWGN noise, and visual quality analyses demonstrate that the pposed wavelet-based semifragile watermarking is more ro-bust with better image quality. In summary, we are con-vinced that the proposed complete architecture and algorithm is a superior scheme among the existing tech-niques.

5 Conclusion

A novel semifragile watermarking-based technique for copyright protection of DRM and robust authentication with a recovery algorithm is presented. For authentication and verification of the integrity for the watermarked

im-ages, we apply a semifragile watermark algorithm that can detect and localize malicious attacks effectively yet tolerate mild modifications such as JPEG compression and channel additive white Gaussian noise共AWGN兲. As compared with other methods, our approach is not only superior in tamper detection and localization, it also provides the capability of tamper recovery. According to the simulation results, the watermarked image can be recovered successfully under mild attacks with higher image quality than DCT-based techniques.

Table 4 Roubustness against JPEG compression and AWGN for Peppers image.

JPEG quality factor 100 90 80 70 60 50

NC 0.99 0.99 0.98 0.96 0.93 0.88 NC of Ref.17 0.99 0.98 0.95 0.93 0.88 0.82 AWGN:␴2 _{6 12 18 24 30 36} NC 0.98 0.95 0.92 0.89 0.86 0.82 NC of Ref.17 0.97 0.94 0.91 0.87 0.83 0.79 (b) (a) (c) (d)

Fig. 13 Tamper detection and recovery of the Peppers image under

AWGN noise ␴2_{= 12 and tampering attack. 共a兲 Watermarked}

Peppers image.共b兲 AWGN attack and tampered image. 共c兲 Tamper detection.共d兲 Recovered image.

(a) (b)

(c) (d)

(e) (f)

(g) (h)

Fig. 14 Recovery performance comparison with the algorithm in

Ref.19 at the same PSNR value= 32 dB.共a兲 is the watermarked image by the method of Ref.19._{共b兲 is the watermarked image by} the proposed approach.共c兲 is the tampered image of 共a兲, where the pin of Lena’s hat is removed.共d兲 is the tampered image of 共b兲, where the pin of Lena’s hat is removed.共e兲 is the tamper detection using Ref.19, where the white blocks indicate the tampered area.共f兲 is the tamper detection by the proposed approach.共g兲 is a close-up of the recovery image by Ref.19.共h兲 is a close-up of the recovery image by the proposed approach.

Acknowledgments

This work was supported by the National Science Council in Taiwan under NSC95-2416-H009-027 and NSC96-2416-H009-015.

References

1. S. J. Lee and S. H. Jung, “A survey of watermarking techniques applied to multimedia,” Proc. IEEE Intl. Symp. Industrial Electron. 1, 272–277共2001兲.

2. C. C. Chang, Y. S. Hu, and T. C. Lu, “A watermarking-based image ownership and tampering authentication scheme,” Pattern Recogn. Lett. 27, 439–446共2006兲.

3. S. Walton, “Information authentication for a slippery new age,” Dr. Dobbs J. 20共4兲, 18–26 共1995兲.

4. H. Yuan and X. P. Zhang, “A secret key based multiscale fragile watermark in the wavelet domain,” Proc. IEEE Intl. Conf. Multime-dia Expo, pp. 1333–1336共2006兲.

5. R. B. Wolfgang and E. J. Delp, “A watermark for digital images,” Proc. IEEE Intl. Conf. Image Process. 3, 219–222共1996兲. 6. D. Zou, Y. Q. Shi, Z. Ni, and W. Su, “A semi-fragile lossless digital

watermarking scheme based on integer wavelet transform,” IEEE Trans. Circuits Syst. Video Technol.16共10兲, 1294–1300 共2006兲.

7. C. Fei, D. Kundur, and R. Kwong, “Analysis and design of secure watermark-based authentication systems,” IEEE Trans. Inf. Forensics Security 1, 43–55共2006兲.

8. Ö. Ekici, B. Sankur, B. Coskun, U. Nazi, and M. Akcay, “Compara-tive evaluation of semifragile watermarking algorithms,”J. Electron. Imaging13共1兲, 209–216 共2004兲.

9. C. Rey and J. L. Dugelay, “A survey of watermarking algorithms for image authentication,” EURASIP J. Appl. Signal Process. 6, 613–621 共2002兲.

10. I. J. Cox, J. Kilian, J. F. T. Leighton, and T. Shamoon, “Secure spread spectrum watermarking for multimedia,”IEEE Trans. Image Process.

6共12兲, 1673–1687 共1997兲.

11. D. Kundur and D. Hatzinakos, “Digital watermarking for telltale tamper proofing and authentication,”Proc. IEEE87共7兲, 1167–1180

共1999兲.

12. H. P. Alexandre and K. W. Rabab, “Wavelet-based digital watermark-ing for image,” Proc. IEEE Canadian Conf. Electric. Computer Eng.

1, 879–884共2002兲.

13. J. Q. Hu, J. W. Huang, D. R. Huang, and Y. Q. Shi, “Image fragile watermarking based on fusion of multi-resolution tamper detection,”

Electron. Lett.38共24兲, 1512–1523 共2002兲.

14. A. B. Watson, G. Y. Yang, J. A. Solomon, and J. Villasenor, “Visibil-ity of wavelet quantization noise,”IEEE Trans. Image Process.6共8兲,

1164–1175共1997兲.

15. Z. M. Lu, C. H. Liu, D. G. Xu, and S. H. Sun, “Semi-fragile image watermarking method based on index constrained vector quantiza-tion,”Electron. Lett.39共1兲, 35–36 共2003兲.

16. H. Yuan and X. P. Zhang, “A multiscale fragile watermarking based on the Gaussian mixture model in the wavelet domain,” Proc. IEEE

Intl. Conf. Acoust. Speech Signal Process. 3, 413–416共2004兲. 17. K. Ding, C. He, L. G. Jiang, and H. X. Wang, “Wavelet-based

semi-fragile watermarking with tamper detection,” IEICE Trans. Funda-mentals E88-A共3兲, 787–790 共2005兲.

18. Y. Chu, Y. Zhang, S. Zhang, and X. Ye, “Region of interest fragile watermarking for image authentication,” Proc. First Intl. Multi-Symp. Computer Comput. Sci. imsccs 1, 726–731共2006兲.

19. C. Y. Lin and S. F. Chang, “Semi-fragile watermarking for authenti-cating JPEG visual content,”Proc. SPIE3971, 140–151共2000兲.

20. P. L. Lin, C. K. Hsieh, and P. W. Huang, “A hierarchical digital watermarking method for image tamper detection and recovery,” Pat-tern Recogn. 38共12兲, 2519–2529 共2005兲.

21. M. J. Tsai, K. Y. Yu, and Y. Z. Chen, “Joint wavelet and spatial transformation for digital watermarking,” IEEE Trans. Consum. Elec-tron. 46共1兲, 241–245 共2000兲.

22. USC SIPI—The USC-SIPI Image Database, see http://sipi.usc.edu/ services/database/Database.html.

23. M. J. Tsai, J. D. Villasenor, and F. Chen, “Stack-run image coding,”

IEEE Trans. Circuits Syst. Video Technol.6, 519–521共1996兲. Min-Jen Tsai received his BS degree in

electrical engineering from National Taiwan University in 1987, his MS degree in indus-trial engineering and operations research from University of California at Berkeley in 1991, and his engineer and PhD degrees in electrical engineering from University of California at Los Angeles in 1993 and 1996, respectively. He served as a second lieuten-ant in the Taiwan army from 1987 to 1989. From 1996 to 1997, he was a senior re-searcher at America Online, Incorporated. In 1997, he joined the Institute of Information Management at National Chiao Tung Univer-sity in Taiwan, and is currently an associate professor. His research interests include multimedia systems and applications, digital rights management, digital watermarking and authentication, digital foren-sics, and enterprise computing for electronic commerce applica-tions. He is a member of IEEE, ACM, IEICE, and Eta Kappa Nu.

Chih-Cheng Chien received his BS degree

from the Department of Information Man-agement at National Central University in 2005, and his MS degree from the Institute of Information Management at National Chiao Tung University in 2007. He is now serving his military service duty in Taiwan. His research interests are in the fields of multimedia and image security.