高容量JPEG資訊隱藏及其在影像分享、驗證與修復之應用

國 立 交 通 大 學

資 訊 學 院

資 訊 科 學 與 工 程 研 究 所

博士論文

高容量 JPEG 資訊隱藏及其在影像分享、驗證與

修復之應用

High-Capacity JPEG Data Hiding and its Applications to

Image Sharing, Authentication, and Recovery

研 究 生：陳李書滕

指導教授：林 志 青 博士

高容量 JPEG 資訊隱藏及其在影像分享、驗證與

修復之應用

High-Capacity JPEG Data Hiding and its Applications to

Image Sharing, Authentication, and Recovery

研 究 生：陳李書滕 Student：Lee Shu-Teng Chen

指導教授：林志青 博士 Advisor：Dr. Ja-Chen Lin

國立交通大學

資訊學院

資訊科學與工程研究所

博士論文

A Dissertation Submitted to

Institute of Computer Science and Engineering

College of Computer Science

National Chiao Tung University

in Partial Fulfillment of the Requirements

for the Degree of Doctor of Philosophy

in

Computer Science and Information Engineering

June 2010

Hsinchu, Taiwan, Republic of China

高容量 JPEG 資訊隱藏及其在影像分享、驗證與

修復之應用

研究生：陳李書滕 指導教授：林志青 博士

國立交通大學

資訊學院

資訊科學與工程研究所

摘要

本論文基於 Joint Photographic Experts Group (JPEG) 技術提出了

資訊隱藏、影像分享、影像驗證與修復之方法。資訊隱藏是藉由將機

密資料藏於掩護影像，使得攻擊者無法從偽裝影像中察覺出機密資料

的存在，以達到保護機密資料的一種方式；然而，大部份資訊隱藏方

法所產生的偽裝影像大小並不經濟。因此，將偽裝影像壓縮以節省儲

存空間是必要的，但壓縮經常會破壞藏於偽裝影像的機密資料。為了

解決這個問題，我們提出了一個高容量可逆式 JPEG 資訊隱藏方法。

這個方法將機密資料藏於 JPEG 壓縮碼。在機密資料被無失真取出

後，原來用於藏機密資料的 JPEG 壓縮碼，也可以完整重建回來。

機密影像分享藉由將機密影像產生 n 張有雜訊的分存來保護機密

影像。任意 k 份分存 (2

≤ k ≤ n)，可以還原機密影像，但少於 k 份分

存，則無法還原機密影像。這種性質(不是機密影像被還原就是只有

雜訊)，只有當被分享的影像為最高機密才有用處；然而，在真實世

界中，並不是所有的影像都為最高機密，分享的影像有可能是每天需

要處理的重要影像，而不是最高機密影像。因此，還原重要影像可能

會涉及到某些品質層次。為了可以根據收集分存的數量多寡，來還原

重要影像的多種品質，我們提出了一個漸進式影像分享方法。這個方

法所產生的每個分存都非常的小，所以這些小分存可以成功地藏於

JPEG 壓縮碼，使得這些隱藏於 JPEG 壓縮碼下的小分存在一個不友

善的環境傳送時，可以減低被攻擊的機率。

影像驗證是用來檢驗影像的完整性。有些具有自我修復能力的影

像驗證方法除了可以偵測影像是否遭到惡意竄改，而且在影像被偵測

遭到竄改時，也可進而修復；然而，當影像遭到更嚴重破壞時，所遺

留的修復資料並不足以用來修復。因此，我們提出了一個影像驗證與

交叉修復方法來保護一組 n 張 JPEG 影像。這個方法可以檢驗該組 n

張 JPEG 影像有哪幾張被竄改，而且還可以藉由其它未被竄改的 JPEG

影像之間的相互合作來修復被竄改的 JPEG 影像。

High-Capacity JPEG Data Hiding and its

Applications to Image Sharing, Authentication, and

Recovery

Student : Lee Shu-Teng Chen

Advisor : Dr. Ja-Chen Lin

Institute of Computer Science and Engineering

College of Computer Science

National Chiao Tung University

Abstract

This dissertation proposes three techniques for data hiding, image sharing, and image authentication with cross recovery based on Joint Photographic Experts Group (JPEG). Data hiding is used to protect secret data by embedding them in a cover image such that attackers cannot identify a hidden secret in the stego-image. However, the stego-images generated by many existing data hiding techniques are not economic in size, and therefore the compression to the stego-images is needed to reduce storage space. Unfortunately, the compression usually destroys the hidden secret in the stego-images. To solve this dilemma, a reversible JPEG data hiding method with high hiding capacity is proposed. The secret data are embedded in a JPEG code. In the decoding process, following lossless extraction of the hidden secret data, the JPEG code used to embed the secret data can also be reconstructed without any error.

Secret image sharing is used to protect a secret image by splitting the secret image into n noise-like shadows. Any k of the n shadows (2 ≤ k ≤ n) can reconstruct the secret image, but fewer than k shadows cannot. This all-or-nothing property is

useful when the image being shared is top secret. However, in the real world, not all images are top secret. The shared image might be a daily-used important image but not a top-secret one, and therefore the reconstruction of the important image can involve certain quality levels. To reconstruct the important image with various quality levels based on the number of collected shadows, a progressive image sharing method with compact shadows is proposed.All n shadows are very compact, and so can be hidden successfully in the JPEG codes of cover images to reduce the probability of being attacked when transmitted in an unfriendly environment.

Image authentication is used to verify the integrity of an image. Some Image authentication schemes with self-recovery ability not only identify unauthorized manipulations of the image but also recover the tampered areas with approximation of the original ones. However, when the image is seriously damaged, the recovery data left are insufficient to recover the the seriously damaged image. Therefore, an image authentication and cross-recovery method is proposed to protect a group of n JPEG image. The proposed method can verify which JPEG images in the group are tampered with, and recover the tampered JPEG images approximately through the cooperation of the survived members.

Acknowledgements

I would like to express my sincere gratitude to my advisor, Professor Ja-Chen Lin, for his invaluable assistance and helpful guidance. I also wish to thank to Dr. Shang-Kuan Chen, Dr. Wen-Pinn Fang, Dr. Yu-Jie Chang, Dr. Kun-Yuan Chao, Mr. Sian-Jheng Lin, and Mr. Suiang-Shyan Lee for their discussion and suggestions. I would like to thank all members of Computer Vision Laboratory for their help. Last, I would like to express my deepest appreciation to my family and my friends for their encouragement and support.

Table of Contents

Abstract in Chinese...I

Abstract in English ... III

Table of Contents... V

List of Figures... VIII

List of Tables ...XI

Chapter 1 Introduction

1.1 Motivation...1

1.2 Related Studies...5

1.2.1 JPEG Data Hiding...5

1.2.2 Image Sharing ...6

1.2.3 Image Recovery ...7

1.3 Dissertation Overview ...8

1.3.1 Reversible JPEG Data Hiding with High Hiding Capacity ...9

1.3.2 Multi-Threshold Progressive Image Sharing with Compact Shadows .9 1.3.3 Authentication and Cross Recovery of Multiple JPEG images ...9

1.4 Dissertation Organization ...10

Chapter 2 Reversible JPEG Data Hiding with High Hiding

Capacity

2.2 Proposed Method ...12

2.2.1 Mapping Quantized Coefficients to Stego Quantized Coefficients ....12

2.2.2 Secret Embedding ...14

2.2.2.1 Construction of Hiding Capacity Table and Modified Quantization Table ...14

2.2.2.2 Hiding Secret Data in Quantized Blocks ...16

2.2.3 Extraction of Hidden Data and Reconstruction of Original JPEG Code ...17

2.2.4 Example of Secret Embedding and Extraction Processes...18

2.3 Experiments and Comparisons ...19

2.3.1 Experimental Results ...19 2.3.2 Comparisons ...20 2.4 Discussions ...22 2.4.1 Parameters Setting ...22 2.4.2 Security ...23 2.5 Summary ...25

Chapter 3 Multi-Threshold Progressive Image Sharing With

Compact Shadows

3.1 Related Works ...34

3.1.1 Secret Image Sharing Method of Thien and Lin...34

3.1.2 Galois Field...35

3.2 Proposed method...36

3.2.1 Encoding ...36

3.2.2 Decoding ...38 3.2.3 Example of Sharing and Inverse-Sharing Processes based on GF(256)

...39

3.3 Experiments and Comparisons ...39

3.3.1 Experimental Results ...39

3.3.2 Comparisons ...41

3.4 Security Discussion...43

3.5 Summary ...47

Chapter 4 Authentication and Cross Recovery of Multiple JPEG

images

4.1 Reed-Solomon Codes...58

4.2 Proposed method...59

4.2.1 Encoding ...59

4.2.2 Decoding ...62

4.3 Experiments and Comparisons ...64

3.3.1 Experimental Results ...64

4.3.2 Comparisons ...65

4.4 Summary ...66

Chapter 5 Conclusions and Future Works

5.1 Conclusions...72

5.2 Future Works...73

References

Vita

List of Figures

Figure 1.1. Nine sets {Ri: 1 ≤ i ≤ 9} of quantized coefficients for secret embedding of

Chang et al. [18]...6 Figure 1.2. Framework of dissertation...8 Figure 2.1. Relation between QF values and the corresponding quality of a 512×512

JPEG decompressed grayscale image Lena ...12 Figure 2.2. The quantizer Q(i, j) is modified to a smaller quantizer Q'(i, j) that satisfies , enabling m=F(i, j)–0.5 and n=F(i, j)+0.5 to be mapped to M(i, j) and N(i, j), respectively ...13

( , ) / ( , ) 2

Q i j Q i j′ ≥

⎢⎣ ⎥⎦

Figure 2.3. Images decompressed from JPEG codes. (a) The 41.75-dB image Lena decompressed from the JPEG-Q85 code without any hidden secret. (b) The 39.12-dB stego-image Lena decompressed from our JPEG stego code. (c) The 41.75-dB decrypted-decompressed image Lena derived from our JPEG stego code. (d)-(f) Same as (a)-(c) except that the image Lena is replaced by Jet, and the PSNRs of (d) to (f) are 41.15dB, 38.75 dB, and 41.15dB, respectively...26 Figure 2.4. Comparisons between Chang et al.’s method [18] and ours when the two

parameters are Nbit=2 and NQC=16. The comparisons are (a) hiding

capacity, (b) hiding ratio, (c) stego-image quality, and (d) average length of the JPEG stego codes...27 Figure 2.5. Same as Figure 2.4 except that the two parameters are Nbit=1 and NQC=10

...28 Figure 2.6. Results of Chi-square analysis: (a) the image Lena without any hidden

method; (c) the stego-image Lena decompressed from our JPEG stego code after a secret of size 253,952 bits is hidden; (d)-(f) the results of Chi-square analysis of the pixels in (a), (b), and (c), respectively...29 Figure 2.7. Results of StegDetect analysis: (a) the cover image Lena decompressed

from the JPEG-Q85 code without any hidden secret; (b)-(d) the stego-images decompressed from the JPEG stego codes of JPHide [10], JSteg [12], OutGuess [11], respectively; (e)-(l) the stego-images decompressed from our eight JPEG stego codes, respectively; (m) the results of StegDetect analysis of the twelve JPEG codes, the decompressed images of which are in (a)-(l) ...30 Figure 3.1. Flowchart for encoding...49 Figure 3.2. Original important image Lena used in the first experiment...50 Figure 3.3. Six images Peppers, Jet, Boat, Lake, Baboon, and Zelda, which are

utilized to cover the important image Lena ...50 Figure 3.4. Six images decompressed from our six JPEG stego codes ...51 Figure 3.5. Four versions of the important image Lena reconstructed from various

numbers of received JPEG stego codes: (a) from any three JPEG stego codes (PSNR=27.32 dB); (b) from any four JPEG stego codes (PSNR=33.67 dB); (c) from any five JPEG stego codes (PSNR=39.35 dB); (d) from the six JPEG stego codes (and identical to the original important image Lena)...52 Figure 3.6. Same as Figure 3.4 except that the to-be-hidden shadows are generated

using the proposed [(k1=2, k2=3, k3=4, k4=5), n=6] threshold scheme ...53 Figure 3.7. Results of Chi-Square analysis: (a) for the original JPEG cover image

Peppers; (b) for our JPEG stego-image Peppers in Figure 3.6(a); (c) for the original JPEG cover image Jet; (d) for our JPEG stego-image Jet in

Figure 3.6(b)...54 Figure 3.8. Results of StegSpy analysis: (a) for the original JPEG code of Peppers;

(b)-(c) for the JPEG stego codes created using the Hiderman and JPegX hiding tools, respectively; (d)-(i) for our six JPEG stego codes, the decompressed images of which are in Figure 3.6 ...55 Figure 4.1. A group of four images Baboon, Scene, Lena, and Jet...67 Figure 4.2. Four images decompressed from the four JPEG stego codes in the first

experiment without any extraction of the hidden authentication and recovery data ...67 Figure 4.3. Two JPEG stego codes in the first experiment are lost. (a)-(b) The

recovered JPEG images Baboon' (PSNR=24.87 dB) and Lena' (PSNR=34.89 dB) by using two survived JPEG stego codes, the decompressed images of which are in Figures 4.2(b) and 4.2(d). (c)-(d) The recovered JPEG images Scene' (PSNR=30.24 dB) and Jet' (PSNR=31.82 dB) by using two survived JPEG stego codes, the decompressed images of which are in Figures 4.2(a) and 4.2(c) ...68 Figure 4.4. Another group of four images Peppers, Boat, Tiffany, and House...69 Figure 4.5. Four images decompressed from the four JPEG stego codes in the second experiment without any extraction of the hidden authentication and recovery data ...69 Figure 4.6. Two JPEG stego codes in the second experiment are lost. Any two of the

four JPEG stego codes, the decompressed images of which are in Figure 4.5, are lost, and the recovered JPEG images are identical to two of the four images, which are (a) Peppers' (PSNR=34.64 dB), (b) Boat' (PSNR=30.79 dB), (c) Tiffany' (PSNR=31.91 dB), and (d) House' (PSNR=32.51 dB) ...70

List of Tables

Table 2.1. Comparisons of hiding capacity, hiding ratio, and stego-image quality among the related JPEG hiding methods [12,15,17] and ours when the grayscale image Lena is compressed using JPEG with QF=85...31 Table 2.2. Same as Table 2.1 except that the image Lena is replaced by Jet ...31 Table 2.3. Our hiding capacity, hiding ratio, and stego-image quality when the

grayscale image Lena is compressed using JPEG with QF=75...32 Table 3.1. Bit rates (bpp) of the JPEG codes of cover images...56 Table 3.2. Comparisons among image sharing methods [21,25-30] and ours ...56 Table 3.3. Comparison of shadow sizes in non-expanded methods [21,26,28-30] and

ours. The (largest) threshold is set to six for all works except that Hung et al.’s method [30] uses five as the largest threshold value ...57 Table 3.4. Same as Table 3.3 except that (largest) threshold value is set to five ...57 Table 3.5. Same as Table 3.1 except that the JPEG codes are created using QF=65 ..57 Table 4.1. Comparisons among image recovery schemes [35-39] and ours...71 Table 4.2. Comparison of shadow sizes between Chang et al.’s method [39] and ours

when the group of four grayscale images are Baboon, Scene, Lena, and Jet ...71 Table 4.3. Same as Table 4.2 except that the four grayscale images are replaced by

Chapter 1

Introduction

In this chapter, motivation for the dissertation is introduced in Section 1.1. A brief review of the related studies is presented in Section 1.2. An overview of the proposed methods is reported in Section 1.3. Last, the organization of the dissertation is described in Section 1.4.

1.1 Motivation

The transmission of digital media including text, image, audio, and video, via computer networks is becoming increasingly popular. However, because networks are open environments, transmitted digital signals may be intercepted or distributed by illegal users. To solve this problem, data hiding is often applied. The concept of data hiding is to embed secret data in an ordinary-look cover image such that the generated stego-image is a diversion to the attackers when the stego-image is transmitted to the networks along with other images. Data hiding schemes can be further classified into two categories: spatial domain and frequency domain. Spatial domain hiding schemes [1-9] generated a stego-image by embedding secret data in the pixel values of a cover image. Because the stego-images generated by the spatial domain hiding schemes are usually very large, some well-known image compression techniques such as Joint Photographic Experts Group (JPEG) have been developed to reduce storage space.

However, using higher compression rate usually destroys or damages the hidden content in the stego-images. Therefore, various frequency domain hiding methods have been investigated to hide secret data in a JPEG code [10-20]. Among these

frequency domain hiding methods, some are reversible [14,18]. A reversible JPEG hiding technique can loss-freely reconstruct not only the hidden secret data but also the JPEG code. Therefore, we propose a reversible JPEG hiding method with high hiding capacity in Chapter 2. The method intends to embed a large-size secret in a JPEG code. After lossless extraction of the secret data, the JPEG code used to embed the secret can be reconstructed.

Secret image sharing is an approach for protecting secret images [21-26]. Polynomials are used to share a secret image and generate n shadows. Any k of the n shadows (2 ≤ k ≤ n) can reconstruct the secret image, but fewer than k shadows cannot. The missing-allowable feature makes secret image sharing methods useful to the distributed storage of a secret image. Specifically, the n shadows of an image can be stored in n places. Later, to reconstruct the image, the n shadows are grabbed over n distinct channels. Some of the n communication channels or the n storage disks may be out of service temporarily or deliberately if the owner of a shadow refuses to cooperate, but neither case will affect the reconstruction, as long as the number of missing shadows is not more than n−k. The potential problem of losing an image

forever is therefore erased using image sharing. Additionally, collecting fewer than k shadows yields nothing but noise, and this feature increases security.

Conventional secret image sharing methods reveal either the entire secret image (when any k of the n shadows are collected) or nothing (when fewer than k shadows are collected). This all-or-nothing property is useful when the image being shared is top secret. However, not all images in daily life are top secret. In many circumstances, the shared image might be sensitive in some way and yet not top secret. Restated, although an image must not be viewed by only a minority of the participants, the reconstruction of the image can still involve certain quality levels, such as low quality, middle quality, and high quality, based on whether the number of collected shadows

reaches the corresponding thresholds. Such sharing is called progressive sharing: the sensitive image is reconstructed with improving quality, as determined by the number of the collected shadows in the decoding meeting [27-30].

Progressive sharing has a range of applications. Consider, for example, image searching in an antiterrorism intelligence office or a witness-protection program, when an authorized officer searches for a sensitive image from a missing-allowable database system with n distributed storage places. If the shadows of each image have been formed earlier by a traditional all-or-nothing sharing scheme, a user must wait for the entire image to be downloaded (by collecting k out of the n shadows) and then check whether the reconstructed image is useful. In contrast, using shadows in a progressive manner can reduce searching time: in the earlier stage of the reconstruction, people can obtain a rough version of the image by collecting a smaller number (k1) of shadows (2 ≤ k1 < k ≤ n); they can then abort further transmission as soon as the rough version indicates that the candidate image is absolutely not the sought image. Meanwhile, fewer than k1 shadows reveal nothing but noise, providing a certain degree of protection of a sensitive image.

Another example involves the increasing use of mobile devices or computers to browse the web. Providing progressive versions of an image allow each authorized customer or team member to have more choices. Moreover, the number of downloadable shadows, which control the quality of the reconstructed versions, can be determined by the level of the paid membership (or authorized rank) of the downloader. In particular, if the image is too offensive or violent or only allowed to be inspected by a particular police team or intelligence squad, then controlling the number of shadows in a progressive manner can yield flexible design benefits or facilitate management of the system (as members of a single team but with different ranks are authorized to download different numbers of the n created shadows).

Therefore, we propose a multi-threshold progressive reconstruction method with compact shadows in Chapter 3. The method intends to reconstruct the sensitive image with progressively improved quality, according to the number of collected shadows. Also, each shadow is very compact and so can reduce storage space and transmission time, and facilitate the hiding of shadows.

Protecting the integrity of digital images has recently become an important research topic because digital images are easily copied and illegally distributed through networks. Image authentication is used to verify the integrity of an image. Some image authentication schemes [31-34] embedded authentication data in an image, and the embedded authentication data could then be extracted to verify the validity of the image. Several image authentication methods with extra tamper recovery ability have also been investigated [35-38]. These methods could identify unauthorized manipulations of an image and recovered tampered areas with approximation of the original ones.

However, these self-recovery methods [35-38] focused on a single image. Once the protected image is seriously tampered with, the recovery data left are insufficient to recover the seriously tampered image. Accordingly, Chang et al. [39] proposed a (k,

n) threshold scheme with authentication and cross-recovery ability to protect a group

of n images. When some of the n images are tampered with or even lost, the tampered or lost ones can be approximately recovered by the support of k survived members. However, if the n protected images in Chang et al.’s work [39] are lossy compressed to reduce storage space, then their cross-recovery ability is gone.

To make the verification and recovery mechanisms feasible for the images stored in JPEG format, we propose an image authentication and cross-recovery method for protecting a group of n JPEG images in Chapter 4. The proposed method generates n JPEG stego codes by embedding authentication and recovery data in the n JPEG

images. When some (up to n−k) of the n JPEG stego codes are destroyed, the destroyed JPEG images can be approximately recovered using any k survived JPEG stego codes.

1.2 Related Studies

1.2.1 JPEG Data Hiding

JSteg [12] was a simple hiding tool that embedded secret data in a JPEG code. First, a cover image was divided into non-overlapping blocks of 8×8 pixels each. The 8×8 pixels of each block were transformed using discrete cosine transform (DCT) and then quantized according to the default JPEG quantization table. The secret data were embedded in the least significant bit (LSB) of the quantized coefficients, the values of which were not 1, 0, or -1. Last, each embedded quantized block was compressed further using the JPEG entropy coding. After all blocks have been processed, the JPEG stego code is generated.

Because the quantized coefficients are almost all zero after the DCT transformation and quantization steps of JPEG, the hiding capacity in JSteg is quite limited. Therefore, Chang et al. [15] modified the default JPEG quantization table and embedded secret data in the 26 quantized coefficients located in the middle-frequency part. Because the quantizers in the middle-frequency part were modified to one, the quantized coefficients in the middle-frequency part were usually non-zero. To find a balance between the hiding capacity and stego-image quality, Tseng and Chang [17] proposed further the adaptive JPEG data hiding method, which used the human visual system and their capacity table to determine the embedded length of secret data. Iwata et al. [16] also modified the boundaries between zero and non-zero quantized coefficients to hide a secret.

Some JPEG hiding techniques with additional reversibility have also been investigated [14,18]. Fridrich et al. [14] proposed a reversible watermarking scheme for authenticating JPEG codes. A secret watermark was generated by hashing quantized coefficients. The generated watermark and further compressed result of the quantized coefficients were then embedded in the LSB of the quantized coefficients. Chang et al. [18] utilized the successive zero sequence of each set Ri (1 ≤ i ≤ 9) in

Figure 1.1 to embed secret data because many quantized coefficients in the lower right portion of Figure 1.1 were zeros. They also modified the JPEG quantization table to improve the quality of their stego-images.

9 R 7 R 5 R 3 R 8 R R₆ R₄ R₂ R₁

Figure 1.1. Nine sets {Ri: 1 ≤ i ≤ 9} of quantized coefficients for secret embedding of

Chang et al. [18].

1.2.2 Image Sharing

Blakley [40] and Shamir [41] were the first to propose the idea of a (k, n) threshold sharing scheme. Thien and Lin [21] extended the work of Shamir [41] by sharing a secret image and generated n shadows. The size of each shadow in their work is only 1/k of that of the original secret image, and so the storage space and transmission time are kept low. To reduce the size of each shadow further, Tso [26] quantized the secret image and then shared it. Lin and Tsai [24] also transformed the

secret image into the frequency domain and then shared the first DCT coefficient, which was used as a seed in a random number generator to yield a sequence of numbers that were then used to rearrange the values of the second to tenth DCT coefficients in each transformed block. In almost all sharing methods, since each generated shadow looks like noise, data hiding may be employed to hide each noise-like shadow in a cover image.

Various progressive image sharing schemes have recently been investigated [27-30]. However, in Fang’s scheme [27], the size of each shadow was expanded to four times larger than the input image. To avoid expansion, people may use approaches [28-30] that were based on the sharing scheme of Thien and Lin [21]. Chen and Lin [28] adopted a bit-plane scanning procedure to rearrange the pixels of the shared image, and the rearranged data were then shared. Wang and Shyu [29] decomposed the shared image using spatial and depth information simultaneously and then shared the decomposed image. Hung et al. [30] shared the quantized DCT coefficients of the input image. Although the shadows in their work were much smaller than those in the preceding three works [27-29], the reconstruction of their image was not lossless when all n shadows were collected.

1.2.3 Image Recovery

Chang et al. [39] proposed an image authentication and cross-recovery method to protect a group of n images. First, the v LSBs (1 ≤ v ≤ 4) of each of the n images were set to zero to create n rough images using a modulus-based zeroing approach that was based on Thien and Lin’s hiding scheme [3]. Next, the n rough images were compressed using JPEG2000, and each of the n generated JPEG2000 codes was shared using a two-layer sharing that is based on Thien and Lin’s sharing scheme [21]. Then, the n generated shadows were embedded in the n rough images, respectively, to

generate n stego-images. For each of the n stego-images, the authentication data were computed using the MD5 hash function [42]. Last, the n authentication data were embedded in the n stego-images, respectively, using the v-LSB substitution method. Their n watermarked images were therefore generated. When some of the n watermarked images were tampered with, the tampered images could be approximately recovered using the survived ones.

1.3 Dissertation Overview

The dissertation proposes three techniques for data hiding, image sharing, and image authentication with cross recovery based on JPEG. The proposed methods contain a reversible JPEG data hiding method with high hiding capacity, a progressive image sharing method with compact shadows, and an image authentication method with cross-recovery ability. The framework of the dissertation is shown in Figure 1.2, and a brief overview of each proposed method is described in the following subsections.

1.3.1 Reversible JPEG Data Hiding with High Hiding Capacity

Chapter 2 proposes a reversible JPEG data hiding method for hiding a large-size secret in a JPEG code. The JPEG quantization table attached to the JPEG code is modified, and the two JPEG quantization tables (original and modified) together can map the quantized DCT coefficients to the larger quantized DCT coefficients with hidden secret data. In the decoding process, the secret data and the original JPEG code can be reconstructed without any error.

1.3.2 Multi-Threshold Progressive Image Sharing with Compact Shadows Chapter 3 proposes a multi-threshold progressive image sharing method for reconstructing an image with various quality levels, based on whether the number of collected shadows reaches the corresponding thresholds. All n products (or n shadows) of the image are compact and so can be hidden in stego media easily without excessively affecting the image quality of the cover media. Any of the shadows could be missing, so the sender or the receiver need not worry about which shadows are sent or collected first. The probability of success of the decoding meeting is therefore increased.

1.3.3 Authentication and Cross Recovery of Multiple JPEG Images

Chapter 4 proposes an image authentication method with cross-recovery ability for protecting a group of n JPEG images. The proposed method generates n JPEG stego codes with hidden authentication and recovery data. The hidden authentication data can be used to verify which JPEG stego codes are attacked, and when some of the n JPEG stego codes are corrupted, the corrupted JPEG images can be approximately recovered by the cooperation of the survived JPEG stego codes.

1.4 Dissertation Organization

In the rest of this dissertation, the proposed reversible JPEG data hiding method with high hiding capacity is presented in Chapter 2. The proposed multi-threshold progressive image sharing method with compact shadows is reported in Chapter 3. The proposed image authentication method with cross-recovery ability is described in Chapter 4. Last, conclusions and future work are drawn in Chapter 5, along with recommendation for future research.

Chapter 2

Reversible JPEG Data Hiding with High Hiding

Capacity

This chapter proposes a reversible JPEG data hiding method for hiding a large-size secret in a JPEG code. The quantization table of the JPEG code is modified, and the proposed mapping function is utilized to map quantized coefficients to larger quantized coefficients with hidden secret data. In the decoding process, both the secret data and the original JPEG code can be reconstructed without any error. Experimental results demonstrate that the proposed method provides a high hiding capacity and acceptable stego-image quality, to an extent comparable with other JPEG data hiding methods. The rest of this chapter is organized as follows. Section 2.1 reviews the JPEG technique. Section 2.2 presents the proposed method. Section 2.3 reports the experimental results and makes comparisons with other methods. Section 2.4 discusses parameters setting and security. Last, Section 2.5 summarizes this chapter.

2.1 Review of JPEG

JPEG is an international image compression standard that is used commonly on the Internet. A given image is divided into several blocks of 8×8 pixels each. The 8×8 pixels of each block are transformed using DCT, and the 8×8 transformed coefficients are quantized using a quantization table. The 8×8 quantized coefficients are then scanned in zigzag order for entropy coding. After all of the blocks have been sequentially processed, the JPEG code is generated. The quality factor QF between 0 and 100 controls the quality of the JPEG decompressed image. A higher QF

corresponds to higher quality of the JPEG decompressed image. This phenomenon is shown in Figure 2.1, and the peak signal-to-noise ratio (PSNR), defined by

2 10 255 10 log PSNR MSE = × , (2.1) is used to measure the similarity between the original image and its JPEG decompressed image where MSE represents the mean square error between the pixel values of the original image and those of the JPEG decompressed image.

Figure 2.1. Relation between QF values and the corresponding quality of a 512×512 JPEG decompressed grayscale image Lena.

2.2 Proposed Method

2.2.1 Mapping Quantized Coefficients to Stego Quantized Coefficients

In the quantization process of JPEG, each DCT coefficient D(i, j) is divided by its quantizer Q(i, j) grabbed from a quantization table, and then rounded to the nearest integer F(i, j), as

( , ) [ ( , ) / ( , )]

F i j =Round D i j Q i j , (2.2) where 0≤i, j<8. To generate the stego quantized coefficient F'

(i, j) by embedding secret data in the quantized coefficient F(i, j), a mapping that maps F(i, j) to F'(i, j) is introduced in the following. As shown in Figure 2.2, consider a line segment mn in the real axis containing the integer point F(i, j) and its two half-unit-away non-integer

points m=F(i, j)−0.5 and n=F(i, j)+0.5. The quantizer Q(i, j) is modified to a smaller quantizer Q'(i, j) that satisfies , enabling each real number z to be mapped to an integer, as ( , ) / ( , ) 2 Q i j Q i j′ ≥ ⎢⎣ ⎥⎦ ( ) ( , ) / ( , ) h z =⎡_⎢z Q i j× Q i j′ ⎤_⎥. (2.3) According to Eq. (2.3), the non-integer points m=F(i, j)−0.5 and n=F(i, j)+0.5 are mapped to the integer points M(i, j) and N(i, j), respectively, using

( , ) [ ( , ) 0.5] ( , ) / ( , )

M i j =⎡_⎢ F i j − ×Q i j Q i j′ ⎤_⎥, (2.4)

( , ) [ ( , ) 0.5] ( , ) / ( , )

N i j =⎡_⎢ F i j + ×Q i j Q i j′ ⎤_⎥. (2.5) After the values of M(i, j) and N(i, j) have been determined, based on the to-be-hidden secret digit, an integer point in the half-open interval [M(i, j), N(i, j)) is indentified as the stego quantized coefficient F'(i, j). For example, let F'(i, j) be M(i, j) if the to-be-hidden secret is 0; let F'(i, j) be M(i, j)+1 if the to-be-hidden secret is 1; let F'(i,

j) be M(i, j)+2 if the to-be-hidden secret is 2; and so on. Notably, if the final value of

the stego quantization coefficient F'(i, j) is used to indicate one of the 2n possible readings of an n-bit secret, the half-open interval [M(i, j), N(i, j)) in Figure 2.2 must contain at least 2n integer points.

Figure 2.2. The quantizer Q(i, j) is modified to a smaller quantizer Q'(i, j) that satisfies , enabling m=F(i, j)–0.5 and n=F(i, j)+0.5 to be mapped to M(i,

j) and N(i, j), respectively.

( , ) / ( , ) 2

Q i j Q i j′ ≥

To reconstruct the original quantized coefficient F(i, j) from the stego quantized coefficient F'(i, j), all integers in the range [M(i, j), N(i, j)) must be traced back to the unique integer F(i, j). This can be done by applying the Q'(i, j)-to-Q(i, j) inverse mapping to reverse F'(i, j) back to a real number F'(i, j)×Q'(i, j)/Q(i, j), which is near

F(i, j). In fact, according to the design shown in Figure 2.2, this real number will stay

in the interval [F(i, j)−0.5, F(i, j)+0.5), and it can be rounded to the nearest integer as the original F(i, j). In summary, F(i, j) is reconstructed using

( , ) [ ( , ) ( , ) / ( , )]

F i j =Round F i j′ ×Q i j′ Q i j . (2.6)

2.2.2 Secret Embedding

2.2.2.1 Construction of Hiding Capacity Table and Modified Quantization Table For 0≤i, j<8, let HC(i, j), Q(i, j), and Q'

(i, j) denote the elements in the i’th row and j’th column of the 8×8 hiding capacity table HC, the original JPEG quantization table Q, and the modified quantization table Q', respectively. The three tables are used for all blocks of the cover image. The integer HC(i, j), which is the number of secret bits to be hidden in a quantized coefficient F(i, j), is randomly chosen from the range

2 2

min{N_bit, log⎢_⎣ Q i j( , ) }_⎦⎥ ≤HC i j( , )≤_⎣⎢log Q i j( , )⎥⎦

′ _⎤⎥

. (2.7) The reason why HC(i, j) depends on the original quantization table Q and integer parameter Nbit is explained in the following. Based on Range Property below,

. Therefore, in the half-open interval [M(i, j), N(i, j)), there are at most

( , ) / ( , ) ( , ) ( , ) ( , ) / ( , ) Q i j Q i j′ ≤N i j −M i j ≤ Q i j Q i j ⎢ ⎥ ⎡ ⎣ ⎦ ⎢ ( , ) / ( , ) Q i j Q i j′ ⎢ ⎥ ⎣ ⎦ integer points. To embed secret data of HC(i, j) bits in the quantized coefficient F(i, j), there are 2HC(i, j) possible combinations of the secret bits. The embedding of each combination corresponds to one of the integer points located in the half-open interval [M(i, j), N(i,

( , )

2HC i j ≤⎢_⎣Q i j( , ) /Q i j′(, )⎥_⎦ (2.8) must be satisfied for each 0≤i, j<8. Because the values of Q'

(i, j) and Q(i, j) are integers between 1 and 255, _⎣⎢Q i j( , ) /Q i j′( , )⎥ ⎢_{⎦ ⎣}≤ Q i j( , )⎥_⎦=Q i j( , ). Therefore,

( , )

2HC i j ≤Q i j( , )

⎥⎦

. (2.9) The integer parameter Nbit also appears in Eq. (2.7) because if directly let HC(i, j)

be ⎢⎣log₂Q i j( , ) , according to Eq. (2.10), the corresponding Q'(i, j) in the modified quantization table Q' will be one (_⎣⎢Q i j( , ) / 2HC i j( , )⎥_{⎦ =}⎢_{Q i j( , ) / 2}⎢⎣log2Q i j( , )⎥⎦⎥

⎣ ⎦=1), and

therefore the first NQC elements in the modified quantization table Q' are all one,

making attackers feel suspicious. Last, to determine the 8×8 modified quantization table Q', Eq. (2.8) implies that 2HC(i, j) ≤ ⎣Q(i, j)/Q'(i, j)⎦ ≤ Q(i, j)/Q'(i, j). Because both

Q(i, j) and Q'(i, j) are positive integers, Q i j′( , )≤Q i j( , ) / 2HC i j( , ). Therefore, the element Q'(i, j) of the modified quantization table Q' is simply defined as

( , )

( , ) ( , ) / 2HC i j

Q i j′ = ⎣⎢Q i j ⎥_{⎦ , (2.10)}

where 0≤i, j<8. Eq. (2.10) also implies that

HC i j( , )= ⎢⎣log [ ( , ) /2 Q i j Q i j′( , )]⎥⎦. (2.11)

Range Property: _⎣⎢Q i j( , ) /Q i j′( , )⎥_⎦≤N i j( , )−M i j( , )≤⎡_⎢Q i j( , ) /Q i j′( , )⎤_⎥.

Proof:

(i) Proof of the upper bound: ( , ) ( , )

N i j −M i j

=_⎢⎡[ ( , ) 0.5]F i j + ×Q i j( , ) /Q i j′( , )⎤ ⎡_{⎥ ⎢}− [ ( , ) 0.5]F i j − ×Q i j( , ) /Q i j′( , )⎤⎥

=_⎢⎡[ ( , ) 0.5]F i j + ×Q i j( , ) /Q i j′( , )⎤ ⎡_{⎥ ⎢}− [ ( , ) 0.5]F i j + ×Q i j( , ) /Q i j′( , )−Q i j( , ) /Q i j′( , )⎤⎥

≤⎡_⎢[ ( , ) 0.5]F i j + ×Q i j( , ) /Q i j′( , )_{⎥ ⎢}⎤ ⎡− [ ( , ) 0.5]F i j − ×Q i j( , ) /Q i j′( , )_{⎥ ⎢}⎤ ⎡+ Q i j( , ) /Q i j′( , )⎤⎥

=⎡_⎢Q i j( , ) /Q i j′( , )⎤_⎥.

(ii) Proof of the lower bound: ( , ) ( , ) N i j −M i j =_⎢⎡[ ( , ) 0.5]F i j + ×Q i j( , ) /Q i j′( , )⎤ ⎡_{⎥ ⎢}− [ ( , ) 0.5]F i j − ×Q i j( , ) /Q i j′( , )⎤⎥ =_⎢⎡[ ( , ) 0.5 1]F i j − + ×Q i j( , ) /Q i j′( , )⎤ ⎡_{⎥ ⎢}− [ ( , ) 0.5]F i j − ×Q i j( , ) /Q i j′( , )⎤⎥ =_⎢⎡[ ( , ) 0.5]F i j − ×Q i j( , ) /Q i j′( , )+Q i j( , ) /Q i j′( , )⎤ ⎡_{⎥ ⎢}− [ ( , ) 0.5]F i j − ×Q i j( , ) /Q i j′( , )⎤⎥ ≥_⎢⎡[ ( , ) 0.5]F i j − ×Q i j( , ) /Q i j′( , )_{⎥ ⎣}⎤ ⎢+ Q i j( , ) /Q i j′( , )_{⎦ ⎢}⎥ ⎡− [ ( , ) 0.5]F i j − ×Q i j( , ) /Q i j′( , )⎤_⎥ =⎢_⎣Q i j( , ) /Q i j′( , )⎥_⎦.

2.2.2.2 Hiding Secret Data in Quantized Blocks

After the hiding capacity table HC and the modified quantization table Q' have been generated, secret data are embedded in quantized blocks. The secret embedding algorithm is summarized here:

The secret embedding algorithm

Input: A JPEG code; secret data; two integer parameters Nbit∈{1,2,3} and

NQC∈{1,2,…,32}.

Output: The JPEG stego code.

Step 1: Decode the JPEG code using the JPEG entropy decoding to obtain an 8×8 quantization table Q and all quantized blocks {F} formed of 64 quantized coefficients each.

Step 2: Use Eqs. (2.7) and (2.10) to compute the first NQC elements of the 8×8 hiding

capacity table HC and the 8×8 modified quantization table Q'

, respectively. The other (64−NQC) elements of the table HC are set to zeros. The other

(64−NQC) elements of the table Q' are copied from the corresponding (64−NQC)

elements of the quantization table Q.

Step 3: Repeat Steps 3a-3b in a block-by-block manner until all quantized blocks {F} have been processed.

Step 3a: For the first NQC quantized coefficients {F(i, j)} of the 8×8 quantized

block F currently being processed, use Eq. (2.4) to determine M(i, j) from F(i,

j). Then, sequentially grab the next HC(i, j) not-yet-embedded bits from the

secret data, and let the single decimal value Z(i, j) be the decimal equivalent of the just-grabbed binary number with HC(i, j) bits. Compute the stego quantized coefficient F'(i, j) using

( , ) ( , ) ( , )

F i j′ =M i j +Z i j . (2.12) Replace F(i, j) by F'(i, j) because F(i, j) is no longer needed.

Step 3b: Apply the JPEG entropy coding to the embedded quantized block F'. Step 4: Put the modified quantization table Q' in the JPEG file header. The JPEG

stego code is generated. (The JPEG stego code, the original quantization table

Q, and the integer parameter NQC are transmitted to the receiver.)

2.2.3 Extraction of Hidden Data and Reconstruction of Original JPEG Code When people receive the JPEG stego code, if they also know the original JPEG quantization table Q and the integer parameter NQC, they can extract the secret data,

followed by reconstructing the original JPEG code. The secret data and JPEG code reconstruction algorithm is summarized here:

The secret data and JPEG code reconstruction algorithm

Input: The JPEG stego code; the original 8×8 JPEG quantization table Q; the integer parameter NQC∈{1,2,…,32}.

Output: The secret data and the original JPEG code.

Step 1: Apply the JPEG entropy decoding to the JPEG stego code and obtain the 8×8 modified quantization table Q' and all stego quantized blocks {F'}.

Step 2: Reconstruct the first NQC elements of the 8×8 hiding capacity table HC using

Eq. (2.11).

Step 3: Repeat Steps 3a-3b in a block-by-block manner until all stego quantized blocks {F'} have been processed.

Step 3a: For the first NQC stego quantized coefficients {F'(i, j)} of the 8×8 stego

quantized blocks F' currently being processed, reverse each F'(i, j) back to

F(i, j) using Eq. (2.6). Map F(i, j)−0.5 to M(i, j) using Eq. (2.4). Extract the

decimal equivalent Z(i, j) of the secret bits using ( , ) ( , ) ( , )

Z i j =F i j′ −M i j . (2.13) Overwrite F'(i, j) by F(i, j). Therefore, not only the secret data Z(i, j) hidden in the stego quantized coefficient F'(i, j) but also the original JPEG quantized coefficient F(i, j) at the current block position are reconstructed.

Step 3b: Encode the current (secret-already-extracted) quantized block F using the JPEG entropy coding for recycling use.

Step 4: Put the original quantization table Q in the JPEG file header. The original JPEG code is reconstructed without any error.

2.2.4 Example of Secret Embedding and Extraction Processes

Assume the quantized coefficient F(0, 0) is 12 and the original quantizer Q(0, 0) used by JPEG is 17. Let the modified quantizer Q'(0, 0) be four. According to Eqs.

(2.4) and (2.5), the values M(0, 0) and N(0, 0) are computed using (0, 0) = [ (0, 0) 0.5] (0, 0) / (0, 0) (12 0.5) 17 / 4 49 M ⎡_⎢ F − ×Q Q′ ⎤ ⎡_{⎥ ⎢}= − × ⎤⎥= ⎤⎥ = ⎤⎥ , (0, 0) = [ (0, 0) 0.5] (0, 0) / (0, 0) (12 0.5) 17 / 4 54 N ⎡_⎢ F + ×Q Q′ ⎤ ⎡_{⎥ ⎢}= + × = .

Therefore, in the half-open interval [M(0, 0)=49, N(0, 0)=54), the value F'(0, 0)=49 is the stego quantized coefficient after 0 is embedded. [F'(0, 0)=50 after 1 is embedded;

F'(0, 0)=51 after 2 is embedded; F'(0, 0)=52 after 3 is embedded.] Later, assume that the stego quantized coefficient F'(0, 0)=50 is obtained. To reconstruct the quantized coefficient F(0, 0) from F'(0, 0)=50, use Eq. (2.6) to evaluate

(0, 0) [ (0, 0) (0, 0) / (0, 0)] (50 4 /17) 12

F =Round F′ ×Q′ Q =Round × . Then, use Eq. (2.4) to compute

.

(0, 0) = [ (0, 0) 0.5] (0, 0) / (0, 0) (12 0.5) 17 / 4 49

M ⎡_⎢ F − ×Q Q′ ⎤ ⎡_{⎥ ⎢}= − × =

Last, from Eq. (2.13), the decimal equivalent of the hidden data is extracted as (0, 0) (0, 0) (0, 0) 50 49 1

Z =F′ −M = − = .

2.3 Experiments and Comparisons

2.3.1 Experimental Results

Six 512×512 grayscale images, Lena, Jet, Boat, Peppers, Baboon, and Zelda, are tested in the experiments. They are all compressed using the JPEG source code taken from the fourth public release of the Independent JPEG Group's free JPEG software [43]. The quality of an image is measured by the PSNR. Figures 2.3(a) and 2.3(d) show the images Lena and Jet decompressed from the JPEG-Q85 codes using JPEG with QF=85 without any hidden secret. Figures 2.3(b) and 2.3(e) display the stego-images decompressed from our JPEG stego codes after two secret data of size 253,952 bits each are embedded in the JPEG-Q85 codes of Lena and Jet, respectively.

Figures 2.3(c) and 2.3(f) depict the decrypted-decompressed images derived from our JPEG stego codes, the decompressed images of which are in Figures 2.3(b) and 2.3(e).

2.3.2 Comparisons

Table 2.1 (for image Lena) and Table 2.2 (for image Jet) compare some non-reversible JPEG hiding methods [12,15,17] with the proposed reversible JPEG hiding method in terms of hiding capacity (size of the hidden secret), hiding ratio (size of the hidden secret over size of the JPEG stego code), and the quality of the stego-image when the cover image is compressed using JPEG with QF=85. For simplicity, the value of each element HC(i, j) in the 8×8 hiding capacity table HC is set to the left-hand-side value of Eq. (2.7).

As presented in Table 2.1, the proposed method provides a higher hiding capacity, a higher hiding ratio, and better stego-image quality than those in the related works [12,15,17]. For example, the proposed method has the PSNR value 39.12 dB when the hiding capacity is 253,952 bits with the hiding ratio being 35.23% while the PSNR value in Chang et al.’s method [15] is 29.64 dB (< 39.12 dB) when the hiding capacity is 212,992 bits (< 253,952 bits) with the hiding ratio being 30.0% (< 35.23%).

Similarly, the proposed method has the PSNR value 41.11 dB when the hiding capacity is 122,880 bits with the hiding ratio being 23.16% while the PSNR value in JSteg [12] is 40.70 dB (< 41.11 dB) when the hiding capacity is 31,933 bits (< 122,880 bits) with the hiding ratio being 8.85% (< 23.16%), and the PSNR value in Tseng and Chang’s method [17] is 38.10 dB (< 41.11 dB) when the hiding capacity is 54,652 bits (< 122,880 bits) with the hiding ratio being 14.0% (< 23.16%). Most of all, after the secret data have been extracted, the proposed method can reconstruct the original JPEG code, but the aforementioned methods [12,15,17] cannot.

The comparisons between Chang et al.’s reversible method [18] and ours are given in the following. Notably, both Fridrich et al.’s [14] and Chang et al.’s [18] methods are reversible. However, because the original purpose in Fridrich et al.’s method [14] is to authenticate JPEG codes (the hidden secret is a much smaller authentication watermark of size about 4,000 bits rather than our larger-size secret, which can be as large as 253,952 bits), their method is not in the same application group as ours or the associated works [12,15,17,18]. Therefore, the comparisons between Fridrich et al.’s method [14] and ours are omitted.

Figures 2.4(a)-(c) compare Chang et al.’s method [18] with ours in terms of hiding capacity, hiding ratio, and stego-image quality when the image is Lena. Figure 2.4(d) compare the average length of the JPEG stego codes between Chang et al.’s method [18] and ours when the six images are Lena, Jet, Boat, Peppers, Baboon, and Zelda. The two parameters used in the proposed method are Nbit=2 and NQC=16. As

displayed in Figures 2.4(a)-(c), the hiding capacity, hiding ratio, and stego-image quality in the proposed method are all better than those in Chang et al.’s method [18].

On the other hand, as shown in Figure 2.4(d), the length of our JPEG stego code would be less attractive than that of theirs because a higher hiding capacity causes a longer output JPEG stego code. But this trade off is still worthy and more efficient because the hiding capacity is high. If the readers want to reduce the length of the JPEG stego code, they may reduce the not-small gains in hiding capacity and hiding ratio by using lower Nbit and NQC values. One such example is shown in Figure 2.5

where the two parameters are Nbit=1 and NQC=10. From Figure 2.5, the hiding

capacity, hiding ratio, and stego-image quality in the proposed method are still a little bit more competitive than those in Chang et al.’s method [18] while our code-length curve gets a tie with theirs.

2.4 Discussions

2.4.1 Parameters Setting

The rules in the following can be used to determine the two parameters Nbit and

NQC. As a key rule, using Nbit=1 is for the secret of moderate size, and using Nbit=2 or

3 is for the secret of large size. After the Nbit value has been determined, adjust the

NQC value. When the NQC value is adjusted, start from a moderate value such as

NQC=16. If the secret is too large to be hidden, increase the NQC value; otherwise,

decrease the NQC value slightly to reduce the length of the JPEG stego code, as long

as the secret can still be hidden after the cut of the NQC value.

Additionally, under the same NQC value, using a higher Nbit, which forces the use

of a higher HC(i, j), causes a higher hiding capacity than using a lower Nbit because

HC(i, j) is the number of secret bits to be embedded in a quantized coefficient. Also, a

little improvement of the stego-image quality might be obtained by using a higher Nbit.

Another experiment is conducted to observe this phenomenon. Let the image Lena be compressed using JPEG with QF=75. The generated JPEG code is utilized to embed the secret data using various setting of Nbit and NQC values. For simplicity, the value of

each element HC(i, j) in the 8×8 hiding capacity table HC is set to be the left-hand-side value of Eq. (2.7). According to this assignment rule, using a higher Nbit

really causes a higher hiding capacity than using a lower Nbit, as shown in Table 2.3.

However, the improvement of the hiding capacity and the quality of the stego-images are less obvious when the Nbit value jumps from three to four. Also,

using a higher Nbit causes a more increasing of the length of the JPEG stego code than

using a lower Nbit. Therefore, using Nbit=4 is not suggested for security concern. In

summary, it is recommended to use Nbit=2 and Nbit=3. Skip the use of Nbit=1 if very

2.4.2 Security

Both the Chi-square [44] and StegDetect [11] analysis tools are used by attackers to detect whether a stego-image or a JPEG code contains secret data or not. The proposed method can resist these attacks.

For the Chi-square analysis, Figure 2.6(a) shows the 512×512 grayscale image, Lena, without any hidden secret. Figure 2.6(b) displays the stego-image Lena generated by embedding secret data in Figure 2.6(a) using the LSB substitution scheme. Figure 2.6(c) depicts the stego-image Lena decompressed from our JPEG stego codes after a secret of size 253,952 bits is hidden. Figures 2.6(d)-(f) plot the results obtained when Guillermito’s Chi-square analysis tool is employed to examine the pixels in Figures 2.6(a)-(c), respectively. The cross curve represents the probability that the pairs of values are randomly distributed, and the circular curve represents the average value of all LSBs in one block of pixels. The circular curves in Figures 2.6(d)-(f) suggest to the attackers nothing because these circular curves are all around (0+1)/2=0.5. However, the cross curve in Figure 2.6(e) is close to one, indicating that some secret data are very probably embedded in Figure 2.6(b). In contrast, the cross curves in Figures 2.6(d) and 2.6(f) are both close to zero. Therefore, the attackers may ignore the hidden data in Figure 2.6 (c).

Provos’s StegDetect analysis tool [11], introduced in Provos and Honeyman’s method [45] and used in some methods [46-48], is adopted for the StegDetect analysis. Let OriginalLena.jpg be the JPEG-Q85 code generated by compressing a 24-bit color image Lena of size 512×512 using JPEG with QF=85. Figure 2.7(a) shows the image Lena decompressed from OriginalLena.jpg. When people use the JPEG hiding methods JPHide [10], JSteg [12], and OutGuess [11] to hide secret data in OriginalLena.jpg, let the generated JPEG stego codes be Stego-of-JPHide.jpg, Stego-of-JSteg.jpg, and Stego-of-OutGuessOld.jpg, respectively. Figures 2.7(b)-(d)

shows the stego-images decompressed from Stego-of-JPHide.jpg, Stego-of-JSteg.jpg, and Stego-of-OutGuessOld.jpg, without any extraction of the hidden secret data. Figures 2.7(e)-(l) plot the eight stego-images decompressed from our eight JPEG stego codes when the two parameters (Nbit, NQC) are (1, 16), (1, 24), (1, 32), (2, 16), (2,

24), (2, 32), (3, 16), (3, 24), respectively. (The hidden secret data are left untouched when the eight JPEG decompressions are performed.) Notably, the proposed method only uses the quantized coefficients of the brightness component Y of the cover image to hide secret data. The quantized coefficients of the color components Cb and Cr of the cover image are not used in hiding to minimize color distortion.

As shown in Figure 2.7(m), three JPEG stego codes Stego-of-JPHide.jpg, Stego-of-JSteg.jpg, and Stego-of-OutGuessOld.jpg yield the strongest response (the highest score *** in terms of the measure is provided by Provos’s StegDetect analysis tool [11]), indicating that the three JPEG stego codes must contain some hidden data. However, when our JPEG stego codes are examined by the StegDetect analysis tool, all the responses are negative. Therefore, our JPEG stego codes can pass StegDetect analysis. Similar observations are made when the color image Lena is replaced by Jet or other images.

Last, the length of our JPEG stego code is discussed. When the 512×512 grayscale image Lena is compressed using JPEG with a quality factor in the range of 10 to 95, the length of the JPEG code (without any hidden secret) is between 8,119 and 94,581 bytes. The lengths of the JPEG stego codes of Lena are 55,432, 62,236, 70,237, 66,307, 78,484, 90,114, 67,257, and 82,207 bytes when (Nbit, NQC) are (1, 16),

(1, 24), (1, 32), (2, 16), (2, 24), (2, 32), (3, 16), and (3, 24), respectively. Therefore, the attackers will not be suspicious about the lengths of our JPEG stego codes since their lengths all fall in the reasonable range of 8,119 to 94,581 bytes. Similar phenomena also hold when the grayscale image Lena is replaced by Jet or others.

2.5 Summary

This chapter proposes a reversible JPEG hiding method with high hiding capacity and high hiding ratio. The secret data are embedded in a JPEG code. In decoding, after lossless extraction of the secret data, the original JPEG code is reconstructed. From Tables 2.1-2.2 and Figures 2.4-2.5, the proposed method outperforms that of the related JPEG hiding methods [12,15,17,18] in terms of hiding capacity, hiding ratio, and stego-image quality. The reversibility makes the reconstructed JPEG code to be used many times without any degrading.

(a) (b) (c)

(d) (e) (f)

Figure 2.3. Images decompressed from JPEG codes. (a) The 41.75-dB image Lena decompressed from the JPEG-Q85 code without any hidden secret. (b) The 39.12-dB stego-image Lena decompressed from our JPEG stego code. (c) The 41.75-dB decrypted-decompressed image Lena derived from our JPEG stego code. (d)-(f) Same as (a)-(c) except that the image Lena is replaced by Jet, and the PSNRs of (d) to (f) are 41.15dB, 38.75 dB, and 41.15dB, respectively.

(a)

(b)

(c)

(d)

Figure 2.4. Comparisons between Chang et al.’s method [18] and ours when the two parameters are Nbit=2 and NQC=16. The comparisons are (a) hiding capacity, (b) hiding

(a)

(b)

(c)

(d)

(a) (b) (c)

(d)

(e)

(f)

Figure 2.6. Results of Chi-square analysis: (a) the image Lena without any hidden secret; (b) the stego-image Lena generated using the LSB substitution method; (c) the stego-image Lena decompressed from our JPEG stego code after a secret of size 253,952 bits is hidden; (d)-(f) the results of Chi-square analysis of the pixels in (a), (b), and (c), respectively.

(a) (b) (c) (d) (e) (f) (g) (h) (i) (j) (k) (l) (m)

Figure 2.7. Results of StegDetect analysis: (a) the cover image Lena decompressed from the JPEG-Q85 code without any hidden secret; (b)-(d) the stego-images decompressed from the JPEG stego codes of JPHide [10], JSteg [12], OutGuess [11], respectively; (e)-(l) the stego-images decompressed from our eight JPEG stego codes, respectively; (m) the results of StegDetect analysis of the twelve JPEG codes, the decompressed images of which are in (a)-(l).

Table 2.1. Comparisons of hiding capacity, hiding ratio, and stego-image quality among the related JPEG hiding methods [12,15,17] and ours when the grayscale image Lena is compressed using JPEG with QF=85.

Scheme (Nbit, NQC) Capacity

factor Hiding capacity (bits) Hiding ratio (%) Stego-image quality (dB) [12] 31,933 8.85% 40.70 [15] 212,992 30.0% 29.64 0.2 33,790 8.68% 40.21 0.6 54,652 14.0% 38.10 [17] 1.0 63,083 16.2% 36.56 (1, 16) 65,536 14.78% 40.99 (1, 24) 98,304 19.74% 40.10 (1, 32) 131,072 23.33% 38.22 (2, 16) 122,880 23.16% 41.11 (2, 24) 188,416 30.01% 40.53 (2, 32) 253,952 35.23% 39.12 (3, 16) 126,976 23.60% 41.13 Our scheme (3, 24) 208,896 31.76% 40.49

Table 2.2. Same as Table 2.1 except that the image Lena is replaced by Jet. Scheme (Nbit, NQC) Capacity

factor Hiding capacity (bits) Hiding ratio (%) Stego-image quality (dB) [12] 32,868 9.11% 40.07 [15] 212,992 29.9% 28.16 0.2 35,678 9.26% 39.38 0.6 58,254 15.1% 37.32 [17] 1.0 66,363 17.2% 35.77 (1, 16) 65,536 14.70% 40.47 (1, 24) 98,304 19.58% 39.67 (1, 32) 131,072 23.24% 37.91 (2, 16) 122,880 23.03% 40.58 (2, 24) 188,416 29.74% 40.06 (2, 32) 253,952 35.01% 38.75 (3, 16) 126,976 23.44% 40.60 Our scheme (3, 24) 208,896 31.43% 40.03

Table 2.3. Our hiding capacity, hiding ratio, and stego-image quality when the grayscale image Lena is compressed using JPEG with QF=75.

(Nbit, NQC) Hiding capacity (bits) Hiding ratio (%) Stego-image quality (dB)

(1, 16) 65,536 18.91% 38.56 (2, 16) 131,072 28.56% 38.87 (3, 16) 163,840 32.38% 38.94 (4, 16) 167,936 32.81% 38.96 (1, 24) 98,304 24.15% 37.09 (2, 24) 196,608 35.76% 37.78 (3, 24) 262,144 41.07% 37.91 (4, 24) 278,528 41.96% 37.96 (1, 32) 131,072 27.60% 34.48 (2, 32) 262,144 40.59% 35.59 (3, 32) 360,448 46.74% 35.95 (4, 32) 405,504 47.40% 35.81

Chapter 3

Multi-Threshold Progressive Image Sharing with

Compact Shadows

This chapter proposes a multi-threshold progressive reconstruction method. An important image is encoded three times using JPEG: first with a low-quality factor, then with a medium-quality factor, and last with a high-quality factor. Huffman coding is employed to encode the difference between the important image and the high-quality JPEG decompressed image. The three JPEG codes and the Huffman code are shared, respectively, according to four pre-specified thresholds. The n generated equally important shadows can be stored or transmitted using n channels in parallel. Cooperation among these shadows can progressively reconstruct the important image. The reconstructed image is loss-free when the number of collected shadows reaches the largest threshold. Each shadow is very compact and so can be hidden successfully in the JPEG codes of cover images to reduce the probability of being attacked when transmitted in an unfriendly environment. The proposed scheme is easier than the progressive image sharing schemes [27-30] to apply to scalable Moving Picture Experts Group (MPEG) video transmission [49,50], and the shadows herein can resist differential attack [51-53]. Comparisons with other image sharing methods are also made. The rest of this chapter is organized as follows. Section 3.1 reviews related works. Section 3.2 presents the proposed scheme. Section 3.3 reports the experimental results and makes comparisons with other methods. Section 3.4 discusses security. Last, Section 3.5 summarizes this chapter.

3.1 Related Works

3.1.1 Secret Image Sharing Method of Thien and Lin

Thien and Lin [21] propose a (k, n) threshold method for splitting a grayscale secret image into n shadows. First, all of the gray values between 251 and 255 in the secret image must be truncated to 250 because the arithmetic operations in Eq. (3.1) are modulo 251. They then use a key to permute the pixels of the secret image, and the permuted image is partitioned into several sectors of k pixels each. For each not-yet processed sector, define a polynomial

2 1

0 1 2 1

( ) ... k (mod 251) k

f z = +r r z+r z + +r z₋ − , (3.1)

where r0 to rk-1 are the k pixel values. The n values f(1), f(2), …, and f(n) are

calculated and then attached to the n shadows.

After all sectors have been processed, the n shadows are generated. Since every k pixels in the secret image contribute a single pixel to each of the n generated shadows, each shadow size is 1/k of the secret image size. In collecting at least k shadows, Thien and Lin take the first not-yet-used pixel from each of the k shadows and use these k pixel values f(z1), f(z2), …, and f(zk) to evaluate the k coefficients in Eq. (3.1)

for the first sector by reconstructing the (k–1)-degree polynomial f(z) as

2 3 1 1 2 1 3 1 1 3 2 2 1 2 3 2 1 2 1 1 2 1 ( )( )...( ) ( ) ( ) ( )( )...( ) ( )( )...( ) ( ) ( )( )...( ) ( )( )...( ) ... ( ) (mod 251). ( )( )...( ) k k k k k r k k k k z z z z z z f z f z z z z z z z z z z z z z f z z z z z z z z z z z z z f z z z z z z z − − − − − = − − − − − − + − − − − − − + + − − − (3.2)

By processing all pixels of the k shadows in order, they obtain the permuted image, which is then de-permuted to reveal the secret image.

An example is presented in the following. To divide k=2 pixel values 100 and 200 into n=3 shadows, Eq. (3.1) is used to compute the three shadows: f(1) =

(100+200×1) mod 251 = 49; f(2) = (100+200×2) mod 251 = 249; and f(3) = (100+200×3) mod 251 = 198. Later, if two shadows f(1)=49 and f(3)=198 are received, Eq. (3.2) is used to reconstruct the polynomial as f(z) ≡ f(1)×(z–3)/(1–3) +

f(3)×(z–1)/(3–1) ≡ 49×(z+248)/249 + 198×(z+250)/2 ≡ 49×(z+248)×125 +

198×(z+250)×126 ≡ 100 + 200z (mod 251). The original pixel values, 100 and 200, are therefore obtained.

3.1.2 Galois Field

A Galois field (GF) is a finite field of pt _{elements with addition (+) and}

multiplication (×) operations that satisfy commutative, associative, and distributive laws where p is a prime number and t is a positive integer. The arithmetic over GF(p) is generally the same as modulo p, and therefore Thien and Lin [21] use a Galois field with pt_=p1_{=p=251 elements. The proposed method employs a Galois field with 2}t

elements, and arithmetic over GF(2t) is based on the representation of each element in GF(2t_{). An element in GF(2}t_{) is generally represented using a polynomial-basis}

representation, as a binary polynomial of degree less than t. The t-tuple of coefficients of the binary polynomial corresponds to the binary representation of an integer between 0 and 2t–1.

Let A = (at-1…a1a0)2 and B = (bt-1…b1b0)2 be two t-bit binary elements in GF(2t). In the polynomial-basis representation, A and B are A(X) = at-1Xt-1 +…+ a1X + a0 and

B(X) = bt-1Xt-1 +…+ b1X + b0, respectively. Define the addition of A and B as

1 0 t i i A B a b − = i + =

∑

1 0 ( ) t i i A B A B A B a b − = − = + − = + =

∑