2.1 General Watermarking Model in Image Authentication

CHAPTER 2

Literature Review

In this chapter, we discuss the reported literatures about watermarking in image authentication. In section 2.1, we introduce the general watermarking model in image authentication. The categories of watermarking technique are delineated in section 2.2. In section 2.3, we describe the fundamental requirements of watermarking in image authentication. In section 2.4, the categories of malicious attacks are discussed. Finally, we review the various applications of fragile watermarking schemes in section 2.5.

2.1 General Watermarking Model in Image Authentication

In this section, we describe the general watermarking concept in image authentication. Three terminologies used through whole dissertation are introduced at first. “Watermark” is a kind of sensitive messages which are embedded into image to protect the integrity of images. The action of embedding watermarks into images is “watermarking”. After watermarks are embedded into the cover image, the stego-image which contains watermarks is so-called “watermarked image”.

The general watermarking model for image authentication is shown in Fig. 2.1.

The side information for the embedding process is exploited to generate and embed

watermarks. The side information may include the content of original image, watermarks, watermark insertion positions, or secret embedding keys. Watermarks may be encrypted by private-key or public-key systems to form cryptographic watermarks, and then the watermarks should be perceptually embedded into the cover image. After the watermarks are embedded, the watermarked image should be perceptually identical to the original one under normal observation.

The watermarked image may be transmitted to an authorized user through a mistrustful network. After the authorized user received a watermarked image, the authenticity of watermarked image can be evaluated with the side information. The side information exploited in authenticating process may include the original image, the correctly secret keys, or secure information in the embedding process. Supposed

Mistrustful Network

Stego-image

Fig. 2.1 The general watermarking model for image authentication Side Information

Tampered Image

Wrong Key

protected image is tampered, the tampered areas should be accurately localized.

2.2 The Categories of Watermarking in Image Authentication

In recent years, many watermarking researches had been proposed to protect the copyright or integrity of images. According to the various characteristics of watermarking techniques, watermarking schemes can be classified into various categories.

2.2.1 Private, Semi-Private and Public Watermarking

According to the side information which is exploited to extract and verify the embedded watermarks, watermarking techniques can be categorized into three categories: private, semi-private and public [Pet99]. In private watermarking schemes [Cox97][Pod98], when the authenticator received a watermarked image, the original image is indispensable to extract watermarks from the protected image. The private watermarking schemes are also called the non-blind watermarking schemes.

This kind of watermarking can be further categorized into semi-private watermarking technique [Che01][Lu01]. The semi-private watermarking means that the embedded watermarks can be extracted without original image but the original watermarks still need to be acquired from the author. Private watermarking schemes are restricted to be used by the authorized users or content owners.

On the other hand, the public watermarking schemes are also called the blind

watermarking schemes [Che03][Tan04a]. The original image and watermarks are

not required in extracting and authenticating process. No extra cost is required to

send original image and watermarks to authenticator when authorized users want to

verify watermarked image. It is more suitable to be applied in practical applications.

Hence, there is a tendency toward the public watermarking scheme in recent researches.

2.2.2 Spatial and Frequency Domain

According to the embedding strategies, watermarking techniques can be categorized into two categories: spatial and frequency. In watermarking techniques of spatial domain, the watermarks are often embedded watermarks in the nonessential part of the spatial image. Compared to embedding watermarks in frequent domain, the major advantage of embedding them in spatial domain is that the visual quality of watermarked image is easier to be controlled.

On the other hand, after images are transformed into frequency domain, the watermarks are perceptually embedded into frequency coefficients. The major advantage of embedding watermarks into frequency domain is that the distortions made by image processing, such as lossy compression, are easier to be analyzed and controlled. It follows from what has been said that this kind of techniques is more robust to image processing.

2.2.3 Symmetric and Asymmetric Watermarking

According to the encryption method of cryptographic watermarks, watermarking techniques can be categorized into two categories: symmetric and asymmetric watermarking.

In symmetric watermarking or private-key watermarking, symmetric algorithm

uses the identical secure keys for embedding and extracting watermarks. Because

the secure embedding keys must be known by every authorized user to extract

watermarks, the applications of symmetric systems are restricted and this kind of system presents a security risk

In asymmetric watermarking or public-key watermarking, asymmetric algorithms use secure keys for encrypting watermarks during embedding process and public keys for extracting watermarks during authenticating process. In this kind of technique, the secret embedding keys shouldn’t be possibly derived from the public ones. This kind of watermarking method is more suitable for practical applications.

From these remarks one general point becomes very clear: it is a tendency toward asymmetric watermarking in recent researches.

2.2.4 Complete, Soft, and Content-Fragile Authentication

According to the applications of watermarking schemes, the watermarking schemes fall into three categories: complete, soft, and content-fragile [Dit01][Lin00][Zhu03]. The basic idea of complete authentication, also called fragile watermarking technique [Li04b][Tze03], is to embed sensitive messages into an image, so that any modification of pixels of an image will also alter the embedded watermark. Therefore, this kind of techniques can verify the authenticity of protected image and localize the tampered areas through authenticating the distortions of embedded watermark.

A soft authentication, also called semi-fragile watermarking technique [Tan04b][Ye03], is designed to verify the authenticity of protected image even if the protected image is undergoing incident manipulations, such as lossy compression.

In other words, a semi-fragile watermark is capable of distinguishing incident

manipulations from malicious modifications. Thus, this kind of technique provides a

soft authentication for a protected image. The predefined incident manipulations of watermarking techniques also vary according to applications.

The content-fragile watermarking [Dit99][Liu04] is designed to authenticate multimedia content in a semantic level. In other words, the embedded watermarks are authenticated, only if the viewers still have the identical image impression. A content authentication technique extracts the content features of image, and embeds the content features into the regions of interests by applying robust watermarking schemes. The aim of content-based authentication schemes is to reject all manipulations that modify the contents of interests, and to accept all other manipulations even including perceptible manipulations, such as filtering, color manipulation, geometric distortion, etc.

2.3 Fundamental Requirements of Watermarking Scheme in Image Authentication

The desirable features of watermarking scheme in image authentication can be defined as follows [Lin99][Zha04][Zhu03]:

1. Fragility: When images are protected by embedded watermarks, the embedded watermarks should be sensitive to unauthorized manipulations.

2. Identification of Tampered Regions: If a protected image undergoes unauthorized manipulation, then the tampered areas should be accurately identified in the authentication process.

3. Imperceptibility: The difference between the original image and the watermarked image should not be visually perceptible.

4. Security: It should not be possible to guess or counterfeit the embedded

watermarks without knowing the secure embedding key used in the watermark

insertion process, even if the embedding function is known.

5. Noninvertibility of the Watermark: The embedded watermarks should not be invertible without knowledge of the secure embedding key, even if both the watermark generation function and the embedding function are known.

6. Uniqueness: The embedded watermarks should be strongly dependent on the image content, so that even similar images would result in considerably different watermarks.

7. Blind Extraction: The embedded watermarks in a protected image should be blindly extractable only using the secure detecting key.

8. Color Protection: The watermark algorithm should be extendable to color images with any color alteration accurately identified in the authentication process.

9. Computational Efficiency: The watermark embedding and authentication algorithms should be computationally efficient and not overly complex.

10. Authentication Convenience: Authentication of the watermark should require as little information as possible.

2.4 The Classification of Malicious Attacks

The aim of authentication systems is to identify any unauthorized alteration to protected media. There are four general categories of attack in cryptography:

interruption, interception, modification, and fabrication [Sta02]. As in cryptography, several attacks discussed against watermarking-based authentication systems in literatures [Fri02a][Zha04][Zhu03] try to violate the integrity or authenticity of the protected image without being verified by authentication algorithm. The classifications of malicious attacks are shown as:

1. Undetected modifications: This is an attack on integrity. An unauthorized party

may try to make various changes to the protected media without being detected by the authentication system or not to be detected with a “reasonable” probability.

2. Information leakage: An attacker may try to deduce some private information, such as the watermark positions, deriving portions of look-up tables, or the pairs of authentication keys.

3. Cropping attack: Cropping is probably the simplest form of image manipulation.

The image synchronization is easily destroyed after parts of image are cropped.

The unaltered areas should be still verified when the cropping attack happens.

4. Swapping attack: This is a kind of fabrication attack on authenticity. The unauthorized party may swap pairs of watermarked blocks within a watermarked image or from watermarked images. This attack can be regarded as the insertion of spurious message into a protected image. Supposed block-independent watermarking schemes embed watermarks into non-overlapping blocks using the identical embedding keys, the swapped-watermarked blocks are very hard identified. Thus, it can be seen that swapping attack is successfully against block-independent watermarking scheme.

5. Counterfeiting attack: the attack is proposed by Holliman and Memon [Hol00]

and improved by Fridrich et al. [Fri02b]. It is a kind of fabrication attack and successfully against block-independent watermarking scheme. The concept of counterfeiting attack is shown as Fig. 2.2. The aim of counterfeiting attack is that forging watermarks into an unwatermarked image using a watermarked image database. For example, suppose all images in a database were embedded by block-independence watermarking scheme with the identical secure keys, a watermarked image X ~

in database can be expressed as non-overlapping blocks

X ~ i

X n

X X

X ~

||

...

~ ||

~ ||

~

2

= 1

) , (

||

...

||

) , (

||

) , ( ) ,

( _{1 1 2 2}

2

1

K K n n

K X W X W X W

W

X ε ε ε

ε =

= (2.1)

where K ₁ , K ₂ , …, K _n are embedding keys, W ₁ , W ₂ , …, W _n are the watermarks for each block, and || denotes concatenation. Supposed an unwatermarked image is Y, and it can be divided into the non-overlapping blocks Y _i whose size is identical with watermarked block X _i . The image Y can be expressed as Y = Y ₁ || Y ₂ || ... || Y _n . Supposed each block in image Y is replaced with most similar block in watermarked image database, the replaced image Y can be express as

n

n X X X

Y Y

Y

Y ~

||

...

~ ||

~ ||

|| ~ ...

~ ||

~ ||

~

2 1 2

1 =

= . Supposed the watermarked image database

is large enough, the attacker can construct a counterfeit image with high quality without knowing any information about secure embedding keys.

Watermarked Image Database (with the identical secure keys) New image Y without any watermark

Counterfeiting attack

Fig. 2.2 The general concept for counterfeiting attack

Watermarked image

2.5 Applications of the Fragile Watermarking

Recent developments in fragile watermarking technology have been proposed to assure the authenticity of the digital media data in law, commerce, defence, and journalism [Fri93][Mem98][Min98][Min97][Yeo99]. In this section, we discuss several situations where the fragile watermarking techniques are used to address problems in various situations.

2.5.1 Trustworthy Camera

The Trustworthy camera has been discussed in literatures [Fri93][Mem98] to ensure that an image is not fabricated or edited, and this kind of cameras is implemented [Epson]. Every photograph taken by trustworthy camera is embedded with indelibly invisible watermarks which are composed of the secure information of cameras.

The trustworthy camera with fragile watermarking technique can be applied to electronic commerce. For example, every photograph taken by trustworthy camera has been embedded with indelibly invisible watermarks to protect the integrity of images. A buyer purchased a protected photograph from seller, and received the photograph over communication channel. Supposed the photograph was edited by seller or unauthorized user, the tampered areas are hardly found from normal observation. Because the photograph is taken by trustworthy camera, the authenticity of protected image can be identified through verifying the embedded watermarks which are composed of the secure information of cameras.

The photograph taken by the trustworthy camera can be also exploited in court as

evidence. For example, digital camera is widely used by police to take photographs

of violating traffic regulations because the digital data are easily fabricated or edited.

The authenticity of the photograph is easy to be suspected. Supposed the photograph is taken by trustworthy camera, the integrity of the photograph can be easily confirmed using embedded watermarks. The similar concept is proposed to surveillance system [Min97][Video]. In video surveillance application, such as bank or public places surveillance, all the video streams are embedded with secure watermarks. Supposed an event of criminal offense had been taken by this kind of surveillance systems, the video stream can be used in court as evidence because the authenticity and integrity of video streams can be verified by embedded watermarks.

2.5.2 Digital Repository

Many websites of digital repository had been built to collect media of various subjects. Every user can access those media through the public network. Today, it is still a difficult problem to build a safe environment for websites in a public environment. Supposed the media stored in database were tampered and the tampered media are not pointed out, there will be countless damage. In this situation, the fragile watermarking techniques can be applied to create authenticating mechanisms for digital repository. Furthermore, the authenticity and integrity of media in digital repository can be guaranteed [Min97].

2.5.3 Multimedia Authentication System

In traditional secure communication method, such as SSL, the messages are

delivered between credited sender and receiver. The safe entries of communication

are credited, but the content authentication mechanism over communication channel

is also an import issue. In the literature [Hu03], a double entity authentication

mechanism based on digital signature and content authentication based on fragile

watermarking is achieved. They recommend that fragile watermarking can be used to be the content authentication mechanism over communication channel.

Furthermore, illegal access to system, edition, and forgery of multimedia document can be eliminated in communication channel.

2.5.4 Enhance Error Concealment

A compressed video streams are very sensitive to bit error over error-prone channels. A bit or burst errors in the process of video communication will affect the correct decoding. Now, many error concealment techniques have been proposed to repair a damaged decoded frame, but they are successful depending on correctly locating errors in the bit stream. In literature [Che05], the fragile watermarking applied to facilitate error detection at decoder side had been proposed. By checking the integrity of the watermark in the bit stream, decoder can locate the erroneous accurately. Hence, the error concealment can work much better.

2.5.5 Protect the Relations of Outsourced Databases

Outsourced Database model is increasing interest in many applications. In the outsourced database model, the data owner can be treated as a client, and store their data in service provider as a clients’ database. The service provider hosts clients’

database and offers seamless mechanisms to create, store, update and access their

databases. This outsourced database model introduces several issues related to data

security [Myk04][Sio02][Sio04]. Since service providers may not be trusted, it is

the database owners’ responsibility to ensure the integrity of outsourced data. The

fragile watermarking scheme can be applied to protect database relations [Li04b], so

that any modifications made to a database relation can be not only detected but

localized as well.