International Journal of Computing & Information Sciences Vol.2, No.

1, April 2004 27

A Fragile Watermarking Algorithm

for Content Authentication
Raja’ S. Alomari and Ahmed Al-Jaber
Computer Science Department,
King Abdullah II School for Information Technology,
University Of Jordan,
Amman 11942, Jordan.
raja80@ju.edu.jo jahmed@ju.edu.jo

Abstract: In many multimedia applications, there is a need to authenticate a source that has been subjected to potential
tampering attacks. This application is called Content Authentication. Watermarking is among the emerging fields that are used
in Content Authentication. Fragile Watermarking Algorithms are usually used in building Content Authentication Systems.
This Paper Proposes a Secure Fragile Watermarking Algorithm. This algorithm is an extension of an existing data hiding
scheme which is proposed for binary images by Tseng et al. in [12]. The proposed algorithm shows a very high fidelity and
fragility. Those two properties enabled the applicability of this algorithm for Content Authentication. A Signature is extracted
from each block of the image and is inserted in that block. Extraction of this signature and appropriate parameters for
computation of this signature are studied in this paper. The technique by which this signature is extracted is a modified version
of a signature extraction function proposed in [2]. A detailed study for the applicability of this algorithm for Content
Authentication is done. Experimental results show a very high ability for tamper detection. Many tamper attacks are applied
and analyzed.

Key Words: Content Authentication, Fragile Watermarking, Hash Function, Gray Scale Image, Color Images.

Received: March 06, 2004 | Revised: February 01, 2005 | Accepted: March 01, 2005

image at all. Consider for example an image for a

1 Introduction
Content Authentication is one of the hottest topics of
research these days. Many real applications need
methodology in order to assure that when delivering
something to somewhere, it is delivered as is. The
appropriate methodology should be simple and
secure to assure the authenticity of the work and the
source of the transmitted work.
Two types of Authentication exist: Exact
Authentication and Selective Authentication. Exact
authentication is accomplished by: Fragile
Watermarks, Embedded Signatures, and Erasable
Watermarks. On the other hand, Selective
Authentication is accomplished by semi-fragile
Watermarks, Embedding Semi-fragile Signatures,
and Tell-tale Watermarks [3].
For traditional data authentication, the security
requirement is to reject any message that has been
altered to the slightest degree which is called Exact
Authentication. Some real applications need exact
authentication and do not accept any alteration in the
crime, changing any thing in the image such as a car
number plate may cause suspecting a person other
than the actual criminal [3, 4].
On the other hand, some real applications do not need
exact authentication as above: they only need to
verify some selective places in the work in order to
be authenticated. Those need Selective
Authentication which distinguishes between
malicious and non-malicious attacks, (i.e., it
distinguishes between legal distortions such as: signal
processing operations and illegal distortions such as
changing a person in the image). In general, minor
data alterations may be acceptable if they still
maintain the perceptual quality of the image [20].
Image authentication systems have applicability in:
law, commerce, defense, and journalism. Since
digital images are easy to modify, a secure
authentication system is useful in showing that no
tampering has occurred during situations where the
credibility of an image may be questioned [5].
28 International Journal of Computing & Information Sciences
A fragile watermark is a watermark that is readily
altered or destroyed when the host image is modified
through a linear or non-linear transformation. The
sensitivity of fragile marks to modification leads to
their being used in image authentication. That is, it
may be of interest for parties to verify that an image
has not been: edited, damaged, or altered since it was
marked [20]. A good review of fragile watermarking
algorithms is done in [14].
Fragile watermarking systems are categorized into
two categories according to the working domain.
First, fragile watermarking that works directly in the
spatial domain. Second, fragile watermarking that
works in a transform domain.
Most fragile watermarking systems embed the mark
directly through the spatial domain of a Work, such
as techniques described in [9] and [14]. These
techniques embed the mark in the least significant bit
(LSB) plane for perceptual transparency. Their
significant disadvantages include the ease of
bypassing the security they provide [5] and [9].
Wong [15] described another fragile marking
technique which obtains a digest using a hash
function. The image, image dimensions, and marking
key are hashed during the embedding and are used to
modify the least-significant bit plane of the original
image. This is done in such a way that when the
correct detection side information and unaltered
marked image are provided to the detector, a bi-level
image chosen by the owner (such as a company logo
or insignia), is observed. This technique has
localization properties and can identify regions of
modified pixels within a marked image. The
technique of Yeung and Mintzer [19] is also one
where the correct detection information results in a
bi-level image. However, the embedding technique is
more extensive than inserting a binary value into the
least-significant bit plane. The marking key is used to
generate several pseudo-random look-up tables (one
for each channel or color component) that control
how subsequent modifications of the pixel data will
occur. Then, after the insertion process is completed,
a modified error diffusion process can be used to
spread the effects of altering the pixels making the
mark more difficult to see.
On the other hand, various transformations, such as:
the Discrete Cosine Transform (DCT) and Wavelet
Transforms are used for authentication systems.
Usually those systems are semi-fragile since they are
almost all robust to Lossy Compression. DCT based
watermarking systems are usually robust to Joint
Photographic Experts Group (JPEG) lossy
compression while those work in the Wavelet
Vol 2., No. 1 ,April 2004
Domain are robust to Joint Photographic Experts
Group 2000 (JPEG2000) Lossy Compression.
Wu and Liu described a technique in [16] which is
based on a modified JPEG encoder. The watermark is
inserted - by changing the quantized DCT
coefficients - before entropy coding. A special
lookup table of binary values (whose design is
constrained to ensure mark invisibility) is used to
partition the space of all possible DCT coefficient
values into two sets. The two sets are then used to
modify the image coefficients in order to encode a bi-
level image (such as a logo.) In order to reduce the
blocking effects of altering coefficients, it is
suggested that the DC coefficient - and any
coefficients with low energy - is not marked. Kundur
and Hatzinakos in [8] embed a mark by modifying
the quantization process of the Haar wavelet
transform coefficients. While Xie and Arce in [17]
selectively inserts watermark bits by processing the
image after it is in a compressed form. A wavelet
decomposition of an image contains both frequency
and spatial information about the image hence
watermarks embedded in the wavelet domain have
the advantage of being able to locate and characterize
the tampering of a marked image.
Two types of authentication systems are currently
being investigated: global and local authentication.
As the naming implies, global authentication system
considers the Work as a whole, (i.e., either the Work
is authentic or not). The other type of systems is local,
(i.e., the authentication is based on local regions in
the Work). So the authentication system output the
regions in the work as authentic regions while others
are not [3].
This paper introduces a detailed study of a Content
Authentication System - that is built upon the
proposed fragile watermark. This new proposed
fragile watermarking system is an extension of an
existing secure data hiding scheme technique that is
built on binary images [12]. It is considered as an
excellent data hiding technique for binary image in
terms of similarity and data payload. Kawaguchi and
Eason proposed a data hiding technique in [6] - that
embeds data inside bit planes of the grayscale image
in accordance with the concept of pixel complexity
which can be defined in different ways. The
watermarking system that is proposed in this paper
uses the first bit plane to embed an authentication
signature using the binary image data hiding
technique introduced in [12].
2 Motivation
Content authentication application intends to assure
that the received work is from the authorized source,
and that the work content is identical to the original.
A Fragile Watermarking Algorithm for Content Authentication
The past few years have witnessed an increasing use
of digitally stored information. Since the digital
image is easy to: edit, modify, and exploit - at the
same time, image editing programs are becoming
more powerful so that even an amateur can
maliciously modify digital images and create perfect
forgeries without leaving any trace on the original
image. Techniques to establish the authenticity and
integrity of digital images are essential. Especially
when the work content is used for the content
sensitive fields such as: photojournalism, courtroom
evidence, medical applications, or commercial
transaction - the originator of the content has to be
verified while ensuring the content has not been:
changed, manipulated or falsified [20].
3 Preparations
In this section, some of the necessary concepts and
terminologies used in this paper, as well as, the main
ideas proposed by Tseng et al., [12].
- Definition 1:
Given a cover image C and a message M to be hidden
in C, then private key steganography system can be
defined as:
Fe: M× K → C, Such that Fe (C,M,K) = C'
And
Fr( Fe (C,M,K,), K) = Fr (C', K)
Where K is a secret key, Fe is the embedding
function, Fr is the extracting function, and C' is the
stego-image. This means, that the message M can be
embedded in C by the function Fe to generate the
stego-image C', and the embedded message can be
extracted by the extracting function Fr from C'.
A scheme were proposed by Tseng et al., [12] to hide
data in a binary image called CPT. This scheme can
be summarized in the following algorithm:
- CPT Algorithm
C: is a cover image partitioned into blocks of size
m∗n{ C1,…, Cy}
K: is a random binary block of size m∗n.
W: is a weight matrix of size m∗n, where {Wi,j, i =1..
m, j = 1..n } = 1...2r–1, 1...2r-1 ,.. L, L ≤ 2r-1
R: is the number of bits to be embedded in one block;
note that r ≤ log(mn+1) 
Begin
Step1: FOR each collection of bits b1..br to be
embedded in block Ci
Do the following.
Step2: Calculate Ci ⊕ K, where ⊕ is the exclusive
OR
29
Step3: Let H= SUM ((Ci⊕K)⊗W) where ⊗ is the
pair-wise multiplication of two matrixes of
equal size.
Step4: For each w, w =1,…, 2r-1 Let Sw= {(j, k);
(Wj.k = w and [Ci ⊕K]j,k= 0 } OR (Wj,k =
2r-w and [Ci ⊕ K]=1)}
Step5: let d = b1.. br - H mod 2r
Step6: IF d = 0 there is no change in Ci Else
a) Randomly select h∈{0,1, …,2r-1} such
that Shd ≠ φ and S-(h-1)d ≠ φ.
b) Randomly select (j,k)∈ Shd and
complement the bit [Ci]j.k
c) Randomly select (j,k)∈ S-(h-1)d and
complement the bit (Ci)j,k.
(Note if So is encountered then skip
this step)
EndElse
END. (Embedding)
In this scheme, at most two bits can be modified in
each host block; there is no control on the quality of
the stego-Image. This scheme does not take in
consideration the set of all neighbors of the modified
bit. In the development of the new scheme the set of
neighbors of the modified bit will be taken in
consideration. This describes the achievement in this
paper.
- Output
I’: the Watermarked Image.
- Note:
• The Proposed Fragile Algorithm – which will be
used in the Content Authentication System – uses
the first bit plane of the image to embed a
signature – which is extracted from the image
itself – using the CPT algorithm.
• Each block Ii is embeddable: There isn't any
need to check for embedability of the block since
the first bit plane of a gray scale - or a color
image - is not noticeable by the human eye.
(Human Visual System). Tseng et al.[12] in the
results of their experiments avoided embedding
in white (all pixels are Ones) and black (all pixels
are Zeros) since any change would be noticed.
This is not considered here in order to
accomplish the task of Content Authentication.
• For simplicity of implementation assume the
following:
• Block Size is equal for all blocks (Ii) of the
Image I.
• Image’s Blocks are squares.
• Dimensions of Image I (Width, Height) are
multiples of Block Size.
30 International Journal of Computing & Information Sciences Vol 2., No. 1 ,April 2004

4 Mathematical Example
In this section, a mathematical example of the
proposed algorithm - which will be used in the
Content Authentication System - is illustrated in
order to reveal any ambiguity in the formal modeling
of the algorithm presented in the previous section. In
this example, some cases will be discussed. The
embedding would only be in the first bit plane of the
image. Now, consider the following values of the
required parameters.

Let I be the Original un-watermarked Image as

shown in table 1. The shading of the image is
intended only for easily distinguishing the blocks.
Numbering convention of the blocks starts from the
left upper corner, so there is only six blocks I1, I2, I3,
I4, I5, and I6.

Let BlockSize = 4.
The number of bits that maximally can be embedded
is  log2 BlokSize x BlockSize + 1 . Which is 4.
Let the message which embeds M be 111011010101
Let K be defined as in table 2.
Let W be defined as in table 3.

 Embedding Process
• Table 4: shows the first bit Plane.
• Table 5: shows (h = I ⊕ K).
• Table 6: shows (h ⊗ W)
• Table 7: shows The Result After Complementing
some bits
• Table 8: shows the watermarked image.

 Extraction Process
• Table 8: shows the watermarked image.
• Table 7: shows the first bit plane from the
watermarked image.
• Table 9: shows h = I' ⊕ K
• Table 10: shows h ⊗ W
• For each Block in table 10 take the sum and find
the modulation to 24
• Concatenate the results to build the message.
• Extracted message is 111011010101.
A Fragile Watermarking Algorithm for Content Authentication
5 Content Authentication System
Any Content Authentication System consists mainly
of three parts. Some differences exist between
Content Authentication Systems - but the general
framework of any Content Authentication System
can be divided into [20]:
The generating function - (fg) - of the watermark
Work (W) is to be added to the host Work. Typically,
the watermark signal depends on a key (K). The
watermark information (i) is shown in Equation 1.
W = fg (i, K) …………………. Equation (1)
It may also depend on the host data, I, into which it is
embedded. As shown in equation 2.
W = fg (i, K, I) ………….…… Equation (2)
A hash function is usually used as a generating
function. A hash function is a function that accepts a
variable size message M as input and produces a
fixed size message digest H (M) as output [7].
The embedding (Encoding) function, (E),
incorporates the watermark signal, W, into the host
data, (I), yielding the watermarked data I'. Typically,
the watermark signal depends on a key, K
I' = E (I, W, K) ……………… Equation (3)
The extracting (Decoding) function (Authenticator),
D, which recovers the watermark information, W',
from the received watermarked data, (I').
W' = D (I', K) ………….…… Equation (4)
31
5.1 Watermark-Generating Function
The watermark generating function is usually a hash
function which is a function that accepts a variable
size variable and produces a fixed size value. A hash
function, such as MD5 [10], produces: a one-way
message digest; a fingerprint of a file, message, or
any other block of data. The hash based Message
Authentication Code 2 (MAC2) [7] encrypts the hash
value of the message with a secret key which is
shared by the sender and the receiver.
In the literature, there is a variety of generating
functions that are used in content authentication.
Yueng in [18] embeds a binary logo of the same size
as the host image - by means of a key dependent
Look-Up Table (LUT) - that maps every possible
pixel luminance value to either 0 or 1. The watermark
is inserted by adjusting the Least Significant Bit
(LSB) value of each image pixel in the spatial
domain in order to match its corresponding LUT
value. At the receiving side, the LUT can be
reconstructed due to the knowledge of the secret key.
The integrity verification can be performed either by
a simple visual inspection of the extracted mark, or
by an automated comparison with the original one.
The watermarking is very sensitive to any distortion
on the image - but it is very vulnerable to block
analysis attacks. Fridrich and Baldoza in [5]
improved the algorithm in Yueng by using a 64 x 64
block cipher instead of LUT. - The watermark is
embedded in a 32 x 32 block. Other algorithms can
be found in [19 and 20].
The Content Authentication System which is
implemented for this paper uses a version of hashing
function introduced by Barreto and Kim [2] - that is
called HBC2: a deep discussion of its robustness to
attacks - that are intended for the watermark itself - is
done in [2]. Equation 6 shows the HBC2 hash value.
Ht = H (M, N, Zt*, Z(t-1) mod n, t, St-1) … Equation (5)
Such that Ht: refers to the signature of a current block
(which is to be extracted). M and N are the
dimensions of the image. Zt, Z(t-1) mod n are values that
represent the current (t) block pixels' values - and the
previous block pixels' values, respectively. Zt that is
used in the implementation represents the summation
of pixels in block t. n is the number of blocks in the
image. t is the block number. St–1 is the
nondeterministic signature of block Zt–1 which is a
non-deterministic parameter. An image Identification
number (ID) was used in the implementation of the
proposed Content Authentication System. A hashing
key is added to the hash value in order to increase the
security and robustness to some attacks.
32 International Journal of Computing & Information Sciences Vol 2., No. 1 ,April 2004

The steps of watermark (signature) generation is

implemented by finding both the sum of the
parameters and then finding the modulation of the
resulting sum to 256 - in order to have a fixed length
value with 8-bits. Then, the Embedding of those 8-
bits which corresponds to each block is done by using
the proposed embedding technique. This
implementation is chosen only for simplicity.

5.2 Embedder and Authenticator

The second and third parts of the proposed Content
Authentication System are related - since they are the
two main parts of the watermarking algorithm that is
proposed in section 3. A mathematical example that
illustrates the process of embedding and extraction
was introduced in section 4. The only difference that
should be noticed is that the extractor is renamed as
authenticator, (i.e., a slight difference is applied on
the purpose of using it,) - thus the output from it.

Simply, the authenticator should input the received

watermarked image that is to be verified. The output
is the same image - but with regions marked as
inauthentic. Figures 1 and 2 show the work flow of
the embedder and the authenticator used in the
system.

6 Experimental Study
This section introduces experimental results for the
proposed algorithm to be used as a fragile
watermarking algorithm. A benchmark Image is
being watermarked using the proposed algorithm (as
shown in figures 3 and 4). Figure 3 shows the fruit
image (128 x 128) - with 10,000 characters
embedded as a hidden message. The experimental
study embeds the message in the lowest two bit
planes. With a 4 x 4 block size; 8 bits per 16 pixels
can be hidden. Which is a reasonable high payload
compared to existing known algorithms.

Figure 4 shows the same image (256 x 256) with

20,000 characters that are embedded. Tables 11 and
12 show the results of experiments applied to both
images with different message size. The results are in
terms of three similarity measures: Mean Square
Error (MSE), Peak to Signal Ratio (PSNR), and
Correlation. Those are given by the equations 6, 7,
and 8 respectively.
A Fragile Watermarking Algorithm for Content Authentication 33

makes very slight modifications on the pixels. For

example, to embed 4 bits in a 4 x 4 block it is
required to modify at most 2 bits from the LSB.

On the other hand, time efficiency is the risk. The

embedding process which uses the proposed scheme
in this paper consumes much time - but it is still
reasonable. Time complexity is not a critical issue in
this algorithm. Instead security is more of a concern.
This is also clear result - since there is a risk of time
being added for the bit-plane extraction process and
the bit-plane replacing process.

7 Analysis of the Content

Authentication System
This section will discuss the proposed Content
 1 X Y Authentication System in terms of the Content
MSE =  ∑ ∑ ( I ( x, y) − I ' ( x, y)) 2

 X * Y  x =1 y =1 ….. Equation (6) Authentication System's properties, as well as,

attacks that are known against the Content
Where X, Y are the dimensions of the image. I and I’ Authentication System.
are the original and the watermarked image
respectively.
255 2
PSNR = 10 log10 …………………… Equation (7)
MSE

Where MSE is the Mean Square Error.

X Y

∑ ∑ I ' ( x, y ) × I ( x, y ) ……... Equation (8)

x =1 y =1
Correlatio n = X Y

∑ ∑ I ' ( x, y )
x =1 y =1
2

Where X, Y are the dimensions of the image. I and I’

are the original and the watermarked image
respectively.
It is worth mentioning here that this watermarking
scheme is much better in terms of similarity (Human
Visual System) - than many existing techniques. This
is a clear result - because the embedding technique
 Detect Tampering
A fragile marking system should detect (with high
probability) any tampering in a marked image. In
many applications it is also desirable to provide an
indication of how much alteration or damage has
occurred - and where it is located. In the fragile
embedding algorithm - used in proposed Content
Authentication System – detecting tampering
property is of a very high level. If any changes occur
in the image after marking it - even a one bit change -
it will surely change the value of the signature (if the
change occurs in the 7 most significant bits) - or the
embedded signature (if the change occurs in the first
bit plane). If either value is changed then the system
will mark that block and the dependent block - as
inauthentic. Figures 5, 6, 7, and 8 show a scenario of
adding the value 256 to two randomly selected pixels.
Note that the Hash key was the reason why such an
attack is detected. Note also that the blocks, as well
as, dependent blocks are marked as inauthentic with
the shape (X).
34 International Journal of Computing & Information Sciences
 Perceptual Transparency
This property refers to that an embedded watermark
should not be visible - under normal observation - or
interfere with the functionality of the image. The
embedding algorithm that is used in the content
authentication system is of a very high quality in
terms of transparency when it is compared to existing
watermarking techniques. Tables 11 and 12 show
how transparent the embedding algorithm is.
 Detection Should Not Require The
Original Image
This property means that the detection
(authentication) should be blind. The proposed
system is blind, (i.e., does not need the original image
to verify the authenticity of the watermarked image).
 Detector Should Be Able To Locate And
Characterize Alterations Made To A
Marked Image
This property refers to the ability to locate spatial
regions within an altered image which are either
authentic or corrupted. The detector (authenticator)
used in the proposed system locates the place of any
forgery (attack) that may corrupt the image. The
block size is the tampering unit. That is, if a pixel is
corrupted by any attack, then two blocks would be
marked as inauthentic, the one that includes the pixel
itself (Zt) and the one that is a dependent of this block
(Z(t-1 mod n)).
Vol 2., No. 1 ,April 2004
Note that by increasing the block size, the resolution
of authentication would be less, - and vice versa, (i.e.,
by decreasing the block size, the resolution would be
higher). The argument that what it is preferable is a
trade off. Despite decreasing the block size would
increase authenticity resolution, the hash value would
be smaller, and this is not a desirable property since
the number of collisions would increase.
 The Marking Key Spaces Should Be Large
This property aims at: accommodating many users,
and hindering the exhaustive search for a particular
marking key - even if hostile parties are somehow
able to obtain both an unmarked and marked versions
of a particular image.
The proposed system has four key-like data structures
for the embedding process, as well as, for the
authentication process. Two are related to the
signature extraction from the block pixels themselves
(Key and Weight) - and the other two are related to
the embedding/extraction process of the signature in
the LSB (HKey and ID).
The proposed system has the Key with a 16 x 16
binary values The number of different keys that may
be chosen from is 2256, (i.e., a bout. 1077). Note that it
is a very huge number of selections. In order to
examine an exhaustive search for a key in this space,
the probability of finding the key is about 8 * 10-78.
Further, the weight matrix is 16 x 16 decimal values.
Because those decimal values are constrained by two
conditions, the number of selections available will be
carefully calculated as follows: the weight matrix can
take the values from 0 to 216-1 = 255. And at the
same time, all the values in the range should exist in
the matrix. The matrix is 16 x 16 - thus there are 256
places. Filling those places in a probability, point of
view, can be achieved by filling: the first place with
256 selection [0, 255]; the second place with
probability 255 selection (with the number chosen in
the first place removed); the third place with
probability 254 selection (with the number chosen in
the first and second place removed); - and so on.
Note that the last place has a number of selection =
256, since at that time all the values in the range (0 –
255) should exist in the matrix. Thus the number of
selections to construct the weight matrix is 256 x 255
x 254 x .. x 1 x 256 - which is equal to factorial(256)
x 256. It is a very huge number. In order to imagine
this number, the MATLAB 6.5 can give an answer to
factorial (170) - which is (7 * 10306) - After this value,
it gives infinity indicator.
From the above analysis of the keys space (key,
weight) the reader should conclude: how impossible
A Fragile Watermarking Algorithm for Content Authentication
it is to search the key alone and the weight matrix
alone. Searching the key and the weight space at the
same time would be an exponential problem.
On the other hand, the two key like data structures
that are related to hashing value extraction are the
key and the Image ID. The key is an 8-bits value -
thus its space is 28 = 256. It is not a huge space. The
Image ID is the value that should compensate the
constrained space of the key. The Image ID should be
large enough to accommodate the purpose of its
existence. Each image that is proposed to the system
should have a uniquely identifying value - thus
choosing the length of the Image ID is application
dependent. It should be large enough to
accommodate the number of images that may be
subjected to the system. Without mathematical
calculations the searching space is very huge.
 The Marking Key Should Be Difficult To
Deduce From The Detection Side
Information
This property is particularly important in systems that
have distinct marking and detection keys. The
proposed Content Authentication System uses only
private keys, so this property is not of concern for the
proposed system.
8 Attacks Analysis
This section will study the effect of the known
attacks that may be subjected to the watermarking
technique. Attacks that may subject the hashing value
generator such as the counterfeiting attacks, birthday
attack, and transplantation attacks are discussed in [2].
 Blind Modification
Arbitrarily change the marked image by assuming
that no mark exists. Those include: cropping, and
localized replacement (such as substituting one
person’s face with another.) The latter type of
modification is a significant reason why an
application may want to be able to indicate the
damaged regions within an altered image. The
35
localized replacement attack is simple and easy to be
detected since the proposed system is localized.
Figure 9 reveals a scenario of changing critical
information of an image. Note that the images used in
this scenario are color images.
 Modify The Marked Image Itself Without
Affecting The Embedded Mark Or
Creating A New Mark That The Detector
Accepts As Authentic
Embedding a new mark is possible, if there is the key,
weight, hash key, and image ID. Deducing all those
key-like structures is impossible. Thus, the attacker
can not: modify the marked image as he wants or
create a new mark as he wants until he knows all the
four keys. Some weak fragile marks easily detect
random changes to an image but may fail to detect a
carefully constructed modification. An example is a
fragile mark embedded in the least-significant bit
plane of an image. An attempt to modify the image
without realizing that a mark is expressed in the Least
Significant Bits is very likely to disturb the mark and
be detected. However, an attacker that may attempt to
modify the image without disturbing any Least
Significant Bits or substitute a new set of Least
Significant Bits on a modified image that the detector
classifies as authentic. Note that this attack is not
applicable for the proposed system. Since changing
the embedded mark should be done on both the 7
most significant bits of pixels and on the LSB at the
same time.
 Completely Removing The Mark
It is clear that if an attacker tries to remove the mark,
(for example, by addition of noise to each block, or
making the mark undetectable somehow), that would
be a very silly attack since the authenticator will
simply be saying "Inauthentic Image." It will be a
useless image.
 Deduction Of Marking Key
An attacker may also attempt the deduction of the
marking key which is used to generate the mark. The
36 International Journal of Computing & Information Sciences
marking key is intimately associated with an
embedded mark. So if it is possible to isolate the
mark, the attacker can study it in order to deduce the
key (or reduce the search space for the marking key).
Once the key is deduced, the attacker can then forge
the mark into any arbitrary image.
The last sentence is true. If an attacker knew the
marking keys, it would be very easy to forge an
authenticated image - provided he knew the hashing
value extraction technique and the embedding
technique. But still, how will the attacker know the
keys. Section 7 shows how possible to know the keys
which are necessary for marking. I think that the only
way to know the keys is to contact either the
embedder party or the authenticator, and beg him for
the keys!
9 Conclusion and Future Work
Experimental results showed an excellent
watermarking algorithm in terms of fragile
watermarking properties. This algorithm enables a
high data payload and high transparency at the same
time when compared to existing fragile systems.
Attack analysis is also provided to study the
robustness of the system against known attacks that
may subject fragile watermarking systems.
This paper proposes a fragile watermarking technique
and studies this technique for Content Authentication
as one of the most important watermarking
applications. The proposed Content Authentication
System uses a watermarking algorithm that has a
high level of fragility. This property gives the system
a very high ability to discover any alteration has
occurred to the Work since the watermark embedding.
From the study of the proposed watermarking
algorithm and the Content Authentication System,
some conclusions can be drawn as follows:
 Exact Content Authentication needs fragile
watermarking algorithms, the more fragility of
the algorithm, the more ability to detect
tampering in the watermarked Work.
 The proposed watermarking algorithm shows a
very high data payload to fidelity trade-off when
compared to existing watermarking algorithms. It
is a logical consequence since at most two bits
are flipped when embedding number of bits equal
to log (blocksize), e.g., to embed 4 bits in 4 x 4
pixels block, at most, two bits are flipped.
 The proposed Content Authentication System is
sensitive to any tampering that may occur to the
watermarked image. The ability of this system
for tamper detection comes from two sides; the
hashing function that is used and the
watermarking algorithm that it uses.
Vol 2., No. 1 ,April 2004
 The Proposed Content Authentication has a very
high level of security; this is accomplished due
the existence of the weight and key matrices used
in the embedding algorithm, as well as, the hash
key and the image identification used in the
hashing function.
 The proposed system is recommended to
applications that need an exact authentication of
images with a very high level of security. Law,
commerce, defense, and journalism are
recommended applications.
Recommended future work that may be done to the
first proposed algorithm can be summarized as
follows:
 For applications that need the original image to
be authenticated rather than the watermarked
image, more investigation should be done on the
first bit plane. Authenticating of the original first
bit plane may need recovering the original bits of
the first bit plane. More investigation on the
erasable (invertible) watermarks would be
helpful in accomplishing this task.
 More investigation on the hashing value extractor
is recommended; which variables to include in
the calculation of the hash value, and what
operations should be applied to those variables to
produce the hash value.
 Dedication of the proposed system to some
application needs more study for the environment
of that application, e.g., using the proposed
system in journalism needs to investigate what
are the major issues to concentrate on, when
using the proposed system.
10 References
[1] Alomari, Raja', and Al-Jaber, Ahmed. "A
Robust Watermarking Algorithm for Copyright
Protection." The 3rd ACS/IEEE Conference on
Computer Systems and Applications, Cairo,
Eqypt, Jan 2005.
[2] Barreto, P., and Kim H., "Pitfalls In Public Key
Watermarking," Proceedings of Sibgrapi-
Brazilian Symposium on Computer Graphics
and Image Processing, pp. 241-242, 1999.
[3] Cox J., Miller L., Bloom A., Digital
Watermarking, Morgan Kaufmann Publishers,
USA, 2002.
[4] Cox J., Miller L., "The First 50 Years of
Electronic Watermarking", EURASIP J. of
Applied Signal Processing, vol. 2, pp. 126-132,
2002.
A Fragile Watermarking Algorithm for Content Authentication 37

[5] Fridrich M., and Baldoza A., "New Fragile

Authentication Watermark For Images." [17] Xie L., and Arce G., “Joint Wavelet
ICIP'2000, Vancouver, Canada (2000). Compression And Authentication
[6] Kawaguchi E., and Eason R., “Principle And Watermarking,” Proceedings of the IEEE
Applications Of BPCS-Steganography,” International Conference on Image Processing,
Proceedings of SPIE (3528), Multimedia vol. 2, pp. 427-431, 1998.
satellite networks: issues and challenges, pp.
464-473, 1999. [18] Yeung C., "An Invisible Watermarking
[7] Krawczyk M., and Canetti R., "HMAC: Keyed Technique For Image Verification," Proc. of
Hashing For Message Authentication," Internet ICIP, pp. 680-683, 1997.
Request for Comments, RFC 2104, 1997.
[19] Yeung M., and Mintzer F., “Invisible
[8] Kundur D., and Hatzinakos D., “Towards A Watermarking For Image Verification,” Journal
Telltale Watermarking Technique For Tamper- of Electronic Imaging, vol. 7, no. 3, pp. 578-
Proofing,” Proceedings of the IEEE 591, 1998.
International Conference on Image Processing,
vol. 2, pp. 409-413, 1998. [20] Zaho Y., “Dual Domain Semi-Fragile
Watermarking For Image Authentication,”
[9] Lin E., and Delp E., “A Review Of Fragile Master Thesis, University of Toronto, 2003.
Image Watermarks.” Proc. of the Multimedia
and Security Workshop (ACM Multimedia '99),
pp. 25-29, 1999.
Raja' S. Alomari a PhD
[10] Rivest R., "The MD4 Message-Digest candidate at computer
Algorithm." Corporation for National Research science dept - Wayne Sate
Initiatives, Internet Engineering Task Force, University. He was a
Network Working Group, Reston, Virginia, teaching assistant at
USA, 1992. computer information
systems department, King
[11] Schyndel R., Tirkel A., and Osborne, C., “A Abdullah II School for
Digital Watermark,” Proceedings of the IEEE Information Technology,
International Conference on Image Processing, University of Jordan. Research Interests are in the
vol. 2, pp. 86-90, 1994. fields of Watermarking, Image Processing, Machine
Learning, and Evolutionary Computation.
[12] Tseng Y., Chen Y., and Pan H., "A Secure
Data Hiding Scheme for Binary Images," IEEE
Transactions On Communications, vol. 50, no. Ahmed Al-Jaber Professor
8, pp. 1227-1231, 2002. in the Computer Science
Department, King Abdullah II
[13] Tseng Y., and Pan H., "Secure And Invisible School for Information
Data Hiding In 2-Color Images," in Technology, University of
Proceedings of IEEE INFOCOM 2001, pp. Jordan. Research Interests are
887-896, 2001. in the fields of Steganography,
Watermarking, and
[14] Walton S., “Information Authentication For A Algorithms.
Slippery New Age,” Dr. Dobbs Journal, vol. 20,
no.4, pp. 18-26, 1995.

[15] Wong P., “A Watermark For Image Integrity

And Ownership Verification,” Final Program
and Proceedings of the IS&T PICS 99, pp. 374-
379, 1999.

[16] Wu M., and Liu B., “Watermarking For Image

Authentication,” Proceedings of the IEEE
International Conference on Image Processing,
vol. 2, pp. 437-441, 1998.