Professional Documents
Culture Documents
1, April 2004 27
Abstract: In many multimedia applications, there is a need to authenticate a source that has been subjected to potential
tampering attacks. This application is called Content Authentication. Watermarking is among the emerging fields that are used
in Content Authentication. Fragile Watermarking Algorithms are usually used in building Content Authentication Systems.
This Paper Proposes a Secure Fragile Watermarking Algorithm. This algorithm is an extension of an existing data hiding
scheme which is proposed for binary images by Tseng et al. in [12]. The proposed algorithm shows a very high fidelity and
fragility. Those two properties enabled the applicability of this algorithm for Content Authentication. A Signature is extracted
from each block of the image and is inserted in that block. Extraction of this signature and appropriate parameters for
computation of this signature are studied in this paper. The technique by which this signature is extracted is a modified version
of a signature extraction function proposed in [2]. A detailed study for the applicability of this algorithm for Content
Authentication is done. Experimental results show a very high ability for tamper detection. Many tamper attacks are applied
and analyzed.
Key Words: Content Authentication, Fragile Watermarking, Hash Function, Gray Scale Image, Color Images.
Received: March 06, 2004 | Revised: February 01, 2005 | Accepted: March 01, 2005
A fragile watermark is a watermark that is readily Domain are robust to Joint Photographic Experts
altered or destroyed when the host image is modified Group 2000 (JPEG2000) Lossy Compression.
through a linear or non-linear transformation. The Wu and Liu described a technique in [16] which is
sensitivity of fragile marks to modification leads to based on a modified JPEG encoder. The watermark is
their being used in image authentication. That is, it inserted - by changing the quantized DCT
may be of interest for parties to verify that an image coefficients - before entropy coding. A special
has not been: edited, damaged, or altered since it was lookup table of binary values (whose design is
marked [20]. A good review of fragile watermarking constrained to ensure mark invisibility) is used to
algorithms is done in [14]. partition the space of all possible DCT coefficient
values into two sets. The two sets are then used to
Fragile watermarking systems are categorized into modify the image coefficients in order to encode a bi-
two categories according to the working domain. level image (such as a logo.) In order to reduce the
First, fragile watermarking that works directly in the blocking effects of altering coefficients, it is
spatial domain. Second, fragile watermarking that suggested that the DC coefficient - and any
works in a transform domain. coefficients with low energy - is not marked. Kundur
and Hatzinakos in [8] embed a mark by modifying
Most fragile watermarking systems embed the mark the quantization process of the Haar wavelet
directly through the spatial domain of a Work, such transform coefficients. While Xie and Arce in [17]
as techniques described in [9] and [14]. These selectively inserts watermark bits by processing the
techniques embed the mark in the least significant bit image after it is in a compressed form. A wavelet
(LSB) plane for perceptual transparency. Their decomposition of an image contains both frequency
significant disadvantages include the ease of and spatial information about the image hence
bypassing the security they provide [5] and [9]. watermarks embedded in the wavelet domain have
the advantage of being able to locate and characterize
Wong [15] described another fragile marking the tampering of a marked image.
technique which obtains a digest using a hash
function. The image, image dimensions, and marking Two types of authentication systems are currently
key are hashed during the embedding and are used to being investigated: global and local authentication.
modify the least-significant bit plane of the original As the naming implies, global authentication system
image. This is done in such a way that when the considers the Work as a whole, (i.e., either the Work
correct detection side information and unaltered is authentic or not). The other type of systems is local,
marked image are provided to the detector, a bi-level (i.e., the authentication is based on local regions in
image chosen by the owner (such as a company logo the Work). So the authentication system output the
or insignia), is observed. This technique has regions in the work as authentic regions while others
localization properties and can identify regions of are not [3].
modified pixels within a marked image. The
technique of Yeung and Mintzer [19] is also one This paper introduces a detailed study of a Content
where the correct detection information results in a Authentication System - that is built upon the
bi-level image. However, the embedding technique is proposed fragile watermark. This new proposed
more extensive than inserting a binary value into the fragile watermarking system is an extension of an
least-significant bit plane. The marking key is used to existing secure data hiding scheme technique that is
generate several pseudo-random look-up tables (one built on binary images [12]. It is considered as an
for each channel or color component) that control excellent data hiding technique for binary image in
how subsequent modifications of the pixel data will terms of similarity and data payload. Kawaguchi and
occur. Then, after the insertion process is completed, Eason proposed a data hiding technique in [6] - that
a modified error diffusion process can be used to embeds data inside bit planes of the grayscale image
spread the effects of altering the pixels making the in accordance with the concept of pixel complexity
mark more difficult to see. which can be defined in different ways. The
watermarking system that is proposed in this paper
On the other hand, various transformations, such as: uses the first bit plane to embed an authentication
the Discrete Cosine Transform (DCT) and Wavelet signature using the binary image data hiding
Transforms are used for authentication systems. technique introduced in [12].
Usually those systems are semi-fragile since they are
almost all robust to Lossy Compression. DCT based 2 Motivation
watermarking systems are usually robust to Joint Content authentication application intends to assure
Photographic Experts Group (JPEG) lossy that the received work is from the authorized source,
compression while those work in the Wavelet and that the work content is identical to the original.
A Fragile Watermarking Algorithm for Content Authentication 29
The past few years have witnessed an increasing use Step3: Let H= SUM ((Ci⊕K)⊗W) where ⊗ is the
of digitally stored information. Since the digital pair-wise multiplication of two matrixes of
image is easy to: edit, modify, and exploit - at the equal size.
same time, image editing programs are becoming Step4: For each w, w =1,…, 2r-1 Let Sw= {(j, k);
more powerful so that even an amateur can (Wj.k = w and [Ci ⊕K]j,k= 0 } OR (Wj,k =
maliciously modify digital images and create perfect 2r-w and [Ci ⊕ K]=1)}
forgeries without leaving any trace on the original Step5: let d = b1.. br - H mod 2r
image. Techniques to establish the authenticity and Step6: IF d = 0 there is no change in Ci Else
integrity of digital images are essential. Especially a) Randomly select h∈{0,1, …,2r-1} such
when the work content is used for the content that Shd ≠ φ and S-(h-1)d ≠ φ.
sensitive fields such as: photojournalism, courtroom b) Randomly select (j,k)∈ Shd and
evidence, medical applications, or commercial complement the bit [Ci]j.k
transaction - the originator of the content has to be
c) Randomly select (j,k)∈ S-(h-1)d and
verified while ensuring the content has not been:
complement the bit (Ci)j,k.
changed, manipulated or falsified [20].
(Note if So is encountered then skip
this step)
3 Preparations EndElse
In this section, some of the necessary concepts and END. (Embedding)
terminologies used in this paper, as well as, the main
ideas proposed by Tseng et al., [12]. In this scheme, at most two bits can be modified in
each host block; there is no control on the quality of
- Definition 1: the stego-Image. This scheme does not take in
Given a cover image C and a message M to be hidden consideration the set of all neighbors of the modified
in C, then private key steganography system can be bit. In the development of the new scheme the set of
defined as: neighbors of the modified bit will be taken in
Fe: M× K → C, Such that Fe (C,M,K) = C' consideration. This describes the achievement in this
And paper.
Fr( Fe (C,M,K,), K) = Fr (C', K)
- Output
Where K is a secret key, Fe is the embedding I’: the Watermarked Image.
function, Fr is the extracting function, and C' is the
stego-image. This means, that the message M can be - Note:
embedded in C by the function Fe to generate the • The Proposed Fragile Algorithm – which will be
stego-image C', and the embedded message can be used in the Content Authentication System – uses
extracted by the extracting function Fr from C'. the first bit plane of the image to embed a
signature – which is extracted from the image
A scheme were proposed by Tseng et al., [12] to hide itself – using the CPT algorithm.
data in a binary image called CPT. This scheme can • Each block Ii is embeddable: There isn't any
be summarized in the following algorithm: need to check for embedability of the block since
the first bit plane of a gray scale - or a color
- CPT Algorithm image - is not noticeable by the human eye.
C: is a cover image partitioned into blocks of size (Human Visual System). Tseng et al.[12] in the
m∗n{ C1,…, Cy} results of their experiments avoided embedding
K: is a random binary block of size m∗n. in white (all pixels are Ones) and black (all pixels
W: is a weight matrix of size m∗n, where {Wi,j, i =1.. are Zeros) since any change would be noticed.
m, j = 1..n } = 1...2r–1, 1...2r-1 ,.. L, L ≤ 2r-1 This is not considered here in order to
R: is the number of bits to be embedded in one block; accomplish the task of Content Authentication.
note that r ≤ log(mn+1) • For simplicity of implementation assume the
following:
Begin • Block Size is equal for all blocks (Ii) of the
Step1: FOR each collection of bits b1..br to be Image I.
embedded in block Ci • Image’s Blocks are squares.
Do the following. • Dimensions of Image I (Width, Height) are
Step2: Calculate Ci ⊕ K, where ⊕ is the exclusive multiples of Block Size.
OR
30 International Journal of Computing & Information Sciences Vol 2., No. 1 ,April 2004
4 Mathematical Example
In this section, a mathematical example of the
proposed algorithm - which will be used in the
Content Authentication System - is illustrated in
order to reveal any ambiguity in the formal modeling
of the algorithm presented in the previous section. In
this example, some cases will be discussed. The
embedding would only be in the first bit plane of the
image. Now, consider the following values of the
required parameters.
Let BlockSize = 4.
The number of bits that maximally can be embedded
is log2 BlokSize x BlockSize + 1 . Which is 4.
Let the message which embeds M be 111011010101
Let K be defined as in table 2.
Let W be defined as in table 3.
Embedding Process
• Table 4: shows the first bit Plane.
• Table 5: shows (h = I ⊕ K).
• Table 6: shows (h ⊗ W)
• Table 7: shows The Result After Complementing
some bits
• Table 8: shows the watermarked image.
Extraction Process
• Table 8: shows the watermarked image.
• Table 7: shows the first bit plane from the
watermarked image.
• Table 9: shows h = I' ⊕ K
• Table 10: shows h ⊗ W
• For each Block in table 10 take the sum and find
the modulation to 24
• Concatenate the results to build the message.
• Extracted message is 111011010101.
A Fragile Watermarking Algorithm for Content Authentication 31
6 Experimental Study
This section introduces experimental results for the
proposed algorithm to be used as a fragile
watermarking algorithm. A benchmark Image is
being watermarked using the proposed algorithm (as
shown in figures 3 and 4). Figure 3 shows the fruit
image (128 x 128) - with 10,000 characters
embedded as a hidden message. The experimental
study embeds the message in the lowest two bit
planes. With a 4 x 4 block size; 8 bits per 16 pixels
can be hidden. Which is a reasonable high payload
compared to existing known algorithms.
∑ ∑ I ' ( x, y )
x =1 y =1
2
Perceptual Transparency Note that by increasing the block size, the resolution
This property refers to that an embedded watermark of authentication would be less, - and vice versa, (i.e.,
should not be visible - under normal observation - or by decreasing the block size, the resolution would be
interfere with the functionality of the image. The higher). The argument that what it is preferable is a
embedding algorithm that is used in the content trade off. Despite decreasing the block size would
authentication system is of a very high quality in increase authenticity resolution, the hash value would
terms of transparency when it is compared to existing be smaller, and this is not a desirable property since
watermarking techniques. Tables 11 and 12 show the number of collisions would increase.
how transparent the embedding algorithm is.
The Marking Key Spaces Should Be Large
This property aims at: accommodating many users,
and hindering the exhaustive search for a particular
marking key - even if hostile parties are somehow
able to obtain both an unmarked and marked versions
of a particular image.
it is to search the key alone and the weight matrix localized replacement attack is simple and easy to be
alone. Searching the key and the weight space at the detected since the proposed system is localized.
same time would be an exponential problem. Figure 9 reveals a scenario of changing critical
information of an image. Note that the images used in
On the other hand, the two key like data structures this scenario are color images.
that are related to hashing value extraction are the
key and the Image ID. The key is an 8-bits value - Modify The Marked Image Itself Without
thus its space is 28 = 256. It is not a huge space. The Affecting The Embedded Mark Or
Image ID is the value that should compensate the Creating A New Mark That The Detector
constrained space of the key. The Image ID should be Accepts As Authentic
large enough to accommodate the purpose of its
existence. Each image that is proposed to the system Embedding a new mark is possible, if there is the key,
should have a uniquely identifying value - thus weight, hash key, and image ID. Deducing all those
choosing the length of the Image ID is application key-like structures is impossible. Thus, the attacker
dependent. It should be large enough to can not: modify the marked image as he wants or
accommodate the number of images that may be create a new mark as he wants until he knows all the
subjected to the system. Without mathematical four keys. Some weak fragile marks easily detect
calculations the searching space is very huge. random changes to an image but may fail to detect a
carefully constructed modification. An example is a
fragile mark embedded in the least-significant bit
The Marking Key Should Be Difficult To
plane of an image. An attempt to modify the image
Deduce From The Detection Side without realizing that a mark is expressed in the Least
Information Significant Bits is very likely to disturb the mark and
This property is particularly important in systems that be detected. However, an attacker that may attempt to
have distinct marking and detection keys. The modify the image without disturbing any Least
proposed Content Authentication System uses only Significant Bits or substitute a new set of Least
private keys, so this property is not of concern for the Significant Bits on a modified image that the detector
proposed system. classifies as authentic. Note that this attack is not
applicable for the proposed system. Since changing
8 Attacks Analysis the embedded mark should be done on both the 7
This section will study the effect of the known most significant bits of pixels and on the LSB at the
attacks that may be subjected to the watermarking same time.
technique. Attacks that may subject the hashing value
generator such as the counterfeiting attacks, birthday Completely Removing The Mark
attack, and transplantation attacks are discussed in [2]. It is clear that if an attacker tries to remove the mark,
(for example, by addition of noise to each block, or
Blind Modification making the mark undetectable somehow), that would
Arbitrarily change the marked image by assuming be a very silly attack since the authenticator will
that no mark exists. Those include: cropping, and simply be saying "Inauthentic Image." It will be a
localized replacement (such as substituting one useless image.
person’s face with another.) The latter type of
modification is a significant reason why an Deduction Of Marking Key
application may want to be able to indicate the An attacker may also attempt the deduction of the
damaged regions within an altered image. The marking key which is used to generate the mark. The
36 International Journal of Computing & Information Sciences Vol 2., No. 1 ,April 2004
marking key is intimately associated with an The Proposed Content Authentication has a very
embedded mark. So if it is possible to isolate the high level of security; this is accomplished due
mark, the attacker can study it in order to deduce the the existence of the weight and key matrices used
key (or reduce the search space for the marking key). in the embedding algorithm, as well as, the hash
Once the key is deduced, the attacker can then forge key and the image identification used in the
the mark into any arbitrary image. hashing function.
The proposed system is recommended to
The last sentence is true. If an attacker knew the applications that need an exact authentication of
marking keys, it would be very easy to forge an images with a very high level of security. Law,
authenticated image - provided he knew the hashing commerce, defense, and journalism are
value extraction technique and the embedding recommended applications.
technique. But still, how will the attacker know the
keys. Section 7 shows how possible to know the keys Recommended future work that may be done to the
which are necessary for marking. I think that the only first proposed algorithm can be summarized as
way to know the keys is to contact either the follows:
embedder party or the authenticator, and beg him for For applications that need the original image to
the keys! be authenticated rather than the watermarked
image, more investigation should be done on the
9 Conclusion and Future Work first bit plane. Authenticating of the original first
Experimental results showed an excellent bit plane may need recovering the original bits of
watermarking algorithm in terms of fragile the first bit plane. More investigation on the
watermarking properties. This algorithm enables a erasable (invertible) watermarks would be
high data payload and high transparency at the same helpful in accomplishing this task.
time when compared to existing fragile systems. More investigation on the hashing value extractor
Attack analysis is also provided to study the is recommended; which variables to include in
robustness of the system against known attacks that the calculation of the hash value, and what
may subject fragile watermarking systems. operations should be applied to those variables to
produce the hash value.
This paper proposes a fragile watermarking technique Dedication of the proposed system to some
and studies this technique for Content Authentication application needs more study for the environment
as one of the most important watermarking of that application, e.g., using the proposed
applications. The proposed Content Authentication system in journalism needs to investigate what
System uses a watermarking algorithm that has a are the major issues to concentrate on, when
high level of fragility. This property gives the system using the proposed system.
a very high ability to discover any alteration has
occurred to the Work since the watermark embedding. 10 References
From the study of the proposed watermarking [1] Alomari, Raja', and Al-Jaber, Ahmed. "A
algorithm and the Content Authentication System, Robust Watermarking Algorithm for Copyright
some conclusions can be drawn as follows: Protection." The 3rd ACS/IEEE Conference on
Exact Content Authentication needs fragile Computer Systems and Applications, Cairo,
watermarking algorithms, the more fragility of Eqypt, Jan 2005.
the algorithm, the more ability to detect
tampering in the watermarked Work. [2] Barreto, P., and Kim H., "Pitfalls In Public Key
The proposed watermarking algorithm shows a Watermarking," Proceedings of Sibgrapi-
very high data payload to fidelity trade-off when Brazilian Symposium on Computer Graphics
compared to existing watermarking algorithms. It and Image Processing, pp. 241-242, 1999.
is a logical consequence since at most two bits
are flipped when embedding number of bits equal [3] Cox J., Miller L., Bloom A., Digital
to log (blocksize), e.g., to embed 4 bits in 4 x 4 Watermarking, Morgan Kaufmann Publishers,
pixels block, at most, two bits are flipped. USA, 2002.
The proposed Content Authentication System is
sensitive to any tampering that may occur to the [4] Cox J., Miller L., "The First 50 Years of
watermarked image. The ability of this system Electronic Watermarking", EURASIP J. of
for tamper detection comes from two sides; the Applied Signal Processing, vol. 2, pp. 126-132,
hashing function that is used and the 2002.
watermarking algorithm that it uses.
A Fragile Watermarking Algorithm for Content Authentication 37