A Novel Image Signature Method for Content ... - Semantic Scholar

The Computer Journal Advance Access published October 15, 2011 © The Author 2011. Published by Oxford University Press on behalf of The British Computer Society. All rights reserved. For Permissions, please email: [email protected] doi:10.1093/comjnl/bxr108

A Novel Image Signature Method for Content Authentication Xiaofeng Wang1,∗ , Nanning Zheng2 , Jianru Xue2 and Zhenli Liu1 1 School

of Science, Xi’an University of Technology, Xi’an, Shaanxi 710048, P.R. China of Artificial Intelligence and Robotics, Xi’an Jiaotong University, Xi’an, Shaanxi 710049, P.R. China ∗Corresponding author: [email protected]

2 Institute

Keywords: image authentication; image signature; image hash; tampering detection; DWT-DCT; KL transformation; Huffman encoding Received 29 June 2011; revised 11 August 2011 Handling editor: Wojciech Mazurczyk

1.

INTRODUCTION

Recent developments in digital technology, along with powerful image-editing tools, have made visual contents easy to be changed. This has greatly lowered the credibility of visual content, and the old adage of ‘seeing is believing’ is no longer true. To ensure authenticity and integrity of images, image signature [1] technology has been researched intensively in the recent years. Image signature, also called image hashing, is a short representation of the image content. It is mainly applied in content authentication, image database search, and watermarking, etc. An image signature should have desirable properties: perceptual robustness, tampering sensibility and tampering localization, in addition to properties such as unidirectivity, collision resistance, compactness and key dependency owned by traditional cryptographic hash functions. Perceptual robustness means that the algorithm should produce similar signatures to allowable modifications. Here, signature similarity is measured in terms of some distance. Sensibility means that the algorithm should produce different signatures

to distinct images or illegal tampering to the original image. Tampering localization means that the algorithm should be capable of detecting the tampered areas. The design goal of the image signature algorithm is that it must be robust to content-preserving manipulations and sensitive to malicious tampering, and must possess tampering localization functionality and compact signature length, simultaneously [2]. Unfortunately, current image signature methods cannot well meet with the aforementioned desirable properties simultaneously. Image signature methods in literature can be classified into four categories according to their characteristics [3]. This first class is the statistics-based methods [1, 4–6], however, the recent research result [7] reports that some of these methods are not secure because their signatures can be forged by modifying images without changing their statistical features. The second class is the relation-based methods [8–14]. In these methods, the size relationships of Discrete Cosine Transform (DCT) coefficients or wavelet coefficients are usually used to generate the image signature. The above-mentioned methods can provide

The Computer Journal, 2011

Downloaded from comjnl.oxfordjournals.org by guest on October 16, 2011

We proposed an image signature method for content authentication, which applies a hierarchical approach to construct an image signature. In the first level, DWT and DCT are used to extract image features; then these features are encrypted by using sub-keys that are generated by a cryptographically hash function. In the second level, Karhunen–Loeve transformation is used to reduce the signature length. The main features of the proposed method are as follows: (i) It achieves a trade-off between robustness and tampering sensitivity. (ii) It provides a tool for image tampering detection and tampering localization. (iii) It can be used to detect the thumbnail of the large image to improve detection efficiency. (iv) It provides the compact signature, and the signature length is independent of the image size. Experimental results show that proposed method is robust for contentpreserving manipulations such as JPEG compression, adding noise, filtering and Gamma correction, etc.

2

X. Wang et al.

Original image Io

Feature extraction

Shared Key K

Quantization and compression

Image signature Ho

Selection suitable stage and encryption

FIGURE 1. The process of generating an image signature.

the proposed method can be applied to the thumbnail of a large image, which greatly improves the speed of the detection. The rest of this paper is organized as follows: In Section 2, we describe the overview of proposed method. In Section 3, we describe the image signature generation algorithm. In Section 4, we describe the image authentication algorithm. In Section 5, we present experimental results and analyze the performances of the proposed method. Section 6 concludes the paper with some thoughts on future work. 2.

OVERVIEW OF THE PROPOSED SCHEME

The generation of the image signature usually consists of two phases: (i) extracting image-dependent and secret-keydependent features that are robust for content-preserving manipulations; (ii) quantizing and compressing these features to produce signature. Figure 1 shows the generation process of an image signature. In an image authentication system, the signature will be transmitted by appending it to or embedding it into the original image. The receiver uses the same secret key to generate the signature of the received image, and then determines whether the content has been changed by comparing this signature with the received one (see Fig. 2). 3. 3.1.

IMAGE SIGNATURE GENERATION ALGORITHM First-level feature extraction

The inputted N × N image Io is partitioned into nonoverlapping P × P blocks. We denote each block as Boi , where

Received image It

Shared Key K

Generated signature: Ht

Received signature: H0

Compare H0 with Ht Image is authentic. Detection result: tampered areas.

Image is inauthentic. Tamper localization

FIGURE 2. Image authentication process by using image signature.

The Computer Journal, 2011

Downloaded from comjnl.oxfordjournals.org by guest on October 16, 2011

tampering localization functionality, but they basically do not have robustness to geometric distortions. Additionally, the lengths of their signatures depend on the size of the an images, usually longer than expected. The third class of methods is based on image sketch or coarse representation [15–17]. Most of these methods are only robust to minor modifications [18]. The fourth class of methods is based on lower-level features [7, 19]. These methods are sensitive to manipulations, including enlargement, high quantization and lowered resolution and so on, and have poor robustness. Monga and Evans [7] proposed a method that used the end-stopped wavelets to capture endpoints of the linear structures. Even with good robustness, it still cannot locate altered areas. In addition to the aforementioned four classes of methods, there are other image signature methods including radon-based [20], clustering-based [21] and mesh-based [22] methods. The radon-based methods use a kind of rotation invariance feature to provide robustness to geometrical deformations, but lack the tampering localization functionality. The clustering-based methods have a high computational complexity, and the stability of the generated signature depends on used clustering methods. The mesh-based methods provide good robustness to geometrical deformations, but they are complex in mesh normalization. Recently, Calonder et al. [23] proposed a compact image signature method that is efficient in computing. However, their goal is to build a robust interest point descriptor and high-speed matching algorithm, rather than an image authentication method. Fawad et al. [24] proposed a block-based image-hashing method, which generates hash by permuting the wavelet coefficients of all image blocks. Their method possesses tampering localization functionality, but the size of the hash depends upon both image size and block size [24]. To solve the aforementioned problems, we proposed a hierarchical image signature method with multiple properties: perceptual robustness, tampering sensibility (discriminative capability), tampering localization functionality and compactness. By utilizing the characteristic of space-frequency localization and multi-resolution of the Discrete Wavelet Transform (DWT), the characteristic of energy concentration of the DCT coefficients, and the characteristic of removing correlation of the Karhunen–Loeve (KL) transform, the proposed method is not only robust to content-preserving manipulations such as JPEG compression, adding noise, filtering, Gamma correction, etc., but also sensitive to malicious tampering. Furthermore,

3

A Novel Image Signature Method for Content Authentication i = 0, . . . , N 2 /P 2 − 1. Let Boi (x, y) represent the gray value of the ith pixel at spatial location (x, y) in the block Boi , where 0 ≤ x, y ≤ P − 1. By taking three-level db2 wavelet decompositions for each block, wavelet coefficients are obtained. Let WiLL , WiLH and WiHL represent the wavelet coefficients of the sub-bands LL, LH and HL of the ith block, respectively. By taking DCT of each block, the DC coefficients can be obtained. Let DiDC represent the DC component of the ith block. The first-level feature value of the ith block is

x˜ij = xij + Dec(kij ), j = 1, 2, . . . , 9, then we have ⎞ ⎛ x˜i1 x˜i4 x˜i7 H˜ wdoi = ⎝x˜i2 x˜i5 x˜i8 ⎠ , i = 0, . . . , N 2 /P 2 − 1. x˜i3 x˜i6 x˜i9 The encrypted matrix is then obtained: H˜ wdo = (H˜ wdo0 , H˜ wdo1 , . . . , H˜ wdo(N 2 /P 2 −1) ). 3.3.

Hwdoi = WiLL ∗ DiDC + WiLH + WiHL , where i = 0, . . . , N /P − 1 2

2

(1)

Hwdo = (Hwdo0 , Hwdo1 , Hwdo2 , . . . , Hwdo(N 2 /P 2 −1) ). (2)

3.2.

Sub-keys generation and encryption

To obtain a higher security, we encrypt the first-level feature. (i) Sub-key generation algorithm: To avoid the transmission and distribution of multiple sub-keys in the Internet, we generate sub-keys by using the following algorithm: Considering the advantages in calculation speed and security, we use the cryptographic hash function Ripemd-160 to generate sub-keys. Let K be a secret key shared by a sender and a receiver. Let H (·) represent Ripemd-160. Let k = H (K). We first generate block secret key ki of ith block from k. To encrypt every element of Hwdoi , nine sub-keys are needed. These subkeys are generated as follows (see Fig. 3): (a) let k = H (K), its size is 160 bits, cycle right shift imodl bits to k, to generate k  ; (b) taking rightmost 11 bits as the block secret key ki of the ith block; (c) taking adjacent 3 bits as a sub-key, outputted sub-keys are (ki1 , ki2 , . . . , ki9 ). (ii) Encrypting: Let Dec(x) denote a function that transforms a binary string into a decimal number, and let

Key K

k=H(K)

Second-level feature extraction

For a high-resolution image, H˜ wdo will be a multi-dimensional matrix. To shorten the length of the final signature, we reduce the matrix dimension by using the Principal Component Analysis (also known as KL transformation). (i) The pretreatment: We reform matrix H˜ wdoi according to the column to form a 1 × 9 vector: ⎞ ⎛ x˜i1 x˜i4 x˜i7 H˜ wdoi = ⎝x˜i2 x˜i5 x˜i8 ⎠ → (x˜i1 , x˜i2 , . . . , x˜i9 ). (6) x˜i3 x˜i6 x˜i9 In this way, H˜ wdo is reformed as a (N 2 /82 ) × 9 matrix Do , and its N 2 /82 rows correspond to the N 2 /82 blocks of the tested image. ⎤ ⎡ d12 ··· d19 d11 ⎢ d21 d22 ··· d29 ⎥ ⎥ ⎢ (7) Do = ⎢ ⎥. .. ⎦ ⎣ . d(N 2 /64)1

d(N 2 /64)2

· · · d(N 2 /64)9

To find the position of the image block, we add row sequence numbers and column sequence numbers into Do as its last two columns, then matrix Ao can be obtained: ⎤ ⎡ d12 ··· d19 R1 C1 d11 ⎢ d21 d22 ··· d29 R2 C2 ⎥ ⎥ ⎢ Ao = ⎢ ⎥. .. ⎦ ⎣ . d(N 2 /64)1

d(N 2 /64)2

· · · d(N 2 /64)9

RN/8

CN/8 (8)

The matrix Ao is only used to explain the corresponding matrix At . The matrix At will be generated in an image authentication algorithm; it will be used to find the locations of the tampered areas in the following steps. The matrix Ao is

Cycle right shift imod160 bits

(ki1, ki2, …, ki9)

(5)

k'

Taking rightmost 11 bits

Taking each adjacent 3 bits as a sub-key

FIGURE 3. Sub-keys generation process.

The Computer Journal, 2011

ki

Downloaded from comjnl.oxfordjournals.org by guest on October 16, 2011

Let P = 8, then Hwdoi (i = 0, . . . , N 2 /P 2 − 1) is a 3 × 3 matrix. ⎞ ⎛ xi1 xi4 xi7 Hwdoi = ⎝xi2 xi5 xi8 ⎠ . (3) xi3 xi6 xi9

(4)

4

X. Wang et al.

not involved in generating the image signature. The matrix Do is used for the KL transform. To decrease the impact that the principal component depends on large magnitude elements, we normalize Do by using the method in [2, 10, 25], to obtain a normalized matrix: ⎡

··· ···

n12 n22

n11 n21 .. .

⎢ ⎢ No = ⎢ ⎣ n(N 2 /64)1

⎤

n19 n29

⎥ ⎥ ⎥. ⎦

(9)

· · · n(N 2 /64)9

n(N 2 /64)2

3.4.

Quantization and compression

To obtain a shorter final signature, we quantize Po using method [2, 10, 25]: poqi1 i2 = 127(1 + poi1 i2 ) + 0.5,

where poqi1 i2 ∈ [0, 255]. Let Poq represent the quantized matrix ⎤ ⎡ poq11 poq12 · · · poq19 ⎢poq21 poq22 · · · poq29 ⎥ ⎥ ⎢ (12) Poq = ⎢ . ⎥. ⎦ ⎣ .. poq91

Here nij = (nij − μj )/σj , 1 ≤ i ≤ N 2 /64, 1 ≤ j ≤ 9, μj is the column mean, and σj is the column standard deviation. (ii) Applying the KL transform to normalized matrix No , the eigenvector matrix Po can be obtained. Let poi1 i2 represent an element of Po , where poi1 i2 ∈ [−1, 1], 1 ≤ i1 , i2 ≤ 9. po11 ⎢po21 ⎢ Po = ⎢ . ⎣ ..

po12 po22

po91

po92

⎤ · · · po19 · · · po29 ⎥ ⎥ ⎥. ⎦ · · · po99

· · · poq99

poq92

We can further compress Poq by using Huffman coding to generate Huffman tree HTo . The final signature Ho is generated by Huffman codes of leaves in the Huffman tree, which correspond to each element of Poq . The size of Ho is about 450 bits. Final signature Ho can be transmitted over the Internet by using a public key cryptosystem. It can be used to detect the content authenticity of received images. This process is described as Fig. 4.

(10) 4.

IMAGE AUTHENTICATION ALGORITHM

4.1. Tampering detection Po can be considered as the intermediate signature of the image Io .

Original image Io

For received image It , its signature Ht is generated by using the signature generation algorithm described in Section 3, and

Signature generation algorithm Image signature Ho

Key K

Huffman tree HTo

Internet

Co

Sender’s private key SK

De-signcryption and verification algorithm K, Ho, HTo

Sender’s public key PK

Receiver

Received image It

Ciphertext Co

Sender

Public key signcryption algorithm SigncryptionSK(K, Ho, HTo )

Image authentication algorithm

FIGURE 4. Transmitting process of the image signatures. This process is achieved by using a public key cryptosystem. The process can be divided two stages: sender and receiver. In order to transmit an image Io to a receiver over the Internet in a secure manner, sender first computes image signature Ho using the signature generation algorithm described in Section 3, then signencrypts the corresponding secret key K, Ho and Huffman tree HTo , to generate a ciphertext Co . Co and image Io can be transmitted over the Internet by any way. As the receiver, in order to identify received image It (It may be the original image Io , or tempered image from Io , or a different image), the receiver first de-signcrypts the received ciphertext Co , gets K, Ho and HT o , and then identifies the received image It by using the image authentication algorithm described in Section 4.

The Computer Journal, 2011

Downloaded from comjnl.oxfordjournals.org by guest on October 16, 2011

⎡

(11)

5

A Novel Image Signature Method for Content Authentication reserve the intermediate information: ⎡ dt12 ··· dt19 dt11 ⎢ dt21 dt22 ··· dt29 ⎢ At = ⎢ .. ⎣ .

Rt1 Rt2

dt(N 2 /64)1 dt(N 2 /64)2 · · · dt(N 2 /64)9 RtN/8

⎤

Ct1 Ct2 ⎥ ⎥ ⎥. ⎦ CtN/8 (13)

po91

po92

· · · po99

The following normalized distance D can be considered as the distance measurement between Ho and Ht : 9 9 i1 =1 i2 =1 |pti1 i2 − poi1 i2 | . (17) D= 9×9 If D ≥ T , tested image will be considered as inauthentic; else the tested image will be considered as authentic, where T is a threshold. The receivers cannot obtain the normalized matrix No since they do not have the original image. Considering that the received image It preserves most of the information of original image Io , even if it has been altered by local tampering, we substitute the normalized matrix Nt of It with No to compute the KL score matrix. 4.2. Tampering localization Based on the image signature generated by Section 3, we use method [2, 25] to find the location of tampered image areas. Computing the KL score matrix of It and Io , we obtain, respectively, St = Nt Pt , So = Nt Po (18) Computing the difference matrix S: S = St ± So .

where Stj , Soj and Sj represent elements of matrix St , So and S, respectively. After taking KL transformation, we obtain 9 eigenvalues λt (t = 1, 2, . . . , 9). Hotelling’s T2 -statistics HTSS of the difference matrix S can be calculated: ⎤ ⎡ S11 S12 · · · S1(N 2 /64) ⎢S21 S22 · · · S2(N 2 /64) ⎥ ⎥ ⎢ Let S T = ⎢ . ⎥, ⎦ ⎣ .. S91

S92

···

S9(N 2 /64)

λt = (λt1 , λt2 , . . . , λt9 ), (20)  9     9 2  2  1 1 HTSS = √ S2,i , . . . , √ S1,i , λti λti i=1 i=1    9 2  1 . (21) √ SN 2 /64,i λti i=1 HTSS is a 1 × N 2 /82 matrix, and its significant elements correspond to the image blocks that may be tampered, and its sequence numbers of rows and columns can be obtained from the last two columns of the data matrix At .

5.

EXPERIMENTAL RESULTS AND PERFORMANCE ANALYSIS

In this section, we test and analyze the performance of the proposed method via experiments. Our method is tested using MATLAB7.0. We run programs in the computer with Processor Pentium(R) Dual-Core CPU, E5400 @ 2.70 GHz, 2.00 GB RAM. For the purpose of analysis, we use notations as the following. Let M denote a set of images; then I ∈ M corresponds to an image. According to the relationship between I and other images in M, M can be divided into the following subsets: MD ⊂ M denotes the set of images that are different from I and irrelevant to I . MI ⊂ M denotes the set of images that come from I , and have undergone content-preserving manipulations such as filtering, adding noise and JPEG compression, etc. MT ⊂ M denotes the set of images that come from image I , and have undergone content tampering attacks. There are four types of common malicious tampering: (i) Type-1: Insert external objects into an image (see Fig. 5e). (ii) Type-2: Local changes caused by the copy-move attack in which a part of the image content is copied and pasted

The Computer Journal, 2011

Downloaded from comjnl.oxfordjournals.org by guest on October 16, 2011

Here, elements in At have the same meaning as elements in Ao . The matrix At is not involved in generating the image signature; it is used to store the location information of the image blocks, which would be used to find locations of tampered areas in the following steps. Applying Huffman decoding to Ht and Ho by using the received Huffman tree HTo and the calculated Huffman tree HTt to obtain Ptq and Poq , respectively, we then inverse quantize each element of Ptq and Poq , respectively, by using the following equations [2, 10, 25]: ptqi1 i2 poqi1 i2 pti1 i2 = − 1, poi1 i2 = − 1, (14) 127 127 where 1 ≤ i1 , i2 ≤ 9. The matrices Pt and Po can be obtained: ⎤ ⎡ pt11 pt12 · · · pt19 ⎢pt21 pt22 · · · pt29 ⎥ ⎥ ⎢ (15) Pt = ⎢ . ⎥, ⎦ ⎣ .. pt91 pt92 · · · pt99 ⎤ ⎡ po11 po12 · · · po19 ⎢po21 po22 · · · po29 ⎥ ⎥ ⎢ Pt = ⎢ . (16) ⎥. ⎦ ⎣ ..

Operator ‘+’ or ‘−’ depends on the module of the column vector in the result matrix. They are selected as follows:

Stj − Soj , if : |Stj − Soj | ≤ |Stj + Soj | , (19) Sj = Stj + Soj , if : |Stj − Soj | > |Stj + Soj |

6

X. Wang et al.

FIGURE 5. (a–d) Original images; (e–h) Tampered images.

5.1.

Robustness to incidental changes

The experiments are designed to test that the proposed image signature method is robust for incidental changes caused by content-preserving manipulations. The Equation (17) is used to measure the signature distance between the original image and manipulated images. In experiments, 600 images are tested, in which one-third of them were 200 × 200 pixels another onethird of them were 256 × 256 pixels and residual images were 384 × 384 pixels. The experiment steps are as follows. First, the signature HI of tested original image I is computed using the image signature generation algorithm described in Section 3. Second, we manipulate tested images by using StirMark benchmark, generate noised image, JPEG compressed image, filtered image and gamma corrected image, respectively, denoted as I’, then computing its image signature HI  . Finally, we compute the normalized distance D between HI and HI  by using Equation (17). Number of detected as authentic for tested images,

Number of correct detection. Experimental results are showed in Tables 1 and 2. The passing rate means the probability of correct detection, and is formally defined as follows: Passing rate

{I  |(I  ∈ ∪I {{I } ∪ MI }) ∧ ((I  ) = 1)} × 100%

∪I {{I } ∪ MI } Number of correct detection × 100%. (22) = Total number of tested images =

Here, • denotes an operator to compute the cardinality of a set. Tables 1 and 2 show the probabilities of correct detection for various image-processing manipulations, when the normalized distance D has different values. As can be seen from Tables 1 and 2, with the rise of the normalized distance D, the probabilities of correct detection are increasing gradually. The higher the probability of correct detection, the stronger would be the robustness. It means that our method is robust to a certain extent for the incidental changes caused by content-preserving manipulations such as adding noise, JPEG compression, filtering and gamma correction. In practice, our algorithm can achieve acceptable robustness by choosing normalized distance D. This approach is not robust if used with image modifications, such as translations, where signification portions of the image are lost. The effect of geometric distortions, however, will be addressed in future work. However, if the ‘black borders’caused by rotation or translation can be removed, or a rotated image can be reverse rotated to the original situation (see Fig. 6), then our method can detect the manipulation.

The Computer Journal, 2011

Downloaded from comjnl.oxfordjournals.org by guest on October 16, 2011

somewhere else in the image with the intent to cover another part of image content (see Fig. 5f). (iii) Type-3: Local change caused by the substitution attack in which a part of the image content is substituted by the content of another image (see Fig. 5g). (iv) Type-4: Erase a part of the image content (see Fig. 5h). Let (·) denote the signature-based image tampering detection algorithm. Taking as input an image I , (I ) returns a decision ‘1’ or ‘0’. If (I ) = 1, the detection result returns ‘True’. This means I ∈ {I } ∪ MI , and the image I is considered as authentic. We call it passing the detection. If (I ) = 0, the detection result returns ‘False’, the image I is considered as inauthentic. This means I ∈ MT , I has been tampered and we say it does not pass the detection.

7

A Novel Image Signature Method for Content Authentication TABLE 1. Probability of correct detection for adding noise. Probability of correct detection for adding noise Gaussian noise

Salt and pepper noise

Normalized distance D

Noise factor = 0.001 (%)

Noise factor = 0.003 (%)

Noise factor = 0.002 (%)

Noise factor = 0.004 (%)

0.01 0.02 0.03 0.04 0.05 0.06 0.07 0.08 0.09 0.10

80.1325 83.2230 83.8852 84.1060 84.3267 84.9890 88.5210 88.9625 88.9625 88.9625

80.1325 83.2230 84.3267 84.7682 84.7682 84.7682 86.5342 86.9757 86.9757 87.1965

83.885 85.872 85.872 85.872 86.093 86.534 88.521 88.742 88.742 88.742

79.029 83.223 84.106 84.327 84.327 84.327 86.755 87.196 87.417 87.859

Probability of correct detection for Wiener filtering, JPEG compression and gamma correction

Normalized distance D

Wiener filtering Filter-order = 2 × 2 (%)

Wiener filtering Filter-order = 3 × 3 (%)

JPEG quality factor = 40 (%)

JPEG quality factor = 80 (%)

Gamma correction index = 0.8 (%)

Gamma correction index = 1.1 (%)

0.01 0.02 0.03 0.04 0.05 0.06 0.07 0.08 0.09 0.10

61.589 77.483 79.912 80.353 80.353 80.795 82.781 84.106 84.327 84.327

22.958 59.161 69.316 70.861 72.627 72.627 73.731 81.457 81.457 81.898

58.278 73.289 74.393 74.614 74.614 74.834 77.483 80.132 80.132 80.132

89.625 90.066 90.066 90.066 90.066 90.508 91.170 91.170 91.170 91.170

61.8102 70.8609 72.6269 72.8477 73.0684 73.0684 73.0684 76.3797 76.8212 76.8212

82.1192 84.1060 84.3267 84.5475 84.5475 84.9890 84.9890 87.4172 87.4172 87.4172

FIGURE 6. Remove ‘black border’ and reverse rotated to original situation.

5.2.

Sensitivity to malicious attacks

The sensitivity here means the discriminative capability. It is used to measure the detection capability that the algorithm detects malicious attacks. The higher sensitivity means a stronger detection capability (or discriminative capability).

This experiment is designed to test that the proposed method is sensitive to content changes caused by malicious attacks for images. The types of malicious tampering are shown in Fig. 5. In the experiment, 600 tampered images involve mentioned four types of malicious tampering. Here, one-third of them were

The Computer Journal, 2011

Downloaded from comjnl.oxfordjournals.org by guest on October 16, 2011

TABLE 2. Probability of correct detection for content-preserving manipulations.

8

X. Wang et al.

200×200 pixels another one-third of them were 256×256 pixels and the residual images were 384 × 384 pixels. To quantitatively analyze the sensitivity, we present the formalization definition of the false-negative possibility and the false-positive possibility. PFN = False-negative possibility =

{I  |(I  ∈ MT ) ∧ ((I  ) = 1)} × 100%

Tested tampered images set ∪I MT

Number of tampered images detected as authentic = × 100%, Total number of tested tampered images (23)

5.3. Tampering localization

PFP = False-positive possibility =

Fig. 7 that the proposed scheme attains the probability of correct detection equal to 0.96 when PFN = 0.4. It also can be seen from Fig. 7 that the sensitivity to malicious attacks becomes weaker when the threshold T is higher. This means that a relatively smaller threshold will lead to higher sensitivity. On the other hand, to obtain higher sensitivity, the chosen threshold should be as small as possible. However, a smaller threshold will lead to weaker robustness. In practice, to select threshold T , the concrete application requirements should be considered. Under a suitable selection of T , the proposed method can achieve an appropriate trade-off between sensitivity and robustness.

{I  |(I  ∈ ∪I {{I } ∪ MI }) ∧ ((I  ) = 0)} × 100%

Tested images set ∪I {{I } ∪ MI }

(24) Here, • denotes an operator to compute the cardinality of a set. To discuss in detail, we examine the robustness and sensitivity of our method in terms of the receiver-operating characteristics (ROC). For each original image Io , we compute and store the signature value, which we denote as Ho . Given the received image It , we compute its signature value Ht . Then compute the false-negative possibility and the false-positive possibility by using Equations (23) and (24), respectively. We repeat this process for different authentication thresholds T , and arrive at the ROC. The ROC obtained from the experiments using 600 different images is shown in Fig. 7. We can observe from the

FIGURE 7. ROC curve of the proposed method.

5.4. Tampering localization granularity Tampering localization granularity here means the minimum size of the tampered area that the algorithm can identify. As described in Section 3, the inputted image is partitioned into non-overlapping P × P blocks, and thus, the tampering localization granularity is basically the size of a P × P image block. In our experiment, let P = 8; so the tampering localization granularity is an 8×8 image block. This means that the smallest detection unit is an 8×8 image block. However, for the large tampered areas, fine tampering localization granularity will lead to an inaccurate detection result, e.g. the detection result only shows the outline of the tampered area (see Fig. 14). The size of tampered areas should be different under different attacks. However, before a given image has been detected, we do not know the size of the tampered areas. Therefore, it is rather difficult to settle on a fixed value for this size under different attacks, and the detection process is a trial-and-error process. In practice, we can determine the size of the image block according to image content and semantics.

The Computer Journal, 2011

Downloaded from comjnl.oxfordjournals.org by guest on October 16, 2011

Number of authentic images detected as tampered = × 100%. Total number of tested authentic images

This experiment is designed to test the tampering localization functionality of the proposed method, which refers to the capability to identify the tampered image areas. In experiments, the mentioned four types of tampered images are tested; and tested images are varying in size. Figures 8– 11 show detection results for attack type 1–4, respectively. Figure 12 shows detection results for multiple different tampered locations in one image. Figure 13 shows detection results for a larger size image. In following experimental results, the areas that were confirmed as having been tampered are indicated by white or black blocks. As can be seen from these experimental results, the proposed method can detect the location of altered areas caused by malicious attacks. It is valid for the above-mentioned four types of common malicious tampering. It can detect multiple locations of different tampering in one image (see Fig. 12). It is valid for a larger size image (see Fig. 13).

A Novel Image Signature Method for Content Authentication

9

FIGURE 8. Detection results for type-1 attacks.

FIGURE 10. Detection results for type-3 attacks.

5.5.

Compactness analysis

Image signature is mainly applied in content authentication, database search and watermarking. The signature value should be convenient to store and transmit, and shorter and fixedlength signature value is necessary. Therefore, the length of the signature value is one of the important factors to measure algorithm performance. In experiments, 1000 tested images are different in size. Table 3 shows statistical approximate values of the signature lengths and the size of Haffman trees. The latter is a side product generated in the signature process, and it will be transmitted along with the image signature. As can be seen

from Table 3, the signature lengths of images of different sizes are about 450 bits, the sizes of Haffman trees are about 330 bits, and they are independent of the image size. This means that the proposed method has compact signature length.

5.6.

Comparison and evaluation of authentication performance

To compare the authentication performance of the proposed technique with existing image hashing techniques, we worked

The Computer Journal, 2011

Downloaded from comjnl.oxfordjournals.org by guest on October 16, 2011

FIGURE 9. Detection results for type-2 attacks.

10

X. Wang et al.

FIGURE 11. Detection results for type-4 attacks.

FIGURE 13. Detection result for a larger image.

as follows: (i) We compared our method with several existing image hashing methods in terms of the signature lengths, whether the signature length is variable with the image size, whether they have the tampering localization functionality and whether they possess robustness, etc. The results are listed in Table 4. It is obvious that the signature lengths in [15, 18, 26] are shorter than ours, but they do not possess the tampering localization functionality; the methods in [12] and [16] also do not.

FIGURE 14. Detection result for larger size of tampering areas.

(ii) To discuss the performance of the proposed method, we compared the robustness and sensitivity of various schemes in terms of the ROC (see Fig. 15). Comparing with other schemes, our curve is close to the other curves. This means that the probability of correct detection of our method is not very different from that of the other methods, for the giving false-negative possibility. Furthermore, the proposed method possesses tampering localization capability and shorter signature length, simultaneously. As can be seen from the above comparison results and discussion, the comprehensive performance of our method is satisfactory. In fact, there is no absolute standard for performance estimation of the image hashing methods. Since the image hashing technology has a variety of applications, including content authentication, database search and watermarking, etc., and different applications require different performances; for the applications such as database search and watermarking, shorter and fixed-length hashing methods are necessary. Therefore, it is necessary to develop

TABLE 3. Sizes and the signature lengths of images. Image size

128 × 128 200 × 200 250 × 250 384 × 384 424 × 424 512 × 512 656 × 656 832 × 832 976 × 976 1496 × 1496

Signature length 449 (bits) Size of Haffman 336 tree (bits)

455

450

443

442

443

438

445

424

427

332

316

301

314

297

290

299

273

261

The Computer Journal, 2011

Downloaded from comjnl.oxfordjournals.org by guest on October 16, 2011

FIGURE 12. Detection results for multiple different locations of tampering.

11

A Novel Image Signature Method for Content Authentication TABLE 4. Performance Comparison of signature schemes. Robustness

Image signature schemes

Signature length (bits) for 512 × 512 image

Signature length is variable with the image size

Tampering localization

JPEG, adding noise, filtering

Rotate/scale

Fawad [24] Mihcak and Venkatesen [16] Venkatesan et al. [4] Tang et al. [10] Guo and Hatzinakos [12] Proposed method Fridrich and Goljan [15] Swaminathan et al. [18] Zhang et al. [26] Monga and Evans [7]

7168 1000 805 576 512 450 420 420 400 Variable

Yes No Yes No No No No No No Yes

Yes No No Yes No Yes No No No No

Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

No No