A Wavelet-Based Fragile Watermarking Scheme for Secure Image ...

A Wavelet-Based Fragile Watermarking Scheme for Secure Image Authentication HongJie He1 , JiaShu Zhang1 , and Heng-Ming Tai2 1

Sichuan Key Lab of Signal and Information Processing, Southwest Jiaotong University, Chengdu, Sichuan, 610031 China 2 The Electrical Engineering Department, the University of Tulsa, Tulsa, OK 74104, USA

Abstract. This paper proposes a wavelet-based fragile watermarking scheme for secure image authentication. In the proposed scheme, the embedded watermark is generated using the discrete wavelet transform (DWT), and then the improved security watermark by scrambling encryption is embedded into the least significant bit (LSB) of the host image. The proposed algorithm not only possesses excellent tamper localization properties and greater security against many attacks, but also demonstrates a new useful feature that can indicate whether the modification made to the image is on the contents or the embedded watermark. If only the watermark is modified, the authenticity of the image is assured, instead of being declared as a counterfeit. Experimental results illustrate the effectiveness of our method. Keywords: fragile watermarking; discrete wavelet transform (DWT); the vector quantization attack; the transplantation attack.

1

Introduction

Fragile watermarks are designed to protect the authenticity and integrity of digital images by detecting changes in an image [1-2]. Other than having the property of thwarting a wide spectrum of attacks including vector quantization attack and transplantation attack [3-6] for secure communication applications, fragile watermarking schemes typically have the functionalities for image authentication and tamper localization [3-9]. However, the feature of distinguishing whether the tampering is on image contents or on embedded watermarks, which might be important to practical applications, has not been addressed in the literature. For digital image, the modification of its contents and of the watermark is not the same. Content alteration destroys the integrity and authenticity of the image, while the tampered watermark does not affect the authenticity of the image. Therefore, the verification process in a watermarking system should be able to detect and localize exactly where the contents are tampered. At the same time, it also should authenticate the image if the alteration is only on the watermark. This task is called the tamper discrimination. For example, if only the watermark is modified, the verification algorithm should indicate that the image is authentic Y.Q. Shi and B. Jeon (Eds.): IWDW 2006, LNCS 4283, pp. 422–432, 2006. c Springer-Verlag Berlin Heidelberg 2006

A Wavelet-Based Fragile Watermarking Scheme

423

and can be used as desired rather than regarded it as a fake. Unfortunately, the current fragile watermarking algorithms have the tamper localization capability, but do not have the capability of distinguishing these two alterations. As a result, attacker can forger the digital media by tampering the embedded watermark only, not contents, so as to confuse the system and to make the image fail the verification process. The mere existence of such a flaw indicates a weakness in the schemes. To overcome this problem, we present a wavelet-based fragile watermarking scheme for image authentication and tamper discrimination. In proposed algorithm, the embedded watermark is generated using the discrete wavelet transform (DWT), and then the improved security watermark scrambled by scrambling encryption is embedded into the LSB of the image data. The strategy of a scrambling encryption can not only extent the ability to discriminate the watermark tampering from the content tampering, but also increase the security against VQ attack and transplantation attack. In addition, the proposed algorithm possesses excellent tamper localization properties. All the aforementioned features will be described in later sections and validated by theoretical analysis and experimental results.

2 2.1

Proposed Fragile Watermarking Scheme The Embedded Watermark Generation

This work intends to improve localization accuracy and security of the watermarking scheme as well as to provide as much information of the altered image as possible. To achieve these goals, certain processes must be taken into account in the watermark generation process. Here we select the low frequency wavelet coefficients from the 2-D one-level DWT to produce a low-frequency compressed image by a 4-bit non-uniform scalar quantization. Then the watermark is formed from the binary version of this compressed image. At the same time, we employ a scrambling encryption scheme to enhance the security of the watermarking algorithm. Details of the watermark generation process are described as follows. Step 1: Perform a one-level DWT after setting the LSB of the original m × n image X to zero and extract the low-frequency coefficients denoted as LL. The DWT has an advantage of achieving both spatial and frequency localization. In other words, each wavelet coefficient represents image content local in space and frequency [10]. Fig.1 shows the mapping between spatial block and DWT coefficients. Choosing the proper the wavelet basis such as DB1, a lowfrequency coefficient in one-level DWT mostly depends on the spatial block size of 2 × 2. More specifically, a low-frequency coefficient LLij depends on the pixel values in the block X((i−1)×2+1 : i×2 , (j −1)×2+1 : j ×2), noted as Xij (2). Where i = 1, · · · , m/2 and j = 1, · · · , n/2. Step 2: Apply a 4-bit non-uniform scalar quantization to LL using a secret key k1 and obtain the image Q. That is Q = f (LL, k1 ).

(1)

424

H. He, J. Zhang, and H.-M. Tai

Fig. 1. The mapping between spatial block and DWT coefficients (a) ”Lena” image, (b) the one-lever DWT of ”Lena”

The (i, j) element of Q is defined as a, min + aq + δa ≤ LLij < min + (a + 1)q + δa+1 Qij = 15, LLij = max

(2)

Where min and max represent the minimum value and the maximum value in LL, i = 1, · · · , m/2 and j = 1, · · · , n/2. q = (max − min)/16 is the uniform quantization step length, and x denotes the smallest integer larger than or equal to x. The random sequence {δa , a = 0, 1, · · · , 15}is derived from k1 and has value between −q/4 and q/4. Fig. 2 depicts such non-uniform scalar quantization. We name Q = [Qij ]the LL-band scalar quantization matrix.

Fig. 2. Non-uniform scalar quantization scheme

Step 3: Given the secret key k, the LL-band scalar quantization matrix Q is scrambled encryption to produce the encrypting matrix E, depicted as: E = P (Q, k)

(3)

Where, P (.) means scramble encryption function. Step 4: Convert each Eij into a four-bit binary, i.e., Eij = [b3 b2 b1 b0 ]2 and form a binary matrix. b ,b Bij = 3 2 (4) b1 , b0 Step 5: By assembling Bij together according to its position, we obtain the embedded watermark image W = [Bij ] generated by the host image X;


425

Note thatBij is a binary block with size of 2 × 2. As a result, the embedded watermark image W is a same size with original image. 2.2

Watermark Embedding

The embedding procedure is similar to Wong’s and other fragile watermarking techniques that exhibit invisibility and tamper localization [1-9]. We insert the generated embedded watermark image W into the LSB of the pixels in X. That is, Y = X/2 × 2 + W (5) Where, Y is the watermarked image. Clearly, the proposed method, through scrambling, embeds the watermark into the LSB of the image pixels. In this manner the watermark derived from a block Xij (2) is not embedded into the same block; rather, it is randomly placed the LSB of other block. This introduces block-wise non-deterministic dependency among all blocks in the image. Therefore our method improves the robustness to thwart VQ attack and transplantation attack [3, 9]. In addition, our algorithm can achieve excellent tamper localization due to a block size of 2×2. It is worth mentioning that the strategy of scrambling encryption can also extend the new capacity to discriminate tampers on the content or watermark. 2.3

Authentication Algorithm

In the verification procedure, the watermark W is first extracted from LSB of each pixel of the target image Y ∗ . And then the reconstructed encrypting matrix E is computed using W according to an inverse procedure to the step 4 in the watermark generation. The reconstructed LL-band scalar quantization matrix Q is obtained using the correct key k, Q = P−1 (E , k)

(6)

Where P−1 (.) is the inverse function of P (.). Next according to the secret key k1 , we apply the steps 1 and 2 in watermark generation to compute the LL-band scalar quantization matrix Q∗ from Y ∗ . By calculating the difference matrix, Q = |Q∗ − Q |

(7)

Tamper localization and tamper discrimination can be achieved by viewing the difference matrix. Consider the case where the tested image was not altered, this implies Q∗ = Q and Q = Q . Hence we have Q = 0. The proposed method, through scrambling, embeds the watermark into the LSB of the image pixels. As a result, the Q displays randomly distributed isolated points if the watermark is altered. If Q contains clustered regions, then the image contents in those regions are altered. According to the predefined threshold T , we can localize the area of alterations on image content with high probability. The approach is described as follows.

426


Let tij denotes the nonzero number in N8 (Qij ) which is a set formed by eight adjacent pixels of Qij [11] and T is the predefined threshold (Details will be discussed in the following sub-section). Tamper discrimination and localization can be achieved by detecting each/every pixel in Q. (1) If Q = 0, then corresponding to image block Yij∗ (2) would be considered as authentic; (2) If Q = 0and tij ≥ T , it would be considered as tamper on the content of Yij∗ (2). (3) If Q = 0and tij < T , it would be thought of tamper on watermark, the Yij∗ (2) is genuine. Obviously, according to the predefined threshold T , the proposed algorithm can not only distinguish alterations between the content and watermark, but also accurately localize the regions of alterations on image content. Consequently, the value of threshold T becomes a pivotal issue to be solved. 2.4

The Threshold T

In this sub-section, we will discuss how the threshold is selected from the theory of probability. Tamper discrimination aims at verifying the authenticity of the content of image block Yij∗ (2), whose corresponding Qij unequal to zero. The nonzero pixels Qij is resulted by tampering some watermarks or the content of the Yij∗ (2). Thus, tamper discrimination can be formulated as a binary hypothesis test as follows: • H0 : the content of image block Yij∗ (2) is tampered, i.e.,Yij∗ (2) is not authentic. • H1 : there are alterations on watermarks in the tested image, while the content of Yij∗ (2) is authentic. In order to decide on the valid hypothesis, tij is compared with a suitably selected threshold T . For a given threshold T , the system performance can be measured in terms of the probability of false acceptance Pfa (T ) (i.e., the probability to consider it as authentic when the content of image block is tampered) and the probability of false rejection Pfr (T ) (i.e., the probability to reject it when the content of image block is authentic). Pfa (T ) = P {tij < T |H0 }

(8)

Pfr (T ) = P {tij ≥ T |H1 }

(9)

In the ideal case, a threshold T should exist such that both Pfa (T ) and Pfr (T ) are zero. In order to calculate Pfa (T ) and Pfr (T ), the fundamental theorem in probability and statistics can be used. Theorem 1: if t obeys binomial distribution t ∼ B(n, p) , n, p as the parameters, then the probability of t less than given T is: P (t < T ) =

T −1 i=0

Cni P i (1 − p)n−i

(10)


427

Where Cni denotes the combination that i elements selected from n elements. For the proof of this theorem, the reader is referred to any book of probability theory [12]. • Under the hypothesis H0 : If the content of Yij∗ (2) is tampered randomly, the corresponding Q∗ij is integer within [0, 15] with identical probability. That is, the probability of Q∗ij to be unchanged is about one of sixteen parts in this case. Consequently the probability to detect the modification on the content of Yij∗ (2) is approximate 15/16. Suppose the image content of N8 (Qij ) is tampered at random, it could be concluded as tij ∼ B(8, 15/16) from the theory of probability. According to Theorem 1, the probability of tij less than T : P (tij < T |H0 ) =

T −1

C8t (15/16)t(1 − 15/16)8−t

(11)

t=0

That is: Pfa (T ) =

T −1

C8t (15/16)t (1 − 15/16)8−t

(12)

t=0

• Under the hypothesis H1 : Suppose w is the number of watermarks in tampered regions, we can obtain the reconstructed LL-band scalar quantization matrix Q according to formula (6), where the altered bits obey a uniform distribution. Therefore, the nonzero probability to each pixel in Q is same and equal to, (13) Pw = (w/4)/((m/2) × (n/2)) = w/(m × n) In this condition, the probability that tij is less than given T is: P (tij < T |H1 ) =

T −1

C8t (Pw )t (1 − Pw )8−t

(14)

t=0

Therefore, Pfr (T ) = 1 −

T −1

C8t (Pw )t (1 − Pw )8−t

(15)

t=0

In watermarking algorithms for authentication, the goal of the attack is not make the authentication watermark unreadable, but to try to make the change undetectable [5], therefore the number of changed watermarks is not many, i.e. Pw is small. According to the formulas (12) and (15), Fig.3 shows the curve of Pfa (T ) using a symbol ”” and six curves of Pfr (T ) with different values Pw . As can be seen from Fig.3, with increasing T , the Pfa (T ) increases but the Pfr (T ) reduces. For a given threshold T , the larger Pw leads to the larger Pfr (T ). For detecting the content tampers with high probability such as more than 99%, the threshold T is not more than 5(Pfa (5) = 8.7 × 10−4 ). Fig.4 shows the theoretical result of Pfr (5) using a symbol ”” with different values Pw . Two experimental results of Pfr (5) , using the gray image of ”Lena” and ”woman”

428


Fig. 3. One Pfa (T ) curve and six Pfr (T ) curves

Fig. 4. Pfr (T ) results in comparison of theory and experimental with T = 5

with size of 256×256, are shown in Fig.4. As can be seen from them, the value of Pfr (5) is almost zero when Pw < 0.075 . Increasing the number of tampered watermarks to Pw = 0.25 caused the probability of false rejection Pfr (T ) to increase to nearly 0.03. These results indicate that our algorithm can discriminate tampers on image content or watermarks with high probability when the altered watermark information is less than 1/5.


3

429

Performance Analysis and Simulation Results

Now, we will demonstrate the effectiveness of the proposed approach with experimental results and discuss the performance of our algorithm. In simulation, the tested images are grayscale images with different size, the pixels values are within [0, 255]. We demonstrate the results of our method using the 240 × 320 image shown in Fig.5 (a), while the watermarked image is shown in Fig. 5(b). The power signalto-noise rate (PSNR) between the watermarked image and the original one is 51.1023dB. Fig. 5(c) shows the difference matrix extracted from watermarked image. Clearly, all pixels equal to zero and the tested image would be considered as authentic.

Fig. 5. Original and watermarked images: (a) original image; (b) watermarked image; (c) difference matrix

3.1

Discrimination Tampers

To illustrate the effectiveness on the tamper discrimination property of the proposed method, several experiments were carried out using the watermarked image of Fig.5 (b). The types of tamper are the manipulation occurred on: • Tamper 1: Both the image content and the watermark—- a fake plate number ”R237JAD” is pasted on the watermarked image of Fig.5 (b). This tampered image is shown in Fig.6 (a). • Tamper 2: The image content —- we replace the 7 most significant bits (MSBs) of each pixel in Fig.5 (b) with that in Fig.6 (a). The resulting image is depicted in Fig.6 (b). • Tamper 3: The watermark—- we replace the LSB of each pixel in Fig.5 (b) with that in Fig.6 (a). That is, we alter the watermark of the test image. The tampered image is shown in Fig.6 (c). Figs. 6(d), 6(e) and 6(f) are the difference images of three corresponding tampers, respectively. Tamper localization and tamper discrimination can be achieved by viewing the difference images. As can be seen from Fig. 6(a), altered plate is located. The isolated dots spread all over the image indicate that the embedded watermark was changed. On the other hand, as shown in Fig. 6(c),

430


Fig. 6. Tampered images and corresponding difference matrixes (a), (b) and (c) are the tampered images of three corresponding tampers, respectively; (d), (e) and (f) are the difference matrixes of three corresponding tampers, respectively

Fig. 7. Authentication results in comparison of tamper discrimination (a), (b) and (c) are authentication results by the proposed algorithm; (d), (e) and (f) are the results by Wong’s algorithm [7]

only spread isolated dots appears. This implies that the manipulation on the image is only restricted to the watermark. Thus the image content is genuine. According to the predefined threshold T =5, the authentication results of three tampers above are shown in Figs. 7(a), (b) and (c), respectively. In the (a)


431

Fig. 8. Results in comparison of tamper localization accuracy (a) watermarked image; (b) tampered image; (c) authentication result by proposed method; (d) authentication result by Wong [7]

and (b), they exhibit the same altered regions and it suggests that the proposed method can localize the image content modification whether watermark in the tampered regions is altered or not. In (c), there were not non-zero pixels and it means that corresponding image content is genuine. The Wong’s and other LSB-modification schemes from the literature embed the watermark derived from a block into the LSB in the same block. Thus, no matter whether where the tampering is on the image contents or the watermark, the alternations shown in the decoded image are still confined in that block. This results in the indistinguishable detection results. Using the same test image and the same modification, Figs. 7(d), 7(e) and 7(f) show the results of three tampers using Wong’s algorithm [7]. It can locate where the alteration of the image is. But we cannot tell what kind of manipulations being made on the marked image; and they might be declared fake, even though Fig. 6 (c) contains genuine digital contents. 3.2

Localization Accuracy

In this experiment, we test the localization accuracy of the proposed algorithm. In current block-wise schemes, the tamper localization accuracy is a block size of 8×8; whereas our algorithm can achieve an accuracy of 2×2. Fig.7 (a) is a watermarked image generated by the proposed algorithm. Using ”Photoshop”, a cup is placed in (a) and the tampered image is shown in Fig.7 (b). With the predefined threshold T=5, the authentication result by our algorithm is shown in Fig.7 (c). Using the same method, Fig. 7 (d) shows the authentication result by Wong [7]. The above results demonstrate that our authentication algorithm is more accurately than the exiting block-wise schemes such as Wong’s.

432

4


Conclusion

A wavelet-based fragile watermarking algorithm for secure image authentication has been presented. In proposed algorithm, the embedded watermark is generated using the discrete wavelet transform (DWT), and then the improved security watermark scrambled by chaotic systems is embedded into the LSB of the image data. This results in much improved protection of the watermarking system. Simulation results have been given to demonstrate that the proposed method exhibits excellent tamper localization and discrimination properties. To discuss on future work in conclusion.The further work is dedicated to develop a secure fragile watermarking scheme with tamper recovery. Acknowledgments. This work is partially supported by the Program for New Century Excellent Talents in University of China (NCET-05-0794), the Sichuan Youth Science and Technology Foundation (03ZQ026-033 and 51430804QT2201), and Application Basic Foundation of Sichun Province, China (2006 J13-10).

References 1. M.M. Yeung and F. Mintzer, An invisible watermarking technique for image verification, Proc. IEEE Int. Conf. Image Processing, 1997, vol. 2, pp. 680-683. 2. P. Wong, A public key watermark for image verification and authentication, Proc. IEEE Int. Conf. Image Processing, Chicago, IL, 1998, pp. 425 - 429. 3. Barreto, P., Kim, H., Rijmen, V., Toward secure public-key block-wise fragile authentication watermarking, IEE Proceedings-Vision, Image and Signal Processing, 2002.2 (149), pp: 57-62. 4. M.Holliman and N. Memon, Counterfeiting attacks on oblivious block-wise independent invisible watermarking schemes, IEEE Trans. Image Processing, vol. 9, no. 3, pp. 432-441, March 2000. 5. J. Fridrich, Security of fragile authentication watermarks with localization, Proc. SPIE, vol. 4675, Security and Watermarking of Multimedia Contents, San Jose, CA, Jan., 2002, pp. 691-700. 6. F.Deguillaume, S.Voloshynovskiy, T.Pun, Secure hybrid robust watermarking resistant against tampering and copy attack, Signal Processing 83(2003):2133-2170. 7. P. Wong and N. Memon, Secret and public key image watermarking schemes for image authentication and ownership verification, IEEE Trans. Image Processing, vol. 10, pp. 1593-1601, 2001. 8. Suthaharan, S., Fragile image watermarking using a gradient image for improved localization and security, Pattern Recognition Letters, 2004(25),pp:1893-1903. 9. Yinyin Yuan, Chang-Tsun Li., Fragile Watermarking Scheme Exploiting Nondeterministic Block-wise Dependency, In proceeding of 17th International Conference on Pattern Recognition (ICPR’04). 10. Justin K R, Hyeokho Choi ,et al, Bayesian Tree-structured image modeling using wavelet-domain hidden markov models, IEEE Transactions on Image Processing, 2001, 10(7):1056 - 1068. 11. Rsfael C.Gonzalez, Richard E.Woods, Digital image processing (second edition), Publishing House of Electronics Industry (in Chinese ), BEIJING,2003.3 12. Li Yuqi, The Theory of Probability and Statistics, Beijing: National Defense Industry Press, (in Chinese), 2001.