Content fragile watermarking based on a computer ... - Semantic Scholar

INSTITUTE OF PHYSICS PUBLISHING

JOURNAL OF OPTICS A: PURE AND APPLIED OPTICS

J. Opt. A: Pure Appl. Opt. 7 (2005) 333–342

doi:10.1088/1464-4258/7/7/011

Content fragile watermarking based on a computer generated hologram coding technique Giuseppe Schirripa Spagnolo, Carla Simonetti and Lorenzo Cozzella INFM—Dipartimento di Ingegneria Elettronica, Universit`a degli Studi ‘Roma Tre’, Via della Vasca Navale, 84, I-00146 Roma, Italy1

Received 12 January 2005, accepted for publication 3 May 2005 Published 21 June 2005 Online at stacks.iop.org/JOptA/7/333 Abstract In this paper we present a content fragile watermarking based on a computer generated hologram coding technique. Content fragile watermarking techniques aim to prevent tampering and fraudulent use of modified images. A content fragile watermark monitors the integrity of the content of the image but not its numerical representation. Therefore, the watermark is designed so that the integrity is proven if the content of the image has not been tampered with. However, if parts of the image are replaced, the watermark information should indicate evidence of forgery. Using computer generated hologram watermarking, the embedded mark could be easily recovered by means of a Fourier transform. Due to this fact the host image can be tampered with and watermarked with the same holographic pattern. To avoid this possibility we have introduced an encryption method using a private key. The proposed technique is suitable for use for freelancers’ photography authentication. It could be applied to colour images as well as to grey-scale ones. The proposed schema is based on the knowledge of the original mark from the authentication entity, to apply image correlation between this and the extracted one. Keywords: digital watermarking, authentication, fragile watermarking, digital signature image, computer generated hologram (CGH)

(Some figures in this article are in colour only in the electronic version)

1. Introduction The digital revolution has brought profound changes in information communication and data processing. Digital images are gradually replacing their classical analogue counterparts. Digital images are easy to edit, modify, and exploit. For instance, nowadays news agencies buy photographs from freelancers. This situation leads to the possibility of buying a ‘manipulated photograph’, in which the seller has modified the content to sell the photograph for a higher price. In this setting the possibility of certifying the originality of the photograph becomes important. A content fragile watermark is a mark that is readily altered or destroyed when the host image is modified through 1 http://host.uniroma3.it/laboratori/escher/

1464-4258/05/070333+10$30.00 © 2005 IOP Publishing Ltd

a linear or nonlinear transformation [1, 2]. A content fragile watermark monitors the integrity of the content of the image but not its numerical representation. Therefore, the watermark is designed so that the integrity is proven if the content of the image has not been tampered with. However, if parts of the image are replaced, the watermark information should indicate evidence of forgery. The sensitivity of fragile marks to modification leads to their use in digital image authentication. That is, it may be of interest for parties to verify that a digital image has not been edited, damaged, or altered since it was marked. Image authentication systems have applicability in law, commerce, defence, and journalism [3–7]. This paper presents a complete schema, based on a computer generated hologram watermarking, for allowing the

Printed in the UK

333

G S Spagnolo et al

Figure 1. Encoding, decoding, and comparing embedded watermarks in a digital image. In the encoding process (a), a content creator/owner inserts a mark into an original digital image. In the decoding process (b), the content owner checks a test image trying to recover a mark, and then compares the recovered image with the original inserted one.

verification of the originality of digital images. To allow better security, the proposed method uses a secret key. A possible schema to encode the watermark is shown in figure 1(a). In the encoding process a content creator/owner inserts a watermark into an original image. When a user receives a test image, he or she uses the detector to evaluate the authenticity of the received image. The detection process requires knowledge of ‘side information’. The side information is the secret key and image of the mark. A possible schema to decode the watermark is shown in figure 1(b). To compare the recovered watermark to the original insert one, generally, statistical tests are used. In this work we use the correlation coefficient as a statistical test. In this paper we propose a computer generated hologram coding technique, adopted and designed to detect any unauthorized modification for the purpose of image authentication. Starting from the watermarking creation, including the particular pattern used for embedding the mark image, we will describe, with the support of proper mathematical formulations, the cryptographic method used. Then, we will detail a set of tests made on common images to demonstrate the strength of the cryptographic method and the fragile property of the proposed watermarking technique. In this scope, we will show the result of detection of a tampering attempt made on the image ‘cat’s home’, in which only a very small part of the image itself will be forged (e.g. modified). To our knowledge this is the first time that the possibility of reconstructing the codified information through a hologram using only a small part of it has been used for detecting part(s) of an image that have been tampered with and therefore for the authentication of the digital image.

2. Content fragile watermarking based on computer generated hologram coding techniques A watermark is a digital, stubborn, signature used for identifying possible malicious data manipulation or for certifying intellectual property right (IPR). 334

Figure 2. Mark images used in this work: (a) logo of University ‘Roma Tre’; (b) photograph of one of the authors; (c) writing ‘cat’s home’.

For digital image authentication, the desirable watermarking features are the following: • the impossibility to reintroduce a mark into a photograph after its extraction; • the destruction of the mark in the case of manipulation; • mark invisibility. The proposed technique, of watermarking based on a computer generated hologram (CGH), has the important advantage that a content-fragile schema can be defined: every manipulation changing the visual content of the cover can be detected. Another important characteristic of CGH watermarks is that, even if the embedded data are content related to the cover, they are noise-like and therefore difficult to detect and remove. CGH is a holographic technique in which the diffraction pattern to be used as the hologram is generated numerically by a computer and then the image is reconstructed numerically. The CGH of a mark image can be considered as a pseudonoise mask which will be the input data of the watermarking algorithm. In our work, we used the mark images shown in figure 2. First of all, the mark image (IM ) is resized to an eighth of the dimensions of the hosting image. Subsequently, it is duplicated and positioned inside a structure with the same dimensions as the image which must be marked, such as

Content fragile watermarking based on a computer generated hologram coding technique

(a)

(b)

Figure 3. Resizing and zero padding of the ‘Roma Tre’ logo (a) and the relative diffuse-type Fourier transformed hologram (b).

that as shown in figure 3(a). The mark image, so modified, is elaborated to generate its grey-scale diffuse-type Fouriertransformed hologram (CGH) (see figure 3(b)). We made this manipulation to simulate an off-axis holography. It is not within the scope of this paper to explain the realization of such a type of CGH, for which references can be found in the literature [8–14]. In the reconstruction phase we obtain four copies of the mark image positioned at the four corners of the frame (see figure 4). These four copies are due to the twin image effect, which reproduces, in the reconstruction phase, two copies, symmetric with respect to the centre of the image, for each image present in the original mark. The CGH of the mark image is embedded into the hosting image IH , resulting in content fragile watermarking. Before embedding the CGH, a suitable lowpass filter, in the frequency domain [15], is applied to the hosting image IH . In this way all high frequency information is eliminated from the image. This operation is necessary, because the watermarking schema foresees that the mark can be extracted from the marked image spectra. For this reason the spectra of the obtained filtered image (IF ) and the spectra of the CGH have to be spatially separated. By means of the filtering, the hosting image spectrum is concentrated only in the low and medium frequencies, whereas the CGH spectrum is only in the high frequency. The transfer function of the lowpass filter, used in this work, is if(x − xc )2 + (y − yc )2
R ⇒ 0.08 + 0.46
   π (x − xc )2 + (y − yc )2 × 1 − cos −π R otherwise ⇒ 0

(1)

where R is the filter radius and (xc , yc ) is the filter centre position. In our application (xc , yc ) corresponds to the centre of the IH spectra, and R is given by √ R = (ROWIm /4) 2 (2) where ROWIm is the number of rows of the image (and so of the related spectra). The use of the transfer function shown in equation (1) has the advantage of having very little influence on the low frequency where the image spectrum information is almost entirely concentrated [16] and therefore does not damage the image.

Figure 4. Image reconstructed from the hologram shown in figure 3(b).

In contrast, the noise present in the part of the spectra that contains the information codified from the CGH is filtered out. In this way the CGH replaces the original image noise. Before introducing the CGH inside the filtered image, this is modified to take into account the human eye logarithmic response. The previous transformation makes it possible to apply a greater attenuation value to the darker image pixels than to the lighter ones: CGHMD (ξ, η) = α[CGH(ξ, η)·2IF (ξ, η)+CGH(ξ, η)]. (3) The attenuation coefficient α allows us to make the mark invisible in the image. From now on, CGHMD indicates the computer generated hologram utilized in our watermarking schema. This value is subtracted from the filtered image IF , obtaining the watermarked image IW . The resulting image has a difference according to the initial one. To obtain the marked image with the same dynamics as the hosting image, the marked image is obtained by the following equations:
(IF − CGHMD ) − min[IF − CGHMD ] IW = max[IF − CGHMD ] − min[IF − CGHMD ]  ×(max[IH ] − min[IH ]) + min[IH ].

(4)

The pipeline used to obtain the watermarking image by means of our procedure is synthesized in figure 5. This figure shows that content fragile image watermarking by the computer generated hologram method can be applied either to a greyscale hosting image, or to an RGB colour one, working on each colour channel.

3. Cryptographical enhancement Watermarking with digital holographic techniques has the problem that the mark can be easily recovered with a Fourier 335

G S Spagnolo et al

Figure 5. Pipeline for the production of the CGH watermarking.

transform [14] and then the host image can be tampered with and be watermarked with the same holographic pattern. To avoid this situation we have introduced a private key encryption scheme to enhance the security level of the watermarked images [17]. Thus, the proposed technique could be used in practical applications. The used encryption scheme is derived from the AES Shift Row step [18], which rotates a sub-matrix of 16 elements of a defined quantity, different for each row. The proposed technique differs from the described AES step in some particulars. First of all, the pixel shift is applied to all the mark image pixels row by row. This approach is repeated column by column. The shift value is still different from a row (column) by another, but the vectors (one for rows and one for columns) of shifting values are now created using a pseudo-random number generator. In this way we achieve the following goals. • The values are pseudo-random, so mark decoding and extraction are possible. • The vector values depend on a secret key; in this way we can allow only an authorized person to correctly extract the embedded mark. The adopted solution is based on the so-called linear congruency method (LCM) [19]. This well known approach allows us to create a vector of pseudo-random numbers, with internal repetition. To make sure that no internal subsequence reduces the robustness of the ciphering solution, the parameters of the LCM have to have some important characteristics. To describe these characteristics, we briefly report the LCM formula (5) xn+1 = (a · xn + c) mod m. 336

The factor m has to be longer than the desired dimension d, which represents the number of rows (columns) of the mark image. This condition is necessary, but not sufficient, to grant the absence of internal sub-sequences. In fact, a also has to be different from m and c, and c has to be different from zero. Our choice is to choose m prime, greater than d, for example calculating the prime number closest to 4 · d and assigning it to m. In this way m is surely greater than d, and respects the other two conditions. The other parameters, such as a, c and x0 , are determined starting from the inserted key. Before explaining in detail the conditions used for extracting the LCM parameters, it is important to describe the complete encryption technique. First of all, the user inserts a personal secret password. Using this, the system creates two different vectors, called Randrow e Randcol , with dimensions equal to the number of rows and columns of the mark image respectively. We thereafter apply a shift rotation operation to each pixel of each row, using as offset the related Randrow element value (i.e. for shifting the i th row pixels, we use the i th Randrow element). The same approach is also repeated for each pixel of each column, using the other random vector, Randcol . To make the encoding mark more similar to a random-like noise, so as to make it difficult to know whether an encrypted mark exists or not in the reconstruction phase, in the explained schema a block encryption method is also applied. After the previously described steps, the resulting image is subdivided in blocks using the previous mechanism. In figure 6 the complete path applied to a 6 × 6 matrix is shown. In grey are highlighted two contiguous image pixels and their path till the end of the encryption method.

Content fragile watermarking based on a computer generated hologram coding technique

Figure 6. Example of the complete encryption path applied to a 6 × 6 image. Can be viewed as grey contiguous pixels moving each other. The resulting image is similar to random noise.

Due to the fact that we used two different random number vectors, generated using the LCM formula, and taking into consideration that one of the four LCM parameters (m) is related to the image dimension (m = 4 · d), we need to extract two different sets of three numbers for a total of six different parameters. We preferred to create six different parameters, instead of using the same three, because in this way the six internal parameters are strictly referred to the key’s statistical characteristics, and only by knowing the input key is it possible to extract the mark. The six parameters are calculated as follows. (1) Initially, the key is transformed into a vector of length L, with L the key’s length. Each character of the key is turned into an element of the vector K i . This transformation is realized taking into consideration the value of the ASCI code of the single character, and multiplying it by its relative position inside the key (e.g. for key = ‘abe’ we have K ≡ (1, 4, 15)). (2) By means of the vector K (i ), the parameter a1 is   L  a1 = Ki + L (6) 1

(e.g. for key = ‘abe’ we have a1 = 23). (3) By means of the vector K i , the parameter c1 is c1 =

L

Ki

(7)

1

(e.g. for key = ‘abe’ we have c1 = 60). (4) The parameter x01 is equal to the following ratio between the minimum and the maximum value of the key:

 K max x01 = Int +1 (8) K min + 1 (e.g. for key = ‘abe’ we have x01 = 8).

(5) The parameter a2 is equal to c1 divided by the key length; so it is a sort of geometric mean of the key’s values (meaning by key’s values the character’s ASCII value multiplier for its related position). The difference is based on the absence of the square root, due to the necessity to have numbers that are not too small:
 L i=1 K i · i (9) a2 = Int L (e.g. for key = ‘abe’ we have a2 = 20). (6) The parameter c2 is equal to a1 divided by its key length multiplier; so it is approximately the algebraic mean of the key’s values for itself (meaning by key’s values the character’s ASCII value multiplier for its related position). The approximation is due to the sum also of the length; for this reason it is equal to the algebraic mean +1:   2  L    (10) Ki · i + 1 c2 = Int   i=1 (e.g. for key = ‘abe’ we have c2 = 59). (7) x02 is equal to a relation between the K max and the K min values, just used for x01 : 

K max · (K min + 1) (11) x02 = Int K max + K min (e.g. for key = ‘abe’ we have x02 = 2). This particular mechanism to generate the coefficients means that it is necessary to have the ‘exact’ private key to decode the watermark. We have made a great number of tests to prove this assertion, using different lengths and types of password. The 337

G S Spagnolo et al

Figure 7. Entire sequence of watermarking algorithm.

Figure 8. Partial images and relative reconstructed mark. The ‘Lena’ image is marked using a coefficient α = 0.03. Sized to have the same printed dimension.

338

Content fragile watermarking based on a computer generated hologram coding technique

Figure 9. The drawing ‘The cat’s home’. (a) Drawing watermarked with the writing ‘cat’s home’ using a coefficient α = 0.05; (b) image tampered with: white cat and black cat modified to grey; (c) drawing divided into 16 parts; (d) for each partial image, the recovered watermark and coefficient of correlation between the recovered mark and the mark used in the watermarking procedure.

use of a non-correct password produces an extracted image very similar to random noise. The proposed encryption technique is an alternative solution in relation to the method proposed in [20].

4. Experimental tests In our tests, we have used RGB true colour hosting images with dimension 1024 × 1024 pixels. Each one has been filtered to allow the correct mark insertion. The used marks were black and white images with dimension equal to 256 × 256 pixels (see figure 2). It has to be underlined that we have no limitation in image and mark dimensions; in fact we resize the mark to one-quarter of the width and one-quarter of the height of the hosting image. In our schema we do not use the mark as it is, but the hosting image is marked by means of the encrypted version of the mark. Figure 7 shows the complete scheme of our watermarking algorithm. It is important to recall that this method is more efficient with the increasing of the image and mark dimension. The CGH watermarking technique must be available not only to the full-size image but also to partial ones. This type of

test is performed on the Lena image marked, with the ‘Roma Tre’ university logo, using a coefficient α = 0.04. Figure 8 is the result of the watermark reconstructed from full and partial images. Note that the Lena image and the reconstructed watermark are displayed with the same dimensions. It is seen in the figure that the reconstructed watermark may be recognized for partial images, although the image quality degrades with a decrease in image size. In this way it has been verified that the watermark can still be reconstructed from the partial images by means of the CGH watermarking technique. In other words, with the proposed method it is possible to detect the parts of the image which have been replaced or modified; the watermark information of the partial image should indicate evidence of forgery. Figure 9 shows a drawing in which is present a ‘cat’s home’. In this drawing are present, among others, a white cat at the centre of the drawing and a black cat in the bottom right corner. The drawing was watermarked with the writing ‘cat’s home’ (figure 9(a)) using a coefficient α = 0.05. Subsequently, the image was tampered with; in particular, the colours of the white and black cats were modified to grey (see figure 9(b)). In order to identify the presence and the zones of tampering, the image was divided into 16 parts, each one with size of 256 × 256 pixels (see figure 9(c)). 339

G S Spagnolo et al

Figure 10. Example of the watermark with a grey-scale image. (a) The original ‘house’ image; (b) the grey-scale mark; (c) the watermarked ‘house’ image; (d) the recovered mark.

The mark was recovered by each partial image. Lastly, for each part, the coefficient of correlation between the recovered mark and the one used for watermarking the hosting image was calculated (see figure 9(d)). It is possible to see that the modified image parts (3B, 3D and 4D) present a less clear recovered mark and a lower correlation coefficient. This example shows that the technique is suitable for identifying the tampering. In fact, the normal oscillations of the correlation coefficient are lower than the changes induced by the tampering (even when this affects a small zone of the partial image (see partial image 3D)). The method proposed in this paper is applicable not only to bitmap watermarks but also to grey-scale images. In figure 10 the grey-scale photograph of one of the authors (figure 10(b)) is used as a mark to watermark the ‘house’ image (figure 10(a)). According to the same procedure as previously described, the diffused-type Fourier-transformed hologram was superposed upon the content image using a coefficient α = 0.15; the resulting pattern is figure 10(c). The mark recovered from it is shown in figure 10(d), demonstrating the applicability of the technique presented here for hiding a grey-scale mark. It is possible to note that the ‘invisibility’ of the mark is increased if we use as a mark a grey-scale image. In figure 11 a part of the ‘Lena’ image watermarked with the bitmap ‘Rome Tre’ university logo and with the grey-scale author photograph is shown. 340

Observing the figure, it can be seen that the watermarked image using a grey-scale mark (figure 11(a)) is more like the original image (figure 11(b)) than the watermarked image using a bitmap mark (figure 11(c)). Finally, we tested the robustness of the proposed encryption method. In figure 12 we show an example of decryption with a correct private key and two wrong keys. Figure 12(a) shows the hosting image (‘Mountain’) marked with the ‘Roma Tre’ university logo. The encryption is performed using the password ‘JOPA2005’. Figure 12(b) shows the decrypted recovered mark, using the correct private key. Figure 12(c) shows the decryption of the recovered mark using the incorrect password ‘JOPA2004’. Figure 12(d) shows the decryption using a random password ‘A7XC64BZ’. It is possible to note that useable information could not be retrieved without the correct key. In fact, the images extracted using the wrong keys are similar to random noise (no information about the original mark could be obtained).

5. Conclusion We have presented fragile watermarking based on a computer generated hologram coding technique, with a new cryptographic approach, dedicated to the intrinsic characteristics of the CGH holograms. The proposed approach is based on a symmetric key algorithm, with the two involved persons knowing the secret key.

Content fragile watermarking based on a computer generated hologram coding technique

Figure 11. The ‘Lena’ image watermarked using a grey-scale ‘author’ mark and a grey-scale ‘Roma Tre’ university logo. Both the watermarks were made using the same α = 0.20 parameter. (a) ‘Lena’ watermarked with a grey-scale mark; (b) the original ‘Lena’ image; (c) ‘Lena’ watermarked with a bitmap mark.

Figure 12. (a) The ‘Mountain’ image using the grey-scale ‘Roma Tre’ university logo as the mark and encrypted using ‘JOPA2005’ as the private key; (b) the recovered mark using the correct private key; (c) the recovered mark using the wrong ‘JOPA2004’ private key; (d) the recovered mark using the wrong random private key.

The proposed method is suitable for marking images, such as medical databases or databases of fingerprints, to avoid fraudulent tampering. In general, the method is suitable for image authentication with application in law, commerce, defence, and journalism. In fact, cropping resistant, geometrical transformation, brightness/contrast modification are derived from the holographic characteristics of the proposed schema. Unfortunately, the method is not suitable for the authentication of images exchanged by internet. In fact, in transmission by the internet, an image distorted by common image processing, such as ‘lossy compression’ JPEG, must be accepted. In our method, when the watermarked images undergo a JPEG compression the watermark is destroyed. The CGH watermarking can work with tiff images compressed LZW but not with JPEG compression. Further studies are necessary to make the system suitable for authentication of images exchanged by the internet. It has to be noted that this method increases its ‘watermarking efficiency’ quadratically with the hosting image dimensions. Simultaneously, the encryption method also becomes more efficient with the increase of the mark image dimensions; in fact, the greater the mark image dimensions, the more the encryption space increases, making brute force attack more difficult. The limitation actually encountered in this topic is the intrinsic impossibility to apply a pure substitution method to the F-CGH. In fact the reconstructed mark image is similar, but not equal, to the embedded one. For this reason it is impossible using a substitution table, such as the AES method, to substitute the encrypted CGH amplitude values with a different value

(e.g. if the i th pixel has value 125, if we substitute this value with 56, it is necessary to extract in the reconstruction phase exactly the value 56, but in our solution we can extract, for instance, the value 78, so the decoding is not possible). This limitation has not permitted us to simply apply the AES or the similar well known public key encryption method to F-CGH. Therefore, further studies must be started to develop encryption methods with a public key. The goal is to realize a watermarking method with a private code, but having the possibility to authenticate it with a published key.

References [1] Yeung M and Mintzer F 1998 Invisible watermarking for image verification J. Electron. Imaging 7 578–91 [2] Ahmed F and Moskowitz I S 2004 Correlation-based watermarking method for image authentication applications Opt. Eng. 43 1833–8 [3] Mintzer F, Braudaway G and Yeung M 1997 Effective and ineffective digital watermarks Proc. IEEE Int. Conf. on Image Processing (Santa Barbara, CA, Oct. 1997) pp 9–12 [4] Mintzer F, Braudaway G and Bell A 1998 Opportunities for watermarking standards Commun. ACM 41 57–64 [5] Friedman G 1993 The trustworthy digital camera: restoring credibility to the photographic image IEEE Trans. Consumer Electron. 39 905–10 [6] Yeung M M, Yeo B L and Holliman M 1998 Digital watermarks shedding light on the invisible IEEE Micro 32–41 [7] Yeo B L and Yeung M M 1999 Watermarking 3D objects verifications IEEE Comput. Graphics Appl. Image Security 36–45 [8] Lee W R 1970 Sampled Fourier transform hologram generated by computer Appl. Opt. 9 639–43

341

G S Spagnolo et al

[9] Lee W R 1974 Computer generated holograms: techniques and applications Progress in Optics vol 16 (Amsterdam: North-Holland) pp 121–231 [10] Aoki Y 2001 Watermarking technique using computer-generated holograms Electron. Commun. Japan 3 84 21–31 [11] Croce Ferri L 2001 Visualization of 3D information with digital holography using laser printers Comput. Graphics 25 309–21 [12] Dittmann J, Croce Ferri L and Vielhauer C 2001 Hologram watermarks for document authentications IEEE Int. Conf. on Information Technology: Coding and Computing (Las Vegas, NV, April 2001) (Los Alamitos, CA: IEEE Computer Society Press) pp 60–4 [13] Croce Ferri L, Mayerh¨ofer A, Frank M, Vielhauer C and Steinmetz R 2002 Biometric authentication for ID cards with hologram watermarks Proc. SPIE 4675 240–51

342

[14] Takai N and Mifune Y 2002 Digital watermarking by a holographic technique Appl. Opt. 41 865–73 [15] Gonzalez R C and Woods R E 2002 Digital Image Processing 2nd edn (Englewood Cliffs, NJ: Prentice-Hall) [16] Ramirez R W 1985 The FFT Fundamentals and Concepts (Englewood Cliffs, NJ: Prentice-Hall) [17] Schirripa G, Simonetti C and Cozzella L 2004 Fragile digital watermarking by synthetic holograms Proc. SPIE 5615 173–82 [18] NIST FIPS 197 Advanced Encryption Standard 26 Nov 2001 [19] Pickover C A 1995 Key to Infinity (New York: Freeman) chapter 31 (Computers, Randomness, Mind, and Infinity) pp 233–47 [20] Cai L, He M, Liu Q and Yang X 2004 Digital image encryption and watermarking by phase-shifting interferometry Appl. Opt. 43 3078–84