Sep 3, 2011 - School of Computer Science and Engineering, Beihang University, Beijing, 100191, .... scheme for image tamper detection and recovery.
A novel self-recovery fragile watermarking scheme based on dual-redundant-ring structure Chunlei Li1,2 , Yunhong Wang1 , Bin Ma1 , Zhaoxiang Zhang1 1. School of Computer Science and Engineering, Beihang University, Beijing, 100191, China 2. School of Electronic and Information Engineering, Zhongyuan University of Technology, ZhengZhou, 450007, China
Abstract In this paper, we propose a novel self-recovery watermarking scheme based on dual-redundant-ring structure (DRRS). All blocks of target image form a ring in a manner that the watermark of an image block is hidden in 1-LSB (Least Significant Bit) of its next block N1 , and the copy of this watermark is embedded into 2-LSB of another block whose position is determined by the position of N1 . The validity of test image block is determined by comparing the number of inconsistent blocks in the block-neighborhood with that of its mapping block. Other detection result is generated in the same way comparing test block with copy block of its next block. The fusion of two detection marks improves tamper detection accuracy, while two copies of watermark provide a second chance for tamper recovery. Experimental results demonstrate that the proposed algorithm is superior to the state of the art of tamper detection and tamper recovery and could keep high security strength. Keywords: Fragile watermarking; dual-redundant-ring; tamper detection; self-recovery; security analysis 1. Introduction With the rapid development of information technologies, digital images are more frequently used rather than their hard copies. Unfortunately or fortunately in other sense, this digitalization leads to the fact that digital media can be easily modified. To reckon with this problem, extensive methods have been reported on how to prevent digital media from copying or Preprint submitted to Computers & Electrical Engineering
September 3, 2011
tampering, and redistributing them in original forms. Among the reported methods, cryptography-based methods are merely effective for verifying whether target images have not been tampered or come from extract sender, while digital watermarking methods, opposed to their pure cryptographic counterparts, could enable not only verification of image tamper, but also recovery of tampered image region. The self-recovery watermarking scheme can be classified as fragile or semifragile. A self-recovery fragile watermark is designed to be easily destroyed even if the watermarked image is modified in the slightest manner, and can recover the damaged region using its embedded watermarks [1-18]. On the other hand, self-recovery semi-fragile watermarks are more robust than fragile ones and less sensitive to classical user manipulations. Hence, semi-fragile watermarks are capable of distinguishing content-preserving (innocuous) operations, e.g., JPEG compression, from malicious manipulations [19-21]. It is used to detect malicious manipulation, and recover the damaged content. However, the recovered image is of low quality. In this paper, we put our attention on self-recovery fragile watermarking schemes for which the issues of tamper detection and self-recovery are well defined. In 1999, Fridrich et al. [11] proposed a self-embedding fragile watermarking scheme, in which test image is divided into blocks, then DCT transform has been applied on these blocks. The principal DCT coefficients of image blocks are coded to generate authentication data. Then a watermark is embedded for verifying the integrity of image and the recovery of tampered region. The reported method introduces the block-wise dependency, and makes self-embedding watermarking schemes invulnerable to vector quantization (VQ) counterfeiting attack [22] and collage attack [23]. However, this strategy has two deficiencies: 1) the block-mapping sequence is generated using a fixed offset, thus the attacker could easily obtain the information of block-mapping sequence. Then, via the obtained sequence information, watermark can be circumvented, leading to undetected image modification [11]. 2) The accuracy of tamper detection is low when a large proportion of image is tampered. In order to solve the aforementioned problems, Lin et al. [18] came up with a hierarchical digital watermarking method for tamper detection and recovery. It adopted parity check and intensity-relation check (i.e., the 2bit authentication watermark) to determine the legitimacy of image block and the hierarchical structure to improve the tamper detection rate. However, Lin’s method [18] is also ineffective when the host image is attacked 2
by the collage attack. Moreover, this method is vulnerable to the constantaverage attack and a kind of dictionary attack proposed by Chang et al. [25]. He et al. [12] proposed a self-recovery fragile watermarking scheme using block-neighborhood tampering characterization. The proposed method outperforms conventional self-recovery fragile watermarking algorithms in terms of tamper detection and tamper recovery under various attacks. However, in order to improve the accuracy of tamper detection and the quality of the recovered image, the proposed method divides test image into blocks with size of 2 × 2, leading to a low security strength (SS) [24], and therefore could brings related security flaws. To tackle this problem, in a refined work [13], an adjacent-block based statistical detection method (ABSD) is proposed. In the reported work, a random sequence is used to generate the block-mapping sequence for watermark embedding, in which all adjacent blocks of test block and the mapping block have been taken into account and then a statistic-based rule to determine the validity of test image blocks has been employed. The method has an improved performance for tamper detection while security is maintained. However, the reported work still has some drawbacks, namely, when tampered region is large, image block and its mapping block may be tampered simultaneously, so tampered image block cannot be recovered. In this sense, the quality of recovered image could not be guaranteed. For this dilemma, Lee et al [14] proposed a dual watermark scheme for image tamper detection and recovery. The scheme maintains two copies of watermark of test image, providing a second recovery chance in the case of one copy is destroyed. The reported dual watermark scheme can significantly improve the quality of recovered image. However, due to the block-wise independence of authentication data, the scheme is vulnerable to vector quantization (VQ) attack and collage attack [22] [23]. As for the aforementioned problems of tamper detection and tamper recovery, a novel self-recovery fragile watermarking scheme based on a dualredundant-ring structure is proposed in this paper. The proposed block-wise dependency and redundant embedding scheme could improve the accuracy of tamper detection and the quality of recovered image while keeping security strength. 2. Dual-redundant-ring structure The self-embedding watermarking scheme is block-wise dependent in sense that if one image block suffers from tampering, the image block and its map3
X I (k
X I (k )
X I (k
1)
2)
2-LSB
2-LSB
X I (i )
wI (i )
X I ( i 1)w I (i
X I (i 2)w I (i
1)
1-LSB
2)
1-LSB
...... Figure 1: Dual-redundant-ring structure
ping block are marked invalid simultaneously, which will increase the false alarm probability. For this problem, we propose a self-recovery fragile watermarking scheme based on dual-redundant-ring structure. This scheme is illustrated in Fig.1. Where XI(i) represents target image block, and watermark WI(i) is generated from the 6-MSB (Most Significant Bit) of XI(i) . All image blocks form a ring in a manner that WI(i) of XI(i) is hidden in the 1-LSB of the following block XI(i+1) , while watermark WI(i+1) is embedded into the 1-LSB of the following block XI(i+2) . This manner continues until the last watermark has been embedded to XI(i) . For increasing the tamper recovery probability, WI(i) is also embedded in XI(k+1) which is actually a duplication of XI(i+1) . For verifying the validity of test block XI(i+1) , the number of inconsistent blocks among the 3 × 3 block-neighborhood of XI(i+1) is checked with the corresponding one of the mapping block XI(i+2) . The other detection result is generated in the same way by comparing the test block with the duplication of its following block. The fusion of the two detection results improves the accuracy of tamper detection, while the two watermark copies improve the recovery quality.
4
3. Self-recovery fragile watermarking scheme The proposed watermarking scheme consists three parts including watermark embedding, tamper detection and tampered image recovery. 3.1. Watermark Embedding Fig.2 gives the illustration of embedding process, which could be divided into the following sub-processes: DCT & Quantization & encoding
Image partition Original Image
W Secret key
Watermark embedding
Dual-redundant-ring
Watermarked image
Figure 2: Watermark embedding process
1) Partition host image X into blocks with size of 8 × 8. Set the 1-LSB and 2-LSB of image block XI(i) as zeros, which are also used as the positions for watermark embedding. Then, the modified X I(i) can be used to embed two 64-bits watermarks.
7 6 5 4 3 0 0 0
6 6 4 3 0 0 0 0
5 4 4 0 0 0 0 0
4 3 0 0 0 0 0 0
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
Figure 3: Distribution of code-length
2) Transform image block XI(i) into the frequency domain by discrete cosine transform (DCT), and then quantize the DCT coefficients according 5
to the JPEG quantization table using a predetermined quality factor Q. The quantized DCT coefficients can be denoted as C = {c1 , c2 , · · · , cN }, and the j th coefficient of the image block X I(i) is denoted as cI(i) (j) with each block of DCT coefficients arranged in zigzag order from low-frequency to high-frequency. The encoding of the first 14 coefficients and the code-length of each coefficient could be shown as Fig.3 [13], then these coefficients are encoded and encrypted by a secret key K1 for generating a 64-bits watermark, denoted as WI(i) . The encryption improves the security, making it harder to obtain the search condition of dictionary attack without secret key [25]. 3) Embed the watermarks based on dual-redundant-ring. For each image block X I(i) , a 64-bits watermark WI(i) is generated in aforementioned manner, and embedded into the 1-LSB of WI(i+1) and the 2-LSB of WI(k+1) where the index I is generated in the following steps. Step 1. A random sequence B = {b1 , b2 , · · · , bN ) of length N is generated by the following chaotic map [26]. bn+1 = (1 + 0.3 × (bn−1 − 1.08) + 379 × b2n + 1001 × zn2 )mod3
(1)
the sequence is non-periodic, non-convergent, and very sensitive to the initial value. Where the initial values of b0 and b1 are respectively set as k0 and k1 and zn denotes a logistic chaotic map with its initial value z0 set as k2 . Then the secret key of the watermarking algorithm is formulated as follows: K2 = {k0 , k1 , k2 }, {k0 , k1 } ∈ (1.5, 1.5), k2 ∈ (0, 1). In this paper, the secret keys k0 and k1 and k2 are set to 1.23, 0.43, and 0.53, respectively. Step 2. Obtain the index sequence A = {a1 , a2 , · · · , aN }, satisfying ba1 ≤ ba2 ≤ · · · ≤ baN , by sorting B = {b1 , b2 , · · · , bN }. Step 3. Set the index I(i) of the image block XI(i) as I(i) = ai , i = 1, 2, · · · , N , then the index of its mapping block is I(i + 1) = ai+1 . For a tampered image, if the block XI(i−1) and XI(i) are tampered simultaneously, XI(i−1) cannot be recovered using the watermark WI(i−1) embedded into XI(i) . Because XI(k) is the copy block of XI(i) , the watermark embedded in XI(k) can be used for recovering the tampered block XI(i−1) . However, if XI(k) is also tampered, recovery will fail. In order to reduce the probability of simultaneous tamper of XI(i) and XI(k) , the distance between them should be kept as far as possible. The index I(k) can be calculated as follows: I(k) = mod((N/2 + I(i)), N )
(2)
where N is the number of image blocks. The embedding equation for each 6
pixel can be written as follows: Yi,j = 2 × ⌊Xi,j /2⌋ + Wi−1,j , i = 1, 2, · · · , N.j = 1, 2, · · · , 64 Yi,j = 4 × ⌊Xk,j /4⌋ + 2 × Wk−1,j + mod(Xk,j , 2), k = 1, 2, · · · , N.j = 1, 2, · · · , 64
(3)
(4)
The quality metrics commonly used for watermarked image include Signal to Noise Ratio (SNR), Peak Signal to Noise Ratio (PSNR), Mean Square Error (MSE) and Watson Distance (WD). In this paper, Peak Signal to Noise Ratio (PSNR) is used as follows: P SN R = 10log10 [b/M SE] (5) ∑ 2 i,j [f (i, j) − fw (i, j)] M SE = (6) M ×N where b is the square of the maximum value of the signal. In this study, i.e. image intensity is of 8 bits format, so b = 2552 . Due to the embedded watermark in 1-LSB and 2-LSB of test image, the probabilities of ”0” and ”1” are equal to 0.5 for any bit plane. After the watermark embedding, the probability of ”0” changed to ”1” is 0.5 with the equal probability of ”1” changed to ”0”. If there is any bit changed, the corresponding changed value of 1-LSB and 2-LSB is 20 and 21 , respectively. So, the pixel intensity disparity of the original image and the watermarked image can be written as follows: |xw (i, j) − x(i, j)| = (0.52 + 0.52 ) × 21 + (0.52 + 0.52 ) × 20 = 1.5
(7)
Correspondingly, PSNR of watermarked image is give as follows: P SN R = 10log10 [b/M SE] = 10log10 (2552 /1.52 ) = 44.61db
(8)
3.2. Tamper detection Watermark extraction can be considered as the inverse process of watermark embedding. Let Y ∗ represents the test image, which can be a tampered ∗ watermarked image or untampered one. For each test image block YI(i) , map∗ ∗ ∗ ping block YI(i+1) and copy block YI(k+1) of YI(i+1) can be obtained by using ∗ the dual-redundant-ring generated by secret key K2 . Watermark WI(i) gener∗
∗
∗ ated from YI(i) is compared with two watermarks W 1 I(i) and W 2 I(i) which are
7
extracted from the two mapping blocks, then two tamper detection masks T1 and T2 are generated according to verification. The final tamper detection T can be obtained by fusion of the two masks. The verification process is shown in Fig.4. and can be described as follows: YI*(i
Extracting watermark
1)
* I (i )
*
W 1 I (i ) Compare
Y
YI*( k
DCT&quantizatio n&encoding
WI*(i )
Extracting watermark
W 2 I (i )
*
1)
Compare
d I1(i )
d I2( i )
TI1(i ) Postprocessing Postprocessing
TI2( i )
Fusion
TI (i ) Detection result
Figure 4: Watermark extraction and verification
More specifically, the verification process contains the following steps. 1) For each image block, the extraction of two 64-bits watermarks could be formulated as follows. ∗
∗ w1 I( i),j = mod(yI(i+1),j , 2), i = 1, 2, · · · , N, j = 1, 2, · · · , 64 ∗
∗ w2 I( i),j = mod(⌊yI(k+1),j , 2⌋), i = 1, 2, · · · , N, j = 1, 2, · · · , 64
(9) (10)
2) After the aforementioned watermark extraction, for each image block, two detection indicators could be calculated as follows: { ∗ ∗ 1, if WI(i) = W 1 I(i) 1 sI(i) = (11) 0, otherwise { s2I(i)
=
∗
∗ 1, if WI(i) = W 2 I(i) 0, otherwise
(12)
Consisting of both s1I(i) and s2I(i) , two tamper detection masks T10 and T20 could be generated. 3) Optimize T10 and T20 using 8-neighborhood characterization. The optimization result can be written as follows: { 1, if (d1I(i) = 1)&(m8I(i) ≥ m8I(i+1) ) 1 (13) dI(i) = 0, otherwise 8
{ d2I(i)
=
1, if (d2I(i) = 1)&(m8I(i) ≥ m8I(k+1) ) 0, otherwise
(14)
where m8I(i) is the number of ”1” in the 8-neighborhood of XI(i) . As shown in Eq.(13) and Eq.(14), the inconsistent block is marked as tampered if the block-neighborhood characterization is more than or equal to that of its mapping block. Otherwise, the inconsistent block is genuine. 4) Count the number of the blocks in their 9-neighborhood where dI(i) = 1, if the number is larger than or equal to 4, then indicating the block is tampered. { ∑ 1, N9 (dI(i) ) ≥ 4 tI(i) = (15) 0, otherwise ∑ where N9 (dI(i) ) denotes the number of inconsistent blocks in the 9-neighborhood ∗ of YI(i) . Then two detection masks T12 and T22 are generated. Table 1: AND operator: t3 = t1 &t2
t1 t2 t3
0 0 0
0 1 0
1 0 0
1 1 1
5) Fuse the two tamper detection results. The fusion equation is represented as follows: T = T12 &T22 (16) where T is the final detection result. ’&’ represent AND operator, which can be explained in Table 1. 3.3. Tampered image recovery After tamper detection, all image blocks are marked as valid or invalid. The invalid blocks need to be recovered; the recovery is shown in Fig.5. 1) According to the result of verification, image blocks are classified into two classes: tampered blocks and un-tampered blocks. We mark the tampered blocks with id ”1”, and un-tampered blocks with id ”0”. ∗ 2) For test image block YI(i) , if the image block is marked as invalid, we ∗ verify its mapping block YI(i+1) . If the image block is valid, the watermark ∗
∗ . W 1 I(i) is extracted from its 1-LSB. Otherwise, we verify image block YI(k+1) ∗
If the image block is valid, its watermark W 2 I(i) is extracted from 2-LSB; otherwise, we set the value of all pixels in this image block to 128. 9
∗
∗
3) Using extracted watermark W 1 I(i) or W 2 I(i) , approximately reconstruct ∗ ∗ tampered image YI(i) , noted as YeI(i) . Tested Image block
YI(i)*Tamper
Y
YI(i+1)*Tamper N
N
*
Y
*
YI(k+1) Tamper
Y I (i )
128
N
Extract watermarking *
Extract watermarking *
W 2 I (i )
W 1 I (i ) Decoding&IDCT
Decoding&IDCT
*
Y I (i ) Figure 5: Tamper recovery
4. Security strength and computational complexity analysis 4.1. Security strength analysis Security plays an important role in fragile watermarking techniques, which refers to ”the inability by unauthorized users to manipulate the watermarked authentic image without being detected” [6][27]. The measure of the success forgery probability (SFP) introduced in [24] is adopted in this study to evaluate security strength (SS) under exhaustive search (ES) attack. SFP represents the probability that a manipulated image block is undetected by a verification system. Here we define SFP as follows: SF P =
1 Ns
(17)
where Ns is the size of search space for an image block. In order to forge an image block, the attackers must get the information of encrypted watermarks generated from image block and embedding position. Watermark with m-bits has N possible combinations, and the corresponding embedding position has 2m possibilities ( N is the number of the image block). As a result, without
10
the secret keys, attacker needs 2m × N attempts to traverse the entire search space, meaning Ns = 2m × N . In [12], image is divided into the 2 × 2 image blocks, the 8-bits feature of image block Xi consists of 6-bits recovery and 2-bits key-based data. And the feature is encrypted to generate an 8-bits watermark. Watermark is embedded into the last two LSBs of its mapping block whose position is selected by a secret key. In order to forge an image block, for an image block, one at most will take 28 × N attempts ( N is the number of image blocks). As a result, SFP of the proposed scheme under the ES attack is described as follows: 1 SF P 1 = 8 (18) 2 ×N In ABSD method [13], image is split into image blocks with size of 8 × 8, and a 64-bits feature of image block Xi is encrypted to a 64-bits watermark. Then the watermark is embedded into the 1-LSB of its mapping block whose position is selected by a secret key. For an image block, an exhaustive search would take 264 × N attempts (where N is the number of the image blocks). The corresponding SFP is calculated as follows: SF P 2 =
264
1 ×N
(19)
In [14], image is divided into 2×2 image blocks, the joint 12-bit watermark of block A and its partner-block B is embedded into two mapping blocks. The joint 12-bits watermark of block A and B is shown in Fig.6. where the Five MSBs of avg_A a7
a6
a5
a4
Five MSBs of avg_B
a3
a2
a1
a0
D�
D�
D�
D�
D�
E�
E�
E�
b7
b6
b5
b4
E�
E�
S
Y
b3
b2
b1
b0
12-bits watermark for block A and B
Figure 6: Generated watermark
parity-check bits p and v are generated as follows: p = a7 ⊕ a6 ⊕ a5 ⊕ a4 ⊕ a3 ⊕ b7 ⊕ b6 ⊕ b5 ⊕ b4 ⊕ b3 11
(20)
{ v=
1, if p = 0 0, otherwise
(21)
A 12-bits watermark is embedded into three LSBs of their mapping blocks. During the procedure of tamper detection, the watermark information is extracted from the image block, and the parity-check bits p and v could be obtained from the watermark. Then the tamper detection can be determined by comparing p with v. Because the detection procedure is content independent, we can only modulate p and v to satisfy Eq.(20) and (21). So the forged image blocks cannot be detected by the verification system. Therefore it only takes one trial to forge an image block, the SFP of the proposed scheme under the ES attack is 1, SF P 3 = 1. For our DRRS method, image is split into image blocks with size of 8 × 8, the 64-bits feature of image block Xi is encrypted to generate 64-bits watermark. And the watermark is embedded into the 1-LSB of its mapping block and the 2-LSB of the other mapping block. To forge an image block, an exhaustive search would take 264 × N × 264 × N attempts at most, where N is the number of the image blocks. So the SFP could be written as follows: 1 1 = 264 × N × 264 × N 2128 × N 2 According to the above analysis, we can get the following inequality: SF P 4 =
SF P 4 < SF P 2 < SF P 1 < SF P 3
(22)
(23)
The smaller SFP of the verification system indicates stronger security strength [28]. Therefore, our method has the highest security strength. Wong [29, 30] pointed that it is safe when the tries of exhaustive search (ES) attack above 264 . Our DRRS method and ABSD method [13] satisfy safety requirements. 4.2. computational complexity analysis Let the size of the image be M ×N , the computational complexity of each component in the embedding process is analyzed as follows: DCT transform, the computational complexity is O(nlogn); DCT coefficients quantization, suppose t to be the computational complexity for quantizing a coefficient, then quantize all the coefficients among an image block needs 7 × t; the random position sequence with length Nb generation, the computational complexity is O(Nb2 ); authentication watermark embedding into the last two 12
LSBs, the computational complexity is 2 × M × N . Then the computational complexity of the proposed method can be written as follows: f (N ) = O(nlogn × 7 × t × Nb + Nb2 + 2 × Nb + 2 × M × N )
(24)
where n × n is the size of image block, Nb is the number of image blocks. The extraction process involves similar steps and hence the complexity of the extraction process is also f (N ). All the experiments have been implemented on Matlab2010b, and the processor is Pentium IV running at 2.4G with 4G RAM. For an image with size 512 × 512, the embedding process costs less than 6.7s, and tamper detection and recovery cost 3.98s. Therefore, we can deploy it online. 5. Experimental results According to the above analysis, our proposed DRRS method and ABSD method [13] satisfy safety requirements. In this section, we present the performance comparison of the two methods on tamper detection and tampered image recovery. 5.1. Tamper detection For quantitative evaluation, two measures, i.e. the false acceptance rate (Rf a ) and the false rejection rate (Rf r ), are introduced to evaluate the performance of tamper detection. Rf a = (1 − Ntd /Nt ) × 100%
(25)
Rf r = Nf d /(N − Nt ) × 100%
(26)
where Nt is the number of tampered blocks, Ntd is the number of correctly detected tampered blocks, Nf d is the number of valid blocks falsely detected . In the ideal situation, the values of both Rf a and Rf r should be zero for different tamper ratios [13]. A set of images is chosen in our simulations, which comprises 8 images of size 512 × 512, as shown in Fig.7. The average PSNR is 44.26dB, which is approximate with the result of Eq.(8). Suppose the proportion of tampered region a is in [0.01, 0.8] with the interval of 0.01. For each a, we carry on random region tampering for 20 times. The mean value of Rf a and Rf r are shown in Fig.8. From this figure, it could be found that Rf a of both methods 13
(a)
(e)
(b)
(f)
(c)
(d)
(g)
(h)
Figure 7: Test images ( 512 × 512 ) used in our experiments: (a) Lena (b) Pepper (c) sailboat (d) couple (e) Elaine (f) trunk (g) mandrill (h) ship (all images are from USCSIPI)
increases gradually with the growing tamper ratio and maintains a low level (less than 5%). The curve of Rf a of ADSD method is below our DRRS method’s, while the difference is small, indicating that the two methods have good performance at false acceptance rate. However, the Rf r of ABSD method is higher than our DRRS method’s, especially when the tampered region is large. When the tamper ratio is up to 80%, the Rf r of ABSD method is nearly 27%, while the corresponding one of our DRRS method is only 15%. As we know, when the tampered region is large, the number of un-tampered image blocks that can be used for recovery is small. If the Rf r is high, some un-tampered image blocks are wrongly marked as tampered, making the embedded watermarks unavailable to be utilized. Otherwise, with lower Rf r , we can make better use of the un-tampered image blocks to recover the tampered image. Hence, our DRRS method obtains higher quality of recovered image than ABSD method. 5.2. Tampered image recovery Fig.9 gives the recovery performance of the tampered region, where the x-axis represents the tamper ratio in [0.01, 0.8] with the interval of 0.01, and 14
0.35
3000
0.3
Probability(%)
0.25
Un−recovered block number
Rfa(DRRS) Rfa(ABSD[13]) Rfr(DRRS) Rfr(ABSD [13])
0.2 0.15 0.1 0.05 0
0
20
40 Tamper ratio(%)
60
2000 1500 1000 500 0
80
Figure 8: FAR and FRR
DRRS ABSD [13]
2500
0
20
40 Tamper ratio(%)
60
80
Figure 9: Un-recover image blocks number
the y-axis is the number of un-recover image blocks of tampered region. The image with the size of 512 × 512 is split into 4096 blocks with size 8 × 8. Under a given tamper ratio, the quality of recovered image will decrease with the increase of un-recovered image block number. It is evident that the un-recover image blocks number in our DRRS method is smaller than the one obtained by ABSD method. When the tampered ratio is up to 50%, our method has approximately 400 un-recovered image blocks, while the number of ABSD method is up to nearly 1000. In this paper, PSNR is used as the metrics of the recovered image quality. In Fig.10, we give the PSNR of the recovered image using our DRRS method and ABSD method. From this figure, we can observe that the recovered image PSNR of ABSD method is higher than our method when the tamper ratio below 10%, because ABSD method uses the 7-MSB of the pixels to generate the watermark, while we only apply 6-MSB. But with the increase of the tampered ratio, the PSNR of our method becomes higher than ABSD method. Moreover, Fig.12 gives the performance of tamper detection and image recovery at the given tampered ratios. It can be observed that our DRRS method outperforms ABSD method in term of the accuracy of tamper detection over the increased the tamper ratio. When the tamper ratio is 20%, both methods approximately have the same Rf r . However, when the tamper ratio is up to 60% and 80%, we find that many un-tampered image blocks have been marked as tampered in ABSD method, while our method has very low Rf r . The recovered images approximately have the same quality when the tamper ratio equals to 20% while with the increase of tampered 15
55
90 ABSD [13] DRRS
45 40 35 30 25 20 15
Tamper image ABSD [13] DRRS
80 Recognition ratio (%)
PSNR of recovered image
50
70 60 50 40 30 20
0
20
40 Tamper ratio (%)
60
10
80
Figure 10: PSNR of recovered image
0
10
20
30 40 50 Tamper ratio (%)
60
70
Figure 11: Recognition ratio of recovered face image
region. When tamper ratio is up to 60%, the quality of recovered image using ABSD method decreases quickly. Our method can nearly recover all tampered blocks except some blocks located in the boundary of tampered region. When the tamper ration is up to 80%, the recovered image using ABSD method is totally destroyed. However, our DRRS method can still recover the general appearance of the original image. The following experiments are conducted on the FERET face database [31]. We selected 500 people from the FERET database, with two face images (FA/FB) for each person, and they are scaled to the size of 128×152. The FA set is used as the refer set, and FB set is selected as the test set. We tamper the test set under different ratio from 10% to 70%, and recover the face images using ABSD method and our proposed method, respectively. In order to validate the quality of recovered face image, we extract the PCA feature (64 coefficients), and calculate the recognition ratio using NN classifier. The recognition ratio is depicted in Fig.11, and the x-axis represents the tamper ratio from 10% to 70%, the y-axis is the recognition ratio. From the figure, we can see that the recognition ratio of tampered face image decreases with the tamper ratio increase. Using ABSD method and our proposed method, the tampered face image can be recovered to a certain extent. Meantime, when the tamper ratio is above 30%, the recognition ratio of our method is above ABSD method. Moreover, the tamper detection and recovery of a given face is depicted in Fig.13. We can see that our DRRS method outperforms ABSD method. Even if tamper ratio is up to 70%, we can recognize the face image identity. 16
(a)
(b)
(c)
(d)
(e)
(f)
(g)
(h)
(i)
(j)
(k)
(l)
(m)
(n)
(o) (p) ABSD [13] DDRS Tamper ratio (20%)
(q) (r) ABSD [13] DDRS Tamper ratio (60%)
(s) (t) ABSD [13] DDRS Tamper ratio (80%)
Figure 12: Tamper detection and recovery: the first row is the original Lena image and elaine image, the second row is the tampered image under the tamper ratio 20%, 60% and 80%, respectively, the third row is the tamper detection using ABSD method and DRRS method, the last row is the recovered image.
17
Figure 13: Tamper detection and recovery of a face image: the first row is the tampered face image with tamper ratio from 10% to 70%; the second row is the tamper detection result by ABSD method; the third row is its recovered result; the fourth row is the tamper detection result by our DRRS method; the last row is recovered result by our method.
18
5.3. Collage attack In this subsection, we give the effect of collage attack on ABSD method, Lee’s method [14] and our DRRS method. Two images, ’Lena’ and ’elaine’, both with the size of 512 × 512, are watermarked using the same secret key. The watermarked images are shown in Fig.14 (a) and Fig.14 (b), respectively. We replace a patch of ’Lena’ image with the same size patch of ’elaine’ image, and the result is shown in Fig.14(c). The detection result of Lee’s method [14] is shown in Fig.14 (d). Fig.14 (e) is the detection result of ABSD method while Fig.14 (f) is the detection result of our method. According to the detection result, we can conclude that the method of Lee’s method [14] cannot detect the forged watermarked image, which is vulnerable to collage attack. This is due to the fact that the detection procedure is content-independent. Our proposed method and ABSD method can localize the tampered region under collage attack. Fig.14 (g), Fig.14 (h) and Fig.14 (i) give the recovered image using the three methods, respectively. ABSD method and our DRRS method can efficiently recover the forged region, and our method has higher image quality.
(a))
((b))
(c)
(d)
(e)
(f)
(g)
(h)
Figure 14: Tamper detection and recovery under collage attack: (a) Watermarked lena; (b) watermarked elaine; (c) tampered image; (d) detected by [14]; (e) detected by ABSD method; (f)detected by DRRS method; (e) recovered by [14]; (g) recovered by ABSD method; (i) recovered by DRRS method.
19
5.4. Only-content-tampering attack Only-content-tampering attack is proposed by Chang et al. [25]. The method only modifies the content of watermarked image, and leaves the watermark bits unchanged. Fig.15 (a) is the watermarked trunk image and Fig.15 (b) is the forged image. Two trunk copies have been added into the watermarked image while the watermarks among the two regions are kept unchanged. The detection results by Lee’s method [14], ABSD [13] and our method are shown in Fig.15 (c), Fig.15 (d) and Fig.15 (e), respectively. Lee’s method [14] cannot detect the forged watermarked image and is vulnerable to only-content-tampering attack. Our DRRS method and ABSD method can localize the tampered region under only-content-tampering attack. Fig.15 (f), Fig.15 (g) and Fig.15 (h) give the recovered image of the three methods, respectively. ABSD method and our DRRS method can efficiently recover the forged image region.
(a)
(b)
(c)
(d)
(e)
(f)
(g)
(h)
Figure 15: Tamper detection and recovery under only-content-tampering attack: (a) Watermarked image; (b) forged image; (c) (e) detected by [14], ABSD method and DRRS method; (f)-(h) recovered by the three methods.
20
6. Conclusions In this paper, we propose a novel self-recovery fragile watermarking scheme based on dual-redundant-ring structure. All blocks of target image form a ring in a manner that the watermark of an image block is hidden in 1-LSB (Least Significant Bit) of its next block N1 , and the copy of this watermark is embedded into 2-LSB of another block whose position is determined by the position of N1 . The validity of test image block is determined by comparing the number of inconsistent blocks in the block-neighborhood with that of its mapping block. Other detection result is generated in the same way comparing test block with copy block of its next block. The main features of the method are summarized below: 1) The redundant ring is generated by a chaotic map, which makes it difficult to obtain the information of the block-mapping sequence and therefore improves the security of the proposed method. 2) The strength security of the proposed method outperforms the stateof-art work. Furthermore, the proposed method can effectively resist the ES attack, collage attack and only-content-tampering attack due to its block dependence feature. 3) The fusion of two tamper detection masks improves the tamper detection accuracy. The Rf a and Rf r are not more than 5%, even if the tamper ratio is up to 70%; 4) Two copies of watermark provide a second chance for block recovery in the case one copy is destroyed. This strategy also improves the quality of the recovered image; Future research includes extending this approach to resist mild distortion such as random noise and JPEG compression, and reducing the image block size to 4 × 4 or 2 × 2 while keeping the security strength. Acknowledgments. This work is funded by the National Natural Science Foundation of China (No.60873158), the National Basic Research Program of China (No.2010CB327902), the Fundamental Research Funds for the Central Universities, and the Opening Funding of the State Key Laboratory of Virtual Reality Technology and Systems. References [1] Fridrich, J., Goljan, M.. Protection of digital images using selfembedding. In: International Conference on Information Technologies and Control. 1999, p. 302–311. 21
[2] Wong, P., Menon, N.. Secret and public key image watermarking schemes for image authentication and ownership verification. IEEE Transaction on Image Processing 2001;10(1):1593 – 1601. [3] Yuan, H., Zhang, X.P.. Multiscale fragile watermarking based on the gaussian mixture model. IEEE Transaction on Image Processing 2006;15(10):3189–3200. [4] Wang, M.S., Chen, W.C.. A majority-voting based watermarking scheme for color image tamper detection and recovery. Computer Standards & Interfaces 2007;29(5):561–570. [5] Zhang, X.P., Wang, S.Z.. Statistical fragile watermarking capable of locating individual tampered pixels. Signal Processing Letters 2007;14(7):723–730. [6] Zhu, S.M., Liu, J.M.. A novel fragile watermarking scheme for image tamper detection and recovery. Chin Opt Lett 2010;8(10):661–665. [7] lawi, R.C., Khan, A., Usman, I.. Authentication and recovery of images using multiple watermarks. Computers Electrical & Engineering 2010;36(10):578–584. [8] Bing, C.S., Che, Z.G., Xu, S.. Research on image self-recovery algorithm based on dct. Journal of Multimedia 2010;5(10):290–297. [9] Hassan, A.M., Hamadi, A.A., Hasan, M.Y.. Variable block-size image authentication with localization and self-recovery. Proceedings of 2010 IEEE 17th International Conference on Image Processing 2010;:3665– 3668. [10] Hassan, A.M., Hamadi, A.A., Michaelis, B.. Secure self-recovery image authentication using randomly-sized blocks. In: ICPR. 2010, p. 132–145. [11] Fridrich, J., Goljan, M.. Images with self-correcting capabilities. In: IEEE International Conference on Image Processing. 1999, p. 792–796. [12] He, H.J., Zhang, J.S., Tai, H.M.. Self-recovery fragile watermarking using block-neighborhood tampering characterization. In: IHW. 2009, p. 132–145. 22
[13] He, H.J., Zhang, J.S., Tai, H.M.. Adjacent-block based statistical detection method for self-embedding watermarking techniques. Signal processing 2009;:1557–1566. [14] Lee, T.Y., Lin, S.D.. Dual watermark for image tamper detection and recovery. Pattern Recognition 2008;41(1):3497–3506. [15] Zhang, H.B., Cheng, Y.. Tamper detection and self recovery of images using self-embedding. Elecronica Sinica 2004;32(2):196–199. [16] Wang, S.S., Tsai, S.L.. Automatic image authentication and recovery using fractal code embedding and image inpainting. Pattern Recognition 2008;41(2):701–712. [17] MeenakshiDevi, P., Venkatesan, M., Duraiswamyi, K.. A fragile watermarking scheme for image authentication with tamper localization using integer wavelet transform. Journal of Computer Science 2009;5(11):831– 837. [18] Lin, P.L., Hsieh, C.K., Huang, P.W.. A hierarchical digital watermarking method for image tamper detection and recovery. Pattern Recognition 2005;38(12):2519–2529. [19] Chamlawi, R., Khan, A.. Digital image authentication and recovery: Employing integer transform based information embedding and extraction. Information Sciences 2010;180(12):4909–4928. [20] Tsai, M.J., Chien, C.C.. Authentication and recovery for wavelet-based semi-fragile watermarking. Optical Engineering 2008;47(6):067005. [21] Yang, C.W., Shen, J.J.. Recover the tampered image based on vq indexing. Signal Processing 2009;90(6):331–343. [22] Holliman, M., Memon, N.. Counterfeiting attacks on oblivious blockwise independent invisible watermarking schemes. IEEE Transactions on Image Processing 2000;3(10):432–441. [23] Fridrich, J., Goljan, M., Memon, N.. Cryptanalysis of the yeungmintzer fragile watermarking technique. Journal of Electronic Imaging 2002;11(4):262–274.
23
[24] Wu, Y., Deng, R.H.. Security of of an ill-posed operator for image authentication. IEEE Trans Circuits Syst Video Technol 2005;15(1):161– 163. [25] Chang, C., Fan, Y.H., Tai, W.L.. Four-scanning attack on hierarchical digital watermark-ing method for image tamper detection and recovery. Pattern Recognition 2008;41(2):654–661. [26] Zhang, J.S., L.Tian, . A new chaotic digital watermarking method based on private key. Journal of China Institute of Communications 2004;25(8):98–101. [27] Deguillaume, F., Voloshynovskiy, S., Pun, T.. Secure hybrid robust watermarking resistant against tampering and copy attack. Signal Processing 2003;83(8):2133–2147. [28] He, H.J., Zhang, J.S., Tai, H.M.. Block-chain based watermarking scheme with superior localization. In: IHW. 2008, p. 147–160. [29] Wong, P.. A public key watermark for image verification and authentication. In: ICIP. 1998, p. 425–429. [30] Wong, P., Memon, N.. Secret and public key image watermarking schemes for image authentication and ownership verification. IEEE Trans Image Process 2001;10(8):1593–1601. [31] Phillips, P.J., Wechsler, H., Huang, J., Rauss, P.. The feret database and evaluation procedure for face recognition algorithm. Image and vision Computing 1998;16:295–306. Chunlei Li received his M.S. degree in Communication and Information System from Hohai University, Nanjing, china, in 2004. He worked at School of Electronic and Information Engineering, Zhongyuan University of Technology, ZhengZhou, China, from 2004 to 2008. Since 2008, He is working toward the Ph.D. degree in Beihang University, Beijing, China. His research interests include biometrics, pattern recognition, digital image watermarking. Yunhong Wang received a M.S. degree and a Ph.D. degree in electronic engineering from Nanjing University of Science and Technology in 1995 and 1998 respectively. She worked at the National Laboratory of Pattern 24
Recognition, Institute of Automation, Chinese Academy of Sciences, Beijing, China, from 1998 to 2004. Since 2004, she has been a Professor with the School of Computer Science and Engineering, Beihang University, Beijing, China. Her research interests include biometrics, pattern recognition, computer vision, data fusion and image processing. She is a member of IEEE and IEEE Computer Society. Bin Ma received a B.E. degree from Zhengzhou university, Zhengzhou, china, in 2008. Since 2008, he is working toward the Ph.D. degree in Beihang University, Beijing, China. His research interests include image processing, biometrics, pattern recognition, digital image watermarking. Zhaoxiang Zhang received a Ph.D. degree in the National Laboratory of Pattern Recognition, Institute of Automation, Chinese Academy of Sciences, Beijing, China, in 2009. Since 2009, he has been a lecture with the School of Computer Science and Engineering, Beihang University, Beijing, China. His research interests include biometrics, pattern recognition, computer vision, and image processing.
25
