Powerful digital image processing techniques make forgery and copyright piracy .... We can see that the watermarked image is not created by embedding 1s and 0s directly into the DCT coefficients, but by ... can act as a signature of the image.
IMAGE INTEGRITY AND AUTHENTICITY VERIFICATION VIA CONTENT-BASED WATERMARKS AND A PUBLIC KEY CRYPTOSYSTEM Chang-Tsun Li, Der-Chyuan Lou, and Jiang-Lung Liu Department of Electrical Engineering Chung Cheng Institute of Technology Tahsi, Taoyuan 33509, Taiwan
ABSTRACT A technique using the inherent feature map of the underlying image as the watermark is proposed in this work. First, on the transmitting side a binary feature map is extracted as watermark and partitioned into blocks. Secondly, to create a watermarked image, neighboring feature map/watermark blocks are blended and encrypted for insertion. On the receiving side, the feature map from the received image is extracted again and compared against the recovered watermark to verify the integrity and authenticity. In addition to the capability of detecting geometric transformation, removal of original objects and addition of foreign objects, the proposed scheme is also capable of localizing tampering and detecting cropping without a priori knowledge about the image. This work can be applicable in the areas of military imagery transmission, imaging of micro evidence in the criminal scene, and medical image archiving. Key words: Digital watermarking, cryptosystem, information security
I. INTRODUCTION The prevalence of Internet facilitates intensive digital information exchanges of multiple media both in speed and volume, which is far beyond people could predict a decade ago. Not only can we see the profound impact of Internet’s prevalence upon the way people communicate, but also expect the advent of electronic commerce age, which will mark a significant change to the way people live in human history. However, while the world is enjoying the convenience provided by Internet, information security also faces unprecedented threats due to the trivial process of perfect duplication and fast distribution through the networks. Powerful digital image processing techniques make forgery and copyright piracy easy and “cost effective”. Techniques securing information flowing on the networks are therefore essential to protect the intellectual properties and to foster the development of electronic commerce. To meet the security needs, watermarking has become one of the most exploited techniques in recent years [7][12][13][16]. Instead of serving the purpose of copyright protection, The main goal of this work is to provide a secure method, which allows the integrity of the image to be verified and authenticated in the areas of 1
applications, such as military imagery transmission, micro evidence of the images taken in the criminal scene, and medical image archiving. Therefore, it is important to differentiate the requirements of copyright protection and image authentication. For copyright protection, a manipulated but yet still acceptable image in terms of visual quality is seen as commercially significant, thus the watermark embedded is expected to be robust against common image processing and extractable so as to protect the copyright of the owner or content provider. Basically, watermarks used in the applications of copyright protection are trying to survive the influence of intended and unintended alterations/attacks on the images, i.e., they are trying to ‘ignore’ the influence of the alterations or attacks. On the other hand, for image verification and authentication, the emphases are the integrity of the distributed image and the identity of the image provider. Instead of trying to ignore image alterations, applications of image authentication and verification are trying to catch the alteration on the images. Watermarked images manipulated or unable to identify their providers or incapable of detecting attacks are deemed valueless and untrustworthy. For example, in the court or insurance company, what important is not the watermark itself but the detection of the removal of a crushed car from the watermarked image of an accident scene (the integrity of the image). Therefore while robustness – the ability to survive attacks is the core requirement for copyright protection, sensitivity – the ability to detect tampering is the central goal for authentication. It is also worth noting that most commercial image/video are stored and transmitted in lossy compressed form, therefore, this kind of incidental distortion is tolerable and the watermarking techniques should not be sensitive to it [4][8]. However, in some applications such as military imagery transmission and micro evidence of the images taken in the criminal scene, where details of military and legal importance may be lost due to lossy compression, therefore, watermarking techniques employed in these areas should be sensitive to lossy compression. Traditional watermarking approaches require the receivers to have the watermarks such as a sequence of random numbers [2][3][6][13] or a meaningful pattern [18][19] used by the sender in their possession in order to compare with the extracted one. This implies that the watermark has to be 2
designed separately and transmitted in advance in some way to a particular receiver. Although the designing can be trivial, the designed watermark itself may be tapped during the transmission and have to be maintained carefully by the second party once received. This drawback has an undesirable implication in military intelligence applications. Furthermore, the maintenance and administration can be costly and error prone at the destination when there are sensitive images coming from different sources, each having his/her own watermark for authentication. It is therefore desirable to have a scheme that relieves both parties from the designing and maintaining of a particular watermark. Another common limitation of many watermarking schemes [2][3][13][18] is the lack of obliviousness, which makes the schemes impractical in application due to the requirement of the original signal. This again incurs overhead in maintaining a large database. In communication systems, to extract watermarks or to enable the detection of some kind of tampering such as image cropping, some approaches require the receiver side to have prior knowledge about the transmitted image such as look-up table [19], private key [11] [17], or image size [18]. For example, in [17], to detect cropping, the image size is needed on both sides of the communication channel for encryption and decryption. This necessitates an extra transmission of the image size before the image is sent, otherwise, the receiver can only receive images of fixed size. This drawback again puts the information security of the scheme at risk. In order to reduce the overhead of transmission and the risk of revealing sensitive information, it is essential to refrain from initiating multiple channel accesses for a single information transmission.
II. PREVIOUS WORKS AND THEIR DRAWBACKS Schneider et al. [15] proposed a scheme based on public key encrypted image block histogram for the purpose of authentication. The Euclidean distance between histogram of each block of the original image and the histogram of each block of the watermarked image is calculated. An authenticity measure is subsequently calculated by summing all the Euclidean distances over the entire image and compared against a pre-specified threshold for authentication. The major drawback of this scheme is twofold: First, 3
it is not secure enough because modifying an image without altering its histogram is trivial. Secondly, a large database of the public key encrypted histogram is required. To detect any manipulations on the gray level and re-sizing of a watermarked image, Wong [17] proposed a secret key watermarking scheme which is used in conjunction with a cryptographic hash function. The watermark can only be verified by the user possessing the secret key. However, the requirement for transmitting the secret key to the user through a separate secure channel may jeopardize the security of the scheme. To overcome this problem, Wong extended the secret key verification method into a public key scheme [18]. The value of the least significant bits (LSBs) of the original image are first set to zero, and the LSB-zeroed image is then divided into blocks of the same size as that of a watermark block. The image size together with each LSB-zeroed image block are then provided as inputs to a hash function and the output together with the watermark block are subjected to an exclusive-or (XOR) operation. The result of the XOR operation is then encrypted using a private key and embedded in the least significant bits of the original image. To verify the integrity of the received image, the receiving side must have the prior knowledge about the size of the transmitted image. This is the main drawback of their scheme because either the sender has to transmit this information via a separate secure channel, which may compromise the security of the scheme, or the scheme can only work on the images of fixed size. Wu and Liu proposed in [19] an image authentication scheme by inserting a binary watermark into the DCT coefficients via a table look-up. In the first step of their scheme, a look-up table specific to the original image or a digital camera is generated, which maps all possible values of DCT coefficients randomly to either 1 or 0 with the constraint that the run-lengths of 1 and 0 are limited. Subsequently, a binary watermark pattern is embedded. In the embedding process, to embed a 1 in a DCT coefficient, the coefficient is kept unchanged if the corresponding entry of that coefficient is also a 1 in the look-up table. If the corresponding entry is 0, the coefficient is changed to the closest value whose entry is 1 in the look-up table. A similar process is applied to the case for embedding 0s. We can see that the watermarked image is not created by embedding 1s and 0s directly into the DCT coefficients, but by 4
adjusting the coefficients according to the look-up table. At the receiver side, the extraction of the watermark is simply by looking up the table. Although, this scheme does not require the original image for watermark extraction, however, the same look-up table used in the embedding stage is necessary in the watermark extraction stage, which has to be transmitted through a secure channel and may compromise the security of the scheme. Among the proposed fragile watermarking techniques, Yeung and Mintzer’s scheme [20] is one of the most cited. In [20], watermark embedding is conducted by scanning each pixel and performing the watermark extraction function based on a look-up table. If the extracted watermark bit is equal to the authentic watermark bit, the pixel is left unchanged; otherwise, the value of the pixel is adjusted until the extracted watermark bit is equal to the authentic one. However, due to the lack of inter-relationship among neighboring pixels during the watermarking process, the look-up table and the binary logo can be easily inferred when the same look-up table and logo are reused for multiple images. Attempting to counter this attack, Fridrich et al. proposed in a recent work [5] to inter-relate neighboring pixels during the watermark embedding process. Unfortunately, this technique is not able to detect the cropping on the right and from the bottom of the watermarked image
III. CONTENT-BASED WATERMARKING SCHEME Macq et al. [9] have suggested that it is possible to hide a watermark along the contour of objects or regions contained in an image. Their idea is based on the fact that contour occurs in high frequency, and the addition of information in high frequency will not result in perceptible changes to the appearance of the watermarked image. Although no specific technique is proposed in their work, however, their suggestion pointed out that local features could play an important role in watermarking. In this work, instead of hiding information in the position of local features, we propose a simple scheme to extract the local features of the image to be watermarked so as to form a feature map and use the feature map as the watermark. Since the watermark is not a pre-designed pattern, but dependent on the original image, we call this scheme content-based watermarking. The underlying concept of using local feature map as a 5
watermark is fourfold: ϥ! Local
features such as contours, edges, or zero-crossings are unique to each image, and therefore,
can act as a signature of the image. ϥ! Most
image operations such as blurring and compression affect the high frequency components,
which are associated with local features. ϥ! Attacks
or manipulations, such as removal of sensitive parts or addition of foreign objects or
features, result in significant changes to the feature map because objects are supposed to be different from its background or neighboring objects in terms of gray level or texture property. ϥ! Since
the feature map is dependent on and inherent to the underlying image, the feature map can
only be removed by destroying the image. A. Watermark Creation The first step of the content-based watermarking scheme is to extract a feature map from the original image and to use it as the watermark. Good candidates for the features are edges, lines, and zero-crossings. They are basically the discontinuities of gray level scattering over the underlying image. In this work, two steps are taken to create the feature map of an image. First, the least significant bit (LSB) of each pixel of the underlying image h( x, y ) is set to zero. The output of this operation is denoted as h c( x, y ) . Subsequently, zero-crossings are detected by convolving the operator of Laplacian of Gaussian (LOG) l ( x, y ) [10] as shown in Figure 1 with h c( x, y ) . The convolution result f ( x, y ) is denoted as 1
f ( x, y )
1
¦ ¦ l (m, n)hc( x � m, y � n)
(1)
m �1n �1
where ( x, y ) is the coordinates of a pixel. The feature map f z ( x, y ) is then created by assigning 1 to the pixels on the negative side of zero-crossings. It can be mathematically expressed as f z ( x, y )
1, if f ( x, y ) � 0 and f ( xc, yc) ! 0 for any ( xc, yc) N 4 ( x, y ) ® ¯0, otherwise 6
(2)
where N 4 ( x, y ) is the 4-neighborhood of pixel ( x, y ) . The feature map f z ( x, y ) is then utilized as the watermark. An example is illustrated in Figure 2. Figure 2 (a) shows the original image of ‘Lena’, and Figure 2(b) illustrates the convolution result f ( x, y ) . Note that to avoid the ‘wrap-around’ display effect, the value 128 has been added to all the actual values of f ( x, y ) . Figure 2(c) demonstrates the binarized version of f ( x, y ) , which is created by setting all positive values in f ( x, y ) to 1 and negative values to 0. Figure 2(d) is the binary feature map f z ( x, y ) to be used as a watermark created according to Equation (2). It is evident to see that zero-crossings occur wherever the gray levels change in Figure 2(c). B. Watermark Embedding Locating the spots of tampering and ensuring the detection of cropping are essential requirements for an effective watermarking scheme. In order to detect cropping and to locate the spots where tampering such as replacing or adding objects occurs, once the feature map is created, it is partitioned into a number of blocks. Subsequently, the right half of each watermark block is replaced with the right half of the next watermark block along zig-zag-scan path so that neighboring blocks are related by the blended data. Each blended block is then encrypted with a private key of the RSA public key cryptosystem [14] and embedded in the LSBs of h c( x, y ) . This idea is demonstrated in Figure 3. As shown in Figure 3(a), block c is immediately next to block b, which is in turn immediately next to block a along the zig-zag-scan path. Therefore, as shown in the Figure 3(b), the watermark block to be embedded in block a is comprised of the left half of block a (denoted as al) and the right half of block b (denoted as br). Note the next block of p is block a, i.e., the zig-zag-scan path is circular. Actually, cropping across blocks can be detected without relating blocks by blending information of neighboring blocks in this zig-zag-scan manner. However, since details of the scheme is open to the public, in the case of cropping along block borders (i.e., the width and the height of the removed area are integer multiples of the block dimensions), without blending information of the neighboring blocks, then even each watermark block is deposited in its neighboring block in some manner such as zig-zag-scan or raster scan, the attacker can simply re-position the watermark blocks to restore the correspondence 7
between blocks after the cropping. This will leave the cropping along block borders undetectable. Since the information blending is done before the encryption, the details of this scheme is known to the attacker, the watermark block still cannot be restored without the corresponding private key. It is recognized that the security of the RSA algorithm depends on the intractability of factorization and the unavailability of attacking techniques. Since only the image owner has the knowledge of the private key, the ownership and authenticity of the image can thus be verified. Moreover, to ensure the security, the block size (i.e., the length of the watermark in each block) must be large enough to meet the requirement of data expansion caused by public modulus. Since a number as long as 129 digits ( | 430bits) in the RSA cryptosystem has recently been factorized [1], thus, in this work, we propose a size of 32 Ø 16 (512 bits) for each block. Note also that to make the value of the message to be encrypted larger enough so as to increase the security of the RSA cryptosystem, the first bit of each feature map block is set to 1 before encryption. Like the public key, the size of blocks can be made public. Therefore, in the cases when images with their size unequal to the multiples of the block size in both dimensions, the images can be cropped or padded with insignificant values as the sender/provider wishes. C. Watermark Extraction and Verification Upon receipt, the LSBs of the image are extracted and partitioned into blocks for decryption. Each decrypted watermark block is restored by combining its left half with the right half of the previous block in zig-zag-scan path. The feature map is again extracted by performing the same operations as those did on the transmitting side on the LSB-zeroed image and divided into blocks. It is clear by now that, on both sides of the transmission channel, the removal of the LSBs prior to the extraction of the feature map is intended to ensure that the feature maps on both sides are extracted on the same basis. To verify the authenticity and integrity of the received image, each extracted feature map block is compared with the corresponding restored and decrypted watermark block. A difference map is created as the output of the comparison. If no tampering occurs during the transmission, each pair of the decrypted watermark block and the extracted feature map block must match, and as a result, the difference map will appear purely black. Should there be any tampering, the difference map will raise 8
alarm by showing noisy content. Note that, if the image is tampered locally (such as the removal of the original objects or the addition of foreign objects), the way in which watermark blocks are related will definitely result in one false alarm for each positive one. For example, if block b in Figure 3 is the only block tampered, not only its feature and watermark, but also the watermark of block c is altered due to the watermark blending at the transmitting side. Therefore, a positive and a false alarm are raised in block b and c, respectively, even though block c is not tampered at all. Fortunately, the false alarm can be identified with a trivial post-processing by checking whether or not an alarm is raised at block d. If it is not, block c is actually intact and, therefore, the alarm raised by c is false and should be turned off. Detection of geometric transformation and scaling can also be easily achieved by this scheme without knowing the size of the original image because these two kinds of operations result in significant changes to the feature map and mess up the embedded watermark. In summary, the procedure of the content-based watermarking is illustrated in Figure 4.
IV. SECURITY ANALYSIS In this work, no extra information such as image size, look-up table, or private key except the watermarked image itself is to be transmitted; therefore, no secure channel is required. This feature reduces the risk of revealing sensitive information and keeps the complication of transmission to its minimum. Although the watermarking algorithm is made public, with the protection of the RSA cryptosystem, even if the attacker alters the image content and re-runs the watermarking algorithm with his/her own RSA key, the received image will be proved unauthentic when the legitimate recipient decrypts the watermark with the legitimate sender’s public key.
V. EXPERIMENTS Figure 5 shows the experimental results of the proposed content-based watermarking scheme with seven cases demonstrated. Only case intact yields an entirely black difference map indicating that there is no 9
difference between the extracted feature map and the decrypted watermark. The other six cases of tampering are: 1. Mole added: A mole is added to Lena’s cheek during the transmission process, therefore, the block covering the added mole becomes noisy. 2. Wrong key: When incorrect key is used, all the watermark blocks decrypted are wrong and as a result, the entire difference map becomes noisy. 3. Histogram equalized: Equalizing the histogram of an image altars the feature map of it. Even if the watermark is removed by the attacker before equalization and inserted back again afterwards, the feature map is no longer in consistence with the decrypted watermark. Therefore, the content of the difference map is purely random. 4. Scaled: Scaling alters both embedded watermark and feature map. Therefore, the decrypted watermark is different from the altered feature map. 5. Cropped: Cropping along block borders messes up the correspondence between watermark and the feature map and yields a noisy difference map. 6. Unwatermarked: If no watermark is embedded, the watermark extraction process at the receiving side will certainly get a meaningless watermark which is different from the feature map. Therefore, the content of the difference map is purely random. Actually, in addition to scaling and cropping, geometric transformations resulting in change to the size of the image can also be detected by this scheme without knowing the size of the original image. This is because geometric transformations result in significant changes to the feature map and mess up the embedded watermark.
VI. CONCLUSIONS In this work, a novel and simple watermarking scheme for image integrity and authenticity verification is proposed by exploiting the inherent local feature of the underlying image. This technique can be applied in the areas of military imagery transmission, imaging of micro evidence in the criminal scene, and medical image archiving. In addition to the common capabilities most schemes have, the major 10
contributions of our scheme can be summarized as follows: 1. Both parties on the opposite sides of the transmission channel are relieved from designing and maintaining a database of perfect watermarks and original images for authenticity and integrity verification because the feature map employed as watermark is inherent to the image. 2. No a priori knowledge about the size of the transmitted image is required by the receiver side for detecting tampering such as scaling and cropping which results in change to the image size. The security is enhanced because no extra access to the communication channel is necessary. 3. Local tampering such as removal of original objects and addition of foreign objects can be detected and localized to the accuracy of block size.
REFERENCES [1] D. Atkins, M. Graff, A. K. Lenstra and P. C. Leyland, “The magic words are squeamish ossifrage,” In Proc. Advances in Cryptology, Asiacrypt ‘94, 1994, pp. 263-277. [2] M. Barni, F. Bartolini, V. Cappellini, and A. Piva, “A DCT-domain system for robust image watermarking,” Signal Processing, vol. 66, pp. 357-372, 1998. [3] I. J. Cox, J. Kilian, F. T. Leighton, and T. Shamoon, “Secure Spread Spectrum Watermarking for Multimedia,” IEEE Transactions on Image Processing, vol. 6, no. 12, pp.1673-1687, December 1997. [4] J. Dittmann, A. Steinmetz, and R. Steinmetz, “Content-based Digital Signature for Motion Pictures Authentication and Content-Fragile Watermarking,” in Proc. IEEE Intl. Conf. On Multimedia Computing and Systems, vol. II, Italy, 1999, pp. 209-213. [5] J. Fridrich, M. Goljan and A. C. Baldoza, “New Fragile Authentication Watermark for Images,” in Proc. IEEE Int. Conf. Image Processing, vol. I, Vancouver, Canada, Sept. 2000, pp. 446-449. [6] F. Hartung and B. Girod, “Watermarking of uncompressed and compressed video,” Signal Processing, vol. 66, pp. 283-301, 1998. [7] F. Hartung and M. Kutter, “Multimedia watermarking techniques,” IEEE Proceeding, vol. 87, no. 7, pp.1079 –1107, July 1999. [8] C. Y. Lin and S. F. Chang, “Generating Robust Digital Signature for Image /Video Authetication,” Multimedia and Security Workshop at ACM ultimedia, Bristol, UK, 1998. [9] B. Macq and J. J. Quisquater, “Cryptology for Digital TV Broadcasting,” IEEE Proceedings, vol. 83, pp. 944-957, 1995. [10] David Marr, Vision, Freeman, 1983. [11] N. Nikolaidis and I. Pitas, “Robust image watermarking in the spatial domain,” Signal Processing, vol. 66, pp. 385-403, 1998. [12] F. A. P. Peticolas, R. J. Anderson, and M. G. Kuhn, “Information hiding-a survey ,” IEEE Proceeding, vol. 87, no. 7, pp. 1062 -1078, July 1999. [13] C. I. Podilchuk and W. Zeng, “Image-adaptive watermarking using visual models,” IEEE Transactions on Selected Areas in Communications, vol. 16, no. 4, pp. 525-539, May 1998. [14] R. L. Rivest, A. Shamir, and L. Adleman, “A Method for Obtaining Digital Signatures and Public Key Cryptosystems,” Communications of the ACM, vol. 21, pp. 120-126, February 1978. [15] M. Schneider and S. F. Chang, “A robust content based digital signature for image authentication,” 11
in Proc. IEEE Intl. Conf. On Image Processing, vol. III, Lausanne, Switzerland, September 1996, pp. 227- 230. [16] A. Z. Tirkel and C. F. Osborne and T. E. Hall, “Image and watermark registration,” Signal Processing, vol. 66 , pp. 373-383, 1998. [17] P. W. Wong, “A watermark for image integrity and ownership verification,” in Proc. IS & T PIC Conference, Portland, USA, May 1998. [18] P. W. Wong, “A Public Key Watermark for Image Verification and Authentication,” in Proc. IEEE Intl. Conf. On Image Processing, vol. I, Chicago, USA, October 1998, pp. 455-459. [19] M. Wu and B. Liu, “Watermarking for Image Authentication,” in Proc. IEEE Intl. Conf. On Image Processing, vol. II, Chicago, USA, October 1998, pp. 437-441. [20] M. Yeung and F. Minzter, “Invisible Watermarking for Image Verification,” Journal of Electronic Imaging, vol. 7, no. 3, pp. 578-591, July 1998.
! ! -1 4 -1 ! ! 0 -1 0 ! ! Figure 1. Operator of Laplacian of Gaussian (LOG). ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! 0 -1 0
12
! ! ! ! ! ! ! (b) (a) ! ! ! ! ! ! ! ! (d) (c). ! ! Figure 2. Creation of local feature map. a) Original image, b) result of convolving ! (a) with the operator of Laplacian of Gaussian, c) binarized version of (b), d) ! zero-crossing map to be used as the watermark. ! ! ! ! ! ! ! ! a b a!l br bl cr ! c c!l dr ! d d!l er ! ! p o ol pr pl ar ! ! (a) (b) ! ! Figure 3. Embedding of watermark blocks (with 6!Ѽ 6 pixels) of a simplified image with 24 Ѽ 24 pixels.ʳa) The feature map is divided into ! blocks indexed alphabetically along zig-zag-scan path. Note the next block of p is!block a. b) The right half of each watermark block is replaced with the right half of! the next watermark block along zig-zag-scan path. Subscripts l and r represent ‘left’ ! and ‘right’ half, respectively. ! ! ! 13
Transmission Side
! ! ! ! ! ! ! !
Receiving Side
! Original Image
Received Image ! ! ! Separate the gray level of Separate the gray level of each pixel into: ! each pixel into: 1. MSB(b7-b1) 1. MSB(b7-b1) ! 2. LSB(b0) 2. LSB(b0) ! ! ! Extract the feature map ! blocks from MSB(b7-b1) decrypt watermark blocks (LSBs) ! Extract the feature ! map blocks from ! MSB(b7-b1) Blend feature map ! Re-combine blocks to form watermark blocks watermark blocks ! ! ! Encrypt the watermark ! Compare feature map blocks blocks ! against the watermark blocks ! ! Difference Map Embed the watermark blocks at ! the LSBs of the original image ! ! Watermarked Image ! ! ! Figure 4. Flow diagram of the content-based watermarking scheme. ! ! ! ! !
14
!
Cropped
Intact
Scaled
Wrong key
Mole added
Communication Channel Receiving Side
15
Figure 5. Experiment results using content-based watermarking scheme. The dark gray area represents the Communication Channel while the light gray area represents the Transmission Side and Receiving Side. The images on the Receiving Side are the difference maps.
Histogram Equalized
Watermarked
Transmission Side
Original image
Unwatermarked
