Robust Image Content Authentication with Tamper ... - IEEE Xplore

2012 IEEE International Conference on Multimedia and Expo

ROBUST IMAGE CONTENT AUTHENTICATION WITH TAMPER LOCATION Li Weng ★ ★

Geert Braeckman †

Ann Dooms †

Bart Preneel★

Peter Schelkens †

ESAT/COSIC, IBBT, Katholieke Universiteit Leuven, Kasteelpark Arenberg 10, Heverlee, Belgium † ETRO, IBBT, Vrije Universiteit Brussel, Pleinlaan 2, Brussels, Belgium ABSTRACT

mat change, re-compression, resolution or contrast change, etc. Since incidental distortion usually preserves the content, the resultant image should still be considered as authentic. Therefore, image authentication should be based on content, not the binary representation. In practice, when an image is sent to a user, a possible solution to prove the authenticity is to generate a hash value and send it securely to the user. The hash value is a compact string – an abstract of the content. A user can re-generate a hash value from the received image, and compare it with the original hash value. If they match, the content is considered as authentic. In order to allow incidental distortion, the hash value must possess some robustness. Conventional cryptographic hash algorithms, such as MD5, SHA-1 [1], are not suitable for multimedia data, because they are extremely sensitive to any change of the data. Therefore, a new generation of hash algorithms has emerged, called robust or perceptual hash (PH) algorithms [2]. A perceptual hash value is computed from robust and distinctive image features. It must fairly represent the corresponding content. A PH algorithm typically possesses the following properties:

We propose a novel image authentication system by combining perceptual hashing and robust watermarking. An image is divided into blocks. Each block is represented by a compact hash value. The hash value is embedded in the block. The authenticity of the image can be verified by re-computing hash values and comparing them with the ones extracted from the image. The system can tolerate a wide range of incidental distortion, and locate tampered areas as small as 1/64 of an image. In order to have minimal interference, we design both the hash and the watermark algorithms in the wavelet domain. The hash is formed by the sign bits of wavelet coefficients. The lattice-based QIM watermarking algorithm ensures a high payload while maintaining the image quality. Extensive experiments confirm the good performance of the proposal, and show that our proposal significantly outperforms a state-of-the-art algorithm. Index Terms— image, hash, watermark, authentication, perceptual 1. INTRODUCTION

∙ Compactness – the hash value is compact;

Digital images are easy to store and share. However, they are susceptible to modification and forgery. Software development has made it easy for everyone to produce, edit, and distribute digital content. Since malicious content manipulation can lead to serious consequences, an important issue for the future world is the trustworthiness protection of multimedia data. When an image contains important information, its authenticity must be ensured. In this work, we focus on image authentication. Digital images are often subjected to incidental distortion, e.g., for-

∙ Robustness – hash computation is insensitive to a certain range of distortion to the input image; ∙ Discriminability – perceptually different content results in significantly different hash values; Due to the compactness, a PH algorithm can be used together with digital watermarking techniques. Instead of sending a hash value, we can imperceptibly embed it into the image. This approach avoids extra communication, and ensures that the original hash value is always available and synchronized. The authentication procedure is simple: a user extracts the original hash value from the watermarked image, and compares it with the re-computed hash value. The watermarking scheme generally concerns the following issues:

This work was supported in part by the Research Council K.U.Leuven: GOA TENSE (GOA/11/007), by the IAP Programme P6/26 BCRYPT of the Belgian State (Belgian Science Policy), by the European Commission through the ICT programme under contract ICT-2007-216676 ECRYPT II, and by the IBBT/AQUA project with the involved companies. IBBT (Interdisciplinary Institute for BroadBand Technology, Gaston Crommenlaan 8, Ghent) is a research institute founded in 2004 by the Flemish Government and the involved institutions. Additional support was provided by the FWO (Fonds Wetenschappelijk Onderzoek) within the project G.0206.08 “Perceptual Hashing and Semi-fragile Watermarking” and G.0213.11N “Watermarking, Encryption and Transcoding”, and by the Post-Doctoral Fellowship of Peter Schelkens.

978-0-7695-4711-4/12 $26.00 © 2012 IEEE DOI 10.1109/ICME.2012.163

∙ Payload capacity – the scheme is able to carry the hash value; ∙ Robustness – the scheme should withstand a range of incidental distortion; 380

∙ Image quality – the watermark should have little impact on the image quality;

The authentication resolution is 1/64 area of an image. Basically, we divide an image into blocks, compute a hash value from each block and embed it into the block. This way, we can tell whether the image has been tampered by verifying the block hash values. The proposed system exhibits good performance under extensive tests, and significantly outperforms the state-of-the-art algorithm [7]. The results justify the validity of the design and serve as a reference for research and practice in this field. The rest of the work is organized as follows. Section 2 describes the details of the proposed image hash algorithm and watermarking algorithm. Section 3 shows the performance of the proposed system. Section 4 concludes the work.

The performance of the watermarking scheme mainly depends on the embedding strength and the size of the payload. The overall performance of such a system is a balance between the authentication performance under incidental distortion and the quality loss due to watermarking. Since the watermark embedding also brings distortion to the original image, it might affect the re-computation of the hash value. This interference, denoted as 𝐼𝑤ℎ , must be small. Besides, the parameters of the two algorithms also influence each other’s performance. Increasing the hash size typically increases the discrimination performance, but also increases the payload and decreases the robustness of the watermark. Increasing the watermark embedding strength may increase 𝐼𝑤ℎ , but on the other hand achieves better robustness of the watermark. Therefore, the design of such a system involves the interaction between the two components. We need to optimize the authentication performance and the perceptual quality. In practice, we can fix one of them and try to get the best performance for the other. Content authentication can be achieved on different levels. On a low security level, we only need to know if the majority of the content has been tampered; on a high security level, we need to know if any local area has been tampered. The accuracy depends not only on the extracted features, but also the way of watermark embedding, both of which can be categorized as global or local. Global features are extracted from a global perspective. They are usually very compact, but only represent the content on a macro level. Local features are extracted from local regions. They help with tamper location, but contain much more information. In global embedding, embedding regions do not correspond to image regions. This allows a large payload, but tamper location does not work. In local embedding, there is a correspondence between embedding regions and image regions. This facilitates tamper location, but suffers from a limited payload size. In this work, we propose a novel content authentication system by combining perceptual hashing and robust watermarking. Such a system was envisioned by Fridrich and Goljan in [3, 4]. They motivated the usefulness of contentdependent watermarks and designed a robust hash algorithm. A similar concept was exploited by Cannons and Moulin in [5], where they proposed a hash-aided watermarking system with the aim to improve watermark detection. Recently Fei et al. theoretically studied semifragile watermark-based authentication without perceptual hashing [6]. So far there are few practical systems based on the above concept with extensive performance evaluation. A recent solution was proposed by Liu et al. [7] – a global feature and local embedding approach, where they show satisfactory results on tamper location. In order to achieve the highest security level, we adopt the local feature and local embedding approach. We design a hash algorithm and a watermarking algorithm in the wavelet domain.

2. THE PROPOSED AUTHENTICATION SYSTEM The content authentication system includes an image hash algorithm and a watermarking algorithm. Both algorithms work in the wavelet domain. They have their own requirements, but also interact. The input image is first resized to 512×512 pixels. For each 64 × 64 block, a block hash value is computed. It is then embedded into the corresponding block in the original image. Our system requires that the input image is at least 1024 × 1024 pixels. The maximum payload is 256 bits per block. 2.1. The hash algorithm A perceptual hash value must capture the content, and meanwhile keep compact. We propose to form a hash value using the sign bits of wavelet transform coefficients. The advantage of using the same domain as the watermarking algorithm is that the influence of watermark embedding to the hash recomputation 𝐼𝑤ℎ can be minimized by doing watermarking and hashing in different wavelet subbands. The algorithm generates an 𝑛-bit hash value for each image block. It works as follows: 1. Convert the input image to gray-scale and resize it to 512 × 512 pixels; 2. Divide the image into 64 × 64 blocks; for each block, a block hash value is generated by: 1. Two-dimensional wavelet transform until level 𝑋, which has no less than 𝑛 wavelet coefficients in each subband; 2. Apply a two-dimensional discrete cosine transform (DCT) to the approximate subband; 3. Extract the sign bits of the first 𝑛 DCT coefficients using a zigzag scan, excluding the DC; 4. Concatenate all the extracted bits and perform a random permutation according to a key 𝐾ℎ .

381

When two hash values are compared, the normalized Hamming distance, or the bit error rate (BER), is used as the distance metric. This algorithm is light-weight, easily configurable and compatible with the watermarking algorithm.

Table 1. Legitimate distortion. Distortion JPEG compression AWGN Gaussian filtering Down scaling Sharpening Gamma correction

2.2. The watermarking algorithm We now describe our parameterizable lattice QIM watermarking technique which builds on the system introduced in [8]. Recall that a lattice (in 𝑅𝑛 ) is defined as a collection of vectors that are integral combinations of a set of basis vectors in 𝑅𝑛 . If 𝐺 = {𝑔1 , . . . , 𝑔𝑛 } is such a set of basis the associated 𝑛-dimensional lattice Γ is the set ∑vectors, 𝑛 { 𝑖=1 𝑧𝑖 𝑔𝑖 ∣ 𝑧𝑖 ∈ 𝑍}. Lattice QIM techniques build on an 𝑛-dimensional lattice ΓF for which a coarser sublattice ΓC (i.e. ΓC ⊆ ΓF ) is identified such that ΓF =

𝑀 ∪

The distance 𝑑 between two hash values is compared with a threshold 𝑇 . A decision is made from two hypotheses: ∙ ℍ0 – the images blocks correspond to different content; ∙ ℍ1 – the images blocks correspond to similar content. If 𝑑 ≤ 𝑇 , we choose ℍ1 ; otherwise we choose ℍ0 . The overall performance can be characterized by the true positive rate 𝑃𝑑 and the false positive rate 𝑃𝑓 , defined as:

ΓC + 𝑔 𝑚

𝑚=1

∙ 𝑃𝑑 = Probability {𝑑 ≤ 𝑇 ∣ℍ1 } ;

where the 𝑔𝑚 ∈ 𝑅𝑛 are coset leaders which can be used to create a set of lattice quantizers 𝑄𝑚 . As in the original QIM scheme, we watermark the coverwork 𝑐 with a message 𝑚 (1 ≤ 𝑚 ≤ 𝑀 ) using an embedding function 𝐸, E (𝑐, 𝑚)

=

𝑄𝑚 (𝑐) = 𝑄ΓC (𝑐 − 𝑔𝑚 ) + 𝑔𝑚 ,

∙ 𝑃𝑓 = Probability {𝑑 ≤ 𝑇 ∣ℍ0 } . When the threshold 𝑇 is increased, the hash is likely to tolerate more distortion, but that also increases the chance of false positive. A good algorithm should suppress the false positive rate while maintaining a high true positive rate. The relationship between 𝑃𝑑 and 𝑃𝑓 is known as the receiver operating characteristic (ROC) curve. In order to choose the most suitable threshold value, we also need to take into account of the false negative rate 𝑃𝑚 , defined as

(1)

where 𝑄ΓC is the quantizer associated with the coarse lattice ΓC . The quantization strength is denoted by Δ. Note that in one dimension, lattice QIM is equivalent to scalar QIM. Our parametrized construction is based on the existence of so-called self-similar lattices [9]. Depending on the number of bits to be embedded per set of coverwork samples, we choose a self-similar Γ𝐹 and split it up - employing rotation and scaling - into coarse sublattices that resemble it. Thus, we relate the self-similarity with the number of cosets and hence the number of messages (or log2 𝑀 bits) that can be embedded through (1) (see [8, Theorem 1]). In this paper, we use the popular Checkerboard lattice { } 𝐷2 = (𝑧1 , 𝑧2 ) ∈ 𝑍 2 ∣ 𝑧1 + 𝑧2 is even .

∙ 𝑃𝑚 = Probability {𝑑 > 𝑇 ∣ℍ1 } . By definition, 𝑃𝑚 = 1 − 𝑃𝑑 . Actually 𝑃𝑓 and 𝑃𝑚 are contradicting requirements. Different applications give their own bias towards 𝑃𝑓 or 𝑃𝑚 . By default, we choose the equal error rate point (EERP), where 𝑃𝑓 = 𝑃𝑚 , as the working point. 3. EXPERIMENT RESULTS AND ANALYSIS

Note that when embedding more than two messages (1 bit), the binary labeling of the cosets can affect the bit error rate (BER) of the watermark extractor. We therefore employ the labeling obtained using the method in [10]. We also apply distortion compensation and dithered quantization as introduced in [8]. The latter adaptation of (1) uses dither vectors which ensure uniform distribution of the quantization noise in the Voronoi region of the quantizer1 .

The proposed system has been extensively tested. A database of 300 natural scene photos is used. The genres include architecture, art, humanoids, landscape, objects, vehicles, etc. The image dimension is 1024 × 1024 pixels. The performance is evaluated in terms of robustness, discrimination, operating characteristics, and image quality loss. A set of incidental distortion is listed in Table 1. They are generally considered as legitimate, thus are expected to be tolerated by the system. In order to have a baseline for performance comparison, the algorithm proposed by Liu et al. [7] is implemented and tested in the same way. Their algorithm basically adopts a global feature and local embedding approach. The features are Zernike moments [7]. The same image database is used, but since the baseline algorithm works on 256 × 256 images,

2.3. The authentication procedure We can evaluate the similarity between image blocks by comparing the block hash values, and tell if an image block has been tampered according to how well the hash values match. 1 The

Parameter range (step) Quality factor (QF): 10 – 70 (10) PSNR: 10 – 40 dB (5) Window size: 7 – 19 (2) Ratio: 0.2 – 0.8 (0.1) Strength: 0.1 – 0.7 (0.1) Gamma: 0.5 – 1.7 (0.2)

seed can be used as the key for the watermarking system [11].

382

Table 2. Robustness test for {𝑛 = 64, Δ = 13}.

Histogram of hash distances between different image blocks 0.1

10 .445

20 .211

30 .105

40 .085

50 .081

60 .078

70 .077

AWGN Mean BER

10 .500

15 .500

20 .495

25 .402

30 .166

35 .083

40 .076

Gaussian filt. Mean BER

7 .078

9 .078

11 .078

13 .078

15 .078

17 .078

19 .078

Down scaling Mean BER

0.2 .382

0.3 .353

0.4 .194

0.5 .090

0.6 .180

0.7 .097

0.8 .179

Sharpening Mean BER

0.1 .267

0.2 .266

0.3 .265

0.4 .264

0.5 .263

0.6 .262

0.7 .262

Gamma corr. Mean BER

0.5 .215

0.7 .152

0.9 .079

1.1 .079

1.3 .120

1.5 .167

1.7 .209

Watermarking Mean BER

empirical distribution theoretical PDF for N=63, p=0.5

0.09 0.08 0.07 Probability

JPEG Mean BER

0.06 0.05 0.04 0.03 0.02 0.01 0

13 0.074

0

0.2

0.4 0.6 Bit error rate

0.8

1

Fig. 1. BER histogram for different image blocks, {𝑛 = 64, Δ = 13}.

all the photos are resized. The input image is decomposed by a discrete wavelet transform. The approximate band of the third level is divided into 4 × 4 blocks. A 9 bit Zernike moment value is embedded into each block. The protection accuracy corresponds to 1/64 area of an image, which is the same as our proposal. The default parameters suggested in [7] are used. We denote the block hash length and the quantization strength of the watermarking algorithm by 𝑛 and Δ respectively. In the robustness test, distorted images are generated from all the original images according to Table 1. There are 300 original images and 12600 distorted ones. Hash values are generated for all of them. We compare original block hash values with their distorted versions. Note that each original hash value is derived through watermark extraction: 1) embedding the original hash value into the image; 2) distort the image; 3) extract the watermark. The average block hash distances are listed in Table 2 for {𝑛 = 64, Δ = 13}. The results show that our scheme is robust against JPEG compression until QF 20 and AWGN until 25 dB. For the rest of the distortion, the scheme works well. Generally, the BER increases with the distortion level; but for Gaussian filtering and sharpening, the BER is quite stable. Most of the results are significantly lower than 0.5, which indicate proper resistance to incidental distortion. We also note that the BER solely brought by watermark embedding is the smallest, i.e., the interference 𝐼𝑤ℎ between hashing and watermarking is small. In the discrimination test, we compare hash values of different image blocks for {𝑛 = 64, Δ = 13}. From all the original and distorted images, we randomly choose about 1 million image block pairs of different content, and compute their block hash distances. The hash values are assumed to be independent of each other. Ideally, the distribution of the normalized Hamming distances is binomial with 𝑝 = 0.5 and 𝑁 = 64. The actual distribution of hash distances is shown in Fig. 1. The empirical distribution has a standard deviation

Table 3. Average hash distances between different image blocks and the equivalent number of independent bits. Δ∖𝑛 11 13 15

64 0.4994 63 bits 0.4994 63 bits 0.4987 62 bits

128 0.4992 125 bits 0.4992 126 bits 0.4992 126 bits

192 0.4991 185 bits 0.4991 186 bits 0.4991 188 bits

256 0.4993 244 bits 0.4992 245 bits 0.4992 246 bits

0.0627, with a mean of 0.4994, which is close to the ideal situation. Since the √ standard deviation of a binomial distribution is given by 𝜎 = 𝑝(1 − 𝑝)/𝑁 , the distribution of hash distances corresponds to a binomial process with 𝑁 = 63 and 𝑝 = 0.5, whose theoretical distribution is plotted by a solid line in Fig. 1. One can see that the theoretical distribution fits the actual data. Therefore, 63 out of 64 hash bits (98%) are independent and unpredictable. The probability that two random image blocks have the same hash value is about 2−63/2 . If a lower collision rate is required, one could use a larger block hash size. In Table 3, more results are listed for other system parameters. The actual numbers of bits are quite close to the corresponding hash lengths. In the hypothesis test, we compute the true positive rate 𝑃𝑑 and the false positive rate 𝑃𝑓 using different threshold values. The ground truth information from the previous tests is used. There are about 0.8 million true positive cases (in the robustness test) and 1 million true negative cases (in the discrimination test). The trade-offs between robustness and discrimination can be seen in the ROC curves plotted in Fig. 2. ROC curves are plotted for a few system parameters and the baseline algorithm. The proposed algorithm significantly outperforms the baseline algorithm. The content authentication performance can be represented by the EERP, i.e., 𝑃𝑓 or 𝑃𝑚

383

Table 4. EERP values for different {𝑛, Δ} combinations.

The ROC curve 1

Δ∖𝑛 11 13 15 baseline

0.9

True positive rate − Pd

0.8 0.7 0.6

64 0.1400 0.1315 0.1247

128 192 0.1296 0.1202 0.1203 0.1100 0.1002 0.0932 0.36

256 0.1203 0.1016 0.0950

0.5 n=192,Δ=15,EERP=0.09 n=128,Δ=13,EERP=0.12 n=64,Δ=11,EERP=0.14 baseline, EERP=0.36

0.4 0.3

Table 5. Average PSNR (dB) values for different {𝑛, Δ}. Δ∖𝑛 11 13 15 baseline

0.2 0.1 0

0

0.2

0.4 0.6 False positive rate − Pf

0.8

1

64 41.59 40.16 38.94

128 192 41.63 41.65 40.21 40.25 38.99 39.03 40.94

256 41.66 40.24 39.02

(a) The complete ROC higher quality level as the baseline algorithm when a proper embedding strength is used. In practice, one can first choose an acceptable image quality level and a watermarking security level, then check the corresponding authentication performance, or vice versa.

The ROC curve 0.9

True positive rate − Pd

0.88 0.86 0.84

3.1. Global level authentication

0.82

Compared with conventional perceptual hash algorithms, our proposal costs a lot more bits. However, the authentication performance looks not as good as conventional ones. Typically, a global level authentication algorithm can achieve EERPs lower than 0.01, while our proposal can achieve EERPs lower than 0.1. Note that it is not straight-forward to compare the values, because one is on image level and the other is on block level. Nevertheless, we would like to establish a correspondence between the performance of our proposal and conventional algorithms that serve global level authentication. For this purpose, we define a virtual authentication scheme as follows. In this scheme, we judge the similarity between images by comparing image blocks. If two images have no less than 𝑇 similar block pairs, they are judged as similar. The rule is based on the assumption that if two images are perceptually different, then each pair of blocks are also likely to be perceptually different. According to these settings, the overall performance can be estimated. Assuming the block hash has performance {𝑝𝑑 , 𝑝𝑓 } and image blocks are independent, the true positive rate and the false positive rate on the image level,

0.8 n=192,Δ=15,EERP=0.09 n=128,Δ=13,EERP=0.12 n=64,Δ=11,EERP=0.14

0.78 0.76 0

0.02

0.04 0.06 0.08 False positive rate − Pf

0.1

0.12

0.14

(b) Close-up Fig. 2. Hypothesis test results.

when they are equal. Different EERP values w.r.t different system parameters are listed in Table 4. A lower value means better performance. The EERP values for the proposed system are in the range of 0.09 – 0.14. We conclude that a larger block hash size or a stronger embedding strength results in better overall performance, because generally the former increases the discriminability, and the latter increases the robustness. The superior performance of our scheme is mainly attributed to the fine discrimination. The baseline scheme is only able to use 9 bits per block. The image quality loss can be measured by comparing the images before and after watermark embedding. The quality metrics considered here are the peak signal-to-noise ratio (PSNR) and the structural similarity (SSIM) [12]. The average results are listed in Table 5 and 6. A higher value means better quality. Since the SSIM score depends on the input image size, we only compare the PSNR values with the baseline. The PSNR of the baseline algorithm is 40.94 dB. The results in Table 5 show that our proposal can achieve the same or a

Table 6. Average SSIM values for different {𝑛, Δ}. Δ∖𝑛 11 13 15 baseline

384

64 0.9758 0.9668 0.9566

128 192 0.9761 0.9763 0.9672 0.9678 0.9572 0.9579 0.9831

256 0.9763 0.9675 0.9576

Table 7. Typical values of the ROC curve for {𝑛 = 64, Δ = 11}, {𝑁 = 64, 𝑇 = 43}. Block level Image level estimation {𝑃𝑓 , 𝑃𝑑 } {𝑝𝑓 , 𝑝𝑑 } 0.001, 0.736 7.9e-110, 0.9408 0.005, 0.765 1.6e-080, 0.9831 6.5e-068, 0.9923 0.01, 0.780 6.1e-039, 0.9995 0.05, 0.820 8.4e-027, 0.9999 0.1, 0.840

baseline algorithm. We achieve much better receiver operating characteristics without sacrificing image quality. This work justifies the concept of image block level content authentication by perceptual hashing and robust watermarking, thus provides useful reference for future design. 5. REFERENCES [1] Bruce Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, John Wiley & Sons, 2nd edition, 1996.

denoted by 𝑃𝑑 and 𝑃𝑓 , can be formulated as: 𝑃𝑑

=

𝑁 ( ) ∑ 𝑁 𝑘=𝑇

𝑃𝑓

=

𝑘

𝑁 ( ) ∑ 𝑁

𝑘=𝑇

𝑘

⋅ 𝑝𝑘𝑑 ⋅ (1 − 𝑝𝑑 )𝑁 −𝑘 ⋅

𝑝𝑘𝑓

⋅ (1 − 𝑝𝑓 )

𝑁 −𝑘

[2] Ashwin Swaminathan, Yinian Mao, and Min Wu, “Robust and secure image hashing,” IEEE Transactions on Information Forensics and Security, vol. 1, no. 2, pp. 215–230, June 2006.

(2) .

[3] Jiri Fridrich, “Robust bit extraction from images,” in Proc. of IEEE International Conference on Multimedia Computing and Systems, 1999, vol. 2, pp. 536–540.

(3)

[4] Jiri Fridrich and Miroslav Goljan, “Robust hash functions for digital watermarking,” in Proc. of International Conference on Information Technology: Coding and Computing, 2000.

Some typical {𝑝𝑑 , 𝑝𝑓 } pairs of the proposed algorithm are listed in Table 7 for {𝑛 = 64, Δ = 11}. For our proposal, 𝑁 = 64. Assuming 𝑇 = 42, if we apply Eqn. 2 and 3 to these values, we could have an estimation of the image level performance 𝑃𝑑 and 𝑃𝑓 , which are also listed in Table 7. In practice, the true performance may not be as good as the estimation, because blocks in the same image are not totally independent. However, the estimation implies that our algorithm achieves a very high authentication accuracy.

[5] Jillian Cannons and Pierre Moulin, “Design and statistical analysis of a hash-aided image watermarking system,” IEEE Transactions on Image Processing, vol. 13, no. 10, pp. 1393– 1408, October 2004. [6] Chuhong Fei, Raymond H. Kwong, and Deepa Kundur, “A hypothesis testing approach to semifragile watermark-based authentication,” IEEE Transactions on Information Forensics and Security, vol. 4, no. 2, pp. 179–192, June 2009.

4. CONCLUSION

[7] Hongmei Liu, Xinzhi Yao, and Jiwu Huang, “Semi-fragile Zernike moment-based image watermarking for authentication,” EURASIP Journal on Advances in Signal Processing, vol. 2010, pp. 17 pages, 2010.

Perceptual hashing is a promising tool for multimedia content authentication. Digital watermarking is a convenient way of data hiding. By combining the two, we get an efficient and versatile solution – one can verify the authenticity of images by comparing the embedded hash values with re-computed ones. Our scheme can tolerate a wide range of incidental distortion to the image, e.g., JPEG compression, AWGN, Gaussian filtering, etc. The proposal achieves a very high security level, because we carry out authentication on image block level. The authentication resolution is 1/64 area of an image. The challenge is that a hash value is embedded in a relatively small image block, and image quality can be degraded due to watermark embedding. In order to have a high embedding capacity while maintaining image quality, we use a state-of-theart lattice-based QIM watermarking algorithm. The compact and distinctive hash value is formed by the sign bits of wavelet transform coefficients. The hash algorithm and the watermarking algorithm are designed in different wavelet subbands to avoid interference. The good performance of the proposal is confirmed by extensive experiments including block-level hypothesis tests which rarely exist in related literature. By fully exploiting the potential of both hashing and watermarking, our scheme significantly outperforms an state-of-the-art

[8] Dieter Bardyn, Ann Dooms, Tim Dams, and Peter Schelkens, “Comparative study of wavelet based lattice QIM techniques and robustness against AWGN and JPEG attacks,” in Proc. of the 8th International Workshop on Digital Watermarking. 2009, IWDW ’09, pp. 39–53, Springer-Verlag. [9] John Horton Conway and Neil J. A. Sloane, Sphere Packings, Lattices and Groups, Springer, 1999. [10] Dieter Bardyn, Ann Dooms, Adrian Munteanu, and Pieter Schelkens, “Labelling bins for lattice quantization index modulation,” in Proc. of SPIE Photonics Europe, Optics, Photonics and Digital Technologies for Multimedia Applications, Brussels, 2010, vol. 7723. [11] L. Perez-Freire and F. Perez-Gonzalez, “Security of latticebased data hiding against the watermarked-only attack,” IEEE Transactions on Information Forensics and Security, vol. 3, no. 4, pp. 593–610, 2008. [12] Zhou Wang, Alan C. Bovik, Hamid R. Sheikh, and Eero P. Simoncelli, “Image quality assessment: From error visibility to structural similarity,” IEEE Transactions on Image Processing, vol. 13, no. 4, pp. 600–612, April 2004.

385