Semi-fragile Watermarking For Text Document Images Authentication Huijuan Yang, Alex C. Kot and Jun Liu School of Electrical and Electronic Engineering, Nanyang Technological University, Singapore 639798. Email:
[email protected]
Abstract– In this paper, a novel semi-fragile watermarking method for text document images authentication is proposed. The proposed method makes use of prioritized noise suppression patterns which takes into account the smoothness and connectivity in 5 × 5 neighborhood. This is particularly necessary when the original image is noisy. The content signature watermark is generated by uniquely mapping the binary bit pattern in each block to a binary bit. A novel way of embedding the content signature watermark in each block is proposed which is effective in detecting malicious attacks. Shuffling is applied to the host image to increase the security of the algorithm. A minimum flipping distance is imposed to control the visual quality. Experimental results validate the arguments made.
I. INTRODUCTION A. Authentication and integrity Authentication is to ensure that a given set of data has integrity, the content has not been modified, and it is from the legitimate sender. Recently, there are two kinds of definition of authentication, hard authentication and soft authentication [1]. Hard authentication rejects any modification made to a multimedia signal. Hard authentication is ensured through mechanisms like Message Authentication Code (MACs) and digital signatures, this kind of watermarks are called “fragile watermarks”. In soft authentication, legitimate processing should be differentiated from malicious tampering. This kind of watermark is called “semi-fragile watermark”. In soft authentication, the hash function may be performed on salient features of the images which gives credibility of the image if the image has undergone content-preserving processing.
based on denoise pattern matching. The content signature watermark is effective in detecting malicious tampers made to the document. II. PROPOSED ALGORITHM Most of the denoise patterns employed in our approach are “asymmetric patterns” in that the flipped pixels are difficult to be located given the watermarked image. Hence, a key or a location map is required for the watermark recovery. A. Content signature generation Some block-based embedding approaches found in literature [2][3][5] use the odd-even enforcement to embed one bit of data in each block. The major drawback of this method is, the attacker can carefully flip two pixels within the same block while does not affect the detector output, which is called “Parity Attack”. Here, we propose a more secure way of embedding the watermark bits in each block. Given a finer block of size m × n, where, m = 2a + 1, n = 2b + 1, a and b are nonnegative integers. The binary bit pattern of the finer block is converted to a unique integer value. A weight matrix g is used to be bitwise multiplied with the binary bit in the block. Each weight is assigned a weightage value of 2r−1 , where, r is the rth pixel in the finer block. An example of the designations of pixels and the weightage assignment of a finer block of size 3 × 3 is shown in Fig. 1.
B. Previous work Recently, several block-based methods for binary image watermarking or data hiding are proposed [2][3][4][5]. Among these methods, Some methods result in poor quality watermarked image, e.g., the key-weight matrix based method [4]. The watermarked image looks noisy due to the randomness in choosing the location for the watermark embedding. Some method requires a shuffling key in order to distribute the “flippable” pixels all over the image [2]. A list of patterns of different scores are employed to determine the flippability of a particular pixel. The flipping priority of a pixel is indicative of the estimated visual distortion that would be caused by flipping the pixel. It may be difficult to find a proper shuffle key such that in each block there’s a suitable pixel to flip. Some method employs the distance reciprocal distortion measure (DRDM ) to determine the “flippability” of a pixel, however, it may result in a break in a thin line as the end stroke tends to be flipped. In this paper, we propose a semi-fragile watermarking method in which the content signature of the block is generated and embedded in the block. The “flippability” of a pixel is
0-7803-8834-8/05/$20.00 ©2005 IEEE.
Fig. 1. An example of the designations of pixels and weightage assignment of a finer block.
In converting the binary bits to an integer value, the “flippable” pixels are set to a fixed values, e.g., 0, just like what we have done for clearing out the LSB for gray value in order to compute the hash. This integer number is called “feature code (f c)” of the block. If the block size is larger than the size of the defined finer block, a coarse block is defined [6]. Each coarse block will be divided into multiples of finer blocks. While any two neighboring finer blocks share one common row or column. So, preferably, the coarse block size is an odd number, e.g., 5, 7, 9, etc. An illustration of the coarse and finer blocks can be found in Fig. 2.
4002
Fig. 2. An illustration of the coarse and finer blocks. The coarse block of size 5 × 5 (a) is divided into four interlaced finer blocks: (b), (c), (d) and (e).
Assume the finer block is of size m × n, f (x, y) is the center pixel of the finer block. The feature code of the finer block f c is f c(x, y) =
a b 3 3
s=−a t=−b
g(s, t) ⊗ f (x + s, y + t);
(1)
where the weightage g(s, t)=1, 2, 4, ..., 2r−1 depends on the locations of the pixels in each finer block and ⊗ represents element wise multiply. The mean value of the feature code mf c of the (i, j)th coarse block is 1 33 f c(x, y) u×v v
mf c(i, j) =
u
(2)
y=1 x=1
where u and v are the total number of finer blocks in each coarse block in x and y direction respectively. A Look Up Table (LUT) is used to map the mean feature code (mf c) to a binary bit. The mf c is used as the index of the LUT to fetch the stored binary bit. This binary bit is called “content signature” (cs) of the block. The content signature cs of the block is cs(i, j) = LU T (mf c(i, j))
(3) m×n
for each finer This mapping will create an uncertainty of 2 block. A XOR (Exclusive OR) operation will be performed between the content signature of the block and the “flippable” pixel. The result will be compared with the bits to be embedded. If they match each other, no need to flip. Otherwise, the “flippable” pixel needs to be flipped. B. The watermark embedding process The watermark embedding is performed block by block, a non-interlaced block is used. An odd number (e.g., 7 × 7) is chosen as the block size in the current study. In each block, a moving window of size 3 × 3 is employed, which is centered at all pixels except the pixels which lie in the block boundary. A Look Up Table which consists of the index of the denoise patterns [3] could be set up. The same way of computing the feature code of the finer block can be employed to compute the index number of each denoise pattern in a 3 × 3 block. If this pattern is in the list of the table, further checking is performed in one to three more pixels in 5 × 5 neighborhood, which may or may not be in the same block. All the denoise patterns are prioritized based on the smoothness and connectivity of the patterns, a ranking value is assigned to it. A minimum flipping distance of 2 is imposed to ensure that no two neighboring pixels will be flipped in parallel. Shuffling of the original image is performed to increase the security level of the scheme. The “flippable” pixels are then exchanged with a set of fixed locations in the shuffled domain, i.e., the center pixel
of the first N blocks. The system could be designed in such a way that in each time interval, a different set of locations are selected, e.g., the first N blocks will be chosen for one time interval, every alternate blocks in the first 2N blocks for the second time interval etc.. Thereafter, the watermark embedding is performed in the exchanged pixels domain. Noted that instead of issuing the exchange key which point to the “flippable” locations, a location map could be used in the shuffled image domain, which corresponds to one bit for each block. This location map is subsequently compressed by a binary image compression algorithm, e.g., JBIG2, ITU G3/G4, finally this location map could be incorporated into the payload watermark. Of course, in so doing, a lot of hiding space will be sacrificed to carry this information. The watermark embedding strategy is detailed as follows and shown in Fig. 3. 1) Divide the original image f into blocks. 2) Determine the flippability of each pixel, a moving window of size m × n is used to be centered at each pixel. 3) Calculate the feature code f c(x, y) of the moving window which is centered at the pixel. If f c(x, y) is in the list of denoise patterns, extra checking on one to three pixels will be performed. 4) Impose the minimum flipping distance constraint between two “flippable” pixels, i.e., for any two “flippable” pixels: A(i, B) = 0 j) and B(k, m), the Euclidean distance dist(A,√ (i − k)2 + (j − m)2 should satisfy: dist(A, B) > 2. 5) The total number of “flippable” pixels is the capacity N of the image. 6) Generate the shuffle key and apply shuffling to the image ˜ = Shuffle [f ]. f, B 7) Generate the block content signature cs. The center pixel ˜ form the set {C}. Set c(i, j) of the first N blocks in B c(i, j) ∈ {C} to a fixed value, e.g., zero and generate the content signature cs. 8) Exchange pixels. The “flippable” pixels d(k), k = 1, 2...N , form the set {D}. If the center pixel of the first N blocks itself is a “flippable” pixel, i.e., c(i, j) ∈ {D} or the “flippable” pixel is the center pixel of the first N blocks, i.e., d(k) ∈ {C}, then it is excluded from being exchanged. 9) Perform watermark embedding. F c(i, j) when c(i, j) ⊕ cs(i, j) = w(k) c (i, j) = c˜(i, j) Otherwise where c (i, j) is watermarked pixel. c˜(i, j) is the complement of pixel c(i, j) and w(k) is the kth watermark bit. 10) An inverse exchange and shuffle is performed to obtain the watermarked image f = InverseShuffle [InverseSwap [f ]].
4003
Fig. 3.
Block diagram of watermark embedding process.
C. The extraction and verification process The amount of tamper occurred to the document can be evaluated by computing the “Tamper Assessment Score (Rd )” 1 3 w(i) ⊕ w(i), ˜ Nw Nw
˜ = Rd (w, w)
that without any tampers, the logo image can be reconstructed perfectly. When tampers occur to the image, the reconstructed logo image has some noise. While if a wrong shuffle key is used, then the reconstructed image is completely a noise pattern.
(4)
i=1
˜ are where Nw is the watermark number and w(i) and w(i) the original and retrieved watermark respectively. A proper threshold is set experimentally to differentiate the malicious tampers from the content-preserving tampers. The watermark extraction and verification strategy is detailed as follows and shown in Fig. 4. 1) The same shuffle key is applied to the watermarked image f , B˜ = Shuffle [f ]. 2) The length of the exchange key is used to decide the capacity N of the watermark. 3) The center pixel c (i, j) of the first N blocks in B˜ form the set {C }. Set c (i, j) ∈ {C } to a fixed value, e.g., zero and then generate the content signature cs . 4) Exchange the center pixels c (i, j) ∈ {C } with the “flippable” pixels d (k) ∈ {D }, k = 1, 2..., N which is pointed by the exchange key. 5) F Perform the watermark extraction by w(k) ˜ = 1 when c (i, j) ⊕ cs (i, j) = 1 0, when c (i, j) ⊕ cs (i, j) = 0 6) Perform tamper assessment by computing Rd .
(a)
(b)
(c) (d)
(e)
(f)
(g)
Fig. 5. Hiding effects and authentication results on an English text document: (a) the original image of size 697 × 157, (b) the watermarked image with 620 bits embedded, and (c) the watermarked image which has been tampered, “grammer” in the second line is changed to “syntax”. (d) the original logo image of size 24 × 17, (e) the reconstructed logo image from the watermarked image without tampering, (f) the reconstructed logo image from the tampered watermarked image and (g) the reconstructed logo image with wrong shuffle key.
Different kinds of tampers are applied to the watermarked images. The Rd value is calculated to assess the degree of tampering. The results are shown in Table I. Experimentally, Fig. 4.
TABLE I The Tamper Assessment Score (Rd ) for different kinds of tampers
Block diagram of watermark extraction process.
III. EXPERIMENTAL RESULTS The proposed method has been implemented and extensive experiments are conducted. In the experiments, we mainly focus on testing the visual quality of the watermarked image and the ability to detect malicious tampers.
Description Extend stroke Erase words 2% U Noise 2% GauNoise Substitution MedF iltering Substitute line F orge whole W rong key
A. Authentication results Due to the watermark embedding is performed in the shuffled domain, our scheme can not locate the exact tampering location. The block size selected is 7 × 7. First, an English text document of resolution 150 dpi is used as a test image. A NTU logo image is used as the watermark in order to visually detect the malicious tampering occurred to the watermarked image. The original, watermarked, and tampered images are shown in Fig. 5 (a), (b) and (c) respectively. It can be observed from the results that the watermarking effects are good. The original logo, the reconstructed logo without any tampering, the reconstructed logo after the word “grammer” is changed to “syntax” by using the tools from Adobe Photoshop 6.0, and the reconstructed logo by using the wrong shuffle key is shown in Fig. 5 (d), (e), (f) and (g) respectively. It can be observed
Image Name (size) Chinese EngT ext1 EngT ext2 (640 × 180) (660 × 160) (697 × 157) 0.0057 0.0288 0.0074 0.0822 0.0634 0.0278 0.0554 0.0519 0.0631 0.0746 0.0663 0.0835 0.1893 0.1830 0.1336 0.2677 0.1902 0.2894 0.3021 0.2219 0.1614 0.5010 0.5317 0.5325 0.4857 0.5187 0.4898
τ1 = 0.0060 and τ2 = 0.18 are set to be the threshold to differentiate the different types of the tampering. • Level 1: Rd = 0, image content is credible and no modifications have been made to the watermarked document. • Level 2: Rd ≥ τ1 and Rd ≤ τ2 , the image has been processed, but the processing is not so serious, the image is still considered to be “credible”. • Level 3: Rd > τ2 , the image has been tampered seriously, the content has been fabricated. The image is no longer
4004
considered to be “credible”. It can be observed from the results that the proposed method is effective in detecting malicious tampering tampers. Depends on different application requirements and types of documents, the thresholds chosen could vary accordingly. B. Comparisons Comparisons are made between our proposed method and the methods proposed by Lu et al.[5], Wu et al.[2] and Tseng et al .[4]. For Wu et al .’s method, when the block size is selected as 8 × 8, after applying shuffling to the original image, it is difficult to find a suitable pixel to flip in each block, many random noise appears. Hence, the block size chosen is 12 × 12. For Lu et al.’s method, when the block size is small, e.g., 8 × 8, the distortion is very serious, so, the block size chosen is 12 × 12 as well. In order to make a fair comparison, block size of 12 × 12 is chosen for Tseng et al .’s method as well. While for our proposed method, the block size is 5 × 5. Since the visual effect doesn’t have much difference when the block size changes, however, choosing too large block size will decrease the capacity significantly and long computation time is required as well. The results are illustrated in Fig. 6.
(a)
the attacker has no knowledge of any secret keys [2]: (1) the probability of making the content alterations while keep the m-bit authentication data authentic. (2) the possibility for an adversary to hide specific data in an watermarked image. For the first attack, as the watermark embedding is done in the shuffled domain, so, any change in the original image will be distributed through out the whole image. If a small amount of pixels are changed, it would render several blocks of the extracted watermark differ from the original one. On the other hand, if a large portion of the pixels of the image are changed, then the change will be expanded to many blocks. Hence most of the data bits retrieved will be different, the whole extracted logo image will look noisy. The content signature adopted in this approach provides another layer of security in that if the attacker doesn’t know the entries of the Look Up Table (LUT). It would be difficult for him to change some of the bits while maintain the same binary output. For the second attack, if the multiple copies of the watermarked image of the same original image is not available to the attacker, it would be much difficult for the attacker to embed his own watermark. While for our proposed method, the watermark is actually embedded in the exchanged domain. Each time, a fixed set of locations will be used for the watermark embedding, this fixed set of location pattern can depend on system time stamp. In this case, it is very difficult for the attacker to figure out which pixel is associated with which watermark bit. Further, he can not simply compute the difference to figure out the location even if multiples copies of the watermarked image of the same original image may be available, as the locations are different from time to time. V. CONCLUSIONS
(b)
(c)
(d)
(e)
Fig. 6. Hiding effects. (a) the original image of size 336 × 336 and with resolution 300 dpi, (b) hide 527 bits by our proposed approach, (c) hide 469 bits by DRDM method, (d) hide 784 bits by Wu et al.’s method, and (e) hide 4704 bits by Tseng et al.’s method. The black dots are the pixels which are flipped from white to black while the dark grey dots are the pixels which are flipped from black to white.
It can be seen from the results, the visual effects of our method are better compared with the other three methods. The capacity of our approach is comparable with that of Lu et al .’s method and Wu et al .’s method. While Tseng et al.’s method has the largest capacity. However, the visual quality is not as good as our method and Wu et al.’s method. It can be noticed that for Wu et al.’s method, even if the block size is quite large, there are still some blocks that don’t have a suitable pixel to flip. For Lu et al.’s method, the results are good for higher resolution image while are not so good for lower resolution image, due to the reason that the algorithm tends to flip the end point of the stroke, a cut off or erosion usually occurs. IV. SECURITY CONSIDERATIONS For the applications designed for authentications, it is important to consider the following two issues. Assume that
In this paper, a novel semi-fragile watermarking method for embedding watermark in binary document images for the purpose of document authentication is proposed. A novel way of embedding watermark bit by computing the content signature of the block is presented which is effective in detecting malicious tampers. The quality of the watermarked document is comparable if not better than the original document due to the utilizing of the noise suppression pattern. References [1] B. B. Zhu, M. D. Swanson, and A. H. Tewfik, “When Seeing Isn’t Believing”, IEEE Signal Processing Magazine, March 2004, pp. 40-49. [2] Min Wu, and Bede Liu, “Data Hiding in Binary Images for Authentication and Annotation”, IEEE Transactions on Multimedia, Vol. 6, No. 4, pp. 528-538, August 2004. [3] H. Yang and Alex C. Kot, “Data hiding for Bi-level Documents Using Smoothing Techniques”, Proceedings of the 2004 International Symposium on Cirsuits and Systems, ISCAS’04, vol. 5, pp. 692-695, May 2004. [4] Y. C. Tseng and H.-K. Pan, “Data Hiding in 2-Color Images,” IEEE Transactions on Computers, Vol. 51, No. 7, pp. 873-878, July 2002. [5] H. Lu, Kot A. C. and J. Cheng, “Secure data hiding in binary images for authentication”, Proceedings of the 2003 International Symposium on Circuits and Systems, ISCAS’03, Vol. 3, pp. III806–III-809, 25-28 May 2003. [6] S.-I. Chien and Y.-M. Baek, “Hierarchical Block Matching Method for Fast Rotation of Binary Images,” IEEE Transactions on Image Processing, Vol. 10, No. 3, pp. 483-489, March 2001.
4005
