mean-quantization-based fragile watermarking for image authentication

7/29/2019 Mean-quantization-based fragile watermarking for image authentication

1/13

Mean-quantization-based fragile watermarkingfor image authentication

Gwo-Jong YuNational Central UniversityDepartment of Computer Science and

Information EngineeringChung-Li, Taiwan

Chun-Shien LuHong-Yuan Mark LiaoAcademia SinicaInstitute of Information ScienceTaipei, TaiwanE-mail: [email protected]

Abstract. The authors propose an image authentication scheme, whichis able to detect malicious tampering while tolerating some incidentaldistortions. By modeling the magnitude changes caused by incidentaldistortion and malicious tampering as Gaussian distributions with smalland large variances, respectively, they propose to embed a watermarkby using a mean-quantization technique in the wavelet domain. The pro-posed scheme is superior to the conventional quantization-based ap-proaches in credibility of authentication. Statistical analysis is conductedto show that the probabilities of watermark errors caused by malicioustampering and incidental distortion will be, respectively, maximized andminimized when the new scheme is applied. Experimental results dem-onstrate that the credibility of the method is superior to that of the con-ventional quantization-based methods under malicious attack followedby an incidental modification, such as JPEG compression, sharpening orblurring. 2001 Society of Photo-Optical Instrumentation Engineers.

[DOI: 10.1117/1.1384885]

Subject terms: fragile watermarking; image authentication; fragility; robustness;wavelet transform; human visual system.

Paper 200367 received Sep. 18, 2000; revised manuscript received Feb. 5, 2001;accepted for publication Feb. 9, 2001.

1 Introduction

The invention of the Internet provides a brilliant way of

transmitting digital media. When digital media contain im-

portant information, their credibility must be ensured. As a

consequence, a reliable media authentication system is in-

dispensable when digital media are transmitted over a net-work. In order to save bandwidth and storage space, digital

media are usually transmitted or stored in a compressed

format. In addition, media such as images may be pro-

cessed by blurring or sharpening for specific purposes. Un-

der these circumstances, an image authentication system

should be able to tolerate some commonly used incidental

modifications, such as JPEG compression, sharpening,

and/or blurring. In this paper, we focus our discussion on

image authentication.

In the literature, image authentication methods can be

roughly classified as being either digital-signature-based or

watermark-based. The digital-signature approach1 4 does

not modify the content of an image. Instead, it extracts

either global features or relational features from media for

authentication purposes. For example, Bhattacharjee and

Kutter1 used the positions of a set of feature points as a

digital signature. By examining the existence of featurepoints, images can be authenticated. Lin and Chang4 com-

puted the invariant relations between the coefficients of two

randomly selected DCT blocks and then used them as a

digital signature. Their method is able to resist JPEG com-

pression with compression ratios CRs up to 20 : 1. Themajor limitation of a digital-signature-based method is thatit can only be used for the purpose of verification, not copy-

right protection.

In the watermark-based image authentication ap-proaches, on the other hand, detection of tampering isbased on the fragility of a hidden watermark.510 In Kundurand Hatzinakoss5 quantization-based method, a watermarkvalue is encoded by modulating a selected wavelet coeffi-cient into a quantized interval. Basically, the quantity theyused for modulation, which is monotonically increasedfrom high resolution to low resolution, violates the capacityconstraint of the human visual system.11 They defined atamper assessment function TAF , which is the ratio of thenumber of tampered coefficients to the total number of co-efficients in a specific subband, in order to measure thedegree of tampering. They also point out if the TAF valuesdecrease monotonically from high resolution to low resolu-tion, then it is very likely that the manipulation is JPEGcompression. However, they did not address the situation inwhich an instance of malicious tampering and an incidentalmanipulation are imposed simultaneously.

In Ref. 2, Dittmann et al. mentioned that incidental dis-

tortions, such as JPEG compression, blurring, or sharpen-ing, should not be treated as malicious tampering. Theyalso mentioned that if a watermarked image is tamperedwith maliciously, then the portions where the watermarkerrors emerge should be the manipulated areas. Their argu-ment is only partially true, because incidental operationsthat are not malicious also cause watermark errors. Underthese circumstances, one cannot judge whether a modifica-tion is malicious or not simply by looking at watermarkerrors. The objective of this paper is to increase the cred-ibility of the embedded watermark by maximizing andminimizing, respectively, the probabilities of watermark er-rors caused by malicious tampering and incidental distor-

1396 Opt. Eng. 40(7) 13961408 (July 2001) 0091-3286/2001/$15.00 2001 Society of Photo-Optical Instrumentation Engineers


2/13

tion. Under these circumstances, an instance of malicioustampering can be easily distinguished from an incidentalmodification. In general, the probability of watermark errorcaused by an incidental distortion can be reduced by eitherenlarging the quantization interval or reducing the quantityof modifications on coefficients. However, it is well knownthat the maximum quantization interval should be boundedby the human visual system11 so that visual quality can be

maintained. As a consequence, the only methodology thatwe can adopt here is to increase the robustness by decreas-ing the variance of coefficients. Owing to the fact that thevariance of a subblock mean is smaller than that of anindividual sample, we know that a watermark value en-coded by quantizing the mean of a set of coefficients ismore robust than one encoded by quantizing a single coef-ficient.

Under a reasonable assumption that the number of modi-fications caused by an incidental distortion is smaller thanthat caused by a malicious distortion, the modificationscaused by an incidental distortion or an instance of mali-cious tampering can be, respectively, modeled as a Gauss-ian distribution with smaller or larger variance. In a good

image authentication system, it is expected that the embed-ded watermark should be robust enough to tolerate inciden-tal distortion and fragile enough to detect malicious tam-pering. However, it is also well known that robustness andfragility are two factors that compete against each other.Therefore, we need to seek a trade-off between them thatcan lead to the best outcome. In order to achieve that goal,a mechanism that can be used to encode a watermark sothat the probabilities of watermark errors caused by mali-cious tampering and incidental distortion are, respectively,maximized and minimized is indispensable.

In this paper, we propose a mean-quantization-basedfragile-watermarking approach that can be used to judgethe credibility of a suspect image. The approach embeds a

watermark by taking the mean value of a set of waveletcoefficients. Through theoretical analysis of the probabili-ties of watermark errors caused by malicious tampering andincidental distortion, the best number of coefficients neededto embed a watermark at each scale can be computed sothat the trade-off between robustness and fragility can beoptimized. Since the probability of watermark errors causedby incidental distortion at each scale is different, the detec-tion responses at all scales should be integrated so as toobtain a global estimation of the maliciously attacked area.Then, we can use some decision rules to judge whether asuspect image has been tampered with or not.

The remainder of this paper is organized as follows. Themean-quantization-based fragile-watermarking approach isdescribed in Sec. 2. An information-fusion technique thatcan be used to integrate the detection results at multiplescales is addressed in Sec. 3. Experimental results and con-clusions are given in Sec. 4 and Sec. 5, respectively.

2 Mean Quantization: A New Mechanism toAchieve Better Authentication

In this section, we describe the proposed mean-quantization-based fragile-watermarking approach. In orderto protect the original source, our watermark extractionprocess is designed in a blind-detection manner. Blind de-tection means the original source is not required for water-

mark extraction. Among the existing blind watermarkingschemes, the quantization-based watermarking approach isthe simplest one that achieves the goal. This is because in aquantization-based approach, a watermark is encoded anddecoded by the same quantization operation. In the follow-ing, we first introduce the conventional quantization-basedapproach and point out its disadvantages. Then, a mean-quantization-based approach is proposed to eliminate these

disadvantages. Finally, we propose a systematic way to de-termine an optimal number of coefficients for mean quan-tization.

2.1 Disadvantages of the ConventionalQuantization-Based Scheme

The quantization-based fragile-watermarking approach5 di-vides a real-number axis in the wavelet domain into inter-vals with equal size at each scale and assigns watermarksymbols to each interval periodically. Assuming that x is awavelet coefficient, and that q is the size of a quantizationinterval, the watermark symbol, which is either 0 or 1, isdetermined by a quantization function Q, where

Q x, q 0 iftqx t 1 q for t0,2,4, . . . ,

1 iftqx t 1 q for t 1,3,5, . . . . 1

Let w denote the target watermark value that is to be en-coded for a wavelet coefficient x. The encoding rule is as

follows: If Q(x,q) w , then no modification is necessary

for x; otherwise, x is updated to x* by

x*x q ifx0,

x q ifx0. 2

Kundur and Hatzinakoss approach5 uses 2l as the size of

a quantization interval, where is a prespecified positive

integer, l1, . . . ,L, and L is the number of scales used inthe wavelet transform. In their approach, the size of a quan-tization interval increases monotonically from high fre-quency to low frequency. However, this kind of design vio-lates the characteristics of the human visual system.11 Inour design, we take the limitations of the human visualsystem into consideration. On the other hand, since anymodification applied to an image will change its waveletcoefficients, it is reasonable to expect that their correspond-ing watermark symbols will be changed, too. By comparingthe extracted watermark values with the original hiddenones, the maliciously attacked area can be located. Al-

though the fragility of the watermark proposed in Ref. 5 isable to reveal malicious tampering, that watermark is notrobust enough to tolerate incidental distortions. Therefore,we seriously address this problem as well.

2.2 The Proposed Scheme

Watson et al.11 investigated the sensitivity of the humaneye and then proposed a wavelet-based human visual sys-tem HVS . According to the HVS, the wavelet coefficientscan be modified without causing visual artifacts. In orderfor a watermarked image to satisfy the transparency re-quirement, the quantization interval will be defined as themaximally allowable modification quantity based on the

Yu, Lu, and Liao: Mean-quantization-based . . .

1397Optical Engineering, Vol. 40 No. 7, July 2001


3/13

HVS of Ref. 11. Our basic concept is that if the modifica-tion quantity of a wavelet coefficient does not exceed itscorresponding masking threshold, then this modificationwill not raise visual awareness. Otherwise, we can say themodification is a malicious one.

Statistically, the mean value of a set of samples has vari-ance smaller than that of a single sample. We expect that ifthe watermark is embedded by modulating the mean value

rather than a single coefficient, the probability of water-mark errors will be smaller. This is because the mean valueis more difficult to move beyond the quantization intervalwhere it is originally located. For a specific subband, let thesize of a quantization interval be denoted as q, and let a set

of n wavelet coefficients be denoted as x i , i 1, . . . ,n .

The mean value of the x is can be computed as follows:

x1

n i1

n

x i . 3

For the purpose of robustness, a watermark value should be

encoded by moving its mean x to the middle of a corre-

sponding quantization interval such that the modulated xcannot be easily moved away from the current interval. Themean-quantization-based fragile-watermarking approachoperates as follows. Let w be the target watermark symbol

to be encoded, and let rbe the quantization noise defined as

rx xq q , 4where is the floor operator. To encode w, the amount of

update u added to the mean coefficient xcan be determinedas follows:

u r 0.5q ifQ x, q w ,

r1.5q ifQ x, q w and r0.5q ,

r0.5q ifQ x, q w and r0.5q .

5

As a consequence, the new mean coefficient becomes x*

x u. In Eq. 5 , 0.5q and 1.5q are used to shift a mean

coefficient x to the middle of a quantization interval such

that x* is relatively difficult to move away from the currentinterval. However, updating the mean coefficient implies

that all the constituent coefficients need to be updated ac-cordingly by

x i*x i u 1i n , 6

where x i* is an updated wavelet coefficient.

Let a modified wavelet coefficient x be modeled as

xx* , 7

where x* is the wavelet coefficient defined in Eq. 6 and represents the amount of update caused by tampering. In

the case of incidental modification, I can be modeled as aGaussian distribution with a smaller variance, that is,

IN 0,I2 , 8

where I denotes the variance of the modification quanti-

ties due to an incidental distortion. On the other hand, for

an instance of malicious tampering, M can be modeled asa Gaussian distribution with a larger variance, that is,

MN 0,M2 , 9

where M denotes the variance of modification quantitiescaused by malicious tampering. Usually, it is assumed thatthe variance of modification quantities caused by an inci-dental distortion is smaller than that caused by an instance

of malicious tampering, i.e., IM . Lin and Chang4 have

provided some reference values for I and M in the spa-

tial domain.Figure 1 illustrates the statistical distributions of updates

of wavelet coefficients corresponding to incidental and ma-licious modifications. In Fig. 1, each quantization intervalhas a corresponding binary watermark symbol, 0 or 1. Thewatermark symbol associated with the coefficient x changes

when the amount of tampering, , is greater than 0.5q .

Based on the above design, a wavelet coefficient is put atthe middle of a quantization interval in order to reduce theprobability of watermark errors caused by tampering. Sincethe same watermark symbol appears periodically, the wa-

termark symbol may not be changed even for 0.5q .

For example, if 2.0q , the tampered coefficient x will

fall into the interval (2 t2)q ,(2 t 3) q with the water-mark symbol 0, which is the same as the original water-mark symbol carried by x. This is the common drawback ofa quantization-based watermarking approach. However,since the variance of modification quantities caused by aninstance of malicious tampering is larger than that causedby incidental distortion, we can expect that an incidentally

Fig. 1 The statistical distributions of incidental modification and ma-licious tampering on wavelet coefficients (top), and an illustration ofquantization-based watermarking (bottom).


1398 Optical Engineering, Vol. 40 No. 7, July 2001


4/13

distorted coefficient has greater probability of falling into

the interval 0.5q ,0.5q . Thus, we have the hypothesisthat the probability of watermark errors caused by an inci-dental distortion is smaller than that caused by an instanceof malicious tampering. In addition, we conduct an analysisin the next paragraph to prove that our scheme can alleviatethe well-known drawback of the conventional quantization-based approach.

In order to ensure that an authentication system isincidental-distortion-tolerant, the credibility of a fragile wa-termark should be increased so that an incidental modifica-tion will not be misunderstood as a malicious one. Becausethe sum of more than two random variables with Gaussiandistribution is still a Gaussian distribution but with smallervariance, we have

N 0,1

n

2 10when N(0,2). Thus, when mean quantization is ap-plied, the distribution of modification quantities caused by

malicious or incidental distortions will become

IN 0,1

nI

2 11and

MN 0,1

nM

2 , 12respectively. Equations 11 and 12 indicate that the pro-posed mean-quantization-based approach can reduce thevariance of modification quantities caused by incidentaland malicious distortions, respectively. From Eqs. 11 and 12 , it is obvious that when the number of coefficients, n,used to encode a watermark value is increased, the prob-ability of watermark errors will be decreased. In order toincrease the credibility of a fragile watermark for imageauthentication, the watermark errors caused by an instanceof malicious tampering should be maximized, and thosecaused by an incidental distortion should be minimized.Under these circumstances, if the value of n is too small,then the embedded watermark will be too fragile to tolerateincidental manipulation. On the other hand, if n is too large,the embedded watermark will be too robust to detect mali-cious tampering. Therefore, the number n used to encode awatermark value is a key factor in the trade-off betweenrobustness and fragility. We conduct an analysis with re-

gard to this trade-off in Sec. 2.3.

2.3 Choosing an Optimal n for Mean Quantization

In this subsection, we provide a formal proof to show thatthe proposed mean-quantization-based fragile watermark-ing scheme is superior to the conventional quantization-based approach.5 In Ref. 5, Kundur and Hatzinakos as-sumed that the distributions of modification quantitiescaused by an instance of malicious tampering and an inci-dental distortion are both Gaussian. They also mentionedthat the major difference between the two distributions isthat the variance of the distribution caused by malicious

tampering is larger than that caused by incidental distor-tion. Since the operation of mean quantization will makethe variance of all distributions smaller, in this section wedevise a systematic way to determine an optimal number ofcoefficients that should be adopted in the mean quantizationprocess.

Given a distribution of tampering N(0,2), and a quan-

tization interval size q, the probability of watermark errors

computed using a quantization-based approach is

E 2j 0

(2j 1/2)q

(2j 3/2)q 1

2exp

1

2

x

2

dx 13

2j 0

limr k0

r1

2

q

r

exp 1

2

2j 12 k

12 /r q

2

. 14

Since Eq. 13 is not in a discrete format, we use the formshown in Eq. 14 instead to compute the probability ofwatermark errors with respect to and q, because and qare two important factors that will influence the results.

Figure 2 shows the relations between the variance , of

tampering, the size q of a quantization interval, and theprobability E of watermark errors. The X axis and Y axis in

Fig. 2 represent /q and E, respectively. However, owing

to the fact that the maximum q is bounded by the charac-teristics of the human visual system,11 the probability ofwatermark errors cannot be arbitrarily reduced. On the

other hand, for a fixed q, a larger value will lead to a

larger E value. If the variance can be reduced, then theprobability of watermark errors caused by a malicious dis-

tortion or an incidental distortion will be reduced.In Eq. 14 , we know that the probability of watermark

errors is a function of/q . Therefore, we can represent the

probability by means of f( t), where t/q. In general, therange of t can be divided into three zones. In the robust

zone the value of f( t) is very close to 0. In the fragile zone

the value of f(t) is close to 0.5. There is a transition zone

in between, which we call the semifragile zone. The value

of f(t) changes from 0 to 0.5 within that zone. Therefore,there are two critical points that need to be determined. One

is the point at which the value of f(t) changes from zero to

nonzero. The other is the point where f(t) starts to saturate

at 0.5. We call these points t1 and t2 , respectively. Further-

more, since the semifragile zone is an ambiguous zone, wewould like to make it as small as possible. For this purpose,

the values of t1 and t2 can be determined by solving the

following constraint optimization problem:

g t1 ,t2 f t1 f t2 0.5 t2

t1, 15

where g() is a cost function to be minimized. The first

term and the second term on the right-hand side of Eq. 15are the constraints that force the values of f(t1) and f( t2)

to be as close as possible to 0 and 0.5, respectively. As to




5/13

the t2 /t1 term, it is used to keep the size of the transition

zone as small as possible. On the other hand, the param-

eters , , and are designed to control the values of t1and t2 , which will determine the ranges of the three zones

shown in Fig. 2. In fact, t1 and t2 together can determine

the number of coefficients (n) needed to embed a water-

mark. Therefore, the selection of, , and will certainly

influence the selection of n. However, since the best n canbe chosen by optimizing an objective function, obtaining

different optimal n is possible if different sets of, , and

are chosen. In this paper, the values of and should beset the same because their importance is equal. On the other

hand, the relation should hold, so that the bound-

aries of the three zones will be clear-cuts. One thing to be

noted is that when that relation holds, different sets of,

, and will not influence the value of n. In our experi-

ments, we set the values of the leading coefficients , ,

and at 1000, 1000, and 1, respectively. Based on the

above setting, t1 and t2 can be determined. They are 0.15

and 1.15, respectively.Let the distribution of an instance of malicious tamper-

ing and an incidental distortion be denoted as N(0,I2) and

N(0,M2 ), respectively. From Lin and Changs4 previous

experience, we know that M is larger than I , and they

have a relation M cI with c1. Let n denote the num-

ber of coefficients used in calculating a mean coefficient Eq. 3 ; the new distributions of modification quantitiescaused by a malicious tampering and an incidental distor-

tion become N(0,(I*)2) and N(0,(M* )

2), respectively,

where I*(1/n)I and M* (1/n)M(c/n)I .Let the size of a quantization interval, q, be determinedaccording to the human visual system.11 This means that qis fixed with respect to the human visual system. The ques-

tion is how to determine the best n such that the probabilityof watermark errors caused by an instance of malicioustampering will be maximized and that caused by an inci-

dental distortion will be minimized. If the relation M*/q

t2 holds, then the probability of watermark errors causedby a malicious tampering will definitely be maximized.Therefore, we have

M*

qt2

cI

nqt2

cI

t2qn. 16

Similarly, if the relation I

*/q t1

holds, then the probabil-

ity of watermark errors caused by an incidental distortionwill be minimized. That is,

I*

qt1

I

nqt1

I

t1qn . 17

Combining Eqs. 16 and 17 , we obtain

I

t1qn

cI

t2q. 18

Fig. 2 The relation between the variance of tampering , the quantization intervals size q, and theprobability of watermark errors.




6/13

It is obvious that the minimum n that satisfies Eq. 18 is

an n 1 that makes I /t1q n1. Therefore, we have

n 1I

t1q

2

. 19

This n 1 will lead to the minimum probability of watermark

errors caused by an incidental distortion. On the other hand,

the maximum n that will satisfy Eq. 18 is an n 2 that

makes n2 cI /t2q. Thus, we have

n 2 cIt2q2

. 20

This n 2 will lead to the maximum probability of watermark

errors caused by an instance of malicious tampering. Inorder to find the best n that will bypass an incidental dis-tortion while detecting an instance of malicious tampering,

we should select an n that is bounded by n1 and n2 , i.e.,

n n 1 ,n 2 .In what follows, we shall conduct a theoretical analysis

to determine an ideal n. From Eq. 14 , we know that theprobability of watermark errors is a function of/q . Since

q is a constant when a specific human visual model11 is

adopted, t is proportional to . Let the probabilities of wa-termark errors caused by an incidental distortion and a ma-

licious tampering be f( t1) and f( t2), respectively, where

t1I /q and t2M /q . Because M cI , we have

t2M

q

cI

q c t1 . 21

When a mean-quantization operation covering n coeffi-

cients is applied, I and M will be updated to I /n andM /n , respectively. In order to obtain the best mean-quantization result, the difference between the watermark

errors caused by an instance of malicious tampering and an

incidental distortion should be maximized. That is, f( t2)

f( t1) should be maximized. The physical meaning of

maximizing f( t2)f( t1) is to make the watermark errors

caused by an instance of malicious tampering as large aspossible and those caused by an incidental distortion assmall as possible. Using the optimization scheme, one can

decide on an optimal value of n such that f( t2)f( t1) is

maximized. The simplest way to calculate the ideal n is to

compute the values of f(cI /nq) f(I /nq) using

various integers n

n 1 ,n 2 . The integer that leads to thelargest outcome is the ideal n. Figure 3 shows a 2-D plot of

the maximization function, f( t2)f( t1), as a function of cand n.

3 Tampered-Area Estimation Using InformationFusion

For image authentication, the wavelet-based fragile-watermarking method proposed in Ref. 5 only shows thetampering detection results at multiple scales. In this sec-tion, we present an information fusion technique that can beused to integrate the results obtained at multiple scales. Inaddition, the proposed technique has the merit of suppress-

ing sparse watermark errors spread out over the subimagesat multiple scales.

The analysis conducted in Sec. 2.3 provides a procedureto compute the optimal n of every subband at differentscales. Due to the length of a quantization interval, thevariance of distribution of an instance of malicious tamper-ing and that of an incidental distortion are different in dif-

ferent subbands; the optimal ns of the LH, HL, and HH

subbands may be different. Let the size of an image be N

N, where Nis a power of 2. We embed the watermark by

changing the coefficients of one of the LH, HL, and HHsubbands. Since the optimal n at each subband may bedifferent, we arrange the ordering of a sequence so that the

Fig. 3 The objective function, f(t2) f(t1), as a function of c and n.




7/13

embedded watermark is secure, robust, and localized. Inwhat follows, we first discuss the operation at a scale with-out specifying the scale until we need to integrate the re-sults. Let the optimal n of the LH, HL, and HH subbands at

scale l be denoted as nLH , n HL , and n HH , respectively. In

addition, we rename and reorder nLH , nHL , and nHH as

n 1n2n 3 . At scale l, the size of every subband becomes

L L , where L N/2l. On the other hand, we map every

coefficient x(i,j) at position ( i ,j) into a 1-D value y (p)

using the following formula:

p iw wL hw o, 22where w n 2 ,

h j ifi/w is even,

Lj ifi/w is odd,

and o

i

i/w . From the above transformation, we estab-lish a one-to-one relation between the 2-D representation

x(i,j) and the 1-D representation y (p). Before we embed a

watermark in a specific subband, a sequence s k is first gen-

erated by a private key, where sk LH,HL,HH . The

value of sk will indicate in which subband the kth water-

mark value should embed. We denote the number of coef-

ficients used to embed the kth watermark as n sk. The co-

efficients, Ck y (p*),y (p*1), . . . ,y (p* n sk1) , in

the subband s k are allocated for embedding the kth water-

mark, where p* i 1k1n s i

. Finally, the kth watermark will

be embedded in the set of coefficients Ck using the mean-

quantization embedding rule described in Eq.

6

.In what follows we compute the probability of water-

mark errors caused, respectively, by malicious tamperingand incidental distortion. Based on the analysis of theseprobabilities, we are able to judge what regions have been

maliciously tampered with. A set of coefficients, Cj , is

defined as a neighbor of Ci if any coefficient in Cj is four-

connected to Ci . We denote the set of neighbors of Ck as

Sk Ci Ci is a neighbor ofCk .

Let Tk denote the status of a malicious tampering corre-

sponding to the coefficient Ck , i.e.,

Tk1 ifCk has watermark error,

0 otherwise.

Let the theoretical probability of watermark errors causedby an instance of malicious tampering in subband s be de-

noted as P sM , and that caused by an incidental distortion be

denoted as P sI

, where s LH,HL,HH . The value of PsM

P sI can be maximized by choosing the optimal n by using

the method described in Sec. 2.3. Under these circum-

stances, the estimated probability that Ck has been mali-

ciously tampered with is

EkMk

MkIk, 23

where

Mk k* Ck*(Sk Ck )

Tk*P sk*M

1 Tk* 1 P sk*M

24

indicates the probability that the watermark error detected

in Sk Ck is caused by an instance of malicious tamper-

ing, and

Ik k* Ck*(Sk Ck )

Tk*Ps k*I

1 Tk* 1 P sk*I 25

indicates the probability that the detected watermark error

is caused by an incidental distortion. Ek here indicates the

probability that the coefficients in Ck have been mali-

ciously tampered with. The set of coefficients in Ck is

Ck y p 1 ,y p 2 , . . . ,y pnsk

x i1 ,j 1 ,x i 2 ,j 2 , . . . ,x insk,j n

sk .

The relation between p k and (ik ,j k) has been given in Eq.

22 . In order to specify it at the scale level, we use Ekl to

represent, at scale l, the probability that the coefficients in

Ck are maliciously tampered with. Under these circum-

stances, for a specific position ( i 0,j 0) at scale l, the prob-

ability of its being tampered with can be computed by

Ei 0,j 0l

Ek*l

, 26

where x( i0/2l , j

0/2l )Ck*. The probability of water-mark errors caused by an instance of malicious tamperingcan thus be computed by integrating the information de-tected at each scale using the following rule;

Ei 0,j 0l1

Scale

Ei 0,j 0l

, 27

where Scale represents the number of scales used in thewavelet transform. In order to detect the complete tamperedarea, we extract the areas where the probability is higher asour final results. For achieving this goal, we use a rule as

follows: If a pixel at position i,j is maliciously tamperedwith, then

Ei ,j 0.5Scale. 28

The threshold used in Eq. 28 is learned by experience.But the underlying assumption is that Mk should be larger

than Ik for a malicious tampering.The mentioned mechanism can be used to detect most of

the areas that have been maliciously tampered with. How-ever, when such an area is very small, it is difficult todistinguish it from an area that has encountered incidentaldistortion. This is because an instance of malicious tamper-




8/13

ing and an incidental distortion both generate watermarkerrors of the sparse type. However, these small watermarkerrors will collapse if the evidence located at differentscales are integrated. On the other hand, if the probabilityof watermark errors caused by an incidental distortion isvery small zero is the ideal case , then one can claim thatthe detected watermark errors were completely obtainedfrom an area that was maliciously tampered with.

4 Experimental Results

To demonstrate the power of our image authentication sys-tem, we first introduce the experimental setup in Sec. 4.1and then give the detection results obtained under variousincidental distortions in Sec. 4.2. In Sec. 4.3, we presentsome experimental results obtained by applying both mali-cious tampering and incidental manipulation. A set of testimages processed by combining different incidental andmalicious manipulations was used to estimate the area thatwas maliciously tampered with. A comparison of the per-formance of the conventional quantization-based approachand our approach will be made in Sec. 4.4.

4.1 Experimental Setup

The images used in the experiment were of size 512 512

with 256 gray levels. Figure 4 is an example showing howa watermarked image is tampered with, including the origi-nal image, the watermarked image, the altered area, and thefinal altered image. The PSNR of the watermarked imageshown in Fig. 4 b was 35.91 dB. Two peppers Fig. 4 cwere added as shown in Fig. 4 b and formed an image thathad been tampered with, as shown in Fig. 4 d . This set ofdata was used to test the performance of our approach inthe subsequent experiments.

The set of incidental attacks used in the experimentsincluded JPEG compression, blurring, and sharpening. The

mask sizes used in the blurring operation were 3 3, 5

5, and 7

7, respectively. The quality factors adopted forJPEG compression were from 10% to 90%, and the param-

eters used in the sharpening operation were from 10% to50%. In the experiments, the watermark sequence was em-bedded in one of the LH, HL, and HH subbands randomlyat each scale of a wavelet-transformed image. As to thedetermination of the best n at every scale of a wavelettransform, this can be calculated by scanning the interval

n1 ,n 2 for large c (c 7.67) or by scanning the interval

n2 ,n 1 for small c (1 c7.67), where n 1 and n 2 arecomputed using Eqs. 19 and 20 , respectively. We use

n(nLH1 ,n HL

1 ,nHH1 ;n LH

2 ,nHL2 ,n HH

2 ; . . . ;nLHs ,n HL

s ,nHHs ) to

represent the number of coefficients used at every scale in

the mean quantization process, where n i is the number ofcoefficients used to derive a mean at scale i, and s is thetotal number of scales used. From Eqs. 19 and 20 , thebest set of n could be theoretically determined as 9, 9, 7;16, 16, 12; 16, 16, 13; 11, 11, 8 when the total number ofscales was chosen to be 4.

4.2 Detection Results Obtained by ApplyingIncidental Distortions Only

In this section, we check whether our approach could tol-erate a number of incidental operations with different de-

Fig. 4 An example showing malicious tampering by means of object replacement: (a) original image;(b) watermarked image; (c) objects used for tampering; (d) modified watermarked image.

Fig. 5 A set of test images.




9/13

grees of alteration. Figure 5 shows a set of test images that

was used in the experiments. The incidental operations thatwere applied to the set of test images included JPEG com-pression, blurring, and sharpening. Table 1 lists the resultsobtained in this experiment. A symbol indicates that oursystem considered the operation to be an incidental one. Onthe other hand, a symbol indicates that our system mis-takenly considered the operation to be a malicious one.From the table, it is obvious that our system could success-fully pass almost all the JPEG-compressed images down toquality factor 30%. As for the sharpening operation, oursystem could successfully tolerate most of the sharpenedimages up to a 40% sharpening factor. However, in the caseof the blurring operation, our system did not work well.

4.3 Detection Results Obtained by ApplyingMalicious Tampering and IncidentalManipulation Simultaneously

In this section, we give some experimental results obtainedby applying malicious tampering and an incidental manipu-lation simultaneously. The objective of these experimentswas to check whether our approach could successfully tol-erate an incidental manipulation while detecting a mali-cious attack. Figure 6 a is a pepper image that was modi-fied by performing 60% quality factor JPEG compression,followed by two-pepper replacement. The detected water-mark errors at scales 1 to 4 are shown in Figs. 6 b to 6 e ,respectively. It can be seen that the watermark errors

caused by the JPEG compression are much fewer than

those caused by malicious tampering. The detected water-mark errors were then converted into the probability ofbeen maliciously tampered with as shown in Figs. 6 g and6 j . It is obvious that the coefficients having the sparsetype all had lower probability of having been maliciouslytampered with at each scale. On the other hand, the areasthat corresponded to the regions that were maliciously tam-pered with all had higher probability of having been mali-ciously tampered with. After performing information fu-sion, the final detected altered areas were those shown inFig. 6 f . It is apparent that the maliciously modified re-gions were detected correctly.

Figure 7 shows another 21 detection results obtainedusing the proposed mean-quantization-based fragile-

watermarking technique. The symbols T, B, J, and S denotemalicious tampering, blurring, JPEG compression, andsharpening, respectively. The number following each sym-bol is the parameter used in an incidental distortion. For

example, TB 3 3 in Fig. 7 b means an image wasmaliciously tampered with and then blurred with a mask of

size 33. In the whole set of experiments, the resolution of

the wavelet transform was taken up to 4 scales. The optimalnumber of coefficients used to perform mean quantization

at each scale was n(9,9,7;16,16,12;16,16,13;11,11,8).From Fig. 7, it is apparent that our approach did work wellin most cases, especially in tolerating incidental manipula-tion like JPEG. Figure 7 l indicates that when the quality

Table 1 Tampering detection for a set of incidentally manipulated test images. A symbol indicatesthat our system treats the operation as an incidental distortion, while a symbol indicates that theoperation was misidentified as malicious tampering.

Image Response

Operation Image A01 A02 A03 A04 A05 A06 A07 A08 A09 A10 A11 A12

Blur (3 3)

Blur (5 5)

Blur (7 7)

Sharpen (F10%)

Sharpen (F20%)

Sharpen (F30%)

Sharpen (F40%)

Sharpen (F50%)

Sharpen (F60%)

Sharpen (F70%)

Sharpen (F80%)

Sharpen (F90%)

JPEG (QF90%)

JPEG (QF80%)

JPEG (QF70%)

JPEG (QF60%)

JPEG (QF50%)

JPEG (QF40%)

JPEG (QF30%)

JPEG (QF20%)

JPEG (QF10%)




10/13

Fig. 6 Tampering with object placement and JPEG compression: (a) is a tampered image with twoobjects added; (b) to (e) are the detected watermark errors from scales 1 to 4, respectively; (g) to (j)are the tamper response maps derived from scales 1 to 4, respectively; (f) is the final result afterperforming information fusion.

Fig. 7 A set of detection results obtained by applying our mean-quantization-based method. (a) is thedetection result when the attack is object placement only; (b) to (d) show the detection results whenthe attack is object placement followed by blurring with mask sizes of 3 3, 5 5, and 7 7, respec-tively; (e) to (m) show the detected results when the attack is object placement followed by JPEGcompression with a quality factor ranging from 90% to 10% in steps of 10%; (n) to (v) show thedetection results when the attack is object placement followed by sharpening with a sharpening factorranging from 10% to 90% in steps of 10%.




11/13

factor reached 30%, the detection result was still good. In

the case of a combined attack including 5 5 and 77

blurring Fig. 7 d , the results were bad. But when thewindow size was 3 3, the detection result was good. In

the case of a combined attack involving sharpening, the

results were good when the sharpening factor was smaller

than 40%. When the sharpening factor reached or exceeded

60%, the detected results were completely wrong.

Fig. 8 Sensitivity test of our algorithm against small image modifications.




12/13

We also conducted a series of experiments to test thesensitivity of our algorithm to small image modifications.The test image used was the A11 image as shown in Fig. 5.We selected the area close to the mouth as the target totamper with. We gradually enlarged the tampered areas andthe detected results are shown in Figs. 8 a to 8 i . It isobvious that when the modified area was very small, ouralgorithm could not detect the change a to d . However,when the modified area reached a certain size, our algo-rithm was able to detect it correctly e to i .

4.4 Comparison with the ConventionalQuantization-based Approach

In this subsection we compare our approach with the con-ventional approach. The maliciously attacked image shownin Fig. 4 d , subjected to JPEG compression with a qualityfactor 60%, was used as the test image. The watermarkerrors at scales 1 to 4 obtained by applying the conven-tional quantization-based approach5 and the proposed

mean-quantization-based approach with n

(9,9,7;16,16,12;16,16,13;11,11,8) are shown in Figs.

9 a and 9 b , respectively. It is obvious that the resultsobtained by applying our approach are better than thoseobtained by applying the conventional approach.

5 Conclusion

In this paper, a mean-quantization-based fragile-watermarking approach has been proposed for image au-thentication. Our system is able to maximize the probabilityof watermark errors caused by an instance of malicioustampering and minimize the probability of watermark er-rors caused by an incidental distortion. In addition, an in-formation fusion procedure that can integrate detection re-sponses at each scale in the wavelet domain has beenpresented, which can be used to estimate the area that hasbeen maliciously tampered with.

Our future work will proceed in two directions. First, thecapability of our image authentication system in distin-guishing malicious tampering and incidental distortion willbe further improved so that incidental distortion with largevariance of modification, such as histogram equalization,can also be tolerated. Secondly, we will extend the mean-quantization-based watermarking approach to multipurposewatermarking, so that an embedded watermark can be usedin multiple applications.

References

1. S. Bhattacharjee and M. Kutter, Compression tolerant image authen-tication, in IEEE Int. Conf. on Image Processing, Vol. 1, pp. 47 1998 .

2. J. Dittmann, A. Steinmetz, and R. Steinmetz, Content-based digitalsignature for motion pictures authentication and content-fragile water-marking, in IEEE Int. Conf. Multimedia Computing and Systems,Vol. II, 1999.

3. G. L. Friedman, The trustworthy digital camera: restoring credibilityto the photographic image, IEEE Trans. Consum. Electron. 39, 905910 1993 .

4. C.-Y. Lin and S.-F. Chang, A robust image authentication methodsurviving JPEG lossy compression, in Int. Conf. on Storage and

Retrieval of Image/Video Database, Proc. SPIE3312 1998 .5. D. Kundur and D. Hatzinakos, Digital watermarking for telltale

tamper proofing and authentication, Proc. IEEE 87, 11671180 1999 .6. R. B. Wolfgang and E. J. Delp, Fragile watermarking using the

VM2D watermark, in Int. Conf. on Security and Watermarking ofMultimedia Contents, Proc. SPIE 3657, 204213 1999 .

7. P. W. Wong, A public key watermark for image verification andauthentication, in IEEE Int. Conf. on Image Processing 1998 .

8. M. Wu and B. Liu, Watermarking for image authentication, inIEEE Int. Conf. on Image Processing 1998 .

9. M. Yeung and F. Mintzer, An invisible watermarking technique forimage verification, in IEEE Int. Conf. on Image Processing 1997 .

10. B. Zhu, M. D. Swanson, and A. H. Tewfik, Transparent robust au-thentication and distoration measurement technique for images, inThe 7th IEEE Digital Signal Processing Workshop, pp. 4548, 1996 .

11. A. B. Warson, G. Y. Yang, J. A. Solomon, and J. Villasenor, Vis-ibility of wavelet quantization noise, IEEE Trans. Image Process.6 8 , 11641175 1997 .

Fig. 9 Comparison of detected watermark errors obtained using the conventional quantization-based

approach and the mean-quantization-based approach with n (9,9,7;16,16,12;16,16,13;11,11,8).




13/13

Gwo-Jong Yu received the BS degree ininformation computer engineering from theChung-Yuan Christian University, Chung-Li, Taiwan in 1989. Since July 2000, hehas been a research assistant in the Insti-tute of Information Science, AcademiaSinica, Taipei, Taiwan. He is currentlyworking toward the PhD degree in com-puter science from National Central Univer-sity, Chung-Li, Taiwan. His research inter-

ests include digital watermarking, facerecognition, and neural networks.

Chung-Shien Lu received the PhD degreein electrical engineering from NationalCheng-Kung University, Tainan, Taiwan, in1998. His thesis is about wavelet-based2-D/3-D texture analysis. From September1994 to June 1998 he was also a researchassistant in the Institute of Information Sci-ence, Academia Sinica, Taipei, Taiwan,ROC. Since October 1998, he has been apostdoctoral fellow in the same institute.He was the recipient of the excellent paper

award of the Image Processing and Pattern Recognition Society ofTaiwan in 2000 for his work on digital watermarking. His current

research interests include digital watermarking and data hiding, mul-timedia signal processing, image processing, and visual communi-cations. He is a member of the IEEE.

Hong-Yuan Mark Liao received the BSdegree in physics from National Tsing-HuaUniversity, Hsin-Chu, Taiwan, in 1981, andthe MS and PhD degrees in electrical engi-neering from Northwestern University, Illi-nois, in 1985 and 1990, respectively. Hewas a research associate in the ComputerVision and Image Processing Laboratory atNorthwestern University during 19901991. In July 1991, he joined the Instituteof Information Science, Academia Sinica,

Taiwan, as an assistant research fellow. He was promoted to asso-

ciate research fellow and then research fellow in 1995 and 1998.From August 1997 to July 2000, he served as the deputy director ofthe institute. Currently, he is the acting director of the Institute ofApplied Science and Engineering Research, Academia Sinica, Tai-wan. Dr. Liaos current research interests include multimedia signalprocessing, wavelet-based image analysis, content-based multime-dia retrieval, and multimedia protection. He was the recipient of theYoung Investigators award of Academia Sinica in 1998, the excel-lent paper award of the Image Processing and Pattern RecognitionSociety of Taiwan in 1998 and 2000, and the paper award of the

above society in 1996 and 1999. Dr. Liao served as the programchair of the International Symposium on Multimedia Information Pro-cessing (ISMIP1997) and will serve as the program cochair of thesecond IEEE Pacific-Rim Conference on Multimedia. He alsoserved on the program committees of several international and localconferences. Dr. Liao is on the editorial boards of the IEEE Trans-actions on Multimedia, the International Journal of Visual Commu-nication and Image Representation, Acta Automatica Sinica, theTamkang Journal of Science and Engineering, and the Journal ofInformation Science and Engineering. He is a member of the IEEEComputer Society.


mean-quantization-based fragile watermarking for image authentication

Documents