Digital Watermarking: A Seminar Report On
Digital Watermarking: A Seminar Report On
Digital Watermarking: A Seminar Report On
Engineering
Submitted by:Vimal Kumar Class Roll No. 25 (G) EC-3rd Year Univ. Roll No. 0906331116
Abstract
Digital watermarking is a technique for inserting information (the watermark) into an image, which can be later extracted or detected for variety of purposes including identification and authentication purposes. Discourage unauthorized copying and distribution of images over the internet. Ensure a digital picture has not been altered. Software can be used to search for a specific
Contents
1.Introduction 1.1 Elements of a Watermarking System 1.2 Types of Digital Watermarks 1.3 Watermarking Requirements 1.4 Watermarking Techniques 2. Watermarking in the DCT domain 3. A Fragile Watermarking Technique 3.1 Fragile Watermarking 3.2 Fragile Watermarking Scheme Exploiting Non-Deterministic Block-Wise Dependency 3.2.1 Symbol Definitions 3.2.2 The Embedding Algorithm 3.2.3 The Detection Algorithm 2.2.4 Experiments on Attacks 3.2.4.1 Low pass filtering attack 3.2.4.2 Geometric attack 3.2.4.3 Forgery attack 4. Summary
Introduction
The enormous popularity of the World Wide Web in the early 1990's demonstrated the commercial potential of offering multimedia resources through the digital networks. Since commercial interests seek to use the digital networks to offer digital media for profit, they have a strong interest in protecting their ownership rights. Digital watermarking has been proposed as one way to accomplish this. A digital watermark is a digital signal or pattern inserted into a digital image. Since this signal or pattern is present in each unaltered copy of the original image, the digital watermark may also serve as a digital signature for the copies. A given watermark may be unique to each copy (e.g. to identify the intended recipient), or be common to multiple copies (e.g. to identify the document source). In either case, the watermarking of the document involves the transformation of the original into another form. This distinguishes digital watermarking from digital fingerprinting, where the original file remains intact and a new created file 'describes' the original file's content. Digital watermarking is also to be contrasted with public-key encryption, which also transform original files into another form. It is a common practice nowadays to encrypt digital documents so that they become un-viewable without the decryption key. Unlike encryption, however, digital watermarking leaves the original image (or file) basically intact and recognizable. In addition, digital watermarks, as signatures, may not be validated without special software. Further, decrypted documents are free of any residual effects of encryption, whereas digital watermarks are designed to be persistent in viewing, printing, or subsequent re-transmission or dissemination.
1.1
A watermarking system can be viewed as a communication system consisting of three main elements: an embedder, a communication channel and a detector. Watermark information is embedded into the signal itself, instead of being placed in the header of a file or using encryption like in other security techniques, in such a way that it is extractable by the detector. To be more specific, the watermark information is embedded within the host signal before the watermarked signal is transmitted over the communication channel, so that the watermark can be detected at the receiving end, that is, at the detector. A general watermarking system is illustrated in Fig. 1. The dotted lines represent the optional components, which may or may not be required according to the application. First of all, a watermark W is generated by the watermark generator possibly with a secret
o
signal.
Instead of directly embedding it into the host signal, the watermark W can be pre-coded to
o
optimize the embedding process, i.e. to increase robustness against possible signal processing operations or imperceptibility of the watermark. This is done by an information coder which may require the original signal S .
o
The outcome of the information coding component is denoted by symbol W that, together with the original signal S and possibly a secret key K, are taken as input of the embedder.
o
The secret key K is intended to differentiate between authorized users and unauthorized users at the detector in the absence of K . The embedder takes in W, S and K, so as to hide
g o
W within S in a most imperceptible way with the help of K, and produce the watermarked
o
unknown signal processing operations and attacks may take place. The outcome of the communication channel is denoted by the symbol S .
w
At the receiving end, the detector works in an inversely similar way as the embedder, and it may require the secret key K , K, and the original signal S . Then the detector reads Sw
g o
1.2
Watermarks and watermarking techniques can be divided into various categories in various ways. Watermarking techniques can be divided into four categories according to the type of document to be watermarked as follows: [1] Text Watermarking Image Watermarking Audio Watermarking Video Watermarking In other way, the digital watermarks can be divided into three different types as follows: [1,2] Visible watermark Invisible-Robust watermark Invisible-Fragile watermark Visible watermark is a secondary translucent overlaid into the primary image. The watermark appears visible to a casual viewer on a careful inspection. The invisible-robust watermark is embedded in such a way that alternations made to the pixel value are perceptually not noticed and it can be recovered only with appropriate decoding mechanism. The invisible-fragile watermark is embedded in such a way that any manipulation or modification of the image would alter or destroy the watermark. Also, the digital watermarks can be divided into two different types according to the necessary data for extraction: Informed (or private Watermarking): in which the original unwatermarked cover is required to perform the extraction process. Blind (or public Watermarking): in which the original unwatermarked cover is not required to perform the extraction process.
1.3
Watermarking Requirements
In this section, we study a number of watermarking system requirements as well as the tradeoffs among them. Security: The security requirement of a watermarking system can differ slightly depending on the application. Watermarking security implies that the watermark should be difficult to remove or alter without damaging the host signal. As all watermarking systems seek to protect watermark information, without loss of generality, watermarking security can be regarded as the ability to assure secrecy and integrity of the watermark information, and resist malicious attacks [3]. Imperceptibility: The imperceptibility refers to the perceptual transparency of the watermark. Ideally, no perceptible difference between the watermarked and original
signal should exist [4, 5]. A straightforward way to reduce distortion during watermarking process is embedding the watermark into the perceptually insignificant portion of the host signal [5]. However, this makes it easy for an attacker to alter the watermark information without being noticed. Capacity: Watermarking capacity normally refers to the amount of information that can be embedded into a host signal. Generally speaking, capacity requirement always struggle against two other important requirements, that is, imperceptibility and robustness (Fig. 2). A higher capacity is usually obtained at the expense of either robustness strength or imperceptibility, or both.
Robustness: Watermark robustness accounts for the capability of the watermark to survive signal manipulations. Apart from malicious attacks, common signal processing operations can pose a threat to the detection of watermark, thus making it desirable to design a watermark that can survive those operations. For example, a good strategy to robustly embed a watermark into an image is to insert it into perceptually significant parts of the image. Therefore, robustness is guaranteed when we consider the case of lossy compression which usually discards perceptually insignificant data, thus data hidden in perceptual significant portions is likely to survive lossy compression operation. However, as this portion of the host signal is more sensitive to alterations, watermarking may produce visible distortions in the host signal. The exact level of robustness an algorithm must possess cannot be specified without considering the application scenario [6]. Not all watermarking applications require a watermark to be robust enough to survive all attacks and signal processing operations. Indeed, a watermark needs only to survive the attacks and those signal processing operations that are likely to occur during the period when the watermarked signal is in communication channel. In an extreme case, robustness may be completely irrelevant in some case where fragility is desirable.
1.4
Watermarking Techniques
Several different methods enable watermarking in the spatial domain. The simplest (too simple for many applications) is just to flip the lowest-order bit of chosen pixels. This works well only if the image is not subject to any modification. A more robust watermark can be embedded by superimposing a symbol over an area of the picture. The resulting mark may be visible or not, depending upon the intensity value. Picture cropping, e.g., (a common operation of image editors), can be used to eliminate the watermark. Spatial watermarking can also be applied using colour separation. In this way, the watermark appears in only one of the colour bands. This renders the watermark visibly subtle such that it is difficult to detect under regular viewing. However, the mark appears immediately when the colours are separated for printing. This renders the document useless for the printer unless the watermark can be removed from the colour band. This approach is used commercially for journalists to inspect digital pictures from a photo-stock house before buying unmarked versions. Watermarking can be applied in the frequency domain (and other transform domains) by first applying a transform like the Fast Fourier Transform (FFT). In a similar manner to spatial domain watermarking, the values of chosen frequencies can be altered from the original. Since high frequencies will be lost by compression or scaling, the watermark signal is applied to lower frequencies, or better yet, applied adaptively to frequencies that contain important information of the original picture. Since watermarks applied to the frequency domain will be dispersed over the entirety of the spatial image upon inverse transformation, this method is not as susceptible to defeat by cropping as the spatial technique. However, there is more a tradeoff here between invisibility and decodability, since the watermark is in effect applied indiscriminately across the spatial image. Table 1. shows a small comparison between the two different techniques.
1) High resolution tampering localization: This becomes an important merit of fragile watermarking systems as it is one of the features that makes watermarking outweighs cryptography in some applications. The outcome of a detector can be as simple as authentic/tampered, but a result indicating which portions in an image are tampered is more desirable.
2) Tampering detection with low false positive. A good fragile watermarking system should have a sound tamper indication stating both statistical tampering probability and tampering localization with a low false positive rate. If the tampering localization is required to be accurate, the false positive rate must be kept low or localization resolution is compromised. For example, the boundary of tampered region may be obscure when false positive rate is not low enough, even if block size is small.
2) Geometric manipulation detectability. The watermark should be correctly read by the detector in the intact portions after geometric manipulations such as image cropping. Further, the ability of the detector to indicate where the cropping took place is of crucial importance in some applications. 3) Attack identification. With proper settings, the detector is also able to estimate what kind of modification had occurred to an attacked image. This includes the ability to differentiate geometric attacks from other attacks. It implies that cropping a part of the image will not result in disturbing the whole watermark. 4) Proper embedding sequence. It implies that the selection of dependency is limited to the previously watermarked portion of the image. If localization is required, the dependency information for the to-be-watermarked pixel can only be chosen from the neighboring pixels from the dependency selection. Because the to-bewatermarked pixel can only depend on the content information that will not be changed later, otherwise the watermark will not be recognized by the detector. Raster-scan and zig-zag scan order are both widely used [3]. 6) Blind detection. For practicality, watermark detectors should not require an original copy, or there would be no necessity for watermarking as the verification can be performed by simply comparing the received image with the original one. The watermark extraction should naturally be blind for practicality. In the following section, we introduce a fragile watermarking scheme which is immune to all forgery attacks and still retains high performance in every aspect of the system.
the gray scale of the i pixel of f the seven most significant bits of f(i) the least significant bit of f(i) the image received by the watermark detector. If not tampered with, f is the watermarked version of f the size of the image f the secret key generated binary watermark of the same size M as the image f
th
f (i):
l
f :
Z: w:
w(i): w : w (i):
the i bit of w the extracted binary watermark by the decoder the ith bit of w
D:
the binary difference map between w and w with its ith pixel denoted as D(i) (D(i) {0, 255}) indicating whether w(i) and w (i) are different. Wherever the watermarked image is manipulated, noises are shown in the corresponding portion of the difference map D. We could also identify what type of manipulation has been done from D the length of dependency neighborhood. the size of the neighborhood, L= k k. the square dependency neighborhood centered at pixel i consisting of k k pixels including pixel i itself the secret non-deterministic dependency information of pixel i calculated
k: L: N(i):
S(i):
The binary watermark w is used as a selection determinant. From the XOR operation in Eq. (1), we know that a pixel f (j) in N(i) is chosen only when the w(i) and w(j) are different.
M w(j)
S(i). Involving the watermark bits unknown to the third party in Eq. (1) introduces nondeterministic information and, thus, allows the scheme to counter the aforementioned forgery attacks.
Wherever the watermarked image is manipulated, noises are shown in the corresponding portion of the difference map D. We can also possibly identify what type of manipulation has been done from D.
In the following experiments regarding to the above alterations, neighborhood size is set to be 99 unless stated.
In the difference map in Fig. 4, there are two obvious noisy stripes along the borders of the image denoting the tampering. One good feature of the proposed scheme demonstrated here is that it is able to differentiate cropping attack from global manipulations such as scaling, low-pass filtering, and histogram equalization, which, when mounted, would give rise to an entirely noisy difference map.
It is clear that the size of the neighbourhood has certain influence on the tampering detection result when Fig. 5(c) and Fig. 5(d) are compared. The larger the size of neighborhood L is, the less precious the localization resolution is. However, from the security analysis, we can see that the value of L is tied with the security strength of the scheme. Therefore, a tradeoff needs to be obtained between localization resolution and security.
4. Summary
In this report, we discussed about watermarking techniques, especially the fragile authentication watermarking techniques. First we identified the watermarking system, types, and requirements. Further we provided a small introduction about fragile watermarking, and then we introduced a secure fragile watermarking system exploiting non-deterministic information and contextual information. Although the field of digital watermarking is young and there are some foreseeable limitations, it has potential and some unique features which other alternatives lack. Also, it will be fruitful if the connection between data hiding and cryptography is further investigated. However, there are still number of questions needed to be answered: whether the combination of data hiding and cryptography can solve the limitations of each other? How strong the relation between them can be? Will there be any new problem generated from the combination?