Semi-fragile Watermarks

perceptual distortion caused by the watermark can be better controlled in the frequency domain than in the spatial domain. Therefore, the watermarked image quality could be improved. In addition, since the frequency components are taken into account in the watermarking process, it becomes possible for the tamper detection to be localized in both spatial and frequency regions. Nevertheless, because the watermark is embedded in the frequency domain instead of by directly modifying the pixels, some slight pixel modification may not be detected by the transform domain watermarking algorithms.

Moreover, the tamper localization accuracy is also bounded by the size of the image unit that is used to calculate the frequency components, for example, the block size used in the block-based DCT schemes. Subsequently, the sensitivity and accuracy of tamper detection are both decreased. Therefore, the transform domain methods are more often used in the design of the semi-fragile watermarking schemes that we will introduce in the next section.

Semi-fragile watermarks are usually embedded in transform domains instead of the spatial domain in order to achieve moderate robustness, good imperceptibility and compatibility with compression standards. DCT and DWT domains are the most often used transform domains in semi-fragile watermarking. Since DCT and DWT are used in the popular image compression standards JPEG and JPEG2000, embedding techniques in DCT and DWT domains can be easily designed to be resistant to JPEG and JPEG2000 compression to some customized extent. Furthermore, the previous studies on human visual models in these domains can be directly reused in adaptively controlling the watermark embedding strength to improve the watermark imperceptibility. In addition, the spatial-frequency property of the wavelet transform enables good tamper localization capability in the authentication process.

Two embedding techniques are mainly used in the semi-fragile watermarking schemes.

One is the spread spectrum method [F98a][LPD00], which was firstly proposed by Cox in [CKLS97]. The watermark message is first turned from a narrow band signal to a wide band signal and then embedded into the cover image additively or multiplicatively. The detection of a spread spectrum watermark is done by checking the correlation of the watermark signal and the watermarked image. Because a large amount of signal samples are necessary for good performance of the correlation detection, it is difficult for this embedding method to achieve a sufficient watermark payload in order to allow the tamper localization to fine scale. The other popular embedding method is the so-called quantization index modulation (QIM) method [CW01][LC00]. The watermark information is embedded by quantizing the selected frequency coefficients or some particular feature values to some pre-determined scales according to a look-up table or the simple odd-even mapping rule. By the QIM embedding, the embedding strength can be well controlled by the used quantization step, so that the watermark robustness can be customized quantitatively.

In the literature, a variety of semi-fragile watermarking algorithms have been proposed in the last decade. We only focus on reviewing some representative semi-fragile watermarking techniques in the following. In [F98a][F98b], Fridrich proposed a

technique in which the image is divided into medium-size blocks and in each block a spread spectrum watermark is embedded into the middle 30% of DCT coefficients additively. To verify the image integrity, the receiver tries to detect the embedded watermark in every block. If watermarks are detected in all the blocks with high detector responses, one can be fairly confident that the image has not been significantly manipulated. If the detector responses become overall lower over all the blocks, it is very likely that some kind of image processing operation has been applied. If only in a few blocks the detector responses are fairly lower than those in other blocks, one can estimate the probability that a block has been tampered based on the detector response.

Since a medium-size block, e.g. 64×64, is needed to embed the spread spectrum watermark, this method can not achieve good tamper localization accuracy but only can provide an estimation of the undergone manipulations. If a smaller block size is used, the performance of the spread spectrum watermark will be significantly decreased.

Furthermore, because robust watermarking technique is used in this scheme, the authenticator can not be very sensitivity to some elaborate modifications while it is fairly robust to common image processing like brightness/contrast adjustment and sharpening.

In [LC97][LC00][LC01], Lin et al. proposed a semi-fragile watermarking algorithm in DCT domain using the QIM embedding method. The proposed watermarking algorithm tolerates JPEG lossy compression to a pre-determined quality factor but is able to detect malicious manipulations. Two properties of DCT coefficients are used in the proposed authentication scheme. One is coefficient invariance that after quantizing a DCT coefficient to an integral multiple of the used quantization step, its value can be exactly recovered after JPEG compression with a smaller quantization step size. The other property is that the order relationship of DCT coefficient pair remains unchanged before and after JPEG compression. The second property is used to generate the authentication message and the first one to embed the message robustly against acceptable JPEG compression. In Lin’s scheme, the authentication message generation and embedding process are performed on a basis of non-overlapping 8×8 blocks, similar to the JPEG compression process. In the authentication process, the extracted

authentication bits are compared with the regenerated ones. The proposed authenticator can localize the tempered blocks and recover the corrupted blocks approximately, if the recovery bits are also embedded. Similar to the Friedrich’s scheme, the tamper localization accuracy of this method is also bounded by the used block size.

Eggers et al. proposed a watermarking technique for image authentication in [EG01].

The scheme is based on their previous work, the so-called SCS (Scalar Costa Scheme) watermarking technique in [ESG00]. A random binary sequence is embedded with a secret dither sequence into the DCT coefficients of 8×8 blocks. A likelihood test is used to determine whether the correct watermark is embedded with the specific key so as to examine if the image has been severely manipulated or not. The authors pointed out a fundamental problem of image authentication by semi-fragile watermarks that it is very difficult to embed watermarks in the flat image regions with moderate robustness. This problem will lead to false watermark detection in such regions.

In addition to the above-mentioned DCT domain techniques, some wavelet-based watermarking methods have also been proposed. In [KH99], Kundur et al. proposed a so-called telltale watermarking method, which embeds a random sequence independent of the image content into the wavelet coefficients. The image is first decomposed by a four-level wavelet transform using Haar bases. Then the watermark bits are embedded into the subbands of the four levels by the odd-even QIM embedding method. The decision to map the wavelet coefficients to odd or even is randomized by a secret key.

The proposed authentication method is capable of characterizing the type of distortions based on the four levels of watermark extraction and verification. A similar wavelet-based approach was proposed in [YLL01]. After a four-level DWT of the image is taken, the mean value of a set of wavelet coefficients, instead of a single coefficient in Kundur’s scheme, is used to embed a random sequence as the authentication data. The tampered area is estimated by using an information fusion procedure, which integrates the detection results obtained at multiple scales.

In [WKBC02], Winne et al. proposed a wavelet domain watermarking algorithm for

transform of the image, the watermark data that is a random sequence is embedded into the first wavelet level. A vector is constructed from the three coefficients that are at the same frequency location but in the three different orientations, i.e. LH, HL and HH.

The value of the median coefficient is quantized based on the watermark bit by an adaptive quantization step. A pre-distortion step is used to improve the performance and efficiency of the proposed algorithm. In the image authentication process, high tamper localization accuracy is achieved, which can deliver information about the shape of the modified object.

A new semi-fragile image authentication watermarking technique was proposed in [MSCS06], which improves the performance of the Lin’s methods proposed in [LC97]

[LC00] and [LC01]. This technique is essentially a modified version of Lin’s scheme.

Two possible solutions were presented to improve the tampering detection sensitivity:

the random bias method and the non-uniform quantization method. Both methods reduce the probability that some types of manipulations remain undetectable, which cause only moderate changes of the feature values. In addition, the modified scheme extends the DCT-based watermarking technique to the wavelet domain and extends the acceptable image compression from JPEG to JPEG2000.