INVISIBLE IMAGE WATERMARKING – USING A PUBLIC KEY ALGORITHM A Project Report submitted in partial fulfillment of the requirements for the Summer Research Internship as a 2nd year student of Punjab Engineering College Chandigarh - 160 012, India by Raman Arora and Mayur Maheshwari Roll No - 03542, 03461 under the guidance of Prof. C. Pandu Rangan

Department Of Computer Science And Engineering

Indian Institute Of Technology, Madras Madras 600 036, India July 2005

Certificate This is to certify that the project report entitled Invisible Image Watermarking – using a Public Key Algorithm submitted by Raman Arora and Mayur Maheshwari in partial fulfillment of the requirements for the Summer Research Internship as a 2nd year student of Bachelor of Engineering, at Punjab Engineering College is a bona-fide record of work carried out by them under my supervision and guidance at the Department of Computer Science and Engineering, Indian Institute of Technology, Madras.

Place: Chennai Date:

[Prof. C. Pandu Rangan]

2

Acknowledgments

3

Abstract With the recent proliferation of high speed Internet access, digital multimedia content has increased manifold. The easy access to digital content and availability of manipulating tools has made digital rights protection a very important issue. Digital watermarking has been proposed as a means for intellectual property rights of digital data. Watermarking refers to adding a message or a signature in a digital file so as to establish its ownership. This may be done through a variety of embedding techniques. Combining Watermarking techniques with cryptographic security provides a fool-proof method for data security and verification. Such methods provide both imperceptibility to the added watermark, maintaining a certain level of robustness and security. This report discusses an implementation of such a watermarking scheme. Our present project deals with an invisible image watermarking scheme which uses an adaptive, public key algorithm for embedding the watermark in the file.

4

“If we knew what it was we were doing, it would not be called research, would it?” Albert Einstein (1879-1955)

5

Contents 1 Introduction 1.1 Watermarking . . . . . . . . . . . . . . . . . . . . . . . . . . 1.2 Image Watermarking . . . . . . . . . . . . . . . . . . . . .

8 8 8

2 Proposed Watermarking Algorithm 2.1 Foundation of the system . . . . . . . . . . . . . . . . 2.1.1 Discrete Cosine Transform . . . . . . . . . . . . 2.1.2 Public Key Cryptography – RSA Algorithm 2.1.3 Message Digest/Hashing – MD5 Algorithm . 2.2 Proposed Scheme . . . . . . . . . . . . . . . . . . . . . 2.3 Use of Adaptive Algorithm . . . . . . . . . . . . . . . 2.4 How many pixels to watermark? . . . . . . . . . . . . 2.5 Attack Tolerance . . . . . . . . . . . . . . . . . . . . . . 2.5.1 Against removal of watermark . . . . . . . . . 2.5.2 Against alteration of watermark . . . . . . . . 2.5.3 Against destruction of watermark . . . . . . .

. . . . . . . . . . .

. . . . . . . . . . .

9 9 11 13 15 16 17 18 19 19 19 20

3 Implementation - “Watermarker” 3.1 The GraphixTools Class . . . 3.2 The DCT Class . . . . . . . . . 3.2.1 DCT . . . . . . . . . . . 3.2.2 initMatrix . . . . . . . . 3.2.3 forwardDCT . . . . . . . 3.2.4 dequantizeImage . . . . 3.2.5 quantizeImage . . . . . 3.2.6 compressImage . . . . . 3.2.7 decompressImage . . . 3.2.8 InverseDCT . . . . . . . 3.2.9 bytetoInt . . . . . . . . . 3.2.10 inttoByte . . . . . . . . . 3.3 Watermarker Class . . . . . . 3.3.1 Watermarker . . . . . . 3.3.2 markimage . . . . . . . . 3.3.3 makeimage . . . . . . . . 3.4 The WatermarkEmbed Class 3.4.1 encrypt . . . . . . . . . . 3.4.2 decrypt . . . . . . . . . . 3.4.3 converter . . . . . . . . . 3.5 The Bitset Class . . . . . . . .

. . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . .

21 21 21 22 22 22 23 23 23 23 24 24 24 24 25 25 25 25 25 26 26 26

6

. . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . .

. . . . . . . . . . . . . . . . . . . . .

3.5.1 fromByteArray . . . . . . . 3.5.2 lsbBitsBytes . . . . . . . . . 3.5.3 toByteArray . . . . . . . . . 3.6 The ImageWindow Class . . . . . 3.6.1 ImageWindow . . . . . . . 3.6.2 paint . . . . . . . . . . . . . 3.7 The WatermarkExtract Class . . 3.7.1 watermarkedImageLoader 3.7.2 extractImage . . . . . . . . 3.7.3 decryption . . . . . . . . . . 3.7.4 extract . . . . . . . . . . . . 3.8 The Bits Class . . . . . . . . . . . 3.8.1 toBits . . . . . . . . . . . . . 3.8.2 toBytes . . . . . . . . . . . . 4 Testing and Benchmarking 4.1 Testing Procedure . . . . . 4.2 Tested Images . . . . . . . . 4.2.1 Lena . . . . . . . . . . 4.2.2 Baboon . . . . . . . . 4.3 Results and Conclusions . 4.4 Drawbacks and limitations 5 Future Possibilities

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

. . . . . . . . . . . . . .

27 27 27 27 27 28 28 28 28 28 29 29 29 29

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

. . . . . .

30 30 31 31 37 43 43 45

7

Invisible Image Watermarking – using a Public Key Algorithm Raman Arora, Mayur Maheshwari

1 1.1

Introduction Watermarking

A watermark refers to an imperceptible signal, usually weak in nature added to the cover signal so as to convey hidden data. Watermarking techniques are very similar to steganographic techniques, though they differ in certain key areas. Steganography involves information hiding so as to transmit a cover message without interception and detection. Watermarking is usually done so as to be imperceptible, however robust enough so as to withstand any removal attacks. Thus it may be seen that the difference in watermarking and steganographic tools is based on the adversaries aim at data. While the major aim in steganographic attack is to detect the cover message, a watermarking attack aims to remove the message. Watermarking has emerged as the most potent tool for combating digital piracy and establishment of intellectual property rights.

1.2

Image Watermarking

Image watermarking has been a prominent area of research. Image watermarks are either visible or non visible depending on whether the human eye can perceive the watermark or not. Image watermarking has been applied to a variety of image formats most popularly JPEG/JPG, BMP, GIF, TIFF and other related formats. Image watermarking is based on the principle of data hiding in images based on imperceptibility of masked data to the human visual system. Masking plays a significant role in image watermarks. Much research in watermarking is concentrated in this field. Thus we see nowadays major emphasis being laid on invisible yet robust watermarking systems. The present project develops such a system.

8

2

Proposed Watermarking Algorithm

Conventional Watermarking procedures relied on keeping the algorithm for watermarking closed, i.e. they were very similar to common key cryptographic procedures. Further advancements led to private key watermarking procedures. They generally encrypted the watermark with a private key of the author. Thus it was only the author who could extract and alter the given watermark. However such schemes were also common key and the watermarking algorithm was still kept closed. The present project tries to develop such a watermark which uses an open algorithm. Such a watermarking system is based on the Public Key Cryptographic System which uses asymmetric encryption i.e. separate keys for encryption and decryption. Here we use such a public key watermarking system. A Public Key can either be used to encrypt the watermark or used to encrypt image data. Both schemes are possible. We decided to implement the latter owing to the fact that encryption of the image provides further robustness to the applied watermark though it may compromise slightly on the perceptibilty levels of the watermark. Thus using public key encryption we develop a system where it is possible only for the owner to embed the watermark in the original image. However since the public key is available to trusted parties they may easily verify authenticity and integrity of the image.

2.1

Foundation of the system

The watermarking system is an open one as in, watermark extraction is possible due to certain Opened information. Opened information for watermark extracting: • Watermarked image • Public key, kE • Watermark embedding function, embed(-) • Watermark extracting function, extract(-) Secret information which only those who embed the watermark know: 9

• Original image • Private key, kD Here, a public key and a private key are a key pair of public-key cryptography. In the proposed system, a watermark is embedded into an image encrypted with a public key, then the watermarked encrypted-image is decrypted using the corresponding privatekey. The procedure for embedding watermark is as follows. 1. An original image is encrypted with a public key, kE . The corresponding encrypted-image is created. 2. Watermark is embedded into the encrypted-image using watermark embedding function, embed(-). Thus the watermarked encrypted-image is created. 3. The watermarked encrypted-image is then decrypted with the corresponding private key, kD . Now we obtain the watermarked image. Although kE and embed(-) are opened, only those who know kD can decrypt the watermarked encrypted-image to obtain the watermarked image. The extracting procedure is the exact opposite of the embedding procedure. 1. A watermarked image is encrypted with a public key, kE . The corresponding watermarked encrypted-image is created. 2. Using the watermark extracting function, extract(-), the watermark in the watermarked encrypted-image is extracted. Any one can extract and verify the watermark since all the information for watermark extracting, kD and extract(-), is opened. The implementation of the above proposal is done using three key techniques. 1. Discrete Cosine Transform 2. Public Key Watermarking 3. Message Digest/Hashing

10

2.1.1

Discrete Cosine Transform

We have exploited a visual characteristic of the Human Visual System in our current scheme to embed the watermark. This is based on the the tendency of human vision to be insensitive to certain frequencies in an image and be highly sensitive to certain others. This characteristic is exploited by certain transforms which extract energy information from a digital image. The transform used here is the Discrete Cosine Transform. Discrete cosine transform (DCT) translates the image information from spatial domain to frequency domain to be represented in a more compact form. Its stochastic properties are similar to Fourier and Fast Fourier transform and considers the input image, audio or video signal to be a time invariant or stationary signal. The Fourier Transform gives the frequency information of the signal, which means that it tells us how much of each frequency exists in the signal, but it does not tell us when in time these frequency components exist. This information is not required when the signal is so-called stationary. Signals whose frequency content does not change in time are called stationary signals. In other words, the frequency contents of stationary signals do not change in time. In that case, one does not need to know at what times frequency components exist since all frequency components exist at all times. The Discrete Cosine transform also usually deals with time invariant systems such as digital images and hence does not require the time dependent frequency relations. The forward DCT equation is – 2 F (u, v) = N 

1  2

2 M

 1 NX −1 M −1 X 2 i=1 i=1

π.u π.u (2i + 1) .cos (2i + 1) A (i) A (j) .cos 2.N 2.N (1) 





where 1. The input image is N by M; 2. f(i,j) is the intensity of the pixel in row i and column j; 3. F(u,v) is the DCT coefficient in row k1 and column k2 of the DCT matrix. similarly the inverse DCT equation is –

11



2 f (i, j) = N 

 21 

2 M

 12 NX −1 M −1 X

F (u, v) .cos

i=1 i=1



π.u π.u (2i + 1) .cos (2i + 1) 2.N 2.N (2) 



where symbols have their usual meanings. Both DCT and IDCT are orthogonal, separable and real transforms. Being separable means that the multidimensional transform can be decomposed into successive application of one-dimensional transforms in the appropriate directions. Similarly orthogonal means if the matrices of DCT and IDCT are non-singular and real then their inverse is obtained merely by applying transpose operation. Like Fourier transform, DCT also considers the input sampled data to be a time invariant or stationary signal. The DCT input (for usual image processing) is an 8 by 8 array of integers. This array contains each pixel’s gray scale level; 8 bit pixels have levels from 0 to 255. The DCT Output is also an 8 by 8 array of integers varying from -1023 to 1024. The discrete cosine transform converts spatial information to ”frequency” or spectral information, with the X and Y axes representing frequencies of the signal in different dimensions. This allows for “lossy” compression of image data by determining which information can be thrown away without compromising the image. The DCT is used in many compression and transmission codecs, such as JPEG, MPEG and others. The pixels when transformed are arranged from the most significant pixel to the least significant pixel. The upper rightmost term is the DC term in which most of the energy is concentrated. It represents the low frequency components. This term represents the most perceptible data. The other terms are called as the AC terms. The energy gradually decreases as we move down the matrix towards the lower left corner. Compression is achieved since the lower right values represent higher frequencies, and are often small - small enough to be neglected with little visible distortion. Modification in the DCT coefficients provide us with our method of inserting the watermark.

12



2.1.2

Public Key Cryptography – RSA Algorithm

Cryptography is the study of mathematical techniques related to aspects of information security such as confidentiality, data integrity, entity authentication, and data origin authentication. Cryptography involves encryption of a plain text to a cipher text by the use of a Key. The encrypted cipher text may be recovered by decrypting it back by the key. There are two main cryptographic techniques – Single Key or Symmetric Key Cryptography and Public Key or Asymmetric Key Cryptography. In symmetric Key cryptography, the same key is used to encrypt as well as decrypt data. This poses the major problem with symmetric key cryptography. A Secure Channel is required between the sender and the receiver to exchange the secret key. The approach of asymmetric cryptography evolved to address the security issues posed by symmetric cryptography. This method solves the problems of secret key cryptography by using two keys instead of a single key. Asymmetric Cryptography uses a pair of keys. In this process, one key is used for encryption, and the other key is used for decryption. These two keys are collectively known as the key pair. One of the keys is freely distributed and is called the public key. This key is used for encryption. Hence this method of encryption is called public key encryption. The second key is the secret or private key and is used for decryption. The private key is not distributable. Thus we see in public key cryptography we one key to encrypt data and the corresponding other key to decrypt it. One of the most common implementations of this process is the RSA Algorithm. RSA Algorithm The RSA system is a symmetric public key cryptosystem in the terms of the previous section. This means that there are any number of pairs of algorithms (E, D) both defined on the same set of values. E is the public encryption algorithm and D is the private decryption algorithm These satisfy: 1. Encryption/decryption works: If c = E(m) is the ciphertext corresponding to some plaintext m, then m = D(c). (In other words: m = D(E(m)), for any message m.) 2. Sign/verify works: If s = D(m) is the signature corresponding to some plaintext m, then m = E(s). (In other words: m = E(D(m)), for any message m.) 13

3. Can encrypt efficiently: For any message m, there is an efficient algorithm to calculate E(m). 4. Can decrypt efficiently: For any message or ciphertext x, there is an efficient algorithm to calculate D(x). 5. Public/private keys stay that way: From a knowledge of E, there is no efficient way to discover D. Users A, B, ... can create their own pairs (EA , DA ), (EB , DB ), ... of RSA key pairs. The encryption algorithms are “published” or made available on a secure public key server, while the decryption algorithms are kept secret from everyone except the originator. In RSA, the plaintexts and ciphertexts are just large positive integers, up to a certain size depending on the specific key pair. The underlying algorithms are not secret but only certain information used in them. The RSA system itself is constructed as follows: 1. Choose random “large” prime integers p and q of roughly the same size, but not too close together. 2. Calculate the product n = p*q (ordinary integer multiplication). 3. Choose a random encryption exponent e less than n that has no factors in common with either p - 1 or q - 1. 4. Calculate the (unique) decryption exponent satisfying e*d mod (p 1)*(q - 1) = 1. 5. The encryption function is E(m) = me mod n, for any message m. 6. The decryption function is D(c) = cd mod n, for any ciphertext c. 7. The public key (published): This is the pair of integers (n, e). 8. The private key (kept secret): This is the triple of integers (p, q, d). The decryption may be shown to be the inverse of encryption process. This may be proved as follows – To show that RSA decryption reverses what RSA encryption does, we only need to show that: D(E(m)) = m, for any message m, or specifically to show that (me )d mod n = m. 14

But we know that e*d mod (p - 1)*(q - 1) = 1, so that (me )d mod n = me∗d mod n = me∗d mod (p - 1)*(q - 1) mod n = m1 mod n = m. The last line follows from the fact that the exponent can be reduced modulo phi(n) = phi(p*q) = (p - 1)*(q - 1). 2.1.3

Message Digest/Hashing – MD5 Algorithm

One of the fundamental primitives in modern cryptography is the cryptographic hash function, often informally called a one-way hash or message digest. A simplified definition is as follows. Definition : A hash function is a computationally efficient function mapping binary strings of arbitrary length to binary strings of some fixed length, called hash values. For a hash function which outputs n-bit hash-values (eg., n = 128 or 160) and has desirable properties, the probability that a randomly chosen string gets mapped to a particular n-bit hash value (image) is 2−n . The basic idea is that a hash value serves as a compact representative of an input string. To be of cryptographic use, a hash function h is typically chosen such that it is computationally infeasible to find two distinct inputs which hash to a common value ( i.e. two colliding inputs x and y such that h(x) = h(y), and that given a specific hash-value y, it is computationally infeasible to find an input (pre-image) x such that h(x) = y. In our algorithm we use two variants of the hashing techniques. We use a hash produced of the image data which tends to be unique to the given image. Then we use a signature of the given private key, so as to authenticate the ownership of the image. Combining these two hashes we finally calculate our watermark which is a 128 bit hash string of both these hashes. MD5 is one of a series of message digest algorithms designed by Professor Ronald Rivest of MIT (Rivest, 1994). MD5 processes a variable length message into a fixed-length output of 128 bits. The input message is broken up into chunks of 512-bit blocks; the message is padded so that its length is di15

visible by 512. The padding works as follows: first a single bit, 1, is appended to the end of the message. This is followed by as many zeros as are required to bring the length of the message up to 64 bits fewer than a multiple of 512. The remaining bits are filled up with a 64-bit integer representing the length of the original message. The message is always padded with at least a single 1-bit, such that if the message length is a multiple of 512 minus the 64 bits for the length representation (that is, length mod(512) = 448), a new block of 512 bits is added with a 1-bit followed by 447 0-bits followed by the 64 length. The main MD5 algorithm operates on a 128-bit state, divided into four 32bit words, denoted A, B, C and D. These are initialized to certain fixed constants. The main algorithm then operates on each 512-bit message block in turn, each block modifying the state. The processing of a message block consists of four similar stages, termed rounds; each round is composed of 16 similar operations based on a non-linear function F, modular addition, and left rotation. These four functions are F(X,Y,Z) = (X ∧ Y ) ∨ (¬X ∧ Z) G(X,Y,Z) = (X ∧ Z) ∨ (Y ∧ ¬Z) H(X,Y,Z) = X ⊕ Y ⊕ Z I(X,Y,Z) = Y ⊕ (X ∨ ¬Z) ⊕, ∧, ∨, ¬ denote the XOR, AND, OR and NOT operations respectively.

2.2

Proposed Scheme

Using these three key features we propose the following scheme for watermarking. Embedding Procedure – 1. An original image is transformed using Discrete Cosine Transform (DCT). A set of DCT coefficients corresponding to the original image is obtained. 2. The set of DCT coefficients is divided into the data higher than 0 (high-DCT-data) and data lower than ω(low-DCT-data). 3. High-DCT-data is encrypted using a public key, kE , while low-DCTdata is left as it is. The corresponding encrypted-high-DCT-data is created.

16

4. Using embedding function, embed(-), a watermark is embedded into the encrypted-high-DCT-data. Thus watermarked encrypted-high-DCTdata is created. 5. The watermarked encrypted-high-DCT-data is then decrypted with the private key, kD . The watermarked high-DCT-data is obtained. 6. A set of watermarked DCT coefficients is obtained by combining the watermarked high-DCT-data and the original low-DCT-data. 7. The set of watermarked DCT coefficients is transformed using Inverse Discrete Cosine Transform (IDCT). Now we obtain the watermarked image. Only those who know kD can decrypt the watermarked encryptedhigher-DCT-data to obtain the watermarked image. Extracting Procedure – 1. A watermarked image is transformed using DCT. A set of watermarked DCT coefficients is obtained. 2. The data higher than ω(watermarked high-DCT-data) is extracted from the set of watermarked DCT coefficients. 3. The watermarked high-DCT-data is encrypted using a public key, kE . The corresponding watermarked encrypted-high-DCT-data is obtained. 4. Using extracting function, extract(-), a watermark is extracted from the watermarked encrypted-high-DCT-data. 5. The watermark is compared to the original watermark to verify authenticity and integrity of the image. This is the basic implementation scheme. We are yet to define the embed(-) and extract(-) functions. This is because embedding of the watermark may be down by various methods and different techniques. Using an adaptive algorithm for embedding the watermark and a corresponding extracting procedure is the best technique.

2.3

Use of Adaptive Algorithm

Embedding of the watermark in DCT coefficients is the main basis of our scheme. However this poses maximum problems as well. DCT coefficients are either high frequency, low energy or low frequency, high energy. Embedding 17

the watermark in high frequency components seems most desirable because of the robustness levels provided. However the system lacks robustness as such because image processing which removes all frequencies higher than ω are likely to destroy the watermark completely. Thus we have adaptively added the watermark into both AC (high frequency) and DC (low frequency components). Thus we are not compromising either with the perceptibilty levels of the watermark, neither are we losing the robustness of the system. The above scheme was implemented as follows – 1. The input image was a grayscale image of height 256 pixels and width 256 pixels. 2. The image was divided into 8x8 blocks and DCT transformed. Thus we got 1024 blocks of DCT transformed pixels. 3. The DCT coefficients were divided into two classes – AC and DC. 4. LSB’s were extracted from both the AC and DC components of the DCT data. 5. The LSB string was encrypted using the public key kE . 6. A Watermark was generated using the image hash H(I) and the signature of the private key (kD ). These were then hashed again to obtain the final watermark. H(H(I).S(kE )). 7. The watermark was then XORed with the encrypted LSB string. 8. The watermarked LSB string was decrypted using the Private Key kD . 9. The watermarked LSB’s were inserted back into the image and the image was reconstructed.

2.4

How many pixels to watermark?

Since the perceptibilty is inversely proportional to the robustness of the embedded watermark, we have to arrive at a suitable trade-off between these two factors. This is achieved by deciding the strength of the embedded watermark i.e. the number of pixels modified in embedding the watermark. In our case since we are using both the AC and the DC coefficients it becomes imperative to strike a balance. By careful review of existing techniques and implementing the algorithm for various embedding proportions we arrived at the following results –

18

• Watermark embedding in an image whose histogram is highly lopsided produces perceptible differences even if the embedding is done in the AC coefficients in the middle of the spectrum. The PSNR produced is extremely low when the watermark is embedded in even low DC coefficients. • For an image having a uniform histogram, watermarks embedded in high AC to low DC components are barely perceptible. Thus the PSNR of the watermarked images is high even for DC component embedding Thus the number of pixels to be watermarked depends more on the image quality and thus both perceptibility and robustness of the embedded watermark shall rely on the image quality itself.

2.5

Attack Tolerance

The following attacks may be expected on the watermark 1. Cracker removes the watermark from watermarked image to obtain the original image. 2. Cracker alters the watermark. 3. Cracker destroys the watermark. We shall discuss the robustness of the system against these three attacks. 2.5.1

Against removal of watermark

As all the information for watermark extracting is opened, any one can obtain the watermarked encrypted-image. In addition, cracker could remove the watermark from the watermarked encrypted-image, by analyzing the functions of embed(-) and extract(-). Namely cracker could get the encrypted-image. However, no cracker can decrypt the encrypted-image to obtain the original image since the private key, kD , is kept secret. 2.5.2

Against alteration of watermark

As is the case above, cracker could obtain the encrypted-image. Then, cracker can embed any fake watermark into the encrypted-image using watermark embedding function, embed(-). Namely, cracker could get a fake watermarked encrypted-image. However, no cracker can decrypt the fake watermarked encrypted-image to obtain the fake watermarked image since the private key, kD , is kept secret. 19

2.5.3

Against destruction of watermark

To destroy the watermark, cracker can try all kinds of attack. StirMark attack is one of the typical. The robustness against StirMark attack would depend on what kind of embedding function is actually adopted as embed(-).

20

3

Implementation - “Watermarker”

The implementation of the above proposed algorithm was done using Java. We used Java 1.5.0 − 04 from Sun Microsystems as our Java Platform. We used JCreator LE 2.500 as our IDE for Java. Extensive use of the Java Imaging Libraries, Java Cryptographic Architecture and Java Cryptographic Extension was made. The Watermarking Implementation used eight basic classes included in four java files. A detailed description of the classes used is given below.

3.1

The GraphixTools Class

We used the GraphixTools library provided by Stephen Manley. These tools perform the following list of functions. • Array returns (R,G,B). • E-Z Image Producing. • RGB to YUV colorspace conversion. • YUV to RGB colorspave conversion. • Filesize and other information • Free and Used VM Machine Memory Info

3.2

The DCT Class

A general algorithm for DCT compression with this class • Create a DCT Object. • Set up your program to read pixel information in 8*8 blocks. See example. • Run the forwardDCT() on all blocks. • Run the quantitizeImage() on all blocks. • If you want, send the information to the imageCompressor(). A general algorithm for DCT decompression with this class: 21

• Create a DCT Object. • Set up the program to convert compressed data in 8*8 blocks. (if compressed) • Run the data through dequantitizeImage(). • Run the data through inverseDCT(). The user-defined methods declared in this class are described as follows 3.2.1

DCT

Constructs a new DCT object. Initializes the cosine transform matrix these are used when computing the DCT and it’s inverse. This also initializes the run length counters and the ZigZag sequence. Note that the image quality can be worse than 25 however the image will be extremely pixelated, usually to a block size of N. Input Parameter – QUALITY – The quality of the image (0 best - 25 worst) 3.2.2

initMatrix

This method sets up the quantization matrix using the Quality parameter and then sets up the Cosine Transform Matrix and the Transposed CT. These are used by the forward and inverse DCT. The RLE encoding variables are set up to track the number of consecutive zero values that have output or will be input. Input Parameter – The quality scaling factor 3.2.3

forwardDCT

This method performs a matrix multiplication of the input pixel data matrix by the transposed cosine matrix and store the result in a temporary N * N matrix. This N * N matrix is then multiplied by the cosine matrix and the result is stored in the output matrix. Input Parameter – input – The Input Pixel Matrix Output Parameter – output – The DCT Result Matrix

22

3.2.4

dequantizeImage

This method reads in DCT codes dequanitizes them and places them in the correct location. The codes are stored in the zigzag format so they need to be redirected to a N * N block through simple table lookup. After dequantitization the data needs to be run through an inverse DCT. Input Parameter – inputData – 8x8 Array of quantitized image data Input Parameter – zigzag – Boolean switch to enable/disable zigzag path Output Parameter – outputData – A N * N array of de-quantitized data 3.2.5

quantizeImage

This method orders the DCT result matrix into a zigzag pattern and then quantitizes the data. The quantitized value is rounded to the nearest integer. Pixels which round or divide to zero are the loss associated with quantitizing the image. These pixels do not display in the AWT. (null) Long runs of zeros and the small ints produced through this technique are responsible for the small image sizes. For block sizes < or > 8, disable the zigzag optimization. If zigzag is disabled on encode it must be disabled on decode as well. Input Parameter – inputData – 8x8 array of DCT image data. Input Parameter – zigzag – Boolean switch to enable/disable zigzag path. Output Parameter – outputData – The quantitized output data 3.2.6

compressImage

This does not huffman code, it uses a minimal run-length encoding scheme. Huffman, Adaptive Huffman or arithmetic encoding will give much better performance. The information accepted is quantized DCT data. The output array should be scanned to determine where the end is. Input Parameter – image – Quantitized image data. Output Parameter – The string representation of the image. pressed) 3.2.7

(Com-

decompressImage

This method determines the runs in the input data, decodes it and then returns the corrected matrix. It is used to decode the data from the compressImage method. Huffman encoding, Adaptive Huffman or Arithmetic will give much better compression. 23

Input Parameter – DCT – Compressed DCT int array (Expands to whole image). Output Parameter – The decompressed one dimensional array. 3.2.8

InverseDCT

This method is preformed using the reverse of the operations preformed in the DCT. This restores a N * N input block to the corresponding output block with values scaled to 0 to 255 and then stored in the input block of pixels. Input Parameter – input – N * N input block Output Parameter – output – The pixel array output 3.2.9

bytetoInt

This method uses bit shifting to convert an array of two bytes to a integer (16 bits max). Byte 0 is the most significant byte and Byte 1 is the least significant byte. Input Parameter – bitSet – Two bytes to convert Output Parameter – The constructed integer 3.2.10

inttoByte

This method uses bit shifting to convert an integer to an array of two bytes, byte 0, the most significant and byte 1, the least significant. Input Parameter – count – The integer to convert. (16 bit max) Output Parameter – The array of two bytes.

3.3

Watermarker Class

The Watermarker class is an implementation of a public key, invisible watermarking scheme which inserts the watermark as an invisible 128 bit string in the AC coefficients of the DCT matrix using a suitable XOR scheme. This class invokes the GraphixTools class and the DCT class created and tested by Stephen Manley. This class also invokes the RSA key generation interfaces and the MD5 message digest library provided by the Java Cryptographic Extension library and the Java Cryptographic Architecture respectively.

24

3.3.1

Watermarker

This is the main method. The image to be marked -“test.jpg” is loaded and Pixel Array of the image generated by GrafixTools. The method markimage() is called where the watermarking takes place. 3.3.2

markimage

This method applies the forward DCT transform to the pixel array and then applies the quantization in an 8*8 blocks the quantized array is then converted into 256*256 array. The array is then sent to the converter method(in watermarkEmbed class) where the watermark is embedded in the desired LSB’s. 3.3.3

makeimage

This method inputs the watermarked Dequantised image array and stores the array into a 1-D array by first converting the pixel range values to 32 bit integers and instantiates the ImageWindow object to pass the 1-D array from the ImageWindow constructor. Input Parameter – 2-D array of the watermarked quantized image

3.4

The WatermarkEmbed Class

This Watermarker Embed class is an implementation of a public key, invisible watermarking scheme which inserts the watermark as an invisible 128 bit string in the AC coefficients of the DCT matrix using a suitable XOR scheme. This class invokes the Bitset class. This class also invokes the RSA key generation library and the MD5 message digest library provided by the Java Cryptographic extension library and the Java Cryptographic Architecture respectively. The user defined methods are – 3.4.1

encrypt

This method Encrypts the incoming LSB(128 byte) data and converts it into a 128byte Cipher text which is XORed with the (128bit)Hash function(Watermark). The Encryption is done with the public key of the owner, and RSA Encryption algorithm is employed. The resultant array is stored in the output byte array. 25

Input Parameter – input: 128 Byte Array fo LSBs, Hash(Watermark),Public Key,Encryption Algorithm(RSA) Output Parameter – output: 128byte XORed Array of Encrypted LSBs and the Hash function 3.4.2

decrypt

This method Encrypts the incoming modified Watermark 128byte array data. The Encryption is done with the private key of the owner, with the help of RSA Encryption algorithm. The resultant array is stored in the output byte array. Input Parameter – input: 128 Byte XORed LSBs,Private Key,Encryption Algorithm(RSA) Input Parameter – output: 128byte Encrypted Array 3.4.3

converter

This method generates the 1120 bit Public and the Private Keys for encryption using RSA algorithm and for the generation of the Digital Signature of the Private Key using DSA. The Pixel data is input and it’s hash function is generated along with the digital signature. MD5 scheme is used for the generation of the 128bit hash. This hash function is used as the watermark. The input Quantized array’s selected coefficients’ least significant bit are stored in a byte array which is passed to the Bitset class for converting it into a 1024byte array. This byte array is passed to the encrypt method. The returned array from decrypt method is XORed in the least significant bits of the selected quantized coefficients. Input Parameter – input: 256*256 2D Array of Quantized Pixel data Output Parameter – output: 256*256 2D Array of Watermarked Quantized Pixel data

3.5

The Bitset Class

This class deals with converting of Bitsets to Byte Arrays of different lengths and vice-versa.

26

3.5.1

fromByteArray

This method inputs the 128byte array of LSB of Quantized Pixels and 128byte encrypted array calculates the bits of each of them and XORs them bit by bit and calls the toByteArray method to store them in the byte array and returns this byte array to the converter method to change the input quantized coefficients array. Input Parameter – input: 128byte array of LSB of Quantized Pixels, 128byte encrypted array Output Parameter – output: 128byte array of XORed quantized Pixels 3.5.2

lsbBitsBytes

This method inputs the 1024byte array of LSB of Quantized Pixels and converts it into a 128 byte array. Input Parameter – input: 1024byte array of LSB of Quantized Pixels Output Parameter – output:128byte array 3.5.3

toByteArray

This method inputs the BitSet and will convert it into it’s corresponding byte array Input Parameter – input: BitSet Output Parameter – output: byte array

3.6

The ImageWindow Class

This class inherits the Frame class for loading the frame in which the original and the watermarked image are displayed 3.6.1

ImageWindow

This method positions and resizes the frame in which the original and the watermarked image are displayed. The input of this method is the converted array of the pixels, it creates the image from this data and saves it into the current directory as a jpeg image. It also performs the loading of the image in to the defined frame next to the original image.

27

Input Parameter – 256*256 1-D array of watermarked quantized coefficients 3.6.2

paint

This method draws both the images, watermarked image as well as the original image into the frame. Input Parameter – instance of the class Graphics

3.7

The WatermarkExtract Class

This Watermarker Extraction class is an implementation of a public key, invisible watermarking scheme which extracts the watermark from the image for it’s verification and hence establishing the authentication of the image. 3.7.1

watermarkedImageLoader

This is the Image loading method. The image - ”WaterMarkedImage.jpg” from where the watermark is to be extracted is called and loaded, DCT operations are performed on the Pixel Array of the image generated by GrafixTools. The method extractImage() is called from where the extraction takes place. 3.7.2

extractImage

This method applies the forward DCT transform to the pixel array, stores it in an output Array. The output array is then sent to the Watermark Extract method extract where the watermark is extracted from the desired coefficients. 3.7.3

decryption

This method decrypts the incoming bytes using the public key, the incoming byte array is extracted from the selected coefficients of the image and is sent here for the decryption. The algorithm used for decryption is RSA Algorithm Input Parameter – input array of coefficients, public key, RSA Algorithm Output Parameter – output decrypted byte array.

28

3.7.4

extract

This method stores inputs the value of the public key from the file:key.rsa saved in the current directory, then it stores the values of the coefficients on which the watermark is embedded into a byte array. The byte array will be passed to the Bits class for extracting the watermark. The resultant byte array is passed to the decryption method where it is decrypted and returned to the method. The method then inputs the stored watermark form the file watermark.wmk stored in the current directory and compares both the watermarks. It prints Test SUCCEEDED if the extracted watermark is equal to what has been input from the file and prints Test Failed if the watermarks are different. This helps in verification of the watermarks and hence the authentication of the image. Input Parameter – input 2D array of the watermarked Quantized coefficients

3.8

The Bits Class

This class deals with bit manipulations during the extraction phase. 3.8.1

toBits

This method inputs the 1024byte array of watermarked Quantized Pixels and store it into a BitSet from where the BitSet of the watermark is extracted by XORing every 8th bit with zero. The resulting BitSet is sent to the toByteArray method for converting it back to the byte array, at last the byte array is returned to the extract method for the decryption and hence verification. Input Parameter – 1024byte array of watermarked Quantized Pixels Output Parameter – 128byte array of encrypted watermark 3.8.2

toBytes

This method inputs the 1024byte array of LSB of Quantized Pixels and converts it into 128byte array Input Parameter – 1024byte array of LSB of Quantized Pixels Output Parameter – 128byte array

29

4 4.1

Testing and Benchmarking Testing Procedure

The strength of the watermark was evaluated on the following parameters – In order to measure the quality of the watermark at the output, mean square error (MSE) and peak to signal to noise ratio (PSNR) ratio are often used. The MSE is often called quantization error variance σq 2 . The MSE between the original image f and the reconstructed image g is defined as: M SE = σq 2 =

1 Σ(f [j, k] − g[j, k])2 N

(3)

Where the sum over j, k denotes the sum over all pixels in the image and N is the number of pixels in each image. The PSNR between two images having 8 bits per pixel or sample in terms of decibels (dBs) is given by: P SN R = 10log10

2552 M SE

(4)

Generally when PSNR is 40 dB or greater, then the original and the reconstructed images are virtually indistinguishable by human observers. Signal to noise ratio (SNR) is also a measure, but it is mostly used in telecommunications. However, one can calculate SNR for an image in terms of decibels (dBs) as: SN R = 10log10

Encoderinputimageenergyorvariance N oiseenergyorvariance

(5)

Using the PSNR as the basis we tested the images - lena, baboon, ruler, pepper ( taken from the USC-SIPI Digital Image Processing Library). A few samples are shown in the following pages.

30

4.2 4.2.1

Tested Images Lena

The original image lena (Taken from USC-SIPI Image Processing Database)

Watermark embedded in the DC coefficient 31

Watermark embedded in the last AC coefficient

Histogram of grayscale levels of lena

32

Histogram of grayscale levels of difference between the original image and the DC coefficient watermark embedded image

Histogram of grayscale levels of difference between the original image and the AC coefficient watermark embedded image

33

Difference between the original image and the DC coefficient watermark embedded image

34

Difference between the original image and the DC coefficient watermark embedded image

35

Difference between the original image and the DC coefficient watermark embedded image (Image thresholded to show the watermark)

36

4.2.2

Baboon

The original image baboon (Taken from USC-SIPI Image Processing Database)

Watermark embedded in the DC coeffecient 37

Watermark embedded in the last AC coefficient

Histogram of grayscale levels of baboon

38

Histogram of grayscale levels of difference between the original image and the DC coefficient watermark embedded image

Histogram of grayscale levels of difference between the original image and the AC coefficient watermark embedded image

39

Difference between the original image and the DC coefficient watermark embedded image

40

Difference between the original image and the DC coefficient watermark embedded image

41

Difference between the original image and the DC coeffecient watermark embedded image (Image thresholded to show the watermark)

42

4.3

Results and Conclusions

The watermarking scheme was successfully implemented in java. A 128 bit watermark was embedded into the encrypted DCT coefficients. Watermark embedding was tested by using imperceptibility of the watermark as our refernce. We tested the imperceptiblity levels on the following images – lena.jpg, pepper.jpg, baboon.jpg and ruler.jpg. We noted that the PSNR levels for watermark embedding (in AC coeffecients) was particularly high in lopsided histogram images such as ruler and pepper. Image quality normally stabilizes when the watermark is embedded in the 4th DC coeffecient onwards. Thus we see that the watermark embedded is robust and imperceptible. All values in the table are in dB. Columns represent the diagonal coeffecient watermarked.

1 2 3 4 5 6 7 8

4.4

Pepper -12.389259 52.99984 82.28197 82.34182 81.46429 82.31429 82.344315 82.354385

Lena -21.035032 38.298706 59.96778 60.12257 58.43381 60.851063 60.39177 60.820538

Baboon -17.71 46.44 51.45 46.31 48.94 51.48 51.49 51.52

Ruler -72.84027 55.741936 55.42946 56.34481 55.507015 55.030483 56.545662 56.355766

Drawbacks and limitations

The proposed scheme of watermarking has three major drawbacks. 1. Time efficiency – The watermarking scheme implemented above lacks in time efficiency. This is due to the fact that (a) It uses transform coding techniques rather than spatial coding techniques (b) Cryptography – It uses to complex cryptographic functions – Public Key encryption and Message Digest i.e. MD5 Hashing. Due to these two factors the embedding time for the watermark is considerably greater than previously implemented techniques.

43

2. Use of transform coding rather than wavelet coding – Current research on compression techniques is being done using wavelet based coding (as in JPEG200). This technique provides better PSNR ratios, better image quality and higher robustness than transform based codings. Nevertheless DWT also has some disadvantages and DWT based coders still require improvement to outperform the DCT based coders. Also a majority of current business and industry is still based on transform coding and shall rely on related techniques until wavelet based coding replaces it. Till then our watermarking scheme may be implemented and put to good use. Further still a major problem may arise. With a digital watermarking with open algorithm, everyone can verify a watermark using the opened information. However, how should do we pass the opened information to verifier (person who want verify the watermark)? There are two possible methods. 1. We may write the opened information in the header of an image file. In this case, once a cracker removes the information written in the file header, verifier loses the ability to check the watermark. 2. We may adopt a certain system as a standard. In this case we may create an authority which keeps hold of the open algorithm and passes the algorithm and public key to the verifier. However in such a case each public-private key pair must be stored securely. This poses the problems of key management.

44

5

Future Possibilities

Watermarking as a means of Intellectual Property Rights Protection has a bright future. Recent developments in watermarking techniques have extended the scope of watermarking beyond audio, image and video watermarking to DVD copy protection, Software watermarking and even code watermarking. Developments in the field of Image Processing and Cryptographic techniques shall further bolster watermark development. Most of the Watermarking algorithms have been implemented in software using high-level languages such as C or Java. Such an approach provides maximum flexibility but lacks performance. At the same time, proprietary hardware implementations were proposed to speed up such watermarking algorithms. However most of the current implementations are inflexible solutions and lack cost efficiency. Hardware watermarking may be significantly increased by using newer approaches. A new approach is the combination of programmable processors with reconfigurable hardware units. Non-time critical operations are implemented in software (providing flexibility) while time-critical operations such as DCT or DWT, are implemented in hardware using FPGA (providing speed up). As future work, we would like to propose the possible integration of our Watermarking design in such FPGA Implementations and processors. We have carried out a preliminary survey on current Hardware implementations of DSP functions i.e. DCT and DWT and cryptographic functions like MD5 and RSA. Preliminary code for Cryptographic Functions – RC4 and MD5 have been designed and tested using Verilog Hardware Design Language. We intend to extend our work in designing such a hardware implementation of our Watermarking algorithm which may eventually be integrate with digital cameras thus providing a ”SECURE DIGITAL CAMERA”.

45

References [1] [2] [3]

46

Indian Institute Of Technology, Madras

Watermarking refers to adding a message or a signature in a digital file so as to .... In the proposed system, a watermark is embedded into an image encrypted.

473KB Sizes 1 Downloads 315 Views

Recommend Documents

INDIAN INSTITUTE OF TECHNOLOGY GANDHINAGAR.pdf ...
Whoops! There was a problem loading more pages. Retrying... Whoops! There was a problem previewing this document. Retrying... Download. Connect more ...

Indian Institute of Technology Guwahati
o Reproduction rate of JG is very fast as compare to EF and EG. o Survival temperature ranges from 4 to 45oC. . They are resistive to light rays.

DEPARTMENT OF PHYSICS INDIAN INSTITUTE OF TECHNOLOGY ...
INDIAN INSTITUTE OF TECHNOLOGY MADRAS. PH102 Physics II. Problem Set 8. To be discussed on April 2 2007. 1. The skin effect: Recall the relations D ...

Indian Institute of Technology Madras.pdf
Indian Institute of Technology Madras.pdf. Indian Institute of Technology Madras.pdf. Open. Extract. Open with. Sign In. Main menu.

Indian Institute of Technology Guwahati - MOBILPASAR.COM
o Reproduction rate of JG is very fast as compare to EF and EG. o Survival temperature ranges from 4 to 45oC. . They are resistive to light rays. t The degradation rate was very fast. Organic waste such as Vegetable waste, water hyacinth and industri

Indian Institute of Technology Guwahati - IIT Guwahati
Indian Institute of Technology Guwahati ... Whether any degree was obtained through Correspondence course / distance ... PhD thesis related information:.

Indian Institute of Technology, Gandhinagar Various Posts ...
Switch, Wireless Controller and Access Points ... using ticket-based management system ... Familiarity with technologies for cloud computing, managing ... Indian Institute of Technology, Gandhinagar Various Posts, 2015_Notification.pdf.

Indian Institute Of Technology Patna.pdf
Indian Institute Of Technology Patna.pdf. Indian Institute Of Technology Patna.pdf. Open. Extract. Open with. Sign In. Main menu.

Indian Institute of Technology, Gandhinagar Various Posts ...
Knowledge of Linux, Windows operating systems with ability. to configure servers. Knowledge of daily ... install packages, manage networking, manage services,. configuring firewall etc. Excellentknowledgeofinstallation, configuration,. maintenance of

Indian Institute of Technology Delhi Recruits Jr. Project Attendant ...
There was a problem previewing this document. Retrying... Download. Connect more apps... Try one of the apps below to open or edit this item. Indian Institute of Technology Delhi Recruits Jr. Project Attendant advt.pdf. Indian Institute of Technology

INDIAN INSTITUTE OF TECHNOLOGY ROPAR Nangal ... - IIT Ropar
Essential Qualifications: First class B. Tech in Civil Engineering and PG degree in ... Head, Department of Civil Engineering, ... Other Relevant Information:.

INDIAN INSTITUTE OF TECHNOLOGY DELHI ... - IRD - IIT Delhi
Jun 1, 2018 - (Ms.) Ratnamala Chatterjee. Deptt/.Centre. Department of Physics. Duration of the Project Upto:02/10/2018. Post (s). Consolidated Fellowship.

INDIAN INSTITUTE OF TECHNOLOGY DELHI ... - IRD - IIT Delhi
Jun 1, 2018 - Candidates of Indian nationality are invited to appear for the Walk-in test / interview for project appointments under the following project.

Indian Institute of Technology Delhi Attendant.pdf
Indian Institute of Technology Delhi Attendant.pdf. Indian Institute of Technology Delhi Attendant.pdf. Open. Extract. Open with. Sign In. Main menu. Displaying ...

CSIR-Indian Institute of Chemical Technology Recruitment Junior ...
CSIR-Indian Institute of Chemical Technology Recruitment Junior Research Fellow Advertisement.pdf. CSIR-Indian Institute of Chemical Technology ...

Bombay Indian Institute of Technology Bharti 2017 For 17 Posts.pdf ...
Bombay Indian Institute of Technology Bharti 2017 For 17 Posts.pdf. Bombay Indian Institute of Technology Bharti 2017 For 17 Posts.pdf. Open. Extract.

Indian Institute of Technology Roorkee Recruitment For 02 ...
Indian Institute of Technology Roorkee Recruitment For ... ral Technical Assistant Post Application Form 2016.pdf. Indian Institute of Technology Roorkee ...

Indian Institute of Technology Delhi medical officer application.pdf ...
Indian Institute of Technology Delhi medical officer application.pdf. Indian Institute of Technology Delhi medical officer application.pdf. Open. Extract. Open with.

Indian Institute of Technology Delhi PhD Literature 2014.pdf ...
content in a literary work of your choice. Page 1 of 1. Main menu. Displaying Indian Institute of Technology Delhi PhD Literature 2014.pdf. Page 1 of 1.

Indian Institute Of Technology Patna Notification.pdf
Indian Institute Of Technology Patna Notification.pdf. Indian Institute Of Technology Patna Notification.pdf. Open. Extract. Open with. Sign In. Main menu.

Indian Institute of Technology Roorkee Recruitment For 05 Junior ...
Indian Institute of Technology Roorkee Recruitment Fo ... r Engineer and Various Post Application Form 2016.pdf. Indian Institute of Technology Roorkee ...

Florida Institute of Technology
Florida Tech Senior Design Project. Railroad Signaling Block Design Tool ... The software application shall include formulas on the following specific parameters ...

Indian Institute of Packaging.pdf
Mar 3, 2017 - Masters degree in Science/Applied Sciences or. Bachelor's degree in Engineering/Technology in. the field related to packaging. The candidate ...