US 20030070075 A1 Abstract The present invention relates to the methods for hybrid watermarking method joining a robust and a fragile watermark, and thus combining copyright protection, authentication and tamperproofing. As a result this approach is at the same time resistant against the copy attack. In addition, the fragile information is inserted in a way which preserves the resistance and reliability of the robust part.
Claims(14) 1. A method for generating watermarked data z based on some original data x, wherein said robust watermark w contains multi-bit informative w_{inf }and reference w_{ref }watermarks encoded and embedded in such a way as to resist against attacks, and an authentication watermark w_{frag }contextually encoded, encrypted and embedded in orthogonal or almost orthogonal positions with respect to the robust watermark w, comprising the steps of:
(a) encoding said multi-bit message b, possibly using any error correction code (ECC), (b) generating said w as a function of said key k and said message b encoded and/or encrypted as codeword c, where said w consists in a said informative watermark w _{inf }and said reference watermark w_{ref}, (c) generating said authentication watermark w _{frag }as a function of said key k and said contextual information, (d) embedding said robust watermark w into said original data x to get said robustly marked data y, (e) embedding said authentication watermark w _{frag }into said robustly marked data y in orthogonal manner to said informative watermark w_{inf}, resulting into the final marked data z whereby said reference watermark w _{ref }assists amongst others in the estimation and recovering from local and global geometrical image alterations, channel state estimation, verification of reliability, fast detection of the said robust watermark w presence in said z and synchronized decoding of said error correction codes (ECC), and said authentication watermark w_{frag }assists in tampering detection, authentication and prevention of estimation of robust watermark w or informative watermark w_{inf }with following copying to another target media known as the copy attack, and identification of the reliability of said informative watermark w_{inf}, and furthermore whereby said z is visually indistinguishable from said x. 2. The method of _{frag }to said x in the spatial domain or some transform domain. 3. The method of _{frag }contains global and/or local encrypted contextual information about data x such as data size, unique data ID, name, index or random unique stamp that is the same for one data but is different to another data to resist against collage attack and copy attack, and produces local data dependent signatures or local message digest code (MDC). 4. The method of 3 wherein said unique stamp additionally carries information about date, time and other specific information identifying the particularities of embedding process that even enables the identification of copied areas and their localization. 5. The method of _{frag }uses as input global and local information about the original data x and/or the robustly watermarked data y, including local blocks of the data, local blocks indexes, data global size, etc., and wherein all key dependent positions and bit planes where said authentication watermark w_{frag }is to be embedded are excluded from the information used as input for the generation of this w_{frag}. 6. The method of _{frag }comprises a key-dependent regular (such as square blocks), or any irregular spatial allocation structure. 7. The method of claims 1, 5 and 6 wherein said blocks are hashed using information about neighboring blocks to defeat simple substitution attacks and cut-and-paste attacks. 8. The method of claims 1 wherein said authentication watermark w_{frag }is embedded into contiguous and non-overlapping blocks with predefined indexes which may be generally key-dependent. 9. The method of _{inf }and authentication watermarks w_{frag }are used jointly to detect the collage and the copy attacks that can not be achieved only based on their independent usage. 10. The method of 9 wherein said informative w_{inf }and authentication w_{frag }watermarks are used jointly on the local blockwise level to detect the sequence of the applied attacks and to distinguish the multiple watermarks embedded with the same technology and the same key but possibly with different messages, and to identify the original informative message b initially embedded into said media x. 11. The method of _{inf }and/or authentication watermark w_{frag }is used to detect the tampered regions or the boundaries of objects, which have been copied from other medias even with the preservation of their block indexes and positions. 12. The method of 13. The method of 14. The method of Description [0001] In some embodiment this application refers to the following robust watermarking related patents: [0002] Self-reference multi-resolution watermarking in the European Patent Application PCT/IB00/01089 filed by Sviatoslav Voloshynovskiy, Frédéric Deguillaume, Shelby Pereira, Alexander Herrigel and Thierry Pun on Aug. 3, 2000 and entitled “Method for adaptive digital watermarking robust against geometric transform”, accepted in May 2001 [1]; [0003] Recovering of local non-linear distortions on the U.S. patent application USPTO 60/327,097 filled by Sviatoslav Voloshynovskiy, Frédéric Deguillaume and Thierry Pun in Oct. 4, 2001 and entitled “A Method for Digital Watermarking Robust Against Local and Global Geometrical Distortions and Projective Transforms” [2]; [0004] Recovering of global affine transforms on the U.S. patent application USPTO 10/051,808 filled by Frédéric Deguillaume, Sviatoslav Voloshynovskiy and Thierry Pun in Jan. 17, 2002 and entitled “A Method for the Estimation and Recovering of General Affine Transform” [3]. [0005] These last years, the rapidly growing multimedia market and use of digital technologies in general has revealed an urgent need for securing documents. Numerous threats have been identified yet, but one of the first to be pointed out was the incredible ease with which exact copies could be done without any authorization. Classical protection such as cryptography soon appeared not to be a solution, since once a document has been decrypted, even by an authorized customer, this customer could always distribute the document in plain form without any restriction. Therefore more sophisticated document security methods have been proposed, aiming first at solving the copyright protection problem, based on watermarking technologies. [0006] Copyright Protection [0007] The main requirements for copyright-protection watermarking algorithms are robustness (denoting how the watermark can survive any kind of malicious or unintentional transformations), visibility (does the watermark introduce perceptible artifacts), and capacity (the amount of information which can be reliably hidden and extracted from the document after certain attacks). For copyright applications, robustness should be as high as possible, visibility as low as possible in order to preserve the value of the marked document. Note however that capacity can be low since copyright information generally requires a rather small amount of information, which can be an index inside a database holding copyright information. Other requirements can be outlined, which are: security (from the cryptographic point of view), and that the scheme should be oblivious (the original image is not needed for the extraction process). [0008] Many robust watermarking schemes have been proposed, consisting in either spatial domain, or transform domain watermarks. Currently two main issues can be pointed out: first, interference cancellation, which can be performed either at the encoder side by embedding the watermark using quantization as Quantization Index Modulation (QIM) [4] or using product codebooks of dithered uniform scalar quantizers in the Scalar Costa Scheme (CSC) [5], or at the decoder side based on the robust prediction of the embedded watermark as in our previous approach [1,6]. Secondly, geometrical synchronization, aiming at compensating geometrical distortions which desynchronize the embedded signal and make it unreadable. [0009] Solutions against geometrical transform can use either a transform invariant domain watermark like the Fourier-Mellin transform [7], or an additional template for resynchronization [8], or a self-reference watermark based on the Autocorrelation Function (ACF) of a repetitive watermark [9]. Self-reference watermarks have been shown to have as main advantage over other methods the fact that they exploit the redundancy of the regular structure of the watermark in order to robustly estimate the undergone geometrical distortions. We previously proposed a method based on this concept, which is robust to general affine transforms [6,10] as well as to non-linear distortions and to the Random Bending Attack (RBA) [2,11]; our approach uses the ACF or magnitude spectrum of a periodical watermark, at the global level to recover from affine transforms, and at the local level to recover from the RBA. [0010] Tamperproofing and Authentication [0011] Other important threats have recently been identified with respect to multimedia document, the most important of them being the ease offered by today technologies for tampering or counterfeiting. Digital cameras are constantly growing in quality while becomming widely available, and softwares such as Paintshop Pro or Addobe Photoshop make it very easy to perform complex modifications without visible artifact. Although this is useful for artistic applications, this is a serious problem for legal applications such as evidences in trials, for insurances in medical imaging, for counterfeiting, etc. Classical analysis techniques used for authenticating analog photographs are ineffective. Another important issue is the ability to authenticate the originator of a visual document. [0012] Of course global cryptographic signatures can detect tampering and authenticate documents, but are unable either to highlight which areas have been modified, or to assess the severity of the alteration; moreover, format conversion kills this meta-data. Such a global authentication has been proposed by Friedman in his trusted digital camera [12]. Therefore one proposed solution to both tamperproofing and authentication is again watermarking, which is used here to attach check-codes of local areas inside the image itself, in order to achieve the ability to localize altered regions. Such watermarks do not need the same level of robustness than for copyright protection, since in case of removal or cancellation the image can just be considered as non authentic. Two cases can be distinguished: the watermark can be either fragile, meaning that any modification, even a limited change of a small set of pixels, is detected, or semi-fragile, offering a level of tolerance to some “acceptable” alterations such as low-level lossy compression or slight contrast adjustment. [0013] For fragile watermarking, the image is generally first divided into small blocks for locality, and a key-dependent hash function is applied to each of them, and the obtained hash-codes are embedded into their corresponding blocks, usually in the least significant bits (LSB) of pixels. Tampering is then detected where the recomputed codes do not match the stored codes. Wong [13] proposed such a blockwise approach. At the opposite, semi-fragile watermarks are more tolerant, and can even be used to measure the severity of the alteration; a robust watermarking scheme has sometimes been proposed for this, however this approach is insecure since robust watermarks are usually additive, making them vulnerable to the so-called copy attack: the signal can be easily estimated using denoising techniques and copied to another image [14]. Note that the same attack can be applied to LSB-based technologies too. Another possibility is to compute robust or visual hashes which are tolerant to slight modifications, and to embed them robustly. We can mention also self-embedding watermarks where a low resolution version of the visual content is embbedded into the image itself; Wu and Liu [15] propose such a scheme which embeds the visual content using the look-up table (LUT) of the frequency domain coefficients, and Fridrich [16] proposes to embed the visual content in the bit representation of chosen discrete Cosine transform (DCT) coefficients. Self-embedding watermarks not only can detect tampered areas by locally analyzing mismatches between the stego image and the actually extracted visual information, but can even reconstruct these areas. [0014] A Hybrid Solution [0015] While robust watermarks are typically required for copyright protection, the fragile or semi-fragile watermarks have been proposed to solve tamperproofing and authentication. Watermarking methods above are either robust schemes, or fragile/semi-fragile schemes; however approaches combining both robust and fragile/semi-fragile schemes for copyright and tamperproofing/authentication application are rarely proposed. Fridrich [17] proposed such an hybrid method, but uses a watermark with relatively low robustness. Further, most of robust watermarking schemes are vulnerable to the copy attack, which allows copying a watermark from one document to another without need for any a priori knowledge [14]. Therefore, to this extent no real working scheme for hybrid robust watermarking, tamperproofing and authentication has been proposed yet. [0016] The present invention describes a method for hybrid robust watermarking which: first, joins a highly robust watermark (which we will call w) with a fragile authentication watermark (called w [0017] The drawings shown in: [0018]FIG. 1: An embodiment for the proposed hybrid embedding algorithm, including both the robust and the authentication parts at the global level, is shown in this block-diagram, each block being identified by a unique number in parenthesis: [0019] Robust part: a Perceptual Model M is computed from the input cover image x (block [0020] Fragile part: spatial k key-dependent positions and bits are retained for the embedding of the fragile watermark w [0021]FIG. 2: An embodiment for the proposed algorithm is shown for the fragile part embedding at the block level, this part corresponding to blocks [0022] of the robust part and being transmitted to the fragile algorithm (dashed arrows). [0023]FIG. 3: An embodiment for the proposed hybrid extraction and verification algorithm, including both the robust and the authentication parts at the global level, is shown in this block-diagram: [0024] Robust part: the possibly attacked stego image z′ is processed by the Robust WM Extractor (block [0025] Fragile part: the Blockwise Fragile WM Extractor ( [0026] Hybrid diagnostic: finally, by combining the robust message {circumflex over (b)} and a decoding diagnostic (i.e. is {circumflex over (b)} correctly decoded or not, based for example on some integrity check-code applied to the message and including into the binary string b), the tampered-blocks map {circumflex over (T)}, and the global authenticity value A [0027]FIG. 4: An embodiment for the proposed algorithm is shown for the fragile part extraction at the local block level, this part corresponding to blocks _{i,j}={tilde over (s)}_{i,j}.
[0028]FIG. 5: Pseudo-code describing the fragile part embedding for all blocks: the robustly marked image y is divided into blocks y [0029]FIG. 6: Pseudo-code describing the fragile part verification for all blocks: the possibly attacked image z′ is divided into blocks z′ [0030] In the drawings identical parts are designated by identical reference numerals. The pseudo-codes are given for the purpose to describe the algorithms as clearly as possible, and are not optimised. [0031] We propose to join the highly robust watermarking method that we previously developed (Voloshynovskiy et al. [6]) with a blockwise fragile algorithm based on cryptographically secure hash-codes similar to Wong's approach [13], but with various improvements for security reasons that are discussed later in this document. The robust watermarking scheme our hybrid technology is based on is a content adaptive multi-resolution algorithm with channel state estimation, exploiting a self-reference watermark in order to resist against geometrical transformations. The principles of this scheme are also explained in more details in our previous publications [6,10,11,18] and patents [1,2,3]. [0032] Hybrid Watermark Embedding [0033] The block diagram FIG. 1 shows the hybrid embedding process at the image level. This is a symmetrical tamperproofing/authentication scheme, that means that both the signature embedding and verification require the same user key k, which should be kept secret. The robust watermark w further consists in the following two non-overlapping, i.e. orthogonal, components: the informative watermark w [0034] Obviously, the fragile component has to be applied after the robust one, in order to hash the robust watermark with the image. The fragile watermark, called w I=I′ H_{k}(I)=H_{k}(I′)
I≠I′ H_{k}(I)≠H_{k}(I′) (1)
[0035] where I and I′ are any input (not necessary visual data), and H [0036] The robustly marked image I (containing w) is divided by the fragile algorithm into contiguous and non-overlapping blocks of indexes i,j, and result into a final stego image z (containing both w and w [0037] where M,N is the image size and m,n the block size in number of pixels (width and height respectively). Note that if the image size is not an exact multiple of the block size, one can actually take the lower integer bounds of
[0038] and
[0039] The embedding of the fragile part w [0040] In contrast to Wong's approach where blocks are independently hashed, our hash function takes as input the current i,j-block itself as well as some neighboring blocks (FIG. 2, block η(i,j)=((i−1),j−1),(i−1,j),(i−1,j+1),(i,j−1),(i,j+1),(i+1,j−1),(i+1,j),(i+1,j+1)) (the 8 neighbors) η(i,j)=((i−1,j),(i,j−1),(i,j+1),(i+1,j)) (4 neighbors) η(i,j)=((i,j−1),(i,j+1)) (2 neighbors) η(i,j)=((i,j−1)) (only 1 neighbor) [0041] For those blocks which are along the image borders (i.e. iε{1,M/m} or jε{1,N/n}) and for which the neighboring blocks fall outside of the image, one can just consider that the image is infinitely padded with the value 0 or just ignore out-of-range neighbors from the hash input. [0042] In addition to HBC, other local or global contextual information can be included in the input of hash functions, such as current block indexes (i,j), the image size (M,N), owner-related data like in the case of robust watermarking, date and time, place, unique image identification name or number, etc. Such hashed additional information is denoted by the “ . . . ” in pseudo-code in FIG. 5 (line [0043] Note that w [0044] Hybrid Watermark Extraction And Verification [0045] The block diagram FIG. 3 shows the extraction and authentication part. At the extraction stage, the robust extractor (FIG. 3, block [0046] The authentication part takes z′ as input; re-computes signatures (FIG. 3, block [0047] For the authentication the input image z′ is divided into blocks of the same size and same positions as for the embedding process as:
[0048] The block diagram FIG. 4 and pseudo-code in FIG. 6 show the extraction and verification of the fragile signature at the block level. We can then define an estimated authenticity value {circumflex over (T)} {circumflex over (T)} [0049] where δ(.) is the Kroneker symbol (δ(x)=1 if x=0, and δ(x)=0 otherwise) considering {tilde over (s)} [0050] with the following interpretation: A 0<A A [0051] Tamperproofing/Authentication Decision [0052] At the end the generic following decision d [0053] 1. {circumflex over (b)} is correctly decoded and A [0054] 2. {circumflex over (b)} is correctly decoded but A [0055] 3. {circumflex over (b)} failed or multiple {circumflex over (b)} [0056] 4. {circumflex over (b)} was not decoded and A [0057] Simple attacks are easily detected in items 1, 2, and 4 above. If the marked image has been simply replaced by another one, the input will obviously be rejected; any local modification in a valid image will destroy signatures in the altered blocks. A copy attack further corresponds to the second item when A [0058] Item 3 above is a particular case: if the robust watermark is altered or is not coherent, then we could expect {circumflex over (T)} [0059] In general the analysis of the {circumflex over (T)} [0060] Security Of Hybrid Watermarking [0061] Many attacks or malicious changes can be mounted against hybrid-watermark documents, targeting the robust watermark and the fragile watermark, as well as interactions or relationship between both parts. Since attacks on robust watermarking have been already widely discussed, here we will mainly focus on intentional attacks specific to the fragile part. Unlike those dedicated to robust watermarks, the general goal of attacks on fragile watermark is not to remove the information (otherwise the host data would be invalidated), but rather to perform tampering or manipulations without being detected at the verification stage. [0062] In a fragile approach, any change is in theory detected, since the change of one pixel would result into the mismatch of embedded and recomputed hash codes for the corresponding block. However, the retained method for the generation of signatures and their embedding should be carefully designed in order to keep resistance to various tampering attack. It has been noticed very soon that simple schemes based on the hashing of non-overlapping and independent blocks like in Wong's approach were vulnerable to various tampering attacks, and especially to substitutions attacks described by Holliman et Memon [19], and Barreto et al. [20]. Other weaknesses could result from the design of the used cryptographic primitives and the way they are implemented, the signatures lengths, etc. Many of these attacks have been pointed out and advanced solutions proposed, in particular by Barreto et al. [20]. Further, in a hybrid approach, the information given by the joint use of robust and fragile watermarks can be exploited in order to increase the security. Below we describe the most significant attacks, and then propose countermeasures against them, covered by the scope of this invention. [0063] Substitution Attacks [0064] The most simple of these attacks could consist in exchanging color planes in color images, in the case where each plane is hashed separately. Therefore an obvious solution would be to hash the three color planes together. Generally, the hashing and marking of independent blocks, without any other contextual information, is vulnerable to simple copy and paste inside the same watermarked image: a few valid blocks copied from a suitable area can be pasted in another place in order to hide or to replace an object, without visible artifact; the only restriction for this attack to succeed is to respect blocks synchronization, which is not difficult when the block size is publicly known. The knowledge of the key is not required, since each block is independently authenticated by itself. If the copied area comes from another image, two cases can be distinguished: either the other image is not watermarked or is watermarked with a different key, and the copied object will be detected as tampered; or the other image is watermarked with the same key, and the copied area can be seen as authentic. Therefore the problem arises when the images used are all watermarked using the same key. By this technique, it is even possible to construct a fake image by pasting together areas coming from different images. This type of attack, aiming at replacing parts or the entire image, are known as substitution attacks. The different variants above could be named copy-and-paste attack when an object is pasted into a valid image, or the already mentioned collage attack when a composite image is generated from several marked source images. [0065] In the same framework, an advanced version of the substitution attack can be mounted using vector-quantization (VQ) techniques [19], which is known as the vector quantization attack, or the Holliman-Memon attack. This is an enhancement of the collage attack, which is able to construct an arbitrary composite image using the smallest possible areas—the blocks themselves. For this purpose the attacker first needs to gather a set of watermarked images, all marked with the same key. These blocks are sorted in order to regroup together blocks corresponding to the same embedded logo or the same block-synchronization used for the fragile watermark embedding; this is actually the case for all blocks having the same index i,j, if the division is made in the same order for all images. Then the attacker can reconstruct a completely new image by picking up, for each block synchronization, a block from the group corresponding to the same synchronization, which is visually the closest to the image to be constructed. This approach is merely the same as vector quantization, where we can think of a “code book” as the collection of all blocks that would be correctly decoded. The gathering of a sufficient number of set of images marked with the same key is quite realistic, for example from a database; actually a small number of images (i.e. less than 10) is often sufficient to apply this attack, with very little visual artifact. This attack can also be named the cut-and-paste attack [20]. [0066] Cryptographic Attacks [0067] The underlying cryptographic primitives are obviously important too. Secure and well-studied cryptographic algorithms should be used, using keys of sufficient lengths. However since the fragile watermarking is based on hash codes and signatures, one important point to mention is the lengths of such hash-codes. Wong's scheme uses hash-codes of 64 bits length. It could be believed 64 bits are secure enough, since an exhaustive search would take 2 [0068] However the possible weakness here rather consists in the possibility to find hash-code collisions, i.e. two blocks from different images (watermarked with the same key) which result into the same hash-code—which would help for generating a faked image. Here the problem is not to find input which result into one particular hash-code, but to find two arbitrary codes which collide. Collision search can be performed on a set of images assuming they are all watermarked with the same key, without knowing the actual key by comparing the bits used for the embedding (the LSB selected positions in our case). This problem is subject to the anniversary paradox [21], which states that for hash-codes of n bits, the probability to obtain a collision is already equal to about 50% when only {square root}{square root over (n)} random blocks are gathered. With hash-codes of 64 bits, only 2 [0069] We therefore discuss the following countermeasures to defeat all known cryptographic attacks described above on joint robust and fragile watermarking. [0070] Hash-Code Block Chaining (HBC) [0071] Substitutions attacks are made possible mainly due to the independence of blocks. The solution is therefore to introduce local dependencies as well as other local contextual information. First hashing the three planes together in color image prevents from color swapping. Secondly, hashing each block with some of its neighbors (HBC) makes substitution attacks more difficult to mount; HBC is equivalent to the overlapping blocks proposed by Coppersmith et al. [22]. Thirdly, we propose to hash additional global and local contextual information with each block, including the image size, the current block indexes, and other unique random information for each image. Fourthly, the anniversary attack could be simply defeated by using signatures of sufficient lengths. [0072] Un-Deterministic Hash-Code Chaining (HBC) [0073] Barreto et al. [20] further show that even with HBC, a fragile watermarking algorithm is not secure against a more sophisticated substitution attack which consider groups of chained blocks together instead of single blocks. They call this attack, which is an enhancement of the cut-and-paste attack, the transplantation attack; increasing the number of chained blocks does not help, since this attack would just need to consider larger groups of chained blocks. Therefore they proposed to enhance HBC by chaining previous hash-codes too as hash-code block chaining version 2 (HBC2), combined with un-deterministic signatures: first, the hash function takes as input not only the neighboring blocks, but also neighboring (and already computed) signatures; secondly, “un-deterministic signature” means that two strictly identical input hashed using the same key produce two randomly different signatures: consequently the assumption that images are all watermarked with the same key does not help anymore, since signatures always look random to an attacker. Note that any deterministic hash function may be turned into an un-deterministic one by using a random salt, taken as input and appended to the signature. The salt consists in a random string r which is appended to the hash-code h or the signature s; at the embedding stage r is included in the input of the hash function as: h=H s=S [0074] and both r and h (or s) are embedded as (r,h) (or (s,h), since this salt r is needed for the verification stage (k being the user key). [0075] Global And Local Contextual Information Hashing [0076] Unfortunately, the previously given solutions are still not enough to ensure full resistance against the collage attack mentioned above, when areas large enough are copied and pasted: only the boundaries between areas coming from different images are detected as tampered, but nothing can tell us that these different areas come from different sources. We could then think of hashing the binary representation of blocks indexes (i,j), or the image size (M,N) as well. However the collage attack is still possible by preserving the blocks original positions and by using images of the same size. [0077] A second solution we can think of is then to hash some global additional information, chosen unique for each image; an identification number (ID) could be used for this purpose. The consequence of this method is that given an image ID, only the corresponding areas will be authenticated, but the pasted areas will be rejected. Any additional global and local information hashed is then represented by the “ . . . ” in pseudo-codes in FIG. 6 (line [0078] Embedded Hashed Unique Stamps [0079] Since any hashed additional information is also needed at the verification stage, it should be stored with its corresponding key, which could make the images ID method above inconvenient for many applications. We therefore propose a third solution, which is to store such additional information within the hash code—an unique stamp for each image, in encrypted form. In this case such stamp can be random and does not need to be stored separately from the image anymore, and just acts as an additional salt (equation 10) which is the same for all blocks of one image, but is different from one image to another. Moreover this stamp can even carry useful information, its only requirement being to be unique for each image. We actually propose to use a time-stamp indicating the date and time of embedding, plus other specific information if necessary. The time-stamp is included in the input of the hash functions, and at the verification stage is used before recomputing the signature. In this approach, signatures will be authenticated again in every copied area again, but the extraction of different time-stamps can alerts us that a collage attack probably occurred. With this method it is even possible to count the number of copied areas and to localize them. [0080] Jointly Exploiting The Robust Watermark [0081] Finally, the proposed hybrid watermarking scheme gives us an opportunity which current state-of-art fragile only schemes do not have. From our part, we propose to use the extraction result from both the robust part and the fragile part, in addition to every countermeasure detailed above. Consequently a more precise diagnostic can be given. [0082] First, the collage attack detection can be enhanced, since the robust algorithm could either fail, or decode different independent messages correctly when the RBA-resistant version of our robust method [2,11] is used (due to the fact that it extracts the watermark at the local level). This feature corresponds to the item 3. of the decision enumeration given in the “Tamperproofing/authentication decision” paragraph. When used jointly with the stamp/time-stamp approach, we have then another criteria to detect such attacks; further, if the same robust message was embedded in all parts (resulting into only one decoded message), the embedded stamp approach can still distinguish the different parts. [0083] Secondly, as we concluded in the “Tamperproofing/authentication decision” paragraph, joint robust and fragile watermarking is resistant to the copy attack: it is generally easy to estimate the robust watermark, and to copy it into another unmarked image. The robust watermark will still be correctly decoded from the new image, but the fragile watermark will fail. Even if the fragile part is also copied to the destination image (e.g. by copying the LSB), the signatures would not match since the input of the hash functions are changed. [0084] Summary Of Security Measures [0085] Consequently, we can summarize the main security measures that could be implemented by the following items: [0086] 1. use hash-codes of sufficient lengths: hash-codes of at least 128 bits should be used, and we propose the MD5 (128 bits) or the SHA (160 bits), in order to defeat the anniversary attack. [0087] 2. chain blocks in hash-coding (HBC): for each block compute the hash-code of this blocks plus neighboring blocks, in order to defeat simple substitution attacks and the cut-and-paste attack. [0088] 3. chain signatures in hash-coding (HBC2): in addition to HBC, make hash-codes also dependent from at least one previously computed signature. [0089] 4. use un-deterministic hash-coding: un-deterministic hash-codes or signatures, jointly used with HBC2 above, in order to defeat advanced attacks such as the transplantation attack. [0090] 5. hash extra global and local information: hashing the indexes i,j of the current block makes block synchronization necessary for an attack to succeed; hashing the image's size M,N restrict attacks to images of the same size; hashing an unique ID for each image makes substitutions attacks merely infeasible, but may be not practicable in many applications (this ID should be stored separately). [0091] 6. hash and embed an unique stamp: hash an unique stamp for each image (e.g. a random ID), which is embedded beside the signatures, to defeat the collage attack, and to allow to distinguish and localize pasted areas; can also carry useful information such as a time-stamp. This method can be used in place of the unique ID approach of item 5. [0092] 7. use jointly information from the robust and fragile parts: analyzing the decoding of both parts gives us a more powerful diagnostic, in order to confirm the detection of the collage attack, and to defeat the copy attack. [0093] Therefore, using first countermeasures suggested for the fragile part, and secondly by taking advantage of the hybrid approach by exploiting the additional information coming from the robust part, we can expect a highly robust and secure approach for both copyright protection, tamperproofing and authentication. [0094] Conclusion [0095] This patent presents a hybrid robust watermarking scheme for visual data, which combines copyright protection, detection of tampering, and authentication. For this purpose we jointly used the highly robust watermarking scheme we previously developed, and a fragile watermark based on local signatures. Note that little work has been done today on such hybrid robust and fragile. [0096] The robust part exhibits high robustness to signal processing attacks, geometrical transforms as shown by the Stirmark [23] results, as well as robustness to printing and rescanning. The algorithm is resistant against random local geometrical distortions too as well as to projective and non-linear transforms, and can also defeat collage attack by extracting and decoding the copyright information locally. [0097] The fragile part does not decrease the robustness of the robust part, due to its nearly orthogonal embedding with respect to the robust information. Exploiting the diagnostics from both the robust and the fragile parts, the algorithm is resistant against different kinds of attacks, including the copy attack and the collage attack. [0098] 1. S. Voloshynovskiy, F. Deguillaume, S. Pereira, A. Herrigel and Thierry Pun, “Method for adaptive digital watermarking robust against geometric transform”, European Patent Application PCT/IB00/01089, Aug. 3, 2000, accepted in May 2001. [0099] 2. S. Voloshynovskiy, F. Deguillaume and T. Pun, “A Method for Digital Watermarking Robust Against Local and Global Geometrical Distortions and Projective Transforms”, U.S. patent application USPTO 60/327,097, Oct. 4, 2001. [0100] 3. F. Deguillaume, S. Voloshynovskiy and T. Pun, “A Method for the Estimation and Recovering of General Affine Transform”, U.S. patent application USPTO 10/051,808, Jan. 17, 2002. [0101] 4. B. Chen and G. W. Wornell, “Quantization Index Modulation: A class of provably good methods for digital watermarking and information embedding”, Proceedings of IEEE International Symposium on Information Theory, vol. 47 num. 3, pp. 1423-1443, May 2001. [0102] 5. J. J. Eggers and J. K. Su and B. Girod, “A blind watermarking scheme based on structured codebooks”, IEE Conference on Secure Images and Image Authentication Proceedings, pp. 4/1-4/6, Apr. 10, 2000, London, UK. [0103] 6. S. Voloshynovskiy, F. Deguillaume and T. Pun, “Content adaptive watermarking based on a stochastic multiresolution image modeling”, Tenth European Signal Processing Conference EUSIPCO′2000, September 2000, Tampere, Finland. [0104] 7. J. J. K. Ó Ruanaidh and T. Pun, “Rotation, Scale and Translation Invariant Spread Spectrum Digital Image Watermarking”, Signal Processing, vol. 66 num. 3, pp. 303-317, 1998. [0105] 8. S. Pereira, J. J. K. Ó Ruanaidh, F. Deguillaume, G. Csurka and T. Pun, “Template Based Recovery of Fourier-Based Watermarks Using Log-polar and Log-log Maps”, Int. Conference on Multimedia Computing and Systems, Special Session on Multimedia Data Security and Watermarking, June 1999. [0106] 9. M. Kutter, “Digital image watermarking: hiding information in images”, EPFL, August 1999, Lausanne, Switzerland. [0107] 10.F. Deguillaume, S. Voloshynovskiy and T. Pun, “Method for the estimation and recovering of general affine transforms in digital watermarking applications”, IS&T/SPIE's 14th Annual Symposium, Electronic Imaging 2002: Security and Watermarking of Multimedia Content IV, vol. 4675, Jan. 20-25, 2001, San-Jose, Calif., USA. [0108] 11.S. Voloshynovskiy, F. Deguillaume and T. Pun, “Multibit Digital Watermarking Robust Against Local Nonlinear Geometrical Distortions”, IEEE ICIP2001, pp. 999-1002, October 2001, Thessaloniki, Greece. [0109] 12.G. L. Friedman, “The trustworthy digital camera: restoring credibility to the photographic image”, IEEE Transactions on Consumer Electronics, vol. 39, pp. 905-910, November 1993. [0110] 13.P. W. Wong, “A Public Key Watermark for Image Verification and Authentication”, IEEE International Conference on Image Processing ′98 (ICIP′98) Proceedings, vol. 1, MA11.07, 1998. [0111] 14.M. Kutter, S. Voloshynovskiy and A. Herrigel, “Watermark copy attack”, Wah Wong, Ping and Edward J. Delp, IS&T/SPIE's Electronic Imaging 2000 SPIE Proceedings, vol. 3971, January 2000, San Jose, Calif., USA. [0112] 15.M. Wu and B. Liu, “Watermarking for image authentication”, IEEE International Conference on Image Processing ′98 (ICIP′98) Proceedings, TA10.11, Focus Interactive Technology Inc., October 1998, Chicago, Ill., USA. [0113] 16.J. Fridrich and M. Goljan, “Protection of Digital Images Using Self Embedding”, Symposium on Content Security and Data Hiding in Digital Media, May 1999, New Jersey Institute of Technology, USA. [0114] 17.J. Fridrich, “A Hybrid Watermark for Tamper Detection in Digital Images”, ISSPA′99 Conference, August 1999, Brisbane, Australia. [0115] 18.S. Voloshynovskiy, A. Herrigel, N. Baumgaertner and T. Pun, “A Stochastic Approach to Content Adaptive Digital Image Watermarking”, Lecture Notes in Computer Science: Third International Workshop on Information Hiding, Springer, vol. 1768, pp. 211-236, September/October 1999, Dresden, Germany. [0116] 19.M. Holliman and N. Memon, “Couterfeting attacks on oblivious block-wise independent invisible watermarking schemes”, IEEE Transactions on Image Processing, vol. 9, num. 3, pp. 432-441, March 2000. [0117] 20.P. S. L. M. Barreto, H. Y. Kim and V. Rijmen, “Toward a Secure Public-key Blockwise Fragile Authentication Watermarking”, IEEE ICIP2001, pp. 494-497, October 2001, Thessaloniki, Greece. [0118] 21.A. J. Menezes and P. C. van Oorschot and S. A. Vanstone, “Handbook of Applied Cryptography”, CRC Press, ISBN 0-8493-8523-7, October 1996. [0119] 22.D. Coppersmith, F. Mintzer, C. Tresser, C. W. Wu and M. M. Yeung, “Fragile imperceptible digital watermark with privacy control”, IS&T/SPIE Electronic Imaging′99, Session: Security and Watermarking of Multimedia Contents”, January 1999, San Jose, Calif., USA. [0120] 23.F. A. P. Petitcolas, “Stirmark benchmark 4.0”, http://www.cl.cam.ac.uk/˜fapp2/watermarking/stirmark/, 2002. Referenced by
Classifications
Rotate |