chapter 2 an overview of digital...
TRANSCRIPT
13
Chapter 2
An Overview of Digital Watermarking
Digital watermarking involves embedding of a watermark containing significant
information about the work or its owner in digital multimedia contents in a way
that the presence of the watermark can be detected despite various intentional or
unintentional manipulations. While the field of digital watermarking is relatively
new compared to the use of traditional centuries old visible watermarks, the
theories and technologies behind it are not [2]. Digital watermarking techniques
are based on the principles and methods from a wide range of diverse disciplines
like steganography, spread spectrum communications technology and the
perceptibility concept and noise theory. Steganography is the practice of
embedding secret information by imperceptibly altering digital contents so that the
information can be extracted only by the intended receiver. Both steganography
and digital watermarking are the sub-fields of information hiding and make use of
the principles of spread spectrum communications technology, human visual
perceptibility concepts and fundamentals of noise theory to embed the watermark
in the form of narrowband signal over the larger bandwidth such that it is neither
perceptible nor statistically noticeable [26]. Despite these similarities,
steganography and watermarking are different in terms of applicability and
preferences. The basic and sole purpose of steganography is to covert
communication whereas digital watermarking is used for a variety of applications
related to intellectual property rights protection including copyright protection,
content authentication and piracy control. Further, various steganography
techniques strive for imperceptibility and high embedding capacity but give less
importance to robustness, whereas robustness is crucial for many digital
watermarking systems.
14
2.1. A Generic Model for Digital Watermarking System
Before describing the generic watermarking model, we define some standard
terminology and notations used as follows.
i. Media refers to any digital contents including text, images, videos and
audio clips.
ii. Host media )(I is the original digital signal which is to be watermarked. It
is also referred to as cover media, source data or original data.
iii. Watermark )(w can be any signal which is embedded into the cover. It
may be an identification code or message containing significant
information about the origin, owner, contents, authorised receiver and
usage of the cover. In certain cases, it may be a logo or some randomly
generated sequence. In our thesis, it is a pseudo-randomly generated binary
sequence.
iv. Embedding process is the process of inserting the watermark signal into
the cover media.
v. Watermarked media )( wI is the output watermarked media obtained after
embedding the watermark into the cover.
vi. Communication channel refers to the technology used for the
transmission of watermarked media from source to destination. The
communication channel is prone to attacks and may cause distortions in
the transmitted media.
vii. Attacks and threats are the distortions to the watermarked media. These
distortions may be intentional or unintentional. Some commonly occurring
unintentional distortions are due to lossy compression techniques, noise
added by the communication channel and other signal processing
transformations like analog to digital conversion and vice-versa. The
intentional distortions include geometric transformations and other
malicious changes to breach the security and authenticity of watermark.
viii. Attacked watermarked media )( wI is the possibly attacked or manipulated
version of watermarked media due to various intentional or unintentional
attacks.
15
ix. Detection is the process of asserting the presence of the watermark signal
in the received media. Given a possibly attacked watermarked media, the
response of the detector is binary, indicating ‘present’, if the media is
found watermarked or ‘absent’ otherwise.
x. Extraction is the process of revealing the watermark embedded in the
received media. In addition, the extraction process may have to decode and
validate the information extracted before it can be used as evidence in the
court of law.
A generic digital watermarking system consisting of an embedding process
for inserting the watermark signal at the sender side and a detector or extractor at
the receiver side is shown in Fig. 2.1. The watermark embedding process takes
two inputs. One is the watermark we want to embed and the other is the cover
media in which watermark is to be embedded. The embedding process inserts the
watermark into cover media and produces watermarked media which is
transmitted over a noisy and hostile channel. At the receiver side, there may be a
detector or extractor. While a watermark detector only verifies the presence of the
watermark which may be non informative in nature, an extractor has the more
challenging job of revealing the embedded watermark from a possibly corrupted
received media. The watermark detector or extractor at the receiver side can be
designed with or without some prior information about the watermark signal or
the original cover media. Since it is assumed that the communication channel can
be noisy and prone to security attacks, hence the digital watermarking techniques
should be resilient to both unintentional manipulations and security attacks.
Fig. 2.1. A generic digital watermarking system.
Extractor
Embedding
Process
Communication
Channel
Watermark
)(w
Host media
)(I
Watermark
)(w
Attacks and Threats
Watermarked
media
)( wI
Detector Binary
response Attacked
watermarked
media
)( wI
16
The general watermarking model presented in Fig. 2.1 is defined for all
types of digital contents including audio tracks, images and video clips. Generally,
an audio signal is defined as the one-dimensional wave signal, an image has two-
dimensions each along the horizontal and vertical axes and video is considered
three-dimensional with ‘time’ as its third dimension. With proper transformations,
a one-dimensional audio signal can be straightforwardly mapped to an image like
two-dimensional signal while videos can be considered as a sequence of still
images. It is worth mentioning here that the digital video is generally stored and
distributed in compressed format (e.g., MPEG-2, MPEG-4 etc.) in which the
compression algorithms take advantage of temporal redundancy in the video.
Thus, while embedding watermarks in a video, one have to ensure that the
watermark remains unaffected by compression of the raw video signal and should
not alter the bit-rate of the video.
Our research work will primarily focus on still images because of their
easy extendibility for other digital media like video and audio signals. Thus, the
concepts and work presented henceforth specifically apply to image
watermarking. We will use the term ‘watermarking’ with an implicit reference to
image watermarking while the term ‘digital watermarking’ will be used for the
generalisation of the concept wherever and whenever necessary.
2.2. Properties of a Watermarking System
An image watermarking system can be characterised by a number of properties
associated with its embedding or detection process and the role played by the
watermark for specific applications. Following are some of the desirable
properties of an effective image watermarking system.
2.2.1. Embedding Effectiveness
The effectiveness of an image watermarking system is defined as the probability
that the output generated by the embedding process is the watermarked media. In
other words, it is the probability of detecting the watermark immediately after
embedding [3]. Though 100% effectiveness is desirable for a good watermarking
system, the level of effectiveness may vary for specific application requirements.
17
2.2.2. Visual Imperceptibility
The embedding of the watermark signal causes visual degradation to the host.
Many watermarking systems require that these degradations must be
imperceptible or perceptually invisible in order to maintain the aesthetic value.
Visual imperceptibility is also desirable for preventing unauthorised revelations of
the information and ensuring watermark security. In order to achieve good visual
imperceptibility, the digital watermarking scheme takes advantage of the human
visual system (HVS) models. According to these models, human eyes are less
sensitive to the changes made in the highly textured complex regions compared to
the flat monotonous regions of the image. Thus, textured regions are considered
more suitable for embedding larger and stronger watermarks.
2.2.4. Robustness
Watermark robustness is defined as the ability to detect the watermark despite
various geometric and signal processing transformations. It is an essential
property when watermarking is used for the protection of copyrights and owner
identification. However, not all applications require robustness against all possible
attacks. Certain applications pertaining to integrity checking must not be robust
against malicious distortions, but should survive non-malicious distortions like
compression and transmission noise. Fragile watermarks must be sensitive to even
a slightest distortion.
2.2.3. Embedding Capacity
Embedding capacity or the data payload of a watermarking scheme refers to the
number of bits that can be embedded into the host image without significant loss
of robustness and visual imperceptibility. Different applications require varying
amounts of data to be embedded. For example, a copy control application may
require just 4-8 bits of watermark to be embedded while image authentication
applications specific to medical imaging needs high capacity embedding up to
thousands of bits. A typical application may require to embed between 60 and 100
bits so as to uniquely associate images with buyers and sellers [27].
18
2.2.5. Detector Performance
An effective watermarking system requires a detector that provides reliable results
under all circumstances. Ideally, a reliable detector must be able to detect the
watermark from watermarked media despite the severity or the number of
intentional or un-intentional attacks and should report failure if it does not contain
one. However, this might not take place in practice resulting in two kinds of error
probabilities. These are false positive and false negative rates. A false positive rate
is the probability of detecting the watermark from an image that actually does not
contain one while the false negative rate is defined as the probability of not
detecting the watermark from an image that actually contains one. A digital
watermarking system must have an infinitesimal false positive rate and false
negative rate [3]. High false positive can cause serious trouble for a copy control
application as it might lead to a false accusation of theft in case of transaction
tracking system and on the other hand, a false negative may deprive an
authenticated owner of his intellectual rights. Similarly, in case of fragile
watermarking, if a detector fails to report the malicious changes made to the
multimedia contents presented as evidence in the court of law, it may lead to
inappropriate judgments resulting in the acquittal of criminals or punishing the
innocent.
2.2.6. Watermark Security
Watermark security is desirable for resisting intentional attacks such as
unauthorised embedding for forgery, watermark detection or watermark removal
by an unauthenticated person. It requires that the locations where the watermark is
embedded and the amount of information embedded should be secret and must not
be detectable by any unauthorised person who does not have the secret key.
Security can be implemented by ensuring visual imperceptibility, use of keys and
further encrypting the watermark before embedding. So far security was
considered more of a concern in steganography than in watermarking, but there
are applications like broadcast monitoring that may require high levels of security.
In general, the required level of security depends on the type of application for
which an image watermarking system is being designed.
19
2.2.7. Uniqueness
Uniqueness allow multiple watermarks to coexist and survive in the watermarked
image. It is desirable in certain applications where content distribution may
include a number of intermediaries before reaching the end-user or there are
multiple distributors. This property not only ensures the identification of the
distributors, but also enhances the security of watermark against the forgery
attack.
2.2.8. Computational Cost
For the commercial viability of a watermarking system, the insertion and detection
of watermark must be cost-effective in terms of speed and hardware required for
its implementation. Some watermarking applications like broadcast monitoring
need to perform in an almost real-time environment, while a detector for the proof
of ownership may take several days to find the watermark. Another issue
determining the computational cost requirement is whether the embedding or the
detection processes are to be implemented using special hardware, software
applications or plug-in.
2.2.9. Scalability
Another desirable property of a watermarking system is its scalability with each
generation of computers. As the technology is advancing with a tremendous pace,
the present generation detector might be computationally inexpensive and portable
but might not be as reliable as next generation detectors that are capable of
handling more severe forms of attacks.
2.3. Taxonomy of a Watermarking System
We classify an image watermarking system depending on the specific
requirements of the application and the properties of watermark embedding and
detection processes. Three significant properties identified with the watermark
embedding process are imperceptibility, domain for embedding and capacity
while other significant properties like robustness and blind vs. non-blind detection
are associated with specific application area and nature of the detection process. A
20
generalised classification tree for the watermarking system is as shown in Fig. 2.2.
Our research deals with the specific type of a watermarking system characterised
by the shaded parts of the tree.
Fig. 2.2. Taxonomy of an image watermarking system.
2.3.1. Robust, Fragile and Semi-Fragile Watermarking
Depending on specific application requirements, an image watermarking system
can be categorised as either robust or fragile. Robust watermarking is used for
applications in which watermark is embedded for the purpose of owner
identification, proof of ownership and copyright protection. A robust watermark
must be able to survive various attacks such as filtering, additive noise, lossy
compression and geometric distortions (rotation, scaling, translation, etc.). On the
other hand, some applications like authentication or integrity verification
applications require a watermark to survive only if the watermarked images are
intact and any image processing operation should cause the watermark to be lost.
Such watermarking systems use fragile watermarks. A fragile watermarking
Classification of Image watermarking
Embedding
process
Detection
process
Embedding
domain
Perceptibility
Capacity
Spatial
Invariant
Transform
Visible Invisible Zero bit (Non-
informative)
Multi bit (Informative)
Blind Informed
Application
specific
Robust
Semi
Fragile
Fragile
21
system must report a failure even at the slightest tampering. However, not all
applications can be categorised strictly as robust or fragile. This leads to the field
of semi-fragile watermarking, which survives minor transformations such as lossy
compression, but is invalidated by major changes.
2.3.2. Invisible and Visible Watermarking
An image watermarking scheme that tries to embed the watermark in such a way
that it does not alter the human perception of the cover media and can be detected
only by using appropriate signal processing techniques is called invisible or
imperceptible watermarking. Invisible watermarking generally takes advantage of
the limitation of human perception [8]. However, some applications may require
the authenticated owner logo or information to be displayed on the host image
without obscuring its contents. Such a watermarking system falls into the category
of visible watermarking.
2.3.3. Spatial, Transform and Invariant Domain Watermarking
An image watermarking scheme can be also categorised on the basis of the
domain used for embedding the watermark as follows.
i. Spatial Domain: The watermark signal can be embedded into the host
image by directly modifying the intensity of pixels. Some initial work in
the field of digital watermarking is found in the spatial domain [28-37].
Later, it was observed that spatial domain methods are less resilient to
common signal processing transformations and are not suitable for robust
watermarking [38]. However, due to the simplicity of approach spatial
domain techniques are still proposed for some watermarking applications.
ii. Transform Domain: The watermark signal in the transform domain is
embedded by modifying the transform coefficients of an image and inverse
transform is applied to obtain the watermarked image. Various transforms
such as discrete Fourier transform (DFT) [39-41], Fourier-Mellin
transform (FMT) [42-43], discrete cosines transform (DCT) [44-48],
Contourlet Transform [49], discrete wavelets transform (DWT) [50-51],
fractal transform [52], Bandelet transform [53] and more recently random
22
fraction Fourier transform (RFrFT) [54] have been used for digital
watermarking. The performance of transform domain watermarking
methods generally depends on the features of the particular transform used
for embedding.
iii. Invariant Domain: Invariant domain is preferred for embedding the
watermark signal as it provides greater robustness to geometric attacks.
Moment invariants for robust watermarking were initially proposed by
Alghoniemy and Tewfik [56-57], using two of the seven well-known
geometric moment invariants given by Hu [58] to embed a non-
informative watermark. Since then, many invariant moment and
transforms such as polar harmonic transform (PHTs) [55], complex
moments (CMs) [59], Gaussian-Hermite moments (GHMs) [60],
Krawchouk moments (KMs) [61-63], Legendre moments (LMs) [64],
Tchebichef moments (TMs) [49, 65-66], volume moments (VMs) [67],
wavelet moments (WMs) [68] and Zernike and pseudo-Zernike moments
(ZMs/PZMs) [69-82] have been investigated for digital watermarking.
These schemes are essentially based on invariance properties of image
features and are generally referred to as invariant watermarking
techniques.
2.3.4. Informative and non-Informative Watermarking
In an informative watermarking, the watermark contains some significant
information about the owner, recipient or the contents of the image. Thus, the
embedding process needs to embed multi-bit data into the host image that can be
extracted later to prove the authentication of watermark. A watermarking system
is said to be non-informative or zero-bit watermarking system if there is only one
possible watermark and the detector determines whether or not that the watermark
is present. An informative watermarking may offer low or high capacity
embedding. Most of the watermarking systems need to embed only an
identification code and thus require low embedding capacity. High capacity
watermarking systems are typically desirable for applications related to secure
media distribution [83], thumbnail embedding for authentication, auxiliary data
embedding [84] and medical image watermarking [85].
23
2.3.5. Blind and Informed Watermarking
An image watermarking system may be designed to have either a blind or
informed detector. A blind detector is capable of detecting the watermark without
requiring an access to the original image or watermark embedded. A
watermarking system using blind detector is also known as a public watermarking
system. An informed detector requires access to some information about the host
or watermark signal for the extraction and leads to a private watermarking system.
In general, designing a blind detector is more challenging compared to the
informed detector due to lack of any priori information about the host or
watermark signal.
2.4. Watermark Attacks and Threats
A watermarked image is likely to be subjected to attacks and threats during
transmission or transportation between the client and the copyright authority that
can either remove the watermark or render it unusable for owner identification.
Various types of attacks and threats have been reported in literature and many
more are appearing. We distinguish between the terms “attack” and “threat” on
the basis of severity of criminal nature involved. An attack is the “distortion” to
the signal due to various image processing operations and watermark robustness is
the ability to withstand these attacks. On the other hand, a threat is the “malicious
manipulation” that exploits the technical knowhow of the watermarking system
and concerns the watermark security issues. A robust watermark may not be
secure enough to survive the malicious manipulations and similarly, a secure
watermark may be sensitive to attacks. The research activities on counterfeiting
threats involve issues related to watermark security including watermark
estimation, watermark removal or modification while the major motivation behind
robust watermarking is to ensure the survival of watermark under various image
processing attacks.
The broad classification scheme for watermark attacks and threats is
presented in Fig. 2.3. In general, we classify the attacks into two categories,
namely, un-intentional attacks and intentional attacks. Unintentional attacks
typically include inherent degradations that occur during compression,
24
transmission noise or conversion while intentional attacks include the direct
manipulation of watermarked image with a specific purpose of removing the
watermark or preventing its correct detection. Intentional attacks are further
grouped into two categories called common image processing and malicious
attacks. Common image processing attacks attempt to impair the embedded
watermark by the manipulation of the entire watermarked image without any
attempt to identify or isolate the watermark. Some common image processing
techniques include geometric transformations, image degradation or enhancement.
Malicious attacks or threats are the manipulations for the purpose of forgery or
watermark removal and are discussed here only for the sake of completeness.
Fig. 2.3. Classification of watermarking attacks.
Attacks and Threats
Intentional
Forgery Image
Enhancement
Removal
Mosaic
SWICO TWICO
Other geometric distortions
Patching Statistical averaging
Collusion attack
Image Degradation
Malicious
Unintentional
Compression Conversion
Geometric transformations
Rotation
Scaling Translation
Noise
Transmission Noise
Flipping
Common Image Processing
Spatial filtering
Cropping
Other manipulations
25
2.4.1. Unintentional Attacks
A watermarked image may undergo changes during some innocent image
processing operations. These may be unintentional distortions due to the inherent
nature of the transmission media, compression or conversions described as
follows.
i. Compression: Image compression is done to reduce the storage space and
save the cost of transmission. The compression can be achieved using
lossless or lossy techniques. Lossless image compression techniques
provide a lower compression ratio but watermark information is recovered
with an inverse operation. Lossy compression techniques like JPEG are
widely used for images because they provide high compression ratio and
are supported by all web browsers. These techniques, however, reduce the
colour levels and the bandwidth and make irreversible changes causing
removal of the watermark.
ii. Transmission Noise: Transmission noise refers to the analog interference
added by the communication channel. This can weaken the strength of
signal, resulting in loss of information and inability to detect the
watermark. These interferences are generally modeled as additive white
Gaussian noise (AWGN) and can be suppressed by de-noising techniques
at the receiver side. However, the techniques used to reduce the noise also
tend to remove the useful information embedded in the host, resulting in a
new kind of attack on robust watermarking.
iii. Conversion: A digitally stored image can be printed on analog media and
then scanned back into the computer. An analog to digital conversion
followed by vice-versa degrades the quality of the watermarked image and
renders it useless for watermark detection.
Another common source of conversion attacks is colour reduction.
After applying the colour reduction, lesser number of bits are used to
identify the colours. This causes reduction in colour levels and steps
between colours become more noticeable, resulting in enhanced
appearance or disappearance of the watermark depending on its
robustness.
26
2.4.2. Image Degradation Attacks
An image can be degraded by removing or replacing its parts in order to break the
watermark. Some common examples of image degradation attacks are:
i. Noise: Adding Gaussian noise, either in the random or uniform fashion, is
simple and supported by many image processing software. The amount of
noise is controlled by its mean and variance. The watermark detector may
not be able to detect the watermark in the presence of additive noise.
ii. Cropping: Cropping refers to the removal of horizontal and/or vertical
array of pixels from the watermarked image. The number and the locations
of rows and columns removed may be arbitrary. However, only a marginal
number is sufficient to destroy the synchronisation of watermark
embedded resulting in failure to detect the watermark.
iii. Patching: Patching is another kind of attack in which a rectangular area of
watermarked image is replaced with a perceptually similar patch. Both
cropping and patching are highly effective if the watermark is not present
in the whole image or when the whole image is required for watermark
detection.
2.4.3. Geometric Transformations
Geometric transformations destroy the synchronisation of the watermark.
Rotation, scaling and translation (collectively known as RST) are three basic
forms of geometric transformations that can be applied to invalidate the claims of
ownership due to the failure of detection process. A geometric transformation can
either be applied globally (on the entire image) or locally (on some selected
regions of the image) resulting in two different kind of challenges for robust
watermarking. In the worst case, an image may be attacked with both local and
global transformation. Following is the brief description of common geometric
transformations.
i. Rotation: A rotation realigns the horizontal or vertical features of the
image. Rotating an image by a small angle does not make any significant
27
difference in the perceptual quality of a watermarked image, but can make
the watermark un-detectable.
ii. Scaling: Scaling refers to changing the dimensions of the image. It can be
further divided into two groups, uniform and non-uniform scaling. Under
uniform scaling, same scaling factor is used along each direction without
changing the aspect ratio. Non-uniform scaling uses different factors along
horizontal and vertical directions, causing change in the aspect ratio. Most
of the watermarking schemes are found resilient only to uniform scaling.
iii. Translation: It refers to the horizontal, vertical or diagonal shift of pixels
in a circular fashion so that there is no perceptual or statistical loss to the
contents of the image. Translation may occur implicitly due to some
attacks such as after print and scan attack or can be applied explicitly to
destroy watermark synchronisation.
iv. Flipping: An image can be flipped horizontally or vertically depending on
the symmetry. Flipping does not cause any statistical loss to the image
contents. Although resilience to flipping is usually simple to implement,
not all watermarking schemes survive it.
v. Other Geometric Distortions: Some severe forms of geometric
distortions can be applied by combining two or more basic geometric
transformations. For example, shearing or titling a popular geometric
attack which is a combination of translation and scaling. Other examples
of geometric distortions are pixel permutations, sub sampling, re-sampling,
removal or insertion of either pixels or pixel cluster.
It may also be noted here that if a watermarked image is known to have
undergone a basic geometric transformation, then applying an inverse geometric
transformation generally does not produce the un-attacked version. In fact,
applying inverse transformations also add distortions due to pixel re-sampling and
interpolation processes. It can be easily observed that a rotation by an angle of
in the clockwise direction followed by another rotation in counter-clockwise
direction by the same angle will not produce the original image. Similar results
can be observed for scaling and other geometric transformations except for
flipping because it has an exact geometric inverse.
28
2.4.4. Image Enhancement Attacks
Most of the image enhancement techniques applied through convolution
operations destroy the synchronisation of watermark embedded and result failures
during detection. Some of the commonly used image enhancement techniques are:
i. Spatial Filtering: A spatial filter creates a new image by taking linear or
non-linear combination of surrounding pixels. There are various types of
linear and non-linear filters and each filter is capable of producing
different manipulated version of the watermarked image. For example, an
edge enhancement filter typically amplifies the luminance of an image and
subtracts shifted versions of the surrounding, resulting in redundancy
cancellation and exaggeration in the randomness of the embedded
watermark [86]. On the other hand, smoothing and low pass filters often
decrease the luminance of image and thus reduce the reliability of a
correlation-based watermark detection scheme.
ii. Other Image Enhancement Operations: Some other examples of image
enhancement operations in which an image may undergo mathematical
transformations include histogram equalisation, pixel quantization,
sharpening, Gamma correction and jitter attack.
2.4.5. Forgery or Ambiguity Attacks
These are the attacks that attempt to confuse the detection process by producing
fake original data or fake watermarked data. This can be done by ghost searching
where an attacker tries to find a ghost watermark and claims it as his own
watermark or attempting to discredit the watermark authority by embedding one
or more additional watermarks such that it is unclear which among them is the
authoritative watermark. A number of methods are discussed by Craver et al. [86]
in which watermarks that are used to identify the owner might be thwarted by
embedding conflicting watermarks. Forgery attacks are also known by several
other names in the literature such as deadlock attacks, inversion attack, counterfeit
attacks, fake-watermark attacks or fake-original attacks. Some of the popular
forgery attacks are:
29
i. SWICO (Single watermarked image counterfeit original) attack: It is a
kind of forgery attack in which an attacker does not remove the originator
watermark, but embeds his own fake watermark to confuse the detector
[86]. SWICO attack can be shown as in Fig. 2.4. The only criteria while
choosing the fake watermark is that insertion of fake watermark into the
fake original must produce the original watermarked image. Thus, SWICO
attack requires ghost searching.
Fig. 2.4. SWICO attack: The attacker computes an image wI and fake
watermark w , such that embedding w in wI yields wI .
ii. TWICO (Twin watermarked images counterfeit original) attack: As
illustrated in Fig. 2.5 in a TWICO attack, the attacker can compute any
watermark and its corresponding fake original image even if the
embedding process yields fake watermarked different from the original
watermarked. The forgery attack is still successful. Both SWICO and
TWICO are sometimes referred to as jamming and saturation attacks or
IBM attacks [87] that do not try to alter the original watermark but embed
fake watermarks to counterfeit the originals.
Attacker
embedding
process
Fake
original
)( wI
Original
watermark
)(w
Fake
watermark
)(w
Watermarked
image
)( wI
Sender
embedding
process
Original
image
)(I
30
Fig. 2.5. TWICO attack: The attacker computes an image wI and fake
watermark w , such that w is present in wI even if wI and wI
are different.
iii. Mosaic Attack: In order to confuse the web crawlers that check the
downloaded contents for a client’s watermark, a mosaic attacker first
chops an image into number of smaller sub-images and then embed them
one after the other in a web page. A web browser renders juxtaposed sub
images stuck together as a single image, so the result is identical to the
original image, but the detector fails to detect the presence of watermark
due to small size of each sub-image [38]. Mosiac attack can be considered
as an extreme case of cropping in which a detection ambiguity is generated
through image segmentation.
2.4.6. Removal Attacks
These are the attacks that analyse the watermarked data, estimate the watermark
or the host data in an attempt to split the watermarked data into host data and the
watermark. These attacks pose serious threats to the intellectual rights. Two
extensively reported removal attacks in the literature are:
i. Statistical Averaging Attack: De facto a creator or copyright owner
always embeds unique watermark in his entire work. Thus, if an attacker
has access to several watermarked images from the same origin, he may
try to estimate the watermark and subtract it from the watermarked image.
Attacker
embedding
process
Fake
original
)( wI
Original
watermark
)(w
Fake
watermark
)(w
Watermarked
Image
)( wI
Sender
embedding
process
Original
image
)(I Watermarked
version
of fake
original
)( wI
31
In fact, the attacker tries to estimate a generic watermark ),( wIfw w not
depending significantly on wI . Such an attack is particularly dangerous as
once estimated, w can be used to remove a watermark from any arbitrarily
image from the same origin without any further effort for each new image
to be cleaned [88].
ii. Collusion Attack: Contrary to averaging attack, the attacker in the
collusion attack has access to several versions of the image nwww III ,,,
21
each with a different watermark but each perceptually equivalent to say an
image 0I . By analysing these versions and suitable reverse engineering
methods, an attacker can learn about regions of image that are equivalent
to un-watermarked version 0I . The attack is called collusion attack as
several watermarked images need to be collided to construct the
corresponding un-watermarked version. The only challenge during
collusion attack is the unavailability of information required to detect the
presence of watermark that gives rise to the uncertainty in the success of
collusion attack [88].
It may be noted that the transitions between the groups is sometimes fuzzy.
For example, choosing high compression ratio may be a deliberate attempt to
destroy the watermark. Thus, a lossy compression can be either intentional or un-
intentional attack. Similarly, de-noising and certain non-linear filter operations
can act as removal attacks [89]. However, in an attempt to arrange in the
ascending order of technical knowhow required and gravity of the threat posed to
a watermarking system, various attacks can be tentatively ordered as un-
intentional attacks, image degradation attacks, image enhancement attacks,
geometric attacks, forgery attack and removal attacks.
It is also worth mentioning here that our classification includes attacks
specifically to image watermarking and may not incorporate all possible attacks
related to other digital media watermarking. For example, many DVD players and
gaming devices such as Sony Play Station 2 (PS/2) and Play Station Portables
(PSPs) nowadays use digital watermarking to prevent piracy and copy control.
These devices come with built-in watermark detection software. However, there
32
exist attacks in the form of hardware and software cracks that tamper with the
output of the watermark detector in such a way that copy control mechanism sees
‘no copy watermark’ and allow the device to play the pirated contents.
Surprisingly, many of such soft cracks are available on the Internet and can be
easily downloaded and installed for playing pirated games.
2.5. Evaluating an Image Watermarking System
Fair evaluation of any method or system implementation is essential for its
success and accreditation. There exist many standard quantitative measures and
metrics that can be used to evaluate the performance of a digital watermarking
system and compare it with other schemes. In this section, we present a brief
survey of various standard quantitative metrics found in the literature and those
used in this thesis to measure four key properties of a watermarking system,
namely – visual imperceptibility, robustness, capacity and computational cost.
2.5.1. Visual Quality Metrics
Visual quality metrics are used to quantitatively measure the visual
imperceptibility of the watermarked images. The simplest way to access the
quality of a watermarked image is to apply a human-based subjective evaluation
method on a large number of images. However, due to huge effort, time and
subjective judgments involved, an automated quantitative measurement of
imperceptibility is preferred. Visual quality of the watermarked images can also
be measured using quantitative metrics. These quantitative measures are based on
difference distortion measures [90] or similarity based measures [91]. The
similarity based measures such as Structured SIMilarity (SSIM) and Feature
SIMilarity (FSIM) directly evaluate the structural changes between two complex-
structured signals and do not attempt to predict image quality by accumulating the
errors due to noise added to an image [91]. Therefore, difference distortion
measures such as such as mean square reconstruction error (MSRE) and peak-
signal-to-noise ratio (PSNR) are widely used for evaluating the quality of
watermarked images. These measures are also more appealing because they are
simple to calculate, have clear physical meanings, and mathematically convenient
in the context of optimization.
33
i. Mean Square Reconstruction Error (MSRE): The quality of a
reconstructed or watermarked image can be measured with a widely used
pixel-based difference distortion metric, known as mean square
reconstruction error (MSRE), represented by and defined as:
1
0
1
0
2
1
0
21
0
),(
),(ˆ),(
M
i
N
k
N
k
M
i
kif
kifkif
(2.1)
where ),( kif is the original image of size NM pixels with 8-bit
grayscale colour space, ),(ˆ kif is its reconstructed or distorted version. A
smaller value of MSRE is an indicative of higher quality of reconstructed
image while 0 is obtained when ),(ˆ kif is the true copy of ),( kif .
ii. Peak Signal-to-Noise Ratio (PSNR): Another generally deployed metric
for evaluating the imperceptibility of a watermarked image, ),(ˆ kif , with
respect to original input image, ),( kif , is peak signal-to-noise ratio given
by:
1
0
1
0
2
2
10
),(),(ˆlog10
M
i
N
k
MAX
kifkif
INMPSNR (2.2)
Here, MAXI is the maximum gray level of the image and for an 8-bit
grayscale 255MAXI . PSNR is measured in decibels (dB). While PSNR
value of dB44 is acceptable for most of image watermarking
applications, higher values are desirable for better imperceptibility.
Many researchers [25] are against the use of difference distortion metrics
and propose quality metrics based on perceptual phenomena of human visual
systems and multi-channel model of the human spatial vision. It is argued that
pixel-based metrics are not correlated with human vision model and thus result in
misleading quantitative distortion measures. Thus, a higher value of PSNR or
34
smaller MSRE is not always an indicative of better visual imperceptibility. We
find that the criticism is valid under some circumstances when the images are
distorted using different methods. However, for the comparison purposes, when
the source of distortion is similar, quantitative distortion measures are simple and
effective. This can be explained with the help of an example. For illustration we
choose the gray scale image Lena given in Fig. 2.6(a) as it is widely used by
researchers in the field of image processing. First, we marked the original image
with a visible character ‘C’ at the lower right corner of the image and then using
an invisible watermarking scheme given by Cox et al. [3] in the DCT domain with
two embedding strengths and . The output images are shown in
Fig. 2.6 (b), (c) and (d) respectively and the computed values of PSNR and MSRE
are shown below them. While comparing the marked image of (b) with (c) and
(d), we observe that Fig. 2.6(b) produces higher PSNR and lower MSRE because
visible but small distortion is added at the lower right corner of the image while
lower PSNR is achieved for image in Fig. 2.6(c) and (d) when the watermark is
embedded invisibly over the entire image in a spread spectrum fashion. Further, as
the higher embedding strengths produce more distortions, the behavior of
distortion measures is consistent and marking in Fig. 2.6(c) provides better quality
of images compared to that in Fig. 2.6(d). Furthermore, it is also argued that the
pixel-based metrics are applied directly to the luminance and chrominance of
images, so these metrics are unsuitable if two images are defined in different
colours spaces.
(a)
Original gray
scale image size
256256 pixels
(b)
Visible marking
000381.0
dBPSNR 77.39
(c)
Invisible marking
1.0001215.0
dBPSNR 73.34
(d)
Invisible marking
2.0002423.0
dBPSNR 72.31
Fig. 2.6. Examples of pixel-based imperceptibility measures.
35
We favour these metrics because of many reasons. First, our research
mainly focuses on the design and development of robust and fast watermarking
scheme in which the watermark will be embedded invisibly in the spread spectrum
fashion. Thus, it is ensured that the model and sources of distortion added will be
similar for all the algorithms under investigation. Second, all our test images are
8-bit gray-scale images and these metrics do not pose any problem if images are
defined in same colour space [25]. Finally, the absence of any other perfect metric
as well as the simplicity of the pixel-based metrics makes them an obvious choice
for evaluating the quality of watermarked images.
2.5.2. Watermark Robustness Metrics
The term robustness describes the watermark resistance to various attacks. The
evaluation method to measure robustness depends on the response of watermark
detector. There are three possible types of detector responses. First, hard decision
detector response that generates the binary output ‘true’, if the watermark is
present and ‘false’ otherwise. Second, soft decision detection that provides as
output the test statistic itself which is usually a real number related to detection
reliability such as correlation coefficient or similarity coefficient. The binary
decision can be reached by comparing the test statistic with certain threshold. The
robustness of hard and soft decision detectors can be measured using receiver
operating characteristic (ROC) graphs proposed by Kutter and Petitcolas [25].
Third, if the embedded watermark is in the form of a message, then the watermark
robustness can be evaluated directly using bit error rate )(BER which represents
the average number of bits extracted incorrectly [92]. Since our watermark
consists of pseudo-random sequence of bits, as discussed in Section 2.1, we use
BER to measure the watermark robustness under various attacks. However, a
brief overview of ROC graphs is presented for the sake of completeness of
discussion.
i. Bit Error Rate )(BER : It is defined as the ratio of number of bits extracted
inaccurately to total number of bits embedded. The robustness of the
watermarking system that embeds the binary watermark and whose
detector response is the bit sequence obtained after extraction, can be
36
measured quantitatively using BER . Many researchers [71,74] compute
BER as a function of image dimensions and inaccurately measure the
reliability of watermark extracted as follows.
NM
lyinaccurateextractedbitsofNumberBER
(2.3)
However, we find the above computation formula inaccurate as the
size of image in the denominator gives minuscule values to BER for large
image sizes. Typically, an image of 256256 pixels, which is quite
common in practical applications, will give 00153.0BER even if all the
100 bits are extracted inaccurately. Further, for evaluating watermark
robustness against scaling, it will be inappropriate to use Eq. (2.3) to
compute BER , as higher scaling factors and large image sizes will always
produce smaller values of BER . Thus, we compute BER irrespective of
the host image size as follows.
embeddedbitsofnumberTotal
lyinaccurateextractedbitsofNumberBER (2.4)
Using Eq. (2.4), the value of BER lies between 0 and 1 with
values of 25.0BER signifying that more than one-fourth of the bits
extracted are incorrect and presumably there is failure to extract the
watermark.
ii. ROC Graphs: A decision detector generates the binary response by
making a decision between the alternative hypothesis (the image is
watermarked) and the null hypothesis (the image is not watermarked).
Two common types of errors that can be produced by the detector are:
Type I error: It is also known as false positive and occurs when the
alternative hypothesis is accepted while the null hypothesis is correct.
Type II error: It is also known as false negative and occurs when the null
hypothesis is accepted while the alternative hypothesis is correct.
37
The robustness of a watermarking scheme can be computed
through ROC graphs by plotting the pairs of true positive fraction )(TPF
along y-axis and false positive fraction )(FPF along x-axis against the
varying threshold levels or decision criteria, where TPF and FPF are
computed as follows.
results test negative false of No.results test positive trueof No.
results test positive trueof No.
TPF
(2.5)
testsnegative trueof No.results test positive false of No.
results test positive false of No.
FPF (2.6)
The area under ROC curve measures the performance of the
detector. An optimal detector curve goes from the bottom left corner to
the top left corner and then towards the top right corner while that of the
random detector lies along the diagonals showing random selection of
both hypotheses with equal probability. The examples of optimal and
random ROC curves are shown in Fig. 2.7. To generate the ROC curve
depicting true behavior of detector, the set of test images should include
equal number of watermarked and non-watermarked images.
Fig. 2.7. Example ROC graph: Curves showing an optimal and random behavior
of a detector response against different thresholds.
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1
TPF
FPF
An optimal ROC curve
Random detection behaviour
38
2.5.3. Measuring Embedding Capacity
Embedding capacity refers to the maximum amount of information that can be
embedded. A major challenge while measuring the embedding capacity is the
quantification of “information”, which may be in the form of numeric values,
character strings, encrypted messages, logo images or simply a binary sequence.
For simplicity, it is assumed that all forms of information need to be converted to
binary form and storage size or number of bits can be used to quantify the size of
watermark signal. In general, the embedding capacity of watermarking system can
be measured either by using an absolute or a relative metric explained as follows.
i. Absolute Metrics: Absolute metrics measure capacity in terms of
maximum number of bits that can be embedded using a watermarking
scheme. For example, in case of spatial domain watermarking method that
uses each pixel position to embed a separate bit, the maximum embedding
capacity equals to the size of the host image. On the other hand, for a
transform domain watermarking scheme, the embedding capacity depends
on the number of magnitude independent transform coefficients that can
be used for embedding. Absolute metrics are not very reliable because
number of bits embedded is generally a function of host media size.
However, while analysing different watermarking schemes using same
host media sizes, absolute metrics are useful for a quick comparison.
ii. Relative Metrics: Lan and Tewfik [83] propose the use of hiding ratio or
the embedding ratio to measure the embedding capacity which is more
reliable. Hiding ratio is defined as the ratio between the embedding data
size and the original uncompressed host-media size. Another useful
relative measure of capacity is the compressed hiding ratio which is
defined as the ratio between the embedding data size and the compressed
host-media size. A high-capacity embedding must have hiding ratio above
0.5% and the compressed hiding ratio not less than 4%.
We use both absolute and relative measures for evaluating the embedding
capacity of the proposed watermarking scheme as well as comparing it with the
existing watermarking schemes.
39
2.5.4. Measuring Computational Cost
Computational cost mainly refers to the time complexity of the watermark
embedding and detection procedures. Theoretically, the computational cost should
be measured in terms of the exact number of operations required. But this method
is not an indicator of the actual time taken for the execution on a particular
configuration and can be misleading. Many times, fast methods provide better
speed by splitting a single complex operation into a number of simpler operations
to reduce execution time. Hence, an easier and better method to measure time
complexity is by recording CPU elapse time in a minimally configured hardware
and software suite. Further, the watermarking application should require small
hard disk space when installed as software.
2.6. Automated Benchmarking Tools
The performance evaluation of watermarking scheme must be carried out in a
consistent manner using sophisticated benchmarking methods in order to ensure
that the methods and algorithms proposed are strong and robust enough to
guarantee its success. Recently, many benchmarking tools have been proposed for
the performance evaluation of watermarking system which are freely available for
educational and research purposes.
Stirmark [93-95] is the first benchmarking software that was developed to
involve a variety of attacks including sharpening, GIF and JPEG compression,
scaling, cropping, shearing, rotation, column and line removal, flipping and the
‘Stirmark’ attack which is a combination of slight geometric and intensity
distortions. The software takes two inputs, a set of watermarked images and user
defined binary decision detector in the executable form and applies a number of
attacks (one at a time) in every watermarked image before calling the detection
routine. It provides a method for defining the number and parameters for attacks
through configuration files but does not support automatic execution of trials
involving different keys or messages. The software also lacks features like
evaluation of time complexity and graphical user interface. The responses of the
benchmark need to be compiled and analysed through separate data management
tools like Excel. Despite these limitations, Stirmark is widely used by researchers
40
because of its ability to act as an attack-machine, ease of use, support for
multimedia digital contents and endorsement for primitive evaluation of
performance statistics. We use Stirmark 4.0 which is available freely from its
official site http://www.petitcolas.net/fabien/watermarking/stirmark.
Some other available benchmarking platforms are Checkmark, Optimark,
Certimark, unsign, openwatermark and recently developed software watermark
evaluation testbed. Checkmark [96] can be considered as a successor of Stirmark.
Apart from regular Stirmark attacks, it incorporates new attacks like wavelet
compression (JPEG 2000), projective transformations, modeling of video
distortions, warping, copy attack, template removal attack, de-noising, nonlinear
line removal, collage attack, down/up sampling, dithering and thresholding and
also allows inclusion of user defined attacks. However, the basic operating
principles of Checkmark are very similar to those of Stirmark, therefore, it suffers
from inherit limitations such as no option for automatic execution of multiple
trials, no evaluation of the false alarm probability, failure to address watermark
detection and message decoding separately and no complexity evaluation.
Checkmark is available as Matlab open source.
Solachidis et al. [97] proposed a new benchmark Optimark that
incorporates the same attacks as Stirmark but with graphical user interface. In
addition to two standard inputs, Optimark requires an embedding executable to
support a range of keys and messages that can be used while testing. The tool also
allows cascades of attacks and can be used for both hard and soft decision
detectors. Raw results can be automatically processed to provide a number of
performance metrics and plots in HTML format including mean embedding and
detection time, ROC graphs, Bit Error Rate and payload for the watermarking
scheme that allows message encoding. The main drawbacks of Optimark are the
lack of expandability with respect to attacks and the use of simple perceptual
quality metric.
Certimark [98] is a benchmarking platform using a client-server, web-
based structure with open architecture that allows easy integration of new
functionalities. Its major characteristics are flexible interface to plug-in watermark
embedding and detection software, separate control file in the XML format for
41
describing the watermarking parameters, specific module for writing benchmark
report with tables and graphics to ease analysis and an additional “Result and
Certificate” module that compares the actual results with performance
specification criteria to generate a certificate of compliance.
Two other open-source web-based benchmarking systems are watermark
evaluations testbed (WET) [99] and OpenWatermark [100]. The WET consists
of three major components: the Front End, the Algorithm Modules and the Image
Database. The Front End is the end users' web-based interface into WET and
consists of a web server, database server and the GIMP-Perl server. It provides an
interface whereby a user can select images to be watermarked, embedding and
detection processes and attacks to be applied. The algorithms modules provide
tools that can be used standalone in specific test environments allowing users to
validate their tests locally before submitting them to a watermark benchmark site
and the image database provide nearly thousands of copyright free images using
MySQL as the database engine. OpenWatermark is based on Java technology and
provides platform independence. It is easily portable on any platform supporting
Java, RMI and JDBC. The OpenWatermark platform supports Windows and
Linux executables (written in C or C++), as well as Matlab and Python scripts.
In addition to the above mentioned evaluation tools, we also surveyed
some image watermarking software tools available as freeware. A brief
description of these tools is given in Appendix A.
2.7. Application Areas of Digital Watermarking
Digital watermarking can be used for a variety of applications. Following are
some of the broad application areas in which digital watermarking can be put into
practice.
2.7.1. Owner Identification and Copyrights Protection
One of the major application areas of digital watermarking is the protection of
copyrights through owner identification and assertion to settle the dispute
regarding proof of ownership and royalties. Robust watermarking is used to
42
embed the information about the original owner or creator of the digital contents
because it can survive common signal processing and intentional attacks to
remove the watermark. Although the legal status of the watermarking in the court
of law is yet to be established, the use of digital watermarking is more
advantageous than the use of visible tags or file header with copyright
information. A robust watermark cannot be removed without causing severe
degradation to the quality of watermarked digital contents. Further, no extra space
is required to store the watermark and the size of original digital content remains
the same. Hence, digital watermarking is considered more suitable for the digital
rights management.
2.7.2. Content Authentication, Integrity Verification and Tamper Detection
For the digital contents pertaining to artworks, legal documentation, medical
records, commercial transactions, identity proofs, photographs for court evidence,
it is extremely important to ensure that the contents originated from a specific
source are authentic. For such a purpose, a fragile watermark is embedded at the
source that can verify the integrity of the image and report a failure if the contents
are forged. However, in certain scenarios, the digital contents may have
undergone format conversion and/or compression (e.g. uncompressed AVI to
MP4) for compatibility or reduction in size for storage. In such cases, the
formatted contents must be authenticated by the watermarking system. A
watermark system that can distinguish between the unintentional signal processing
attacks and malicious attacks and authenticate the digital contents accordingly is
called a semi-fragile watermarking system and is an emerging field of research.
Further, digital watermarking can also be used to reveal the alterations
made in the digital contents. Content authentication and tamper detection are
closely related. If a media is detected to be tampered, this means that it is not
authenticated and unauthenticated contents are bound to be tampered. Tamper
detection techniques are based on the concepts of localisation to identify the key
regions where alterations have been made. This information can be used by media
forensics to find the motives behind tampering.
43
2.7.3. Transaction Tracking and Piracy Control
In order to prevent the unauthorised or illegal distribution of the copyright digital
contents, a watermarking application may embed unique label, known as digital
fingerprint, prior to the legal distribution of contents. At a later stage, if
unauthorised copies of the contents are found, then the origin of the piracy can be
determined by retrieving the fingerprint embedded in the image. Such activity of
transaction tracking is referred to as fingerprinting. A digital fingerprint is
distinguished from a digital watermark on the basis that the former contains
significant information about an authorised recipient while the latter about the
original creator or owner. One of the major challenges associated with
fingerprinting is the collusion attack in which a number of authorised recipients
collide and create an un-watermarked version of the digital contents from the
watermarked versions for illegal distribution. In order to solve this problem, many
collusion-resistant fingerprinting techniques have been designed and developed by
various researchers [101]. DiVX Corporation deployed a transaction tracking
system. Each DiVX-enabled DVD player embedded a unique watermark into the
video that it played. If the video is subsequently pirated and redistributed, the
DiVX Corporation could use the watermark to identify the exact player used and
thereby identify the source of the pirated work [13].
2.7.4. Copy Control
Watermarking can also be used for prevention of illegal copying of digital
contents. An informative watermark can be embedded indicating the number of
copies that are permitted. Such a watermarking system may require special
hardware/software that manipulates the watermark each time a copy is created and
prevent further copy operation once the limit is crossed.
Today many manufacturers use playback control technology to prevent
illegal copying of contents. For example, PlayStations and Portable Play Stations
(PSP) by Sony are the compliant devices that can check for watermarks in the
content being played. When the device sees never-copy watermark, it checks to
determine if it is playing a copy or original. If the contents are copied, the player
stops playing the game. One technical issue related to the use of watermarking for
44
copy control is the requirement that watermark must be detectable and modifiable
by everyone. This may result in weak watermark security.
2.7.5. Broadcast Monitoring
In a famous case associated with overbooking of air time by a broadcasting station
[102], advertisers were paying for thousands of commercials that were never
aired. In order to avoid such scams, watermarking can be used for active
monitoring to ensure that the commercials are broadcasted at the times and
locations of their agreements with broadcasters. Broadcast monitoring is used for
the prevention of illegal distribution of digital contents, determination of royalty
payments and ensuring advertisers that their commercials are being broadcast at
times and locations they have purchased. A digital content owner may watermark
his contents by embedding a unique watermark which is detected by an automated
monitoring system that monitors the broadcasts to keep track of when and where
the content appears. This will ensure that their contents are not illegally
distributed and help owners in determining royalty payments which is extremely
important for commercial advertisers as they actually pay for only the number of
times the advertisement was actually relayed.
Several companies provide watermarked-based broadcast monitoring
services. For example, Teletrax offers a service that is supported by on-video
watermarking technology from Philips. Some other examples of video monitoring
technologies are VEIL-II and MediaTrax.
2.7.6. Annotation and Privacy Control
Digital watermarking can also be used for embedding the annotations for
automatic information retrieval and electronic document indexing. An annotation
is a watermark that contains information about the digital contents in the form of
indices and keywords. For example, patient information or enrollment number can
be annotated on MRI scans or X-rays to avoid mixing of reports between two
patients. Both visible and invisible watermarking can be used for this purpose.
While the patient identity number can be embedded using visible watermarking,
the sensitive information such as name, age, gender etc. must be embedded
45
invisibly in order to maintain the privacy. Watermark robustness is required as
annotations must survive common signal processing attacks and geometric
distortions.
2.7.7. Persistent Item Identification
Digital watermarking can be used to embed an identifier in the digital contents to
prevent certain content alterations. This identifier can be linked with the database
containing further information about the digital contents such as usage control,
copyright information and host data enhancement features like access to free
services and products with the genuine purchase of the digital contents in such a
way that the enhancement features are disabled if the contents are distributed
illegally or the watermark is tampered. This will implicitly control the evils of
piracy and forgery in the digital multimedia environment.
2.7.8. Legacy System Enhancement
Sometimes a system needs an upgrade to improve the functionality, which may be
incompatible with the existing system. For example, during recent transition from
analog to digital television in many advanced nations like United States, Japan
and United Kingdom and even in the metropolitan cities of India, new digital
broadcasting equipment has to be deployed and the consumers must purchase
digital television receivers. Meanwhile, the legacy analog system must continue to
work until the transition is complete. Since it is a costly and time-consuming
process, it is essential that the new upgrade system must have backward
compatibility until analog television broadcast actually ceases to exist.
Digital watermarking can be used to enhance the functionality of legacy
system. One example is Tektronix’s digital watermark encoder [103] that can
synchronise the audio and video signals being processed separately by a television
system. During analog to digital transition, different delays are introduced in the
audio and video channels resulting in poor lip-synchronisation. The Tektronix
product embeds a highly compressed audio signal as a watermark within the video
signal. After digital processing, the real time audio signal is compared with the
embedded signal in order to adjust the time delays before broadcasting.
46
2.8. Conclusions
Digital watermarking is a vast field that involves watermark embedding in
multimedia contents and detection for many different purposes. This chapter
provides a general overview of the concepts, applications and challenges related to
digital watermarking, while desirable properties, classification methods,
evaluation tools and techniques are discussed specifically to image watermarking.
The chapter begins with the generic model of digital watermarking and
defines basic terminology to be used throughout the thesis. We also describe some
desirable properties of an efficient image watermarking. While some of the
properties like robustness, embedding capacity and decoder performance are
specific to applications for which a watermarking system is required, others like
imperceptibility, computational cost, security etc. are general properties desirable
by all watermarking systems. Further, depending on the properties required and
different application scenarios, we have classified an image watermarking system
into various categories.
The efficiency of a robust watermarking system lies in its capability to
resist attacks. We have presented a detailed survey on various possible attacks on
watermarked images. We differentiate among un-intentional attacks, common
signal processing attacks and threats due to malicious attacks. The design of
robust watermarking schemes mainly concerns un-intentional and common signal
processing attacks including image enhancement, image degradation and
geometric attacks while security against threats like forgery and watermark
removal require research on allied fields like encryption, security and copyright
infringement laws and enforcement.
Further, unless designs or system implementation are not evaluated
quantitatively and systematically using some standard automated benchmarks, the
claims about efficiency of the proposed system and its improvement over existing
techniques cannot be persuaded. Thus, we incorporated detailed discussion on the
evaluation of watermarking systems, technical issues involved and various
benchmarks available with their relative advantages and disadvantages. The
chapter concludes with lighter notes describing application areas of digital
47
watermarking in the real world scenarios. Wherever possible, we have tried to
quote practical examples throughout the chapter.
Some original works presented in this chapter include broader taxonomy
of watermarking types and classification of attacks as shown in Figs. 2.2 and 2.3.,
respectively. Our research is focused on the robust, imperceptible and informative
kind of watermarking using moment invariants with a blind detector. Further,
watermark security to deal with the threats or malicious attacks will remain out of
the scope of this research work. Other contributions are establishing significance
of pixel-based difference distortion measures to evaluate visual imperceptibility
and a novel attempt to define absolute and relative metrics for measuring
embedding capacity.
This chapter concludes the general discussion on digital watermarking.
Detecting the watermark in the presence of common geometric distortions and
their combinations is still a challenge in robust watermarking. Computational cost
is another crucial requirement and needs to be minimised for practical
implementations. Next chapters will focus on the state-of-art of robust
watermarking techniques and design and development of algorithms to enhance
the robustness and speed of watermarking.
48