University of Siena. Multimedia Security. Watermark extraction. Mauro Barni University of Siena. M. Barni, University of Siena

Similar documents
ROTATION, TRANSLATION AND SCALING INVARIANT WATERMARKING USING A GENERALIZED RADON TRANSFORMATION

A Modified Moment-Based Image Watermarking Method Robust to Cropping Attack

Digital Transmission Methods S

Spread Spectrum Watermarking. Information Technologies for IPR Protection

Wavelet Packet Based Digital Image Watermarking

Fast and Automatic Watermark Resynchronization based on Zernike. Moments

Chapter 2 Signal Processing at Receivers: Detection Theory

2804 IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 56, NO. 6, JUNE 2010

INFORMATION PROCESSING ABILITY OF BINARY DETECTORS AND BLOCK DECODERS. Michael A. Lexa and Don H. Johnson

A Hypothesis Testing Approach for Achieving Semi-fragility in Multimedia Authentication

Quantization Index Modulation using the E 8 lattice

Watermark Detection after Quantization Attacks

NOISE can sometimes improve nonlinear signal processing

Witsenhausen s counterexample and its links with multimedia security problems

Abstract The aim of this paper is to improve the performance of spatial domain watermarking. To this end, a new perceptual mask

Information Theory and Hypothesis Testing

Digital Image Watermarking Algorithm Based on Wavelet Packet

Introduction to Detection Theory

Detection theory. H 0 : x[n] = w[n]

Lecture 5: Likelihood ratio tests, Neyman-Pearson detectors, ROC curves, and sufficient statistics. 1 Executive summary

Detection theory 101 ELEC-E5410 Signal Processing for Communications

2. What are the tradeoffs among different measures of error (e.g. probability of false alarm, probability of miss, etc.)?

1. INTRODUCTION. Yen-Chung Chiu. Wen-Hsiang Tsai.

SCALE INVARIANT AND ROTATION INVARIANT IMAGE WATERMARKING. Spandana Bodapati. Bachelor of Science. Jawaharlal Nehru Technological University

Watermark Extraction Optimization Using PSO Algorithm

Invariant Image Watermark Using Zernike Moments

Performance of small signal sets

Study of Wavelet Functions of Discrete Wavelet Transformation in Image Watermarking

BASICS OF DETECTION AND ESTIMATION THEORY

Signal Detection Basics - CFAR

An Information Theoretic View of Watermark Embedding Detection and Geometric Attacks

Detection and Estimation Theory

ISeCure. Nowadays, copyright infringement, unauthorized. The ISC Int'l Journal of Information Security

Detection Theory. Chapter 3. Statistical Decision Theory I. Isael Diaz Oct 26th 2010

392D: Coding for the AWGN Channel Wednesday, January 24, 2007 Stanford, Winter 2007 Handout #6. Problem Set 2 Solutions

Chapter 2. Binary and M-ary Hypothesis Testing 2.1 Introduction (Levy 2.1)

Information Theoretical Analysis of Digital Watermarking. Multimedia Security

DETECTION theory deals primarily with techniques for

Double Sided Watermark Embedding and Detection with Perceptual Analysis

On Sequential Watermark Detection

ECE531 Screencast 9.2: N-P Detection with an Infinite Number of Possible Observations

An Information-Theoretic Analysis of Dirty Paper Coding for Informed Audio Watermarking

MPSteg-color: a new steganographic technique for color images

Watermarking in the Space/Spatial-Frequency Domain Using Two-Dimensional Radon Wigner Distribution

Sequential Procedure for Testing Hypothesis about Mean of Latent Gaussian Process

IN MOST problems pertaining to hypothesis testing, one

Asymptotically Optimum Universal Watermark Embedding and Detection in the High SNR Regime

Dirty Paper Writing and Watermarking Applications

List Decoding: Geometrical Aspects and Performance Bounds

Linear and Nonlinear Oblivious Data Hiding

Lecture 7 September 24

Decentralized Detection In Wireless Sensor Networks

Capacity of Full Frame DCT Image Watermarks

Summary: SER formulation. Binary antipodal constellation. Generic binary constellation. Constellation gain. 2D constellations

Problem Set 2. MAS 622J/1.126J: Pattern Recognition and Analysis. Due: 5:00 p.m. on September 30

Quantization Based Watermarking Methods Against Valumetric Distortions

Communication Engineering Prof. Surendra Prasad Department of Electrical Engineering Indian Institute of Technology, Delhi

Robust Watermarking Procedure based on JPEG-DCT Image Compression

Digital Watermark Detection in Visual Multimedia Content

Noise Benefits in Quantizer-Array Correlation Detection and Watermark Decoding

Introduction to Statistical Inference

X 1 Q 3 Q 2 Y 1. quantizers. watermark decoder N S N

Lecture 12. Block Diagram

Detecting Parametric Signals in Noise Having Exactly Known Pdf/Pmf

Detection and Estimation Theory

STONY BROOK UNIVERSITY. CEAS Technical Report 829

بسم الله الرحمن الرحيم

A Simple Example Binary Hypothesis Testing Optimal Receiver Frontend M-ary Signal Sets Message Sequences. possible signals has been transmitted.

Adaptive Binary Integration CFAR Processing for Secondary Surveillance Radar *

STATISTICAL DETECTION OF INFORMATION HIDING BASED ON ADJACENT PIXELS DIFFERENCE

Rotation, scale and translation invariant digital image watermarking. O'RUANAIDH, Joséph John, PUN, Thierry. Abstract

ECE531 Lecture 6: Detection of Discrete-Time Signals with Random Parameters

Lecture 7 Introduction to Statistical Decision Theory

Image Dependent Log-likelihood Ratio Allocation for Repeat Accumulate Code based Decoding in Data Hiding Channels

Detection and Estimation Chapter 1. Hypothesis Testing

Detection of Anomalies in Texture Images using Multi-Resolution Features

Information Hiding and Covert Communication

Rational Dither Modulation: A High-Rate Data-Hiding Method Invariant to Gain Attacks

The Duality Between Information Embedding and Source Coding With Side Information and Some Applications

DATA-HIDING codes have been widely used for embedding

EE4304 C-term 2007: Lecture 17 Supplemental Slides

Finding the best mismatched detector for channel coding and hypothesis testing

UTA EE5362 PhD Diagnosis Exam (Spring 2011)

Research Article Effect of Different Places in Applying Laplacian Filter on the Recovery Algorithm in Spatial Domain Watermarking

LIKELIHOOD RECEIVER FOR FH-MFSK MOBILE RADIO*

Modifying Voice Activity Detection in Low SNR by correction factors

Matrix Embedding with Pseudorandom Coefficient Selection and Error Correction for Robust and Secure Steganography

Robust Multibit Decoding and Detection of Multiplicative Watermarks for Fingerprint Images

LECTURE NOTE #3 PROF. ALAN YUILLE

Digital Band-pass Modulation PROF. MICHAEL TSAI 2011/11/10

Practical Watermarking scheme based on Wide Spread Spectrum and Game Theory

This is a repository copy of The effect of quality scalable image compression on robust watermarking.

CFAR TARGET DETECTION IN TREE SCATTERING INTERFERENCE

Detection and Estimation Theory

Novel spectrum sensing schemes for Cognitive Radio Networks

New Traceability Codes against a Generalized Collusion Attack for Digital Fingerprinting

Research Article Reverse-Engineering a Watermark Detector Using an Oracle

Hypothesis testing (cont d)

The peculiarities of the model: - it is allowed to use by attacker only noisy version of SG C w (n), - CO can be known exactly for attacker.

Testing Statistical Hypotheses

Transcription:

Multimedia Security Mauro Barni University of Siena

: summary Optimum decoding/detection Additive SS watermarks Decoding/detection of QIM watermarks The dilemma of de-synchronization attacks Geometric attacks: the most dangerous attacks Possible remedies

Detection vs decoding Watermark detection Classical hypothesis testing problem Bayes optimum decision theory Neyman-Pearson criterion Watermark decoding Classical digital communication problem Optimum decoding Channel coding

Watermark detection

Statistical decision theory Observation variable: y = {y 1, y 2 y N } y = f or f w (plus noise) according to whether f contains the watermark or not Parameter: w = {w 1, w 2 w N } Two possible hypotheses H 0 : the system does not contain w H 1 : the system contains w Test of H 1 versus H 0 which is optimum with respect to a criterion Bayes Theory

Bayes decision theory Criterion: minimum Bayes risk Decision rule { 1, y S ( ) Φ( 1 H1 y )= 0, y ( H ) S 0 0 S 1, S 0 = acceptance and rejection regions for H 1 S 1 = {y : f (y H 1 ) / f (y H 0 ) > p 0 L 01 / p 1 L 10 }

Bayes decision theory S 1 = {y : f (y H 1 ) / f (y H 0 ) > p 0 L 01 / p 1 L 10 } ( y) = Likelihood ratio ( ) = f ( y H ) Y 1 ( ) = f * Y y w f ( Y y w = 0) y f Y y H 0 ( )

Bayes decision theory S 1 = {y : f (y H 1 ) / f (y H 0 ) > p 0 L 01 / p 1 L 10 } Decision threshold: λ = p p 0 1 L L 01 10 P 0 = P(w = 0), P 1 = P(w = w * ) " " L 01 = L[H 0,Φ(y) = 1], L 10 = L[H 1,Φ(y) = 0]" Letting λ = 1 minimizes the overall P e

Neyman-Pearson criterion Bayes decision theory requires that the a-priori probabilities of H 0 and H 1 are known This is rarely the case in practical applications Setting the cost of the two kinds of errors may be very difficult In most cases extremely asymmetric costs would be needed It is preferable to adopt a different optimization criterion

Neyman-Pearson criterion Neyman-Pearson criterion: minimize P MD subject to a fixed false alarm rate P FA P FA * The same test function is adopted (the likelihood ratio) but a different threshold is used P FA = P + λ 0 0 λ [ ( y) > H ] = f ( H ) d

The Add-SS, AWGN case In order to go on a particular embedding strategy has to be considered Additionally, a model to describe host features and attacks is needed We focus on the simplest case: the AWGN channel Additive SS watermarking Gaussian host features Additive Gaussian noise as attack

The Add-SS, AWGN case It is easy to show that in the AWGN case optimum detection corresponds to correlation detection n 1 ρ = n ρ > T ρ < T H ρ 1 yiwi i= 1 ρ H 2 The false and missed detection probabilities can be computed, and the detection threshold fixed, if the variance and mean of the host features is known f ( ρ 0/1) = ρ N( µ 2, σ ρ 0/1 ρ 0/1 )

The case of antipodal Add-SS (AWGN) P f f ( ρ) = ρ 2 N( µ, σ ) ρ Marked image ρ P m! µ ρ 0 =0 # " 2 σ ρ 0 = σ 2 2 x +σ # n $ n T ρ ρ! µ ρ 1 =γ # " σ 2 ρ 1 = σ 2 2 x +σ # n $ n

ROC curve 1,0E+00 1,0E-01 1,0E-02 1,0E-03 1,0E-04 1,0E-05 Pm 1,0E-06 1,0E-07 1,0E-08 1,0E-09 1,0E-10 1,0E-11 1,0E-12 1,0E-13 1,E-13 1,E-12 1,E-11 1,E-10 1,E-09 1,E-08 1,E-07 1,E-06 1,E-05 1,E-04 1,E-03 1,E-02 1,E-01 1,E+00 P m (P f ) = 1 # % 2 $ n SNR 2 P f & erfc 1 γ 2 (2P f )( SNR = ' σ 2 2 x +σ n

Practical considerations Practical implementation of the detector requires that the variance of non marked, possibly attacked, host features is known By assuming the watermark strength is very low (γ << 1), such variance can be estimated on the to-be-inspected image It can be shown that this is equivalent to using a detector based on the correlation coefficient, leading to triangular (hyper-conic) detection regions ρ n = y w y w

Watermark decoding

Add-SS, AWGN decoding In this, very simple, case we have z = y + n = x + αb + n i i i i i If the host features and attack noise are normally distributed, we have an AWGN channel and optimum decoding reduces to correlation decoding. The bit error rate is P e = 1 2 erfc 2 α r 2 2 2( σ + ) x σ n

QIM watermarks QIM is used mainly for multibit watermarking We consider the simplest case, i.e. DM watermarking In the absence of attacks decoding is straightforward and P e = 0 When attacks are present, optimum decoding (m.a.p.) goes through the calculation of f(h 0 y) and f(h 1 y) For equiprobable bits, optimum decoding reduces to maximum likelihood decoding, i.e. to verifying whether f(y H 0 ) is larger or smaller than f(y H 1 )

Decoding of DM watermarks Codebook Q0 In general codebook entries are not equiprobable leading to the situation depicted in the figures We have assumed that only an AWGN attack is present The upper plot represents f(y H 0 ), whereas the lower one corresponds to f(y H 1 ) Codebook Q1

Decoding of DM watermarks f(y 0) f(y 1) If the quantization step is sufficiently small we can assume that codebook entries are locally equiprobable, leading to the situation given in the figure (top) In this case, optimum decoding reduces to minimum distance decoding (bottom figure)

Decoding of DM watermarkss When bit repetition is used, r-dimensional decoding regions are obtained, making the computation of bit error rate more cumbersome Minimum distance decoding is often used for sake of simplicity

Detection of QIM watermarks No general theory is available The most common approach consists in Use a multibit (known) watermark Decode the hidden message Compare it against the known message Decide on the presence of the watermark according to the hamming distance The false alarm and missed detection probabilities are ruled by a binomial pdf and hence can be easily calculated once the bit error rate is known

Watermark desynchronization

Desynchronization attacks Robustness against DAs is a big challenge The watermark is not destroyed but the decoder (detector) is de-synchronized In most cases DAs are introduced because of geometric distortions geometric distortions do not introduce significant perceptual degradations (despite the PSNR) in most cases geometric distortions are nonmalevolent manipulations We focus on the case of still images

Geometric attacks The list of the most common global geometric attacks include: Shifting Scaling Cropping Rotation General affine transformation Local deformations are more difficult to cope with The most famous one is the RBA implemented in the Stirmark package

Geometric attacks Geometric manipulations are easily understood in the spatial domain What does happen in the frequency domain? shifting: phase change resizing: zero padding cropping: re-sampling rotation: inverse rotation

The random bending attack (RBA) A random displacement field is applied to the image resulting in local geometric distortion In order to limit the degradation a locally smooth field is applied Coupled with global warping the RBA is one of the most powerful attack against any watermarking scheme

RBA: an example Stirmark 1 Example 1 Original Stirmark 2 Example 2

Multiresolution RBA DF subsampled by 2 DF subsampled by 8

Multiresolution RBA DF subsampled by 32 DF subsampled by 64

Coping with (global) geometric attacks (1) Use of the original image in detection In this case robustness against geometric attacks is more easily achieved The original image can be used to register the attack image prior to watermark detection/decoding Random local distortions may still be difficult to cope with (efficient registration schemes are needed)

Coping with (global) geometric attacks (2) Exhaustive search A set of admissible geometric distortions is defined The watermark is looked for by considering all admissible geometric configurations Problems: Computational complexity P f increases Not applicable to multibit watermarking

Coping with (global) geometric attacks (2) The false detection (P f ) and the missed detection (P m ) probabilities are (Add-SS) P P ( ES ) m ( ES ) f = P ( S ) m (1 P = 1 (1 P ( S ) f ( S ) f ) ) n n 1 np P ( S ) m ( S ) f P f is increased by a factor n P (S) m = 1 " 2 erfc n(γ w T ρ ) 2 $ 2 # 2σ x P (S) f = 1 " 2 2 erfc nt % ρ $ 2 # 2σ x ' & % ' & Both terms go to zero exponentially fast with n

Coping with (global) geometric attacks (3) Use of synchronization patterns (most common) Two watermarks are embedded The second (auxiliary) watermark is used to resynchronize the detector/decoder Then the first watermark is looked for (decoded) Problems: Additional distortion Loss of security P m may increase significantly

Coping with (global) geometric attacks (3) The false detection (P f ) and missed detection (P m ) probabilities are given by (P se = probability of a synch. error) P P ( TM ) m ( TM ) f = (1 P = P ( S ) f ( S ) f ) P se + P ( S ) m (1 P For large values of n we have se ) P m P ( TM ) se P se + P ( S ) m n 1 ( union bound) erfc 2 nγ 4σ As n increases the term P se becomes predominant 2 s 2 x

Coping with (global) geometric attacks (4) Self-synchronizing watermarks Geometric properties of the watermark are exploited to recover synchronism Most typical case: spatial, 2D-periodic watermarks It improves the performance of the template matching approach Problems Loss of security

Coping with (global) geometric attacks (5) Exploitation of invariants The watermark is inserted in a domain that is invariant with respect to geometric manipulations Magnitude of DFT spectrum (shift invariance) Histogram (invariant to everything but cropping

Example of geometric invariance By embedding the watermark at a fixed position in the frequency spectrum, invariance to scaling is automatically achieved (M.Barni, F.Bartolini V.Cappellini and A.Piva, A DCT-domain system for robust image watermarking, Signal Processing) marked coefficients aliasing zero padding Marked spectrum Shrinked signal Expanded signal

Example of geometric invariance By always extending the image to the same size through zero padding (and by exploiting the translation invariance of the magnitude of DFT) the watermark can be recovered even in presence of moderate cropping. marked coefficients marked coefficients marked coefficients Marked spectrum Spectrum of cropped signal Spectrum of cropped and zero-padded signal

Example of geometric invariance magn. radius polar coordinates magn. DFT radius log sampling DFT Watermark embedding angle phase phase angle IDFT radius resampling cartesian coordinates IDFT magn. radius magn. J. O Ruanaidh et al., Rotation, scale and translation invariant digital image watermarking, ICIP 97, S.Barbara, 1997; C.Y.Lin et al. Rotation, scale and translation resilient watermarking for images, IEEE Trans. Image Proc., 10 (2001), no.5, pp.767-782. The watermark survives resizing only if aspect ratio is preserved As to cropping, spectrum resampling must be considered

Coping with (global) geometric attacks (6) Feature-based geometric normalization The watermark is always inserted in the same geometric configuration The reference geometric configuration is tied to the image content Problems Robustness ultimately depends on feature robustness and stability

Feature-based normalization Extract the edges from the image, then compute the central inertial axis and the central moments of edges

Feature-based normalization Deform the image so that central inertial axis and central moments of edges assume a reference value, then insert the watermark and go back to original geometry

Coping with (local) geometric attacks Why the other solutions do not work: original image: actually it works exhaustive search: no good model, exponential size of DA class geometric invariance: does such a domain exist? template matching: as for ES self-synchronizing watermarks: as for ES feature-based normalization: insertion and deletions Open problem: available solutions apply the previous techniques locally example: movies cam-corded in theaters

References I. J. Cox, M. Miller, J. Bloom, Digital watermarking, Morgan Kaufmann M. Barni, F. Bartolini, Watermarking Systems Engineering: Enabling Digital Assets Security and other Applications, Marcel Dekker, New York, 2004.

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback