2.
is embedded into the decrypted content yk , through an additive rule. Each dithered quantizer is used to quantize one of the L randomlyIn detail, driven by the session key sk, a set of M ·R values tij in the chosen projections, so the marked components are (rj − rj ) = w xrange [0, T −1] is generated, where 0 ≤ i ≤ M −1, 0 ≤ j ≤ R−1. [Q0 (rj ) − rj ] + θj , where j ∈ A. x xEach feature xi is encrypted by adding R entries of E, obtaining the The vector of watermarked features is then given by:encrypted feature ci : w x x x y = x+ (rj −rj )sj = x+ [Q0 (rj )−rj ]sj + θj sj . (6) R−1 j∈A j∈A j∈A ci = xi + E[tij ]. (2) j=0 In a forensic application, we can think that each k-th user can be identiﬁed by employing a different set of dithered quantizers, char-Joint decryption and watermarking is accomplished by reconstruct- acterized by a dithering vector θk = {θk,j }j∈A . According to thising with sk the same sequence of indices tij and by adding R entries approach, referring to equation (6), in yk it is possible to distinguishof Dk to each encrypted feature ci : between a term present in all the watermarked copies of the con- tent, the summation j∈A [Q0 (rj ) − rj ]sj and a term identifying x x R−1 R−1 the single k-th user, i.e. the summation j∈A θk,j sj . The detector yk,i = ci + Dk [tij ] = xi + Wk [tij ] = xi + wk,i . (3) will thus try to identify a dishonest client by looking at this uniquely j=0 j=0 distinguishing component.The result of this operation is the sequence of watermarked contentfeatures yk identifying the k-th user. 3.1. ST-DM client side embedding Let us now describe how we implement a ST-DM based secure2.1. Spread Transform Dither Modulation client side embedding. A distribution server, like in [4] generates an encryption look-up table E, whose entries are i.i.d. randomThe ST-DM algorithm belongs to the wider class of Quantization In- variables following a Gaussian distribution N (0, σE ); moreover,dex Modulation (QIM) watermarking [5]. According to the QIM ap- for each client, a personalized watermark LUT Wk is generated,proach, watermark embedding is achieved through the quantization according to N (0, σW ), and a decryption LUT Dk is computed byof the host feature vector x on the basis of a set of predeﬁned quan- combining componentwise E and Wk . In addition, let us supposetizers, where the particular quantizer depends on the to-be-hidden that the projection matrix S has been generated. The personalizedmessage. In the case of ST-DM, the correlation between the host LUTs and the matrix S are then transmitted once to each client overfeature vector x and a reference spreading signal s is computed as M a secure channel.rx =< x, s >= i=1 xi si ; this correlation is then quantized by The server encrypts a content x of size M by adding to it someapplying to it either a quantizer Q0 , or a quantizer Q1 , depending entries of E; however, differently from Eq. (2), here R entries areon the to-be-hidden bit, obtaining the quantized correlation rw . The added along each of the Md orthogonal directions sj . In addition,watermarked features are then: in L randomly chosen directions the common terms [Q0 (rj ) − rj ] x x y = x + (rw − rx )s (4) present in the embedding rule are introduced, so that at the server side the host features will be modiﬁed as in the following:To recover the embedded bit, a minimum distance decoder applied to Md R−1the correlation r of the watermarked and possibly attacked features ci = x i + E[tjh ]sji + x x [Q0 (rj ) − rj ]sji . (7)y with the vector s is adopted [6]. The ST-DM approach can be˜ j=1 h=0 j∈Aextended in such a way that the host features are projected not onlyalong one direction, but on a vector subspace, allowing to introduce Decryption and watermark embedding is driven by the sessionan additional degree of freedom in the design of the scheme. key sk needed to reconstruct the sequence of indices tjh and add Md · R entries of the decryption LUT Dk to each encrypted feature ci : yk,i = ci + Md R−1 h=0 Dk [tjh ]sji , then: 3. ST-DM SECURE EMBEDDING j=1 Md R−1Starting from an original vector composed by M features, a M ×Md x x yk,i = xi + [Q0 (rj ) − rj ]sji + Wk [tjh ]sji . (8)projection matrix S = (s1 , s2 ,. . . , sMd ) whose columns are orthog- j∈A j=1 h=0onal is generated. The host features are projected according to S,which, differently from the traditional ST-DM, needs to be known If we assume it is possible to set R−1 Wk [tjh ] = θk,j , the result ofto the clients; in order to add a level of secrecy, only L out of Md h=0 this operation is the sequence of watermarked features yk , using theprojections will be quantized to embed the watermark, where the L dithered quantizers shifted by the set θk = {θk,j }j∈A identifyingdirections are kept secret to the clients. Let us indicate by A the the k-th user. The joint decryption and watermarking process thenindexes corresponding to the L directions where the watermark will becomes:be introduced. To represent that only L out of Md projections arequantized we will resort to a M × L matrix SA denoting a partition yk,i = xi + x x [Q0 (rj ) − rj + θk,j ]sji + θk,j sji . (9)of S obtained by picking the columns whose indexes are in A. j∈A j ∈A / To embed the watermark, it is chosen to use not just two quan-tizers, but a set of L dithered quantizers, shifted each by a factor θj The ﬁnal effect of the joint decryption and watermarking, iswith respect to a reference quantizer Q0 () having a ﬁxed step size that a ST-DM watermark has been embedded in L directions, butΔ, so that, for j ∈ A in (Md − L) directions a spread spectrum like noise has been added. These noise terms can not be avoided, since the client is not allowed Qj (x) = Q0 (x) + θj . (5) to know the L out of Md directions, indicated by the set A. 98
3.
4. DETECTION M = l · m. If the number of 8 × 8 blocks inside an image is NB , the number of available chunks NC is given by: NC = m·NB . MIt is assumed that the input to the detector is a vector of possibly al- For each chunk the same projection matrix is adopted, but dif-tered watermarked features, denoted as y. Such a vector is projected ˜ ferent sets of dithering θj are considered. According to this, the k-thonto the L directions carrying the watermark, yielding a vector of L client is identiﬁed by a vector obtained as the concatenation of NCwatermarked projections: vectors θk of length L (one for each chunk), that is in detection the i 1 N vector Θk = (θk , ..., θk C ) having size L · NC = L m·NB will be ρ = SA y . ˜ ˜ (10) M used.Since the embedding rule makes it difﬁcult to deﬁne a likelihood The performance analysis is carried out by deﬁning the operat-ratio, the proposed detector relies on a suboptimal approach based on ing conditions in terms of Document to Watermark Ratio (DWR).a correlation statistic, followed by a maximum detector [7]. Namely, The DWR expresses the ratio between the power of the host featuresthe detector computes a vector of quantization errors as and that of the watermark: σx e = ρ − QΔ (ρ) ˜ ˜ (11) DWR = 20 log10 , (17) σWATand the detector statistics for the k-th client is deﬁned as: where σWAT is the standard deviation of the watermark components. T 2 While σx can be estimated on the original host features, σWAT can Tk (ρ) ˜ θk e − ||θk || /2. (12) be computed as follows:The decision is made according to the following test: 2 2 MD m Δ2 L m σWAT = σθ + (18) arg maxKU Tk (ρ) if ˜ maxKU Tk (ρ) ≥ γ ˜ M 64 12 M 64 D (ρ) = ˜ k=1 k=1 (13) ∅ if maxKU k=1 Tk (ρ) < γ. ˜ where MD 64 and M 64 represent the percentages of DCT coefﬁ- m L m M cients suffering the quantization error introduced by the embeddingThe output of the test is either the index k of the guilty client or the process, due to the shift addition process (involving all the MD di-special symbol k = ∅ meaning that no watermark has been found on rections) and to the quantization process (involving only L direc-the examined content. tions) respectively. The threshold γ has to be set so as to minimize the probability In order to force a given DWR value for a speciﬁc water-of detection errors. To do so, we formulate the problem as a binary marked image, we introduce a parameter α controlling the water-hypothesis testing where the hypotheses are: H0 , the content is not mark strength and we put it as a factor multiplying the watermarkwatermarked; Hk∗ , the content contains the watermark of the k∗ -th LUT; speciﬁcally, we will consider αE[tjh ] and αDk [tjh ] insteadclient. The detector makes an error every time it accuses a client and of E[tjh ] and Dk [tjh ] in equations (7) and (8), and consequentlyno watermark was present (false alarm) or it fails in detecting the wa- also the watermark LUT will result multiplied by α. Since thistermark of the k∗ -th client because it decides that no watermark is parameter is required in decryption, the server will need to send thepresent (missed detection) or it wrongly accuses an innocent client adopted α value to all the clients.(wrong accusation). The performance of the detector is then mea- The relationship between α and the DWR can be computed bysured by the probability of false alarm Pf , the probability of missed taking into account that to assure that the shift value θ remains insidedetection Pm , and the probability of wrong accusation Pw : the interval [−Δ/2, +Δ/2], and given that θ follows a Gaussian Pf =P r {D (ρ) = ∅; H0 } ˜ (14) distribution, the standard deviation σθ of the shifts θ has to be chosen in such a way that σθ = Δ/2 . Furthermore, since a shift value is 4 Pm =P r {D (ρ) = ∅; Hk∗ } ˜ (15) obtained by the addition of R entries of the LUT Wk , we have that 2 2 2 Pw =P r D (ρ) = k , k = k∗ ; Hk∗ . ˜ (16) σθ = Rα σW . By considering that Δ2 = 64σθ , equation (18) can thus be 2Hence, the probability of correct detection should be expressed as rewritten as:Pd = 1 − Pm − Pw . The above error probabilities will depend onthe threshold γ and on several other parameters of the system, and 2 Rα2 σW m 2 16L σWAT = MD + . (19)will allow to measure the performance of the proposed system. 64M 3 Finally, we achieve the watermark strength as a function of the linear 5. PERFORMANCE EVALUATION DWR value (DWRl ) as:To assess the performance of the proposed system, a practical imple-mentation of our scheme has been developed and compared with the 64M σx 2 α= 2 (20)implementation of the previous LUT-based secure Spread Spectrum RσW m[MD + 16L/3]DWRlwatermark embedding presented in [4]. The system embeds a watermark into a gray level image by mod- and therefore by imposing a given watermark distortion (i.e. a givenifying m out of 64 block DCT coefﬁcients. In particular, for each DWR), a proper value for α is achieved.8 × 8 block, the DCT coefﬁcients are reordered in the zig-zag scan, In order to compare the performances of the proposed ST-DMand the ones from the second until the (m+1)-th are selected. Since client-side watermarking system vs. the SS version, we implementedthe host features have variable size, whereas the spreading vector has the two systems considering the following values for the system pa-a ﬁxed size (i.e. M ), we divide the vector of available host features rameters: M = 32, L = 4, m = 4, MD = 32, R = 4, σE = 100,into chunks of length M : each chunk is composed by the DCT co- σW = 0.01, T = 216 , DW R = 36 dB. Parameters α, Δ and σθefﬁcients belonging to l blocks, so that the length of each chunk is have then been derived from the ﬁxed ones, while σx and NB are 99
4.
0 0 10 10 SS − lena SS − lena SS − mandrill SS − mandrill STDM − lena STDM − lena STDM − mandrill STDM − mandrill −1 −1 10 10 m Pm P −2 −2 10 10 −3 −3 10 10 −20 −19 −18 −17 −16 −15 −14 20 30 40 50 60 70 80 WNR JPEG qualityFig. 1. Comparison between SS and ST-DM client-side embedding: Fig. 2. Comparison between SS and ST-DM client-side embedding:missed detection probability (Pm ) for different values of WNR. missed detection probability (Pm ) for different JPEG qualities. 7. REFERENCESestimated from the under testing image (512 × 512 8-bit grey levelimages were considered). The Pf has been set to 10−3 . [1] M. Barni and F. Bartolini, Watermarking Systems Engineering: Here, the two systems are evaluated in presence presence of ad- Enabling Digital Assets Security and Other Applications, Mar-ditive white Gaussian noise (AWGN), and in presence of JPEG com- cel Dekker, 2004.pression. [2] R. J. Anderson and C. Manifavas, “Chameleon—a new kind of In the ﬁrst case, we computed the missed detection probability stream cipher,” in Proceedings of the 4th International Work-(Pm ) with respect to the Watermark to Noise Ratio (WNR), that ex- shop on Fast Software Encryption — FSE’97, London, UK,presses the ratio between the power of the watermark and that of the 1997, pp. 107–113, Springer-Verlag.noise: WNR = 20 log10 σWAT /σn where σn is the standard devi- [3] A. Adelsbach, U. Huber, and A.-R. Sadeghi, “Fingercasting—ation of the considered AWGN. The robustness of SS and ST-DM joint ﬁngerprinting and decryption of broadcast messages,” inclient-side systems to the AWGN attack is represented in Fig. 1: 11th Australasian Conference on Information Security and Pri-the results, concerning two stadard images, are in agreement with vacy. 2006, vol. 4058 of Lecture Notes in Computer Science, pp.the usual behavior of the corresponding non-client-side systems [8], 136–147, Springer.that is, ST-DM shows a better performance for higher WNR values.A similar behavior can be observed in the case of the second attack, [4] M. Celik, A. Lemma, S. Katzenbeisser, and M. van der Veen,i.e. JPEG compression, as shown in Fig. 2. We can conclude that in “Look-up table based secure client-side embedding for spread-both cases, ST-DM shows a vanishing probability of missed detec- spectrum watermarks,” IEEE Transactions on Informationtion at high WNR/JPEG quality and performs better than SS when Forensics and Security, vol. 3, no. 3, pp. 475–487, 2008.the degradation on the watermarked content is kept within an accept- [5] B. Chen and G. Wornell, “Quantization index modulation: aable range. class of provably good methods for digital watermarking and information embedding,” IEEE Trans. on Information Theory, vol. 47, no. 4, pp. 1423–1443, May 2001. [6] L. Perez-Freire, P. Comesana-Alfaro, and F. Perez-Gonzalez, 6. CONCLUSIONS “Detection in quantization-based watermarking: performance and security issues,” in Security, Steganography, and Water-In this paper we propose a new scheme following the client side marking of Multimedia Contents VII, Proc. SPIE Vol. 5681,watermark embedding approach for the data copyright protection in P. W. Wong and E. J. Delp, Eds., San Jose, CA, USA, Januarya large scale content distribution environment. In particular, starting 2005, pp. 721–733, SPIE.from the idea of the LUT based secure embedding, we modify such a [7] Z. Jane Wang, Min Wu, Hong Vicky Zhao, Wade Trappe, andscheme for designing it speciﬁcally for the Spread Transform Dither K. J. Ray Liu, “Anti-collusion forensics of multimedia ﬁnger-Modulation (ST-DM) belonging to the informed watermark embed- printing using orthogonal modulation,” IEEE Trans. on Imageding algorithms. This modiﬁcation is not straightforward; however, Processing, vol. 14, no. 6, pp. 804–821, June 2005.the experimental results conﬁrm that the superiority of ST-DM vs.SS watermarking exhibited in the classical embedding approach is [8] M. Barni, F. Bartolini, and A. De Rosa, “On the performancemaintained also in the client-side embedding one. We are currently of multiplicative spread spectrum watermarking,” in Proc.working on the theoretical analysis of the detector performance and IEEE Work. on Multimedia signal Processing, MMSP’02, Sanwe are also studying the performance of the system under the aver- Thomas, Virgin Islands, USA, December 2002.age collusion attack. 100
Views
Actions
Embeds 0
Report content