Watermarking-Based Multimedia Authentication

Watermarking-based multimedia authentication solutions modify the original multimedia data to insert a watermark for later authentication. The authentic- ity verification is carried out by comparing the original watermark with the watermark extracted from the multimedia data to be authenticated. A water- mark could be a binary string, a logo, or the features of the multimedia content, and watermarking could be performed in either pixel domain or the transform domain, e.g., Discrete Cosine Transform (DCT), Discrete Wavelet Transform (DWT), or Discrete Founer Transform (DFT).

In watermarking-based multimedia authentication solutions, no additional data are required during storage or transmission. Therefore, this disadvantage of media signature-based authentication solutions has been overcome. How- ever, a new problem arises: this type of solution has no capability of source identification because a symmetric key is often employed in both watermark embedding and extraction [5]. According to the distortions caused by watermark- ing, watermarking-based authentication solutions can be classified into lossless authentication and lossy authentication. Lossy authentication can be further clas- sified into fragile authentication and semi-fragile authentication according to their robustness to acceptable manipulations.

Lossless Watermarking-Based Authentication

Lossless authentication is initially proposed for applications in which no distor- tion is allowed, e.g., military and medical applications. To achieve this objective, a hash digest or digital signature, which could detect even a one-bit change in the multimedia data, is employed as the authentication information. This authentica- tion information is inserted into the original multimedia data using a lossless data hiding technique so that the distortion caused by watermarking can be recovered at the receiving site. In lossless image authentication, usually one LSB (Least Significant Bit) [6, 7] or a specific number of LSBs [8] of the transform coef- ficients are losslessly compressed to make some space for the insertion of the

authentication information. The authentication information is extracted from the image before the LSB’s bitplane is decompressed.

Fridrich, Goljan, and Du further extended their image authentication solu- tions [6, 7] for authenticating MPEG-2 video by including a time stamp in the authentication information. To detect temporal and content attacks, two solutions, namely authentication by frame and authentication by groups of frames, are pro- posed in Du and Fridrich [9]. In the first solution, a watermark consisting of the frame index and hash digest of the non-zero DCT coefficients is embedded into the chrominance blocks of both intra- and non-intra-macroblocks in each frame; thus, it can detect both temporal attack and individual frame tampering. However, the distortion introduced by watermarking could become visible if the distance between two I-frames is too large. The second solution solves this prob- lem by embedding a watermark consisting of the hash digest of all non-zero DCT coefficients from a group of frames (user defined) and the group index into the chrominance blocks of the B-frame.

The above solutions are complete authentication methods, so the watermark has no robustness. Zou et al. proposed another type of lossless image authentication in which the watermark has some robustness to content-preserving manipulations, e.g., JPEG compression[10]. In their proposed scheme, authentication information is generated from the quantized DCT coefficients and inserted into the image using their proposed lossless data hiding algorithm, namely the “Circular Histogram” algorithm.

Fragile Watermarking-Based Authentication

Like lossless authentication, fragile authentication also authenticates multimedia in a fragile way (any modification of the multimedia data is not allowed). In fragile authentication, however, the original image does not need to be recovered after the image is determined as authentic. Therefore, the distortion caused by water- marking is allowed if this distortion is imperceptible. By allowing watermarking distortion, more authentication information can be inserted in fragile authenti- cation compared to lossless authentication. Thus, fragile authentication schemes can not only detect modifications on multimedia data, but also can locate such modifications.

Yeung and Mintzer [11] have proposed a scheme to authenticate individual pixels. In this scheme, a binary map of a watermark image is embedded into the source image to create a watermarked image. Every pixel in the source image is processed in turn as follows: for a selected pixel, apply a watermark extrac- tion function to get an extracted value; if the extracted value is not equal to the watermark value, the selected pixel is modified until the extracted value is equal to the designed watermark value; if they are equal, the amount of modification is calculated and then propagated to the pixels not yet processed using a modified

Section 5.1: INTRODUCTION 121

error diffusion procedure. This process is repeated until every pixel in the source image has been processed. Any alteration on the watermarked image induces an artifact on the extracted watermark, which can be visually and automatically identified.

Wong and Memon [12] proposed a public key-based fragile authentication scheme which can detect any modifications on an image and indicate the speci- fic locations that have been modified. In their scheme, a watermark is embedded into the LSB of each pixel of the image. This watermark contains the size of the image, an approximation of the image, and block information. If the correct key is specified in the watermark extraction, then an output image is returned showing a proper watermark. Any modifications would be reflected in a corresponding error in the watermark. If the key is incorrect, or if the watermarked image is cropped, an image that resembles random noise will be returned. Since this scheme requires a user key during both the watermark embedding and the extraction, it is not possible for an unauthorized user to insert a new watermark or alter the existing one.

Besides locating modifications on image, recovering the modified image is also important in image authentication. Fridrich and Goljan proposed a fragile image authentication scheme with self-correcting capabilities [13]. In this scheme, for each 8×8 DCT block, the first 11 DCT coefficients are first quantized and then binary encoded into a 64-bit string. This binary string is then encrypted and finally inserted into the LSB of each DCT coefficient. The authors claim that the quality of a reconstructed image from this binary string is roughly half as good as that of a JPEG compressed image.

Semi-fragile Watermarking-Based Authentication

Although fragile authentication can detect or even locate modifications of multi- media data, it cannot decide whether these modifications are acceptable manipu- lations or malicious attacks. Semi-fragile authentication is designed to be robust to incidental distortions while being sensitive to intentional distortions.

Since the transform domain has the property of frequency localization, it is easier to design a watermarking scheme that is robust to normal manipula- tions in the transform domain. Most semi-fragile authentication solutions achieve such robustness by inserting watermarks into low- or middle-frequency DCT coefficients. The only differences among them are how they either generate or embed a watermark. For example, Eggers and Girod [14] took a binary sequence as a watermark and then embedded the watermark into the second through eighth DCT coefficients, in zigzag order, of an 8 × 8 DCT block in an image using a dither quantization rule. Lin and Chang [15] inserted a water- mark using the invariant property in JPEG compression: if a DCT coefficient is modified to be an integral multiple of a quantization step that is larger than the steps used in later JPEG compressions, then this coefficient can be exactly

reconstructed after these compressions. Compared with the DCT domain, the DWT domain has the property of space localization besides frequency local- ization. Thus, watermarking solutions performed in the DWT domain could be more robust to geometric attacks [16]. In [16], Han, Chang, and Park proposed a semi-fragile watermarking-based image authentication in the DWT domain.

As a summarization of this section, we illustrate the relationship between requirements of multimedia authentication (e.g., integrity protection, source iden- tification, and robustness) and the main technologies employed in the multimedia authentication (e.g., digital signature, media signature, and watermarking) in Figure 5.7. Digital signature-based solutions perform well in integrity protection and source identification, but their robustness is fragile. Watermarking-based solu- tions can achieve integrity protection with high robustness; however, they cannot identify the source of the multimedia data. Media signature-based solutions strike a balance among these three requirements.

According to the types of multimedia, multimedia authentication could be clas- sified into data authentication, image authentication, video authentication, and audio authentication. Speech authentication is included in audio authentication, though there are some differences between them. Since data authentication has been thoroughly studied, we will focus on image, video, and audio authentication in the following sections.

Digital Signature Media Signature Source Identification Watermarking Robustness Integrity P rotection

FIGURE 5.7: Relationship between the requirements of the multimedia authentication and its main techniques.