Two-Layer Fragile Watermarking Method Secured with Chaotic Map for Authentication of Digital Holy Quran

This paper presents a novel watermarking method to facilitate the authentication and detection of the image forgery on the Quran images. Two layers of embedding scheme on wavelet and spatial domain are introduced to enhance the sensitivity of fragile watermarking and defend the attacks. Discrete wavelet transforms are applied to decompose the host image into wavelet prior to embedding the watermark in the wavelet domain. The watermarked wavelet coefficient is inverted back to spatial domain then the least significant bits is utilized to hide another watermark. A chaotic map is utilized to blur the watermark to make it secure against the local attack. The proposed method allows high watermark payloads, while preserving good image quality. Experiment results confirm that the proposed methods are fragile and have superior tampering detection even though the tampered area is very small.


Introduction and Background
Increasing usage and production of handheld devices and smart-phone have pushed Muslim community to create the Holy Quran in the digital form. Thus, authentication of digital Quran becomes an emerging issue because the current digital Quran that is mostly in mobile applications is unverified. Even though the digital Quran is verified by the Islamic authority, still there is a problem such as falsifying some parts of Quran's verses. In such case, the readers are unable to validate the verse, whether it is correct or fake, due to an accidental typo or an intentional act.
History tells that according to investigation in July, 2005, several secret scanned documents of World War II at the National Archives have been altered during or after the 2000s [1]. Hence, protecting a digital document such as the Holy Quran is important nowadays. In this regard, this study proposes a solution to protect the digital Quran and to localize the tamper region on the digital Quran images if present.
The proposed solution is inspired by the digital watermarking concept. Digital watermarking means that the digital data embedded with a predefined authentication code remains undetectable to human eye but effortlessly identified by the specified algorithm. The major focus is to shield the integrity, security, and fidelity of the digital content such as that of the digital watermarking promisingly applicable for the present electronically driven world [2]. Particularly, a schema known as fragile watermarking has attracted great attention for authentication and integrity of the digital content [3].
There are several known requirements for a fragile watermarking method that must be considered including detecting common image forgery, geometric transformations, signaling elimination of original image, putting new objects, and notifying once image processing operations present. Moreover, it is better to authenticate the media without referring to the original image; this is known as blind  detection [4]. Numerous methods recognized that attacks such as the copy-and-paste [5], vector quantization [6], the Holliman-Memon counterfeiting attack [7], or collage attack [8,9] should be considered by the fragile watermarking method.
It is known that watermarking methods alter the host image after inserting the authentication code. This situation is unsuitable for sensitive applications such as medical imaging and military purpose [11]. However, most of the image applications can accept the degradation of the image quality as long as the original and watermarked images are perceptually comparable or the content is not influenced.
Thus, watermarking the Holy Quran should be done carefully to avoid any influence on the verses.

Related Works
Digital watermarking is generally categorized into three kinds named fragile, semifragile, and robust watermarking. Fragile watermarking has the characteristic of being easily broken even if small forgery is present. Quite similar to fragile watermarking, semifragile watermarking has small difference, which is being robust to nonhuman forgery such as JPEG compression. Attractiveness of JPEG compression   becomes a key of the exploration aspect on semifragile watermarking. The last category named robust watermarking is intended to make it hard to break against any tamper activities. Thus, robust watermarking is suitable for copyright protection of the digital images [12]. Meanwhile, the fragile and semifragile watermarking are commonly applied for authentication of the multimedia content, including video, audio, and still image [13,14]. Some watermarking methods in the literature show that it can localize the tamper regions, and other methods are only able to inform if the still image is authentic or tampered.
(a) Such techniques work on very limited space of an image at the pixel level, depending on the color depth.
(b) Authentication can be easily passed using some image distortion such as compression or noise.
(c) Natural statistical property in the color image that has linked components in the color information (e.g., RGB and CMYK) would be distorted after watermarking process makes it open to image attacks.
Watermarking method in pixel-based concept [13,[26][27][28] is exposed to the brute-force attack because the watermark is commonly hidden into the least significant bits (LSBs) [31]. In addition, such method is suitable only to localize the image forgery on some of the most significant bits. On the other hand, the block-based concept has issues for parameter of the block sizes and watermark payloads. Some experiments are required to determine the proper parameter that facilitates acceptable tamper detection while maintaining the image quality. However, the main drawback in block-based concept is being unable to locate the tampered pixels accurately; this might be important for specific applications such as in the military communication [32]. In addition, Preda [14] found that the latest watermarking methods are susceptible to forging attacks and inaccurate when dealing with unintentional image tampering.
Recent fragile watermarking methods are reviewed to comprehend the state of the art. Many researchers focused on watermarking method for binary image [33] and grayscale image [34][35][36][37] and according to [38,39] only limited are concerned about color images. Even though their method is robust with minimum complexity, the original image must be present during authentication process or extracting the watermark information.
Wong [40] introduced a block-based approach along with the public-key scheme. The host image is presented as LSBzeroed prior to embedding the binary watermark image. Such method has high security and can handle crop and scale attacks. Their block-based approach does not have any correlation between the neighboring blocks or any blocks within the watermarked image. Thus, this method is exposed to several attacks, including vector quantization, coverup, and transplantation. Wu and Liu proposed DCT-based watermarking method [41] that embeds a binary watermark into the DCT coefficients. A look-up table is defined and utilized to map the DCT coefficients into zero or one. There are two issues in their method. First, they must transmit the look-up table in a secure channel to perform authentication everywhere. Second, their block-wise approach is independent and hence vulnerable to the same attacks like The Scientific World Journal Wong's method [40]. Li et al. [42] proposed a block-wise method that has dependence between neighboring blocks. Neighboring blocks are combined together to establish dependence among them. The authentication information is extracted from the host image as a binary feature map. Authentication can be done without the original image. They claimed that the method was resistant to cover-up attacks and vector quantization. Unfortunately, the watermark is embedded into LSB that is known weak to brute-force attack. Moreover, contextual dependence that was generated based on deterministic information between blocks is vulnerable to transplantation attack because the contextual dependence is established based on deterministic information. Li et al. [43,44] tried to avoid transplantation attack and reported that their method provided tamper detection at the pixel level. However, their method worked on spatial domain, which is also less secure to brute-force attack. Barreto   Mean square error (MSE) Root mean square error (RMSE) Peak signal-to-noise ratio (PSNR) PSNR = 10 ⋅ log 10 ( Measure of enhancement (EME) EME = 1 Signal-to-signal noise ratio (SNR) SNR db = 10 log 10 ( Weight peak signal-to-noise ratio (WPSNR) WPSNR = 20 log 10 ( 255 Bit error rate (BER) BER = ( ) ( )  [48]. Fridrich et al. [49] considered quantized DCT coefficients to generate the watermark. Then, the watermark is embedded into DCT coefficients. However, their method is not intended to locate the tampering pixels but rather it can tell whether the image is authentic or has been tampered. As discussed above, the performance of watermarking method can be analyzed through the image quality metrics and performing image attacks. For example, fragility of the watermark can be evaluated using collage attack [4]. In such attack, authenticated blocks of known watermarked image are copied into another image to create forgery content that can pass the authentication process. In the literature, a watermark hidden in wavelet domain shows resistance to bruteforce attack [13,29,30]. Moreover, imperceptibility of the    watermark has reported promisingly with satisfactory PSNR (peak signal-to-noise ratio) in the wavelet-based strategy [12,15,16,[25][26][27][28][29][30]. Hence, wavelet-based strategy has been recognized to shield the digital content against forgery. In this regard, the proposed method prefers wavelet-based strategy to achieve better authentication schema. In addition, chaotic maps [50] have appealed further attention to improve the digital watermarking [51][52][53]. It is because chaotic maps have properties that are sensitive to initial and parameter values and show chaotic behavior. In this regard, chaotic maps are considered in this study to increase the security of proposed fragile watermarking.
The contributions of this paper are a novel fragile watermarking method that utilized the discrete wavelet transforms (DWT) prior to embedding the watermark and chaotic maps to encrypt the watermark information. This method is applied to protect and authenticate the digital Holy Quran and to be able to locate the tamper region if present.
The rest of the paper is structured as follows: Section 2 explains the proposed watermarking method in the wavelet domain and illustrates the diagrams of embedding and authenticating the method, Section 3 covers the experimental results, and the last section concludes the paper.
Chaotic maps are attractive because a small difference in the initial condition would produce a huge difference and they have large variation range [54]. Such characteristics fulfill the classic Shannon's theory for information hiding [55]. Recently, chaotic maps have become popular because they have been proved to enhance the security for information hiding [56]. In this study, two chaotic maps are combined to encrypt the watermark information prior to embedding into the wavelet domain. First chaotic map is used to produce a sequence key and the second is used for data encryption. Such combination offers the subsequent advantages, including being resilient to the fixed length of word that influences by the chaotic sequence, it greatly volatile and it resistant to attacks [54].
The major idea behind this study is to embed the authentication code in the first level of 2D Daubechies discrete wavelet transform. The DWT is a distinguished transformation method that has drawn attention particularly because of the image compression (JPEG2000). 2D DWT used highpass and low-pass filters to decompose the image into wavelet coefficient, horizontal, vertical, and diagonal details. The DWT-based is considered in this paper rather than DCTbased as the wavelet transform mimics the human vision system (HVS) more similar than the DCT [57]. DWT does not decompose and process the image block by block thus minimizing the image artefacts unlike DCT. DWT clearly splits high-and low-frequency information with respect to pixel by pixel basis [14]. Embedding the watermark into the transform values will only alter the image locally since DWT has a spatial frequency locality characteristic. It is known that changing the coefficients in the wavelet domain is more likely to be undetectable contrasting DCT and FFT. DWT also offers spatial and frequency description of an image. Hence, DWT provides a good basis for hiding the watermark while preserving the image quality [14].
The proposed method is designed to work block by block on the wavelet domain. Each block that consists of the wavelet coefficients is processed consecutively with encrypted 10 The Scientific World Journal  (ii) n = 4 (iii) n = 6 (iv) n = 8 (v) n = 10 (vi) n = 12 watermarks entirely over the image. Hence, particular blocks are able to share duplicate authentication code and create relation between those blocks. This relation makes it hard for the intruder to tamper the watermarked image without breaking the watermarks.

Encryption of the Authentication Code Based on Chaotic
Map. Each image of the digital Holy Quran is different for each page. This is because a single page of the Quran image is formed by numerous unique verses. In addition, Quran images include a border to prettify the pages; the border is commonly exclusive among the digital Quran. Hence, such characteristics make the Quran image have a great chance to produce the secret key that is required by the chaotic map. The chaotic trajectory is sensitive to its parameter value and the initial condition. In this regard, random pixel values are selected from the Quran image. The encryption of authentication code begins by secret key's generation, then followed by the encryption process. The steps are detailed as follows.
(i) Take randomly one pixel value from -axis and one pixel value from -axis of the Quran image, defined The Scientific World Journal  (ii) Apply equation below to obtain value that is later used for generating the parameter value and initial condition, the equation being as follows: where is the pixels amount of the Quran image.
(vi) Henon map [18,22] is employed to encrypt the authentication code; the generalized equation is presented below: where and are Henon map parameters that are specified by = 0.3 and 1.07 ≤ ≤ 1.09.

16
The Scientific World Journal  Chaotic maps are constrained within the limit by performing modulo operation (mod 1). In addition, such operation retains the sequence convergence. The generated sequence is real numbers and hence it is quantized into binary system using simple threshold as below: (vii) Finally, the binary sequence ( ) generated above is used to encrypt the generated authentication code. The authentication code is produced by feeding the Quran image into hash function; the authentication code is defined in binary systems as ℎ( ) ∈ {0, 1}.
Then, using equation below the encrypted authentication code is attained: where is length of the authentication code.
The decryption of authentication code is simply an opposite procedure of encryption process as explained above. Using same secret keys, the decryption is using the following formula:

The Proposed Watermark Embedding Process.
The encrypted authentication code is embedded into the host image according to steps below.
(i) Firstly, the host image is brought into wavelet domain by performing 2D discrete wavelet transforms using Daubechies function. The decomposition generates resolution levels. (ii) Decomposition process using DWT will produce four matrices defined as wavelet coefficients, , , and . The resolution level is determined with × . In this paper, the decomposition level of the = 1 is considered. According to Run et al. [24], selecting higher value to produce higher subbands  level tolerates a greater tampering detection, but it decreases the localization accuracy against image tampering.
(iii) After decomposition, one decompose matrix called wavelet coefficients are rounded into closest integer. Then, the matrix is fragmented into small size of nonoverlapping block. Such fragmented blocks ensure that matrix of wavelet coefficients parallel to the same spatial spot will be inserted with watermark code. The payload of watermark code in a block is controlled using parameter. The block size should be determined properly to allow sufficient watermark payload and to maintain fine image quality. The suitable block size also ensures optimum localization capability on tampered region. Equation below is used to calculate the block size :  (iv) The watermark information that is already prepared as described in Section 3.1 is utilized. Such watermark resists local attacks problem because the information has been blurred using chaotic map [24]. The bits of watermark are defined as . It is known that the watermark length of is influenced by the selected hash function. In this regard, simple function is required to select the bits sequentially with respect to parameter ( value is same as in step (iii)) as defined below: (v) The selected authentication bits are hidden into the wavelet coefficients using weighted-sum function, ( ) [17]. The block of wavelet coefficients is fed into weighted-function and then the resulting value is compared with selected authentication bits; both values are treated in decimal form. A loop is performed until the weighted-sum value is equal to the selected authentication bits. The value in a block of wavelet coefficient is modified ±1 with respect to function as follows: (vi) After processing all blocks of the wavelet coefficients, the new wavelet coefficients are stored as 1 . Afterward, 1 along with three decomposition matrixes ( , , and ) are inverted back into spatial domain using 2D-Inverse DWT. The new image 1 is decomposed using 2D-DWT to obtain the wavelet coefficient, stored as 2 . Using equation below matrix is calculated: (vii) The matrix as generated above consists only of three kinds of values {−1, 0, +1}. Since matrix is halftone of the new image size then it requires stretching the matrix such that it has the same size of the image size. Such aim can be done by multiplying the matrix size by two and filling the gap with zero value. Further, the stretched matrix is embedded into spatial domain of new image 2 by altering the least significant bits of its pixels with value in matrix .

The Watermark Authentication
Process. The authentication process is allowed by tamper localization on the protected image if present. This process can be seen as reverse of the embedding process. The following steps describe the authentication process.
(i) As explained above, two watermarks are embedded separately on wavelet domain and then on spatial domain. It requires extracting them in reverse way. In spatial domain, the watermarks are hidden in least significant bits of pixels with respect to the matrix . In this regard, the LSB of each pixel is extracted by taking the two insignificant bits; the value is then saved in matrix .  (iii) The new image is decomposed into wavelet domain using 2D-DWT. It decomposes into first level subbands same as on watermarking process. Hence, it generates first wavelet coefficient, 1 , 1 , and 1 . The generated wavelet coefficient 1 is floored into nearest integer. Afterward, 1 is added with matrix to generate new wavelet coefficient 2 .
(iv) The 2 is processed block-by-block with block size same as defined during watermarking process. The weighted-sum function is utilized to obtain weight value of the block. The weight value is decrypted prior to comparing with authentication bits that are stored in database. The valid block should have same value with the selected authentication bits; otherwise it is categorized as tampered block. The wavelet  (iii) n = 6 (iv) n = 8 (i) n = 2 (ii) n = 4 (iii) n = 6 (iv) n = 8 coefficient value of tampered block is modified into zero values to localize the tamper region. Finally, authenticated image is generated by transforming the wavelet coefficient using 2D-DWT. A black box will exist if any forgery is present.

Implementation and Experimental Results
The performance of the proposed method is assessed with two datasets taken from popular android applications. Each one of the datasets consists of 604 images of the Quran pages. The file formats for the datasets A and B are JPEG and PNG, respectively. Dataset A has a border for each page and the color defined in RGB spaces. Dataset B does not have a border and is presented in the indexed grayscale image. Figure 3 presents some Quran images and Table 1 detailed the characteristics of each dataset. The experiment is conducted based on the common methodology as reported throughout the literature [15][16][17][18][19][20]25]. The assessment includes localization accuracy against image forgery and measures image quality after watermarking process. The result is presented for four pages only, selected from pages 1, 3, 50, and 601, for the sake of simplicity of the presentation. These four pages are considered because they represent the whole Quran pages. Page 1 consists only of one chapter and it is like page 50. Page 3 is almost similar with all pages of the Holy Quran. Page 50 shows the beginning of a new chapter and page 601 consists of several chapters in the page. The main concern of fragile watermarking method is the ability to detect the manipulation while preserving the host image after watermarking. Hence, several methods of image quality measurement are utilized to determine the quality of the watermarked image. The image quality methods are as in Table 2.
The image quality after the watermarking process is measured using the above-mentioned equations. In the literature, some methods have reported the reference value that indicates adequate image quality. The known acceptable values are shown in Table 3.
Proposed fragile watermarking method should be capable of detecting any manipulation and locate the tampered location. Certain form of manipulation can be unintended; for example, the usage of the compression schema and other manipulations can be intended including resizing, cropping, rotation, and other image manipulations. Those image manipulations can be summarized as follows. for example, performing watermarking on watermarked image or scanning watermarked image to produce same image that bypassed the watermark information.
As summarized above, six common image manipulations that covered the above-mentioned image manipulations are considered to demonstrate the performance of the proposed approach. The considered manipulations are only applicable for Quran pages, which should not alter the content extreme (e.g., rotation or flip the image). The considered image manipulations applied on the dataset are presented as in Table 4.
Please note that the pixel manipulation is too small. Therefore, it is hard to see by using naked eye. Then, replacement manipulation is executed by exchanging one verse of watermarked Quran image with another verse. It is clear that such manipulation will distort the content. Such replacement is a challenge to the nonprofessional to be discovered because of the lack of knowledge regarding the authentic Quran. The five image manipulations (except JPEG compression) that are applied on Quran image page number 3 are presented in Table 5. As mentioned in Section 3, the proposed method requires a parameter for the block size, defined as . The experiment will be conducted for a range of values, where = {1, 2, . . . , 15}. Each of values is subjected to the abovementioned image manipulations. Initially, the experiment is carried out to evaluate the PSNR value of watermarked image, because this metrics is commonly used and suitable to measure the performance of digital watermarking method. The proposed method can achieve PSNR value above 42 dB [3,17] after > 3 as shown in Table 6 and Figure 4, for both datasets A and B. It confirms that the level of image distortion following watermarking process is low enough even when considering a small value. The first important feature of the fragile watermark is imperceptibility. In order to discover the difference between the watermarked image and original image, hence the SSIM metric can be utilized to inspect the visual similarity [57]. SSIM has proved to be in line with the human visual system and is able to evaluate the relationship of the two different images, including image contrast, image brightness, and three aspects in the image structure. The SSIM value during experiment shows near to one when > 8, as depicted in Table 7 and Figure 4. Hence, the proposed method is able to preserve the image quality positively.
Afterward, the experiment is conducted by performing the dewatermarking process minus any image attacks to verify whether the authentication process can be accomplished properly or not. The result indicates that the watermarked image can pass the authentication perfectly for every value to the parameter of proposed method. The parameter is ranging from 1 to 15. The percentage of authentic blocks calculated by dividing the authenticated blocks with overall quantity of all blocks is 100% for both datasets A and B. It can be concluded that the proposed method can perform embedding and extracting of the watermark on host image perfectly.
The next evaluation is carried out to study the capability of proposed method with respect to the pixel manipulation as reported in Table 5. Table 5 of the pixel manipulation shows a particular region of the watermarked Quran image that has been altered, which is a single dot of the verse deleted. Such manipulation undoubtedly annoys the integrity of the Quran's content as the dot(s) has significance in Arabic alphabets. The parameter value within range {1, 15} is tested to understand the influence against tamper detection. Tables  8 and 9 show PSNR and BER results. Figures 5(i)-5(vi) show the location of the tampered region in the image as black box. Image quality metrics confirm that after attack the quality is decreased and tends to have a constant value as depicted in Figure 6. The fragility reported in Figure 7 that shows on JPEG dataset pixel manipulation can be detected under any value. Meanwhile, fragility on PNG dataset can achieve 100% only after ≥ 5.
The Gaussian filter is applied on the watermarked image, and the fragility is measured. The filter is blurring the Quran image that makes some verses unreadable or vague. Table 10 shows the image quality measurement to indicate the image quality after attack and Table 11 reports that the BER results indicated how fragile the proposed method is. As expected, changes in the magnitude of gradient vectors due to Gaussian filter can be detected properly. Hence, the proposed method is fragile to blurring attack. Blurring attack has decreased the image quality as reported in Figure 8, the PSNR result and other metrics shows obtain lower values compare with metrics' values before apply blurring attack. BER for both datasets are shown in Figure 9 and finest fragility can be achieved only after ≥ 8.
The Quran image should not contain any noise because a dot is a matter in Arabic letters. Hence, a Gaussian noise that is commonly used to add noises in image processing is considered. The Gaussian noise does not have structure and it is difficult to eliminate such noises without suffering modifications to the image itself. Tables 12 and 13 show the PSNR and BER results of the proposed method, respectively, after Gaussian noise is inserted to the watermarked images. The result confirms that the proposed fragile watermarking method is capable of localizing the noise   attack. Image quality is decreased after this attack as presented in Figure 10. Figure 11 reported fragility on PNG dataset better than JPEG dataset. Fragility on JPEG dataset is superior after > 6.
The succeeding considered attack is median filtering attack. Such attack is known as nonlinear attack and alters the gradient vector of image much more than Gaussian filter. The median filter does not change the edge points unlike Gaussian filter. The PSNR and the BER results of proposed method under median filtering attacks are presented in Tables 14 and  15, respectively. As mentioned before, the median filters are executed with 3 × 3 window. The result demonstrates that tamper localization after a median filtering attack is very efficient in both dataset A and dataset B. This attack degrades the image quality more than previous attacks as presented in Figure 12. The proposed method can attain acceptable fragility only after ≥ 8 for both datasets as depicted in Figure 13.
The collage attack is one of the security issues on the fragile watermarking method that needs to be concerned. In this regard, the watermarked image is altered by replacing the verse line number 9 with another verse. The pasted versed is taken from watermarked image and hence it has authentication code. Figures 14(i)-14(iv) and 15(i)-15(iv) report the position of the altered region in both datasets as black box. The result demonstrates even with small value the altered region can be detected but not accurately. The proposed method can localize the collage regions correctly when the parameter > 4. The NHD metric is utilized to estimate the localization performance by considering the modification between watermarked image and attacked image. The NHD is shown in Figure 16; the values expressing the proposed method can detect the collage attack as long as the parameter is greater than or equal to 8.
Finally, JPEG compression is tested on proposed method to evaluate the fragility against nonmalicious attack. The evaluation is considered from soft to modest JPEG compression with quality factor (QF) of JPEG compression within range {50, 100}. PSNR results are presented in Figure 17; the compression does not affect the image quality. The BER of the watermarked image following authentication process is measured. Figure 18 reported the BER results for = 1 to = 15. As expected, the BER value is high which means proposed method is fragile to JPEG compression with respect to any value. Such fragility is contributed from embedding process that considers the coefficients matrix of the first wavelet subbands. The first wavelet subbands are altered during the JPEG compression. A proper value for parameters can vary from one application to another. Nevertheless, it is suggested that value equal to eight (8) is applicable for general digital watermarking purposes.

Conclusion and Future Work
Based on the literature review, authors found no study attempt to explore the digital watermarking for the Holy Quran images. Most of the recent digital watermarking methods are applied on natural images, for example, Lena, baboon, and other popular images. Hence, there are a gap and an open issue related to preserving the integrity of the Holy Quran. This paper brings novel issue to the society and presents one of the solutions to protect the Holy Quran from common image tampering. The proposed method is intended as fragile watermarking that considers both wavelet domain and spatial domain. The first layer of watermarking method is applied on wavelet domain and second layer on spatial domain. The host image is transformed into wavelet domain using discrete wavelet transformation (DWT) prior to hiding the watermark. The recent methods demonstrated that such watermarking schema in the wavelet domain is robust to brute-force attack rather than watermarking method in the spatial domain. Furthermore, proposed method can be categorized as a block-based approach and it introduces correlation between the blocks that make resistance to collage attack. The two-layer watermarks also guarantee challenging the intruder to bypass the authentication without breaking the watermarked image. Thanks are due to chaotic maps that are very sensitive to initial value, demonstrate greatly blurred authentication code, and protect the watermark against local attacks. According to the result of image quality metrics, the proposed method obtained satisfactory image quality after embedding the procedure. Finally, several image attacks that applied into the watermarked image demonstrated that the proposed method yields promising localization of the image tampering at a minimum watermark payload.
In the future, analysis on other attacks can be considered such as blurring attack, noise attack, and other known attacks. Further, the study should work on various image formats, for example, JPEG2000, TIFF or BMP formats. Investigation on the image quality after watermarking process, using metrics other than PSNR and SSIM, is important. Implementing watermarks on higher level of decomposition can also be explored. Finally, the security can also be improved by improving the encryption part.