Image Authentication Using Added Signal-Dependent Noise

Image authentication has applications in security systems, photo forensics, and photo journalism. This paper presents an image authentication scheme using added signal-dependent noise. Imperceptible noise is embedded into the image at the time of acquisition according to the film grain noise model. During authentication, the image is divided into key-dependent overlapping blocks and the parameters of the embedded noise are extracted. The variance of the extracted parameters can be used to show the authenticity of an image. Test results indicate that the proposed algorithm is robust against content-preserving modifications such as JPEG compression and at the same time is capable of detecting malicious tampering.


INTRODUCTION
Due to the increasing popularity and accessibility of image manipulation softwares, digital manipulations of multimedia content have become difficult to detect.Determining the authenticity of digital images has widespread applications in security systems, forensics, and photo journalism.
Digital watermarking and digital signature have been proposed as image authentication methods in recent years.Most early digital watermarking schemes such as those based on spread-spectrum [1], discrete cosine transform (DCT) [2], and wavelet transform [3] can be defeated if small geometric distortions were introduced.Since the images might have gone through unavoidable modifications such as JPEG compression, additive noise and small geometric distortions that do not change the content of the images, recent algorithms have been focusing on the robustness of watermarking and signature generation schemes.
Bas et al. [4], Lu et al. [5], and Monga and Evans [6] developed feature-points-based watermarking embedding schemes.Instead of blindly inserting a predetermined mark into the images, they chose specific areas marked by the feature points that could not be destroyed in certain contentpreserving modifications.This method, however, did not work well for images lacking edges or discontinuities.Recent digital signature schemes [7][8][9][10] based on extracting unique features from the images were robust against com-pression, noise, and distortions.However, they did not have good localization properties, and hence venerable against local distortions such as removal or insertion of foreign objects.
The main drawback of the current schemes is that they require complex computation.Therefore, watermarks or signatures cannot be attached to the images at the time when they are taken because most cameras are not equipped with such hardware.Detecting digital forgeries without digital watermark or signature had been studied by Popescu and Farid [11,12].Their idea was based on the fact that forgeries usually require interpolation and resampling of the insertion object.Their results, however, maybe not be accurate when compression and filtering are introduced.Lukas et al. proposed an image authentication method based on the camera sensor pattern noise [13].The system was first trained by observing a number of images taken by one camera, and then the pattern noise of the image in question was extracted and compared to the observed noise pattern.
We propose an image tampering detection technique by introducing imperceptible signal-depended noise at the time of the image acquisition.During authentication, noise statistics is analyzed and any inconsistencies will point to possible tampering within the image.The main advantage of the algorithm is that it is easy to implement and it is robust against certain content-preserving modifications such as compression and additive noise.Section 2 introduces the proposed algorithm.Testing results are presented in Section 3, and concluding remarks and future directions are discussed in Section 4.

Signal-dependent noise
Signal-dependent noise is added to the original image I(x, y) via the following formula: R(x, y) = I(x, y) + kI p (x, y)n(x, y), (1) where k and p are constants, and n(x, y) is zero mean, unit variance Gaussian noise.This model is used for film grain noise generation.The parameter p, which depends on the film, is commonly set to 0.5 [14].
It can be shown that k can be estimated using the following equations [14]: where σ 2 r , c r 3 , and c r 4 are the variance, skewness, and kurtosis of the noise-embedded image R(x, y) and σ 2 i , c i 3 and, c i 4 are of those original image I(x, y).To calculate k, the statistics of the original image is assumed known a priori.

Noise embedding
In order to increase the security of the algorithm, the image is divided into random, overlapping tiles according to a private key.The statistics, that is, the variance, skewness, and kurtosis, of each subimage is calculated and stored either in the header or in a separate, encrypted file which would be transmitted to the receiver.
Random tiling is used by Monga and Evans [6] to generate localized feature points and also by Venkatesan et al. [9] to calculate the statistics of wavelet coefficients.The proposed method uses random division similar to that of Venkatesan's algorithm; however, the statistics alone cannot authenticate an image.
After the computation of the image statistics, noise is added to the original image via (1).

Image authentication
The received image is partitioned using the same private key, and the variance, skewness, and kurtosis of each block are calculated.k is then estimated using (2)-( 4).It should be noted that one equation is sufficient in calculating k.The effects of using second-, third-, and fourth-order statistics will be discussed in later sections.
Since the image might have gone through contentpreserving modifications such as compression and filtering, the estimated k value would not necessarily be the same as the  one used in embedding.However, the k's that are estimated from all the blocks should be consistent.This is because most content-preserving changes usually affect all pixels in an image rather than certain pixels locally.
Figure 2 shows the estimated k values from 16 random tiles for the original Lena and modified Lena in Figure 1.In Figure 2(a), the estimated values are somewhat evenly spread around the true value 0.1.In Figure 2(b), one of the estimated values is very different from the rest, indicating attacks occurred in this region.

Experiment setup
The algorithm is tested on over 20 images, including commonly used Lena, baboon, and peppers.Each image is scaled to 512 × 512 in size and divided into 16 overlapping regions.For colour images, the noise is embedded in the Y channel.In all test cases, k is set to 0.1.The peak signal-to-noise ratio (PSNR) of the noisy image to that of original is 47 dB on average.The added noise is imperceptible to human eyes.
Table 1 shows the mean and variance of the estimated k from 16 blocks.As an example, results for only 3 of the test images are presented.The mean value is very close to the true value for k which is 0.1.The variances of the estimations are very small.
The average embedding time for a 512 × 512 image is about 0.5 seconds on a Pentium(R) 4 machine.The time for computing and comparing k from 16 blocks is 0.3 seconds on average.

Performance in content preserving modifications
The algorithm is tested on none invasive modifications such as JPEG compression, additive Gaussian noise, and local denoising.JPEG compressed images are created by Stirmark    software [15].The lowest compression quality factor used is 60, which corresponds to a PSNR of about 27 dB.Gaussian noise of variance between 2 and 10 is added to the images directly.The worst PSNR in this case is around 28 dB.In local denoising, the noise of a selected area is suppressed using Photoshop CS.Four areas of size 50 × 50, 100 × 100, 150 × 150, 200 × 200 pixels are used.
The average mean value and standard deviation of the estimated k from the images are shown in Tables 2, 3, and 4. As expected, the accuracy of the estimation decreases as the image quality gets worse.However, the differences among the blocks of the same image remain relatively small, as evident in the standard deviations.The results obtained using (2)-( 4) are fairly similar in the JPEG compression case.However, when additive Gaussian noise is introduced, the third-and fourth-order statistics give better estimations in k.This is because higher-order statistics is better at suppressing white Gaussian noise.The tradeoff, on the other hand, is the high bias.Estimation using secondorder statistics, that is, (2), yields significantly smaller variances.This is a confirmation of the observation in [14].In our application, accurate estimation of k is not necessary.What is important is how evenly spread out the estimated values are.Therefore, the use of second-order statistics alone is sufficient.

Content-changing attacks
An important aspect of image authentication algorithm is its ability to detect malicious, content-changing modifications.To systematically test the proposed scheme, 1 to 10 icons of size 32 × 32 pixels are randomly inserted into the test images.Figure 3 shows an example of the images used in this test.In the worst case, about 4% of the pixels are modified.This experiment focuses on small changes because the larger the modified area, the more changes in the pixels, and therefore the easier it is to detect.
Figure 4 shows the variance of k in the object insertion case.Comparing to Tables 2, 3, and 4, the standard deviations of the estimated k are significantly higher.
A threshold on the variance can be set to distinguish authentic images from the maliciously modified ones.In this paper, we choose the threshold to be 0.2, which results in an error rate of 8% using second-order statistics.
The attacking region can be traced by examining the estimated k value from different blocks.However, releasing the regions used by the algorithm is dangerous to security attacks.

Security attacks
As mentioned in Section 2.2.1, the security of the algorithm comes from random tiling of the image.Without the key, attackers are not able to locate the positions that the algorithm use to estimate k.This property is shown in Figure 5.
Figure 5 is the histogram of the variance of the estimated k using 300 different keys.The variance is larger than the predefined accepted range of 0.2.It shows that an attacker with the knowledge of the embedding algorithm will not be able to generate authentic images without the embedding key.

CONCLUSION
This paper introduces an image authentication algorithm based on added signal-dependent noise.The proposed scheme is simple and can be applied to the image at the time of acquisition.During authentication, the parameters of the embedded noise are extracted from key-dependent areas, and the statistics of the extracted parameter are examined.The algorithm is tested on both content-preserving modifications and malicious attacks.From the magnitude of the variance of the noise parameter, one can determine the authenticity of an image.Test results show that the proposed algorithm is robust against content-preserving changes such as JPEG compression, additive Gaussian noise, and local denoising.Also, when foreign objects are inserted into the image, the algorithm can successfully detect the anomalies.Future work includes design of an appropriate noise filter such as the one used in [14] so that the original image statistics can be accurately estimated from the observed image and hence eliminating the need to store or transmit the original statistics.

Figure 2 :Figure 3 :Figure 4 :
Figure 2: Comparison of estimated k from 16 overlapping tiles.(a) Estimated k from original Lena, (b) estimated k from modified Lena.

Figure 5 :
Figure 5: Histogram of the variance of estimated k using different keys.

Table 1 :
Estimation of k using Lena, Baboon, and Peppers.

Table 2 :
Estimation of k in JPEG compressed images.

Table 3 :
Estimation of k in images with additive Gaussian noise.

Table 4 :
Estimation of k in images with local denoising.