Cryptanalysis and Improvement of the Robust and Blind Watermarking Scheme for Dual Color Image

Withmore color images being widely used on the Internet, the research on embedding color watermark image into color host image has been receiving more attention. Recently, Su et al. have proposed a robust and blind watermarking scheme for dual color image, in which the main innovation is the using of two-level DCT. However, it has been demonstrated in this paper that the original scheme in Su’s study is not secure and can be attacked by our proposed method. In addition, some errors in the original scheme have been pointed out. Also, an improvement measure is presented to enhance the security of the original watermarking scheme. The proposed method has been confirmed by both theoretical analysis and experimental results.


Introduction
With the rapid development of the Internet, a great deal of digital data can be easily accessed, and the copyright of digital content against privacy and malicious manipulation becomes increasingly important.A variety of theories can be used for the security applications [1][2][3].Watermarking [4][5][6] is a widely used technology for ensuring authenticity, copyright violation detection, and proof of ownership or distributorship of the content.The existing watermarking technologies always equip one of the two distinct properties: robustness and fragility.Robustness means that the embedded watermark in the host media cannot be easily modified or removed.Thus the robust watermarking can be used to protect ownership of the digital content [7].Contrarily, the fragile watermarking is sensitive to any modification of the host media and can be used to authenticate the integrality of the protected content [8].
Watermarking technologies can be classified into two categories: blind detection watermarking technologies and nonblind detection watermarking technologies [9] according to whether it requires the original data when extracting watermark.The blind detection means to extract watermark without the help of the original host image and the original watermark [10,11], while the nonblind detection requires the original host image or the original watermark [12,13].Generally, the blind detection watermarking technologies are less robust than the nonblind detection ones, but they are more realistic in many applications and have been recently receiving more attention.
Su et al. [14] recently proposed a new robust and blind digital watermarking algorithm for dual color images based on the two-level DCT, which aimed to protect the copyright under JPEG compression attack effectively.In the original scheme, the authors embed extra information into the host image by modifying the selected AC coefficients of the result obtained by two-level DCT.The method is effective; nevertheless, it is not secure due to the fact that the embedded watermark can be replaced while the modification of the host image is imperceptible, and therefore the purpose of copyright protection cannot be achieved.In this paper, we propose a novel attack method to replace the watermark embedded in the protected image.Moreover, an improvement measure is presented to enhance the security of the original scheme.
The rest of the paper is organized as follows.Section 2 presents a brief introduction of Su et al. 's scheme.By correcting the errors and analyzing the weakness of the original scheme, the attack method is proposed in Section 3. The improvement measure is described in Section 4. Section 5 concludes this paper.

Review of Su et al.'s Scheme
In Su et al. 's scheme [14], the two-level DCT technology is used to achieve higher concentration of energy; therefore the watermark information can be embedded easily.Before watermark embedding, the color watermark should be first preprocessed to change into the binary sequence form.That is, three components red (R), green (G), and blue (B) of the original watermark are separated out and then are DCT transformed, respectively.After compress coding and random permutation, the final binary sequence to be embedded is obtained.
To embed the obtained binary sequence, that is, the preprocessed color watermark, into the selected positions, the selected coefficients should be modified according to where  denotes the watermark bit,  * is the modified coefficient after embedding  in coefficient ,  is the bit number of the watermark,   = ⌊||/⌋ ×  + /4,   = ⌊||/⌋ ×  + 3 × /4, ⌊⋅⌋ denotes the least nearest integer, and | ⋅ | is the absolute value operation. is chosen to determine the embedding strength and the difference between  * and , in the worst condition, is /2.After modifying the coefficients, the inverse two-level DCT transform and inverse YIQ color transform should be performed to restore the original state of the host image.Thus, the watermark bits are embedded into the frequency domain of the host image based on two-level DCT.

Watermark Extraction.
To extract the watermark from a watermarked host image, one should first acquire the luminance information through YIQ color transform and, then, use two-level DCT to get the modified coefficients  * * .Three segments watermarks  , ,  = 1, 2, 3, of the original watermark can be extracted using Then, according to the majority principle, the watermark bit   can be obtained from  , .By inverse random permutation, decompression technology, and the inverse coding, the color watermark can be recovered.

The Cryptanalysis and Attack
3.1.Mistake in the Original Scheme.In the embedding process of the original scheme, there are some mistakes in (2); for example, suppose  = 9 and  = 4; then   = 2 ×  + 1 and   = 2 ×  + 3; according to (2), if the embedded  is 0, then min|  −| is 0; here  = 4 and  * =   = .Similarly, if 1 is embedded,  = 3 and  * =   = .Thus, no matter which value is embedded, the modified coefficient  * is not affected, and the watermark cannot be extracted exactly.
The appropriate approach is to change   and   to where  is an integer.Then, the modified coefficient  * is obtained from (2).The following steps demonstrate that the largest difference between  and  * is /2.Suppose the embedded  = 0.
Let  = ⌊( − /4)/⌋; then According to the range of , it can be divided into two cases.

Weakness of the Original Scheme.
According to Kerckhoffs' principle [17], when analyzing an encryption algorithm, an assumption is that the cryptanalyst knows exactly the design and working of the cryptosystem.Namely, cryptanalyst knows everything about the cryptosystem except for the secret keys.
In the original scheme, according to (3) and the known coefficient , the scrambled watermark bits   can be extracted from watermarked image.At the same time, according to (2) and the known coefficient , any arbitrary bits can be embedded into the watermarked image.So, we can erase or change the original watermark embedded in the image; thus the copyright protection would fail.The details of the attack scheme are introduced in the next section.Step 1. Follow the watermark extraction process proposed in Section 2 and obtain the permuted watermark bits   from image   with known  in (3).
Then, the watermark   embedded in the original image is replaced with   , which is possessed by the attacker.
The fidelity of the attacked image is analyzed below.Let  denote the two-level DCT coefficient of   and  *  and  *  denote the corresponding coefficients of   and   , respectively.Based on the statements in Section 3.1, | *  − | ≤ /2, | *  −  *  | ≤ /2, and then | *  − | ≤ , which means the difference of the coefficients between the original image and the attacked image increases, and, in the worst condition, the difference will be double.Since the modification occurred in the high-frequency coefficients of the two-level DCT, the PSNR (peak signal-to-noise ratio) value of the modified image is acceptable, and the invisibility of the watermark can be ensured.The experiments in the next section also verify this proposal.

Experiments.
PSNR is defined in (12), which may be used to evaluate perceptual distortion of the proposed scheme: where  = {1, 2, 3}, respectively, denotes the R, G, B components, and PSNR  presents the PSNR value of  component: where (, , ) and   (, , ) are the pixel values location at (, ) of  component of the original host image and the watermarked image.Generally, the larger the PSNR value is, the more invisible the watermark is. Figure 2(a) shows the original watermarked image of size 512 × 512.The original watermark of size 64 × 64 embedded in Figure 2(a) is given in Figure 2(b).The attacker's image whose size is the same as that of the original image is shown in Figure 2(c).Figure 2(d) displays the watermark embedded in the attacker's image using the original scheme with different secret key, the size of which is also 64 * 64. Figure 2(e) which seems to be the same as Figure 2(a) is the attacked image using the proposed method, and the PSNR value is near to that of Figure 2(a).

Improvement Measure
The main drawback of Su et al. 's scheme [14] is that one can easily obtain and replace the scrambled watermark from the host image by the known .Moreover, the scheme is not dependent on the plain image, which would increase the possibility of attacks.In order to overcome the above drawbacks and to improve security, a secret key must be introduced into the coefficients modification step.We propose the improvement measure here.

Watermark Embedding
Step 1.The host RGB image should be transformed into YIQ mode using (1) in Section 2.
Step 3. Set the initial parameter  and initial value  0 , which can be considered as the watermarking key, to iterate the chaotic system ( 14)   times, where   is the size of scrambled watermark bits: With parameter  ∈ (3.5699456, 4], the system ( 14) is in chaotic state [18].
Step 4. Let  be the watermark bit and  be the corresponding pseudorandom numbers obtained from (14).For every , obtain the integral number  according to where floor() returns the largest integer smaller than  and  is a series of integers ranging from 1 to 7.Then, the remnant AC coefficients (1, 2, 5, 6, 9, 10, and 13) in each block based on two-level DCT are selected according to the values of  to obtain the   .
The selected coefficient   is dependent on the plain host image, so different host image generates different coefficient   , and any modification on the watermarked image will affect the coefficient   and then will affect the watermark consequently (the explanations are given below), even if the watermark is obtained before.
Step 5. Obtain a bit   from the selected AC coefficient   using Step 6.The coefficient  * after watermark embedding can be obtained by the rule stated in where   =  ×  + /4,   =  ×  + 3 × /4,  is an integer, and || is the absolute value of .Based on (7),  * can be easily computed and the difference between  * and  is very small.In the worst condition, the largest difference between  and  * is /2.
Step 7.After modifying the coefficients, the inverse two-level DCT transform and inverse YIQ color transform should be performed to restore the original state of the host image.Thus, the watermark bits are embedded into the frequency domain of the host image based on two-level DCT.

Watermark Extraction
Step 1. Process the watermarked image   by the way of Steps 1-5 in the watermark embedding process to get a series of   using (16).
Step 2. Extract the watermark according to the DCT coefficients based on the following rules.In (18),  * * is the DCT coefficient at the low-frequency position of watermarked image and  , ,  = 1, 2, 3, are three segments watermarks of the original watermark: where   is the flipped   .
Mathematical Problems in Engineering 7 Then, according to the majority principle, the watermark bit   can be obtained from  , .By inverse random permutation, decompression technology, and the inverse coding, the color watermark can be recovered.

Experiments.
Since the selected coefficient from the seven remnant AC coefficients (1, 2, 5, 6, 9, 10, and 13) in each block based on two-level DCT is uncertain, the attacker cannot deduce   without the secret key mentioned in the above section; therefore the embedded watermark cannot be replaced using the proposed attack method.
In addition, the modifications of the host image during the watermark embedding procedure of the improved scheme are essentially the same as those of the original scheme; that is, only nine AC coefficients (C3, C4, C7, C8, C11, C12, C14, C15, and C16) in each block are selected to embed the watermark, and the largest difference between the coefficients before and after modification is /2.Therefore, the performance of the improved scheme is unchanged.Figure 3 shows an example of the attack to the improved scheme.It can be seen that the PSNRs of Figures 3(a 3(e) is the attacked image using the improved method.Figure 3(f) shows the extracted watermark from Figure 3(e).Since the two keys, that is, the initial value  0 and  of the chaotic map (14), are different between the original watermarked image and the attacker's watermarked image, the extracted watermark from the attacked image is confused, and the copyright protection of the original image will be successful.
In order to measure the robustness of the watermark, we use the normalized correlation (NC) between the original watermark  and the extracted watermark   , which is shown as follows: JPEG compression attack is one of the common attacks that must be verified in watermarking algorithm.In this experiment, the different watermarked images are lossycompressed with different compression factors ranging from 10 to 100.To prove the robustness of the improved scheme in terms of JPEG compression, we compare our scheme with the earlier works [15,16] that are based on one-level DCT and also with the original scheme of Su et al.The performance comparison is given in Table 1.Note that "NA" means the corresponding experimental datum is unavailable.As shown in Table 1, the watermark embedded by the proposed scheme can be almost fully extracted from the watermarked image when the compression ratio is 60%.However, under the same conditions, the watermarks embedded by [15,16] cannot survive after attacked by JPEG compression with compression ratios 20% and 30%, respectively.It demonstrates that the improved and the original scheme have almost the same strong robustness against JPEG compression.
In addition to quantitative measurement, Table 2 gives the evaluation of the robustness of the watermarking scheme in terms of NC [19], in which the watermark is extracted from the watermarked image (as shown in Figure 3(a)) which is under different attacks such as JPEG compression, filtering, and noise addition.The experimental results show that the robustness of the improved watermark scheme keeps consistent with that of the original scheme.

Conclusions
This paper attacks Su et al. 's scheme applied for protecting the copyright of digital images.The watermark embedded in the protected image using the original scheme can be replaced by the attacker with another watermark for the purpose of copyright changing, while the modification of the original image is imperceptible.To overcome this defect, the chaotic map is introduced, and the performance of the improvement measure is the same as before.Analysis and experiment show that the proposed method is secure and effective.

2. 1 .
Watermark Embedding.The host RGB image should be first transformed into YIQ mode using

Figure 1 :
Figure 1: The selected positions for embedding watermark in each image block.

3. 3 .
Method to Modify the Watermark.Suppose   is the original image and   is the watermarked image carrying the watermark   .The attacker has a different image, called   , carrying another watermark   .The attacker aims to replace   of   with   to change the copyright of   .The two attack steps are as follows.

Figure 2 (
f) shows the extracted watermark from Figure 2(e).Since Figure 2(f) is totally different from the original watermark that is shown in Figure 2(b), the copyright protection of the original image is invalid.

Figure 2 :
Figure 2: Attack of the original scheme.(a) The original watermarked image and (b) original watermark; (c) the attacker's watermarked image and (d) the watermark in (c); (e) the attacked image of (a); (f) the extracted watermark from (e).

Figure 3 :
Figure 3: Attack of the improved scheme.(a) The original watermarked image and (b) original watermark; (c) the attacker's watermarked image and (d) the watermark in (c); (e) the attacked image of (a); (f) the extracted watermark from (e).

Table 1 :
Performance comparison between the different methods in terms of JPEG compression (CR, compression ratio).

Table 2 :
Evaluation of the robustness of the watermarking scheme.