The contribution of this paper is two-fold. First, we describe an improved version of a blind steganalysis method previously proposed by Holotyak et al. and compare it to current state-of-the-art blind steganalyzers. The features for the blind classifier are calculated in the wavelet domain as higher-order absolute moments of the noise residual. This method clearly shows the benefit of calculating the features from the noise residual because it increases the features' sensitivity to embedding, which leads to improved detection results. Second, using this detection engine, we attempt to answer some fundamental questions, such as "how much can we improve the reliability of steganalysis given certain a priori side-information about the image source?" Moreover, we experimentally compare the security of three steganographic schemes for images stored in a raster format - (1) pseudo-random ±1 embedding using ternary matrix embedding, (2) spatially adaptive ternary ±1 embedding, and (3) perturbed quantization while converting a 16-bit per channel image to an 8-bit gray scale image.

An accurate statistical model of cover images is essential to the success of both steganography and steganalysis. We study the statistics of the full-frame two-dimensional discrete Fourier transform (DFT) coefficients of natural images and show that the independently and identically distributed model with unit exponential distribution is not a sufficiently accurate description of the statistics of normalized image periodograms. Consequently, the stochastic quantization index modulation (QIM) algorithm that aims at preserving this model is detectable in principle. To discriminate the resulted stegoimages from cover images, we train a learning system on them. Building upon a state-of-the-art steganalysis method using the statistical moments of wavelet characteristic functions, we propose new features that are more sensitive to data embedding. The addition of these features significantly improves the steganalyzer's receiver operating characteristic (ROC) curve.

We extend our previous work on structural steganalysis of LSB replacement in digital images, building detectors which analyse the effect of LSB operations on pixel groups as large as four. Some of the method previously applied to triplets of pixels carries over straightforwardly. However we discover new complexities in the specification of a cover image model, a key component of the detector. There are many reasonable symmetry assumptions which we can make about parity and structure in natural images, only some of which provide detection of steganography, and the challenge is to identify the symmetries a) completely, and b) concisely. We give a list of possible symmetries and then reduce them to a complete, non-redundant, and approximately independent set. Some experimental results suggest that all useful symmetries are thus described. A weighting is proposed and its approximate variance stabilisation verified empirically. Finally, we apply symmetries to create a novel quadruples detector for LSB replacement steganography. Experimental results show some improvement, in most cases, over other detectors. However the gain in performance is moderate compared with the increased complexity in the detection algorithm, and we suggest that, without new insight, further extension of structural steganalysis may provide diminishing returns.

Many commercial steganographic programs use least significant bit (LSB) embedding techniques to hide data in 24-bit color images. We present the results from a new steganalysis algorithm that uses a variety of entropy and conditional entropy features of various image bitplanes to detect the presence of LSB hiding. Our technique uses a Support Vector Machine (SVM) for bivariate classification. We use the SVMLight implementation due to Joachims (available at http://svmlight.joachims.org/). A novel Genetic Algorithm (GA) approach was used to optimize the feature set used by the classifier. Results include correct identification rates as high as >98% and false positive rates as low as <2%. We have applied using the staganography programs stegHide and Hide4PGP. The hiding algorithms are capable of both sequential and distributed LSB embedding. The image library consisted of 40,000 digital images of varying size and content, which form a diverse test set. Training sets consisted of as many as 34,000 images, half "clean" and the other half a disjoint set containing embedded data. The hidden data consisted of files with various sizes and various information densities, ranging from very low average entropy (e.g., standard word processing or spreadsheet files) to very high entropy (compressed data). The testing phase used a similarly prepared set, disjoint from the training data. Our work includes comparisons with current state-of-the-art techniques, and a detailed study of how results depend on training set size and feature sets used.

In the past few years, we have witnessed a number of powerful steganalysis technique proposed in the literature. These technique could be categorized as either specific or universal. Each category of techniques has a set of advantages and disadvantages. A steganalysis technique specific to a steganographic embedding technique would perform well when tested only on that method and might fail on all others. On the other hand, universal steganalysis methods perform less accurately overall but provide acceptable performance in many cases. In practice, since the steganalyst will not be able to know what steganographic technique is used, it has to deploy a number of techniques on suspected stego objects. In such a setting the most important question that needs to be answered is: What should the steganalyst do when the decisions produced by different steganalysis techniques are in contradiction? In this work, we propose and investigate information fusion techniques, that combine a number of steganalysis techniques. We start by reviewing possible fusion techniques which are applicable to steganalysis. Then we illustrate, through a number of case studies, how one is able to obtain performance improvements as well as scalability by employing suitable fusion techniques.

Quantitative steganalysis refers to the exercise not only of detecting the presence of hidden stego messages in carrier objects, but also of estimating the secret message length. This problem is well studied, with many detectors proposed but only a sparse analysis of errors in the estimators. A deep understanding of the error model, however, is a fundamental requirement for the assessment and comparison of different detection methods. This paper presents a rationale for a two-factor model for sources of error in quantitative steganalysis, and shows evidence from a dedicated large-scale nested experimental set-up with a total of more than 200 million attacks. Apart from general findings about the distribution functions found in both classes of errors, their respective weight is determined, and implications for statistical hypothesis tests in benchmarking scenarios or regression analyses are demonstrated. The results are based on a rigorous comparison of five different detection methods under many different external conditions, such as size of the carrier, previous JPEG compression, and colour channel selection. We include analyses demonstrating the effects of local variance and cover saturation on the different sources of error, as well as presenting the case for a relative bias model for between-image error.

We present a new method of steganalysis, the detection of hidden messages, for least significant bits (LSB) replacement embedding. The method uses lossless image compression algorithms to model images bitplane by bitplane. The basic premise is that messages hidden by replacing LSBs of image pixels do not possess the same statistical properties and are therefore likely to be incompressible by compressors designed for images. In fact, the hidden data are usually compressed files themselves that may or may not be encrypted. In either case, the hidden messages are incompressible. In this work, we study three image compressors, one a standard and two we developed. The results are that many images can be eliminated as having possible steganographic content since the LSBs compress more than a hidden message typically would.

Digital fingerprinting, watermarking, and tracking technologies have gained importance in the recent years in response to growing problems such as digital copyright infringement. While fingerprints and watermarks can be generated in many different ways, use of natural language processing for these purposes has so far been limited. Measuring similarity of literary works for automatic copyright infringement detection requires identifying and comparing creative expression of content in documents. In this paper, we present a linguistic approach to automatically fingerprinting novels based on their expression of content. We use natural language processing techniques to generate "expression fingerprints". These fingerprints consist of both syntactic and semantic elements of language, i.e., syntactic and semantic elements of expression. Our experiments indicate that syntactic and semantic elements of expression enable accurate identification of novels and their paraphrases, providing a significant improvement over techniques used in text classification literature for automatic copy recognition. We show that these elements of expression can be used to fingerprint, label, or watermark works; they represent features that are essential to the character of works and that remain fairly consistent in the works even when works are paraphrased. These features can be directly extracted from the contents of the works on demand and can be used to recognize works that would not be correctly identified either in the absence of pre-existing labels or by verbatim-copy detectors.

Text data forms the largest bulk of digital data that people encounter and exchange daily. For this reason the potential usage of text data as a covert channel for secret communication is an imminent concern. Even though information hiding into natural language text has started to attract great interest, there has been no study on attacks against these applications. In this paper we examine the robustness of lexical steganography systems.In this paper we used a universal steganalysis method based on language models and support vector machines to differentiate sentences modified by a lexical steganography algorithm from unmodified sentences. The experimental accuracy of our method on classification of steganographically modified sentences was 84.9%. On classification of isolated sentences we obtained a high recall rate whereas the precision was low.

This paper gives an overview of the research and implementation challenges we encountered in building an end-to-end natural language processing based watermarking system. With natural language watermarking, we mean embedding the watermark into a text document, using the natural language components as the carrier, in such a way that the modifications are imperceptible to the readers and the embedded information is robust against possible attacks. Of particular interest is using the structure of the sentences in natural language text in order to insert the watermark. We evaluated the quality of the watermarked text using an objective evaluation metric, the BLEU score. BLEU scoring is commonly used in the statistical machine translation community. Our current system prototype achieves 0.45 BLEU score on a scale [0,1].

This paper presents a scheme for estimating two-band amplitude scale attack within a quantization-based watermarking context. Quantization-based watermarking schemes comprise a class of watermarking schemes that achieves the channel capacity in terms of additive noise attacks. Unfortunately, Quantization-based watermarking schemes are not robust against Linear Time Invariant (LTI) filtering attacks. We concentrate on a multi-band amplitude scaling attack that modifies the spectrum of the signal using an analysis/synthesis filter bank. First we derive the probability density function (PDF) of the attacked data. Second, using a simplified approximation of the PDF model, we derive a Maximum Likelihood (ML) procedure for estimating two-band amplitude scaling factor. Finally, experiments are performed with synthetic and real audio signals showing the good performance of the proposed estimation technique under realistic conditions.

Rational Dither Modulation (RDM) is a high-rate data hiding method invariant to gain attacks. We propose an extension of RDM to construct a scheme that is robust to arbitrary linear time-invariant filtering attacks, as opposed to standard Dither Modulation (DM) which we show to be extremely sensitive to those attacks. The novel algorithm, named Discrete Fourier Transform RDM (DFT-RDM) basically works in the DFT domain, applying the RDM core on each frequency channel. We illustrate the feasibility of DFT-RDM by passing the watermarked signal through an implementation of a graphic equalizer: the average error probability is small enough to justify the feasibility of adding a coding with interleaving layer to DFT-RDM. Two easily implementable improvements are discussed: windowing and spreading. In particular, the latter is shown to lead to very large gains.

Customer identification watermarking today is one of the most promising application domains of digital watermarking. It enables to identify individual copies of otherwise indistinguishable digital copies. If done without any precautions, those individual watermarking are vulnerable to a number of specialized attacks based on an attacker collecting more than one individual copy. Fingerprinting algorithms are used to create watermarks robust against these attacks, but the resulting watermarks require a high payload of the watermarking algorithm. As soon as a large number of copies need to be distinguished and more than two copies are available to the attacker, the watermarks are too long to be embedded with current algorithms. We present a novel alternative method to fight attacks aimed at individual customer identification watermarks. This is achieved by modifying the watermarked material in a way collusion attacks produce artifacts which significantly reduce the perceived quality while they do not affect the quality of the individual copies.

Until now, the sensitivity attack was considered as a serious threat to the robustness and security of spread spectrum-based schemes, since it provides a practical method of removing watermarks with minimum attacking distortion. Nevertheless, it had not been used to tamper other watermarking algorithms, as those which use side-information. Furthermore the sensitivity attack has never been used to obtain falsely watermarked contents, also known as forgeries. In this paper a new version of the sensitivity attack based on a general formulation is proposed; this method does not require any knowledge about the detection function nor any other system parameter, but just the binary output of the detector, thus being suitable for attacking most known watermarking methods, both for tampering watermarked signals and obtaining forgeries. The soundness of this new approach is tested by empirical results.

The ambiguity attack is to derive a valid watermark from a medium to defeat the ownership claim of the real owner. Most of the research suggests that it is difficult to design a provably secure non-ambiguity watermarking without a trusted third party. Recently, Li and Chang have provided a specific blind additive spread spectrum watermarking scheme as an example that is provably non-ambiguous. However, the proposed watermarking needs the length of watermark n > 3.07 × 10⁹ according to our analysis. In this paper, a framework for quantization based watermarking schemes and non-blind spread spectrum watermarking scheme to achieve non-ambiguity is proposed. As a result, many of the existent watermarking schemes can achieve provable non-invertibility via using this framework, and an nonambiguity ownership verification protocol without a trusted third party may be constructed. We have obtained the close form solution of false positive rate for the underlying quantization based schemes and spread spectrum watermarking schemes (both blind and non-blind). The length of key of pseudo-random sequence generator (PRSG) is extended to m = c × n, the cardinality of the valid watermark set is extended to &verline;W&verline; = 2^m = 2^c,n, thus leading to more security to exhaustive searching attack than the Li and Chang's scheme, which has m = &sqrt;n. In addition, the required length of watermark becomes much shorter than that required in the Li and Chang's scheme. At last, we propose a noninvertible and robust quantization-based watermarking scheme with the length of watermark being n=1024.

One of the important stages of fingerprint recognition is the registration of the fingerprints with respect to the original template. This is not a straightforward task as fingerprint images may have been subject to rotations and translations. Popular techniques for fingerprint registration use a reference point to achieve alignment. The drawback of existing methods of core/reference point detection is their poor performance on rotated images. In this paper, we propose a new approach for rotation invariant and reliable reference point detection applicable to fingerprints of different quality and types. Our approach is based on the integration of a directional vector field (representing the doubled ridge orientations in fingerprints) over a closed contour. We define the reference point as the point of the highest curvature. Areas of high curvature in the fingerprint are characterized by large differences in the orientations and correspond to high curvatures in the directional vector fields. Closed contour integrals of orientation vector field, defined as above, over a circle centered around the reference point corresponds to maximal closed curve integrals, and the values associated with such integrals are rotation invariant. Experimental results prove that with the proposed approach we can locate the reference point with high accuracy. Comparison with existing methods is provided.

In this article, methods for user recognition by online handwriting are experimentally analyzed using a combination of demographic data of users in relation to their handwriting habits. Online handwriting as a biometric method is characterized by having high variations of characteristics that influences the reliance and security of this method. These variations have not been researched in detail so far. Especially in cross-cultural application it is urgent to reveal the impact of personal background to security aspects in biometrics. Metadata represent the background of writers, by introducing cultural, biological and conditional (changing) aspects like fist language, country of origin, gender, handedness, experiences the influence handwriting and language skills. The goal is the revelation of intercultural impacts on handwriting in order to achieve higher security in biometrical systems. In our experiments, in order to achieve a relatively high coverage, 48 different handwriting tasks have been accomplished by 47 users from three countries (Germany, India and Italy) have been investigated with respect to the relations of metadata and biometric recognition performance. For this purpose, hypotheses have been formulated and have been evaluated using the measurement of well-known recognition error rates from biometrics. The evaluation addressed both: system reliance and security threads by skilled forgeries. For the later purpose, a novel forgery type is introduced, which applies the personal metadata to security aspects and includes new methods of security tests. Finally in our paper, we formulate recommendations for specific user groups and handwriting samples.

In this paper, we investigate recognition performances of various projection-based features applied on registered 3D scans of faces. Some features are data driven, such as ICA-based features or NNMF-based features. Other features are obtained using DFT or DCT-based schemes. We apply the feature extraction techniques to three different representations of registered faces, namely, 3D point clouds, 2D depth images and 3D voxel. We consider both global and local features. Global features are extracted from the whole face data, whereas local features are computed over the blocks partitioned from 2D depth images. The block-based local features are fused both at feature level and at decision level. The resulting feature vectors are matched using Linear Discriminant Analysis. Experiments using different combinations of representation types and feature vectors are conducted on the 3D-RMA dataset.

In recent literature, privacy protection technologies for biometric templates were proposed. Among these is the so-called helper-data system (HDS) based on reliable component selection. In this paper we integrate this approach with face biometrics such that we achieve a system in which the templates are privacy protected, and multiple templates can be derived from the same facial image for the purpose of template renewability. Extracting binary feature vectors forms an essential step in this process. Using the FERET and Caltech databases, we show that this quantization step does not significantly degrade the classification performance compared to, for example, traditional correlation-based classifiers. The binary feature vectors are integrated in the HDS leading to a privacy protected facial recognition algorithm with acceptable FAR and FRR, provided that the intra-class variation is sufficiently small. This suggests that a controlled enrollment procedure with a sufficient number of enrollment measurements is required.

Biometric person authentication has been attracting considerable attention in recent years. Conventional biometric person authentication systems, however, simply store each user's template as-is on the system. If registered templates are not properly protected, the risk arises of template leakage to a third party and impersonation using biometric data restored from a template. We propose a technique that partially deletes and splits template information so as to prevent template restoration using only registered template information while enabling restoration for only that template's owner using error-correcting code. This technique can be applied to general biometric authentication systems. In this paper, we introduce this technique and evaluate template security with it by simulating a speaker verification system.

Audio fingerprints can be seen as hashes of the perceptual content of an audio excerpt. Applications include linking metadata to unlabeled audio, watermark support, and broadcast monitoring. Existing systems identify a song by comparing its fingerprint to pre-computed fingerprints in a database. Small changes of the audio induce small differences in the fingerprint. The song is identified if these fingerprint differences are small enough. In addition, we found that distances between fingerprints of the original and a compressed version can be used to estimate the quality (bitrate) of the compressed version. In this paper, we study the relationship between compression bit-rate and fingerprint differences. We present a comparative study of the response to compression using three fingerprint algorithms (each representative for a larger set of algorithms), developed at Philips, Polytechnic University of Milan, and Microsoft, respectively. We have conducted experiments both using the original algorithms and using versions modified to achieve similar operation conditions, i.e., the fingerprints use the same number of bits per second. Our study shows similar behavior for these three algorithms.

Wow, or time warping caused by speed fluctuations in analog audio equipment, provides a wealth of applications in watermarking. Very subtle temporal distortion has been used to defeat watermarks, and as components in watermarking systems. In the image domain, the analogous warping of an image's canvas has been used both to defeat watermarks and also proposed to prevent collusion attacks on fingerprinting systems. In this paper, we explore how subliminal levels of wow can be used for steganography and fingerprinting. We present both a low-bitrate robust solution and a higher-bitrate solution intended for steganographic communication. As already observed, such a fingerprinting algorithm naturally discourages collusion by averaging, owing to flanging effects when misaligned audio is averaged. Another advantage of warping is that even when imperceptible, it can be beyond the reach of compression algorithms. We use this opportunity to debunk the common misconception that steganography is impossible under "perfect compression."

It is well known that all information hiding methods that modify the least significant bits introduce distortions into the cover objects. Those distortions have been utilized by steganalysis algorithms to detect that the objects had been modified. It has been proposed that only coefficients whose modification does not introduce large distortions should be used for embedding. In this paper we propose an effcient algorithm for information hiding in the LSBs of JPEG coefficients. Our algorithm uses parity coding to choose the coefficients whose modifications introduce minimal additional distortion. We derive the expected value of the additional distortion as a function of the message length and the probability distribution of the JPEG quantization errors of cover images. Our experiments show close agreement between the theoretical prediction and the actual additional distortion.

In this paper, we construct blind steganalyzers for JPEG images capable of assigning stego images to known steganographic programs. Each JPEG image is characterized using 23 calibrated features calculated from the luminance component of the JPEG file. Most of these features are calculated directly from the quantized DCT coefficients as their first order and higher-order statistics. The features for cover images and stego images embedded with three different relative message lengths are then used for supervised training. We use a support vector machine (SVM) with Gaussian kernel to construct a set of binary classifiers. The binary classifiers are then joined into a multi-class SVM using the Max-Win algorithm. We report results for six popular JPEG steganographic schemes (F5, OutGuess, Model based steganography, Model based steganography with deblocking, JP Hide and Seek, and Steghide). Although the main bulk of results is for single compressed stego images, we also report some preliminary results for double-compressed images created using F5 and OutGuess. This paper demonstrates that it is possible to reliably classify stego images to their embedding techniques. Moreover, this approach shows promising results for tackling the diffcult case of double compressed images.

In this paper we propose a new steganographic algorithm based on Matching Pursuit image decomposition. Many modern approaches to detect the presence of hidden messages are based on statistical analysis, preferably on the analysis of higher-order statistical regularities. The idea behind this work is to adaptively choose the elements of a redundant basis to represent the host image. In this way, the image is expressed as the composition of a set of structured elements resembling basic image structures such as lines, corners, and flat regions. We argue that embedding the watermark at this, more semantic, level results in a lower modification of the low-level statistical properties of the image, and hence in a lower detectability of the presence of the hidden message.

There are several steganographic methods that embed in palette-based images. In general these schemes are using RGB palette models. The restrictions of palette-based image formats impose limitations on existing models. For example, how to divide colors from a palette-vector for embedding purposes without causing visual degradation to the image. Another crucial intricacy is embedding using multiple bit planes while preserving the image's characteristics. Possible solutions to these problems could be: a) using a multi-bit embedding procedure; b) using other color models and c) embedding only in non-informative regions. Therefore we present a new secure high capacity palette based steganographic method used to embed in multiple bit planes using different color models. The performance of the developed algorithm posts the following advantages shown through computer simulations: 1) Fewer modifications are present when compared to BPCS Steganographic method for palette-based images [1]. 2) Provides additional security through a simple selective color and cover image algorithm. 3) The proposed method offers an increased capacity by embedding in multiple bit planes. 4) Finally, the secure media storage system contains an independent steganographic method that provides an additional level of security. The proposed method was proven to be immune to Chi-square and Pairs Analysis steganalysis attacks. In addition, the presented method uses different color model to represent the palettes. Analysis shows that the presented algorithm was also secure against detection from RS Steganalysis when using different color models.

Recently the research in the watermarking field has concentrated its attention to the security aspects. In a watermarking application one of the most sensitive steps from the point of view of security, is the watermark extraction process: here, a prover has to prove to a verifier that a given watermark is present into the content. In the design of the system, it has to be considered that the prover is not a trusted party: the prover could try to exploit the knowledge acquired during watermark extraction to remove the embedded code and, consequently, to undermine the security of the watermarking system. To tackle this particular issue, it has been proposed to use some cryptographic techniques, defined zero-knowledge protocols, for building a secure layer on top of the watermarking channel, able to protect the watermarking algorithm against a possible information leakage. Up till now, zero-knowledge protocols have been applied to spread-spectrum based detectable watermarking algorithms. In this paper, a novel zero-knowledge protocol designed for a Spread Transform Dither Modulation (ST-DM) watermarking algorithm, belonging to the class of the informed watermarking systems, is proposed.

Digital watermarks for images can be made relatively robust to luminance and chrominance changes. More challenging problems are geometric or combined intensity/geometric attacks. In this work we use an additive watermarking model, commonly used in spread spectrum, using a new spreading function. The spreading function is a 2D circular chirp that can simultaneously resist JPEG compression and image rotation. Circular chirp is derived from a block chirp by polar mapping. The resistance to compression is achieved by the available tuning parameters of a block chirp. Tuning parameters include the chirp's initial frequency and chirp rate. These two parameters can be used to perform spectral shaping to avoid JPEG compression effects. Rotational invariance is achieved by mapping the block chirp to a ring whose inner and outer diameters are selectable. The watermark is added in spatial domain but detection is performed in polar domain where rotation translates to translation.

Using electronic watermarks as copyright protection for still images requires robustness against geometrical attacks. In this paper we propose a watermarking scheme that is robust to rotation and scaling distortions. The watermark detection is performed in a 1-D invariant signature whereas the embedding process is performed adding a watermark signal in the DFT domain. This embedding procedure allows the watermarking signal to be shaped in the frequency domain. This shaping is determined solving a game opposing the watermarker and the attacker. Statistically significant roc curve test results under several attacks are presented.

Steganographic embedding is generally guided by two performance constraints at the encoder. Firstly, as is typical in the field of watermarking, all the transmission codewords must conform to an average power constraint. Secondly, for the embedding to be statistically undetectable (secure), it is required that the density of the watermarked signal must be equal to the density of the host signal. Assuming that this is not the case, statistical steganalysis will have a probability of detection error less than 1/2 and the communication may be terminated. Recent work has shown that some common watermarking algorithms can be modified such that both constraints are met. In particular, spread spectrum (SS) communication can be secured by a specific scaling of the host before embedding. Also, a side informed scheme called stochastic quantization index modulation (SQIM), maintains security with the use of an additive stochastic element during the embedding. In this work the performance of both techniques is analysed under the AWGN channel assumption. It will be seen that the robustness of both schemes is lessened by the steganographic constraints, when compared to the standard algorithms on which they are based. Specifically, the probability of decoding error in the SS technique increases when security is required, and the achievable rate of SQIM is shown to be lower than that of dither modulation (on which the scheme is based) for a finite alphabet size.

Spread-Transform Dither Modulation (STDM) is a side-informed data hiding method based on the quantization of a linear projection of the host signal. This projection affords a signal to noise ratio gain which is exploited by Dither Modulation (DM) in the projected domain. Similarly, it is possible to use to the same end the signal to noise ratio gain afforded by the so-called sphere-hardening effect on the norm of a vector. In this paper we describe the Sphere-hardening Dither Modulation (SHDM) data hiding method, which is based on the application of DM to the magnitude of a host signal vector, and we give an analysis of its characteristics. It shown that, in the same sense as STDM can be deemed to be the side-informed counterpart of additive spread spectrum (SS) with repetition coding, SHDM is the side-informed counterpart of multiplicative SS with repetition. Indeed, we demonstrate that SHDM performs similarly as STDM in front of additive independent distortions, but with the particularity that this is achieved through different quantization regions. The quantization hyperplanes which characterize STDM are replaced by quantization spheres in SHDM. The issue of securing SHDM is also studied.

In this paper, security of lattice-quantization data hiding is considered under a cryptanalytic point of view. Security in this family of methods is implemented by means of a pseudorandom dither signal which randomizes the codebook, preventing unauthorized embedding and/or decoding. However, the theoretical analysis shows that the observation of several watermarked signals can provide sufficient information for an attacker willing to estimate the dither signal, quantifying information leakages in different scenarios. The practical algorithms proposed in this paper show that such information leakage may be successfully exploited with manageable complexity, providing accurate estimates of the dither using a small number of observations. The aim of this work is to highlight the security weaknesses of lattice data hiding schemes whose security relies only on secret dithering.

In this paper, we tackle the problem of performance improvement of quantization-based data-hiding in the middle-watermark-to-noise ratio (WNR) regime. The objective is to define the quantization-based framework that maximizes the performance of the known-host-state data-hiding in the middle-WNR taking into account the host probability density function (pdf). The experimental results show that the usage of uniform deadzone quantization (UDQ) permits to achieve higher performance than using uniform quantization (UQ) or spread spectrum (SS)-based data-hiding. The performance enhancement is demonstrated for both achievable rate and error probability criteria.

We present a new approach to detection of forgeries in digital images under the assumption that either the camera that took the image is available or other images taken by that camera are available. Our method is based on detecting the presence of the camera pattern noise, which is a unique stochastic characteristic of imaging sensors, in individual regions in the image. The forged region is determined as the one that lacks the pattern noise. The presence of the noise is established using correlation as in detection of spread spectrum watermarks. We proposed two approaches. In the first one, the user selects an area for integrity verification. The second method attempts to automatically determine the forged area without assuming any a priori knowledge. The methods are tested both on examples of real forgeries and on non-forged images. We also investigate how further image processing applied to the forged image, such as lossy compression or filtering, influences our ability to verify image integrity.

Digital elevation maps (DEMs) provide a digital representation of 3-D terrain information. In civilian applications, high-precision DEMs carry a high commercial value owing to the large amount of effort in acquiring them; and in military applications, DEMs are often used to represent critical geospatial information in sensitive operations. These call for new technologies to prevent unauthorized distribution and to trace traitors in the event of information leak related to DEMs. In this paper, we propose a new digital fingerprinting technique to protect DEM data from illegal re-distribution. The proposed method enables reliable detection of fingerprints from both 3-D DEM data set and its 2-D rendering, whichever format that is available to a detector. Our method starts with extracting from a DEM a set of critical contours either corresponding to important topographic features of the terrain or having application-dependent importance. Fingerprints are then embedded into these critical contours by employing parametric curve modeling and spread spectrum embedding. Finally, a fingerprinted DEM is constructed to incorporate the marked 2-D contours. Through experimental results, we demonstrate the robustness of the proposed method against a number of challenging attacks applied to either DEMs or their contour representations.

In today's digital world securing different forms of content is very important in terms of protecting copyright and verifying authenticity. One example is watermarking of digital audio and images. We believe that a marking scheme analogous to digital watermarking but for documents is very important. In this paper we describe the use of laser amplitude modulation in electrophotographic printers to embed information in a text document. In particular we describe an embedding and detection process which allows the embedding of 1 bit in a single line of text. For a typical 12 point document, 33 bits can be embedded per page.

We describe an online system for classifying computer generated images and camera-captured photographic images, as part of our effort in building a complete passive-blind system for image tampering detection (project website at http: //www.ee.columbia.edu/trustfoto). Users are able to submit any image from a local or an online source to the system and get classification results with confidence scores. Our system has implemented three different algorithms from the state of the art based on the geometry, the wavelet, and the cartoon features. We describe the important algorithmic issues involved for achieving satisfactory performances in both speed and accuracy as well as the capability to handle diverse types of input images. We studied the effects of image size reduction on classification accuracy and speed, and found different size reduction methods worked best for different classification methods. In addition, we incorporated machine learning techniques, such as fusion and subclass-based bagging, in order to counter the effect of performance degradation caused by image size reduction. With all these improvements, we are able to speed up the classification speed by more than two times while keeping the classification accuracy almost intact at about 82%.

In this paper, we propose a new theoretical framework for the data-hiding problem of digital and printed text documents. We explain how this problem can be seen as an instance of the well-known Gel'fand-Pinsker problem. The main idea for this interpretation is to consider a text character as a data structure consisting of multiple quantifiable features such as shape, position, orientation, size, color, etc. We also introduce color quantization, a new semi-fragile text data-hiding method that is fully automatable, has high information embedding rate, and can be applied to both digital and printed text documents. The main idea of this method is to quantize the color or luminance intensity of each character in such a manner that the human visual system is not able to distinguish between the original and quantized characters, but it can be easily performed by a specialized reader machine. We also describe halftone quantization, a related method that applies mainly to printed text documents. Since these methods may not be completely robust to printing and scanning, an outer coding layer is proposed to solve this issue. Finally, we describe a practical implementation of the color quantization method and present experimental results for comparison with other existing methods.

In a data hiding communications scenario, geometrical attacks lead to a loss of reliable communications due to synchronization problems when the applied attack is unknown. In our previous work, information-theoretic analysis of this problem was performed for theoretic setups, i.e., when the length of communicated data sequences asymptotically approaches infinity. Assuming that the applied geometrical attack belongs to a set of finite cardinality, it is demonstrated that it does not asymptotically affect the achievable rate in comparison to the scenario without any attack. The main goal of this paper is to investigate the upper and lower bounds on the rate reliability function that can be achieved in the data hiding channel with some geometrical state. In particular, we investigate the random coding and sphere packing bounds in channels with random parameter for the case when the interference (channel state) is not taken into account at the encoder. Furthermore, only those geometrical transformations that preserve the input dimensionality and input type class are considered. For this case we are showing that similar conclusion obtained in the asymptotic case is valid, meaning that within the class of considered geometrical attacks the rate reliability function is bounded in the same way as in the case with no geometrical distortions.

We present an image data-hiding scheme based on near-capacity dirty-paper codes. The scheme achieves high embedding rates by "hiding" information into mid-frequency DCT coefficients among each DCT block of the host image. To reduce the perceptual distortion due to data-hiding, the mid-frequency DCT coefficients are first perceptually scaled according to Watson's model. Then a rate-1/3 projection matrix in conjunction with a rate-1/5 capacity-approaching dirty-paper code is applied. We are able to embed 1500 information bits into 256×256 images, outperforming, under a Gaussian noise attack, currently the best known data-hiding scheme by 33%. Robustness tests against different attacks, such as low-pass filtering, image scaling, and lossy compression, show that our scheme is a good candidate for high-rate image data-hiding applications.

Construction of steganographic schemes in which the sender and the receiver do not share the knowledge about the location of embedding changes requires wet paper codes. Steganography with non-shared selection channels empowers the sender as now he is able to embed secret data by utilizing arbitrary side information, including a high-resolution version of the cover object (perturbed quantization steganography), local properties of the cover (adaptive steganography), and even pure randomness, e.g., coin flipping, for public key steganography. In this paper, we propose a new approach to wet paper codes using random linear codes of small codimension that at the same time improves the embedding efficiency-the number of message bits embedded per embedding change. We describe a practical algorithm, test its performance experimentally, and compare the results to theoretically achievable bounds. We point out an interesting ripple phenomenon that should be taken into account by practitioners. The proposed coding method can be modularly combined with most steganographic schemes to allow them to use non-shared selection channels and, at the same time, improve their security by decreasing the number of embedding changes.

Successful watermarking algorithms have already been developed for various applications ranging from meta-data tagging to forensic tracking. Nevertheless, it is commendable to develop alternative watermarking techniques that provide a broader basis for meeting emerging services, usage models and security threats. To this end, we propose a new multiplicative watermarking technique for video, which is based on the principles of our successful MASK audio watermark. Audio-MASK has embedded the watermark by modulating the short-time envelope of the audio signal and performed detection using a simple envelope detector followed by a SPOMF (symmetrical phase-only matched filter). Video-MASK takes a similar approach and modulates the image luminance envelope. In addition, it incorporates a simple model to account for the luminance sensitivity of the HVS (human visual system). Preliminary tests show algorithms transparency and robustness to lossy compression.

Due to the ease with which digital data can be manipulated and due to the ongoing advancements that have brought us closer to pervasive computing, the secure delivery of video and images has become a challenging problem. Despite the advantages and opportunities that digital video provide, illegal copying and distribution as well as plagiarism of digital audio, images, and video is still ongoing. In this paper we describe two techniques for securing H.264 coded video streams. The first technique, SEH264Algorithm1, groups the data into the following blocks of data: (1) a block that contains the sequence parameter set and the picture parameter set, (2) a block containing a compressed intra coded frame, (3) a block containing the slice header of a P slice, all the headers of the macroblock within the same P slice, and all the luma and chroma DC coefficients belonging to the all the macroblocks within the same slice, (4) a block containing all the ac coefficients, and (5) a block containing all the motion vectors. The first three are encrypted whereas the last two are not. The second method, SEH264Algorithm2, relies on the use of multiple slices per coded frame. The algorithm searches the compressed video sequence for start codes (0x000001) and then encrypts the next N bits of data.

There are several scenarios where the integrity of digital images and videos has to be verified. Examples can be found in videos captured by surveillance cameras. In this paper we propose a semi-fragile watermarking scheme, which can be applied on still images as well as on digital videos. We concentrate on the protection of I-frames in compressed MPEG-1/2 videos. We use the entropy of the probability distribution of gray level values in block groups to generate a binary feature mask, which is embedded robustly into an adjacent I-frame. The approach can distinguish between content-preserving and content-changing manipulations. Positions of content-changing manipulations can be localized. We provide experimental results to analyze the effectiveness of the scheme. In the evaluation part we concentrate on the robustness against content-preserving and the sensitivity to content-changing manipulations.

Most of the MPEG watermarking schemes can only be embedded into I-frames. The other frames will not be marked. Different attacks like frame rate changing can change the frame type of the marked I-frames. Thus the watermark could be detected from wrong I-frames. Due to these attacks an important issue of digital watermarking solutions for MPEG video is the temporal synchronization of the video material to the proportions before the attacks to detect the watermark successfully. The synchronization information can be embed as part of the information watermark or as a second watermark. The weakness point is with the destruction of the synchronization information the watermark can not be detected more. We provide a solution which analyzes the I-frames based on a robust image hash system. The hash solution was developed for JPEG images and can also be used for MPEG I-frames because of their similar structure. The hash values are robust against common manipulations, like compression, and can be used to detect the marked frames also after manipulations at the video material. We analyze the usability of the image hash system and develop a concept based on video and MPEG properties.

As H.264 digital video becomes more prevalent, the industry needs copyright protection and authentication methods that are appropriate for this standard. The goal of this paper is to propose a robust watermarking algorithm for H.264. To achieve this goal, we employ a human visual model adapted for a 4x4 DCT block to obtain a larger payload and a greater robustness while minimizing visual distortion. We use a key-dependent algorithm to select a subset of the coefficients with visual watermarking capacity for watermark embedding to obtain robustness to malicious attacks. Furthermore, we spread the watermark over frequencies and within blocks to avoid error pooling. The error pooling effect, introduced by Watson, has not been considered in previous perceptual watermarking algorithms. Our simulation results show that we can increase the payload and robustness without a noticeable change in perceptual quality by reducing this effect. We embed the watermark in the residuals to avoid decompressing the video, and to reduce the complexity of the watermarking algorithm. However, we extract the watermark from the decoded video sequence to make the algorithm robust to intraprediction mode changes. Our simulation results shows that we obtain robustness to filtering, 50% cropping, and requantization attacks.

Selective encryption is a technique that is used to minimizec omputational complexity or enable system functionality by only encrypting a portion of a compressed bitstream while still achieving reasonable security. For selective encryption to work, we need to rely not only on the beneficial effects of redundancy reduction, but also on the characteristics of the compression algorithm to concentrate important data representing the source in a relatively small fraction of the compressed bitstream. These important elements of the compressed data become candidates for selective encryption. In this paper, we combine encryption and distributed video source coding to consider the choices of which types of bits are most effective for selective encryption of a video sequence that has been compressed using a distributed source coding method based on LDPC codes. Instead of encrypting the entire video stream bit by bit, we encrypt only the highly sensitive bits. By combining the compression and encryption tasks and thus reducing the number of bits encrypted, we can achieve a reduction in system complexity.

In this work we propose a new algorithm for fragile, high capacity yet file-size preserving watermarking of MPEG-2 bitstreams. Watermarking is performed entirely in the compressed domain with no need for full or even partial decompression thus providing the speed necessary for real time video applications. The algorithm is based on the idea that that not every code word in the entropy coded portion of video is used. By mapping used variable length codes to unused ones a watermark situation can be realized. However, by examining MPEG-2 streams it was realized that the unused codespace is practically nonexistent. The solution lies in expanding the codespace. This expansion is achieved by creating a paired codespace defined over individual blocks of video. Although every VLC may have been used in the video, there are numerous VLC pairs that do not occur in any block together. This situation creates the redundancy within the codespace necessary for watermarking. We show that the watermarked video is resistant to forgery attacks and remains secure to watermark detection attempts.

In this paper we consider the problem of document authentication in electronic and printed forms. We formulate this problem from the information-theoretic perspectives and present the joint source-channel coding theorems showing the performance limits in such protocols. We analyze the security of document authentication methods and present the optimal attacking strategies with corresponding complexity estimates that, contrarily to the existing studies, crucially rely on the information leaked by the authentication protocol. Finally, we present the results of experimental validation of the developed concept that justifies the practical efficiency of the elaborated framework.

Channel Coding with Side Information at the encoder(CCSI) can be visualized as a blind watermarking problem: the original host signal for embedding the watermark is known at the encoder but not at the decoder. Similarly, the Rate Distortion with Side Information at the decoder(RDSI) is known as distributed source coding: the rate distortion limits of an input source if a noisy observation of that source is available only at the decoder. There is a strong duality between CCSI and RDSI for the gaussian case. We propose a system that exploits the generalized versions of the two information theoretical dualities of CCSI and RDSI together within a unique setup. The question is "Can we combine these two separated dual problems (blind watermarking and distributed source coding) within a single problem?". The proposed scheme can be viewed as "Watermarking or Data Hiding within Distributed Source Coding". The setup contains the cascade of the generalized versions of CCSI and RDSI where there exists two different side information, one available only at the encoder and the other at the decoder. The preliminary experimental results are given using the theoretical findings of the duality problem.

In data-hiding the issue of the achievable rate maximization is closely related to the problem of host interference cancellation. The optimal host interference cancellation relies on the knowledge of the host realization and the channel statistics (the additive white Gaussian noise (AWGN) variance) available at the encoder a priori to the transmission. The latter assumption can be rarely met in practical situations. Contrarily to the Costa set-up where the encoder is optimized for the particular state of the independent and identically distributed (i.i.d.) Gaussian attacking channel, we address the problem of asymmetrically informed data-hiding optimal encoder design assuming that the host interference probability density function (pdf) is an i.i.d. Laplacian and the channel variance lies on some known interval. The presented experimental results advocate the advantages of the developed embedding strategy.

This paper considers watermarking detection, also known as zero-bit watermarking. A watermark, carrying no hidden message, is inserted in content. The watermark detector checks for the presence of this particular weak signal in content. The paper aims at looking to this problem from a classical detection theory point of view, but with side information enabled at the embedding side. This means that the watermarking signal is a function of the host content. Our study is twofold. The first issue is to design the best embedding function for a given detection function (a Neyman-Pearson detector structure is assumed). The second issue is to find the best detection function for a given embedding function. This yields two conditions, which are mixed into one 'fundamental' differential equation. Solutions to this equation are optimal in these two senses. Interestingly, there are other solutions than the regular quantization index modulation scheme. The JANIS scheme, for instance, invented in a heuristic manner several years ago, is justified as it is one of these solutions.

The fundamental difference between the data-hiding and watermark signature verification problems was highlighted in a 2001 paper by Steinberg and Merhav. In data hiding, the maximum number of messages that can be reliably decoded is essentially 2^nC, where n is the host sequence length and C is the data-hiding capacity. A dramatically different result is obtained for signature verification: in principle one can discriminate between a doubly exponential number of signatures: 2^2nC', where C' is the identification capacity. This paper proposes a practical design of codes for the latter application and compares the results with current designs in the literature.

Despite their popularity, spread spectrum techniques have been proven to be vulnerable to sensitivity analysis attacks. Moreover, the number of detection operations needed by the attacker to estimate the watermark is generally linear in the size of the signal available to him. This holds not only for a simple correlation detector, but also for a wide class of detectors. Therefore there is a vital need for more secure detection methods. In this paper, we propose a randomized detection method that increases the robustness of spread spectrum embedding schemes. However, this is achieved at the expense of detection performance. For this purpose, we provide a framework to study the tradeoff between these two factors using classical detection-theoretic tools: large deviation analysis and Chernoff bounds. To gain more insight into the practical value of this framework, we apply it to image signals, for which "good" statistical models are available.

The evaluation of digital watermarks is an active and important research area. From the variety there are different types of attacks like geometric attacks, lossy compression, security or protocol attacks [1, 2] available to evaluate the robustness of digital watermarks. Furthermore, different attack strategies like single attacks or profile attacks are known to improve the evaluation process [3]. If for example, the robustness of a watermarking algorithm is evaluated, then the signal of the audio content and the embedded watermark is modified with the goal to remove or weaken the watermark information. In this paper, the focus is set on audio signals. We introduce the evaluation process of an existing benchmark service, the Audio Watermark Evaluation Testbed (Audio WET) [4] by evaluating five different audio watermarking algorithms, which work in time, frequency and wavelet domain. Therefore, we introduce basic, extended and application profiles which improve the evaluation of watermarking algorithms to provide comparability. Whereas the basic profiles measure single properties on a watermarking algorithm, the extended and application profiles reflect real world application scenarios. Furthermore a test scenario and test environment for the evaluation of five audio watermarking algorithms by using basic profiles is described and discussed. The test results of the first evaluation by using basic profiles are introduced and a comparison of the evaluated watermarking algorithms using different parameter sets for embedding function is provided.

This paper presents a benchmark assessment of the WAUC digital audio watermarking scheme, which relies on MPEG 1 Layer 3 compression to determine where and how the embedded mark must be introduced. The mark is embedded by modifying the magnitude of the spectrum at several frequencies which are chosen according to the difference between the original and the compressed audio content. The main advantage of the scheme is that the perceptual masking of the compressor is implicitly used and, thus, the scheme can be directly tested with different maskings by replacing the compressor. Since repeat coding of the mark is used, a majority voting scheme is applied to improve robustness. The scheme also uses a dual Hamming error correcting code for the embedded mark, which makes it possible to apply it for fingerprinting, achieving robustness against the collusion of two buyers. Several tuning parameters affect the embedding and reconstruction processes, the values of which are chosen according to the tuning guidelines obtained in previous works. In order to illustrate the robustness of the method, the WAUC scheme has been tested against several evaluation profiles, such as the attacks introduced in the Watermark Evaluation Testbed (WET) for audio.

The evaluation of transparency plays an important role in the context of watermarking and steganography algorithms. This paper introduces a general definition of the term transparency in the context of steganography, digital watermarking and attack based evaluation of digital watermarking algorithms. For this purpose the term transparency is first considered individually for each of the three application fields (steganography, digital watermarking and watermarking algorithm evaluation). From the three results a general definition for the overall context is derived in a second step. The relevance and applicability of the definition given is evaluated in practise using existing audio watermarking and steganography algorithms (which work in time, frequency and wavelet domain) as well as an attack based evaluation suite for audio watermarking benchmarking - StirMark for Audio (SMBA). For this purpose selected attacks from the SMBA suite are modified by adding transparency enhancing measures using a psychoacoustic model. The transparency and robustness of the evaluated audio watermarking algorithms by using the original and modifid attacks are compared. The results of this paper show hat transparency benchmarking will lead to new information regarding the algorithms under observation and their usage. This information can result in concrete recommendations for modification, like the ones resulting from the tests performed here.

Shape quality assessment is a new challenge for a wide set of 3-D graphics applications and particularly for emerging 3-D watermarking schemes. In order to measure distortions new metrics have to be drawn between an original 3-D surface and its deformed version. These metrics are necessary to determine whether a deformation is perceptually acceptable and therefore whether this deformation should be considered while testing the robustness of a 3-D watermarking scheme. In this paper, we propose an objective metric based on the comparison of 2-D projections of the deformed and original versions of the shape. Rendering conditions are carefully specified as they play a key role on the human perception of the 3-D object. We compare the behaviors of this objective metric and of state-of-the-art metrics to subjective human perception for a set of deformations caused by watermarking schemes and usual watermarking attacks on several 3-D meshes. The protocol of these subjective psychovisual experiments is presented in detail. We discuss these experimental results for the purpose of the benchmarking of 3-D watermarking schemes.

Robust watermarks are evaluated in terms of image fidelity and robustness. We extend this framework and apply reliability testing to robust watermark evaluation. Reliability is the probability that a watermarking algorithm will correctly detect or decode a watermark for a specified fidelity requirement under a given set of attacks and images. In reliability testing, a system is evaluated in terms of quality, load, capacity and performance. To measure quality that corresponds to image fidelity, we compensate for attacks to measure the fidelity of attacked watermarked images. We use the conditional mean of pixel values to compensate for valumetric attacks such as gamma correction and histogram equalization. To compensate for geometrical attacks, we use error concealment and perfect motion estimation assumption. We define capacity to be the maximum embedding strength parameter and the maximum data payload. Load is then defined to be the actual embedding strength and data payload of a watermark. To measure performance, we use bit error rate (BER) and receiver operating characteristics (ROC) and area under the curve (AUC) of the ROC curve of a watermarking algorithm for different attacks and images. We evaluate robust watermarks for various quality, loads, attacks, and images.

While Digital Watermarking has received much attention within the academic community and private sector in recent years, it is still a relatively young technology. As such, there are few accepted tools and metrics that can be used to validate the performance claims asserted by members of the research community and evaluate the suitability of a watermarking technique for specific applications. This lack of a universally adopted set of metrics and methods has motivated us to develop a web-based digital watermark evaluation system known as the Watermark Evaluation Testbed or WET. This system has undergone several improvements since its inception. The ultimate goal of this work has been to develop a platform, where any watermarking researcher can test not only the performance of known techniques, but also their own techniques. This goal has been reached by the latest version of the system. New tools and concepts have been designed to achieve the desired objectives. This paper describes the new features of WET. Moreover, we also summarize the development process of the entire project as well as introduce new directions for future work.

MPEG (Moving Picture Experts Groups) is currently standardizing Multimedia Application Format (MAF) which targets to provide simple but practical multimedia applications to the industry. One of the interesting and on-going working items of MAF activity is the so-called Music Player MAF which combines MPEG-1/2 layer III (MP3), JPEG image, and metadata into a standard format. In this paper, we propose a protection and governance mechanism to the Music Player MAF by incorporating other MPEG technology, MPEG-21 IPMP (Intellectual Property Management and Protection). We show, in this paper, use-case of the distribution and consumption of this Music Player contents, requirements, and how this protection and governance can be implemented in conjunction with the current Music Player MAF architecture and file system. With the use of MPEG-21 IPMP, the protection and governance to the content of Music Player MAF fulfils flexibility, extensibility, and granular in protection requirements.

In this paper we describe a novel framework for watermarking 3-D objects via contour information. Instead of classical existing watermarking technologies dealing with 3-D objects that operate on the object itself to insert and extract the mark (3-D/3-D approach), the goal of our work is to retrieve information originally hidden in the apparent contour of the object from resulting 2D images or videos having used the 3D synthetic object (3-D/2-D approach). In this paper we also propose an extension of 2-D polygonal line watermarking algorithm to 3-D silhouette.

In this paper, we present the design and results of subjective tests for evaluating the perceptibility of digital watermarks in 3D polygonal models. Based on the results we investigate different types of metrics with respect to their usefulness as predictors for the perceived visual quality of models that have been modified using a specific watermarking algorithm. We describe two experiments with models that have been watermarked using controlled free form deformations. The first experiment was conducted in supervised mode with still images of rendered models as stimuli and used the Two Alternative Forced Choice (2AFC) method. The second experiment was based on animated sequences and run in 2AFC mode with additional ratings of the perceived differences, but without assistance by the experimenter. We present a transparency analysis of the results and investigate the ability of image-based and geometry-based metrics to predict the perceived quality of the watermarked models. Our results show that the effectiveness of prediction depends on the type of model and in particular on the feature positions selected by the watermarking algorithm. The results of previous experiments with simplified polygonal models are confirmed, in that geometric measures are good predictors of quality ratings. We found that the symmetric Haussdorf distance is a promising candidate to evaluate the visual impact of the watermarking algorithm used in our experiments.

In this paper, we improve the performance of the hierarchical detector we proposed in [1] for real-time software or low-cost hardware implementation. Although the original hierarchical detector is faster than sub-sampled brute force-base detector when processing marked images, it unnecessarily continues to process unmarked images looking for a watermark that is not present. This processing is time-consuming; hence, it represents a significant deployment obstacle. The improved detector, however, avoids most of the processing of the unmarked areas of an image by exploiting the presence of a reference signal usually included with the embedded watermark. This reference signal enables the detector to synchronize the image after it has been subjected to a geometric transformation (scaling, rotation, and translation). The improved detector refrains from searching an image area any further whenever the level of the reference signal is very weak or the estimated scale factors and rotation angles associated with this reference signal are not consistent among the processed blocks within the same layer in the hierarchy. The proposed detector has been implemented, and the experimental results indicate that the proposed detector is computationally more efficient with unmarked images, while achieving a detection rate similar to that of the original hierarchical detector.

Digital fingerprinting is an emerging technology to protect multimedia from unauthorized use by embedding a unique fingerprint signal into each user's copy. A robust embedding algorithm is an important building block in order to make the fingerprint resilient to various distortions and collusion attacks. Spread spectrum embedding has been widely used for multimedia fingerprinting. In this paper, we explore another class of embedding methods - Quantization Index Modulation (QIM) for fingerprinting applications. We first employ Dither Modulation (DM) technique and extend it for embedding multiple symbols through a basic dither sequence design. We then develop a theoretical model and propose a new algorithm to improve the collusion resistance of the basic scheme. Simulation results show that the improvement algorithm enhances the collusion resistance, while there is still a performance gap with the existing spread spectrum based fingerprinting. We then explore coded fingerprinting based on spread transform dither modulation (STDM) embedding. Simulation results show that this coded STDM based fingerprinting has significant advantages over spread spectrum based fingerprinting under blind detection.

For the protection of Intellectual Property Rights (IPR), different passive protection methods have been developed. These watermarking and fingerprinting technologies protect content beyond access control and thus tracing illegal distributions as well as the identification of people who are responsible for a illegal distribution is possible. The public's attention was attracted especially to the second application by the illegal distribution of the so called 'Hollywood screeners'. The focus of current research is on audio and video content and images. These are the common content types we are faced with every day, and which mostly have a huge commercial value. Especially the illegal distribution of content that has not been officially published shows the potential commercial impact of illegal distributions. Content types, however, are not limited to audio, video and images. There is a range of other content types, which also deserve the development of passive protection technologies. For sheet music for instance, different watermarking technologies have been developed, which up to this point only function within certain limitations. This is the reason why we wanted to find out how to develop a fingerprinting or perceptual hashing method for sheet music. In this article, we describe the development of our algorithm for sheet music, which is based on simple graphical features. We describe the selection of these features and the subsequent processing steps. The resulting compact representation is analyzed and the first performance results are reported.

This paper presents and discusses a web oriented, interactive anonymous buyer-seller watermarking protocol. In particular, the protocol enables buyers who are neither provided with digital certificates issued by trusted certification authorities (CAs) nor able to autonomously perform security actions to purchase digital contents distributed by web content providers (CPs) while keeping their identities unexposed during web transactions. The protocol also allows guilty buyers, i.e. who are responsible distributors of illegal replicas, to be unambiguously identified. Finally, the protocol has been designed so that CPs can exploit copyright protection services supplied by web service providers (SPs) in a security context. Thus, CPs can take advantage of complex protection services without having to implement them.

Matrix embedding is a general coding method that can be applied to most steganographic schemes to improve their embedding efficiency-the number of message bits embedded per one embedding change. Because smaller number of embedding changes is less likely to disrupt statistic properties of the cover object, schemes that employ matrix embedding generally have better steganographic security. This gain is more important for long messages than for shorter ones because longer messages are easier to detect. Previously introduced approaches to matrix embedding based on Hamming codes are, however, not efficient for long messages. In this paper, we present novel matrix embedding schemes that are effcient for embedding messages close to the embedding capacity. One is based on a family of codes constructed from simplex codes and the second one on random linear codes of small dimension. The embedding effciency of the proposed methods is evaluated with respect to theoretically achievable bounds.

This paper continues the researches on a recently proposed reversible watermarking approach based on an integer transform defined for pairs of pixels. The transform is invertible and, besides, for some pairs of pixels, the original values are recovered even if the LSBs of the transformed pixels are overwritten. Two watermarking schemes, a simple one and a modified version, have been developed to embed watermarks into image LSB plane without any other data compression. At detection, original image is exactly recovered by using a simple map which keeps track of the transformed pairs and the LSBs of the unchanged pairs of pixels. The main contribution of this paper is the generalization of the transform for groups of n pixels, where n ⩾ 2. Transforming groups larger than 2 pixels, the size of the map decreases and thus, the hiding capacity of the scheme can increase. In this general context, it appears that the behavior of the transform depends on the parity of n i.e., n even is more appropriate for reversible watermarking. It is also shown that, for n ⩾ 4 the simple scheme and the modified one give very similar data hiding capacity, i.e., the same performance is obtained at a lower computational cost.

This paper presents a novel scheme for detection of watermarks embedded in multimedia signals using spread spectrum (SS) techniques. The detection method is centered on using the model that the embedded watermark and the host signal are mutually independent. The proposed detector assumes that the host signal and the watermark obey non-Gaussian distributions. The proposed blind watermark detector employs underdetermined blind source separation (BSS) based on independent component analysis (ICA) for watermark estimation from the watermarked image. The mean-field theory based undetermined BSS scheme is used for watermark estimation. Analytical results are presented showing that the proposed detector performs significantly better than the existing correlation based blind detectors traditionally used for SS-based image watermarking.

One requirement for audio watermarks is that the embedded watermark should be imperceptible and does not alter the audio signal quality. To achieve this goal, existing audio watermarking methods use a power constraint or more sophisticated Human Auditory System (HAS) models. At the embedding side the watermark signal is shaped by a masking curve computed on the original signal. At the detector, signal processing like Wiener filtering or inverse filtering whitens the watermark and tries to avoid host signal effect. Then, the correlation detector, which is the Maximum Likelihood (ML) optimal detector, is applied considering Gaussian assumption for the signals. The method described in this paper uses a different approach in the DFT domain. A new ML detector is derived assuming a Weibull distribution for the modulus of the Discrete Fourier Transform of the host signal. Performances of the new proposed detector are given and compared to the correlation detector that assumes a Gaussian distribution of the signal.

This paper studies the problem of achieving watermark semi-fragility in multimedia authentication through a composite hypothesis testing approach. The embedding of a semi-fragile watermark serves to distinguish legitimate distortions caused by signal processing manipulations from illegitimate ones caused by malicious tampering. This leads us to consider authentication verification as a composite hypothesis testing problem with the watermark as a priori information. Based on the hypothesis testing model, we investigate the best embedding strategy which assists the watermark verifier to make correct decisions. Our results show that the quantization-based watermarking method is more appropriate than the spread spectrum method to achieve the best tradeoff between two error probabilities. This observation is confirmed by a case study of additive Gaussian white noise channel with Gaussian source using two figures of merit: relative entropy of the two hypothesis distributions and the receiver operating characteristic. Finally, we focus on certain common signal processing distortions such as JPEG compression and image filtering, and investigate the best test statistic and optimal decision regions to distinguish legitimate and illegitimate distortions. The results of the paper show that our approach provides insights for authentication watermarking and allows better control of semi-fragility in specific applications.

Robust image watermarking is the process of embedding an invisible watermark in an image with the purpose of keeping the watermark intact after intentional attacks and normal audio/visual processes. A recent DWT image watermarking paper embeds a PRN sequence as a watermark in three bands, excluding the low pass subband, using coefficients that are higher than a given threshold T₁. During watermark detection, all the coefficients higher than another threshold T₂ are chosen for correlation with the original watermark. In this paper, we extend the idea to embed the same watermark in two bands (LL and HH). Our experiments show that for one group of attacks, the correlation with the real watermark is higher than the threshold in the LL band, and for another group of attacks, the correlation with the real watermark is higher than the threshold in the HH band.

A recent image quality measure, M-SVD, can express the quality of distorted images either numerically or graphically. Based on the Singular Value Decomposition (SVD), it consistently measures the distortion across different distortion types and within a given distortion type at different distortion levels. The SVD decomposes every real matrix into a product of three matrices A = USV^T, where U and V are orthogonal matrices, U^TU = I, V^TV = I and S = diag (s₁, s₂, ...). The diagonal entries of S are called the singular values of A, the columns of U are called the left singular vectors of A, and the columns of V are called the right singular vectors of A. M-SVD, as a graphical measure, computes the distance between the singular values of the original image block and the singular values of the distorted image block, where n x n is the block size. If the image size is k x k, we have (k/n) x (k/n) blocks. The set of distances, when displayed in a graph, represents a "distortion map." The numerical measure is derived from the graphical measure. It computes the global error expressed as a single numerical value. In this paper, we will extend the SVD-based image quality measure to evaluate the visual quality of watermarked images using several watermarking schemes.