Showing papers on "Digital watermarking published in 2019"

Multi-layer security of medical data through watermarking and chaotic encryption for tele-health applications

Abstract: In this paper, we present a robust and secure watermarking approach using transform domain techniques for tele-health applications. The patient report/identity is embedding into the host medical image for the purpose of authentication, annotation and identification. For better confidentiality, we apply the chaos based encryption algorithm on watermarked image in a less complex manner. Experimental results clearly indicated that the proposed technique is highly robust and sufficient secure for various forms of attacks without any significant distortions between watermarked and cover image. Further, the performance evaluation of our method is found better to existing state-of-the-art watermarking techniques under consideration. Furthermore, quality analysis of the watermarked image is estimated by subjective measure which is beneficial in quality driven healthcare industry.

RNN-Stega: Linguistic Steganography Based on Recurrent Neural Networks

Abstract: Linguistic steganography based on text carrier auto-generation technology is a current topic with great promise and challenges. Limited by the text automatic generation technology or the corresponding text coding methods, the quality of the steganographic text generated by previous methods is inferior, which makes its imperceptibility unsatisfactory. In this paper, we propose a linguistic steganography based on recurrent neural networks, which can automatically generate high-quality text covers on the basis of a secret bitstream that needs to be hidden. We trained our model with a large number of artificially generated samples and obtained a good estimate of the statistical language model. In the text generation process, we propose fixed-length coding and variable-length coding to encode words based on their conditional probability distribution. We designed several experiments to test the proposed model from the perspectives of information hiding efficiency, information imperceptibility, and information hidden capacity. The experimental results show that the proposed model outperforms all the previous related methods and achieves the state-of-the-art performance.

Survey of robust and imperceptible watermarking

Abstract: Robustness, imperceptibility and embedding capacity are the preliminary requirements of any watermarking technique. However, research concluded that these requirements are difficult to achieve at same time. In this paper, we review various recent robust and imperceptible watermarking methods in spatial and transform domain. Further, the paper introduces elementary concepts of digital watermarking, characteristics and novel applications of watermark in detail. Furthermore, various analysis and comparison of different notable watermarking techniques are discussed in tabular format. We believe that our survey contribution will helpful for fledgling researchers to develop robust and imperceptible watermarking algorithms for various practical applications.

Review on optical image hiding and watermarking techniques

Abstract: Information security is a critical issue in modern society and image watermarking can effectively prevent unauthorized information access. Optical image watermarking techniques generally have advantages of parallel high-speed processing and multi-dimensional capabilities compared to digital approaches. This paper provides a comprehensive review of the research works related to optical image hiding and watermarking techniques conducted in the past decade. The past research works have focused on two major aspects: various optical systems for image hiding, and the methods for embedding the optical system output into a host image. A summary of the state-of-the-art works is made from these two perspectives.

Deep Learning for Signal Authentication and Security in Massive Internet-of-Things Systems

Abstract: Secure signal authentication is arguably one of the most challenging problems in the Internet of Things (IoT), due to the large-scale nature of the system and its susceptibility to man-in-the-middle and data-injection attacks. In this paper, a novel watermarking algorithm is proposed for dynamic authentication of IoT signals to detect cyber-attacks. The proposed watermarking algorithm, based on a deep learning long short-term memory structure, enables the IoT devices (IoTDs) to extract a set of stochastic features from their generated signal and dynamically watermark these features into the signal. This method enables the IoT gateway, which collects signals from the IoTDs, to effectively authenticate the reliability of the signals. Moreover, in massive IoT scenarios, since the gateway cannot authenticate all of the IoTDs simultaneously due to computational limitations, a game-theoretic framework is proposed to improve the gateway’s decision making process by predicting vulnerable IoTDs. The mixed-strategy Nash equilibrium (MSNE) for this game is derived, and the uniqueness of the expected utility at the equilibrium is proven. In the massive IoT system, due to the large set of available actions for the gateway, the MSNE is shown to be analytically challenging to derive, and thus, a learning algorithm that converges to the MSNE is proposed. Moreover, in order to handle incomplete information scenarios, in which the gateway cannot access the state of the unauthenticated IoTDs, a deep reinforcement learning algorithm is proposed to dynamically predict the state of unauthenticated IoTDs and allow the gateway to decide on which IoTDs to authenticate. Simulation results show that with an attack detection delay of under 1 s, the messages can be transmitted from IoTDs with an almost 100% reliability. The results also show that by optimally predicting the set of vulnerable IoTDs, the proposed deep reinforcement learning algorithm reduces the number of compromised IoTDs by up to 30%, compared to an equal probability baseline.

A novel hybrid DCT and DWT based robust watermarking algorithm for color images

Abstract: In this paper, a novel robust color image watermarking method based on Discrete Cosine Transform (DCT) and Discrete Wavelet Transform (DWT) is proposed. In this method, RGB cover image is divided into red, green and blue components. DCT and DWT are applied to each color components. Grayscale watermark image is scrambled by using Arnold transform. DCT is performed to the scrambled watermark image. Transformed watermark image is then divided into equal smaller parts. DCT coefficients of each watermark parts are embedded into four DWT bands of the color components of the cover image. The robustness of the proposed color image watermarking has been demonstrated by applying various image processing operations such as rotating, resizing, filtering, jpeg compression, and noise adding to the watermarked images. Experimental results show that the proposed method is robust to the linear and nonlinear attacks and the transparency of the watermarked images has been protected.

How to prove your model belongs to you: a blind-watermark based framework to protect intellectual property of DNN

Abstract: Deep learning techniques have made tremendous progress in a variety of challenging tasks, such as image recognition and machine translation, during the past decade. Training deep neural networks is computationally expensive and requires both human and intellectual resources. Therefore, it is necessary to protect the intellectual property of the model and externally verify the ownership of the model. However, previous studies either fail to defend against the evasion attack or have not explicitly dealt with fraudulent claims of ownership by adversaries. Furthermore, they can not establish a clear association between the model and the creator's identity. To fill these gaps, in this paper, we propose a novel intellectual property protection (IPP) framework based on blind-watermark for watermarking deep neural networks that meet the requirements of security and feasibility. Our framework accepts ordinary samples and the exclusive logo as inputs, outputting newly generated samples as watermarks, which are almost indistinguishable from the origin, and infuses these watermarks into DNN models by assigning specific labels, leaving the backdoor as the basis for our copyright claim. We evaluated our IPP framework on two benchmark datasets and 15 popular deep learning models. The results show that our framework successfully verifies the ownership of all the models without a noticeable impact on their primary task. Most importantly, we are the first to successfully design and implement a blind-watermark based framework, which can achieve state-of-art performances on undetectability against evasion attack and un-forgeability against fraudulent claims of ownership. Further, our framework shows remarkable robustness and establishes a clear association between the model and the author's identity.

DAWN: Dynamic Adversarial Watermarking of Neural Networks

Abstract: Training machine learning (ML) models is expensive in terms of computational power, amounts of labeled data and human expertise. Thus, ML models constitute intellectual property (IP) and business value for their owners. Embedding digital watermarks during model training allows a model owner to later identify their models in case of theft or misuse. However, model functionality can also be stolen via model extraction, where an adversary trains a surrogate model using results returned from a prediction API of the original model. Recent work has shown that model extraction is a realistic threat. Existing watermarking schemes are ineffective against IP theft via model extraction since it is the adversary who trains the surrogate model. In this paper, we introduce DAWN (Dynamic Adversarial Watermarking of Neural Networks), the first approach to use watermarking to deter model extraction IP theft. Unlike prior watermarking schemes, DAWN does not impose changes to the training process but it operates at the prediction API of the protected model, by dynamically changing the responses for a small subset of queries (e.g., 1- 2^{-64}$), incurring negligible loss of prediction accuracy (0.03-0.5%).

An Optimized Image Watermarking Method Based on HD and SVD in DWT Domain

Abstract: In this paper, a novel image watermarking method is proposed which is based on discrete wave transformation (DWT), Hessenberg decomposition (HD), and singular value decomposition (SVD). First, in the embedding process, the host image is decomposed into a number of sub-bands through multi-level DWT, and the resulting coefficients of which are then used as the input for HD. The watermark is operated on the SVD at the same time. The watermark is finally embedded into the host image by the scaling factor. Fruit fly optimization algorithm, one of the natural-inspired optimization algorithms is devoted to find the scaling factor through the proposed objective evaluation function. The proposed method is compared to other research works under various spoof attacks, such as the filter, noise, JPEG compression, JPEG2000 compression, and sharpening attacks. The experimental results show that the proposed image watermarking method has a good trade-off between robustness and invisibility even for the watermarks with multiple sizes.

Screen-Shooting Resilient Watermarking

Abstract: This paper proposes a novel screen-shooting resilient watermarking scheme, which means that if the watermarked image is displayed on the screen and the screen information is captured by the camera, we can still extract the watermark message from the captured photo. To realize such demands, we analyzed the special distortions caused by the screen-shooting process, including lens distortion, light source distortion, and moire distortion. To resist the geometric deformation caused by lens distortion, we proposed an intensity-based scale-invariant feature transform (I-SIFT) algorithm which can accurately locate the embedding regions. As for the loss of image details caused by light source distortion and moire distortion, we put forward a small-size template algorithm to repeatedly embed the watermark into different regions, so that at least one complete information region can survive from distortions. At the extraction side, we designed a cross-validation-based extraction algorithm to cope with repeated embedding. The validity and correctness of the extraction method are verified by hypothesis testing. Furthermore, to boost the extraction speed, we proposed a SIFT feature editing algorithm to enhance the intensity of the keypoints, based on which, the extraction accuracy and extraction speed can be greatly improved. The experimental results show that the proposed watermarking scheme achieves high robustness for screen-shooting process. Compared with the previous schemes, our algorithm provides significant improvement in robustness for screen-shooting process and extraction efficiency.

Robust and distortion control dual watermarking in LWT domain using DCT and error correction code for color medical image

Abstract: This paper presents lifting wavelet transform (LWT) and discrete cosine transform (DCT) based robust watermarking approach for tele-health applications. For identity authentication, ‘signature watermark’ of size ‘64 × 64’ and ‘patient report’ of size ‘80’ characters are hiding into the host medical image. Further, the signature watermark is encrypted by message-digest (MD5) and ‘patient report’ is encoded by BCH error correcting code before embedding into the host image. Experimental demonstrations indicate that the method provides sufficient robustness and security against various attacks without significant distortion between cover and watermarked image. Further, our results proved that the method offer NC value more than 0.9214 for most of the considered attacks. Furthermore, it is evident from results our method shows the improvement in robustness to previously reported techniques under consideration while providing low computational complexity.

Robust Watermarking of Neural Network with Exponential Weighting

Abstract: Deep learning has been achieving top levels of performance in many tasks. However, since it is costly to train a deep learning model, neural network models must be treated as valuable intellectual properties. One concern arising from our current situation is that malicious users might redistribute proprietary models or provide prediction services using such models without permission. One promising solution to this problem is digital watermarking, which works by embedding a mechanism into the model so that the model owners can verify their ownership of the model externally. In this study, we present a novel attack method against such watermarks known as query modification and demonstrate that all currently existing watermarking methods are vulnerable to either query modification or other existing attack methods (such as model modification). To overcome these vulnerabilities, we then present a novel watermarking method that we have named exponential weighting and experimentally show that our watermarking method achieves high watermark verification performance even under malicious invalidation processing attempts by unauthorized service providers (such as model modification and query modification) without sacrificing the predictive performance of the neural network model itself.

A novel robust reversible watermarking scheme for protecting authenticity and integrity of medical images

Abstract: It is of great importance in telemedicine to protect authenticity and integrity of medical images. They are mainly addressed by two technologies, which are region of interest (ROI) lossless watermarking and reversible watermarking. However, the former causes biases on diagnosis by distorting region of none interest (RONI) and introduces security risks by segmenting image spatially for watermark embedding. The latter fails to provide reliable recovery function for the tampered areas when protecting image integrity. To address these issues, a novel robust reversible watermarking scheme is proposed in this paper. In our scheme, a reversible watermarking method is designed based on recursive dither modulation (RDM) to avoid biases on diagnosis. In addition, RDM is combined with Slantlet transform and singular value decomposition to provide a reliable solution for protecting image authenticity. Moreover, ROI and RONI are divided for watermark generation to design an effective recovery function under limited embedding capacity. Finally, watermarks are embedded into whole medical images to avoid the risks caused by segmenting image spatially. Experimental results demonstrate that our proposed lossless scheme not only has remarkable imperceptibility and sufficient robustness, but also provides reliable authentication, tamper detection, localization and recovery functions, which outperforms existing schemes for protecting medical images

A new DCT-based robust image watermarking method using teaching-learning-Based optimization

Abstract: Despite the passage of more than 20 years of raising the issue of watermarking by Tirkel, the researchers are still seeking to provide an approach more resistant than existing solutions. In this paper we proposed a new watermarking method that works on JPEG-YCbCr color space and the embedding operation is based on the relationships between the DCT coefficients. The JPEG-YCbCr is rescaling of YCbCr color space that has a good robustness against most of the attacks and it used in JPEG image format. Also the relationship between the DCT coefficients is stable against most of the changes in the host image. Therefore, the proposed method has more robustness compared to some other methods. On the other hand, many intelligent optimization methods are in use regarding the nature of the phenomenon simulated by the methods. Teaching-Learning-Based Optimization (TLBO) is a novel method of optimization which has become a hot issue in recent years. The algorithm works on the principle of teaching and learning, where teachers increase the knowledge of students and also the students learn from interaction among themselves. The proposed method uses TLBO which has been applied rarely so far in watermarking algorithms and it can automatically determine the embedding parameters and suitable position for inserting the watermark. Besides, in the object function of TLBO, ensuring higher imperceptibility and also robustness against Median filter and JPEG compression have been considered. According to the experimental results, the imperceptibility of watermarked images is satisfactory, and embedded watermark is extracted successfully even if the watermarked image is distorted by various attacks.

A Robust Watermarking Scheme in YCbCr Color Space Based on Channel Coding

Abstract: The rapid development of big data and cloud computing technologies greatly accelerate the spreading and utilization of images and videos. The copyright protection for images and videos is becoming increasingly serious. In this paper, we proposed the robust non-blind watermarking schemes in YCbCr color space based on channel coding. The source watermark image is encoded and singular value decomposed. Subsequently, the singular value matrixes are embedded into the Y, Cb, and Cr components of the host image after four-level discrete wavelet transform (DWT). The embedding factor for each component is calculated based on the just-noticeable distortion and the singular vectors of HL subband of DWT. The peak signal-to-noise ratio of the watermarked image and the normalized correlation coefficient of the extracted watermark are investigated. It is shown that the proposed channel coding-based schemes can achieve near exact watermark recovery against all kinds of attacks. Considering both robustness and transparency, the convolutional code-based additive embedding scheme is optimal, which can also achieve good performance for video watermarking after extension.

Design of Secure Image Fusion Technique Using Cloud for Privacy-Preserving and Copyright Protection

Abstract: Nowadays, the use of digital content or digital media is increasing day by day. Therefore, there is a need to protect the digital document from both unauthorized users and authorized users. The digital document should be protected from authorized users who try to redistribute it illegally. Digital watermarking techniques along with cryptography are insufficient to ensure an adequate level of security of digital media. The security of the transferring digital data in the modern world is also a big challenge because there is a high risk of security breaches. In this article, a secure technique of image fusion using hybrid domains (spatial and frequency) for privacy preserving and copyright protection is proposed. The proposed method provides a secure technique for the digital content in cloud environment. Two cloud services are used to develop this work, which eliminates the role of a trusted third party (TTP). First is the design of an infrastructure as a service (IaaS) to store different images with encryption processes to speed up the image fusion process and save storage space. Second, a Platform as a Service (PaaS) is used to enable the digital content to improve computation power and to increase the bandwidth. The prime objective of the proposed scheme is to transfer the digital media between a service provider and customer in a secure way using a hybrid domain along with cloud storage. Imperceptibility and robustness measures are used to calculate the performance of the proposed approach.

A Novel Two-stage Separable Deep Learning Framework for Practical Blind Watermarking

Abstract: As a vital copyright protection technology, blind watermarking based on deep learning with an end-to-end encoder-decoder architecture has been recently proposed. Although the one-stage end-to-end training (OET) facilitates the joint learning of encoder and decoder, the noise attack must be simulated in a differentiable way, which is not always applicable in practice. In addition, OET often encounters the problems of converging slowly and tends to degrade the quality of watermarked images under noise attack. In order to address the above problems and improve the practicability and robustness of algorithms, this paper proposes a novel two-stage separable deep learning (TSDL) framework for practical blind watermarking. Precisely, the TSDL framework is composed of noise-free end-to-end adversary training (FEAT) and noise-aware decoder-only training (ADOT). A redundant multi-layer feature encoding network is developed in FEAT to obtain the encoder, while ADOT is used to get the decoder which is robust and practical enough to accept any type of noise. Extensive experiments demonstrate that the proposed framework not only exhibits better stability, greater performance and faster convergence speed compared with current state-of-the-art OET methods, but is also able to resist high-intensity noises that have not been tested in previous works.

Attacks on Digital Watermarks for Deep Neural Networks

Abstract: Training deep neural networks is a computationally expensive task. Furthermore, models are often derived from proprietary datasets that have been carefully prepared and labelled. Hence, creators of deep learning models want to protect their models against intellectual property theft. However, this is not always possible, since the model may, e.g., be embedded in a mobile app for fast response times. As a countermeasure watermarks for deep neural networks have been developed that embed secret information into the model. This information can later be retrieved by the creator to prove ownership. Uchida et al. proposed the first such watermarking method. The advantage of their scheme is that it does not compromise the accuracy of the model prediction. However, in this paper we show that their technique modifies the statistical distribution of the model. Using this modification we can not only detect the presence of a watermark, but even derive its embedding length and use this information to remove the watermark by overwriting it. We show analytically that our detection algorithm follows consequentially from their embedding algorithm and propose a possible countermeasure. Our findings shall help to refine the definition of undetectability of watermarks for deep neural networks.

A Robust Multi-Watermarking Algorithm for Medical Images Based on DTCWT-DCT and Henon Map

Abstract: To resolve the contradiction between existing watermarking methods—which are not compatible with the watermark’s ability to resist geometric attacks—and robustness, a robust multi-watermarking algorithm suitable for medical images is proposed. First, the visual feature vector of the medical image was obtained by dual-tree complex wavelet transform and discrete cosine transform (DTCWT-DCT) to perform multi-watermark embedding and extraction. Then, the multi-watermark was pre-processed using the Henon map chaotic encryption technology to strengthen the security of watermark information, and combined with the concept of zero watermark to make the watermark able to resist both conventional and geometric attacks. Experimental results show that the proposed algorithm can effectively extract watermark information; it implements zero watermarking and blind extraction. Compared with existing watermark technology, it has good performance in terms of its robustness and resistance to geometric attacks and conventional attacks, especially in geometric attacks.

REFIT: a Unified Watermark Removal Framework for Deep Learning Systems with Limited Data

Abstract: Training deep neural networks from scratch could be computationally expensive and requires a lot of training data. Recent work has explored different watermarking techniques to protect the pre-trained deep neural networks from potential copyright infringements. However, these techniques could be vulnerable to watermark removal attacks. In this work, we propose REFIT, a unified watermark removal framework based on fine-tuning, which does not rely on the knowledge of the watermarks, and is effective against a wide range of watermarking schemes. In particular, we conduct a comprehensive study of a realistic attack scenario where the adversary has limited training data, which has not been emphasized in prior work on attacks against watermarking schemes. To effectively remove the watermarks without compromising the model functionality under this weak threat model, we propose two techniques that are incorporated into our fine-tuning framework: (1) an adaption of the elastic weight consolidation (EWC) algorithm, which is originally proposed for mitigating the catastrophic forgetting phenomenon; and (2) unlabeled data augmentation (AU), where we leverage auxiliary unlabeled data from other sources. Our extensive evaluation shows the effectiveness of REFIT against diverse watermark embedding schemes. In particular, both EWC and AU significantly decrease the amount of labeled training data needed for effective watermark removal, and the unlabeled data samples used for AU do not necessarily need to be drawn from the same distribution as the benign data for model evaluation. The experimental results demonstrate that our fine-tuning based watermark removal attacks could pose real threats to the copyright of pre-trained models, and thus highlight the importance of further investigating the watermarking problem and proposing more robust watermark embedding schemes against the attacks.

On the Robustness of the Backdoor-based Watermarking in Deep Neural Networks

Abstract: Obtaining the state of the art performance of deep learning models imposes a high cost to model generators, due to the tedious data preparation and the substantial processing requirements. To protect the model from unauthorized re-distribution, watermarking approaches have been introduced in the past couple of years. We investigate the robustness and reliability of state-of-the-art deep neural network watermarking schemes. We focus on backdoor-based watermarking and propose two -- a black-box and a white-box -- attacks that remove the watermark. Our black-box attack steals the model and removes the watermark with minimum requirements; it just relies on public unlabeled data and a black-box access to the classification label. It does not need classification confidences or access to the model's sensitive information such as the training data set, the trigger set or the model parameters. The white-box attack, proposes an efficient watermark removal when the parameters of the marked model are available; our white-box attack does not require access to the labeled data or the trigger set and improves the runtime of the black-box attack up to seventeen times. We as well prove the security inadequacy of the backdoor-based watermarking in keeping the watermark undetectable by proposing an attack that detects whether a model contains a watermark. Our attacks show that a recipient of a marked model can remove a backdoor-based watermark with significantly less effort than training a new model and some other techniques are needed to protect against re-distribution by a motivated attacker.

New Rapid and Robust Color Image Watermarking Technique in Spatial Domain

Abstract: In this paper, a novel spatial domain color image watermarking technique is proposed to rapidly and effectively protect the copyright of the color image. First, the direct current (DC) coefficient of 2D-DFT obtained in the spatial domain is discussed, and the relationship between the change of each pixel in the spatial domain and the change of the DC coefficient in the Fourier transform is proved. Then, the DC coefficient is used to embed and extract watermark in the spatial domain by the proposed quantization technique. The novelties of this paper include three points: 1) the DC coefficient of 2D-DFT is obtained in the spatial domain without of the true 2D-DFT; 2) the relationship between the change of each pixel in the image block and the change of the DC coefficient of 2D-DFT is found, and; 3) the proposed method has the short running time and strong robustness. The experimental results on two publicly available image databases (CVG-UGR and USC-SIPI) have shown that the proposed method not only has satisfied the needs of invisibility but also has better performance in terms of robustness and real-time feature, which show the proposed method has both advantages of spatial domain and frequency domain.

Improving the Robustness of Adaptive Steganographic Algorithms Based on Transport Channel Matching

Abstract: Moving steganography and steganalysis from the laboratory into the real world, the robustness of steganography needs to be further considered. In this paper, we propose a robust steganographic algorithm to resist the JPEG compression of transport channel based on transport channel matching. Transport channel matching can adjust images to meet the requirements of transport channel so that the impact of JPEG compression from the channel can be reduced. To improve the robustness of steganography, the embedded message bits will be encoded by the error correction code. Then, the adaptive steganographic algorithms will be used to embed messages. To enhance the coding rate, the error correction capability ${t}$ of the error correction code is dynamically adjusted according to the images. Experimental results on the local simulation of JPEG compression and social network site demonstrate that the proposed steganographic algorithm has a good performance with respect to both robustness and security.

Quantization based multiple medical information watermarking for secure e-health

Abstract: In this paper, an improved wavelet based medical image watermarking algorithm is proposed. Initially, the proposed technique decomposes the cover medical image into ROI and NROI regions and embedding three different watermarks into the non-region of interest (NROI) part of the transformed DWT cover image for compact and secure medical data transmission in E-health environment. In addition, the method addressing the problem of channel noise distortion may lead to faulty watermark by applying error correcting codes (ECCs) before embedding them into the cover image. Further, the bit error rates (BER) performance of the proposed method is determined for different kind of attacks including ‘Checkmark’ attacks. Experimental results indicate that the Turbo code performs better than BCH (Bose-Chaudhuri-Hochquenghem) error correction code. Furthermore, the experimental results validate the effectiveness of the proposed framework in terms of BER and embedding capacity compared to other state-of-the-art methods. Therefore, the proposed method finds potential application in prevention of patient identity theft in e-health applications.