Showing papers on "Digital watermarking published in 2020"

Adversarial Frontier Stitching for Remote Neural Network Watermarking

Abstract: The state-of-the-art performance of deep learning models comes at a high cost for companies and institutions, due to the tedious data collection and the heavy processing requirements. Recently, Nagai et al. (Int J Multimed Inf Retr 7(1):3–16, 2018), Uchida et al. (Embedding watermarks into deep neural networks, ICMR, 2017) proposed to watermark convolutional neural networks for image classification, by embedding information into their weights. While this is a clear progress toward model protection, this technique solely allows for extracting the watermark from a network that one accesses locally and entirely. Instead, we aim at allowing the extraction of the watermark from a neural network (or any other machine learning model) that is operated remotely, and available through a service API. To this end, we propose to mark the model’s action itself, tweaking slightly its decision frontiers so that a set of specific queries convey the desired information. In the present paper, we formally introduce the problem and propose a novel zero-bit watermarking algorithm that makes use of adversarial model examples. While limiting the loss of performance of the protected model, this algorithm allows subsequent extraction of the watermark using only few queries. We experimented the approach on three neural networks designed for image classification, in the context of MNIST digit recognition task.

Deep Reinforcement Learning for Resource Protection and Real-Time Detection in IoT Environment

Abstract: With the fast advancements of electronic chip technologies in the Internet of Things (IoT), it is urgent to address the copyright protection issue of intellectual property (IP) circuit resources of the electronic devices in IoT environments. In this article, a fast deep-reinforcement-learning (DRL)-based detection algorithm for virtual IP watermarks is proposed by combining the technologies of mapping function and DRL to preprocess the ownership information of the IP circuit resource. The deep $Q$ -learning (DQN) algorithm is used to generate the watermarked positions adaptively, making the watermarked positions secure yet close to the original design, turning the watermarked positions secure. An artificial neural network (ANN) algorithm is utilized for training the position distance characteristic vectors of the IP circuit, in which the characteristic function of the virtual position for IP watermark is generated after training. In IP ownership verification, the DRL model can quickly locate the range of virtual watermark positions. With the characteristic values of the virtual positions in each lookup table (LUT) area and surrounding areas, the mapping position relationship can be calculated in a supervised manner in the neural network, as the algorithm realizes the fast location of the real ownership information in an IP circuit. The experimental results show that the proposed algorithm can effectively improve the speed of watermark detection as also reducing the resource overhead. Besides, it also achieves excellent performance in security.

ReDMark: Framework for Residual Diffusion Watermarking based on Deep Networks

Abstract: Due to the rapid growth of machine learning tools and specifically deep networks in various computer vision and image processing areas, applications of Convolutional Neural Networks for watermarking have recently emerged. In this paper, we propose a deep end-to-end diffusion watermarking framework (ReDMark) which can learn a new watermarking algorithm in any desired transform space. The framework is composed of two Fully Convolutional Neural Networks with residual structure which handle embedding and extraction operations in real-time. The whole deep network is trained end-to-end to conduct a blind secure watermarking. The proposed framework simulates various attacks as a differentiable network layer to facilitate end-to-end training. The watermark data is diffused in a relatively wide area of the image to enhance security and robustness of the algorithm. Comparative results versus recent state-of-the-art researches highlight the superiority of the proposed framework in terms of imperceptibility, robustness and speed. The source codes of the proposed framework are publicly available at Github 1 .

KeySplitWatermark: Zero Watermarking Algorithm for Software Protection Against Cyber-Attacks

Abstract: Cyber-attacks are evolving at a disturbing rate. Data breaches, ransomware attacks, crypto-jacking, malware and phishing attacks are now rampant. In this era of cyber warfare, the software industry is also growing with an increasing number of software being used in all domains of life. This evolution has added to the problems of software vendors and users where they have to prevent a wide range of attacks. Existing watermark detection solutions have a low detection rate in the software. In order to address this issue, this paper proposes a novel blind Zero code based Watermark detection approach named KeySplitWatermark, for the protection of software against cyber-attacks. The algorithm adds watermark logically into the code utilizing the inherent properties of code and gives a robust solution. The embedding algorithm uses keywords to make segments of the code to produce a key-dependent on the watermark. The extraction algorithms use this key to remove watermark and detect tampering. When tampering increases to a certain user-defined threshold, the original software code is restored making it resilient against attacks. KeySplitWatermark is evaluated on tampering attacks on three unique samples with two distinct watermarks. The outcomes show that the proposed approach reports promising results against cyber-attacks that are powerful and viable. We compared the performance of our proposal with state-of-the-art works using two different software codes. Our results depict that KeySplitWatermark correctly detects watermarks, resulting in up to 15.95 and 17.43 percent reduction in execution time on given code samples with no increase in program size and independent of watermark size.

Entangled Watermarks as a Defense against Model Extraction

Abstract: Machine learning involves expensive data collection and training procedures. Model owners may be concerned that valuable intellectual property can be leaked if adversaries mount model extraction attacks. As it is difficult to defend against model extraction without sacrificing significant prediction accuracy, watermarking instead leverages unused model capacity to have the model overfit to outlier input-output pairs. Such pairs are watermarks, which are not sampled from the task distribution and are only known to the defender. The defender then demonstrates knowledge of the input-output pairs to claim ownership of the model at inference. The effectiveness of watermarks remains limited because they are distinct from the task distribution and can thus be easily removed through compression or other forms of knowledge transfer. We introduce Entangled Watermarking Embeddings (EWE). Our approach encourages the model to learn features for classifying data that is sampled from the task distribution and data that encodes watermarks. An adversary attempting to remove watermarks that are entangled with legitimate data is also forced to sacrifice performance on legitimate data. Experiments on MNIST, Fashion-MNIST, CIFAR-10, and Speech Commands validate that the defender can claim model ownership with 95\% confidence with less than 100 queries to the stolen copy, at a modest cost below 0.81 percentage points on average in the defended model's performance.

Distortion Agnostic Deep Watermarking

Abstract: Watermarking is the process of embedding information into an image that can survive under distortions, while requiring the encoded image to have little or no perceptual difference with the original image. Recently, deep learning-based methods achieved impressive results in both visual quality and message payload under a wide variety of image distortions. However, these methods all require differentiable models for the image distortions at training time, and may generalize poorly to unknown distortions. This is undesirable since the types of distortions applied to watermarked images are usually unknown and non-differentiable. In this paper, we propose a new framework for distortion-agnostic watermarking, where the image distortion is not explicitly modeled during training. Instead, the robustness of our system comes from two sources: adversarial training and channel coding. Compared to training on a fixed set of distortions and noise levels, our method achieves comparable or better results on distortions available during training, and better performance overall on unknown distortions.

An efficient watermarking technique for tamper detection and localization of medical images

Abstract: With the exponential rise of multimedia technology and networked infrastructure, electronic healthcare is coming up a big way. One of the most important challenges in an electronic healthcare setup is the authentication of medical images, received by an expert at a far-off location from the sender. With an aim to address the critical authentication issue, this paper presents a fragile watermarking technique capable of tamper detection and localization in medical/general images. We divide the cover image into 4 × 4 non overlapping pixel blocks; with each block further sub-divided into two 4 × 2 blocks, called as Upper Half Block (UHB) and Lower Half Block (LHB). The information embedded in LHB facilitates tamper detection while as that embedded in UHB facilities tamper localization. The experimental results show that, in addition to tamper detection and localization capability, the proposed technique has lesser computational complexity when compared to other state-of-art techniques. Further, the proposed scheme results in average PSNR of 51.26 dB for a payload of one bit per pixel (1bpp) indicating that the watermarked images obtained are of high visual quality.

Chaotic based secure watermarking approach for medical images

Abstract: In this paper, a chaotic based secure medical image watermarking approach is proposed. The method is using non sub-sampled contourlet transform (NSCT), redundant discrete wavelet transform (RDWT) and singular value decomposition (SVD) to provide significant improvement in imperceptibility and robustness. Further, security of the approach is ensured by applying 2-D logistic map based chaotic encryption on watermarked medical image. In our approach, the cover image is initially divided into sub-images and NSCT is applied on the sub-image having maximum entropy. Subsequently, RDWT is applied to NSCT image and the singular vector of the RDWT coefficient is calculated. Similar procedure is followed for both watermark images. The singular value of both watermarks is embedded into the singular matrix of the cover. Experimental evaluation shows when the approach is subjected to attacks, using combination of NSCT, RDWT, SVD and chaotic encryption it makes the approach robust, imperceptible, secure and suitable for medical applications.

A block-based RDWT-SVD image watermarking method using human visual system characteristics

Abstract: With the rapid growth of internet technology, image watermarking method has become a popular copyright protection method for digital images. In this paper, we propose a watermarking method based on $$4\times 4$$ image blocks using redundant wavelet transform with singular value decomposition considering human visual system (HVS) characteristics expressed by entropy values. The blocks which have the lower HVS entropies are selected for embedding the watermark. The watermark is embedded by examining $$U_{2,1}$$ and $$U_{3,1}$$ components of the orthogonal matrix obtained from singular value decomposition of the redundant wavelet transformed image block where an optimal threshold value based on the trade-off between robustness and imperceptibility is used. In order to provide additional security, a binary watermark is scrambled by Arnold transform before the watermark is embedded into the host image. The proposed scheme is tested under various image processing, compression and geometrical attacks. The test results are compared to other watermarking schemes that use SVD techniques. The experimental results demonstrate that our method can achieve higher imperceptibility and robustness under different types of attacks compared to existing schemes. Our method provides high robustness especially under image processing attacks, JPEG2000 and JPEG XR attacks. It has been observed that the proposed method achieves better performance over the recent existing watermarking schemes.

Digital Image Watermarking Techniques: A Review

Abstract: Digital image authentication is an extremely significant concern for the digital revolution, as it is easy to tamper with any image. In the last few decades, it has been an urgent concern for researchers to ensure the authenticity of digital images. Based on the desired applications, several suitable watermarking techniques have been developed to mitigate this concern. However, it is tough to achieve a watermarking system that is simultaneously robust and secure. This paper gives details of standard watermarking system frameworks and lists some standard requirements that are used in designing watermarking techniques for several distinct applications. The current trends of digital image watermarking techniques are also reviewed in order to find the state-of-the-art methods and their limitations. Some conventional attacks are discussed, and future research directions are given.

Secure data hiding techniques: a survey

Abstract: This article presents a detailed discussion of different prospects of digital image watermarking. This discussion of watermarking included: brief comparison of similar information security techniques, concept of watermark embedding and extraction process, watermark characteristics and applications, common types of watermarking techniques, major classification of watermarking attacks, brief summary of various secure watermarking techniques. Further, potential issues and some existing solutions are provided. Furthermore, the performance comparisons of the discussed techniques are presented in tabular format. Authors believe that this article contribution will provide as catalyst for potential researchers to implement efficient watermarking systems.

An effective fragile watermarking scheme for color image tampering detection and self-recovery

Abstract: In this paper, a fragile watermarking scheme for color-image authentication and self-recovery is proposed. Original image is divided into non-overlapping blocks, and for each i -th block, the watermarks used for recovery and authentication are generated, which are embedded into a different block according to an embedding sequence given by a permutation process. The designed scheme embeds the watermarks generated by each block within the 2-LSB, where a bit-adjustment phase is subsequently applied to increase the quality of the watermarked image. In order to increase the quality of the recovered image, we use in the post-processing stage the bilateral filter that efficiently suppresses noise preserving image edges. Additionally, in the tamper detection process high accuracy is achieved employing a hierarchical tamper detection algorithm. Finally, to solve tampering coincidence problem, three recovery watermarks are embedded in different positions to reconstruct a specific block, and a proposed inpainting algorithm is implemented to regenerate those regions affected by this problem. Simulation results demonstrate that the watermarked images appear to demonstrate higher quality, and the proposed novel scheme can reconstruct the alteration of extremely high rates (up to 80%), obtaining good quality for altered regions that are self-recovered with higher visual performance compared with a similar scheme from state of the-art methods.

Wavelet Based Digital Watermarking Scheme for Medical Images

Abstract: The transfer of medical images between hospitals is become a normal exercise for better decision making. Digital watermarking has played a very significant role in medical sciences for diagnosis and medication to protect reliability, availability, and confidentiality. Several methods are proposed for medical images using the spatial and transform domain. However, the data falsification ratio is high in the existing mechanisms while exchanging medical images. Hence, we suggest a wavelet based digital watermarking scheme for medical images using three level DWT and BCH coding, which can be used to the medical practitioners for accurate decisions. Security analysis of our proposed work has been done for security assessment, and performance results are discussed to confirm its implementation feasibility in medical sector.

Digital watermarking techniques for image security: a review

Abstract: Multimedia technology usages is increasing day by day and to provide authorized data and protecting the secret information from unauthorized use is highly difficult and involves a complex process. By using the watermarking technique, only authorized user can use the data. Digital watermarking is a widely used technology for the protection of digital data. Digital watermarking deals with the embedding of secret data into actual information. Digital watermarking techniques are classified into three major categories, and they were based on domain, type of document (text, image, music or video) and human perception. Performance of the watermarked images is analysed using Peak signal to noise ratio, mean square error and bit error rate. Watermarking of images has been researched profoundly for its specialized and modern achievability in all media applications such as copyrights protection, medical reports (MRI scan and X-ray), annotation and privacy control. This paper reviews the watermarking technique and its merits and demerits.

Color image watermarking based on orientation diversity and color complexity

Abstract: The Just Noticeable Distortion (JND) can reliably measure the perceptual strength in image watermarking, but, it remains a challenge to computationally model the process of embedding watermark without prior knowledge of the image contents. This paper proposed a novel color image watermarking scheme in discrete cosine transform (DCT) domain based on JND, which takes both orientation diversity and color complexity features into account. Firstly, two indicator was introduced which take into account the differences in the texture types and orientation diversity of the Human Visual System (HVS) in the proposed JND contrast masking (CM) processing. In addition, a novel color complexity weight from Cb-channel is used to guarantee the scheme robustness. Then, a novel JND model combined with the proposed contrast masking and color complexity is applied into quantization watermarking scheme. Compared with the state-of-the-art methods for color image watermarking, experimental results using publicly available images show that our proposed scheme is reliable and effective.

Hybrid Watermarking Algorithm Using Clifford Algebra With Arnold Scrambling and Chaotic Encryption

Abstract: With the widespread use of color images, the copyright protection of those images using watermarks is one of the latest research topics. The use of color images as watermarks has advantages over binary and irreplaceable grayscale images. Color images are intuitive, rich, and lively; they have large amounts of copyright protection information and more easily recognized by human vision. To improve the security of watermark information and embedding positions and improve the algorithm’s robustness against various attacks, a Quaternion Fourier transform (QFT) based algorithm, based on Arnold transform and chaotic encryption, is proposed in this paper. Geometric algebra (GA) can deal with color images in vector form with each component of RGB handled individually. We used Quaternion, which is a sub-algebra of GA, and effectively handled color image processing by using Fourier transformation. After deriving the calculation process of the QFT with strong security by Arnold scrambling and chaotic encryption, this paper proposes a digital watermarking algorithm that resists geometric attacks by using color images as carriers. The robustness and quality of the proposed watermarking algorithm is tested with different with many statistical measures. Experimental outcomes show that the proposed approach is the best to solve conflict problems between quality and robustness. Also, the proposed approach exhibits worthy robustness against many attacks, such as, conventional attacks, and geometrical attacks.

A Recent Survey on Multimedia and Database Watermarking

Abstract: In today’s digital era, it is very easy to copy, manipulate and distribute multimedia data over an open channel. Copyright protection, content authentication, identity theft, and ownership identification have become challenging issues for content owners/distributors. Off late data hiding methods have gained prominence in areas such as medical/healthcare, e-voting systems, military, communication, remote education, media file archiving, insurance companies, etc. Digital watermarking is one of the burning research areas to address these issues. In this survey, we present various aspects of watermarking. In addition, various classification of watermarking is presented. Here various state-of-the-art of multimedia and database watermarking is discussed. With this survey, researchers will be able to implement efficient watermarking techniques for the security of multimedia and database.

Multiple Robustness Enhancements for Image Adaptive Steganography in Lossy Channels

Abstract: Considering that traditional image steganography technologies suffer from the potential risk of failure under lossy channels, an enhanced adaptive steganography with multiple robustness against image processing attacks is proposed, while maintaining good detection resistance. First, a robust domain constructing method is proposed utilizing robust element extraction and optimal element modification, which can be applied to both spatial and JPEG images. Then, a robust steganography is proposed based on “Robust Domain Constructing + RS-STC Codes,” combined with cover selection, robust cover extraction, message coding, and embedding with minimized costs. In addition, to provide a theoretical basis for message extraction integrity, the fault tolerance of the proposed algorithm is deduced using error model based on burst errors and decoding damage. Finally, on the basis of parameter discussion about robust domain construction, performance experiments are conducted, and the recommended coding parameters are given for lossy channels with different attacks using the analytic results for fault tolerance. A series of experimental results demonstrate that the proposed algorithm can extract embedded messages with significantly higher accuracy after different attacks, such as compression, noising, scaling and other attacks, compared with the state-of-the-art adaptive steganography, and robust watermarking algorithms, while maintaining good detection resistant performance.

A New Chaotic Image Watermarking Scheme Based on SVD and IWT

Abstract: Image watermarking schemes based on singular value decomposition (SVD) have become popular due to a good trade-off between robustness and imperceptibility. However, the false positive problem (FPP) is the main drawback of SVD-based watermarking schemes. The singular value is the main cause of FPP issues because it a fixed value that does not hold structural information of an image. In this paper, a new SVD-based image watermarking scheme that uses a chaotic map is proposed to overcome this issue. The secret key is first extracted from both the host and watermark image. This key is used to generate a new chaotic matrix and chaotic multiple scaling factors (CMSF) to increase the sensitivity of the proposed scheme. The watermark image is then transformed based on the chaotic matrix before being directly embedded into the singular value of the host image by using the CMSF. The extracted secret key is unique to the host and the watermark images, which improves security and overcomes FPP issues. Experimental results show that the proposed scheme fulfils all watermarking requirements in terms of robustness, imperceptibility, security, and payload. Furthermore, it achieves high robustness with different scaling factors, and outperforms several existing schemes.

Joint Watermarking-Encryption-JPEG-LS for Medical Image Reliability Control in Encrypted and Compressed Domains

Abstract: In this paper, we propose the first joint watermarking-encryption-compression scheme for the purpose of protecting of medical images. The main originality of this scheme stands on its ability to give access to watermarking-based security services from both encrypted and compressed image bitstreams without having to decrypt or to decompress them, even partially. More clearly, there is no need neither to decrypt the encrypted image bitstream nor to decode the compressed image bitstream in order to extract watermarks. A second contribution is that it combines in a single algorithm the bit substitution watermarking modulation with JPEG-LS and the AES block cipher algorithm in its CBC mode. On their side, decompression, decryption and message extraction are conducted separately. Doing so makes our scheme compliant to the medical image standard DICOM. This scheme allows tracing images and controlling their reliability (i.e. based on proofs of image integrity and authenticity) either from the encrypted domain or from the compressed one. Experiments conducted on broad sets of Retina and ultrasound medical images demonstrate the capability of our system to securely make available a message in both encrypted and compressed domains while minimizing image distortion. Achieved watermarking capacities are large enough to support several watermarking-based security services at the same time.

SVM-based robust image watermarking technique in LWT domain using different sub-bands

Abstract: In this paper, a robust image watermarking system in lifting wavelet transform domain using different sub-bands has been proposed. SVM classifier is used during watermark extraction to obtain improved robustness under diverse attack conditions. In this work, a detailed analysis of imperceptibility and robustness performance with the use of different sub-bands has been presented. The performance on different sub-band has been analyzed so as to maximize the robustness against different attacks keeping imperceptibility at adequate level. Robustness is observed against various attacks such as noising attacks, denoising attacks, image processing attacks, lossy compression attacks and geometric attacks. It is seen that high-frequency sub-band provides better invisibility, whereas variation of robustness performance on different sub-bands depend on the type of attacks. It is observed from the performance analysis that all the attacks do not have exactly same effect on the frequency content of the image. For instance, noising attack affects every frequency component of the image almost equally, whereas the embedding in high-frequency band makes the system fragile to lossy compression attack. The algorithm is tested on a large image database to observe the variation in the performance of the system. Comparative analysis suggests that the proposed sub-band provides improved performance over some benchmark methods in most of the cases.

Model Watermarking for Image Processing Networks.

Abstract: Deep learning has achieved tremendous success in numerous industrial applications. As training a good model often needs massive high-quality data and computation resources, the learned models often have significant business values. However, these valuable deep models are exposed to a huge risk of infringements. For example, if the attacker has the full information of one target model including the network structure and weights, the model can be easily finetuned on new datasets. Even if the attacker can only access the output of the target model, he/she can still train another similar surrogate model by generating a large scale of input-output training pairs. How to protect the intellectual property of deep models is a very important but seriously under-researched problem. There are a few recent attempts at classification network protection only.In this paper, we propose the first model watermarking framework for protecting image processing models. To achieve this goal, we leverage the spatial invisible watermarking mechanism. Specifically, given a black-box target model, a unified and invisible watermark is hidden into its outputs, which can be regarded as a special task-agnostic barrier. In this way, when the attacker trains one surrogate model by using the input-output pairs of the target model, the hidden watermark will be learned and extracted afterward. To enable watermarks from binary bits to high-resolution images, both traditional and deep spatial invisible watermarking mechanism are considered. Experiments demonstrate the robustness of the proposed watermarking mechanism, which can resist surrogate models learned with different network structures and objective functions. Besides deep models, the proposed method is also easy to be extended to protect data and traditional image processing algorithms.