The present invention relates broadly to a method and system for protecting a digital image, to a method and system for authenticating a digital image, to a computer readable data storage medium having stored thereon computer program code means for instructing a computer to execute a method of protecting a digital image, and to a computer readable data storage medium having stored thereon computer program code means for instructing a computer to execute a method of authenticating a digital image
Stemmed from traditional cryptography, the requirements for preventing two kinds of frauds are usually expected for the purposes of content-based authentication. One is to prevent the forging from the recipient to make his attacks pass the authentication. The other is to prevent repudiation of the transmission of the content by the owner. Once you sign on it, you cannot deny it anymore. Based on these two requirements mentioned above, the state-of-art techniques for protecting images such as JPEG2000 images against unauthorized modifications can mainly be categorized into two classes: watermarking-based authentication and signature-based authentication.
Refer to
Refer to
In providing an authentication solution for e.g. JPEG2000, the following requirements may be considered: secure to prevent the two main attacks on image integrity and source verification, robust to tame some incidental distortions such as format conversion and transcoding, minimum or zero extra storage, etc. Another practical yet very important issue for authentication may be how to define the expected authentication strength for content.
In accordance with a first aspect of the present invention there is provided a method of protecting a digital image, the method comprising extracting feature values from the digital image based on a selected authentication bit-rate; embedding data corresponding to the feature values as a watermark into the digital image; and creating an image signature based on the data corresponding to the feature values.
The method may further comprise the step of selecting a desired authentication robustness level, and error correcting coding the extracted feature values prior to embedding the data corresponding to the feature values into the digital image.
The feature values from each of a plurality of codeblocks of the original digital image may be thresholded and coded to create the data corresponding to the feature values.
The coding of the thresholded feature values may comprise ECC coding to generate parity check bits (PCBs) as the data corresponding to the feature values.
The method may further comprise applying ECC coding again to the PCBs to generate the data corresponding to the feature values.
The creating of the image signature may comprise applying a cryptographic hashing function to a bit sequence representing the data corresponding to the feature values.
The creating of the image signature may comprise utilising a private key.
The method may further comprise distributing the digital image, including the embedded data, as the authentic digital image.
The method may further comprise coding the digital image, including the embedded data, utilising JPEG2000 compression.
The extracting of the feature values, the embedding of the data corresponding to the feature values, and the creating of the image signature may be performed as part of the JPEG 2000 coding.
In accordance with a second aspect of the present invention there is provided a method of authenticating a digital image, the method comprising extracting data embedded as a watermark in the digital image; extracting feature values from the digital image at a selected authentication bit-rate; processing the extracted data and extracted feature values to derive data corresponding to original feature values; and comparing the derived data corresponding to the original feature values with reference data derived from an image signature associated with the digital image.
The deriving of the data corresponding to the original feature values may comprise error correcting coding the extracted data and extracted feature values.
The extracted data and extracted feature values from each of a plurality of codeblocks of the digital image may be decoded to derive the data corresponding to the original feature values.
The extracted data may comprise PCBs, and the decoding of the extracted data and extracted feature values comprises ECC decoding.
The method may further comprise applying ECC decoding twice to the extracted data.
The method may further comprise applying a cryptographic technique to the image signature to derive a bit sequence representing the reference data.
The method may further comprise applying a public key to process the image signature for deriving the reference data.
The method may further comprise receiving the digital image as a coded digital image.
The digital image may be coded utilising JPEG2000.
The extracting of the data embedded as a watermark, the extracting of the feature values from the digital image, the processing of the extracted data and extracted feature values to derive data corresponding to original feature values, and the comparing of the derived data corresponding to the original feature values with the reference data may be performed as part of the JPEG 2000 de-coding.
In accordance with a third aspect of the present invention there is provided a system for protecting a digital image, the system comprising a feature value extractor device for extracting feature values from the digital image based on a selected authentication bit-rate; a watermarking device for embedding data corresponding to the feature values as a watermark into the digital image; and a processor device for creating an image signature based on the data corresponding to the feature values.
In accordance with a fourth aspect of the present invention there is provided a computer readable data storage medium having stored thereon computer program code means for instructing a computer to execute a method of protecting a digital image, the method comprising extracting feature values from the digital image based on a selected authentication bit-rate; embedding data corresponding to the feature values as a watermark into the digital image; and creating an image signature based on the data corresponding to the feature values.
In accordance with a fifth aspect of the present invention there is provided a system for authenticating a digital image, the system comprising an extraction device for extracting data embedded as a watermark in the digital image; a feature value extractor device for extracting feature values from the digital image based on a selected authentication bit-rate; a processor device for processing the extracted data and the extracted feature values to derive data corresponding to original feature values and for comparing the derived data corresponding to the original feature values with reference data derived from an image signature associated with the digital image.
In accordance with a sixth aspect of the present invention there is provided a computer readable data storage medium having stored thereon computer program code means for instructing a computer to execute a method of authenticating a digital image, the method comprising extracting data embedded as a watermark in the digital image; extracting feature values from the digital image based on a selected authentication bit-rate; processing the extracted data and extracted feature values to derive data corresponding to original feature values; and comparing the derived data corresponding to the original feature values with reference data derived from an image signature associated with the digital image.
Embodiments of the invention will be better understood and readily apparent to one of ordinary skill in the art from the following written description, by way of example only, and in conjunction with the drawings, in which:
A system and framework for authenticating JPEG2000 images in an example embodiment of the invention with a pre-specified authentication bit-rate (ABR) includes selecting ABR for the given image, selecting the desired authentication robustness level, encoding it according to the appropriate JPEG2000 procedure and parameters, generating the content-based signatures with the given ABR, watermarking error correction codes back to the given image, and sending the watermarked JPEG2000 image together with its digital signature to the recipient for future verification. The example embodiment is not only compatible with Public Key Infrastructure (PKI) but also robust and flexible in typical JPEG2000 image related operations such as lossless-to-lossy mode switching, multi-cycle compression and transcoding (truncation and parsing).
As mentioned above, one obstacle which affects current authentication systems is that it is very difficult to well define to what extent to authenticate the content If one needs to compress the content, several options to control the target compression quality such as either compression bit-rate, or target compressed file size in bytes or compression visual quality etc are typically given. It would be advantageous if similar functionalities are provided in the content authentication system. The example embodiment seeks to provide this functionality. It is worthy noting here that although the authentication could be also measured by quantization step size, because of a large diversity of content, furthermore, usually the content will be stored in compressed form which is done by both quantization and entropy coding, the quantization-based measure for authentication is still not well descriptive and explicit.
An authentication system in the example embodiment is illustrated in
The process for lossy semi-fragile content-based image authentication in the example embodiment will now be described. The lossless semi-fragile content-based image authentication in the example embodiment will not be described in detail, however, it will be appreciated by a person skilled in the art that those authentication are very similar, and instructions to implement one enables the person skilled in the art to implement the other. More specifically, lossy authentication utilises lossy watermarked embedding, whereas lossless authentication uses lossless watermarked embedding.
In the examples embodiment, signature generation/verification modules are mainly employed for content signing and authentication. Watermark embedding/extraction modules are only used for embedding and extracting ECC check information. Instead of directly sending an original image to recipients, only the watermarked copy is send together with one signed digital signature whose length is usually very short (the signature size is only around 1024 bits regardless of the original image size).
Refer to
The embedded watermark is preferably robust enough for extraction from received images under acceptable manipulations. Since incidental changes to the embedded watermarks might occur, ECC is applied in the examples embodiment again before the PCB data are embedded. The watermark data for each block are embedded into either the same block or a different block. The watermark embedding location may also be determined based on the LABR value 404. Note only the PCB data 428 (not including the feature codes) are embedded in the watermarking process of the example embodiment. All codewords 432 (features together with their corresponding PCBs) from all resolution levels and all subbands are concatenated and the resulting bit sequence is hashed by a cryptographic hashing function such as MD5 or SHA-1, 434. The generated semi-fragile hash value can then be signed 436 using the content sender's private key 406 to form the crypto signature 408. Differing from a data-based signature scheme in which the original data are sent to the recipients associated with its signature, in the example embodiment the watermarked image is send to the recipients instead of sending the original image 400.
Refer to
First, calculate the syndrome of the codeword block by block to see whether any blocks exist whose codewords are uncorrectable. If yes, then we claim the image is unauthentic and use the above ECC checking process to display alteration locations. If all codewords are correctable (i.e. errors in any feature code are correctable by its PCB), we repeat the same process as the source site: concatenate all corrected codewords into a global sequence and cryptographically hash 520 the result sequence. The final verification result is then concluded through a bit-by-bit comparison 524 between these two hashed sets (i.e., one is this new generated and the other is decrypted 526 from the associated signature 502 by the obtained public key 504): if any single bit differs, the verifier will deem the image unacceptable (“unauthentic”).
The procedure of signature generation and watermark embedding in the example embodiment involves:
Selecting the authentication robustness levels: fragile, semi-fragile with lossless data hiding and semi-fragile with lossy data hiding.
JPEG2000 encoding the image based on coding parameters such as progression order, compression bit-rate, etc.
Generating the content-based features with the given Authentication Bit-Rate (ABR).
Employing error correcting coding scheme to tame the feature perturbations caused by some incidental noises or embedded watermarks, if semi-fragile authentication is selected.
Embedding the PCBs of all ECC codewords back to the image as watermarks. Here, either lossy or lossless embedding is utilised, depending on whether semi-fragile lossless or lossy data hiding is chosen as the authentication robustness level.
Applying crypto hash on all ECC codewords.
Using image owner's private key to sign on the hash value and obtain the image signature.
The procedure of watermark extraction and signature verification in the example embodiment involves:
Selecting the authentication robustness levels: fragile, semi-fragile with lossless data hiding and semi-fragile with lossy data hiding.
Generating the content-based features with the given authentication bit-rate from the decoded JPEG2000 image or encoding JPEG2000 image.
Extracting the said watermarks from the image content. If the watermarking is lossless and no truncation is applied into JPEG2000 image, recover the JPEG2000 image if necessary.
Employing error correcting coding scheme on the generated features and extracted watermarks. If ECC fails, indicate the locations as possible attacks. Otherwise Applying crypto hash on all ECC codewords.
Decrypting the associated image signature and obtain another set of hash
Bit-bit comparison between these two hashes: if one bit difference exists, the image is deemed as unauthentic.
The method and system of the example embodiment can be implemented on a computer system 800, schematically shown in
The computer system 800 comprises a computer module 802, input modules such as a keyboard 804 and mouse 806 and a plurality of output devices such as a display 808, and printer 810.
The computer module 802 is connected to a computer network 812 via a suitable transceiver device 814, to enable access to e.g. the Internet or other network systems such as Local Area Network (LAN) or Wide Area Network (WAN).
The computer module 802 in the example includes a processor 818, a Random Access Memory (RAM) 820 and a Read Only Memory (ROM) 822. The computer module 802 also includes a number of Input/Output (I/O) interfaces, for example I/O interface 824 to the display 808, and I/O interface 826 to the keyboard 804.
The components of the computer module 802 typically communicate via and interconnected bus 828 and in a manner known to the person skilled in the relevant art.
The application program is typically supplied to the user of the computer system 800 encoded on a data storage medium such as a CD-ROM or floppy disk and read utilising a corresponding data storage medium drive of a data storage device 830. The application program is read and controlled in its execution by the processor 818. Intermediate storage of program data maybe accomplished using RAM 820.
The embodiment described may provide a system and method for content-based authentication against unauthorized modifications of the JPEG2000.
A system and method for authenticating JPEG2000 image in the embodiment described includes: selecting ABR for the given image, selecting the desired authentication robustness level, encoding it according to the appropriate JPEG2000 procedure and parameters, generating the content-based signatures with the given ABR, watermarking error correction codes back to the given image, finally sending the watermarked JPEG2000 image associated with its digital signature to the recipient for future verification.
Typical applications of the authentication framework of the embodiment described include, but are not limited to:
Content streaming: Protecting the integrity of the streamed content under given authentication bit-rate. The streaming could be done in several ways such as streaming the content into a buffer with bit-rate A later streaming it into the client with bit-rate B. As long as the all streamed bit-rates in terms of the original file size are greater than the said authentication bit-rate, the streamed content should be protected against unauthorized modifications.
Content transformation in different domains: Given the authentication bit-rate, the content to be protected may undergo some practical transformations among different domains such as digital-to-analog and analog-to-digital. By using ECC scheme, the transformed content should be protected against unauthorized modifications as long as the bit-rate of transformed content is still greater than authentication bit-rate.
Embodiments of the invention may provide a systematic and quantitative way for authenticating multimedia content by casting the content into a finer representation in terms of ABR. This then brings much convenience for the authentication applications by simply keying in one parameter-authentication bit-rate to protect the content.
Embodiments of the invention may also provide a framework for meeting different authentication requirements from real applications by employing different signing modules (fragile, lossless and lossy) which is in line with different JPEG2000 coding settings.
Embodiments of the invention may also provide an ECC-based solution for tackling the perturbation problem of extracted features caused by some incidental distortions as well as watermarking. Furthermore, the invention can be incorporated into PKI without any modifications in terms of system protocols.
It will be appreciated by a person skilled in the art that numerous variations and/or modifications may be made to the present invention as shown in the specific embodiments without departing from the spirit or scope of the invention as broadly described. The present embodiments are, therefore, to be considered in all respects to be illustrative and not restrictive.
Filing Document | Filing Date | Country | Kind | 371c Date |
---|---|---|---|---|
PCT/SG04/00312 | 9/24/2004 | WO | 2/27/2007 |
Number | Date | Country | |
---|---|---|---|
60506315 | Sep 2003 | US |