Watermarking Overview 충북대학교 전기전자컴퓨터공학부 정보통신공학 강 현 수

순서 강인성 기반 워터마킹 인증을 위한 워터마킹 Robust watermarking 일반적인 워터마킹 기법 Fragile watermarking

강인성 기반 워터마킹

배경 필 요 성 기존의 디지털 영상의 정보 보호 방법 데이터의 디지털화로 내용을 쉽게 변형 및 복제 가능 디지털데이터는 원본과 복사본의 구분이 불가능 소유권과 저작권의 보호문제가 심각하게 Ex. MP3: 저작권문제 해결없이 대중화, 해결노력 기존의 디지털 영상의 정보 보호 방법 공개키 암호화 알고리즘을 이용하여 암호화 후 전송. 허가된 사용자만이 데이터를 사용 가능. 암호화로 인한 데이터크기 증가 및 복호화후 도용 무방비. 소유권 & 저작권을 효율적으로 보호하는 방법 필요

배경 Watermarking & Watermark ? WM에 싣는 정보 기능 MM 저작물에 지적 소유권자의 마크를 삽입하는 기술 삽입되는 마크를 watermark라 함. 저작권 보호를 위해 MM에 심어 두는 감지되지 않는 신호 WM에 싣는 정보 제작자, 소유자, 판매자, 거래자의 고유번호 등  불법 유통시 역추적가능 기능 저작물의 소유권 보호 데이터 인증: 변조가 없었음을 보장 소유권 확인 무단 배포 방지 & 불법 배포자 확인

워터마크의 구비조건 Imperceptibility (무감지성) Robustness (강인성) Security (보안성) 워터마크의 삽입이 저작물의 품질을 저하시켜서는 안됨. Robustness (강인성) WM가 삽입된 영상은 의도 또는 비의도적 영상 변형에 의해 삭제 불가능해야 함. 영상정보의 중요 부분에 삽입, WM 제거시 심각한 화질저하 발생 Security (보안성) WM 삽입 과정이 알려진다 하더라도 key 를 모르는 상태에서는 불법적인 WM 삭제 불가능

워터마크의 구비조건 Unambiguousness (명확성) WM 삽입 영상에 대해 명확한 소유권 증명 방법이 있어야함. 서명영상에 대해 제3의 서명공격에 강해야 함. Low decision error probability (낮은 검출 오류 확률) 현재 개발된 기법들은 충분히 낮은 확률을 가짐. 한편, 극히 작은 오차일지라도 법적으로 문제가 심각 Fast watermark detection (워터마크의 빠른 검출) 삽입시 계산량은 중요하지 않지만, 검출시 계산량은 작아야함  Web Searching을 통한 불법 저작물의 체크 비용 감소 한편, 방송의 경우 삽입시 계산량도 중요함.

워터마킹의 예 Watermarking by Cox method (=0.15, number=1000) watermarked image: PSNR=33.2 dB, corre_coeff=0.9621 original image

알고리즘 (1) 현재 가장 널리 사용하는 WM 기법 가정 Spread Spectrum 원리에 기반한 방법 (I. J. Cox) 워터마크 = 백색잡음 (white noise) 워터마크의 삽입 x(n): original signal, y(n): watermarked signal

알고리즘 (2) 워터마크 검출-TYPE 1 or non-blind method 원신호의 차신호 이용 X x(n) w(n) d(n) + - decision by thresholding correlator No attack의 경우 r(n) = x(n)+w(n)

알고리즘 (3) 워터마크 검출-TYPE 1 no attack

알고리즘 (4) 워터마크 검출-TYPE 2 or blind method 원신호의 차신호 이용하지 않음 X correlator r(n) w(n) d(n) decision by thresholding correlator

알고리즘 (5) 워터마크 검출-TYPE 2 0 ? 문제점 Attack이 없음에도 불구하고 에러의 확률이 존재함

알고리즘 (6) Type 1 (영상차신호 이용) Type 2 Advantage : correlation b.w. the original image and the watermark is removed in advance Disadvantage : cannot prove rightful ownership. Type 2 Advantage : can prove rightful ownership Disadvantage : correlation b.w. the original image and the watermark increases the probability of decision error.

알고리즘 (7) 워터마킹 알고리즘의 영상에의 적용 알고리즘 공개 기반 워터마크 = 백색잡음 (white noise) Pseudo-Random Number key = random number의 seed value 강인성(robustness) 시각적으로 중요한 부분에 워터마크 삽입 (주파수 영역에서 크기가 큰 계수 & 중간 대역에 삽입)  워터마크의 제거 시 현저한 화질 저하 초래

알고리즘 (8) 워터마크 삽입의 실례 y(n) x(n) w(n) original image watermarked Image DCT IDCT x(n) w(n) y(n) x(n) w(n) + y(n)

알고리즘 (9) 워터마크 검출의 실례-TYPE 1 S w(n) correlator r(n) x(n) r(n)-x(n) d(n) + - decision by thresholding correlator 워터마크 검출의 실례-TYPE 1 S original image test Image DCT decision by thresholding r(n) x(n) r(n)-x(n) w(n) correlator

알고리즘 (10) 워터마크 검출 실례– TYPE 2 S Correlator r(n) w(n) Thresholding X r(n) w(n) d(n) decision by thresholding correlator 워터마크 검출 실례– TYPE 2 test Image DCT S Thresholding for decision Correlator r(n) w(n)

Rightful Ownership (1) x+w x+w+w’ 설정 : 제3자의 서명 공격 Original image : x, legal watermark : w Legal watermarked image : x + w Illegal watermark : w’ Illegal watermarked image : x + w + w’ x+w w’ x+w+w’

Rightful Ownership (2) x+w+w’ x x+w Type 1 ownership test (제3자 서명) w S[x+w+w’-x]*w = S[w*w] w w’ w’ S[(x+w+w’)-(x+w)]*w’ = S[w’*w’] x+w S[x-(x+w)]*w’ = S[-w*w’] = 0  x S[x+w-x]*w = S[w*w]

Rightful Ownership (3) 상황 설정 In this case, who is owner of (x + w) ?? original image : x, legal watermark : w  legal watermarked image : x + w Illegal watermark : w’, forged original image : x + w  w’  illegal watermarked image : x + w In this case, who is owner of (x + w) ?? Type 2 : YES Type 1 : NO Conclusion : type 2 must be used to ensure rightful ownership

Rightful Ownership (4) x+w x x+ww’ Type 1 (영상차이용) ownership test w w’ S[x+w-x]*w = S[w*w] w w’ w’ S[(x+w)-(x+w-w’)]*w’ = S[w’*w’] x+ww’ S[x+w-w’-x]*w = S[w*w] S[x-(x+w-w’)]*w’ = S[w’*w’]

Rightful Ownership (5) x+w x x+ww’ Type 2 ownership test w w’ w S[x+w]*w = S[w*w] w w’ w’ S[(x+w)]*w’ = S[w*w’] = 0  x x+ww’ S[x+w-w’]*w = S[w*w] S[x*w’] = 0  x

공격(attack) waveform attack synchronization attack attacks that attempt to damage the watermark by the manipulation of magnitude of the watermarked data filtering, compression, addition of noise, etc synchronization attack attacks that attempt to break alignment of watermark signal so that the recovery of the watermark impossible for a watermark detector geometric distortion(shift, scaling, and rotation), cropping, etc

공격(attack) Attack example (rotation 1 degree) (a) watermarked image (b) rotated image

인증을 위한 워터마킹 (authentication)

Introduction Image authentication Requirements Class of Authentication Integrity verification : change detection & change localization Ownership verification : check original ownership Requirements Fragility Localization Class of Authentication Exact authentication Selective authentication

Introduction Applications Trusted camera, legal usage of images, medical archiving of images, news reporting, commercial image transaction, etc

Exact Authentication Objective Fragile watermark Has the image been altered in any way whatsoever ? Fragile watermark Insertion of a very fragile mark Undetectable after a modification in any way LSB watermark Embed a predefined bits in the LSB plane of image MPEG PTY marks Encoding information by varying the sequence of frame type Decoding process : information regarding the order of I, B, P-frames is lost

Exact Authentication Embedded Signatures 암호화에서의 signature 원문의 다이제스트에 개인키로 암호한 것 Embedding method : robust watermark & fragile watermark LSB plane holds the authentication signature of the remaining bits

Selective Authentication Objective Has the image been significantly altered? Only significant changes cause authentication to fail Legitimate vs illegitimate distortions Application dependent Rule of thumb : considering the change in conclusions (ex) medical image : any distortion not to affect a diagnosis is legitimate Semi-fragile watermark Survive legitimate distortions & destroyed by illegitimate distortions

Selective Authentication Semi-fragile watermarking by quantizing DCT coefficient [Lin, ’98] Designed to survive specific levels of JPEG compression Property of quantization 4 bits are embedded in high-frequency DCT coefficients of each block

Selective Authentication Embedding algorithm Select 7 coefficients, C[0],…,C[6] from the set of 28 coefficients Exclusive OR of LSB of CI[i] to obtain be Flip LSB of one of the integers if beb

Selective Authentication Detection algorithm Extract each bit, Compare them against the corresponding bits in the watermark Authentic if percentage of matching bits > Threshold

Selective Authentication Experiments Test image : Lena  = 0.3 PSNR = 36.15dB

Selective Authentication Semi-fragile Signatures Signature unaffected by legitimate distortions, but changed by others Embedded as a watermark Cannot be fragile to survive any legitimate distortions Advantages Each image has a different watermark embedded Signature can be based on significant components of an image

Selective Authentication Semi-fragile signature embedded with semi-fragile watermark Designed to survive specific levels of JPEG compression Extracts a signature from low-frequency terms of block DCTs Embeds it in high-frequency terms Property of quantization :

Selective Authentication Signature extraction Image  block DCT Group blocks into pseudo-random pairs In each pair of blocks, compare n corresponding low-frequency coefficients to obtain n bits of binary signature embed the signature using the semi-fragile watermarking method

Selective Authentication Experiments Test image : Lena  = 0.3

Localization Localization “What parts of the image have been altered?” Information extractable from localized authentication Motive for tampering Possible candidate adversaries Whether the alteration is legitimate

Localization Pixel-wise image authentication [Yeung’97] Pseudo-random mapping from pixel intensities to binary values Mapping table constructed by a PN generator Each pixel holds 1 bit of watermark information Embedding Compare extracted mark with reference mark For non-matching pixels, replace image values with the closest match Error diffusion to reduce the visible artifacts

Localization Detection Generate binary pattern using pseudo-random mapping table Modified region : show up as noise in binary pattern binary pattern watermarked image tampered image extracted pattern

Localization Security Risks with Localization Situation : try to embed a valid watermark into a modified image Search attacks Assumption : adversary can access to a watermark detector Method : a brute-force search Enter slightly modified versions of the image into detector until authentic is reported.

Localization Collage attacks Assumption : adversary can access to one or more authentic images Method : collage Assembling from the set of independent authentic blocks

The End

False negative, False positive Definition of erfc(x)