H2O4M - Watermarking for Media:

Classification, Quality Evaluation, Design Improvements

Jana Dittmann, Martin Steinebach

GMD-IPSI
Dolivostrasse 15
D-64293 Darmstadt
+49-6151-869845

Jana.Dittmann@gmd.de

Thomas Kunkelmann

Tecmath AG
Sauerwiesen 2
D-67661 Kaiserslautern
+49-6301-606200

kunkelman@tecmath.de

Ludwig Stoffels

DRA
Bertramstr. 8
D-60320 Frankfurt
+49-69-15687182

lstoffels@hr-online.de

Nazim Fatès, Fabien A. P. Petitcolas

Microsoft Research
n_fates@scientist.com, fabienpe@microsoft.com

ABSTRACT

Security has become one of the most significant problems for spreading new information technology. Beside cryptographic solutions digital watermarking methods offer several protection possibilities. H2O4M - Watermarking for Media is a joined project at GMD-IPSI (German National Research Center for Information Technology) and the German broadcast archive DRA funded by the German government to classify, evaluate and improve digital watermarking techniques. Today a wide variety of techniques has been proposed but it is quite difficult to classify the approaches and measure their quality. Our intention in this project is to discuss the main watermarking parameter and to present a media independent classification scheme as a basis for quality evaluation. Furthermore one outstanding goal of the project is practical testing of existing techniques in a real scenario at the DRA with the content-management provider tecmath AG. Practical experiences are an essential basis for better design approaches. To date, such integration of watermarking algorithm into content management systems are not evaluated. In parallel a group was established initiated by Fabien Petitcolas to offer a public automated watermarking evaluation service: StirMark Benchmark. In our paper we present the H2O4M project scenario, first results of the media-independent classification scheme and the StirMark Benchmark evaluation service.

Keywords

Digital watermarking, classification, evaluation service.

1. INTRODUCTION

Digital Watermarking is a technology capable of solving important practical security problems. It is a highly multidisciplinary field that combines media and signal processing with cryptography, communication theory, coding theory, signal compression, and the theory of human perception. Interest in this field has recently increased because of the wide spectrum of applications it addresses. Although a wide variety of techniques has been proposed it is rather difficult to classify the approaches and measure their quality.

H2O4M a project at GMD-IPSI (www.darmstadt.gmd.de/mobile/projects/h2o4m) and the German broadcast archive DRA (www.dra.de) funded by the German government was started in January 2000 for three years. The project`s intention is to classify the different watermarking schemes, to find quality measures and to improve watermarking technologies. Beside the theoretical evaluation one major goal and so far the first of its kind is the integration of the watermarking algorithm into a content management system. For practical evaluation a content-management system provided by tecmath AG (www.tecmath.de) will be adapted to handle watermarking services with a wide variety of data provided by DRA, see figure 1.

Figure 1. H2O4M project scenario

The H2O4M integration scenario evaluates the possibilities and usability of watermarking technologies in a content management system to protect digital video and audio data archived by DRA. DRA experts will measure the transparency and robustness of watermarks. GMD-IPSI provides the watermarking technology: internally developed algorithms and algorithms provided by extern parties. Tecmath defines the interfaces to offer watermarking services. The project test scenario is being offered to all interested parties and we invite watermarking researchers to provide their algorithms for practical analysis in the H2O4M project in a real content management system. To give users an overview of existing watermarking approaches, the classification scheme will be available through a GMD-IPSI web interface, where researchers and industry can register their algorithms and users can search for adequate techniques to fit their needs.

In parallel a group initiated by Fabien Petitcolas was established to offer a public automated watermarking evaluation service: the StirMark Benchmark. Beside the H2O4M project based on a content management system and the manual evaluation from DRA experts, the StirMark Benchmark project offers a public automated test suite with a huge amount of robustness and security attacks for quality evaluation. StirMark Benchmark evaluates the algorithms within a theoretical background and performs blind attacks.

In the following section 2 we will introduce our H2O4M media independent classification scheme as a first project result and as a basis for quality evaluation. Our classification scheme takes the application areas into account and shows which parameters and attacks are essential. In comparison to Pitas [11], we do not analyze algorithms` details and do not refer to the domain where the watermark is embedded. Our goal is to give the users a system (available over the web) to find the appropriate watermarking function along with their parameters. For public quality evaluation we introduce the StirMark Benchmark suite in section 3.

2. MEDIA INDEPENDENT CLASSIFICATION SCHEME

The H2O4M media independent classification scheme is a basis for quality evaluation. For our classification scheme we use application areas as main organizing principle. Furthermore we show which parameters and possible attacks are essential for each application area. Based on these parameters and attacks the algorithms can be evaluated if a specific algorithm has adequate properties and can be used for a certain application area. Usually existing watermarking techniques can be used in several applications but it may be difficult in each application to fulfill all quality demands.

2.1 Application-based Classification

In general, we find the following watermarking classes based on application areas for digital watermarking:

In our classification scheme we do not consider watermarking as information hiding technique to have a secure cover communication.

2.2 Watermarking Parameter

The most important properties of digital watermarking techniques are robustness, security, imperceptibility/ transparency, complexity, capacity and possibility of verification.

The optimization of the parameters is mutually competitive and cannot be clearly done at the same time. If we want to embed a large message, we cannot require large robustness simultaneously. A reasonable compromise is always a necessity. On the other hand, if robustness to strong distortion is an issue, the message that can be reliably hidden must not be too long.

2.3 Important Parameters

Each of the five classes of watermarks has its own quality parameters and standards. In table 1 we point out the general watermarking parameters described in section 2 for each of the five watermark classes. These can be used as general quality metrics. Our goal is to classify new and existing algorithms into the scheme. We will offer a web interface where researchers and industry can register their algorithms in a classification database to provide user transparency.

Table 1. Important parameters and attacks

Watermark

Parameter

Attacks

Authentication/ Copyright Watermark

-high robustness -high security -non-perceptual -blind methods are usually more practicable -capacity should fit to the needs for a rightful owner identification -verification process usually private, public can be also desirable

-Mosaik attack [12] -Stirmark attack [12] -Geometrical attacks [6] -Histogram attacks [10] -Template attacks [13] -Forgery attacks [8] -Rightful ownership attacks (invertability) [3]

Fingerprint Watermark

See Authentication Watermark -also non blind techniques are useful

See Authentication Watermark -additionally the coalition attack [1,5]

Copy Control/ Broadcast Watermark

See Fingerprint Watermark -low complexity required

See Authentication Watermark

Annotation Watermark

-robustness in most cases less important -security is usually not important -blind methods are preferable with low complexity -high capacity - verification process usually private, public may be desirable

In most cases no interest in attacking the watermark

Integrity Watermark

See Authentication Watermark -but robustness until the semantics of the data is destroyed (semi-fragile, content-fragile)

-Forgery attacks [8] -Rightful ownership attacks (invertability) [3] -attacks on the fragility [4]

 

In addition we show possible attacks which depend on the application area, [2]. For example, the Fingerprint Watermark has to deal with the coalition attack: When we watermark the original with different user identifications we produce different copies. Customers could work together by comparing their different copies to find and destroy the Fingerprint Watermark [1,5].

Another problem we recognize is the property of robustness and the recognition of manipulations for the Integrity Watermark. The robustness has to be adapted to content-changing and content preserving manipulation which must be addressed by the watermarking algorithms. A draft classification can be found in table 2.

The Integrity Watermark is a fragile watermark that is readily altered or destroyed when the host image is modified through a linear or nonlinear transformation. The sensitivity of fragile watermarks to modification leads to their use in image authentication Fridrich [14] classifies into fragile, semi-fragile, robust watermarks, and self-embedding as a means for detecting both malicious and inadvertent changes to digital media.

Table 2. Content-preserving and content-changing
manipulations

Content-preserving manipulations

Content-changing manipulations

  • Transmission errors
  • Noise
  • Data storage errors
  • Compression and quantization
  • Brightness reduction
  • Resolution reduction
  • Scaling
  • Color convertions
  • g -distortion
  • Changes of hue and saturation
  • Removing image objects (persons, objects, etc.)
  • Moving of image elements, changing their positions
  • Adding new objects
  • Changes of image characteristics: color, textures, structure, impression, etc.
  • Changes of the image background (change of the day time or location (forest, ocean))
  • Changes of light conditions (shadow manipulations etc.)

Currently fragile watermarks are very sensitive to changes and can detect every possible change in pixel values. That can be of interest for parties to verify that an image has not been edited, damaged, or altered since it was marked. But in many applications we have to cope with several allowed post production editing processes which do not manipulate the content of the image or video data. The semi-fragile schemes try to address this problem. These techniques are moderately robust and the value identifying the presence of the watermark (a correlation in most cases) can serve as a measure of tampering. The problem of these schemes is that we cannot recognize whether the content or the message of the media was effected or manipulated. Therefore we find approaches which can distinguish malicious changes from innocent image processing operations. Such techniques [14] could be termed authentication of the visual content. We have to distinguish between content-preserving and content-changing manipulations. Most existing techniques use threshold based techniques to decide the visual integrity. The main problem is to face the wide variety of allowed content-preserving operations. As we see in the literature most algorithms address the problem of compression. But very often scaling, format conversion or filtering are also allowed transformations. The table 2 shows main content-preserving and content-manipulating operations.

Most existing techniques recognize scaling, format conversion or compression as integrity violation. But to allow several post production editing processes we need more sophisticated approaches.

It appears that no single scheme can have both precise localization properties without being too sensitive. Depending on the application area the user have to chose the appropriate technique.

3. STIRMARK BENCHMARK

One of the main problems of digital watermarking technologies is the lack of detailed evaluation of existing marking schemes. This lack of benchmarking of current algorithms is blatant and confuses rights holders as well as software and hardware manufacturers and prevents them from using the solution appropriate to their needs. Indeed basing long-lived protection schemes on badly tested watermarking technology does not make sense.

In the StirMark Benchmark project initiated by Fabien Petitcolas we present an architecture of a public automated evaluation service developed for still images, sound and video. The H2O4M project includes practical testing in a content management system. To ensure a publicly available quality evaluation beyond the H2O4M project the GMD-IPSI participates StirMark Benchmark. GMD-IPSI contributes project experiences into the test suite, setups the server test environment, develops new attacks and provides the source code management of the StirMark Benchmark project.

As a first step towards a widely accepted way to evaluate watermarking schemes we started to implement an automated benchmark server for digital watermarking schemes called ´StirMark Benchmark`. The idea is to allow users to send a binary library of their scheme to the server which in turns runs a series of tests on this library and keeps the results in a database accessible to the scheme owner or to all ´watermarkers` through the Web.

Simplicity - In order to be widely accepted this service has a simple interface with existing watermarking libraries. Indeed the evaluation service only requires three functions to be exported from the watermarking library supplied by the user. The first one provides information about the marking scheme such as its type and purpose, its operational environment, its author, version, release date, etc. The two other functions are the complementary Embed and Extract functions. We tried to capture all possible cases and ended up with a solution where several parameters are provided but not all of them are mandatory. They include the original medium, the watermarked medium, the embedding key, the strength of the embedding, the payload, the maximum distortion tolerated and the certainty of extraction. Customisation - The evaluation service also takes into account the application of the watermarking scheme by proposing different evaluation profiles (sets of tests and images) and strengths. For each type of watermarking scheme, we want to use a different evaluation profile without having to recompile the application tool. Definition of the profiles is not an easy task and requires agreement among the watermarking community. Fortunately, the choice of these profiles does not affect the design of the evaluation service and can be done later and tuned after experimenting the service. This is achieved with the use of an initialisation file per evaluation profile, in which each test has its own parameters stored. Modularity and choice of tests - Watermarking algorithms are often used in larger system designed to achieve certain goals (e.g., prevention of illegal copying, trading of images). But here we are only concerned with the evaluation of watermarking (so the signal processing aspects) within the larger system not the effectiveness of the full system to achieve its goals. So the main functionalities we wish to evaluate include the perceptibility of the scheme, its capacity, its reliability (robustness to attacks and false alarm rate) and its performances (mainly the speed of execution). For each of these set of tests we are implementing ad-hoc libraries which are built easily on top of the core libraries as shown in the next section.

4. SUMMARY

The H2O4M project in combination with the StirMark Benchmark suite enables to classify, evaluate and improve the watermarking technology. The classification scheme gives users an orientation how they can find their watermarking algorithm and the main essential parameters of the watermarking techniques. The H2O4M practical experiences are based on the huge amount of the archived data from DRA (where we have also a unique and wide range of different media characteristics). The results will be used to improve watermarking design. Content providers as well as content-management providers get an example application how to integrate watermarking into a content management system. Beside the practical aspects, the publicly available StirMark Benchmark project suite measures and compares the quality of the different available algorithms on a theoretical basis in parallel.

5. ACKNOWLEDGEMENTS

Our thanks to Fabien Petitcolas and all StirMark Benchmark members for their contributions.

6. REFERENCES

[1] D. Boneh, J. Shaw, Collusion-Secure Fingerprinting for Digital Data, In Proc. CRYPTO`95, Springer LNCS 963, pp. 452-465, 1995.

[2] I. J. Cox, J.-P. M.G. Linnartz: Public watermarks and resistence to tampering, Proceedings of IEEE Int. Conf. O Image Processing, 1997, available only on CD-ROM.

[3] S. Craver, N. Memon, B. Yeo, and M. Yeung: Can Invisible Watermarks Resolve Rightful Ownerships? Technical Report RC 20509, IBM Research Division, July 1996.

[4] J. Dittmann, A. Steinmetz, and R. Steinmetz: Content-based Digital Signature for Motion Pictures Authentication and Content-Fragile Watermarking, In Proc. of IEEE Multimedia Systems, Multimedia Computing and Systems, June 7-11, 1999, Florence, Italy, Volume 1, pp. 574-579, 1999.

[5] J. Dittmann, A. Behr, M. Stabenau, P. Schmitt, J. Schwenk, and J. Ueberberg: Combining digital Watermarks and collision secure Fingerprints for digital Images, In Proc. of the SPIE Conference on Electronic Imaging '99, Security and Watermarking of Multimedia Contents, 24-29 January 1999, San Jose USA, Proceedings of SPIE Vol. 3657, [3657-51], pp. 171-182, 1999.

[6] J. Dittmann, F. Nack, A. Steinmetz, and R. Steinmetz: Interactive Watermarking Environments, Proceedings of International Conference on Multimedia Computing and Systems, Austin, Texas, USA, pp. 286-294, 1998.

[7] J. Fridrich: Methods for data hiding, Center for Intelligent Systems & Department of Systems Science and Industrial Engineering, SUNY Binghamton, Methods for Data Hiding", working paper, 1997.

[8] M. Holliman, N. Memon: Counterfeiting Attack on Linear Watermarking Schemes, In Workshop Security Issues in Multimedia Systems, IEEE Multimedia Systems Conference '98, Austin, Texas, 1998.

[9] M. Kutter, F. Petitcolas: Fair Benchmark for Image Watermarking Systems, In Proc. of the SPIE Conference on Electronic Imaging '99, Security and Watermarking of Multimedia Contents, 24-29 January 1999, San Jose USA, Proceedings of SPIE Vol. 3657, [3657-51], pp. 226-239, 1999.

[10] M.J.J. Maes: Twin peaks: The histogram attack to fixed depth image watermarks, In Proc. of the Workshop on Information Hiding, Portland, April 1998. Submitted.

[11] N. Nikolaidis, I. Pitas: Digital Image Watermarking: an overview, In Proc. of IEEE Multimedia Systems, Multimedia Computing and Systems, June 7-11, 1999, Florence, Italy, Volume 1, pp. 1-6, 1999.

[12] F. Petitcolas, R. Anderson, and M. Kuhn: Attacks on copyright marking systems, In Proc of Second International Workshop on Information Hiding `98, 14-17 April, Portland, Oregon, USA; proceedings published by Springer as Lecture Notes in Computer Science v 1525, pp. 219-239, 1998.

[13] T. Pun: Watermark Attacks, DFG V3D2 Watermarking Workshop, http://www.lnt.de/~watermarking , 1999.

[14] J. Fridrich: Methods for Tamper Detection of Digital Images, in J. Dittmann, K. Nahrstedt, P. Wohlmacher (Eds.), Multimedia and Security, Workshop at ACM Multimedia`99, Orlando, Florida, USA, Oct 30-Nov 5 1999, pp. 29-34, 1999.