This PDF file contains the front matter associated with SPIE Proceedings Volume 6505, including the Title Page, Copyright information, Table of Contents, Introduction (if any), and the Conference Committee listing.

In this paper, we propose a general framework and practical coding methods for constructing steganographic schemes that minimize the statistical impact of embedding. By associating a cost of an embedding change with every element of the cover, we first derive bounds on the minimum theoretically achievable embedding impact and then propose a framework to achieve it in practice. The method is based on syndrome codes with low-density generator matrices (LDGM). The problem of optimally encoding a message (e.g., with the smallest embedding impact) requires a binary quantizer that performs near the rate-distortion bound. We implement this quantizer using LDGM codes with a survey propagation message-passing algorithm. Since LDGM codes are guaranteed to achieve the rate-distortion bound, the proposed methods are guaranteed to achieve the minimal embedding impact (maximal embedding efficiency). We provide detailed technical description of the method for practitioners and demonstrate its performance on matrix embedding.

Blind steganalysis based on classifying feature vectors derived from images is becoming increasingly more powerful. For steganalysis of JPEG images, features derived directly in the embedding domain from DCT coefficients appear to achieve the best performance (e.g., the DCT features¹⁰ and Markov features²¹). The goal of this paper is to construct a new multi-class JPEG steganalyzer with markedly improved performance. We do so first by extending the 23 DCT feature set,¹⁰ then applying calibration to the Markov features described in²¹ and reducing their dimension. The resulting feature sets are merged, producing a 274-dimensional feature vector. The new feature set is then used to construct a Support Vector Machine multi-classifier capable of assigning stego images to six popular steganographic algorithms-F5,²² OutGuess,¹⁸ Model Based Steganography without ,¹⁹ and with²⁰ deblocking, JP Hide&Seek,¹ and Steghide.¹⁴ Comparing to our previous work on multi-classification,^{11, 12} the new feature set provides significantly more reliable results.

In Batch Steganography we assume that a Steganographer has to choose how to allocate a fixed amount of data between a large number of covers. Given the existence of a steganalysis method for individual objects (satisfying certain assumptions) we assume that a Warden attempts to detect the payload by pooling the evidence from all the objects. This paper works out the details of a particular method for the Warden, which counts the number of objects of which the detection statistic surpasses a certain threshold. This natural pooling method leads to a game between the Warden and Steganographer, and there are different varieties depending on whether the moves are sequential or simultaneous. The solutions are intriguing, suggesting that the Steganographer should always concentrate the payload in as few covers as possible, or exactly the reverse, but never adopt an intermediate strategy. Furthermore, the Warden's optimal strategies are instructive for the benchmarking of quantitative steganalysis methods. Experimental results show that some steganography and steganalysis methods' empirical performance accords with this theory.

Steganography and steganalysis in VoIP applications are important research topics as speech data is an appropriate cover to hide messages or comprehensive documents. In our paper we introduce a Mel-cepstrum based analysis known from speaker and speech recognition to perform a detection of embedded hidden messages. In particular we combine known and established audio steganalysis features with the features derived from Melcepstrum based analysis for an investigation on the improvement of the detection performance. Our main focus considers the application environment of VoIP-steganography scenarios. The evaluation of the enhanced feature space is performed for classical steganographic as well as for watermarking algorithms. With this strategy we show how general forensic approaches can detect information hiding techniques in the field of hidden communication as well as for DRM applications. For the later the detection of the presence of a potential watermark in a specific feature space can lead to new attacks or to a better design of the watermarking pattern. Following that the usefulness of Mel-cepstrum domain based features for detection is discussed in detail.

Quantitative steganalysis aims to estimate the amount of payload in a stego object, and such estimators seem to arise naturally in steganalysis of Least Significant Bit (LSB) replacement in digital images. However, as with all steganalysis, the estimators are subject to errors, and their magnitude seems heavily dependent on properties of the cover. In very recent work we have given the first derivation of estimation error, for a certain method of steganalysis (the Least-Squares variant of Sample Pairs Analysis) of LSB replacement steganography in digital images. In this paper we make use of our theoretical results to find an improved estimator and detector. We also extend the theoretical analysis to another (more accurate) steganalysis estimator (Triples Analysis) and hence derive an improved version of that estimator too. Experimental results show that the new steganalyzers have improved accuracy, particularly in the difficult case of never-compressed covers.

A blind source separation method for steganalysis of linear additive embedding techniques is presented. The paper formulates steganalysis as a blind source separation problem -- statistically separate the host and secret message carrying signals. A probabilistic model of the source distributions is defined based on its sparsity. The problem of having fewer observations than the number of sources is effectively handled exploiting the sparsity and a maximum a posteriori probability (MAP) estimator is developed to chose the best estimate of the sources. Experimental details are provided for steganalysis of a discrete cosine transform (DCT) domain data embedding technique.

Current systems and protocols for integrity and authenticity verification of media data do not distinguish between legitimate signal transformation and malicious tampering that manipulates the content. Furthermore, they usually provide no localization or assessment of the relevance of such manipulations with respect to human perception or semantics. We present an algorithm for a robust message authentication code (RMAC) to verify the integrity of audio recodings by means of robust audio fingerprinting and robust perceptual hashing. Experimental results show that the proposed algorithm provides both a high level of distinction between perceptually different audio data and a high robustness against signal transformations that do not change the perceived information.

Synchronization is still one of the most important issues in digital watermarking. Many attacks do not remove the watermark from the cover, but only disable the synchronization between the watermark and the detector. Most watermarking algorithms feature some synchronization strategy, but especially in audio watermarking this may not be sufficient to fight de-synchronization attacks: As the watermark is embedded over a given length of audio data, a good synchronization at the starting point of the retrieval process may be lost during retrieval. An example for this is time stretching, where the effects of playback speed modification sums up during retrieval. We introduce a novel synchronization approach applying passive audio fingerprinting to synchronize each watermarking bit individually. Storage of the fingerprint values is not necessary in our approach, improving the usability compared to existing solutions in this area.

Geometrical transforms such as time-scale modification (TSM), random removal(RR), random duplication(RD), and cropping, are of common operations on audio signals while presents many challenges to robust audio watermarking. The existing algorithms aiming at solving the geometrical distortions have various drawbacks e.g. high false alarm probability, heavy computation load, small data hiding capacity, and low robustness performance. In this paper an audio watermarking algorithm based on dyadic wavelet transform robust to geometrical distortions is proposed. Watermark synchronization is achieved using the geometrical invariant properties of dyadic wavelet transform. A well-designed coding scheme is proposed for lowering the bit error rate of the watermark. The experimental results show that the watermark is robust to geometrical transforms and other common operations. Compared with other existing algorithms the proposed algorithm has several advantages of high robustness, large data hiding capacity and low computation load.

Zero-knowledge watermark detectors presented to date are based on a linear correlation between the asset features and a given secret sequence. This detection function is susceptible of being attacked by sensitivity attacks, for which zero-knowledge does not provide protection. In this paper, an efficient zero-knowledge version of the Generalized Gaussian Maximum Likelihood (ML) detector is introduced. The inherent robustness that this detector presents against sensitivity attacks, together with the security provided by the zero-knowledge protocol that conceals the keys that could be used to remove the watermark or to produce forged assets, results in a robust and secure protocol. Two versions of the zero-knowledge detector are presented; the first one makes use of two new zero-knowledge proofs for modulus and square root calculation; the second is an improved version applicable when the spreading sequence is binary, and it has minimum communication complexity. Completeness, soundness and zero-knowledge properties of the developed protocols are proved, and they are compared with previous zero-knowledge watermark detection protocols in terms of receiver operating characteristic, resistance to sensitivity attacks and communication complexity.

Inspired by results from the Break Our Watermarking System (BOWS) contest, we explored techniques to reverse-engineer watermarking algorithms via oracle attacks. We exploit a principle called "superrobustness," which allows a watermarking algorithm to be characterized by its resistance to specific distortions. The generic application of this principle to an oracle attack seeks to find a severe false alarm, or a point on the watermark detection region as far as possible from the watermarked image. For specific types of detection regions, these severe false positives can leak information about the feature space as well as detector parameters. We explore the specific case of detectors using normalized correlation, or correlation coefficient.

Desynchronization attacks based on fine resampling of a watermarked signal can be very effective from the point of view of degrading decoding performance. Nevertheless, the actual perceptual impact brought about by these attacks has not been considered in enough depth in previous research. In this work, we investigate geometric distortion measures which aim at being simultaneously general, related to human perception, and easy to compute in stochastic contexts. Our approach is based on combining the stochastic characterization of the sampling grid jitter applied by the attacker with empirically relevant perceptual measures. Using this procedure, we show that the variance of the sampling grid, which is a customary geometric distortion measure, has to be weighted in order to carry more accurate perceptual meaning. Indeed, the spectral characteristics of the geometric jitter signal have to be relevant from a perceptual point of view, as intuitively seen when comparing constant shift resampling and white jitter resampling. Finally, as the geometric jitter signal does not describe in full the resampled signal, we investigate more accurate approaches to producing a geometric distortion measure that takes into account the amplitude modifications due to resampling.

In some applications such as real-time video applications, watermark detection needs to be performed in real time. To address image watermark robustness against geometric transformations such as the combination of rotation, scaling, translation and/or cropping (RST), many prior works choose exhaustive search method or template matching method to find the RST distortion parameters, then reverse the distortion to resynchronize the watermark. These methods typically impose huge computation burden because the search space is typically a multiple dimensional space. Some other prior works choose to embed watermarks in an RST invariant domain to meet the real time requirement. But it might be difficult to construct such an RST invariant domain. Zernike moments are useful tools in pattern recognition and image watermarking due to their orthogonality and rotation invariance property. In this paper, we propose a fast watermark resynchronization method based on Zernike moments, which requires only search over scaling factor to combat RST geometric distortion, thus significantly reducing the computation load. We apply the proposed method to circularly symmetric watermarking. According to Plancherel's Theorem and the rotation invariance property of Zernike moments, the rotation estimation only requires performing DFT on Zernike moments correlation value once. Thus for RST attack, we can estimate both rotation angle and scaling factor by searching for the scaling factor to find the overall maximum DFT magnitude mentioned above. With the estimated rotation angle and scaling factor parameters, the watermark can be resynchronized. In watermark detection, the normalized correlation between the watermark and the DFT magnitude of the test image is used. Our experimental results demonstrate the advantage of our proposed method. The watermarking scheme is robust to global RST distortion as well as JPEG compression. In particular, the watermark is robust to print-rescanning and randomization-bending local distortion in Stirmark 3.1.

This paper presents an information-theoretic analysis of security for data hiding methods based on spread spectrum. The security is quantified by means of the mutual information between the observed watermarked signals and the secret carrier (a.k.a. spreading vector) that conveys the watermark, a measure that can be used to bound the number of observations needed to estimate the carrier up to a certain accuracy. The main results of this paper permit to establish fundamental security limits for this kind of methods and to draw conclusions about the tradeoffs between robustness and security. Specifically, the impact of the dimensionality of the embedding function, the host rejection, and the embedding distortion in the security level is investigated, and in some cases explicitly quantified.

Lattice codes and quantization-based techniques have received considerable attention as a method of digital watermarking with side information. However, these algorithms are also recognized to be highly sensitive to common signal processing primitives such as valuemetric scaling, e.g. changes in volume of a song, or re-quantization, e.g. JPEG compression. Hence, it is reasonable to investigate alternative codes which may offer the potential for superior performance. In previous work, we designed a new class of codes, called dirty paper trellis codes (DPTC), which are by construction immune to valuemetric scaling. Although DPTC have shown themselves to be resistant to certain classes attacks, the trellises were generated randomly, thus leading to suboptimal codes. In this paper, Ungerboeck's work on trellis coded modulation (TCM) is exploited to significantly improve the performance of the DPTC. Experimental results show that the resulting trellises significantly outperform the original design.

Various decoding algorithms have been proposed in the literature to combat desynchronization attacks on quantization index modulation (QIM) blind watermarking schemes. Nevertheless, these results have been fairly poor so far. The need to investigate fundamental limitations on the decoder's performance under a desynchronization attack is thus clear. In this paper, we look at the class of estimator-decoders which estimate the desynchronization attack parameter(s) for using in the decoding step. We model the desynchronization attack as an arbitrary (but invertible) linear time-invariant (LTI) system. We then come up with an encoding-decoding scheme for these attacks on cubic QIM watermarking schemes, and derive Cramer-Rao bounds on the estimation error for the desynchronization parameter at the decoder. As an example, we consider the case of a cyclic shift attack and present some numerical findings.

This work deals with practical and theoretical issues raised by the information-theoretical framework for authentication with distortion constraints proposed by Martinian et al.¹ The optimal schemes proposed by these authors rely on random codes which bear close resemblance to the dirty-paper random codes which show up in data hiding problems. On the one hand, this would suggest to implement practical authentication methods employing lattice codes, but these are too easy to tamper with within authentication scenarios. Lattice codes must be randomized in order to hide their structure. One particular multimedia authentication method based on randomizing the scalar lattice was recently proposed by Fei et al.² We reexamine here this method under the light of the aforementioned information-theoretical study, and we extend it to general lattices thus providing a more general performance analysis for lattice-based authentication. We also propose improvements to Fei et al.'s method based on the analysis by Martinian et al., and we discuss some weaknesses of these methods and their solutions.

In content fingerprinting, the same media covertext - image, video, audio, or text - is distributed to many users. A fingerprint, a mark unique to each user, is embedded into each copy of the distributed covertext. In a collusion attack, two or more users may combine their copies in an attempt to "remove" their fingerprints and forge a pirated copy. To trace the forgery back to members of the coalition, we need fingerprinting codes that can reliably identify the fingerprints of those members. Researchers have been focusing on designing or testing fingerprints for Gaussian host signals and the mean square error (MSE) distortion under some classes of collusion attacks, in terms of the detector's error probability in detecting collusion members. For example, under the assumptions of Gaussian fingerprints and Gaussian attacks (the fingerprinted signals are averaged and then the result is passed through a Gaussian test channel), Moulin and Briassouli¹ derived optimal strategies in a game-theoretic framework that uses the detector's error probability as the performance measure for a binary decision problem (whether a user participates in the collusion attack or not); Stone² and Zhao et al.³ studied average and other non-linear collusion attacks for Gaussian-like fingerprints; Wang et al.⁴ stated that the average collusion attack is the most efficient one for orthogonal fingerprints; Kiyavash and Moulin⁵ derived a mathematical proof of the optimality of the average collusion attack under some assumptions. In this paper, we also consider Gaussian cover signals, the MSE distortion, and memoryless collusion attacks. We do not make any assumption about the fingerprinting codes used other than an embedding distortion constraint. Also, our only assumptions about the attack channel are an expected distortion constraint, a memoryless constraint, and a fairness constraint. That is, the colluders are allowed to use any arbitrary nonlinear strategy subject to the above constraints. Under those constraints on the fingerprint embedder and the colluders, fingerprinting capacity is obtained as the solution of a mutual-information game involving probability density functions (pdf's) designed by the embedder and the colluders. We show that the optimal fingerprinting strategy is a Gaussian test channel where the fingerprinted signal is the sum of an attenuated version of the cover signal plus a Gaussian information-bearing noise, and the optimal collusion strategy is to average fingerprinted signals possessed by all the colluders and pass the averaged copy through a Gaussian test channel. The capacity result and the optimal strategies are the same for both the private and public games. In the former scenario, the original covertext is available to the decoder, while in the latter setup, the original covertext is available to the encoder but not to the decoder.

We study the statistical performance of spherical fingerprints for a focused detector which decides whether a user of interest is among the colluders. The colluders create a noise-free forgery by preprocessing their individual copies, and then adding a white Gaussian noise sequence to form the actual forgery. Let N be the codelength, M the number of users, and K the number of colluders. We derive a sphere packing lower bound on the error probability, valid for any triple (N,M,K) and any spherical fingerprinting code.

Annotation watermarking (sometimes also called caption or illustration watermarking) denotes a specific application of watermarks, which embeds supplementary information directly in the media, so that additional information is intrinsically linked to media content and does not get separated from the media by non-malicious processing steps such as image cropping or compression. Recently, nested object annotation watermarking (NOAWM) has been introduced as a specialized annotation watermarking domain, whereby hierarchical object information is embedded in photographic images. In earlier work, the Hierarchical Graph Concept (HGC) has been suggested as a first approach to model object relations, which are defined by users during editing processes, into a hierarchical tree structure. The original HGC method uses a code-book decomposition of the annotation tree and a block-luminance algorithm for embedding. In this article, two new approaches for embedding nested object annotations are presented and experimentally compared to the original HGC approach. The first one adopts the code-book scheme of HGC using an alternative embedding based on Wet Paper Codes in blue-channel LSB domain, whereas the second suggests a new method based on the concept of intrinsic signal inheritance by sub-band energy and phase modulation of image luminance blocks. A comparative experimental evaluation based on more than 100 test images is presented in the paper, whereby aspects of transparency and robustness with respect to the most relevant image modifications to annotations, cropping and JPEG compression, are discussed comparatively for the two code-book schemes and the novel inheritance approach.

Collusion attack is a malicious watermark removal attack in which the hacker has access to multiple copies of the same content with different watermarks and tries to remove the watermark using averaging. In the literature, several solutions to collusion attacks have been reported. The main stream solutions aim at designing watermark codes that are inherently resistant to collusion attacks. The other approaches propose signal processing based solutions that aim at modifying the watermarked signals in such a way that averaging multiple copies of the content leads to a significant degradation of the content quality. In this paper, we present signal processing based technique that may be deployed for deterring collusion attacks. We formulate the problem in the context of electronic music distribution where the content is generally available in the compressed domain. Thus, we first extend the collusion resistance principles to bit stream signals and secondly present experimental based analysis to estimate a bound on the maximum number of modified versions of a content that satisfy good perceptibility requirement on one hand and destructive averaging property on the other hand.

Watermark interference is a threat to reliable detection in multiple re-watermarking scenarios. The impact of using disjoint frequency bands and/or different embedding domains in limiting those interferences is evaluated and compared. Employing disjoint frequency bands for embedding different watermarks turns out to be more effective and is capable of maintaining reasonable detection correlation in multiple embedding applications.

In the last decade digital watermarking techniques have been devised to answer the ever-growing need to protect the intellectual property of digital still images, video sequences or audio from piracy attacks. Because of the proliferation of watermarking algorithms and their applications some benchmarks have been created in order to help watermarkers comparing their algorithms in terms of robustness against various attacks (i.e. Stirmark, Checkmark). However, no equal attention has been devoted to the proposition of benchmarks tailored to assess the watermark perceptual transparency. In this work, we study several watermarking techniques in terms of the mark invisibility through subjective experiments. Moreover, we test the ability of several objective metrics, used in the literature mainly to evaluate distortions due to the coding process, to be correlated with subjective scores. The conclusions drawn in the paper are supported by extensive experimentations using both several watermarking techniques and objective metrics.

In this paper, we revisit the problem of digital camera sensor identification using photo-response non-uniformity noise (PRNU). Considering the identification task as a joint estimation and detection problem, we use a simplified model for the sensor output and then derive a Maximum Likelihood estimator of the PRNU. The model is also used to design optimal test statistics for detection of PRNU in a specific image. To estimate unknown shaping factors and determine the distribution of the test statistics for the image-camera match, we construct a predictor of the test statistics on small image blocks. This enables us to obtain conservative estimates of false rejection rates for each image under Neyman- Pearson testing. We also point out a few pitfalls in camera identification using PRNU and ways to overcome them by preprocessing the estimated PRNU before identification.

In our paper we discuss and compare the possibilities and shortcomings of both content-fragile watermarking and digital forensics and analyze if the combination of both techniques allows the identification of more than the sum of all manipulations identified by both techniques on their own due to synergetic effects. The first part of the paper discusses the theoretical possibilities offered by a combined approach, in which forensics and watermarking are considered as complementary tools for data authentication or deeply combined together, in order to reduce their error rate and to enhance the detection efficiency. After this conceptual discussion the paper proposes some concrete examples in which the joint approach is applied to video authentication. Some specific forensics techniques are analyzed and expanded to handle efficiently video data. The examples show possible extensions of passive-blind image forgery detection to video data, where the motion and time related characteristics of video are efficiently exploited.

A new approach to efficient blind image splicing detection is proposed in this paper. Image splicing is the process of making a composite picture by cutting and joining two or more photographs. The spliced image may introduce a number of sharp transitions such as lines, edges and corners. Phase congruency has been known as a sensitive measure of these sharp transitions and hence been proposed as features for splicing detection. In addition to the phase information, the magnitude information is also used for splicing detection. Specifically, statistical moments of characteristic functions of wavelet subbands have been examined to catch the difference between the authentic images and spliced images. Consequently, the proposed scheme extracts image features from moments of wavelet characteristic functions and 2-D phase congruency for image splicing detection. The experiments have demonstrated that the proposed approach can achieve a higher detection rate as compared with the state-of-the-art.

A large portion of digital image data available today is acquired using digital cameras or scanners. While cameras allow digital reproduction of natural scenes, scanners are often used to capture hardcopy art in more controlled scenarios. This paper proposes a new technique for non-intrusive scanner model identification, which can be further extended to perform tampering detection on scanned images. Using only scanned image samples that contain arbitrary content, we construct a robust scanner identifier to determine the brand/model of the scanner used to capture each scanned image. The proposed scanner identifier is based on statistical features of scanning noise. We first analyze scanning noise from several angles, including through image de-noising, wavelet analysis, and neighborhood prediction, and then obtain statistical features from each characterization. Experimental results demonstrate that the proposed method can effectively identify the correct scanner brands/models with high accuracy.

In this paper we present a new method for the detection of forgeries in digital videos, using the sensor's pattern noise. The camera pattern noise is a unique stochastic high frequency characteristic of imaging sensors and the detection of a forged frame in a video is determined by comparing the correlation between the noise within the frame itself and the reference pattern noise with an empirical threshold. The reference pattern is created for the identification of the camera and the authentication of the video too. Such a pattern is defined as self building because it is created from the video sequence during the time develop, with a technique applied frame per frame, by averaging the noise extracted from each frame. The method has been inherited from an existing system created by Fridrich et al.1 for still images. By using this method we are able to identify if all the scenes of a video sequence have been taken with the same camera and if the number and/or the content of the frames of the video have been modified. A large section of the paper is dedicated to the experimental results, where we demonstrate that it is possible to perform a reliable identification even from video that has undergone MPEG compression or frame interpolation.

Digital images can be captured or generated by a variety of sources including digital cameras and scanners. In many cases it is important to be able to determine the source of a digital image. Methods exist to authenticate images generated by digital cameras or scanners, however they rely on prior knowledge of the image source (camera or scanner). This paper presents methods for determining the class of the image source (camera or scanner). The method is based on using the differences in pattern noise correlations that exist between digital cameras and scanners. To improve the classification accuracy a feature vector based approach using an SVM classifier is used to classify the pattern noise.

A substantial portion of the text available online is of a kind that tends to contain many typos and ungrammatical abbreviations, e.g., emails, blogs, forums. It is therefore not surprising that, in such texts, one can carry out information-hiding by the judicious injection of typos (broadly construed to include abbreviations and acronyms). What is surprising is that, as this paper demonstrates, this form of embedding can be made quite resilient. The resilience is achieved through the use of computationally asymmetric transformations (CAT for short): Transformations that can be carried out inexpensively, yet reversing them requires much more extensive semantic analyses (easy for humans to carry out, but hard to automate). An example of CAT is transformations that consist of introducing typos that are ambiguous in that they have many possible corrections, making them harder to automatically restore to their original form: When considering alternative typos, we prefer ones that are also close to other vocabulary words. Such encodings do not materially degrade the text's meaning because, compared to machines, humans are very good at disambiguation. We use typo confusion matrices and word level ambiguity to carry out this kind of encoding. Unlike robust synonym substitution that also cleverly used ambiguity, the task here is harder because typos are very conspicuous and an obvious target for the adversary (synonyms are stealthy, typos are not). Our resilience does not depend on preventing the adversary from correcting without damage: It only depends on a multiplicity of alternative corrections. In fact, even an adversary who has boldly "corrected" all the typos by randomly choosing from the ambiguous alternatives has, on average, destroyed around w/4 of our w-bit mark (and incurred a high cost in terms of the damage done to the meaning of the text).

In this paper, we will attempt to give a comprehensive bibliographic account of the work in linguistic steganography published up to date. As the field is still in its infancy there is no widely accepted publication venue. Relevant work on the subject is scattered throughout the literature on information security, information hiding, imaging and watermarking, cryptology, and natural language processing. Bibliographic references within the field are very sparse. This makes literature research on linguistic steganography a tedious task and a comprehensive bibliography a valuable aid to the researcher.

This paper explores the morphosyntactic tools for text watermarking and develops a syntax-based natural language watermarking scheme. Turkish, an agglutinative language, provides a good ground for the syntax-based natural language watermarking with its relatively free word order possibilities and rich repertoire of morphosyntactic structures. The unmarked text is first transformed into a syntactic tree diagram in which the syntactic hierarchies and the functional dependencies are coded. The watermarking software then operates on the sentences in syntax tree format and executes binary changes under control of Wordnet to avoid semantic drops. The key-controlled randomization of morphosyntactic tool order and the insertion of void watermark provide a certain level of security. The embedding capacity is calculated statistically, and the imperceptibility is measured using edit hit counts.

Many plain text information hiding techniques demand deep semantic processing, and so suffer in reliability. In contrast, syntactic processing is a more mature and reliable technology. Assuming a perfect parser, this paper evaluates a set of automated and reversible syntactic transforms that can hide information in plain text without changing the meaning or style of a document. A large representative collection of newspaper text is fed through a prototype system. In contrast to previous work, the output is subjected to human testing to verify that the text has not been significantly compromised by the information hiding procedure, yielding a success rate of 96% and bandwidth of 0.3 bits per sentence.

We present three natural language marking strategies based on fast and reliable shallow parsing techniques, and on widely available lexical resources: lexical substitution, adjective conjunction swaps, and relativiser switching. We test these techniques on a random sample of the British National Corpus. Individual candidate marks are checked for goodness of structural and semantic fit, using both lexical resources, and the web as a corpus. A representative sample of marks is given to 25 human judges to evaluate for acceptability and preservation of meaning. This establishes a correlation between corpus based felicity measures and perceived quality, and makes qualified predictions. Grammatical acceptability correlates with our automatic measure strongly (Pearson's r = 0.795, p = 0.001), allowing us to account for about two thirds of variability in human judgements. A moderate but statistically insignificant (Pearson's r = 0.422, p = 0.356) correlation is found with judgements of meaning preservation, indicating that the contextual window of five content words used for our automatic measure may need to be extended.

The most emerging technology for people identification and authentication is biometrics. In contrast with traditional recognition approaches, biometric authentication relies on who a person is or what a person does, being based on strictly personal traits, much more difficult to be forgotten, lost, stolen, copied or forged than traditional data. In this paper, we focus on two vulnerable points of biometric systems: the database where the templates are stored and the communication channel between the stored templates and the matcher. Specifically, we propose a method, based on user adaptive error correction codes, to achieve securitization and cancelability of the stored templates applied to dynamic signature features. More in detail, the employed error correction code is tailored to the intra-class variability of each user's signature features. This leads to an enhancement of the system performance expressed in terms of false acceptance rate. Moreover, in order to avoid corruption or interception of the stored templates in the transmission channels, we propose a scheme based on threshold cryptography: the distribution of the certificate authority functionality among a number of nodes provides distributed, fault-tolerant, and hierarchical key management services. Experimental results show the effectiveness of our approach, when compared to traditional non-secure correlation-based classifiers.

Three main topics of recent research on multimodal biometric systems are addressed in this article: The lack of sufficiently large multimodal test data sets, the influence of cultural aspects and data protection issues of multimodal biometric data. In this contribution, different possibilities are presented to extend multimodal databases by generating so-called virtual users, which are created by combining single biometric modality data of different users. Comparative tests on databases containing real and virtual users based on a multimodal system using handwriting and speech are presented, to study to which degree the use of virtual multimodal databases allows conclusions with respect to recognition accuracy in comparison to real multimodal data. All tests have been carried out on databases created from donations from three different nationality groups. This allows to review the experimental results both in general and in context of cultural origin. The results show that in most cases the usage of virtual persons leads to lower accuracy than the usage of real users in terms of the measurement applied: the Equal Error Rate. Finally, this article will address the general question how the concept of virtual users may influence the data protection requirements for multimodal evaluation databases in the future.

The evaluation of digital watermarks has grown into an important research area. The usage of profiles for application oriented evaluation provides an efficient and aimed strategy to evaluate and compare watermarking schemes according to a predefined watermark parameter setting. Based on first evaluations in [5, 16], in this paper, we present a new application profile (called Biometrics) and exemplary test results for audio watermarking evaluations. Therefore, we combine digital watermark evaluation and a biometric authentication system. This application scenario is as follows: Audio watermarking schemes are used to embed metadata into the speech reference data of the biometric speaker recognition system. Metadata in our context may consist of feature template representations complementary to the speech modality, such as iris codes or biometric hashes, ancillary information about the social, cultural or biological context of the owner of the biometric data or technical details of the sensor. As during watermark embedding the cover signal is changed, the test results show how different watermarking schemes affect the biometric error rates and speech performance of the biometric system depending on the embedding capacity and embedding transparency. Therefore, the biometric error rates are measured for each watermarking scheme, the effect of embedding is shown, and its influence is analyzed. The transparency of an embedding function is manly measured with subjective or objective tests. In this paper, we introduce a new objective test called Biometric Difference Grade (BDG) to evaluate the quality for biometric speech signal modifications on the example of four audio watermarking algorithms.

In addition to the inherent qualities that biometrics posses, powerful signal processing tools enabled widespread deployment of the biometric-based identification/verification systems. However, due to the nature of biometric data, well-established cryptographic tools (such as hashing, encryption, etc.) are not sufficient for solving one of the most important problems related to biometric systems, namely, template security. In this paper, we examine and show how to apply a recently proposed secure sketch scheme in order to protect the biometric templates. We consider face biometrics and study how the performance of the authentication scheme would be affected after the application of the secure sketch. We further study the trade-off between the performance of the scheme and the bound of the entropy loss from the secure sketch.

In this paper we analyze performance limits of multimodal biometric identification systems. We consider impact of the inter-modal dependencies on the attainable probabilities of error and demonstrate that an expected performance gain from fusion of dependent modalities is significantly higher than in the case when one fuses independent signals. Finally, in order to demonstrate the efficiency of dependent modality fusion, we perform the problem analysis in the Gaussian formulation and show the performance enhancement versus the independent case.

In the framework of the activities carried out by the European Network of Excellence for Cryptology ECRYPT, a 4-year network of excellence funded within the Information Societies Technology (IST) Programme of the European Commission's Sixth Framework Programme (FP6), it was proposed to launch the BOWS Contest. BOWS, acronym of Break Our Watermarking System, was designed to allow to investigate how and when an image watermarking system can be broken though preserving the highest possible quality of the modified content, in case that the watermarking system is subjected to a world-wide attack. BOWS contest was not intended as an attempt to prove how well-performing a watermarking system is, but it was expected by means of this test to better understand which are the disparate possible attacks, perhaps unknown at the moment of the start of the contest, the BOWS participants could carry out to perform their action and comprehend in this way the degree of difficulty of breaking the embedded watermark. This paper describes how the Contest has been designed and analyzes the general progress of the attacks during the Contest.

The Good is Blondie, a wandering gunman with a strong personal sense of honor. The Bad is Angel Eyes, a sadistic hitman who always hits his mark. The Ugly is Tuco, a Mexican bandit who's always only looking out for himself. Against the backdrop of the BOWS contest, they search for a watermark in gold buried in three images. Each knows only a portion of the gold's exact location, so for the moment they're dependent on each other. However, none are particularly inclined to share...

In this paper, we describe some attack strategies we have applied to three different grayscale watermarked images in the particular context of BOWS (Break Our Watermarking System) Contest¹; we also propose a possible use of BOWS as a teaching tool for master students.

A novel sensitivity analysis attack is introduced in the context of the BOWS (Break Our Watermarking System) contest.¹ The method follows the boundary of the detection region, rather than directly estimating the normal to the boundary, so it is applicable even if the boundary is not well approximated by a hyperplane. To improve efficiency, we employ search directions scaled using a model of perceptual masking.

We present our results in the first BOWS challenge (Break Our Watermarking System). There were three given digital photos containing an invisible watermark that was introduced using informed coding and embedding. The goal was to remove the watermark from the photos while keeping a minimum quality of at least 30 dB PSNR (peak signal to noise ratio). We focus on the method used to win the second phase of the contest with about 58 dB PSNR (18 dB ahead of the best fellow contributions). This method will be viewed from three different perspectives: Phase one and two of the contest as well as with complete knowledge about the implementation and the secret key.

From December 15, 2005 to June 15, 2006 the watermarking community was challenged to remove the watermark from 3 different 512×512 watermarked images while maximizing the Peak Signal to Noise Ratio (PSNR) measured by comparing the watermarked signals with their attacked counterparts. This challenge, which bore the inviting name of Break Our Watermarking System (BOWS),¹ and was part of the activities of the European Network of Excellence ECRYPT, had as its main objective to enlarge the current knowledge on attacks to watermarking systems; in this sense, BOWS was not aimed at checking the vulnerability of the specific chosen watermarking scheme against attacks, but to inquire in the different strategies the attackers would follow to achieve their target. In this paper the main results obtained by the authors when attacking the BOWS system are introduced. Mainly, the strategies followed can be divided into two different approaches: blind sensitivity attacks and exhaustive search of the secret key.

From December 2005 to March of 2006, the Break Our Watermarking System (BOWS) contest challenged researchers to break an image watermark of unknown design. The attacked images had to possess a minimum quality level of 30 dB PSNR, and the winners would be those of highest average quality over three images. Our research team won this challenge, employing the strategy of reverse-engineering the watermark before any attempts to attack it in earnest. We determined the frequency transform, sub-band, and an exploitable quirk in the detector that made it sensitive to noise spikes. Of interest is our overall methodology of reverse-engineering through severe false alarms, and we introduce a new concept, "superrobustness," which despite its positive name is a security flaw.

We have investigated adaptive mechanisms for high-volume transform-domain data hiding in MPEG-2 video which can be tuned to sustain varying levels of compression attacks. The data is hidden in the uncompressed domain by scalar quantization index modulation (QIM) on a selected set of low-frequency discrete cosine transform (DCT) coefficients. We propose an adaptive hiding scheme where the embedding rate is varied according to the type of frame and the reference quantization parameter (decided according to MPEG-2 rate control scheme) for that frame. For a 1.5 Mbps video and a frame-rate of 25 frames/sec, we are able to embed almost 7500 bits/sec. Also, the adaptive scheme hides 20% more data and incurs significantly less frame errors (frames for which the embedded data is not fully recovered) than the non-adaptive scheme. Our embedding scheme incurs insertions and deletions at the decoder which may cause de-synchronization and decoding failure. This problem is solved by the use of powerful turbo-like codes and erasures at the encoder. The channel capacity estimate gives an idea of the minimum code redundancy factor required for reliable decoding of hidden data transmitted through the channel. To that end, we have modeled the MPEG-2 video channel using the transition probability matrices given by the data hiding procedure, using which we compute the (hiding scheme dependent) channel capacity.

Most video watermarking algorithms embed the watermark in I-frames, which are essential for the video signal, but refrain from embedding anything in P- and B-frames that are highly compressed by motion compensation. Furthermore, these algorithms do not take advantage of temporal masking in subjective perception of the video. In this paper, we explore the capacity of P-frames and the temporal masking effect in the video signal. The challenge in embedding watermark bits in P-frames is that the video bit rate can increase significantly. Thus, we choose to embed watermark bits only in nonzero AC residuals in P-frames. Changing zero-valued coefficients to nonzero values can significantly increase the video bit rate because H.264 (and earlier coders as well) uses run length codes. We show that avoiding zero-valued coefficients significantly reduces the percentage increase in the compressed video bit rate and makes watermark embedding in P-frames practical. Since the nonzero residuals in P-frames correspond to non-flat areas that are in motion, temporal and texture masking will be exploited at the same time. This is confirmed by showing the resemblance of the plots of the number of nonzero residuals in each frame to motion intensity plots.

Most of the MPEG watermarking schemes can only be embedded into I-frames. The other frames will not be marked. Different attacks like frame rate changing can change the frame type of the marked I-frames. Thus the watermark could be detected from wrong I-frames. Due to these attacks an important issue of digital watermarking solutions for MPEG video is the temporal synchronization of the video material to the proportions before the attacks to detect the watermark successfully. The synchronization information can be embed as part of the information watermark or as a second watermark. The weakness point is with the destruction of the synchronization information the watermark can not be detected more. We provide a solution which analyzes the I-frames based on a robust image hash system. The hash solution was developed for JPEG images and can also be used for MPEG I-frames because of their similar structure. The hash values are robust against common manipulations, like compression, and can be used to detect the marked frames also after manipulations at the video material. We analyze the usability of the image hash system and develop a concept based on video and MPEG properties.

Photo-response non-uniformity (PRNU) of digital sensors was recently proposed [1] as a unique identification fingerprint for digital cameras. The PRNU extracted from a specific image can be used to link it to the digital camera that took the image. Because digital camcorders use the same imaging sensors, in this paper, we extend this technique for identification of digital camcorders from video clips. We also investigate the problem of determining whether two video clips came from the same camcorder and the problem of whether two differently transcoded versions of one movie came from the same camcorder. The identification technique is a joint estimation and detection procedure consisting of two steps: (1) estimation of PRNUs from video clips using the Maximum Likelihood Estimator and (2) detecting the presence of PRNU using normalized cross-correlation. We anticipate this technology to be an essential tool for fighting piracy of motion pictures. Experimental results demonstrate the reliability and generality of our approach.

In this paper, we focus on blind source cell-phone identification problem. It is known various artifacts in the image processing pipeline, such as pixel defects or unevenness of the responses in the CCD sensor, black current noise, proprietary interpolation algorithms involved in color filter array [CFA] leave telltale footprints. These artifacts, although often imperceptible, are statistically stable and can be considered as a signature of the camera type or even of the individual device. For this purpose, we explore a set of forensic features, such as binary similarity measures, image quality measures and higher order wavelet statistics in conjunction SVM classifier to identify the originating cell-phone type. We provide identification results among 9 different brand cell-phone cameras. In addition to our initial results, we applied a set of geometrical operations to original images in order to investigate how much our proposed method is robust under these manipulations.

Within this article, we investigate possibilities for identifying the origin of images acquired with flatbed scanners. A current method for the identification of digital cameras takes advantage of image sensor noise, strictly speaking, the spatial noise. Since flatbed scanners and digital cameras use similar technologies, the utilization of image sensor noise for identifying the origin of scanned images seems to be possible. As characterization of flatbed scanner noise, we considered array reference patterns and sensor line reference patterns. However, there are particularities of flatbed scanners which we expect to influence the identification. This was confirmed by extensive tests: Identification was possible to a certain degree, but less reliable than digital camera identification. In additional tests, we simulated the influence of flatfielding and down scaling as examples for such particularities of flatbed scanners on digital camera identification. One can conclude from the results achieved so far that identifying flatbed scanners is possible. However, since the analyzed methods are not able to determine the image origin in all cases, further investigations are necessary.

With growing popularity of digital imaging devices and low-cost image editing software, the integrity of image content can no longer be taken for granted. This paper introduces a methodology for forensic analysis of digital camera images, based on the observation that many in-camera and post-camera processing operations leave distinct traces on digital images. We present methods to identify these intrinsic fingerprint traces of the various processing operations and employ them to verify the authenticity of digital data. We develop an explicit imaging model to characterize the properties that should be satisfied by a direct camera output, and model any further processing applied to the camera captured image by a manipulation filter. Utilizing the manipulation filter coefficients and reference patterns estimated from direct camera outputs using blind deconvolution techniques, the proposed methods are capable of detecting manipulations made by previously unseen operations and steganographic embedding.

Digital images can be captured or generated by a variety of sources including digital cameras and scanners. In many cases it is important to be able to determine the source of a digital image. This paper presents methods for authenticating images that have been acquired using flatbed desktop scanners. The method is based on using the pattern noise of the imaging sensor as a fingerprint for the scanner, similar to methods that have been reported for identifying digital cameras. To identify the source scanner of an image a reference pattern is estimated for each scanner and is treated as a unique fingerprint of the scanner. An anisotropic local polynomial estimator is used for obtaining the reference patterns. To further improve the classification accuracy a feature vector based approach using an SVM classifier is used to classify the pattern noise. This feature vector based approach is shown to achieve a high classification accuracy.

In this paper, a novel statistical model based on Benford's law for the probability distributions of the first digits of the block-DCT and quantized JPEG coefficients is presented. A parametric logarithmic law, i.e., the generalized Benford's law, is formulated. Furthermore, some potential applications of this model in image forensics are discussed in this paper, which include the detection of JPEG compression for images in bitmap format, the estimation of JPEG compression Qfactor for JPEG compressed bitmap image, and the detection of double compressed JPEG image. The results of our extensive experiments demonstrate the effectiveness of the proposed statistical model.

This paper investigates the distortion-free robust watermarking by multiple marking. Robust watermarking is first performed. Then, by reversible watermarking, the information needed to invert both the robust and the reversible watermarking is embedded. In case of no attacks, the robust watermark is detected and the authorized party exactly recovers the original. In case of attacks, one can suppose that the robust watermark can still be detected, but the reversibility is lost. The approach relies on the embedded capacity of the reversible watermarking. The overall scheme inherits the robustness of the ?rst marking stage. The selection of the robust and of the reversible watermarking schemes is discussed. In order to improve the robustness of the first marking stage against the second one a joint marking procedure is proposed. A case study of reversible watermarking providing very good robustness against JPEG compression is presented.

This contribution motivates and proposes the new idea of embedding and hiding a highlighting of particular regions within a raster image. Existing approaches tightly combine content and means for highlighting, and thus, do not allow access control to the emphasized contents or a removal of the accentuation. This is overcome by the introduced approach taking advantage of the Depth of Field effect of the Human Visual System for highlighting and features of the JPEG2000 image coding standard for its fast implementation. The proposed method can be applied to already encoded or plain imagery. The achieved results show that hidden context highlighting is rather appropriate for emphasizing pre-defined image regions and able to control the access to the respective contents.

In this paper a novel, fast, and robust data hiding technique based on key-dependent basis functions is presented. The particular domain chosen for the embedding is built on the Tree-Structured Haar basis. A weight function, based on Human Visual System features, is used as a mask for selecting the coefficients to be marked. Experimental results show the effectiveness of the proposed method.

We propose a method for watermarking texts of arbitrary length using natural-language semantic structures. For the key of our approach we use the linguistic semantic phenomenon of presuppositions. Presupposition is the implicit information considered as well-known or which readers of the text are supposed to treat as well-known; this information is a semantic component of certain linguistic expressions (lexical items and syntactical constructions called presupposition triggers). The same sentence can be used with or without presupposition, or with a different presupposition trigger, provided that all the relations between subjects, objects and other discourse referents are preserved - such transformations will not change the meaning of the sentence. We define the distinct rules for presupposition identification for each trigger and regular transformation rules for using/non-using the presupposition in a given sentence (one bit per sentence in this case). Isolated sentences can carry the proposed watermarks. However, the longer is the text, the more efficient is the watermark. The proposed approach is resilient to main types of random transformations, like passivization, topicalization, extraposition, preposing, etc. The web of resolved presupposed information in the text will hold the watermark of the text (e.g. integrity watermark, or prove of ownership), introducing "secret ordering" into the text structure to make it resilient to "data loss" attacks and "data altering" attacks.

In this paper we evaluate a lightweight encryption scheme for JPEG2000 which relies on a secret transform domain constructed with anisotropic wavelet packets. The pseudo-random selection of the bases used for transformation takes compression performance into account, and discards a number of possible bases which lead to poor compression performance. Our main focus in this paper is to answer the important question of how many bases remain to construct the keyspace. In order to determine the trade-off between compression performance and keyspace size, we compare the approach to a method that selects bases from the whole set of anisotropic wavelet packet bases following a pseudo-random uniform distribution. The compression performance of both approaches is compared to get an estimate of the range of compression quality in the set of all bases. We then analytically investigate the number of bases that are discarded for the sake of retaining compression performance in the compression-oriented approach as compared to selection by uniform distribution. Finally, the question of keyspace quality is addressed, i.e. how much similarity between the basis used for analysis and the basis used for synthesis is tolerable from a security point of view and how this affects the lightweight encryption scheme.

In this paper, we deal with the problem of authentication and tamper-proofing of text documents that can be distributed in electronic or printed forms. We advocate the combination of robust text hashing and text data-hiding technologies as an efficient solution to this problem. First, we consider the problem of text data-hiding in the scope of the Gel'fand-Pinsker data-hiding framework. For illustration, two modern text data-hiding methods, namely color index modulation (CIM) and location index modulation (LIM), are explained. Second, we study two approaches to robust text hashing that are well suited for the considered problem. In particular, both approaches are compatible with CIM and LIM. The first approach makes use of optical character recognition (OCR) and a classical cryptographic message authentication code (MAC). The second approach is new and can be used in some scenarios where OCR does not produce consistent results. The experimental work compares both approaches and shows their robustness against typical intentional/unintentional document distortions including electronic format conversion, printing, scanning, photocopying, and faxing.

In today's digital world securing different forms of content is very important in terms of protecting copyright and verifying authenticity. One example is watermarking of digital audio and images. We believe that a marking scheme analogous to digital watermarking but for documents is very important. In this paper we describe the use of laser amplitude modulation in electrophotographic printers to embed information in a text document. In particular we describe an embedding and detection process which allows the embedding of between 2 and 8 bits in a single line of text. For a typical 12 point document this translates to between 100 and 400 bits per page. We also perform an operational analysis to compare two decoding methods using different embedding densities.

A blind watermarking system for geographic vector-data is proposed which is robust against the following attacks: polyline simplifications, cropping and shifting of data-points as well as small perturbations caused by random noise. The watermark information is embedded by changing the x/y-coordinates of the data-points within the tolerance range of the data. For that purpose the map is divided into horizontal and vertical stripes whose widths depend on a secret key. Each strip possesses a 0-line and a 1-line. Depending on the watermark information all points within a stripe are shifted on either one of the two lines. As a consequence of the variable strip-size structure no extra bits for synchronization are necessary. The application of the proposed scheme is not restricted to the case of vector geo-data, other kinds of vector-graphics data can be treated in the same way.

In this work we report on the first H.264 authentication watermarker that operates directly in the bitstream, needing no video decoding or partial decompression. The main contribution of the work is identification of a watermarkable code space in H.264 protocol. The algorithm creates "exceptions" in H.264 code space that only the decoder understands while keeping the bitstream syntax compliant The code space is defined over the Context Adaptive Variable Length Coded(CAVLC) portion of protocol. What makes this algorithm possible is the discovery that most of H.264 code space is in fact unused. The watermarker securely maps eligible CAVLC to unused portions of the code space. Security is achieved through a shared key between embedder and decoder. The watermarked stream retains its file size, remains visually transparent, is secure against forging and detection. Since the watermark is placed post compression it remains fragile to re encoding and other tampering attempts.