A publicly verifiable copyright-proving scheme resistant to malicious attacks

IEEE TRANSACTIONS ON INDUSTRIAL ELECTRONICS, VOL. 52, NO. 1, FEBRUARY 2005 327

A Publicly Verifiable Copyright-Proving SchemeResistant to Malicious Attacks

Tzung-Her Chen, Gwoboa Horng, Member, IEEE, and Wei-Bin Lee, Member, IEEE

Abstract—A wavelet-based copyright-proving scheme that doesnot require the original image for logo verification is proposed inthis paper. The scheme is strong enough to resist malicious ma-nipulations of an image including blurring, JPEG compression,noising, sharpening, scaling, rotation, cropping, scaling-cropping,and print–photocopy–scan attacks. The proposed scheme is also re-sistant to StirMark and unZign attacks and it is not only a robustmethod but also a lossless one. Experiments are conducted to showthe robustness of this method. Moreover, cryptographic tools, suchas digital signature and timestamp, are introduced to make copy-right proving publicly verifiable.

Index Terms—Copyright protection, digital signature, digitaltimestamp, digital watermarking, discrete wavelet transform.

I. INTRODUCTION

THERE is no doubt that the progress of networking tech-nology has enabled much faster and easier distribution of

digital documents. Moreover, duplicating digital documents hasbecome as simple as clicking a button. Accordingly, the issueof copyright protection has become more imperative than ever.Furthermore, the current problems with copyright protection ob-struct the rapid evolution of computer and communication net-works [1]. Hence, the enhancement and further development ofdigital copyright protection is central to the development of fu-ture communication networks.

The current cryptographic techniques, such as encryption,digital signature, and digital timestamp, [2] while suitable fortext documents, are not suitable for protecting multimedia datasuch as images, audio, and video directly. Firstly, the file sizeis much greater than that of text. Hence, more time is neededto encrypt/sign them. Secondly, no distortion is allowed in en-crypted/signed text. However, this requirement is not alwaysnecessary for the multimedia data.

Recently, digital watermarking techniques have receivedconsiderable attention, since they have high commercial poten-tial for copyright protection and authentication for multimediadata. A digital watermarking technique embeds a watermark,including a signature or a copyright message, such as a tradelogo, a seal, or a sequence number, into an image. Subsequently,the watermark can be extracted/detected from the watermarkedimage and be adopted to verify the ownership.

Manuscript received August 22, 2002; revised December 26, 2003. Abstractpublished on the Internet November 10, 2004.

T.-H. Chen and G. Horng are with the Institute of Computer Science,National Chung Hsing University, Taichung 402, Taiwan, R.O.C. (e-mail:[email protected]; [email protected]).

W.-B. Lee is with the Department of Information Engineering, Feng ChiaUniversity, Taichung 407, Taiwan, R.O.C. (e-mail: [email protected]).

Digital Object Identifier 10.1109/TIE.2004.841083

With copyright protection in mind, a watermarking schememust satisfy six essential properties. First, a watermark must havetransparency. That is to say, the embedded watermark must beperceptually invisible. In other words, the embedding processshould not distort the image from the human visual aspect. Thesecond is robustness. The embedded watermark must be strongenough to resist against attacks intending to remove the water-mark. These attacks include: image processing (blurring, JPEGcompression, noising, and sharpening) and geometric distortions(scaling, rotation, cropping, and print–photocopy–scan). Thethird property is unambiguity. A watermarking technique mustidentify the owner of an image without ambiguity. The fourthproperty is security. According to Kerckhoff’s principle, thesecurity of a cryptosystem should not depend on keeping thecryptographic algorithm secret [2]. Security depends only onkeeping the key secret. For the same reason, the security of thewatermark should not depend upon the assumption that the piratedoes not know the watermarking algorithm. The watermarkingalgorithm must be public while the embedded watermark isundeletable. The fifth property is blindness. In the watermarkverification phase, it is not necessary to use the original imagein identifying the embedded watermark. That is, the copyrightowners need no extra disk space to preserve the original image.The sixth and final essential property it must be able to have ismultiple watermarking. In a multiple watermarking scheme,more recent watermarks (for legal distributors and users) mustnot interfere with the original watermarks.

Copyright protection is limited today because almost all pro-posed watermarking technology cannot simultaneously meet allof these properties. One of the most cited watermarking schemesis proposed by Cox et al. in [3]. The authors embed the water-mark sequence into the highest magnitude discrete cosine trans-form coefficients. Since the watermark is cast into the most per-ceptually significant regions of the original image, it is toughenough to resist common signal processing and geometric dis-tortions. In [4] and [5], the authors propose the discrete co-sine/wavelet transform schemes to embed watermarks by mod-ifying the middle-frequency coefficients. Unfortunately, theirschemes are sensitive to simple geometric distortions. In [6],cocktail watermarking is proposed by Lu and Liao. They si-multaneously insert two complementary watermarks into theoriginal image incorporating a modulation strategy. One em-bedded watermark is based on a positive modulation rule, usedto increasingly modulate the selected wavelet coefficients of theoriginal image and the other a negative modulation rule, used todecreasingly modulate the selected wavelet coefficients of theoriginal image. Thus, no matter what kind of attack is encoun-tered, at least one watermark will survive. Although many at-

0278-0046/$20.00 © 2005 IEEE

328 IEEE TRANSACTIONS ON INDUSTRIAL ELECTRONICS, VOL. 52, NO. 1, FEBRUARY 2005

tacks, including StirMark [7], are conducted to prove robust-ness, several geometric distortions, such as small-angel rota-tion, cropping, and print–photocopy–scan, are not addressed.The common weakness in [3]–[6] is requiring the original imageto detect/extract the watermark. This is another reason theirschemes are not suitable for multiple watermarking.

Tsai et al. proposes a blind wavelet-based watermarkingscheme [8]. After permuting the visually recognizable water-mark by torus automorphisms, the transformedwatermark is thenembedded into the coefficients selected within the wavelet-trans-formed components. Their scheme does not require the originalimage to extract the embedded watermark. However, this schemeis weak against geometric distortion attacks. Moreover, thescheme is not suitable for multiple watermarking.

In [9], a blind watermarking scheme based on discrete wavelettransformation (DWT) and the human visual system modelis proposed. The scheme embeds the watermark, a binarypseudo-random sequence, into the three highest frequencycomponents. While this scheme is shown to be resistant againstcompression, cropping, and morphing in their experiments, it hasa major weakness. An attacker can easily remove the embeddedwatermark by discarding the highest frequency components inthe DWT domain without distorting the watermarked imageseriously.

In the current literature, the proposed watermarking tech-niques tend to focus on improving robustness. However,Katzenbeisser argues, “watermarking alone is not sufficient toresolve rightful ownership of digital data; a protocol relyingon the existing public-key infrastructure, which is also usedfor digital signatures, is necessary.” [10]. In the following, wediscuss the challenges of copyright protection issues in depth.

1) Benchmark attacks: It is well known that StirMark andunZ‘ign are two powerful benchmarks to evaluate the ro-bustness of watermarking schemes [7], [11]. In general, acopyright-protection scheme is easy to break if it cannotresist StirMark and unZign attacks.

2) Malicious attacks: For copyright protection purposes, ro-bustness is a necessary but not completely sufficient prop-erty to guarantee security [12]. A watermarking schemeshould also be able to resist counterfeit [13], [14], andcopy attacks [14].

a) Counterfeit attacks: An attacker can confuse the own-ership by simply embedding another watermark into analready watermarked image. Hence, there are two differentwatermarks in the watermarked image. This problem ofmultiple claims of ownership is also called the deadlockproblem, invertibility attack, IBM attack, etc. [12].

b) Copy attacks: The copy attack copies a watermarkfrom a watermarked image to another image withoutknowing the secret parameters [14].

3) Blind pattern matching (BPM) attacks: The BPM attackis a new breed of attack against generic watermarkingtechniques [15]. BPM attacks make watermark detec-tion/extraction nearly impossible. The attack consists ofthree stages:

a) dividing the watermarked image into overlappinglow-granularity blocks;

b) identifying and classifying subsets of perceptuallysimilar blocks;

c) pseudo-randomly permuting their locations in theimage.

Hence, the large percentage of the watermarked imagewill be disturbed or replaced such that the watermark de-tection/extraction will fail.

Almost all of the proposed watermarking schemes do not ad-dress the malicious attacks mentioned above. BPM attacks areespecially lethal for the current schemes.

Recently, Chang et al. [13], [16] proposed a novel schemeto protect image copyright. The authors introduced a timestamptechnique to rout counterfeit attacks. The main advantages oftheir methods are: 1) the protected image is the same as theoriginal, i.e., the copyright-protection scheme is lossless; 2) theoriginal image is not required to extract the logo; 3) a mul-tiple watermarking technique is possible; and 4) counterfeit andcopy attacks will not succeed. Unfortunately, simple geometricdistortions, such as rotation and print–photocopy–scan, are stillproblematic. Lee and Chen also have proposed a publicly ver-ifiable copy protection scheme based on digital signature andtimestamp [17]. It is worthwhile to note that their scheme canmeet all of the aforementioned properties for copyright protec-tion (with the exception of BPM attacks). Unfortunately, theirscheme is only suitable for gray-level logos not binary ones.

In this paper, we propose a novel wavelet-based copy-right-proving scheme (different from conventional water-marking techniques), which meets all of the above requirementsof copyright protection and does not alter the original image.In contrast to current watermarking approaches, the proposedmethod is resistant to image processing and geometric distor-tion attacks simultaneously. To demonstrate the feasibility ofthe scheme, several attacks, including StirMark and unZignattacks, are conducted in our experiments.

The only accepted way to protect intellectual property andoffer indisputable proof of ownership is through product regis-tration to a trusted authority [18]. This kind of watermark canbe used for automatic monitoring and discovery of illegally dis-tributed objects through two cryptographic tools—digital sig-nature and timestamp. These tools are included in our schemeto avoid the counterfeit/copy attacks and to make public veri-fication possible. Even though the BPM attack is powerful andeffective against all proposed watermarking schemes in the lit-erature, our copyright-protection scheme is still resistant againstthis kind of attack.

This paper is organized as follows. In Section 2, we brieflyintroduce DWT and the concept of digital signature and time-stamp. In Section 3, we propose a highly robust method to pro-tect the copyright of digital images. Experimental results anddiscussions are given in Section 4. Conclusions are provided inSection 5.

II. DISCRETE WAVELET TRANSFORMATION, DIGITAL

SIGNATURE, AND TIMESTAMP

Wavelet is a mathematical tool for decomposing functions[19], [20]. In the DWT, an image is first decomposed into foursubbands, , and (each has size of the

CHEN et al.: PUBLICLY VERIFIABLE COPYRIGHT-PROVING SCHEME RESISTANT TO MALICIOUS ATTACKS 329

Fig. 1. The original image is divided into seven subbands through two-scale level wavelet transformation.

original image, see Fig. 1). The subbands labeled as ,and contain high frequency detail information. The sub-band is the low-frequency component, which contains mostof the energy in the image. The wavelet transformation can beapplied again by further decomposing the subband into thesubbands , and . If the process is repeatedtimes, called -level wavelet transformation, we can obtain thesubband .

Generally speaking, a digital signature operation signs amessage using a private key of a public key cryptosystem.Subsequently, anyone can verify the origin and integrity of themessage using the corresponding public key. Nevertheless, howto ascertain who really owns the public key is very importantissue. A well-accepted solution is to rely on a trusted party,called a certification authority, to issue a certificate to a user. Thecertificate binds a user’s identify and his public key. Based onthe certificate, anyone can ascertain that a public key belongs toa particular person.

Alternatively, a digital timestamp operation is used to ascertainwhenaparticularevent tookplace.Forexample,whendigitaldatawascreated,adigitalmessagewassentorreceived,adigitalsigna-ture was generated or a signature key was revoked. Since the dateandtimeonacomputercanbeeasilymanipulated,atimestampingauthority(TSA)hasbeenstandardizedbytheInternetEngineeringTask Force. “A typical approach to secure digital signaturesasev-idence relies on the existence of an on-line trusted time stampingauthority,” writes Zhou and Lam. “Each newly generated digitalsignature has to be time-stamped by a TSA so that the trusted timeof signature generation can be identified.” [21].

Digital signature and timestamp may be very useful for as-certaining certain information but alone they are limited in theirability to protect digital copyright. Digital images can be easilyduplicated with little perceivable loss. An attacker could utilizethese characteristics to modify original images and claim own-ership of the images. These reasonable distortions, while unper-ceivable to the human eye, would still fail to pass the securityverification mechanisms: digital signature and timestamp. Theyare sensitive to the bit stream rather than the content.

III. PROPOSED SCHEME

The human eye is more sensitive to low-frequency compo-nents than the high-frequency components. However, it is gen-erally the low-frequency components that survive with little lossunder significant attack. Also, the subband of the originalimage is very similar to the new subband of the altered image.Based on these observations, our proposed scheme is losslessyet robust in its copyright-proving ability.

A. Certificate Generation Algorithm

Assume that the original image is a gray-level image with8 b/pixel, and the digital logo is a binary image. The originalimage and the logo image are defined as follows.

(1)

where and is the width and height of , respectively.

(2)

where and are the width and height of , respectively.Step 1) Wavelet transforming of the original image: The

original image is decomposed by performing -levelwavelet transform to obtain the subband . Thesize of subband is by . If the size of

is smaller than , a new must be constructedby tiling the repeatedly until the new size of the

is the same as .For simplicity, assume that is the same size as thelogo . Without losing the generality, let and

be power of 2. Thus, we have

(3)

(4)

Here, is defined as

(5)

Step 2) Permuting the logo: To guard against geometricdistortions, the logo is permutated based on atwo-dimension pseudorandom permutation [4], [5]generated by seed . The permuted logo is de-fined as follows:

(6)

where denotes the permutation functionusing seed .

Step 3) Constructing the polarity table: The averagevalue of all pixels in is calculated. Thenpolarity table is constructed as follows:

(7)

330 IEEE TRANSACTIONS ON INDUSTRIAL ELECTRONICS, VOL. 52, NO. 1, FEBRUARY 2005

where

Step 4) Generating the verification key: After obtainingthe polarity table , the verification key , usedto retrieve the logo, can be computed as the bitwiseexclusive–OR of and

(8)

Note that the security of our scheme is based on theparameters and .

Step 5) Signing and timestamping the parameters: Inthis step, the security parameters are signed by theowner based on the digital signature technique.

(9)

where is a digital signature functionusing the owner’s private key OSK.

Subsequently, the owner sends the signature DS tothe trusted party TSA. TSA creates a timestamp TSby appending the date and the time received as

(10)

where is a timestamp function usingTSA’s private key TPSK. After receiving TS, TS andDS are incorporated with the original image . If adispute arises, the TS and DS can be used to verifythe copyright logo corresponding to the test image.

B. Logo Verification Algorithm

Logo verification does not require presence of the originalimage. In order to verify the exact copyright of an image, anyonecan use the TSA public key to verify the timestamp TS and usethe owner’s public key to verify the signature DS and to checkthe validation of the security parameters: , and .If successful, the verification will be ‘verified’, otherwise the al-gorithm returns ‘fail’ and stops. The verification steps are similarto the certificate generation steps and are described as follows.

Step 1) Wavelet transforming of the test image: The testimage is processed by a -level wavelet transforma-tion to obtain the subband .

Step 2) Constructing the new polarity table: Using thesame method in step 3 of the certificate generation,the new polarity table is calculated from .

Step 3) Extracting the logo with verification key: The ex-tracted logo is obtained by

(11)

Step 4) Inversely permuting the logo: Finally, the retrievedlogo isobtainedbyinversingthepermutationin(6)according to the parameter as follows:

(12)

where denotes the inversing permuta-tion function using the seed .

IV. EXPERIMENTAL RESULTS AND DISCUSSIONS

A. Experimental Results

To demonstrate the feasibility of our robust copy-right-proving scheme, some experiments are conducted.Fig. 2 shows a “classical” image Lena as the original image

and a binary image as the logo . The original image is a256 gray-level image of size 512 512 pixels and the logo isa visual recognizable binary image of size 64 64 pixels. TheLena image is three-level wavelet transformed and the subband

of size 64 64 is obtained.We use the peak signal-to-noise ratio (PSNR) to evaluate the

quality between the attacked image and the original image. ThePSNR formula is defined as follows:

where and are the height and width of the image. isthe original value of the coordinate and is the alteredvalue of the coordinate . is the largest energy of theimage pixels (e.g., for 8 b/pixel).

The logo retrieval rate is defined to be the percentage ofthe accurate pixels recovered, which is

The experimental results show that the retrieved logos are stillrecognizable despite the image being seriously distorted. Table Ishows the experimental results under various attacks. The at-tacks are described as follows.

Exp. 1 Image blurring: We blur Lena such that the PSNRvalue is reduced to 29 dB.

Exp. 2 Image JPEG compression: The JPEG compres-sion version of Lena is obtained with parameters of10% quality and 0% smoothing.

Exp. 3 Image noising: Gaussian noise is added to Lenasuch that the PSNR value is reduced to 30 dB.

Exp. 4 Image sharpening: We sharpen Lena until thePSNR value is reduced to 28 dB.

Exp. 5 Image sealing: We reduce Lena from 512 512 to128 128 pixels and then rescale back to 512 512pixels.

Exp. 6 Image rotation: Lena is rotated 2 and then resizedto 512 512 pixels.

Exp. 7 Image print–photocopy–scan: We print Lenausing a 1200 dpi laser printer. The image is thenphotocopied and further scanned at a 300 dpi and256 gray-level scanner. Finally, the image is resizedto 512 512 pixels.

Exp. 8 Image cropping: The left-top corner of Lena is dis-carded. The PSNR value is reduced to 11 dB.

Exp. 9 Image scaling-cropping: We apply cropping andscaling attacks together. First, Lena is scaling from512 512 to 560 560 pixels. Second, we cut the

CHEN et al.: PUBLICLY VERIFIABLE COPYRIGHT-PROVING SCHEME RESISTANT TO MALICIOUS ATTACKS 331

Fig. 2. (a) The original image: Lena, (b) the logo, and (c) peppers.

edge area of the resized Lena to form the size of512 512 pixels. The PSNR value is thus reducedto 16 dB.

Exp. 10 StirMark attack: We apply the StirMark attackto Lena one time with the default parameters. ThePSNR value is thus reduced to 18 dB; however,Lena is not severely distorted.

Exp. 11 unZign attack: We apply the unZign attack to Lenaone time with the default parameters. The PSNRvalue is thus reduced to 25 dB; however, Lena isnot severely distorted.

Exp. 12 StirMark and unZign attacks: We apply the Stir-Mark and unZign attacks one time, respectively.The PSNR value is thus reduced to 20 dB; however,Lena is not severely distorted.

Exp. 13 BPM attack: In this experiment, we perform thefollowing operations: (a) divide Lena into theblocks of 4 4 pixels; (b) retrieve 256 codewordsfrom Peppers [as shown in Fig. 2(c)] by LBGalgorithm [22]; and (c) repeatedly replace eachblock of Lena with the closest codeword to forma perceptually similar Lena. The PSNR value isreduced to 30 dB.

B. Discussions

In our scheme, exact ownership is ascertained if the retrievedlogo image is meaningful to the verifier. Our experiments showthat our copyright-protection scheme possesses the six essentialproperties of transparency, robustness, security, unambiguous,blindness, and it handles multiple logos. Our scheme has trans-parency because it is lossless. For medical images, for example,lossless is a very important property. It is also robust. In theworst case situation there still was a high retrieved ratio (upto 80.3%). This is especially important as many watermarkingschemes in the current literature are vulnerable to rotation andprint–photocopy–scan attacks. It is secure. The security of thiscopyright-protection technique is based on the same as thedigital signature and timestamp techniques. It is unambiguous.Based on the experiment results, the retrieval ratios were veryhigh. Obviously, all logos are recognizable and thus do con-vince a verifier of the existence of logos without ambiguity.Our scheme has blindness. The certificate-verification phasedoes not require the original image. In practice, this is anessential property of the copyright-protection scheme. Lastly,our scheme can handle multiple logos. Because the originalimage is not modified, this scheme allows the existence ofmultiple logo embedding. The owner can just cast another logoby generating the corresponding verification key, and save allof the verification keys to verify the ownership of his digitalimage in the future.

Our scheme is resistant to copy attacks because it does notmodify the original image. The integrity of the verification keys

and is guaranteed by the digital signature and timestampmechanisms. Hence, our scheme is resistant to counterfeit at-tacks. Exp. 13 demonstrates that our scheme is resistant to BPMattacks. Our scheme is also resistant to StirMark and unZign at-tacks. In addition, owners do not have to keep the verificationkeys. To verify the ownership of the test image, one only needsthe public keys of the owner and TSA. The advantages are: 1) toreduce the overhead of verification by the owner, and the storagespace and managements of the verification keys for each image;

332 IEEE TRANSACTIONS ON INDUSTRIAL ELECTRONICS, VOL. 52, NO. 1, FEBRUARY 2005

TABLE ITHE ATTACKED IMAGES, THE CORRESPONDING PSNR VALUES, THE RETRIEVED LOGOS, AND THE CORRESPONDING RATIO VALUES (%)

2) to avoid revealing the secret keys when verifying in a privatewatermarking system.

Not only can a binary logo but a gray-level logo can also betreated as a logo in our scheme. A gray-level logo must be di-vided into several binary images. For instance, a 256-gray logocan be decomposed into eight bitplanes. Each bitplane is re-garded as a binary logo.

To see is to believe. People are pleased to use a meaningfuland visually recognizable pattern as their copyright logo. Itseems to us that an extractable scheme is better than a detectableone. This is because the latter cannot completely satisfactory.In detectable schemes, a detector is used to detect whether thecopyright watermark has been embedded into the image andthen yields a “yes” or “no”. If the similarity is greater than apredetermined threshold value, we say that the watermark isindeed embedded into the image, and vice versa. However,how to decide a proper threshold value is very difficult. Asmall threshold will presume the existence of a watermark ifnot so. Oppositely, a larger threshold will reject the existenceof a watermark although it is indeed embedded. Alternatively,the extraction of the embedded visually recognizable logoconvinces us of its existence.

Because the verification key depends on the protected imageand has robustness features against several malicious distortions,“who” and “when” become two important key points to providecopyright protection. In the proposed scheme, the verificationkey binds with DS and TS tightly, where DS is used to verifywho generated the verification key and TS is used to ascertainwhen the verification key and DS were generated. Hence,even if an adversary creates a “verification” key, the disputecan be resolved according to the evidences of “who” and“when”.

In fact, the intellectual property rights box, defined to providesecurity services, in an JPEG 2000 file format has shown a trendthat an image format should provide a field for security services.It is reasonable to assume that DS and TS is included in theimage format; otherwise, a doubtful image without DS and TSis possible to set the proposed scheme into some unpredictableproblems.

To demonstrate the effectiveness of our scheme, a comparisonof our scheme with several conventional watermarking schemesis shown in Table II. Further, the comparison of our scheme withtwo copyright-protection schemes, which are also lossless, issummarized in Table III.

CHEN et al.: PUBLICLY VERIFIABLE COPYRIGHT-PROVING SCHEME RESISTANT TO MALICIOUS ATTACKS 333

TABLE IICOMPARISONS OF THE PROPOSED SCHEME AND SEVERAL CONVENTIONAL WATERMARKING SCHEMES

TABLE IIICOMPARISONS OF THE PROPOSED SCHEME AND SEVERAL COPYRIGHT-PROTECTION SCHEMES

V. CONCLUSION

Although cryptographic techniques alone are not suitable toprotect the copyright of digital images, we have shown that thesecurity and reliability of copyright protection can benefit froma combination of cryptography and watermarking. We have in-

tegrated wavelet transform, digital signature, and digital time-stamp into a copyright-protection scheme. Without modifyingthe lowest frequency components of DWT, our scheme is loss-less. Experimental results demonstrate that our scheme is robustagainst common image processing attacks and simple geometricdistortions. Furthermore, our scheme is also resistant to the fol-

334 IEEE TRANSACTIONS ON INDUSTRIAL ELECTRONICS, VOL. 52, NO. 1, FEBRUARY 2005

lowing attacks: 1) StirMark, unZign, and StirMark–unZign; 2)multiple logos; and 3) counterfeit, copy, and BPM, while almostall robust copyright-protection schemes are vulnerable to theseattacks. Finally, the application of digital signature and time-stamp make public verification possible.

REFERENCES

[1] G. Voyatzis and I. Pitas, “Protecting digital-image copyrights: A frame-work,” IEEE Comput. Graph. Appl., vol. 19, no. 1, pp. 18–24, Jan./Feb.1999.

[2] B. Schneier, Applied Cryptography, 2nd ed. New York: Wiley, 1996.[3] I. J. Cox, J. Kilian, F. T. Leighton, and T. Shamoon, “Secure spread

spectrum watermarking for multimedia,” IEEE Trans. Image Process.,vol. 6, no. 12, pp. 1673–1687, Dec. 1997.

[4] C. T. Hsu and J. L. Wu, “Multiresolution watermarking for digital im-ages,” IEEE Trans. Circuits Syst. II, Analog Digit. Signal Process., vol.45, no. 8, pp. 1097–1101, Aug. 1998.

[5] , “Hidden digital watermarks in images,” IEEE Trans. ImageProcess., vol. 8, no. 1, pp. 58–68, Jan. 1999.

[6] C. S. Lu and H. Y. M. Liao, “Cocktail watermarking for digital imageprotection,” IEEE Trans. Multimedia, vol. 2, no. 4, pp. 209–224, Dec.2000.

[7] F. A. Petitcolas, R. J. Anderson, and M. G. Kuhn, “Information hiding–Asurvey,” Proc. IEEE, vol. 87, no. 7, pp. 1062–1078, Jul. 1999.

[8] M. J. Tsai, K. Y. Yu, and Y. Z. Chen, “Joint wavelet and spatial transfor-mation for digital watermarking,” IEEE Trans. Consum. Electron., vol.46, no. 1, pp. 241–245, Feb. 2000.

[9] M. Barni, F. Bartolini, and A. Piva, “Improved wavelet-based water-marking through pixel-wise masking,” IEEE Trans. Image Process., vol.10, no. 5, pp. 783–791, May 2001.

[10] S. Katzenbeisser, “On the design of copyright protection protocols formultimedia distribution using symmetric and public-key watermarking,”in Proc. 12th Int. Workshop Database and Expert Systems Applications,5th Int. Query Processing and Multimedia Issues Distributed SystemsWorkshop, 2001, pp. 815–819.

[11] unZign Watermark Removal Software (1997). [Online]. Available:http://altern.org/watermark

[12] S. Craver, B. L. Yeo, and M. Yeung, “Technical trials and legal tribula-tions,” Commun. ACM, vol. 41, no. 7, pp. 45–54, Jul. 1998.

[13] C. C. Chang, K. F. Hwang, and M. S. Hwang, “Robust authentica-tion scheme for protecting copyrights of images and graphics,” IEEProc.—Vis. Image Signal Proc., vol. 149, no. 1, pp. 43–50, 2002.

[14] M. Kutter, S. Voloshynovskiy, and A. Herrigel, “The watermark copyattack,” in Proc. SPIE, Security and Watermarking Multimedia ContentsII, vol. 3971, San Jose, CA, 2000, pp. 371–380.

[15] F. A. Petitcolas and D. Kirovski, “The blind pattern matching attack onwatermark systems,” in Proc. IEEE Int. Conf. Acoustics, Speech, andSignal Processing, vol. 4, 2002, pp. 3740–3743.

[16] C. C. Chang and J. C. Chuang, “An image intellectual property protec-tion scheme for gray-level images using visual secret sharing strategy,”Pattern Recognit. Lett., vol. 23, pp. 931–941, 2002.

[17] W. B. Lee and T. H. Chen, “A public verifiable copy protection techniquefor still images,” J. Syst. Softw., vol. 62, pp. 195–204, Jun. 2002.

[18] C. Fornaro and A. Sanna, “Public key watermarking for authenticationof CSG models,” Comput. Aided Des., vol. 32, pp. 727–735, Oct. 2000.

[19] J. M. Shapiro, “Embedded image coding using zerotrees of wavelet co-efficients,” IEEE Trans. Signal Process., vol. 41, no. 12, pp. 3445–3462,Dec. 1993.

[20] E. J. Stollnitz, T. D. DeRose, and D. H. Salesin, “Wavelets for computergraphics: A primer .1,” IEEE Comput. Graph. Appl., vol. 15, no. 3, pp.76–84, May 1995.

[21] J. Zhou and K. Y. Lam, “Securing digital signatures for nonrepudiation,”Comput. Commun., vol. 22, pp. 710–716, May 1999.

[22] Y. Linde, A. Buzo, and R. M. Gray, “An algorithm for vector quantizerdesign,” IEEE Trans. Commun., vol. COM-28, no. 1, pp. 84–95, Jan.1980.

Tzung-Her Chen received the B.S. degree fromthe Department of Information and Computer Edu-cation, National Taiwan Normal University, Taipei,Taiwan, R.O.C., in 1991, and the M.S. degree fromthe Department of Information Engineering, FengChia University, Taichung, Taiwan, R.O.C., in 2001.He is currently working toward the Ph.D. degree atthe Institute of Computer Science, National ChungHsing University, Taichung, Taiwan, R.O.C.

His research interests include cryptography, infor-mation hiding, and digital watermarking.

Gwoboa Horng (M’96) received the B.S. degree inelectrical engineering from National Taiwan Univer-sity, Taipei, Taiwan, R.O.C., in 1981, and the M.S.and Ph.D. degrees in computer science from the Uni-versity of Southern California, Los Angeles, in 1987and 1992, respectively.

Since 1992, he has been a faculty member at theInstitute of Computer Science, National Chung HsingUniversity, Taichung, Taiwan, R.O.C. His current re-search interests include artificial intelligence, cryp-tography, and information security.

Wei-Bin Lee (M’03) received the B.S. degree fromthe Department of Information and Computer Engi-neering, Chung Yuan Christian University, Chungli,Taiwan, R.O.C., in 1991, and the M.S. degree incomputer science and information engineeringand the Ph.D. degree from National Chung ChengUniversity, Chiayi, Taiwan, R.O.C., in 1993 and1997, respectively.

Since 1999, he has been with the Departmentof Information Engineering, Feng Chia University,Taichung, Taiwan, R.O.C., where he is currently an

Associate Professor. His research interests currently include cryptography,information security management, steganography, and network security.

Dr. Lee is an Honorary Member of the Phi Tau Phi.