Attacks on Digital Image Watermarks: An Experimental Study Authors: Yuru Liu, Xuan Wu, Xiaohan Tang | Institute for Software Research | Carnegie Mellon University Digital Image Watermarking • Digital watermarking is the embedding of signal, secret information into the digital carrier such as image, audio and video. • Digital image watermarking is mainly used in data authentication, copyright protection, and owner identification, etc. • There are three categories of Algorithms: spatial domain, spectral domain, and hybrid domain Experimental Result Experimental Design • 25 original image files • 5 subject topics: scenery, portrait, objects/design, plain text, poster • 4 formats: JPG, BMP, PNG, TIF • 100 test images in total Test Images • Least Significant bit (LSB) • Discrete Fourier Transformation Based (DFT) • Discrete Wavelet Transformation Based (DWT) Target Watermarking Algorithms • 13 attack methods including typical geometric transformations, compression, adding noise and filtering. • Parameters (intensity) of each method are tuned to satisfy the constraint that PSNR of all attacked images are above a threshold value (20 db) Attack Methods • For each (algorithm, attack method) pair, we inspect all the attacked watermarks with naked eye, and record the ratio of unrecognizable watermarks for comparison Evaluation Conclusion and Limitations • Watermarked Images under different themes could have divergent levels of resistance towards different attack methods. Usually a watermarked image that has high resistance towards one type of typical attack methods presents high vulnerability to another. With limited knowledge of watermarking algorithms that have been applied to the images, employing a single attack method can therefore be quite useless. Thus, combining multiple attack methods together should be the first choice when trying to remove an embedded watermark. 0.57 0.56 1 0.45 1 0.12 0 0 0.92 0.32 0.16 0.84 0.28 0.0 0.2 0.4 0.6 0.8 1.0 1.2 Unrecognizable Watermark Ratio for LSB Algorithm Average filtering Brightness Compression Cropping Gaussian Noise Hue Median Filtering Pepper & Salt Noise Poisson Noise Rotation Saturation Speckle Noise Translation Attacks on Watermarks • No watermarking algorithm is completely robust. Vulnerabilities vary from algorithm to algorithm. • Malicious attacks can lead to partial or even total destruction of the embedded watermarks • Attacks can be classified as active attacks, passive attacks, collusion attacks, and forgery attacks 1 0.11 0.98 1 1 0 1 0.73 0 1 0 0.55 1 0.0 0.2 0.4 0.6 0.8 1.0 1.2 Unrecognizable Watermark Ratio for DFT Algorithm Average filtering Brightness Compression Cropping Gaussian Noise Hue Median Filtering Pepper & Salt Noise Poisson Noise Rotation Saturation Speckle Noise Translation 0.12 0.78 0.1 0.54 0.26 0.8 0.39 0.34 0.37 0.45 0.88 0.41 0.89 0.0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1.0 Unrecognizable Watermark Ratio for DWT Algorithm Average filtering Brightness Compression Cropping Gaussian Noise Hue Median Filtering Pepper & Salt Noise Poisson Noise Rotation Saturation Speckle Noise Translation Our goal • In this project, we conduct active attacks on image watermarks from an adversary’s perspective. Given an watermarked image with no other information, we try to remove the watermark. • Through a standardized experiment, we evaluate the effectiveness of various attack methods applied at different watermarking algorithms Figure 2. Flowchart of our experiment Figure 1. Digital Watermarking System