Introduction
Although different authors use different meanings for the word 'watermark',
it is mostly agreed that the watermark is one, which is imperceptibly added to
the cover-signal in order to convey the hidden data.
The process of embedding information into another object/signal can be termed
as watermarking.
Watermarking (now-a-days) is mainly used for copy-protection and
copyright-protection (1.4).
Historically, watermarking has been used to send ``sensitive'' information
hidden in another signal (1.12) .
Watermarking has its applications in image/video copyright protection.
1.4 What is the difference between ``copy protection'' ``copyright protection''
?
Copy protection attempts to find ways, which limits the access to
copyrighted material and/or inhibit the copy process itself. Examples of copy
protection include encrypted digital TV broadcast, access controls to
copyrighted software through the use of license servers and technical copy
protection mechanisms on the media. A recent example is the copy protection
mechanism on DVDs. However, copy protection is very difficult to achieve in open
systems, as recent incidents (like the DVD hack - DeCss) show.
Copyright protection inserts copyright information into the digital
object without the loss of quality. Whenever the copyright of a digital object
is in question, this information is extracted to identify the rightful owner. It
is also possible to encode the identity of the original buyer along with the
identity of the copyright holder, which allows tracing of any unauthorized
copies. The most prominent way of embedding information in multimedia data is
the use of digital watermarking.
Whereas copy protection seems to be difficult to implement, copyright
protection protocols based on watermarking and strong cryptography are likely to
be feasible.
Consider the following scenario: Alice, the copyright holder, inserts her own
watermark into some object, locks the original away and keeps selling the marked
image. Bob can now try to insert his own watermark into the already marked
object. In case of a dispute, both Alice and Bob are able to prove the presence
of "their" watermark and claim ownership of the document. How can this
situation be resolved?
The "traditional" answer is: look at the objects, Alice and Bob
claim to be the original. Alice's original should not contain a watermark,
whereas Bob's "original" must contain Alice's watermark (if we assume
that Bob cannot remove marks). This situation would indicate that Bob inserted
his watermark after Alice and so one may conclude that Alice is the rightful
owner.
Unfortunately, sometimes the situation is not that simple. It has been shown
that, in particular class of watermarking schemes, Bob can insert his watermark
in a way that it also seems to be present in the copy Alice locked away
(although he has no access to it). So Alice's original contains Bob's mark and
Bob's "original" contains Alice's mark. This type of attack is called
"inversion attack" or more "dead lock attack". There is no
way to resolve copyright ownership in this case. This result indicates that
watermarking "alone", that is without a carefully designed protocol
around it, will not suffice to resolve the copyright situation.
One could define a new audio file format, in which the watermark is a part of
the header block but is not removable without destroying the original signal,
because part of the definition of the file format requires the watermark to be
therein. In this case the signal would not really be literally 'destroyed' but
any application using this file format would not touch it without a valid
watermark. Some electronic copyright management system propose mechanisms like
this. Such schemes are weak as anyone with a computer or a digital editing
workstation would be able to convert the information to another format and
remove the watermark at the same time. Finally this new audio format would be
incompatible with the existing one. Thus the watermark should really be embedded
in the audio signal.
This is very similar to S.C.M.S (Serial Code Management System). When Philips
and Sony introduced the 'S/PDIF' (Sony/Phillips Digital Interchange Format),
they included the S.C.M.S. which provides a way to regulate copies of digital
music in the consumer market. This information is added to the stream of data
that contains the music when one makes a digital copy (a 'clone'). This is in
fact just a bit saying: digital copy prohibited or permitted. Some professional
equipment are exempt for needing S.C.M.S.
With watermarking however, the copy control information is part of the
audio-visual signal and aim at surviving file format conversion and other
transformations.
While cryptography is about protecting the content of messages (their
meaning), steganography is about concealing their very existence. It comes from
Greek roots, literally means 'covered writing', and is usually interpreted to
mean hiding information in other information. Examples include sending a message
to a spy by marking certain letters in a newspaper using invisible ink, and
adding sub-perceptible echo at certain places in an audio recording. It is often
thought that communications may be secured by encrypting the traffic, but this
has rarely been adequate in practice. Aneas the Tactician, and other classical
writers, concentrated on methods for hiding messages rather than for enciphering
them; and although modern cryptographic techniques started to develop during the
Renaissance, we find in 1641 that John
Wilkins still preferred hiding over ciphering because it arouses less
suspicion. This preference persists in many operational contexts to this day.
For example, an encrypted email message between a known drug dealer and somebody
not yet under suspicion, or between an employee of a defense contractor and the
embassy of a hostile power, has obvious implications.
As the purpose of steganography is having a covert communication
between two parties whose existence is unknown to a possible attacker, a
successful attack consists in detecting the existence of this communication
(e.g., using statistical analysis of images with and without hidden
information). Watermarking, as opposed to steganography, has the
(additional) requirement of robustness against possible attacks. In this
context, the term 'robustness' is still not very clear; it mainly depends on the
application. Copyright marks do not always need to be hidden, as some systems
use visible digital watermarks, but most of the literature has focused on
imperceptible (e.g., invisible, inaudible) digital watermarks which have wider
applications. Visible digital watermarks are strongly linked to the original
paper watermarks which appeared at the end of the XIII century to differentiate
paper makers of that time. Modern visible watermarks may be visual patterns
(e.g., a company logo or copyright sign) overlaid on digital images. The intent
of use is also different: the payload of a watermark can be perceived as an
attribute of the cover-signal (e.g., copyright information, license, ownership,
etc.). In most cases the information hidden using steganographic techniques is
not related at all to the cover. These differences in goal lead to very
different hiding techniques.
There as been some confusion about the naming of various types of
watermarking techniques and the main reason is that people involved in this
field come from different backgrounds (in particular signal processing and
computer security). On top of this some terminology has been imported from the
related field of steganography.
Originally, public watermarking and blind watermarking mean the
same, but the wording was confusing with public-key watermarking. 'Signal
processing people' took over the field, so only the later tends to remain. In
these schemes, the cover signal (the original signal) is not needed during the
detection process to detect the mark. Solely the key, which is typically used to
generate some random sequence used during the embedding process, is required.
These types of schemes can be used easily in mass market electronic equipment or
software.
In some cases you may need extra information to help your detector (in
particular to synchronise its random sequence on the possibly distorted test
signal). In particular some watermarking schemes require access to the
'published' watermarked signal, that is the original signal just after adding
the watermark. People refer to these schemes as semi-blind watermarking schemes.
Private watermarking and non-blind-watermarking mean the same:
the original cover signal is required during the detection process.
At last, by asymmetric watermarking or public-key watermarking,
people refer to watermarking schemes with properties reminding asymmetric
cryptosystem (or public key cryptosystem). No such system really exists yet
although some possible suggestions have been made. In this case, the detection
process (and in particular the detection key) is fully known to anyone as
opposed to blind watermarking where a secret key is required. So here, only a
'public key' is needed for verification and a 'private key' (secret) is used for
the embedding though. Knowledge of the public key does not help to compute the
private key (at least in a reasonable time), it does not either allow removal of
the mark nor it allows an attacker to forge a mark.
The aims of such watermarks are completely different: A (semi-)fragile
watermark is a mark which is (highly) sensitive to a modification of the stego-medium.
A fragile watermarking scheme should be able to detect any change in the signal
and identify where it has taken place and possibly what the signal was before
modification. It serves at proving the authenticity of a document. On the
opposite, a robust watermark should be stuck to the document it has been
embedded in, in such a way that any signal transform of reasonable strength
cannot remove the watermark. Hence a pirate willing to remove the watermark will
not succeed unless they debase the document too much to be of commercial
interest. The latter form is the very challenging and attracts most research.
The characteristics of an watermarking algorithm is normally tied to the
application is was designed for. The following merely explain the words used in
the context of watermarking.
- Imperceptibility
- In watermarking, we traditionally seek high fidelity, i.e. the watermarked
work must look or sound like the original. Whether or not this is a good
goal is a different discussion.
- Robustness
- It is more a property and not a requirement of watermarking. The watermark
should be able to survive any reasonable processing inflicted on the carrier
(carrier here refers to the content being watermarked).
- Security
- The watermarked image should not reveal any clues of the presence of the watermark, with respect to un-authorized detection, or (statistical)
unrepeatability or unsuspicious (not the same as imperceptibility).
-
Fingerprints are characteristics of an object that tend to distinguish it
from other similar objects. They enable the owner to trace authorized users
distributing them illegally. In the case of encrypted satellite television
broadcasting, for instance, users could be issued a set of keys to decrypt the
video streams and the television station could insert fingerprint bits into each
packet of the traffic to detect unauthorized uses. If a group of users give
their subset of keys to unauthorized people (so that they can also decrypt the
traffic) at least one of the key donors can be traced, when the unauthorized
decoder is captured. In this respect, fingerprinting is usually discussed in the
context of the traitor tracing problem.
1.12 What is the oldest (historical) method developed/used for the purpose of
ownership protection ?
The original paper watermarks appeared at the end of the 13th century to
differentiate paper makers of that time. Modern visible watermarks may be visual
patterns (e.g., a company logo or copyright sign) overlaid on digital images and
are widely used by many photographers who do not trust invisible watermarking
techniques enough.
In the 17th century, Claude GellA�e of Lorraine (1600a1682), also
known as Claude Lorrain, introduced a method for protecting his intellectual
property nearly hundred years before any relevant law was introduced (the first
'copyright' law was the 'Statute of Anne' introduced by the English Parliament
in 1710.) From some time around 1635 until the end of his life in 1682, Lorrain
kept a book that he called the Liber Veritatis (now kept in the British
Museum in London). The Liber Veritatis was a collection of drawings in the form
of a sketchbook. The book was specially made for him, with a scheme of
alternating pages, four blue pages followed by four white, which repeated in
this manner and contained around 195 drawings. One of Lorrain's biographers,
reported that the purpose in creating the Liber Veritatis was to protect Lorrain
against forgery (it is not clear 'how far the objective of protection against
forgery can be accepted as an adequate example of the book's raison d'A^atre')
In fact, any comparison between drawings and paintings goes to show that the
former were designed to serve as a `check' on the latter and from the Liber any
very careful observer could tell whether a given painting was a forgery or not.
Similar techniques are being used today. ImageLock, for instance, keeps a
central database of image digests and periodically searches the Web for images
having the same digest. Tracking systems based on private watermarks also
require central databases. Unfortunately, apart from the extent of the problem
(which is now global) nothing much has changed, since such services still do not
provide any proof of infringement.
- Define some algorithm to "extract" a watermark (this could be
taking the 1000 highest amplitude DCT coeffs, or averaging the 8x8 blocks of
an image, or subtracting the original and projecting onto some subspace, or
finding salient points, finding the Delaunay triangulation of those points
and representing the result as a graph, etc.)
- Modify the image so that the extracted watermark will be
"similar" to some predefined watermark (or set of watermarks).
This may be done by adding something to the image or by multiplying the
image by some spatially variant map. We may modify some values relative to
others, increase one subset and decrease another subset of pixels or
coefficients, warp the image to obtain a particular arrangement of salient
points, etc. The modification might be done under the control of a
perceptual model to limit the fidelity impact. It may be done under the
control of a distortion model to maximize the robustness.
Different algorithms employ different extraction functions and thus different
embedding functions. They differ in the models used to control fidelity,
robustness, security, bit rate, error rates.
Yes and No.
The use of these terms on an application specific case might be true but not
universally. So, a better question is ``Is this watermarking technique
secure/robust for this application ?''. There is the same problem in
cryptography: people think their system is secure because it uses RSA. This is
an illusion: hackers focus their effort on protocols or on implementations but
they never try to break RSA
[Jeffrey A Bloom] Try the early Digimarc patents. Geoffrey Rhoads does an
excellent job in the disclosures describing "knots" and
"rings" and "tapestries". That technique is robust to
rotation, crop, and resize, it is a blind detection technique, it is an n-bit
watermark, i.e. it has a payload rather than a 0-bit watermark which is simply
present or absent, but carries 0-bits worth of information. I suspect that these
patents are the foundation of the Mediabridge technology. That is clearly blind,
multi-bit, and robust to the distortions you mention (as well as others).
Image Watermarking
The digital age has simplified the process of content delivery and has
increased the ease at which the buyer can re-distribute the content, thus
denying the income to the seller. Images published on the internet is an example
of such content. This section will deal with questions related to image
watermarking.
Visibility is a term associated with the perception of the human eye. A
watermarked image in which the watermark is imperceptible, or the watermarked
image is visually identical to its original constitutes a invisible watermarking.
Examples include images distributed over internet with watermarks embedded in
them for copyright protection. Those which fail can be classified as visible
watermarks. Examples include logos used in papers in currencies.
Spatial domain, additive watermarking is the same as additive watermarking in
any domain that is a linear transformation of the spatial domain, e.g. Fourier,
block DCT, wavelet, etc. It usually means that someone has created a watermark
pattern that has the same dimensions as the original image and has added the
watermark pattern to the image.
The watermark pattern can be modified by, or even created with a perceptual
analysis of the original image. This does not directly effect the robustness.
Perceptual modeling usually improves the fidelity so that means, for the same
fidelity impact, you might be able to embed a "stronger" watermark.
Often, "stronger" implies more robust, but not always. The following
papers are recommend to see that "stronger" does not always mean more
robust.
Yes and No.
Multiple watermarks can be considered as attacks in situations wherein one
expects the presence of single watermark. Thus, any second operation of
watermark embedding or any other processing on the carrier can be considered as
an attack. The survival of the watermark in those cases is dependent on the
application. A robust watermark is expected to survive such operations. Some
watermarking tools do not allow you to insert a watermark if an image already
contains a watermark from the same tool. Sometimes, a watermark from one tool
may get overwritten with a watermark from another.
There are instances where, a carrier is intentionally watermarked multiple
times. Consider the situation, wherein Alice buys the distributing rights for an
watermarked image from Bob (watermark contains info about Bob). Whenever Alice
sells the image to her customer, she watermarks the image with the customer
information. In this situation, the final image should contain both the
watermarks. The presence of both watermarks help in avoiding copyright theft and
illegal copy/distribution. In cases of multiple watermarks, the order in which
different watermarks are embedded may influence the delectability. A strong
watermark embedded after a weak watermark will mask the weak watermark and
render it undetectable.
The simplest of the domains to insert watermark is the spatial domain, where
the pixel value of the image is modified. Changing the pixel value does effect
the image statistics. Due to the attribute of a watermark being imperceptible(in
case of invisible watermark), there cannot be much devation from the original
image statistics. In this situation, the watermark influence on each pixel must
be atleast equal to one quantization step to survive. Similar arguments can be
made for watermarks inserted in other domains. The general notion adopted is, if
the watermarks are embedded in the same domain as the compression, then they
have a higher probability of survival of such operations. (Ex. DCT domain for
JPEG compression)
Visible watermarks on images can be easily achieved thorough image editing
software. Ex. imagemagick or any other, which have the watermark functionality.
Invisible watermarks on images can be achieved through some proprietary software's. There are several papers in the literary world which help one to
implement their own invisible watermark. The following are some of the places to
start with to learn/implement watermarking for images.
|
 |
 New
Software
 FACE
ACE Watermark, Photo Protection Software for Windows
WEB
SNATCH Picture
Ripper, Automatic Image Download Software for Windows
|
 |
 |
