Blind and Informed Watermark

For informed watermark, recovery of the watermark is done using the original unwatermarked data. Further, availability of the original data set in the recovery process allows the detection and inversion of distortions, which change the data geometry. This helps, for example, if an attacker has rotated a watermarked image. However, access to the original data is not possible in all cases, for example, in applications such as data monitoring or tracking. For other applications, like video watermarking, it may be impractical to use the original data because of the large data volume, even if it is available. It is, however, possible to design watermarking techniques that do not need the original for watermark extraction i.e. blind watermark extraction. Most watermarking techniques perform some kind of modulation in which the original data set is considered a distortion. If this distortion is known or can be modeled in the recovery process, explicitly designed techniques allow its suppression without knowledge of the original. In fact, most recent methods do not require the original for watermark recovery. Such techniques are called“blind” watermarking techniques [8].

4. ATTACKS ON WATERMARKING SYSTEMS

Research in digital watermarking has progressed along two paths. While new watermarking technologies are being developed, some researchers are also investigating different ways of attacking digital watermarks [1,3,17]. Common attacks to watermark usually aim to destroy the embedded watermark or to impair its detection. A closer took at malicious attacks on robust digital watermarking schemes shows that there are mainly four inherently different attacking concepts: removal attacks, geometrical attacks, cryptographic attacks, and protocol attacks.

Removal attacks aim at completely removing a watermark from the cover data. These approaches consider the inserted watermark as noise with a given statistic and try to estimate the original, nonwatermarked cover data from the stego, i.e. watermarked data. Efficient removal attacks based on denoising have been proposed. They apply some sequential operations to the watermarked image, including median filtering, high pass filtering, and non-linear truncation. A spatial watermark prediction through a filtering process based on a maximum a posteriori (MAP) watermark estimation following remodulation to create the least favorable noise distribution for the watermark detector is also proposed.

In contrast to removal attacks, geometrical attacks intend not to remove the embedded watermark, but distort it through spatial or temporal alterations of the stego data. These attacks are usually such that the watermark detector looses synchronization with the embedded information. This result is the failure of watermark detection process, although the watermark is still in the data.

Cryptographic attacks are very similar to attacks used in cryptography and may be of different nature. The brute forth attack aims at obtaining the secret key through an exhaustive search. Since many watermarking schemes use secret key, it is very important to use keys with a secure length. Another attack in this group is statistical averaging, and collusion attacks. The former describes an attack in which many instances of a given data set, each time signed with a different key or different watermark, are averaged to compute the attacked data. If the number of data sets is large enough, the embedded watermark may not be detected anymore. In the collusion attack, again many instances of the same data are available, but the attacked data set is generate by taking only a small part of each data set and rebuilding a new attacked data set from these parts.

The protocol attacks, neither aim at destroying the embedded information, nor disabling the detection of the embedded information through local or global data manipulation, but it attacks concept of the watermarking application. The first protocol attack introduced the concept of invertible watermarks and showed that for copyright protection purpose, watermarks need to be non-invertible. This requirement on the watermarking technology means that it should not be possible to extract a watermark from a nonwatermarked image.

Although the presented classification allows for a clear separation between the attacks, it should be noted that very often a malicious attacker applies not only one single attack at the moment, but rather a combination of two or more attacks.

5. WAVELET BASED TAMPER PROOFING

Wavelet transform is a multi-resolution timefrequency analysis technique, which decomposes signal over dilated and translated wavelets. Wavelet is a finite energy function with zero mean and is normalized (|| ψ|| = 1). A family of wavelets can be obtained by scaling ψ by s and translating it by u.