A

PROJECT REPORT
On

To study and implement Digital Watermarking

algorithm on Images using Scale Invariant Feature
Transformation

submitted for partial fulfillment for the degree of

Bachelor of Technology

In
Department of Computer Engineering
(2009-10)

Supervisor: Dr. Vijay Laxmi Pritam Hinger (0609449)

Vikas Sarda (0609463)
Vishal Pareek (0609469)

MALAVIYA NATIONAL INSTITUTE of TECHNOLOGY

 MALAVIYA NATIONAL INSTITUTE of TECHNOLOGY
(Deemed University)
JAIPUR(RAJASTHAN)-302017
DEPARTMENT of COMPUTER ENGINEERING

CERTIFICATE
This is to certify that project report entitled “Study and implement Digital Watermarking
algorithm on Images using Scale Invariant Feature Transformation” is submitted by

Pritam Hinger (0609449)

Vikas Sarda (0609463)
Vishal Pareek (0609469)

In partial fulfillment for the degree of bachelor of technology in computer engineering

department is hereby approved for submission.

Dr. Vijay Laxmi

Professor,
Department of Computer Engineering MNIT, Jaipur
Contents

Chapter 1 INTRODUCTION ......................................................................................................... 6

Chapter 2 Overview ................................................................................................................ 8
2.1 History of Watermarking .................................................................................................................. 10
2.2 Requirements for watermarking algorithms: .................................................................................... 11
2.3 Importance of Digital Watermarking ................................................................................................ 12
2.4 Applications of Digital Watermarking .............................................................................................. 14
2.5 Attacks on Watermarked Work ........................................................................................................ 17
2.5.1 Scrambling Attacks: ..................................................................................................... 17
2.5.2 Pathological Distortions: .............................................................................................. 17
2.5.3 Copy Attacks: ............................................................................................................... 18
2.5.4 Ambiguity Attacks:....................................................................................................... 18
Chapter 3 Methodology ................................................................................................................. 19
3.1 Project Flow ...................................................................................................................................... 19
3.1.1 Insertion of Watermark Image into Cover Work: - ...................................................... 19
3.1.2 Extraction of Watermark Image from Watermarked Image: - ..................................... 19
3.1.3 Calculation of Detection ratio: - ................................................................................... 20
3.2 Step By Step procedure ..................................................................................................................... 20
3.2.1 Read Cover Image: ....................................................................................................... 20
3.2.2 SIFT: ............................................................................................................................. 20
3.2.3 Watermark Generation: ................................................................................................ 27
3.2.4 Watermark Insertion: .................................................................................................... 29
3.2.5 Watermark Detection:................................................................................................... 31
3.2.6 Detection ratio: ............................................................................................................. 33
Chapter 4 RESULTS ....................................................................................................................... 34
4.1 Test Images: ...................................................................................................................................... 34
4.1.1 Cover work: .................................................................................................................. 34
4.1.2 Position of Invariant patches in cover work: ................................................................ 34
4.1.3 Watermark image: ........................................................................................................ 35
 4.1.4 Cover Image with watermark: ...................................................................................... 35
4.1.5 Retrieved Watermark:................................................................................................... 35
4.2 Performance of watermarking scheme and test results: .................................................................... 36
Chapter 5 Conclusion and Future Work.................................................................................... 37
Appendix A .................................................................................................................................................. 38
References .................................................................................................................................................. 40
 ACKNOWLEDGEMENT

We are deeply indebted to our guide Dr. Vijay Laxmi, professor in the department of computer
engineering, MNIT Jaipur for their incomparable encouragement and valuable support in the
project.

We owe our deep regard to Dr. M. S. Gaur, professor in the department of computer
engineering, MNIT Jaipur, whose noble suggestion and guidance as our project coordinator was
instrumental in completing the project.

We would like to acknowledge our sincere regards to all faculty members of department of
Computer Engineering, MNIT and especially to Mrs. Reena Gunjan for her help and valuable
suggestions in the project.

We would like to thank our friend and classmate Roopesh Chuggani for his direct and indirect
help in the project.

Pritam Hinger

Vikas Sarda

Vishal Pareek

Date: - 10th May, 2010

Place: - MNIT, Jaipur

 ABSTRACT

With the advent of internet, creation and delivery of digital data (images, video and audio files,
digital repositories and libraries, web publishing) has grown many fold. With this, issues like,
protection of rights of the content and proving ownership, arises. Digital watermarking came as a
technique and a tool to overcome shortcomings of current copyright laws for digital data. To
prove ownership and protect right, a watermark is embedded in data but to save watermark from
counterfeiters we need to find locations which are invariant to all kind of attacks (rotation,
expansion, compression, cropping, filtering, and blurring). Every image has regions, also known
as patches, which are invariant to attacks. These patches can be found by using Scale Invariant
Feature Transform (SIFT) over image. As these patches are very stable and resistant to attacks so
watermark is inserted in these patches and can also be successfully extracted with low error
probability.
Chapter 1 INTRODUCTION

We are living in the era of information where billions of bits of data is created in every fraction
of a second and with the advent of internet, creation and delivery of digital data (images, video
and audio files, digital repositories and libraries, web publishing) has grown many fold. Since
copying a digital data is very easy and fast too so, issues like, protection of rights of the content
and proving ownership, arises. Digital watermarking came as a technique and a tool to overcome
shortcomings of current copyright laws for digital data. The specialty of watermark is that it
remains intact to the cover work even if it is copied. So to prove ownership or copyrights of data
watermark is extracted and tested. It is very difficult for counterfeiters to remove or alter
watermark. As such the real owner can always have his data safe and secure.
Our aim was to study different watermarking techniques and implement the one which is
most resistant to all types of attack, scalar or geometric. Counterfeiters try to degrade the quality
of watermarked image by attacking an image (generally attacks are median and Gaussian filter,
scaling, compression and rotation of watermarked image).By attacking watermarked image it
become very difficult to recover watermark back from the watermarked image and even if it
extracted one may no longer use it to prove the ownership and copyrights. So our main idea was
to find such regions, also known as patches, in an image which are very stable and resistant to
attacks.
The report is divided mainly in 4 chapters coving literature on watermarking (chapter2), our
methodology and step by step procedure (chapter3), test images and results (chapter4),
conclusion and future work (chapter5).
Chapter 2 gives full insight of digital watermarking, its history, requirements, application
and possible attacks. The first subheading tells how, with information revolution, the need to
have some technique to prevent piracy and illegal copying of data arises. This need give rise to a
new technique, known as Digital Watermarking. While proposing any algorithm some
parameters are needed to keep in mind on which the proposed algorithm must be consistent.
These parameters are discussed in following section. Following sections are dedicated to
watermarking application and attacks. A lot of work is going on for making watermarking
techniques immune towards attack to retain the originality of watermark and assuring successful
extraction of watermark with low error probabilities so to sort out disputes, if any, over
copyrights or ownership.
Chapter 3 starts with a flowchart showcasing the complete flow of project. Flowchart also
contains names of all the functions written to implement the proposed method. The next few
sections explain the complete process followed by us in full detail, listing all the mathematical
steps and explaining all the concepts used, like SIFT.
Chapter 4 lists all the test images and test results. The proposed method is tested for over
30 random images (all 150x200 .jpeg images) covering over 7500 patches. Each image is
attacked (13 different types of attacks) and tested. Results are listed in next section.
Chapter 5 concludes the report with possible work which may be done in future. Since
threats like piracy and counterfeiting are increasing day by day so a lot more work and research
can be done.
Appendix A contains code snippets and all functions’ signature.
 Chapter 2 Overview

Hold a Rs100 note up or your offer letter up to light. What you will see is a picture of
Mahatma Gandhi or company’s logo respectively. This is what is known as a watermark mainly
used to prove the ownership (in case of offer letter, watermark prove that the document is official
document of company meant for official work) or authenticity (in case of Rs 100, watermark rule
out the forgery and authenticate the piece of paper of its worth).

The watermark on the Rs100 (Figure2.1), just like most paper watermarks today, has two
properties. First, the watermark is hidden from view during normal use, only becoming visible as
a result of a special viewing process (in this case, holding the bill up to the light). Second, the
watermark carries information about the object in which it is hidden (in this case, the watermark
indicates the authenticity of the bill).

Watermark

Fig 2.1 Image showing an INR 100 note having watermark at its left side which is considerably visible
when note hold under light.
In addition to paper, watermarking can be applied to other physical objects and to electronic
signals. Fabrics, garment labels, and product packaging are examples of physical objects
that can be watermarked using special invisible dyes and inks Electronic representations of
music, photographs, and video are common types of signals that can be watermarked.

Thus, watermarking is defined as, “the practice of imperceptibly altering a Work to embed a
message about that Work.”

Fig 2.2 A Generic Watermarking System

As is clear from the figure, digital watermarking model consist of an embedder and a detector.
The embedder takes two inputs. One is the payload we want to embed (the watermark ),
and the other is the cover work in which we want to embed the payload. The output of the
embedder is typically transmitted or recorded. Later, that Work (or some other Work that
has not been through the embedder) is presented as an input to the detector. Most detectors try
to determine whether a payload is present, and if so, output the message encoded by it.
The watermarking model is analogous to a communication model in which sender encode a
message before transmitting it over communication channel and on receiving, receiver decode
the encoded message.
2.1 History of Watermarking

Although the art of papermaking was invented in China over one thousand years
earlier, paper watermarks did not appear until about 1282, in Italy. The marks were made by
adding thin wire patterns to the paper molds. The paper would be slightly thinner where the wire
was and hence more transparent. The meaning and purpose of the earliest watermarks are
uncertain. They may have been used for practical functions such as identifying the molds
on which sheets of papers were made, or as trademarks to identify the paper maker. On
the other hand, they may have represented mystical signs, or might simply have served as
decoration. By the eighteenth century, watermarks on paper made in Europe and
America had become more clearly utilitarian. They were used as trademarks, to record the date
the paper was manufactured, and to indicate the sizes of original sheets. It was also
about this time that watermarks began to be used as anticounterfeiting measures on money
and other documents. The term watermark seems to have been coined near the
end of the eighteenth century and may have been derived from the German term wassermarke
(though it could also be that the German word is derived from the English). The term is actually
a misnomer, in that water is not especially important in the creation of the mark. It was probably
given because the marks resemble the effects of water on paper.
About the time the term watermark was coined, counterfeiters began developing methods
of forging watermarks used to protect paper money. Counterfeiting prompted advances in
watermarking technology. William Congreve, an Englishman, invented a technique for making
color watermarks by inserting dyed material into the middle of the paper during papermaking.
The resulting marks must have been extremely difficult to forge, because the Bank of
England itself declined to use them on the grounds that they were too difficult to make. A more
practical technology was invented by another Englishman, William Henry Smith. This replaced
the fine wire patterns used to make earlier marks with a sort of shallow relief sculpture,
pressed into the paper mold. The resulting variation on the surface of the mold produced
beautiful watermarks with varying shades of gray. This is the basic technique used today for the
face of President Jackson on the $20 bill.
Four hundred years later, in 1954, Emil Hembrooke of the Muzak Corporation filed a
patent for “watermarking” musical Works. An identification code was inserted in music by
intermittently applying a narrow notch filter centered at 1 kHz. The absence of energy at this
frequency indicated that the notch filter had been applied and the duration of the absence used to
code either a dot or a dash. The identification signal used Morse code.
It is difficult to determine when digital watermarking was first discussed.
In 1979, Szepanski described a machine-detectable pattern that could be placed on documents for
anti-counterfeiting purposes. Nine years later, Holt described a method for embedding an
identification code in an audio signal. However, it was Komatsu and Tominaga, in 1988, which
appear to have first used the term digital watermark. Still, it was probably not until the early
1990s that the term digital watermarking really came into vogue. About 1995, interest in digital
watermarking began to mushroom. In addition, about this time, several organizations began
considering watermarking technology for inclusion in various standards. The Copy Protection
Technical Working Group (CPTWG) tested watermarking systems for protection of video on
DVD disks. The Secure Digital Music Initiative (SDMI) made watermarking a central
component of their system for protecting music. Two projects sponsored by the European Union,
VIVA [110] and Talisman, tested watermarking for broadcast monitoring. The International
Organization for Standardization (ISO) took an interest in the technology in the context of
designing advanced MPEG standards. In the late 1990s several companies were established to
market watermarking products. Technology from the Verance Corporation was adopted into the
first phase of SDMI and was used by Internet music distributors such as Liquid
Audio. In the area of image watermarking, Digimarc bundled its watermark
embedder and detectors with Adobe’s Photoshop. More recently, a number of companies have
used watermarking technologies for a variety of applications.

2.2 Requirements for watermarking algorithms:

A watermarking algorithm should be consistent over following properties and parameters:
 Transparency: The most fundamental requirement for any Watermarking method shall be
such that it is transparent to the end user. The watermarked content should be consumable
at the intended user device without giving annoyance to the user. Watermark only shows
up at the watermark-detector device.
  Security: Watermark information shall only be accessible to the authorized parties. Only
authorized parties shall be able to alter the Watermark content. Encryption can be used to
prevent unauthorized access of the watermarked data
 Ease of embedding and retrieval: Ideally, Watermarking on digital media should be
possible to be performed “on the fly”. The computation need for the selected algorithm
should be minimum.
 Robustness: Watermarking must be robust enough to withstand all kinds for signal
processing operations, “attacks” or unauthorized access. Any attempt, whether intentional
or not, that has a potential to alter the data content is considered as an attack. Robustness
against attack is a key requirement for Watermarking and the success of this technology
for copyright protection depends on this.
 Effect on bandwidth: Watermarking should be done in such a way that it doesn’t increase
the bandwidth required for transmission. If Watermarking becomes a burden for the
available bandwidth, the method will be rejected.
 Interoperability: Digitally watermarked content shall still be interoperable so that it can
be seamlessly accessed through heterogeneous networks and can be played on various
playout devices that may be watermark aware or unaware.

2.3 Importance of Digital Watermarking

The sudden increase in watermarking interest is most likely due to the increase in concern
over copyright protection of content. The Internet had become user friendly with the introduction
of Marc Andreessen’s Mosaic web browser in November 1993, and it quickly became clear that
people wanted to download pictures, music, and videos. The Internet is an excellent distribution
system for digital media because it is inexpensive, eliminates warehousing and stock, and
delivery is almost instantaneous. However, content owners (especially large Hollywood studios
and music labels) also see a high risk of piracy. This risk of piracy is exacerbated by the
proliferation of high-capacity digital recording devices. When the only way the average
customer could record a song or a movie was on analog tape, pirated copies were
usually of a lower quality than the originals, and the quality of second-generation pirated
copies (i.e., copies of a copy) was generally very poor. However, with digital recording devices,
songs and movies can be recorded with little, if any, degradation in quality. Using these
recording devices and using the Internet for distribution, would-be pirates can easily
record and distribute copyright-protected material without appropriate compensation being
paid to the actual copyright owners. Thus, content owners are eagerly seeking technologies that
promise to protect their rights. The first technology content owners turn to is cryptography.
Cryptography is probably the most common method of protecting digital content. It is certainly
one of the best developed as a science. The content is encrypted prior to delivery, and a
decryption key is provided only to those who have purchased legitimate copies of the
content. The encrypted file can then be made available via the Internet, but would be useless to a
pirate without an appropriate key. Unfortunately, encryption cannot help the seller monitor how
a legitimate customer handles the content after decryption. A pirate can actually purchase the
product, use the decryption key to obtain an unprotected copy of the content, and then
proceed to distribute illegal copies. In other words, cryptography can protect content in
transit, but once decrypted, the content has no further protection. Thus, there is a strong need
for an alternative or complement to cryptography: a technology that can protect content even
after it is decrypted. Watermarking has the potential to fulfill this need because it places
information within the content where it is never removed during normal usage. Decryption,
reencryption, compression, digital-to-analog conversion, and file format changes—a watermark
can be designed to survive all of these processes. Watermarking has been considered for many
copy prevention and copyright protection applications. In copy prevention, the watermark may
be used to inform software or hardware devices that copying should be restricted. In
copyright protection applications, the watermark may be used to identify the copyright
holder and ensure proper payment of royalties.
Although copy prevention and copyright protection have been major driving forces
behind research in the watermarking field, there is a number of other applications for which
watermarking has been used or suggested. These include broadcast monitoring, transaction
tracking, authentication (with direct analogy to our Rs100 example), copy control, and device
control.
2.4 Applications of Digital Watermarking

Digital Watermarks are potentially useful in many applications, including:

 Ownership assertion: Watermarks can be used for ownership assertion. To assert

ownership of an image, Alice can generate a watermarking signal using a secret private
key, and then embed it into the original image. She can then make the watermarked
image publicly available. Later, when Bob contends the ownership of an image derived
from this public image, Alice can produce the unmarked original image and also
demonstrate the presence of her watermark in Bob’s image. Since Alice’s original image
is unavailable to Bob, he cannot do the same. For such a scheme to work, the watermark
has to survive image processing operations aimed at malicious removal. In addition, the
watermark should be inserted in such a manner that it cannot be forged as Alice would
not want to be held accountable for an image that she does not own.

 Fingerprinting: In applications where multimedia content is electronically distributed

over a network, the content owner would like to discourage unauthorized duplication and
distribution by embedding a distinct watermark (or a fingerprint) in each copy of the data.
If, at a later point in time, unauthorized copies of the data are found, then the origin of the
copy can be determined by retrieving the fingerprint. In this application the watermark
needs to be invisible and must also be invulnerable to deliberate attempts to forge,
remove or invalidate. Furthermore, and unlike the ownership assertion application, the
watermark should be resistant to collusion. That is, a group of k users with the same
image but containing different fingerprints should not be able to collude and invalidate
any fingerprint or create a copy without any fingerprint.

 Copy prevention or control. Watermarks can also be used for copy prevention and
control. For example, in a closed system where the multimedia content needs special
hardware for copying and/or viewing, a digital watermark can be inserted indicating the
number of copies that are permitted. Every time a copy is made the watermark can be
modified by the hardware and after a point the hardware would not create further copies
 of the data. An example of such a system is the Digital Versatile Disc (DVD). In fact, a
copy protection mechanism that includes digital watermarking at its core is currently
being considered for standardization and second generation DVD players may well
include the ability to read watermarks and act based on their presence or absence.
Another example is in digital cinema, where information can be embedded as a
watermark in every frame or a sequence of frames to help investigators locate the scene
of the piracy more quickly and point out weaknesses in security in the movie’s
distribution. The information could include data such as the name of the theater and the
date and time of the screening. The technology would be most useful in fighting a form
of piracy that’s surprisingly common, i.e., when someone uses a camcorder to record the
movie as it’s shown in a theater, then duplicates it onto optical disks or VHS tapes for
distribution.

 Fraud and tamper detection. When multimedia content is used for legal purposes,
medical applications, news reporting, and commercial transactions, it is important to
ensure that the content was originated from a specific source and that it had not been
changed, manipulated or falsified. This can be achieved by embedding a watermark in the
data. Subsequently, when the photo is checked, the watermark is extracted using a unique
key associated with the source, and the integrity of the data is verified through the
integrity of the extracted watermark. The watermark can also include information from
the original image that can aid in undoing any modification and recovering the original.
Clearly a watermark used for authentication purposes should not affect the quality of an
image and should be resistant to forgeries. Robustness is not critical as removal of the
watermark renders the content inauthentic and hence of no value.

 ID card security. Information in a passport or ID (e.g., passport number, person’s name,

etc.) can also be included in the person’s photo that appears on the ID. By extracting the
embedded information and comparing it to the written text, the ID card can be verified.
The inclusion of the watermark provides an additional level of security in this
application. For example, if the ID card is stolen and the picture is replaced by a forged
copy, the failure in extracting the watermark will invalidate the ID card. The above
 represent a few example applications where digital watermarks could potentially be of
use. In addition there are many other applications in rights management and protection
like tracking use of content, binding content to specific players, automatic billing for
viewing content, broadcast monitoring etc. From the variety of potential applications
exemplified above it is clear that a digital watermarking technique needs to satisfy a
number of requirements. Since the specific requirements vary with the application,
watermarking techniques need to be designed within the context of the entire system in
which they are to be employed. Each application imposes different requirements and
would require different types of invisible or visible watermarking schemes or a
combination thereof. In the remaining sections of this chapter we describe some general
principles and techniques for invisible watermarking. Our aim is to give the reader a
better understanding of the basic principles, inherent trade-offs, strengths, and weakness,
of digital watermarking. We will focus on image watermarking in our discussions and
examples. However as we mentioned earlier, the concepts involved are general in nature
and can be applied to other forms of content such as video and audio.

 Broadcasting Monitoring: Commercials are aired by broadcasting channels and stations.

For this advertising firm purchase airtime from broadcasting channel. There are several
organizations and individuals interested in broadcasting monitoring, viz. advertiser, who
want to ensure if his commercial is broadcasted for all of his purchased airtime,
performers, who want to ensure that they get the royalties due to them from advertising
firm and owners of copyrighted works, who want to ensure that their property is not
illegally rebroadcasted by pirate stations. One solution to the problem is human observers
watching the broadcasting which is neither a feasible nor practically possible solution.
The other solution is to match the signal with the signals present in databases to ascertain
advertisers that messages are broadcasted. But matching signals from databases is very
complex process and require large amount of time and money.
The last solution is using watermarking techniques. It has advantage of existing
within content itself, rather than exploiting a particular segment of the broadcast signal,
and is therefore completely compatible with the installed base of broadcast equipment,
including both digital and analog transmission.
2.5 Attacks on Watermarked Work
Below are some significant known attacks: -

2.5.1 Scrambling Attacks:

A scrambling attack is a system-level attack in which the samples of a Work are
scrambled prior to presentation to a watermark detector and then subsequently
descrambled. The type of scrambling can be a simple sample permutation or a more
sophisticated pseudo-random scrambling of the sample values. The degree of scrambling
necessary depends on the detection strategy.
A well-known scrambling attack is the mosaic attack, in which an image is broken into
many small rectangular patches, each too small for reliable watermark detection. These
image segments are then displayed in a table such that the segment edges are adjacent.
The resulting table of small images is perceptually identical to the image prior to
subdivision. This technique can be used in a web application to evade a web-crawling
detector. The scrambling is simply the subdivision of the image into sub images, and the
descrambling is accomplished by the web browser itself.

2.5.2 Pathological Distortions:

For a watermark to be secure against unauthorized removal, it must be robust to
any process that maintains the fidelity of the Work. This process may be a normal
process, in which case we are requiring that a secure watermark be robust. However, it
may also be a process unlikely to occur during the normal processing of the Work. Any
process that maintains the fidelity of the Work could be used by an adversary to
circumvent the detector by masking or eliminating the watermark. The two most common
categories of such pathological distortions, geometric/temporal distortions (attacks on
synchronization) and noise removal distortions
2.4.2.1 Synchronization Attacks:
Many watermarking techniques are sensitive to synchronization. By
disturbing this synchronization, an adversary attempts to mask the watermark
signal. Examples of simple synchronization distortions include delay and time
scaling for audio and video, and rotation, scaling, and translation for images and
video. These simple distortions can be implemented such that they vary over time
 or space. More complex distortions include pitch-preserving scaling and sample
removal in audio, and shearing, horizontal reflection, and column or line removal
in images. Even more complex distortions are possible, such as nonlinear warping
of images.
2.4.2.2 Linear filtering and noise removal attack:
Linear filtering also can be used by an adversary in an attempt to remove a
watermark. For example, a watermark with significant energy in the high
frequencies might be degraded by the application of a low-pass filter. In addition,
any watermarking system for which the added pattern is “noiselike” is susceptible
to noise-removal techniques.

2.5.3 Copy Attacks:

A copy attack occurs when an adversary copies a watermark from one Work to
another. As such, it is a form of unauthorized embedding. The copy attack attempts to
thwart the effectiveness of such systems by estimating the watermark given in an
originally watermarked piece of media, and then adding that watermark to an un-
watermarked piece. In the first scenario listed above, this would allow an attacker to have
an inauthentic image be declared authentic, since it contains a watermark. In the second
scenario, an attacker could flood the market with content which ordinarily would allow a
user to manipulate it as he saw fit, but due to the presence of the watermark, limitations
would be imposed. In this way, schemes which sought to limit use of watermarked media
may prove to be too unpopular for wide distribution.

2.5.4 Ambiguity Attacks:

Ambiguity attacks create the appearance that a watermark has been embedded in a
Work when in fact no such embedding has taken place. An adversary can use this attack
to claim ownership of a distributed Work. He or she may even be able to make an
ownership claim on the original Work. As such, ambiguity attacks can be considered a
form of unauthorized embedding. However, they are usually considered system attacks.
Chapter 3 Methodology

3.1 Project Flow

The following diagram depicts the complete flow of project with the respective modules
or function names:

3.1.1 Insertion of Watermark Image into Cover Work: -

Fig 3.1 Flowchart showing Insertion of Watermark into Cover Work.

3.1.2 Extraction of Watermark Image from Watermarked Image: -

Fig 3.2 Flowchart showing extraction of watermark from watermarked image

3.1.3 Calculation of Detection ratio: -

Fig 3.3 Flowchart showing steps to calculate detection ratio

3.2 Step By Step procedure

The following is the step by step procedure with detailed description is as follows:

3.2.1 Read Cover Image:

The first step is to read the cover image (in our case we used a .jpeg image) and
process the image so that SIFT can be applied over the cover image. The .jpeg image,
which is originally RGB, is converted to gray image (pixel values belong to the set [0,
255].Further the image matrix is divided by 256 so as to bring the values in range of [0,
1].After these steps the image is ready for the SIFT to be operated over it to find all the
invariant patches.

3.2.2 SIFT:
Scale-invariant feature transform (or SIFT) is an algorithm in computer
vision to detect and describe local features in images. The algorithm was published
by David Lowe in 1999. For any object in an image, interesting points on the object can
be extracted to provide a "feature description" of the object. This description, extracted
from a training image, can then be used to identify the object when attempting to locate
the object in a test image containing many other objects. It is important that the set of
features extracted from the training image is robust to changes in image scale, noise,
illumination, and local geometric distortion to perform reliable recognition. Lowe's
patented method can robustly identify objects even among clutter and under partial
occlusion, because his SIFT feature descriptor is invariant to scale, orientation, and
affine distortion, and partially invariant to illumination changes.
The following is an image (Figure 3.1(a)) on which sift is applied to find
keypoints. Initially (Figure 3.1(b)) 832 keypoints locations at maxima and minima of the
difference-of-Gaussian function. After applying a threshold on minimum contrasts, 729
keypoints remain (Figure 3.1(c)). Figure3.1 (d) shows image with 536 keypoints that
remained following an additional threshold.

Fig 3.4. This figure shows the stages of keypoints selection. (a) The 233x189 pixel original image.
(b) The initial 832 keypoints locations at maxima and minima of the DoG function. (c) After
applying a threshold on minimum contrast, 729 keypoints remain. (d) The final 536 keypoints that
remain following an additional threshold.
 The selection of features is important for robust watermarking in content-based
synchronization methods. We believe that local image characteristics are more useful
than global ones. The scale-invariant feature transform, SIFT, extracts features by
considering local image properties and is invariant to rotation, scaling, translation, and
partial illumination changes. We implemented a proposed watermarking method, using
the SIFT, that is robust to geometric distortions. Using the SIFT, we generate circular
patches that are invariant to translation and scaling distortions. The watermark is inserted
into the circular patches in an additive way in the spatial domain. Rotation invariance is
achieved using the translation property of the polar-mapped circular patches. We have
performed an intensive simulation to show the robustness of the proposed method with
25 test images. The simulation results confirm that our method is robust against
geometric distortion attacks as well as signal-processing attacks.

3.2.2.1 The General Mathematical model of SIFT:

Considering local image characteristics, the SIFT descriptor extracts
features and their properties, such as the location (t1, t2), the scale s, and the
orientation.
The SIFT was proposed by Lowe and has proved to be invariant to image
rotation, scaling, translation, partial illumination changes, and projective
transformations. Considering local image characteristics, the SIFT descriptor
extracts features and their properties, such as the location (t1, t2), the scale s, and
the orientation.
The basic idea of the SIFT is to extract features through a staged filtering that
identifies stable points in the scale space:
1. Select candidates for features by searching for peaks in the scale space of
the difference-of-Gaussians (DoG) function.
2. Localize each feature using measures of its stability.
3. Assign orientations based on local image gradient directions.

In order to extract candidate locations for features, the scale space D(x,
y,) is computed using a DoG function. As shown in Fig. 3.2, they successively
smooth original images with a variable-scale (1, 2, and 3) Gaussian function
and calculate the scale-space images by subtracting two successive smoothed
images. The parameter  is a variance (called a scale) of the Gaussian function.
The scale of the scale-space images is determined by the nearby scale (1, 2, or
3) of the Gaussian-smoothed image. In these scale-space images, they retrieve all
local maxima and minima by checking the closest eight neighbors in the same
scale and nine neighbors in the scales above and below. These extrema determine
the location (t1, t2) and the scale s of the SIFT features, which are invariant to the
scale and orientation change of images. In our experiment, to generate the scale-
space images, we apply scales of the Gaussian function from 1.0 to 32.0 and
increase the scale by multiplying by a constant factor 2.

Fig 3.5 Scale space by using Difference-of-Gaussian (DoG) function and neighbor of a
pixel.

After candidate locations have been found, a detailed model is fitted by a 3-D
quadratic function to determine accurately the location (t1, t2) and scale s of each
feature. In addition, candidate locations that have a low contrast or are poorly
localized along edges are removed by measuring the stability of each feature
using a 2-by-2 Hessian matrix H as follows:
Here e is the ratio of the largest to the smallest Eigen value and is used to control
stability. They use e=10. The quantities Dxx, Dxy, and Dyy are the derivatives of the
scale space images. In order to achieve invariance to image rotation, they assign a
consistent orientation to each feature. In the Gaussian-smoothed image with the
scale of the extracted SIFT features, they calculate gradient orientations of all
sample points within a circular window about a feature location and form an
orientation histogram. The peak in this histogram corresponds to the dominant
direction of that feature.

3.2.2.2 The Modification in Mathematical model of SIFT for Watermarking:

The local features from the SIFT descriptor are not directly applicable to
watermarking, because the number and distribution of the features are dependent
on image contents and textures. Moreover, the SIFT descriptor was originally
devised for image-matching applications, so it extracts many features that have
dense distribution over the whole image. Therefore, we adjust the number,
distribution, and scale of the features and remove those features that are
susceptible to watermark attacks.
The SIFT descriptor extracts features with such properties as their location
(t1, t2), scale s, and orientation. In practice, the orientation property of the SIFT
descriptor of the original image and distorted images do not match precisely.
Hence, we make a circular patch by using only the location (t1, t2) and scale s of
extracted SIFT features, as follows:
where k is a magnification factor to control the radius of the circular patches. The
way in which this factor is determined is explained in the fourth paragraph of this
subsection. These patches are invariant to image scaling and translation as well as
spatial modifications. By applying a prefilter, such as a Gaussian filter, before
feature extraction, we can reduce the interference of noise and increase the
robustness of extracted circular patches. The scale of features derived from the
SIFT descriptor is related to the scaling factor of the Gaussian function in the
scale space. In our analysis, features whose scale is small have a low probability
of being redetected, because they disappear easily when image contents are
modified. Features whose scale is large also have a low probability of being
redetected in distorted images, because they move easily to other locations.
Moreover, using large-scale features means that patches will overlap each other,
which will result in degradation of the perceptual quality of watermarked images.
Therefore, we remove features whose scale is below a or above b. In our
experiments, we set a and b at 2.0 and 10.0, respectively. The SIFT descriptor
considers image contents so that extracted SIFT features have different properties
in the scale s, depending on image contents. Watermark insertion and detection
necessarily require interpolation to transform the rectangular watermark to match
the shape of patches, and vice versa. In order to minimize the distortion of the
watermark through interpolation, the size (radius) of the patches must be similar
to, or larger than, the size of the watermark. The scale s of extracted SIFT features
varies from 2.0 to 10.0. Therefore, we divide the scale of features into two ranges
and apply different magnification factors k1 and k2, which are determined
empirically on the assumption that the size of the watermarked images will not be
changed excessively. Although the features whose size is near to the boundary of
the range may be susceptible to scaling attacks, there are a number of circular
patches in an image, so that the effect of these features on the watermarking is
small. The distribution of local features is related to the performance of
watermarking systems. In other words, the distance between adjacent features
must be determined carefully. If the distance is small, patches will overlap in
large areas, and if the distance is large, the number of patches will not be
sufficient for the effective insertion of the watermark. To control the distribution
of extracted features, we apply a circular neighborhood constraint in which the
features whose strength is the largest are used to generate circular patches. The
value from the DoG function is used to measure the strength of each feature. The
distance D between adjacent features depends on the dimensions of the image and
is quantized by the r value as follows:

The width and height of the image are denoted by w and h, respectively. The r
value is a constant to control the distance between adjacent features and is set at
16 and 32 in the insertion and detection processes, respectively. Figure 2 shows a
circular patch from our proposed synchronization method in spatial filters,
additive uniform noise, rotation, and scaling of the image. For convenience of
identification, we represent only one patch and find that the patch is formulated
robustly, even when the image is distorted.
 Fig 3.6Circular patch from our proposed method in (a) the original image, (b) the mean-filtered
image, (c) the median-filtered image, (d) the additive uniform noise image, (e) the 10-deg rotated
image, and (f) the 1.2x scaled image.

3.2.3 Watermark Generation:

We generate a 2-D rectangular watermark that follows a Gaussian distribution,
using a random number generator. To be inserted into circular patches, this watermark
should be transformed so that its shape is circular. We consider the rectangular
watermark to be a polar-mapped watermark and inversely polar-map it to assign the
insertion location of the circular patches. In this way, a rotation attack is mapped as a
translation of the rectangular watermark, and the watermark still can be detected using
the correlation detector. Note that the size of circular patches differs, so we should
generate a separate circular watermark for each patch.

Let the x and y dimensions of the rectangular watermark be denoted by M and N,

respectively. Let r be the radius (size) of a circular patch. As shown in Fig. 3, we divide a
circular patch into homocentric regions.
 Fig 3.7 Polar mapping between rectangular watermark and the circular watermark.

To generate the circular watermark, the x- and the y-axes of the rectangular watermark
are inversely polar-mapped into the radius and angle directions of the patch. The relation
between the coordinates of the rectangular watermark and the circular watermark is
represented as follows:

where x and y are the rectangular watermark coordinates, ri and  are the coordinates of
the circular watermark, rM is equal to the radius of the patch, and r0 is a fixed fraction of
rM. In our project, we set r0 to rM /4.
For effective transformation, r0 should be larger than M /, and the difference between
rM and r0 should be larger than N. If these constraints are not satisfied, the rectangular
watermark must be sampled. As a result, it is difficult to transform efficiently. To
increase the robustness and invisibility of the inserted watermark, we transform the
rectangular watermark to be mapped to only the upper half of the patch, i.e., the y-axis of
the rectangular watermark is scaled by the angle of a half circle (), not the angle of a
full circle (2 ). The lower half of the patch is set symmetrically with respect to the
upper half (see Fig. 3).
In aspect of the image, watermarks constitute a kind of noise. When noise of
similar strength gathers together, we can perceive it. In our scheme, a pixel in the
rectangular watermark is mapped to adjacent several pixels in the circular watermark
during polar mapping. In other words, the same noise is inserted into the homocentric
region of a circular patch. Therefore, if the size of the homocentric region is large, the
inserted watermark is visible (as an embossing effect). Through symmetrical mapping,
we can make the size of the homocentric region small and thus render the watermark
invisible. Moreover, we can increase the likelihood that the watermark will survive
attacks such as cropping.

3.2.4 Watermark Insertion:

The first step in watermark insertion is to analyze image contents to extract the
patches. Then, the watermark is inserted repeatedly into all patches. Our watermark
insertion process is shown in Fig. 4(A).
Step a: To extract circular patches, we use the SIFT descriptor, as explained in
Sec.3.2.2. A single image may contain a number of patches. We insert the
watermark into all patches to increase the robustness of our scheme.
Step b.1.We generates a circular watermark dependent on the radius (size) of each
patch, using the method described in Sec.3.2.3. We have endeavored to construct
the patches so that their radius is similar to, or larger than, the x and y sizes of the
rectangular watermark; thus, during extraction of the patches, a pixel w in the
rectangular watermark is mapped to several pixels wc in the circular watermark.
This compensates for errors in alignment of the circular patches regarding
location and scale during watermark detection.
Step b.2. The insertion of the watermark must not affect the perceptual quality of
images. This constraint has a bearing on the insertion strength of the watermark,
inasmuch as it must be imperceptible to the human eye. We apply the perceptual
mask as follows:

where  is the lower bound of visibility in flat and smooth regions and  is the upper
bound in edged and texture regions. The noise visibility function is calculated as follows:

where 2x(ij) and 2 x max denote the local variance and maximum of neighboring pixels
within five pixels, and D is a scaling constant.
 Fig 3.8 Diagrammatic representation of Watermark insertion scheme

Step b.3. Finally, we insert this circular watermark additively into the spatial
domain. The insertion of the watermark is represented as the spatial addition
between the pixels of images and the pixels of the circular watermark as follows:

Here vi and wci denote the pixels of images and of the circular watermark,
respectively, and  denotes the perceptual mask that controls the insertion
strength of the watermark.
3.2.5 Watermark Detection:
Similarly to watermark insertion, the first step for watermark detection is
analyzing the image contents to extract patches. The watermark is then detected from the
patches. If the watermark is detected correctly from at least one patch, we can prove
ownership successfully. Our watermark detection process is shown in Fig. 4(B).
Step a. To extract circular patches, we use the SIFT descriptor, as described in Sec. 2.
There are several patches in an image, and we try to detect the watermark from all
patches.
Step b.1. The additive watermarking method in the spatial domain inserts the watermark
into the image contents as noise. Therefore, we first apply a Wiener filter to extract this
noise by calculating the difference between the watermarked image and its Wiener-
filtered image, and then regard that difference as the retrieved watermark.6 As with the
watermark insertion process, we compensate for the modification by perceptual masks,
but such compensation does not greatly affect the performance of watermark detection.
Step b.2. To measure the similarity between the reference watermark generated during
watermark insertion and the retrieved watermark, the retrieved circular watermark should
be converted into a rectangular watermark by applying the polar-mapping introduced in
Sec3.2.4. Considering the fact that the watermark is inserted symmetrically, we take the
mean value from the two semicircular areas. By this mapping, the rotation of circular
patches is represented as a translation, and hence we achieve rotation invariance for our
watermarking scheme.
 Fig 3.9 Diagrammatic representation of Watermark extraction scheme

Step b.3. We apply circular convolution to the reference watermark and the retrieved
watermark. The degree of similarity between the two, called the response of the
watermark detector, is represented by the maximum value of circular convolution as
follows:

where w is the reference watermark and w* is the retrieved watermark. The range of
similarity values is from −1.0 to 1.0. We can identify the rotation angle (/ r) of the
patches by finding the r with the maximum value. If the similarity exceeds a predefined
threshold, we can be satisfied that the reference watermark has been inserted. The method
of determining the threshold is described in the following section.
Step c. As mentioned, there are several circular patches in an image. Therefore, if the
watermark is detected from at least one patch, ownership is proved, and not otherwise.
The fact that we insert the watermark into several circular patches, rather than just one,
makes it highly likely that the proposed scheme will detect the watermark, even after
image distortions. Our watermarking scheme is robust against geometric distortion
attacks as well as signal-processing attacks. Scaling and translation invariance is achieved
by extracting circular patches from the SIFT descriptor. Rotation invariance is achieved
by using the translation property of the polar mapped circular patches.

3.2.6 Detection ratio:

This module compares the patches in both original image as well as attacked
image. During watermark detection, the redetection of patches that have been extracted
during watermark insertion is important for robustness. In order to mea sure the
redetection ratio, we first extracted circular patches from both the original image and the
attacked images, and then compared the locations and radii of the patches from the
original image with those of the patches from the attacked images. Prior to the
comparison, we transformed the locations and radii of circular patches from images
subjected to geometric attack to those of patches in the original image. If the difference
between circular patches from the original image and those from attacked images was
below 2 pixels, we regarded the patches as having been redetected correctly.

We applied various attacks: median filter [2x2], [3x3], and [4x4], JPEG
compression quality factor 40, 60, 90, Gaussian filtering [3x3], and scaling 0.7x, 0.8x,
0.9x, 1.1x, 1.2x and 1.3x.

Detection ratio refers to the ratio of the number of extracted patches from attacked
images to the number of correctly redetected patches from original image. Detection
failure refers to the number of images in which no patch is redetected.
Chapter 4 RESULTS

4.1 Test Images:

4.1.1 Cover work:

Fig 4.1 Original Cover Image

4.1.2 Position of Invariant patches in cover work:

Fig 4.2 Invariant patches present in original cover work

4.1.3 Watermark image:

Fig 4.3 Watermark image (72x72 pixels)

4.1.4 Cover Image with watermark:

Fig 4.4 Watermarked Image (Invisible)

4.1.5 Retrieved Watermark:

Fig 4.5 Retrieved Watermark Image

4.2 Performance of watermarking scheme and test results:
We tested the performance of our watermarking scheme. The proposed scheme is tested
for 30 random images for over 7500 patches. Each image used for testing is a .jpeg image of size
150x200 pixels. The size of rectangular watermark we took for testing the scheme is 72x72
pixels and the weighing factors  and  of noise visibility function was set to 5.0 and 1.0
respectively. We were able to get a detection ratio as high as approx. 85% under various type of
attacks listed in Stirmark 3.1: median filter, JPEG compression, Gaussian filtering, scaling. The
simulation results under attack are shown in Table 4.1. We take into consideration a pixel error
of 2 pixels while redetecting patches, that is if the position of any patch is shifted by +/- 2 pixels
and radius of patch is same we consider patch to be redetected correctly.

Detection ratio refer to the ratio of the number of patches correctly redetected from
watermarked image to total number of patches in which watermark inserted. Among 30 images,
detection failure refers to the number of images where inserted watermark could not be detected
with minimum similarity to prove ownership and hence we fail to prove ownership in those
images. Similarity is the average of similarity values from correctly detected watermark patches.

4.2.2 Test results

Table 4.1 Fraction of correctly detected watermark patches, number of failure images, and similarity under common
signal-processing and geometric attacks

Signal Processing and Detection Ratio Detection Failure Similarity

Geometric Attacks
Watermarked 95.231% 0 0.635
image(no attack)
Median Filter 2x2 94.917% 0 0.631
Median Filter 3x3 81.943% 0 0.616
Median Filter 4x4 56.837% 0 0.595
Gaussian Filter 86.871% 0 0.603
Scaling 1.1x 97.823% 0 0.614
Scaling 1.2x 96.363% 0 0.609
Scaling 1.3x 95.155% 0 0.583
Scaling .9x 66.231% 0 0.603
Scaling .8x 34.582% 1 0.508
Scaling .7x 16.750% 2 0.417
JPEG Compression 90 92.661% 0 0.589
JPEG Compression 60 79.905% 2 0.497
Chapter 5 Conclusion and Future Work

The result set as shown in Table 4-1, clearly depicts the inserted watermark is
successfully detected even after using additive watermarking method in spatial domain, which is
very unlikely as in case of attacks pixel values may change abnormally and it may be difficult to

recover the original pixel value and thus watermark may be lost.

Our major contribution is that we have proposed a robust watermarking scheme that uses
local invariant features. In order to resist geometric distortions, we extracted circular patches
using the SIFT descriptor, which is invariant to translation and scaling distortion. These patches
were watermarked additively in the spatial domain. Rotation invariance was achieved using the
translation property of the polar-mapped circular patches. We performed an intensive simulation,
and the results showed that our method would be robust against geometric distortion attacks as
well as signal-processing attacks. We believe that the consideration of local features is important
for the design of robust watermarking schemes, and our method is a solution that uses such
features

Drawbacks of the proposed watermarking scheme are related to its vulnerability to large
distortion of the aspect ratio. In addition, due to the computation time for the SIFT descriptor and
for the compensation of alignment errors, our scheme cannot be used effectively in real-time
applications.

Future work will focus on eliminating those drawbacks. In future this work can also be
extended for inserting watermark on videos. A Video is a sequence of images, called as frames,
and these frames are more or less same with slight changes and thus position of patches may not
vary considerably in adjacent patches. This property may be exploited to derive a new technique
for watermarking on videos. The time complexity may be an issue as a lot of computation needs
to be done and computational time for SIFT descriptor is already very large.
Appendix A

The following are the signature and brief description of functions used during
implementation of the proposed scheme:

1. processWatermark:
 Input parameters:
o watermarkFileName
o radius
 Output parameters:
o W: processed watermark image matrix
o P: radius matrix of circular watermark
o Q: theta matrix of circular watermark
 Description: This module performs the polar mapping of rectangular
watermark to circular watermark.
2. insertWatremark:
 Input parameters:
o I: cover work
o W: processed Watermark
o X: x-co-ordinate
o Y: y-co-ordinate
 Output parameters:
o I: watermarked image
 Description: This module inserts watermark into image.
3. extractWatermark:
 Input parameters:
o I: watermarked Image
o I1: original cover work
o X: x-co-ordinate
o Y: y-co-ordinate
o [a,b]:size of watermark
  Output parameters:
o RW: retrieved watermark
 Description: This module extract watermark from watermarked image.
4. compareWatermark:
 Input parameters:
o W: reference watermark
o RW: retrieved watermark
o Diff: Pixel Error
 Output parameters:
o Ratio: similarity ratio.
 Description: This module compares the retrieved watermark with
reference watermark and gives the similarity as a ratio.
5. calculateDetectionratio:
 Input parameters:
o frame: sift frame matrix for original cover work
o f1: sift frame matrix for attacked image
o diff: pixel error
 Output parameters:
o ratio: detection ratio
 Description: This module calculates the detection ratio for the attacked
image.
References

[1] H.Y. lee, H.S. Kim and H.K. Lee, “Robust image watermarking using local invariant
features” optical engineering vol45 (3)(2006)037002(page 1-11)

[2] D.G. Lowe, “Distinctive Image Features from Scale-Invariant Keypoints” International
Journal of Computer Vision 60(2) (2004) page 91-110.

[3] Leida LI, Xiaoping YUAN, Zhaolin LU, Jeng-Shyang PAN “Rotation Invariant Watermark
Embedding Based on Scale-Adapted Characteristic Regions” Informational Sciences (November
2009) page 1-22.

[4] Xia-mu Niu, Zhe-ming Lu, Sheng-ho Sun, “Digital Watermarking of Still Images with Gray-
Level Digital Watermarks” IEEE transaction on Consumer Electronics, Vol. 46, No.1 (February
2000) page 137-145.

[5]Patrick Bas, Jean-Marc Chassery, Benoit Macq, “Geometrically Invariant Watermarking

Using Feature points” IEEE Transactions on Image Processing, VOL.11, NO.9 (September
2002) page 1014-1028.

[6]Yanqun Zhang, “Digital Watermarking Technology: A Review”2009 ETP International

Conference on Future Computer and Communication page- 250-252.

[7]Yiwei Wang, John F. Doherty, Robert E. Van Dyck, “A Wavelet-Based Watermarking

Algorithm for Ownership Verification of Digital Images” IEEE Transactions on Image
Processing, Vol.11, NO.2 (February 2002) page 77-86.

[8]A. Nikolaidis and I. Pitas, “Region-based Image Watermarking” IEEE Transactions on Image
Processing, VOL.10, NO.11 (2001) page 1726-1740.

[9] Book on Digital Watermarking and Steganography by Ingemar J. Cox and Matthew L.
Miller, The Morgan Kaufmann Series in Multimedia Information and Systems, Second Edition.