A secret sharing-based method for authentication of grayscale document images via the use of the png...

IEEE TRANSACTIONS ON IMAGE PROCESSING, VOL. 21, NO. 1, JANUARY 2012 207

A Secret-Sharing-Based Method for Authenticationof Grayscale Document Images via the Use of the

PNG Image With a Data Repair CapabilityChe-Wei Lee, Student Member, IEEE, and Wen-Hsiang Tsai, Senior Member, IEEE

Abstract—A new blind authentication method based on the se-cret sharing technique with a data repair capability for grayscaledocument images via the use of the Portable Network Graphics(PNG) image is proposed. An authentication signal is generated foreach block of a grayscale document image, which, together with thebinarized block content, is transformed into several shares usingthe Shamir secret sharing scheme. The involved parameters arecarefully chosen so that as many shares as possible are generatedand embedded into an alpha channel plane. The alpha channelplane is then combined with the original grayscale image to forma PNG image. During the embedding process, the computed sharevalues are mapped into a range of alpha channel values near theirmaximum value of 255 to yield a transparent stego-image with adisguise effect. In the process of image authentication, an imageblock is marked as tampered if the authentication signal computedfrom the current block content does not match that extracted fromthe shares embedded in the alpha channel plane. Data repairing isthen applied to each tampered block by a reverse Shamir schemeafter collecting two shares from unmarked blocks. Measures forprotecting the security of the data hidden in the alpha channel arealso proposed. Good experimental results prove the effectivenessof the proposed method for real applications.

Index Terms—Data hiding, data repair, grayscale documentimage, image authentication, Portable Network Graphics (PNG)image, secret sharing.

I. INTRODUCTION

D IGITAL image is a form for preserving important infor-mation. However, with the fast advance of digital tech-

nologies, it is easy to make visually imperceptible modificationsto the contents of digital images. How to ensure the integrity andthe authenticity of a digital image is thus a challenge. It is de-sirable to design effective methods to solve this kind of imageauthentication problem [1]–[3], particularly for images of doc-uments whose security must be protected. It is also hoped that,

Manuscript received August 05, 2010; revised December 15, 2010 and April07, 2011; accepted June 02, 2011. Date of publication June 20, 2011; date ofcurrent version December 16, 2011. This work was supported by the NationalScience Council under Project 99-2631-H-009-001. The associate editor coor-dinating the review of this manuscript and approving it for publication was Dr.Min Wu.

C. W. Lee is with the Department of Computer Science, National Chiao TungUniversity, Hsinchu 300, Taiwan (e-mail: [email protected]).

W.-H. Tsai is with the Department of Computer Science, National ChiaoTung University, Hsinchu 300, Taiwan, and also with the Department of In-formation Communication, Asia University, Taichung 41354, Taiwan (e-mail:[email protected]).

Color versions of one or more of the figures in this paper are available onlineat http://ieeexplore.ieee.org.

Digital Object Identifier 10.1109/TIP.2011.2159984

Fig. 1. Binary-like grayscale document image with two major gray values.

if part of a document image is verified to have been illicitly al-tered, the destroyed content can be repaired. Such image contentauthentication and self-repair capabilities are useful for the se-curity protection of digital documents in many fields, such asimportant certificates, signed documents, scanned checks, cir-cuit diagrams, art drawings, design drafts, last will and testa-ments, and so on.

Document images, which include texts, tables, line arts, etc.,as main contents, are often digitized into grayscale images withtwo major gray values, one being of the background (includingmainly blank spaces) and the other of the foreground (includingmainly texts). It is noted that such images, although gray valuedin nature, look like binary. For example, the two major grayvalues in the document image shown in Fig. 1 are 174 and 236,respectively. It seems that such binary-like grayscale documentimages may be thresholded into binary ones for later processing,but such a thresholding operation often destroys the smooth-ness of the boundaries of text characters, resulting in visuallyunpleasant stroke appearances with zigzag contours. Therefore,in practical applications, text documents are often digitized andkept as grayscale images for later visual inspection.

In general, the image authentication problem is difficult for abinary document image because of its simple binary nature thatleads to perceptible changes after authentication signals are em-bedded in the image pixels. Such changes will arouse possiblesuspicions from attackers. A good solution to such binary imageauthentication should thus take into account not only the secu-rity issue of preventing image tampering but also the necessityof keeping the visual quality of the resulting image. In this paper,we propose an authentication method that deals with binary-likegrayscale document images instead of pure binary ones and si-multaneously solves the problems of image tampering detectionand visual quality keeping.

1057-7149/$26.00 © 2011 IEEE

http://ieeexploreprojects.blogspot.com

208 IEEE TRANSACTIONS ON IMAGE PROCESSING, VOL. 21, NO. 1, JANUARY 2012

Several methods for binary image authentication have beenproposed in the past. Wu and Liu [4] manipulated the so-calledflippable pixels to create specific relationships to embed data forauthentication and annotation of binary images. Yang and Kot[5] proposed a two-layer binary image authentication methodin which one layer is used for checking the image fidelity andthe other for checking image integrity. In the method, a connec-tivity-preserving transition criterion for determining the flippa-bility of a pixel is used for embedding the cryptographic signa-ture and the block identifier. Later, Yang and Kot [6] proposed apattern-based data hiding method for binary image authentica-tion in which three transition criteria are used to determine theflippabilities of pixels in each block, and the watermark is adap-tively embedded into embeddable blocks to deal with the unevenembeddability condition in the host image. In the method pro-posed in [7], a set of pseudorandom pixels in a binary or halftoneimage are chosen and cleared, and authentication codes are ac-cordingly computed and inserted into selected random pixels.In Tzeng and Tsai’s method [8], randomly generated authenti-cation codes are embedded into image blocks for use in imageauthentication, and a so-called code holder is used to reduceimage distortion resulting from data embedding. Lee et al. [9]proposed a Hamming-code-based data embedding method thatflips one pixel in each binary image block for embedding a wa-termark, yielding small distortions and low false negative rates.Lee et al. [10] improved the method later by using an edge linesimilarity measure to select flippable pixels for the purpose ofreducing the distortion.

In this paper, a method for the authentication of documentimages with an additional self-repair capability for fixing tam-pered image data is proposed. The input cover image is as-sumed to be a binary-like grayscale image with two major grayvalues like the one shown in Fig. 1. After the proposed methodis applied, the cover image is transformed into a stego-imagein the Portable Network Graphics (PNG) format with an addi-tional alpha channel for transmission on networks or archivingin databases. The stego-image, when received or retrieved, maybe verified by the proposed method for its authenticity. Integritymodifications of the stego-image can be detected by the methodat the block level and repaired at the pixel level. In case the alphachannel is totally removed from the stego-image, the entire re-sulting image is regarded as inauthentic, meaning that the fi-delity check of the image fails. The proposed method is based onthe so-called -threshold secret sharing scheme proposedby Shamir [11] in which a secret message is transformed intoshares for keeping by participants, and when of the shares,not necessarily all of them, are collected, the secret message canbe losslessly recovered. Such a secret sharing scheme is usefulfor reducing the risk of incidental partial data loss.

Conventionally, the concepts of “secret sharing” and “datahiding for image authentication” are two irrelevant issues inthe domain of information security. However, in the proposedmethod, we combine them together to develop a new image au-thentication technique. The secret sharing scheme is used in thedeveloped technique not only to carry authentication signals andimage content data but also to help repair tampered data throughthe use of shares.

An issue in the self-repairing of tampered data at attackedimage parts is that, after the original data of the cover image areembedded into the image itself for use in later data repairing, thecover image is destroyed in the first place and the original dataare no longer available for data repairing, resulting in a con-tradiction. A solution to this problem is to embed the originalimage data somewhere else without altering the cover image it-self. The way proposed in this paper to implement this solutionis to utilize the extra alpha channel in a PNG image to embedthe original image data. However, the alpha channel of the PNGimage is originally used for creating a desired degree of trans-parency for the image. Moreover, embedding of data into thealpha channel will create random transparency in the resultingPNG image, producing an undesirable opaque effect. One wayout, as proposed in this paper, is to map the resulting alphachannel values into a small range near their extreme value of255, yielding a nearly imperceptible transparency effect on thealpha channel plane.

Another problem encountered in the self-repairing of theoriginal image data is that the data to be embedded in thecarrier are often large sized. For our case here with the alphachannel as the carrier, this is not a problem because the coverimage that we deal with is essentially binary-like, and thus,we may just embed into the carrier a binary version of thecover image, which includes much less data. Furthermore,through a careful design of authentication signals, a properchoice of the basic authentication unit (i.e., the unit of 23 image block) and a good adjustment of the parameters inthe Shamir scheme, we can reduce the data volume of thegenerated shares effectively so that more shares can be em-bedded into the alpha channel plane. It is noted that, by theproposed method, the larger the number of shares is, the higherthe resulting data repair capability becomes, as shown in thesubsequent sections. Finally, we distribute the multiple sharesrandomly into the alpha channel to allow the share data to havelarge chances to survive attacks and to thus promote the datarepair capability. To the best of our knowledge, this is the firstsecret-sharing-based authentication method for binary-likegrayscale document images. It is also the first authenticationmethod for such document images through the use of the PNGimage. Note that this method is not a secret-sharing techniquebut a document image authentication method.

The remainder of this paper is organized as follows: InSection II, the Shamir method on which the proposed methodis based is first reviewed. In Section III, the details of theproposed method, including authentication signal generation,share data embedding, and tampered data repairing, are de-scribed. In Section IV, some discussions about the merits of theproposed method and the possible enhancements of securityprotection are given. Experimental results and a comparison ofperformances of the proposed method with others are shown inSection V, followed by conclusions in Section VI.

II. REVIEW OF THE SHAMIR METHOD FOR SECRET SHARING

In the -threshold secret sharing method proposed byShamir [11], secret in the form of an integer is transformedinto shares, which then are distributed to participants for them


LEE AND TSAI: SECRET-SHARING-BASED METHOD FOR AUTHENTICATION OF GRAYSCALE DOCUMENT IMAGES 209

to keep; and as long as of the shares are collected, the orig-inal secret can be accordingly recovered, where . Thedetail of the method is reviewed in the following.

Algorithm 1: -threshold secret sharing.

Input: secret in the form of an integer, number ofparticipants, and threshold .

Output: shares in the form of integers for the participantsto keep.

Step 1. Choose randomly a prime number that is larger than .

Step 2. Select integer values within therange of 0 through .

Step 3. Select distinct real values .

Step 4. Use the following -degree polynomial tocompute function values , called partial shares for

, i.e.,

(1)

Step 5. Deliver the two-tuple as a share to the thparticipant where .

Since there are coefficients, namely, and throughin (1) above, it is necessary to collect at least shares from the

participants to form equations of the form of (1) to solvethese coefficients in order to recover secret . This explainsthe term threshold for and the name -threshold for theShamir method [11]. Below is a description of the just-men-tioned equation-solving process for secret recovery.

Algorithm 2: Secret recovery.

Input: shares collected from the participants and the primenumber with both and being those used in Algorithm 1.

Output: secret hidden in the shares and coefficients usedin (1) in Algorithm 1, where .

Steps.

Step 1. Use the sharesto

set up

(2)

where .

Step 2. Solve the equations above by Lagrange’s interpolationto obtain as follows [12]:

Step 3. Compute through by expanding the followingequality and comparing the result with (2) in Step 1 whileregarding variable in the equality below to be in (2):

Step 3 in the above algorithm is additionally included for thepurpose of computing the values of parameters in the pro-posed method. In other applications, if only the secret valueneed be recovered, this step may be eliminated.

III. IMAGE AUTHENTICATION AND DATA REPAIRING

In the proposed method, a PNG image is created from a bi-nary-type grayscale document image with an alpha channelplane. The original image may be thought as a grayscalechannel plane of the PNG image. An illustration of this processof PNG image creation is shown in Fig. 2. Next, is bina-rized by moment-preserving thresholding [13], yielding a bi-nary version of , which we denote as . Data for authentica-tion and repairing are then computed from and taken as inputto the Shamir secret sharing scheme to generate secret shares.The share values are subsequently mapped into a small rangeof alpha channel values near the maximum transparency valueto create an imperceptibility effect. Finally, the mapped secretshares are randomly embedded into the alpha channel for thepurpose of promoting the security protection and data repair ca-pabilities. Two block diagrams describing the proposed methodare shown in Figs. 3 and 4.

Since the alpha channel plane is used for carrying data forauthentication and repairing, no destruction will occur to theinput image in the process of authentication. In contrast, con-ventional image authentication methods often sacrifice part ofimage contents, such as least significant bits (LSBs) or flippablepixels, to accommodate data used for authentication. In addi-tion, once a stego-image generated from a conventional methodsuch as an LSB-based one is unintentionally compressed by alossy compression method, the stego-image might cause falsepositive alarms in the authentication system. In contrast, the pro-posed method yields a stego-image in the PNG format, which,in normal cases, will not be further compressed, reducing thepossibility of erroneous authentication caused by imposing un-desired compression operations on the stego-image.

A. Algorithm for Generation of a Stego-Image

A detailed algorithm for describing the generation of a stego-image in the PNG format of the proposed method is presentedin the following.

Algorithm 3: Generation of a stego-image in the PNGformat from a given grayscale image.



Fig. 2. Illustration of creation of a PNG image from a grayscale document image and an additional alpha channel plane.

Fig. 3. Illustration of creating a PNG image from a grayscale document imageand an alpha channel.

Input: a grayscale document image with two major grayvalues and a secret key .

Output: stego-image in the PNG format with relevant dataembedded, including the authentication signals and the dataused for repairing.

Steps.

Stage I—generation of authentication signals.

Step 1. (Input image binarization) Apply moment-preservingthresholding [13] to to obtain two representative gray values

and , compute , and use as a thresholdto binarize , yielding a binary version with “0” representing

and “1” representing .

Step 2. (Transforming the cover image into the PNG format)Transform into a PNG image with an alpha channel plane

by creating a new image layer with 100% opacity and nocolor as and combining it with using an image processingsoftware package.

Step 3. (Beginning of looping) Take in an unprocessedraster-scan order a 2 3 block of with pixels

.

Step 4. (Creation of authentication signals) Generate a 2-bitauthentication signal with and

, where denotes the exclusive-or operation.

Stage II—creation and embedding of shares.

Step 5. (Creation of data for secret sharing) Concatenate the 8bits of , , and through to form an 8-bit string, dividethe string into two 4-bit segments, and transform the segmentsinto two decimal numbers and , respectively.

Step 6. (Partial share generation) Set , , and in (1) ofAlgorithm 1 to be the following values: 1) (the smallestprime number larger than 15); 2) and ; and3) , . Perform Algorithm 1 as a(2, 6)-threshold secret sharing scheme to generate six partialshares through using the following equations:

(3)

where .

Step 7. (Mapping of the partial shares) Add 238 to each ofthrough , resulting in the new values of through ,

respectively, which fall in the nearly total transparency rangeof 238 through 254 in the alpha channel plane .

Step 8. (Embedding two partial shares in the current block)Take block in corresponding to in , select the firsttwo pixels in in the raster-scan order, and replace theirvalues by and , respectively.

Step 9. (Embedding remaining partial shares at random pixels)Use key to select randomly four pixels in but outside

, which are unselected yet in this step, and not the first twopixels of any block; in the raster-scan order, replace the fourpixels’ values by the remaining four partial shares through

generated above, respectively.

Step 10. (End of looping) If there exists any unprocessed blockin , then go to Step 3; otherwise, take the final in the PNGformat as the desired stego-image .

The possible values of through yielded by (3) above arebetween 0 and 16 because the prime number used there is 17.After performing Step 7 of the above algorithm, they become

through , respectively, which all fall into a small intervalof integers ranging from 238 to 254 with a width of 17 (the valueof the prime number). The subsequent embedding of through



Fig. 4. Authentication process including verification and self-repairing of a stego-image in PNG format.

in such a narrow interval into the alpha channel plane meansthat very similar values will appear everywhere in the plane,resulting in a nearly uniform transparency effect, which will notarouse notice from an attacker.

The reason why we choose the prime number to be 17 in theabove algorithm is explained here. If it was instead chosen tobe larger than 17, then the aforementioned interval will be en-larged, and the values of through will become possiblysmaller than 238, creating an undesired less transparent but vi-sually whiter stego-image. On the other hand, the 8 bits men-tioned in Steps 5 and 6 above are transformed into two decimalnumbers and with their maximum values being 15 (seeStep 5 above), which are constrained to lie in the range of 0through (see Step 2 in Algorithm 1). Therefore, shouldnot be chosen to be smaller than 16. In short, is an op-timal choice.

As to the choice of the block size, the use of a larger blocksize, such as 2 4 or 3 3, will reduce the precision of theresulting integrity authentication (i.e., the stego-image will beverified in a spatially coarser manner). On the other hand, itseems that a smaller block size such as 2 2 instead of 2 3may be tried to increase the authentication precision. However,a block in the alpha channel with a size of 2 2 can be usedto embed only four partial shares instead of six (see Steps 6–9of Algorithm 3). This decreases the share multiplicity and thusreduces the data repair capability of the method. In short, thereis a tradeoff between the authentication precision and the datarepair capability, and our choice of the block size of 2 3 is abalance in this aspect.

Finally, we use Fig. 5 to illustrate Steps 8 and 9 of Algo-rithm 3, where a core idea of the proposed method is presented,i.e., two shares of the generated six are embedded at the currentblock and the other four are embedded at four randomly selectedpixels outside the block, with each selected pixel not being thefirst two ones in any block.

B. Algorithm for Stego-Image Authentication

A detailed algorithm describing the proposed stego-imageauthentication process, including both the verification and theself-repairing of the original image content, is presented in thefollowing.

Fig. 5. Illustration of embedding six shares created for a block: Two sharesembedded at the current block, and the other four in four randomly selectedpixels outside the block, with each selected pixel not being the first two ones inany block.

Algorithm 4: Authentication of a given stego-image in thePNG format.

Input: stego-image , the representative gray values and, and the secret key used in Algorithm 3.

Output: image with tampered blocks marked and their datarepaired if possible.

Stage I—extraction of the embedded two representative grayvalues.

Step 1. (Binarization of the stego-image) Compute, and use it as a threshold to binarize ,

yielding a binary version of with “0” representing and“1” representing .

Stage II—verification of the stego-image.

Step 2. (Beginning of looping) Take in a raster-scan order anunprocessed block from with pixel values through

, and find the six pixels’ values through of thecorresponding block in the alpha channel plane of .

Step 3. (Extraction of the hidden authentication signal)Perform the following steps to extract the hidden 2-bitauthentication signal from :



(1) Subtract 238 from each of and to obtain two partialshares and of , respectively.

(2) With shares and as input, performAlgorithm 2 to extract the two values and (the secretand the first coefficient value, respectively) as output.

(3) Transform and into two 4-bit binary values,concatenate them to form an 8-bit string , and take the first2 bits and of to compose the hidden authenticationsignal .

Step 4. (Computation of the authentication signal from thecurrent block content) Compute a 2-bit authentication signal

from values through of the six pixels of byand .

Step 5. (Matching of the hidden and computed authenticationsignals and marking of tampered blocks) Match and bychecking if and , and if any mismatch occurs,mark , the corresponding block in , and all the partialshares embedded in as tampered.

Step 6. (End of looping) If there exists any unprocessed blockin , then go to Step 2; otherwise, continue.

Stage III—self-repairing of the original image content

Step 7. (Extraction of the remaining partial shares) Foreach block in , perform the following steps to extractthe remaining four partial shares through of thecorresponding block in from blocks in other than .

(1) Use key to collect the four pixels in in the sameorder as they were randomly selected for in Step 9 ofAlgorithm 3, and take out the respective data , , , and

embedded in them.

(2) Subtract 238 from each of through to obtainthrough , respectively.

Step 8. (Repairing the tampered regions) For each block inmarked as tampered previously, perform the following steps

to repair it if possible.

(1) From the six partial shares through of block incorresponding to (two computed in Step 3(1) and four

in Step 7(2) above), choose two of them, e.g., and ,which are not marked as tampered, if possible.

(2) With shares and as input, performAlgorithm 2 to extract the values of and (the secret andthe first coefficient value, respectively) as output.

(3) Transform and into two 4-bit binary values, andconcatenate them to form an 8-bit string .

(4) Take the last 6 bits from , and check theirbinary values to repair the corresponding tampered pixelvalues of block by the following way:

if , set ; otherwise, set

where .

Step 9. Take the final as the desired self-repaired image .

IV. DISCUSSIONS

A. Merits of the Proposed Method

In addition to being capable of data repairing and being blindin nature (requiring no overhead other than the stego-image), theproposed method has several other merits, which are describedin the following.

1) Providing pixel-level repairs of tampered image parts—Aslong as two untampered partial shares can be collected, atampered block can be repaired at the pixel level by theproposed method. This yields a better repair effect for textsin images because text characters or letters are smaller insize with many curved strokes and need finer pixel-levelrepairs when tampered with.

2) Having higher possibility to survive image content at-tacks—By skillfully combining the Shamir scheme, theauthentication signal generation, and the random embed-ding of multiple shares, the proposed method can survivemalicious attacks of common content modifications, suchas superimposition, painting, etc., as will be demonstratedby experimental results subsequently described.

3) Making use of a new type of image channel for datahiding—Different from common types of images, a PNGimage has the extra alpha channel plane that is normallyused to produce transparency to the image. It is differentlyutilized by the proposed method for the first time as acarrier with a large space for hiding share data. As acomparison, many other methods use LSBs as the carriersof hidden data.

4) Causing no distortion to the input image—Conventionalimage authentication methods that usually embed authen-tication signals into the cover image itself will unavoidablycause destruction to the image content to a certain extent.Different from such methods, the proposed method utilizesthe pixels’ values of the alpha channel for the purpose ofimage authentication and data repairing, leaving the orig-inal image (i.e., the grayscale channel) untouched and thuscausing no distortion to it. The alpha channel plane may beremoved after the authentication process to get the originalimage. Fig. 6 shows the framework of the proposed methodin this aspect, and Fig. 7, shown for comparison, illustratesa conventional image authentication method.

5) Enhancing data security by secret sharing—Instead ofhiding data directly into document image pixels, the pro-posed method embeds data in the form of shares into thealpha channel of the PNG image. The effect of this may beregarded as double-fold security protection, one fold con-tributed by the shares as a form of disguise of the originalimage data and the authentication signals and the otherfold contributed by the use of the alpha channel plane,



Fig. 6. Framework of proposed document image authentication method.

Fig. 7. Framework of a conventional image authentication method.

which is created to be nearly transparent, as previouslymentioned.

B. Measures for Security Enhancement

The secret key , which is used to randomize the pixel po-sitions for embedding the mapped partial shares throughmentioned in Step 9 of Algorithm 3, provides a measure to pro-tect the shares. More specifically, as described in Algorithm 3,each block in the alpha channel plane may be regarded to con-sist of two parts, i.e., the first part including the first two pixelsand the second including the remaining four. The first part ofeach block is used for keeping the first two partial sharesand , and the second part for keeping the last four partialshares through of other blocks located at random posi-tions. Therefore, the probability of correctly guessing the lo-cations of all the embedded partial shares in a stego-image is

, where is the size of thecover image, is the total number of blocks, each withsix pixels, and is the total number ofpixels in the blocks other than those in the first parts of all theblocks. This probability is obviously very small for commonimage sizes, meaning that a correct guess of the embedded par-tial shares is nearly impossible.

To enhance further the security of the data embedded in thestego-image, one additional measure is adopted in the proposedmethod (but not included in the previously proposed algorithmsfor clarity of algorithm descriptions). It is the randomization ofthe constant values of through used in Step 6 of Algorithm

3 and Step 3(2) in Algorithm 4. Specifically, in Step 3(2) in Al-gorithm 4, we can see that the input shares into Algorithm 2,i.e., and , can be easily forged, leading to the pos-sibility of creating fake authentication signals. To remedy thisweakness, with the help of another secret key, we may choosethese values of through for each block to be randomwithin the allowed integer range of [11].Then, the probability of correctly guessing all these values forall the blocks in a stego-image can be figured out tobe

, which is also very small for common image sizes.

V. EXPERIMENTAL RESULTS AND COMPARISON

WITH OTHER METHODS

A. Experimental Results Using a Document Image of a SignedPaper

The first results that we show here come from our experimentsusing a document image of a signed paper shown in Fig. 8(a).The result of applying Algorithm 3 to embed share data intoFig. 8(a) is shown in Fig. 8(b). As shown, the stego-image shownin the latter is visually almost identical to the cover image shownin the former, although the alpha channel content of the latterimage includes the embedded data. As a comparison, Fig. 8(c)shows a result similarly created but without conducting Step 7of Algorithm 3, which maps the original partial share valuesinto the small interval of alpha channel values ranging from 238through 254. An obvious opaque effect (nearly white) appearsin Fig. 8(c).

We have also conducted image-modification attacks to thestego-images using two common image editing operations,namely, superimposing and painting. Tampered images yieldedby the superimposing operation are presented in Figs. 7–10. Itwas observed from these experimental results that the superim-posing operation, such as that provided by the image editingsoftware Adobe Photoshop or Corel PhotoImpact, destroys thecontent of the alpha channel values by replacing all the originalalpha channel values at the attacked part with the new valuesof 255. Since the largest alpha channel values created by theproposed method is 254 (see Step 7 of Algorithm 3), all pixelswith the unique values of 255 in the alpha channel plane may



Fig. 8. Experimental result of a document image of a signed paper. (a) Originalcover image. (b) Stego-image with embedded data. (c) Another stego-imagecreated without conducting partial share value mapping.

Fig. 9. Authentication result of a PNG document image of a signed paper at-tacked by superimposing a white rectangular shape on the signature in Fig. 6.(a) Tampered image yielded by the superimposing operation. (b) Result withtampered blocks detected and marked as gray. (c) Data repair result. (d) Datarepair result with red dots indicating unrepaired tampered blocks. (e) Erroneousdata repair result obtained with a wrong key.

be easily detected as tampered by a modified version of Step 3of Algorithm 4, which we describe as follows:

Step 3 (Checking of superimposing attacks and extractionof the hidden authentication signal) Check if both and

are 255. If so, then regard the corresponding blockin as attacked by superimposing, mark , , and allthe partial shares embedded in as tampered, and go toStep 6; otherwise, perform the original operations of Step3 of Algorithm 4.

Fig. 9(a) shows the result of superimposing a white rectan-gular shape with a fake signature “Simo” on the genuine signa-ture “C. W. Lee” in the stego-image in Fig. 8(b). Fig. 9(b) showsthe authentication result yielded by Algorithm 4, with the grayblocks indicating the detected tampered image parts. As shown,the superimposing rectangular part on the signature C. W. Leehas been completely detected. For each of the detected tamperedblocks, if at least two untampered shares of it can be collected,its original content can be repaired, yielding the result shownin Fig. 9(c); otherwise, the tampered block is left unrepaired,as shown by the red dots in Fig. 9(d). Additionally, we showthe data repair result obtained with a wrong key in Fig. 9(e). As

Fig. 10. Authentication result of the document image of a signed paper attackedby superimposing a white rectangular shape on a piece of text in Fig. 6(b). (a)Tampered image yielded by the superimposing operation. (b) Result with tam-pered blocks detected and marked as gray. (c) Data repair result. (d) Data repairresult with red dots indicating unrepaired tampered blocks.

Fig. 11. Authentication result of the document image of a signed paper attackedby superimposing white raster rectangular shapes on the content in Fig. 6(b).(a) Tampered image yielded by the superimposing operation. (b) Result withtampered blocks detected and marked as gray. (c) Data repair result. (d) Datarepair result with red dots indicating unrepaired tampered blocks.

shown, the repair work cannot be correctly accomplished; theresult is just noise.

In Fig. 10(a), a text line under the signature in the signedpaper disappeared after a white rectangular band was superim-posed on it. The results of image authentication and repairingare shown in Fig. 10(b) and (c), respectively. Although someblocks are not repaired, as indicated by the red dots in Fig. 10(d),the repair result of the text line is visually well recognizable.To test further the performance of the proposed method, we en-larged tampered areas during attacks, and a result is shown inFig. 11. It is shown in the figure that the data repair result be-comes worse when the tampered area grows. This is reasonablebecause, when the tampered area becomes larger, fewer partialshares for data repairing will survive.

Table I includes the statistics of the performance of the pro-posed method shown by the above experimental results in termsof the five parameters, i.e., tampering, detection, repair, false-acceptance, and false-rejection ratios, which are defined in thefollowing:

1) tampering ratio (the number of tampered blocks)/(thetotal number of blocks);

2) detection ratio (the number of detected blocks)/(thenumber of tampered blocks);

3) repair ratio (the number of repaired blocks)/(thenumber of detected blocks);



TABLE ISTATISTICS OF EXPERIMENTAL RESULTS OF ATTACKS USING SUPERIMPOSING

Fig. 12. Authentication result of the document image of a signed paper attackedby painting white color on the original signature and texts and replacing thesignature by a fake one in Fig. 6(b). (a) Tampered image yielded by the paintingoperation. (b) Result with tampered blocks detected and marked as gray. (c) Datarepair result. (d) Data repair result with red dots indicating unrepaired blocks.

4) false-acceptance ratio (the number of tampered blocksmarked as untampered)/(the total number of tamperedblocks);

5) false-rejection ratio (the number of untampered blocksmarked as tampered)/(the total number of untamperedblocks).

Note that the detection ratios are all 100% due to the easein detection of the alpha channel values of 255 (using Step 3described above) at image parts attacked by superimposing, aspreviously mentioned. Likewise, the alpha channel value corre-sponding to an intact block will not be 255 and can be easilychecked to be so, yielding a false rejection rate of 0%. On thecontrary, the alpha channel value corresponding to a tamperedblock is 255, which is easy to check as well, yielding a false ac-ceptance rate of 0%.

The content of a stego-image may be modified as well by thecommon operation of painting provided by well-known imageediting software. Again, painting using Adobe Photoshop willreplace the alpha channel values by 255, just like the superim-posing operation previously mentioned. However, it was foundin this paper that the painting operation provided by CorelPhotoImpact does not change the alpha channel values. There-fore, we conducted experiments of stego-image attacks usingthis type of painting. Some results are given in Figs. 12–14. InFig. 12, the painting operation was used to smear backgroundgray values on the original signature “C. W. Lee” and write afake signature “Simo” on it, as shown in Fig. 12(a). Fig. 12(b)shows the authentication result in which gray blocks were usedagain to indicate image parts where mismatching authenticationsignals were detected. Note that the smeared part (the signatureC. W. Lee) and the added part (the signature “Simo”) have

Fig. 13. Authentication result of document image of a signed paper attacked bypainting white color on the signature in Fig. 6(b). (a) Tampered image yieldedby the painting operation. (b) Result with tampered blocks detected and markedas gray. (c) Data repair result. (d) Data repair result with red dots indicatingunrepaired tampered blocks.

Fig. 14. Authentication result of the document image of a signed paper attackedby painting white color on the entire content of Fig. 6(b). (a) Tampered imageyielded by the painting operation. (b) Result with tampered blocks detected andmarked as gray. (c) Data repair result. (d) Data repair result with red dots indi-cating unrepaired tampered blocks.

been both revealed by the authentication process. In addition,it can be seen that some black parts exist within the grayregion, meaning that these parts, although tampered, were notdetected by the proposed method. This is due to the fact thatthere is actually a probability of 1/4 for an erroneous blockauthentication to occur because only two bits are created as thesignal for block authentication (see Step 8 of Algorithm 3 orStep 5 of Algorithm 4). Although this probability seems largeyet due to the use of the secret sharing technique for generatingmultiple shares, which are randomly embedded to surviveattacks, correctly authenticated and repaired blocks still yieldresults with contents visually recognizable for image integrityjudgment, as shown in Fig. 12(c) and (d).

In Fig. 13, the signature was removed by replacing it withthe background gray value using painting. The results of imageauthentication and data repairing are shown in Figs. 13(b)–(d).Fig. 14 shows the results of removing the entire image contentby painting. In both cases, the untouched content of the alphachannel values still yields repair results with their contents rec-ognizable to a certain degree.

It is noted here that, when a stego-image is tampered withby painting, which does not change the content of the alphachannel plane, the hidden authentication signals and data for re-pairing are not destroyed. Therefore, the computed authentica-tion signals from the alpha channel values are always true, andas long as the computed authentication signal is not identical tothe extracted authentication signal for a block, the block will be



TABLE IISTATISTICS OF EXPERIMENTAL RESULTS OF ATTACKS USING PAINTING

OPERATIONS

Fig. 15. Authentication result of an image of a check in PNG format attackedby superimposing counterfeit number “750” located at the right side and text“Seven hundred fifty” located at the left side. (a) Original cover image. (b)Stego-image with embedded data. (c) Tampered image by the superimposingoperation. (d) Result with tampered blocks detected and marked as gray. (e)Data repair result. (f) Unrepaired pixels shown in red (none for this example).

marked as having been tampered with. This explains why thefalse rejection rate is 0%. However, as previously mentioned,there is a probability of 1/4 for an erroneous block authentica-tion to occur because only 2 bits are created as the signal forblock authentication, and this leads to a false acceptance ratio ofat most 25%. These reasonings are verified by the performancestatistics of Figs. 12–14 listed in Table II. The table also showsthat the detection ratios are roughly around 75% as the attackedpart becomes large (such as the case in Fig. 14), meeting theprobabilistic expectation of 1/4 block authentication misses justmentioned. Also, the false acceptance ratios are smaller than25%, as expected.

B. Experimental Results Using a Document Image of a Check

Experimental results yielded by the use of a document imageof a check are shown in Figs. 15(a)–(f), where the cover doc-ument image and the stego-image generated by the proposedmethod are shown in Fig. 15(a) and (b), respectively. Both theamount-related text and numerals in the check image were mod-ified, as shown in Fig. 15(c). Fig. 15(d) shows that the tamperingwas successfully detected and marked as gray, and the result ofdata repairing is shown in Fig. 15(e). Finally, Fig. 15(f) showsthe result of data repairing in which two unrepaired tampered

TABLE IIISTATISTICS OF EXPERIMENTAL RESULTS OF USING AN IMAGE OF A CHECK

Fig. 16. Authentication result of a document image of a check in the form ofPNG attacked by added noises. (a) Original cover image. (b) Stego-image withembedded data. (c) Tampered image with added noises. (d) Result with tam-pered blocks detected and marked as gray. (e) Data repair result. (f) Data repairresult with red dots indicating unrepaired tampered blocks.

blocks are shown in red. Also, we show the statistics of this ex-periment in Table III.

At last, we put some noise onto the stego-image in Fig. 15(b)as an intended attack to the image, yielding the noisy image ofFig. 16(c), which was then authenticated by Algorithm 3 to getthe result in Fig. 16(d) with detected tampered blocks markedin gray. The data repair result is shown in Fig. 16(e). As shown,some noise was not detected. The reason, as previously men-tioned, is again that there is a probability of 1/4 for an erroneousblock authentication to occur. Fig. 16(f) shows the unrepairedpixels in red, and the statistics of this experiment is also includedinto Table III, where we can see that the false acceptance rateis about 17.12% resulting from the aforementioned undetectednoise.

C. Comparison of Performances With Other Methods

A comparison of the capabilities of the proposed method withthose of four existing methods is shown in Table IV. All butthe proposed method will create distortion in the stego-imageduring the authentication process. More importantly, only theproposed method has the capability of repairing the tamperedparts of an authenticated image.

Furthermore, among the methods with tampering localiza-tion capabilities at the block level such as [5], [8], and the pro-posed method, the proposed method provides a finer authenti-cation precision with the block size of 2 3. Specifically, the



TABLE IVCOMPARISON OF DOCUMENT IMAGE AUTHENTICATION METHODS

method in [5] needs larger macroblocks to yield pixel flippa-bilities for embedding authentication data. In the case of usingsmaller blocks, Tzeng and Tsai’s method [8] has a high pos-sibility to generate noise pixels, as mentioned in [6], and thus,they conducted experimental results with the larger block sizeof 64 64.

As to the distribution of authenticated image parts, becausethere exists no flippable pixel for use by the methods of [4]–[6]to embed data in all-white regions (such as marginal regions) ofa document image, the distribution of authenticated image partstends to be restricted to be on lines or strokes in the document,whereas the proposed method does not have this limitation. Nev-ertheless, in [4]–[6], the authenticity of an image part includingsuch all-white regions can be still ensured by the use of crypto-graphic signatures embedded in other regions of the image. Atlast, the methods of [4]–[6] manipulate pixel flippability, andthe method of [8] enforces pixel replacement for the aim of dataembedding. The proposed method is the only one that makesuse of the alpha channel plane instead of the bit plane.

VI. CONCLUSION

A new blind image authentication method with a data repaircapability for binary-like grayscale document images based onsecret sharing has been proposed. Both the generated authenti-cation signal and the content of a block have been transformedinto partial shares by the Shamir method, which have been thendistributed in a well-designed manner into an alpha channelplane to create a stego-image in the PNG format. The undesiredopaque effect visible in the stego-image coming from embed-ding the partial shares has been eliminated by mapping the sharevalues into a small range of alpha channel values near their max-imum transparency value of 255.

In the process of image block authentication, a block in thestego-image has been regarded as having been tampered with

if the computed authentication signal does not match that ex-tracted from corresponding partial shares in the alpha channelplane. For the self-repairing of the content of a tampered block,the reverse Shamir scheme has been used to compute the orig-inal content of the block from any two untampered shares. Mea-sures for enhancing the security of the data embedded in thealpha channel plane have been also proposed. Experimental re-sults have been shown to prove the effectiveness of the proposedmethod. Future studies may be directed to choices of other blocksizes and related parameters (prime number, coefficients for se-cret sharing, number of authentication signal bits, etc.) to im-prove data repair effects. Applications of the proposed methodto the authentication and the repairing of attacked color imagesmay be also tried.

REFERENCES

[1] C. S. Lu and H. Y. M. Liao, “Multipurpose watermarking for imageauthentication and protection,” IEEE Trans. Image Process., vol. 10,no. 10, pp. 1579–1592, Oct. 2001.

[2] M. U. Celik, G. Sharma, E. Saber, and A. M. Tekalp, “Hierarchicalwatermarking for secure image authentication with localization,” IEEETrans. Image Process., vol. 11, no. 6, pp. 585–595, Jun. 2002.

[3] Z. M. Lu, D. G. Xu, and S. H. Sun, “Multipurpose image watermarkingalgorithm based on multistage vector quantization,” IEEE Trans. ImageProcess., vol. 14, no. 6, pp. 822–831, Jun. 2005.

[4] M. Wu and B. Liu, “Data hiding in binary images for authenticationand annotation,” IEEE Trans. Multimedia, vol. 6, no. 4, pp. 528–538,Aug. 2004.

[5] H. Yang and A. C. Kot, “Binary image authentication with tamperinglocalization by embedding cryptographic signature and block identi-fier,” IEEE Signal Process. Lett., vol. 13, no. 12, pp. 741–744, Dec.2006.

[6] H. Yang and A. C. Kot, “Pattern-based data hiding for binary imagesauthentication by connectivity-preserving,” IEEE Trans. Multimedia,vol. 9, no. 3, pp. 475–486, Apr. 2007.

[7] H. Y. Kim and A. A?f, “Secure authentication watermarking forhalftone and binary images,” Int. J. Imag. Syst. Technol., vol. 14, no.4, pp. 147–152, 2004.

[8] C. H. Tzeng and W. H. Tsai, “A new approach to authentication ofbinary images for multimedia communication with distortion reduc-tion and security enhancement,” IEEE Commun. Lett., vol. 7, no. 9, pp.443–445, Sep. 2003.

[9] Y. Lee, J. Hur, H. Kim, Y. Park, and H. Yoon, “A new binary image au-thentication scheme with small distortion and low false negative rates,”IEICE Trans. Commun., vol. E90-B, no. 11, pp. 3259–3262, Nov. 2007.

[10] Y. Lee, H. Kim, and Y. Park, “A new data hiding scheme for binaryimage authentication with small image distortion,” Inf. Sci., vol. 179,no. 22, pp. 3866–3884, Nov. 2009.

[11] A. Shamir, “How to share a secret,” Commun. ACM, vol. 22, no. 11,pp. 612–613, Nov. 1979.

[12] C. C. Lin and W. H. Tsai, “Secret image sharing with steganographyand authentication,” J. Syst. Softw., vol. 73, no. 3, pp. 405–414, Nov./Dec. 2004.

[13] W. H. Tsai, “Moment-preserving thresholding: A new approach,”Comput. Vis. Graph. Image Process., vol. 29, no. 3, pp. 377–393, Mar.1985.

Che-Wei Lee (S’06) receives the B.S. degree in civilengineering and the M.S. degree in electrical engi-neering in 2002 and 2005, respectively, from the Na-tional Cheng Kung University, Tainan, Taiwan. Hehas been working toward the Ph.D. degree in the De-partment of Computer Science from National ChiaoTung University.

His research interests include information hiding,image processing, and video technologies.



Wen-Hsiang Tsai (SM’84) received the B.S. degreein electrical engineering from National Taiwan Uni-versity, Taipei, Taiwan, in 1973, the M.S. degree inelectrical engineering from Brown University, Provi-dence, RI, in 1977, and the Ph.D. degree in electricalengineering from Purdue University, West Lafayette,IN, in 1979.

Since 1979, he has been with the National ChiaoTung University (NCTU), Hsinchu, Taiwan, wherehe is currently a Chair Professor of computer science.At the NCTU, he has served as the Head of the De-

partment of Computer Science, the Dean of General Affairs, the Dean of Aca-demic Affairs, and a Vice President. From 1999 to 2000, he was the Chair ofthe Chinese Image Processing and Pattern Recognition Society of Taiwan and,from 2004 to 2008, the Chair of the Computer Society of the IEEE Taipei Sec-

tion in Taiwan. From 2004 to 2007, he was the President of Asia University,Taiwan. He has published 146 journal papers and 228 conference papers. Hiscurrent research interests include computer vision, information security, videosurveillance, and autonomous vehicle applications.

Dr. Tsai has been an Editor or the Editor-in-Chief of several internationaljournals, including Pattern Recognition, the International Journal of PatternRecognition and Artificial Intelligence, and the Journal of Information Scienceand Engineering. He was a recipient of several awards, including the AnnualPaper Award from the Pattern Recognition Society of the USA; the AcademicAward of the Ministry of Education, Taiwan; the Outstanding Research Awardof the National Science Council, Taiwan; the ISI Citation Classic Award fromThomson Scientific; and more than 40 other academic paper awards from var-ious academic societies. He is a Life Member of the Chinese Pattern Recognitionand Image Processing Society, Taiwan.


A secret sharing-based method for authentication of grayscale document images via the use of the png...

Documents

Transcript of A secret sharing-based method for authentication of grayscale document images via the use of the png...