A Secure and Robust DCT-Based Hashing Scheme for Image Authentication

T.-J. Cham et al. (Eds.): MMM 2007, LNCS 4352, Part II, pp. 51 – 62, 2007. © Springer-Verlag Berlin Heidelberg 2007

A Secure and Robust Wavelet-Based Hashing Scheme for Image Authentication

Fawad Ahmed and M.Y. Siyal

School of Electrical and Electronic Engineering, Nanyang Technological University, 50 Nanyang Avenue, 639798, Singapore

{pka534086,eyakoob}@ntu.edu.sg

Abstract. The purpose of an image hash is to provide a compact representation of the whole image. Designing a good image hash function requires careful consideration of many issues such as robustness, security and tamper detection with precise localization. In this paper, we present a novel hashing scheme that addresses these issues in a unified framework. We analyze the security issues in image hashing and present new ideas to counter some of the attacks that we shall describe in this paper. Our proposed scheme is resilient to allow non-malicious manipulations like JPEG compression, high pass filtering and is sensitive enough to detect tampering with precise localization. Several experimental results are presented to demonstrate the effectiveness of the proposed scheme.

Keywords: Image hashing, image authentication, security, discrete wavelet transform.

1 Introduction

The widespread use of multimedia technology has made it relatively easy to tamper digital images. This poses a potential security problem, especially when digital images are transmitted over the Internet. A simple way to authenticate digital images is to calculate the image hash using standard cryptographic hash functions like MD5 or SHA1 and form a digital signature using some public key encryption algorithms like the RSA [1]. However, the direct use of cryptographic hash functions in multimedia applications, like image authentication is hampered by the fact that a single bit change in the image would produce a completely different hash. In practice, it is common that a digital image may undergo some content preserving manipulations such as JPEG compression. These operations, although may not change the visual appearance of the image, however, the cryptographic hash value will be completely different. From this discussion, we note that multimedia image authentication requires techniques which should be some what resilient to content preserving manipulations like JPEG compression, while at the same time be fragile enough to detect malicious manipulations. Several image authentication schemes have been proposed in recent years. These schemes can be broadly classified into two types: watermark-based and hash-based. Watermarking techniques embed an imperceptible signal into a cover work to form a watermarked image. At the

52 F. Ahmed and M.Y. Siyal

receiver’s end, the extracted watermark from the watermarked image is used for authenticating purpose [2]. In contrast to watermark-based techniques, hash-based (or digital signature-based) techniques extract a set of features from the image to form a compact representation that can be used for authentication [3]. The features used for generating the image hash should be key-dependent so that it becomes extremely difficult for an attacker to create a forgery. In addition, it should be extremely difficult to derive the secret key if the image hash is exposed.

As compared to cryptographic hash functions [1], the field of image hashing is passing through an evolution stage. Since cryptographic hash functions are matured and well studied for more than a decade, it is very natural to design image hash functions that besides meeting the requirements of multimedia applications follow the security features of a cryptographic hash function. It should be noted that the objective of a cryptographic hash function and an image hash function are not exactly the same. For example, there is no robustness or tamper localization requirement in case of a cryptographic hash function. In recent years, a number of researchers have proposed many interesting and novel ideas to formulate image hash functions. Lu and Liao [4] have proposed an image authentication scheme that uses the parent-child pairs located at the multiple scales in the wavelet domain to obtain an image hash. The signature obtained by this scheme however does not depend on any secret key and can be extracted/verified by anyone who has the knowledge of the algorithm. Lu [5] has shown that the scheme proposed in [4] is secure against counterfeit attacks. However, it not clear whether the scheme proposed in [4] is secure against the Defeat-the-Scheme Attack (DSA) shown in this paper. Lin and Chang [6] have proposed an image authentication technique that relies on the invariant relationship between any two selected DCT coefficients which are at the same position of two different 8 x 8 image blocks. They use secret keys to select the blocks and the DCT coefficients. Similarly, Sun and Chang [7] have proposed a robust and secure scheme for authenticating JPEG images. Their scheme relies on features extracted in the DCT domain.

In this paper, we first investigate some of the existing image hashing schemes proposed in the literature and show a few weaknesses that we have discovered. In most of the previous techniques, a secret key is used to select a subset of the image content for generating the hash. In this paper we adopt a different approach. We first modulate the content of the image using a secret key and then extract the hash in the modulated domain. We employ block-based approach for generating the image hash. Although block-based approaches are generally considered more vulnerable to several attacks [8], [9], [10], we shall show that with our proposed technique, it becomes difficult to launch these attacks. Specifically, we are more focused in this paper on the security aspect of the hashing scheme.

In Section 2, we highlight some problems associated with feature extraction and security of block-based hashing schemes for image authentication. In Section 3, we present a new wavelet-based hashing scheme for image authentication which addresses the problems highlighted in Sections 1 and 2. The security aspect of the proposed scheme is presented in Section 4. In Section 5, we present some experimental results to demonstrate the effectiveness of our proposed scheme. Section 6 concludes the paper with some future work.

A Secure and Robust Wavelet-Based Hashing Scheme for Image Authentication 53

2 Problems with Block-Based Image Hashing Schemes

In this Section, we present some problems that we have found in block-based schemes that uses DCT or Wavelet domain features to generate the image hash. To keep things simple, we focus on DCT domain features, however, the same argument also applies on the features extracted in the wavelet domain. The first problem is regarding the reliable extraction of DCT coefficients in an image block for hash generation. We will show in Section 2.1 that sometimes it is difficult to extract reliable DCT features in an image block. The second problem that we shall discuss is about the security of block-based DCT schemes against an attack which we call as Defeat-the-Scheme Attack (DSA). In DSA, the purpose of the attacker is to manipulate an image block in such a way that visually it gets distorted; however, the block may still be authenticated. Hence the purpose of the attacker is not to create a counterfeit, but to defeat the authentication scheme. The third problem that we would be discussing is how an attacker might take the advantage of weaknesses in the feature extraction stage to launch the well known collage attack [8], [9]. The collage attack is mostly described for watermarking techniques; hence it would be interesting to see the implications of this attack on image hashing schemes.

2.1 Weaknesses in the Feature Extraction Stage

The schemes proposed by Lin and Chang [6] and Sun and Chang [7] derive content-based features by dividing an image into non-overlapping blocks of size 8 x 8 pixels and then taking the DCT of each block. For example in [6], the feature vector is formed by selecting DCT coefficients from a vector indexed in a zigzag order. Likewise in [7], the DC coefficient and three AC coefficients are selected from the zigzag scan of the 8 x 8 DCT block. The selection of the AC coefficients is based on a random sequence that is kept secret. We argue that in areas of an image that has smooth texture; very few non-zero DCT AC coefficients are available for feature extraction. In some cases these features become zero after JPEG compression. Hence the scheme proposed in [6] and [7] or any other scheme that uses a similar approach may have problems in such cases. We now give an example to exemplify our point. Consider the Cameraman image shown in Fig. 1. The background area of this image has smooth texture. Table 1 shows the DCT coefficients for the 8 x 8 block marked in Fig. 1. It may be observed that besides the DC coefficient, there are only four non-zero AC coefficients. Out of these AC coefficients, two are -1 which are insignificant. Table 2 shows DCT coefficients of the same block when the image shown in Fig. 1 is

Fig. 1. Cameraman image


Table 1. DCT coefficients of the 8 x 8 block of Cameraman image shown in Fig. 1

1456 0 0 0 0 0 0 0

-5 0 0 0 0 0 0 0

6 0 0 0 0 0 0 0

-1 0 0 0 0 0 0 0

0 0 0 0 0 0 0 0

0 0 0 0 0 0 0 0

0 0 0 0 0 0 0 0

-1 0 0 0 0 0 0 0

Table 2. DCT coefficients of the 8 x 8 block of Cameraman image shown in Fig. 1 with JPEG quality factor of 50

1452 0 0 0 0 0 0 0

0 0 0 0 0 0 0 0

9 0 0 0 0 0 0 0

0 0 0 0 0 0 0 0

0 0 0 0 0 0 0 0

0 0 0 0 0 0 0 0

1 0 0 0 0 0 0 0

0 0 0 0 0 0 0 0

JPEG compressed with a quality factor of 50. We observe that only one non-zero AC coefficient is now left with its sign preserved. Hence in such a situation, it is difficult to realize the scheme proposed in [6] and [7] as there are hardly any non-zero DCT AC coefficients available to generate the feature vector. This type of situation is quite common in real life images. In Section 3 we show a method to counter such a problem.

2.2 Defeat-the-Scheme-Attack

The purpose of this attack is not to create a counterfeit image, but to defeat the authentication process. Using this attack, an attacker can modify all or part of an image and the modified image will still be correctly authenticated. Such type of attack is also mentioned by Radhakrishnan and Memon in [10]. For example, in case of block-based DCT hashing scheme, an attacker can manipulate an image block in such a way that the values of the low and middle frequency DCT coefficients of the image block in the zigzag order are very slightly perturbed; however, the visual appearance of the image block is changed. To illustrate this attack, we modified the DCT block shown in Table 1 by changing the coefficient at the location (5, 6) from 0 to -250. We then took inverse DCT of the tampered DCT block. The result of the inverse DCT is

Table 3. DCT coefficients of the 8 x 8 image block shown in Fig. 3

1456 0 0 0 0 0 0 0

-5 0 0 0 0 0 1 0

6 0 0 0 0 0 0 0

-1 0 1 0 0 0 0 0

1 0 0 0 0 0 0 0

0 0 0 0 0 0 -250 0

0 0 -1 0 0 0 0 0

-1 0 0 0 0 0 0 0


Fig. 2. 8 x 8 block of the Cameraman image marked in Fig. 1

Fig. 3. 8 x 8 block shown in Fig. 2 trans-formed after the DSA attack

shown in Fig. 3. What we observed was something quite interesting. Although the low and middle frequency DCT coefficients of the original and the tampered image blocks in the zigzag order remains the same as shown in Table 1 and Table 3 respectively. However, the spatial domain representations of these two blocks are completely different as illustrated in Fig. 2 and Fig. 3 respectively. In Fig. 2, we show the original image block while in Fig. 3 we show the image block after the DSA attack. Selecting DCT coefficients besides -250 to form the image hash will result in false acceptance since visually the two blocks are different. From this discussion we conclude that merely using a secret key to select a set of DCT coefficients is not sufficient to prevent an attacker from launching the attack described above. As a matter of fact, the attacker does not even need to know the secret key to launch this attack.

2.3 Counterfeit Attacks

In [8], Holliman and Memon proposed a counterfeit attack on certain block-based oblivious watermarking schemes. Through this attack, a forged image can be considered as authentic. Similarly Fridrich et al. [9] have proposed the well known collage attack which is a variation of the attack proposed in [8]. The collage attack makes the job of the attacker easier as it does not require the knowledge of the watermark logo. Unlike watermarking schemes, it will be interesting to see how counterfeit attacks can be performed in image hashing schemes. In case of image hashing, the DSA attack discussed in Section 2.2 is much easy to launch as compared to a counterfeit attack. In DSA attack, the objective of the attacker is to modify the whole or certain part of the image such that it gets authenticated no matter how the visual appearance of the image looks like. However, for a counterfeit or collage attack, the attacker has to modify the image blocks in such a way that not only the image gets authenticated, but the modified image should look visually similar to the attacker’s target image. We believe that launching a counterfeit attack for block-based hashing scheme is difficult as compared to block-based watermarking schemes. The reason is because in watermarking schemes, each image block is watermarked with the same watermark logo and the secret key. So if an attacker can form a database of images watermarked with the same key and the watermark logo, he/she can pick the image blocks that resembles the most with the corresponding block of the target image. In case of image hashing, the scenario is a bit different. The complexity and


effectiveness to launch a counterfeit attack depends on the type of features used to form the image hash. For example, if only DC coefficients are used in [6] or [7], creating a counterfeit image would then require altering the pixels value in each block of the target image such that its DCT DC coefficient becomes equal or close in values to that of the original image, while the modified image block remains visually similar to the target image block. Depending on the type of image, this attack may seem plausible. For the scheme proposed by Xie et al. [11], a counterfeit attack can be launched by modifying the pixels value of the target image such that the MSB obtained after taking the average of each 8 x 8 image block of the modified image is equal to that of the corresponding original image block. In addition, the modified image should be visually similar to the target image.

3 Proposed Scheme

In this Section, we propose a new wavelet-based image hashing scheme to address the problems that have been highlighted in Section 2. We form the image hash by using wavelet coefficients of the LL, LH and HL sub-bands. Our scheme uses a novel key-based intensity transformation that makes it extremely difficult to launch the attacks discussed in Section 2. In the following sub-sections, we explain the hash generation and image authentication processes.

3.1 Hash Generation

Following are the steps in the hash generation process:

1. The input image I of dimension N x N is partitioned into non-overlapping blocks, each of dimension P x P. This gives a total of N2/P2 blocks. We represent each block by iB , where i = 0,…,(N2/P2)-1. Let ),( yxBi represent the gray value of a

pixel at spatial location (x, y) in the block iB . Let K0(w) be a secret key that has

randomly placed unique integer entries, where w = 0,…,P2-1. Let )(•C be a circular shift right function. From K0(w), we further obtain P2-1 keys as follows:

1,......,1))(()( 21 −== − PiwKCwK ii . (1)

2. Using P2 different keys, a random intensity transformation is applied to each block by modulating each pixel of iB with an integer from Ki(w) to get intensity-

transformed blocks, iB . If the number of blocks is greater than the number of keys, the key sequence is repeated. We shall call this transformation as Key-based Intensity (KI) transformation.

( ) .10,1,0 2),()(),(),( −≤≤−≤≤+= PwPyxwKwKyxByxB iiii βα (2)

3. By taking log2(P) wavelet decomposition of each transformed block, scalar wavelet coefficients are obtained. Let the scalar wavelet coefficients of the sub-bands LL,

LH and HL of the ith block be represented by iLLω , iLHω and iHLω respectively.

The hash of each block is calculated as follows:


.LHiLLiiHx ωω +=

.HLiLLiiHy ωω +=

(3)

4. Intermediate hash, )(IH is formed which is a set of vectors containing hashes of all the blocks of I.

{ } .12

2

1100 ,),(),.......,,(),,()( −==P

NZwhereZZ HyHxHyHxHyHxIH

(4)

5. The final hash )(IH is formed by permuting the entries of )(IH with another secret key, KP. The reason for permuting the hash entries is to prevent an attacker from knowing the transformed hash values of each image block.

( ))()( IHKpermuteIH p= . (5)

6. The sender transmits the image I and the hash )(IH to the receiver. The integrity of the hash can be protected by using a public key cryptosystem [1].

3.2 Image Authentication

Following are the steps in the image authentication process:

1. The received image I of dimension N x N pixels is processed through the same

sequence as shown by Steps 1-4, Section 3.1 to get the hash, )ˆ(ˆ IH .

{ } .,),(),.......,,(),,( 12

2

1100ˆˆˆˆˆˆ)ˆ(ˆ −==

P

NZwhereZZ yHxHyHxHyHxHIH (6)

2. Inverse permutation is applied to )(IH to obtain the intermediate hash )(IH

( ))(_)( IHKpermuteinverseIH p= . (7)

3. Define a difference vector between the calculated and the received hash:

iii xHHxDx ˆ−= .

iii yHHyDy ˆ−= . (8)

4. The ith block of the received image I is considered as tampered if either iDx

or iDy . The image I shall be considered as unauthentic if any of the blocks is found to be tampered.

4 Security Analysis

In this Section, we shall show by a number of experimental results that after applying the transformation given by (2), it becomes extremely difficult to launch the attacks


that we have discussed in Section 2. The first problem discussed in Section 2.1 was the extraction of reliable DCT features in image areas that have smooth textures. In Fig. 1 we have highlighted an 8 x 8 image block having a smooth texture whose DCT coefficients are displayed in Table 1. However, after applying the KI transformation given by (2), the situation is quite different. Figure 4 shows the Cameraman image after the KI transformation and Table 4 shows the DCT coefficients of the transformed image block at the same location that was marked in Fig. 1. It is worth noting that the transformation introduce a random noise like pattern throughout the image. As a matter of fact, the KI transformation changes the whole texture of the image. The interesting point to note is that this change in texture is a function of the image pixels and the secret key Ki(w). Since for each image block, a shifted version of K0(w) is applied, therefore a different random pattern is used for modulating the pixels of each block. We next show that because of the KI transformation, the DSA attack becomes quite difficult.

Fig. 4. Cameraman image after applying the KI transformation

Table 4. DCT coefficients of the 8 x 8 image block marked in Fig. 1 after applying the KI transformation

25971 3966 143 -1853 2293 -746 -598 2241 307 -2254 372 -526 -2224 2905 2003 2715

2637 3873 -136 -283 -2793 -960 -100 3755 -4086 -3320 1682 -54 -3457 4506 151 -409

527 -849 -2550 -669 -5966 -2899 -74 -465 33645 672 2520 771 1558 -5420 1273 716

179 711 -1207 -2786 4249 1663 2967 -513 -1266 -2325 3932 2957 2721 158 1365 2412

Table 5. DCT coefficients of the 8 x 8 image block shown in Fig. 3 after applying the KI transformation

24174 -306 -910 2824 -2928 1469 120 -2479 -5823 840 1645 -474 1498 1856 -732 420 -3081 -5785 -1610 -3172 -2360 -1946 6062 -3034

-499 3700 -5687 -2203 1055 1900 -2902 1092 200 2868 1090 -2015 3820 2440 -1592 1837

-1381 2606 423 -63 -1064 2565 674 1404 148 -2911 1405 1274 -1671 -1698 -6020 290

1691 5235 -3747 -2792 2723 -351 2502 -1228

To illustrate this fact, we modified the Cameraman image by replacing the 8 x 8 block shown in Fig. 1 with the DSA attacked block shown in Fig. 3. Without KI


transformation, the DCT coefficients of the DSA attacked block are displayed in Table 3. As discussed earlier, the low and middle frequency DCT coefficients of the original image block and the DSA attacked block are almost similar (see Table 1 and Table 3) despite the fact that both the blocks have different visual appearance. We then applied the KI transformation to this image. Table 5 shows the DCT coefficients of the 8 x 8 DSA attacked block. Looking at Table 5, we see that after the KI transformation, there is a huge difference between the DCT coefficients of the original 8 x 8 block (Table 4) and the DSA attacked block (Table 5). Hence, we conclude that the proposed KI transformation thwarts the DSA attack. In addition, it also helps to generate non-zero DCT AC coefficients for image blocks that otherwise have only few non-zero DCT AC coefficients because the corresponding blocks have smooth texture.

Though our above discussion is concerned with DCT coefficients, the same argument also applies for wavelet domain features as proposed in this paper. For example, Table 6 shows the LH and HL wavelet feature of the 8 x 8 image block shown in Fig. 1 after performing its first level wavelet decomposition. Due to smoothness in the image block, most of the wavelet coefficients are zero. Table 7 shows the LH and HL coefficients of the same block after applying the KI transformation. We can see that due to the KI transformation, we get all non-zero wavelet coefficients which can be used for generating the hash. In addition, since the KI transformation is a function of both the pixels and the secret key, therefore it is extremely difficult for an attacker to predict the wavelet coefficients of an arbitrary image block.

We next illustrate that the proposed KI transformation also makes it extremely difficult to launch a counterfeit attack. Table 8 shows the HL wavelet coefficients for the block shown in Fig. 1 and its preceding block. Both the blocks visually appear very much similar. As shown in Table 8, the wavelet coefficients of these two blocks are also quite similar. We then applied the KI transformation with the same key Ko(w) to all the blocks. The purpose of using the same key is to suppress the effect of the change in the key for each block and observe how the multiplication of the pixels

Table 6. LH and HL wavelet coefficients of the 8 x 8 image block shown in Fig. 1

0 0 0 0 0 0 0 0 -1 -1 -1 -1 -1 -1 -1 -1

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

Table 7. LH and HL wavelet coefficients of the 8 x 8 image block shown in Fig. 1 after applying the KI transformation

-78 -376 1125 1079 -180 -364 -1635 997

-1279 -3868 1438 1233 1023 -4955 -438 2717

222 4409 642 3935 920 -578 3392 -5027

1698 -3021 -1000 638 -1592 1174 4532 -1889


Table 8. HL wavelet coefficients of the 8 x 8 image block shown in Fig. 1 and its preceding block

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0

0 -0.5 -0.5 0 -0.5 -0.5 -0.5 -0.5

0 0 -0.5 0 0 0 -1 0

Table 9. HL wavelet coefficients of the 8 x 8 image block shown in Fig. 1 and its preceding block after applying the KI transformation

252 383 762 4565 760 -650 3897 -5825

2033 -3459 -1173 703 2869 -1377 5127 -2226

5111 30 -2183 -682 -2609 521 1359 -1919 -311 619 5107 -4153

-1823 -629 -6068 1713

values with the key produce changes in the wavelet coefficients. It can be seen in Table 9 that the HL wavelet coefficients obtained are quite different. This explains the fact that even for similar looking blocks; it is difficult to predict the values of wavelet coefficients. Counterfeit attacks in such a situation becomes extremely difficult because an attacker cannot predict the values of the wavelet coefficients of an image block after the KI transformation. Secondly, because the KI transformation involves both pixels values and a different key for each block, therefore the attacker can never be sure whether the original image blocks and the target image blocks will map to the same value, as shown by Table 8 and Table 9.

5 Experimental Results

In this Section, we present some further experimental results to demonstrate the robustness of our proposed scheme against JPEG compression, high pass filtering and its fragility to catch malicious tampering. In our experiments, we have used images of size 256 x 256 pixels and have divided them into non-overlapping blocks of size 16 x 16 pixels. This gives a total of 256 blocks. For each block, a random gray-level transformation is applied as given by (2). After performing experiments on a number of images, we have observed that the values of =280, =2 and =0.05 gives good results. The size of the hash is 1024 bytes. Figure 5 shows the Cameraman image with tampering indicated by the circles. Figure 6 shows the detection result. All the tampered areas were successfully detected. Figure 7 shows the detection result when the Cameraman image was JPEG compressed with a Quality Factor (QF) of 40. There was no tampering detected. Figure 8 shows the detection result when the Cameraman image was high pass filtered. Again no tampering was detected. From these results we observe that our proposed scheme is quite sensitive to detect malicious tampering and at the same time is resilient against JPEG compression and high pass filtering.


Fig. 5. Cameraman image with tampering indicated by the circles

Fig. 6. Detection result for Fig. 5

Fig. 7. Detection result (JPEG QF: 40. No tampering detected)

Fig. 8. Detection result (High pass filtering. No tampering detected)

6 Conclusion

In this paper, we have proposed a wavelet-based hashing scheme for image authentication that is resilient to allow JPEG compression, high pass filtering and is sensitive to catch malicious tampering with precise localization. We have shown that weaknesses in the feature extraction stage can be exploited to launch a number of attacks. To counter these attacks, we have proposed a new transformation method that uses a secret key to directly modulate the image pixels in the spatial domain. Our experimental results show that the proposed transformation besides enforcing security also makes the system quite sensitive to changes in the pixels. This helps to catch malicious manipulation with a good degree of accuracy as shown by the results presented in Section 5. A disadvantage of this transformation is that the system is not very highly robust against non-malicious manipulations. The robustness of the system can be increased by increasing the threshold; however this will make the system less sensitive against malicious manipulations. Our scheme is more suitable for applications that demands high security and sensitiveness against tampering with a moderate degree of resilience against non-malicious tampering like JPEG compression. We are currently working to explore new ideas that can allow more degree of resilience against non-malicious tampering with more powerful and comprehensive security mechanisms.


References

1. Schneier B.: Applied Cryptography. John Wiley & Sons Inc. USA (1996) 2. Wong P. W., Memon N.: Secret and Public Key Image Watermarking Schemes for Image

Authentication and Ownership Verification. IEEE Trans. on Image Processing, Vol. 10, No. 10 (2001) 1593-1601

3. Fridrich J., Goljan M.: Robust Hash Functions for Digital Watermarking. Proc. Int. Conf. on Information Technology: Coding and Computing (2000) 178-183

4. Lu C. S., Liao H.-Y. M.: Structural Digital Signature for Image Authentication: An Incidental Distortion Resistant Scheme. IEEE Trans. on Multimedia, Vol. 5, No. 2 (2003) 161-173

5. Lu C. S.: On the Security of Structural Information Extraction/Embedding for Images. Proc. IEEE Int. Symposium on Circuits and Systems. Vancouver. Canada (2004)

6. Lin C.Y., Chang S.-F.: A Robust Image Authentication Method Distinguishing JPEG Compression from Malicious Manipulation. IEEE Trans. on Circuits and Systems for Video Technology, Vol. 11, No. 2 (2001) 153-168

7. Sun Q., Chang S.-F.: A Robust and Secure Media Signature Scheme for JPEG Images. Journal of VLSI Signal Processing, 41 (2005) 305-317

8. Holliman M., Memon N.: Counterfeiting Attacks on Oblivious Block-Wise Independent Invisible Watermarking Schemes. IEEE Trans. on Image Processing, Vol. 9, No. 3 (2000) 432-441

9. Fridrich J., Goljan M., Memon N.: Further Attacks on Yeung-Mintzer Fragile Watermarking Scheme. Security and Watermarking of Multimedia Contents II. In Wong P. W., Deip E. J. (eds.): Proc. of SPIE, Vol. 3971 (2000)

10. Radhakrishnan R., Memon N.: On the Security of the Digest Function in the SARI Image Authentication System. IEEE Trans. on Circuits and Systems for Video Technology, Vol. 12, No. 11 (2002) 1030-1033

11. Xie L., Arce G. R., Graverman R. F.: Approximate Message Authentication Codes. IEEE Trans. on Multimedia Vol 3, No. 2, (2001) 242-252

Documents

A Secure and Robust DCT-Based Hashing Scheme for Image Authentication