Joint fingerprinting and decryption method for color images based on quaternion rotation with cipher quaternion chaining

Joint fingerprinting and decryption method for color images based on quaternion rotation with cipher quaternion chaining

J. Vis. Commun. Image R. 40 (2016) 1–13 Contents lists available at ScienceDirect J. Vis. Commun. Image R. journal homepage: www.elsevier.com/locate...
Download PDF
8MB Sizes 0 Downloads 72 Views
Report

J. Vis. Commun. Image R. 40 (2016) 1–13

Contents lists available at ScienceDirect

J. Vis. Commun. Image R. journal homepage: www.elsevier.com/locate/jvci

Joint fingerprinting and decryption method for color images based on quaternion rotation with cipher quaternion chaining q Bartosz Czaplewski Gdansk University of Technology, Faculty of Electronics, Telecommunications and Informatics, Department of Teleinformation Networks, Gabriela Narutowicza 11/12, 80-233 Gdansk, Poland

a r t i c l e

i n f o

Article history: Received 28 January 2016 Revised 4 June 2016 Accepted 13 June 2016 Available online 15 June 2016 Keywords: Fingerprinting Quaternions Joint fingerprinting and decryption Collusion attack Traitor tracing

a b s t r a c t This paper addresses the problem of unauthorized redistribution of multimedia content by malicious users (pirates). In this method three color channels of the image are considered a 3D space and each component of the image is represented as a point in this 3D space. The distribution side uses a symmetric cipher to encrypt perceptually essential components of the image with the encryption key and then sends the encrypted data via multicast transmission to all users. The encryption involves rotation, and translation of points in 3D color space using quaternion algebra. Each user has a unique decryption key which is different from the encryption key. The differences between the common encryption key and the individual user’s decryption key cause the decrypted image to contain minor changes which are user’s fingerprint. A computer-based simulation was conducted to examine the method’s robustness against noise, compression, and collusion attacks. Ó 2016 Elsevier Inc. All rights reserved.

1. Introduction Today we are witnessing the constant threat of unauthorized redistribution of multimedia, i.e. piracy, which causes financial and moral losses to the authors and distributors of multimedia content. This paper addresses the problem of piracy in the context of multimedia distribution services, e.g. video-on-demand services, video streaming. This paper presents a new method of protecting multimedia against piracy. The proposed method is a new joint fingerprinting and decryption method for color images which is used as a tool for pirate tracing. There are two ways to protect distributed multimedia: encryption and digital fingerprinting [1]. The goal of encryption is to ensure that only subscribed users with proper decryption keys are able to use distributed multimedia. However, after decryption the data loses its protection and may be illegally redistributed by malicious users, i.e. pirates. In order to maintain security after decryption it is necessary to use a digital fingerprint, which is a tool to trace pirates. Digital fingerprinting is a data hiding technique in which data is protected by unique sequences, called fingerprints. Each fingerprint identifies an individual user and is embedded in the image in such a way that it remains invisible to the human eye or at least does not bother the user. Fingerprints q

This paper has been recommended for acceptance by M.T. Sun. E-mail address: [email protected]

http://dx.doi.org/10.1016/j.jvcir.2016.06.006 1047-3203/Ó 2016 Elsevier Inc. All rights reserved.

can be embedded in the spatial domain [2,3] or in the transform domain, e.g., in the discrete cosine transform (DCT) domain [2,4– 6] or in the wavelet transform domain [7]. If the pirate redistributes his or her copy, an analysis of the embedded fingerprint should allow to identify that pirate. It should be assumed that pirates will perform attacks intended to remove fingerprints from their copies or disable existed fingerprints in order to safely distribute a pirate copy. Thus, embedded fingerprints must be robust against the removal performed by a single pirate or a group of pirates, i.e. so-called collusion attacks [8–10]. In collusion attacks each pirate owns a fingerprinted copy and they combine them to generate a pirated copy with a heavily damaged fingerprint that cripples pirate tracing. Fingerprinting methods can be divided into three groups depending on the place where the fingerprints are embedded. The most basic approach is transmitter-side fingerprinting [11,12]. In this concept fingerprints are embedded on the transmitted side and then copies are encrypted and sent to the users via multiple unicast transmissions. The second approach is innetwork fingerprinting [13]. In this concept fingerprints are embedded as the data travels through the network by using special network devices that embed their own watermarks in the transmitted data. Finally, the last approach is receiver-side fingerprinting. In this concept fingerprints are embedded on the receiver side while the transmitter sends only one encrypted copy via multicast transmission. The most promising receiver-side fingerprinting

2

B. Czaplewski / J. Vis. Commun. Image R. 40 (2016) 1–13

methods belong to the group called Joint Fingerprinting and Decryption (JFD) [4,14–17]. JFD methods combine encryption and fingerprinting by introducing an unusual feature – fingerprinting performed during decryption. The distribution side encrypts multimedia by using the encryption key and then sends the encrypted data via multicast transmission. Each user has a unique decryption key which is different from the encryption key and which allows to decrypt the data in order to obtain multimedia with some minor changes. These changes are imperceptible to the human eye and are unique for each user, hence they are the user’s fingerprint. The only operation to be performed on the distribution side is encryption. Moreover, data is encrypted only once, regardless of the number of users. At the same time the only operation performed on the receiving side is decryption, which also introduces a fingerprint into the data at the same time. Most importantly, there is only one copy of the data that is sent over the network, which thus leads to a minimum demand for bandwidth. The above properties make JFD methods highly scalable. Note that in JFD methods the priority is to trace a pirate (or pirates) by fingerprinting, which is also the focus of this paper. The purpose of the cipher in JFD methods is to take advantage of multicast transmission rather than to provide a high security level. Typically, JFD methods provide low security level, i.e. the image is encrypted by obscuring the most important elements of the image in such a way that the content of the encrypted image is partially visible, but the quality degradation is so significant that an unauthorized user is not able to comfortably watch the protected content. This paper presents the first quaternion-based joint fingerprinting and decryption method for color images. This method was previously briefly stated in [18] and now, in this article, the method is fully presented and an extensive simulation results are discussed. In this method three color channels (or one luminance channel and two chrominance channels) of the image are considered a 3D space and each component of the image is represented as a point in this 3D space. The encryption involves rotation and translation of these points in 3D color space. Lessons learned from the field of computer graphics show that quaternions are most suitable to describe rotations in 3D space. Due this fact, it was decided that quaternion calculus will be the main tool used in the proposed JFD method. The distribution side uses a symmetric cipher to encrypt perceptually essential components of the image with the encryption key, which is common for all the users, and then sends the encrypted data via multicast transmission to all users. Each user has a unique decryption key which is different from the encryption key. The differences between the common encryption key and the individual user’s decryption key cause the decrypted image to contain minor changes which are imperceptible to the human eye and are unique across all users. Therefore these changes are the user’s fingerprint. Embedded fingerprints are spread over the entire image. Furthermore, the proposed method inherits high scalability from the general principle of JFD. In the proposed method fingerprints are embedded in the DCT domain. The method uses the well-known fact that it is possible to increase robustness by embedding fingerprints in perceptually essential components of the image without sacrificing overall image quality after a return to the spatial domain [11,19]. By embedding fingerprints only in perceptually essential components, i.e. low-frequency components, the method is robust to compression as compression damages only the perceptually unessential, high-frequency components of the image. Robustness against compression has been verified in the experiments we conducted. Consequently, low-pass filtering, scaling, and shrinking of the image should have a small impact on embedded fingerprints since such processing also damages only the unessential high-frequency components of the image.

However, a much greater threat than compression or noise addition are collusion attacks. In collusion attacks, a group of pirates analyze their fingerprinted copies and together generate a pirate copy with a highly damaged fingerprint. Experiments performed for the proposed method verified robustness against collusion attacks and collusion attacks combined with compression. Since collusion attacks are the greatest threat to digital fingerprinting, these attacks were the main focus of the presented experiments. The structure of the paper is as follows. The background and the contribution were presented in Section 1. Related work significant to the development of the proposed method is listed in Section 2. Section 3 provides a brief introduction to quaternion algebra. Section 4 describes the proposed JFD method based on quaternion rotation. The experimental results of pirate tracing in the presence of various attacks are presented in Section 5. The conclusions are discussed in Section 6.

2. Related work The first method using the JFD approach was the Chameleon [14], which was implemented by Anderson and Manifavas for audio data. The Chameleon is a stream cipher based on lookup tables. In this method the decryption changes only the least significant bits of protected data, so the embedded fingerprint does no perceptual degradation. However, embedded fingerprints are very vulnerable to collusion attacks. The Chameleon can trace pirates with high probability only if the number of pirates is up to 4. Another method, designed by Kundur and Karthik [4], was based on scrambling image DCT coefficients. In this method the low-frequency DCT coefficients are divided into subsets and their signs are reversed depending on the key. The receiver has a unique key that can decrypt only a portion of the subsets. The remaining subsets remain encrypted and their combination is the user’s fingerprint. Unfortunately, the embedded fingerprints are visible, which can reduce image quality to an unacceptable level. Moreover, the method has a very limited robustness against collusion attacks [4]. Adelsbach et al. [15] designed the Fingercasting scheme. This is a generalization of the Chameleon cipher that embeds spreadspectrum watermarks into audio-visual content. The main difference is that the lookup table entries are uniformly distributed, randomly chosen elements and that the XOR operation is replaced by a modular addition. Katzenbeisser et al. [20] improved the Fingercasting method by applying a collusion-resistant code as proposed by Tardos [21]. The main drawback of this method is the size of the lookup table and a trade-off between security and the length of the fingerprints. Another DCT-based method, although not a JFD method, was Li et al.’s fingerprinting with blind detection [22]. In this method, anti-collusion codes are used as fingerprints and the selected DCT coefficients of the image are quantized according to the fingerprints. The unique feature of this method is blind detection, i.e. the fingerprints can be extracted without the original image, which is not common among fingerprinting methods. Recently, several JFD methods based on vector quantization (VQ) have been proposed [23–26]. The first method [23] encrypts images via permutation and codeword substitution by using static key-trees. The second method [24] uses dynamic key-trees in order to replace permutation. Fingerprinting is done based on a set of pre-designed key-trees that are unique for each user. The security of Lin et al.’s method [23] has been verified and enhanced in Li et al.’s paper [25]. The concept of a JFD method utilizing VQ was developed further in a recent paper [26] which proposes a JFD method based on side match vector quantization (SMVQ).

B. Czaplewski / J. Vis. Commun. Image R. 40 (2016) 1–13

3

q ¼ a þ bi þ cj þ dk;

ð1Þ

Collusion attacks were not taken under consideration during studies of these methods. Kuribayashi [27] presented the hierarchical spread spectrum fingerprinting scheme, which is a collusion-resistant fingerprinting scheme based on the CDMA technique. In this method fingerprints are orthogonal sequences of DCT basic vectors modulated by a PN sequence, and each user’s fingerprint consists of a group ID and a user ID which are assigned to the combination of spectrum components. Most importantly, results on robustness against a collusion attack combined with compression are reported in [27]. The results are very promising but this is a transmitter-side fingerprinting method, which means a low scalability. The next related JFD method was Xu et al.’s scheme [28]. This method operates in the JPEG compressed domain with no transcoding or decompression, therefore this scheme is very suitable for compressed multimedia. In addition, a variable modular encryption method was proposed. The results reported in [28] demonstrate imperceptibility and robustness against compression attack. The Hillcast was presented in [29,30] and improved in [16,17]. This method uses a block cipher based on matrix multiplication for the encryption, i.e. the generalized Hill cipher. An image is encrypted with a group key and sent to all users via multicast transmission. The differences between the group key and the user’s unique decryption key embed a fingerprint during the decryption. The embedded fingerprints are not visible in the image and the method allows to trace pirates in the case of a collusion attack with a high success rate. Nagase et al. introduced quaternion-based encryption [31,32] where quaternions were used to rotate data vectors in a threedimensional space. Encryption was based on quaternions because the quaternion rotation can be computed much more quickly than the matrix multiplication due to specific quaternion algebra [33,34]. Since one quaternion can store information about all three RGB color channels, quaternions are a faultless match for encrypting color images. The concept of quaternion encryption was expanded by Dzwonkowski et al. [35,36]. In [37,38], a receiver-side fingerprinting for color images was introduced as a possible feature of a quaternion encryption scheme. Although it is not a JFD method, this was the first work on fingerprinting for images based on quaternion calculus. In this method, there are artifacts occurring in the decrypted image which are imperceptible and unique for each key. These artifacts are considered to be the users’ fingerprints and can be used for pirate tracing. Unfortunately, fingerprinting is performed in a spatial domain (pixel values) which leaves fingerprints vulnerable to compression and the lack of multicast transmission causes a poor scalability. The last related work is a matrix-based joint fingerprinting and decryption method presented in [39]. This solution is a JFD method which meets the requirements for both imperceptibility and robustness of fingerprints and scalability in terms of design and distribution of fingerprinted multimedia content. The proposed method uses a simple block cipher based on matrix multiplication to encrypt images which are then sent to all users via multicast transmission. Individual decryption keys are designed depending on the users’ fingerprints so that a different fingerprint will be introduced into the image during decryption for each unique decryption key. The experimental results show that the proposed method is robust against collusion attacks and compression.

where a, b, c, and d are scalar real numbers and i, j, and k are imaginary units with the following properties:

i  i ¼ j  j ¼ k  k ¼ 1; k  j ¼ i;

i  j ¼ k;

j  i ¼ k;

j  k ¼ i;

k  i ¼ j; and i  k ¼ j:

ð2Þ

The sum of two quaternions q1 and q2 is defined as follows:

q1 þ q2 ¼ ða1 þ a2 Þ þ iðb1 þ b2 Þ þ jðc1 þ c2 Þ þ kðd1 þ d2 Þ:

ð3Þ

From (2) it follows that the product of two quaternions q1 and q2 is defined as follows:

q1  q2 ¼ ða1 þ b1 i þ c1 j þ d1 kÞ  ða2 þ b2 i þ c2 j þ d2 kÞ ¼ ða1 a2  b1 b2  c1 c2  d1 d2 Þ þ ða1 b2 þ a2 b1 þ c1 d2  c2 d1 Þi þ ða1 c2 þ a2 c1 þ b2 d1  b1 d2 Þj þ ða1 d2 þ a2 d1 þ b1 c2  b2 c1 Þk: ð4Þ The product of quaternions is non-commutative. The conjugate of a quaternion is a quaternion with changed signs of the imaginary components:

q ¼ a  bi  cj  dk:

ð5Þ

The norm of a quaternion is defined as follows:

kqk ¼

pffiffiffiffiffiffiffiffiffiffiffi qq ¼

qffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffiffi 2 2 a2 þ b þ c2 þ d :

ð6Þ

To normalize a quaternion means to divide each quaternion component a, b, c, and d by the norm. The norm of a normalized quaternion is equal to 1. The inverse of a quaternion is defined as follows:

q1 ¼

q kqk2

¼

a  ib  jc  kd 2

2

a2 þ b þ c2 þ d

:

ð7Þ

Currently, quaternions are used in graphical APIs (DirectX, OpenGL) because 3D movement using quaternions is calculated faster and easier than using other algebra. Quaternions can represent many 3D transformations, such as reflections, scaling, translations and more. However, the main practical application of quaternion algebra is to represent 3D rotations. Rotations in 3D space using 3 scalar values are nonlinear, they have singularities and they are difficult to combine. To solve these problems we can model 3D rotations in a 4D space using quaternions [44,45]. In the proposed method, rotation and translation of a points in 3D space are used in order to encrypt and decrypt images. In the following formulas (8)–(10), q is a quaternion representing a particular transformation, Pin is a quaternion representing a point before being transformed, and Pout is a quaternion representing a point after being transformed. Rotation of a point is represented by the sandwich product:

Pout ¼ q  Pin  q1 ;

ð8Þ

or if q is a normalized quaternion:

Pout ¼ q  Pin  q :

ð9Þ

Translation of a point in 3D space is represented by the addition:

Pout ¼ q þ Pin :

ð10Þ

4. Proposed quaternion-based JFD method 3. Quaternions Quaternions are an extension of complex numbers [40,41] and have 4 dimensions: 1 real dimension and 3 imaginary dimensions. A quaternion q can be represented as follows:

In the proposed method there is one encryption key for all users and one decryption key per user. The image is encrypted once and sent to all users via multicast transmission. Each user decrypts the received data and at the same time embeds his or her fingerprint in

4

B. Czaplewski / J. Vis. Commun. Image R. 40 (2016) 1–13

the image. The embedded fingerprint is based on the difference between the encryption key and the user’s decryption key. Extraction of the fingerprint is in the form of a non-blind detection. Pirate tracing is based on an analysis of the correlation coefficients for the fingerprint extracted from the pirate copy and all the user’s fingerprints. 4.1. Keys and fingerprints The encryption key is constructed as follows:

e ¼ ½ e1

e2

   eN ;

ð11Þ

where e is the encryption key, N is the length of the encryption key, and en is a quaternion with random scalar components, and n = 1, 2, . . . N. The fingerprint for the h-th user is constructed as follows:

f

ðhÞ

h ¼ f 1ðhÞ

ðhÞ

f2

ðhÞ

 fN

i

;

ð12Þ

ðhÞ

ðhÞ

where f is the h-th user fingerprint, and f n is a quaternion with random scalar components, which are part of the user’s fingerprint, and n = 1, 2, . . . N. For simulation purposes, fingerprints were bipolar Gold codes [42]. The decryption key for the h-th user is constructed as follows:

d

ðhÞ

ðhÞ

¼eþaf ;

ð13Þ

ðhÞ

where d is the h-th decryption key and a is the fingerprint embedding strength which determines the balance between imperceptibility and robustness of the embedded fingerprints. The decryption keys are sent to individual users via secure unicast ðhÞ

transmissions. Note that fingerprint f will not be the actual fingerprint embedded in the image but will in fact be its cause. The embedding strength a represents the trade-off between imperceptibility and robustness of fingerprints. Reducing a factor will cause that the fingerprint to be less visible in the decrypted image. Increasing a factor will cause that the fingerprint to be more robust. The a factor should be chosen experimentally in such a way that the fingerprints will remain just unnoticeable and, simultaneously, the greatest possible robustness will be obtained. During the studies, the embedding strength factor was chosen in two stages. Initially, an approximate value of embedding strength factor was assessed using a subjective method of measuring image quality with double-stimulus impairment scale DSIS. Then, the final value of the embedding strength factor was selected using an objective method of measuring image quality by peak signal to noise ratio PSNR. It should be noted that this is not the only possible method of choosing a. 4.2. Encryption

ponents are clustered in the upper left corner of each block. The high-frequency coefficients located in the lower right corner are vulnerable to compression, low-pass filtering, scaling, blurring, resizing, or noise addition [44,45], thus they cannot be selected for encryption because embedded fingerprints cannot be vulnerable to such common image processing. The DC coefficient, which is located in the first row and first column of each block, also shouldn’t be selected for fingerprint embedding because it could significantly degrade the image quality or make fingerprint visible. In order to spread a fingerprint over the entire image, the coefficients should be selected from as many blocks as possible. In order to prevent the estimation of coefficients, we should encrypt as many coefficients as possible. The issue of the partial encryption of images and the estimation of DCT coefficients has been addressed in [46]. Li et al. presented a general method for recovering missing DCT coefficients in DCTtransformed images. In this paper, the DCT coefficients recovery problem was modeled as an optimization problem and all missing DCT coefficients were recovered via linear programming. This method [46] outperforms existing methods according to experimental results in case of only DC coefficient recovery. Of course, the visual quality of the recovered image gradually decreases as the number of missing DCT coefficients increases. In case of more than 10 missing coefficients, the PSNR for the recovered image is below 15 dB, which cannot be considered as an indication of a high quality image. The general content of the image is visible in the recovered image of such low quality, however, it should be noted that the goal of pirates is to obtain a copy without fingerprints with quality similar to quality of images offered by the distribution side. Otherwise, pirates are not competing with the distribution side since they don’t offer similar product. On the basis of the data presented in [46], it can be stated that an encryption of 16 most significant DCT coefficients in each block should be more than enough to prevent high quality image recovery. Of course, nothing stands in the way of encrypting all the coefficients to fully prevent any coefficient estimation. As a result, three vectors, i.e. r, g, and b, are formed from the selected coefficients of each color channel:

r ¼ ½ r1

r2

g ¼ ½ g1

g2

   g M ;

ð15Þ

b ¼ ½ b1

b2

   bM ;

ð16Þ

ð14Þ

where rm, gm, and bm are selected coefficients from the red, green, and blue channel, respectively, m = 1, 2, . . . M, and M is the number of selected coefficients from each color channel. The fifth step before encryption is to form a vector of quaternions that will be encrypted:

x ¼ ½ x1 Before encryption, the image has to be preprocessed. First, a color image, e.g. in RGB color representation, is split into three sub-images, one per each color channel. Second, each sub-image is divided into 8 by 8 pixel blocks. Third, the discrete cosine transform (DCT) is performed for each block independently. This operation converts 64 pixel values of each block into 64 DCT coefficients. The next step is to select the most perceptually essential coefficients for encryption. Additionally, the fingerprints will be embedded only in these selected coefficients. Encrypting all coefficients will effectively conceal the entire image. However, it is highly recommended to use partial encryption, i.e. to encrypt only the perceptually essential components of the image. Partial encryption lowers computations, reduces delay and is enough to prevent image estimation with good quality [43]. Perceptually essential coefficients which correspond to the low-frequency spectral com-

   r M ;

x2

   xM ;

xm ¼ 0 þ r m i þ g m j þ bm k;

ð17Þ ð18Þ

where each quaternion xm in vector x represents a point in the 3D space of color channels, and m = 1, 2, . . . M. By using the encryption key, selected coefficients are encrypted according to the formula:

ym ¼ el  ½ðxm þ s1 þ ym1 Þmod s2   e1 l ;

ð19Þ

l ¼ ½ðm  1Þmod N þ 1;

ð20Þ

y ¼ ½ y1

ð21Þ

y2

   yM ;

where ym is an encrypted quaternion, xm is a quaternion containing selected DCT coefficients, el is a quaternion from encryption key e,

5

B. Czaplewski / J. Vis. Commun. Image R. 40 (2016) 1–13

ym1 is a previously encrypted quaternion, m = 1, 2, . . . M, M is the number of selected coefficients from each color channel, N is the length of the encryption key, and y0 is an initialization quaternion which is a fixed quaternion with the real part equal to 0 and nonnegative imaginary parts. The modular addition of previously encrypted quaternion ym1 will be referred to as the quaternionchaining mode of encryption. Finally, s1 is a constant quaternion and s2 is a constant scalar, both of which have been designed to shift values of the all DCT coefficients to positive values and to make modular addition possible. Afterwards, the encrypted DCT coefficients have to be put back from quaternions ym into the same places in the DCT blocks from which they were previously selected. Then all values in DCT blocks are rounded down, set in a zigzag order, converted to a binary form and RLC/Huffman-coded, similar to the JPEG standard. The encrypted image is sent to all users via one multicast transmission. 4.3. Joint fingerprinting and decryption In order to decrypt the data a receiver has to reverse the abovementioned coding operations (RLC/Huffman decoding and inverting the zigzag order the DCT coefficients) and then again select the encrypted coefficients from the DCT blocks and recreate the y vector. Joint fingerprinting and decryption for the h-th user is performed according to the formula:

h i ðhÞ1 ðhÞ x0ðhÞ  ym  dl  ym1 Þmod s2  s1 ; m ¼ ðdl

ð22Þ

l ¼ ½ðm  1Þmod N þ 1; h i x0ðhÞ ¼ x10ðhÞ x20ðhÞ    xN0ðhÞ ;

ð23Þ ð24Þ 0ðhÞ

where x0ðhÞ is the vector of the decrypted quaternions xm with the embedded fingerprint of the h-th user, ðhÞ

from the decryption key d

ðhÞ dl

is the l-th quaternion

of the h-th user, and y0 is an initializaðhÞ

tion quaternion. The difference between e and d , shown in formula (13), embeds the fingerprint in the decrypted image during the decryption process shown in formula (22). As can be seen, the proposed JFD method operates in the cipher quaternion chaining mode, similar to the cipher block chaining mode known from block ciphers. For a better understanding this is visualized in Fig. 1. Afterwards, the decrypted and fingerprinted coefficients have to 0ðhÞ

be put back from quaternions xm in the same places in the DCT blocks from which they were previously selected. In the end the receiver has to perform the inverse discrete cosine transform (IDCT) for each block independently and reconstruct an image by combining all of the blocks and all of the color channels. As a result, the fingerprint spreads through all of the pixels in the entire color image. It can be shown that the real fingerprint embedded in the transform coefficients depends, in a highly nonlinear way, on fingerprint ðhÞ

f of the h-th user, encryption key e, and original coefficients x. For a better understanding let us consider a generalized encryption without quaternion-chaining:

ym ¼ el  xm  e1 l ;

ð25Þ

and consequently a generalized decryption without quaternionchaining: ðhÞ1

x0ðhÞ m ¼ dl

ðhÞ

 ym  dl ;

ð26Þ

where all symbols have their meanings as in the previous formulas. Then, from formulas (25), (26), and (13), we can derive the following:

Fig. 1. Encryption and decryption algorithms for the proposed JFD method based on quaternion rotation.

 1 ðhÞ ðhÞ x0ðhÞ  el  xm  e1  ðel þ a  f l Þ; m ¼ el þ a  f l l  1   ðhÞ ðhÞ 1 x0ðhÞ  fl  xm  1 þ a  e1  fl : m ¼ 1 þ a  el l

ð27Þ ð28Þ

 1 ðhÞ Since 1 þ a  e1  fl can be interpreted as the sum of the foll lowing convergent geometric series: 1   1 u X ðhÞ ðhÞ 1 þ a  e1  fl ¼1þ a  e1  fl ; l l

ð29Þ

u¼1

we can derive that approximately:     ðhÞ ðhÞ 1 x0ðhÞ  xm  1 þ a  e1 ; m ffi 1  a  el  f l l fl x0ðhÞ m ffi xm þ a

ðhÞ  xm  e1 l fl 

a

ðhÞ  e1 l fl

ð30Þ ðhÞ 2  e1 l fl

 xm  a

ðhÞ  xm  e1 l fl ;

ð31Þ

and since a is very small then we can further simplify the formula:

  ðhÞ ðhÞ 1 x0ðhÞ  f l  e1  f l  xm : m ffi xm þ a  xm  el l

ð32Þ

Formula (32) shows that the embedded fingerprint depends on finðhÞ

gerprint f of the h-th user, on encryption key e, and the original coefficients x. Fig. 2 shows examples of an implementation of the proposed method. The images in the row (a) are the original images. The images in the row (b) are encrypted images with only 1 DCT coefficient per block selected for the encryption. The images in the row (c) are encrypted images with 16 DCT coefficients per block selected for the encryption. The images in the row (d) are the decrypted and fingerprinted images. The images in the row

6

B. Czaplewski / J. Vis. Commun. Image R. 40 (2016) 1–13

Fig. 2. (a) Original images of Lena, a house, waves, a bird, and bottles, (b) encrypted images with 1 AC coefficient per block selected, (c) encrypted images with 16 AC coefficients per block selected, (d) decrypted and fingerprinted images, (e) extracted fingerprints for 1 AC coefficient per block selected, and (f) extracted fingerprints for 16 AC coefficients per block selected.

(e) are extracted fingerprints in case of selection 1 coefficient per block. The images in the row (f) are extracted fingerprints in case of selection of 16 coefficients per block. Fingerprints used in the examples were bipolar Gold codes of length 4096 encapsulated in 1024 quaternions. The embedding strength a was set equal to

0.029 in case of selection of 1 coefficient per block and 0.007 in case of selection of 16 coefficients per block. As can be seen in Fig. 2, if we encrypt one DCT coefficient per block the content is obscured but visible to some degree in the encrypted image. Please note that encrypting one coefficient per block is only an example

7

B. Czaplewski / J. Vis. Commun. Image R. 40 (2016) 1–13

and the algorithm allows to encrypt more DCT coefficients per block, as is shown in the row (c) in Fig. 2. It should be noted that imperceptibility of the embedded fingerprint has been achieved. The visual quality of the fingerprinted image was evaluated by PSNR (Peak Signal to Noise Ratio). In case of encryption of 1 DCT coefficient per block, the average PSNR was 40.367 dB in all color channels. The width of the confidence interval for the average PSNR was 0.0043 for 95% confidence level and sample size of 25,000. In case of encryption of 16 DCT coefficients per block, the average PSNR was 40.63 dB in all color channels. The width of the confidence interval for the average PSNR was 0.0188 for 95% confidence level and sample size of 1000. High PSNR values indicate that the quality of the fingerprinted images is quite good. Additionally, it should be noted that the fingerprint is distributed over the entire image, hence a pirate cannot simply cut out a fingerprinted part from a fingerprinted image. It should be noted that it is possible to achieve the desired value of PSNR for any number of encrypted coefficients per block by changing the embedding strength factor a. These are very good, although the expected results. It can be stated that the proposed method is comparable with other JFD methods know from the literature in terms of the level of imperceptibility of embedded fingerprints. PSNR values indicated for other methods are in relatively wide range of 30–55 dB. For example, in the case of the matrix-based joint fingerprinting and decryption method [39] it is shown that the PSNR is 40 dB. In the case of the Kundur and Karthnik’s method [4] it is shown that the PSNR is 30 dB. In the case of the Hillcast method [16,17,29,30] it is shown that the PSNR is 50 dB. For the fingerprinting feature in a quaternion encryption scheme [37] the PSNR is 55 dB. For the Xu et al.’s scheme [28] the PSNR is 45 dB. For the Li et al.’s scheme [22] the PSNR is 40 dB. In the case of VQ-based method [23] it is shown that the PSNR is 30 dB. Naturally, all the above values depend on the value of embedding strength factor of a given method. Additionally, there are some related works which didn’t report any data on PSNR of fingerprinted images, although the imperceptibility is considered achieved. For example, in the case of Cox et al.’s scheme [11] and Celik et al.’s scheme [47], the imperceptibility is achieved via perceptual masking. For the Chameleon method [14], the imperceptibility is achieved via embedding in the least significant bits of pixel values. 4.4. Pirate tracing Identification of potential pirates, i.e. pirate tracing, is performed by the distribution side, which has access to the original image and its customers’ fingerprints, so it is reasonable to use non-blind identification. Identification of pirates is conducted through the correlation analysis of the fingerprint extracted from the pirate copy and fingerprints extracted from the user’s copies. Naturally, it is possible to avoid the fingerprint extraction and perform the correlation analysis of the pirate copy and the original image, although the analysis of extracted fingerprints provides better results. Therefore, in order to identify the pirates, the distribution side has to calculate the extracted fingerprints from the pirate copy and each of the user’s copy. Extraction of the fingerprint from a pirate copy is performed according to the formula:

f ext ¼ ðxpir  xÞ=a; pir

ð33Þ

where x is the vector of quaternions selected for encryption from the original image, xpir is the vector of corresponding quaternions in the pirate copy, a is the embedding strength factor, and f ext is the extracted fingerprint from the pirate copy. pir

Extraction of the fingerprint from the h-th user’s copy is performed according to the formula: ðhÞ

f ext ¼ ðx0ðhÞ  xÞ=a;

ð34Þ

where x is the vector of quaternions selected for encryption from the original image, x0ðhÞ is the vector of corresponding quaternions in the fingerprinted image of the h-th user, a is the embedding ðhÞ

strength factor, and f ext is the extracted fingerprint from the h-th ðhÞ

ðhÞ

user’s image. Note that f ext is different from f , as was pointed out before in formula (32). Alternatively, the distribution side is ðhÞ

able to calculate quaternions of f ext on the basis of formula (32), ðhÞ f ext

is the difference between x0ðhÞ and x, however using forsince mula (34) is faster. In the next step, the distribution side has to calculate the correlation coefficients for the fingerprint extracted from the pirate copy and the fingerprints of all the users. If the correlation coefficient for a specific user’s fingerprint is greater than the detection threshold, this specific user is considered to be a pirate. In order to effectively differentiate between pirates and innocent users, each fingerprint has to have a low correlation with all the other fingerprints and a high correlation with itself. In order to achieve this orthogonal property, the fingerprints are usually spreading sequences, Gold codes, Kasami codes [42,48,49] or i.i.d. Gaussian sequences [11]. The detection threshold should be selected in such a way that the performance criteria for a specific practical scenario will be satisfied. There are three general scenarios [1,8]: ‘catch one, ‘catch many’, and ‘catch all’. In the ‘catch one’ scenario the major concern is to identify at least one pirate with high confidence without accusing innocent users. This set of performance criteria consists of the probability of true positive, i.e. capturing at least one pirate and the probability of false positive, i.e. accusing at least one innocent user. In this scenario the identification threshold is usually set very high. In the ‘catch many’ scenario the major concern is to catch more pirates, possibly at the cost of accusing more innocents. This set of performance criteria consists of the expected fraction of successfully captured pirates and the expected fraction of falsely accused innocent users. In this scenario the identification threshold is usually much smaller than in the previous one. In the ‘catch all’ scenario the major concern is to capture all pirates with a high probability. This set of performance criteria consists of the amount of expected accused innocent users per pirate and the probability of capturing all pirates. In this scenario the selected identification threshold is the lowest. 5. Experimental results The following scenario was simulated in order to examine the robustness of the embedded fingerprints. The total number of users who ordered images was 500. Ten different color images sized 512 by 512 pixels were used in the experiments. The fingerprints were bipolar Gold codes [42] 4096 in length encapsulated in 1024 quaternions. Due to the correlation-based identification, Gold codes were chosen because of their low and limited crosscorrelation coefficients, although they can be replaced by other sequences, e.g. uniform or Gaussian i.d.d. sequences or Hadamard codes, etc. The embedding strength a was chosen as a = 0.029 and the PSNR was greater than 40 dB, so the embedded fingerprints remained unnoticed to the human eye. Distribution of each of the 10 images was repeated 5 times, each time for a different set of keys. This gave a total of 50 simulated distributions. These simulated distributions were attacked in various ways and the results are presented and described in the following subsections. In the case of any attack the identification of pirates was based on the correlation coefficient value. The correlation coefficient value for a fingerprint from the pirate copy and each user’s

8

B. Czaplewski / J. Vis. Commun. Image R. 40 (2016) 1–13

fingerprint were compared with identification threshold tD. If the correlation coefficient value was greater than threshold tD, a user was identified as a pirate. The results presented in the following subsections are the results of pirate tracing, i.e. identification of pirates. 5.1. Robustness to noise Embedded fingerprints were tested against noise. In the attack a pirate attempted to remove his or her fingerprint by noise addition without a significant reduction in the visual quality. Gaussian noise was added into each color sub-image. The mean value was equal to 0 and the variance was dependent on the desired SNR (Signal to Noise Ratio). For each of the 50 simulated distributions described at the beginning of this section, 3 attacks were simulated, i.e. attacks by noise addition with SNR equal to 15 dB, 10 dB, and 5 dB. Fig. 3 shows examples of the identification of pirates in the case of noise addition. In the simulated attacks the 100th user was the pirate and tried to remove his or her fingerprint by noise addition. As can be seen, for each attack the auto-correlation coefficient for the 100th user fingerprint is very high and the cross-correlation coefficients with other fingerprints are very low. With such properties it is incredibly easy to identify a pirate, which was presented in Fig. 3. Faultless pirate identification has been achieved in all of the simulations for all of the considered SNRs. Faultless identification means that the pirate has been correctly identified and none of innocent users have been falsely accused in every simulation. It should be considered that robustness to noise has been achieved even in the case of SNR equal to 5 dB. Robustness to noise is a property which is usually not even considered in most papers on JFD methods. Few exceptions are the matrix-based joint fingerprinting and decryption method [39], which is also robust against the noise with SNR equal to 5 dB, and VQ-based JFD methods [23], which are robust against the noise with magnitude of 1–16 of component values. Other related works didn’t report any study on robustness to noise.

5.2. Robustness to compression Embedded fingerprints were tested against JPEG compression. In the attack a pirate attempted to remove his or her fingerprint by image compression without a significant reduction in the visual quality. For each of the 50 simulated distributions described at the beginning of this section, 3 attacks were simulated, i.e. attacks by compression along with maintaining 70%, 50%, and 30% image quality. Fig. 4 shows examples of the identification of pirates in the case of compression attacks. In the simulated attacks the 100th user was the pirate and tried to remove his or her fingerprint by compressing the image. As can be seen, for each attack the autocorrelation coefficient for the 100th user fingerprint is very high and the cross-correlation coefficients with other fingerprints are very low. With such properties it is incredibly easy to identify a pirate, which was presented in Fig. 4. Faultless pirate identification has been achieved in all of the simulations for all of the considered levels of compression. Faultless identification means that the pirate has been correctly identified and none of innocent users have been falsely accused in every simulation. It should be considered that robustness to compression has been achieved even in the case of JPEG compression with 30% image quality. Robustness to compression of the proposed method is very high. A similar level of robustness to compression can be observed in other JFD methods that are embedding fingerprints in perceptually essential components of the image in the frequency domain, e.g. in low-frequency DCT coefficients. The examples of very similar robustness to compression are the matrixbased joint fingerprinting and decryption method [39], Kundur and Karthnik’s method [4], and Cox et al.’s method [11]. The important fact is that the proposed method has a much greater robustness to compression than JFD methods that are embedding fingerprints in spatial domain, e.g. in pixel values, e.g. Hillcast method [29,30], or the fingerprinting feature in a quaternion encryption scheme [37].

Fig. 3. Examples of identification of pirates in the case of noise addition with SNE equal to 15 dB, 10 dB, and 5 dB.

Fig. 4. Examples of identification of pirates in the case of compression with maintaining 70%, 50%, 30% quality.

B. Czaplewski / J. Vis. Commun. Image R. 40 (2016) 1–13

5.3. Robustness to collusion attacks The greatest threat to the embedded fingerprints are collusion attacks [9,50], which are the attacks performed by a group of colluded pirates. In these attacks, each pirate in a collusion has access to a copy of the same multimedia content with his or her fingerprint. During the attack, the colluders combine their differently fingerprinted copies, by using a specific function, in order to obtain a pirate copy without any fingerprint or at least very damaged fingerprint. Collusion attacks are divided into linear and nonlinear attacks, due to the function used to combine pirate’s copies. Typically, a collusion attack is an attack performed by a number of malicious users, each of which has one fingerprinted copy. However, a collusion attack may also be performed by a single malicious user who has multiple copies of the same multimedia content but each with different fingerprint. Embedded fingerprints were tested against various collusion attacks, both linear and nonlinear, i.e. averaging attack, minimum attack, maximum attack, median attack, minmax attack, modified negative attack, randomized negative attack [9,50] and averaging attack combined with JPEG compression (70% quality). For each of the 50 simulated distributions as described at the beginning of this section and for each type of attack, 6 collusions were simulated, i.e. collusions of 20, 30, 40, 60, 80, and 100 pirates. Pirate copies obtained with these attacks are generated as follows: C X 1

xðcÞ ; C n   ¼ min fxðcÞ n gc¼1;2;:::C ;

ð35Þ

¼ maxðfxnðcÞ gc¼1;2;:::C Þ; xmax n   ¼ med fxðcÞ xmed n n gc¼1;2;:::C ;

ð37Þ

xave ¼ n

c¼1

xmin n

ð38Þ

þ ; 2 min max ¼ xn þ xn  xmed ; n

¼ xminmax n xmodneg n

ð36Þ

xmin n

( ¼ xrandneg n

xmax n

xmin n

with probability p

xmax n

with probability ð1  pÞ

ð39Þ ð40Þ

;

ð41Þ

ðcÞ

where xn is a value of the n-th component (e.g. a pixel value or DCT coefficient) of the c-th pirate’s fingerprinted copy, xave is a value of n the n-th component of the pirate copy obtained in the averaging is a value of the n-th component of the pirate copy attack, xmin n is a value of the n-th compoobtained in the minimum attack, xmax n is a nent of the pirate copy obtained in the maximum attack, xmed n value of the n-th component of the pirate copy obtained in the medis a value of the n-th component of the pirate ian attack, xminmax n copy obtained in the minmax attack, xmodneg is a value of the n-th n component of the pirate copy obtained in the modified negative is a value of the n-th component of the pirate copy attack, xrandneg n obtained in the randomized negative attack, n ¼ 1; 2; :::N , N is the number of all the components in the image, c ¼ 1; 2; :::C , C is the number of all the pirates in the collusion, functions min(), max(), and med() return respectively the minimum, the maximum, and the median of a given set, the probability p is usually equal to ½. In the averaging attack with JPEG compression, a pirate copy obtained by the averaging attack is later compressed according to the JPEG standard. In order to examine the robustness to collusion attacks, two detection scenarios were considered: ‘catch many’ and ‘catch one’ scenario [1,8]. In the ‘catch many’ scenario, the set of criteria consists of the average fraction of successfully captured pirates cTP

9

and the average fraction of falsely accused innocent users cFP. Assume the following definition of robustness to collusion attacks for the ‘catch many’ scenario: If cTP P 0.9 and cFP 6 0.01 in case of collusions of C pirates, then the tested method is robust against collusion attacks performed by up to C pirates. In the ‘catch one scenario, the set of criteria consists the probability of capturing at least one pirate PTP, i.e. the probability of true positive, and the probability of accusing at least one innocent user PFP, i.e. the probability of false positive. Assume the following definition of robustness to collusion attacks for the ‘catch one scenario: If PTP P 0.999 and PFP 6 0.001 in case of collusions of C pirates, then the tested method is robust against collusion attacks performed by up to C pirates. Figs. 5 and 6 show the method’s robustness to collusion attacks for ‘catch many’ and ‘catch one’ scenario, respectively. Plots in the subsequent rows refer to different types of attack: (a) averaging attack and median attack, (b) minimum attack, maximum attack, and minmax attack, (c) randomized negative attack, (d) modified negative attack, (e) averaging attack with JPEG compression (70% quality). The different line colors on the plots mean the different numbers of pirates involved in the collusion attack, i.e. 20, 30, 40, 60, 80, and 100 pirates. In Fig. 5, the first column shows plots of cTP against detection threshold tD. In Fig. 6, the first column shows plots of PTP against detection threshold tD. In these plots the curve further to the right means better performance of pirates tracing, more specifically, greater chance of identifying a pirate. In Fig. 5, the second column shows plots of cFP against detection threshold tD. In Fig. 6, the second column shows plots of show PFP against detection threshold tD. In these plots the curve further to the left means better performance of pirates tracing, more specifically, less risk of accusing an innocent user. It should be noted that the PFP does not change significantly if the number of pirates grows. In Fig. 5, the third column shows plots of cTP against cFP. In Fig. 6, the third column shows plots of PTP against PFP. These plots are ROC (Receiver Operating Characteristics) curves. The experimental results presented in Figs. 5 and 6 indicate that the embedded fingerprints are very robust against collusion attacks. According to the previously stated definitions of robustness to collusion attacks, the following conclusions can be drawn from the simulation results. The tested method is robust against averaging attack and median attack performed by up to 100 pirates in case of the ‘catch many’ scenario (cTP = 0.926, cFP = 0.01) and 100 pirates in case of the ‘catch one’ scenario (PTP = 1, PFP = 0). The tested method is robust against minimum attack, maximum attack, and minmax attack performed by up to 30 pirates in case of the ‘catch many’ scenario (cTP = 0.952, cFP = 0.01) and 40 pirates in case of the ‘catch one’ scenario (PTP = 1, PFP = 0). The tested method is robust against randomized negative attack performed by up to 20 pirates in case of the ‘catch many’ scenario (cTP = 1, cFP = 0) and 30 pirates in case of the ‘catch one’ scenario (PTP = 1, PFP = 0). The tested method is robust against modified negative attack performed by up to 60 pirates in case of the ‘catch many’ scenario (cTP = 0.944, cFP = 0.01) and 100 pirates in case of the ‘catch one’ scenario (PTP = 1, PFP = 0). The tested method is robust against averaging attack with JPEG compression (70% quality) performed by up to 40 pirates in case of the ‘catch many’ scenario (cTP = 0.996, cFP = 0.01) and 90 pirates in case of the ‘catch one’ scenario (PTP = 1, PFP = 0). Moreover, in case of the ‘catch many’ scenario, faultless pirate identification (PTP = 1 and PFP = 0) has been achieved in all of the simulations for a collusion of 20 pirates in minimum, maximum, minmax, and randomized negative attacks, 30 pirates in averaging attacks with compression and 40 pirates in averaging and median attacks. Faultless identification means that every pirate has been correctly identified and none of innocent users have been falsely accused in every simulation for the considered number of pirates.

10

B. Czaplewski / J. Vis. Commun. Image R. 40 (2016) 1–13

Fig. 5. The method’s robustness to collusion attacks: (a) averaging attack, median attack, (b) minimum attack, maximum attack, minmax attack, (c) randomized negative attack, (d) modified negative attack, and (e) averaging attack with JPEG compression (70% quality), in the case of 20, 30, 40, 60, 80, 100 pirates, for the ‘catch many’ scenario.

B. Czaplewski / J. Vis. Commun. Image R. 40 (2016) 1–13

11

Fig. 6. The method’s robustness to collusion attacks: (a) averaging attack, median attack, (b) minimum attack, maximum attack, minmax attack, (c) randomized negative attack, (d) modified negative attack, and (e) averaging attack with JPEG compression (70% quality), in the case of 20, 30, 40, 60, 80, 100 pirates, for the ‘catch one’ scenario.

12

B. Czaplewski / J. Vis. Commun. Image R. 40 (2016) 1–13

These are very good results, as other methods known from the literature do not handle or even consider such a large number of pirates. The greatest attention should be paid to the averaging attack, because most other fingerprinting methods have used averaging attacks in their studies, so this attack has become a commonly accepted tool for comparison between different fingerprinting methods. Of course, nonlinear collusion attacks pose a much greater threat than linear collusion attacks, but unfortunately the resistance to collusion attacks is usually studied in the context of the averaging attack. There are extensive publications, which also address nonlinear collusion attacks and collusion attacks combined with compression, but they are a minority. For example, the Chameleon cipher [14] is robust against collusion of up to 4 pirates. The Fingercasting scheme [15,20] is based on Cox’s watermarking scheme [11], which was tested for an averaging collusion attack of 5 pirates. Parviainen and Parnes’s fingerprinting [51] can identify a pirate with high probability if there are 10 pirates in the collusion. The Hillcast method [16,17] can identify a pirate with a high success rate if there are 10 pirates in an averaging attack, however, there is also a high number of wrongly accused innocent users. The fingerprinting feature in a quaternion encryption scheme [38,39] is robust against up to 30 pirates in the case of an averaging attack. Xu et al.’s scheme [28] can resist a dozen colluders in an averaging attack. Li et al.’s algorithm [22] provides almost faultless pirate identification in the case of 3 colluders in averaging attack, maximum attack, minimum attack, minmax attack, median attack, randomized negative attack, and averaging attack with compression (95–55% quality). The matrixbased joint fingerprinting and decryption method [39] is robust against an averaging attack by up to 60 pirates and is robust against an averaging attack with compression (70% quality) by up to 40 pirates. The hierarchical spread spectrum fingerprinting scheme [27] is robust against up to 80–90 pirates in the case of an averaging attack and up to 35 pirates in case of an averaging attack with compression (75% quality). However, the hierarchical fingerprinting scheme is not a JFD method, but it is a traditional transmitter-side fingerprinting method. In this case the superiority of the proposed method lies in the advantages of the JFD philosophy, which grants high scalability through the usage of multicast transmissions. In comparison to these techniques and based on the experimental results it can be seen that the proposed method has very high robustness against collusion attacks.

6. Conclusions The paper presents a novel joint fingerprinting and decryption method based on quaternion rotation with cipher quaternion chaining. The main goal of this method is pirate tracing, i.e. identification of malicious users in multimedia distribution services. The proposed method draws benefits from the concept of JFD, which is characterized by minimal demands on bandwidth and computing resources. In addition, the advantage of the quaternion-based method is that the algorithm processes jointly all three subimages of the color image (e.g. three color channels), what can be described as a holistic fingerprinting of color images. The presented method shows an innovative use of the quaternion calculus for the purpose of joint fingerprinting and decryption. Fingerprint embedding in a 3D color space is an original approach in the field of digital fingerprinting. The experimental results proved the method’s very high robustness against noise, compression, and collusion attacks, both linear and nonlinear. The method was tested against Gaussian noise with SNR equal to 15 dB, 10 dB, and 5 dB. In each case, faultless pirate identification has been achieved. The method was tested against JPEG compression with quality factor equal to 70%, 50%, and 30%.

In each case, faultless pirate identification has been achieved. The method was tested against averaging attack, minimum attack, maximum attack, median attack, minmax attack, modified negative attack, randomized negative attack, and averaging attack combined with compression. Section 5 contains extensive test results for ‘catch many’ scenario and ‘catch one’ scenario. In comparison to other techniques and based on the experimental results it can be seen that the proposed method has very high robustness against collusion attacks. Since the experimental results are very promising, development of the quaternion-based JFD method presented here will continue. The proposed method opens many possibilities for new studies. Future work could focus on: optimization of the extraction process, correlation analysis of extracted fingerprints, automatic adjustment of the embedding strength factor, robustness against collusion attacks on decryption keys, and the use of ACC fingerprints. References [1] K.J.R. Liu, W. Trappe, Z.J. Wang, M. Wu, H. Zhao, Multimedia fingerprinting forensics for traitor tracing, EURASIP Book Series on Signal Processing and Communications, vol. 4, Hindawi Publishing Corporation, New York, 2005. [2] Y. Wang, A. Pearmain, Blind image data hiding based on self reference, Pattern Recogn. Lett. 25 (15) (2004) 1681–1689. [3] C.C. Chang, Y.S. Hu, T.C. Lu, A watermarking-based image ownership and tampering authentication scheme, Pattern Recogn. Lett. 27 (5) (2006) 439– 446. [4] D. Kundur, K. Karthik, Video fingerprinting and encryption principles for digital rights management, Proc. IEEE 92 (6) (2004) 918–932. [5] S. Suthaharan, S.W. Kim, H.K. Lee, S. Sathananthan, Perceptually tuned robust watermarking scheme for digital images, Pattern Recogn. Lett. 21 (2) (2000) 145–149. [6] V. Mehan, R. Dhir, Y.S. Brar, Joint watermarking and fingerprinting approach for colored digital image in double DCT domain, in: Proc. 2013 IEEE Int. Conf. on Signal Processing, Computing and Control (IEEE ISPCC), 2013, pp. 1–6. [7] S. Maity, M. Kundu, T. Das, Robust SS watermarking with improved capacity, Pattern Recogn. Lett. 28 (3) (2007) 350–356. [8] K.J.R. Liu, W. Trappe, Z.J. Wang, M. Wu, Collusion-resistant fingerprinting for multimedia, IEEE Signal Process. Mag. 21 (2004) 15–27. [9] K.J.R. Liu, Z.J. Wang, M. Wu, H. Zhao, Forensic analysis of nonlinear collusion attacks for multimedia fingerprinting, IEEE Trans. Image Process. 14 (5) (2005) 646–661. [10] S. He, M. Wu, Joint coding and embedding techniques for multimedia fingerprinting, IEEE Trans. Inf. Forensics Secur. (2006). [11] I.J. Cox, J. Kilian, F.T. Leighton, T.G. Shamoon, Secure spread spectrum watermarking for multimedia, IEEE Trans. Image Process. 6 (12) (1997) 1673–1687. [12] A. Mishra, A. Goel, R. Singh, G. Chetty, L. Singh, A novel image watermarking scheme using Extreme Learning Machine, in: Proc. 2012 Int. Jt. Conf. on Neural Netw. (IJCNN), 2012, pp. 10–15. [13] M. Ammar, P. Judge, WHIM: Watermarking multicast video with a hierarchy of intermediaries, in: Proc. 10th Int. Workshop on Netw. and Operating Syst. Support for Digital Audio and Video (NOSSDAV), 2000. [14] R. Anderson, C. Manifavas, Chameleon – A new kind of stream cipher, in: E. Biham (Ed.), Lecture Notes in Computer Science, Fast Softw. Encryption, Springer-Verlag, 1997, pp. 107–113. [15] A. Adelsbach, U. Huber, A.-R. Sadeghi, Fingercasting – Joint fingerprinting and decryption of broadcast messages, Proc. 11th Australasian Conf. Information Security Privacy, vol. 4058, 2006, pp. 136–147. [16] B. Czaplewski, R. Rykaczewski, Improvement of fingerprinting method based on hill cipher by using frequency domain, in: Proc. ICT Young 2012 Conf., 2012, pp. 231–236. [17] B. Czaplewski, R. Rykaczewski, Immunizing the Hillcast method against the known-Plaintext attack using periodic key exchange, Telecommun. Rev. + Telecommun. News 8–9 (2013) 830–835. [18] B. Czaplewski, R. Rykaczewski, Receiver-side fingerprinting method based on quaternion sandwich product, Telecommun. Rev. + Telecommun. News 8–9 (2014) 1170–1176. [19] S. Rawat, B. Raman, A blind watermarking algorithm based on fractional Fourier transform and visual cryptography, Sig. Process. 92 (6) (2012) 1480– 1491. [20] S. Katzenbeisser, B. Skoric, M. Celik, A.-R. Sadeghi, Combining Tardos fingerprinting codes and fingercasting Information Hiding, in: T. Furon, F. Cayre, G. Doërr, P. Bas (Eds.), Lecture Notes in Computer Science, vol. 4567, Springer, 2007, pp. 294–310. [21] G. Tardos, Optimal probabilistic fingerprint codes, JACM 55 (2) (2008) 116– 125. [22] X. Li, B. Guo, F. Meng, L. Li, A novel fingerprinting algorithm with blind detection in DCT domain for images, Int. J. Electron. Commun. (AEÜ) 65 (2011) 942–948.

B. Czaplewski / J. Vis. Commun. Image R. 40 (2016) 1–13 [23] C.Y. Lin, P. Prangjarote, L.W. Kang, W.L. Huang, T.H. Chen, Joint fingerprinting and decryption with noise-resistant for vector quantization images, Sig. Process. 92 (9) (2012) 2159–2171. [24] P. Prangjarote, C.Y. Lin, L.W. Kang, C.H. Yeh, Joint fingerprinting and decryption for VQ images through bipartite matching, in: Proc. Sixth Int. Conf. Genetic and Evolutionary Computing, 2012, pp. 27–30. [25] M. Li, D. Xial, Y. Zhang, H. Liu, Attack and improvement of the joint fingerprinting and decryption method for vector quantization images, Sig. Process. 99 (2014) 17–28. [26] C.-Y. Lin, P. Prangjarote, C.-H. Yeh, H.-F. Ng, Reversible joint fingerprinting and decryption based on side match vector quantization, Sig. Process. 98 (2014) 52–61. [27] M. Kuribayashi, Hierarchical spread spectrum fingerprinting scheme based on the CDM technique, EURASIP J. Inform. Sec. 2011 (2011) 502782, http://dx.doi. org/10.1155/2011/502782. [28] Y. Xu, L. Xioung, Z. Xu, S. Pan, A content security protection scheme in JPEG compressed domain, J. Vis. Commun. Image R 25 (2014) 805–813. [29] R. Rykaczewski, Hillcast – a method of joint decryption and fingerprinting for multicast distribution of multimedia data, Gdansk Univ. Technol., Faculty Electron., Telecommun. Inform. Ann., Inform. Technol. 19 (8) (2010) 231–236. [30] B. Czaplewski, R. Rykaczewski, Joint fingerprinting and cryptographic protection of data using the Hill Cipher, Gdansk Univ. Technol., Faculty Electron., Telecommun. Inform. Ann., ICT Young series 1 (9) (2011) 237–242. [31] T. Nagase, M. Komata, T. Araki, Secure signals transmission based on quaternion encryption scheme, IEEE Adv. Inf. Networks Appl. (AINA 2004), vol. 2, 2004, pp. 35–38. [32] T. Nagase, R. Koide, T. Araki, Y. Hasegawa, A new quadripartite public-key cryptosystem, in: International Symposium on Communications and Information Technology (ISCIT), 2004, pp. 74–79. [33] R. Goldman, An Integrated Introduction to Computer Graphics and Geometric Modeling, CRC Press, New York, 2009. [34] R. Goldman, Understanding quaternions, Graph. Models 73 (2) (2011) 21–49. [35] M. Dzwonkowski, R. Rykaczewski, Quaternion encryption method for image and video transmission, Telecommun. Rev. + Telecommun. News 8–9 (2013) 1216–1220. [36] M. Dzwonkowski, R. Rykaczewski, A new quaternion encryption scheme for image transmission, in: Proc. ICT Young 2012 Conf., 2012, pp. 21–27.

13

[37] B. Czaplewski, M. Dzwonkowski, R. Rykaczewski, Digital fingerprinting for color images based on the quaternion encryption scheme, Pattern Recogn. Lett. 46 (2014) 11–19, http://dx.doi.org/10.1016/j.patrec.2014.05.001. [38] B. Czaplewski, M. Dzwonkowski, R. Rykaczewski, Digital fingerprinting based on quaternion encryption scheme for gray-tone images, J. Telecommun. Inform. Technol. 2 (2014) 3–11. [39] B. Czaplewski, R. Rykaczewski, Matrix-based robust joint fingerprinting and decryption method for multicast distribution of multimedia, Sig. Process. 111 (2015) 150–164. [40] F. Zhang, Quaternion and Matrices of Quaternions, Linear Algebra and its Applications, Elsevier Science Inc., 1997, pp. 21–57. [41] M.J. Baker, Maths – Quaternions, (18.06.2014). [42] A. Kortun, A. Hocanin, Spreading codes in CDMA detection, in: EE-574 Detection and Estimation Theory, 2003. [43] H. Cheng, X. Li, Partial encryption of compressed images and videos, IEEE Trans. Signal Process. 48 (2000) 2439–2451. [44] G. Dimauro, A new image quality metric based on human visual system, in: VECIMS 2012, Proc. 2012 IEEE Int. Conf., 2012, pp. 69–73. [45] C.H. Lee, H.S. Oh, Y. Baek, H.K. Lee, Adaptive digital image watermarking using variable size of blocks in frequency domain, in: TENCON 99. Proc. IEEE Region 10 Conf., 1999, pp. 702–705. [46] S. Li, A. Karrenbauer, D. Saupe, C.-C. Jay Kuo, Recovering missing coefficients in DCT-transformed images, in: Proceedings of 18th IEEE International Conference on Image Processing ICIP 2011, 2011, pp. 1537–1540. [47] M. Celik, A. Lemma, S. Katzenbeisser, M. van der Veen, Lookup-table-based secure client-side embedding for spread-spectrum watermarks, IEEE Trans. Inform. Forensics Sec. 3 (3) (2008) 475–487. [48] D. Kedia, Comparative analysis of peak correlation characteristics of nonorthogonal spreading codes for wireless systems, Int. J. Distrib. Parallel Syst. (IJDPS) 3 (3) (2012) 63–74. [49] K. Kettunen, Code selection for CDMA systems, Licent Course on Signal Processing in Communication, 1997. [50] X.-W. Li, B.-L. Guo, X.-X. Wu, On collusion attack for digital fingerprinting, J. Inform. Hiding Multimedia Sig. Process. 2 (4) (2011) 366–376. [51] R. Parviainen, R. Parnes, Large scale distributed watermarking of multicast media through encryption, in: Proc. IFIP Int. Conf. Commun. and Multimed. Security Issues of the New Century, 2001, pp. 149–158.