Existing Watermarking Schemes Research Articles

Watermarking in Secure Federated Learning: A Verification Framework Based on Client-Side Backdooring

Federated learning (FL) allows multiple participants to collaboratively build deep learning (DL) models without directly sharing data. Consequently, the issue of copyright protection in FL becomes important since unreliable participants may gain access to the jointly trained model. Application of homomorphic encryption (HE) in a secure FL framework prevents the central server from accessing plaintext models. Thus, it is no longer feasible to embed the watermark at the central server using existing watermarking schemes. In this article, we propose a novel client-side FL watermarking scheme to tackle the copyright protection issue in secure FL with HE. To the best of our knowledge, it is the first scheme to embed the watermark to models under a secure FL environment. We design a black-box watermarking scheme based on client-side backdooring to embed a pre-designed trigger set into an FL model by a gradient-enhanced embedding method. Additionally, we propose a trigger set construction mechanism to ensure that the watermark cannot be forged. Experimental results demonstrate that our proposed scheme delivers outstanding protection performance and robustness against various watermark removal attacks and ambiguity attack.

An end-to-end screen shooting resilient blind watermarking scheme for medical images

The rapid progress in artificial intelligence and network communication has led to the development of advanced regional medical systems, revolutionizing the way hospitals and patients connect. However, the security of these systems is threatened by the potential breach of medical data, especially sensitive medical images. Existing watermarking schemes have focused on optimizing either imperceptibility or robustness, creating a fundamental trade-off between these two aspects that poses a significant challenge in the field. To address this challenge and ensure the confidentiality and integrity of medical data, this paper proposes an end-to-end screen shooting resistant blind watermarking scheme for medical images. The proposed method offers a robust and reliable solution for the secure transmission and storage of medical images, particularly in the face of screen shooting attacks. To enhance both security and imperceptibility, the scheme employs a novel encryption technique based on BCH codes, resulting in a trinary sequence for watermark images. These watermarks are then embedded in the spatial domain, effectively protecting against unauthorized access while preserving the integrity of the original image. To further enhance robustness, the method introduces a neural network structure specifically designed to resilient screen shooting attacks. By simulating the screen shooting process and incorporating various distortions, this network combines the strengths of residual networks and generative adversarial networks. Moreover, the proposed method introduces a novel loss function that exploits the unique characteristics of the image transformation domain, optimizing both imperceptibility and robustness. In the subsequent experiment, the watermarked images achieved satisfactory results with the highest PSNR and SSIM values reaching 62.563 dB and 0.9999, respectively. The proposed scheme provides an effective solution to protect the privacy and copyright of medical images, effectively addressing a critical security concern prevalent in regional healthcare systems.

PLMmark: A Secure and Robust Black-Box Watermarking Framework for Pre-trained Language Models

The huge training overhead, considerable commercial value, and various potential security risks make it urgent to protect the intellectual property (IP) of Deep Neural Networks (DNNs). DNN watermarking has become a plausible method to meet this need. However, most of the existing watermarking schemes focus on image classification tasks. The schemes designed for the textual domain lack security and reliability. Moreover, how to protect the IP of widely-used pre-trained language models (PLMs) remains a blank. To fill these gaps, we propose PLMmark, the first secure and robust black-box watermarking framework for PLMs. It consists of three phases: (1) In order to generate watermarks that contain owners’ identity information, we propose a novel encoding method to establish a strong link between a digital signature and trigger words by leveraging the original vocabulary tables of PLMs. Combining this with public key cryptography ensures the security of our scheme. (2) To embed robust, task-agnostic, and highly transferable watermarks in PLMs, we introduce a supervised contrastive loss to deviate the output representations of trigger sets from that of clean samples. In this way, the watermarked models will respond to the trigger sets anomaly and thus can identify the ownership. (3) To make the model ownership verification results reliable, we perform double verification, which guarantees the unforgeability of ownership. Extensive experiments on text classification tasks demonstrate that the embedded watermark can transfer to all the downstream tasks and can be effectively extracted and verified. The watermarking scheme is robust to watermark removing attacks (fine-pruning and re-initializing) and is secure enough to resist forgery attacks.

A Reversible Watermarking for 2D Engineering Graphics Based on Difference Expansion With Adaptive Interval Partitioning

To resolve the distortion resulting from the mismatch between the interval partition and the watermark distribution in the reversible watermarking based on difference expansion, an investigation is made to difference expansion with adaptive interval partitioning. It is found that the conventional floating number-based methods with uniform interval partitioning are not fully considering different watermark distributions, and the embedding distortion can be optimized. Thus, a reversible watermarking based on difference expansion with adaptive interval partitioning is put forward for 2D engineering graphics. Each interval is adaptively partitioned into 2^s sub-intervals, and the watermark is embedded via transforming the positions of the vertices to its corresponding sub-intervals. The watermark extraction is accomplished by acquiring the indices of the sub-intervals of the watermarked vertices, and the graphics recovery is achieved by moving the watermarked vertices to the reverse direction. Moreover, a new polar coordinate system is built to be invariant to overall geometric transformation and vertices rearrangement. Experimental results and analysis indicate that it maintains good authentication ability and semi-fragility. Furthermore, its imperceptibility is significantly improved compared with the existing watermarking schemes under the same experimental conditions.

A Novel Hybrid Reversible-Zero Watermarking Scheme to Protect Medical Image

The verification of copyright and authenticity for medical images is critical in telemedical applications. Watermarking is a key technique for protecting medical images and can be mainly divided into three categories: region of interest (ROI) lossless watermarking, reversible watermarking and zero-watermarking. However, ROI lossless watermarking causes biases on diagnosis. Reversible watermarking can hardly provide a continuous verification function and may face verification disputes after image recovering. Zero-watermarking requires third-party storage which may cause additional security problems. To address these issues, a hybrid reversible-zero watermarking (HRZW) is proposed in this paper to effectively combine the complementary advantages of reversible watermarking and zero-watermarking. In our scheme, a novel hybrid structure is designed including a zero-watermarking component and a reversible watermarking component. In the first component, ownership share is generated by mapping nearest neighbor grayscale residual (NNGR) based features and watermark information. In the second component, the generated ownership share is embedded reversibly based on Slantlet Transform, Singular Value Decomposition and Quantization Index Modulation (SLT-SVD-QIM). Experimental results demonstrate that our proposed scheme not only yields remarkable watermarking imperceptibility, distinguishability and robustness, but also provides continuous verification function without any dispute or third-party storage, which outperforms existing watermarking schemes for medical images.

Geometric correction code‐based robust image watermarking

AbstractDigital image watermarking is one of the effective schemes to protect the copyrights of still images. However, the existing watermarking schemes are still not robust enough to the common geometric transformation attacks such as arbitrary rotation, scaling and shifting with desirable hiding capacity. To address this issue, we propose a robust watermarking scheme based on geometric correction codes (GCCs). In this scheme, the watermark and pre‐set GCCs are combined and embedded into a cover image to obtain the watermarked image. At the stage of watermark extraction, the watermarked image, under a variety of geometric transformation attacks, can be geometrically corrected by minimising the difference between the extracted and the original GCCs, then the watermark is extracted from the watermarked image. The experiments demonstrate that, compared to the typical watermarking schemes, the proposed scheme achieves much higher robustness to the common geometric transformation attacks and comparable invisibility with the same embedding capacity.

Digital watermarking algorithm based on 4-level discrete wavelet transform and discrete fractional angular transform

Nowadays, there are many watermarking algorithms based on wavelet transform. The simple one is to insert directly the watermark into the wavelet transform coefficients. However, most of the existing watermarking schemes can only resist traditional signal processing attacks, such as image compression, noise and filtering. When the watermarked image is subject to geometric transformations, especially rotation attack, it is hard to detect the watermark successfully. In this paper, a digital watermarking algorithm is proposed based on 4-level discrete wavelet transform and discrete fractional angular transform. To enhance the security of the algorithm, the watermark is scrambled with the simplicity of Arnold transform and chaos-based mix optical bistability model, since the chaos is pseudorandom and sensitive to the initial values. And the watermark is embedded into the medium frequency sub-band of the 1-level wavelet decomposition according to the Harris feature point detection. Simulation results show that the proposed digital watermarking algorithm by combining 4-level discrete wavelet transform with discrete fractional angular transform could resist rotation attack and other common attacks.

Multi-level security of medical images based on encryption and watermarking for telemedicine applications

In this paper, a robust and hybrid domain watermarking scheme is proposed for the security of medical images in telemedicine applications. The secret identity of the patient is inserting into the cover medical image using the hybridization of ridgelet transform and singular value decomposition for the purposed of identification and authentication. For better security of watermarked medical image, the Arnold scrambling based encryption is applying to it before sending it at the receiver end. The main advantage of this scheme is multi-level security where secret patient information is inserted to cover medical image to get a secure watermarked medical image using watermarking. Then, encryption is applied to the watermarked medical image to generate its encrypted version. Thus, this proposed scheme provides multi-level security using watermarking and encryption. The advantage of multi-level security in the proposed scheme is that if an imposter or attacker tries to get patient identity from the medical image, he or she requires multiple information in terms of extraction steps and keys, etc. The other reason for proposed this scheme that it improves the payload capacity of many existing watermarking schemes. Experimental results of the scheme indicated that the proposed scheme provides high imperceptibility and more robustness against various types of attacks. Further, the performance of the proposed scheme is found better than existing medical watermarking schemes. Furthermore, quality checking of watermarked medical image is done by various quality measures which are indicated that the quality of the image has fulfilled the benefits of secure telemedicine applications.

A hybrid matrix factorization technique to free the watermarking scheme from false positive and negative problems

Optimization techniques are used in watermarking algorithms to balance the trade-off between the two mutually conflicting parameters-imperceptibility and robustness. Differential Evolution (DE) with Rotational Cross over (RCO), namely DE-RCO, is employed in the proposed algorithm to improve the convergence of optimization. The DE-RCO provides a watermarking scheme with the highest robustness preserving the transparency. The watermark encoding and decoding carried in the transform domain with a hybrid combination of Schur Factorization (SF) and Singular Value Decomposition (SVD). Two-fold security provided with the Digital Signature (DS) generation and B-test. The DS is concealed in the watermarked image for authentication purpose of freeing the algorithm from the false-positive problem. When the signature passed through the insecure channel, it may corrupt and lead to the failure of the A-test, even the correct watermark given at the extraction leading to the false-negative problem. B-test is conducted to free the algorithm from a false negative problem. An enhanced authentication framework designed and implemented to make the algorithm free from the false-positive and false-negative issues using DS and the hash generated by Gaussian Hermite Moments (GHMs). The experimental results compared with the related existing watermarking schemes demonstrate that the proposed scheme exhibit strong robustness to attacks, invisible and highly secure against false-positive and false-negative problems.

Blind watermarking for color images using EMMQ based on QDFT

In this study, we developed a novel scheme for the blind watermarking of color images. The proposed scheme incorporates extreme pixel adjustment (EPA), multi-bit partly sign-altered mean modulation (MPSAM), mixed modulation (MM), and particle swarm optimization (PSO) within a scheme based on crisscross inter-block quaternion discrete Fourier transform (QDFT). Accordingly, the proposed scheme employing EPA, MPSAM, MM, and QDFT is referred to as EMMQ. The image is separated into non-overlapping 8 × 8 pixel blocks, whereupon MPSAM is used to map multiple bits within a single block using multiple coefficients in one of the four transformed components of QDFT. The use of MM to embed the watermark allows for superior image quality and strong resistance to image processing attacks. Our use of PSO also makes it possible to optimize the EMMQ parameters, thereby enabling outstanding robustness without compromising imperceptibility. Experiment results demonstrate the efficacy of the proposed scheme in resisting a variety of image-processing attacks, with performance superior to that of existing watermarking schemes in terms of imperceptibility and robustness for a given payload capacity.

JND-Guided Perceptually Color Image Watermarking in Spatial Domain

Watermarking is an effective solution for copyright protection and forensics tracking via hiding information into the image signal. Recently, spatial-embedding watermarking methods from different transform domain have been proposed rapidly and effectively protect the copyright of the color image. Compared to the individual frequency domain method, it has both advantages of spatial domain and frequency domain. Here, we proposed a novel spatial-embedding watermarking method based on an attended just noticeable difference (JND) model with color complexity, to achieve a good tradeoff between robustness and perceptual quality. In particular, at the spatial embedding level, the direct current (DC) coefficients are selected for embedding and the perceptual JND model is used to guide the amount of pixel modification to improve visual quality. Different from the previous JND model, we proposed an attended JND model that considers color complexity, which is more consistent of the human visual perception model. Compared with the other JND models, the proposed JND model is more suitable for the watermarking framework. Experimental results show that the proposed watermarking scheme has better performance than other existing watermarking schemes. This greatly benefits the practical implementations of the spatial-embedding watermarking methods.

An adaptive color image watermarking using RDWT-SVD and artificial bee colony based quality metric strength factor optimization

Image watermarking has emerged as a useful method for solving security issues like authenticity, copyright protection and rightful ownership of digital data. Existing watermarking schemes use either a binary or grayscale image as a watermark. This paper proposes a new robust and adaptive watermarking scheme in which both the host and watermark are the color images of the same size and dimension. The security of the proposed watermarking scheme is enhanced by scrambling both color host and watermark images using Arnold chaotic map. The host image is decomposed by redundant discrete wavelet transform (RDWT) into four sub-bands of the same dimension, and then approximate sub-band undergoes singular value decomposition (SVD) to obtain the principal component (PC). The scrambled watermark is then directly inserted into a principal component of scrambled host image, using an artificial bee colony optimized adaptive multi-scaling factor, obtained by considering both the host and watermark image perceptual quality to overcome the tradeoff between imperceptibility and robustness of the watermarked image. The hybridization of RDWT-SVD provides an advantage of no shift-invariant to achieve higher embedding capacity in the host image and preserving the imperceptibility and robustness by exploiting SVD properties. To measure the imperceptibility and robustness of the proposed scheme, both qualitative and quantitative evaluation parameters like peak signal to noise ratio (PSNR), structural similarity index metric (SSIM) and normalized cross-correlation (NC) are used. Experiments are performed against several image processing attacks and the results are analyzed and compared with other related existing watermarking schemes which clearly depict the usefulness of the proposed scheme. At the same time, the proposed scheme overcomes the major security problem of false positive error (FPE) that mostly occurs in existing SVD based watermarking schemes.

A Novel Blind and Robust Video Watermarking Technique in Fast Motion Frames Based on SVD and MR-SVD

In this work, a novel and efficient digital video watermarking technique based on the Singular Value Decomposition performed in the Multiresolution Singular Value Decomposition domain is proposed. While most of the existing watermarking schemes embed the watermark in all the video frames, which is time-consuming and also affects the perceptibly of the video quality, the proposed method chooses only the fast motion frames in each shot to host the watermark. In doing so, the number of frames to be processed is consequently reduced and a better quality of the watermarked video is also ensured since the human visual system cannot notice the variations in fast moving regions. The watermark information is embedded by Quantization Index Modulation which is a blind watermarking algorithm. The experimental results demonstrate that the proposed method can achieve a very good transparency, while being robust against various kinds of attacks such as filtering, noising, compression, and frame collusion. Compared with several methods found in the literature, the proposed method gives a better robustness.

Software Watermarking: Progress and Challenges

In this paper, we present a brief survey on software watermarking methods that explains the prospects and constraints of most software watermarking algorithms. We introduce a detailed classification of the existing software watermarking techniques, the associated attack models, along with a review of the current software watermarking tools. The reader can find a clear research path on software watermarking from 1996 to till date. We also critically analyzed the strength and weakness of the existing watermarking schemes and explored the research gaps where the future researchers can concentrate.

A Hybrid Domain Color Image Watermarking Based on DWT–SVD

In recent years, digital image watermarking has been emerged as a promising solution for copyright protection and authentication problem of digital images. Among several existing watermarking schemes, very few have been designed for the authenticity and copyright protection problem of color images. To protect the copyright and validate the authenticity of color images, in this paper a hybrid robust image watermarking scheme based on discrete wavelet transform (DWT) and singular value decomposition is proposed and simulated. Initially, RGB color image is switched to YCbCr color space from which only Y achromatic component is considered for watermark data insertion. In the next step, Y component of the YCbCr color model is decomposed into non-overlapping blocks and subsequently DWT are applied to each block. In this work, non-overlapping decomposed gray watermark image blocks are embedded into singular values of DWT-transformed cover image blocks. Proposed technique’s simulation result established the robustness by extracting adequate watermark data from the restructured cover image after applying common geometric transformation attacks (like rotation, flip operation, cropping, scaling, shearing and deletion of lines or column operation), common enhancement technique attacks (like lowpass filtering, histogram equalization, sharpening, gamma correction, noise addition), JPEG compression attacks and combinational attacks (like combination of geometric transformation attacks and common enhancement technique attacks, combination of geometric transformation attacks and JPEG compression attacks, combination of common enhancement technique attacks and JPEG compression attacks, and combination of geometric transformation attacks and geometric transformation attacks).

A block-based RDWT-SVD image watermarking method using human visual system characteristics

With the rapid growth of internet technology, image watermarking method has become a popular copyright protection method for digital images. In this paper, we propose a watermarking method based on $$4\times 4$$ image blocks using redundant wavelet transform with singular value decomposition considering human visual system (HVS) characteristics expressed by entropy values. The blocks which have the lower HVS entropies are selected for embedding the watermark. The watermark is embedded by examining $$U_{2,1}$$ and $$U_{3,1}$$ components of the orthogonal matrix obtained from singular value decomposition of the redundant wavelet transformed image block where an optimal threshold value based on the trade-off between robustness and imperceptibility is used. In order to provide additional security, a binary watermark is scrambled by Arnold transform before the watermark is embedded into the host image. The proposed scheme is tested under various image processing, compression and geometrical attacks. The test results are compared to other watermarking schemes that use SVD techniques. The experimental results demonstrate that our method can achieve higher imperceptibility and robustness under different types of attacks compared to existing schemes. Our method provides high robustness especially under image processing attacks, JPEG2000 and JPEG XR attacks. It has been observed that the proposed method achieves better performance over the recent existing watermarking schemes.

Watermarking Scheme with CS Encryption for Security and Piracy of Digital Audio Signals

In this article, a watermarking scheme using Curvelet Transform with a combination of compressive sensing (CS) theory is proposed for the protection of a digital audio signal. The curvelet coefficients of the host audio signal are modified according to compressive sensing (CS) measurements of the watermarked data. The CS measurements of watermark data is generated using CS theory processes and sparse coefficients (wavelet coefficients of DCT coefficients). The proposed scheme can be employed for both audio and speech watermarking. The gray scale watermark image is inserted into the host digital audio signal when the proposed scheme is used for audio watermarking. The speech signal is inserted into the host digital audio signal when the proposed scheme is employed for speech watermarking. The experimental results show that proposed scheme performs better than the existing watermarking schemes in terms of perceptual transparency.

An improved color image watermarking algorithm based on QR decomposition

Most of the existing color image watermarking schemes use binary or grayscale image as watermark, and many of them belong to non-blind watermarking methods. In this paper, an improved color image w...

A robust and synthesized-unseen watermarking for the DRM of DIBR-based 3D video

Digital watermarking is an effective technique for the digital rights management (DRM) of depth-image-based rendering (DIBR)-based 3D videos, which is still a crucial issue in the 3D TV industry. However, the existing watermarking schemes for DIBR-based 3D videos either cause irreversible distortions in the synthesized 3D videos or are not robust against some of the typical video attacks. In this paper, a novel robust and synthesized-unseen watermarking scheme is proposed for the DRM of DIBR-based 3D videos. This scheme embeds watermarks into the pseudo-3d-discrete cosine transform (3D-DCT) domain of the depth maps based on quantization index modulation (QIM) and determines the embedding strength based on a novel self-adaptive mechanism. Our analysis and experiments demonstrate that our proposed scheme not only avoids distortion in the synthesized 3D videos but also is sufficiently robust against various attacks, with average normalized correlations (NCs) between original and extracted watermarks higher than 0.9819 and average bit error rates (BERs) lower than 0.0196. Therefore, the proposed scheme offers a better solution for the DRM of DIBR-based 3D videos than the current state-of-the-art watermarking schemes.

Secure self-recovery watermarking scheme for error concealment and tampering detection

In this paper, we present a method for protecting and restoring lost or tampered information in images or videos using secure watermarks. The proposed method consists of a combination of techniques that are able to detect image and video manipulations. Contrary to most existing watermarking schemes, the method can identify the exact position of the tampered region. Furthermore, the method is capable of restoring the manipulated information and retrieve the original content. This set of capabilities make it possible to use the proposed method in error concealment and digital tampering applications. The proposed method is employed as both an error concealment algorithm and a tampering detection algorithm. The proposed method is divided into two stages. At the encoder side, the method generates a binary version (watermark) of the original picture (image or video frame) using a halftoning technique. Then, a quantization index modulation technique is used to embed this watermark into the protected picture. At the decoder side, after the lost or tampered regions are identified, the original content is recovered by extracting the watermark corresponding to the affected areas. An inverse halftoning algorithm is used to convert the dithered version of the picture into a good-quality multi-level approximation of the original content. First, we test the method in error concealment applications, using a set of still images and H.264 videos. Then, we test the proposed method for tampering detection and content retrieval applications, again considering both images and videos. We compare the proposed method with several other several state-of-the-art algorithms. The results show that the proposed method is fast, robust, and accurate. Our results show that we can use a single approach to tackle both error concealment and tampering detection problems. The proposed method provides high levels of security, high detection accuracy, and recovery capability, and it is robust to several types of attacks.