Improved Spread Spectrum Schemes for Data Hiding and Their Security Analysis under Known Message Attack by Amir Valizadeh B.Sc., Shiraz University, 2004 M.Sc., Shiraz University, 2007 A THESIS SUBMITTED IN PARTIAL FULFILLMENT OF THE REQUIREMENTS FOR THE DEGREE OF DOCTOR OF PHILOSOPHY in The Faculty of Graduate Studies (Electrical and Computer Engineering) THE UNIVERSITY OF BRITISH COLUMBIA (Vancouver) April 2013 c© Amir Valizadeh 2013 Abstract The massive production and easy use of digital media pose new challenges on protecting intel- lectual property of digital media. Digital data hiding, which can be defined as the procedure of embedding information into an original media host signal, is a promising technique for digital in- tellectual property protection. A data hiding system generally contains two major components: the encoder for embedding the hidden information and the decoder for extracting the hidden information. This thesis focuses on spread spectrum (SS) watermarking schemes for data hiding. Water- marking techniques for data hiding can be broadly categorized into two classes: quantization index modulation (QIM) based and spread spectrum based approaches. Being robust against distortions and having simple decoder structure make SS attractive for data hiding. First, we investigate the decoding performance of the traditional SS schemes in the DCT and DFT domains. To obtain more practical decoders, we propose using suboptimal decoders which do not need side information. Secondly, since the interference effect of the host signal causes decoding performance degra- dation in the additive SS scheme, to remove this host effect efficiently, we propose the correlation- and-bit-aware concept for data hiding by exploiting the side information at the encoder side and propose two improved SS-based schemes, the correlation-aware SS (CASS) and the correlation- aware improved SS (CAISS) embedding schemes. Thirdly, we analyze the decoding error probability and capacity of the multiplicative spread spectrum (MSS) embedding scheme, and show that the content-based MSS still suffers from the interference effect of the host signal. We then propose an improved MSS-based scheme by efficiently removing the host interference effect. Lastly, we present the security analysis of the SS-based data hiding schemes under the Known Message Attack (KMA) scenario. Each data hiding scheme has some secret parameters and here the security of a data hiding scheme represents the difficulty of estimating the secret parameters. We employ the mutual information between the observations and the secret parameters as a se- curity measure. Also some practical estimators for estimating the signature code are introduced and their performances are reported to illustrate the security results. ii Preface The research outline of this thesis was designed jointly by the author and Professor Z. Jane Wang. The majority of the research, including literature survey, theoretical proofs, simulation, and results was conducted by the author, with suggestions from Professor Z. Jane Wang. The manuscripts were primarily drafted by the author and then finalized with regard to the helpful comments of Professor Z. Jane Wang. Two papers related to Chapter 2 have been published: • A. Valizadeh and Z. J. Wang, “Efficient blind decoders for additive spread spectrum em- bedding based data hiding,” EURASIP Journal on Advances in Signal Process., 2012(88), 2012. • A. Valizadeh and Z. J. Wang, “Minimum mean square error detector for multimessage spread spectrum embedding,” IEEE Int. Conf. Image Process. (ICIP), 121-124, 2009. Three papers related to Chapter 3 have been published: • A. Valizadeh and Z. J. Wang, “Correlation-and-bit-aware spread spectrum embedding for data hiding,” IEEE Trans. Inform. Forens. Sec., 6(2):267-282, 2011. • A. Valizadeh and Z. J. Wang, “Correlation-aware data hiding based on spread spectrum embedding,” IEEE Int. Conf. Image Process. (ICIP), 205-208, 2010. • A. Valizadeh and Z. J. Wang, “A host rejected spread spectrum embedding scheme for data hiding,” IEEE Int. Conf. Acoustic Speech Signal Process. (ICASSP), 1750-1753, 2010. Three papers related to Chapter 4 have been published: • A. Valizadeh and Z. J. Wang, “An Improved Multiplicative Spread Spectrum Embedding Scheme for Data Hiding,” IEEE Trans. Inform. Forens. Sec., 7(4):1127-1143, 2012. • A. Valizadeh and Z. J. Wang, “Improved multiplicative spread spectrum embedding for image data hiding,” IEEE Int. Conf. Image Process. (ICIP), 2749-2752, 2011. iii Preface • A. Valizadeh and Z. J. Wang, “A framework of multiplicative spread spectrum embedding for data hiding: performance, decoder and signature design,” IEEE Global Communica- tions Conf. (GLOBECOM), 1-6, 2009. iv Table of Contents Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ii Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii Table of Contents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v List of Figures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix List of Acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv Dedication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xvi 1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.1 Watermarking and Data Hiding . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.2 Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.3 Challenges of Data Hiding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.3.1 Embedding Schemes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 1.3.2 Decoding Schemes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 1.3.3 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 1.3.4 Robustness and Watermark Attacks . . . . . . . . . . . . . . . . . . . . . 9 1.4 Contributions of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 1.5 Organization of the Thesis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 2 Efficient Blind Decoders for Additive Spread Spectrum . . . . . . . . . . . . 16 2.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 2.2 SS Schemes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.2.1 Additive SS Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.2.2 ISS Embedding Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 2.3 Additive SS and ISS Schemes Applied to Images . . . . . . . . . . . . . . . . . . 18 v Table of Contents 2.4 Data Hiding in the DCT and the DFT Magnitude Domains . . . . . . . . . . . . 19 2.5 The ML Optimal Decoders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 2.5.1 ML Decoders in the DFT Domain . . . . . . . . . . . . . . . . . . . . . . 20 2.5.2 ML Decoders in the DCT Domain . . . . . . . . . . . . . . . . . . . . . . 23 2.6 Suboptimal Decoders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 2.6.1 Local Optimum Decoder . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 2.6.2 LMMSE Decoder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 2.7 Experimental Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 2.8 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 3 Correlation-and-Bit-Aware Spread Spectrum . . . . . . . . . . . . . . . . . . . 34 3.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 3.2 Conventional Correlator as Decoder . . . . . . . . . . . . . . . . . . . . . . . . . 35 3.3 Correlation-Aware SS Data Hiding Approach . . . . . . . . . . . . . . . . . . . . 36 3.4 Correlation-Aware Improved SS Data Hiding Approach . . . . . . . . . . . . . . 41 3.5 CASS and CAISS in the Presence of Additional Noise . . . . . . . . . . . . . . . 46 3.6 Simulation Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 3.6.1 Experimental Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51 3.7 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 4 Improved Multiplicative Spread Spectrum . . . . . . . . . . . . . . . . . . . . . 57 4.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 4.2 Conventional MSS Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 4.3 Analysis of the MSS Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 4.4 Improved Multiplicative Spread Spectrum . . . . . . . . . . . . . . . . . . . . . . 61 4.5 MSS and IMSS in the Presence of Additional Noise . . . . . . . . . . . . . . . . 67 4.6 Simulation Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 4.7 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70 5 Security Analysis of Spread Spectrum Schemes under KMA and KMCA . 75 5.1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 5.2 Spread Spectrum Embedding Schemes . . . . . . . . . . . . . . . . . . . . . . . . 76 5.2.1 Additive SS Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 5.2.2 ISS Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 5.2.3 CAISS Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77 5.2.4 Multiplicative Spread Spectrum . . . . . . . . . . . . . . . . . . . . . . . 78 5.3 Security Analysis of SS, ISS, and MSS Schemes under KMA . . . . . . . . . . . 78 vi Table of Contents 5.3.1 Additive SS Scheme under KMA . . . . . . . . . . . . . . . . . . . . . . . 79 5.3.2 ISS Scheme under KMA . . . . . . . . . . . . . . . . . . . . . . . . . . . 79 5.3.3 MSS Scheme under KMA . . . . . . . . . . . . . . . . . . . . . . . . . . . 80 5.4 Security Analysis of CASS and CAISS Schemes under KMCA and KMA . . . . 80 5.4.1 CASS and CAISS Schemes under KMCA . . . . . . . . . . . . . . . . . . 81 5.4.2 CAISS and CASS Schemes under KMA . . . . . . . . . . . . . . . . . . . 82 5.5 Practical Estimators of the Signature Code for SS Schemes . . . . . . . . . . . . 83 5.6 Results and Discussions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 5.6.1 On the Theoretical Security Results . . . . . . . . . . . . . . . . . . . . . 86 5.6.2 On the Practical Estimators . . . . . . . . . . . . . . . . . . . . . . . . . 88 5.6.3 Important Observations . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 5.7 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 6 Thesis Summary and Future Research Topics . . . . . . . . . . . . . . . . . . . 94 6.1 Summary of Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94 6.2 Future Work . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 6.2.1 Correlation-and-Bit-Aware Concept for IMSS Scheme . . . . . . . . . . . 95 6.2.2 New Security Measure Exploiting the Decoder Structure . . . . . . . . . 96 6.2.3 Data Hiding in the Encrypted Domain . . . . . . . . . . . . . . . . . . . 96 Bibliography . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98 Appendices A Corresponding Proofs for Chapter 2 . . . . . . . . . . . . . . . . . . . . . . . . . 111 A.1 Derivations for SS Analysis in the DFT Domain . . . . . . . . . . . . . . . . . . 111 A.2 Derivations for ISS Analysis in the DFT Domain . . . . . . . . . . . . . . . . . . 112 A.3 Derivations for ISS Analysis in the DCT Domain . . . . . . . . . . . . . . . . . . 112 A.4 Derivations for LOD Analysis in the DCT Domain . . . . . . . . . . . . . . . . . 113 B Corresponding Proofs for Chapter 3 . . . . . . . . . . . . . . . . . . . . . . . . . 115 B.1 Proof of Proposition 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 B.2 Derivation of Optimal Decoder for CAISS Scheme . . . . . . . . . . . . . . . . . 115 B.3 Proof of Proposition 2 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117 B.4 Proof of Proposition 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118 B.5 Proof of Proposition 4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 B.6 Derivation of Optimal Decoder for CAISS Scheme in the Presence of Noise . . . 119 vii Table of Contents B.7 Derivation of Equation (3.52) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120 B.8 Derivation of Equation (3.56) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 121 C Corresponding Proofs for Chapter 4 . . . . . . . . . . . . . . . . . . . . . . . . . 123 C.1 Derivation of Error Probability of the MSS Embedding Scheme . . . . . . . . . . 123 C.2 Derivation of Capacity of the MSS Embedding Scheme . . . . . . . . . . . . . . 124 C.3 Derivation of Equation (4.24) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 C.4 Derivation of Equation (4.28) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 C.5 Derivation of Error Probability of the IMSS Embedding Scheme . . . . . . . . . 127 C.6 Derivation of Error Probability of the MSS Scheme in the Presence of Noise . . 129 D Corresponding Proofs for Chapter 5 . . . . . . . . . . . . . . . . . . . . . . . . . 130 D.1 Derivation of Upper Bound of Information Leakage for ISS Scheme . . . . . . . 130 D.2 Derivation of Upper Bound of Information Leakage for CAISS Scheme Under KMCA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132 D.3 Derivation of Upper Bound of Information Leakage for CAISS Scheme Under KMA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135 D.4 Derivation of Inequality (5.17) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 D.5 Derivation of Upper Bound of Information Leakage for MSS Scheme Under KMA 137 D.6 Derivation of Estimator (5.20) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 viii List of Figures 1.1 A data hiding system includes both the encoder and the decoder. . . . . . . . . . 2 1.2 An illustration of spread spectrum-based embedding schemes. . . . . . . . . . . . 5 1.3 An illustration of quantization index modulation-based embedding schemes. . . . 6 1.4 Dither modulation with uniform step sizes. . . . . . . . . . . . . . . . . . . . . . 7 2.1 The average bit error rates versus DWR for the ML decoders, where 4,096 bits of information are embedded in the DCT domain of each of the testing images employing the SS and ISS embedding schemes. . . . . . . . . . . . . . . . . . . . 30 2.2 The average bit error rate versus DWR for the ML decoders, where 4,096 bits of information are embedded in the DFT magnitude domain of each of the testing images employing the modified SS and ISS embedding schemes. . . . . . . . . . . 30 2.3 The average bit error rates versus DWR for the ML, LOD, and LMMSE decoders, where 4,096 bits of information are embedded in the DCT domain of each testing image employing the SS and ISS embedding schemes. . . . . . . . . . . . . . . . . 31 2.4 The empirical and theoretical average bit error rate versus DWR for the LMMSE and LOD decoders, where 4,096 bits of information are embedded in the DCT domain of each testing image employing the SS and ISS embedding schemes. . . 31 2.5 The average bit error rate versus DWR for the ML, LOD, and LMMSE decoders, where 4,096 bits of information are embedded in the magnitude of the DFT do- main of each testing image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 2.6 The average bit error rate versus WNR for the ML, LOD, and LMMSE decoders, where 4,096 bits of information are embedded in the DCT domain of each testing image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 2.7 The average bit error rate versus WNR for the ML and LMMSE decoders, where 4,096 bits of information are embedded in the magnitude of the DFT domain of each testing image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 3.1 Illustration of the PDFs in (3.4) and (3.3) of the test statistic z in (3.2) for the SS scheme. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 ix List of Figures 3.2 Illustration of the PDFs in (3.7)-(3.10) of the test statistic z in (3.6) for the proposed CASS scheme. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 3.3 Illustration of the PDFs in (3.32)-(3.35) of the test statistic z in (3.31) for the proposed CAISS scheme. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 3.4 With additional noise: Illustration of the PDFs in (3.52), (3.55), (3.53), and (3.54) of the test statistic z in (3.51) for the CAISS scheme. . . . . . . . . . . . . . . . . 53 3.5 With additional noise: Illustration of the PDFs in (3.52)-(3.55) of the test statistic z in (3.51) when λh = 0 for the CASS scheme. . . . . . . . . . . . . . . . . . . . . 53 3.6 The theoretical and experimental error probabilities versus DWR for the CASS scheme with different A21. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 3.7 The theoretical and experimental error probabilities versus DWR for the CAISS scheme with different A21. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54 3.8 The logarithm of EPIF versus DWR curves for evaluating of decoding performance improvements of the proposed CAISS over the ISS scheme. . . . . . . . . . . . . 54 3.9 The IRIF versus DWR curves to illustrate the improvement of the proposed CAISS over ISS. Different A21 values are illustrated. . . . . . . . . . . . . . . . . . 54 3.10 The theoretical and experimental results of the PDF expressed in (3.52). . . . . . 54 3.11 The theoretical and experimental error probabilities versus DWR for the CASS scheme with different WNR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 3.12 The theoretical and experimental error probabilities versus DWR for the CAISS scheme with different WNR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55 3.13 The EPIF versus DWR curves to demonstrate the improvement of the proposed CAISS over SS. Different WNR values are illustrated. . . . . . . . . . . . . . . . 55 3.14 The EPIF versus DWR curves to demonstrate the improvement of the proposed CAISS over ISS. Different WNR values are illustrated. . . . . . . . . . . . . . . . 55 3.15 The EPIF versus WNR curves to demonstrate the improvement of the proposed CAISS over ISS. Different DWR values are illustrated. . . . . . . . . . . . . . . . 56 3.16 The logarithm of EPIF versus N curves to demonstrate the improvement of the proposed CAISS over ISS where DWR = 25 dB. Different WNR values are illus- trated. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 4.1 The experimental and theoretical PDFs for the random variable g defined in (4.21), where N = 60 and DWR = 21 dB. . . . . . . . . . . . . . . . . . . . . . . 71 4.2 The PDFs of the first coefficient of the watermarked signal for the proposed IMSS scheme (4.14), where s1b = −1, N = 60 and DWR = 21 dB. . . . . . . . . . . . . 71 4.3 The experimental PDF of the test statistic z for the MSS scheme when a binary message is sent, where N = 100 and DWR = 23 dB. . . . . . . . . . . . . . . . . 71 x List of Figures 4.4 The experimental PDF of the test statistic z for the IMSS scheme when a binary message is sent, where N = 100, DWR = 23 dB, and d = 2. . . . . . . . . . . . . 71 4.5 The experimental and theoretical (4.34) distributions for the proposed IMSS scheme, where N = 60, DWR = 21 dB and b = +1. . . . . . . . . . . . . . . . . . 72 4.6 The experimental and theoretical (C.4) distributions for the MSS scheme, where N = 60, DWR = 0 dB and b = +1. . . . . . . . . . . . . . . . . . . . . . . . . . . 72 4.7 The theoretical (4.11) and experimental error probabilities for the MSS scheme where N = 60. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72 4.8 The required DWRs for achieving error free decodings in IMSS when different numbers of coefficients are used for embedding. . . . . . . . . . . . . . . . . . . . 72 4.9 The 10log(IIR) versus DWR curves for the MSS and IMSS schemes, where three different values of d are considered and N = 100. . . . . . . . . . . . . . . . . . . 73 4.10 The BER versus DWR curves for the MSS and IMSS schemes when N = 100. d = 1, 2, 3 are considered in IMSS. . . . . . . . . . . . . . . . . . . . . . . . . . . 73 4.11 The BER versus DWR curves for the MSS scheme and the proposed IMSS scheme, where WNR = 5 dB and N = 60. . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 4.12 The experimental and theoretical BER versus WNR curves for the IMSS scheme, where DWR = 23 dB, N = 60, and d = 2. . . . . . . . . . . . . . . . . . . . . . . 73 4.13 The average BER versus PSNR curves for the MSS and IMSS schemes when applied on real images. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 4.14 The average BER versus WNR curves for the MSS and IMSS schemes when applied on real images. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 4.15 The experimental, theoretical (4.35), and empirical BER versus DWR curves for the IMSS scheme where d = 2. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 5.1 Upper bounds of information leakage per dimension versus DWR for SS and ISS schemes under the KMA scenario, when N0 = 100. . . . . . . . . . . . . . . . . . 90 5.2 Upper bounds of information leakage per dimension versus N0 for SS and ISS schemes under the KMA scenario, when N = 100. . . . . . . . . . . . . . . . . . 90 5.3 Upper bounds of information leakage per dimension versus N0 for the ISS and CAISS schemes under the KMA scenario, when DWR = 25 dB and N = 100. . . 91 5.4 Upper bounds of information leakage per dimension versus N0 for CASS and CAISS schemes under KMA and KMCA scenarios when DWR = 25 dB, N = 100, and α = 0.8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 5.5 Upper bounds of information leakage per dimension versus N0 plots for the MSS scheme under the KMA scenario, when N = 100. . . . . . . . . . . . . . . . . . . 91 xi List of Figures 5.6 Upper bounds of information leakage per dimension versus N0 for the SS, ISS, and MSS, CASS, and CAISS schemes under the KMA scenario, when DWR = 25 dB, N = 100, and α = 0.8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 5.7 Upper bounds of information leakage per dimension versus N0 for the SS, ISS, CASS, and CAISS schemes under the KMA scenario, when DWR = 21 dB, N = 100, and α = 0.8. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 5.8 The average normalized correlation between the estimated and actual signature codes versus N0 plots for the SS, ISS, MSS, CASS, and CAISS schemes, when DWR = 25 dB, N = 100, and α = 0.8 under KMA. . . . . . . . . . . . . . . . . . 92 5.9 The average normalized correlation between the estimated and actual signature codes versus N0 plots for the SS, ISS, MSS, CASS, and CAISS schemes, when DWR = 21 dB, N = 100, and α = 0.8 under KMA. . . . . . . . . . . . . . . . . . 92 5.10 The average normalized correlation between the estimated and actual signature codes versus N0 plots for the CASS and CAISS schemes, when DWR = 25 dB, N = 100, and α = 0.8 under KMA and KMCA. . . . . . . . . . . . . . . . . . . . 92 5.11 The average normalized correlation between the estimated and actual signature codes versus N0 plots for the SS, ISS, CASS, and CAISS schemes, when DWR = 25 dB, N = 100 under KMCA. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 xii List of Acronyms CASS Correlation-Aware Spread Spectrum CAISS Correlation-Aware Improved Spread Spectrum CDF Cumulative Distribution Function DCT Discrete Cosine Transform DFT Discrete Fourier Transform DM Dither Modulation DWR Document to Watermark Ratio EPIF Error Probability Improvement Factor GGD Generalized Gaussian Distribution IMSS Improved Multiplicative Spread Spectrum IRIF Interference Robustness Improvement Factor ISS Improved Spread Spectrum KMA Known Message Attack KMCA Known Message and Correlation Attack LMMSE Linear Minimum Mean Square Error LOD Local Optimum Decoder ML Maximum Likelihood MSS Multiplicative Spread Spectrum PDF Probability Density Function PIF Payload Improvement Factor xiii List of Acronyms QIM Quantization Index Modulation SS Spread Spectrum STDM Spread Transform Dither Modulation WNR Watermark to Noise Ratio WOA Watermark Only Attack xiv Acknowledgments First and foremost, I would like to express my deep sincere gratitude to my advisor, Professor Z. Jane Wang, for her support and invaluable advice during my Ph.D. study. This thesis would never be possible without her guidance and support over the years. As a distinguished professor, Jane taught me how to be an independent researcher. The knowledge and attitude I learned from her benefit me forever. I would like also to express thanks to my wonderful collaborators and fellow graduate students at UBC. xv Dedication To my lovely wife, Mahsa, who encouraged me over the years of my study, and To my family, who supported me spiritually from miles away. xvi Chapter 1 Introduction The growing use of Internet has enabled the users to easily access, share, manipulate, and distribute the digital media data, and digital media has profoundly changed our daily life during the past decade. This proliferation of digital media data creates a technological revolution to the entertainment and media industries, brings new experience to users, and introduces new Internet concepts. However, the massive production and use of digital media also pose new challenges to the copyright industries and raise critical issues of protecting intellectual property of digital media, since current media sharing makes unauthorized copying and illegal distribution of the digital media much easier. One way of protecting the digital media data is cryptography where the encrypted content is not meaningful to the third party who does not have the authorized access right [93, 95, 118]. Yet, once the decryption key is known to the intruder or the content is decrypted, the content could be duplicated and distributed illegally. One promising way of providing post-delivery content protection is digital watermarking [27, 31, 34, 45, 72, 102, 110, 124]. In the digital watermarking technology, a specific signal is embedded into the host media content without significantly degrading the perceptual quality of the original media data, and the embedded information can later be extracted for desired purposes. Since this embedded watermark signal is usually not noticeable, digital watermarking could provide post-delivery protection for the digital content. Digital watermarking has many applications, and one important application is data hiding, where the embedded hidden message should be decoded accurately at the receiver side and such hidden information can be used to serve covert communications, help verifying the authenticity of the digital media data, identifying the original source, and facilitating the investigation on illegal usages and copyright violations. Below in this chapter we will provide a brief overview of data hiding using digital watermarking. In the literature, people sometimes do not distinguish the terminologies of digital watermarking and digital data hiding. The rest of this chapter is organized as follows. In Section 1.1, we briefly review the data hiding concept. Then, in Section 1.2, some applications of digital data hiding are mentioned. Section 1.3 introduces the main challenges for designing a data hiding scheme. The contributions made in this thesis are summarized in Section 1.4 and the thesis organization is provided in Section 1.5. 1 1.1. Watermarking and Data Hiding Figure 1.1: A data hiding system includes both the encoder and the decoder. 1.1 Watermarking and Data Hiding Digital data hiding using watermarking can be defined as the procedure of embedding hidden information into a certain media signal which acts as a host signal. Generally, a data hiding system generally contains two basic modules (see Figure 1.1). The first module is the encoder which is used by the system to embed the desired hidden information. The structure of the encoder depends on the specific embedding (watermarking) scheme used for hiding the informa- tion. The second module of a data hiding system is the decoder which is used to extract the hidden information at receiver side. The structure of the decoder depends on the embedding scheme which the encoder uses for information hiding. Even though data hiding was invented primarily for ownership proof, it started finding other applications because of the wide use of Internet and digital media. Digital data hiding techniques can be applied to different types of digital media contents such as image [40, 43, 58, 63, 77, 87, 104, 122, 133, 158], audio [16, 19, 48, 64, 74, 76, 90, 144, 145, 150], and video [33, 67, 68, 75, 88, 100, 101, 115, 128, 149]. Some embedding techniques are particularly developed for a specific type of media, such as image [3] or audio [16], and other ones can be more general [28]. Depending on the application, different categories of watermarking schemes could be ap- plied. If the integrity of the content is rather important, in order to detect any tampering of the content, fragile watermarking is preferred [23, 78, 97, 154, 157]. This kind of data hiding is sensitive to any manipulation of the data (e.g., if the content gets tampered, the hidden information can be used to detect the tampered content), and thus it could help for integrity verification. In fragile watermarking, content manipulation leads to altered watermark. For instance, it could end up with the changed watermark even under standard operations such as compression. Therefore, there is a need for watermarking schemes where the watermark could withstand certain content changes to some extent. This category of data hiding schemes is called semi-fragile watermarking where the watermark does not change under some standard opera- tions [50, 86, 89, 132, 161]. Another category is robust watermarking schemes which should be 2 1.1. Watermarking and Data Hiding robust against different distortions and attacks [11, 32, 66, 130, 155]. This robust watermarking category is for applications such as copyright protection where the watermark should survive certain distortions and attacks. Watermarking schemes can also be categorized into visible and invisible schemes. Invisible watermarking is employed in most applications where the embedding schemes use perceptual masking for imperceptible watermarking [8, 71, 83, 119, 156]. In some applications, for indicating ownership of the content and enhancing the copyright protection, a visible or audible watermark is added into the original contents [51, 82, 125, 152, 153]. Watermarking schemes can also be categorized into blind and non-blind cases, depending on whether the decoder has access to the original content or not. For extracting the hidden information at the receiver side, if the decoder does not have access to the original host content, the situation is referred as blind watermarking or blind data hiding, and otherwise it is called non-blind watermarking, non-blind data hiding, or non-blind decoding [2, 59, 147, 151]. Since in practice, the original content is generally not provided at the decoder side, the blind schemes are more commonly applied. Depending on different purposes, there are two main types of watermarking schemes: in one type, the embedded watermark is used to communicate a specific hidden message (e.g., binary identification numbers used for image tracking and for video distribution, or a secret hidden message represented by binary sequences) which must be extracted with sufficient decoding ac- curacy. In the other type of systems, the goal is only to verify whether a specific embedded watermark (e.g., representing copyright information) is presented or not, and the embedded wa- termark normally does not communicate a secret message that needs to be accurately decoded. Therefore current researches on watermark extraction can be categorized into two broad topics: watermark decoding [9, 15] for the case of decoding the hidden message and watermark detection [22, 54, 96, 159, 160] for the case of detecting the presence of a specific watermark. In watermark decoding, the embedded hidden message should be decoded accurately at the receiver side and therefore the bit error rate is usually used as the performance criterion to measure the accuracy of the decoder in extracting the hidden message. In watermark detection (e.g., with the appli- cations of ownership proof or broadcast monitoring), the goal is to determine whether a specific watermark has been inserted into the original media content or not, and the detection criteria are mainly based on Neyman-Pearson Theorem (i.e., maximizing the probability of detection for a given probability of false alarm). It should be mentioned that the above two problems are formulated differently and different detection (decoding) approaches are desired to serve different performance criteria. References [9, 22, 54, 121, 159, 160] explicitly have pointed out this distinction in their works. In this thesis, we focus on SS-based data hiding since we are particularly interested in communicating hidden message and thus our work belongs to the watermark decoding category. 3 1.2. Applications Since in practice the original host image is generally not available at the decoder side, we focus on blind watermark decoding. 1.2 Applications Data hiding using watermarking was mainly invented to protect intellectual property rights for digital contents. It can perform copyright detection by retrieving the hidden information embedded in the host content [13, 79, 84, 85]. Fingerprinting for traitor tracing is another application of data hiding. In this scenario, copyright owners distribute a uniquely watermarked copy to each client and then monitor the distribution channel. Each pirated copy is then analyzed for identifying one or more fingerprints which lead to the origin of piracy. Meta data annotation could be achieved using data hiding where useful meta data is added to the original signal. For instance in audio signals, the embedded data could describe the content by using the song title or the name of the artist and this annotation makes indexing of the database easier [5, 46]. Covert communication is another data hiding application aiming to hide secret messages into the cover signal. The hidden message should not be transmitted without arising the suspicion of the existence of secret communications [36, 52, 55, 120, 146]. Such covert communication has a long history dated back to Herodotus time when he sent a message from the prison covertly. Digital media products are regularly transmitted through communication channels in order to be broadcasted through TV and radio stations. And therefore broadcast monitoring is important. One way of achieving broadcast monitoring is using data hiding where only certain contents, indicated by their watermarks, are allowed for broadcasting [80, 81]. In order to avoid counterfeiting and forgery, data hiding technique could serve as an authentication tool. In this case, the extracted hidden information are compared with the original information in order to determine whether they are the same [20, 30, 35, 53, 131]. 1.3 Challenges of Data Hiding Each digital data hiding system should fulfill some requirements: the embedded watermark should be imperceptible, meaning that the perceptual quality of the original content should not be degraded due to watermarking. For some applications (e.g., the embedded message should be extracted accurately even after unauthorized distortions), robustness is important. Payload is another concern which arises in the applications where the number of embedded bits should be high. Security is also a critical concern in data hiding, which implies that unauthorized party should not be able to reveal the hidden message. All the above challenges are related to the encoder and decoder structures, and they rep- 4 1.3. Challenges of Data Hiding Figure 1.2: An illustration of spread spectrum-based embedding schemes. resent conflicting requirements. More precisely, for each application, the challenges should be considered first and then based on the requirements, the appropriate encoder and decoder should be chosen or devised to achieve a good trade-off. The encoder embeds the secret message based on the embedding scheme and the decoder extracts the embedded message based on the embed- ding scheme. It is clear that the embedding scheme and the decoder play important roles in a data hiding scheme and in addressing the corresponding challenges. It is worth mentioning that, despite the popularity of digital data hiding (watermarking) techniques, effective digital right protection is extremely challenging and currently there is no commonly accepted technical solution which is practically unbeatable when deployed to practical user settings. At any sense, data hiding should only be considered as one important component of an overall protection system. Below, we will discuss the two major modules of a data hiding system, the embedding scheme and the decoding scheme. Due to the importance of the topic of data hiding security, we will also discuss the security issue in this section. 1.3.1 Embedding Schemes Primary data hiding techniques used heuristic algorithms based on simple image processing manipulations. Passing time, more sophisticated watermarking algorithms were proposed and used in different types of media data such as audio and video. Although many embedding schemes have been proposed, they could be mainly categorized into two groups: spread spectrum and quantization based methods. Probably the first milestone in data hiding using watermarking was accomplished by Cox et al. [28] where they proposed Spread Spectrum (SS) scheme. As a matter of fact, in [28] two versions of SS were proposed. The first one is additive SS in which the watermark is spread over the host signal uniformly. The second one is the Multiplicative Spread Spectrum (MSS) which spreads the watermark according to the host content. Figure 1.2 depicts the SS embedding scheme where the dashed line shows that it is possible to add the watermark depending (MSS 5 1.3. Challenges of Data Hiding Figure 1.3: An illustration of quantization index modulation-based embedding schemes. scheme) or without depending (additive SS scheme) on the content. In both schemes, in order to increase the security, a secret signature code for spreading the hidden message bits is used. SS schemes generally have great robustness. Hidden messages embedded under these schemes could robustly resist against lossy compressions and many other types of distortions and attacks. In spite of their great robustness against standard signal processing operations and manipulations, the main drawback of SS-based schemes is the host interference effect. Since in the SS schemes the host signal itself acts like a noise source at the decoder side and because of the fact that the watermark has relatively small power, the host signal imposes a big interference effect which causes a serious degradation of the decoding performance. To reduce the interference effect of the host signal, Malvar and Florencio proposed the Improved Spread Spectrum (ISS) scheme [92] by exploiting the side information at the encoder side. Their result brought the hope of having a robust embedding scheme with good decoding performance. Another important milestone in embedding schemes was presented by Chen and Wornell [18] where they introduced a new class of embedding scheme called Quantization Index Modulation (QIM). In this scheme, each message in its alphabetical set has a corresponding quantization point. Figure 1.3 shows that as opposed to the SS scheme, the watermark is not added to the host signal directly. Instead, for embedding a message bit, the host signal is quantized to the nearest point in the corresponding quantizations points. They improved the QIM idea by exploiting Costa’s approach [25] and named the new scheme as QIM with distortion compensation (DC- QIM) [18]. In order to implement the QIM computationally efficiently, a practical quantizer ensemble called Dither Modulation (DM) which uses a dither vector was proposed by them. Figure 1.4 depicts the quantization points of the DM embedding scheme (with uniform step sizes). Spread Transform Dither Modulation (STDM), another variation of the original QIM, which blends the spread spectrum and quantization idea was proposed in their work as well [18]. The QIM approach could improve the decoding performance greatly by removing the interference effect of the host signal due to its quantization embedding nature. However, it suffers from sensitivity to scaling and lacking of content based embedding. Its sensitivity to 6 1.3. Challenges of Data Hiding Figure 1.4: Dither modulation with uniform step sizes. scaling causes drastically degradation of its performance and lack of content based embedding makes it susceptible to perceptible watermark. Even though some efforts have been made to tackle these deficiencies [1, 42, 62, 109], more efforts are still needed for QIM to achieve a scheme which is robust against all of these drawbacks. 1.3.2 Decoding Schemes Once the embedding scheme is known, the encoder embeds the message bits into the host signal accordingly and then the watermarked signal is distributed. Depending on the application, different embedding schemes can be employed, as it was explained earlier. The embedded message bits should be accurately extracted at the decoder side. We assume that the original host signal is not available at the decoder side and the decoding is done blindly. Decoder structure depends on the embedding scheme and deriving the optimal decoder could lead to better decoding performance. Here decoding performance could be assessed by the ratio of incorrect extracted bits to the total number of embedded bits, and a lower value means a lower error probability and thus indicates a better decoding performance. In SS-based schemes, the host signal acts like noise and causes degradation in decoding performance. For minimizing the error probability, the Maximum Likelihood (ML) criterion can be exploited. It maximizes the probability distribution function of the received signal given the hidden bits in order to minimize the error. Therefore, using SS scheme in different host signals which have different distributions results different optimal decoders. The traditional decoder proposed by Cox et al. [28] is the correlator which extracts the hidden bit using the correlation between the received signal and the signature code. This correlator decoder is optimal only when the host signal follows an independent and identical Gaussian distribution. One important point that should be taken into account is that sometimes the ML decoder ends up with a structure 7 1.3. Challenges of Data Hiding requiring additional side information such as the watermark amplitude. In practice, such side information might not be available at the decoder side and it motivates us to derive suboptimal decoders which do not require such side information. In QIM-based schemes, the information bit is embedded by quantization of the host signal regarding with the message bit. Therefore, the characteristics of quantization embedding could be exploited for decoding. The DM scheme uses dithered quantizers which have the property that the quantization cells of any quantizer in the ensemble are shifted version of the quantization cells of any other quantizer in the ensemble. Therefore the hidden bit could be extracted by finding the minimum distance of the received signal to quantization cells. Finding the minimum distance between the received signal and the codebook words is a general way for decoding in QIM schemes. This decoder structure can help explain why the QIM schemes can achieve perfect decoding performances in the absence of any additional noise and why their performances degrade dramatically with scaling of the received signals. 1.3.3 Security Watermarking security analysis has attracted more research attention recently [7, 38]. Even though the concept of watermark security is still in its early stage, it is generally accepted that if the secret parameters of an embedding scheme of a known data hiding technique could be estimated, then the scheme is not secure. In other words, a data hiding scheme is considered secure if it could conceal its secret parameters. An attacker can gather observations from different host signals which are watermarked with the same secret parameters in order to obtain information about the secret parameters. Therefore, the security of an embedding scheme is related to the difficulty in estimating the secret parameters using available observations. The first major attempt to provide a theoretical framework for assessing and classification of watermarking security was proposed by Cayre et al. [17] which led to related works [24] and [10]. They exploited the principles of the cryptanalysis in order to establish the concept of watermarking security [17]. Based on Kerckhoff’s principle [61] which was primarily used in cryptanalysis, it is assumed that except the secret key (secret parameters), all other details of the data hiding scheme are known publicly. Therefore, the security of a watermarking scheme relies on the secret key, and the adversary is only interested in disclosing the secret key. It is also assumed that the owner of the secret key uses the same secret key repeatedly in watermarking and the attacker has access to the observations (watermarked contents). In order to define security attacks, some attack scenarios were presented in [17] by following the Diffie and Hellman methodology [29]. Security attack aims to obtain information about the secret key of the embedding scheme. The first attack is the KnownMessage Attack (KMA) where it is assumed that the attacker has access to both the observations and the embedded messages. 8 1.3. Challenges of Data Hiding The second attack is Watermark Only Attack (WOA) where it is assumed that the attacker only has access to the watermarked signals. Another one is Known Original Attack (KOA) where it is assumed that the adversary has access to both the watermarked signals and the original content. KMA and WOA are more dominant attacks because attacker rarely has access to the original content (KOA case). Cayre et al. [17] proposed using of Fisher information [26] and statistical model of the embedding scheme for measuring the security quantitatively [17]. This security measurement has a drawback related to computation of the Fisher information which needs existence and differentiability of the log-likelihood function of the observations given the secret parameters. The second main work in watermarking security was done in [108] where a security evalu- ation framework based on Shannon’s [123] mutual information was introduced. Similar to the cryptanalysis, they quantified the information about the secret key which is leaked out by the observations by Shannon’s mutual information. In QIM schemes, the secret key is cast to dither vector where is used in DM to randomize the embedding and decoding functions. The security of the QIM scheme under the KMA was investigated in [108]. In SS schemes, the secret key is cast to signature code used for embedding message. Assuming Gaussian distribution for the signature code, the security analysis of the additive SS under the KMA scenario was presented in [107]. Since KMA is a more powerful attack compared with WOA, we will investigate the security of the proposed SS schemes under this attack by following the mutual information framework. 1.3.4 Robustness and Watermark Attacks One important issue in digital watermarking that needs to be addressed is proper evaluation and watermarking benchmarking. In order to have fair performance evaluation, we need to ensure that different watermarking schemes are investigated under comparable conditions, and benchmarks are needed (e.g., Stirmark package is probably the most popular benchmark and software for testing watermark robustness). An important aspect of any digital watermarking scheme is its robustness against attacks. In digital watermarking, an attack is any processing that may impair watermark detection or watermark decoding. Since theoretical analysis of a watermarking scheme’s performance against different attacks can be rather complicated, experimental testing results performed on some benchmark are generally reported, where the benchmark includes possible attacks into a common framework. Since different types of digital media content (e.g., image and audio) require investigating different attacks, here we briefly describe a list of state-of-the-art attacks for a certain type of digital media content. The attacks could be malicious where the attacker intentionally tries to 9 1.3. Challenges of Data Hiding remove the watermark or could be the results of standard signal processing operations applied on the digital media content (e.g., compression and signal enhancement). A list of possible attacks for data hiding in the image is as follows [28, 70, 111]: • Low-pass filtering: This attack occurs when the image undergoes filters such as median and Gaussian filtering. • Sharpening filtering: This filter sharpens the image, especially the edges. • Histogram equalization: For compensating the illumination condition, this image process- ing operation is employed. • Gamma correction: It is frequently used for enhancing the images and adapting them for display. • Additive noise: It is common that the received image can be contaminated by noise (e.g., as the result of transmission). • JPEG compression: In practice, it is quite often that the image is compressed using JPEG compression. • Cropping: Images could be cropped. • Rotation: Images might be rotated by a small angle, and this rotation attack usually happens together with cropping. • Scaling: It usually occurs when an image is scanned. • Generalized geometrical transformation: It is a combination of scaling, rotation, and shear- ing. • StirMark: It constitutes random geometric distortions provided by a software [111]. For instance, StirMark simulates printing and rescanning of an image. • Geometric distortion with JPEG: It happens when the image is geometrically distorted and compressed by JPEG compression. • Printing/scanning: It introduces geometric distortion as well as noise addition. • Synchronization: It happens when the location of the embedded information is lost. Regarding applicable attacks on audio watermarking, the following list is presented [16, 19, 126]: • Re-sampling: It consists of subsequent down-sampling and up-sampling, respectively. 10 1.3. Challenges of Data Hiding • Quantization: It occurs when the received signal is quantized according to a different quantization cell. • Low-pass filtering: It happens when an audio signal passes through a low pass filter such as Butterworth with a determined cut-off frequency. • Echo: It happens when an imperceptible delayed version of audio signal is added to the original signal. • Time scaling: It usually happens when the time is stretched or shorten. • Pitch scaling: It could happen when the pitch is slightly changed. • Audio compression: It is quite common to compress the audio signal using MP3, MPEG2, and AAC, etc. • Additive noise: It is similar to the image case (e. g., it could be the result of transmission). We would like to mention two important notes here. The first one is that, depending on its specific application, each embedding scheme should be tested accordingly. For example, if digital compression is the sole attack for one specific application, testing robustness of a watermarking scheme against other attacks may not be necessary. The second point is that different embedding schemes show different robustness against different attacks. For instance, QIM can be vulnerable against quantization as mentioned earlier. Cox et al. [28] tested their proposed SS scheme under different attacks. They report the robustness of SS scheme against signal processing operations such as lossy compression, filtering, digital-analog and analog-digital conversion, re-quantization, and common geometric transfor- mations such as cropping, scaling, translation, and rotation. In [6], SS scheme was applied to the DCT domain. Experimental results show that the SS watermarking is robust to several attacks including JPEG compression, low pass and median filtering, Gaussian noise, and resizing. In [116], the SS scheme was applied to the DFT domain. Results presented in the paper show the robustness of the SS watermarking against geometric attacks such as translation, cropping, and resizing. Robust image watermarking using the SS scheme and in the wavelet domain was studied in [148]. It shows the robustness of watermark against some signal processing opera- tions such as additive noise, low pass filter, re-quantization, image enhancement, blurring, and JPEG 2000 compression. Another SS based embedding approach in the wavelet domain was proposed in [143]. Experimental results show that the watermark can be efficiently retrieved after various attacks including additive noise, JPEG compression, blurring, sharpening, and median filtering. Another study [127] shows that the embedded message using SS is recoverable after some attacks such as Gaussian noise, sinusoidal pattern, and JPEG compression. It is 11 1.4. Contributions of the Thesis noted that the SS watermark can survive StirMark and the embedded message can be accu- rately recovered. Another study [39] conducted experiments and results show the robustness of the SS watermarking against attacks such as JPEG compression, filtering, and cropping. The robustness of SS against attacks and distortions has been mentioned in other studies as well. For instance, in [112], the robustness of SS against scaling, JPEG compression, cropping, and printing/scanning was stated. In addition, in [111], it was stated that SS is very robust against amplitude distortion and noise addition. In spite of the SS robustness against standard signal processing operations and manipu- lations, SS based schemes are not so robust against synchronization attack. To address this concern, depending on the type of media context, some solutions have been suggested to deal with synchronization attack. In audio watermarking, pilot signals could be embedded into the host signal which their relative distances to the watermark signal are known. Then, at the re- ceiver side, the pilot signals are extracted and used for synchronization estimation. In addition, other solutions for tackling this issue in the audio domain have been proposed [37, 65, 69]. In image watermarking, local invariant features are commonly used to synchronize the location of embedded information and obtain robust sachems against geometric distortions [73, 99, 114, 129]. Due to the overall robustness of SS watermarking schemes, SS-based watermarking methods are the most popular and widely used. Therefore, this thesis focuses on different SS embedding schemes for data hiding. 1.4 Contributions of the Thesis By addressing the above mentioned major challenges, this thesis is focused on developing im- proved SS embedding schemes for data hiding. The main contributions of this thesis are sum- marized as follow. 1. We investigate the SS schemes in the DCT and magnitude of DFT domains. In order to employ SS and ISS schemes for data hiding in the magnitude of the DFT domain, we show that the conventional scheme is not directly applicable. Therefore, we propose the modified SS embedding scheme in the DFT magnitude domain. Then, the optimal decoder in this domain is proposed. SS embedding schemes in the DCT domain are considered as well and the theoretical error probability for these embedding schemes are derived. Since side information, such as the watermark amplitude, is needed at the decoder side for optimal decoding, for relaxing the decoder from this requirement, Local Optimum Decoder (LOD) and Linear Minimum Mean Square Error (LMMSE) decoder are proposed. Their decoding performances are compared to that of the optimal decoder. 12 1.5. Organization of the Thesis 2. We propose the correlation-and-bit-aware concept for data hiding by exploiting the side information at the encoder side. At the encoder side, the correlation-and-bit-aware con- cept exploits the correlation information between the host signal and the signature code, and information of the message bit to be embedded. Based on this concept and employing SS and ISS schemes, Correlation-Aware Spread Spectrum (CASS) and Correlation-Aware Improved Spread Spectrum (CAISS) embedding schemes are proposed. The error probabil- ities of CASS and CAISS schemes are derived theoretically and the results show that using these embedding schemes could improve the decoding performance significantly. Also, we prove that employing CASS and CAISS schemes could improve payload compared with the traditional SS scheme. 3. We derive the error probability analysis of the MSS embedding scheme for data hiding and investigate the capacity of this scheme. We note that though MSS data hiding is content based, it still suffers from interference effect of the host signal. Since we know the decoder structure at the encoder side, it motivates us to propose an improved MSS embedding scheme which could reduce the host effect. The proposed Improved Multiplicative Spread Spectrum (IMSS) employs the correlation between the host signal and the signature code, and the correlation of the host signal with itself to reduce the host effect. Simulation results illustrate that the proposed IMSS scheme could improve the decoding performance remarkably. 4. We present the security analysis of the SS data hiding schemes under the KMA scenario. Exploiting the mutual information security measure, we analyze the information leakage of SS-based schemes, including SS, ISS, CASS, CAISS, and MSS schemes, under the KMA scenario. Further, to quantitatively illustrate embedding security in a practical way, we present some practical signature code estimators and evaluate the estimation accuracy performances via simulations. In addition, for the CASS and CAISS embedding schemes, we introduce the so-called Known Message and Correlation Attack (KMCA) and show that it is more powerful than KMA. 1.5 Organization of the Thesis In the following, we provide a brief overview of the remainder of this thesis. Chapter 2 [135, 140] considers efficient blind watermark decoding approaches for hidden mes- sages, within the framework of SS schemes for data hiding. We study SS embedding in both the Discrete Cosine Transform (DCT) and the Discrete Fourier Transform (DFT) domains. First, we show that the conventional SS scheme could not be applied directly into the magnitudes of the 13 1.5. Organization of the Thesis DFT coefficients, and thus we present modified SS and ISS schemes and the optimal maximum likelihood (ML) decoders based on the Weibull distribution are derived. Then, we investigate the SS and ISS embedding schemes in the DCT domain and derive the corresponding optimal ML decoders. We also provide theoretical error probability for these decoders in the correspond- ing domains. Finally, suboptimal decoders, including local optimum decoder (LOD) and linear minimum mean square error (LMMSE) decoder, are investigated to reduce the required prior information at the receiver side, and their theoretical decoding performances are derived. Based on decoding performances and the required prior information for decoding, we discuss the pre- ferred host domain and the preferred decoder for additive SS-based data hiding under different situations. Extensive simulations are conducted to illustrate the decoding performances of the presented decoders. Chapter 3 [136–138] presents a correlation-and-bit-aware concept for data hiding, and based on this concept two additive SS-based improved data hiding embedding schemes are intro- duced. We first propose the correlation-aware spread spectrum (CASS) embedding scheme, which is shown to provide better watermark decoding performance than the traditional addi- tive spread spectrum (SS) scheme. Further, we propose the correlation-aware improved spread spectrum (CAISS) embedding scheme by incorporating SS, improved spread spectrum (ISS), and the proposed correlation-and-bit-aware concept. Compared with the traditional additive SS, the proposed CASS and CAISS maintain the simplicity of the decoder. Our analysis shows that, by efficiently incorporating the side information, CASS and CAISS could significantly reduce the host effect in data hiding and improve the watermark decoding performance remark- ably. To demonstrate the improved decoding performance and the robustness by employing the correlation-and-bit-aware concept, the theoretical bit error performances of the proposed data hiding schemes in the absence and presence of additional noise are analyzed. Simulation results show the superiority of the proposed data hiding schemes over traditional SS schemes. Chapter 4 [134, 139, 141] analyzes the error probability of the conventional multiplicative spread spectrum (MSS) scheme and derives the corresponding channel capacity. It is noted that the interference effect of the host signal causes the distribution leakage and contributes to the decoding performance degradation. Since the host signal and the decoder structure information are available at the encoder side, an improved multiplicative spread spectrum (IMSS) embedding scheme for data hiding is proposed. Since the host signal and the decoder structure information are available at the encoder side, the proposed IMSS scheme exploits both the correlation be- tween the host signal and the watermark signal and the decoder structure in embedding the bit information to reduce the host interference effect. We show that, compared with MSS, the pro- posed IMSS maintains the simple decoder structure and does not require additional information for decoding. We also analyze the decoding performances of MSS and IMSS in the presence of 14 1.5. Organization of the Thesis additional Gaussian noise. Simulation results depict the superiority of the proposed IMSS data hiding scheme over the conventional MSS scheme. Chapter 5 [142] presents the security analysis of ISS, CASS, CAISS, and MSS schemes under the KMA scenario. The amount of information about the secret key which leaks out from the observations is quantified by Shannon’s mutual information. Exploiting this security measure, we analyze the information leakage of ISS, CASS, CAISS, and MSS under the KMA scenario. Further, to quantitatively illustrate embedding security in a practical way, we present some practical signature code estimators and evaluate the estimation accuracy performances via simulations. Based on our security analysis, from a designer’s point of view, we show that it is possible to design an embedding scheme with both enhanced security and decoding performance, e.g., the CAISS scheme can both be more secure (measured by less information leakage) and provide better decoding performance when compared with the ISS scheme. Further, from an attacker’s point of view, we show that it is possible to devise a more effective attack. For instance, we introduce the so-called known message and correlation attack (KMCA) and show that it is more powerful attack than KMA. Chapter 6 summarizes the contributions of this thesis and outlines a few future topics. Finally, Appendices include the proofs of some expressions stated in the thesis body. 15 Chapter 2 Efficient Blind Decoders for Additive Spread Spectrum 2.1 Introduction In this chapter, our main purpose is to provide a watermark decoding framework for data hiding using spread spectrum embedding in the DCT domain and the DFT magnitude domain. DCT and DFT domains are widely used for compression and thus embedding in these domains is appealing. In addition, embedding in the frequency domain could help to improve the percep- tual quality of the watermarked signal. In the literature, there is lack of investigation on the optimal decoder using the additive SS in the DFT magnitude domain and we will fill this gap in this chapter. We will show that the conventional SS scheme could not be applied directly in the DFT magnitude domain and thus we will propose a modified SS embedding scheme. In order to provide a guidance on the preferred domain for information hiding using additive SS embedding, based on the derived decoders, we will discuss which domain is preferred under different circumstances. In addition, we present a theoretical framework of optimal decoders for additive SS and ISS schemes in the DCT and DFT magnitude domains. We note that optimal decoders using ISS provide better decoding performances than the traditional additive SS. As the optimum ML decoder requires the distribution parameters of the host image and the wa- termark strength information, to address this concern, we also investigate several suboptimal watermark decoders. By invoking the Taylor series, the local optimum decoder (LOD) which is independent of watermark amplitude is proposed. Further, due to simplicity and good per- formance, we employ the linear minimum mean square error (LMMSE) criterion and derive the LMMSE decoders. Moreover, we derive the theoretical performance analysis of the suboptimal decoders. The rest of this chapter is organized as follows. In Section 2.3, the traditional additive SS and ISS embedding schemes are briefly reviewed for data hiding and communicating hidden message. Host probability distribution functions for DCT and DFT domains are described in Section 2.4. The optimal ML decoders are derived in Section 2.5 and the corresponding bit- error-rate analyses are presented. In Section 2.6, the suboptimal decoders, including LOD and 16 2.2. SS Schemes LMMSE decoders are presented and their theoretical performance analyses will be provided. The simulation results are demonstrated in Section 2.7 to validate the analysis. Finally, the discussions and concluding remarks are given in Section 2.8. 2.2 SS Schemes As it has been indicated in Chapter 1, additive SS and ISS are two major SS embedding schemes. In the following subsections, the signal model of these embedding schemes are presented. 2.2.1 Additive SS Scheme In the conventional SS scheme, the bit message b with amplitude A > 0 is embedded into the host signal. The information bit to be hidden in the host signal is usually taken from the binary set b ∈ {−1,+1}. The binary message bit is embedded into the host signal x = [x1, x2, ..., xN ]T . Here, N is the number of the host coefficients used for conveying one information bit. The SS scheme employs a signature code s = [s1, s2, ..., sN ] T for the sake of security and this key is assumed to be selected from a binary set si ∈ {−1,+1}. Based on the SS embedding, the watermarked signal r = [r1, r2, ..., rN ] T can be represented in the following form ri = xi + siAb , i = 1, 2, ..., N. (2.1) Generally, the distortion due to any watermark embedding can be defined as D = 1 N E{‖r− x‖2}, (2.2) where E{.} means the expectation operator and ‖.‖ is defined as the norm of a vector. In the additive SS scheme the distortion is equal to A2. Additive SS embedding scheme could be written in the vector form as r = x+ sAb. 2.2.2 ISS Embedding Scheme The traditional additive SS, where the host signal acts as a noise source, is a non rejected host method which does not use the host signal information in the decoder. It was shown in [92] that ISS, which reduces the interference effect of the host signal, leads to significant performance improvements. The signal model for ISS data hiding is defined as r = sAb+ t, (2.3) 17 2.3. Additive SS and ISS Schemes Applied to Images where t = (IN − λssT )x, (2.4) where IN denotes the identity matrix and λ is obtained usually by maximizing the watermark to data ratio or by minimizing the probability of error. The distortion for ISS embedding can be obtained as follows D = 1 N E{∥∥sAb− λssTx∥∥2} = A2 + λ2sTRxs, (2.5) where Rx is the correlation matrix of the host signal. When the host signal coefficients’ are uncorrelated with variance σ2x, (2.5) becomes D = A 2 + λ2Nσ2x. 2.3 Additive SS and ISS Schemes Applied to Images In this section, we consider the additive SS and ISS schemes in order to embed the information in the images. Suppose a host image I ∈ Mm×n is supposed to be watermarked, where M means the image alphabet, e.g., M = {0, 1, . . . , 255} for a gray scale image, and m and n represent the size of the image in the pixel (spatial) domain. Here for simplicity we assume m = n, though the results could be extended to the general case of having unequal m and n. The additive SS embedding procedure for a host image is summarized as follows. First, the image I is partitioned into mp × mp sub-blocks of size p × p. Then, each block is usually transformed to a domain which is insensitive to tampering, i.e., T (I) ∈ Rp×p where T denotes the transform function transforming the host image into the new domain called host domain. For the total q = ( m p )2 sub blocks, each of them conveys one hidden information bit for one-message embedding or multiple hidden information bits for multi-message information embedding. A perfect transform should be insensitive against operations such as translation, lowpass filtering, compression, and other standard signal processing manipulations. In the context of image processing, two popular transform domains include the DCT and DFT which are of interest of this Chapter. For each block of size p × p in the transformed domain, a subset of host coefficients with length N ≤ p2 is selected to be the carrier vector for embedding. Such selected vectors xi ∈ RN , i = 1, 2, . . . , q , are used for information embedding employing the signature code. The point that should be taken into account is that different domain host signals may affect the procedure of adding the information. Using the DCT domain makes no restriction on the additive SS watermarking. Employing the DFT and explicitly embedding the information in the magnitude of DFT coefficients limit the set of coefficients to be watermarked, since the watermarked DFT coefficients are required to be positive. We will discuss about the embedding 18 2.4. Data Hiding in the DCT and the DFT Magnitude Domains scheme in the magnitude of the DFT domain more precisely when the optimal decoders are explained in Section 2.5. 2.4 Data Hiding in the DCT and the DFT Magnitude Domains As it was explained in Section 2.3 the message bits could be embedded in the DCT and DFT domains. In order to find the optimal decoders, the distributions of the DCT and DFT coef- ficients are needed to be known. The authors in [47] suggested that the heavy tailed property for low and mid frequency of DCT coefficients can be modeled by the zero mean Generalized Gaussian Distribution (GGD) [47] as fX(x) = αe −|βx|c , (2.6) where α = βc 2Γ(1c ) , β = √ Γ(3/c) Γ(1/c) σx , (2.7) and σx means the standard deviation of the host signal and Γ(.) means the Gamma function defined as Γ(x) = ∫∞ 0 t x−1e−tdt. The power exponent c is the shape parameter where its smaller value leads to the more impulsive shape and heavier tail. The scale parameter β and the shape parameter c can be estimated from the host signal [98]. The DFT is another popular transform domain for image analysis, where the DFT magnitude could be used to represent the host signal. Since the magnitude of the DFT coefficient is real and positive, the Weibull distribution was suggested [9] to model the Probability Density Function (PDF), because of its flexibility and consistency with the DFT magnitude, as follows fX(x) = γ η ( |x| η )γ−1 exp [ − ( |x| η )γ] u(x), (2.8) where u(.) determines the step function which returns one where its argument is positive and returns zero when its argument is negative. Moreover, the parameters η > 0 and γ > 0 represent the scale and the shape parameters of the Weibull distribution. 19 2.5. The ML Optimal Decoders 2.5 The ML Optimal Decoders The optimal decoder obtains an estimate b̂ of b such that the probability error Pe = Pr{b̂ 6= b} is minimized. This can be done with the ML decoder as follows b̂ = argmax b∈{±1} f(r|b, s), (2.9) where f(r|b, s) represents the conditional PDF of r when given b and s. It is clear that the distribution of the host signal plays an important role in the ML decoder structure and thus, distribution of the DCT and magnitude of DFT domains were introduced in Section 2.4. As discussed in Section 2.4, the PDF of the host signal can be different depending on the transform domain. In practice, due to different desired properties, different transform domains could be used for data hiding. Derivation and performance analyses of the ML decoder for SS embedding require the distribution of the host signal in a specific domain. In the following subsections, the ML decoders for SS and ISS embedding schemes in DCT and magnitude of DFT domains are derived. It is worth mentioning that the ML decoder for the SS scheme in the DCT domain has been already proposed in [47]. 2.5.1 ML Decoders in the DFT Domain One possible host signal for information hiding is the DFT magnitude domain. However, it is important to note that the SS (2.2) and ISS (2.5) embedding schemes can not be applied directly in this domain because of the special property of the magnitudes of the DFT coefficients, i.e., they should be always positive. To ensure the intuition that the watermarked signal should be always positive, we propose a modified SS embedding scheme in the DFT magnitude domain as follows r = x+ sAb+ e, (2.10) where the insurance vector e = [e1, e2, . . . , eN ] T is designed to make ri’s positive. More specifi- cally, if xi+siAb is positive, its corresponding element ei is set to be zero; If xi+siAb is negative, ei = −siAb is set to make ri equal to xi which is consequently positive. In summary, ei in (2.10) can be formulated as ei = (−siAb)u(−(xi + siAb)). (2.11) The modified SS embedding scheme (2.10) and the vector e defined in (2.11) reveal that, for those coefficients where ei > 0, the watermarked signal becomes ri = xi. However, because of the structure of the optimal decoder, which will be derived shortly, such ri’s still could help for decoding. We also note that, for the modified SS scheme (2.10), by increasing the watermark 20 2.5. The ML Optimal Decoders amplitude A, the number of coefficients with ei > 0 increases. Generally, the goal of this modified SS embedding scheme is to make all the watermarked coefficients positive. Having proposed the modified SS embedding scheme for information hiding in the magnitude of the DFT domain, we can derive the optimal decoder using the distribution of the host signal. Based on (2.9), the decoder decides b̂ = 1 if (see Appendix A.1) exp { −∑Ni=1 ( |ri−siA|ηi )γi} exp { −∑Ni=1 ( |ri+siA|ηi )γi} N∏ i=1 (|ri − siA|)γi−1u(ri − siA) (|ri + siA|)γi−1u(ri + siA) > 1. (2.12) Investigating the ML decoder in the DFT magnitude domain reveals that the information bit amplitude as well as the PDF parameters should be provided at the receiver side. Now, we proceed to show that the decoding procedure is error free for two cases. For one case that b = +1 and there is at least one coefficient with ri + siA < 0 at the decoder side, we can see that the left side in (2.12) goes to infinity and thus the decoder definitely decides b̂ = +1. More precisely, in this case, u(ri − siA) is positive and u(ri + siA) equals to zero, and thus the left side in (2.12) goes to infinity. Similarly, for the other case that b = −1 and at the decoder side there is at least one coefficient with ri− siA < 0, the left side in (2.12) is equal to zero and thus the decoder definitely decides b̂ = −1. As mentioned earlier, the coefficients that ei > 0 could help error free decoding. To explain this better, let assume that b = +1 and xi+siA < 0, thus the corresponding coefficient becomes ri = xi at the embedding side. At the decoder side we will have ri + siA < 0, which based on the above discussion, leads to the decision b̂ = +1. Similarly, let assume that b = −1 and xi − siA < 0, thus the corresponding coefficient becomes ri = xi at the embedding side. At the decoder side we will have ri + siA < 0, which leads to decision b̂ = −1. In both cases, the decoder performance would be error free and therefore, coefficients with ei > 0 could contribute to accurate decoding. Deriving an analytic expression for the probability of error is always desirable, because it could help to analyze the behavior of the error. In Appendix A.1 has been shown that the error probability could be approximated as Pe = 1 2 erfc (√ m2z 2σ2z ) , (2.13) where mz = ∑ i { 1 2 ( |xi + 2A| ηi )γi + 1 2 ( |xi − 2A| ηi )γi + 1 2 (γi − 1) ln ( x2i∣∣x2i − 4A2∣∣ ) − ( xi ηi )γi} ,(2.14) 21 2.5. The ML Optimal Decoders e2z = 1 2 (∑ i { 1 2 ( |xi + 2A| ηi )γi − ( xi ηi )γi + (γi − 1) ln ( xi |xi + 2A| )})2 + 1 2 (∑ i { 1 2 ( |xi − 2A| ηi )γi − ( xi ηi )γi + (γi − 1) ln ( xi |xi − 2A| )})2 , (2.15) and σ2z = e 2 z − m2z. Therefore, the theoretical error probability of the modified SS scheme is expressed as (2.13) when the mean and variance could be achieved using (2.14) and (2.15). Having introduced information embedding using the modified SS scheme in the DFT mag- nitude domain, we now present the modified ISS scheme. Similar to the modified SS scheme, to avoid having negative watermarked coefficients, we propose a modified ISS embedding scheme as r = sAb+ t+ e, (2.16) where the insurance vector e is determined as follows. If ti + siAb is positive then the corre- sponding ei is set to zero; If ui + siAb is negative, then ei = −siAb+ λsisTx to ensure that ri is positive. Therefore ei in the modified ISS scheme could be expressed as ei = (−siAb+ λsisTx)u(−(ti + siAb)). (2.17) Similar to the decoder (2.12), it has been shown in Appendix A.2 that the ML decoder for the ISS scheme is obtained as exp { −∑Ni=1 ( |mi(r−sA)|ηi )γi} exp{−∑Ni=1 ( |mi(r+sA)|ηi )γi} N∏ i=1 [ (|mi(r− sA)|)γi−1 u(ri − siA+ λsisTx) ] [ (|mi(r+ sA)|)γi−1 u(ri + siA+ λsisTx) ] > 1. (2.18) which mi is the ith row of M −1 where M = I− λssT . According to the modified embedding scheme (2.16) the watermarked signal lies in the pos- itive domain. Therefore, similar behavior to the SS scheme could be observed in ISS scheme as well. So, we will apply the modified ISS scheme in (2.16) for embedding, and use the decoder in (2.18) for extracting the hidden information. Similar to the SS case, the error probability could be approximated by (2.13) where (cf. Appendix A.2) mz = ∑ i {1 2 ( |ai| ηi )γi + 1 2 ( |di| ηi )γi + 1 2 (γi − 1) ln ( x2i |aidi| ) − ( xi ηi )γi }, (2.19) 22 2.5. The ML Optimal Decoders e2z = 1 2 (∑ i { 1 2 ( |ai| ηi )γi − ( xi ηi )γi + (γi − 1) ln ( xi |ai| )})2 + 1 2 (∑ i { 1 2 ( |di| ηi )γi − ( xi ηi )γi + (γi − 1) ln ( xi |di| )})2 , (2.20) where ai = xi + 2A(Nµ+ 1), di = xi − 2A(Nµ + 1), and µ = (λ−1 −N)−1. The remaining point is determining the parameter λ in ISS embedding which could be achieved using the probability of error. This parameter should take the value which minimizes the theoretical probability of error. Thus, regarding to the obtained probability for the ISS, λ is obtained as λk = argmax λ m2z σ2z . (2.21) 2.5.2 ML Decoders in the DCT Domain As opposed to the SS and ISS schemes in the magnitude of DFT which suffered from lack of optimal decoder, the optimal decoder in the DCT domain exploiting SS scheme has been accomplished in [47]. It has been shown [47] that the test statistic of the ML is in the form z = N∑ i=1 [∣∣∣∣ri + siAσxi ∣∣∣∣ c − ∣∣∣∣ri − siAσxi ∣∣∣∣ c] . (2.22) We can see that the ML decoder requires knowledge of the information bit amplitude and the shape parameter. For practical implementation, the receiver should either have prior information about the shape parameter or estimate it. One way to avoid estimating the shape parameter is to use a general value for all images, hoping it could describe the distribution of the DCT coefficients relatively well [12, 91]. Now, we extend this work to obtain the ML decoder for ISS embedding scheme in the DCT domain to achieve better decoding performance. Exploiting the ML criterion leads to the test statistic of the optimal decoder for ISS scheme as follows (see Appendix A.3) z = N∑ i=1 [∣∣∣∣mi(r+ sA)σxi ∣∣∣∣ c − ∣∣∣∣mi(r− sA)σxi ∣∣∣∣ c] . (2.23) Having proposed the optimal decoder of the ISS scheme in the DCT domain, the error 23 2.6. Suboptimal Decoders probability is obtained by (2.13) where the mean and variance are determined as follow: mz = N∑ i=1 [( 1 σxi )c(1 2 |xi + 2A(λµ + 1)|c + 1 2 |xi − 2A(λµ + 1)|c − |xi|c )] , (2.24) σ2z = N∑ i=1 [( 1 σxi )2c (1 4 [|xi + 2A(λµ + 1)|c − |xi − 2A(λµ + 1)|c]2 )] . (2.25) Similar to the ISS embedding in the magnitude of the DFT domain, the parameter λ could be determined using the constrained maximization (2.21) taking into account the mean and variance defined in (2.24) and (2.25). 2.6 Suboptimal Decoders As shown in Section 2.5, the ML decoder requires the host distribution parameters as well as the watermark amplitude. Assuming low distortion due to watermark, we could estimate the host signal parameters using the received signal, while estimating the watermark amplitude is not easy because of the complex structure of the embedding scheme. Therefore, to reduce the dependency on such prior information, in this section, we will investigate two suboptimal decoders. In addition, since it was shown that the ML decoder for embedding in the magnitude of the DFT domain is sensitive to watermark amplitude, we hope that the suboptimal decoders in this domain could decrease this sensitivity and lead to good performances in the presence of additional noise. 2.6.1 Local Optimum Decoder To make the hidden information imperceptible, the watermark amplitude should be small. This motivates us to explore the LOD idea of using Taylor expansion of the test statistic around zero. The Taylor series of f(x) around the point x = a excluding the second and higher orders can be expressed as f(x) = f(a) + f́(a)(x − a), (2.26) where f́(a) is the first order derivative of f(.) at the point x = a. Having introduced this approximation, we first consider the LOD for SS embedding in the DCT domain. Taking into account the point that the test statistic (2.22) at A = 0 equals to zero, and deriving the Taylor series around A = 0, the LOD for SS embedding in the DCT 24 2.6. Suboptimal Decoders domain is achieved by b̂ = sign { N∑ i=1 si |ri|(c−1) sign{ri} σcxi } . (2.27) The provided above decoder expression reveals that it is independent of the watermark amplitude and appropriate for the cases which there is no access to the watermark amplitude. Having obtained the test statistic of LOD for SS embedding, the error probability can be analyzed using (2.13) where it could be shown that the mean and the variance are as follow mz = N∑ i=1 [ 1 σcxi ( |xi +A|(c−1) sign{xi +A} − |xi −A|(c−1) sign{xi −A} )] , (2.28) σ2z = N∑ i=1 [ 1 σ2cxi ( |xi +A|(c−1) sign{xi +A}+ |xi −A|(c−1) sign{xi −A} )2] . (2.29) We follow the same procedure provided for LOD using the SS scheme to obtain its counterpart using the ISS scheme. In Appendix A.4 has been shown that the LOD for ISS embedding scheme is obtained by b̂ = sign N∑ i=1 1 σcxi (Nµ + 1)si ∣∣∣∣∣∣µsi ∑ j 6=i sjrj + (1 + µ)ri ∣∣∣∣∣∣ (c−1) sign µsi ∑ j 6=i sjrj + (1 + µ)ri . (2.30) Finally, a similar procedure could be taken to obtain the LOD in the DFT magnitude domain. Referring to the test statistic (A.3), we can obtain the LOD decoder for SS embedding in the DFT magnitude domain as b̂ = sign {∑ i [ rγi−1i siγi ηγii − (γi − 1)si ri ]} . (2.31) It is worthy mentioning that, since LOD is independent of the watermark amplitude A, decod- ing performance degradation is observed in LOD compared with ML, especially for the high watermark amplitude cases. As discussed in Section 2.5, the watermarked coefficients with xi − siA < 0 or xi + siA < 0 help accurate decoding in the ML decoder. From the LOD in (2.31), it is clear that with no access to the watermark amplitude information, all the received coefficients are exploited for extracting the hidden information even though some of them do not convey any information. This is the source of the decoding performance degradation of LOD. 25 2.6. Suboptimal Decoders 2.6.2 LMMSE Decoder In Section 2.5, we focused on the optimal ML decoders, which require the PDF parameters as well as the watermark strength and signature code. Since providing the watermark strength information to the decoder is not always possible, the LOD decoder was proposed in Section 2.6 to make the decoders independent of this information. However, the PDF parameters are still required by these decoders. This motivated us to develop suboptimal decoders which depends neither on PDF parameters nor on the watermark strength information. Here, we introduce the LMMSE decoder which requires only the signature code as prior information at the decoder side. In signal processing, the mean square error (MSE) is a common measure of estimation and the MMSE estimator minimizes the mean square error in a Bayesian setting. More specifically, let θ be an unknown random variable to be estimated, and let y be the measurement, the MMSE estimator is to find a function θ̂ = g(y) such that it minimizes the MSE E{(θ − g(y))2|y}. In many cases, the minimum mean square error estimator could not be achieved, since we may not know the distributions f(θ|y) and f(θ, y) or the conditional expectation can be difficult to compute. Therefore, in practice the LMMSE estimator which has a linear structure and could be achieved more easily [60], is usually applied. The LMMSE decoder takes a linear combination of the received signal ri and some coefficients wi as follows z = ŵT r, (2.32) which the latter coefficients should be determined, and the hidden information is extracted using sign of the test statistic. The weight vector w is obtained by minimizing the MSE as ŵ = argminwE{ ∥∥Ab−wT r∥∥2}. (2.33) It could be shown that the result of this minimization leads the LMMSE decoder to the following conventional [60] form ŵ = Rr −1s, (2.34) where the autocorrelation matrix Rr defined as Rr = E{rrT }, can be estimated at the receiver side. Therefore, from the former expression, we can see that only the signature code is required at the receiver side. Although the LMMSE decoder has the same structure for information embedding in the DCT and magnitude of the DFT, its performance varies in these host domains. As explained earlier for LOD in the magnitude of the DFT domain, all the coefficients do not convey the information. On the other hand, the autocorrelation matrix is estimated using all the coefficients of the received signal and thus it causes degradation in the decoding performance. 26 2.7. Experimental Results To obtain a closed form expression of the error probability for the LMMSE decoder when SS scheme is exploited for information hiding in the DCT domain, by assuming that the test statistic z in (2.32) follows a Gaussian distribution, we can show that the probability of error would be in the form of (2.13) when mz = As TRr −1s , σ2z = s TRr −1RxRr−1s, (2.35) where Rr = A 2ssT +Rx. In a similar way, the theoretical error probability of LMMSE decoder for ISS embedding in the DCT domain, using (2.13), is obtained as mz = As TRr −1s , σ2z = s TRr −1(IN − λssT )Rx(IN − λssT )Rr−1s, (2.36) where Rr = A 2ssT + (IN − λssT )Rx(IN − λssT ). As it was discussed before, by minimizing the error probability parameter λ is achieved. By applying the minimization, the parameter λ is obtained as λ = (sTRxs+DN 2)− √ (sTRxs+DN2)2 − 4DN2sTRxs 2NsTRxs . (2.37) It should be pointed out that, as opposed to other decoders, the LMMSE leads to a closed form expression for λ. 2.7 Experimental Results In this section, simulations on real images are conducted to illustrate the performance of the proposed watermark decoders for decoding hidden message. A set of 100 testing images with size 512×512 are employed for information embedding. Testing images include images collected by the UBC’s Digital Multimedia Lab and some standard images such as “Boat”, “Lena”, “Peppers”, “Barbara” and other ones. These standard images are commonly used for testing different aspects of watermarking schemes and are widely used in watermarking papers for evaluating watermarking schemes [132, 153, 154, 157]. For information embedding in the DCT domain, for each 8× 8 block of the image, the DCT coefficients are calculated and all coefficients except the dc one are used as the host signal to convey the hidden information, therefore, 63 coefficients are used for conveying of one bit of information. For information hiding in the DFT domain, since the coefficients should remain conjugate symmetric, 31 coefficients are employed. For the DCT-domain data hiding, shape parameter is set to c = 0.8. Since each block with size 8× 8 is used for hiding one bit, the total number of embedded bits is 5122/82 = 4096 in each test image. 27 2.7. Experimental Results We first verify the theoretical error probabilities when employing the ML decoders proposed in Section 2.5 for both traditional SS and ISS embedding. For data hiding in the DCT domain, both the simulation results and the theoretical results are shown in Figure 2.1, where the bit error rate (BER) is plotted as a function of the Document to Watermark Ratio (DWR) defined in the form of DWR = 10 log(σ 2 x D ). It should be mentioned that the average of the BER for test images has been calculated as the final result. From Figure 2.1, it is clear that the theoretical analysis and the simulated BER result match closely with each other, and this verifies the theoretical analysis of the error probability. Also, comparing the performances of SS and ISS, as expected, we note that ISS clearly outperforms the traditional SS. Similar to the DCT-domain results, we also investigate the performances of ML decoders when the magnitude of the DFT-domain is exploited for information hiding. The average BER performance based on testing images and the theoretical performance derived in Section 2.5 are shown in Figure 2.2. The consistency between the simulated and theoretical results proves the correctness of the provided error analysis in Section 2.5. From Figures 2.1 and 2.2, we note that, at low DWR, the theoretical results of the DCT domain data hiding are more accurate than that of the DFT magnitude domain. The reason is most likely due to the assumed Gaussian distribution of the test statistic, which is more true when more random variables are added together. Since the total number of available coefficients for information hiding in the DFT magnitude domain is only half of that of the DCT domain and, as explained in Section 2.5, and more DFT coefficients do not convey information when the DWR decreases, the Gaussian assumption imposed on the test statistic in (2.22) and (2.23) for the DCT domain embedding is more accurate than their counterparts in the DFT magnitude domain. From Figures 2.1 and 2.2, we also note that data hiding in the magnitude DFT domain yields better decoding performances than that of the DCT domain. This observation could be explained by the special structure of the test statistic which is error free when ri + siA < 0 or ri − siA < 0 and thus leads to better decoding performances. To gain more insight into the optimal and suboptimal decoders derived in Sections 2.5 and 2.6, the decoding performances of the ML, LOD, and LMMSE decoders are compared in Figure 2.3 where the DCT-domain SS and ISS embedding schemes are studied. It is noted from this figure that the ML decoder outperforms the suboptimal ones. The ML decoder uses the watermark amplitude information to make the decision, while the LOD and LMMSE decoders do not require this information and provide close, slightly worse performance to that of ML. The other point observed is that the LMMSE decoder yields slightly better decoding performance than the LOD one, which could be intuitively justified by the structure of LOD. In deriving LOD, it is assumed that the watermark amplitude is small, and the LOD shows close decoding performance to that of ML as long as this assumption is satisfied. As it is seen from Figure 2.3, 28 2.7. Experimental Results the performance gap between the ML and the LOD gets bigger as the DWR decreases. This is because, by decreasing the DWR, the watermark amplitude gets larger and the LOD derived by truncating the second and higher orders of Taylor’s series results in a coarser approximation of the ML decoder. The LMMSE does not impose any constraint on the watermark amplitude, and this might be one reason that LMMSE is slightly better than LOD. In addition, the LMMSE decoder does not need to estimate parameters of the host signal and this simplicity makes it attractive for decoding. Therefore, we suggest that the LMMSE decoder is generally a good choice for extracting the information hidden in the DCT domain, in the sense that it needs less information than the ML decoder yet yields close decoding performance. To verify the derived theoretical decoding performance analysis in Section 2.6, the BER curves of the LOD and LMMSE decoders in the DCT domain are shown in Figure 2.4. We ob- serve close matches between the theoretical BER performances and the performances calculated based on the experimental results. To compare the performances of the suboptimal decoders for the DFT magnitude domain embedding, Figure 2.5 is reported. From Figure 2.5, we note that, for the SS embedding, the LOD decoder does not provide comparable BER performances when compared with other decoders. As discussed in Section 2.6, though not all DFT coefficients convey hidden information, the LOD and LMMSE decoders use all the received coefficients for decoding and thus have degraded decoding performances from that of ML. More specifically, at lower DWR, since less DFT coefficients can be used for conveying the information bit, the decoding performance gap is larger, as observed in Figure 2.5. It is observed from the Figure 2.5 that the slope of decoding performance of LOD becomes smaller as the DWR decreases, and the same behavior is observed for the LMMSE decoder in Figure 2.5. From the Figure 2.5, we note that overall the LMMSE decoder outperforms other suboptimal decoders. To examine the performances of the proposed decoders in the presence of additional dis- tortions/attacks, we consider a scenario where an additive Gaussian noise is added into the watermarked images, and the decoders’ performances are shown in Figures 2.6 and 2.7 for the DCT and the DFT magnitude domain embedding, respectively. In these figures, the Watermark to Noise Ratio (WNR) changes, where WNR = 10 log( D σ2n ) and σ2n denotes the noise variance. From Figure 2.6, we note that the ISS scheme has better performance than SS, and that all sub- optimal decoders yield close decoding performances to each other. One observation in Figure 2.7 is that the LMMSE decoder outperforms ML. Even though in the absence of any additional attack, ML in the DFT magnitude domain provides the best decoding performance, its perfor- mance in the presence of additional noise degrades significantly. This could be explained by the sensitivity of the ML decoder to the watermark amplitude. In the presence of additional noise, the received coefficients can be changed, and thus are wrongly exploited for decoding and 29 2.7. Experimental Results 10 15 20 25 30 35 40 45 10−3 10−2 10−1 100 DWR (dB) BE R Theoretical−ISS ML−ISS Theoretical−SS ML−SS Figure 2.1: The average bit error rates versus DWR for the ML decoders, where 4,096 bits of information are embedded in the DCT domain of each of the testing images employing the SS and ISS embedding schemes. The theoretical performances are also depicted. 10 15 20 25 30 35 40 45 10−5 10−4 10−3 10−2 10−1 100 DWR (dB) BE R Theoretical−Modified ISS ML−Modified ISS Theoretical−Modified SS ML−Modified SS Figure 2.2: The average bit error rate versus DWR for the ML decoders, where 4,096 bits of information are embedded in the DFT mag- nitude domain of each of the testing images employing the modified SS and ISS embed- ding schemes. The theoretical performances are also depicted. consequently degrade the performance of the ML decoder. On the other hand, the LMMSE decoder does not depend on the watermark amplitude and can yield better performances than ML under additional noise. In summary, some useful observations can be concluded from the experimental results: with the watermark amplitude information available at the receiver side, the DFT magnitude domain data hiding could result in better performances when the ML decoder is employed; With no access to the watermark amplitude information, the information embedding in the DCT domain data hiding is preferred, and the LMMSE decoder is preferred; When considering additional noise, data hiding in the DCT domain with ISS is preferred than the DFT magnitude domain ISS embedding. However, for SS embedding, the LMMSE decoder in the magnitude of the DFT domain provides fairly comparable performances to that of LMMSE in the DCT domain. 30 2.7. Experimental Results 10 15 20 25 30 35 40 45 10−3 10−2 10−1 100 DWR (dB) BE R LOD−ISS LMMSE−ISS ML−ISS ML−SS LMMSE−SS LOD−SS Figure 2.3: The average bit error rates ver- sus DWR for the ML, LOD, and LMMSE decoders, where 4,096 bits of information are embedded in the DCT domain of each testing image employing the SS and ISS embedding schemes. 10 15 20 25 30 35 40 45 10−3 10−2 10−1 100 DWR (dB) BE R Theoretical−LMMSE−ISS LMMSE−ISS Theoretical−LMMSE−SS LMMSE−SS Theoretical−LOD−SS LOD−SS Figure 2.4: The empirical and theoretical average bit error rate versus DWR for the LMMSE and LOD decoders, where 4,096 bits of information are embedded in the DCT do- main of each testing image employing the SS and ISS embedding schemes. 10 15 20 25 30 35 40 45 10−4 10−3 10−2 10−1 100 DWR (dB) BE R ML−Modified ISS LMMSE−Modified ISS LMMSE−Modified SS LOD−Modified SS ML−Modified SS Figure 2.5: The average bit error rate ver- sus DWR for the ML, LOD, and LMMSE decoders, where 4,096 bits of information are embedded in the magnitude of the DFT do- main of each testing image. The modified SS and ISS embedding schemes are employed. 0 1 2 3 4 5 6 7 8 9 10 10−3 10−2 10−1 100 WNR (dB) BE R ML−SS LOD−SS LMMSE−SS ML−ISS LOD−ISS LMMSE−ISS Figure 2.6: The average bit error rate ver- sus WNR for the ML, LOD, and LMMSE decoders, where 4,096 bits of information are embedded in the DCT domain of each testing image. The SS and ISS embedding schemes are employed. 31 2.8. Conclusion 0 2 4 6 8 10 10−2 10−1 100 WNR (dB) BE R ML−Modified ISS ML−Modified SS LMMSE−Modified SS LMMSE−Modified ISS Figure 2.7: The average bit error rate versus WNR for the ML and LMMSE decoders, where 4,096 bits of information are embedded in the magnitude of the DFT domain of each testing image. The modified SS and ISS embedding schemes are employed. 2.8 Conclusion In this chapter, the optimal and suboptimal decoders for additive spread spectrum data hiding were investigated. Overall, we presented decoding analysis framework of additive SS and ISS data hiding when the information bit is embedded into the DCT and the magnitude of the DFT domains. Generalized Gaussian distribution and Weibull distribution were used for deriving the maximum likelihood decoders in the different domains. To improve the accuracy of the extracted hidden message, we employed improved spread spectrum embedding and presented the optimal ML decoders. The theoretical error analyses of SS and ISS embedding in the DCT domain and in the magnitude of the DFT domain were derived. Experimental results showed that, when the watermark amplitude is available at the decoder side, data hiding in the magnitude of the DFT domain could yield better decoding performances than that of the DCT domain. Though theoretically the ML decoder achieves the decoding performance upper bound, it requires additional prior information such as the watermark amplitude. To relax the require- ments on such prior information, the LOD and LMMSE decoders were derived for practical data hiding applications in the DCT domain. The LOD decoder is independent of the watermark amplitude, though it still requires the host signal parameters. The LMMSE decoder provides a linear decoder in terms of the received signal which is independent of the watermark ampli- tude. The LOD and LMMSE decoders yield performances close to that of the ML decoder, with the LMMSE being slightly better than the LOD, especially at lower DWR. For the proposed suboptimal decoders, we also provided the theoretical analysis of the bit error rate decoding per- formances. The suboptimal LOD was also proposed in the DFT magnitude domain. However 32 2.8. Conclusion LOD does not provide close performances to that of the ML decoder, probably because that LOD uses all the received coefficients for decoding. The LMMSE decoder in the DFT magnitude domain shows better performance than that of the LOD decoder. The experimental results suggest that, with no access to the watermark amplitude informa- tion at the decoder side, the suboptimal decoders in the DCT domain are more reliable than their counterparts in the DFT magnitude domain. Among the proposed suboptimal decoders, overall the LMMSE decoders are preferred. As expected, the ISS embedding scheme outper- forms SS in both the DCT and the DFT magnitude domains, and thus is preferred. experiments in the presence of additional noise showed that ISS embedding in the DCT domain is preferred. The LMMSE decoder is preferred in the presence of additional noise than the ML one for data hiding in the magnitude of DFT domain. 33 Chapter 3 Correlation-and-Bit-Aware Spread Spectrum 3.1 Introduction In Chapter 2 was shown that the ISS has better decoding performance than the conventional SS scheme. In this chapter, our main purpose is to propose an improved embedding scheme based on SS which could efficiently decrease the interference effect of the host signal. Inspired by the success of ISS [92], we propose a correlation-and-bit-aware concept for data hiding by exploring the correlation between the host signal and the signature code as well as the information bit to be embedded into the host signal as the side information at the encoder. The proposed approach is referred as correlation-aware data hiding approach. By incorporating the correlation-and-bit- aware concept with the SS scheme, a new correlation-aware SS (CASS) data hiding scheme is proposed. Our theoretical analysis shows that CASS is superior to the SS counterpart in terms of watermark decoding performance. To further improve the decoding performance of ISS, a correlation-aware improved spread spectrum (CAISS) data hiding scheme is proposed which is a combination of the SS, ISS, and the correlation-and-bit-aware concept. Having introduced the CAISS scheme, we will show theoretically that it outperforms the ISS scheme by yielding higher decoding performance. In addition, we will prove that the proposed CASS scheme is more robust against the interference effect than the traditional SS. Similarly, better robustness of the proposed CAISS over the ISS will be shown. Moreover, it will be shown that employing the proposed CASS and CAISS schemes could increase the payload. Further assuming additional Gaussian noise is added to the received signal, we derive the corresponding test statistic distribution at the decoder side. Based on the derived distributions, the error probability of the CASS and CAISS schemes in the presence of noise will be presented. The simulation results verify the integrity of the derived theoretical decoding performances and support the claim that the proposed correlation-aware schemes can provide better decoding performances in the presence or absence of additional noise. It is worth emphasizing that, comparing with the traditional blind SS scheme, the proposed correlation-aware data hiding approaches do not require additional information at the decoder side and do not change the 34 3.2. Conventional Correlator as Decoder simple decoder structure. The rest of this chapter is organized as follows. In Section 3.2, the basic idea of SS embedding is described briefly. The correlation-and-bit-aware concept and the CASS scheme are presented in Section 3.3 and the improvements of CASS over SS are shown. In Section 3.4, the CAISS scheme is proposed and its superiority over other SS schemes is illustrated. The performance analyses of the proposed correlation-aware data hiding schemes in the presence of the noise are accomplished in Section 3.5. Simulation results are provided in Section 3.6 and the concluding remarks are given in Section 3.7. 3.2 Conventional Correlator as Decoder In Chapter 2, the SS and ISS embedding schemes were introduced. Since the correlation-aware concept is a data hiding scheme that is applicable for any context (image, video, and audio), we generally assume that the host signal follows Gaussian independent and identical distribution (IID) with zero mean and variance σ2x, i.e., x ∼ N (0N , σ2xIN ), where IN and 0N are the N ×N identity matrix and zero vector with dimension N , respectively. Since the host coefficients are assumed to be Gaussian IID’s, the optimal decoder is the correlation between the received data and the signature code. The correlator estimates the hidden information bit as b̂ = sign{z}, (3.1) where z = rT s. (3.2) r and s are the received signal and signature code, respectively. sign{.} function returns +1 and -1 when its argument is positive and negative, respectively. Given b = +1 and b = −1, the PDFs of the sufficient statistic z = rT s could be determined as follow fZ(z|b = +1) = N (NA,Nσ2x), (3.3) fZ(z|b = −1) = N (−NA,Nσ2x). (3.4) From the above PDFs, it is clear that the SS embedding scheme is not error free even in the absence of any additional noise. The explanation of this phenomenon is that the host signal is actually treated as noise in SS embedding. Since the host signal power is generally much higher than the embedding signal (watermark) power due to the imperceptibility requirement of data 35 3.3. Correlation-Aware SS Data Hiding Approach hiding, this noise effect of the host signal results in a degradation in the decoding performance of SS. To reduce the interference effect of the host signal, Malvar and Florencio proposed the improved spread spectrum embedding [92] by modulating the energy of the inserted signal. It should be mentioned that by assuming the Gaussian distribution of the host signal, the optimal ML decoder is in the form of (3.1) where the test statistic is as (3.2). 3.3 Correlation-Aware SS Data Hiding Approach As introduced in Section 3.2, in SS embedding, the host signal is the source of uncertainty at the decoder side. The fundamental reason is that, as implied in Eqns. (3.4) and (3.3), the PDF leakage causes the decoding error. The leakage means that the test statistic given in Eqn. (3.2) could get negative and positive values when we send the bit b of +1 and -1, respectively. This phenomenon has been demonstrated clearly in Figure 3.1. To reduce this interference effect of the host signal, the correlation-and-bit-aware concept is introduced in this section. The SS-based correlation-and-bit-aware concept is motivated by the prior knowledge that we know the decoder structure is the correlation between the received signal and the signature code. Such correlation is a summation of the correlation between the host signal and the signature code and the correlation between the signature code and the modulated hidden information. As the encoder side, since we know the correlation between the host signal and the signature code and the bit message b to be embedded in advance, we could exploit such side information in a smart way to reduce the original PDF leakage in SS. By exploring the correlation-and- bit-aware concept in SS embedding, we therefore propose an embedding scheme, referred as correlation-aware spread spectrum (CASS), as follows r = x+ sA1 if s Tx ≥ 0, b = +1, x− sA2 if sTx ≥ 0, b = −1, x− sA1 if sTx < 0, b = −1, x+ sA2 if s Tx < 0, b = +1, (3.5) where A1 and A2 (0 < A1 < A2) are two amplitude levels determined with respect to the allowed distortion. The intuitive idea behind the CASS embedding scheme is to modulate the bit message of information by two amplitude levels based on the correlation between the host signal and the signature code as well as the bit message to be embedded. More specifically, suppose that the message bit +1 needs to be embedded: if the correlation between the host signal and the signature code is positive then the smaller amplitude A1 should be used for modulation; if 36 3.3. Correlation-Aware SS Data Hiding Approach the correlation is negative then the larger amplitude A2 should be employed. Suppose the bit message -1 is to be embedded: if the correlation of the host signal and the signature code is negative then the smaller amplitude is used, and if the correlation is positive then the larger amplitude is used. The underlying advantage of the proposed CASS embedding is cleared when the sufficient statistic of the decoder is investigated shortly. We can prove that, with the assumption that the host signal follows Gaussian IID, the optimal decoder for the CASS embedding scheme (3.5) is the correlator as defined in Eqn. (3.1) with the test statistic z defined in Eqn. (3.2). The detailed proof is omitted here since CASS can be treated as a particular case of CAISS with λh = 0, while we will describe CAISS and provide the proof of CAISS in Section 3.4. With the optimal decoder in Eqn. (3.1), the sufficient statistic z in Eqn. (3.2) using CASS embedding in (3.5) can be expressed by the following form z = sTx+NA1 if s Tx ≥ 0, b = +1, sTx−NA2 if sTx ≥ 0, b = −1, sTx−NA1 if sTx < 0, b = −1, sTx+NA2 if s Tx < 0, b = +1. (3.6) Since the host signal is assumed to follow Gaussian distribution, given the bit message b and the sign of the correlation between the host signal and the signature code, the sufficient statistic z consists of four conditional half-Gaussian PDFs as follows fZ(z|sTx ≥ 0, b = +1) = 2N (NA1, Nσ2x)u(z −NA1), (3.7) fZ(z|sTx < 0, b = +1) = 2N (NA2, Nσ2x)u(−(z −NA2)), (3.8) fZ(z|sTx ≥ 0, b = −1) = 2N (−NA2, Nσ2x)u(z +NA2), (3.9) fZ(z|sTx < 0, b = −1) = 2N (−NA1, Nσ2x)u(−(z +NA1)), (3.10) where u(.) defines the step function. The above PDFs of the sufficient statistic z provide us more insight into the underlying advantages of the proposed CASS embedding scheme and the superiority of CASS over SS. The PDFs in Eqn. (3.7)-(3.10) of the sufficient statistic are shown in Figure 3.2. It depicts how CASS embedding could reduce the host-interference effect. It is seen that when the message bit is +1 and the correlation between the host signal and the signature code is positive, there is 37 3.3. Correlation-Aware SS Data Hiding Approach no PDF leakage. Similarly, when the bit message is -1 and the correlation is negative, there is no PDF leakage. For the cases that the bit message is +1 and the correlation is negative and that the bit message is -1 and the correlation is positive, there might still be some PDF leakage. Therefore, from comparing Figures 3.1 and 3.2, it is justified intuitively that the PDF leakage for the CASS scheme is less than the conventional SS where the message bit is modulated by a single amplitude level regardless of the correlation between the host signal and the signature code. Having intuitively explained the underlying advantage of CASS data hiding, we now pro- ceed to analyze the decoding performance of CASS by deriving the bit error rate (BER). The probability of error of CASS data hiding is defined as Pe = Pr{b̂ 6= b} = 1 4 × Pr{b̂ = +1|b = −1, sTx > 0}+ 1 4 × Pr{b̂ = +1|b = −1, sTx < 0}+ 1 4 × Pr{b̂ = −1|b = +1, sTx < 0}+ 1 4 × Pr{b̂ = −1|b = +1, sTx > 0}, (3.11) where b̂ is the decoded bit. As discussed earlier, the second and the fourth terms are zero since there are no PDF leakages. Therefore, the error probability is simplified to the following expression Pe−CASS = Q ( NA2√ Nσ2x ) , (3.12) where Q(x) = 12pi ∫∞ x exp( −u2 2 )du. To fairly compare different data hiding algorithms, the same distortion D due to embedding, should be assumed. The distortion defined in (2.2) due to CASS embedding in (3.5) can be expressed as D = (A21 +A 2 2)/2. (3.13) Thus, using (3.12) and (3.13), the error probability of CASS in terms of the distortion D is expressed as Pe−CASS = Q ( N √ 2D −A21√ Nσ2x ) . (3.14) It is noteworthy that, since 0 < A1 < A2, according to the distortion expression in (3.13), the amplitudes A1 and A2 always satisfy the following inequalities 0 < A1 < √ D < A2 < √ 2D. (3.15) To compare the error probability of CASS with that of SS, we need to provide the error proba- 38 3.3. Correlation-Aware SS Data Hiding Approach bility of SS scheme in terms of D. We can show that Pe−SS = Q ( N √ D√ Nσ2x ) . (3.16) The superiority of the proposed CASS over SS is presented as a proposition as follows. Proposition 1: With the assumption that the host signal follows Gaussian IID, the proposed CASS scheme in (3.5) yields smaller error probability (3.14) than the traditional SS in (3.16). Proof: The proof details are given in the Appendix B.1. The superiority of the CASS over SS scheme in the sense of decoding has been proved so far. In the rest of this section, we aim at quantitatively investigating the improvement of CASS in terms of error probability, robustness, and payload. We attempt to answer the question of how much improvement is obtained by employing the CASS scheme. We define the Error Probability Improvement Factor (EPIF) as follows EPIF1−2 ∆ = P1 P2 , (3.17) where P1 and P2 are two probability of error functions to be compared. EPIF represents the improvement ratio and a smaller value implies a better improvement. In data hiding, it is more appropriate to express EPIF as a function of the document to watermark ratio (DWR) defined in the following form DWR ∆ = 10 log ( σ2x D ) . (3.18) When comparing the error probabilities of CASS (3.14) and SS (3.16), we have the EPIF as EPIFCASS−SS = Q ( N √ 2D −A21√ Nσ2x ) /Q ( N √ D√ Nσ2x ) . (3.19) Since 0 < A1 < √ D, it could be shown that the EPIFCASS−SS is bounded as follows Q(10−DWR/20 √ 2N ) Q(10−DWR/20 √ N) < EPIFCASS−SS < 1. (3.20) The lower bound represents the best achievable improvement given the DWR and the number of host coefficients. We proposed using of EPIF as a measure to investigate the error probability improvement of the CASS over SS under a fixed distortion. As discussed earlier, the host signal is an in- terference source for decoding. It is important to measure the robustness of the embedding schemes against interference. We now proceed to investigate how much more host-interference 39 3.3. Correlation-Aware SS Data Hiding Approach CASS could tolerate comparing with the SS scheme, given a fixed error probability and dis- tortion due to embedding. It should be clarified that the robustness discussed here is referred to the interference effect of the host signal and not to other additional noise. To quantify the robustness, assuming equal error probability and equal distortion due to embedding, we define the Interference Robustness Improvement Factor (IRIF) as IRIF2−1 ∆ = σ21 σ22 , (3.21) where σ21 and σ 2 2 represent the corresponding host signal powers of two embedding schemes to be compared. Let us denote σ2x−CASS and σ 2 x−SS the host signal powers in CASS and SS, respectively, when the error probability and the distortion are assumed to be the same in two em- bedding schemes. With equal error probability and equal distortion due to embedding, referring to the error probabilities in (3.14) and (3.16), we have 2D −A21 σ2x−CASS = D σ2x−SS . (3.22) According to the IRIF definition in (3.21), we have IRIFCASS−SS = 1 2− α, (3.23) where A21 = αD , 0 < α < 1. (3.24) It is straightforward to show that since 0 < α < 1 the IRIFCASS−SS is bounded as 1 2 < IRIFCASS−SS < 1. (3.25) The IRIF robustness in (3.25) reveals that CASS is more robust to the host interference than SS, and CASS can tolerate the interference power up to twice of the conventional SS scheme. Another advantage of the CASS scheme is its increased payload. Given the same error probability and distortion due to embedding, more information bits could be embedded into the host signal in the CASS scheme than SS. We define the Payload Improvement Factor (PIF) as a payload measure in the following PIF2−1 ∆ = N1 N2 , (3.26) where N1 and N2 are the numbers of host coefficients used for conveying one bit of information where the error probability and the distortion are assumed to be same in the embedding schemes. 40 3.4. Correlation-Aware Improved SS Data Hiding Approach Referring to the PIF definition and the error probabilities in (3.14) and (3.16), we have the following expression NCASS(2D −A21) = NSSD, (3.27) where NCASS and NSS are the required numbers of host coefficients for the CASS and SS schemes. This expression results in the following PIF using (3.24) PIFCASS−SS = 2− α. (3.28) We can see that the obtained PIF is always greater than one, meaning that the CASS scheme could increase the payload of data hiding in comparison with SS. 3.4 Correlation-Aware Improved SS Data Hiding Approach In this section, we proceed to exploit the correlation-and-bit-aware concept for designing an improved embedding scheme based on ISS. As mentioned earlier, the ISS embedding scheme [92] was introduced to improve the decoding performance of the traditional SS. We plan to incorporate the ISS with the correlation-and-bit-aware idea to further improve the decoding performance of ISS. By taking a look at Figure 3.2, we can see that the main source of decoding error is the PDF leakage from two cases: one is that b = +1 and sTx is negative, and the other is that b = −1 and sTx is positive. Intuitively, squeezing the two PDFs involving the leakage (e.g., as in ISS) could improve the decoding performance. Therefore, the basic idea of the CAISS scheme is to combine CASS and ISS: for the cases that there is no PDF leakage (i.e., when b = +1 and sTx is positive, and when b = −1 and sTx is negative), employ the CASS scheme because there is no interference effect at the decoding side; for the left two cases that there is leakage, the ISS embedding is employed since ISS can modulate the embedding energy to compensate for the host signal interference. We describe the proposed CAISS embedding scheme as follows r = x+ sA1 if s Tx ≥ 0, b = +1, x− sA2 − λhs(sTx) if sTx ≥ 0, b = −1, x− sA1 if sTx < 0, b = −1, x+ sA2 − λhs(sTx) if sTx < 0, b = +1, (3.29) where λh is a parameter determined by the allowed distortion. We will later show that the following bound on λh holds 0 ≤ λh ≤ 1 N . (3.30) 41 3.4. Correlation-Aware Improved SS Data Hiding Approach Before we can show why the CAISS scheme can yield better decoding performance than that of both CASS and ISS, we need first to obtain the optimal decoder. With the assumption of Gaussian IID host signal samples, the optimal decoder for the CAISS scheme (3.29) which minimizes the error probability is the correlator defined in Eqn. (3.1) with the test statistic z in Eqn. (3.2). The proof details are given in the Appendix B.2. By comparing the embedding schemes in (3.5) and (3.29), it is clear that CASS is a particular case of CAISS with λh = 0. Therefore, we can similarly show that the same correlator decoder is optimal for CASS, and the performance analysis of the CASS scheme presented in Section 3.3 can be considered a special case of CAISS. We have shown that the correlator is the optimal decoder for the CAISS scheme. One important issue is to determine an appropriate value of the parameter λh in CAISS. We propose determining λh by minimizing the error probability. For CAISS in (3.29), the test statistic z in (3.2) can be expressed as z = sTx+NA1 if s Tx ≥ 0, b = +1, sTx(1− λhN)−NA2 if sTx ≥ 0, b = −1, sTx−NA1 if sTx < 0, b = −1, sTx(1− λhN) +NA2 if sTx < 0, b = +1, (3.31) Given b and the correlation between signature code and the host signal, the conditional PDFs of the test statistic z are in the following form fZ(z|sTx ≥ 0, b = +1) = 2N (NA1, Nσ2x)u(z −NA1), (3.32) fZ(z|sTx < 0, b = +1) = 2N (NA2, Nσ2x(1− λhN)2)u(−(z −NA2)), (3.33) fZ(z|sTx ≥ 0, b = −1) = 2N (−NA2, Nσ2x(1− λhN)2)u(z +NA2), (3.34) fZ(z|sTx < 0, b = −1) = 2N (−NA1, Nσ2x)u(−(z +NA1)). (3.35) Now we proceed to derive the theoretical BER performance of the proposed CAISS data hiding scheme. The distortion (2.2) due to CAISS embedding (3.29) is expressed as D = 1 2 (A21 +A 2 2 + λ 2 hNσ 2 x). (3.36) Referring to the distributions of the statistics given in (3.32)-(3.35), the distortion in (3.36), and 42 3.4. Correlation-Aware Improved SS Data Hiding Approach the bit error probability defined in (3.11), we can show that the bit error rate of the CAISS scheme is obtained as Pe−CAISS = Q N √ 2D −A21 − λ2hNσ2x√ (1− λhN)2Nσ2x . (3.37) We now can determine the optimal value of the parameter λh by minimizing the above error probability. Since the Q function is monotonically decreasing, it is equivalent to maximizing its argument. Taking the derivative of the argument and letting it to be zero and some simplifica- tions lead us to λh = { 1 N if D > σ2x+A 2 1N 2N , 2D−A2 1 σ2x if D ≤ σ2x+A21N2N . (3.38) To provide more insight into the parameter λh, we further show that the inequality in (3.30) always holds. From (3.38), it is clear that λh is a function of the distortion D, i.e., λh(D). To prove the inequality in (3.30), we show that when the distortion approaches zero and infinity, λh approaches zero and 1 N , respectively, and that λh(D) is a monotonically increasing function of the distortion D. It is pretty easy to verify that limD→0λh = 0 , limD→∞λh = 1 N . (3.39) To show that λh(D) is a monotonically increasing function of D, the derivative of (3.38) with respect to D is taken and we see that dλhdD ≥ 0. Thus, we can conclude that λh is an increasing function of the distortion. Therefore, together with (3.39) , the inequality in (3.30) is verified. From the monotonically increasing behavior of λh(D) and the PDFs in (3.33) and (3.34), we can see that increasing the embedding distortion could decrease the variance in the related PDFs and thus improve the decoding performance. To intuitively explain the superior performance of CAISS over CASS, we plot the PDFs of the test statistic z in (3.32)-(3.35) in Figure 3.3. Compared with the PDFs in Figure 3.2, we can see that, similar to CASS, the correlation-and- bit-aware concept could separate two PDFs completely in CAISS, and that the left two PDFs are better separated in CAISS than in CASS due to smaller variances in the related distributions. Therefore, substantial reduction of PDF leakage is observed in CAISS and thus leads to the reduced interference effect of the host signal. We have shown in Section 3.3 that the proposed CASS is superior to SS. Here similarly, we show that the proposed CAISS outperforms both SS and ISS, with more details provided in the following Proposition. 43 3.4. Correlation-Aware Improved SS Data Hiding Approach Proposition 2: With the assumption of Gaussian IID host signal samples, the error probabil- ity of the CAISS embedding scheme in (3.37) is smaller than that of ISS, i.e., Pe−CAISS < Pe−ISS. Proof: The proof details are given in the Appendix B.3. It should be noted that since SS is a particular case of ISS and has worse performance than that of ISS, the above proposition implies that the error probability of CAISS is smaller than that of SS. So far, we have proved that the proposed CAISS data hiding scheme provides better decoding performance than that of the SS and ISS schemes. We now proceed to quantify the performance improvement of CAISS over SS and ISS in terms of error probability, robustness, and payload. We first examine the EPIF measure for BER performance improvement of CAISS over SS. According to the error probabilities in (3.37) and (3.16), the EPIF is obtained as EPIFCAISS−SS = Q N √ 2D −A21 − λ2hNσ2x√ (1− λhN)2Nσ2x /Q ( N √ D√ Nσ2x ) . (3.40) Since 0 < A1 < √ D and 0 ≤ λh ≤ 1N , it could be shown that the above EPIF is bounded as 0 ≤ EPIFCAISS−SS < 1. (3.41) By comparing (3.41) with (3.20) for the CASS scheme, a smaller lower-bound is observed for CAISS, implying a further improvement of CAISS over SS. Similarly, referring to the error probabilities in (3.37) and (B.12), the improvement of CAISS over ISS can be described by EPIFCAISS−ISS = Q N √ 2D −A21 − λ2hNσ2x√ (1− λhN)2Nσ2x /Q ( N √ D − λ2Nσ2x√ (1− λN)2Nσ2x ) . (3.42) We can show that the above EPIF is bounded as 0 ≤ EPIFCAISS−ISS < 1. (3.43) We now proceed to investigate the robustness of CAISS against the host signal effect. With a fixed error probability, we have the following proposition, which shows that the CAISS scheme is more robust against the interference effect of the host signal than ISS. Proposition 3: With the assumption that the host signal follows Gaussian IID, the IRIF for the CAISS and ISS schemes is less than one, i.e., IRIFCAISS−ISS < 1, where IRIFCAISS−ISS = σ2x−ISS σ2x−CAISS . (3.44) 44 3.4. Correlation-Aware Improved SS Data Hiding Approach The parameters σ2x−ISS and σ 2 x−CAISS are the corresponding variances of the host signal in the ISS and CAISS schemes, with the error probability and the distortion being assumed the same in both embedding schemes. It could be shown that, referring to the error probabilities in (3.37) for CAISS and in (B.12) for ISS, and assuming equal error probability, we further have IRIFCAISS−ISS = D(1− λhN)2 2D(1− λN)2 −A21(1− λN)2 − λ2hNσ2(1− λN)2 + λ2Nσ2(1− λhN)2 ,(3.45) where we have used σ2 to denote σ2x−CAISS for notation simplicity. Proof: The proof details are given in the Appendix B.4. Based on above proposition, it is straightforward to show that, with the assumption of IID Gaussian host signal samples, IRIFCAISS−SS is less than one where IRIFCAISS−SS = σ2x−SS σ2x−CAISS . (3.46) The parameter σ2x−SS and σ 2 x−CAISS are the variances of the host signal in the SS and CAISS schemes, respectively, with the error probability and the distortion being assumed the same. Using (3.45) leads us to the following expression IRIFCAISS−SS = D(1− λhN)2 2D −A21 − λ2hNσ2 , (3.47) where we use σ2 to denote σ2x−CAISS. We further prove that the CAISS scheme can increase the payload in data hiding in com- parison with both SS and ISS schemes. Referring to the error probabilities in (3.16) and (3.37) and the PIF definition in (3.26), we can show that PIFCAISS−SS = 2D −A21 − λ2hNσ2x D(1− λhN)2 , (3.48) where for notation simplicity we use N to denote NCAISS. Since the PIF in (3.48) is the inverse of the IRIF for the CAISS and SS scheme, it is larger than one, meaning that the CAISS scheme increases the payload in data hiding. The proof of the superiority of the CAISS scheme over ISS in terms of payload is not as easy as the case of SS. We provide the following proposition, with the proof details given in the Appendix B.5. Proposition 4: With the assumption of Gaussian IID host signal samples, for a given error probability and embedding distortion, the PIF for the CAISS and the ISS schemes is larger than 45 3.5. CASS and CAISS in the Presence of Additional Noise one, i.e., PIFCAISS−ISS > 1, where by using (3.24) we have PIFCAISS−ISS = 2− α. (3.49) In summary, we have shown that the proposed correlation-and-bit-aware concept could im- prove the performance of the conventional SS and ISS schemes from several aspects: given a fixed embedding distortion, CASS and CAISS yield better decoding performances; for a fixed error probability, CASS and CAISS are more robust against the interference effect of the host signal; and they can increase the payload of data hiding. 3.5 CASS and CAISS in the Presence of Additional Noise In Sections 3.3 and 3.4, the concept of correlation-and-bit-aware data hiding was introduced and two versions of correlation-aware embedding schemes, called the CASS and CAISS schemes, were presented. We so far have proved the superiority of CASS and CAISS over the SS and ISS schemes in the absence of additional noise. In practice, the received watermarked-signal might be contaminated with additional noise and thus its effects on the proposed correlation-aware data hiding schemes should be investigated. Therefore, in this section, we first show that the optimal decoder for both CASS and CAISS in the presence of additional Gaussian noise is still in the form of the correlator defined in (3.1) and (3.2). Then, the decoding performances of the proposed CASS and CAISS schemes in the presence of additional Gaussian noise are analyzed. Since CASS can be considered as a particular case of CAISS with λh = 0, we only need to prove the optimality of the correlator decoder for CAISS. The optimality of the correlator for CASS could be simply shown by assuming λh = 0 in CAISS. With additional Gaussian noise, the received noisy signal in the CAISS scheme could be described as r = x+ sA1 + n if s Tx ≥ 0, b = +1, x− sA2 − λhs(sTx) + n if sTx ≥ 0, b = −1, x− sA1 + n if sTx < 0, b = −1, x+ sA2 − λhs(sTx) + n if sTx < 0, b = +1, (3.50) where n = [n1, n2, ..., nN ] T includes the IID Gaussian noise samples with zero-mean and variance of σ2n. In Appendix B.6 has been shown that the optimal decoder is in the form of (3.1) where the test statistic is as (3.2). Having obtained the correlator as the optimal decoder, we proceed to analyze the error probability of the CAISS and CASS schemes in the presence of the noise. The probability of 46 3.5. CASS and CAISS in the Presence of Additional Noise error for the CAISS scheme is first derived, and the corresponding error probability for the CASS embedding scheme can be obtained by substituting λh = 0 in the analysis. Applying the correlator for the received signal of the CAISS embedding scheme (3.50), leads the test statistic z (3.2) be expressed in the following form z = sTx+NA1 + s Tn, if sTx ≥ 0, b = +1, sTx(1− λhN)−NA2 + sTn, if sTx ≥ 0, b = −1, sTx−NA1 + sTn, if sTx < 0, b = −1, sTx(1− λhN) +NA2 + sTn, if sTx < 0, b = +1. (3.51) Since the test statistic in (3.51) is a sum of one Gaussian random variable and one random variable with half-Gaussian distribution, it is non-Gaussian distributed. This is the distinct point making the analysis of the CAISS scheme in the presence of additional noise different from the noise-free scenario in Sections 3.3 and 3.4. We first derive the PDF for the case that sTx ≥ 0, b = +1. Similarly, the PDF for other cases can be derived. In Appendix B.7 has been shown that under above constraints, we have the following conditional PDF fZ(z|sTx ≥ 0, b = +1) = 2√ 2piN(σ2n + σ 2 x) exp {−(z −NA1)2 2N(σ2n + σ 2 x) }[ 1−Q ( (z −NA1)σx σn √ N(σ2n + σ 2 x) )] . (3.52) Applying a similar derivation to (B.26) and regarding the test statistic (3.50), the following distributions are obtained fZ(z|sTx < 0, b = +1) = 2√ 2piN(σ2n + σ 2 x(1− λhN)2) exp { −(z −NA2)2 2N(σ2n + σ 2 x(1− λhN)2) } × Q ( (z −NA2)σx(1− λhN) σn √ N(σ2n + σ 2 x(1− λhN)2) ) , (3.53) fZ(z|sTx ≥ 0, b = −1) = 2√ 2piN(σ2n + σ 2 x(1− λhN)2) exp { −(z +NA2)2 2N(σ2n + σ 2 x(1− λhN)2) } × [ 1−Q ( (z +NA2)σx(1− λhN) σn √ N(σ2n + σ 2 x(1− λhN)2) )] . (3.54) fZ(z|sTx < 0, b = −1) = 2√ 2piN(σ2n + σ 2 x) exp {−(z +NA1)2 2N(σ2n + σ 2 x) } Q ( (z +NA1)σx σn √ N(σ2n + σ 2 x) ) . (3.55) Figure 3.4 shows the above distributions of z and it is observed from it that in the presence of 47 3.5. CASS and CAISS in the Presence of Additional Noise additional noise, PDF leakage exists even for the cases that fZ(z|sTx ≥ 0, b = +1) and that fZ(z|sTx < 0, b = −1), and thus apparently more bit decoding errors will be expected. It is due to the fact that the additional Gaussian noise makes the distribution interfere. Having obtained the conditional PDFs, we proceed to calculate the theoretical error proba- bility. The corresponding error for the CAISS scheme could be approximated as (see Appendix B.8) Pe−CAISS ≈ P1(A1, σ2x)− P1(A2, σ2x(1− λhN)2) + P2(σ2x(1− λhN)2) + P3(n− 1, 2, A1, σ2x) −P3(2, 1, A2, σ2x(1− λhN)2). (3.56) where P1(Ai, σ 2) = √ σ2n σ2n + σ 2 Q ( NAi√ Nσ2n ) c1 + Nσ2nc2√ 2piN(σ2n + σ 2) exp {−NA2i 2σ2n } , (3.57) P2(σ 2) = Q ( NA2√ N(σ2n + σ 2) ) , (3.58) P3(k1, k2, Ai, σ 2) = 1√ 2pi ∑ n∈{3,5,...,na−1} cn(−1)k1 [N(σ2 + σ2n)] −n 2 × [ n−32∑ r=1 [(NAi) 2r−1(Nσ2n) n+1 2 −r exp {−NA2i 2σ2n } n−1 2 −r∏ t=0 (n − 2− 2t)] + √ 2pi(Nσ2n) n 2Q ( NAi√ Nσ2n ) n−3 2∏ t=0 (n− 2− 2t) + (NAi)n−2(Nσ2n) exp {−NA2i 2σ2n }] − (−1)k2√ 2pi (Nσ2n) exp {−NA2i 2σ2n } ∑ n∈{4,6,...,na} cn(−1)k1 [N(σ2 + σ2n)] −n 2 × [ n−22∑ r=1 [(NAi) 2r−2(Nσ2n) n 2 −r n−2 2 −r∏ t=0 (n− 2− 2t)] + (NAi)n−2 ] . (3.59) In practice, one issue is to determine the parameters A1 and λh in the presence of additional noise. Due to the complex expression of the error probability in (3.56) for CAISS, finding a closed form solution of the parameters is not feasible and numerical approach should be employed. The parameters A1 and λh can be obtained by solving the following constrained two 48 3.6. Simulation Results dimensional minimization problem (A1, λh) = argmin Ā1 , λ̄h Pe−CAISS(Ā1, λ̄h). (3.60) We can employ standard numerical methods to solve the above minimization problem and obtain the desired parameters. With λh = 0, referring to the error probability for the CAISS scheme, we could obtain the corresponding error probability for the CASS scheme as follows Pe−CASS ≈ P1(A1, σ2x)− P1(A2, σ2x) + P2(σ2x) + P3(n− 1, 2, A1, σ2x)− P3(2, 1, A2, σ2x). (3.61) Figure 3.5 depicts the distribution of the test statistic for the CASS scheme. It is clear that CASS leads to more PDF leakage when compared with CAISS in Figure 3.4. 3.6 Simulation Results In this section, we conduct extensive simulations to verify the analysis results derived for the proposed CASS and CAISS schemes. The simulation results have been obtained by employing the Monte Carlo simulations using N = 100 unless stated otherwise. For the noiseless cases, the value of the parameter λh is determined for each DWR based on the expressions in Eqn. (3.38), and for the additional Gaussian noise cases, λh is obtained by numerically solving the minimization problem in (3.60). To show the preciseness of the obtained error probability for the CASS scheme in (3.14), both the theoretical and simulation results versus DWR are shown in Figure 3.6, where different values of the amplitude A1 are investigated. From this figure, excellent matches between the theoretical and simulation results are observed. It also reveals that a smaller value of the amplitude A1 yields a better decoding performance. In the absence of any additional noise, given a fixed embedding distortion, a smaller value of A1 would save embedding distortion and thus lead to a larger value of A2. Since for the noise-free case the PDFs relating to A1 have no leakage, intuitively a larger value of A2 makes the PDFs leading to leakage be further apart from each other and thus reduces the decoding error. Figure 3.7 illustrates the theoretical (3.37) and experimental error probabilities for the CAISS scheme. Almost perfect match between the results is observed, which verifies the correctness of the theoretical derivations. Similar to the CASS case, we can see that a smaller A1 yields better decoding error probability in CAISS. We also evaluate the decoding improvement of CAISS using the EPIF measure in (3.42). Figure 3.8 clearly shows a substantial decoding performance improvement of the CAISS data hiding scheme over ISS. Though not reported specifically, 49 3.6. Simulation Results we would like to mention that the proposed CAISS yields significant decoding performance improvement over the SS scheme as well. It is also noted from Figure 3.8 that the EPIF has an asymptotic behavior for high DWR, which represents the low embedding distortion region. Basically, it means that when the embedding distortion is very small, CAISS and CASS yield similar decoding performances. Based on Eqn. (3.39), it is noted that λh approaches zero for a small embedding distortion (i.e., for a high DWR), and a similar observation for λ is noted. Therefore, by taking this into consideration and referring to the expression in (3.42), we can show that in the asymptotic case (i.e., for high DWR), the EPIF of CAISS over ISS approaches Q ( N √ 2D−A2 1√ Nσ2x ) /Q ( N √ D√ Nσ2x ) which is close to one for a small distortion. Thus, the observed asymptotic behavior is intuitively explained. It is also worth mentioning that, since both λh and λ approach zero in the asymptotic case, CAISS performs similarly as CASS and ISS performs similarly as SS asymptotically for a small embedding distortion. The result of IRIF defined in (3.45) for comparing CAISS and ISS is shown in Figure 3.9. It is clear that the CAISS scheme is more robust against the interference than the ISS scheme. Based on the expression of (3.45), it could be shown that the IRIF of CAISS and ISS asymptotically approaches D/(2D − A21) for the high DWR region. In Figure 3.9, it is noted that a smaller value of A1 leads to better robustness against the interference effect of the host signal. Once again, intuitively this is because that in the absence of noise, a smaller value of A1 reduces the PDF leakage and thus allows the correlation-aware schemes to tolerate more host-interference effect for a fixed error probability and embedding distortion. Even though the result of IRIF for the CAISS and ISS scheme has been reported here, since the ISS scheme outperforms the SS scheme, we can easily show that the CAISS scheme enhances the robustness against the interference effect of the host signal when compared with SS. In addition, because of the inverse relationship between IRIF and PIF for the CAISS and SS schemes, it is clear that the proposed CAISS scheme improves the payload for data hiding. To verify the derivation of the distributions of the test statistic z in the presence of additional Gaussian noise, Figure 3.10 plots both the theoretical PDF in (3.52) and the experimental one. In this figure, we have used the notion watermark-to-noise ratio (WNR) defined as WNR = 10log( D σ2n ), and have set WNR = 0 dB. The simulation results in Figure 3.10 demonstrate the accuracy of the theoretical derivation of the PDF and thus support the correctness of the derivation. To verify the derived decoding performances for CASS (3.61) and CAISS (3.56) in the pres- ence of additional Gaussian noise, the error probability versus DWR curves are plotted in Figure 3.11 and Figure 3.12, respectively, where na = 30 and different WNR are studied. The figures illustrate the consistence between the theoretical and empirical results and prove the correctness of the theoretical analysis. 50 3.6. Simulation Results To demonstrate the decoding performance improvements of CAISS over both SS and ISS even in the presence of additional Gaussian noise, the EPIF curves are shown in Figure 3.13 and Figure 3.14. We can see that the proposed CAISS scheme is still superior to the SS and ISS schemes. It is observed that the EPIF does not demonstrate a monotonic behavior in these figures: as the DWR decreases, the EPIF decreases first and then increases. For Figure 3.13, we can show that the corresponding EPIF is a complicated function, where the error probability of the CAISS scheme is expressed in Eqn. (3.56) and the the error probability of SS can be derived as Q(N √ D/ √ N(σ2x + σ 2 n)), and thus theoretical justification of this behavior is not easy. Numerically, we note that at the minimal point, the parameter λh tends to take the extreme value of 1/N in order to maximally reject the effect of the host signal. An intuitive explanation of the observed non-monotonic behavior is as follows. With additional Gaussian noise, there are two conflicting factors contributing to the overall decoding performance: the embedding distortion D and the additional noise with variance σ2n. A larger distortion, which means a higher watermark power, leads to a smaller decoding error rate, while a larger noise variance σ2n results in more PDF leakage and thus increases the decoding error rate. Since for each curve in Figure 3.13, we fix the WNR, D and σ2n increase or decrease simultaneously. Given a WNR, as we first decrease the DWR (i.e., increasing D), the factor of D is dominant and thus the performance measure EPIF decreases (until the parameter λh approaches 1/N); as we further decrease the DWR, λh does not change anymore, while the noise variance σ 2 n is larger and causes more PDF leakage, and thus becomes the dominant factor and leads to the increased EPIF measure. The behavior in Figure 3.14 can be similarly explained. We also want to mention that, to provide a good trade-off between decoding performance and imperceptibility in practical data hiding, the DWR can not be too large and meanwhile it can not be too small. To study the performance of CAISS against WNR, three different values of DWR are studied in Figure 3.15. It is noted that the CAISS scheme consistently yields better performance, even at a low WNR. Figure 3.16 shows the logarithm of the EPIF measure as a function of the number of host coefficients when DWR = 25 dB. We can see clear improvements of the CAISS scheme over ISS, especially when N , the number of the host coefficients, increases. 3.6.1 Experimental Results Recently, in [44], a study was conducted for investigating the performance of the proposed CAISS scheme on real images. Real images with size of 512×512 were tested and the SS, ISS, and CAISS schemes were applied to the DCT coefficients of the images. All the results in the paper were obtained from image tests conducted on the BOWS2 original database [49]. In their study, 800 message bits were embedded into DCT coefficients of each image, and the robustness against JPEG compression was investigated. It shows that the proposed CAISS significantly 51 3.6. Simulation Results 0 z f Z (z) fZ(z|b=+1)fZ(z|b=−1) Figure 3.1: Illustration of the PDFs in (3.4) and (3.3) of the test statistic z in (3.2) for the SS scheme. 0 z f Z (z) fZ(z|sTx<0,b=+1) fZ(z|sTx>0,b=+1) fZ(z|sTx>0,b=−1) fZ(z|s Tx<0,b=−1) Figure 3.2: Illustration of the PDFs in (3.7)- (3.10) of the test statistic z in (3.6) for the pro- posed CASS scheme. outperforms the SS and ISS schemes under the JPEG compression distortion. For instance, from Table 1 in [44] by testing on 9997 images, their study shows that appropriate choice of CAISS parameters results in two orders of magnitude smaller BER as compared with SS under medium JPEG compression (i.e., JPEG quality level 75%) and specific Peak Signal-to-Noise Ratio (PSNR) level (i.e., 37.0 +/- 0.3dB). From Fig. 5 in [44] by testing 500 images for SS and 2000 images for ISS and CAISS, it is noted that CAISS can perform approximately two times better than ISS after JPEG compression. However, it is worth clarifying that this thesis does not evaluate explicitly how the proposed modifications to the original SS scheme affect CASS’s robustness against StirMark and possibly other distortion attacks, not studied in [44]. 52 3.6. Simulation Results 0 z f Z (z) fZ(z|s Tx<0,b=−1) fZ(z|sTx<0,b=+1) fZ(z|sTx>0,b=+1) fZ(z|sTx>0,b=−1) Figure 3.3: Illustration of the PDFs in (3.32)- (3.35) of the test statistic z in (3.31) for the pro- posed CAISS scheme. 0 z f Z (z) fZ(z|s Tx<0,b=−1) fZ(z|sTx>0,b=−1) fZ(z|s Tx<0,b=+1) fZ(z|sTx>0,b=+1) Figure 3.4: With additional noise: Illustration of the PDFs in (3.52), (3.55), (3.53), and (3.54) of the test statistic z in (3.51) for the CAISS scheme. 0 z f Z (z) fZ(z|sTx<0,b=−1) fZ(z|s Tx>0,b=+1) fZ(z|sTx<0,b=+1)fZ(z|sTx>0,b=−1) Figure 3.5: With additional noise: Illustration of the PDFs in (3.52)-(3.55) of the test statistic z in (3.51) when λh = 0 for the CASS scheme. 15 20 25 30 35 40 10−3 10−2 10−1 100 DWR(dB) BE R Thr. A1 2 =0.1D Exp. A1 2 =0.1D Thr. A1 2 =0.4D Exp. A1 2 =0.4D Thr. A1 2 =0.7D Exp. A1 2 =0.7D Figure 3.6: The theoretical and experimental er- ror probabilities versus DWR for the CASS scheme with different A2 1 . 53 3.6. Simulation Results 22 24 26 28 30 32 34 36 38 40 10−4 10−3 10−2 10−1 100 DWR(dB) BE R Thr. A1 2 =0.1D Exp. A1 2 =0.1D Thr. A1 2 =0.4D Exp. A1 2 =0.4D Thr. A1 2 =0.7D Exp. A1 2 =0.7D Figure 3.7: The theoretical and experimental error probabilities versus DWR for the CAISS scheme with different A2 1 . 20 25 30 35 40 −15 −10 −5 0 DWR(dB) lo g( EP IF C AI SS −I SS ) A1 2 =0.7D A1 2 =0.4D A1 2 =0.1D Figure 3.8: The logarithm of EPIF versus DWR curves for evaluating of decoding performance im- provements of the proposed CAISS over the ISS scheme. 20 25 30 35 40 10−3 10−2 10−1 100 DWR(dB) IR IF CA IS S− IS S A1 2 =0.7D A1 2 =0.1D A1 2 =0.4D Figure 3.9: The IRIF versus DWR curves to il- lustrate the improvement of the proposed CAISS over ISS. Different A2 1 values are illustrated. −20 0 20 40 60 80 100 120 140 160 180 0 0.005 0.01 0.015 0.02 0.025 v f V (v) Empirical Theoretical Figure 3.10: The theoretical and experimental results of the PDF expressed in (3.52). 54 3.6. Simulation Results 15 20 25 30 35 40 10−3 10−2 10−1 100 DWR(dB) BE R Thr. WNR=0dB Exp. WNR=0dB Thr. WNR=−5dB Exp. WNR=−5dB Thr. WNR=−10dB Exp. WNR=−10dB Figure 3.11: The theoretical and experimental er- ror probabilities versus DWR for the CASS scheme with different WNR. 20 25 30 35 40 10−4 10−3 10−2 10−1 100 DWR(dB) BE R Thr. WNR=0dB Exp. WNR=0dB Thr. WNR=−5dB Exp. WNR=−5dB Thr. WNR=−10dB Exp. WNR=−10dB Figure 3.12: The theoretical and experimental error probabilities versus DWR for the CAISS scheme with different WNR. 5 10 15 20 25 30 35 40 10−20 10−15 10−10 10−5 100 DWR(dB) EP IF CA IS S− SS WNR=−5dB WNR=0dB WNR=−10dB Figure 3.13: The EPIF versus DWR curves to demonstrate the improvement of the proposed CAISS over SS. Different WNR values are illus- trated. 5 10 15 20 25 30 35 40 10−10 10−8 10−6 10−4 10−2 100 DWR(dB) EP IF CA IS S− IS S WNR=−5dB WNR=0dB WNR=−10dB Figure 3.14: The EPIF versus DWR curves to demonstrate the improvement of the proposed CAISS over ISS. Different WNR values are illus- trated. 55 3.7. Conclusion −10 −8 −6 −4 −2 0 10−10 10−8 10−6 10−4 10−2 100 WNR(dB) EP IF CA IS S− IS S DWR=24dB DWR=22dB DWR=20dB Figure 3.15: The EPIF versus WNR curves to demonstrate the improvement of the proposed CAISS over ISS. Different DWR values are illus- trated. 50 100 150 200 250 300 −30 −25 −20 −15 −10 −5 0 N lo g( EP IF C AI SS −I SS ) WNR=10dB WNR=0dB WNR=5dB Figure 3.16: The logarithm of EPIF versus N curves to demonstrate the improvement of the pro- posed CAISS over ISS where DWR = 25 dB. Dif- ferent WNR values are illustrated. 3.7 Conclusion In this chapter, the correlation-and-bit-aware concept for spread spectrum embedding has been introduced. We have shown that the proposed CASS and CAISS data hiding schemes can improve the performance of the traditional SS and ISS schemes by taking into consideration the correlation between the host signal and the signature code and the bit message to be embedded. Thorough theoretical analysis on decoding error probability has been provided to prove that the CASS scheme outperforms the SS scheme and that the CAISS scheme outperforms the ISS scheme. We have also proved the superior robustness of the proposed CASS and CAISS data hiding schemes against the interference effect of the host signal. Furthermore, our analysis shows that using the proposed correlation-and-bit-aware data hiding schemes could increase the payload. In addition, the theoretical BER performances of the proposed schemes in the presence of additional noise have been derived. Extensive simulation results confirm the theoretical analysis and demonstrate the superiority of the the proposed CAISS scheme over the traditional SS and ISS schemes. 56 Chapter 4 Improved Multiplicative Spread Spectrum 4.1 Introduction In the previous chapters, the additive SS scheme was presented which spreads the watermark uniformly over the host signal. In order to have imperceptible watermark, the multiplicative spread spectrum (MSS) could be used which spreads the watermark according to the host signal. Although MSS ends up with better perceptual quality than the SS, its decoding performance has not been analyzed yet. In addition, similar to the SS scheme, the interference effect of the host signal causes performance degradation. A few improved MSS schemes have been devel- oped for reducing the interference effect. An enhanced MSS was proposed in [159] to improve the watermark detection rate, and a similar embedding scheme was developed in [21] for wa- termark decoding applications. Even though the scheme in [21] could provide better decoding performance than the conventional MSS, it can not completely remove the host interference effect. Following the aforementioned motivations, this chapter serves two main goals. The first one is to provide the theoretical performance analysis of MSS. Although MSS has been proposed in [28], the exact analysis of its decoding performance, and capacity have not been provided yet. We will fill this gap in this chapter. The second goal of this chapter is to present an improved MSS (IMSS) scheme which could improve the decoding performance while maintaining the multiplicative embedding structure. We propose exploiting the correlation between the host signal and the watermark signal and exploring the decoder structure of the conventional MSS scheme at the embedding side to remove the interference effect of the host signal, where the introduced parameters will be efficiently determined to achieve a trade off between decoding performance and watermark-introduced distortion. We will then provide the theoretical error probability analysis of the proposed IMSS. It is worth mentioning that the proposed IMSS for data hiding has the same decoder structure as the conventional MSS and does not require additional information at the decoder side. To be complete, we will also provide the decoding error analysis for MSS and the proposed IMSS in the presence of additional noise. 57 4.2. Conventional MSS Scheme The rest of this chapter is organized as follows. The MSS scheme is introduced briefly in Section 4.2, and its performance analysis is provided in Section 4.3. The proposed IMSS scheme is presented in Section 4.4. The decoding performance analysis of MSS and IMSS under additional noise are provided in Section 4.5, and the simulation results are reported in Section 4.6. 4.2 Conventional MSS Scheme For the MSS scheme [28], the watermarked signal r = [r1, r2, ..., rN ] T is represented as ri = xi + sixiAb , i = 1, 2, ..., N, (4.1) where the information bit b is modulated and added into N host coefficients x = [x1, x2, ..., xN ] T corresponding to the host coefficient values. Here b is assumed to be taken from a binary set b ∈ {−1,+1} and it is assumed that the host signal follows Gaussian distribution, such as Chapter 3, with zero mean and unit variance. To extract the hidden information b from the received signal, we can employ the optimal decoder based on the maximum likelihood (ML) criterion. Based on (4.1), the conditional PDFs for the ith coefficient are given by fR(ri|b = +1, si) = N ( 0, (1 + siA) 2 ) , fR(ri|b = −1, si) = N ( 0, (1 − siA)2 ) . (4.2) With the Gaussian IID assumption on the host signal coefficients, the ML decoder is in the form of (2.9) where the test statistic z is expressed as z = rTSdr = N∑ i=1 r2i si, (4.3) where Sd = diag{si, s2, ..., sN} means the diagonal matrix embracing the signature code coeffi- cients. 4.3 Analysis of the MSS Scheme In this section, the decoding performance of the optimal ML decoder based on (4.3) for MSS is analyzed. With the assumption of equal probability for the message bit, the probability of bit decoding error can be expressed as Pe−MSS = Pr { b̂ 6= b } = 0.5Pr { b̂ = +1|b = −1 } + 0.5Pr { b̂ = −1|b = +1 } . (4.4) 58 4.3. Analysis of the MSS Scheme To obtain the error probability (4.4), we first need to derive the distribution of the host signal. Since si’s take their values from +1 and -1, the test statistic (4.3) can be expressed as z = v − y, (4.5) with the independent random variables v and y being v = (1 +Ab)2 ∑ i∈Cp x2i , y = (1−Ab)2 ∑ i∈Cn x2i (4.6) where the sets of Cp and Cn are defined as the set of indices which si = +1 and si = −1, respectively. Both sets has N/2 elements. It is straightforward to show that the terms ∑ i∈Cp x 2 i and ∑ i∈Cn x 2 i follow chi-square distribution with N/2 degrees of freedom. Therefore we have the following distributions fV (v) = 1 (1 +Ab)22N/4Γ(N/4) [ v (1 +Ab)2 ]N/4−1 exp { −v 2(1 +Ab)2 } u(v), (4.7) fY (y) = 1 (1 −Ab)22N/4Γ(N/4) [ y (1−Ab)2 ]N/4−1 exp { −y 2(1−Ab)2 } u(y). (4.8) where u(.) returns +1 or 0 when its argument is positive or negative respectively, and Γ(.) denotes the Gamma function. Based on (4.7) and (4.8), since the random variables v and y are positive and independent, the distribution of z in (4.5) can be obtained as [103]: fZ(z) = ∫ ∞ −zu(−z) fV (z + y)fY (y)dy. (4.9) We can show that the mean mz and variance σ 2 z of the test statistic z are as follows: mz = 2AbN , σ 2 z = 2N ( A4 + 6A2 + 1 ) . (4.10) Having obtained the distribution of the test statistic, we could proceed to calculate the theoretical error probability of the MSS scheme. To this end, in Appendix C.1, it has been shown that the error probability is expressed as Pe−MSS = 1 (1−D)N/22N/2Γ2(N/4) × n∑ k=0 [( n k )[2n−k∑ i=0 (−1)k ( 2n− k i ) i! [ (1−D)2 (1 +D) ]i+1 (2n − i)! [ 2(1− √ D)2 ]2n−i+1]] . (4.11) 59 4.3. Analysis of the MSS Scheme Based on the derived error probability (4.11) for MSS, we note that the MSS can be error free. More specifically, it could be shown that the error probability is equal to zero when D = 1. In other words, the decoder does not make any wrong decoding decision when the DWR is 0 dB. This observation could also be verified by considering the conditional PDF of fZ(z|b = +1, z < 0) whenD = 1. An error decision is made when a PDF leakage happens, i.e., when the test statistic (4.3) becomes negative or positive while the bit b +1 or −1 is sent, respectively. It is clear that when fZ(z|b = +1, z < 0) is not zero, there will be decoding errors due to PDF leakage. When D = 1, the conditional PDF can be shown to be zero, implying that there is no PDF leakage. The analysis of the error probability of MSS can provide some insight into the decoding behavior of MSS at different DWR and can be used to explain the motivation of the proposed IMSS. We can rewrite (4.11) in terms of DWR as Pe−MSS(DWR) = ( 1− 10 -DWR20 )N/2 ( 1 + 10 -DWR 20 )N/2 2N/2Γ2(N/4) × n∑ k=0 (n k )2n−k∑ i=0 (−1)k ( 2n − k i ) i! ( 1 + 10 -DWR 10 + 2× 10 -DWR20 1 + 10 -DWR 10 )i+1 (2n − i)!(2)2n−i+1 .(4.12) From (4.12), we note that Pe−MSS(DWR) = Pe−MSS(-DWR), meaning that Pe−MSS(DWR) is an even function of DWR. It is clear that Pe−MSS(DWR) is not a monotonically decreasing function of DWR. More precisely, the error probability decreases first as the DWR decreases until the DWR reaches 0 dB (which leads to error free decoding), and further decreasing the DWR leads to the increase of the error probability. This non-monotonic behavior could also be explained by the statistics of the test statistic in (4.10), i.e., increasing the watermark am- plitude increases both the mean and the variance of the test statistic. In fact, the power of the information to the interference could be expressed as m2z/σ 2 z . Referring to z in (4.10) and taking the derivative of above expression with respect to D, we can show that this function has a Gaussian-like curve with the maximum at one. Thus, the non-monotonic behavior of the error probability is justified. This observation in MSS is different from additive SS, where increasing the watermark amplitude increases the mean of the test statistic while the variance is fixed, and thus a higher watermark amplitude in additive SS leads to a better decoding performance. Since information (data) hiding could be interpreted as a communication channel, we also study the channel Shanon capacity of MSS, i.e., the maximum host payload in bit that allows information recovery with arbitrary small probability of error [26]. As the received signal r conveys the information bit in MSS (4.1), the capacity is expressed by C = maxfbI(b; r), where I(b; r) denotes the mutual information conveyed by the received signal r and the maximization 60 4.4. Improved Multiplicative Spread Spectrum is taken over all possible distribution fb. The mutual information is defined as [26] I(b; r) = h(r)−h(r|b) where h(r) and h(r|b) represent the differential entropy and conditional differential entropy, respectively. Therefore, it could be shown (see Appendix C.2) that under reasonably high DWR, the capacity of the MSS scheme is expressed as CMSS(DWR) = N 2 log2 1 + 10−DWR10∣∣∣1− 10−DWR10 ∣∣∣ . (4.13) It could be seen that by approaching DWR towards zero, the channel capacity increases which is consistent with the behavior of the error probability. 4.4 Improved Multiplicative Spread Spectrum In Section 4.3, we observed that the MSS scheme is error free when the DWR is 0 dB. In MSS, the host signal itself is one source of decoding errors because the host signal is treated as noise at the decoder. Since the structure of the decoder (4.3) is known at the encoder side, it motivates us to propose an improved MSS (IMSS) scheme by exploiting the decoder structure during the multiplicative based embedding to remove the interference effect of the host signal. Specifically, we propose the following IMSS embedding scheme: r = x+ SdxAb+ gSdx, (4.14) where g denotes a function to be described shortly. The basic idea behind the proposed IMSS is to take advantage of the decoder structure in (4.3) for MSS and introduce the term gSdx to compensate the host interference effect. We now explain the IMSS intuition with more details. Since the IMSS scheme has a similar embedding structure to MSS, we can heuristically employ the ML decoder for MSS in (4.3) and (3.1) for extracting the bit b. As a result, for IMSS (4.14), the decoder can be expressed as (3.1) with the test statistic z as z = 2b ( AgxTSdx+Ax Tx ) + [ xTSdx ( 1 +A2 + g2 ) + 2xTxg ] . (4.15) The test statistic (4.15) consists of two terms, where the first one contains the information bit b and the second one contains the interference and is the source of decoding errors. Ideally, if we can remove the second term and make (AgxTSdx + Ax Tx) of the first term be positive, the decoder (3.1) can be decoding error free. Therefore, we propose determining the desired 61 4.4. Improved Multiplicative Spread Spectrum function g by making the interference term zero, i.e. g2xTSdx+ 2gx Tx+ ( xTSdx+A 2xTSdx ) = 0. (4.16) Finding the roots of the above quadratic equation shows that function g should be as g = −xTx+ √ (xTx)2 − (xTSdx)2(1 +A2) xTSdx , (4.17) which satisfies the requirement that ( AgxTSdx+Ax Tx ) > 0. Therefore, by exploiting IMSS in (4.14), using g in (4.17) at the encoder side and employing the decoder (4.3) as in MSS at the receiver side, the proposed IMSS could yield error free decoding performance. For watermarking methods, we normally need to calculate the total watermark-introduced distortion due to watermark embedding and we would prefer a closed form expression of the dis- tortion, e.g., especially for performance comparisons of different embedding schemes. Referring to the distortion definition, for IMSS (4.14), we have the distortion as D = A2 + 1 N E { g2xTx } . (4.18) Since g is in the form of (4.17), computing the distortion (4.18) in a closed form directly is rather difficult. To avoid this complexity, we rewrite the expression of g (4.17) as g = −xTx+ (xTx) [ 1− ( xTSdx xTx )2 ( 1 +A2 )]1/2 /(xTSdx). (4.19) Now, we employ the binomial series, i.e., the Taylor series at x = 0 for the function (1 + x)α where α is positive, described as (1 + x)α = 1 + ∞∑ k=1 xk k! k−1∏ j=0 (α− j) . (4.20) Substituting the binomial series (4.20) into g in (4.19) leads to the following approximation g(u) = d∑ k=1 (xTSdx xTx )2k−1 (u)k (−1)k k! k−1∏ j=0 ( 1 2 − j ) , (4.21) where we have u = 1+A2. Here, the parameter d determines the accuracy of the binomial series. As d increases, the difference between the approximated g and its exact value (4.17) decreases. We can show that when d = 1, the proposed IMSS scheme is reduced to the scheme in [21], 62 4.4. Improved Multiplicative Spread Spectrum meaning that the scheme in [21] for the Gaussian host signal is a special case of the proposed IMSS. d = 1 represents a coarse approximation and thus may not be able to efficiently remove the host interference effect. Our later simulations show that a higher value of d, e.g., d = 2, provides better decoding performances. Now, with the approximation of g in (4.21), to explicitly express the distortion of IMSS, we need to define a variable which could also help our analysis in the rest of the chapter. Let define H(m,n, q, u) and h(m,n, q, u) as follow H(m,n, q, u) = gm(u) ( xTx )n ( xTSdx )q , (4.22) h(m,n, q, u) = E{H(m,n, q, u)}. (4.23) In Appendix C.3, we will show that, for non-negative integers of m, n, and q, we have h(m,n, q, u) = d∑ k1=1 ... d∑ km=1 [ (−u)( ∑m i=1 ki) ∏km r=k1 ∏r−1 j=0( 1 2 − j)∏m i=1 ki! × p∑ n=0 [ (−1)n2p−lΓ(p− n+N/4)Γ(n +N/4)Γ(p − l +N/2) Γ2(N/4)Γ(p +N/2) ] ] , (4.24) where p = 2 m∑ i=1 ki −m+ q , l = 2 m∑ i=1 ki −m− n. (4.25) Now, according to (4.18), (4.22) and (4.24), we have the distortion of IMSS as D = A2 + 1 N h ( 2, 1, 0, 1 +A2 ) . (4.26) The distortion expression (4.26) is a useful measure, because it determines that, for fixed wa- termark parameters, how much distortion is introduced in IMSS to remove the host interference effect. We have shown that applying the IMSS scheme (4.14) with g(1 + A2) expressed in (4.21) could lead to error free decoding. Even though the proposed IMSS with g(1 + A2) in (4.17) could provide decoding error free performance, it introduces a specific degree of distortion into the watermarked signal, as described in (4.26). For some practical watermarking applications, if it is desirable to have less distortion, it is preferred to employ IMSS (4.14) with using g(λ) instead of g(1 +A2) where the 63 4.4. Improved Multiplicative Spread Spectrum free parameter λ provides a trade off between the distortion and the decoding performance. In other words, when a larger distortion is allowed, a larger magnitude of λ can be used to achieve a better decoding performance; and when a lower distortion is allowed, a smaller λ should be used. This free parameter allows us working at each individual DWR. Using g(λ) as long as the parameter λ is less than 1 can partially achieve host rejection while there is still PDF leakage; and when λ is larger than 1, the host signal effect can be removed completely. While for the former case there is still PDF leakage, therefore developing the optimal decoder is crucial to minimize the leakage effect, and the watermarked signal distribution is needed for obtaining the optimal decoder. As mentioned earlier, similar to MSS, the decoder (3.1) with the test statistic (4.3) can be heuristically exploited for extracting the hidden bits in the proposed IMSS. However, one should note that this decoder is optimal only for Gaussian watermarked signal. For the proposed IMSS, to derive the ML optimal decoder, we first need to investigate the distribution of the watermarked signal (4.14), where the distribution of the random variable g is needed. Based on our simulations, we observed that the distribution of g approaches Gaussian when N is increased. It should be mentioned that g has zero mean and variance h(2, 0, 0, λ). Figure 4.1 illustrates the experimental and theoretical PDF results of the random variable g(u) when N = 60 and DWR = 21 dB. We clearly see a close match between the experimental and theoretical results, and thus the Gaussian assumption of the random variable g(u) is valid. To further validate the assumed Gaussian distribution, we also conduct the Kolmogorov-Smirnov test which verifies whether two different samples belong to the same distribution or not by exploiting the difference of the Cumulative Distribution Function (CDF)s of the samples. Our analysis based on the Kolmogorov-Smirnov test reveals that the Gaussian approximation is valid for the random variable g(u). Given the Gaussian distribution of g, we can derive the distribution of the watermarked signal in IMSS (4.14), where the ith coefficient could be interpreted as the multiplication of two Gaussian random variables xi and yi, with yi = 1 + siAb+ sig. (4.27) In Appendix C.4, we show the PDF of the watermarked signal r in IMSS (4.14) is expressed as fR(r) = 1(√ piσ2y )N exp {−N(1 +A2) 2σ2y } N∏ i=1 ∞∑ n=0 1 n!Γ(n+ 1/2) ( (1 + siAb) 2|ri| 4σ3y )n Kn |ri|√ σ2y (4.28) where σ2y = h(2, 0, 0, λ) and Kn(.) denotes the modified Bessel function of the second kind. Based on (4.28), applying the maximum likelihood criterion (2.9), we can derive the ML 64 4.4. Improved Multiplicative Spread Spectrum decoder in the form of (3.1) with the test statistic z being z = N∏ i=1 ∞∑ n=0 1 n!Γ(n+ 1/2) ( |ri| 4σ3y )n Kn |ri|√ σ2y [(1 + siA)2n − (1− siA)2n] . (4.29) From the above test statistic (4.29), it is noted that the watermark amplitude A is required for the ML decoder. However, in practice, such watermark amplitude information is generally not available at the decoder side, and thus it will be preferred to find a practical approximation of the distribution in (4.28) and obtain a simpler decoder without requiring A. Our study showed that the exact distribution of the watermarked signal in (4.28) at relatively moderate and high DWR could be well approximated by a Gaussian distribution. Figure 4.2 shows the experimental, exact theoretical (4.28), and Gaussian approximation of the first coefficient of the watermarked signal when s1b = −1, i.e., fR(r1|A, s1b = −1), N = 60 and DWR = 21 dB. The figure clearly illustrates the good match between the experimental result and the exact PDF in (4.28) and the close match between the theoretical PDF and the Gaussian approximation. Once again, we investigated the Kolmogorov-Smirnov test to verify the results. Replacing (4.28) using the approximated Gaussian distribution, we can have the ML decoder as the decoder of (3.1) with the test statistic being in the form of (4.3) and (4.15). For IMSS, compared with the optimal decoder (3.1) with z in (4.29), the decoder (3.1) with z in (4.3) has a much simpler structure and, more important, is independent of the watermark amplitude. Also, it is noted that the decoder (3.1) with z in (4.3) for IMSS is the same as the optimal decoder for MSS. In practice, for the proposed IMSS, we may need to determine the generalized free parame- ter λ for a given allowed distortion. For the IMSS scheme, using the free parameter λ, the test statistic (4.15) consists of two terms, where the first one ( 2Ag(λ)xTSdx+ 2Ax Tx ) contains the bit information and the other term ( xTSdx(1 +A 2 + g2(λ)) + 2g(λ)xTx ) represents the inter- ference and causes the decoding errors. The powers of the information bit and the interference at the decoder side can be correspondingly defined as Pinf = E { 4A2 ( g(λ)xTSdx+ x Tx )2} and Pint = E {( xTSdx(1 +A 2 + g2(λ)) + 2g(λ)xTx )2} , respectively. In order to determine the value of λ, we define the information to interference ratio (IIR), which is the ratio of the power of bit information to the power of the interference term, as IIR ∆ = Pinf Pint . (4.30) It is obvious that a higher IIR leads to more host interference rejection, and consequently better decoding performance. Using the distortion expression (4.26) and the definition of h(m,n, q, u) 65 4.4. Improved Multiplicative Spread Spectrum in (4.24), the information and interference powers can be expressed as Pinf = 4 ( D − 1 N h(2, 1, 0, λ) ) [ h(2, 0, 2, λ) + 2h(1, 1, 1, λ) + 4Γ(2 +N/2) Γ(N/2) ] , (4.31) Pint = 2N ( 1 +D − 1 N h(2, 1, 0, λ) )2 + h(4, 0, 2, λ) + 4h(2, 2, 0, λ) + 4h(3, 1, 1, λ) + 2 ( 1 +D − 1 N h(2, 1, 0, λ) ) h(2, 0, 2, λ) + 4 ( 1 +D − 1 N h(2, 1, 0, λ) ) h(1, 1, 1, λ). (4.32) Since a higher IIR leads to more host rejection, based on the IIR expression using (4.30)-(4.32), we propose determining the parameter λ by solving the following maximization problem, λ̂ = argmax λ IIR. (4.33) As a summary, for an allowed fixed distortion, exploiting IMSS (4.14) with g(λ) and λ being obtained using (4.21) and (4.33), respectively, could efficiently reduce the host interference effect. To further explain the advantage of the proposed IMSS and to provide more insight into why the IMSS could help removing the host interference effect, we study the PDFs of the test statistics for MSS and IMSS schemes. The experimental PDFs of the test statistic z for MSS and IMSS are illustrated in Figures 4.3 and 4.4, where N = 100 and DWR = 23 dB. Each figure shows two peaks corresponding to the information bit -1 and +1 respectively. Comparing Figures 4.3 and 4.4 for the same DWR reveals that IMSS leads to better distinguishing capability between b = −1 and b = +1. More precisely, the PDFs fZ(z|b = +1) and fZ(z|b = −1) for IMSS are taller and farther apart than their counterparts for the MSS scheme. This example demonstrates that IMSS has less PDF leakage. We now proceed to analyze the decoding error probability for IMSS. As mentioned earlier, the distribution of the watermarked signal (4.28) can be approximated by a Gaussian distribution and thus the decoder is in the form of (3.1) where the test statistic z is as in (4.15). We need the distribution of the test statistic (4.15). However, finding the exact distribution of z in (4.15) is very difficult due to its complex structure and an appropriate approximation of the distribution is needed to simplify the analysis. Investigating (4.15) reveals that the coefficient of the information bit regarding (4.17) is always positive and the interference term could take either positive or negative values and thus, the resulted distribution is skew, as seen in Figure 4.4. Thus, we propose to approximate the distribution of z given the information bit as skew 66 4.5. MSS and IMSS in the Presence of Additional Noise normal in the following form fZ(z) = 2 ω √ 2pi exp {−(z − ζ)2 2ω2 }[ 1−Q ( α ( z − ζ ω ))] , (4.34) where the function Q(.) is defined as Q(x) = 12pi ∫∞ x exp ( −u2 2 ) du, ζ and ω are the location and scale parameters, respectively, and α represents the skewness of the distribution. To illustrate the matching between the experimental distribution and the theoretical approximation (4.34) of the IMSS test statistic z in (4.15), Figure 4.5 is shown where N = 60 and DWR = 21 dB. We can see that the difference between the experimental PDF and the fitted skew normal distribution is very subtle. With regard to the skew normal distribution of the test statistic (4.34), in Appendix C.5, it has been shown that the error probability is obtained as Pe−IMSS = Q ( ζ ω ) − 1 pi tan−1 α− 1 pi ∞∑ n=1 [ 1 n! (−ζ2 2ω2 )n n−1∑ k=0 ( n− 1 k ) α2k+1 2k + 1 ] , (4.35) where the corresponding parameters have been obtained in the same Appendix. As discussed earlier, there could be a subtle difference between the true PDF and the skew normal distribution of the test statistic. This skew normal approximation could affect the accuracy of the bit error probability analysis, especially at the very low bit error rates. 4.5 MSS and IMSS in the Presence of Additional Noise In Section 4.4, we proved that the proposed IMSS could decrease the PDF leakage and conse- quently improve the decoding performance when compared with MSS in the absence of additional noise. In practice, the received watermarked signal can be contaminated with additional noise. In this section, we will investigate the decoding performances of MSS and the proposed IMSS in the presence of additional noise. For IMSS, the received noisy signal is described as r = x+ SdxAb+ gSdx+ n, (4.36) where n = [n1, n2, ..., nN ] T represents the Gaussian noise coefficients with zero-mean and vari- ance of σ2n. Note that MSS can be considered as a special case of the IMSS scheme with g = 0. We first analyze the MSS scheme and then analyze IMSS in the presence of additional noise. For MSS, it is obvious that now the received signal follows Gaussian distribution as fR(ri|b, si) = N ( 0, (1 + siAb) 2 + σ2n ) . The ML decoder is still in the form of (3.1) where the 67 4.6. Simulation Results test statistic is described in (4.3). The test statistic can be expressed in the form of (4.5) with v = [ (1 +Ab)2 + σ2n ] ∑ i∈Cp ui , y = [ (1 +Ab)2 + σ2n ] ∑ i∈Cp wi (4.37) and where random variables ui and wi have zero mean and unit variance, with ui = xi/ [ (1 +Ab)2 + σ2n ]1/2 and wi = xi/ [ (1−Ab)2 + σ2n ]1/2 . Since the distribution of the test statistic would be in the form of (4.9), the error probability can be obtained, similar to the noiseless case, in the following form (see Appendix C.6) Pe−MSS = 1 [(1−D)2 + 2σ2n(1 +D) + σ4n]N/4 2N/2Γ2(N/4) n∑ k=0 [( n k )[ 2n−k∑ i=0 (−1)k ( 2n − k i ) i!× ([ (1−D)2 + 2σ2n(1 +D) + σ4n ] 1 +D + σ2n )i+1 (2n− i)! ( 2 [ (1−D)2 + 2σ2n(1 +D) + σ4n ] (1 + √ D)2 + σ2n )2n−i+1 ]] . (4.38) For IMSS, referring to (4.3) and (4.36), we can express the test statistic as z = 2Ab ( gxTSdx+ x Tx+ xTn ) +xTSdx ( 1 +A2 + g2 ) +2xTxg+ ( 2xTSdn+ 2gx Tn+ nTSdn ) , (4.39) where the parameter λ is determined by the result of (4.33) where IIR ∆ = P̂inf/P̂int. The infor- mation and interference powers in the presence of additional noise regarding the test statistic (4.39) are expressed as P̂inf = Pinf+4Nσ 2 n ( D − 1 N h(2, 1, 0, λ) ) , P̂int = Pint+2σ 2 n ( 2N + 2h(2, 1, 0, λ) +Nσ2n + 4h(1, 0, 1, λ) ) (4.40) where Pinf and Pint have been defined in (4.31) and (4.32), respectively. Accordingly, the bit error probability of IMSS could be described as in (4.35) with the parameters determined in (C.26)-(C.28), where in (C.26) Pinf and Pint should be replaced by P̂inf and P̂int, respectively. 4.6 Simulation Results In this section, we conduct extensive simulations to illustrate the decoding performances of the proposed IMSS scheme and to verify the derived error probability analysis. The results are obtained based on Monte Carlo simulations. We set N = 60 in all simulations, unless stated otherwise. To validate the derived theoretical PDF for the test statistic z in (4.34), in Figure 4.5, we can 68 4.6. Simulation Results see an excellent matching between the empirical result based on simulations and the theoretical result based on the analysis provided in Section 4.3. To show that the MSS scheme is decoding error free for DWR = 0 dB, the conditional PDF (C.4) of the test statistic (4.3) with D = 1 and b = +1 is depicted in Figure 4.6. It is clear that the PDF is zero for negative z, proving that there is no PDF leakage and thus no decoding error when DWR = 0 dB. To investigate the validity of the derived error probability in (4.11) for the MSS scheme, the theoretical and experimental results are shown in Figure 4.7, where we see excellent matches between the theoretical results and the ones based on simulations. For the proposed IMSS in Section 4.4, g is determined as in (4.17) to achieve decoding error free, and the corresponding distortion can be calculated in (4.26). Figure 4.8 is shown to provide more insight into the required DWR for error free decoding for a fixed number of coefficients N . For example, if N = 50, then if we are allowed to have DWR below 20 dB, the decoder will not make any false decision. As mentioned in Section 4.4, introducing λ can make a trade off between the allowed distor- tion and the decoding performance. The parameter λ is determined by maximizing the IIR as (4.30), where a higher IIR value means a more efficient interference host effect rejection. The parameter d introduced in (4.21) represents the approximation precision of the optimal g(u), i.e., a higher value of d leads to a more accurate approximation. The 10log(IIR) measures for MSS and IMSS with different values of d are calculated and shown in Figure 4.9. It could be seen that IMSS yields higher IIR values than MSS and that increasing d could result in more host interference effect rejection as expected. To compare the decoding performance of the proposed IMSS against the MSS, the bit error rates of MSS and IMSS with d = 1, d = 2, and d = 3 are shown in Figure 4.10, where N = 100. It is clear that IMSS consistently yields better decoding performance than MSS and that employing the IMSS with a higher value of d could lead to better decoding performance. As the behavior of the IIR for different embedding schemes are demonstrated in Figure 4.9, and the relationship between the IIR and the interference host effect rejection have been explained already, the decoding performances provided in Figure 4.10 are expected. Our simulations show that increasing d to be larger than 3 does not further improve the decoding performance significantly, so we use d up to 3 in our simulations. It is worth mentioning that by decreasing the DWR, the free parameter λ can be larger and consequently remove the host effect more. When the allowed distortion reaches the desirable amount shown in Figure 4.8, the IMSS could completely reject the interference host effect and thus be decoding error free for a lower DWR. To investigate the effect of additional noise on the performance of the proposed IMSS, Figure 4.11 shows that the decoding performance of IMSS and MSS when N = 60 and WNR = 5dB where WNR is defined as WNR = 10 log ( D σ2n ) . This figure depicts that the IMSS consistently 69 4.7. Conclusion provides better decoding performances than the MSS in the presence of additional Gaussian noise and also, bigger value of d results in better performance. Figure 4.12 depicts the theoretical and experimental decoding performance of the IMSS scheme versus different WNRs. This figure shows the integrity of the error analysis for the IMSS in the presence of the noise. We also conduct experiments to evaluate the proposed embedding scheme on real images. A set of testing images with size 768×1024 are investigated for information embedding. Since peak signal to noise ratio (PSNR) is a common measurement for evaluating the perceptual quality of the images, the figures are plotted against the PSNR values. Also, we run our algorithm for PSNR of 37 dB for the experiments. For investigating the decoding performance of the proposed IMSS on real images, the average BER for the images is shown in Figure 4.13. It depicts that the IMSS has better performance than the conventional MSS and increasing the parameter d improves the performance, as we expected. To investigate the decoding performance of the IMSS for real images against the additional noise attack, the average BER curve is shown in Figure 4.14. We can see that the decoding performance of the proposed IMSS outperforms MSS. The worth mentioning point is that there are two assumptions that are not completely ful- filled when examining real images. The first one is that the distribution of the host signal (e.g., DCT coefficients) does not follow the Gaussian distribution. The second one is that the coeffi- cients are not necessarily IID. To demonstrate the effect of these violations from our assumptions, the empirical error probability (based on real images) is compared with the theoretical one (4.35) in Figure 4.15. One can see that there is a difference between the experimental (based on sim- ulations) and empirical results, which is probably mainly due to non-Gaussian IID samples in real images. 4.7 Conclusion In this chapter, we first derived the theoretical decoding performance analysis of the conven- tional MSS embedding scheme. To this end, we provided the theoretical error probability and channel capacity. We also showed that the interference effect of the host signal causes decoding performance degradation in the MSS scheme. Therefore, we proposed an improved MSS scheme by taking advantage of the decoder structure during embedding to remove the host signal in- terference effect. A thorough theoretical analysis of bit error probability for the proposed IMSS scheme was provided and the simulations were used to validate the derivations. Simulation results showed that the IMSS consistently outperforms the conventional MSS. The decoding performance analysis of the MSS and the IMSS in the presence of additional Gaussian noise were also provided and simulations showed the superiority of the IMSS scheme. 70 4.7. Conclusion −0.4 −0.3 −0.2 −0.1 0 0.1 0.2 0.3 0.4 0 0.5 1 1.5 2 2.5 3 3.5 4 4.5 5 g f G (g) Experimental Theoretical Figure 4.1: The experimental and theoretical PDFs for the random variable g defined in (4.21), where N = 60 and DWR = 21 dB. −5 0 5 0 0.05 0.1 0.15 0.2 0.25 0.3 0.35 0.4 0.45 r1 f R (r 1 ) Experimental Theoretical Gaussian Figure 4.2: The PDFs of the first coefficient of the watermarked signal for the proposed IMSS scheme (4.14), where s1b = −1, N = 60 and DWR = 21 dB. −100 −50 0 50 100 0 0.005 0.01 0.015 z f Z (z) Figure 4.3: The experimental PDF of the test statistic z for the MSS scheme when a binary mes- sage is sent, where N = 100 and DWR = 23 dB. −2.5 −2 −1.5 −1 −0.5 0 0.5 1 1.5 2 2.5 0 0.2 0.4 0.6 0.8 1 1.2 1.4 z f Z (z) Figure 4.4: The experimental PDF of the test statistic z for the IMSS scheme when a binary mes- sage is sent, where N = 100, DWR = 23 dB, and d = 2. 71 4.7. Conclusion −2 −1 0 1 2 3 4 5 6 7 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 z f Z (z| b= +1 ) Experimental Theoretical Figure 4.5: The experimental and theoretical (4.34) distributions for the proposed IMSS scheme, where N = 60, DWR = 21 dB and b = +1. 0 50 100 150 200 250 300 350 0 0.002 0.004 0.006 0.008 0.01 0.012 0.014 z f Z (z| b= +1 ) Empirical Theoretical Figure 4.6: The experimental and theoretical (C.4) distributions for the MSS scheme, where N = 60, DWR = 0 dB and b = +1. 10 15 20 25 30 35 40 10−4 10−3 10−2 10−1 100 DWR (dB) BE R Experimental Theoretical Figure 4.7: The theoretical (4.11) and exper- imental error probabilities for the MSS scheme where N = 60. 100 200 300 400 500 600 700 800 900 1000 18 20 22 24 26 28 30 32 34 N D W R (d B) Figure 4.8: The required DWRs for achieving er- ror free decodings in IMSS when different numbers of coefficients are used for embedding. 72 4.7. Conclusion 24 26 28 30 32 34 36 38 40 −20 −10 0 10 20 30 40 50 60 DWR (dB) IIR (d B) IMSS,d=1 IMSS,d=2 IMSS,d=3 MSS Figure 4.9: The 10log(IIR) versus DWR curves for the MSS and IMSS schemes, where three dif- ferent values of d are considered and N = 100. 22 24 26 28 30 32 34 36 38 40 10−6 10−5 10−4 10−3 10−2 10−1 100 DWR (dB) BE R IMSS,d=2 IMSS,d=1 MSS IMSS,d=3 Figure 4.10: The BER versus DWR curves for the MSS and IMSS schemes when N = 100. d = 1, 2, 3 are considered in IMSS. 20 22 24 26 28 30 32 34 36 38 40 10−4 10−3 10−2 10−1 100 DWR (dB) BE R IMSS,d=2 IMSS,d=1 MSS Figure 4.11: The BER versus DWR curves for the MSS scheme and the proposed IMSS scheme, where WNR = 5 dB and N = 60. −5 −4 −3 −2 −1 0 1 2 3 4 5 10−2 10−1 100 WNR(dB) BE R IMSS,Experimental IMSS,Theoretical Figure 4.12: The experimental and theoretical BER versus WNR curves for the IMSS scheme, where DWR = 23 dB, N = 60, and d = 2. 73 4.7. Conclusion 28 30 32 34 36 38 40 42 10−3 10−2 10−1 100 PSNR(dB) BE R MSS IMSS,d=1 IMSS,d=3 Figure 4.13: The average BER versus PSNR curves for the MSS and IMSS schemes when ap- plied on real images. 2 4 6 8 10 10−2 10−1 100 WNR(dB) BE R MSS IMSS,d=3 Figure 4.14: The average BER versus WNR curves for the MSS and IMSS schemes when ap- plied on real images. 20 25 30 35 40 10−4 10−3 10−2 10−1 100 DWR (dB) BE R Experimental Theoretical Empirical(Real image) Figure 4.15: The experimental, theoretical (4.35), and empirical BER versus DWR curves for the IMSS scheme where d = 2. 74 Chapter 5 Security Analysis of Spread Spectrum Schemes under KMA and KMCA 5.1 Introduction In this chapter, we present security analysis based on the mutual information measure for ISS, CASS, CAISS, and MSS schemes. The definition of watermarking security has been evolved during the last two decades in the field of digital watermarking and data hiding. In the literature, people actually referred to different properties of digital watermarking when using the term security. In early era of watermarking and data hiding, different concepts of watermarking security were used. For instance, the ability of the attacker to extract the hidden message could be defined as a security breach. One thing that was considered as a way of increasing the water- marking security was hiding the location of the embedded information [112, 113]. It is worth mentioning that, in early era of digital watermarking, the issue of watermarking security was mainly discussed and studied in a non-mathematical way and there was lack of quantitative studies for watermarking security. In recent era, the first rigorous definition of watermark security was proposed in [57]. Kalker defined the watermark security as the inability of the attacker to have access to the original signal. It led researchers to come up with a specific definition of watermark security. In the new watermark security definition, similar to the cryptography concept, it is assumed that the attacker has access to all information except the key and his/her final objective is to estimate it. With this definition and in order to quantify watermark security, different attacks and security measures were proposed in [107]. In this chapter, we employ the Shannon’s framework [108] and therefore use the mutual information between the observations and the signature code given the embedded messages measures the information leakage about the signature code. Since the CASS and CAISS em- bedding schemes [138] rely not only on the signature code but also on the sign of the correlation 75 5.2. Spread Spectrum Embedding Schemes between the host signal and the signature code, to behave as a more powerful attacker, we intro- duce a new adversary attack, the known message and correlation attack (KMCA), and analyze the security of the CASS and CAISS schemes under KMCA. Later we will show that CASS and CAISS are less secure under the KMCA scenario than the KMA one. In order to illustrate how an adversary could attack the watermarked content by estimating the signature code, we present some practical estimators for different SS schemes and study their corresponding estimation per- formances to correlate the estimation performance with the security measure. One important issue for any data hiding scheme is the robustness-security trade-off. Robustness shows how accurate an embedding scheme could extract the hidden messages and it is usually evaluated by decoding performance. The robustness-security trade-off implies that generally enhancing one will degrade the other. However, we will show via the simulations that the CAISS scheme could enhance both the security and the robustness simultaneously when compared with the ISS scheme. The rest of this chapter is organized as follows. In Section 5.2, different SS-based embedding schemes are briefly introduced. Section 5.3 provides the security analysis for the SS embedding schemes under the KMA scenario. In Section 5.4, the KMCA attack is introduced for the CASS and CAISS schemes and the security analysis under this attack is studied. The practical estimators of the signature code for SS schemes are described in Section 5.5. Simulation results are reported and explained in Section 5.6. Section 5.7 draws the conclusions. 5.2 Spread Spectrum Embedding Schemes In this section, different spread spectrum embedding schemes are presented briefly. Throughout this chapter, it is presumed that the host signal vector with length N , x = [x1, x2, ..., xN ] T , conveys one message bit b. In addition, it is assumed that the host signal follows Gaussian inde- pendent and identical distribution (IID) with zero mean and variance σ2x, i.e., x ∼ N (0N , σ2xIN), where IN and 0N mean the N ×N identity matrix and the zero vector with length N , respec- tively. Here, N is the number of the host coefficients conveying one bit information. The SS schemes employ the watermark signature code s = [s1, s2, ..., sN ] T to embed the message bit b. In this chapter, like the other ones, we assume that the signature code consists of binary random variables from the set si ∈ {−1,+1}. Each embedding scheme introduces a watermark-induced distortion D, which is defined as (2.2). Since we will investigate the security of the SS schemes in this chapter, in the following subsections, the SS embedding schemes are briefly reviewed. 76 5.2. Spread Spectrum Embedding Schemes 5.2.1 Additive SS Scheme The additive spread spectrum is probably the most popular embedding scheme in the SS cat- egory. The additive SS adds the message bit over the host coefficients uniformly, expressed as y = x+ sAb, (5.1) where A > 0 is the watermark amplitude. Based on the additive SS embedding scheme (5.1) and the distortion definition (2.2), the amplitude A could be expressed as A = √ D. Additive SS is a non-host rejection scheme due to the interference effect of the host signal. 5.2.2 ISS Scheme In order to reduce the interference effect of the host signal, Malvar and Florencio [92] proposed the ISS scheme in the following form y = x+ sAb− λssTx (5.2) where λ is a free parameter which can be determined as λ = { 1 N if D > σ2x N , D σ2x if D ≤ σ2xN . (5.3) Based on the distortion definition (2.2) and the ISS embedding scheme (5.2), the amplitude A can be expressed as A = √ D − λ2Nσ2x. It should be recalled that ISS scheme exploits a host rejection procedure which could reduce the host signal’s effect. 5.2.3 CAISS Scheme The main drawback of the SS scheme is the interference effect of the host signal, and ISS was an attempt to reduce this interference effect. Motivated by the success of ISS, in Chapter 3 we introduced the correlation aware concept to remove the interference effect of the host signal more efficiently by determining the embedding based on both the message bit and the correlation between the host signal and the signature code. The correlation aware concept leads to two embedding schemes, the CASS and CAISS schemes. The CASS is expressed as: y = x+ sA1, if s Tx ≥ 0, b = +1, x− sA2, if sTx ≥ 0, b = −1, x− sA1, if sTx < 0, b = −1, x+ sA2, if s Tx < 0, b = +1, (5.4) 77 5.3. Security Analysis of SS, ISS, and MSS Schemes under KMA where the amplitudes A1 = √ αD and A2 = √ (2− α)D, with 0 < α ≤ 1. Since CAISS leads to less probability distribution function (PDF) leakage, it yields better decoding performances than that of ISS. The CAISS scheme is described as follows y = x+ sA1, if s Tx ≥ 0, b = +1, x− sA2 − λhs(sTx), if sTx ≥ 0, b = −1, x− sA1, if sTx < 0, b = −1, x+ sA2 − λhs(sTx), if sTx < 0, b = +1, (5.5) where A1 = √ αD, A2 = √ D(2− α)− λ2hNσ2x, and the parameter λh is determined as λh = { 1 N if D > σ2x N(2−α) , D(2−α) σ2x if D ≤ σ2xN(2−α) . (5.6) 5.2.4 Multiplicative Spread Spectrum In order to make the watermark more imperceptible, the MSS scheme can be employed [28]. Since the MSS scheme embeds the message bit according to the content of the host signal, it generally yields a content-based watermarked signal. The MSS embedding scheme can be expressed as: y = x+ SdxAb (5.7) where Sd is a diagonal matrix denoted as Sd = diag{s1, ..., sN}. According to the distortion definition (2.2) and the MSS scheme (5.7), we have A = √ D/σ2x. 5.3 Security Analysis of SS, ISS, and MSS Schemes under KMA In the following sections, the security analyses of different SS embedding schemes are investi- gated. According to [17], one popular scenario for security assessment is known-message attack, where it is assumed that the attacker has access to the embedded messages in the host signal. In this chapter, we focus on KMA because it has many applications [108] and it generally results in worse information leakage than the watermark only attack (WOA) scenario. Here, we employ the framework used in [108] and [106]-[105] for assessing the security of the SS schemes. The information about the signature code leaked out by the observations is quantified by the mutual information between the observations and the signature code [26]. 78 5.3. Security Analysis of SS, ISS, and MSS Schemes under KMA When N0 watermarked signalsY = [y1, ...,yN0 ] which are obtained by watermarking N0 host signals X = [x1, ...,xN0 ], and the associated N0-bit message b = [b1, ..., bN0 ] T are observed, the information leakage about the signature code s could be calculated, as the mutual information between the observations Y and the signature code s given the embedded message bits b, in the following form I(Y; s|b) = h(Y|b)− h(Y|b, s), (5.8) where I(.) and h(.) denote the mutual information and differential entropy operations, respec- tively. As explained earlier, the above Shannon’s mutual information represents the leakage about the signature code from the observations. One could compute Shannon’s equivocation about the signature code given the observations and the embedded message to represent the remaining uncertainty about the signature code. For the KMA scenario, the equivocation defined as h(s|Y,b) = h(s) − I(Y; s|b) implies the uncertainty of the signature code given observations and message bits. 5.3.1 Additive SS Scheme under KMA Based on the additive SS embedding scheme (5.1), assumed Gaussian distribution of the sig- nature code, the mutual information for the KMA scenario has been obtained in [107]. It is straightforward to show that for the binary signature code, the information leakage could be bounded as I(Y; s|b)SS ≤ N 2 log ( 1 + N0D σ2x ) . (5.9) The information leakage per dimension for additive SS, defined as I(Y; s|b)/N , reveals that it is independent of the dimension N . Also as we expected, it is clear that increasing the number of observations N0 will increase the information leakage. 5.3.2 ISS Scheme under KMA As explained earlier, ISS is a host rejection algorithm. It is known that the decoding performance of ISS is generally better than that of the SS scheme. The security level is another factor that should be considered when comparing SS and ISS schemes. In Appendix D.1, we can show that 79 5.4. Security Analysis of CASS and CAISS Schemes under KMCA and KMA the information leakage for the ISS scheme under the KMA scenario is bounded as: I(Y; s|b)ISS ≤ N 2 log ( 1 + (D − λ2Nσ2x)N0 [(1 − λ)2 + (N − 1)λ2]σ2x ) −N0 log(1− λhN) + NN0 2 log ( (1− λ)2 + (N − 1)λ2) . (5.10) Since SS is a special case of ISS with λ = 0, it is clear that, when λ = 0, the information leakage of the ISS scheme (5.10) is the same as the mutual information of the SS scheme (5.9). From (5.10), we also note that, when λ approaches to 1/N , the information leakage approaches infinity. Different from the additive SS where the information leakage per dimension is indepen- dent of N , increasing N leads to more information leakage per dimension in ISS. In terms of the information leakage per dimension, the behavior of the ISS scheme is affected by several factors such as the distortion D, N and N0, and we will investigate its behavior in Section 5.6. 5.3.3 MSS Scheme under KMA MSS is another popular SS-based scheme which employs Eqn. (5.7) for data hiding. Referring to MSS embedding in (5.7) and the mutual information definition in (5.8), we can express the upper bound of information leakage of MSS as follows I(Y; s|b)MSS ≤ NN0 2 log ( σ2x +D |σ2x −D| ) . (5.11) The proof details can be found in Appendix D.5. From (5.11), we note that, similar to the SS scheme, the information leakage per dimension for MSS is independent of N . On the other hand, in contrary to the SS scheme, the information leakage for MSS has a linear relationship with the number of observations, N0. Also, the analysis in (5.11) suggests that the mutual information goes to infinity when DWR tends to be 0 dB, though it is worth mentioning that the DWR is always much higher than 0 dB in practical watermarking applications. 5.4 Security Analysis of CASS and CAISS Schemes under KMCA and KMA For security analysis of the SS, ISS, and MSS embedding schemes, we can consider the KMA scenario since KMA is a powerful attack for SS, ISS and MSS. However, for the CASS (5.4) and CAISS (5.5) embedding schemes, since both the embedded information bit and the sign of the correlation between the signature code and the host signal are used for embedding, while 80 5.4. Security Analysis of CASS and CAISS Schemes under KMCA and KMA the attacker is assumed to only have access to the embedded message bits in KMA, the KMA scenario is not sufficiently powerful. To better understand the security limit of the CASS and CAISS schemes, we therefore need to propose a more powerful attack by taking advantage of the specific properties of CASS and CAISS embedding (e.g., both the embedded bits and the correlation information are explored in CASS and CAISS embedding). More specifically, since both the host signal and the signature code are assumed to be random variables, the sign of their correlation is a random variable as well, we introduce a new attack for the CASS and CAISS schemes, called the known message and correlation attack (KMCA), where the attacker knows not only the information about the embedded messages but also the signs of the correlations between the host signals and the signature code. If the attacker does not know the correlation information, the KMCA is reduced to the conventional KMA. It is worth noting that, since the attacker is assumed to have no access to the signature code, in practice he/she generally has no access to the sign information of the correlation between the host signal and the signature code. Here, we assume that such correlation information is provided to the attacker in KMCA. 5.4.1 CASS and CAISS Schemes under KMCA Under the KMCA scenario, for N0 watermarked signals Y = [y1, ...,yN0 ], we further assume that the associated N0-bit message b = [b1, ..., bN0 ] T and the signs of the correlations between the N0 host signals and the signature code are available to the attacker. We can define the information leakage about the signature code as the mutual information between the observations Y = [y1, ...,yN0 ] and the signature code s given b = [b1, ..., bN0 ] and g = [g1, ..., gN0 ] T as: I(Y; s|b,g) = h(Y|b,g) − h(Y|b,g, s), (5.12) where the ith element of g is defined as the sign of the correlation between the i-th host signal vector and the signature code, i.e., gi = sign{sTxi}. In Appendix D.2, we can derive that the information leakage of CAISS under the KMCA scenario is expressed as: I(Y; s|b,g)CAISS ≤ −N0 2 log(1− λhN) +N0 log(2) + N 2 ( 1 2 )N0 N0∑ i=0 log ( (1− 2λh + λ2hN)i [ 1 + 1 σ2x ( i(D(2 − α)− λ2hNσ2x) 1− 2λh + λ2hN + (N0 − i)αD )])( N0 i ) . (5.13) When λh = 0, CAISS is reduced to the CASS scheme, and the corresponding information leakage 81 5.4. Security Analysis of CASS and CAISS Schemes under KMCA and KMA for the CASS embedding can be expressed as: I(Y; s|b,g)CASS ≤ N 2 ( 1 2 )N0 N0∑ i=0 log ( 1 + D σ2x (2i− 2iα +N0α) )( N0 i ) +N0 log(2). (5.14) 5.4.2 CAISS and CASS Schemes under KMA In this subsection, for considering the security of the CAISS scheme under the conventional KMA scenario, it is assumed that the attacker only has access to the embedded message b. In the previous subsection, the information leakage of the CAISS scheme under KMCA is derived, where the attacker has access to both the embedded message bits b and the signs of the correlations between the host signals and the signature code. In Appendix D.3 has been shown that the information leakage of the CAISS scheme under the KMA is expressed as I(Y; s|b)CAISS ≤ NN0 2 log ( 1 2 (2− 2λh + λ2hN) + 1 4σ2x [√ αD − √ D(2− α)− λ2hNσ2x ]2) + N 2 log 1 + N0 4 [√ αD + √ D(2− α) + λ2hNσ2x ]2 σ2x 2 (2− 2λh + λ2hN) + 14 [√ αD − √ D(2− α)− λ2hNσ2x ]2 − N0 2 log(1− λhN).(5.15) By replacing λh with zero in (5.15), the information leakage of the CASS scheme under the KMA is obtained as I(Y; s|b)CASS ≤ NN0 2 log ( 1 + 1 4σ2x [√ αD − √ D(2− α) ]2) + N 2 log 1 + N0 4 [√ αD + √ D(2− α) ]2 σ2x + 1 4 [√ αD −√D(2− α)]2 . (5.16) In order to know the relation between the information leakage of the CASS and CAISS schemes in the KMA and KMCA, in Appendix D.4, it has been shown that I(Y; s|b)CAISS < I(Y; s|b,g)CAISS , I(Y; s|b)CASS < I(Y; s|b,g)CASS . (5.17) In (5.17), the left side of the inequalities are the information leakage under the KMA scenario and the right side of the inequalities are the information leakage under the KMCA scenario. Thus, it reveals that the information leakage of the CASS and CAISS schemes under the KMCA is more than the leakage under the KMA scenario. As a result, it suggests that KMCA is a more powerful attack for CAISS and CASS embedding. This phenomenon could be intuitively 82 5.5. Practical Estimators of the Signature Code for SS Schemes explained as follows: When the attacker has access to both the embedded message and the signs of the correlations between the host signals and the signature code, he/she has more information about the signature code when compared with the KMA case where he/she only has access to the embedded message. It is thus expected that there is more information leakage of the signature code under KMCA than under the KMA scenario. Analytical comparison of the information leakages of the ISS (5.10) and CAISS (5.15) under KMA is complicated and the superiority of one over the other is not clear. Therefore, the behaviors of them will be illustrated through numerical simulations in section 5.6. The point that should be mention is that for high values of DWR, the exact information leakage of the indicated SS schemes approaches to the provided upper bounds. 5.5 Practical Estimators of the Signature Code for SS Schemes Having analyzed the information leakage of different SS embedding schemes, we proceed to consider the practical estimators of the signature code under the KMA and KMCA scenarios. In practice, to have a practical quantitative understanding of the security level associated with each embedding scheme, one important issue raised regarding the information-theoretic expression of the information leakage is that how well the leaked information can be useful for accurately estimating the unknown signature code. Generally, the accuracy of the estimation depends on the specific signature code estimator and the available information to the attacker. The importance of the first factor is obvious since different estimators could yield different estimation accuracy. The second factor is the available information on the attacker’s side that he could use to estimate the signature code. Such information could include the side information (e.g., the embedded message bits) and the leaked information (e.g., observations of the watermarked signals). For instance, the side information available to the attacker is the embedded messages under KMA, while both the embedded messages and the signs of the correlations between the host signals and the signature code are available under KMCA. Since the attacker in the KMCA has more side information than in the KMA scenario, the attacker is possible to design a more accurate estimator in KMCA than in the KMA scenario. It is important to note the above factors jointly contribute to the overall estimation accuracy, and relying on only one factor could be misleading. For the additive SS embedding scheme (5.1) under the KMA scenario, it has been in [17] shown that the maximum likelihood (ML) estimator of the signature code s has the following form: ŝ = sign{YTb}. (5.18) For the ISS embedding scheme (5.2) under the KMA scenario, we could not get a closed- 83 5.5. Practical Estimators of the Signature Code for SS Schemes form expression of the ML estimator using f(Y|s,b), i.e., the PDF of the observations given the signature code and the information bits. Thus, we consider the test statistic of the decoder, i.e., zi = y T i s, which leads to the PDF of the test statistic given the signature code and information bits in the form of f(YT s|s,b). The ML estimator of the signature code based on this PDF has been obtained in [117] under the KMA scenario as: ŝ = sign {( YYT )−1 YTb } . (5.19) For the MSS embedding scheme (5.7) under the KMA scenario, we show in Appendix D.6 that the ML estimator can be expressed as: ŝ = sign { 1 σ2x N0∑ i=1 (Yi ⊙Yi)bi − (1 + D σ2x )(1Tb)1 } , (5.20) where 1 = [1, ..., 1]T and ⊙ denotes the element by element multiplication operation. For the CAISS embedding scheme (5.5) under the KMCA scenario, we could not get a closed form solution of the ML estimator of the signature code. In order to find a practical and efficient estimator, we propose exploring the constrained least squares estimation. Based on the CAISS embedding (5.5) and the test statistic at the decoder side (zi = y T i s), we can define a cost function as J = ∑ i∈{N2,N4} (yTi s−NA2bi)2 + ∑ i∈{N1,N3} (yi − sA1bi)T (yi − sA1bi), (5.21) where N1, N2, N3, and N4 are the subsets of the signal indices where s Tx > 0 and b = 1, sTx < 0 and b = 1, sTx < 0 and b = −1, sTx > 0 and b = −1, respectively. With some simplifications, we show that the estimator can be obtained by solving the following minimization problem, ŝ = argmin s ( 1 2 sTQs+ cT s) , subject to Hs ≤ p, (5.22) where Q = ∑ i∈{N2,N4} yiy T i + 2A 2 1I , c = − ∑ i∈{N2,N4} NA2yibi − ∑ i∈{N1,N3} A1yibi H = [−YTN1 ; YTN3 ; YTN2 ;−YTN4 ],p = [−NA111×lN1 −NA111×lN3NA211×lN2NA211×lN4 ]T . (5.23) 84 5.6. Results and Discussions where lN1 , lN2 , lN3 , and lN4 are the numbers of the observations within the subsets N1, N2, N3, and N4, respectively. In addition, YN1 , YN2 , YN3 , and YN4 are the matrices containing the observations in the subsets N1, N2, N3, and N4, respectively. It should be mentioned that the constraints represented above are the results of the a priori information about the signs of the correlations between the host signals and the signature code. In order to explain it, the test statistic at the decoder side (zi = y T i s) according to the embedding scheme (5.5) should be considered. Regarding the test statistic and for different subsets of the observations, we should have YTN1s > NA11lN1×1, Y T N4 s > −NA21lN4×1, YTN3s < −NA11lN3×1, and YTN2s < NA21lN2×1. The matrix form of these constraints can be expressed in (5.22) and (5.23). For the CAISS embedding scheme (5.5) under the KMA scenario, since information about the correlations between the signature code and the host signals is not available to the attacker, there is no closed-form solution for the ML estimator. With only the embedded message bits are available to the adversary, we can employ a heuristic cost function as J = ∑N0 i=1[(yi − sA1bi) T (yi− sA1bi)+ (yi− sA2bi)T (yi− sA2bi)]. It leads to a practical estimator for the CAISS scheme under the KMA scenario, which has the form of (5.18). In order to find an estimator for the CASS scheme (5.4) under the KMCA scenario, simi- lar to the CAISS case, we propose exploring the constrained least squares estimation. Based on the CASS scheme (5.4), we define a cost function as J = ∑ i∈{N2,N4}(yi − sA2bi)T (yi − sA2bi) + ∑ i∈{N1,N3}(yi − sA1bi)T (yi − sA1bi). We can show that minimizing this cost function subject to the constraints related to the available correlation information can be formulated as a constrained minimization problem as in (5.22), where Q = [(lN1 + lN3)A 2 1 + (lN2 + lN4)A 2 2]I, c = −0.5∑i∈{N2,N4}A2yibi−0.5∑i∈{N1,N3}A1yibi, andH and p are defined the same as (5.23). For the CASS scheme under the KMA scenario, since information about the correlations between the signature code and the host signals are not available, similar to the CAISS case, we employ the estimator in the form of (5.18). The performance of the estimators described above will be investigated next in section 5.6. 5.6 Results and Discussions In this section, we first investigate the information leakage behaviors of different SS schemes pre- sented in Sections 5.3 and 5.4 and their information leakages are compared under the KMA and KMCA scenarios. Further, the performances of the estimators of the signature code described in Section 5.5 are presented and compared. 85 5.6. Results and Discussions 5.6.1 On the Theoretical Security Results In general, for different SS schemes, we note that the mutual information security measure is a function of several factors including DWR, N , and N0. We therefore investigate the effects of different factors on the security of the SS schemes. The information leakage per dimension plots are reported in this section. First, we compare the information leakage per dimension for the SS (5.9) and ISS (5.10) schemes. Figure 5.1 reports the effects of DWR on the information leakage per dimension result for different values of N when N0 = 100. Our theoretical analysis reveals that the information leakage per dimension for the SS scheme is independent of the dimension of the received signal N , and this conclusion is supported by Figure 5.1. We also observe that the ISS scheme always yields higher information leakage than that of the SS scheme, and increasing N leads to higher information leakage in ISS. From our previous analysis of information leakage for the ISS scheme in Section 5.3, we note that when λ tends to 1/N , the information leakage theoretically goes to infinity. Intuitive explanation of this behavior could shed some lights on different behaviors of the SS and ISS schemes. This observation can be explained by exploiting the decoder structure of the ISS scheme: To decode the embedded message bits, the decoders for the SS, ISS, and CAISS schemes all use a test statistic as z = yT s where z follows Gaussian distribution with fixed variance for the SS scheme for all DWR values. For the ISS scheme, the test statistic z follows a Gaussian distribution whose variance depends on the parameter λ. When λ gradually approaches 1/N , the variance of z becomes smaller and smaller and its PDF is squeezed more and more. This is indeed the motivating idea behind the host rejection of ISS which tries to squeeze the distribution of the test statistic z as much as possible to avoid PDF leakage and thus improve the decoding performance. Once λ is 1/N , the test statistic z becomes a deterministic value NAb. Therefore, suppose the attacker tries to estimate the signature code when λ = 1/N based on N0 observations. He could verify the estimated signature code by multiplying the estimate with the observations to check whether the result is equal to NAb or not. In other words, the security level of ISS is very low λ = 1/N while when the parameter λ is less than 1/N , the test statistic z is a random variable, not a fixed deterministic value. The above discussion clearly shows that there is a trade-off between the security level and decoding performance for the ISS scheme: On one hand, approaching λ to 1/N can avoid PDF leakage and improve the decoding performance; On the other hand, less PDF leakage makes the attack (estimating the signature code) simpler and more efficient. The SS scheme does not exploit any host rejection method and thus less information leaks out from the watermarked observations. However, though SS’s security level is higher than that of ISS, its decoding performance is generally worse than that of ISS. Figure 5.2 investigates the effects of the number of observationsN0 on the information leakage 86 5.6. Results and Discussions per dimension. As expected, increasing the number of observations leads to more information leakage for both SS and ISS schemes. In other words, when more watermarked observations are available, the attacker could estimate the signature code more accurately. Different DWRs are studied in Figure 5.2, where a smaller DWR yields more information leakage. This behavior is expected because a smaller DWR means larger watermark. We also note from Figure 5.2 that the difference between the leakages for the ISS scheme at different DWRs is larger than that of the SS scheme. This is because, as the DWR decreases, the parameter λ in the ISS scheme is closer to 1/N which causes more information leakage. Decreasing the DWR in the SS scheme does not have such PDF squeezing effect on the test statistic and therefore the difference between the information leakages of the SS scheme at different DWRs is smaller than in the ISS scheme. Both the CASS and CAISS embedding schemes contain the parameter α, which affects the security measure under the KMA scenario. To investigate the effects of α, with DWR = 25 dB and N = 100, Figure 5.3 shows the upper bound of information leakage of the CAISS scheme when employing different values of α (5.15), and the results are compared with the information leakage of ISS under the KMA scenario (5.10). It is clear that the information leakage of the CAISS scheme changes as a function of the parameter α. As α increases, the information leakage of CAISS decreases and can be smaller than that of ISS. It is worth recalling that, for all values of α, the CAISS scheme consistently provides a better decoding performance than that of ISS. We now try to intuitively explain the security behavior of CAISS when different α is em- ployed. Similar to the ISS case, exploiting the test statistic of the decoder could help explain the information leakage behavior of CAISS. Recalling the embedding structure of the CAISS scheme in (5.5), it is noted that the CAISS scheme is a combination of the SS and ISS schemes according to the correlation between the host signal and the watermark signature code. This conditional embedding of the CAISS scheme has two effects: On one hand, since λh is always greater than or equal to λ, CAISS results in more host rejection than that of ISS. In other words, when b = 1 and xT s < 0, or when b = −1 and xT s > 0, CAISS squeezes the PDF of the test statistic more than ISS does and thus CAISS could result more information leakage than ISS. However, on the other hand, when b = 1 and xT s > 0, or when b = −1 and xT s < 0, CAISS employs SS embedding (i.e., no PDF squeezing occurs) and thus CAISS in these two situations results in less information leakage than ISS. In summary, the total information leakage for the CAISS scheme is contributed by the above two opposite cases. The parameter that could adjust the overall information leakage is α. More specifically, a smaller value of α results in a larger λh which leads to more host rejection and thus more information leakage. A larger value of α results in a smaller λh which leads to less host rejection and thus less information leakage. Therefore, a larger α could result in a CAISS scheme which is more secure than ISS. Since 87 5.6. Results and Discussions CAISS consistently outperforms ISS for all values of α, it means that with certain α, CAISS can be both more secure and provide better decoding performance than ISS. It suggests that one could design an embedding scheme (such as CAISS) which could enhance the security and robustness at the same time. The important observation of Figure 5.3 is that the information leakage of the CAISS scheme could be less than its counterpart in ISS scheme under the KMA scenario. Since CAISS has better decoding performance than the ISS, it reveals that it is possible to design an embedding scheme which could enhance the decoding performance and security at the same time. In order to get some rough idea about the information leakage of the CASS and CAISS schemes under the KMA and KMCA scenarios, Figure 5.4 is presented. It depicts the upper bounds of the CASS and CAISS scheme under the KMCA (5.13)-(5.14) and KMA (5.15)-(5.16) scenarios when DWR = 25 dB, α = 0.8, and N = 100. We could see that upper bounds under the KMCA are above the bounds under the KMA scenario as we expected. Thus, from this figure it could be implied that the KMCA is a more powerful attack than the KMA one for the CASS and CAISS schemes. Figure 5.5 shows the information leakage per dimension plots for the MSS scheme when N = 100. It could be seen from this figure that, as we expected, the information leakage increases when the DWR decreases. To compare the information leakages of different SS schemes under the KMA scenario, Figure 5.6 is reported where DWR = 25 dB, N = 100, and α = 0.8. It can be seen from this figure that the SS scheme has slightly less information leakage than the CASS scheme. It is also observed that MSS has the most information leakage, and ISS and CAISS lie between. To illustrate that the security behaviors of the SS schemes are complicate and affected by factors such as DWR, we consider a different DWR setting. Keeping N and α be the same as in Figure 5.6, Figure 5.7 reports the information leakage plots of different SS schemes when DWR = 21 dB. In this figure, CASS and SS still yields the comparable, least information leakage, while MSS leads to less information leakage than ISS and CAISS has the most leakage. In summary, we could see that the SS and CASS schemes generally yield the least information leakage, however, the security comparisons between other SS schemes are parameter dependent. 5.6.2 On the Practical Estimators As a practical assessment of the security levels of different SS schemes, we now investigate the estimation performances of the signature code estimators for different SS schemes described in Section 5.5. The performances of the estimators are evaluated based on the absolute value of the normalized correlation between the real and estimated signature codes. The performances of these estimators under the KMA scenario are shown in Figure 5.8, where N = 100 and DWR 88 5.6. Results and Discussions = 25 dB. From this figure, we can see that the signature code estimator of MSS outperforms that of ISS, and the estimator of ISS generally outperforms that of SS. These observations are consistent with Figure 5.6 where the leakage of the MSS is more than that of the ISS and SS schemes. Figure 5.9 shows the results under the same settings except that DWR = 21 dB. We can see that in this case the estimator of ISS yields the best estimation performance, followed by that of MSS and SS (together with CASS and CAISS). This is consistent with Figure 5.7 where the ISS and CASS schemes have the most and least leakages under the KMA scenario, respectively. From this figure, we can see that the performances of the estimators of the SS, CASS, and CAISS schemes are very close to each other. In order to investigate the performances of the proposed signature code estimators of the CASS and CAISS schemes under the KMCA scenario, Figure 5.10 is illustrated. It shows that the estimator of the CAISS scheme yields better performance than that of CASS. This observation is also consistent with Figure 5.4, which shows more information leakage of CAISS. Comparing Figure 5.8 and Figure 5.10, we note that the performances of the signature code estimators of the CASS and CAISS schemes under the KMCA scenario are better than the corresponding estimators under the KMA scenario. This could be because of the additional information (correlations between the host signals and the signature code) provided to the attacker under KMCA and thus KMCA is more powerful than KMA. 5.6.3 Important Observations It has been proved that when α < 1, the CASS and CAISS schemes yield better decoding performances than that of the SS and ISS ones. From Figures 5.8 and 5.9, one could see that the performance of estimators in the SS and CASS schemes are almost the same. In addition, we could observe that the estimator in the ISS scheme could end up with better accuracy than the CAISS scheme. It implies that ISS could have more information leakage than the CAISS scheme. Therefore, it is possible to design an embedding scheme (e.g., CAISS) which not only improves the decoding performance but also decreases the information leakage. One point that should be taken into account is that even though the KMCA scenario was proposed for CASS and CAISS embedding scheme, it is possible that attacker uses this attack for obtaining information about the signature code for other SS schemes such as SS and ISS. Investigating the SS under the KMCA is straightforward because when α = 1 the CASS scheme becomes SS scheme. Thus, we could use the estimator for CASS scheme under the KMCA when α = 1. In order to get estimator of the ISS under the KMCA, we follow the approach that was used to obtain the estimator for CAISS scheme. Following (5.21), we could employ the cost function J = ∑N0 i=1(y T i s−NA2bi)2. It leads to the constrained minimization (5.22) where Q = ∑N0 i=1 yiy T i + 2A 2I, c = −∑N0i=1NAyibi, p = NA[−11×lN1 − 11×lN311×lN211×lN4 ]T , and 89 5.6. Results and Discussions 20 25 30 35 0 0.2 0.4 0.6 0.8 1 1.2 1.4 DWR(dB) In fo rm at io n le ak ag e pe r d im en sio n SS ISS N=100 N=300 N=200 Figure 5.1: Upper bounds of information leakage per dimension versus DWR for SS and ISS schemes under the KMA scenario, when N0 = 100. 0 200 400 600 800 1000 0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 N0 In fo rm at io n le ak ag e pe r d im en sio n SS ISS DWR=25dB DWR=30dB Figure 5.2: Upper bounds of information leakage per dimension versus N0 for SS and ISS schemes under the KMA scenario, when N = 100. H has the form of (5.23). It should be recalled that A is the watermark amplitude in the ISS scheme. Figure 5.11 depicts the performance of the signature code estimators for the SS, ISS, CASS, and CAISS schemes under the KMCA scenario. The first point that is observed is that the estimator for the SS scheme is better than its counterpart for CASS scheme. The other observed point is that the performance of the estimator for CAISS scheme, depending on α, could be better or worse than its counterpart for ISS scheme. Therefore, this figure leads us to the conclusion that while the CASS and CAISS schemes have better decoding performance than the SS and ISS schemes could be more secure as well. 90 5.6. Results and Discussions 0 200 400 600 800 1000 0 0.2 0.4 0.6 0.8 1 1.2 1.4 1.6 1.8 2 N0 In fo rm at io n le ak ag e pe r d im en sio n ISS CAISS α=0.5 α=0.9 α=0.7 Figure 5.3: Upper bounds of information leakage per dimension versus N0 for the ISS and CAISS schemes under the KMA scenario, when DWR = 25 dB and N = 100. 0 200 400 600 800 1000 0 1 2 3 4 5 6 7 8 9 N0 In fo rm at io n le ak ag e pe r d im en sio n CASS−KMCA CASS−KMA CAISS−KMCA CAISS−KMA Figure 5.4: Upper bounds of information leak- age per dimension versus N0 for CASS and CAISS schemes under KMA and KMCA scenarios when DWR = 25 dB, N = 100, and α = 0.8. 0 200 400 600 800 1000 0 0.5 1 1.5 2 2.5 3 3.5 N0 In fo rm at io n le ak ag e pe r d im en sio n DWR=25dB DWR=35dBDWR=30dB Figure 5.5: Upper bounds of information leakage per dimension versus N0 plots for the MSS scheme under the KMA scenario, when N = 100. 0 200 400 600 800 1000 0 0.5 1 1.5 2 2.5 3 3.5 N0 In fo rm at io n le ak ag e pe r d im en sio n SS ISS CAISS MSS CASS Figure 5.6: Upper bounds of information leakage per dimension versus N0 for the SS, ISS, and MSS, CASS, and CAISS schemes under the KMA sce- nario, when DWR = 25 dB,N = 100, and α = 0.8. 91 5.6. Results and Discussions 0 200 400 600 800 1000 0 2 4 6 8 10 12 14 N0 In fo rm at io n le ak ag e pe r d im en sio n SS ISS CAISS MSS CASS Figure 5.7: Upper bounds of information leakage per dimension versus N0 for the SS, ISS, CASS, and CAISS schemes under the KMA scenario, when DWR = 21 dB, N = 100, and α = 0.8. 200 300 400 500 600 700 800 900 1000 0.2 0.3 0.4 0.5 0.6 0.7 0.8 0.9 1 N0 Ab so lu te o f n or m al ize d co rre la tio n SS ISS MSS CAISS CASS Figure 5.8: Performance illustrations of different estimators of the signature code under KMA: The average normalized correlation between the esti- mated and actual signature codes versus N0 plots for the SS, ISS, MSS, CASS, and CAISS schemes, when DWR = 25 dB, N = 100, and α = 0.8. 200 300 400 500 600 700 800 900 1000 0.65 0.7 0.75 0.8 0.85 0.9 0.95 1 N0 Ab so lu te o f n or m al ize d co rre la tio n SS ISS MSS CAISS CASS Figure 5.9: Performance illustrations of different estimators of the signature code under KMA: The average normalized correlation between the esti- mated and actual signature codes versus N0 plots for the SS, ISS, MSS, CASS, and CAISS schemes, when DWR = 21 dB, N = 100, and α = 0.8. 200 300 400 500 600 700 800 900 1000 0.4 0.5 0.6 0.7 0.8 0.9 1 N0 Ab so lu te o f n or m al ize d co rre la tio n CAISS−KMCA CASS−KMCA CAISS−KMA CASS−KMA Figure 5.10: Performance illustrations of differ- ent estimators of the signature code under KMA and KMCA: The average normalized correlation between the estimated and actual signature codes versus N0 plots for the CASS and CAISS schemes, when DWR = 25 dB, N = 100, and α = 0.8. 92 5.7. Conclusion 200 300 400 500 600 700 0.75 0.8 0.85 0.9 0.95 1 N0 Ab so lu te o f n or m al ize d co rre la tio n CAISS,α=0.8 ISS CAISS,α=0.3 SS CASS,α=0.8 Figure 5.11: Performance illustrations of different estimators of the signature code under KMCA: The average normalized correlation between the estimated and actual signature codes versus N0 plots for the SS, ISS, CASS, and CAISS schemes, when DWR = 25 dB, N = 100. 5.7 Conclusion By exploiting Shannon’s mutual information between the watermarked observations and the signature code given the embedded message bits, we provided the security analysis of the SS- based embedding schemes, including ISS, MSS, CASS, and CAISS schemes. More specifically, we derived the upper bound of information leakage about the signature code from the observations under the KMA scenario. To better understand the security behavior of the CASS and CAISS schemes, a more powerful attack, the known message and correlation attack, was introduced in this chapter. We proved that, measured by the information leakage measure, the information leakage of the CASS and CAISS schemes under the KMCA is more than the counterparts in the KMA scenario which implies that KMCA is a more powerful attack for the correlation-aware schemes. We also described several estimators of the signature code for different embedding schemes, and we investigated the estimation accuracy of the signature code estimators. We used the simulation to show that for some values of α, the CAISS has less information leakage than its counterpart ISS scheme, while CAISS generally provides better decoding performances than that of ISS. This observation suggests that it is possible to design an embedding scheme (such as CAISS scheme) which could both enhance the decoding performance and the security level. 93 Chapter 6 Thesis Summary and Future Research Topics In this chapter, in Section 6.1, we summarize our results and highlight the contributions of this thesis. Then, in Section 6.2, we point out some directions for future research. 6.1 Summary of Results This thesis focused on different SS embedding schemes for data hiding, named as the additive SS, ISS, and MSS. We investigated these SS embedding schemes, and further developed improved SS schemes to improve the decoding performances. In Chapter 2, we proposed modified SS and ISS embedding schemes for embedding in the DFT magnitude domain. We then presented the optimal decoders for the corresponding schemes in the DCT and DFT magnitude domains. Based on the decoder structures, we presented decoding performance analysis of the SS and ISS schemes in these domains. Experimental results showed that in the absence of additional attack and having access to the watermark amplitude, embedding in the magnitude of DFT domain ends up with better decoding performance. In addition, in oder to have a more practical decoders which do not need watermark amplitude at the cost of performance degradation, suboptimal decoders of LOD and LMMSE were proposed. Experimental results showed that suboptimal decoders in the DCT domain are preferred to their counterparts in the magnitude of DFT domain. Moreover, LMMSE decoder provides better performance than the LOD. In Chapter 3, we introduced the concept of correlation-and-bit-aware for additive SS schemes. We showed that exploiting the information about the correlation of the host signal and signature code could help removing the interference effect of the host signal more effectively. Based on this concept, we proposed CASS and CAISS embedding schemes. Through theoretical error probability analysis, we proved that the CASS scheme outperforms SS scheme and CAISS scheme outperforms SS and ISS schemes. Simulation results showed that the CAISS scheme could improve the decoding performance significantly. Furthermore, we proved that using CASS and CAISS schemes could increase the payload compared with traditional SS schemes. In order to 94 6.2. Future Work have a comprehensive investigation on the CASS and CAISS schemes, their theoretical error probability in the presence of additional noise was derived and the simulation results depicted the superiority of the proposed schemes over the traditional ones. In Chapter 4, we presented the theoretical performance analysis of the MSS scheme. We showed that even though the MSS scheme could provide a content based watermark, it suffers from interference effect of the host signal and this is the cause of its performance degradation. We exploited the decoder structure in order to come up with the MSS-based scheme which could remove the interference effect efficiently. Based on this idea, we proposed IMSS which could improve the decoding performance greatly. We showed that IMSS uses some available information, such as correlation between the host signal and the signature code and correlation of the host signal with itself, at the encoder side to remove the host effect and improve the performance. We also presented the theoretical decoding performance of the IMSS scheme in the presence of additional noise and ran the simulations for showing the superiority of the proposed IMSS over the conventional one. In Chapter 5, we exploited Shannon’s mutual information to study the security of the SS schemes. More specifically, we provided upper bounds of information leakage for the ISS, MSS, CASS, and CAISS schemes under the KMA scenario. Since the CASS and CAISS schemes use the correlation between the host signal and signature code, we proposed the KMCA scenario. We showed that KMCA is a more powerful attack than the KMA and could provide more information about the signature code for the attacker. In order to provide some practical understanding of the information leakage, we presented some signature code estimators that could be exploited by the attacker in the KMA and KMCA scenarios. We showed that it is possible to tune the parameters in the CAISS scheme to have less leakage than the ISS one. It implies that it might be possible to design an embedding scheme to improve the decoding performance and enhance the security at the same time. 6.2 Future Work In the following, we propose some ideas for further research that can be accomplished based on the work of this thesis. 6.2.1 Correlation-and-Bit-Aware Concept for IMSS Scheme In Chapter 4, we considered the MSS scheme and proposed the IMSS scheme to improve the decoding performance. The proposed IMSS scheme reduces the interference effect of the host signal to improve the decoding performance. However, it is possible that we could further remove the host signal effect more efficiently. In Chapter 3, we introduced the correlation-and-bit-aware 95 6.2. Future Work concept which helps removing the interference effect by splitting the PDF of the test statistic at the decoder side. CASS and CAISS were designed by exploiting the decoder structure and the correlation-and-bit-aware concept. We could apply the same correlation-and-bit-aware concept to remove the host signal in IMSS more effectively. More specifically, since we have access to the decoder structure of the IMSS and the message bits at the encoder side, it is possible to develop two modified MSS-based schemes, similar to CASS and CAISS, which can remove the host effect and improve the decoding performance. 6.2.2 New Security Measure Exploiting the Decoder Structure In Chapter 5, we considered the security of the SS schemes using the mutual information between the observations and the signature code. Since the observations represent the embedding scheme, the mutual information based security analysis only exploits the embedding side information. We know that there is also a relationship between the extracted bits and the decoder, since the decoder by invoking the signature code could extract the hidden bits correctly. On the other hand, in the KMA, the attacker has access to the embedded bits. Therefore, the attacker could examine the integrity of the signature code by employing it in the decoder structure. Therefore we could see that the decoder also could play an important role for watermarking security attack. The current security measure, i.e., Shannon’s mutual information, does not exploit the decoder structure. We believe that proposing a security measure which could exploit both the embedding side and the decoder side structures may lead to more meaningful watermarking security analysis. Since the test statistic comprises both the observations and the decoder structure, it might be used to define a security measure that takes into account both sides of embedding and decoding. More specifically, one such measure could include the mutual information between the test statistic at the decoder side and the signature code. 6.2.3 Data Hiding in the Encrypted Domain Although this thesis focused on data hiding as a post-decryption protection scheme, there are some applications that data hiding alone is not sufficient. For instance, there are military and medical applications that we need to have a confidential transmission and thus cryptography is necessary. Therefore, it is interesting to develop a joint cryptography - data hiding system which could protect the contents from unauthorized parties. The encryption side of the sys- tem scrambles the data to make it unreadable for unauthorized parties and thus can provide pre-delivery protection and the data hiding side could provide post-delivery protection. This ensemble protection system has attracted research attentions recently [14]. This system should be able to embed a message in the encrypted domain such that the corresponding decrypted domain contains the message. It could help to enhance the security of the applications where the 96 6.2. Future Work content should be processed by a non-trusted third party. One application for data hiding in the encrypted domain is for buyer-seller watermarking protocols [94] which prevents the seller from obtaining the watermarked copy of the buyer. The content containing the buyer’s watermark can not be distributed illegally to the third parties by the seller. We plan to pursue this direction by developing a joint cryptography - data hiding system by incorporating the ideas proposed in this thesis. 97 Bibliography [1] A. Abrardo and M. Barni. Informed watermarking by means of orthogonal and quasi- orthogonal dirty paper coding. IEEE Trans. Signal Process., 53(2):824–833, 2005. [2] P. Agarwal and B. Prabhakaran. Robust blind watermarking of point-sampled geometry. IEEE Trans. Inform. Forens. Sec., 4(1):36–48, 2009. [3] M. A. Akhaee, S. M. E. Sahraeian, and F. Marvasti. Contourlet-based image watermarking using optimum detector in a noisy environment. IEEE Trans. Image Process., 19(4):967– 980, 2010. [4] A. Azzalini. The skew-normal distribution and related multivariate families. Scandinavian Journal of Statistics, 32:159–188, 2005. [5] C. Baras, N. Moreau, and P. Dymarski. Controlling the inaudibility and maximizing the robustness in an audio annotation watermarking system. IEEE Trans. Audio Speech Lang. Process., 14(5):1772–1782, 2006. [6] M. Barni, F. Bartolini, V. Cappellini, and A. Piva. A dct-domain system for robust image watermarking. Signal Process., 66:357–372, 1998. [7] M. Barni, F. Bartolini, and T. Furon. A general framework for robust watermarking security. Signal Process., 83(10):2069–2084, 2003. [8] M. Barni, F. Bartolini, and A. Piva. Improved wavelet-based watermarking through pixel- wise masking. IEEE Trans. Image Process., 10(5):783–791, 2001. [9] M. Barni, F. Bartolini, A. De Rosa, and A. Piva. Optimum decoding and detection of multiplicative watermarks. IEEE Trans. Signal Process., 51(4):1118–1123, 2003. [10] P. Bas and J. Hurri. Security of dm quantization watermarking schemes: A practical study for digital images. Proc. 4th Int. Workshop Digital Watermarking, 3710:186–200, 2005. [11] N. Bi, Q. Sun, D. Huang, Z. Yang, and J. Huang. Robust image watermarking based on multiband wavelets and empirical mode decomposition. IEEE Trans. Image Process., 16(8):1956–1966, 2007. 98 Bibliography [12] K. A. Birney and T. R. Fischer. On the modeling of dct and subband image for compres- sion. IEEE Trans. Image Process., 4(2):186–193, 1995. [13] G. Boato, F. G. B. De Natale, and C. Fontanari. An improved asymmetric watermarking scheme suitable for copy protection. IEEE Trans. Signal Process., 54(7):2833–2834, 2006. [14] D. Bouslimi, G.Coatrieux, and C. Roux. A joint encryption/watermarking algorithm for verifying the reliability of medical images: Application to echographic images. Comput. Methods Programs Biomed., 106(1):47–54, 2011. [15] A. Briassouli, P. Tsakalides, and M. G. Strintzis. Hidden messages in heavy-tails: dct-domain watermark detection using alpha-stable models. IEEE Trans. Multimedia, 7(4):700–715, 2005. [16] K. Byeong-Seob, R. Nishimura, and Y. Suzuk. Time-spread echo method for digital audio watermarking. IEEE Trans. Multimedia, 7(2):212–221, 2005. [17] F. Cayre, C. Fontaine, and T. Furon. Watermarking security: Theory and practice. IEEE Trans. Signal Process., 53(10):3976–3987, 2005. [18] B. Chen and G. Wornell. Quantization index modulation: A class of provably good methods for digital watermarking and information embedding. IEEE Trans. Inf. Theory, 47(4):1423–1443, 2001. [19] O. T. Chen and W. Wen-Chih. Highly robust, secure, and perceptual-quality echo hiding scheme. IEEE Trans. Audio Speech Lang. Process., 16(3):629–638, 2008. [20] S. Chen and H. Leung. Chaotic watermarking for video authentication in surveillance applications. IEEE Trans. Circuits Syst. Video Technol., 18(5):704–709, 2008. [21] Q. Cheng. Generalized embedding of multiplicative watermarks. IEEE Trans. Circuits Syst. Video Technol., 19(7):978–988, 2009. [22] Q. Cheng and T. S. Huang. Robust optimum detection of transform domain multiplicative watermarks. IEEE Trans. Signal Process., 51(4):906–924, 2003. [23] R. J. Cintra, V. S. Dimitrov, R. M. Campello de Souza, and H. M. de Oliveira. Fragile wa- termarking using finite field trigonometrical transforms. Signal Process. Image Commun., 24:587–597, 2009. [24] P. Comesana, L. Prez-Freire, and F. Perez-Gonzalez. Fundamentals of data hiding security and their application to spread spectrum analysis. 7th Information Hiding Workshop, ser. Lect. Notes Comput. Sci., 2005. 99 Bibliography [25] M. H. M. Costa. Writing on dirty paper. IEEE Trans. Inform. Theory, IT(29):439–441, 1983. [26] T. M. Cover and J. A. Thomas. Elements of information theory. Wiley, 2006. [27] I. J. Cox. Digital watermarking and steganography. Morgan Kaufmann Publishers, 2008. [28] I. J. Cox, J. Kilian, F. T. Leighton, and T. Shanon. Secure spread spectrum watermarking for multimedia. IEEE Trans. Image Process., 6(12):1673–1687, 1997. [29] W. Diffie and M. Hellman. New directions in cryptography. IEEE Trans. Inform. Theory, 22(6):644–654, 1976. [30] G. Dominguez-Conde, P. Comesana, and F. Perez-Gonzalez. Performance analysis of fridrichgoljan self-embedding authentication method. IEEE Trans. Inform. Forens. Sec., 4(3):570–577, 2009. [31] J. Eggers and B. Girod. Informed watermarking. Springer, 2002. [32] S. Erkucuk, S. Krishnan, and M. Zeytinoglu. A robust audio watermark representation based on linear chirps. IEEE Trans. Multimedia, 8(5):925–936, 2006. [33] E. Esen and A. A. Alatan. Robust video data hiding using forbidden zone data hiding and selective embedding. IEEE Trans. Circuits Syst. Video Technol., 21(8):1130–1138, 2011. [34] H. Farid. A survey of image forgery detection. IEEE Signal Processing Magazine, 26(2):16– 25, 2009. [35] C. Fei, D. Kundur, and R. H. Kwong. Analysis and design of secure watermark-based authentication systems. IEEE Trans. Inform. Forens. Sec., 1(1):43–55, 2006. [36] T. Filler, J. Judas, and J. Fridrich. Minimizing additive distortion in steganography using syndrome-trellis codes. IEEE Trans. Inform. Forens. Sec., 6(3):920–935, 2011. [37] P. Y. Fulchiron, F. B. O’Donovan, G. C. M. Silvestre, and N. J. Hurley. A synchroni- sation method for informed spread-spectrum audio watermarking. Journal of Systemics, Cybernetics and Informatics, pages 11–17, 2003. [38] T. Furon and P. Duhamel. An asymmetric watermarking method. IEEE Trans. Signal Process., 51(4):981–995, 2003. [39] M. George, J. Y. Chouinard, and N. Georganas. Digital watermarking of images and video using direct sequence spread spectrum techniques. IEEE conf. Electrical Comput. Eng., pages 116–121, 1999. 100 Bibliography [40] L. Ghouti, A. Bouridane, M.K. Ibrahim, and S. Boussakta. Digital image watermarking using balanced multiwavelets. IEEE Trans. Signal Process., 54(4):1519–1536, 2006. [41] G. H. Golub and C. F. V. Loan. Matrix Computations. ohns Hopkins Univ. Press, 1996. [42] P. Guccione and M. Scagliola. Hyperbolic rdm for nonlinear valumetric distortions. IEEE Trans. Inform. Forens. Sec., 4(2):25–35, 2009. [43] F. Guerrini, M. Okuda, N. Adami, and R. Leonardi. High dynamic range image wa- termarking robust against tone-mapping operators. IEEE Trans. Inform. Forens. Sec., 6(2):283–295, 2011. [44] P. Guzik, A. Matiolanski, and A. Dziech. Real data performance evaluation of caiss watermarking scheme. Communications in Computer and Information Science, 287:139– 147, 2012. [45] F. Hartung and M.Kutter. Multimedia watermarking techniques. Proc. IEEE, 87(7):1079– 1107, 1999. [46] S. He, D. Kirovski, and M. Wu. High-fidelity data embedding for image annotation. IEEE Trans. Image Process., 18(2):429–435, 2009. [47] J. R. Hernandez, M. Amado, and F. Perez-Gonzalez. Dct-domain watermarking techniques for still images: Detection performance analysis and a new structure. IEEE Trans. Image Process., 9(1):55–68, 2000. [48] K. Hofbauer, G. Kubin, and W. B. Kleijn. Speech watermarking for analog flat-fading bandpass channels. IEEE Trans. Audio Speech Lang. Process., 17(8):1624–1637, 2009. [49] http://bows2.ec lille.fr/. [50] Y. Hu and D. Z. Han. Using two semi fragile watermark for image authentication. Proc. Conf. Machine Learning and Cybernetics, 9:5484–5489, 2005. [51] B. Huang and S. Tang. A contrast-sensitive visible watermarking scheme. IEEE Trans. Multimedia, 13(2):60–66, 2006. [52] F. Huang, J. Huang, and Y. Q. Shi. New channel selection rule for jpeg steganography. IEEE Trans. Inform. Forens. Sec., 7(4):1181–1191, 2012. [53] S. Huang and J. K. Wu. Optical watermarking for printed document authentication. IEEE Trans. Inform. Forens. Sec., 2(2):164–173, 2007. 101 Bibliography [54] X. Huang and B. Zhang. Statistically robust detection of multiplicative spread spectrum watermarks. IEEE Trans. Inform. Forens. Sec., 2(1):1–13, 2007. [55] Y. Huang, S. Tang, and J. Yuan. Steganography in inactive frames of voip streams encoded by source codec. IEEE Trans. Inform. Forens. Sec., 6(2):296–306, 2011. [56] Y. Isukapalli and B. D. Rao. An analytically tractable approximation for the gaussian q-function. IEEE Trans. Comm. Lett., 12(9):669–671, 2008. [57] T. Kalker. Considerations on watermark security. Proc. Multimedia Signal Process., pages 201–206, 2001. [58] X. Kang, J. Huang, and W. Zeng. Improving robustness of quantization-based image watermarking via adaptive receiver. IEEE Trans. Multimedia, 10(6):953–959, 2008. [59] I. G. Karybali and K. Berberidis. Efficient spatial image watermarking via new perceptual masking and blind detection schemes. IEEE Trans. Inform. Forens. Sec., 1(2):256–274, 2006. [60] S. M. Kay. Fundamentals of statistical signal processing: Estimation theory. Prentice Hall, 1993. [61] A. Kerckhoffs. La cryptographic militaire. J. Sci. Militaires, 9:5–38, 1883. [62] N. Khademi-Kalantari and S. M. Ahadi. A logarithmic quantization index modulation for perceptually better data hiding. IEEE Trans. Signal Process., 19(6):1504–1517, 2010. [63] T. Kin, Z. Xiao-Ping, and D. Androutsos. Color image watermarking using multidimen- sional fourier transforms. IEEE Trans. Inform. Forens. Sec., 3(1):16–28, 2008. [64] S. Kirbiz, A. N. Lemma, M. U. Celik, and S. Katzenbeisser. Decode-time forensic water- marking of aac bitstreams. IEEE Trans. Inform. Forens. Sec., 2(4):683–696, 2007. [65] D. Kirovski and H. S. Malvar. Spread spectrum watermarking of audio signals. IEEE Trans. Signal Process., 51(4):1020–1033, 2003. [66] J. M. Konstantinides, A. Mademlis, P. Daras, P. A. Mitkas, and M. G. Strintzis. Blind robust 3-d mesh watermarking based on oblate spheroidal harmonics. IEEE Trans. Mul- timedia, 11(1):23–38, 2009. [67] A. Koz and A. A. Alatan. Oblivious spatio-temporal watermarking of digital video by exploiting the human visual system. IEEE Trans. Circuits Syst. Video Technol., 18(3):326– 337, 2008. 102 Bibliography [68] A. Koz, C. Cigla, and A. A. Alatan. Watermarking of free-view video. IEEE Trans. Image Process., 19(7):1785–1797, 2010. [69] A. Koz and C. Delpha. Adaptive selection of embedding locations for spread spectrum watermarking of compressed audio. Digital Forensics and Watermarking, pages 97–110, 2012. [70] M. Kutter and F. A. P. Petitcolas. A fair benchmark for image watermarking systems. Security and Watermarking of Multimedia Contents, 3657:1–14, 1999. [71] K. Kwangtaek, M. Barni, and H. Z. Tan. Roughness-adaptive 3-d watermarking based on masking effect of surface roughness. IEEE Trans. Inform. Forens. Sec., 5(4):721–733, 2010. [72] L. Lecornu, B. Sankur, and Ch. Roux. A review of image watermarking applications in healthcare. Proc. Int. Conf. IEEE EMBS, 51(4):4691–4694, 2006. [73] H. Y. Lee, H. Kim, and H. K. Lee. Robust image watermarking using local invariant features. Opt. Eng., 45(3):1–11, 2006. [74] Z. Li, Q. Sun, and Y. Lian. Design and analysis of a scalable watermarking scheme for the scalable audio coder. IEEE Trans. Signal Process., 54(8):3064–3077, 2006. [75] S. Lian, Z. Liu, Z. Ren, and H. Wang. Commutative encryption and watermarking in video compression. IEEE Trans. Circuits Syst. Video Technol., 17(6):774–778, 2007. [76] W. Lie and L. Chang. Robust and high-quality time-domain audio watermarking based on low-frequency amplitude modification. IEEE Trans. Multimedia, 8(1):46–59, 2006. [77] C. Lihong and W. Li. Adaptive multiwavelet-based watermarking through jpw masking. IEEE Trans. Image Process., 20(4):1047–1060, 2011. [78] H. Y. S. Lin, H. Y. M. Liao, L. Chun-Shien, and L. Ja-Chen. Fragile watermarking for authenticating 3-d polygonal meshes. IEEE Trans. Multimedia, 7(6):997–1006, 2005. [79] S. D. Lin and C. Chin-Feng. A robust dct-based watermarking for copyright protection. IEEE Trans. Consum. Elect., 46(3):415–421, 2000. [80] L. Liu and X. Li. Watermarking protocol for broadcast monitoring. IEEE Conf. E-Business E-Government, pages 1634–1637, 2010. [81] L. Liu, L. Lu, and D. Peng. The design of secure video watermarking algorithm in broad- cast monitoring. IEEE Conf. Information Automation, pages 476–480, 2008. 103 Bibliography [82] T. Liu and W. Tsai. Generic lossless visible watermarkinga new approach. IEEE Trans. Image Process., 19(5):1224–1235, 2010. [83] W. Liu, L. Dong, and W. Zeng. Optimum detection for spread-spectrum watermarking that employs self-masking. IEEE Trans. Inform. Forens. Sec., 2(4):645–654, 2007. [84] C. Lu, S. Huang, C. Sze, and H. Liao. Cocktail watermarking for digital image protection. IEEE Trans. Multimedia, 2(4):209–224, 2000. [85] C. Lu and H. Y. M. Liao. Multipurpose watermarking for image authentication and protection. IEEE Trans. Image Process., 10(10):1579–1592, 2001. [86] Z. Lu, C. Liu, D. Xu, and S. Sun. Semi-fragile image watermarking method based on index constrained vector quantisation. IEEE Electronics Letters, 39(1):35–36, 2003. [87] Z. Lu, D. Xu, and S. Sun. Multipurpose image watermarking algorithm based on multistage vector quantization. IEEE Trans. Image Process., 14(6):822–831, 2005. [88] X. Ma, Z. Li, H. Tu, and B. Zhang. A data hiding algorithm for h.264/avc video streams without intra-frame distortion drift. IEEE Trans. Circuits Syst. Video Technol., 20(10):1320–1330, 2010. [89] K. Maeno, S. Qibin, C. Shih-Fu, and M. Suto. New semi-fragile image authentication watermarking techniques using random bias and nonuniform quantization. IEEE Trans. Multimedia, 8(1):32–45, 2006. [90] H. M. A. Malik, R. Ansari, and A. A. Khokhar. Robust data hiding in audio using allpass filters. IEEE Trans. Audio Speech Lang. Process., 15(4):1296–1304, 2007. [91] S. G. Mallat. A theory of multiresolution signal decomposition: The wavelet representa- tion. IEEE Trans. Pattern Anal. Machine Intell., 11(7):674–693, 1989. [92] H. S. Malvar and D. A. Florencio. Improved spread spectrum: A new modulation technique for robust watermarking. IEEE Trans. Signal Process., 51(4):898–905, 2003. [93] W. Mao. Modern Cryptography Theory and Practice. Prentice Hall, 2004. [94] N. Memon and P. W. Wong. a buyer-seller watermarking protocol. IEEE Trans. Image Process., 10(4):643–649, 2001. [95] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone. Handbook of Applied Cryptography. CRC Press, 1996. 104 Bibliography [96] N. Merhav and E. Sabbag. Optimal watermark embedding and detection strategies under limited detection resources. IEEE Trans. Inf. Theory, 54(1):255–274, 2008. [97] C. Minghua, H. Yun, and R. L. Lagendijk. A fragile watermark error detection scheme for wireless video communications. IEEE Trans. Multimedia, 7(2):201–211, 2005. [98] F. Muller. Distribution shape of two-dimensional dct coefficients of natural images. IEE Electron. Letters, 29(22):1935–1936, 1993. [99] L. Nataraj, A. Sarkar, and B. S. Manjunath. Precise localization of key-points to identify local regions for robust data hiding. IEEE Int. Conf. Image Process. (ICIP), pages 3681– 3684, 2010. [100] M. Noorkam and R. M. Mersereau. Digital video watermarking in p-frames with controlled video bit-rate increase. IEEE Trans. Forens. Sec., 3(3):441–455, 2008. [101] M. Noorkami and R. M. Mersereau. A framework for robust watermarking of h.264- encoded video with controllable detection performance. IEEE Trans. Inform. Forens. Sec., 2(1):14–23, 2007. [102] J. Pan, H. Huang, and L. C. Jain. Intelligent watermarking techniques. World Scientific, 2004. [103] A. Papoulis and S. Unnikrishna Pillai. Probability, Random Variables, and Stochastic Processes. McGraw-Hill, 2002. [104] S. Pei and J. Chen. Robustness enhancement for noncentric quantization-based image watermarking. IEEE Trans. Circuits Syst. Video Technol., 16(12):1507–1518, 2006. [105] L. Perez-Freire and F. Perez-Gonzalez. Exploiting security holes in lattice data hiding. Proc. 9th Information Hiding Workshop, ser. Lect. Notes Comput. Sci., 4567:159–173, 2007. [106] L. Perez-Freire and F. Perez-Gonzalez. Security of lattice-based data hiding against the watermarked-only attack. IEEE Trans. Inform. Forensics Sec., 3(4):593–610, 2008. [107] L. Perez-Freire and F. Perez-Gonzalez. Spread-spectrum watermarking security. IEEE Trans. Inform. Forensics Sec., 4(1):2–24, 2009. [108] L. Perez-Freire, F. Perez-Gonzalez, T. Furon, and P. Comesana. Security of lattice-based data hiding against the known message attack. IEEE Trans. Inform. Forensics Sec., 1(4):421–439, 2006. 105 Bibliography [109] F. Perez-Gonzales, C. Mosquera, M. Barni, and A. Abrardo. Rational dither modulation: A high-rate data-hiding method robust to gain attacks. IEEE Trans. Signal Process., 53(10):3960–3975, 2005. [110] F. Perez-Gonzalez and J. R. Hernandez. A tutorial on digital watermarking. Proc. IEEE Annu. Carnahan Conf. Security Technol., pages 286–292, 1999. [111] F. A. P. Petitcolas, R. J. Anderson, and M. G. Kuhn. Attacks on copyright marking systems. Lecture Notes in Computer Science, 1525:218–238, 1998. [112] F. A. P. Petitcolas, R. J. Anderson, and M. G. Kuhn. Informatin hiding-a survey. Proc. IEEE, 87:1062–1078, 1999. [113] R. Petrovic, B. Tehranchi, and J. M. Winograd. Digital watermarking security considera- tions. Multimedia and Security, pages 152–157, 2006. [114] V. Q. Pham, T. Miyaki, T. Yamasaki, and K. Aizawa. Geometrically invariant object- based watermarking using sift feature. IEEE Int. Conf. Image Process. (ICIP), pages 473–476, 2007. [115] C. Pik, M. R. Lyu, and R.T. Chin. A novel scheme for hybrid digital video watermarking: approach, evaluation and experimentation. IEEE Trans. Circuits Syst. Video Technol., 15(12):1638–1649, 2005. [116] A. Piva, M. Barni, and F. Bartolini. Copyright protection of digital images by means of frequency domain watermarking. in Proc. SPIE Math. Data/Image Coding Compress. Encrypt., 3456:25–35, 1998. [117] L. Prez-Freire, P. Moulin, and F. Perez-Gonzalez. Security of spread spectrum based data hiding. Proc. Security, Steganography, Watermarking of Multimedia Contents IX, 6505, 2007. [118] R. L. Rivest. Cryptography. Elsevier, 1990. [119] A. Robert and J. Picard. On the use of masking models for image and audio watermarking. IEEE Trans. Multimedia, 7(4):727–739, 2005. [120] A. Sarkar, U. Madhow, and B. S. Manjunath. Matrix embedding with pseudorandom coefficient selection and error correction for robust and secure steganography. IEEE Trans. Inform. Forens. Sec., 5(2):225–239, 2010. [121] H. T. Sencar, S. Velastin, and N. Nikolaidis. Intelligent Multimedia Analysis for Security Applications. Springer, 2010. 106 Bibliography [122] J. S. Seo and C. D. Yoo. Image watermarking based on invariant regions of scale-space representation. IEEE Trans. Signal Process., 54(4):1537–1549, 2006. [123] C. E. Shannon. Communication theory of secrecy systems. Bell Syst. Tech J., 28:656–715, 1949. [124] F. Y. Shih. Digital watermarking and steganography: fundamentals and techniques. CRC Press, 2008. [125] P. Soo-Chang and Z. Yi-Chong. A novel image recovery algorithm for visible watermarked images. IEEE Trans. Inform. Forens. Sec., 1(4):543–550, 2006. [126] M. Steinebach, F. A. P. Petitcolas, F. Raynal, J. Dittmann, C. Fontaine, C. Seibel, N. Fates, and L. C. Ferri. Stirmark benchmark: audio watermarking attacks. Proc. Int. Conf. on Information Technology: Coding and Computing, pages 49–54, 2001. [127] J. K. Su, F. Hartung, and B. Girod. Digital watermarking of text, image, and video documents. Comput. Graph., 22(6):687–695, 1998. [128] K. Su, D. Kundur, and D. Hatzinakos. Statistical invisibility for collusion-resistant digital video watermarking. IEEE Trans. Multimedia, 7(1):43–51, 2005. [129] P. C. Su and Y. C. Chang. A geometrically resilient digital image watermarking scheme based on sift and extended template embedding. The Fourth International Conf. Evolving Internet, pages 102–107, 2012. [130] A. V. Subramanyam, S. Emmanuel, and M. S. Kankanhalli. Robust watermarking of compressed and encrypted jpeg2000 images. IEEE Trans. Multimedia, 14(3):703–716, 2012. [131] Q. Sun and S. Chang. A secure and robust digital signature scheme for jpeg2000 image authentication. IEEE Trans. Multimedia, 7(3):480–494, 2005. [132] R. Sun, H. Sun, and T. Yao. A svd and quantization based semi-fragile watermarking technique for image authentication. Proc. Signal Process., 2:1952–1955, 2002. [133] L. Sunil, C. D. Yoo, and T. Kalker. Reversible image watermarking based on integer-to- integer wavelet transform. IEEE Trans. Inform. Forens. Sec., 2(3):321–330, 2007. [134] A. Valizadeh and Z. J. Wang. A framework of multiplicative spread spectrum embedding for data hiding: performance, decoder and signature design. IEEE Global Communications Conf. (GLOBECOM), pages 1–6, 2009. 107 Bibliography [135] A. Valizadeh and Z. J. Wang. Minimum mean square error detector for multimessage spread spectrum embedding. IEEE Int. Conf. Image Process. (ICIP), pages 121–124, 2009. [136] A. Valizadeh and Z. J. Wang. Correlation-aware data hiding based on spread spectrum embedding. IEEE Int. Conf. Image Process. (ICIP), pages 205–208, 2010. [137] A. Valizadeh and Z. J. Wang. A host rejected spread spectrum embedding scheme for data hiding. IEEE Int. Conf. Acoustic Speech Signal Process. (ICASSP), pages 1750–1753, 2010. [138] A. Valizadeh and Z. J. Wang. Correlation-and-bit-aware spread spectrum embedding for data hiding. IEEE Trans. Inform. Forens. Sec., 6(2):267–282, 2011. [139] A. Valizadeh and Z. J. Wang. Improved multiplicative spread spectrum embedding for image data hiding. IEEE Int. Conf. Image Process. (ICIP), pages 2749–2752, 2011. [140] A. Valizadeh and Z. J. Wang. Efficient blind decoders for additive spread spectrum em- bedding based data hiding. EURASIP Journal on Advances in Signal Process., 2012(88), 2012. [141] A. Valizadeh and Z. J. Wang. An improved multiplicative spread spectrum embedding scheme for data hiding. IEEE Trans. Inform. Forens. Sec., 7(4):1127–1143, 2012. [142] A. Valizadeh and Z. J. Wang. Security of spread spectrum schemes for kma data hiding. to be submitted to IEEE Trans. Inform. Forens. Sec., 2012. [143] H. J. Wang and C. C. J. Kuo. Watermark design for embedded wavelet image codec. SPIE conf. on Applications of Digital Image Process., 3460:388–398, 1998. [144] X. Wang, W. Qi, and P. Niu. A new adaptive digital audio watermarking based on support vector regression. IEEE Trans. Audio Speech Lang. Process., 15(8):2270–2277, 2007. [145] X. Wang and H. Zhao. A novel synchronization invariant audio watermarking scheme based on dwt and dct. IEEE Trans. Audio Speech Lang. Process., 54(12):4835–4840, 2006. [146] Y. Wang and P. Moulin. Perfectly secure steganography: Capacity, error exponents, and code constructions. IEEE Trans. Inform. Theory, 54(6):2706–2722, 2008. [147] Y. Wang and A. Pearmain. Blind mpeg-2 video watermarking robust against geometric attacks: a set of approaches in dct domain. IEEE Trans. Image Process., 15(6):1536–1543, 2006. 108 Bibliography [148] Y. P. Wang, M. J. Chen, and P. Y. Cheng. Robust image watermark with wavelet transform and spread spectrum techniques. Signals Syst. Comput., 2:1846–1850, 2000. [149] L. Wen-Nung, T. C. Lin, and L. Chia-Wen. Enhancing video error resilience by using data-embedding techniques. IEEE Trans. Circuits Syst. Video Technol., 16(2):300–308, 2006. [150] S. Xiang and J. Huang. Histogram-based audio watermarking against time-scale modifi- cation and cropping attacks. IEEE Trans. Multimedia, 9(7):1357–1372, 2007. [151] Y. Xinge, D. Liang, C. Yiu-ming, and C. Qiuhui. A blind watermarking scheme using new nontensor product wavelet filter banks. IEEE Trans. Image Process., 19(12):3271–3248, 2010. [152] Y. Yang, X. Sun, H. Yang, C. Li, and R. Xiao. A contrast-sensitive reversible visible image watermarking technique. IEEE Trans. Circuits Syst. Video Technol., 19(5):656–667, 2009. [153] H. Yongjian and J. Byeungwoo. Reversible visible watermarking and lossless recovery of original images. IEEE Trans. Circuits Syst. Video Technol., 16(11):1423–1429, 2006. [154] H. Yuan and X. Zhang. Multiscale fragile watermarking based on the gaussian mixture model. IEEE Trans. Image Process., 15(10):3189–3200, 2006. [155] S. Zafeiriou, A. Tefas, and I. Pitas. Blind robust watermarking schemes for copyright protection of 3d mesh objects. IEEE Trans. Multimedia, 11(5):596–607, 2005. [156] F. Zhang, W. Liu, W. Lin, and K. Ngan. Spread spectrum image watermarking based on perceptual quality metric. IEEE Trans. Image Process., 20(11):3207–3218, 2011. [157] X. Zhang and S. Wang. Fragile watermarking with error-free restoration capability. IEEE Trans. Multimedia, 10(8):1490–1499, 2008. [158] D. Zheng, S. Wang, and J. Zhao. Rst invariant image watermarking algorithm with mathematical modeling and analysis of the watermarking processes. IEEE Trans. Image Process., 18(5):1055–1068, 2009. [159] J. Zhong and S. Huang. An enhanced multiplicative spread spectrum watermarking scheme. IEEE Trans. Circuits Syst. Video Technol., 16(12):1491–1506, 2006. [160] J. Zhong and S. Huang. Double-sided watermark embedding and detection. IEEE Trans. Inform. Forens. Sec., 2(4):645–654, 2007. 109 [161] D. Zou, Y. Q. Shi, N. Zhicheng, and S. Wei. A semi-fragile lossless digital watermarking scheme based on integer wavelet transform. IEEE Trans. Circuits Syst. Video Technol., 16(10):1294–1300, 2006. 110 Appendix A Corresponding Proofs for Chapter 2 A.1 Derivations for SS Analysis in the DFT Domain Referring to expression (2.8), assuming the independent and identical distribution of the coeffi- cients, we have the joint PDF of the host data as f(x) = exp { − N∑ i=1 ( |xi| ηi )γi} N∏ i=1 [( γi ηγii ) (|xi|)γi−1 u(xi) ] . (A.1) Based on the ML decoder structure (2.9), it decides b̂ = +1 if f(r|b = +1) f(r|b = −1) = exp { −∑Ni=1 ( |ri−siA|ηi )γi}∏N i=1 ( γi η γi i ) (|ri − siA|)γi−1u(ri − siA) exp { −∑Ni=1 ( |ri+siA|ηi )γi}∏N i=1 ( γi η γi i ) (|ri + siA|)γi−1u(ri + siA) > 1. (A.2) It is straightforward to see that the (A.2) leads to (2.12). In order to derive the error probability, first we show that the test statistic used for decoding could be modeled as Gaussian random variable. Taking logarithm from both sides of (2.12) leads to b̂ = sign{z}. Doing some manipulations on test statistic z when ri > A results z = N∑ i=1 [( |ri + siA| ηi )γi − ( |ri − siA| ηi )γi + (γi − 1) ln (∣∣∣∣ri − siAri + siA ∣∣∣∣ )] . (A.3) It is noted that the test statistic (A.3) is the sum of N random variables, which with the assumption of independent host signal samples and with the knowledge of signature codes, by employing the central limit theorem, it could be approximated as a normal random variable. Assuming that the signature code accepts values +1 and −1 with the equal probability, one could show that the conditional PDFs of the test statistic are approximately symmetric and expressed as fZ(z|b = +1) = N (mz, σ2z) and fZ(z|b = −1) = N (−mz, σ2z) where mz and σ2z represent the mean and the variance of the test statistic. Therefore, assuming the equal prior probability for the information bit, the probability of error can be expressed as (2.13) where erfc(x) = 2√ pi ∫∞ x e −t2dt is the complementary error function. Since the test statistic is symmetric 111 A.2. Derivations for ISS Analysis in the DFT Domain for different message bits, without loss of generality it is assumed that b = 1. Then, the mean and mean of the square of the test statistic (A.3) when b = +1, and with assuming equal probability for the signature code Pr{si = +1} = Pr{si = −1} = 1/2, are obtained as (2.14) and (2.15). A.2 Derivations for ISS Analysis in the DFT Domain In order to obtain the ML decoder, the conditional distribution of the received signal r should be exploited. To do so, it is straightforward to show that the distribution of the vector r regarding to (2.3) could be given by f(r) = 1 |M|fX(M −1(r− sAb)), (A.4) where M is defined as M = I− λssT . Exploiting the ML criterion (2.9) and Weibull distribution (2.8) lead to decoder which decides b̂ = +1 when the following inequality holds fR(r|b = +1) fR(r|b = −1) = exp { −∑Ni=1 ( |mi(r−sA)|ηi )γi}∏N i=1 [( γi η γi i ) (|mi(r− sA)|)γi−1 u(ri − siA+ λsisTx) ] exp{−∑Ni=1 ( |mi(r+sA)|ηi )γi}∏Ni=1 [( γiηγi i ) (|mi(r+ sA)|)γi−1 u(ri + siA+ λsisTx) ] > 1. (A.5) where mi is the ith row of M −1. It is straightforward to show that (A.5) results (2.18). In order to obtain the error probability, first by applying some simplifications, decoder (A.5) turns to b̂ = sign{z}. Then, the test statistic is expressed as follows z = N∑ i=1 [( |mi(r+ sA|) ηi )γi − ( |mi(r− sA)| ηi )γi + (γi − 1) ln (∣∣∣∣mi(r− sA)mi(r+ sA) ∣∣∣∣ )] . (A.6) Similar to the justification brought in Appendix A.1, the error probability could be expressed in the form of erfc function. Without loss of generality it is assumed that b = 1, and thus, it is straightforward to have the mean and mean of the square of the test statistic (A.6) as (2.19) and (2.20). A.3 Derivations for ISS Analysis in the DCT Domain For obtaining the optimal ML decoder, we should first obtain the PDF of the vector t defined in (2.4). To this end, the PDF of generalized Gaussian is rewritten in the following vector form f(x) = λ̄N∏N i=1 σxi exp { − [√ Γ(3c ) Γ(1c ) ]c ∥∥∥xTRx −12 ∥∥∥ c 2 ∥∥∥Rx−12 x∥∥∥ c 2 } , (A.7) 112 A.4. Derivations for LOD Analysis in the DCT Domain where λ̄ = c 2Γ(1c ) √ Γ(3c ) Γ(1c ) , (A.8) andRx = diag{σx21, σx22, . . . , σx2l }. In addition, we define ‖[a1, a2, . . . , aN ]‖c = [|a1|c , |a2|c , . . . , |aN |c]. Regarding to the ISS signal model (2.3), it is shown [103] that the PDF of t can be expressed as f(t) = λ̄N |M|∏Ni=1 σxi exp { − [√ Γ(3c ) Γ(1c ) ]c ∥∥∥tTM−1Rx−12 ∥∥∥ c 2 ∥∥∥Rx −12 M−1t∥∥∥ c 2 } . (A.9) Then, likelihood ratio for ISS (2.3) leads the decoder decides b̂ = +1 when f(r|b = +1) f(r|b = −1) = exp { − ∥∥∥(r− sA)TM−1Rx −12 ∥∥∥ c 2 ∥∥∥Rx−12 M−1(r− sA)∥∥∥ c 2 } exp { − ∥∥∥(r+ sA)TM−1Rx −12 ∥∥∥ c 2 ∥∥∥Rx−12 M−1(r+ sA)∥∥∥ c 2 } > 1. (A.10) Having accomplished some algebraic simplifications, the test statistic of the ML decoder for ISS embedding scheme is obtained as (2.23) A.4 Derivations for LOD Analysis in the DCT Domain To derive the LOD for ISS in the DCT domain, the test statistic (2.23) should be rewritten in a more tractable form. After some algebraic manipulations, we have the following form of the test statistic z = N∑ i=1 [∣∣∣∣µsi ∑ j 6=i sjrj + (1 + µ)ri + (Nµ+ 1)siA σxi ∣∣∣∣ c − ∣∣∣∣µsi ∑ j 6=i sjrj + (1 + µ)ri − (Nµ + 1)siA σxi ∣∣∣∣ c ] . (A.11) 113 A.4. Derivations for LOD Analysis in the DCT Domain Taking the derivative of above expression results z = N∑ i=1 [ c σcxi (Nµ+ 1)si ∣∣∣∣∣∣µsi ∑ j 6=i sjrj + (1 + µ)ri + (Nµ+ 1)siA ∣∣∣∣∣∣ (c−1) sign µsi ∑ j 6=i sjrj + (1 + µ)ri + (Nµ+ 1)siA ] + N∑ i=1 [ c σcxi (Nµ+ 1)si ∣∣∣∣∣∣µsi ∑ j 6=i sjrj + (1 + µ)ri − (Nµ+ 1)siA ∣∣∣∣∣∣ (c−1) sign µsi ∑ j 6=i sjrj + (1 + µ)ri − (Nµ+ 1)siA ]. (A.12) By replacing A = 0 into the (A.12) and regarding the Taylor series (2.26), the optimal decoder is obtained as (2.30). 114 Appendix B Corresponding Proofs for Chapter 3 B.1 Proof of Proposition 1 For CASS to have better decoding performance than that of SS, the error probability of the CASS scheme should always be smaller than that of SS. In other words, we should have Q ( N √ 2D −A21√ Nσ2x ) < Q ( N √ D√ Nσ2x ) . (B.1) Since Q(.) is a monotonic decreasing function, to satisfy aforementioned expression, we need to show that √ 2D −A21 > √ D. It is pretty straightforward to show that it requires 0 < A1 < √ D. From (3.15), it is obvious that this constraint is always satisfied. Therefore, it is concluded that the CASS always outperforms the SS scheme in decoding performance. B.2 Derivation of Optimal Decoder for CAISS Scheme The optimal decoder minimizing the error probability Pe = Pr{b̂ 6= b} is obtained by the maximum likelihood (ML) criterion. The ML estimate b̂ is expressed as b̂ = argmax b∈{±1} fR(r|b, s), (B.2) where fR(r|b, s) represents the conditional PDF of r given the bit message, amplitudes, and the signature code. Therefore, the decoder decides b̂ = +1 if fR(r|b = +1, s) > fR(r|b = −1, s). (B.3) It is clear that the conditional PDFs are needed to obtain the decision rule. Assuming that the host signal coefficients are Gaussian IIDs with zero-mean and variance σ2x, we can show that 115 B.2. Derivation of Optimal Decoder for CAISS Scheme the conditional PDFs regarding the CAISS embedding in (3.29) are in the following form fR(r|b = +1, s) = 1 2( √ 2piσ2x) N exp { −1 2σ2x (r− sA1)T (r− sA1) } + 1 2 |M| (√2piσ2x)N exp { −1 2σ2x (r− sA2)TM−2(r− sA2) } , (B.4) fR(r|b = −1, s) = 1 2( √ 2piσ2x) N exp { −1 2σ2x (r+ sA1) T (r+ sA1) } + 1 2 |M| (√2piσ2x)N exp { −1 2σ2x (r+ sA2) TM−2(r+ sA2) } , (B.5) where M = IN − λhssT , (B.6) and |.| denotes the determinant operator. By plugging the conditional PDFs (B.4) and (B.5) into the decoder in (B.3), with some calculations, we have that the decoder decides b̂ = +1 if exp { 2rT sA1 σ2x } + 1 |M| exp { rT (A1IN +A2M −2)s σ2x − r T (M−2 − IN )r 2σ2x − s T (A22M −2 −A21IN )s 2σ2x } > 1 + 1 |M| exp { rT (A1IN −A2M−2)s σ2x − r T (M−2 − IN )r 2σ2x − s T (A22M −2 −A21IN)s 2σ2x } .(B.7) Now, we want to show that if rT s is positive then the above inequality holds. If rT s > 0, then the first term in the left hand side of (B.7) would be larger than one. To show that the second term in the left side is larger than the second term in the right side of inequality (B.7), we need to prove that rT (A1IN +A2M −2)s > rT (A1IN −A2M−2)s. (B.8) With (B.6) and using Woodbury equation, we have M−2 = IN + βssT , (B.9) where β = α2N − 2η , η = 1 N − 1λh . (B.10) 116 B.3. Proof of Proposition 2 Therefore, with (B.9) and (B.10), now (B.8) becomes rT s[A1 +A2(1 + βN)] > r T s[A1 −A2(1 + βN)]. (B.11) To satisfy (B.11), the parameter (1 + βN) is required to always be positive. It is easy to show that (1 + βN) = (αN − 1)2 and thus is always positive. Therefore, the decoder decides b̂ = +1 when rT s > 0. Similarly, we can show that the decoder decides b̂ = −1 when rT s < 0. We thus conclude that the optimal decoder is the correlator defined in (3.1) with the test statistic z in (3.2). B.3 Proof of Proposition 2 To compare the proposed CAISS scheme with the ISS scheme, we recall that the error probability of the ISS [92] can be obtained as Pe−ISS = Q ( N √ D − λ2Nσ2x√ Nσ2x(1− λN)2 ) , (B.12) where λ = { 1 N , if D > σ2x N D σ2x , if D ≤ σ2xN . (B.13) To prove that the proposed CAISS provides a better decoding performance, referring to the error probabilities in (3.37) and (B.12), we should prove that D − λ2Nσ2x (1− λN)2 ≤ 2D −A21 − λ2hNσ2x (1− λhN)2 . (B.14) We can show that (B.14) can be equivalently expressed as g ≥ 0 where g = λ2(2DN2 −A21N2 +Nσ2x)− λ2h(Nσ2x +DN2) + λ(2A21N − 4DN) + 2λhDN +2λλhN 2σ2x(λh − λ) + (D −A21). (B.15) With λh in (3.38) and λ in (B.13), three cases may occur: the first one is when D ≤ σ 2 x+A 2 1N 2N ; the second one is when σ2x+A 2 1 N 2N < D ≤ σ 2 x N ; and the third one is when D > σ2x N . We now prove the inequality in (B.14) for each of the three cases. Case I: With D ≤ σ2x+A21N2N , referring to (3.38) and (B.13), we have λh = (2D −A21)/σ2x and λ = D/σ2x. So, we have g = 2N 2(D−A21)(D− A 2 1 N+σ2x 2N )(D− σ 2 x N ). Based on the assumption that 117 B.4. Proof of Proposition 3 D ≤ σ2x+A21N2N and the fact that 0 < A1 < √ D, it could be concluded that g ≥ 0 and thus the inequality in (B.14) holds for Case I. Case II: With σ2x+A 2 1 N 2N < D ≤ σ 2 x N , referring to (3.38) and (B.13), we have λh = 1/N and λ = D/σ2x. So, now g in (B.15) becomes g = 2N 2(D − σ2x+A21N2N )(D − σ 2 x N ) 2. Based on the assumption on D in this case, we can see that g ≥ 0 and thus the inequality (B.14) is hold for Case II. Case III: With D > σ 2 x N , referring to (3.38) and (B.13), we have λh = 1/N and λ = 1/N . It is straightforward to show that g = 0 for this case. Based on the above three cases, we can conclude that g ≥ 0 and thus the CAISS embedding scheme has better decoding performance than the ISS scheme. B.4 Proof of Proposition 3 To prove that IRIFCAISS−ISS < 1, referring to (3.45), it is equivalently to show that h ≥ 0 with h = λ2h(−DN2 + 2λN2σ2x −Nσ2x)− λh(2N2λ2σ2x + 2ND) + λ2σ2xN + 2N 2Dλ2 −N2A21λ2 +D − 4NDλ+ 2NA21λ+A21. (B.16) We need to prove h ≥ 0 for two cases as follows. Case I: In this case, it is assumed that D ≤ σ2+A21N2N and thus λh = 2D−A21 σ2 . We now can write h as h = −(D − σ 2 +A21N 2N )g(A1), (B.17) where g(A1) = A 2 1(4λN 2σ2 − 2DN2 − 2Nσ2) + 2λ2N2σ4 − 8DN2σ2λ+ 4D2N2 + 2DNσ2. (B.18) To prove h ≥ 0, it is equivalent to prove that g(A1) is positive. From (B.18), it is noticed that g(A1) is a quadratic function in the form of g(A1) = aA 2 1 + c. Therefore, to prove that g(A1) is positive, we need to show that both g(0) and g( √ D) are positive. For A1 = 0, we can write g(0) = f(λ) = 2λ2Nσ4 − 8DNσ2λ+ 4D2N + 2Dσ2. Since f(λ) is a quadratic convex function, to show that it is always positive, it is equivalent to prove that f(λ) has no real root. Referring to f(λ), we have ∆ = (4DNσ2)2 − 4(Nσ4)(2D2N + Dσ2) = 4DNσ4(2DN − σ2). Since it is assumed D ≤ σ2+A21N2N and A1 = 0, we have D < σ 2 2N . Therefore the discriminator ∆ is negative and consequently f(λ) and g(0) are positive. It is pretty straightforward to show that we have g( √ D) = 2(λNσ2−DN)2, which is positive always. Therefore we complete the proof that h ≥ 0 for Case I. 118 B.5. Proof of Proposition 4 Case II: D > σ2+A21N 2N is assumed for Case II and thus λh = 1 N . Therefore, referring to (3.45), we have h > 0 where h = (1− λN)2(2D −A21 − σ 2 N ). B.5 Proof of Proposition 4 In order to derive PIF, let denote M = NISS and N = NCAISS for simplicity. Assuming an equal error probability for the CAISS and ISS schemes, referring to (3.37) and (B.12), we have M(D − λ2Mσ2x) (1− λM)2 = N(2D −A21 − λ2hNσ2x) (1− λhN)2 . (B.19) The above expression can be rewritten as M2(−λ2σ2x + 2λhNλ2σ2x − 2NDλ2 +NA21λ2) + M(D +Dλ2hN 2 − 2λhND + 4NDλ− 2NA21λ− 2λλ2hN2σ2x)− 2ND +NA21 + λ2hN2σ2x = 0 (B.20) Two cases are proved here to complete the proof this proposition. Case I: λh = (2D−A21)/σ2x and λ = D/σ2x are assumed for Case I. Based on these assumptions and (B.20), we can have PIF as in (3.49) and thus PIFCAISS−ISS > 1. Case II: We have λh = 1/N for Case II. To have (B.20) still holds, λ should tend to be 1/M . Referring to (3.38) and (B.13), it could be seen that we should have M = (2−α)N which implies the PIF expression as in (3.49). B.6 Derivation of Optimal Decoder for CAISS Scheme in the Presence of Noise We can show that the PDF of the received signal model in Eqn. (3.50) has the following form fR(r|b = +1, s) = 1 2( √ 2piσ2x) N exp { −1 2σ2x (r− sA1)T (r− sA1) } + 1 2 √ (2piσ2x) N |Cy| exp {−1 2 (r− sA2)TC−1y (r− sA2) } , (B.21) 119 B.7. Derivation of Equation (3.52) fR(r|b = −1, s) = 1 2( √ 2piσ2x) N exp { −1 2σ2x (r+ sA1) T (r+ sA1) } + 1 2 √ (2piσ2x) N |Cy| exp {−1 2 (r+ sA2) TC−1y (r+ sA2) } , (B.22) where Cy = σ 2 nIN +M 2σ2x. (B.23) By plugging (B.21) and (B.22) into (B.3), we can show that the optimal decoder decides b̂ = +1 if rTC−1y s > 0. Referring to (B.23) and Woodbury equation, the aforementioned decision expression changes to (rT s)/((λhN − 1)2 + σ−2x σ2n) > 0. Since the denominator is positive, the decision rule becomes the correlator defined in (3.2). B.7 Derivation of Equation (3.52) We let v = w+ x where x = sTn and w = sTx, w > 0. It can be shown that the distribution of v could be obtained as fV (v) = B1 +B2 = ∫ ∞ 0 (2piNσ2n) −1 2 exp {−(v − y)2 2Nσ2n } (2piNσ2x) −1 2 exp { −y2 2Nσ2x } dy + ∫ 0 −∞ (2piNσ2n) −1 2 exp {−(v + y)2 2Nσ2n } (2piNσ2x) −1 2 exp { −y2 2Nσ2x } dy.(B.24) Because of the symmetric characteristics of the integrals B1 and B2, we have B1 = B2. We can show that B2 has the following form B2 = (4pi 2N2σ2nσ 2 x) −1 2 exp { −v2 2N(σ2n + σ 2 x) }∫ vσ2x σ2n+σ 2 x −∞ exp {−(σ2n + σ2x)t2 2Nσ2nσ 2 x } dt. (B.25) Using the definition of Q function and combining (B.24) and (B.25), we have the distribution of v as fV (v) = 2√ 2piN(σ2n + σ 2 x) exp { −v2 2N(σ2n + σ 2 x) }[ 1−Q( vσx σn √ N(σ2n + σ 2 x) ) ] . (B.26) Therefore, regarding the test statistic (B.25) and above expression, we have the conditional PDF fZ(z|sTx > 0, b = 1). 120 B.8. Derivation of Equation (3.56) B.8 Derivation of Equation (3.56) Referring to the distributions in (3.52)-(3.55) and the probability of error expressed in (3.11), we can calculate the bit error probability of CAISS in the presence of additional Gaussian noise as Pe−CAISS = ∫ −NA1 −∞ 1√ 2piN(σ2n + σ 2 x) exp { −z2 2N(σ2n + σ 2 x) }[ 1−Q( zσx σn √ N(σ2n + σ 2 x) ) ] dz + ∫ ∞ NA2 1√ 2piN(σ2n + σ 2 x(1− λhN)2) exp { −z2 2N(σ2n + σ 2 x(1− λhN)2) } × [ 1−Q( zσx(1− λhN) σn √ N(σ2n + σ 2 x(1− λhN)2) ) ] dz. (B.27) It should be noted that the second and the fourth terms of (3.11) are no longer zero and thus also contribute to decoding errors. The error probability could be rewritten in the following form Pe−CAISS = − ∫ −NA1 −∞ 1√ 2piN(σ2n + σ 2 x) exp { −z2 2N(σ2n + σ 2 x) } Q ( zσx σn √ N(σ2n + σ 2 x) ) dz + Q ( NA2√ N(σ2x(1− λhN)2 + σ2n) ) − ∫ ∞ NA2 1√ 2piN(σ2n + σ 2 x(1− λhN)2) exp { −z2 2N(σ2n + σ 2 x(1− λhN)2) } Q ( zσx(1− λhN) σn √ N(σ2n + σ 2 x(1− λhN)2) ) dz +Q ( NA1√ N(σ2x + σ 2 n) ) . (B.28) It is worth mentioning that the error probability in (B.28) does not have a closed form expression and should be calculated numerically. To simplify the calculation, an approximation for Q function can be used. Using the approximation in [56], we have the following Pe−CAISS ≈ Q ( NA1√ N(σ2x + σ 2 n) ) +Q ( NA2√ N(σ2x(1− λhN)2 + σ2n) ) − ∫ −NA1 −∞ 1√ 2piN(σ2n + σ 2 x) × exp { −z2 2N(σ2n + σ 2 x) }1− exp{ −z2σ2x 2σ2nN(σ 2 n + σ 2 x) } na∑ n=1 cn(−1)n−1 ( σx σn √ N(σ2n + σ 2 x) )n−1 zn−1 dz − ∫ ∞ NA2 1√ 2piN(σ2n + σ 2 x(1− λhN)2) exp { −z2 2N(σ2n + σ 2 x(1− λhN)2) } × exp { −z2σ2x(1− λhN)2 2σ2nN(σ 2 n + σ 2 x(1− λhN)2) } na∑ n=1 cn ( σx(1− λhN) σn √ N(σ2n + σ 2 x(1− λhN)2) )n−1 zn−1dz, (B.29) 121 B.8. Derivation of Equation (3.56) where cn = (−1)n+1(1.98)n 1.135 √ pi( √ 2)n+1n! . The parameter na determines the approximation accuracy, i.e., a higher value of na means a more accurate approximation of Q function. Without loss of generality, na is assumed to be odd and consequently the error probability in (B.29) has the closed form expression as (3.56). 122 Appendix C Corresponding Proofs for Chapter 4 C.1 Derivation of Error Probability of the MSS Embedding Scheme To obtain the error probability in (4.4) for the ML decoder (3.1), we can rewrite it in terms of the test statistic z as Pe−MSS = Pr{z < 0|b = +1}. To calculate the probability of error, the conditional PDF of z which causes error, i.e., fZ(z|b = +1, z < 0), can be derived as fZ(z|b = +1, z < 0) = 1 (1−A2)N/22N/2Γ2(N/4) exp { −z 2(1 +A)2 } ×∫ ∞ −z ( zy + y2 )N/4−1 exp {−y(1 +A2) (1−A2)2 } dy. (C.1) To find a closed form result for the above integral, for simplicity, we assume that N is a multiple of 4. Before calculating the integral expressed in (C.1), we provide two useful equations: ∫ ( τ2 − tτ)n exp(βτ)dτ = n∑ k=0 ( n k ) (−t)k ∫ τ2n−k exp(βτ)dτ, (C.2) ∫ τp exp(βτ)dτ = exp(βτ) p∑ i=0 (−1)iτp−i ( p i ) i!( 1 β )i+1, (C.3) where n and p are non-negative integers, and (C.2) can be obtained using the binomial formula. Using (C.2) and (C.3), we can rewrite (C.1) as fZ(z|b = +1, z < 0) = 1 (1−A2)N/22N/2Γ2(N/4) exp { −z 2(1 +A)2 } × M∑ k=0 [( M k ) zk exp { (1 +A2)z (1 −A2)2 }[2M−k∑ i=0 (−1)i−kz2M−k−i ( 2M − 1 i ) i! [ (1−A2)2 (1 +A2) ]i+1]] , (C.4) where M = N/4 − 1. 123 C.2. Derivation of Capacity of the MSS Embedding Scheme Based on the error probability expression and the above conditional PDF (C.4), we have Pe−MSS = ∫ 0 −∞ fZ(z|b = +1, z < 0)dz = 1 (1−A2)N/22N/2Γ2(N/4) × M∑ k=0 [( M k ) (−1)i−k [ 2M−k∑ i=0 ( 2M − k i ) i! [ (1−A2)2 (1 +A2) ]i+1 ( ∫ 0 −∞ z2M−i exp { z 2(1 −A)2 } dz) ]] .(C.5) In watermarking, it is more convenient to express the error probability in terms of the watermark-induced distortion rather than the watermark amplitude. The watermark-induced distortion is defined as D = E { ‖r− x‖2 } /N where E{.} means the expectation operator. To facilitate the further discussions, we also define the document to watermark ratio (DWR) as DWR = 10 log ( σ2x D ) . Since the power of the host signal is assumed to be one, in our case, we have DWR = -10 logD. For MSS in (4.1), since the host signal is assumed to have unit variance, the distortion for the MSS scheme equals to the square of the watermark amplitude, i.e., D = A2. Employing the equation (C.3), we can show that the probability of error for MSS, in terms of the distortion, is expressed as (4.11). C.2 Derivation of Capacity of the MSS Embedding Scheme Since the MSS scheme (4.1) assumes Gaussian distribution of the host signal, the watermarked signal follows the Gaussian distribution under reasonably high DWR. We can show that the power of each element ri is E{r2i } = (1 +D). Therefore we have the differential entropy as [26] h(r) = N 2 log2 (2pi exp{1}(1 +D)) . (C.6) Similarly, the conditional differential entropy could be written as h(r|b) = − ∑ b∈{−1,+1} P (b) ∫ fR(r|b) log(fR(r|b))dr, (C.7) where P (b) = 0.5. For MSS, we have fR(r|b) = 1|IN + SdAb|fX ( (IN + SdAb) −1r ) , (C.8) where |.| denotes the determinant operator. Substituting (C.8) into (C.7), we can have h(r|b) = N 2 log2 ((2pie)|1 −D|) . (C.9) 124 C.3. Derivation of Equation (4.24) Therefore, using expressions (C.6) and (C.9), we have the channel capacity for MSS embedding as (4.13). C.3 Derivation of Equation (4.24) Based on the definition of g(u) in (4.21), H(m,n, q, u) in (4.22) could be written as H(m,n, q, u) = d∑ k1=1 ... d∑ km=1 [ (−u)( ∑m i=1 ki) (∏km r=k1 ∏r−1 j=0( 1 2 − j)∏m i=1 ki! )(( xTSdx )p (xTx) l )] , (C.10) where the parameters p and l are defined as in (4.25). Since h(m,n, q, u) is defined as the expectation of H(m,n, q, u), we have h(m,n, q, u) = d∑ k1=1 ... d∑ km=1 [ (−u)( ∑m i=1 ki) (∏km r=k1 ∏r−1 j=0( 1 2 − j)∏m i=1 ki! ) E {( xTSdx )p (xTx)l }] , (C.11) Since the signature code s contains equal elements of +1 and -1, we have ( xTSdx )p = ∑ i∈Cp x2i − ∑ i∈Cn x2i p = p∑ k=0 (p k ) (−1)k ∑ i∈Cp x2i p−k(∑ i∈Cn x2i )k , (C.12) where the binomial formula has been used to obtain this equality. Therefore, we have E {( xTSdx )p (xTx)l } = p∑ k=0 ( p k ) (−1)kE ∑ i∈Cp x2i p−k(∑ i∈Cn x2i )k / ( N∑ i=1 x2i )l . (C.13) Since (∑ i∈Cp x 2 i ) and (∑ i∈Cn x 2 i ) follow chi-square distributions, it could be shown that(∑ i∈Cp x 2 i ) / (∑N i=1 x 2 i ) and (∑ i∈Cn x 2 i ) / (∑N i=1 x 2 i ) are independent of (∑N i=1 x 2 i ) . Thus, we have E (∑ i∈Cp x 2 i )p−k (∑ i∈Cn x 2 i )k (∑N i=1 x 2 i )l = E (∑ i∈Cp x 2 i∑N i=1 x 2 i )p−k(∑ i∈Cn x 2 i∑N i=1 x 2 i )k E ( N∑ i=1 x2i )p−l . (C.14) 125 C.3. Derivation of Equation (4.24) Also, based on the stated fact, we have E ∑ i∈Cp x2i p−k(∑ i∈Cn x2i )k = E (∑ i∈Cp x 2 i∑N i=1 x 2 i )p−k(∑ i∈Cn x 2 i∑N i=1 x 2 i )k E {( N∑ i=1 x2i )p} (C.15) Substituting (C.15) into (C.14) and using the fact that (∑ i∈Cp x 2 i ) and (∑ i∈Cn x 2 i ) are inde- pendent, we have E (∑ i∈Cp x 2 i )p−k (∑ i∈Cn x 2 i )k (∑N i=1 x 2 i )l = E {(∑ i∈Cp x 2 i )p−k} E {(∑ i∈Cn x 2 i )k} E {(∑N i=1 x 2 i )p−l} E {(∑N i=1 x 2 i )p} . (C.16) It is noted that right side of the equation (C.16) involves different moments of chi-square random variables where the mth moment of a chi-square random variable with N degrees of freedom is expressed as E {( N∑ i=1 x2i )m} = 2m Γ(m+N/2) Γ(N/2) . (C.17) Since (∑ i∈Cp x 2 i ) and (∑ i∈Cn x 2 i ) are chi-square random variables with N/2 degrees of freedom, equation (C.16) could be rewritten as E ∑ i∈Cp x2i p−k(∑ i∈Cn x2i )k / ( N∑ i=1 x2i )l = 2p−lΓ(p − k +N/4)Γ(k +N/4)Γ(p − l +N/2) Γ2(N/4)Γ(p +N/2) . (C.18) Substituting Equation (C.18) into Equation (C.13) yields E {( xTSdx )p / ( xTx )l} = p∑ k=0 [( p k ) (−1)k 2 p−lΓ(p− k +N/4)Γ(k +N/4)Γ(p − l +N/2) Γ2(N/4)Γ(p +N/2) ] .(C.19) Therefore, the expression of h(m,n, q, u) as in (4.24) can be finally proved by substituting (C.19) into (C.11). 126 C.4. Derivation of Equation (4.28) C.4 Derivation of Equation (4.28) We have the PDF of the multiplication of two random variables x and y, i.e., r = xy, where y is defined as in (4.27), as below [103] fR(r) = ∫ +∞ −∞ 1 |y|fX(r/y)fY (y)dy = 1 piσy ∫ +∞ 0 1 y exp {−r2 2y2 − (y −my) 2 2σ2y } dy, (C.20) where σ2y = h(2, 0, 0, λ) and my = 1 + siAb. Calculating the above integral directly does not provide us a closed form solution. Instead, the characteristic function [103] defined as φX(ω) = ∫ +∞ −∞ exp{jωx}fX(x)dx is employed. We can have the characteristic function of r as φR(ω) = ( 1/ √ 1 + ω2σ2y ) exp {−m2yω2/2(1 + ω2σ2y)2} . (C.21) Now employing the inverse relation in the form of fX(x) = 1/(2pi) ∫ +∞ −∞ exp{−jωx}φX (ω)dω, we can express the PDF of r as fR(r) = 1√ piσ2y exp { −m2y 2σ2y } ∞∑ n=0 1 n!Γ(n+ 1/2) ( m2y|r| 4σ3y )n Kn |r|√ σ2y . (C.22) where Kn(.) denotes the modified Bessel function of second kind. Since the coefficients of the watermarked signal r are assumed IID, the numbers of +1 and -1 in the signature code are assumed equal, based on the expressed PDF of (C.22), the PDF of the watermarked vector r can be expressed as in (4.28). C.5 Derivation of Error Probability of the IMSS Embedding Scheme Assuming the skew normal distribution (4.34) for z given the message bits in (4.15), we have the error probability of IMSS as Pe−IMSS = ∫ 0 −∞ fZ(z|b = +1)dz = Q ( ζ ω ) − 2T (−ζ ω , α ) , (C.23) where T (., .) represents the Owen’s T function defined as T (h, a) = 1 2pi ∫ a 0 exp { −h2 2 (1 + x 2) } 1 + x2 dx. (C.24) 127 C.5. Derivation of Error Probability of the IMSS Embedding Scheme Using exp(x) = ∑∞ n=0 xn n! for the exponential function and the binomial theorem, and with some algebraic simplifications, we can rewrite the expression (C.24) as T (h, a) = 1 2pi tan−1 a+ 1 2pi ∞∑ n=1 [ 1 n! (−h2 2 )n n−1∑ k=0 ( n− 1 k ) a2k+1 2k + 1 ] . (C.25) Therefore, we have the bit error probability as (4.35). By applying the method of moments, we have the following closed-form expressions for the desired parameters as [4] ω = √√√√Pinf (λ̂) + Pint(λ̂) + 4h(3, 0, 2, λ̂)A− 4A2 (h(1, 0, 1, λ̂) +N)2 1− 2δ2/pi , (C.26) ζ = 2A ( h(1, 0, 1, λ̂) +N ) − ωδ √ 2/pi , α = δ√ 1− δ2 (C.27) where δ = sign{γ} √ pi|γ|2/3 2|γ|2/3 + 2((4 − pi)/2)2/3 . (C.28) The parameter γ denotes the skewness of the test statistic and could be obtained as follows. The skewness for the case of b = +1 is defined as γ = (E { z3|b = +1}− 3µσ2 − µ3)/σ3 where µ and σ2, the mean and variance of the test statistic z in (4.15) when b = +1, can be expressed as µ = 2A ( h(1, 0, 1, λ̂ ) +N) + h(2, 0, 1, λ̂) + 2h(1, 1, 0, λ̂) , σ2 = P̂inf (λ̂) + P̂int(λ̂)− µ2.(C.29) To calculate the expression of γ, based on (4.15), we first approximate E { z3|b = +1} as E { z3|b = +1} = 8A3 [h(3, 0, 3, λ̂) + 8Γ(3 +N/2)/Γ(N/2) + 3h(2, 1, 2, λ̂) + 3h(1, 2, 1, λ̂)]+ 6A [ (1 +A2)2h(1, 0, 3, λ̂) + h(5, 0, 3, λ̂) + 2(1 +A2)h(3, 0, 3, λ̂) + 8h(3, 2, 1, λ̂) + 6(1 +A2)h(2, 1, 2, λ̂) + 5h(4, 1, 2, λ̂) + 4h(2, 3, 0, λ̂) + 4(1 +A2)h(1, 2, 1, λ̂) ] . (C.30) Thus, the skewness can be obtained by using the expression for γ and equations (C.29) and (C.30). 128 C.6. Derivation of Error Probability of the MSS Scheme in the Presence of Noise C.6 Derivation of Error Probability of the MSS Scheme in the Presence of Noise The distribution of the test statistic of the MSS in the presence of additional noise and regarding to expressions (4.37) is in the form of (4.9). Similar to the derivation in Appendix C.1, we have the conditional PDF fZ(z|b = +1, z < 0) = 1 [(1−A2)2 + 2σ2n(1 +A2) + σ4n]N/4 2N/2Γ2(N/4) exp { −z 2[(1 +A)2 + σ2n] } × n∑ k=0 [ ( n k ) zk exp { ( 1 +A2 + σ2n ) z [(1−A2)2 + 2σ2n(1 +A2) + σ4n] } × 2n−k∑ i=0 (−1)i−kz2n−k−i ( 2n− k i ) i! ([ (1−A2)2 + 2σ2n(1 +A2) + σ4n ] (1 +A2 + σ2n) )i+1]. (C.31) Based on the above conditional PDF of z and by applying expressions (C.2)-(C.3), similar to Appendix C.1, the error probability is expressed in the form of (4.38). 129 Appendix D Corresponding Proofs for Chapter 5 D.1 Derivation of Upper Bound of Information Leakage for ISS Scheme In order to calculate the mutual information (5.8), two terms h(Y|b) and h(Y|b, s) need to be computed. The distribution of the observations when the message bits are known is not Gaussian, therefore, the differential entropy is bounded by [26] h(Y|b)ISS ≤ 1 2 log ( (2pie)NN0 |C(Y|b)|) , (D.1) where C(Y|b) means the covariance matrix of the observations given the embedded message bits b. To obtain the mentioned covariance matrix, we revisit the ISS embedding scheme (5.2) by defining ym = [y1m, y2m, ..., yNm] T and xm = [x1m, x2m, ..., xNm] T , where yij = (1− λ)xij − λsi N∑ k=1,k 6=i skxkj + siAbj , i = 1, 2, ..., N , j = 1, 2, ..., N0 . (D.2) We thus have E{y2ii} − E2{yii} = (1− λ)2σ2x + λ2(N − 1)σ2x +A2, E{yijyik} − E{yij}E{yik} = A2bjbk , j 6= k, E{yijykl} − E{yij}E{ykl} = 0 , i 6= k. (D.3) Therefore, C(Y|b) has the block diagonal structure in the following form C(Y|b) = F 0 · · · 0 0 F · · · 0 ... ... . . . ... 0 0 · · · F , (D.4) 130 D.1. Derivation of Upper Bound of Information Leakage for ISS Scheme where the N0 ×N0 matrix F is defined as F = [(1− λ)2σ2x + λ2(N − 1)σ2x]I+A2bbT , (D.5) where I means the N0 ×N0 identity matrix. Based on the covariance matrix in (D.4) and F in (D.5), we can have the determinant of C as [41]: |C(Y|b)| = ( 1 + N0A 2 [(1− λ)2 + (N − 1)λ2]σ2x )N ( [(1− λ)2 + (N − 1)λ2]σ2x )N0N . (D.6) We now calculate the second item h(Y|b, s). For ISS, when both the embedded message and the signature code are given, the observations follow the independent and identical Gaussian distribution. Thus, the differential entropy of the observations given the embedded message and the signature code can be expressed as: h(Y|b, s)ISS = 1 2 log ( (2pie)NN0 |C(Y|b, s)|) , (D.7) We need to compute the covariance of the observations given b and s. Referring to the ISS embedding scheme (D.2) and given a particular realization, we have the following observations E{y2ii} − E2{yii} = (1− λ)2σ2x + λ2(N − 1)σ2x, E{yijyik} − E{yij}E{yik} = 0 , j 6= k, E{yijykl} − E{yij}E{ykl} = 0 , i 6= k, j 6= l, E{yijykj} − E{yij}E{ykj} = λσ2x(λN − 2)siskbibk , i 6= k. (D.8) Therefore, C(Y|b, s) has the same block diagonal structure as in (D.4), with the difference that F is now a N ×N matrix defined as F = σ2xI+ λσ 2 x(λN − 2)(b ⊙ s)(b⊙ s)T (D.9) where ⊙ denotes the element by element product of two vectors. It is straightforward to show that the determinant of the covariance matrix C(Y|b, s) can be expressed as |C(Y|b, s)| = (σ2Nx (1− λN)2)N0 . (D.10) Using the above obtained determinants of the covariance matrices as in (D.6) and (D.10), and referring to the differential entropy definitions in (D.1) and (D.7), we can derive the upper bound of mutual information for ISS as in Eqn. (5.10). 131 D.2. Derivation of Upper Bound of Information Leakage for CAISS Scheme Under KMCA D.2 Derivation of Upper Bound of Information Leakage for CAISS Scheme Under KMCA To calculate the mutual information for CAISS under the KMCA scenario (5.12), we need to compute the entropies h(Y|b,g) and h(Y|b,g, s). According to the CASS (5.4) and CAISS (5.5) embedding schemes, one could observe that having the signature code (s) and the correlation information (g) imply that the x lies in half space. For more clarification, we rewrite the CAISS embedding scheme in the following form yij = yij1 = xij + siA1 if s Txj ≥ 0, bj = +1, yij2 = (1− λh)xij − λhsi ∑N k=1,k 6=i skxkj − siA2 if sTxj ≥ 0, bj = −1, yij3 = xij − siA1 if sTxj < 0, bj = −1, yij4 = (1− λh)xij − λhsi ∑N k=1,k 6=i skxkj + siA2 if s Txj < 0, bj = +1, (D.11) where i = 1, 2, ..., N and j = 1, 2, ..., N0 . When the signature code, message bits, and the correlation information are known, the observations are independent. Without loss of generality, we assume that bj = 1 and gj = 1. Having signature code and correlation information lead to the fact that xj lies in the half space. In other words, the distribution of the observation yj under the aforementioned conditions is as f(yj|bj = 1, gj = 1, s) = 2N (0N , σ2xIN )I(sTxj > 0) where I(sTxj > 0) returns one when xj lies on the corresponding half space, i.e., s Txj > 0, and returns zero otherwise. Since we have assumed that the host signal follows Gaussian distribution, we could conclude that the random variable yij given b, g, and s follows half Gaussian. The point that should be taken into account is that if x follows the Gaussian distribution with covariance matrix C, then the corresponding half normal random vector y has the entropy of h(y) = 0.5 log((2pie)N |C|)− log(2). According to the CAISS embedding scheme (D.11), when b, s, and g are known, the obser- vations are uncorrelated and we have the following statistics E{yij1ykl1} − E{yij1}E{ykl1} = 0 , i 6= k, E{yij1ykl4} − E{yij1}E{ykl4} = 0 , i 6= k, j 6= l, E{yij1yik1} − E{yij1}E{yik1} = 0 , j 6= k, 132 D.2. Derivation of Upper Bound of Information Leakage for CAISS Scheme Under KMCA E{yij4yik4} − E{yij4}E{yik4} = 0 , j 6= k, E{yij1yik4} − E{yij1}E{yik4} = 0 , j 6= k, E{yij4ykj4} − E{yij4}E{ykj4} = λhσ2x(λhN − 2)sisk , i 6= k, E{y2ii1} − E2{yii1} = σ2x, E{y2ii4} − E2{yii4} = (1− λh)2σ2x + λ2h(N − 1)σ2x. (D.12) We define q as the number of observations which satisfying b = 1 and g = −1. From (D.12), we can see that the vector observations are uncorrelated and the covariance matrix C(Y|b,g, s) is in the form of (D.4) with the N ×N matrix F. Thus, when q = 0 and q = N0, we have F=σ2xI and F=σ2xI+ σ 2 xλh(λhN − 2)ssT , respectively. Without loss of generality, we assume that b1 = 1 and therefore, based on the independent half Gaussian observations, h(Y|b,g, s) could be expressed as h(Y|b,g, s)CAISS = N0h(y1|b1, g1, s) = N0 2 [h(y1|b1 = 1, g1 = 1, s) + h(y1|b1 = 1, g1 = −1, s)] = N0 4 log ( (2pieσ2x) N ) + N0 4 log ( (2pieσ2x) N (1− λhN)2 )−N0 log(2) = N0 2 log ( (2pieσ2x) N (1− λhN) )−N0 log(2). (D.13) It should be mention that the term log(2) in above entropy is due to the effect of the half Gaussian distribution of the observations when message bits, signature code, and the correlation information are known. To complete the security analysis of the KMCA scenario, we also need to obtain h(Y|b,g). 133 D.2. Derivation of Upper Bound of Information Leakage for CAISS Scheme Under KMCA When the message bits and the correlations are known, we can have the following statistics: E{yij1ykl1} − E{yij1}E{ykl1} = 0 , i 6= k E{yij1ykl4} − E{yij1}E{ykl4} = 0 , i 6= k E{yij1yik1} − E{yij1}E{yik1} = A21bjbk , j 6= k E{yij4yik4} − E{yij4}E{yik4} = A22bjbk , j 6= k E{yij1yik4} − E{yij1}E{yik4} = A1A2bjbk , j 6= k E{y2ii1} − E2{yii1} = σ2x +A21, E{y2ii4} − E2{yii4} = (1− λh)2σ2x + λ2h(N − 1)σ2x +A22. (D.14) The entropy h(Y|b,g) could be expressed as h(Y|b,g)CAISS = ∑ i h(Y|q = i)p(q = i), (D.15) where q is the number of observations which satisfying b = 1 and g = −1 and follows the binomial distribution as p(q = i) = 0.5N0 ( N0 i ) . It is known that h(Y|q = i) depends on C(Y|q = i), which has the block diagonal structure presented in (D.4) with F being a N0×N0 matrix. When q = 0 the matrix F is in the form of F = σ2xI + A 2 1bb T , and when q = N0 the matrix has the form F = σ2x(1 − 2λh + λ2hN)I + A22bbT . When q 6= 0 and q 6= N0, the matrix F has the following structure F = diag{σ2x, ..., σ2x, (1− λh)2σ2x + λ2h(N − 1)σ2x, ..., (1 − λh)2σ2x + λ2h(N − 1)σ2x}+ [ F11 F12 F12 F22 ] ,(D.16) where diag{.} represents the diagonal matrix with the first N0 − i elements being σ2x and the rest being (1−λh)2σ2x+λ2h(N − 1)σ2x. Moreover, the elements of matrices F11, F12, and F22 are as F ij 11 = A 2 1bibj , F ij 12 = A1A2bibj , F ij 22 = A 2 2bibj . (D.17) When q = 0 and q = N0, the determinants of the matrix F are σ 2N0 x (1+ N0A21 σ2x ) and σ2N0x (1−2λh+ λ2hN) N0(1 + N0A22 σ2x(1−2λh+λ2hN) ), respectively. When q = k (k 6= 0 and k 6= N0), the determinant of F is equal to σ2N0x (1− 2λh + λ2hN)k(1 + 1σ2x ( kA2 2 1−2λh+λ2hN + (N0 − k)A21)). Since C(Y|q = i) is in the form of (D.4) with the N0 ×N0 matrix F, h(Y|q = i) is bounded 134 D.3. Derivation of Upper Bound of Information Leakage for CAISS Scheme Under KMA as h(Y|q = i) ≤ 0.5 log((2pie)NN0 |C(Y|q = i)|). Therefore, according to (D.15) and the above analysis, we have h(Y|b,g)CAISS ≤ N 2 ( 1 2 )N0 N0∑ i=0 log ( (2pieσ2x) N0(1− 2λh + λ2hN)i [ 1 + 1 σ2x ( i(D(2 − α)− λ2hNσ2x) 1− 2λh + λ2hN + (N0 − i)αD )])( N0 i ) (D.18) Substituting (D.18) and (D.13) into (5.12) leads to (5.13), as the upper bound for information leakage of the CAISS scheme under the KMCA scenario. D.3 Derivation of Upper Bound of Information Leakage for CAISS Scheme Under KMA In order to calculate the information leakage of the CAISS scheme under the KMA scenario, we need to compute the entropies h(Y|b) and h(Y|b, s). When the message bits and the signature code are available, the observations are independent which leads to h(Y|b, s) = N0h(y1|b1, s). Entropy h(y1|b1, s) depends on the f(y1|b1 = 1, s) which without loss of generality it has been assumed that message bit is equal to 1. According to (D.11), the distribution f(y1|b1 = 1, s) could be written as f(y1|b1 = 1, s) = fpI(xT s > 0) + fnI(xT s < 0), (D.19) where I(xT s > 0) and I(xT s < 0) return one when x satisfy xT s > 0 and xT s < 0, respectively, and return zero otherwise. In addition, here, we have fp = f(y1|b1 = 1, g1 = 1, s) and fn = f(y1|b1 = 1, g1 = −1, s). According to (D.19), since fp and fn are defined in complement spaces, it is straightforward to show that h(Y|b, s) could be expressed as h(y|b, s)CAISS = N0[− ∫ xT s>0 fp log(fp)dx − ∫ xT s<0 fn log(fn)dx] = N0 4 log ( (2pieσ2x) N ) + N0 4 log ( (2pieσ2x) N (1− λhN)2 ) = N0 2 log ( (2pieσ2x) N (1− λhN) ) , (D.20) where we have used F=σ2xI and F=σ 2 xI+ σ 2 xλh(λhN − 2)ssT to obtain the entropies. The entropy h(Y|b)CAISS is bounded as h(Y|b)CAISS ≤ 0.5 log((2pie)NN0 |C(Y|b)|). When 135 D.4. Derivation of Inequality (5.17) the message bits are known, regarding to (D.14), we can have the following statistics E{yijykl} − E{yij}E{ykl} = 0 , i 6= k E{yijyik} − E{yij}E{yik} = 1 4 (A21 +A 2 2 + 2A1A2)bjbk , j 6= k E{y2ii} − E2{yii} = σ2x 2 (2− 2λh + λ2hN) + 1 2 (A21 +A 2 2). (D.21) Thus, C(Y|b) is in the form of (D.4) with the N0 ×N0 matrix F where F = [ σ2x 2 (2− 2λh + λ2hN) + 1 4 (A1 −A2)2 ] I+ 1 4 (A1 +A2) 2bbT . (D.22) Therefore, according to above results, we have the following entropy for CAISS scheme as h(Y|b)CAISS ≤ N 2 log (2pie)N0 [ σ2x 2 (2− 2λh + λ2hN) + 1 4 (√ αD − √ D(2− α)− λ2hNσ2x )2]N0+ N 2 log 1 + N0 4 [√ αD − √ D(2− α) + λ2hNσ2x ]2 σ2x 2 (2− 2λh + λ2hN) + 14 [√ αD − √ D(2− α)− λ2hNσ2x ]2 (D.23) Substituting (D.20) and (D.23) into (5.8) leads to upper bound of information leakage of CAISS scheme under KMA scenario as (5.15). D.4 Derivation of Inequality (5.17) Based on the definition of the mutual information for I(Y; s|b), it is straightforward to show that the mutual information of CAISS under KMA can be expressed as: I(Y; s|b)CAISS = h(Y|b)CAISS − h(Y|b, s)CAISS = [h(Y|b)CAISS − h(Y|b,g, s)CAISS ]− [h(Y|b, s)CAISS − h(Y|b,g, s)CAISS ] = I(Y;g, s|b)CAISS − I(Y;g|b, s)CAISS = I(Y; s|b,g)CAISS + I(Y;g|b)CAISS − I(Y;g|b, s)CAISS , (D.24) where the third equality comes from the definition of the mutual information and the fourth one comes from the chain rule of mutual information. In order to show that the mutual information of CAISS under KMA is less than that of 136 D.5. Derivation of Upper Bound of Information Leakage for MSS Scheme Under KMA KMCA, using the independence between the embedded message and the sign of the correla- tions between the host signal and the signature code leads to h(g|b)CAISS − h(g|b, s)CAISS = h(g)CAISS−h(g|s)CAISS . Since the host signal (xi) follows Gaussian distribution, then h(g|s) = N0h(g1|s) = N0 log(2). On the other hand, the probability mass function of the sign of the correlations (g) is expressed as p(g = gi) = (0.5) N0 which leads to entropy h(g) as h(g) = −∑2N0i=1 (12 )N0 log((12 )N0) = N0 log(2). Hence, we have h(g|b)CAISS −h(g|b, s)CAISS = 0 which results the information leakage difference as I(Y; s|b,g)CAISS − I(Y; s|b)CAISS = I(Y;g|b, s)CAISS − I(Y;g|b)CAISS = h(g|b, s)CAISS − h(g|b, s,Y)CAISS − h(g|b)CAISS + h(g|b,Y)CAISS = I(g; s|b,Y)CAISS .(D.25) We have used the above point that the difference of the entropies of h(g|b)CAISS and h(g|b, s)CAISS is zero. It is clear that the difference of the information leakage under the KMA and KMCA scenarios is in the form of a mutual information. Since any mutual information is non-negative, the above difference is always non-negative. As a result, the inequality (5.17) holds meaning that information leakage under KMCA is always greater than the information leakage under KMA for the CAISS embedding scheme. D.5 Derivation of Upper Bound of Information Leakage for MSS Scheme Under KMA In order to calculate the information leakage for the MSS scheme (5.7) under KMA, we rewrite MSS embedding as yij = xij(1 + siAbj) , i = 1, 2, ..., N , j = 1, 2, ..., N0. (D.26) We first compute the differential entropy h(Y|b)MSS . Based on MSS embedding(D.26), the observations have the following statistics E{yijykl} − E{yij}E{ykl} = 0 , i 6= k, E{y2ii} − E{yii}E{yii} = σ2x(1 +A2). (D.27) Therefore, we have h(Y|b)MSS ≤ 1 2 log ( (2pieσ2x) NN0(1 +D/σ2x) NN0 ) . (D.28) For MSS embedding (5.7), the observations are independent and follow identical Gaussian 137 D.6. Derivation of Estimator (5.20) distributions when the embedded message and the signature code are known. Without loss of generality, we assume that the embedded message bit is 1, and thus we have h(Y|b, s)MSS = N0 2 log ((2pie) |C(y1|b1 = 1, s)|) . (D.29) When the embedded messages and the signature code are fully known, we could use h(BX) = h(X) + log(|B|) where B = I+ SdA for the MSS scheme. Since the numbers of +1 and -1 in the signature code are equal, the determinant of B is |B| = |1−A2|N/2. Therefore, we have the conditional differential entropy h(Y|b, s)MSS = N0 2 log ( (2pieσ2x) N ∣∣1−D/σ2x∣∣N) . (D.30) Finally, using (D.28) and (D.30), we can have the upper bound of information leakage of the MSS scheme under KMA as described in (5.11). D.6 Derivation of Estimator (5.20) For the MSS embedding scheme (5.7), the distribution of the watermarked signals conveying the message bits using sj is as below f(y|b, sj) = 1√ (2piσ2x) N0 N0∏ i=1 ( 1 1 + sjAbi ) exp { N0∑ i=1 −y2ji 2σ2x(1 + sjAbi) 2 } , (D.31) where y = [yj1, ..., yjN0 ] is the jth element of the observations. The ML estimator of the jth element of the signature code can be obtained by maximizing the PDF f(y|b, sj). By taking the derivative of (D.31) with respect to sj and letting it to be zero, we can obtain the ML estimator of sj as ŝj = sign { 1 σ2x bT (y ⊙ y) − (1 +A2)bT1 } . (D.32) It is straightforward to show that this result leads to the ML estimator of the signature code in the form of (5.20). 138
- Library Home /
- Search Collections /
- Open Collections /
- Browse Collections /
- UBC Theses and Dissertations /
- Improved spread spectrum schemes for data hiding and...
Open Collections
UBC Theses and Dissertations
Featured Collection
UBC Theses and Dissertations
Improved spread spectrum schemes for data hiding and their security analysis under known message attack Valizadeh, Amir 2013
pdf
Page Metadata
Item Metadata
Title | Improved spread spectrum schemes for data hiding and their security analysis under known message attack |
Creator |
Valizadeh, Amir |
Publisher | University of British Columbia |
Date Issued | 2013 |
Description | The massive production and easy use of digital media pose new challenges on protecting intellectual property of digital media. Digital data hiding, which can be defined as the procedure of embedding information into an original media host signal, is a promising technique for digital intellectual property protection. A data hiding system generally contains two major components: the encoder for embedding the hidden information and the decoder for extracting the hidden information. This thesis focuses on spread spectrum (SS) watermarking schemes for data hiding. Watermarking techniques for data hiding can be broadly categorized into two classes: quantization index modulation (QIM) based and spread spectrum based approaches. Being robust against distortions and having simple decoder structure make SS attractive for data hiding. First, we investigate the decoding performance of the traditional SS schemes in the DCT and DFT domains. To obtain more practical decoders, we propose using suboptimal decoders which do not need side information. Secondly, since the interference effect of the host signal causes decoding performance degradation in the additive SS scheme, to remove this host effect efficiently, we propose the correlation-and-bit-aware concept for data hiding by exploiting the side information at the encoder side and propose two improved SS-based schemes, the correlation-aware SS (CASS) and the correlation-aware improved SS (CAISS) embedding schemes. Thirdly, we analyze the decoding error probability and capacity of the multiplicative spread spectrum (MSS) embedding scheme, and show that the content-based MSS still suffers from the interference effect of the host signal. We then propose an improved MSS-based scheme by efficiently removing the host interference effect. Lastly, we present the security analysis of the SS-based data hiding schemes under the Known Message Attack (KMA) scenario. Each data hiding scheme has some secret parameters and here the security of a data hiding scheme represents the difficulty of estimating the secret parameters. We employ the mutual information between the observations and the secret parameters as a security measure. Also some practical estimators for estimating the signature code are introduced and their performances are reported to illustrate the security results. |
Genre |
Thesis/Dissertation |
Type |
Text |
Language | eng |
Date Available | 2013-04-30 |
Provider | Vancouver : University of British Columbia Library |
Rights | Attribution-NonCommercial-NoDerivatives 4.0 International |
DOI | 10.14288/1.0073813 |
URI | http://hdl.handle.net/2429/44390 |
Degree |
Doctor of Philosophy - PhD |
Program |
Electrical and Computer Engineering |
Affiliation |
Applied Science, Faculty of Electrical and Computer Engineering, Department of |
Degree Grantor | University of British Columbia |
GraduationDate | 2013-11 |
Campus |
UBCV |
Scholarly Level | Graduate |
Rights URI | http://creativecommons.org/licenses/by-nc-nd/4.0/ |
AggregatedSourceRepository | DSpace |
Download
- Media
- 24-ubc_2013_fall_valizadeh_amir.pdf [ 1.17MB ]
- Metadata
- JSON: 24-1.0073813.json
- JSON-LD: 24-1.0073813-ld.json
- RDF/XML (Pretty): 24-1.0073813-rdf.xml
- RDF/JSON: 24-1.0073813-rdf.json
- Turtle: 24-1.0073813-turtle.txt
- N-Triples: 24-1.0073813-rdf-ntriples.txt
- Original Record: 24-1.0073813-source.json
- Full Text
- 24-1.0073813-fulltext.txt
- Citation
- 24-1.0073813.ris
Full Text
Cite
Citation Scheme:
Usage Statistics
Share
Embed
Customize your widget with the following options, then copy and paste the code below into the HTML
of your page to embed this item in your website.
<div id="ubcOpenCollectionsWidgetDisplay">
<script id="ubcOpenCollectionsWidget"
src="{[{embed.src}]}"
data-item="{[{embed.item}]}"
data-collection="{[{embed.collection}]}"
data-metadata="{[{embed.showMetadata}]}"
data-width="{[{embed.width}]}"
async >
</script>
</div>
Our image viewer uses the IIIF 2.0 standard.
To load this item in other compatible viewers, use this url:
https://iiif.library.ubc.ca/presentation/dsp.24.1-0073813/manifest