1. Field of the Invention
The present invention relates to the field of digital image tamper detection. More particularly, the invention deals with a system and method of digital image tamper detection that can effectively detect image manipulations and their locations within the image but is tolerant of the effects of low-level image compression and additive channel noise, i.e., a semi-fragile technique.
2. Description of Related Art
Image tamper detection techniques are well known in the art as a method used to detect modification of an image from its original state.
A range of tamper detection techniques has been described, varying in degree from fragile techniques, that can detect the most minute alterations of an image, to more robust techniques, that are tolerant of significant modifications of an image. Semi-fragile techniques lie between these extremes and are capable of detecting significant modifications while, at the same time, tolerating minor alterations, such as those induced by low levels of lossy compression or channel noise.
Approaches to semi-fragile tamper detection have been proposed in the literature, all of which employ some variation of an extracted image signature. The concept of semi-fragile tamper detection is described by M. Schneider and S. Chang, Proceedings of the IEEE International Conference on Image Processing, pages 227-230, Lausanne, Switzerland, September 1996. Schneider and Chang proposed a semi-fragile technique of tamper detection that extracts a content-based signature of the image as intensity histograms from blocks of image pixels. This content-based signature is then embedded within the original image using any one of a variety of known watermarking techniques. This technique is robust to a certain level of lossy image compression.
Another scheme for semi-fragile tamper detection is described by L. Xie and G. Arce in xe2x80x9cA Watermark for Digital Images,xe2x80x9d Proceedings of the IEEE International Conference on Image Processing, Chicago, Ill., October 1998. Xie and Arce describe a scheme of embedding edge information extracted from the original image within the low-order coefficients of a wavelet transform.
S. Bhattacharjee and M. Kutter, in xe2x80x9cCompression Tolerant Image Authentication,xe2x80x9d Proceedings of the IEEE International Conference on Image Processing, Chicago, Ill., October 1998, describe another compression tolerant tamper-detection scheme. Their scheme extracts perceptually interesting feature points that are not embedded within the image but maintained separately.
In M. Wu and B. Liu, xe2x80x9cWatermarking for Image Authentication,xe2x80x9d Proceedings of the IEEE International Conference on Image Processing, Chicago, Ill., October 1998, a technique is presented that invisibly embeds within the original image a visually meaningful watermark, along with a set of simple features, by altering coefficients that are indexed into a look-up table of frequency domain coefficients.
In addition to approaches that are described in the literature, several patents teach devices and methods for image tamper detection and/or authentication. An image tamper detection and/or authentication process is disclosed by Ward, in U.S. Pat. No. 5,760,386, in which the image of the holder of an identification document is stored, in highly compressed form, in a magnetic medium dispersed invisibly within a visible print of the holder that is part of the document or within the body of the identification document itself. When the document is scanned magnetically at the place where identification is being authenticated, this image is decompressed and displayed in order to confirm that the holder of the document is the person shown and that the document has not been tampered with. The entire content of the original image is used in Ward""s process. This tamper detection approach is not restricted to certain acquisition devices.
Shimizu, et al., U.S. Pat. No. 6,005,936, disclose a digital camera device and method for embedding an extracted image signature in a digital image. In response to the digital signal of the image, a digital camera having a region-dividing unit divides the digital image into first and second regions. Authentication information is generated in the form of a hash value from data in the first region and this information is then encrypted using a secret key, which differs for each camera and is held within the camera itself. The encrypted hash value is then embedded in the second image region, and the first and second regions are then combined to form a combined image. An alteration detecting system is also disclosed in which an authenticator uses a public key corresponding to the camera""s secret key to decrypt the hash value. The original division of the image is detected and the hash value is calculated anew and compared with the decrypted hash value to accomplish authentication of the image. This approach uses only part of the original image for authentication, i.e., the first image region, and is restricted to a particular image acquisition device, i.e., specially equipped digital cameras.
Friedman, U.S. Pat. No. 5,499,294, discloses a digital camera equipped with a processor for generating a digital signature by hashing an image file using a predetermined algorithm and encrypting the hashed file with a private key stored in the camera""s processor. The encrypted image may be decrypted using a public key that is stored in the camera""s housing. Both the image file and the digital signature are stored individually (not embedded one within the other) but in such a way that they will be available together. For authentication purposes only, the public key is used to decrypt the digital signature for comparison with a newly created hash of the entire image. This tamper detection approach is restricted to certain acquisition devices, i.e., specially equipped digital cameras. It is also possible for the digital signature and the original image file to be separated from one another by a malicious attacker intent on defeating this security technique.
Schipper, et al., U.S. Pat. No. 5,987,136, disclose an apparatus for producing a self-authenticating visual image of a selected view, using a digital image forming means such as a digital camera, together with a position determining system that provides position information. The position information is incorporated in the digital image by altering pixel bit values in a selected authentication pattern of the pixel array associated with the digital image. A set of polygons is used as the authentication pattern, wherein each polygon contains at least one pixel from the selected subset of the pixel array. The authentication pattern is represented by a key or ordered sequence of keys and may be encrypted and either stored with or as a part of the digital image. This tamper detection approach is restricted to certain acquisition devices, i.e., specially equipped digital cameras. If the authentication pattern is stored separately from the image, there is the possibility of its destruction by a malicious attacker.
Squilla, et al., U.S. Pat. No. 5,898,779, disclose a public key encryption system for authenticating an image using a digital camera which has a private key embedded in it that is unique to the digital camera. A known public key, uniquely based on the private key, is used to decrypt digital image data encrypted with the private key in order to establish authenticity of an image. A digital signature is produced by the camera using one or more patterns taken from an active area of the image and input to a predetermined hash function. The hashed output is then encrypted employing the embedded private key. The digital signature and location of the active area are stored together with the image but not within the image. This tamper detection approach is restricted to certain acquisition devices, i.e., specially equipped digital cameras, and is subject to destruction of both the digital signature and the location of the active area by a malicious attacker.
Murphy, et al., U.S. Pat. No. 5,799,082, disclose an apparatus for capturing and authenticating a visual image of a selected view, using a digital image forming means, such as a digital camera, together with a position determining system that provides position information. Any suitable overlay pattern of a selected subset of the array of image pixels may be used to incorporate the position information in the digital image by altering the pixels lying within this pattern. The position information may be encrypted, using an encryption key based on position information, and may be stored as part of the digital image. Optionally, position information includes the distance from the digital camera to the selected object in the selected view. Murphy""s tamper detection approach is restricted to certain image acquisition devices, i.e., specially equipped digital cameras, and the authentication information is susceptible to destruction by a malicious attacker if it is stored separately and not embedded in the image.
Tamper detection techniques known in the art have various vulnerabilities and limitations. In several techniques the tamper detection information is developed using only a part of the image and if a different part of the image is modified, this approach cannot detect the tampering. In other techniques the tamper detection information is easily separated from the image because it is stored with but separate from the image. Many known techniques are restricted to certain acquisition devices. Many known techniques cannot indicate where in the image the detected tampering has occurred.
According to the present invention, there is provided a semi-fragile tamper detection system and method that overcomes the above-noted prior art shortcomings. More particularly, the semi-fragile tamper detection system and method of the present invention hides a low-resolution version of the entire original image within the original image, is acquisition device independent, and signifies the image areas in which detected tampering has occurred.
The semi-fragile tamper detection scheme of the present invention uses data hiding techniques to embed a low-resolution version of an original image within the image itself to form a marked image. A low-resolution version of an image is defined as a thumbnail of that image. Any data hiding technique can be used that is resilient to the effects of both image compression and low levels of transmission channel noise.
With proper selection of a data hiding technique, the hidden information (thumbnail) is recoverable even if the image has been compressed via low levels of image compression, e.g., JPEG, or exposed to additive transmission channel noise. Gross alterations in a transmitted marked image may then be detected by extracting the embedded thumbnail and comparing it with a newly computed thumbnail of the received marked image. If the two thumbnails are sufficiently similar, it can be concluded that no tampering has occurred and the image is authenticated. Alternatively, if the thumbnails are not sufficiently similar, it can be concluded that the image has been manipulated and a tamper alert can be issued.
An image thumbnail can be constructed in a number of ways, including, low-pass filtering followed by decimation and wavelet decomposition. Data hiding can be accomplished by a variety of data hiding techniques such as Spread Spectrum Image Steganography (SSIS).