#### Abstract

With more color images being widely used on the Internet, the research on embedding color watermark image into color host image has been receiving more attention. Recently, Su et al. have proposed a robust and blind watermarking scheme for dual color image, in which the main innovation is the using of two-level DCT. However, it has been demonstrated in this paper that the original scheme in Su’s study is not secure and can be attacked by our proposed method. In addition, some errors in the original scheme have been pointed out. Also, an improvement measure is presented to enhance the security of the original watermarking scheme. The proposed method has been confirmed by both theoretical analysis and experimental results.

#### 1. Introduction

With the rapid development of the Internet, a great deal of digital data can be easily accessed, and the copyright of digital content against privacy and malicious manipulation becomes increasingly important. A variety of theories can be used for the security applications [1–3]. Watermarking [4–6] is a widely used technology for ensuring authenticity, copyright violation detection, and proof of ownership or distributorship of the content. The existing watermarking technologies always equip one of the two distinct properties: robustness and fragility. Robustness means that the embedded watermark in the host media cannot be easily modified or removed. Thus the robust watermarking can be used to protect ownership of the digital content [7]. Contrarily, the fragile watermarking is sensitive to any modification of the host media and can be used to authenticate the integrality of the protected content [8].

Watermarking technologies can be classified into two categories: blind detection watermarking technologies and nonblind detection watermarking technologies [9] according to whether it requires the original data when extracting watermark. The blind detection means to extract watermark without the help of the original host image and the original watermark [10, 11], while the nonblind detection requires the original host image or the original watermark [12, 13]. Generally, the blind detection watermarking technologies are less robust than the nonblind detection ones, but they are more realistic in many applications and have been recently receiving more attention.

Su et al. [14] recently proposed a new robust and blind digital watermarking algorithm for dual color images based on the two-level DCT, which aimed to protect the copyright under JPEG compression attack effectively. In the original scheme, the authors embed extra information into the host image by modifying the selected AC coefficients of the result obtained by two-level DCT. The method is effective; nevertheless, it is not secure due to the fact that the embedded watermark can be replaced while the modification of the host image is imperceptible, and therefore the purpose of copyright protection cannot be achieved. In this paper, we propose a novel attack method to replace the watermark embedded in the protected image. Moreover, an improvement measure is presented to enhance the security of the original scheme.

The rest of the paper is organized as follows. Section 2 presents a brief introduction of Su et al.’s scheme. By correcting the errors and analyzing the weakness of the original scheme, the attack method is proposed in Section 3. The improvement measure is described in Section 4. Section 5 concludes this paper.

#### 2. Review of Su et al.’s Scheme

In Su et al.’s scheme [14], the two-level DCT technology is used to achieve higher concentration of energy; therefore the watermark information can be embedded easily. Before watermark embedding, the color watermark should be first preprocessed to change into the binary sequence form. That is, three components red (R), green (G), and blue (B) of the original watermark are separated out and then are DCT transformed, respectively. After compress coding and random permutation, the final binary sequence to be embedded is obtained.

##### 2.1. Watermark Embedding

The host RGB image should be first transformed into YIQ mode using

Then, the luminance component of the block sized is processed by two-level DCT. The obtained embedding blocks (upper-left corner) are shown in Figure 1, where the bold characters, that is, nine AC coefficients (, , , , , , , , and ), denote the selected positions for watermark embedding.

To embed the obtained binary sequence, that is, the preprocessed color watermark, into the selected positions, the selected coefficients should be modified according to where denotes the watermark bit, is the modified coefficient after embedding in coefficient , is the bit number of the watermark, , , denotes the least nearest integer, and is the absolute value operation. is chosen to determine the embedding strength and the difference between and , in the worst condition, is .

After modifying the coefficients, the inverse two-level DCT transform and inverse YIQ color transform should be performed to restore the original state of the host image. Thus, the watermark bits are embedded into the frequency domain of the host image based on two-level DCT.

##### 2.2. Watermark Extraction

To extract the watermark from a watermarked host image, one should first acquire the luminance information through YIQ color transform and, then, use two-level DCT to get the modified coefficients . Three segments watermarks , , of the original watermark can be extracted using

Then, according to the majority principle, the watermark bit can be obtained from . By inverse random permutation, decompression technology, and the inverse coding, the color watermark can be recovered.

#### 3. The Cryptanalysis and Attack

##### 3.1. Mistake in the Original Scheme

In the embedding process of the original scheme, there are some mistakes in (2); for example, suppose and ; then and ; according to (2), if the embedded is 0, then min is 0; here and . Similarly, if 1 is embedded, and . Thus, no matter which value is embedded, the modified coefficient is not affected, and the watermark cannot be extracted exactly.

The appropriate approach is to change and towhere is an integer. Then, the modified coefficient is obtained from (2). The following steps demonstrate that the largest difference between and is .

Suppose the embedded .

Let ; then

According to the range of , it can be divided into two cases.

*Case 1 (). *Let ; we obtainthat is,According to (5),then

*Case 2 (). *Let ; we obtainAccording to (6)–(9),Based on the above two cases, we deduce .

Suppose the embedded ; similarly, we obtain .

##### 3.2. Weakness of the Original Scheme

According to Kerckhoffs’ principle [17], when analyzing an encryption algorithm, an assumption is that the cryptanalyst knows exactly the design and working of the cryptosystem. Namely, cryptanalyst knows everything about the cryptosystem except for the secret keys.

In the original scheme, according to (3) and the known coefficient , the scrambled watermark bits can be extracted from watermarked image. At the same time, according to (2) and the known coefficient , any arbitrary bits can be embedded into the watermarked image. So, we can erase or change the original watermark embedded in the image; thus the copyright protection would fail. The details of the attack scheme are introduced in the next section.

##### 3.3. Method to Modify the Watermark

Suppose is the original image and is the watermarked image carrying the watermark . The attacker has a different image, called , carrying another watermark . The attacker aims to replace of with to change the copyright of . The two attack steps are as follows.

*Step 1. *Follow the watermark extraction process proposed in Section 2 and obtain the permuted watermark bits from image with known in (3).

*Step 2. *Embed the permuted watermark bits into image using (2).

Then, the watermark embedded in the original image is replaced with , which is possessed by the attacker.

The fidelity of the attacked image is analyzed below. Let denote the two-level DCT coefficient of and and denote the corresponding coefficients of and , respectively. Based on the statements in Section 3.1, , , and then , which means the difference of the coefficients between the original image and the attacked image increases, and, in the worst condition, the difference will be double. Since the modification occurred in the high-frequency coefficients of the two-level DCT, the PSNR (peak signal-to-noise ratio) value of the modified image is acceptable, and the invisibility of the watermark can be ensured. The experiments in the next section also verify this proposal.

##### 3.4. Experiments

PSNR is defined in (12), which may be used to evaluate perceptual distortion of the proposed scheme:where , respectively, denotes the R, G, B components, and presents the PSNR value of component:where and are the pixel values location at of component of the original host image and the watermarked image. Generally, the larger the PSNR value is, the more invisible the watermark is.

Figure 2(a) shows the original watermarked image of size 512 × 512. The original watermark of size 64 × 64 embedded in Figure 2(a) is given in Figure 2(b). The attacker’s image whose size is the same as that of the original image is shown in Figure 2(c). Figure 2(d) displays the watermark embedded in the attacker’s image using the original scheme with different secret key, the size of which is also 64 * 64. Figure 2(e) which seems to be the same as Figure 2(a) is the attacked image using the proposed method, and the PSNR value is near to that of Figure 2(a). Figure 2(f) shows the extracted watermark from Figure 2(e). Since Figure 2(f) is totally different from the original watermark that is shown in Figure 2(b), the copyright protection of the original image is invalid.

**(a) PSNR: 46.3667**

**(b)**

**(c) PSNR: 46.5436**

**(d)**

**(e) PSNR: 44.9439**

**(f)**

#### 4. Improvement Measure

The main drawback of Su et al.’s scheme [14] is that one can easily obtain and replace the scrambled watermark from the host image by the known . Moreover, the scheme is not dependent on the plain image, which would increase the possibility of attacks. In order to overcome the above drawbacks and to improve security, a secret key must be introduced into the coefficients modification step. We propose the improvement measure here.

##### 4.1. Watermark Embedding

*Step 1. *The host RGB image should be transformed into YIQ mode using (1) in Section 2.

*Step 2. *The luminance component of the block sized is processed by two-level DCT. The obtained embedding blocks (upper-left corner) are shown in Figure 1, where the bold characters, that is, nine AC coefficients (, , , , , , , , and ), denote the selected positions for watermark embedding.

*Step 3. *Set the initial parameter and initial value , which can be considered as the watermarking key, to iterate the chaotic system (14) times, where is the size of scrambled watermark bits:With parameter , the system (14) is in chaotic state [18].

*Step 4. *Let be the watermark bit and be the corresponding pseudorandom numbers obtained from (14). For every , obtain the integral number according to where returns the largest integer smaller than and is a series of integers ranging from 1 to 7. Then, the remnant AC coefficients (, , , , , , and ) in each block based on two-level DCT are selected according to the values of to obtain the .

The selected coefficient is dependent on the plain host image, so different host image generates different coefficient , and any modification on the watermarked image will affect the coefficient and then will affect the watermark consequently (the explanations are given below), even if the watermark is obtained before.

*Step 5. *Obtain a bit from the selected AC coefficient using

*Step 6. *The coefficient after watermark embedding can be obtained by the rule stated in where , , is an integer, and is the absolute value of . Based on (7), can be easily computed and the difference between and is very small. In the worst condition, the largest difference between and is .

*Step 7. *After modifying the coefficients, the inverse two-level DCT transform and inverse YIQ color transform should be performed to restore the original state of the host image. Thus, the watermark bits are embedded into the frequency domain of the host image based on two-level DCT.

##### 4.2. Watermark Extraction

*Step 1. *Process the watermarked image by the way of Steps 1–5 in the watermark embedding process to get a series of using (16).

*Step 2. *Extract the watermark according to the DCT coefficients based on the following rules. In (18), is the DCT coefficient at the low-frequency position of watermarked image and , , are three segments watermarks of the original watermark:where is the flipped .

Then, according to the majority principle, the watermark bit can be obtained from . By inverse random permutation, decompression technology, and the inverse coding, the color watermark can be recovered.

##### 4.3. Experiments

Since the selected coefficient from the seven remnant AC coefficients (, , , , , , and ) in each block based on two-level DCT is uncertain, the attacker cannot deduce without the secret key mentioned in the above section; therefore the embedded watermark cannot be replaced using the proposed attack method.

In addition, the modifications of the host image during the watermark embedding procedure of the improved scheme are essentially the same as those of the original scheme; that is, only nine AC coefficients (, , , , , , , , and ) in each block are selected to embed the watermark, and the largest difference between the coefficients before and after modification is . Therefore, the performance of the improved scheme is unchanged. Figure 3 shows an example of the attack to the improved scheme. It can be seen that the PSNRs of Figures 3(a)–3(d) are similar to those of Figures 2(a)–2(d), respectively. Figure 3(e) is the attacked image using the improved method. Figure 3(f) shows the extracted watermark from Figure 3(e). Since the two keys, that is, the initial value and of the chaotic map (14), are different between the original watermarked image and the attacker’s watermarked image, the extracted watermark from the attacked image is confused, and the copyright protection of the original image will be successful.

**(a) PSNR: 46.2967**

**(b)**

**(c) PSNR: 46.5384**

**(d)**

**(e) PSNR: 42.7352**

**(f)**

In order to measure the robustness of the watermark, we use the normalized correlation (NC) between the original watermark and the extracted watermark , which is shown as follows:

JPEG compression attack is one of the common attacks that must be verified in watermarking algorithm. In this experiment, the different watermarked images are lossy-compressed with different compression factors ranging from 10 to 100. To prove the robustness of the improved scheme in terms of JPEG compression, we compare our scheme with the earlier works [15, 16] that are based on one-level DCT and also with the original scheme of Su et al. The performance comparison is given in Table 1. Note that “NA” means the corresponding experimental datum is unavailable. As shown in Table 1, the watermark embedded by the proposed scheme can be almost fully extracted from the watermarked image when the compression ratio is 60%. However, under the same conditions, the watermarks embedded by [15, 16] cannot survive after attacked by JPEG compression with compression ratios 20% and 30%, respectively. It demonstrates that the improved and the original scheme have almost the same strong robustness against JPEG compression.

In addition to quantitative measurement, Table 2 gives the evaluation of the robustness of the watermarking scheme in terms of NC [19], in which the watermark is extracted from the watermarked image (as shown in Figure 3(a)) which is under different attacks such as JPEG compression, filtering, and noise addition. The experimental results show that the robustness of the improved watermark scheme keeps consistent with that of the original scheme.

#### 5. Conclusions

This paper attacks Su et al.’s scheme applied for protecting the copyright of digital images. The watermark embedded in the protected image using the original scheme can be replaced by the attacker with another watermark for the purpose of copyright changing, while the modification of the original image is imperceptible. To overcome this defect, the chaotic map is introduced, and the performance of the improvement measure is the same as before. Analysis and experiment show that the proposed method is secure and effective.

#### Conflict of Interests

The authors declare that there is no conflict of interests regarding the publication of this paper.

#### Acknowledgments

This work is supported by the National Key Basic Research Program of China (973 Program 2013CB329103 of 2013CB329100), the National Natural Science Foundations of China (NSFC-61173129), the Specialized Research Fund for the Doctoral Program of Higher Education of China (no. 20120191110026), the Fundamental Research Funds for the Central University (CDJXS11182240 and CDJXS11180004), China Postdoctoral Science Foundation (2014M550456), and Chongqing Postdoctoral Special Funding Project (Xm2014087).