Other Free Encyclopedias » Online Encyclopedia » Encyclopedia - Featured Articles » Contributed Topics from A-E

Digital Watermarking for Multimedia Security Management - INTRODUCTION, BACKGROUND, WATERMARKING SCHEMES AND THEIR APPLICATIONS, Robust Watermarking Schemes, Fragile Watermarking Schemes

media content embedding distortion

Chang-Tsun Li
University of Warwick, UK


The availability of versatile multimedia processing software and the far-reaching coverage of the interconnected networks have facilitated flawless copying and manipulations of digital media. The ever-advancing storage and retrieval technologies also have smoothed the way for large-scale multimedia database applications. However, abuses of these facilities and technologies pose pressing threats to multimedia security management in general, and multimedia copyright protection and content integrity verification in particular. Although cryptography has a long history of application to information and multimedia security, the undesirable characteristic of providing no protection to the media once decrypted has limited the feasibility of its widespread use. For example, an adversary can obtain the decryption key by purchasing a legal copy of the media but then redistributing the decrypted copies of the original.

In response to these challenges, digital watermarking schemes have been proposed in the last decade. The idea of digital watermarking is to embed a small amount of imperceptible secret information in the multimedia so that it can be extracted later for the purposes of copyright assertion, copy control, broadcasting, authentication, content integrity verification, and so forth. For example, a stream of binary bits generated, which identifies the owner of an image, can be taken as a watermark embedded at the least significant bit of the pixels or transformed coefficients by adjusting their value according to a predefined algorithm. Since the secret information is embedded in the content of the media, for the applications related to copyright protection where the watermark is intended to be robust, it does not get erased when the content is manipulated or undergoes format conversions. In this article, we will be addressing the main applications, security issues/challenges, solutions, and trends in the development of digital watermarking schemes. Bearing in mind that providing a comprehensive coverage of the applications, issues, and approaches of digital watermarking is not realistic due to the length limitation, we will refer the reader to some most recent publications in due course.


Unlike traditional watermarks on paper, which are visible to the eyes, digital watermarks can be designed to be imperceptible and removable. Throughout the rest of this article, the term watermark ( ing ) is used to refer to digital watermark(ing).

Various types of watermarking schemes have been proposed for different applications. For copyright-related applications, the embedded watermark is expected to be immune to various kinds of malicious and non-malicious manipulations to some extent, provided that the manipulated content is still valuable in terms of commercial significance or acceptable in terms of perceptual quality. Therefore, watermarking schemes for copyright-related applications are typically robust (Barni et al., 2002; Moulin & Ivanovic, 2003; Sebe & Domingo-Ferrer, 2003; Trappe et al., 2003); that is, they are designed to ignore or remain insensitive to manipulations.

Conversely, in medical, forensic, and intelligence or military applications, where content integrity and source authentication are a major concern, more emphases are placed on the schemes’ capability of detecting forgeries and impersonations. Therefore, schemes of this type are usually fragile or semi-fragile and are intended to be intolerant to manipulations (Barreto et al., 2002; Li, 2004a; Li & Yang, 2003; Wong & Memom, 2000; Xie & Arce, 2001). Although a watermark is designed to be imperceptible to humans, the embedding is certainly intrusive and incurs distortion to the content.

In some authentication applications where any tiny changes to the content are not acceptable, the embedding distortion has to be compensated for perfectly. In an attempt to remove the watermark so as to completely recover the original media after passing the authentication process, reversible watermarking schemes have been proposed in the last few years (Alattar, 2004; Fridrich et al., 2002; Li, 2004b; Tan, 2003).

Requirements of digital watermarking vary across applications. The main requirements are low distortion, high capacity, and high security. One issue is that meeting all the three requirements simultaneously is usually infeasible; thus, trade-offs are frequently made to optimize the balance for each specific application. In many applications, where original media are not available at the watermark decoder, blind detection of the watermark without any prior knowledge about the original is desirable.


Digital watermarking schemes can be broadly classified into four categories: robust, fragile, semi-fragile, and reversible. While imperceptibility, low embedding distortion and security are the common requirements of all classes, each different category of scheme has different characteristics and, thus, is suitable for different applications. For example, while robustness is an essential requirement for copyright applications, it has no role in most authentication applications.

Robust Watermarking Schemes

Watermarks of robust schemes are required to survive manipulations, unless they have rendered the content valueless in some sense. This class of schemes has found its applications in the following areas. (The reader is reminded that the following list is not intended to be exhaustive, but just to identify some possible applications of multimedia security management.)

  • Ownership Proof and Identification: A watermark containing the identification information of the content owner can be embedded in the host media for proving or identifying copyright ownership. However, proving ownership requires a higher level of security than ownership identification. For example, as pointed out by Craver et al. (1998), Bob could embed his watermark or make it appear that his watermark were embedded in a media owned and watermarked by Alice and could claim that this media belongs to him. In this scenario, the media contains both watermarks of Bob and Alice. Possible solutions to this problem of ambiguous ownerships have been reported in Craver et al. (1998) and Liu and Tan (2002).
  • Transaction Tracking/Fingerprinting: The copyright owner could insert a unique watermark, which, for example, identifies the recipient, into each copy of the media and use it to trace the source, should illegal redistribution occur. The main challenge fingerprinting schemes face is the so-called collusion attack in which several legal copies of the same media are obtained to produce an approximation of the original unwatermarked version for illegal redistribution. Some recent proposals for tackling collusion attack can be found in Trappe et al. (2003) and Sebe et al. (2003).
  • Copy Control/Copy Prevention: Illegal copying or recording is another common piracy scenario. One possible solution is to embed a never-copy watermark, which, when detected by the detector installed in the recording device, disallows further recording. However, this mechanism requires every recording device to have a watermark detector. It is difficult to persuade consumers to pay more for a device that restricts their freedom to make copies. This commercially undesirable requirement is unlikely to be met without the support of global legislation. The reader is referred to Bloom et al. (1999) for more details.
  • Broadcast Monitoring: In advertisement applications, by embedding a watermark that is to be broadcast along with the host media, the advertisers can monitor whether or not the commercials they have paid for are aired by the broadcasters according to the contracts. More details can be found in De Strycker et al. (2000).

There are two major approaches to the designing of robust watermarking schemes; namely, spread spectrum (SS) watermarking (Cox et al., 1997) and quantization index modulation (QIM) watermarking (Chen & Wornell, 2001). The idea behind SS-based schemes (Barni et al., 2002; Moulin et al., 2003) is to treat the watermark as a narrow-band signal and embed each bit in multiple samples of the host media, which is treated as a wide-band signal. The common approach taken by QIM-based schemes (Chen et al., 2001; Eggers et al., 2003; Liu & Smith, 2004) is first to establish an association between a set of watermarks and another set of quantizers with their codebooks predefined according to the watermarks. Then to embed a watermark, a set of features is extracted from the host media and quantized to the nearest code of the quantizer corresponding to the watermark. For both types of schemes, a common practice for ensuring low distortion and reducing the interference between the watermark and the host media is the so-called informed embedding, in which the information about the host media is exploited by the embedder (Cox et al., 2002).

Fragile Watermarking Schemes

In contrast to robust watermarking, fragile watermarks are sensitive to all kind of malicious and non-malicious manipulations (i.e., when manipulated, the watermarks are expected to be completely destroyed). Therefore, they are useful for the following applications:

  • Authentication: In the areas of military intelligence and news broadcasting, authenticity of media sources is a key concern. By embedding a fragile watermark that identifies the source or producer in the media, the legitimate recipients of the marked media would be able to verify the authenticity of the received media by checking the presence of the source’s or the producer’s watermark. If the marked media is manipulated, the embedded watermark will become undetectable, and the recipient thus will know that the media is not trustworthy.
  • Content-Integrity Verification: In the areas of medical image archiving, media recording of criminal events, and accident scene capturing for insurance and forensic purposes, content integrity may have a decisive impact on court rulings. The very presence of a fragile watermark in the original media allows the relevant parties to verify the integrity of the content.

An effective fragile watermarking scheme must have the capability of thwarting the attacks, such as cut-and-paste (i.e., cutting one region of the media and pasting it somewhere else in the same or another media) and vector quantization (i.e., forging a new marked image by combining some regions taken from different authenticated media while preserving their relative positions (Holliman & Memon, 2000). Some recent fragile schemes can be found in Li et al. (2003), Barreto et al. (2002), and Wong et al. (2000).

However, fragile watermarks are sensitive not only to malicious manipulations, but also to content-preserving operations such as lossy compression, transcoding, bit rate scaling, and frame rate conversion. Unfortunately, those content-preserving operations are sometimes necessary in many Internet and multimedia applications, making fragile watermarking feasible only in applications such as satellite imagery, military intelligence, and medical image archiving.

Semi-Fragile Watermarking Schemes

To facilitate the authentication and content-integrity verification for multimedia applications where content-preserving operations are a common practice, semi-fragile watermarking schemes have been proposed in the last few years (Ho & Li, 2004; Lin & Chang, 2000; Xie et al., 2001). This class of watermark is intended to be fragile only when the manipulations on the watermarked media are deemed malicious by the schemes. Usually, to achieve semi-fragility, the schemes exploit properties of or relationships among transformed coefficients of the media. Such properties and relationships are invariant to content-preserving operations while variant to malicious manipulations. The watermark is embedded by quantizing or adjusting the coefficients according to the watermark. The defined quantization step governs the fragility or sensitivity to manipulations and the degree of distortion.

However, an immediate result of coefficient quantization is that a unique watermark may be extracted from many different media that might have been subjected to some form of content-preserving operation or malicious manipulation. Such a one-to-many correspondence can be problematic in terms false positives (i.e., a watermark that was never embedded is detected by the detector) and false negatives (i.e., the detector fails to detect an embedded watermark). Unfortunately, no optimal criteria for maintaining low false-positive and false-negative rates are currently in existence. Another challenge semi-fragile schemes face is how to distinguish content-preserving operations from malicious attacks. For example, transcoding may be deemed acceptable for one application, while it may be seen as malicious for another. Therefore, with these two issues, semi-fragile watermarking usually is not suitable for applications concerning legal and national security issues.

Reversible Watermarking Schemes

One limitation of the previously mentioned authentication schemes is that the distortion inflicted on the host media by the embedding process is permanent. Although the distortion is often insignificant, it may not be acceptable for some applications. For example, any tiny distortion of an image, even if it were a result of the watermark embedding process itself, in the legal cases of medical malpractice would cause serious debate on the integrity of the image. Therefore, it is desirable that watermarking schemes are capable of perfectly recovering the original media after passing the authentication process. Schemes with this capability often are referred to as reversible watermarking schemes (Alattar, 2004; Li, 2004b; Tian, 2003), also known as invertible (Fridrich et al., 2002) or erasable watermarking (Cox et al., 2002).

Taking a gray-scale image as an example, a common practice taken in Alattar (2004), Tian (2003), and Fridrich et al. (2002) is to look for two unequally represented sets of pixel groups such that changing the intensity of the elements belonging to one set changes its membership, making it belong to another set. A binary location map is then created, with each bit corresponding to one pixel group and the value (either 0 or 1) representing the membership of that pixel group. The location map subsequently undergoes some form of lossless compression so that its compressed version can be combined with the watermark, the actual payload, to form a bit stream for embedding. The embedding is carried out by changing the intensity of the pixel groups in order to make their membership consistent with the binary value of their corresponding bit in the bit stream. The extraction is simply a process of checking the membership of each pixel group of the watermarked image. If the image passes the authentication process, the original image can be recovered by uncompressing the location map and then changing the intensity of each pixel group so that its intensity becomes compatible with its actual membership recorded in the location map.

One limitation of all three schemes is that the ratio of the number of members in the two sets is highly dependent on the host image. Usually, images with more details or high-frequency components tend to have lower ratio, making the location map less compressible, and thus lowering the embedding capacity of the payload. An interesting scheme with media-independent embedding capacity is reported in Li (2004b) to alleviate this drawback.


Quantization index modulation (QIM) schemes usually have higher embedding capacity than spread spectrum schemes and, therefore, are likely to be the dominating theme of research. Reversibility with media-independent embedding capacity will also be in the research agenda in the future for authentication applications. Although some perceptual models (De Vleeschouwer et al., 2002; Kutter & Winkler, 2002) have been proposed to ensure low embedding distortion, how distortion and robustness could be optimized is still an open question, and we expect new models will be proposed in the future.

Apart from security-oriented applications, which will continue to attract research interests, digital watermarking has been proved to be useful for broadcast monitoring, and we believe that it can be useful for other non-security-oriented applications such as error concealment and metadata hiding within multimedia content for legacy systems, so that the metadata can survive format conversions. The latter is particularly useful for document identification, as it allows us to reassociate medical images with patients’ records and link multimedia to the World Wide Web.


Digital watermarking provides more options and promises for multimedia security management. However, despite its potentials, it is by no means a cure-all solution for multimedia security management. The solutions are more likely to remain application-dependent, and trade-offs between the conflicting requirements of low distortion, high capacity, complexity, and robustness still have to be made. Before trustworthiness can be evaluated, possible attacks for specific applications have to be studied at the development stage. For some applications such as copy control, non-technical backing by legislation is also crucial. With so many challenges and potential, we expect that digital watermarking will continue to be an active research area.

Diner, Hasia R. (1946–) - History of Jewish and Irish Peoples in the United States [next] [back] Digital Watermarking Based on Neural Network Technology for Grayscale Images - BACKGROUND: WATERMARKING, NEURAL NETWORK (NN) TO ENHANCE WATERMARKING

User Comments

Your email address will be altered so spam harvesting bots can't read it easily.
Hide my email completely instead?

Cancel or